path: root/hostapd/wpa.c
diff options
authorJouni Malinen <jouni.malinen@atheros.com>2009-04-01 09:04:36 (GMT)
committerJouni Malinen <j@w1.fi>2009-04-01 09:04:36 (GMT)
commitc0a6190815ce37450fc348d4d09b2a0153478fc0 (patch)
treefde0953e0c4a7c54a29e76f8e45ee39ae88c4147 /hostapd/wpa.c
parentd61f48ba1da01ed501026e5fa1b6bfefa6d5c93a (diff)
Fix SHA-256-based KDF when using CCMP as the pairwise cipher
IEEE 802.11r KDF uses key length in the derivation and as such, the PTK length must be specified correctly. The previous version was deriving using 512-bit PTK regardless of the negotiated cipher suite; this works for TKIP, but not for CCMP. Update the code to use proper PTK length based on the pairwise cipher. This fixed PTK derivation for both IEEE 802.11r and IEEE 802.11w (when using AKMP that specifies SHA-256-based key derivation). The fixed version does not interoperate with the previous versions. [Bug 307]
Diffstat (limited to 'hostapd/wpa.c')
1 files changed, 3 insertions, 2 deletions
diff --git a/hostapd/wpa.c b/hostapd/wpa.c
index d88f621..64bc6b3 100644
--- a/hostapd/wpa.c
+++ b/hostapd/wpa.c
@@ -1405,14 +1405,15 @@ SM_STATE(WPA_PTK, PTKSTART)
static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *pmk,
struct wpa_ptk *ptk)
+ size_t ptk_len = sm->pairwise == WPA_CIPHER_CCMP ? 48 : 64;
#ifdef CONFIG_IEEE80211R
if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
- return wpa_auth_derive_ptk_ft(sm, pmk, ptk);
+ return wpa_auth_derive_ptk_ft(sm, pmk, ptk, ptk_len);
#endif /* CONFIG_IEEE80211R */
wpa_pmk_to_ptk(pmk, PMK_LEN, "Pairwise key expansion",
sm->wpa_auth->addr, sm->addr, sm->ANonce, sm->SNonce,
- (u8 *) ptk, sizeof(*ptk),
+ (u8 *) ptk, ptk_len,
return 0;