From 0c9df339f5a91fe56c1439e078f2d31b085c466b Mon Sep 17 00:00:00 2001 From: Vinoth V Date: Fri, 28 Apr 2023 10:07:39 +0530 Subject: [PATCH] OKC with Suite B AKMPs in wpa_supplicant To support Opportunistic Key Caching for Suite B key management, KCK needs to be stored on PMKSA to derive the new PMKID correctly for the new roaming AP. Signed-off-by: Vinoth V --- src/rsn_supp/pmksa_cache.c | 7 ++++++- src/rsn_supp/pmksa_cache.h | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c index 6c8775150..c97242815 100644 --- a/src/rsn_supp/pmksa_cache.c +++ b/src/rsn_supp/pmksa_cache.c @@ -242,6 +242,9 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len, if (pmk_len > PMK_LEN_MAX) return NULL; + if (kck_len > WPA_KCK_MAX_LEN) + return NULL; + if (wpa_key_mgmt_suite_b(akmp) && !kck) return NULL; @@ -250,6 +253,8 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len, return NULL; os_memcpy(entry->pmk, pmk, pmk_len); entry->pmk_len = pmk_len; + os_memcpy(entry->kck, kck, kck_len); + entry->kck_len = kck_len; if (pmkid) os_memcpy(entry->pmkid, pmkid, PMKID_LEN); else if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) @@ -508,7 +513,7 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa, wpa_key_mgmt_fils(old_entry->akmp)) pmkid = old_entry->pmkid; new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len, - pmkid, NULL, 0, + pmkid, old_entry->kck, old_entry->kck_len, aa, pmksa->sm->own_addr, old_entry->network_ctx, old_entry->akmp, old_entry->fils_cache_id_set ? diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h index 08af2e63b..6ba48f746 100644 --- a/src/rsn_supp/pmksa_cache.h +++ b/src/rsn_supp/pmksa_cache.h @@ -17,6 +17,8 @@ struct rsn_pmksa_cache_entry { u8 pmkid[PMKID_LEN]; u8 pmk[PMK_LEN_MAX]; size_t pmk_len; + u8 kck[WPA_KCK_MAX_LEN]; + size_t kck_len; os_time_t expiration; int akmp; /* WPA_KEY_MGMT_* */ u8 aa[ETH_ALEN];