@@ -4382,6 +4382,7 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
struct wpa_gtk_data gd;
int maxkeylen;
struct wpa_eapol_ie_parse kde;
+ struct wpa_ie_data rsn;
if (!sm || !sm->ptk_set) {
wpa_printf(MSG_DEBUG, "FILS: No KEK available");
@@ -4495,8 +4496,6 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
#ifdef CONFIG_IEEE80211R
if (wpa_key_mgmt_ft(sm->key_mgmt) && sm->fils_ft_ies) {
- struct wpa_ie_data rsn;
-
/* Check that PMKR1Name derived by the AP matches */
if (!elems.rsn_ie ||
wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
@@ -4564,11 +4563,16 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len)
keylen, (long unsigned int) sm->ptk.tk_len);
goto fail;
}
+
+ if (handle_extended_key_id(sm, &kde,
+ elems.rsn_ie - 2, elems.rsn_ie_len + 2))
+ goto fail;
+
rsclen = wpa_cipher_rsc_len(sm->pairwise_cipher);
wpa_hexdump_key(MSG_DEBUG, "FILS: Set TK to driver",
sm->ptk.tk, keylen);
- if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, null_rsc, rsclen,
- sm->ptk.tk, keylen, KEY_TYPE_PAIRWISE) < 0) {
+ if (wpa_sm_set_key(sm, alg, sm->bssid, sm->keyidx_active, 1, null_rsc,
+ rsclen, sm->ptk.tk, keylen, KEY_TYPE_PAIRWISE) < 0) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"FILS: Failed to set PTK to the driver (alg=%d keylen=%d bssid="
MACSTR ")",
This implements the matching Extended Key ID support for FILS compatible to our hostapd interpretation of the standard. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de> --- src/rsn_supp/wpa.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)