From 9f12271b2a5900869da196c9221f7430607858f8 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Mon, 4 Jun 2018 15:16:54 +0300 Subject: [PATCH] FT: XXKey derivation for SHA384-based AKM XXKey is the first 384 bits of MSK when using the SHA384-based FT AKM. Signed-off-by: Jouni Malinen --- src/ap/wpa_auth.c | 11 ++++++++--- src/rsn_supp/wpa.c | 11 +++++++++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 0cf57b8d7..ff00b2813 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1,6 +1,6 @@ /* * IEEE 802.11 RSN / WPA Authenticator - * Copyright (c) 2004-2015, Jouni Malinen + * Copyright (c) 2004-2018, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -1949,8 +1949,13 @@ SM_STATE(WPA_PTK, INITPMK) sm->pmk_len = pmk_len; #ifdef CONFIG_IEEE80211R_AP if (len >= 2 * PMK_LEN) { - os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); - sm->xxkey_len = PMK_LEN; + if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt)) { + os_memcpy(sm->xxkey, msk, SHA384_MAC_LEN); + sm->xxkey_len = SHA384_MAC_LEN; + } else { + os_memcpy(sm->xxkey, msk + PMK_LEN, PMK_LEN); + sm->xxkey_len = PMK_LEN; + } } #endif /* CONFIG_IEEE80211R_AP */ } else { diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index da597e90f..226cafaf6 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -323,8 +323,15 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm, u8 buf[2 * PMK_LEN]; if (eapol_sm_get_key(sm->eapol, buf, 2 * PMK_LEN) == 0) { - os_memcpy(sm->xxkey, buf + PMK_LEN, PMK_LEN); - sm->xxkey_len = PMK_LEN; + if (wpa_key_mgmt_sha384(sm->key_mgmt)) { + os_memcpy(sm->xxkey, buf, + SHA384_MAC_LEN); + sm->xxkey_len = SHA384_MAC_LEN; + } else { + os_memcpy(sm->xxkey, buf + PMK_LEN, + PMK_LEN); + sm->xxkey_len = PMK_LEN; + } os_memset(buf, 0, sizeof(buf)); } #endif /* CONFIG_IEEE80211R */