From 0c46b1a516601c3f7720e3cc794911ae2d415a6a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 28 Apr 2019 15:50:51 +0300 Subject: [PATCH] FT: Allow cached XXKey/MPMK to be used if new XXKey is not available This allows supplicant side to complete FT initial mobility domain association using FT-EAP with PMKSA caching. Signed-off-by: Jouni Malinen --- src/rsn_supp/wpa_ft.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 7dcb1043b..41592511e 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -18,6 +18,7 @@ #include "drivers/driver.h" #include "wpa.h" #include "wpa_i.h" +#include "pmksa_cache.h" #ifdef CONFIG_IEEE80211R @@ -27,15 +28,23 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr, u8 ptk_name[WPA_PMK_NAME_LEN]; const u8 *anonce = key->key_nonce; int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt); + const u8 *mpmk; + size_t mpmk_len; - if (sm->xxkey_len == 0) { + if (sm->xxkey_len > 0) { + mpmk = sm->xxkey; + mpmk_len = sm->xxkey_len; + } else if (sm->cur_pmksa) { + mpmk = sm->cur_pmksa->pmk; + mpmk_len = sm->cur_pmksa->pmk_len; + } else { wpa_printf(MSG_DEBUG, "FT: XXKey not available for key " "derivation"); return -1; } sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN; - if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, sm->ssid, + if (wpa_derive_pmk_r0(mpmk, mpmk_len, sm->ssid, sm->ssid_len, sm->mobility_domain, sm->r0kh_id, sm->r0kh_id_len, sm->own_addr, sm->pmk_r0, sm->pmk_r0_name, use_sha384) < 0)