From da24c5aa1c4768785cfaf395225720e7d148c883 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 9 Sep 2015 19:32:44 +0300 Subject: [PATCH] FILS: Set TK after association (AP) Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 12 ++++++++++++ src/ap/wpa_auth.c | 25 ++++++++++++++++++++++++- src/ap/wpa_auth.h | 1 + 3 files changed, 37 insertions(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 5d276bf83..4aa1f7f80 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -3258,6 +3258,18 @@ static void handle_assoc_cb(struct hostapd_data *hapd, hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); +#ifdef CONFIG_FILS + if ((sta->auth_alg == WLAN_AUTH_FILS_SK || + sta->auth_alg == WLAN_AUTH_FILS_SK_PFS || + sta->auth_alg == WLAN_AUTH_FILS_PK) && + fils_set_tk(sta->wpa_sm) < 0) { + wpa_printf(MSG_DEBUG, "FILS: TK configuration failed"); + ap_sta_disconnect(hapd, sta, sta->addr, + WLAN_REASON_UNSPECIFIED); + return; + } +#endif /* CONFIG_FILS */ + if (sta->pending_eapol_rx) { struct os_reltime now, age; diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 6367ff104..317e94505 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1759,7 +1759,8 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) remove_ptk = 0; #endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_FILS - if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) && event == WPA_AUTH) + if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) && + (event == WPA_AUTH || event == WPA_ASSOC)) remove_ptk = 0; #endif /* CONFIG_FILS */ @@ -2395,6 +2396,28 @@ int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf, return current_len; } + +int fils_set_tk(struct wpa_state_machine *sm) +{ + enum wpa_alg alg; + int klen; + + if (!sm || !sm->PTK_valid) + return -1; + + alg = wpa_cipher_to_alg(sm->pairwise); + klen = wpa_cipher_key_len(sm->pairwise); + + wpa_printf(MSG_DEBUG, "FILS: Configure TK to the driver"); + if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, + sm->PTK.tk, klen)) { + wpa_printf(MSG_DEBUG, "FILS: Failed to set TK to the driver"); + return -1; + } + + return 0; +} + #endif /* CONFIG_FILS */ diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 5a39aee95..dfd9e0428 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -355,5 +355,6 @@ int fils_decrypt_assoc(struct wpa_state_machine *sm, const u8 *fils_session, u8 *pos, size_t left); int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf, size_t current_len, size_t max_len); +int fils_set_tk(struct wpa_state_machine *sm); #endif /* WPA_AUTH_H */