wlantest: Add support for decrypting TDLS frames

Derive TPK based on TDLS TPK Handshake and decrypt frames on the
direct link with TPK-TK.
This commit is contained in:
Jouni Malinen 2010-12-13 11:20:55 +02:00 committed by Jouni Malinen
parent 89c38e32c7
commit b39f58347d
8 changed files with 436 additions and 8 deletions

View file

@ -254,6 +254,11 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
elems->ht_operation = pos; elems->ht_operation = pos;
elems->ht_operation_len = elen; elems->ht_operation_len = elen;
break; break;
case WLAN_EID_LINK_ID:
if (elen < 18)
break;
elems->link_id = pos;
break;
default: default:
unknown++; unknown++;
if (!show_errors) if (!show_errors)

View file

@ -41,6 +41,7 @@ struct ieee802_11_elems {
const u8 *ht_operation; const u8 *ht_operation;
const u8 *vendor_ht_cap; const u8 *vendor_ht_cap;
const u8 *p2p; const u8 *p2p;
const u8 *link_id;
u8 ssid_len; u8 ssid_len;
u8 supp_rates_len; u8 supp_rates_len;

View file

@ -212,6 +212,7 @@
#define WLAN_EID_20_40_BSS_INTOLERANT 73 #define WLAN_EID_20_40_BSS_INTOLERANT 73
#define WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS 74 #define WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS 74
#define WLAN_EID_MMIE 76 #define WLAN_EID_MMIE 76
#define WLAN_EID_LINK_ID 101
#define WLAN_EID_ADV_PROTO 108 #define WLAN_EID_ADV_PROTO 108
#define WLAN_EID_VENDOR_SPECIFIC 221 #define WLAN_EID_VENDOR_SPECIFIC 221
@ -226,6 +227,7 @@
#define WLAN_ACTION_FT 6 #define WLAN_ACTION_FT 6
#define WLAN_ACTION_HT 7 #define WLAN_ACTION_HT 7
#define WLAN_ACTION_SA_QUERY 8 #define WLAN_ACTION_SA_QUERY 8
#define WLAN_ACTION_TDLS 12
#define WLAN_ACTION_WMM 17 /* WMM Specification 1.1 */ #define WLAN_ACTION_WMM 17 /* WMM Specification 1.1 */
#define WLAN_ACTION_VENDOR_SPECIFIC 127 #define WLAN_ACTION_VENDOR_SPECIFIC 127
@ -242,6 +244,19 @@
#define WLAN_SA_QUERY_TR_ID_LEN 2 #define WLAN_SA_QUERY_TR_ID_LEN 2
/* TDLS action codes */
#define WLAN_TDLS_SETUP_REQUEST 0
#define WLAN_TDLS_SETUP_RESPONSE 1
#define WLAN_TDLS_SETUP_CONFIRM 2
#define WLAN_TDLS_TEARDOWN 3
#define WLAN_TDLS_PEER_TRAFFIC_INDICATION 4
#define WLAN_TDLS_CHANNEL_SWITCH_REQUEST 5
#define WLAN_TDLS_CHANNEL_SWITCH_RESPONSE 6
#define WLAN_TDLS_PEER_PSM_REQUEST 7
#define WLAN_TDLS_PEER_PSM_RESPONSE 8
#define WLAN_TDLS_PEER_TRAFFIC_RESPONSE 9
#define WLAN_TDLS_DISCOVERY_REQUEST 10
/* Timeout Interval Type */ /* Timeout Interval Type */
#define WLAN_TIMEOUT_REASSOC_DEADLINE 1 #define WLAN_TIMEOUT_REASSOC_DEADLINE 1
#define WLAN_TIMEOUT_KEY_LIFETIME 2 #define WLAN_TIMEOUT_KEY_LIFETIME 2

View file

@ -58,6 +58,7 @@ OBJS += rx_mgmt.o
OBJS += rx_data.o OBJS += rx_data.o
OBJS += rx_eapol.o OBJS += rx_eapol.o
OBJS += rx_ip.o OBJS += rx_ip.o
OBJS += rx_tdls.o
OBJS += bss.o OBJS += bss.o
OBJS += sta.o OBJS += sta.o
OBJS += crc32.o OBJS += crc32.o

View file

@ -50,6 +50,7 @@ struct wlantest_bss * bss_get(struct wlantest *wt, const u8 *bssid)
return NULL; return NULL;
dl_list_init(&bss->sta); dl_list_init(&bss->sta);
dl_list_init(&bss->pmk); dl_list_init(&bss->pmk);
dl_list_init(&bss->tdls);
os_memcpy(bss->bssid, bssid, ETH_ALEN); os_memcpy(bss->bssid, bssid, ETH_ALEN);
dl_list_add(&wt->bss, &bss->list); dl_list_add(&wt->bss, &bss->list);
wpa_printf(MSG_DEBUG, "Discovered new BSS - " MACSTR, wpa_printf(MSG_DEBUG, "Discovered new BSS - " MACSTR,
@ -69,10 +70,13 @@ void bss_deinit(struct wlantest_bss *bss)
{ {
struct wlantest_sta *sta, *n; struct wlantest_sta *sta, *n;
struct wlantest_pmk *pmk, *np; struct wlantest_pmk *pmk, *np;
struct wlantest_tdls *tdls, *nt;
dl_list_for_each_safe(sta, n, &bss->sta, struct wlantest_sta, list) dl_list_for_each_safe(sta, n, &bss->sta, struct wlantest_sta, list)
sta_deinit(sta); sta_deinit(sta);
dl_list_for_each_safe(pmk, np, &bss->pmk, struct wlantest_pmk, list) dl_list_for_each_safe(pmk, np, &bss->pmk, struct wlantest_pmk, list)
pmk_deinit(pmk); pmk_deinit(pmk);
dl_list_for_each_safe(tdls, nt, &bss->tdls, struct wlantest_tdls, list)
os_free(tdls);
dl_list_del(&bss->list); dl_list_del(&bss->list);
os_free(bss); os_free(bss);
} }

View file

@ -70,6 +70,9 @@ static void rx_data_eth(struct wlantest *wt, const u8 *bssid,
case ETH_P_IP: case ETH_P_IP:
rx_data_ip(wt, bssid, sta_addr, dst, src, data, len); rx_data_ip(wt, bssid, sta_addr, dst, src, data, len);
break; break;
case 0x890d:
rx_data_80211_encap(wt, bssid, sta_addr, dst, src, data, len);
break;
} }
} }
@ -182,13 +185,15 @@ static void rx_data_bss_prot(struct wlantest *wt,
size_t len) size_t len)
{ {
struct wlantest_bss *bss; struct wlantest_bss *bss;
struct wlantest_sta *sta; struct wlantest_sta *sta, *sta2;
int keyid; int keyid;
u16 fc = le_to_host16(hdr->frame_control); u16 fc = le_to_host16(hdr->frame_control);
u8 *decrypted; u8 *decrypted;
size_t dlen; size_t dlen;
int tid; int tid;
u8 pn[6], *rsc; u8 pn[6], *rsc;
struct wlantest_tdls *tdls = NULL;
const u8 *tk = NULL;
if (hdr->addr1[0] & 0x01) { if (hdr->addr1[0] & 0x01) {
rx_data_bss_prot_group(wt, hdr, qos, dst, src, data, len); rx_data_bss_prot_group(wt, hdr, qos, dst, src, data, len);
@ -200,13 +205,32 @@ static void rx_data_bss_prot(struct wlantest *wt,
if (bss == NULL) if (bss == NULL)
return; return;
sta = sta_get(bss, hdr->addr2); sta = sta_get(bss, hdr->addr2);
} else { } else if (fc & WLAN_FC_FROMDS) {
bss = bss_get(wt, hdr->addr2); bss = bss_get(wt, hdr->addr2);
if (bss == NULL) if (bss == NULL)
return; return;
sta = sta_get(bss, hdr->addr1); sta = sta_get(bss, hdr->addr1);
} else {
bss = bss_get(wt, hdr->addr3);
if (bss == NULL)
return;
sta = sta_find(bss, hdr->addr2);
sta2 = sta_find(bss, hdr->addr1);
if (sta == NULL || sta2 == NULL)
return;
dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list)
{
if ((tdls->init == sta && tdls->resp == sta2) ||
(tdls->init == sta2 && tdls->resp == sta)) {
if (!tdls->link_up)
wpa_printf(MSG_DEBUG, "TDLS: Link not "
"up, but Data frame seen");
tk = tdls->tpk.tk;
break;
} }
if (sta == NULL || !sta->ptk_set) { }
}
if ((sta == NULL || !sta->ptk_set) && tk == NULL) {
wpa_printf(MSG_MSGDUMP, "No PTK known to decrypt the frame"); wpa_printf(MSG_MSGDUMP, "No PTK known to decrypt the frame");
return; return;
} }
@ -224,7 +248,7 @@ static void rx_data_bss_prot(struct wlantest *wt,
return; return;
} }
if (sta->pairwise_cipher == WPA_CIPHER_TKIP) { if (tk == NULL && sta->pairwise_cipher == WPA_CIPHER_TKIP) {
if (data[3] & 0x1f) { if (data[3] & 0x1f) {
wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used " wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
"non-zero reserved bit", "non-zero reserved bit",
@ -237,7 +261,7 @@ static void rx_data_bss_prot(struct wlantest *wt,
MAC2STR(hdr->addr2), data[1], MAC2STR(hdr->addr2), data[1],
(data[0] | 0x20) & 0x7f); (data[0] | 0x20) & 0x7f);
} }
} else if (sta->pairwise_cipher == WPA_CIPHER_CCMP) { } else if (tk || sta->pairwise_cipher == WPA_CIPHER_CCMP) {
if (data[2] != 0 || (data[3] & 0x1f) != 0) { if (data[2] != 0 || (data[3] & 0x1f) != 0) {
wpa_printf(MSG_INFO, "CCMP frame from " MACSTR " used " wpa_printf(MSG_INFO, "CCMP frame from " MACSTR " used "
"non-zero reserved bit", "non-zero reserved bit",
@ -256,13 +280,18 @@ static void rx_data_bss_prot(struct wlantest *wt,
tid = qos[0] & 0x0f; tid = qos[0] & 0x0f;
else else
tid = 0; tid = 0;
if (fc & WLAN_FC_TODS) if (tk) {
if (os_memcmp(hdr->addr2, tdls->init->addr, ETH_ALEN) == 0)
rsc = tdls->rsc_init[tid];
else
rsc = tdls->rsc_resp[tid];
} else if (fc & WLAN_FC_TODS)
rsc = sta->rsc_tods[tid]; rsc = sta->rsc_tods[tid];
else else
rsc = sta->rsc_fromds[tid]; rsc = sta->rsc_fromds[tid];
if (sta->pairwise_cipher == WPA_CIPHER_TKIP) if (tk == NULL && sta->pairwise_cipher == WPA_CIPHER_TKIP)
tkip_get_pn(pn, data); tkip_get_pn(pn, data);
else else
ccmp_get_pn(pn, data); ccmp_get_pn(pn, data);
@ -273,7 +302,9 @@ static void rx_data_bss_prot(struct wlantest *wt,
wpa_hexdump(MSG_INFO, "RSC", rsc, 6); wpa_hexdump(MSG_INFO, "RSC", rsc, 6);
} }
if (sta->pairwise_cipher == WPA_CIPHER_TKIP) if (tk)
decrypted = ccmp_decrypt(tk, hdr, data, len, &dlen);
else if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
decrypted = tkip_decrypt(sta->ptk.tk1, hdr, data, len, &dlen); decrypted = tkip_decrypt(sta->ptk.tk1, hdr, data, len, &dlen);
else else
decrypted = ccmp_decrypt(sta->ptk.tk1, hdr, data, len, &dlen); decrypted = ccmp_decrypt(sta->ptk.tk1, hdr, data, len, &dlen);
@ -362,6 +393,8 @@ void rx_data(struct wlantest *wt, const u8 *data, size_t len)
fc & WLAN_FC_ISWEP ? " Prot" : "", fc & WLAN_FC_ISWEP ? " Prot" : "",
MAC2STR(hdr->addr1), MAC2STR(hdr->addr2), MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
MAC2STR(hdr->addr3)); MAC2STR(hdr->addr3));
rx_data_bss(wt, hdr, qos, hdr->addr1, hdr->addr2,
data + hdrlen, len - hdrlen);
break; break;
case WLAN_FC_FROMDS: case WLAN_FC_FROMDS:
wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s FromDS DA=" MACSTR wpa_printf(MSG_EXCESSIVE, "DATA %s%s%s FromDS DA=" MACSTR

352
wlantest/rx_tdls.c Normal file
View file

@ -0,0 +1,352 @@
/*
* Received Data frame processing for TDLS packets
* Copyright (c) 2010, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "utils/includes.h"
#include "utils/common.h"
#include "crypto/sha256.h"
#include "crypto/crypto.h"
#include "crypto/aes_wrap.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "wlantest.h"
static struct wlantest_tdls * get_tdls(struct wlantest *wt, const u8 *linkid)
{
struct wlantest_bss *bss;
struct wlantest_sta *init, *resp;
struct wlantest_tdls *tdls;
bss = bss_find(wt, linkid);
if (bss == NULL)
return NULL;
init = sta_find(bss, linkid + ETH_ALEN);
if (init == NULL)
return NULL;
resp = sta_find(bss, linkid + 2 * ETH_ALEN);
if (resp == NULL)
return NULL;
dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
if (tdls->init == init && tdls->resp == resp)
return tdls;
}
tdls = os_zalloc(sizeof(*tdls));
if (tdls == NULL)
return NULL;
tdls->init = init;
tdls->resp = resp;
dl_list_add(&bss->tdls, &tdls->list);
return tdls;
}
static int tdls_derive_tpk(struct wlantest_tdls *tdls, const u8 *bssid,
const u8 *ftie, u8 ftie_len)
{
const struct rsn_ftie *f;
u8 key_input[SHA256_MAC_LEN];
const u8 *nonce[2];
size_t len[2];
u8 data[3 * ETH_ALEN];
if (ftie == NULL || ftie_len < sizeof(struct rsn_ftie))
return 0;
f = (const struct rsn_ftie *) ftie;
wpa_hexdump(MSG_DEBUG, "TDLS ANonce", f->anonce, WPA_NONCE_LEN);
wpa_hexdump(MSG_DEBUG, "TDLS SNonce", f->snonce, WPA_NONCE_LEN);
/*
* IEEE Std 802.11z-2010 8.5.9.1:
* TPK-Key-Input = SHA-256(min(SNonce, ANonce) || max(SNonce, ANonce))
*/
len[0] = WPA_NONCE_LEN;
len[1] = WPA_NONCE_LEN;
if (os_memcmp(f->anonce, f->snonce, WPA_NONCE_LEN) < 0) {
nonce[0] = f->anonce;
nonce[1] = f->snonce;
} else {
nonce[0] = f->snonce;
nonce[1] = f->anonce;
}
sha256_vector(2, nonce, len, key_input);
wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-Key-Input",
key_input, SHA256_MAC_LEN);
/*
* TPK-Key-Data = KDF-N_KEY(TPK-Key-Input, "TDLS PMK",
* min(MAC_I, MAC_R) || max(MAC_I, MAC_R) || BSSID || N_KEY)
* TODO: is N_KEY really included in KDF Context and if so, in which
* presentation format (little endian 16-bit?) is it used? It gets
* added by the KDF anyway..
*/
if (os_memcmp(tdls->init->addr, tdls->resp->addr, ETH_ALEN) < 0) {
os_memcpy(data, tdls->init->addr, ETH_ALEN);
os_memcpy(data + ETH_ALEN, tdls->resp->addr, ETH_ALEN);
} else {
os_memcpy(data, tdls->resp->addr, ETH_ALEN);
os_memcpy(data + ETH_ALEN, tdls->init->addr, ETH_ALEN);
}
os_memcpy(data + 2 * ETH_ALEN, bssid, ETH_ALEN);
wpa_hexdump(MSG_DEBUG, "TDLS: KDF Context", data, sizeof(data));
sha256_prf(key_input, SHA256_MAC_LEN, "TDLS PMK", data, sizeof(data),
(u8 *) &tdls->tpk, sizeof(tdls->tpk));
wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-KCK",
tdls->tpk.kck, sizeof(tdls->tpk.kck));
wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-TK",
tdls->tpk.tk, sizeof(tdls->tpk.tk));
return 1;
}
static int tdls_verify_mic(struct wlantest_tdls *tdls, u8 trans_seq,
struct ieee802_11_elems *elems)
{
u8 *buf, *pos;
int len;
u8 mic[16];
int ret;
const struct rsn_ftie *rx_ftie;
struct rsn_ftie *tmp_ftie;
if (elems->link_id == NULL || elems->rsn_ie == NULL ||
elems->timeout_int == NULL || elems->ftie == NULL)
return -1;
len = 2 * ETH_ALEN + 1 + 2 + 18 + 2 + elems->rsn_ie_len +
2 + elems->timeout_int_len + 2 + elems->ftie_len;
buf = os_zalloc(len);
if (buf == NULL)
return -1;
pos = buf;
/* 1) TDLS initiator STA MAC address */
os_memcpy(pos, elems->link_id + ETH_ALEN, ETH_ALEN);
pos += ETH_ALEN;
/* 2) TDLS responder STA MAC address */
os_memcpy(pos, elems->link_id + 2 * ETH_ALEN, ETH_ALEN);
pos += ETH_ALEN;
/* 3) Transaction Sequence number */
*pos++ = trans_seq;
/* 4) Link Identifier IE */
os_memcpy(pos, elems->link_id - 2, 2 + 18);
pos += 2 + 18;
/* 5) RSN IE */
os_memcpy(pos, elems->rsn_ie - 2, 2 + elems->rsn_ie_len);
pos += 2 + elems->rsn_ie_len;
/* 6) Timeout Interval IE */
os_memcpy(pos, elems->timeout_int - 2, 2 + elems->timeout_int_len);
pos += 2 + elems->timeout_int_len;
/* 7) FTIE, with the MIC field of the FTIE set to 0 */
os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
pos += 2;
tmp_ftie = (struct rsn_ftie *) pos;
os_memset(tmp_ftie->mic, 0, 16);
pos += elems->ftie_len;
wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", tdls->tpk.kck, 16);
ret = omac1_aes_128(tdls->tpk.kck, buf, pos - buf, mic);
os_free(buf);
if (ret)
return -1;
wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
rx_ftie = (const struct rsn_ftie *) elems->ftie;
if (os_memcmp(mic, rx_ftie->mic, 16) == 0) {
wpa_printf(MSG_DEBUG, "TDLS: Valid MIC");
return 0;
}
wpa_printf(MSG_DEBUG, "TDLS: Invalid MIC");
return -1;
}
static void rx_data_tdls_setup_request(struct wlantest *wt, const u8 *bssid,
const u8 *sta_addr, const u8 *dst,
const u8 *src,
const u8 *data, size_t len)
{
struct ieee802_11_elems elems;
if (len < 3)
return;
wpa_printf(MSG_DEBUG, "TDLS Setup Request " MACSTR " -> "
MACSTR, MAC2STR(src), MAC2STR(dst));
if (ieee802_11_parse_elems(data + 3, len - 3, &elems, 1) ==
ParseFailed || elems.link_id == NULL)
return;
wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
" initiator STA " MACSTR " responder STA " MACSTR,
MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
MAC2STR(elems.link_id + 2 * ETH_ALEN));
}
static void rx_data_tdls_setup_response(struct wlantest *wt, const u8 *bssid,
const u8 *sta_addr, const u8 *dst,
const u8 *src,
const u8 *data, size_t len)
{
u16 status;
struct ieee802_11_elems elems;
struct wlantest_tdls *tdls;
if (len < 5)
return;
status = WPA_GET_LE16(data);
wpa_printf(MSG_DEBUG, "TDLS Setup Response " MACSTR " -> "
MACSTR " (status %d)",
MAC2STR(src), MAC2STR(dst), status);
if (status != WLAN_STATUS_SUCCESS)
return;
if (ieee802_11_parse_elems(data + 5, len - 5, &elems, 1) ==
ParseFailed || elems.link_id == NULL)
return;
wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
" initiator STA " MACSTR " responder STA " MACSTR,
MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
MAC2STR(elems.link_id + 2 * ETH_ALEN));
tdls = get_tdls(wt, elems.link_id);
if (!tdls)
return;
if (tdls_derive_tpk(tdls, bssid, elems.ftie, elems.ftie_len) < 1)
return;
tdls_verify_mic(tdls, 2, &elems);
}
static void rx_data_tdls_setup_confirm(struct wlantest *wt, const u8 *bssid,
const u8 *sta_addr, const u8 *dst,
const u8 *src,
const u8 *data, size_t len)
{
u16 status;
struct ieee802_11_elems elems;
struct wlantest_tdls *tdls;
if (len < 3)
return;
status = WPA_GET_LE16(data);
wpa_printf(MSG_DEBUG, "TDLS Setup Confirm " MACSTR " -> "
MACSTR " (status %d)",
MAC2STR(src), MAC2STR(dst), status);
if (status != WLAN_STATUS_SUCCESS)
return;
if (ieee802_11_parse_elems(data + 3, len - 3, &elems, 1) ==
ParseFailed || elems.link_id == NULL)
return;
wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
" initiator STA " MACSTR " responder STA " MACSTR,
MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
MAC2STR(elems.link_id + 2 * ETH_ALEN));
tdls = get_tdls(wt, elems.link_id);
if (tdls)
tdls->link_up = 1;
if (tdls_derive_tpk(tdls, bssid, elems.ftie, elems.ftie_len) < 1)
return;
tdls_verify_mic(tdls, 3, &elems);
}
static void rx_data_tdls_teardown(struct wlantest *wt, const u8 *bssid,
const u8 *sta_addr, const u8 *dst,
const u8 *src,
const u8 *data, size_t len)
{
u16 reason;
struct ieee802_11_elems elems;
struct wlantest_tdls *tdls;
if (len < 2)
return;
reason = WPA_GET_LE16(data);
wpa_printf(MSG_DEBUG, "TDLS Teardown " MACSTR " -> "
MACSTR " (reason %d)",
MAC2STR(src), MAC2STR(dst), reason);
if (ieee802_11_parse_elems(data + 2, len - 2, &elems, 1) ==
ParseFailed || elems.link_id == NULL)
return;
wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
" initiator STA " MACSTR " responder STA " MACSTR,
MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
MAC2STR(elems.link_id + 2 * ETH_ALEN));
tdls = get_tdls(wt, elems.link_id);
if (tdls)
tdls->link_up = 0;
}
static void rx_data_tdls(struct wlantest *wt, const u8 *bssid,
const u8 *sta_addr, const u8 *dst, const u8 *src,
const u8 *data, size_t len)
{
/* data contains the payload of a TDLS Action frame */
if (len < 2 || data[0] != WLAN_ACTION_TDLS) {
wpa_hexdump(MSG_DEBUG, "Unrecognized encapsulated TDLS frame",
data, len);
return;
}
switch (data[1]) {
case WLAN_TDLS_SETUP_REQUEST:
rx_data_tdls_setup_request(wt, bssid, sta_addr, dst, src,
data + 2, len - 2);
break;
case WLAN_TDLS_SETUP_RESPONSE:
rx_data_tdls_setup_response(wt, bssid, sta_addr, dst, src,
data + 2, len - 2);
break;
case WLAN_TDLS_SETUP_CONFIRM:
rx_data_tdls_setup_confirm(wt, bssid, sta_addr, dst, src,
data + 2, len - 2);
break;
case WLAN_TDLS_TEARDOWN:
rx_data_tdls_teardown(wt, bssid, sta_addr, dst, src, data + 2,
len - 2);
break;
case WLAN_TDLS_DISCOVERY_REQUEST:
wpa_printf(MSG_DEBUG, "TDLS Discovery Request " MACSTR " -> "
MACSTR, MAC2STR(src), MAC2STR(dst));
break;
}
}
void rx_data_80211_encap(struct wlantest *wt, const u8 *bssid,
const u8 *sta_addr, const u8 *dst, const u8 *src,
const u8 *data, size_t len)
{
wpa_hexdump(MSG_EXCESSIVE, "802.11 data encap frame", data, len);
if (len < 1)
return;
if (data[0] == 0x02)
rx_data_tdls(wt, bssid, sta_addr, dst, src, data + 1, len - 1);
}

View file

@ -84,6 +84,19 @@ struct wlantest_sta {
le16 seq_ctrl_to_ap[17]; le16 seq_ctrl_to_ap[17];
}; };
struct wlantest_tdls {
struct dl_list list;
struct wlantest_sta *init;
struct wlantest_sta *resp;
struct tpk {
u8 kck[16];
u8 tk[16];
} tpk;
int link_up;
u8 rsc_init[16 + 1][6];
u8 rsc_resp[16 + 1][6];
};
struct wlantest_bss { struct wlantest_bss {
struct dl_list list; struct dl_list list;
u8 bssid[ETH_ALEN]; u8 bssid[ETH_ALEN];
@ -111,6 +124,7 @@ struct wlantest_bss {
int igtk_idx; int igtk_idx;
u8 ipn[6][6]; u8 ipn[6][6];
u32 counters[NUM_WLANTEST_BSS_COUNTER]; u32 counters[NUM_WLANTEST_BSS_COUNTER];
struct dl_list tdls; /* struct wlantest_tdls */
}; };
struct wlantest_radius { struct wlantest_radius {
@ -167,6 +181,9 @@ void rx_data_eapol(struct wlantest *wt, const u8 *dst, const u8 *src,
const u8 *data, size_t len, int prot); const u8 *data, size_t len, int prot);
void rx_data_ip(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr, void rx_data_ip(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr,
const u8 *dst, const u8 *src, const u8 *data, size_t len); const u8 *dst, const u8 *src, const u8 *data, size_t len);
void rx_data_80211_encap(struct wlantest *wt, const u8 *bssid,
const u8 *sta_addr, const u8 *dst, const u8 *src,
const u8 *data, size_t len);
struct wlantest_bss * bss_find(struct wlantest *wt, const u8 *bssid); struct wlantest_bss * bss_find(struct wlantest *wt, const u8 *bssid);
struct wlantest_bss * bss_get(struct wlantest *wt, const u8 *bssid); struct wlantest_bss * bss_get(struct wlantest *wt, const u8 *bssid);