AP MLD: Require same AKM and pairwise cipher for all links
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com> Co-developed-by: Adil Saeed Musthafa <quic_adilm@quicinc.com> Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
This commit is contained in:
parent
8891ebdc1d
commit
84d2a36da0
6 changed files with 27 additions and 9 deletions
|
@ -528,7 +528,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
|
||||||
elems.rsnxe ? elems.rsnxe - 2 : NULL,
|
elems.rsnxe ? elems.rsnxe - 2 : NULL,
|
||||||
elems.rsnxe ? elems.rsnxe_len + 2 : 0,
|
elems.rsnxe ? elems.rsnxe_len + 2 : 0,
|
||||||
elems.mdie, elems.mdie_len,
|
elems.mdie, elems.mdie_len,
|
||||||
elems.owe_dh, elems.owe_dh_len);
|
elems.owe_dh, elems.owe_dh_len, NULL);
|
||||||
reason = WLAN_REASON_INVALID_IE;
|
reason = WLAN_REASON_INVALID_IE;
|
||||||
status = WLAN_STATUS_INVALID_IE;
|
status = WLAN_STATUS_INVALID_IE;
|
||||||
switch (res) {
|
switch (res) {
|
||||||
|
|
|
@ -1882,7 +1882,7 @@ void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
elems.rsn_ie - 2, elems.rsn_ie_len + 2,
|
elems.rsn_ie - 2, elems.rsn_ie_len + 2,
|
||||||
elems.rsnxe ? elems.rsnxe - 2 : NULL,
|
elems.rsnxe ? elems.rsnxe - 2 : NULL,
|
||||||
elems.rsnxe ? elems.rsnxe_len + 2 : 0,
|
elems.rsnxe ? elems.rsnxe_len + 2 : 0,
|
||||||
elems.mdie, elems.mdie_len, NULL, 0);
|
elems.mdie, elems.mdie_len, NULL, 0, NULL);
|
||||||
resp = wpa_res_to_status_code(res);
|
resp = wpa_res_to_status_code(res);
|
||||||
if (resp != WLAN_STATUS_SUCCESS)
|
if (resp != WLAN_STATUS_SUCCESS)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
@ -3770,7 +3770,7 @@ u16 owe_process_rsn_ie(struct hostapd_data *hapd,
|
||||||
rsn_ie_len += 2;
|
rsn_ie_len += 2;
|
||||||
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
|
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
|
||||||
hapd->iface->freq, rsn_ie, rsn_ie_len,
|
hapd->iface->freq, rsn_ie, rsn_ie_len,
|
||||||
NULL, 0, NULL, 0, owe_dh, owe_dh_len);
|
NULL, 0, NULL, 0, owe_dh, owe_dh_len, NULL);
|
||||||
status = wpa_res_to_status_code(res);
|
status = wpa_res_to_status_code(res);
|
||||||
if (status != WLAN_STATUS_SUCCESS)
|
if (status != WLAN_STATUS_SUCCESS)
|
||||||
goto end;
|
goto end;
|
||||||
|
@ -3859,6 +3859,8 @@ static int __check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
const u8 *wpa_ie;
|
const u8 *wpa_ie;
|
||||||
size_t wpa_ie_len;
|
size_t wpa_ie_len;
|
||||||
const u8 *p2p_dev_addr = NULL;
|
const u8 *p2p_dev_addr = NULL;
|
||||||
|
struct hostapd_data *assoc_hapd;
|
||||||
|
struct sta_info *assoc_sta = NULL;
|
||||||
|
|
||||||
resp = check_ssid(hapd, sta, elems->ssid, elems->ssid_len);
|
resp = check_ssid(hapd, sta, elems->ssid, elems->ssid_len);
|
||||||
if (resp != WLAN_STATUS_SUCCESS)
|
if (resp != WLAN_STATUS_SUCCESS)
|
||||||
|
@ -4033,6 +4035,10 @@ static int __check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
wpa_ie_len += 2;
|
wpa_ie_len += 2;
|
||||||
|
|
||||||
if (!sta->wpa_sm) {
|
if (!sta->wpa_sm) {
|
||||||
|
if (!link)
|
||||||
|
assoc_sta = hostapd_ml_get_assoc_sta(
|
||||||
|
hapd, sta, &assoc_hapd);
|
||||||
|
|
||||||
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
|
||||||
sta->addr,
|
sta->addr,
|
||||||
p2p_dev_addr);
|
p2p_dev_addr);
|
||||||
|
@ -4065,7 +4071,8 @@ static int __check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
elems->rsnxe ? elems->rsnxe_len + 2 :
|
elems->rsnxe ? elems->rsnxe_len + 2 :
|
||||||
0,
|
0,
|
||||||
elems->mdie, elems->mdie_len,
|
elems->mdie, elems->mdie_len,
|
||||||
elems->owe_dh, elems->owe_dh_len);
|
elems->owe_dh, elems->owe_dh_len,
|
||||||
|
assoc_sta ? assoc_sta->wpa_sm : NULL);
|
||||||
resp = wpa_res_to_status_code(res);
|
resp = wpa_res_to_status_code(res);
|
||||||
if (resp != WLAN_STATUS_SUCCESS)
|
if (resp != WLAN_STATUS_SUCCESS)
|
||||||
return resp;
|
return resp;
|
||||||
|
|
|
@ -435,7 +435,8 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||||
const u8 *wpa_ie, size_t wpa_ie_len,
|
const u8 *wpa_ie, size_t wpa_ie_len,
|
||||||
const u8 *rsnxe, size_t rsnxe_len,
|
const u8 *rsnxe, size_t rsnxe_len,
|
||||||
const u8 *mdie, size_t mdie_len,
|
const u8 *mdie, size_t mdie_len,
|
||||||
const u8 *owe_dh, size_t owe_dh_len);
|
const u8 *owe_dh, size_t owe_dh_len,
|
||||||
|
struct wpa_state_machine *assoc_sm);
|
||||||
int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
|
int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
|
||||||
struct wpa_state_machine *sm,
|
struct wpa_state_machine *sm,
|
||||||
const u8 *osen_ie, size_t osen_ie_len);
|
const u8 *osen_ie, size_t osen_ie_len);
|
||||||
|
|
|
@ -608,7 +608,8 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||||
const u8 *wpa_ie, size_t wpa_ie_len,
|
const u8 *wpa_ie, size_t wpa_ie_len,
|
||||||
const u8 *rsnxe, size_t rsnxe_len,
|
const u8 *rsnxe, size_t rsnxe_len,
|
||||||
const u8 *mdie, size_t mdie_len,
|
const u8 *mdie, size_t mdie_len,
|
||||||
const u8 *owe_dh, size_t owe_dh_len)
|
const u8 *owe_dh, size_t owe_dh_len,
|
||||||
|
struct wpa_state_machine *assoc_sm)
|
||||||
{
|
{
|
||||||
struct wpa_auth_config *conf = &wpa_auth->conf;
|
struct wpa_auth_config *conf = &wpa_auth->conf;
|
||||||
struct wpa_ie_data data;
|
struct wpa_ie_data data;
|
||||||
|
@ -956,6 +957,15 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
||||||
else
|
else
|
||||||
sm->wpa = WPA_VERSION_WPA;
|
sm->wpa = WPA_VERSION_WPA;
|
||||||
|
|
||||||
|
if (assoc_sm) {
|
||||||
|
/* For ML association link STA cannot choose a different
|
||||||
|
* AKM or pairwise cipher from association STA */
|
||||||
|
if (sm->wpa_key_mgmt != assoc_sm->wpa_key_mgmt)
|
||||||
|
return WPA_INVALID_AKMP;
|
||||||
|
if (sm->pairwise != assoc_sm->pairwise)
|
||||||
|
return WPA_INVALID_PAIRWISE;
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
|
#if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
|
||||||
if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||
|
if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||
|
||||||
sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) &&
|
sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) &&
|
||||||
|
|
|
@ -262,7 +262,7 @@ static int auth_init(struct wpa *wpa)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (wpa_validate_wpa_ie(wpa->auth_group, wpa->auth, 2412, supp_ie,
|
if (wpa_validate_wpa_ie(wpa->auth_group, wpa->auth, 2412, supp_ie,
|
||||||
supp_ie_len, NULL, 0, NULL, 0, NULL, 0) !=
|
supp_ie_len, NULL, 0, NULL, 0, NULL, 0, NULL) !=
|
||||||
WPA_IE_OK) {
|
WPA_IE_OK) {
|
||||||
wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
|
wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -484,8 +484,8 @@ static int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn,
|
||||||
"\x00\x0f\xac\x04"
|
"\x00\x0f\xac\x04"
|
||||||
"\x01\x00\x00\x0f\xac\x04"
|
"\x01\x00\x00\x0f\xac\x04"
|
||||||
"\x01\x00\x00\x0f\xac\x02"
|
"\x01\x00\x00\x0f\xac\x02"
|
||||||
"\x00\x00", 22, NULL, 0, NULL, 0, NULL, 0) !=
|
"\x00\x00", 22, NULL, 0, NULL, 0, NULL, 0,
|
||||||
WPA_IE_OK) {
|
NULL) != WPA_IE_OK) {
|
||||||
wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
|
wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue