From bfc4569f89183c86b2ac3b0a16245a5e13387852 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 23 May 2020 21:24:01 +0300 Subject: [PATCH] wlantest: Store PMK-R0 length explicitly PMK-R0 is not of fixed length, so store its length explicitly. Signed-off-by: Jouni Malinen --- wlantest/rx_eapol.c | 14 +++++++++----- wlantest/rx_mgmt.c | 10 ++++++---- wlantest/wlantest.h | 3 ++- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c index 1cfdf8e9e..c80837ba7 100644 --- a/wlantest/rx_eapol.c +++ b/wlantest/rx_eapol.c @@ -1,6 +1,6 @@ /* * Received Data frame processing for EAPOL messages - * Copyright (c) 2010-2015, Jouni Malinen + * Copyright (c) 2010-2020, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -103,17 +103,21 @@ static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss, u8 pmk_r1[PMK_LEN]; u8 pmk_r1_name[WPA_PMK_NAME_LEN]; u8 ptk_name[WPA_PMK_NAME_LEN]; + int use_sha384 = wpa_key_mgmt_sha384(sta->key_mgmt); - if (wpa_derive_pmk_r0(pmk->pmk, PMK_LEN, + if (wpa_derive_pmk_r0(pmk->pmk, pmk->pmk_len, bss->ssid, bss->ssid_len, bss->mdid, bss->r0kh_id, bss->r0kh_id_len, sta->addr, sta->pmk_r0, sta->pmk_r0_name, - 0) < 0) + use_sha384) < 0) return -1; - wpa_hexdump(MSG_DEBUG, "FT: PMK-R0", sta->pmk_r0, PMK_LEN); + sta->pmk_r0_len = use_sha384 ? PMK_LEN_SUITE_B_192 : PMK_LEN; + wpa_hexdump(MSG_DEBUG, "FT: PMK-R0", sta->pmk_r0, + sta->pmk_r0_len); wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", sta->pmk_r0_name, WPA_PMK_NAME_LEN); - if (wpa_derive_pmk_r1(sta->pmk_r0, PMK_LEN, sta->pmk_r0_name, + if (wpa_derive_pmk_r1(sta->pmk_r0, sta->pmk_r0_len, + sta->pmk_r0_name, bss->r1kh_id, sta->addr, pmk_r1, pmk_r1_name) < 0) return -1; diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c index 62ed237b7..a2183a12f 100644 --- a/wlantest/rx_mgmt.c +++ b/wlantest/rx_mgmt.c @@ -274,14 +274,15 @@ static void process_ft_auth(struct wlantest *wt, struct wlantest_bss *bss, if (!old_sta) return; - os_memcpy(sta->pmk_r0, old_sta->pmk_r0, sizeof(sta->pmk_r0)); + os_memcpy(sta->pmk_r0, old_sta->pmk_r0, old_sta->pmk_r0_len); + sta->pmk_r0_len = old_sta->pmk_r0_len; os_memcpy(sta->pmk_r0_name, old_sta->pmk_r0_name, sizeof(sta->pmk_r0_name)); if (parse.r1kh_id) os_memcpy(bss->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN); - if (wpa_derive_pmk_r1(sta->pmk_r0, PMK_LEN, sta->pmk_r0_name, + if (wpa_derive_pmk_r1(sta->pmk_r0, sta->pmk_r0_len, sta->pmk_r0_name, bss->r1kh_id, sta->addr, pmk_r1, pmk_r1_name) < 0) return; wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN); @@ -1161,7 +1162,7 @@ static void rx_mgmt_action_ft_response(struct wlantest *wt, if (parse.r1kh_id) os_memcpy(bss->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN); - if (wpa_derive_pmk_r1(sta->pmk_r0, PMK_LEN, sta->pmk_r0_name, + if (wpa_derive_pmk_r1(sta->pmk_r0, sta->pmk_r0_len, sta->pmk_r0_name, bss->r1kh_id, sta->addr, pmk_r1, pmk_r1_name) < 0) return; wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name, WPA_PMK_NAME_LEN); @@ -1169,7 +1170,8 @@ static void rx_mgmt_action_ft_response(struct wlantest *wt, new_sta = sta_get(bss, sta->addr); if (!new_sta) return; - os_memcpy(new_sta->pmk_r0, sta->pmk_r0, sizeof(sta->pmk_r0)); + os_memcpy(new_sta->pmk_r0, sta->pmk_r0, sta->pmk_r0_len); + new_sta->pmk_r0_len = sta->pmk_r0_len; os_memcpy(new_sta->pmk_r0_name, sta->pmk_r0_name, sizeof(sta->pmk_r0_name)); if (!parse.fte_anonce || !parse.fte_snonce || diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h index 2c2712de8..4de2fe56b 100644 --- a/wlantest/wlantest.h +++ b/wlantest/wlantest.h @@ -72,7 +72,8 @@ struct wlantest_sta { int rsn_capab; u8 anonce[32]; /* ANonce from the previous EAPOL-Key msg 1/4 or 3/4 */ u8 snonce[32]; /* SNonce from the previous EAPOL-Key msg 2/4 */ - u8 pmk_r0[PMK_LEN]; + u8 pmk_r0[PMK_LEN_MAX]; + size_t pmk_r0_len; u8 pmk_r0_name[WPA_PMK_NAME_LEN]; struct wpa_ptk ptk; /* Derived PTK */ int ptk_set;