[PATCH 3/4] WPA: Support deriving KDK based on capabilities

Jouni Malinen j at w1.fi
Tue Jan 26 16:42:30 EST 2021

On Wed, Dec 16, 2020 at 01:01:39PM +0200, Ilan Peer wrote:
> diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
> @@ -603,11 +603,19 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
> +	if (sm->force_kdk_derivation ||
> +	    (sm->secure_ltf && sm->ap_rsnxe && sm->ap_rsnxe_len >= 4 &&
> +	     sm->ap_rsnxe[3] & WLAN_RSNX_CAPAB_SECURE_LTF))

There were number of issues like this one where
WLAN_RSNX_CAPAB_SECURE_LTF is assumed to be the specific bit instead of
bit index.. I fixed these and ended up using full capability offset from
the beginning rather than start from zero for the second octet to make
this look a bit more readable. I also changed the RSNXE generation
functions to build a local u16 capab first to make that easier to read
and extend. It would likely make sense to add a helper function for
checking whether a specific extended capability bit is set (similarly to
ieee802_11_ext_capab()) to clean up these parsing cases a bit more.

All four patches applied with some cleanup and fixes.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list