Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR

This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
This commit is contained in:
Jouni Malinen 2008-08-30 14:59:39 +03:00
parent b3f240bc0e
commit 0b60b0aaad
7 changed files with 43 additions and 17 deletions

View file

@ -208,8 +208,11 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
}
#ifdef CONFIG_IEEE80211W
if (conf->ieee80211w != WPA_NO_IEEE80211W)
capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
if (conf->ieee80211w != WPA_NO_IEEE80211W) {
capab |= WPA_CAPABILITY_MFPC;
if (conf->ieee80211w == IEEE80211W_REQUIRED)
capab |= WPA_CAPABILITY_MFPR;
}
#endif /* CONFIG_IEEE80211W */
WPA_PUT_LE16(pos, capab);
pos += 2;
@ -580,8 +583,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
#ifdef CONFIG_IEEE80211W
if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) {
if (!(data.capabilities &
WPA_CAPABILITY_MGMT_FRAME_PROTECTION)) {
if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
wpa_printf(MSG_DEBUG, "Management frame protection "
"required, but client did not enable it");
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
@ -601,7 +603,7 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
}
if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W ||
!(data.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
!(data.capabilities & WPA_CAPABILITY_MFPC))
sm->mgmt_frame_prot = 0;
else
sm->mgmt_frame_prot = 1;

View file

@ -92,7 +92,7 @@
#define WLAN_CAPABILITY_SHORT_SLOT_TIME BIT(10)
#define WLAN_CAPABILITY_DSSS_OFDM BIT(13)
/* Status codes */
/* Status codes (IEEE 802.11-2007, 7.3.1.9, Table 7-23) */
#define WLAN_STATUS_SUCCESS 0
#define WLAN_STATUS_UNSPECIFIED_FAILURE 1
#define WLAN_STATUS_CAPS_UNSUPPORTED 10
@ -112,10 +112,12 @@
#define WLAN_STATUS_SPEC_MGMT_REQUIRED 22
#define WLAN_STATUS_PWR_CAPABILITY_NOT_VALID 23
#define WLAN_STATUS_SUPPORTED_CHANNEL_NOT_VALID 24
/* 802.11g */
/* IEEE 802.11g */
#define WLAN_STATUS_ASSOC_DENIED_NO_SHORT_SLOT_TIME 25
#define WLAN_STATUS_ASSOC_DENIED_NO_ER_PBCC 26
#define WLAN_STATUS_ASSOC_DENIED_NO_DSSS_OFDM 27
/* IEEE 802.11w */
#define WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY 30
/* IEEE 802.11i */
#define WLAN_STATUS_INVALID_IE 40
#define WLAN_STATUS_GROUP_CIPHER_NOT_VALID 41
@ -136,7 +138,7 @@
#define WLAN_STATUS_INVALID_MDIE 55
#define WLAN_STATUS_INVALID_FTIE 56
/* Reason codes */
/* Reason codes (IEEE 802.11-2007, 7.3.1.7, Table 7-22) */
#define WLAN_REASON_UNSPECIFIED 1
#define WLAN_REASON_PREV_AUTH_NOT_VALID 2
#define WLAN_REASON_DEAUTH_LEAVING 3
@ -146,7 +148,7 @@
#define WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA 7
#define WLAN_REASON_DISASSOC_STA_HAS_LEFT 8
#define WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH 9
/* 802.11h */
/* IEEE 802.11h */
#define WLAN_REASON_PWR_CAPABILITY_NOT_VALID 10
#define WLAN_REASON_SUPPORTED_CHANNEL_NOT_VALID 11
/* IEEE 802.11i */
@ -162,6 +164,9 @@
#define WLAN_REASON_INVALID_RSN_IE_CAPAB 22
#define WLAN_REASON_IEEE_802_1X_AUTH_FAILED 23
#define WLAN_REASON_CIPHER_SUITE_REJECTED 24
/* IEEE 802.11w */
#define WLAN_REASON_INVALID_GROUP_MGMT_CIPHER 25
#define WLAN_REASON_ROBUST_MGMT_FRAME_POLICY_VIOLATION 26
/* Information Element IDs */
@ -199,16 +204,19 @@
#define WLAN_EID_20_40_BSS_COEXISTENCE 72
#define WLAN_EID_20_40_BSS_INTOLERANT 73
#define WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS 74
#define WLAN_EID_MMIE 76
#define WLAN_EID_ASSOC_COMEBACK_TIME 77
#define WLAN_EID_VENDOR_SPECIFIC 221
/* Action frame categories */
/* Action frame categories (IEEE 802.11-2007, 7.3.1.11, Table 7-24) */
#define WLAN_ACTION_SPECTRUM_MGMT 0
#define WLAN_ACTION_QOS 1
#define WLAN_ACTION_DLS 2
#define WLAN_ACTION_BLOCK_ACK 3
#define WLAN_ACTION_RADIO_MEASUREMENT 5
#define WLAN_ACTION_FT 6
#define WLAN_ACTION_PING 8
#ifdef _MSC_VER
@ -306,6 +314,14 @@ struct ieee80211_mgmt {
le16 status_code;
u8 variable[0]; /* FT Request */
} STRUCT_PACKED ft_action_resp;
struct {
u8 action;
u8 transaction_id[16];
} STRUCT_PACKED ping_req;
struct {
u8 action;
u8 transaction_id[16];
} STRUCT_PACKED ping_resp;
} u;
} STRUCT_PACKED action;
} u;

View file

@ -54,6 +54,9 @@
#define RSN_AUTH_KEY_MGMT_FT_802_1X RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
#define RSN_AUTH_KEY_MGMT_FT_PSK RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
#endif /* CONFIG_IEEE80211R */
#define RSN_AUTH_KEY_MGMT_802_1X_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
#define RSN_AUTH_KEY_MGMT_PSK_SHA256 RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
#define RSN_CIPHER_SUITE_NONE RSN_SELECTOR(0x00, 0x0f, 0xac, 0)
#define RSN_CIPHER_SUITE_WEP40 RSN_SELECTOR(0x00, 0x0f, 0xac, 1)
#define RSN_CIPHER_SUITE_TKIP RSN_SELECTOR(0x00, 0x0f, 0xac, 2)
@ -107,7 +110,11 @@
/* IEEE 802.11, 7.3.2.25.3 RSN Capabilities */
#define WPA_CAPABILITY_PREAUTH BIT(0)
#define WPA_CAPABILITY_MGMT_FRAME_PROTECTION BIT(7)
#define WPA_CAPABILITY_NO_PAIRWISE BIT(1)
/* B2-B3: PTKSA Replay Counter */
/* B4-B5: GTKSA Replay Counter */
#define WPA_CAPABILITY_MFPR BIT(6)
#define WPA_CAPABILITY_MFPC BIT(7)
#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9)
@ -273,6 +280,7 @@ struct rsn_ftie {
#define FTIE_SUBELEM_R1KH_ID 1
#define FTIE_SUBELEM_GTK 2
#define FTIE_SUBELEM_R0KH_ID 3
#define FTIE_SUBELEM_IGTK 4
#endif /* CONFIG_IEEE80211R */

View file

@ -193,7 +193,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
capab = 0;
#ifdef CONFIG_IEEE80211W
if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
capab |= WPA_CAPABILITY_MFPC;
#endif /* CONFIG_IEEE80211W */
WPA_PUT_LE16(pos, capab);
pos += 2;

View file

@ -327,7 +327,7 @@ static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
capab = 0;
#ifdef CONFIG_IEEE80211W
if (mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC)
capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION;
capab |= WPA_CAPABILITY_MFPC;
#endif /* CONFIG_IEEE80211W */
WPA_PUT_LE16(pos, capab);
pos += 2;

View file

@ -309,8 +309,8 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_ssid *ssid,
}
#ifdef CONFIG_IEEE80211W
if (!(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION)
&& ssid->ieee80211w == IEEE80211W_REQUIRED) {
if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
ssid->ieee80211w == IEEE80211W_REQUIRED) {
wpa_printf(MSG_DEBUG, " skip RSN IE - no mgmt frame "
"protection");
break;

View file

@ -676,7 +676,7 @@ static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
}
#ifdef CONFIG_IEEE80211W
if (!(ie->capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION) &&
if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
ssid->ieee80211w == IEEE80211W_REQUIRED) {
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
"that does not support management frame protection - "
@ -845,7 +845,7 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
#ifdef CONFIG_IEEE80211W
sel = ie.mgmt_group_cipher;
if (ssid->ieee80211w == NO_IEEE80211W ||
!(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
!(ie.capabilities & WPA_CAPABILITY_MFPC))
sel = 0;
if (sel & WPA_CIPHER_AES_128_CMAC) {
wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;