FILS: Fix PMK length for initial connection with FILS SHA384 AKM

While the FILS authentication cases were already using the proper PMK length (48 octets instead of the old hardcoded 32 octet), the initial association case had not yet been updated to cover the new FILS SHA384 AKM and ended up using only a 32-octet PMK. Fix that to use 48-octet PMK when using FILS SHA384 AKM. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-02-16 21:18:18 +02:00 · 2017-02-16 21:18:18 +02:00 · 834c5d6816
parent e491389ebc
commit 834c5d6816
2 changed files with 3 additions and 3 deletions
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -1925,7 +1925,7 @@ SM_STATE(WPA_PTK, INITPMK)
 	} else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
 		unsigned int pmk_len;
-		if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
+		if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
 			pmk_len = PMK_LEN_SUITE_B_192;
 		else
 			pmk_len = PMK_LEN;
@ -3775,7 +3775,7 @@ int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
 	    sm->wpa_auth->conf.disable_pmksa_caching)
 		return -1;
-	if (sm->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+	if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) {
 		if (pmk_len > PMK_LEN_SUITE_B_192)
 			pmk_len = PMK_LEN_SUITE_B_192;
 	} else if (pmk_len > PMK_LEN) {
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@ -288,7 +288,7 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
 	} else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
 		int res, pmk_len;
-		if (sm->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
+		if (wpa_key_mgmt_sha384(sm->key_mgmt))
 			pmk_len = PMK_LEN_SUITE_B_192;
 		else
 			pmk_len = PMK_LEN;