wlantest: Check for zero TK even when the real PTK is not known

This makes it easier to analyze certain encryption issues. Also print
out an error at the default INFO debug verbosity with the frame number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c
index 1ee25a645248596fc2a7455ed6d6c89a2130f1f7..91c0144f8a8d56c8e2e22ca1cb7b3e07099cd5ca 100644 (file)
--- a/wlantest/rx_data.c
+++ b/wlantest/rx_data.c
@@ -339,10 +339,10 @@ static void rx_data_bss_prot(struct wlantest *wt,
        struct wlantest_sta *sta, *sta2;
        int keyid;
        u16 fc = le_to_host16(hdr->frame_control);
-       u8 *decrypted;
+       u8 *decrypted = NULL;
        size_t dlen;
        int tid;
-       u8 pn[6], *rsc;
+       u8 pn[6], *rsc = NULL;
        struct wlantest_tdls *tdls = NULL, *found;
        const u8 *tk = NULL;
        int ptk_iter_done = 0;
@@ -424,8 +424,14 @@ static void rx_data_bss_prot(struct wlantest *wt,
             (!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) &&
            tk == NULL) {
                add_note(wt, MSG_MSGDUMP, "No PTK known to decrypt the frame");
-               if (dl_list_empty(&wt->ptk))
+               if (dl_list_empty(&wt->ptk)) {
+                       if (len >= 4 && sta) {
+                               keyid = data[3] >> 6;
+                               goto check_zero_tk;
+                       }
                        return;
+               }
+
                try_ptk_iter = 1;
        }
 
@@ -578,16 +584,25 @@ skip_replay_det:
                        add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
                }
        }
+check_zero_tk:
        if (!decrypted) {
                struct wpa_ptk zero_ptk;
+               int old_debug_level = wpa_debug_level;
 
                os_memset(&zero_ptk, 0, sizeof(zero_ptk));
                zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher);
+               wpa_debug_level = MSG_ERROR;
                decrypted = try_ptk(sta->pairwise_cipher, &zero_ptk, hdr,
                                    data, len, &dlen);
+               wpa_debug_level = old_debug_level;
                if (decrypted) {
                        add_note(wt, MSG_DEBUG,
                                 "Frame was encrypted with zero TK");
+                       wpa_printf(MSG_INFO, "Zero TK used in frame #%u: A2="
+                                  MACSTR " seq=%u",
+                                  wt->frame_num, MAC2STR(hdr->addr2),
+                                  WLAN_GET_SEQ_SEQ(
+                                          le_to_host16(hdr->seq_ctrl)));
                        write_decrypted_note(wt, decrypted, zero_ptk.tk,
                                             zero_ptk.tk_len, keyid);
                }
@@ -597,7 +612,7 @@ skip_replay_det:
                const u8 *peer_addr = NULL;
                if (!(fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)))
                        peer_addr = hdr->addr1;
-               if (!replay)
+               if (!replay && rsc)
                        os_memcpy(rsc, pn, 6);
                rx_data_process(wt, bss->bssid, sta->addr, dst, src, decrypted,
                                dlen, 1, peer_addr);