FILS: Fix KEK2 derivation for FILS+FT

The offset update for copying KEK2 from the extended PTK was overriding
the offset instead of incrementing it (a likely copy-paste error from
the first offset assignment based on KCK). This resulted in KEK2 being
set to incorrect segment of PTK. Fix this by updating the offset
properly so that KEK2 is copied from the correct place at the end of the
PTK.

Fixes: 2f37387812 ("FILS: Add more complete support for FT-FILS use cases")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2019-03-20 22:26:56 +02:00
parent bf84e78cbc
commit 130444738b

View File

@ -1791,7 +1791,7 @@ int wpa_pmk_r1_to_ptk(const u8 *pmk_r1, size_t pmk_r1_len,
os_memcpy(ptk->tk, tmp + offset, ptk->tk_len); os_memcpy(ptk->tk, tmp + offset, ptk->tk_len);
offset += ptk->tk_len; offset += ptk->tk_len;
os_memcpy(ptk->kck2, tmp + offset, ptk->kck2_len); os_memcpy(ptk->kck2, tmp + offset, ptk->kck2_len);
offset = ptk->kck2_len; offset += ptk->kck2_len;
os_memcpy(ptk->kek2, tmp + offset, ptk->kek2_len); os_memcpy(ptk->kek2, tmp + offset, ptk->kek2_len);
wpa_hexdump_key(MSG_DEBUG, "FT: KCK", ptk->kck, ptk->kck_len); wpa_hexdump_key(MSG_DEBUG, "FT: KCK", ptk->kck, ptk->kck_len);