Commit graph

82 commits

Author SHA1 Message Date
Veerendranath Jakkam
628b9f1022 wlantest: Derive PMK-R1 and PTK using AA/SPA for MLO FT over-the-DS
Use AP and STA addresses indicated in FT Request/Response frames for
PMK-R1 and PTK derivation instead of the addresses in the BSS and STA
entries. This is needed for MLO to use the MLD MAC address instead of
one of the link addresses.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-08-24 16:42:22 +03:00
Veerendranath Jakkam
9318db7c38 wlantest: Use local variables for AA/SPA in FT Request/Response processing
This makes the code more readable by getting rid of the multiple
instances of references to the specifiec fields within the FT Action
frame.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
2023-08-24 16:37:35 +03:00
Jouni Malinen
5434a42ec6 wlantest: Search for FT Target AP using MLD MAC address as well
When FT over-the-DS is used with MLO, the Target AP Address field is
expected to identify the AP MLD using its MLD MAC address.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:37:43 +03:00
Jouni Malinen
4e8e515f92 wlantest: Use MLO search for the STA in reassociation
FT over-the-DS might have created the new STA entry on another
affiliated BSS during the FT Request/Response exchange, so use a wider
search to locate the correct STA entry when processing the Reassociation
Request/Response frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
1ffabd697c wlantest: Learn non-AP MLD MAC address from (Re)Association Request frames
Use the Basic Multi-Link element in (Re)Association Request frames to
learn the non-AP MLD MAC address instead of having to wait until this
address is included in an EAPOL-Key frame. This is needed for FT
protocol (where 4-way handshake is not used) and it is also convenient
to have the MLD MAC address available as soon as possible to be able to
decrypt frames and even to recognize some special AP vs. STA cases when
either the BSSID or the AP MLD MAC address might be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
3973300b8d FTE protected element check for MLO Reassociation Response frame
The set of protected elements in the FTE in Reassociation Response frame
is different for MLO. Count RSNE and RSNXE separately for each link.
This implementation uses the number of links for which a GTK was
provided which does not fully match the standard ("requested link") and
a more accurate implementation is likely needed, but that will require
some more complexity and state information.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-10 12:14:31 +03:00
Jouni Malinen
c3f465c56c wlantest: Handle variable length MIC field in EAPOL-Key with OWE
The Key MIC field is of variable length when using OWE, so determine the
correct length based on which group was negotiated for OWE during
association.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-08-08 10:30:10 +03:00
Jouni Malinen
599d00be9d wlantest: Support HT Control field in Robust Management frames
Check the +HTC bit in FC to determine if the HT Control field is present
when decrypting Robust Management frames. This was already done for QoS
Data frames, but the Management frame case had not been extended to
cover this option.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-06-22 22:44:51 +03:00
Adil Saeed Musthafa
0660f31ba0 wlantest: Adjust kdk_len according to RSNX capability
This is needed to derive the PTK correct when Secure LTF support is used
and the additional KDK component needs to be taken into account.

Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com>
2023-03-09 16:08:03 +02:00
Jouni Malinen
4994fa9e59 wlantest: Parse Multi-Link element in (re)association frames
Print the details from the Multi-Link elements from the association
exchange.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-02-13 21:34:58 +02:00
Jouni Malinen
c1ce0c3587 wlantest: Use AP MLD address in CCMP/GCMP AAD for A3
Commit b20991da69 ("wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce")
updated AAD and nonce construction to use MLD addresses in AAD for A1
and A2. IEEE P802.11be has additional cases where A3 in AAD is set to
the AP MLD address, so cover those as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2023-01-10 12:38:59 +02:00
Jouni Malinen
40a42613e6 FT: Simplify FTE parsing for FT-SAE-EXT-KEY using MIC Length subfield
Commit 25b52e5f83 ("FT: Extend FTE parsing for FT-SAE-EXT-KEY") used
possible MIC length iteration to try to figure out the length of the MIC
field in FTE. That was the only option available at the time, but FTE is
now being extended in IEEE 802.11-REVme to explicitly indicate the
length of the MIC field for the new FT-SAE-EXT-KEY AKM to make this
easier.

Use the new design from the approved comment resolution (*) in
REVme/D2.0 ballot CID 3135 to simplify implementation. This gets rid of
the need to pass in key length and the somewhat strange need_{r0kh,r1kh}
parameters to wpa_ft_parse_ies().

(*)
https://mentor.ieee.org/802.11/dcn/22/11-22-1991-02-000m-proposed-resolutions-to-some-lb270-comments.docx

Signed-off-by: Jouni Malinen <j@w1.fi>
2022-11-20 11:43:53 +02:00
Jouni Malinen
153739b4ff wlantest: Clone new PTK to all potentially matching STA entries for MLO
It is possible for there to be multiple STA entries (e.g., one for each
BSS) when a sniffer capture contains multiple associations using MLO.
For such cases, the new PTK information needs to be updated to all
existing STA entries to be able to find the latest TK when decrypting
following frames since the other STA entries might be located first when
trying to figure out how to decrypt a frame.

In addition to the PTK, copy the MLD MAC addresses to the other STA and
BSS entries to make sure the latest values are used when trying to
decrypt frames.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-11-09 22:55:35 +02:00
Jouni Malinen
25b52e5f83 FT: Extend FTE parsing for FT-SAE-EXT-KEY
Provide AKM, key length, and information about needed subelements to the
parser function so that the variable length MIC field cases can be
recognized for FT-SAE-EXT-KEY. Knowledge about R0KH-ID/R1KH-ID being
needed is required to be able to iterate over possible MIC field lengths
for the case where the AP does not yet know the correct key length at
the beginning of FT protocol.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:17:49 +03:00
Jouni Malinen
4f58afee9a FT: Extend MIC derivation for FT-SAE-EXT-KEY
Provide AKM to the helper function so that the new SHA256 and SHA512
options can be covered for FT-SAE-EXT-KEY.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-16 17:07:54 +03:00
Jouni Malinen
7f20a0a0bc wlantest: Key derivation for SAE-EXT-KEY
Extend wlantest capabilities to cover the new SAE-EXT-KEY AKM and
variable length MIC field and key lengths for it based on the used SAE
group.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-10-12 22:33:27 +03:00
Jouni Malinen
228420e2d9 wlantest: Find a STA entry based on MLO affiliated link addresses
Allow a single STA entry to be found for a non-AP MLD regardless of
which link MAC address was used to transmit/receive it.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 13:08:37 +03:00
Jouni Malinen
5d5c2cb2be wlantest: Recognize SAE case for moving from State 1 to 2
Update STA state tracking for SAE authentication as well as the previous
covered Open System algorithm.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 11:59:54 +03:00
Jouni Malinen
8c1231c05a wlantest: Print the TA of a Beacon frame for which there is no BIGTK
This makes the debug message more useful for determining whether an
expected BIGTK has been derived.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-29 00:03:27 +03:00
Jouni Malinen
dc8a756ce4 wlantest: Verify Beacon frame MME even after Probe Response reception
rx_mgmt_beacon() was skipping all steps after a Probe Response frame
from the AP had been processed. This is expected for the parts that were
updating the bss entry information, but the checks for beacon protection
should not be skipped in this manner.

Skip onlu the updating parts while checking that beacon protection is
used correctly to make this more useful.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-28 23:02:31 +03:00
Jouni Malinen
b20991da69 wlantest: MLD MAC Address in CCMP/GCMP AAD/nonce
Use the MLD MAC Address instead of link address in CCMP/GCMP AAD/nonce
construction when processing an individually addressed Data frame with
FromDS=1 or ToDS=1 between an AP MLD and non-AP MLD.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-05 23:08:43 +03:00
Jouni Malinen
0cc6f985d1 wlantest: Recognize additional not-Robust Action categories
Do not complain about unprotected Action frames for additional
categories that have been defined as not being Robust.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-09-05 22:06:31 +03:00
Jouni Malinen
ce7bdb54e5 wlantest: Extend Management frame decryption to support GCMP and CCMP-256
Data frame processing had already been extended to support additional
cipher suites, but Robust Management frame processing was still using a
hardcoded cipher suite (CCMP-128). Extend it to support GCMP-128,
GCMP-256, and CCMP-256 as well.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
2022-08-29 21:46:09 +03:00
Jouni Malinen
136bbf15c3 wlantest: Add more details about protected FTM frames
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 13:11:34 +02:00
Jouni Malinen
b9fd8191a5 wlantest: Recognize the FTM bit in the CCMP Key ID octet
This previously reserved bit is now used in FTM to help select the
appropriate replay counter. Silence the warning about use of a reserved
bit for this. wlantest does not yet support the actual replay counter
processing for FTM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 12:30:03 +02:00
Jouni Malinen
f56eec7c1a wlantest: Process Action No Ack frames like Action frames
Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 12:00:12 +02:00
Jouni Malinen
56a04ae1a1 wlantest: Support TK list for Management frame decryption
Use the TKs from the PTK file (-T command line argument) to try to
decrypt encrypted Management frames if no BSS/STA key can be found based
on addresses.

Signed-off-by: Jouni Malinen <j@w1.fi>
2021-02-07 11:37:58 +02:00
Ilan Peer
d87f4aea11 FILS: Extend the fils_pmk_to_ptk() function to also derive KDK
Extend the fils_pmk_to_ptk() to also derive Key Derivation
Key (KDK) which can later be used for secure LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Ilan Peer
6e834db74e FT: Extend the wpa_pmk_r1_to_ptk() function to also derive KDK
Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2021-01-25 18:36:40 +02:00
Jouni Malinen
b6a3bcffd7 wlantest: Validate FT elements in Reassociation Response frame
Verify that RSNE, MDE, and FTE have valid information in FT
Reassociation Response frames. In addition, decrypt GTK, IGTK, and BIGTK
from the frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-24 00:35:56 +03:00
Jouni Malinen
e10144c910 wlantest: Validate FT elements in Reassociation Request frame
Verify that RSNE, MDE, and FTE have valid information in FT
Reassociation Request frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-24 00:35:53 +03:00
Jouni Malinen
59d9994ac7 wlantest: Store PMK-R1 in STA entry
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-23 22:01:12 +03:00
Jouni Malinen
bfc4569f89 wlantest: Store PMK-R0 length explicitly
PMK-R0 is not of fixed length, so store its length explicitly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-23 21:45:20 +03:00
Jouni Malinen
7cd17a4b5e wlantest: Handle FT over-the-DS association state update cleanly
It is expected for the STA entry on the target AP to move directly from
State 1 to State 3 when performing FT over-the-DS (i.e., FT Action
Request/Response frame exchange through the old AP followed by
Reassociation Request/Response frame exchange with the target AP).

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-05-23 21:11:33 +03:00
Jouni Malinen
a8d2ca9e23 wlantest: Do not report PMF failure without BSS supporting PMF
Previously, missing CCMP protection on Robust Management frames was
reported based on the STA having indicated MFPC=1. That is not accurate
since the AP/BSS may have MFPC=0. Report this failure only if both the
AP and STA have indicated MFPC=1, i.e., when PMF has been negotiated for
the association.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-03-14 18:20:31 +02:00
Jouni Malinen
0e3e3a9ab5 wlantest: Update BSS IEs based on EAPOL-Key msg 3/4
If no Beacon or Probe Response frame has been seen in the capture, use
the IEs from EAPOL-Key msg 3/4 to set up BSS information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 00:51:07 +02:00
Jouni Malinen
a8a277c169 wlantest: Get STA IEs based on EAPOL-Key msg 2/4 before PTK derivation
The previous implementation tried to update STA IE information based on
EAPOL-Key msg 2/4 to be able to handle captures that do not include the
(Re)Association Request frame. This was not sufficient (OSEN was not
included) and was done too late (the parsed information is needed for
PMK-to-PTK derivation).

Move the IE update step to happen before trying to derive the PTK if no
(Re)Association Request frame has been seen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-28 00:35:23 +02:00
Jouni Malinen
faf6894f35 wlantest: BIGTK fetching and Beacon protection validation
Fetch the BIGTK from EAPOL-Key msg 3/4 and use it to validate MME in
Beacon frames when the AP uses Beacon protection.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-02-21 19:41:36 +02:00
Jouni Malinen
c38c62ff78 wlantest: Derive PMK-R1 and PTK for FT protocol cases
Track PMK-R0/PMK-R0-Name from the initial mobility domain association
and derive PMK-R1/PTK when the station uses FT protocol. This allows
frames from additional roaming cases to be decrypted.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-08-22 22:14:47 +03:00
Jouni Malinen
b3c43c3c24 wlantest: Allow duplicate frame processing after decryption failure
If a sniffer capture does not include FCS for each frame, but may
included frames with invalid FCS, it would be possible for wlantest to
try to decrypt the first received frame and fail (e.g., due to CCMP MIC
mismatch) because that particular frame was corrupted and then ignore
the following retry of that frame as a duplicate even if that retry has
different payload (e.g., if its reception did not show corruption).

Work around this by skipping duplicate frame detection immediately
following a decryption failure.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-12 22:27:34 +03:00
Jouni Malinen
9a33737a0b FT: FTE parsing for SHA384-based AKM
The MIC field is now a variable length field, so make the FTE parser
aware of the two different field lengths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2018-06-05 19:29:53 +03:00
Jouni Malinen
4cada9dcc1 FILS: Add DHss into FILS-Key-Data derivation when using FILS SK+PFS
This part is missing from IEEE Std 802.11ai-2016, but the lack of DHss
here means there would not be proper PFS for the case where PMKSA
caching is used with FILS SK+PFS authentication. This was not really the
intent of the FILS design and that issue was fixed during REVmd work
with the changes proposed in
https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx
that add DHss into FILS-Key-Data (and PTK, in practice) derivation for
the PMKSA caching case so that a unique ICK, KEK, and TK are derived
even when using the same PMK.

Note: This is not backwards compatible, i.e., this breaks PMKSA caching
with FILS SK+PFS if only STA or AP side implementation is updated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-13 22:17:58 +03:00
Jouni Malinen
c72df3c67c wlantest: FILS keys and (Re)Association Request/Response frames
Try to derive PTK when FILS shared key authentication is used without
PFS. The list of available PMKs is interpreted as rMSK for this purpose
and PMK and PTK is derived from that. If the resulting PTK (KEK) can be
used to decrypt the encrypted parts of (Re)Association Request/Response
frames, mark the PTK as derived so that encrypted frames during the
association can be decrypted. In addition, write a decrypted version of
the (Re)Association Request/Response frames into the output file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-09-05 19:05:16 +03:00
Jouni Malinen
3fb62bdae9 wlantest: Add support for FT-PSK initial association key derivation
This adds minimal support for deriving keys for FT-PSK to allow the
initial mobility domain association to be analyzed in more detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-06 20:47:25 +03:00
Jouni Malinen
b39a05913a Simplify Timeout Interval element parsing
Remove the length field from struct ieee802_11_elems since the only
allowed element length is five and that is checked by the parser.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
762a0bfb01 wlantest: Fix Beacon and Probe Response frame parser
These functions did not verify that the received frame is long enough to
contain the beginning of the variable length IE area. A truncated frame
could have caused a segmentation fault due to reading beyond the buffer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 11:44:19 +03:00
Jouni Malinen
98cd3d1c3b Preparations for variable length KCK and KEK
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:49 +02:00
Jouni Malinen
0e1aa64dba wlantest: Extend BIP validation to support GMAC-128 and GMAC-256
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-24 19:37:42 +02:00
Jouni Malinen
cb80fadaa7 wlantest: Extend BIP support to cover BIP-CMAC-256
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-24 19:37:42 +02:00
Ashok Kumar Ponnaiah
3a3cb8ee81 wlantest: Indicate if a TKIP/CCMP replay has Retry=1
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-03 15:41:35 +03:00