For testing purposes, add support for corrupting the MIC in PASN authentication frames for both wpa_supplicant and hostapd. Signed-off-by: Ilan Peer <ilan.peer@xxxxxxxxx> --- hostapd/config_file.c | 2 ++ src/ap/ap_config.h | 3 +++ src/ap/ieee802_11.c | 7 +++++++ wpa_supplicant/config.c | 1 + wpa_supplicant/config.h | 4 ++++ wpa_supplicant/pasn_supplicant.c | 7 +++++++ 6 files changed, 24 insertions(+) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 80842b8f49..eabf61be07 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -4664,6 +4664,8 @@ static int hostapd_config_fill(struct hostapd_config *conf, #ifdef CONFIG_TESTING_OPTIONS } else if (os_strcmp(buf, "force_kdk_derivation") == 0) { bss->force_kdk_derivation = atoi(pos); + } else if (os_strcmp(buf, "pasn_corrupt_mic") == 0) { + bss->pasn_corrupt_mic = atoi(pos); #endif /* CONFIG_TESTING_OPTIONS */ } else if (os_strcmp(buf, "pasn_groups") == 0) { if (hostapd_parse_intlist(&bss->pasn_groups, pos)) { diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 88200c688d..e2bd5e9358 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -874,6 +874,9 @@ struct hostapd_bss_config { * secure LTF. Allow forcing KDK derivation for testing purposes. */ int force_kdk_derivation; + + /* If set, corrupt the MIC in the 2rd authentication frame of PASN */ + int pasn_corrupt_mic; #endif /* CONFIG_TESTING_OPTIONS */ int *pasn_groups; diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index cc83ce6e02..f88c8b3c21 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2995,6 +2995,13 @@ static int handle_auth_pasn_resp(struct hostapd_data *hapd, goto fail; } +#ifdef CONFIG_TESTING_OPTIONS + if (hapd->conf->pasn_corrupt_mic) { + wpa_printf(MSG_DEBUG, "PASN: frame 2: corrupt MIC"); + mic[0] = ~mic[0]; + } +#endif /* CONFIG_TESTING_OPTIONS */ + os_memcpy(ptr, mic, mic_len); done: diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index ce5c80d02e..e8e9fd4326 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -5208,6 +5208,7 @@ static const struct global_parse_data global_fields[] = { #ifdef CONFIG_PASN #ifdef CONFIG_TESTING_OPTIONS { INT_RANGE(force_kdk_derivation, 0, 1), 0 }, + { INT_RANGE(pasn_corrupt_mic, 0, 1), 0 }, #endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_PASN */ }; diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h index aac4a9dffb..bbe14b477e 100644 --- a/wpa_supplicant/config.h +++ b/wpa_supplicant/config.h @@ -1648,6 +1648,10 @@ struct wpa_config { * secure LTF. Allow forcing KDK derivation for testing purposes. */ int force_kdk_derivation; + + /* If set, corrupt the MIC in the 3rd authentication frame of PASN */ + int pasn_corrupt_mic; + #endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_PASN*/ }; diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c index a18fd96f44..303d791504 100644 --- a/wpa_supplicant/pasn_supplicant.c +++ b/wpa_supplicant/pasn_supplicant.c @@ -779,6 +779,13 @@ static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s) goto fail; } +#ifdef CONFIG_TESTING_OPTIONS + if (wpa_s->conf->pasn_corrupt_mic) { + wpa_printf(MSG_DEBUG, "PASN: frame 3: corrupt MIC"); + mic[0] = ~mic[0]; + } + +#endif /* CONFIG_TESTING_OPTIONS */ os_memcpy(ptr, mic, mic_len); pasn->trans_seq++; -- 2.17.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap