mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
wlantest: Add support for OSEN
This allows Hotspot 2.0 OSEN connection to be analyzed more conveniently. The frames from an OSEN association can now be decrypted using an MSK file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
84a4084177
commit
f6ff5160f0
@ -44,6 +44,7 @@ OBJS_lib += ../src/crypto/libcrypto.a
|
|||||||
CFLAGS += -DCONFIG_PEERKEY
|
CFLAGS += -DCONFIG_PEERKEY
|
||||||
CFLAGS += -DCONFIG_IEEE80211W
|
CFLAGS += -DCONFIG_IEEE80211W
|
||||||
CFLAGS += -DCONFIG_IEEE80211R
|
CFLAGS += -DCONFIG_IEEE80211R
|
||||||
|
CFLAGS += -DCONFIG_HS20
|
||||||
CFLAGS += -DCONFIG_DEBUG_FILE
|
CFLAGS += -DCONFIG_DEBUG_FILE
|
||||||
|
|
||||||
OBJS += ../src/common/ieee802_11_common.o
|
OBJS += ../src/common/ieee802_11_common.o
|
||||||
|
@ -154,6 +154,26 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
|
|||||||
bss_add_pmk(wt, bss);
|
bss_add_pmk(wt, bss);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (elems->osen == NULL) {
|
||||||
|
if (bss->osenie[0]) {
|
||||||
|
add_note(wt, MSG_INFO, "BSS " MACSTR
|
||||||
|
" - OSEN IE removed", MAC2STR(bss->bssid));
|
||||||
|
bss->rsnie[0] = 0;
|
||||||
|
update = 1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (bss->osenie[0] == 0 ||
|
||||||
|
os_memcmp(bss->osenie, elems->osen - 2,
|
||||||
|
elems->osen_len + 2) != 0) {
|
||||||
|
wpa_printf(MSG_INFO, "BSS " MACSTR " - OSEN IE "
|
||||||
|
"stored", MAC2STR(bss->bssid));
|
||||||
|
wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
|
||||||
|
elems->osen_len + 2);
|
||||||
|
update = 1;
|
||||||
|
}
|
||||||
|
os_memcpy(bss->osenie, elems->osen - 2,
|
||||||
|
elems->osen_len + 2);
|
||||||
|
}
|
||||||
|
|
||||||
if (elems->rsn_ie == NULL) {
|
if (elems->rsn_ie == NULL) {
|
||||||
if (bss->rsnie[0]) {
|
if (bss->rsnie[0]) {
|
||||||
@ -238,25 +258,33 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (bss->osenie[0]) {
|
||||||
|
bss->proto |= WPA_PROTO_OSEN;
|
||||||
|
bss->pairwise_cipher |= WPA_CIPHER_CCMP;
|
||||||
|
bss->group_cipher |= WPA_CIPHER_CCMP;
|
||||||
|
bss->key_mgmt |= WPA_KEY_MGMT_OSEN;
|
||||||
|
}
|
||||||
|
|
||||||
if (!(bss->proto & WPA_PROTO_RSN) ||
|
if (!(bss->proto & WPA_PROTO_RSN) ||
|
||||||
!(bss->rsn_capab & WPA_CAPABILITY_MFPC))
|
!(bss->rsn_capab & WPA_CAPABILITY_MFPC))
|
||||||
bss->mgmt_group_cipher = 0;
|
bss->mgmt_group_cipher = 0;
|
||||||
|
|
||||||
if (!bss->wpaie[0] && !bss->rsnie[0] &&
|
if (!bss->wpaie[0] && !bss->rsnie[0] && !bss->osenie[0] &&
|
||||||
(bss->capab_info & WLAN_CAPABILITY_PRIVACY))
|
(bss->capab_info & WLAN_CAPABILITY_PRIVACY))
|
||||||
bss->group_cipher = WPA_CIPHER_WEP40;
|
bss->group_cipher = WPA_CIPHER_WEP40;
|
||||||
|
|
||||||
wpa_printf(MSG_INFO, "BSS " MACSTR
|
wpa_printf(MSG_INFO, "BSS " MACSTR
|
||||||
" proto=%s%s%s"
|
" proto=%s%s%s%s"
|
||||||
"pairwise=%s%s%s%s"
|
"pairwise=%s%s%s%s"
|
||||||
"group=%s%s%s%s%s%s"
|
"group=%s%s%s%s%s%s"
|
||||||
"mgmt_group_cipher=%s"
|
"mgmt_group_cipher=%s"
|
||||||
"key_mgmt=%s%s%s%s%s%s%s%s"
|
"key_mgmt=%s%s%s%s%s%s%s%s%s"
|
||||||
"rsn_capab=%s%s%s%s%s",
|
"rsn_capab=%s%s%s%s%s",
|
||||||
MAC2STR(bss->bssid),
|
MAC2STR(bss->bssid),
|
||||||
bss->proto == 0 ? "OPEN " : "",
|
bss->proto == 0 ? "OPEN " : "",
|
||||||
bss->proto & WPA_PROTO_WPA ? "WPA " : "",
|
bss->proto & WPA_PROTO_WPA ? "WPA " : "",
|
||||||
bss->proto & WPA_PROTO_RSN ? "WPA2 " : "",
|
bss->proto & WPA_PROTO_RSN ? "WPA2 " : "",
|
||||||
|
bss->proto & WPA_PROTO_OSEN ? "OSEN " : "",
|
||||||
bss->pairwise_cipher == 0 ? "N/A " : "",
|
bss->pairwise_cipher == 0 ? "N/A " : "",
|
||||||
bss->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
|
bss->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
|
||||||
bss->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
|
bss->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
|
||||||
@ -279,6 +307,7 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
|
|||||||
"EAP-SHA256 " : "",
|
"EAP-SHA256 " : "",
|
||||||
bss->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
|
bss->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
|
||||||
"PSK-SHA256 " : "",
|
"PSK-SHA256 " : "",
|
||||||
|
bss->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
|
||||||
bss->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
|
bss->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
|
||||||
bss->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
|
bss->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
|
||||||
"NO_PAIRWISE " : "",
|
"NO_PAIRWISE " : "",
|
||||||
|
@ -144,8 +144,8 @@ static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss,
|
|||||||
{
|
{
|
||||||
struct wlantest_pmk *pmk;
|
struct wlantest_pmk *pmk;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR,
|
wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR " (ver %u)",
|
||||||
MAC2STR(sta->addr));
|
MAC2STR(sta->addr), ver);
|
||||||
dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
|
dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
|
||||||
wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
|
wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
|
||||||
if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
|
if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
|
||||||
@ -372,6 +372,9 @@ static u8 * decrypt_eapol_key_data(struct wlantest *wt, const u8 *kek, u16 ver,
|
|||||||
case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
|
case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
|
||||||
case WPA_KEY_INFO_TYPE_AES_128_CMAC:
|
case WPA_KEY_INFO_TYPE_AES_128_CMAC:
|
||||||
return decrypt_eapol_key_data_aes(wt, kek, hdr, len);
|
return decrypt_eapol_key_data_aes(wt, kek, hdr, len);
|
||||||
|
case WPA_KEY_INFO_TYPE_AKM_DEFINED:
|
||||||
|
/* For now, assume this is OSEN */
|
||||||
|
return decrypt_eapol_key_data_aes(wt, kek, hdr, len);
|
||||||
default:
|
default:
|
||||||
add_note(wt, MSG_INFO,
|
add_note(wt, MSG_INFO,
|
||||||
"Unsupported EAPOL-Key Key Descriptor Version %u",
|
"Unsupported EAPOL-Key Key Descriptor Version %u",
|
||||||
@ -916,7 +919,8 @@ static void rx_data_eapol_key(struct wlantest *wt, const u8 *dst,
|
|||||||
|
|
||||||
if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
|
if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
|
||||||
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
|
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
|
||||||
ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
|
ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
|
||||||
|
ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
|
||||||
wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
|
wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
|
||||||
"Version %u from " MACSTR, ver, MAC2STR(src));
|
"Version %u from " MACSTR, ver, MAC2STR(src));
|
||||||
return;
|
return;
|
||||||
|
@ -82,6 +82,14 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
|
|||||||
elems->rsn_ie = NULL;
|
elems->rsn_ie = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (elems->osen && !bss->osenie[0]) {
|
||||||
|
wpa_printf(MSG_INFO, "OSEN IE included in Association Request "
|
||||||
|
"frame from " MACSTR " even though BSS does not "
|
||||||
|
"use OSEN - ignore IE",
|
||||||
|
MAC2STR(sta->addr));
|
||||||
|
elems->osen = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
if (elems->wpa_ie && elems->rsn_ie) {
|
if (elems->wpa_ie && elems->rsn_ie) {
|
||||||
wpa_printf(MSG_INFO, "Both WPA IE and RSN IE included in "
|
wpa_printf(MSG_INFO, "Both WPA IE and RSN IE included in "
|
||||||
"Association Request frame from " MACSTR,
|
"Association Request frame from " MACSTR,
|
||||||
@ -108,6 +116,15 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
|
|||||||
wpa_printf(MSG_INFO, "Failed to parse WPA IE from "
|
wpa_printf(MSG_INFO, "Failed to parse WPA IE from "
|
||||||
MACSTR, MAC2STR(sta->addr));
|
MACSTR, MAC2STR(sta->addr));
|
||||||
}
|
}
|
||||||
|
} else if (elems->osen) {
|
||||||
|
wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
|
||||||
|
elems->osen_len + 2);
|
||||||
|
os_memcpy(sta->osenie, elems->osen - 2, elems->osen_len + 2);
|
||||||
|
sta->proto = WPA_PROTO_OSEN;
|
||||||
|
sta->pairwise_cipher = WPA_CIPHER_CCMP;
|
||||||
|
sta->key_mgmt = WPA_KEY_MGMT_OSEN;
|
||||||
|
sta->rsn_capab = 0;
|
||||||
|
goto skip_rsn_wpa;
|
||||||
} else {
|
} else {
|
||||||
sta->rsnie[0] = 0;
|
sta->rsnie[0] = 0;
|
||||||
sta->proto = 0;
|
sta->proto = 0;
|
||||||
@ -151,14 +168,15 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
|
|||||||
|
|
||||||
skip_rsn_wpa:
|
skip_rsn_wpa:
|
||||||
wpa_printf(MSG_INFO, "STA " MACSTR
|
wpa_printf(MSG_INFO, "STA " MACSTR
|
||||||
" proto=%s%s%s"
|
" proto=%s%s%s%s"
|
||||||
"pairwise=%s%s%s%s"
|
"pairwise=%s%s%s%s"
|
||||||
"key_mgmt=%s%s%s%s%s%s%s%s"
|
"key_mgmt=%s%s%s%s%s%s%s%s%s"
|
||||||
"rsn_capab=%s%s%s%s%s",
|
"rsn_capab=%s%s%s%s%s",
|
||||||
MAC2STR(sta->addr),
|
MAC2STR(sta->addr),
|
||||||
sta->proto == 0 ? "OPEN " : "",
|
sta->proto == 0 ? "OPEN " : "",
|
||||||
sta->proto & WPA_PROTO_WPA ? "WPA " : "",
|
sta->proto & WPA_PROTO_WPA ? "WPA " : "",
|
||||||
sta->proto & WPA_PROTO_RSN ? "WPA2 " : "",
|
sta->proto & WPA_PROTO_RSN ? "WPA2 " : "",
|
||||||
|
sta->proto & WPA_PROTO_OSEN ? "OSEN " : "",
|
||||||
sta->pairwise_cipher == 0 ? "N/A " : "",
|
sta->pairwise_cipher == 0 ? "N/A " : "",
|
||||||
sta->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
|
sta->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
|
||||||
sta->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
|
sta->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
|
||||||
@ -173,6 +191,7 @@ skip_rsn_wpa:
|
|||||||
"EAP-SHA256 " : "",
|
"EAP-SHA256 " : "",
|
||||||
sta->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
|
sta->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
|
||||||
"PSK-SHA256 " : "",
|
"PSK-SHA256 " : "",
|
||||||
|
sta->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
|
||||||
sta->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
|
sta->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
|
||||||
sta->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
|
sta->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
|
||||||
"NO_PAIRWISE " : "",
|
"NO_PAIRWISE " : "",
|
||||||
|
@ -61,6 +61,7 @@ struct wlantest_sta {
|
|||||||
} state;
|
} state;
|
||||||
u16 aid;
|
u16 aid;
|
||||||
u8 rsnie[257]; /* WPA/RSN IE */
|
u8 rsnie[257]; /* WPA/RSN IE */
|
||||||
|
u8 osenie[257]; /* OSEN IE */
|
||||||
int proto;
|
int proto;
|
||||||
int pairwise_cipher;
|
int pairwise_cipher;
|
||||||
int group_cipher;
|
int group_cipher;
|
||||||
@ -130,6 +131,7 @@ struct wlantest_bss {
|
|||||||
int parse_error_reported;
|
int parse_error_reported;
|
||||||
u8 wpaie[257];
|
u8 wpaie[257];
|
||||||
u8 rsnie[257];
|
u8 rsnie[257];
|
||||||
|
u8 osenie[257];
|
||||||
int proto;
|
int proto;
|
||||||
int pairwise_cipher;
|
int pairwise_cipher;
|
||||||
int group_cipher;
|
int group_cipher;
|
||||||
|
Loading…
Reference in New Issue
Block a user