[PATCH 05/15] PASN: For testing purposes allow to corrupt MIC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



For testing purposes, add support for corrupting the MIC
in PASN authentication frames for both wpa_supplicant
and hostapd.

Signed-off-by: Ilan Peer <ilan.peer@xxxxxxxxx>
---
 hostapd/config_file.c            | 2 ++
 src/ap/ap_config.h               | 3 +++
 src/ap/ieee802_11.c              | 7 +++++++
 wpa_supplicant/config.c          | 1 +
 wpa_supplicant/config.h          | 4 ++++
 wpa_supplicant/pasn_supplicant.c | 7 +++++++
 6 files changed, 24 insertions(+)

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 80842b8f49..eabf61be07 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -4664,6 +4664,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
 #ifdef CONFIG_TESTING_OPTIONS
 	} else if (os_strcmp(buf, "force_kdk_derivation") == 0) {
 		bss->force_kdk_derivation = atoi(pos);
+	} else if (os_strcmp(buf, "pasn_corrupt_mic") == 0) {
+		bss->pasn_corrupt_mic = atoi(pos);
 #endif /* CONFIG_TESTING_OPTIONS */
 	} else if (os_strcmp(buf, "pasn_groups") == 0) {
 		if (hostapd_parse_intlist(&bss->pasn_groups, pos)) {
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index 88200c688d..e2bd5e9358 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -874,6 +874,9 @@ struct hostapd_bss_config {
 	 * secure LTF. Allow forcing KDK derivation for testing purposes.
 	 */
 	int force_kdk_derivation;
+
+	/* If set, corrupt the MIC in the 2rd authentication frame of PASN */
+	int pasn_corrupt_mic;
 #endif /* CONFIG_TESTING_OPTIONS */
 
 	int *pasn_groups;
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index cc83ce6e02..f88c8b3c21 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2995,6 +2995,13 @@ static int handle_auth_pasn_resp(struct hostapd_data *hapd,
 		goto fail;
 	}
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (hapd->conf->pasn_corrupt_mic) {
+		wpa_printf(MSG_DEBUG, "PASN: frame 2: corrupt MIC");
+		mic[0] = ~mic[0];
+	}
+#endif /* CONFIG_TESTING_OPTIONS */
+
 	os_memcpy(ptr, mic, mic_len);
 
 done:
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index ce5c80d02e..e8e9fd4326 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -5208,6 +5208,7 @@ static const struct global_parse_data global_fields[] = {
 #ifdef CONFIG_PASN
 #ifdef CONFIG_TESTING_OPTIONS
 	{ INT_RANGE(force_kdk_derivation, 0, 1), 0 },
+	{ INT_RANGE(pasn_corrupt_mic, 0, 1), 0 },
 #endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_PASN */
 };
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index aac4a9dffb..bbe14b477e 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -1648,6 +1648,10 @@ struct wpa_config {
 	 * secure LTF. Allow forcing KDK derivation for testing purposes.
 	 */
 	int force_kdk_derivation;
+
+	/* If set, corrupt the MIC in the 3rd authentication frame of PASN */
+	int pasn_corrupt_mic;
+
 #endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_PASN*/
 };
diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c
index a18fd96f44..303d791504 100644
--- a/wpa_supplicant/pasn_supplicant.c
+++ b/wpa_supplicant/pasn_supplicant.c
@@ -779,6 +779,13 @@ static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s)
 		goto fail;
 	}
 
+#ifdef CONFIG_TESTING_OPTIONS
+	if (wpa_s->conf->pasn_corrupt_mic) {
+		wpa_printf(MSG_DEBUG, "PASN: frame 3: corrupt MIC");
+		mic[0] = ~mic[0];
+	}
+
+#endif /* CONFIG_TESTING_OPTIONS */
 	os_memcpy(ptr, mic, mic_len);
 
 	pasn->trans_seq++;
-- 
2.17.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux