Add testing functionality for resetting PN/IPN for configured keys

This can be used to test replay protection. The "RESET_PN" command in wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local counters to zero for the last configured key. For hostapd, the address parameter specifies which STA this operation is for or selects GTK ("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK"). This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-14 13:41:08 +03:00 · 2017-10-14 13:41:08 +03:00 · 16579769ff
commit 16579769ff
parent b74f82a4f8
8 changed files with 184 additions and 0 deletions
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@ -304,6 +304,18 @@ struct hostapd_data {
 	unsigned int ext_eapol_frame_io:1;

 	struct l2_packet_data *l2_test;
+
+	enum wpa_alg last_gtk_alg;
+	int last_gtk_key_idx;
+	u8 last_gtk[WPA_GTK_MAX_LEN];
+	size_t last_gtk_len;
+
+#ifdef CONFIG_IEEE80211W
+	enum wpa_alg last_igtk_alg;
+	int last_igtk_key_idx;
+	u8 last_igtk[WPA_IGTK_MAX_LEN];
+	size_t last_igtk_len;
+#endif /* CONFIG_IEEE80211W */
 #endif /* CONFIG_TESTING_OPTIONS */

 #ifdef CONFIG_MBO
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@ -250,6 +250,13 @@ struct sta_info {
 	struct crypto_ecdh *owe_ecdh;
 	u16 owe_group;
 #endif /* CONFIG_OWE */
+
+#ifdef CONFIG_TESTING_OPTIONS
+	enum wpa_alg last_tk_alg;
+	int last_tk_key_idx;
+	u8 last_tk[WPA_TK_MAX_LEN];
+	size_t last_tk_len;
+#endif /* CONFIG_TESTING_OPTIONS */
 };


--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@ -349,6 +349,37 @@ static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
 			return -1;
 	}

+#ifdef CONFIG_TESTING_OPTIONS
+	if (addr && !is_broadcast_ether_addr(addr)) {
+		struct sta_info *sta;
+
+		sta = ap_get_sta(hapd, addr);
+		if (sta) {
+			sta->last_tk_alg = alg;
+			sta->last_tk_key_idx = idx;
+			if (key)
+				os_memcpy(sta->last_tk, key, key_len);
+			sta->last_tk_len = key_len;
+		}
+#ifdef CONFIG_IEEE80211W
+	} else if (alg == WPA_CIPHER_AES_128_CMAC ||
+		   alg == WPA_CIPHER_BIP_GMAC_128 ||
+		   alg == WPA_CIPHER_BIP_GMAC_256 ||
+		   alg == WPA_CIPHER_BIP_CMAC_256) {
+		hapd->last_igtk_alg = alg;
+		hapd->last_igtk_key_idx = idx;
+		if (key)
+			os_memcpy(hapd->last_igtk, key, key_len);
+		hapd->last_igtk_len = key_len;
+#endif /* CONFIG_IEEE80211W */
+	} else {
+		hapd->last_gtk_alg = alg;
+		hapd->last_gtk_key_idx = idx;
+		if (key)
+			os_memcpy(hapd->last_gtk, key, key_len);
+		hapd->last_gtk_len = key_len;
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
 	return hostapd_drv_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
 				   key, key_len);
 }