DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

FT: Include pairwise cipher suite in PMK-R0 SA and PMK-R1 SA

Browse source 
This is needed to fix PTK derivation to use correct length. Previously,
64-octet PTK may have been derived if the authenticator did not already
have a STA entry. Now, the correct pairwise cipher suite is learned when
then PMK-R1 SA is received.
This commit is contained in:
Jouni Malinen 2010-03-07 22:18:33 +02:00
parent 5205c4f98a
commit 1b484d60e5
2 changed files with 45 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/ap/wpa_auth.h
View file

@ -47,7 +47,7 @@ struct ft_rrb_frame {
#define FT_R0KH_R1KH_PULL_DATA_LEN 44
#define FT_R0KH_R1KH_RESP_DATA_LEN 76
#define FT_R0KH_R1KH_PUSH_DATA_LEN 80
#define FT_R0KH_R1KH_PUSH_DATA_LEN 88
struct ft_r0kh_r1kh_pull_frame {
u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
@ -74,14 +74,15 @@ struct ft_r0kh_r1kh_resp_frame {
u8 s1kh_id[ETH_ALEN]; /* copied from pull */
u8 pmk_r1[PMK_LEN];
u8 pmk_r1_name[WPA_PMK_NAME_LEN];
u8 pad[4]; /* 8-octet boundary for AES key wrap */
le16 pairwise;
u8 pad[2]; /* 8-octet boundary for AES key wrap */
u8 key_wrap_extra[8];
} STRUCT_PACKED;
struct ft_r0kh_r1kh_push_frame {
u8 frame_type; /* RSN_REMOTE_FRAME_TYPE_FT_RRB */
u8 packet_type; /* FT_PACKET_R0KH_R1KH_PUSH */
le16 data_length; /* little endian length of data (80) */
le16 data_length; /* little endian length of data (88) */
u8 ap_address[ETH_ALEN];
/* Encrypted with AES key-wrap */
@ -92,6 +93,8 @@ struct ft_r0kh_r1kh_push_frame {
u8 pmk_r0_name[WPA_PMK_NAME_LEN];
u8 pmk_r1[PMK_LEN];
u8 pmk_r1_name[WPA_PMK_NAME_LEN];
le16 pairwise;
u8 pad[6]; /* 8-octet boundary for AES key wrap */
u8 key_wrap_extra[8];
} STRUCT_PACKED;