From patchwork Sat Sep 28 18:18:01 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 1168882
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=wetzel-home.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="gi9jmQwZ";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=wetzel-home.de header.i=@wetzel-home.de
	header.b="J/lRhmGe"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46gcQ52MY7z9sNk
	for <incoming@patchwork.ozlabs.org>;
	Sun, 29 Sep 2019 04:19:41 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=Tke3/Ep9cQYElhk0M1lYC/p+vJwaUa1J8bcdarHwzGU=;
	b=gi9jmQwZCqtWsI
	GX/tXw6rEz3w+3guiWEIjUpgYHGtEKCL/SzAZo7v5Q9TxKnVzarlRa7y/euvh7G/jnG4YVkrJd7co
	DdEFWlFKldene3Qv46oaFvpqKzDfhAyMHbBqcsu1ACwG2i1WPYwqCP9lR88fP9MGNq7dXS6OOcw3N
	8/tkin8qDNsDVSh8fOlRn2rOaiONDws+mfVNkQpAkrQjOJgNTSo4DNXvzh5xtdJ9LnnJvuxwBEV1V
	klH18WKnM3z7kIZAM+NeDjtZKZV5Nw+VjQVhMNthQvcQBblSKZ5K3xDChQObHRobbb/ZgvowG8+em
	GOkgaJUGtugZpqB3EsxQ==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux))
	id 1iEHJh-0001NT-82; Sat, 28 Sep 2019 18:19:37 +0000
Received: from 5.mo179.mail-out.ovh.net ([46.105.43.140])
	by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat
	Linux)) id 1iEHJL-00010P-21
	for hostap@lists.infradead.org; Sat, 28 Sep 2019 18:19:18 +0000
Received: from player792.ha.ovh.net (unknown [10.108.57.141])
	by mo179.mail-out.ovh.net (Postfix) with ESMTP id 669C5143507
	for <hostap@lists.infradead.org>;
	Sat, 28 Sep 2019 20:19:08 +0200 (CEST)
Received: from awhome.eu (p4FF9144D.dip0.t-ipconnect.de [79.249.20.77])
	(Authenticated sender: postmaster@awhome.eu)
	by player792.ha.ovh.net (Postfix) with ESMTPSA id B027DA697DC2;
	Sat, 28 Sep 2019 18:19:04 +0000 (UTC)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
	s=wetzel-home; t=1569694742;
	bh=t5gFjehdROo9jrhN7icf4WLDsXkjOnGRnHlej90/6AA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=J/lRhmGepc0eiipiRUNnUO3BpJ8EYsjqVYozdbDwDrThyS/8Ig8vdMMl9toLZKpz2
	P88s6uqsYohW3xZDMapQ7dSVMScu8u/fGWUiyLD5a4vK+BBYBxMa7fctwS4o+GFgQ3
	6akSYl3beZB99ohCN3ugLnvmU77er/eoZfpvIJkM=
To: j@w1.fi
Subject: [PATCH v6a 1/7] Fixes for hostapd: Set the correct key_type for key
	installs
Date: Sat, 28 Sep 2019 20:18:01 +0200
Message-Id: <20190928181807.180530-2-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190928181807.180530-1-alexander@wetzel-home.de>
References: <20190928181807.180530-1-alexander@wetzel-home.de>
MIME-Version: 1.0
X-Ovh-Tracer-Id: 11825326722921209084
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedufedrfeekgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190928_111915_390554_DD30F8A2 
X-CRM114-Status: GOOD (  12.15  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [46.105.43.140 listed in list.dnswl.org]
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Alexander Wetzel <alexander@wetzel-home.de>, hostap@lists.infradead.org,
	luca@coelho.fi, johannes@sipsolutions.net
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This is a correction on top of:
 [PATCH v6 05/17] hostapd: Set the correct key_type for key installs

Changes:
 - Change one wrong key_types to the correct one

The original commit message also is wrong. It should be:

In addition to the set_tx boolean this also sets the corresponding
new variable key_type for all key installs.

Till set_tx is dropped drivers can use either set_tx or key_type,
allowing a seamless migration to key_type.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 src/ap/ieee802_1x.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index b45eef94b..2f2099dc7 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -286,7 +286,7 @@ static void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
 		if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
 					sta->addr, 0, NULL, 0, ikey,
 					hapd->conf->individual_wep_key_len,
-					KEY_TYPE_DEFAULT)) {
+					KEY_TYPE_PAIRWISE)) {
 			wpa_printf(MSG_ERROR,
 				   "Could not set individual WEP encryption");
 		}

From patchwork Sat Sep 28 18:18:02 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 1168880
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=wetzel-home.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="c5gRDDzz";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=wetzel-home.de header.i=@wetzel-home.de
	header.b="Y/DfrEuO"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46gcPl5cSZz9sNk
	for <incoming@patchwork.ozlabs.org>;
	Sun, 29 Sep 2019 04:19:23 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=J20KZKaP/8m5oSXcmiF4zYWIBPf0qA8HWgJ4Ads070c=;
	b=c5gRDDzz4uEOb9
	sXggFoDk+fQiInW/OJbMDC+O6rnLHiRSybD/UKVe+pdp/OBM7DsYQ6fGC9iybgC1zgB+tgxtVXAkM
	O1IRVwVS125S9J/OwOCCR8gM23MukaHQT0eeDdKnfV7o6rGSXVU/pp8AfnA2g5WReFq5T/fmKfEIk
	KiFaSBDcUqUNDFedfqldDjkeYgzKumIkmCifICdCpIWBNm/amLdHo3zVbgbY5GnbqkzOdwL+rxoso
	hROo3CC2AsurkLGvZyAVWkAkZShx2UY6+C1GYTqtLzdN0NKcwDAoITBbdpV6uNpzbKJElE9qeeHuh
	Wlv/X545V4b/k8zB9+Bg==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux))
	id 1iEHJO-00012h-OH; Sat, 28 Sep 2019 18:19:18 +0000
Received: from 13.mo7.mail-out.ovh.net ([87.98.150.175])
	by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat
	Linux)) id 1iEHJL-00010O-21
	for hostap@lists.infradead.org; Sat, 28 Sep 2019 18:19:17 +0000
Received: from player794.ha.ovh.net (unknown [10.109.160.244])
	by mo7.mail-out.ovh.net (Postfix) with ESMTP id 24000133C6E
	for <hostap@lists.infradead.org>;
	Sat, 28 Sep 2019 20:19:09 +0200 (CEST)
Received: from awhome.eu (p4FF9144D.dip0.t-ipconnect.de [79.249.20.77])
	(Authenticated sender: postmaster@awhome.eu)
	by player794.ha.ovh.net (Postfix) with ESMTPSA id B0F74A4EF617;
	Sat, 28 Sep 2019 18:19:03 +0000 (UTC)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
	s=wetzel-home; t=1569694743;
	bh=fE64GKyNDX6Gi6pkEHu3ie2jKUHSn2ny1L2l6UnDVCI=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Y/DfrEuOdVaKjy6NG5tji8Hj16O4jxBUbuz9HU3qo2iLoUKA3qPycRd9ui0IT1Cqu
	thl1/SSaCk6rF25JrxS/jG+YiuIJJjd/7UbMG78xT1HFQIwCZlRzEdPhAqw7+v/pLu
	lSwEtvEW4JdIM2xkIXwINNPD+31bgQkQ38IdwUXA=
To: j@w1.fi
Subject: [PATCH v6a 2/7] Fixes for wpa_supplicant: Set the correct key_type
	for key installs
Date: Sat, 28 Sep 2019 20:18:02 +0200
Message-Id: <20190928181807.180530-3-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190928181807.180530-1-alexander@wetzel-home.de>
References: <20190928181807.180530-1-alexander@wetzel-home.de>
MIME-Version: 1.0
X-Ovh-Tracer-Id: 11825326723599506684
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedufedrfeekgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190928_111915_388849_F66FAB96 
X-CRM114-Status: GOOD (  13.73  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [87.98.150.175 listed in list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Alexander Wetzel <alexander@wetzel-home.de>, hostap@lists.infradead.org,
	luca@coelho.fi, johannes@sipsolutions.net
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This is a correction on top of:
 [PATCH v6 06/17] wpa_supplicant: Set the correct key_type for key
 installs

Changes:
 - Changes some wrong key_types to the correct ones

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---

I found another wrong key type we have not yet discussed.
But since we already agreed for hostapd to use KEY_TYPE_PAIRWISE instead
of KEY_TYPE_DEFAULT when using "unicast" keys we also have to use
KEY_TYPE_PAIRWISE in wpa_eapol_set_wep_key() when installing a unicast
WEP key.

(Actually the new code blocking default keys to be used for pairwise
keys found that for me)

I'm also still using "0" as key_type when it's not applicable, like for
PMK keys. This is of course identical to KEY_TYPE_BROADCAST for the
code. I don't see any real down sides here, but we could of course just
add KEY_TYPE_UNUSED for 0 and shift all other types up by one.
(Just adding KEY_TYPE_UNUSED to the enum should do the trick.)

 wpa_supplicant/wpa_supplicant.c | 2 +-
 wpa_supplicant/wpas_glue.c      | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index ab1064445..d3684fa1b 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -203,7 +203,7 @@ int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
 	 * and RX from each STA.. */
 
 	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, seq, 6, key, keylen,
-			      KEY_TYPE_BROADCAST);
+			      KEY_TYPE_DEFAULT);
 	os_memset(key, 0, sizeof(key));
 	return ret;
 }
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 7b8254ff7..81f5bdb0b 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -243,7 +243,8 @@ static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
 	return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
 			       unicast ? wpa_s->bssid : NULL,
 			       keyidx, NULL, 0, key, keylen,
-			       unicast ? KEY_TYPE_DEFAULT : KEY_TYPE_BROADCAST);
+			       unicast ? KEY_TYPE_PAIRWISE :
+					 KEY_TYPE_BROADCAST);
 }
 
 
@@ -342,7 +343,7 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
 			"handshake", pmk, pmk_len);
 
 	if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, NULL, 0, pmk,
-			    pmk_len, KEY_TYPE_BROADCAST)) {
+			    pmk_len, 0)) {
 		wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");
 	}
 

From patchwork Sat Sep 28 18:18:03 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 1168881
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=wetzel-home.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="A4GFJoAX";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=wetzel-home.de header.i=@wetzel-home.de
	header.b="WUt/3DKa"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46gcPq0VZSz9sPJ
	for <incoming@patchwork.ozlabs.org>;
	Sun, 29 Sep 2019 04:19:27 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=s64VJ1970imt+U2uCX7REo8o9fr29fTkUzMSA+OFsKU=;
	b=A4GFJoAXkkjuhu
	9q67YMx5zYSgHeQzv5m50fl6DCsSnegYX/cblu239ZsWyZqrogtt6FakXsrEDNePgn2WPcvKwfAfV
	KtPWxqvP5H/uiD7HJMMjgzj8648mmSdA4TYnuvknCwQpZIkTU4TZGGMPCDU1mcoM+HjHtyEsXRqTy
	vr2BbnUAO0QJqGRywFKDeCo3m9T7d3FGrpr8Hh+4WFY4YO5EpAZw3u6zubfDFKNbM02sorBywrvIB
	Jtm8N6rpOAnmvj1N9YVFlKlNO0C7a4M3WX33OueDVHoUPA4hnE8Nkb6Js9Uum60L2dByGnXPqbIUu
	B6u6TA10PM3z0G82L3RA==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux))
	id 1iEHJT-00017D-8y; Sat, 28 Sep 2019 18:19:23 +0000
Received: from 13.mo7.mail-out.ovh.net ([87.98.150.175])
	by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat
	Linux)) id 1iEHJL-00010N-20
	for hostap@lists.infradead.org; Sat, 28 Sep 2019 18:19:17 +0000
Received: from player737.ha.ovh.net (unknown [10.108.54.108])
	by mo7.mail-out.ovh.net (Postfix) with ESMTP id 54BBA133BF7
	for <hostap@lists.infradead.org>;
	Sat, 28 Sep 2019 20:19:08 +0200 (CEST)
Received: from awhome.eu (p4FF9144D.dip0.t-ipconnect.de [79.249.20.77])
	(Authenticated sender: postmaster@awhome.eu)
	by player737.ha.ovh.net (Postfix) with ESMTPSA id 91988E7012F;
	Sat, 28 Sep 2019 18:19:04 +0000 (UTC)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
	s=wetzel-home; t=1569694743;
	bh=JeoCICyUQ6MQGa/UrL/ZgFtIdAha29NJUfDr4/6nBNA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=WUt/3DKalEE0NtW0upUi14Y4wo1KjaXLPlhyKLJS5rMLsSoK97cl7ycPXJwK2pwzz
	Y3JDknLSy/3qE2BRhjdjrFzRvU2Qa5O67aJBEfbrEnmZElBwMWyWr0SCJ7IPWmPCkB
	Ie6yGD/OgrwdsM6Z7OE2FE8HICOcJ95dI2th6X0Y=
To: j@w1.fi
Subject: [PATCH v6a 3/7] Fixes for nl80211: Switch to the new key_type API &
	cleanup
Date: Sat, 28 Sep 2019 20:18:03 +0200
Message-Id: <20190928181807.180530-4-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190928181807.180530-1-alexander@wetzel-home.de>
References: <20190928181807.180530-1-alexander@wetzel-home.de>
MIME-Version: 1.0
X-Ovh-Tracer-Id: 11825326722076581116
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedufedrfeekgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190928_111915_388527_B9174D65 
X-CRM114-Status: GOOD (  13.11  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [87.98.150.175 listed in list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Alexander Wetzel <alexander@wetzel-home.de>, hostap@lists.infradead.org,
	luca@coelho.fi, johannes@sipsolutions.net
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This is a correction on top of:
 [PATCH v6 08/17] nl80211: Switch to the new key_type API & cleanup

Changes:
 - Default Keys must always be either WEP or WPA-NONE Keys:
   Instead of ignoring the KEY_TYPE_DEFAULT for Pairwise keys refuse to
   install this combination
 - Replace need_set_key with skip_set_key and invert the logic
 - Debug logging message updated

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 src/drivers/driver_nl80211.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 81c036e81..1c939e142 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3014,7 +3014,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 	struct nl_msg *msg;
 	struct nl_msg *key_msg;
 	struct nlattr *types;
-	int need_set_key = 0;
+	int skip_set_key = 1;
 	int ret;
 
 	/* Ignore for P2P Device */
@@ -3091,17 +3091,22 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 				       NL80211_KEY_SET_TX))
 				goto fail;
 		} else if (alg != WPA_ALG_WEP &&
-			   key_type != KEY_TYPE_PAIRWISE) {
+			   key_type == KEY_TYPE_BROADCAST) {
 			wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
 			if (nla_put_u32(key_msg, NL80211_KEY_TYPE,
 					NL80211_KEYTYPE_GROUP))
 				goto fail;
+		} else if (key_type == KEY_TYPE_DEFAULT) {
+			/* We don't need or handle Pairwise Default Keys */
+			wpa_printf(MSG_ERROR,
+				   "Can't set a Pairwise key as default key.");
+			goto fail;
 		}
 	} else if (alg != WPA_ALG_NONE) {
 		/* Default (WEP, GTK or IGTK) key */
 		if (alg != WPA_ALG_WEP || key_type == KEY_TYPE_DEFAULT) {
 			wpa_printf(MSG_DEBUG, "   require SET_KEY");
-			need_set_key = 1;
+			skip_set_key = 0;
 		}
 	}
 	if (nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
@@ -3122,7 +3127,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 	 * If we failed or don't need to set the key as default (below),
 	 * we're done here.
 	 */
-	if (ret || !need_set_key)
+	if (ret || skip_set_key)
 		return ret;
 
 	key_msg = nlmsg_alloc();
@@ -3149,11 +3154,8 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 			goto fail;
 		nla_nest_end(key_msg, types);
 	} else if (!addr) {
-		wpa_printf(MSG_DEBUG, "   WEP key");
+		wpa_printf(MSG_DEBUG, "   WEP/WPA-NONE default key");
 	} else {
-		/* need_set_key must only be set for
-		 * zero or broadcast addresses
-		 */
 		wpa_printf(MSG_ERROR,
 			   "Unicast key when not expecting one, abort!");
 		goto fail;

From patchwork Sat Sep 28 18:18:04 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 1168883
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=wetzel-home.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="Qd28naru";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=wetzel-home.de header.i=@wetzel-home.de
	header.b="sKs4YFDY"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46gcQM4nCsz9sNk
	for <incoming@patchwork.ozlabs.org>;
	Sun, 29 Sep 2019 04:19:55 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=y8wgBAL1pAGyWXcfVRb+2GRGLs/j4w4lyX7cxYmaCtQ=;
	b=Qd28narukhB91G
	XExOT6P6jxkfXTizl2HmsBrR72TAtN4ZDeyUeML13a/XIfJ7aropfLGbGgH9YpaqLfTNFcS3ublYM
	olfRUvZs65mZ21FKVBlQ8kODViwDtGuVrF7Om51VlTYpmaBDFDsL6Ua8sgC9hoA1icma77kJKOSrx
	9I+qbi2x/wq2uDhqpjKzsPTMskie7YzYYBysWozC+oCxU6qsiPK4vTNuYbcKrGgh7i2r1CVHXtkQQ
	sfl4zqE++wAAN7to7idGMX/guJqOgTq573QpL8VHtuW1oUJXy0VfFpYKqg1hOtqeiSrmxSUtqsG0/
	mnieOFx8K13t5M/eL6fw==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux))
	id 1iEHJv-0001bB-Ov; Sat, 28 Sep 2019 18:19:51 +0000
Received: from 3.mo178.mail-out.ovh.net ([46.105.44.197])
	by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat
	Linux)) id 1iEHJL-00010S-UG
	for hostap@lists.infradead.org; Sat, 28 Sep 2019 18:19:19 +0000
Received: from player776.ha.ovh.net (unknown [10.108.57.53])
	by mo178.mail-out.ovh.net (Postfix) with ESMTP id 6AC4476428
	for <hostap@lists.infradead.org>;
	Sat, 28 Sep 2019 20:19:09 +0200 (CEST)
Received: from awhome.eu (p4FF9144D.dip0.t-ipconnect.de [79.249.20.77])
	(Authenticated sender: postmaster@awhome.eu)
	by player776.ha.ovh.net (Postfix) with ESMTPSA id 912AEA50F54F;
	Sat, 28 Sep 2019 18:19:03 +0000 (UTC)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
	s=wetzel-home; t=1569694743;
	bh=g1EVvZ89fjNFTiYyykFiNXXEtVrZX5chGHIHDdegf48=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=sKs4YFDYuh0EcgwRvULNy2cEc6/SPY1j5OfV836R2q1+qdOSS8dndrBVRt7mTsgZy
	s5wLoG7hXA0G8alV41tUt/YU6dRQ7Sp8rCfOU9HuM+drKr/xbkYD0ccqTS3aLlzEmj
	ma2olg7NG547c/BBk++w9d0ysd176zGa2Ev9zEeU=
To: j@w1.fi
Subject: [PATCH v6a 4/7] Fixes for hostapd: Add support for Extended Key ID
Date: Sat, 28 Sep 2019 20:18:04 +0200
Message-Id: <20190928181807.180530-5-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190928181807.180530-1-alexander@wetzel-home.de>
References: <20190928181807.180530-1-alexander@wetzel-home.de>
MIME-Version: 1.0
X-Ovh-Tracer-Id: 11825326722827754748
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedufedrfeekgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190928_111916_119637_F3580CF6 
X-CRM114-Status: GOOD (  15.06  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [46.105.44.197 listed in list.dnswl.org]
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Alexander Wetzel <alexander@wetzel-home.de>, hostap@lists.infradead.org,
	luca@coelho.fi, johannes@sipsolutions.net
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This is a correction on top of:
[PATCH v6 10/17] hostapd: Add support for Extended Key ID

Changes:
 - Fix too wide bit masks. Which are not really needed but
   already in use for GTK key IDs. (We could drop them all)
 - merge TKIP handling into handle_extended_key_id()
 - Check configuration settings and disable Extended key ID when
   configuration settings don't allow it.
 - Which allows us to drop some tests from handle_extended_key_id()
 - Update log/debug messages (some needed for tests)

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 src/ap/ap_config.c     |  2 +-
 src/ap/wpa_auth.c      |  2 +-
 src/ap/wpa_auth_glue.c | 15 +++------------
 src/ap/wpa_auth_ie.c   | 33 ++++++++++++++++++++-------------
 4 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index a7b91fad8..c080f7064 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -1099,7 +1099,7 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
 	      bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
 				   WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256))) {
 		wpa_printf(MSG_ERROR,
-			   "Extended Key ID support requires wpa2 and CCMP/GCMP");
+			   "Extended Key ID support requires WPA2 and CCMP/GCMP, disabling it");
 		bss->wpa_extended_key_id = 0;
 	}
 
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 1ecb9b491..26725a7df 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -5095,7 +5095,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
 	hdr[1] = 0;
 
 	if (sm->use_extended_key_id) {
-		hdr[0] = sm->keyidx_active & 0x03;
+		hdr[0] = sm->keyidx_active & 0x01;
 		pos = wpa_add_kde(pos, RSN_KEY_DATA_KEYID, hdr, 2, NULL, 0);
 	}
 
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 5a55f799c..f45443257 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1307,21 +1307,12 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
 		_conf.ap_mlme = 1;
 
 	if (_conf.wpa_extended_key_id) {
-		if (_conf.wpa & WPA_PROTO_RSN &&
-		    _conf.rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
-					   WPA_CIPHER_GCMP_256 |
-					   WPA_CIPHER_CCMP_256) &&
-		    hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID) {
+		if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID) {
 			wpa_msg(hapd->msg_ctx, MSG_INFO,
 				"Enable Extended Key ID support");
 		} else {
-			if (!(hapd->iface->drv_flags &
-			      WPA_DRIVER_FLAGS_EXTENDED_KEY_ID))
-				wpa_msg(hapd->msg_ctx, MSG_INFO,
-					"Extended Key ID not supported by driver");
-			else
-				wpa_msg(hapd->msg_ctx, MSG_INFO,
-					"Extended Key ID requires wpa2 and CCMP/GCMP");
+			wpa_msg(hapd->msg_ctx, MSG_INFO,
+				"Extended Key ID not supported by driver");
 			_conf.wpa_extended_key_id = 0;
 		}
 	} else if (_conf.wpa & WPA_PROTO_RSN) {
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 2e3204f5d..e914c5587 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -538,21 +538,34 @@ int handle_extended_key_id(struct wpa_state_machine *sm, int capabilities)
 	struct wpa_auth_config *conf = &sm->wpa_auth->conf;
 
 	if (conf->wpa_extended_key_id &&
+	    sm->pairwise != WPA_CIPHER_TKIP &&
 	    capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST) {
 		if (!sm->use_extended_key_id && sm->pairwise_set) {
-			wpa_printf(MSG_DEBUG,
-				   "Can only enable Extended Key ID on initial connect");
+			wpa_printf(MSG_ERROR, "STA " MACSTR
+				   " tries to start using Extended Key ID on rekey",
+				   MAC2STR(sm->addr));
 			return -1;
 		} else if (!sm->use_extended_key_id) {
+			wpa_printf(MSG_DEBUG, "STA " MACSTR
+				   " supports Extended Key ID",
+				   MAC2STR(sm->addr));
 			sm->use_extended_key_id = TRUE;
 			sm->keyidx_active = 1;
+		} else if (!sm->pairwise_set) {
+			wpa_printf(MSG_DEBUG, "STA " MACSTR
+				   " is not supporting Extended Key ID",
+				   MAC2STR(sm->addr));
 		}
 	} else {
 		if (sm->use_extended_key_id && sm->pairwise_set) {
-			wpa_printf(MSG_DEBUG,
-				   "Already using Extended Key ID, can't stop");
+			wpa_printf(MSG_ERROR, "STA " MACSTR
+				   " is using Extended Key ID, can't rekey without it",
+				   MAC2STR(sm->addr));
 			return -1;
-		} else if (sm->use_extended_key_id) {
+		} else if (!sm->pairwise_set) {
+			wpa_printf(MSG_DEBUG, "STA " MACSTR
+				   " can't use Extended Key ID support",
+				   MAC2STR(sm->addr));
 			sm->use_extended_key_id = FALSE;
 			sm->keyidx_active = 0;
 		}
@@ -834,8 +847,6 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 		    return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
 	}
 
-	if (handle_extended_key_id(sm, data.capabilities))
-		return WPA_INVALID_IE;
 #ifdef CONFIG_IEEE80211R_AP
 	if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
 		if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
@@ -885,12 +896,8 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
 	else
 		sm->wpa = WPA_VERSION_WPA;
 
-	/* Extended Key ID must not be used for TKIP */
-	if (sm->use_extended_key_id && sm->pairwise == WPA_CIPHER_TKIP) {
-		sm->use_extended_key_id = FALSE;
-		sm->keyidx_active = 0;
-	}
-
+	if (handle_extended_key_id(sm, data.capabilities))
+		return WPA_INVALID_IE;
 
 #if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
 	if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||

From patchwork Sat Sep 28 18:18:05 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 1168884
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=wetzel-home.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="uJkfCLdm";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=wetzel-home.de header.i=@wetzel-home.de
	header.b="ZVgbs6eA"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46gcQc5zQJz9sPY
	for <incoming@patchwork.ozlabs.org>;
	Sun, 29 Sep 2019 04:20:08 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=8tM6mfZLVrp3PYS43RwnUURBUwK22e3BmN75X4vXuOM=;
	b=uJkfCLdmbau+cf
	S0eFHLVqGEZxg/z+UHS6SgsmPAv8yGvhAE7l9IW6AnonkyPbuunQLQ19mTw1GOJiLIeGja7yVR8yI
	C7V2CoyesI4ouSm+WsbuXSPn++QjZQSkerapSmS7NUvKN6FS3ZmepVoapPNzvqGQZmTg/KJwW5yQI
	e0fL1H2oMDncFCDx7Uv0Pz/2z1WvHBI8fN+ThJa8iJXuzgMmTmukp/yZX6X2ONi9nMVXulE2JsWFv
	1CZ1cPsvxTBahTyBy5KAGUKQaZZKmw7toJY8yrx1rbnOHfc1WzvtGrSKTgtby0VkRAUEhz37+bK9d
	E7tgfeClscD/XB0wL2NA==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux))
	id 1iEHK9-00021h-AF; Sat, 28 Sep 2019 18:20:05 +0000
Received: from 16.mo1.mail-out.ovh.net ([178.33.104.224])
	by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat
	Linux)) id 1iEHJL-00010f-V5
	for hostap@lists.infradead.org; Sat, 28 Sep 2019 18:19:19 +0000
Received: from player776.ha.ovh.net (unknown [10.109.160.251])
	by mo1.mail-out.ovh.net (Postfix) with ESMTP id D4937190E37
	for <hostap@lists.infradead.org>;
	Sat, 28 Sep 2019 20:19:11 +0200 (CEST)
Received: from awhome.eu (p4FF9144D.dip0.t-ipconnect.de [79.249.20.77])
	(Authenticated sender: postmaster@awhome.eu)
	by player776.ha.ovh.net (Postfix) with ESMTPSA id 835CBA50F559;
	Sat, 28 Sep 2019 18:19:08 +0000 (UTC)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
	s=wetzel-home; t=1569694743;
	bh=jzy9wg5wpbzypP65/RcFXdw2zTByK6H3xMV9v3Rv/IE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=ZVgbs6eAjTkruQ5QWlVQnGenNAPImKzZivzv1tsEVxk4D+hY+wsPU4FS+WjdEy102
	PD/D6rCxX4fvHzHIlaPoJvoI8n9UQr2WkcWMeS5pxq6PrMBuQOBYziefKQmOaa8MJl
	z38Q+nS6+qDtF/ZV+bHYXSAQ80K8e0CM+sg+jPAI=
To: j@w1.fi
Subject: [PATCH v6a 5/7] Fixes for wpa_supplicant: AP Extended Key ID support
Date: Sat, 28 Sep 2019 20:18:05 +0200
Message-Id: <20190928181807.180530-6-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190928181807.180530-1-alexander@wetzel-home.de>
References: <20190928181807.180530-1-alexander@wetzel-home.de>
MIME-Version: 1.0
X-Ovh-Tracer-Id: 11826171146665270524
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedufedrfeekgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190928_111916_146886_A523CD43 
X-CRM114-Status: UNSURE (   8.80  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [178.33.104.224 listed in list.dnswl.org]
	-0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
	[178.33.104.224 listed in wl.mailspike.net]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Alexander Wetzel <alexander@wetzel-home.de>, hostap@lists.infradead.org,
	luca@coelho.fi, johannes@sipsolutions.net
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This is a correction on top of:
 [PATCH v6 11/17] wpa_supplicant: AP Extended Key ID support

Changes:
 - Only enable Extended Key ID support when it actually can be used
 - and make this log message level info instead of debug

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 wpa_supplicant/wpa_supplicant.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index d3684fa1b..b073eccd3 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1244,8 +1244,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
 	const u8 *bss_wpa, *bss_rsn, *bss_osen;
 
 	if (ssid->mode == WPAS_MODE_INFRA && ssid->wpa_extended_key_id &&
+	    ssid->proto & WPA_PROTO_RSN &&
+	    ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
+				     WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256) &&
 	    wpa_s->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID) {
-		wpa_msg(wpa_s, MSG_DEBUG, "Enable Extended Key ID support");
+		wpa_msg(wpa_s, MSG_INFO, "Enable Extended Key ID support");
 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXTENDED_KEY_ID, 1);
 	} else {
 		if (ssid->wpa_extended_key_id)

From patchwork Sat Sep 28 18:18:06 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 1168885
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=wetzel-home.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="DWO9zSag";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=wetzel-home.de header.i=@wetzel-home.de
	header.b="jtNwI7uq"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46gcQs5rBDz9sPQ
	for <incoming@patchwork.ozlabs.org>;
	Sun, 29 Sep 2019 04:20:21 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=4rruGSPBG1YzZY/9URSNGTQCGl7oz3c5Sz8SxLj/zNI=;
	b=DWO9zSag+AQ8Jw
	Hbf6j5Sq0sCZ/Ap0VjhhcKCNqwzUSP0muUINDknc5vNKGsRpOUbu5HR+tkTa0YuJu6IhSDkp6PMD7
	lXrnCyQ85zQ5CUalGaxH5U7jRbxjlNZQ4M3Y9Vwqw7SfBFALl8cs2nL43AzES6r+cg9ExDTEh3y8b
	/uBk5D8feBqt+pq7WQT9Eic8ISgeQ2UgvLlswm4cw4ZwAXohTovK4SgKi/dIOrzjf/bS8qjDQXhtv
	+xFPEG4O5hzMROS18x8N9+HKUeQu8TK75fJkLhQTf+QBTxliRIB7RKDjIOXXTDAwKIHZvrqJCAZs9
	JztMTUTJoGmR8CmjjITA==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux))
	id 1iEHKL-0003Ar-KQ; Sat, 28 Sep 2019 18:20:17 +0000
Received: from 19.mo4.mail-out.ovh.net ([87.98.179.66])
	by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat
	Linux)) id 1iEHJL-00010e-Se
	for hostap@lists.infradead.org; Sat, 28 Sep 2019 18:19:19 +0000
Received: from player738.ha.ovh.net (unknown [10.109.143.249])
	by mo4.mail-out.ovh.net (Postfix) with ESMTP id 0FE8F207EAF
	for <hostap@lists.infradead.org>;
	Sat, 28 Sep 2019 20:19:11 +0200 (CEST)
Received: from awhome.eu (p4FF9144D.dip0.t-ipconnect.de [79.249.20.77])
	(Authenticated sender: postmaster@awhome.eu)
	by player738.ha.ovh.net (Postfix) with ESMTPSA id 929DEA75DF0C;
	Sat, 28 Sep 2019 18:19:08 +0000 (UTC)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
	s=wetzel-home; t=1569694743;
	bh=NZmF35SU3rrFG5I/22hRtPnXE5V3z1t0MqYFW0TRHTg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=jtNwI7uqOiZsP0Vn778Td4qoSaTKLl2sGEKMV6YeCo32dT63cXltj2MiTpoNUjPii
	ed+gmrA2q52leHNuUKma5I6qztboCqe1JAxUJDQGZndNNUjPk1XU+P0B1VhFpNaazd
	Vgn3CwbbmdcNJRdQduq3sdDnQu36OJr60PytuqYk=
To: j@w1.fi
Subject: [PATCH v6a 6/7] Fixes for tests: Extended Key ID tests
Date: Sat, 28 Sep 2019 20:18:06 +0200
Message-Id: <20190928181807.180530-7-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190928181807.180530-1-alexander@wetzel-home.de>
References: <20190928181807.180530-1-alexander@wetzel-home.de>
MIME-Version: 1.0
X-Ovh-Tracer-Id: 11826171147899641084
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedufedrfeekgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190928_111916_063371_7CFC7DA6 
X-CRM114-Status: GOOD (  10.44  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [87.98.179.66 listed in list.dnswl.org]
	-0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
	[87.98.179.66 listed in wl.mailspike.net]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Alexander Wetzel <alexander@wetzel-home.de>, hostap@lists.infradead.org,
	luca@coelho.fi, johannes@sipsolutions.net
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This is a correction on top of:
 [PATCH v6 12/17] tests: Extended Key ID tests

Changes:
 - Verify a TKIP only AP is not using Extended Key ID.
 - Tune the Extended Key ID detection
 - Adaptions to the log behavior changes by another patch
   (Fixes for hostapd: Add support for Extended Key ID)

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 tests/hwsim/hostapd.py     | 13 ++++++-------
 tests/hwsim/test_ap_psk.py | 10 ++++++++++
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/tests/hwsim/hostapd.py b/tests/hwsim/hostapd.py
index c8021ffcc..d6d0bed37 100644
--- a/tests/hwsim/hostapd.py
+++ b/tests/hwsim/hostapd.py
@@ -555,17 +555,16 @@ def add_ap(apdev, params, wait_enabled=True, no_enable=False, timeout=30,
             return hapd
         hapd.enable()
         if wait_enabled:
-            if "wpa" in params and params["wpa"]  == "2":
-                ev = hapd.wait_event(["Extended Key ID"], timeout=5)
-                if ev is None or "requires wpa2" in ev:
-                    hapd.extKeyID = "unused"
-                elif "not supported" in ev:
+            ev = hapd.wait_event(["Extended Key ID",
+                                  "AP-ENABLED", "AP-DISABLED"], timeout=timeout)
+            if "Extended Key ID" in ev:
+                if "not supported" in ev:
                     hapd.extKeyID = "auto-off"
-                elif "disabled" in ev:
+                elif "support disabled" in ev:
                     hapd.extKeyID = "force-off"
                 else:
                     hapd.extKeyID = "auto-on"
-            ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=timeout)
+                ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=timeout)
             if ev is None:
                 raise Exception("AP startup timed out")
             if "AP-ENABLED" not in ev:
diff --git a/tests/hwsim/test_ap_psk.py b/tests/hwsim/test_ap_psk.py
index 78dc7a662..6be9b19f8 100644
--- a/tests/hwsim/test_ap_psk.py
+++ b/tests/hwsim/test_ap_psk.py
@@ -3377,6 +3377,16 @@ def test_ap_wpa2_ptk_extended_key_id_compat_sta(dev, apdev):
     dev[0].reset()
 
 def test_ap_wpa2_ptk_extended_key_id_tkip(dev, apdev):
+    """Extended Key ID with TKIP only AP"""
+    ssid = "test-wpa2-psk"
+    passphrase = 'qwertyuiop'
+    params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase)
+    params["rsn_pairwise"] = "TKIP"
+    hapd = hostapd.add_ap(apdev[0], params)
+    if hapd.extKeyID != "force-off":
+        raise Exception("Extended Key ID support not disabled for TKIP only AP")
+
+def test_ap_wpa2_ptk_extended_key_id_tkip_sta(dev, apdev):
     """Extended Key ID WPA2-PSK AP and station using WPA2 with TKIP only"""
     ssid = "test-wpa2-psk"
     passphrase = 'qwertyuiop'

From patchwork Sat Sep 28 18:18:07 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 1168887
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=wetzel-home.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="Rp7GpLle";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=wetzel-home.de header.i=@wetzel-home.de
	header.b="jQZQBo6r"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 46gcRH6X9Cz9sPS
	for <incoming@patchwork.ozlabs.org>;
	Sun, 29 Sep 2019 04:20:43 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=AblqwXYcNN72aOVZYAH6ZbYsu83Ru/gDM3oy9nffOFU=;
	b=Rp7GpLlemRnGTj
	HIWskhMveVAUJkE7QDSviMY5J8iX5dfvIrxCLswqX+DLGOUKmzWlN/tq0gDFBZ2BHAj7gDLJWeLVj
	Pytn2vpHncFY3Sc3q3pnBZzdhMVNHoIyXR7in4dzEHjnpD2urmmR4ESBse7RDJDoewZN28xHspTUj
	OC9ZqNMfgqut/TzWgBL4+/FRsDp6emXj4TAMRqVTTA08MjRdYO2iB/DnGqCvPOLR1eIe07CmCZu07
	QT9EgdGvtjVcbEAYCg7Oxm1wtPl8KjZJnk5sN0jSXTWBGKQ+Ug0cfb/F8ZjUbc2UVh7GSMcLJqId/
	Ms0b7Jk4unKzN4/6nxzg==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92.2 #3 (Red Hat Linux))
	id 1iEHKh-0003Wy-OV; Sat, 28 Sep 2019 18:20:39 +0000
Received: from 16.mo1.mail-out.ovh.net ([178.33.104.224])
	by bombadil.infradead.org with esmtps (Exim 4.92.2 #3 (Red Hat
	Linux)) id 1iEHJL-00010g-V4
	for hostap@lists.infradead.org; Sat, 28 Sep 2019 18:19:20 +0000
Received: from player758.ha.ovh.net (unknown [10.109.146.131])
	by mo1.mail-out.ovh.net (Postfix) with ESMTP id 68E51190E68
	for <hostap@lists.infradead.org>;
	Sat, 28 Sep 2019 20:19:12 +0200 (CEST)
Received: from awhome.eu (p4FF9144D.dip0.t-ipconnect.de [79.249.20.77])
	(Authenticated sender: postmaster@awhome.eu)
	by player758.ha.ovh.net (Postfix) with ESMTPSA id DC606A5F3320;
	Sat, 28 Sep 2019 18:19:08 +0000 (UTC)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
	s=wetzel-home; t=1569694743;
	bh=R4xsUrarYORPYTmidN0594NKek81FI8L9/aHnUOgx0Q=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=jQZQBo6rmy+l2RiM8leRKTAIOTRrOpjP1KdhGF9ABY62LwSiC//JdNMnTWTHMcoHL
	hVe0BfoV01y777yc0GvB+8FMsacvdv4qmRzzoZTJATKsXiyNSGoUXTQ8F1Vx0r37mA
	tLon6GfAm3RpZFMpzzeLr7QyycGer/wEZm51nThw=
To: j@w1.fi
Subject: [PATCH v6a 7/7] Fixes for wpa_supplicant: FILS Extended Key ID
	support
Date: Sat, 28 Sep 2019 20:18:07 +0200
Message-Id: <20190928181807.180530-8-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.23.0
In-Reply-To: <20190928181807.180530-1-alexander@wetzel-home.de>
References: <20190928181807.180530-1-alexander@wetzel-home.de>
MIME-Version: 1.0
X-Ovh-Tracer-Id: 11826452625670872316
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedufedrfeekgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenuc
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190928_111916_147706_9F56FF39 
X-CRM114-Status: GOOD (  10.84  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_MSPIKE_H2      RBL: Average reputation (+2)
	[178.33.104.224 listed in wl.mailspike.net]
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [178.33.104.224 listed in list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Alexander Wetzel <alexander@wetzel-home.de>, hostap@lists.infradead.org,
	luca@coelho.fi, johannes@sipsolutions.net
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This is a correction on top of:
[PATCH v6 14/17] wpa_supplicant: FILS Extended Key ID support

Changes:
 - move handle_extended_key_id() call, so sm->pairwise is set when the
   function is called.
Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 src/ap/wpa_auth_ft.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 6afefe983..f242fc508 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -2775,8 +2775,7 @@ static int wpa_ft_set_key_mgmt(struct wpa_state_machine *sm,
 		return -1;
 	}
 	sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
-
-	return 0;
+	return handle_extended_key_id(sm, parse->capabilities);
 }
 
 
@@ -2888,9 +2887,6 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
 	}
 
-	if (handle_extended_key_id(sm, parse.capabilities))
-		return WLAN_STATUS_UNSPECIFIED_FAILURE;
-
 	use_sha384 = wpa_key_mgmt_sha384(parse.key_mgmt);
 	pmk_r1_len = use_sha384 ? SHA384_MAC_LEN : PMK_LEN;