This is needed to derive the PTK correct when Secure LTF support is used
and the additional KDK component needs to be taken into account.
Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
Commit b20991da69 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
updated AAD and nonce construction to use MLD addresses in AAD for A1
and A2. IEEE P802.11be has additional cases where A3 in AAD is set to
the AP MLD address, so cover those as well.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Prefer a BSS entry that has a matching STA entry when processing
EAPOL-Key frames. This avoids issues where some combination of MLD
and/or link addresses are used in a sequence that could end up
generating two separate STA entries for the same non-AP MLD.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The BSSID (RA/TA) might differ from SA/DA for the AP, so print it as
well in the debug entry for EAPOL-Key frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Commit 25b52e5f83 ("FT: Extend FTE parsing for FT-SAE-EXT-KEY") used
possible MIC length iteration to try to figure out the length of the MIC
field in FTE. That was the only option available at the time, but FTE is
now being extended in IEEE 802.11-REVme to explicitly indicate the
length of the MIC field for the new FT-SAE-EXT-KEY AKM to make this
easier.
Use the new design from the approved comment resolution (*) in
REVme/D2.0 ballot CID 3135 to simplify implementation. This gets rid of
the need to pass in key length and the somewhat strange need_{r0kh,r1kh}
parameters to wpa_ft_parse_ies().
(*)
https://mentor.ieee.org/802.11/dcn/22/11-22-1991-02-000m-proposed-resolutions-to-some-lb270-comments.docx
Signed-off-by: Jouni Malinen <j@w1.fi>
It is possible for there to be multiple STA entries (e.g., one for each
BSS) when a sniffer capture contains multiple associations using MLO.
For such cases, the new PTK information needs to be updated to all
existing STA entries to be able to find the latest TK when decrypting
following frames since the other STA entries might be located first when
trying to figure out how to decrypt a frame.
In addition to the PTK, copy the MLD MAC addresses to the other STA and
BSS entries to make sure the latest values are used when trying to
decrypt frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Provide AKM, key length, and information about needed subelements to the
parser function so that the variable length MIC field cases can be
recognized for FT-SAE-EXT-KEY. Knowledge about R0KH-ID/R1KH-ID being
needed is required to be able to iterate over possible MIC field lengths
for the case where the AP does not yet know the correct key length at
the beginning of FT protocol.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Provide AKM to the helper function so that the new SHA256 and SHA512
options can be covered for FT-SAE-EXT-KEY.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Extend wlantest capabilities to cover the new SAE-EXT-KEY AKM and
variable length MIC field and key lengths for it based on the used SAE
group.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Update bss entries for all affiliated links whenever learning
GTK/IGTK/BIGTK from EAPOL-Key msg 3/4 or group msg 1/2.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow a single STA entry to be found for a non-AP MLD regardless of
which link MAC address was used to transmit/receive it.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Update STA state tracking for SAE authentication as well as the previous
covered Open System algorithm.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Check the Beacon/Probe Response frame RSNE against the RSNE within the
MLO Link KDE for the current affiliated link instead of RSNE when
processing the EAPOL-Key msg 3/4 Key Data field.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes the debug message more useful for determining whether an
expected BIGTK has been derived.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Make this easier to understand by using the appropriately named function
to parse KDEs/IEs in the Key Data field of EAPOL-Key frames instead of
using the wrapper function that is there just to provide the old
function name for wpa_supplicant.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
rx_mgmt_beacon() was skipping all steps after a Probe Response frame
from the AP had been processed. This is expected for the parts that were
updating the bss entry information, but the checks for beacon protection
should not be skipped in this manner.
Skip onlu the updating parts while checking that beacon protection is
used correctly to make this more useful.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use the MLD MAC Address instead of link address in CCMP/GCMP AAD/nonce
construction when processing an individually addressed Data frame with
FromDS=1 or ToDS=1 between an AP MLD and non-AP MLD.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Do not complain about unprotected Action frames for additional
categories that have been defined as not being Robust.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
SA/DA in EAPOL-Key frames might not be the BSSID when MLO is used. Check
for these cases to avoid adding unexpected BSS entries for AP MLD
instead of the per-link BSS entry. This is needed to be able to find the
derived keys when decrypting protected frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
IEEE P802.11be adds the MAC Address KDE into the EAPOL-Key msg 4/4 when
MLO is used and as such, the previously used check for Key Data Length
value 0 is not sufficient for recognizing the EAPOL-Key msg 4/4 anymore.
Also check for an all zero Key Nonce value since that field is supposed
to be zero in EAPOL-Key msg 4/4 and it has to be a random value in
EAPOL-Key msg 2/4.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When MLO is used, the MLD MAC addresses of the AP MLD and non-AP MLD are
used as the Authenticator and Supplicant addresses. Update PTK
derivation to use this information to work with MLO.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
IEEE P802.11be indicates the MLD MAC addresses, i.e., the Authenticator
and Supplicant addresses, in the MAC Address KDE in EAPOL-Key msg 1/4
and 2/4. Learn those addresses so that wlantest can be extended to
support MLO.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Data frame processing had already been extended to support additional
cipher suites, but Robust Management frame processing was still using a
hardcoded cipher suite (CCMP-128). Extend it to support GCMP-128,
GCMP-256, and CCMP-256 as well.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
To be consistent with how all the other dl lists like passphrase, PMK,
and PTK lists are freed, delete each entry from the WEP list before
freeing the entry.
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
The definitions of max_args, get_cmd_arg_num(), and tokenize_cmd() are
already shared by the hostapd_cli and wpa_cli commands by including the
cli.h header. So follow the same for wlantest_cli and remove the
duplicate function defitions.
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
Having a help cli command to view all the supported commands is helpful
when running the wlantest_cli manually instead via the python test
scripts.
$ wlantest_cli help
commands:
ping = test connection to wlantest
terminate = terminate wlantest
list_bss = get BSS list
list_sta <BSSID> = get STA list
flush = drop all collected BSS data
clear_sta_counters <BSSID> <STA> = clear STA counters
clear_bss_counters <BSSID> = clear BSS counters
get_sta_counter <counter> <BSSID> <STA> = get STA counter value
get_bss_counter <counter> <BSSID> = get BSS counter value
inject <frame> <prot> <sender> <BSSID> <STA/ff:ff:ff:ff:ff:ff>
send <prot> <raw frame as hex dump>
version = get wlantest version
add_passphrase <passphrase> = add a known passphrase
add_wepkey <WEP key> = add a known WEP key
info_sta <field> <BSSID> <STA> = get STA information
info_bss <field> <BSSID> = get BSS information
clear_tdls_counters <BSSID> <STA1> <STA2> = clear TDLS counters
get_tdls_counter <counter> <BSSID> <STA1> <STA2> = get TDLS counter value
get_bss_counter <counter> <BSSID> = get BSS counter value
relog = re-open log-file (allow rolling logs)
get_tx_tid <BSSID> <STA> <TID> = get STA TX TID counter value
get_rx_tid <BSSID> <STA> <TID> = get STA RX TID counter value
help = show this usage help
$ wlantest_cli help add_passphrase
commands:
add_passphrase <passphrase> = add a known passphrase
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
In the cases when a failure is experienced, the value "-1" was returned
from the main() function without doing any cleanup or deinit.
For example, if wlantest was started with the following set of command
line arguments then later when returning after a failure from main()
function, the memory allocated as part of handling the "-p" getopt
command line option was not freed. To fix memory leaks in this case,
properly free the previously allocated memory with the help of
wlantest_deinit() before returning from main().
$ sudo valgrind --leak-check=full --show-leak-kinds=all --verbose \
> --track-origins=yes --log-file=valgrind-out.txt \
> ./wlantest -i hwsim0 -dd -c -p "asdfasdfasdfasdf" -W "abcd"
Invalid WEP key 'abcd'
Memory leak reported by Valgrind when running wlantest as mentioned above.
==513454== HEAP SUMMARY:
==513454== in use at exit: 128 bytes in 1 blocks
==513454== total heap usage: 4 allocs, 3 frees, 5,720 bytes allocated
==513454==
==513454== Searching for pointers to 1 not-freed blocks
==513454== Checked 76,936 bytes
==513454==
==513454== 128 bytes in 1 blocks are definitely lost in loss record 1 of 1
==513454== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==513454== by 0x1396CA: os_zalloc (in /home/ubuntu/hostap/wlantest/wlantest)
==513454== by 0x10C345: add_passphrase (wlantest.c:125)
==513454== by 0x10C345: main (wlantest.c:425)
==513454==
==513454== LEAK SUMMARY:
==513454== definitely lost: 128 bytes in 1 blocks
==513454== indirectly lost: 0 bytes in 0 blocks
==513454== possibly lost: 0 bytes in 0 blocks
==513454== still reachable: 0 bytes in 0 blocks
==513454== suppressed: 0 bytes in 0 blocks
==513454==
==513454== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
The change to support variable length PMK in wlantest missed couple of
places where the PMK length did not get used or set properly. In
particular, this ended up breaking FT key derivation for the case where
a passphrase was used to derive a potential per-BSS PMK. Fix this by
setting and using the PMK length properly.
Fixes: 6c29d95a90 ("wlantest: Support variable length PMK")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Reassemble the full MSDU when processing TKIP protected fragmented
frames so that the Michael MIC can be validated once the last fragment
has been received.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This can be useful for debugging, so return successfully decrypted TKIP
frame even if the Michael MIC cannot be verified (fragment reassembly
not yet supported) or if the Michael MIC value is incorrect. Add a note
in the frame to point out that the Michael MIC was not verified or is
incorrect.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Extend Data frame processing (and decryption) to handle +HTC frames by
skipping the HT Control field at the end of the frame header. While this
is not an exact match of the rules in IEEE Std 802.11-2020 for when the
HT Control field is present in frames (e.g., no check of the TXVECTOR
value), this is good enough to cover the most likely used cases.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This moves the implementation closer to the current IEEE 802.11 standard
since B15 of Frame Control field was renamed to +HTC to match it newer
uses.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows correct processing of Data frames with Mesh Control field by
finding the LLC/SNAP header after that field.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This resulted in an attempt to dereference a NULL pointer since sta_addr
is not known in this type of a case.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Buffers passed to rx_data_ip() may not be naturally-aligned, and so we
get unpredictable behavior when we cast that to an IP header. In
particular, this code may crash on ARM.
Signed-off-by: Brian Norris <briannorris@chromium.org>
This previously reserved bit is now used in FTM to help select the
appropriate replay counter. Silence the warning about use of a reserved
bit for this. wlantest does not yet support the actual replay counter
processing for FTM.
Signed-off-by: Jouni Malinen <j@w1.fi>
Use the TKs from the PTK file (-T command line argument) to try to
decrypt encrypted Management frames if no BSS/STA key can be found based
on addresses.
Signed-off-by: Jouni Malinen <j@w1.fi>
Extend the fils_pmk_to_ptk() to also derive Key Derivation
Key (KDK) which can later be used for secure LTF measurements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
