3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 04:32:37 +01:00

anqp: Ensure a random token is used

This commit is contained in:
Denis Kenzior 2021-07-05 20:25:14 -05:00
parent 667023b01b
commit dcd48e1f66

View File

@ -53,8 +53,6 @@ struct anqp_request {
uint32_t id; uint32_t id;
}; };
static uint8_t anqp_token = 0;
static void anqp_destroy(void *user_data) static void anqp_destroy(void *user_data)
{ {
struct anqp_request *request = user_data; struct anqp_request *request = user_data;
@ -185,6 +183,7 @@ static void anqp_frame_timeout(int error, void *user_data)
} }
static uint8_t *anqp_build_frame(const uint8_t *addr, struct scan_bss *bss, static uint8_t *anqp_build_frame(const uint8_t *addr, struct scan_bss *bss,
uint8_t anqp_token,
const uint8_t *anqp, size_t len, const uint8_t *anqp, size_t len,
size_t *len_out) size_t *len_out)
{ {
@ -202,7 +201,7 @@ static uint8_t *anqp_build_frame(const uint8_t *addr, struct scan_bss *bss,
*ptr++ = 0x04; /* Category: Public */ *ptr++ = 0x04; /* Category: Public */
*ptr++ = 0x0a; /* Action: GAS initial Request */ *ptr++ = 0x0a; /* Action: GAS initial Request */
*ptr++ = anqp_token++; /* Dialog Token */ *ptr++ = anqp_token; /* Dialog Token */
*ptr++ = IE_TYPE_ADVERTISEMENT_PROTOCOL; *ptr++ = IE_TYPE_ADVERTISEMENT_PROTOCOL;
*ptr++ = 2; *ptr++ = 2;
@ -233,10 +232,16 @@ uint32_t anqp_request(uint64_t wdev_id, const uint8_t *addr,
request->frequency = bss->frequency; request->frequency = bss->frequency;
request->anqp_cb = cb; request->anqp_cb = cb;
request->anqp_destroy = destroy; request->anqp_destroy = destroy;
request->anqp_token = anqp_token; /*
* WPA3 Specificiation version 3, Section 9.4:
* "A STA shall use a randomized dialog token for every new GAS
* exchange."
*/
l_getrandom(&request->anqp_token, sizeof(request->anqp_token));
request->anqp_data = user_data; request->anqp_data = user_data;
request->frame = anqp_build_frame(addr, bss, anqp, len, request->frame = anqp_build_frame(addr, bss, request->anqp_token,
anqp, len,
&request->frame_len); &request->frame_len);
iov[0].iov_base = request->frame; iov[0].iov_base = request->frame;