OWE: Include RSNE in (Re)Association Response frame

This is not normally done in RSN, but RFC 8110 seems to imply that AP
has to include OWE AKM in the RSNE within these frames. So, add the RSNE
to (Re)Association Response frames when OWE is being negotiated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 5163139f5086dc559d27db7008bb0c345b1044d9..e4daec2e17d853eefcabe738aef3f3b76c5dafa2 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2622,7 +2622,7 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
 #endif /* CONFIG_FILS */
 #ifdef CONFIG_OWE
        if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
-               buflen += 50;
+               buflen += 150;
 #endif /* CONFIG_OWE */
        buf = os_zalloc(buflen);
        if (!buf) {
@@ -2661,6 +2661,13 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
        }
 #endif /* CONFIG_IEEE80211R_AP */
 
+#ifdef CONFIG_OWE
+       if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
+               p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
+                                                 buf + buflen - p,
+                                                 ies, ies_len);
+#endif /* CONFIG_OWE */
+
 #ifdef CONFIG_IEEE80211W
        if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
                p = hostapd_eid_assoc_comeback_time(hapd, sta, p);

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 5e8a4cc840a98f0631524ab516a231c2bb6adb12..9ef660af128376336ffebdef4cfc2e6f72065322 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -422,5 +422,8 @@ int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, u8 *buf, size_t len);
 void wpa_auth_get_fils_aead_params(struct wpa_state_machine *sm,
                                   u8 *fils_anonce, u8 *fils_snonce,
                                   u8 *fils_kek, size_t *fils_kek_len);
+u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
+                                  u8 *pos, size_t max_len,
+                                  const u8 *req_ies, size_t req_ies_len);
 
 #endif /* WPA_AUTH_H */

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index ff7b97ae1a4a9e557b2de2430e82a63c8a63db4a..889afcb778457cca99fd0f1e617542ac95d1f131 100644 (file)
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -1042,3 +1042,18 @@ int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
 {
        return sm ? sm->mgmt_frame_prot : 0;
 }
+
+
+#ifdef CONFIG_OWE
+u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
+                                  u8 *pos, size_t max_len,
+                                  const u8 *req_ies, size_t req_ies_len)
+{
+       int res;
+
+       res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
+       if (res < 0)
+               return pos;
+       return pos + res;
+}
+#endif /* CONFIG_OWE */