[PATCH] hostapd: FT, fix interop connection issue

[Janusz Dziedzic]

From: Janusz Dziedzic <janusz at plumewifi.com>

While configure AP for FT-PSK and WPA-PSK, HP
printer in assoc frame request both AKMs, but
don't add MDIE and don't use FT.

Next in logs we see:

RSN: Trying to use FT, but MDIE not included
IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04
                      02 00 00 0f ac 02 00 0f ac 04 00 00

This is seen with some HP and Epson printers.
This patch strip FT when MDIE is not present and there
is still non-FT key mgmt available.

Signed-off-by: Janusz Dziedzic <janusz at plumewifi.com>
---
 src/ap/wpa_auth_ie.c |  7 +++++++
 src/common/defs.h    | 19 ++++++++++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 28db952..2ea081b 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -539,6 +539,13 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 	if (version == WPA_PROTO_RSN) {
 		res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
 
+		if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
+		    !wpa_key_mgmt_only_ft(data.key_mgmt)) {
+			wpa_printf(MSG_DEBUG, "RSN: FT set in AKM but MDIE is missing, "
+				   "stripping FT because there's still non-FT key mgmt available");
+			data.key_mgmt &= ~WPA_KEY_MGMT_FT;
+		}
+
 		selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
 		if (0) {
 		}
diff --git a/src/common/defs.h b/src/common/defs.h
index 1de099f..38f5059 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -58,6 +58,12 @@ typedef enum { FALSE = 0, TRUE = 1 } Boolean;
 #define WPA_KEY_MGMT_OWE BIT(22)
 #define WPA_KEY_MGMT_DPP BIT(23)
 
+#define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_IEEE8021X | \
+			 WPA_KEY_MGMT_FT_PSK | \
+			 WPA_KEY_MGMT_FT_SAE | \
+			 WPA_KEY_MGMT_FT_FILS_SHA256 | \
+			 WPA_KEY_MGMT_FT_FILS_SHA384)
+
 static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
 {
 	return !!(akm & (WPA_KEY_MGMT_IEEE8021X |
@@ -84,11 +90,14 @@ static inline int wpa_key_mgmt_wpa_psk(int akm)
 
 static inline int wpa_key_mgmt_ft(int akm)
 {
-	return !!(akm & (WPA_KEY_MGMT_FT_PSK |
-			 WPA_KEY_MGMT_FT_IEEE8021X |
-			 WPA_KEY_MGMT_FT_SAE |
-			 WPA_KEY_MGMT_FT_FILS_SHA256 |
-			 WPA_KEY_MGMT_FT_FILS_SHA384));
+	return !!(akm & WPA_KEY_MGMT_FT);
+}
+
+static inline int wpa_key_mgmt_only_ft(int akm)
+{
+	int ft = wpa_key_mgmt_ft(akm);
+	akm &= ~WPA_KEY_MGMT_FT;
+	return ft && !akm;
 }
 
 static inline int wpa_key_mgmt_ft_psk(int akm)
-- 
2.9.3