Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

WPS: Use random_get_bytes() for NFC password id

os_random() may not be seeded properly, so use stronger mechanism for
generating the password id for NFC password tokens.

Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen 12 years ago
parent
ffdaa05a6b
commit
72df0cd28c
2 changed files with 8 additions and 4 deletions
Split View Show Diff Stats
  1. 4 2
      src/ap/wps_hostapd.c
  2. 4 2
      wpa_supplicant/wps_supplicant.c

+ 4 - 2
src/ap/wps_hostapd.c
View File 

@@ -1629,13 +1629,15 @@ struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
 
 	struct wpabuf *priv = NULL, *pub = NULL, *pw;
 
 	void *dh_ctx;
 
 	struct wpabuf *ret;
 
+	u16 val;
 
 
 	pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
 
 	if (pw == NULL)
 
 		return NULL;
 
 
 	if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),
 
-			     WPS_OOB_DEVICE_PASSWORD_LEN)) {
 
+			     WPS_OOB_DEVICE_PASSWORD_LEN) ||
 
+	    random_get_bytes((u8 *) &val, sizeof(val))) {
 
 		wpabuf_free(pw);
 
 		return NULL;
 
 	}
 
@@ -1647,7 +1649,7 @@ struct wpabuf * hostapd_wps_nfc_token_gen(struct hostapd_data *hapd, int ndef)
 
 	}
 
 	dh5_free(dh_ctx);
 
 
-	hapd->conf->wps_nfc_dev_pw_id = 0x10 + os_random() % 0xfff0;
 
+	hapd->conf->wps_nfc_dev_pw_id = 0x10 + val % 0xfff0;
 
 	wpabuf_free(hapd->conf->wps_nfc_dh_pubkey);
 
 	hapd->conf->wps_nfc_dh_pubkey = pub;
 
 	wpabuf_free(hapd->conf->wps_nfc_dh_privkey);

+ 4 - 2
wpa_supplicant/wps_supplicant.c
View File 

@@ -1799,13 +1799,15 @@ struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
 
 	struct wpabuf *priv = NULL, *pub = NULL, *pw;
 
 	void *dh_ctx;
 
 	struct wpabuf *ret;
 
+	u16 val;
 
 
 	pw = wpabuf_alloc(WPS_OOB_DEVICE_PASSWORD_LEN);
 
 	if (pw == NULL)
 
 		return NULL;
 
 
 	if (random_get_bytes(wpabuf_put(pw, WPS_OOB_DEVICE_PASSWORD_LEN),
 
-			     WPS_OOB_DEVICE_PASSWORD_LEN)) {
 
+			     WPS_OOB_DEVICE_PASSWORD_LEN) ||
 
+	    random_get_bytes((u8 *) &val, sizeof(val))) {
 
 		wpabuf_free(pw);
 
 		return NULL;
 
 	}
 
@@ -1817,7 +1819,7 @@ struct wpabuf * wpas_wps_nfc_token(struct wpa_supplicant *wpa_s, int ndef)
 
 	}
 
 	dh5_free(dh_ctx);
 
 
-	wpa_s->conf->wps_nfc_dev_pw_id = 0x10 + os_random() % 0xfff0;
 
+	wpa_s->conf->wps_nfc_dev_pw_id = 0x10 + val % 0xfff0;
 
 	wpabuf_free(wpa_s->conf->wps_nfc_dh_pubkey);
 
 	wpa_s->conf->wps_nfc_dh_pubkey = pub;
 
 	wpabuf_free(wpa_s->conf->wps_nfc_dh_privkey);