From patchwork Sun Mar 15 19:04:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Wetzel X-Patchwork-Id: 1255144 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=wetzel-home.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20170209 header.b=Pe4uNswQ; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=wetzel-home.de header.i=@wetzel-home.de header.a=rsa-sha256 header.s=wetzel-home header.b=KWeMQiio; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48gTRk4QPXz9sPJ for ; Mon, 16 Mar 2020 06:06:10 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=xHmmAsf0rxS9Fr4J3v+zzmCV7mNnj/Lta2bXfgC2JvI=; b=Pe4uNswQSA1fAC Bjji9G5KHFqaMfQoJBneaabq4dxoJDTJzsODd8e/PB/MbmuBGOEXS9iydrIenSkYqTBHGe8hAv3g9 6l8jp/7ooUxQ7Y8GBVNt+RKhK7Onb3aqlBL09u5ILCqJNuOfqp6IQBgbHTC9ba+TixW0TE2ClrGgK xgpfD1hKZlHTIfYbYOTXHX2bNY4RcB+Adh7vKqiViKtidVOEh0tyabztteWxtD62rDHuZkAHV5xxU Fs7pjXQk8zCIPam1RAD1c3IYFiW88foGW+huASw4HoHZpmZKRkqegfuXVHPQdD2RwR5skOYL1ahSr 7Xc7GrAErDLJlE+GrIJA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jDYaD-00089n-RN; Sun, 15 Mar 2020 19:05:57 +0000 Received: from 3.mo1.mail-out.ovh.net ([46.105.60.232]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jDYZQ-000601-6F for hostap@lists.infradead.org; Sun, 15 Mar 2020 19:05:12 +0000 Received: from player746.ha.ovh.net (unknown [10.108.54.38]) by mo1.mail-out.ovh.net (Postfix) with ESMTP id 382601B4DBC for ; Sun, 15 Mar 2020 20:04:55 +0100 (CET) Received: from awhome.eu (p4FF9153C.dip0.t-ipconnect.de [79.249.21.60]) (Authenticated sender: postmaster@awhome.eu) by player746.ha.ovh.net (Postfix) with ESMTPSA id DCA751083EF14; Sun, 15 Mar 2020 19:04:51 +0000 (UTC) From: Alexander Wetzel DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de; s=wetzel-home; t=1584299088; bh=cEBRpaWUmY9h1oO4NnvewpnvHEJWNEYqKsPXAHG4XUY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=KWeMQiioK6r+nWEzNdBsS5nitXmPnpSboJwROVuLabuiIEC3ZMA90hw8NKfogeyDK NLk0YW4kCaH/hnCRSKQSxiD29OlNBpJRoYXY917jfC8FuKSQTPheCpI+gmvT6Tik6m IGCmdZqeoxlG1a6R6UmepyC2yNX0zLQS3lzhfJas= To: j@w1.fi Subject: [PATCH 3/8] common: Extended Key ID support Date: Sun, 15 Mar 2020 20:04:21 +0100 Message-Id: <20200315190426.163478-4-alexander@wetzel-home.de> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200315190426.163478-1-alexander@wetzel-home.de> References: <20200315190426.163478-1-alexander@wetzel-home.de> MIME-Version: 1.0 X-Ovh-Tracer-Id: 8959067036293864640 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrudefuddgvdehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefhvffufffkofgjfhgggfestdekredtredttdenucfhrhhomheptehlvgigrghnuggvrhcuhggvthiivghluceorghlvgigrghnuggvrhesfigvthiivghlqdhhohhmvgdruggvqeenucfkpheptddrtddrtddrtddpjeelrddvgeelrddvuddriedtnecuvehluhhsthgvrhfuihiivgepvdenucfrrghrrghmpehmohguvgepshhmthhpqdhouhhtpdhhvghlohepphhlrgihvghrjeegiedrhhgrrdhovhhhrdhnvghtpdhinhgvtheptddrtddrtddrtddpmhgrihhlfhhrohhmpegrlhgvgigrnhguvghrseifvghtiigvlhdqhhhomhgvrdguvgdprhgtphhtthhopehhohhsthgrpheslhhishhtshdrihhnfhhrrgguvggrugdrohhrgh X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200315_120508_646456_741F3528 X-CRM114-Status: GOOD ( 14.31 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.3 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [46.105.60.232 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [46.105.60.232 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: hostap@lists.infradead.org, Alexander Wetzel Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add shared functions and variables for Extended Key ID support: - Add "enum ext_key_id_support" for config options - Add helper functions to read/write Extended Key ID config options - Add the new driver flag WPA_DRIVER_FLAGS_EXTENDED_KEY_ID Signed-off-by: Alexander Wetzel --- src/common/defs.h | 10 +++ src/common/wpa_common.c | 123 ++++++++++++++++++++++++++++++++++++ src/common/wpa_common.h | 2 + src/drivers/driver.h | 2 + src/drivers/driver_common.c | 1 + 5 files changed, 138 insertions(+) diff --git a/src/common/defs.h b/src/common/defs.h index f62c3ceee..e2033dd20 100644 --- a/src/common/defs.h +++ b/src/common/defs.h @@ -472,4 +472,14 @@ enum ptk0_rekey_handling { PTK0_REKEY_ALLOW_NEVER }; +enum ext_key_id_support { + EXT_KEY_ID_PREFER0 = BIT(0), + EXT_KEY_ID_BASIC = BIT(1), + EXT_KEY_ID_FT0 = BIT(2), + EXT_KEY_ID_FILS0 = BIT(3), + EXT_KEY_ID_FILS_CUSTOM = BIT(4), + EXT_KEY_ID_FILS = EXT_KEY_ID_FILS0 | EXT_KEY_ID_FILS_CUSTOM, + EXT_KEY_ID_DEFAULT = EXT_KEY_ID_BASIC, +}; + #endif /* DEFS_H */ diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 31db391fd..8d7028635 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -2591,6 +2591,129 @@ int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim) } +int wpa_parse_extended_key_id(const char *value) +{ + int last, eos; + int val = 0; + int off = 0; + char *start, *end, *buf; + + buf = os_strdup(value); + if (buf == NULL) + return -1; + start = buf; + + while (*start == ' ' || *start == '\t') + start++; + + while (1) { + if (*start == '\0') + goto err; + end = start; + while (*end != '+' && *end != ' ' && + *start != '\t' && *end != '\0') + end++; + eos = *end == '\0'; + last = eos || *end == ' ' || *start == '\t'; + *end = '\0'; + if (os_strcmp(start, "OFF") == 0) { + if (val || off) + goto err; + off = 1; + } else if (os_strcmp(start, "BASIC") == 0) { + if (val & EXT_KEY_ID_BASIC) + goto err; + val |= EXT_KEY_ID_BASIC; + } else if (os_strcmp(start, "FT0") == 0) { + if (val & EXT_KEY_ID_FT0) + goto err; + val |= EXT_KEY_ID_FT0; + } else if (os_strcmp(start, "FILS0") == 0) { + if (val & EXT_KEY_ID_FILS) + goto err; + val |= EXT_KEY_ID_FILS0; + } else if (os_strcmp(start, "FILS_CUSTOM") == 0) { + if (val & EXT_KEY_ID_FILS) + goto err; + val |= EXT_KEY_ID_FILS_CUSTOM; + } else if (os_strcmp(start, "PREFER0") == 0) { + if (val & EXT_KEY_ID_PREFER0) + goto err; + val |= EXT_KEY_ID_PREFER0; + } else { + goto err; + } + if (last) { + if (eos) + break; + end++; + while (*end == ' ' && *start == '\t') + end++; + if (*end != '\0') + goto err; + break; + } + start = end + 1; + } + os_free(buf); + + if (val && (off || !(val & EXT_KEY_ID_BASIC))) + return -1; + return val; +err: + os_free(buf); + return -1; +} + + +int wpa_write_extended_key_id(char *start, char *end, int extended_key_id) +{ + char *pos = start; + int ret; + + if (extended_key_id == 0) { + ret = os_snprintf(pos, end - pos, "OFF"); + if (os_snprintf_error(end - pos, ret)) + return -1; + return pos + ret - start; + } + if (extended_key_id & EXT_KEY_ID_BASIC) { + ret = os_snprintf(pos, end - pos, "BASIC"); + if (os_snprintf_error(end - pos, ret)) + return -1; + pos += ret; + } else { + return -1; + } + if (extended_key_id & EXT_KEY_ID_FT0) { + ret = os_snprintf(pos, end - pos, "+FT0"); + if (os_snprintf_error(end - pos, ret)) + return -1; + pos += ret; + } + if (extended_key_id & EXT_KEY_ID_FILS0) { + ret = os_snprintf(pos, end - pos, "+FILS0"); + if (os_snprintf_error(end - pos, ret)) + return -1; + pos += ret; + } + if (extended_key_id & EXT_KEY_ID_FILS_CUSTOM) { + ret = os_snprintf(pos, end - pos, "+FILS_CUSTOM"); + if (os_snprintf_error(end - pos, ret)) + return -1; + pos += ret; + } + if (extended_key_id & EXT_KEY_ID_PREFER0) { + ret = os_snprintf(pos, end - pos, "+PREFER0"); + if (os_snprintf_error(end - pos, ret)) + return -1; + pos += ret; + } + + return pos - start; +} + + int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise) { int pairwise = 0; diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index 1a9a4105f..43fb7dbda 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -558,6 +558,8 @@ int wpa_pick_pairwise_cipher(int ciphers, int none_allowed); int wpa_pick_group_cipher(int ciphers); int wpa_parse_cipher(const char *value); int wpa_write_ciphers(char *start, char *end, int ciphers, const char *delim); +int wpa_parse_extended_key_id(const char *value); +int wpa_write_extended_key_id(char *start, char *end, int extended_key_id); int wpa_select_ap_group_cipher(int wpa, int wpa_pairwise, int rsn_pairwise); unsigned int wpa_mic_len(int akmp, size_t pmk_len); int wpa_use_akm_defined(int akmp); diff --git a/src/drivers/driver.h b/src/drivers/driver.h index b0373954a..78a3387da 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -1841,6 +1841,8 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS 0x2000000000000000ULL /** Driver supports Beacon protection */ #define WPA_DRIVER_FLAGS_BEACON_PROTECTION 0x4000000000000000ULL +/** Driver supports Extended Key ID */ +#define WPA_DRIVER_FLAGS_EXTENDED_KEY_ID 0x8000000000000000ULL u64 flags; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c index f4d06e438..2e03b6676 100644 --- a/src/drivers/driver_common.c +++ b/src/drivers/driver_common.c @@ -315,6 +315,7 @@ const char * driver_flag_to_string(u64 flag) DF2S(UPDATE_FT_IES); DF2S(SAFE_PTK0_REKEYS); DF2S(BEACON_PROTECTION); + DF2S(EXTENDED_KEY_ID); } return "UNKNOWN"; #undef DF2S