aboutsummaryrefslogtreecommitdiffstats
path: root/wlantest
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-08-06 12:51:36 (GMT)
committerJouni Malinen <j@w1.fi>2015-08-06 17:47:25 (GMT)
commit3fb62bdae9c936db9ec261cb3087fdc0ac2a1bae (patch)
tree92471b8ee9dd9e6d663fc6e66b00822db97fcc9a /wlantest
parente1eb0e9e6e56b94ce28e9560abf834ba8a09c59e (diff)
downloadhostap-3fb62bdae9c936db9ec261cb3087fdc0ac2a1bae.zip
hostap-3fb62bdae9c936db9ec261cb3087fdc0ac2a1bae.tar.gz
hostap-3fb62bdae9c936db9ec261cb3087fdc0ac2a1bae.tar.bz2
wlantest: Add support for FT-PSK initial association key derivation
This adds minimal support for deriving keys for FT-PSK to allow the initial mobility domain association to be analyzed in more detail. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'wlantest')
-rw-r--r--wlantest/bss.c3
-rw-r--r--wlantest/rx_eapol.c40
-rw-r--r--wlantest/rx_mgmt.c18
-rw-r--r--wlantest/wlantest.h4
4 files changed, 58 insertions, 7 deletions
diff --git a/wlantest/bss.c b/wlantest/bss.c
index 61e2960..f021956 100644
--- a/wlantest/bss.c
+++ b/wlantest/bss.c
@@ -217,6 +217,9 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
elems->wpa_ie_len + 2);
}
+ if (elems->mdie)
+ os_memcpy(bss->mdid, elems->mdie, 2);
+
if (!update)
return;
diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c
index 569cd3c..75bfa7d 100644
--- a/wlantest/rx_eapol.c
+++ b/wlantest/rx_eapol.c
@@ -100,12 +100,42 @@ static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss,
{
struct wpa_ptk ptk;
- if (wpa_pmk_to_ptk(pmk->pmk, sizeof(pmk->pmk),
- "Pairwise key expansion",
- bss->bssid, sta->addr, sta->anonce, sta->snonce,
- &ptk, sta->key_mgmt, sta->pairwise_cipher) < 0 ||
- check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data, len) < 0)
+ if (wpa_key_mgmt_ft(sta->key_mgmt)) {
+ u8 pmk_r0[PMK_LEN];
+ u8 pmk_r0_name[WPA_PMK_NAME_LEN];
+ u8 pmk_r1[PMK_LEN];
+ u8 pmk_r1_name[WPA_PMK_NAME_LEN];
+ u8 ptk_name[WPA_PMK_NAME_LEN];
+
+ wpa_derive_pmk_r0(pmk->pmk, sizeof(pmk->pmk),
+ bss->ssid, bss->ssid_len, bss->mdid,
+ bss->r0kh_id, bss->r0kh_id_len,
+ sta->addr, pmk_r0, pmk_r0_name);
+ wpa_hexdump(MSG_DEBUG, "FT: PMK-R0", pmk_r0, PMK_LEN);
+ wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name", pmk_r0_name,
+ WPA_PMK_NAME_LEN);
+ wpa_derive_pmk_r1(pmk_r0, pmk_r0_name, bss->r1kh_id,
+ sta->addr, pmk_r1, pmk_r1_name);
+ wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", pmk_r1, PMK_LEN);
+ wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name", pmk_r1_name,
+ WPA_PMK_NAME_LEN);
+ if (wpa_pmk_r1_to_ptk(pmk_r1, sta->snonce, sta->anonce,
+ sta->addr,
+ bss->bssid, pmk_r1_name, &ptk, ptk_name,
+ sta->key_mgmt,
+ sta->pairwise_cipher) < 0 ||
+ check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data,
+ len) < 0)
+ return -1;
+ } else if (wpa_pmk_to_ptk(pmk->pmk, sizeof(pmk->pmk),
+ "Pairwise key expansion",
+ bss->bssid, sta->addr, sta->anonce,
+ sta->snonce, &ptk, sta->key_mgmt,
+ sta->pairwise_cipher) < 0 ||
+ check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data,
+ len) < 0) {
return -1;
+ }
sta->tk_len = wpa_cipher_key_len(sta->pairwise_cipher);
wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID " MACSTR,
diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c
index 45433dd..6242bc6 100644
--- a/wlantest/rx_mgmt.c
+++ b/wlantest/rx_mgmt.c
@@ -314,6 +314,9 @@ static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
struct wlantest_bss *bss;
struct wlantest_sta *sta;
u16 capab, status, aid;
+ const u8 *ies;
+ size_t ies_len;
+ struct wpa_ft_ies parse;
mgmt = (const struct ieee80211_mgmt *) data;
bss = bss_get(wt, mgmt->bssid);
@@ -329,6 +332,9 @@ static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
return;
}
+ ies = mgmt->u.assoc_resp.variable;
+ ies_len = len - (mgmt->u.assoc_resp.variable - data);
+
capab = le_to_host16(mgmt->u.assoc_resp.capab_info);
status = le_to_host16(mgmt->u.assoc_resp.status_code);
aid = le_to_host16(mgmt->u.assoc_resp.aid);
@@ -340,8 +346,6 @@ static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
struct ieee802_11_elems elems;
- const u8 *ies = mgmt->u.assoc_resp.variable;
- size_t ies_len = len - (mgmt->u.assoc_resp.variable - data);
if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
ParseFailed) {
add_note(wt, MSG_INFO, "Failed to parse IEs in "
@@ -382,6 +386,16 @@ static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
MAC2STR(sta->addr), MAC2STR(bss->bssid));
sta->state = STATE3;
}
+
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) == 0) {
+ if (parse.r0kh_id) {
+ os_memcpy(bss->r0kh_id, parse.r0kh_id,
+ parse.r0kh_id_len);
+ bss->r0kh_id_len = parse.r0kh_id_len;
+ }
+ if (parse.r1kh_id)
+ os_memcpy(bss->r1kh_id, parse.r1kh_id, FT_R1KH_ID_LEN);
+ }
}
diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h
index 29bcab5..ced9baa 100644
--- a/wlantest/wlantest.h
+++ b/wlantest/wlantest.h
@@ -151,6 +151,10 @@ struct wlantest_bss {
u8 ipn[6][6];
u32 counters[NUM_WLANTEST_BSS_COUNTER];
struct dl_list tdls; /* struct wlantest_tdls */
+ u8 mdid[2];
+ u8 r0kh_id[FT_R0KH_ID_MAX_LEN];
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
};
struct wlantest_radius {