wpa_supplicant: Use MLD address in SAE authentication
Use MLD address in SAE commit derivation and PMKSA storing. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This commit is contained in:
parent
8c0f83ae88
commit
e869fdfeef
2 changed files with 35 additions and 13 deletions
|
@ -86,7 +86,9 @@ static int sme_set_sae_group(struct wpa_supplicant *wpa_s, bool external)
|
||||||
|
|
||||||
static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
|
static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
|
||||||
struct wpa_ssid *ssid,
|
struct wpa_ssid *ssid,
|
||||||
const u8 *bssid, int external,
|
const u8 *bssid,
|
||||||
|
const u8 *mld_addr,
|
||||||
|
int external,
|
||||||
int reuse, int *ret_use_pt,
|
int reuse, int *ret_use_pt,
|
||||||
bool *ret_use_pk)
|
bool *ret_use_pk)
|
||||||
{
|
{
|
||||||
|
@ -99,6 +101,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
|
||||||
u8 rsnxe_capa = 0;
|
u8 rsnxe_capa = 0;
|
||||||
int key_mgmt = external ? wpa_s->sme.ext_auth_key_mgmt :
|
int key_mgmt = external ? wpa_s->sme.ext_auth_key_mgmt :
|
||||||
wpa_s->key_mgmt;
|
wpa_s->key_mgmt;
|
||||||
|
const u8 *addr = mld_addr ? mld_addr : bssid;
|
||||||
|
|
||||||
if (ret_use_pt)
|
if (ret_use_pt)
|
||||||
*ret_use_pt = 0;
|
*ret_use_pt = 0;
|
||||||
|
@ -162,7 +165,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (reuse && wpa_s->sme.sae.tmp &&
|
if (reuse && wpa_s->sme.sae.tmp &&
|
||||||
os_memcmp(bssid, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) {
|
os_memcmp(addr, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"SAE: Reuse previously generated PWE on a retry with the same AP");
|
"SAE: Reuse previously generated PWE on a retry with the same AP");
|
||||||
use_pt = wpa_s->sme.sae.h2e;
|
use_pt = wpa_s->sme.sae.h2e;
|
||||||
|
@ -230,7 +233,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
|
||||||
|
|
||||||
if (use_pt &&
|
if (use_pt &&
|
||||||
sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
|
sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
|
||||||
wpa_s->own_addr, bssid,
|
wpa_s->own_addr, addr,
|
||||||
wpa_s->sme.sae_rejected_groups, NULL) < 0)
|
wpa_s->sme.sae_rejected_groups, NULL) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
if (!use_pt &&
|
if (!use_pt &&
|
||||||
|
@ -241,13 +244,13 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
if (wpa_s->sme.sae.tmp) {
|
if (wpa_s->sme.sae.tmp) {
|
||||||
os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN);
|
os_memcpy(wpa_s->sme.sae.tmp->bssid, addr, ETH_ALEN);
|
||||||
if (use_pt && use_pk)
|
if (use_pt && use_pk)
|
||||||
wpa_s->sme.sae.pk = 1;
|
wpa_s->sme.sae.pk = 1;
|
||||||
#ifdef CONFIG_SAE_PK
|
#ifdef CONFIG_SAE_PK
|
||||||
os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr,
|
os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr,
|
||||||
ETH_ALEN);
|
ETH_ALEN);
|
||||||
os_memcpy(wpa_s->sme.sae.tmp->peer_addr, bssid, ETH_ALEN);
|
os_memcpy(wpa_s->sme.sae.tmp->peer_addr, addr, ETH_ALEN);
|
||||||
sae_pk_set_password(&wpa_s->sme.sae, password);
|
sae_pk_set_password(&wpa_s->sme.sae, password);
|
||||||
#endif /* CONFIG_SAE_PK */
|
#endif /* CONFIG_SAE_PK */
|
||||||
}
|
}
|
||||||
|
@ -688,7 +691,9 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
|
||||||
if (wpa_key_mgmt_fils(ssid->key_mgmt))
|
if (wpa_key_mgmt_fils(ssid->key_mgmt))
|
||||||
cache_id = wpa_bss_get_fils_cache_id(bss);
|
cache_id = wpa_bss_get_fils_cache_id(bss);
|
||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
|
if (pmksa_cache_set_current(wpa_s->wpa, NULL,
|
||||||
|
params.mld ? params.ap_mld_addr :
|
||||||
|
bss->bssid,
|
||||||
wpa_s->current_ssid,
|
wpa_s->current_ssid,
|
||||||
try_opportunistic, cache_id,
|
try_opportunistic, cache_id,
|
||||||
0) == 0)
|
0) == 0)
|
||||||
|
@ -990,7 +995,10 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
|
||||||
|
|
||||||
#ifdef CONFIG_SAE
|
#ifdef CONFIG_SAE
|
||||||
if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE &&
|
if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE &&
|
||||||
pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, ssid, 0,
|
pmksa_cache_set_current(wpa_s->wpa, NULL,
|
||||||
|
params.mld ? params.ap_mld_addr :
|
||||||
|
bss->bssid,
|
||||||
|
ssid, 0,
|
||||||
NULL,
|
NULL,
|
||||||
wpa_key_mgmt_sae(wpa_s->key_mgmt) ?
|
wpa_key_mgmt_sae(wpa_s->key_mgmt) ?
|
||||||
wpa_s->key_mgmt :
|
wpa_s->key_mgmt :
|
||||||
|
@ -1005,7 +1013,10 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
|
||||||
if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE) {
|
if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE) {
|
||||||
if (start)
|
if (start)
|
||||||
resp = sme_auth_build_sae_commit(wpa_s, ssid,
|
resp = sme_auth_build_sae_commit(wpa_s, ssid,
|
||||||
bss->bssid, 0,
|
bss->bssid,
|
||||||
|
params.mld ?
|
||||||
|
params.ap_mld_addr :
|
||||||
|
NULL, 0,
|
||||||
start == 2, NULL,
|
start == 2, NULL,
|
||||||
NULL);
|
NULL);
|
||||||
else
|
else
|
||||||
|
@ -1084,7 +1095,9 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
|
||||||
goto no_fils;
|
goto no_fils;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
|
if (pmksa_cache_set_current(wpa_s->wpa, NULL,
|
||||||
|
params.mld ? params.ap_mld_addr :
|
||||||
|
bss->bssid,
|
||||||
ssid, 0,
|
ssid, 0,
|
||||||
wpa_bss_get_fils_cache_id(bss),
|
wpa_bss_get_fils_cache_id(bss),
|
||||||
0) == 0)
|
0) == 0)
|
||||||
|
@ -1320,8 +1333,8 @@ static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s,
|
||||||
bool use_pk;
|
bool use_pk;
|
||||||
u16 status;
|
u16 status;
|
||||||
|
|
||||||
resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid, 1, 0, &use_pt,
|
resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid, NULL,
|
||||||
&use_pk);
|
1, 0, &use_pt, &use_pk);
|
||||||
if (!resp) {
|
if (!resp) {
|
||||||
wpa_printf(MSG_DEBUG, "SAE: Failed to build SAE commit");
|
wpa_printf(MSG_DEBUG, "SAE: Failed to build SAE commit");
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -1869,7 +1882,9 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
|
||||||
|
|
||||||
#ifdef CONFIG_SAE
|
#ifdef CONFIG_SAE
|
||||||
if (data->auth.auth_type == WLAN_AUTH_SAE) {
|
if (data->auth.auth_type == WLAN_AUTH_SAE) {
|
||||||
|
const u8 *addr = wpa_s->pending_bssid;
|
||||||
int res;
|
int res;
|
||||||
|
|
||||||
res = sme_sae_auth(wpa_s, data->auth.auth_transaction,
|
res = sme_sae_auth(wpa_s, data->auth.auth_transaction,
|
||||||
data->auth.status_code, data->auth.ies,
|
data->auth.status_code, data->auth.ies,
|
||||||
data->auth.ies_len, 0, data->auth.peer,
|
data->auth.ies_len, 0, data->auth.peer,
|
||||||
|
@ -1882,7 +1897,10 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
|
||||||
if (res != 1)
|
if (res != 1)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (sme_sae_set_pmk(wpa_s, wpa_s->pending_bssid) < 0)
|
if (wpa_s->valid_links)
|
||||||
|
addr = wpa_s->ap_mld_addr;
|
||||||
|
|
||||||
|
if (sme_sae_set_pmk(wpa_s, addr) < 0)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_SAE */
|
#endif /* CONFIG_SAE */
|
||||||
|
|
|
@ -3137,6 +3137,10 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
wpa_key_mgmt_wpa(ssid->key_mgmt)) {
|
wpa_key_mgmt_wpa(ssid->key_mgmt)) {
|
||||||
int try_opportunistic;
|
int try_opportunistic;
|
||||||
const u8 *cache_id = NULL;
|
const u8 *cache_id = NULL;
|
||||||
|
const u8 *addr = bss->bssid;
|
||||||
|
|
||||||
|
if (wpa_s->valid_links)
|
||||||
|
addr = wpa_s->ap_mld_addr;
|
||||||
|
|
||||||
try_opportunistic = (ssid->proactive_key_caching < 0 ?
|
try_opportunistic = (ssid->proactive_key_caching < 0 ?
|
||||||
wpa_s->conf->okc :
|
wpa_s->conf->okc :
|
||||||
|
@ -3146,7 +3150,7 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
if (wpa_key_mgmt_fils(ssid->key_mgmt))
|
if (wpa_key_mgmt_fils(ssid->key_mgmt))
|
||||||
cache_id = wpa_bss_get_fils_cache_id(bss);
|
cache_id = wpa_bss_get_fils_cache_id(bss);
|
||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
|
if (pmksa_cache_set_current(wpa_s->wpa, NULL, addr,
|
||||||
ssid, try_opportunistic,
|
ssid, try_opportunistic,
|
||||||
cache_id, 0) == 0) {
|
cache_id, 0) == 0) {
|
||||||
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
|
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
|
||||||
|
|
Loading…
Reference in a new issue