diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c index 17003d506..4155c947a 100644 --- a/src/ap/ieee802_11_shared.c +++ b/src/ap/ieee802_11_shared.c @@ -1097,29 +1097,45 @@ u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len) { u8 *pos = eid; bool sae_pk = false; + u16 capab = 0; + size_t flen; + + if (!(hapd->conf->wpa & WPA_PROTO_RSN)) + return eid; #ifdef CONFIG_SAE_PK sae_pk = hostapd_sae_pk_in_use(hapd->conf); #endif /* CONFIG_SAE_PK */ - if (!(hapd->conf->wpa & WPA_PROTO_RSN) || - !wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) || - (hapd->conf->sae_pwe != 1 && hapd->conf->sae_pwe != 2 && - !hostapd_sae_pw_id_in_use(hapd->conf) && !sae_pk) || - hapd->conf->sae_pwe == 3 || - len < 3) - return pos; + if (wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && + (hapd->conf->sae_pwe == 1 || hapd->conf->sae_pwe == 2 || + hostapd_sae_pw_id_in_use(hapd->conf) || sae_pk) && + hapd->conf->sae_pwe != 3) { + capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E); +#ifdef CONFIG_SAE_PK + if (sae_pk) + capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK); +#endif /* CONFIG_SAE_PK */ + } + + if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF) + capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF - 8); + if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT) + capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT - 8); + if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG) + capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG - 8); + + flen = (capab & 0xff00) ? 2 : 1; + if (len < 2 + flen || !capab) + return eid; /* no supported extended RSN capabilities */ + capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */ *pos++ = WLAN_EID_RSNX; - *pos++ = 1; - /* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is - * used for now */ - *pos = BIT(WLAN_RSNX_CAPAB_SAE_H2E); -#ifdef CONFIG_SAE_PK - if (sae_pk) - *pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK); -#endif /* CONFIG_SAE_PK */ - pos++; + *pos++ = flen; + *pos++ = capab & 0x00ff; + capab >>= 8; + if (capab) + *pos++ = capab; return pos; } diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 0a5ba2ec7..0a16141ed 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -257,6 +257,11 @@ struct wpa_auth_config { #endif /* CONFIG_FILS */ int sae_pwe; bool sae_pk; + + unsigned int secure_ltf:1; + unsigned int secure_rtt:1; + unsigned int prot_range_neg:1; + int owe_ptk_workaround; u8 transition_disable; #ifdef CONFIG_DPP2 diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index c31961e05..23025b36a 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -1512,6 +1512,13 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) else _conf.extended_key_id = 0; + _conf.secure_ltf = + !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF); + _conf.secure_rtt = + !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT); + _conf.prot_range_neg = + !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG); + hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd); if (hapd->wpa_auth == NULL) { wpa_printf(MSG_ERROR, "WPA initialization failed."); diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 972ca84b6..aad343058 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -384,23 +384,38 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len) { u8 *pos = buf; + u16 capab = 0; + size_t flen; - if (conf->sae_pwe != 1 && conf->sae_pwe != 2 && !conf->sae_pk) + if (wpa_key_mgmt_sae(conf->wpa_key_mgmt) && + (conf->sae_pwe == 1 || conf->sae_pwe == 2 || conf->sae_pk)) { + capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E); +#ifdef CONFIG_SAE_PK + if (conf->sae_pk) + capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK); +#endif /* CONFIG_SAE_PK */ + } + + if (conf->secure_ltf) + capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF); + if (conf->secure_rtt) + capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); + if (conf->prot_range_neg) + capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG); + + flen = (capab & 0xff00) ? 2 : 1; + if (!capab) return 0; /* no supported extended RSN capabilities */ - - if (len < 3) + if (len < 2 + flen) return -1; + capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */ *pos++ = WLAN_EID_RSNX; - *pos++ = 1; - /* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is - * used for now */ - *pos = BIT(WLAN_RSNX_CAPAB_SAE_H2E); -#ifdef CONFIG_SAE_PK - if (conf->sae_pk) - *pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK); -#endif /* CONFIG_SAE_PK */ - pos++; + *pos++ = flen; + *pos++ = capab & 0x00ff; + capab >>= 8; + if (capab) + *pos++ = capab; return pos - buf; } diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h index 399ec633c..b4d7ffdc8 100644 --- a/src/common/ieee802_11_defs.h +++ b/src/common/ieee802_11_defs.h @@ -577,6 +577,9 @@ #define WLAN_RSNX_CAPAB_PROTECTED_TWT 4 #define WLAN_RSNX_CAPAB_SAE_H2E 5 #define WLAN_RSNX_CAPAB_SAE_PK 6 +#define WLAN_RSNX_CAPAB_SECURE_LTF 8 +#define WLAN_RSNX_CAPAB_SECURE_RTT 9 +#define WLAN_RSNX_CAPAB_PROT_RANGE_NEG 10 /* Action frame categories (IEEE Std 802.11-2016, 9.4.1.11, Table 9-76) */ #define WLAN_ACTION_SPECTRUM_MGMT 0 diff --git a/src/drivers/driver.h b/src/drivers/driver.h index b0543e7b4..f737aecae 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -1950,6 +1950,15 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_CONTROL_PORT_RX 0x0000000000000001ULL /** Driver supports TX status reports for EAPOL frames through control port */ #define WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS 0x0000000000000002ULL +/** Driver supports secure LTF */ +#define WPA_DRIVER_FLAGS2_SEC_LTF 0x0000000000000004ULL +/** Driver supports secure RTT measurement exchange */ +#define WPA_DRIVER_FLAGS2_SEC_RTT 0x0000000000000008ULL +/** + * Driver supports protection of range negotiation and measurement management + * frames + */ +#define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG 0x0000000000000010ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index b593f71af..16f089c48 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -106,7 +106,11 @@ struct wpa_sm { int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */ int ocv; /* Operating Channel Validation */ int sae_pwe; /* SAE PWE generation options */ - int sae_pk; /* whether SAE-PK is used */ + + unsigned int sae_pk:1; /* whether SAE-PK is used */ + unsigned int secure_ltf:1; + unsigned int secure_rtt:1; + unsigned int prot_range_neg:1; u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */ size_t assoc_wpa_ie_len; diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c index 20fdd6987..3ba722f5e 100644 --- a/src/rsn_supp/wpa_ie.c +++ b/src/rsn_supp/wpa_ie.c @@ -354,25 +354,38 @@ int wpa_gen_wpa_ie(struct wpa_sm *sm, u8 *wpa_ie, size_t wpa_ie_len) int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len) { u8 *pos = rsnxe; + u16 capab = 0; + size_t flen; - if (!wpa_key_mgmt_sae(sm->key_mgmt)) - return 0; /* SAE not in use */ - if (sm->sae_pwe != 1 && sm->sae_pwe != 2 && !sm->sae_pk) + if (wpa_key_mgmt_sae(sm->key_mgmt) && + (sm->sae_pwe == 1 || sm->sae_pwe == 2 || sm->sae_pk)) { + capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E); +#ifdef CONFIG_SAE_PK + if (sm->sae_pk) + capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK); +#endif /* CONFIG_SAE_PK */ + } + + if (sm->secure_ltf) + capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF); + if (sm->secure_rtt) + capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); + if (sm->prot_range_neg) + capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG); + + flen = (capab & 0xff00) ? 2 : 1; + if (!capab) return 0; /* no supported extended RSN capabilities */ - - if (rsnxe_len < 3) + if (rsnxe_len < 2 + flen) return -1; + capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */ *pos++ = WLAN_EID_RSNX; - *pos++ = 1; - /* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is - * used for now */ - *pos = BIT(WLAN_RSNX_CAPAB_SAE_H2E); -#ifdef CONFIG_SAE_PK - if (sm->sae_pk) - *pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK); -#endif /* CONFIG_SAE_PK */ - pos++; + *pos++ = flen; + *pos++ = capab & 0x00ff; + capab >>= 8; + if (capab) + *pos++ = capab; return pos - rsnxe; }