hostap/src
Jouni Malinen 3459381dd2 External persistent storage for PMKSA cache entries
This adds new wpa_supplicant control interface commands PMKSA_GET and
PMKSA_ADD that can be used to store PMKSA cache entries in an external
persistent storage when terminating a wpa_supplicant process and then
restore those entries when starting a new process. The previously added
PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing
the external storage with the memory-only volatile storage within
wpa_supplicant.

"PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to
a specific network profile. The network_id of the current profile is
available with the STATUS command (id=<network_id). In addition, the
network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The
output of the PMKSA_GET command uses the following format:

<BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds>
<akmp> <opportunistic>

For example:

02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0
02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0

The PMKSA_GET command uses the following format:

<network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration
in seconds> <akmp> <opportunistic>

(i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET
output data; however, the reauth_time and expiration values need to be
updated by decrementing them by number of seconds between the PMKSA_GET
and PMKSA_ADD commands)

For example:

PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0
PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0

This functionality is disabled be default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be
noted that this allows any process that has access to the wpa_supplicant
control interface to use PMKSA_ADD command to fetch keying material
(PMK), so this is for environments in which the control interface access
is restricted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-12 23:47:04 +02:00
..
ap Send "TERMINATING" event from hostapd 2016-12-12 20:32:28 +02:00
common Add PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicant 2016-12-12 21:00:43 +02:00
crypto Extend AES-SIV implementation to support different key lengths 2016-10-10 19:40:59 +03:00
drivers nl80211: Specify the BSSID in the QCA vendor scan 2016-12-11 21:36:16 +02:00
eap_common TLS: Split tls_connection_prf() into two functions 2016-05-23 20:40:12 +03:00
eap_peer ERP: Make eap_peer_finish() callable 2016-10-22 18:26:00 +03:00
eap_server ERP: Update client identity based on EAP-Initiate/Re-auth 2016-10-22 23:13:17 +03:00
eapol_auth RADIUS: Share a single function for generating session IDs 2016-02-06 17:19:35 +02:00
eapol_supp ERP: Make eap_peer_finish() callable 2016-10-22 18:26:00 +03:00
fst FST: Fix search for peer's "other" connection 2016-09-08 11:17:45 +03:00
l2_packet l2_packet: Extend bridge workaround RX processing to cover two frames 2016-01-07 13:30:59 +02:00
p2p P2P: Send P2P-DEVICE-FOUND event on peer changing device name 2016-12-11 12:45:08 +02:00
pae macsec_linux: Add a driver for macsec on Linux kernels 2016-11-30 20:08:36 +02:00
radius radius: Sanity check for NULL pointer segfault 2016-08-19 12:16:20 +03:00
rsn_supp External persistent storage for PMKSA cache entries 2016-12-12 23:47:04 +02:00
tls Fix typo in DigestAlgorithn 2016-10-29 11:14:09 +03:00
utils Removed redundant NULL check for b in wpabuf_concat() 2016-10-28 19:05:08 +03:00
wps Share a single str_starts() implementation 2016-08-06 12:38:21 +03:00
lib.rules Add QUIET=1 option for make 2014-12-29 15:49:05 +02:00
Makefile FST: Add the Fast Session Transfer (FST) module 2015-07-16 18:26:15 +03:00