mesh: Fix PMKID to match the standard

IEEE Std 802.11-2012 11.3.5.4 specifies the PMKID for SAE-derived keys
as:

   L((commit-scalar + peer-commit-scalar) mod r, 0, 128)

This is already calculated in the SAE code when the PMK is derived, but
not saved anywhere. Later, when generating the PMKID for plink action
frames, the definition for PMKID from 11.6.1.3 is incorrectly used.
Correct this by saving the PMKID when the key is generated and use it
subsequently.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
This commit is contained in:
Bob Copeland 2015-12-26 21:20:51 -05:00 committed by Jouni Malinen
parent ede7770180
commit 6c33eed3ee
3 changed files with 3 additions and 4 deletions

View file

@ -816,6 +816,7 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
os_memset(keyseed, 0, sizeof(keyseed)); os_memset(keyseed, 0, sizeof(keyseed));
os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN); os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN);
os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN); os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN);
os_memcpy(sae->pmkid, val, SAE_PMKID_LEN);
os_memset(keys, 0, sizeof(keys)); os_memset(keys, 0, sizeof(keys));
wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN); wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN);
wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN); wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN);

View file

@ -45,6 +45,7 @@ struct sae_data {
enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state; enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state;
u16 send_confirm; u16 send_confirm;
u8 pmk[SAE_PMK_LEN]; u8 pmk[SAE_PMK_LEN];
u8 pmkid[SAE_PMKID_LEN];
struct crypto_bignum *peer_commit_scalar; struct crypto_bignum *peer_commit_scalar;
int group; int group;
int sync; int sync;

View file

@ -328,10 +328,7 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
void mesh_rsn_get_pmkid(struct mesh_rsn *rsn, struct sta_info *sta, u8 *pmkid) void mesh_rsn_get_pmkid(struct mesh_rsn *rsn, struct sta_info *sta, u8 *pmkid)
{ {
/* don't expect wpa auth to cache the pmkid for now */ os_memcpy(pmkid, sta->sae->pmkid, SAE_PMKID_LEN);
rsn_pmkid(sta->sae->pmk, PMK_LEN, rsn->wpa_s->own_addr,
sta->addr, pmkid,
wpa_key_mgmt_sha256(wpa_auth_sta_key_mgmt(sta->wpa_sm)));
} }