1
0

017-Additional-consistentcy-checks-for-PTK-component-len.patch 3.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. From a6ea665300919d6a3af22b1f4237203647fda93a Mon Sep 17 00:00:00 2001
  2. From: Jouni Malinen <j@w1.fi>
  3. Date: Tue, 17 Oct 2017 00:01:11 +0300
  4. Subject: [PATCH] Additional consistentcy checks for PTK component lengths
  5. Verify that TK, KCK, and KEK lengths are set to consistent values within
  6. struct wpa_ptk before using them in supplicant. This is an additional
  7. layer of protection against unexpected states.
  8. Signed-off-by: Jouni Malinen <j@w1.fi>
  9. ---
  10. src/common/wpa_common.c | 6 ++++++
  11. src/rsn_supp/wpa.c | 26 ++++++++++++++++++++------
  12. 2 files changed, 26 insertions(+), 6 deletions(-)
  13. --- a/src/common/wpa_common.c
  14. +++ b/src/common/wpa_common.c
  15. @@ -93,6 +93,12 @@ int wpa_eapol_key_mic(const u8 *key, siz
  16. {
  17. u8 hash[SHA384_MAC_LEN];
  18. + if (key_len == 0) {
  19. + wpa_printf(MSG_DEBUG,
  20. + "WPA: KCK not set - cannot calculate MIC");
  21. + return -1;
  22. + }
  23. +
  24. switch (ver) {
  25. #ifndef CONFIG_FIPS
  26. case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
  27. --- a/src/rsn_supp/wpa.c
  28. +++ b/src/rsn_supp/wpa.c
  29. @@ -710,6 +710,11 @@ static int wpa_supplicant_install_ptk(st
  30. alg = wpa_cipher_to_alg(sm->pairwise_cipher);
  31. keylen = wpa_cipher_key_len(sm->pairwise_cipher);
  32. + if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
  33. + wpa_printf(MSG_DEBUG, "WPA: TK length mismatch: %d != %lu",
  34. + keylen, (long unsigned int) sm->ptk.tk_len);
  35. + return -1;
  36. + }
  37. rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
  38. if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
  39. @@ -730,6 +735,7 @@ static int wpa_supplicant_install_ptk(st
  40. /* TK is not needed anymore in supplicant */
  41. os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
  42. + sm->ptk.tk_len = 0;
  43. sm->ptk.installed = 1;
  44. if (sm->wpa_ptk_rekey) {
  45. @@ -1699,9 +1705,10 @@ static int wpa_supplicant_verify_eapol_k
  46. os_memcpy(mic, key + 1, mic_len);
  47. if (sm->tptk_set) {
  48. os_memset(key + 1, 0, mic_len);
  49. - wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len, sm->key_mgmt,
  50. - ver, buf, len, (u8 *) (key + 1));
  51. - if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
  52. + if (wpa_eapol_key_mic(sm->tptk.kck, sm->tptk.kck_len,
  53. + sm->key_mgmt,
  54. + ver, buf, len, (u8 *) (key + 1)) < 0 ||
  55. + os_memcmp_const(mic, key + 1, mic_len) != 0) {
  56. wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  57. "WPA: Invalid EAPOL-Key MIC "
  58. "when using TPTK - ignoring TPTK");
  59. @@ -1724,9 +1731,10 @@ static int wpa_supplicant_verify_eapol_k
  60. if (!ok && sm->ptk_set) {
  61. os_memset(key + 1, 0, mic_len);
  62. - wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len, sm->key_mgmt,
  63. - ver, buf, len, (u8 *) (key + 1));
  64. - if (os_memcmp_const(mic, key + 1, mic_len) != 0) {
  65. + if (wpa_eapol_key_mic(sm->ptk.kck, sm->ptk.kck_len,
  66. + sm->key_mgmt,
  67. + ver, buf, len, (u8 *) (key + 1)) < 0 ||
  68. + os_memcmp_const(mic, key + 1, mic_len) != 0) {
  69. wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  70. "WPA: Invalid EAPOL-Key MIC - "
  71. "dropping packet");
  72. @@ -3689,6 +3697,11 @@ int fils_process_assoc_resp(struct wpa_s
  73. alg = wpa_cipher_to_alg(sm->pairwise_cipher);
  74. keylen = wpa_cipher_key_len(sm->pairwise_cipher);
  75. + if (keylen <= 0 || (unsigned int) keylen != sm->ptk.tk_len) {
  76. + wpa_printf(MSG_DEBUG, "FILS: TK length mismatch: %u != %lu",
  77. + keylen, (long unsigned int) sm->ptk.tk_len);
  78. + goto fail;
  79. + }
  80. rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
  81. wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
  82. sm->ptk.tk, keylen);