Use MLD address in SAE commit derivation and PMKSA storing. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@xxxxxxxxx> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@xxxxxxxxx> --- wpa_supplicant/sme.c | 44 ++++++++++++++++++++++++--------- wpa_supplicant/wpa_supplicant.c | 6 ++++- 2 files changed, 37 insertions(+), 13 deletions(-) diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index 0a44824604..dc2029b64e 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -85,7 +85,9 @@ static int sme_set_sae_group(struct wpa_supplicant *wpa_s) static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, - const u8 *bssid, int external, + const u8 *bssid, + const u8 *mld_addr, + int external, int reuse, int *ret_use_pt, bool *ret_use_pk) { @@ -97,6 +99,9 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, bool use_pk = false; u8 rsnxe_capa = 0; + if (!mld_addr) + mld_addr = bssid; + if (ret_use_pt) *ret_use_pt = 0; if (ret_use_pk) @@ -159,7 +164,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, } if (reuse && wpa_s->sme.sae.tmp && - os_memcmp(bssid, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) { + os_memcmp(mld_addr, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) { wpa_printf(MSG_DEBUG, "SAE: Reuse previously generated PWE on a retry with the same AP"); use_pt = wpa_s->sme.sae.h2e; @@ -227,7 +232,7 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, if (use_pt && sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt, - wpa_s->own_addr, bssid, + wpa_s->own_addr, mld_addr, wpa_s->sme.sae_rejected_groups, NULL) < 0) goto fail; if (!use_pt && @@ -238,13 +243,13 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, goto fail; } if (wpa_s->sme.sae.tmp) { - os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN); + os_memcpy(wpa_s->sme.sae.tmp->bssid, mld_addr, ETH_ALEN); if (use_pt && use_pk) wpa_s->sme.sae.pk = 1; #ifdef CONFIG_SAE_PK os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr, ETH_ALEN); - os_memcpy(wpa_s->sme.sae.tmp->peer_addr, bssid, ETH_ALEN); + os_memcpy(wpa_s->sme.sae.tmp->peer_addr, mld_addr, ETH_ALEN); sae_pk_set_password(&wpa_s->sme.sae, password); #endif /* CONFIG_SAE_PK */ } @@ -691,7 +696,9 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, if (wpa_key_mgmt_fils(ssid->key_mgmt)) cache_id = wpa_bss_get_fils_cache_id(bss); #endif /* CONFIG_FILS */ - if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, + if (pmksa_cache_set_current(wpa_s->wpa, NULL, + params.mld ? + params.ap_mld_addr : params.bssid, wpa_s->current_ssid, try_opportunistic, cache_id, 0) == 0) @@ -993,7 +1000,10 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, #ifdef CONFIG_SAE if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE && - pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, ssid, 0, + pmksa_cache_set_current(wpa_s->wpa, NULL, + params.mld ? + params.ap_mld_addr : params.bssid, + ssid, 0, NULL, wpa_key_mgmt_sae(wpa_s->key_mgmt) ? wpa_s->key_mgmt : @@ -1008,7 +1018,10 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE) { if (start) resp = sme_auth_build_sae_commit(wpa_s, ssid, - bss->bssid, 0, + bss->bssid, + params.mld ? + params.ap_mld_addr : + NULL, 0, start == 2, NULL, NULL); else @@ -1087,7 +1100,9 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, goto no_fils; } - if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, + if (pmksa_cache_set_current(wpa_s->wpa, NULL, + params.mld ? params.ap_mld_addr : + params.bssid, ssid, 0, wpa_bss_get_fils_cache_id(bss), 0) == 0) @@ -1323,8 +1338,8 @@ static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s, bool use_pk; u16 status; - resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid, 1, 0, &use_pt, - &use_pk); + resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid, NULL, + 1, 0, &use_pt, &use_pk); if (!resp) { wpa_printf(MSG_DEBUG, "SAE: Failed to build SAE commit"); return -1; @@ -1864,6 +1879,8 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data) #ifdef CONFIG_SAE if (data->auth.auth_type == WLAN_AUTH_SAE) { + u8 *bss = wpa_s->pending_bssid; + int res; res = sme_sae_auth(wpa_s, data->auth.auth_transaction, data->auth.status_code, data->auth.ies, @@ -1877,7 +1894,10 @@ void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data) if (res != 1) return; - if (sme_sae_set_pmk(wpa_s, wpa_s->pending_bssid) < 0) + if (wpa_s->valid_links) + bss = wpa_s->ap_mld_addr; + + if (sme_sae_set_pmk(wpa_s, bss) < 0) return; } #endif /* CONFIG_SAE */ diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 7849b40296..14d741f43f 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -3137,6 +3137,10 @@ static u8 * wpas_populate_assoc_ies( wpa_key_mgmt_wpa(ssid->key_mgmt)) { int try_opportunistic; const u8 *cache_id = NULL; + u8 *bssid = bss->bssid; + + if (wpa_s->valid_links) + bssid = wpa_s->ap_mld_addr; try_opportunistic = (ssid->proactive_key_caching < 0 ? wpa_s->conf->okc : @@ -3146,7 +3150,7 @@ static u8 * wpas_populate_assoc_ies( if (wpa_key_mgmt_fils(ssid->key_mgmt)) cache_id = wpa_bss_get_fils_cache_id(bss); #endif /* CONFIG_FILS */ - if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, + if (pmksa_cache_set_current(wpa_s->wpa, NULL, bssid, ssid, try_opportunistic, cache_id, 0) == 0) { eapol_sm_notify_pmkid_attempt(wpa_s->eapol); -- 2.25.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap