[PATCH v2 16/17] MLD STA: Store AP MLD address in PMKSA entries

Veerendranath Jakkam quic_vjakkam at quicinc.com
Sat Oct 1 01:21:28 PDT 2022 

For MLO connection AP MLD address is the authenticator address thus
store AP MLD address in PMKSA entries instead of assoc link BSSID.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam at quicinc.com>
---
 src/rsn_supp/wpa.c              | 14 +++++++-------
 src/rsn_supp/wpa.h              |  4 ++--
 wpa_supplicant/events.c         |  7 +++++--
 wpa_supplicant/sme.c            | 26 +++++++++++++++++++++++---
 wpa_supplicant/wpa_supplicant.c |  6 +++++-
 5 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index b454159..3e1ceb3 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2370,7 +2370,7 @@ static void wpa_supplicant_process_mlo_3_of_4(struct wpa_sm *sm,
 
 		sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL,
 				     sm->ptk.kck, sm->ptk.kck_len,
-				     sm->bssid, sm->own_addr,
+				     wpa_sm_get_auth_addr(sm), sm->own_addr,
 				     sm->network_ctx, sm->key_mgmt, NULL);
 		if (!sm->cur_pmksa)
 			sm->cur_pmksa = sa;
@@ -3974,12 +3974,12 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
  * @pmk: The new PMK
  * @pmk_len: The length of the new PMK in bytes
  * @pmkid: Calculated PMKID
- * @bssid: AA to add into PMKSA cache or %NULL to not cache the PMK
+ * @auth_addr: AA to add into PMKSA cache or %NULL to not cache the PMK
  *
  * Configure the PMK for WPA state machine.
  */
 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
-		    const u8 *pmkid, const u8 *bssid)
+		    const u8 *pmkid, const u8 *auth_addr)
 {
 	if (sm == NULL)
 		return;
@@ -3995,9 +3995,9 @@ void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
 	os_memcpy(sm->xxkey, pmk, pmk_len);
 #endif /* CONFIG_IEEE80211R */
 
-	if (bssid) {
+	if (auth_addr) {
 		sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len,
-						pmkid, NULL, 0, bssid,
+						pmkid, NULL, 0, auth_addr,
 						sm->own_addr,
 						sm->network_ctx, sm->key_mgmt,
 						NULL);
@@ -6026,7 +6026,7 @@ fail:
 }
 
 
-int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
+int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *auth_addr,
 			   const u8 *resp_ies, size_t resp_ies_len)
 {
 	struct ieee802_11_elems elems;
@@ -6177,7 +6177,7 @@ int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
 	wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, sm->pmk_len);
 	wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
 	pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, pmkid, NULL, 0,
-			bssid, sm->own_addr, sm->network_ctx, sm->key_mgmt,
+			auth_addr, sm->own_addr, sm->network_ctx, sm->key_mgmt,
 			NULL);
 
 	return 0;
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 3d6574f..8050236 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -153,7 +153,7 @@ void wpa_sm_deinit(struct wpa_sm *sm);
 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid);
 void wpa_sm_notify_disassoc(struct wpa_sm *sm);
 void wpa_sm_set_pmk(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
-		    const u8 *pmkid, const u8 *bssid);
+		    const u8 *pmkid, const u8 *auth_addr);
 void wpa_sm_set_pmk_from_pmksa(struct wpa_sm *sm);
 void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth);
 void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx);
@@ -567,7 +567,7 @@ struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
 int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len);
 
 struct wpabuf * owe_build_assoc_req(struct wpa_sm *sm, u16 group);
-int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *bssid,
+int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *auth_addr,
 			   const u8 *resp_ies, size_t resp_ies_len);
 
 void wpa_sm_set_reset_fils_completed(struct wpa_sm *sm, int set);
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index ce88cc9..4069e4b 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3113,7 +3113,8 @@ static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_OWE
 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
 	    (!bssid_known ||
-	     owe_process_assoc_resp(wpa_s->wpa, bssid,
+	     owe_process_assoc_resp(wpa_s->wpa,
+				    wpa_s->valid_links ? wpa_s->ap_mld_addr : bssid,
 				    data->assoc_info.resp_ies,
 				    data->assoc_info.resp_ies_len) < 0)) {
 		wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
@@ -5000,7 +5001,9 @@ static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s,
 					       data->assoc_info.fils_pmk,
 					       data->assoc_info.fils_pmk_len,
 					       data->assoc_info.fils_pmkid,
-					       wpa_s->bssid, fils_cache_id);
+					       wpa_s->valid_links ?
+					       wpa_s->ap_mld_addr : wpa_s->bssid,
+					       fils_cache_id);
 		} else if (data->assoc_info.fils_pmkid) {
 			/* Update the current PMKSA used for this connection */
 			pmksa_cache_set_current(wpa_s->wpa,
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index ce409d5..084de3d 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1531,12 +1531,12 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
 }
 
 
-static int sme_sae_set_pmk(struct wpa_supplicant *wpa_s, const u8 *bssid)
+static int sme_sae_set_pmk(struct wpa_supplicant *wpa_s, const u8 *auth_addr)
 {
 	wpa_printf(MSG_DEBUG,
 		   "SME: SAE completed - setting PMK for 4-way handshake");
 	wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, wpa_s->sme.sae.pmk_len,
-		       wpa_s->sme.sae.pmkid, bssid);
+		       wpa_s->sme.sae.pmkid, auth_addr);
 	if (wpa_s->conf->sae_pmkid_in_assoc) {
 		/* Update the own RSNE contents now that we have set the PMK
 		 * and added a PMKSA cache entry based on the successfully
@@ -1580,6 +1580,8 @@ void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
 
 	if (le_to_host16(header->u.auth.auth_alg) == WLAN_AUTH_SAE) {
 		int res;
+		struct wpa_bss *bss;
+		const u8 *auth_addr;
 
 		res = sme_sae_auth(
 			wpa_s, le_to_host16(header->u.auth.auth_transaction),
@@ -1598,7 +1600,25 @@ void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
 		if (res != 1)
 			return;
 
-		if (sme_sae_set_pmk(wpa_s, wpa_s->sme.ext_auth_bssid) < 0)
+		auth_addr = wpa_s->sme.ext_auth_bssid;
+		if (wpa_s->sme.ext_ml_auth) {
+			bss = wpa_bss_get_bssid_latest(
+				wpa_s, wpa_s->sme.ext_auth_bssid);
+			if (!bss) {
+				wpa_printf(MSG_INFO,
+					   "MLO SAE: BSS not available, update scan result to get BSS");
+				wpa_supplicant_update_scan_results(wpa_s);
+				bss = wpa_bss_get_bssid_latest(
+					wpa_s, wpa_s->sme.ext_auth_bssid);
+			}
+			if (bss && !is_zero_ether_addr(bss->mld_addr))
+				auth_addr = bss->mld_addr;
+			else
+				wpa_printf(MSG_INFO,
+					   "MLO SAE: AP MLD address fetch failed");
+		}
+
+		if (sme_sae_set_pmk(wpa_s, auth_addr) < 0)
 			return;
 	}
 }
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 7fbf5f3..e568413 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -3101,6 +3101,10 @@ static u8 * wpas_populate_assoc_ies(
 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
 		int try_opportunistic;
 		const u8 *cache_id = NULL;
+		const u8 *auth_addr = bss->bssid;
+
+		if (!is_zero_ether_addr(bss->mld_addr))
+			auth_addr = bss->mld_addr;
 
 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
 				     wpa_s->conf->okc :
@@ -3110,7 +3114,7 @@ static u8 * wpas_populate_assoc_ies(
 		if (wpa_key_mgmt_fils(ssid->key_mgmt))
 			cache_id = wpa_bss_get_fils_cache_id(bss);
 #endif /* CONFIG_FILS */
-		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
+		if (pmksa_cache_set_current(wpa_s->wpa, NULL, auth_addr,
 					    ssid, try_opportunistic,
 					    cache_id, 0) == 0) {
 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
-- 
2.7.4

More information about the Hostap mailing list