FILS: Check FILS Indication element against local network profile
Do not try to use FILS authentication unless the AP indicates support for the type the local network profile enforces. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
		
							parent
							
								
									1c243e402b
								
							
						
					
					
						commit
						6498351670
					
				
					 1 changed files with 32 additions and 0 deletions
				
			
		|  | @ -557,6 +557,37 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, | |||
| 	 * networks). */ | ||||
| 	if (params.auth_alg == WPA_AUTH_ALG_OPEN && | ||||
| 	    wpa_key_mgmt_fils(ssid->key_mgmt)) { | ||||
| 		const u8 *indic; | ||||
| 		u16 fils_info; | ||||
| 
 | ||||
| 		/*
 | ||||
| 		 * Check FILS Indication element (FILS Information field) bits | ||||
| 		 * indicating supported authentication algorithms against local | ||||
| 		 * configuration (ssid->fils_dh_group). Try to use FILS | ||||
| 		 * authentication only if the AP supports the combination in the | ||||
| 		 * network profile. */ | ||||
| 		indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION); | ||||
| 		if (!indic || indic[1] < 2) { | ||||
| 			wpa_printf(MSG_DEBUG, "SME: " MACSTR | ||||
| 				   " does not include FILS Indication element - cannot use FILS authentication with it", | ||||
| 				   MAC2STR(bss->bssid)); | ||||
| 			goto no_fils; | ||||
| 		} | ||||
| 
 | ||||
| 		fils_info = WPA_GET_LE16(indic + 2); | ||||
| 		if (ssid->fils_dh_group == 0 && !(fils_info & BIT(9))) { | ||||
| 			wpa_printf(MSG_DEBUG, "SME: " MACSTR | ||||
| 				   " does not support FILS SK without PFS - cannot use FILS authentication with it", | ||||
| 				   MAC2STR(bss->bssid)); | ||||
| 			goto no_fils; | ||||
| 		} | ||||
| 		if (ssid->fils_dh_group != 0 && !(fils_info & BIT(10))) { | ||||
| 			wpa_printf(MSG_DEBUG, "SME: " MACSTR | ||||
| 				   " does not support FILS SK with PFS - cannot use FILS authentication with it", | ||||
| 				   MAC2STR(bss->bssid)); | ||||
| 			goto no_fils; | ||||
| 		} | ||||
| 
 | ||||
| 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, | ||||
| 					    ssid, 0, | ||||
| 					    wpa_bss_get_fils_cache_id(bss)) == | ||||
|  | @ -582,6 +613,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, | |||
| 			wpa_s->sme.auth_alg = auth_alg; | ||||
| 		} | ||||
| 	} | ||||
| no_fils: | ||||
| #endif /* CONFIG_FILS */ | ||||
| 
 | ||||
| 	wpa_supplicant_cancel_sched_scan(wpa_s); | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue
	
	 Jouni Malinen
						Jouni Malinen