jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OCE: Mandate PMF for WPA2 association with OCE AP

Browse source 
An OCE AP with WPA2 enabled shall require PMF negotiation when
associating with an OCE STA. An OCE STA-CFON may negotiate PMF with a
STA when it is operating as an AP. Don't select an OCE AP for connection
if PMF is not enabled.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Ankita Bajaj 2019-07-30 14:35:32 +05:30 committed by Jouni Malinen
parent 84ebc759a0
commit 0028d627c8
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
wpa_supplicant/events.c
View file

@ -540,6 +540,9 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
const u8 *rsn_ie, *wpa_ie; const u8 *rsn_ie, *wpa_ie;
int ret; int ret;
int wep_ok; int wep_ok;
#ifdef CONFIG_MBO
const u8 *oce_capa_attr;
#endif /* CONFIG_MBO */
ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss); ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss);
if (ret >= 0) if (ret >= 0)
@ -631,13 +634,17 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
break; break;
} }
#ifdef CONFIG_MBO #ifdef CONFIG_MBO
oce_capa_attr = wpas_mbo_get_bss_attr(bss,
OCE_ATTR_ID_CAPA_IND);
if (!(ie.capabilities & WPA_CAPABILITY_MFPC) && if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND) && (wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND) ||
(oce_capa_attr && oce_capa_attr[1] >= 1 &&
!(oce_capa_attr[2] & OCE_IS_STA_CFON))) &&
wpas_get_ssid_pmf(wpa_s, ssid) != wpas_get_ssid_pmf(wpa_s, ssid) !=
NO_MGMT_FRAME_PROTECTION) { NO_MGMT_FRAME_PROTECTION) {
if (debug_print) if (debug_print)
wpa_dbg(wpa_s, MSG_DEBUG, wpa_dbg(wpa_s, MSG_DEBUG,
" skip RSN IE - no mgmt frame protection enabled on MBO AP"); " skip RSN IE - no mgmt frame protection enabled on MBO/OCE AP");
break; break;
} }
#endif /* CONFIG_MBO */ #endif /* CONFIG_MBO */