FILS: Add FTE into FILS Authentication frame from AP when using FILS+FT

MDE was already added with RSNE, but FTE needed to be added to the FILS Authentication frame for the FT initial mobility domain association using FILS authentication case. Signed-off-by: Jouni Malinen <j@w1.fi>
7 years ago · 5db997e343
parent af3e362fa7
commit 5db997e343
3 changed files with 30 additions and 5 deletions
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@ -1140,9 +1140,6 @@ static void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
 	if (resp != WLAN_STATUS_SUCCESS)
 		goto fail;

-	/* TODO: MDE when using FILS+FT */
-	/* TODO: FTE when using FILS+FT */
-
 	if (!elems.fils_nonce) {
 		wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
 		resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
@ -1305,8 +1302,22 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
 	/* RSNE */
 	wpabuf_put_data(data, ie, ielen);

-	/* TODO: MDE when using FILS+FT */
-	/* TODO: FTE when using FILS+FT */
+	/* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
+
+#ifdef CONFIG_IEEE80211R_AP
+	if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
+		/* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
+		int res;
+
+		res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
+					 wpabuf_tailroom(data));
+		if (res < 0) {
+			resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			goto fail;
+		}
+		wpabuf_put(data, res);
+	}
+#endif /* CONFIG_IEEE80211R_AP */

 	/* FILS Nonce */
 	wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@ -4272,4 +4272,16 @@ wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
 	return idata.pmksa;
 }

+
+#ifdef CONFIG_IEEE80211R_AP
+int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len)
+{
+	struct wpa_auth_config *conf = &wpa_auth->conf;
+
+	return wpa_write_ftie(conf, conf->r0_key_holder,
+			      conf->r0_key_holder_len,
+			      NULL, NULL, buf, len, NULL, 0);
+}
+#endif /* CONFIG_IEEE80211R_AP */
+
 #endif /* CONFIG_FILS */
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@ -375,4 +375,6 @@ int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf,
 		       const struct wpabuf *hlp);
 int fils_set_tk(struct wpa_state_machine *sm);

+int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len);
+
 #endif /* WPA_AUTH_H */