hostapd: Add Key MIC in group EAPOL-Key frames corruption test option

For some testing it can be useful to force the Key MIC in group
EAPOL-Key frames to be corrupt. Add an option to allow setting a
probability for corrupting the Key MIC and use it in the WPA code,
increasing the first byte of the MIC by one to corrupt it if desired.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 21104d3027c64d7bdb6efb44c36f22e5f0578f5e..62136cabff1f94fb66a09fb1a097b6414d282937 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2893,6 +2893,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
                PARSE_TEST_PROBABILITY(ignore_auth_probability)
                PARSE_TEST_PROBABILITY(ignore_assoc_probability)
                PARSE_TEST_PROBABILITY(ignore_reassoc_probability)
+               PARSE_TEST_PROBABILITY(corrupt_gtk_rekey_mic_probability)
 #endif /* CONFIG_TESTING_OPTIONS */
                } else if (os_strcmp(buf, "vendor_elements") == 0) {
                        struct wpabuf *elems;

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 6a1c500bda0e0d9da52bee2a21a977ba5f5ce45f..86015bf19646e8a699e699006deb1b7390a38988 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1540,6 +1540,9 @@ own_ip_addr=127.0.0.1
 #
 # Ignore reassociation requests with the given probability
 #ignore_reassoc_probability=0.0
+#
+# Corrupt Key MIC in GTK rekey EAPOL-Key frames with the given probability
+#corrupt_gtk_rekey_mic_probability=0.0
 
 ##### Multiple BSSID support ##################################################
 #

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 70b26a6eec1de639ce2838fe80717ff241030eb5..7ab86fca9f69e4815d36d99376c0e71b5cd87d72 100644 (file)
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -168,6 +168,7 @@ struct hostapd_config * hostapd_config_defaults(void)
        conf->ignore_auth_probability = 0.0d;
        conf->ignore_assoc_probability = 0.0d;
        conf->ignore_reassoc_probability = 0.0d;
+       conf->corrupt_gtk_rekey_mic_probability = 0.0d;
 #endif /* CONFIG_TESTING_OPTIONS */
 
        return conf;

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index f9629a2cdba4d665617cb8d1f5d281e12eba9684..16134da97a95c0db07ee3d89b04b791d9a00c80e 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -526,6 +526,7 @@ struct hostapd_config {
        double ignore_auth_probability;
        double ignore_assoc_probability;
        double ignore_reassoc_probability;
+       double corrupt_gtk_rekey_mic_probability;
 #endif /* CONFIG_TESTING_OPTIONS */
 };
 

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 4f1f6fbc18b0e4894855d685ea1dc8fd3076ebce..5a0bec8c55108602602668d82ff03dfa64cf2317 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1347,6 +1347,16 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
                }
                wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
                                  key->key_mic);
+#ifdef CONFIG_TESTING_OPTIONS
+               if (!pairwise &&
+                   wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0d &&
+                   drand48() <
+                   wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
+                       wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
+                                       "Corrupting group EAPOL-Key Key MIC");
+                       key->key_mic[0]++;
+               }
+#endif /* CONFIG_TESTING_OPTIONS */
        }
 
        wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,

diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 465eec6a53301bd5162115814babdf80c3bd3244..9126b90dc7711388050d37e33eec9b507b129b80 100644 (file)
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -160,6 +160,9 @@ struct wpa_auth_config {
 #endif /* CONFIG_IEEE80211R */
        int disable_gtk;
        int ap_mlme;
+#ifdef CONFIG_TESTING_OPTIONS
+       double corrupt_gtk_rekey_mic_probability;
+#endif /* CONFIG_TESTING_OPTIONS */
 };
 
 typedef enum {

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index fdaaaff5a3f09e266db645b57903901678eb7695..e2be1ea6cb03b0b0828ab7b97eb9841f7eee0d9f 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -28,6 +28,7 @@
 
 
 static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
+                                 struct hostapd_config *iconf,
                                  struct wpa_auth_config *wconf)
 {
        os_memset(wconf, 0, sizeof(*wconf));
@@ -74,6 +75,10 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
 #ifdef CONFIG_HS20
        wconf->disable_gtk = conf->disable_dgaf;
 #endif /* CONFIG_HS20 */
+#ifdef CONFIG_TESTING_OPTIONS
+       wconf->corrupt_gtk_rekey_mic_probability =
+               iconf->corrupt_gtk_rekey_mic_probability;
+#endif /* CONFIG_TESTING_OPTIONS */
 }
 
 
@@ -509,7 +514,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
        const u8 *wpa_ie;
        size_t wpa_ie_len;
 
-       hostapd_wpa_auth_conf(hapd->conf, &_conf);
+       hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf);
        if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS)
                _conf.tx_status = 1;
        if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
@@ -583,7 +588,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
 void hostapd_reconfig_wpa(struct hostapd_data *hapd)
 {
        struct wpa_auth_config wpa_auth_conf;
-       hostapd_wpa_auth_conf(hapd->conf, &wpa_auth_conf);
+       hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf);
        wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
 }