[PATCH 1/4] RSN: Add RSNXE new definitions

Ilan Peer ilan.peer at intel.com
Wed Dec 16 06:01:37 EST 2020 

Draft P802.11az_D2.6 defined the following additional
capabilities to the RSNXE information element:

- Secure LTF support
- Secure RTT support
- Protection of range negotiation and measurement management
  frames.

Add support for adverting the new capabilities.

Signed-off-by: Ilan Peer <ilan.peer at intel.com>
---
 src/ap/ieee802_11_shared.c   | 46 +++++++++++++++++++++++++-----------
 src/ap/wpa_auth.h            |  7 +++++-
 src/ap/wpa_auth_glue.c       |  7 ++++++
 src/ap/wpa_auth_ie.c         | 39 +++++++++++++++++++++---------
 src/common/ieee802_11_defs.h |  5 ++++
 src/drivers/driver.h         |  9 +++++++
 src/rsn_supp/wpa_i.h         |  7 +++++-
 src/rsn_supp/wpa_ie.c        | 42 ++++++++++++++++++++++----------
 8 files changed, 122 insertions(+), 40 deletions(-)

diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index 17003d5067..7b544d14a0 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -1095,6 +1095,7 @@ int get_tx_parameters(struct sta_info *sta, int ap_max_chanwidth,
 
 u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
 {
+	size_t ie_len = 1;
 	u8 *pos = eid;
 	bool sae_pk = false;
 
@@ -1102,24 +1103,41 @@ u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
 	sae_pk = hostapd_sae_pk_in_use(hapd->conf);
 #endif /* CONFIG_SAE_PK */
 
-	if (!(hapd->conf->wpa & WPA_PROTO_RSN) ||
-	    !wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) ||
-	    (hapd->conf->sae_pwe != 1 && hapd->conf->sae_pwe != 2 &&
-	     !hostapd_sae_pw_id_in_use(hapd->conf) && !sae_pk) ||
-	    hapd->conf->sae_pwe == 3 ||
-	    len < 3)
+	if (hapd->iface->drv_flags2 & (WPA_DRIVER_FLAGS2_SEC_LTF |
+				       WPA_DRIVER_FLAGS2_SEC_RTT |
+				       WPA_DRIVER_FLAGS2_PROT_RANGE_NEG))
+		ie_len = 2;
+
+	if (!(hapd->conf->wpa & WPA_PROTO_RSN) || len < (2 + ie_len))
 		return pos;
 
 	*pos++ = WLAN_EID_RSNX;
-	*pos++ = 1;
-	/* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is
-	 * used for now */
-	*pos = BIT(WLAN_RSNX_CAPAB_SAE_H2E);
+	*pos++ = ie_len;
+	*pos = ie_len - 1;
+
+	if (wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
+	    (hapd->conf->sae_pwe == 1 || hapd->conf->sae_pwe == 2 ||
+	     hostapd_sae_pw_id_in_use(hapd->conf) || sae_pk) && hapd->conf->sae_pwe != 3) {
+		*pos |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
 #ifdef CONFIG_SAE_PK
-	if (sae_pk)
-		*pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
+		if (sae_pk)
+			*pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
 #endif /* CONFIG_SAE_PK */
-	pos++;
+	}
 
-	return pos;
+	if (!*pos)
+		return eid;
+
+	*++pos = 0;
+
+	if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF)
+		*pos |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
+
+	if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT)
+		*pos |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
+
+	if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG)
+		*pos |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
+
+	return eid + 2 + ie_len;
 }
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index f0e8d8f66d..129c65433d 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -256,7 +256,12 @@ struct wpa_auth_config {
 	u8 fils_cache_id[FILS_CACHE_ID_LEN];
 #endif /* CONFIG_FILS */
 	int sae_pwe;
-	bool sae_pk;
+
+	unsigned int sae_pk:1;
+	unsigned int secure_ltf:1;
+	unsigned int secure_rtt:1;
+	unsigned int prot_range_neg:1;
+
 	int owe_ptk_workaround;
 	u8 transition_disable;
 #ifdef CONFIG_DPP2
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 9183e1b659..0e9b838127 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1510,6 +1510,13 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
 	else
 		_conf.extended_key_id = 0;
 
+	_conf.secure_ltf =
+		!!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF);
+	_conf.secure_rtt =
+		!!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT);
+	_conf.prot_range_neg =
+		!!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG);
+
 	hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
 	if (hapd->wpa_auth == NULL) {
 		wpa_printf(MSG_ERROR, "WPA initialization failed.");
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 972ca84b6e..de2c07ec68 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -383,26 +383,43 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
 
 int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len)
 {
+	size_t ie_len = 1;
 	u8 *pos = buf;
 
-	if (conf->sae_pwe != 1 && conf->sae_pwe != 2 && !conf->sae_pk)
-		return 0; /* no supported extended RSN capabilities */
+	if (conf->secure_ltf || conf->secure_rtt || conf->prot_range_neg)
+		ie_len = 2;
 
-	if (len < 3)
+	if (len < 2 + ie_len)
 		return -1;
 
 	*pos++ = WLAN_EID_RSNX;
-	*pos++ = 1;
-	/* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is
-	 * used for now */
-	*pos = BIT(WLAN_RSNX_CAPAB_SAE_H2E);
+	*pos++ = ie_len;
+	*pos = ie_len - 1;
+
+	if (wpa_key_mgmt_sae(conf->wpa_key_mgmt) &&
+	    (conf->sae_pwe == 1 || conf->sae_pwe == 2)) {
+		*pos |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
 #ifdef CONFIG_SAE_PK
-	if (conf->sae_pk)
-		*pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
+		if (conf->sae_pk)
+			*pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
 #endif /* CONFIG_SAE_PK */
-	pos++;
+	}
 
-	return pos - buf;
+	if (!*pos)
+		return 0;
+
+	*++pos = 0;
+
+	if (conf->secure_ltf)
+		*pos |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
+
+	if (conf->secure_rtt)
+		*pos |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
+
+	if (conf->prot_range_neg)
+		*pos |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
+
+	return 2 + ie_len;
 }
 
 
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index 2705589bca..88f990205c 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -579,6 +579,11 @@
 #define WLAN_RSNX_CAPAB_SAE_H2E 5
 #define WLAN_RSNX_CAPAB_SAE_PK 6
 
+/* Extended RSN Capabilities 2nd octect */
+#define WLAN_RSNX_CAPAB_SECURE_LTF 0
+#define WLAN_RSNX_CAPAB_SECURE_RTT 1
+#define WLAN_RSNX_CAPAB_PROT_RANGE_NEG 2
+
 /* Action frame categories (IEEE Std 802.11-2016, 9.4.1.11, Table 9-76) */
 #define WLAN_ACTION_SPECTRUM_MGMT 0
 #define WLAN_ACTION_QOS 1
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index b0543e7b42..f737aecae1 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1950,6 +1950,15 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS2_CONTROL_PORT_RX	0x0000000000000001ULL
 /** Driver supports TX status reports for EAPOL frames through control port */
 #define WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS 0x0000000000000002ULL
+/** Driver supports secure LTF */
+#define WPA_DRIVER_FLAGS2_SEC_LTF		0x0000000000000004ULL
+/** Driver supports secure RTT measurement exchange */
+#define WPA_DRIVER_FLAGS2_SEC_RTT		0x0000000000000008ULL
+/**
+ * Driver supports protection of range negotiation and measurement management
+ * frames
+ */
+#define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG	0x0000000000000010ULL
 	u64 flags2;
 
 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 72a6023dd3..5f68282617 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -105,8 +105,13 @@ struct wpa_sm {
 	int rsn_enabled; /* Whether RSN is enabled in configuration */
 	int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */
 	int ocv; /* Operating Channel Validation */
+
 	int sae_pwe; /* SAE PWE generation options */
-	int sae_pk; /* whether SAE-PK is used */
+
+	unsigned int sae_pk:1; /* whether SAE-PK is used */
+	unsigned int secure_ltf:1;
+	unsigned int secure_rtt:1;
+	unsigned int prot_range_neg:1;
 
 	u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */
 	size_t assoc_wpa_ie_len;
diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c
index 20fdd6987f..dd9088c152 100644
--- a/src/rsn_supp/wpa_ie.c
+++ b/src/rsn_supp/wpa_ie.c
@@ -353,26 +353,42 @@ int wpa_gen_wpa_ie(struct wpa_sm *sm, u8 *wpa_ie, size_t wpa_ie_len)
 
 int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len)
 {
+	size_t ie_len = 1;
 	u8 *pos = rsnxe;
 
-	if (!wpa_key_mgmt_sae(sm->key_mgmt))
-		return 0; /* SAE not in use */
-	if (sm->sae_pwe != 1 && sm->sae_pwe != 2 && !sm->sae_pk)
-		return 0; /* no supported extended RSN capabilities */
+	if (sm->secure_ltf || sm->secure_rtt || sm->prot_range_neg)
+		ie_len = 2;
 
-	if (rsnxe_len < 3)
+	if (rsnxe_len < 2 + ie_len)
 		return -1;
 
 	*pos++ = WLAN_EID_RSNX;
-	*pos++ = 1;
-	/* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is
-	 * used for now */
-	*pos = BIT(WLAN_RSNX_CAPAB_SAE_H2E);
+	*pos++ = ie_len;
+	*pos = ie_len - 1;
+
+	/* Indicate the SAE H2E is supported */
+	if (wpa_key_mgmt_sae(sm->key_mgmt) &&
+	    (sm->sae_pwe == 1 || sm->sae_pwe == 2 || sm->sae_pk)) {
+		*pos |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
 #ifdef CONFIG_SAE_PK
-	if (sm->sae_pk)
-		*pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
+		if (sm->sae_pk)
+			*pos |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
 #endif /* CONFIG_SAE_PK */
-	pos++;
+	}
+
+	if (!*pos)
+		return 0;
+
+	*++pos = 0;
+
+	if (sm->secure_ltf)
+		*pos |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
+
+	if (sm->secure_rtt)
+		*pos |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
+
+	if (sm->prot_range_neg)
+		*pos |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
 
-	return pos - rsnxe;
+	return 2 + ie_len;
 }
-- 
2.17.1

More information about the Hostap mailing list