diff mbox series

[2/5] hostapd: extend RESET_PN for BIGTK

Message ID 1588772536-I4dc932ce173e6bf1cf5c57fceb2cbb81c6aee071@changeid
State Superseded
Headers show
Series [1/5] test_ap_ciphers: replace gtk boolean by keytype | expand

Commit Message

Johannes Berg May 6, 2020, 1:42 p.m. UTC 
From: Johannes Berg <johannes.berg@intel.com>

Extend the RESET_PN command to allow resetting the BIGTK PN
for testing.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 hostapd/ctrl_iface.c   | 26 ++++++++++++++++++++++++++
 src/ap/hostapd.h       |  5 +++++
 src/ap/wpa_auth_glue.c | 18 +++++++++++++-----
 3 files changed, 44 insertions(+), 5 deletions(-)

Comments

Johannes Berg May 7, 2020, 5:49 a.m. UTC | #1 
On Wed, 2020-05-06 at 15:42 +0200, Johannes Berg wrote:
> 
> @@ -2191,6 +2191,32 @@ static int hostapd_ctrl_reset_pn(struct hostapd_data *hapd, const char *cmd)
>  					   KEY_FLAG_GROUP_TX_DEFAULT);
>  	}
>  
> +	if (is_broadcast_ether_addr(addr) && os_strstr(cmd, "BIGTK")) {
> 
Ah, well, this won't work. I need to either put that *before* the "IGTK"
search (since that's a substring of "BIGTK"), or change that to " IGTK".

Perhaps I'll do both, i.e. search for " BIGTK" and put it before "IGTK",
just in case we have to add xBIGTK in the future ;-)

johannes
diff mbox series

Patch

diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c
index 87f2cb17ec5a..e8841cdf3963 100644
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -2191,6 +2191,32 @@  static int hostapd_ctrl_reset_pn(struct hostapd_data *hapd, const char *cmd)
 					   KEY_FLAG_GROUP_TX_DEFAULT);
 	}
 
+	if (is_broadcast_ether_addr(addr) && os_strstr(cmd, "BIGTK")) {
+		if (hapd->last_bigtk_alg == WPA_ALG_NONE)
+			return -1;
+
+		wpa_printf(MSG_INFO, "TESTING: Reset IPN for BIGTK");
+
+		/* First, use a zero key to avoid any possible duplicate key
+		 * avoidance in the driver. */
+		if (hostapd_drv_set_key(hapd->conf->iface, hapd,
+					hapd->last_bigtk_alg,
+					broadcast_ether_addr,
+					hapd->last_bigtk_key_idx, 0, 1, NULL, 0,
+					zero, hapd->last_bigtk_len,
+					KEY_FLAG_GROUP_TX_DEFAULT) < 0)
+			return -1;
+
+		/* Set the previously configured key to reset its TSC */
+		return hostapd_drv_set_key(hapd->conf->iface, hapd,
+					   hapd->last_bigtk_alg,
+					   broadcast_ether_addr,
+					   hapd->last_bigtk_key_idx, 0, 1, NULL,
+					   0, hapd->last_bigtk,
+					   hapd->last_bigtk_len,
+					   KEY_FLAG_GROUP_TX_DEFAULT);
+	}
+
 	if (is_broadcast_ether_addr(addr)) {
 		if (hapd->last_gtk_alg == WPA_ALG_NONE)
 			return -1;
diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h
index fff15f118ffc..f12ca3dc2e6a 100644
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -349,6 +349,11 @@  struct hostapd_data {
 	int last_igtk_key_idx;
 	u8 last_igtk[WPA_IGTK_MAX_LEN];
 	size_t last_igtk_len;
+
+	enum wpa_alg last_bigtk_alg;
+	int last_bigtk_key_idx;
+	u8 last_bigtk[WPA_BIGTK_MAX_LEN];
+	size_t last_bigtk_len;
 #endif /* CONFIG_TESTING_OPTIONS */
 
 #ifdef CONFIG_MBO
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 44ab83095388..169be37ab056 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -457,11 +457,19 @@  static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
 		   alg == WPA_ALG_BIP_GMAC_128 ||
 		   alg == WPA_ALG_BIP_GMAC_256 ||
 		   alg == WPA_ALG_BIP_CMAC_256) {
-		hapd->last_igtk_alg = alg;
-		hapd->last_igtk_key_idx = idx;
-		if (key)
-			os_memcpy(hapd->last_igtk, key, key_len);
-		hapd->last_igtk_len = key_len;
+		if (idx == 4 || idx == 5) {
+			hapd->last_igtk_alg = alg;
+			hapd->last_igtk_key_idx = idx;
+			if (key)
+				os_memcpy(hapd->last_igtk, key, key_len);
+			hapd->last_igtk_len = key_len;
+		} else if (idx == 6 || idx == 7) {
+			hapd->last_bigtk_alg = alg;
+			hapd->last_bigtk_key_idx = idx;
+			if (key)
+				os_memcpy(hapd->last_bigtk, key, key_len);
+			hapd->last_bigtk_len = key_len;
+		}
 	} else {
 		hapd->last_gtk_alg = alg;
 		hapd->last_gtk_key_idx = idx;