aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>2017-09-29 02:22:51 (GMT)
committerJouni Malinen <j@w1.fi>2017-10-15 23:03:47 (GMT)
commit53bb18cc8b7a4da72e47e4b3752d0d2135cffb23 (patch)
tree2c460dc2ce3b08192e75015e90292d4d4b250567
parent87e2db16bafcbc60b8d0016175814a73c1e8ed45 (diff)
downloadhostap-53bb18cc8b7a4da72e47e4b3752d0d2135cffb23.zip
hostap-53bb18cc8b7a4da72e47e4b3752d0d2135cffb23.tar.gz
hostap-53bb18cc8b7a4da72e47e4b3752d0d2135cffb23.tar.bz2
Prevent installation of an all-zero TK
Properly track whether a PTK has already been installed to the driver and the TK part cleared from memory. This prevents an attacker from trying to trick the client into installing an all-zero TK. This fixes the earlier fix in commit ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the driver in EAPOL-Key 3/4 retry case') which did not take into account possibility of an extra message 1/4 showing up between retries of message 3/4. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-rw-r--r--src/common/wpa_common.h1
-rw-r--r--src/rsn_supp/wpa.c6
-rw-r--r--src/rsn_supp/wpa_i.h1
3 files changed, 4 insertions, 4 deletions
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 0872b12..8411686 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -219,6 +219,7 @@ struct wpa_ptk {
size_t kck_len;
size_t kek_len;
size_t tk_len;
+ int installed; /* 1 if key has already been installed to driver */
};
struct wpa_gtk {
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index acdac17..12e068a 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -596,7 +596,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
os_memset(buf, 0, sizeof(buf));
}
sm->tptk_set = 1;
- sm->tk_to_set = 1;
kde = sm->assoc_wpa_ie;
kde_len = sm->assoc_wpa_ie_len;
@@ -703,7 +702,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
enum wpa_alg alg;
const u8 *key_rsc;
- if (!sm->tk_to_set) {
+ if (sm->ptk.installed) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"WPA: Do not re-install same PTK to the driver");
return 0;
@@ -747,7 +746,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
- sm->tk_to_set = 0;
+ sm->ptk.installed = 1;
if (sm->wpa_ptk_rekey) {
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
@@ -4185,6 +4184,7 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
* takes care of association frame encryption/decryption. */
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+ sm->ptk.installed = 1;
/* FILS HLP Container */
fils_process_hlp_container(sm, ie_start, end - ie_start);
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 5331146..d0963e4 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -24,7 +24,6 @@ struct wpa_sm {
struct wpa_ptk ptk, tptk;
int ptk_set, tptk_set;
unsigned int msg_3_of_4_ok:1;
- unsigned int tk_to_set:1;
u8 snonce[WPA_NONCE_LEN];
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
int renew_snonce;