HS 2.0: Allow OSEN connection to be enabled in an RSN BSS
This allows a single BSS/SSID to be used for both data connection and OSU. Instead of hostapd configuration osen=1, wpa_key_mgmt=OSEN (or more likely, wpa_key_mgmt=WPA-EAP OSEN) is used to enable this new option. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
0fe3ede0a4
commit
8d660a4bac
3 changed files with 27 additions and 4 deletions
|
@ -813,6 +813,10 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
|
||||||
else if (os_strcmp(start, "DPP") == 0)
|
else if (os_strcmp(start, "DPP") == 0)
|
||||||
val |= WPA_KEY_MGMT_DPP;
|
val |= WPA_KEY_MGMT_DPP;
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
|
#ifdef CONFIG_HS20
|
||||||
|
else if (os_strcmp(start, "OSEN") == 0)
|
||||||
|
val |= WPA_KEY_MGMT_OSEN;
|
||||||
|
#endif /* CONFIG_HS20 */
|
||||||
else {
|
else {
|
||||||
wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
|
wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
|
||||||
line, start);
|
line, start);
|
||||||
|
|
|
@ -2515,7 +2515,8 @@ static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm,
|
||||||
/* GTK KDE */
|
/* GTK KDE */
|
||||||
gtk = gsm->GTK[gsm->GN - 1];
|
gtk = gsm->GTK[gsm->GN - 1];
|
||||||
gtk_len = gsm->GTK_len;
|
gtk_len = gsm->GTK_len;
|
||||||
if (sm->wpa_auth->conf.disable_gtk) {
|
if (sm->wpa_auth->conf.disable_gtk ||
|
||||||
|
sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
|
||||||
/*
|
/*
|
||||||
* Provide unique random GTK to each STA to prevent use
|
* Provide unique random GTK to each STA to prevent use
|
||||||
* of GTK in the BSS.
|
* of GTK in the BSS.
|
||||||
|
@ -2831,7 +2832,8 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
|
||||||
else
|
else
|
||||||
os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
|
os_memcpy(igtk.pn, rsc, sizeof(igtk.pn));
|
||||||
os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
|
os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], len);
|
||||||
if (sm->wpa_auth->conf.disable_gtk) {
|
if (sm->wpa_auth->conf.disable_gtk ||
|
||||||
|
sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
|
||||||
/*
|
/*
|
||||||
* Provide unique random IGTK to each STA to prevent use of
|
* Provide unique random IGTK to each STA to prevent use of
|
||||||
* IGTK in the BSS.
|
* IGTK in the BSS.
|
||||||
|
@ -2909,7 +2911,8 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
|
||||||
secure = 1;
|
secure = 1;
|
||||||
gtk = gsm->GTK[gsm->GN - 1];
|
gtk = gsm->GTK[gsm->GN - 1];
|
||||||
gtk_len = gsm->GTK_len;
|
gtk_len = gsm->GTK_len;
|
||||||
if (sm->wpa_auth->conf.disable_gtk) {
|
if (sm->wpa_auth->conf.disable_gtk ||
|
||||||
|
sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
|
||||||
/*
|
/*
|
||||||
* Provide unique random GTK to each STA to prevent use
|
* Provide unique random GTK to each STA to prevent use
|
||||||
* of GTK in the BSS.
|
* of GTK in the BSS.
|
||||||
|
@ -3285,7 +3288,8 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
|
||||||
"sending 1/2 msg of Group Key Handshake");
|
"sending 1/2 msg of Group Key Handshake");
|
||||||
|
|
||||||
gtk = gsm->GTK[gsm->GN - 1];
|
gtk = gsm->GTK[gsm->GN - 1];
|
||||||
if (sm->wpa_auth->conf.disable_gtk) {
|
if (sm->wpa_auth->conf.disable_gtk ||
|
||||||
|
sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
|
||||||
/*
|
/*
|
||||||
* Provide unique random GTK to each STA to prevent use
|
* Provide unique random GTK to each STA to prevent use
|
||||||
* of GTK in the BSS.
|
* of GTK in the BSS.
|
||||||
|
|
|
@ -248,6 +248,13 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
||||||
num_suites++;
|
num_suites++;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
|
#ifdef CONFIG_HS20
|
||||||
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OSEN) {
|
||||||
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
|
||||||
|
pos += RSN_SELECTOR_LEN;
|
||||||
|
num_suites++;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_HS20 */
|
||||||
|
|
||||||
#ifdef CONFIG_RSN_TESTING
|
#ifdef CONFIG_RSN_TESTING
|
||||||
if (rsn_testing) {
|
if (rsn_testing) {
|
||||||
|
@ -588,6 +595,10 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||||
else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
|
else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
|
||||||
selector = RSN_AUTH_KEY_MGMT_DPP;
|
selector = RSN_AUTH_KEY_MGMT_DPP;
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
|
#ifdef CONFIG_HS20
|
||||||
|
else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
|
||||||
|
selector = RSN_AUTH_KEY_MGMT_OSEN;
|
||||||
|
#endif /* CONFIG_HS20 */
|
||||||
wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
|
wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
|
||||||
|
|
||||||
selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
|
selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
|
||||||
|
@ -688,6 +699,10 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||||
else if (key_mgmt & WPA_KEY_MGMT_DPP)
|
else if (key_mgmt & WPA_KEY_MGMT_DPP)
|
||||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
|
#ifdef CONFIG_HS20
|
||||||
|
else if (key_mgmt & WPA_KEY_MGMT_OSEN)
|
||||||
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
|
||||||
|
#endif /* CONFIG_HS20 */
|
||||||
else
|
else
|
||||||
sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue