[27/40] AP: Support PASN with SAE key derivation

Message ID	20191215093438.10120-28-ilan.peer@intel.com
State	Changes Requested
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Ilan Peer <ilan.peer@intel.com> To: hostap@lists.infradead.org Subject: [PATCH 27/40] AP: Support PASN with SAE key derivation Date: Sun, 15 Dec 2019 11:34:25 +0200 Message-Id: <20191215093438.10120-28-ilan.peer@intel.com> In-Reply-To: <20191215093438.10120-1-ilan.peer@intel.com> References: <20191215093438.10120-1-ilan.peer@intel.com> summary: Content analysis details: (-2.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [192.55.52.43 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record Precedence: list Cc: Ilan Peer <ilan.peer@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	Support for Pre association Security Negotiation (PASN) \| expand [00/40] Support for Pre association Security Negotiation (PASN) [02/40] driver: Extend send_mlme() with wait option [03/40] nl80211: Allow off-channel in send_mlme() [04/40] nl80211: Allow Tx status for authentication frames [05/40] nl80211: Always register for Rx authentication frames with PASN [06/40] WPA: Extend the wpa_pmk_to_ptk() function to also derive HLTK [07/40] FT: Extend the wpa_pmk_r1_to_ptk() function to also derive HLTK [08/40] WPA: Extend the fils_pmk_to_ptk() function to also derive HLTK [09/40] PASN: Add functions to compute PTK, MIC and hash [10/40] crypto: Add a function to get the ECDH prime len [11/40] WPA: Rename FILS wrapped data [12/40] common: Add support for element defragmentation [13/40] PASN: Add some specification definitions [14/40] PASN: Add common authentication frame build/validation functions [15/40] common: Add PASN parsing to ieee802_11_parse_extension() [16/40] common: Allow WPA_CIPHER_GTK_NOT_USED in RSNE parsing [17/40] WPA: Add a function to get PMKSA cache entry [18/40] WPA: Add PTKSA cache implementation [19/40] WPA: Add PTKSA cache to wpa_supplicant for PASN [20/40] PASN: Add support for PASN processing to the wpa_supplicant [21/40] ctrl_iface: Add support for PASN authentication [22/40] AP: Add support for configuring PASN [23/40] WPA_AUTH: Add PTKSA cache to hostapd [24/40] AP: Add support for PASN processing to the SME [25/40] tests: Add PASN test coverage [26/40] PASN: Support PASN with SAE key derivation [27/40] AP: Support PASN with SAE key derivation [28/40] tests: Add PASN tests with SAE [29/40] PASN: Support PASN with FILS key derivation [30/40] AP: Support PASN with FILS key derivation [31/40] tests: Add PASN with FILS tests [32/40] AP: Rename SAE anti clogging variables and functions [33/40] AP: Move anti clogging handling code [34/40] AP: Add support for PASN comeback flow [35/40] PASN: Add support for comeback flow to the wpa_supplicant [36/40] tests: Add PASN test with comeback flow [37/40] PASN: Support PASN with FT key derivation [38/40] AP: Support PASN with FT key derivation [39/40] tests: Add PASN tests with FT key derivation [40/40] tests: Add module tests for PASN PTK derivation

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index ad307c81d5..770c13daab 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -407,27 +407,16 @@ static void sae_set_state(struct sta_info *sta, enum sae_state state, } -static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, - struct sta_info *sta, int update, - int status_code) +static const char *sae_get_password(struct hostapd_data *hapd, + struct sta_info *sta, + const char *rx_id, + struct sae_password_entry **pw_entry, + struct sae_pt **s_pt) { - struct wpabuf *buf; const char *password = NULL; struct sae_password_entry *pw; - const char *rx_id = NULL; - int use_pt = 0; struct sae_pt *pt = NULL; - if (sta->sae->tmp) { - rx_id = sta->sae->tmp->pw_id; - use_pt = sta->sae->tmp->h2e; - } - - if (status_code == WLAN_STATUS_SUCCESS) - use_pt = 0; - else if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) - use_pt = 1; - for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) { if (!is_broadcast_ether_addr(pw->peer_addr) && os_memcmp(pw->peer_addr, sta->addr, ETH_ALEN) != 0) @@ -441,11 +430,44 @@ static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, pt = pw->pt; break; } + if (!password) { password = hapd->conf->ssid.wpa_passphrase; pt = hapd->conf->ssid.pt; } - if (!password || (use_pt && !pt)) { + + if (pw_entry) + *pw_entry = pw; + if (s_pt) + *s_pt = pt; + + return password; +} + + +static struct wpabuf *auth_build_sae_commit(struct hostapd_data *hapd, + struct sta_info *sta, int update, + int status_code) +{ + struct wpabuf *buf; + const char *password = NULL; + struct sae_password_entry *pw; + const char *rx_id = NULL; + int use_pt = 0; + struct sae_pt *pt = NULL; + + if (sta->sae->tmp) { + rx_id = sta->sae->tmp->pw_id; + use_pt = sta->sae->tmp->h2e; + } + + if (status_code == WLAN_STATUS_SUCCESS) + use_pt = 0; + else if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) + use_pt = 1; + + password = sae_get_password(hapd, sta, rx_id, &pw, &pt); + if (!password ||(use_pt && !pt)) { wpa_printf(MSG_DEBUG, "SAE: No password available"); return NULL; } @@ -2145,6 +2167,181 @@ ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta, #ifdef CONFIG_PASN +#ifdef CONFIG_SAE + +static int pasn_wd_handle_sae_commit(struct hostapd_data *hapd, + struct sta_info *sta, + struct wpabuf *wd) +{ + struct pasn_data *pasn = sta->pasn; + const char *password = NULL; + const u8 *data; + size_t buf_len; + u16 res, alg, seq, status; + int groups[] = { pasn->group, 0 }; + int ret; + + if (!wd) + return -1; + + data = wpabuf_head_u8(wd); + buf_len = wpabuf_len(wd); + + if (buf_len < 6) { + wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short. len=%lu", + buf_len); + return -1; + } + + alg = WPA_GET_LE16(data); + seq = WPA_GET_LE16(data + 2); + status = WPA_GET_LE16(data + 4); + + wpa_printf(MSG_DEBUG, "PASN: SAE: commit: alg=%u, seq=%u, status=%u", + alg, seq, status); + + if (alg != WLAN_AUTH_SAE || seq != 1 || status != WLAN_STATUS_SUCCESS) { + wpa_printf(MSG_DEBUG, "PASN: SAE: dropping peer commit"); + return -1; + } + + sae_clear_data(&pasn->sae); + pasn->sae.state = SAE_NOTHING; + + ret = sae_set_group(&pasn->sae, pasn->group); + if (ret) { + wpa_printf(MSG_DEBUG, "PASN: Failed to set SAE group"); + return -1; + } + + password = sae_get_password(hapd, sta, NULL, NULL, NULL); + if (!password) { + wpa_printf(MSG_DEBUG, "PASN: No SAE password found"); + return -1; + } + + ret = sae_prepare_commit(hapd->own_addr, sta->addr, + (u8 *)password, + os_strlen(password), 0, + &pasn->sae); + if (ret) { + wpa_printf(MSG_DEBUG, "PASN: Failed to prepare SAE commit"); + return -1; + } + + res = sae_parse_commit(&pasn->sae, data + 6, buf_len - 6, NULL, 0, + groups, 0); + if (res != WLAN_STATUS_SUCCESS) { + wpa_printf(MSG_DEBUG, "PASN: SAE failed parsing commit"); + return -1; + } + + /* process the commit message and derive the PMK */ + ret = sae_process_commit(&pasn->sae); + if (ret) { + wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit"); + return -1; + } + + pasn->sae.state = SAE_COMMITTED; + + return 0; +} + + +static int pasn_wd_handle_sae_confirm(struct hostapd_data *hapd, + struct sta_info *sta, + struct wpabuf *wd) +{ + struct pasn_data *pasn = sta->pasn; + const u8 *data; + size_t buf_len; + u16 res, alg, seq, status; + + if (!wd) + return -1; + + data = wpabuf_head_u8(wd); + buf_len = wpabuf_len(wd); + + if (buf_len < 6) { + wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short. len=%lu", + buf_len); + return -1; + } + + alg = WPA_GET_LE16(data); + seq = WPA_GET_LE16(data + 2); + status = WPA_GET_LE16(data + 4); + + wpa_printf(MSG_DEBUG, "PASN: SAE: commit: alg=%u, seq=%u, status=%u", + alg, seq, status); + + if (alg != WLAN_AUTH_SAE || seq != 2 || status != WLAN_STATUS_SUCCESS) { + wpa_printf(MSG_DEBUG, "PASN: SAE: dropping peer commit"); + return -1; + } + + res = sae_check_confirm(&pasn->sae, data + 6, buf_len - 6); + if (res != WLAN_STATUS_SUCCESS) { + wpa_printf(MSG_DEBUG, "PASN: SAE failed checking confirm"); + return -1; + } + + pasn->sae.state = SAE_ACCEPTED; + + /* + * TODO: Based on on P802.11az_D1.5, the PMKSA derived with PASN/SAE + * should only be allowed with future PASN only. For now do not restrict + * this only for PASN. + */ + wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr, + pasn->sae.pmk, pasn->sae.pmkid); + return 0; +} + + +static struct wpabuf *pasn_get_sae_wd(struct hostapd_data *hapd, + struct sta_info *sta) +{ + struct pasn_data *pasn = sta->pasn; + struct wpabuf *buf = NULL; + u8 *len_ptr; + size_t len; + + /* Need to add the entire authentication frame body */ + buf = wpabuf_alloc(8 + SAE_COMMIT_MAX_LEN + 8 + SAE_CONFIRM_MAX_LEN); + if (!buf) { + wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer"); + return NULL; + } + + /* Need to add the entire authentication frame body for the commit */ + len_ptr = wpabuf_put(buf, 2); + wpabuf_put_le16(buf, WLAN_AUTH_SAE); + wpabuf_put_le16(buf, 1); + wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); + + /* write the actual commit and update the length accordingly */ + sae_write_commit(&pasn->sae, buf, NULL, 0); + len = wpabuf_len(buf); + WPA_PUT_LE16(len_ptr, len - 2); + + /* Need to add the entire authentication frame body for the confirm */ + len_ptr = wpabuf_put(buf, 2); + wpabuf_put_le16(buf, WLAN_AUTH_SAE); + wpabuf_put_le16(buf, 2); + wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); + + sae_write_confirm(&pasn->sae, buf); + WPA_PUT_LE16(len_ptr, wpabuf_len(buf) - len - 2); + + pasn->sae.state = SAE_CONFIRMED; + + return buf; +} + +#endif /* CONFIG_SAE */ static struct wpabuf *pasn_get_wrapped_data(struct hostapd_data *hapd, struct sta_info *sta) @@ -2154,6 +2351,10 @@ static struct wpabuf *pasn_get_wrapped_data(struct hostapd_data *hapd, /* no wrapped data */ return NULL; case WPA_KEY_MGMT_SAE: +#ifdef CONFIG_SAE + return pasn_get_sae_wd(hapd, sta); +#endif /* CONFIG_SAE */ + /* fall through */ case WPA_KEY_MGMT_FILS_SHA256: case WPA_KEY_MGMT_FILS_SHA384: case WPA_KEY_MGMT_FT_PSK: @@ -2197,11 +2398,22 @@ pasn_derive_keys(struct hostapd_data *hapd, struct sta_info *sta, pmk_len = pmksa->pmk_len; os_memcpy(pmk, pmksa->pmk, pmksa->pmk_len); } else { - /* TODO: derive PMK based on wrapped data */ - wpa_printf(MSG_DEBUG, - "PASN: missing implementation to derive PMK"); - - return -1; + switch (sta->pasn->akmp) { +#ifdef CONFIG_SAE + case WPA_KEY_MGMT_SAE: + if (sta->pasn->sae.state == SAE_COMMITTED) { + pmk_len = PMK_LEN; + os_memcpy(pmk, sta->pasn->sae.pmk, PMK_LEN); + break; + } +#endif /* CONFIG_SAE */ + /* fall through */ + default: + /* TODO: derive PMK based on wrapped data */ + wpa_printf(MSG_DEBUG, + "PASN: missing PMK derivation"); + return -1; + } } ret = pasn_pmk_to_ptk(pmk, pmk_len, @@ -2438,6 +2650,19 @@ static void handle_auth_pasn_1(struct hostapd_data *hapd, struct sta_info *sta, status = WLAN_STATUS_UNSPECIFIED_FAILURE; goto send_resp; } + +#ifdef CONFIG_SAE + if (sta->pasn->akmp == WPA_KEY_MGMT_SAE) { + ret = pasn_wd_handle_sae_commit(hapd, sta, + wrapped_data); + if (ret) { + wpa_printf(MSG_DEBUG, + "PASN: failed processing SAE commit"); + status = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto send_resp; + } + } +#endif /* CONFIG_SAE */ } sta->pasn->wrapped_data_format = pasn_params.wrapped_data_format; @@ -2562,7 +2787,18 @@ static void handle_auth_pasn_3(struct hostapd_data *hapd, struct sta_info *sta, goto fail; } - /* TODO: handle wrapped data */ +#ifdef CONFIG_SAE + if (sta->pasn->akmp == WPA_KEY_MGMT_SAE) { + ret = pasn_wd_handle_sae_confirm(hapd, sta, + wrapped_data); + if (ret) { + wpa_printf(MSG_DEBUG, + "PASN: failed processing SAE confirm"); + wpabuf_free(wrapped_data); + goto fail; + } + } +#endif /* CONFIG_SAE */ wpabuf_free(wrapped_data); } diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c index 1d27319654..51474b2a75 100644 --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c @@ -165,6 +165,9 @@ void ap_free_sta_pasn(struct hostapd_data *hapd, struct sta_info *sta) if (sta->pasn) { if (sta->pasn->ecdh) crypto_ecdh_deinit(sta->pasn->ecdh); +#ifdef CONFIG_SAE + sae_clear_data(&sta->pasn->sae); +#endif /* CONFIG_SAE */ os_free(sta->pasn); sta->pasn = NULL; } diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h index 4c1c20c150..3666d51b7a 100644 --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h @@ -15,6 +15,7 @@ #include "common/wpa_common.h" #include "common/ieee802_11_defs.h" #include "crypto/sha384.h" +#include "common/sae.h" /* STA flags */ #define WLAN_STA_AUTH BIT(0) @@ -74,6 +75,10 @@ struct pasn_data { u8 hash[SHA384_MAC_LEN]; struct wpa_ptk ptk; struct crypto_ecdh *ecdh; + +#ifdef CONFIG_SAE + struct sae_data sae; +#endif /* CONFIG_SAE */ }; struct sta_info {

[27/40] AP: Support PASN with SAE key derivation

Commit Message

Patch