FILS: Add RSNE into (Re)Association Response frame
This AP behavior was missing from IEEE Std 802.11ai-2016, but it is needed for the RSNE validation to work correctly and for a FILS STA to be able to perform the mandatory check for RSNE matching when processing the (Re)Association Response frame (as described in 802.11ai). REVmd will be updating the standard to cover this AP case, so prepare the implementation to match that. Without this, a FILS STA might reject association whenever using FILS authentication. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
a96c783645
commit
831d8c9cf5
3 changed files with 34 additions and 0 deletions
|
@ -3332,6 +3332,8 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
if (sta && sta->fils_hlp_resp)
|
if (sta && sta->fils_hlp_resp)
|
||||||
buflen += wpabuf_len(sta->fils_hlp_resp);
|
buflen += wpabuf_len(sta->fils_hlp_resp);
|
||||||
|
if (sta)
|
||||||
|
buflen += 150;
|
||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
#ifdef CONFIG_OWE
|
#ifdef CONFIG_OWE
|
||||||
if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
|
if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
|
||||||
|
@ -3393,6 +3395,15 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_IEEE80211R_AP */
|
#endif /* CONFIG_IEEE80211R_AP */
|
||||||
|
#ifdef CONFIG_FILS
|
||||||
|
if (sta && status_code == WLAN_STATUS_SUCCESS &&
|
||||||
|
(sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
||||||
|
sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
||||||
|
sta->auth_alg == WLAN_AUTH_FILS_PK))
|
||||||
|
p = wpa_auth_write_assoc_resp_fils(sta->wpa_sm, p,
|
||||||
|
buf + buflen - p,
|
||||||
|
ies, ies_len);
|
||||||
|
#endif /* CONFIG_FILS */
|
||||||
|
|
||||||
#ifdef CONFIG_OWE
|
#ifdef CONFIG_OWE
|
||||||
if (sta && status_code == WLAN_STATUS_SUCCESS &&
|
if (sta && status_code == WLAN_STATUS_SUCCESS &&
|
||||||
|
|
|
@ -475,6 +475,9 @@ void wpa_auth_add_fils_pmk_pmkid(struct wpa_state_machine *sm, const u8 *pmk,
|
||||||
u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
|
u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
|
||||||
u8 *pos, size_t max_len,
|
u8 *pos, size_t max_len,
|
||||||
const u8 *req_ies, size_t req_ies_len);
|
const u8 *req_ies, size_t req_ies_len);
|
||||||
|
u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm,
|
||||||
|
u8 *pos, size_t max_len,
|
||||||
|
const u8 *req_ies, size_t req_ies_len);
|
||||||
void wpa_auth_set_auth_alg(struct wpa_state_machine *sm, u16 auth_alg);
|
void wpa_auth_set_auth_alg(struct wpa_state_machine *sm, u16 auth_alg);
|
||||||
void wpa_auth_set_dpp_z(struct wpa_state_machine *sm, const struct wpabuf *z);
|
void wpa_auth_set_dpp_z(struct wpa_state_machine *sm, const struct wpabuf *z);
|
||||||
|
|
||||||
|
|
|
@ -1176,3 +1176,23 @@ u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
|
||||||
return pos + res;
|
return pos + res;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_OWE */
|
#endif /* CONFIG_OWE */
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CONFIG_FILS
|
||||||
|
u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm,
|
||||||
|
u8 *pos, size_t max_len,
|
||||||
|
const u8 *req_ies, size_t req_ies_len)
|
||||||
|
{
|
||||||
|
int res;
|
||||||
|
|
||||||
|
if (!sm ||
|
||||||
|
sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
|
||||||
|
WPA_KEY_MGMT_FT_FILS_SHA384))
|
||||||
|
return pos;
|
||||||
|
|
||||||
|
res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
|
||||||
|
if (res < 0)
|
||||||
|
return pos;
|
||||||
|
return pos + res;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_FILS */
|
||||||
|
|
Loading…
Reference in a new issue