aboutsummaryrefslogtreecommitdiffstats
path: root/src/ap/wpa_auth_i.h
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-03-23 15:45:44 (GMT)
committerJouni Malinen <j@w1.fi>2018-03-23 16:44:48 (GMT)
commit9d94e4bb6bbbcd9db336c82ac477b81644aff546 (patch)
treed65b7ea1dfd211680e55a1ad8b65dd0fb51f6163 /src/ap/wpa_auth_i.h
parenta03f9d17ea67ac3c3d683f3717e436f4b6c93e37 (diff)
downloadhostap-9d94e4bb6bbbcd9db336c82ac477b81644aff546.zip
hostap-9d94e4bb6bbbcd9db336c82ac477b81644aff546.tar.gz
hostap-9d94e4bb6bbbcd9db336c82ac477b81644aff546.tar.bz2
SAE: Fix PMKID in EAPOL-Key msg 1/4
Previously, the association that used SAE authentication ended up recalculating the PMKID for EAPOL-Key msg 1/4 using incorrect PMK-to-PMKID derivation instead of using the previously derived PMKID from SAE. The correct PMKID was used only when going through PMKSA caching exchange with a previously derived PMKSA from SAE. Fix this by storing the SAE PMKID into the state machine entry for the initial SAE authentication case when there is no explicit PMKSA entry attached to the station. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/ap/wpa_auth_i.h')
-rw-r--r--src/ap/wpa_auth_i.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index befa800..609405a 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -58,6 +58,7 @@ struct wpa_state_machine {
u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];
u8 PMK[PMK_LEN_MAX];
unsigned int pmk_len;
+ u8 pmkid[PMKID_LEN]; /* valid if pmkid_set == 1 */
struct wpa_ptk PTK;
Boolean PTK_valid;
Boolean pairwise_set;
@@ -90,6 +91,7 @@ struct wpa_state_machine {
unsigned int pmk_r1_name_valid:1;
#endif /* CONFIG_IEEE80211R_AP */
unsigned int is_wnmsleep:1;
+ unsigned int pmkid_set:1;
u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN];
int req_replay_counter_used;