Defer EAPOL frames during ext auth SAE reassociation to the same AP

With commit 3ab35a660364 ("Extend EAPOL frames processing workaround
for roaming cases") wpa_supplicant postpones EAPOL frame processing
till roam indication from the driver when the source address of EAPOL
frame does not match the current BSSID/AP MLD MAC address.

In driver-based SME, the FT roaming is handled at the driver/firmware.
However, when there is a deauth from the FT AP, the driver/firmware
attempts reassociation via full SAE to the same connected AP. In such
cases, the device offloads the EAPOL handling of FT AKMs to the
wpa_supplicant. If the M1 frame is received before the roamed event,
the wpa_supplicant treats this EAPOL frame as PTK rekey frame and
replies with the M2 frame. Roam event gets processed next(before M3)
which resets the temporary PTK derived from M1. Without this TPTK,
the MIC validation in M3 fails and leads to disconnection.

To fix this, extend the current EAPOL-defer logic to defer the
frames received after a successful external authentication to the
same AP until the roamed event is processed.

Signed-off-by: Surya Prakash Sivaraj <suryapra@qti.qualcomm.com>

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index d831557b343a7ea5198b933ef33fe59a7c4618bb..da10414dd58c89056fbb64f9a6840b577b5b0fb0 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -447,6 +447,7 @@ void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
 
        wpabuf_free(wpa_s->pending_eapol_rx);
        wpa_s->pending_eapol_rx = NULL;
+       wpa_s->ext_auth_to_same_bss = false;
 }
 
 
@@ -4561,6 +4562,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
        }
 
        wpa_s->last_eapol_matches_bssid = 0;
+       wpa_s->ext_auth_to_same_bss = false;
 
 #ifdef CONFIG_TESTING_OPTIONS
        if (wpa_s->rsne_override_eapol) {

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 860b75f92324a1197dd70b3efcbb8ddbfdc29397..a1a7b1710b3e55035f10940d530e9b595e30b07a 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1954,6 +1954,16 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                wpa_s_clear_sae_rejected(wpa_s);
 
                if (external) {
+                       const u8 *connected_addr = wpa_s->valid_links ?
+                               wpa_s->ap_mld_addr : wpa_s->bssid;
+                       const u8 *src = wpa_s->sme.ext_ml_auth ?
+                               wpa_s->sme.ext_auth_ap_mld_addr :
+                               wpa_s->sme.ext_auth_bssid;
+
+                       wpa_s->ext_auth_to_same_bss =
+                               wpa_s->wpa_state > WPA_ASSOCIATED &&
+                               ether_addr_equal(src, connected_addr);
+
                        /* Report success to driver */
                        sme_send_external_auth_status(wpa_s,
                                                      WLAN_STATUS_SUCCESS);

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 293d4920eaa32b2b73b4e043d6c0289e55d6357a..aa620ef4e0809eb45973a94316af8ae064fc4c35 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -6050,6 +6050,7 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
 #endif /* CONFIG_TESTING_OPTIONS */
 
        if (wpa_s->wpa_state < WPA_ASSOCIATED ||
+           wpa_s->ext_auth_to_same_bss ||
            (wpa_s->last_eapol_matches_bssid &&
 #ifdef CONFIG_AP
             !wpa_s->ap_iface &&

diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 4379b053c6ea6bc6ebe629f2dddf590fb562c022..8c784304d8f53e7b49a558b70e8fe6a7abf93b94 100644 (file)
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1655,6 +1655,9 @@ struct wpa_supplicant {
        unsigned int next_beacon_check;
 
        bool scs_reconfigure;
+       bool ext_auth_to_same_bss; /* Whether external authentication has been
+                                   * completed successfully with the BSS that
+                                   * we are already associated with. */
 };