]>
Commit | Line | Data |
---|---|---|
d7d57745 MT |
1 | From f1800cce24e8f81e909a68fe8ef1f13abfdec9e3 Mon Sep 17 00:00:00 2001 |
2 | From: Jouni Malinen <j@w1.fi> | |
3 | Date: Sun, 1 Oct 2017 12:32:57 +0300 | |
4 | Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce | |
5 | ||
6 | The Authenticator state machine path for PTK rekeying ended up bypassing | |
7 | the AUTHENTICATION2 state where a new ANonce is generated when going | |
8 | directly to the PTKSTART state since there is no need to try to | |
9 | determine the PMK again in such a case. This is far from ideal since the | |
10 | new PTK would depend on a new nonce only from the supplicant. | |
11 | ||
12 | Fix this by generating a new ANonce when moving to the PTKSTART state | |
13 | for the purpose of starting new 4-way handshake to rekey PTK. | |
14 | ||
15 | Signed-off-by: Jouni Malinen <j@w1.fi> | |
16 | --- | |
17 | src/ap/wpa_auth.c | 24 +++++++++++++++++++++--- | |
18 | 1 file changed, 21 insertions(+), 3 deletions(-) | |
19 | ||
20 | diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c | |
21 | index 42ef0bf..3b2f97c 100644 | |
22 | --- a/src/ap/wpa_auth.c | |
23 | +++ b/src/ap/wpa_auth.c | |
24 | @@ -1953,6 +1953,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2) | |
25 | } | |
26 | ||
27 | ||
28 | +static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm) | |
29 | +{ | |
30 | + if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { | |
31 | + wpa_printf(MSG_ERROR, | |
32 | + "WPA: Failed to get random data for ANonce"); | |
33 | + sm->Disconnect = TRUE; | |
34 | + return -1; | |
35 | + } | |
36 | + wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce, | |
37 | + WPA_NONCE_LEN); | |
38 | + sm->TimeoutCtr = 0; | |
39 | + return 0; | |
40 | +} | |
41 | + | |
42 | + | |
43 | SM_STATE(WPA_PTK, INITPMK) | |
44 | { | |
45 | u8 msk[2 * PMK_LEN]; | |
46 | @@ -3129,9 +3144,12 @@ SM_STEP(WPA_PTK) | |
47 | SM_ENTER(WPA_PTK, AUTHENTICATION); | |
48 | else if (sm->ReAuthenticationRequest) | |
49 | SM_ENTER(WPA_PTK, AUTHENTICATION2); | |
50 | - else if (sm->PTKRequest) | |
51 | - SM_ENTER(WPA_PTK, PTKSTART); | |
52 | - else switch (sm->wpa_ptk_state) { | |
53 | + else if (sm->PTKRequest) { | |
54 | + if (wpa_auth_sm_ptk_update(sm) < 0) | |
55 | + SM_ENTER(WPA_PTK, DISCONNECTED); | |
56 | + else | |
57 | + SM_ENTER(WPA_PTK, PTKSTART); | |
58 | + } else switch (sm->wpa_ptk_state) { | |
59 | case WPA_PTK_INITIALIZE: | |
60 | break; | |
61 | case WPA_PTK_DISCONNECT: | |
62 | -- | |
63 | 2.7.4 | |
64 |