FILS: Use FILS auth alg when connecting using PMKSA caching
When a PMKSA cache entry is available and used for connection with FILS key management suite, use FILS authentication algorithm for connection even if ERP keys are not available. This scenario may happen when applications using wpa_supplicant cache persistently only PMKSA but not ERP keys and reconfigures wpa_supplicant with PMKSA cache after restarting wpa_supplicant. The previous implementation correctly handles SME-in-wpa_supplicant cases. However, SME-in-driver cases, complete FILS authentication without PMKSA caching is performed. Fix SME-in-driver behavior by setting authentication algorithm to WPA_AUTH_ALG_FILS when connecting to a FILS AP using PMKSA caching. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
70b80c31f9
commit
d0819a11cc
1 changed files with 11 additions and 7 deletions
|
@ -2752,9 +2752,9 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
#ifdef CONFIG_MBO
|
#ifdef CONFIG_MBO
|
||||||
const u8 *mbo_ie;
|
const u8 *mbo_ie;
|
||||||
#endif
|
#endif
|
||||||
#ifdef CONFIG_SAE
|
#if defined(CONFIG_SAE) || defined(CONFIG_FILS)
|
||||||
int sae_pmksa_cached = 0;
|
int pmksa_cached = 0;
|
||||||
#endif /* CONFIG_SAE */
|
#endif /* CONFIG_SAE || CONFIG_FILS */
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
const u8 *realm, *username, *rrk;
|
const u8 *realm, *username, *rrk;
|
||||||
size_t realm_len, username_len, rrk_len;
|
size_t realm_len, username_len, rrk_len;
|
||||||
|
@ -2794,9 +2794,9 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
ssid, try_opportunistic,
|
ssid, try_opportunistic,
|
||||||
cache_id, 0) == 0) {
|
cache_id, 0) == 0) {
|
||||||
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
|
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
|
||||||
#ifdef CONFIG_SAE
|
#if defined(CONFIG_SAE) || defined(CONFIG_FILS)
|
||||||
sae_pmksa_cached = 1;
|
pmksa_cached = 1;
|
||||||
#endif /* CONFIG_SAE */
|
#endif /* CONFIG_SAE || CONFIG_FILS */
|
||||||
}
|
}
|
||||||
wpa_ie_len = max_wpa_ie_len;
|
wpa_ie_len = max_wpa_ie_len;
|
||||||
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
|
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
|
||||||
|
@ -2895,6 +2895,10 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
|
|
||||||
if (mask)
|
if (mask)
|
||||||
*mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
|
*mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
|
||||||
|
} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
|
||||||
|
ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
|
||||||
|
pmksa_cached) {
|
||||||
|
algs = WPA_AUTH_ALG_FILS;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
#endif /* IEEE8021X_EAPOL */
|
#endif /* IEEE8021X_EAPOL */
|
||||||
|
@ -2911,7 +2915,7 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_SAE
|
#ifdef CONFIG_SAE
|
||||||
if (sae_pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
|
if (pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
|
||||||
wpa_dbg(wpa_s, MSG_DEBUG,
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
||||||
"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
|
"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
|
||||||
algs = WPA_AUTH_ALG_OPEN;
|
algs = WPA_AUTH_ALG_OPEN;
|
||||||
|
|
Loading…
Reference in a new issue