Corrected 4WH retries and timeouts

Supplicant now updates 4WH (temporary) sequence counter when receiving
Message 1 retry. When supplicant 4WH protocol timeout occurs after
Message 2 has been send, supplicant no longer goes to wait Message 3
retry state. Also security key data is now not updated.

Author: Mika Leppänen

source/Security/protocols/fwh_sec_prot/auth_fwh_sec_prot.c

@@ -197,7 +197,7 @@ static fwh_sec_prot_msg_e auth_fwh_sec_prot_message_get(eapol_pdu_t *eapol_pdu,
             break;
         case KEY_INFO_KEY_MIC | KEY_INFO_SECURED_KEY_FRAME:
             // Only accept message from supplicant with expected replay counter
-            if (eapol_pdu->msg.key.replay_counter ==  sec_prot_keys_pmk_replay_cnt_get(sec_keys)) {
+            if (eapol_pdu->msg.key.replay_counter == sec_prot_keys_pmk_replay_cnt_get(sec_keys)) {
                 msg = FWH_MESSAGE_4;
             }
             break;

source/Security/protocols/fwh_sec_prot/supp_fwh_sec_prot.c

@@ -77,6 +77,7 @@ typedef struct {
     void                          *recv_pdu;                   /**< received pdu */
     uint16_t                      recv_size;                   /**< received pdu size */
     uint64_t                      recv_replay_cnt;             /**< received replay counter */
+    bool                          msg3_received : 1;           /**< Valid Message 3 has been received */
     bool                          msg3_retry_wait : 1;         /**< Waiting for Message 3 retry */
 } fwh_sec_prot_int_t;
 
@@ -137,6 +138,7 @@ static int8_t supp_fwh_sec_prot_init(sec_prot_t *prot)
     sec_prot_state_set(prot, &data->common, FWH_STATE_INIT);
 
     data->common.ticks = 30 * 10; // 30 seconds
+    data->msg3_received = false;
     data->msg3_retry_wait = false;
     data->recv_replay_cnt = 0;
 
@@ -351,6 +353,9 @@ static void supp_fwh_sec_prot_state_machine(sec_prot_t *prot)
                 if (supp_fwh_sec_prot_ptk_generate(prot, prot->sec_keys) < 0) {
                     return;
                 }
+
+                supp_fwh_sec_prot_recv_replay_counter_store(prot);
+
                 // Send 4WH message 2
                 supp_fwh_sec_prot_message_send(prot, FWH_MESSAGE_2);
                 data->common.ticks = 30 * 10; // 30 seconds
@@ -376,6 +381,7 @@ static void supp_fwh_sec_prot_state_machine(sec_prot_t *prot)
 
             supp_fwh_sec_prot_recv_replay_counter_store(prot);
             supp_fwh_sec_prot_security_replay_counter_update(prot);
+            data->msg3_received = true;
 
             // Sends 4WH Message 4
             supp_fwh_sec_prot_message_send(prot, FWH_MESSAGE_4);
@@ -389,17 +395,24 @@ static void supp_fwh_sec_prot_state_machine(sec_prot_t *prot)
                 sec_prot_state_set(prot, &data->common, FWH_STATE_FINISHED);
                 return;
             }
-            data->msg3_retry_wait = true;
 
-            tr_info("4WH: finish, wait Message 3 retry");
+            // If Message 3 has been received updates key data and waits for Message 3 retry
+            if (data->msg3_received) {
+                data->msg3_retry_wait = true;
+
+                tr_info("4WH: finish, wait Message 3 retry");
+
+                sec_prot_keys_ptk_write(prot->sec_keys, data->new_ptk);
+                sec_prot_keys_ptk_eui_64_write(prot->sec_keys, data->remote_eui64);
+
+                data->common.ticks = 60 * 10; // 60 seconds
+                sec_prot_state_set(prot, &data->common, FWH_STATE_MESSAGE_3_RETRY_WAIT);
+            } else {
+                tr_info("4WH: finish");
+            }
 
             // KMP-FINISHED.indication
-            sec_prot_keys_ptk_write(prot->sec_keys, data->new_ptk);
-            sec_prot_keys_ptk_eui_64_write(prot->sec_keys, data->remote_eui64);
             prot->finished_ind(prot, sec_prot_result_get(&data->common), prot->sec_keys);
-
-            data->common.ticks = 60 * 10; // 60 seconds
-            sec_prot_state_set(prot, &data->common, FWH_STATE_MESSAGE_3_RETRY_WAIT);
             break;
 
         case FWH_STATE_MESSAGE_3_RETRY_WAIT: