+++ /dev/null
-From d63edfa90243e9a7de6ae5c275032f2cc79fef95 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
-Date: Sun, 31 Mar 2019 17:26:01 +0200
-Subject: [PATCH 12/14] EAP-pwd server: Detect reflection attacks
-
-When processing an EAP-pwd Commit frame, verify that the peer's scalar
-and elliptic curve element differ from the one sent by the server. This
-prevents reflection attacks where the adversary reflects the scalar and
-element sent by the server. (CVE-2019-9497)
-
-The vulnerability allows an adversary to complete the EAP-pwd handshake
-as any user. However, the adversary does not learn the negotiated
-session key, meaning the subsequent 4-way handshake would fail. As a
-result, this cannot be abused to bypass authentication unless EAP-pwd is
-used in non-WLAN cases without any following key exchange that would
-require the attacker to learn the MSK.
-
-Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
----
- src/eap_server/eap_server_pwd.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
---- a/src/eap_server/eap_server_pwd.c
-+++ b/src/eap_server/eap_server_pwd.c
-@@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_s
- }
- }
-
-+ /* detect reflection attacks */
-+ if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
-+ crypto_ec_point_cmp(data->grp->group, data->my_element,
-+ data->peer_element) == 0) {
-+ wpa_printf(MSG_INFO,
-+ "EAP-PWD (server): detected reflection attack!");
-+ goto fin;
-+ }
-+
- /* compute the shared key, k */
- if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe,
- data->peer_scalar, K) < 0) ||
projects / openwrt / staging / chunkeey.git / blobdiff