vanhoefm · February 17, 2023 20:41
diff --git a/0001-Make-hostap-vulnerable-to-PTK-key-reinstallation.patch b/0001-Make-hostap-vulnerable-to-PTK-key-reinstallation.patch
 From b2393237de31be1799cb9026e30a5bf7b611f6e7 Mon Sep 17 00:00:00 2001
 From: Mathy Vanhoef <[email protected]>
 Date: Fri, 17 Feb 2023 21:38:06 +0100
 Subject: [PATCH] Make hostap vulnerable to PTK key reinstallation

 Apply this patch to hostap_2_10 to make it vulnerable to PTK key
 reinstallations.
 ---
 src/rsn_supp/wpa.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

 diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
 index 0a2f87787..f2dcddd98 100644
 --- a/src/rsn_supp/wpa.c
 +++ b/src/rsn_supp/wpa.c
 @@ -912,11 +912,13 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
 	enum wpa_alg alg;
 	const u8 *key_rsc;
 
 +#if 0
 	if (sm->ptk.installed) {
 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 			"WPA: Do not re-install same PTK to the driver");
 		return 0;
 	}
 +#endif
 
 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
 		"WPA: Installing PTK to the driver");
 @@ -950,6 +952,27 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
 		wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
 	}
 
 +#if 1
 +	// Newer Linux kernels will also detect the reinstallation of a key.
 +	// So to simulate a key reinstllation vulnerability, we first install
 +	// a all-zero key, and then install the real key. This assures that
 +	// the rekey check in the kernel is bypbased.
 +	{
 +		u8 zero[WPA_TK_MAX_LEN] = {0};
 +		// Install all-zero key
 +		if (wpa_sm_set_key(sm, alg, sm->bssid, sm->keyidx_active, 1, key_rsc,
 +				   rsclen, zero, keylen,
 +				   KEY_FLAG_PAIRWISE | key_flag) < 0) {
 +			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
 +				"WPA: Failed to set all-zero PTK to the driver (alg=%d "
 +				"keylen=%d bssid=" MACSTR " idx=%d key_flag=0x%x)",
 +				alg, keylen, MAC2STR(sm->bssid),
 +				sm->keyidx_active, key_flag);
 +			return -1;
 +		}
 +	}
 +#endif
 +
 	if (wpa_sm_set_key(sm, alg, sm->bssid, sm->keyidx_active, 1, key_rsc,
 			   rsclen, sm->ptk.tk, keylen,
 			   KEY_FLAG_PAIRWISE | key_flag) < 0) {
 -- 
 2.39.2
	From b2393237de31be1799cb9026e30a5bf7b611f6e7 Mon Sep 17 00:00:00 2001
	From: Mathy Vanhoef <[email protected]>
	Date: Fri, 17 Feb 2023 21:38:06 +0100
	Subject: [PATCH] Make hostap vulnerable to PTK key reinstallation

	Apply this patch to hostap_2_10 to make it vulnerable to PTK key
	reinstallations.
	---
	src/rsn_supp/wpa.c \| 23 +++++++++++++++++++++++
	1 file changed, 23 insertions(+)

	diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
	index 0a2f87787..f2dcddd98 100644
	--- a/src/rsn_supp/wpa.c
	+++ b/src/rsn_supp/wpa.c
	@@ -912,11 +912,13 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
	enum wpa_alg alg;
	const u8 *key_rsc;

	+#if 0
	if (sm->ptk.installed) {
	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	"WPA: Do not re-install same PTK to the driver");
	return 0;
	}
	+#endif

	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
	"WPA: Installing PTK to the driver");
	@@ -950,6 +952,27 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
	wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
	}

	+#if 1
	+ // Newer Linux kernels will also detect the reinstallation of a key.
	+ // So to simulate a key reinstllation vulnerability, we first install
	+ // a all-zero key, and then install the real key. This assures that
	+ // the rekey check in the kernel is bypbased.
	+ {
	+ u8 zero[WPA_TK_MAX_LEN] = {0};
	+ // Install all-zero key
	+ if (wpa_sm_set_key(sm, alg, sm->bssid, sm->keyidx_active, 1, key_rsc,
	+ rsclen, zero, keylen,
	+ KEY_FLAG_PAIRWISE \| key_flag) < 0) {
	+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
	+ "WPA: Failed to set all-zero PTK to the driver (alg=%d "
	+ "keylen=%d bssid=" MACSTR " idx=%d key_flag=0x%x)",
	+ alg, keylen, MAC2STR(sm->bssid),
	+ sm->keyidx_active, key_flag);
	+ return -1;
	+ }
	+ }
	+#endif
	+
	if (wpa_sm_set_key(sm, alg, sm->bssid, sm->keyidx_active, 1, key_rsc,
	rsclen, sm->ptk.tk, keylen,
	KEY_FLAG_PAIRWISE \| key_flag) < 0) {
	--
	2.39.2