[PATCH] hostapd: add GTK MIC corruption test option
Johannes Berg
johannes
Thu May 2 02:32:17 PDT 2013
From: Johannes Berg <johannes.berg at intel.com>
For some testing it can be useful to force the GTK MIC to be
corrupt. Add an option to allow setting a probability for
corrupting the key MIC and use it in the WPA code, increasing
the first byte of the MIC by one to corrupt it if desired.
Change-Id: Ibb729cda701ea2445d2702629f38472eaf210499
Signed-hostap: Johannes Berg <johannes.berg at intel.com>
---
hostapd/config_file.c | 1 +
hostapd/hostapd.conf | 3 +++
src/ap/ap_config.c | 1 +
src/ap/ap_config.h | 1 +
src/ap/wpa_auth.c | 9 +++++++++
src/ap/wpa_auth.h | 3 +++
src/ap/wpa_auth_glue.c | 9 +++++++--
7 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 21104d3..62136ca 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2893,6 +2893,7 @@ static int hostapd_config_fill(struct hostapd_config *conf,
PARSE_TEST_PROBABILITY(ignore_auth_probability)
PARSE_TEST_PROBABILITY(ignore_assoc_probability)
PARSE_TEST_PROBABILITY(ignore_reassoc_probability)
+ PARSE_TEST_PROBABILITY(corrupt_gtk_rekey_mic_probability)
#endif /* CONFIG_TESTING_OPTIONS */
} else if (os_strcmp(buf, "vendor_elements") == 0) {
struct wpabuf *elems;
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 6a1c500..442807d 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1540,6 +1540,9 @@ own_ip_addr=127.0.0.1
#
# Ignore reassociation requests with the given probability
#ignore_reassoc_probability=0.0
+#
+# Corrupt GTK rekey packets (by ...) with the given probability
+#corrupt_gtk_rekey_mic_probability=0.0
##### Multiple BSSID support ##################################################
#
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 70b26a6..7ab86fc 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -168,6 +168,7 @@ struct hostapd_config * hostapd_config_defaults(void)
conf->ignore_auth_probability = 0.0d;
conf->ignore_assoc_probability = 0.0d;
conf->ignore_reassoc_probability = 0.0d;
+ conf->corrupt_gtk_rekey_mic_probability = 0.0d;
#endif /* CONFIG_TESTING_OPTIONS */
return conf;
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index f9629a2..16134da 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -526,6 +526,7 @@ struct hostapd_config {
double ignore_auth_probability;
double ignore_assoc_probability;
double ignore_reassoc_probability;
+ double corrupt_gtk_rekey_mic_probability;
#endif /* CONFIG_TESTING_OPTIONS */
};
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 4ecae2d..dfe0354 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1347,6 +1347,15 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
}
wpa_eapol_key_mic(sm->PTK.kck, version, (u8 *) hdr, len,
key->key_mic);
+#ifdef CONFIG_TESTING_OPTIONS
+ if (!pairwise &&
+ wpa_auth->conf.corrupt_gtk_rekey_mic_probability > 0.0d &&
+ drand48() < wpa_auth->conf.corrupt_gtk_rekey_mic_probability) {
+ wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
+ "Corrupting GTK MIC");
+ key->key_mic[0]++;
+ }
+#endif
}
wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx,
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 465eec6..8dc6a6f 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -160,6 +160,9 @@ struct wpa_auth_config {
#endif /* CONFIG_IEEE80211R */
int disable_gtk;
int ap_mlme;
+#ifdef CONFIG_TESTING_OPTIONS
+ double corrupt_gtk_rekey_mic_probability;
+#endif
};
typedef enum {
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index fdaaaff..fc2c1d0 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -28,6 +28,7 @@
static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
+ struct hostapd_config *iconf,
struct wpa_auth_config *wconf)
{
os_memset(wconf, 0, sizeof(*wconf));
@@ -74,6 +75,10 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
#ifdef CONFIG_HS20
wconf->disable_gtk = conf->disable_dgaf;
#endif /* CONFIG_HS20 */
+#ifdef CONFIG_TESTING_OPTIONS
+ wconf->corrupt_gtk_rekey_mic_probability =
+ iconf->corrupt_gtk_rekey_mic_probability;
+#endif
}
@@ -509,7 +514,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
const u8 *wpa_ie;
size_t wpa_ie_len;
- hostapd_wpa_auth_conf(hapd->conf, &_conf);
+ hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf);
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS)
_conf.tx_status = 1;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
@@ -583,7 +588,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
void hostapd_reconfig_wpa(struct hostapd_data *hapd)
{
struct wpa_auth_config wpa_auth_conf;
- hostapd_wpa_auth_conf(hapd->conf, &wpa_auth_conf);
+ hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf);
wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
}
--
1.8.0
More information about the Hostap
mailing list