mesh: Fix PMKSA cache entry addition with external PMKSA management

The length of the PMK ended up getting lost when a PMKSA cache entry was
added based on externally managed information. Set the PMK length in SAE
context to get the correct length stored into the actual PMKSA cache
entry that gets created in this path.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2023-12-02 20:31:16 +02:00
parent 0302c3ad22
commit 4f69b4a31e
3 changed files with 6 additions and 4 deletions

View file

@ -5868,13 +5868,14 @@ wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa, void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
struct wpa_state_machine *sm, struct wpa_state_machine *sm,
struct wpa_authenticator *wpa_auth, struct wpa_authenticator *wpa_auth,
u8 *pmkid, u8 *pmk) u8 *pmkid, u8 *pmk, size_t *pmk_len)
{ {
if (!sm) if (!sm)
return; return;
sm->pmksa = pmksa; sm->pmksa = pmksa;
os_memcpy(pmk, pmksa->pmk, PMK_LEN); os_memcpy(pmk, pmksa->pmk, pmksa->pmk_len);
*pmk_len = pmksa->pmk_len;
os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN); os_memcpy(pmkid, pmksa->pmkid, PMKID_LEN);
os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN); os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmksa->pmkid, PMKID_LEN);
} }

View file

@ -507,7 +507,7 @@ wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa, void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
struct wpa_state_machine *sm, struct wpa_state_machine *sm,
struct wpa_authenticator *wpa_auth, struct wpa_authenticator *wpa_auth,
u8 *pmkid, u8 *pmk); u8 *pmkid, u8 *pmk, size_t *pmk_len);
int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id); int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id);
void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth, void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
struct wpa_state_machine *sm, int ack); struct wpa_state_machine *sm, int ack);

View file

@ -386,7 +386,8 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
" - try to use PMKSA caching instead of new SAE authentication", " - try to use PMKSA caching instead of new SAE authentication",
MAC2STR(sta->addr)); MAC2STR(sta->addr));
wpa_auth_pmksa_set_to_sm(pmksa, sta->wpa_sm, hapd->wpa_auth, wpa_auth_pmksa_set_to_sm(pmksa, sta->wpa_sm, hapd->wpa_auth,
sta->sae->pmkid, sta->sae->pmk); sta->sae->pmkid, sta->sae->pmk,
&sta->sae->pmk_len);
sae_accept_sta(hapd, sta); sae_accept_sta(hapd, sta);
sta->mesh_sae_pmksa_caching = 1; sta->mesh_sae_pmksa_caching = 1;
return 0; return 0;