diff options
author | Felix Fietkau <nbd@nbd.name> | 2017-10-16 11:39:23 +0200 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2017-10-16 12:01:57 +0200 |
commit | bbda81ce3077dfade2a43a39f772cfec2e82a9a5 (patch) | |
tree | 85d3ecb10669b2829220c0c2f134e80094bd837e /package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | |
parent | 0d5c1d7f238cd5aca207268950edc70ed6cf0a05 (diff) | |
download | upstream-bbda81ce3077dfade2a43a39f772cfec2e82a9a5.tar.gz upstream-bbda81ce3077dfade2a43a39f772cfec2e82a9a5.tar.bz2 upstream-bbda81ce3077dfade2a43a39f772cfec2e82a9a5.zip |
hostapd: merge fixes for WPA packet number reuse with replayed messages and key reinstallation
Fixes:
- CERT case ID: VU#228519
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
For more information see:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch')
-rw-r--r-- | package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch new file mode 100644 index 0000000000..6f28e74314 --- /dev/null +++ b/package/network/services/hostapd/patches/004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch @@ -0,0 +1,56 @@ +From: Jouni Malinen <j@w1.fi> +Date: Sun, 1 Oct 2017 12:32:57 +0300 +Subject: [PATCH] Fix PTK rekeying to generate a new ANonce + +The Authenticator state machine path for PTK rekeying ended up bypassing +the AUTHENTICATION2 state where a new ANonce is generated when going +directly to the PTKSTART state since there is no need to try to +determine the PMK again in such a case. This is far from ideal since the +new PTK would depend on a new nonce only from the supplicant. + +Fix this by generating a new ANonce when moving to the PTKSTART state +for the purpose of starting new 4-way handshake to rekey PTK. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -1951,6 +1951,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) + } + + ++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) ++{ ++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { ++ wpa_printf(MSG_ERROR, ++ "WPA: Failed to get random data for ANonce"); ++ sm->Disconnect = TRUE; ++ return -1; ++ } ++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, ++ WPA_NONCE_LEN); ++ sm->TimeoutCtr = 0; ++ return 0; ++} ++ ++ + SM_STATE(WPA_PTK, INITPMK) + { + u8 msk[2 * PMK_LEN]; +@@ -3116,9 +3131,12 @@ SM_STEP(WPA_PTK) + SM_ENTER(WPA_PTK, AUTHENTICATION); + else if (sm->ReAuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION2); +- else if (sm->PTKRequest) +- SM_ENTER(WPA_PTK, PTKSTART); +- else switch (sm->wpa_ptk_state) { ++ else if (sm->PTKRequest) { ++ if (wpa_auth_sm_ptk_update(sm) < 0) ++ SM_ENTER(WPA_PTK, DISCONNECTED); ++ else ++ SM_ENTER(WPA_PTK, PTKSTART); ++ } else switch (sm->wpa_ptk_state) { + case WPA_PTK_INITIALIZE: + break; + case WPA_PTK_DISCONNECT: |