DPP2: Add DPP KDE into EAPOL-Key msg 3/4 when using DPP AKM

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 30e725864f011837d5b004f3b1a7f2c6d7a5aea7..fad0623b07fc555938ddc25003b5dba775faf268 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3397,6 +3397,11 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
        if (conf->transition_disable)
                kde_len += 2 + RSN_SELECTOR_LEN + 1;
 
+#ifdef CONFIG_DPP2
+       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP)
+               kde_len += 2 + RSN_SELECTOR_LEN + 2;
+#endif /* CONFIG_DPP2 */
+
        kde = os_malloc(kde_len);
        if (!kde)
                goto done;
@@ -3492,6 +3497,22 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
                pos = wpa_add_kde(pos, WFA_KEY_DATA_TRANSITION_DISABLE,
                                  &conf->transition_disable, 1, NULL, 0);
 
+#ifdef CONFIG_DPP2
+       if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP) {
+               u8 payload[2];
+
+               payload[0] = 2; /* Protocol Version */
+               payload[1] = 0; /* Flags */
+               if (conf->dpp_pfs == 0)
+                       payload[1] |= DPP_KDE_PFS_ALLOWED;
+               else if (conf->dpp_pfs == 1)
+                       payload[1] |= DPP_KDE_PFS_ALLOWED |
+                               DPP_KDE_PFS_REQUIRED;
+               pos = wpa_add_kde(pos, WFA_KEY_DATA_DPP,
+                                 payload, sizeof(payload), NULL, 0);
+       }
+#endif /* CONFIG_DPP2 */
+
        wpa_send_eapol(sm->wpa_auth, sm,
                       (secure ? WPA_KEY_INFO_SECURE : 0) |
                       (wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len) ?

diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index c0ef689c68e0a0493ca7d815dc01639e4ae6f4a9..9ad9edc73c654546937c6e632f6be0869b56051f 100644 (file)
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -124,6 +124,7 @@ WPA_CIPHER_BIP_CMAC_256)
 #define WFA_KEY_DATA_IP_ADDR_REQ RSN_SELECTOR(0x50, 0x6f, 0x9a, 4)
 #define WFA_KEY_DATA_IP_ADDR_ALLOC RSN_SELECTOR(0x50, 0x6f, 0x9a, 5)
 #define WFA_KEY_DATA_TRANSITION_DISABLE RSN_SELECTOR(0x50, 0x6f, 0x9a, 0x20)
+#define WFA_KEY_DATA_DPP RSN_SELECTOR(0x50, 0x6f, 0x9a, 0x21)
 
 #define WPA_OUI_TYPE RSN_SELECTOR(0x00, 0x50, 0xf2, 1)
 
@@ -362,6 +363,10 @@ struct rsn_rdie {
 #define TRANSITION_DISABLE_WPA3_ENTERPRISE BIT(2)
 #define TRANSITION_DISABLE_ENHANCED_OPEN BIT(3)
 
+/* DPP KDE Flags */
+#define DPP_KDE_PFS_ALLOWED BIT(0)
+#define DPP_KDE_PFS_REQUIRED BIT(1)
+
 #ifdef _MSC_VER
 #pragma pack(pop)
 #endif /* _MSC_VER */