FT: Omit RSNXE from FT protocol Reassociation Response when needed
The previous design for adding RSNXE into FT was not backwards compatible. Move to a new design based on 20/332r3 to avoid that issue by not include RSNXE in the FT protocol Reassociation Response frame so that a STA not supporting RSNXE can still validate the FTE MIC correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
6140cca819
commit
b7366a942a
4 changed files with 25 additions and 12 deletions
|
|
@ -483,7 +483,8 @@ skip_wpa_check:
|
|||
|
||||
#ifdef CONFIG_IEEE80211R_AP
|
||||
p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf),
|
||||
sta->auth_alg, req_ies, req_ies_len);
|
||||
sta->auth_alg, req_ies, req_ies_len,
|
||||
!elems.rsnxe);
|
||||
if (!p) {
|
||||
wpa_printf(MSG_DEBUG, "FT: Failed to write AssocResp IEs");
|
||||
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||
|
|
|
|||
|
|
@ -3661,7 +3661,8 @@ static int add_associated_sta(struct hostapd_data *hapd,
|
|||
|
||||
static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
||||
const u8 *addr, u16 status_code, int reassoc,
|
||||
const u8 *ies, size_t ies_len, int rssi)
|
||||
const u8 *ies, size_t ies_len, int rssi,
|
||||
int omit_rsnxe)
|
||||
{
|
||||
int send_len;
|
||||
u8 *buf;
|
||||
|
|
@ -3731,7 +3732,8 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
|||
* Transition Information, RSN, [RIC Response] */
|
||||
p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
|
||||
buf + buflen - p,
|
||||
sta->auth_alg, ies, ies_len);
|
||||
sta->auth_alg, ies, ies_len,
|
||||
omit_rsnxe);
|
||||
if (!p) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"FT: Failed to write AssocResp IEs");
|
||||
|
|
@ -3822,6 +3824,7 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
|||
goto rsnxe_done;
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
if (!omit_rsnxe)
|
||||
p = hostapd_eid_rsnxe(hapd, p, buf + buflen - p);
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
rsnxe_done:
|
||||
|
|
@ -4043,7 +4046,7 @@ void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
|
|||
reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
|
||||
sta->fils_pending_assoc_is_reassoc,
|
||||
sta->fils_pending_assoc_req,
|
||||
sta->fils_pending_assoc_req_len, 0);
|
||||
sta->fils_pending_assoc_req_len, 0, 0);
|
||||
os_free(sta->fils_pending_assoc_req);
|
||||
sta->fils_pending_assoc_req = NULL;
|
||||
sta->fils_pending_assoc_req_len = 0;
|
||||
|
|
@ -4091,6 +4094,7 @@ static void handle_assoc(struct hostapd_data *hapd,
|
|||
#ifdef CONFIG_FILS
|
||||
int delay_assoc = 0;
|
||||
#endif /* CONFIG_FILS */
|
||||
int omit_rsnxe = 0;
|
||||
|
||||
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
|
||||
sizeof(mgmt->u.assoc_req))) {
|
||||
|
|
@ -4303,6 +4307,7 @@ static void handle_assoc(struct hostapd_data *hapd,
|
|||
resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
|
||||
if (resp != WLAN_STATUS_SUCCESS)
|
||||
goto fail;
|
||||
omit_rsnxe = !get_ie(pos, left, WLAN_EID_RSNX);
|
||||
|
||||
if (hostapd_get_aid(hapd, sta) < 0) {
|
||||
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
||||
|
|
@ -4456,7 +4461,7 @@ static void handle_assoc(struct hostapd_data *hapd,
|
|||
#endif /* CONFIG_FILS */
|
||||
|
||||
reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
|
||||
left, rssi);
|
||||
left, rssi, omit_rsnxe);
|
||||
os_free(tmp);
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -425,7 +425,8 @@ void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
|
|||
#ifdef CONFIG_IEEE80211R_AP
|
||||
u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
||||
size_t max_len, int auth_alg,
|
||||
const u8 *req_ies, size_t req_ies_len);
|
||||
const u8 *req_ies, size_t req_ies_len,
|
||||
int omit_rsnxe);
|
||||
void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
|
||||
u16 auth_transaction, const u8 *ies, size_t ies_len,
|
||||
void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
|
||||
|
|
|
|||
|
|
@ -2463,7 +2463,8 @@ static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
|
|||
|
||||
u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
||||
size_t max_len, int auth_alg,
|
||||
const u8 *req_ies, size_t req_ies_len)
|
||||
const u8 *req_ies, size_t req_ies_len,
|
||||
int omit_rsnxe)
|
||||
{
|
||||
u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
|
||||
u8 *fte_mic, *elem_count;
|
||||
|
|
@ -2684,10 +2685,15 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
|||
if (ric_start == pos)
|
||||
ric_start = NULL;
|
||||
|
||||
res = wpa_write_rsnxe(&sm->wpa_auth->conf, rsnxe, sizeof(rsnxe_buf));
|
||||
if (omit_rsnxe) {
|
||||
rsnxe_len = 0;
|
||||
} else {
|
||||
res = wpa_write_rsnxe(&sm->wpa_auth->conf, rsnxe,
|
||||
sizeof(rsnxe_buf));
|
||||
if (res < 0)
|
||||
return NULL;
|
||||
rsnxe_len = res;
|
||||
}
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
if (auth_alg == WLAN_AUTH_FT &&
|
||||
sm->wpa_auth->conf.rsnxe_override_ft_set) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue