ap: only accept message 4 after receiving message 2

Message ID	CAFXAJYz3nVT2i3AkoBrCeh+GqkNDrFmriJtfHt=as6j2x4J6jQ@mail.gmail.com (mailing list archive)
State	New
Headers	show Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C0C68155A40 for <iwd@lists.linux.dev>; Mon, 29 Jan 2024 16:12:03 +0000 (UTC) Precedence: bulk MIME-Version: 1.0 From: Mathy Vanhoef <vanhoefm@gmail.com> Date: Mon, 29 Jan 2024 17:11:49 +0100 Message-ID: <CAFXAJYz3nVT2i3AkoBrCeh+GqkNDrFmriJtfHt=as6j2x4J6jQ@mail.gmail.com> Subject: ap: only accept message 4 after receiving message 2 To: iwd@lists.linux.dev Content-Type: text/plain; charset="UTF-8"
Series	ap: only accept message 4 after receiving message 2 \| expand ap: only accept message 4 after receiving message 2

Message ID

CAFXAJYz3nVT2i3AkoBrCeh+GqkNDrFmriJtfHt=as6j2x4J6jQ@mail.gmail.com (mailing list archive)

State

New

Headers

Precedence: bulk
MIME-Version: 1.0
From: Mathy Vanhoef <vanhoefm@gmail.com>
Date: Mon, 29 Jan 2024 17:11:49 +0100
Message-ID: 
 <CAFXAJYz3nVT2i3AkoBrCeh+GqkNDrFmriJtfHt=as6j2x4J6jQ@mail.gmail.com>
Subject: ap: only accept message 4 after receiving message 2
To: iwd@lists.linux.dev
Content-Type: text/plain; charset="UTF-8"

Series

ap: only accept message 4 after receiving message 2 | expand

Context	Check	Description
tedd_an/pre-ci_am	fail	error: patch failed: src/eapol.c:2092 error: src/eapol.c: patch does not apply hint: Use 'git am --show-current-patch' to see the failed patch

Context

Check

Description

tedd_an/pre-ci_am

fail

error: patch failed: src/eapol.c:2092 error: src/eapol.c: patch does not apply hint: Use 'git am --show-current-patch' to see the failed patch

Commit Message

Mathy Vanhoef Jan. 29, 2024, 4:11 p.m. UTC

We found that when IWD is operating in AP mode, it doesn't verify
whether message 2 was already received before processing message 4.

I've included a candidate commit message and patch below. My mailing
client might destroy the spacing, but the small patch should
illustrate the possible fix.

---

When operating as an AP, drop message 4 of the 4-way handshake if the AP
has not yet received message 2. Otherwise an attacker can skip message 2
and immediately sent message 4 to bypass authentication (the AP would be
using an all-zero ptk to verify the authenticity of message 4).
---
 src/eapol.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Denis Kenzior Jan. 30, 2024, 3:02 a.m. UTC | #1

Hi Mathy,

On 1/29/24 10:11, Mathy Vanhoef wrote:
> We found that when IWD is operating in AP mode, it doesn't verify
> whether message 2 was already received before processing message 4.
> 
> I've included a candidate commit message and patch below. My mailing
> client might destroy the spacing, but the small patch should
> illustrate the possible fix.

Ah nice catch.  Thank you.  I created a commit based on your patch / 
description.  Applied now as:
6415420f1c92 ("ap: only accept ptk 4/4 after receiving ptk 2/4")

Regards,
-Denis

diff --git a/src/eapol.c b/src/eapol.c
index bad4bbb7..3ce14d5c 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -2092,6 +2092,10 @@  static void eapol_handle_ptk_4_of_4(struct eapol_sm *sm,
     if (L_BE64_TO_CPU(ek->key_replay_counter) != sm->replay_counter)
         return;

+    /* Ensure we received Message 2 and thus have a PTK to verify MIC */
+    if (!sm->handshake->have_snonce)
+        return;
+
     kck = handshake_state_get_kck(sm->handshake);

     if (!eapol_verify_mic(sm->handshake->akm_suite, kck, ek,

ap: only accept message 4 after receiving message 2

Checks

Commit Message

Comments

Patch