cfg80211: Configure PMK lifetime and reauth threshold for PMKSA entries
Drivers that trigger roaming need to know the lifetime of the configured PMKSA for deciding whether to trigger the full or PMKSA cache based authentication. The configured PMKSA is invalid after the PMK lifetime has expired and must not be used after that and the STA needs to disassociate if the PMK expires. Hence the STA is expected to refresh the PMK with a full authentication before this happens (e.g., when reassociating to a new BSS the next time or by performing EAPOL reauthentication depending on the AKM) to avoid unnecessary disconnection. The PMK reauthentication threshold is the percentage of the PMK lifetime value and indicates to the driver to trigger a full authentication roam (without PMKSA caching) after the reauthentication threshold time, but before the PMK timer has expired. Authentication methods like SAE need to be able to generate a new PMKSA entry without having to force a disconnection after this threshold timeout. If no roaming occurs between the reauthentication threshold time and PMK lifetime expiration, disassociation is still forced. The new attributes for providing these values correspond to the dot11 MIB variables dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold. This type of functionality is already available in cases where user space component is in control of roaming. This commit extends that same capability into cases where parts or all of this functionality is offloaded to the driver. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Link: https://lore.kernel.org/r/20200312235903.18462-1-jouni@codeaurora.orgSigned-off-by: Johannes Berg <johannes.berg@intel.com>
Showing
Please register or sign in to comment