package/network/services/hostapd/patches/064-0012-EAP-pwd-server-Detect-reflection-attacks.patch

   1 From d63edfa90243e9a7de6ae5c275032f2cc79fef95 Mon Sep 17 00:00:00 2001
   2 From: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
   3 Date: Sun, 31 Mar 2019 17:26:01 +0200
   4 Subject: [PATCH 12/14] EAP-pwd server: Detect reflection attacks
   5
   6 When processing an EAP-pwd Commit frame, verify that the peer's scalar
   7 and elliptic curve element differ from the one sent by the server. This
   8 prevents reflection attacks where the adversary reflects the scalar and
   9 element sent by the server. (CVE-2019-9497)
  10
  11 The vulnerability allows an adversary to complete the EAP-pwd handshake
  12 as any user. However, the adversary does not learn the negotiated
  13 session key, meaning the subsequent 4-way handshake would fail. As a
  14 result, this cannot be abused to bypass authentication unless EAP-pwd is
  15 used in non-WLAN cases without any following key exchange that would
  16 require the attacker to learn the MSK.
  17
  18 Signed-off-by: Mathy Vanhoef <mathy.vanhoef@nyu.edu>
  19 ---
  20  src/eap_server/eap_server_pwd.c | 9 +++++++++
  21  1 file changed, 9 insertions(+)
  22
  23 --- a/src/eap_server/eap_server_pwd.c
  24 +++ b/src/eap_server/eap_server_pwd.c
  25 @@ -753,6 +753,15 @@ eap_pwd_process_commit_resp(struct eap_s
  26                 }
  27         }
  28
  29 +       /* detect reflection attacks */
  30 +       if (crypto_bignum_cmp(data->my_scalar, data->peer_scalar) == 0 ||
  31 +           crypto_ec_point_cmp(data->grp->group, data->my_element,
  32 +                               data->peer_element) == 0) {
  33 +               wpa_printf(MSG_INFO,
  34 +                          "EAP-PWD (server): detected reflection attack!");
  35 +               goto fin;
  36 +       }
  37 +
  38         /* compute the shared key, k */
  39         if ((crypto_ec_point_mul(data->grp->group, data->grp->pwe,
  40                                  data->peer_scalar, K) < 0) ||