From patchwork Tue Aug  6 05:33:15 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ouden Lin <ouden.biz@gmail.com>
X-Patchwork-Id: 1142602
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="TenMXeBD";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="Tgotl4gk"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 462jwc1Lrlz9sDB
	for <incoming@patchwork.ozlabs.org>;
	Tue,  6 Aug 2019 15:33:36 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From:
	MIME-Version:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=kEt6H2JZqSc69vDH+S44iMNvc48bBSOtNsT+4dVLbTw=;
	b=Ten
	MXeBDcZgv79ZB/GI7JGkhgGrYwKsoUURcweztOpqR+ffD866OXwjOzUHCwGEdZIEuqC0BWaYu1iRc
	nqPGW99SeKj0JBCg1O/N/bxxv7XBGlv7XnN9kESyGsEMyXFwFhl6HrH8n7HXk/sS1GQVrnRFmQdiR
	2EbQydHYL/pbalcURpJ0b2ahfK3p17wJwFk4urI+FiMgi2mE7pHvepyiOi1uVIerZS7G2Njfb1XC4
	Fy/qnI5wbKiGj9sOGvlRvKlu6nZXWJQ++CLmsI4KuqG2Zt028i8LZSZ2ap8lcW2sPgOEzj2rjrbMW
	e5w/JHcwe7xR0oZrPZIRD6YBXVJqvUw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux))
	id 1hus6F-0001DY-AS; Tue, 06 Aug 2019 05:33:31 +0000
Received: from mail-lf1-x12b.google.com ([2a00:1450:4864:20::12b])
	by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux))
	id 1hus6D-0001D6-8M
	for hostap@lists.infradead.org; Tue, 06 Aug 2019 05:33:30 +0000
Received: by mail-lf1-x12b.google.com with SMTP id b29so52714855lfq.1
	for <hostap@lists.infradead.org>;
	Mon, 05 Aug 2019 22:33:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=mime-version:from:date:message-id:subject:to;
	bh=/HPNRUBHzVHdrTXP1EoJ+MRVWL/eg7n/kYqV96vQm9c=;
	b=Tgotl4gkOe9J3czbb0RkwqGydpg51OQ/9Y6kd3lH1STE/QC7rGu5xSoSih0xFrcWTr
	C8ylangdrXActghhItp4ypjMz7MN3CorF2tRjRq69vxALn+miUUFiSWo7CxotLpx7Wrv
	mmVXJfiFInZw7mrs49vSrmIkIDuit2amdSwMbeYfvXQUHGbfuS4ULDdO9o/Y7yznwyPf
	El1RwcLcwgOAHdaU9j5YWSIXeNbxcPQps7GMGMRvjwpAfnX9991UObuUklcTg0xuHSkv
	C7E9rz2Tt42TVAJFXC7xJF9Pz9jvAVTZMe44hm7vvKn599DxlAhVB2TCDuTQIB8SGmmc
	21lA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
	bh=/HPNRUBHzVHdrTXP1EoJ+MRVWL/eg7n/kYqV96vQm9c=;
	b=S43A9Tq7bol7ldgekbLga85c5wl0mU7S3lcyOLkrypMGwjiyyde9WoCVWcPXM8+BMk
	EJCR4xrOlkC30tyJgnhxBFJzPMw8/wynMi1ffX3qgiafEJFhChK8EbhrMqNT+QAWR7DI
	vfPVWNhTSJQJyxl6KPnlqutHIPZmPg7ZPPWA0EN/AquA8cexcD9DAP3bTSroTIxksp6h
	vxvAVOYq5J88RBeBcnEAOOMjOwQRucX6uAUyS9o7jw0SvfwuIrwOOVfSPWlcuELqaUAF
	OC0kHfooBuhygXamz6NnYLAbcP3cmeWobNfZEWnc6GU8TXzUJfqJG1eC0soDilqLLE+b
	+rXw==
X-Gm-Message-State: APjAAAXKF+QESXhHFxg1EIBxVcsxD306HvrQveXJM1jcapuZpdk33Hnm
	PATBhvXS2ZJjAYDDmFy6eIV8XAGRzHR8plfSpWhuiIcR
X-Google-Smtp-Source: 
 APXvYqwv2XReXY+ezD1uP/XkmlMzPFSCzJ0jAvMpopylpvostK5iiejui2yaaJELuwEu98Oj4lcNw2Ks2Xa9a0q6pG4=
X-Received: by 2002:ac2:5094:: with SMTP id f20mr969222lfm.53.1565069606741;
	Mon, 05 Aug 2019 22:33:26 -0700 (PDT)
MIME-Version: 1.0
From: "Ouden.Biz Lin" <ouden.biz@gmail.com>
Date: Tue, 6 Aug 2019 13:33:15 +0800
Message-ID: 
 <CACYaJDQW9wTFX8zoKMn-VMVPVomvd5CzDYSXjPTXSjQQt4M-Fw@mail.gmail.com>
Subject: Mesh: Support BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256
To: hostap@lists.infradead.org
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190805_223329_324999_1E1BCD26 
X-CRM114-Status: GOOD (  10.69  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [2a00:1450:4864:20:0:0:0:12b listed in]
	[list.dnswl.org]
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (ouden.biz[at]gmail.com)
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Dear There,

Mesh was hardcoded to use BIP-CMAC-128 if PMF was enabled.
We hope to extend that to allow the other BIP algorithms to be used.

1) Assign the WPA_CIPHER_BIT_* by the ssid->group_mgmt cipher
2) The maximum size of AMPE IE is 160 bytes, not 96 bytes, plus the
two bytes of the IE header.
   The 64 bytes added are MGTK [variable] and IGTK [variable] at the
256 bits crypto.

Please help to confirm that. Thank you.

  if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) {

diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 7354c1b79..7dcd6f96c 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -116,8 +116,26 @@ static struct mesh_conf *
mesh_config_create(struct wpa_supplicant *wpa_s,
  }

  conf->group_cipher = cipher;
- if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
- conf->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
+
+#ifdef CONFIG_IEEE80211W
+ if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+ if (ssid->group_mgmt_cipher &
+ WPA_CIPHER_BIP_GMAC_256)
+ conf->mgmt_group_cipher =
+ WPA_CIPHER_BIP_GMAC_256;
+ else if (ssid->group_mgmt_cipher &
+ WPA_CIPHER_BIP_CMAC_256)
+ conf->mgmt_group_cipher =
+ WPA_CIPHER_BIP_CMAC_256;
+ else if (ssid->group_mgmt_cipher &
+ WPA_CIPHER_BIP_GMAC_128)
+ conf->mgmt_group_cipher =
+ WPA_CIPHER_BIP_GMAC_128;
+ else
+ conf->mgmt_group_cipher =
+ WPA_CIPHER_AES_128_CMAC;
+ }
+#endif /* CONFIG_IEEE80211W */

  /* defaults */
  conf->mesh_pp_id = MESH_PATH_PROTOCOL_HWMP;
diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c
index 4a163b6eb..01b970715 100644
--- a/wpa_supplicant/mesh_mpm.c
+++ b/wpa_supplicant/mesh_mpm.c
@@ -231,7 +231,7 @@ static void mesh_mpm_send_plink_action(struct
wpa_supplicant *wpa_s,
    2 + 32 + /* mesh ID */
    2 + 7 +  /* mesh config */
    2 + 24 + /* peering management */
-   2 + 96 + /* AMPE */
+   2 + 160 + /* AMPE */
    2 + 16;  /* MIC */
 #ifdef CONFIG_IEEE80211N