FT: Derive PTK properly for rekeying with FT protocol

Do not try to derive a PMK-R0 and PMK-R1 again for the case where an association was started with FT protocol and PTK is rekeyed using 4-way handshake. Instead, use the previously derived PMK-R1 to allow a new PTK to be derived. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
5 years ago · b583ed38df
parent fb1dee221b
commit b583ed38df
1 changed files with 13 additions and 1 deletions
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -2211,8 +2211,20 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
 	size_t z_len = 0;

 #ifdef CONFIG_IEEE80211R_AP
-	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt))
+	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
+		if (sm->ft_completed) {
+			u8 ptk_name[WPA_PMK_NAME_LEN];
+
+			return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len,
+						 sm->SNonce, sm->ANonce,
+						 sm->addr, sm->wpa_auth->addr,
+						 sm->pmk_r1_name,
+						 ptk, ptk_name,
+						 sm->wpa_key_mgmt,
+						 sm->pairwise);
+		}
 		return wpa_auth_derive_ptk_ft(sm, ptk);
+	}
 #endif /* CONFIG_IEEE80211R_AP */

 #ifdef CONFIG_DPP2