aboutsummaryrefslogtreecommitdiffstats
path: root/wlantest
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2020-02-28 21:18:59 (GMT)
committerJouni Malinen <j@w1.fi>2020-02-28 21:18:59 (GMT)
commitf5f7286ba594d2cf8c18184363d580ea95f63230 (patch)
treedf03796fe5f395a059f369eb89bb6aeef99b08af /wlantest
parent167205d455cef9832c5dfc887afb22a7f2f2d8a8 (diff)
downloadhostap-f5f7286ba594d2cf8c18184363d580ea95f63230.zip
hostap-f5f7286ba594d2cf8c18184363d580ea95f63230.tar.gz
hostap-f5f7286ba594d2cf8c18184363d580ea95f63230.tar.bz2
wlantest: Try to decrypt frame with zero TK
If none of the known PTKs have a working TK, check whether an encrypted frame is encrypted with all zeros TK. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wlantest')
-rw-r--r--wlantest/rx_data.c69
1 files changed, 48 insertions, 21 deletions
diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c
index 63da868..f0f0df9 100644
--- a/wlantest/rx_data.c
+++ b/wlantest/rx_data.c
@@ -132,6 +132,38 @@ static void write_decrypted_note(struct wlantest *wt, const u8 *decrypted,
}
+static u8 * try_ptk(int pairwise_cipher, struct wpa_ptk *ptk,
+ const struct ieee80211_hdr *hdr,
+ const u8 *data, size_t data_len, size_t *decrypted_len)
+{
+ u8 *decrypted;
+ unsigned int tk_len = ptk->tk_len;
+
+ decrypted = NULL;
+ if ((pairwise_cipher == WPA_CIPHER_CCMP ||
+ pairwise_cipher == 0) && tk_len == 16) {
+ decrypted = ccmp_decrypt(ptk->tk, hdr, data,
+ data_len, decrypted_len);
+ } else if ((pairwise_cipher == WPA_CIPHER_CCMP_256 ||
+ pairwise_cipher == 0) && tk_len == 32) {
+ decrypted = ccmp_256_decrypt(ptk->tk, hdr, data,
+ data_len, decrypted_len);
+ } else if ((pairwise_cipher == WPA_CIPHER_GCMP ||
+ pairwise_cipher == WPA_CIPHER_GCMP_256 ||
+ pairwise_cipher == 0) &&
+ (tk_len == 16 || tk_len == 32)) {
+ decrypted = gcmp_decrypt(ptk->tk, tk_len, hdr,
+ data, data_len, decrypted_len);
+ } else if ((pairwise_cipher == WPA_CIPHER_TKIP ||
+ pairwise_cipher == 0) && tk_len == 32) {
+ decrypted = tkip_decrypt(ptk->tk, hdr, data, data_len,
+ decrypted_len);
+ }
+
+ return decrypted;
+}
+
+
static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
const struct ieee80211_hdr *hdr, int keyid,
const u8 *data, size_t data_len, size_t *decrypted_len)
@@ -142,27 +174,8 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
wpa_debug_level = MSG_WARNING;
dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) {
- unsigned int tk_len = ptk->ptk_len - 32;
- decrypted = NULL;
- if ((pairwise_cipher == WPA_CIPHER_CCMP ||
- pairwise_cipher == 0) && tk_len == 16) {
- decrypted = ccmp_decrypt(ptk->ptk.tk, hdr, data,
- data_len, decrypted_len);
- } else if ((pairwise_cipher == WPA_CIPHER_CCMP_256 ||
- pairwise_cipher == 0) && tk_len == 32) {
- decrypted = ccmp_256_decrypt(ptk->ptk.tk, hdr, data,
- data_len, decrypted_len);
- } else if ((pairwise_cipher == WPA_CIPHER_GCMP ||
- pairwise_cipher == WPA_CIPHER_GCMP_256 ||
- pairwise_cipher == 0) &&
- (tk_len == 16 || tk_len == 32)) {
- decrypted = gcmp_decrypt(ptk->ptk.tk, tk_len, hdr,
- data, data_len, decrypted_len);
- } else if ((pairwise_cipher == WPA_CIPHER_TKIP ||
- pairwise_cipher == 0) && tk_len == 32) {
- decrypted = tkip_decrypt(ptk->ptk.tk, hdr, data,
- data_len, decrypted_len);
- }
+ decrypted = try_ptk(pairwise_cipher, &ptk->ptk, hdr,
+ data, data_len, decrypted_len);
if (decrypted) {
wpa_debug_level = prev_level;
add_note(wt, MSG_DEBUG,
@@ -542,6 +555,20 @@ skip_replay_det:
add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
}
}
+ if (!decrypted) {
+ struct wpa_ptk zero_ptk;
+
+ os_memset(&zero_ptk, 0, sizeof(zero_ptk));
+ zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher);
+ decrypted = try_ptk(sta->pairwise_cipher, &zero_ptk, hdr,
+ data, len, &dlen);
+ if (decrypted) {
+ add_note(wt, MSG_DEBUG,
+ "Frame was encrypted with zero TK");
+ write_decrypted_note(wt, decrypted, zero_ptk.tk,
+ zero_ptk.tk_len, keyid);
+ }
+ }
if (decrypted) {
u16 fc = le_to_host16(hdr->frame_control);
const u8 *peer_addr = NULL;