Handling pmk addition in supplicant cache for 80211x connections

Fix conneciton issue seen with 8021x obsolete credential

Supplicant presently doesn't delete the PMKSA for 4way handshake
offload enabled drivers for 8021X cases. This is beacuse there is
no entry present in wpa_supplicant cache as the PMKSA cache add is
triggered only from EAPOL M1 (1/4) packet process context and hence
happens only for supplicant based 4way handshake. This patch invokes
set_pmk API so that a cache entry is made at the supplicant level.


Bug: 310053150
Test: basic security test

Change-Id: I4b2289fcc9366207db60c8e9ed7dbc3a3860dc8a
Merged-In: I4b2289fcc9366207db60c8e9ed7dbc3a3860dc8a
Signed-off-by: Dennis Jeon <dennis.jeon@broadcom.corp-partner.google.com>
(cherry picked from commit 67e32eafde92be18cfc373cf5bf284cfe96df130)
diff --git a/src/rsn_supp/pmksa_cache.c b/src/rsn_supp/pmksa_cache.c
index e7b4d54..eb434fa 100644
--- a/src/rsn_supp/pmksa_cache.c
+++ b/src/rsn_supp/pmksa_cache.c
@@ -224,22 +224,22 @@
 	if (pmk_len > PMK_LEN_MAX)
 		return NULL;
 
-	if (wpa_key_mgmt_suite_b(akmp) && !kck)
-		return NULL;
-
 	entry = os_zalloc(sizeof(*entry));
 	if (entry == NULL)
 		return NULL;
 	os_memcpy(entry->pmk, pmk, pmk_len);
 	entry->pmk_len = pmk_len;
-	if (pmkid)
-		os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
-	else if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
-		rsn_pmkid_suite_b_192(kck, kck_len, aa, spa, entry->pmkid);
-	else if (wpa_key_mgmt_suite_b(akmp))
-		rsn_pmkid_suite_b(kck, kck_len, aa, spa, entry->pmkid);
-	else
-		rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid, akmp);
+	if (pmkid) {
+ 		os_memcpy(entry->pmkid, pmkid, PMKID_LEN);
+	} else if (akmp == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+		if (kck)
+			rsn_pmkid_suite_b_192(kck, kck_len, aa, spa, entry->pmkid);
+	} else if (wpa_key_mgmt_suite_b(akmp)) {
+		if (kck)
+			rsn_pmkid_suite_b(kck, kck_len, aa, spa, entry->pmkid);
+	} else {
+ 		rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid, akmp);
+	}
 	os_get_reltime(&now);
 	if (pmksa->sm) {
 		pmk_lifetime = pmksa->sm->dot11RSNAConfigPMKLifetime;
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index bba7777..0047531 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -380,6 +380,12 @@
 		wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");
 	}
 
+	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) {
+		/* Add PMKSA cache entry */
+		wpa_printf(MSG_INFO, "add pmksa entry for the PMK");
+		wpa_sm_set_pmk(wpa_s->wpa, pmk, pmk_len, NULL, wpa_sm_get_auth_addr(wpa_s->wpa));
+	}
+
 	wpa_supplicant_cancel_scan(wpa_s);
 	wpa_supplicant_cancel_auth_timeout(wpa_s);
 	wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);