diff mbox series

Avoid Diffie-Hellman Element inclusion in Association

Message ID DM6PR19MB3788DCF5ABEF9716C64F6097CE5A0@DM6PR19MB3788.namprd19.prod.outlook.com
State Accepted
Headers show
Series Avoid Diffie-Hellman Element inclusion in Association | expand

Commit Message

Chittur Subramanian Raman Aug. 20, 2020, 5:31 a.m. UTC 
Avoid Diffie-Hellman Element inclusion in Association Response frame from AP in case of PMKSA caching. As per RFC 8110 -  Opportunistic Wireless Encryption, if the AP has the PMK identified by the PMKID and wishes to perform "PMK caching", he will include the PMKID in his 802.11 association response but does not include a Diffie-Hellman Parameter element.

Signed-off-by: Chittur Subramanian Raman <craman@maxlinear.com>
---
src/ap/ieee802_11.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Jouni Malinen Aug. 22, 2020, 2:08 p.m. UTC | #1 
On Thu, Aug 20, 2020 at 05:31:16AM +0000, Chittur Subramanian Raman wrote:
> Avoid Diffie-Hellman Element inclusion in Association Response frame from AP in case of PMKSA caching. As per RFC 8110 -  Opportunistic Wireless Encryption, if the AP has the PMK identified by the PMKID and wishes to perform "PMK caching", he will include the PMKID in his 802.11 association response but does not include a Diffie-Hellman Parameter element.

Thanks, applied. Though, this commit message did not seem to addressing
a corner case rather than the normal case where the DH Param element was
already not included. It was possible for that element to be there in
Association Response frame in cases where the STA entry was left from an
earlier association and a new association is being tried before that
state gets cleared. For the normal case of starting without such state,
sta->owe_ecdh would be left to NULL to skip this addition of the IE.
diff mbox series

Patch

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index b91640070..c98e77103 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3890,7 +3890,8 @@  rsnxe_done:
#ifdef CONFIG_OWE
             if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
                 sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS &&
-                 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) {
+                wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
+                !wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
                            struct wpabuf *pub;

                             pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);