[v9,00/16] Seamless PTK rekeys

This patch series was previously called "Support seamless PTK rekeys with
Extended Key ID" and is addressing issues in the v8 version but is now
also fundamentally changing PTK rekeying without Extended Key ID.

I originally planned to submit that as a stand alone patch series but
there are some interactions between the two where it's useful to see how
they are envisioned to act together.
So the PTK0 rekey handling is now just tagged to the beginning of the series.

The Extended Key ID patches build on top of it and together should finally
address PTK rekeying in the best way possible: We refuse to rekey a PTK and
enforce a reconnect when asked to do so when not using Extended Key ID. This
is still problematic, especially for AP mode where we can't control how fast the
reconnect will be. And knowing that there is next to no chance Extended
Key ID can be used...

Unfortunately it seems to be the only way to handle all the broken drivers
not able to rekey out in the wild. And with the knowledge that at least one
card/driver is compromising the security (ath9k with mac80211 from any
kernel < 4.20) it looks like we'll be better off to only rekey when we
are either sure it's safe or the user is explicit instructing us to do
so.

The assumption is now, that PTK rekeying is hardly done and there are
even fewer setups where this is really working as it should. The most
likely users rekeying the PTK are the ones running one of the WPA-EAP
modes, which at least in some cases (e.g. hostapd and also some Cisco
concentrators) reauthenticate by default every hour.

The other big - but still minor compared to the point above -  change in v9 of
the series is the already discussed "fix" for the proposed key_type API to a
solution based on flags.

The series also assume that the ap_rsn_ie variable is no longer cleared
during the connection handshakes for OWE, e.g. by applying the patch
 wpa_supplicant: Don't incorrectly clear ie scan data
or the more aggressive variant
 wpa_supplicant: Correct IE validation when beacons don't have any

Without that some OWE connection will fail when both ends agree to use
Extended Key ID.

Patch version 9:
 - By default refuse to rekey PTKs without Extended Key ID, enforcing a
   reconnect but allow the user to control the bahavior
 - Replace the problematic key_flag API with a more flexible and correct
   key_flag API
 - proper integration of PTK rekey handling
 - handle_extended_key_id() for wpa_supplicant no longer needs the rsn_ie
   as an argument and uses the ap_rsn_ie instead.
 - take over wpa_extended_key_id setting when starting an AP from
   wpa_supplicant.
 - OSEN/HS20 Extended Key ID support preparations have been removed.
   They seems to be incompatible to each other.
 - added proper config variable checks
 - Updated documentation (config files and in the code)
 - Some minor tweaks to nl80211 key install handling and logging
 - Rekey timer now starts after installing the pairwise key for RX (not
   when we set it for RX/TX)
 - simplified the Extended Key ID detection and handling in the tests
 - merged and reordered some patches and chunks
 - rebased to ecd54bace
 - updated commit subjects and logs

Patch version 8:
 - Dropped the first two (already merged) patches
 - Rebased to cf28cfc12 and updated commit descriptions
 - Incorporated changes discussed so far
 - Moved the "drop set_tx" patch to a more logical place
 - Included a minor fix for wlantest (non-zero keyID check)

Patch version 7 (aka v6a):
 - Improved TKIP detection (nicer logs and better logic)
 - Also use config checks for Extended Key ID activation, not only
   runtime
 - Simplify runtime checks due to the now existing config checks
 - Fixes some key_type for both hostap and wpa_supplicant
 - nl80211 now denies to install a pairwise key with the
   KEY_TYPE_DEFAULT set and has other minor cleanups
 - Fixes the bitmask for pairwise keys for consistency (no real effect)
 - Rewords some log messages

Patch version 6:
 - Added the "missing" patch number 1. Should have been part of V3 but
   somehow it never got exported from my local tree...
 - Reverted the incorrect fix for max keyid in the patch
   "wpa_supplicant: AP Extended Key ID support"
 - Moved code disabling Extended Key ID for tkip to a better location
   in patch "hostapd: Add support for Extended Key ID"
 - Tweaked Extended Key ID configuration handling in
   "hostapd: Add support for Extended Key ID": It's now automatically
   disabled
 - Some minor tweaks to comments and output and a bit more invasive
   rewording of commit messages

Patch version 5:
 - undo incorrect conversion from "int key_type" to
   "enum key_type key_type" (this is also an independent variable)
 - fixed multiple broken "enum key_type" which must be
   "enum key_type key_type"
 - undo pointless variable move in "wpa_supplicant: FILS Extended Key ID
   support" which did break build tests.
 - again minor fixes to commit messages

Patch version 4:
 - Fixed sequence number key queries (undo invalid switch to new API
   names.)
 - get rid of some forgotten "int key_flag" references and switched them
   over to the correct "enum key_flag key_flag"
 - Dropped the workaround patch enabling FILS and FT key installs with
   current released kernels (API is being updated upstream)
 - removed some stray newlines
 - reworded Extended Key ID description in wpa_supplicant.conf
 - minor updates to commit messages
 - Overhauled and updated commit remarks (nothing critical)

Patch version 3:
 - use key_type (enum) instead of key_flag (bit array)
 - migrate set_tx to the new key_type API and clean up related
   workarounds and bugs.
 - also support Extended Key ID for OSEN, FT and FILS
 - wpa_supplicant is now checking RSN capabilities instead of the
   presence of the KeyID KDE to enable Extended Key ID support to follow
   the wording of the standard
 - detect and prevent dropping or adding Extended Key ID support on
   rekey. (Initial connection decides if we can use it.)
 - Don't use Extended Key ID for TKIP. (Not allowed in the standard.)
 - also flip KeyIDs for WPA_REAUTH and WPA_REAUTH_EAPOL
 - fixed many "test-only" bugs (both tests and test only code)
 - split fixes and extensions in different patches
 - dropped "GET drv_flags" and handle it differently
 - better description of the patches

Patch version 2:
 - typo fix in commit message

Patch version 1:
 Initial release

Alexander Wetzel (16):
  nl80211: Add support for CAN_REPLACE_PTK0
  AP: Address PTK rekey issues
  wpa_supplicant: Address PTK rekey issues
  tests: Allow PTK0 rekey for tests
  Introduce and add key_flag
  nl80211: Migrate from set_tx to key_flag API
  nl80211,wpa_supplicant: Drop outdated tdls hack
  drivers: Migrate drivers from set_tx to key_flag API
  Drop set_tx from all set_key() functions
  AP: Support Extended Key ID
  wpa_supplicant: Support Extended Key ID
  tests: Extended Key ID tests
  AP: FILS Extended Key ID support
  wpa_supplicant: FILS Extended Key ID support
  nl80211: Extended Key ID support
  AP: Let PTK keys default to keyid 1 when supported

 hostapd/config_file.c                        |  18 ++
 hostapd/ctrl_iface.c                         |  72 ++++----
 hostapd/hostapd.conf                         |  43 +++++
 src/ap/ap_config.c                           |  11 ++
 src/ap/ap_config.h                           |   2 +
 src/ap/ap_drv_ops.c                          |   9 +-
 src/ap/ap_drv_ops.h                          |   5 +-
 src/ap/hostapd.c                             |  18 +-
 src/ap/ieee802_11.c                          |   7 +-
 src/ap/ieee802_1x.c                          |  14 +-
 src/ap/wpa_auth.c                            | 119 ++++++++++---
 src/ap/wpa_auth.h                            |   5 +-
 src/ap/wpa_auth_ft.c                         |  12 +-
 src/ap/wpa_auth_glue.c                       |  40 ++++-
 src/ap/wpa_auth_i.h                          |   3 +
 src/ap/wpa_auth_ie.c                         |  55 +++++-
 src/common/defs.h                            |  28 +++
 src/common/wpa_common.c                      |   9 +
 src/common/wpa_common.h                      |   2 +
 src/drivers/driver.h                         |  59 ++++++-
 src/drivers/driver_atheros.c                 |  10 +-
 src/drivers/driver_bsd.c                     |  13 +-
 src/drivers/driver_hostap.c                  |   9 +-
 src/drivers/driver_ndis.c                    |  27 +--
 src/drivers/driver_nl80211.c                 | 107 ++++++------
 src/drivers/driver_nl80211_capa.c            |   8 +
 src/drivers/driver_openbsd.c                 |   5 +-
 src/drivers/driver_privsep.c                 |  12 +-
 src/drivers/driver_wext.c                    |  26 +--
 src/drivers/driver_wext.h                    |   4 +-
 src/eapol_supp/eapol_supp_sm.c               |  15 ++
 src/eapol_supp/eapol_supp_sm.h               |   8 +
 src/rsn_supp/tdls.c                          |   7 +-
 src/rsn_supp/wpa.c                           | 168 ++++++++++++++++--
 src/rsn_supp/wpa.h                           |  23 ++-
 src/rsn_supp/wpa_ft.c                        |  17 +-
 src/rsn_supp/wpa_i.h                         |  19 ++-
 src/rsn_supp/wpa_ie.c                        |   3 +
 tests/hwsim/hostapd.py                       |  19 ++-
 tests/hwsim/multi-bss-iface-per_sta_vif.conf |   2 +
 tests/hwsim/multi-bss-iface.conf             |   2 +
 tests/hwsim/test_ap_ciphers.py               |  13 +-
 tests/hwsim/test_ap_eap.py                   |  66 +++++++-
 tests/hwsim/test_ap_ft.py                    |   1 +
 tests/hwsim/test_ap_pmf.py                   |   1 +
 tests/hwsim/test_ap_psk.py                   | 169 ++++++++++++++++++-
 tests/hwsim/test_ocv.py                      |  13 +-
 tests/hwsim/test_rrm.py                      |   7 +-
 tests/hwsim/wpasupplicant.py                 |   6 +-
 wlantest/bss.c                               |   4 +-
 wlantest/rx_data.c                           |   6 +-
 wlantest/rx_eapol.c                          |   4 +
 wpa_supplicant/ap.c                          |   2 +
 wpa_supplicant/config.c                      |   4 +
 wpa_supplicant/config_file.c                 |   2 +
 wpa_supplicant/config_ssid.h                 |  21 +++
 wpa_supplicant/ctrl_iface.c                  |  37 ++--
 wpa_supplicant/driver_i.h                    |  18 +-
 wpa_supplicant/events.c                      |  16 +-
 wpa_supplicant/ibss_rsn.c                    |  28 +--
 wpa_supplicant/mesh_mpm.c                    |  15 +-
 wpa_supplicant/mesh_rsn.c                    |  14 +-
 wpa_supplicant/notify.c                      |  11 ++
 wpa_supplicant/notify.h                      |   1 +
 wpa_supplicant/preauth_test.c                |   2 +-
 wpa_supplicant/wpa_cli.c                     |   5 +-
 wpa_supplicant/wpa_supplicant.c              |  71 +++++++-
 wpa_supplicant/wpa_supplicant.conf           |  31 ++++
 wpa_supplicant/wpa_supplicant_i.h            |   3 +
 wpa_supplicant/wpas_glue.c                   |  42 +++--
 70 files changed, 1331 insertions(+), 317 deletions(-)

Am 04.01.20 um 23:09 schrieb Alexander Wetzel:
> This patch series was previously called "Support seamless PTK rekeys with
> Extended Key ID" and is addressing issues in the v8 version but is now
> also fundamentally changing PTK rekeying without Extended Key ID.

I found some mostly cosmetic issues but one show stopper, so I'll send 
out v10 tomorrow. The series is ok up to
  [Patch v9 04/16] tests: Allow PTK0 rekey for tests

Here I have to change one key type from KEY_FLAG_GROUP_RX_TX to 
KEY_FLAG_GROUP.

But the real show stopper is in
  [Patch v9 09/16] Drop set_tx from all set_key() functions

One of my git actions accidentally merged a standalone patch into it, so 
it's now also including what was intended to be:
  [PATCH v9 10/17] common: Extended Key ID support

The Code will not change from an end2end perspective.

Sorry for that.

Alexander