Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-02-20 02:53:03 -05:00
Code Issues Projects Releases Wiki Activity

DPP2: Detect PFS downgrade attack while processing EAPOL-Key msg 3/4

Browse Source 
Do not allow association to continue if the local configuration enables
PFS and the station indicates it supports PFS, but PFS was not
negotiated for the association.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-05-01 20:06:57 +03:00 committed by Jouni Malinen
parent 9561925b4d
commit c3c38bc8b9
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/rsn_supp/wpa.c
View File

@ -1715,6 +1715,20 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
}
#endif /* CONFIG_OCV */
#ifdef CONFIG_DPP2
if (ie.dpp_kde) {
wpa_printf(MSG_DEBUG,
"DPP: peer Protocol Version %u Flags 0x%x",
ie.dpp_kde[0], ie.dpp_kde[1]);
if (sm->key_mgmt == WPA_KEY_MGMT_DPP && sm->dpp_pfs != 2 &&
(ie.dpp_kde[1] & DPP_KDE_PFS_ALLOWED) && !sm->dpp_z) {
wpa_printf(MSG_INFO,
"DPP: Peer indicated it supports PFS and local configuration allows this, but PFS was not negotiated for the association");
goto failed;
}
}
#endif /* CONFIG_DPP2 */
if (sm->use_ext_key_id &&
wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX))
goto failed;