mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 10:54:03 -05:00
FT: Allow PMKSA caching to be enabled with FT-EAP
The new wpa_supplicant network profile configuration parameter ft_eap_pmksa_caching=1 can be used to enable use of PMKSA caching with FT-EAP for FT initial mobility domain association. This is still disabled by default (i.e., maintaining previous behavior) to avoid likely interoperability issues. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
a7b7ce82f4
commit
9083ef1355
@ -2407,6 +2407,7 @@ static const struct parse_data ssid_fields[] = {
|
||||
{ INT_RANGE(owe_group, 0, 65535) },
|
||||
{ INT_RANGE(owe_only, 0, 1) },
|
||||
{ INT_RANGE(multi_ap_backhaul_sta, 0, 1) },
|
||||
{ INT_RANGE(ft_eap_pmksa_caching, 0, 1) },
|
||||
};
|
||||
|
||||
#undef OFFSET
|
||||
|
@ -894,6 +894,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
|
||||
INT(owe_group);
|
||||
INT(owe_only);
|
||||
INT(multi_ap_backhaul_sta);
|
||||
INT(ft_eap_pmksa_caching);
|
||||
#ifdef CONFIG_HT_OVERRIDES
|
||||
INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
|
||||
INT_DEF(disable_ht40, DEFAULT_DISABLE_HT40);
|
||||
|
@ -1005,6 +1005,16 @@ struct wpa_ssid {
|
||||
* 1 = Multi-AP backhaul station
|
||||
*/
|
||||
int multi_ap_backhaul_sta;
|
||||
|
||||
/**
|
||||
* ft_eap_pmksa_caching - Whether FT-EAP PMKSA caching is allowed
|
||||
* 0 = do not try to use PMKSA caching with FT-EAP
|
||||
* 1 = try to use PMKSA caching with FT-EAP
|
||||
*
|
||||
* This controls whether to try to use PMKSA caching with FT-EAP for the
|
||||
* FT initial mobility domain association.
|
||||
*/
|
||||
int ft_eap_pmksa_caching;
|
||||
};
|
||||
|
||||
#endif /* CONFIG_SSID_H */
|
||||
|
@ -946,6 +946,7 @@ static int wpa_config_write_network(HKEY hk, struct wpa_ssid *ssid, int id)
|
||||
INT(update_identifier);
|
||||
#endif /* CONFIG_HS20 */
|
||||
INT(group_rekey);
|
||||
INT(ft_eap_pmksa_caching);
|
||||
|
||||
#undef STR
|
||||
#undef INT
|
||||
|
@ -1417,9 +1417,10 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG,
|
||||
"WPA: using KEY_MGMT FT/802.1X-SHA384");
|
||||
if (pmksa_cache_get_current(wpa_s->wpa)) {
|
||||
/* PMKSA caching with FT is not fully functional, so
|
||||
* disable the case for now. */
|
||||
if (!ssid->ft_eap_pmksa_caching &&
|
||||
pmksa_cache_get_current(wpa_s->wpa)) {
|
||||
/* PMKSA caching with FT may have interoperability
|
||||
* issues, so disable that case by default for now. */
|
||||
wpa_dbg(wpa_s, MSG_DEBUG,
|
||||
"WPA: Disable PMKSA caching for FT/802.1X connection");
|
||||
pmksa_cache_clear_current(wpa_s->wpa);
|
||||
@ -1458,9 +1459,10 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
|
||||
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
|
||||
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
|
||||
if (pmksa_cache_get_current(wpa_s->wpa)) {
|
||||
/* PMKSA caching with FT is not fully functional, so
|
||||
* disable the case for now. */
|
||||
if (!ssid->ft_eap_pmksa_caching &&
|
||||
pmksa_cache_get_current(wpa_s->wpa)) {
|
||||
/* PMKSA caching with FT may have interoperability
|
||||
* issues, so disable that case by default for now. */
|
||||
wpa_dbg(wpa_s, MSG_DEBUG,
|
||||
"WPA: Disable PMKSA caching for FT/802.1X connection");
|
||||
pmksa_cache_clear_current(wpa_s->wpa);
|
||||
|
@ -1058,6 +1058,14 @@ fast_reauth=1
|
||||
# 0 = disabled (default unless changed with the global okc parameter)
|
||||
# 1 = enabled
|
||||
#
|
||||
# ft_eap_pmksa_caching:
|
||||
# Whether FT-EAP PMKSA caching is allowed
|
||||
# 0 = do not try to use PMKSA caching with FT-EAP (default)
|
||||
# 1 = try to use PMKSA caching with FT-EAP
|
||||
# This controls whether to try to use PMKSA caching with FT-EAP for the
|
||||
# FT initial mobility domain association.
|
||||
#ft_eap_pmksa_caching=0
|
||||
#
|
||||
# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. "abcde" or
|
||||
# hex without quotation, e.g., 0102030405)
|
||||
# wep_tx_keyidx: Default WEP key index (TX) (0..3)
|
||||
|
Loading…
Reference in New Issue
Block a user