HS 2.0: Allow OSEN connection to be used in an RSN BSS

This allows a single BSS/SSID to be used for both data connection and
OSU. In wpa_supplicant configuration, the current proto=OSEN
key_mgmt=OSEN combination is now allowing both the old separate OSEN
BSS/IE and the new RSN-OSEN to be used.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index d6490584ce718c25e3e4d6eca3e272125a931e9e..f8b0cafab1c4ff59f546be09b70a0e5ce84377e8 100644 (file)
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -200,6 +200,10 @@ static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len,
        } else if (key_mgmt & WPA_KEY_MGMT_DPP) {
                RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
 #endif /* CONFIG_DPP */
+#ifdef CONFIG_HS20
+       } else if (key_mgmt & WPA_KEY_MGMT_OSEN) {
+               RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
+#endif /* CONFIG_HS20 */
        } else {
                wpa_printf(MSG_WARNING, "Invalid key management type (%d).",
                           key_mgmt);

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 8772291c17e91a7a6fd05ce7a0c0055f466d9ffb..fb77f1dbd23e988435c79d35875ef5ce1d9b2106 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -536,7 +536,7 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
                 (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA));
 
        rsn_ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-       while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) {
+       while ((ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)) && rsn_ie) {
                proto_match++;
 
                if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) {
@@ -555,7 +555,8 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
                        return 1;
                }
 
-               if (!(ie.proto & ssid->proto)) {
+               if (!(ie.proto & ssid->proto) &&
+                   !(ssid->proto & WPA_PROTO_OSEN)) {
                        if (debug_print)
                                wpa_dbg(wpa_s, MSG_DEBUG,
                                        "   skip RSN IE - proto mismatch");
@@ -985,18 +986,22 @@ struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
        struct wpa_blacklist *e;
        const u8 *ie;
        struct wpa_ssid *ssid;
-       int osen;
+       int osen, rsn_osen = 0;
 #ifdef CONFIG_MBO
        const u8 *assoc_disallow;
 #endif /* CONFIG_MBO */
        const u8 *match_ssid;
        size_t match_ssid_len;
+       struct wpa_ie_data data;
 
        ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
        wpa_ie_len = ie ? ie[1] : 0;
 
        ie = wpa_bss_get_ie(bss, WLAN_EID_RSN);
        rsn_ie_len = ie ? ie[1] : 0;
+       if (ie && wpa_parse_wpa_ie_rsn(ie, 2 + ie[1], &data) == 0 &&
+           (data.key_mgmt & WPA_KEY_MGMT_OSEN))
+               rsn_osen = 1;
 
        ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
        osen = ie != NULL;
@@ -1170,7 +1175,8 @@ struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
                        continue;
                }
 
-               if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) && !osen) {
+               if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) && !osen &&
+                   !rsn_osen) {
                        if (debug_print)
                                wpa_dbg(wpa_s, MSG_DEBUG,
                                        "   skip - non-OSEN network not allowed");

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 3de9198546cb7fdb8e4b157c16e8b85668806eaf..d2613b7ea21c4686efe3c047d38e52d35de5c0c0 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1217,6 +1217,13 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
                ie.pairwise_cipher = WPA_CIPHER_CCMP;
                ie.key_mgmt = WPA_KEY_MGMT_OSEN;
                proto = WPA_PROTO_OSEN;
+       } else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
+           wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
+           (ie.group_cipher & ssid->group_cipher) &&
+           (ie.pairwise_cipher & ssid->pairwise_cipher) &&
+           (ie.key_mgmt & ssid->key_mgmt)) {
+               wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
+               proto = WPA_PROTO_RSN;
 #endif /* CONFIG_HS20 */
        } else if (bss) {
                wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");