Testing functionality to allow EAPOL-Key Reserved field to be set

The new hostapd configuration parameter eapol_key_reserved_random=1 can
be used for testing STA/Supplicant functionality to accept a random
value in the Reserved field within EAPOL-Key frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Jouni Malinen 2024-07-24 17:22:42 +00:00 committed by Jouni Malinen
parent 2e4c612dd2
commit 296104d35c
6 changed files with 22 additions and 0 deletions

View file

@ -4613,6 +4613,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
return 1; return 1;
} else if (os_strcmp(buf, "eapol_m3_no_encrypt") == 0) { } else if (os_strcmp(buf, "eapol_m3_no_encrypt") == 0) {
bss->eapol_m3_no_encrypt = atoi(pos); bss->eapol_m3_no_encrypt = atoi(pos);
} else if (os_strcmp(buf, "eapol_key_reserved_random") == 0) {
bss->eapol_key_reserved_random = atoi(pos);
} else if (os_strcmp(buf, "test_assoc_comeback_type") == 0) { } else if (os_strcmp(buf, "test_assoc_comeback_type") == 0) {
bss->test_assoc_comeback_type = atoi(pos); bss->test_assoc_comeback_type = atoi(pos);
} else if (os_strcmp(buf, "presp_elements") == 0) { } else if (os_strcmp(buf, "presp_elements") == 0) {

View file

@ -725,6 +725,7 @@ struct hostapd_bss_config {
struct wpabuf *eapol_m1_elements; struct wpabuf *eapol_m1_elements;
struct wpabuf *eapol_m3_elements; struct wpabuf *eapol_m3_elements;
bool eapol_m3_no_encrypt; bool eapol_m3_no_encrypt;
bool eapol_key_reserved_random;
int test_assoc_comeback_type; int test_assoc_comeback_type;
struct wpabuf *presp_elements; struct wpabuf *presp_elements;

View file

@ -2067,6 +2067,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
if (key_rsc) if (key_rsc)
os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN); os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
#ifdef CONFIG_TESTING_OPTIONS
if (conf->eapol_key_reserved_random)
random_get_bytes(key->key_id, sizeof(key->key_id));
#endif /* CONFIG_TESTING_OPTIONS */
if (kde && !encr) { if (kde && !encr) {
os_memcpy(key_data, kde, kde_len); os_memcpy(key_data, kde, kde_len);
WPA_PUT_BE16(key_mic + mic_len, kde_len); WPA_PUT_BE16(key_mic + mic_len, kde_len);

View file

@ -266,6 +266,7 @@ struct wpa_auth_config {
struct wpabuf *eapol_m1_elements; struct wpabuf *eapol_m1_elements;
struct wpabuf *eapol_m3_elements; struct wpabuf *eapol_m3_elements;
bool eapol_m3_no_encrypt; bool eapol_m3_no_encrypt;
bool eapol_key_reserved_random;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
unsigned int oci_freq_override_eapol_m3; unsigned int oci_freq_override_eapol_m3;
unsigned int oci_freq_override_eapol_g1; unsigned int oci_freq_override_eapol_g1;

View file

@ -236,6 +236,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
if (conf->eapol_m3_elements) if (conf->eapol_m3_elements)
wconf->eapol_m3_elements = wpabuf_dup(conf->eapol_m3_elements); wconf->eapol_m3_elements = wpabuf_dup(conf->eapol_m3_elements);
wconf->eapol_m3_no_encrypt = conf->eapol_m3_no_encrypt; wconf->eapol_m3_no_encrypt = conf->eapol_m3_no_encrypt;
wconf->eapol_key_reserved_random = conf->eapol_key_reserved_random;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P #ifdef CONFIG_P2P
os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4); os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);

View file

@ -3273,3 +3273,15 @@ def test_sae_ssid_protection(dev, apdev):
if dev[0].get_status_field("ssid_verified") != "1": if dev[0].get_status_field("ssid_verified") != "1":
raise Exception("ssid_verified=1 not in STATUS") raise Exception("ssid_verified=1 not in STATUS")
def test_sae_eapol_key_reserved_random(dev, apdev):
"""SAE with EAPOL-Key Reserved field set to random value"""
check_sae_capab(dev[0])
params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
params['wpa_key_mgmt'] = 'SAE'
params['eapol_key_reserved_random'] = '1'
hapd = hostapd.add_ap(apdev[0], params)
dev[0].set("sae_groups", "")
dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
scan_freq="2412")