Clear PMK length and check for this when deriving PTK

Instead of setting the default PMK length for the cleared PMK, set the
length to 0 and explicitly check for this when deriving PTK to avoid
unexpected key derivation with an all-zeroes key should it be possible
to somehow trigger PTK derivation to happen before PMK derivation.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 90fdf0a275fd514ba2dd3356494ee14a6de065cd..f61a9088a2974d084f294b4daea276670bb71d8d 100644 (file)
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -241,6 +241,11 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
        u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
        size_t ptk_len;
 
+       if (pmk_len == 0) {
+               wpa_printf(MSG_ERROR, "WPA: No PMK set for PT derivation");
+               return -1;
+       }
+
        if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
                os_memcpy(data, addr1, ETH_ALEN);
                os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index f8449084e53ad66dba9ddc7da02ae806d9775fef..0e1674e84391959259d45cbb376c43625c0139f0 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -585,7 +585,8 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
        /* Calculate PTK which will be stored as a temporary PTK until it has
         * been verified when processing message 3/4. */
        ptk = &sm->tptk;
-       wpa_derive_ptk(sm, src_addr, key, ptk);
+       if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
+               goto failed;
        if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
                u8 buf[8];
                /* Supplicant: swap tx/rx Mic keys */
@@ -2659,8 +2660,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
                os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
        } else {
                wpa_printf(MSG_DEBUG, "WPA: No current PMKSA - clear PMK");
-               sm->pmk_len = PMK_LEN;
-               os_memset(sm->pmk, 0, PMK_LEN);
+               sm->pmk_len = 0;
+               os_memset(sm->pmk, 0, PMK_LEN_MAX);
        }
 }