aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/sme.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2017-03-12 20:59:52 (GMT)
committerJouni Malinen <j@w1.fi>2017-03-12 21:23:09 (GMT)
commit6498351670c0d6f20266cce4f9009ebf911f98d7 (patch)
tree1d000f0b5e5c258c0b244fed76b9dc60541c6db0 /wpa_supplicant/sme.c
parent1c243e402b137aeb48e4d56b269b4734fee19ea6 (diff)
downloadhostap-6498351670c0d6f20266cce4f9009ebf911f98d7.zip
hostap-6498351670c0d6f20266cce4f9009ebf911f98d7.tar.gz
hostap-6498351670c0d6f20266cce4f9009ebf911f98d7.tar.bz2
FILS: Check FILS Indication element against local network profile
Do not try to use FILS authentication unless the AP indicates support for the type the local network profile enforces. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/sme.c')
-rw-r--r--wpa_supplicant/sme.c32
1 files changed, 32 insertions, 0 deletions
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 5ab56c8..046a2db 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -557,6 +557,37 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
* networks). */
if (params.auth_alg == WPA_AUTH_ALG_OPEN &&
wpa_key_mgmt_fils(ssid->key_mgmt)) {
+ const u8 *indic;
+ u16 fils_info;
+
+ /*
+ * Check FILS Indication element (FILS Information field) bits
+ * indicating supported authentication algorithms against local
+ * configuration (ssid->fils_dh_group). Try to use FILS
+ * authentication only if the AP supports the combination in the
+ * network profile. */
+ indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
+ if (!indic || indic[1] < 2) {
+ wpa_printf(MSG_DEBUG, "SME: " MACSTR
+ " does not include FILS Indication element - cannot use FILS authentication with it",
+ MAC2STR(bss->bssid));
+ goto no_fils;
+ }
+
+ fils_info = WPA_GET_LE16(indic + 2);
+ if (ssid->fils_dh_group == 0 && !(fils_info & BIT(9))) {
+ wpa_printf(MSG_DEBUG, "SME: " MACSTR
+ " does not support FILS SK without PFS - cannot use FILS authentication with it",
+ MAC2STR(bss->bssid));
+ goto no_fils;
+ }
+ if (ssid->fils_dh_group != 0 && !(fils_info & BIT(10))) {
+ wpa_printf(MSG_DEBUG, "SME: " MACSTR
+ " does not support FILS SK with PFS - cannot use FILS authentication with it",
+ MAC2STR(bss->bssid));
+ goto no_fils;
+ }
+
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
ssid, 0,
wpa_bss_get_fils_cache_id(bss)) ==
@@ -582,6 +613,7 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s,
wpa_s->sme.auth_alg = auth_alg;
}
}
+no_fils:
#endif /* CONFIG_FILS */
wpa_supplicant_cancel_sched_scan(wpa_s);