Store own MAC address (SPA) in supplicant PMKSA cache entries

This is needed to be able to determine whether a PMKSA cache entry is
valid when using changing MAC addresses. This could also be used to
implement a mechanism to restore a previously used MAC address instead
of a new random MAC address.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index 07f731cca68c2d67600ff9ad188c30308e6f56fc..07f64a18d31c55c736a7c5507b734f0bd53b99a6 100644 (file)
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -224,6 +224,7 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
                os_memcpy(entry->fils_cache_id, cache_id, FILS_CACHE_ID_LEN);
        }
        os_memcpy(entry->aa, aa, ETH_ALEN);
+       os_memcpy(entry->spa, spa, ETH_ALEN);
        entry->network_ctx = network_ctx;
 
        return pmksa_cache_add_entry(pmksa, entry);
@@ -241,7 +242,8 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa,
        pos = pmksa->pmksa;
        prev = NULL;
        while (pos) {
-               if (os_memcmp(entry->aa, pos->aa, ETH_ALEN) == 0) {
+               if (os_memcmp(entry->aa, pos->aa, ETH_ALEN) == 0 &&
+                   os_memcmp(entry->spa, pos->spa, ETH_ALEN) == 0) {
                        if (pos->pmk_len == entry->pmk_len &&
                            os_memcmp_const(pos->pmk, entry->pmk,
                                            entry->pmk_len) == 0 &&
@@ -323,7 +325,8 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa,
        }
        pmksa->pmksa_count++;
        wpa_printf(MSG_DEBUG, "RSN: Added PMKSA cache entry for " MACSTR
-                  " network_ctx=%p akmp=0x%x", MAC2STR(entry->aa),
+                  " spa=" MACSTR " network_ctx=%p akmp=0x%x",
+                  MAC2STR(entry->aa), MAC2STR(entry->spa),
                   entry->network_ctx, entry->akmp);
 
        if (!pmksa->sm)

diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
index b801268599a9ba5b8874320500e103f1ecaaa3df..55b0d71220929b186b09157ba0a627afbf0ea0cd 100644 (file)
--- a/src/rsn_supp/pmksa_cache.h
+++ b/src/rsn_supp/pmksa_cache.h
@@ -20,6 +20,7 @@ struct rsn_pmksa_cache_entry {
        os_time_t expiration;
        int akmp; /* WPA_KEY_MGMT_* */
        u8 aa[ETH_ALEN];
+       u8 spa[ETH_ALEN];
 
        /*
         * If FILS Cache Identifier is included (fils_cache_id_set), this PMKSA

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 05c9299f22204dea3595c669517f099fe044e0d2..e91bf4ebe8c23e4edc336f0566c4537d5557e56a 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -10700,6 +10700,7 @@ static int wpas_ctrl_iface_pmksa_add(struct wpa_supplicant *wpa_s,
        entry->reauth_time = now.sec + reauth_time;
 
        entry->network_ctx = ssid;
+       os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
 
        entry->external = true;
 

diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c
index 10b1301a858388070a9fde3589d403617de1a767..e5be5ba133382b21b2c90b6d2a2fb153b8c13aa6 100644 (file)
--- a/wpa_supplicant/dpp_supplicant.c
+++ b/wpa_supplicant/dpp_supplicant.c
@@ -2691,6 +2691,7 @@ static void wpas_dpp_rx_peer_disc_resp(struct wpa_supplicant *wpa_s,
        if (!entry)
                goto fail;
        os_memcpy(entry->aa, src, ETH_ALEN);
+       os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
        os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
        os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
        entry->pmk_len = intro.pmk_len;
@@ -3853,6 +3854,7 @@ wpas_dpp_rx_priv_peer_intro_notify(struct wpa_supplicant *wpa_s,
                goto fail;
        entry->dpp_pfs = peer_version >= 2;
        os_memcpy(entry->aa, src, ETH_ALEN);
+       os_memcpy(entry->spa, wpa_s->own_addr, ETH_ALEN);
        os_memcpy(entry->pmkid, intro.pmkid, PMKID_LEN);
        os_memcpy(entry->pmk, intro.pmk, intro.pmk_len);
        entry->pmk_len = intro.pmk_len;