]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a7968ea)
FT: Add support for variable length PMK-R1 receiving in RRB
authorJouni Malinen <j@w1.fi>
Mon, 4 Jun 2018 12:16:54 +0000 (15:16 +0300)
committerJouni Malinen <j@w1.fi>
Tue, 5 Jun 2018 17:16:37 +0000 (20:16 +0300)
SHA384-based FT AKM uses longer keys, so the RRB receive processing for
push and pull response messages needs to be able to accept variable
length PMK-R1.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/ap/wpa_auth_ft.c patch | blob | blame | history

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 586d0a6b8dd16bcbcc1f2906a715fb3a970139b6..2fa85bbd8d28d1312edbf184bffcb312b8a6b367 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -3578,6 +3578,7 @@ static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
        int expires_in;
        int session_timeout;
        struct vlan_description vlan;
+       size_t pmk_r1_len;
 
        RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
        wpa_hexdump(MSG_DEBUG, "FT: R0KH-ID", f_r0kh_id, f_r0kh_id_len);
@@ -3656,8 +3657,13 @@ static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
        wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
                    f_pmk_r1_name, WPA_PMK_NAME_LEN);
 
-       RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, PMK_LEN);
-       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, PMK_LEN);
+       pmk_r1_len = PMK_LEN;
+       if (wpa_ft_rrb_get_tlv(plain, plain_len, FT_RRB_PMK_R1, &f_pmk_r1_len,
+                              &f_pmk_r1) == 0 &&
+           (f_pmk_r1_len == PMK_LEN || f_pmk_r1_len == SHA384_MAC_LEN))
+               pmk_r1_len = f_pmk_r1_len;
+       RRB_GET(FT_RRB_PMK_R1, pmk_r1, msgtype, pmk_r1_len);
+       wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", f_pmk_r1, pmk_r1_len);
 
        pairwise = WPA_GET_LE16(f_pairwise);
 
@@ -3698,7 +3704,7 @@ static int wpa_ft_rrb_rx_r1(struct wpa_authenticator *wpa_auth,
                session_timeout = 0;
        wpa_printf(MSG_DEBUG, "FT: session_timeout %d", session_timeout);
 
-       if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, PMK_LEN,
+       if (wpa_ft_store_pmk_r1(wpa_auth, f_s1kh_id, f_pmk_r1, pmk_r1_len,
                                f_pmk_r1_name,
                                pairwise, &vlan, expires_in, session_timeout,
                                f_identity, f_identity_len, f_radius_cui,
Unnamed repository; edit this file 'description' to name the repository.