Commit graph

74 commits

Author SHA1 Message Date
Jouni Malinen
228420e2d9 wlantest: Find a STA entry based on MLO affiliated link addresses
Allow a single STA entry to be found for a non-AP MLD regardless of
which link MAC address was used to transmit/receive it.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 13:08:37 +03:00
Jouni Malinen
b20991da69 wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce
Use the MLD MAC Address instead of link address in CCMP/GCMP AAD/nonce
construction when processing an individually addressed Data frame with
FromDS=1 or ToDS=1 between an AP MLD and non-AP MLD.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-05 23:08:43 +03:00
Jouni Malinen
cc046a1ff8 wlantest: Extend protected Data frame checks for GCMP and CCMP-256
The same rules that apply to CCMP-128 apply also for GCMP-128, CCMP-256,
and GCMP-256 here.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-29 21:31:52 +03:00
Jouni Malinen
ced15c8ba8 wlantest: TKIP frame reassembly for Michael MIC check in fragmented case
Reassemble the full MSDU when processing TKIP protected fragmented
frames so that the Michael MIC can be validated once the last fragment
has been received.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-11 21:13:56 +03:00
Jouni Malinen
3332657d69 wlantest: Report decrypted TKIP frames even if cannot check Michael MIC
This can be useful for debugging, so return successfully decrypted TKIP
frame even if the Michael MIC cannot be verified (fragment reassembly
not yet supported) or if the Michael MIC value is incorrect. Add a note
in the frame to point out that the Michael MIC was not verified or is
incorrect.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-11 21:13:56 +03:00
Jouni Malinen
73f65cc6c4 wlantest: Support HT Control field in QoS Data frames
Extend Data frame processing (and decryption) to handle +HTC frames by
skipping the HT Control field at the end of the frame header. While this
is not an exact match of the rules in IEEE Std 802.11-2020 for when the
HT Control field is present in frames (e.g., no check of the TXVECTOR
value), this is good enough to cover the most likely used cases.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-05-06 23:32:54 +03:00
Jouni Malinen
e90ededb4b wlantest: Skip Mesh Control field from the beginning of payload
This allows correct processing of Data frames with Mesh Control field by
finding the LLC/SNAP header after that field.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-09 20:20:24 +02:00
Jouni Malinen
503901e72d wlantest: Check all configured TKs if no matching GTK is known
This allows group-addressed frames to be decrypted by listing all
possible GTKs in the PTK file.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2021-03-09 17:29:48 +02:00
Jouni Malinen
56a04ae1a1 wlantest: Support TK list for Management frame decryption
Use the TKs from the PTK file (-T command line argument) to try to
decrypt encrypted Management frames if no BSS/STA key can be found based
on addresses.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 11:37:58 +02:00
Jouni Malinen
116bbf7953 wlantest: Add frame number fo replay detected messages
This makes it easier to find the relevant frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 00:06:59 +03:00
Jouni Malinen
c8a3565947 wlantest: Remove duplicate PN/RSC prints from replay cases
The PN and RSC are already printed in the "replay detected" debug
message so there is no point in having separate hexdumps of the same
values immediately after that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 00:04:32 +03:00
Jouni Malinen
3e537313e8 wlantest: Add debug print with frame number for decryption failures
This makes it more convenient to find the frames that could not be
decrypted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 00:00:17 +03:00
Jouni Malinen
866c3acb8c wlantest: Do not report decryption failures for WEP keys if no keys
If no WEP keys are available, there is not going to be an attempt to
decrypt the frame, so don't claim decryption failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-03 23:56:10 +03:00
Jouni Malinen
08ac6f807d wlantest: Update PTK after rekeying even if EAPOL-Key msg 4/4 is missing
Update TPTK to PTK if a valid EAPOL-Key msg 2/4 and 3/4 are available,
but 4/4 is missing. This avoids certain cases where the new TK could be
derived, but it was not being used to try to decrypt following encrypted
frames.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-01 18:46:14 +03:00
Jouni Malinen
0dc58cfa95 wlantest: Do not report decryption keys when checking only zero TK
All the "Failed to decrypt frame" debug prints were confusing since
those were not supposed to be shown unless there were one or more real
TKs available. The recently added check for zero TK added these notes
for that case which is not really correct, so get rid of them.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-04-01 18:30:33 +03:00
Jouni Malinen
8e467e3cf4 wlantest: Check for zero TK even when the real PTK is not known
This makes it easier to analyze certain encryption issues. Also print
out an error at the default INFO debug verbosity with the frame number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-03-23 17:58:43 +02:00
Alexander Wetzel
6ea7a152c6 wlantest: Basic Extended Key ID support
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-16 00:07:20 +02:00
Jouni Malinen
80d4122159 wlantest: Detect and report plaintext payload in protected frames
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-14 17:36:41 +02:00
Jouni Malinen
f5f7286ba5 wlantest: Try to decrypt frame with zero TK
If none of the known PTKs have a working TK, check whether an encrypted
frame is encrypted with all zeros TK.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 23:18:59 +02:00
Jouni Malinen
f5849f1c7c wlantest: Add more notes about decryption into pcapng
Note the used TK/GTK and KeyID in frame notes when writing decrypted
frames to a PCAPNG file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 01:30:00 +02:00
Jouni Malinen
722c7d1958 wlantest: Process VLAN tagged Data frames
This allows Data frames to be fully processed for the case where VLAN
tags are used on the wireless link.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-09-20 23:54:05 +03:00
Jouni Malinen
b3c43c3c24 wlantest: Allow duplicate frame processing after decryption failure
If a sniffer capture does not include FCS for each frame, but may
included frames with invalid FCS, it would be possible for wlantest to
try to decrypt the first received frame and fail (e.g., due to CCMP MIC
mismatch) because that particular frame was corrupted and then ignore
the following retry of that frame as a duplicate even if that retry has
different payload (e.g., if its reception did not show corruption).

Work around this by skipping duplicate frame detection immediately
following a decryption failure.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-12 22:27:34 +03:00
Jouni Malinen
97302b39dc wlantest: Try harder to find a STA entry with PTK for 4-address frames
Commit aab6612836 ('wlantest: Search
bss/sta entry more thoroughly for 4-address frames') allowed wlantest to
find a STA entry in this type of cases, but it was still possible for
that STA entry to be the one that has no derived PTK while the STA entry
for the other side of the link might have the derived PTK available.

Extend this BSS/STA selection mechanism to use sta->ptk_set to determine
which STA entry is more useful for decryption, i.e., select the one with
a known PTK.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-12-08 21:54:40 +02:00
Jouni Malinen
aab6612836 wlantest: Search bss/sta entry more thoroughly for 4-address frames
Previous design worked for the case where only one of the devices was
beaconing, but failed in one direction to find the PTK if both devices
beaconed. Fix this by checking the A1/A2 fields in both directions if
the first pick fails to find the sta entry.

In addition, select the proper rsc value (rsc_tods vs. rsc_fromds) based
on A2 (TA) value for ToDS+FromDS frames to avoid reporting incorrect
replay issues.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-15 02:12:20 +02:00
Jouni Malinen
5420bcf477 wlantest: Remove unnecessary duplication of tk_len from STA entries
The length of the TK is available within struct wpa_ptk, so there is no
need to try to maintain it separately in wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 12:54:45 +02:00
Jouni Malinen
4158b80eef wlantest: Do not update RSC on replays
This changes wlantest behavior to mark CCMP/TKIP replays for more cases
in case a device is resetting its TSC. Previously, the RSC check got
cleared on the first marked replay and the following packets were not
marked as replays if they continued incrementing the PN even if that PN
was below the highest value received with this key at some point in the
past.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-16 13:11:36 +03:00
Jouni Malinen
e45f2e8ad5 wlantest: Add support for decrypting 4-address Data frames
This covers the case where 4-address Data frames are exchanged between
an AP and an associated station.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-06 12:15:30 +03:00
Jouni Malinen
6d014ffc6e Make struct wpa_eapol_key easier to use with variable length MIC
Suite B 192-bit addition from IEEE Std 802.11ac-2013 replaced the
previous fixed length Key MIC field with a variable length field. That
change was addressed with an addition of a new struct defined for the
second MIC length. This is not really scalable and with FILS coming up
with a zero-length MIC case for AEAD, a more thorough change to support
variable length MIC is needed.

Remove the Key MIC and Key Data Length fields from the struct
wpa_eapol_key and find their location based on the MIC length
information (which is determined by the AKMP). This change allows the
separate struct wpa_eapol_key_192 to be removed since struct
wpa_eapol_key will now include only the fixed length fields that are
shared with all EAPOL-Key cases in IEEE Std 802.11.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
6d07e76020 wlantest: Use local ETH_P_IP define instead of linux/if_ether.h
There is no strong need for pulling in linux/if_ether.h here since all
that is needed if ETH_P_IP and we already cover multiple other ETH_P_*
values in utils/common.h.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:35:30 +02:00
Jouni Malinen
98cd3d1c3b Preparations for variable length KCK and KEK
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:49 +02:00
Ashok Kumar Ponnaiah
eb2223e0ec wlantest: Add decryption of CCMP-256, GCMP, GCMP-256
This extends wlantest support for decrypting the new cipher suites.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Ashok Kumar Ponnaiah
3a3cb8ee81 wlantest: Indicate if a TKIP/CCMP replay has Retry=1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Jouni Malinen
0187c41d88 Declare wpa_debug_* variables in src/utils/wpa_debug.h
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:29:52 +02:00
Jouni Malinen
99d7c1dedf wlantest: Add per-TID RX/TX counters
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 20:21:27 +02:00
Jouni Malinen
a0530dff5b wlantest: Allow additional PTKs to be specified from a file
A text file with a hexdump of PTK (KCK|KEK=TK with 48 octets for CCMP or
64 octets for TKIP or alternative 16 or 32 octet TK for CCMP/TKIP) can
now be read from a file specified with the -T command line argument. If
the current known PTK fails to decrypt a frame (or if no current PTK is
known) all listed PTKs are iterated to see if any of them matches.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 23:09:38 +02:00
Jouni Malinen
ace4e460e5 wlantest: Select correct TDLS context if multiple exists
Some corner cases may result in both directions of TDLS tracking context
existing. If that is the case, the incorrect one may end up getting
picked when figuring out which TK to use for decryption or fix
statistics counter to increment. Fix this by preferring the context that
has TDLS link up.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-26 22:14:00 +03:00
Jouni Malinen
e4d99217f7 wlantest: Use add_note() to annotate frames
This adds debug information from wlantest into pcapng frame comments to
make the information more convenient to use, e.g., in Wireshark.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-26 22:14:00 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
d0b251d2e8 wlantest: Fix handling of PTK rekeying
Use a temporary PTK buffer during 4-way handshake when rekeying PTK
so that the new EAPOL-Key frame MIC values are checked against the
new PTK and frames are decrypted using the old PTK. Take the new
PTK into use once msg 4/4 is processed and clear RSC counters at
that point (including moving of RSC update to avoid setting RSC
based on the msg 4/4).

In addition, add a workaround to handle supplicant implementations that
set Secure bit to one during PTK rekeying 4-way handshake in msg 2/4.
This was previously assumed to be msg 4/4, but the key data contents
can be used to figure out whether this is msg 2/4 even if the Secure
bit is set to one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-14 22:36:02 +02:00
Jouni Malinen
39c147261e wlantest: Fix source address for FromDS frames 2011-03-14 21:35:14 +02:00
Jouni Malinen
9559a7f882 wlantest: Fix compiler warnings 2011-01-24 16:57:36 +02:00
Jouni Malinen
244c9303cb wlantest: Determine ping matches properly for direct link
Check ICMP echo request/response matches for both STAs to get proper
counter values for a ping from a one STA to another one using TDLS.
2011-01-24 14:50:51 +02:00
Jouni Malinen
2e479416d1 wlantest: Add support for decrypting WEP frames 2011-01-14 17:43:17 +02:00
Jouni Malinen
0a9ddd92cd wlantest: Add STA counter prot_data_tx 2011-01-07 17:09:09 +02:00
Jouni Malinen
01b397dd94 wlantest: Add more details for replay debug messages
These make it easier to find the frame in question when looking at
the capture in Wireshark.
2011-01-07 14:17:08 +02:00
Jouni Malinen
0e42fff3de wlantest: Add counters and AP/direct path validation for TDLS
These can be used to write automated test scripts for verifying
that TDLS STAs are using correct data path.
2010-12-16 19:08:49 +02:00
Jouni Malinen
b39f58347d wlantest: Add support for decrypting TDLS frames
Derive TPK based on TDLS TPK Handshake and decrypt frames on the
direct link with TPK-TK.
2010-12-13 11:20:55 +02:00
Jouni Malinen
ee3b84beb3 wlantest: Parse ICMP echo packet and record STA ping success 2010-11-20 22:34:42 +02:00
Jouni Malinen
161d0339c6 wlantest: Move RX EAPOL processing into its own file 2010-11-20 21:40:04 +02:00
Jouni Malinen
2e4c34691b wlantest: Add support for protecting injected broadcast frames 2010-11-19 16:48:33 +02:00