projects / mech_eap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 98ea943)
FT: Configure FT XXKey as PMK for driver-based 4-way handshake
authorJouni Malinen <jouni.malinen@atheros.com>
Mon, 31 Jan 2011 22:06:13 +0000 (00:06 +0200)
committerJouni Malinen <j@w1.fi>
Mon, 31 Jan 2011 22:06:13 +0000 (00:06 +0200)
When using FT-EAP, the second half of MSK is used as the starting
point for PMK key hierarchy. Configure that instead of the first
half of MSK when using FT with driver-based 4-way handshake and
FT protocol.

wpa_supplicant/wpas_glue.c patch | blob | history

diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index d940748..5b7aebe 100644 (file)
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -254,14 +254,29 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
                   "handshake");
 
        pmk_len = PMK_LEN;
-       res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
-       if (res) {
-               /*
-                * EAP-LEAP is an exception from other EAP methods: it
-                * uses only 16-byte PMK.
-                */
-               res = eapol_sm_get_key(eapol, pmk, 16);
-               pmk_len = 16;
+       if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
+#ifdef CONFIG_IEEE80211R
+               u8 buf[2 * PMK_LEN];
+               wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
+                          "driver-based 4-way hs and FT");
+               res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
+               if (res == 0) {
+                       os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
+                       os_memset(buf, 0, sizeof(buf));
+               }
+#else /* CONFIG_IEEE80211R */
+               res = -1;
+#endif /* CONFIG_IEEE80211R */
+       } else {
+               res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
+               if (res) {
+                       /*
+                        * EAP-LEAP is an exception from other EAP methods: it
+                        * uses only 16-byte PMK.
+                        */
+                       res = eapol_sm_get_key(eapol, pmk, 16);
+                       pmk_len = 16;
+               }
        }
 
        if (res) {
@@ -270,6 +285,9 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
                return;
        }
 
+       wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
+                       "handshake", pmk, pmk_len);
+
        if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk,
                            pmk_len)) {
                wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");
Moonshot GSS-API mechanism