AP MLD: Store OWE/FILS PMKSA into the MLD-level PMKSA cache for MLO

For an ML association using OWE or FILS, store the PMKSA into the
MLD-level PMKSA cache instead of the per-link one.

Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>

diff --git a/src/ap/ctrl_iface_ap.c b/src/ap/ctrl_iface_ap.c
index 4a51e633398d02d06dd7abe3226294ceacc0f94b..88ec28f260ce379ceede30ef8f5d06a8b995d33d 100644 (file)
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -1234,7 +1234,7 @@ int hostapd_ctrl_iface_pmksa_add(struct hostapd_data *hapd, char *cmd)
                return -1;
 
        return wpa_auth_pmksa_add2(hapd->wpa_auth, spa, pmk, pmk_len,
-                                  pmkid, expiration, akmp, NULL);
+                                  pmkid, expiration, akmp, NULL, false);
 }
 
 

diff --git a/src/ap/dpp_hostapd.c b/src/ap/dpp_hostapd.c
index 3725a294d5e74860c98b1b89db34239abc9c5bcc..a5853f8d3938976af0cd6cabfc6ad51df4046eaf 100644 (file)
--- a/src/ap/dpp_hostapd.c
+++ b/src/ap/dpp_hostapd.c
@@ -2160,7 +2160,7 @@ static void hostapd_dpp_rx_peer_disc_req(struct hostapd_data *hapd,
 
        if (wpa_auth_pmksa_add2(hapd->wpa_auth, src, intro.pmk, intro.pmk_len,
                                intro.pmkid, expiration,
-                               WPA_KEY_MGMT_DPP, pkhash) < 0) {
+                               WPA_KEY_MGMT_DPP, pkhash, false) < 0) {
                wpa_printf(MSG_ERROR, "DPP: Failed to add PMKSA cache entry");
                goto done;
        }
@@ -2934,7 +2934,7 @@ hostapd_dpp_rx_priv_peer_intro_update(struct hostapd_data *hapd, const u8 *src,
 
        if (wpa_auth_pmksa_add2(hapd->wpa_auth, src, intro.pmk, intro.pmk_len,
                                intro.pmkid, expiration,
-                               WPA_KEY_MGMT_DPP, pkhash) < 0) {
+                               WPA_KEY_MGMT_DPP, pkhash, false) < 0) {
                wpa_printf(MSG_ERROR, "DPP: Failed to add PMKSA cache entry");
                goto done;
        }

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 49fb2820e10ea3a4a83c50c45f5d2fe724e808ce..172a9a12a5eae367a615a4f0fa10ca71981b607a 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2402,7 +2402,7 @@ prepare_auth_resp_fils(struct hostapd_data *hapd,
                                    sta->fils_erp_pmkid,
                                    session_timeout,
                                    wpa_auth_sta_key_mgmt(sta->wpa_sm),
-                                   NULL) < 0) {
+                                   NULL, ap_sta_is_mld(hapd, sta)) < 0) {
                                wpa_printf(MSG_ERROR,
                                           "FILS: Failed to add PMKSA cache entry based on ERP");
                        }
@@ -3979,7 +3979,8 @@ static u16 owe_process_assoc_req(struct hostapd_data *hapd,
        wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len);
        wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
        wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk,
-                           sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE, NULL);
+                           sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE,
+                           NULL, ap_sta_is_mld(hapd, sta));
 
        return WLAN_STATUS_SUCCESS;
 }

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 4a8218ab68532b20a8749537720f6298381c9a81..48c12320b01b4e408864056d089be895f539bd4b 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -6571,17 +6571,27 @@ void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid)
 
 int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
                        const u8 *pmk, size_t pmk_len, const u8 *pmkid,
-                       int session_timeout, int akmp, const u8 *dpp_pkhash)
+                       int session_timeout, int akmp, const u8 *dpp_pkhash,
+                       bool is_ml)
 {
+       struct rsn_pmksa_cache *pmksa;
+       const u8 *aa;
        struct rsn_pmksa_cache_entry *entry;
 
        if (!wpa_auth || wpa_auth->conf.disable_pmksa_caching)
                return -1;
 
        wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK (3)", pmk, PMK_LEN);
-       entry = pmksa_cache_auth_add(wpa_auth->pmksa, pmk, pmk_len, pmkid,
-                                NULL, 0, wpa_auth->addr, addr, session_timeout,
-                                NULL, akmp);
+       pmksa = wpa_auth->pmksa;
+       aa = wpa_auth->addr;
+#ifdef CONFIG_IEEE80211BE
+       if (is_ml) {
+               pmksa = wpa_auth->ml_pmksa;
+               aa = wpa_auth->mld_addr;
+       }
+#endif /* CONFIG_IEEE80211BE */
+       entry = pmksa_cache_auth_add(pmksa, pmk, pmk_len, pmkid, NULL, 0, aa,
+                                    addr, session_timeout, NULL, akmp);
        if (!entry)
                return -1;
 

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 560a2cc55d634cf1eee11a67862672530331282f..140eeac79bb2459d2b924810e82227b223660a09 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -515,7 +515,8 @@ int wpa_auth_pmksa_add_sae(struct wpa_authenticator *wpa_auth, const u8 *addr,
 void wpa_auth_add_sae_pmkid(struct wpa_state_machine *sm, const u8 *pmkid);
 int wpa_auth_pmksa_add2(struct wpa_authenticator *wpa_auth, const u8 *addr,
                        const u8 *pmk, size_t pmk_len, const u8 *pmkid,
-                       int session_timeout, int akmp, const u8 *dpp_pkhash);
+                       int session_timeout, int akmp, const u8 *dpp_pkhash,
+                       bool is_ml);
 void wpa_auth_pmksa_remove(struct wpa_authenticator *wpa_auth,
                           const u8 *sta_addr);
 int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,