[PATCH 10/29] 11bi: RSNE/RSNXE capability Extensions in AP mode

[Sai Pratyusha Magam]

Advertise EPPKE AKM suite in RSN IE of Beacons/Probe
Response frames
Add support to include RSNXE capability indications
for the following features in beacons/probe response
frames and EPPKE Authentication frame 2:
-(Re)Association Request/Response frame encryption
-IEEE802.1X (EAP) Authentication Utilizing Authentication
 frames
-PMKSA Caching Privacy

Signed-off-by: Sai Pratyusha Magam <smagam at qti.qualcomm.com>
---
 hostapd/config_file.c      |  4 ++++
 src/ap/ieee802_11_shared.c | 16 ++++++++++++++++
 src/ap/wpa_auth_ie.c       | 23 +++++++++++++++++++++--
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 6084602c8..e6258a053 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -717,6 +717,10 @@ static int hostapd_config_parse_key_mgmt(int line, const char *value)
 		else if (os_strcmp(start, "PASN") == 0)
 			val |= WPA_KEY_MGMT_PASN;
 #endif /* CONFIG_PASN */
+#ifdef CONFIG_ENC_ASSOC
+		else if (os_strcmp(start, "EPPKE") == 0)
+			val |= WPA_KEY_MGMT_EPPKE;
+#endif /* CONFIG_ENC_ASSOC */
 		else {
 			wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
 				   line, start);
diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index 750891425..05fb35bf3 100644
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -1153,6 +1153,22 @@ u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
 	if ((hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SPP_AMSDU) &&
 	    hapd->conf->spp_amsdu)
 		capab |= BIT(WLAN_RSNX_CAPAB_SPP_A_MSDU);
+#ifdef CONFIG_ENC_ASSOC
+	/* Per IEEE802.11bi/D1.2, 12.16.7 PMKSA caching privacy
+	 * A STA that sets the PMKSA Caching Privacy Support
+	 * field in the RSNXE to 1 shall set the (Re)Association
+	 * Frame Encryption Support field in the RSNXE to 1
+	 */
+	if ((hapd->iface->drv_flags2 &
+	     WPA_DRIVER_FLAGS2_ASSOCIATION_FRAME_ENCRYPTION) &&
+	    (hapd->conf->assoc_frame_encryption ||
+	    hapd->conf->pmksa_caching_privacy))
+		capab |= BIT(WLAN_RSNX_CAPAB_ASSOC_FRAME_ENCRYPTION);
+	if (hapd->conf->pmksa_caching_privacy)
+		capab |= BIT(WLAN_RSNX_CAPAB_PMKSA_CACHING_PRIVACY);
+	if (hapd->conf->eap_using_authentication_frames)
+		capab |= BIT(WLAN_RSNX_CAPAB_1X_UTILIZING_AUTHENTICATION_FRAMES);
+#endif /* CONFIG_ENC_ASSOC */
 
 	if (!capab)
 		return eid; /* no supported extended RSN capabilities */
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 220ac809f..6ae1350a0 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -303,7 +303,13 @@ static u8 * rsne_write_data(u8 *buf, size_t len, u8 *pos, int group,
 		num_suites++;
 	}
 #endif /* CONFIG_PASN */
-
+#ifdef CONFIG_ENC_ASSOC
+	if (key_mgmt & WPA_KEY_MGMT_EPPKE) {
+		RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_EPPKE);
+		pos += RSN_SELECTOR_LEN;
+		num_suites++;
+	}
+#endif /* CONFIG_ENC_ASSOC */
 #ifdef CONFIG_RSN_TESTING
 	if (rsn_testing) {
 		RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
@@ -503,7 +509,20 @@ static u32 rsnxe_capab(struct wpa_auth_config *conf, int key_mgmt)
 		capab |= BIT(WLAN_RSNX_CAPAB_SSID_PROTECTION);
 	if (conf->spp_amsdu)
 		capab |= BIT(WLAN_RSNX_CAPAB_SPP_A_MSDU);
-
+#ifdef CONFIG_ENC_ASSOC
+	/* Per IEEE802.11bi/D2.0, 12.16.7 PMKSA caching privacy
+	 * A STA that sets the PMKSA Caching Privacy Support
+	 * field in the RSNXE to 1 shall set the (Re)Association
+	 * Frame Encryption Support field in the RSNXE to 1
+	 */
+	if (conf->assoc_frame_encryption ||
+	    conf->pmksa_caching_privacy)
+		capab |= BIT(WLAN_RSNX_CAPAB_ASSOC_FRAME_ENCRYPTION);
+	if (conf->pmksa_caching_privacy)
+		capab |= BIT(WLAN_RSNX_CAPAB_PMKSA_CACHING_PRIVACY);
+	if (conf->eap_using_authentication_frames)
+		capab |= BIT(WLAN_RSNX_CAPAB_1X_UTILIZING_AUTHENTICATION_FRAMES);
+#endif /* CONFIG_ENC_ASSOC */
 	return capab;
 }
 
-- 
2.34.1