From 96e63008fb4378de67e4634b7a893e69c35728d7 Mon Sep 17 00:00:00 2001 From: Chittur Subramanian Raman Date: Wed, 19 Aug 2020 14:36:39 +0530 Subject: [PATCH] OWE: Do not add DH Params element in AssocResp with PMKSA caching As per RFC 8110 (Opportunistic Wireless Encryption), if the AP has the PMK identified by the PMKID and wishes to perform PMK caching, it will include the PMKID in the Association Response frame RSNE but does not include the Diffie-Hellman Parameter element. This was already addressed for most cases with owe_process_assoc_req() not setting sta->owe_ecdh in case PMKSA caching is used. However, it was possible to an old STA entry to maintain the initial sta->owe_ecdh value if reassociation back to the same AP was used to initiate the PMKSA caching attempt. Cover that case by adding an explicit check for the time when the Association Response frame is being generated. Signed-off-by: Chittur Subramanian Raman --- src/ap/ieee802_11.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index b91640070..c98e77103 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -3890,7 +3890,8 @@ rsnxe_done: #ifdef CONFIG_OWE if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS && - wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) { + wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE && + !wpa_auth_sta_get_pmksa(sta->wpa_sm)) { struct wpabuf *pub; pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);