From a55ecfeabeb89d16dd05e2d74764df1274d45622 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 21 Mar 2020 00:23:01 +0200 Subject: [PATCH] Allow RSNXE to be removed from Beacon frames for testing purposes The new hostapd configuration parameter no_beacon_rsnxe=1 can be used to remove RSNXE from Beacon frames. This can be used to test protection mechanisms for downgrade attacks. Signed-off-by: Jouni Malinen --- hostapd/config_file.c | 2 ++ src/ap/ap_config.h | 1 + src/ap/beacon.c | 6 ++++++ 3 files changed, 9 insertions(+) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 1a5b742b2..3c7bb395f 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -4194,6 +4194,8 @@ static int hostapd_config_fill(struct hostapd_config *conf, } else if (os_strcmp(buf, "igtk_rsc_override") == 0) { wpabuf_free(bss->igtk_rsc_override); bss->igtk_rsc_override = wpabuf_parse_bin(pos); + } else if (os_strcmp(buf, "no_beacon_rsnxe") == 0) { + bss->no_beacon_rsnxe = atoi(pos); #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_SAE } else if (os_strcmp(buf, "sae_password") == 0) { diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 0cb10c118..80be7ed39 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -683,6 +683,7 @@ struct hostapd_bss_config { struct wpabuf *rsnxe_override_ft; struct wpabuf *gtk_rsc_override; struct wpabuf *igtk_rsc_override; + int no_beacon_rsnxe; #endif /* CONFIG_TESTING_OPTIONS */ #define MESH_ENABLED BIT(0) diff --git a/src/ap/beacon.c b/src/ap/beacon.c index 53e35492d..ff760a0d1 100644 --- a/src/ap/beacon.c +++ b/src/ap/beacon.c @@ -323,6 +323,12 @@ static u8 * hostapd_get_rsnxe(struct hostapd_data *hapd, u8 *pos, size_t len) { const u8 *ie; +#ifdef CONFIG_TESTING_OPTIONS + if (hapd->conf->no_beacon_rsnxe) { + wpa_printf(MSG_INFO, "TESTING: Do not add RSNXE into Beacon"); + return pos; + } +#endif /* CONFIG_TESTING_OPTIONS */ ie = hostapd_wpa_ie(hapd, WLAN_EID_RSNX); if (!ie || 2U + ie[1] > len) return pos;