mesh: Add MESH_PMKSA_GET/ADD commands
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.
The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.
The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>
The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180
This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This commit is contained in:
Masashi Honma
Jouni Malinen
parent
117875db33
commit
4d77d80edd
13 changed files with 411 additions and 3 deletions
|
|
@ -3850,6 +3850,58 @@ void wpa_auth_pmksa_flush(struct wpa_authenticator *wpa_auth)
|
|||
}
|
||||
|
||||
|
||||
#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
|
||||
#ifdef CONFIG_MESH
|
||||
|
||||
int wpa_auth_pmksa_list_mesh(struct wpa_authenticator *wpa_auth, const u8 *addr,
|
||||
char *buf, size_t len)
|
||||
{
|
||||
if (!wpa_auth || !wpa_auth->pmksa)
|
||||
return 0;
|
||||
|
||||
return pmksa_cache_auth_list_mesh(wpa_auth->pmksa, addr, buf, len);
|
||||
}
|
||||
|
||||
|
||||
struct rsn_pmksa_cache_entry *
|
||||
wpa_auth_pmksa_create_entry(const u8 *aa, const u8 *spa, const u8 *pmk,
|
||||
const u8 *pmkid, int expiration)
|
||||
{
|
||||
struct rsn_pmksa_cache_entry *entry;
|
||||
struct os_reltime now;
|
||||
|
||||
entry = pmksa_cache_auth_create_entry(pmk, PMK_LEN, pmkid, NULL, 0, aa,
|
||||
spa, 0, NULL, WPA_KEY_MGMT_SAE);
|
||||
if (!entry)
|
||||
return NULL;
|
||||
|
||||
os_get_reltime(&now);
|
||||
entry->expiration = now.sec + expiration;
|
||||
return entry;
|
||||
}
|
||||
|
||||
|
||||
int wpa_auth_pmksa_add_entry(struct wpa_authenticator *wpa_auth,
|
||||
struct rsn_pmksa_cache_entry *entry)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (!wpa_auth || !wpa_auth->pmksa)
|
||||
return -1;
|
||||
|
||||
ret = pmksa_cache_auth_add_entry(wpa_auth->pmksa, entry);
|
||||
if (ret < 0)
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"RSN: Failed to store external PMKSA cache for "
|
||||
MACSTR, MAC2STR(entry->spa));
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_MESH */
|
||||
#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
|
||||
|
||||
|
||||
struct rsn_pmksa_cache_entry *
|
||||
wpa_auth_pmksa_get(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
|
||||
const u8 *pmkid)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue