Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

wlantest: Add support for OSEN

This allows Hotspot 2.0 OSEN connection to be analyzed more
conveniently. The frames from an OSEN association can now be decrypted
using an MSK file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 10 years ago
parent
84a4084177
commit
f6ff5160f0
5 changed files with 63 additions and 8 deletions
Split View Show Diff Stats
  1. 1 0
      wlantest/Makefile
  2. 32 3
      wlantest/bss.c
  3. 7 3
      wlantest/rx_eapol.c
  4. 21 2
      wlantest/sta.c
  5. 2 0
      wlantest/wlantest.h

+ 1 - 0
wlantest/Makefile
View File 

@@ -44,6 +44,7 @@ OBJS_lib += ../src/crypto/libcrypto.a
 
 CFLAGS += -DCONFIG_PEERKEY
 
 CFLAGS += -DCONFIG_IEEE80211W
 
 CFLAGS += -DCONFIG_IEEE80211R
 
+CFLAGS += -DCONFIG_HS20
 
 CFLAGS += -DCONFIG_DEBUG_FILE
 
 
 OBJS += ../src/common/ieee802_11_common.o

+ 32 - 3
wlantest/bss.c
View File 

@@ -154,6 +154,26 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
 
 		bss_add_pmk(wt, bss);
 
 	}
 
 
+	if (elems->osen == NULL) {
 
+		if (bss->osenie[0]) {
 
+			add_note(wt, MSG_INFO, "BSS " MACSTR
 
+				 " - OSEN IE removed", MAC2STR(bss->bssid));
 
+			bss->rsnie[0] = 0;
 
+			update = 1;
 
+		}
 
+	} else {
 
+		if (bss->osenie[0] == 0 ||
 
+		    os_memcmp(bss->osenie, elems->osen - 2,
 
+			      elems->osen_len + 2) != 0) {
 
+			wpa_printf(MSG_INFO, "BSS " MACSTR " - OSEN IE "
 
+				   "stored", MAC2STR(bss->bssid));
 
+			wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
 
+				    elems->osen_len + 2);
 
+			update = 1;
 
+		}
 
+		os_memcpy(bss->osenie, elems->osen - 2,
 
+			  elems->osen_len + 2);
 
+	}
 
 
 	if (elems->rsn_ie == NULL) {
 
 		if (bss->rsnie[0]) {
 
@@ -238,25 +258,33 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
 
 		}
 
 	}
 
 
+	if (bss->osenie[0]) {
 
+		bss->proto |= WPA_PROTO_OSEN;
 
+		bss->pairwise_cipher |= WPA_CIPHER_CCMP;
 
+		bss->group_cipher |= WPA_CIPHER_CCMP;
 
+		bss->key_mgmt |= WPA_KEY_MGMT_OSEN;
 
+	}
 
+
 
 	if (!(bss->proto & WPA_PROTO_RSN) ||
 
 	    !(bss->rsn_capab & WPA_CAPABILITY_MFPC))
 
 		bss->mgmt_group_cipher = 0;
 
 
-	if (!bss->wpaie[0] && !bss->rsnie[0] &&
 
+	if (!bss->wpaie[0] && !bss->rsnie[0] && !bss->osenie[0] &&
 
 	    (bss->capab_info & WLAN_CAPABILITY_PRIVACY))
 
 		bss->group_cipher = WPA_CIPHER_WEP40;
 
 
 	wpa_printf(MSG_INFO, "BSS " MACSTR
 
-		   " proto=%s%s%s"
 
+		   " proto=%s%s%s%s"
 
 		   "pairwise=%s%s%s%s"
 
 		   "group=%s%s%s%s%s%s"
 
 		   "mgmt_group_cipher=%s"
 
-		   "key_mgmt=%s%s%s%s%s%s%s%s"
 
+		   "key_mgmt=%s%s%s%s%s%s%s%s%s"
 
 		   "rsn_capab=%s%s%s%s%s",
 
 		   MAC2STR(bss->bssid),
 
 		   bss->proto == 0 ? "OPEN " : "",
 
 		   bss->proto & WPA_PROTO_WPA ? "WPA " : "",
 
 		   bss->proto & WPA_PROTO_RSN ? "WPA2 " : "",
 
+		   bss->proto & WPA_PROTO_OSEN ? "OSEN " : "",
 
 		   bss->pairwise_cipher == 0 ? "N/A " : "",
 
 		   bss->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
 
 		   bss->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
 
@@ -279,6 +307,7 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss,
 
 		   "EAP-SHA256 " : "",
 
 		   bss->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
 
 		   "PSK-SHA256 " : "",
 
+		   bss->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
 
 		   bss->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
 
 		   bss->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
 
 		   "NO_PAIRWISE " : "",

+ 7 - 3
wlantest/rx_eapol.c
View File 

@@ -144,8 +144,8 @@ static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss,
 
 {
 
 	struct wlantest_pmk *pmk;
 
 
-	wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR,
 
-		   MAC2STR(sta->addr));
 
+	wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR " (ver %u)",
 
+		   MAC2STR(sta->addr), ver);
 
 	dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
 
 		wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
 
 		if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
 
@@ -372,6 +372,9 @@ static u8 * decrypt_eapol_key_data(struct wlantest *wt, const u8 *kek, u16 ver,
 
 	case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
 
 	case WPA_KEY_INFO_TYPE_AES_128_CMAC:
 
 		return decrypt_eapol_key_data_aes(wt, kek, hdr, len);
 
+	case WPA_KEY_INFO_TYPE_AKM_DEFINED:
 
+		/* For now, assume this is OSEN */
 
+		return decrypt_eapol_key_data_aes(wt, kek, hdr, len);
 
 	default:
 
 		add_note(wt, MSG_INFO,
 
 			 "Unsupported EAPOL-Key Key Descriptor Version %u",
 
@@ -916,7 +919,8 @@ static void rx_data_eapol_key(struct wlantest *wt, const u8 *dst,
 
 
 	if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
 
 	    ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
 
-	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
 
+	    ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
 
+	    ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
 
 		wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
 
 			   "Version %u from " MACSTR, ver, MAC2STR(src));
 
 		return;

+ 21 - 2
wlantest/sta.c
View File 

@@ -82,6 +82,14 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
 
 		elems->rsn_ie = NULL;
 
 	}
 
 
+	if (elems->osen && !bss->osenie[0]) {
 
+		wpa_printf(MSG_INFO, "OSEN IE included in Association Request "
 
+			   "frame from " MACSTR " even though BSS does not "
 
+			   "use OSEN - ignore IE",
 
+			   MAC2STR(sta->addr));
 
+		elems->osen = NULL;
 
+	}
 
+
 
 	if (elems->wpa_ie && elems->rsn_ie) {
 
 		wpa_printf(MSG_INFO, "Both WPA IE and RSN IE included in "
 
 			   "Association Request frame from " MACSTR,
 
@@ -108,6 +116,15 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
 
 			wpa_printf(MSG_INFO, "Failed to parse WPA IE from "
 
 				   MACSTR, MAC2STR(sta->addr));
 
 		}
 
+	} else if (elems->osen) {
 
+		wpa_hexdump(MSG_DEBUG, "OSEN IE", elems->osen - 2,
 
+			    elems->osen_len + 2);
 
+		os_memcpy(sta->osenie, elems->osen - 2, elems->osen_len + 2);
 
+		sta->proto = WPA_PROTO_OSEN;
 
+		sta->pairwise_cipher = WPA_CIPHER_CCMP;
 
+		sta->key_mgmt = WPA_KEY_MGMT_OSEN;
 
+		sta->rsn_capab = 0;
 
+		goto skip_rsn_wpa;
 
 	} else {
 
 		sta->rsnie[0] = 0;
 
 		sta->proto = 0;
 
@@ -151,14 +168,15 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems)
 
 
 skip_rsn_wpa:
 
 	wpa_printf(MSG_INFO, "STA " MACSTR
 
-		   " proto=%s%s%s"
 
+		   " proto=%s%s%s%s"
 
 		   "pairwise=%s%s%s%s"
 
-		   "key_mgmt=%s%s%s%s%s%s%s%s"
 
+		   "key_mgmt=%s%s%s%s%s%s%s%s%s"
 
 		   "rsn_capab=%s%s%s%s%s",
 
 		   MAC2STR(sta->addr),
 
 		   sta->proto == 0 ? "OPEN " : "",
 
 		   sta->proto & WPA_PROTO_WPA ? "WPA " : "",
 
 		   sta->proto & WPA_PROTO_RSN ? "WPA2 " : "",
 
+		   sta->proto & WPA_PROTO_OSEN ? "OSEN " : "",
 
 		   sta->pairwise_cipher == 0 ? "N/A " : "",
 
 		   sta->pairwise_cipher & WPA_CIPHER_NONE ? "NONE " : "",
 
 		   sta->pairwise_cipher & WPA_CIPHER_TKIP ? "TKIP " : "",
 
@@ -173,6 +191,7 @@ skip_rsn_wpa:
 
 		   "EAP-SHA256 " : "",
 
 		   sta->key_mgmt & WPA_KEY_MGMT_PSK_SHA256 ?
 
 		   "PSK-SHA256 " : "",
 
+		   sta->key_mgmt & WPA_KEY_MGMT_OSEN ? "OSEN " : "",
 
 		   sta->rsn_capab & WPA_CAPABILITY_PREAUTH ? "PREAUTH " : "",
 
 		   sta->rsn_capab & WPA_CAPABILITY_NO_PAIRWISE ?
 
 		   "NO_PAIRWISE " : "",

+ 2 - 0
wlantest/wlantest.h
View File 

@@ -61,6 +61,7 @@ struct wlantest_sta {
 
 	} state;
 
 	u16 aid;
 
 	u8 rsnie[257]; /* WPA/RSN IE */
 
+	u8 osenie[257]; /* OSEN IE */
 
 	int proto;
 
 	int pairwise_cipher;
 
 	int group_cipher;
 
@@ -130,6 +131,7 @@ struct wlantest_bss {
 
 	int parse_error_reported;
 
 	u8 wpaie[257];
 
 	u8 rsnie[257];
 
+	u8 osenie[257];
 
 	int proto;
 
 	int pairwise_cipher;
 
 	int group_cipher;