From bbf94a0958aa23fcd360d15035b222eb3f6662ad Mon Sep 17 00:00:00 2001 From: Veerendranath Jakkam Date: Mon, 23 Mar 2020 19:11:24 +0530 Subject: [PATCH] nl80211: Configure PMKSA lifetime and reauth threshold timer to driver Drivers that trigger roaming need to know the lifetime and reauth threshold time of configured PMKSA so that they can trigger full authentication to avoid unnecessary disconnection. To support this, send dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold values configured in wpa_supplicant to the driver while configuring a PMKSA. Signed-off-by: Veerendranath Jakkam --- src/drivers/driver.h | 2 ++ src/drivers/driver_nl80211.c | 6 ++++++ src/rsn_supp/pmksa_cache.c | 4 +++- src/rsn_supp/preauth.c | 2 +- src/rsn_supp/wpa.h | 3 ++- src/rsn_supp/wpa_i.h | 6 ++++-- wpa_supplicant/preauth_test.c | 3 ++- wpa_supplicant/wpas_glue.c | 5 ++++- 8 files changed, 24 insertions(+), 7 deletions(-) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 39c7f9cb9..bc4f0ef95 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2357,6 +2357,8 @@ struct wpa_pmkid_params { const u8 *pmkid; const u8 *pmk; size_t pmk_len; + u32 pmk_lifetime; + u8 pmk_reauth_threshold; }; /* Mask used to specify which connection parameters have to be updated */ diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 5f2b5651c..4790770bf 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -8228,6 +8228,12 @@ static int nl80211_pmkid(struct i802_bss *bss, int cmd, (params->fils_cache_id && nla_put(msg, NL80211_ATTR_FILS_CACHE_ID, 2, params->fils_cache_id)) || + (params->pmk_lifetime && + nla_put_u32(msg, NL80211_ATTR_PMK_LIFETIME, + params->pmk_lifetime)) || + (params->pmk_reauth_threshold && + nla_put_u8(msg, NL80211_ATTR_PMK_REAUTH_THRESHOLD, + params->pmk_reauth_threshold)) || (cmd != NL80211_CMD_DEL_PMKSA && params->pmk_len && params->pmk_len <= PMK_MAX_LEN && nla_put(msg, NL80211_ATTR_PMK, params->pmk_len, params->pmk))) { diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c index 9c970f811..bd32cef08 100644 --- a/src/rsn_supp/pmksa_cache.c +++ b/src/rsn_supp/pmksa_cache.c @@ -267,7 +267,9 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa, entry->network_ctx, entry->akmp); wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa, entry->pmkid, entry->fils_cache_id_set ? entry->fils_cache_id : NULL, - entry->pmk, entry->pmk_len); + entry->pmk, entry->pmk_len, + pmksa->sm->dot11RSNAConfigPMKLifetime, + pmksa->sm->dot11RSNAConfigPMKReauthThreshold); return entry; } diff --git a/src/rsn_supp/preauth.c b/src/rsn_supp/preauth.c index a7ca2ed8b..a10192172 100644 --- a/src/rsn_supp/preauth.c +++ b/src/rsn_supp/preauth.c @@ -349,7 +349,7 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm) * PMKIDs again, so report the existing data now. */ if (p) { wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid, - NULL, p->pmk, p->pmk_len); + NULL, p->pmk, p->pmk_len, 0, 0); } dl_list_del(&candidate->list); diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index 1f22f2f26..796f39203 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -42,7 +42,8 @@ struct wpa_sm_ctx { size_t *msg_len, void **data_pos); int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *fils_cache_id, - const u8 *pmk, size_t pmk_len); + const u8 *pmk, size_t pmk_len, u32 pmk_lifetime, + u8 pmk_reauth_threshold); int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *fils_cache_id); void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 5178c28cb..1ad75dcfa 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -264,11 +264,13 @@ static inline u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type, static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *cache_id, const u8 *pmk, - size_t pmk_len) + size_t pmk_len, u32 pmk_lifetime, + u8 pmk_reauth_threshold) { WPA_ASSERT(sm->ctx->add_pmkid); return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid, - cache_id, pmk, pmk_len); + cache_id, pmk, pmk_len, pmk_lifetime, + pmk_reauth_threshold); } static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx, diff --git a/wpa_supplicant/preauth_test.c b/wpa_supplicant/preauth_test.c index 7ed5860f0..4a8f4ff8f 100644 --- a/wpa_supplicant/preauth_test.c +++ b/wpa_supplicant/preauth_test.c @@ -153,7 +153,8 @@ static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr, static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *fils_cache_id, - const u8 *pmk, size_t pmk_len) + const u8 *pmk, size_t pmk_len, + u32 pmk_lifetime, u8 pmk_reauth_threshold) { printf("%s - not implemented\n", __func__); return -1; diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 200a439cb..6bd271e12 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -574,7 +574,8 @@ static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s, static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, const u8 *bssid, const u8 *pmkid, const u8 *fils_cache_id, - const u8 *pmk, size_t pmk_len) + const u8 *pmk, size_t pmk_len, + u32 pmk_lifetime, u8 pmk_reauth_threshold) { struct wpa_supplicant *wpa_s = _wpa_s; struct wpa_ssid *ssid; @@ -596,6 +597,8 @@ static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, params.pmkid = pmkid; params.pmk = pmk; params.pmk_len = pmk_len; + params.pmk_lifetime = pmk_lifetime; + params.pmk_reauth_threshold = pmk_reauth_threshold; return wpa_drv_add_pmkid(wpa_s, ¶ms); }