diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 21104d302..62136cabf 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2893,6 +2893,7 @@ static int hostapd_config_fill(struct hostapd_config *conf, PARSE_TEST_PROBABILITY(ignore_auth_probability) PARSE_TEST_PROBABILITY(ignore_assoc_probability) PARSE_TEST_PROBABILITY(ignore_reassoc_probability) + PARSE_TEST_PROBABILITY(corrupt_gtk_rekey_mic_probability) #endif /* CONFIG_TESTING_OPTIONS */ } else if (os_strcmp(buf, "vendor_elements") == 0) { struct wpabuf *elems; diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 6a1c500bd..86015bf19 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1540,6 +1540,9 @@ own_ip_addr=127.0.0.1 # # Ignore reassociation requests with the given probability #ignore_reassoc_probability=0.0 +# +# Corrupt Key MIC in GTK rekey EAPOL-Key frames with the given probability +#corrupt_gtk_rekey_mic_probability=0.0 ##### Multiple BSSID support ################################################## # diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 70b26a6ee..7ab86fca9 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -168,6 +168,7 @@ struct hostapd_config * hostapd_config_defaults(void) conf->ignore_auth_probability = 0.0d; conf->ignore_assoc_probability = 0.0d; conf->ignore_reassoc_probability = 0.0d; + conf->corrupt_gtk_rekey_mic_probability = 0.0d; #endif /* CONFIG_TESTING_OPTIONS */ return conf; diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index f9629a2cd..16134da97 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -526,6 +526,7 @@ struct hostapd_config { double ignore_auth_probability; double ignore_assoc_probability; double ignore_reassoc_probability; + double corrupt_gtk_rekey_mic_probability; #endif /* CONFIG_TESTING_OPTIONS */ }; diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 4f1f6fbc1..5a0bec8c5 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1347,6 +1347,16 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, } wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len, key->key_mic); +#ifdef CONFIG_TESTING_OPTIONS + if (!pairwise && + wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0d && + drand48() < + wpa_auth->conf.corrupt_gtk_rekey_mic_probability) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "Corrupting group EAPOL-Key Key MIC"); + key->key_mic[0]++; + } +#endif /* CONFIG_TESTING_OPTIONS */ } wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 465eec6a5..9126b90dc 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -160,6 +160,9 @@ struct wpa_auth_config { #endif /* CONFIG_IEEE80211R */ int disable_gtk; int ap_mlme; +#ifdef CONFIG_TESTING_OPTIONS + double corrupt_gtk_rekey_mic_probability; +#endif /* CONFIG_TESTING_OPTIONS */ }; typedef enum { diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index fdaaaff5a..e2be1ea6c 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -28,6 +28,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, + struct hostapd_config *iconf, struct wpa_auth_config *wconf) { os_memset(wconf, 0, sizeof(*wconf)); @@ -74,6 +75,10 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, #ifdef CONFIG_HS20 wconf->disable_gtk = conf->disable_dgaf; #endif /* CONFIG_HS20 */ +#ifdef CONFIG_TESTING_OPTIONS + wconf->corrupt_gtk_rekey_mic_probability = + iconf->corrupt_gtk_rekey_mic_probability; +#endif /* CONFIG_TESTING_OPTIONS */ } @@ -509,7 +514,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) const u8 *wpa_ie; size_t wpa_ie_len; - hostapd_wpa_auth_conf(hapd->conf, &_conf); + hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf); if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS) _conf.tx_status = 1; if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME) @@ -583,7 +588,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) void hostapd_reconfig_wpa(struct hostapd_data *hapd) { struct wpa_auth_config wpa_auth_conf; - hostapd_wpa_auth_conf(hapd->conf, &wpa_auth_conf); + hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf); wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf); }