FT: Configure FT XXKey as PMK for driver-based 4-way handshake

When using FT-EAP, the second half of MSK is used as the starting
point for PMK key hierarchy. Configure that instead of the first
half of MSK when using FT with driver-based 4-way handshake and
FT protocol.
This commit is contained in:
Jouni Malinen 2011-02-01 00:06:13 +02:00 committed by Jouni Malinen
parent 98ea943177
commit 09c395b4bb

View file

@ -254,14 +254,29 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
"handshake"); "handshake");
pmk_len = PMK_LEN; pmk_len = PMK_LEN;
res = eapol_sm_get_key(eapol, pmk, PMK_LEN); if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
if (res) { #ifdef CONFIG_IEEE80211R
/* u8 buf[2 * PMK_LEN];
* EAP-LEAP is an exception from other EAP methods: it wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
* uses only 16-byte PMK. "driver-based 4-way hs and FT");
*/ res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
res = eapol_sm_get_key(eapol, pmk, 16); if (res == 0) {
pmk_len = 16; os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
os_memset(buf, 0, sizeof(buf));
}
#else /* CONFIG_IEEE80211R */
res = -1;
#endif /* CONFIG_IEEE80211R */
} else {
res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
if (res) {
/*
* EAP-LEAP is an exception from other EAP methods: it
* uses only 16-byte PMK.
*/
res = eapol_sm_get_key(eapol, pmk, 16);
pmk_len = 16;
}
} }
if (res) { if (res) {
@ -270,6 +285,9 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
return; return;
} }
wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
"handshake", pmk, pmk_len);
if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk, if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk,
pmk_len)) { pmk_len)) {
wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver"); wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");