Make this function more capable to address cases where a specific
affiliated link of an AP MLD needs to be found.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
When FT over-the-DS is used with MLO, the Target AP Address field is
expected to identify the AP MLD using its MLD MAC address.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Use the Basic Multi-Link element in Beacon frames (and Probe Response
frames for that matter) to learn the AP MLD MAC address instead of
having to wait until this address is included in an EAPOL-Key frame.
This is needed for FT protocol (where 4-way handshake is not used) and
it is also convenient to have the MLD MAC address available as soon as
possible to be able to decrypt frames and even to recognize some special
AP vs. STA cases when either the BSSID or the AP MLD MAC address might
be used.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
The change to support variable length PMK in wlantest missed couple of
places where the PMK length did not get used or set properly. In
particular, this ended up breaking FT key derivation for the case where
a passphrase was used to derive a potential per-BSS PMK. Fix this by
setting and using the PMK length properly.
Fixes: 6c29d95a90 ("wlantest: Support variable length PMK")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This allows correct processing of Data frames with Mesh Control field by
finding the LLC/SNAP header after that field.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
S1G beacons save a few bytes by not requiring the RSNE in beacon if RSN
BSS is configured. Handle this in wlantest by only clearing RSNE from
the BSS info if frame is a Probe Response frame.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
If no Beacon or Probe Response frame has been seen in the capture, use
the IEs from EAPOL-Key msg 3/4 to set up BSS information.
Signed-off-by: Jouni Malinen <j@w1.fi>
wlantest used to ignore RSN/WPA/OSEN element in (Re)Association Request
frame if no Beacon frame had been seen from the AP before the
association exchange. This could result in not being able to derive keys
properly. Work around this by skipping that step if the BSS entry is not
yet complete.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds minimal support for deriving keys for FT-PSK to allow the
initial mobility domain association to be analyzed in more detail.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows Hotspot 2.0 OSEN connection to be analyzed more
conveniently. The frames from an OSEN association can now be decrypted
using an MSK file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds debug information from wlantest into pcapng frame comments to
make the information more convenient to use, e.g., in Wireshark.
Signed-hostap: Jouni Malinen <j@w1.fi>
The TDLS link itself is bidirectional, but there is explicit
initiator/responder roles. Remove the other direction of the link if it
exists when processing TDLS Setup Confirm to make sure that the link
counters are stored for the current TDLS entery.
This is also changing the control interface search for TDLS counters
to require initiator/responder addresses in the correct order instead
of matching entries regardless of the role.
Decrypt MPPE keys and derive PMK from RADIUS exchange if RADIUS
shared secret is known. Use the derived PMK when trying to derive
PTK during 4-Way Handshake.
Allow pre-configuration of passphrases (-p<passphrase>) to provide
enough information for wlantest to be able to derive PMK for each
BSS and PTK for each STA going through 4-Way Handshake (at least
message 2 and 3 needs to be received).
