SAE: Use open authentication to reassociate for PMKSA caching

For reassociation with the same AP wpa_supplicant attempts to use cached
PMKSA. For this purpose PMKID is passed in RSNE in (Re)Association
Request frame. In the case of SAE AP, open authentication shall be used
during reassociation. Otherwise cached PMKID becomes invalid after full
SAE authentication.

The previous implementation correctly handles SME-in-wpa_supplicant
cases. However SME-in-driver cases, complete SAE authentication is
performed. As a result, first reassociation attempt fails.

Fix SME-in-driver behavior by reseting authentication algorithm to
WPA_AUTH_ALG_OPEN when reassociating with SAE AP with an existing PMKSA
cache entry.

Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
This commit is contained in:
Sergey Matyukevich 2019-03-29 11:22:32 +00:00 committed by Jouni Malinen
parent fe01cd0067
commit eb3234c07b

View File

@ -2521,6 +2521,9 @@ static u8 * wpas_populate_assoc_ies(
#ifdef CONFIG_MBO
const u8 *mbo_ie;
#endif
#ifdef CONFIG_SAE
int sae_pmksa_cached = 0;
#endif /* CONFIG_SAE */
#ifdef CONFIG_FILS
const u8 *realm, *username, *rrk;
size_t realm_len, username_len, rrk_len;
@ -2558,8 +2561,12 @@ static u8 * wpas_populate_assoc_ies(
#endif /* CONFIG_FILS */
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
ssid, try_opportunistic,
cache_id, 0) == 0)
cache_id, 0) == 0) {
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
#ifdef CONFIG_SAE
sae_pmksa_cached = 1;
#endif /* CONFIG_SAE */
}
wpa_ie_len = max_wpa_ie_len;
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
wpa_ie, &wpa_ie_len)) {
@ -2672,6 +2679,14 @@ static u8 * wpas_populate_assoc_ies(
"Overriding auth_alg selection: 0x%x", algs);
}
#ifdef CONFIG_SAE
if (sae_pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
wpa_dbg(wpa_s, MSG_DEBUG,
"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
algs = WPA_AUTH_ALG_OPEN;
}
#endif /* CONFIG_SAE */
#ifdef CONFIG_P2P
if (wpa_s->global->p2p) {
u8 *pos;