FILS: ERP-based PMKSA cache addition on AP
hostapd did not add a new PMKSA cache entry when FILS shared key authentication was used, i.e., only the initial full authentication resulted in a PMKSA cache entry being created. Derive the PMKID for the ERP case as well and add a PMKSA cache entry if the ERP exchange succeeds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
bfe448331f
commit
b3e567c890
2 changed files with 29 additions and 1 deletions
|
|
@ -1229,6 +1229,14 @@ void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
|
|||
wpa_printf(MSG_DEBUG,
|
||||
"FILS: Will send Authentication frame once the response from authentication server is available");
|
||||
sta->flags |= WLAN_STA_PENDING_FILS_ERP;
|
||||
/* Calculate pending PMKID here so that we do not need
|
||||
* to maintain a copy of the EAP-Initiate/Reauth
|
||||
* message. */
|
||||
if (fils_pmkid_erp(wpa_auth_sta_key_mgmt(sta->wpa_sm),
|
||||
elems.fils_wrapped_data,
|
||||
elems.fils_wrapped_data_len,
|
||||
sta->fils_erp_pmkid) == 0)
|
||||
sta->fils_erp_pmkid_set = 1;
|
||||
return;
|
||||
#else /* CONFIG_NO_RADIUS */
|
||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||
|
|
@ -1388,6 +1396,24 @@ prepare_auth_resp_fils(struct hostapd_data *hapd,
|
|||
goto fail;
|
||||
}
|
||||
pmk = pmk_buf;
|
||||
|
||||
if (sta->fils_erp_pmkid_set) {
|
||||
/* TODO: get PMKLifetime from WPA parameters */
|
||||
unsigned int dot11RSNAConfigPMKLifetime = 43200;
|
||||
|
||||
sta->fils_erp_pmkid_set = 0;
|
||||
if (wpa_auth_pmksa_add2(
|
||||
hapd->wpa_auth, sta->addr,
|
||||
pmk, pmk_len,
|
||||
sta->fils_erp_pmkid,
|
||||
sta->session_timeout_set ?
|
||||
sta->session_timeout :
|
||||
dot11RSNAConfigPMKLifetime,
|
||||
wpa_auth_sta_key_mgmt(sta->wpa_sm)) < 0) {
|
||||
wpa_printf(MSG_ERROR,
|
||||
"FILS: Failed to add PMKSA cache entry based on ERP");
|
||||
}
|
||||
}
|
||||
} else if (pmksa) {
|
||||
pmk = pmksa->pmk;
|
||||
pmk_len = pmksa->pmk_len;
|
||||
|
|
|
|||
|
|
@ -12,11 +12,11 @@
|
|||
#ifdef CONFIG_MESH
|
||||
/* needed for mesh_plink_state enum */
|
||||
#include "common/defs.h"
|
||||
#include "common/wpa_common.h"
|
||||
#endif /* CONFIG_MESH */
|
||||
|
||||
#include "list.h"
|
||||
#include "vlan.h"
|
||||
#include "common/wpa_common.h"
|
||||
#include "common/ieee802_11_defs.h"
|
||||
|
||||
/* STA flags */
|
||||
|
|
@ -226,10 +226,12 @@ struct sta_info {
|
|||
#ifdef CONFIG_FILS
|
||||
u8 fils_snonce[FILS_NONCE_LEN];
|
||||
u8 fils_session[FILS_SESSION_LEN];
|
||||
u8 fils_erp_pmkid[PMKID_LEN];
|
||||
u8 *fils_pending_assoc_req;
|
||||
size_t fils_pending_assoc_req_len;
|
||||
unsigned int fils_pending_assoc_is_reassoc:1;
|
||||
unsigned int fils_dhcp_rapid_commit_proxy:1;
|
||||
unsigned int fils_erp_pmkid_set:1;
|
||||
struct wpabuf *fils_hlp_resp;
|
||||
struct wpabuf *hlp_dhcp_discover;
|
||||
void (*fils_pending_cb)(struct hostapd_data *hapd, struct sta_info *sta,
|
||||
|
|
|
|||
Loading…
Reference in a new issue