From 296104d35c2d42a2e17c93cb848e1d0639bfbcc5 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Wed, 24 Jul 2024 17:22:42 +0000 Subject: [PATCH] Testing functionality to allow EAPOL-Key Reserved field to be set The new hostapd configuration parameter eapol_key_reserved_random=1 can be used for testing STA/Supplicant functionality to accept a random value in the Reserved field within EAPOL-Key frames. Signed-off-by: Jouni Malinen --- hostapd/config_file.c | 2 ++ src/ap/ap_config.h | 1 + src/ap/wpa_auth.c | 5 +++++ src/ap/wpa_auth.h | 1 + src/ap/wpa_auth_glue.c | 1 + tests/hwsim/test_sae.py | 12 ++++++++++++ 6 files changed, 22 insertions(+) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index c5aa2dc36..96f1b1749 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -4613,6 +4613,8 @@ static int hostapd_config_fill(struct hostapd_config *conf, return 1; } else if (os_strcmp(buf, "eapol_m3_no_encrypt") == 0) { bss->eapol_m3_no_encrypt = atoi(pos); + } else if (os_strcmp(buf, "eapol_key_reserved_random") == 0) { + bss->eapol_key_reserved_random = atoi(pos); } else if (os_strcmp(buf, "test_assoc_comeback_type") == 0) { bss->test_assoc_comeback_type = atoi(pos); } else if (os_strcmp(buf, "presp_elements") == 0) { diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index cae2f97be..d42076785 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -725,6 +725,7 @@ struct hostapd_bss_config { struct wpabuf *eapol_m1_elements; struct wpabuf *eapol_m3_elements; bool eapol_m3_no_encrypt; + bool eapol_key_reserved_random; int test_assoc_comeback_type; struct wpabuf *presp_elements; diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 949441104..9837c9fa9 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2067,6 +2067,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, if (key_rsc) os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN); +#ifdef CONFIG_TESTING_OPTIONS + if (conf->eapol_key_reserved_random) + random_get_bytes(key->key_id, sizeof(key->key_id)); +#endif /* CONFIG_TESTING_OPTIONS */ + if (kde && !encr) { os_memcpy(key_data, kde, kde_len); WPA_PUT_BE16(key_mic + mic_len, kde_len); diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 39e3f0e1c..c3b2d4992 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -266,6 +266,7 @@ struct wpa_auth_config { struct wpabuf *eapol_m1_elements; struct wpabuf *eapol_m3_elements; bool eapol_m3_no_encrypt; + bool eapol_key_reserved_random; #endif /* CONFIG_TESTING_OPTIONS */ unsigned int oci_freq_override_eapol_m3; unsigned int oci_freq_override_eapol_g1; diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index b31ff75a4..13685b7c2 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -236,6 +236,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, if (conf->eapol_m3_elements) wconf->eapol_m3_elements = wpabuf_dup(conf->eapol_m3_elements); wconf->eapol_m3_no_encrypt = conf->eapol_m3_no_encrypt; + wconf->eapol_key_reserved_random = conf->eapol_key_reserved_random; #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_P2P os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4); diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py index 6f5751ffe..679db0e2d 100644 --- a/tests/hwsim/test_sae.py +++ b/tests/hwsim/test_sae.py @@ -3273,3 +3273,15 @@ def test_sae_ssid_protection(dev, apdev): if dev[0].get_status_field("ssid_verified") != "1": raise Exception("ssid_verified=1 not in STATUS") + +def test_sae_eapol_key_reserved_random(dev, apdev): + """SAE with EAPOL-Key Reserved field set to random value""" + check_sae_capab(dev[0]) + params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678") + params['wpa_key_mgmt'] = 'SAE' + params['eapol_key_reserved_random'] = '1' + hapd = hostapd.add_ap(apdev[0], params) + + dev[0].set("sae_groups", "") + dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE", + scan_freq="2412")