This implements the FILS Extended Key ID support in wpa_supplicant compatible to our implementation for hostapd: When supporting Extended Key ID the KeyID for the pairwise key id must be also in the FILS handshake. Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx> --- src/rsn_supp/wpa.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index de463cba6..269adcb94 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -4381,6 +4381,7 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len) struct wpa_gtk_data gd; int maxkeylen; struct wpa_eapol_ie_parse kde; + struct wpa_ie_data rsn; if (!sm || !sm->ptk_set) { wpa_printf(MSG_DEBUG, "FILS: No KEK available"); @@ -4494,8 +4495,6 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len) #ifdef CONFIG_IEEE80211R if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) { - struct wpa_ie_data rsn; - /* Check that PMKR1Name derived by the AP matches */ if (!elems.rsn_ie || wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2, @@ -4563,11 +4562,16 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len) keylen, (long unsigned int) sm->ptk.tk_len); goto fail; } + + if (handle_extended_key_id(sm, &kde, + elems.rsn_ie - 2, elems.rsn_ie_len + 2)) + goto fail; + rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher); wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver", sm->ptk.tk, keylen); - if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, null_rsc, rsclen, - sm->ptk.tk, keylen, KEY_TYPE_PAIRWISE) < 0) { + if (wpa_sm_set_key(sm, alg, sm->bssid, sm->keyidx_active, 1, null_rsc, + rsclen, sm->ptk.tk, keylen, KEY_TYPE_PAIRWISE) < 0) { wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "FILS: Failed to set PTK to the driver (alg=%d keylen=%d bssid=" MACSTR ")", -- 2.23.0 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap