[PATCH 7/9] BSS: MLD: Add verification for the pairwise cipher

Benjamin Berg benjamin at sipsolutions.net
Wed Jun 18 05:35:29 PDT 2025


From: Benjamin Berg <benjamin.berg at intel.com>

Check that there is a valid pairwise cipher for an EHT AP. Also verify
that each potential link has a pairwise cipher in common with the
association link.

Signed-off-by: Benjamin Berg <benjamin.berg at intel.com>
---
 wpa_supplicant/bss.c | 51 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 38 insertions(+), 13 deletions(-)

diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index ce250655a5..e4fa8ee6d2 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -1686,14 +1686,15 @@ wpa_bss_parse_ml_rnr_ap_info(struct wpa_supplicant *wpa_s,
  * @bss: BSS table entry
  * Returns: true if the BSS configuration matches local profile and the elements
  * meet MLO requirements, false otherwise
- * @key_mgmt: Pointer to store key management
  * @rsne_type_p: Type of RSNE to validate. If -1 is given, choose as per the
  *	presence of RSN elements (association link); otherwise, validate
  *	against the requested type (other affiliated links).
+ * @ref_wpa_ie: WPA IE data from the main link to compare against
  */
 static bool
 wpa_bss_validate_rsne_ml(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
-			 struct wpa_bss *bss, int *key_mgmt, int *rsne_type_p)
+			 struct wpa_bss *bss, int *rsne_type_p,
+			 struct wpa_ie_data *ref_wpa_ie)
 {
 	struct ieee802_11_elems elems;
 	struct wpa_ie_data wpa_ie;
@@ -1744,14 +1745,41 @@ wpa_bss_validate_rsne_ml(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
 
 	wpa_ie.key_mgmt &= ~(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK |
 			     WPA_KEY_MGMT_PSK_SHA256);
+	if (!(wpa_ie.key_mgmt & ssid->key_mgmt)) {
+		wpa_dbg(wpa_s, MSG_DEBUG,
+			"MLD: No valid key management");
+		return false;
+	}
 	wpa_dbg(wpa_s, MSG_DEBUG, "MLD: key_mgmt=0x%x", wpa_ie.key_mgmt);
 
-	if (key_mgmt)
-		*key_mgmt = wpa_ie.key_mgmt;
+	wpa_ie.pairwise_cipher &= ~(WPA_CIPHER_NONE | WPA_CIPHER_WEP40 |
+				WPA_CIPHER_WEP104 | WPA_CIPHER_TKIP);
+	if (!(wpa_ie.pairwise_cipher & ssid->pairwise_cipher)) {
+		wpa_dbg(wpa_s, MSG_DEBUG,
+			"MLD: No valid pairwise cipher");
+		return false;
+	}
+
+	if (*rsne_type_p == -1) {
+		memcpy(ref_wpa_ie, &wpa_ie, sizeof(wpa_ie));
+
+		*rsne_type_p = rsne_type;
+	} else {
+		/* Verifying the neighbor given rsne_type_p and ref_wpa_ie */
+		if (!(wpa_ie.key_mgmt & ref_wpa_ie->key_mgmt)) {
+			wpa_dbg(wpa_s, MSG_DEBUG,
+				"MLD: neighbor without common AKM");
+			return false;
+		}
 
-	*rsne_type_p = rsne_type;
+		if (!(wpa_ie.pairwise_cipher & ref_wpa_ie->pairwise_cipher)) {
+			wpa_dbg(wpa_s, MSG_DEBUG,
+				"MLD: neighbor without common pairwise cipher");
+			return false;
+		}
+	}
 
-	return !!(wpa_ie.key_mgmt & ssid->key_mgmt);
+	return true;
 }
 
 
@@ -1771,7 +1799,8 @@ u16 wpa_bss_get_usable_links(struct wpa_supplicant *wpa_s,
 			     struct wpa_ssid *ssid,
 			     u16 *missing_links)
 {
-	int rsne_type, key_mgmt;
+	struct wpa_ie_data wpa_ie;
+	int rsne_type;
 	u16 usable_links = 0;
 	u8 link_id;
 
@@ -1780,8 +1809,7 @@ u16 wpa_bss_get_usable_links(struct wpa_supplicant *wpa_s,
 
 	rsne_type = -1;
 	if (ssid &&
-	    !wpa_bss_validate_rsne_ml(wpa_s, ssid, bss, &key_mgmt,
-				      &rsne_type)) {
+	    !wpa_bss_validate_rsne_ml(wpa_s, ssid, bss, &rsne_type, &wpa_ie)) {
 		wpa_dbg(wpa_s, MSG_DEBUG, "MLD: No valid key management");
 		return 0;
 	}
@@ -1860,8 +1888,6 @@ u16 wpa_bss_get_usable_links(struct wpa_supplicant *wpa_s,
 		}
 
 		if (ssid) {
-			int neigh_key_mgmt;
-
 			/* As per IEEE P802.11be/D7.0, 12.6.2 (RSNA selection), all APs
 			 * affiliated with an AP MLD shall advertise at least one common
 			 * AKM suite selector in the AKM Suite List field of an RSNE or
@@ -1869,8 +1895,7 @@ u16 wpa_bss_get_usable_links(struct wpa_supplicant *wpa_s,
 			 * configuration with the association link.
 			 */
 			if (!wpa_bss_validate_rsne_ml(wpa_s, ssid, neigh_bss,
-						      &neigh_key_mgmt, &rsne_type) ||
-			    !(key_mgmt & neigh_key_mgmt)) {
+						      &rsne_type, &wpa_ie)) {
 				wpa_printf(MSG_DEBUG,
 					   "MLD: Discard link %u due to RSN parameter mismatch",
 					   link_id);
-- 
2.49.0




More information about the Hostap mailing list