From 4022ffc5db34a2bb43eca7e6245ab0c147c0cf68 Mon Sep 17 00:00:00 2001
From: Vinay Gannevaram <quic_vganneva@quicinc.com>
Date: Wed, 21 Sep 2022 10:14:55 +0530
Subject: [PATCH] PASN: Store AKMP in the PTKSA cache

PTK is stored in the PTKSA cache following a successful PASN handshake,
however AKMP is removed upon a WPA PASN reset. The PASN handshake is
used in the Wi-Fi Aware R4 specification to define the pairing setup
process. KDK is used to generate a new set of keys, while AKMP is
required for key derivation for pairing. So, keep AKMP in the PTKSA
cache.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 src/ap/ieee802_11.c              | 3 ++-
 src/ap/wpa_auth_glue.c           | 2 +-
 src/common/ptksa_cache.c         | 4 +++-
 src/common/ptksa_cache.h         | 5 +++--
 wpa_supplicant/pasn_supplicant.c | 2 +-
 wpa_supplicant/wpas_glue.c       | 2 +-
 6 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 50c81a6da..44c469cbc 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3733,7 +3733,8 @@ static void handle_auth_pasn(struct hostapd_data *hapd, struct sta_info *sta,
 				       sta->addr, mgmt, len) == 0) {
 			ptksa_cache_add(hapd->ptksa, hapd->own_addr, sta->addr,
 					sta->pasn->cipher, 43200,
-					&sta->pasn->ptk, NULL, NULL);
+					&sta->pasn->ptk, NULL, NULL,
+					sta->pasn->akmp);
 
 			pasn_set_keys_from_cache(hapd, hapd->own_addr,
 						 sta->addr, sta->pasn->cipher,
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index f388ffe9f..510708064 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -935,7 +935,7 @@ static void hostapd_store_ptksa(void *ctx, const u8 *addr,int cipher,
 	struct hostapd_data *hapd = ctx;
 
 	ptksa_cache_add(hapd->ptksa, hapd->own_addr, addr, cipher, life_time,
-			ptk, NULL, NULL);
+			ptk, NULL, NULL, 0);
 }
 
 
diff --git a/src/common/ptksa_cache.c b/src/common/ptksa_cache.c
index aacc42512..3b5c0b8e5 100644
--- a/src/common/ptksa_cache.c
+++ b/src/common/ptksa_cache.c
@@ -264,6 +264,7 @@ void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher)
  * @ptk: The PTK
  * @life_time_expiry_cb: Callback for alternative expiration handling
  * @ctx: Context pointer to save into e->ctx for the callback
+ * @akmp: The key management mechanism that was used to derive the PTK
  * Returns: Pointer to the added PTKSA cache entry or %NULL on error
  *
  * This function creates a PTKSA entry and adds it to the PTKSA cache.
@@ -277,7 +278,7 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
 					   const struct wpa_ptk *ptk,
 					   void (*life_time_expiry_cb)
 					   (struct ptksa_cache_entry *e),
-					   void *ctx)
+					   void *ctx, u32 akmp)
 {
 	struct ptksa_cache_entry *entry, *tmp, *tmp2 = NULL;
 	struct os_reltime now;
@@ -302,6 +303,7 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
 	entry->cipher = cipher;
 	entry->cb = life_time_expiry_cb;
 	entry->ctx = ctx;
+	entry->akmp = akmp;
 
 	if (own_addr)
 		os_memcpy(entry->own_addr, own_addr, ETH_ALEN);
diff --git a/src/common/ptksa_cache.h b/src/common/ptksa_cache.h
index a643a268e..6182215cd 100644
--- a/src/common/ptksa_cache.h
+++ b/src/common/ptksa_cache.h
@@ -26,6 +26,7 @@ struct ptksa_cache_entry {
 	u8 own_addr[ETH_ALEN];
 	void (*cb)(struct ptksa_cache_entry *e);
 	void *ctx;
+	u32 akmp;
 };
 
 #ifdef CONFIG_PTKSA_CACHE
@@ -44,7 +45,7 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
 					   const struct wpa_ptk *ptk,
 					   void (*cb)
 					   (struct ptksa_cache_entry *e),
-					   void *ctx);
+					   void *ctx, u32 akmp);
 void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher);
 
 #else /* CONFIG_PTKSA_CACHE */
@@ -73,7 +74,7 @@ static inline int ptksa_cache_list(struct ptksa_cache *ptksa,
 static inline struct ptksa_cache_entry *
 ptksa_cache_add(struct ptksa_cache *ptksa, const u8 *own_addr, const u8 *addr,
 		u32 cipher, u32 life_time, const struct wpa_ptk *ptk,
-		void (*cb)(struct ptksa_cache_entry *e), void *ctx)
+		void (*cb)(struct ptksa_cache_entry *e), void *ctx, u32 akmp)
 {
 	return NULL;
 }
diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index 14ffba448..2650fd31f 100644
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -1977,7 +1977,7 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
 				pasn->cipher, dot11RSNAConfigPMKLifetime,
 				&pasn->ptk,
 				wpa_s->pasn_params ? wpas_pasn_deauth_cb : NULL,
-				wpa_s->pasn_params ? wpa_s : NULL);
+				wpa_s->pasn_params ? wpa_s : NULL, pasn->akmp);
 
 		if (pasn->pmksa_entry)
 			wpa_sm_set_cur_pmksa(wpa_s->wpa, pasn->pmksa_entry);
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index c5cfa92e5..685274875 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1379,7 +1379,7 @@ static void wpa_supplicant_store_ptk(void *ctx, u8 *addr, int cipher,
 	struct wpa_supplicant *wpa_s = ctx;
 
 	ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, addr, cipher, life_time,
-			ptk, NULL, NULL);
+			ptk, NULL, NULL, 0);
 }
 
 #endif /* CONFIG_NO_WPA */