[wlan][sme] Add rsn capabilities to softAP
This resolves an issue where vendor drivers might add a 0 cap byte
and break secure associations due to a mismatch in our EAPOL msg 3.
Test: Manual
Fixes: 120733
Change-Id: Iec6983329809ee0239e6016a9d8ea79e9c5688d1
Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/796483
Commit-Queue: Dylan Swiggett <swiggett@google.com>
Reviewed-by: Karthik Krishnaswami <karthikrish@google.com>
diff --git a/src/connectivity/wlan/lib/sme/src/ap/mod.rs b/src/connectivity/wlan/lib/sme/src/ap/mod.rs
index 001e8f3..8e555b5 100644
--- a/src/connectivity/wlan/lib/sme/src/ap/mod.rs
+++ b/src/connectivity/wlan/lib/sme/src/ap/mod.rs
@@ -25,7 +25,11 @@
wlan_common::{
capabilities::get_device_band_cap,
channel::{Cbw, Channel},
- ie::{parse_ht_capabilities, rsn::rsne::Rsne, ChanWidthSet, SupportedRate},
+ ie::{
+ parse_ht_capabilities,
+ rsn::rsne::{RsnCapabilities, Rsne},
+ ChanWidthSet, SupportedRate,
+ },
mac,
timer::{self, EventId, TimedEvent, Timer},
RadioConfig,
@@ -824,7 +828,7 @@
// Note: TKIP is legacy and considered insecure. Only allow CCMP usage
// for group and pairwise ciphers.
- Ok(Some(RsnCfg { psk, rsne: Rsne::wpa2_rsne() }))
+ Ok(Some(RsnCfg { psk, rsne: Rsne::wpa2_rsne_with_caps(RsnCapabilities(0)) }))
}
}
diff --git a/src/connectivity/wlan/testing/hw-sim/src/lib.rs b/src/connectivity/wlan/testing/hw-sim/src/lib.rs
index 733126c..487fb11 100644
--- a/src/connectivity/wlan/testing/hw-sim/src/lib.rs
+++ b/src/connectivity/wlan/testing/hw-sim/src/lib.rs
@@ -252,9 +252,9 @@
Protection::Wpa2Wpa3Personal => {
wlan_rsn::ProtectionInfo::Rsne(rsne::Rsne::wpa2_wpa3_rsne())
}
- Protection::Wpa2Personal | Protection::Wpa1Wpa2Personal => {
- wlan_rsn::ProtectionInfo::Rsne(rsne::Rsne::wpa2_rsne())
- }
+ Protection::Wpa2Personal | Protection::Wpa1Wpa2Personal => wlan_rsn::ProtectionInfo::Rsne(
+ rsne::Rsne::wpa2_rsne_with_caps(rsne::RsnCapabilities(0)),
+ ),
Protection::Wpa2PersonalTkipOnly | Protection::Wpa1Wpa2PersonalTkipOnly => {
panic!("need tkip support")
}
@@ -281,7 +281,9 @@
Protection::Wpa1 => wlan_rsn::ProtectionInfo::LegacyWpa(
wpa::fake_wpa_ies::fake_deprecated_wpa1_vendor_ie(),
),
- Protection::Wpa2Personal => wlan_rsn::ProtectionInfo::Rsne(rsne::Rsne::wpa2_rsne()),
+ Protection::Wpa2Personal => wlan_rsn::ProtectionInfo::Rsne(
+ rsne::Rsne::wpa2_rsne_with_caps(rsne::RsnCapabilities(0)),
+ ),
_ => unreachable!("impossible combination in this nested match"),
};
wlan_rsn::Authenticator::new_wpa2psk_ccmp128(
@@ -447,7 +449,8 @@
rsne?: match protection {
Protection::Unknown => panic!("Cannot send beacon with unknown protection"),
Protection::Open | Protection::Wep | Protection::Wpa1 => None,
- Protection::Wpa1Wpa2Personal | Protection::Wpa2Personal => Some(rsne::Rsne::wpa2_rsne()),
+ Protection::Wpa1Wpa2Personal | Protection::Wpa2Personal =>
+ Some(rsne::Rsne::wpa2_rsne_with_caps(rsne::RsnCapabilities(0))),
Protection::Wpa2Wpa3Personal => Some(rsne::Rsne::wpa2_wpa3_rsne()),
Protection::Wpa3Personal => Some(rsne::Rsne::wpa3_rsne()),
_ => panic!("unsupported fake beacon: {:?}", protection),
