| 12345678910111213141516171819202122232425262728293031323334 |
- From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001
- From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
- Date: Thu, 5 Oct 2017 23:53:01 +0200
- Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake
- Currently, reinstallations of the PTK are prevented by (1) assuring the
- same TPTK is only set once as the PTK, and (2) that one particular PTK
- is only installed once. This patch makes it more explicit that point (1)
- is required to prevent key reinstallations. At the same time, this patch
- hardens wpa_supplicant such that future changes do not accidentally
- break this property.
- Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
- ---
- src/rsn_supp/wpa.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
- --- a/src/rsn_supp/wpa.c
- +++ b/src/rsn_supp/wpa.c
- @@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k
- sm->ptk_set = 1;
- os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
- os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- + /*
- + * This assures the same TPTK in sm->tptk can never be
- + * copied twice to sm->pkt as the new PTK. In
- + * combination with the installed flag in the wpa_ptk
- + * struct, this assures the same PTK is only installed
- + * once.
- + */
- + sm->renew_snonce = 1;
- }
- }
-
|
