Home Explore Help
Register Sign In
wareck
/
openwrt_chaos_calmer
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c3df3ea581
Branches Tags
openwrt_chaos_c...
/
package
/
network
/
services
/
hostapd
/
patches
/
905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch

905-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch 1.9 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
    2. 

  2. From: Jouni Malinen <j@w1.fi>
    3. 

  3. Date: Sun, 1 Oct 2017 12:32:57 +0300
    4. 

  4. Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
    5. 

  5. 

  6. The Authenticator state machine path for PTK rekeying ended up bypassing
    7. 

  7. the AUTHENTICATION2 state where a new ANonce is generated when going
    8. 

  8. directly to the PTKSTART state since there is no need to try to
    9. 

  9. determine the PMK again in such a case. This is far from ideal since the
    10. 

  10. new PTK would depend on a new nonce only from the supplicant.
    11. 

  11. 

  12. Fix this by generating a new ANonce when moving to the PTKSTART state
    13. 

  13. for the purpose of starting new 4-way handshake to rekey PTK.
    14. 

  14. 

  15. Signed-off-by: Jouni Malinen <j@w1.fi>
    16. 

  16. ---
    17. 

  17.  src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
    18. 

  18.  1 file changed, 21 insertions(+), 3 deletions(-)
    19. 

  19. 

  20. diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
    21. 

  21. index 707971d..bf10cc1 100644
    22. 

  22. --- a/src/ap/wpa_auth.c
    23. 

  23. +++ b/src/ap/wpa_auth.c
    24. 

  24. @@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
    25. 

  25.  }
    26. 

  26.  
    27. 

  27.  
    28. 

  28. +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
    29. 

  29. +{
    30. 

  30. +	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
    31. 

  31. +		wpa_printf(MSG_ERROR,
    32. 

  32. +			   "WPA: Failed to get random data for ANonce");
    33. 

  33. +		sm->Disconnect = TRUE;
    34. 

  34. +		return -1;
    35. 

  35. +	}
    36. 

  36. +	wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
    37. 

  37. +		    WPA_NONCE_LEN);
    38. 

  38. +	sm->TimeoutCtr = 0;
    39. 

  39. +	return 0;
    40. 

  40. +}
    41. 

  41. +
    42. 

  42. +
    43. 

  43.  SM_STATE(WPA_PTK, INITPMK)
    44. 

  44.  {
    45. 

  45.  	u8 msk[2 * PMK_LEN];
    46. 

  46. @@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
    47. 

  47.  		SM_ENTER(WPA_PTK, AUTHENTICATION);
    48. 

  48.  	else if (sm->ReAuthenticationRequest)
    49. 

  49.  		SM_ENTER(WPA_PTK, AUTHENTICATION2);
    50. 

  50. -	else if (sm->PTKRequest)
    51. 

  51. -		SM_ENTER(WPA_PTK, PTKSTART);
    52. 

  52. -	else switch (sm->wpa_ptk_state) {
    53. 

  53. +	else if (sm->PTKRequest) {
    54. 

  54. +		if (wpa_auth_sm_ptk_update(sm) < 0)
    55. 

  55. +			SM_ENTER(WPA_PTK, DISCONNECTED);
    56. 

  56. +		else
    57. 

  57. +			SM_ENTER(WPA_PTK, PTKSTART);
    58. 

  58. +	} else switch (sm->wpa_ptk_state) {
    59. 

  59.  	case WPA_PTK_INITIALIZE:
    60. 

  60.  		break;
    61. 

  61.  	case WPA_PTK_DISCONNECT:
    62. 

  62. -- 
    63. 

  63. 2.7.4
    64. 

  64.