poky/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch - openbmc/openbmc - Gitiles

 The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
 result in unauthenticated clients gaining access to the network.

 Backport a number of patches from upstream to fix this.

 CVE: CVE-2017-13077
 CVE: CVE-2017-13078
 CVE: CVE-2017-13079
 CVE: CVE-2017-13080
 CVE: CVE-2017-13081
 CVE: CVE-2017-13082
 CVE: CVE-2017-13086
 CVE: CVE-2017-13087
 CVE: CVE-2017-13088

 Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@intel.com>

 From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
 From: Jouni Malinen <j@w1.fi>
 Date: Sun, 1 Oct 2017 12:32:57 +0300
 Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce

 The Authenticator state machine path for PTK rekeying ended up bypassing
 the AUTHENTICATION2 state where a new ANonce is generated when going
 directly to the PTKSTART state since there is no need to try to
 determine the PMK again in such a case. This is far from ideal since the
 new PTK would depend on a new nonce only from the supplicant.

 Fix this by generating a new ANonce when moving to the PTKSTART state
 for the purpose of starting new 4-way handshake to rekey PTK.

 Signed-off-by: Jouni Malinen <j@w1.fi>
 ---
  src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
  1 file changed, 21 insertions(+), 3 deletions(-)

 diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
 index 707971d..bf10cc1 100644
 --- a/src/ap/wpa_auth.c
 +++ b/src/ap/wpa_auth.c
 @@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
  }


 +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
 +{
 +	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
 +		wpa_printf(MSG_ERROR,
 +			   "WPA: Failed to get random data for ANonce");
 +		sm->Disconnect = TRUE;
 +		return -1;
 +	}
 +	wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
 +		    WPA_NONCE_LEN);
 +	sm->TimeoutCtr = 0;
 +	return 0;
 +}
 +
 +
  SM_STATE(WPA_PTK, INITPMK)
  {
  	u8 msk[2 * PMK_LEN];
 @@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
  		SM_ENTER(WPA_PTK, AUTHENTICATION);
  	else if (sm->ReAuthenticationRequest)
  		SM_ENTER(WPA_PTK, AUTHENTICATION2);
 -	else if (sm->PTKRequest)
 -		SM_ENTER(WPA_PTK, PTKSTART);
 -	else switch (sm->wpa_ptk_state) {
 +	else if (sm->PTKRequest) {
 +		if (wpa_auth_sm_ptk_update(sm) < 0)
 +			SM_ENTER(WPA_PTK, DISCONNECTED);
 +		else
 +			SM_ENTER(WPA_PTK, PTKSTART);
 +	} else switch (sm->wpa_ptk_state) {
  	case WPA_PTK_INITIALIZE:
  		break;
  	case WPA_PTK_DISCONNECT:
 --
 2.7.4
	The WPA2 four-way handshake protocol is vulnerable to replay attacks which can
	result in unauthenticated clients gaining access to the network.

	Backport a number of patches from upstream to fix this.

	CVE: CVE-2017-13077
	CVE: CVE-2017-13078
	CVE: CVE-2017-13079
	CVE: CVE-2017-13080
	CVE: CVE-2017-13081
	CVE: CVE-2017-13082
	CVE: CVE-2017-13086
	CVE: CVE-2017-13087
	CVE: CVE-2017-13088

	Upstream-Status: Backport
	Signed-off-by: Ross Burton <ross.burton@intel.com>

	From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
	From: Jouni Malinen <j@w1.fi>
	Date: Sun, 1 Oct 2017 12:32:57 +0300
	Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce

	The Authenticator state machine path for PTK rekeying ended up bypassing
	the AUTHENTICATION2 state where a new ANonce is generated when going
	directly to the PTKSTART state since there is no need to try to
	determine the PMK again in such a case. This is far from ideal since the
	new PTK would depend on a new nonce only from the supplicant.

	Fix this by generating a new ANonce when moving to the PTKSTART state
	for the purpose of starting new 4-way handshake to rekey PTK.

	Signed-off-by: Jouni Malinen <j@w1.fi>
	---
	src/ap/wpa_auth.c \| 24 +++++++++++++++++++++---
	1 file changed, 21 insertions(+), 3 deletions(-)

	diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
	index 707971d..bf10cc1 100644
	--- a/src/ap/wpa_auth.c
	+++ b/src/ap/wpa_auth.c
	@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
	}


	+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
	+{
	+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
	+ wpa_printf(MSG_ERROR,
	+ "WPA: Failed to get random data for ANonce");
	+ sm->Disconnect = TRUE;
	+ return -1;
	+ }
	+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
	+ WPA_NONCE_LEN);
	+ sm->TimeoutCtr = 0;
	+ return 0;
	+}
	+
	+
	SM_STATE(WPA_PTK, INITPMK)
	{
	u8 msk[2 * PMK_LEN];
	@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
	SM_ENTER(WPA_PTK, AUTHENTICATION);
	else if (sm->ReAuthenticationRequest)
	SM_ENTER(WPA_PTK, AUTHENTICATION2);
	- else if (sm->PTKRequest)
	- SM_ENTER(WPA_PTK, PTKSTART);
	- else switch (sm->wpa_ptk_state) {
	+ else if (sm->PTKRequest) {
	+ if (wpa_auth_sm_ptk_update(sm) < 0)
	+ SM_ENTER(WPA_PTK, DISCONNECTED);
	+ else
	+ SM_ENTER(WPA_PTK, PTKSTART);
	+ } else switch (sm->wpa_ptk_state) {
	case WPA_PTK_INITIALIZE:
	break;
	case WPA_PTK_DISCONNECT:
	--
	2.7.4