OCE: Mandate PMF for WPA2 association with OCE AP
An OCE AP with WPA2 enabled shall require PMF negotiation when associating with an OCE STA. An OCE STA-CFON may negotiate PMF with a STA when it is operating as an AP. Don't select an OCE AP for connection if PMF is not enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
84ebc759a0
commit
0028d627c8
1 changed files with 9 additions and 2 deletions
|
@ -540,6 +540,9 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
|
|||
const u8 *rsn_ie, *wpa_ie;
|
||||
int ret;
|
||||
int wep_ok;
|
||||
#ifdef CONFIG_MBO
|
||||
const u8 *oce_capa_attr;
|
||||
#endif /* CONFIG_MBO */
|
||||
|
||||
ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss);
|
||||
if (ret >= 0)
|
||||
|
@ -631,13 +634,17 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
|
|||
break;
|
||||
}
|
||||
#ifdef CONFIG_MBO
|
||||
oce_capa_attr = wpas_mbo_get_bss_attr(bss,
|
||||
OCE_ATTR_ID_CAPA_IND);
|
||||
if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
|
||||
wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND) &&
|
||||
(wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND) ||
|
||||
(oce_capa_attr && oce_capa_attr[1] >= 1 &&
|
||||
!(oce_capa_attr[2] & OCE_IS_STA_CFON))) &&
|
||||
wpas_get_ssid_pmf(wpa_s, ssid) !=
|
||||
NO_MGMT_FRAME_PROTECTION) {
|
||||
if (debug_print)
|
||||
wpa_dbg(wpa_s, MSG_DEBUG,
|
||||
" skip RSN IE - no mgmt frame protection enabled on MBO AP");
|
||||
" skip RSN IE - no mgmt frame protection enabled on MBO/OCE AP");
|
||||
break;
|
||||
}
|
||||
#endif /* CONFIG_MBO */
|
||||
|
|
Loading…
Reference in a new issue