* [PATCH 1/2] handshake: add support to work around buggy OWE APs
@ 2022-08-05 18:20 James Prestwood
2022-08-05 18:20 ` [PATCH 2/2] eapol: use OWE workaround after two ignored 2/4 messages James Prestwood
0 siblings, 1 reply; 2+ messages in thread
From: James Prestwood @ 2022-08-05 18:20 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
The early OWE implementation for hostapd always used SHA256 to calculate
the PTK, which violates the spec for group 20 and 21. This bug was in
there long enough for the bug to make it into products and now it must
be worked around here.
If the workaround flag is set, always use SHA256 to calculate the PTK.
---
src/handshake.c | 3 ++-
src/handshake.h | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/handshake.c b/src/handshake.c
index 734e997c..91b20bab 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -515,7 +515,8 @@ bool handshake_state_derive_ptk(struct handshake_state *s)
s->ptk_complete = false;
if (s->akm_suite & IE_RSN_AKM_SUITE_OWE) {
- if (s->pmk_len == 32)
+ /* Work around buggy APs which always use SHA256 for the PTK */
+ if (s->pmk_len == 32 || s->retry_owe_workaround)
type = L_CHECKSUM_SHA256;
else if (s->pmk_len == 48)
type = L_CHECKSUM_SHA384;
diff --git a/src/handshake.h b/src/handshake.h
index 7f597b06..6f48fa34 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -137,6 +137,7 @@ struct handshake_state {
bool authenticator_ocvc : 1;
bool supplicant_ocvc : 1;
bool ext_key_id_capable : 1;
+ bool retry_owe_workaround : 1;
uint8_t ssid[32];
size_t ssid_len;
char *passphrase;
--
2.34.3
^ permalink raw reply related [flat|nested] 2+ messages in thread* [PATCH 2/2] eapol: use OWE workaround after two ignored 2/4 messages
2022-08-05 18:20 [PATCH 1/2] handshake: add support to work around buggy OWE APs James Prestwood
@ 2022-08-05 18:20 ` James Prestwood
0 siblings, 0 replies; 2+ messages in thread
From: James Prestwood @ 2022-08-05 18:20 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
If the AP has rejected two 2/4 messages when using OWE assume its buggy
and re-dervive the PTK in a way that it (hopefully) expects.
---
src/eapol.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/eapol.c b/src/eapol.c
index e8bd5cdb..a393e1b8 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -1161,6 +1161,25 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
return;
}
+ /*
+ * Work around buggy OWE APs. Early hostapd implementations for OWE
+ * incorrectly used SHA256 for the PTK derivation even in groups 20 and
+ * 21 (should be SHA384/512). If we've already sent two 2/4 messages
+ * without a response and the AKM is OWE assume this workaround is
+ * needed and re-derive the PTK.
+ *
+ * TODO: This could be improved by checking if 2/4 was ACK'ed. If not
+ * this could just be a lost packet.
+ */
+ if (sm->frame_retry >= 2 &&
+ sm->handshake->akm_suite == IE_RSN_AKM_SUITE_OWE &&
+ !sm->handshake->retry_owe_workaround) {
+ sm->handshake->retry_owe_workaround = true;
+
+ if (!handshake_state_derive_ptk(sm->handshake))
+ goto error_unspecified;
+ }
+
pmkid = handshake_util_find_pmkid_kde(EAPOL_KEY_DATA(ek, sm->mic_len),
EAPOL_KEY_DATA_LEN(ek, sm->mic_len));
@@ -1336,6 +1355,8 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
l_timeout_remove(sm->eapol_start_timeout);
sm->eapol_start_timeout = NULL;
+ sm->frame_retry++;
+
return;
error_unspecified:
--
2.34.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-08-05 18:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-05 18:20 [PATCH 1/2] handshake: add support to work around buggy OWE APs James Prestwood
2022-08-05 18:20 ` [PATCH 2/2] eapol: use OWE workaround after two ignored 2/4 messages James Prestwood
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.