FILS: Update PMKID derivation rules for ERP key hierarchy establishment

IEEE Std 802.11ai-2016 had missed a change in the Pairwise key hierarchy clause (12.7.1.3 in IEEE Std 802.11-2016) and due to that, the previous implementation ended up using HMAC-SHA-1 -based PMKID derivation. This was not really the intent of the FILS design and that issue was fixed during REVmd work with the changes proposed in https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx that change FILS cases to use HMAC-SHA-256 and HMAC-SHA-384 based on the negotiated AKM. Update the implementation to match the new design. This changes the rsn_pmkid() function to take in the more generic AKMP identifier instead of a boolean identifying whether SHA256 is used. Note: This is not backwards compatible, i.e., this breaks PMKSA caching based on the initial ERP key hierarchy setup if only STA or AP side implementation is updated. PMKSA caching based on FILS authentication exchange is not impacted by this, though. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-13 17:58:29 +03:00 · 2017-09-13 17:58:29 +03:00 · 41b8191485
commit 41b8191485
parent 3031133983
5 changed files with 33 additions and 16 deletions
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@ -154,8 +154,7 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
 	else if (wpa_key_mgmt_suite_b(akmp))
 		rsn_pmkid_suite_b(kck, kck_len, aa, spa, entry->pmkid);
 	else
-		rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid,
-			  wpa_key_mgmt_sha256(akmp));
+		rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid, akmp);
 	os_get_reltime(&now);
 	entry->expiration = now.sec + pmksa->sm->dot11RSNAConfigPMKLifetime;
 	entry->reauth_time = now.sec + pmksa->sm->dot11RSNAConfigPMKLifetime *