FT: Store PTKSA from FT protocol

PTKSA was stored for the 4-way handshake and FILS cases, but not when it
was being derived through the use of the FT protocol.

Fixes: f2f8e4f45830 ("Add PTKSA cache to hostapd")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 2aa1d9180b6c42e5643513b521e836d551e566c5..35585cd9507c591397dc9a2222e3423eb576c738 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -35,6 +35,9 @@
 const unsigned int ftRRBseqTimeout = 10;
 const unsigned int ftRRBmaxQueueLen = 100;
 
+/* TODO: make these configurable */
+static const int dot11RSNAConfigPMKLifetime = 43200;
+
 
 static int wpa_ft_send_rrb_auth_resp(struct wpa_state_machine *sm,
                                     const u8 *current_ap, const u8 *sta_addr,
@@ -2949,6 +2952,9 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry)
        /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
        sm->pairwise_set = true;
        sm->tk_already_set = true;
+
+       wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
+                            dot11RSNAConfigPMKLifetime, &sm->PTK);
 }
 
 

diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 273236961858514603fbd3cac1296955a32e6861..d401550c7a8d7f1d08f992de58c6a6520eb9d378 100644 (file)
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -296,6 +296,9 @@ int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth,
 int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
                           int (*cb)(struct wpa_authenticator *a, void *ctx),
                           void *cb_ctx);
+void wpa_auth_store_ptksa(struct wpa_authenticator *wpa_auth,
+                         const u8 *addr, int cipher,
+                         u32 life_time, const struct wpa_ptk *ptk);
 
 #ifdef CONFIG_IEEE80211R_AP
 int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);