From 54c0dbb3c8d1d7935a7fd6bd5fcdbb974117974c Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Wed, 27 Aug 2025 05:54:53 -0700 Subject: [PATCH] handshake: pass object to handshake_util_ap_ie_matches This is to prepare for supporting a vendor quirk, where we'll need the handshake to lookup if the quirk to disable a specific check. --- src/eapol.c | 2 +- src/ft.c | 10 ++++++---- src/handshake.c | 3 ++- src/handshake.h | 3 ++- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 6e37a54a..ab77746f 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1810,7 +1810,7 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm, if ((rsne[1] != hs->authenticator_ie[1] || memcmp(rsne + 2, hs->authenticator_ie + 2, rsne[1])) && - !handshake_util_ap_ie_matches(&rsn_info, + !handshake_util_ap_ie_matches(hs, &rsn_info, hs->authenticator_ie, hs->wpa_ie)) goto error_ie_different; diff --git a/src/ft.c b/src/ft.c index d8bee74c..0d6be4d4 100644 --- a/src/ft.c +++ b/src/ft.c @@ -223,7 +223,8 @@ static bool ft_parse_associate_resp_frame(const uint8_t *frame, size_t frame_len return true; } -static bool ft_verify_rsne(const uint8_t *rsne, const uint8_t *pmk_r0_name, +static bool ft_verify_rsne(struct handshake_state *hs, + const uint8_t *rsne, const uint8_t *pmk_r0_name, const uint8_t *authenticator_ie) { /* @@ -253,7 +254,7 @@ static bool ft_verify_rsne(const uint8_t *rsne, const uint8_t *pmk_r0_name, memcmp(msg2_rsne.pmkids, pmk_r0_name, 16)) return false; - if (!handshake_util_ap_ie_matches(&msg2_rsne, authenticator_ie, false)) + if (!handshake_util_ap_ie_matches(hs, &msg2_rsne, authenticator_ie, false)) return false; return true; @@ -301,7 +302,8 @@ static int parse_ies(struct handshake_state *hs, is_rsn = hs->supplicant_ie != NULL; if (is_rsn) { - if (!ft_verify_rsne(rsne, hs->pmk_r0_name, authenticator_ie)) + if (!ft_verify_rsne(hs, rsne, hs->pmk_r0_name, + authenticator_ie)) goto ft_error; } else if (rsne) goto ft_error; @@ -480,7 +482,7 @@ int __ft_rx_associate(uint32_t ifindex, const uint8_t *frame, size_t frame_len) memcmp(msg4_rsne.pmkids, hs->pmk_r1_name, 16)) return -EBADMSG; - if (!handshake_util_ap_ie_matches(&msg4_rsne, + if (!handshake_util_ap_ie_matches(hs, &msg4_rsne, hs->authenticator_ie, false)) return -EBADMSG; diff --git a/src/handshake.c b/src/handshake.c index c469e6fa..92edac30 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -877,7 +877,8 @@ void handshake_state_set_igtk(struct handshake_state *s, const uint8_t *key, * results vs the RSN/WPA IE obtained as part of the 4-way handshake. If they * don't match, the EAPoL packet must be silently discarded. */ -bool handshake_util_ap_ie_matches(const struct ie_rsn_info *msg_info, +bool handshake_util_ap_ie_matches(struct handshake_state *s, + const struct ie_rsn_info *msg_info, const uint8_t *scan_ie, bool is_wpa) { struct ie_rsn_info scan_info; diff --git a/src/handshake.h b/src/handshake.h index c6e3c10b..b8891490 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -312,7 +312,8 @@ bool handshake_state_set_pmksa(struct handshake_state *s, struct pmksa *pmksa); void handshake_state_cache_pmksa(struct handshake_state *s); bool handshake_state_remove_pmksa(struct handshake_state *s); -bool handshake_util_ap_ie_matches(const struct ie_rsn_info *msg_info, +bool handshake_util_ap_ie_matches(struct handshake_state *s, + const struct ie_rsn_info *msg_info, const uint8_t *scan_ie, bool is_wpa); const uint8_t *handshake_util_find_kde(enum handshake_kde selector,