SAE: Use open authentication to reassociate for PMKSA caching
For reassociation with the same AP wpa_supplicant attempts to use cached PMKSA. For this purpose PMKID is passed in RSNE in (Re)Association Request frame. In the case of SAE AP, open authentication shall be used during reassociation. Otherwise cached PMKID becomes invalid after full SAE authentication. The previous implementation correctly handles SME-in-wpa_supplicant cases. However SME-in-driver cases, complete SAE authentication is performed. As a result, first reassociation attempt fails. Fix SME-in-driver behavior by reseting authentication algorithm to WPA_AUTH_ALG_OPEN when reassociating with SAE AP with an existing PMKSA cache entry. Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
This commit is contained in:
parent
fe01cd0067
commit
eb3234c07b
1 changed files with 16 additions and 1 deletions
|
@ -2521,6 +2521,9 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
#ifdef CONFIG_MBO
|
#ifdef CONFIG_MBO
|
||||||
const u8 *mbo_ie;
|
const u8 *mbo_ie;
|
||||||
#endif
|
#endif
|
||||||
|
#ifdef CONFIG_SAE
|
||||||
|
int sae_pmksa_cached = 0;
|
||||||
|
#endif /* CONFIG_SAE */
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
const u8 *realm, *username, *rrk;
|
const u8 *realm, *username, *rrk;
|
||||||
size_t realm_len, username_len, rrk_len;
|
size_t realm_len, username_len, rrk_len;
|
||||||
|
@ -2558,8 +2561,12 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
|
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
|
||||||
ssid, try_opportunistic,
|
ssid, try_opportunistic,
|
||||||
cache_id, 0) == 0)
|
cache_id, 0) == 0) {
|
||||||
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
|
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
|
||||||
|
#ifdef CONFIG_SAE
|
||||||
|
sae_pmksa_cached = 1;
|
||||||
|
#endif /* CONFIG_SAE */
|
||||||
|
}
|
||||||
wpa_ie_len = max_wpa_ie_len;
|
wpa_ie_len = max_wpa_ie_len;
|
||||||
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
|
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
|
||||||
wpa_ie, &wpa_ie_len)) {
|
wpa_ie, &wpa_ie_len)) {
|
||||||
|
@ -2672,6 +2679,14 @@ static u8 * wpas_populate_assoc_ies(
|
||||||
"Overriding auth_alg selection: 0x%x", algs);
|
"Overriding auth_alg selection: 0x%x", algs);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_SAE
|
||||||
|
if (sae_pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
|
||||||
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
||||||
|
"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
|
||||||
|
algs = WPA_AUTH_ALG_OPEN;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_SAE */
|
||||||
|
|
||||||
#ifdef CONFIG_P2P
|
#ifdef CONFIG_P2P
|
||||||
if (wpa_s->global->p2p) {
|
if (wpa_s->global->p2p) {
|
||||||
u8 *pos;
|
u8 *pos;
|
||||||
|
|
Loading…
Reference in a new issue