FILS: Fix issuing FILS connect to a non-FILS AP in driver-FILS case

If an AP is not FILS capable and wpa_supplicant has a saved network
block for the network with FILS key management and a saved erp info,
wpa_supplicant might end up issuing a FILS connection to a non-FILS AP.
Fix this by looking for the presence of FILS AKMs in wpa_s->key_mgmt,
i.e., after deciding on the AKM suites to use for the current
connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Vidyullatha Kanchanapally 2017-07-12 14:59:16 +05:30 committed by Jouni Malinen
parent 9f44f7f3b5
commit b377ec2585

View File

@ -2305,6 +2305,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
const u8 *realm, *username, *rrk;
size_t realm_len, username_len, rrk_len;
u16 next_seq_num;
struct fils_hlp_req *req;
#endif /* CONFIG_FILS */
if (deinit) {
@ -2384,56 +2385,14 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
* previous association. */
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
#ifdef IEEE8021X_EAPOL
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
if (ssid->leap) {
if (ssid->non_leap == 0)
algs = WPA_AUTH_ALG_LEAP;
else
algs |= WPA_AUTH_ALG_LEAP;
}
}
#ifdef CONFIG_FILS
/* Clear FILS association */
wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
ssid->eap.erp && wpa_key_mgmt_fils(ssid->key_mgmt) &&
eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
&username_len, &realm, &realm_len,
&next_seq_num, &rrk, &rrk_len) == 0) {
algs = WPA_AUTH_ALG_FILS;
params.fils_erp_username = username;
params.fils_erp_username_len = username_len;
params.fils_erp_realm = realm;
params.fils_erp_realm_len = realm_len;
params.fils_erp_next_seq_num = next_seq_num;
params.fils_erp_rrk = rrk;
params.fils_erp_rrk_len = rrk_len;
dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
list) {
max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2 + 2 * wpabuf_len(req->pkt) / 255;
}
#endif /* CONFIG_FILS */
#endif /* IEEE8021X_EAPOL */
wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
if (ssid->auth_alg) {
algs = ssid->auth_alg;
wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
"0x%x", algs);
}
#ifdef CONFIG_FILS
if (algs == WPA_AUTH_ALG_FILS) {
struct fils_hlp_req *req;
dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
list) {
max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 +
wpabuf_len(req->pkt) +
2 + 2 * wpabuf_len(req->pkt) / 255;
}
}
#endif /* CONFIG_FILS */
wpa_ie = os_malloc(max_wpa_ie_len);
if (!wpa_ie) {
wpa_printf(MSG_ERROR,
@ -2514,6 +2473,44 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
wpa_s->wpa_proto = 0;
}
#ifdef IEEE8021X_EAPOL
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
if (ssid->leap) {
if (ssid->non_leap == 0)
algs = WPA_AUTH_ALG_LEAP;
else
algs |= WPA_AUTH_ALG_LEAP;
}
}
#ifdef CONFIG_FILS
/* Clear FILS association */
wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
&username_len, &realm, &realm_len,
&next_seq_num, &rrk, &rrk_len) == 0) {
algs = WPA_AUTH_ALG_FILS;
params.fils_erp_username = username;
params.fils_erp_username_len = username_len;
params.fils_erp_realm = realm;
params.fils_erp_realm_len = realm_len;
params.fils_erp_next_seq_num = next_seq_num;
params.fils_erp_rrk = rrk;
params.fils_erp_rrk_len = rrk_len;
}
#endif /* CONFIG_FILS */
#endif /* IEEE8021X_EAPOL */
wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
if (ssid->auth_alg) {
algs = ssid->auth_alg;
wpa_dbg(wpa_s, MSG_DEBUG,
"Overriding auth_alg selection: 0x%x", algs);
}
#ifdef CONFIG_P2P
if (wpa_s->global->p2p) {
u8 *pos;