From: Jouni Malinen Date: Thu, 18 Apr 2019 15:17:07 +0000 (+0300) Subject: FT: Maintain PMK-R1 for a connected STA X-Git-Tag: hostap_2_8~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a576f5ea5ac7e73222d6063ea6f5f2128cc7b43;p=thirdparty%2Fhostap.git FT: Maintain PMK-R1 for a connected STA This is needed to allow PTK rekeying to be performed through 4-way handshake in an association started through FT protocol. Signed-off-by: Jouni Malinen --- diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 158207125..ff6bf7cdb 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1748,6 +1748,8 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) sm->pmk_len = 0; os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); sm->xxkey_len = 0; + os_memset(sm->pmk_r1, 0, sizeof(sm->pmk_r1)); + sm->pmk_r1_len = 0; #endif /* CONFIG_IEEE80211R_AP */ break; case WPA_REAUTH: diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 5fb41c450..ac16199a6 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -2983,6 +2983,8 @@ pmk_r1_derived: wpa_hexdump_key(MSG_DEBUG, "FT: Selected PMK-R1", pmk_r1, pmk_r1_len); sm->pmk_r1_name_valid = 1; os_memcpy(sm->pmk_r1_name, pmk_r1_name, WPA_PMK_NAME_LEN); + os_memcpy(sm->pmk_r1, pmk_r1, pmk_r1_len); + sm->pmk_r1_len = pmk_r1_len; if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { wpa_printf(MSG_DEBUG, "FT: Failed to get random data for " diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h index 15512368e..4babd0cbb 100644 --- a/src/ap/wpa_auth_i.h +++ b/src/ap/wpa_auth_i.h @@ -119,6 +119,8 @@ struct wpa_state_machine { u8 xxkey[PMK_LEN_MAX]; /* PSK or the second 256 bits of MSK, or the * first 384 bits of MSK */ size_t xxkey_len; + u8 pmk_r1[PMK_LEN_MAX]; + unsigned int pmk_r1_len; u8 pmk_r1_name[WPA_PMK_NAME_LEN]; /* PMKR1Name derived from FT Auth * Request */ u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */