1 /*
2 * wlantest - IEEE 802.11 protocol monitoring and testing tool
3 * Copyright (c) 2010-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "wlantest.h"
14
15
wlantest_terminate(int sig,void * signal_ctx)16 static void wlantest_terminate(int sig, void *signal_ctx)
17 {
18 eloop_terminate();
19 }
20
21
usage(void)22 static void usage(void)
23 {
24 printf("wlantest [-cddehqqFNt] [-i<ifname>] [-r<pcap file>] "
25 "[-p<passphrase>]\n"
26 " [-I<wired ifname>] [-R<wired pcap file>] "
27 "[-P<RADIUS shared secret>]\n"
28 " [-n<write pcapng file>]\n"
29 " [-w<write pcap file>] [-f<MSK/PMK file>]\n"
30 " [-L<log file>] [-T<PTK file>] [-W<WEP key>]\n");
31 }
32
33
passphrase_deinit(struct wlantest_passphrase * p)34 static void passphrase_deinit(struct wlantest_passphrase *p)
35 {
36 dl_list_del(&p->list);
37 os_free(p);
38 }
39
40
secret_deinit(struct wlantest_radius_secret * r)41 static void secret_deinit(struct wlantest_radius_secret *r)
42 {
43 dl_list_del(&r->list);
44 os_free(r);
45 }
46
47
wlantest_init(struct wlantest * wt)48 static void wlantest_init(struct wlantest *wt)
49 {
50 int i;
51 os_memset(wt, 0, sizeof(*wt));
52 wt->monitor_sock = -1;
53 wt->ctrl_sock = -1;
54 for (i = 0; i < MAX_CTRL_CONNECTIONS; i++)
55 wt->ctrl_socks[i] = -1;
56 dl_list_init(&wt->passphrase);
57 dl_list_init(&wt->bss);
58 dl_list_init(&wt->secret);
59 dl_list_init(&wt->radius);
60 dl_list_init(&wt->pmk);
61 dl_list_init(&wt->ptk);
62 dl_list_init(&wt->wep);
63 }
64
65
radius_deinit(struct wlantest_radius * r)66 void radius_deinit(struct wlantest_radius *r)
67 {
68 dl_list_del(&r->list);
69 os_free(r);
70 }
71
72
ptk_deinit(struct wlantest_ptk * ptk)73 static void ptk_deinit(struct wlantest_ptk *ptk)
74 {
75 dl_list_del(&ptk->list);
76 os_free(ptk);
77 }
78
79
wep_deinit(struct wlantest_wep * wep)80 static void wep_deinit(struct wlantest_wep *wep)
81 {
82 dl_list_del(&wep->list);
83 os_free(wep);
84 }
85
86
wlantest_deinit(struct wlantest * wt)87 static void wlantest_deinit(struct wlantest *wt)
88 {
89 struct wlantest_passphrase *p, *pn;
90 struct wlantest_radius_secret *s, *sn;
91 struct wlantest_radius *r, *rn;
92 struct wlantest_pmk *pmk, *np;
93 struct wlantest_ptk *ptk, *npt;
94 struct wlantest_wep *wep, *nw;
95
96 if (wt->ctrl_sock >= 0)
97 ctrl_deinit(wt);
98 if (wt->monitor_sock >= 0)
99 monitor_deinit(wt);
100 bss_flush(wt);
101 dl_list_for_each_safe(p, pn, &wt->passphrase,
102 struct wlantest_passphrase, list)
103 passphrase_deinit(p);
104 dl_list_for_each_safe(s, sn, &wt->secret,
105 struct wlantest_radius_secret, list)
106 secret_deinit(s);
107 dl_list_for_each_safe(r, rn, &wt->radius, struct wlantest_radius, list)
108 radius_deinit(r);
109 dl_list_for_each_safe(pmk, np, &wt->pmk, struct wlantest_pmk, list)
110 pmk_deinit(pmk);
111 dl_list_for_each_safe(ptk, npt, &wt->ptk, struct wlantest_ptk, list)
112 ptk_deinit(ptk);
113 dl_list_for_each_safe(wep, nw, &wt->wep, struct wlantest_wep, list)
114 wep_deinit(wep);
115 write_pcap_deinit(wt);
116 write_pcapng_deinit(wt);
117 clear_notes(wt);
118 os_free(wt->decrypted);
119 wt->decrypted = NULL;
120 wpabuf_free(wt->tkip_frag.buf);
121 wt->tkip_frag.buf = NULL;
122 }
123
124
add_passphrase(struct wlantest * wt,const char * passphrase)125 static void add_passphrase(struct wlantest *wt, const char *passphrase)
126 {
127 struct wlantest_passphrase *p;
128 size_t len = os_strlen(passphrase);
129
130 if (len < 8 || len > 63)
131 return;
132 p = os_zalloc(sizeof(*p));
133 if (p == NULL)
134 return;
135 os_memcpy(p->passphrase, passphrase, len);
136 dl_list_add(&wt->passphrase, &p->list);
137 }
138
139
add_secret(struct wlantest * wt,const char * secret)140 static void add_secret(struct wlantest *wt, const char *secret)
141 {
142 struct wlantest_radius_secret *s;
143 size_t len = os_strlen(secret);
144
145 if (len >= MAX_RADIUS_SECRET_LEN)
146 return;
147 s = os_zalloc(sizeof(*s));
148 if (s == NULL)
149 return;
150 os_memcpy(s->secret, secret, len);
151 dl_list_add(&wt->secret, &s->list);
152 }
153
154
add_pmk_file(struct wlantest * wt,const char * pmk_file)155 static int add_pmk_file(struct wlantest *wt, const char *pmk_file)
156 {
157 FILE *f;
158 u8 pmk[PMK_LEN_MAX];
159 size_t pmk_len;
160 char buf[300], *pos;
161 struct wlantest_pmk *p;
162
163 f = fopen(pmk_file, "r");
164 if (f == NULL) {
165 wpa_printf(MSG_ERROR, "Could not open '%s'", pmk_file);
166 return -1;
167 }
168
169 while (fgets(buf, sizeof(buf), f)) {
170 pos = buf;
171 while (*pos && *pos != '\r' && *pos != '\n')
172 pos++;
173 *pos = '\0';
174 if (pos - buf < 2 * 32)
175 continue;
176 pmk_len = (pos - buf) / 2;
177 if (pmk_len > PMK_LEN_MAX)
178 pmk_len = PMK_LEN_MAX;
179 if (hexstr2bin(buf, pmk, pmk_len) < 0)
180 continue;
181 p = os_zalloc(sizeof(*p));
182 if (p == NULL)
183 break;
184 os_memcpy(p->pmk, pmk, pmk_len);
185 p->pmk_len = pmk_len;
186 dl_list_add(&wt->pmk, &p->list);
187 wpa_hexdump(MSG_DEBUG, "Added PMK from file", pmk, pmk_len);
188
189 /* For FT, the send half of MSK is used */
190 if (hexstr2bin(&buf[2 * PMK_LEN], pmk, PMK_LEN) < 0)
191 continue;
192 p = os_zalloc(sizeof(*p));
193 if (p == NULL)
194 break;
195 os_memcpy(p->pmk, pmk, PMK_LEN);
196 p->pmk_len = PMK_LEN;
197 dl_list_add(&wt->pmk, &p->list);
198 wpa_hexdump(MSG_DEBUG, "Added PMK from file (2nd half of MSK)",
199 pmk, PMK_LEN);
200 }
201
202 fclose(f);
203 return 0;
204 }
205
206
add_ptk_file(struct wlantest * wt,const char * ptk_file)207 static int add_ptk_file(struct wlantest *wt, const char *ptk_file)
208 {
209 FILE *f;
210 u8 ptk[64];
211 size_t ptk_len;
212 char buf[300], *pos;
213 struct wlantest_ptk *p;
214
215 f = fopen(ptk_file, "r");
216 if (f == NULL) {
217 wpa_printf(MSG_ERROR, "Could not open '%s'", ptk_file);
218 return -1;
219 }
220
221 while (fgets(buf, sizeof(buf), f)) {
222 pos = buf;
223 while (*pos && *pos != '\r' && *pos != '\n')
224 pos++;
225 *pos = '\0';
226 ptk_len = pos - buf;
227 if (ptk_len & 1)
228 continue;
229 ptk_len /= 2;
230 if (ptk_len != 16 && ptk_len != 32 &&
231 ptk_len != 48 && ptk_len != 64)
232 continue;
233 if (hexstr2bin(buf, ptk, ptk_len) < 0)
234 continue;
235 p = os_zalloc(sizeof(*p));
236 if (p == NULL)
237 break;
238 if (ptk_len < 48) {
239 os_memcpy(p->ptk.tk, ptk, ptk_len);
240 p->ptk.tk_len = ptk_len;
241 p->ptk_len = 32 + ptk_len;
242 } else {
243 os_memcpy(p->ptk.kck, ptk, 16);
244 p->ptk.kck_len = 16;
245 os_memcpy(p->ptk.kek, ptk + 16, 16);
246 p->ptk.kek_len = 16;
247 os_memcpy(p->ptk.tk, ptk + 32, ptk_len - 32);
248 p->ptk.tk_len = ptk_len - 32;
249 p->ptk_len = ptk_len;
250 }
251 dl_list_add(&wt->ptk, &p->list);
252 wpa_hexdump(MSG_DEBUG, "Added PTK from file", ptk, ptk_len);
253 }
254
255 fclose(f);
256 return 0;
257 }
258
259
add_wep(struct wlantest * wt,const char * key)260 int add_wep(struct wlantest *wt, const char *key)
261 {
262 struct wlantest_wep *w;
263 size_t len = os_strlen(key);
264
265 if (len != 2 * 5 && len != 2 * 13) {
266 wpa_printf(MSG_INFO, "Invalid WEP key '%s'", key);
267 return -1;
268 }
269 w = os_zalloc(sizeof(*w));
270 if (w == NULL)
271 return -1;
272 if (hexstr2bin(key, w->key, len / 2) < 0) {
273 os_free(w);
274 wpa_printf(MSG_INFO, "Invalid WEP key '%s'", key);
275 return -1;
276 }
277 w->key_len = len / 2;
278 dl_list_add(&wt->wep, &w->list);
279 return 0;
280 }
281
282
add_note(struct wlantest * wt,int level,const char * fmt,...)283 void add_note(struct wlantest *wt, int level, const char *fmt, ...)
284 {
285 va_list ap;
286 size_t len = 1000;
287 int wlen;
288
289 if (wt->num_notes == MAX_NOTES)
290 return;
291
292 wt->notes[wt->num_notes] = os_malloc(len);
293 if (wt->notes[wt->num_notes] == NULL)
294 return;
295 va_start(ap, fmt);
296 wlen = vsnprintf(wt->notes[wt->num_notes], len, fmt, ap);
297 va_end(ap);
298 if (wlen < 0) {
299 os_free(wt->notes[wt->num_notes]);
300 wt->notes[wt->num_notes] = NULL;
301 return;
302 }
303 if (wlen >= len)
304 wt->notes[wt->num_notes][len - 1] = '\0';
305 wpa_printf(level, "%s", wt->notes[wt->num_notes]);
306 wt->num_notes++;
307 }
308
309
clear_notes(struct wlantest * wt)310 void clear_notes(struct wlantest *wt)
311 {
312 size_t i;
313
314 for (i = 0; i < wt->num_notes; i++) {
315 os_free(wt->notes[i]);
316 wt->notes[i] = NULL;
317 }
318
319 wt->num_notes = 0;
320 }
321
322
notes_len(struct wlantest * wt,size_t hdrlen)323 size_t notes_len(struct wlantest *wt, size_t hdrlen)
324 {
325 size_t i;
326 size_t len = wt->num_notes * hdrlen;
327
328 for (i = 0; i < wt->num_notes; i++)
329 len += os_strlen(wt->notes[i]);
330
331 return len;
332 }
333
334
write_decrypted_note(struct wlantest * wt,const u8 * decrypted,const u8 * tk,size_t tk_len,int keyid)335 void write_decrypted_note(struct wlantest *wt, const u8 *decrypted,
336 const u8 *tk, size_t tk_len, int keyid)
337 {
338 char tk_hex[65];
339
340 if (!decrypted)
341 return;
342
343 wpa_snprintf_hex(tk_hex, sizeof(tk_hex), tk, tk_len);
344 add_note(wt, MSG_EXCESSIVE, "TK[%d] %s", keyid, tk_hex);
345 }
346
347
wlantest_relog(struct wlantest * wt)348 int wlantest_relog(struct wlantest *wt)
349 {
350 int ret = 0;
351
352 wpa_printf(MSG_INFO, "Re-open log/capture files");
353 if (wpa_debug_reopen_file())
354 ret = -1;
355
356 if (wt->write_file) {
357 write_pcap_deinit(wt);
358 if (write_pcap_init(wt, wt->write_file) < 0)
359 ret = -1;
360 }
361
362 if (wt->pcapng_file) {
363 write_pcapng_deinit(wt);
364 if (write_pcapng_init(wt, wt->pcapng_file) < 0)
365 ret = -1;
366 }
367
368 return ret;
369 }
370
371
main(int argc,char * argv[])372 int main(int argc, char *argv[])
373 {
374 int c, ret = 0;
375 const char *read_file = NULL;
376 const char *read_wired_file = NULL;
377 const char *ifname = NULL;
378 const char *ifname_wired = NULL;
379 const char *logfile = NULL;
380 struct wlantest wt;
381 int ctrl_iface = 0;
382 bool eloop_init_done = false;
383
384 wpa_debug_level = MSG_INFO;
385 wpa_debug_show_keys = 1;
386
387 if (os_program_init())
388 return -1;
389
390 wlantest_init(&wt);
391
392 for (;;) {
393 c = getopt(argc, argv, "cdef:Fhi:I:L:n:Np:P:qr:R:tT:w:W:");
394 if (c < 0)
395 break;
396 switch (c) {
397 case 'c':
398 ctrl_iface = 1;
399 break;
400 case 'd':
401 if (wpa_debug_level > 0)
402 wpa_debug_level--;
403 break;
404 case 'e':
405 wt.ethernet = 1;
406 break;
407 case 'f':
408 if (add_pmk_file(&wt, optarg) < 0) {
409 ret = -1;
410 goto deinit;
411 }
412 break;
413 case 'F':
414 wt.assume_fcs = 1;
415 break;
416 case 'h':
417 usage();
418 ret = 0;
419 goto deinit;
420 case 'i':
421 ifname = optarg;
422 break;
423 case 'I':
424 ifname_wired = optarg;
425 break;
426 case 'L':
427 logfile = optarg;
428 break;
429 case 'n':
430 wt.pcapng_file = optarg;
431 break;
432 case 'N':
433 wt.pcap_no_buffer = 1;
434 break;
435 case 'p':
436 add_passphrase(&wt, optarg);
437 break;
438 case 'P':
439 add_secret(&wt, optarg);
440 break;
441 case 'q':
442 wpa_debug_level++;
443 break;
444 case 'r':
445 read_file = optarg;
446 break;
447 case 'R':
448 read_wired_file = optarg;
449 break;
450 case 't':
451 wpa_debug_timestamp = 1;
452 break;
453 case 'T':
454 if (add_ptk_file(&wt, optarg) < 0) {
455 ret = -1;
456 goto deinit;
457 }
458 break;
459 case 'w':
460 wt.write_file = optarg;
461 break;
462 case 'W':
463 if (add_wep(&wt, optarg) < 0) {
464 ret = -1;
465 goto deinit;
466 }
467 break;
468 default:
469 usage();
470 ret = -1;
471 goto deinit;
472 }
473 }
474
475 if (ifname == NULL && ifname_wired == NULL &&
476 read_file == NULL && read_wired_file == NULL) {
477 usage();
478 ret = 0;
479 goto deinit;
480 }
481
482 if (eloop_init()) {
483 ret = -1;
484 goto deinit;
485 }
486 eloop_init_done = true;
487
488 if (logfile)
489 wpa_debug_open_file(logfile);
490
491 if ((wt.write_file && write_pcap_init(&wt, wt.write_file) < 0) ||
492 (wt.pcapng_file && write_pcapng_init(&wt, wt.pcapng_file) < 0) ||
493 (read_wired_file &&
494 read_wired_cap_file(&wt, read_wired_file) < 0) ||
495 (read_file && read_cap_file(&wt, read_file) < 0) ||
496 (ifname && monitor_init(&wt, ifname) < 0) ||
497 (ifname_wired && monitor_init_wired(&wt, ifname_wired) < 0) ||
498 (ctrl_iface && ctrl_init(&wt) < 0)) {
499 ret = -1;
500 goto deinit;
501 }
502
503 eloop_register_signal_terminate(wlantest_terminate, &wt);
504
505 eloop_run();
506
507 wpa_printf(MSG_INFO, "Processed: rx_mgmt=%u rx_ctrl=%u rx_data=%u "
508 "fcs_error=%u",
509 wt.rx_mgmt, wt.rx_ctrl, wt.rx_data, wt.fcs_error);
510
511 deinit:
512 wlantest_deinit(&wt);
513
514 wpa_debug_close_file();
515 if (eloop_init_done)
516 eloop_destroy();
517 os_program_deinit();
518
519 return ret;
520 }
521
