aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2012-02-04 12:32:35 +0200
committerJouni Malinen <j@w1.fi>2012-02-04 12:32:35 +0200
commit96efeeb66bd8762ab9fccd9fe2b5c3e276ff220c (patch)
tree2747d1dc54f0aa8da5e2771019e578467edf1847 /src/rsn_supp
parentd93dfbd588eb3c16f4ed1b7af825c9c1c9bf7f6d (diff)
downloadexternal_wpa_supplicant_8_ti-96efeeb66bd8762ab9fccd9fe2b5c3e276ff220c.zip
external_wpa_supplicant_8_ti-96efeeb66bd8762ab9fccd9fe2b5c3e276ff220c.tar.gz
external_wpa_supplicant_8_ti-96efeeb66bd8762ab9fccd9fe2b5c3e276ff220c.tar.bz2
Use PMKSA cache entries with only a single network context
When looking for PMKSA cache entries to use with a new association, only accept entries created with the same network block that was used to create the cache entry. Signed-hostap: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/pmksa_cache.c33
-rw-r--r--src/rsn_supp/pmksa_cache.h5
-rw-r--r--src/rsn_supp/preauth.c6
-rw-r--r--src/rsn_supp/wpa.c8
4 files changed, 35 insertions, 17 deletions
diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index 3877efb..8060389 100644
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant - RSN PMKSA cache
- * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2009, 2011-2012, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -99,7 +99,7 @@ static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
entry = pmksa->sm->cur_pmksa ? pmksa->sm->cur_pmksa :
- pmksa_cache_get(pmksa, pmksa->sm->bssid, NULL);
+ pmksa_cache_get(pmksa, pmksa->sm->bssid, NULL, NULL);
if (entry) {
sec = pmksa->pmksa->reauth_time - now.sec;
if (sec < 0)
@@ -228,8 +228,8 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
prev->next = entry;
}
pmksa->pmksa_count++;
- wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
- MAC2STR(entry->aa));
+ wpa_printf(MSG_DEBUG, "RSN: Added PMKSA cache entry for " MACSTR
+ " network_ctx=%p", MAC2STR(entry->aa), network_ctx);
wpa_sm_add_pmkid(pmksa->sm, entry->aa, entry->pmkid);
return entry;
@@ -297,16 +297,19 @@ void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)
* @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
* @aa: Authenticator address or %NULL to match any
* @pmkid: PMKID or %NULL to match any
+ * @network_ctx: Network context or %NULL to match any
* Returns: Pointer to PMKSA cache entry or %NULL if no match was found
*/
struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
- const u8 *aa, const u8 *pmkid)
+ const u8 *aa, const u8 *pmkid,
+ const void *network_ctx)
{
struct rsn_pmksa_cache_entry *entry = pmksa->pmksa;
while (entry) {
if ((aa == NULL || os_memcmp(entry->aa, aa, ETH_ALEN) == 0) &&
(pmkid == NULL ||
- os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0))
+ os_memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0) &&
+ (network_ctx == NULL || network_ctx == entry->network_ctx))
return entry;
entry = entry->next;
}
@@ -410,20 +413,32 @@ int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
int try_opportunistic)
{
struct rsn_pmksa_cache *pmksa = sm->pmksa;
+ wpa_printf(MSG_DEBUG, "RSN: PMKSA cache search - network_ctx=%p "
+ "try_opportunistic=%d", network_ctx, try_opportunistic);
+ if (pmkid)
+ wpa_hexdump(MSG_DEBUG, "RSN: Search for PMKID",
+ pmkid, PMKID_LEN);
+ if (bssid)
+ wpa_printf(MSG_DEBUG, "RSN: Search for BSSID " MACSTR,
+ MAC2STR(bssid));
+
sm->cur_pmksa = NULL;
if (pmkid)
- sm->cur_pmksa = pmksa_cache_get(pmksa, NULL, pmkid);
+ sm->cur_pmksa = pmksa_cache_get(pmksa, NULL, pmkid,
+ network_ctx);
if (sm->cur_pmksa == NULL && bssid)
- sm->cur_pmksa = pmksa_cache_get(pmksa, bssid, NULL);
+ sm->cur_pmksa = pmksa_cache_get(pmksa, bssid, NULL,
+ network_ctx);
if (sm->cur_pmksa == NULL && try_opportunistic && bssid)
sm->cur_pmksa = pmksa_cache_get_opportunistic(pmksa,
network_ctx,
bssid);
if (sm->cur_pmksa) {
- wpa_hexdump(MSG_DEBUG, "RSN: PMKID",
+ wpa_hexdump(MSG_DEBUG, "RSN: PMKSA cache entry found - PMKID",
sm->cur_pmksa->pmkid, PMKID_LEN);
return 0;
}
+ wpa_printf(MSG_DEBUG, "RSN: No PMKSA cache entry found");
return -1;
}
diff --git a/src/rsn_supp/pmksa_cache.h b/src/rsn_supp/pmksa_cache.h
index 840827d..e48d596 100644
--- a/src/rsn_supp/pmksa_cache.h
+++ b/src/rsn_supp/pmksa_cache.h
@@ -1,6 +1,6 @@
/*
* wpa_supplicant - WPA2/RSN PMKSA cache functions
- * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2009, 2011-2012, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -52,7 +52,8 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
void *ctx, struct wpa_sm *sm);
void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
- const u8 *aa, const u8 *pmkid);
+ const u8 *aa, const u8 *pmkid,
+ const void *network_ctx);
int pmksa_cache_list(struct rsn_pmksa_cache *pmksa, char *buf, size_t len);
struct rsn_pmksa_cache_entry *
pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
diff --git a/src/rsn_supp/preauth.c b/src/rsn_supp/preauth.c
index fefca83..7812331 100644
--- a/src/rsn_supp/preauth.c
+++ b/src/rsn_supp/preauth.c
@@ -1,6 +1,6 @@
/*
* RSN pre-authentication (supplicant)
- * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -311,7 +311,7 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm)
dl_list_for_each_safe(candidate, n, &sm->pmksa_candidates,
struct rsn_pmksa_candidate, list) {
struct rsn_pmksa_cache_entry *p = NULL;
- p = pmksa_cache_get(sm->pmksa, candidate->bssid, NULL);
+ p = pmksa_cache_get(sm->pmksa, candidate->bssid, NULL, NULL);
if (os_memcmp(sm->bssid, candidate->bssid, ETH_ALEN) != 0 &&
(p == NULL || p->opportunistic)) {
wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: PMKSA "
@@ -458,7 +458,7 @@ void rsn_preauth_scan_result(struct wpa_sm *sm, const u8 *bssid,
if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie))
return;
- pmksa = pmksa_cache_get(sm->pmksa, bssid, NULL);
+ pmksa = pmksa_cache_get(sm->pmksa, bssid, NULL, NULL);
if (pmksa && (!pmksa->opportunistic ||
!(ie.capabilities & WPA_CAPABILITY_PREAUTH)))
return;
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index f35f9ee..225489e 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant - WPA state machine and EAPOL-Key processing
- * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -151,7 +151,8 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
* not have enough time to get the association information
* event before receiving this 1/4 message, so try to find a
* matching PMKSA cache entry here. */
- sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid);
+ sm->cur_pmksa = pmksa_cache_get(sm->pmksa, src_addr, pmkid,
+ NULL);
if (sm->cur_pmksa) {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"RSN: found matching PMKID from PMKSA cache");
@@ -205,7 +206,8 @@ static int wpa_supplicant_get_pmk(struct wpa_sm *sm,
sm->network_ctx, sm->key_mgmt);
}
if (!sm->cur_pmksa && pmkid &&
- pmksa_cache_get(sm->pmksa, src_addr, pmkid)) {
+ pmksa_cache_get(sm->pmksa, src_addr, pmkid, NULL))
+ {
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
"RSN: the new PMK matches with the "
"PMKID");