FILS: Add support for Cache Identifier in add/remove PMKSA

Add support for setting and deleting PMKSA cache entries based on FILS Cache
Identifer. Also additionally add support for sending PMK as part of
SET_PMKSA to enable driver to derive keys in case of FILS shared key
offload using PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

src/rsn_supp/pmksa_cache.c

@@ -44,7 +44,9 @@ static void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
 				   enum pmksa_free_reason reason)
 {
 	wpa_sm_remove_pmkid(pmksa->sm, entry->network_ctx, entry->aa,
-			    entry->pmkid);
+			    entry->pmkid,
+			    entry->fils_cache_id_set ? entry->fils_cache_id :
+			    NULL);
 	pmksa->pmksa_count--;
 	pmksa->free_cb(entry, pmksa->ctx, reason);
 	_pmksa_cache_free_entry(entry);
@@ -263,8 +265,9 @@ pmksa_cache_add_entry(struct rsn_pmksa_cache *pmksa,
 	pmksa->pmksa_count++;
 	wpa_printf(MSG_DEBUG, "RSN: Added PMKSA cache entry for " MACSTR
 		   " network_ctx=%p", MAC2STR(entry->aa), entry->network_ctx);
-	wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa,
-			 entry->pmkid);
+	wpa_sm_add_pmkid(pmksa->sm, entry->network_ctx, entry->aa, entry->pmkid,
+			 entry->fils_cache_id_set ? entry->fils_cache_id : NULL,
+			 entry->pmk, entry->pmk_len);
 
 	return entry;
 }

src/rsn_supp/preauth.c

@@ -342,7 +342,8 @@ void rsn_preauth_candidate_process(struct wpa_sm *sm)
 		/* Some drivers (e.g., NDIS) expect to get notified about the
 		 * PMKIDs again, so report the existing data now. */
 		if (p) {
-			wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid);
+			wpa_sm_add_pmkid(sm, NULL, candidate->bssid, p->pmkid,
+					 NULL, p->pmk, p->pmk_len);
 		}
 
 		dl_list_del(&candidate->list);

src/rsn_supp/wpa.h

@@ -39,9 +39,10 @@ struct wpa_sm_ctx {
 	u8 * (*alloc_eapol)(void *ctx, u8 type, const void *data, u16 data_len,
 			    size_t *msg_len, void **data_pos);
 	int (*add_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
-			 const u8 *pmkid);
+			 const u8 *pmkid, const u8 *fils_cache_id,
+			 const u8 *pmk, size_t pmk_len);
 	int (*remove_pmkid)(void *ctx, void *network_ctx, const u8 *bssid,
-			    const u8 *pmkid);
+			    const u8 *pmkid, const u8 *fils_cache_id);
 	void (*set_config_blob)(void *ctx, struct wpa_config_blob *blob);
 	const struct wpa_config_blob * (*get_config_blob)(void *ctx,
 							  const char *name);

src/rsn_supp/wpa_i.h

@@ -231,17 +231,22 @@ static inline u8 * wpa_sm_alloc_eapol(struct wpa_sm *sm, u8 type,
 }
 
 static inline int wpa_sm_add_pmkid(struct wpa_sm *sm, void *network_ctx,
-				   const u8 *bssid, const u8 *pmkid)
+				   const u8 *bssid, const u8 *pmkid,
+				   const u8 *cache_id, const u8 *pmk,
+				   size_t pmk_len)
 {
 	WPA_ASSERT(sm->ctx->add_pmkid);
-	return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid);
+	return sm->ctx->add_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
+				  cache_id, pmk, pmk_len);
 }
 
 static inline int wpa_sm_remove_pmkid(struct wpa_sm *sm, void *network_ctx,
-				      const u8 *bssid, const u8 *pmkid)
+				      const u8 *bssid, const u8 *pmkid,
+				      const u8 *cache_id)
 {
 	WPA_ASSERT(sm->ctx->remove_pmkid);
-	return sm->ctx->remove_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid);
+	return sm->ctx->remove_pmkid(sm->ctx->ctx, network_ctx, bssid, pmkid,
+				     cache_id);
 }
 
 static inline int wpa_sm_mlme_setprotection(struct wpa_sm *sm, const u8 *addr,

wpa_supplicant/preauth_test.c

@@ -144,7 +144,9 @@ static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
 
 
 static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx,
-				    const u8 *bssid, const u8 *pmkid)
+				    const u8 *bssid, const u8 *pmkid,
+				    const u8 *fils_cache_id,
+				    const u8 *pmk, size_t pmk_len)
 {
 	printf("%s - not implemented\n", __func__);
 	return -1;
@@ -152,7 +154,8 @@ static int wpa_supplicant_add_pmkid(void *wpa_s, void *network_ctx,
 
 
 static int wpa_supplicant_remove_pmkid(void *wpa_s, void *network_ctx,
-				       const u8 *bssid, const u8 *pmkid)
+				       const u8 *bssid, const u8 *pmkid,
+				       const u8 *fils_cache_id)
 {
 	printf("%s - not implemented\n", __func__);
 	return -1;

wpa_supplicant/wpas_glue.c

@@ -530,7 +530,9 @@ static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s,
 
 
 static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
-				    const u8 *bssid, const u8 *pmkid)
+				    const u8 *bssid, const u8 *pmkid,
+				    const u8 *fils_cache_id,
+				    const u8 *pmk, size_t pmk_len)
 {
 	struct wpa_supplicant *wpa_s = _wpa_s;
 	struct wpa_ssid *ssid;
@@ -541,15 +543,25 @@ static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
 	if (ssid)
 		wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d",
 			MAC2STR(bssid), ssid->id);
-	params.bssid = bssid;
+	if (ssid && fils_cache_id) {
+		params.ssid = ssid->ssid;
+		params.ssid_len = ssid->ssid_len;
+		params.fils_cache_id = fils_cache_id;
+	} else {
+		params.bssid = bssid;
+	}
+
 	params.pmkid = pmkid;
+	params.pmk = pmk;
+	params.pmk_len = pmk_len;
 
 	return wpa_drv_add_pmkid(wpa_s, &params);
 }
 
 
 static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx,
-				       const u8 *bssid, const u8 *pmkid)
+				       const u8 *bssid, const u8 *pmkid,
+				       const u8 *fils_cache_id)
 {
 	struct wpa_supplicant *wpa_s = _wpa_s;
 	struct wpa_ssid *ssid;
@@ -560,8 +572,14 @@ static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx,
 	if (ssid)
 		wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_REMOVED MACSTR " %d",
 			MAC2STR(bssid), ssid->id);
+	if (ssid && fils_cache_id) {
+		params.ssid = ssid->ssid;
+		params.ssid_len = ssid->ssid_len;
+		params.fils_cache_id = fils_cache_id;
+	} else {
+		params.bssid = bssid;
+	}
 
-	params.bssid = bssid;
 	params.pmkid = pmkid;
 
 	return wpa_drv_remove_pmkid(wpa_s, &params);