RE: [PATCH v2 13/17] MLD STA: Add support for group rekeying

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

> -----Original Message-----
> From: Hostap <hostap-bounces@xxxxxxxxxxxxxxxxxxx> On Behalf Of
> Veerendranath Jakkam
> Sent: Saturday, October 01, 2022 11:21
> To: hostap@xxxxxxxxxxxxxxxxxxx
> Cc: quic_vjakkam@xxxxxxxxxxx
> Subject: [PATCH v2 13/17] MLD STA: Add support for group rekeying
> 
> Add support for group rekeying in MLO connection. Parse per link MLO
> GTK/IGTK/BIGTK KDEs from Group Key msg 1/2 and configure to driver.
> 
> Signed-off-by: Veerendranath Jakkam <quic_vjakkam@xxxxxxxxxxx>
> ---
>  src/rsn_supp/wpa.c | 106
> +++++++++++++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 103 insertions(+), 3 deletions(-)
> 
> diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index
> db97a2b..b454159 100644
> --- a/src/rsn_supp/wpa.c
> +++ b/src/rsn_supp/wpa.c
> @@ -2829,6 +2829,99 @@ static int wpa_supplicant_send_2_of_2(struct
> wpa_sm *sm,  }
> 
> 
> +static void wpa_supplicant_process_mlo_1_of_2(struct wpa_sm *sm,
> +					      const unsigned char *src_addr,
> +					      const struct wpa_eapol_key *key,
> +					      const u8 *key_data,
> +					      size_t key_data_len, u16 ver) {
> +	u16 key_info;
> +	u8 i;
> +	int rekey;
> +	struct wpa_eapol_ie_parse ie;
> +
> +	if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
> +		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> +			"MLO RSN: Group Key Handshake started prior to
> completion of 4-way handshake");
> +		goto failed;
> +	}
> +
> +	rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;

I think that for MLD we should always be in WPA_COMPLETED to process message 1 of group handshake.

> +	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "MLO RSN: RX message
> 1 of Group "
> +		"Key Handshake from " MACSTR " (ver=%d)",
> MAC2STR(src_addr),
> +		ver);
> +
> +	key_info = WPA_GET_BE16(key->key_info);
> +
> +	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
> +
> +	wpa_hexdump_key(MSG_DEBUG, "MLO RSN: msg 1/2 key data",
> key_data,
> +			key_data_len);
> +	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
> +		goto failed;
> +
> +	if (!ie.valid_mlo_gtks) {
> +		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> +			"MLO RSN: No MLO GTK KDE in Group Key msg 1/2");
> +		goto failed;
> +	}
> +
> +	if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
> +		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> +			"MLO RSN: MLO GTK KDE in unencrypted key data");
> +		goto failed;
> +	}
> +
> +	if (mlo_ieee80211w_set_keys(sm, &ie) < 0)
> +		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> +			"MLO RSN: Failed to configure MLO IGTK");
> +
> +	for (i = 0; i < MAX_NUM_MLO_LINKS; i++) {
> +		if (!(sm->mlo.setup_links & BIT(i)))
> +			continue;
> +
> +		if (!ie.mlo_gtk[i]) {
> +			/*
> +			 * AP may send group keys for subset of the all links
> +			 * during rekey
> +			 */
> +			if (rekey)
> +				continue;
> +
> +			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> +				"MLO RSN: GTK not found for link ID %u", i);
> +			goto failed;
> +		}
> +
> +		if (wpa_supplicant_mlo_gtk(sm, i, ie.mlo_gtk[i],
> +					   ie.mlo_gtk_len[i], key_info))
> +			goto failed;
> +	}

Any reason why the GTK is installed after the group keys? Probably doesn't matter but wanted to know if there is a reason for it.

Regards,

Ilan.

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux