WPS: Re-fix an interoperability issue with mixed mode and AP Settings

Commit ce7b56afab8e6065e886b9471fa8071c8d2bd66b ('WPS: Fix an
interoperability issue with mixed mode and AP Settings') added code to
filter M7 Authentication/Encryption Type attributes into a single bit
value in mixed mode (WPA+WPA2) cases to work around issues with Windows
7. This workaround was lost in commit
d7a15d5953beb47964526aa17b4dc2e9b2985fc1 ('WPS: Indicate current AP
settings in M7 in unconfigurated state') that fixed unconfigured state
values in AP Settings, but did not take into account the earlier
workaround for mixed mode.

Re-introduce filtering of Authentication/Encryption Type attributes for
M7 based on the current AP configuration. In other words, merge those
two earlier commits together to include both the earlier workaround the
newer fix.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c
index 9f5a90ce928fc10927787c730f4a01d822ca645e..89957b1a818ad621a5e0179fa2a008d27ebed6ac 100644 (file)
--- a/src/wps/wps_enrollee.c
+++ b/src/wps/wps_enrollee.c
@@ -247,22 +247,48 @@ static int wps_build_cred_ssid(struct wps_data *wps, struct wpabuf *msg)
 
 static int wps_build_cred_auth_type(struct wps_data *wps, struct wpabuf *msg)
 {
-       wpa_printf(MSG_DEBUG, "WPS:  * Authentication Type (0x%x)",
-                  wps->wps->ap_auth_type);
+       u16 auth_type = wps->wps->ap_auth_type;
+
+       /*
+        * Work around issues with Windows 7 WPS implementation not liking
+        * multiple Authentication Type bits in M7 AP Settings attribute by
+        * showing only the most secure option from current configuration.
+        */
+       if (auth_type & WPS_AUTH_WPA2PSK)
+               auth_type = WPS_AUTH_WPA2PSK;
+       else if (auth_type & WPS_AUTH_WPAPSK)
+               auth_type = WPS_AUTH_WPAPSK;
+       else if (auth_type & WPS_AUTH_OPEN)
+               auth_type = WPS_AUTH_OPEN;
+
+       wpa_printf(MSG_DEBUG, "WPS:  * Authentication Type (0x%x)", auth_type);
        wpabuf_put_be16(msg, ATTR_AUTH_TYPE);
        wpabuf_put_be16(msg, 2);
-       wpabuf_put_be16(msg, wps->wps->ap_auth_type);
+       wpabuf_put_be16(msg, auth_type);
        return 0;
 }
 
 
 static int wps_build_cred_encr_type(struct wps_data *wps, struct wpabuf *msg)
 {
-       wpa_printf(MSG_DEBUG, "WPS:  * Encryption Type (0x%x)",
-                  wps->wps->ap_encr_type);
+       u16 encr_type = wps->wps->ap_encr_type;
+
+       /*
+        * Work around issues with Windows 7 WPS implementation not liking
+        * multiple Encryption Type bits in M7 AP Settings attribute by
+        * showing only the most secure option from current configuration.
+        */
+       if (wps->wps->ap_auth_type & (WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK)) {
+               if (encr_type & WPS_ENCR_AES)
+                       encr_type = WPS_ENCR_AES;
+               else if (encr_type & WPS_ENCR_TKIP)
+                       encr_type = WPS_ENCR_TKIP;
+       }
+
+       wpa_printf(MSG_DEBUG, "WPS:  * Encryption Type (0x%x)", encr_type);
        wpabuf_put_be16(msg, ATTR_ENCR_TYPE);
        wpabuf_put_be16(msg, 2);
-       wpabuf_put_be16(msg, wps->wps->ap_encr_type);
+       wpabuf_put_be16(msg, encr_type);
        return 0;
 }