From: Veerendranath Jakkam Date: Thu, 7 Oct 2021 14:16:04 +0000 (+0530) Subject: Add support to reconfigure or flush PMKSA cache on interface enable X-Git-Tag: hostap_2_10~130 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4775a5f827fa28887db3e12225c56fc2944bac6b;p=thirdparty%2Fhostap.git Add support to reconfigure or flush PMKSA cache on interface enable Update PMKSA cache when interface is disabled and then enabled based on the new MAC address. If the new MAC address is same as the previous MAC address, the PMKSA cache entries are valid and hence update the PMKSA cache entries to the driver. If the new MAC address is not same as the previous MAC address, the PMKSA cache entries will not be valid anymore and hence delete the PMKSA cache entries. Signed-off-by: Veerendranath Jakkam --- diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c index bd93c7ac7..a9952716b 100644 --- a/src/rsn_supp/pmksa_cache.c +++ b/src/rsn_supp/pmksa_cache.c @@ -667,4 +667,37 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, return pmksa; } + +void pmksa_cache_reconfig(struct rsn_pmksa_cache *pmksa) +{ + struct rsn_pmksa_cache_entry *entry; + struct os_reltime now; + + if (!pmksa || !pmksa->pmksa) + return; + + os_get_reltime(&now); + for (entry = pmksa->pmksa; entry; entry = entry->next) { + u32 life_time; + u8 reauth_threshold; + + if (entry->expiration - now.sec < 1 || + entry->reauth_time - now.sec < 1) + continue; + + life_time = entry->expiration - now.sec; + reauth_threshold = (entry->reauth_time - now.sec) * 100 / + life_time; + if (!reauth_threshold) + continue; + + wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa, + entry->pmkid, + entry->fils_cache_id_set ? + entry->fils_cache_id : NULL, + entry->pmk, entry->pmk_len, life_time, + reauth_threshold, entry->akmp); + } +} + #endif /* IEEE8021X_EAPOL */ diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h index ae7bc13fa..5f460cc06 100644 --- a/src/rsn_supp/pmksa_cache.h +++ b/src/rsn_supp/pmksa_cache.h @@ -86,6 +86,7 @@ pmksa_cache_get_opportunistic(struct rsn_pmksa_cache *pmksa, void *network_ctx, const u8 *aa, int akmp); void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, void *network_ctx, const u8 *pmk, size_t pmk_len, bool external_only); +void pmksa_cache_reconfig(struct rsn_pmksa_cache *pmksa); #else /* IEEE8021X_EAPOL */ @@ -163,6 +164,10 @@ static inline void pmksa_cache_flush(struct rsn_pmksa_cache *pmksa, { } +static inline void pmksa_cache_reconfig(struct rsn_pmksa_cache *pmksa) +{ +} + #endif /* IEEE8021X_EAPOL */ #endif /* PMKSA_CACHE_H */ diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index e01cd5217..1bb9cc6bc 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -5246,3 +5246,10 @@ void wpa_pasn_pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk, size_t pmk_len, key_mgmt, 0); } #endif /* CONFIG_PASN */ + + +void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm) +{ + if (sm) + pmksa_cache_reconfig(sm->pmksa); +} diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index c98377bf6..41daaae2c 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -216,6 +216,7 @@ void wpa_sm_set_ptk_kck_kek(struct wpa_sm *sm, const u8 *ptk_kck, size_t ptk_kck_len, const u8 *ptk_kek, size_t ptk_kek_len); int wpa_fils_is_completed(struct wpa_sm *sm); +void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm); #else /* CONFIG_NO_WPA */ @@ -425,6 +426,10 @@ static inline int wpa_fils_is_completed(struct wpa_sm *sm) return 0; } +static inline void wpa_sm_pmksa_cache_reconfig(struct wpa_sm *sm) +{ +} + #endif /* CONFIG_NO_WPA */ #ifdef CONFIG_IEEE80211R diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 878d9bc74..7b892dac2 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -5344,13 +5344,21 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event, break; case EVENT_INTERFACE_MAC_CHANGED: wpa_supplicant_update_mac_addr(wpa_s); + wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); break; case EVENT_INTERFACE_ENABLED: wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled"); if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { + u8 addr[ETH_ALEN]; + eloop_cancel_timeout(wpas_clear_disabled_interface, wpa_s, NULL); + os_memcpy(addr, wpa_s->own_addr, ETH_ALEN); wpa_supplicant_update_mac_addr(wpa_s); + if (os_memcmp(addr, wpa_s->own_addr, ETH_ALEN) != 0) + wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); + else + wpa_sm_pmksa_cache_reconfig(wpa_s->wpa); wpa_supplicant_set_default_scan_ies(wpa_s); if (wpa_s->p2p_mgmt) { wpa_supplicant_set_state(wpa_s,