From 47b55a3ef59d9363bbd624e8b5aa714467111743 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 30 Dec 2012 22:35:59 +0200 Subject: [PATCH] SAE: Use PMK in 4-way handshake Use the PMK that is derived as part of the SAE authentication in the 4-way handshake instead of the PSK. Signed-hostap: Jouni Malinen --- src/ap/wpa_auth_glue.c | 15 +++++++++++++-- wpa_supplicant/sme.c | 4 ++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index 76c61ea18..fdaaaff5a 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -1,6 +1,6 @@ /* * hostapd / WPA authenticator glue code - * Copyright (c) 2002-2011, Jouni Malinen + * Copyright (c) 2002-2012, Jouni Malinen * * This software may be distributed under the terms of the BSD license. * See README for more details. @@ -10,6 +10,7 @@ #include "utils/common.h" #include "common/ieee802_11_defs.h" +#include "common/sae.h" #include "eapol_auth/eapol_auth_sm.h" #include "eapol_auth/eapol_auth_sm_i.h" #include "eap_server/eap.h" @@ -184,7 +185,17 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr, { struct hostapd_data *hapd = ctx; struct sta_info *sta = ap_get_sta(hapd, addr); - const u8 *psk = hostapd_get_psk(hapd->conf, addr, prev_psk); + const u8 *psk; + +#ifdef CONFIG_SAE + if (sta && sta->auth_alg == WLAN_AUTH_SAE) { + if (!sta->sae || prev_psk) + return NULL; + return sta->sae->pmk; + } +#endif /* CONFIG_SAE */ + + psk = hostapd_get_psk(hapd->conf, addr, prev_psk); /* * This is about to iterate over all psks, prev_psk gives the last * returned psk which should not be returned again. diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index 870313dae..043a0a773 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -488,6 +488,10 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data) } if (res != 1) return; + + wpa_printf(MSG_DEBUG, "SME: SAE completed - setting PMK for " + "4-way handshake"); + wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, PMK_LEN); } #endif /* CONFIG_SAE */