aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2019-04-28 13:01:45 (GMT)
committerJouni Malinen <j@w1.fi>2019-04-28 13:01:45 (GMT)
commit9083ef135527cfdfa029a878df441d49285caed4 (patch)
tree59c39f2676727cc3787f7ab9457f3d81669db086
parenta7b7ce82f4a67d8b355525068459dd3013a7bcb0 (diff)
downloadhostap-9083ef135527cfdfa029a878df441d49285caed4.zip
hostap-9083ef135527cfdfa029a878df441d49285caed4.tar.gz
hostap-9083ef135527cfdfa029a878df441d49285caed4.tar.bz2
FT: Allow PMKSA caching to be enabled with FT-EAP
The new wpa_supplicant network profile configuration parameter ft_eap_pmksa_caching=1 can be used to enable use of PMKSA caching with FT-EAP for FT initial mobility domain association. This is still disabled by default (i.e., maintaining previous behavior) to avoid likely interoperability issues. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-rw-r--r--wpa_supplicant/config.c1
-rw-r--r--wpa_supplicant/config_file.c1
-rw-r--r--wpa_supplicant/config_ssid.h10
-rw-r--r--wpa_supplicant/config_winreg.c1
-rw-r--r--wpa_supplicant/wpa_supplicant.c14
-rw-r--r--wpa_supplicant/wpa_supplicant.conf8
6 files changed, 29 insertions, 6 deletions
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 2058175..d33ad9a 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2407,6 +2407,7 @@ static const struct parse_data ssid_fields[] = {
{ INT_RANGE(owe_group, 0, 65535) },
{ INT_RANGE(owe_only, 0, 1) },
{ INT_RANGE(multi_ap_backhaul_sta, 0, 1) },
+ { INT_RANGE(ft_eap_pmksa_caching, 0, 1) },
};
#undef OFFSET
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 26f6ee1..fe5a011 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -894,6 +894,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
INT(owe_group);
INT(owe_only);
INT(multi_ap_backhaul_sta);
+ INT(ft_eap_pmksa_caching);
#ifdef CONFIG_HT_OVERRIDES
INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
INT_DEF(disable_ht40, DEFAULT_DISABLE_HT40);
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 1b2b1f1..37b8183 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -1005,6 +1005,16 @@ struct wpa_ssid {
* 1 = Multi-AP backhaul station
*/
int multi_ap_backhaul_sta;
+
+ /**
+ * ft_eap_pmksa_caching - Whether FT-EAP PMKSA caching is allowed
+ * 0 = do not try to use PMKSA caching with FT-EAP
+ * 1 = try to use PMKSA caching with FT-EAP
+ *
+ * This controls whether to try to use PMKSA caching with FT-EAP for the
+ * FT initial mobility domain association.
+ */
+ int ft_eap_pmksa_caching;
};
#endif /* CONFIG_SSID_H */
diff --git a/wpa_supplicant/config_winreg.c b/wpa_supplicant/config_winreg.c
index 6328e91..3ea5c80 100644
--- a/wpa_supplicant/config_winreg.c
+++ b/wpa_supplicant/config_winreg.c
@@ -946,6 +946,7 @@ static int wpa_config_write_network(HKEY hk, struct wpa_ssid *ssid, int id)
INT(update_identifier);
#endif /* CONFIG_HS20 */
INT(group_rekey);
+ INT(ft_eap_pmksa_caching);
#undef STR
#undef INT
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 2ddd4f2..799e215 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1417,9 +1417,10 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: using KEY_MGMT FT/802.1X-SHA384");
- if (pmksa_cache_get_current(wpa_s->wpa)) {
- /* PMKSA caching with FT is not fully functional, so
- * disable the case for now. */
+ if (!ssid->ft_eap_pmksa_caching &&
+ pmksa_cache_get_current(wpa_s->wpa)) {
+ /* PMKSA caching with FT may have interoperability
+ * issues, so disable that case by default for now. */
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: Disable PMKSA caching for FT/802.1X connection");
pmksa_cache_clear_current(wpa_s->wpa);
@@ -1458,9 +1459,10 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
- if (pmksa_cache_get_current(wpa_s->wpa)) {
- /* PMKSA caching with FT is not fully functional, so
- * disable the case for now. */
+ if (!ssid->ft_eap_pmksa_caching &&
+ pmksa_cache_get_current(wpa_s->wpa)) {
+ /* PMKSA caching with FT may have interoperability
+ * issues, so disable that case by default for now. */
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: Disable PMKSA caching for FT/802.1X connection");
pmksa_cache_clear_current(wpa_s->wpa);
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index a9205f0..842a8db 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -1058,6 +1058,14 @@ fast_reauth=1
# 0 = disabled (default unless changed with the global okc parameter)
# 1 = enabled
#
+# ft_eap_pmksa_caching:
+# Whether FT-EAP PMKSA caching is allowed
+# 0 = do not try to use PMKSA caching with FT-EAP (default)
+# 1 = try to use PMKSA caching with FT-EAP
+# This controls whether to try to use PMKSA caching with FT-EAP for the
+# FT initial mobility domain association.
+#ft_eap_pmksa_caching=0
+#
# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
# hex without quotation, e.g., 0102030405)
# wep_tx_keyidx: Default WEP key index (TX) (0..3)