hostapd: Fix wpa_psk_file support for FT-PSK

For FT-PSK sm->xxkey was populated with only the first password on the
linked list (i.e., last matching password in the wpa_psk_file) in
INITPSK. This caused only that password to be recognized and accepted.
All other passwords were not verified properly and subsequently
prevented clients from connecting.

Hostapd would report:

 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
 Jan 30 12:55:44 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: invalid MIC in msg 2/4 of 4-Way Handshake
 Jan 30 12:55:45 hostapd: ap0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout

Signed-off-by: Michal Kazior <michal@plumewifi.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 5664caa3530ceeebb30c551cbe4b5f63c06aafad..ccb21fe4cccdc57a2c9d6ceaac8f8d072b1a663e 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -861,6 +861,12 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
                                               sm->p2p_dev_addr, pmk, &pmk_len);
                        if (pmk == NULL)
                                break;
+#ifdef CONFIG_IEEE80211R_AP
+                       if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
+                               os_memcpy(sm->xxkey, pmk, pmk_len);
+                               sm->xxkey_len = pmk_len;
+                       }
+#endif /* CONFIG_IEEE80211R_AP */
                } else {
                        pmk = sm->PMK;
                        pmk_len = sm->pmk_len;
@@ -2643,6 +2649,12 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
                        if (pmk == NULL)
                                break;
                        psk_found = 1;
+#ifdef CONFIG_IEEE80211R_AP
+                       if (wpa_key_mgmt_ft_psk(sm->wpa_key_mgmt)) {
+                               os_memcpy(sm->xxkey, pmk, pmk_len);
+                               sm->xxkey_len = pmk_len;
+                       }
+#endif /* CONFIG_IEEE80211R_AP */
                } else {
                        pmk = sm->PMK;
                        pmk_len = sm->pmk_len;