Commit graph

367 commits

Author SHA1 Message Date
Jouni Malinen
8fa52a7974 FT: Allow wpa_supplicant to be configured to prepend PMKR1Name
The standard is somewhat unclear on whether the PMKIDs used in
(Re)Association Request frame (i.e., potential PMKIDs that could be used
for PMKSA caching during the initial mobility domain association) are to
be retained or removed when generating EAPOL-Key msg 2/4.

wpa_supplicant has replaced the PMKID List contents from (Re)Association
Request frame with PMKR1Name when generating EAPOL-Key msg 2/4 for FT.
Allow it to be configured (ft_prepend_pmkid=1) to prepend the PMKR1Name
without removing the PMKIDs from (Re)Association Request frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-02-03 20:58:01 +02:00
Jouni Malinen
1abdeaa412 wlantest: Fix TK iteration based on the PTK file
Use of ptk_len is not valid here to check what is the length of the
actual TK. Fix this by using ptk->tk_len instead so that the appropriate
decryption function can be selected for cases where the TKs are
configured through the PTK file.

Fixes: ce7bdb54e5 ("wlantest: Extend Management frame decryption to support GCMP and CCMP-256")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2024-02-01 19:51:56 +02:00
Veerendranath Jakkam
2c0cadd6ee wlantest: Adjust kdk_len according to RSNX capability for FT
Commit 0660f31ba0 ("wlantest: wlantest: Adjust kdk_len according to
RSNX capability") added support for PTK derivation and the additional
KDK component when Secure LTF support is used in the non-FT case.

Cover the same for the FT case to derive the correct PTK and consider
the additional KDK component when Secure LTF support is used.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2024-01-25 20:08:08 +02:00
Jouni Malinen
6a8d0e9196 wlantest: Do not decrease debug level for test vectors
The CCMP PV1 test vector dropped debugging verbosity at the end. This
was not really supposed to be done since these test vectors are expected
to print at EXCESSIVE verbosity.

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-20 19:45:20 +02:00
Henry Ptasinski
4e3f6b847a wlantest: Add test vectors for S1G BIP
- CMAC and GMAC modes
- 128-bit and 256-bit modes
- normal BIP and BIP using BCE
- test vectors with minimum and optional additional header elements in
  S1G beacon frames
- S1G Beacon Compatibility element in some cases, no other beacon body
   components

Signed-off-by: Henry Ptasinski <henry@e78com.com>
Signed-off-by: Andrew Pope <andrew.pope@morsemicro.com>
Signed-off-by: David Goodall <dave@morsemicro.com>
2024-01-20 19:39:27 +02:00
Henry Ptasinski
3fad445496 wlantest: Fix the cipher name in a BIP-GMAC-256 test vector
Signed-off-by: Henry Ptasinski <henry@e78com.com>
Signed-off-by: Andrew Pope <andrew.pope@morsemicro.com>
Signed-off-by: David Goodall <dave@morsemicro.com>
2024-01-20 19:34:54 +02:00
Jouni Malinen
2d83d224ff Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:

@@
expression a,b;
@@
-	os_memcmp(a, b, ETH_ALEN) == 0
+	ether_addr_equal(a, b)

@@
expression a,b;
@@
-	os_memcmp(a, b, ETH_ALEN) != 0
+	!ether_addr_equal(a, b)

@@
expression a,b;
@@
-	!os_memcmp(a, b, ETH_ALEN)
+	ether_addr_equal(a, b)

Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 23:47:21 +02:00
Benjamin Berg
b3aafd5a87 common: Simplify and avoid confusing defragmentation API
Three functions were provided for defragmentation. First
ieee802_11_defrag(), ieee802_11_defrag_mle() and then
ieee802_11_defrag_data() which would do the actual job. With
ieee802_11_defrag() picking the member in the elements struct for an
EID. The problem with this is, that for the Multi-Link element, there
are multiple entries in the elems struct depending on its type. As such,
remove the intermediate function and simply pass the correct members
directly.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2023-11-25 10:56:56 +02:00
Ilan Peer
a8517c132c Add support for AKM suite 00-0F-AC:23
Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2023-11-03 17:08:36 +02:00
Jouni Malinen
bae1ec693c wlantest: Minimal parsing of Basic MLE STA Profile
Debug print RSNE and RSNXE if they are present in the STA Profile.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 19:26:41 +03:00
Jouni Malinen
de043ec01a wlantest: Defragment the Per-STA Profile subelement
This subelement within the Basic MLE Link Info can be long enough to
require fragmentation, so defragment it before parsing.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 19:26:41 +03:00
Jouni Malinen
990600753d wlantest: Defragment Basic MLE before processing
The Basic Multi-Link element is going to be fragmented in many cases, so
defragment it first before trying to parse it.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 19:26:41 +03:00
Jouni Malinen
528abdeb67 wlantest: Learn group keys from MLO FT Reassociation Response frames
Extend FT Reassociation Response frame processing to support the new MLO
GTK/IGTK/BIGTK subelements similarly to how the MLO group keys were
already learned from EAPOL-Key msg 3/4.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 11:51:47 +03:00
Jouni Malinen
0cd2bfc8a4 wlantest: Fix FTE MIC calculation for MLO Reassociation Response frames
The AP's RSNE needs to be modified by inserting the PMKR1Name in the
PMKID List field for each affiliated link.

Fixes: 8cf919ffd5 ("wlantest: FTE MIC calculation for MLO Reassociation Response frame")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-09-01 00:03:16 +03:00
Jouni Malinen
a845601ffe wlantest: Derive PTK in MLO using MLD MAC addresses for FT over-the-air
IEEE P802.11be/D4.0 does not seem to have changed the rules for deriving
PTK in FT hierarchy since there were no changes to 12.7.1.6.5 (PTK)
where BSSID and STA-ADDR are used. However, the MLO changes for FT and
for PTK derivation in non-FT cases seem to imply that this FT case is
also supposed to use MLD MAC addresses.

Commit 628b9f1022 ("wlantest: Derive PMK-R1 and PTK using AA/SPA for
MLO FT over-the-DS") did this already for FT over-the-DS, so do the same
for FT over-the-air.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 21:10:54 +03:00
Jouni Malinen
d3ab6e001f wlantest: Use non-AP MLD's MLD MAC address in FT over-the-air derivation
S1KH-ID is supposed to be SPA, so learn the MLD MAC address of the
non-AP MLD from the FT Authentication frame and use that instead of the
link address when deriving keys in FT over-the-air case.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 20:47:00 +03:00
Jouni Malinen
770e5a808f wlantest: Determine whether A1 points to STA once in rx_data_bss_prot()
Use the initial BSS/STA routines to determine whether A1 points to STA
instead of maintaining multiple somewhat different ways of doing this.
In addition to making the code easier to maintain, this fixes at least
some cases where incorrect tx/rx_tid or rsc_tods/fromds value was
selected for 4-address frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 15:02:02 +03:00
Jouni Malinen
850dc14829 wlantest: Remove duplicated A1/A2/A3 override detection for MLO
Use the A1/A2/A3 overrides for MLO determined within rx_data_bss_prot()
in try_ptk_decrypt() to avoid duplicated code in these two functions.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 14:44:41 +03:00
Jouni Malinen
6ce745bb87 wlantest: MLO support for decrypting 4-address frames
Search the A1/A2 values in 4-address frames using the MLO enabled
functions to allow appropriate STA entries to be located when these
frames are used with MLO.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 14:32:55 +03:00
Jouni Malinen
f6dcd326fe wlantest: Indicate ToDS/FromDS values for BSS DATA entries
This makes it a bit more convenient to debug decryption issues.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-31 12:33:45 +03:00
Jouni Malinen
20febfd783 wlantest: Dump MLO association information in debug
Print the MLD MAC addresses and link addresses for both the AP MLD and
non-AP MLD when processing (Re)Association Request frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-28 13:25:07 +03:00
Jouni Malinen
d12a3dce82 wlantest: Store and check SNonce/ANonce for FT Authentication
Store SNonce and ANonce from FT Authentication frames during FT
over-the-air so that these values are available for processing the FT
reassociation frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-28 13:25:07 +03:00
Jouni Malinen
8cf919ffd5 wlantest: FTE MIC calculation for MLO Reassociation Response frame
Use the MLD MAC addresses and MLO-specific MIC calculation rules per
IEEE P802.11be/D4.0, 13.8.5.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-28 13:25:07 +03:00
Jouni Malinen
aa08d9d768 Fix use of defragmented FTE information
The FTE parser itself used valid data, but the reassembled buffer was
available only during the parser run. That buffer will be needed for the
caller as well since most of the parsed data is used as pointers instead
of copied data.

Store the reassembled buffer in struct wpa_ft_ies and require
wpa_ft_parse_ies() callers to use wpa_ft_parse_ies_free() to free any
possibly allocated temporary data after wpa_ft_parse_ies() calls that
return success (0).

Fixes: 43b5f11d96 ("Defragmentation of FTE")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-28 13:25:05 +03:00
Jouni Malinen
7381c60db8 FT: Make FTE MIC calculation more flexible
Generate the "extra" data buffer outside wpa_ft_mic() to make this
function easier to share for MLO FT Reassociation Response frame. This
replaces the earlier design in commit e6f64a8e1d ("FT: FTE MIC
calculation for MLO Reassociation Request frame").

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-25 11:28:44 +03:00
Jouni Malinen
ff02f734ba wlantest: Allow specific link BSS to be found with bss_find_mld()
Make this function more capable to address cases where a specific
affiliated link of an AP MLD needs to be found.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-25 11:19:24 +03:00
Jouni Malinen
a83575df59 wlantest: FTE MIC calculation for MLO Reassociation Request frames
SPA (FTO's MAC address) and AA (FTR's MAC address) are the MLD MAC
addresses when using MLO and the Reassociation Request frame will also
include the non-AP STA MAC addresses for the requested links.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-24 18:10:47 +03:00
Jouni Malinen
e6f64a8e1d FT: FTE MIC calculation for MLO Reassociation Request frame
Extend wpa_ft_mic() to take in an array of link addresses to allow the
FTE MIC to be calculated for Reassociation Request frame as described in
IEEE P802.11be/D4.0, 13.8.4. This commit does not change actual
behavior, i.e., this is just preparing wpa_ft_mic() and the existing
callers with a new argument.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-24 18:10:47 +03:00
Jouni Malinen
6ae43bb103 wlantest: Learn link address for assoc link from (Re)Association Request
Store the non-AP MLD link address of the link that is used for
association when processing (Re)Association Request frames. This is
needed to get the full set of link addresses when 4-way handshake is not
used (e.g., for FT protocol).

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-24 18:10:47 +03:00
Jouni Malinen
19f33d7929 wlantest: Learn the Link ID for AP MLD affiliated BSSs
This allows the Link ID to be determined based on the BSS entry when
processing a frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-24 18:10:47 +03:00
Jouni Malinen
37c87efecf wlantest: Search SPA using MLO aware find for FT Request/Response frame
This is needed to be able to find a previously added STA entry when
roaming using FT over-the-DS back to an AP MLD that was used previously.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-24 18:10:47 +03:00
Veerendranath Jakkam
104aa291e5 wlantest: Fix FT over-the-DS decryption
Use STA address indicated in FT Request/Response frames instead of
transmit or receive addresses for creating/finding STA instance.

For MLO to MLO roaming:
1. STA may use different link compared to FT Action frames negotiated
   links.
2. STA may reassociate with target AP MLD with different set of
   links compared to links connected to current AP MLD.

So create STA with MLD MAC address and attach to one of the BSS
affiliated with target AP MLD. Update link address of the STA and BSS
during processing of the Reassociation Request frame.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-08-24 18:10:43 +03:00
Veerendranath Jakkam
628b9f1022 wlantest: Derive PMK-R1 and PTK using AA/SPA for MLO FT over-the-DS
Use AP and STA addresses indicated in FT Request/Response frames for
PMK-R1 and PTK derivation instead of the addresses in the BSS and STA
entries. This is needed for MLO to use the MLD MAC address instead of
one of the link addresses.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-08-24 16:42:22 +03:00
Veerendranath Jakkam
9318db7c38 wlantest: Use local variables for AA/SPA in FT Request/Response processing
This makes the code more readable by getting rid of the multiple
instances of references to the specifiec fields within the FT Action
frame.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-08-24 16:37:35 +03:00
Jouni Malinen
bc0268d053 wlantest: Guess SAE/OWE group from EAPOL-Key length mismatch
The MIC length depends on the negotiated group when SAE-EXT-KEY or OWE
key_mgmt is used. wlantest can determine the group if the capture file
includes the group negotiation, i.e., the initial association when a PMK
was created. However, if the capture file includes only an association
using PMKSA caching, the group information is not available. This can
result in inability to be able to process the EAPOL-Key frames (e.g.,
with the "Truncated EAPOL-Key from" message).

If the negotiated group is not known and an EAPOL-Key frame length does
not seem to match the default expectations for group 19, check whether
the alternative lengths for group 20 or 21 would result in a frame that
seems to have valid length. If so, update the STA entry with the guessed
group and continue processing the EAPOL-Key frames based on this.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-11 20:35:34 +03:00
Henry Ptasinski
34841cfd9a Minor formatting changes to CCMP test vectors
Signed-off-by: Henry Ptasinski <henry@e78com.com>
2023-08-11 11:46:37 +03:00
Henry Ptasinski
30771e6e05 Include PTID in PV1 nonce construction for CCMP test vector
Includ the PTID in the PV1 nonce construction.

Signed-off-by: Henry Ptasinski <henry@e78com.com>
2023-08-11 11:46:29 +03:00
Henry Ptasinski
232667eafe Fix CCMP test vector issues
Commit b20991da69 introduced errors in
the order of arguments to the calls of ccmp_decrypt() and
ccmp_256_decrypt(). Correct the order of arguments.

Fixes: b20991da69 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
Signed-off-by: Henry Ptasinski <henry@e78com.com>
2023-08-11 11:46:22 +03:00
Jouni Malinen
770760454f wlantest: Do not update BSS entries for other AP MLDs in PTK cloning
The new PTK migth need to be copied to another MLO STA entry, but that
operation should not modify the MLD MAC address of unrelated AP MLDs.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:47 +03:00
Jouni Malinen
709d46da73 wlantest: Do not claim update to AP MD MAC address if no change
The "Updated AP MLD MAC Address from EAPOL-Key 1/4" can be confusing
when there is actually no change.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:47 +03:00
Jouni Malinen
a19fcf685c wlantest: Include the MLD MAC address of the AP MLD in new-STA prints
This makes the "Discovered new STA" entries in the debug log easier to
use when analyzing roaming cases with MLO.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:47 +03:00
Jouni Malinen
5434a42ec6 wlantest: Search for FT Target AP using MLD MAC address as well
When FT over-the-DS is used with MLO, the Target AP Address field is
expected to identify the AP MLD using its MLD MAC address.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:43 +03:00
Jouni Malinen
49bf9f2df9 wlantest: Use the MLD MAC address as well for matching STA entries
Allow either a link address or the MLD MAC address of a non-AP MLD to
match the MAC address that is being used to identify a source or
destination of a frame for the MLO cases.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
4e8e515f92 wlantest: Use MLO search for the STA in reassociation
FT over-the-DS might have created the new STA entry on another
affiliated BSS during the FT Request/Response exchange, so use a wider
search to locate the correct STA entry when processing the Reassociation
Request/Response frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
1ffabd697c wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames
Use the Basic Multi-Link element in (Re)Association Request frames to
learn the non-AP MLD MAC address instead of having to wait until this
address is included in an EAPOL-Key frame. This is needed for FT
protocol (where 4-way handshake is not used) and it is also convenient
to have the MLD MAC address available as soon as possible to be able to
decrypt frames and even to recognize some special AP vs. STA cases when
either the BSSID or the AP MLD MAC address might be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
7447275858 wlantest: Recognize non-AP MLD based on any link address for decryption
Compare A1 against all the link addresses of a non-AP MLD when
determining whether a Data frame is from the non-AP MLD or the AP MLD
during a decryption attempt.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
a5a0b2cf7b wlantest: Find non-AP MLD only from affiliated BSSs of the AP MLD
Make sta_find_mlo() more accurate by searching a non-AP MLD only from
the affialiated BSSs of the AP MLD instead of from any BSS. This might
help in some roaming cases where both the old and the new AP MLD have
their affiliated links in the BSS table.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
74e4a0a6f1 wlantest: Learn AP MLD MAC address from Beacon frames
Use the Basic Multi-Link element in Beacon frames (and Probe Response
frames for that matter) to learn the AP MLD MAC address instead of
having to wait until this address is included in an EAPOL-Key frame.
This is needed for FT protocol (where 4-way handshake is not used) and
it is also convenient to have the MLD MAC address available as soon as
possible to be able to decrypt frames and even to recognize some special
AP vs. STA cases when either the BSSID or the AP MLD MAC address might
be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
3973300b8d FTE protected element check for MLO Reassociation Response frame
The set of protected elements in the FTE in Reassociation Response frame
is different for MLO. Count RSNE and RSNXE separately for each link.
This implementation uses the number of links for which a GTK was
provided which does not fully match the standard ("requested link") and
a more accurate implementation is likely needed, but that will require
some more complexity and state information.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
605034240e wlantest: Support multiple input files
Allow the -r<file> command line argument to be used multiple times to
read more than a single capture file for processing. This reduces need
for external tools to be used first to merge capture files for wlantest.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-08 11:00:42 +03:00