RSNO: Always enable SNonce cookie and RSN Override elements validation

Always set SNonce cookie and enable RSN Override elements validation
irrespective of the RSN Selection element usage in (Re)Association
Request frame when RSN overriding supported.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
This commit is contained in:
Veerendranath Jakkam 2024-08-13 23:42:48 +05:30 committed by Jouni Malinen
parent bbb55af8c3
commit df8c5e22d7
5 changed files with 24 additions and 4 deletions

View file

@ -1023,7 +1023,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
"WPA: Failed to get random data for SNonce"); "WPA: Failed to get random data for SNonce");
goto failed; goto failed;
} }
if (sm->rsn_override != RSN_OVERRIDE_NOT_USED) if (wpa_sm_rsn_overriding_supported(sm))
rsn_set_snonce_cookie(sm->snonce); rsn_set_snonce_cookie(sm->snonce);
sm->renew_snonce = 0; sm->renew_snonce = 0;
wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
@ -2228,8 +2228,7 @@ static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
return -1; return -1;
} }
if (sm->proto == WPA_PROTO_RSN && if (sm->proto == WPA_PROTO_RSN && wpa_sm_rsn_overriding_supported(sm)) {
sm->rsn_override != RSN_OVERRIDE_NOT_USED) {
if ((sm->ap_rsne_override && !ie->rsne_override) || if ((sm->ap_rsne_override && !ie->rsne_override) ||
(!sm->ap_rsne_override && ie->rsne_override) || (!sm->ap_rsne_override && ie->rsne_override) ||
(sm->ap_rsne_override && ie->rsne_override && (sm->ap_rsne_override && ie->rsne_override &&
@ -2532,7 +2531,7 @@ static int wpa_supplicant_validate_link_kde(struct wpa_sm *sm, u8 link_id,
goto fail; goto fail;
} }
if (sm->rsn_override == RSN_OVERRIDE_NOT_USED) if (!wpa_sm_rsn_overriding_supported(sm))
return 0; return 0;
if (rsn_override_link_kde) { if (rsn_override_link_kde) {
@ -4991,6 +4990,9 @@ int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param,
case WPA_PARAM_RSN_OVERRIDE: case WPA_PARAM_RSN_OVERRIDE:
sm->rsn_override = value; sm->rsn_override = value;
break; break;
case WPA_PARAM_RSN_OVERRIDE_SUPPORT:
sm->rsn_override_support = value;
break;
default: default:
break; break;
} }
@ -5099,6 +5101,17 @@ int wpa_sm_pmf_enabled(struct wpa_sm *sm)
} }
bool wpa_sm_rsn_overriding_supported(struct wpa_sm *sm)
{
const u8 *rsne;
size_t rsne_len;
rsne = wpa_sm_get_ap_rsne(sm, &rsne_len);
return sm->rsn_override_support && rsne;
}
int wpa_sm_ext_key_id(struct wpa_sm *sm) int wpa_sm_ext_key_id(struct wpa_sm *sm)
{ {
return sm ? sm->ext_key_id : 0; return sm ? sm->ext_key_id : 0;

View file

@ -138,6 +138,7 @@ enum wpa_sm_conf_params {
WPA_PARAM_FT_PREPEND_PMKID, WPA_PARAM_FT_PREPEND_PMKID,
WPA_PARAM_SSID_PROTECTION, WPA_PARAM_SSID_PROTECTION,
WPA_PARAM_RSN_OVERRIDE, WPA_PARAM_RSN_OVERRIDE,
WPA_PARAM_RSN_OVERRIDE_SUPPORT,
}; };
enum wpa_rsn_override { enum wpa_rsn_override {

View file

@ -233,6 +233,7 @@ struct wpa_sm {
bool driver_bss_selection; bool driver_bss_selection;
bool ft_prepend_pmkid; bool ft_prepend_pmkid;
bool rsn_override_support;
enum wpa_rsn_override rsn_override; enum wpa_rsn_override rsn_override;
}; };
@ -547,5 +548,6 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
void wpa_tdls_assoc(struct wpa_sm *sm); void wpa_tdls_assoc(struct wpa_sm *sm);
void wpa_tdls_disassoc(struct wpa_sm *sm); void wpa_tdls_disassoc(struct wpa_sm *sm);
bool wpa_sm_rsn_overriding_supported(struct wpa_sm *sm);
#endif /* WPA_I_H */ #endif /* WPA_I_H */

View file

@ -2467,6 +2467,8 @@ mscs_fail:
wpa_s->sme.assoc_req_ie_len += multi_ap_ie_len; wpa_s->sme.assoc_req_ie_len += multi_ap_ie_len;
} }
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE_SUPPORT,
wpas_rsn_overriding(wpa_s));
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE, wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE,
RSN_OVERRIDE_NOT_USED); RSN_OVERRIDE_NOT_USED);
if (wpas_rsn_overriding(wpa_s) && if (wpas_rsn_overriding(wpa_s) &&

View file

@ -3965,6 +3965,8 @@ mscs_end:
wpa_ie_len += multi_ap_ie_len; wpa_ie_len += multi_ap_ie_len;
} }
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE_SUPPORT,
wpas_rsn_overriding(wpa_s));
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE, wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE,
RSN_OVERRIDE_NOT_USED); RSN_OVERRIDE_NOT_USED);
if (wpas_rsn_overriding(wpa_s) && if (wpas_rsn_overriding(wpa_s) &&