FILS: Add support for Cache Identifier in add/remove PMKSA

Add support for setting and deleting PMKSA cache entries based on FILS Cache
Identifer. Also additionally add support for sending PMK as part of
SET_PMKSA to enable driver to derive keys in case of FILS shared key
offload using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Vidyullatha Kanchanapally 2017-03-30 19:27:15 +05:30 committed by Jouni Malinen
parent 061a3d3d53
commit 42e69bda2a
6 changed files with 47 additions and 16 deletions

View file

@ -44,7 +44,9 @@ static void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
enum pmksa_free_reason reason) enum pmksa_free_reason reason)
{ {
wpa_sm_remove_pmkid(pmksa->sm, entry->network_ctx, entry->aa, wpa_sm_remove_pmkid(pmksa->sm, entry->network_ctx, entry->aa,
entry->pmkid); entry->pmkid,
entry->fils_cache_id_set ? entry->fils_cache_id :
NULL);
pmksa->pmksa_count--; pmksa->pmksa_count--;
pmksa->free_cb(entry, pmksa->ctx, reason); pmksa->free_cb(entry, pmksa->ctx, reason);
_pmksa_cache_free_entry(entry); _pmksa_cache_free_entry(entry);
@ -263,8 +265,9 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa,
pmksa->pmksa_count++; pmksa->pmksa_count++;
wpa_printf(MSG_DEBUG, "RSN: Added PMKSA cache entry for " MACSTR wpa_printf(MSG_DEBUG, "RSN: Added PMKSA cache entry for " MACSTR
" network_ctx=%p", MAC2STR(entry->aa), entry->network_ctx); " network_ctx=%p", MAC2STR(entry->aa), entry->network_ctx);
wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa, wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa, entry->pmkid,
entry->pmkid); entry->fils_cache_id_set ? entry->fils_cache_id : NULL,
entry->pmk, entry->pmk_len);
return entry; return entry;
} }

View file

@ -342,7 +342,8 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm)
/* Some drivers (e.g., NDIS) expect to get notified about the /* Some drivers (e.g., NDIS) expect to get notified about the
* PMKIDs again, so report the existing data now. */ * PMKIDs again, so report the existing data now. */
if (p) { if (p) {
wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid); wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid,
NULL, p->pmk, p->pmk_len);
} }
dl_list_del(&candidate->list); dl_list_del(&candidate->list);

View file

@ -39,9 +39,10 @@ struct wpa_sm_ctx {
u8 * (*alloc_eapol)(void *ctx, u8 type, const void *data, u16 data_len, u8 * (*alloc_eapol)(void *ctx, u8 type, const void *data, u16 data_len,
size_t *msg_len, void **data_pos); size_t *msg_len, void **data_pos);
int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid, int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
const u8 *pmkid); const u8 *pmkid, const u8 *fils_cache_id,
const u8 *pmk, size_t pmk_len);
int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid, int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
const u8 *pmkid); const u8 *pmkid, const u8 *fils_cache_id);
void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
const struct wpa_config_blob * (*get_config_blob)(void *ctx, const struct wpa_config_blob * (*get_config_blob)(void *ctx,
const char *name); const char *name);

View file

@ -231,17 +231,22 @@ static inline u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,
} }
static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx, static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx,
const u8 *bssid, const u8 *pmkid) const u8 *bssid, const u8 *pmkid,
const u8 *cache_id, const u8 *pmk,
size_t pmk_len)
{ {
WPA_ASSERT(sm->ctx->add_pmkid); WPA_ASSERT(sm->ctx->add_pmkid);
return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid); return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
cache_id, pmk, pmk_len);
} }
static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx, static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx,
const u8 *bssid, const u8 *pmkid) const u8 *bssid, const u8 *pmkid,
const u8 *cache_id)
{ {
WPA_ASSERT(sm->ctx->remove_pmkid); WPA_ASSERT(sm->ctx->remove_pmkid);
return sm->ctx->remove_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid); return sm->ctx->remove_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
cache_id);
} }
static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr, static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr,

View file

@ -144,7 +144,9 @@ static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx, static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx,
const u8 *bssid, const u8 *pmkid) const u8 *bssid, const u8 *pmkid,
const u8 *fils_cache_id,
const u8 *pmk, size_t pmk_len)
{ {
printf("%s - not implemented\n", __func__); printf("%s - not implemented\n", __func__);
return -1; return -1;
@ -152,7 +154,8 @@ static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx,
static int wpa_supplicant_remove_pmkid(void *wpa_s, void *network_ctx, static int wpa_supplicant_remove_pmkid(void *wpa_s, void *network_ctx,
const u8 *bssid, const u8 *pmkid) const u8 *bssid, const u8 *pmkid,
const u8 *fils_cache_id)
{ {
printf("%s - not implemented\n", __func__); printf("%s - not implemented\n", __func__);
return -1; return -1;

View file

@ -530,7 +530,9 @@ static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s,
static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
const u8 *bssid, const u8 *pmkid) const u8 *bssid, const u8 *pmkid,
const u8 *fils_cache_id,
const u8 *pmk, size_t pmk_len)
{ {
struct wpa_supplicant *wpa_s = _wpa_s; struct wpa_supplicant *wpa_s = _wpa_s;
struct wpa_ssid *ssid; struct wpa_ssid *ssid;
@ -541,15 +543,25 @@ static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
if (ssid) if (ssid)
wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d", wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d",
MAC2STR(bssid), ssid->id); MAC2STR(bssid), ssid->id);
params.bssid = bssid; if (ssid && fils_cache_id) {
params.ssid = ssid->ssid;
params.ssid_len = ssid->ssid_len;
params.fils_cache_id = fils_cache_id;
} else {
params.bssid = bssid;
}
params.pmkid = pmkid; params.pmkid = pmkid;
params.pmk = pmk;
params.pmk_len = pmk_len;
return wpa_drv_add_pmkid(wpa_s, &params); return wpa_drv_add_pmkid(wpa_s, &params);
} }
static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx, static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx,
const u8 *bssid, const u8 *pmkid) const u8 *bssid, const u8 *pmkid,
const u8 *fils_cache_id)
{ {
struct wpa_supplicant *wpa_s = _wpa_s; struct wpa_supplicant *wpa_s = _wpa_s;
struct wpa_ssid *ssid; struct wpa_ssid *ssid;
@ -560,8 +572,14 @@ static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx,
if (ssid) if (ssid)
wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_REMOVED MACSTR " %d", wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_REMOVED MACSTR " %d",
MAC2STR(bssid), ssid->id); MAC2STR(bssid), ssid->id);
if (ssid && fils_cache_id) {
params.ssid = ssid->ssid;
params.ssid_len = ssid->ssid_len;
params.fils_cache_id = fils_cache_id;
} else {
params.bssid = bssid;
}
params.bssid = bssid;
params.pmkid = pmkid; params.pmkid = pmkid;
return wpa_drv_remove_pmkid(wpa_s, &params); return wpa_drv_remove_pmkid(wpa_s, &params);