DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

PASN: Remove wpa_s dependency for wpas_pasn_build_auth_1()

Browse source 
Obtain RSNXE capabilities from the driver flags as well and save them in
the wpas_pasn structure.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Vinay Gannevaram 2022-09-18 23:13:54 +05:30 committed by Jouni Malinen
parent 086ccdc598
commit 0be131265a
2 changed files with 33 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
wpa_supplicant/pasn_supplicant.c
View file

@ -909,15 +909,13 @@ static u8 wpas_pasn_get_wrapped_data_format(struct wpas_pasn *pasn)
} }
static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s, static struct wpabuf * wpas_pasn_build_auth_1(struct wpas_pasn *pasn,
const struct wpabuf *comeback) const struct wpabuf *comeback)
{ {
struct wpas_pasn *pasn = &wpa_s->pasn;
struct wpabuf *buf, *pubkey = NULL, *wrapped_data_buf = NULL; struct wpabuf *buf, *pubkey = NULL, *wrapped_data_buf = NULL;
const u8 *pmkid; const u8 *pmkid;
u8 wrapped_data; u8 wrapped_data;
int ret; int ret;
u16 capab;
wpa_printf(MSG_DEBUG, "PASN: Building frame 1"); wpa_printf(MSG_DEBUG, "PASN: Building frame 1");
@ -945,17 +943,6 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
pmkid = NULL; pmkid = NULL;
if (wpa_key_mgmt_ft(pasn->akmp)) { if (wpa_key_mgmt_ft(pasn->akmp)) {
#ifdef CONFIG_IEEE80211R #ifdef CONFIG_IEEE80211R
ret = wpa_pasn_ft_derive_pmk_r1(wpa_s->wpa, pasn->akmp,
pasn->bssid,
pasn->pmk_r1,
&pasn->pmk_r1_len,
pasn->pmk_r1_name);
if (ret) {
wpa_printf(MSG_DEBUG,
"PASN: FT: Failed to derive keys");
goto fail;
}
pmkid = pasn->pmk_r1_name; pmkid = pasn->pmk_r1_name;
#else /* CONFIG_IEEE80211R */ #else /* CONFIG_IEEE80211R */
goto fail; goto fail;
@ -963,8 +950,8 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
} else if (wrapped_data != WPA_PASN_WRAPPED_DATA_NO) { } else if (wrapped_data != WPA_PASN_WRAPPED_DATA_NO) {
struct rsn_pmksa_cache_entry *pmksa; struct rsn_pmksa_cache_entry *pmksa;
pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid, pmksa = pmksa_cache_get(pasn->pmksa, pasn->bssid,
NULL, NULL, pasn->akmp); NULL, NULL, pasn->akmp);
if (pmksa) if (pmksa)
pmkid = pmksa->pmkid; pmkid = pmksa->pmkid;
@ -987,16 +974,7 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0) if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
goto fail; goto fail;
/* Add own RNSXE */ wpa_pasn_add_rsnxe(buf, pasn->rsnxe_capab);
capab = 0;
capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF_STA)
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_STA)
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA)
capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
wpa_pasn_add_rsnxe(buf, capab);
ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher, ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher,
wpabuf_head_u8(buf) + IEEE80211_HDRLEN, wpabuf_head_u8(buf) + IEEE80211_HDRLEN,
@ -1376,7 +1354,7 @@ static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *own_addr,
MAC2STR(pasn->bssid), pasn->akmp, pasn->cipher, MAC2STR(pasn->bssid), pasn->akmp, pasn->cipher,
pasn->group); pasn->group);
frame = wpas_pasn_build_auth_1(wpa_s, comeback); frame = wpas_pasn_build_auth_1(pasn, comeback);
if (!frame) { if (!frame) {
wpa_printf(MSG_DEBUG, "PASN: Failed building 1st auth frame"); wpa_printf(MSG_DEBUG, "PASN: Failed building 1st auth frame");
goto fail; goto fail;
@ -1451,6 +1429,7 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
const u8 *rsne, *rsnxe; const u8 *rsne, *rsnxe;
const u8 *indic; const u8 *indic;
u16 fils_info; u16 fils_info;
u16 capab = 0;
int ret; int ret;
wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: deinit=%d", deinit); wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: deinit=%d", deinit);
@ -1490,6 +1469,15 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
pasn->corrupt_mic = wpa_s->conf->pasn_corrupt_mic; pasn->corrupt_mic = wpa_s->conf->pasn_corrupt_mic;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF_STA)
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_STA)
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA)
capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
pasn->rsnxe_capab = capab;
#ifdef CONFIG_FILS #ifdef CONFIG_FILS
/* Prepare needed information for wpas_pasn_wd_fils_auth(). */ /* Prepare needed information for wpas_pasn_wd_fils_auth(). */
if (awork->akmp == WPA_KEY_MGMT_FILS_SHA256 || if (awork->akmp == WPA_KEY_MGMT_FILS_SHA256 ||
@ -1514,6 +1502,23 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
pasn->pmksa = wpa_sm_get_pmksa_cache(wpa_s->wpa); pasn->pmksa = wpa_sm_get_pmksa_cache(wpa_s->wpa);
if (wpa_key_mgmt_ft(awork->akmp)) {
#ifdef CONFIG_IEEE80211R
ret = wpa_pasn_ft_derive_pmk_r1(wpa_s->wpa, awork->akmp,
awork->bssid,
pasn->pmk_r1,
&pasn->pmk_r1_len,
pasn->pmk_r1_name);
if (ret) {
wpa_printf(MSG_DEBUG,
"PASN: FT: Failed to derive keys");
goto fail;
}
#else /* CONFIG_IEEE80211R */
goto fail;
#endif /* CONFIG_IEEE80211R */
}
ret = wpas_pasn_start(wpa_s, awork->own_addr, awork->bssid, awork->akmp, ret = wpas_pasn_start(wpa_s, awork->own_addr, awork->bssid, awork->akmp,
awork->cipher, awork->group, bss->freq, awork->cipher, awork->group, bss->freq,
rsne, *(rsne + 1) + 2, rsne, *(rsne + 1) + 2,

1
wpa_supplicant/wpa_supplicant_i.h
View file

@ -599,6 +599,7 @@ struct wpas_pasn {
int corrupt_mic; int corrupt_mic;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
void *cb_ctx; void *cb_ctx;
u16 rsnxe_capab;
}; };
#endif /* CONFIG_PASN */ #endif /* CONFIG_PASN */