From edade7f19c8c29eabba5e2ed7308fe2d6d831c80 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Mon, 15 Apr 2019 15:32:28 -0500
Subject: [PATCH] netdev: Fix handshake failures on FT-PSK + FullMac

The latest refactoring ended up assuming that FT related elements would
be handled in netdev_associate_event.  However, FullMac cards (that do
not generate netdev_associate_event) could still connect using FT AKMs
and perform the Initial mobility association.  In such cases the FTE
element was required but ended up not being set into the handshake.
This caused the handshake to fail during PTK 1_of_4 processing.

Fix this by making sure that FTE + related info is set into the
handshake, albeit with a lower sanity checking level since the
elements have been processed by the firmware already.

Note that it is currently impossible for actual FTs to be performed on
FullMac cards, so the extra logic and sanity checking to handle these
can be skipped.
---
 src/netdev.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/src/netdev.c b/src/netdev.c
index b5c7be94..56fc67c9 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1753,6 +1753,8 @@ static void netdev_connect_event(struct l_genl_msg *msg, struct netdev *netdev)
 	const uint8_t *ies = NULL;
 	size_t ies_len = 0;
 	struct ie_tlv_iter iter;
+	const uint8_t *resp_ies = NULL;
+	size_t resp_ies_len;
 
 	l_debug("");
 
@@ -1786,6 +1788,10 @@ static void netdev_connect_event(struct l_genl_msg *msg, struct netdev *netdev)
 			ies = data;
 			ies_len = len;
 			break;
+		case NL80211_ATTR_RESP_IE:
+			resp_ies = data;
+			resp_ies_len = len;
+			break;
 		}
 	}
 
@@ -1834,6 +1840,44 @@ static void netdev_connect_event(struct l_genl_msg *msg, struct netdev *netdev)
 		}
 	}
 
+	if (resp_ies) {
+		const uint8_t *fte = NULL;
+		struct ie_ft_info ft_info;
+
+		ie_tlv_iter_init(&iter, resp_ies, resp_ies_len);
+
+		while (ie_tlv_iter_next(&iter)) {
+			data = ie_tlv_iter_get_data(&iter);
+
+			switch (ie_tlv_iter_get_tag(&iter)) {
+			case IE_TYPE_FAST_BSS_TRANSITION:
+				fte = data - 2;
+				break;
+			}
+		}
+
+		if (fte) {
+			/*
+			 * If we are here, then most likely we have a FullMac
+			 * hw performing initial mobility association.  We need
+			 * to set the FTE element or the handshake will fail
+			 * The firmware accepted the FTE element, so do not
+			 * sanitize the contents and just assume they're okay.
+			 */
+			if (ie_parse_fast_bss_transition_from_data(fte,
+						fte[1] + 2, &ft_info) >= 0) {
+				handshake_state_set_fte(netdev->handshake, fte);
+				handshake_state_set_kh_ids(netdev->handshake,
+							ft_info.r0khid,
+							ft_info.r0khid_len,
+							ft_info.r1khid);
+			} else {
+				l_info("CMD_CONNECT Succeeded, but parsing FTE"
+					" failed.  Expect handshake failure");
+			}
+		}
+	}
+
 	if (netdev->sm) {
 		/*
 		 * Start processing EAPoL frames now that the state machine
-- 
2.21.0