aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-08-06 13:41:38 (GMT)
committerJouni Malinen <j@w1.fi>2015-08-06 17:47:26 (GMT)
commit44fa5e747b7aca39285e2511d5c94684e0723b6b (patch)
treeaca3d787697d2cf2c2d62fe6c42175ecdcd32173
parent3fb62bdae9c936db9ec261cb3087fdc0ac2a1bae (diff)
downloadhostap-44fa5e747b7aca39285e2511d5c94684e0723b6b.zip
hostap-44fa5e747b7aca39285e2511d5c94684e0723b6b.tar.gz
hostap-44fa5e747b7aca39285e2511d5c94684e0723b6b.tar.bz2
FT: Remove optional fields from RSNE when using PMF
The PMKIDCount, PMKID List, and Group Management Cipher Suite fields are optional to include in the RSNE in cases where these would not have values that are different from the default values. In practice, PMKIDCount is always 0 in Beacon and Probe Response frames, so the only field of these that could have a non-default value is Group Management Cipher Suite. When BIP is used, that field is not needed either due to BIP being the default cipher when PMF is enabled. Remove these fields from RSNE when BIP is used to save six octets in Beacon and Probe Response frames. In addition to reduced frame length, this is a workaround for interoperability issues with iOS 8.4 in cases where FT and PMF are enabled. iOS seems to be rejecting EAPOL-Key msg 3/4 during FT initial mobility domain association if the RSNE includes the PMKIDCount field. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
-rw-r--r--src/ap/wpa_auth_ie.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index f287297..cf2a712 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -261,7 +261,8 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
}
#ifdef CONFIG_IEEE80211W
- if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+ if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION &&
+ conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
if (pos + 2 + 4 > buf + len)
return -1;
if (pmkid == NULL) {