]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth_ie.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Use secondary channel provided by ACS for HT40 if valid
[thirdparty/hostap.git] / src / ap / wpa_auth_ie.c
1 /*
2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "ap_config.h"
15 #include "ieee802_11.h"
16 #include "wpa_auth.h"
17 #include "pmksa_cache_auth.h"
18 #include "wpa_auth_ie.h"
19 #include "wpa_auth_i.h"
20
21
22 #ifdef CONFIG_RSN_TESTING
23 int rsn_testing = 0;
24 #endif /* CONFIG_RSN_TESTING */
25
26
27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
28 {
29 struct wpa_ie_hdr *hdr;
30 int num_suites;
31 u8 *pos, *count;
32 u32 suite;
33
34 hdr = (struct wpa_ie_hdr *) buf;
35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
37 WPA_PUT_LE16(hdr->version, WPA_VERSION);
38 pos = (u8 *) (hdr + 1);
39
40 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
41 if (suite == 0) {
42 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
43 conf->wpa_group);
44 return -1;
45 }
46 RSN_SELECTOR_PUT(pos, suite);
47 pos += WPA_SELECTOR_LEN;
48
49 count = pos;
50 pos += 2;
51
52 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
53 if (num_suites == 0) {
54 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
55 conf->wpa_pairwise);
56 return -1;
57 }
58 pos += num_suites * WPA_SELECTOR_LEN;
59 WPA_PUT_LE16(count, num_suites);
60
61 num_suites = 0;
62 count = pos;
63 pos += 2;
64
65 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
66 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
67 pos += WPA_SELECTOR_LEN;
68 num_suites++;
69 }
70 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
71 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
72 pos += WPA_SELECTOR_LEN;
73 num_suites++;
74 }
75
76 if (num_suites == 0) {
77 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
78 conf->wpa_key_mgmt);
79 return -1;
80 }
81 WPA_PUT_LE16(count, num_suites);
82
83 /* WPA Capabilities; use defaults, so no need to include it */
84
85 hdr->len = (pos - buf) - 2;
86
87 return pos - buf;
88 }
89
90
91 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
92 const u8 *pmkid)
93 {
94 struct rsn_ie_hdr *hdr;
95 int num_suites, res;
96 u8 *pos, *count;
97 u16 capab;
98 u32 suite;
99
100 hdr = (struct rsn_ie_hdr *) buf;
101 hdr->elem_id = WLAN_EID_RSN;
102 WPA_PUT_LE16(hdr->version, RSN_VERSION);
103 pos = (u8 *) (hdr + 1);
104
105 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
106 if (suite == 0) {
107 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
108 conf->wpa_group);
109 return -1;
110 }
111 RSN_SELECTOR_PUT(pos, suite);
112 pos += RSN_SELECTOR_LEN;
113
114 num_suites = 0;
115 count = pos;
116 pos += 2;
117
118 #ifdef CONFIG_RSN_TESTING
119 if (rsn_testing) {
120 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
121 pos += RSN_SELECTOR_LEN;
122 num_suites++;
123 }
124 #endif /* CONFIG_RSN_TESTING */
125
126 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
127 num_suites += res;
128 pos += res * RSN_SELECTOR_LEN;
129
130 #ifdef CONFIG_RSN_TESTING
131 if (rsn_testing) {
132 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
133 pos += RSN_SELECTOR_LEN;
134 num_suites++;
135 }
136 #endif /* CONFIG_RSN_TESTING */
137
138 if (num_suites == 0) {
139 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
140 conf->rsn_pairwise);
141 return -1;
142 }
143 WPA_PUT_LE16(count, num_suites);
144
145 num_suites = 0;
146 count = pos;
147 pos += 2;
148
149 #ifdef CONFIG_RSN_TESTING
150 if (rsn_testing) {
151 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
152 pos += RSN_SELECTOR_LEN;
153 num_suites++;
154 }
155 #endif /* CONFIG_RSN_TESTING */
156
157 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
158 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
159 pos += RSN_SELECTOR_LEN;
160 num_suites++;
161 }
162 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
163 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
164 pos += RSN_SELECTOR_LEN;
165 num_suites++;
166 }
167 #ifdef CONFIG_IEEE80211R_AP
168 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
169 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
170 pos += RSN_SELECTOR_LEN;
171 num_suites++;
172 }
173 #ifdef CONFIG_SHA384
174 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
175 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
176 pos += RSN_SELECTOR_LEN;
177 num_suites++;
178 }
179 #endif /* CONFIG_SHA384 */
180 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
181 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
182 pos += RSN_SELECTOR_LEN;
183 num_suites++;
184 }
185 #endif /* CONFIG_IEEE80211R_AP */
186 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
187 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
188 pos += RSN_SELECTOR_LEN;
189 num_suites++;
190 }
191 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
192 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
193 pos += RSN_SELECTOR_LEN;
194 num_suites++;
195 }
196 #ifdef CONFIG_SAE
197 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
198 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
199 pos += RSN_SELECTOR_LEN;
200 num_suites++;
201 }
202 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
203 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
204 pos += RSN_SELECTOR_LEN;
205 num_suites++;
206 }
207 #endif /* CONFIG_SAE */
208 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
209 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
210 pos += RSN_SELECTOR_LEN;
211 num_suites++;
212 }
213 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
214 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192);
215 pos += RSN_SELECTOR_LEN;
216 num_suites++;
217 }
218 #ifdef CONFIG_FILS
219 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
220 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256);
221 pos += RSN_SELECTOR_LEN;
222 num_suites++;
223 }
224 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
225 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384);
226 pos += RSN_SELECTOR_LEN;
227 num_suites++;
228 }
229 #ifdef CONFIG_IEEE80211R_AP
230 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
231 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
232 pos += RSN_SELECTOR_LEN;
233 num_suites++;
234 }
235 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
236 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
237 pos += RSN_SELECTOR_LEN;
238 num_suites++;
239 }
240 #endif /* CONFIG_IEEE80211R_AP */
241 #endif /* CONFIG_FILS */
242 #ifdef CONFIG_OWE
243 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) {
244 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE);
245 pos += RSN_SELECTOR_LEN;
246 num_suites++;
247 }
248 #endif /* CONFIG_OWE */
249 #ifdef CONFIG_DPP
250 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) {
251 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
252 pos += RSN_SELECTOR_LEN;
253 num_suites++;
254 }
255 #endif /* CONFIG_DPP */
256 #ifdef CONFIG_HS20
257 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OSEN) {
258 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
259 pos += RSN_SELECTOR_LEN;
260 num_suites++;
261 }
262 #endif /* CONFIG_HS20 */
263
264 #ifdef CONFIG_RSN_TESTING
265 if (rsn_testing) {
266 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
267 pos += RSN_SELECTOR_LEN;
268 num_suites++;
269 }
270 #endif /* CONFIG_RSN_TESTING */
271
272 if (num_suites == 0) {
273 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
274 conf->wpa_key_mgmt);
275 return -1;
276 }
277 WPA_PUT_LE16(count, num_suites);
278
279 /* RSN Capabilities */
280 capab = 0;
281 if (conf->rsn_preauth)
282 capab |= WPA_CAPABILITY_PREAUTH;
283 if (conf->wmm_enabled) {
284 /* 4 PTKSA replay counters when using WMM */
285 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
286 }
287 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
288 capab |= WPA_CAPABILITY_MFPC;
289 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
290 capab |= WPA_CAPABILITY_MFPR;
291 }
292 #ifdef CONFIG_OCV
293 if (conf->ocv)
294 capab |= WPA_CAPABILITY_OCVC;
295 #endif /* CONFIG_OCV */
296 #ifdef CONFIG_RSN_TESTING
297 if (rsn_testing)
298 capab |= BIT(8) | BIT(15);
299 #endif /* CONFIG_RSN_TESTING */
300 WPA_PUT_LE16(pos, capab);
301 pos += 2;
302
303 if (pmkid) {
304 if (2 + PMKID_LEN > buf + len - pos)
305 return -1;
306 /* PMKID Count */
307 WPA_PUT_LE16(pos, 1);
308 pos += 2;
309 os_memcpy(pos, pmkid, PMKID_LEN);
310 pos += PMKID_LEN;
311 }
312
313 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION &&
314 conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
315 if (2 + 4 > buf + len - pos)
316 return -1;
317 if (pmkid == NULL) {
318 /* PMKID Count */
319 WPA_PUT_LE16(pos, 0);
320 pos += 2;
321 }
322
323 /* Management Group Cipher Suite */
324 switch (conf->group_mgmt_cipher) {
325 case WPA_CIPHER_AES_128_CMAC:
326 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
327 break;
328 case WPA_CIPHER_BIP_GMAC_128:
329 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
330 break;
331 case WPA_CIPHER_BIP_GMAC_256:
332 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
333 break;
334 case WPA_CIPHER_BIP_CMAC_256:
335 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
336 break;
337 default:
338 wpa_printf(MSG_DEBUG,
339 "Invalid group management cipher (0x%x)",
340 conf->group_mgmt_cipher);
341 return -1;
342 }
343 pos += RSN_SELECTOR_LEN;
344 }
345
346 #ifdef CONFIG_RSN_TESTING
347 if (rsn_testing) {
348 /*
349 * Fill in any defined fields and add extra data to the end of
350 * the element.
351 */
352 int pmkid_count_set = pmkid != NULL;
353 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
354 pmkid_count_set = 1;
355 /* PMKID Count */
356 WPA_PUT_LE16(pos, 0);
357 pos += 2;
358 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
359 /* Management Group Cipher Suite */
360 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
361 pos += RSN_SELECTOR_LEN;
362 }
363
364 os_memset(pos, 0x12, 17);
365 pos += 17;
366 }
367 #endif /* CONFIG_RSN_TESTING */
368
369 hdr->len = (pos - buf) - 2;
370
371 return pos - buf;
372 }
373
374
375 int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len)
376 {
377 u8 *pos = buf;
378
379 if (conf->sae_pwe != 1 && conf->sae_pwe != 2)
380 return 0; /* no supported extended RSN capabilities */
381
382 if (len < 3)
383 return -1;
384
385 *pos++ = WLAN_EID_RSNX;
386 *pos++ = 1;
387 /* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is
388 * used for now */
389 *pos++ = BIT(WLAN_RSNX_CAPAB_SAE_H2E);
390
391 return pos - buf;
392 }
393
394
395 static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid)
396 {
397 u8 *len;
398 u16 capab;
399
400 *eid++ = WLAN_EID_VENDOR_SPECIFIC;
401 len = eid++; /* to be filled */
402 WPA_PUT_BE24(eid, OUI_WFA);
403 eid += 3;
404 *eid++ = HS20_OSEN_OUI_TYPE;
405
406 /* Group Data Cipher Suite */
407 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
408 eid += RSN_SELECTOR_LEN;
409
410 /* Pairwise Cipher Suite Count and List */
411 WPA_PUT_LE16(eid, 1);
412 eid += 2;
413 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
414 eid += RSN_SELECTOR_LEN;
415
416 /* AKM Suite Count and List */
417 WPA_PUT_LE16(eid, 1);
418 eid += 2;
419 RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
420 eid += RSN_SELECTOR_LEN;
421
422 /* RSN Capabilities */
423 capab = 0;
424 if (conf->wmm_enabled) {
425 /* 4 PTKSA replay counters when using WMM */
426 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
427 }
428 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
429 capab |= WPA_CAPABILITY_MFPC;
430 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
431 capab |= WPA_CAPABILITY_MFPR;
432 }
433 #ifdef CONFIG_OCV
434 if (conf->ocv)
435 capab |= WPA_CAPABILITY_OCVC;
436 #endif /* CONFIG_OCV */
437 WPA_PUT_LE16(eid, capab);
438 eid += 2;
439
440 *len = eid - len - 1;
441
442 return eid;
443 }
444
445
446 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
447 {
448 u8 *pos, buf[128];
449 int res;
450
451 #ifdef CONFIG_TESTING_OPTIONS
452 if (wpa_auth->conf.own_ie_override_len) {
453 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
454 wpa_auth->conf.own_ie_override,
455 wpa_auth->conf.own_ie_override_len);
456 os_free(wpa_auth->wpa_ie);
457 wpa_auth->wpa_ie =
458 os_malloc(wpa_auth->conf.own_ie_override_len);
459 if (wpa_auth->wpa_ie == NULL)
460 return -1;
461 os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override,
462 wpa_auth->conf.own_ie_override_len);
463 wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len;
464 return 0;
465 }
466 #endif /* CONFIG_TESTING_OPTIONS */
467
468 pos = buf;
469
470 if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
471 pos = wpa_write_osen(&wpa_auth->conf, pos);
472 }
473 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
474 res = wpa_write_rsn_ie(&wpa_auth->conf,
475 pos, buf + sizeof(buf) - pos, NULL);
476 if (res < 0)
477 return res;
478 pos += res;
479 res = wpa_write_rsnxe(&wpa_auth->conf, pos,
480 buf + sizeof(buf) - pos);
481 if (res < 0)
482 return res;
483 pos += res;
484 }
485 #ifdef CONFIG_IEEE80211R_AP
486 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
487 res = wpa_write_mdie(&wpa_auth->conf, pos,
488 buf + sizeof(buf) - pos);
489 if (res < 0)
490 return res;
491 pos += res;
492 }
493 #endif /* CONFIG_IEEE80211R_AP */
494 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
495 res = wpa_write_wpa_ie(&wpa_auth->conf,
496 pos, buf + sizeof(buf) - pos);
497 if (res < 0)
498 return res;
499 pos += res;
500 }
501
502 os_free(wpa_auth->wpa_ie);
503 wpa_auth->wpa_ie = os_malloc(pos - buf);
504 if (wpa_auth->wpa_ie == NULL)
505 return -1;
506 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
507 wpa_auth->wpa_ie_len = pos - buf;
508
509 return 0;
510 }
511
512
513 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
514 const u8 *data2, size_t data2_len)
515 {
516 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
517 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
518 RSN_SELECTOR_PUT(pos, kde);
519 pos += RSN_SELECTOR_LEN;
520 os_memcpy(pos, data, data_len);
521 pos += data_len;
522 if (data2) {
523 os_memcpy(pos, data2, data2_len);
524 pos += data2_len;
525 }
526 return pos;
527 }
528
529
530 struct wpa_auth_okc_iter_data {
531 struct rsn_pmksa_cache_entry *pmksa;
532 const u8 *aa;
533 const u8 *spa;
534 const u8 *pmkid;
535 };
536
537
538 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
539 {
540 struct wpa_auth_okc_iter_data *data = ctx;
541 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
542 data->pmkid);
543 if (data->pmksa)
544 return 1;
545 return 0;
546 }
547
548
549 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
550 struct wpa_state_machine *sm, int freq,
551 const u8 *wpa_ie, size_t wpa_ie_len,
552 const u8 *rsnxe, size_t rsnxe_len,
553 const u8 *mdie, size_t mdie_len,
554 const u8 *owe_dh, size_t owe_dh_len)
555 {
556 struct wpa_ie_data data;
557 int ciphers, key_mgmt, res, version;
558 u32 selector;
559 size_t i;
560 const u8 *pmkid = NULL;
561
562 if (wpa_auth == NULL || sm == NULL)
563 return WPA_NOT_ENABLED;
564
565 if (wpa_ie == NULL || wpa_ie_len < 1)
566 return WPA_INVALID_IE;
567
568 if (wpa_ie[0] == WLAN_EID_RSN)
569 version = WPA_PROTO_RSN;
570 else
571 version = WPA_PROTO_WPA;
572
573 if (!(wpa_auth->conf.wpa & version)) {
574 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
575 version, MAC2STR(sm->addr));
576 return WPA_INVALID_PROTO;
577 }
578
579 if (version == WPA_PROTO_RSN) {
580 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
581 if (!data.has_pairwise)
582 data.pairwise_cipher = wpa_default_rsn_cipher(freq);
583 if (!data.has_group)
584 data.group_cipher = wpa_default_rsn_cipher(freq);
585
586 if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
587 !wpa_key_mgmt_only_ft(data.key_mgmt)) {
588 /* Workaround for some HP and Epson printers that seem
589 * to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
590 * advertised RSNE to Association Request frame. */
591 wpa_printf(MSG_DEBUG,
592 "RSN: FT set in RSNE AKM but MDE is missing from "
593 MACSTR
594 " - ignore FT AKM(s) because there's also a non-FT AKM",
595 MAC2STR(sm->addr));
596 data.key_mgmt &= ~WPA_KEY_MGMT_FT;
597 }
598
599 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
600 if (0) {
601 }
602 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
603 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
604 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
605 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
606 #ifdef CONFIG_FILS
607 #ifdef CONFIG_IEEE80211R_AP
608 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
609 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
610 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
611 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
612 #endif /* CONFIG_IEEE80211R_AP */
613 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
614 selector = RSN_AUTH_KEY_MGMT_FILS_SHA384;
615 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
616 selector = RSN_AUTH_KEY_MGMT_FILS_SHA256;
617 #endif /* CONFIG_FILS */
618 #ifdef CONFIG_IEEE80211R_AP
619 #ifdef CONFIG_SHA384
620 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
621 selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
622 #endif /* CONFIG_SHA384 */
623 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
624 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
625 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
626 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
627 #endif /* CONFIG_IEEE80211R_AP */
628 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
629 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
630 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
631 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
632 #ifdef CONFIG_SAE
633 else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
634 selector = RSN_AUTH_KEY_MGMT_SAE;
635 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
636 selector = RSN_AUTH_KEY_MGMT_FT_SAE;
637 #endif /* CONFIG_SAE */
638 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
639 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
640 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
641 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
642 #ifdef CONFIG_OWE
643 else if (data.key_mgmt & WPA_KEY_MGMT_OWE)
644 selector = RSN_AUTH_KEY_MGMT_OWE;
645 #endif /* CONFIG_OWE */
646 #ifdef CONFIG_DPP
647 else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
648 selector = RSN_AUTH_KEY_MGMT_DPP;
649 #endif /* CONFIG_DPP */
650 #ifdef CONFIG_HS20
651 else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
652 selector = RSN_AUTH_KEY_MGMT_OSEN;
653 #endif /* CONFIG_HS20 */
654 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
655
656 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
657 data.pairwise_cipher);
658 if (!selector)
659 selector = RSN_CIPHER_SUITE_CCMP;
660 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
661
662 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
663 data.group_cipher);
664 if (!selector)
665 selector = RSN_CIPHER_SUITE_CCMP;
666 wpa_auth->dot11RSNAGroupCipherSelected = selector;
667 } else {
668 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
669
670 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
671 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
672 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
673 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
674 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
675 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
676
677 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
678 data.pairwise_cipher);
679 if (!selector)
680 selector = RSN_CIPHER_SUITE_TKIP;
681 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
682
683 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
684 data.group_cipher);
685 if (!selector)
686 selector = WPA_CIPHER_SUITE_TKIP;
687 wpa_auth->dot11RSNAGroupCipherSelected = selector;
688 }
689 if (res) {
690 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
691 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
692 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
693 return WPA_INVALID_IE;
694 }
695
696 if (data.group_cipher != wpa_auth->conf.wpa_group) {
697 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
698 MACSTR, data.group_cipher, MAC2STR(sm->addr));
699 return WPA_INVALID_GROUP;
700 }
701
702 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
703 if (!key_mgmt) {
704 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
705 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
706 return WPA_INVALID_AKMP;
707 }
708 if (0) {
709 }
710 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
711 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
712 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
713 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
714 #ifdef CONFIG_FILS
715 #ifdef CONFIG_IEEE80211R_AP
716 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
717 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
718 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
719 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
720 #endif /* CONFIG_IEEE80211R_AP */
721 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
722 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
723 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
724 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
725 #endif /* CONFIG_FILS */
726 #ifdef CONFIG_IEEE80211R_AP
727 #ifdef CONFIG_SHA384
728 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
729 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
730 #endif /* CONFIG_SHA384 */
731 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
732 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
733 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
734 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
735 #endif /* CONFIG_IEEE80211R_AP */
736 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
737 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
738 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
739 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
740 #ifdef CONFIG_SAE
741 else if (key_mgmt & WPA_KEY_MGMT_SAE)
742 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
743 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
744 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
745 #endif /* CONFIG_SAE */
746 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
747 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
748 #ifdef CONFIG_OWE
749 else if (key_mgmt & WPA_KEY_MGMT_OWE)
750 sm->wpa_key_mgmt = WPA_KEY_MGMT_OWE;
751 #endif /* CONFIG_OWE */
752 #ifdef CONFIG_DPP
753 else if (key_mgmt & WPA_KEY_MGMT_DPP)
754 sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
755 #endif /* CONFIG_DPP */
756 #ifdef CONFIG_HS20
757 else if (key_mgmt & WPA_KEY_MGMT_OSEN)
758 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
759 #endif /* CONFIG_HS20 */
760 else
761 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
762
763 if (version == WPA_PROTO_RSN)
764 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
765 else
766 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
767 if (!ciphers) {
768 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
769 "from " MACSTR,
770 version == WPA_PROTO_RSN ? "RSN" : "WPA",
771 data.pairwise_cipher, MAC2STR(sm->addr));
772 return WPA_INVALID_PAIRWISE;
773 }
774
775 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
776 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
777 wpa_printf(MSG_DEBUG, "Management frame protection "
778 "required, but client did not enable it");
779 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
780 }
781
782 if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
783 {
784 wpa_printf(MSG_DEBUG, "Unsupported management group "
785 "cipher %d", data.mgmt_group_cipher);
786 return WPA_INVALID_MGMT_GROUP_CIPHER;
787 }
788 }
789
790 #ifdef CONFIG_SAE
791 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
792 wpa_auth->conf.sae_require_mfp &&
793 wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
794 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
795 wpa_printf(MSG_DEBUG,
796 "Management frame protection required with SAE, but client did not enable it");
797 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
798 }
799 #endif /* CONFIG_SAE */
800
801 #ifdef CONFIG_OCV
802 if ((data.capabilities & WPA_CAPABILITY_OCVC) &&
803 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
804 wpa_printf(MSG_DEBUG,
805 "Management frame protection required with OCV, but client did not enable it");
806 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
807 }
808 wpa_auth_set_ocv(sm, wpa_auth->conf.ocv &&
809 (data.capabilities & WPA_CAPABILITY_OCVC));
810 #endif /* CONFIG_OCV */
811
812 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
813 !(data.capabilities & WPA_CAPABILITY_MFPC))
814 sm->mgmt_frame_prot = 0;
815 else
816 sm->mgmt_frame_prot = 1;
817
818 if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
819 wpa_printf(MSG_DEBUG,
820 "Management frame protection cannot use TKIP");
821 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
822 }
823
824 #ifdef CONFIG_IEEE80211R_AP
825 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
826 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
827 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
828 "MDIE not included");
829 return WPA_INVALID_MDIE;
830 }
831 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
832 MOBILITY_DOMAIN_ID_LEN) != 0) {
833 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
834 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
835 return WPA_INVALID_MDIE;
836 }
837 } else if (mdie != NULL) {
838 wpa_printf(MSG_DEBUG,
839 "RSN: Trying to use non-FT AKM suite, but MDIE included");
840 return WPA_INVALID_AKMP;
841 }
842 #endif /* CONFIG_IEEE80211R_AP */
843
844 #ifdef CONFIG_OWE
845 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && !owe_dh) {
846 wpa_printf(MSG_DEBUG,
847 "OWE: No Diffie-Hellman Parameter element");
848 return WPA_INVALID_AKMP;
849 }
850 #ifdef CONFIG_DPP
851 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && owe_dh) {
852 /* Diffie-Hellman Parameter element can be used with DPP as
853 * well, so allow this to proceed. */
854 } else
855 #endif /* CONFIG_DPP */
856 if (sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE && owe_dh) {
857 wpa_printf(MSG_DEBUG,
858 "OWE: Unexpected Diffie-Hellman Parameter element with non-OWE AKM");
859 return WPA_INVALID_AKMP;
860 }
861 #endif /* CONFIG_OWE */
862
863 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
864 if (sm->pairwise < 0)
865 return WPA_INVALID_PAIRWISE;
866
867 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
868 if (wpa_ie[0] == WLAN_EID_RSN)
869 sm->wpa = WPA_VERSION_WPA2;
870 else
871 sm->wpa = WPA_VERSION_WPA;
872
873 #if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
874 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||
875 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) &&
876 (sm->auth_alg == WLAN_AUTH_FILS_SK ||
877 sm->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
878 sm->auth_alg == WLAN_AUTH_FILS_PK) &&
879 (data.num_pmkid != 1 || !data.pmkid || !sm->pmk_r1_name_valid ||
880 os_memcmp_const(data.pmkid, sm->pmk_r1_name,
881 WPA_PMK_NAME_LEN) != 0)) {
882 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
883 "No PMKR1Name match for FILS+FT");
884 return WPA_INVALID_PMKID;
885 }
886 #endif /* CONFIG_IEEE80211R_AP && CONFIG_FILS */
887
888 sm->pmksa = NULL;
889 for (i = 0; i < data.num_pmkid; i++) {
890 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
891 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
892 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
893 &data.pmkid[i * PMKID_LEN]);
894 if (sm->pmksa) {
895 pmkid = sm->pmksa->pmkid;
896 break;
897 }
898 }
899 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
900 i < data.num_pmkid; i++) {
901 struct wpa_auth_okc_iter_data idata;
902 idata.pmksa = NULL;
903 idata.aa = wpa_auth->addr;
904 idata.spa = sm->addr;
905 idata.pmkid = &data.pmkid[i * PMKID_LEN];
906 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
907 if (idata.pmksa) {
908 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
909 "OKC match for PMKID");
910 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
911 idata.pmksa,
912 wpa_auth->addr,
913 idata.pmkid);
914 pmkid = idata.pmkid;
915 break;
916 }
917 }
918 if (sm->pmksa && pmkid) {
919 struct vlan_description *vlan;
920
921 vlan = sm->pmksa->vlan_desc;
922 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
923 "PMKID found from PMKSA cache eap_type=%d vlan=%d%s",
924 sm->pmksa->eap_type_authsrv,
925 vlan ? vlan->untagged : 0,
926 (vlan && vlan->tagged[0]) ? "+" : "");
927 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
928 }
929
930 #ifdef CONFIG_SAE
931 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
932 !sm->pmksa) {
933 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
934 "No PMKSA cache entry found for SAE");
935 return WPA_INVALID_PMKID;
936 }
937 #endif /* CONFIG_SAE */
938
939 #ifdef CONFIG_DPP
940 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) {
941 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
942 "No PMKSA cache entry found for DPP");
943 return WPA_INVALID_PMKID;
944 }
945 #endif /* CONFIG_DPP */
946
947 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
948 os_free(sm->wpa_ie);
949 sm->wpa_ie = os_malloc(wpa_ie_len);
950 if (sm->wpa_ie == NULL)
951 return WPA_ALLOC_FAIL;
952 }
953 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
954 sm->wpa_ie_len = wpa_ie_len;
955
956 if (rsnxe && rsnxe_len) {
957 if (!sm->rsnxe || sm->rsnxe_len < rsnxe_len) {
958 os_free(sm->rsnxe);
959 sm->rsnxe = os_malloc(rsnxe_len);
960 if (!sm->rsnxe)
961 return WPA_ALLOC_FAIL;
962 }
963 os_memcpy(sm->rsnxe, rsnxe, rsnxe_len);
964 sm->rsnxe_len = rsnxe_len;
965 } else {
966 os_free(sm->rsnxe);
967 sm->rsnxe = NULL;
968 sm->rsnxe_len = 0;
969 }
970
971 return WPA_IE_OK;
972 }
973
974
975 #ifdef CONFIG_HS20
976 int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
977 struct wpa_state_machine *sm,
978 const u8 *osen_ie, size_t osen_ie_len)
979 {
980 if (wpa_auth == NULL || sm == NULL)
981 return -1;
982
983 /* TODO: parse OSEN element */
984 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
985 sm->mgmt_frame_prot = 1;
986 sm->pairwise = WPA_CIPHER_CCMP;
987 sm->wpa = WPA_VERSION_WPA2;
988
989 if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) {
990 os_free(sm->wpa_ie);
991 sm->wpa_ie = os_malloc(osen_ie_len);
992 if (sm->wpa_ie == NULL)
993 return -1;
994 }
995
996 os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len);
997 sm->wpa_ie_len = osen_ie_len;
998
999 return 0;
1000 }
1001
1002 #endif /* CONFIG_HS20 */
1003
1004
1005 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
1006 {
1007 return sm ? sm->mgmt_frame_prot : 0;
1008 }
1009
1010
1011 #ifdef CONFIG_OCV
1012
1013 void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv)
1014 {
1015 if (sm)
1016 sm->ocv_enabled = ocv;
1017 }
1018
1019
1020 int wpa_auth_uses_ocv(struct wpa_state_machine *sm)
1021 {
1022 return sm ? sm->ocv_enabled : 0;
1023 }
1024
1025 #endif /* CONFIG_OCV */
1026
1027
1028 #ifdef CONFIG_OWE
1029 u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
1030 u8 *pos, size_t max_len,
1031 const u8 *req_ies, size_t req_ies_len)
1032 {
1033 int res;
1034 struct wpa_auth_config *conf;
1035
1036 if (!sm)
1037 return pos;
1038 conf = &sm->wpa_auth->conf;
1039
1040 #ifdef CONFIG_TESTING_OPTIONS
1041 if (conf->own_ie_override_len) {
1042 if (max_len < conf->own_ie_override_len)
1043 return NULL;
1044 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
1045 conf->own_ie_override, conf->own_ie_override_len);
1046 os_memcpy(pos, conf->own_ie_override,
1047 conf->own_ie_override_len);
1048 return pos + conf->own_ie_override_len;
1049 }
1050 #endif /* CONFIG_TESTING_OPTIONS */
1051
1052 res = wpa_write_rsn_ie(conf, pos, max_len,
1053 sm->pmksa ? sm->pmksa->pmkid : NULL);
1054 if (res < 0)
1055 return pos;
1056 return pos + res;
1057 }
1058 #endif /* CONFIG_OWE */
1059
1060
1061 #ifdef CONFIG_FILS
1062 u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm,
1063 u8 *pos, size_t max_len,
1064 const u8 *req_ies, size_t req_ies_len)
1065 {
1066 int res;
1067
1068 if (!sm ||
1069 sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
1070 WPA_KEY_MGMT_FT_FILS_SHA384))
1071 return pos;
1072
1073 res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
1074 if (res < 0)
1075 return pos;
1076 return pos + res;
1077 }
1078 #endif /* CONFIG_FILS */
Unnamed repository; edit this file 'description' to name the repository.