From 1848be2f068c4e697bc8ef7c6912da58abc10543 Mon Sep 17 00:00:00 2001 From: Veerendranath Jakkam Date: Tue, 13 Aug 2024 23:42:48 +0530 Subject: [PATCH] RSNO: Always enable SNonce cookie and RSN Override elements validation Always set SNonce cookie and enable RSN Override elements validation irrespective of the RSN Selection element usage in (Re)Association Request frame when RSN overriding supported. Signed-off-by: Veerendranath Jakkam --- components/wpa_supplicant/src/rsn_supp/wpa.c | 33 ++++++++++++++++--- components/wpa_supplicant/src/rsn_supp/wpa.h | 1 + .../wpa_supplicant/src/rsn_supp/wpa_i.h | 3 ++ 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.c b/components/wpa_supplicant/src/rsn_supp/wpa.c index 8b213af907a..f7392a54c64 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.c +++ b/components/wpa_supplicant/src/rsn_supp/wpa.c @@ -733,7 +733,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, wpa_printf(MSG_DEBUG, "WPA: Failed to get random data for SNonce"); goto failed; } - if (sm->rsn_override != RSN_OVERRIDE_NOT_USED) + if (wpa_sm_rsn_overriding_supported(sm)) rsn_set_snonce_cookie(sm->snonce); sm->renew_snonce = 0; wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce", @@ -1215,8 +1215,7 @@ static int wpa_supplicant_validate_ie(struct wpa_sm *sm, return -1; } - if (sm->proto == WPA_PROTO_RSN && - sm->rsn_override != RSN_OVERRIDE_NOT_USED) { + if (sm->proto == WPA_PROTO_RSN && wpa_sm_rsn_overriding_supported(sm)) { if ((sm->ap_rsne_override && !ie->rsne_override) || (!sm->ap_rsne_override && ie->rsne_override) || (sm->ap_rsne_override && ie->rsne_override && @@ -2286,12 +2285,36 @@ int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, case WPA_PARAM_RSN_OVERRIDE: sm->rsn_override = value; break; + case WPA_PARAM_RSN_OVERRIDE_SUPPORT: + sm->rsn_override_support = value; + break; default: break; } return ret; } +static const u8 * wpa_sm_get_ap_rsne(struct wpa_sm *sm, size_t *len) +{ + if (sm->rsn_override == RSN_OVERRIDE_RSNE_OVERRIDE) { + *len = sm->ap_rsne_override_len; + return sm->ap_rsne_override; + } + + *len = sm->ap_rsn_ie_len; + return sm->ap_rsn_ie; +} + +bool wpa_sm_rsn_overriding_supported(struct wpa_sm *sm) +{ + const u8 *rsne; + size_t rsne_len; + + rsne = wpa_sm_get_ap_rsne(sm, &rsne_len); + + return sm->rsn_override_support && rsne; +} + #ifdef ESP_SUPPLICANT /** * wpa_sm_notify_assoc - Notify WPA state machine about association @@ -2574,6 +2597,8 @@ int wpa_set_bss(uint8_t *macddr, uint8_t *bssid, u8 pairwise_cipher, u8 group_ci return -1; } pos += assoc_ie_len; + wpa_sm_set_param(sm, WPA_PARAM_RSN_OVERRIDE_SUPPORT, + esp_wifi_wpa3_compatible_mode_enabled(WIFI_IF_STA)); wpa_sm_set_param(sm, WPA_PARAM_RSN_OVERRIDE, RSN_OVERRIDE_NOT_USED); ie = esp_wifi_sta_get_ie(bssid, WLAN_EID_RSN); @@ -2601,7 +2626,7 @@ int wpa_set_bss(uint8_t *macddr, uint8_t *bssid, u8 pairwise_cipher, u8 group_ci *pos = variant; assoc_ie_len += 2 + 4 + 1; } - + wpa_hexdump(MSG_DEBUG, "WPA: ASSOC IE LEN", assoc_ie, assoc_ie_len); esp_set_assoc_ie(bssid, assoc_ie, assoc_ie_len, true); if (sm->ap_rsnxe != NULL) { diff --git a/components/wpa_supplicant/src/rsn_supp/wpa.h b/components/wpa_supplicant/src/rsn_supp/wpa.h index ca160ca74c5..3968184ee1d 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa.h @@ -37,6 +37,7 @@ struct l2_ethhdr { enum wpa_sm_conf_params { WPA_PARAM_RSN_OVERRIDE, + WPA_PARAM_RSN_OVERRIDE_SUPPORT, }; void wpa_sm_set_state(enum wpa_states state); diff --git a/components/wpa_supplicant/src/rsn_supp/wpa_i.h b/components/wpa_supplicant/src/rsn_supp/wpa_i.h index 1cf50a2be20..1f272ea2629 100644 --- a/components/wpa_supplicant/src/rsn_supp/wpa_i.h +++ b/components/wpa_supplicant/src/rsn_supp/wpa_i.h @@ -128,6 +128,7 @@ struct wpa_sm { int (*wpa_sm_wps_disable)(void); esp_err_t (*wpa_sm_eap_disable)(void); + bool rsn_override_support; enum wpa_rsn_override rsn_override; }; @@ -220,4 +221,6 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len); int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr, const struct wpa_eapol_key *key, struct wpa_ptk *ptk); + +bool wpa_sm_rsn_overriding_supported(struct wpa_sm *sm); #endif /* WPA_I_H */