FT: Allow 4-way handshake for PTK rekeying to continue without PMK/PMKID

There is no PMK/PMKID when going through 4-way handshake during an
association started with FT protocol, so need to allow the operation to
proceed even if there is no selected PMKSA cache entry in place.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 899a430893bd797986cf1a6dec0a5ac81c372d38..9163f61fa2f2468ee7906005fb6b0e49e045f031 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -384,6 +384,11 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
 
                        if (!sm->cur_pmksa)
                                sm->cur_pmksa = sa;
+#ifdef CONFIG_IEEE80211R
+               } else if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->ft_protocol) {
+                       wpa_printf(MSG_DEBUG,
+                                  "FT: Continue 4-way handshake without PMK/PMKID for association using FT protocol");
+#endif /* CONFIG_IEEE80211R */
                } else {
                        wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
                                "WPA: Failed to get master session key from "
@@ -2714,6 +2719,9 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
                wpa_ft_prepare_auth_request(sm, NULL);
 
                clear_keys = 0;
+               sm->ft_protocol = 1;
+       } else {
+               sm->ft_protocol = 0;
        }
 #endif /* CONFIG_IEEE80211R */
 #ifdef CONFIG_FILS
@@ -2778,6 +2786,7 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
 #endif /* CONFIG_FILS */
 #ifdef CONFIG_IEEE80211R
        sm->ft_reassoc_completed = 0;
+       sm->ft_protocol = 0;
 #endif /* CONFIG_IEEE80211R */
 
        /* Keys are not needed in the WPA state machine anymore */

diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 5dc9f2ed5e7a03180c143e252cebf274ef1b20a6..0c5955c66f882b4eb9596801afc83c96fc677d4e 100644 (file)
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -126,8 +126,9 @@ struct wpa_sm {
        u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
        size_t r0kh_id_len;
        u8 r1kh_id[FT_R1KH_ID_LEN];
-       int ft_completed;
-       int ft_reassoc_completed;
+       unsigned int ft_completed:1;
+       unsigned int ft_reassoc_completed:1;
+       unsigned int ft_protocol:1;
        int over_the_ds_in_progress;
        u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
        int set_ptk_after_assoc;