SAE-PK: Advertise RSNXE capability bit in STA mode

Set the SAE-PK capability bit in RSNXE when sending out (Re)Association
Request frame for a network profile that allows use of SAE-PK.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-06-10 12:22:59 +03:00 committed by Jouni Malinen
parent de36f6b7b3
commit 518be614f1
5 changed files with 19 additions and 2 deletions

View file

@ -3289,6 +3289,9 @@ int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
case WPA_PARAM_SAE_PWE: case WPA_PARAM_SAE_PWE:
sm->sae_pwe = value; sm->sae_pwe = value;
break; break;
case WPA_PARAM_SAE_PK:
sm->sae_pk = value;
break;
case WPA_PARAM_DENY_PTK0_REKEY: case WPA_PARAM_DENY_PTK0_REKEY:
sm->wpa_deny_ptk0_rekey = value; sm->wpa_deny_ptk0_rekey = value;
break; break;

View file

@ -103,6 +103,7 @@ enum wpa_sm_conf_params {
WPA_PARAM_MFP, WPA_PARAM_MFP,
WPA_PARAM_OCV, WPA_PARAM_OCV,
WPA_PARAM_SAE_PWE, WPA_PARAM_SAE_PWE,
WPA_PARAM_SAE_PK,
WPA_PARAM_DENY_PTK0_REKEY, WPA_PARAM_DENY_PTK0_REKEY,
WPA_PARAM_EXT_KEY_ID, WPA_PARAM_EXT_KEY_ID,
WPA_PARAM_USE_EXT_KEY_ID, WPA_PARAM_USE_EXT_KEY_ID,

View file

@ -95,6 +95,7 @@ struct wpa_sm {
int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */ int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */
int ocv; /* Operating Channel Validation */ int ocv; /* Operating Channel Validation */
int sae_pwe; /* SAE PWE generation options */ int sae_pwe; /* SAE PWE generation options */
int sae_pk; /* whether SAE-PK is used */
u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */ u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
size_t assoc_wpa_ie_len; size_t assoc_wpa_ie_len;

View file

@ -357,7 +357,7 @@ int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len)
if (!wpa_key_mgmt_sae(sm->key_mgmt)) if (!wpa_key_mgmt_sae(sm->key_mgmt))
return 0; /* SAE not in use */ return 0; /* SAE not in use */
if (sm->sae_pwe != 1 && sm->sae_pwe != 2) if (sm->sae_pwe != 1 && sm->sae_pwe != 2 && !sm->sae_pk)
return 0; /* no supported extended RSN capabilities */ return 0; /* no supported extended RSN capabilities */
if (rsnxe_len < 3) if (rsnxe_len < 3)
@ -367,7 +367,12 @@ int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len)
*pos++ = 1; *pos++ = 1;
/* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is /* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is
* used for now */ * used for now */
*pos++ = BIT(WLAN_RSNX_CAPAB_SAE_H2E); *pos = BIT(WLAN_RSNX_CAPAB_SAE_H2E);
#ifdef CONFIG_SAE_PK
if (sm->sae_pk)
*pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
#endif /* CONFIG_SAE_PK */
pos++;
return pos - rsnxe; return pos - rsnxe;
} }

View file

@ -1639,6 +1639,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
if (ssid->sae_password_id && sae_pwe != 3) if (ssid->sae_password_id && sae_pwe != 3)
sae_pwe = 1; sae_pwe = 1;
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe); wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
#ifdef CONFIG_SAE_PK
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PK,
wpa_key_mgmt_sae(ssid->key_mgmt) &&
ssid->sae_pk != SAE_PK_MODE_DISABLED &&
ssid->sae_password &&
sae_pk_valid_password(ssid->sae_password));
#endif /* CONFIG_SAE_PK */
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED, wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
wpa_s->ft_rsnxe_used); wpa_s->ft_rsnxe_used);