From patchwork Mon Aug 6 19:46:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954198 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="HNIfszDh"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpDW4fqwz9s4v for ; Tue, 7 Aug 2018 05:51:07 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=SJ+b58NoNb+bcCkr5Z2/SXh0wjMCdPryXZ7YqDnZDAA=; b=HNIfszDhWkJ8cYjZ6h2lCxLDiz 0pzMKdbRZdt9BrQT7h4KZfrAW2fD0IwWBgGWJZQ8kAJbFPtTH2Lh1vYtGy/EDqUiA77mDGRFcBrun wAAjrnr98SYiY3A//t7H6dTHQHXyAdrpGWYEC6LfHoEzgWTjmFiSYk8Qy1FcvAxrstlkxLlUvISlZ RTd+m+KPdB6R/HrZehVyALp3spSPF4Tc/JNhQGyHB2VP6lrbR2KpVe4w9qWq+eWbaXwuSQrkSFTfa bHS/qRsvbA0C0psUhx8lMU8EPyPIbdgrL8/ZW4SPOjMhUkDSan+aJeudLImBTpMfADH+6hjbO/t3E 9hGXMZQg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWw-0001GE-0i; Mon, 06 Aug 2018 19:51:02 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVy-0007Bx-9f for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:50:09 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiGbT018394 for ; Mon, 6 Aug 2018 21:44:16 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiGAA020727 for ; Mon, 6 Aug 2018 21:44:16 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id C8l95CQUOQgp for ; Mon, 6 Aug 2018 21:44:08 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Ji0ks020701 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:00 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8i019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:43:59 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 01/25] Add driver API to get current channel parameters Date: Mon, 6 Aug 2018 15:46:19 -0400 Message-Id: <20180806194643.1328-2-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_125003_305486_27E9DD0E X-CRM114-Status: GOOD ( 14.43 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This adds driver API functions to get the current operating channel parameters. This encompasses the center frequency, channel bandwidth, frequency segment 1 index (for 80+80 channels), and so on. Signed-off-by: Mathy Vanhoef --- src/drivers/driver.h | 27 ++++++++++++++++ src/drivers/driver_nl80211.c | 63 ++++++++++++++++++++++++++++++++++++ src/drivers/driver_nl80211.h | 2 ++ 3 files changed, 92 insertions(+) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 9922962ea..b111fbecb 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -1915,6 +1915,26 @@ struct wpa_signal_info { int center_frq2; }; +/** + * struct wpa_signal_info - Information about the current channel + * @frequency: Center frequency of the primary 20 MHz channel + * @chanwidth: Width of the current operating channel + * @sec_channel: Location of the secondary 20 MHz channel (either +1 or -1). + * This field is only filled in when using a 40 MHz channel. + * @center_frq1: Center frequency of frequency segment 0 + * @center_frq2: Center frequency of frequency segment 1 (for 80+80 channels) + * @seg1_idx: Frequency segment 1 index when using a 80+80 channel. This is + * derived from center_frq2 for convenience. + */ +struct wpa_channel_info { + u32 frequency; + enum chan_width chanwidth; + int sec_channel; + int center_frq1; + int center_frq2; + int seg1_idx; +}; + /** * struct beacon_data - Beacon data * @head: Head portion of Beacon frame (before TIM IE) @@ -3350,6 +3370,13 @@ struct wpa_driver_ops { */ int (*signal_poll)(void *priv, struct wpa_signal_info *signal_info); + /** + * channel_info - Get parameters of the current operating channel + * @priv: Private driver interface data + * @channel_info: Channel info structure + */ + int (*channel_info)(void *priv, struct wpa_channel_info *channel_info); + /** * set_authmode - Set authentication algorithm(s) for static WEP * @priv: Private driver interface data diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 16bae4907..cdeec86af 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -1484,6 +1484,68 @@ int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, } +static int get_channel_info(struct nl_msg *msg, void *arg) +{ + struct nlattr *tb[NL80211_ATTR_MAX + 1] = {0}; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + struct wpa_channel_info *chan_info = arg; + + nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + memset(chan_info, 0, sizeof(struct wpa_channel_info)); + chan_info->chanwidth = CHAN_WIDTH_UNKNOWN; + + if (tb[NL80211_ATTR_WIPHY_FREQ]) + chan_info->frequency = + nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]); + if (tb[NL80211_ATTR_CHANNEL_WIDTH]) + chan_info->chanwidth = convert2width( + nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH])); + if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { + enum nl80211_channel_type ct = + nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); + + switch (ct) { + case NL80211_CHAN_HT40MINUS: + chan_info->sec_channel = -1; + break; + case NL80211_CHAN_HT40PLUS: + chan_info->sec_channel = 1; + break; + default: + chan_info->sec_channel = 0; + break; + } + } + if (tb[NL80211_ATTR_CENTER_FREQ1]) + chan_info->center_frq1 = + nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]); + if (tb[NL80211_ATTR_CENTER_FREQ2]) + chan_info->center_frq2 = + nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]); + + if (chan_info->center_frq2) { + u8 seg1_idx = 0; + ieee80211_freq_to_chan(chan_info->center_frq2, &seg1_idx); + chan_info->seg1_idx = seg1_idx; + } + + return NL_SKIP; +} + + +static int nl80211_channel_info(void *priv, struct wpa_channel_info *ci) +{ + struct i802_bss *bss = priv; + struct wpa_driver_nl80211_data *drv = bss->drv; + struct nl_msg *msg; + + msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE); + return send_and_recv_msgs(drv, msg, get_channel_info, ci); +} + + static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx, void *handle) { @@ -10637,6 +10699,7 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = { .resume = wpa_driver_nl80211_resume, .signal_monitor = nl80211_signal_monitor, .signal_poll = nl80211_signal_poll, + .channel_info = nl80211_channel_info, .send_frame = nl80211_send_frame, .set_param = nl80211_set_param, .get_radio_name = nl80211_get_radio_name, diff --git a/src/drivers/driver_nl80211.h b/src/drivers/driver_nl80211.h index 5ac0c7dfc..143ff1346 100644 --- a/src/drivers/driver_nl80211.h +++ b/src/drivers/driver_nl80211.h @@ -247,6 +247,8 @@ int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv, struct wpa_signal_info *sig); int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv, struct wpa_signal_info *sig_change); +int nl80211_get_channel_info(struct wpa_driver_nl80211_data *drv, + struct wpa_channel_info *chan); int nl80211_get_wiphy_index(struct i802_bss *bss); int wpa_driver_nl80211_set_mode(struct i802_bss *bss, enum nl80211_iftype nlmode); From patchwork Mon Aug 6 19:46:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954190 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="XkWLT7kr"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpCK75Jlz9ryt for ; Tue, 7 Aug 2018 05:50:03 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=ub2DG5Kn/cGNl0OiviHidoqZXswW59Io73qdwULhXMI=; b=XkWLT7krM+b119POLYdPxiqR05 yPS/rHTk5M6yWDOll/Uoh7aPR1BLMTFu4ffY/QWfDoP1ZcxHNE3s7vHkrz2p/O86xeO8d83PYfKXH X2ZawbeN+1GD127RiSYxtOq3J5L1QROAN7ddUhJk41e51Ar5YiPjUrkwhs+/wevk2cWoEfb7EGugb 9nSxRTHHsrvF+WGxItNRWZ+RQ4WJQW4oSCJrHneUGbUiAIABLb2TfMifCAkJZyezpFC8TOOtKXA8U FsvoS4Hpaf5mIoPMoQ4IWKMldOtfZGyzX/ZXdd348UhLuCiXvbMYRgb2F5oPVMEjRxeu9Yurug+jP /EC7NXjA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVg-0007Zu-SL; Mon, 06 Aug 2018 19:49:44 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVJ-0007Bx-4u for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:22 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiH3Y018397 for ; Mon, 6 Aug 2018 21:44:17 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JeZej020567 for ; Mon, 6 Aug 2018 21:44:16 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id 43rAtTKo-lqe for ; Mon, 6 Aug 2018 21:44:08 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Ji2gu020706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:02 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8j019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:02 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 02/25] Make channel_info available to the supplicant state machine Date: Mon, 6 Aug 2018 15:46:20 -0400 Message-Id: <20180806194643.1328-3-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124921_477353_5B375694 X-CRM114-Status: GOOD ( 13.45 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This adds the necessary functions and callbacks to make the channel_info driver API available to the supplicant state machine that implements the 4-way and group key handshake. Signed-off-by: Mathy Vanhoef --- src/rsn_supp/wpa.h | 2 ++ src/rsn_supp/wpa_i.h | 8 ++++++++ wpa_supplicant/driver_i.h | 8 ++++++++ wpa_supplicant/wpas_glue.c | 8 ++++++++ wpa_supplicant/wpas_glue.h | 1 + 5 files changed, 27 insertions(+) diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index 21f4b1781..d52b8e033 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -18,6 +18,7 @@ struct wpa_sm; struct eapol_sm; struct wpa_config_blob; struct hostapd_freq_params; +struct wpa_channel_info; struct wpa_sm_ctx { void *ctx; /* pointer to arbitrary upper level context */ @@ -82,6 +83,7 @@ struct wpa_sm_ctx { int (*key_mgmt_set_pmk)(void *ctx, const u8 *pmk, size_t pmk_len); void (*fils_hlp_rx)(void *ctx, const u8 *dst, const u8 *src, const u8 *pkt, size_t pkt_len); + int (*channel_info)(void *ctx, struct wpa_channel_info *ci); }; diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index b94b17a85..d7ea29b81 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -198,6 +198,14 @@ static inline int wpa_sm_set_key(struct wpa_sm *sm, enum wpa_alg alg, seq, seq_len, key, key_len); } +static inline int wpa_sm_channel_info(struct wpa_sm *sm, + struct wpa_channel_info *ci) +{ + WPA_ASSERT(sm->ctx->channel_info); + return sm->ctx->channel_info(sm->ctx->ctx, ci); +} + + static inline void * wpa_sm_get_network_ctx(struct wpa_sm *sm) { WPA_ASSERT(sm->ctx->get_network_ctx); diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h index 078de23f7..5581bb064 100644 --- a/wpa_supplicant/driver_i.h +++ b/wpa_supplicant/driver_i.h @@ -492,6 +492,14 @@ static inline int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s, return -1; } +static inline int wpa_drv_channel_info(struct wpa_supplicant *wpa_s, + struct wpa_channel_info *ci) +{ + if (wpa_s->driver->channel_info) + return wpa_s->driver->channel_info(wpa_s->drv_priv, ci); + return -1; +} + static inline int wpa_drv_pktcnt_poll(struct wpa_supplicant *wpa_s, struct hostap_sta_driver_data *sta) { diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 4634ed7fc..e22f20fa7 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -517,6 +517,13 @@ static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg, } +static int wpa_supplicant_channel_info(void *_wpa_s, struct wpa_channel_info *ci) +{ + struct wpa_supplicant *wpa_s = _wpa_s; + return wpa_drv_channel_info(wpa_s, ci); +} + + static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr, int protection_type, int key_type) @@ -1233,6 +1240,7 @@ int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload; ctx->key_mgmt_set_pmk = wpa_supplicant_key_mgmt_set_pmk; ctx->fils_hlp_rx = wpa_supplicant_fils_hlp_rx; + ctx->channel_info = wpa_supplicant_channel_info; wpa_s->wpa = wpa_sm_init(ctx); if (wpa_s->wpa == NULL) { diff --git a/wpa_supplicant/wpas_glue.h b/wpa_supplicant/wpas_glue.h index 5585e5615..27aa69869 100644 --- a/wpa_supplicant/wpas_glue.h +++ b/wpa_supplicant/wpas_glue.h @@ -10,6 +10,7 @@ #define WPAS_GLUE_H enum wpa_ctrl_req_type; +struct wpa_channel_info; int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s); int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s); From patchwork Mon Aug 6 19:46:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954192 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="rOihERYn"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpCd2fnPz9ryt for ; Tue, 7 Aug 2018 05:50:21 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=0V5zeoTv2vp6xkT17uYqqrWQ2eyDtQUxxGkdwZ/Eyu8=; b=rOihERYnzrrzWr3FTbbq7xK6gA WbX4aIjKPU+wE42sZcrMeP2Gzr+egeHIllhKICsWoOHO+L/3qmL546rU8229UiuXNkqwjrKBeYyzD 7Mt33yZu5GouOM53lZsYNJAnQuvIap4LVKKZrWhzh0n/5VVZVuwrnFqK/F3ZZnPUKmZfxKD14RUlR v+16O3qRC1XTuVoYEptTPNonWxRjMi8bXNtrBdhHq1o977+4J0Ov2aj6hGMRFsbM3KPQY4rLy3grc vsnNor+QrhhVs5ghZ7QqZL4pNf8yqsGx30CP2ijOIVJ/MMmu3EupfH6CAvO4EU6b1nzZa8XcttKb9 bkTAyX8w==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWB-0008NO-V4; Mon, 06 Aug 2018 19:50:15 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVR-0007Bx-Lo for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:31 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiHpj018400 for ; Mon, 6 Aug 2018 21:44:17 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiGlF020726 for ; Mon, 6 Aug 2018 21:44:16 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id bJY3bBkQAuhA for ; Mon, 6 Aug 2018 21:44:08 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Ji5SG020707 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:05 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8k019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:04 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 03/25] Make channel_info and get_sta available to authenticator Date: Mon, 6 Aug 2018 15:46:21 -0400 Message-Id: <20180806194643.1328-4-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124930_016271_98C91545 X-CRM114-Status: GOOD ( 14.56 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This adds the necessary functions and callbacks to make the channel_info driver API available to the authenticator state machine that implements the 4-way and group key handshake. It also makes the get_sta function available. Signed-off-by: Mathy Vanhoef --- src/ap/ap_drv_ops.h | 8 ++++++++ src/ap/wpa_auth.c | 19 +++++++++++++++++++ src/ap/wpa_auth.h | 3 +++ src/ap/wpa_auth_glue.c | 17 +++++++++++++++++ 4 files changed, 47 insertions(+) diff --git a/src/ap/ap_drv_ops.h b/src/ap/ap_drv_ops.h index db93fde7d..c01d44200 100644 --- a/src/ap/ap_drv_ops.h +++ b/src/ap/ap_drv_ops.h @@ -356,4 +356,12 @@ static inline int hostapd_drv_stop_ap(struct hostapd_data *hapd) return hapd->driver->stop_ap(hapd->drv_priv); } +static inline int hostapd_drv_channel_info(struct hostapd_data *hapd, + struct wpa_channel_info *ci) +{ + if (hapd->driver == NULL || hapd->driver->channel_info == NULL) + return 0; + return hapd->driver->channel_info(hapd->drv_priv, ci); +} + #endif /* AP_DRV_OPS */ diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 126d98c9f..f20dd806a 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -22,12 +22,14 @@ #include "crypto/sha384.h" #include "crypto/random.h" #include "eapol_auth/eapol_auth_sm.h" +#include "drivers/driver.h" #include "ap_config.h" #include "ieee802_11.h" #include "wpa_auth.h" #include "pmksa_cache_auth.h" #include "wpa_auth_i.h" #include "wpa_auth_ie.h" +#include "sta_info.h" #define STATE_MACHINE_DATA struct wpa_state_machine #define STATE_MACHINE_DEBUG_PREFIX "WPA" @@ -238,6 +240,23 @@ static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth, } +static int wpa_channel_info(struct wpa_authenticator *wpa_auth, + struct wpa_channel_info *ci) +{ + if (wpa_auth->cb->channel_info == NULL) + return -1; + return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci); +} + + +static struct sta_info * wpa_get_sta(struct wpa_authenticator *wpa_auth, + const u8 *addr) +{ + if (wpa_auth->cb->get_sta == NULL) + return NULL; + return wpa_auth->cb->get_sta(wpa_auth->cb_ctx, addr); +} + static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx) { struct wpa_authenticator *wpa_auth = eloop_ctx; diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index fad5536f7..5837c3e9f 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -145,6 +145,7 @@ struct wpa_state_machine; struct rsn_pmksa_cache_entry; struct eapol_state_machine; struct ft_remote_seq; +struct wpa_channel_info; struct ft_remote_r0kh { @@ -265,6 +266,8 @@ struct wpa_auth_callbacks { size_t data_len); int (*send_oui)(void *ctx, const u8 *dst, u8 oui_suffix, const u8 *data, size_t data_len); + int (*channel_info)(void *ctx, struct wpa_channel_info *ci); + struct sta_info * (*get_sta)(void *ctx, const u8 *addr); #ifdef CONFIG_IEEE80211R_AP struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr); int (*set_vlan)(void *ctx, const u8 *sta_addr, diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index 812740301..754b04462 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -775,6 +775,21 @@ static int hostapd_wpa_auth_send_oui(void *ctx, const u8 *dst, u8 oui_suffix, #endif /* CONFIG_ETH_P_OUI */ } +int hostapd_channel_info(void *ctx, struct wpa_channel_info *ci) +{ + struct hostapd_data *hapd = ctx; + + if (hostapd_drv_channel_info(hapd, ci) != 0) + return -1; + + return 0; +} + +struct sta_info * hostapd_get_sta(void *ctx, const u8 *addr) +{ + struct hostapd_data *hapd = ctx; + return ap_get_sta(hapd, addr); +} #ifdef CONFIG_IEEE80211R_AP @@ -1202,6 +1217,8 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) .set_session_timeout = hostapd_wpa_auth_set_session_timeout, .get_session_timeout = hostapd_wpa_auth_get_session_timeout, #endif /* CONFIG_IEEE80211R_AP */ + .channel_info = hostapd_channel_info, + .get_sta = hostapd_get_sta }; const u8 *wpa_ie; size_t wpa_ie_len; From patchwork Mon Aug 6 19:46:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954209 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Ip+EtoJQ"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="NPdmVVKF"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpGh6fKJz9ryt for ; Tue, 7 Aug 2018 05:53:00 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=aYAoUkumm05ezBOVeqCuiwCeW7dY7v6vduy3u03MgD0=; b=Ip+EtoJQxSyy3srEiXXSUMysY/ nvEDV9WLvQqbbWSUb0fCOldJOYhTMDXJKaWrmJjd6JZbKVbRyxvtuv1r3fm0GgVVSf6pQ8P2KaIwn DtNFj/LRABXMJaORyTWkpzRCx6fxzmO+IyCksGCMM57OkUhmhUaDJOSXy1QBZ/LSw8nJMV0Hcoq0q eT5QnuWCN2o78R6ec9BUdlxjAEbJiJvXzyd+goXbWUcOVySNInSejN5z1xErrmPn/4YWeiyO3dB3i yLFnHtjG3joGqubSDHTic+6eLT9vItOXdHGbbsR4akp6NbXXnVAyUxKw27jBgP8Vpv/SqjvOAWCaT uq25L/ZA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlYk-0004L1-TX; Mon, 06 Aug 2018 19:52:54 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlY1-0002z5-PX for hostap@bombadil.infradead.org; Mon, 06 Aug 2018 19:52:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=TqlHwJq9MNXcxzW68uXryPu4NX5bHBW2NSiqRaVcgz8=; b=NPdmVVKFvfSMO+3ya73JUdQci hmJCtv9dm45WnPflyPc1IX9yEoazV9Rq0RynBBN4jr3fzxn3HAtmvCZcVjAaO2XGrJWVa1ITwXFhM sKwRUOQe4/pVn2pZUcpC4W90EUKF+7zGEY1l99syiUNv6BFvbwAllpUWvwVfKtwK2xlUxjttg52Y6 2vuCqsVkRlKOg99BNy34F+bTmHI+HWz2ESezahDOhLx/rTcP2YHzQbmkgkHPqXgrWX9xmydVbDNPw oG7DaxXgTKnTMmMMqCQ6Il7Oy31kXNzQdod+nWUwRijWUTKF/WZF8PkKo/FrfKFBVa/SGDXrjRymD UhUQSODug==; Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXv-0003YK-6r for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:52:03 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiG8Z018391 for ; Mon, 6 Aug 2018 21:44:16 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiGXj020728 for ; Mon, 6 Aug 2018 21:44:16 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id PXOxzN23zpgw for ; Mon, 6 Aug 2018 21:44:08 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Ji8s1020711 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:08 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8l019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:07 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 04/25] Add utility function to derive operating class and channel Date: Mon, 6 Aug 2018 15:46:22 -0400 Message-Id: <20180806194643.1328-5-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_155203_460006_3F1013FB X-CRM114-Status: GOOD ( 14.88 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on merlin.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This function can be used to easily convert the parameters returned by the channel_info driver API, into their corresponding operating class and channel number. Signed-off-by: Mathy Vanhoef --- src/common/ieee802_11_common.c | 34 ++++++++++++++++++++++++++++++++++ src/common/ieee802_11_common.h | 4 ++++ 2 files changed, 38 insertions(+) diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c index e1ef27795..1c64f9b00 100644 --- a/src/common/ieee802_11_common.c +++ b/src/common/ieee802_11_common.c @@ -896,6 +896,40 @@ enum hostapd_hw_mode ieee80211_freq_to_channel_ext(unsigned int freq, } +int ieee80211_chaninfo_to_channel(unsigned int freq, enum chan_width chanwidth, + int sec_channel, u8 *op_class, u8 *channel) +{ + int vht = CHAN_WIDTH_UNKNOWN; + + switch (chanwidth) { + case CHAN_WIDTH_UNKNOWN: + case CHAN_WIDTH_20_NOHT: + case CHAN_WIDTH_20: + case CHAN_WIDTH_40: + vht = VHT_CHANWIDTH_USE_HT; + break; + case CHAN_WIDTH_80: + vht = VHT_CHANWIDTH_80MHZ; + break; + case CHAN_WIDTH_80P80: + vht = VHT_CHANWIDTH_80P80MHZ; + break; + case CHAN_WIDTH_160: + vht = VHT_CHANWIDTH_160MHZ; + break; + } + + if (ieee80211_freq_to_channel_ext(freq, sec_channel, vht, op_class, + channel) == NUM_HOSTAPD_MODES) { + wpa_printf(MSG_WARNING, "Cannot determine operating class " + "and channel for OCI element in EAPOL-Key 2/4"); + return -1; + } + + return 0; +} + + static const char *const us_op_class_cc[] = { "US", "CA", NULL }; diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h index ff7e51de3..36cb71a5b 100644 --- a/src/common/ieee802_11_common.h +++ b/src/common/ieee802_11_common.h @@ -12,6 +12,7 @@ #include "defs.h" struct hostapd_hw_modes; +enum chan_width; #define MAX_NOF_MB_IES_SUPPORTED 5 @@ -160,6 +161,9 @@ int ieee80211_chan_to_freq(const char *country, u8 op_class, u8 chan); enum hostapd_hw_mode ieee80211_freq_to_channel_ext(unsigned int freq, int sec_channel, int vht, u8 *op_class, u8 *channel); +int ieee80211_chaninfo_to_channel(unsigned int freq, + enum chan_width chanwidth, int sec_channel, + u8 *op_class, u8 *channel); int ieee80211_is_dfs(int freq, const struct hostapd_hw_modes *modes, u16 num_modes); enum phy_type ieee80211_get_phy_type(int freq, int ht, int vht); From patchwork Mon Aug 6 19:46:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954208 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="sk2s1HFs"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="cYT4WLaf"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpGX6Nh6z9ryt for ; Tue, 7 Aug 2018 05:52:52 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=1150eIAykXeJkFyTjImC2J9ucODEYdbYrzCnzctvgpA=; b=sk2s1HFsG7gM2rbf7icepvhFiU KQKeekjpFDxrKj+qhtCJeRHoI8MrAJ7L/PvNA7n6x9zKbxoYnFXDUfE2hVHanArDwcHlw5//tbvoN vgaLdrlNFieAd8gcQPGa1HcKD+LGT11dcRkrgrN/l6jsDe3aDMBHv0AtoD7Hwn/P2LqcLqQGDOyTR qko7UhZaS679sMlMK+RVLR5p5IPYuoE2gEJbKjUW1H9vjeLphvDsiYU8RAhy+pRAQNg9mI1F8/Yn6 y5LJDPPzffiaeHTdyH7bXY5EP+7z9S2fWADG31v/Ofu/ZnDCsQZh8j5BKTpDytmstjI5VahQlCVG5 OsZ22SXA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlYd-0004BZ-Pn; Mon, 06 Aug 2018 19:52:47 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlY1-00037e-Ig for hostap@bombadil.infradead.org; Mon, 06 Aug 2018 19:52:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=P3jHMa8/ES1R50TRY0j21HSpBIvtswx9g4p6Nbtxfro=; b=cYT4WLafXONXb2cXSiaJVgemM WhPxSaOSLjClmRNqE7G7CKRKva9iYc8v4EUtAi8E/Mfz4JhO06yT6CnhootYe/N8iCC3mwvCW9kIN sO/P5c5z1e5YlK3XiTeg/pECwFaLmv27j37v+/lftvux7lYQ8h6IwE6ZC/8ZdQXxdQovBPk4OXQf1 s3eXccUoZkwAiHJpFamPCzxPy/UqGsXqVs2Ib152saY9mhQSkh4xJSdVeyYDb149Ww4ZcBJco7+ky Gn/9fESkjHp2Tsx9e/xVo8d/rxInDzNJ9NYwjiTOGnizWA69B0wPevmKnHuL1f2aSLU/3UkbFrhjz gHewWbvJg==; Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXy-0003YK-WF for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:52:07 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiQfU018406 for ; Mon, 6 Aug 2018 21:44:26 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JhX2c020697 for ; Mon, 6 Aug 2018 21:44:26 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id rfEuMJTmpkRa for ; Mon, 6 Aug 2018 21:44:18 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiBKB020724 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:11 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8m019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:11 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 05/25] Add functions to convert channel bandwidth to an integer Date: Mon, 6 Aug 2018 15:46:23 -0400 Message-Id: <20180806194643.1328-6-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_155207_253133_D054583D X-CRM114-Status: GOOD ( 14.06 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on merlin.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This adds two utility functions to convert both operating classes and and the chan_width enum to an integer representing the channel bandwidth. This can then be used to compare bandwidth parameters in an uniform manner. Signed-off-by: Mathy Vanhoef --- src/common/ieee802_11_common.c | 21 +++++++++++++++++++++ src/common/ieee802_11_common.h | 1 + src/drivers/driver.h | 2 ++ src/drivers/driver_common.c | 19 +++++++++++++++++++ 4 files changed, 43 insertions(+) diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c index 1c64f9b00..c730ebce0 100644 --- a/src/common/ieee802_11_common.c +++ b/src/common/ieee802_11_common.c @@ -1698,6 +1698,27 @@ const struct oper_class_map * get_oper_class(const char *country, u8 op_class) } +int oper_class_bw_to_int(const struct oper_class_map *map) +{ + switch (map->bw) { + case BW20: + return 20; + case BW40PLUS: + case BW40MINUS: + return 40; + case BW80: + return 80; + case BW80P80: + case BW160: + return 160; + case BW2160: + return 2160; + default: + return 0; + } +} + + int ieee802_11_parse_candidate_list(const char *pos, u8 *nei_rep, size_t nei_rep_len) { diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h index 36cb71a5b..26ed66ee3 100644 --- a/src/common/ieee802_11_common.h +++ b/src/common/ieee802_11_common.h @@ -201,6 +201,7 @@ struct country_op_class { u8 country_to_global_op_class(const char *country, u8 op_class); const struct oper_class_map * get_oper_class(const char *country, u8 op_class); +int oper_class_bw_to_int(const struct oper_class_map *map); int ieee802_11_parse_candidate_list(const char *pos, u8 *nei_rep, size_t nei_rep_len); diff --git a/src/drivers/driver.h b/src/drivers/driver.h index b111fbecb..d679fbc57 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -5534,6 +5534,8 @@ const char * event_to_string(enum wpa_event_type event); /* Convert chan_width to a string for logging and control interfaces */ const char * channel_width_to_string(enum chan_width width); +int channel_width_to_int(enum chan_width width); + int ht_supported(const struct hostapd_hw_modes *mode); int vht_supported(const struct hostapd_hw_modes *mode); diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c index ac0916e40..1b92e8605 100644 --- a/src/drivers/driver_common.c +++ b/src/drivers/driver_common.c @@ -115,6 +115,25 @@ const char * channel_width_to_string(enum chan_width width) } +int channel_width_to_int(enum chan_width width) +{ + switch (width) { + case CHAN_WIDTH_20_NOHT: + case CHAN_WIDTH_20: + return 20; + case CHAN_WIDTH_40: + return 40; + case CHAN_WIDTH_80: + return 80; + case CHAN_WIDTH_80P80: + case CHAN_WIDTH_160: + return 160; + default: + return 0; + } +} + + int ht_supported(const struct hostapd_hw_modes *mode) { if (!(mode->flags & HOSTAPD_MODE_FLAG_HT_INFO_KNOWN)) { From patchwork Mon Aug 6 19:46:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954191 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="SRFf7A34"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpCT3RL0z9s4v for ; Tue, 7 Aug 2018 05:50:13 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=f680tdyF55idNP2NfwMGO0zRMHoknsH5NglIMlbEhVM=; b=SRFf7A34z887Z0SRihxhtNLEiC TLPbmMG1kYQTQW9yt4Yj0191WRCOSiACGyW+QUW1V+DDFiDNdke7Fnf8RAjzQxGc6ouf3vBhpW8N+ wlK4C0zW5UoRJZ66xh6wehOb15d8iVH0JBWBvU8JBJhDV6DdjfJSKUnoW2Wn0zz26NB6h6Rc8Aqjx iuYqDdfq/6Ql4UnOt8Cuoyl3tboIftvLQ5YFyTVC3sdZSWktcY8A55Lj21EyNjkHefPf6PZaw7yo3 gWBPpmmQvNEZzqgIOpAfemvc4gLN5NNaVozCQJGNkv4mau6J3OdtL+GzsYI4fJ2S7lZ+gH8m2wUAq GZFHQJXQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlW4-0008AA-06; Mon, 06 Aug 2018 19:50:08 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVP-0007Bx-HH for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:29 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiQ9x018403 for ; Mon, 6 Aug 2018 21:44:26 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiPWu020751 for ; Mon, 6 Aug 2018 21:44:25 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id 5-51zcoWu_qZ for ; Mon, 6 Aug 2018 21:44:18 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiDDx020725 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:13 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8n019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:13 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 06/25] Store the VHT Operation element of an associated STA Date: Mon, 6 Aug 2018 15:46:24 -0400 Message-Id: <20180806194643.1328-7-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124927_864306_E812A6E0 X-CRM114-Status: GOOD ( 12.74 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org APs and mesh peers use the VHT Operation element to advertise certain channel properties (e.g. the bandwidth of the channel). Save this information element so we can later access this information. Signed-off-by: Mathy Vanhoef --- src/ap/ieee802_11.c | 4 ++++ src/ap/ieee802_11.h | 2 ++ src/ap/ieee802_11_vht.c | 23 +++++++++++++++++++++++ src/ap/sta_info.c | 1 + src/ap/sta_info.h | 1 + wpa_supplicant/mesh_mpm.c | 1 + 6 files changed, 32 insertions(+) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index d7e7210f7..543058e01 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2482,6 +2482,10 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, if (resp != WLAN_STATUS_SUCCESS) return resp; + resp = copy_sta_vht_oper(hapd, sta, elems.vht_operation); + if (resp != WLAN_STATUS_SUCCESS) + return resp; + resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif); if (resp != WLAN_STATUS_SUCCESS) return resp; diff --git a/src/ap/ieee802_11.h b/src/ap/ieee802_11.h index 2f3b4da8e..3d93be299 100644 --- a/src/ap/ieee802_11.h +++ b/src/ap/ieee802_11.h @@ -80,6 +80,8 @@ void ht40_intolerant_add(struct hostapd_iface *iface, struct sta_info *sta); void ht40_intolerant_remove(struct hostapd_iface *iface, struct sta_info *sta); u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta, const u8 *vht_capab); +u16 copy_sta_vht_oper(struct hostapd_data *hapd, struct sta_info *sta, + const u8 *vht_oper); u16 set_sta_vht_opmode(struct hostapd_data *hapd, struct sta_info *sta, const u8 *vht_opmode); void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, diff --git a/src/ap/ieee802_11_vht.c b/src/ap/ieee802_11_vht.c index 8d0662078..0a270a34c 100644 --- a/src/ap/ieee802_11_vht.c +++ b/src/ap/ieee802_11_vht.c @@ -357,6 +357,29 @@ u16 copy_sta_vht_capab(struct hostapd_data *hapd, struct sta_info *sta, } +u16 copy_sta_vht_oper(struct hostapd_data *hapd, struct sta_info *sta, + const u8 *vht_oper) +{ + if (!vht_oper) { + os_free(sta->vht_operation); + sta->vht_operation = NULL; + return WLAN_STATUS_SUCCESS; + } + + if (sta->vht_operation == NULL) { + sta->vht_operation = + os_zalloc(sizeof(struct ieee80211_vht_operation)); + if (sta->vht_operation == NULL) + return WLAN_STATUS_UNSPECIFIED_FAILURE; + } + + os_memcpy(sta->vht_operation, vht_oper, + sizeof(struct ieee80211_vht_operation)); + + return WLAN_STATUS_SUCCESS; +} + + u16 copy_sta_vendor_vht(struct hostapd_data *hapd, struct sta_info *sta, const u8 *ie, size_t len) { diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c index 179cf43b6..d0f143890 100644 --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c @@ -328,6 +328,7 @@ void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) os_free(sta->ht_capabilities); os_free(sta->vht_capabilities); + os_free(sta->vht_operation); hostapd_free_psk_list(sta->psk); os_free(sta->identity); os_free(sta->radius_cui); diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h index 9cac6f157..48365822e 100644 --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h @@ -162,6 +162,7 @@ struct sta_info { struct ieee80211_ht_capabilities *ht_capabilities; struct ieee80211_vht_capabilities *vht_capabilities; + struct ieee80211_vht_operation *vht_operation; u8 vht_opmode; #ifdef CONFIG_IEEE80211W diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c index d166cfeec..fd5b90a42 100644 --- a/wpa_supplicant/mesh_mpm.c +++ b/wpa_supplicant/mesh_mpm.c @@ -698,6 +698,7 @@ static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s, #ifdef CONFIG_IEEE80211AC copy_sta_vht_capab(data, sta, elems->vht_capabilities); + copy_sta_vht_oper(data, sta, elems->vht_operation); set_sta_vht_opmode(data, sta, elems->vht_opmode_notif); #endif /* CONFIG_IEEE80211AC */ From patchwork Mon Aug 6 19:46:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954205 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Jr7AnvkS"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="TG7lGNgD"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpG62WHlz9ryt for ; Tue, 7 Aug 2018 05:52:30 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=bPvcjEnIo3VLajfxq6iZUp3r3XI1mdmtnINdhgcc6hc=; b=Jr7AnvkSncVAPkT+2f0vw5XWgU OwZDVAMFh+VSUhdqDKtoUMT3yJNzqjvS8CPLiMTd23FXgZbZP0YSTyDQhe4m+K598zQsq5d0jJX/B S9xCWT1EUM3jt0yhgw7hKBeC0e8lXyPPXO8mZsMJpcBD2XS4+xCK/UWRcJmzQ2psNA5CxlmS4a368 U5zjQEzFGygtuE96nbJbWy/6CMyoq4hOwgx+iH5sFqTwqHFOjwWHL7+cCxHQDagsQ4lDQQ3a6F+Hu buW075C4BoDIS2hftcn+ARndFQK5EAxd5/syQTPgicbTV9PleNtkRynVvPdKgLOQi/mUU5qAvcmTb pVzZEDaA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlYG-0003dG-Uq; Mon, 06 Aug 2018 19:52:25 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXw-0002z5-NU for hostap@bombadil.infradead.org; Mon, 06 Aug 2018 19:52:05 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=ug4zzk03jH0d9UrJ9Ri/S8AQSi66C7zJVtLPuQFSKwY=; b=TG7lGNgDEaRWVhG4tHeSqqkhQ 5R/a/i5J8GLm98hXv+3c3nRofi6nSrZ/bLMfvEWA/uUVn/6+StNJ0zjHHcq2eyEQPg37MYI0I1q9l F03OiGqv/KEbj8mksAXVYkwjHYnTX14JgvIS//xO7AP+5k0Px84MeZ/gTGF1TlWlV1xxBik7V8myK Np1SKF4rB/OC6kWylYoDv6aNXIzm5ADnlQ6TAw1d/LCYKbaZh2jagn5qDlTyinFYvhs+gp22nzRQl aOImGlXoNhuQYOPbWvX9Bx2fwq7UmLaW6ON074dwM+72whoRwLHgDODl1RJaDWsiDAJO20iOmu9vK nLyCPmGbA==; Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXt-0003YK-Ew for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:52:02 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiQ9F018409 for ; Mon, 6 Aug 2018 21:44:26 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiPsr020752 for ; Mon, 6 Aug 2018 21:44:25 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id d2UX16ewW8eP for ; Mon, 6 Aug 2018 21:44:18 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiGo0020733 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:16 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8o019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:16 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 07/25] OCV: Add configs for channel validation support Date: Mon, 6 Aug 2018 15:46:25 -0400 Message-Id: <20180806194643.1328-8-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_155201_729410_C2C86CEB X-CRM114-Status: GOOD ( 23.28 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on merlin.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This commit adds compilation flags and configuration variables to disable or enable Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef --- hostapd/Android.mk | 5 +++ hostapd/Makefile | 5 +++ hostapd/android.config | 3 ++ hostapd/config_file.c | 6 ++++ hostapd/defconfig | 3 ++ hostapd/hostapd.conf | 7 ++++ src/ap/ap_config.c | 9 ++++++ src/ap/ap_config.h | 4 +++ src/ap/hs20.c | 4 +++ src/ap/wpa_auth.h | 5 +++ src/ap/wpa_auth_glue.c | 3 ++ src/ap/wpa_auth_i.h | 3 ++ src/ap/wpa_auth_ie.c | 34 +++++++++++++++++++- src/common/wpa_common.h | 3 +- src/rsn_supp/wpa.c | 4 +++ src/rsn_supp/wpa.h | 3 +- src/rsn_supp/wpa_ft.c | 2 ++ src/rsn_supp/wpa_i.h | 1 + src/rsn_supp/wpa_ie.c | 2 ++ tests/hwsim/example-hostapd.config | 2 ++ tests/hwsim/example-wpa_supplicant.config | 2 ++ wlantest/Makefile | 1 + wlantest/bss.c | 5 +-- wlantest/ctrl.c | 3 ++ wlantest/sta.c | 11 +++++-- wpa_supplicant/Android.mk | 5 +++ wpa_supplicant/Makefile | 5 +++ wpa_supplicant/android.config | 3 ++ wpa_supplicant/ap.c | 4 +++ wpa_supplicant/config.c | 39 +++++++++++++++++++++++ wpa_supplicant/config_file.c | 9 ++++++ wpa_supplicant/config_ssid.h | 11 +++++++ wpa_supplicant/defconfig | 5 ++- wpa_supplicant/mesh.c | 3 ++ wpa_supplicant/mesh_rsn.c | 8 +++-- wpa_supplicant/wpa_supplicant.c | 3 ++ wpa_supplicant/wpa_supplicant.conf | 7 ++++ 37 files changed, 221 insertions(+), 11 deletions(-) diff --git a/hostapd/Android.mk b/hostapd/Android.mk index 322f6a632..82d43c754 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -235,6 +235,11 @@ L_CFLAGS += -DCONFIG_SUITEB192 NEED_SHA384=y endif +ifdef CONFIG_OCV +L_CFLAGS += -DCONFIG_OCV +CONFIG_IEEE80211W=y +endif + ifdef CONFIG_IEEE80211W L_CFLAGS += -DCONFIG_IEEE80211W NEED_SHA256=y diff --git a/hostapd/Makefile b/hostapd/Makefile index 2ce8b7ded..d88964c32 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -278,6 +278,11 @@ CFLAGS += -DCONFIG_SUITEB192 NEED_SHA384=y endif +ifdef CONFIG_OCV +CFLAGS += -DCONFIG_OCV +CONFIG_IEEE80211W=y +endif + ifdef CONFIG_IEEE80211W CFLAGS += -DCONFIG_IEEE80211W NEED_SHA256=y diff --git a/hostapd/android.config b/hostapd/android.config index 08d21f044..60734e166 100644 --- a/hostapd/android.config +++ b/hostapd/android.config @@ -50,6 +50,9 @@ CONFIG_DRIVER_NL80211_QCA=y # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y +# Support Operating Channel Validation +CONFIG_OCV=y + # Integrated EAP server #CONFIG_EAP=y diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 37308dbcc..03ba7a9bb 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -3296,6 +3296,12 @@ static int hostapd_config_fill(struct hostapd_config *conf, return 1; } #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + } else if (os_strcmp(buf, "ocv") == 0) { + bss->ocv = atoi(pos); + if (bss->ocv && !bss->ieee80211w) + bss->ieee80211w = 1; +#endif /* CONFIG_OCV */ #ifdef CONFIG_IEEE80211N } else if (os_strcmp(buf, "ieee80211n") == 0) { conf->ieee80211n = atoi(pos); diff --git a/hostapd/defconfig b/hostapd/defconfig index c67c6622d..0a129aa34 100644 --- a/hostapd/defconfig +++ b/hostapd/defconfig @@ -53,6 +53,9 @@ CONFIG_RSN_PREAUTH=y # IEEE 802.11w (management frame protection) CONFIG_IEEE80211W=y +# Support Operating Channel Validation +CONFIG_OCV=y + # Integrated EAP server CONFIG_EAP=y diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 70f9713d3..e6e49f318 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1418,6 +1418,13 @@ own_ip_addr=127.0.0.1 # dot11AssociationSAQueryRetryTimeout, 1...4294967295 #assoc_sa_query_retry_timeout=201 +# ocv: Operating Channel Validation +# This is a countermeasure against multi-channel man-in-the-middle attacks. +# Enabling this automatically also enables ieee80211w, if not yet enabled. +# 0 = disabled (default) +# 1 = enabled +#ocv=1 + # disable_pmksa_caching: Disable PMKSA caching # This parameter can be used to disable caching of PMKSA created through EAP # authentication. RSN preauthentication may still end up using PMKSA caching if diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 820cba956..27f014580 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -1002,6 +1002,15 @@ static int hostapd_config_check_bss(struct hostapd_bss_config *bss, } #endif /* CONFIG_MBO */ +#ifdef CONFIG_OCV + if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION && + bss->ocv) { + wpa_printf(MSG_ERROR, + "OCV: PMF needs to be enabled whenever using OCV"); + return -1; + } +#endif /* CONFIG_OCV */ + return 0; } diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 5b7112609..450295ada 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -42,6 +42,7 @@ struct mesh_conf { #define MESH_CONF_SEC_AMPE BIT(2) unsigned int security; enum mfp_options ieee80211w; + int ocv; unsigned int pairwise_cipher; unsigned int group_cipher; unsigned int mgmt_group_cipher; @@ -335,6 +336,9 @@ struct hostapd_bss_config { /* dot11AssociationSAQueryRetryTimeout (in TUs) */ int assoc_sa_query_retry_timeout; #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + int ocv; /* Operating Channel Validation */ +#endif /* CONFIG_OCV */ enum { PSK_RADIUS_IGNORED = 0, PSK_RADIUS_ACCEPTED = 1, diff --git a/src/ap/hs20.c b/src/ap/hs20.c index 98d016d96..4df844b5d 100644 --- a/src/ap/hs20.c +++ b/src/ap/hs20.c @@ -84,6 +84,10 @@ u8 * hostapd_eid_osen(struct hostapd_data *hapd, u8 *eid) capab |= WPA_CAPABILITY_MFPR; } #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + if (hapd->conf->ocv) + capab |= WPA_CAPABILITY_OCVC; +#endif /* CONFIG_OCV */ WPA_PUT_LE16(eid, capab); eid += 2; diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 5837c3e9f..2762044ff 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -192,6 +192,9 @@ struct wpa_auth_config { int group_mgmt_cipher; int sae_require_mfp; #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + int ocv; /* Operating Channel Validation */ +#endif /* CONFIG_OCV */ #ifdef CONFIG_IEEE80211R_AP u8 ssid[SSID_MAX_LEN]; size_t ssid_len; @@ -319,6 +322,8 @@ int wpa_validate_osen(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *sm, const u8 *osen_ie, size_t osen_ie_len); int wpa_auth_uses_mfp(struct wpa_state_machine *sm); +void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv); +int wpa_auth_uses_ocv(struct wpa_state_machine *sm); struct wpa_state_machine * wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr, const u8 *p2p_dev_addr); diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index 754b04462..1fbdc41a0 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -55,6 +55,9 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, wconf->wmm_enabled = conf->wmm_enabled; wconf->wmm_uapsd = conf->wmm_uapsd; wconf->disable_pmksa_caching = conf->disable_pmksa_caching; +#ifdef CONFIG_OCV + wconf->ocv = conf->ocv; +#endif /* CONFIG_OCV */ wconf->okc = conf->okc; #ifdef CONFIG_IEEE80211W wconf->ieee80211w = conf->ieee80211w; diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h index b1cea1b49..a349304d5 100644 --- a/src/ap/wpa_auth_i.h +++ b/src/ap/wpa_auth_i.h @@ -92,6 +92,9 @@ struct wpa_state_machine { #endif /* CONFIG_IEEE80211R_AP */ unsigned int is_wnmsleep:1; unsigned int pmkid_set:1; +#ifdef CONFIG_OCV + unsigned int ocv_enabled:1; +#endif /* CONFIG_OCV */ u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN]; int req_replay_counter_used; diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 421dd5a6f..371be7bab 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -293,9 +293,13 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len, capab |= WPA_CAPABILITY_MFPR; } #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + if (conf->ocv) + capab |= WPA_CAPABILITY_OCVC; +#endif /* CONFIG_OCV */ #ifdef CONFIG_RSN_TESTING if (rsn_testing) - capab |= BIT(8) | BIT(14) | BIT(15); + capab |= BIT(8) | BIT(15); #endif /* CONFIG_RSN_TESTING */ WPA_PUT_LE16(pos, capab); pos += 2; @@ -414,6 +418,10 @@ static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid) capab |= WPA_CAPABILITY_MFPR; } #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + if (conf->ocv) + capab |= WPA_CAPABILITY_OCVC; +#endif /* CONFIG_OCV */ WPA_PUT_LE16(eid, capab); eid += 2; @@ -759,6 +767,18 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, } #endif /* CONFIG_SAE */ +#ifdef CONFIG_OCV + if ((data.capabilities & WPA_CAPABILITY_OCVC) && !(data.capabilities & WPA_CAPABILITY_MFPC)) { + wpa_printf(MSG_DEBUG, + "Management frame protection required with OCV, but client did not enable it"); + return WPA_MGMT_FRAME_PROTECTION_VIOLATION; + } + if (wpa_auth->conf.ocv && (data.capabilities & WPA_CAPABILITY_OCVC)) + wpa_auth_set_ocv(sm, 1); + else + wpa_auth_set_ocv(sm, 0); +#endif /* CONFIG_OCV */ + if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION || !(data.capabilities & WPA_CAPABILITY_MFPC)) sm->mgmt_frame_prot = 0; @@ -1060,6 +1080,18 @@ int wpa_auth_uses_mfp(struct wpa_state_machine *sm) return sm ? sm->mgmt_frame_prot : 0; } +void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv) +{ + if (sm == NULL) + return; + sm->ocv_enabled = ocv; +} + +int wpa_auth_uses_ocv(struct wpa_state_machine *sm) +{ + return sm ? sm->ocv_enabled : 0; +} + #ifdef CONFIG_OWE u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm, diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index 626174440..7d12b5e52 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -148,7 +148,8 @@ WPA_CIPHER_BIP_CMAC_256) #define WPA_CAPABILITY_SPP_A_MSDU_REQUIRED BIT(11) #define WPA_CAPABILITY_PBAC BIT(12) #define WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST BIT(13) -/* B14-B15: Reserved */ +#define WPA_CAPABILITY_OCVC BIT(14) +/* B15: Reserved */ /* IEEE 802.11r */ diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 56f3af799..774ddd9e4 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -2847,6 +2847,8 @@ int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, case WPA_PARAM_MFP: sm->mfp = value; break; + case WPA_PARAM_OCV: + sm->ocv = value; default: break; } @@ -3800,6 +3802,8 @@ static int fils_ft_build_assoc_req_rsne(struct wpa_sm *sm, struct wpabuf *buf) if (sm->mgmt_group_cipher == WPA_CIPHER_AES_128_CMAC) capab |= WPA_CAPABILITY_MFPC; #endif /* CONFIG_IEEE80211W */ + if (sm->ocv) + capab |= WPA_CAPABILITY_OCVC; wpabuf_put_le16(buf, capab); /* PMKID Count */ diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index d52b8e033..b832267a5 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -97,7 +97,8 @@ enum wpa_sm_conf_params { WPA_PARAM_KEY_MGMT, WPA_PARAM_MGMT_GROUP, WPA_PARAM_RSN_ENABLED, - WPA_PARAM_MFP + WPA_PARAM_MFP, + WPA_PARAM_OCV }; struct rsn_supp_config { diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index b8d60e320..9caff859d 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -242,6 +242,8 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, sm->mgmt_group_cipher == WPA_CIPHER_BIP_CMAC_256) capab |= WPA_CAPABILITY_MFPC; #endif /* CONFIG_IEEE80211W */ + if (sm->ocv) + capab |= WPA_CAPABILITY_OCVC; WPA_PUT_LE16(pos, capab); pos += 2; diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index d7ea29b81..8ef27bb31 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -86,6 +86,7 @@ struct wpa_sm { int rsn_enabled; /* Whether RSN is enabled in configuration */ int mfp; /* 0 = disabled, 1 = optional, 2 = mandatory */ + int ocv; /* Operating Channel Validation */ u8 *assoc_wpa_ie; /* Own WPA/RSN IE from (Re)AssocReq */ size_t assoc_wpa_ie_len; diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c index a3410d154..ea2e92672 100644 --- a/src/rsn_supp/wpa_ie.c +++ b/src/rsn_supp/wpa_ie.c @@ -223,6 +223,8 @@ static int wpa_gen_wpa_ie_rsn(u8 *rsn_ie, size_t rsn_ie_len, if (sm->mfp == 2) capab |= WPA_CAPABILITY_MFPR; #endif /* CONFIG_IEEE80211W */ + if (sm->ocv) + capab |= WPA_CAPABILITY_OCVC; WPA_PUT_LE16(pos, capab); pos += 2; diff --git a/tests/hwsim/example-hostapd.config b/tests/hwsim/example-hostapd.config index 71a207091..032465a9c 100644 --- a/tests/hwsim/example-hostapd.config +++ b/tests/hwsim/example-hostapd.config @@ -52,6 +52,8 @@ CONFIG_IEEE80211R=y CONFIG_IEEE80211N=y CONFIG_IEEE80211AC=y +CONFIG_OCV=y + CONFIG_WPS=y CONFIG_WPS_UPNP=y CONFIG_WPS_NFC=y diff --git a/tests/hwsim/example-wpa_supplicant.config b/tests/hwsim/example-wpa_supplicant.config index bc5dc2bbc..b681e9f55 100644 --- a/tests/hwsim/example-wpa_supplicant.config +++ b/tests/hwsim/example-wpa_supplicant.config @@ -63,6 +63,8 @@ CONFIG_IEEE80211R=y CONFIG_IEEE80211N=y CONFIG_IEEE80211AC=y +CONFIG_OCV=y + CONFIG_DEBUG_FILE=y CONFIG_WPS=y diff --git a/wlantest/Makefile b/wlantest/Makefile index 7104f4f58..e6c3123ac 100644 --- a/wlantest/Makefile +++ b/wlantest/Makefile @@ -47,6 +47,7 @@ OBJS_lib += ../src/crypto/libcrypto.a CFLAGS += -DCONFIG_PEERKEY CFLAGS += -DCONFIG_IEEE80211W +CFLAGS += -DCONFIG_OCV CFLAGS += -DCONFIG_IEEE80211R CFLAGS += -DCONFIG_HS20 CFLAGS += -DCONFIG_DEBUG_FILE diff --git a/wlantest/bss.c b/wlantest/bss.c index 04afe2b29..298a902c7 100644 --- a/wlantest/bss.c +++ b/wlantest/bss.c @@ -283,7 +283,7 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss, "group=%s%s%s%s%s%s%s%s%s" "mgmt_group_cipher=%s%s%s%s%s" "key_mgmt=%s%s%s%s%s%s%s%s%s" - "rsn_capab=%s%s%s%s%s", + "rsn_capab=%s%s%s%s%s%s", MAC2STR(bss->bssid), bss->proto == 0 ? "OPEN " : "", bss->proto & WPA_PROTO_WPA ? "WPA " : "", @@ -333,7 +333,8 @@ void bss_update(struct wlantest *wt, struct wlantest_bss *bss, bss->rsn_capab & WPA_CAPABILITY_MFPR ? "MFPR " : "", bss->rsn_capab & WPA_CAPABILITY_MFPC ? "MFPC " : "", bss->rsn_capab & WPA_CAPABILITY_PEERKEY_ENABLED ? - "PEERKEY " : ""); + "PEERKEY " : "", + bss->rsn_capab & WPA_CAPABILITY_OCVC ? "OCVC " : ""); } diff --git a/wlantest/ctrl.c b/wlantest/ctrl.c index 7de0a8aff..587a0d3e1 100644 --- a/wlantest/ctrl.c +++ b/wlantest/ctrl.c @@ -982,6 +982,9 @@ static void info_print_rsn_capab(char *buf, size_t len, int capab) if (capab & WPA_CAPABILITY_PEERKEY_ENABLED) pos += os_snprintf(pos, end - pos, "%sPEERKEY", pos == buf ? "" : " "); + if (capab & WPA_CAPABILITY_OCVC) + pos += os_snprintf(pos, end - pos, "%sOCVC", + pos == buf ? "" : " "); } diff --git a/wlantest/sta.c b/wlantest/sta.c index 1e53532a0..3e5ff51b6 100644 --- a/wlantest/sta.c +++ b/wlantest/sta.c @@ -168,13 +168,19 @@ void sta_update_assoc(struct wlantest_sta *sta, struct ieee802_11_elems *elems) "without MFP to BSS " MACSTR " that advertises " "MFPR", MAC2STR(sta->addr), MAC2STR(bss->bssid)); } + if ((sta->rsn_capab & WPA_CAPABILITY_OCVC) && + !(sta->rsn_capab & WPA_CAPABILITY_MFPC)) { + wpa_printf(MSG_INFO, "STA " MACSTR " tries to associate " + "without MFP to BSS " MACSTR " while supporting " + "OCV", MAC2STR(sta->addr), MAC2STR(bss->bssid)); + } skip_rsn_wpa: wpa_printf(MSG_INFO, "STA " MACSTR " proto=%s%s%s%s" "pairwise=%s%s%s%s%s%s%s" "key_mgmt=%s%s%s%s%s%s%s%s%s%s%s" - "rsn_capab=%s%s%s%s%s", + "rsn_capab=%s%s%s%s%s%s", MAC2STR(sta->addr), sta->proto == 0 ? "OPEN " : "", sta->proto & WPA_PROTO_WPA ? "WPA " : "", @@ -210,5 +216,6 @@ skip_rsn_wpa: sta->rsn_capab & WPA_CAPABILITY_MFPR ? "MFPR " : "", sta->rsn_capab & WPA_CAPABILITY_MFPC ? "MFPC " : "", sta->rsn_capab & WPA_CAPABILITY_PEERKEY_ENABLED ? - "PEERKEY " : ""); + "PEERKEY " : "", + sta->rsn_capab & WPA_CAPABILITY_OCVC ? "OCVC " : ""); } diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index a6809956d..f3b6d2cfa 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -207,6 +207,11 @@ L_CFLAGS += -DCONFIG_SUITEB192 NEED_SHA384=y endif +ifdef CONFIG_OCV +L_CFLAGS += -DCONFIG_OCV +CONFIG_IEEE80211W=y +endif + ifdef CONFIG_IEEE80211W L_CFLAGS += -DCONFIG_IEEE80211W NEED_SHA256=y diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index c2e93e20b..69132bb57 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -240,6 +240,11 @@ CFLAGS += -DCONFIG_SUITEB192 NEED_SHA384=y endif +ifdef CONFIG_OCV +CFLAGS += -DCONFIG_OCV +CONFIG_IEEE80211W=y +endif + ifdef CONFIG_IEEE80211W CFLAGS += -DCONFIG_IEEE80211W NEED_SHA256=y diff --git a/wpa_supplicant/android.config b/wpa_supplicant/android.config index c97f59131..59a02ea3f 100644 --- a/wpa_supplicant/android.config +++ b/wpa_supplicant/android.config @@ -280,6 +280,9 @@ CONFIG_L2_PACKET=linux # Driver support is also needed for IEEE 802.11w. CONFIG_IEEE80211W=y +# Support Operating Channel Validation +CONFIG_OCV=y + # Select TLS implementation # openssl = OpenSSL (default) # gnutls = GnuTLS diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index ea846a0fa..7a25b3f6a 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -494,6 +494,10 @@ static int wpa_supplicant_conf_ap(struct wpa_supplicant *wpa_s, bss->ieee80211w = ssid->ieee80211w; #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + bss->ocv = ssid->ocv; +#endif /* CONFIG_OCV */ + #ifdef CONFIG_WPS /* * Enable WPS by default for open and WPA/WPA2-Personal network, but diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c index dd7f6036c..655c0df0a 100644 --- a/wpa_supplicant/config.c +++ b/wpa_supplicant/config.c @@ -2035,6 +2035,42 @@ static char * wpa_config_write_mka_ckn(const struct parse_data *data, #endif /* CONFIG_MACSEC */ +#ifdef CONFIG_OCV + +static int wpa_config_parse_ocv(const struct parse_data *data, + struct wpa_ssid *ssid, int line, + const char *value) +{ + char *end; + + ssid->ocv = strtol(value, &end, 0); + if (*end || ssid->ocv < 0 || ssid->ocv > 1) { + wpa_printf(MSG_ERROR, "Line %d: Invalid ocv value '%s'.", + line, value); + return -1; + } + if (ssid->ocv && !ssid->ieee80211w) + ssid->ieee80211w = 1; + return 0; +} + + +#ifndef NO_CONFIG_WRITE +static char * wpa_config_write_ocv(const struct parse_data *data, + struct wpa_ssid *ssid) +{ + char *value = os_malloc(20); + if (value == NULL) + return NULL; + os_snprintf(value, 20, "%d", ssid->ocv); + value[20 - 1] = '\0'; + return value; +} +#endif /* NO_CONFIG_WRITE */ + +#endif /* CONFIG_OCV */ + + static int wpa_config_parse_peerkey(const struct parse_data *data, struct wpa_ssid *ssid, int line, const char *value) @@ -2238,6 +2274,9 @@ static const struct parse_data ssid_fields[] = { #ifdef CONFIG_IEEE80211W { INT_RANGE(ieee80211w, 0, 2) }, #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + { FUNC(ocv) }, +#endif /* CONFIG_OCV */ { FUNC(peerkey) /* obsolete - removed */ }, { INT_RANGE(mixed_cell, 0, 1) }, { INT_RANGE(frequency, 0, 65000) }, diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c index aa73f9df6..cedec695e 100644 --- a/wpa_supplicant/config_file.c +++ b/wpa_supplicant/config_file.c @@ -160,6 +160,15 @@ static int wpa_config_validate_network(struct wpa_ssid *ssid, int line) errors++; } +#ifdef CONFIG_OCV + if (ssid->ocv && ssid->ieee80211w == NO_MGMT_FRAME_PROTECTION) { + wpa_printf(MSG_ERROR, + "Line %d: PMF needs to be enabled whenever using OCV", + line); + errors++; + } +#endif /* CONFIG_OCV */ + return errors; } diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index 3000c43b4..e071820e4 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -457,6 +457,17 @@ struct wpa_ssid { enum mfp_options ieee80211w; #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + /** + * ocv - Enable/disable operating channel validation + * + * If this parameter is set to 1, stations will exchange OCI element + * to cryptographically verify the operating channel. Setting this + * parameter to 0 disables this option. Default value: 0. + */ + int ocv; +#endif /* CONFIG_OCV */ + /** * frequency - Channel frequency in megahertz (MHz) for IBSS * diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig index 08f585779..951e8b86c 100644 --- a/wpa_supplicant/defconfig +++ b/wpa_supplicant/defconfig @@ -299,7 +299,10 @@ CONFIG_BACKEND=file # IEEE 802.11w (management frame protection), also known as PMF # Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y +CONFIG_IEEE80211W=y + +# Support Operating Channel Validation +CONFIG_OCV=y # Select TLS implementation # openssl = OpenSSL (default) diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c index 38b9fb320..3da8b1b24 100644 --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c @@ -93,6 +93,9 @@ static struct mesh_conf * mesh_config_create(struct wpa_supplicant *wpa_s, conf->ieee80211w = NO_MGMT_FRAME_PROTECTION; } #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + conf->ocv = ssid->ocv; +#endif /* CONFIG_OCV */ cipher = wpa_pick_pairwise_cipher(ssid->pairwise_cipher, 0); if (cipher < 0 || cipher == WPA_CIPHER_TKIP) { diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c index e74cb16b0..435c90b38 100644 --- a/wpa_supplicant/mesh_rsn.c +++ b/wpa_supplicant/mesh_rsn.c @@ -140,7 +140,7 @@ static int auth_start_ampe(void *ctx, const u8 *addr) static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr, - enum mfp_options ieee80211w) + enum mfp_options ieee80211w, int ocv) { struct wpa_auth_config conf; static const struct wpa_auth_callbacks cb = { @@ -168,6 +168,9 @@ static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr, if (ieee80211w != NO_MGMT_FRAME_PROTECTION) conf.group_mgmt_cipher = rsn->mgmt_group_cipher; #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + conf.ocv = ocv; +#endif /* CONFIG_OCV */ rsn->auth = wpa_init(addr, &conf, &cb, rsn); if (rsn->auth == NULL) { @@ -219,7 +222,6 @@ static void mesh_rsn_deinit(struct mesh_rsn *rsn) wpa_deinit(rsn->auth); } - struct mesh_rsn *mesh_rsn_auth_init(struct wpa_supplicant *wpa_s, struct mesh_conf *conf) { @@ -240,7 +242,7 @@ struct mesh_rsn *mesh_rsn_auth_init(struct wpa_supplicant *wpa_s, mesh_rsn->mgmt_group_cipher = conf->mgmt_group_cipher; if (__mesh_rsn_auth_init(mesh_rsn, wpa_s->own_addr, - conf->ieee80211w) < 0) { + conf->ieee80211w, conf->ocv) < 0) { mesh_rsn_deinit(mesh_rsn); os_free(mesh_rsn); return NULL; diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index 185a8d50f..d761eadde 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1505,6 +1505,9 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, wpas_get_ssid_pmf(wpa_s, ssid)); #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv); +#endif /* CONFIG_OCV */ if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) { wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE"); diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index 4f5916025..b93990004 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -907,6 +907,13 @@ fast_reauth=1 # PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256 # (and similarly for WPA-PSK and WPA-WPSK-SHA256 if WPA2-Personal is used) # +# ocv: whether operating channel validation is enabled +# This is a countermeasure against multi-channel man-in-the-middle attacks. +# Enabling this automatically also enables ieee80211w, if not yet enabled. +# 0 = disabled (default) +# 1 = enabled +#ocv=1 +# # auth_alg: list of allowed IEEE 802.11 authentication algorithms # OPEN = Open System authentication (required for WPA/WPA2) # SHARED = Shared Key authentication (requires static WEP keys) From patchwork Mon Aug 6 19:46:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954199 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="r/VZzQfR"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpDk22wYz9ryt for ; Tue, 7 Aug 2018 05:51:17 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=xrIDZi4Wp3utvbJUKQhctuYNcZX+vc3VKYymho5q1vw=; b=r/VZzQfRyknFeRnseNS+RKzwfd ikmd+W0bqsRGxx5Fb7F3irC40v1AD7GieIwgavx2VS2vxc0lMP2Zb/7Pd5thgDLbY1A9l3xKKyMs1 s3Vc4f8l+hAFHAG8hy4+oDFVznlm5auHO83XFXHk+EULYkgqMdSWMd3yGVuTpDRcOwJO3icIXnjzL 568U7aweEiYz6CxxaRa0ntOfA3xvgKJ7LGJNzk0Wk8l9U8TfXhCnuRIhoyUCWNZ7yB1jYmPpqGnN4 UtBv/F76odHeJPI8S0jgmjzKBbF7zuJyVTZSO66lMXjj7CStry5f4XO2jkEpaZDnqujH+wLRQbcfW VFBT6C+g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlX6-0001Xq-74; Mon, 06 Aug 2018 19:51:12 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlW5-0007Bx-Fd for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:50:17 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JibC3018453 for ; Mon, 6 Aug 2018 21:44:37 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiZqh020773 for ; Mon, 6 Aug 2018 21:44:35 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id VoVTAefmi-4S for ; Mon, 6 Aug 2018 21:44:27 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiJDA020748 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:19 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8p019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:19 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 08/25] OCV: Add utility functions to insert OCI elements Date: Mon, 6 Aug 2018 15:46:26 -0400 Message-Id: <20180806194643.1328-9-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_125010_390849_14E0FE4C X-CRM114-Status: GOOD ( 18.53 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org This commit adds utility functions to insert various encoding of the OCI element. Signed-off-by: Mathy Vanhoef --- hostapd/Android.mk | 1 + hostapd/Makefile | 1 + src/common/ieee802_11_defs.h | 1 + src/common/ocv.c | 94 ++++++++++++++++++++++++++++++++++++ src/common/ocv.h | 37 ++++++++++++++ src/common/wpa_common.h | 2 + wpa_supplicant/Android.mk | 1 + wpa_supplicant/Makefile | 1 + 8 files changed, 138 insertions(+) create mode 100644 src/common/ocv.c create mode 100644 src/common/ocv.h diff --git a/hostapd/Android.mk b/hostapd/Android.mk index 82d43c754..bdc87067c 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -237,6 +237,7 @@ endif ifdef CONFIG_OCV L_CFLAGS += -DCONFIG_OCV +OBJS += src/common/ocv.c CONFIG_IEEE80211W=y endif diff --git a/hostapd/Makefile b/hostapd/Makefile index d88964c32..5fa174b96 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -280,6 +280,7 @@ endif ifdef CONFIG_OCV CFLAGS += -DCONFIG_OCV +OBJS += ../src/common/ocv.o CONFIG_IEEE80211W=y endif diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h index e03a09530..db4d42f29 100644 --- a/src/common/ieee802_11_defs.h +++ b/src/common/ieee802_11_defs.h @@ -467,6 +467,7 @@ #define WLAN_EID_EXT_PASSWORD_IDENTIFIER 33 #define WLAN_EID_EXT_HE_CAPABILITIES 35 #define WLAN_EID_EXT_HE_OPERATION 36 +#define WLAN_EID_EXT_OCV_OCI 45 /* Action frame categories (IEEE Std 802.11-2016, 9.4.1.11, Table 9-76) */ diff --git a/src/common/ocv.c b/src/common/ocv.c new file mode 100644 index 000000000..be8ef68ac --- /dev/null +++ b/src/common/ocv.c @@ -0,0 +1,94 @@ +/* + * Operating Channel Validation (OCV) + * Copyright (c) 2018, Mathy Vanhoef + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include + +#include "utils/includes.h" +#include "utils/common.h" +#include "drivers/driver.h" +#include "common/ieee802_11_common.h" +#include "ocv.h" + +/** + * Caller of OCV functionality may use various debug output functions, so store + * the error here and let the caller use an appropriate debug output function. + */ +char ocv_errorstr[256]; + + +int ocv_derive_all_parameters(struct oci_info *oci) +{ + const struct oper_class_map *op_class_map; + + oci->freq = ieee80211_chan_to_freq(NULL, oci->op_class, oci->channel); + if (oci->freq < 0) { + wpa_printf(MSG_INFO, "Error interpreting OCI: unrecognized " + "opclass/channel pair (%d/%d)", oci->op_class, oci->channel); + return -1; + } + + op_class_map = get_oper_class(NULL, oci->op_class); + if (op_class_map == NULL) { + wpa_printf(MSG_INFO, "Error interpreting OCI: Unrecognized " + "opclass (%d)", oci->op_class); + return -1; + } + + oci->chanwidth = oper_class_bw_to_int(op_class_map); + oci->sec_channel = 0; + if (op_class_map->bw == BW40PLUS) + oci->sec_channel = 1; + else if (op_class_map->bw == BW40MINUS) + oci->sec_channel = -1; + + return 0; +} + + +int ocv_insert_oci(struct wpa_channel_info *ci, u8 **argpos) +{ + u8 op_class, channel; + u8 *pos = *argpos; + + if (ieee80211_chaninfo_to_channel(ci->frequency, ci->chanwidth, + ci->sec_channel, &op_class, &channel) < 0) { + wpa_printf(MSG_WARNING, "Cannot determine operating class " + "and channel for OCI element"); + return -1; + } + + *pos++ = op_class; + *pos++ = channel; + *pos++ = ci->seg1_idx; + + *argpos = pos; + return 0; +} + + +int ocv_insert_oci_kde(struct wpa_channel_info *ci, u8 **argpos) +{ + u8 *pos = *argpos; + + *pos++ = WLAN_EID_VENDOR_SPECIFIC; + *pos++ = RSN_SELECTOR_LEN + 3; + RSN_SELECTOR_PUT(pos, RSN_KEY_DATA_OCI); + pos += RSN_SELECTOR_LEN; + + *argpos = pos; + return ocv_insert_oci(ci, argpos); +} + + +int ocv_insert_extended_oci(struct wpa_channel_info *ci, u8 *pos) +{ + *pos++ = WLAN_EID_EXTENSION; + *pos++ = 1 + OCV_OCI_LEN; + *pos++ = WLAN_EID_EXT_OCV_OCI; + return ocv_insert_oci(ci, &pos); +} diff --git a/src/common/ocv.h b/src/common/ocv.h new file mode 100644 index 000000000..b88835345 --- /dev/null +++ b/src/common/ocv.h @@ -0,0 +1,37 @@ +/* + * Operating Channel Validation (OCV) + * Copyright (c) 2018, Mathy Vanhoef + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#ifndef OCV_H +#define OCV_H + +struct wpa_channel_info; + +struct oci_info { + /** Values in the OCI element */ + u8 op_class; + u8 channel; + u8 seg1_idx; + + /** Derived values for easier verification */ + int freq; + int sec_channel; + int chanwidth; +}; + +#define OCV_OCI_LEN 3 +#define OCV_OCI_EXTENDED_LEN (3 + OCV_OCI_LEN) +#define OCV_OCI_KDE_LEN (2 + RSN_SELECTOR_LEN + OCV_OCI_LEN) + +extern char ocv_errorstr[256]; + +int ocv_derive_all_parameters(struct oci_info *oci); +int ocv_insert_oci(struct wpa_channel_info *ci, u8 **argpos); +int ocv_insert_oci_kde(struct wpa_channel_info *ci, u8 **argpos); +int ocv_insert_extended_oci(struct wpa_channel_info *ci, u8 *pos); + +#endif /* OCV_H */ diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index 7d12b5e52..b21b1385e 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -110,6 +110,7 @@ WPA_CIPHER_BIP_CMAC_256) #define RSN_KEY_DATA_KEYID RSN_SELECTOR(0x00, 0x0f, 0xac, 10) #define RSN_KEY_DATA_MULTIBAND_GTK RSN_SELECTOR(0x00, 0x0f, 0xac, 11) #define RSN_KEY_DATA_MULTIBAND_KEYID RSN_SELECTOR(0x00, 0x0f, 0xac, 12) +#define RSN_KEY_DATA_OCI RSN_SELECTOR(0x00, 0x0f, 0xac, 13) #define WFA_KEY_DATA_IP_ADDR_REQ RSN_SELECTOR(0x50, 0x6f, 0x9a, 4) #define WFA_KEY_DATA_IP_ADDR_ALLOC RSN_SELECTOR(0x50, 0x6f, 0x9a, 5) @@ -327,6 +328,7 @@ struct rsn_ftie_sha384 { #define FTIE_SUBELEM_GTK 2 #define FTIE_SUBELEM_R0KH_ID 3 #define FTIE_SUBELEM_IGTK 4 +#define FTIE_SUBELEM_OCI 5 struct rsn_rdie { u8 id; diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index f3b6d2cfa..d63e4c41c 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -209,6 +209,7 @@ endif ifdef CONFIG_OCV L_CFLAGS += -DCONFIG_OCV +OBJS += src/common/ocv.c CONFIG_IEEE80211W=y endif diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 69132bb57..958ea97c2 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -242,6 +242,7 @@ endif ifdef CONFIG_OCV CFLAGS += -DCONFIG_OCV +OBJS += ../src/common/ocv.o CONFIG_IEEE80211W=y endif From patchwork Mon Aug 6 19:46:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954202 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="UK5orClH"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpFf3qbQz9ryt for ; Tue, 7 Aug 2018 05:52:06 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=DD8oS0zfGI7JwFdzcZk9v0grsAXQXU1ulpG6VGb0EaE=; b=UK5orClHH7D3kO6Ngk4MAwXwz1 TqKO229nx0R4AWkA2Up4mBc70vILtdcM4xUOXImW2raA5Q+xbtHX6JkGK3X+Ni31aWyu8z1KyAGYJ JaFhQgKC8pkkpGfZtGp0/C1iwehT10ppqbZUJDXMOzzs/e+Rqvi61PRFwNT8D7JLsQJu4MwOnSFk2 Mv2VghOyB9HOmN//EhHE3rk5SIEFbsAez+9y3i8n3DTFe2agypw4y7fgZt7uJfr4UFLp/Y8FGjtza A0uNNWFGpJwOcc/BN00zidTkTk/FlclutFoUEKXcAkLZpQ5DDWoVnoIBirJTebPgV4fukNSVTPKul qS5sKWgw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXu-0002wI-5M; Mon, 06 Aug 2018 19:52:02 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWw-0007Bx-JF for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:51:28 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiZ5Z018448 for ; Mon, 6 Aug 2018 21:44:35 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiZHA020772 for ; Mon, 6 Aug 2018 21:44:35 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id yaaBfEZzv7Bi for ; Mon, 6 Aug 2018 21:44:27 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiMZn020749 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:23 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8q019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:22 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 09/25] OCV: insert OCI in 4-way and group key handshake Date: Mon, 6 Aug 2018 15:46:27 -0400 Message-Id: <20180806194643.1328-10-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_125103_775645_2CE221ED X-CRM114-Status: GOOD ( 18.14 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org If Operating Channel Verification is negotiated, include the OCI KDE element in all messages of the 4-way handshake and group key handshake. Signed-off-by: Mathy Vanhoef --- src/ap/wpa_auth.c | 64 ++++++++++++++++++++++++++++++++++++--- src/rsn_supp/wpa.c | 75 ++++++++++++++++++++++++++++++++++++++++++++-- src/rsn_supp/wpa.h | 6 ++++ 3 files changed, 138 insertions(+), 7 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index f20dd806a..ea966474f 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -13,6 +13,7 @@ #include "utils/state_machine.h" #include "utils/bitfield.h" #include "common/ieee802_11_defs.h" +#include "common/ocv.h" #include "crypto/aes.h" #include "crypto/aes_wrap.h" #include "crypto/aes_siv.h" @@ -2891,6 +2892,45 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + +static int ocv_oci_len(struct wpa_state_machine *sm) +{ + if (wpa_auth_uses_ocv(sm)) + return OCV_OCI_KDE_LEN; + return 0; +} + +static int ocv_oci_add(struct wpa_state_machine *sm, u8 **argpos) +{ + struct wpa_channel_info ci; + + if (!wpa_auth_uses_ocv(sm)) + return 0; + + if (wpa_channel_info(sm->wpa_auth, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element"); + return -1; + } + + return ocv_insert_oci_kde(&ci, argpos); +} + +#else /* CONFIG_OCV */ + +static int ocv_oci_len(struct wpa_state_machine *sm) +{ + return 0; +} + +static int ocv_oci_add(struct wpa_state_machine *sm, u8 **pos) +{ + return 0; +} + +#endif /* CONFIG_OCV */ + SM_STATE(WPA_PTK, PTKINITNEGOTIATING) { @@ -2975,7 +3015,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) } } - kde_len = wpa_ie_len + ieee80211w_kde_len(sm); + kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm); if (gtk) kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; #ifdef CONFIG_IEEE80211R_AP @@ -3020,6 +3060,10 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING) gtk, gtk_len); } pos = ieee80211w_kde_add(sm, pos); + if (ocv_oci_add(sm, &pos) < 0) { + os_free(kde); + return; + } #ifdef CONFIG_IEEE80211R_AP if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { @@ -3331,7 +3375,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) } if (sm->wpa == WPA_VERSION_WPA2) { kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len + - ieee80211w_kde_len(sm); + ieee80211w_kde_len(sm) + ocv_oci_len(sm); kde_buf = os_malloc(kde_len); if (kde_buf == NULL) return; @@ -3342,6 +3386,10 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, gtk, gsm->GTK_len); pos = ieee80211w_kde_add(sm, pos); + if (ocv_oci_add(sm, &pos) < 0) { + os_free(kde_buf); + return; + } kde_len = pos - kde; } else { kde = gtk; @@ -4675,7 +4723,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm, } } - kde_len = wpa_ie_len + ieee80211w_kde_len(sm); + kde_len = wpa_ie_len + ieee80211w_kde_len(sm) + ocv_oci_len(sm); if (gtk) kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; #ifdef CONFIG_IEEE80211R_AP @@ -4724,6 +4772,10 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm, os_memset(opos, 0, 6); /* clear PN */ } #endif /* CONFIG_IEEE80211W */ + if (ocv_oci_add(sm, &pos) < 0) { + os_free(kde); + return -1; + } #ifdef CONFIG_IEEE80211R_AP if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) { @@ -4805,7 +4857,7 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, gtk = gsm->GTK[gsm->GN - 1]; if (sm->wpa == WPA_VERSION_WPA2) { kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len + - ieee80211w_kde_len(sm); + ieee80211w_kde_len(sm) + ocv_oci_len(sm); kde_buf = os_malloc(kde_len); if (kde_buf == NULL) return -1; @@ -4825,6 +4877,10 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, os_memset(opos, 0, 6); /* clear PN */ } #endif /* CONFIG_IEEE80211W */ + if (ocv_oci_add(sm, &pos) < 0) { + os_free(kde_buf); + return -1; + } kde_len = pos - kde; } else { kde = gtk; diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 774ddd9e4..88437291b 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -20,8 +20,10 @@ #include "crypto/sha512.h" #include "common/ieee802_11_defs.h" #include "common/ieee802_11_common.h" +#include "common/ocv.h" #include "eap_common/eap_defs.h" #include "eapol_supp/eapol_supp_sm.h" +#include "drivers/driver.h" #include "wpa.h" #include "eloop.h" #include "preauth.h" @@ -543,7 +545,6 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, sm->pairwise_cipher); } - static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, const unsigned char *src_addr, const struct wpa_eapol_key *key, @@ -618,6 +619,33 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, kde = sm->assoc_wpa_ie; kde_len = sm->assoc_wpa_ie_len; +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + u8 *pos; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element in EAPOL-Key 2/4"); + goto failed; + } + + kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 3); + if (!kde_buf) { + wpa_printf(MSG_WARNING, "Failed to allocate memory for " + "KDE with OCI in EAPOL-Key 2/4"); + goto failed; + } + + os_memcpy(kde_buf, kde, kde_len); + kde = kde_buf; + pos = kde + kde_len; + if (ocv_insert_oci_kde(&ci, &pos) < 0) + goto failed; + kde_len = pos - kde; + } +#endif /* CONFIG_OCV */ + #ifdef CONFIG_P2P if (sm->p2p) { kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 1); @@ -1625,11 +1653,17 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, size_t mic_len, hdrlen, rlen; struct wpa_eapol_key *reply; u8 *rbuf, *key_mic; + size_t kde_len = 0; + +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) + kde_len = OCV_OCI_KDE_LEN; +#endif /* CONFIG_OCV */ mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); hdrlen = sizeof(*reply) + mic_len + 2; rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, - hdrlen, &rlen, (void *) &reply); + hdrlen + kde_len, &rlen, (void *) &reply); if (rbuf == NULL) return -1; @@ -1651,7 +1685,27 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm, WPA_REPLAY_COUNTER_LEN); key_mic = (u8 *) (reply + 1); - WPA_PUT_BE16(key_mic + mic_len, 0); + WPA_PUT_BE16(key_mic + mic_len, kde_len); /* Key Data Length */ + +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + u8 *pos; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element in EAPOL-Key 2/2"); + os_free(rbuf); + return -1; + } + + pos = key_mic + mic_len + 2; /* Key Data */ + if (ocv_insert_oci_kde(&ci, &pos) < 0) { + os_free(rbuf); + return -1; + } + } +#endif /* CONFIG_OCV */ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2"); return wpa_eapol_key_send(sm, &sm->ptk, ver, sm->bssid, ETH_P_EAPOL, @@ -2923,6 +2977,21 @@ int wpa_sm_pmf_enabled(struct wpa_sm *sm) } +int wpa_sm_ocv_enabled(struct wpa_sm *sm) +{ + struct wpa_ie_data rsn; + + if (!sm->ocv || !sm->ap_rsn_ie) + return 0; + + if (wpa_parse_wpa_ie_rsn(sm->ap_rsn_ie, sm->ap_rsn_ie_len, &rsn) >= 0 && + rsn.capabilities & WPA_CAPABILITY_OCVC) + return 1; + + return 0; +} + + /** * wpa_sm_set_assoc_wpa_ie_default - Generate own WPA/RSN IE from configuration * @sm: Pointer to WPA state machine data from wpa_sm_init() diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index b832267a5..9eee383de 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -144,6 +144,7 @@ int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, int wpa_sm_get_status(struct wpa_sm *sm, char *buf, size_t buflen, int verbose); int wpa_sm_pmf_enabled(struct wpa_sm *sm); +int wpa_sm_ocv_enabled(struct wpa_sm *sm); void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise); @@ -282,6 +283,11 @@ static inline int wpa_sm_pmf_enabled(struct wpa_sm *sm) return 0; } +static inline int wpa_sm_ocv_enabled(struct wpa_sm *sm) +{ + return 0; +} + static inline void wpa_sm_key_request(struct wpa_sm *sm, int error, int pairwise) { From patchwork Mon Aug 6 19:46:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954194 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ovF8iGdG"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpCv5jz1z9ryt for ; Tue, 7 Aug 2018 05:50:35 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=X0cFMyNbTtGM4sek4xMg2VLKCaFgZdCHnwH44RYdL4w=; b=ovF8iGdGC+Cwr9vkCXk5Rmlp8j wvB42vIg5j0qBvkwBPliLEQrfTpPdMUds1qbu8U0Dv9Xrz0YNqUEcv0u77rLCU/96/1sQ1N8kALMX Omhn2P+Cuynm455/Y3bth9uvl6QTq1ucYOTDzWUhcyLiyvgaPh1aDDiEGZagahpS0PLKVCvhET7s8 LPWp+QSJAcYiLBF1Cl7aOvaftH6Lg81xuU7bcePbhwlGdTnz9ck72LjjIyS9ZaAAu5pD7tYxauPTD sr/93LfWO6BnuBXUqQqeywo3jVa+LMzwJzdHnTgGSTxLyhCVRtWdR6Al2jXTYAz2UPUNfGH3KgKIZ qIiOaBHQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWR-0000Mv-1c; Mon, 06 Aug 2018 19:50:31 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVZ-0007Bx-9n for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:43 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JiZ0d018445 for ; Mon, 6 Aug 2018 21:44:35 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiGlG020726 for ; Mon, 6 Aug 2018 21:44:35 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id JT3e7i7c7IWQ for ; Mon, 6 Aug 2018 21:44:27 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiP2L020750 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:25 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8r019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:25 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 10/25] OCV: Parse all types of OCI information elements Date: Mon, 6 Aug 2018 15:46:28 -0400 Message-Id: <20180806194643.1328-11-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124938_413034_8DA962BB X-CRM114-Status: GOOD ( 13.48 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add functionality to parse all variations of the OCI element. Signed-off-by: Mathy Vanhoef --- src/ap/wpa_auth_ie.c | 9 +++++++++ src/ap/wpa_auth_ie.h | 4 ++++ src/common/ieee802_11_common.c | 4 ++++ src/common/ieee802_11_common.h | 2 ++ src/common/wpa_common.c | 6 ++++++ src/common/wpa_common.h | 4 ++++ src/rsn_supp/wpa_ie.c | 11 +++++++++++ src/rsn_supp/wpa_ie.h | 4 ++++ 8 files changed, 44 insertions(+) diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 371be7bab..3eaf28e29 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -1014,6 +1014,15 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end, } #endif /* CONFIG_P2P */ +#ifdef CONFIG_OCV + if (pos[1] > RSN_SELECTOR_LEN + 2 && + RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_OCI) { + ie->oci = pos + 2 + RSN_SELECTOR_LEN; + ie->oci_len = pos[1] - RSN_SELECTOR_LEN; + return 0; + } +#endif /* CONFIG_OCV */ + return 0; } diff --git a/src/ap/wpa_auth_ie.h b/src/ap/wpa_auth_ie.h index 73e433349..a38b206fd 100644 --- a/src/ap/wpa_auth_ie.h +++ b/src/ap/wpa_auth_ie.h @@ -33,6 +33,10 @@ struct wpa_eapol_ie_parse { const u8 *ip_addr_req; const u8 *ip_addr_alloc; #endif /* CONFIG_P2P */ +#ifdef CONFIG_OCV + const u8 *oci; + size_t oci_len; +#endif /* CONFIG_OCV */ const u8 *osen; size_t osen_len; diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c index c730ebce0..f1a3b1b61 100644 --- a/src/common/ieee802_11_common.c +++ b/src/common/ieee802_11_common.c @@ -266,6 +266,10 @@ static int ieee802_11_parse_extension(const u8 *pos, size_t elen, elems->password_id = pos; elems->password_id_len = elen; break; + case WLAN_EID_EXT_OCV_OCI: + elems->oci = pos; + elems->oci_len = elen; + break; default: if (show_errors) { wpa_printf(MSG_MSGDUMP, diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h index 26ed66ee3..3787043e3 100644 --- a/src/common/ieee802_11_common.h +++ b/src/common/ieee802_11_common.h @@ -85,6 +85,7 @@ struct ieee802_11_elems { const u8 *power_capab; const u8 *roaming_cons_sel; const u8 *password_id; + const u8 *oci; u8 ssid_len; u8 supp_rates_len; @@ -131,6 +132,7 @@ struct ieee802_11_elems { u8 power_capab_len; u8 roaming_cons_sel_len; u8 password_id_len; + u8 oci_len; struct mb_ies_info mb_ies; }; diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 14c5769b0..edab55953 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -880,6 +880,12 @@ static int wpa_ft_parse_ftie(const u8 *ie, size_t ie_len, parse->igtk_len = len; break; #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + case FTIE_SUBELEM_OCI: + parse->oci = pos; + parse->oci_len = len; + break; +#endif /* CONFIG_OCV */ default: wpa_printf(MSG_DEBUG, "FT: Unknown subelem id %u", id); break; diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index b21b1385e..37b58341a 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -454,6 +454,10 @@ struct wpa_ft_ies { size_t tie_len; const u8 *igtk; size_t igtk_len; +#ifdef CONFIG_OCV + const u8 *oci; + size_t oci_len; +#endif /* CONFIG_OCV */ const u8 *ric; size_t ric_len; int key_mgmt; diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c index ea2e92672..0ea81c750 100644 --- a/src/rsn_supp/wpa_ie.c +++ b/src/rsn_supp/wpa_ie.c @@ -465,6 +465,17 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end, } #endif /* CONFIG_P2P */ +#ifdef CONFIG_OCV + if (pos[1] >= RSN_SELECTOR_LEN + 1 && + RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_OCI) { + ie->oci = pos + 2 + RSN_SELECTOR_LEN; + ie->oci_len = pos[1] - RSN_SELECTOR_LEN; + wpa_hexdump(MSG_DEBUG, "WPA: OCI KDE in EAPOL-Key", + pos, pos[1] + 2); + return 0; + } +#endif /* CONFIG_OCV */ + return 0; } diff --git a/src/rsn_supp/wpa_ie.h b/src/rsn_supp/wpa_ie.h index 0e72af560..9d53973a9 100644 --- a/src/rsn_supp/wpa_ie.h +++ b/src/rsn_supp/wpa_ie.h @@ -53,6 +53,10 @@ struct wpa_eapol_ie_parse { const u8 *ip_addr_req; const u8 *ip_addr_alloc; #endif /* CONFIG_P2P */ +#ifdef CONFIG_OCV + const u8 *oci; + size_t oci_len; +#endif /* CONFIG_OCV */ }; int wpa_supplicant_parse_ies(const u8 *buf, size_t len, From patchwork Mon Aug 6 19:46:29 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954185 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Qh8dsDU2"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpBw569Jz9ryt for ; Tue, 7 Aug 2018 05:49:44 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=oSf9LHq8VRaVDiPZb1yPf95Jhh+mFjbLJ5BpIlbQ86M=; b=Qh8dsDU2Cq/3sOxli5uEo0frs0 y04CjXIAvpzNBtxLlK3FXFpiCccjKoEVXLqIMYAc4rXIpZh1GzGhycgksIBzjDcy/mOgTI5hQaixP lsjSAQUWGOnzjFrMLf3zpH1LI4ZhdYX3uahKXgukkp620+uQOZy6Z4Ndnc5K7DKRPXEvzfkUemCIe EqSB+dAM7pOnp1ovomBCvzDux14PMxFXV4XeGgsjODO0q5NQNaSEd1fhPRspqMPacP6dtVOfeNn6V fZtgiuSKspvaMKKj/D0/NU8o7UJ0Hlg0kj8SKsnC7BgpLXnX3eKDvS9cArRqXxZ1qOYR7B23qgCfD VbJOdBUg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVb-0007RN-1G; Mon, 06 Aug 2018 19:49:39 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVG-0007Bx-Ua for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:20 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JijOM018481 for ; Mon, 6 Aug 2018 21:44:45 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jijxv020797 for ; Mon, 6 Aug 2018 21:44:45 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id m_uXN4tuAt7V for ; Mon, 6 Aug 2018 21:44:38 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiS4k020769 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:28 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8s019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:28 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 11/25] OCV: Add function to verify a received OCI element Date: Mon, 6 Aug 2018 15:46:29 -0400 Message-Id: <20180806194643.1328-12-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124919_276519_8ACD624D X-CRM114-Status: GOOD ( 13.71 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add a function that will verify a received OCI element. Signed-off-by: Mathy Vanhoef --- src/common/ocv.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ src/common/ocv.h | 3 ++ 2 files changed, 77 insertions(+) diff --git a/src/common/ocv.c b/src/common/ocv.c index be8ef68ac..9dac121e4 100644 --- a/src/common/ocv.c +++ b/src/common/ocv.c @@ -92,3 +92,77 @@ int ocv_insert_extended_oci(struct wpa_channel_info *ci, u8 *pos) *pos++ = WLAN_EID_EXT_OCV_OCI; return ocv_insert_oci(ci, &pos); } + + +int ocv_verify_tx_params(const uint8_t *oci_ie, size_t oci_ie_len, + struct wpa_channel_info *ci, int tx_chanwidth, int tx_seg1_idx) +{ + struct oci_info oci; + + if (!oci_ie) { + snprintf(ocv_errorstr, sizeof(ocv_errorstr), + "OCV failed: did not recieve mandatory OCI"); + return -1; + } else if (oci_ie_len != 3) { + snprintf(ocv_errorstr, sizeof(ocv_errorstr), + "OCV failed: received OCI of unexpected length (%d)", + (int)oci_ie_len); + return -1; + } + + memset(&oci, 0, sizeof(oci)); + oci.op_class = oci_ie[0]; + oci.channel = oci_ie[1]; + oci.seg1_idx = oci_ie[2]; + if (ocv_derive_all_parameters(&oci) != 0) { + snprintf(ocv_errorstr, sizeof(ocv_errorstr), + "OCV failed: unable to interpret received OCI"); + return -1; + } + + /** Primary frequency used to send frames to STA must match the STA's */ + if (ci->frequency != oci.freq) { + snprintf(ocv_errorstr, sizeof(ocv_errorstr), + "OCV failed: primary channel mismatch in received OCI " + "(we use %d but receiver is using %d)", ci->frequency, oci.freq); + return -1; + } + + /** Whe shouldn't transmit with a higher bandwidth than the STA supports */ + if (tx_chanwidth > oci.chanwidth) { + snprintf(ocv_errorstr, sizeof(ocv_errorstr), + "OCV failed: channel bandwidth mismatch in received OCI " + "(we use %d but receiver only supports %d)", + tx_chanwidth, oci.chanwidth); + return -1; + } + + /** + * Secondary channel only needs be checked for 40 MHz the 2.4 GHz band. + * In the 5 GHz band it's verified through the primary frequency. Note + * that the field ci->sec_channel is only filled in when we use 40 MHz. + */ + if (tx_chanwidth == 40 && ci->frequency < 2500 + && ci->sec_channel != oci.sec_channel) { + snprintf(ocv_errorstr, sizeof(ocv_errorstr), + "OCV failed: secondary channel mismatch in received OCI " + "(we use %d but receiver is using %d)", + ci->sec_channel, oci.sec_channel); + return -1; + } + + /** + * When using a 160 or 80+80 MHz channel to transmit, verify that we use + * the same segments as the receiver by comparing frequency segment 1. + */ + if ((ci->chanwidth == CHAN_WIDTH_160 || ci->chanwidth == CHAN_WIDTH_80P80) + && tx_seg1_idx != oci.seg1_idx) { + snprintf(ocv_errorstr, sizeof(ocv_errorstr), + "OCV failed: frequency segment 1 mismatch in received OCI " + "(we use %d but receiver is using %d)", + tx_seg1_idx, oci.seg1_idx); + return -1; + } + + return 0; +} diff --git a/src/common/ocv.h b/src/common/ocv.h index b88835345..56c1898db 100644 --- a/src/common/ocv.h +++ b/src/common/ocv.h @@ -33,5 +33,8 @@ int ocv_derive_all_parameters(struct oci_info *oci); int ocv_insert_oci(struct wpa_channel_info *ci, u8 **argpos); int ocv_insert_oci_kde(struct wpa_channel_info *ci, u8 **argpos); int ocv_insert_extended_oci(struct wpa_channel_info *ci, u8 *pos); +int ocv_verify_tx_params(const uint8_t *oci_ie, size_t oci_ie_len, + struct wpa_channel_info *ci, int tx_chanwidth, + int tx_seg1_idx); #endif /* OCV_H */ From patchwork Mon Aug 6 19:46:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954188 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="qbyI9twO"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpCM5fNbz9s5K for ; Tue, 7 Aug 2018 05:50:07 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=rHox4YCPSyv/t7tgSBAUtnT/Xr0/1BYvbGIFXcbix8w=; b=qbyI9twOywpyZ/vDY6ZlsLW1nY 52EfA+qJt7+LVAoW2lzKFF0D0vTBdqAEWZrfJ1u83Y4afrtvHKClKVtfbK0WCgA2TV7yF2uMIYiFu 2KdclR/rzczXmdtY3MswpG5Y4xlPcIy29y+0idAsG0Tvt3dDWhw6YpBvWjpc3g0z90yakwrwhzu3X FVAorMB0Gyce5LgXYi6CpSqjDweDT97VaR8dfPeq6A7Sm+mrkmQd+Vu9H6B4t/iu0Ed7ePP5hL5Yd ILFOVC12E4/EcwQI3z/bPAOQjfbk5xa6OsjCBmTaBz5rE7V5jRC55fAKqSTdhwMghjRrutGHezQkX IbDA8+fg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVw-0007xC-6o; Mon, 06 Aug 2018 19:50:00 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVN-0007Bx-Bu for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:27 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JijDU018485 for ; Mon, 6 Aug 2018 21:44:46 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiZqi020773 for ; Mon, 6 Aug 2018 21:44:45 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id fOq3ShaUV1-v for ; Mon, 6 Aug 2018 21:44:38 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiUWT020770 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:31 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8t019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:30 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 12/25] OCV: Add function to derive Tx parameters to a specific STA Date: Mon, 6 Aug 2018 15:46:30 -0400 Message-Id: <20180806194643.1328-13-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124925_696104_ACB54CCB X-CRM114-Status: GOOD ( 16.15 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Use the information elements that were present in the association request to derive the maximum bandwidth the AP will use to transmit frames to a specific STA. By using this approach, we don't need to query the kernel for this information, and avoid having to add a driver API to query the kernel for this information. Signed-off-by: Mathy Vanhoef --- src/ap/wpa_auth.c | 74 +++++++++++++++++++++++++++++++++++++++++++++++ src/ap/wpa_auth.h | 7 +++++ 2 files changed, 81 insertions(+) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index ea966474f..23ca2c1a9 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2633,6 +2633,80 @@ u8 * hostapd_eid_assoc_fils_session(struct wpa_state_machine *sm, u8 *buf, #endif /* CONFIG_FILS */ +#ifdef CONFIG_OCV + +int get_tx_parameters(struct sta_info *sta, int ap_max_chanwidth, + int ap_seg1_idx, int *bandwidth, int *seg1_idx) +{ + int ht_40mhz; + int vht_80p80; + int requested_bw; + + + ht_40mhz = 0; + if (sta->ht_capabilities) + ht_40mhz = !!(sta->ht_capabilities->ht_capabilities_info & + HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET); + + vht_80p80 = 0; + if (sta->vht_operation) { + struct ieee80211_vht_operation *oper = sta->vht_operation; + + /** + * If a VHT Operation element was present, use it to determine the + * supported channel bandwidth. + */ + if (oper->vht_op_info_chwidth == 0) + requested_bw = ht_40mhz ? 40 : 20; + else if (oper->vht_op_info_chan_center_freq_seg1_idx == 0) + requested_bw = 80; + else { + requested_bw = 160; + vht_80p80 = oper->vht_op_info_chan_center_freq_seg1_idx != 0 && + abs((int)oper->vht_op_info_chan_center_freq_seg0_idx - + (int)oper->vht_op_info_chan_center_freq_seg1_idx) > 16; + } + } else if (sta->vht_capabilities) { + struct ieee80211_vht_capabilities *capab = sta->vht_capabilities; + + /** + * If only the VHT Capabilities element is present (e.g. for normal + * clients), use it to determine the supported channel bandwidth. + */ + int vht_chanwidth = capab->vht_capabilities_info & VHT_CAP_SUPP_CHAN_WIDTH_MASK; + vht_80p80 = capab->vht_capabilities_info & VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; + + /** TODO: Also take into account Extended NSS BW Support field */ + requested_bw = vht_chanwidth ? 160 : 80; + } else { + requested_bw = ht_40mhz ? 40 : 20; + } + + *bandwidth = requested_bw < ap_max_chanwidth ? requested_bw : ap_max_chanwidth; + + *seg1_idx = 0; + if (ap_seg1_idx && vht_80p80) + *seg1_idx = ap_seg1_idx; + + return 0; +} + +int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth, + int ap_seg1_idx, int *bandwidth, int *seg1_idx) +{ + struct sta_info *sta; + + sta = wpa_get_sta(sm->wpa_auth, sm->addr); + if (sta == NULL) { + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, "Failed to get " + "STA info to validate received OCI in EAPOL-Key 2/4"); + return -1; + } + + return get_tx_parameters(sta, ap_max_chanwidth, ap_seg1_idx, bandwidth, seg1_idx); +} + +#endif /* CONFIG_OCV */ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) { diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 2762044ff..edd7beebe 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -457,6 +457,13 @@ const u8 * wpa_fils_validate_fils_session(struct wpa_state_machine *sm, int wpa_fils_validate_key_confirm(struct wpa_state_machine *sm, const u8 *ies, size_t ies_len); +#ifdef CONFIG_OCV +int get_tx_parameters(struct sta_info *sta, int ap_max_chanwidth, + int ap_seg1_idx, int *bandwidth, int *seg1_idx); +int get_sta_tx_parameters(struct wpa_state_machine *sm, int ap_max_chanwidth, + int ap_seg1_idx, int *bandwidth, int *seg1_idx); +#endif /* CONFIG_OCV */ + int wpa_auth_write_fte(struct wpa_authenticator *wpa_auth, int use_sha384, u8 *buf, size_t len); void wpa_auth_get_fils_aead_params(struct wpa_state_machine *sm, From patchwork Mon Aug 6 19:46:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954197 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="qkPAwRh2"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpDN685Rz9ryt for ; Tue, 7 Aug 2018 05:51:00 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=6lyPD9bmj4PrsJkkkJkIrZEcI6deyQ0fkJMavebDJ5o=; b=qkPAwRh2DY14LwT91uyIUP3yGY z9HT9awsogvhgzB2nOFSkhDpQvBIJLUg2LT9laWfO3T23UxN3kpIOHBvQbzzuXgMMvCx+y02JoCOu 0ImH61S4/w9e1WuNpntj4gQxm/C5Ft8ib0PS9SUjGmGUQwhFmJEq5ykxQ2edl0e+DW+T6oUDnbDCZ OkKm3+Lj/AqNq3feYMgNV4xr/vPKbPF75zgYn96Ir//Ld3fLL1+4o9o8O351oypIkj46Zn3p+uokt EWzSzyqs4HiWPj8XHQvtOBT7kyPF+da5KX45qCH9DUu1TwC1QpBU54963W1S89blOO1cx+jnqBknM fIalut7Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWp-00013R-5e; Mon, 06 Aug 2018 19:50:55 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVr-0007Bx-V5 for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:50:01 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JikKC018490 for ; Mon, 6 Aug 2018 21:44:46 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiPss020752 for ; Mon, 6 Aug 2018 21:44:45 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id oj_vJwuSe-ug for ; Mon, 6 Aug 2018 21:44:38 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiXmV020771 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:33 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8u019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:33 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 13/25] OCV: Verify OCI in 4-way and group key handshake Date: Mon, 6 Aug 2018 15:46:31 -0400 Message-Id: <20180806194643.1328-14-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124957_010862_87E64F68 X-CRM114-Status: GOOD ( 14.18 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Verify the received OCI element in the 4-way and group key handshake. If verification fails, the handshake message is silently dropped. Signed-off-by: Mathy Vanhoef --- src/ap/wpa_auth.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++ src/rsn_supp/wpa.c | 40 ++++++++++++++++++++++ 2 files changed, 124 insertions(+) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 23ca2c1a9..9e99020f1 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2830,6 +2830,31 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) WLAN_REASON_PREV_AUTH_NOT_VALID); return; } +#ifdef CONFIG_OCV + if (wpa_auth_uses_ocv(sm)) { + struct wpa_channel_info ci; + int tx_chanwidth; + int tx_seg1_idx; + + if (wpa_channel_info(wpa_auth, &ci) != 0) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "Failed to get channel info to validate " + "received OCI in EAPOL-Key 2/4"); + return; + } else if (get_sta_tx_parameters(sm, channel_width_to_int(ci.chanwidth), + ci.seg1_idx, &tx_chanwidth, + &tx_seg1_idx) < 0) { + return; + } + + if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci, + tx_chanwidth, tx_seg1_idx) != 0) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ #ifdef CONFIG_IEEE80211R_AP if (ft && ft_check_msg_2_of_4(wpa_auth, sm, &kde) < 0) { wpa_sta_disconnect(wpa_auth, sm->addr, @@ -3484,8 +3509,67 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED) { +#ifdef CONFIG_OCV + struct wpa_authenticator *wpa_auth = sm->wpa_auth; + const u8 *key_data, *mic; + struct ieee802_1x_hdr *hdr; + struct wpa_eapol_key *key; + struct wpa_eapol_ie_parse kde; + size_t mic_len; + u16 key_data_length; +#endif /* CONFIG_OCV */ + SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group); sm->EAPOLKeyReceived = FALSE; + +#ifdef CONFIG_OCV + mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len); + + /* + * Note: last_rx_eapol_key length fields have already been validated in + * wpa_receive(). + */ + hdr = (struct ieee802_1x_hdr *) sm->last_rx_eapol_key; + key = (struct wpa_eapol_key *) (hdr + 1); + mic = (u8 *) (key + 1); + key_data = mic + mic_len + 2; + key_data_length = WPA_GET_BE16(mic + mic_len); + if (key_data_length > sm->last_rx_eapol_key_len - sizeof(*hdr) - + sizeof(*key) - mic_len - 2) + return; + + if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) { + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key msg 1/2 with invalid " + "Key Data contents"); + return; + } + + if (wpa_auth_uses_ocv(sm)) { + struct wpa_channel_info ci; + int tx_chanwidth; + int tx_seg1_idx; + + if (wpa_channel_info(wpa_auth, &ci) != 0) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "Failed to get channel info to validate " + "received OCI in EAPOL-Key 1/2"); + return; + } else if (get_sta_tx_parameters(sm, channel_width_to_int(ci.chanwidth), + ci.seg1_idx, &tx_chanwidth, + &tx_seg1_idx) < 0) { + return; + } + + if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci, + tx_chanwidth, tx_seg1_idx) != 0) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ + if (sm->GUpdateStationKeys) sm->group->GKeyDoneStations--; sm->GUpdateStationKeys = FALSE; diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 88437291b..6eb0d3217 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1446,6 +1446,26 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, } #endif /* CONFIG_P2P */ +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "Failed to get channel info to validate " + "received OCI in EAPOL-Key 3/4"); + return; + } + + if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ + if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, &sm->ptk) < 0) { goto failed; @@ -1533,6 +1553,26 @@ static int wpa_supplicant_process_1_of_2_rsn(struct wpa_sm *sm, } maxkeylen = gd->gtk_len = ie.gtk_len - 2; +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "Failed to get channel info to validate " + "received OCI in EAPOL-Key 1/2"); + return -1; + } + + if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, ocv_errorstr); + return -1; + } + } +#endif /* CONFIG_OCV */ + if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, gd->gtk_len, maxkeylen, &gd->key_rsc_len, &gd->alg)) From patchwork Mon Aug 6 19:46:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954195 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="NgA8KCMA"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpD622YJz9s4v for ; Tue, 7 Aug 2018 05:50:46 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=XxNYXnpGRaA7lrYVzNz3l6GuDysOyix9ilq70FCuDpo=; b=NgA8KCMA/eshJg2jpwEBoav7c9 1mfuPkrWcsveYc0E6G5Pzs6D5xVA5jKoTt6W6LMK+iAuS2olj1HbjBq/6oVgyDe1OuOMPQ/U0teiW I9NGbPnGeS03R9A8fUUtrjX3jELmaRkV54XCVTYqBDac6zOJr4gY3BNAXFf/Pq4DS2uvjraXyvyyh cEFYBWNDcDDvSNARABEiSEqIHs0+OkSsVtjDylxpmuMabz00UVYos6pStAK5l1lPXNgpTaDg27yMY uEvbM5FMnsdAS1/AI1cZMb6FLRlDCFQYqXpnb3o1ivs7cd7PlDr+R9keDoBggHA69siDmMmX2ci6F nyyfbr0A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWb-0000fY-J9; Mon, 06 Aug 2018 19:50:41 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVf-0007Bx-RJ for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:49 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JijBw018484 for ; Mon, 6 Aug 2018 21:44:46 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiZHB020772 for ; Mon, 6 Aug 2018 21:44:45 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id bfLBwy8vqeLJ for ; Mon, 6 Aug 2018 21:44:38 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiaeT020778 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:36 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8v019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:36 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 14/25] OCV: Include and verify OCI in the FT handshake Date: Mon, 6 Aug 2018 15:46:32 -0400 Message-Id: <20180806194643.1328-15-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124944_745147_E314D3BB X-CRM114-Status: GOOD ( 14.73 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Include and verify the the OCI element in (Re)Association Request and Responses of the FT hanshake. In case verification fails, the handshake message is silently ignored. Signed-off-by: Mathy Vanhoef --- src/ap/wpa_auth_ft.c | 64 +++++++++++++++++++++++++++++++++++++++++++ src/rsn_supp/wpa_ft.c | 41 +++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index e8d46ab0d..702af98fc 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -13,6 +13,8 @@ #include "utils/list.h" #include "common/ieee802_11_defs.h" #include "common/ieee802_11_common.h" +#include "common/ocv.h" +#include "drivers/driver.h" #include "crypto/aes.h" #include "crypto/aes_siv.h" #include "crypto/aes_wrap.h" @@ -727,6 +729,15 @@ static int wpa_ft_add_tspec(struct wpa_authenticator *wpa_auth, } +static int wpa_channel_info(struct wpa_authenticator *wpa_auth, + struct wpa_channel_info *ci) +{ + if (wpa_auth->cb->channel_info == NULL) + return -1; + return wpa_auth->cb->channel_info(wpa_auth->cb_ctx, ci); +} + + int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len) { u8 *pos = buf; @@ -2430,6 +2441,35 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, os_free(igtk); } #endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_OCV + if (wpa_auth_uses_ocv(sm)) { + struct wpa_channel_info ci; + u8 *nbuf, *ocipos; + + if (wpa_channel_info(sm->wpa_auth, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get " + "channel info for OCI element"); + os_free(subelem); + return pos; + } + + subelem_len += 2 + OCV_OCI_LEN; + nbuf = os_realloc(subelem, subelem_len); + if (nbuf == NULL) { + os_free(subelem); + return pos; + } + subelem = nbuf; + + ocipos = subelem + subelem_len - 2 - OCV_OCI_LEN; + *ocipos++ = FTIE_SUBELEM_OCI; + *ocipos++ = OCV_OCI_LEN; + if (ocv_insert_oci(&ci, &ocipos) < 0) { + os_free(subelem); + return pos; + } + } +#endif /* CONFIG_OCV */ } else { r0kh_id = conf->r0_key_holder; r0kh_id_len = conf->r0_key_holder_len; @@ -3178,6 +3218,30 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, return WLAN_STATUS_INVALID_FTIE; } +#ifdef CONFIG_OCV + if (wpa_auth_uses_ocv(sm)) { + struct wpa_channel_info ci; + int tx_chanwidth; + int tx_seg1_idx; + + if (wpa_channel_info(sm->wpa_auth, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info to" + "validate received OCI in (Re)Assoc Request"); + return WLAN_STATUS_UNSPECIFIED_FAILURE; + } else if (get_sta_tx_parameters(sm, channel_width_to_int(ci.chanwidth), + ci.seg1_idx, &tx_chanwidth, + &tx_seg1_idx) < 0) { + return WLAN_STATUS_UNSPECIFIED_FAILURE; + } + + if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci, + tx_chanwidth, tx_seg1_idx) != 0) { + wpa_printf(MSG_WARNING, ocv_errorstr); + return WLAN_STATUS_UNSPECIFIED_FAILURE; + } + } +#endif /* CONFIG_OCV */ + return WLAN_STATUS_SUCCESS; } diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 9caff859d..bff5b283f 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -14,6 +14,8 @@ #include "crypto/random.h" #include "common/ieee802_11_defs.h" #include "common/ieee802_11_common.h" +#include "common/ocv.h" +#include "drivers/driver.h" #include "wpa.h" #include "wpa_i.h" @@ -325,6 +327,26 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, *pos++ = sm->r0kh_id_len; os_memcpy(pos, sm->r0kh_id, sm->r0kh_id_len); pos += sm->r0kh_id_len; +#ifdef CONFIG_OCV + if (kck && wpa_sm_ocv_enabled(sm)) { + /* OCI sub-element in third FT message */ + struct wpa_channel_info ci; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel " + "info for OCI element in FTE"); + os_free(buf); + return NULL; + } + + *pos++ = FTIE_SUBELEM_OCI; + *pos++ = OCV_OCI_LEN; + if (ocv_insert_oci(&ci, &pos) < 0) { + os_free(buf); + return NULL; + } + } +#endif /* CONFIG_OCV */ *ftie_len = pos - ftie_len - 1; if (ric_ies) { @@ -963,6 +985,25 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, return -1; } +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info to " + "validate received OCI in (Re)Assoc Response"); + return -1; + } + + if (ocv_verify_tx_params(parse.oci, parse.oci_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != 0) { + wpa_printf(MSG_WARNING, ocv_errorstr); + return -1; + } + } +#endif /* CONFIG_OCV */ + sm->ft_reassoc_completed = 1; if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0) From patchwork Mon Aug 6 19:46:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954203 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="JAdyaIDr"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpFq0rksz9ryt for ; Tue, 7 Aug 2018 05:52:15 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=IPSoiLdJRuTl1BeQly+jmTRMhs/+3/0W31cghkB111A=; b=JAdyaIDrA3krFczo3vNSaDECeJ F3KLA1CvB4+BlvReiDMksnpFRKjb+dRaPAhHD+Id4M+qsm/YkdxcvJ9nFfKmt66TC66TrwzpYDrCR n1heCyxGkTN7SSYJ0b/B5e12TRTIqK5jNrqKJJvg+Q+jpVOPBFBDopBwtxL7Cwh3uIjYfLRAyI2Fi FPTGu9VEXzGhIdK30JmhCHh4T/Pfy54z2DmCuAMg8Uj9j+902PbygQJhMXWybYjQ2MODTGXRrC4K/ 2zcXj9YfwRowBUPqjCjJ2E7+yahcaoqZIvbxObCkLk59FiYFvKFHN9hwiIqePHW1NFMxBLiGwEC71 bOKKj+lw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlY2-0003D4-11; Mon, 06 Aug 2018 19:52:10 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXM-0007Bx-W4 for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:52:01 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JitMi018496 for ; Mon, 6 Aug 2018 21:44:55 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JisDn020820 for ; Mon, 6 Aug 2018 21:44:54 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id xPQsCUerBnzq for ; Mon, 6 Aug 2018 21:44:47 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jid1W020793 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:39 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8w019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:38 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 15/25] OCV: Include and verify OCI in WNM-Sleep Exit frames Date: Mon, 6 Aug 2018 15:46:33 -0400 Message-Id: <20180806194643.1328-16-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_125129_708384_256CAA7B X-CRM114-Status: GOOD ( 17.16 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Include and verify the OCI element in WNM-Sleep Exit Request and Response frames. In case verification fails, the frame is silently ignored. Signed-off-by: Mathy Vanhoef --- src/ap/wnm_ap.c | 78 ++++++++++++++++++++++++++++++++++++--- wpa_supplicant/wnm_sta.c | 79 +++++++++++++++++++++++++++++++++++++--- 2 files changed, 147 insertions(+), 10 deletions(-) diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c index 710fe502b..1850df531 100644 --- a/src/ap/wnm_ap.c +++ b/src/ap/wnm_ap.c @@ -12,6 +12,7 @@ #include "utils/eloop.h" #include "common/ieee802_11_defs.h" #include "common/wpa_ctrl.h" +#include "common/ocv.h" #include "ap/hostapd.h" #include "ap/sta_info.h" #include "ap/ap_config.h" @@ -54,8 +55,8 @@ static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd, size_t gtk_elem_len = 0; size_t igtk_elem_len = 0; struct wnm_sleep_element wnmsleep_ie; - u8 *wnmtfs_ie; - u8 wnmsleep_ie_len; + u8 *wnmtfs_ie, *oci_ie; + u8 wnmsleep_ie_len, oci_ie_len; u16 wnmtfs_ie_len; u8 *pos; struct sta_info *sta; @@ -88,10 +89,41 @@ static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd, wnmtfs_ie = NULL; } + oci_ie = NULL; + oci_ie_len = 0; +#ifdef CONFIG_OCV + if (action_type == WNM_SLEEP_MODE_EXIT && + sta != NULL && wpa_auth_uses_ocv(sta->wpa_sm)) { + struct wpa_channel_info ci; + + if (hostapd_drv_channel_info(hapd, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element in WNM-Sleep Mode frame"); + os_free(wnmtfs_ie); + return -1; + } + + oci_ie_len = OCV_OCI_EXTENDED_LEN; + oci_ie = os_zalloc(oci_ie_len); + if (oci_ie == NULL) { + wpa_printf(MSG_WARNING, "Failed to allocate buffer for " + "for OCI element in WNM-Sleep Mode frame"); + os_free(wnmtfs_ie); + return -1; + } + + if (ocv_insert_extended_oci(&ci, oci_ie) < 0) { + os_free(wnmtfs_ie); + os_free(oci_ie); + return -1; + } + } +#endif /* CONFIG_OCV */ + #define MAX_GTK_SUBELEM_LEN 45 #define MAX_IGTK_SUBELEM_LEN 26 - mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len + - MAX_GTK_SUBELEM_LEN + MAX_IGTK_SUBELEM_LEN); + mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len + MAX_GTK_SUBELEM_LEN + + MAX_IGTK_SUBELEM_LEN + oci_ie_len); if (mgmt == NULL) { wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for " "WNM-Sleep Response action frame"); @@ -136,9 +168,15 @@ static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd, pos += wnmsleep_ie_len; if (wnmtfs_ie) os_memcpy(pos, wnmtfs_ie, wnmtfs_ie_len); + pos += wnmtfs_ie_len; +#ifdef CONFIG_OCV + /* copy OCV OCI here */ + if (oci_ie_len > 0) + os_memcpy(pos, oci_ie, oci_ie_len); +#endif /* CONFIG_OCV */ len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_resp) + gtk_elem_len + - igtk_elem_len + wnmsleep_ie_len + wnmtfs_ie_len; + igtk_elem_len + wnmsleep_ie_len + wnmtfs_ie_len + oci_ie_len; /* In driver, response frame should be forced to sent when STA is in * PS mode */ @@ -185,6 +223,7 @@ static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd, #undef MAX_IGTK_SUBELEM_LEN fail: os_free(wnmtfs_ie); + os_free(oci_ie); os_free(mgmt); return res; } @@ -193,6 +232,7 @@ fail: static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd, const u8 *addr, const u8 *frm, int len) { + struct sta_info *sta; /* Dialog Token [1] | WNM-Sleep Mode IE | TFS Response IE */ const u8 *pos = frm; u8 dialog_token; @@ -201,6 +241,8 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd, u8 *tfsreq_ie_start = NULL; u8 *tfsreq_ie_end = NULL; u16 tfsreq_ie_len = 0; + const u8 *oci_ie = NULL; + u8 oci_ie_len = 0; if (!hapd->conf->wnm_sleep_mode) { wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from " @@ -221,6 +263,10 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd, if (!tfsreq_ie_start) tfsreq_ie_start = (u8 *) pos; tfsreq_ie_end = (u8 *) pos; + } else if (*pos == WLAN_EID_EXTENSION && ie_len >= 1 && + pos[2] == WLAN_EID_EXT_OCV_OCI) { + oci_ie = pos + 3; + oci_ie_len = ie_len - 1; } else wpa_printf(MSG_DEBUG, "WNM: EID %d not recognized", *pos); @@ -232,6 +278,28 @@ static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd, return; } +#ifdef CONFIG_OCV + sta = ap_get_sta(hapd, addr); + if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT && + sta != NULL && wpa_auth_uses_ocv(sta->wpa_sm)) { + struct wpa_channel_info ci; + + if (hostapd_drv_channel_info(hapd, &ci) != 0) { + wpa_printf(MSG_WARNING, + "Failed to get channel info to validate " + "received OCI in WNM-Sleep Mode frame"); + return; + } + + if (ocv_verify_tx_params(oci_ie, oci_ie_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != 0) { + wpa_msg(hapd, MSG_WARNING, ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ + if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER && tfsreq_ie_start && tfsreq_ie_end && tfsreq_ie_end - tfsreq_ie_start >= 0) { diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c index 7c410e730..5577b0901 100644 --- a/wpa_supplicant/wnm_sta.c +++ b/wpa_supplicant/wnm_sta.c @@ -12,6 +12,7 @@ #include "common/ieee802_11_defs.h" #include "common/ieee802_11_common.h" #include "common/wpa_ctrl.h" +#include "common/ocv.h" #include "rsn_supp/wpa.h" #include "config.h" #include "wpa_supplicant_i.h" @@ -54,12 +55,13 @@ static int ieee80211_11_set_tfs_ie(struct wpa_supplicant *wpa_s, int ieee802_11_send_wnmsleep_req(struct wpa_supplicant *wpa_s, u8 action, u16 intval, struct wpabuf *tfs_req) { + struct wpa_sm *sm = wpa_s->wpa; struct ieee80211_mgmt *mgmt; int res; size_t len; struct wnm_sleep_element *wnmsleep_ie; - u8 *wnmtfs_ie; - u8 wnmsleep_ie_len; + u8 *wnmtfs_ie, *oci_ie; + u8 wnmsleep_ie_len, oci_ie_len; u16 wnmtfs_ie_len; /* possibly multiple IE(s) */ enum wnm_oper tfs_oper = action == 0 ? WNM_SLEEP_TFS_REQ_IE_ADD : WNM_SLEEP_TFS_REQ_IE_NONE; @@ -106,7 +108,40 @@ int ieee802_11_send_wnmsleep_req(struct wpa_supplicant *wpa_s, wpa_hexdump(MSG_DEBUG, "WNM: TFS Request element", (u8 *) wnmtfs_ie, wnmtfs_ie_len); - mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len + wnmtfs_ie_len); + oci_ie = NULL; + oci_ie_len = 0; +#ifdef CONFIG_OCV + if (action == WNM_SLEEP_MODE_EXIT && wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + + if (wpa_drv_channel_info(wpa_s, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element in WNM-Sleep Mode frame"); + os_free(wnmsleep_ie); + os_free(wnmtfs_ie); + return -1; + } + + oci_ie_len = OCV_OCI_EXTENDED_LEN; + oci_ie = os_zalloc(oci_ie_len); + if (oci_ie == NULL) { + wpa_printf(MSG_WARNING, "Failed to allocate buffer for " + "for OCI element in WNM-Sleep Mode frame"); + os_free(wnmsleep_ie); + os_free(wnmtfs_ie); + return -1; + } + + if (ocv_insert_extended_oci(&ci, oci_ie) < 0) { + os_free(wnmsleep_ie); + os_free(wnmtfs_ie); + os_free(oci_ie); + return -1; + } + } +#endif /* CONFIG_OCV */ + + mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len + wnmtfs_ie_len + oci_ie_len); if (mgmt == NULL) { wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for " "WNM-Sleep Request action frame"); @@ -130,9 +165,15 @@ int ieee802_11_send_wnmsleep_req(struct wpa_supplicant *wpa_s, os_memcpy(mgmt->u.action.u.wnm_sleep_req.variable + wnmsleep_ie_len, wnmtfs_ie, wnmtfs_ie_len); } - +#ifdef CONFIG_OCV + /* copy OCV OCI here */ + if (oci_ie_len > 0) { + os_memcpy(mgmt->u.action.u.wnm_sleep_req.variable + + wnmsleep_ie_len + wnmtfs_ie_len, oci_ie, oci_ie_len); + } +#endif /* CONFIG_OCV */ len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_req) + wnmsleep_ie_len + - wnmtfs_ie_len; + wnmtfs_ie_len + oci_ie_len; res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, wpa_s->own_addr, wpa_s->bssid, @@ -145,6 +186,7 @@ int ieee802_11_send_wnmsleep_req(struct wpa_supplicant *wpa_s, os_free(wnmsleep_ie); os_free(wnmtfs_ie); + os_free(oci_ie); os_free(mgmt); return res; @@ -256,6 +298,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, /* multiple TFS Resp IE (assuming consecutive) */ const u8 *tfsresp_ie_start = NULL; const u8 *tfsresp_ie_end = NULL; + const u8 *oci_ie = NULL; + u8 oci_ie_len = 0; size_t left; if (!wpa_s->wnmsleep_used) { @@ -289,6 +333,10 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, if (!tfsresp_ie_start) tfsresp_ie_start = pos; tfsresp_ie_end = pos; + } else if (*pos == WLAN_EID_EXTENSION && ie_len >= 1 && + pos[2] == WLAN_EID_EXT_OCV_OCI) { + oci_ie = pos + 3; + oci_ie_len = ie_len - 1; } else wpa_printf(MSG_DEBUG, "EID %d not recognized", *pos); pos += ie_len + 2; @@ -299,6 +347,27 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s, return; } +#ifdef CONFIG_OCV + if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT && + wpa_sm_ocv_enabled(wpa_s->wpa)) { + struct wpa_channel_info ci; + + if (wpa_drv_channel_info(wpa_s, &ci) != 0) { + wpa_msg(wpa_s, MSG_WARNING, + "Failed to get channel info to validate " + "received OCI in WNM-Sleep Mode frame"); + return; + } + + if (ocv_verify_tx_params(oci_ie, oci_ie_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != 0) { + wpa_msg(wpa_s, MSG_WARNING, ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ + wpa_s->wnmsleep_used = 0; if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT || From patchwork Mon Aug 6 19:46:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954204 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="UqFh3Pct"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="VExC5GbB"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpFy1cydz9ryt for ; Tue, 7 Aug 2018 05:52:22 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=x3GhER3Y4fdwIgKmy76K+qZXUj85c6SBUU8fFd6hGQY=; b=UqFh3PctaJMxPMzEgiI6CGPpoH D/Sc6QG/vKBm5lEeFfEn5pjuIs1Z7HVuA3wLwXLdlsC/VRnYNcI4c65C7+/At+ICr6gY3jl+KUkem ebUonZs3GhDgGeYwyc7qJYz2XYh90d7kw4sD5ihsDtOjMnXWmCk3a5c3QM0Hm7DE6McYQLQ6YMMfG /AmYRF6UL+5Q59hfecKFUam/sAS7EFDBZiiIqi7Bn6jCMVPQmmAZXLa62uMw4i9qESqZ6qUhtOg4J WgX/KVaJY7RBJjeP2Cxpe5xgOqKEoMI70kiFSs8olD5QCDvWNu3ihYtogEGJ+SYilIm/4Rq1+XnmX gEUuGMOw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlY9-0003QO-31; Mon, 06 Aug 2018 19:52:17 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXv-0002vu-2P for hostap@bombadil.infradead.org; Mon, 06 Aug 2018 19:52:03 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=L3HbFmRq0VdfJqQkvGCgujy4xbGIN7IV/NDjhdD5mRg=; b=VExC5GbBl9Np3QwztliBk8Zso iw4loS9uqlxFspVuh7pjX8c1Wiw13GdfCyVczm23hnG3ZSUp/VqUnwxS2Wavz1p0+CNEib2ulL1zj vnezzAUiJQOa0OW9ZLQXra1Xjdi6Ri8wPVOXbi73ee5cvosEjUaH/t6x2hm7P54Aa2WTfhv9MFZq+ c+PuZxwgjGFKibd+6q6lftbG/OsUAR2fduSgvpn+4mmX+WLZrCeB1mBkk2y8Ha9aLotIofwIMjFGZ +wGbdTqIKgDAdrMyAQdVCB9UC7tF+Tvcf8ZtWzDG6dtbGwcoVt4PcCtQyYnKPHSCnDxNz77RdmkFb 3Ip4JDsCg==; Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXr-0003YK-Bm for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:52:01 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JitKm018499 for ; Mon, 6 Aug 2018 21:44:55 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiZHC020772 for ; Mon, 6 Aug 2018 21:44:54 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id kRK-8HJK4uEV for ; Mon, 6 Aug 2018 21:44:47 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jiguf020795 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:42 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl8x019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:41 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 16/25] OCV: Include and verify OCI in SA Query frames Date: Mon, 6 Aug 2018 15:46:34 -0400 Message-Id: <20180806194643.1328-17-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_155159_662229_8FFDEF43 X-CRM114-Status: GOOD ( 24.22 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on merlin.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Include an OCI ement in SA Query Request and Response frames if OCV has been negotiated. On Linux, a kernel patch is needed to let clients correctly handle SA Query Requests that contain an OCI element. Without this patch, the kernel will reply to the SA Query Request itself, without veryfing the included OCI. Additionally, the SA Query Response sent by the kernel will not include an OCI element. The correct operation of the AP does not require a kernel patch. Without the corresponding kernel patch, SA Query Requests sent by the client are still valid, meaning they do include an OCI element. Note that an AP does not require any kernel patches. In other words, SA Query frames sent and received by the AP are properly handled, even without a kernel patch. As a result, the kernel patch is only required to make the client properly process and respond to a SA Query Request from the AP. Without this patch, the client will send a SA Query Response without an OCI element, causing the AP to silently ignore the response and eventually disconnect the client from the network. Signed-off-by: Mathy Vanhoef --- src/ap/drv_callbacks.c | 5 +- src/ap/ieee802_11.c | 4 +- src/ap/ieee802_11.h | 4 +- src/ap/ieee802_11_shared.c | 183 +++++++++++++++++++++++++++++------ src/common/ieee802_11_defs.h | 2 + src/drivers/driver_nl80211.c | 3 + wpa_supplicant/sme.c | 113 +++++++++++++++++++-- 7 files changed, 271 insertions(+), 43 deletions(-) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 399427804..1b15d3a69 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -1096,10 +1096,7 @@ static void hostapd_action_rx(struct hostapd_data *hapd, #endif /* CONFIG_IEEE80211R_AP */ #ifdef CONFIG_IEEE80211W if (mgmt->u.action.category == WLAN_ACTION_SA_QUERY && plen >= 4) { - ieee802_11_sa_query_action( - hapd, mgmt->sa, - mgmt->u.action.u.sa_query_resp.action, - mgmt->u.action.u.sa_query_resp.trans_id); + ieee802_11_sa_query_action(hapd, mgmt, drv_mgmt->frame_len); } #endif /* CONFIG_IEEE80211W */ #ifdef CONFIG_WNM_AP diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 543058e01..cc0e0f2e1 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -3729,9 +3729,7 @@ static int hostapd_sa_query_action(struct hostapd_data *hapd, return 0; } - ieee802_11_sa_query_action(hapd, mgmt->sa, - mgmt->u.action.u.sa_query_resp.action, - mgmt->u.action.u.sa_query_resp.trans_id); + ieee802_11_sa_query_action(hapd, mgmt, len); return 1; } diff --git a/src/ap/ieee802_11.h b/src/ap/ieee802_11.h index 3d93be299..30c64d726 100644 --- a/src/ap/ieee802_11.h +++ b/src/ap/ieee802_11.h @@ -93,8 +93,8 @@ void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, u8 * hostapd_eid_assoc_comeback_time(struct hostapd_data *hapd, struct sta_info *sta, u8 *eid); void ieee802_11_sa_query_action(struct hostapd_data *hapd, - const u8 *sa, const u8 action_type, - const u8 *trans_id); + const struct ieee80211_mgmt *mgmt, + size_t len); u8 * hostapd_eid_interworking(struct hostapd_data *hapd, u8 *eid); u8 * hostapd_eid_adv_proto(struct hostapd_data *hapd, u8 *eid); u8 * hostapd_eid_roaming_consortium(struct hostapd_data *hapd, u8 *eid); diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c index a3f860992..85c0c19b6 100644 --- a/src/ap/ieee802_11_shared.c +++ b/src/ap/ieee802_11_shared.c @@ -10,6 +10,8 @@ #include "utils/common.h" #include "common/ieee802_11_defs.h" +#include "common/ocv.h" +#include "ap/wpa_auth.h" #include "hostapd.h" #include "sta_info.h" #include "ap_config.h" @@ -49,7 +51,10 @@ u8 * hostapd_eid_assoc_comeback_time(struct hostapd_data *hapd, void ieee802_11_send_sa_query_req(struct hostapd_data *hapd, const u8 *addr, const u8 *trans_id) { - struct ieee80211_mgmt mgmt; + struct sta_info *sta; + struct ieee80211_mgmt *mgmt; + u8 *oci_ie = NULL; + u8 oci_ie_len = 0; u8 *end; wpa_printf(MSG_DEBUG, "IEEE 802.11: Sending SA Query Request to " @@ -57,19 +62,60 @@ void ieee802_11_send_sa_query_req(struct hostapd_data *hapd, wpa_hexdump(MSG_DEBUG, "IEEE 802.11: SA Query Transaction ID", trans_id, WLAN_SA_QUERY_TR_ID_LEN); - os_memset(&mgmt, 0, sizeof(mgmt)); - mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, +#ifdef CONFIG_OCV + sta = ap_get_sta(hapd, addr); + if (sta != NULL && wpa_auth_uses_ocv(sta->wpa_sm)) { + struct wpa_channel_info ci; + + if (hostapd_drv_channel_info(hapd, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element in SA Query Request"); + return; + } + + oci_ie_len = OCV_OCI_EXTENDED_LEN; + oci_ie = os_zalloc(oci_ie_len); + if (oci_ie == NULL) { + wpa_printf(MSG_WARNING, "Failed to allocate buffer " + "for OCI element in SA Query Request"); + return; + } + + if (ocv_insert_extended_oci(&ci, oci_ie) < 0) { + os_free(oci_ie); + return; + } + } +#endif /* CONFIG_OCV */ + + mgmt = os_zalloc(sizeof(*mgmt) + oci_ie_len); + if (mgmt == NULL) { + wpa_printf(MSG_DEBUG, "Failed to allocate buffer for " + "SA Query Response frame"); + os_free(oci_ie); + return; + } + + mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); - os_memcpy(mgmt.da, addr, ETH_ALEN); - os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN); - os_memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN); - mgmt.u.action.category = WLAN_ACTION_SA_QUERY; - mgmt.u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST; - os_memcpy(mgmt.u.action.u.sa_query_req.trans_id, trans_id, + os_memcpy(mgmt->da, addr, ETH_ALEN); + os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); + os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); + mgmt->u.action.category = WLAN_ACTION_SA_QUERY; + mgmt->u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST; + os_memcpy(mgmt->u.action.u.sa_query_req.trans_id, trans_id, WLAN_SA_QUERY_TR_ID_LEN); - end = mgmt.u.action.u.sa_query_req.trans_id + WLAN_SA_QUERY_TR_ID_LEN; - if (hostapd_drv_send_mlme(hapd, &mgmt, end - (u8 *) &mgmt, 0) < 0) + end = mgmt->u.action.u.sa_query_req.variable; +#ifdef CONFIG_OCV + if (oci_ie_len > 0) + memcpy(end, oci_ie, oci_ie_len); + end += oci_ie_len; +#endif /* CONFIG_OCV */ + if (hostapd_drv_send_mlme(hapd, mgmt, end - (u8 *) mgmt, 0) < 0) wpa_printf(MSG_INFO, "ieee802_11_send_sa_query_req: send failed"); + + os_free(mgmt); + os_free(oci_ie); } @@ -77,7 +123,9 @@ static void ieee802_11_send_sa_query_resp(struct hostapd_data *hapd, const u8 *sa, const u8 *trans_id) { struct sta_info *sta; - struct ieee80211_mgmt resp; + struct ieee80211_mgmt *resp; + u8 *oci_ie = NULL; + u8 oci_ie_len = 0; u8 *end; wpa_printf(MSG_DEBUG, "IEEE 802.11: Received SA Query Request from " @@ -92,33 +140,115 @@ static void ieee802_11_send_sa_query_resp(struct hostapd_data *hapd, return; } +#ifdef CONFIG_OCV + if (wpa_auth_uses_ocv(sta->wpa_sm)) { + struct wpa_channel_info ci; + + if (hostapd_drv_channel_info(hapd, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element in SA Query Response"); + return; + } + + oci_ie_len = OCV_OCI_EXTENDED_LEN; + oci_ie = os_zalloc(oci_ie_len); + if (oci_ie == NULL) { + wpa_printf(MSG_WARNING, "Failed to allocate buffer for " + "for OCI element in SA Query Response"); + return; + } + + if (ocv_insert_extended_oci(&ci, oci_ie) < 0) { + os_free(oci_ie); + return; + } + } +#endif /* CONFIG_OCV */ + + resp = os_zalloc(sizeof(*resp) + oci_ie_len); + if (resp == NULL) { + wpa_printf(MSG_DEBUG, "Failed to allocate buffer for " + "SA Query Response frame"); + os_free(oci_ie); + return; + } + wpa_printf(MSG_DEBUG, "IEEE 802.11: Sending SA Query Response to " MACSTR, MAC2STR(sa)); - os_memset(&resp, 0, sizeof(resp)); - resp.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION); - os_memcpy(resp.da, sa, ETH_ALEN); - os_memcpy(resp.sa, hapd->own_addr, ETH_ALEN); - os_memcpy(resp.bssid, hapd->own_addr, ETH_ALEN); - resp.u.action.category = WLAN_ACTION_SA_QUERY; - resp.u.action.u.sa_query_req.action = WLAN_SA_QUERY_RESPONSE; - os_memcpy(resp.u.action.u.sa_query_req.trans_id, trans_id, + os_memcpy(resp->da, sa, ETH_ALEN); + os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); + os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); + resp->u.action.category = WLAN_ACTION_SA_QUERY; + resp->u.action.u.sa_query_req.action = WLAN_SA_QUERY_RESPONSE; + os_memcpy(resp->u.action.u.sa_query_req.trans_id, trans_id, WLAN_SA_QUERY_TR_ID_LEN); - end = resp.u.action.u.sa_query_req.trans_id + WLAN_SA_QUERY_TR_ID_LEN; - if (hostapd_drv_send_mlme(hapd, &resp, end - (u8 *) &resp, 0) < 0) + end = resp->u.action.u.sa_query_req.variable; +#ifdef CONFIG_OCV + if (oci_ie_len > 0) + memcpy(end, oci_ie, oci_ie_len); + end += oci_ie_len; +#endif /* CONFIG_OCV */ + if (hostapd_drv_send_mlme(hapd, resp, end - (u8 *) resp, 0) < 0) wpa_printf(MSG_INFO, "ieee80211_mgmt_sa_query_request: send failed"); + + os_free(resp); + os_free(oci_ie); } -void ieee802_11_sa_query_action(struct hostapd_data *hapd, const u8 *sa, - const u8 action_type, const u8 *trans_id) +void ieee802_11_sa_query_action(struct hostapd_data *hapd, + const struct ieee80211_mgmt *mgmt, + size_t len) { struct sta_info *sta; int i; + const u8 action_type = mgmt->u.action.u.sa_query_resp.action; + const u8 *trans_id = mgmt->u.action.u.sa_query_resp.trans_id; + + sta = ap_get_sta(hapd, mgmt->sa); + +#ifdef CONFIG_OCV + if (sta != NULL && wpa_auth_uses_ocv(sta->wpa_sm)) { + struct ieee802_11_elems elems; + struct wpa_channel_info ci; + int tx_chanwidth; + int tx_seg1_idx; + size_t ies_len; + const u8 *ies; + + ies = mgmt->u.action.u.sa_query_resp.variable; + ies_len = len - (ies - (u8 *) mgmt); + if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { + wpa_printf(MSG_DEBUG, + "SA Query: Failed to parse elements"); + return; + } + + if (hostapd_drv_channel_info(hapd, &ci) != 0) { + wpa_printf(MSG_WARNING, + "Failed to get channel info to validate " + "received OCI in SA Query Action frame"); + return; + } else if (get_sta_tx_parameters(sta->wpa_sm, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx, &tx_chanwidth, + &tx_seg1_idx) < 0) { + return; + } + + if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci, + tx_chanwidth, tx_seg1_idx) != 0) { + wpa_printf(MSG_WARNING, ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ if (action_type == WLAN_SA_QUERY_REQUEST) { - ieee802_11_send_sa_query_resp(hapd, sa, trans_id); + ieee802_11_send_sa_query_resp(hapd, mgmt->sa, trans_id); return; } @@ -129,13 +259,12 @@ void ieee802_11_sa_query_action(struct hostapd_data *hapd, const u8 *sa, } wpa_printf(MSG_DEBUG, "IEEE 802.11: Received SA Query Response from " - MACSTR, MAC2STR(sa)); + MACSTR, MAC2STR(mgmt->sa)); wpa_hexdump(MSG_DEBUG, "IEEE 802.11: SA Query Transaction ID", trans_id, WLAN_SA_QUERY_TR_ID_LEN); /* MLME-SAQuery.confirm */ - sta = ap_get_sta(hapd, sa); if (sta == NULL || sta->sa_query_trans_id == NULL) { wpa_printf(MSG_DEBUG, "IEEE 802.11: No matching STA with " "pending SA Query request found"); diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h index db4d42f29..6c28fd5b7 100644 --- a/src/common/ieee802_11_defs.h +++ b/src/common/ieee802_11_defs.h @@ -866,10 +866,12 @@ struct ieee80211_mgmt { struct { u8 action; u8 trans_id[WLAN_SA_QUERY_TR_ID_LEN]; + u8 variable[]; /* OCI element */ } STRUCT_PACKED sa_query_req; struct { u8 action; /* */ u8 trans_id[WLAN_SA_QUERY_TR_ID_LEN]; + u8 variable[]; /* OCI element */ } STRUCT_PACKED sa_query_resp; struct { u8 action; diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index cdeec86af..d56b3595b 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -2176,6 +2176,9 @@ static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) ret = -1; #endif /* CONFIG_DPP */ #ifdef CONFIG_IEEE80211W + /* SA Query Request */ + if (nl80211_register_action_frame(bss, (u8 *) "\x08\x00", 2) < 0) + ret = -1; /* SA Query Response */ if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0) ret = -1; diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index d57195f15..a9202e28a 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -12,6 +12,7 @@ #include "utils/eloop.h" #include "common/ieee802_11_defs.h" #include "common/ieee802_11_common.h" +#include "common/ocv.h" #include "eapol_supp/eapol_supp_sm.h" #include "common/wpa_common.h" #include "common/sae.h" @@ -2073,7 +2074,9 @@ static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s) static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s, const u8 *trans_id) { - u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN]; + u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN + OCV_OCI_EXTENDED_LEN]; + u8 req_len = 2 + WLAN_SA_QUERY_TR_ID_LEN; + wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to " MACSTR, MAC2STR(wpa_s->bssid)); wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID", @@ -2081,9 +2084,25 @@ static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s, req[0] = WLAN_ACTION_SA_QUERY; req[1] = WLAN_SA_QUERY_REQUEST; os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN); +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(wpa_s->wpa)) { + struct wpa_channel_info ci; + + if (wpa_drv_channel_info(wpa_s, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element in SA Qeury Request frame"); + return; + } + + if (ocv_insert_extended_oci(&ci, req + req_len) < 0) + return; + + req_len += OCV_OCI_EXTENDED_LEN; + } +#endif /* CONFIG_OCV */ if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, wpa_s->own_addr, wpa_s->bssid, - req, sizeof(req), 0) < 0) + req, req_len, 0) < 0) wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query " "Request"); } @@ -2178,15 +2197,50 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa, } -void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa, - const u8 *data, size_t len) +static void sme_process_sa_query_request(struct wpa_supplicant *wpa_s, + const u8 *sa, const u8 *data, size_t len) +{ + u8 resp[2 + WLAN_SA_QUERY_TR_ID_LEN + OCV_OCI_EXTENDED_LEN]; + u8 resp_len = 2 + WLAN_SA_QUERY_TR_ID_LEN; + + wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Response to " + MACSTR, MAC2STR(wpa_s->bssid)); + + resp[0] = WLAN_ACTION_SA_QUERY; + resp[1] = WLAN_SA_QUERY_RESPONSE; + os_memcpy(resp + 2, data + 1, WLAN_SA_QUERY_TR_ID_LEN); +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(wpa_s->wpa)) { + struct wpa_channel_info ci; + + if (wpa_drv_channel_info(wpa_s, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element in SA Qeury Request frame"); + return; + } + + if (ocv_insert_extended_oci(&ci, resp + resp_len) < 0) + return; + + resp_len += OCV_OCI_EXTENDED_LEN; + } +#endif /* CONFIG_OCV */ + if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, + wpa_s->own_addr, wpa_s->bssid, + resp, resp_len, 0) < 0) + wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query " + "Request"); +} + + +void sme_process_sa_query_response(struct wpa_supplicant *wpa_s, + const u8 *sa, const u8 *data, size_t len) { int i; - if (wpa_s->sme.sa_query_trans_id == NULL || - len < 1 + WLAN_SA_QUERY_TR_ID_LEN || - data[0] != WLAN_SA_QUERY_RESPONSE) + if (wpa_s->sme.sa_query_trans_id == NULL) return; + wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from " MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]); @@ -2211,4 +2265,49 @@ void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa, sme_stop_sa_query(wpa_s); } + +void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa, + const u8 *data, size_t len) +{ + if (len < 1 + WLAN_SA_QUERY_TR_ID_LEN) + return; + + wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query frame from " + MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]); + +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(wpa_s->wpa)) { + struct ieee802_11_elems elems; + struct wpa_channel_info ci; + + if (ieee802_11_parse_elems(data + 1 + WLAN_SA_QUERY_TR_ID_LEN, + len - 1 - WLAN_SA_QUERY_TR_ID_LEN, + &elems, 1) == ParseFailed) { + wpa_printf(MSG_DEBUG, + "SA Query: Failed to parse elements"); + return; + } + + if (wpa_drv_channel_info(wpa_s, &ci) != 0) { + wpa_printf(MSG_WARNING, + "Failed to get channel info to validate " + "received OCI in SA Query Action frame"); + return; + } + + if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != 0) { + wpa_printf(MSG_WARNING, ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ + + if (data[0] == WLAN_SA_QUERY_REQUEST) + sme_process_sa_query_request(wpa_s, sa, data, len); + else if (data[0] == WLAN_SA_QUERY_RESPONSE) + sme_process_sa_query_response(wpa_s, sa, data, len); +} + #endif /* CONFIG_IEEE80211W */ From patchwork Mon Aug 6 19:46:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954186 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Pnlk97eW"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpC01HsTz9s4v for ; Tue, 7 Aug 2018 05:49:48 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=chODRuxiRT75oOtAdNXPB4vSz2gblyy8/o/x9zK0EBc=; b=Pnlk97eWYoKT+SXMOjIdALBCAi dhVa63L91SyrR+2cbp+7ejzHfet/XTc0BOxbJUzFZ2HyFDas/mlW7/GxWKARybRONLSdv6zK3ywF/ 7BZ5OATeOjH1tpow9agu8UQ8yuw8eD/pW//3wjZTXoi4yvRNmHvTJGJJrG7BEXUkPGY+MkiC2pvHG evlM1SYgOxf7vXYQwqboEgvXKbXXI+kkO6oifARu48ldBH+bKE0Zt3fNuj575jyyA/RFPrilZIkgx bCyLsPv11V7427sOtD90JQUfjabB6RuRsTllOHP6l1redlkdSsEi75YwY7slybBOkkRyQIWUA1GjB ucfQ8Ckw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVS-0007D3-2r; Mon, 06 Aug 2018 19:49:30 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVB-0007Bx-4L for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:15 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JitdJ018493 for ; Mon, 6 Aug 2018 21:44:55 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JisNB020819 for ; Mon, 6 Aug 2018 21:44:54 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id XsABuGBKlHZt for ; Mon, 6 Aug 2018 21:44:47 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JijjR020796 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:45 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl90019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:44 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 17/25] OCV: Perform a SA Query after a channel switch Date: Mon, 6 Aug 2018 15:46:35 -0400 Message-Id: <20180806194643.1328-18-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124913_469452_BB3FF0E1 X-CRM114-Status: GOOD ( 14.06 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org After the network changed to a new channel, perform a SA Query with the AP after a random delay. This is used to confirm that we are still operating on the real operating channel of the network. Signed-off-by: Mathy Vanhoef --- src/ap/drv_callbacks.c | 2 ++ wpa_supplicant/events.c | 1 + wpa_supplicant/sme.c | 22 ++++++++++++++++++++++ wpa_supplicant/sme.h | 1 + 4 files changed, 26 insertions(+) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 1b15d3a69..a175c807b 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -735,6 +735,8 @@ void hostapd_event_sta_opmode_changed(struct hostapd_data *hapd, const u8 *addr, void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht, int offset, int width, int cf1, int cf2) { + /* TODO: If OCV is enabled deauth STAs that don't perform a SA Query */ + #ifdef NEED_AP_MLME int channel, chwidth, is_dfs; u8 seg0_idx = 0, seg1_idx = 0; diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index fb77f1dbd..428cb7368 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -4295,6 +4295,7 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event, } #endif /* CONFIG_AP */ + sme_event_ch_switch(wpa_s); wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_CS); break; #ifdef CONFIG_AP diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index a9202e28a..e699eb5b2 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -2051,6 +2051,7 @@ void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable) static const unsigned int sa_query_max_timeout = 1000; static const unsigned int sa_query_retry_timeout = 201; +static const unsigned int sa_query_ch_switch_max_delay = 5000; /* in usec */ static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s) { @@ -2197,6 +2198,27 @@ void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa, } +void sme_event_ch_switch(struct wpa_supplicant *wpa_s) +{ + unsigned int usec; + u32 _rand; + + if (wpa_s->wpa_state != WPA_COMPLETED) + return; + if (!wpa_sm_ocv_enabled(wpa_s->wpa)) + return; + + wpa_dbg(wpa_s, MSG_DEBUG, "SME: Channel switch completed - " + "trigger new SA Query to verify new operating channel"); + sme_stop_sa_query(wpa_s); + + if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0) + _rand = os_random(); + usec = _rand % (sa_query_ch_switch_max_delay + 1); + eloop_register_timeout(0, usec, sme_sa_query_timer, wpa_s, NULL); +} + + static void sme_process_sa_query_request(struct wpa_supplicant *wpa_s, const u8 *sa, const u8 *data, size_t len) { diff --git a/wpa_supplicant/sme.h b/wpa_supplicant/sme.h index f3c822025..ea20da78f 100644 --- a/wpa_supplicant/sme.h +++ b/wpa_supplicant/sme.h @@ -28,6 +28,7 @@ void sme_event_disassoc(struct wpa_supplicant *wpa_s, struct disassoc_info *info); void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa, const u8 *da, u16 reason_code); +void sme_event_ch_switch(struct wpa_supplicant *wpa_s); void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa, const u8 *data, size_t len); void sme_state_changed(struct wpa_supplicant *wpa_s); From patchwork Mon Aug 6 19:46:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954193 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Kqz1YMiL"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpCn3tb0z9s5K for ; Tue, 7 Aug 2018 05:50:29 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=A8RwHexJjNkGhzqxxih/IMY2kg0afUxETuH2aJN91IM=; b=Kqz1YMiLfpiTvxYd/210RMTk9g wbl87AYEEMoG965XPoLzEntTm+Fs4q7WNTbL580KsjzxHHOQUCGFWhqujuzJ/g7Gl2A3FzdPJvojf KA1BH4d5MX0UUwM6m83OVDsuTRLh3yvJD6vSWGGptuTBvj7jpwfbcp8R0HtK50xNhoa21qYhxWnSZ ceGiR2E78MoenQU2V6QvBoHJGGD+jkeKCDDHEMm14LF0YVkAXXnTiEKT4HZed7pck+f6CdHv7m+u5 8HwWo97uNGJ6m3rsOzQbqkfO65Yj4R24oNzq4ODZieHHs2YS40dWrvlnz0fkz2OTJ+R4LX7elZF20 6iANAlIQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWK-00009u-1w; Mon, 06 Aug 2018 19:50:24 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVU-0007Bx-8S for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:36 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76Jj5TZ018548 for ; Mon, 6 Aug 2018 21:45:05 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiZHD020772 for ; Mon, 6 Aug 2018 21:45:04 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id k2uCjdZFD9cf for ; Mon, 6 Aug 2018 21:44:56 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jimw3020816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:48 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl91019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:47 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 18/25] OCV: Include and verify OCI in the FILS handshake Date: Mon, 6 Aug 2018 15:46:36 -0400 Message-Id: <20180806194643.1328-19-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124932_878791_4789DB9A X-CRM114-Status: GOOD ( 14.44 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Include and verify the OCI element in FILS (Re)Association Request and Response frames. Signed-off-by: Mathy Vanhoef --- src/ap/ieee802_11.c | 29 +++++++++++++++++++++++++++++ src/ap/wpa_auth.c | 21 +++++++++++++++++++++ src/rsn_supp/wpa.c | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index cc0e0f2e1..e7fa9c867 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -21,6 +21,7 @@ #include "common/ieee802_11_common.h" #include "common/wpa_ctrl.h" #include "common/sae.h" +#include "common/ocv.h" #include "radius/radius.h" #include "radius/radius_client.h" #include "p2p/p2p.h" @@ -2744,6 +2745,34 @@ static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, } #endif /* CONFIG_MBO */ +#if defined(CONFIG_FILS) && defined(CONFIG_OCV) + if (wpa_auth_uses_ocv(sta->wpa_sm) && + (sta->auth_alg == WLAN_AUTH_FILS_SK || + sta->auth_alg == WLAN_AUTH_FILS_SK_PFS || + sta->auth_alg == WLAN_AUTH_FILS_PK)) { + struct wpa_channel_info ci; + int tx_chanwidth; + int tx_seg1_idx; + + if (hostapd_drv_channel_info(hapd, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "to validate received OCI in FILS (Re)Assoc"); + return WLAN_STATUS_UNSPECIFIED_FAILURE; + } else if (get_sta_tx_parameters(sta->wpa_sm, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx, &tx_chanwidth, + &tx_seg1_idx) < 0) { + return WLAN_STATUS_UNSPECIFIED_FAILURE; + } + + if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci, + tx_chanwidth, tx_seg1_idx) != 0) { + wpa_printf(MSG_WARNING, ocv_errorstr); + return WLAN_STATUS_UNSPECIFIED_FAILURE; + } + } +#endif /* CONFIG_FILS && CONFIG_OCV */ + ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes, elems.supp_op_classes_len); diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 9e99020f1..51803b3a2 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2569,6 +2569,27 @@ static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm, wpabuf_put(plain, tmp2 - tmp); *len = (u8 *) wpabuf_put(plain, 0) - len - 1; + +#ifdef CONFIG_OCV + if (wpa_auth_uses_ocv(sm)) { + struct wpa_channel_info ci; + u8 *pos; + + if (wpa_channel_info(sm->wpa_auth, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel " + "info for OCI element"); + wpabuf_free(plain); + return NULL; + } + + pos = (u8*)wpabuf_put(plain, OCV_OCI_EXTENDED_LEN); + if (ocv_insert_extended_oci(&ci, pos) < 0) { + wpabuf_free(plain); + return NULL; + } + } +#endif /* CONFIG_OCV */ + return plain; } diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 6eb0d3217..29717a047 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -4047,6 +4047,26 @@ struct wpabuf * fils_build_assoc_req(struct wpa_sm *sm, const u8 **kek, /* TODO: FILS IP Address Assignment */ +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + u8 *pos; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel " + "info for OCI element"); + wpabuf_free(buf); + return NULL; + } + + pos = (u8*)wpabuf_put(buf, OCV_OCI_EXTENDED_LEN); + if (ocv_insert_extended_oci(&ci, pos) < 0) { + wpabuf_free(buf); + return NULL; + } + } +#endif /* CONFIG_OCV */ + wpa_hexdump_buf(MSG_DEBUG, "FILS: Association Request plaintext", buf); *kek = sm->ptk.kek; @@ -4210,6 +4230,25 @@ int fils_process_assoc_resp(struct wpa_sm *sm, const u8 *resp, size_t len) goto fail; } +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "to validate received OCI in FILS (Re)Assoc"); + goto fail; + } + + if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != 0) { + wpa_printf(MSG_WARNING, ocv_errorstr); + goto fail; + } + } +#endif /* CONFIG_OCV */ + /* Key Delivery */ if (!elems.key_delivery) { wpa_printf(MSG_DEBUG, "FILS: No Key Delivery element"); From patchwork Mon Aug 6 19:46:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954187 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="jj26+w8E"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpC06dRhz9ryt for ; Tue, 7 Aug 2018 05:49:48 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=r3yoBTiaOm1aw+sws80tPKugj4slZuQ4Dw8a48nbgEg=; b=jj26+w8EaEWXAekW7cYXay9VmU wMLLdpisNks4fMnqTGJ+dhvEyRW6rvlhG6QVoTO8PsiTUee5pp6+xzw7c3eFz8LO05/nF5yIQWk2V Pvo4lXOy8dJRFW0dh46at48PWrDwrgWSdw9YKIo1utX/kPeDqHiFUYpY15aluo9BCHGCg29aIVfrN 4eRtzTPpm7juDCIuBP+Gv9kK2mRPaqlLBdujD3eA4xi0Pnqh1A63qFbBFuwG2AGzJslCPqTo+5flT /mAjnYgc3Ls32iu0jHmQZaZJjly/QRQvd4lVE3xUOUF/+KI7qIOLgkCvtMqVUepW9fycjckn18iG5 wMmxRZsg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVV-0007Ih-0a; Mon, 06 Aug 2018 19:49:33 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVE-0007Bx-PG for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:18 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76Jj4qV018540 for ; Mon, 6 Aug 2018 21:45:04 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jj4mM020853 for ; Mon, 6 Aug 2018 21:45:04 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id 4JHXqtinwhHo for ; Mon, 6 Aug 2018 21:44:56 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JioM5020817 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:50 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl92019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:50 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 19/25] OCV: Include and verify OCI in the AMPE handshake Date: Mon, 6 Aug 2018 15:46:37 -0400 Message-Id: <20180806194643.1328-20-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124917_116324_47A3E017 X-CRM114-Status: GOOD ( 15.41 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Include and verify the OCI element in AMPE Open and Confirm frames. Note that the OCI element is included even if the other STA didn't advertise support of OCV. The OCI element is only required and verified if both peers support OCV. Signed-off-by: Mathy Vanhoef --- wpa_supplicant/mesh_mpm.c | 70 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/wpa_supplicant/mesh_mpm.c b/wpa_supplicant/mesh_mpm.c index fd5b90a42..2f8f79251 100644 --- a/wpa_supplicant/mesh_mpm.c +++ b/wpa_supplicant/mesh_mpm.c @@ -12,6 +12,7 @@ #include "utils/eloop.h" #include "common/ieee802_11_defs.h" #include "common/hw_features_common.h" +#include "common/ocv.h" #include "ap/hostapd.h" #include "ap/sta_info.h" #include "ap/ieee802_11.h" @@ -245,6 +246,11 @@ static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s, #endif /* CONFIG_IEEE80211AC */ if (type != PLINK_CLOSE) buf_len += conf->rsn_ie_len; /* RSN IE */ +#ifdef CONFIG_OCV + /* OCI is included even when the other STA doesn't support OCV */ + if (type != PLINK_CLOSE && conf->ocv) + buf_len += OCV_OCI_EXTENDED_LEN; +#endif buf = wpabuf_alloc(buf_len); if (!buf) @@ -356,6 +362,23 @@ static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s, } #endif /* CONFIG_IEEE80211AC */ +#ifdef CONFIG_OCV + if (type != PLINK_CLOSE && conf->ocv) { + struct wpa_channel_info ci; + u8 *pos; + + if (wpa_drv_channel_info(wpa_s, &ci) != 0) { + wpa_printf(MSG_WARNING, "Failed to get channel info " + "for OCI element"); + goto fail; + } + + pos = (u8*)wpabuf_put(buf, OCV_OCI_EXTENDED_LEN); + if (ocv_insert_extended_oci(&ci, pos) < 0) + goto fail; + } +#endif /* CONFIG_OCV */ + if (ampe && mesh_rsn_protect_frame(wpa_s->mesh_rsn, sta, cat, buf)) { wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: failed to add AMPE and MIC IE"); @@ -1196,6 +1219,53 @@ void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s, } return; } + +#ifdef CONFIG_OCV + if (action_field == PLINK_OPEN && elems.rsn_ie) { + struct wpa_state_machine *sm = sta->wpa_sm; + struct wpa_ie_data data; + + int res = wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, + elems.rsn_ie_len + 2, + &data); + if (res) { + wpa_printf(MSG_DEBUG, + "Failed to parse RSN IE (res=%d)", + res); + wpa_hexdump(MSG_DEBUG, "RSN IE", elems.rsn_ie, + elems.rsn_ie_len); + return; + } + + wpa_auth_set_ocv(sm, mconf->ocv && (data.capabilities + & WPA_CAPABILITY_OCVC)); + } + + if (action_field != PLINK_CLOSE + && wpa_auth_uses_ocv(sta->wpa_sm)) { + struct wpa_channel_info ci; + int tx_chanwidth; + int tx_seg1_idx; + + if (wpa_drv_channel_info(wpa_s, &ci) != 0) { + wpa_printf(MSG_WARNING, + "Failed to get channel info to validate " + "received OCI in MPM Confirm"); + return; + } else if (get_tx_parameters(sta, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx, &tx_chanwidth, + &tx_seg1_idx) < 0) { + return; + } + + if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci, + tx_chanwidth, tx_seg1_idx) != 0) { + wpa_printf(MSG_WARNING, ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ } if (sta->plink_state == PLINK_BLOCKED) { From patchwork Mon Aug 6 19:46:38 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954210 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="W+daidSr"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpGs55wCz9ryt for ; Tue, 7 Aug 2018 05:53:09 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=8IznsElj7P4AaE6uNqXf/msqHCprJfuVtDwB2UplZ9c=; b=W+daidSrSG6J/7i9WL0Qgr+ThJ mvfWZYCZB0NLFC4PfhZ+iOgRVaJobJWnEMEnAKGMDYUR4eVfqTTwkv7XgNnZghUbsAiTjcYPDQ22C CBgP89empaFjM/X2GqPgMA24HEiBfWdM5O3qHNyU5gb/cxtUL/QpX+gbuuFOeT881uCF1e1S9Ef5w w17qkpNW0sOI+tVHkCnAbzY940+7AlsWU0IMvIiXAQcPP50FT/HHtagxqJanC104/HNphoHbm8utw p+qiXk49F5Wonq6AaoRek4IYCteHtmHhj+9+aC90PYLPOHTiZ1y42cTBrsXMISvpS/VMfPsMkgSsa xPKzDAOw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlYu-0004XA-DA; Mon, 06 Aug 2018 19:53:04 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXt-0007Bx-ND for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:52:48 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76Jj5Ww018545 for ; Mon, 6 Aug 2018 21:45:05 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiZqj020773 for ; Mon, 6 Aug 2018 21:45:04 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id UdvFUvSrqnvN for ; Mon, 6 Aug 2018 21:44:56 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jir1c020818 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:53 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl93019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:53 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 20/25] OCV: Test OCI validation in the 4-way and group key handshake Date: Mon, 6 Aug 2018 15:46:38 -0400 Message-Id: <20180806194643.1328-21-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_125202_633435_9FDF5F89 X-CRM114-Status: GOOD ( 14.97 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Perform detailed tests with OCV enabled, for both the 4-way and group key handshake. These tests include establishing a working connection with OCV enabled, assuring that a STA without OCV enabled can still connect to a STA with OCV enabled (and vise versa), verifying that invalid OCI elements get silently ignored, verifying that missing OCI elements are reported, and so on. Signed-off-by: Mathy Vanhoef --- tests/hwsim/test_ocv.py | 577 +++++++++++++++++++++++++++++++++++ tests/hwsim/wpasupplicant.py | 2 +- 2 files changed, 578 insertions(+), 1 deletion(-) create mode 100644 tests/hwsim/test_ocv.py diff --git a/tests/hwsim/test_ocv.py b/tests/hwsim/test_ocv.py new file mode 100644 index 000000000..21a4f5aae --- /dev/null +++ b/tests/hwsim/test_ocv.py @@ -0,0 +1,577 @@ +# WPA2-Personal OCV tests +# Copyright (c) 2018, Mathy Vanhoef +# +# This software may be distributed under the terms of the BSD license. +# See README for more details + +from remotehost import remote_compatible +import binascii, struct +import logging, time +logger = logging.getLogger() + +import hostapd +from wpasupplicant import WpaSupplicant +import hwsim_utils + +from test_ap_psk import * + +#TODO: Refuse setting up AP with OCV but without MFP support +#TODO: Refuse to connect to AP that advertises OCV but not MFP + +def make_ocikde(op_class, channel, seg1_idx): + WLAN_EID_VENDOR_SPECIFIC = 221 + RSN_KEY_DATA_OCI = "\x00\x0f\xac\x0d" + + data = RSN_KEY_DATA_OCI + struct.pack("Q', replay_counter) + msg['rsn_key_nonce'] = binascii.unhexlify('0000000000000000000000000000000000000000000000000000000000000000') + msg['rsn_key_iv'] = binascii.unhexlify('00000000000000000000000000000000') + msg['rsn_key_rsc'] = binascii.unhexlify('0000000000000000') + msg['rsn_key_id'] = binascii.unhexlify('0000000000000000') + msg['rsn_key_data_len'] = len(key_data) + msg['rsn_key_data'] = key_data + eapol_key_mic(kck, msg) + return msg + +def build_eapol_key_2_2(kck, key_data, replay_counter=3, key_info=0x0302, + extra_len=0, descr_type=2, key_len=16): + return build_eapol_key_1_2(kck, key_data, replay_counter, key_info, + extra_len, descr_type, key_len) + + +@remote_compatible +def test_wpa2_ocv(dev, apdev): + params = { "channel": "1", "ieee80211w": "2", "ocv": "1" } + hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params) + for ocv in range(2): + dev[0].connect(ssid, psk=passphrase, scan_freq="2412", ocv=str(ocv), ieee80211w="1") + +@remote_compatible +def test_wpa2_ocv_5ghz(dev, apdev): + params = { "hw_mode": "a", "channel": "40", "ieee80211w": "2", "country_code": "US", "ocv": "1" } + hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params) + for ocv in range(2): + dev[0].connect(ssid, psk=passphrase, scan_freq="5200", ocv=str(ocv), ieee80211w="1") + +@remote_compatible +def test_wpa2_ocv_ht20(dev, apdev): + params = { "channel": "6", "ieee80211n": "1", "ieee80211w": "1", "ocv": "1"} + hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params) + for ocv in range(2): + dev[0].connect(ssid, psk=passphrase, scan_freq="2437", ocv=str(ocv), ieee80211w="1", disable_ht="1") + dev[1].connect(ssid, psk=passphrase, scan_freq="2437", ocv=str(ocv), ieee80211w="1") + +@remote_compatible +def test_wpa2_ocv_ht40(dev, apdev): + for channel, capab, freq, mode in [( "6", "[HT40-]", "2437", "g"), + ( "6", "[HT40+]", "2437", "g"), + ("40", "[HT40-]", "5200", "a"), + ("36", "[HT40+]", "5180", "a")]: + params = { "hw_mode": mode, "channel": channel, "country_code": "US", "ieee80211n": "1", + "ht_capab": capab, "ieee80211w": "1", "ocv": "1"} + hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params) + for ocv in range(2): + dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_ht="1") + dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1") + reset_ap(apdev[0]) + +@remote_compatible +def test_wpa2_ocv_vht40(dev, apdev): + for channel, capab, freq in [("40", "[HT40-]", "5200"), + ("36", "[HT40+]", "5180")]: + params = { "hw_mode": "a", "channel": channel, "country_code": "US", + "ht_capab": capab, "ieee80211n": "1", "ieee80211ac": "1", + "vht_oper_chwidth": "0", "vht_oper_centr_freq_seg0_idx": "38", + "ieee80211w": "1", "ocv": "1"} + hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params) + for ocv in range(2): + dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_ht="1") + dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_vht="1") + dev[2].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1") + reset_ap(apdev[0]) + +@remote_compatible +def test_wpa2_ocv_vht80(dev, apdev): + for channel, capab, freq in [("40", "[HT40-]", "5200"), + ("36", "[HT40+]", "5180")]: + params = { "hw_mode": "a", "channel": channel, "country_code": "US", + "ht_capab": capab, "ieee80211n": "1", "ieee80211ac": "1", + "vht_oper_chwidth": "1", "vht_oper_centr_freq_seg0_idx": "42", + "ieee80211w": "1", "ocv": "1"} + hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params) + for ocv in range(2): + dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_ht="1") + dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_vht="1") + dev[2].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1") + reset_ap(apdev[0]) + +@remote_compatible +def test_wpa2_ocv_vht160(dev, apdev): + for channel, capab, freq in [("100", "[HT40+]", "5500"), + ("104", "[HT40-]", "5520")]: + params = { "hw_mode": "a", "channel": channel, "country_code": "ZA", + "ht_capab": capab, "ieee80211n": "1", "ieee80211ac": "1", + "vht_oper_chwidth": "2", "vht_oper_centr_freq_seg0_idx": "114", + "ieee80211w": "1", "ocv": "1"} + hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params) + for ocv in range(2): + dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_ht="1") + dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_vht="1") + dev[2].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1") + reset_ap(apdev[0]) + +@remote_compatible +def test_wpa2_ocv_vht80plus80(dev, apdev): + for channel, capab, freq in [("36", "[HT40+]", "5180"), + ("40", "[HT40-]", "5200")]: + params = { "hw_mode": "a", "channel": channel, "country_code": "US", + "ht_capab": capab, "ieee80211n": "1", "ieee80211ac": "1", + "vht_oper_chwidth": "3", "vht_oper_centr_freq_seg0_idx": "42", + "vht_oper_centr_freq_seg1_idx": "155", "ieee80211w": "1", + "ieee80211d": "1", "ieee80211h": "1", "ocv": "1"} + hapd, ssid, passphrase = ocv_setup_ap(apdev[0], params) + for ocv in range(2): + dev[0].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_ht="1") + dev[1].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1", disable_vht="1") + dev[2].connect(ssid, psk=passphrase, scan_freq=freq, ocv=str(ocv), ieee80211w="1") + reset_ap(apdev[0]) + + +class APConnection: + def init_params(self): + # Static parameters + self.ssid = "test-wpa2-ocv" + self.passphrase = "qwertyuiop" + self.psk = "c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7" + + # Dynamic parameters + self.hapd = None + self.addr = None + self.rsne = None + self.kck = None + self.kek = None + self.msg = None + self.bssid = None + self.anonce = None + self.snonce = None + + def __init__(self, apdev, dev, params): + self.init_params() + + # By default, OCV is enabled for both the client and AP. The following + # parameters can be used to disable OCV for the client or AP. + ap_ocv = params.pop("ap_ocv", "1") + sta_ocv = params.pop("sta_ocv", "1") + + freq = params.pop("freq") + params.update(hostapd.wpa2_params(ssid=self.ssid, passphrase=self.passphrase)) + params["wpa_pairwise_update_count"] = "10" + params["ocv"] = ap_ocv + self.hapd = hostapd.add_ap(apdev, params) + self.hapd.request("SET ext_eapol_frame_io 1") + dev.request("SET ext_eapol_frame_io 1") + + self.bssid = apdev['bssid'] + pmk = binascii.unhexlify("c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7") + + if sta_ocv != "0": + self.rsne = binascii.unhexlify("301a0100000fac040100000fac040100000fac0280400000000fac06") + else: + self.rsne = binascii.unhexlify("301a0100000fac040100000fac040100000fac0280000000000fac06") + self.snonce = binascii.unhexlify('1111111111111111111111111111111111111111111111111111111111111111') + + dev.connect(self.ssid, raw_psk=self.psk, scan_freq=freq, ocv=sta_ocv, ieee80211w="1", wait_connect=False) + self.addr = dev.p2p_interface_addr() + + # Wait for EAPOL-Key msg 1/4 from hostapd to determine when associated + self.msg = recv_eapol(self.hapd) + self.anonce = self.msg['rsn_key_nonce'] + (ptk, self.kck, self.kek) = pmk_to_ptk(pmk, self.addr, self.bssid, self.snonce,self.anonce) + + + # hapd, addr, rsne, kck, msg, anonce, snonce + def test_bad_oci(self, logmsg, op_class, channel, seg1_idx): + logger.debug("Bad OCI element: " + logmsg) + if op_class is None: + ocikde = "" + else: + ocikde = make_ocikde(op_class, channel, seg1_idx) + + reply_eapol("2/4", self.hapd, self.addr, self.msg, 0x010a, self.snonce, self.rsne + ocikde, self.kck) + self.msg = recv_eapol(self.hapd) + if self.anonce != self.msg['rsn_key_nonce'] or self.msg["rsn_key_info"] != 138: + raise Exception("Didn't receive retransmitted 1/4") + + def confirm_valid_oci(self, op_class, channel, seg1_idx): + logger.debug("Valid OCI element to complete handshake") + ocikde = make_ocikde(op_class, channel, seg1_idx) + + reply_eapol("2/4", self.hapd, self.addr, self.msg, 0x010a, self.snonce, self.rsne + ocikde, self.kck) + self.msg = recv_eapol(self.hapd) + if self.anonce != self.msg['rsn_key_nonce'] or self.msg["rsn_key_info"] != 5066: + raise Exception("Didn't receive 3/4 in response to valid 2/4") + + reply_eapol("4/4", self.hapd, self.addr, self.msg, 0x030a, None, None, self.kck) + hapd_connected(self.hapd) + +@remote_compatible +def test_wpa2_ocv_ap_mismatch(dev, apdev): + params = { "channel": "1", "ieee80211w": "1", "freq": "2412"} + conn = APConnection(apdev[0], dev[0], params) + conn.test_bad_oci("element missing", None, 0, 0) + conn.test_bad_oci("wrong channel number", 81, 6, 0) + conn.test_bad_oci("invalid channel number", 81, 0, 0) + conn.test_bad_oci("wrong operating class", 80, 0, 0) + conn.test_bad_oci("invalid operating class", 0, 0, 0) + conn.confirm_valid_oci(81, 1, 0) + +@remote_compatible +def test_wpa2_ocv_ap_ht_mismatch(dev, apdev): + params = { "channel": "6", "ht_capab": "[HT40-]", "ieee80211w": "1", + "freq": "2437"} + conn = APConnection(apdev[0], dev[0], params) + conn.test_bad_oci("wrong primary channel", 84, 5, 0) + conn.test_bad_oci("lower bandwidth than negotiated", 81, 6, 0) + conn.test_bad_oci("bad upper/lower channel", 83, 6, 0) + conn.confirm_valid_oci(84, 6, 0) + +@remote_compatible +def test_wpa2_ocv_ap_vht80_mismatch(dev, apdev): + params = { "hw_mode": "a", "channel": "36", "country_code": "US", + "ht_capab": "[HT40+]", "ieee80211w": "1", "ieee80211n": "1", + "ieee80211ac": "1", "vht_oper_chwidth": "1", "freq": "5180", + "vht_oper_centr_freq_seg0_idx": "42" } + conn = APConnection(apdev[0], dev[0], params) + conn.test_bad_oci("wrong primary channel", 128, 38, 0) + conn.test_bad_oci("wrong primary channel", 128, 32, 0) + conn.test_bad_oci("smaller bandwidth than negotiated", 116, 36, 0) + conn.test_bad_oci("smaller bandwidth than negotiated", 115, 36, 0) + conn.confirm_valid_oci(128, 36, 0) + +@remote_compatible +def test_wpa2_ocv_ap_vht160_mismatch(dev, apdev): + params = { "hw_mode": "a", "channel": "100", "country_code": "ZA", + "ht_capab": "[HT40+]", "ieee80211w": "1", "ieee80211n": "1", + "ieee80211ac": "1", "vht_oper_chwidth": "2", "freq": "5500", + "vht_oper_centr_freq_seg0_idx": "114", "ieee80211d": "1", + "ieee80211h": "1" } + conn = APConnection(apdev[0], dev[0], params) + conn.test_bad_oci("wrong primary channel", 129, 36, 0) + conn.test_bad_oci("wrong primary channel", 129, 114, 0) + conn.test_bad_oci("smaller bandwidth (20 Mhz) than negotiated", 121, 100, 0) + conn.test_bad_oci("smaller bandwidth (40 Mhz) than negotiated", 122, 100, 0) + conn.test_bad_oci("smaller bandwidth (80 Mhz) than negotiated", 128, 100, 0) + conn.test_bad_oci("using 80+80 channel instead of 160", 130, 100, 155) + conn.confirm_valid_oci(129, 100, 0) + +@remote_compatible +def test_wpa2_ocv_ap_vht80plus80_mismatch(dev, apdev): + params = { "hw_mode": "a", "channel": "36", "country_code": "US", + "ht_capab": "[HT40+]", "ieee80211w": "1", "ieee80211n": "1", + "ieee80211ac": "1", "vht_oper_chwidth": "3", "freq": "5180", + "vht_oper_centr_freq_seg0_idx": "42", "ieee80211d": "1", + "vht_oper_centr_freq_seg1_idx": "155", "ieee80211h": "1" } + conn = APConnection(apdev[0], dev[0], params) + conn.test_bad_oci("using 80 MHz operating class", 128, 36, 155) + conn.test_bad_oci("wrong frequency segment 1", 130, 36, 138) + conn.confirm_valid_oci(130, 36, 155) + +@remote_compatible +def test_wpa2_ocv_ap_unexpected1(dev, apdev): + params = { "channel": "1", "ieee80211w": "1", "ap_ocv": "0", + "sta_ocv": "1", "freq": "2412" } + conn = APConnection(apdev[0], dev[0], params) + logger.debug("Client will send OCI KDE even if it was not negotiated") + conn.confirm_valid_oci(81, 1, 0) + +@remote_compatible +def test_wpa2_ocv_ap_unexpected2(dev, apdev): + params = { "channel": "1", "ieee80211w": "1", "ap_ocv": "1", + "sta_ocv": "0", "freq": "2412" } + conn = APConnection(apdev[0], dev[0], params) + logger.debug("Client will send OCI KDE even if it was not negotiated") + conn.confirm_valid_oci(81, 1, 0) + +@remote_compatible +def test_wpa2_ocv_ap_retransmit_msg3(dev, apdev): + """Verify that manually retransmitted Msg 3/4's also contain a correct OCI""" + bssid = apdev[0]['bssid'] + ssid = "test-wpa2-ocv" + passphrase = "qwertyuiop" + psk = "c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7" + params = hostapd.wpa2_params(ssid=ssid) + params["wpa_psk"] = psk + params["ieee80211w"] = "1" + params["ocv"] = "1" + params['wpa_disable_eapol_key_retries'] = "1" + hapd = hostapd.add_ap(apdev[0], params) + hapd.request("SET ext_eapol_frame_io 1") + dev[0].request("SET ext_eapol_frame_io 1") + dev[0].connect(ssid, psk=passphrase, scan_freq="2412", wait_connect=False, ocv="1", ieee80211w="1") + addr = dev[0].own_addr() + + # EAPOL-Key msg 1/4 + ev = hapd.wait_event(["EAPOL-TX"], timeout=15) + if ev is None: + raise Exception("Timeout on EAPOL-TX from hostapd") + res = dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2]) + if "OK" not in res: + raise Exception("EAPOL_RX to wpa_supplicant failed") + + # EAPOL-Key msg 2/4 + ev = dev[0].wait_event(["EAPOL-TX"], timeout=15) + if ev is None: + raise Exception("Timeout on EAPOL-TX from wpa_supplicant") + res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2]) + if "OK" not in res: + raise Exception("EAPOL_RX to hostapd failed") + + # EAPOL-Key msg 3/4 + ev = hapd.wait_event(["EAPOL-TX"], timeout=15) + if ev is None: + raise Exception("Timeout on EAPOL-TX from hostapd") + logger.info("Drop the first EAPOL-Key msg 3/4") + + # Use normal EAPOL TX/RX to handle retries. + hapd.request("SET ext_eapol_frame_io 0") + dev[0].request("SET ext_eapol_frame_io 0") + + # Manually retransmit EAPOL-Key msg 3/4 + if "OK" not in hapd.request("RESEND_M3 " + addr): + raise Exception("RESEND_M3 failed") + + dev[0].wait_connected() + hwsim_utils.test_connectivity(dev[0], hapd) + +def test_wpa2_ocv_ap_grouphs(dev, apdev): + params = { "channel": "1", "ieee80211w": "1", "freq": "2412", "wpa_strict_rekey": "1" } + conn = APConnection(apdev[0], dev[0], params) + conn.confirm_valid_oci(81, 1, 0) + + conn.hapd.request("SET ext_eapol_frame_io 0") + dev[1].connect(conn.ssid, psk=conn.passphrase, scan_freq="2412", ocv="1", ieee80211w="1") + conn.hapd.request("SET ext_eapol_frame_io 1") + + # Trigger a group key handshake + dev[1].request("DISCONNECT") + dev[0].dump_monitor() + + # Wait for EAPOL-Key msg 1/2 + conn.msg = recv_eapol(conn.hapd) + if conn.msg["rsn_key_info"] != 4994: + raise Exception("Didn't receive 1/2 of group key handshake") + + # Send a EAPOL-Key msg 2/2 with a bad OCI + logger.info("Bad OCI element") + ocikde = make_ocikde(1, 1, 1) + msg = build_eapol_key_2_2(conn.kck, ocikde, replay_counter=3) + conn.hapd.dump_monitor() + send_eapol(conn.hapd, conn.addr, build_eapol(msg)) + + # Wait for retransmitted EAPOL-Key msg 1/2 + conn.msg = recv_eapol(conn.hapd) + if conn.msg["rsn_key_info"] != 4994: + raise Exception("Didn't receive 1/2 of group key handshake") + + # Send a EAPOL-Key msg 2/2 with a good OCI + logger.info("Good OCI element") + ocikde = make_ocikde(81, 1, 0) + msg = build_eapol_key_2_2(conn.kck, ocikde, replay_counter=4) + conn.hapd.dump_monitor() + send_eapol(conn.hapd, conn.addr, build_eapol(msg)) + + # Verify that group key handshake has completed + ev = conn.hapd.wait_event(["EAPOL-TX"], timeout=1) + if not ev is None: + eapol = binascii.unhexlify(ev.split(' ')[2]) + msg = parse_eapol(eapol) + if msg["rsn_key_info"] == 4994: + raise Exception("AP didn't accept 2/2 of group key handshake") + + +class STAConnection: + def init_params(self): + # Static parameters + self.ssid = "test-wpa2-ocv" + self.passphrase = "qwertyuiop" + self.psk = "c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7" + + # Dynamic parameters + self.hapd = None + self.dev = None + self.addr = None + self.rsne = None + self.kck = None + self.kek = None + self.msg = None + self.bssid = None + self.anonce = None + self.snonce = None + self.gtkie = None + self.counter = None + + def __init__(self, apdev, dev, params, sta_params=None): + self.init_params() + self.dev = dev + self.bssid = apdev['bssid'] + + freq = params.pop("freq") + if sta_params is None: + sta_params = dict() + if not "ocv" in sta_params: + sta_params["ocv"] = "1" + if not "ieee80211w" in sta_params: + sta_params["ieee80211w"] = "1" + + params.update(hostapd.wpa2_params(ssid=self.ssid, passphrase=self.passphrase)) + params['wpa_pairwise_update_count'] = "10" + + self.hapd = hostapd.add_ap(apdev, params) + self.hapd.request("SET ext_eapol_frame_io 1") + self.dev.request("SET ext_eapol_frame_io 1") + pmk = binascii.unhexlify("c2c6c255af836bed1b3f2f1ded98e052f5ad618bb554e2836757b55854a0eab7") + + self.gtkie = binascii.unhexlify("dd16000fac010100dc11188831bf4aa4a8678d2b41498618") + if sta_params["ocv"] != "0": + self.rsne = binascii.unhexlify("30140100000fac040100000fac040100000fac028c40") + else: + self.rsne = binascii.unhexlify("30140100000fac040100000fac040100000fac028c00") + + self.dev.connect(self.ssid, raw_psk=self.psk, scan_freq=freq, wait_connect=False, **sta_params) + self.addr = dev.p2p_interface_addr() + + # Forward msg 1/4 from AP to STA + self.msg = recv_eapol(self.hapd) + self.anonce = self.msg['rsn_key_nonce'] + send_eapol(self.dev, self.bssid, build_eapol(self.msg)) + + # Capture msg 2/4 from the STA so we can derive the session keys + self.msg = recv_eapol(dev) + self.snonce = self.msg['rsn_key_nonce'] + (ptk, self.kck, self.kek) = pmk_to_ptk(pmk, self.addr, self.bssid, self.snonce,self.anonce) + + self.counter = struct.unpack('>Q', self.msg['rsn_replay_counter'])[0] + 1 + + + def test_bad_oci(self, logmsg, op_class, channel, seg1_idx, errmsg): + logger.info("Bad OCI element: " + logmsg) + if op_class is None: + ocikde = "" + else: + ocikde = make_ocikde(op_class, channel, seg1_idx) + + plain = self.rsne + self.gtkie + ocikde + wrapped = aes_wrap(self.kek, pad_key_data(plain)) + msg = build_eapol_key_3_4(self.anonce, self.kck, wrapped, replay_counter=self.counter) + + self.dev.dump_monitor() + send_eapol(self.dev, self.bssid, build_eapol(msg)) + self.counter += 1 + + ev = self.dev.wait_event([errmsg], timeout=5) + if ev is None: + raise Exception("Bad OCI not reported") + + + def confirm_valid_oci(self, op_class, channel, seg1_idx): + logger.debug("Valid OCI element to complete handshake") + ocikde = make_ocikde(op_class, channel, seg1_idx) + + plain = self.rsne + self.gtkie + ocikde + wrapped = aes_wrap(self.kek, pad_key_data(plain)) + msg = build_eapol_key_3_4(self.anonce, self.kck, wrapped, replay_counter=self.counter) + + self.dev.dump_monitor() + send_eapol(self.dev, self.bssid, build_eapol(msg)) + self.counter += 1 + + self.dev.wait_connected(timeout=1) + +@remote_compatible +def test_wpa2_ocv_mismatch_client(dev, apdev): + params = { "channel": "1", "ieee80211w": "1", "ocv": "1", "freq": "2412"} + conn = STAConnection(apdev[0], dev[0], params) + conn.test_bad_oci("element missing", None, 0, 0, "did not recieve mandatory OCI") + conn.test_bad_oci("wrong channel number", 81, 6, 0, "primary channel mismatch") + conn.test_bad_oci("invalid channel number", 81, 0, 0, "unable to interpret received OCI") + conn.test_bad_oci("wrong operating class", 80, 0, 0, "unable to interpret received OCI") + conn.test_bad_oci("invalid operating class", 0, 0, 0, "unable to interpret received OCI") + conn.confirm_valid_oci(81, 1, 0) + +@remote_compatible +def test_wpa2_ocv_vht160_mismatch_client(dev, apdev): + params = { "hw_mode": "a", "channel": "100", "country_code": "ZA", + "ht_capab": "[HT40+]", "ieee80211w": "1", "ieee80211n": "1", + "ieee80211ac": "1", "vht_oper_chwidth": "2", "ocv": "1", + "vht_oper_centr_freq_seg0_idx": "114", "freq": "5500", + "ieee80211d": "1", "ieee80211h": "1" } + sta_params = { "disable_vht": "1" } + conn = STAConnection(apdev[0], dev[0], params, sta_params) + conn.test_bad_oci("smaller bandwidth (20 Mhz) than negotiated", 121, 100, 0, "channel bandwidth mismatch") + conn.test_bad_oci("wrong frequency, bandwith, and secondary channel", 123, 104, 0, "primary channel mismatch") + conn.test_bad_oci("wrong upper/lower behaviour", 129, 104, 0, "primary channel mismatch") + + conn.confirm_valid_oci(122, 100, 0) + +def test_wpa2_ocv_sta_grouphs(dev, apdev): + params = { "channel": "1", "ieee80211w": "1", "ocv": "1", "freq": "2412", + "wpa_strict_rekey": "1" } + conn = STAConnection(apdev[0], dev[0], params.copy()) + conn.confirm_valid_oci(81, 1, 0) + + # Send a EAPOL-Key msg 1/2 with a bad OCI + logger.info("Bad OCI element") + plain = conn.gtkie + make_ocikde(1, 1, 1) + wrapped = aes_wrap(conn.kek, pad_key_data(plain)) + msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=3) + send_eapol(dev[0], conn.bssid, build_eapol(msg)) + + # We shouldn't get a EAPOL-Key message back + ev = dev[0].wait_event(["EAPOL-TX"], timeout=1) + if not ev is None: + raise Exception("Received response to invalid EAPOL-Key 1/2") + + # Reset AP to try with valid OCI + reset_ap(apdev[0]) + conn = STAConnection(apdev[0], dev[0], params.copy()) + conn.confirm_valid_oci(81, 1, 0) + + # Send a EAPOL-Key msg 1/2 with a good OCI + logger.info("Good OCI element") + plain = conn.gtkie + make_ocikde(81, 1, 0) + wrapped = aes_wrap(conn.kek, pad_key_data(plain)) + msg = build_eapol_key_1_2(conn.kck, wrapped, replay_counter=4) + send_eapol(dev[0], conn.bssid, build_eapol(msg)) + + # Wait for EAPOL-Key msg 2/2 + conn.msg = recv_eapol(dev[0]) + if conn.msg["rsn_key_info"] != 0x0302: + raise Exception("Didn't receive 2/2 of group key handshake") + +# ex:set ts=4 et: diff --git a/tests/hwsim/wpasupplicant.py b/tests/hwsim/wpasupplicant.py index 78b5f6dc3..f96863f6a 100644 --- a/tests/hwsim/wpasupplicant.py +++ b/tests/hwsim/wpasupplicant.py @@ -1031,7 +1031,7 @@ class WpaSupplicant: "dpp_csign", "dpp_csign_expiry", "dpp_netaccesskey", "dpp_netaccesskey_expiry", "group_mgmt", "owe_group", - "roaming_consortium_selection" ] + "roaming_consortium_selection", "ocv" ] for field in not_quoted: if field in kwargs and kwargs[field]: self.set_network(id, field, kwargs[field]) From patchwork Mon Aug 6 19:46:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954207 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="bAPp00Uc"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="SvOm5WWw"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpGR75hcz9ryt for ; Tue, 7 Aug 2018 05:52:47 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=OLrMweFpi4eZ1OQAFZUHflQ4pQd0/yYUz8VyJYa/PUw=; b=bAPp00UcSD0wV96pHhCce9Vxab KawfzRgvPoWMaJ8vDb7rjYm+4s/TkKkmwahNhNUFu8Oknwe1Eq2lXCFMCBO2wYfzV+Kn6ZRtkYxLO /+nE7hAVzMZO5LoGMm9s0WXdZvrQUc6Ka55Cv4saRDTsrbwaFiHgaRk3UEXAHAiycT9psQhYFv5we 4p45QM9q1Ubrhm0KpCH7pXanqSyBXJTaZlt2I/Fii3iiHuWGM3V0oQRPqWqAdwW1Tkvti4z9ehItf /vIjgKt4yO9k/hYTD9uIagcWss6938LPhMT5nl195h3t9F8JsJnayyKNWqfzXxbavanlbJM2E59X9 9rDLswNA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlYX-00043j-M4; Mon, 06 Aug 2018 19:52:41 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlY0-0002z5-8m for hostap@bombadil.infradead.org; Mon, 06 Aug 2018 19:52:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=WueMf0f43HnYgKCvld9chr3Hg1MK9QUbby4uFpXVP50=; b=SvOm5WWwtuUxek7UFpeqNNSq5 5MOUpycXj34KfMKI25Ehb4hF2AyIxD0JXfagFglU/edJ4eGKxB9Zckwzn05KZJ7WXFVC2PhbNebCW 5qP7oqticns+7T49eJs7/o0niVLv4onG0XF0gOywOB1jgHJqQ6HDlPZAaOQnCCmsgxb6WLdlMriKq JZOoV2GGQ/MLsoD+g3i+B/kj2HNJVRmqU6zI4FR+6BW1LzR4rQU0b0PbbAau4rZjb8PvsEBeKpdBg AXI7JodHnIAhRCZCsnVRMCenPzzAJ72MDl84VNdlGtMADWxcoyXRsaXy83wyZR64eRNj84yP87W26 FcH0VEutA==; Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXx-0003YK-C6 for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:52:06 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76Jj43Q018539 for ; Mon, 6 Aug 2018 21:45:04 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiGlH020726 for ; Mon, 6 Aug 2018 21:45:04 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id hsZI2oDcWyG2 for ; Mon, 6 Aug 2018 21:44:56 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jiusa020827 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:56 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl94019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:55 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 21/25] OCV: Test OCI validation in the FT handshake Date: Mon, 6 Aug 2018 15:46:39 -0400 Message-Id: <20180806194643.1328-22-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_155205_654667_FBB42D92 X-CRM114-Status: GOOD ( 10.47 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on merlin.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Mathy Vanhoef --- tests/hwsim/test_ap_ft.py | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/tests/hwsim/test_ap_ft.py b/tests/hwsim/test_ap_ft.py index 1a3f337eb..95d963fde 100644 --- a/tests/hwsim/test_ap_ft.py +++ b/tests/hwsim/test_ap_ft.py @@ -128,7 +128,7 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, pairwise_cipher="CCMP", group_cipher="TKIP CCMP", ptk_rekey="0", test_connectivity=True, eap_identity="gpsk user", conndev=False, force_initial_conn_to_first_ap=False, sha384=False, - group_mgmt=None): + group_mgmt=None, ocv="0"): logger.info("Connect to first AP") copts = {} @@ -140,6 +140,7 @@ def run_roams(dev, apdev, hapd0, hapd1, ssid, passphrase, over_ds=False, copts["wpa_ptk_rekey"] = ptk_rekey if group_mgmt: copts["group_mgmt"] = group_mgmt + copts["ocv"] = ocv if eap: copts["key_mgmt"] = "FT-EAP-SHA384" if sha384 else "FT-EAP" copts["eap"] = "GPSK" @@ -430,6 +431,22 @@ def run_ap_ft_pmf_bip(dev, apdev, cipher): run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, group_mgmt=cipher) +def test_ap_ft_ocv(dev, apdev): + """WPA2-PSK-FT AP with OCV""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2" + params["ocv"] = "1" + hapd0 = hostapd.add_ap(apdev[0], params) + params = ft_params2(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2" + params["ocv"] = "1" + hapd1 = hostapd.add_ap(apdev[1], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, ocv="1") + def test_ap_ft_over_ds(dev, apdev): """WPA2-PSK-FT AP over DS""" ssid = "test-ft" @@ -444,6 +461,24 @@ def test_ap_ft_over_ds(dev, apdev): check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ]) +def test_ap_ft_over_ds_ocv(dev, apdev): + """WPA2-PSK-FT AP over DS""" + ssid = "test-ft" + passphrase="12345678" + + params = ft_params1(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2" + params["ocv"] = "1" + hapd0 = hostapd.add_ap(apdev[0], params) + params = ft_params2(ssid=ssid, passphrase=passphrase) + params["ieee80211w"] = "2" + params["ocv"] = "1" + hapd1 = hostapd.add_ap(apdev[1], params) + + run_roams(dev[0], apdev, hapd0, hapd1, ssid, passphrase, over_ds=True, ocv="1") + check_mib(dev[0], [ ("dot11RSNAAuthenticationSuiteRequested", "00-0f-ac-4"), + ("dot11RSNAAuthenticationSuiteSelected", "00-0f-ac-4") ]) + def test_ap_ft_over_ds_disabled(dev, apdev): """WPA2-PSK-FT AP over DS disabled""" ssid = "test-ft" From patchwork Mon Aug 6 19:46:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954206 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ZE0da5lt"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="BZyfXvxF"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpGJ2fcBz9ryt for ; Tue, 7 Aug 2018 05:52:40 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=PfrOapQ45DO/8kMtdf6QLyjUHTXzJGGxd/WkpqdM4b0=; b=ZE0da5ltDMvcCgopwOyfISvaAC w9icEj1mpITA7O7wMbC/EQIlDsw/1x6AWrigiOSghx2flLT1J+XDiNXDaFxiOMTTD7JT9/mxDP50J 25ymR8Z76ycC8Z5Nc60tZVauQf6xVTiSe+TO/9w3TXhzmiIxsEIIBMimRMqj8Ko06iXHy0d/n/Agf Pqu+aLWa2+yZpg9vV7zPi+TSucB22yaRPqCe6taV8ZTCmWIwQ1vG94EUXWZDGjPxC/fsmcvhokq/c Pu+rBz06yxNFps34PgvdAdoD5aOGPwhpVgY0Bc5OA6y9qs7H9o1/kwhPAKsFYwuWBXXXsZGLvL17W kcVcJSrQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlYR-0003vg-21; Mon, 06 Aug 2018 19:52:35 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXy-0002z5-Pc for hostap@bombadil.infradead.org; Mon, 06 Aug 2018 19:52:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=h7EzEoWdq0cRc8Nj/YndFLhRMAsLb5b53sRlGneULlE=; b=BZyfXvxF+CYIRMAMxbJDktBgJ 0Ox9sSatz1IhVFT2JPjNenbDQtAZsaD7n6zoQdQ9sAA+p47FbQgUj17kS88y4ABN3bMk1A5JQzZoe zOsqDEeRC5u7UR1++T2/AU4LoqtruCBES+Co0CiCLDhD5eF2cpktlR1VE5qG1lHaATzkMgQOq4fdl dR8ERnwVR3jTK3e68ilq5JGnt5HIqc4/X1xt1CHiTvjCY+Kl2hGBBr7bAuzicubNKjl8AjV5DZT3s 9mqsA/WtjizZDL/+g0PgzNo9v44E3NXWxQK0cQBXXtUJqhb80JAtKZddPQ++pOeC3OAnJMkwiSN0I FExc4cUeg==; Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXw-0003YK-7v for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:52:05 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JjE1F018640 for ; Mon, 6 Aug 2018 21:45:14 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JisNC020819 for ; Mon, 6 Aug 2018 21:45:14 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id JafvfxPNF2NE for ; Mon, 6 Aug 2018 21:45:06 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiwUZ020841 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:44:58 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl95019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:44:58 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 22/25] OCV: Test OCI validation in the FILS handshake Date: Mon, 6 Aug 2018 15:46:40 -0400 Message-Id: <20180806194643.1328-23-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_155204_489696_486E2FFC X-CRM114-Status: GOOD ( 10.68 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on merlin.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Mathy Vanhoef --- tests/hwsim/test_fils.py | 56 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/tests/hwsim/test_fils.py b/tests/hwsim/test_fils.py index 2d531a636..b5017c506 100644 --- a/tests/hwsim/test_fils.py +++ b/tests/hwsim/test_fils.py @@ -181,6 +181,62 @@ def test_fils_sk_pmksa_caching(dev, apdev, params): time.sleep(0.1) hwsim_utils.test_connectivity(dev[0], hapd) +def test_fils_sk_pmksa_caching_ocv(dev, apdev, params): + """FILS SK and PMKSA caching""" + check_fils_capa(dev[0]) + check_erp_capa(dev[0]) + + start_erp_as(apdev[1], msk_dump=os.path.join(params['logdir'], "msk.lst")) + + bssid = apdev[0]['bssid'] + params = hostapd.wpa2_eap_params(ssid="fils") + params['wpa_key_mgmt'] = "FILS-SHA256" + params['auth_server_port'] = "18128" + params['erp_domain'] = 'example.com' + params['fils_realm'] = 'example.com' + params['ieee80211w'] = '1' + params['ocv'] = '1' + hapd = hostapd.add_ap(apdev[0]['ifname'], params) + + dev[0].scan_for_bss(bssid, freq=2412) + dev[0].request("ERP_FLUSH") + id = dev[0].connect("fils", key_mgmt="FILS-SHA256", + eap="PSK", identity="psk.user@example.com", + password_hex="0123456789abcdef0123456789abcdef", + erp="1", scan_freq="2412", ieee80211w="1", ocv="1") + pmksa = dev[0].get_pmksa(bssid) + if pmksa is None: + raise Exception("No PMKSA cache entry created") + + dev[0].request("DISCONNECT") + dev[0].wait_disconnected() + + dev[0].dump_monitor() + dev[0].select_network(id, freq=2412) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED", + "CTRL-EVENT-CONNECTED"], timeout=10) + if ev is None: + raise Exception("Connection using PMKSA caching timed out") + if "CTRL-EVENT-EAP-STARTED" in ev: + raise Exception("Unexpected EAP exchange") + hwsim_utils.test_connectivity(dev[0], hapd) + pmksa2 = dev[0].get_pmksa(bssid) + if pmksa2 is None: + raise Exception("No PMKSA cache entry found") + if pmksa['pmkid'] != pmksa2['pmkid']: + raise Exception("Unexpected PMKID change") + + # Verify EAPOL reauthentication after FILS authentication + hapd.request("EAPOL_REAUTH " + dev[0].own_addr()) + ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) + if ev is None: + raise Exception("EAP authentication did not start") + ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) + if ev is None: + raise Exception("EAP authentication did not succeed") + time.sleep(0.1) + hwsim_utils.test_connectivity(dev[0], hapd) + def test_fils_sk_pmksa_caching_and_cache_id(dev, apdev): """FILS SK and PMKSA caching with Cache Identifier""" check_fils_capa(dev[0]) From patchwork Mon Aug 6 19:46:41 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954189 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="qusR/Yvu"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpCK75K0z9s4v for ; Tue, 7 Aug 2018 05:50:03 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=aTxdG7IFOeYtx0s4ahTa+40PHzSuyhFD/EOkekz9ph0=; b=qusR/YvuiguJx6E3bvVJxVyc2n 3TCtkrR1ZlE6EsqtMRh8/m37BDhGAG7vpneFGoTCQ7EQEO6W7vLbG6AmJWF36w8wgN+uSmC/tCuNG pPTXU1dP2CgwR1fcAF0NBzyW+rF+lgJvOdHzfKW3NnyUtYIo3IOJ2tOzF24X7zaU5BKwkc6L1RgjS N21EyDBCOLucBrwoMKEVgL2znNU0COYgfdmbZu6RNStcKhKKyN7/ekQBerU0hGVGYPdGwiRaL1R+m UXDqLxk0CmWF84drq+teETUSxJgXcIOyn63ZhWzTTnDhUBZlDbk7yAMZfwph6Qx0pa+zzbCQfUP7R ID5sxGJw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVn-0007jo-8O; Mon, 06 Aug 2018 19:49:51 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVL-0007Bx-7m for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:24 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JjFuZ018646 for ; Mon, 6 Aug 2018 21:45:15 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JjEXv020873 for ; Mon, 6 Aug 2018 21:45:14 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id L10WPwYpWzR3 for ; Mon, 6 Aug 2018 21:45:06 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jj1jH020847 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:45:01 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl96019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:45:01 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 23/25] OCV: Test OCI validation in SA Query frames Date: Mon, 6 Aug 2018 15:46:41 -0400 Message-Id: <20180806194643.1328-24-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124923_570741_9490CFEC X-CRM114-Status: GOOD ( 12.00 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Mathy Vanhoef --- tests/hwsim/test_ap_pmf.py | 55 +++++++++++++++++++++++++++++++++++++ wpa_supplicant/ctrl_iface.c | 4 +++ 2 files changed, 59 insertions(+) diff --git a/tests/hwsim/test_ap_pmf.py b/tests/hwsim/test_ap_pmf.py index c60f66d4d..1eb8d8bce 100644 --- a/tests/hwsim/test_ap_pmf.py +++ b/tests/hwsim/test_ap_pmf.py @@ -57,6 +57,61 @@ def test_ap_pmf_required(dev, apdev): dev[1].p2p_interface_addr()) < 1: raise Exception("STA did not reply to SA Query") +@remote_compatible +def test_ocv_sa_query(dev, apdev): + """Test SA Query with OCV""" + ssid = "test-pmf-required" + params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") + params["wpa_key_mgmt"] = "WPA-PSK-SHA256" + params["ieee80211w"] = "2" + params["ocv"] = "1" + hapd = hostapd.add_ap(apdev[0], params) + Wlantest.setup(hapd) + wt = Wlantest() + wt.flush() + wt.add_passphrase("12345678") + dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1", + key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2", + scan_freq="2412") + + # Test that client can handle SA Query with OCI element + if "OK" not in hapd.request("SA_QUERY " + dev[0].own_addr()): + raise Exception("SA_QUERY failed") + time.sleep(0.1) + if wt.get_sta_counter("valid_saqueryresp_tx", apdev[0]['bssid'], + dev[0].own_addr()) < 1: + raise Exception("STA did not reply to SA Query") + + # Test that AP can handle SA Query with OCI element + if "OK" not in dev[0].request("UNPROT_DEAUTH"): + raise Exception("Triggering SA Query from the STA failed") + ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=3) + if not ev is None: + raise Exception("SA Query from the STA failed") + +@remote_compatible +def test_ocv_sa_query_csa(dev, apdev): + """Test SA Query with OCV after channel switch""" + ssid = "test-pmf-required" + params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") + params["wpa_key_mgmt"] = "WPA-PSK-SHA256" + params["ieee80211w"] = "2" + params["ocv"] = "1" + hapd = hostapd.add_ap(apdev[0], params) + Wlantest.setup(hapd) + wt = Wlantest() + wt.flush() + wt.add_passphrase("12345678") + dev[0].connect(ssid, psk="12345678", ieee80211w="1", ocv="1", + key_mgmt="WPA-PSK WPA-PSK-SHA256", proto="WPA2", + scan_freq="2412") + + hapd.request("CHAN_SWITCH 5 2437") + time.sleep(1) + if wt.get_sta_counter("valid_saqueryreq_tx", apdev[0]['bssid'], + dev[0].own_addr()) < 1: + raise Exception("STA did not start SA Query after channel switch") + @remote_compatible def test_ap_pmf_optional(dev, apdev): """WPA2-PSK AP with PMF optional""" diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index fe39c25b7..e1e93fc07 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -56,6 +56,7 @@ #include "drivers/driver.h" #include "mesh.h" #include "dpp_supplicant.h" +#include "sme.h" static int wpa_supplicant_global_iface_list(struct wpa_global *global, char *buf, int len); @@ -10476,6 +10477,9 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, } else if (os_strcmp(buf, "RESEND_ASSOC") == 0) { if (wpas_ctrl_resend_assoc(wpa_s) < 0) reply_len = -1; + } else if (os_strcmp(buf, "UNPROT_DEAUTH") == 0) { + sme_event_unprot_disconnect(wpa_s, wpa_s->bssid, NULL, + WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); #endif /* CONFIG_TESTING_OPTIONS */ } else if (os_strncmp(buf, "VENDOR_ELEM_ADD ", 16) == 0) { if (wpas_ctrl_vendor_elem_add(wpa_s, buf + 16) < 0) From patchwork Mon Aug 6 19:46:42 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mathy Vanhoef X-Patchwork-Id: 954200 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="PRtvN+0k"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpDs0XHJz9ryt for ; Tue, 7 Aug 2018 05:51:25 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=/AwjamDSBD2wztEzVDKfQLrnQPL/4Yyots2WzNKjlXY=; b=PRtvN+0klweQtz4sAFGjliuAB6 yePkgD1Otn2xzspRJUQhgbUcLLL8+d9NnKo2KyEbkdhW5aXgPGOPT+F2nTEPL0wwHWehXMcUGfp58 HnIFgwgD/5IJVAKz0e+1gzIK4OPdDBe3gS3i7rltCmHHMo0b4geC8bMY1cdjxBX+m805I5YEzfnAd XL7e6Rz4fhmR/DasbVyLxIbHQ8rQZKlEjfTnMf3gD2+2NStV4jMlL45wUCe9p1X9PMzIM4WtIpkj4 2FndEhrQNdBd5p+NLT/lkVxeLJ453EIqommMBz+OLFYx8ljMq+HxGfrSuhBuvYIAQ9c91a8ZVBimn yB8iurew==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlXD-0001k6-8M; Mon, 06 Aug 2018 19:51:19 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWD-0007Bx-K2 for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:50:39 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JjEU6018643 for ; Mon, 6 Aug 2018 21:45:14 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiPst020752 for ; Mon, 6 Aug 2018 21:45:14 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id I_3zghWi13_Z for ; Mon, 6 Aug 2018 21:45:06 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (oryx.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jj59J020858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:45:05 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl97019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:45:04 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 24/25] OCV: Test OCI validation in WNM-Sleep Exit frames Date: Mon, 6 Aug 2018 15:46:42 -0400 Message-Id: <20180806194643.1328-25-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_125018_685067_322D0919 X-CRM114-Status: GOOD ( 10.68 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Mathy Vanhoef --- tests/hwsim/test_wnm.py | 121 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/tests/hwsim/test_wnm.py b/tests/hwsim/test_wnm.py index 3f9a4460f..14d8de9b5 100644 --- a/tests/hwsim/test_wnm.py +++ b/tests/hwsim/test_wnm.py @@ -280,6 +280,115 @@ def test_wnm_sleep_mode_rsn_pmf(dev, apdev): raise Exception("No connection event received from hostapd") check_wnm_sleep_mode_enter_exit(hapd, dev[0]) +@remote_compatible +def test_wnm_sleep_mode_rsn_ocv(dev, apdev): + """WNM Sleep Mode - RSN with OCV""" + params = hostapd.wpa2_params("test-wnm-rsn", "12345678") + params["wpa_key_mgmt"] = "WPA-PSK-SHA256" + params["ieee80211w"] = "2" + params["ocv"] = "1" + params["time_advertisement"] = "2" + params["time_zone"] = "EST5" + params["wnm_sleep_mode"] = "1" + params["bss_transition"] = "1" + hapd = hostapd.add_ap(apdev[0], params) + + Wlantest.setup(hapd) + wt = Wlantest() + wt.flush() + wt.add_passphrase("12345678") + + dev[0].connect("test-wnm-rsn", psk="12345678", ieee80211w="2", ocv="1", + key_mgmt="WPA-PSK-SHA256", proto="WPA2", scan_freq="2412") + ev = hapd.wait_event([ "AP-STA-CONNECTED" ], timeout=5) + if ev is None: + raise Exception("No connection event received from hostapd") + check_wnm_sleep_mode_enter_exit(hapd, dev[0]) + + # Check if OCV succeeded or failed + ev = dev[0].wait_event([ "OCV failed" ], timeout=1) + if not ev is None: + raise Exception("OCI verification failed: " + ev) + +@remote_compatible +def test_wnm_sleep_mode_rsn_badocv(dev, apdev): + """WNM Sleep Mode - RSN with OCV and bad OCI elements""" + ssid = "test-wnm-pmf" + params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678") + params["wpa_key_mgmt"] = "WPA-PSK-SHA256" + params["ieee80211w"] = "2" + params["ocv"] = "1" + params['wnm_sleep_mode'] = '1' + hapd = hostapd.add_ap(apdev[0], params) + bssid = apdev[0]['bssid'] + dev[0].connect(ssid, psk="12345678", key_mgmt="WPA-PSK-SHA256", ocv="1", + proto="WPA2", ieee80211w="2", scan_freq="2412") + dev[0].request("WNM_SLEEP enter") + time.sleep(0.1) + + msg = { 'fc': MGMT_SUBTYPE_ACTION << 4, + 'da': bssid, + 'sa': dev[0].own_addr(), + 'bssid': bssid } + + logger.debug("WNM Sleep Mode Request - Missing OCI element") + msg['payload'] = struct.pack(" X-Patchwork-Id: 954196 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cs.kuleuven.be Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="gF7vDaoc"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41kpDF3hCkz9ryt for ; Tue, 7 Aug 2018 05:50:53 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=Tj0IM6XkWmj5MKaF4op8RQHoLPgxjHaFGj6PkQT/eBU=; b=gF7vDaoc7XinEJNKgXQIZ6wcMf VO2aCTcDZRgjo+wr2LEYbcw1UcDRQMOQGcA/vrvTHxpZXKwEWspCKSMf0+0ly5r801iTFkBqEY3+1 +xqKPt3tar8J2X8v0+dkKr5FtsnlqH75conMZFL6U8CJESlKV/ZfDSd+XX0N5w1kXOtWfW0loCDDW nCRDog3Di6X0Qkk/F4lUMzDCmSmSops3wUL4RI9wN4dnyRyPuTBQLfWpORPqgula++uI2ofvI7ccj y3MPdxapX2DIe5JloWh8aFJfJVWaP6HRPgXr/ht9D5U5RbcEzq27sPsJW1cWdvSuW24oRNN4imRwG Af1nvjTA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlWi-0000s7-ER; Mon, 06 Aug 2018 19:50:48 +0000 Received: from vmailrelay1.cs.kuleuven.be ([2a02:2c40:0:a000::118] helo=hermes4.cs.kuleuven.be) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fmlVl-0007Bx-Ul for hostap@lists.infradead.org; Mon, 06 Aug 2018 19:49:55 +0000 Received: from dr-zook.cs.kuleuven.be. (vdr-zook1.cs.kuleuven.be [IPv6:2a02:2c40:500:a005::12c]) by hermes4.cs.kuleuven.be. with ESMTP id w76JjNEY018653 for ; Mon, 6 Aug 2018 21:45:23 +0200 Received: from localhost (localhost [127.0.0.1]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76JiZHE020772 for ; Mon, 6 Aug 2018 21:45:23 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dr-zook.cs.kuleuven.be. X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Virus-Scanned: Debian amavisd-new at dr-zook.cs.kuleuven.be Received: from dr-zook.cs.kuleuven.be. ([127.0.0.1]) by localhost (dr-zook.cs.kuleuven.be [127.0.0.1]) (amavisd-new, port 10023) with LMTP id lMEZ0PXG8jLb for ; Mon, 6 Aug 2018 21:45:16 +0200 (CEST) Received: from oryx.cs.kuleuven.be. (mail4.cs.kuleuven.be [IPv6:2a02:2c40:0:a000::122]) by dr-zook.cs.kuleuven.be. (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jj7jw020872 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 6 Aug 2018 21:45:08 +0200 Received: from localhost.localdomain (ip-83-134-207-58.dsl.scarlet.be [83.134.207.58]) (authenticated bits=0) by oryx.cs.kuleuven.be. (A_Good_MTA/8.14.4/Debian-4.1ubuntu1) with ESMTP id w76Jhl98019837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 6 Aug 2018 21:45:07 +0200 From: Maty Vanhoef To: hostap@lists.infradead.org Subject: [PATCH 25/25] OCV: Test OCI validation in the AMPE handshake Date: Mon, 6 Aug 2018 15:46:43 -0400 Message-Id: <20180806194643.1328-26-Mathy.Vanhoef@cs.kuleuven.be> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> References: <20180806194643.1328-1-Mathy.Vanhoef@cs.kuleuven.be> X-Scanned-By: MIMEDefang 2.73 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180806_124950_963806_D75FC41D X-CRM114-Status: GOOD ( 10.42 ) X-Spam-Score: -0.0 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maty Vanhoef MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Signed-off-by: Mathy Vanhoef --- tests/hwsim/test_wpas_mesh.py | 103 +++++++++++++++++++++++++++++++++- 1 file changed, 102 insertions(+), 1 deletion(-) diff --git a/tests/hwsim/test_wpas_mesh.py b/tests/hwsim/test_wpas_mesh.py index 5feb9bee5..31c11e26e 100644 --- a/tests/hwsim/test_wpas_mesh.py +++ b/tests/hwsim/test_wpas_mesh.py @@ -305,7 +305,7 @@ def _test_mesh_open_rssi_threshold(dev, apdev, value, expected): ": " + str(mesh_rssi_threshold)) def add_mesh_secure_net(dev, psk=True, pmf=False, pairwise=None, group=None, - sae_password=False, sae_password_id=None): + sae_password=False, sae_password_id=None, ocv=False): id = dev.add_network() dev.set_network(id, "mode", "5") dev.set_network_quoted(id, "ssid", "wpas-mesh-sec") @@ -323,6 +323,8 @@ def add_mesh_secure_net(dev, psk=True, pmf=False, pairwise=None, group=None, dev.set_network(id, "pairwise", pairwise) if group: dev.set_network(id, "group", group) + if ocv: + dev.set_network(id, "ocv", "1") return id def test_wpas_mesh_secure(dev, apdev): @@ -437,6 +439,105 @@ def test_mesh_secure_pmf(dev, apdev): # Test connectivity 0->1 and 1->0 hwsim_utils.test_connectivity(dev[0], dev[1]) +def test_mesh_secure_ocv(dev, apdev): + """Secure mesh network connectivity with OCV enabled""" + check_mesh_support(dev[0], secure=True) + dev[0].request("SET sae_groups ") + id = add_mesh_secure_net(dev[0], pmf=True, ocv=True) + dev[0].mesh_group_add(id) + dev[1].request("SET sae_groups ") + id = add_mesh_secure_net(dev[1], pmf=True, ocv=True) + dev[1].mesh_group_add(id) + + # Check for mesh joined + check_mesh_group_added(dev[0]) + check_mesh_group_added(dev[1]) + + # Check for peer connected + check_mesh_peer_connected(dev[0]) + check_mesh_peer_connected(dev[1]) + + # Test connectivity 0->1 and 1->0 + hwsim_utils.test_connectivity(dev[0], dev[1]) + +def test_mesh_secure_ocv_compat(dev, apdev): + """Secure mesh network where only one peer has OCV enabled""" + check_mesh_support(dev[0], secure=True) + dev[0].request("SET sae_groups ") + id = add_mesh_secure_net(dev[0], pmf=True, ocv=True) + dev[0].mesh_group_add(id) + dev[1].request("SET sae_groups ") + id = add_mesh_secure_net(dev[1], pmf=True, ocv=False) + dev[1].mesh_group_add(id) + + # Check for mesh joined + check_mesh_group_added(dev[0]) + check_mesh_group_added(dev[1]) + + # Check for peer connected + check_mesh_peer_connected(dev[0]) + check_mesh_peer_connected(dev[1]) + + # Test connectivity 0->1 and 1->0 + hwsim_utils.test_connectivity(dev[0], dev[1]) + +def test_mesh_secure_ocv_mix_legacy(dev, apdev): + """Mesh network with a VHT STA and a legacy STA under OCV""" + subprocess.call(['iw', 'reg', 'set', 'AZ']) + + check_mesh_support(dev[0], secure=True) + dev[0].request("SET sae_groups ") + id = add_mesh_secure_net(dev[0], pmf=True, ocv=True) + dev[0].set_network(id, "frequency", "5200") + dev[0].set_network(id, "max_oper_chwidth", "2") + dev[0].mesh_group_add(id) + + dev[1].request("SET sae_groups ") + id = add_mesh_secure_net(dev[1], pmf=True, ocv=True) + dev[1].set_network(id, "frequency", "5200") + dev[1].set_network(id, "disable_vht", "1") + dev[1].set_network(id, "disable_ht40", "1") + dev[1].mesh_group_add(id) + + # Check for mesh joined + check_mesh_group_added(dev[0]) + check_mesh_group_added(dev[1]) + + # Check for peer connected + check_mesh_peer_connected(dev[0]) + check_mesh_peer_connected(dev[1]) + + # Test connectivity 0->1 and 1->0 + hwsim_utils.test_connectivity(dev[0], dev[1]) + +def test_mesh_secure_ocv_mix_ht(dev, apdev): + """Mesh network with a VHT STA and a HT STA under OCV""" + subprocess.call(['iw', 'reg', 'set', 'AZ']) + + check_mesh_support(dev[0], secure=True) + dev[0].request("SET sae_groups ") + id = add_mesh_secure_net(dev[0], pmf=True, ocv=True) + dev[0].set_network(id, "frequency", "5200") + dev[0].set_network(id, "max_oper_chwidth", "2") + dev[0].mesh_group_add(id) + + dev[1].request("SET sae_groups ") + id = add_mesh_secure_net(dev[1], pmf=True, ocv=True) + dev[1].set_network(id, "frequency", "5200") + dev[1].set_network(id, "disable_vht", "1") + dev[1].mesh_group_add(id) + + # Check for mesh joined + check_mesh_group_added(dev[0]) + check_mesh_group_added(dev[1]) + + # Check for peer connected + check_mesh_peer_connected(dev[0]) + check_mesh_peer_connected(dev[1]) + + # Test connectivity 0->1 and 1->0 + hwsim_utils.test_connectivity(dev[0], dev[1]) + def run_mesh_secure(dev, cipher): if cipher not in dev[0].get_capability("pairwise"): raise HwsimSkip("Cipher %s not supported" % cipher)