OWE: Do not add DH Params element in AssocResp with PMKSA caching

As per RFC 8110 (Opportunistic Wireless Encryption), if the AP has the
PMK identified by the PMKID and wishes to perform PMK caching, it will
include the PMKID in the Association Response frame RSNE but does not
include the Diffie-Hellman Parameter element.

This was already addressed for most cases with owe_process_assoc_req()
not setting sta->owe_ecdh in case PMKSA caching is used. However, it was
possible to an old STA entry to maintain the initial sta->owe_ecdh value
if reassociation back to the same AP was used to initiate the PMKSA
caching attempt. Cover that case by adding an explicit check for the
time when the Association Response frame is being generated.

Signed-off-by: Chittur Subramanian Raman <craman@maxlinear.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index b91640070f4f8aeabede4d4b511c722ba4762b64..c98e77103106f8d43f050680a971b7ef3ddcf412 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3890,7 +3890,8 @@ rsnxe_done:
 #ifdef CONFIG_OWE
        if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
            sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS &&
-           wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) {
+           wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
+           !wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
                struct wpabuf *pub;
 
                pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);