Commit Graph

261 Commits

Author SHA1 Message Date
Jouni Malinen
5420bcf477 wlantest: Remove unnecessary duplication of tk_len from STA entries
The length of the TK is available within struct wpa_ptk, so there is no
need to try to maintain it separately in wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 12:54:45 +02:00
Jouni Malinen
4158b80eef wlantest: Do not update RSC on replays
This changes wlantest behavior to mark CCMP/TKIP replays for more cases
in case a device is resetting its TSC. Previously, the RSC check got
cleared on the first marked replay and the following packets were not
marked as replays if they continued incrementing the PN even if that PN
was below the highest value received with this key at some point in the
past.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 13:11:36 +03:00
Jouni Malinen
e45f2e8ad5 wlantest: Add support for decrypting 4-address Data frames
This covers the case where 4-address Data frames are exchanged between
an AP and an associated station.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-06 12:15:30 +03:00
Jouni Malinen
4cada9dcc1 FILS: Add DHss into FILS-Key-Data derivation when using FILS SK+PFS
This part is missing from IEEE Std 802.11ai-2016, but the lack of DHss
here means there would not be proper PFS for the case where PMKSA
caching is used with FILS SK+PFS authentication. This was not really the
intent of the FILS design and that issue was fixed during REVmd work
with the changes proposed in
https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx
that add DHss into FILS-Key-Data (and PTK, in practice) derivation for
the PMKSA caching case so that a unique ICK, KEK, and TK are derived
even when using the same PMK.

Note: This is not backwards compatible, i.e., this breaks PMKSA caching
with FILS SK+PFS if only STA or AP side implementation is updated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-13 22:17:58 +03:00
Jouni Malinen
c72df3c67c wlantest: FILS keys and (Re)Association Request/Response frames
Try to derive PTK when FILS shared key authentication is used without
PFS. The list of available PMKs is interpreted as rMSK for this purpose
and PMK and PTK is derived from that. If the resulting PTK (KEK) can be
used to decrypt the encrypted parts of (Re)Association Request/Response
frames, mark the PTK as derived so that encrypted frames during the
association can be decrypted. In addition, write a decrypted version of
the (Re)Association Request/Response frames into the output file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 19:05:16 +03:00
Jouni Malinen
6c29d95a90 wlantest: Support variable length PMK
This is needed to be able to handle key derivation for FILS
authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 19:05:15 +03:00
Jouni Malinen
4675ba1d67 wlantest: Build helper files with FILS support included
wlantest needs this for being able to decrypt FILS (Re)Association
Request/Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 18:59:41 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
dd4722df9b wlantest: Fix pcapng writer to include decrypted EAPOL-Key Key Data
This was only written to pcapng files if both pcap and pcapng writing
was requested. Fix this for the case where only a pcapng file is being
written.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-26 21:13:21 +03:00
Jouni Malinen
faf0fef1dc wlantest: Fix EAPOL-Key Key Data padding removal
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:19 +03:00
Jouni Malinen
f58afccddd wlantest: Add initial support for FT-EAP decryption
Add second half of MSK as XXKey for FT-EAP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:17 +03:00
Jouni Malinen
19e7ddf7fb wlantest: Fix EAPOL buffer length with variable MIC length
struct wpa_eapol_key does not include the MIC field anymore, so need to
add it explicitly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:10 +03:00
Johannes Berg
a1f11e34c4 Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.

The mechanical conversions all over the code were done with
the following spatch:

    @@
    expression SIZE, SRC;
    expression a;
    @@
    -a = os_malloc(SIZE);
    +a = os_memdup(SRC, SIZE);
    <...
    if (!a) {...}
    ...>
    -os_memcpy(a, SRC, SIZE);

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:19:10 +02:00
Jouni Malinen
95de34a10a Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:31:42 +02:00
Jouni Malinen
555ff857dd wlantest: Recognize EAPOL-Key frames without MIC bit for FILS
The new AEAD AKM option in FILS sets the MIC bit in EAPOL-Key frames to
0 for some ciphers, so the determination of EAPOL-Key frame types needs
changes to work with these cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
6d014ffc6e Make struct wpa_eapol_key easier to use with variable length MIC
Suite B 192-bit addition from IEEE Std 802.11ac-2013 replaced the
previous fixed length Key MIC field with a variable length field. That
change was addressed with an addition of a new struct defined for the
second MIC length. This is not really scalable and with FILS coming up
with a zero-length MIC case for AEAD, a more thorough change to support
variable length MIC is needed.

Remove the Key MIC and Key Data Length fields from the struct
wpa_eapol_key and find their location based on the MIC length
information (which is determined by the AKMP). This change allows the
separate struct wpa_eapol_key_192 to be removed since struct
wpa_eapol_key will now include only the fixed length fields that are
shared with all EAPOL-Key cases in IEEE Std 802.11.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
e2991ee580 Move CRC-32 routine from wlantest to src/utils
This allows the CRC-32 routine to be shared for other purposes in
addition to the WEP/TKIP/FCS within wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-09 17:13:23 +03:00
Jouni Malinen
0df12cbddc IEEE P802.11ah/D10.0 PV1 CCMP test vectors
Extend wlantest test_vectors to calculate test vectors for P802.11ah
Annex J.6.4.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-23 17:49:33 +03:00
Jouni Malinen
6d07e76020 wlantest: Use local ETH_P_IP define instead of linux/if_ether.h
There is no strong need for pulling in linux/if_ether.h here since all
that is needed if ETH_P_IP and we already cover multiple other ETH_P_*
values in utils/common.h.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:35:30 +02:00
Jouni Malinen
9231c2476f wlantest: Fix bip_protect() memory allocation
The addition operator is of higher precedence than the ternary
conditional and the construction here needs to use parentheses to
calculate the buffer length properly when generating test frames with
BIP protection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-14 18:42:46 +02:00
Jouni Malinen
e929eb39d6 wlantest: Add -N command line argument to remove write buffering
This makes it easier to do live parsing of captured pcap files from
wlantest without having to rename and restart the capture file. Packet
writes are flushed to disk after each packet if -N is included in the
command line.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-27 00:10:53 +02:00
Jouni Malinen
3fb62bdae9 wlantest: Add support for FT-PSK initial association key derivation
This adds minimal support for deriving keys for FT-PSK to allow the
initial mobility domain association to be analyzed in more detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-06 20:47:25 +03:00
Jouni Malinen
7d2736795a wlantest: Fix a copy-paste error in a debug message
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 13:44:42 +03:00
Mikael Kanstrup
8b423edbd3 Declare all read only data structures as const
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2015-04-25 17:33:06 +03:00
Jouni Malinen
b39a05913a Simplify Timeout Interval element parsing
Remove the length field from struct ieee802_11_elems since the only
allowed element length is five and that is checked by the parser.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
d4c4ec9240 wlantest: Verify FTIE length before checking MIC
tdls_verify_mic() and tdls_verify_mic_teardown() could have tried to
read the 16-octet FTIE MIC when processing a TDLS frame even if the
received FTIE is truncated. At least in theory, this could result in
reading couple of octets beyond the frame buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 11:44:19 +03:00
Jouni Malinen
762a0bfb01 wlantest: Fix Beacon and Probe Response frame parser
These functions did not verify that the received frame is long enough to
contain the beginning of the variable length IE area. A truncated frame
could have caused a segmentation fault due to reading beyond the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 11:44:19 +03:00
Jouni Malinen
5e3b5197cc Add Suite B 192-bit AKM
WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into
use as the key management method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:52 +02:00
Jouni Malinen
98cd3d1c3b Preparations for variable length KCK and KEK
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:49 +02:00
Jouni Malinen
0e1aa64dba wlantest: Extend BIP validation to support GMAC-128 and GMAC-256
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-24 19:37:42 +02:00
Jouni Malinen
cd3b5cc079 wlantest: New mgmt_group_cipher values for BSS info and debug log
This adds BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 to info_bss
command and debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-24 19:37:42 +02:00
Jouni Malinen
cb80fadaa7 wlantest: Extend BIP support to cover BIP-CMAC-256
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-24 19:37:42 +02:00
Jouni Malinen
010fa245bd Add QUIET=1 option for make
This can be used to reduce verbosity for build messages.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 15:49:05 +02:00
Jouni Malinen
a193231dfb Clean up debug prints to use wpa_printf()
This converts most of the remaining perror() and printf() calls from
hostapd and wpa_supplicant to use wpa_printf().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-26 13:20:57 +02:00
Jouni Malinen
929a2ea5df Suite B: Select EAPOL-Key integrity and key-wrap algorithms based on AKM
This adds support for AKM 00-0F-AC:11 to specify the integrity and
key-wrap algorithms for EAPOL-Key frames using the new design where
descriptor version is set to 0 and algorithms are determined based on
AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 17:09:11 +02:00
Jouni Malinen
666497c8e6 Suite B: Add AKM 00-0F-AC:11
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 13:20:51 +02:00
Jouni Malinen
eefec1e40b AES: Extend key wrap design to support longer AES keys
This adds kek_len argument to aes_wrap() and aes_unwrap() functions and
allows AES to be initialized with 192 and 256 bit KEK in addition to
the previously supported 128 bit KEK.

The test vectors in test-aes.c are extended to cover all the test
vectors from RFC 3394.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-07 14:57:06 +03:00
Ashok Kumar Ponnaiah
eb2223e0ec wlantest: Add decryption of CCMP-256, GCMP, GCMP-256
This extends wlantest support for decrypting the new cipher suites.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Ashok Kumar Ponnaiah
3a3cb8ee81 wlantest: Indicate if a TKIP/CCMP replay has Retry=1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Ashok Kumar Ponnaiah
fa6fff1893 wlantest: Recognize CCMP-256, GCMP, and GCMP-256 ciphers
This adds support for displaying whether a BSS or STA is using one of
the newer cipher suites.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Jouni Malinen
f6ff5160f0 wlantest: Add support for OSEN
This allows Hotspot 2.0 OSEN connection to be analyzed more
conveniently. The frames from an OSEN association can now be decrypted
using an MSK file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 16:56:59 +03:00
Johannes Berg
30476e4fe7 wlantest: Tag and ignore generated packets
Rather than ignoring packets with a minimal 8-byte radiotap
header, which may occur elsewhere, tag generated (decrypted)
packets with an empty vendor namespace tag and ignore those.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-04-13 23:54:25 +03:00
Johannes Berg
bacb984b2d radiotap: Update radiotap parser to library version
Update the radiotap parser to the latest version of the
http://git.sipsolutions.net/radiotap.git/ library to get
parsing for vendor namespaces.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-04-13 23:49:59 +03:00
Jouni Malinen
0187c41d88 Declare wpa_debug_* variables in src/utils/wpa_debug.h
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:29:52 +02:00
Jouni Malinen
ae98e1f5b2 wlantest: Add a BSS probe_response counter
This can be used to verify whether an AP replies to a Probe Request
frame.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 13:37:06 +02:00
Jouni Malinen
99d7c1dedf wlantest: Add per-TID RX/TX counters
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 20:21:27 +02:00
Johannes Berg
594516b4c2 Use monotonic clock for relative time for eloop if available
Relative time shouldn't be calculated based on gettimeofday
because that clock can jump (e.g., when the time is adjusted
by the system administrator.)

On systems where that is available, use CLOCK_BOOTTIME (on
fairly recent Linux systems, this clock takes into account
the time spend suspended) or CLOCK_MONOTONIC (on Linux and
some POSIX systems, this clock is just freely running with
no adjustments.)

Reported-by: Holger Schurig <holgerschurig@gmail.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-11-20 23:52:56 +02:00
Jouni Malinen
c41e1d7cac wlantest: Add more pcapng notes on EAPOL processing
Some of the MIC validation steps were not logged in the pcapng notes.
Add these to make the entries more consistent and to provide more
information to ease debugging.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 23:43:11 +02:00
Jouni Malinen
a0530dff5b wlantest: Allow additional PTKs to be specified from a file
A text file with a hexdump of PTK (KCK|KEK=TK with 48 octets for CCMP or
64 octets for TKIP or alternative 16 or 32 octet TK for CCMP/TKIP) can
now be read from a file specified with the -T command line argument. If
the current known PTK fails to decrypt a frame (or if no current PTK is
known) all listed PTKs are iterated to see if any of them matches.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 23:09:38 +02:00
Jouni Malinen
de8bb171f6 wlantest: Add support for debug log timestamps
The new command line argument -t can now be used to request wlantest to
include a timestamp in the log entries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 21:45:32 +02:00
Jouni Malinen
d33fef57a4 wlantest: Add support for log output into a file
This allows wlantest debug log output to be directed to a file so that
RELOG command can be used to rotate files more easily than stdout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 21:40:17 +02:00
Jouni Malinen
c99a721e5b wlantest: Add RELOG command to reopen log/capture files
This can be used similarly to the wpa_supplicant RELOG command to
rotate log and capture files.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 21:39:22 +02:00
Jouni Malinen
0e91337d54 Validate P802.11ac test vector result
Verify the expected value against P802.11ac/D7.0 CCMP-256, GCMP-256,
BIP-GMAC-128, and BIP-GMAC-256 test vectors.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 20:55:38 +02:00
Jouni Malinen
84a65fd6a3 Extend GCMP test vectors to include both MPDUs
IEEE Std 802.11ad-2012 includes two test vectors for GCMP. Verify both
of those and also verify that the results match the values in the
standard instead of just verifying that decrypted frame matches
original.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 20:34:01 +02:00
Jouni Malinen
e7ecab4a3b Use ARRAY_SIZE() macro
Replace the common sizeof(a)/sizeof(a[0]) constructions with a more
readable version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 17:49:05 +03:00
Johannes Berg
de36e348f9 wlantest: Always write radiotap pcap-ng
When writing pcap-ng files, always include a radiotap
header even if there wasn't one in the input. For now
just drop prism headers, I don't have any to test.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-06-22 13:17:14 +03:00
Jouni Malinen
3b5a1a7769 wlantest: Recognize hwsim_test packets
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-26 22:19:52 +03:00
Jouni Malinen
ace4e460e5 wlantest: Select correct TDLS context if multiple exists
Some corner cases may result in both directions of TDLS tracking context
existing. If that is the case, the incorrect one may end up getting
picked when figuring out which TK to use for decryption or fix
statistics counter to increment. Fix this by preferring the context that
has TDLS link up.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-26 22:14:00 +03:00
Jouni Malinen
4ac800db82 wlantest: Track TDLS setup nonces
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-26 22:14:00 +03:00
Jouni Malinen
e4d99217f7 wlantest: Use add_note() to annotate frames
This adds debug information from wlantest into pcapng frame comments to
make the information more convenient to use, e.g., in Wireshark.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-26 22:14:00 +03:00
Jouni Malinen
ba2beacc97 wlantest: Add support for writing pcapng files
The new -n<file> command line argument can be used to request wlantest
to write all read or captured frames into a pcapng file. This is similar
to the -w argument, but with pcapng allowing per-frame comments to be
embedded in the file.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-26 20:58:42 +03:00
Chaitanya T K
409cd147b7 wlantest: Fix the injection of protected broadcast frames
Injecting protected broadcast frames fails because of the unnecessary
null check for sta. In case of broadcast frames sta can be null, so
remove the check.

Reported-by: Janardhan R <janardhanr@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
2013-05-04 11:36:28 +03:00
Jouni Malinen
f2f66ad7e8 wlantest: Fix CCMP-256 cipher
TK was incorrectly truncated in a way that resulted in CCMP (128-bit
key) encryption being used in practice.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-05 22:18:25 +03:00
Jouni Malinen
ce26864e79 wlantest: Get rid of compiler warning
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-29 21:24:10 +02:00
Jouni Malinen
8cb9bc19fb wlantest: Add wlantest_cli command add_wep
This can be used to configure a known WEP key for decrypting WEP frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-29 19:12:35 +02:00
Jouni Malinen
0321bcdfa8 wlantest: Add radiotap header when re-writing DLT_IEEE802_11 file
When using DLT_IEEE802_11 datalink type in a pcap file, wlantest will now
add a radiotap header to the re-written pcap file to make sure all frames
in the output file will include the radiotap header.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-17 16:31:19 +02:00
Jouni Malinen
2531517600 wlantest: Add -F option for assuming FCS is included
When using DLT_IEEE802_11 datalink type in a pcap file, wlantest can now
be instructed to assume there is an FCS included in the frame by adding
the new -F command line argument. This will make wlantest validate the
FCS and strip it from the frame before processing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-17 12:55:30 +02:00
Jouni Malinen
44f6d554ee wlantest: Process TX status frames as RX frames too
This is needed to allow capture files from the mac80211 cooked monitor
mode interface to be processed properly. Without this, the locally
generated frames may not get processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 12:35:07 +02:00
Jouni Malinen
e88f0901eb wlantest: Add BIP-GMAC-128/256 test vectors
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 19:04:53 +03:00
Jouni Malinen
7d19d3e9db wlantest: Add CCMP-256 test vector
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 18:38:18 +03:00
Jouni Malinen
4bf3910574 Move AES-CCM implementation into src/crypto
This is a generic AES CCM implementation that can be used for other
purposes than just implementing CCMP, so it fits better in a separate
file in src/crypto.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 18:07:19 +03:00
Jouni Malinen
05d6054cec wlantest: Move generic AES-CCM into separate functions
This part of the implementation is not specific to CCMP and could be
used for other purposes, too.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 18:03:31 +03:00
Jouni Malinen
f173295600 wlantest: Add GCMP-256 test vector
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 14:01:22 +03:00
Jouni Malinen
d140db6adf Add support for using 192-bit and 256-bit keys with AES-GCM
This adds 192-bit and 256-bit key support to the internal AES
implementation and extends the AES-GCM functions to accept key length to
enable longer AES key use.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 13:30:51 +03:00
Jouni Malinen
af0963fab4 Support arbitrary IV length with AES-GCM
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 00:49:54 +03:00
Jouni Malinen
1cd7a5032a Move AES-GCM implementation into src/crypto
This is a generic AES GCM and GMAC implementation that can be used for
other purposes than just implementing GCMP, so it fits better in a
separate file in src/crypto.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 23:48:08 +03:00
Jouni Malinen
be87d3c345 wlantest: Allow GHASH update calls to avoid extra allocation
There is no need to allocate a temporary buffer and build GHASH input
data into it. Instead, ghash() is trivial to split into update part that
can be called separately for each segment.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 23:40:06 +03:00
Jouni Malinen
b4a5fcb286 wlantest: Remove CCMP specific AAD handling from GCMP
GCMP encodes length of AAD differently, so remove the unnecessary
code that got copied from the CCMP implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 22:10:05 +03:00
Jouni Malinen
37c8fe2e3b wlantest: Move GCM-AE and GCM-AD into separate functions
This splits the more generic GCM operations from GCMP specific
implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 22:08:00 +03:00
Jouni Malinen
455bcc0f5c wlantest: Add GCMP implementation and test vectors from P802.11ad/D9.0
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 20:00:54 +03:00
Jouni Malinen
5a652e71b0 wlantest: Check TKIP/CCMP decryption routines for test vectors
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 17:08:53 +03:00
Jouni Malinen
7d68241d3e wlantest: Add IEEE Std 802.11-2012, M.9.1 BIP test vector
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 17:08:53 +03:00
Jouni Malinen
a9eae7efe3 wlantest: Move BIP function into a separate function and file
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 17:08:53 +03:00
Jouni Malinen
6522984086 wlantest: Add IEEE Std 802.11-2012, M.9.2 CCMP (mgmt) test vector
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 16:44:37 +03:00
Jouni Malinen
3ae8968679 wlantest: Add program for generating IEEE 802.11 test vectors
This version can generate CCMP and TKIP test vectors that match with
the IEEE Std 802.11-2012, Annex M.6.3 and M.6.4.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 16:44:37 +03:00
Jouni Malinen
729f02e149 wlantest: Implement tkip_encrypt()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 14:03:10 +03:00
Jouni Malinen
add11058e2 wlantest: Fix couple of compiler warnings
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-22 11:16:48 +03:00
Jouni Malinen
f9884c096a Convert os_zalloc() for an array to use os_calloc()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 20:44:21 +03:00
Janusz Dziedzic
2d2398a11f edit: Add support for setting prompt string
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:46:34 +03:00
Jouni Malinen
c81defea87 wlantest: Update STA info based on WPA/RSN IE in EAPOL-Key 2/4
The WPA/RSN IE in EAPOL-Key 2/4 is more reliable than the one in
(Re)Association Request frame. Update the STA info base don the
EAPOL-Key frame so that the correct cipher information is used
even if the (Re)Association Request frame is missing or corrupted
in the capture.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-21 16:19:00 -07:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
fd848ab9e3 wlantest: Store last received GTK for each STA
This allows info_sta command to be used to fetch the last received GTK
separately for each STA.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 16:59:25 +02:00
Jouni Malinen
3c56f0e275 wlantest: Fix EAPOL-Key Key Data decryption for rekey case
KEK from TPTK needs to be used instead of from PTK when processing
rekeying case similarly to what was already done with KCK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 16:39:17 +02:00
Jouni Malinen
219fd441fd wlantest: Allow MSK/PMK list to be read from a text file
A text file with MSK/PMK entries (one key per line in hexdump format)
can be read into wlantest (-f<path to file>) to initialize list of
known PMKs.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-09 00:12:27 +02:00
Jouni Malinen
d0b251d2e8 wlantest: Fix handling of PTK rekeying
Use a temporary PTK buffer during 4-way handshake when rekeying PTK
so that the new EAPOL-Key frame MIC values are checked against the
new PTK and frames are decrypted using the old PTK. Take the new
PTK into use once msg 4/4 is processed and clear RSC counters at
that point (including moving of RSC update to avoid setting RSC
based on the msg 4/4).

In addition, add a workaround to handle supplicant implementations that
set Secure bit to one during PTK rekeying 4-way handshake in msg 2/4.
This was previously assumed to be msg 4/4, but the key data contents
can be used to figure out whether this is msg 2/4 even if the Secure
bit is set to one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-14 22:36:02 +02:00
Jouni Malinen
62f05ce9c5 wlantest: Add STA counters for disconnect reason 6/7 RX
These can be useful in tests involving association state mismatch
between the AP and the STA (i.e., STA assumes it is still associated
but the AP does not have association state). In such a case, the AP
would be sending out unprotected Deauthentication or Disassociation
frames with reason code 6 or 7 depending on what frame is triggering
this.
2011-10-26 00:06:06 +03:00
Jouni Malinen
6908d459e2 wlantest: Verify that comeback assoc resp includes correct type
The Timeout Interval element needs to use Association Comeback time
for the case when (Re)Association Response frame uses Status Code 30.
Verify this before incrementing the (re)assocresp_comeback counters.
2011-09-20 20:13:18 +03:00
Jouni Malinen
02b915f689 wlantest: Allow injection of unprotected frames to unknown BSS 2011-08-28 19:19:38 +03:00
Jouni Malinen
6ca4da6518 wlantest: Use source address of TDLS Setup Confirm failure for matching
This is needed to be able to find the correct TDLS entry for the
frame regardless of whether a FromDS or ToDS frame is being processed.
2011-03-14 21:35:40 +02:00
Jouni Malinen
39c147261e wlantest: Fix source address for FromDS frames 2011-03-14 21:35:14 +02:00