|
|
@@ -31,6 +31,7 @@
|
|
|
#include "wps_hostapd.h"
|
|
|
#include "ap_drv_ops.h"
|
|
|
#include "ap_config.h"
|
|
|
+#include "ap_mlme.h"
|
|
|
#include "hw_features.h"
|
|
|
#include "dfs.h"
|
|
|
#include "beacon.h"
|
|
|
@@ -381,6 +382,39 @@ skip_wpa_check:
|
|
|
sta->auth_alg, req_ies, req_ies_len);
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
|
|
|
|
|
+#ifdef CONFIG_FILS
|
|
|
+ if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
|
|
+ sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
|
|
+ sta->auth_alg == WLAN_AUTH_FILS_PK) {
|
|
|
+ if (!wpa_fils_validate_fils_session(sta->wpa_sm, req_ies,
|
|
|
+ req_ies_len,
|
|
|
+ sta->fils_session)) {
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
+ "FILS: Session validation failed");
|
|
|
+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
+ }
|
|
|
+
|
|
|
+ res = wpa_fils_validate_key_confirm(sta->wpa_sm, req_ies,
|
|
|
+ req_ies_len);
|
|
|
+ if (res < 0) {
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
+ "FILS: Key Confirm validation failed");
|
|
|
+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!elems.fils_session) {
|
|
|
+ wpa_printf(MSG_DEBUG,
|
|
|
+ "FILS: Session element not found");
|
|
|
+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
+ }
|
|
|
+
|
|
|
+ p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p,
|
|
|
+ elems.fils_session);
|
|
|
+ wpa_hexdump(MSG_DEBUG, "FILS Assoc Resp BUF (IEs)",
|
|
|
+ buf, p - buf);
|
|
|
+ }
|
|
|
+#endif /* CONFIG_FILS */
|
|
|
+
|
|
|
#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_FILS)
|
|
|
hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
|
|
|
|
|
|
@@ -723,6 +757,32 @@ static void hostapd_notify_auth_ft_finish(void *ctx, const u8 *dst,
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
|
|
|
|
|
|
|
|
+#ifdef CONFIG_FILS
|
|
|
+static void hostapd_notify_auth_fils_finish(struct hostapd_data *hapd,
|
|
|
+ struct sta_info *sta, u16 resp,
|
|
|
+ struct wpabuf *data, int pub)
|
|
|
+{
|
|
|
+ if (resp == WLAN_STATUS_SUCCESS) {
|
|
|
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
+ HOSTAPD_LEVEL_DEBUG, "authentication OK (FILS)");
|
|
|
+ sta->flags |= WLAN_STA_AUTH;
|
|
|
+ wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
|
|
+ sta->auth_alg = WLAN_AUTH_FILS_SK;
|
|
|
+ mlme_authenticate_indication(hapd, sta);
|
|
|
+ } else {
|
|
|
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
+ HOSTAPD_LEVEL_DEBUG,
|
|
|
+ "authentication failed (FILS)");
|
|
|
+ }
|
|
|
+
|
|
|
+ hostapd_sta_auth(hapd, sta->addr, 2, resp,
|
|
|
+ data ? wpabuf_head(data) : NULL,
|
|
|
+ data ? wpabuf_len(data) : 0);
|
|
|
+ wpabuf_free(data);
|
|
|
+}
|
|
|
+#endif /* CONFIG_FILS */
|
|
|
+
|
|
|
+
|
|
|
static void hostapd_notif_auth(struct hostapd_data *hapd,
|
|
|
struct auth_info *rx_auth)
|
|
|
{
|
|
|
@@ -760,6 +820,18 @@ static void hostapd_notif_auth(struct hostapd_data *hapd,
|
|
|
return;
|
|
|
}
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
|
|
+
|
|
|
+#ifdef CONFIG_FILS
|
|
|
+ if (rx_auth->auth_type == WLAN_AUTH_FILS_SK) {
|
|
|
+ sta->auth_alg = WLAN_AUTH_FILS_SK;
|
|
|
+ handle_auth_fils(hapd, sta, rx_auth->ies, rx_auth->ies_len,
|
|
|
+ rx_auth->auth_type, rx_auth->auth_transaction,
|
|
|
+ rx_auth->status_code,
|
|
|
+ hostapd_notify_auth_fils_finish);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+#endif /* CONFIG_FILS */
|
|
|
+
|
|
|
fail:
|
|
|
hostapd_sta_auth(hapd, rx_auth->peer, rx_auth->auth_transaction + 1,
|
|
|
status, resp_ies, resp_ies_len);
|
Jeffin Mammen