DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

PASN: Store AKMP in the PTKSA cache

Browse source 
PTK is stored in the PTKSA cache following a successful PASN handshake,
however AKMP is removed upon a WPA PASN reset. The PASN handshake is
used in the Wi-Fi Aware R4 specification to define the pairing setup
process. KDK is used to generate a new set of keys, while AKMP is
required for key derivation for pairing. So, keep AKMP in the PTKSA
cache.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Vinay Gannevaram 2022-09-21 10:14:55 +05:30 committed by Jouni Malinen
parent c55eadede7
commit 4022ffc5db
6 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/ap/ieee802_11.c
View file

@ -3733,7 +3733,8 @@ static void handle_auth_pasn(struct hostapd_data *hapd, struct sta_info *sta,
sta->addr, mgmt, len) == 0) { sta->addr, mgmt, len) == 0) {
ptksa_cache_add(hapd->ptksa, hapd->own_addr, sta->addr, ptksa_cache_add(hapd->ptksa, hapd->own_addr, sta->addr,
sta->pasn->cipher, 43200, sta->pasn->cipher, 43200,
&sta->pasn->ptk, NULL, NULL); &sta->pasn->ptk, NULL, NULL,
sta->pasn->akmp);
pasn_set_keys_from_cache(hapd, hapd->own_addr, pasn_set_keys_from_cache(hapd, hapd->own_addr,
sta->addr, sta->pasn->cipher, sta->addr, sta->pasn->cipher,

2
src/ap/wpa_auth_glue.c
View file

@ -935,7 +935,7 @@ static void hostapd_store_ptksa(void *ctx, const u8 *addr,int cipher,
struct hostapd_data *hapd = ctx; struct hostapd_data *hapd = ctx;
ptksa_cache_add(hapd->ptksa, hapd->own_addr, addr, cipher, life_time, ptksa_cache_add(hapd->ptksa, hapd->own_addr, addr, cipher, life_time,
ptk, NULL, NULL); ptk, NULL, NULL, 0);
} }

4
src/common/ptksa_cache.c
View file

@ -264,6 +264,7 @@ void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher)
* @ptk: The PTK * @ptk: The PTK
* @life_time_expiry_cb: Callback for alternative expiration handling * @life_time_expiry_cb: Callback for alternative expiration handling
* @ctx: Context pointer to save into e->ctx for the callback * @ctx: Context pointer to save into e->ctx for the callback
* @akmp: The key management mechanism that was used to derive the PTK
* Returns: Pointer to the added PTKSA cache entry or %NULL on error * Returns: Pointer to the added PTKSA cache entry or %NULL on error
* *
* This function creates a PTKSA entry and adds it to the PTKSA cache. * This function creates a PTKSA entry and adds it to the PTKSA cache.
@ -277,7 +278,7 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
const struct wpa_ptk *ptk, const struct wpa_ptk *ptk,
void (*life_time_expiry_cb) void (*life_time_expiry_cb)
(struct ptksa_cache_entry *e), (struct ptksa_cache_entry *e),
void *ctx) void *ctx, u32 akmp)
{ {
struct ptksa_cache_entry *entry, *tmp, *tmp2 = NULL; struct ptksa_cache_entry *entry, *tmp, *tmp2 = NULL;
struct os_reltime now; struct os_reltime now;
@ -302,6 +303,7 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
entry->cipher = cipher; entry->cipher = cipher;
entry->cb = life_time_expiry_cb; entry->cb = life_time_expiry_cb;
entry->ctx = ctx; entry->ctx = ctx;
entry->akmp = akmp;
if (own_addr) if (own_addr)
os_memcpy(entry->own_addr, own_addr, ETH_ALEN); os_memcpy(entry->own_addr, own_addr, ETH_ALEN);

5
src/common/ptksa_cache.h
View file

@ -26,6 +26,7 @@ struct ptksa_cache_entry {
u8 own_addr[ETH_ALEN]; u8 own_addr[ETH_ALEN];
void (*cb)(struct ptksa_cache_entry *e); void (*cb)(struct ptksa_cache_entry *e);
void *ctx; void *ctx;
u32 akmp;
}; };
#ifdef CONFIG_PTKSA_CACHE #ifdef CONFIG_PTKSA_CACHE
@ -44,7 +45,7 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
const struct wpa_ptk *ptk, const struct wpa_ptk *ptk,
void (*cb) void (*cb)
(struct ptksa_cache_entry *e), (struct ptksa_cache_entry *e),
void *ctx); void *ctx, u32 akmp);
void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher); void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher);
#else /* CONFIG_PTKSA_CACHE */ #else /* CONFIG_PTKSA_CACHE */
@ -73,7 +74,7 @@ static inline int ptksa_cache_list(struct ptksa_cache *ptksa,
static inline struct ptksa_cache_entry * static inline struct ptksa_cache_entry *
ptksa_cache_add(struct ptksa_cache *ptksa, const u8 *own_addr, const u8 *addr, ptksa_cache_add(struct ptksa_cache *ptksa, const u8 *own_addr, const u8 *addr,
u32 cipher, u32 life_time, const struct wpa_ptk *ptk, u32 cipher, u32 life_time, const struct wpa_ptk *ptk,
void (*cb)(struct ptksa_cache_entry *e), void *ctx) void (*cb)(struct ptksa_cache_entry *e), void *ctx, u32 akmp)
{ {
return NULL; return NULL;
} }

2
wpa_supplicant/pasn_supplicant.c
View file

@ -1977,7 +1977,7 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
pasn->cipher, dot11RSNAConfigPMKLifetime, pasn->cipher, dot11RSNAConfigPMKLifetime,
&pasn->ptk, &pasn->ptk,
wpa_s->pasn_params ? wpas_pasn_deauth_cb : NULL, wpa_s->pasn_params ? wpas_pasn_deauth_cb : NULL,
wpa_s->pasn_params ? wpa_s : NULL); wpa_s->pasn_params ? wpa_s : NULL, pasn->akmp);
if (pasn->pmksa_entry) if (pasn->pmksa_entry)
wpa_sm_set_cur_pmksa(wpa_s->wpa, pasn->pmksa_entry); wpa_sm_set_cur_pmksa(wpa_s->wpa, pasn->pmksa_entry);

2
wpa_supplicant/wpas_glue.c
View file

@ -1379,7 +1379,7 @@ static void wpa_supplicant_store_ptk(void *ctx, u8 *addr, int cipher,
struct wpa_supplicant *wpa_s = ctx; struct wpa_supplicant *wpa_s = ctx;
ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, addr, cipher, life_time, ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, addr, cipher, life_time,
ptk, NULL, NULL); ptk, NULL, NULL, 0);
} }
#endif /* CONFIG_NO_WPA */ #endif /* CONFIG_NO_WPA */