Annotation of /trunk/wpa_supplicant/patches/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
Parent Directory
| 
Revision Log
Revision 2999 -
(hide annotations)
(download)
Tue Oct 17 10:55:21 2017 UTC (6 years, 8 months ago) by niro
File size: 1949 byte(s)
Tue Oct 17 10:55:21 2017 UTC (6 years, 8 months ago) by niro
File size: 1949 byte(s)
-krackattack patches
| 1 | niro | 2999 | From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 |
| 2 | From: Jouni Malinen <j@w1.fi> | ||
| 3 | Date: Sun, 1 Oct 2017 12:32:57 +0300 | ||
| 4 | Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce | ||
| 5 | |||
| 6 | The Authenticator state machine path for PTK rekeying ended up bypassing | ||
| 7 | the AUTHENTICATION2 state where a new ANonce is generated when going | ||
| 8 | directly to the PTKSTART state since there is no need to try to | ||
| 9 | determine the PMK again in such a case. This is far from ideal since the | ||
| 10 | new PTK would depend on a new nonce only from the supplicant. | ||
| 11 | |||
| 12 | Fix this by generating a new ANonce when moving to the PTKSTART state | ||
| 13 | for the purpose of starting new 4-way handshake to rekey PTK. | ||
| 14 | |||
| 15 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
| 16 | --- | ||
| 17 | src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- | ||
| 18 | 1 file changed, 21 insertions(+), 3 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c | ||
| 21 | index 707971d..bf10cc1 100644 | ||
| 22 | --- a/src/ap/wpa_auth.c | ||
| 23 | +++ b/src/ap/wpa_auth.c | ||
| 24 | @@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) | ||
| 25 | } | ||
| 26 | |||
| 27 | |||
| 28 | +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) | ||
| 29 | +{ | ||
| 30 | + if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { | ||
| 31 | + wpa_printf(MSG_ERROR, | ||
| 32 | + "WPA: Failed to get random data for ANonce"); | ||
| 33 | + sm->Disconnect = TRUE; | ||
| 34 | + return -1; | ||
| 35 | + } | ||
| 36 | + wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, | ||
| 37 | + WPA_NONCE_LEN); | ||
| 38 | + sm->TimeoutCtr = 0; | ||
| 39 | + return 0; | ||
| 40 | +} | ||
| 41 | + | ||
| 42 | + | ||
| 43 | SM_STATE(WPA_PTK, INITPMK) | ||
| 44 | { | ||
| 45 | u8 msk[2 * PMK_LEN]; | ||
| 46 | @@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) | ||
| 47 | SM_ENTER(WPA_PTK, AUTHENTICATION); | ||
| 48 | else if (sm->ReAuthenticationRequest) | ||
| 49 | SM_ENTER(WPA_PTK, AUTHENTICATION2); | ||
| 50 | - else if (sm->PTKRequest) | ||
| 51 | - SM_ENTER(WPA_PTK, PTKSTART); | ||
| 52 | - else switch (sm->wpa_ptk_state) { | ||
| 53 | + else if (sm->PTKRequest) { | ||
| 54 | + if (wpa_auth_sm_ptk_update(sm) < 0) | ||
| 55 | + SM_ENTER(WPA_PTK, DISCONNECTED); | ||
| 56 | + else | ||
| 57 | + SM_ENTER(WPA_PTK, PTKSTART); | ||
| 58 | + } else switch (sm->wpa_ptk_state) { | ||
| 59 | case WPA_PTK_INITIALIZE: | ||
| 60 | break; | ||
| 61 | case WPA_PTK_DISCONNECT: | ||
| 62 | -- | ||
| 63 | 2.7.4 | ||
| 64 |