[00/40] Support for Pre association Security Negotiation (PASN)

Message ID	20191215093438.10120-1-ilan.peer@intel.com
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Ilan Peer <ilan.peer@intel.com> To: hostap@lists.infradead.org Subject: [PATCH 00/40] Support for Pre association Security Negotiation (PASN) Date: Sun, 15 Dec 2019 11:33:58 +0200 Message-Id: <20191215093438.10120-1-ilan.peer@intel.com> summary: Content analysis details: (-2.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [192.55.52.120 listed in list.dnswl.org] Precedence: list Cc: Ilan Peer <ilan.peer@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	Support for Pre association Security Negotiation (PASN) \| expand [00/40] Support for Pre association Security Negotiation (PASN) [02/40] driver: Extend send_mlme() with wait option [03/40] nl80211: Allow off-channel in send_mlme() [04/40] nl80211: Allow Tx status for authentication frames [05/40] nl80211: Always register for Rx authentication frames with PASN [06/40] WPA: Extend the wpa_pmk_to_ptk() function to also derive HLTK [07/40] FT: Extend the wpa_pmk_r1_to_ptk() function to also derive HLTK [08/40] WPA: Extend the fils_pmk_to_ptk() function to also derive HLTK [09/40] PASN: Add functions to compute PTK, MIC and hash [10/40] crypto: Add a function to get the ECDH prime len [11/40] WPA: Rename FILS wrapped data [12/40] common: Add support for element defragmentation [13/40] PASN: Add some specification definitions [14/40] PASN: Add common authentication frame build/validation functions [15/40] common: Add PASN parsing to ieee802_11_parse_extension() [16/40] common: Allow WPA_CIPHER_GTK_NOT_USED in RSNE parsing [17/40] WPA: Add a function to get PMKSA cache entry [18/40] WPA: Add PTKSA cache implementation [19/40] WPA: Add PTKSA cache to wpa_supplicant for PASN [20/40] PASN: Add support for PASN processing to the wpa_supplicant [21/40] ctrl_iface: Add support for PASN authentication [22/40] AP: Add support for configuring PASN [23/40] WPA_AUTH: Add PTKSA cache to hostapd [24/40] AP: Add support for PASN processing to the SME [25/40] tests: Add PASN test coverage [26/40] PASN: Support PASN with SAE key derivation [27/40] AP: Support PASN with SAE key derivation [28/40] tests: Add PASN tests with SAE [29/40] PASN: Support PASN with FILS key derivation [30/40] AP: Support PASN with FILS key derivation [31/40] tests: Add PASN with FILS tests [32/40] AP: Rename SAE anti clogging variables and functions [33/40] AP: Move anti clogging handling code [34/40] AP: Add support for PASN comeback flow [35/40] PASN: Add support for comeback flow to the wpa_supplicant [36/40] tests: Add PASN test with comeback flow [37/40] PASN: Support PASN with FT key derivation [38/40] AP: Support PASN with FT key derivation [39/40] tests: Add PASN tests with FT key derivation [40/40] tests: Add module tests for PASN PTK derivation

Message ID

20191215093438.10120-1-ilan.peer@intel.com

Headers

From: Ilan Peer <ilan.peer@intel.com>
To: hostap@lists.infradead.org
Subject: [PATCH 00/40] Support for Pre association Security Negotiation
	(PASN)
Date: Sun, 15 Dec 2019 11:33:58 +0200
Message-Id: <20191215093438.10120-1-ilan.peer@intel.com>
Precedence: list
Cc: Ilan Peer <ilan.peer@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

Support for Pre association Security Negotiation (PASN) | expand

Message

Ilan Peer Dec. 15, 2019, 9:33 a.m. UTC

The following series of patches is an implementation of the
Pre Association Security Negotiation (PASN) as defined in
Draft 802.11az_D1.5. In short, PASN is a mechanism to establish
security association and allow Management Frame Protection (MFP)
prior to association.

To support the PASN authentication flows while associated, the 3-way
authentication handshake is performed from the wpa_supplicant,
without the low level kernel driver being aware of the authentication
exchange, using the send_mlme() API which was extended to also allow
support for a wait option. In addition, some changes are introduced in
nl80211 driver to allow sending/receiving authentication frames.
To support processing of authentication frames in user space,
the following change in mac80211 is also required:

- https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git/commit/?id=2020ea4a16e35b28d50a77d883e2396995583f81

Since the PASN authentication relies on support for wrapped data and
element fragmentation/defragmentation, the patch set includes changes
that introduce support for the missing parts.

As one of the primary goals of PASN is to establish a PTKSA between
an non-AP station and an AP in an infrastructure networks, that can
later be used for secure LTF measurement exchange, an implementation
of a PTKSA is added to both wpa_supplicant and hostapd.

Finally, note that since the specification definitions are incomplete,
e.g., information element Ids etc. are missing, the implementation uses
internally set values, that should be updated once the specification
is complete.

Andrei Otcheretianski (1):
  driver_nl80211: Register for SAE AUTH frames more strictly

Ilan Peer (39):
  driver: Extend send_mlme() with wait option
  nl80211: Allow off-channel in send_mlme()
  nl80211: Allow Tx status for authentication frames
  nl80211: Always register for Rx authentication frames with PASN
  WPA: Extend the wpa_pmk_to_ptk() function to also derive HLTK
  FT: Extend the wpa_pmk_r1_to_ptk() function to also derive HLTK
  WPA: Extend the fils_pmk_to_ptk() function to also derive HLTK
  PASN: Add functions to compute PTK, MIC and hash
  crypto: Add a function to get the ECDH prime len
  WPA: Rename FILS wrapped data
  common: Add support for element defragmentation
  PASN: Add some specification definitions
  PASN: Add common authentication frame build/validation functions
  common: Add PASN parsing to ieee802_11_parse_extension()
  common: Allow WPA_CIPHER_GTK_NOT_USED in RSNE parsing
  WPA: Add a function to get PMKSA cache entry
  WPA: Add PTKSA cache implementation
  WPA: Add PTKSA cache to wpa_supplicant for PASN
  PASN: Add support for PASN processing to the wpa_supplicant
  ctrl_iface: Add support for PASN authentication
  AP: Add support for configuring PASN
  WPA_AUTH: Add PTKSA cache to hostapd
  AP: Add support for PASN processing to the SME
  tests: Add PASN test coverage
  PASN: Support PASN with SAE key derivation
  AP: Support PASN with SAE key derivation
  tests: Add PASN tests with SAE
  PASN: Support PASN with FILS key derivation
  AP: Support PASN with FILS key derivation
  tests: Add PASN with FILS tests
  AP: Rename SAE anti clogging variables and functions
  AP: Move anti clogging handling code
  AP: Add support for PASN comeback flow
  PASN: Add support for comeback flow to the wpa_supplicant
  tests: Add PASN test with comeback flow
  PASN: Support PASN with FT key derivation
  AP: Support PASN with FT key derivation
  tests: Add PASN tests with FT key derivation
  tests: Add module tests for PASN PTK derivation

 hostapd/Makefile                          |   10 +
 hostapd/config_file.c                     |   21 +-
 hostapd/ctrl_iface.c                      |    4 +
 hostapd/defconfig                         |    5 +
 hostapd/hostapd.conf                      |    8 +
 src/ap/ap_config.c                        |    6 +-
 src/ap/ap_config.h                        |   14 +-
 src/ap/ap_drv_ops.c                       |    4 +-
 src/ap/hostapd.h                          |   11 +-
 src/ap/ieee802_11.c                       | 1544 +++++++++++++++++---
 src/ap/ieee802_1x.c                       |    3 +-
 src/ap/sta_info.c                         |   34 +
 src/ap/sta_info.h                         |   46 +
 src/ap/wpa_auth.c                         |   40 +-
 src/ap/wpa_auth.h                         |   17 +
 src/ap/wpa_auth_ft.c                      |   21 +-
 src/ap/wpa_auth_glue.c                    |   39 +
 src/ap/wpa_auth_ie.c                      |    7 +
 src/common/Makefile                       |    4 +-
 src/common/common_module_tests.c          |  171 ++-
 src/common/defs.h                         |    3 +
 src/common/ieee802_11_common.c            |  124 +-
 src/common/ieee802_11_common.h            |   30 +-
 src/common/ieee802_11_defs.h              |    8 +-
 src/common/ptksa_cache.c                  |  321 +++++
 src/common/ptksa_cache.h                  |   84 ++
 src/common/wpa_common.c                   |  748 +++++++++-
 src/common/wpa_common.h                   |   80 +-
 src/common/wpa_ctrl.h                     |    3 +
 src/crypto/crypto.h                       |    1 +
 src/crypto/crypto_openssl.c               |    4 +
 src/crypto/crypto_wolfssl.c               |    4 +
 src/drivers/driver.h                      |    4 +-
 src/drivers/driver_hostap.c               |   11 +-
 src/drivers/driver_nl80211.c              |   42 +-
 src/drivers/driver_nl80211_event.c        |   39 +-
 src/rsn_supp/wpa.c                        |   52 +-
 src/rsn_supp/wpa.h                        |   36 +
 src/rsn_supp/wpa_ft.c                     |  105 +-
 src/rsn_supp/wpa_i.h                      |   30 +
 tests/hwsim/example-hostapd.config        |    2 +
 tests/hwsim/example-wpa_supplicant.config |    2 +
 tests/hwsim/hostapd.py                    |   17 +
 tests/hwsim/test_pasn.py                  |  624 +++++++++
 tests/hwsim/test_sae.py                   |    8 +-
 tests/hwsim/wpasupplicant.py              |   20 +
 wlantest/rx_eapol.c                       |    4 +-
 wlantest/rx_mgmt.c                        |    6 +-
 wpa_supplicant/Makefile                   |   11 +
 wpa_supplicant/config.c                   |    5 +
 wpa_supplicant/config.h                   |   10 +
 wpa_supplicant/ctrl_iface.c               |  109 ++
 wpa_supplicant/defconfig                  |    3 +
 wpa_supplicant/driver_i.h                 |    4 +-
 wpa_supplicant/events.c                   |   19 +
 wpa_supplicant/p2p_supplicant.c           |    2 +-
 wpa_supplicant/pasn_supplicant.c          | 1555 +++++++++++++++++++++
 wpa_supplicant/sme.c                      |    4 +-
 wpa_supplicant/wpa_cli.c                  |   36 +
 wpa_supplicant/wpa_supplicant.c           |   11 +
 wpa_supplicant/wpa_supplicant_i.h         |   78 ++
 wpa_supplicant/wpas_glue.c                |   34 +-
 62 files changed, 6025 insertions(+), 277 deletions(-)
 create mode 100644 src/common/ptksa_cache.c
 create mode 100644 src/common/ptksa_cache.h
 create mode 100644 tests/hwsim/test_pasn.py
 create mode 100644 wpa_supplicant/pasn_supplicant.c

Comments

Jouni Malinen Dec. 22, 2019, 9:05 a.m. UTC | #1

On Sun, Dec 15, 2019 at 11:33:58AM +0200, Ilan Peer wrote:
> The following series of patches is an implementation of the
> Pre Association Security Negotiation (PASN) as defined in
> Draft 802.11az_D1.5. In short, PASN is a mechanism to establish
> security association and allow Management Frame Protection (MFP)
> prior to association.

Does that D1.5-based implementation match what is there in D2.0? I don't
really like using temporary task group drafts Dx.y where y is not 0 for
implementation taken into account such a version has not been approved
even for an internal working group review.

> To support the PASN authentication flows while associated, the 3-way
> authentication handshake is performed from the wpa_supplicant,
> without the low level kernel driver being aware of the authentication
> exchange, using the send_mlme() API which was extended to also allow
> support for a wait option. In addition, some changes are introduced in
> nl80211 driver to allow sending/receiving authentication frames.
> To support processing of authentication frames in user space,
> the following change in mac80211 is also required:
> 
> - https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwifi.git/commit/?id=2020ea4a16e35b28d50a77d883e2396995583f81

What's the plan with that mac80211 change? I don't see it in
mac80211-next.git. I don't want to apply the hostap.git changes without
the upstream kernel having the needed functionality in place.

> Since the PASN authentication relies on support for wrapped data and
> element fragmentation/defragmentation, the patch set includes changes
> that introduce support for the missing parts.

Such helper parts might be fine for inclusion in hostap.git, but I don't
want to go through 40 patches to try to figure out what is ready to be
applied and what is not.

> e.g., information element Ids etc. are missing, the implementation uses
> internally set values, that should be updated once the specification
> is complete.

I do not like to apply functionality that uses arbitrary identifiers and
may conflict with other definitions. If all of these are within
CONFIG_PASN blocks and clearly documented as such, that might be doable,
but since not all the kernel components are in place either, it might
make more sense to wait for the P802.11az work to get a bit more
complete before applying some of the changes.

The hwsim test cases would also need to cleanly address cases where
either the driver/kernel does not support PASN or hostapd/wpa_supplicant
is built without PASN support (i.e., they need to SKIP, not FAIL).

I'm dropping this 40-patch series from my queue based on those comments.
I'd recommend sending the changes in smaller sets (say, at most about 10
or so patches at a time) and to start with clear interface updates or
generic functionality that is not specific to only PASN or that is
clearly stable enough in P802.11ax to implement now (and does not depend
on identifier values that have not yet been formally assigned). This
should not depend on missing upstream kernel functionality either.

Ilan Peer Dec. 22, 2019, 10:59 a.m. UTC | #2

Hi Jouni,

> On Sun, Dec 15, 2019 at 11:33:58AM +0200, Ilan Peer wrote:
> > The following series of patches is an implementation of the Pre
> > Association Security Negotiation (PASN) as defined in Draft
> > 802.11az_D1.5. In short, PASN is a mechanism to establish security
> > association and allow Management Frame Protection (MFP) prior to
> > association.
> 
> Does that D1.5-based implementation match what is there in D2.0? I don't
> really like using temporary task group drafts Dx.y where y is not 0 for
> implementation taken into account such a version has not been approved
> even for an internal working group review.
> 

AFAICT, there are no changes related to implemented functionality between
version D1.5 and between version D2.0, but as I would need to submit the
series again, I'll double check it.

> >
> > -
> > https://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/backport-iwlwi
> > fi.git/commit/?id=2020ea4a16e35b28d50a77d883e2396995583f81
> 
> What's the plan with that mac80211 change? I don't see it in mac80211-
> next.git. I don't want to apply the hostap.git changes without the upstream
> kernel having the needed functionality in place.
> 

This indeed required a revised implementation to better handle versions of
wpa_supplicant that always register to all types of authentication frames (as handled
in the first patch in the series). A revised version of this patch would probably
be sent to the mailing list by Luca sometime soon. If needed I can sent it (but as
this patch set is dropped, this is probably not urgent).

> > Since the PASN authentication relies on support for wrapped data and
> > element fragmentation/defragmentation, the patch set includes changes
> > that introduce support for the missing parts.
> 
> Such helper parts might be fine for inclusion in hostap.git, but I don't want to
> go through 40 patches to try to figure out what is ready to be applied and
> what is not.

Sure.

> > e.g., information element Ids etc. are missing, the implementation
> > uses internally set values, that should be updated once the
> > specification is complete.
> 
> I do not like to apply functionality that uses arbitrary identifiers and may
> conflict with other definitions. If all of these are within CONFIG_PASN blocks
> and clearly documented as such, that might be doable, but since not all the

All such changes are documented, but I'll add the CONFIG_PASN.

> kernel components are in place either, it might make more sense to wait for
> the P802.11az work to get a bit more complete before applying some of the
> changes.
> 
> The hwsim test cases would also need to cleanly address cases where either
> the driver/kernel does not support PASN or hostapd/wpa_supplicant is built
> without PASN support (i.e., they need to SKIP, not FAIL).

Will do for wpa_supplicant/hostapd. I'll need to figure out how to handle it
in the kernel, as the kernel did not require any changes other than the one
mentioned above.

> 
> I'm dropping this 40-patch series from my queue based on those comments.
> I'd recommend sending the changes in smaller sets (say, at most about 10 or
> so patches at a time) and to start with clear interface updates or generic
> functionality that is not specific to only PASN or that is clearly stable enough
> in P802.11ax to implement now (and does not depend on identifier values
> that have not yet been formally assigned). This should not depend on
> missing upstream kernel functionality either.
> 

Sounds like a good plan 😊

FWIW, I understand that this submission was not idle, but I just wanted to push
this out so it would be available for others for use. 

Thanks!

Ilan.