SAE: Recognize Basic MLE in Authentication frames even without H2E

IEEE P802.11be requires H2E to be used whenever SAE is used for ML
association. However, some early Wi-Fi 7 APs enable MLO without H2E.
Recognize this special case based on the fixed length Basic Multi-Link
element being at the end of the data that would contain the unknown
variable length Anti-Clogging Token field. The Basic Multi-Link element
in Authentication frames include the MLD MAC addreess in the Common Info
field and all subfields of the Presence Bitmap subfield of the
Multi-Link Control field of the element zero and consequently, has a
fixed length of 12 octets.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index 9b083cddd85717185c8742765b3a31f8964c8549..bf0252b91225027d0587264e12bfa0c971ba9078 100644 (file)
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -1725,6 +1725,28 @@ static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
                                return -1;
                        }
                        token_len = elen - 1;
+#ifdef CONFIG_IEEE80211BE
+               } else if (wpa_s->valid_links && token_len > 12 &&
+                          token_pos[token_len - 12] == WLAN_EID_EXTENSION &&
+                          token_pos[token_len - 11] == 10 &&
+                          token_pos[token_len - 10] ==
+                          WLAN_EID_EXT_MULTI_LINK) {
+                       /* IEEE P802.11be requires H2E to be used whenever SAE
+                        * is used for ML association. However, some early
+                        * Wi-Fi 7 APs enable MLO without H2E. Recognize this
+                        * special case based on the fixed length Basic
+                        * Multi-Link element being at the end of the data that
+                        * would contain the unknown variable length
+                        * Anti-Clogging Token field. The Basic Multi-Link
+                        * element in Authentication frames include the MLD MAC
+                        * addreess in the Common Info field and all subfields
+                        * of the Presence Bitmap subfield of the Multi-Link
+                        * Control field of the element zero and consequently,
+                        * has a fixed length of 12 octets. */
+                       wpa_printf(MSG_DEBUG,
+                                  "SME: Detected Basic Multi-Link element at the end of Anti-Clogging Token field");
+                       token_len -= 12;
+#endif /* CONFIG_IEEE80211BE */
                }
 
                *ie_offset = token_pos + token_len - data;