Reject PMK-to-PTK derivation with unsupported cipher
There should be no wpa_pmk_to_ptk() calls with the cipher argument indicating a cipher that is not allowed as a pairwise cipher. However, it looks like that was possible to happen with wlantest. Check for this corner case explicitly to avoid generating confusing debug logs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
71db91db96
commit
1d624a0702
1 changed files with 6 additions and 0 deletions
|
@ -273,6 +273,12 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
|||
ptk->kck_len = wpa_kck_len(akmp, pmk_len);
|
||||
ptk->kek_len = wpa_kek_len(akmp, pmk_len);
|
||||
ptk->tk_len = wpa_cipher_key_len(cipher);
|
||||
if (ptk->tk_len == 0) {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"WPA: Unsupported cipher (0x%x) used in PTK derivation",
|
||||
cipher);
|
||||
return -1;
|
||||
}
|
||||
ptk_len = ptk->kck_len + ptk->kek_len + ptk->tk_len;
|
||||
|
||||
if (wpa_key_mgmt_sha384(akmp)) {
|
||||
|
|
Loading…
Reference in a new issue