qcacld-3.0: Advertise MDIE in FT-FILS authentication frame

IEEE802.11ai standard mandates Mobility domain IE to be advertised in authentication frames for FT-FILS connection. With FT-FILS akm suite connection, initial association to the AP happens with full EAP-8021x handshake. When association to the AP happens second time, FILS connection with auth algo 4 and ERP keys exchange happens. During this FILS association, host driver doesn't send MDIE in the authentication request frame. This will result in authentication rejection with failure code: INVALID_MDIE. Advertise MDIE in authentication frame during FT-FILS initial mobility domain association. Also mark the connection as 11r connection in PE session when the AKM suite is FT-FILS SHA-256 or FT-FILS SHA 384. Change-Id: I4dbbd9b0ef67ef3a6eb3b8afaaaa22be260d7b3e CRs-Fixed: 2411728
2019-03-08 00:33:50 +05:30 · 2019-03-08 00:33:50 +05:30 · 239883a43c
commit 239883a43c
parent bf7771a62f
3 changed files with 40 additions and 4 deletions
--- a/core/mac/src/pe/lim/lim_process_fils.c
+++ b/core/mac/src/pe/lim/lim_process_fils.c
@ -996,6 +996,33 @@ void lim_add_fils_data_to_auth_frame(struct pe_session *session,
 	lim_fils_data_dump("FILS RSN", fils_info->rsn_ie,
 			fils_info->rsn_ie_len);

+	/**
+	 * FT-FILS IEEE-802.11ai specification mandates
+	 * MDIE to be sent in auth frame during initial
+	 * mobility domain association
+	 */
+	if (session->pLimJoinReq->is11Rconnection) {
+		struct bss_description *bss_desc;
+
+		bss_desc = &session->pLimJoinReq->bssDescription;
+
+		if (bss_desc->mdiePresent) {
+			/* Populate MDIE received from AP */
+			*body = SIR_MDIE_ELEMENT_ID;
+			body++;
+			*body = SIR_MDIE_SIZE;
+			body++;
+			qdf_mem_copy(body, &bss_desc->mdie[0],
+			     SIR_MDIE_SIZE);
+			pe_debug("FILS: mdie = %02x %02x %02x",
+				 bss_desc->mdie[0], bss_desc->mdie[1],
+				 bss_desc->mdie[2]);
+			body += SIR_MDIE_SIZE;
+		} else {
+			pe_err("FT-FILS: MDIE not advertised by AP");
+		}
+	}
+
 	/* ***Nounce*** */
 	/* Add element id */
 	*body = SIR_MAX_ELEMENT_ID;
--- a/core/mac/src/pe/lim/lim_send_management_frames.c
+++ b/core/mac/src/pe/lim/lim_send_management_frames.c
@ -2288,6 +2288,12 @@ lim_send_auth_mgmt_frame(struct mac_context *mac_ctx,
 				frame_len += (2 + SIR_MDIE_SIZE);
 			}
 		}
+
+		/* include MDIE in FILS authentication frame */
+		if (session->pLimJoinReq->is11Rconnection &&
+		    auth_frame->authAlgoNumber == SIR_FILS_SK_WITHOUT_PFS &&
+		    session->pLimJoinReq->bssDescription.mdiePresent)
+			frame_len += (2 + SIR_MDIE_SIZE);
 		break;

 	case SIR_MAC_AUTH_FRAME_2:
@ -2465,10 +2471,11 @@ alloc_packet:
 						pbssDescription->mdie[0],
 					SIR_MDIE_SIZE);
 			}
-		} else if (auth_frame->authAlgoNumber ==
-				SIR_FILS_SK_WITHOUT_PFS) {
-			/* TODO MDIE */
-			pe_debug("appending fils Auth data");
+		} else if ((auth_frame->authAlgoNumber ==
+					SIR_FILS_SK_WITHOUT_PFS) &&
+			   (auth_frame->authTransactionSeqNumber ==
+						SIR_MAC_AUTH_FRAME_1)) {
+			pe_debug("FILS: appending fils Auth data");
 			lim_add_fils_data_to_auth_frame(session, body);
 		}

--- a/core/sme/src/csr/csr_util.c
+++ b/core/sme/src/csr/csr_util.c
@ -2554,6 +2554,8 @@ bool csr_is_auth_type11r(struct mac_context *mac, eCsrAuthType auth_type,
 	case eCSR_AUTH_TYPE_FT_RSN:
 	case eCSR_AUTH_TYPE_FT_SAE:
 	case eCSR_AUTH_TYPE_FT_SUITEB_EAP_SHA384:
+	case eCSR_AUTH_TYPE_FT_FILS_SHA256:
+	case eCSR_AUTH_TYPE_FT_FILS_SHA384:
 		return true;
 	default:
 		break;