From 96686e637cf093d50b4fa5a8cdb6b75663eacb24 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 26 Mar 2020 00:18:06 +0200 Subject: [PATCH] wpa_supplicant AP mode configuration for Transition Disable KDE Allow AP mode network profile in wpa_supplicant to be configured to advertise Transition Disable DKE. Signed-off-by: Jouni Malinen --- wpa_supplicant/ap.c | 2 ++ wpa_supplicant/config.c | 1 + wpa_supplicant/config_file.c | 1 + wpa_supplicant/config_ssid.h | 20 ++++++++++++++++++++ 4 files changed, 24 insertions(+) diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index ee7c755b5..624168205 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -607,6 +607,8 @@ no_wps: bss->ftm_responder = wpa_s->conf->ftm_responder; bss->ftm_initiator = wpa_s->conf->ftm_initiator; + bss->transition_disable = ssid->transition_disable; + return 0; } diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index 30801abd9..e86fd7f81 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -2577,6 +2577,7 @@ static const struct parse_data ssid_fields[] = { { INT_RANGE(multi_ap_backhaul_sta, 0, 1) }, { INT_RANGE(ft_eap_pmksa_caching, 0, 1) }, { INT_RANGE(beacon_prot, 0, 1) }, + { INT_RANGE(transition_disable, 0, 255) }, }; #undef OFFSET diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c index e77cbca4f..74068d66c 100644 --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c @@ -935,6 +935,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid) INT(multi_ap_backhaul_sta); INT(ft_eap_pmksa_caching); INT(beacon_prot); + INT(transition_disable); #ifdef CONFIG_HT_OVERRIDES INT_DEF(disable_ht, DEFAULT_DISABLE_HT); INT_DEF(disable_ht40, DEFAULT_DISABLE_HT40); diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index 24c7a3d9b..618145e8b 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -1070,6 +1070,26 @@ struct wpa_ssid { * enabled. */ int beacon_prot; + + /** + * transition_disable - Transition Disable indication + * The AP can notify authenticated stations to disable transition mode + * in their network profiles when the network has completed transition + * steps, i.e., once sufficiently large number of APs in the ESS have + * been updated to support the more secure alternative. When this + * indication is used, the stations are expected to automatically + * disable transition mode and less secure security options. This + * includes use of WEP, TKIP (including use of TKIP as the group + * cipher), and connections without PMF. + * Bitmap bits: + * bit 0 (0x01): WPA3-Personal (i.e., disable WPA2-Personal = WPA-PSK + * and only allow SAE to be used) + * bit 1 (0x02): SAE-PK (disable SAE without use of SAE-PK) + * bit 2 (0x04): WPA3-Enterprise (move to requiring PMF) + * bit 3 (0x08): Enhanced Open (disable use of open network; require + * OWE) + */ + u8 transition_disable; }; #endif /* CONFIG_SSID_H */