[PATCH 1/2] mesh: fix pmkid to match the standard

Bob Copeland <me@xxxxxxxxxxxxxxx> · Sat, 26 Dec 2015 21:20:51 -0500

802.11-2012 11.3.5.4 specifies the PMKID for SAE-derived keys as:

   L((commit-scalar + peer-commit-scalar) mod r, 0, 128)

This is already calculated in the SAE code when the PMK is derived,
but not saved anywhere.  Later, when generating the PMKID for plink
action frames, the definition for PMKID from 11.6.1.3 is incorrectly
used.  Correct this by saving the PMKID when the key is generated
and use it subsequently.

Signed-off-by: Bob Copeland <me@xxxxxxxxxxxxxxx>
---
 src/common/sae.c          | 1 +
 src/common/sae.h          | 1 +
 wpa_supplicant/mesh_rsn.c | 5 +----
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/common/sae.c b/src/common/sae.c
index b962ea227434..6c00a7e380b7 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -816,6 +816,7 @@ static int sae_derive_keys(struct sae_data *sae, const u8 *k)
 	os_memset(keyseed, 0, sizeof(keyseed));
 	os_memcpy(sae->tmp->kck, keys, SAE_KCK_LEN);
 	os_memcpy(sae->pmk, keys + SAE_KCK_LEN, SAE_PMK_LEN);
+	os_memcpy(sae->pmkid, val, SAE_PMKID_LEN);
 	os_memset(keys, 0, sizeof(keys));
 	wpa_hexdump_key(MSG_DEBUG, "SAE: KCK", sae->tmp->kck, SAE_KCK_LEN);
 	wpa_hexdump_key(MSG_DEBUG, "SAE: PMK", sae->pmk, SAE_PMK_LEN);
diff --git a/src/common/sae.h b/src/common/sae.h
index c07026cd497c..a4270bc22d14 100644
--- a/src/common/sae.h
+++ b/src/common/sae.h
@@ -45,6 +45,7 @@ struct sae_data {
 	enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state;
 	u16 send_confirm;
 	u8 pmk[SAE_PMK_LEN];
+	u8 pmkid[SAE_PMKID_LEN];
 	struct crypto_bignum *peer_commit_scalar;
 	int group;
 	int sync;
diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index 747f1ae6968b..8150ff197be2 100644
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -328,10 +328,7 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
 
 void mesh_rsn_get_pmkid(struct mesh_rsn *rsn, struct sta_info *sta, u8 *pmkid)
 {
-	/* don't expect wpa auth to cache the pmkid for now */
-	rsn_pmkid(sta->sae->pmk, PMK_LEN, rsn->wpa_s->own_addr,
-		  sta->addr, pmkid,
-		  wpa_key_mgmt_sha256(wpa_auth_sta_key_mgmt(sta->wpa_sm)));
+	os_memcpy(pmkid, sta->sae->pmkid, SAE_PMKID_LEN);
 }
 
 
-- 
2.6.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






