Extend the wpa_pmk_r1_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Extend the wpa_pmk_to_ptk() to also derive Key Derivation
Key (KDK), which can later be used for secure LTF measurements.
Update the wpa_supplicant and hostapd configuration and the
corresponding WPA and WPA Auth state machine, to allow enabling of KDK
derivation. For now, use a testing parameter to control whether KDK is
derived.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
S1G beacons save a few bytes by not requiring the RSNE in beacon if RSN
BSS is configured. Handle this in wlantest by only clearing RSNE from
the BSS info if frame is a Probe Response frame.
Signed-off-by: Thomas Pedersen <thomas@adapt-ip.com>
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).
Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.
Note that due to the use of thin archives, this required
building with absolute paths.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.
This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.
For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Clean up in a more common fashion as well, initially for ../src/.
Also add $(Q) to the clean target in src/
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Some things are used by most of the binaries, pull them
into a common rule fragment that we can use properly.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
The case where a single 0xdd octet without any 0x00 octets is used as
padding was addressed incorrectly and that ended up truncating one octet
of the actual plaintext version of the Key Data value. Fix this by
removing the unnecessary change to the p pointer before calculating the
new length since p is already pointing to one past the last octet of the
full plaintext.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
We're doing a sort of bounds check, based on the previous loop, but only
after we've already tried to read off the end.
This squashes some ASAN errors I'm seeing when running the ap_ft hwsim
test module.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Verify that RSNE, MDE, and FTE have valid information in FT
Reassociation Response frames. In addition, decrypt GTK, IGTK, and BIGTK
from the frame.
Signed-off-by: Jouni Malinen <j@w1.fi>
It is expected for the STA entry on the target AP to move directly from
State 1 to State 3 when performing FT over-the-DS (i.e., FT Action
Request/Response frame exchange through the old AP followed by
Reassociation Request/Response frame exchange with the target AP).
Signed-off-by: Jouni Malinen <j@w1.fi>
The ar operations with embedded libraries were not exactly portable
or strictly speaking necessary. Drop that library completely to make
this more portable.
Signed-off-by: Jouni Malinen <j@w1.fi>
The PN and RSC are already printed in the "replay detected" debug
message so there is no point in having separate hexdumps of the same
values immediately after that.
Signed-off-by: Jouni Malinen <j@w1.fi>
If no WEP keys are available, there is not going to be an attempt to
decrypt the frame, so don't claim decryption failed.
Signed-off-by: Jouni Malinen <j@w1.fi>
Update TPTK to PTK if a valid EAPOL-Key msg 2/4 and 3/4 are available,
but 4/4 is missing. This avoids certain cases where the new TK could be
derived, but it was not being used to try to decrypt following encrypted
frames.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
All the "Failed to decrypt frame" debug prints were confusing since
those were not supposed to be shown unless there were one or more real
TKs available. The recently added check for zero TK added these notes
for that case which is not really correct, so get rid of them.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This makes it easier to analyze certain encryption issues. Also print
out an error at the default INFO debug verbosity with the frame number.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Previously, missing CCMP protection on Robust Management frames was
reported based on the STA having indicated MFPC=1. That is not accurate
since the AP/BSS may have MFPC=0. Report this failure only if both the
AP and STA have indicated MFPC=1, i.e., when PMF has been negotiated for
the association.
Signed-off-by: Jouni Malinen <j@w1.fi>
If no Beacon or Probe Response frame has been seen in the capture, use
the IEs from EAPOL-Key msg 3/4 to set up BSS information.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous implementation tried to update STA IE information based on
EAPOL-Key msg 2/4 to be able to handle captures that do not include the
(Re)Association Request frame. This was not sufficient (OSEN was not
included) and was done too late (the parsed information is needed for
PMK-to-PTK derivation).
Move the IE update step to happen before trying to derive the PTK if no
(Re)Association Request frame has been seen.
Signed-off-by: Jouni Malinen <j@w1.fi>
Fetch the BIGTK from EAPOL-Key msg 3/4 and use it to validate MME in
Beacon frames when the AP uses Beacon protection.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
wlantest build did not define build options to determine key management
values for SAE, OWE, and DPP. Add those and the needed SHA512 functions
to be able to decrypt sniffer captures with PMK available from an
external source.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Allow option (command line argument -e) to capture Ethernet headers
instead of IEEE 802.11 so that wlantest can be used as a replacement for
tcpdump/dumpcap for capturing.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows Data frames to be fully processed for the case where VLAN
tags are used on the wireless link.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Hardcode this to be defined and remove the separate build options for
PMF since this functionality is needed with large number of newer
protocol extensions and is also something that should be enabled in all
WPA2/WPA3 networks.
Signed-off-by: Jouni Malinen <j@w1.fi>
Track PMK-R0/PMK-R0-Name from the initial mobility domain association
and derive PMK-R1/PTK when the station uses FT protocol. This allows
frames from additional roaming cases to be decrypted.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
If a sniffer capture does not include FCS for each frame, but may
included frames with invalid FCS, it would be possible for wlantest to
try to decrypt the first received frame and fail (e.g., due to CCMP MIC
mismatch) because that particular frame was corrupted and then ignore
the following retry of that frame as a duplicate even if that retry has
different payload (e.g., if its reception did not show corruption).
Work around this by skipping duplicate frame detection immediately
following a decryption failure.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
DPP allows Diffie-Hellman exchange to be used for PFS in PTK derivation.
This requires an additional Z.x (x coordinate of the DH shared secret)
to be passed to wpa_pmk_to_ptk(). This commit adds that to the function
and updates all the callers to pass NULL,0 for that part in preparation
of the DPP specific changes to start using this.
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>