From patchwork Wed Apr  3 10:36:30 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Otcheretianski,
 Andrei" <andrei.otcheretianski@intel.com>
X-Patchwork-Id: 1075477
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="Khv+wk9c";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 44YxNj1vW6z9sPM
	for <incoming@patchwork.ozlabs.org>;
	Wed,  3 Apr 2019 17:43:17 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To
	:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=UNutAQDtH69GfjSh8Pg+lv1LKfwP1PooRDO5WlJOFA8=;
	b=Khv+wk9c4xVVPP
	n0iwRuOkswjB84hGJ5ZuppXsDmwH59HsN0usYolwHdl3XfOBP8wjbve6DvjenjquhCOTs/eUt8zfS
	QhfirhozqeXq1gR9g69ovaLoSWxIFpwass4GDot9Jq7PNEJMPcZoQeksaJH2Ufn4PWAUdhwfXVeZj
	vF7kQmOH67RJIrNq49r220g3Fz5+IeemzcEVbxQmRV8Ru14D0vdLEn+XSMAMyQjpQJR6CFp8pNUlM
	YUGOkQmaBrRLi2dyuO6PgUlz5CARU2m78Cx4edV7QHuJO+dv2uQTfqonl763tp5YmL6fJGv4+7oCL
	g5wdUBrXaBESWFpz4O0A==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1hBZc8-0008Gs-FH; Wed, 03 Apr 2019 06:43:12 +0000
Received: from mga14.intel.com ([192.55.52.115])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1hBZc6-0008GV-18
	for hostap@lists.infradead.org; Wed, 03 Apr 2019 06:43:11 +0000
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
	by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	02 Apr 2019 23:43:08 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.60,303,1549958400"; d="scan'208";a="139704000"
Received: from andrei-xps-12-9q33.jer.intel.com ([10.12.190.129])
	by fmsmga007.fm.intel.com with ESMTP; 02 Apr 2019 23:43:06 -0700
From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
To: hostap@lists.infradead.org
Subject: [PATCH] wpa_supplicant: Fix FILS ERP association
Date: Wed,  3 Apr 2019 13:36:30 +0300
Message-Id: <20190403103630.30804-1-andrei.otcheretianski@intel.com>
X-Mailer: git-send-email 2.19.1
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190402_234310_085699_A622E656 
X-CRM114-Status: GOOD (  12.83  )
X-Spam-Score: -2.6 (--)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-2.6 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/,
	high trust [192.55.52.115 listed in list.dnswl.org]
	2.4 DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Avraham Stern <avraham.stern@intel.com>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

From: Avraham Stern <avraham.stern@intel.com>

When FILS authentication is used with ERP, no EAPOL frames are
expected after association. However, for drivers that set the
WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X capability flag, the EAP
state machine was not configured correctly and was waiting for
EAPOL frames, which leads to disconnection.

Fix it by setting the EAP state machine to success when FILS
authentication was already completed.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
---
 wpa_supplicant/events.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index a46ef187cb..f6ec111b77 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -2859,8 +2859,17 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
 	}
 	wpa_supplicant_cancel_scan(wpa_s);
 
-	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
-	    wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
+	if (ft_completed) {
+		/*
+		 * FT protocol completed - make sure EAPOL state machine ends
+		 * up in authenticated.
+		 */
+		wpa_supplicant_cancel_auth_timeout(wpa_s);
+		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
+		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
+		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
+	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
+		   wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
 		/*
 		 * We are done; the driver will take care of RSN 4-way
 		 * handshake.
@@ -2877,15 +2886,6 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
 		 * waiting for WPA supplicant.
 		 */
 		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
-	} else if (ft_completed) {
-		/*
-		 * FT protocol completed - make sure EAPOL state machine ends
-		 * up in authenticated.
-		 */
-		wpa_supplicant_cancel_auth_timeout(wpa_s);
-		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
-		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
-		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
 	}
 
 	wpa_s->last_eapol_matches_bssid = 0;