OKC with Suite B AKMPs in hostapd
To support Opportunistic Key Caching for Suite B key management, KCK needs to be stored on PMKSA to derive the new PMKID correctly when processing reassociation from a STA to a new AP. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
0c9df339f5
commit
aac288914e
2 changed files with 17 additions and 2 deletions
|
|
@ -334,6 +334,10 @@ pmksa_cache_auth_create_entry(const u8 *pmk, size_t pmk_len, const u8 *pmkid,
|
|||
return NULL;
|
||||
os_memcpy(entry->pmk, pmk, pmk_len);
|
||||
entry->pmk_len = pmk_len;
|
||||
if (kck && kck_len && kck_len < WPA_KCK_MAX_LEN) {
|
||||
os_memcpy(entry->kck, kck, kck_len);
|
||||
entry->kck_len = kck_len;
|
||||
}
|
||||
if (pmkid)
|
||||
os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
|
||||
else if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
|
||||
|
|
@ -525,8 +529,17 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
|
|||
return entry;
|
||||
continue;
|
||||
}
|
||||
rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
|
||||
entry->akmp);
|
||||
if (entry->akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 &&
|
||||
entry->kck_len > 0)
|
||||
rsn_pmkid_suite_b_192(entry->kck, entry->kck_len,
|
||||
aa, spa, new_pmkid);
|
||||
else if (wpa_key_mgmt_suite_b(entry->akmp) &&
|
||||
entry->kck_len > 0)
|
||||
rsn_pmkid_suite_b(entry->kck, entry->kck_len, aa, spa,
|
||||
new_pmkid);
|
||||
else
|
||||
rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa,
|
||||
new_pmkid, entry->akmp);
|
||||
if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
|
||||
return entry;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ struct rsn_pmksa_cache_entry {
|
|||
u8 pmkid[PMKID_LEN];
|
||||
u8 pmk[PMK_LEN_MAX];
|
||||
size_t pmk_len;
|
||||
u8 kck[WPA_KCK_MAX_LEN];
|
||||
size_t kck_len;
|
||||
os_time_t expiration;
|
||||
int akmp; /* WPA_KEY_MGMT_* */
|
||||
u8 spa[ETH_ALEN];
|
||||
|
|
|
|||
Loading…
Reference in a new issue