From patchwork Sat Sep 28 18:18:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Wetzel X-Patchwork-Id: 1168886 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=wetzel-home.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ROQgfi/0"; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=wetzel-home.de header.i=@wetzel-home.de header.b="oU2Ay998"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46gcR32snRz9sPQ for ; Sun, 29 Sep 2019 04:20:31 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=dKJOihV0M8G14qecZBU8AffVRqX5LPzhh+DkdhxZ4EI=; b=ROQgfi/0T4UYX/ YddtboTQ+nsBE7uTgNzliOZBGaxO+HNmu6NkTCYVMSFxrbEWblNMg5o9+3VtuEN+Y4XM0rweODGw0 lUN2SfeXo/oZ6SIuWoHJhcq2qP6W76w98aSXgisjtQZen/TfdLyQ0IzvZ2/Fwa7Q2rm5+yYu+SZB9 1l7EkQ4ld66iVCVWV9HfRJ+ocYz3rSEy5XZL5JQZhMaIE/qTsbHsP/OVd52AByQaT0LoRqwrX2U8e J+Q8Gyas4ZeWgTuSiw6SNeSeZUDm+PiBALcHulCD78WfUJky4PzLTrU0v0bqBeScJEbmOcmfWWzrO ZUJxvD1IsSrdDmLfv95A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux)) id 1iEHKW-0003MC-N1; Sat, 28 Sep 2019 18:20:28 +0000 Received: from 1.mo68.mail-out.ovh.net ([46.105.41.146]) by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat Linux)) id 1iEHJL-00010T-LS for hostap@lists.infradead.org; Sat, 28 Sep 2019 18:19:19 +0000 Received: from player761.ha.ovh.net (unknown [10.109.160.25]) by mo68.mail-out.ovh.net (Postfix) with ESMTP id 000DE1440FB for ; Sat, 28 Sep 2019 20:19:08 +0200 (CEST) Received: from awhome.eu (p4FF9144D.dip0.t-ipconnect.de [79.249.20.77]) (Authenticated sender: postmaster@awhome.eu) by player761.ha.ovh.net (Postfix) with ESMTPSA id 92034A59E466; Sat, 28 Sep 2019 18:19:03 +0000 (UTC) From: Alexander Wetzel DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de; s=wetzel-home; t=1569694742; bh=kIOJiZa5o+rcfsnMpdvmWR2HxTbAKrj5FNsZ4qpMX7U=; h=From:To:Cc:Subject:Date; b=oU2Ay998hPJU/WyrnEqmkRCR1MWigJNS/uJOZncW224nsQ7ao9Kk1Yey9QjY3m4L7 ZwaW1YKdaMnC6dXtWvyIyLMvJRVqmzVbALMosgr/aMobqrosmTLuseF9dQd1yEvx2V 3euNOVPSBJI5EmgOJzLKIiRBLONDf97wYM4F2Omc= To: j@w1.fi Subject: [PATCH v6a 0/7] Fixes for Extended Key ID patch series V6 Date: Sat, 28 Sep 2019 20:18:00 +0200 Message-Id: <20190928181807.180530-1-alexander@wetzel-home.de> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 X-Ovh-Tracer-Id: 11825045248496442620 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedufedrfeekgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190928_111915_846032_2D744261 X-CRM114-Status: GOOD ( 14.26 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [46.105.41.146 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexander Wetzel , hostap@lists.infradead.org, luca@coelho.fi, johannes@sipsolutions.net Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This is basically V7 of the series: Support seamless PTK rekeys with Extended Key ID As discussed by mail I'm not sending the full patches but only the differences compared to V6 of the series for better integration in your own test tree. Each patch is simply a fixup for the referenced V6 patch and only the first has some already discussed corrections to the commit message. But the patches assume you have the complete V6 patch series applied and are on top of if. Merging them in the correct position will cause merge conflicts. The full V7 patch series with the fixups moved to the correct position can be found here: https://www.awhome.eu/index.php/s/o5m9Q29n37zbEga in the folder V7. (I think I got the rebase right but did just confirm we have the same code in the end.) To make clear that this is not a independent patch set I'm calling it v6a. (The files from the link above with all "Fixes for" patches merged as fixups would be V7.) From a user point of view V6 and V6a will behave nearly identical, only some log messages should be better. From a programmers perspective it hopefully unifies the logic, streamlines the code a bit and adds a new test case with a TKIP only AP. I did a full test run again which indicates that nothing broke. You can again download it here: https://www.awhome.eu/index.php/s/jDQfpZmDGwsLPXA The new test run is be907f722-patched.tgz Changes compared to V6: - Improved TKIP detection (nicer logs and better logic) - Also use config checks for Extended Key ID activation, not only runtime - Simplify runtime checks due to the now existing config checks - Fixes some key_type for both hostap and wpa_supplicant - nl80211 now denies to install a pairwise key with the KEY_TYPE_DEFAULT set and has other minor cleanups - Fixes the bitmask for pairwise keys for consistency (no real effect) - Rewords some log messages Alexander Wetzel (7): Fixes for hostapd: Set the correct key_type for key installs Fixes for wpa_supplicant: Set the correct key_type for key installs Fixes for nl80211: Switch to the new key_type API & cleanup Fixes for hostapd: Add support for Extended Key ID Fixes for wpa_supplicant: AP Extended Key ID support Fixes for tests: Extended Key ID tests Fixes for wpa_supplicant: FILS Extended Key ID support src/ap/ap_config.c | 2 +- src/ap/ieee802_1x.c | 2 +- src/ap/wpa_auth.c | 2 +- src/ap/wpa_auth_ft.c | 6 +----- src/ap/wpa_auth_glue.c | 15 +++------------ src/ap/wpa_auth_ie.c | 33 ++++++++++++++++++++------------- src/drivers/driver_nl80211.c | 18 ++++++++++-------- tests/hwsim/hostapd.py | 13 ++++++------- tests/hwsim/test_ap_psk.py | 10 ++++++++++ wpa_supplicant/wpa_supplicant.c | 7 +++++-- wpa_supplicant/wpas_glue.c | 5 +++-- 11 files changed, 61 insertions(+), 52 deletions(-)