DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Remove GTK/IGTK/BIGTK from memory explicitly in AP mode

Browse source 
Make sure these keys do not remain in memory beyond the time they are
needed.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-02-26 01:14:25 +02:00 committed by Jouni Malinen
parent af1f0694e1
commit 1364f322bf
2 changed files with 13 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/ap/wpa_auth.c
View file

@ -603,7 +603,7 @@ void wpa_deinit(struct wpa_authenticator *wpa_auth)
while (group) {
prev = group;
group = group->next;
os_free(prev);
bin_clear_free(prev, sizeof(*prev));
}
os_free(wpa_auth);
@ -1642,7 +1642,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
if (aes_wrap(sm->PTK.kek, sm->PTK.kek_len,
(key_data_len - 8) / 8, buf, key_data)) {
os_free(hdr);
os_free(buf);
bin_clear_free(buf, key_data_len);
return;
}
WPA_PUT_BE16(key_mic + mic_len, key_data_len);
@ -1663,10 +1663,10 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
#endif /* CONFIG_NO_RC4 */
} else {
os_free(hdr);
os_free(buf);
bin_clear_free(buf, key_data_len);
return;
}
os_free(buf);
bin_clear_free(buf, key_data_len);
}
if (key_info & WPA_KEY_INFO_MIC) {
@ -3270,6 +3270,7 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,
(const u8 *) &igtk, WPA_IGTK_KDE_PREFIX_LEN + len,
NULL, 0);
forced_memzero(&igtk, sizeof(igtk));
if (!conf->beacon_prot)
return pos;
@ -3293,6 +3294,7 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
pos = wpa_add_kde(pos, RSN_KEY_DATA_BIGTK,
(const u8 *) &bigtk, WPA_BIGTK_KDE_PREFIX_LEN + len,
NULL, 0);
forced_memzero(&bigtk, sizeof(bigtk));
return pos;
}
@ -3373,7 +3375,7 @@ static u8 * replace_ie(const char *name, const u8 *old_buf, size_t *len, u8 eid,
SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
{
u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde = NULL, *pos, stub_gtk[32];
size_t gtk_len, kde_len, wpa_ie_len;
size_t gtk_len, kde_len = 0, wpa_ie_len;
struct wpa_group *gsm = sm->group;
u8 *wpa_ie;
int secure, gtkidx, encr = 0;
@ -3631,7 +3633,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
WPA_KEY_INFO_KEY_TYPE,
_rsc, sm->ANonce, kde, pos - kde, 0, encr);
done:
os_free(kde);
bin_clear_free(kde, kde_len);
os_free(wpa_ie_buf);
os_free(wpa_ie_buf2);
}
@ -3852,7 +3854,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
struct wpa_group *gsm = sm->group;
const u8 *kde;
u8 *kde_buf = NULL, *pos, hdr[2];
size_t kde_len;
size_t kde_len = 0;
u8 *gtk, stub_gtk[32];
struct wpa_auth_config *conf = &sm->wpa_auth->conf;
@ -3921,7 +3923,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
(!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
rsc, NULL, kde, kde_len, gsm->GN, 1);
os_free(kde_buf);
bin_clear_free(kde_buf, kde_len);
}
@ -5563,7 +5565,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
WPA_KEY_INFO_KEY_TYPE,
_rsc, sm->ANonce, kde, pos - kde, 0, encr);
os_free(kde);
bin_clear_free(kde, kde_len);
return 0;
}
@ -5631,7 +5633,7 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
(!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
rsc, NULL, kde, kde_len, gsm->GN, 1);
os_free(kde_buf);
bin_clear_free(kde_buf, kde_len);
return 0;
}

1
src/ap/wpa_auth_ft.c
View file

@ -2240,6 +2240,7 @@ static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
wpa_printf(MSG_DEBUG,
"FT: GTK subelem encryption failed: kek_len=%d",
(int) kek_len);
forced_memzero(keybuf, sizeof(keybuf));
os_free(subelem);
return NULL;
}