FT: Update key mgmt properly in RSNE during roaming

When STA is performing roam from WPA3 AP to WPA2 AP, the STA was
including key mgmt FT-SAE instead of FT-PSK in FT Authentication request
RSNE when using driver-based SME. This is because the RSNE/MDE/FTE were
updated and forwarded to the driver using the NL80211_CMD_UPDATE_FT_IES
command before updating key mgmt properly. Because of this, the AP is
rejecting FT Authentication request with WLAN_REASON_UNSPECIFIED reason
code which is due to the invalid keymgmt in RSNE.

Fix this by reordering IE population to happen earlier in the sequence
so that the updated key mgmt information can be provided when using
NL80211_CMD_UPDATE_FT_IES.

Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
This commit is contained in:
Shiva Sankar Gajula 2021-01-13 16:14:03 +05:30 committed by Jouni Malinen
parent 694722516e
commit 71718b628b

View file

@ -3487,6 +3487,20 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
os_memset(&params, 0, sizeof(params));
wpa_s->reassociate = 0;
wpa_s->eap_expected_failure = 0;
/* Starting new association, so clear the possibly used WPA IE from the
* previous association. */
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
wpa_s->rsnxe_len = 0;
wpa_s->mscs_setup_done = false;
wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
if (!wpa_ie) {
wpas_connect_work_done(wpa_s);
return;
}
if (bss &&
(!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
#ifdef CONFIG_IEEE80211R
@ -3535,19 +3549,6 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
wpa_supplicant_cancel_scan(wpa_s);
/* Starting new association, so clear the possibly used WPA IE from the
* previous association. */
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
wpa_s->rsnxe_len = 0;
wpa_s->mscs_setup_done = false;
wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
if (!wpa_ie) {
wpas_connect_work_done(wpa_s);
return;
}
wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
use_crypt = 1;
cipher_pairwise = wpa_s->pairwise_cipher;