| The WPA2 four-way handshake protocol is vulnerable to replay attacks which can |
| result in unauthenticated clients gaining access to the network. |
| |
| Backport a number of patches from upstream to fix this. |
| |
| CVE: CVE-2017-13077 |
| CVE: CVE-2017-13078 |
| CVE: CVE-2017-13079 |
| CVE: CVE-2017-13080 |
| CVE: CVE-2017-13081 |
| CVE: CVE-2017-13082 |
| CVE: CVE-2017-13086 |
| CVE: CVE-2017-13087 |
| CVE: CVE-2017-13088 |
| |
| Upstream-Status: Backport |
| Signed-off-by: Ross Burton <ross.burton@intel.com> |
| |
| From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 |
| From: Jouni Malinen <j@w1.fi> |
| Date: Sun, 1 Oct 2017 12:12:24 +0300 |
| Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep |
| Mode cases |
| |
| This extends the protection to track last configured GTK/IGTK value |
| separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a |
| corner case where these two different mechanisms may get used when the |
| GTK/IGTK has changed and tracking a single value is not sufficient to |
| detect a possible key reconfiguration. |
| |
| Signed-off-by: Jouni Malinen <j@w1.fi> |
| --- |
| src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- |
| src/rsn_supp/wpa_i.h | 2 ++ |
| 2 files changed, 40 insertions(+), 15 deletions(-) |
| |
| diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
| index 95bd7be..7a2c68d 100644 |
| --- a/src/rsn_supp/wpa.c |
| +++ b/src/rsn_supp/wpa.c |
| @@ -709,14 +709,17 @@ struct wpa_gtk_data { |
| |
| static int wpa_supplicant_install_gtk(struct wpa_sm *sm, |
| const struct wpa_gtk_data *gd, |
| - const u8 *key_rsc) |
| + const u8 *key_rsc, int wnm_sleep) |
| { |
| const u8 *_gtk = gd->gtk; |
| u8 gtk_buf[32]; |
| |
| /* Detect possible key reinstallation */ |
| - if (sm->gtk.gtk_len == (size_t) gd->gtk_len && |
| - os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { |
| + if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && |
| + os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || |
| + (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && |
| + os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, |
| + sm->gtk_wnm_sleep.gtk_len) == 0)) { |
| wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", |
| gd->keyidx, gd->tx, gd->gtk_len); |
| @@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, |
| } |
| os_memset(gtk_buf, 0, sizeof(gtk_buf)); |
| |
| - sm->gtk.gtk_len = gd->gtk_len; |
| - os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); |
| + if (wnm_sleep) { |
| + sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; |
| + os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, |
| + sm->gtk_wnm_sleep.gtk_len); |
| + } else { |
| + sm->gtk.gtk_len = gd->gtk_len; |
| + os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); |
| + } |
| |
| return 0; |
| } |
| @@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, |
| (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, |
| gtk_len, gtk_len, |
| &gd.key_rsc_len, &gd.alg) || |
| - wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { |
| + wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { |
| wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| "RSN: Failed to install GTK"); |
| os_memset(&gd, 0, sizeof(gd)); |
| @@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, |
| |
| #ifdef CONFIG_IEEE80211W |
| static int wpa_supplicant_install_igtk(struct wpa_sm *sm, |
| - const struct wpa_igtk_kde *igtk) |
| + const struct wpa_igtk_kde *igtk, |
| + int wnm_sleep) |
| { |
| size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); |
| u16 keyidx = WPA_GET_LE16(igtk->keyid); |
| |
| /* Detect possible key reinstallation */ |
| - if (sm->igtk.igtk_len == len && |
| - os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { |
| + if ((sm->igtk.igtk_len == len && |
| + os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || |
| + (sm->igtk_wnm_sleep.igtk_len == len && |
| + os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, |
| + sm->igtk_wnm_sleep.igtk_len) == 0)) { |
| wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", |
| keyidx); |
| @@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, |
| return -1; |
| } |
| |
| - sm->igtk.igtk_len = len; |
| - os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); |
| + if (wnm_sleep) { |
| + sm->igtk_wnm_sleep.igtk_len = len; |
| + os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, |
| + sm->igtk_wnm_sleep.igtk_len); |
| + } else { |
| + sm->igtk.igtk_len = len; |
| + os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); |
| + } |
| |
| return 0; |
| } |
| @@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, |
| return -1; |
| |
| igtk = (const struct wpa_igtk_kde *) ie->igtk; |
| - if (wpa_supplicant_install_igtk(sm, igtk) < 0) |
| + if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) |
| return -1; |
| } |
| |
| @@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, |
| if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) |
| key_rsc = null_rsc; |
| |
| - if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || |
| + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || |
| wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) |
| goto failed; |
| os_memset(&gd, 0, sizeof(gd)); |
| @@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) |
| sm->tptk_set = 0; |
| os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
| os_memset(&sm->gtk, 0, sizeof(sm->gtk)); |
| + os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); |
| #ifdef CONFIG_IEEE80211W |
| os_memset(&sm->igtk, 0, sizeof(sm->igtk)); |
| + os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); |
| #endif /* CONFIG_IEEE80211W */ |
| } |
| |
| @@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) |
| os_memset(&sm->ptk, 0, sizeof(sm->ptk)); |
| os_memset(&sm->tptk, 0, sizeof(sm->tptk)); |
| os_memset(&sm->gtk, 0, sizeof(sm->gtk)); |
| + os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); |
| #ifdef CONFIG_IEEE80211W |
| os_memset(&sm->igtk, 0, sizeof(sm->igtk)); |
| + os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); |
| #endif /* CONFIG_IEEE80211W */ |
| #ifdef CONFIG_IEEE80211R |
| os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); |
| @@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) |
| |
| wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", |
| gd.gtk, gd.gtk_len); |
| - if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { |
| + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { |
| os_memset(&gd, 0, sizeof(gd)); |
| wpa_printf(MSG_DEBUG, "Failed to install the GTK in " |
| "WNM mode"); |
| @@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) |
| const struct wpa_igtk_kde *igtk; |
| |
| igtk = (const struct wpa_igtk_kde *) (buf + 2); |
| - if (wpa_supplicant_install_igtk(sm, igtk) < 0) |
| + if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) |
| return -1; |
| #endif /* CONFIG_IEEE80211W */ |
| } else { |
| diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
| index afc9e37..9a54631 100644 |
| --- a/src/rsn_supp/wpa_i.h |
| +++ b/src/rsn_supp/wpa_i.h |
| @@ -32,8 +32,10 @@ struct wpa_sm { |
| int rx_replay_counter_set; |
| u8 request_counter[WPA_REPLAY_COUNTER_LEN]; |
| struct wpa_gtk gtk; |
| + struct wpa_gtk gtk_wnm_sleep; |
| #ifdef CONFIG_IEEE80211W |
| struct wpa_igtk igtk; |
| + struct wpa_igtk igtk_wnm_sleep; |
| #endif /* CONFIG_IEEE80211W */ |
| |
| struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ |
| -- |
| 2.7.4 |