[PATCH 01/10] Do not use the system clock or os_random() that uses a low quality PRNG as part of the pseudo-random challenge in auth_shared_key(...)

Nick Lowe <nick.lowe@xxxxxxxxxxxx> · Sun, 14 Feb 2016 19:31:52 +0000

Do not use the system clock or os_random() that uses a
 low quality PRNG as part of the pseudo-random challenge in
 auth_shared_key(...). The current construction can be improved upon by
 replacing it with a call to os_get_random(...), which uses a high quality
 PRNG.

Signed-off-by: Nick Lowe <nick.lowe@xxxxxxxxxxxx>
---
 src/ap/ieee802_11.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index ec6f8a7..7f5738f 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -207,16 +207,13 @@ static u16 auth_shared_key(struct hostapd_data
*hapd, struct sta_info *sta,
         if (!sta->challenge) {
             /* Generate a pseudo-random challenge */
             u8 key[8];
-            struct os_time now;
-            int r;
             sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
             if (sta->challenge == NULL)
                 return WLAN_STATUS_UNSPECIFIED_FAILURE;

-            os_get_time(&now);
-            r = os_random();
-            os_memcpy(key, &now.sec, 4);
-            os_memcpy(key + 4, &r, 4);
+            if (os_get_random((u8 *) &key, sizeof(key)) < 0)
+                return WLAN_STATUS_UNSPECIFIED_FAILURE;
+
             rc4_skip(key, sizeof(key), 0,
                  sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
         }
-- 
2.5.0
From f6d4d7dd112d073b47c69874d6340a26d069ce15 Mon Sep 17 00:00:00 2001
From: Nick Lowe <nick.lowe@xxxxxxxxxxxx>
Date: Tue, 9 Feb 2016 14:43:21 +0000
Subject: [PATCH 01/10] Do not use the system clock or os_random() that uses a
 low quality PRNG as part of the pseudo-random challenge in
 auth_shared_key(...). The current construction can be improved upon by
 replacing it with a call to os_get_random(...), which uses a high quality
 PRNG.

Signed-off-by: Nick Lowe <nick.lowe@xxxxxxxxxxxx>
---
 src/ap/ieee802_11.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index ec6f8a7..7f5738f 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -207,16 +207,13 @@ static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
 		if (!sta->challenge) {
 			/* Generate a pseudo-random challenge */
 			u8 key[8];
-			struct os_time now;
-			int r;
 			sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
 			if (sta->challenge == NULL)
 				return WLAN_STATUS_UNSPECIFIED_FAILURE;
 
-			os_get_time(&now);
-			r = os_random();
-			os_memcpy(key, &now.sec, 4);
-			os_memcpy(key + 4, &r, 4);
+			if (os_get_random((u8 *) &key, sizeof(key)) < 0)
+				return WLAN_STATUS_UNSPECIFIED_FAILURE;
+
 			rc4_skip(key, sizeof(key), 0,
 				 sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
 		}
-- 
2.5.0

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




