fragattack: add GET_GTK and return key index as well

2025-01-30 16:54:04 -05:00 · 2020-03-13 06:49:09 -04:00 · 2020-03-13 06:49:09 -04:00 · 0e59343a22
commit 0e59343a22
parent c5659bf2b3
5 changed files with 38 additions and 0 deletions
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@ -2442,6 +2442,21 @@ static int hostapd_get_tk(struct hostapd_data *hapd, const char *txtaddr, char *
 	return res;
 }

+
+static int hostapd_get_gtk(struct hostapd_data *hapd,  char *buf, size_t buflen)
+{
+	int pos;
+
+	if (hapd->last_gtk_len <= 0)
+		return -1;
+	if (buflen < hapd->last_gtk_len + 20)
+		return -1;
+
+	pos  = wpa_snprintf_hex(buf, buflen,  hapd->last_gtk, hapd->last_gtk_len);
+	pos += os_snprintf(buf + pos, buflen - pos, " %d\n", hapd->last_gtk_key_idx);
+	return pos;
+}
+
 #endif /* CONFIG_TESTING_OPTIONS */


@ -3315,6 +3330,8 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
 						 reply_size);
 	} else if (os_strncmp(buf, "GET_TK ", 7) == 0) {
 		reply_len = hostapd_get_tk(hapd, buf + 7, reply, reply_size);
+	} else if (os_strcmp(buf, "GET_GTK") == 0) {
+		reply_len = hostapd_get_gtk(hapd, reply, reply_size);
 #endif /* CONFIG_TESTING_OPTIONS */
 	} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
 		if (hostapd_ctrl_iface_chan_switch(hapd->iface, buf + 12))
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@ -40,6 +40,7 @@ endif

 ifdef CONFIG_TESTING_OPTIONS
 CFLAGS += -DCONFIG_TESTING_OPTIONS
+CFLAGS += -DCONFIG_TESTING_GET_GTK
 CONFIG_WPS_TESTING=y
 CONFIG_TDLS_TESTING=y
 endif
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@ -9424,6 +9424,22 @@ static int wpas_ctrl_resend_assoc(struct wpa_supplicant *wpa_s)
 #endif /* CONFIG_SME */
 }

+
+static int wpa_supplicant_ctrl_iface_get_gtk(struct wpa_supplicant *wpa_s,
+					     char *buf, size_t buflen)
+{
+	int pos;
+
+	if (wpa_s->last_gtk_len == 0)
+		return -1;
+	if (buflen < wpa_s->last_gtk_len + 20)
+		return -1;
+
+	pos  = wpa_snprintf_hex(buf, buflen,  wpa_s->last_gtk, wpa_s->last_gtk_len);
+	pos += os_snprintf(buf + pos, buflen - pos, " %d\n", wpa_s->last_gtk_idx);
+	return pos;
+}
+
 #endif /* CONFIG_TESTING_OPTIONS */


@ -10767,6 +10783,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
 		sme_event_unprot_disconnect(
 			wpa_s, wpa_s->bssid, NULL,
 			WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
+	} else if (os_strcmp(buf, "GET_GTK") == 0) {
+		reply_len = wpa_supplicant_ctrl_iface_get_gtk(wpa_s, reply, reply_size);
 #endif /* CONFIG_TESTING_OPTIONS */
 	} else if (os_strncmp(buf, "VENDOR_ELEM_ADD ", 16) == 0) {
 		if (wpas_ctrl_vendor_elem_add(wpa_s, buf + 16) < 0)
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@ -1112,6 +1112,7 @@ struct wpa_supplicant {
 #ifdef CONFIG_TESTING_GET_GTK
 	u8 last_gtk[32];
 	size_t last_gtk_len;
+	int last_gtk_idx;
 #endif /* CONFIG_TESTING_GET_GTK */

 	unsigned int num_multichan_concurrent;
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@ -515,6 +515,7 @@ static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg,
 	    alg != WPA_ALG_NONE && key_len <= sizeof(wpa_s->last_gtk)) {
 		os_memcpy(wpa_s->last_gtk, key, key_len);
 		wpa_s->last_gtk_len = key_len;
+		wpa_s->last_gtk_idx = key_idx;
 	}
 #endif /* CONFIG_TESTING_GET_GTK */
 #ifdef CONFIG_TESTING_OPTIONS