Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver
and the TK part cleared from memory. This prevents an attacker from
trying to trick the client into installing an all-zero TK.
This fixes the earlier fix in commit
ad00d64e7d ('Fix TK configuration to the
driver in EAPOL-Key 3/4 retry case') which did not take into account
possibility of an extra message 1/4 showing up between retries of
message 3/4.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
This commit is contained in:
Mathy Vanhoef
Jouni Malinen
parent
87e2db16ba
commit
53bb18cc8b
3 changed files with 4 additions and 4 deletions
|
|
@ -219,6 +219,7 @@ struct wpa_ptk {
|
||||||
size_t kck_len;
|
size_t kck_len;
|
||||||
size_t kek_len;
|
size_t kek_len;
|
||||||
size_t tk_len;
|
size_t tk_len;
|
||||||
|
int installed; /* 1 if key has already been installed to driver */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct wpa_gtk {
|
struct wpa_gtk {
|
||||||
|
|
|
||||||
|
|
@ -596,7 +596,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
|
||||||
os_memset(buf, 0, sizeof(buf));
|
os_memset(buf, 0, sizeof(buf));
|
||||||
}
|
}
|
||||||
sm->tptk_set = 1;
|
sm->tptk_set = 1;
|
||||||
sm->tk_to_set = 1;
|
|
||||||
|
|
||||||
kde = sm->assoc_wpa_ie;
|
kde = sm->assoc_wpa_ie;
|
||||||
kde_len = sm->assoc_wpa_ie_len;
|
kde_len = sm->assoc_wpa_ie_len;
|
||||||
|
|
@ -703,7 +702,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
|
||||||
enum wpa_alg alg;
|
enum wpa_alg alg;
|
||||||
const u8 *key_rsc;
|
const u8 *key_rsc;
|
||||||
|
|
||||||
if (!sm->tk_to_set) {
|
if (sm->ptk.installed) {
|
||||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||||
"WPA: Do not re-install same PTK to the driver");
|
"WPA: Do not re-install same PTK to the driver");
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -747,7 +746,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
|
||||||
|
|
||||||
/* TK is not needed anymore in supplicant */
|
/* TK is not needed anymore in supplicant */
|
||||||
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
|
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
|
||||||
sm->tk_to_set = 0;
|
sm->ptk.installed = 1;
|
||||||
|
|
||||||
if (sm->wpa_ptk_rekey) {
|
if (sm->wpa_ptk_rekey) {
|
||||||
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
|
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
|
||||||
|
|
@ -4185,6 +4184,7 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
|
||||||
* takes care of association frame encryption/decryption. */
|
* takes care of association frame encryption/decryption. */
|
||||||
/* TK is not needed anymore in supplicant */
|
/* TK is not needed anymore in supplicant */
|
||||||
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
|
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
|
||||||
|
sm->ptk.installed = 1;
|
||||||
|
|
||||||
/* FILS HLP Container */
|
/* FILS HLP Container */
|
||||||
fils_process_hlp_container(sm, ie_start, end - ie_start);
|
fils_process_hlp_container(sm, ie_start, end - ie_start);
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@ struct wpa_sm {
|
||||||
struct wpa_ptk ptk, tptk;
|
struct wpa_ptk ptk, tptk;
|
||||||
int ptk_set, tptk_set;
|
int ptk_set, tptk_set;
|
||||||
unsigned int msg_3_of_4_ok:1;
|
unsigned int msg_3_of_4_ok:1;
|
||||||
unsigned int tk_to_set:1;
|
|
||||||
u8 snonce[WPA_NONCE_LEN];
|
u8 snonce[WPA_NONCE_LEN];
|
||||||
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
|
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
|
||||||
int renew_snonce;
|
int renew_snonce;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue