path: root/wlantest
Commit message (Collapse)AuthorAgeFilesLines
* wlantest: BIGTK fetching and Beacon protection validationJouni Malinen14 hours3-3/+132
| | | | | | | Fetch the BIGTK from EAPOL-Key msg 3/4 and use it to validate MME in Beacon frames when the AP uses Beacon protection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wlantest: Add PTK derivation support with SAE, OWE, DPPJouni Malinen11 days1-0/+4
| | | | | | | | | wlantest build did not define build options to determine key management values for SAE, OWE, and DPP. Add those and the needed SHA512 functions to be able to decrypt sniffer captures with PMK available from an external source. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* BSD: Use struct ip rather than struct iphdrRoy Marples2020-01-022-34/+35
| | | | | | | As we define __FAVOR_BSD use the BSD IP header. Compile tested on NetBSD, DragonFlyBSD, and Linux. Signed-off-by: Roy Marples <roy@marples.name>
* wlantest: Ethernet interface captureJouni Malinen2019-12-274-9/+20
| | | | | | | | Allow option (command line argument -e) to capture Ethernet headers instead of IEEE 802.11 so that wlantest can be used as a replacement for tcpdump/dumpcap for capturing. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Process VLAN tagged Data framesJouni Malinen2019-09-201-0/+27
| | | | | | | This allows Data frames to be fully processed for the case where VLAN tags are used on the wireless link. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Remove CONFIG_IEEE80211W build parameterJouni Malinen2019-09-081-1/+0
| | | | | | | | | Hardcode this to be defined and remove the separate build options for PMF since this functionality is needed with large number of newer protocol extensions and is also something that should be enabled in all WPA2/WPA3 networks. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Derive PMK-R1 and PTK for FT protocol casesJouni Malinen2019-08-223-10/+234
| | | | | | | | Track PMK-R0/PMK-R0-Name from the initial mobility domain association and derive PMK-R1/PTK when the station uses FT protocol. This allows frames from additional roaming cases to be decrypted. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* wlantest: Allow duplicate frame processing after decryption failureJouni Malinen2019-06-124-3/+20
| | | | | | | | | | | | | | If a sniffer capture does not include FCS for each frame, but may included frames with invalid FCS, it would be possible for wlantest to try to decrypt the first received frame and fail (e.g., due to CCMP MIC mismatch) because that particular frame was corrupted and then ignore the following retry of that frame as a duplicate even if that retry has different payload (e.g., if its reception did not show corruption). Work around this by skipping duplicate frame detection immediately following a decryption failure. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP2: Extend wpa_pmk_to_ptk() to support extra Z.x component in contextJouni Malinen2019-03-171-1/+1
| | | | | | | | | | DPP allows Diffie-Hellman exchange to be used for PFS in PTK derivation. This requires an additional Z.x (x coordinate of the DH shared secret) to be passed to wpa_pmk_to_ptk(). This commit adds that to the function and updates all the callers to pass NULL,0 for that part in preparation of the DPP specific changes to start using this. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* tests: Remove CONFIG_PEERKEYLubomir Rintel2019-02-251-1/+0
| | | | | | | The functionality has been removed in commit a0bf1b68c03 ('Remove all PeerKey functionality'). Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* OCV: Add wlantest support for indicating OCVMathy Vanhoef2018-12-164-4/+16
| | | | | | Add wlantest parsing of the OCV RSN cpability flag. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* FT: FTE parsing for SHA384-based AKMJouni Malinen2018-06-051-1/+1
| | | | | | | The MIC field is now a variable length field, so make the FTE parser aware of the two different field lengths. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: PMK-R0 derivation using SHA384-based AKMJouni Malinen2018-06-051-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Support variable length keysJouni Malinen2018-06-051-2/+2
| | | | | | This is a step in adding support for SHA384-based FT AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Try harder to find a STA entry with PTK for 4-address framesJouni Malinen2017-12-081-3/+6
| | | | | | | | | | | | | | Commit aab66128369c5953e70f867e997a54146bcca88b ('wlantest: Search bss/sta entry more thoroughly for 4-address frames') allowed wlantest to find a STA entry in this type of cases, but it was still possible for that STA entry to be the one that has no derived PTK while the STA entry for the other side of the link might have the derived PTK available. Extend this BSS/STA selection mechanism to use sta->ptk_set to determine which STA entry is more useful for decryption, i.e., select the one with a known PTK. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Search bss/sta entry more thoroughly for 4-address framesJouni Malinen2017-11-151-2/+16
| | | | | | | | | | | | | Previous design worked for the case where only one of the devices was beaconing, but failed in one direction to find the PTK if both devices beaconed. Fix this by checking the A1/A2 fields in both directions if the first pick fails to find the sta entry. In addition, select the proper rsc value (rsc_tods vs. rsc_fromds) based on A2 (TA) value for ToDS+FromDS frames to avoid reporting incorrect replay issues. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Do not ignore RSN/WPA/OSEN element before full BSS infoJouni Malinen2017-11-143-3/+8
| | | | | | | | | | wlantest used to ignore RSN/WPA/OSEN element in (Re)Association Request frame if no Beacon frame had been seen from the AP before the association exchange. This could result in not being able to derive keys properly. Work around this by skipping that step if the BSS entry is not yet complete. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Remove unnecessary duplication of tk_len from STA entriesJouni Malinen2017-11-143-4/+2
| | | | | | | The length of the TK is available within struct wpa_ptk, so there is no need to try to maintain it separately in wlantest. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Do not update RSC on replaysJouni Malinen2017-10-161-2/+8
| | | | | | | | | | | This changes wlantest behavior to mark CCMP/TKIP replays for more cases in case a device is resetting its TSC. Previously, the RSC check got cleared on the first marked replay and the following packets were not marked as replays if they continued incrementing the PN even if that PN was below the highest value received with this key at some point in the past. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Add support for decrypting 4-address Data framesJouni Malinen2017-10-061-13/+31
| | | | | | | This covers the case where 4-address Data frames are exchanged between an AP and an associated station. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Add DHss into FILS-Key-Data derivation when using FILS SK+PFSJouni Malinen2017-09-131-1/+2
| | | | | | | | | | | | | | | | | This part is missing from IEEE Std 802.11ai-2016, but the lack of DHss here means there would not be proper PFS for the case where PMKSA caching is used with FILS SK+PFS authentication. This was not really the intent of the FILS design and that issue was fixed during REVmd work with the changes proposed in https://mentor.ieee.org/802.11/dcn/17/11-17-0906-04-000m-fils-fixes.docx that add DHss into FILS-Key-Data (and PTK, in practice) derivation for the PMKSA caching case so that a unique ICK, KEK, and TK are derived even when using the same PMK. Note: This is not backwards compatible, i.e., this breaks PMKSA caching with FILS SK+PFS if only STA or AP side implementation is updated. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: FILS keys and (Re)Association Request/Response framesJouni Malinen2017-09-052-8/+313
| | | | | | | | | | | | Try to derive PTK when FILS shared key authentication is used without PFS. The list of available PMKs is interpreted as rMSK for this purpose and PMK and PTK is derived from that. If the resulting PTK (KEK) can be used to decrypt the encrypted parts of (Re)Association Request/Response frames, mark the PTK as derived so that encrypted frames during the association can be decrypted. In addition, write a decrypted version of the (Re)Association Request/Response frames into the output file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Support variable length PMKJouni Malinen2017-09-055-24/+37
| | | | | | | This is needed to be able to handle key derivation for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Build helper files with FILS support includedJouni Malinen2017-09-051-0/+1
| | | | | | | wlantest needs this for being able to decrypt FILS (Re)Association Request/Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Add new AKMJouni Malinen2017-06-191-6/+6
| | | | | | | | | | This new AKM is used with DPP when using the signed Connector to derive a PMK. Since the KCK, KEK, and MIC lengths are variable within a single AKM, this needs number of additional changes to get the PMK length delivered to places that need to figure out the lengths of the PTK components. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Fix pcapng writer to include decrypted EAPOL-Key Key DataJouni Malinen2017-03-261-2/+2
| | | | | | | | This was only written to pcapng files if both pcap and pcapng writing was requested. Fix this for the case where only a pcapng file is being written. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Fix EAPOL-Key Key Data padding removalJouni Malinen2017-03-261-0/+7
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Add initial support for FT-EAP decryptionJouni Malinen2017-03-261-0/+11
| | | | | | Add second half of MSK as XXKey for FT-EAP. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Fix EAPOL buffer length with variable MIC lengthJouni Malinen2017-03-261-4/+6
| | | | | | | struct wpa_eapol_key does not include the MIC field anymore, so need to add it explicitly. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use os_memdup()Johannes Berg2017-03-072-6/+3
| | | | | | | | | | | | | | | | | | | | | | This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Remove trailing whitespaceJouni Malinen2016-12-281-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Recognize EAPOL-Key frames without MIC bit for FILSJouni Malinen2016-10-101-0/+5
| | | | | | | | The new AEAD AKM option in FILS sets the MIC bit in EAPOL-Key frames to 0 for some ciphers, so the determination of EAPOL-Key frame types needs changes to work with these cases. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Make struct wpa_eapol_key easier to use with variable length MICJouni Malinen2016-10-103-37/+75
| | | | | | | | | | | | | | | | | | Suite B 192-bit addition from IEEE Std 802.11ac-2013 replaced the previous fixed length Key MIC field with a variable length field. That change was addressed with an addition of a new struct defined for the second MIC length. This is not really scalable and with FILS coming up with a zero-length MIC case for AEAD, a more thorough change to support variable length MIC is needed. Remove the Key MIC and Key Data Length fields from the struct wpa_eapol_key and find their location based on the MIC length information (which is determined by the AKMP). This change allows the separate struct wpa_eapol_key_192 to be removed since struct wpa_eapol_key will now include only the fixed length fields that are shared with all EAPOL-Key cases in IEEE Std 802.11. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Move CRC-32 routine from wlantest to src/utilsJouni Malinen2016-10-097-87/+4
| | | | | | | This allows the CRC-32 routine to be shared for other purposes in addition to the WEP/TKIP/FCS within wlantest. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* IEEE P802.11ah/D10.0 PV1 CCMP test vectorsJouni Malinen2016-09-233-0/+312
| | | | | | | Extend wlantest test_vectors to calculate test vectors for P802.11ah Annex J.6.4. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Use local ETH_P_IP define instead of linux/if_ether.hJouni Malinen2016-03-261-1/+0
| | | | | | | | There is no strong need for pulling in linux/if_ether.h here since all that is needed if ETH_P_IP and we already cover multiple other ETH_P_* values in utils/common.h. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Fix bip_protect() memory allocationJouni Malinen2016-03-141-1/+1
| | | | | | | | | The addition operator is of higher precedence than the ternary conditional and the construction here needs to use parentheses to calculate the buffer length properly when generating test frames with BIP protection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Add -N command line argument to remove write bufferingJouni Malinen2015-11-264-2/+18
| | | | | | | | | This makes it easier to do live parsing of captured pcap files from wlantest without having to rename and restart the capture file. Packet writes are flushed to disk after each packet if -N is included in the command line. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Add support for FT-PSK initial association key derivationJouni Malinen2015-08-064-7/+58
| | | | | | | This adds minimal support for deriving keys for FT-PSK to allow the initial mobility domain association to be analyzed in more detail. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wlantest: Fix a copy-paste error in a debug messageJouni Malinen2015-05-241-2/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Declare all read only data structures as constMikael Kanstrup2015-04-253-8/+8
| | | | | | | | By analysing objdump output some read only structures were found in .data section. To help compiler further optimize code declare these as const. Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
* Simplify Timeout Interval element parsingJouni Malinen2015-04-222-5/+3
| | | | | | | Remove the length field from struct ieee802_11_elems since the only allowed element length is five and that is checked by the parser. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Verify FTIE length before checking MICJouni Malinen2015-04-221-2/+4
| | | | | | | | | tdls_verify_mic() and tdls_verify_mic_teardown() could have tried to read the 16-octet FTIE MIC when processing a TDLS frame even if the received FTIE is truncated. At least in theory, this could result in reading couple of octets beyond the frame buffer. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Fix Beacon and Probe Response frame parserJouni Malinen2015-04-221-4/+10
| | | | | | | | These functions did not verify that the received frame is long enough to contain the beginning of the variable length IE area. A truncated frame could have caused a segmentation fault due to reading beyond the buffer. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add Suite B 192-bit AKMJouni Malinen2015-01-262-3/+8
| | | | | | | WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
* Preparations for variable length KCK and KEKJouni Malinen2015-01-265-66/+82
| | | | | | | | This modifies struct wpa_ptk to allow the length of KCK and KEK to be stored. This is needed to allow longer keys to be used, e.g., with Suite B 192-bit level. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Extend BIP validation to support GMAC-128 and GMAC-256Jouni Malinen2015-01-241-12/+33
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: New mgmt_group_cipher values for BSS info and debug logJouni Malinen2015-01-242-3/+19
| | | | | | | This adds BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 to info_bss command and debug log. Signed-off-by: Jouni Malinen <j@w1.fi>
* wlantest: Extend BIP support to cover BIP-CMAC-256Jouni Malinen2015-01-246-28/+74
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add QUIET=1 option for makeJouni Malinen2014-12-291-0/+4
| | | | | | This can be used to reduce verbosity for build messages. Signed-off-by: Jouni Malinen <j@w1.fi>