PASN: For testing purposes allow to corrupt MIC

For testing purposes, add support for corrupting the MIC in PASN
Authentication frames for both wpa_supplicant and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 80842b8f499201846a32f7935e76e7f8e4ad4f80..eabf61be077f33dd0bfbe3979433ee6b37a0fc9a 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -4664,6 +4664,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 #ifdef CONFIG_TESTING_OPTIONS
        } else if (os_strcmp(buf, "force_kdk_derivation") == 0) {
                bss->force_kdk_derivation = atoi(pos);
+       } else if (os_strcmp(buf, "pasn_corrupt_mic") == 0) {
+               bss->pasn_corrupt_mic = atoi(pos);
 #endif /* CONFIG_TESTING_OPTIONS */
        } else if (os_strcmp(buf, "pasn_groups") == 0) {
                if (hostapd_parse_intlist(&bss->pasn_groups, pos)) {

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 88200c688d4fb7edf2ac261a1bb985d0eccf989d..4857adf53a1b8209a0e9cc8e9b0c6eeb2cbd2951 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -874,6 +874,9 @@ struct hostapd_bss_config {
         * secure LTF. Allow forcing KDK derivation for testing purposes.
         */
        int force_kdk_derivation;
+
+       /* If set, corrupt the MIC in the 2nd Authentication frame of PASN */
+       int pasn_corrupt_mic;
 #endif /* CONFIG_TESTING_OPTIONS */
 
        int *pasn_groups;

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index cba8868aeac63d1243c5745840f517c307aafa55..eb05efd8b0688b83297715c5619b12b8da0b29e9 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2995,6 +2995,13 @@ static int handle_auth_pasn_resp(struct hostapd_data *hapd,
                goto fail;
        }
 
+#ifdef CONFIG_TESTING_OPTIONS
+       if (hapd->conf->pasn_corrupt_mic) {
+               wpa_printf(MSG_DEBUG, "PASN: frame 2: Corrupt MIC");
+               mic[0] = ~mic[0];
+       }
+#endif /* CONFIG_TESTING_OPTIONS */
+
        os_memcpy(ptr, mic, mic_len);
 
 done:

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index ce5c80d02e21c4d81b5b059c673ba39d2b5a8b7c..e8e9fd4326189229b29446a229902af2bc18dc78 100644 (file)
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -5208,6 +5208,7 @@ static const struct global_parse_data global_fields[] = {
 #ifdef CONFIG_PASN
 #ifdef CONFIG_TESTING_OPTIONS
        { INT_RANGE(force_kdk_derivation, 0, 1), 0 },
+       { INT_RANGE(pasn_corrupt_mic, 0, 1), 0 },
 #endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_PASN */
 };

diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index aac4a9dffb18ebd166a6f3860cad8298e6edf141..68679c6e380a7c8b31e5a856c231a5e96209ac52 100644 (file)
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -1648,6 +1648,10 @@ struct wpa_config {
         * secure LTF. Allow forcing KDK derivation for testing purposes.
         */
        int force_kdk_derivation;
+
+       /* If set, corrupt the MIC in the 3rd Authentication frame of PASN */
+       int pasn_corrupt_mic;
+
 #endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_PASN*/
 };

diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index 35d732ed55cf066f36a4e5feafe5a75f8af361e6..f7c61542fb63b1c9758abbe6a64c271e879e25ed 100644 (file)
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -779,6 +779,13 @@ static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s)
                goto fail;
        }
 
+#ifdef CONFIG_TESTING_OPTIONS
+       if (wpa_s->conf->pasn_corrupt_mic) {
+               wpa_printf(MSG_DEBUG, "PASN: frame 3: Corrupt MIC");
+               mic[0] = ~mic[0];
+       }
+#endif /* CONFIG_TESTING_OPTIONS */
+
        os_memcpy(ptr, mic, mic_len);
 
        pasn->trans_seq++;