Allow RSNE in EAPOL-Key msg 3/4 to be replaced for testing purposes

The new hostapd configuration parameter rsne_override_eapol can now be
used similarly to the previously added rsnxe_override_eapol to override
(replace contents or remove) RSNE in EAPOL-Key msg 3/4. This can be used
for station protocol testing to verify sufficient checks for RSNE
modification between the Beacon/Probe Response frames and EAPOL-Key msg
3/4.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-03-07 16:45:52 +02:00
parent 3396a4529c
commit 4d64fd37b7
6 changed files with 28 additions and 1 deletions

View file

@ -4176,6 +4176,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "sae_commit_override") == 0) { } else if (os_strcmp(buf, "sae_commit_override") == 0) {
wpabuf_free(bss->sae_commit_override); wpabuf_free(bss->sae_commit_override);
bss->sae_commit_override = wpabuf_parse_bin(pos); bss->sae_commit_override = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "rsne_override_eapol") == 0) {
wpabuf_free(bss->rsne_override_eapol);
bss->rsne_override_eapol = wpabuf_parse_bin(pos);
} else if (os_strcmp(buf, "rsnxe_override_eapol") == 0) { } else if (os_strcmp(buf, "rsnxe_override_eapol") == 0) {
wpabuf_free(bss->rsnxe_override_eapol); wpabuf_free(bss->rsnxe_override_eapol);
bss->rsnxe_override_eapol = wpabuf_parse_bin(pos); bss->rsnxe_override_eapol = wpabuf_parse_bin(pos);

View file

@ -902,6 +902,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
wpabuf_free(conf->own_ie_override); wpabuf_free(conf->own_ie_override);
wpabuf_free(conf->sae_commit_override); wpabuf_free(conf->sae_commit_override);
wpabuf_free(conf->rsne_override_eapol);
wpabuf_free(conf->rsnxe_override_eapol); wpabuf_free(conf->rsnxe_override_eapol);
wpabuf_free(conf->gtk_rsc_override); wpabuf_free(conf->gtk_rsc_override);
wpabuf_free(conf->igtk_rsc_override); wpabuf_free(conf->igtk_rsc_override);

View file

@ -677,6 +677,7 @@ struct hostapd_bss_config {
struct wpabuf *own_ie_override; struct wpabuf *own_ie_override;
int sae_reflection_attack; int sae_reflection_attack;
struct wpabuf *sae_commit_override; struct wpabuf *sae_commit_override;
struct wpabuf *rsne_override_eapol;
struct wpabuf *rsnxe_override_eapol; struct wpabuf *rsnxe_override_eapol;
struct wpabuf *gtk_rsc_override; struct wpabuf *gtk_rsc_override;
struct wpabuf *igtk_rsc_override; struct wpabuf *igtk_rsc_override;

View file

@ -3260,7 +3260,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
struct wpa_group *gsm = sm->group; struct wpa_group *gsm = sm->group;
u8 *wpa_ie; u8 *wpa_ie;
int secure, gtkidx, encr = 0; int secure, gtkidx, encr = 0;
u8 *wpa_ie_buf = NULL; u8 *wpa_ie_buf = NULL, *wpa_ie_buf2 = NULL;
SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk); SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
sm->TimeoutEvt = FALSE; sm->TimeoutEvt = FALSE;
@ -3295,6 +3295,15 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
wpa_ie_len = wpa_ie[1] + 2; wpa_ie_len = wpa_ie[1] + 2;
} }
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
if (sm->wpa_auth->conf.rsne_override_eapol_set) {
wpa_ie_buf2 = replace_ie(
"RSNE", wpa_ie, &wpa_ie_len, WLAN_EID_RSN,
sm->wpa_auth->conf.rsne_override_eapol,
sm->wpa_auth->conf.rsne_override_eapol_len);
if (!wpa_ie_buf2)
goto done;
wpa_ie = wpa_ie_buf2;
}
if (sm->wpa_auth->conf.rsnxe_override_eapol_set) { if (sm->wpa_auth->conf.rsnxe_override_eapol_set) {
wpa_ie_buf = replace_ie( wpa_ie_buf = replace_ie(
"RSNXE", wpa_ie, &wpa_ie_len, WLAN_EID_RSNX, "RSNXE", wpa_ie, &wpa_ie_len, WLAN_EID_RSNX,
@ -3458,6 +3467,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
done: done:
os_free(kde); os_free(kde);
os_free(wpa_ie_buf); os_free(wpa_ie_buf);
os_free(wpa_ie_buf2);
} }

View file

@ -221,10 +221,13 @@ struct wpa_auth_config {
double corrupt_gtk_rekey_mic_probability; double corrupt_gtk_rekey_mic_probability;
u8 own_ie_override[MAX_OWN_IE_OVERRIDE]; u8 own_ie_override[MAX_OWN_IE_OVERRIDE];
size_t own_ie_override_len; size_t own_ie_override_len;
u8 rsne_override_eapol[MAX_OWN_IE_OVERRIDE];
size_t rsne_override_eapol_len;
u8 rsnxe_override_eapol[MAX_OWN_IE_OVERRIDE]; u8 rsnxe_override_eapol[MAX_OWN_IE_OVERRIDE];
size_t rsnxe_override_eapol_len; size_t rsnxe_override_eapol_len;
u8 gtk_rsc_override[WPA_KEY_RSC_LEN]; u8 gtk_rsc_override[WPA_KEY_RSC_LEN];
u8 igtk_rsc_override[WPA_KEY_RSC_LEN]; u8 igtk_rsc_override[WPA_KEY_RSC_LEN];
unsigned int rsne_override_eapol_set:1;
unsigned int rsnxe_override_eapol_set:1; unsigned int rsnxe_override_eapol_set:1;
unsigned int gtk_rsc_override_set:1; unsigned int gtk_rsc_override_set:1;
unsigned int igtk_rsc_override_set:1; unsigned int igtk_rsc_override_set:1;

View file

@ -121,6 +121,15 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
wpabuf_head(conf->own_ie_override), wpabuf_head(conf->own_ie_override),
wconf->own_ie_override_len); wconf->own_ie_override_len);
} }
if (conf->rsne_override_eapol &&
wpabuf_len(conf->rsne_override_eapol) <= MAX_OWN_IE_OVERRIDE) {
wconf->rsne_override_eapol_set = 1;
wconf->rsne_override_eapol_len =
wpabuf_len(conf->rsne_override_eapol);
os_memcpy(wconf->rsne_override_eapol,
wpabuf_head(conf->rsne_override_eapol),
wconf->rsne_override_eapol_len);
}
if (conf->rsnxe_override_eapol && if (conf->rsnxe_override_eapol &&
wpabuf_len(conf->rsnxe_override_eapol) <= MAX_OWN_IE_OVERRIDE) { wpabuf_len(conf->rsnxe_override_eapol) <= MAX_OWN_IE_OVERRIDE) {
wconf->rsnxe_override_eapol_set = 1; wconf->rsnxe_override_eapol_set = 1;