[PATCH v2 13/17] MLD STA: Add support for group rekeying
Peer, Ilan
ilan.peer at intel.com
Mon Oct 3 05:30:20 PDT 2022
Hi,
> -----Original Message-----
> From: Hostap <hostap-bounces at lists.infradead.org> On Behalf Of
> Veerendranath Jakkam
> Sent: Saturday, October 01, 2022 11:21
> To: hostap at lists.infradead.org
> Cc: quic_vjakkam at quicinc.com
> Subject: [PATCH v2 13/17] MLD STA: Add support for group rekeying
>
> Add support for group rekeying in MLO connection. Parse per link MLO
> GTK/IGTK/BIGTK KDEs from Group Key msg 1/2 and configure to driver.
>
> Signed-off-by: Veerendranath Jakkam <quic_vjakkam at quicinc.com>
> ---
> src/rsn_supp/wpa.c | 106
> +++++++++++++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 103 insertions(+), 3 deletions(-)
>
> diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index
> db97a2b..b454159 100644
> --- a/src/rsn_supp/wpa.c
> +++ b/src/rsn_supp/wpa.c
> @@ -2829,6 +2829,99 @@ static int wpa_supplicant_send_2_of_2(struct
> wpa_sm *sm, }
>
>
> +static void wpa_supplicant_process_mlo_1_of_2(struct wpa_sm *sm,
> + const unsigned char *src_addr,
> + const struct wpa_eapol_key *key,
> + const u8 *key_data,
> + size_t key_data_len, u16 ver) {
> + u16 key_info;
> + u8 i;
> + int rekey;
> + struct wpa_eapol_ie_parse ie;
> +
> + if (!sm->msg_3_of_4_ok && !wpa_fils_is_completed(sm)) {
> + wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> + "MLO RSN: Group Key Handshake started prior to
> completion of 4-way handshake");
> + goto failed;
> + }
> +
> + rekey = wpa_sm_get_state(sm) == WPA_COMPLETED;
I think that for MLD we should always be in WPA_COMPLETED to process message 1 of group handshake.
> + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "MLO RSN: RX message
> 1 of Group "
> + "Key Handshake from " MACSTR " (ver=%d)",
> MAC2STR(src_addr),
> + ver);
> +
> + key_info = WPA_GET_BE16(key->key_info);
> +
> + wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
> +
> + wpa_hexdump_key(MSG_DEBUG, "MLO RSN: msg 1/2 key data",
> key_data,
> + key_data_len);
> + if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
> + goto failed;
> +
> + if (!ie.valid_mlo_gtks) {
> + wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> + "MLO RSN: No MLO GTK KDE in Group Key msg 1/2");
> + goto failed;
> + }
> +
> + if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
> + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
> + "MLO RSN: MLO GTK KDE in unencrypted key data");
> + goto failed;
> + }
> +
> + if (mlo_ieee80211w_set_keys(sm, &ie) < 0)
> + wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> + "MLO RSN: Failed to configure MLO IGTK");
> +
> + for (i = 0; i < MAX_NUM_MLO_LINKS; i++) {
> + if (!(sm->mlo.setup_links & BIT(i)))
> + continue;
> +
> + if (!ie.mlo_gtk[i]) {
> + /*
> + * AP may send group keys for subset of the all links
> + * during rekey
> + */
> + if (rekey)
> + continue;
> +
> + wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
> + "MLO RSN: GTK not found for link ID %u", i);
> + goto failed;
> + }
> +
> + if (wpa_supplicant_mlo_gtk(sm, i, ie.mlo_gtk[i],
> + ie.mlo_gtk_len[i], key_info))
> + goto failed;
> + }
Any reason why the GTK is installed after the group keys? Probably doesn't matter but wanted to know if there is a reason for it.
Regards,
Ilan.
More information about the Hostap
mailing list