From 834c5d6816f74909a8a437b5a6ac1e29dd5aee2e Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 16 Feb 2017 21:18:18 +0200 Subject: [PATCH] FILS: Fix PMK length for initial connection with FILS SHA384 AKM While the FILS authentication cases were already using the proper PMK length (48 octets instead of the old hardcoded 32 octet), the initial association case had not yet been updated to cover the new FILS SHA384 AKM and ended up using only a 32-octet PMK. Fix that to use 48-octet PMK when using FILS SHA384 AKM. Signed-off-by: Jouni Malinen --- src/ap/wpa_auth.c | 4 ++-- src/rsn_supp/wpa.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 5dcf1e3d2..7b26c04cd 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1925,7 +1925,7 @@ SM_STATE(WPA_PTK, INITPMK) } else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) { unsigned int pmk_len; - if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) + if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) pmk_len = PMK_LEN_SUITE_B_192; else pmk_len = PMK_LEN; @@ -3775,7 +3775,7 @@ int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, sm->wpa_auth->conf.disable_pmksa_caching) return -1; - if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) { + if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) { if (pmk_len > PMK_LEN_SUITE_B_192) pmk_len = PMK_LEN_SUITE_B_192; } else if (pmk_len > PMK_LEN) { diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 9c8ed6cb1..a95c794ac 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -288,7 +288,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm, } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { int res, pmk_len; - if (sm->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) + if (wpa_key_mgmt_sha384(sm->key_mgmt)) pmk_len = PMK_LEN_SUITE_B_192; else pmk_len = PMK_LEN;