jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

FILS: Fix PMKID derivation for OKC

Browse source 
FILS authentication derives PMK differently from the EAP cases. The PMK
value does not bind in the MAC addresses of the STAs. As such, the same
PMKID is used with different BSSIDs. Fix both the hostapd and
wpa_supplicant to use the previous PMKID as is for OKC instead of
deriving a new PMKID using an incorrect derivation method when using an
FILS AKM.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This commit is contained in:
Veerendranath Jakkam 2021-05-04 10:47:25 +05:30 committed by Jouni Malinen
parent 6abfb1418c
commit e2e2655ce8
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/ap/pmksa_cache_auth.c
View file

@ -516,7 +516,8 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
for (entry = pmksa->pmksa; entry; entry = entry->next) {
if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
continue;
if (wpa_key_mgmt_sae(entry->akmp)) {
if (wpa_key_mgmt_sae(entry->akmp) ||
wpa_key_mgmt_fils(entry->akmp)) {
if (os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)
return entry;
continue;

3
src/rsn_supp/pmksa_cache.c
View file

@ -376,7 +376,8 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
os_time_t old_expiration = old_entry->expiration;
const u8 *pmkid = NULL;
if (wpa_key_mgmt_sae(old_entry->akmp))
if (wpa_key_mgmt_sae(old_entry->akmp) ||
wpa_key_mgmt_fils(old_entry->akmp))
pmkid = old_entry->pmkid;
new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len,
pmkid, NULL, 0,