40f6b56965ecbf35abca08b5c5e5968e3bb6135b
[librecmc/librecmc.git] /
1 From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001
2 From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
3 Date: Thu, 5 Oct 2017 23:53:01 +0200
4 Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake
5
6 Currently, reinstallations of the PTK are prevented by (1) assuring the
7 same TPTK is only set once as the PTK, and (2) that one particular PTK
8 is only installed once. This patch makes it more explicit that point (1)
9 is required to prevent key reinstallations. At the same time, this patch
10 hardens wpa_supplicant such that future changes do not accidentally
11 break this property.
12
13 Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
14 ---
15  src/rsn_supp/wpa.c | 8 ++++++++
16  1 file changed, 8 insertions(+)
17
18 --- a/src/rsn_supp/wpa.c
19 +++ b/src/rsn_supp/wpa.c
20 @@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k
21                         sm->ptk_set = 1;
22                         os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
23                         os_memset(&sm->tptk, 0, sizeof(sm->tptk));
24 +                       /*
25 +                        * This assures the same TPTK in sm->tptk can never be
26 +                        * copied twice to sm->pkt as the new PTK. In
27 +                        * combination with the installed flag in the wpa_ptk
28 +                        * struct, this assures the same PTK is only installed
29 +                        * once.
30 +                        */
31 +                       sm->renew_snonce = 1;
32                 }
33         }
34