From 628c079e55a48dab85a089569366d5c47b251eb5 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Wed, 22 May 2019 15:24:04 -0700 Subject: [PATCH] station: netdev: allow FILS-FT AKMs This adds some checks for the FT_OVER_FILS AKMs in station and netdev allowing the FILS-FT AKMs to be selected during a connection. Inside netdev_connect_event we actually have to skip parsing the IEs because FILS itself takes care of this (needs to handle them specially) --- src/netdev.c | 7 ++++++- src/station.c | 10 +++++++--- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/netdev.c b/src/netdev.c index 34750fb1..bf667742 100644 --- a/src/netdev.c +++ b/src/netdev.c @@ -1632,7 +1632,10 @@ static void netdev_connect_event(struct l_genl_msg *msg, struct netdev *netdev) } } - if (resp_ies) { + /* FILS handles its own FT key derivation */ + if (resp_ies && !(netdev->handshake->akm_suite & + (IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 | + IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))) { const uint8_t *fte = NULL; struct ie_ft_info ft_info; @@ -2369,6 +2372,8 @@ int netdev_connect(struct netdev *netdev, struct scan_bss *bss, break; case IE_RSN_AKM_SUITE_FILS_SHA256: case IE_RSN_AKM_SUITE_FILS_SHA384: + case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256: + case IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384: netdev->ap = fils_sm_new(hs, netdev_fils_tx_authenticate, netdev_fils_tx_associate, netdev); diff --git a/src/station.c b/src/station.c index 960c701a..e4dee053 100644 --- a/src/station.c +++ b/src/station.c @@ -633,7 +633,9 @@ static int station_build_handshake_rsn(struct handshake_state *hs, if (info.akm_suites & (IE_RSN_AKM_SUITE_FT_OVER_8021X | IE_RSN_AKM_SUITE_FT_USING_PSK | - IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256)) + IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256 | + IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 | + IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384)) add_mde = true; open_network: @@ -704,8 +706,10 @@ static struct handshake_state *station_handshake_setup(struct station *station, * wait to get it until here because at this point so there are no * failure paths before fils_sm_new */ - if (hs->akm_suite == IE_RSN_AKM_SUITE_FILS_SHA256 || - hs->akm_suite == IE_RSN_AKM_SUITE_FILS_SHA384) + if (hs->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 | + IE_RSN_AKM_SUITE_FILS_SHA384 | + IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 | + IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384)) hs->erp_cache = erp_cache_get(network_get_ssid(network)); return hs;