aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2017-10-08 10:18:02 (GMT)
committerJouni Malinen <j@w1.fi>2017-10-15 23:03:47 (GMT)
commitb488a12948751f57871f09baa345e59b23959a41 (patch)
tree59582304723480f7201ea0dcd7942aa3c54056e1
parent00583ef11111576916ddaf5b0de4265bedf7fe2e (diff)
downloadhostap-b488a12948751f57871f09baa345e59b23959a41.zip
hostap-b488a12948751f57871f09baa345e59b23959a41.tar.gz
hostap-b488a12948751f57871f09baa345e59b23959a41.tar.bz2
Clear PMK length and check for this when deriving PTK
Instead of setting the default PMK length for the cleared PMK, set the length to 0 and explicitly check for this when deriving PTK to avoid unexpected key derivation with an all-zeroes key should it be possible to somehow trigger PTK derivation to happen before PMK derivation. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--src/common/wpa_common.c5
-rw-r--r--src/rsn_supp/wpa.c7
2 files changed, 9 insertions, 3 deletions
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index 90fdf0a..f61a908 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -241,6 +241,11 @@ int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN];
size_t ptk_len;
+ if (pmk_len == 0) {
+ wpa_printf(MSG_ERROR, "WPA: No PMK set for PT derivation");
+ return -1;
+ }
+
if (os_memcmp(addr1, addr2, ETH_ALEN) < 0) {
os_memcpy(data, addr1, ETH_ALEN);
os_memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index f844908..0e1674e 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -585,7 +585,8 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
/* Calculate PTK which will be stored as a temporary PTK until it has
* been verified when processing message 3/4. */
ptk = &sm->tptk;
- wpa_derive_ptk(sm, src_addr, key, ptk);
+ if (wpa_derive_ptk(sm, src_addr, key, ptk) < 0)
+ goto failed;
if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
u8 buf[8];
/* Supplicant: swap tx/rx Mic keys */
@@ -2659,8 +2660,8 @@ void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm)
os_memcpy(sm->pmk, sm->cur_pmksa->pmk, sm->pmk_len);
} else {
wpa_printf(MSG_DEBUG, "WPA: No current PMKSA - clear PMK");
- sm->pmk_len = PMK_LEN;
- os_memset(sm->pmk, 0, PMK_LEN);
+ sm->pmk_len = 0;
+ os_memset(sm->pmk, 0, PMK_LEN_MAX);
}
}