FT: Do not add PMKID to the driver for FT-EAP if caching is disabled

wpa_supplicant disables PMKSA caching with FT-EAP by default due to known interoperability issues with APs. This is allowed only if the network profile is explicitly enabling caching with ft_eap_pmksa_caching=1. However, the PMKID for such PMKSA cache entries was still being configured to the driver and it was possible for the driver to build an RSNE with the PMKID for SME-in-driver cases. This could result in hitting the interop issue with some APs. Fix this by skipping PMKID configuration to the driver fot FT-EAP AKM if ft_eap_pmksa_caching=1 is not used in the network profile so that the driver and wpa_supplicant behavior are in sync for this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-06-06 16:46:32 +03:00 · 2020-06-06 16:46:32 +03:00 · 215b4d8a72
commit 215b4d8a72
parent 5cf91afeeb
6 changed files with 25 additions and 8 deletions
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@ -269,7 +269,8 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa,
 			 entry->fils_cache_id_set ? entry->fils_cache_id : NULL,
 			 entry->pmk, entry->pmk_len,
 			 pmksa->sm->dot11RSNAConfigPMKLifetime,
-			 pmksa->sm->dot11RSNAConfigPMKReauthThreshold);
+			 pmksa->sm->dot11RSNAConfigPMKReauthThreshold,
+			 entry->akmp);

 	return entry;
 }
--- a/src/rsn_supp/preauth.c
+++ b/src/rsn_supp/preauth.c
@ -349,7 +349,8 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm)
 		 * PMKIDs again, so report the existing data now. */
 		if (p) {
 			wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid,
-					 NULL, p->pmk, p->pmk_len, 0, 0);
+					 NULL, p->pmk, p->pmk_len, 0, 0,
+					 p->akmp);
 		}

 		dl_list_del(&candidate->list);
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@ -43,7 +43,7 @@ struct wpa_sm_ctx {
 	int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
 			 const u8 *pmkid, const u8 *fils_cache_id,
 			 const u8 *pmk, size_t pmk_len, u32 pmk_lifetime,
-			 u8 pmk_reauth_threshold);
+			 u8 pmk_reauth_threshold, int akmp);
 	int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
 			    const u8 *pmkid, const u8 *fils_cache_id);
 	void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@ -268,12 +268,12 @@ static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx,
 				   const u8 *bssid, const u8 *pmkid,
 				   const u8 *cache_id, const u8 *pmk,
 				   size_t pmk_len, u32 pmk_lifetime,
-				   u8 pmk_reauth_threshold)
+				   u8 pmk_reauth_threshold, int akmp)
 {
 	WPA_ASSERT(sm->ctx->add_pmkid);
 	return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
 				  cache_id, pmk, pmk_len, pmk_lifetime,
-				  pmk_reauth_threshold);
+				  pmk_reauth_threshold, akmp);
 }

 static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx,