From 130444738beab4ddfe9be2d3a232706eb91557c6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 20 Mar 2019 22:26:56 +0200 Subject: [PATCH] FILS: Fix KEK2 derivation for FILS+FT The offset update for copying KEK2 from the extended PTK was overriding the offset instead of incrementing it (a likely copy-paste error from the first offset assignment based on KCK). This resulted in KEK2 being set to incorrect segment of PTK. Fix this by updating the offset properly so that KEK2 is copied from the correct place at the end of the PTK. Fixes: 2f37387812a5 ("FILS: Add more complete support for FT-FILS use cases") Signed-off-by: Jouni Malinen --- src/common/wpa_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 2c5b2eba2..ed2d1c2a0 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -1791,7 +1791,7 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len, os_memcpy(ptk->tk, tmp + offset, ptk->tk_len); offset += ptk->tk_len; os_memcpy(ptk->kck2, tmp + offset, ptk->kck2_len); - offset = ptk->kck2_len; + offset += ptk->kck2_len; os_memcpy(ptk->kek2, tmp + offset, ptk->kek2_len); wpa_hexdump_key(MSG_DEBUG, "FT: KCK", ptk->kck, ptk->kck_len); -- 2.39.2