From 0028d627c89e01094a087a820fea6060a757e6fd Mon Sep 17 00:00:00 2001 From: Ankita Bajaj Date: Tue, 30 Jul 2019 14:35:32 +0530 Subject: [PATCH] OCE: Mandate PMF for WPA2 association with OCE AP An OCE AP with WPA2 enabled shall require PMF negotiation when associating with an OCE STA. An OCE STA-CFON may negotiate PMF with a STA when it is operating as an AP. Don't select an OCE AP for connection if PMF is not enabled. Signed-off-by: Jouni Malinen --- wpa_supplicant/events.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 89c9452f7..7ba4345b6 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -540,6 +540,9 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, const u8 *rsn_ie, *wpa_ie; int ret; int wep_ok; +#ifdef CONFIG_MBO + const u8 *oce_capa_attr; +#endif /* CONFIG_MBO */ ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss); if (ret >= 0) @@ -631,13 +634,17 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, break; } #ifdef CONFIG_MBO + oce_capa_attr = wpas_mbo_get_bss_attr(bss, + OCE_ATTR_ID_CAPA_IND); if (!(ie.capabilities & WPA_CAPABILITY_MFPC) && - wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND) && + (wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND) || + (oce_capa_attr && oce_capa_attr[1] >= 1 && + !(oce_capa_attr[2] & OCE_IS_STA_CFON))) && wpas_get_ssid_pmf(wpa_s, ssid) != NO_MGMT_FRAME_PROTECTION) { if (debug_print) wpa_dbg(wpa_s, MSG_DEBUG, - " skip RSN IE - no mgmt frame protection enabled on MBO AP"); + " skip RSN IE - no mgmt frame protection enabled on MBO/OCE AP"); break; } #endif /* CONFIG_MBO */