FILS: Update PMKSA cache with FILS shared key offload

Add a new PMKSA cache entry within wpa_supplicant if a driver event from
offloaded FILS shared key authentication indicates a new PMKSA entry was
created.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index c863ce41be17db67f56a9775a31de0c326b2a869..67ec80c2f1b4c700fbe62d106e614246a40e5133 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -3079,6 +3079,16 @@ wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm,
 }
 
 
+void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
+                           const u8 *pmkid, const u8 *bssid,
+                           const u8 *fils_cache_id)
+{
+       sm->cur_pmksa = pmksa_cache_add(sm->pmksa, pmk, pmk_len, pmkid, NULL, 0,
+                                       bssid, sm->own_addr, sm->network_ctx,
+                                       sm->key_mgmt, fils_cache_id);
+}
+
+
 void wpa_sm_drop_sa(struct wpa_sm *sm)
 {
        wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK");

diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 2f41c230c5cacd521b17981617d1b241ad35c34d..3368d93657dd3341fea07fcf5c613750c400a291 100644 (file)
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -157,6 +157,9 @@ struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_head(struct wpa_sm *sm);
 struct rsn_pmksa_cache_entry *
 wpa_sm_pmksa_cache_add_entry(struct wpa_sm *sm,
                             struct rsn_pmksa_cache_entry * entry);
+void wpa_sm_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len,
+                           const u8 *pmkid, const u8 *bssid,
+                           const u8 *fils_cache_id);
 void wpa_sm_drop_sa(struct wpa_sm *sm);
 int wpa_sm_has_ptk(struct wpa_sm *sm);
 

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index bb13d54ac8f5c20826d61876ff086e9068c13002..fcfd3bcd6dcf0dcd2d63e57abdd4c7e6a3cec36d 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3629,9 +3629,26 @@ static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s,
                               data->assoc_info.ptk_kek_len);
 #ifdef CONFIG_FILS
        if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {
+               struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid);
+               const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss);
+
                /* Update ERP next sequence number */
                eapol_sm_update_erp_next_seq_num(
                        wpa_s->eapol, data->assoc_info.fils_erp_next_seq_num);
+
+               if (data->assoc_info.fils_pmk && data->assoc_info.fils_pmkid) {
+                       /* Add the new PMK and PMKID to the PMKSA cache */
+                       wpa_sm_pmksa_cache_add(wpa_s->wpa,
+                                              data->assoc_info.fils_pmk,
+                                              data->assoc_info.fils_pmk_len,
+                                              data->assoc_info.fils_pmkid,
+                                              wpa_s->bssid, fils_cache_id);
+               } else if (data->assoc_info.fils_pmkid) {
+                       /* Update the current PMKSA used for this connection */
+                       pmksa_cache_set_current(wpa_s->wpa,
+                                               data->assoc_info.fils_pmkid,
+                                               NULL, NULL, 0, NULL);
+               }
        } else {
                wpa_sm_set_rx_replay_ctr(wpa_s->wpa,
                                         data->assoc_info.key_replay_ctr);