hostapd: Add testing mode for RSN element extensions

CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in
hostapd.conf can now be used to enable a testing mode that adds
extensions to RSN element. This can be used to check whether
station implementations are incompatible with future extensions
to the RSN element.

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 4b8b16a75ddda4204e36cbeab8fa57fcc014a35a..11c8bf018f0fbff2159eab3275bbf28dafd0a230 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2049,6 +2049,11 @@ struct hostapd_config * hostapd_config_read(const char *fname)
                                bss->tdls |= TDLS_PROHIBIT_CHAN_SWITCH;
                        else
                                bss->tdls &= ~TDLS_PROHIBIT_CHAN_SWITCH;
+#ifdef CONFIG_RSN_TESTING
+               } else if (os_strcmp(buf, "rsn_testing") == 0) {
+                       extern int rsn_testing;
+                       rsn_testing = atoi(pos);
+#endif /* CONFIG_RSN_TESTING */
                } else {
                        wpa_printf(MSG_ERROR, "Line %d: unknown configuration "
                                   "item '%s'", line, buf);

diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 8309bd0da3403402f70a12d3121d4c1fa5f68481..5e8d1349b1dec102d119a9c863ddb2b1c7134ded 100644 (file)
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -25,6 +25,11 @@
 #include "wpa_auth_i.h"
 
 
+#ifdef CONFIG_RSN_TESTING
+int rsn_testing = 0;
+#endif /* CONFIG_RSN_TESTING */
+
+
 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
 {
        struct wpa_ie_hdr *hdr;
@@ -141,6 +146,14 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
        count = pos;
        pos += 2;
 
+#ifdef CONFIG_RSN_TESTING
+       if (rsn_testing) {
+               RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
+               pos += RSN_SELECTOR_LEN;
+               num_suites++;
+       }
+#endif /* CONFIG_RSN_TESTING */
+
        if (conf->rsn_pairwise & WPA_CIPHER_CCMP) {
                RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
                pos += RSN_SELECTOR_LEN;
@@ -157,6 +170,14 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
                num_suites++;
        }
 
+#ifdef CONFIG_RSN_TESTING
+       if (rsn_testing) {
+               RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
+               pos += RSN_SELECTOR_LEN;
+               num_suites++;
+       }
+#endif /* CONFIG_RSN_TESTING */
+
        if (num_suites == 0) {
                wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
                           conf->rsn_pairwise);
@@ -168,6 +189,14 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
        count = pos;
        pos += 2;
 
+#ifdef CONFIG_RSN_TESTING
+       if (rsn_testing) {
+               RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
+               pos += RSN_SELECTOR_LEN;
+               num_suites++;
+       }
+#endif /* CONFIG_RSN_TESTING */
+
        if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
                RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
                pos += RSN_SELECTOR_LEN;
@@ -203,6 +232,14 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
        }
 #endif /* CONFIG_IEEE80211W */
 
+#ifdef CONFIG_RSN_TESTING
+       if (rsn_testing) {
+               RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
+               pos += RSN_SELECTOR_LEN;
+               num_suites++;
+       }
+#endif /* CONFIG_RSN_TESTING */
+
        if (num_suites == 0) {
                wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
                           conf->wpa_key_mgmt);
@@ -227,6 +264,10 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
                        capab |= WPA_CAPABILITY_MFPR;
        }
 #endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_RSN_TESTING
+       if (rsn_testing)
+               capab |= BIT(8) | BIT(14) | BIT(15);
+#endif /* CONFIG_RSN_TESTING */
        WPA_PUT_LE16(pos, capab);
        pos += 2;
 
@@ -256,6 +297,29 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
        }
 #endif /* CONFIG_IEEE80211W */
 
+#ifdef CONFIG_RSN_TESTING
+       if (rsn_testing) {
+               /*
+                * Fill in any defined fields and add extra data to the end of
+                * the element.
+                */
+               int pmkid_count_set = pmkid != NULL;
+               if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
+                       pmkid_count_set = 1;
+               /* PMKID Count */
+               WPA_PUT_LE16(pos, 0);
+               pos += 2;
+               if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
+                       /* Management Group Cipher Suite */
+                       RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
+                       pos += RSN_SELECTOR_LEN;
+               }
+
+               os_memset(pos, 0x12, 17);
+               pos += 17;
+       }
+#endif /* CONFIG_RSN_TESTING */
+
        hdr->len = (pos - buf) - 2;
 
        return pos - buf;

diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 5e8f27a6bd6ac3931a1113d99f4ec1f8255a4ac6..fe79cee114dd23992c1eb851ed8171567b508eb6 100644 (file)
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -117,7 +117,13 @@
 /* B4-B5: GTKSA Replay Counter */
 #define WPA_CAPABILITY_MFPR BIT(6)
 #define WPA_CAPABILITY_MFPC BIT(7)
+/* B8: Reserved */
 #define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9)
+#define WPA_CAPABILITY_SPP_A_MSDU_CAPABLE BIT(10)
+#define WPA_CAPABILITY_SPP_A_MSDU_REQUIRED BIT(11)
+#define WPA_CAPABILITY_PBAC BIT(12)
+#define WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST BIT(13)
+/* B14-B15: Reserved */
 
 
 /* IEEE 802.11r */