From patchwork Sat Aug 17 21:14:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Wetzel X-Patchwork-Id: 1148802 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=wetzel-home.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="kLoeu48U"; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=wetzel-home.de header.i=@wetzel-home.de header.b="m+jld0VE"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 469tMN0ScZz9sDQ for ; Sun, 18 Aug 2019 07:18:08 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Z2C4pXo+CnfYWrjNDZVr5F3G9lGmHwcjB86C4la9CCI=; b=kLoeu48UYJlrV3 OMxYr3vpuKlsVhNRohlsbYcMpkkowdg+FH+HDcdVLFBolYY63I99dYXryUTWueZfqYDG9awaRfxQW 5kiTLDiTABLKLZq0Jv7MeO6EKLNNUwvJRVUlYfcOj3Tnsugy5aqDLPw5sQD6a9MMh3mHDYAVDAowr IofQcY9wbjIRAUkVmz5hmcAncZYwDBQQU63fN2AjVgPlqyVD4CAqoVHCzUeNQRrRLRJGKXFLfUxRy s/7MfBZQ08VfUlMtFB2w0V9I6CeLUR2Ba6I4mE1UseXYlfg3jpxzoty9tPSkSqWYd6Y40inWonj5g w+mt4T2c6DYSEvbZlz/A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hz65L-0005uX-Vm; Sat, 17 Aug 2019 21:18:04 +0000 Received: from 17.mo7.mail-out.ovh.net ([188.165.35.227]) by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux)) id 1hz62Y-00023P-4b for hostap@lists.infradead.org; Sat, 17 Aug 2019 21:15:17 +0000 Received: from player687.ha.ovh.net (unknown [10.108.57.14]) by mo7.mail-out.ovh.net (Postfix) with ESMTP id 97DCF12E9AC for ; Sat, 17 Aug 2019 23:14:59 +0200 (CEST) Received: from awhome.eu (p4FF9179D.dip0.t-ipconnect.de [79.249.23.157]) (Authenticated sender: postmaster@awhome.eu) by player687.ha.ovh.net (Postfix) with ESMTPSA id 30AE68DEF81F; Sat, 17 Aug 2019 21:14:56 +0000 (UTC) From: Alexander Wetzel DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de; s=wetzel-home; t=1566076491; bh=ZU0Ul4XKVosRSFr9F/MGasQumkYFfX9kZWLDivYmLpY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=m+jld0VEZ9hLPE+zOwRGVc7d+CsPi2DiO51WwU46Ukm5im3rmkC1iozg/6kDrpkq5 rZO+xgJ99847aDGb/9Avu6yTj8SbmnDVo6TPI9nhzYUHw5PweYMc2geDFROb/7Ax1a 0W9GzzNfC74fz0StF8KPgG3thjx7TwstUsYeulfI= To: j@w1.fi Subject: [PATCH v3 12/17] hostapd: FILS Extended Key ID support Date: Sat, 17 Aug 2019 23:14:30 +0200 Message-Id: <20190817211435.158335-13-alexander@wetzel-home.de> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190817211435.158335-1-alexander@wetzel-home.de> References: <20190817211435.158335-1-alexander@wetzel-home.de> MIME-Version: 1.0 X-Ovh-Tracer-Id: 7949697767334092028 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduvddrudefhedgudeiudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecu X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190817_141510_321752_567AC01B X-CRM114-Status: GOOD ( 19.76 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [188.165.35.227 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexander Wetzel , hostap@lists.infradead.org, luca@coelho.fi, johannes@sipsolutions.net Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org IEEE 802.11ai - 2016 is missing any instructions how Extended Key ID shall be handled combination with it. But there seem to be only two ways: 1) FILS can only use keyid 0 and the STAs only decide on rekey if they can use Extended Key ID. 2) FILS also checks is Extended Key ID can be used by both STAs and if so adds the KeyID KDE in addition to the GTK/IGTK KDEs. Since the later seems to be a closer to the intent of 802.11ai and there are no other implementations for Extended Key ID we could be incompatible to this patch implements 2) for now. Signed-off-by: Alexander Wetzel --- Now this is a very free interpretation how to handle Extended Key ID in combination with FILS. Technically it's the same issue as we have for FT, so I'm using the same (arguable) solution here: We bypass the 4-way handshake and Extended Key ID is therefore mostly irrelevant. Neither FILS nor FT make any concession for Extended Key ID but have a mechanism to get the GTK ID. Which of course can also pass over the (unicast) KeyID required for Extended Key ID support... Now the new patch series is rigorously sticking to the key install mode used at the initial connect: When either the AP or the STA tries to use anything else than for the connect we kill the connection. By also adding the KeyID to the KDEs these checks work basically out of the box and the Extended Key ID flag in the RSN capabilities serves a purpose. Alternatively we could relax the checks and accept, that we either still set the Extended Key ID bit in RSN but just assume the keyid is always zero for FT and FILS or even drop the bit in the RSN capabilities and relax the sanity checks for FILS and FT. Since any not Extended Key ID capable STA won't care either way and there are zero implementations for Extended Key ID we have to stay compatible with I decided to first try what I consider the cleanest way. Therefore Unicast KeyIDs have been added to the frames transporting also the GTK ID. Based on the feedback we either keep or change it. src/ap/wpa_auth.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 0213e97c2..10c58c26c 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -2692,6 +2692,15 @@ static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm, wpabuf_put_u8(plain, WLAN_EID_EXT_KEY_DELIVERY); wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, wpabuf_put(plain, WPA_KEY_RSC_LEN)); + + hdr[1] = 0; + if (sm->use_extended_key_id) { + hdr[0] = sm->keyidx_active & 0x01; + tmp = wpabuf_put(plain, 0); + tmp2 = wpa_add_kde(tmp, RSN_KEY_DATA_KEYID, hdr, 2, NULL, 0); + wpabuf_put(plain, tmp2 - tmp); + } + /* GTK KDE */ gtk = gsm->GTK[gsm->GN - 1]; gtk_len = gsm->GTK_len; @@ -2708,7 +2717,6 @@ static struct wpabuf * fils_prepare_plainbuf(struct wpa_state_machine *sm, gtk = dummy_gtk; } hdr[0] = gsm->GN & 0x03; - hdr[1] = 0; tmp = wpabuf_put(plain, 0); tmp2 = wpa_add_kde(tmp, RSN_KEY_DATA_GROUPKEY, hdr, 2, gtk, gtk_len); @@ -2754,6 +2762,7 @@ int fils_set_tk(struct wpa_state_machine *sm) wpa_printf(MSG_DEBUG, "FILS: No valid PTK available to set TK"); return -1; } + if (sm->tk_already_set) { wpa_printf(MSG_DEBUG, "FILS: TK already set to the driver"); return -1; @@ -2763,7 +2772,7 @@ int fils_set_tk(struct wpa_state_machine *sm) klen = wpa_cipher_key_len(sm->pairwise); wpa_printf(MSG_DEBUG, "FILS: Configure TK to the driver"); - if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, + if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, sm->keyidx_active, sm->PTK.tk, klen, KEY_TYPE_PAIRWISE)) { wpa_printf(MSG_DEBUG, "FILS: Failed to set TK to the driver"); return -1;