DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

wlantest: Use RSNE from MLO Link KDE, if present, for validation

Browse source 
Check the Beacon/Probe Response frame RSNE against the RSNE within the
MLO Link KDE for the current affiliated link instead of RSNE when
processing the EAPOL-Key msg 3/4 Key Data field.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2022-09-29 11:50:28 +03:00 committed by Jouni Malinen
parent 8c1231c05a
commit ac6baf0bcd
1 changed files with 37 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
wlantest/rx_eapol.c
View file

@ -829,6 +829,9 @@ static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
size_t decrypted_len = 0; size_t decrypted_len = 0;
struct wpa_eapol_ie_parse ie; struct wpa_eapol_ie_parse ie;
struct wpa_ie_data rsn; struct wpa_ie_data rsn;
const u8 *rsne;
size_t rsne_len;
int link_id;
wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR, wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR,
MAC2STR(src), MAC2STR(dst)); MAC2STR(src), MAC2STR(dst));
@ -989,23 +992,52 @@ static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
bss->wpaie[0] ? 2 + bss->wpaie[1] : 0); bss->wpaie[0] ? 2 + bss->wpaie[1] : 0);
} }
if ((ie.rsn_ie && rsne = ie.rsn_ie;
rsne_len = ie.rsn_ie_len;
for (link_id = 0; !rsne && link_id < MAX_NUM_MLO_LINKS; link_id++) {
const u8 *addr, *pos, *end;
if (!ie.mlo_link[link_id])
continue;
addr = &ie.mlo_link[link_id][RSN_MLO_LINK_KDE_LINK_MAC_INDEX];
if (os_memcmp(addr, bss->bssid, ETH_ALEN) != 0)
continue;
if (!(ie.mlo_link[link_id][0] & RSN_MLO_LINK_KDE_LI_RSNE_INFO))
continue;
pos = ie.mlo_link[link_id] + RSN_MLO_LINK_KDE_FIXED_LENGTH;
end = ie.mlo_link[link_id] + ie.mlo_link_len[link_id];
if (end - pos < 2 || pos[0] != WLAN_EID_RSN ||
end - pos < 2 + pos[1]) {
add_note(wt, MSG_INFO, "Invalid MLO Link KDE from "
MACSTR " - RSNE info missing",
MAC2STR(bss->bssid));
break;
}
wpa_printf(MSG_DEBUG,
"Using RSNE from MLO Link KDE for Link ID %u",
link_id);
rsne = pos;
rsne_len = 2 + pos[1];
break;
}
if ((rsne &&
wpa_compare_rsn_ie(wpa_key_mgmt_ft(sta->key_mgmt), wpa_compare_rsn_ie(wpa_key_mgmt_ft(sta->key_mgmt),
ie.rsn_ie, ie.rsn_ie_len, rsne, rsne_len,
bss->rsnie, 2 + bss->rsnie[1])) || bss->rsnie, 2 + bss->rsnie[1])) ||
(ie.rsn_ie == NULL && bss->rsnie[0])) { (!rsne && bss->rsnie[0])) {
add_note(wt, MSG_INFO, "Mismatch in RSN IE between EAPOL-Key " add_note(wt, MSG_INFO, "Mismatch in RSN IE between EAPOL-Key "
"3/4 and Beacon/Probe Response from " MACSTR, "3/4 and Beacon/Probe Response from " MACSTR,
MAC2STR(bss->bssid)); MAC2STR(bss->bssid));
wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key", wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
ie.rsn_ie, ie.rsn_ie_len); rsne, rsne_len);
wpa_hexdump(MSG_INFO, "RSN IE in Beacon/Probe Response", wpa_hexdump(MSG_INFO, "RSN IE in Beacon/Probe Response",
bss->rsnie, bss->rsnie,
bss->rsnie[0] ? 2 + bss->rsnie[1] : 0); bss->rsnie[0] ? 2 + bss->rsnie[1] : 0);
} }
if (wpa_key_mgmt_ft(sta->key_mgmt) && if (wpa_key_mgmt_ft(sta->key_mgmt) &&
(wpa_parse_wpa_ie_rsn(ie.rsn_ie, ie.rsn_ie_len, &rsn) < 0 || (wpa_parse_wpa_ie_rsn(rsne, rsne_len, &rsn) < 0 ||
rsn.num_pmkid != 1 || !rsn.pmkid || rsn.num_pmkid != 1 || !rsn.pmkid ||
os_memcmp_const(rsn.pmkid, sta->pmk_r1_name, os_memcmp_const(rsn.pmkid, sta->pmk_r1_name,
WPA_PMK_NAME_LEN) != 0)) WPA_PMK_NAME_LEN) != 0))