HS 2.0: Include HS 2.0 Indication element only for HS 2.0 association

The Hotspot 2.0 specification seems to mandate this element to be
included in all (Re)Association Request frames if the station is Hotspot
2.0 capable. However, that results in conflicts with other requirements
like no TKIP use when this element is present. The design is really
supposed to include the indication element only for Hotspot 2.0
associations regardless of what the current specification implies.
Remove the HS 2.0 Indication element from (Re)Association Request frame
whenever the connection is not for Hotspot 2.0 purposes.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index 14042419bebd75e4b20c819781f427b7fbdfd1aa..4048cf76ee7b19a4dc7ab535c4118ce381aaccda 100644 (file)
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c
@@ -33,6 +33,35 @@ void wpas_hs20_add_indication(struct wpabuf *buf)
 }
 
 
+int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
+                   struct wpa_bss *bss)
+{
+       if (!wpa_s->conf->hs20 || !ssid)
+               return 0;
+
+       if (ssid->parent_cred)
+               return 1;
+
+       if (bss && !wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE))
+               return 0;
+
+       /*
+        * This may catch some non-Hotspot 2.0 cases, but it is safer to do that
+        * than cause Hotspot 2.0 connections without indication element getting
+        * added. Non-Hotspot 2.0 APs should ignore the unknown vendor element.
+        */
+
+       if (!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X))
+               return 0;
+       if (!(ssid->pairwise_cipher & WPA_CIPHER_CCMP))
+               return 0;
+       if (ssid->proto != WPA_PROTO_RSN)
+               return 0;
+
+       return 1;
+}
+
+
 struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload,
                                    size_t payload_len)
 {

diff --git a/wpa_supplicant/hs20_supplicant.h b/wpa_supplicant/hs20_supplicant.h
index 6eb3926d34f8ec2fa89491a7457d5b7779898634..1c8481bf8b6421f21912b1c81851d37cf087eebf 100644 (file)
--- a/wpa_supplicant/hs20_supplicant.h
+++ b/wpa_supplicant/hs20_supplicant.h
@@ -16,5 +16,7 @@ struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload,
                                    size_t payload_len);
 void hs20_parse_rx_hs20_anqp_resp(struct wpa_supplicant *wpa_s,
                                  const u8 *sa, const u8 *data, size_t slen);
+int is_hs20_network(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
+                   struct wpa_bss *bss);
 
 #endif /* HS20_SUPPLICANT_H */

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 982e1249a96b6f4cef9cb8c0b8c3d683b63ecc08..03716280b4ce579e04672b56dd0e4a4652f35f2e 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -353,7 +353,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 #endif /* CONFIG_P2P */
 
 #ifdef CONFIG_HS20
-       if (wpa_s->conf->hs20) {
+       if (is_hs20_network(wpa_s, ssid, bss)) {
                struct wpabuf *hs20;
                hs20 = wpabuf_alloc(20);
                if (hs20) {

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 869fe3f7b7973ada45a878f64bb1dc5b766cb6a7..5d505157120e00f811dad61ec32af9eadb764908 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1466,7 +1466,7 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
 #endif /* CONFIG_P2P */
 
 #ifdef CONFIG_HS20
-       if (wpa_s->conf->hs20) {
+       if (is_hs20_network(wpa_s, ssid, bss)) {
                struct wpabuf *hs20;
                hs20 = wpabuf_alloc(20);
                if (hs20) {