FILS: Add FTE into FILS Authentication frame from AP when using FILS+FT

MDE was already added with RSNE, but FTE needed to be added to the FILS
Authentication frame for the FT initial mobility domain association
using FILS authentication case.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index ec733295728ab5b0b3409f874510cfe4c35d8b33..9a864a01ae1bad0fd47b1b64b2a82b9d904afdbf 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -1140,9 +1140,6 @@ static void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
        if (resp != WLAN_STATUS_SUCCESS)
                goto fail;
 
-       /* TODO: MDE when using FILS+FT */
-       /* TODO: FTE when using FILS+FT */
-
        if (!elems.fils_nonce) {
                wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
                resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
@@ -1305,8 +1302,22 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
        /* RSNE */
        wpabuf_put_data(data, ie, ielen);
 
-       /* TODO: MDE when using FILS+FT */
-       /* TODO: FTE when using FILS+FT */
+       /* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
+
+#ifdef CONFIG_IEEE80211R_AP
+       if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
+               /* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
+               int res;
+
+               res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
+                                        wpabuf_tailroom(data));
+               if (res < 0) {
+                       resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
+                       goto fail;
+               }
+               wpabuf_put(data, res);
+       }
+#endif /* CONFIG_IEEE80211R_AP */
 
        /* FILS Nonce */
        wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c91affcfa658ce4a019e7706e9d58d11be16b031..d7e3d2238c1edb43de65e30f9bc123b82f525b85 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -4272,4 +4272,16 @@ wpa_auth_pmksa_get_fils_cache_id(struct wpa_authenticator *wpa_auth,
        return idata.pmksa;
 }
 
+
+#ifdef CONFIG_IEEE80211R_AP
+int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len)
+{
+       struct wpa_auth_config *conf = &wpa_auth->conf;
+
+       return wpa_write_ftie(conf, conf->r0_key_holder,
+                             conf->r0_key_holder_len,
+                             NULL, NULL, buf, len, NULL, 0);
+}
+#endif /* CONFIG_IEEE80211R_AP */
+
 #endif /* CONFIG_FILS */

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 20d8eeccf91e0aeb7dde8a1a26af2bd7d2ddd7b9..6793fecc0c214566767841cc6369b84d21ac756e 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -375,4 +375,6 @@ int fils_encrypt_assoc(struct wpa_state_machine *sm, u8 *buf,
                       const struct wpabuf *hlp);
 int fils_set_tk(struct wpa_state_machine *sm);
 
+int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len);
+
 #endif /* WPA_AUTH_H */