From 299d21e8e2443523a6c9ac08103b785bb63eadba Mon Sep 17 00:00:00 2001 From: Emmanuel Grumbach Date: Thu, 1 Feb 2018 16:21:57 +0200 Subject: [PATCH] nl80211: Use the new NL80211_MFP_OPTIONAL option Now we can configure the network block so that it allows MFP setting for the NL80211_CMD_CONNECT command. If the kernel finds an AP that requires MFP, it'll be able to connect to it. Note that since NL80211_MFP_OPTIONAL isn't supported for NL80211_CMD_ASSOCIATE, we need to take the MFP configuration outside nl80211_connect_common(). In addition, check that NL80211_EXT_FEATURE_MFP_OPTIONAL is supported, to be backward compatible with older kernels. Signed-off-by: Emmanuel Grumbach --- src/drivers/driver.h | 2 ++ src/drivers/driver_nl80211.c | 17 +++++++++++++---- src/drivers/driver_nl80211_capa.c | 4 ++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 38ced14ef..92a58b2f2 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -1563,6 +1563,8 @@ struct wpa_driver_capa { * functionality but can support only OCE STA-CFON functionality. */ #define WPA_DRIVER_FLAGS_OCE_STA_CFON 0x0020000000000000ULL +/** Driver supports MFP-optional in the connect command */ +#define WPA_DRIVER_FLAGS_MFP_OPTIONAL 0x0040000000000000ULL u64 flags; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index b7fcbc6dc..329be021b 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -5408,10 +5408,6 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) return -1; - if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED && - nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED)) - return -1; - if (params->rrm_used) { u32 drv_rrm_flags = drv->capa.rrm_flags; if ((!((drv_rrm_flags & @@ -5488,6 +5484,15 @@ static int wpa_driver_nl80211_try_connect( if (ret) goto fail; + if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED && + nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED)) + goto fail; + + if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_OPTIONAL && + (drv->capa.flags & WPA_DRIVER_FLAGS_MFP_OPTIONAL) && + nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_OPTIONAL)) + goto fail; + algs = 0; if (params->auth_alg & WPA_AUTH_ALG_OPEN) algs++; @@ -5607,6 +5612,10 @@ static int wpa_driver_nl80211_associate( if (ret) goto fail; + if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED && + nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED)) + goto fail; + if (params->fils_kek) { wpa_printf(MSG_DEBUG, " * FILS KEK (len=%u)", (unsigned int) params->fils_kek_len); diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index fd8b457b8..e5bc7693b 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -407,6 +407,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_MFP_OPTIONAL)) + capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL; }