FT: XXKey derivation for SHA384-based AKM

XXKey is the first 384 bits of MSK when using the SHA384-based FT AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2018-06-04 15:16:54 +03:00
parent a3e18dbb6a
commit 9f12271b2a
2 changed files with 17 additions and 5 deletions

View file

@ -1,6 +1,6 @@
/* /*
* IEEE 802.11 RSN / WPA Authenticator * IEEE 802.11 RSN / WPA Authenticator
* Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
* *
* This software may be distributed under the terms of the BSD license. * This software may be distributed under the terms of the BSD license.
* See README for more details. * See README for more details.
@ -1949,9 +1949,14 @@ SM_STATE(WPA_PTK, INITPMK)
sm->pmk_len = pmk_len; sm->pmk_len = pmk_len;
#ifdef CONFIG_IEEE80211R_AP #ifdef CONFIG_IEEE80211R_AP
if (len >= 2 * PMK_LEN) { if (len >= 2 * PMK_LEN) {
if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
os_memcpy(sm->xxkey, msk, SHA384_MAC_LEN);
sm->xxkey_len = SHA384_MAC_LEN;
} else {
os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN);
sm->xxkey_len = PMK_LEN; sm->xxkey_len = PMK_LEN;
} }
}
#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_IEEE80211R_AP */
} else { } else {
wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p", wpa_printf(MSG_DEBUG, "WPA: Could not get PMK, get_msk: %p",

View file

@ -323,8 +323,15 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
u8 buf[2 * PMK_LEN]; u8 buf[2 * PMK_LEN];
if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0)
{ {
os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); if (wpa_key_mgmt_sha384(sm->key_mgmt)) {
os_memcpy(sm->xxkey, buf,
SHA384_MAC_LEN);
sm->xxkey_len = SHA384_MAC_LEN;
} else {
os_memcpy(sm->xxkey, buf + PMK_LEN,
PMK_LEN);
sm->xxkey_len = PMK_LEN; sm->xxkey_len = PMK_LEN;
}
os_memset(buf, 0, sizeof(buf)); os_memset(buf, 0, sizeof(buf));
} }
#endif /* CONFIG_IEEE80211R */ #endif /* CONFIG_IEEE80211R */