mesh: Use ieee80211w profile parameter

This is initial step in fixing issues in how PMF configuration for RSN
mesh was handled. PMF is an optional capability for mesh and it needs to
be configured consistently in both hostapd structures (to get proper
RSNE) and key configuration (not included in this commit).

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index fbe97fca3152332d1785d7390ab12071b12e1172..8ffd390784d9ae8a34f533e4aeef07c1dfef1da2 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -41,6 +41,7 @@ struct mesh_conf {
 #define MESH_CONF_SEC_AUTH BIT(1)
 #define MESH_CONF_SEC_AMPE BIT(2)
        unsigned int security;
+       enum mfp_options ieee80211w;
        int dot11MeshMaxRetries;
        int dot11MeshRetryTimeout; /* msec */
        int dot11MeshConfirmTimeout; /* msec */

diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index e9b64509377676634c2d221670d149c7d05eab23..aed55da8bb05e6a720bcdf76ce76ae0411266aaf 100644 (file)
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -66,7 +66,8 @@ void wpa_supplicant_mesh_iface_deinit(struct wpa_supplicant *wpa_s,
 }
 
 
-static struct mesh_conf * mesh_config_create(struct wpa_ssid *ssid)
+static struct mesh_conf * mesh_config_create(struct wpa_supplicant *wpa_s,
+                                            struct wpa_ssid *ssid)
 {
        struct mesh_conf *conf;
 
@@ -82,6 +83,13 @@ static struct mesh_conf * mesh_config_create(struct wpa_ssid *ssid)
                        MESH_CONF_SEC_AMPE;
        else
                conf->security |= MESH_CONF_SEC_NONE;
+       conf->ieee80211w = ssid->ieee80211w;
+       if (conf->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
+               if (wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)
+                       conf->ieee80211w = wpa_s->conf->pmf;
+               else
+                       conf->ieee80211w = NO_MGMT_FRAME_PROTECTION;
+       }
 
        /* defaults */
        conf->mesh_pp_id = MESH_PATH_PROTOCOL_HWMP;
@@ -175,7 +183,7 @@ static int wpa_supplicant_mesh_init(struct wpa_supplicant *wpa_s,
                wpa_s->conf->dot11RSNASAERetransPeriod;
        os_strlcpy(bss->conf->iface, wpa_s->ifname, sizeof(bss->conf->iface));
 
-       mconf = mesh_config_create(ssid);
+       mconf = mesh_config_create(wpa_s, ssid);
        if (!mconf)
                goto out_free;
        ifmsh->mconf = mconf;

diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index 5754f350462e461e93e962cdc3e1cf7ee7a94f66..4dadc4049c034350d17d53722f58daeda775b6e8 100644 (file)
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -136,7 +136,8 @@ static int auth_start_ampe(void *ctx, const u8 *addr)
 }
 
 
-static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr)
+static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr,
+                               enum mfp_options ieee80211w)
 {
        struct wpa_auth_config conf;
        struct wpa_auth_callbacks cb;
@@ -152,6 +153,11 @@ static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr)
        conf.wpa_group = WPA_CIPHER_CCMP;
        conf.eapol_version = 0;
        conf.wpa_group_rekey = -1;
+#ifdef CONFIG_IEEE80211W
+       conf.ieee80211w = ieee80211w;
+       if (ieee80211w != NO_MGMT_FRAME_PROTECTION)
+               conf.group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
+#endif /* CONFIG_IEEE80211W */
 
        os_memset(&cb, 0, sizeof(cb));
        cb.ctx = rsn;
@@ -203,7 +209,8 @@ struct mesh_rsn *mesh_rsn_auth_init(struct wpa_supplicant *wpa_s,
                return NULL;
        mesh_rsn->wpa_s = wpa_s;
 
-       if (__mesh_rsn_auth_init(mesh_rsn, wpa_s->own_addr) < 0) {
+       if (__mesh_rsn_auth_init(mesh_rsn, wpa_s->own_addr,
+                                conf->ieee80211w) < 0) {
                mesh_rsn_deinit(mesh_rsn);
                os_free(mesh_rsn);
                return NULL;