Commit Graph

239 Commits

Author SHA1 Message Date
Jouni Malinen
866c3acb8c wlantest: Do not report decryption failures for WEP keys if no keys
If no WEP keys are available, there is not going to be an attempt to
decrypt the frame, so don't claim decryption failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-03 23:56:10 +03:00
Jouni Malinen
08ac6f807d wlantest: Update PTK after rekeying even if EAPOL-Key msg 4/4 is missing
Update TPTK to PTK if a valid EAPOL-Key msg 2/4 and 3/4 are available,
but 4/4 is missing. This avoids certain cases where the new TK could be
derived, but it was not being used to try to decrypt following encrypted
frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-01 18:46:14 +03:00
Jouni Malinen
0dc58cfa95 wlantest: Do not report decryption keys when checking only zero TK
All the "Failed to decrypt frame" debug prints were confusing since
those were not supposed to be shown unless there were one or more real
TKs available. The recently added check for zero TK added these notes
for that case which is not really correct, so get rid of them.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-01 18:30:33 +03:00
Jouni Malinen
8e467e3cf4 wlantest: Check for zero TK even when the real PTK is not known
This makes it easier to analyze certain encryption issues. Also print
out an error at the default INFO debug verbosity with the frame number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-23 17:58:43 +02:00
Alexander Wetzel
6ea7a152c6 wlantest: Basic Extended Key ID support
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-16 00:07:20 +02:00
Jouni Malinen
a8d2ca9e23 wlantest: Do not report PMF failure without BSS supporting PMF
Previously, missing CCMP protection on Robust Management frames was
reported based on the STA having indicated MFPC=1. That is not accurate
since the AP/BSS may have MFPC=0. Report this failure only if both the
AP and STA have indicated MFPC=1, i.e., when PMF has been negotiated for
the association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-14 18:20:31 +02:00
Jouni Malinen
80d4122159 wlantest: Detect and report plaintext payload in protected frames
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-14 17:36:41 +02:00
Jouni Malinen
f5f7286ba5 wlantest: Try to decrypt frame with zero TK
If none of the known PTKs have a working TK, check whether an encrypted
frame is encrypted with all zeros TK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 23:18:59 +02:00
Jouni Malinen
f5849f1c7c wlantest: Add more notes about decryption into pcapng
Note the used TK/GTK and KeyID in frame notes when writing decrypted
frames to a PCAPNG file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 01:30:00 +02:00
Jouni Malinen
0e3e3a9ab5 wlantest: Update BSS IEs based on EAPOL-Key msg 3/4
If no Beacon or Probe Response frame has been seen in the capture, use
the IEs from EAPOL-Key msg 3/4 to set up BSS information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 00:51:07 +02:00
Jouni Malinen
a8a277c169 wlantest: Get STA IEs based on EAPOL-Key msg 2/4 before PTK derivation
The previous implementation tried to update STA IE information based on
EAPOL-Key msg 2/4 to be able to handle captures that do not include the
(Re)Association Request frame. This was not sufficient (OSEN was not
included) and was done too late (the parsed information is needed for
PMK-to-PTK derivation).

Move the IE update step to happen before trying to derive the PTK if no
(Re)Association Request frame has been seen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 00:35:23 +02:00
Jouni Malinen
faf6894f35 wlantest: BIGTK fetching and Beacon protection validation
Fetch the BIGTK from EAPOL-Key msg 3/4 and use it to validate MME in
Beacon frames when the AP uses Beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-21 19:41:36 +02:00
Jouni Malinen
9a0edf1700 wlantest: Add PTK derivation support with SAE, OWE, DPP
wlantest build did not define build options to determine key management
values for SAE, OWE, and DPP. Add those and the needed SHA512 functions
to be able to decrypt sniffer captures with PMK available from an
external source.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-10 21:58:10 +02:00
Roy Marples
a8b00423ea BSD: Use struct ip rather than struct iphdr
As we define __FAVOR_BSD use the BSD IP header.
Compile tested on NetBSD, DragonFlyBSD, and Linux.

Signed-off-by: Roy Marples <roy@marples.name>
2020-01-02 19:17:10 +02:00
Jouni Malinen
420989085d wlantest: Ethernet interface capture
Allow option (command line argument -e) to capture Ethernet headers
instead of IEEE 802.11 so that wlantest can be used as a replacement for
tcpdump/dumpcap for capturing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-12-27 23:16:45 +02:00
Jouni Malinen
722c7d1958 wlantest: Process VLAN tagged Data frames
This allows Data frames to be fully processed for the case where VLAN
tags are used on the wireless link.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-20 23:54:05 +03:00
Jouni Malinen
7d2ed8bae8 Remove CONFIG_IEEE80211W build parameter
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-09-08 17:33:40 +03:00
Jouni Malinen
c38c62ff78 wlantest: Derive PMK-R1 and PTK for FT protocol cases
Track PMK-R0/PMK-R0-Name from the initial mobility domain association
and derive PMK-R1/PTK when the station uses FT protocol. This allows
frames from additional roaming cases to be decrypted.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-22 22:14:47 +03:00
Jouni Malinen
b3c43c3c24 wlantest: Allow duplicate frame processing after decryption failure
If a sniffer capture does not include FCS for each frame, but may
included frames with invalid FCS, it would be possible for wlantest to
try to decrypt the first received frame and fail (e.g., due to CCMP MIC
mismatch) because that particular frame was corrupted and then ignore
the following retry of that frame as a duplicate even if that retry has
different payload (e.g., if its reception did not show corruption).

Work around this by skipping duplicate frame detection immediately
following a decryption failure.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-12 22:27:34 +03:00
Jouni Malinen
ecacd9ccd4 DPP2: Extend wpa_pmk_to_ptk() to support extra Z.x component in context
DPP allows Diffie-Hellman exchange to be used for PFS in PTK derivation.
This requires an additional Z.x (x coordinate of the DH shared secret)
to be passed to wpa_pmk_to_ptk(). This commit adds that to the function
and updates all the callers to pass NULL,0 for that part in preparation
of the DPP specific changes to start using this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 01:31:31 +02:00
Lubomir Rintel
5644f0ce3a tests: Remove CONFIG_PEERKEY
The functionality has been removed in commit a0bf1b68c0 ('Remove all
PeerKey functionality').

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2019-02-25 19:48:49 +02:00
Mathy Vanhoef
dce9621880 OCV: Add wlantest support for indicating OCV
Add wlantest parsing of the OCV RSN cpability flag.

Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-12-17 00:02:14 +02:00
Jouni Malinen
9a33737a0b FT: FTE parsing for SHA384-based AKM
The MIC field is now a variable length field, so make the FTE parser
aware of the two different field lengths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
994eac7e61 FT: PMK-R0 derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
a3e18dbb6a FT: Support variable length keys
This is a step in adding support for SHA384-based FT AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00
Jouni Malinen
97302b39dc wlantest: Try harder to find a STA entry with PTK for 4-address frames
Commit aab6612836 ('wlantest: Search
bss/sta entry more thoroughly for 4-address frames') allowed wlantest to
find a STA entry in this type of cases, but it was still possible for
that STA entry to be the one that has no derived PTK while the STA entry
for the other side of the link might have the derived PTK available.

Extend this BSS/STA selection mechanism to use sta->ptk_set to determine
which STA entry is more useful for decryption, i.e., select the one with
a known PTK.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-08 21:54:40 +02:00
Jouni Malinen
aab6612836 wlantest: Search bss/sta entry more thoroughly for 4-address frames
Previous design worked for the case where only one of the devices was
beaconing, but failed in one direction to find the PTK if both devices
beaconed. Fix this by checking the A1/A2 fields in both directions if
the first pick fails to find the sta entry.

In addition, select the proper rsc value (rsc_tods vs. rsc_fromds) based
on A2 (TA) value for ToDS+FromDS frames to avoid reporting incorrect
replay issues.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-15 02:12:20 +02:00
Jouni Malinen
878723b920 wlantest: Do not ignore RSN/WPA/OSEN element before full BSS info
wlantest used to ignore RSN/WPA/OSEN element in (Re)Association Request
frame if no Beacon frame had been seen from the AP before the
association exchange. This could result in not being able to derive keys
properly. Work around this by skipping that step if the BSS entry is not
yet complete.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 12:55:48 +02:00
Jouni Malinen
5420bcf477 wlantest: Remove unnecessary duplication of tk_len from STA entries
The length of the TK is available within struct wpa_ptk, so there is no
need to try to maintain it separately in wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 12:54:45 +02:00
Jouni Malinen
4158b80eef wlantest: Do not update RSC on replays
This changes wlantest behavior to mark CCMP/TKIP replays for more cases
in case a device is resetting its TSC. Previously, the RSC check got
cleared on the first marked replay and the following packets were not
marked as replays if they continued incrementing the PN even if that PN
was below the highest value received with this key at some point in the
past.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 13:11:36 +03:00
Jouni Malinen
e45f2e8ad5 wlantest: Add support for decrypting 4-address Data frames
This covers the case where 4-address Data frames are exchanged between
an AP and an associated station.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-06 12:15:30 +03:00
Jouni Malinen
4cada9dcc1 FILS: Add DHss into FILS-Key-Data derivation when using FILS SK+PFS
This part is missing from IEEE Std 802.11ai-2016, but the lack of DHss
here means there would not be proper PFS for the case where PMKSA
caching is used with FILS SK+PFS authentication. This was not really the
intent of the FILS design and that issue was fixed during REVmd work
with the changes proposed in
https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx
that add DHss into FILS-Key-Data (and PTK, in practice) derivation for
the PMKSA caching case so that a unique ICK, KEK, and TK are derived
even when using the same PMK.

Note: This is not backwards compatible, i.e., this breaks PMKSA caching
with FILS SK+PFS if only STA or AP side implementation is updated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-13 22:17:58 +03:00
Jouni Malinen
c72df3c67c wlantest: FILS keys and (Re)Association Request/Response frames
Try to derive PTK when FILS shared key authentication is used without
PFS. The list of available PMKs is interpreted as rMSK for this purpose
and PMK and PTK is derived from that. If the resulting PTK (KEK) can be
used to decrypt the encrypted parts of (Re)Association Request/Response
frames, mark the PTK as derived so that encrypted frames during the
association can be decrypted. In addition, write a decrypted version of
the (Re)Association Request/Response frames into the output file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 19:05:16 +03:00
Jouni Malinen
6c29d95a90 wlantest: Support variable length PMK
This is needed to be able to handle key derivation for FILS
authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 19:05:15 +03:00
Jouni Malinen
4675ba1d67 wlantest: Build helper files with FILS support included
wlantest needs this for being able to decrypt FILS (Re)Association
Request/Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 18:59:41 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
dd4722df9b wlantest: Fix pcapng writer to include decrypted EAPOL-Key Key Data
This was only written to pcapng files if both pcap and pcapng writing
was requested. Fix this for the case where only a pcapng file is being
written.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-26 21:13:21 +03:00
Jouni Malinen
faf0fef1dc wlantest: Fix EAPOL-Key Key Data padding removal
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:19 +03:00
Jouni Malinen
f58afccddd wlantest: Add initial support for FT-EAP decryption
Add second half of MSK as XXKey for FT-EAP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:17 +03:00
Jouni Malinen
19e7ddf7fb wlantest: Fix EAPOL buffer length with variable MIC length
struct wpa_eapol_key does not include the MIC field anymore, so need to
add it explicitly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:10 +03:00
Johannes Berg
a1f11e34c4 Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.

The mechanical conversions all over the code were done with
the following spatch:

    @@
    expression SIZE, SRC;
    expression a;
    @@
    -a = os_malloc(SIZE);
    +a = os_memdup(SRC, SIZE);
    <...
    if (!a) {...}
    ...>
    -os_memcpy(a, SRC, SIZE);

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:19:10 +02:00
Jouni Malinen
95de34a10a Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:31:42 +02:00
Jouni Malinen
555ff857dd wlantest: Recognize EAPOL-Key frames without MIC bit for FILS
The new AEAD AKM option in FILS sets the MIC bit in EAPOL-Key frames to
0 for some ciphers, so the determination of EAPOL-Key frame types needs
changes to work with these cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
6d014ffc6e Make struct wpa_eapol_key easier to use with variable length MIC
Suite B 192-bit addition from IEEE Std 802.11ac-2013 replaced the
previous fixed length Key MIC field with a variable length field. That
change was addressed with an addition of a new struct defined for the
second MIC length. This is not really scalable and with FILS coming up
with a zero-length MIC case for AEAD, a more thorough change to support
variable length MIC is needed.

Remove the Key MIC and Key Data Length fields from the struct
wpa_eapol_key and find their location based on the MIC length
information (which is determined by the AKMP). This change allows the
separate struct wpa_eapol_key_192 to be removed since struct
wpa_eapol_key will now include only the fixed length fields that are
shared with all EAPOL-Key cases in IEEE Std 802.11.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
e2991ee580 Move CRC-32 routine from wlantest to src/utils
This allows the CRC-32 routine to be shared for other purposes in
addition to the WEP/TKIP/FCS within wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-09 17:13:23 +03:00
Jouni Malinen
0df12cbddc IEEE P802.11ah/D10.0 PV1 CCMP test vectors
Extend wlantest test_vectors to calculate test vectors for P802.11ah
Annex J.6.4.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-23 17:49:33 +03:00
Jouni Malinen
6d07e76020 wlantest: Use local ETH_P_IP define instead of linux/if_ether.h
There is no strong need for pulling in linux/if_ether.h here since all
that is needed if ETH_P_IP and we already cover multiple other ETH_P_*
values in utils/common.h.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:35:30 +02:00
Jouni Malinen
9231c2476f wlantest: Fix bip_protect() memory allocation
The addition operator is of higher precedence than the ternary
conditional and the construction here needs to use parentheses to
calculate the buffer length properly when generating test frames with
BIP protection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-14 18:42:46 +02:00
Jouni Malinen
e929eb39d6 wlantest: Add -N command line argument to remove write buffering
This makes it easier to do live parsing of captured pcap files from
wlantest without having to rename and restart the capture file. Packet
writes are flushed to disk after each packet if -N is included in the
command line.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-27 00:10:53 +02:00
Jouni Malinen
3fb62bdae9 wlantest: Add support for FT-PSK initial association key derivation
This adds minimal support for deriving keys for FT-PSK to allow the
initial mobility domain association to be analyzed in more detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-06 20:47:25 +03:00