Fix PTK derivation for CCMP-256 and GCMP-256

Incorrect PTK length was used in PMK-to-PTK derivation and the Michael
MIC TX/RX key swapping code was incorrectly executed for these ciphers
on supplicant side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index cc64ff181cd871761c416ac9d13a3482870b583e..7d89edf45a83f6c4afa0ef940ab95efcc919e00d 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1813,7 +1813,7 @@ SM_STATE(WPA_PTK, PTKSTART)
 static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
                          struct wpa_ptk *ptk)
 {
-       size_t ptk_len = sm->pairwise != WPA_CIPHER_TKIP ? 48 : 64;
+       size_t ptk_len = wpa_cipher_key_len(sm->pairwise) + 32;
 #ifdef CONFIG_IEEE80211R
        if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
                return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index ba50263dd4eb3d9addc153a03200b8ed7a9f55d8..de86cdf653c3e2056e900bd4580d40c729085d14 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -362,7 +362,7 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
                          const struct wpa_eapol_key *key,
                          struct wpa_ptk *ptk)
 {
-       size_t ptk_len = sm->pairwise_cipher != WPA_CIPHER_TKIP ? 48 : 64;
+       size_t ptk_len = wpa_cipher_key_len(sm->pairwise_cipher) + 32;
 #ifdef CONFIG_IEEE80211R
        if (wpa_key_mgmt_ft(sm->key_mgmt))
                return wpa_derive_ptk_ft(sm, src_addr, key, ptk, ptk_len);
@@ -437,10 +437,12 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
         * been verified when processing message 3/4. */
        ptk = &sm->tptk;
        wpa_derive_ptk(sm, src_addr, key, ptk);
-       /* Supplicant: swap tx/rx Mic keys */
-       os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
-       os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
-       os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
+       if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
+               /* Supplicant: swap tx/rx Mic keys */
+               os_memcpy(buf, ptk->u.auth.tx_mic_key, 8);
+               os_memcpy(ptk->u.auth.tx_mic_key, ptk->u.auth.rx_mic_key, 8);
+               os_memcpy(ptk->u.auth.rx_mic_key, buf, 8);
+       }
        sm->tptk_set = 1;
 
        kde = sm->assoc_wpa_ie;