summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorVeerendranath Jakkam <vjakkam@codeaurora.org>2020-03-13 01:59:03 +0200
committerJohannes Berg <johannes.berg@intel.com>2020-03-20 14:42:20 +0100
commit7fc82af856d6bc26910902f8f42659b162864955 (patch)
treea68276084d910683fc7d02886f3ea589df14e667 /net
parentb255b72bc0376966ab87a3bcf13b2b5c20f8ed85 (diff)
downloadlwn-7fc82af856d6bc26910902f8f42659b162864955.tar.gz
lwn-7fc82af856d6bc26910902f8f42659b162864955.zip
cfg80211: Configure PMK lifetime and reauth threshold for PMKSA entries
Drivers that trigger roaming need to know the lifetime of the configured PMKSA for deciding whether to trigger the full or PMKSA cache based authentication. The configured PMKSA is invalid after the PMK lifetime has expired and must not be used after that and the STA needs to disassociate if the PMK expires. Hence the STA is expected to refresh the PMK with a full authentication before this happens (e.g., when reassociating to a new BSS the next time or by performing EAPOL reauthentication depending on the AKM) to avoid unnecessary disconnection. The PMK reauthentication threshold is the percentage of the PMK lifetime value and indicates to the driver to trigger a full authentication roam (without PMKSA caching) after the reauthentication threshold time, but before the PMK timer has expired. Authentication methods like SAE need to be able to generate a new PMKSA entry without having to force a disconnection after this threshold timeout. If no roaming occurs between the reauthentication threshold time and PMK lifetime expiration, disassociation is still forced. The new attributes for providing these values correspond to the dot11 MIB variables dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold. This type of functionality is already available in cases where user space component is in control of roaming. This commit extends that same capability into cases where parts or all of this functionality is offloaded to the driver. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Link: https://lore.kernel.org/r/20200312235903.18462-1-jouni@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net')
-rw-r--r--net/wireless/nl80211.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 9d01d19a9ec1..bc7d81231547 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -661,6 +661,8 @@ const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
[NL80211_ATTR_TID_CONFIG] =
NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
+ [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
+ [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
};
/* policy for the key attributes */
@@ -10514,6 +10516,15 @@ static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
}
+ if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
+ pmksa.pmk_lifetime =
+ nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
+
+ if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
+ pmksa.pmk_reauth_threshold =
+ nla_get_u8(
+ info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
+
if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
!(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&