From 3b1ad1334a5377edc5fc147e0b83a37e1817c2bc Mon Sep 17 00:00:00 2001
From: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
Date: Tue, 21 Feb 2023 09:39:35 +0530
Subject: [PATCH] FT: Include KDK in FT specific PTK derivation on the AP

FT AP was silently ignoring EAPOL-Key msg 2/4 due to Key MIC mismatch
when the STA advertises support for Secure LTF and derives the KDK while
the AP implementation did not derive KDK.

Fix this to include KDK while deriving PTK for FT cases on the AP.

Signed-off-by: Shiva Sankar Gajula <quic_sgajula@quicinc.com>
---
 src/ap/wpa_auth.c    | 3 ++-
 src/ap/wpa_auth_ft.c | 4 ++--
 src/ap/wpa_auth_i.h  | 2 +-
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c49cdaa67..b048f0e25 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2394,7 +2394,8 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
 						sm->pairwise, kdk_len);
 		} else {
 			ret = wpa_auth_derive_ptk_ft(sm, ptk, pmk_r0, pmk_r1,
-						     pmk_r0_name, key_len);
+						     pmk_r0_name, key_len,
+						     kdk_len);
 		}
 		if (ret) {
 			wpa_printf(MSG_ERROR, "FT: PTK derivation failed");
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 7a5e58401..2aa1d9180 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2111,7 +2111,7 @@ int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm,
 
 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
 			   u8 *pmk_r0, u8 *pmk_r1, u8 *pmk_r0_name,
-			   size_t *key_len)
+			   size_t *key_len, size_t kdk_len)
 {
 	size_t pmk_r0_len, pmk_r1_len;
 	u8 ptk_name[WPA_PMK_NAME_LEN];
@@ -2158,7 +2158,7 @@ int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
 	return wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
 				 sm->addr, sm->wpa_auth->addr, sm->pmk_r1_name,
 				 ptk, ptk_name, sm->wpa_key_mgmt, sm->pairwise,
-				 0);
+				 kdk_len);
 }
 
 
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index f3cb9be31..273236961 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -306,7 +306,7 @@ int wpa_write_ftie(struct wpa_auth_config *conf, int key_mgmt, size_t key_len,
 		   size_t subelem_len, int rsnxe_used);
 int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
 			   u8 *pmk_r0, u8 *pmk_r1, u8 *pmk_r0_name,
-			   size_t *key_len);
+			   size_t *key_len, size_t kdk_len);
 void wpa_auth_ft_store_keys(struct wpa_state_machine *sm, const u8 *pmk_r0,
 			    const u8 *pmk_r1, const u8 *pmk_r0_name,
 			    size_t key_len);
-- 
2.47.2