[PATCH 11/20] wpa_supplicant: Match advertised security profiles in BSS selection

[Andrei Otcheretianski]

From: Ilan Peer <ilan.peer at intel.com>

Extend wpa_supplicant_ssid_bss_match() to consult security profile
element advertised by the AP. For each profile bit set in the bitmap,
look up the corresponding entry in g_security_profiles[] and verify
that the configured network's AKM, pairwise cipher and MFP requirement
satisfy the profile constraints. A BSS is acceptable when at least one
advertised profile matches the configuration.

Signed-off-by: Ilan Peer <ilan.peer at intel.com>
---
 wpa_supplicant/events.c | 90 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 706e2a439f..1c34e77f1a 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -665,6 +665,89 @@ static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
 }
 
 
+/*
+ * wpas_security_profile_match - Check advertised security profiles against
+ * network configuration
+ *
+ * @wpa_s: Pointer to wpa_supplicant data
+ * @ssid: Network configuration to match against
+ * @bss: BSS entry with the advertised Security Profile element
+ * @debug_print: Whether to print debug messages about the matching process
+ *
+ * Check whether the Security Profile element advertised by the AP includes
+ * at least one profile that is compatible with the configured
+ * network parameters (AKM, pairwise cipher and MFP). Returns true if the
+ * at least one advertised profile matches; otherwise false.
+ */
+static bool wpas_security_profile_match(struct wpa_supplicant *wpa_s,
+					struct wpa_ssid *ssid,
+					struct wpa_bss *bss, int debug_print)
+{
+	const u8 *ies, *ie, *bitmap;
+	size_t ies_len, bitmap_octets, i;
+	bool ssid_mfp;
+
+	ies = wpa_bss_ie_ptr(bss);
+	ies_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
+	ie = get_ie_ext(ies, ies_len, WLAN_EID_EXT_SECURITY_PROFILE);
+	if (!ie)
+		return false;
+
+	/* WLAN_EID_EXTENSION + reduced RSN cap + security profile indication +
+	 * bitmap.
+	 */
+	if (ie[1] < 4) {
+		if (debug_print)
+			wpa_dbg(wpa_s, MSG_DEBUG,
+				"   skip - truncated Security Profile element");
+		return false;
+	}
+
+	bitmap_octets = (ie[4] & SECURITY_PROFILE_IND_OCTETS_BITMAP_MASK) >>
+		SECURITY_PROFILE_IND_OCTETS_BITMAP_SHIFT;
+	if (!bitmap_octets || ie[1] < 3 + bitmap_octets) {
+		if (debug_print)
+			wpa_dbg(wpa_s, MSG_DEBUG,
+				"   skip - invalid Security Profile element bitmap length");
+		return false;
+	}
+	bitmap = &ie[5];
+
+	ssid_mfp = wpas_get_ssid_pmf(wpa_s, ssid) ==
+		MGMT_FRAME_PROTECTION_REQUIRED;
+
+	for (i = 0; i < ARRAY_SIZE(g_security_profiles); i++) {
+		const struct ieee80211_security_profile *p;
+
+		if ((i / 8) >= bitmap_octets)
+			break;
+
+		if (!(bitmap[i / 8] & BIT(i % 8)))
+			continue;
+
+		p = &g_security_profiles[i];
+		if ((ssid->key_mgmt & p->akm) != p->akm ||
+		    (p->akm2 && (ssid->key_mgmt & p->akm2) != p->akm2) ||
+		    (ssid->pairwise_cipher & p->pairwise_cipher) !=
+		    p->pairwise_cipher ||
+		    p->mfp != ssid_mfp ||
+		    p->assoc_frame_enc_and_pmksa_privacy != ssid->pmksa_privacy)
+			continue;
+
+		if (debug_print)
+			wpa_dbg(wpa_s, MSG_DEBUG,
+				"   security profile %d matches network configuration",
+				p->number);
+		return true;
+	}
+
+	if (debug_print)
+		wpa_dbg(wpa_s, MSG_DEBUG,
+			"   skip - no advertised security profile matches network configuration");
+	return false;
+}
+
+
 static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
 					 struct wpa_ssid *ssid,
 					 struct wpa_bss *bss, int debug_print)
@@ -698,6 +781,13 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
 		return 0;
 	}
 
+	if (wpas_security_profile_match(wpa_s, ssid, bss, debug_print)) {
+		if (debug_print)
+			wpa_dbg(wpa_s, MSG_DEBUG,
+				"   Selected based on security profile match");
+		return 1;
+	}
+
 	while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) {
 		proto_match++;
 
-- 
2.53.0