station: netdev: allow FILS-FT AKMs

This adds some checks for the FT_OVER_FILS AKMs in station and netdev allowing the FILS-FT AKMs to be selected during a connection. Inside netdev_connect_event we actually have to skip parsing the IEs because FILS itself takes care of this (needs to handle them specially)
2024-10-04 02:18:49 +02:00 · 2019-05-22 15:24:04 -07:00 · 2019-05-22 15:24:04 -07:00 · 628c079e55
commit 628c079e55
parent e583b1d243
2 changed files with 13 additions and 4 deletions
--- a/src/netdev.c
+++ b/src/netdev.c
@ -1632,7 +1632,10 @@ static void netdev_connect_event(struct l_genl_msg *msg, struct netdev *netdev)
 		}
 	}

-	if (resp_ies) {
+	/* FILS handles its own FT key derivation */
+	if (resp_ies && !(netdev->handshake->akm_suite &
+			(IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
+			IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))) {
 		const uint8_t *fte = NULL;
 		struct ie_ft_info ft_info;

@ -2369,6 +2372,8 @@ int netdev_connect(struct netdev *netdev, struct scan_bss *bss,
 		break;
 	case IE_RSN_AKM_SUITE_FILS_SHA256:
 	case IE_RSN_AKM_SUITE_FILS_SHA384:
+	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256:
+	case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384:
 		netdev->ap = fils_sm_new(hs, netdev_fils_tx_authenticate,
 						netdev_fils_tx_associate,
 						netdev);
--- a/src/station.c
+++ b/src/station.c
@ -633,7 +633,9 @@ static int station_build_handshake_rsn(struct handshake_state *hs,

 	if (info.akm_suites & (IE_RSN_AKM_SUITE_FT_OVER_8021X |
 				IE_RSN_AKM_SUITE_FT_USING_PSK |
-				IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256))
+				IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256 |
+				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
+				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
 		add_mde = true;

 open_network:
@ -704,8 +706,10 @@ static struct handshake_state *station_handshake_setup(struct station *station,
 	 * wait to get it until here because at this point so there are no
 	 * failure paths before fils_sm_new
 	 */
-	if (hs->akm_suite == IE_RSN_AKM_SUITE_FILS_SHA256 ||
-			hs->akm_suite == IE_RSN_AKM_SUITE_FILS_SHA384)
+	if (hs->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
+				IE_RSN_AKM_SUITE_FILS_SHA384 |
+				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
+				IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
 		hs->erp_cache = erp_cache_get(network_get_ssid(network));

 	return hs;