FT: Add selection of FT+FILS AKMs

This is needed to enable use of FILS for the FT initial mobility domain
association.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index c267a179d01ae2c195331e244603010f06c43582..43bdb0a466200368a340db1eae28378d58ee4d6b 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -882,6 +882,12 @@ static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
                sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
        else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
                sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
+#ifdef CONFIG_FILS
+       else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
+               sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
+       else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
+               sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
+#endif /* CONFIG_FILS */
        ciphers = parse->pairwise_cipher & sm->wpa_auth->conf.rsn_pairwise;
        if (!ciphers) {
                wpa_printf(MSG_DEBUG, "FT: Invalid pairwise cipher (0x%x) from "

diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 205793e7f43abd5b7f44e6201b5f17f067cd2e9a..aeb7affc20ad6345168e0ca3b8edd6f69393f53c 100644 (file)
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -204,6 +204,12 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
                RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
        else if (sm->key_mgmt == WPA_KEY_MGMT_FT_SAE)
                RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
+#ifdef CONFIG_FILS
+       else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256)
+               RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
+       else if (sm->key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384)
+               RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
+#endif /* CONFIG_FILS */
        else {
                wpa_printf(MSG_WARNING, "FT: Invalid key management type (%d)",
                           sm->key_mgmt);