STA: Add support to connect to FILS enabled APs
Fast Initial Link Setup (FILS) feature defined in 802.11ai specifications
provides means to make faster reconnections with APs within a realm using
EAP-Reauthentication Protocol (ERP). When a STA connecting initially to an
enterprise AP on which FILS is enabled, does full 802.1x EAP handshakes and
generates ERP keys. The STA uses the ERP keys (until they are expired) in
subsequent connections to the enterprise APs within same realm as that of
the AP with which the STA has generated ERP keys to EAP-ERP process to
make connection faster. The EAP-ERP request and EAP-ERP response frames
will be exchanged via 802.11 authentication frames between STA and AP.
More details of EAP-ERP can be found at https://tools.ietf.org/html/rfc6696
FILS specifications defines two AKM suites FILS-SHA256 and FILS-SHA384 for
normal connection and two more AKM suites FILS-FT-SHA256 and FILS-FT-SHA384
for FT connections.
The first connection without using ERP keys uses open auth algorithm and
connects using full eap handshake and the subsequent connections with ERP
keys uses FILS auth algorithm.
DHCP with rapid commit optimizes the DHCP packet exchange. When using rapid
commit feature, DHCP server responds with DHCP ACK packet when it receives
DHCP discover packet. More details of DHCP with rapid commit can be found
at https://tools.ietf.org/html/rfc4039.
The DHCP discover and DHCP ACK packets can be sent with Association
request frame and Association response frame using HLP feature defined in
FILS protocol in order to get the IP address quickly.
When connecting to a FILS AP, start the DHCP client withPreConnection
option set to true before sending connect request to wpa_supplicant. DHCP
client will form discover packet and sends it to Wi-Fi module, then the
DHCP client moves to listen state to be able to receive and process
DHCP ACK or DHCP Offer packets. After receiving DHCP discover packet
from DHCP client, configure DHCP discover packet as HLP packet to
wpa_supplicant and then issue connect request to wpa_supplicant with
appropriate FILS AKM suite. The ERP config option also needs to be enabled
so that wpa_supplicant generates ERP keys while connecting to FILS APs.
If the STA is already connected to a different AP when wpa_supplicant
receives the connect request to the FILS AP, wpa_supplicant disconnects
with that AP before connecting to FILS AP and sends a disconnection event
to frameworks. Do not stop IpClient when disconnection event is received
if FILS connection is in progress, as the IpClient is started for ongoing
FILS connection.
If STA does not have ERP keys required for FILS connection or if the AP is
rejecting the connection in FILS mode probably because of AP not having ERP
keys, then STA will connect to FILS AP with open auth algorithm using full
802.1x EAP handshake. In these cases wpa_supplicant doesn't include HLP IEs
in connect request. Wpa_supplicant notifies framework through connection
event whether it sent HLP IEs to AP or not in the connection request. When
HLP IEs are not sent in association request frame, abort pre-DHCP
connection. When pre-DHCP connection is aborted, DHCP client transitions to
dhcpInit state and sends DHCP discover packet to AP through data path.
If STA has ERP keys, it will send the DHCP discover packet using HLP IEs
in Association Request frame. AP may respond in three ways.
1. AP may not send any DHCP packet uisng HLP IEs in Association Response
frame if the DHCP server doesn't send response within a time less than
802.11 mgmt. timeout. In this case, AP sends the DHCP packet as a data
packet after sending out Association Response frame.
2. AP may send a DHCP ACK packet using HLP IEs in Association Response
frame if the DHCP server supports DHCP with Rapid Commit feature and
sends response within a time less than 802.11 mgmt. timeout.
3. AP may send a DHCP OFFER packet using HLP IEs in Association Response
frame if the DHCP server doesn't support DHCP with Rapid Commit feature and
sends response within a time less than 802.11 mgmt. timeout.
Bug: 143259898
Test: atest.
Test: Basic wifi sanity.
Change-Id: Ib42eb5295fa2403d5a98ceddb15f501c130b61e5
17 files changed