FILS: Fix PMK length for initial connection with FILS SHA384 AKM

While the FILS authentication cases were already using the proper PMK
length (48 octets instead of the old hardcoded 32 octet), the initial
association case had not yet been updated to cover the new FILS SHA384
AKM and ended up using only a 32-octet PMK. Fix that to use 48-octet PMK
when using FILS SHA384 AKM.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-02-16 21:18:18 +02:00 committed by Jouni Malinen
parent e491389ebc
commit 834c5d6816
2 changed files with 3 additions and 3 deletions

View file

@ -1925,7 +1925,7 @@ SM_STATE(WPA_PTK, INITPMK)
} else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) { } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
unsigned int pmk_len; unsigned int pmk_len;
if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
pmk_len = PMK_LEN_SUITE_B_192; pmk_len = PMK_LEN_SUITE_B_192;
else else
pmk_len = PMK_LEN; pmk_len = PMK_LEN;
@ -3775,7 +3775,7 @@ int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
sm->wpa_auth->conf.disable_pmksa_caching) sm->wpa_auth->conf.disable_pmksa_caching)
return -1; return -1;
if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
if (pmk_len > PMK_LEN_SUITE_B_192) if (pmk_len > PMK_LEN_SUITE_B_192)
pmk_len = PMK_LEN_SUITE_B_192; pmk_len = PMK_LEN_SUITE_B_192;
} else if (pmk_len > PMK_LEN) { } else if (pmk_len > PMK_LEN) {

View file

@ -288,7 +288,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
int res, pmk_len; int res, pmk_len;
if (sm->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) if (wpa_key_mgmt_sha384(sm->key_mgmt))
pmk_len = PMK_LEN_SUITE_B_192; pmk_len = PMK_LEN_SUITE_B_192;
else else
pmk_len = PMK_LEN; pmk_len = PMK_LEN;