Commit graph

44 commits

Author SHA1 Message Date
Ilan Peer
46c232eb76 WPA: Extend the wpa_pmk_to_ptk() function to also derive KDK
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Jouni Malinen
0482414743 wlantest: Fix EAPOL-Key Key Data padding removal
The case where a single 0xdd octet without any 0x00 octets is used as
padding was addressed incorrectly and that ended up truncating one octet
of the actual plaintext version of the Key Data value. Fix this by
removing the unnecessary change to the p pointer before calculating the
new length since p is already pointing to one past the last octet of the
full plaintext.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-09-30 00:19:53 +03:00
Brian Norris
22c06de911 wlantest: Avoid heap-overflow on unexpected data
We're doing a sort of bounds check, based on the previous loop, but only
after we've already tried to read off the end.

This squashes some ASAN errors I'm seeing when running the ap_ft hwsim
test module.

Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-08-22 12:45:09 +03:00
Jouni Malinen
6e47dd04ff wlantest: Fix RSNE check in FT 4-way handshake msg 3/4
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-25 13:42:08 +03:00
Jouni Malinen
59d9994ac7 wlantest: Store PMK-R1 in STA entry
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-23 22:01:12 +03:00
Jouni Malinen
bfc4569f89 wlantest: Store PMK-R0 length explicitly
PMK-R0 is not of fixed length, so store its length explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-23 21:45:20 +03:00
Alexander Wetzel
6ea7a152c6 wlantest: Basic Extended Key ID support
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
2020-03-16 00:07:20 +02:00
Jouni Malinen
0e3e3a9ab5 wlantest: Update BSS IEs based on EAPOL-Key msg 3/4
If no Beacon or Probe Response frame has been seen in the capture, use
the IEs from EAPOL-Key msg 3/4 to set up BSS information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 00:51:07 +02:00
Jouni Malinen
a8a277c169 wlantest: Get STA IEs based on EAPOL-Key msg 2/4 before PTK derivation
The previous implementation tried to update STA IE information based on
EAPOL-Key msg 2/4 to be able to handle captures that do not include the
(Re)Association Request frame. This was not sufficient (OSEN was not
included) and was done too late (the parsed information is needed for
PMK-to-PTK derivation).

Move the IE update step to happen before trying to derive the PTK if no
(Re)Association Request frame has been seen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 00:35:23 +02:00
Jouni Malinen
faf6894f35 wlantest: BIGTK fetching and Beacon protection validation
Fetch the BIGTK from EAPOL-Key msg 3/4 and use it to validate MME in
Beacon frames when the AP uses Beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-21 19:41:36 +02:00
Jouni Malinen
c38c62ff78 wlantest: Derive PMK-R1 and PTK for FT protocol cases
Track PMK-R0/PMK-R0-Name from the initial mobility domain association
and derive PMK-R1/PTK when the station uses FT protocol. This allows
frames from additional roaming cases to be decrypted.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-22 22:14:47 +03:00
Jouni Malinen
ecacd9ccd4 DPP2: Extend wpa_pmk_to_ptk() to support extra Z.x component in context
DPP allows Diffie-Hellman exchange to be used for PFS in PTK derivation.
This requires an additional Z.x (x coordinate of the DH shared secret)
to be passed to wpa_pmk_to_ptk(). This commit adds that to the function
and updates all the callers to pass NULL,0 for that part in preparation
of the DPP specific changes to start using this.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-18 01:31:31 +02:00
Jouni Malinen
994eac7e61 FT: PMK-R0 derivation using SHA384-based AKM
Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
a3e18dbb6a FT: Support variable length keys
This is a step in adding support for SHA384-based FT AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:52 +03:00
Jouni Malinen
5420bcf477 wlantest: Remove unnecessary duplication of tk_len from STA entries
The length of the TK is available within struct wpa_ptk, so there is no
need to try to maintain it separately in wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-11-14 12:54:45 +02:00
Jouni Malinen
6c29d95a90 wlantest: Support variable length PMK
This is needed to be able to handle key derivation for FILS
authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 19:05:15 +03:00
Jouni Malinen
567da5bbd0 DPP: Add new AKM
This new AKM is used with DPP when using the signed Connector to derive
a PMK. Since the KCK, KEK, and MIC lengths are variable within a single
AKM, this needs number of additional changes to get the PMK length
delivered to places that need to figure out the lengths of the PTK
components.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-19 21:13:17 +03:00
Jouni Malinen
dd4722df9b wlantest: Fix pcapng writer to include decrypted EAPOL-Key Key Data
This was only written to pcapng files if both pcap and pcapng writing
was requested. Fix this for the case where only a pcapng file is being
written.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-26 21:13:21 +03:00
Jouni Malinen
faf0fef1dc wlantest: Fix EAPOL-Key Key Data padding removal
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:19 +03:00
Jouni Malinen
19e7ddf7fb wlantest: Fix EAPOL buffer length with variable MIC length
struct wpa_eapol_key does not include the MIC field anymore, so need to
add it explicitly.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-03-26 21:13:10 +03:00
Johannes Berg
a1f11e34c4 Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.

The mechanical conversions all over the code were done with
the following spatch:

    @@
    expression SIZE, SRC;
    expression a;
    @@
    -a = os_malloc(SIZE);
    +a = os_memdup(SRC, SIZE);
    <...
    if (!a) {...}
    ...>
    -os_memcpy(a, SRC, SIZE);

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:19:10 +02:00
Jouni Malinen
555ff857dd wlantest: Recognize EAPOL-Key frames without MIC bit for FILS
The new AEAD AKM option in FILS sets the MIC bit in EAPOL-Key frames to
0 for some ciphers, so the determination of EAPOL-Key frame types needs
changes to work with these cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
6d014ffc6e Make struct wpa_eapol_key easier to use with variable length MIC
Suite B 192-bit addition from IEEE Std 802.11ac-2013 replaced the
previous fixed length Key MIC field with a variable length field. That
change was addressed with an addition of a new struct defined for the
second MIC length. This is not really scalable and with FILS coming up
with a zero-length MIC case for AEAD, a more thorough change to support
variable length MIC is needed.

Remove the Key MIC and Key Data Length fields from the struct
wpa_eapol_key and find their location based on the MIC length
information (which is determined by the AKMP). This change allows the
separate struct wpa_eapol_key_192 to be removed since struct
wpa_eapol_key will now include only the fixed length fields that are
shared with all EAPOL-Key cases in IEEE Std 802.11.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
3fb62bdae9 wlantest: Add support for FT-PSK initial association key derivation
This adds minimal support for deriving keys for FT-PSK to allow the
initial mobility domain association to be analyzed in more detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-06 20:47:25 +03:00
Jouni Malinen
7d2736795a wlantest: Fix a copy-paste error in a debug message
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 13:44:42 +03:00
Jouni Malinen
98cd3d1c3b Preparations for variable length KCK and KEK
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:49 +02:00
Jouni Malinen
cb80fadaa7 wlantest: Extend BIP support to cover BIP-CMAC-256
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-24 19:37:42 +02:00
Jouni Malinen
929a2ea5df Suite B: Select EAPOL-Key integrity and key-wrap algorithms based on AKM
This adds support for AKM 00-0F-AC:11 to specify the integrity and
key-wrap algorithms for EAPOL-Key frames using the new design where
descriptor version is set to 0 and algorithms are determined based on
AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-16 17:09:11 +02:00
Jouni Malinen
eefec1e40b AES: Extend key wrap design to support longer AES keys
This adds kek_len argument to aes_wrap() and aes_unwrap() functions and
allows AES to be initialized with 192 and 256 bit KEK in addition to
the previously supported 128 bit KEK.

The test vectors in test-aes.c are extended to cover all the test
vectors from RFC 3394.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-07 14:57:06 +03:00
Ashok Kumar Ponnaiah
eb2223e0ec wlantest: Add decryption of CCMP-256, GCMP, GCMP-256
This extends wlantest support for decrypting the new cipher suites.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00
Jouni Malinen
f6ff5160f0 wlantest: Add support for OSEN
This allows Hotspot 2.0 OSEN connection to be analyzed more
conveniently. The frames from an OSEN association can now be decrypted
using an MSK file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 16:56:59 +03:00
Jouni Malinen
0187c41d88 Declare wpa_debug_* variables in src/utils/wpa_debug.h
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:29:52 +02:00
Jouni Malinen
c41e1d7cac wlantest: Add more pcapng notes on EAPOL processing
Some of the MIC validation steps were not logged in the pcapng notes.
Add these to make the entries more consistent and to provide more
information to ease debugging.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 23:43:11 +02:00
Jouni Malinen
a0530dff5b wlantest: Allow additional PTKs to be specified from a file
A text file with a hexdump of PTK (KCK|KEK=TK with 48 octets for CCMP or
64 octets for TKIP or alternative 16 or 32 octet TK for CCMP/TKIP) can
now be read from a file specified with the -T command line argument. If
the current known PTK fails to decrypt a frame (or if no current PTK is
known) all listed PTKs are iterated to see if any of them matches.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 23:09:38 +02:00
Jouni Malinen
e4d99217f7 wlantest: Use add_note() to annotate frames
This adds debug information from wlantest into pcapng frame comments to
make the information more convenient to use, e.g., in Wireshark.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-26 22:14:00 +03:00
Jouni Malinen
add11058e2 wlantest: Fix couple of compiler warnings
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-22 11:16:48 +03:00
Jouni Malinen
c81defea87 wlantest: Update STA info based on WPA/RSN IE in EAPOL-Key 2/4
The WPA/RSN IE in EAPOL-Key 2/4 is more reliable than the one in
(Re)Association Request frame. Update the STA info base don the
EAPOL-Key frame so that the correct cipher information is used
even if the (Re)Association Request frame is missing or corrupted
in the capture.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-21 16:19:00 -07:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
fd848ab9e3 wlantest: Store last received GTK for each STA
This allows info_sta command to be used to fetch the last received GTK
separately for each STA.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 16:59:25 +02:00
Jouni Malinen
3c56f0e275 wlantest: Fix EAPOL-Key Key Data decryption for rekey case
KEK from TPTK needs to be used instead of from PTK when processing
rekeying case similarly to what was already done with KCK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-22 16:39:17 +02:00
Jouni Malinen
d0b251d2e8 wlantest: Fix handling of PTK rekeying
Use a temporary PTK buffer during 4-way handshake when rekeying PTK
so that the new EAPOL-Key frame MIC values are checked against the
new PTK and frames are decrypted using the old PTK. Take the new
PTK into use once msg 4/4 is processed and clear RSC counters at
that point (including moving of RSC update to avoid setting RSC
based on the msg 4/4).

In addition, add a workaround to handle supplicant implementations that
set Secure bit to one during PTK rekeying 4-way handshake in msg 2/4.
This was previously assumed to be msg 4/4, but the key data contents
can be used to figure out whether this is msg 2/4 even if the Secure
bit is set to one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-14 22:36:02 +02:00
Jouni Malinen
30e09b0d75 wlantest: Avoid aliasing a function parameter by renaming local variable 2010-12-17 08:22:07 +02:00
Jouni Malinen
0778c8f5ed wlantest: Add more debugging details for PMK selection 2010-11-21 13:18:02 +02:00
Jouni Malinen
161d0339c6 wlantest: Move RX EAPOL processing into its own file 2010-11-20 21:40:04 +02:00