| Message ID | 20200315190426.163478-1-alexander@wetzel-home.de |
|---|---|
| Headers | show
Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=wetzel-home.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=UjqQHVaB; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=wetzel-home.de header.i=@wetzel-home.de header.a=rsa-sha256 header.s=wetzel-home header.b=pFVoXJff; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48gTRS3q9yz9sPJ for <incoming@patchwork.ozlabs.org>; Mon, 16 Mar 2020 06:05:56 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=XkHteoHt88/y3+O4ussDwGE6pe9DChe/ok8g0/ncxdI=; b=UjqQHVaBZVux1E aFqQ82qOtM1l9CfY0L5Gncw63/gVUUfoKaekLL85d+bALqqnuC03jbLBSEbLyGqUR0UpbA1vev50k 4Lt2eQSy8P80vLsqQkvM52sNH8DPQHgLlHV1YdXuPJoPIK3rCE/tvJHwpnaGA++mligWbjI0k0SnP gFyTQU9DWtQtqg9I16masycAMy3hnbEp/iYIqiK7vk+6iql0eXScyo1g1HPvt7WW7I1B4cYg2YHos 1or+m6VOEn6qRIyNvguJHIdnOrIlXyaNOHqgo0rdqbrc8KF3Iwo1eeO8GatA4BI5WcIGT4LMLC7WT jpFpviM+nCvywc/0Jq5g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jDYa1-0007wu-Ii; Sun, 15 Mar 2020 19:05:45 +0000 Received: from 3.mo173.mail-out.ovh.net ([46.105.34.1]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jDYZQ-00060E-6p for hostap@lists.infradead.org; Sun, 15 Mar 2020 19:05:12 +0000 Received: from player691.ha.ovh.net (unknown [10.110.171.250]) by mo173.mail-out.ovh.net (Postfix) with ESMTP id 9F6C71329B9 for <hostap@lists.infradead.org>; Sun, 15 Mar 2020 20:04:57 +0100 (CET) Received: from awhome.eu (p4FF9153C.dip0.t-ipconnect.de [79.249.21.60]) (Authenticated sender: postmaster@awhome.eu) by player691.ha.ovh.net (Postfix) with ESMTPSA id DD8D41085AF33; Sun, 15 Mar 2020 19:04:50 +0000 (UTC) From: Alexander Wetzel <alexander@wetzel-home.de> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de; s=wetzel-home; t=1584299088; bh=t+kaTmDMjd8+ZgIdMWukT2+rlrcDiDZlZFduaoRc+68=; h=From:To:Cc:Subject:Date; b=pFVoXJffoxMGWFb22Cvcjq73VIiOUveKPJLCNlB+GUqme8j5H5DICQwIEgeYu7tYx A/P7DwoPoZRxpVTv8LnyUTUzvm3hZWc3afnUBHC3jC4Or5GquMjYTQmO+UDiv07T8L DvlG2ISlILgeCtsLbC+//x4/W54SuesCoJM7Ux6o= To: j@w1.fi Subject: [PATCH 0/8] Extended Key ID support Date: Sun, 15 Mar 2020 20:04:18 +0100 Message-Id: <20200315190426.163478-1-alexander@wetzel-home.de> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Ovh-Tracer-Id: 8960192935801658560 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrudefuddgvdeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvffufffkofgggfestdekredtredttdenucfhrhhomheptehlvgigrghnuggvrhcuhggvthiivghluceorghlvgigrghnuggvrhesfigvthiivghlqdhhohhmvgdruggvqeenucfkpheptddrtddrtddrtddpjeelrddvgeelrddvuddriedtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmohguvgepshhmthhpqdhouhhtpdhhvghlohepphhlrgihvghrieeluddrhhgrrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpegrlhgvgigrnhguvghrseifvghtiigvlhdqhhhomhgvrdguvgdprhgtphhtthhopehhohhsthgrpheslhhishhtshdrihhnfhhrrgguvggrugdrohhrgh X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200315_120508_626145_387B0439 X-CRM114-Status: GOOD ( 15.63 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [46.105.34.1 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: <hostap.lists.infradead.org> List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>, <mailto:hostap-request@lists.infradead.org?subject=unsubscribe> List-Archive: <http://lists.infradead.org/pipermail/hostap/> List-Post: <mailto:hostap@lists.infradead.org> List-Help: <mailto:hostap-request@lists.infradead.org?subject=help> List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>, <mailto:hostap-request@lists.infradead.org?subject=subscribe> Cc: hostap@lists.infradead.org, Alexander Wetzel <alexander@wetzel-home.de> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org |
| Series |
Extended Key ID support
|
expand
|
On Sun, Mar 15, 2020 at 08:04:18PM +0100, Alexander Wetzel wrote: > This is basically V10 for Extended Key ID support from the broken up > "[Patch v9 00/16] Seamless PTK rekeys" series. Thanks. I applied following with some cleanup: > Add KEY_FLAG_MODIFY for Extended Key ID support > common: Add RSN parsing for Extended Key ID > nl80211: Extended Key ID support > wlantest: Basic Extended Key ID support And I have open comments on these: > common: Extended Key ID support > AP: Support Extended Key ID > STA: Support Extended Key ID > tests: Extended Key ID tests Mainly requesting the non-standard parts to be remove or moved to separate patches and to simplify configuration of this.
This is basically V10 for Extended Key ID support from the broken up "[Patch v9 00/16] Seamless PTK rekeys" series. It has now the different options how to handle FT and FILS as configuration options which should make the different trade-offs more obvious. The main issue are the beacon frames of the AP: When Extended Key ID is supported they must announce support for it. But when a station using FILS or FT tries to connect there is no defined way to handle it. The only way to avoid that is not supporting it at all when FT or FILS can be used. This is now how the BASIC Extended Key ID support now handles the issue. The non-standard extensions FT0, FILS0 and FILS_CUSTOM are the most obvious ways how to handle a bit less radical. (There is no FT_CUSTOM mode since the standard has no FT IE to transmit it. As soon as one becomes available we could implement that, too.) For good measure I also added the option PREFER0, controlling if we like to start with keyidy 0 instead of 1 when either can be chosen. (I still like to start with 1 when possible to get more predictable failures.) So far I have BASIC Extended Key ID support enabled by default which still can cause inseparability issues with broken STAs when the AP supports it. (Should be trivial to change the default, though.) As of today it can only be used with cards using mac80211 with a kernel >=4.20 and not offering HW encryption. The in-tree drivers matching that description are: - ADMtek ADM8211 - Atheros AR5523 - Broadcom 43xx - Mac80211 hwsim - Marvell 8xxx - Ralink rt2400 - Ralink rt2500 - Realtek 8180 - ZyDAS ZD1211 In the near future all iwlwifi (dmm and mvm) cards below the 22000 series should follow. (Fully supported, only not yet officially enabled.) Changes compared to the Extended Key ID patches from "[Patch v9 00/16] Seamless PTK rekeys": - To decide if Extended Key ID can be used the RSN information is now always taken from the most recent frame (EAPOL #3 for standard compliant handshakes.) - Fixed FT Extended Key ID support which was not properly initializing the active keyid and basically only worked in the tests due to happenstance. - better but much more complicated configuration options and parsing - reworked (mostly reduced) log messages - changed detection for Extended Key ID support in the unit tests to driver flags (instead of now removed log messages) - broken out some parts as separate patches Alexander Wetzel (8): Add KEY_FLAG_MODIFY for Extended Key ID support common: Add RSN parsing for Extended Key ID common: Extended Key ID support AP: Support Extended Key ID STA: Support Extended Key ID nl80211: Extended Key ID support wlantest: Basic Extended Key ID support tests: Extended Key ID tests hostapd/config_file.c | 18 +++ hostapd/ctrl_iface.c | 16 ++ hostapd/hostapd.conf | 38 +++++ src/ap/ap_config.c | 25 +++ src/ap/ap_config.h | 1 + src/ap/ieee802_11.c | 7 + src/ap/wpa_auth.c | 92 +++++++++-- src/ap/wpa_auth.h | 3 + src/ap/wpa_auth_ft.c | 26 ++- src/ap/wpa_auth_glue.c | 14 +- src/ap/wpa_auth_i.h | 4 + src/ap/wpa_auth_ie.c | 77 ++++++++- src/common/defs.h | 17 +- src/common/wpa_common.c | 131 +++++++++++++++ src/common/wpa_common.h | 3 + src/drivers/driver.h | 9 ++ src/drivers/driver_common.c | 1 + src/drivers/driver_nl80211.c | 19 ++- src/drivers/driver_nl80211_capa.c | 4 + src/rsn_supp/wpa.c | 183 +++++++++++++++++++-- src/rsn_supp/wpa.h | 14 ++ src/rsn_supp/wpa_ft.c | 27 +++- src/rsn_supp/wpa_i.h | 3 + src/rsn_supp/wpa_ie.c | 7 + tests/hwsim/hostapd.py | 12 +- tests/hwsim/test_ap_eap.py | 24 ++- tests/hwsim/test_ap_ft.py | 14 +- tests/hwsim/test_ap_psk.py | 145 +++++++++++++++-- tests/hwsim/test_fils.py | 203 +++++++++++++++++++++++- tests/hwsim/test_ocv.py | 13 +- tests/hwsim/test_rrm.py | 7 +- tests/hwsim/wpasupplicant.py | 2 +- wlantest/bss.c | 6 +- wlantest/rx_data.c | 6 +- wlantest/rx_eapol.c | 4 + wpa_supplicant/ap.c | 1 + wpa_supplicant/config.c | 50 ++++++ wpa_supplicant/config_file.c | 1 + wpa_supplicant/config_ssid.h | 8 + wpa_supplicant/ctrl_iface.c | 3 + wpa_supplicant/dbus/dbus_new_handlers.c | 3 +- wpa_supplicant/driver_i.h | 9 +- wpa_supplicant/wpa_cli.c | 2 +- wpa_supplicant/wpa_supplicant.c | 24 ++- wpa_supplicant/wpa_supplicant.conf | 38 +++++ wpa_supplicant/wpas_glue.c | 7 +- 46 files changed, 1251 insertions(+), 70 deletions(-)