forked from espressif/esp-idf
Merge branch 'feature/softap_fixes_for_ceritification' into 'master'
WiFi: fixes for issues discovered during SoftAP ceritification Closes WIFIBUG-778 See merge request espressif/esp-idf!33426
This commit is contained in:
Jiang Jiang Jian
@@ -508,20 +508,21 @@ typedef enum {
|
|||||||
* @brief Soft-AP configuration settings for the device
|
* @brief Soft-AP configuration settings for the device
|
||||||
*/
|
*/
|
||||||
typedef struct {
|
typedef struct {
|
||||||
uint8_t ssid[32]; /**< SSID of soft-AP. If ssid_len field is 0, this must be a Null terminated string. Otherwise, length is set according to ssid_len. */
|
uint8_t ssid[32]; /**< SSID of soft-AP. If ssid_len field is 0, this must be a Null terminated string. Otherwise, length is set according to ssid_len. */
|
||||||
uint8_t password[64]; /**< Password of soft-AP. */
|
uint8_t password[64]; /**< Password of soft-AP. */
|
||||||
uint8_t ssid_len; /**< Optional length of SSID field. */
|
uint8_t ssid_len; /**< Optional length of SSID field. */
|
||||||
uint8_t channel; /**< Channel of soft-AP */
|
uint8_t channel; /**< Channel of soft-AP */
|
||||||
wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */
|
wifi_auth_mode_t authmode; /**< Auth mode of soft-AP. Do not support AUTH_WEP, AUTH_WAPI_PSK and AUTH_OWE in soft-AP mode. When the auth mode is set to WPA2_PSK, WPA2_WPA3_PSK or WPA3_PSK, the pairwise cipher will be overwritten with WIFI_CIPHER_TYPE_CCMP. */
|
||||||
uint8_t ssid_hidden; /**< Broadcast SSID or not, default 0, broadcast the SSID */
|
uint8_t ssid_hidden; /**< Broadcast SSID or not, default 0, broadcast the SSID */
|
||||||
uint8_t max_connection; /**< Max number of stations allowed to connect in */
|
uint8_t max_connection; /**< Max number of stations allowed to connect in */
|
||||||
uint16_t beacon_interval; /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */
|
uint16_t beacon_interval; /**< Beacon interval which should be multiples of 100. Unit: TU(time unit, 1 TU = 1024 us). Range: 100 ~ 60000. Default value: 100 */
|
||||||
uint8_t csa_count; /**< Channel Switch Announcement Count. Notify the station that the channel will switch after the csa_count beacon intervals. Range: 1 ~ 30. Default value: 3 */
|
uint8_t csa_count; /**< Channel Switch Announcement Count. Notify the station that the channel will switch after the csa_count beacon intervals. Default value: 3 */
|
||||||
uint8_t dtim_period; /**< Dtim period of soft-AP. Range: 1 ~ 10. Default value: 1 */
|
uint8_t dtim_period; /**< Dtim period of soft-AP. Range: 1 ~ 10. Default value: 1 */
|
||||||
wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */
|
wifi_cipher_type_t pairwise_cipher; /**< Pairwise cipher of SoftAP, group cipher will be derived using this. Cipher values are valid starting from WIFI_CIPHER_TYPE_TKIP, enum values before that will be considered as invalid and default cipher suites(TKIP+CCMP) will be used. Valid cipher suites in softAP mode are WIFI_CIPHER_TYPE_TKIP, WIFI_CIPHER_TYPE_CCMP and WIFI_CIPHER_TYPE_TKIP_CCMP. */
|
||||||
bool ftm_responder; /**< Enable FTM Responder mode */
|
bool ftm_responder; /**< Enable FTM Responder mode */
|
||||||
wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */
|
wifi_pmf_config_t pmf_cfg; /**< Configuration for Protected Management Frame */
|
||||||
wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */
|
wifi_sae_pwe_method_t sae_pwe_h2e; /**< Configuration for SAE PWE derivation method */
|
||||||
|
uint8_t transition_disable; /**< Whether to enable transition disable feature */
|
||||||
} wifi_ap_config_t;
|
} wifi_ap_config_t;
|
||||||
|
|
||||||
#define SAE_H2E_IDENTIFIER_LEN 32 /**< Length of the password identifier for H2E */
|
#define SAE_H2E_IDENTIFIER_LEN 32 /**< Length of the password identifier for H2E */
|
||||||
@@ -560,7 +561,7 @@ typedef struct {
|
|||||||
uint32_t he_trig_mu_bmforming_partial_feedback_disabled: 1; /**< Whether to disable support the transmission of partial-bandwidth MU feedback in an HE TB sounding sequence. */
|
uint32_t he_trig_mu_bmforming_partial_feedback_disabled: 1; /**< Whether to disable support the transmission of partial-bandwidth MU feedback in an HE TB sounding sequence. */
|
||||||
uint32_t he_trig_cqi_feedback_disabled: 1; /**< Whether to disable support the transmission of CQI feedback in an HE TB sounding sequence. */
|
uint32_t he_trig_cqi_feedback_disabled: 1; /**< Whether to disable support the transmission of CQI feedback in an HE TB sounding sequence. */
|
||||||
uint32_t he_reserved: 22; /**< Reserved for future feature set */
|
uint32_t he_reserved: 22; /**< Reserved for future feature set */
|
||||||
uint8_t sae_h2e_identifier[SAE_H2E_IDENTIFIER_LEN];/**< Password identifier for H2E. this needs to be null terminated string */
|
uint8_t sae_h2e_identifier[SAE_H2E_IDENTIFIER_LEN]; /**< Password identifier for H2E. this needs to be null terminated string */
|
||||||
} wifi_sta_config_t;
|
} wifi_sta_config_t;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Submodule components/esp_wifi/lib updated: 06d0eec710...b15699a76c
@@ -161,6 +161,16 @@ void *hostap_init(void)
|
|||||||
os_memcpy(hapd->conf->ssid.wpa_passphrase, esp_wifi_ap_get_prof_password_internal(), strlen((char *)esp_wifi_ap_get_prof_password_internal()));
|
os_memcpy(hapd->conf->ssid.wpa_passphrase, esp_wifi_ap_get_prof_password_internal(), strlen((char *)esp_wifi_ap_get_prof_password_internal()));
|
||||||
hapd->conf->ssid.wpa_passphrase[WIFI_PASSWORD_LEN_MAX - 1] = '\0';
|
hapd->conf->ssid.wpa_passphrase[WIFI_PASSWORD_LEN_MAX - 1] = '\0';
|
||||||
hapd->conf->max_num_sta = esp_wifi_ap_get_max_sta_conn();
|
hapd->conf->max_num_sta = esp_wifi_ap_get_max_sta_conn();
|
||||||
|
auth_conf->transition_disable = esp_wifi_ap_get_transition_disable_internal();
|
||||||
|
if (authmode != WIFI_AUTH_WPA3_PSK &&
|
||||||
|
authmode != WIFI_AUTH_WPA2_WPA3_PSK && auth_conf->transition_disable) {
|
||||||
|
auth_conf->transition_disable = 0;
|
||||||
|
wpa_printf(MSG_DEBUG, "overriding transition_disable config with 0 as authmode is not WPA3");
|
||||||
|
}
|
||||||
|
|
||||||
|
auth_conf->sae_require_mfp = 1;
|
||||||
|
//TODO change it when AP support GCMP-PSK
|
||||||
|
auth_conf->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
|
||||||
|
|
||||||
hapd->conf->ap_max_inactivity = 5 * 60;
|
hapd->conf->ap_max_inactivity = 5 * 60;
|
||||||
hostapd_setup_wpa_psk(hapd->conf);
|
hostapd_setup_wpa_psk(hapd->conf);
|
||||||
@@ -348,7 +358,7 @@ uint8_t wpa_status_to_reason_code(int status)
|
|||||||
}
|
}
|
||||||
|
|
||||||
bool hostap_new_assoc_sta(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie,
|
bool hostap_new_assoc_sta(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie,
|
||||||
uint8_t wpa_ie_len, uint8_t *rsnxe, uint8_t rsnxe_len,
|
uint8_t wpa_ie_len, uint8_t *rsnxe, uint16_t rsnxe_len,
|
||||||
bool *pmf_enable, int subtype, uint8_t *pairwise_cipher, uint8_t *reason)
|
bool *pmf_enable, int subtype, uint8_t *pairwise_cipher, uint8_t *reason)
|
||||||
{
|
{
|
||||||
struct hostapd_data *hapd = (struct hostapd_data*)esp_wifi_get_hostap_private_internal();
|
struct hostapd_data *hapd = (struct hostapd_data*)esp_wifi_get_hostap_private_internal();
|
||||||
|
|||||||
@@ -128,7 +128,7 @@ struct wpa_funcs {
|
|||||||
bool (*wpa_sta_in_4way_handshake)(void);
|
bool (*wpa_sta_in_4way_handshake)(void);
|
||||||
void *(*wpa_ap_init)(void);
|
void *(*wpa_ap_init)(void);
|
||||||
bool (*wpa_ap_deinit)(void *data);
|
bool (*wpa_ap_deinit)(void *data);
|
||||||
bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
|
bool (*wpa_ap_join)(void **sm, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8* rsnxe, u16 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher);
|
||||||
bool (*wpa_ap_remove)(u8 *bssid);
|
bool (*wpa_ap_remove)(u8 *bssid);
|
||||||
uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len);
|
uint8_t *(*wpa_ap_get_wpa_ie)(uint8_t *len);
|
||||||
bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len);
|
bool (*wpa_ap_rx_eapol)(void *hapd_data, void *sm, u8 *data, size_t data_len);
|
||||||
@@ -303,5 +303,8 @@ bool esp_wifi_eb_tx_status_success_internal(void *eb);
|
|||||||
uint8_t* esp_wifi_sta_get_rsnxe(u8 *bssid);
|
uint8_t* esp_wifi_sta_get_rsnxe(u8 *bssid);
|
||||||
esp_err_t esp_wifi_sta_connect_internal(const uint8_t *bssid);
|
esp_err_t esp_wifi_sta_connect_internal(const uint8_t *bssid);
|
||||||
void esp_wifi_enable_sae_pk_only_mode_internal(void);
|
void esp_wifi_enable_sae_pk_only_mode_internal(void);
|
||||||
|
uint8_t esp_wifi_ap_get_transition_disable_internal(void);
|
||||||
|
int esp_wifi_softap_set_obss_overlap(bool overlap);
|
||||||
|
void esp_wifi_set_sigma_internal(bool flag);
|
||||||
|
|
||||||
#endif /* _ESP_WIFI_DRIVER_H_ */
|
#endif /* _ESP_WIFI_DRIVER_H_ */
|
||||||
|
|||||||
@@ -532,6 +532,11 @@ static void wpa3_process_rx_confirm(wpa3_hostap_auth_event_t *evt)
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
if (ret == WLAN_STATUS_SUCCESS) {
|
if (ret == WLAN_STATUS_SUCCESS) {
|
||||||
|
if (sta->sae_data && esp_send_sae_auth_reply(hapd, sta->addr, frm->bssid, WLAN_AUTH_SAE, 2,
|
||||||
|
WLAN_STATUS_SUCCESS, wpabuf_head(sta->sae_data), wpabuf_len(sta->sae_data)) != ESP_OK) {
|
||||||
|
ap_free_sta(hapd, sta);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
if (esp_wifi_ap_notify_node_sae_auth_done(frm->bssid) != true) {
|
if (esp_wifi_ap_notify_node_sae_auth_done(frm->bssid) != true) {
|
||||||
ap_free_sta(hapd, sta);
|
ap_free_sta(hapd, sta);
|
||||||
goto done;
|
goto done;
|
||||||
@@ -543,6 +548,11 @@ static void wpa3_process_rx_confirm(wpa3_hostap_auth_event_t *evt)
|
|||||||
esp_wifi_ap_get_sta_aid(frm->bssid, &aid);
|
esp_wifi_ap_get_sta_aid(frm->bssid, &aid);
|
||||||
if (aid == 0) {
|
if (aid == 0) {
|
||||||
esp_wifi_ap_deauth_internal(frm->bssid, ret);
|
esp_wifi_ap_deauth_internal(frm->bssid, ret);
|
||||||
|
} else {
|
||||||
|
if (sta && sta->sae_data) {
|
||||||
|
wpabuf_free(sta->sae_data);
|
||||||
|
sta->sae_data = NULL;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -352,7 +352,7 @@ static int check_n_add_wps_sta(struct hostapd_data *hapd, struct sta_info *sta_i
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8 *rsnxe, u8 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher)
|
static bool hostap_sta_join(void **sta, u8 *bssid, u8 *wpa_ie, u8 wpa_ie_len, u8 *rsnxe, u16 rsnxe_len, bool *pmf_enable, int subtype, uint8_t *pairwise_cipher)
|
||||||
{
|
{
|
||||||
struct sta_info *sta_info = NULL;
|
struct sta_info *sta_info = NULL;
|
||||||
struct hostapd_data *hapd = hostapd_get_hapd_data();
|
struct hostapd_data *hapd = hostapd_get_hapd_data();
|
||||||
|
|||||||
@@ -383,7 +383,7 @@ const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
|
|||||||
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
|
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
|
||||||
struct sta_info;
|
struct sta_info;
|
||||||
bool hostap_new_assoc_sta(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie,
|
bool hostap_new_assoc_sta(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie,
|
||||||
uint8_t wpa_ie_len,uint8_t *rsnxe, uint8_t rsnxe_len,
|
uint8_t wpa_ie_len, uint8_t *rsnxe, uint16_t rsnxe_len,
|
||||||
bool *pmf_enable, int subtype, uint8_t *pairwise_cipher, uint8_t *reason);
|
bool *pmf_enable, int subtype, uint8_t *pairwise_cipher, uint8_t *reason);
|
||||||
bool wpa_ap_remove(u8* bssid);
|
bool wpa_ap_remove(u8* bssid);
|
||||||
|
|
||||||
|
|||||||
@@ -180,13 +180,16 @@ static int auth_sae_send_confirm(struct hostapd_data *hapd,
|
|||||||
if (sta->remove_pending) {
|
if (sta->remove_pending) {
|
||||||
reply_res = -1;
|
reply_res = -1;
|
||||||
} else {
|
} else {
|
||||||
reply_res = esp_send_sae_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2,
|
if (sta->sae_data)
|
||||||
WLAN_STATUS_SUCCESS, wpabuf_head(data),
|
wpabuf_free(sta->sae_data);
|
||||||
wpabuf_len(data));
|
sta->sae_data = data;
|
||||||
|
reply_res = 0;
|
||||||
|
/* confirm is sent in later stage when all the required processing for a sta is done*/
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
wpabuf_free(data);
|
||||||
#endif /* ESP_SUPPLICANT */
|
#endif /* ESP_SUPPLICANT */
|
||||||
|
|
||||||
wpabuf_free(data);
|
|
||||||
return reply_res;
|
return reply_res;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -676,7 +679,7 @@ int auth_sae_queue(struct hostapd_data *hapd,
|
|||||||
unsigned int queue_len;
|
unsigned int queue_len;
|
||||||
|
|
||||||
queue_len = dl_list_len(&hapd->sae_commit_queue);
|
queue_len = dl_list_len(&hapd->sae_commit_queue);
|
||||||
if (queue_len >= 5) {
|
if (queue_len >= hapd->conf->max_num_sta) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"SAE: No more room in message queue - drop the new frame from "
|
"SAE: No more room in message queue - drop the new frame from "
|
||||||
MACSTR, MAC2STR(bssid));
|
MACSTR, MAC2STR(bssid));
|
||||||
|
|||||||
@@ -113,6 +113,10 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
|
|||||||
os_mutex_delete(sta->lock);
|
os_mutex_delete(sta->lock);
|
||||||
sta->lock = NULL;
|
sta->lock = NULL;
|
||||||
}
|
}
|
||||||
|
if (sta->sae_data) {
|
||||||
|
wpabuf_free(sta->sae_data);
|
||||||
|
sta->sae_data = NULL;
|
||||||
|
}
|
||||||
#endif /* CONFIG_SAE */
|
#endif /* CONFIG_SAE */
|
||||||
wpa_auth_sta_deinit(sta->wpa_sm);
|
wpa_auth_sta_deinit(sta->wpa_sm);
|
||||||
#ifdef CONFIG_WPS_REGISTRAR
|
#ifdef CONFIG_WPS_REGISTRAR
|
||||||
|
|||||||
@@ -66,6 +66,7 @@ struct sta_info {
|
|||||||
* processing commit for that station */
|
* processing commit for that station */
|
||||||
bool remove_pending; /* Flag to indicate to free station when
|
bool remove_pending; /* Flag to indicate to free station when
|
||||||
* whose mutex is taken by task */
|
* whose mutex is taken by task */
|
||||||
|
struct wpabuf *sae_data;
|
||||||
#endif /* CONFIG_SAE */
|
#endif /* CONFIG_SAE */
|
||||||
#endif /* ESP_SUPPLICANT */
|
#endif /* ESP_SUPPLICANT */
|
||||||
|
|
||||||
|
|||||||
@@ -1875,6 +1875,10 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
|
|||||||
}
|
}
|
||||||
|
|
||||||
kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
|
kde_len = wpa_ie_len + ieee80211w_kde_len(sm);
|
||||||
|
|
||||||
|
if (sm->wpa_auth->conf.transition_disable)
|
||||||
|
kde_len += 2 + RSN_SELECTOR_LEN + 1;
|
||||||
|
|
||||||
if (gtk)
|
if (gtk)
|
||||||
kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
|
kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len;
|
||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
@@ -1911,6 +1915,9 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
|
|||||||
}
|
}
|
||||||
pos = ieee80211w_kde_add(sm, pos);
|
pos = ieee80211w_kde_add(sm, pos);
|
||||||
|
|
||||||
|
if (sm->wpa_auth->conf.transition_disable)
|
||||||
|
pos = wpa_add_kde(pos, WFA_KEY_DATA_TRANSITION_DISABLE,
|
||||||
|
&sm->wpa_auth->conf.transition_disable, 1, NULL, 0);
|
||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
|
if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
|
||||||
int res;
|
int res;
|
||||||
|
|||||||
@@ -144,6 +144,10 @@ struct wpa_auth_config {
|
|||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
enum mfp_options ieee80211w;
|
enum mfp_options ieee80211w;
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
|
int group_mgmt_cipher;
|
||||||
|
#ifdef CONFIG_SAE
|
||||||
|
int sae_require_mfp;
|
||||||
|
#endif /* CONFIG_SAE */
|
||||||
#ifdef CONFIG_IEEE80211R
|
#ifdef CONFIG_IEEE80211R
|
||||||
#define SSID_LEN 32
|
#define SSID_LEN 32
|
||||||
u8 ssid[SSID_LEN];
|
u8 ssid[SSID_LEN];
|
||||||
@@ -163,6 +167,7 @@ struct wpa_auth_config {
|
|||||||
int ap_mlme;
|
int ap_mlme;
|
||||||
enum sae_pwe sae_pwe;
|
enum sae_pwe sae_pwe;
|
||||||
struct rsn_sppamsdu_sup spp_sup;
|
struct rsn_sppamsdu_sup spp_sup;
|
||||||
|
u8 transition_disable;
|
||||||
};
|
};
|
||||||
|
|
||||||
typedef enum {
|
typedef enum {
|
||||||
|
|||||||
@@ -388,6 +388,7 @@ u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
|
|||||||
return pos;
|
return pos;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
enum wpa_validate_result
|
enum wpa_validate_result
|
||||||
wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||||
struct wpa_state_machine *sm,
|
struct wpa_state_machine *sm,
|
||||||
@@ -563,13 +564,25 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
|||||||
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
|
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
|
if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
|
||||||
wpa_printf( MSG_DEBUG, "Unsupported management group "
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "Unsupported management group "
|
||||||
"cipher %d", data.mgmt_group_cipher);
|
"cipher %d", data.mgmt_group_cipher);
|
||||||
return WPA_INVALID_MGMT_GROUP_CIPHER;
|
return WPA_INVALID_MGMT_GROUP_CIPHER;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef CONFIG_SAE
|
||||||
|
if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
|
||||||
|
wpa_auth->conf.sae_require_mfp &&
|
||||||
|
wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
|
||||||
|
!(data.capabilities & WPA_CAPABILITY_MFPC)) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"Management frame protection required with SAE, but client did not enable it");
|
||||||
|
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_SAE */
|
||||||
|
|
||||||
if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
|
if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
|
||||||
!(data.capabilities & WPA_CAPABILITY_MFPC))
|
!(data.capabilities & WPA_CAPABILITY_MFPC))
|
||||||
sm->mgmt_frame_prot = 0;
|
sm->mgmt_frame_prot = 0;
|
||||||
|
|||||||
Reference in New Issue
Block a user