From a03f9d17ea67ac3c3d683f3717e436f4b6c93e37 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 23 Mar 2018 18:42:21 +0200 Subject: [PATCH] SAE: Fix FT-SAE key derivation for a case where PMKID in msg 1/4 matches Previously, matching PMKSA cache entry ended up clearing XXKey. However, that XXKey is needed in the specific case where FT-SAE goes through the initial mobility domain association with SAE authentication. FT-SAE worked previously since the hostapd side generation of the particular PMKID value in msg 1/4 was broken, but once that PMKID is fixed, wpa_supplicant will need this fix to allow FT-SAE to be used. Signed-off-by: Jouni Malinen --- src/rsn_supp/wpa.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index ea54f327e..5ebd4cb99 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -288,6 +288,18 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm, eapol_sm_notify_cached(sm->eapol); #ifdef CONFIG_IEEE80211R sm->xxkey_len = 0; +#ifdef CONFIG_SAE + if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE && + sm->pmk_len == PMK_LEN) { + /* Need to allow FT key derivation to proceed with + * PMK from SAE being used as the XXKey in cases where + * the PMKID in msg 1/4 matches the PMKSA entry that was + * just added based on SAE authentication for the + * initial mobility domain association. */ + os_memcpy(sm->xxkey, sm->pmk, sm->pmk_len); + sm->xxkey_len = sm->pmk_len; + } +#endif /* CONFIG_SAE */ #endif /* CONFIG_IEEE80211R */ } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) { int res, pmk_len;