Jouni Malinen 3459381dd2 External persistent storage for PMKSA cache entries ... This adds new wpa_supplicant control interface commands PMKSA_GET and PMKSA_ADD that can be used to store PMKSA cache entries in an external persistent storage when terminating a wpa_supplicant process and then restore those entries when starting a new process. The previously added PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing the external storage with the memory-only volatile storage within wpa_supplicant. "PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to a specific network profile. The network_id of the current profile is available with the STATUS command (id=<network_id). In addition, the network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The output of the PMKSA_GET command uses the following format: <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> For example: 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0 The PMKSA_GET command uses the following format: <network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> (i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET output data; however, the reauth_time and expiration values need to be updated by decrementing them by number of seconds between the PMKSA_GET and PMKSA_ADD commands) For example: PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0 PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0 This functionality is disabled be default and can be enabled with CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be noted that this allows any process that has access to the wpa_supplicant control interface to use PMKSA_ADD command to fetch keying material (PMK), so this is for environments in which the control interface access is restricted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>		2016-12-12 23:47:04 +02:00
..
ap	Send "TERMINATING" event from hostapd	2016-12-12 20:32:28 +02:00
common	Add PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicant	2016-12-12 21:00:43 +02:00
crypto	Extend AES-SIV implementation to support different key lengths	2016-10-10 19:40:59 +03:00
drivers	nl80211: Specify the BSSID in the QCA vendor scan	2016-12-11 21:36:16 +02:00
eap_common	TLS: Split tls_connection_prf() into two functions	2016-05-23 20:40:12 +03:00
eap_peer	ERP: Make eap_peer_finish() callable	2016-10-22 18:26:00 +03:00
eap_server	ERP: Update client identity based on EAP-Initiate/Re-auth	2016-10-22 23:13:17 +03:00
eapol_auth	RADIUS: Share a single function for generating session IDs	2016-02-06 17:19:35 +02:00
eapol_supp	ERP: Make eap_peer_finish() callable	2016-10-22 18:26:00 +03:00
fst	FST: Fix search for peer's "other" connection	2016-09-08 11:17:45 +03:00
l2_packet	l2_packet: Extend bridge workaround RX processing to cover two frames	2016-01-07 13:30:59 +02:00
p2p	P2P: Send P2P-DEVICE-FOUND event on peer changing device name	2016-12-11 12:45:08 +02:00
pae	macsec_linux: Add a driver for macsec on Linux kernels	2016-11-30 20:08:36 +02:00
radius	radius: Sanity check for NULL pointer segfault	2016-08-19 12:16:20 +03:00
rsn_supp	External persistent storage for PMKSA cache entries	2016-12-12 23:47:04 +02:00
tls	Fix typo in DigestAlgorithn	2016-10-29 11:14:09 +03:00
utils	Removed redundant NULL check for b in wpabuf_concat()	2016-10-28 19:05:08 +03:00
wps	Share a single str_starts() implementation	2016-08-06 12:38:21 +03:00
lib.rules	Add QUIET=1 option for make	2014-12-29 15:49:05 +02:00
Makefile	FST: Add the Fast Session Transfer (FST) module	2015-07-16 18:26:15 +03:00