This implements the FILS Extended Key ID support in wpa_supplicant
compatible to our implementation for hostapd:
When supporting Extended Key ID the KeyID for the pairwise key id must
be also in the FILS handshake.
Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx>
---
src/rsn_supp/wpa.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index de463cba6..269adcb94 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -4381,6 +4381,7 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
struct wpa_gtk_data gd;
int maxkeylen;
struct wpa_eapol_ie_parse kde;
+ struct wpa_ie_data rsn;
if (!sm || !sm->ptk_set) {
wpa_printf(MSG_DEBUG, "FILS: No KEK available");
@@ -4494,8 +4495,6 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
#ifdef CONFIG_IEEE80211R
if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
- struct wpa_ie_data rsn;
-
/* Check that PMKR1Name derived by the AP matches */
if (!elems.rsn_ie ||
wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
@@ -4563,11 +4562,16 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
keylen, (long unsigned int) sm->ptk.tk_len);
goto fail;
}
+
+ if (handle_extended_key_id(sm, &kde,
+ elems.rsn_ie - 2, elems.rsn_ie_len + 2))
+ goto fail;
+
rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
sm->ptk.tk, keylen);
- if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, null_rsc, rsclen,
- sm->ptk.tk, keylen, KEY_TYPE_PAIRWISE) < 0) {
+ if (wpa_sm_set_key(sm, alg, sm->bssid, sm->keyidx_active, 1, null_rsc,
+ rsclen, sm->ptk.tk, keylen, KEY_TYPE_PAIRWISE) < 0) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"FILS: Failed to set PTK to the driver (alg=%d keylen=%d bssid="
MACSTR ")",
--
2.23.0
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
