Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_external_wpa_supplicant_8 / 4222acc18956f08b74fcaa7fe2b499a77f742adb^! / .
commit4222acc18956f08b74fcaa7fe2b499a77f742adb[log] [tgz]
authorVinayak Yadawad <vinayak.yadawad@broadcom.com>Fri Dec 15 17:39:27 2023 +0530
committerSunil Ravi <sunilravi@google.com>Sun Jan 14 19:28:58 2024 +0000
tree5fc6b8ac82f03a9823508931e91b0602eb70534d
parentc538df93bf284be02366ad19998b12fc3c2b916b [diff]
Handle PMKSA flush in the driver for SAE/OWE offload cases

For wpa_supplicant based SAE/OWE connection, the wpa_supplicant state
machine is aware of the PMKID created for a connection and this gets
removed when "REMOVE_NETWORK all" is called. However, when SAE/OWE
offload is enabled, wpa_supplicant is not aware of the PMKID generated
by the driver/firmware. So add PMKSA del indication to the driver from
remove_network context so that the driver can free PMKs associated with
the SSID.

Bug: 319845133
Test: Connected to WPA3 AP and confirmed from logs that PMK caching
logic works.

Change-Id: I03424b1e3597d6abb56c93886805edea27e13f0e
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>

diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index c296903..a1746da 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c

@@ -471,8 +471,21 @@
 	if (wpa_s->sme.ext_auth_wpa_ssid == ssid)
 		wpa_s->sme.ext_auth_wpa_ssid = NULL;
 #endif /* CONFIG_SME && CONFIG_SAE */
-	if (wpa_s->wpa)
+	if (wpa_s->wpa) {
+		if ((wpa_key_mgmt_sae(ssid->key_mgmt) &&
+		     (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA)) ||
+		    ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
+		     (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_STA))) {
+			/* For cases when PMK is generated at the driver */
+			struct wpa_pmkid_params params;
+
+			os_memset(&params, 0, sizeof(params));
+			params.ssid = ssid->ssid;
+			params.ssid_len = ssid->ssid_len;
+			wpa_drv_remove_pmkid(wpa_s, &params);
+		}
 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
+	}
 	if (!ssid->p2p_group && wpa_s->global->p2p_group_formation != wpa_s &&
 	    !wpa_s->p2p_mgmt) {
 		wpas_dbus_unregister_network(wpa_s, ssid->id);

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 517d37f..6e34e87 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c

@@ -4750,6 +4750,11 @@
 {
 	struct wpa_ssid *ssid;
 
+	if (wpa_s->drv_flags2 &
+	    (WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA |
+	     WPA_DRIVER_FLAGS2_OWE_OFFLOAD_STA))
+		wpa_drv_flush_pmkid(wpa_s);
+
 	if (wpa_s->sched_scanning)
 		wpa_supplicant_cancel_sched_scan(wpa_s);