struct ieee80211_mgmt *mgmt, size_t len)
{
struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
- u16 auth_alg, auth_transaction, status_code;
+ u16 auth_alg, auth_transaction, status_code, encap_len;
struct ieee80211_event event = {
.type = MLME_EVENT,
.u.mlme.data = AUTH_EVENT,
.subtype = IEEE80211_STYPE_AUTH,
};
bool sae_need_confirm = false;
+ bool auth_fail = false;
lockdep_assert_wiphy(sdata->local->hw.wiphy);
auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
status_code = le16_to_cpu(mgmt->u.auth.status_code);
+ /*
+ * IEEE 802.1X Authentication:
+ * Header + Authentication Algorithm Number(2 byte) + Authentication
+ * Transaction Sequence Number(2 byte) + Status Code(2 byte) +
+ * Encapsulation Length(2 byte).
+ */
+ if (auth_alg == WLAN_AUTH_IEEE8021X && len < 24 + 8)
+ return;
+
info.link_id = ifmgd->auth_data->link_id;
if (auth_alg != ifmgd->auth_data->algorithm ||
goto notify_driver;
}
- if (status_code != WLAN_STATUS_SUCCESS) {
+ switch (auth_alg) {
+ case WLAN_AUTH_IEEE8021X:
+ if (status_code != WLAN_STATUS_SUCCESS &&
+ status_code != WLAN_STATUS_8021X_AUTH_SUCCESS)
+ auth_fail = true;
+
+ if (!auth_fail) {
+ /* Indicates length of encapsulated EAPOL PDU */
+ encap_len = get_unaligned_le16(mgmt->u.auth.variable);
+ }
+ break;
+ default:
+ if (status_code != WLAN_STATUS_SUCCESS)
+ auth_fail = true;
+ break;
+ }
+
+ if (auth_fail) {
cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
if (auth_alg == WLAN_AUTH_SAE &&
case WLAN_AUTH_FILS_SK_PFS:
case WLAN_AUTH_FILS_PK:
case WLAN_AUTH_EPPKE:
+ case WLAN_AUTH_IEEE8021X:
break;
case WLAN_AUTH_SHARED_KEY:
if (ifmgd->auth_data->expected_transaction != 4) {
if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE ||
(auth_transaction == 2 &&
ifmgd->auth_data->expected_transaction == 2)) {
- if (!ieee80211_mark_sta_auth(sdata))
- return; /* ignore frame -- wait for timeout */
+ switch (ifmgd->auth_data->algorithm) {
+ case WLAN_AUTH_IEEE8021X:
+ /*
+ * IEEE 802.1X authentication:
+ * - When the full EAP handshake completes over the
+ * Authentication process, the responder sets the
+ * Status Code to WLAN_STATUS_8021X_AUTH_SUCCESS as
+ * specified in "IEEE P802.11bi/D4.0, 12.16.5".
+ *
+ * - In the PMKSA caching case, only two Authentication
+ * frames are exchanged if the responder (e.g., AP)
+ * identifies a valid PMKSA, then as specified in
+ * "IEEE P802.11bi/D4.0, 12.16.8.3", the responder
+ * shall set the Status Code to SUCCESS in the final
+ * Authentication frame and must not include an
+ * encapsulated EAPOL PDU.
+ *
+ * Both conditions are treated as successful
+ * authentication, so mark the state to Authenticated.
+ */
+ if (status_code != WLAN_STATUS_8021X_AUTH_SUCCESS &&
+ !(status_code == WLAN_STATUS_SUCCESS &&
+ encap_len == 0))
+ break;
+ fallthrough;
+ default:
+ if (!ieee80211_mark_sta_auth(sdata))
+ return; /* ignore frame -- wait for timeout */
+
+ break;
+ }
} else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
auth_transaction == 1) {
sae_need_confirm = true;
} else if (auth_data->algorithm == WLAN_AUTH_EPPKE) {
trans = auth_data->trans;
status = auth_data->status;
+ } else if (auth_data->algorithm == WLAN_AUTH_IEEE8021X) {
+ trans = auth_data->trans;
+ status = auth_data->status;
+ auth_data->expected_transaction = trans + 1;
}
if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS))
}
if (ifmgd->auth_data &&
- ifmgd->auth_data->algorithm == WLAN_AUTH_EPPKE)
+ (ifmgd->auth_data->algorithm == WLAN_AUTH_EPPKE ||
+ ifmgd->auth_data->algorithm == WLAN_AUTH_IEEE8021X))
new_sta->sta.epp_peer = true;
new_sta->sta.mlo = mlo;
case NL80211_AUTHTYPE_EPPKE:
auth_alg = WLAN_AUTH_EPPKE;
break;
+ case NL80211_AUTHTYPE_IEEE8021X:
+ auth_alg = WLAN_AUTH_IEEE8021X;
+ break;
default:
return -EOPNOTSUPP;
}
if (req->auth_data_len >= 4) {
if (req->auth_type == NL80211_AUTHTYPE_SAE ||
- req->auth_type == NL80211_AUTHTYPE_EPPKE) {
+ req->auth_type == NL80211_AUTHTYPE_EPPKE ||
+ req->auth_type == NL80211_AUTHTYPE_IEEE8021X) {
__le16 *pos = (__le16 *) req->auth_data;
auth_data->trans = le16_to_cpu(pos[0]);
projects / thirdparty / linux.git / commitdiff
