[7/9] eapol: relax secure bit check on 2/4

Message ID	20230111201543.397692-7-prestwoj@gmail.com (mailing list archive)
State	New
Headers	show Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54839BD02 for <iwd@lists.linux.dev>; Wed, 11 Jan 2023 20:15:55 +0000 (UTC) From: James Prestwood <prestwoj@gmail.com> To: iwd@lists.linux.dev Cc: James Prestwood <prestwoj@gmail.com> Subject: [PATCH 7/9] eapol: relax secure bit check on 2/4 Date: Wed, 11 Jan 2023 12:15:41 -0800 Message-Id: <20230111201543.397692-7-prestwoj@gmail.com> In-Reply-To: <20230111201543.397692-1-prestwoj@gmail.com> References: <20230111201543.397692-1-prestwoj@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[1/9] eapol: set secure on message 2/4 properly \| expand [1/9] eapol: set secure on message 2/4 properly [2/9] unit: update test-eapol with API change [3/9] eapol: implement rekey support for authenticator [4/9] handshake: add event for rekey success [5/9] netdev: unset ptk_installed flag for TK [6/9] netdev: support HANDSHAKE_EVENT_REKEY_COMPLETE [7/9] eapol: relax secure bit check on 2/4 [8/9] ap: support PTK rekeys [9/9] doc: Document RekeyTimeout for AP profiles

Message ID

20230111201543.397692-7-prestwoj@gmail.com (mailing list archive)

State

New

Headers

From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [PATCH 7/9] eapol: relax secure bit check on 2/4
Date: Wed, 11 Jan 2023 12:15:41 -0800
Message-Id: <20230111201543.397692-7-prestwoj@gmail.com>
In-Reply-To: <20230111201543.397692-1-prestwoj@gmail.com>
References: <20230111201543.397692-1-prestwoj@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[1/9] eapol: set secure on message 2/4 properly | expand

Context	Check	Description
tedd_an/pre-ci_am	success	Success
prestwoj/iwd-ci-gitlint	success	GitLint

Context

Check

Description

tedd_an/pre-ci_am

success

Success

prestwoj/iwd-ci-gitlint

success

GitLint

Commit Message

James Prestwood Jan. 11, 2023, 8:15 p.m. UTC

Old wpa_supplicant versions do not set the secure bit on 2/4 during
rekeys which causes IWD to reject the message and eventually time out.
Modern versions do set it correctly but even Android 13 (Pixel 5a)
still uses an ancient version of wpa_supplicant which does not set the
bit.

Relax this check and instead just print a warning but allow the message
to be processed.
---
 src/eapol.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/eapol.c b/src/eapol.c
index d31116b6..55c4b6d8 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -512,8 +512,7 @@  bool eapol_verify_ptk_2_of_4(const struct eapol_key *ek, bool ptk_complete)
 	if (!ek->key_mic)
 		return false;
 
-	if (ek->secure != ptk_complete)
-		return false;
+	L_WARN_ON(ek->secure != ptk_complete);
 
 	if (ek->encrypted_key_data)
 		return false;

[7/9] eapol: relax secure bit check on 2/4

Checks

Commit Message

Patch