From af3e362fa760326077d319ba32b64d6ecaebe0ed Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 2 Apr 2017 13:22:52 +0300 Subject: [PATCH] FILS: Add MDE into Authentication frame for FILS+FT When using FILS for FT initial mobility domain association, add MDE to the Authentication frame from the STA to indicate this special case for FILS authentication. Signed-off-by: Jouni Malinen --- src/rsn_supp/wpa.c | 14 +++++++++++--- src/rsn_supp/wpa.h | 2 +- wpa_supplicant/sme.c | 13 +++++++++---- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index c6563fabc..8bd553803 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -3268,7 +3268,7 @@ void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf) #ifdef CONFIG_FILS -struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group) +struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md) { struct wpabuf *buf = NULL; struct wpabuf *erp_msg; @@ -3348,8 +3348,16 @@ struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group) sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len); - /* TODO: MDE when using FILS for FT initial association */ - /* TODO: FTE when using FILS for FT initial association */ + if (md) { + /* MDE when using FILS for FT initial association */ + struct rsn_mdie *mdie; + + wpabuf_put_u8(buf, WLAN_EID_MOBILITY_DOMAIN); + wpabuf_put_u8(buf, sizeof(*mdie)); + mdie = wpabuf_put(buf, sizeof(*mdie)); + os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN); + mdie->ft_capab = 0; + } /* FILS Nonce */ wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */ diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index cd9f56dca..0c9691dd6 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -435,7 +435,7 @@ extern unsigned int tdls_testing; int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf); void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf); -struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group); +struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md); int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data, size_t len); struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek, diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index 046a2db84..7c097e4e7 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -208,9 +208,9 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, #ifdef CONFIG_IEEE80211R const u8 *ie; #endif /* CONFIG_IEEE80211R */ -#ifdef CONFIG_IEEE80211R +#if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS) const u8 *md = NULL; -#endif /* CONFIG_IEEE80211R */ +#endif /* CONFIG_IEEE80211R || CONFIG_FILS */ int i, bssid_changed; struct wpabuf *resp = NULL; u8 ext_capab[18]; @@ -373,7 +373,12 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, wpa_ft_prepare_auth_request(wpa_s->wpa, ie); } - if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) { + if (md && !wpa_key_mgmt_ft(ssid->key_mgmt)) + md = NULL; + if (md) { + wpa_dbg(wpa_s, MSG_DEBUG, "SME: FT mobility domain %02x%02x", + md[0], md[1]); + if (wpa_s->sme.assoc_req_ie_len + 5 < sizeof(wpa_s->sme.assoc_req_ie)) { struct rsn_mdie *mdie; @@ -594,7 +599,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, 0) wpa_printf(MSG_DEBUG, "SME: Try to use FILS with PMKSA caching"); - resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group); + resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group, md); if (resp) { int auth_alg;