From 06b1a1043427778b82374fc63e540a264e12d82d Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Sun, 8 Apr 2018 19:55:52 +0300
Subject: [PATCH] SAE: Fix default PMK configuration for PMKSA caching case

The RSN supplicant state machine PMK was set based on WPA PSK even for
the cases where SAE would be used. If the AP allows PMKSA caching to be
used with SAE, but does not indicate the selected PMKID explicitly in
EAPOL-Key msg 1/4, this could result in trying to use the PSK instead of
SAE PMK. Fix this by not setting the WPA-PSK as default PMK for SAE
network profiles and instead, configuring the PMK explicitly from the
found PMKSA cache entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 wpa_supplicant/sme.c            |  1 +
 wpa_supplicant/wpa_supplicant.c | 15 +++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index b4b1c6429..460e4e6a7 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -551,6 +551,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 				    NULL) == 0) {
 		wpa_dbg(wpa_s, MSG_DEBUG,
 			"PMKSA cache entry found - try to use PMKSA caching instead of new SAE authentication");
+		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
 		params.auth_alg = WPA_AUTH_ALG_OPEN;
 		wpa_s->sme.sae_pmksa_caching = 1;
 	}
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index c0922d39e..9808640ea 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1466,8 +1466,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 
 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
 		int psk_set = 0;
+		int sae_only;
 
-		if (ssid->psk_set) {
+		sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
+					      WPA_KEY_MGMT_FT_PSK |
+					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
+
+		if (ssid->psk_set && !sae_only) {
 			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
 					ssid->psk, PMK_LEN);
 			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
@@ -1475,12 +1480,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 			psk_set = 1;
 		}
 
-		if (wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password)
+		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
+		    (ssid->sae_password || ssid->passphrase))
 			psk_set = 1;
 
 #ifndef CONFIG_NO_PBKDF2
 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
-		    ssid->passphrase) {
+		    ssid->passphrase && !sae_only) {
 			u8 psk[PMK_LEN];
 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
 				    4096, psk, PMK_LEN);
@@ -1492,7 +1498,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 		}
 #endif /* CONFIG_NO_PBKDF2 */
 #ifdef CONFIG_EXT_PASSWORD
-		if (ssid->ext_psk) {
+		if (ssid->ext_psk && !sae_only) {
 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
 							     ssid->ext_psk);
 			char pw_str[64 + 1];
@@ -1561,6 +1567,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 		if (!psk_set) {
 			wpa_msg(wpa_s, MSG_INFO,
 				"No PSK available for association");
+			wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
 			return -1;
 		}
 #ifdef CONFIG_OWE