aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-09-01 22:31:47 (GMT)
committerJouni Malinen <j@w1.fi>2017-09-04 10:32:03 (GMT)
commite75335384a29987bf856bdf0a70af1c1b2a606eb (patch)
tree32219109898551523b089271a3b2bb47f6f2fa8f /src
parente61fea6b467bec0702096c795b06195584d32a6c (diff)
downloadhostap-e75335384a29987bf856bdf0a70af1c1b2a606eb.zip
hostap-e75335384a29987bf856bdf0a70af1c1b2a606eb.tar.gz
hostap-e75335384a29987bf856bdf0a70af1c1b2a606eb.tar.bz2
SAE: Add testing code for reflection attack
Allow hostapd to be configured to perform SAE reflection attack for SAE testing purposes with sae_reflection_attack=1 configuration parameter. This is included only in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src')
-rw-r--r--src/ap/ap_config.h1
-rw-r--r--src/ap/ieee802_11.c12
2 files changed, 13 insertions, 0 deletions
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 8e5ff52..79048de 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -588,6 +588,7 @@ struct hostapd_bss_config {
u8 bss_load_test[5];
u8 bss_load_test_set;
struct wpabuf *own_ie_override;
+ int sae_reflection_attack;
#endif /* CONFIG_TESTING_OPTIONS */
#define MESH_ENABLED BIT(0)
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 7999611..e35ed3a 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -786,6 +786,18 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
int resp = WLAN_STATUS_SUCCESS;
struct wpabuf *data = NULL;
+#ifdef CONFIG_TESTING_OPTIONS
+ if (hapd->conf->sae_reflection_attack && auth_transaction == 1) {
+ const u8 *pos, *end;
+
+ wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
+ pos = mgmt->u.auth.variable;
+ end = ((const u8 *) mgmt) + len;
+ send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
+ auth_transaction, resp, pos, end - pos);
+ goto remove_sta;
+ }
+#endif /* CONFIG_TESTING_OPTIONS */
if (!sta->sae) {
if (auth_transaction != 1 ||
status_code != WLAN_STATUS_SUCCESS) {