Revert "[wpa_supplicant] cumilative patch from commit 3a5d1a7e6"
Revert submission 26533062-Supplicant_merge_June24
Reason for revert: https://b.corp.google.com/issues/349780869
Reverted changes: /q/submissionid:26533062-Supplicant_merge_June24
Change-Id: I4a7a5b8ccb6b4822353bacc29649587cd5a3cb80
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 3eaa015..9f49cf9 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -233,12 +233,6 @@
return;
}
- if (!sm->ptk_set) {
- wpa_printf(MSG_INFO,
- "WPA: No PTK derived yet - cannot send EAPOL-Key Request");
- return;
- }
-
if (wpa_use_akm_defined(sm->key_mgmt))
ver = WPA_KEY_INFO_TYPE_AKM_DEFINED;
else if (wpa_key_mgmt_ft(sm->key_mgmt) ||
@@ -260,11 +254,10 @@
sm->proto == WPA_PROTO_OSEN) ?
EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
key_info = WPA_KEY_INFO_REQUEST | ver;
- key_info |= WPA_KEY_INFO_SECURE;
- if (mic_len)
+ if (sm->ptk_set)
+ key_info |= WPA_KEY_INFO_SECURE;
+ if (sm->ptk_set && mic_len)
key_info |= WPA_KEY_INFO_MIC;
- else
- key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
if (error)
key_info |= WPA_KEY_INFO_ERROR;
if (pairwise)
@@ -529,14 +522,11 @@
const u8 *wpa_ie, size_t wpa_ie_len,
struct wpa_ptk *ptk)
{
- size_t mic_len, hdrlen, rlen, extra_len = 0;
+ size_t mic_len, hdrlen, rlen;
struct wpa_eapol_key *reply;
u8 *rbuf, *key_mic;
u8 *rsn_ie_buf = NULL;
u16 key_info;
-#ifdef CONFIG_TESTING_OPTIONS
- size_t pad_len = 0;
-#endif /* CONFIG_TESTING_OPTIONS */
if (wpa_ie == NULL) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No wpa_ie set - "
@@ -560,7 +550,7 @@
return -1;
os_memcpy(rsn_ie_buf, wpa_ie, wpa_ie_len);
res = wpa_insert_pmkid(rsn_ie_buf, &wpa_ie_len,
- sm->pmk_r1_name, !sm->ft_prepend_pmkid);
+ sm->pmk_r1_name);
if (res < 0) {
os_free(rsn_ie_buf);
return -1;
@@ -584,21 +574,10 @@
wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
-#ifdef CONFIG_TESTING_OPTIONS
- if (sm->test_eapol_m2_elems)
- extra_len = wpabuf_len(sm->test_eapol_m2_elems);
- if (sm->encrypt_eapol_m2) {
- pad_len = (wpa_ie_len + extra_len) % 8;
- if (pad_len)
- pad_len = 8 - pad_len;
- extra_len += pad_len + 8;
- }
-#endif /* CONFIG_TESTING_OPTIONS */
-
mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
hdrlen = sizeof(*reply) + mic_len + 2;
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY,
- NULL, hdrlen + wpa_ie_len + extra_len,
+ NULL, hdrlen + wpa_ie_len,
&rlen, (void *) &reply);
if (rbuf == NULL) {
os_free(rsn_ie_buf);
@@ -615,10 +594,6 @@
key_info |= WPA_KEY_INFO_MIC;
else
key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
-#ifdef CONFIG_TESTING_OPTIONS
- if (sm->encrypt_eapol_m2)
- key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
-#endif /* CONFIG_TESTING_OPTIONS */
WPA_PUT_BE16(reply->key_info, key_info);
if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
WPA_PUT_BE16(reply->key_length, 0);
@@ -630,48 +605,9 @@
WPA_REPLAY_COUNTER_LEN);
key_mic = (u8 *) (reply + 1);
- /* Key Data Length */
- WPA_PUT_BE16(key_mic + mic_len, wpa_ie_len + extra_len);
+ WPA_PUT_BE16(key_mic + mic_len, wpa_ie_len); /* Key Data Length */
os_memcpy(key_mic + mic_len + 2, wpa_ie, wpa_ie_len); /* Key Data */
os_free(rsn_ie_buf);
-#ifdef CONFIG_TESTING_OPTIONS
- if (sm->test_eapol_m2_elems) {
- os_memcpy(key_mic + mic_len + 2 + wpa_ie_len,
- wpabuf_head(sm->test_eapol_m2_elems),
- wpabuf_len(sm->test_eapol_m2_elems));
- }
-
- if (sm->encrypt_eapol_m2) {
- u8 *plain;
- size_t plain_len;
-
- if (sm->test_eapol_m2_elems)
- extra_len = wpabuf_len(sm->test_eapol_m2_elems);
- else
- extra_len = 0;
- plain_len = wpa_ie_len + extra_len + pad_len;
- plain = os_memdup(key_mic + mic_len + 2, plain_len);
- if (!plain) {
- os_free(rbuf);
- return -1;
- }
- if (pad_len)
- plain[plain_len - pad_len] = 0xdd;
-
- wpa_hexdump_key(MSG_DEBUG, "RSN: AES-WRAP using KEK",
- ptk->kek, ptk->kek_len);
- if (aes_wrap(ptk->kek, ptk->kek_len, plain_len / 8, plain,
- key_mic + mic_len + 2)) {
- os_free(plain);
- os_free(rbuf);
- return -1;
- }
- wpa_hexdump(MSG_DEBUG,
- "RSN: Encrypted Key Data from AES-WRAP",
- key_mic + mic_len + 2, plain_len + 8);
- os_free(plain);
- }
-#endif /* CONFIG_TESTING_OPTIONS */
os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
@@ -833,7 +769,7 @@
static bool is_valid_ap_mld_mac_kde(struct wpa_sm *sm, const u8 *mac_kde)
{
return mac_kde &&
- ether_addr_equal(mac_kde, sm->mlo.ap_mld_addr);
+ os_memcmp(mac_kde, sm->mlo.ap_mld_addr, ETH_ALEN) == 0;
}
@@ -2219,10 +2155,7 @@
struct wpa_eapol_key *reply;
u8 *rbuf, *key_mic;
u8 *kde = NULL;
- size_t kde_len = 0, extra_len = 0;
-#ifdef CONFIG_TESTING_OPTIONS
- size_t pad_len = 0;
-#endif /* CONFIG_TESTING_OPTIONS */
+ size_t kde_len = 0;
if (sm->mlo.valid_links) {
u8 *pos;
@@ -2239,22 +2172,10 @@
kde_len = pos - kde;
}
-#ifdef CONFIG_TESTING_OPTIONS
- if (sm->test_eapol_m4_elems)
- extra_len = wpabuf_len(sm->test_eapol_m4_elems);
- if (sm->encrypt_eapol_m4) {
- pad_len = (kde_len + extra_len) % 8;
- if (pad_len)
- pad_len = 8 - pad_len;
- extra_len += pad_len + 8;
- }
-#endif /* CONFIG_TESTING_OPTIONS */
-
mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len);
hdrlen = sizeof(*reply) + mic_len + 2;
rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL,
- hdrlen + kde_len + extra_len, &rlen,
- (void *) &reply);
+ hdrlen + kde_len, &rlen, (void *) &reply);
if (!rbuf) {
os_free(kde);
return -1;
@@ -2269,10 +2190,6 @@
key_info |= WPA_KEY_INFO_MIC;
else
key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
-#ifdef CONFIG_TESTING_OPTIONS
- if (sm->encrypt_eapol_m4)
- key_info |= WPA_KEY_INFO_ENCR_KEY_DATA;
-#endif /* CONFIG_TESTING_OPTIONS */
WPA_PUT_BE16(reply->key_info, key_info);
if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN)
WPA_PUT_BE16(reply->key_length, 0);
@@ -2282,52 +2199,12 @@
WPA_REPLAY_COUNTER_LEN);
key_mic = (u8 *) (reply + 1);
- /* Key Data length */
- WPA_PUT_BE16(key_mic + mic_len, kde_len + extra_len);
+ WPA_PUT_BE16(key_mic + mic_len, kde_len); /* Key Data length */
if (kde) {
os_memcpy(key_mic + mic_len + 2, kde, kde_len); /* Key Data */
os_free(kde);
}
-#ifdef CONFIG_TESTING_OPTIONS
- if (sm->test_eapol_m4_elems) {
- os_memcpy(key_mic + mic_len + 2 + kde_len,
- wpabuf_head(sm->test_eapol_m4_elems),
- wpabuf_len(sm->test_eapol_m4_elems));
- }
-
- if (sm->encrypt_eapol_m4) {
- u8 *plain;
- size_t plain_len;
-
- if (sm->test_eapol_m4_elems)
- extra_len = wpabuf_len(sm->test_eapol_m4_elems);
- else
- extra_len = 0;
- plain_len = kde_len + extra_len + pad_len;
- plain = os_memdup(key_mic + mic_len + 2, plain_len);
- if (!plain) {
- os_free(rbuf);
- return -1;
- }
- if (pad_len)
- plain[plain_len - pad_len] = 0xdd;
-
- wpa_hexdump_key(MSG_DEBUG, "RSN: AES-WRAP using KEK",
- ptk->kek, ptk->kek_len);
- if (aes_wrap(ptk->kek, ptk->kek_len, plain_len / 8, plain,
- key_mic + mic_len + 2)) {
- os_free(plain);
- os_free(rbuf);
- return -1;
- }
- wpa_hexdump(MSG_DEBUG,
- "RSN: Encrypted Key Data from AES-WRAP",
- key_mic + mic_len + 2, plain_len + 8);
- os_free(plain);
- }
-#endif /* CONFIG_TESTING_OPTIONS */
-
wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA: Sending EAPOL-Key 4/4");
return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen,
key_mic);
@@ -2349,8 +2226,9 @@
return -1;
}
- if (!ether_addr_equal(sm->mlo.links[link_id].bssid,
- &link_kde[RSN_MLO_LINK_KDE_LINK_MAC_INDEX])) {
+ if (os_memcmp(sm->mlo.links[link_id].bssid,
+ &link_kde[RSN_MLO_LINK_KDE_LINK_MAC_INDEX],
+ ETH_ALEN) != 0) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN: MLO Link %u MAC address (" MACSTR
") not matching association response (" MACSTR ")",
@@ -2441,7 +2319,7 @@
(unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
"RSN MLO: Invalid IGTK KDE length %lu for link ID %u",
- (unsigned long) ie->mlo_igtk_len[link_id], link_id);
+ (unsigned long) ie->mlo_igtk_len, link_id);
return -1;
}
@@ -2453,7 +2331,7 @@
(unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) {
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
"RSN MLO: Invalid BIGTK KDE length %lu for link ID %u",
- (unsigned long) ie->mlo_bigtk_len[link_id], link_id);
+ (unsigned long) ie->mlo_bigtk_len, link_id);
return -1;
}
@@ -4163,8 +4041,6 @@
#endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_TESTING_OPTIONS
wpabuf_free(sm->test_assoc_ie);
- wpabuf_free(sm->test_eapol_m2_elems);
- wpabuf_free(sm->test_eapol_m4_elems);
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_FILS_SK_PFS
crypto_ecdh_deinit(sm->fils_ecdh);
@@ -4235,7 +4111,7 @@
os_memset(sm->rx_replay_counter, 0, WPA_REPLAY_COUNTER_LEN);
sm->rx_replay_counter_set = 0;
sm->renew_snonce = 1;
- if (ether_addr_equal(sm->preauth_bssid, bssid))
+ if (os_memcmp(sm->preauth_bssid, bssid, ETH_ALEN) == 0)
rsn_preauth_deinit(sm);
#ifdef CONFIG_IEEE80211R
@@ -4681,12 +4557,6 @@
case WPA_PARAM_DISABLE_EAPOL_G2_TX:
sm->disable_eapol_g2_tx = value;
break;
- case WPA_PARAM_ENCRYPT_EAPOL_M2:
- sm->encrypt_eapol_m2 = value;
- break;
- case WPA_PARAM_ENCRYPT_EAPOL_M4:
- sm->encrypt_eapol_m4 = value;
- break;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_DPP2
case WPA_PARAM_DPP_PFS:
@@ -4696,9 +4566,6 @@
case WPA_PARAM_WMM_ENABLED:
sm->wmm_enabled = value;
break;
- case WPA_PARAM_FT_PREPEND_PMKID:
- sm->ft_prepend_pmkid = value;
- break;
default:
break;
}
@@ -5380,20 +5247,6 @@
}
-void wpa_sm_set_test_eapol_m2_elems(struct wpa_sm *sm, struct wpabuf *buf)
-{
- wpabuf_free(sm->test_eapol_m2_elems);
- sm->test_eapol_m2_elems = buf;
-}
-
-
-void wpa_sm_set_test_eapol_m4_elems(struct wpa_sm *sm, struct wpabuf *buf)
-{
- wpabuf_free(sm->test_eapol_m4_elems);
- sm->test_eapol_m4_elems = buf;
-}
-
-
const u8 * wpa_sm_get_anonce(struct wpa_sm *sm)
{
return sm->anonce;