From 65a3a273cd1a0860bb1b8400cd1f7a8655afc234 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 2 Apr 2022 17:15:41 +0300 Subject: [PATCH] OWE: Reuse own DH private key in AP if STA tries OWE association again This is a workaround for mac80211 behavior of retransmitting the Association Request frames multiple times if the link layer retries (i.e., seq# remains same) fail. The mac80211 initiated retransmission will use a different seq# and as such, will go through duplicate detection. If we were to change our DH key for that attempt, there would be two different DH shared secrets and the STA would likely select the wrong one. Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index c722242eb..15fdcbd62 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -4186,8 +4186,21 @@ static u16 owe_process_assoc_req(struct hostapd_data *hapd, else return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; - crypto_ecdh_deinit(sta->owe_ecdh); - sta->owe_ecdh = crypto_ecdh_init(group); + if (sta->owe_group == group && sta->owe_ecdh) { + /* This is a workaround for mac80211 behavior of retransmitting + * the Association Request frames multiple times if the link + * layer retries (i.e., seq# remains same) fail. The mac80211 + * initiated retransmission will use a different seq# and as + * such, will go through duplicate detection. If we were to + * change our DH key for that attempt, there would be two + * different DH shared secrets and the STA would likely select + * the wrong one. */ + wpa_printf(MSG_DEBUG, + "OWE: Try to reuse own previous DH key since the STA tried to go through OWE association again"); + } else { + crypto_ecdh_deinit(sta->owe_ecdh); + sta->owe_ecdh = crypto_ecdh_init(group); + } if (!sta->owe_ecdh) return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; sta->owe_group = group;