diff options
author | Changhyeok Bae <changhyeok.bae@gmail.com> | 2019-02-08 05:21:07 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-02-08 23:15:32 +0000 |
commit | 6fe6b31ee8521e53797d0a4120d37342a59c9219 (patch) | |
tree | c6a14312011c497c3e8d083ee2043773072cbdf7 /meta/recipes-connectivity/wpa-supplicant | |
parent | 0964920f348a034d0e782e7a34407262597e4743 (diff) | |
download | poky-6fe6b31ee8521e53797d0a4120d37342a59c9219.tar.gz |
wpa-supplicant: update to 2.7
CVE patches is already applied in v2.7
(From OE-Core rev: 2c3a905061b501b1c79e191a1f275fdb9768a2d6)
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/wpa-supplicant')
10 files changed, 5 insertions, 1202 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch deleted file mode 100644 index d4d49e7fca..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple1.patch +++ /dev/null | |||
@@ -1,191 +0,0 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001 | ||
20 | From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | ||
21 | Date: Fri, 14 Jul 2017 15:15:35 +0200 | ||
22 | Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake | ||
23 | |||
24 | Do not reinstall TK to the driver during Reassociation Response frame | ||
25 | processing if the first attempt of setting the TK succeeded. This avoids | ||
26 | issues related to clearing the TX/RX PN that could result in reusing | ||
27 | same PN values for transmitted frames (e.g., due to CCM nonce reuse and | ||
28 | also hitting replay protection on the receiver) and accepting replayed | ||
29 | frames on RX side. | ||
30 | |||
31 | This issue was introduced by the commit | ||
32 | 0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in | ||
33 | authenticator') which allowed wpa_ft_install_ptk() to be called multiple | ||
34 | times with the same PTK. While the second configuration attempt is | ||
35 | needed with some drivers, it must be done only if the first attempt | ||
36 | failed. | ||
37 | |||
38 | Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | ||
39 | --- | ||
40 | src/ap/ieee802_11.c | 16 +++++++++++++--- | ||
41 | src/ap/wpa_auth.c | 11 +++++++++++ | ||
42 | src/ap/wpa_auth.h | 3 ++- | ||
43 | src/ap/wpa_auth_ft.c | 10 ++++++++++ | ||
44 | src/ap/wpa_auth_i.h | 1 + | ||
45 | 5 files changed, 37 insertions(+), 4 deletions(-) | ||
46 | |||
47 | diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c | ||
48 | index 4e04169..333035f 100644 | ||
49 | --- a/src/ap/ieee802_11.c | ||
50 | +++ b/src/ap/ieee802_11.c | ||
51 | @@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd, | ||
52 | { | ||
53 | struct ieee80211_ht_capabilities ht_cap; | ||
54 | struct ieee80211_vht_capabilities vht_cap; | ||
55 | + int set = 1; | ||
56 | |||
57 | /* | ||
58 | * Remove the STA entry to ensure the STA PS state gets cleared and | ||
59 | @@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd, | ||
60 | * FT-over-the-DS, where a station re-associates back to the same AP but | ||
61 | * skips the authentication flow, or if working with a driver that | ||
62 | * does not support full AP client state. | ||
63 | + * | ||
64 | + * Skip this if the STA has already completed FT reassociation and the | ||
65 | + * TK has been configured since the TX/RX PN must not be reset to 0 for | ||
66 | + * the same key. | ||
67 | */ | ||
68 | - if (!sta->added_unassoc) | ||
69 | + if (!sta->added_unassoc && | ||
70 | + (!(sta->flags & WLAN_STA_AUTHORIZED) || | ||
71 | + !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) { | ||
72 | hostapd_drv_sta_remove(hapd, sta->addr); | ||
73 | + wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); | ||
74 | + set = 0; | ||
75 | + } | ||
76 | |||
77 | #ifdef CONFIG_IEEE80211N | ||
78 | if (sta->flags & WLAN_STA_HT) | ||
79 | @@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd, | ||
80 | sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, | ||
81 | sta->flags | WLAN_STA_ASSOC, sta->qosinfo, | ||
82 | sta->vht_opmode, sta->p2p_ie ? 1 : 0, | ||
83 | - sta->added_unassoc)) { | ||
84 | + set)) { | ||
85 | hostapd_logger(hapd, sta->addr, | ||
86 | HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, | ||
87 | "Could not %s STA to kernel driver", | ||
88 | - sta->added_unassoc ? "set" : "add"); | ||
89 | + set ? "set" : "add"); | ||
90 | |||
91 | if (sta->added_unassoc) { | ||
92 | hostapd_drv_sta_remove(hapd, sta->addr); | ||
93 | diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c | ||
94 | index 3587086..707971d 100644 | ||
95 | --- a/src/ap/wpa_auth.c | ||
96 | +++ b/src/ap/wpa_auth.c | ||
97 | @@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) | ||
98 | #else /* CONFIG_IEEE80211R */ | ||
99 | break; | ||
100 | #endif /* CONFIG_IEEE80211R */ | ||
101 | + case WPA_DRV_STA_REMOVED: | ||
102 | + sm->tk_already_set = FALSE; | ||
103 | + return 0; | ||
104 | } | ||
105 | |||
106 | #ifdef CONFIG_IEEE80211R | ||
107 | @@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) | ||
108 | } | ||
109 | |||
110 | |||
111 | +int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm) | ||
112 | +{ | ||
113 | + if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt)) | ||
114 | + return 0; | ||
115 | + return sm->tk_already_set; | ||
116 | +} | ||
117 | + | ||
118 | + | ||
119 | int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, | ||
120 | struct rsn_pmksa_cache_entry *entry) | ||
121 | { | ||
122 | diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h | ||
123 | index 0de8d97..97461b0 100644 | ||
124 | --- a/src/ap/wpa_auth.h | ||
125 | +++ b/src/ap/wpa_auth.h | ||
126 | @@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, | ||
127 | u8 *data, size_t data_len); | ||
128 | enum wpa_event { | ||
129 | WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, | ||
130 | - WPA_REAUTH_EAPOL, WPA_ASSOC_FT | ||
131 | + WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED | ||
132 | }; | ||
133 | void wpa_remove_ptk(struct wpa_state_machine *sm); | ||
134 | int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event); | ||
135 | @@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm); | ||
136 | int wpa_auth_get_pairwise(struct wpa_state_machine *sm); | ||
137 | int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); | ||
138 | int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); | ||
139 | +int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm); | ||
140 | int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, | ||
141 | struct rsn_pmksa_cache_entry *entry); | ||
142 | struct rsn_pmksa_cache_entry * | ||
143 | diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c | ||
144 | index 42242a5..e63b99a 100644 | ||
145 | --- a/src/ap/wpa_auth_ft.c | ||
146 | +++ b/src/ap/wpa_auth_ft.c | ||
147 | @@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) | ||
148 | return; | ||
149 | } | ||
150 | |||
151 | + if (sm->tk_already_set) { | ||
152 | + /* Must avoid TK reconfiguration to prevent clearing of TX/RX | ||
153 | + * PN in the driver */ | ||
154 | + wpa_printf(MSG_DEBUG, | ||
155 | + "FT: Do not re-install same PTK to the driver"); | ||
156 | + return; | ||
157 | + } | ||
158 | + | ||
159 | /* FIX: add STA entry to kernel/driver here? The set_key will fail | ||
160 | * most likely without this.. At the moment, STA entry is added only | ||
161 | * after association has been completed. This function will be called | ||
162 | @@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) | ||
163 | |||
164 | /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ | ||
165 | sm->pairwise_set = TRUE; | ||
166 | + sm->tk_already_set = TRUE; | ||
167 | } | ||
168 | |||
169 | |||
170 | @@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, | ||
171 | |||
172 | sm->pairwise = pairwise; | ||
173 | sm->PTK_valid = TRUE; | ||
174 | + sm->tk_already_set = FALSE; | ||
175 | wpa_ft_install_ptk(sm); | ||
176 | |||
177 | buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + | ||
178 | diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h | ||
179 | index 72b7eb3..7fd8f05 100644 | ||
180 | --- a/src/ap/wpa_auth_i.h | ||
181 | +++ b/src/ap/wpa_auth_i.h | ||
182 | @@ -65,6 +65,7 @@ struct wpa_state_machine { | ||
183 | struct wpa_ptk PTK; | ||
184 | Boolean PTK_valid; | ||
185 | Boolean pairwise_set; | ||
186 | + Boolean tk_already_set; | ||
187 | int keycount; | ||
188 | Boolean Pair; | ||
189 | struct wpa_key_replay_counter { | ||
190 | -- | ||
191 | 2.7.4 \ No newline at end of file | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch deleted file mode 100644 index 501bb4b56b..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch +++ /dev/null | |||
@@ -1,267 +0,0 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 | ||
20 | From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | ||
21 | Date: Wed, 12 Jul 2017 16:03:24 +0200 | ||
22 | Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key | ||
23 | |||
24 | Track the current GTK and IGTK that is in use and when receiving a | ||
25 | (possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do | ||
26 | not install the given key if it is already in use. This prevents an | ||
27 | attacker from trying to trick the client into resetting or lowering the | ||
28 | sequence counter associated to the group key. | ||
29 | |||
30 | Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | ||
31 | --- | ||
32 | src/common/wpa_common.h | 11 +++++ | ||
33 | src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ | ||
34 | src/rsn_supp/wpa_i.h | 4 ++ | ||
35 | 3 files changed, 87 insertions(+), 44 deletions(-) | ||
36 | |||
37 | diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h | ||
38 | index af1d0f0..d200285 100644 | ||
39 | --- a/src/common/wpa_common.h | ||
40 | +++ b/src/common/wpa_common.h | ||
41 | @@ -217,6 +217,17 @@ struct wpa_ptk { | ||
42 | size_t tk_len; | ||
43 | }; | ||
44 | |||
45 | +struct wpa_gtk { | ||
46 | + u8 gtk[WPA_GTK_MAX_LEN]; | ||
47 | + size_t gtk_len; | ||
48 | +}; | ||
49 | + | ||
50 | +#ifdef CONFIG_IEEE80211W | ||
51 | +struct wpa_igtk { | ||
52 | + u8 igtk[WPA_IGTK_MAX_LEN]; | ||
53 | + size_t igtk_len; | ||
54 | +}; | ||
55 | +#endif /* CONFIG_IEEE80211W */ | ||
56 | |||
57 | /* WPA IE version 1 | ||
58 | * 00-50-f2:1 (OUI:OUI type) | ||
59 | diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c | ||
60 | index 3c47879..95bd7be 100644 | ||
61 | --- a/src/rsn_supp/wpa.c | ||
62 | +++ b/src/rsn_supp/wpa.c | ||
63 | @@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, | ||
64 | const u8 *_gtk = gd->gtk; | ||
65 | u8 gtk_buf[32]; | ||
66 | |||
67 | + /* Detect possible key reinstallation */ | ||
68 | + if (sm->gtk.gtk_len == (size_t) gd->gtk_len && | ||
69 | + os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { | ||
70 | + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
71 | + "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", | ||
72 | + gd->keyidx, gd->tx, gd->gtk_len); | ||
73 | + return 0; | ||
74 | + } | ||
75 | + | ||
76 | wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); | ||
77 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
78 | "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", | ||
79 | @@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, | ||
80 | } | ||
81 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); | ||
82 | |||
83 | + sm->gtk.gtk_len = gd->gtk_len; | ||
84 | + os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); | ||
85 | + | ||
86 | return 0; | ||
87 | } | ||
88 | |||
89 | @@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, | ||
90 | } | ||
91 | |||
92 | |||
93 | +#ifdef CONFIG_IEEE80211W | ||
94 | +static int wpa_supplicant_install_igtk(struct wpa_sm *sm, | ||
95 | + const struct wpa_igtk_kde *igtk) | ||
96 | +{ | ||
97 | + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); | ||
98 | + u16 keyidx = WPA_GET_LE16(igtk->keyid); | ||
99 | + | ||
100 | + /* Detect possible key reinstallation */ | ||
101 | + if (sm->igtk.igtk_len == len && | ||
102 | + os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { | ||
103 | + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
104 | + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", | ||
105 | + keyidx); | ||
106 | + return 0; | ||
107 | + } | ||
108 | + | ||
109 | + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
110 | + "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", | ||
111 | + keyidx, MAC2STR(igtk->pn)); | ||
112 | + wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); | ||
113 | + if (keyidx > 4095) { | ||
114 | + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
115 | + "WPA: Invalid IGTK KeyID %d", keyidx); | ||
116 | + return -1; | ||
117 | + } | ||
118 | + if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | ||
119 | + broadcast_ether_addr, | ||
120 | + keyidx, 0, igtk->pn, sizeof(igtk->pn), | ||
121 | + igtk->igtk, len) < 0) { | ||
122 | + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
123 | + "WPA: Failed to configure IGTK to the driver"); | ||
124 | + return -1; | ||
125 | + } | ||
126 | + | ||
127 | + sm->igtk.igtk_len = len; | ||
128 | + os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); | ||
129 | + | ||
130 | + return 0; | ||
131 | +} | ||
132 | +#endif /* CONFIG_IEEE80211W */ | ||
133 | + | ||
134 | + | ||
135 | static int ieee80211w_set_keys(struct wpa_sm *sm, | ||
136 | struct wpa_eapol_ie_parse *ie) | ||
137 | { | ||
138 | @@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, | ||
139 | if (ie->igtk) { | ||
140 | size_t len; | ||
141 | const struct wpa_igtk_kde *igtk; | ||
142 | - u16 keyidx; | ||
143 | + | ||
144 | len = wpa_cipher_key_len(sm->mgmt_group_cipher); | ||
145 | if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) | ||
146 | return -1; | ||
147 | + | ||
148 | igtk = (const struct wpa_igtk_kde *) ie->igtk; | ||
149 | - keyidx = WPA_GET_LE16(igtk->keyid); | ||
150 | - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " | ||
151 | - "pn %02x%02x%02x%02x%02x%02x", | ||
152 | - keyidx, MAC2STR(igtk->pn)); | ||
153 | - wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", | ||
154 | - igtk->igtk, len); | ||
155 | - if (keyidx > 4095) { | ||
156 | - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
157 | - "WPA: Invalid IGTK KeyID %d", keyidx); | ||
158 | - return -1; | ||
159 | - } | ||
160 | - if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | ||
161 | - broadcast_ether_addr, | ||
162 | - keyidx, 0, igtk->pn, sizeof(igtk->pn), | ||
163 | - igtk->igtk, len) < 0) { | ||
164 | - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
165 | - "WPA: Failed to configure IGTK to the driver"); | ||
166 | + if (wpa_supplicant_install_igtk(sm, igtk) < 0) | ||
167 | return -1; | ||
168 | - } | ||
169 | } | ||
170 | |||
171 | return 0; | ||
172 | @@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) | ||
173 | */ | ||
174 | void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | ||
175 | { | ||
176 | - int clear_ptk = 1; | ||
177 | + int clear_keys = 1; | ||
178 | |||
179 | if (sm == NULL) | ||
180 | return; | ||
181 | @@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | ||
182 | /* Prepare for the next transition */ | ||
183 | wpa_ft_prepare_auth_request(sm, NULL); | ||
184 | |||
185 | - clear_ptk = 0; | ||
186 | + clear_keys = 0; | ||
187 | } | ||
188 | #endif /* CONFIG_IEEE80211R */ | ||
189 | |||
190 | - if (clear_ptk) { | ||
191 | + if (clear_keys) { | ||
192 | /* | ||
193 | * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if | ||
194 | * this is not part of a Fast BSS Transition. | ||
195 | @@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | ||
196 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | ||
197 | sm->tptk_set = 0; | ||
198 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | ||
199 | + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); | ||
200 | +#ifdef CONFIG_IEEE80211W | ||
201 | + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); | ||
202 | +#endif /* CONFIG_IEEE80211W */ | ||
203 | } | ||
204 | |||
205 | #ifdef CONFIG_TDLS | ||
206 | @@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) | ||
207 | os_memset(sm->pmk, 0, sizeof(sm->pmk)); | ||
208 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | ||
209 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | ||
210 | + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); | ||
211 | +#ifdef CONFIG_IEEE80211W | ||
212 | + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); | ||
213 | +#endif /* CONFIG_IEEE80211W */ | ||
214 | #ifdef CONFIG_IEEE80211R | ||
215 | os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); | ||
216 | os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); | ||
217 | @@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) | ||
218 | os_memset(&gd, 0, sizeof(gd)); | ||
219 | #ifdef CONFIG_IEEE80211W | ||
220 | } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { | ||
221 | - struct wpa_igtk_kde igd; | ||
222 | - u16 keyidx; | ||
223 | - | ||
224 | - os_memset(&igd, 0, sizeof(igd)); | ||
225 | - keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); | ||
226 | - os_memcpy(igd.keyid, buf + 2, 2); | ||
227 | - os_memcpy(igd.pn, buf + 4, 6); | ||
228 | - | ||
229 | - keyidx = WPA_GET_LE16(igd.keyid); | ||
230 | - os_memcpy(igd.igtk, buf + 10, keylen); | ||
231 | - | ||
232 | - wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", | ||
233 | - igd.igtk, keylen); | ||
234 | - if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | ||
235 | - broadcast_ether_addr, | ||
236 | - keyidx, 0, igd.pn, sizeof(igd.pn), | ||
237 | - igd.igtk, keylen) < 0) { | ||
238 | - wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " | ||
239 | - "WNM mode"); | ||
240 | - os_memset(&igd, 0, sizeof(igd)); | ||
241 | + const struct wpa_igtk_kde *igtk; | ||
242 | + | ||
243 | + igtk = (const struct wpa_igtk_kde *) (buf + 2); | ||
244 | + if (wpa_supplicant_install_igtk(sm, igtk) < 0) | ||
245 | return -1; | ||
246 | - } | ||
247 | - os_memset(&igd, 0, sizeof(igd)); | ||
248 | #endif /* CONFIG_IEEE80211W */ | ||
249 | } else { | ||
250 | wpa_printf(MSG_DEBUG, "Unknown element id"); | ||
251 | diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h | ||
252 | index f653ba6..afc9e37 100644 | ||
253 | --- a/src/rsn_supp/wpa_i.h | ||
254 | +++ b/src/rsn_supp/wpa_i.h | ||
255 | @@ -31,6 +31,10 @@ struct wpa_sm { | ||
256 | u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; | ||
257 | int rx_replay_counter_set; | ||
258 | u8 request_counter[WPA_REPLAY_COUNTER_LEN]; | ||
259 | + struct wpa_gtk gtk; | ||
260 | +#ifdef CONFIG_IEEE80211W | ||
261 | + struct wpa_igtk igtk; | ||
262 | +#endif /* CONFIG_IEEE80211W */ | ||
263 | |||
264 | struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ | ||
265 | |||
266 | -- | ||
267 | 2.7.4 \ No newline at end of file | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch deleted file mode 100644 index 2e22655851..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple3.patch +++ /dev/null | |||
@@ -1,201 +0,0 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001 | ||
20 | From: Jouni Malinen <j@w1.fi> | ||
21 | Date: Sun, 1 Oct 2017 12:12:24 +0300 | ||
22 | Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep | ||
23 | Mode cases | ||
24 | |||
25 | This extends the protection to track last configured GTK/IGTK value | ||
26 | separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a | ||
27 | corner case where these two different mechanisms may get used when the | ||
28 | GTK/IGTK has changed and tracking a single value is not sufficient to | ||
29 | detect a possible key reconfiguration. | ||
30 | |||
31 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
32 | --- | ||
33 | src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++--------------- | ||
34 | src/rsn_supp/wpa_i.h | 2 ++ | ||
35 | 2 files changed, 40 insertions(+), 15 deletions(-) | ||
36 | |||
37 | diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c | ||
38 | index 95bd7be..7a2c68d 100644 | ||
39 | --- a/src/rsn_supp/wpa.c | ||
40 | +++ b/src/rsn_supp/wpa.c | ||
41 | @@ -709,14 +709,17 @@ struct wpa_gtk_data { | ||
42 | |||
43 | static int wpa_supplicant_install_gtk(struct wpa_sm *sm, | ||
44 | const struct wpa_gtk_data *gd, | ||
45 | - const u8 *key_rsc) | ||
46 | + const u8 *key_rsc, int wnm_sleep) | ||
47 | { | ||
48 | const u8 *_gtk = gd->gtk; | ||
49 | u8 gtk_buf[32]; | ||
50 | |||
51 | /* Detect possible key reinstallation */ | ||
52 | - if (sm->gtk.gtk_len == (size_t) gd->gtk_len && | ||
53 | - os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { | ||
54 | + if ((sm->gtk.gtk_len == (size_t) gd->gtk_len && | ||
55 | + os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) || | ||
56 | + (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && | ||
57 | + os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk, | ||
58 | + sm->gtk_wnm_sleep.gtk_len) == 0)) { | ||
59 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
60 | "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", | ||
61 | gd->keyidx, gd->tx, gd->gtk_len); | ||
62 | @@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, | ||
63 | } | ||
64 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); | ||
65 | |||
66 | - sm->gtk.gtk_len = gd->gtk_len; | ||
67 | - os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); | ||
68 | + if (wnm_sleep) { | ||
69 | + sm->gtk_wnm_sleep.gtk_len = gd->gtk_len; | ||
70 | + os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk, | ||
71 | + sm->gtk_wnm_sleep.gtk_len); | ||
72 | + } else { | ||
73 | + sm->gtk.gtk_len = gd->gtk_len; | ||
74 | + os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); | ||
75 | + } | ||
76 | |||
77 | return 0; | ||
78 | } | ||
79 | @@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, | ||
80 | (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, | ||
81 | gtk_len, gtk_len, | ||
82 | &gd.key_rsc_len, &gd.alg) || | ||
83 | - wpa_supplicant_install_gtk(sm, &gd, key_rsc))) { | ||
84 | + wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) { | ||
85 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
86 | "RSN: Failed to install GTK"); | ||
87 | os_memset(&gd, 0, sizeof(gd)); | ||
88 | @@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, | ||
89 | |||
90 | #ifdef CONFIG_IEEE80211W | ||
91 | static int wpa_supplicant_install_igtk(struct wpa_sm *sm, | ||
92 | - const struct wpa_igtk_kde *igtk) | ||
93 | + const struct wpa_igtk_kde *igtk, | ||
94 | + int wnm_sleep) | ||
95 | { | ||
96 | size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); | ||
97 | u16 keyidx = WPA_GET_LE16(igtk->keyid); | ||
98 | |||
99 | /* Detect possible key reinstallation */ | ||
100 | - if (sm->igtk.igtk_len == len && | ||
101 | - os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { | ||
102 | + if ((sm->igtk.igtk_len == len && | ||
103 | + os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) || | ||
104 | + (sm->igtk_wnm_sleep.igtk_len == len && | ||
105 | + os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk, | ||
106 | + sm->igtk_wnm_sleep.igtk_len) == 0)) { | ||
107 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
108 | "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", | ||
109 | keyidx); | ||
110 | @@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm, | ||
111 | return -1; | ||
112 | } | ||
113 | |||
114 | - sm->igtk.igtk_len = len; | ||
115 | - os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); | ||
116 | + if (wnm_sleep) { | ||
117 | + sm->igtk_wnm_sleep.igtk_len = len; | ||
118 | + os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk, | ||
119 | + sm->igtk_wnm_sleep.igtk_len); | ||
120 | + } else { | ||
121 | + sm->igtk.igtk_len = len; | ||
122 | + os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); | ||
123 | + } | ||
124 | |||
125 | return 0; | ||
126 | } | ||
127 | @@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, | ||
128 | return -1; | ||
129 | |||
130 | igtk = (const struct wpa_igtk_kde *) ie->igtk; | ||
131 | - if (wpa_supplicant_install_igtk(sm, igtk) < 0) | ||
132 | + if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0) | ||
133 | return -1; | ||
134 | } | ||
135 | |||
136 | @@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm, | ||
137 | if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc)) | ||
138 | key_rsc = null_rsc; | ||
139 | |||
140 | - if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) || | ||
141 | + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) || | ||
142 | wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0) | ||
143 | goto failed; | ||
144 | os_memset(&gd, 0, sizeof(gd)); | ||
145 | @@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | ||
146 | sm->tptk_set = 0; | ||
147 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | ||
148 | os_memset(&sm->gtk, 0, sizeof(sm->gtk)); | ||
149 | + os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); | ||
150 | #ifdef CONFIG_IEEE80211W | ||
151 | os_memset(&sm->igtk, 0, sizeof(sm->igtk)); | ||
152 | + os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); | ||
153 | #endif /* CONFIG_IEEE80211W */ | ||
154 | } | ||
155 | |||
156 | @@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) | ||
157 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | ||
158 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | ||
159 | os_memset(&sm->gtk, 0, sizeof(sm->gtk)); | ||
160 | + os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); | ||
161 | #ifdef CONFIG_IEEE80211W | ||
162 | os_memset(&sm->igtk, 0, sizeof(sm->igtk)); | ||
163 | + os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); | ||
164 | #endif /* CONFIG_IEEE80211W */ | ||
165 | #ifdef CONFIG_IEEE80211R | ||
166 | os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); | ||
167 | @@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) | ||
168 | |||
169 | wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)", | ||
170 | gd.gtk, gd.gtk_len); | ||
171 | - if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) { | ||
172 | + if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) { | ||
173 | os_memset(&gd, 0, sizeof(gd)); | ||
174 | wpa_printf(MSG_DEBUG, "Failed to install the GTK in " | ||
175 | "WNM mode"); | ||
176 | @@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) | ||
177 | const struct wpa_igtk_kde *igtk; | ||
178 | |||
179 | igtk = (const struct wpa_igtk_kde *) (buf + 2); | ||
180 | - if (wpa_supplicant_install_igtk(sm, igtk) < 0) | ||
181 | + if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0) | ||
182 | return -1; | ||
183 | #endif /* CONFIG_IEEE80211W */ | ||
184 | } else { | ||
185 | diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h | ||
186 | index afc9e37..9a54631 100644 | ||
187 | --- a/src/rsn_supp/wpa_i.h | ||
188 | +++ b/src/rsn_supp/wpa_i.h | ||
189 | @@ -32,8 +32,10 @@ struct wpa_sm { | ||
190 | int rx_replay_counter_set; | ||
191 | u8 request_counter[WPA_REPLAY_COUNTER_LEN]; | ||
192 | struct wpa_gtk gtk; | ||
193 | + struct wpa_gtk gtk_wnm_sleep; | ||
194 | #ifdef CONFIG_IEEE80211W | ||
195 | struct wpa_igtk igtk; | ||
196 | + struct wpa_igtk igtk_wnm_sleep; | ||
197 | #endif /* CONFIG_IEEE80211W */ | ||
198 | |||
199 | struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ | ||
200 | -- | ||
201 | 2.7.4 \ No newline at end of file | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch deleted file mode 100644 index 6c1948696e..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple4.patch +++ /dev/null | |||
@@ -1,96 +0,0 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001 | ||
20 | From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | ||
21 | Date: Fri, 29 Sep 2017 04:22:51 +0200 | ||
22 | Subject: [PATCH 4/8] Prevent installation of an all-zero TK | ||
23 | |||
24 | Properly track whether a PTK has already been installed to the driver | ||
25 | and the TK part cleared from memory. This prevents an attacker from | ||
26 | trying to trick the client into installing an all-zero TK. | ||
27 | |||
28 | This fixes the earlier fix in commit | ||
29 | ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the | ||
30 | driver in EAPOL-Key 3/4 retry case') which did not take into account | ||
31 | possibility of an extra message 1/4 showing up between retries of | ||
32 | message 3/4. | ||
33 | |||
34 | Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | ||
35 | --- | ||
36 | src/common/wpa_common.h | 1 + | ||
37 | src/rsn_supp/wpa.c | 5 ++--- | ||
38 | src/rsn_supp/wpa_i.h | 1 - | ||
39 | 3 files changed, 3 insertions(+), 4 deletions(-) | ||
40 | |||
41 | diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h | ||
42 | index d200285..1021ccb 100644 | ||
43 | --- a/src/common/wpa_common.h | ||
44 | +++ b/src/common/wpa_common.h | ||
45 | @@ -215,6 +215,7 @@ struct wpa_ptk { | ||
46 | size_t kck_len; | ||
47 | size_t kek_len; | ||
48 | size_t tk_len; | ||
49 | + int installed; /* 1 if key has already been installed to driver */ | ||
50 | }; | ||
51 | |||
52 | struct wpa_gtk { | ||
53 | diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c | ||
54 | index 7a2c68d..0550a41 100644 | ||
55 | --- a/src/rsn_supp/wpa.c | ||
56 | +++ b/src/rsn_supp/wpa.c | ||
57 | @@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, | ||
58 | os_memset(buf, 0, sizeof(buf)); | ||
59 | } | ||
60 | sm->tptk_set = 1; | ||
61 | - sm->tk_to_set = 1; | ||
62 | |||
63 | kde = sm->assoc_wpa_ie; | ||
64 | kde_len = sm->assoc_wpa_ie_len; | ||
65 | @@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, | ||
66 | enum wpa_alg alg; | ||
67 | const u8 *key_rsc; | ||
68 | |||
69 | - if (!sm->tk_to_set) { | ||
70 | + if (sm->ptk.installed) { | ||
71 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
72 | "WPA: Do not re-install same PTK to the driver"); | ||
73 | return 0; | ||
74 | @@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, | ||
75 | |||
76 | /* TK is not needed anymore in supplicant */ | ||
77 | os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); | ||
78 | - sm->tk_to_set = 0; | ||
79 | + sm->ptk.installed = 1; | ||
80 | |||
81 | if (sm->wpa_ptk_rekey) { | ||
82 | eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL); | ||
83 | diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h | ||
84 | index 9a54631..41f371f 100644 | ||
85 | --- a/src/rsn_supp/wpa_i.h | ||
86 | +++ b/src/rsn_supp/wpa_i.h | ||
87 | @@ -24,7 +24,6 @@ struct wpa_sm { | ||
88 | struct wpa_ptk ptk, tptk; | ||
89 | int ptk_set, tptk_set; | ||
90 | unsigned int msg_3_of_4_ok:1; | ||
91 | - unsigned int tk_to_set:1; | ||
92 | u8 snonce[WPA_NONCE_LEN]; | ||
93 | u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */ | ||
94 | int renew_snonce; | ||
95 | -- | ||
96 | 2.7.4 \ No newline at end of file | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch deleted file mode 100644 index b262dcac55..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple5.patch +++ /dev/null | |||
@@ -1,81 +0,0 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001 | ||
20 | From: Jouni Malinen <j@w1.fi> | ||
21 | Date: Sun, 1 Oct 2017 12:32:57 +0300 | ||
22 | Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce | ||
23 | |||
24 | The Authenticator state machine path for PTK rekeying ended up bypassing | ||
25 | the AUTHENTICATION2 state where a new ANonce is generated when going | ||
26 | directly to the PTKSTART state since there is no need to try to | ||
27 | determine the PMK again in such a case. This is far from ideal since the | ||
28 | new PTK would depend on a new nonce only from the supplicant. | ||
29 | |||
30 | Fix this by generating a new ANonce when moving to the PTKSTART state | ||
31 | for the purpose of starting new 4-way handshake to rekey PTK. | ||
32 | |||
33 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
34 | --- | ||
35 | src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- | ||
36 | 1 file changed, 21 insertions(+), 3 deletions(-) | ||
37 | |||
38 | diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c | ||
39 | index 707971d..bf10cc1 100644 | ||
40 | --- a/src/ap/wpa_auth.c | ||
41 | +++ b/src/ap/wpa_auth.c | ||
42 | @@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) | ||
43 | } | ||
44 | |||
45 | |||
46 | +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) | ||
47 | +{ | ||
48 | + if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { | ||
49 | + wpa_printf(MSG_ERROR, | ||
50 | + "WPA: Failed to get random data for ANonce"); | ||
51 | + sm->Disconnect = TRUE; | ||
52 | + return -1; | ||
53 | + } | ||
54 | + wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, | ||
55 | + WPA_NONCE_LEN); | ||
56 | + sm->TimeoutCtr = 0; | ||
57 | + return 0; | ||
58 | +} | ||
59 | + | ||
60 | + | ||
61 | SM_STATE(WPA_PTK, INITPMK) | ||
62 | { | ||
63 | u8 msk[2 * PMK_LEN]; | ||
64 | @@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK) | ||
65 | SM_ENTER(WPA_PTK, AUTHENTICATION); | ||
66 | else if (sm->ReAuthenticationRequest) | ||
67 | SM_ENTER(WPA_PTK, AUTHENTICATION2); | ||
68 | - else if (sm->PTKRequest) | ||
69 | - SM_ENTER(WPA_PTK, PTKSTART); | ||
70 | - else switch (sm->wpa_ptk_state) { | ||
71 | + else if (sm->PTKRequest) { | ||
72 | + if (wpa_auth_sm_ptk_update(sm) < 0) | ||
73 | + SM_ENTER(WPA_PTK, DISCONNECTED); | ||
74 | + else | ||
75 | + SM_ENTER(WPA_PTK, PTKSTART); | ||
76 | + } else switch (sm->wpa_ptk_state) { | ||
77 | case WPA_PTK_INITIALIZE: | ||
78 | break; | ||
79 | case WPA_PTK_DISCONNECT: | ||
80 | -- | ||
81 | 2.7.4 \ No newline at end of file | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch deleted file mode 100644 index 15183f40c1..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple6.patch +++ /dev/null | |||
@@ -1,149 +0,0 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001 | ||
20 | From: Jouni Malinen <j@w1.fi> | ||
21 | Date: Fri, 22 Sep 2017 11:03:15 +0300 | ||
22 | Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration | ||
23 | |||
24 | Do not try to reconfigure the same TPK-TK to the driver after it has | ||
25 | been successfully configured. This is an explicit check to avoid issues | ||
26 | related to resetting the TX/RX packet number. There was already a check | ||
27 | for this for TPK M2 (retries of that message are ignored completely), so | ||
28 | that behavior does not get modified. | ||
29 | |||
30 | For TPK M3, the TPK-TK could have been reconfigured, but that was | ||
31 | followed by immediate teardown of the link due to an issue in updating | ||
32 | the STA entry. Furthermore, for TDLS with any real security (i.e., | ||
33 | ignoring open/WEP), the TPK message exchange is protected on the AP path | ||
34 | and simple replay attacks are not feasible. | ||
35 | |||
36 | As an additional corner case, make sure the local nonce gets updated if | ||
37 | the peer uses a very unlikely "random nonce" of all zeros. | ||
38 | |||
39 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
40 | --- | ||
41 | src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++-- | ||
42 | 1 file changed, 36 insertions(+), 2 deletions(-) | ||
43 | |||
44 | diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c | ||
45 | index e424168..9eb9738 100644 | ||
46 | --- a/src/rsn_supp/tdls.c | ||
47 | +++ b/src/rsn_supp/tdls.c | ||
48 | @@ -112,6 +112,7 @@ struct wpa_tdls_peer { | ||
49 | u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */ | ||
50 | } tpk; | ||
51 | int tpk_set; | ||
52 | + int tk_set; /* TPK-TK configured to the driver */ | ||
53 | int tpk_success; | ||
54 | int tpk_in_progress; | ||
55 | |||
56 | @@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) | ||
57 | u8 rsc[6]; | ||
58 | enum wpa_alg alg; | ||
59 | |||
60 | + if (peer->tk_set) { | ||
61 | + /* | ||
62 | + * This same TPK-TK has already been configured to the driver | ||
63 | + * and this new configuration attempt (likely due to an | ||
64 | + * unexpected retransmitted frame) would result in clearing | ||
65 | + * the TX/RX sequence number which can break security, so must | ||
66 | + * not allow that to happen. | ||
67 | + */ | ||
68 | + wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR | ||
69 | + " has already been configured to the driver - do not reconfigure", | ||
70 | + MAC2STR(peer->addr)); | ||
71 | + return -1; | ||
72 | + } | ||
73 | + | ||
74 | os_memset(rsc, 0, 6); | ||
75 | |||
76 | switch (peer->cipher) { | ||
77 | @@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer) | ||
78 | return -1; | ||
79 | } | ||
80 | |||
81 | + wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR, | ||
82 | + MAC2STR(peer->addr)); | ||
83 | if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1, | ||
84 | rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) { | ||
85 | wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the " | ||
86 | "driver"); | ||
87 | return -1; | ||
88 | } | ||
89 | + peer->tk_set = 1; | ||
90 | return 0; | ||
91 | } | ||
92 | |||
93 | @@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer) | ||
94 | peer->cipher = 0; | ||
95 | peer->qos_info = 0; | ||
96 | peer->wmm_capable = 0; | ||
97 | - peer->tpk_set = peer->tpk_success = 0; | ||
98 | + peer->tk_set = peer->tpk_set = peer->tpk_success = 0; | ||
99 | peer->chan_switch_enabled = 0; | ||
100 | os_memset(&peer->tpk, 0, sizeof(peer->tpk)); | ||
101 | os_memset(peer->inonce, 0, WPA_NONCE_LEN); | ||
102 | @@ -1159,6 +1177,7 @@ skip_rsnie: | ||
103 | wpa_tdls_peer_free(sm, peer); | ||
104 | return -1; | ||
105 | } | ||
106 | + peer->tk_set = 0; /* A new nonce results in a new TK */ | ||
107 | wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake", | ||
108 | peer->inonce, WPA_NONCE_LEN); | ||
109 | os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN); | ||
110 | @@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer, | ||
111 | } | ||
112 | |||
113 | |||
114 | +static int tdls_nonce_set(const u8 *nonce) | ||
115 | +{ | ||
116 | + int i; | ||
117 | + | ||
118 | + for (i = 0; i < WPA_NONCE_LEN; i++) { | ||
119 | + if (nonce[i]) | ||
120 | + return 1; | ||
121 | + } | ||
122 | + | ||
123 | + return 0; | ||
124 | +} | ||
125 | + | ||
126 | + | ||
127 | static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr, | ||
128 | const u8 *buf, size_t len) | ||
129 | { | ||
130 | @@ -2004,7 +2036,8 @@ skip_rsn: | ||
131 | peer->rsnie_i_len = kde.rsn_ie_len; | ||
132 | peer->cipher = cipher; | ||
133 | |||
134 | - if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) { | ||
135 | + if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 || | ||
136 | + !tdls_nonce_set(peer->inonce)) { | ||
137 | /* | ||
138 | * There is no point in updating the RNonce for every obtained | ||
139 | * TPK M1 frame (e.g., retransmission due to timeout) with the | ||
140 | @@ -2020,6 +2053,7 @@ skip_rsn: | ||
141 | "TDLS: Failed to get random data for responder nonce"); | ||
142 | goto error; | ||
143 | } | ||
144 | + peer->tk_set = 0; /* A new nonce results in a new TK */ | ||
145 | } | ||
146 | |||
147 | #if 0 | ||
148 | -- | ||
149 | 2.7.4 \ No newline at end of file | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch deleted file mode 100644 index 2e12bc7555..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple7.patch +++ /dev/null | |||
@@ -1,60 +0,0 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001 | ||
20 | From: Jouni Malinen <j@w1.fi> | ||
21 | Date: Fri, 22 Sep 2017 11:25:02 +0300 | ||
22 | Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending | ||
23 | request | ||
24 | |||
25 | Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep | ||
26 | Mode Response if WNM-Sleep Mode has not been used') started ignoring the | ||
27 | response when no WNM-Sleep Mode Request had been used during the | ||
28 | association. This can be made tighter by clearing the used flag when | ||
29 | successfully processing a response. This adds an additional layer of | ||
30 | protection against unexpected retransmissions of the response frame. | ||
31 | |||
32 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
33 | --- | ||
34 | wpa_supplicant/wnm_sta.c | 4 +++- | ||
35 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
36 | |||
37 | diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c | ||
38 | index 1b3409c..67a07ff 100644 | ||
39 | --- a/wpa_supplicant/wnm_sta.c | ||
40 | +++ b/wpa_supplicant/wnm_sta.c | ||
41 | @@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, | ||
42 | |||
43 | if (!wpa_s->wnmsleep_used) { | ||
44 | wpa_printf(MSG_DEBUG, | ||
45 | - "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association"); | ||
46 | + "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested"); | ||
47 | return; | ||
48 | } | ||
49 | |||
50 | @@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, | ||
51 | return; | ||
52 | } | ||
53 | |||
54 | + wpa_s->wnmsleep_used = 0; | ||
55 | + | ||
56 | if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || | ||
57 | wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) { | ||
58 | wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response " | ||
59 | -- | ||
60 | 2.7.4 \ No newline at end of file | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch deleted file mode 100644 index 7f5390c312..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple8.patch +++ /dev/null | |||
@@ -1,99 +0,0 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001 | ||
20 | From: Jouni Malinen <j@w1.fi> | ||
21 | Date: Fri, 22 Sep 2017 12:06:37 +0300 | ||
22 | Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames | ||
23 | |||
24 | The driver is expected to not report a second association event without | ||
25 | the station having explicitly request a new association. As such, this | ||
26 | case should not be reachable. However, since reconfiguring the same | ||
27 | pairwise or group keys to the driver could result in nonce reuse issues, | ||
28 | be extra careful here and do an additional state check to avoid this | ||
29 | even if the local driver ends up somehow accepting an unexpected | ||
30 | Reassociation Response frame. | ||
31 | |||
32 | Signed-off-by: Jouni Malinen <j@w1.fi> | ||
33 | --- | ||
34 | src/rsn_supp/wpa.c | 3 +++ | ||
35 | src/rsn_supp/wpa_ft.c | 8 ++++++++ | ||
36 | src/rsn_supp/wpa_i.h | 1 + | ||
37 | 3 files changed, 12 insertions(+) | ||
38 | |||
39 | diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c | ||
40 | index 0550a41..2a53c6f 100644 | ||
41 | --- a/src/rsn_supp/wpa.c | ||
42 | +++ b/src/rsn_supp/wpa.c | ||
43 | @@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm) | ||
44 | #ifdef CONFIG_TDLS | ||
45 | wpa_tdls_disassoc(sm); | ||
46 | #endif /* CONFIG_TDLS */ | ||
47 | +#ifdef CONFIG_IEEE80211R | ||
48 | + sm->ft_reassoc_completed = 0; | ||
49 | +#endif /* CONFIG_IEEE80211R */ | ||
50 | |||
51 | /* Keys are not needed in the WPA state machine anymore */ | ||
52 | wpa_sm_drop_sa(sm); | ||
53 | diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c | ||
54 | index 205793e..d45bb45 100644 | ||
55 | --- a/src/rsn_supp/wpa_ft.c | ||
56 | +++ b/src/rsn_supp/wpa_ft.c | ||
57 | @@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, | ||
58 | u16 capab; | ||
59 | |||
60 | sm->ft_completed = 0; | ||
61 | + sm->ft_reassoc_completed = 0; | ||
62 | |||
63 | buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + | ||
64 | 2 + sm->r0kh_id_len + ric_ies_len + 100; | ||
65 | @@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, | ||
66 | return -1; | ||
67 | } | ||
68 | |||
69 | + if (sm->ft_reassoc_completed) { | ||
70 | + wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission"); | ||
71 | + return 0; | ||
72 | + } | ||
73 | + | ||
74 | if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) { | ||
75 | wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs"); | ||
76 | return -1; | ||
77 | @@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, | ||
78 | return -1; | ||
79 | } | ||
80 | |||
81 | + sm->ft_reassoc_completed = 1; | ||
82 | + | ||
83 | if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) | ||
84 | return -1; | ||
85 | |||
86 | diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h | ||
87 | index 41f371f..56f88dc 100644 | ||
88 | --- a/src/rsn_supp/wpa_i.h | ||
89 | +++ b/src/rsn_supp/wpa_i.h | ||
90 | @@ -128,6 +128,7 @@ struct wpa_sm { | ||
91 | size_t r0kh_id_len; | ||
92 | u8 r1kh_id[FT_R1KH_ID_LEN]; | ||
93 | int ft_completed; | ||
94 | + int ft_reassoc_completed; | ||
95 | int over_the_ds_in_progress; | ||
96 | u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */ | ||
97 | int set_ptk_after_assoc; | ||
98 | -- | ||
99 | 2.7.4 \ No newline at end of file | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch deleted file mode 100644 index e800a410ea..0000000000 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/wpa_supplicant-CVE-2018-14526.patch +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | wpa_supplicant-2.6: Fix CVE-2018-14526 | ||
2 | |||
3 | [No upstream tracking] -- https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt | ||
4 | |||
5 | wpa: Ignore unauthenticated encrypted EAPOL-Key data | ||
6 | |||
7 | Ignore unauthenticated encrypted EAPOL-Key data in supplicant | ||
8 | processing. When using WPA2, these are frames that have the Encrypted | ||
9 | flag set, but not the MIC flag. | ||
10 | |||
11 | When using WPA2, EAPOL-Key frames that had the Encrypted flag set but | ||
12 | not the MIC flag, had their data field decrypted without first verifying | ||
13 | the MIC. In case the data field was encrypted using RC4 (i.e., when | ||
14 | negotiating TKIP as the pairwise cipher), this meant that | ||
15 | unauthenticated but decrypted data would then be processed. An adversary | ||
16 | could abuse this as a decryption oracle to recover sensitive information | ||
17 | in the data field of EAPOL-Key messages (e.g., the group key). | ||
18 | |||
19 | Upstream-Status: Backport [https://w1.fi/cgit/hostap/commit/src/rsn_supp/wpa.c?id=3e34cfdff6b192fe337c6fb3f487f73e96582961] | ||
20 | CVE: CVE-2018-14526 | ||
21 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
22 | |||
23 | diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c | ||
24 | index 3c47879..6bdf923 100644 | ||
25 | --- a/src/rsn_supp/wpa.c | ||
26 | +++ b/src/rsn_supp/wpa.c | ||
27 | @@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, | ||
28 | |||
29 | if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) && | ||
30 | (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { | ||
31 | + /* | ||
32 | + * Only decrypt the Key Data field if the frame's authenticity | ||
33 | + * was verified. When using AES-SIV (FILS), the MIC flag is not | ||
34 | + * set, so this check should only be performed if mic_len != 0 | ||
35 | + * which is the case in this code branch. | ||
36 | + */ | ||
37 | + if (!(key_info & WPA_KEY_INFO_MIC)) { | ||
38 | + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
39 | + "WPA: Ignore EAPOL-Key with encrypted but unauthenticated data"); | ||
40 | + goto out; | ||
41 | + } | ||
42 | if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data, | ||
43 | &key_data_len)) | ||
44 | goto out; | ||
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb index c92ed4ab93..6fc5cf5db7 100644 --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.6.bb +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.7.bb | |||
@@ -3,9 +3,9 @@ HOMEPAGE = "http://w1.fi/wpa_supplicant/" | |||
3 | BUGTRACKER = "http://w1.fi/security/" | 3 | BUGTRACKER = "http://w1.fi/security/" |
4 | SECTION = "network" | 4 | SECTION = "network" |
5 | LICENSE = "BSD" | 5 | LICENSE = "BSD" |
6 | LIC_FILES_CHKSUM = "file://COPYING;md5=292eece3f2ebbaa25608eed8464018a3 \ | 6 | LIC_FILES_CHKSUM = "file://COPYING;md5=a3791c270ad6bb026707d17bf750e5ef \ |
7 | file://README;beginline=1;endline=56;md5=3f01d778be8f953962388307ee38ed2b \ | 7 | file://README;beginline=1;endline=56;md5=495cbce6008253de4b4d8f4cdfae9f4f \ |
8 | file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=4061612fc5715696134e3baf933e8aba" | 8 | file://wpa_supplicant/wpa_supplicant.c;beginline=1;endline=12;md5=a5687903a31b8679e6a06b3afa5c819e" |
9 | DEPENDS = "dbus libnl" | 9 | DEPENDS = "dbus libnl" |
10 | RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" | 10 | RRECOMMENDS_${PN} = "wpa-supplicant-passphrase wpa-supplicant-cli" |
11 | 11 | ||
@@ -24,19 +24,10 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \ | |||
24 | file://wpa_supplicant.conf \ | 24 | file://wpa_supplicant.conf \ |
25 | file://wpa_supplicant.conf-sane \ | 25 | file://wpa_supplicant.conf-sane \ |
26 | file://99_wpa_supplicant \ | 26 | file://99_wpa_supplicant \ |
27 | file://key-replay-cve-multiple1.patch \ | ||
28 | file://key-replay-cve-multiple2.patch \ | ||
29 | file://key-replay-cve-multiple3.patch \ | ||
30 | file://key-replay-cve-multiple4.patch \ | ||
31 | file://key-replay-cve-multiple5.patch \ | ||
32 | file://key-replay-cve-multiple6.patch \ | ||
33 | file://key-replay-cve-multiple7.patch \ | ||
34 | file://key-replay-cve-multiple8.patch \ | ||
35 | file://wpa_supplicant-CVE-2018-14526.patch \ | ||
36 | file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ | 27 | file://0001-replace-systemd-install-Alias-with-WantedBy.patch \ |
37 | " | 28 | " |
38 | SRC_URI[md5sum] = "091569eb4440b7d7f2b4276dbfc03c3c" | 29 | SRC_URI[md5sum] = "a68538fb62766f40f890125026c42c10" |
39 | SRC_URI[sha256sum] = "b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450" | 30 | SRC_URI[sha256sum] = "76ea6b06b7a2ea8e6d9eb1a9166166f1656e6d48c7508914f592100c95c73074" |
40 | 31 | ||
41 | CVE_PRODUCT = "wpa_supplicant" | 32 | CVE_PRODUCT = "wpa_supplicant" |
42 | 33 | ||