Allow testing override for GTK/IGTK RSC from AP to STA

The new hostapd gtk_rsc_override and igtk_rsc_override configuration
parameters can be used to set an override value for the RSC that the AP
advertises for STAs for GTK/IGTK. The contents of those parameters is a
hexdump of the RSC in little endian byte order.

This functionality is available only in CONFIG_TESTING_OPTIONS=y builds.
This can be used to verify that stations implement initial RSC
configuration correctly for GTK/ and IGTK.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-01-04 13:05:26 +02:00
parent c1714ec08c
commit 8d84c75f7c
6 changed files with 55 additions and 1 deletions

View file

@ -4168,6 +4168,12 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "rsnxe_override_eapol") == 0) {
wpabuf_free(bss->rsnxe_override_eapol);
bss->rsnxe_override_eapol = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "gtk_rsc_override") == 0) {
wpabuf_free(bss->gtk_rsc_override);
bss->gtk_rsc_override = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "igtk_rsc_override") == 0) {
wpabuf_free(bss->igtk_rsc_override);
bss->igtk_rsc_override = wpabuf_parse_bin(pos);
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_SAE
} else if (os_strcmp(buf, "sae_password") == 0) {

View file

@ -881,6 +881,8 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
wpabuf_free(conf->own_ie_override);
wpabuf_free(conf->sae_commit_override);
wpabuf_free(conf->rsnxe_override_eapol);
wpabuf_free(conf->gtk_rsc_override);
wpabuf_free(conf->igtk_rsc_override);
#endif /* CONFIG_TESTING_OPTIONS */
os_free(conf->no_probe_resp_if_seen_on);

View file

@ -666,6 +666,8 @@ struct hostapd_bss_config {
int sae_reflection_attack;
struct wpabuf *sae_commit_override;
struct wpabuf *rsnxe_override_eapol;
struct wpabuf *gtk_rsc_override;
struct wpabuf *igtk_rsc_override;
#endif /* CONFIG_TESTING_OPTIONS */
#define MESH_ENABLED BIT(0)

View file

@ -148,9 +148,33 @@ static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth,
const u8 *addr, int idx, u8 *seq)
{
int res;
if (wpa_auth->cb->get_seqnum == NULL)
return -1;
return wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
res = wpa_auth->cb->get_seqnum(wpa_auth->cb_ctx, addr, idx, seq);
#ifdef CONFIG_TESTING_OPTIONS
if (!addr && idx < 4 && wpa_auth->conf.gtk_rsc_override_set) {
wpa_printf(MSG_DEBUG,
"TESTING: Override GTK RSC %016llx --> %016llx",
(long long unsigned) WPA_GET_LE64(seq),
(long long unsigned)
WPA_GET_LE64(wpa_auth->conf.gtk_rsc_override));
os_memcpy(seq, wpa_auth->conf.gtk_rsc_override,
WPA_KEY_RSC_LEN);
}
if (!addr && idx >= 4 && idx <= 5 &&
wpa_auth->conf.igtk_rsc_override_set) {
wpa_printf(MSG_DEBUG,
"TESTING: Override IGTK RSC %016llx --> %016llx",
(long long unsigned) WPA_GET_LE64(seq),
(long long unsigned)
WPA_GET_LE64(wpa_auth->conf.igtk_rsc_override));
os_memcpy(seq, wpa_auth->conf.igtk_rsc_override,
WPA_KEY_RSC_LEN);
}
#endif /* CONFIG_TESTING_OPTIONS */
return res;
}

View file

@ -221,6 +221,10 @@ struct wpa_auth_config {
size_t own_ie_override_len;
u8 rsnxe_override_eapol[MAX_OWN_IE_OVERRIDE];
size_t rsnxe_override_eapol_len;
u8 gtk_rsc_override[WPA_KEY_RSC_LEN];
u8 igtk_rsc_override[WPA_KEY_RSC_LEN];
unsigned int gtk_rsc_override_set:1;
unsigned int igtk_rsc_override_set:1;
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P
u8 ip_addr_go[4];

View file

@ -126,6 +126,22 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
wpabuf_head(conf->rsnxe_override_eapol),
wconf->rsnxe_override_eapol_len);
}
if (conf->gtk_rsc_override &&
wpabuf_len(conf->gtk_rsc_override) > 0 &&
wpabuf_len(conf->gtk_rsc_override) <= WPA_KEY_RSC_LEN) {
os_memcpy(wconf->gtk_rsc_override,
wpabuf_head(conf->gtk_rsc_override),
wpabuf_len(conf->gtk_rsc_override));
wconf->gtk_rsc_override_set = 1;
}
if (conf->igtk_rsc_override &&
wpabuf_len(conf->igtk_rsc_override) > 0 &&
wpabuf_len(conf->igtk_rsc_override) <= WPA_KEY_RSC_LEN) {
os_memcpy(wconf->igtk_rsc_override,
wpabuf_head(conf->igtk_rsc_override),
wpabuf_len(conf->igtk_rsc_override));
wconf->igtk_rsc_override_set = 1;
}
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_P2P
os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);