struct wlantest_sta *sta, *sta2;
int keyid;
u16 fc = le_to_host16(hdr->frame_control);
- u8 *decrypted;
+ u8 *decrypted = NULL;
size_t dlen;
int tid;
- u8 pn[6], *rsc;
+ u8 pn[6], *rsc = NULL;
struct wlantest_tdls *tdls = NULL, *found;
const u8 *tk = NULL;
int ptk_iter_done = 0;
(!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) &&
tk == NULL) {
add_note(wt, MSG_MSGDUMP, "No PTK known to decrypt the frame");
- if (dl_list_empty(&wt->ptk))
+ if (dl_list_empty(&wt->ptk)) {
+ if (len >= 4 && sta) {
+ keyid = data[3] >> 6;
+ goto check_zero_tk;
+ }
return;
+ }
+
try_ptk_iter = 1;
}
add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
}
}
+check_zero_tk:
if (!decrypted) {
struct wpa_ptk zero_ptk;
+ int old_debug_level = wpa_debug_level;
os_memset(&zero_ptk, 0, sizeof(zero_ptk));
zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher);
+ wpa_debug_level = MSG_ERROR;
decrypted = try_ptk(sta->pairwise_cipher, &zero_ptk, hdr,
data, len, &dlen);
+ wpa_debug_level = old_debug_level;
if (decrypted) {
add_note(wt, MSG_DEBUG,
"Frame was encrypted with zero TK");
+ wpa_printf(MSG_INFO, "Zero TK used in frame #%u: A2="
+ MACSTR " seq=%u",
+ wt->frame_num, MAC2STR(hdr->addr2),
+ WLAN_GET_SEQ_SEQ(
+ le_to_host16(hdr->seq_ctrl)));
write_decrypted_note(wt, decrypted, zero_ptk.tk,
zero_ptk.tk_len, keyid);
}
const u8 *peer_addr = NULL;
if (!(fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)))
peer_addr = hdr->addr1;
- if (!replay)
+ if (!replay && rsc)
os_memcpy(rsc, pn, 6);
rx_data_process(wt, bss->bssid, sta->addr, dst, src, decrypted,
dlen, 1, peer_addr);