From 242c3ad990d2bd38178b59742a453aef0995c6a6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 21 Feb 2023 17:20:47 +0200 Subject: [PATCH] FT: Store PTKSA from FT protocol PTKSA was stored for the 4-way handshake and FILS cases, but not when it was being derived through the use of the FT protocol. Fixes: f2f8e4f45830 ("Add PTKSA cache to hostapd") Signed-off-by: Jouni Malinen --- src/ap/wpa_auth_ft.c | 6 ++++++ src/ap/wpa_auth_i.h | 3 +++ 2 files changed, 9 insertions(+) diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 2aa1d9180..35585cd95 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -35,6 +35,9 @@ const unsigned int ftRRBseqTimeout = 10; const unsigned int ftRRBmaxQueueLen = 100; +/* TODO: make these configurable */ +static const int dot11RSNAConfigPMKLifetime = 43200; + static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm, const u8 *current_ap, const u8 *sta_addr, @@ -2949,6 +2952,9 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry) /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ sm->pairwise_set = true; sm->tk_already_set = true; + + wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise, + dot11RSNAConfigPMKLifetime, &sm->PTK); } diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h index 273236961..d401550c7 100644 --- a/src/ap/wpa_auth_i.h +++ b/src/ap/wpa_auth_i.h @@ -296,6 +296,9 @@ int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth, int (*cb)(struct wpa_authenticator *a, void *ctx), void *cb_ctx); +void wpa_auth_store_ptksa(struct wpa_authenticator *wpa_auth, + const u8 *addr, int cipher, + u32 life_time, const struct wpa_ptk *ptk); #ifdef CONFIG_IEEE80211R_AP int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);