Allow RSNXE to be removed from Beacon frames for testing purposes

The new hostapd configuration parameter no_beacon_rsnxe=1 can be used to remove RSNXE from Beacon frames. This can be used to test protection mechanisms for downgrade attacks. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-21 00:23:01 +02:00 · 2020-03-21 00:23:01 +02:00 · a55ecfeabe
commit a55ecfeabe
parent b7366a942a
3 changed files with 9 additions and 0 deletions
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@ -4194,6 +4194,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 	} else if (os_strcmp(buf, "igtk_rsc_override") == 0) {
 		wpabuf_free(bss->igtk_rsc_override);
 		bss->igtk_rsc_override = wpabuf_parse_bin(pos);
+	} else if (os_strcmp(buf, "no_beacon_rsnxe") == 0) {
+		bss->no_beacon_rsnxe = atoi(pos);
 #endif /* CONFIG_TESTING_OPTIONS */
 #ifdef CONFIG_SAE
 	} else if (os_strcmp(buf, "sae_password") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@ -683,6 +683,7 @@ struct hostapd_bss_config {
 	struct wpabuf *rsnxe_override_ft;
 	struct wpabuf *gtk_rsc_override;
 	struct wpabuf *igtk_rsc_override;
+	int no_beacon_rsnxe;
 #endif /* CONFIG_TESTING_OPTIONS */

 #define MESH_ENABLED BIT(0)
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@ -323,6 +323,12 @@ static u8 * hostapd_get_rsnxe(struct hostapd_data *hapd, u8 *pos, size_t len)
 {
 	const u8 *ie;

+#ifdef CONFIG_TESTING_OPTIONS
+	if (hapd->conf->no_beacon_rsnxe) {
+		wpa_printf(MSG_INFO, "TESTING: Do not add RSNXE into Beacon");
+		return pos;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
 	ie = hostapd_wpa_ie(hapd, WLAN_EID_RSNX);
 	if (!ie || 2U + ie[1] > len)
 		return pos;