FILS: Add MDE into Authentication frame for FILS+FT

When using FILS for FT initial mobility domain association, add MDE to
the Authentication frame from the STA to indicate this special case for
FILS authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-04-02 13:22:52 +03:00
parent 5aa08153af
commit af3e362fa7
3 changed files with 21 additions and 8 deletions

View file

@ -3268,7 +3268,7 @@ void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
#ifdef CONFIG_FILS #ifdef CONFIG_FILS
struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group) struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
{ {
struct wpabuf *buf = NULL; struct wpabuf *buf = NULL;
struct wpabuf *erp_msg; struct wpabuf *erp_msg;
@ -3348,8 +3348,16 @@ struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group)
sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
/* TODO: MDE when using FILS for FT initial association */ if (md) {
/* TODO: FTE when using FILS for FT initial association */ /* MDE when using FILS for FT initial association */
struct rsn_mdie *mdie;
wpabuf_put_u8(buf, WLAN_EID_MOBILITY_DOMAIN);
wpabuf_put_u8(buf, sizeof(*mdie));
mdie = wpabuf_put(buf, sizeof(*mdie));
os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
mdie->ft_capab = 0;
}
/* FILS Nonce */ /* FILS Nonce */
wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */

View file

@ -435,7 +435,7 @@ extern unsigned int tdls_testing;
int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf); int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf);
void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf); void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf);
struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group); struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md);
int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data, int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
size_t len); size_t len);
struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek, struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,

View file

@ -208,9 +208,9 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
#ifdef CONFIG_IEEE80211R #ifdef CONFIG_IEEE80211R
const u8 *ie; const u8 *ie;
#endif /* CONFIG_IEEE80211R */ #endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_IEEE80211R #if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS)
const u8 *md = NULL; const u8 *md = NULL;
#endif /* CONFIG_IEEE80211R */ #endif /* CONFIG_IEEE80211R || CONFIG_FILS */
int i, bssid_changed; int i, bssid_changed;
struct wpabuf *resp = NULL; struct wpabuf *resp = NULL;
u8 ext_capab[18]; u8 ext_capab[18];
@ -373,7 +373,12 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
wpa_ft_prepare_auth_request(wpa_s->wpa, ie); wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
} }
if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) { if (md && !wpa_key_mgmt_ft(ssid->key_mgmt))
md = NULL;
if (md) {
wpa_dbg(wpa_s, MSG_DEBUG, "SME: FT mobility domain %02x%02x",
md[0], md[1]);
if (wpa_s->sme.assoc_req_ie_len + 5 < if (wpa_s->sme.assoc_req_ie_len + 5 <
sizeof(wpa_s->sme.assoc_req_ie)) { sizeof(wpa_s->sme.assoc_req_ie)) {
struct rsn_mdie *mdie; struct rsn_mdie *mdie;
@ -594,7 +599,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
0) 0)
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"SME: Try to use FILS with PMKSA caching"); "SME: Try to use FILS with PMKSA caching");
resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group); resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group, md);
if (resp) { if (resp) {
int auth_alg; int auth_alg;