| The WPA2 four-way handshake protocol is vulnerable to replay attacks which can |
| result in unauthenticated clients gaining access to the network. |
| |
| Backport a number of patches from upstream to fix this. |
| |
| CVE: CVE-2017-13077 |
| CVE: CVE-2017-13078 |
| CVE: CVE-2017-13079 |
| CVE: CVE-2017-13080 |
| CVE: CVE-2017-13081 |
| CVE: CVE-2017-13082 |
| CVE: CVE-2017-13086 |
| CVE: CVE-2017-13087 |
| CVE: CVE-2017-13088 |
| |
| Upstream-Status: Backport |
| Signed-off-by: Ross Burton <ross.burton@intel.com> |
| |
| From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 |
| From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> |
| Date: Fri, 29 Sep 2017 04:22:51 +0200 |
| Subject: [PATCH 4/8] Prevent installation of an all-zero TK |
| |
| Properly track whether a PTK has already been installed to the driver |
| and the TK part cleared from memory. This prevents an attacker from |
| trying to trick the client into installing an all-zero TK. |
| |
| This fixes the earlier fix in commit |
| ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the |
| driver in EAPOL-Key 3/4 retry case') which did not take into account |
| possibility of an extra message 1/4 showing up between retries of |
| message 3/4. |
| |
| Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> |
| --- |
| src/common/wpa_common.h | 1 + |
| src/rsn_supp/wpa.c | 5 ++--- |
| src/rsn_supp/wpa_i.h | 1 - |
| 3 files changed, 3 insertions(+), 4 deletions(-) |
| |
| diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h |
| index d200285..1021ccb 100644 |
| --- a/src/common/wpa_common.h |
| +++ b/src/common/wpa_common.h |
| @@ -215,6 +215,7 @@ struct wpa_ptk { |
| size_t kck_len; |
| size_t kek_len; |
| size_t tk_len; |
| + int installed; /* 1 if key has already been installed to driver */ |
| }; |
| |
| struct wpa_gtk { |
| diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c |
| index 7a2c68d..0550a41 100644 |
| --- a/src/rsn_supp/wpa.c |
| +++ b/src/rsn_supp/wpa.c |
| @@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, |
| os_memset(buf, 0, sizeof(buf)); |
| } |
| sm->tptk_set = 1; |
| - sm->tk_to_set = 1; |
| |
| kde = sm->assoc_wpa_ie; |
| kde_len = sm->assoc_wpa_ie_len; |
| @@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, |
| enum wpa_alg alg; |
| const u8 *key_rsc; |
| |
| - if (!sm->tk_to_set) { |
| + if (sm->ptk.installed) { |
| wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, |
| "WPA: Do not re-install same PTK to the driver"); |
| return 0; |
| @@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, |
| |
| /* TK is not needed anymore in supplicant */ |
| os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); |
| - sm->tk_to_set = 0; |
| + sm->ptk.installed = 1; |
| |
| if (sm->wpa_ptk_rekey) { |
| eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); |
| diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h |
| index 9a54631..41f371f 100644 |
| --- a/src/rsn_supp/wpa_i.h |
| +++ b/src/rsn_supp/wpa_i.h |
| @@ -24,7 +24,6 @@ struct wpa_sm { |
| struct wpa_ptk ptk, tptk; |
| int ptk_set, tptk_set; |
| unsigned int msg_3_of_4_ok:1; |
| - unsigned int tk_to_set:1; |
| u8 snonce[WPA_NONCE_LEN]; |
| u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ |
| int renew_snonce; |
| -- |
| 2.7.4 |