From: Jouni Malinen <jouni@codeaurora.org>
Date: Sun, 28 Apr 2019 12:50:51 +0000 (+0300)
Subject: FT: Allow cached XXKey/MPMK to be used if new XXKey is not available
X-Git-Tag: hostap_2_9~319
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0c46b1a516601c3f7720e3cc794911ae2d415a6a;p=thirdparty%2Fhostap.git

FT: Allow cached XXKey/MPMK to be used if new XXKey is not available

This allows supplicant side to complete FT initial mobility domain
association using FT-EAP with PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---

diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 7dcb1043b..41592511e 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -18,6 +18,7 @@
 #include "drivers/driver.h"
 #include "wpa.h"
 #include "wpa_i.h"
+#include "pmksa_cache.h"
 
 #ifdef CONFIG_IEEE80211R
 
@@ -27,15 +28,23 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
 	u8 ptk_name[WPA_PMK_NAME_LEN];
 	const u8 *anonce = key->key_nonce;
 	int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt);
-
-	if (sm->xxkey_len == 0) {
+	const u8 *mpmk;
+	size_t mpmk_len;
+
+	if (sm->xxkey_len > 0) {
+		mpmk = sm->xxkey;
+		mpmk_len = sm->xxkey_len;
+	} else if (sm->cur_pmksa) {
+		mpmk = sm->cur_pmksa->pmk;
+		mpmk_len = sm->cur_pmksa->pmk_len;
+	} else {
 		wpa_printf(MSG_DEBUG, "FT: XXKey not available for key "
 			   "derivation");
 		return -1;
 	}
 
 	sm->pmk_r0_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;
-	if (wpa_derive_pmk_r0(sm->xxkey, sm->xxkey_len, sm->ssid,
+	if (wpa_derive_pmk_r0(mpmk, mpmk_len, sm->ssid,
 			      sm->ssid_len, sm->mobility_domain,
 			      sm->r0kh_id, sm->r0kh_id_len, sm->own_addr,
 			      sm->pmk_r0, sm->pmk_r0_name, use_sha384) < 0)