#include "utils/common.h"
#include "common/ieee802_11_common.h"
+#include "crypto/sha1.h"
#include "wlantest.h"
if (bss == NULL)
return NULL;
dl_list_init(&bss->sta);
+ dl_list_init(&bss->pmk);
os_memcpy(bss->bssid, bssid, ETH_ALEN);
dl_list_add(&wt->bss, &bss->list);
wpa_printf(MSG_DEBUG, "Discovered new BSS - " MACSTR,
}
+static void pmk_deinit(struct wlantest_pmk *pmk)
+{
+ dl_list_del(&pmk->list);
+ os_free(pmk);
+}
+
+
void bss_deinit(struct wlantest_bss *bss)
{
struct wlantest_sta *sta, *n;
+ struct wlantest_pmk *pmk, *np;
dl_list_for_each_safe(sta, n, &bss->sta, struct wlantest_sta, list)
sta_deinit(sta);
+ dl_list_for_each_safe(pmk, np, &bss->pmk, struct wlantest_pmk, list)
+ pmk_deinit(pmk);
dl_list_del(&bss->list);
os_free(bss);
}
-void bss_update(struct wlantest_bss *bss, struct ieee802_11_elems *elems)
+static void bss_add_pmk(struct wlantest *wt, struct wlantest_bss *bss)
+{
+ struct wlantest_passphrase *p;
+ struct wlantest_pmk *pmk;
+
+ dl_list_for_each(p, &wt->passphrase, struct wlantest_passphrase, list)
+ {
+ if (!is_zero_ether_addr(p->bssid) &&
+ os_memcmp(p->bssid, bss->bssid, ETH_ALEN) != 0)
+ continue;
+ if (p->ssid_len &&
+ (p->ssid_len != bss->ssid_len ||
+ os_memcmp(p->ssid, bss->ssid, p->ssid_len) != 0))
+ continue;
+
+ pmk = os_zalloc(sizeof(*pmk));
+ if (pmk == NULL)
+ break;
+ if (pbkdf2_sha1(p->passphrase, (char *) bss->ssid,
+ bss->ssid_len, 4096,
+ pmk->pmk, sizeof(pmk->pmk)) < 0) {
+ os_free(pmk);
+ continue;
+ }
+
+ wpa_printf(MSG_INFO, "Add possible PMK for BSSID " MACSTR
+ " based on passphrase '%s'",
+ MAC2STR(bss->bssid), p->passphrase);
+ wpa_hexdump(MSG_DEBUG, "Possible PMK",
+ pmk->pmk, sizeof(pmk->pmk));
+ dl_list_add(&bss->pmk, &pmk->list);
+ }
+}
+
+
+void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
+ struct ieee802_11_elems *elems)
{
if (elems->ssid == NULL || elems->ssid_len > 32) {
wpa_printf(MSG_INFO, "Invalid or missing SSID in a Beacon "
return;
}
- os_memcpy(bss->ssid, elems->ssid, elems->ssid_len);
- bss->ssid_len = elems->ssid_len;
+ if (bss->ssid_len != elems->ssid_len ||
+ os_memcmp(bss->ssid, elems->ssid, bss->ssid_len) != 0) {
+ wpa_printf(MSG_DEBUG, "Store SSID '%s' for BSSID " MACSTR,
+ wpa_ssid_txt(elems->ssid, elems->ssid_len),
+ MAC2STR(bss->bssid));
+ os_memcpy(bss->ssid, elems->ssid, elems->ssid_len);
+ bss->ssid_len = elems->ssid_len;
+ bss_add_pmk(wt, bss);
+ }
+
if (elems->rsn_ie == NULL) {
if (bss->rsnie[0]) {
}
+static int check_mic(const u8 *kck, int ver, const u8 *data, size_t len)
+{
+ u8 *buf;
+ int ret = -1;
+ struct ieee802_1x_hdr *hdr;
+ struct wpa_eapol_key *key;
+ u8 rx_mic[16];
+
+ buf = os_malloc(len);
+ if (buf == NULL)
+ return -1;
+ os_memcpy(buf, data, len);
+ hdr = (struct ieee802_1x_hdr *) buf;
+ key = (struct wpa_eapol_key *) (hdr + 1);
+
+ os_memcpy(rx_mic, key->key_mic, 16);
+ os_memset(key->key_mic, 0, 16);
+
+ if (wpa_eapol_key_mic(kck, ver, buf, len, key->key_mic) == 0 &&
+ os_memcmp(rx_mic, key->key_mic, 16) == 0)
+ ret = 0;
+
+ os_free(buf);
+
+ return ret;
+}
+
+
static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst,
const u8 *src, const u8 *data, size_t len)
{
+ struct wlantest_bss *bss;
+ struct wlantest_sta *sta;
+ const struct ieee802_1x_hdr *eapol;
+ const struct wpa_eapol_key *hdr;
+
wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR,
MAC2STR(src), MAC2STR(dst));
+ bss = bss_get(wt, src);
+ if (bss == NULL)
+ return;
+ sta = sta_get(bss, dst);
+ if (sta == NULL)
+ return;
+
+ eapol = (const struct ieee802_1x_hdr *) data;
+ hdr = (const struct wpa_eapol_key *) (eapol + 1);
+ os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
+}
+
+
+static void derive_ptk(struct wlantest_bss *bss, struct wlantest_sta *sta,
+ u16 ver, const u8 *data, size_t len)
+{
+ struct wlantest_pmk *pmk;
+
+ dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
+ struct wpa_ptk ptk;
+ size_t ptk_len = 48; /* FIX: 64 for TKIP */
+ wpa_pmk_to_ptk(pmk->pmk, sizeof(pmk->pmk),
+ "Pairwise key expansion",
+ bss->bssid, sta->addr, sta->anonce, sta->snonce,
+ (u8 *) &ptk, ptk_len,
+ 0 /* FIX: SHA256 based on AKM */);
+ if (check_mic(ptk.kck, ver,
+ data, len) < 0)
+ continue;
+
+ wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID "
+ MACSTR ")",
+ MAC2STR(sta->addr), MAC2STR(bss->bssid));
+ os_memcpy(&sta->ptk, &ptk, sizeof(ptk));
+ sta->ptk_set = 1;
+ break;
+ }
}
static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
const u8 *src, const u8 *data, size_t len)
{
+ struct wlantest_bss *bss;
+ struct wlantest_sta *sta;
+ const struct ieee802_1x_hdr *eapol;
+ const struct wpa_eapol_key *hdr;
+ u16 key_info;
+
wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR,
MAC2STR(src), MAC2STR(dst));
+ bss = bss_get(wt, dst);
+ if (bss == NULL)
+ return;
+ sta = sta_get(bss, src);
+ if (sta == NULL)
+ return;
+
+ eapol = (const struct ieee802_1x_hdr *) data;
+ hdr = (const struct wpa_eapol_key *) (eapol + 1);
+ os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN);
+ key_info = WPA_GET_BE16(hdr->key_info);
+ derive_ptk(bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len);
}
static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
const u8 *src, const u8 *data, size_t len)
{
+ struct wlantest_bss *bss;
+ struct wlantest_sta *sta;
+ const struct ieee802_1x_hdr *eapol;
+ const struct wpa_eapol_key *hdr;
+ int recalc = 0;
+ u16 key_info;
+
wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR,
MAC2STR(src), MAC2STR(dst));
+ bss = bss_get(wt, src);
+ if (bss == NULL)
+ return;
+ sta = sta_get(bss, dst);
+ if (sta == NULL)
+ return;
+
+ eapol = (const struct ieee802_1x_hdr *) data;
+ hdr = (const struct wpa_eapol_key *) (eapol + 1);
+ key_info = WPA_GET_BE16(hdr->key_info);
+ if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) {
+ wpa_printf(MSG_INFO, "EAPOL-Key ANonce mismatch between 1/4 "
+ "and 3/4");
+ recalc = 1;
+ }
+ os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
+ if (recalc) {
+ derive_ptk(bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK,
+ data, len);
+ }
+
+ if (!sta->ptk_set) {
+ wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 3/4");
+ return;
+ }
+
+ if (check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
+ data, len) < 0) {
+ wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC");
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4");
+
+ /* TODO: decrypt Key Data and store GTK, IGTK */
}
static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst,
const u8 *src, const u8 *data, size_t len)
{
+ struct wlantest_bss *bss;
+ struct wlantest_sta *sta;
+ const struct ieee802_1x_hdr *eapol;
+ const struct wpa_eapol_key *hdr;
+ u16 key_info;
+
wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR,
MAC2STR(src), MAC2STR(dst));
+ bss = bss_get(wt, dst);
+ if (bss == NULL)
+ return;
+ sta = sta_get(bss, src);
+ if (sta == NULL)
+ return;
+
+ eapol = (const struct ieee802_1x_hdr *) data;
+ hdr = (const struct wpa_eapol_key *) (eapol + 1);
+ key_info = WPA_GET_BE16(hdr->key_info);
+
+ if (!sta->ptk_set) {
+ wpa_printf(MSG_DEBUG, "No PTK known to process EAPOL-Key 4/4");
+ return;
+ }
+
+ if (sta->ptk_set &&
+ check_mic(sta->ptk.kck, key_info & WPA_KEY_INFO_TYPE_MASK,
+ data, len) < 0) {
+ wpa_printf(MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC");
+ return;
+ }
+ wpa_printf(MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4");
}
const u8 *src, const u8 *data, size_t len,
int prot)
{
+ const struct ieee802_1x_hdr *eapol;
const struct wpa_eapol_key *hdr;
u16 key_info, key_length, ver, key_data_length;
- wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key", data, len);
+ eapol = (const struct ieee802_1x_hdr *) data;
+ hdr = (const struct wpa_eapol_key *) (eapol + 1);
+
+ wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key",
+ (const u8 *) hdr, len - sizeof(*eapol));
if (len < sizeof(*hdr)) {
wpa_printf(MSG_INFO, "Too short EAPOL-Key frame from " MACSTR,
MAC2STR(src));
return;
}
- hdr = (const struct wpa_eapol_key *) data;
if (hdr->type == EAPOL_KEY_TYPE_RC4) {
/* TODO: EAPOL-Key RC4 for WEP */
wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length);
break;
case IEEE802_1X_TYPE_EAPOL_KEY:
- rx_data_eapol_key(wt, dst, src, p, length, prot);
+ rx_data_eapol_key(wt, dst, src, data, sizeof(*hdr) + length,
+ prot);
break;
case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert",
extern int wpa_debug_level;
+extern int wpa_debug_show_keys;
static void wlantest_terminate(int sig, void *signal_ctx)
static void usage(void)
{
- printf("wlantest [-ddhqq] [-i<ifname>] [-r<pcap file>]\n");
+ printf("wlantest [-ddhqq] [-i<ifname>] [-r<pcap file>] "
+ "[-p<passphrase>]\n");
+}
+
+
+static void passphrase_deinit(struct wlantest_passphrase *p)
+{
+ dl_list_del(&p->list);
+ os_free(p);
}
{
os_memset(wt, 0, sizeof(*wt));
wt->monitor_sock = -1;
+ dl_list_init(&wt->passphrase);
dl_list_init(&wt->bss);
}
static void wlantest_deinit(struct wlantest *wt)
{
struct wlantest_bss *bss, *n;
+ struct wlantest_passphrase *p, *pn;
if (wt->monitor_sock >= 0)
monitor_deinit(wt);
dl_list_for_each_safe(bss, n, &wt->bss, struct wlantest_bss, list)
bss_deinit(bss);
+ dl_list_for_each_safe(p, pn, &wt->passphrase,
+ struct wlantest_passphrase, list)
+ passphrase_deinit(p);
+}
+
+
+static void add_passphrase(struct wlantest *wt, const char *passphrase)
+{
+ struct wlantest_passphrase *p;
+ size_t len = os_strlen(passphrase);
+
+ if (len < 8 || len > 63)
+ return;
+ p = os_zalloc(sizeof(*p));
+ if (p == NULL)
+ return;
+ os_memcpy(p->passphrase, passphrase, len);
+ dl_list_add(&wt->passphrase, &p->list);
}
struct wlantest wt;
wpa_debug_level = MSG_INFO;
+ wpa_debug_show_keys = 1;
if (os_program_init())
return -1;
wlantest_init(&wt);
for (;;) {
- c = getopt(argc, argv, "dhi:r:q");
+ c = getopt(argc, argv, "dhi:p:qr:");
if (c < 0)
break;
switch (c) {
case 'i':
ifname = optarg;
break;
+ case 'p':
+ add_passphrase(&wt, optarg);
+ break;
case 'q':
wpa_debug_level++;
break;
projects / thirdparty / hostap.git / commitdiff
