static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
const unsigned char *src_addr,
struct wpa_eapol_ie_parse *ie)
{
if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL) {
wpa_printf(MSG_DEBUG, "WPA: No WPA/RSN IE for this AP known. "
"Trying to get from scan results");
if (wpa_sm_get_beacon_ie(sm) < 0) {
wpa_printf(MSG_WARNING, "WPA: Could not find AP from "
"the scan results");
} else {
wpa_printf(MSG_DEBUG, "WPA: Found the current AP from "
"updated scan results");
}
}
if (ie->wpa_ie == NULL && ie->rsn_ie == NULL &&
(sm->ap_wpa_ie || sm->ap_rsn_ie)) {
wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
"with IE in Beacon/ProbeResp (no IE?)",
src_addr, ie->wpa_ie, ie->wpa_ie_len,
ie->rsn_ie, ie->rsn_ie_len);
return -1;
}
if ((ie->wpa_ie && sm->ap_wpa_ie &&
(ie->wpa_ie_len != sm->ap_wpa_ie_len ||
os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
(ie->rsn_ie && sm->ap_rsn_ie &&
wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt),
sm->ap_rsn_ie, sm->ap_rsn_ie_len,
ie->rsn_ie, ie->rsn_ie_len))) {
wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
"with IE in Beacon/ProbeResp",
src_addr, ie->wpa_ie, ie->wpa_ie_len,
ie->rsn_ie, ie->rsn_ie_len);
return -1;
}
if (sm->proto == WPA_PROTO_WPA &&
ie->rsn_ie && sm->ap_rsn_ie == NULL && sm->rsn_enabled) {
wpa_report_ie_mismatch(sm, "Possible downgrade attack "
"detected - RSN was enabled and RSN IE "
"was in msg 3/4, but not in "
"Beacon/ProbeResp",
src_addr, ie->wpa_ie, ie->wpa_ie_len,
ie->rsn_ie, ie->rsn_ie_len);
return -1;
}
#ifdef CONFIG_IEEE80211R
if (wpa_key_mgmt_ft(sm->key_mgmt) &&
wpa_supplicant_validate_ie_ft(sm, src_addr, ie) < 0)
return -1;
#endif /* CONFIG_IEEE80211R */
return 0;
}
static int wpa_supplicant_validate_ie(struct wpa_sm *sm,
const unsigned char *src_addr,
struct wpa_eapol_ie_parse *ie)
{
struct wpa_ssid *ssid = sm->cur_ssid; //wp
if (sm->ap_wpa_ie == NULL && sm->ap_rsn_ie == NULL)
{
lwip_log("WPA: No WPA/RSN IE for this AP known. Trying to get from scan results\n");
}
if (ie->wpa_ie == NULL && ie->rsn_ie == NULL && (sm->ap_wpa_ie || sm->ap_rsn_ie))
{
wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match "
"with IE in Beacon/ProbeResp (no IE?)",
src_addr, ie->wpa_ie, ie->wpa_ie_len,
ie->rsn_ie, ie->rsn_ie_len);
return -1;
}
if ((ie->wpa_ie && sm->ap_wpa_ie &&
(ie->wpa_ie_len != sm->ap_wpa_ie_len ||
os_memcmp(ie->wpa_ie, sm->ap_wpa_ie, ie->wpa_ie_len) != 0)) ||
(ie->rsn_ie && sm->ap_rsn_ie &&
(ie->rsn_ie_len != sm->ap_rsn_ie_len ||
os_memcmp(ie->rsn_ie, sm->ap_rsn_ie, ie->rsn_ie_len) != 0)))
{
wpa_report_ie_mismatch(sm, "IE in 3/4 msg does not match with IE in Beacon/ProbeResp",
src_addr, ie->wpa_ie, ie->wpa_ie_len,
ie->rsn_ie, ie->rsn_ie_len);
return -1;
}
if (sm->proto == WPA_PROTO_WPA &&
ie->rsn_ie && sm->ap_rsn_ie == NULL &&
ssid && (ssid->proto & WPA_PROTO_RSN)) {
wpa_report_ie_mismatch(sm, "Possible downgrade attack "
"detected - RSN was enabled and RSN IE "
"was in msg 3/4, but not in "
"Beacon/ProbeResp",
src_addr, ie->wpa_ie, ie->wpa_ie_len,
ie->rsn_ie, ie->rsn_ie_len);
return -1;
}
return 0;
}
