Add support to reconfigure or flush PMKSA cache on interface enable

Update PMKSA cache when interface is disabled and then enabled based on
the new MAC address. If the new MAC address is same as the previous MAC
address, the PMKSA cache entries are valid and hence update the PMKSA
cache entries to the driver. If the new MAC address is not same as the
previous MAC address, the PMKSA cache entries will not be valid anymore
and hence delete the PMKSA cache entries.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>

diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index bd93c7ac725f78c22d39228ac3c5674b539fe78a..a9952716b3437350eddecd34e36e20cf4868e2c3 100644 (file)
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -667,4 +667,37 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
        return pmksa;
 }
 
+
+void pmksa_cache_reconfig(struct rsn_pmksa_cache *pmksa)
+{
+       struct rsn_pmksa_cache_entry *entry;
+       struct os_reltime now;
+
+       if (!pmksa || !pmksa->pmksa)
+               return;
+
+       os_get_reltime(&now);
+       for (entry = pmksa->pmksa; entry; entry = entry->next) {
+               u32 life_time;
+               u8 reauth_threshold;
+
+               if (entry->expiration - now.sec < 1 ||
+                   entry->reauth_time - now.sec < 1)
+                       continue;
+
+               life_time = entry->expiration - now.sec;
+               reauth_threshold = (entry->reauth_time - now.sec) * 100 /
+                       life_time;
+               if (!reauth_threshold)
+                       continue;
+
+               wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa,
+                                entry->pmkid,
+                                entry->fils_cache_id_set ?
+                                entry->fils_cache_id : NULL,
+                                entry->pmk, entry->pmk_len, life_time,
+                                reauth_threshold, entry->akmp);
+       }
+}
+
 #endif /* IEEE8021X_EAPOL */

diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
index ae7bc13fa11869975a0c2415780f2d2544692521..5f460cc062848f471248dc83db6b876f12c6b77e 100644 (file)
--- a/src/rsn_supp/pmksa_cache.h
+++ b/src/rsn_supp/pmksa_cache.h
@@ -86,6 +86,7 @@ pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa,
                              void *network_ctx, const u8 *aa, int akmp);
 void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx,
                       const u8 *pmk, size_t pmk_len, bool external_only);
+void pmksa_cache_reconfig(struct rsn_pmksa_cache *pmksa);
 
 #else /* IEEE8021X_EAPOL */
 
@@ -163,6 +164,10 @@ static inline void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa,
 {
 }
 
+static inline void pmksa_cache_reconfig(struct rsn_pmksa_cache *pmksa)
+{
+}
+
 #endif /* IEEE8021X_EAPOL */
 
 #endif /* PMKSA_CACHE_H */

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index e01cd52177d283e705244e534fbd99a1921409df..1bb9cc6bc44a0ab362452e965efbb18b7fa82f72 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -5246,3 +5246,10 @@ void wpa_pasn_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
                                        key_mgmt, 0);
 }
 #endif /* CONFIG_PASN */
+
+
+void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm)
+{
+       if (sm)
+               pmksa_cache_reconfig(sm->pmksa);
+}

diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index c98377bf6f047c584aa6130467bd4ac3c28ceb55..41daaae2cf72aa6630ee4e5c6f232527d2f46098 100644 (file)
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -216,6 +216,7 @@ void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm,
                            const u8 *ptk_kck, size_t ptk_kck_len,
                            const u8 *ptk_kek, size_t ptk_kek_len);
 int wpa_fils_is_completed(struct wpa_sm *sm);
+void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm);
 
 #else /* CONFIG_NO_WPA */
 
@@ -425,6 +426,10 @@ static inline int wpa_fils_is_completed(struct wpa_sm *sm)
        return 0;
 }
 
+static inline void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm)
+{
+}
+
 #endif /* CONFIG_NO_WPA */
 
 #ifdef CONFIG_IEEE80211R

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 878d9bc741351647846b31fa8f783873ed5b324d..7b892dac2a5c76f22a8e87f68949ca2335276118 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -5344,13 +5344,21 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
                break;
        case EVENT_INTERFACE_MAC_CHANGED:
                wpa_supplicant_update_mac_addr(wpa_s);
+               wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
                break;
        case EVENT_INTERFACE_ENABLED:
                wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled");
                if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
+                       u8 addr[ETH_ALEN];
+
                        eloop_cancel_timeout(wpas_clear_disabled_interface,
                                             wpa_s, NULL);
+                       os_memcpy(addr, wpa_s->own_addr, ETH_ALEN);
                        wpa_supplicant_update_mac_addr(wpa_s);
+                       if (os_memcmp(addr, wpa_s->own_addr, ETH_ALEN) != 0)
+                               wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
+                       else
+                               wpa_sm_pmksa_cache_reconfig(wpa_s->wpa);
                        wpa_supplicant_set_default_scan_ies(wpa_s);
                        if (wpa_s->p2p_mgmt) {
                                wpa_supplicant_set_state(wpa_s,