Testing functionality to allow EAPOL-Key Reserved field to be set

author Jouni Malinen <quic_jouni@quicinc.com>

Wed, 24 Jul 2024 17:22:42 +0000 (17:22 +0000)

committer Jouni Malinen <j@w1.fi>

Wed, 24 Jul 2024 17:22:42 +0000 (17:22 +0000)
author Jouni Malinen <quic_jouni@quicinc.com>
Wed, 24 Jul 2024 17:22:42 +0000 (17:22 +0000)
committer Jouni Malinen <j@w1.fi>
Wed, 24 Jul 2024 17:22:42 +0000 (17:22 +0000)
diff --git a/hostapd/config_file.c b/hostapd/config_file.c

index c5aa2dc368d7c3b114273f3fafe67577841d0b1d..96f1b174972ea80261fd7dc59a0d75ee70808788 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -4613,6 +4613,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
                         return 1;
         } else if (os_strcmp(buf, "eapol_m3_no_encrypt") == 0) {
                 bss->eapol_m3_no_encrypt = atoi(pos);
+       } else if (os_strcmp(buf, "eapol_key_reserved_random") == 0) {
+               bss->eapol_key_reserved_random = atoi(pos);
         } else if (os_strcmp(buf, "test_assoc_comeback_type") == 0) {
                 bss->test_assoc_comeback_type = atoi(pos);
         } else if (os_strcmp(buf, "presp_elements") == 0) {
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h

index cae2f97be3490aa122c542c5f287c818a891aa32..d42076785d367524124d3a657a8b8275069f438f 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -725,6 +725,7 @@ struct hostapd_bss_config {
         struct wpabuf *eapol_m1_elements;
         struct wpabuf *eapol_m3_elements;
         bool eapol_m3_no_encrypt;
+       bool eapol_key_reserved_random;
         int test_assoc_comeback_type;
         struct wpabuf *presp_elements;
  
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c

index 9494411049b55b141ee70f6599e1f2caef770bfb..9837c9fa9c024aee80c32228f54cb463fd21da49 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2067,6 +2067,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
         if (key_rsc)
                 os_memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN);
  
+#ifdef CONFIG_TESTING_OPTIONS
+       if (conf->eapol_key_reserved_random)
+               random_get_bytes(key->key_id, sizeof(key->key_id));
+#endif /* CONFIG_TESTING_OPTIONS */
+
         if (kde && !encr) {
                 os_memcpy(key_data, kde, kde_len);
                 WPA_PUT_BE16(key_mic + mic_len, kde_len);
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h

index 39e3f0e1c0274465da5bee38034b32af0f038564..c3b2d49924fca1b8c182d1ddc6000e84e8924ca1 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -266,6 +266,7 @@ struct wpa_auth_config {
         struct wpabuf *eapol_m1_elements;
         struct wpabuf *eapol_m3_elements;
         bool eapol_m3_no_encrypt;
+       bool eapol_key_reserved_random;
  #endif /* CONFIG_TESTING_OPTIONS */
         unsigned int oci_freq_override_eapol_m3;
         unsigned int oci_freq_override_eapol_g1;
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c

index b31ff75a4fff4b662221d42f3bc205fc049fb07c..13685b7c23b375097cb8c64b0f315a6ce9f8b6d1 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -236,6 +236,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
         if (conf->eapol_m3_elements)
                 wconf->eapol_m3_elements = wpabuf_dup(conf->eapol_m3_elements);
         wconf->eapol_m3_no_encrypt = conf->eapol_m3_no_encrypt;
+       wconf->eapol_key_reserved_random = conf->eapol_key_reserved_random;
  #endif /* CONFIG_TESTING_OPTIONS */
  #ifdef CONFIG_P2P
         os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
diff --git a/tests/hwsim/test_sae.py b/tests/hwsim/test_sae.py

index 6f5751ffe2c173acb113aa11cc097f61a3235c80..679db0e2da8c01d9d938655d072ad51e7ce13f18 100644 (file)
--- a/tests/hwsim/test_sae.py
+++ b/tests/hwsim/test_sae.py
@@ -3273,3 +3273,15 @@ def test_sae_ssid_protection(dev, apdev):
  
      if dev[0].get_status_field("ssid_verified") != "1":
          raise Exception("ssid_verified=1 not in STATUS")
+
+def test_sae_eapol_key_reserved_random(dev, apdev):
+    """SAE with EAPOL-Key Reserved field set to random value"""
+    check_sae_capab(dev[0])
+    params = hostapd.wpa2_params(ssid="test-sae", passphrase="12345678")
+    params['wpa_key_mgmt'] = 'SAE'
+    params['eapol_key_reserved_random'] = '1'
+    hapd = hostapd.add_ap(apdev[0], params)
+
+    dev[0].set("sae_groups", "")
+    dev[0].connect("test-sae", psk="12345678", key_mgmt="SAE",
+                   scan_freq="2412")
author	Jouni Malinen <quic_jouni@quicinc.com>
	Wed, 24 Jul 2024 17:22:42 +0000 (17:22 +0000)
committer	Jouni Malinen <j@w1.fi>
	Wed, 24 Jul 2024 17:22:42 +0000 (17:22 +0000)
hostapd/config_file.c		patch \| blob \| blame \| history
src/ap/ap_config.h		patch \| blob \| blame \| history
src/ap/wpa_auth.c		patch \| blob \| blame \| history
src/ap/wpa_auth.h		patch \| blob \| blame \| history
src/ap/wpa_auth_glue.c		patch \| blob \| blame \| history
tests/hwsim/test_sae.py		patch \| blob \| blame \| history