OWE: PMKSA caching in AP mode

This extends OWE support in hostapd to allow PMKSA caching to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-09 12:08:12 +03:00 · 2017-10-09 12:08:12 +03:00 · d90f10fa41
commit d90f10fa41
parent 8b5579e17a
5 changed files with 25 additions and 4 deletions
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@ -2128,7 +2128,8 @@ static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
 #ifdef CONFIG_OWE
-static u16 owe_process_assoc_req(struct sta_info *sta, const u8 *owe_dh,
+static u16 owe_process_assoc_req(struct hostapd_data *hapd,
 				 struct sta_info *sta, const u8 *owe_dh,
 				 u8 owe_dh_len)
 {
 	struct wpabuf *secret, *pub, *hkey;
@ -2140,6 +2141,11 @@ static u16 owe_process_assoc_req(struct sta_info *sta, const u8 *owe_dh,
 	u16 group;
 	size_t hash_len, prime_len;
 	if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
 		wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
 		return WLAN_STATUS_SUCCESS;
 	}
 	group = WPA_GET_LE16(owe_dh);
 	if (group == 19)
 		prime_len = 32;
@ -2254,7 +2260,8 @@ static u16 owe_process_assoc_req(struct sta_info *sta, const u8 *owe_dh,
 	wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len);
 	wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
-	/* TODO: Add PMKSA cache entry */
+	wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk,
 			    sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE);
 	return WLAN_STATUS_SUCCESS;
 }
@ -2477,7 +2484,7 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
 		if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
 		    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
 		    elems.owe_dh) {
-			resp = owe_process_assoc_req(sta, elems.owe_dh,
+			resp = owe_process_assoc_req(hapd, sta, elems.owe_dh,
 						     elems.owe_dh_len);
 			if (resp != WLAN_STATUS_SUCCESS)
 				return resp;
--- a/src/ap/pmksa_cache_auth.h
+++ b/src/ap/pmksa_cache_auth.h
@ -35,6 +35,7 @@ struct rsn_pmksa_cache_entry {
 };
 struct rsn_pmksa_cache;
 struct radius_das_attrs;
 struct rsn_pmksa_cache *
 pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -2068,6 +2068,7 @@ SM_STATE(WPA_PTK, PTKSTART)
 	 */
 	if (sm->wpa == WPA_VERSION_WPA2 &&
 	    (wpa_key_mgmt_wpa_ieee8021x(sm->wpa_key_mgmt) ||
 	     (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && sm->pmksa) ||
 	     wpa_key_mgmt_sae(sm->wpa_key_mgmt)) &&
 	    sm->wpa_key_mgmt != WPA_KEY_MGMT_OSEN) {
 		pmkid = buf;
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@ -27,6 +27,7 @@
 #include "tkip_countermeasures.h"
 #include "ap_drv_ops.h"
 #include "ap_config.h"
 #include "pmksa_cache_auth.h"
 #include "wpa_auth.h"
 #include "wpa_auth_glue.h"
@ -267,6 +268,16 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
 			*psk_len = sta->owe_pmk_len;
 		return sta->owe_pmk;
 	}
 	if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta) {
 		struct rsn_pmksa_cache_entry *sa;
 		sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
 		if (sa && sa->akmp == WPA_KEY_MGMT_OWE) {
 			if (psk_len)
 				*psk_len = sa->pmk_len;
 			return sa->pmk;
 		}
 	}
 #endif /* CONFIG_OWE */
 	psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk);
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@ -1051,7 +1051,8 @@ u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
 {
 	int res;
-	res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
+	res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len,
 			       sm->pmksa ? sm->pmksa->pmkid : NULL);
 	if (res < 0)
 		return pos;
 	return pos + res;