From 580bd04cf3525d61166522299c544299166202c0 Mon Sep 17 00:00:00 2001
From: Vinay Gannevaram <quic_vganneva@quicinc.com>
Date: Sun, 20 Mar 2022 14:56:00 +0530
Subject: [PATCH] Add own MAC address used for key derivation to PTKSA cache

On successful PASN handshake or 4-way handshake with a peer, PTK is
derived using the local and peer MAC addresses as input. Store the own
MAC address that is used for key derivation in PTKSA cache to maintain
that state over potential MAC addresses changes.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
---
 src/ap/ieee802_11.c              | 4 ++--
 src/ap/wpa_auth_glue.c           | 3 ++-
 src/common/ptksa_cache.c         | 4 ++++
 src/common/ptksa_cache.h         | 6 ++++--
 wpa_supplicant/pasn_supplicant.c | 4 ++--
 wpa_supplicant/wpas_glue.c       | 3 ++-
 6 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 86cb3965c..53f2aab6f 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3502,8 +3502,8 @@ static void handle_auth_pasn_3(struct hostapd_data *hapd, struct sta_info *sta,
 	wpa_printf(MSG_INFO,
 		   "PASN: Success handling transaction == 3. Store PTK");
 
-	ptksa_cache_add(hapd->ptksa, sta->addr, sta->pasn->cipher, 43200,
-			&sta->pasn->ptk);
+	ptksa_cache_add(hapd->ptksa, hapd->own_addr, sta->addr,
+			sta->pasn->cipher, 43200, &sta->pasn->ptk);
 fail:
 	ap_free_sta(hapd, sta);
 }
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index bef8fd261..9c27c7a83 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -934,7 +934,8 @@ static void hostapd_store_ptksa(void *ctx, const u8 *addr,int cipher,
 {
 	struct hostapd_data *hapd = ctx;
 
-	ptksa_cache_add(hapd->ptksa, addr, cipher, life_time, ptk);
+	ptksa_cache_add(hapd->ptksa, hapd->own_addr, addr, cipher, life_time,
+			ptk);
 }
 
 
diff --git a/src/common/ptksa_cache.c b/src/common/ptksa_cache.c
index 8fcb13507..be7a7605e 100644
--- a/src/common/ptksa_cache.c
+++ b/src/common/ptksa_cache.c
@@ -254,6 +254,7 @@ void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher)
 /*
  * ptksa_cache_add - Add a PTKSA cache entry
  * @ptksa: Pointer to PTKSA cache data from ptksa_cache_init()
+ * @own_addr: Own MAC address
  * @addr: Peer address
  * @cipher: The cipher used
  * @life_time: The PTK life time in seconds
@@ -265,6 +266,7 @@ void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher)
  * this entry will be replaced with the new entry.
  */
 struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
+					   const u8 *own_addr,
 					   const u8 *addr, u32 cipher,
 					   u32 life_time,
 					   const struct wpa_ptk *ptk)
@@ -289,6 +291,8 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
 	dl_list_init(&entry->list);
 	os_memcpy(entry->addr, addr, ETH_ALEN);
 	entry->cipher = cipher;
+	if (own_addr)
+		os_memcpy(entry->own_addr, own_addr, ETH_ALEN);
 
 	os_memcpy(&entry->ptk, ptk, sizeof(entry->ptk));
 
diff --git a/src/common/ptksa_cache.h b/src/common/ptksa_cache.h
index 28ef29144..ee7675fa4 100644
--- a/src/common/ptksa_cache.h
+++ b/src/common/ptksa_cache.h
@@ -23,6 +23,7 @@ struct ptksa_cache_entry {
 	os_time_t expiration;
 	u32 cipher;
 	u8 addr[ETH_ALEN];
+	u8 own_addr[ETH_ALEN];
 };
 
 #ifdef CONFIG_PTKSA_CACHE
@@ -35,6 +36,7 @@ struct ptksa_cache_entry * ptksa_cache_get(struct ptksa_cache *ptksa,
 					   const u8 *addr, u32 cipher);
 int ptksa_cache_list(struct ptksa_cache *ptksa, char *buf, size_t len);
 struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
+					   const u8 *own_addr,
 					   const u8 *addr, u32 cipher,
 					   u32 life_time,
 					   const struct wpa_ptk *ptk);
@@ -64,8 +66,8 @@ static inline int ptksa_cache_list(struct ptksa_cache *ptksa,
 }
 
 static inline struct ptksa_cache_entry *
-ptksa_cache_add(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher,
-		u32 life_time, const struct wpa_ptk *ptk)
+ptksa_cache_add(struct ptksa_cache *ptksa, const u8 *own_addr, const u8 *addr,
+		u32 cipher, u32 life_time, const struct wpa_ptk *ptk)
 {
 	return NULL;
 }
diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index aa5fc087b..9f2f6ebb9 100644
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -1567,8 +1567,8 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
 
 	wpa_printf(MSG_DEBUG, "PASN: Success sending last frame. Store PTK");
 
-	ptksa_cache_add(wpa_s->ptksa, pasn->bssid, pasn->cipher,
-			dot11RSNAConfigPMKLifetime, &pasn->ptk);
+	ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, pasn->bssid,
+			pasn->cipher, dot11RSNAConfigPMKLifetime, &pasn->ptk);
 
 	forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
 
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 0d8233626..78ad5a665 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1378,7 +1378,8 @@ static void wpa_supplicant_store_ptk(void *ctx, u8 *addr, int cipher,
 {
 	struct wpa_supplicant *wpa_s = ctx;
 
-	ptksa_cache_add(wpa_s->ptksa, addr, cipher, life_time, ptk);
+	ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, addr, cipher, life_time,
+			ptk);
 }
 
 #endif /* CONFIG_NO_WPA */