handshake: pass object to handshake_util_ap_ie_matches

This is to prepare for supporting a vendor quirk, where we'll need the handshake to lookup if the quirk to disable a specific check.
2025-09-16 12:27:27 +02:00 · 2025-08-27 05:54:53 -07:00 · 2025-08-27 05:54:53 -07:00 · 54c0dbb3c8
commit 54c0dbb3c8
parent 6e9e0928b0
4 changed files with 11 additions and 7 deletions
--- a/src/eapol.c
+++ b/src/eapol.c
@ -1810,7 +1810,7 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,

 	if ((rsne[1] != hs->authenticator_ie[1] ||
 			memcmp(rsne + 2, hs->authenticator_ie + 2, rsne[1])) &&
-			!handshake_util_ap_ie_matches(&rsn_info,
+			!handshake_util_ap_ie_matches(hs, &rsn_info,
 							hs->authenticator_ie,
 							hs->wpa_ie))
 		goto error_ie_different;
--- a/src/ft.c
+++ b/src/ft.c
@ -223,7 +223,8 @@ static bool ft_parse_associate_resp_frame(const uint8_t *frame, size_t frame_len
 	return true;
 }

-static bool ft_verify_rsne(const uint8_t *rsne, const uint8_t *pmk_r0_name,
+static bool ft_verify_rsne(struct handshake_state *hs,
+				const uint8_t *rsne, const uint8_t *pmk_r0_name,
 				const uint8_t *authenticator_ie)
 {
 	/*
@ -253,7 +254,7 @@ static bool ft_verify_rsne(const uint8_t *rsne, const uint8_t *pmk_r0_name,
 				memcmp(msg2_rsne.pmkids, pmk_r0_name, 16))
 		return false;

-	if (!handshake_util_ap_ie_matches(&msg2_rsne, authenticator_ie, false))
+	if (!handshake_util_ap_ie_matches(hs, &msg2_rsne, authenticator_ie, false))
 		return false;

 	return true;
@ -301,7 +302,8 @@ static int parse_ies(struct handshake_state *hs,
 	is_rsn = hs->supplicant_ie != NULL;

 	if (is_rsn) {
-		if (!ft_verify_rsne(rsne, hs->pmk_r0_name, authenticator_ie))
+		if (!ft_verify_rsne(hs, rsne, hs->pmk_r0_name,
+					authenticator_ie))
 			goto ft_error;
 	} else if (rsne)
 		goto ft_error;
@ -480,7 +482,7 @@ int __ft_rx_associate(uint32_t ifindex, const uint8_t *frame, size_t frame_len)
 				memcmp(msg4_rsne.pmkids, hs->pmk_r1_name, 16))
 			return -EBADMSG;

-		if (!handshake_util_ap_ie_matches(&msg4_rsne,
+		if (!handshake_util_ap_ie_matches(hs, &msg4_rsne,
 							hs->authenticator_ie,
 							false))
 			return -EBADMSG;
--- a/src/handshake.c
+++ b/src/handshake.c
@ -877,7 +877,8 @@ void handshake_state_set_igtk(struct handshake_state *s, const uint8_t *key,
 * results vs the RSN/WPA IE obtained as part of the 4-way handshake.  If they
 * don't match, the EAPoL packet must be silently discarded.
 */
-bool handshake_util_ap_ie_matches(const struct ie_rsn_info *msg_info,
+bool handshake_util_ap_ie_matches(struct handshake_state *s,
+					const struct ie_rsn_info *msg_info,
 					const uint8_t *scan_ie, bool is_wpa)
 {
 	struct ie_rsn_info scan_info;
--- a/src/handshake.h
+++ b/src/handshake.h
@ -312,7 +312,8 @@ bool handshake_state_set_pmksa(struct handshake_state *s, struct pmksa *pmksa);
 void handshake_state_cache_pmksa(struct handshake_state *s);
 bool handshake_state_remove_pmksa(struct handshake_state *s);

-bool handshake_util_ap_ie_matches(const struct ie_rsn_info *msg_info,
+bool handshake_util_ap_ie_matches(struct handshake_state *s,
+					const struct ie_rsn_info *msg_info,
 					const uint8_t *scan_ie, bool is_wpa);

 const uint8_t *handshake_util_find_kde(enum handshake_kde selector,