From 6c33eed3ee7fd6bd9c561295e001a6b63adbb88d Mon Sep 17 00:00:00 2001 From: Bob Copeland Date: Sat, 26 Dec 2015 21:20:51 -0500 Subject: [PATCH] mesh: Fix PMKID to match the standard IEEE Std 802.11-2012 11.3.5.4 specifies the PMKID for SAE-derived keys as: L((commit-scalar + peer-commit-scalar) mod r, 0, 128) This is already calculated in the SAE code when the PMK is derived, but not saved anywhere. Later, when generating the PMKID for plink action frames, the definition for PMKID from 11.6.1.3 is incorrectly used. Correct this by saving the PMKID when the key is generated and use it subsequently. Signed-off-by: Bob Copeland --- src/common/sae.c | 1 + src/common/sae.h | 1 + wpa_supplicant/mesh_rsn.c | 5 +---- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/common/sae.c b/src/common/sae.c index b962ea227..6c00a7e38 100644 --- a/src/common/sae.c +++ b/src/common/sae.c @@ -816,6 +816,7 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k) os_memset(keyseed, 0, sizeof(keyseed)); os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN); + os_memcpy(sae->pmkid, val, SAE_PMKID_LEN); os_memset(keys, 0, sizeof(keys)); wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN); diff --git a/src/common/sae.h b/src/common/sae.h index c07026cd4..a4270bc22 100644 --- a/src/common/sae.h +++ b/src/common/sae.h @@ -45,6 +45,7 @@ struct sae_data { enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state; u16 send_confirm; u8 pmk[SAE_PMK_LEN]; + u8 pmkid[SAE_PMKID_LEN]; struct crypto_bignum *peer_commit_scalar; int group; int sync; diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c index 747f1ae69..8150ff197 100644 --- a/wpa_supplicant/mesh_rsn.c +++ b/wpa_supplicant/mesh_rsn.c @@ -328,10 +328,7 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s, void mesh_rsn_get_pmkid(struct mesh_rsn *rsn, struct sta_info *sta, u8 *pmkid) { - /* don't expect wpa auth to cache the pmkid for now */ - rsn_pmkid(sta->sae->pmk, PMK_LEN, rsn->wpa_s->own_addr, - sta->addr, pmkid, - wpa_key_mgmt_sha256(wpa_auth_sta_key_mgmt(sta->wpa_sm))); + os_memcpy(pmkid, sta->sae->pmkid, SAE_PMKID_LEN); }