SAE-PK: Advertise RSNXE capability bit in STA mode
Set the SAE-PK capability bit in RSNXE when sending out (Re)Association Request frame for a network profile that allows use of SAE-PK. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
de36f6b7b3
commit
518be614f1
5 changed files with 19 additions and 2 deletions
|
@ -3289,6 +3289,9 @@ int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
|
||||||
case WPA_PARAM_SAE_PWE:
|
case WPA_PARAM_SAE_PWE:
|
||||||
sm->sae_pwe = value;
|
sm->sae_pwe = value;
|
||||||
break;
|
break;
|
||||||
|
case WPA_PARAM_SAE_PK:
|
||||||
|
sm->sae_pk = value;
|
||||||
|
break;
|
||||||
case WPA_PARAM_DENY_PTK0_REKEY:
|
case WPA_PARAM_DENY_PTK0_REKEY:
|
||||||
sm->wpa_deny_ptk0_rekey = value;
|
sm->wpa_deny_ptk0_rekey = value;
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -103,6 +103,7 @@ enum wpa_sm_conf_params {
|
||||||
WPA_PARAM_MFP,
|
WPA_PARAM_MFP,
|
||||||
WPA_PARAM_OCV,
|
WPA_PARAM_OCV,
|
||||||
WPA_PARAM_SAE_PWE,
|
WPA_PARAM_SAE_PWE,
|
||||||
|
WPA_PARAM_SAE_PK,
|
||||||
WPA_PARAM_DENY_PTK0_REKEY,
|
WPA_PARAM_DENY_PTK0_REKEY,
|
||||||
WPA_PARAM_EXT_KEY_ID,
|
WPA_PARAM_EXT_KEY_ID,
|
||||||
WPA_PARAM_USE_EXT_KEY_ID,
|
WPA_PARAM_USE_EXT_KEY_ID,
|
||||||
|
|
|
@ -95,6 +95,7 @@ struct wpa_sm {
|
||||||
int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */
|
int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */
|
||||||
int ocv; /* Operating Channel Validation */
|
int ocv; /* Operating Channel Validation */
|
||||||
int sae_pwe; /* SAE PWE generation options */
|
int sae_pwe; /* SAE PWE generation options */
|
||||||
|
int sae_pk; /* whether SAE-PK is used */
|
||||||
|
|
||||||
u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
|
u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
|
||||||
size_t assoc_wpa_ie_len;
|
size_t assoc_wpa_ie_len;
|
||||||
|
|
|
@ -357,7 +357,7 @@ int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len)
|
||||||
|
|
||||||
if (!wpa_key_mgmt_sae(sm->key_mgmt))
|
if (!wpa_key_mgmt_sae(sm->key_mgmt))
|
||||||
return 0; /* SAE not in use */
|
return 0; /* SAE not in use */
|
||||||
if (sm->sae_pwe != 1 && sm->sae_pwe != 2)
|
if (sm->sae_pwe != 1 && sm->sae_pwe != 2 && !sm->sae_pk)
|
||||||
return 0; /* no supported extended RSN capabilities */
|
return 0; /* no supported extended RSN capabilities */
|
||||||
|
|
||||||
if (rsnxe_len < 3)
|
if (rsnxe_len < 3)
|
||||||
|
@ -367,7 +367,12 @@ int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len)
|
||||||
*pos++ = 1;
|
*pos++ = 1;
|
||||||
/* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is
|
/* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is
|
||||||
* used for now */
|
* used for now */
|
||||||
*pos++ = BIT(WLAN_RSNX_CAPAB_SAE_H2E);
|
*pos = BIT(WLAN_RSNX_CAPAB_SAE_H2E);
|
||||||
|
#ifdef CONFIG_SAE_PK
|
||||||
|
if (sm->sae_pk)
|
||||||
|
*pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
|
||||||
|
#endif /* CONFIG_SAE_PK */
|
||||||
|
pos++;
|
||||||
|
|
||||||
return pos - rsnxe;
|
return pos - rsnxe;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1639,6 +1639,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
|
||||||
if (ssid->sae_password_id && sae_pwe != 3)
|
if (ssid->sae_password_id && sae_pwe != 3)
|
||||||
sae_pwe = 1;
|
sae_pwe = 1;
|
||||||
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
|
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
|
||||||
|
#ifdef CONFIG_SAE_PK
|
||||||
|
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PK,
|
||||||
|
wpa_key_mgmt_sae(ssid->key_mgmt) &&
|
||||||
|
ssid->sae_pk != SAE_PK_MODE_DISABLED &&
|
||||||
|
ssid->sae_password &&
|
||||||
|
sae_pk_valid_password(ssid->sae_password));
|
||||||
|
#endif /* CONFIG_SAE_PK */
|
||||||
#ifdef CONFIG_TESTING_OPTIONS
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
|
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
|
||||||
wpa_s->ft_rsnxe_used);
|
wpa_s->ft_rsnxe_used);
|
||||||
|
|
Loading…
Reference in a new issue