[PATCH 08/12] MLD STA: Add support for processing EAPOL 3/4 frame

Veerendranath Jakkam quic_vjakkam at quicinc.com
Wed Aug 24 22:53:07 PDT 2022


Process EAPOL 3/4 frame and plumb PTK and per-link GTK/IGTK/BIGTK keys
to driver.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam at quicinc.com>
---
 src/rsn_supp/wpa.c   | 494 ++++++++++++++++++++++++++++++++++++++++++-
 src/rsn_supp/wpa_i.h |   6 +
 2 files changed, 498 insertions(+), 2 deletions(-)

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 8ac22eac9..96adc4817 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1203,6 +1203,76 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
 }
 
 
+static int wpa_supplicant_install_mlo_gtk(struct wpa_sm *sm, u8 link_id,
+					  const struct wpa_gtk_data *gd,
+					  const u8 *key_rsc, int wnm_sleep)
+{
+	const u8 *_gtk = gd->gtk;
+	u8 gtk_buf[32];
+
+	/* Detect possible key reinstallation */
+	if ((sm->links[link_id].gtk.gtk_len == (size_t) gd->gtk_len &&
+	     os_memcmp(sm->links[link_id].gtk.gtk, gd->gtk,
+		       sm->links[link_id].gtk.gtk_len) == 0) ||
+	    (sm->links[link_id].gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
+	     os_memcmp(sm->links[link_id].gtk_wnm_sleep.gtk, gd->gtk,
+		       sm->links[link_id].gtk_wnm_sleep.gtk_len) == 0)) {
+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+			"WPA MLO: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+			gd->keyidx, gd->tx, gd->gtk_len);
+		return 0;
+	}
+
+	wpa_hexdump_key(MSG_DEBUG, "WPA MLO: Group Key", gd->gtk, gd->gtk_len);
+	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+		"WPA MLO: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+		gd->keyidx, gd->tx, gd->gtk_len);
+	wpa_hexdump(MSG_DEBUG, "WPA MLO: RSC", key_rsc, gd->key_rsc_len);
+	if (sm->group_cipher == WPA_CIPHER_TKIP) {
+		/* Swap Tx/Rx keys for Michael MIC */
+		os_memcpy(gtk_buf, gd->gtk, 16);
+		os_memcpy(gtk_buf + 16, gd->gtk + 24, 8);
+		os_memcpy(gtk_buf + 24, gd->gtk + 16, 8);
+		_gtk = gtk_buf;
+	}
+	if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
+		if (wpa_sm_mlo_set_key(sm, link_id, gd->alg, NULL, gd->keyidx,
+				       1, key_rsc, gd->key_rsc_len, _gtk,
+				       gd->gtk_len,
+				       KEY_FLAG_GROUP_RX_TX_DEFAULT) < 0) {
+			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+				"WPA MLO: Failed to set GTK to the driver "
+				"(Group only)");
+			forced_memzero(gtk_buf, sizeof(gtk_buf));
+			return -1;
+		}
+	} else if (wpa_sm_mlo_set_key(sm, link_id, gd->alg,
+				      broadcast_ether_addr, gd->keyidx,
+				      gd->tx, key_rsc, gd->key_rsc_len, _gtk,
+				      gd->gtk_len, KEY_FLAG_GROUP_RX) < 0) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA MLO: Failed to set GTK to "
+			"the driver (alg=%d keylen=%d keyidx=%d)",
+			gd->alg, gd->gtk_len, gd->keyidx);
+		forced_memzero(gtk_buf, sizeof(gtk_buf));
+		return -1;
+	}
+	forced_memzero(gtk_buf, sizeof(gtk_buf));
+
+	if (wnm_sleep) {
+		sm->links[link_id].gtk_wnm_sleep.gtk_len = gd->gtk_len;
+		os_memcpy(sm->links[link_id].gtk_wnm_sleep.gtk, gd->gtk,
+			  sm->links[link_id].gtk_wnm_sleep.gtk_len);
+	} else {
+		sm->links[link_id].gtk.gtk_len = gd->gtk_len;
+		os_memcpy(sm->links[link_id].gtk.gtk, gd->gtk,
+			  sm->links[link_id].gtk.gtk_len);
+	}
+
+	return 0;
+}
+
+
 static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm,
 						int tx)
 {
@@ -1251,6 +1321,82 @@ static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm,
 }
 
 
+static int _wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm *sm, u8 link_id,
+					    const u8 *gtk, size_t gtk_len,
+					    int key_info)
+{
+	struct wpa_gtk_data gd;
+	const u8 *key_rsc;
+
+	/*
+	 * MLO GTK KDE format:
+	 * KeyID[bits 0-1], Tx [bit 2], Reserved [bit 3], link id [4-7]
+	 * PN
+	 * GTK
+	 */
+
+	os_memset(&gd, 0, sizeof(gd));
+	wpa_hexdump_key(MSG_DEBUG, "MLO RSN: received GTK in pairwise handshake",
+			gtk, gtk_len);
+
+	if (gtk_len < 7 || gtk_len - 7 > sizeof(gd.gtk))
+		return -1;
+
+	gd.keyidx = gtk[0] & 0x3;
+	gtk += 1;
+	gtk_len -= 1;
+
+	key_rsc = gtk;
+
+	gtk += 6;
+	gtk_len -= 6;
+
+	os_memcpy(gd.gtk, gtk, gtk_len);
+	gd.gtk_len = gtk_len;
+
+	if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED &&
+	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+					       gtk_len, gtk_len,
+					       &gd.key_rsc_len, &gd.alg) ||
+	     wpa_supplicant_install_mlo_gtk(sm, link_id, &gd, key_rsc, 0))) {
+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+			"MLO RSN: Failed to install GTK");
+		forced_memzero(&gd, sizeof(gd));
+		return -1;
+	}
+	forced_memzero(&gd, sizeof(gd));
+
+	return 0;
+}
+
+
+static int wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm *sm,
+					   const struct wpa_eapol_key *key,
+					   struct wpa_eapol_ie_parse *ie,
+					   int key_info)
+{
+	u8 i;
+
+	for (i = 0; i < MAX_NUM_MLO_LINKS; i++) {
+		if (!(sm->valid_links & BIT(i)))
+			continue;
+
+		if (!ie->mlo_gtk[i]) {
+			wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
+				"MLO RSN: GTK not found for link ID %u", i);
+			return -1;
+		}
+
+		if (_wpa_supplicant_pairwise_mlo_gtk(sm, i, ie->mlo_gtk[i],
+						    ie->mlo_gtk_len[i],
+						    key_info))
+			return -1;
+	}
+
+	return 0;
+}
+
+
 static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
 				       const struct wpa_eapol_key *key,
 				       const u8 *gtk, size_t gtk_len,
@@ -1421,6 +1567,170 @@ static int wpa_supplicant_install_bigtk(struct wpa_sm *sm,
 	return 0;
 }
 
+static int wpa_supplicant_install_mlo_igtk(struct wpa_sm *sm, u8 link_id,
+					   const struct wpa_mlo_igtk_kde *igtk,
+					   int wnm_sleep)
+{
+	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+	u16 keyidx = WPA_GET_LE16(igtk->hdr.keyid);
+
+	/* Detect possible key reinstallation */
+	if ((sm->links[link_id].igtk.igtk_len == len &&
+	     os_memcmp(sm->links[link_id].igtk.igtk, igtk->igtk,
+		       sm->links[link_id].igtk.igtk_len) == 0) ||
+	    (sm->links[link_id].igtk_wnm_sleep.igtk_len == len &&
+	     os_memcmp(sm->links[link_id].igtk_wnm_sleep.igtk, igtk->igtk,
+		       sm->links[link_id].igtk_wnm_sleep.igtk_len) == 0)) {
+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+			keyidx);
+		return  0;
+	}
+
+	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+		"WPA: IGTK keyid %d pn " COMPACT_MACSTR,
+		keyidx, MAC2STR(igtk->hdr.pn));
+	wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
+	if (keyidx > 4095) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA: Invalid IGTK KeyID %d", keyidx);
+		return -1;
+	}
+	if (wpa_sm_mlo_set_key(sm, link_id,
+			       wpa_cipher_to_alg(sm->mgmt_group_cipher),
+			       broadcast_ether_addr, keyidx, 0, igtk->hdr.pn,
+			       sizeof(igtk->hdr.pn), igtk->igtk, len,
+			       KEY_FLAG_GROUP_RX) < 0) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA: Failed to configure IGTK to the driver");
+		return -1;
+	}
+
+	if (wnm_sleep) {
+		sm->links[link_id].igtk_wnm_sleep.igtk_len = len;
+		os_memcpy(sm->links[link_id].igtk_wnm_sleep.igtk,
+			  igtk->igtk,
+			  sm->links[link_id].igtk_wnm_sleep.igtk_len);
+	} else {
+		sm->links[link_id].igtk.igtk_len = len;
+		os_memcpy(sm->links[link_id].igtk.igtk, igtk->igtk,
+			  sm->links[link_id].igtk.igtk_len);
+	}
+
+	return 0;
+}
+
+
+static int
+wpa_supplicant_install_mlo_bigtk(struct wpa_sm *sm, u8 link_id,
+				 const struct wpa_mlo_bigtk_kde *bigtk,
+				 int wnm_sleep)
+{
+	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+	u16 keyidx = WPA_GET_LE16(bigtk->hdr.keyid);
+
+	/* Detect possible key reinstallation */
+	if ((sm->links[link_id].bigtk.bigtk_len == len &&
+	     os_memcmp(sm->links[link_id].bigtk.bigtk, bigtk->bigtk,
+		       sm->links[link_id].bigtk.bigtk_len) == 0) ||
+	    (sm->links[link_id].bigtk_wnm_sleep.bigtk_len == len &&
+	     os_memcmp(sm->links[link_id].bigtk_wnm_sleep.bigtk, bigtk->bigtk,
+		       sm->links[link_id].bigtk_wnm_sleep.bigtk_len) == 0)) {
+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+			"WPA: Not reinstalling already in-use BIGTK to the driver (keyidx=%d)",
+			keyidx);
+		return  0;
+	}
+
+	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+		"WPA: BIGTK keyid %d pn " COMPACT_MACSTR,
+		keyidx, MAC2STR(bigtk->hdr.pn));
+	wpa_hexdump_key(MSG_DEBUG, "WPA: BIGTK", bigtk->bigtk, len);
+	if (keyidx < 6 || keyidx > 7) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA: Invalid BIGTK KeyID %d", keyidx);
+		return -1;
+	}
+	if (wpa_sm_mlo_set_key(sm, link_id,
+			       wpa_cipher_to_alg(sm->mgmt_group_cipher),
+			       broadcast_ether_addr, keyidx, 0, bigtk->hdr.pn,
+			       sizeof(bigtk->hdr.pn), bigtk->bigtk, len,
+			       KEY_FLAG_GROUP_RX) < 0) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA: Failed to configure BIGTK to the driver");
+		return -1;
+	}
+
+	if (wnm_sleep) {
+		sm->links[link_id].bigtk_wnm_sleep.bigtk_len = len;
+		os_memcpy(sm->links[link_id].bigtk_wnm_sleep.bigtk,
+			  bigtk->bigtk,
+			  sm->links[link_id].bigtk_wnm_sleep.bigtk_len);
+	} else {
+		sm->links[link_id].bigtk.bigtk_len = len;
+		os_memcpy(sm->links[link_id].bigtk.bigtk, bigtk->bigtk,
+			  sm->links[link_id].bigtk.bigtk_len);
+	}
+
+	return 0;
+}
+
+
+static int _mlo_ieee80211w_set_keys(struct wpa_sm *sm, u8 link_id,
+				    struct wpa_eapol_ie_parse *ie)
+{
+	size_t len;
+
+	if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) ||
+	    sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED)
+		return 0;
+
+	if (ie->mlo_igtk[link_id]) {
+		const struct wpa_mlo_igtk_kde *igtk;
+
+		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+		if (ie->mlo_igtk_len[link_id] !=
+		    sizeof(struct wpa_mlo_igtk_hdr) + len)
+			return -1;
+
+		igtk = (const struct wpa_mlo_igtk_kde *) ie->mlo_igtk[link_id];
+		if (wpa_supplicant_install_mlo_igtk(sm, link_id, igtk, 0) < 0)
+			return -1;
+	}
+
+	if (ie->mlo_bigtk[link_id] && sm->beacon_prot) {
+		const struct wpa_mlo_bigtk_kde *bigtk;
+
+		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+		if (ie->mlo_bigtk_len[link_id] !=
+		    sizeof(struct wpa_mlo_bigtk_hdr) + len)
+			return -1;
+
+		bigtk = (const struct wpa_mlo_bigtk_kde *) ie->mlo_bigtk[link_id];
+		if (wpa_supplicant_install_mlo_bigtk(sm, link_id, bigtk, 0) < 0)
+			return -1;
+	}
+
+	return 0;
+}
+
+
+static int mlo_ieee80211w_set_keys(struct wpa_sm *sm,
+				   struct wpa_eapol_ie_parse *ie)
+{
+	u8 i;
+
+	for (i = 0; i < MAX_NUM_MLO_LINKS; i++) {
+		if (!(sm->valid_links & BIT(i)))
+			continue;
+
+		if (_mlo_ieee80211w_set_keys(sm, i, ie))
+			return -1;
+	}
+
+	return 0;
+}
+
 
 static int ieee80211w_set_keys(struct wpa_sm *sm,
 			       struct wpa_eapol_ie_parse *ie)
@@ -1782,6 +2092,162 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst,
 }
 
 
+static void wpa_supplicant_process_mlo_3_of_4(struct wpa_sm *sm,
+					      const struct wpa_eapol_key *key,
+					      u16 ver, const u8 *key_data,
+					      size_t key_data_len)
+{
+	u16 key_info, keylen;
+	struct wpa_eapol_ie_parse ie;
+
+	wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
+	wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA MLO: RX message 3 of 4-Way "
+		"Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
+
+	key_info = WPA_GET_BE16(key->key_info);
+
+	wpa_hexdump(MSG_DEBUG, "WPA MLO: IE KeyData", key_data, key_data_len);
+	if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
+		goto failed;
+
+	if (ie.mlo_gtk_found && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA MLO: GTK IE in unencrypted key data");
+		goto failed;
+	}
+	if (ie.mlo_igtk_found && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA MLO: IGTK KDE in unencrypted key data");
+		goto failed;
+	}
+
+
+#ifdef CONFIG_IEEE80211R
+	if (wpa_key_mgmt_ft(sm->key_mgmt) &&
+	    wpa_supplicant_validate_ie_ft(sm, sm->bssid, &ie) < 0)
+		goto failed;
+#endif /* CONFIG_IEEE80211R */
+
+	if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA MLO: ANonce from message 1 of 4-Way Handshake "
+			"differs from 3 of 4-Way Handshake - drop packet (src="
+			MACSTR ")", MAC2STR(sm->bssid));
+		goto failed;
+	}
+
+	keylen = WPA_GET_BE16(key->key_length);
+	if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+			"WPA MLO: Invalid %s key length %d (src=" MACSTR
+			")", wpa_cipher_txt(sm->pairwise_cipher), keylen,
+			MAC2STR(sm->bssid));
+		goto failed;
+	}
+
+#ifdef CONFIG_OCV
+	if (wpa_sm_ocv_enabled(sm)) {
+		struct wpa_channel_info ci;
+
+		if (wpa_sm_channel_info(sm, &ci) != 0) {
+			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+				"MLO: Failed to get channel info to validate received OCI in EAPOL-Key 3/4");
+			return;
+		}
+
+		if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci,
+					 channel_width_to_int(ci.chanwidth),
+					 ci.seg1_idx) != OCI_SUCCESS) {
+			wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE
+				"addr=" MACSTR " frame=eapol-key-m3 error=%s",
+				MAC2STR(sm->bssid), ocv_errorstr);
+			return;
+		}
+	}
+#endif /* CONFIG_OCV */
+
+	if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
+				       &sm->ptk) < 0)
+		goto failed;
+
+	/* SNonce was successfully used in msg 3/4, so mark it to be renewed
+	 * for the next 4-Way Handshake. If msg 3 is received again, the old
+	 * SNonce will still be used to avoid changing PTK. */
+	sm->renew_snonce = 1;
+
+	if (key_info & WPA_KEY_INFO_INSTALL) {
+		int res;
+
+		if (sm->use_ext_key_id)
+			res = wpa_supplicant_activate_ptk(sm);
+		else
+			res = wpa_supplicant_install_ptk(sm, key,
+							 KEY_FLAG_RX_TX);
+		if (res)
+			goto failed;
+	}
+
+	if (key_info & WPA_KEY_INFO_SECURE) {
+		wpa_sm_mlme_setprotection(
+			sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
+			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
+		eapol_sm_notify_portValid(sm->eapol, true);
+	}
+	wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
+
+	if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) {
+		/* No GTK to be set to the driver */
+	} else if (!ie.mlo_gtk_found && sm->proto == WPA_PROTO_RSN) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
+			"MLO RSN: No GTK KDE included in EAPOL-Key msg 3/4");
+		goto failed;
+	} else if (ie.mlo_gtk_found &&
+	    wpa_supplicant_pairwise_mlo_gtk(sm, key, &ie, key_info) < 0) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
+			"MLO RSN: Failed to configure MLO GTKs");
+		goto failed;
+	}
+
+	if (mlo_ieee80211w_set_keys(sm, &ie) < 0) {
+		wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
+			"MLO RSN: Failed to configure IGTK");
+		goto failed;
+	}
+
+	if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED || ie.mlo_gtk_found)
+		wpa_supplicant_key_neg_complete(sm, sm->bssid,
+						key_info & WPA_KEY_INFO_SECURE);
+
+	if (ie.mlo_gtk_found)
+		wpa_sm_set_rekey_offload(sm);
+
+	/* Add PMKSA cache entry for Suite B AKMs here since PMKID can be
+	 * calculated only after KCK has been derived. Though, do not replace an
+	 * existing PMKSA entry after each 4-way handshake (i.e., new KCK/PMKID)
+	 * to avoid unnecessary changes of PMKID while continuing to use the
+	 * same PMK. */
+	if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt) &&
+	    !sm->cur_pmksa) {
+		struct rsn_pmksa_cache_entry *sa;
+
+		sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL,
+				     sm->ptk.kck, sm->ptk.kck_len,
+				     sm->bssid, sm->own_addr,
+				     sm->network_ctx, sm->key_mgmt, NULL);
+		if (!sm->cur_pmksa)
+			sm->cur_pmksa = sa;
+	}
+
+	if (ie.transition_disable)
+		wpa_sm_transition_disable(sm, ie.transition_disable[0]);
+	sm->msg_3_of_4_ok = 1;
+	return;
+
+failed:
+	wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
+}
+
+
 static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
 					  const struct wpa_eapol_key *key,
 					  u16 ver, const u8 *key_data,
@@ -2844,8 +3310,13 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
 		if (key_info & (WPA_KEY_INFO_MIC |
 				WPA_KEY_INFO_ENCR_KEY_DATA)) {
 			/* 3/4 4-Way Handshake */
-			wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
-						      key_data_len);
+			if (sm->valid_links)
+				wpa_supplicant_process_mlo_3_of_4(
+					sm, key, ver, key_data, key_data_len);
+			else
+				wpa_supplicant_process_3_of_4(sm, key, ver,
+							      key_data,
+							      key_data_len);
 		} else {
 			/* 1/4 4-Way Handshake */
 			wpa_supplicant_process_1_of_4(sm, src_addr, key,
@@ -3136,6 +3607,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
 void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
 {
 	int clear_keys = 1;
+	int i;
 
 	if (sm == NULL)
 		return;
@@ -3193,6 +3665,14 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
 		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
 		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
 		sm->tk_set = false;
+		for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
+			os_memset(&sm->links[i].gtk, 0, sizeof(sm->gtk));
+			os_memset(&sm->links[i].gtk_wnm_sleep, 0,
+				  sizeof(sm->gtk_wnm_sleep));
+			os_memset(&sm->links[i].igtk, 0, sizeof(sm->igtk));
+			os_memset(&sm->links[i].igtk_wnm_sleep, 0,
+				  sizeof(sm->igtk_wnm_sleep));
+		}
 	}
 
 #ifdef CONFIG_TDLS
@@ -4053,6 +4533,8 @@ struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_get(struct wpa_sm *sm,
 
 void wpa_sm_drop_sa(struct wpa_sm *sm)
 {
+	int i;
+
 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");
 	sm->ptk_set = 0;
 	sm->tptk_set = 0;
@@ -4065,6 +4547,14 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
 	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
 	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
 	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+	for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
+		os_memset(&sm->links[i].gtk, 0, sizeof(sm->gtk));
+		os_memset(&sm->links[i].gtk_wnm_sleep, 0,
+			  sizeof(sm->gtk_wnm_sleep));
+		os_memset(&sm->links[i].igtk, 0, sizeof(sm->igtk));
+		os_memset(&sm->links[i].igtk_wnm_sleep, 0,
+			  sizeof(sm->igtk_wnm_sleep));
+	}
 #ifdef CONFIG_IEEE80211R
 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
 	sm->xxkey_len = 0;
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index f60616352..abac0a2d3 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -226,6 +226,12 @@ struct wpa_sm {
 		u8 bssid[ETH_ALEN];
 		u8 *ap_wpa_ie, *ap_rsn_ie, *ap_rsnxe;
 		size_t ap_wpa_ie_len, ap_rsn_ie_len, ap_rsnxe_len;
+		struct wpa_gtk gtk;
+		struct wpa_gtk gtk_wnm_sleep;
+		struct wpa_igtk igtk;
+		struct wpa_igtk igtk_wnm_sleep;
+		struct wpa_bigtk bigtk;
+		struct wpa_bigtk bigtk_wnm_sleep;
 	} links[MAX_NUM_MLD_LINKS];
 };
 
-- 
2.25.1




More information about the Hostap mailing list