From 4ac800db822ebeb133bac4f4a947c2ff94eb3343 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 26 May 2013 21:35:00 +0300 Subject: [PATCH] wlantest: Track TDLS setup nonces Signed-hostap: Jouni Malinen --- wlantest/rx_tdls.c | 51 +++++++++++++++++++++++++++++++++++++++++++-- wlantest/wlantest.h | 2 ++ 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/wlantest/rx_tdls.c b/wlantest/rx_tdls.c index 1c506ac1d..d9247c147 100644 --- a/wlantest/rx_tdls.c +++ b/wlantest/rx_tdls.c @@ -53,6 +53,12 @@ static struct wlantest_tdls * get_tdls(struct wlantest *wt, const u8 *linkid, if (!create_new) return NULL; + add_note(wt, MSG_DEBUG, "Add new TDLS link context: initiator " MACSTR + " responder " MACSTR " BSSID " MACSTR, + MAC2STR(linkid + ETH_ALEN), + MAC2STR(linkid + 2 * ETH_ALEN), + MAC2STR(bssid)); + tdls = os_zalloc(sizeof(*tdls)); if (tdls == NULL) return NULL; @@ -196,6 +202,7 @@ static void rx_data_tdls_setup_request(struct wlantest *wt, const u8 *bssid, { struct ieee802_11_elems elems; struct wlantest_tdls *tdls; + u8 linkid[3 * ETH_ALEN]; if (len < 3) { add_note(wt, MSG_INFO, "Too short TDLS Setup Request " MACSTR @@ -216,7 +223,20 @@ static void rx_data_tdls_setup_request(struct wlantest *wt, const u8 *bssid, if (tdls) { tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_REQ]++; tdls->dialog_token = data[0]; + if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) { + const struct rsn_ftie *f; + f = (const struct rsn_ftie *) elems.ftie; + os_memcpy(tdls->inonce, f->snonce, WPA_NONCE_LEN); + } } + + /* Check whether reverse direction context exists already */ + os_memcpy(linkid, bssid, ETH_ALEN); + os_memcpy(linkid + ETH_ALEN, dst, ETH_ALEN); + os_memcpy(linkid + 2 * ETH_ALEN, src, ETH_ALEN); + tdls = get_tdls(wt, linkid, 0, bssid); + if (tdls) + add_note(wt, MSG_INFO, "Reverse direction TDLS context exists"); } @@ -298,8 +318,10 @@ static void rx_data_tdls_setup_response(struct wlantest *wt, const u8 *bssid, MAC2STR(elems.link_id + 2 * ETH_ALEN)); tdls = get_tdls(wt, elems.link_id, 1, bssid); - if (!tdls) + if (!tdls) { + add_note(wt, MSG_INFO, "No match TDLS context found"); return; + } if (status) tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_RESP_FAIL]++; else @@ -308,6 +330,16 @@ static void rx_data_tdls_setup_response(struct wlantest *wt, const u8 *bssid, if (status != WLAN_STATUS_SUCCESS) return; + if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) { + const struct rsn_ftie *f; + f = (const struct rsn_ftie *) elems.ftie; + if (os_memcmp(tdls->inonce, f->snonce, WPA_NONCE_LEN) != 0) { + add_note(wt, MSG_INFO, "Mismatch in TDLS initiator " + "nonce"); + } + os_memcpy(tdls->rnonce, f->anonce, WPA_NONCE_LEN); + } + if (tdls_derive_tpk(tdls, bssid, elems.ftie, elems.ftie_len) < 1) return; if (tdls_verify_mic(wt, tdls, 2, &elems) == 0) { @@ -401,6 +433,19 @@ static void rx_data_tdls_setup_confirm(struct wlantest *wt, const u8 *bssid, if (status != WLAN_STATUS_SUCCESS) return; + if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) { + const struct rsn_ftie *f; + f = (const struct rsn_ftie *) elems.ftie; + if (os_memcmp(tdls->inonce, f->snonce, WPA_NONCE_LEN) != 0) { + add_note(wt, MSG_INFO, "Mismatch in TDLS initiator " + "nonce"); + } + if (os_memcmp(tdls->rnonce, f->anonce, WPA_NONCE_LEN) != 0) { + add_note(wt, MSG_INFO, "Mismatch in TDLS responder " + "nonce"); + } + } + tdls->link_up = 1; if (tdls_derive_tpk(tdls, bssid, elems.ftie, elems.ftie_len) < 1) { if (elems.ftie == NULL) @@ -409,7 +454,7 @@ static void rx_data_tdls_setup_confirm(struct wlantest *wt, const u8 *bssid, } if (tdls_verify_mic(wt, tdls, 3, &elems) == 0) { tdls->dialog_token = data[2]; - add_note(wt, MSG_DEBUG, "TDLS: Dialog Token for the link: %u", + add_note(wt, MSG_DEBUG, "TDLS: Link up - Dialog Token: %u", tdls->dialog_token); } @@ -514,6 +559,8 @@ static void rx_data_tdls_teardown(struct wlantest *wt, const u8 *bssid, tdls = get_tdls(wt, elems.link_id, 1, bssid); if (tdls) { + if (tdls->link_up) + add_note(wt, MSG_DEBUG, "TDLS: Link down"); tdls->link_up = 0; tdls->counters[WLANTEST_TDLS_COUNTER_TEARDOWN]++; tdls_verify_mic_teardown(wt, tdls, 4, data, &elems); diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h index 030faeb90..1ff3229d3 100644 --- a/wlantest/wlantest.h +++ b/wlantest/wlantest.h @@ -106,6 +106,8 @@ struct wlantest_tdls { u8 rsc_init[16 + 1][6]; u8 rsc_resp[16 + 1][6]; u32 counters[NUM_WLANTEST_TDLS_COUNTER]; + u8 inonce[32]; + u8 rnonce[32]; }; struct wlantest_bss {