MBO: Mandate use of PMF for WPA2+MBO association (AP)

If WPA2 and MBO are enabled, PMF needs to be enabled in hostapd
configuration. If PMF is optional in the configuration, an MBO STA is
required to negotiate use of PMF.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2016-02-22 16:39:24 +02:00 committed by Jouni Malinen
parent 85c7ea9b48
commit 4c572281ed
3 changed files with 30 additions and 0 deletions

View file

@ -881,6 +881,15 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
} }
#endif /* CONFIG_HS20 */ #endif /* CONFIG_HS20 */
#ifdef CONFIG_MBO
if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
wpa_printf(MSG_ERROR,
"MBO: PMF needs to be enabled whenever using WPA2 with MBO");
return -1;
}
#endif /* CONFIG_MBO */
return 0; return 0;
} }

View file

@ -350,6 +350,17 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
return WLAN_STATUS_INVALID_IE; return WLAN_STATUS_INVALID_IE;
#endif /* CONFIG_HS20 */ #endif /* CONFIG_HS20 */
} }
#ifdef CONFIG_MBO
if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
wpa_printf(MSG_INFO,
"MBO: Reject WPA2 association without PMF");
return WLAN_STATUS_UNSPECIFIED_FAILURE;
}
#endif /* CONFIG_MBO */
#ifdef CONFIG_WPS #ifdef CONFIG_WPS
skip_wpa_check: skip_wpa_check:
#endif /* CONFIG_WPS */ #endif /* CONFIG_WPS */

View file

@ -1714,8 +1714,18 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
sta->mb_ies = NULL; sta->mb_ies = NULL;
#endif /* CONFIG_FST */ #endif /* CONFIG_FST */
#ifdef CONFIG_MBO
mbo_ap_check_sta_assoc(hapd, sta, &elems); mbo_ap_check_sta_assoc(hapd, sta, &elems);
if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
wpa_printf(MSG_INFO,
"MBO: Reject WPA2 association without PMF");
return WLAN_STATUS_UNSPECIFIED_FAILURE;
}
#endif /* CONFIG_MBO */
return WLAN_STATUS_SUCCESS; return WLAN_STATUS_SUCCESS;
} }