mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-02-07 12:44:03 -05:00
FT: Omit RSNXE from FT protocol Reassociation Response when needed
The previous design for adding RSNXE into FT was not backwards compatible. Move to a new design based on 20/332r3 to avoid that issue by not include RSNXE in the FT protocol Reassociation Response frame so that a STA not supporting RSNXE can still validate the FTE MIC correctly. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
6140cca819
commit
b7366a942a
@ -483,7 +483,8 @@ skip_wpa_check:
|
|||||||
|
|
||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf),
|
p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf),
|
||||||
sta->auth_alg, req_ies, req_ies_len);
|
sta->auth_alg, req_ies, req_ies_len,
|
||||||
|
!elems.rsnxe);
|
||||||
if (!p) {
|
if (!p) {
|
||||||
wpa_printf(MSG_DEBUG, "FT: Failed to write AssocResp IEs");
|
wpa_printf(MSG_DEBUG, "FT: Failed to write AssocResp IEs");
|
||||||
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
|
|||||||
@ -3661,7 +3661,8 @@ static int add_associated_sta(struct hostapd_data *hapd,
|
|||||||
|
|
||||||
static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
const u8 *addr, u16 status_code, int reassoc,
|
const u8 *addr, u16 status_code, int reassoc,
|
||||||
const u8 *ies, size_t ies_len, int rssi)
|
const u8 *ies, size_t ies_len, int rssi,
|
||||||
|
int omit_rsnxe)
|
||||||
{
|
{
|
||||||
int send_len;
|
int send_len;
|
||||||
u8 *buf;
|
u8 *buf;
|
||||||
@ -3731,7 +3732,8 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
|||||||
* Transition Information, RSN, [RIC Response] */
|
* Transition Information, RSN, [RIC Response] */
|
||||||
p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
|
p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
|
||||||
buf + buflen - p,
|
buf + buflen - p,
|
||||||
sta->auth_alg, ies, ies_len);
|
sta->auth_alg, ies, ies_len,
|
||||||
|
omit_rsnxe);
|
||||||
if (!p) {
|
if (!p) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"FT: Failed to write AssocResp IEs");
|
"FT: Failed to write AssocResp IEs");
|
||||||
@ -3822,7 +3824,8 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
|||||||
goto rsnxe_done;
|
goto rsnxe_done;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_TESTING_OPTIONS */
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
p = hostapd_eid_rsnxe(hapd, p, buf + buflen - p);
|
if (!omit_rsnxe)
|
||||||
|
p = hostapd_eid_rsnxe(hapd, p, buf + buflen - p);
|
||||||
#ifdef CONFIG_TESTING_OPTIONS
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
rsnxe_done:
|
rsnxe_done:
|
||||||
#endif /* CONFIG_TESTING_OPTIONS */
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
@ -4043,7 +4046,7 @@ void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
|
|||||||
reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
|
reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
|
||||||
sta->fils_pending_assoc_is_reassoc,
|
sta->fils_pending_assoc_is_reassoc,
|
||||||
sta->fils_pending_assoc_req,
|
sta->fils_pending_assoc_req,
|
||||||
sta->fils_pending_assoc_req_len, 0);
|
sta->fils_pending_assoc_req_len, 0, 0);
|
||||||
os_free(sta->fils_pending_assoc_req);
|
os_free(sta->fils_pending_assoc_req);
|
||||||
sta->fils_pending_assoc_req = NULL;
|
sta->fils_pending_assoc_req = NULL;
|
||||||
sta->fils_pending_assoc_req_len = 0;
|
sta->fils_pending_assoc_req_len = 0;
|
||||||
@ -4091,6 +4094,7 @@ static void handle_assoc(struct hostapd_data *hapd,
|
|||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
int delay_assoc = 0;
|
int delay_assoc = 0;
|
||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
|
int omit_rsnxe = 0;
|
||||||
|
|
||||||
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
|
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
|
||||||
sizeof(mgmt->u.assoc_req))) {
|
sizeof(mgmt->u.assoc_req))) {
|
||||||
@ -4303,6 +4307,7 @@ static void handle_assoc(struct hostapd_data *hapd,
|
|||||||
resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
|
resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
|
||||||
if (resp != WLAN_STATUS_SUCCESS)
|
if (resp != WLAN_STATUS_SUCCESS)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
omit_rsnxe = !get_ie(pos, left, WLAN_EID_RSNX);
|
||||||
|
|
||||||
if (hostapd_get_aid(hapd, sta) < 0) {
|
if (hostapd_get_aid(hapd, sta) < 0) {
|
||||||
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
||||||
@ -4456,7 +4461,7 @@ static void handle_assoc(struct hostapd_data *hapd,
|
|||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
|
|
||||||
reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
|
reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
|
||||||
left, rssi);
|
left, rssi, omit_rsnxe);
|
||||||
os_free(tmp);
|
os_free(tmp);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -425,7 +425,8 @@ void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
|
|||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
||||||
size_t max_len, int auth_alg,
|
size_t max_len, int auth_alg,
|
||||||
const u8 *req_ies, size_t req_ies_len);
|
const u8 *req_ies, size_t req_ies_len,
|
||||||
|
int omit_rsnxe);
|
||||||
void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
|
void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
|
||||||
u16 auth_transaction, const u8 *ies, size_t ies_len,
|
u16 auth_transaction, const u8 *ies, size_t ies_len,
|
||||||
void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
|
void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,
|
||||||
|
|||||||
@ -2463,7 +2463,8 @@ static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
|
|||||||
|
|
||||||
u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
||||||
size_t max_len, int auth_alg,
|
size_t max_len, int auth_alg,
|
||||||
const u8 *req_ies, size_t req_ies_len)
|
const u8 *req_ies, size_t req_ies_len,
|
||||||
|
int omit_rsnxe)
|
||||||
{
|
{
|
||||||
u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
|
u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
|
||||||
u8 *fte_mic, *elem_count;
|
u8 *fte_mic, *elem_count;
|
||||||
@ -2684,10 +2685,15 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
|
|||||||
if (ric_start == pos)
|
if (ric_start == pos)
|
||||||
ric_start = NULL;
|
ric_start = NULL;
|
||||||
|
|
||||||
res = wpa_write_rsnxe(&sm->wpa_auth->conf, rsnxe, sizeof(rsnxe_buf));
|
if (omit_rsnxe) {
|
||||||
if (res < 0)
|
rsnxe_len = 0;
|
||||||
return NULL;
|
} else {
|
||||||
rsnxe_len = res;
|
res = wpa_write_rsnxe(&sm->wpa_auth->conf, rsnxe,
|
||||||
|
sizeof(rsnxe_buf));
|
||||||
|
if (res < 0)
|
||||||
|
return NULL;
|
||||||
|
rsnxe_len = res;
|
||||||
|
}
|
||||||
#ifdef CONFIG_TESTING_OPTIONS
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
if (auth_alg == WLAN_AUTH_FT &&
|
if (auth_alg == WLAN_AUTH_FT &&
|
||||||
sm->wpa_auth->conf.rsnxe_override_ft_set) {
|
sm->wpa_auth->conf.rsnxe_override_ft_set) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user