Reject PMK-to-PTK derivation with unsupported cipher

There should be no wpa_pmk_to_ptk() calls with the cipher argument
indicating a cipher that is not allowed as a pairwise cipher. However,
it looks like that was possible to happen with wlantest. Check for this
corner case explicitly to avoid generating confusing debug logs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-11-14 12:50:30 +02:00 committed by Jouni Malinen
parent 71db91db96
commit 1d624a0702

View file

@ -273,6 +273,12 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
ptk->kck_len = wpa_kck_len(akmp, pmk_len);
ptk->kek_len = wpa_kek_len(akmp, pmk_len);
ptk->tk_len = wpa_cipher_key_len(cipher);
if (ptk->tk_len == 0) {
wpa_printf(MSG_ERROR,
"WPA: Unsupported cipher (0x%x) used in PTK derivation",
cipher);
return -1;
}
ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len;
if (wpa_key_mgmt_sha384(akmp)) {