aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2010-11-13 11:03:21 (GMT)
committerJouni Malinen <j@w1.fi>2010-11-13 11:03:21 (GMT)
commit16b8b6eadf20a5dae655cd7523dae3a56ff77eaf (patch)
treedefce021d9b6cbf46f198c563a11d70061382b69
parent20062114cdd1ae8a456642175430aaf6831352be (diff)
downloadhostap-16b8b6eadf20a5dae655cd7523dae3a56ff77eaf.zip
hostap-16b8b6eadf20a5dae655cd7523dae3a56ff77eaf.tar.gz
hostap-16b8b6eadf20a5dae655cd7523dae3a56ff77eaf.tar.bz2
wlantest: Validate reserved bits in TKIP/CCMP header
-rw-r--r--wlantest/rx_data.c42
-rw-r--r--wlantest/rx_mgmt.c5
2 files changed, 47 insertions, 0 deletions
diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c
index 24de59f..0c138de 100644
--- a/wlantest/rx_data.c
+++ b/wlantest/rx_data.c
@@ -979,6 +979,27 @@ static void rx_data_bss_prot_group(struct wlantest *wt,
return;
}
+ if (bss->group_cipher == WPA_CIPHER_TKIP) {
+ if (data[3] & 0x1f) {
+ wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
+ "non-zero reserved bit",
+ MAC2STR(bss->bssid));
+ }
+ if (data[1] != ((data[0] | 0x20) & 0x7f)) {
+ wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
+ "incorrect WEPSeed[1] (was 0x%x, expected "
+ "0x%x)",
+ MAC2STR(bss->bssid), data[1],
+ (data[0] | 0x20) & 0x7f);
+ }
+ } else if (bss->group_cipher == WPA_CIPHER_CCMP) {
+ if (data[2] != 0 || (data[3] & 0x1f) != 0) {
+ wpa_printf(MSG_INFO, "CCMP frame from " MACSTR " used "
+ "non-zero reserved bit",
+ MAC2STR(bss->bssid));
+ }
+ }
+
keyid = data[3] >> 6;
if (bss->gtk_len[keyid] == 0) {
wpa_printf(MSG_MSGDUMP, "No GTK known to decrypt the frame "
@@ -1062,6 +1083,27 @@ static void rx_data_bss_prot(struct wlantest *wt,
return;
}
+ if (sta->pairwise_cipher == WPA_CIPHER_TKIP) {
+ if (data[3] & 0x1f) {
+ wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
+ "non-zero reserved bit",
+ MAC2STR(hdr->addr2));
+ }
+ if (data[1] != ((data[0] | 0x20) & 0x7f)) {
+ wpa_printf(MSG_INFO, "TKIP frame from " MACSTR " used "
+ "incorrect WEPSeed[1] (was 0x%x, expected "
+ "0x%x)",
+ MAC2STR(hdr->addr2), data[1],
+ (data[0] | 0x20) & 0x7f);
+ }
+ } else if (sta->pairwise_cipher == WPA_CIPHER_CCMP) {
+ if (data[2] != 0 || (data[3] & 0x1f) != 0) {
+ wpa_printf(MSG_INFO, "CCMP frame from " MACSTR " used "
+ "non-zero reserved bit",
+ MAC2STR(hdr->addr2));
+ }
+ }
+
keyid = data[3] >> 6;
if (keyid != 0) {
wpa_printf(MSG_INFO, "Unexpected non-zero KeyID %d in "
diff --git a/wlantest/rx_mgmt.c b/wlantest/rx_mgmt.c
index d58c685..27120df 100644
--- a/wlantest/rx_mgmt.c
+++ b/wlantest/rx_mgmt.c
@@ -686,6 +686,11 @@ static u8 * mgmt_ccmp_decrypt(struct wlantest *wt, const u8 *data, size_t len,
return NULL;
}
+ if (data[24 + 2] != 0 || (data[24 + 3] & 0x1f) != 0) {
+ wpa_printf(MSG_INFO, "CCMP mgmt frame from " MACSTR " used "
+ "non-zero reserved bit", MAC2STR(hdr->addr2));
+ }
+
keyid = data[24 + 3] >> 6;
if (keyid != 0) {
wpa_printf(MSG_INFO, "Unexpected non-zero KeyID %d in "