FILS: Add DHss into FILS-Key-Data derivation when using FILS SK+PFS
This part is missing from IEEE Std 802.11ai-2016, but the lack of DHss here means there would not be proper PFS for the case where PMKSA caching is used with FILS SK+PFS authentication. This was not really the intent of the FILS design and that issue was fixed during REVmd work with the changes proposed in https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx that add DHss into FILS-Key-Data (and PTK, in practice) derivation for the PMKSA caching case so that a unique ICK, KEK, and TK are derived even when using the same PMK. Note: This is not backwards compatible, i.e., this breaks PMKSA caching with FILS SK+PFS if only STA or AP side implementation is updated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
41b8191485
commit
4cada9dcc1
7 changed files with 62 additions and 18 deletions
|
@ -347,7 +347,8 @@ int fils_rmsk_to_pmk(int akmp, const u8 *rmsk, size_t rmsk_len,
|
|||
int fils_pmkid_erp(int akmp, const u8 *reauth, size_t reauth_len,
|
||||
u8 *pmkid);
|
||||
int fils_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const u8 *spa, const u8 *aa,
|
||||
const u8 *snonce, const u8 *anonce, struct wpa_ptk *ptk,
|
||||
const u8 *snonce, const u8 *anonce, const u8 *dhss,
|
||||
size_t dhss_len, struct wpa_ptk *ptk,
|
||||
u8 *ick, size_t *ick_len, int akmp, int cipher,
|
||||
u8 *fils_ft, size_t *fils_ft_len);
|
||||
int fils_key_auth_sk(const u8 *ick, size_t ick_len, const u8 *snonce,
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue