Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE 802.11w/D6.0. In addition, the RSN IE capability field values for MFP is replaced with the new two-bit version with MFPC (capable) and MFPR (required) processing.
This commit is contained in:
parent
b3f240bc0e
commit
0b60b0aaad
7 changed files with 43 additions and 17 deletions
|
@ -208,8 +208,11 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
|||
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
|
||||
}
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (conf->ieee80211w != WPA_NO_IEEE80211W)
|
||||
capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
|
||||
if (conf->ieee80211w != WPA_NO_IEEE80211W) {
|
||||
capab |= WPA_CAPABILITY_MFPC;
|
||||
if (conf->ieee80211w == IEEE80211W_REQUIRED)
|
||||
capab |= WPA_CAPABILITY_MFPR;
|
||||
}
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
WPA_PUT_LE16(pos, capab);
|
||||
pos += 2;
|
||||
|
@ -580,8 +583,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
|||
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) {
|
||||
if (!(data.capabilities &
|
||||
WPA_CAPABILITY_MGMT_FRAME_PROTECTION)) {
|
||||
if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
|
||||
wpa_printf(MSG_DEBUG, "Management frame protection "
|
||||
"required, but client did not enable it");
|
||||
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
|
||||
|
@ -601,7 +603,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
|||
}
|
||||
|
||||
if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W ||
|
||||
!(data.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
|
||||
!(data.capabilities & WPA_CAPABILITY_MFPC))
|
||||
sm->mgmt_frame_prot = 0;
|
||||
else
|
||||
sm->mgmt_frame_prot = 1;
|
||||
|
|
|
@ -92,7 +92,7 @@
|
|||
#define WLAN_CAPABILITY_SHORT_SLOT_TIME BIT(10)
|
||||
#define WLAN_CAPABILITY_DSSS_OFDM BIT(13)
|
||||
|
||||
/* Status codes */
|
||||
/* Status codes (IEEE 802.11-2007, 7.3.1.9, Table 7-23) */
|
||||
#define WLAN_STATUS_SUCCESS 0
|
||||
#define WLAN_STATUS_UNSPECIFIED_FAILURE 1
|
||||
#define WLAN_STATUS_CAPS_UNSUPPORTED 10
|
||||
|
@ -112,10 +112,12 @@
|
|||
#define WLAN_STATUS_SPEC_MGMT_REQUIRED 22
|
||||
#define WLAN_STATUS_PWR_CAPABILITY_NOT_VALID 23
|
||||
#define WLAN_STATUS_SUPPORTED_CHANNEL_NOT_VALID 24
|
||||
/* 802.11g */
|
||||
/* IEEE 802.11g */
|
||||
#define WLAN_STATUS_ASSOC_DENIED_NO_SHORT_SLOT_TIME 25
|
||||
#define WLAN_STATUS_ASSOC_DENIED_NO_ER_PBCC 26
|
||||
#define WLAN_STATUS_ASSOC_DENIED_NO_DSSS_OFDM 27
|
||||
/* IEEE 802.11w */
|
||||
#define WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY 30
|
||||
/* IEEE 802.11i */
|
||||
#define WLAN_STATUS_INVALID_IE 40
|
||||
#define WLAN_STATUS_GROUP_CIPHER_NOT_VALID 41
|
||||
|
@ -136,7 +138,7 @@
|
|||
#define WLAN_STATUS_INVALID_MDIE 55
|
||||
#define WLAN_STATUS_INVALID_FTIE 56
|
||||
|
||||
/* Reason codes */
|
||||
/* Reason codes (IEEE 802.11-2007, 7.3.1.7, Table 7-22) */
|
||||
#define WLAN_REASON_UNSPECIFIED 1
|
||||
#define WLAN_REASON_PREV_AUTH_NOT_VALID 2
|
||||
#define WLAN_REASON_DEAUTH_LEAVING 3
|
||||
|
@ -146,7 +148,7 @@
|
|||
#define WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA 7
|
||||
#define WLAN_REASON_DISASSOC_STA_HAS_LEFT 8
|
||||
#define WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH 9
|
||||
/* 802.11h */
|
||||
/* IEEE 802.11h */
|
||||
#define WLAN_REASON_PWR_CAPABILITY_NOT_VALID 10
|
||||
#define WLAN_REASON_SUPPORTED_CHANNEL_NOT_VALID 11
|
||||
/* IEEE 802.11i */
|
||||
|
@ -162,6 +164,9 @@
|
|||
#define WLAN_REASON_INVALID_RSN_IE_CAPAB 22
|
||||
#define WLAN_REASON_IEEE_802_1X_AUTH_FAILED 23
|
||||
#define WLAN_REASON_CIPHER_SUITE_REJECTED 24
|
||||
/* IEEE 802.11w */
|
||||
#define WLAN_REASON_INVALID_GROUP_MGMT_CIPHER 25
|
||||
#define WLAN_REASON_ROBUST_MGMT_FRAME_POLICY_VIOLATION 26
|
||||
|
||||
|
||||
/* Information Element IDs */
|
||||
|
@ -199,16 +204,19 @@
|
|||
#define WLAN_EID_20_40_BSS_COEXISTENCE 72
|
||||
#define WLAN_EID_20_40_BSS_INTOLERANT 73
|
||||
#define WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS 74
|
||||
#define WLAN_EID_MMIE 76
|
||||
#define WLAN_EID_ASSOC_COMEBACK_TIME 77
|
||||
#define WLAN_EID_VENDOR_SPECIFIC 221
|
||||
|
||||
|
||||
/* Action frame categories */
|
||||
/* Action frame categories (IEEE 802.11-2007, 7.3.1.11, Table 7-24) */
|
||||
#define WLAN_ACTION_SPECTRUM_MGMT 0
|
||||
#define WLAN_ACTION_QOS 1
|
||||
#define WLAN_ACTION_DLS 2
|
||||
#define WLAN_ACTION_BLOCK_ACK 3
|
||||
#define WLAN_ACTION_RADIO_MEASUREMENT 5
|
||||
#define WLAN_ACTION_FT 6
|
||||
#define WLAN_ACTION_PING 8
|
||||
|
||||
|
||||
#ifdef _MSC_VER
|
||||
|
@ -306,6 +314,14 @@ struct ieee80211_mgmt {
|
|||
le16 status_code;
|
||||
u8 variable[0]; /* FT Request */
|
||||
} STRUCT_PACKED ft_action_resp;
|
||||
struct {
|
||||
u8 action;
|
||||
u8 transaction_id[16];
|
||||
} STRUCT_PACKED ping_req;
|
||||
struct {
|
||||
u8 action;
|
||||
u8 transaction_id[16];
|
||||
} STRUCT_PACKED ping_resp;
|
||||
} u;
|
||||
} STRUCT_PACKED action;
|
||||
} u;
|
||||
|
|
|
@ -54,6 +54,9 @@
|
|||
#define RSN_AUTH_KEY_MGMT_FT_802_1X RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
|
||||
#define RSN_AUTH_KEY_MGMT_FT_PSK RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
#define RSN_AUTH_KEY_MGMT_802_1X_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
|
||||
#define RSN_AUTH_KEY_MGMT_PSK_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
|
||||
|
||||
#define RSN_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x0f, 0xac, 0)
|
||||
#define RSN_CIPHER_SUITE_WEP40 RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
|
||||
#define RSN_CIPHER_SUITE_TKIP RSN_SELECTOR(0x00, 0x0f, 0xac, 2)
|
||||
|
@ -107,7 +110,11 @@
|
|||
|
||||
/* IEEE 802.11, 7.3.2.25.3 RSN Capabilities */
|
||||
#define WPA_CAPABILITY_PREAUTH BIT(0)
|
||||
#define WPA_CAPABILITY_MGMT_FRAME_PROTECTION BIT(7)
|
||||
#define WPA_CAPABILITY_NO_PAIRWISE BIT(1)
|
||||
/* B2-B3: PTKSA Replay Counter */
|
||||
/* B4-B5: GTKSA Replay Counter */
|
||||
#define WPA_CAPABILITY_MFPR BIT(6)
|
||||
#define WPA_CAPABILITY_MFPC BIT(7)
|
||||
#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9)
|
||||
|
||||
|
||||
|
@ -273,6 +280,7 @@ struct rsn_ftie {
|
|||
#define FTIE_SUBELEM_R1KH_ID 1
|
||||
#define FTIE_SUBELEM_GTK 2
|
||||
#define FTIE_SUBELEM_R0KH_ID 3
|
||||
#define FTIE_SUBELEM_IGTK 4
|
||||
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
|
||||
|
|
|
@ -193,7 +193,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
|
|||
capab = 0;
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
|
||||
capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
|
||||
capab |= WPA_CAPABILITY_MFPC;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
WPA_PUT_LE16(pos, capab);
|
||||
pos += 2;
|
||||
|
|
|
@ -327,7 +327,7 @@ static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
|
|||
capab = 0;
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
|
||||
capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
|
||||
capab |= WPA_CAPABILITY_MFPC;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
WPA_PUT_LE16(pos, capab);
|
||||
pos += 2;
|
||||
|
|
|
@ -309,8 +309,8 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_ssid *ssid,
|
|||
}
|
||||
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (!(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION)
|
||||
&& ssid->ieee80211w == IEEE80211W_REQUIRED) {
|
||||
if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
|
||||
ssid->ieee80211w == IEEE80211W_REQUIRED) {
|
||||
wpa_printf(MSG_DEBUG, " skip RSN IE - no mgmt frame "
|
||||
"protection");
|
||||
break;
|
||||
|
|
|
@ -676,7 +676,7 @@ static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
|
|||
}
|
||||
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (!(ie->capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION) &&
|
||||
if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
|
||||
ssid->ieee80211w == IEEE80211W_REQUIRED) {
|
||||
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
|
||||
"that does not support management frame protection - "
|
||||
|
@ -845,7 +845,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
|||
#ifdef CONFIG_IEEE80211W
|
||||
sel = ie.mgmt_group_cipher;
|
||||
if (ssid->ieee80211w == NO_IEEE80211W ||
|
||||
!(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
|
||||
!(ie.capabilities & WPA_CAPABILITY_MFPC))
|
||||
sel = 0;
|
||||
if (sel & WPA_CIPHER_AES_128_CMAC) {
|
||||
wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
|
||||
|
|
Loading…
Reference in a new issue