FILS: Add MDE into Authentication frame for FILS+FT

When using FILS for FT initial mobility domain association, add MDE to
the Authentication frame from the STA to indicate this special case for
FILS authentication.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index c6563fabcc198c9c3090e998a79fcb3d77a737f8..8bd5538033ed57003f84f131905bd763035e44b4 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -3268,7 +3268,7 @@ void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf)
 
 #ifdef CONFIG_FILS
 
-struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group)
+struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md)
 {
        struct wpabuf *buf = NULL;
        struct wpabuf *erp_msg;
@@ -3348,8 +3348,16 @@ struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group)
                    sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
        wpabuf_put_data(buf, sm->assoc_wpa_ie, sm->assoc_wpa_ie_len);
 
-       /* TODO: MDE when using FILS for FT initial association */
-       /* TODO: FTE when using FILS for FT initial association */
+       if (md) {
+               /* MDE when using FILS for FT initial association */
+               struct rsn_mdie *mdie;
+
+               wpabuf_put_u8(buf, WLAN_EID_MOBILITY_DOMAIN);
+               wpabuf_put_u8(buf, sizeof(*mdie));
+               mdie = wpabuf_put(buf, sizeof(*mdie));
+               os_memcpy(mdie->mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
+               mdie->ft_capab = 0;
+       }
 
        /* FILS Nonce */
        wpabuf_put_u8(buf, WLAN_EID_EXTENSION); /* Element ID */

diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index cd9f56dca49a605dbf742543cf12e1aca1a15376..0c9691dd660cdabed89c4065df047ac57a1048c5 100644 (file)
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -435,7 +435,7 @@ extern unsigned int tdls_testing;
 int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf);
 void wpa_sm_set_test_assoc_ie(struct wpa_sm *sm, struct wpabuf *buf);
 
-struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group);
+struct wpabuf * fils_build_auth(struct wpa_sm *sm, int dh_group, const u8 *md);
 int fils_process_auth(struct wpa_sm *sm, const u8 *bssid, const u8 *data,
                      size_t len);
 struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek,

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 046a2db84633fa46419b7aec7476474882ab4707..7c097e4e758691ed73575c0f5503d1e7ce421800 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -208,9 +208,9 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
 #ifdef CONFIG_IEEE80211R
        const u8 *ie;
 #endif /* CONFIG_IEEE80211R */
-#ifdef CONFIG_IEEE80211R
+#if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS)
        const u8 *md = NULL;
-#endif /* CONFIG_IEEE80211R */
+#endif /* CONFIG_IEEE80211R || CONFIG_FILS */
        int i, bssid_changed;
        struct wpabuf *resp = NULL;
        u8 ext_capab[18];
@@ -373,7 +373,12 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
                wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
        }
 
-       if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) {
+       if (md && !wpa_key_mgmt_ft(ssid->key_mgmt))
+               md = NULL;
+       if (md) {
+               wpa_dbg(wpa_s, MSG_DEBUG, "SME: FT mobility domain %02x%02x",
+                       md[0], md[1]);
+
                if (wpa_s->sme.assoc_req_ie_len + 5 <
                    sizeof(wpa_s->sme.assoc_req_ie)) {
                        struct rsn_mdie *mdie;
@@ -594,7 +599,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
                    0)
                        wpa_printf(MSG_DEBUG,
                                   "SME: Try to use FILS with PMKSA caching");
-               resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group);
+               resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group, md);
                if (resp) {
                        int auth_alg;