From: Veerendranath Jakkam Date: Fri, 11 Nov 2022 11:45:52 +0000 (+0530) Subject: MLD STA: Fix IGTK and BIGTK MLO KDEs validation X-Git-Tag: hostap_2_11~1512 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6e226496b4c06995837d0f02dfc50495e359284;p=thirdparty%2Fhostap.git MLD STA: Fix IGTK and BIGTK MLO KDEs validation IGTK and BIGTK MLO KDEs should be validated only when the AP sends them in EAPOL-Key msg 3/4. Though IEEE P802.11be/D2.2 mandates MLO AP to enable PMF and Beacon Protection features there is no text to mandate a STA to discard connection when the MLO AP doesn't send IGTK and BIGTK MLO KDEs in EAPOL-Key msg 3/4 for a link. Also, fix wpa_sm->mgmt_group_cipher checks before processing MLO IGTK and BIGTK MLO KDEs. Fixes: f15cc834cb77 ("MLD STA: Processing of EAPOL-Key msg 3/4 frame when using MLO") Fixes: 8f2e493bec99 ("MLD STA: Validation of MLO KDEs for 4-way handshake EAPOL-Key frames") Signed-off-by: Veerendranath Jakkam --- diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 689db834b..3f8accf13 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1733,9 +1733,6 @@ static int _mlo_ieee80211w_set_keys(struct wpa_sm *sm, u8 link_id, { size_t len; - if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher)) - return 0; - if (ie->mlo_igtk[link_id]) { len = wpa_cipher_key_len(sm->mgmt_group_cipher); if (ie->mlo_igtk_len[link_id] != @@ -1773,6 +1770,10 @@ static int mlo_ieee80211w_set_keys(struct wpa_sm *sm, { u8 i; + if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) || + sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED) + return 0; + for (i = 0; i < MAX_NUM_MLO_LINKS; i++) { if (!(sm->mlo.valid_links & BIT(i))) continue; @@ -2248,13 +2249,8 @@ static int wpa_validate_mlo_ieee80211w_kdes(struct wpa_sm *sm, u8 link_id, struct wpa_eapol_ie_parse *ie) { - if (!ie->mlo_igtk[link_id]) { - wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, - "RSN: IGTK not found for link ID %u", link_id); - return -1; - } - - if (ie->mlo_igtk_len[link_id] != RSN_MLO_IGTK_KDE_PREFIX_LENGTH + + if (ie->mlo_igtk[link_id] && + ie->mlo_igtk_len[link_id] != RSN_MLO_IGTK_KDE_PREFIX_LENGTH + (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { wpa_msg(sm->ctx->msg_ctx, MSG_INFO, "RSN MLO: Invalid IGTK KDE length %lu for link ID %u", @@ -2265,13 +2261,8 @@ static int wpa_validate_mlo_ieee80211w_kdes(struct wpa_sm *sm, if (!sm->beacon_prot) return 0; - if (!ie->mlo_bigtk[link_id]) { - wpa_msg(sm->ctx->msg_ctx, MSG_ERROR, - "RSN: BIGTK not found for link ID %u", link_id); - return -1; - } - - if (ie->mlo_bigtk_len[link_id] != RSN_MLO_BIGTK_KDE_PREFIX_LENGTH + + if (ie->mlo_bigtk[link_id] && + ie->mlo_bigtk_len[link_id] != RSN_MLO_BIGTK_KDE_PREFIX_LENGTH + (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "RSN MLO: Invalid BIGTK KDE length %lu for link ID %u", @@ -2343,10 +2334,9 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, goto failed; } - if (!wpa_sm_pmf_enabled(sm)) - continue; - - if (wpa_validate_mlo_ieee80211w_kdes(sm, i, &ie) < 0) + if (sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED && + wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && + wpa_validate_mlo_ieee80211w_kdes(sm, i, &ie) < 0) goto failed; }