MLD STA: Use AP MLD address to derive pairwise keys

Use AP MLD address to derive pairwise keys for MLO connection. Current
changes are handling only PTK derivation during EAPOL-Key 4-way
handshake and FILS authentication, i.e., FT protocol case needs to be
addressed separately.

Signed-off-by: Rohan Dutta <quic_drohan@quicinc.com>
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 3602c0738c00e96496289f5062b43e81f701d52a..87f814a491deb26c1d990174ad705b7c64d00f33 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -641,7 +641,7 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr,
                kdk_len = 0;
 
        ret = wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
-                            sm->own_addr, sm->bssid, sm->snonce,
+                            sm->own_addr, wpa_sm_get_auth_addr(sm), sm->snonce,
                             key->key_nonce, ptk, akmp,
                             sm->pairwise_cipher, z, z_len,
                             kdk_len);
@@ -4279,6 +4279,12 @@ unsigned int wpa_sm_get_key_mgmt(struct wpa_sm *sm)
 }
 
 
+const u8 * wpa_sm_get_auth_addr(struct wpa_sm *sm)
+{
+       return sm->mlo.valid_links ? sm->mlo.ap_mld_addr : sm->bssid;
+}
+
+
 #ifdef CONFIG_FILS
 
 struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
@@ -4662,7 +4668,8 @@ int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
        else
                kdk_len = 0;
 
-       if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr, sm->bssid,
+       if (fils_pmk_to_ptk(sm->pmk, sm->pmk_len, sm->own_addr,
+                           wpa_sm_get_auth_addr(sm),
                            sm->fils_nonce, sm->fils_anonce,
                            dh_ss ? wpabuf_head(dh_ss) : NULL,
                            dh_ss ? wpabuf_len(dh_ss) : 0,

diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 5c4e3e59c21d1420c034d167de5efe24a37514d3..672c5bc5ac87b5f7587ee68035f7d6af20f36f99 100644 (file)
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -593,5 +593,6 @@ struct rsn_pmksa_cache * wpa_sm_get_pmksa_cache(struct wpa_sm *sm);
 
 void wpa_sm_set_cur_pmksa(struct wpa_sm *sm,
                          struct rsn_pmksa_cache_entry *entry);
+const u8 * wpa_sm_get_auth_addr(struct wpa_sm *sm);
 
 #endif /* WPA_H */

diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 952c4ebde52e6854b25566cfdfdaa9685ab7be46..815dc4277f81e7c88d3c869694d603b2071bbfff 100644 (file)
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -81,7 +81,7 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
                kdk_len = 0;
 
        ret = wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce,
-                               anonce, sm->own_addr, sm->bssid,
+                               anonce, sm->own_addr, wpa_sm_get_auth_addr(sm),
                                sm->pmk_r1_name, ptk, ptk_name, sm->key_mgmt,
                                sm->pairwise_cipher, kdk_len);
        if (ret) {
@@ -695,6 +695,7 @@ int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
        else
                kdk_len = 0;
 
+       /* TODO: AP MLD address for MLO */
        if (wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce,
                              parse.fte_anonce, sm->own_addr, bssid,
                              sm->pmk_r1_name, &sm->ptk, ptk_name, sm->key_mgmt,