nl80211: Configure PMKSA lifetime and reauth threshold timer to driver

Drivers that trigger roaming need to know the lifetime and reauth
threshold time of configured PMKSA so that they can trigger full
authentication to avoid unnecessary disconnection. To support this, send
dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold values
configured in wpa_supplicant to the driver while configuring a PMKSA.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
This commit is contained in:
Veerendranath Jakkam 2020-03-23 19:11:24 +05:30 committed by Jouni Malinen
parent 1f4e9946bc
commit bbf94a0958
8 changed files with 24 additions and 7 deletions

View file

@ -2357,6 +2357,8 @@ struct wpa_pmkid_params {
const u8 *pmkid; const u8 *pmkid;
const u8 *pmk; const u8 *pmk;
size_t pmk_len; size_t pmk_len;
u32 pmk_lifetime;
u8 pmk_reauth_threshold;
}; };
/* Mask used to specify which connection parameters have to be updated */ /* Mask used to specify which connection parameters have to be updated */

View file

@ -8228,6 +8228,12 @@ static int nl80211_pmkid(struct i802_bss *bss, int cmd,
(params->fils_cache_id && (params->fils_cache_id &&
nla_put(msg, NL80211_ATTR_FILS_CACHE_ID, 2, nla_put(msg, NL80211_ATTR_FILS_CACHE_ID, 2,
params->fils_cache_id)) || params->fils_cache_id)) ||
(params->pmk_lifetime &&
nla_put_u32(msg, NL80211_ATTR_PMK_LIFETIME,
params->pmk_lifetime)) ||
(params->pmk_reauth_threshold &&
nla_put_u8(msg, NL80211_ATTR_PMK_REAUTH_THRESHOLD,
params->pmk_reauth_threshold)) ||
(cmd != NL80211_CMD_DEL_PMKSA && (cmd != NL80211_CMD_DEL_PMKSA &&
params->pmk_len && params->pmk_len <= PMK_MAX_LEN && params->pmk_len && params->pmk_len <= PMK_MAX_LEN &&
nla_put(msg, NL80211_ATTR_PMK, params->pmk_len, params->pmk))) { nla_put(msg, NL80211_ATTR_PMK, params->pmk_len, params->pmk))) {

View file

@ -267,7 +267,9 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa,
entry->network_ctx, entry->akmp); entry->network_ctx, entry->akmp);
wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa, entry->pmkid, wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa, entry->pmkid,
entry->fils_cache_id_set ? entry->fils_cache_id : NULL, entry->fils_cache_id_set ? entry->fils_cache_id : NULL,
entry->pmk, entry->pmk_len); entry->pmk, entry->pmk_len,
pmksa->sm->dot11RSNAConfigPMKLifetime,
pmksa->sm->dot11RSNAConfigPMKReauthThreshold);
return entry; return entry;
} }

View file

@ -349,7 +349,7 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm)
* PMKIDs again, so report the existing data now. */ * PMKIDs again, so report the existing data now. */
if (p) { if (p) {
wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid, wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid,
NULL, p->pmk, p->pmk_len); NULL, p->pmk, p->pmk_len, 0, 0);
} }
dl_list_del(&candidate->list); dl_list_del(&candidate->list);

View file

@ -42,7 +42,8 @@ struct wpa_sm_ctx {
size_t *msg_len, void **data_pos); size_t *msg_len, void **data_pos);
int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid, int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
const u8 *pmkid, const u8 *fils_cache_id, const u8 *pmkid, const u8 *fils_cache_id,
const u8 *pmk, size_t pmk_len); const u8 *pmk, size_t pmk_len, u32 pmk_lifetime,
u8 pmk_reauth_threshold);
int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid, int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
const u8 *pmkid, const u8 *fils_cache_id); const u8 *pmkid, const u8 *fils_cache_id);
void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob); void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);

View file

@ -264,11 +264,13 @@ static inline u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,
static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx, static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx,
const u8 *bssid, const u8 *pmkid, const u8 *bssid, const u8 *pmkid,
const u8 *cache_id, const u8 *pmk, const u8 *cache_id, const u8 *pmk,
size_t pmk_len) size_t pmk_len, u32 pmk_lifetime,
u8 pmk_reauth_threshold)
{ {
WPA_ASSERT(sm->ctx->add_pmkid); WPA_ASSERT(sm->ctx->add_pmkid);
return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid, return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
cache_id, pmk, pmk_len); cache_id, pmk, pmk_len, pmk_lifetime,
pmk_reauth_threshold);
} }
static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx, static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx,

View file

@ -153,7 +153,8 @@ static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx, static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx,
const u8 *bssid, const u8 *pmkid, const u8 *bssid, const u8 *pmkid,
const u8 *fils_cache_id, const u8 *fils_cache_id,
const u8 *pmk, size_t pmk_len) const u8 *pmk, size_t pmk_len,
u32 pmk_lifetime, u8 pmk_reauth_threshold)
{ {
printf("%s - not implemented\n", __func__); printf("%s - not implemented\n", __func__);
return -1; return -1;

View file

@ -574,7 +574,8 @@ static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s,
static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
const u8 *bssid, const u8 *pmkid, const u8 *bssid, const u8 *pmkid,
const u8 *fils_cache_id, const u8 *fils_cache_id,
const u8 *pmk, size_t pmk_len) const u8 *pmk, size_t pmk_len,
u32 pmk_lifetime, u8 pmk_reauth_threshold)
{ {
struct wpa_supplicant *wpa_s = _wpa_s; struct wpa_supplicant *wpa_s = _wpa_s;
struct wpa_ssid *ssid; struct wpa_ssid *ssid;
@ -596,6 +597,8 @@ static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
params.pmkid = pmkid; params.pmkid = pmkid;
params.pmk = pmk; params.pmk = pmk;
params.pmk_len = pmk_len; params.pmk_len = pmk_len;
params.pmk_lifetime = pmk_lifetime;
params.pmk_reauth_threshold = pmk_reauth_threshold;
return wpa_drv_add_pmkid(wpa_s, &params); return wpa_drv_add_pmkid(wpa_s, &params);
} }