diff options
Diffstat (limited to 'meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch')
-rw-r--r-- | meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch | 267 |
1 files changed, 267 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch new file mode 100644 index 0000000000..501bb4b56b --- /dev/null +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/key-replay-cve-multiple2.patch | |||
@@ -0,0 +1,267 @@ | |||
1 | The WPA2 four-way handshake protocol is vulnerable to replay attacks which can | ||
2 | result in unauthenticated clients gaining access to the network. | ||
3 | |||
4 | Backport a number of patches from upstream to fix this. | ||
5 | |||
6 | CVE: CVE-2017-13077 | ||
7 | CVE: CVE-2017-13078 | ||
8 | CVE: CVE-2017-13079 | ||
9 | CVE: CVE-2017-13080 | ||
10 | CVE: CVE-2017-13081 | ||
11 | CVE: CVE-2017-13082 | ||
12 | CVE: CVE-2017-13086 | ||
13 | CVE: CVE-2017-13087 | ||
14 | CVE: CVE-2017-13088 | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
18 | |||
19 | From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001 | ||
20 | From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | ||
21 | Date: Wed, 12 Jul 2017 16:03:24 +0200 | ||
22 | Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key | ||
23 | |||
24 | Track the current GTK and IGTK that is in use and when receiving a | ||
25 | (possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do | ||
26 | not install the given key if it is already in use. This prevents an | ||
27 | attacker from trying to trick the client into resetting or lowering the | ||
28 | sequence counter associated to the group key. | ||
29 | |||
30 | Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be> | ||
31 | --- | ||
32 | src/common/wpa_common.h | 11 +++++ | ||
33 | src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------ | ||
34 | src/rsn_supp/wpa_i.h | 4 ++ | ||
35 | 3 files changed, 87 insertions(+), 44 deletions(-) | ||
36 | |||
37 | diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h | ||
38 | index af1d0f0..d200285 100644 | ||
39 | --- a/src/common/wpa_common.h | ||
40 | +++ b/src/common/wpa_common.h | ||
41 | @@ -217,6 +217,17 @@ struct wpa_ptk { | ||
42 | size_t tk_len; | ||
43 | }; | ||
44 | |||
45 | +struct wpa_gtk { | ||
46 | + u8 gtk[WPA_GTK_MAX_LEN]; | ||
47 | + size_t gtk_len; | ||
48 | +}; | ||
49 | + | ||
50 | +#ifdef CONFIG_IEEE80211W | ||
51 | +struct wpa_igtk { | ||
52 | + u8 igtk[WPA_IGTK_MAX_LEN]; | ||
53 | + size_t igtk_len; | ||
54 | +}; | ||
55 | +#endif /* CONFIG_IEEE80211W */ | ||
56 | |||
57 | /* WPA IE version 1 | ||
58 | * 00-50-f2:1 (OUI:OUI type) | ||
59 | diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c | ||
60 | index 3c47879..95bd7be 100644 | ||
61 | --- a/src/rsn_supp/wpa.c | ||
62 | +++ b/src/rsn_supp/wpa.c | ||
63 | @@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, | ||
64 | const u8 *_gtk = gd->gtk; | ||
65 | u8 gtk_buf[32]; | ||
66 | |||
67 | + /* Detect possible key reinstallation */ | ||
68 | + if (sm->gtk.gtk_len == (size_t) gd->gtk_len && | ||
69 | + os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) { | ||
70 | + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
71 | + "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", | ||
72 | + gd->keyidx, gd->tx, gd->gtk_len); | ||
73 | + return 0; | ||
74 | + } | ||
75 | + | ||
76 | wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len); | ||
77 | wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
78 | "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", | ||
79 | @@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, | ||
80 | } | ||
81 | os_memset(gtk_buf, 0, sizeof(gtk_buf)); | ||
82 | |||
83 | + sm->gtk.gtk_len = gd->gtk_len; | ||
84 | + os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len); | ||
85 | + | ||
86 | return 0; | ||
87 | } | ||
88 | |||
89 | @@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, | ||
90 | } | ||
91 | |||
92 | |||
93 | +#ifdef CONFIG_IEEE80211W | ||
94 | +static int wpa_supplicant_install_igtk(struct wpa_sm *sm, | ||
95 | + const struct wpa_igtk_kde *igtk) | ||
96 | +{ | ||
97 | + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); | ||
98 | + u16 keyidx = WPA_GET_LE16(igtk->keyid); | ||
99 | + | ||
100 | + /* Detect possible key reinstallation */ | ||
101 | + if (sm->igtk.igtk_len == len && | ||
102 | + os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) { | ||
103 | + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
104 | + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", | ||
105 | + keyidx); | ||
106 | + return 0; | ||
107 | + } | ||
108 | + | ||
109 | + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, | ||
110 | + "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x", | ||
111 | + keyidx, MAC2STR(igtk->pn)); | ||
112 | + wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); | ||
113 | + if (keyidx > 4095) { | ||
114 | + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
115 | + "WPA: Invalid IGTK KeyID %d", keyidx); | ||
116 | + return -1; | ||
117 | + } | ||
118 | + if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | ||
119 | + broadcast_ether_addr, | ||
120 | + keyidx, 0, igtk->pn, sizeof(igtk->pn), | ||
121 | + igtk->igtk, len) < 0) { | ||
122 | + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
123 | + "WPA: Failed to configure IGTK to the driver"); | ||
124 | + return -1; | ||
125 | + } | ||
126 | + | ||
127 | + sm->igtk.igtk_len = len; | ||
128 | + os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len); | ||
129 | + | ||
130 | + return 0; | ||
131 | +} | ||
132 | +#endif /* CONFIG_IEEE80211W */ | ||
133 | + | ||
134 | + | ||
135 | static int ieee80211w_set_keys(struct wpa_sm *sm, | ||
136 | struct wpa_eapol_ie_parse *ie) | ||
137 | { | ||
138 | @@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm, | ||
139 | if (ie->igtk) { | ||
140 | size_t len; | ||
141 | const struct wpa_igtk_kde *igtk; | ||
142 | - u16 keyidx; | ||
143 | + | ||
144 | len = wpa_cipher_key_len(sm->mgmt_group_cipher); | ||
145 | if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len) | ||
146 | return -1; | ||
147 | + | ||
148 | igtk = (const struct wpa_igtk_kde *) ie->igtk; | ||
149 | - keyidx = WPA_GET_LE16(igtk->keyid); | ||
150 | - wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d " | ||
151 | - "pn %02x%02x%02x%02x%02x%02x", | ||
152 | - keyidx, MAC2STR(igtk->pn)); | ||
153 | - wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", | ||
154 | - igtk->igtk, len); | ||
155 | - if (keyidx > 4095) { | ||
156 | - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
157 | - "WPA: Invalid IGTK KeyID %d", keyidx); | ||
158 | - return -1; | ||
159 | - } | ||
160 | - if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | ||
161 | - broadcast_ether_addr, | ||
162 | - keyidx, 0, igtk->pn, sizeof(igtk->pn), | ||
163 | - igtk->igtk, len) < 0) { | ||
164 | - wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, | ||
165 | - "WPA: Failed to configure IGTK to the driver"); | ||
166 | + if (wpa_supplicant_install_igtk(sm, igtk) < 0) | ||
167 | return -1; | ||
168 | - } | ||
169 | } | ||
170 | |||
171 | return 0; | ||
172 | @@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) | ||
173 | */ | ||
174 | void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | ||
175 | { | ||
176 | - int clear_ptk = 1; | ||
177 | + int clear_keys = 1; | ||
178 | |||
179 | if (sm == NULL) | ||
180 | return; | ||
181 | @@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | ||
182 | /* Prepare for the next transition */ | ||
183 | wpa_ft_prepare_auth_request(sm, NULL); | ||
184 | |||
185 | - clear_ptk = 0; | ||
186 | + clear_keys = 0; | ||
187 | } | ||
188 | #endif /* CONFIG_IEEE80211R */ | ||
189 | |||
190 | - if (clear_ptk) { | ||
191 | + if (clear_keys) { | ||
192 | /* | ||
193 | * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if | ||
194 | * this is not part of a Fast BSS Transition. | ||
195 | @@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) | ||
196 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | ||
197 | sm->tptk_set = 0; | ||
198 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | ||
199 | + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); | ||
200 | +#ifdef CONFIG_IEEE80211W | ||
201 | + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); | ||
202 | +#endif /* CONFIG_IEEE80211W */ | ||
203 | } | ||
204 | |||
205 | #ifdef CONFIG_TDLS | ||
206 | @@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) | ||
207 | os_memset(sm->pmk, 0, sizeof(sm->pmk)); | ||
208 | os_memset(&sm->ptk, 0, sizeof(sm->ptk)); | ||
209 | os_memset(&sm->tptk, 0, sizeof(sm->tptk)); | ||
210 | + os_memset(&sm->gtk, 0, sizeof(sm->gtk)); | ||
211 | +#ifdef CONFIG_IEEE80211W | ||
212 | + os_memset(&sm->igtk, 0, sizeof(sm->igtk)); | ||
213 | +#endif /* CONFIG_IEEE80211W */ | ||
214 | #ifdef CONFIG_IEEE80211R | ||
215 | os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); | ||
216 | os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0)); | ||
217 | @@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf) | ||
218 | os_memset(&gd, 0, sizeof(gd)); | ||
219 | #ifdef CONFIG_IEEE80211W | ||
220 | } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) { | ||
221 | - struct wpa_igtk_kde igd; | ||
222 | - u16 keyidx; | ||
223 | - | ||
224 | - os_memset(&igd, 0, sizeof(igd)); | ||
225 | - keylen = wpa_cipher_key_len(sm->mgmt_group_cipher); | ||
226 | - os_memcpy(igd.keyid, buf + 2, 2); | ||
227 | - os_memcpy(igd.pn, buf + 4, 6); | ||
228 | - | ||
229 | - keyidx = WPA_GET_LE16(igd.keyid); | ||
230 | - os_memcpy(igd.igtk, buf + 10, keylen); | ||
231 | - | ||
232 | - wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)", | ||
233 | - igd.igtk, keylen); | ||
234 | - if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher), | ||
235 | - broadcast_ether_addr, | ||
236 | - keyidx, 0, igd.pn, sizeof(igd.pn), | ||
237 | - igd.igtk, keylen) < 0) { | ||
238 | - wpa_printf(MSG_DEBUG, "Failed to install the IGTK in " | ||
239 | - "WNM mode"); | ||
240 | - os_memset(&igd, 0, sizeof(igd)); | ||
241 | + const struct wpa_igtk_kde *igtk; | ||
242 | + | ||
243 | + igtk = (const struct wpa_igtk_kde *) (buf + 2); | ||
244 | + if (wpa_supplicant_install_igtk(sm, igtk) < 0) | ||
245 | return -1; | ||
246 | - } | ||
247 | - os_memset(&igd, 0, sizeof(igd)); | ||
248 | #endif /* CONFIG_IEEE80211W */ | ||
249 | } else { | ||
250 | wpa_printf(MSG_DEBUG, "Unknown element id"); | ||
251 | diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h | ||
252 | index f653ba6..afc9e37 100644 | ||
253 | --- a/src/rsn_supp/wpa_i.h | ||
254 | +++ b/src/rsn_supp/wpa_i.h | ||
255 | @@ -31,6 +31,10 @@ struct wpa_sm { | ||
256 | u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN]; | ||
257 | int rx_replay_counter_set; | ||
258 | u8 request_counter[WPA_REPLAY_COUNTER_LEN]; | ||
259 | + struct wpa_gtk gtk; | ||
260 | +#ifdef CONFIG_IEEE80211W | ||
261 | + struct wpa_igtk igtk; | ||
262 | +#endif /* CONFIG_IEEE80211W */ | ||
263 | |||
264 | struct eapol_sm *eapol; /* EAPOL state machine from upper level code */ | ||
265 | |||
266 | -- | ||
267 | 2.7.4 \ No newline at end of file | ||