FILS: Fix PMKID derivation for OKC

FILS authentication derives PMK differently from the EAP cases. The PMK
value does not bind in the MAC addresses of the STAs. As such, the same
PMKID is used with different BSSIDs. Fix both the hostapd and
wpa_supplicant to use the previous PMKID as is for OKC instead of
deriving a new PMKID using an incorrect derivation method when using an
FILS AKM.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>

diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c
index fe5f8171754b902d8b62855d3bd3b878b04b5307..b67b8522e744fd404c73c833ebab41d672844102 100644 (file)
--- a/src/ap/pmksa_cache_auth.c
+++ b/src/ap/pmksa_cache_auth.c
@@ -516,7 +516,8 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
        for (entry = pmksa->pmksa; entry; entry = entry->next) {
                if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
                        continue;
-               if (wpa_key_mgmt_sae(entry->akmp)) {
+               if (wpa_key_mgmt_sae(entry->akmp) ||
+                   wpa_key_mgmt_fils(entry->akmp)) {
                        if (os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)
                                return entry;
                        continue;

diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index e481dd5d6943fa6fc777357836ef6b5976749b8b..cb2a8674a81b09e5213f3a340897701bc129efa8 100644 (file)
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -376,7 +376,8 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
        os_time_t old_expiration = old_entry->expiration;
        const u8 *pmkid = NULL;
 
-       if (wpa_key_mgmt_sae(old_entry->akmp))
+       if (wpa_key_mgmt_sae(old_entry->akmp) ||
+           wpa_key_mgmt_fils(old_entry->akmp))
                pmkid = old_entry->pmkid;
        new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len,
                                    pmkid, NULL, 0,