Contents of /trunk/wpa_supplicant/patches/0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
Parent Directory | Revision Log
Revision 2999 -
(show annotations)
(download)
Tue Oct 17 10:55:21 2017 UTC (6 years, 11 months ago) by niro
File size: 1949 byte(s)
Tue Oct 17 10:55:21 2017 UTC (6 years, 11 months ago) by niro
File size: 1949 byte(s)
-krackattack patches
1 | From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 |
2 | From: Jouni Malinen <j@w1.fi> |
3 | Date: Sun, 1 Oct 2017 12:32:57 +0300 |
4 | Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce |
5 | |
6 | The Authenticator state machine path for PTK rekeying ended up bypassing |
7 | the AUTHENTICATION2 state where a new ANonce is generated when going |
8 | directly to the PTKSTART state since there is no need to try to |
9 | determine the PMK again in such a case. This is far from ideal since the |
10 | new PTK would depend on a new nonce only from the supplicant. |
11 | |
12 | Fix this by generating a new ANonce when moving to the PTKSTART state |
13 | for the purpose of starting new 4-way handshake to rekey PTK. |
14 | |
15 | Signed-off-by: Jouni Malinen <j@w1.fi> |
16 | --- |
17 | src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- |
18 | 1 file changed, 21 insertions(+), 3 deletions(-) |
19 | |
20 | diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c |
21 | index 707971d..bf10cc1 100644 |
22 | --- a/src/ap/wpa_auth.c |
23 | +++ b/src/ap/wpa_auth.c |
24 | @@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) |
25 | } |
26 | |
27 | |
28 | +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) |
29 | +{ |
30 | + if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { |
31 | + wpa_printf(MSG_ERROR, |
32 | + "WPA: Failed to get random data for ANonce"); |
33 | + sm->Disconnect = TRUE; |
34 | + return -1; |
35 | + } |
36 | + wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, |
37 | + WPA_NONCE_LEN); |
38 | + sm->TimeoutCtr = 0; |
39 | + return 0; |
40 | +} |
41 | + |
42 | + |
43 | SM_STATE(WPA_PTK, INITPMK) |
44 | { |
45 | u8 msk[2 * PMK_LEN]; |
46 | @@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) |
47 | SM_ENTER(WPA_PTK, AUTHENTICATION); |
48 | else if (sm->ReAuthenticationRequest) |
49 | SM_ENTER(WPA_PTK, AUTHENTICATION2); |
50 | - else if (sm->PTKRequest) |
51 | - SM_ENTER(WPA_PTK, PTKSTART); |
52 | - else switch (sm->wpa_ptk_state) { |
53 | + else if (sm->PTKRequest) { |
54 | + if (wpa_auth_sm_ptk_update(sm) < 0) |
55 | + SM_ENTER(WPA_PTK, DISCONNECTED); |
56 | + else |
57 | + SM_ENTER(WPA_PTK, PTKSTART); |
58 | + } else switch (sm->wpa_ptk_state) { |
59 | case WPA_PTK_INITIALIZE: |
60 | break; |
61 | case WPA_PTK_DISCONNECT: |
62 | -- |
63 | 2.7.4 |
64 |