OKC with Suite B AKMPs in hostapd

author Jouni Malinen <quic_jouni@quicinc.com>

Mon, 30 Oct 2023 17:52:06 +0000 (19:52 +0200)

committer Jouni Malinen <j@w1.fi>

Mon, 30 Oct 2023 17:52:06 +0000 (19:52 +0200)
author Jouni Malinen <quic_jouni@quicinc.com>
Mon, 30 Oct 2023 17:52:06 +0000 (19:52 +0200)
committer Jouni Malinen <j@w1.fi>
Mon, 30 Oct 2023 17:52:06 +0000 (19:52 +0200)
diff --git a/src/ap/pmksa_cache_auth.c b/src/ap/pmksa_cache_auth.c

index 891c16b6458551e9b8426ed41643b88da9de91c6..ee4232fd7d112e1b77cb954cf1abbde030242765 100644 (file)
--- a/src/ap/pmksa_cache_auth.c
+++ b/src/ap/pmksa_cache_auth.c
@@ -334,6 +334,10 @@ pmksa_cache_auth_create_entry(const u8 *pmk, size_t pmk_len, const u8 *pmkid,
                 return NULL;
         os_memcpy(entry->pmk, pmk, pmk_len);
         entry->pmk_len = pmk_len;
+       if (kck && kck_len && kck_len < WPA_KCK_MAX_LEN) {
+               os_memcpy(entry->kck, kck, kck_len);
+               entry->kck_len = kck_len;
+       }
         if (pmkid)
                 os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
         else if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
@@ -525,8 +529,17 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get_okc(
                                 return entry;
                         continue;
                 }
-               rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
-                         entry->akmp);
+               if (entry->akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 &&
+                   entry->kck_len > 0)
+                       rsn_pmkid_suite_b_192(entry->kck, entry->kck_len,
+                                             aa, spa, new_pmkid);
+               else if (wpa_key_mgmt_suite_b(entry->akmp) &&
+                        entry->kck_len > 0)
+               rsn_pmkid_suite_b(entry->kck, entry->kck_len, aa, spa,
+                                 new_pmkid);
+               else
+                       rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa,
+                                 new_pmkid, entry->akmp);
                 if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
                         return entry;
         }
diff --git a/src/ap/pmksa_cache_auth.h b/src/ap/pmksa_cache_auth.h

index e3cee4a4b7909f5a8567191e629d7d93968aa22c..e38e7eca66e74cecbf90576afd3f423e1e1092ff 100644 (file)
--- a/src/ap/pmksa_cache_auth.h
+++ b/src/ap/pmksa_cache_auth.h
@@ -19,6 +19,8 @@ struct rsn_pmksa_cache_entry {
         u8 pmkid[PMKID_LEN];
         u8 pmk[PMK_LEN_MAX];
         size_t pmk_len;
+       u8 kck[WPA_KCK_MAX_LEN];
+       size_t kck_len;
         os_time_t expiration;
         int akmp; /* WPA_KEY_MGMT_* */
         u8 spa[ETH_ALEN];
author	Jouni Malinen <quic_jouni@quicinc.com>
	Mon, 30 Oct 2023 17:52:06 +0000 (19:52 +0200)
committer	Jouni Malinen <j@w1.fi>
	Mon, 30 Oct 2023 17:52:06 +0000 (19:52 +0200)
src/ap/pmksa_cache_auth.c		patch \| blob \| blame \| history
src/ap/pmksa_cache_auth.h		patch \| blob \| blame \| history