From 1325655397846b4d389ef5701013c3db8f0d0503 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 7 Dec 2019 12:54:54 +0200 Subject: [PATCH] SAE H2E: RSNXE override for testing purposes "SET rsnxe_override_{assoc,eapol} " can now be used to override RSNXE in (Re)Association Request frames and EAPOL-Key msg 2/4 for testing purposes. Signed-off-by: Jouni Malinen --- wpa_supplicant/ctrl_iface.c | 16 ++++++++++++++++ wpa_supplicant/events.c | 10 ++++++++++ wpa_supplicant/sme.c | 12 ++++++++++++ wpa_supplicant/wpa_supplicant.c | 15 +++++++++++++++ wpa_supplicant/wpa_supplicant_i.h | 2 ++ 5 files changed, 55 insertions(+) diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index 3bd988142..f9a1fe1bf 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -687,6 +687,18 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s, break; pos++; } + } else if (os_strcasecmp(cmd, "rsnxe_override_assoc") == 0) { + wpabuf_free(wpa_s->rsnxe_override_assoc); + if (os_strcmp(value, "NULL") == 0) + wpa_s->rsnxe_override_assoc = NULL; + else + wpa_s->rsnxe_override_assoc = wpabuf_parse_bin(value); + } else if (os_strcasecmp(cmd, "rsnxe_override_eapol") == 0) { + wpabuf_free(wpa_s->rsnxe_override_eapol); + if (os_strcmp(value, "NULL") == 0) + wpa_s->rsnxe_override_eapol = NULL; + else + wpa_s->rsnxe_override_eapol = wpabuf_parse_bin(value); } else if (os_strcasecmp(cmd, "reject_btm_req_reason") == 0) { wpa_s->reject_btm_req_reason = atoi(value); } else if (os_strcasecmp(cmd, "get_pref_freq_list_override") == 0) { @@ -8078,6 +8090,10 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s) wpa_s->sae_commit_override = NULL; os_free(wpa_s->extra_sae_rejected_groups); wpa_s->extra_sae_rejected_groups = NULL; + wpabuf_free(wpa_s->rsnxe_override_assoc); + wpa_s->rsnxe_override_assoc = NULL; + wpabuf_free(wpa_s->rsnxe_override_eapol); + wpa_s->rsnxe_override_eapol = NULL; #ifdef CONFIG_DPP os_free(wpa_s->dpp_config_obj_override); wpa_s->dpp_config_obj_override = NULL; diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 43c10c178..2316037e2 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3017,6 +3017,16 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, #ifdef CONFIG_MBO wpas_mbo_check_pmf(wpa_s, bss, wpa_s->current_ssid); #endif /* CONFIG_MBO */ + +#ifdef CONFIG_TESTING_OPTIONS + if (wpa_s->rsnxe_override_eapol) { + wpa_printf(MSG_DEBUG, + "TESTING: RSNXE EAPOL-Key msg 2/4 override"); + wpa_sm_set_assoc_rsnxe(wpa_s->wpa, + wpabuf_head(wpa_s->rsnxe_override_eapol), + wpabuf_len(wpa_s->rsnxe_override_eapol)); + } +#endif /* CONFIG_TESTING_OPTIONS */ } diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index 48fc8f245..749802496 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -591,6 +591,18 @@ static void sme_send_authentication(struct wpa_supplicant *wpa_s, os_memcpy(pos, ext_capab, ext_capab_len); } +#ifdef CONFIG_TESTING_OPTIONS + if (wpa_s->rsnxe_override_assoc && + wpabuf_len(wpa_s->rsnxe_override_assoc) <= + sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len) { + wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override"); + os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len, + wpabuf_head(wpa_s->rsnxe_override_assoc), + wpabuf_len(wpa_s->rsnxe_override_assoc)); + wpa_s->sme.assoc_req_ie_len += + wpabuf_len(wpa_s->rsnxe_override_assoc); + } else +#endif /* CONFIG_TESTING_OPTIONS */ if (wpa_s->rsnxe_len > 0 && wpa_s->rsnxe_len <= sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len) { diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index e093d2df1..0fee3c951 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -501,6 +501,10 @@ static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s) wpa_s->last_assoc_req_wpa_ie = NULL; os_free(wpa_s->extra_sae_rejected_groups); wpa_s->extra_sae_rejected_groups = NULL; + wpabuf_free(wpa_s->rsnxe_override_assoc); + wpa_s->rsnxe_override_assoc = NULL; + wpabuf_free(wpa_s->rsnxe_override_eapol); + wpa_s->rsnxe_override_eapol = NULL; #endif /* CONFIG_TESTING_OPTIONS */ if (wpa_s->conf != NULL) { @@ -3026,6 +3030,17 @@ pfs_fail: } #endif /* CONFIG_IEEE80211R */ +#ifdef CONFIG_TESTING_OPTIONS + if (wpa_s->rsnxe_override_assoc && + wpabuf_len(wpa_s->rsnxe_override_assoc) <= + max_wpa_ie_len - wpa_ie_len) { + wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override"); + os_memcpy(wpa_ie + wpa_ie_len, + wpabuf_head(wpa_s->rsnxe_override_assoc), + wpabuf_len(wpa_s->rsnxe_override_assoc)); + wpa_ie_len += wpabuf_len(wpa_s->rsnxe_override_assoc); + } else +#endif /* CONFIG_TESTING_OPTIONS */ if (wpa_s->rsnxe_len > 0 && wpa_s->rsnxe_len <= max_wpa_ie_len - wpa_ie_len) { os_memcpy(wpa_ie + wpa_ie_len, wpa_s->rsnxe, wpa_s->rsnxe_len); diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index e274fe33c..4a958ac20 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -1126,6 +1126,8 @@ struct wpa_supplicant { size_t last_tk_len; struct wpabuf *last_assoc_req_wpa_ie; int *extra_sae_rejected_groups; + struct wpabuf *rsnxe_override_assoc; + struct wpabuf *rsnxe_override_eapol; #endif /* CONFIG_TESTING_OPTIONS */ struct wmm_ac_assoc_data *wmm_ac_assoc_info; -- 2.39.2