Hi Antoine, (trimming the cc: list a bit) On Mon, Oct 23, 2017 at 07:43:49PM -0400, Antoine Beaupré wrote: > Hi, > > I have looked at backporting the "KRACK" patches down into wheezy. I'm a > little concerned about the results: I don't have a good grasp of WPA2 > and particularly of the wpa_supplicant codebase. I don't even know if > wheezy is actually vulnerable, I went under the assumption that it was > vulnerable and carried on. > > Obviously, I don't have a full WPA stack to test this with here either: > my laptop is not running wheezy and I couldn't find a quick way to test > this directly, let alone mount a full attack to try and reproduce the > issue or confirm it is fixed. > > So I uploaded a test package to my usual repository: > > https://people.debian.org/~anarcat/debian/wheezy-lts/ > > WARNING: I didn't test this in any way. I tried to make the patch > meaningful and the code compiled, but that's about it. > > A patch is attached for your perusal, but I am concerned about some bits > of the patchset, and I wonder if the version in wheezy might not be > vulnerable to even *more* issues. It's kind of scary to think that > wpa_supplicant is running, as root, on so many machines out there...
Did you try reaching out to upstream to confirm if Wheezy is vulnerable? I'm pretty sure they have a good idea now about the affected versions given all the fuzz around KRACK. Cheers, -- Guido > > But more specifically, I'm concerned about the following hunks: > > @@ -861,6 +870,7 @@ static u16 wpa_ft_process_auth_req(struc > wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN); > > sm->pairwise = pairwise; > + sm->tk_already_set = FALSE; > wpa_ft_install_ptk(sm); > > buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + > > The code in jessie also had a "sm->PTK_valid = TRUE;" assignment there, > I didn't look to see what that does exactly. > > In the second patch, in wpa_sm_notify_assoc there are more os_memset() > calls in jessie that were not present in the wheezy version. For > example, those two: > > os_memset(&sm->ptk, 0, sizeof(sm->tptk)); > os_memset(&sm->tptk, 0, sizeof(sm->tptk)); > > Again PTK stuff... > > Patch #5 is also worrisome: in wheezy, we *always* reset the nonce in > TDLS. So the last part of the hunk isn't relevant at all, because we > don't check if peer->inonce is set at all in wheezy. So I'm worried the > fix is incomplete, or even worse, that there are *other* vulnerabilities > in wheezy. > > Patches 6-8 were completely discarded: they all refer to non-existent > code about WNM sleep support, which doesn't seem to be implemented in > wheezy. Hopefully that is not an issue either. > > So that's about it, hopefully some more experienced wifi people can take > a look at this. Otherwise I can dig deeper in the protocol and try to > figure out what's going on, but it definitely seems sketchy... > > Thank you for your time. > > -- > It is a miracle that curiosity survives formal education > - Albert Einstein
