From patchwork Fri Apr 29 00:41:37 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Daniel Micay <danielmicay@gmail.com>
X-Patchwork-Id: 616674
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2001:1868:205::9])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3qx8cR4v0jz9t7j
	for <incoming@patchwork.ozlabs.org>;
	Fri, 29 Apr 2016 20:11:35 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=fsfdYOq8;
	dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux))
	id 1aw5OD-0003Qj-Ah; Fri, 29 Apr 2016 10:11:13 +0000
Received: from mail-qk0-x231.google.com ([2607:f8b0:400d:c09::231])
	by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat
	Linux)) id 1avwVM-0000EQ-TG
	for hostap@lists.infradead.org; Fri, 29 Apr 2016 00:42:01 +0000
Received: by mail-qk0-x231.google.com with SMTP id r184so39444932qkc.1
	for <hostap@lists.infradead.org>;
	Thu, 28 Apr 2016 17:41:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:subject:from:to:cc:date:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=b80ylfVcbFN4iBiecq3oUyCcFnc23e6FqOVrCXsRxRg=;
	b=fsfdYOq8Mgx2G39KZi0Uvxw4VufW1fR+XP3CnLAkL1YgEe6j0B+UzlLY9ndQ3NXyZ3
	cKLJWoRL42hRpGviuyHJwgrN8twMAQ1YrwE/Bta35BmUupxgQpmYgzQKRcykwwSg3pPU
	+aHCqULXJKiClHaXVoa5fRXtvkoamFvjP4pWxQGDzZ99mIgjf8FLC+213d3UvvIv5rtR
	tcZMfmPVQK5sPe68zkWprNULxDT6A3+IbZWrDO4aVWxSVg1kax80O03eXsXzW5fZBSCH
	aFeYApRy0Cntv6EdFR5XSQqCdKQOZNR5plTuXQ8ZZ9E+CmSmNm0O0csQQ6zKUoCN5XZK
	lqrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=b80ylfVcbFN4iBiecq3oUyCcFnc23e6FqOVrCXsRxRg=;
	b=dt9VEPDrGvlis5Ozf5ebP64GzWQYAc0OrJkyDt1dzfpfPi3YXsB+GS4ND5P8NaEKzW
	jao8T0kc6ZOweI/WJv8CcaflJWVX6Ikja9+Rx770vNuvglrD0d+o2x+kUpGBwZLjS1u1
	+Sv5jUDkmh1khn/UlESC/w4r8uylO80r+1znyL/GmT9/d3840sFMGGFLIsZsdvFO2v7n
	prgZgHuhL+2qbFtmLfYwpqt86mBi8SQkBokIm7thSGlB+4WRE0ZhstRM2lyJ+eCnucvs
	4ecF/dVJw7+l1hIYNLpbOF93EnSid9HHRMrdCqzNH8XjQnW4dbJsqUgQBTcxMHcz6/FE
	8P4Q==
X-Gm-Message-State: 
 AOPr4FU2NUc0mknzrpSuBV6iWts0Fo4EWiZjFWi8HnRHTFrfJXCyQkYGUyHIh8Oh0iBkDQ==
X-Received: by 10.55.183.135 with SMTP id
	h129mr17925546qkf.142.1461890499498;
	Thu, 28 Apr 2016 17:41:39 -0700 (PDT)
Received: from thinktank ([99.250.216.208])
	by smtp.googlemail.com with ESMTPSA id
	x11sm3651509qgx.24.2016.04.28.17.41.38
	(version=TLSv1/SSLv3 cipher=OTHER);
	Thu, 28 Apr 2016 17:41:38 -0700 (PDT)
Message-ID: <1461890497.21378.26.camel@gmail.com>
Subject: Re: [PATCH] android: randomize pre-association MAC addresses
From: Daniel Micay <danielmicay@gmail.com>
To: Jouni Malinen <j@w1.fi>
Date: Thu, 28 Apr 2016 20:41:37 -0400
In-Reply-To: <20160428175821.GD8334@w1.fi>
References: <1461168993-13693-1-git-send-email-danielmicay@gmail.com>
	<20160428175821.GD8334@w1.fi>
X-Mailer: Evolution 3.20.1 
Mime-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20160428_174201_052327_9B514EA0 
X-CRM114-Status: GOOD (  16.21  )
X-Spam-Score: -2.7 (--)
X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary:
	Content analysis details:   (-2.7 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (danielmicay[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
	low
	trust [2607:f8b0:400d:c09:0:0:0:231 listed in] [list.dnswl.org]
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
X-Mailman-Approved-At: Fri, 29 Apr 2016 03:11:11 -0700
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: hostap@lists.infradead.org
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

> This would need to have a Signed-off-by: line in the commit message as
> described in the top level CONTRIBUTIONS file.

Ah, I missed that sign-offs are used here in the same way as the Linux
kernel. Here it is again:

From 4a75a244ef4d3c8a3fc503819c2ccce9027717e5 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 17 Apr 2016 04:17:00 -0400
Subject: [PATCH] android: randomize pre-association MAC addresses

This enables pre-associating (scanning) MAC address randomization for
Android. It uses the default 60 second expiry time.

Change-Id: Id23947f46a0014e2b42913cd0a2cc3f908c3bc62
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
---
 wpa_supplicant/wpa_supplicant_template.conf | 1 +
 1 file changed, 1 insertion(+)

-- 
2.8.0

> > diff --git a/wpa_supplicant/wpa_supplicant_template.conf
> > b/wpa_supplicant/wpa_supplicant_template.conf
> 
> > +preassoc_mac_addr=1
> 
> How has this been tested? I'm mainly interested in which Android
> versions and Wi-Fi drivers were used.

It works well on the Nexus 5 (brcmfmac), Nexus 5X (qcacld-2.0) and Nexus
9 (brcmfmac). I think they all use Broadcom chips, but not sure about
which drivers are used. Tested on AOSP 6.0.1 and master.

> I don't think I'd recommend using this preassoc_mac_addr=1 design
> since
> it changes the MAC address of the netdev. Instead, I'd use the pre-
> scan
> request mechanism to request driver to use random MAC addresses. This
> can be configured with the MAC_RAND_SCAN control interface command.

I could try that. Is changing device address harmful?

I saw the MAC_RAND_SCAN feature but I was worried about it not being
supported everywhere and possibly not randomizing the vendor prefix.

I was also planning on wiring up the mac_addr toggle to a setting in
Android, but that wouldn't involve any changes here since it would be
dynamic. So doing the scan randomization this way seemed to make sense
in the context of using the other portion of the feature too.

diff --git a/wpa_supplicant/wpa_supplicant_template.conf b/wpa_supplicant/wpa_supplicant_template.conf
index f3f2a64..494d10a 100644
--- a/wpa_supplicant/wpa_supplicant_template.conf
+++ b/wpa_supplicant/wpa_supplicant_template.conf
@@ -4,3 +4,4 @@ eapol_version=1
 ap_scan=1
 fast_reauth=1
 pmf=1
+preassoc_mac_addr=1