PASN: Deauthenticate on PTKSA cache entry expiration
Add an option for an alternative processing of PTKSA life time expiry. Register a callback in wpa_supplicant to handle the life time expiry of the keys in PTKSA cache. Send PASN deauthentication when a PTKSA cache entry expires. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
parent
74d894a2ea
commit
24929543ba
6 changed files with 35 additions and 8 deletions
|
@ -3503,7 +3503,7 @@ static void handle_auth_pasn_3(struct hostapd_data *hapd, struct sta_info *sta,
|
|||
"PASN: Success handling transaction == 3. Store PTK");
|
||||
|
||||
ptksa_cache_add(hapd->ptksa, hapd->own_addr, sta->addr,
|
||||
sta->pasn->cipher, 43200, &sta->pasn->ptk);
|
||||
sta->pasn->cipher, 43200, &sta->pasn->ptk, NULL, NULL);
|
||||
fail:
|
||||
ap_free_sta(hapd, sta);
|
||||
}
|
||||
|
|
|
@ -935,7 +935,7 @@ static void hostapd_store_ptksa(void *ctx, const u8 *addr,int cipher,
|
|||
struct hostapd_data *hapd = ctx;
|
||||
|
||||
ptksa_cache_add(hapd->ptksa, hapd->own_addr, addr, cipher, life_time,
|
||||
ptk);
|
||||
ptk, NULL, NULL);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -51,6 +51,9 @@ static void ptksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
|
|||
wpa_printf(MSG_DEBUG, "Expired PTKSA cache entry for " MACSTR,
|
||||
MAC2STR(e->addr));
|
||||
|
||||
if (e->cb && e->ctx)
|
||||
e->cb(e);
|
||||
else
|
||||
ptksa_cache_free_entry(ptksa, e);
|
||||
}
|
||||
|
||||
|
@ -259,6 +262,8 @@ void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher)
|
|||
* @cipher: The cipher used
|
||||
* @life_time: The PTK life time in seconds
|
||||
* @ptk: The PTK
|
||||
* @life_time_expiry_cb: Callback for alternative expiration handling
|
||||
* @ctx: Context pointer to save into e->ctx for the callback
|
||||
* Returns: Pointer to the added PTKSA cache entry or %NULL on error
|
||||
*
|
||||
* This function creates a PTKSA entry and adds it to the PTKSA cache.
|
||||
|
@ -269,7 +274,10 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
|
|||
const u8 *own_addr,
|
||||
const u8 *addr, u32 cipher,
|
||||
u32 life_time,
|
||||
const struct wpa_ptk *ptk)
|
||||
const struct wpa_ptk *ptk,
|
||||
void (*life_time_expiry_cb)
|
||||
(struct ptksa_cache_entry *e),
|
||||
void *ctx)
|
||||
{
|
||||
struct ptksa_cache_entry *entry, *tmp, *tmp2 = NULL;
|
||||
struct os_reltime now;
|
||||
|
@ -291,6 +299,9 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
|
|||
dl_list_init(&entry->list);
|
||||
os_memcpy(entry->addr, addr, ETH_ALEN);
|
||||
entry->cipher = cipher;
|
||||
entry->cb = life_time_expiry_cb;
|
||||
entry->ctx = ctx;
|
||||
|
||||
if (own_addr)
|
||||
os_memcpy(entry->own_addr, own_addr, ETH_ALEN);
|
||||
|
||||
|
|
|
@ -24,6 +24,8 @@ struct ptksa_cache_entry {
|
|||
u32 cipher;
|
||||
u8 addr[ETH_ALEN];
|
||||
u8 own_addr[ETH_ALEN];
|
||||
void (*cb)(struct ptksa_cache_entry *e);
|
||||
void *ctx;
|
||||
};
|
||||
|
||||
#ifdef CONFIG_PTKSA_CACHE
|
||||
|
@ -39,7 +41,10 @@ struct ptksa_cache_entry * ptksa_cache_add(struct ptksa_cache *ptksa,
|
|||
const u8 *own_addr,
|
||||
const u8 *addr, u32 cipher,
|
||||
u32 life_time,
|
||||
const struct wpa_ptk *ptk);
|
||||
const struct wpa_ptk *ptk,
|
||||
void (*cb)
|
||||
(struct ptksa_cache_entry *e),
|
||||
void *ctx);
|
||||
void ptksa_cache_flush(struct ptksa_cache *ptksa, const u8 *addr, u32 cipher);
|
||||
|
||||
#else /* CONFIG_PTKSA_CACHE */
|
||||
|
@ -67,7 +72,8 @@ static inline int ptksa_cache_list(struct ptksa_cache *ptksa,
|
|||
|
||||
static inline struct ptksa_cache_entry *
|
||||
ptksa_cache_add(struct ptksa_cache *ptksa, const u8 *own_addr, const u8 *addr,
|
||||
u32 cipher, u32 life_time, const struct wpa_ptk *ptk)
|
||||
u32 cipher, u32 life_time, const struct wpa_ptk *ptk,
|
||||
void (*cb)(struct ptksa_cache_entry *e), void *ctx)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -1584,6 +1584,14 @@ static int wpas_pasn_immediate_retry(struct wpa_supplicant *wpa_s,
|
|||
}
|
||||
|
||||
|
||||
static void wpas_pasn_deauth_cb(struct ptksa_cache_entry *entry)
|
||||
{
|
||||
struct wpa_supplicant *wpa_s = entry->ctx;
|
||||
|
||||
wpas_pasn_deauthenticate(wpa_s, entry->own_addr, entry->addr);
|
||||
}
|
||||
|
||||
|
||||
int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
|
||||
const struct ieee80211_mgmt *mgmt, size_t len)
|
||||
{
|
||||
|
@ -1825,7 +1833,9 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
|
|||
wpa_printf(MSG_DEBUG, "PASN: Success sending last frame. Store PTK");
|
||||
|
||||
ptksa_cache_add(wpa_s->ptksa, pasn->own_addr, pasn->bssid,
|
||||
pasn->cipher, dot11RSNAConfigPMKLifetime, &pasn->ptk);
|
||||
pasn->cipher, dot11RSNAConfigPMKLifetime, &pasn->ptk,
|
||||
wpa_s->pasn_params ? wpas_pasn_deauth_cb : NULL,
|
||||
wpa_s->pasn_params ? wpa_s : NULL);
|
||||
|
||||
forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
|
||||
|
||||
|
|
|
@ -1379,7 +1379,7 @@ static void wpa_supplicant_store_ptk(void *ctx, u8 *addr, int cipher,
|
|||
struct wpa_supplicant *wpa_s = ctx;
|
||||
|
||||
ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, addr, cipher, life_time,
|
||||
ptk);
|
||||
ptk, NULL, NULL);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_NO_WPA */
|
||||
|
|
Loading…
Reference in a new issue