From: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Date: Wed, 11 Sep 2024 13:29:44 +0000 (+0530)
Subject: wlantest: Adjust kdk_len according to RSNX capability for FT roaming cases
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=204ebcce3e93faf5113917b1a45a2acf208141e4;p=thirdparty%2Fhostap.git

wlantest: Adjust kdk_len according to RSNX capability for FT roaming cases

This is needed to derive the PTK correct when Secure LTF support is used
and the additional KDK component needs to be considered.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
---

diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c
index d82fd2b45..4389ae77e 100644
--- a/wlantest/rx_mgmt.c
+++ b/wlantest/rx_mgmt.c
@@ -701,7 +701,7 @@ static void process_ft_auth(struct wlantest *wt, struct wlantest_bss *bss,
 	const u8 *spa, *aa;
 	struct ieee802_11_elems elems;
 	const u8 *ie;
-	size_t ie_len;
+	size_t ie_len, kdk_len;
 
 	if (sta->auth_alg != WLAN_AUTH_FT ||
 	    len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth))
@@ -728,6 +728,12 @@ static void process_ft_auth(struct wlantest *wt, struct wlantest_bss *bss,
 		sta->pairwise_cipher = parse.pairwise_cipher;
 		if (parse.fte_snonce)
 			os_memcpy(sta->snonce, parse.fte_snonce, WPA_NONCE_LEN);
+		if (elems.rsnxe) {
+			os_memcpy(sta->rsnxe, elems.rsnxe, elems.rsnxe_len);
+			sta->rsnxe_len = elems.rsnxe_len;
+		} else {
+			sta->rsnxe_len = 0;
+		}
 		goto out;
 	}
 
@@ -775,11 +781,19 @@ static void process_ft_auth(struct wlantest *wt, struct wlantest_bss *bss,
 		goto out;
 	sta->pmk_r1_len = sta->pmk_r0_len;
 
+	if (ieee802_11_rsnx_capab_len(bss->rsnxe, bss->rsnxe_len,
+				      WLAN_RSNX_CAPAB_SECURE_LTF) &&
+	    ieee802_11_rsnx_capab_len(sta->rsnxe, sta->rsnxe_len,
+				      WLAN_RSNX_CAPAB_SECURE_LTF))
+		kdk_len = WPA_KDK_MAX_LEN;
+	else
+		kdk_len = 0;
+
 	if (!parse.fte_anonce || !parse.fte_snonce ||
 	    wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len, parse.fte_snonce,
 			      parse.fte_anonce, spa, aa,
 			      sta->pmk_r1_name, &ptk, ptk_name, sta->key_mgmt,
-			      sta->pairwise_cipher, 0) < 0)
+			      sta->pairwise_cipher, kdk_len) < 0)
 		goto out;
 
 	sta_new_ptk(wt, sta, &ptk);
@@ -2603,6 +2617,13 @@ static void rx_mgmt_action_ft_request(struct wlantest *wt,
 	sta->ft_over_ds = true;
 	sta->key_mgmt = parse.key_mgmt;
 	sta->pairwise_cipher = parse.pairwise_cipher;
+	if (parse.rsnxe) {
+		os_memcpy(sta->rsnxe, parse.rsnxe, parse.rsnxe_len);
+		sta->rsnxe_len = parse.rsnxe_len;
+	} else {
+		sta->rsnxe_len = 0;
+	}
+
 out:
 	wpa_ft_parse_ies_free(&parse);
 }
@@ -2617,7 +2638,7 @@ static void rx_mgmt_action_ft_response(struct wlantest *wt,
 	struct wlantest_sta *new_sta;
 	const u8 *spa, *aa;
 	const u8 *ies;
-	size_t ies_len;
+	size_t ies_len, kdk_len;
 	struct wpa_ft_ies parse;
 	struct wpa_ptk ptk;
 	u8 ptk_name[WPA_PMK_NAME_LEN];
@@ -2680,12 +2701,21 @@ static void rx_mgmt_action_ft_response(struct wlantest *wt,
 	new_sta->pmk_r1_len = sta->pmk_r1_len;
 	os_memcpy(new_sta->pmk_r1_name, sta->pmk_r1_name,
 		  sizeof(sta->pmk_r1_name));
+
+	if (ieee802_11_rsnx_capab_len(bss->rsnxe, bss->rsnxe_len,
+				      WLAN_RSNX_CAPAB_SECURE_LTF) &&
+	    ieee802_11_rsnx_capab_len(sta->rsnxe, sta->rsnxe_len,
+				      WLAN_RSNX_CAPAB_SECURE_LTF))
+		kdk_len = WPA_KDK_MAX_LEN;
+	else
+		kdk_len = 0;
+
 	if (!parse.fte_anonce || !parse.fte_snonce ||
 	    wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len, parse.fte_snonce,
 			      parse.fte_anonce, spa, aa,
 			      sta->pmk_r1_name, &ptk, ptk_name,
 			      new_sta->key_mgmt, new_sta->pairwise_cipher,
-			      0) < 0)
+			      kdk_len) < 0)
 		goto out;
 
 	sta_new_ptk(wt, new_sta, &ptk);