From: Jouni Malinen Date: Wed, 20 Mar 2019 20:26:56 +0000 (+0200) Subject: FILS: Fix KEK2 derivation for FILS+FT X-Git-Tag: hostap_2_8~170 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=130444738beab4ddfe9be2d3a232706eb91557c6;p=thirdparty%2Fhostap.git FILS: Fix KEK2 derivation for FILS+FT The offset update for copying KEK2 from the extended PTK was overriding the offset instead of incrementing it (a likely copy-paste error from the first offset assignment based on KCK). This resulted in KEK2 being set to incorrect segment of PTK. Fix this by updating the offset properly so that KEK2 is copied from the correct place at the end of the PTK. Fixes: 2f37387812a5 ("FILS: Add more complete support for FT-FILS use cases") Signed-off-by: Jouni Malinen --- diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 2c5b2eba2..ed2d1c2a0 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -1791,7 +1791,7 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len, os_memcpy(ptk->tk, tmp + offset, ptk->tk_len); offset += ptk->tk_len; os_memcpy(ptk->kck2, tmp + offset, ptk->kck2_len); - offset = ptk->kck2_len; + offset += ptk->kck2_len; os_memcpy(ptk->kek2, tmp + offset, ptk->kek2_len); wpa_hexdump_key(MSG_DEBUG, "FT: KCK", ptk->kck, ptk->kck_len);