Re: KRACK update for wheezy

To: Antoine Beaupré <anarcat@orangeseeds.org>
Cc: debian-lts@lists.debian.org
Subject: Re: KRACK update for wheezy
From: Guido Günther <agx@sigxcpu.org>
Date: Tue, 24 Oct 2017 08:14:47 +0200
Message-id: <[🔎] 20171024061447.yeaxb6njunrtpvyg@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, Antoine Beaupré <anarcat@orangeseeds.org>, debian-lts@lists.debian.org
In-reply-to: <[🔎] 87k1zlbfbe.fsf@curie.anarc.at>
References: <[🔎] 20171018105620.shkxnm5feryng3bs@home.ouaza.com> <[🔎] 87k1zlbfbe.fsf@curie.anarc.at>

Hi Antoine,
(trimming the cc: list a bit)

On Mon, Oct 23, 2017 at 07:43:49PM -0400, Antoine Beaupré wrote:
> Hi,
> 
> I have looked at backporting the "KRACK" patches down into wheezy. I'm a
> little concerned about the results: I don't have a good grasp of WPA2
> and particularly of the wpa_supplicant codebase. I don't even know if
> wheezy is actually vulnerable, I went under the assumption that it was
> vulnerable and carried on.
> 
> Obviously, I don't have a full WPA stack to test this with here either:
> my laptop is not running wheezy and I couldn't find a quick way to test
> this directly, let alone mount a full attack to try and reproduce the
> issue or confirm it is fixed.
> 
> So I uploaded a test package to my usual repository:
> 
> https://people.debian.org/~anarcat/debian/wheezy-lts/
> 
> WARNING: I didn't test this in any way. I tried to make the patch
> meaningful and the code compiled, but that's about it.
> 
> A patch is attached for your perusal, but I am concerned about some bits
> of the patchset, and I wonder if the version in wheezy might not be
> vulnerable to even *more* issues. It's kind of scary to think that
> wpa_supplicant is running, as root, on so many machines out there...

Did you try reaching out to upstream to confirm if Wheezy is vulnerable?
I'm pretty sure they have a good idea now about the affected versions
given all the fuzz around KRACK.
Cheers,
 -- Guido

> 
> But more specifically, I'm concerned about the following hunks:
> 
> @@ -861,6 +870,7 @@ static u16 wpa_ft_process_auth_req(struc
>  	wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
>  
>  	sm->pairwise = pairwise;
> +        sm->tk_already_set = FALSE;
>  	wpa_ft_install_ptk(sm);
>  
>  	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
> 
> The code in jessie also had a "sm->PTK_valid = TRUE;" assignment there,
> I didn't look to see what that does exactly.
> 
> In the second patch, in wpa_sm_notify_assoc there are more os_memset()
> calls in jessie that were not present in the wheezy version. For
> example, those two:
> 
>  		os_memset(&sm->ptk, 0, sizeof(sm->tptk));
>  		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
> 
> Again PTK stuff...
> 
> Patch #5 is also worrisome: in wheezy, we *always* reset the nonce in
> TDLS. So the last part of the hunk isn't relevant at all, because we
> don't check if peer->inonce is set at all in wheezy. So I'm worried the
> fix is incomplete, or even worse, that there are *other* vulnerabilities
> in wheezy.
> 
> Patches 6-8 were completely discarded: they all refer to non-existent
> code about WNM sleep support, which doesn't seem to be implemented in
> wheezy. Hopefully that is not an issue either.
> 
> So that's about it, hopefully some more experienced wifi people can take
> a look at this. Otherwise I can dig deeper in the protocol and try to
> figure out what's going on, but it definitely seems sketchy...
> 
> Thank you for your time.
> 
> -- 
> It is a miracle that curiosity survives formal education
>                         - Albert Einstein

Reply to:

Follow-Ups:
- Re: KRACK update for wheezy
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

References:
- Wheezy update of wpa?
  - From: Raphael Hertzog <hertzog@debian.org>
- KRACK update for wheezy
  - From: Antoine Beaupré <anarcat@orangeseeds.org>

Prev by Date: KRACK update for wheezy
Next by Date: Re: KRACK update for wheezy
Previous by thread: KRACK update for wheezy
Next by thread: Re: KRACK update for wheezy
Index(es):
- Date
- Thread