FILS: Add MDE into Authentication frame for FILS+FT
When using FILS for FT initial mobility domain association, add MDE to the Authentication frame from the STA to indicate this special case for FILS authentication. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
5aa08153af
commit
af3e362fa7
3 changed files with 21 additions and 8 deletions
|
@ -3268,7 +3268,7 @@ void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
|
||||||
|
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
|
|
||||||
struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group)
|
struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
|
||||||
{
|
{
|
||||||
struct wpabuf *buf = NULL;
|
struct wpabuf *buf = NULL;
|
||||||
struct wpabuf *erp_msg;
|
struct wpabuf *erp_msg;
|
||||||
|
@ -3348,8 +3348,16 @@ struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group)
|
||||||
sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
|
sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
|
||||||
wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
|
wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
|
||||||
|
|
||||||
/* TODO: MDE when using FILS for FT initial association */
|
if (md) {
|
||||||
/* TODO: FTE when using FILS for FT initial association */
|
/* MDE when using FILS for FT initial association */
|
||||||
|
struct rsn_mdie *mdie;
|
||||||
|
|
||||||
|
wpabuf_put_u8(buf, WLAN_EID_MOBILITY_DOMAIN);
|
||||||
|
wpabuf_put_u8(buf, sizeof(*mdie));
|
||||||
|
mdie = wpabuf_put(buf, sizeof(*mdie));
|
||||||
|
os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
|
||||||
|
mdie->ft_capab = 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* FILS Nonce */
|
/* FILS Nonce */
|
||||||
wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
|
wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */
|
||||||
|
|
|
@ -435,7 +435,7 @@ extern unsigned int tdls_testing;
|
||||||
int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf);
|
int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf);
|
||||||
void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf);
|
void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf);
|
||||||
|
|
||||||
struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group);
|
struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md);
|
||||||
int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
|
int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
|
||||||
size_t len);
|
size_t len);
|
||||||
struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
|
struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,
|
||||||
|
|
|
@ -208,9 +208,9 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
|
||||||
#ifdef CONFIG_IEEE80211R
|
#ifdef CONFIG_IEEE80211R
|
||||||
const u8 *ie;
|
const u8 *ie;
|
||||||
#endif /* CONFIG_IEEE80211R */
|
#endif /* CONFIG_IEEE80211R */
|
||||||
#ifdef CONFIG_IEEE80211R
|
#if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS)
|
||||||
const u8 *md = NULL;
|
const u8 *md = NULL;
|
||||||
#endif /* CONFIG_IEEE80211R */
|
#endif /* CONFIG_IEEE80211R || CONFIG_FILS */
|
||||||
int i, bssid_changed;
|
int i, bssid_changed;
|
||||||
struct wpabuf *resp = NULL;
|
struct wpabuf *resp = NULL;
|
||||||
u8 ext_capab[18];
|
u8 ext_capab[18];
|
||||||
|
@ -373,7 +373,12 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
|
||||||
wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
|
wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) {
|
if (md && !wpa_key_mgmt_ft(ssid->key_mgmt))
|
||||||
|
md = NULL;
|
||||||
|
if (md) {
|
||||||
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: FT mobility domain %02x%02x",
|
||||||
|
md[0], md[1]);
|
||||||
|
|
||||||
if (wpa_s->sme.assoc_req_ie_len + 5 <
|
if (wpa_s->sme.assoc_req_ie_len + 5 <
|
||||||
sizeof(wpa_s->sme.assoc_req_ie)) {
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
||||||
struct rsn_mdie *mdie;
|
struct rsn_mdie *mdie;
|
||||||
|
@ -594,7 +599,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
|
||||||
0)
|
0)
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"SME: Try to use FILS with PMKSA caching");
|
"SME: Try to use FILS with PMKSA caching");
|
||||||
resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group);
|
resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group, md);
|
||||||
if (resp) {
|
if (resp) {
|
||||||
int auth_alg;
|
int auth_alg;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue