FT: Include KDK in FT specific PTK derivation on the AP

FT AP was silently ignoring EAPOL-Key msg 2/4 due to Key MIC mismatch
when the STA advertises support for Secure LTF and derives the KDK while
the AP implementation did not derive KDK.

Fix this to include KDK while deriving PTK for FT cases on the AP.

Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c49cdaa67a6f6149b31a5e30804b13e74bbf3e33..b048f0e25189dfe04414f5df0d400900b5f372f5 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2394,7 +2394,8 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
                                                sm->pairwise, kdk_len);
                } else {
                        ret = wpa_auth_derive_ptk_ft(sm, ptk, pmk_r0, pmk_r1,
-                                                    pmk_r0_name, key_len);
+                                                    pmk_r0_name, key_len,
+                                                    kdk_len);
                }
                if (ret) {
                        wpa_printf(MSG_ERROR, "FT: PTK derivation failed");

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 7a5e58401297e403aca901386ec52ce48785879a..2aa1d9180b6c42e5643513b521e836d551e566c5 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2111,7 +2111,7 @@ int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
 
 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
                           u8 *pmk_r0, u8 *pmk_r1, u8 *pmk_r0_name,
-                          size_t *key_len)
+                          size_t *key_len, size_t kdk_len)
 {
        size_t pmk_r0_len, pmk_r1_len;
        u8 ptk_name[WPA_PMK_NAME_LEN];
@@ -2158,7 +2158,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
        return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
                                 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
                                 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise,
-                                0);
+                                kdk_len);
 }
 
 

diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index f3cb9be31f712809c846adeed541b5018647e018..273236961858514603fbd3cac1296955a32e6861 100644 (file)
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -306,7 +306,7 @@ int wpa_write_ftie(struct wpa_auth_config *conf, int key_mgmt, size_t key_len,
                   size_t subelem_len, int rsnxe_used);
 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
                           u8 *pmk_r0, u8 *pmk_r1, u8 *pmk_r0_name,
-                          size_t *key_len);
+                          size_t *key_len, size_t kdk_len);
 void wpa_auth_ft_store_keys(struct wpa_state_machine *sm, const u8 *pmk_r0,
                            const u8 *pmk_r1, const u8 *pmk_r0_name,
                            size_t key_len);