FT: Add selection of FT+FILS AKMs

This is needed to enable use of FILS for the FT initial mobility domain
association.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-04-02 12:57:32 +03:00
parent c10e0ccc9e
commit 5aa08153af
2 changed files with 12 additions and 0 deletions

View file

@ -882,6 +882,12 @@ static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X; sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
else if (key_mgmt & WPA_KEY_MGMT_FT_PSK) else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK; sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
#ifdef CONFIG_FILS
else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
#endif /* CONFIG_FILS */
ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise; ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
if (!ciphers) { if (!ciphers) {
wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from " wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from "

View file

@ -204,6 +204,12 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK); RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE) else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE)
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE); RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
#ifdef CONFIG_FILS
else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
#endif /* CONFIG_FILS */
else { else {
wpa_printf(MSG_WARNING, "FT: Invalid key management type (%d)", wpa_printf(MSG_WARNING, "FT: Invalid key management type (%d)",
sm->key_mgmt); sm->key_mgmt);