Annotation of /trunk/wpa_supplicant/patches/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
Parent Directory | Revision Log
Revision 2999 -
(hide annotations)
(download)
Tue Oct 17 10:55:21 2017 UTC (6 years, 11 months ago) by niro
File size: 1949 byte(s)
Tue Oct 17 10:55:21 2017 UTC (6 years, 11 months ago) by niro
File size: 1949 byte(s)
-krackattack patches
1 | niro | 2999 | From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 |
2 | From: Jouni Malinen <j@w1.fi> | ||
3 | Date: Sun, 1 Oct 2017 12:32:57 +0300 | ||
4 | Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce | ||
5 | |||
6 | The Authenticator state machine path for PTK rekeying ended up bypassing | ||
7 | the AUTHENTICATION2 state where a new ANonce is generated when going | ||
8 | directly to the PTKSTART state since there is no need to try to | ||
9 | determine the PMK again in such a case. This is far from ideal since the | ||
10 | new PTK would depend on a new nonce only from the supplicant. | ||
11 | |||
12 | Fix this by generating a new ANonce when moving to the PTKSTART state | ||
13 | for the purpose of starting new 4-way handshake to rekey PTK. | ||
14 | |||
15 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
16 | --- | ||
17 | src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- | ||
18 | 1 file changed, 21 insertions(+), 3 deletions(-) | ||
19 | |||
20 | diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c | ||
21 | index 707971d..bf10cc1 100644 | ||
22 | --- a/src/ap/wpa_auth.c | ||
23 | +++ b/src/ap/wpa_auth.c | ||
24 | @@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) | ||
25 | } | ||
26 | |||
27 | |||
28 | +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) | ||
29 | +{ | ||
30 | + if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { | ||
31 | + wpa_printf(MSG_ERROR, | ||
32 | + "WPA: Failed to get random data for ANonce"); | ||
33 | + sm->Disconnect = TRUE; | ||
34 | + return -1; | ||
35 | + } | ||
36 | + wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, | ||
37 | + WPA_NONCE_LEN); | ||
38 | + sm->TimeoutCtr = 0; | ||
39 | + return 0; | ||
40 | +} | ||
41 | + | ||
42 | + | ||
43 | SM_STATE(WPA_PTK, INITPMK) | ||
44 | { | ||
45 | u8 msk[2 * PMK_LEN]; | ||
46 | @@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) | ||
47 | SM_ENTER(WPA_PTK, AUTHENTICATION); | ||
48 | else if (sm->ReAuthenticationRequest) | ||
49 | SM_ENTER(WPA_PTK, AUTHENTICATION2); | ||
50 | - else if (sm->PTKRequest) | ||
51 | - SM_ENTER(WPA_PTK, PTKSTART); | ||
52 | - else switch (sm->wpa_ptk_state) { | ||
53 | + else if (sm->PTKRequest) { | ||
54 | + if (wpa_auth_sm_ptk_update(sm) < 0) | ||
55 | + SM_ENTER(WPA_PTK, DISCONNECTED); | ||
56 | + else | ||
57 | + SM_ENTER(WPA_PTK, PTKSTART); | ||
58 | + } else switch (sm->wpa_ptk_state) { | ||
59 | case WPA_PTK_INITIALIZE: | ||
60 | break; | ||
61 | case WPA_PTK_DISCONNECT: | ||
62 | -- | ||
63 | 2.7.4 | ||
64 |