AP MLD: Fix ML STA wpa_group update during rekey
At present, group key update is not confined only on the association
link as originally intended. Hence, ensure now that the group key update
is only performed on the association link for non-AP MLDs.
This was missed during adding support for group rekeying for MLO.
Fixes: 12acda633b ("AP MLD: Support group rekeying for MLO")
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
This commit is contained in:
Rameshkumar Sundaram
Jouni Malinen
parent
5dbbca24ea
commit
7275b65149
1 changed files with 35 additions and 3 deletions
|
|
@ -5611,11 +5611,38 @@ static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
|
|||
|
||||
static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
|
||||
{
|
||||
if (ctx != NULL && ctx != sm->group)
|
||||
struct wpa_authenticator *wpa_auth = sm->wpa_auth;
|
||||
struct wpa_group *group = sm->group;
|
||||
#ifdef CONFIG_IEEE80211BE
|
||||
int link_id;
|
||||
|
||||
for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) {
|
||||
if (!sm->mld_links[link_id].valid)
|
||||
continue;
|
||||
if (sm->mld_links[link_id].wpa_auth &&
|
||||
sm->mld_links[link_id].wpa_auth->group == ctx) {
|
||||
group = sm->mld_links[link_id].wpa_auth->group;
|
||||
wpa_auth = sm->mld_links[link_id].wpa_auth;
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif /* CONFIG_IEEE80211BE */
|
||||
|
||||
if (ctx && ctx != group)
|
||||
return 0;
|
||||
|
||||
#ifdef CONFIG_IEEE80211BE
|
||||
/* For ML STA, run rekey on the association link and send G1 with keys
|
||||
* for all links. This is based on assumption that MLD level
|
||||
* Authenticator updates group keys on all affiliated links in one shot
|
||||
* and not independently or concurrently for separate links. */
|
||||
if (sm->mld_assoc_link_id >= 0 &&
|
||||
sm->mld_assoc_link_id != wpa_auth->link_id)
|
||||
return 0;
|
||||
#endif /* CONFIG_IEEE80211BE */
|
||||
|
||||
if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
|
||||
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||
LOGGER_DEBUG,
|
||||
"Not in PTKINITDONE; skip Group Key update");
|
||||
sm->GUpdateStationKeys = false;
|
||||
|
|
@ -5627,7 +5654,7 @@ static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
|
|||
* Since we clear the GKeyDoneStations before the loop, the
|
||||
* station needs to be counted here anyway.
|
||||
*/
|
||||
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||
LOGGER_DEBUG,
|
||||
"GUpdateStationKeys was already set when marking station for GTK rekeying");
|
||||
}
|
||||
|
|
@ -5637,6 +5664,11 @@ static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
|
|||
return 0;
|
||||
|
||||
sm->group->GKeyDoneStations++;
|
||||
#ifdef CONFIG_IEEE80211BE
|
||||
for_each_sm_auth(sm, link_id)
|
||||
sm->mld_links[link_id].wpa_auth->group->GKeyDoneStations++;
|
||||
#endif /* CONFIG_IEEE80211BE */
|
||||
|
||||
sm->GUpdateStationKeys = true;
|
||||
|
||||
wpa_sm_step(sm);
|
||||
|
|
|
|||
Loading…
Reference in a new issue