FILS: Extend wpa_auth_pmksa_get() to support PMKID matching

This is needed for FILS processing to enable PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 4fed5ba05df15bb6224b672345e826528bf377e3..d14ae6de09b21669d204bd0e9f40b8f28bce824e 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3518,11 +3518,12 @@ void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
 
 
 struct rsn_pmksa_cache_entry *
-wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr)
+wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
+                  const u8 *pmkid)
 {
        if (!wpa_auth || !wpa_auth->pmksa)
                return NULL;
-       return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, NULL);
+       return pmksa_cache_auth_get(wpa_auth->pmksa, sta_addr, pmkid);
 }
 
 

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 571288411ec5c0ef88c4924ae0aacd91cb811e80..4df87df625692fa3688c4df9ab88faa0c3720d0e 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -303,7 +303,8 @@ int wpa_auth_pmksa_list(struct wpa_authenticator *wpa_auth, char *buf,
                        size_t len);
 void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth);
 struct rsn_pmksa_cache_entry *
-wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr);
+wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
+                  const u8 *pmkid);
 void wpa_auth_pmksa_set_to_sm(struct rsn_pmksa_cache_entry *pmksa,
                              struct wpa_state_machine *sm,
                              struct wpa_authenticator *wpa_auth,

diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index d14c7e3b20458131c54d7da8f2087bcd0cdf5471..6c3fa14c8d591e72cca20f156d2e259b35807097 100644 (file)
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -1135,7 +1135,7 @@ void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s,
         */
        if (!sta && action_field == PLINK_OPEN &&
            (!(mconf->security & MESH_CONF_SEC_AMPE) ||
-            wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa)))
+            wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa, NULL)))
                sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems);
 
        if (!sta) {

diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index fe606430bc3b08ccee8dcc4812a7074a7683fb9d..b1cf1385d97aeccbe8b112474d2ac2860e4748ef 100644 (file)
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -333,7 +333,7 @@ int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
                        return -1;
        }
 
-       pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr);
+       pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, NULL);
        if (pmksa) {
                if (!sta->wpa_sm)
                        sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
@@ -611,7 +611,7 @@ int mesh_rsn_process_ampe(struct wpa_supplicant *wpa_s, struct sta_info *sta,
        if (!sta->sae) {
                struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
 
-               if (!wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr)) {
+               if (!wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, NULL)) {
                        wpa_printf(MSG_INFO,
                                   "Mesh RSN: SAE is not prepared yet");
                        return -1;