From: Veerendranath Jakkam Date: Tue, 4 May 2021 05:17:25 +0000 (+0530) Subject: FILS: Fix PMKID derivation for OKC X-Git-Tag: hostap_2_10~266 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2e2655ce825a523f3ceca8a066f20533aa04683;p=thirdparty%2Fhostap.git FILS: Fix PMKID derivation for OKC FILS authentication derives PMK differently from the EAP cases. The PMK value does not bind in the MAC addresses of the STAs. As such, the same PMKID is used with different BSSIDs. Fix both the hostapd and wpa_supplicant to use the previous PMKID as is for OKC instead of deriving a new PMKID using an incorrect derivation method when using an FILS AKM. Signed-off-by: Veerendranath Jakkam --- diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c index fe5f81717..b67b8522e 100644 --- a/src/ap/pmksa_cache_auth.c +++ b/src/ap/pmksa_cache_auth.c @@ -516,7 +516,8 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc( for (entry = pmksa->pmksa; entry; entry = entry->next) { if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0) continue; - if (wpa_key_mgmt_sae(entry->akmp)) { + if (wpa_key_mgmt_sae(entry->akmp) || + wpa_key_mgmt_fils(entry->akmp)) { if (os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0) return entry; continue; diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c index e481dd5d6..cb2a8674a 100644 --- a/src/rsn_supp/pmksa_cache.c +++ b/src/rsn_supp/pmksa_cache.c @@ -376,7 +376,8 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa, os_time_t old_expiration = old_entry->expiration; const u8 *pmkid = NULL; - if (wpa_key_mgmt_sae(old_entry->akmp)) + if (wpa_key_mgmt_sae(old_entry->akmp) || + wpa_key_mgmt_fils(old_entry->akmp)) pmkid = old_entry->pmkid; new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len, pmkid, NULL, 0,