FT: Include KDK in FT specific PTK derivation on the AP

FT AP was silently ignoring EAPOL-Key msg 2/4 due to Key MIC mismatch
when the STA advertises support for Secure LTF and derives the KDK while
the AP implementation did not derive KDK.

Fix this to include KDK while deriving PTK for FT cases on the AP.

Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
This commit is contained in:
Shiva Sankar Gajula 2023-02-21 09:39:35 +05:30 committed by Jouni Malinen
parent 870a5bdc07
commit 3b1ad1334a
3 changed files with 5 additions and 4 deletions

View file

@ -2394,7 +2394,8 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
sm->pairwise, kdk_len);
} else {
ret = wpa_auth_derive_ptk_ft(sm, ptk, pmk_r0, pmk_r1,
pmk_r0_name, key_len);
pmk_r0_name, key_len,
kdk_len);
}
if (ret) {
wpa_printf(MSG_ERROR, "FT: PTK derivation failed");

View file

@ -2111,7 +2111,7 @@ int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
u8 *pmk_r0, u8 *pmk_r1, u8 *pmk_r0_name,
size_t *key_len)
size_t *key_len, size_t kdk_len)
{
size_t pmk_r0_len, pmk_r1_len;
u8 ptk_name[WPA_PMK_NAME_LEN];
@ -2158,7 +2158,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise,
0);
kdk_len);
}

View file

@ -306,7 +306,7 @@ int wpa_write_ftie(struct wpa_auth_config *conf, int key_mgmt, size_t key_len,
size_t subelem_len, int rsnxe_used);
int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
u8 *pmk_r0, u8 *pmk_r1, u8 *pmk_r0_name,
size_t *key_len);
size_t *key_len, size_t kdk_len);
void wpa_auth_ft_store_keys(struct wpa_state_machine *sm, const u8 *pmk_r0,
const u8 *pmk_r1, const u8 *pmk_r0_name,
size_t key_len);