jeltz
/
hostap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use os_get_random() for Shared Key authentication challenge 

Do not use the system clock or os_random() that uses a low quality PRNG
as part of the pseudo-random challenge in auth_shared_key(). The
construction can be improved upon by replacing it with a call to
os_get_random(), which uses a high quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
This commit is contained in:
Nick Lowe 2016-02-09 14:43:21 +00:00 committed by Jouni Malinen
parent 20c48fd99b
commit f441e5af77
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/ap/ieee802_11.c
View File

@ -207,16 +207,17 @@ static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
if (!sta->challenge) {
/* Generate a pseudo-random challenge */
u8 key[8];
struct os_time now;
int r;
sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
if (sta->challenge == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
os_get_time(&now);
r = os_random();
os_memcpy(key, &now.sec, 4);
os_memcpy(key + 4, &r, 4);
if (os_get_random(key, sizeof(key)) < 0) {
os_free(sta->challenge);
sta->challenge = NULL;
return WLAN_STATUS_UNSPECIFIED_FAILURE;
}
rc4_skip(key, sizeof(key), 0,
sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
}