FILS: Add FTE into FILS Authentication frame from AP when using FILS+FT

MDE was already added with RSNE, but FTE needed to be added to the FILS
Authentication frame for the FT initial mobility domain association
using FILS authentication case.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-04-02 22:38:48 +03:00
parent af3e362fa7
commit 5db997e343
3 changed files with 30 additions and 5 deletions

View file

@ -1140,9 +1140,6 @@ static void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
if (resp != WLAN_STATUS_SUCCESS) if (resp != WLAN_STATUS_SUCCESS)
goto fail; goto fail;
/* TODO: MDE when using FILS+FT */
/* TODO: FTE when using FILS+FT */
if (!elems.fils_nonce) { if (!elems.fils_nonce) {
wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field"); wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
resp = WLAN_STATUS_UNSPECIFIED_FAILURE; resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
@ -1305,8 +1302,22 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
/* RSNE */ /* RSNE */
wpabuf_put_data(data, ie, ielen); wpabuf_put_data(data, ie, ielen);
/* TODO: MDE when using FILS+FT */ /* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
/* TODO: FTE when using FILS+FT */
#ifdef CONFIG_IEEE80211R_AP
if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
/* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
int res;
res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
wpabuf_tailroom(data));
if (res < 0) {
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
wpabuf_put(data, res);
}
#endif /* CONFIG_IEEE80211R_AP */
/* FILS Nonce */ /* FILS Nonce */
wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */ wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */

View file

@ -4272,4 +4272,16 @@ wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
return idata.pmksa; return idata.pmksa;
} }
#ifdef CONFIG_IEEE80211R_AP
int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len)
{
struct wpa_auth_config *conf = &wpa_auth->conf;
return wpa_write_ftie(conf, conf->r0_key_holder,
conf->r0_key_holder_len,
NULL, NULL, buf, len, NULL, 0);
}
#endif /* CONFIG_IEEE80211R_AP */
#endif /* CONFIG_FILS */ #endif /* CONFIG_FILS */

View file

@ -375,4 +375,6 @@ int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf,
const struct wpabuf *hlp); const struct wpabuf *hlp);
int fils_set_tk(struct wpa_state_machine *sm); int fils_set_tk(struct wpa_state_machine *sm);
int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len);
#endif /* WPA_AUTH_H */ #endif /* WPA_AUTH_H */