FT: Omit RSNXE from FT protocol Reassociation Response when needed

The previous design for adding RSNXE into FT was not backwards
compatible. Move to a new design based on 20/332r3 to avoid that issue
by not include RSNXE in the FT protocol Reassociation Response frame so
that a STA not supporting RSNXE can still validate the FTE MIC
correctly.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index bde2d9302d486582e6306f4147f4940620fdb7a9..2091385cdedcf42f532bf9f61fac1fc97edde42a 100644 (file)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -483,7 +483,8 @@ skip_wpa_check:
 
 #ifdef CONFIG_IEEE80211R_AP
        p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf),
-                                       sta->auth_alg, req_ies, req_ies_len);
+                                       sta->auth_alg, req_ies, req_ies_len,
+                                       !elems.rsnxe);
        if (!p) {
                wpa_printf(MSG_DEBUG, "FT: Failed to write AssocResp IEs");
                return WLAN_STATUS_UNSPECIFIED_FAILURE;

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 46cc7fae774beee340a4f232a7ee00880f112701..c0f9290f882448753be6fe4176027ac319c62e30 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3661,7 +3661,8 @@ static int add_associated_sta(struct hostapd_data *hapd,
 
 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
                           const u8 *addr, u16 status_code, int reassoc,
-                          const u8 *ies, size_t ies_len, int rssi)
+                          const u8 *ies, size_t ies_len, int rssi,
+                          int omit_rsnxe)
 {
        int send_len;
        u8 *buf;
@@ -3731,7 +3732,8 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
                 * Transition Information, RSN, [RIC Response] */
                p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
                                                buf + buflen - p,
-                                               sta->auth_alg, ies, ies_len);
+                                               sta->auth_alg, ies, ies_len,
+                                               omit_rsnxe);
                if (!p) {
                        wpa_printf(MSG_DEBUG,
                                   "FT: Failed to write AssocResp IEs");
@@ -3822,7 +3824,8 @@ static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
                goto rsnxe_done;
        }
 #endif /* CONFIG_TESTING_OPTIONS */
-       p = hostapd_eid_rsnxe(hapd, p, buf + buflen - p);
+       if (!omit_rsnxe)
+               p = hostapd_eid_rsnxe(hapd, p, buf + buflen - p);
 #ifdef CONFIG_TESTING_OPTIONS
 rsnxe_done:
 #endif /* CONFIG_TESTING_OPTIONS */
@@ -4043,7 +4046,7 @@ void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
        reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
                                    sta->fils_pending_assoc_is_reassoc,
                                    sta->fils_pending_assoc_req,
-                                   sta->fils_pending_assoc_req_len, 0);
+                                   sta->fils_pending_assoc_req_len, 0, 0);
        os_free(sta->fils_pending_assoc_req);
        sta->fils_pending_assoc_req = NULL;
        sta->fils_pending_assoc_req_len = 0;
@@ -4091,6 +4094,7 @@ static void handle_assoc(struct hostapd_data *hapd,
 #ifdef CONFIG_FILS
        int delay_assoc = 0;
 #endif /* CONFIG_FILS */
+       int omit_rsnxe = 0;
 
        if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
                                      sizeof(mgmt->u.assoc_req))) {
@@ -4303,6 +4307,7 @@ static void handle_assoc(struct hostapd_data *hapd,
        resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
        if (resp != WLAN_STATUS_SUCCESS)
                goto fail;
+       omit_rsnxe = !get_ie(pos, left, WLAN_EID_RSNX);
 
        if (hostapd_get_aid(hapd, sta) < 0) {
                hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
@@ -4456,7 +4461,7 @@ static void handle_assoc(struct hostapd_data *hapd,
 #endif /* CONFIG_FILS */
 
        reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
-                                   left, rssi);
+                                   left, rssi, omit_rsnxe);
        os_free(tmp);
 
        /*

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 4edeea151e42e3095a52b9759a738aca3ba5a018..58aa9ff2142ed9c46fe980519aec4161292ea0a1 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -425,7 +425,8 @@ void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
 #ifdef CONFIG_IEEE80211R_AP
 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
                                 size_t max_len, int auth_alg,
-                                const u8 *req_ies, size_t req_ies_len);
+                                const u8 *req_ies, size_t req_ies_len,
+                                int omit_rsnxe);
 void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid,
                         u16 auth_transaction, const u8 *ies, size_t ies_len,
                         void (*cb)(void *ctx, const u8 *dst, const u8 *bssid,

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 7ac109e700db5c7e1e5bb23e49e3893285b717dc..5ed78e6a6fa49d6dcdf9cdb41eee139138d36804 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2463,7 +2463,8 @@ static u8 * wpa_ft_process_ric(struct wpa_state_machine *sm, u8 *pos, u8 *end,
 
 u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
                                 size_t max_len, int auth_alg,
-                                const u8 *req_ies, size_t req_ies_len)
+                                const u8 *req_ies, size_t req_ies_len,
+                                int omit_rsnxe)
 {
        u8 *end, *mdie, *ftie, *rsnie = NULL, *r0kh_id, *subelem = NULL;
        u8 *fte_mic, *elem_count;
@@ -2684,10 +2685,15 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos,
        if (ric_start == pos)
                ric_start = NULL;
 
-       res = wpa_write_rsnxe(&sm->wpa_auth->conf, rsnxe, sizeof(rsnxe_buf));
-       if (res < 0)
-               return NULL;
-       rsnxe_len = res;
+       if (omit_rsnxe) {
+               rsnxe_len = 0;
+       } else {
+               res = wpa_write_rsnxe(&sm->wpa_auth->conf, rsnxe,
+                                     sizeof(rsnxe_buf));
+               if (res < 0)
+                       return NULL;
+               rsnxe_len = res;
+       }
 #ifdef CONFIG_TESTING_OPTIONS
        if (auth_alg == WLAN_AUTH_FT &&
            sm->wpa_auth->conf.rsnxe_override_ft_set) {