OKC with Suite B AKMPs in wpa_supplicant

To support Opportunistic Key Caching for Suite B key management, KCK
needs to be stored on PMKSA to derive the new PMKID correctly for the
new roaming AP.

Signed-off-by: Vinoth V <vinoth117@gmail.com>

diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index 6c87751509da4d8e0e863a3fe2e029047a2c1885..c972428156aac864db872d892c74510b1c1b1f56 100644 (file)
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -242,6 +242,9 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
        if (pmk_len > PMK_LEN_MAX)
                return NULL;
 
+       if (kck_len > WPA_KCK_MAX_LEN)
+               return NULL;
+
        if (wpa_key_mgmt_suite_b(akmp) && !kck)
                return NULL;
 
@@ -250,6 +253,8 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
                return NULL;
        os_memcpy(entry->pmk, pmk, pmk_len);
        entry->pmk_len = pmk_len;
+       os_memcpy(entry->kck, kck, kck_len);
+       entry->kck_len = kck_len;
        if (pmkid)
                os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
        else if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
@@ -508,7 +513,7 @@ pmksa_cache_clone_entry(struct rsn_pmksa_cache *pmksa,
            wpa_key_mgmt_fils(old_entry->akmp))
                pmkid = old_entry->pmkid;
        new_entry = pmksa_cache_add(pmksa, old_entry->pmk, old_entry->pmk_len,
-                                   pmkid, NULL, 0,
+                                   pmkid, old_entry->kck, old_entry->kck_len,
                                    aa, pmksa->sm->own_addr,
                                    old_entry->network_ctx, old_entry->akmp,
                                    old_entry->fils_cache_id_set ?

diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
index 08af2e63b1c06aac0fcf76b1b1781aa51a283cfb..6ba48f74699cd8318bf528672e9c979ab8c44e30 100644 (file)
--- a/src/rsn_supp/pmksa_cache.h
+++ b/src/rsn_supp/pmksa_cache.h
@@ -17,6 +17,8 @@ struct rsn_pmksa_cache_entry {
        u8 pmkid[PMKID_LEN];
        u8 pmk[PMK_LEN_MAX];
        size_t pmk_len;
+       u8 kck[WPA_KCK_MAX_LEN];
+       size_t kck_len;
        os_time_t expiration;
        int akmp; /* WPA_KEY_MGMT_* */
        u8 aa[ETH_ALEN];