From patchwork Wed Dec 16 11:01:40 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ilan Peer <ilan.peer@intel.com>
X-Patchwork-Id: 1417070
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=merlin.20170209 header.b=I9EBGgt5;
	dkim-atps=neutral
Received: from merlin.infradead.org (merlin.infradead.org
 [IPv6:2001:8b0:10b:1231::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4Cwsq108v6z9sSs
	for <incoming@patchwork.ozlabs.org>; Wed, 16 Dec 2020 22:10:05 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:MIME-Version:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:References:In-Reply-To:Message-Id:Date:Subject:To:
	From:Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=Rosxi1LjFkVjSI3fzIkhbRLnynbLXeNWD4GtKZozyWk=; b=I9EBGgt5f9spbnqbvjAMJg8KZf
	fjQF7hPcj6JUig9zsHycT/dGvZ+Ioe9ctRjHKosWG6gRBmgeI6I2PkxczsUd+XedmxVEZVTizuvXo
	e+kl0NwWoY2IuxDJ215sG27P6BNgSk4AuMJtawumD9kVC51nelK+jBDchaQt2f2hQVPQTfzzrGTnN
	MLe7jDWN1Alc8lOtEYwTBoO9ixNmrV4TBubrxtsWv+wuOmrYkSJeL5M8Hr5J/j1wR/R8I57PcVTE6
	m/lx8bY2YXcKYv90MN/iqt9mPSgzkKxurgk1DJQBsGdBVypRu7ZfWCxNt6YRUS0wIi9OojpN0PFWB
	uh3zFyHw==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1kpUgB-0000SC-Gu; Wed, 16 Dec 2020 11:09:11 +0000
Received: from mga09.intel.com ([134.134.136.24])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1kpUZ1-0003up-Im
 for hostap@lists.infradead.org; Wed, 16 Dec 2020 11:01:49 +0000
IronPort-SDR: 
 mI2elf+jgH8OlHm6HGDuusQ9frvi41d/e94a4ndMw4MbAmyNPr9T3VpT574hlLlLKCxdZa7bip
 SH6wmqtIX3Dg==
X-IronPort-AV: E=McAfee;i="6000,8403,9836"; a="175192476"
X-IronPort-AV: E=Sophos;i="5.78,424,1599548400"; d="scan'208";a="175192476"
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 16 Dec 2020 03:01:46 -0800
IronPort-SDR: 
 RiZ9YqQnbe70LhDEGcIB+nKQyjPU63ZnqlkbqVY3ArnjF1KPg0LGW0a0vcOLzMoRl6h1pH6UN6
 uT4VDIiNNMZw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.78,424,1599548400"; d="scan'208";a="412546021"
Received: from jed01615.jer.intel.com ([10.12.190.15])
 by orsmga001.jf.intel.com with ESMTP; 16 Dec 2020 03:01:45 -0800
From: Ilan Peer <ilan.peer@intel.com>
To: hostap@lists.infradead.org
Subject: [PATCH 4/4] WPA_AUTH: Support deriving KDK based on capabilities
Date: Wed, 16 Dec 2020 13:01:40 +0200
Message-Id: <20201216110140.8440-5-ilan.peer@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201216110140.8440-1-ilan.peer@intel.com>
References: <20201216110140.8440-1-ilan.peer@intel.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20201216_060147_813135_4B9A5CD3 
X-CRM114-Status: GOOD (  16.03  )
X-Spam-Score: -2.3 (--)
X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary:
 Content analysis details:   (-2.3 points)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
 medium trust [134.134.136.24 listed in list.dnswl.org]
 0.0 RCVD_IN_MSPIKE_H3      RBL: Good reputation (+3)
 [134.134.136.24 listed in wl.mailspike.net]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 RCVD_IN_MSPIKE_WL      Mailspike good senders
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Derive the KDK as part of PMK to PTK derivation if
forced by configuration or in case both the local
AP and the peer station declare support for secure LTF.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
---
 src/ap/wpa_auth.c      | 29 +++++++++++++++++++++--------
 src/ap/wpa_auth.h      |  2 +-
 src/ap/wpa_auth_ft.c   | 14 ++++++++++----
 src/ap/wpa_auth_glue.c |  2 +-
 4 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 73d61b9fd6..25f6c8d9fe 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2278,9 +2278,17 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
 			  struct wpa_ptk *ptk, int force_sha256)
 {
 	const u8 *z = NULL;
-	size_t z_len = 0;
+	size_t z_len = 0, kdk_len;
 	int akmp;
 
+	if (sm->wpa_auth->conf.force_kdk_derivation ||
+	    (sm->wpa_auth->conf.secure_ltf &&
+	     sm->rsnxe && sm->rsnxe_len >= 4 &&
+	     sm->rsnxe[3] & WLAN_RSNX_CAPAB_SECURE_LTF))
+		kdk_len = WPA_KDK_MAX_LEN;
+	else
+		kdk_len = 0;
+
 #ifdef CONFIG_IEEE80211R_AP
 	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
 		if (sm->ft_completed) {
@@ -2293,8 +2301,7 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
 						 ptk, ptk_name,
 						 sm->wpa_key_mgmt,
 						 sm->pairwise,
-						 sm->wpa_auth->conf.kdk ?
-						 WPA_KDK_MAX_LEN : 0);
+						 kdk_len);
 		}
 		return wpa_auth_derive_ptk_ft(sm, ptk);
 	}
@@ -2312,8 +2319,7 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
 		akmp |= WPA_KEY_MGMT_PSK_SHA256;
 	return wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
 			      sm->wpa_auth->addr, sm->addr, sm->ANonce, snonce,
-			      ptk, akmp, sm->pairwise, z, z_len,
-			      sm->wpa_auth->conf.kdk ? WPA_KDK_MAX_LEN : 0);
+			      ptk, akmp, sm->pairwise, z, z_len, kdk_len);
 }
 
 
@@ -2328,14 +2334,21 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
 	size_t ick_len;
 	int res;
 	u8 fils_ft[FILS_FT_MAX_LEN];
-	size_t fils_ft_len = 0;
+	size_t fils_ft_len = 0, kdk_len;
+
+	if (sm->wpa_auth->conf.force_kdk_derivation ||
+	    (sm->wpa_auth->conf.secure_ltf &&
+	     sm->rsnxe && sm->rsnxe_len >= 4 &&
+	     sm->rsnxe[3] & WLAN_RSNX_CAPAB_SECURE_LTF))
+		kdk_len = WPA_KDK_MAX_LEN;
+	else
+		kdk_len = 0;
 
 	res = fils_pmk_to_ptk(pmk, pmk_len, sm->addr, sm->wpa_auth->addr,
 			      snonce, anonce, dhss, dhss_len,
 			      &sm->PTK, ick, &ick_len,
 			      sm->wpa_key_mgmt, sm->pairwise,
-			      fils_ft, &fils_ft_len,
-			      sm->wpa_auth->conf.kdk ? WPA_KDK_MAX_LEN : 0);
+			      fils_ft, &fils_ft_len, kdk_len);
 	if (res < 0)
 		return res;
 	sm->PTK_valid = true;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 129c65433d..ee9f721a00 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -272,7 +272,7 @@ struct wpa_auth_config {
 	 * If set Key Derivation Key should be derived as part of PMK to
 	 * PTK derivation.
 	 */
-	int kdk;
+	int force_kdk_derivation;
 };
 
 typedef enum {
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 115a6fa2f3..6cdff65503 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -3066,7 +3066,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
 	const u8 *identity, *radius_cui;
 	size_t identity_len = 0, radius_cui_len = 0;
 	int use_sha384;
-	size_t pmk_r1_len;
+	size_t pmk_r1_len, kdk_len;
 
 	*resp_ies = NULL;
 	*resp_ies_len = 0;
@@ -3196,12 +3196,18 @@ pmk_r1_derived:
 	wpa_hexdump(MSG_DEBUG, "FT: Generated ANonce",
 		    sm->ANonce, WPA_NONCE_LEN);
 
+	if (sm->wpa_auth->conf.force_kdk_derivation ||
+	    (sm->wpa_auth->conf.secure_ltf &&
+	     sm->rsnxe && sm->rsnxe_len >= 4 &&
+	     sm->rsnxe[3] & WLAN_RSNX_CAPAB_SECURE_LTF))
+		kdk_len = WPA_KDK_MAX_LEN;
+	else
+		kdk_len = 0;
+
 	if (wpa_pmk_r1_to_ptk(pmk_r1, pmk_r1_len, sm->SNonce, sm->ANonce,
 			      sm->addr, sm->wpa_auth->addr, pmk_r1_name,
 			      &sm->PTK, ptk_name, sm->wpa_key_mgmt,
-			      pairwise,
-			      sm->wpa_auth->conf.kdk ?
-			      WPA_KDK_MAX_LEN : 0) < 0)
+			      pairwise, kdk_len) < 0)
 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
 
 	sm->pairwise = pairwise;
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 0e9b838127..74d2322ab4 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -210,7 +210,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
 #endif /* CONFIG_DPP2 */
 #ifdef CONFIG_PASN
 #ifdef CONFIG_TESTING_OPTIONS
-	wconf->kdk = conf->force_kdk_derivation;
+	wconf->force_kdk_derivation = conf->force_kdk_derivation;
 #endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_PASN */
 }