aboutsummaryrefslogtreecommitdiffstats
path: root/main/hostapd/0010-EAP-pwd-server-Detect-reflection-attacks.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/hostapd/0010-EAP-pwd-server-Detect-reflection-attacks.patch')
-rw-r--r--main/hostapd/0010-EAP-pwd-server-Detect-reflection-attacks.patch45
1 files changed, 45 insertions, 0 deletions
diff --git a/main/hostapd/0010-EAP-pwd-server-Detect-reflection-attacks.patch b/main/hostapd/0010-EAP-pwd-server-Detect-reflection-attacks.patch
new file mode 100644
index 0000000000..9bc1447965
--- /dev/null
+++ b/main/hostapd/0010-EAP-pwd-server-Detect-reflection-attacks.patch
@@ -0,0 +1,45 @@
+From d63edfa90243e9a7de6ae5c275032f2cc79fef95 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
+Date: Sun, 31 Mar 2019 17:26:01 +0200
+Subject: [PATCH] EAP-pwd server: Detect reflection attacks
+
+When processing an EAP-pwd Commit frame, verify that the peer's scalar
+and elliptic curve element differ from the one sent by the server. This
+prevents reflection attacks where the adversary reflects the scalar and
+element sent by the server. (CVE-2019-9497)
+
+The vulnerability allows an adversary to complete the EAP-pwd handshake
+as any user. However, the adversary does not learn the negotiated
+session key, meaning the subsequent 4-way handshake would fail. As a
+result, this cannot be abused to bypass authentication unless EAP-pwd is
+used in non-WLAN cases without any following key exchange that would
+require the attacker to learn the MSK.
+
+Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
+---
+ src/eap_server/eap_server_pwd.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c
+index 74979da6e..16057e94f 100644
+--- a/src/eap_server/eap_server_pwd.c
++++ b/src/eap_server/eap_server_pwd.c
+@@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_sm *sm, struct eap_pwd_data *data,
+ }
+ }
+
++ /* detect reflection attacks */
++ if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
++ crypto_ec_point_cmp(data->grp->group, data->my_element,
++ data->peer_element) == 0) {
++ wpa_printf(MSG_INFO,
++ "EAP-PWD (server): detected reflection attack!");
++ goto fin;
++ }
++
+ /* compute the shared key, k */
+ if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe,
+ data->peer_scalar, K) < 0) ||
+--
+2.21.0
+