[0/3] Allow to block PTK0 rekeys

Message ID	20200110221910.312529-1-alexander@wetzel-home.de
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> sender: postmaster@awhome.eu) by player756.ha.ovh.net (Postfix) with ESMTPSA id D632FD437173; Fri, 10 Jan 2020 22:19:25 +0000 (UTC) From: Alexander Wetzel <alexander@wetzel-home.de> To: j@w1.fi Subject: [PATCH 0/3] Allow to block PTK0 rekeys Date: Fri, 10 Jan 2020 23:19:07 +0100 Message-Id: <20200110221910.312529-1-alexander@wetzel-home.de> MIME-Version: 1.0 summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [46.105.63.100 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Precedence: list Cc: hostap@lists.infradead.org, Alexander Wetzel <alexander@wetzel-home.de> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	Allow to block PTK0 rekeys \| expand [0/3] Allow to block PTK0 rekeys [1/3] AP: Address PTK rekey issues [2/3] wpa_supplicant: Address PTK rekey issues [3/3] tests: Allow PTK0 rekey for tests

Message ID

20200110221910.312529-1-alexander@wetzel-home.de

Headers

From: Alexander Wetzel <alexander@wetzel-home.de>
To: j@w1.fi
Subject: [PATCH 0/3] Allow to block PTK0 rekeys
Date: Fri, 10 Jan 2020 23:19:07 +0100
Message-Id: <20200110221910.312529-1-alexander@wetzel-home.de>
MIME-Version: 1.0
Precedence: list
Cc: hostap@lists.infradead.org, Alexander Wetzel <alexander@wetzel-home.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

Allow to block PTK0 rekeys | expand

Message

Alexander Wetzel Jan. 10, 2020, 10:19 p.m. UTC

This is basically V2 of the PTK0 rekey handling patch series from
"[Patch v9 00/16] Seamless PTK rekeys".

It's now by default allowing to rekey PTKs which is for sure the less
painful one to maintain and the users affected by the issue have to
manually enable the workaround.

It has no other relevant changes and is not breaking any tests for me.
I'll wait till this has been merged/handled till posting the Extended Key
ID patches again.

Alexander Wetzel (3):
  AP: Address PTK rekey issues
  wpa_supplicant: Address PTK rekey issues
  tests: Allow PTK0 rekey for tests

 hostapd/config_file.c              |  9 +++++++
 hostapd/hostapd.conf               | 34 +++++++++++++++++++++++++
 src/ap/ap_config.c                 |  1 +
 src/ap/ap_config.h                 |  1 +
 src/ap/wpa_auth.c                  | 23 +++++++++++++++--
 src/ap/wpa_auth.h                  |  1 +
 src/ap/wpa_auth_glue.c             | 14 ++++++++++
 src/common/defs.h                  |  6 +++++
 src/eapol_supp/eapol_supp_sm.c     | 15 +++++++++++
 src/eapol_supp/eapol_supp_sm.h     |  8 ++++++
 src/rsn_supp/wpa.c                 | 18 +++++++++++++
 src/rsn_supp/wpa.h                 |  3 +++
 src/rsn_supp/wpa_i.h               |  7 +++++
 tests/hwsim/hostapd.py             |  2 +-
 tests/hwsim/test_ap_eap.py         | 40 +++++++++++++++++++++++++++++
 tests/hwsim/test_ap_psk.py         | 41 +++++++++++++++++++++++++++++-
 tests/hwsim/wpasupplicant.py       |  2 +-
 wpa_supplicant/ap.c                |  1 +
 wpa_supplicant/config.c            |  2 ++
 wpa_supplicant/config_file.c       |  1 +
 wpa_supplicant/config_ssid.h       | 12 +++++++++
 wpa_supplicant/events.c            | 16 +++++++-----
 wpa_supplicant/ibss_rsn.c          |  9 ++++++-
 wpa_supplicant/notify.c            | 10 ++++++++
 wpa_supplicant/notify.h            |  1 +
 wpa_supplicant/wpa_cli.c           |  4 +--
 wpa_supplicant/wpa_supplicant.c    | 28 +++++++++++++++++++-
 wpa_supplicant/wpa_supplicant.conf | 25 ++++++++++++++++++
 wpa_supplicant/wpa_supplicant_i.h  |  3 +++
 wpa_supplicant/wpas_glue.c         | 17 +++++++++++++
 30 files changed, 339 insertions(+), 15 deletions(-)

Comments

Jouni Malinen Feb. 23, 2020, 1:08 p.m. UTC | #1

On Fri, Jan 10, 2020 at 11:19:07PM +0100, Alexander Wetzel wrote:
> This is basically V2 of the PTK0 rekey handling patch series from
> "[Patch v9 00/16] Seamless PTK rekeys".
> 
> It's now by default allowing to rekey PTKs which is for sure the less
> painful one to maintain and the users affected by the issue have to
> manually enable the workaround.
> 
> It has no other relevant changes and is not breaking any tests for me.
> I'll wait till this has been merged/handled till posting the Extended Key
> ID patches again.
> 
> Alexander Wetzel (3):
>   AP: Address PTK rekey issues
>   wpa_supplicant: Address PTK rekey issues
>   tests: Allow PTK0 rekey for tests

Thanks, applied with some cleanup and fixes. I had to also pull in
"nl80211: Add support for CAN_REPLACE_PTK0" from the previous series to
get this compiling.