[PATCH] PASN: Align with Draft P802.11az_D6.0 definitions

Andrei Otcheretianski andrei.otcheretianski at intel.com
Sun Dec 4 04:46:15 PST 2022 

These include:

- RSNXE bits were modified, so update the relevant places accordingly.
- Some PASN status fields were changed/added.

Please note, WLAN_RSNX_CAPAB_PROT_RANGE_NEG was renamed to
WLAN_RSNX_CAPAB_URNM_MFPR and the bit position is changed to 15 instead
of 10, while BIT 10 is used for WLAN_RSNX_CAPAB_URNM_MFPR_X20 and is
not supported yet.

Signed-off-by: Ilan Peer <ilan.peer at intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski at intel.com>
---
 src/ap/ieee802_11_shared.c       | 2 +-
 src/ap/wpa_auth_ie.c             | 2 +-
 src/common/ieee802_11_defs.h     | 6 +++++-
 src/pasn/pasn_responder.c        | 8 ++++----
 src/rsn_supp/wpa_ie.c            | 2 +-
 wpa_supplicant/pasn_supplicant.c | 2 +-
 6 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index a7ab3a2d77..31dfb62543 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -1095,7 +1095,7 @@ u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
 	if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_AP)
 		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
 	if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP)
-		capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
+		capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
 
 	flen = (capab & 0xff00) ? 2 : 1;
 	if (len < 2 + flen || !capab)
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 2a17891032..89d4a3ca03 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -420,7 +420,7 @@ int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len)
 	if (conf->secure_rtt)
 		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
 	if (conf->prot_range_neg)
-		capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
+		capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
 
 	flen = (capab & 0xff00) ? 2 : 1;
 	if (!capab)
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index 6ded79deca..93c8b7ae41 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -209,6 +209,9 @@
 #define WLAN_STATUS_DENIED_HE_NOT_SUPPORTED 124
 #define WLAN_STATUS_SAE_HASH_TO_ELEMENT 126
 #define WLAN_STATUS_SAE_PK 127
+#define WLAN_STATUS_INVALID_PUBKEY           136
+#define WLAN_STATUS_PASN_BASE_AKMP_FAILED    137
+#define WLAN_STATUS_OCI_MISMATCH             138
 
 /* Reason codes (IEEE Std 802.11-2016, 9.4.1.7, Table 9-45) */
 #define WLAN_REASON_UNSPECIFIED 1
@@ -589,7 +592,8 @@
 #define WLAN_RSNX_CAPAB_SAE_PK 6
 #define WLAN_RSNX_CAPAB_SECURE_LTF 8
 #define WLAN_RSNX_CAPAB_SECURE_RTT 9
-#define WLAN_RSNX_CAPAB_PROT_RANGE_NEG 10
+#define WLAN_RSNX_CAPAB_URNM_MFPR_X20 10
+#define WLAN_RSNX_CAPAB_URNM_MFPR     15
 
 /* Multiple BSSID element subelements */
 #define WLAN_MBSSID_SUBELEMENT_NONTRANSMITTED_BSSID_PROFILE 0
diff --git a/src/pasn/pasn_responder.c b/src/pasn/pasn_responder.c
index ea2737c0f3..c67fac4540 100644
--- a/src/pasn/pasn_responder.c
+++ b/src/pasn/pasn_responder.c
@@ -687,7 +687,7 @@ int handle_auth_pasn_1(struct pasn_data *pasn,
 
 	if (!pasn_params.pubkey || !pasn_params.pubkey_len) {
 		wpa_printf(MSG_DEBUG, "PASN: Invalid public key");
-		status = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		status = WLAN_STATUS_INVALID_PARAMETERS;
 		goto send_resp;
 	}
 
@@ -702,7 +702,7 @@ int handle_auth_pasn_1(struct pasn_data *pasn,
 
 		if (ret) {
 			wpa_printf(MSG_DEBUG, "PASN: Invalid comeback token");
-			status = WLAN_STATUS_UNSPECIFIED_FAILURE;
+			status = WLAN_STATUS_INVALID_PARAMETERS;
 			goto send_resp;
 		}
 	} else if (pasn->use_anti_clogging) {
@@ -730,7 +730,7 @@ int handle_auth_pasn_1(struct pasn_data *pasn,
 		wpa_printf(MSG_DEBUG,
 			   "PASN: Invalid first octet in pubkey=0x%x",
 			   pasn_params.pubkey[0]);
-		status = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		status = WLAN_STATUS_INVALID_PUBKEY;
 		goto send_resp;
 	}
 
@@ -863,7 +863,7 @@ int handle_auth_pasn_1(struct pasn_data *pasn,
 			       &pasn_params, wrapped_data, secret);
 	if (ret) {
 		wpa_printf(MSG_DEBUG, "PASN: Failed to derive keys");
-		status = WLAN_STATUS_UNSPECIFIED_FAILURE;
+		status = WLAN_STATUS_PASN_BASE_AKMP_FAILED;
 		goto send_resp;
 	}
 
diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index 2d7f68e8f4..50bd2b276e 100644
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -376,7 +376,7 @@ int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len)
 	if (sm->secure_rtt)
 		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
 	if (sm->prot_range_neg)
-		capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
+		capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
 
 	flen = (capab & 0xff00) ? 2 : 1;
 	if (!capab)
diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index fbef7f2dff..b1f9878a4c 100644
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -577,7 +577,7 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
 	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_STA)
 		capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
 	if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA)
-		capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
+		capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
 	pasn->rsnxe_capab = capab;
 	pasn->send_mgmt = wpas_pasn_send_mlme;
 
-- 
2.25.1

More information about the Hostap mailing list