PASN: Set keys from PTKSA cache for a valid PTKSA entry

Set secure ranging context to the driver for a valid PTKSA entry in the
PTKSA cache, if available. When the driver requests for PASN keys,
wpa_supplicant configures the keys from its cache if the keys for the
peer derived with the same own MAC address are available in the cache
instead of doing the full PASN handshake again.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index 47aa6ee6de04bf1b2dbaba6584f216ecdd0d9c7a..2e6d9a7d4b6173bfc73ab88e7ea543d0fd95e157 100644 (file)
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -446,6 +446,38 @@ static int wpas_pasn_get_params_from_bss(struct wpa_supplicant *wpa_s,
 }
 
 
+static int wpas_pasn_set_keys_from_cache(struct wpa_supplicant *wpa_s,
+                                        const u8 *own_addr, const u8 *bssid,
+                                        int cipher, int akmp)
+{
+       struct ptksa_cache_entry *entry;
+
+       entry = ptksa_cache_get(wpa_s->ptksa, bssid, cipher);
+       if (!entry) {
+               wpa_printf(MSG_DEBUG, "PASN: peer " MACSTR
+                          " not present in PTKSA cache", MAC2STR(bssid));
+               return -1;
+       }
+
+       if (os_memcmp(entry->own_addr, own_addr, ETH_ALEN) != 0) {
+               wpa_printf(MSG_DEBUG,
+                          "PASN: own addr " MACSTR " and PTKSA entry own addr "
+                          MACSTR " differ",
+                          MAC2STR(own_addr), MAC2STR(entry->own_addr));
+               return -1;
+       }
+
+       wpa_printf(MSG_DEBUG, "PASN: " MACSTR " present in PTKSA cache",
+                  MAC2STR(bssid));
+       wpa_drv_set_secure_ranging_ctx(wpa_s, own_addr, bssid, cipher,
+                                      entry->ptk.tk_len,
+                                      entry->ptk.tk,
+                                      entry->ptk.ltf_keyseed_len,
+                                      entry->ptk.ltf_keyseed, 0);
+       return 0;
+}
+
+
 static void wpas_pasn_configure_next_peer(struct wpa_supplicant *wpa_s,
                                          struct pasn_auth *pasn_params)
 {
@@ -467,6 +499,15 @@ static void wpas_pasn_configure_next_peer(struct wpa_supplicant *wpa_s,
                        continue;
                }
 
+               if (wpas_pasn_set_keys_from_cache(wpa_s, peer->own_addr,
+                                                 peer->peer_addr,
+                                                 peer->cipher,
+                                                 peer->akmp) == 0) {
+                       peer->status = PASN_STATUS_SUCCESS;
+                       wpa_s->pasn_count++;
+                       continue;
+               }
+
                if (wpas_pasn_get_params_from_bss(wpa_s, peer)) {
                        peer->status = PASN_STATUS_FAILURE;
                        wpa_s->pasn_count++;
@@ -1980,6 +2021,9 @@ int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s,
                        return 0;
                }
 
+               wpas_pasn_set_keys_from_cache(wpa_s, pasn->own_addr,
+                                             pasn->bssid, pasn->cipher,
+                                             pasn->akmp);
                wpas_pasn_auth_stop(wpa_s);
 
                wpas_pasn_auth_work_done(wpa_s, PASN_STATUS_SUCCESS);