aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2020-02-27 22:31:33 (GMT)
committerJouni Malinen <j@w1.fi>2020-02-27 22:35:23 (GMT)
commita8a277c169bef628ff6a76573b058ebd0914ff3d (patch)
tree1fa84744a7194fc0917f7a16746b4362d16a450f
parentb8f6b0713a61e3d9c60161405e025a99021af98f (diff)
downloadhostap-a8a277c169bef628ff6a76573b058ebd0914ff3d.zip
hostap-a8a277c169bef628ff6a76573b058ebd0914ff3d.tar.gz
hostap-a8a277c169bef628ff6a76573b058ebd0914ff3d.tar.bz2
wlantest: Get STA IEs based on EAPOL-Key msg 2/4 before PTK derivation
The previous implementation tried to update STA IE information based on EAPOL-Key msg 2/4 to be able to handle captures that do not include the (Re)Association Request frame. This was not sufficient (OSEN was not included) and was done too late (the parsed information is needed for PMK-to-PTK derivation). Move the IE update step to happen before trying to derive the PTK if no (Re)Association Request frame has been seen. Signed-off-by: Jouni Malinen <j@w1.fi>
-rw-r--r--wlantest/rx_eapol.c59
-rw-r--r--wlantest/rx_mgmt.c2
-rw-r--r--wlantest/wlantest.h1
3 files changed, 31 insertions, 31 deletions
diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c
index e4fe7e2..c58b82c 100644
--- a/wlantest/rx_eapol.c
+++ b/wlantest/rx_eapol.c
@@ -257,7 +257,35 @@ static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
}
os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN);
key_info = WPA_GET_BE16(hdr->key_info);
+ key_data = mic + mic_len + 2;
key_data_len = WPA_GET_BE16(mic + mic_len);
+
+ if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
+ add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
+ return;
+ }
+
+ if (!sta->assocreq_seen) {
+ struct ieee802_11_elems elems;
+
+ os_memset(&elems, 0, sizeof(elems));
+ if (ie.wpa_ie) {
+ elems.wpa_ie = ie.wpa_ie + 2;
+ elems.wpa_ie_len = ie.wpa_ie_len - 2;
+ }
+ if (ie.rsn_ie) {
+ elems.rsn_ie = ie.rsn_ie + 2;
+ elems.rsn_ie_len = ie.rsn_ie_len - 2;
+ }
+ if (ie.osen) {
+ elems.osen = ie.osen + 2;
+ elems.osen_len = ie.osen_len - 2;
+ }
+ wpa_printf(MSG_DEBUG,
+ "Update STA data based on IEs in EAPOL-Key 2/4");
+ sta_update_assoc(sta, &elems);
+ }
+
derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len);
if (!sta->ptk_set && !sta->tptk_set) {
@@ -281,18 +309,10 @@ static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
}
add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4");
- key_data = mic + mic_len + 2;
-
- if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
- add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
- return;
- }
-
if (ie.wpa_ie) {
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
ie.wpa_ie, ie.wpa_ie_len);
if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) {
- struct ieee802_11_elems elems;
add_note(wt, MSG_INFO,
"Mismatch in WPA IE between EAPOL-Key 2/4 "
"and (Re)Association Request from " MACSTR,
@@ -303,17 +323,6 @@ static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
"Request",
sta->rsnie,
sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
- /*
- * The sniffer may have missed (Re)Association
- * Request, so try to survive with the information from
- * EAPOL-Key.
- */
- os_memset(&elems, 0, sizeof(elems));
- elems.wpa_ie = ie.wpa_ie + 2;
- elems.wpa_ie_len = ie.wpa_ie_len - 2;
- wpa_printf(MSG_DEBUG, "Update STA data based on WPA "
- "IE in EAPOL-Key 2/4");
- sta_update_assoc(sta, &elems);
}
}
@@ -321,7 +330,6 @@ static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
ie.rsn_ie, ie.rsn_ie_len);
if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) {
- struct ieee802_11_elems elems;
add_note(wt, MSG_INFO,
"Mismatch in RSN IE between EAPOL-Key 2/4 "
"and (Re)Association Request from " MACSTR,
@@ -332,17 +340,6 @@ static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
"Request",
sta->rsnie,
sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
- /*
- * The sniffer may have missed (Re)Association
- * Request, so try to survive with the information from
- * EAPOL-Key.
- */
- os_memset(&elems, 0, sizeof(elems));
- elems.rsn_ie = ie.rsn_ie + 2;
- elems.rsn_ie_len = ie.rsn_ie_len - 2;
- wpa_printf(MSG_DEBUG, "Update STA data based on RSN "
- "IE in EAPOL-Key 2/4");
- sta_update_assoc(sta, &elems);
}
}
}
diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c
index 92762b8..086db4a 100644
--- a/wlantest/rx_mgmt.c
+++ b/wlantest/rx_mgmt.c
@@ -640,6 +640,7 @@ static void rx_mgmt_assoc_req(struct wlantest *wt, const u8 *data, size_t len)
os_memcpy(sta->assocreq_ies, mgmt->u.assoc_req.variable,
sta->assocreq_ies_len);
+ sta->assocreq_seen = 1;
sta_update_assoc(sta, &elems);
}
@@ -875,6 +876,7 @@ static void rx_mgmt_reassoc_req(struct wlantest *wt, const u8 *data,
os_memcpy(sta->assocreq_ies, mgmt->u.reassoc_req.variable,
sta->assocreq_ies_len);
+ sta->assocreq_seen = 1;
sta_update_assoc(sta, &elems);
/* TODO: FT protocol: verify FTE MIC and update GTK/IGTK for the BSS */
diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h
index 82eddc1..69aa155 100644
--- a/wlantest/wlantest.h
+++ b/wlantest/wlantest.h
@@ -82,6 +82,7 @@ struct wlantest_sta {
u8 ap_sa_query_tr[2];
u8 sta_sa_query_tr[2];
u32 counters[NUM_WLANTEST_STA_COUNTER];
+ int assocreq_seen;
u16 assocreq_capab_info;
u16 assocreq_listen_int;
u8 *assocreq_ies;