From patchwork Sat Aug 17 21:14:20 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 1148794
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=wetzel-home.de
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="N22CO1fD";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=wetzel-home.de header.i=@wetzel-home.de
	header.b="aQoyWJO+"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (4096 bits)
	server-digest SHA256) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 469tKg00jdz9s4Y
	for <incoming@patchwork.ozlabs.org>;
	Sun, 18 Aug 2019 07:16:38 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=dnEifhl2tniRdAiZm0+vn6kJnRsHovTLAT+tJYl1qTM=;
	b=N22CO1fDMNrLBw
	EMKyZIDwEHQIZmdHxpy4D+ol2n3KMxcR4EMY5RbuS304VKYRVkR9K9oV0fRZREF/QUBNlPoZ4vej4
	AGn0nzCwOyuFKyarzitLTRu+oi9sTNO8LyJKXs99lqhrAGS0I9d/puwkXCtmj5AJq3c426W6LlOjk
	jXNOwBO5dRwYzIOwsQmEFLq9G1UM3J1c8dKElRu7AX8bxjDkjLzBx3eNUS4QsY++UTfH1dLBlv12V
	hSSBQB4F8MuPuLJ2/PjM4Wez8AQ/G2WS30NrC4ond4skz5cThbuYAjnlNEvkIN9GE1hs1k3JHcNy7
	XbAQUbYIyS5BJyl9G2Ww==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux))
	id 1hz63v-0004U8-Ij; Sat, 17 Aug 2019 21:16:35 +0000
Received: from 7.mo68.mail-out.ovh.net ([46.105.63.230])
	by bombadil.infradead.org with esmtps (Exim 4.92 #3 (Red Hat Linux))
	id 1hz62X-00023C-BE
	for hostap@lists.infradead.org; Sat, 17 Aug 2019 21:15:14 +0000
Received: from player159.ha.ovh.net (unknown [10.109.143.249])
	by mo68.mail-out.ovh.net (Postfix) with ESMTP id C713A13ECC2
	for <hostap@lists.infradead.org>;
	Sat, 17 Aug 2019 23:14:56 +0200 (CEST)
Received: from awhome.eu (p4FF9179D.dip0.t-ipconnect.de [79.249.23.157])
	(Authenticated sender: postmaster@awhome.eu)
	by player159.ha.ovh.net (Postfix) with ESMTPSA id A6FAF8D1427F;
	Sat, 17 Aug 2019 21:14:51 +0000 (UTC)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
	s=wetzel-home; t=1566076490;
	bh=jXEPCv7Wx6OcOV6fWZSjVOqHBuVrwp5Qp+3Ew713cSY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=aQoyWJO+aXTCIeLQv+4Hs6oWOXnDLDm/UBu+r5CFuHMXhB304/mvwpbQiXLfpKY7K
	m3oU/S9sABgyMls4lo4H0VLZ+jW2OllMHIm71hTRP6XZcJN+Pzp3aHrMYwWLqtQfcX
	aLKTrDDgpFOZ4hHdaLrZ8GPE6cgc2S8brKKLHYU8=
To: j@w1.fi
Subject: [PATCH v3 02/17] Driver: Introduce key_types and Extended Key ID
	driver flag
Date: Sat, 17 Aug 2019 23:14:20 +0200
Message-Id: <20190817211435.158335-3-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <20190817211435.158335-1-alexander@wetzel-home.de>
References: <20190817211435.158335-1-alexander@wetzel-home.de>
MIME-Version: 1.0
X-Ovh-Tracer-Id: 7948571871538388220
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgeduvddrudefhedgudeiudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecu
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190817_141509_763891_C18C4DB0 
X-CRM114-Status: GOOD (  15.63  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-0.2 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
	no trust [46.105.63.230 listed in list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: Alexander Wetzel <alexander@wetzel-home.de>, hostap@lists.infradead.org,
	luca@coelho.fi, johannes@sipsolutions.net
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Add the new driver flag WPA_DRIVER_FLAGS_EXTENDED_KEY_ID and
the key_types designated to replace and extend the use of the existing
set_tx boolean in all set_key() functions.

Both changes are required as foundation for the Extended Key ID support
and are only laying some foundation for later patches to build on.

The new - so far unused - key_types are:

  KEY_TYPE_BROADCAST
    Set for any broadcast key which is not a default key.
    Also set to delete default keys. (This basically replaces set_tx=0)

  KEY_TYPE_DEFAULT
    To be set when installing a WEP or a group key without pairwise
    keys. Must not be used when pairwise keys are used. Never set when
    deleting a key. (This basically replaces set_tx=1)

  KEY_TYPE_PAIRWISE:
    Used to distinguish pairwise from broadcast keys. (This is needed
    since Extended Key ID can use keyidx=1 both as pairwise and group
    keys and we need an additional hint to distinguish between them.)

  KEY_TYPE_NO_AUTO_TX
    To be set when installing a pairwise key which must not be used for
    Tx, yet. (New requirement for Extended Key ID support.)

  KEY_TYPE_SET_TX
    To be set when activating Tx for a key installed with
    KEY_TYPE_NO_AUTO_TX.  (Also required for Extended Key ID support.)

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---

This could be split up in more patches to differentiate between the
set_tx cleanup and Extended Key ID support.
But then I think having the key_types all in one patch is simpler to
follow and then it looks silly to just have a patch for adding
WPA_DRIVER_FLAGS_EXTENDED_KEY_ID...

In the first patches and even while preparing this one I used flags
instead of a enum. But after getting it working it turned out that there
simply is no useful case where we would have to set more than one bit.

 src/common/wpa_common.h |  8 ++++++++
 src/drivers/driver.h    | 19 +++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index cb511ff0b..415104de9 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -203,6 +203,14 @@ struct wpa_eapol_key {
 #define FILS_ICK_MAX_LEN 48
 #define FILS_FT_MAX_LEN 48
 
+enum key_type {
+	KEY_TYPE_BROADCAST,
+	KEY_TYPE_DEFAULT,
+	KEY_TYPE_PAIRWISE,
+	KEY_TYPE_NO_AUTO_TX,
+	KEY_TYPE_SET_TX,
+};
+
 /**
  * struct wpa_ptk - WPA Pairwise Transient Key
  * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 2a8459ae3..b74c37f2c 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1659,6 +1659,8 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS_FTM_RESPONDER		0x0100000000000000ULL
 /** Driver support 4-way handshake offload for WPA-Personal */
 #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK	0x0200000000000000ULL
+/** Driver supports Extended Key ID */
+#define WPA_DRIVER_FLAGS_EXTENDED_KEY_ID	0x0400000000000000ULL
 	u64 flags;
 
 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
@@ -2290,6 +2292,23 @@ struct wpa_driver_ops {
 	 *	8-byte Rx Mic Key
 	 * @key_len: length of the key buffer in octets (WEP: 5 or 13,
 	 *	TKIP: 32, CCMP/GCMP: 16, IGTK: 16)
+	 * @key_type: Additional instructions for key install:
+	 *	%KEY_TYPE_BROADCAST:
+	 *	  Key is a broadcast but no default key.
+	 *	%KEY_TYPE_DEFAULT:
+	 *	  Key is the default key (not using pairwise keys, WEP or
+	 *	  group key only.) Must not be used when pairwise keys are
+	 *	  also in use.
+	 *	%KEY_TYPE_PAIRWISE:
+	 *	  Normal pairwise key not requiring Extended Key ID actions.
+	 *	%KEY_TYPE_NO_AUTO_TX:
+	 *	  Pairwise Key, but it must not be used for Tx, yet.
+	 *	  Can only be used when the driver supports Extended Key ID.
+	 *	%KEY_TYPE_SET_TX:
+	 *	  Key already installed with %KEY_TYPE_NO_AUTO_TX is selected as
+	 *	  the pairwise Tx key for the STA. Only @ifname, @priv, @addr
+	 *	  and @key_idx must be set and all other arguments have to be
+	 *	  zero or NULL.
 	 *
 	 * Returns: 0 on success, -1 on failure
 	 *