--- /dev/null
+From a00e946c1c9a1f9cc65c72900d2a444ceb1f872e Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Thu, 5 Oct 2017 23:53:01 +0200
+Subject: [PATCH] WPA: Extra defense against PTK reinstalls in 4-way handshake
+
+Currently, reinstallations of the PTK are prevented by (1) assuring the
+same TPTK is only set once as the PTK, and (2) that one particular PTK
+is only installed once. This patch makes it more explicit that point (1)
+is required to prevent key reinstallations. At the same time, this patch
+hardens wpa_supplicant such that future changes do not accidentally
+break this property.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/rsn_supp/wpa.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -1728,6 +1728,14 @@ static int wpa_supplicant_verify_eapol_k
+ sm->ptk_set = 1;
+ os_memcpy(&sm->ptk, &sm->tptk, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ /*
++ * This assures the same TPTK in sm->tptk can never be
++ * copied twice to sm->pkt as the new PTK. In
++ * combination with the installed flag in the wpa_ptk
++ * struct, this assures the same PTK is only installed
++ * once.
++ */
++ sm->renew_snonce = 1;
+ }
+ }
+
projects / librecmc / librecmc.git / blobdiff