wlantest: Check for zero TK even when the real PTK is not known

This makes it easier to analyze certain encryption issues. Also print
out an error at the default INFO debug verbosity with the frame number.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-03-23 17:58:43 +02:00 committed by Jouni Malinen
parent bb08be757f
commit 8e467e3cf4

View file

@ -339,10 +339,10 @@ static void rx_data_bss_prot(struct wlantest *wt,
struct wlantest_sta *sta, *sta2; struct wlantest_sta *sta, *sta2;
int keyid; int keyid;
u16 fc = le_to_host16(hdr->frame_control); u16 fc = le_to_host16(hdr->frame_control);
u8 *decrypted; u8 *decrypted = NULL;
size_t dlen; size_t dlen;
int tid; int tid;
u8 pn[6], *rsc; u8 pn[6], *rsc = NULL;
struct wlantest_tdls *tdls = NULL, *found; struct wlantest_tdls *tdls = NULL, *found;
const u8 *tk = NULL; const u8 *tk = NULL;
int ptk_iter_done = 0; int ptk_iter_done = 0;
@ -424,8 +424,14 @@ static void rx_data_bss_prot(struct wlantest *wt,
(!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) && (!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) &&
tk == NULL) { tk == NULL) {
add_note(wt, MSG_MSGDUMP, "No PTK known to decrypt the frame"); add_note(wt, MSG_MSGDUMP, "No PTK known to decrypt the frame");
if (dl_list_empty(&wt->ptk)) if (dl_list_empty(&wt->ptk)) {
if (len >= 4 && sta) {
keyid = data[3] >> 6;
goto check_zero_tk;
}
return; return;
}
try_ptk_iter = 1; try_ptk_iter = 1;
} }
@ -578,16 +584,25 @@ skip_replay_det:
add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs"); add_note(wt, MSG_DEBUG, "Current PTK did not work, but found a match from all known PTKs");
} }
} }
check_zero_tk:
if (!decrypted) { if (!decrypted) {
struct wpa_ptk zero_ptk; struct wpa_ptk zero_ptk;
int old_debug_level = wpa_debug_level;
os_memset(&zero_ptk, 0, sizeof(zero_ptk)); os_memset(&zero_ptk, 0, sizeof(zero_ptk));
zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher); zero_ptk.tk_len = wpa_cipher_key_len(sta->pairwise_cipher);
wpa_debug_level = MSG_ERROR;
decrypted = try_ptk(sta->pairwise_cipher, &zero_ptk, hdr, decrypted = try_ptk(sta->pairwise_cipher, &zero_ptk, hdr,
data, len, &dlen); data, len, &dlen);
wpa_debug_level = old_debug_level;
if (decrypted) { if (decrypted) {
add_note(wt, MSG_DEBUG, add_note(wt, MSG_DEBUG,
"Frame was encrypted with zero TK"); "Frame was encrypted with zero TK");
wpa_printf(MSG_INFO, "Zero TK used in frame #%u: A2="
MACSTR " seq=%u",
wt->frame_num, MAC2STR(hdr->addr2),
WLAN_GET_SEQ_SEQ(
le_to_host16(hdr->seq_ctrl)));
write_decrypted_note(wt, decrypted, zero_ptk.tk, write_decrypted_note(wt, decrypted, zero_ptk.tk,
zero_ptk.tk_len, keyid); zero_ptk.tk_len, keyid);
} }
@ -597,7 +612,7 @@ skip_replay_det:
const u8 *peer_addr = NULL; const u8 *peer_addr = NULL;
if (!(fc & (WLAN_FC_FROMDS | WLAN_FC_TODS))) if (!(fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)))
peer_addr = hdr->addr1; peer_addr = hdr->addr1;
if (!replay) if (!replay && rsc)
os_memcpy(rsc, pn, 6); os_memcpy(rsc, pn, 6);
rx_data_process(wt, bss->bssid, sta->addr, dst, src, decrypted, rx_data_process(wt, bss->bssid, sta->addr, dst, src, decrypted,
dlen, 1, peer_addr); dlen, 1, peer_addr);