mesh: Fix PMKID to match the standard

IEEE Std 802.11-2012 11.3.5.4 specifies the PMKID for SAE-derived keys
as:

   L((commit-scalar + peer-commit-scalar) mod r, 0, 128)

This is already calculated in the SAE code when the PMK is derived, but
not saved anywhere. Later, when generating the PMKID for plink action
frames, the definition for PMKID from 11.6.1.3 is incorrectly used.
Correct this by saving the PMKID when the key is generated and use it
subsequently.

Signed-off-by: Bob Copeland <me@bobcopeland.com>

diff --git a/src/common/sae.c b/src/common/sae.c
index b962ea227434c4885ea08cbaa28adb78f4b4524c..6c00a7e380b7dadf75632014d263d97fb01d1a3d 100644 (file)
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -816,6 +816,7 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
        os_memset(keyseed, 0, sizeof(keyseed));
        os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN);
        os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN);
+       os_memcpy(sae->pmkid, val, SAE_PMKID_LEN);
        os_memset(keys, 0, sizeof(keys));
        wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN);
        wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN);

diff --git a/src/common/sae.h b/src/common/sae.h
index c07026cd497ccaa2de1cb0643776131d39ec102d..a4270bc22d14a015d440795cf3c636db950cc8c5 100644 (file)
--- a/src/common/sae.h
+++ b/src/common/sae.h
@@ -45,6 +45,7 @@ struct sae_data {
        enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state;
        u16 send_confirm;
        u8 pmk[SAE_PMK_LEN];
+       u8 pmkid[SAE_PMKID_LEN];
        struct crypto_bignum *peer_commit_scalar;
        int group;
        int sync;

diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index 747f1ae6968b4e5d08083a011898bc68604d3da7..8150ff197be2d336d18c001f6f6ee6a233adb9c9 100644 (file)
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -328,10 +328,7 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
 
 void mesh_rsn_get_pmkid(struct mesh_rsn *rsn, struct sta_info *sta, u8 *pmkid)
 {
-       /* don't expect wpa auth to cache the pmkid for now */
-       rsn_pmkid(sta->sae->pmk, PMK_LEN, rsn->wpa_s->own_addr,
-                 sta->addr, pmkid,
-                 wpa_key_mgmt_sha256(wpa_auth_sta_key_mgmt(sta->wpa_sm)));
+       os_memcpy(pmkid, sta->sae->pmkid, SAE_PMKID_LEN);
 }