From d70060f9665a810f2ce8ada67c79ad0bd4430150 Mon Sep 17 00:00:00 2001 From: Ilan Peer Date: Wed, 16 Dec 2020 13:00:27 +0200 Subject: [PATCH] WPA: Add PTKSA cache to wpa_supplicant for PASN PASN requires to store the PTK derived during PASN authentication so it can later be used for secure LTF etc. This is also true for a PTK derived during regular connection. Add an instance of a PTKSA cache for each wpa_supplicant interface when PASN is enabled in build configuration. Signed-off-by: Ilan Peer --- src/rsn_supp/wpa.c | 6 ++++++ src/rsn_supp/wpa.h | 2 ++ src/rsn_supp/wpa_ft.c | 2 ++ src/rsn_supp/wpa_i.h | 8 ++++++++ wpa_supplicant/Android.mk | 2 ++ wpa_supplicant/Makefile | 2 ++ wpa_supplicant/ctrl_iface.c | 3 +++ wpa_supplicant/events.c | 3 +++ wpa_supplicant/wpa_supplicant.c | 3 +++ wpa_supplicant/wpa_supplicant_i.h | 2 ++ wpa_supplicant/wpas_glue.c | 28 ++++++++++++++++++++++++++-- 11 files changed, 59 insertions(+), 2 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 0f348b04c..0d79f3ace 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -949,6 +949,9 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, return -1; } + wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher, + sm->dot11RSNAConfigPMKLifetime, &sm->ptk); + /* TK is not needed anymore in supplicant */ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN); sm->ptk.tk_len = 0; @@ -4916,6 +4919,9 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len) goto fail; } + wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher, + sm->dot11RSNAConfigPMKLifetime, &sm->ptk); + /* TODO: TK could be cleared after auth frame exchange now that driver * takes care of association frame encryption/decryption. */ /* TK is not needed anymore in supplicant */ diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index 80531eb51..9f5164df0 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -87,6 +87,8 @@ struct wpa_sm_ctx { const u8 *pkt, size_t pkt_len); int (*channel_info)(void *ctx, struct wpa_channel_info *ci); void (*transition_disable)(void *ctx, u8 bitmap); + void (*store_ptk)(void *ctx, u8 *addr, int cipher, + u32 life_time, const struct wpa_ptk *ptk); }; diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 6ca9cb7ce..7fa47a1e5 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -449,6 +449,8 @@ static int wpa_ft_install_ptk(struct wpa_sm *sm, const u8 *bssid) return -1; } + wpa_sm_store_ptk(sm, sm->bssid, sm->pairwise_cipher, + sm->dot11RSNAConfigPMKLifetime, &sm->ptk); return 0; } diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 1ac453c77..728280e3b 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -447,6 +447,14 @@ static inline void wpa_sm_transition_disable(struct wpa_sm *sm, u8 bitmap) sm->ctx->transition_disable(sm->ctx->ctx, bitmap); } +static inline void wpa_sm_store_ptk(struct wpa_sm *sm, + u8 *addr, int cipher, + u32 life_time, struct wpa_ptk *ptk) +{ + if (sm->ctx->store_ptk) + sm->ctx->store_ptk(sm->ctx->ctx, addr, cipher, life_time, + ptk); +} int wpa_eapol_key_send(struct wpa_sm *sm, struct wpa_ptk *ptk, int ver, const u8 *dest, u16 proto, diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index 302cd1954..335279428 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -373,10 +373,12 @@ endif ifdef CONFIG_PASN L_CFLAGS += -DCONFIG_PASN +L_CFLAGS += -DCONFIG_PTKSA_CACHE NEED_HMAC_SHA256_KDF=y NEED_HMAC_SHA384_KDF=y NEED_SHA256=y NEED_SHA384=y +OBJS += src/common/ptksa_cache.c endif ifdef CONFIG_HS20 diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index dcb332223..bb18d821c 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -392,10 +392,12 @@ endif ifdef CONFIG_PASN CFLAGS += -DCONFIG_PASN +CFLAGS += -DCONFIG_PTKSA_CACHE NEED_HMAC_SHA256_KDF=y NEED_HMAC_SHA384_KDF=y NEED_SHA256=y NEED_SHA384=y +OBJS += ../src/common/ptksa_cache.o endif ifdef CONFIG_HS20 diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index e63c3f7df..10743745b 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -22,6 +22,7 @@ #ifdef CONFIG_DPP #include "common/dpp.h" #endif /* CONFIG_DPP */ +#include "common/ptksa_cache.h" #include "crypto/tls.h" #include "ap/hostapd.h" #include "eap_peer/eap.h" @@ -8431,6 +8432,7 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s) wpa_s->conf->auto_interworking = 0; wpa_s->conf->okc = 0; + ptksa_cache_flush(wpa_s->ptksa, NULL, WPA_CIPHER_NONE); wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); rsn_preauth_deinit(wpa_s->wpa); @@ -10108,6 +10110,7 @@ static int wpas_ctrl_iface_pmksa(struct wpa_supplicant *wpa_s, static void wpas_ctrl_iface_pmksa_flush(struct wpa_supplicant *wpa_s) { + ptksa_cache_flush(wpa_s->ptksa, NULL, WPA_CIPHER_NONE); wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); #ifdef CONFIG_AP wpas_ap_pmksa_cache_flush(wpa_s); diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index d9ecbefc0..7db906461 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -30,6 +30,7 @@ #include "common/ieee802_11_common.h" #include "common/gas_server.h" #include "common/dpp.h" +#include "common/ptksa_cache.h" #include "crypto/random.h" #include "blacklist.h" #include "wpas_glue.h" @@ -3482,6 +3483,8 @@ static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s, if (wpa_s->wpa_state >= WPA_AUTHENTICATING) wpas_connection_failed(wpa_s, bssid); wpa_sm_notify_disassoc(wpa_s->wpa); + ptksa_cache_flush(wpa_s->ptksa, wpa_s->bssid, WPA_CIPHER_NONE); + if (locally_generated) wpa_s->disconnect_reason = -reason_code; else diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 9f474fd0d..1ba35c3c2 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -41,6 +41,7 @@ #include "common/hw_features_common.h" #include "common/gas_server.h" #include "common/dpp.h" +#include "common/ptksa_cache.h" #include "p2p/p2p.h" #include "fst/fst.h" #include "blacklist.h" @@ -573,6 +574,8 @@ static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s) wmm_ac_clear_saved_tspecs(wpa_s); pmksa_candidate_free(wpa_s->wpa); + ptksa_cache_deinit(wpa_s->ptksa); + wpa_s->ptksa = NULL; wpa_sm_deinit(wpa_s->wpa); wpa_s->wpa = NULL; wpa_blacklist_clear(wpa_s); diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 51fa00702..09f6a7b4a 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -639,6 +639,8 @@ struct wpa_supplicant { int interface_removed; /* whether the network interface has been * removed */ struct wpa_sm *wpa; + struct ptksa_cache *ptksa; + struct eapol_sm *eapol; struct ctrl_iface_priv *ctrl_iface; diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 6cee1e790..b914d2974 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -16,6 +16,7 @@ #include "config.h" #include "l2_packet/l2_packet.h" #include "common/wpa_common.h" +#include "common/ptksa_cache.h" #include "wpa_supplicant_i.h" #include "driver_i.h" #include "rsn_supp/pmksa_cache.h" @@ -1341,6 +1342,15 @@ static void wpa_supplicant_transition_disable(void *_wpa_s, u8 bitmap) #endif /* CONFIG_NO_CONFIG_WRITE */ } + +static void wpa_supplicant_store_ptk(void *ctx, u8 *addr, int cipher, + u32 life_time, const struct wpa_ptk *ptk) +{ + struct wpa_supplicant *wpa_s = ctx; + + ptksa_cache_add(wpa_s->ptksa, addr, cipher, life_time, ptk); +} + #endif /* CONFIG_NO_WPA */ @@ -1348,9 +1358,20 @@ int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) { #ifndef CONFIG_NO_WPA struct wpa_sm_ctx *ctx; + + wpa_s->ptksa = ptksa_cache_init(); + if (!wpa_s->ptksa) { + wpa_printf(MSG_ERROR, "Failed to allocate PTKSA"); + return -1; + } + ctx = os_zalloc(sizeof(*ctx)); if (ctx == NULL) { wpa_printf(MSG_ERROR, "Failed to allocate WPA context."); + + ptksa_cache_deinit(wpa_s->ptksa); + wpa_s->ptksa = NULL; + return -1; } @@ -1394,12 +1415,15 @@ int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) ctx->fils_hlp_rx = wpa_supplicant_fils_hlp_rx; ctx->channel_info = wpa_supplicant_channel_info; ctx->transition_disable = wpa_supplicant_transition_disable; + ctx->store_ptk = wpa_supplicant_store_ptk; wpa_s->wpa = wpa_sm_init(ctx); if (wpa_s->wpa == NULL) { - wpa_printf(MSG_ERROR, "Failed to initialize WPA state " - "machine"); + wpa_printf(MSG_ERROR, + "Failed to initialize WPA state machine"); os_free(ctx); + ptksa_cache_deinit(wpa_s->ptksa); + wpa_s->ptksa = NULL; return -1; } #endif /* CONFIG_NO_WPA */