OWE: Set PMK length properly on supplicant side

sm->pmk_len was not set when deriving the PMK as part of OWE key
generation. This depending on wpa_sm_set_pmk_from_pmksa() call resetting
the value to the default. While this worked for many cases, this is not
correct and can have issues with network profile selection based on
association information. For example, the OWE transition mode cases
would hit an issue here.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 739689d18b02f538af9e4f9e457a24c6b27a7af1..04c755d01a7dba6126de78ac3d41ef10ff7152e7 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -4291,6 +4291,7 @@ int owe_process_assoc_resp(struct wpa_sm *sm, const u8 *resp_ies,
        os_memset(prk, 0, SHA256_MAC_LEN);
        if (res < 0)
                return -1;
+       sm->pmk_len = PMK_LEN;
 
        wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sm->pmk, PMK_LEN);
        wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index eca9b255561965c042ee9d443f0961b5a2b6b74c..ddfdaf71a70c414b5df5dc7092b7b513c1b5d593 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1528,6 +1528,12 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
                                "No PSK available for association");
                        return -1;
                }
+#ifdef CONFIG_OWE
+       } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
+               /* OWE Diffie-Hellman exchange in (Re)Association
+                * Request/Response frames set the PMK, so do not override it
+                * here. */
+#endif /* CONFIG_OWE */
        } else
                wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);