From: Shivani Baranwal Date: Wed, 23 Apr 2025 08:11:14 +0000 (+0530) Subject: P2P2: Remove setting of PMK/PMKID from validate_dira() X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77ec97d138bd1d433b0495bbf83bb1b149e16125;p=thirdparty%2Fhostap.git P2P2: Remove setting of PMK/PMKID from validate_dira() Split setting of PMK/PMKID from validate_dira() to set_pmksa() to avoid setting PMK/PMKID when DIRA is validated with each USD frame. Also set PMK/PMKID from configuration during PASN verification. Signed-off-by: Shivani Baranwal --- diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c index b598a7856..7d6cb97ab 100644 --- a/src/p2p/p2p.c +++ b/src/p2p/p2p.c @@ -6453,6 +6453,10 @@ void p2p_pasn_initialize(struct p2p_data *p2p, struct p2p_device *dev, dev->password); } else if (verify) { pasn->akmp = WPA_KEY_MGMT_SAE; + if (p2p->cfg->set_pmksa) + p2p->cfg->set_pmksa(p2p->cfg->cb_ctx, + dev->info.p2p_device_addr, + dev->info.dik_id); } else { pasn->akmp = WPA_KEY_MGMT_PASN; } @@ -6774,6 +6778,12 @@ static int p2p_pasn_handle_action_wrapper(struct p2p_data *p2p, msg.dira_len)) { struct wpa_ie_data rsn_data; + if (p2p->cfg->set_pmksa) + p2p->cfg->set_pmksa( + p2p->cfg->cb_ctx, + dev->info.p2p_device_addr, + dev->info.dik_id); + if (wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2, &rsn_data) == 0 && diff --git a/src/p2p/p2p.h b/src/p2p/p2p.h index d0ecbd8fb..6f509d770 100644 --- a/src/p2p/p2p.h +++ b/src/p2p/p2p.h @@ -1380,14 +1380,24 @@ struct p2p_config { * @dira_tag: DIRA Tag * Returns: Identity block ID on success, 0 on failure * - * This function can be used to validate DIRA and configure PMK of a - * paired/persistent peer from configuration. The handler function is - * expected to call p2p_pasn_pmksa_set_pmk() to set the PMK/PMKID in - * case a matching entry is found. + * This function can be used to validate DIRA. */ int (*validate_dira)(void *ctx, const u8 *peer_addr, const u8 *dira_nonce, const u8 *dira_tag); + /** + * set_pmksa - Configure PMK of a paired/persistent peer from + * configuration + * @ctx: Callback context from cb_ctx + * @peer_addr: P2P Device address of the peer + * @dik_id: Identity block ID + * Returns: 0 on success + * + * It is expected to call p2p_pasn_pmksa_set_pmk() to set the PMK/PMKID + * for given dik_id. + */ + int (*set_pmksa)(void *ctx, const u8 *peer_addr, int dik_id); + /** * pasn_send_mgmt - Function handler to transmit a Management frame * @ctx: Callback context from cb_ctx diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index c0bb1c636..449c95fc3 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -5525,6 +5525,27 @@ static void wpas_bootstrap_rsp_rx(void *ctx, const u8 *addr, } +static int wpas_set_pmksa(void *ctx, const u8 *peer_addr, int dik_id) +{ + struct wpa_supplicant *wpa_s = ctx; + struct wpa_dev_ik *ik; + + for (ik = wpa_s->conf->identity; ik; ik = ik->next) { + if (ik->id == dik_id) + break; + } + if (!ik) + return -1; +#ifdef CONFIG_PASN + p2p_pasn_pmksa_set_pmk(wpa_s->global->p2p, wpa_s->global->p2p_dev_addr, + peer_addr, + wpabuf_head(ik->pmk), wpabuf_len(ik->pmk), + wpabuf_head(ik->pmkid)); +#endif /* CONFIG_PASN */ + return 0; +} + + static int wpas_validate_dira(void *ctx, const u8 *peer_addr, const u8 *dira_nonce, const u8 *dira_tag) { @@ -5566,13 +5587,6 @@ static int wpas_validate_dira(void *ctx, const u8 *peer_addr, if (!ik) return 0; -#ifdef CONFIG_PASN - p2p_pasn_pmksa_set_pmk(wpa_s->global->p2p, wpa_s->global->p2p_dev_addr, - peer_addr, - wpabuf_head(ik->pmk), wpabuf_len(ik->pmk), - wpabuf_head(ik->pmkid)); -#endif /* CONFIG_PASN */ - return ik->id; } @@ -5797,6 +5811,7 @@ int wpas_p2p_init(struct wpa_global *global, struct wpa_supplicant *wpa_s) p2p.bootstrap_req_rx = wpas_bootstrap_req_rx; p2p.bootstrap_rsp_rx = wpas_bootstrap_rsp_rx; p2p.validate_dira = wpas_validate_dira; + p2p.set_pmksa = wpas_set_pmksa; #ifdef CONFIG_PASN p2p.pasn_send_mgmt = wpas_p2p_pasn_send_mgmt; p2p.prepare_data_element = wpas_p2p_prepare_data_element;