hostapd: Work around an interop connection issue in FT-PSK + WPA-PSK

While the AP is configured to enable both FT-PSK and WPA-PSK, an HP
printer request both AKMs (copied from AP?) in Association Request
frame, but don't add MDIE and don't use FT. This results in the
connection failing.

Next in logs we see:

RSN: Trying to use FT, but MDIE not included
IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04
                      02 00 00 0f ac 02 00 0f ac 04 00 00

This is seen with some HP and Epson printers. Work around this by
stripping FT AKM(s) when MDE is not present and there is still a non-FT
AKM available.

Signed-off-by: Janusz Dziedzic <janusz@plumewifi.com>
This commit is contained in:
Janusz Dziedzic 2018-03-05 15:37:10 +01:00 committed by Jouni Malinen
parent 2e71d0415b
commit bb35e2d214
2 changed files with 28 additions and 6 deletions

View file

@ -561,6 +561,19 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
if (version == WPA_PROTO_RSN) { if (version == WPA_PROTO_RSN) {
res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data); res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
!wpa_key_mgmt_only_ft(data.key_mgmt)) {
/* Workaround for some HP and Epson printers that seem
* to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
* advertised RSNE to Association Request frame. */
wpa_printf(MSG_DEBUG,
"RSN: FT set in RSNE AKM but MDE is missing from "
MACSTR
" - ignore FT AKM(s) because there's also a non-FT AKM",
MAC2STR(sm->addr));
data.key_mgmt &= ~WPA_KEY_MGMT_FT;
}
selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
if (0) { if (0) {
} }

View file

@ -59,6 +59,13 @@ typedef enum { FALSE = 0, TRUE = 1 } Boolean;
#define WPA_KEY_MGMT_DPP BIT(23) #define WPA_KEY_MGMT_DPP BIT(23)
#define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24) #define WPA_KEY_MGMT_FT_IEEE8021X_SHA384 BIT(24)
#define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_PSK | \
WPA_KEY_MGMT_FT_IEEE8021X | \
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 | \
WPA_KEY_MGMT_FT_SAE | \
WPA_KEY_MGMT_FT_FILS_SHA256 | \
WPA_KEY_MGMT_FT_FILS_SHA384)
static inline int wpa_key_mgmt_wpa_ieee8021x(int akm) static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
{ {
return !!(akm & (WPA_KEY_MGMT_IEEE8021X | return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
@ -86,12 +93,14 @@ static inline int wpa_key_mgmt_wpa_psk(int akm)
static inline int wpa_key_mgmt_ft(int akm) static inline int wpa_key_mgmt_ft(int akm)
{ {
return !!(akm & (WPA_KEY_MGMT_FT_PSK | return !!(akm & WPA_KEY_MGMT_FT);
WPA_KEY_MGMT_FT_IEEE8021X | }
WPA_KEY_MGMT_FT_IEEE8021X_SHA384 |
WPA_KEY_MGMT_FT_SAE | static inline int wpa_key_mgmt_only_ft(int akm)
WPA_KEY_MGMT_FT_FILS_SHA256 | {
WPA_KEY_MGMT_FT_FILS_SHA384)); int ft = wpa_key_mgmt_ft(akm);
akm &= ~WPA_KEY_MGMT_FT;
return ft && !akm;
} }
static inline int wpa_key_mgmt_ft_psk(int akm) static inline int wpa_key_mgmt_ft_psk(int akm)