TDLS: Do not modify RNonce for an TPK M1 frame with same INonce
There is no point in updating the RNonce for every obtained TPK M1 frame
(e.g., retransmission due to timeout) with the same INonce (SNonce in
FTIE). Update RNonce only if a TPK M1 is received with a different
INonce (new TDLS session) to avoid issues with two setup exchanges
getting mixed and exchange failing due to mismatching nonces ("TDLS:
FTIE ANonce in TPK M3 does not match with FTIE ANonce used in TPK M2").
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
			
			
This commit is contained in:
		
							parent
							
								
									8a658f2bdf
								
							
						
					
					
						commit
						1380fcbd9f
					
				
					 1 changed files with 17 additions and 6 deletions
				
			
		|  | @ -1683,17 +1683,28 @@ skip_rsn: | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	ftie = (struct wpa_tdls_ftie *) kde.ftie; | 	ftie = (struct wpa_tdls_ftie *) kde.ftie; | ||||||
| 	os_memcpy(peer->inonce, ftie->Snonce, WPA_NONCE_LEN); |  | ||||||
| 	os_memcpy(peer->rsnie_i, kde.rsn_ie, kde.rsn_ie_len); | 	os_memcpy(peer->rsnie_i, kde.rsn_ie, kde.rsn_ie_len); | ||||||
| 	peer->rsnie_i_len = kde.rsn_ie_len; | 	peer->rsnie_i_len = kde.rsn_ie_len; | ||||||
| 	peer->cipher = cipher; | 	peer->cipher = cipher; | ||||||
| 
 | 
 | ||||||
|  | 	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { | ||||||
|  | 		/*
 | ||||||
|  | 		 * There is no point in updating the RNonce for every obtained | ||||||
|  | 		 * TPK M1 frame (e.g., retransmission due to timeout) with the | ||||||
|  | 		 * same INonce (SNonce in FTIE). However, if the TPK M1 is | ||||||
|  | 		 * retransmitted with a different INonce, update the RNonce | ||||||
|  | 		 * since this is for a new TDLS session. | ||||||
|  | 		 */ | ||||||
|  | 		wpa_printf(MSG_DEBUG, | ||||||
|  | 			   "TDLS: New TPK M1 INonce - generate new RNonce"); | ||||||
|  | 		os_memcpy(peer->inonce, ftie->Snonce, WPA_NONCE_LEN); | ||||||
| 		if (os_get_random(peer->rnonce, WPA_NONCE_LEN)) { | 		if (os_get_random(peer->rnonce, WPA_NONCE_LEN)) { | ||||||
| 			wpa_msg(sm->ctx->ctx, MSG_WARNING, | 			wpa_msg(sm->ctx->ctx, MSG_WARNING, | ||||||
| 				"TDLS: Failed to get random data for responder nonce"); | 				"TDLS: Failed to get random data for responder nonce"); | ||||||
| 			wpa_tdls_peer_free(sm, peer); | 			wpa_tdls_peer_free(sm, peer); | ||||||
| 			goto error; | 			goto error; | ||||||
| 		} | 		} | ||||||
|  | 	} | ||||||
| 
 | 
 | ||||||
| #if 0 | #if 0 | ||||||
| 	/* get version info from RSNIE received from Peer */ | 	/* get version info from RSNIE received from Peer */ | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Sunil Dutt
						Sunil Dutt