From patchwork Fri Sep 23 07:15:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhao Chen X-Patchwork-Id: 1681456 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=zMgLx93d; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=mediatek.com header.i=@mediatek.com header.a=rsa-sha256 header.s=dk header.b=B/B2gblb; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MYk4n6T80z1yqV for ; Fri, 23 Sep 2022 17:17:45 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=k19ne/6wqYYTLNy0sr4g4XRSGsbprAPiA8db2nOkKPo=; b=zMgLx93dvXojTM OYXt2MKq/5zahFke+n/JHfGO8Sp3HfxmFBdMpM9qIkx1WXLBn24T4uXckx61IwYuu/1f35g8cU22h WVt9YvvlmrwpLCbRhvIUl6C5YUUs1Qedkb5chmKq8ClBv/LXmTfeXjrTHRZCJlW4cHVg+mq3Z7R7g YDoEowIe7pyyoFbP5tQLsM3MlyQ4idt8dZ5/D83g8WPPDbHut0t+E06UFwuCqvd+krEGuHbjtiamo mtmBxebyNDz0X/owbgEkExTIrmOWFhuymZLmVtdKNTmTremx877B6IRMEx3MOFLVWROxznF7Fr4jF oAIf6i4xWpsdWp1HG+Ig==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1obcvO-002eNS-Ub; Fri, 23 Sep 2022 07:16:39 +0000 Received: from mailgw02.mediatek.com ([216.200.240.185]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1obcvM-002eKm-Df for hostap@lists.infradead.org; Fri, 23 Sep 2022 07:16:38 +0000 X-UUID: 88cff8d6405146bab3e7fad63ef6c02a-20220923 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mediatek.com; s=dk; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:CC:To:From; bh=g++2o8H7rI2k+sWHQvs9Qnn6mSg7I1fuIffgdaIKbL4=; b=B/B2gblbyygcJshuV2p6zJHPvaa9vvLMPhnG0tsE7CHLFyiioEXi2GZTPDKu2Y6uSYQnvo6K4IdOBpvslXW6OujuB6MeaNkaU5IekleS7i7RZIYstkRqBgZzxVTYDis8XAvZJQNIPx9hoOK2aQCjtaf8a7P4fyiE/9iIhdQ+i9k=; X-CID-UNFAMILIAR: 1 X-CID-P-RULE: Release_Ham X-CID-O-INFO: VERSION:1.1.11,REQID:8b9ec2a4-ba38-4d4e-804e-6e93559ea106,IP:0,U RL:0,TC:0,Content:0,EDM:0,RT:0,SF:100,FILE:0,BULK:0,RULE:Release_Ham,ACTIO N:release,TS:100 X-CID-INFO: VERSION:1.1.11,REQID:8b9ec2a4-ba38-4d4e-804e-6e93559ea106,IP:0,URL :0,TC:0,Content:0,EDM:0,RT:0,SF:100,FILE:0,BULK:0,RULE:Spam_GS981B3D,ACTIO N:quarantine,TS:100 X-CID-META: VersionHash:39a5ff1,CLOUDID:26e2c706-1cee-4c38-b21b-a45f9682fdc0,B ulkID:220923151628FJSMMPRE,BulkQuantity:0,Recheck:0,SF:28|16|19|48,TC:nil, Content:0,EDM:-3,IP:nil,URL:0,File:nil,Bulk:nil,QS:nil,BEC:nil,COL:0 X-UUID: 88cff8d6405146bab3e7fad63ef6c02a-20220923 Received: from mtkmbs13n1.mediatek.inc [(172.21.101.193)] by mailgw02.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256) with ESMTP id 887604424; Fri, 23 Sep 2022 00:16:26 -0700 Received: from mtkmbs11n2.mediatek.inc (172.21.101.187) by mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Fri, 23 Sep 2022 15:15:52 +0800 Received: from localhost.localdomain (10.17.3.154) by mtkmbs11n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.792.15 via Frontend Transport; Fri, 23 Sep 2022 15:15:52 +0800 From: Zhao Chen To: CC: , , Zhao Chen Subject: [PATCH] Only allow OWE and SAE H2E on 6 Ghz Date: Fri, 23 Sep 2022 15:15:50 +0800 Message-ID: <20220923071550.24906-1-zhao.chen@mediatek.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220923_001636_751244_2EF4AF3D X-CRM114-Status: UNSURE ( 9.94 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.1 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: If the Bss is on 6 Gzh band, only allow OWE and SAE H2E to pass bss check Signed-off-by: Zhao Chen --- wpa_supplicant/events.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) Content analysis details: (-0.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 URIBL_CSS Contains an URL's NS IP listed in the Spamhaus CSS blocklist [URIs: mediatek.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org If the Bss is on 6 Gzh band, only allow OWE and SAE H2E to pass bss check Signed-off-by: Zhao Chen --- wpa_supplicant/events.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index e0a97bc2e..5bf1520df 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -1403,6 +1403,22 @@ static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, } #endif /* CONFIG_SAE */ + /* Only OWE and SAE H2E are allowed for 6 GHz. */ + if(is_6ghz_freq(bss->freq)) + { + if (!(ssid->key_mgmt & WPA_KEY_MGMT_OWE) +#ifdef CONFIG_SAE + && !(wpa_key_mgmt_sae(ssid->key_mgmt) + && (rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) +#endif /* CONFIG_SAE */ + ) { + if (debug_print) + wpa_dbg(wpa_s, MSG_DEBUG, + " skip - 6 Ghz AP but not OWE and not SAE H2E"); + return false; + } + } + #ifdef CONFIG_SAE_PK if (ssid->sae_pk == SAE_PK_MODE_ONLY && !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK))) {