From patchwork Mon Mar 15 12:57:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilan Peer X-Patchwork-Id: 1453285 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2001:8b0:10b:1:d65d:64ff:fe57:4e05; helo=desiato.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=desiato.20200630 header.b=OpusWSvw; dkim-atps=neutral Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DzdSb19sFz9vKV for ; Tue, 16 Mar 2021 01:03:59 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:MIME-Version:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:References:In-Reply-To:Message-Id:Date:Subject:Cc:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=zWZyTECkJkHcQeo/oi78WO9i/8Ja7tgZLsiomE4lU70=; b=OpusWSvwn1bGLVpR5iwiPC+qko i3qGRM816ODxWG5J6MtEZJ7WaSWRCpWzGehWSi8W5kqaClkQRVN1/GGY2dd03ErZsdRtlbjjSp9Nc r06EUG/VqJZ0okdFIRFW/s35rBu3+VlpXicoG51RgI+jtryq9F+cxpAK2qB5gg+RZ/Ur9I3q5W5Ec jLBA4xLlB1GrABTaalpO+S1UGIKpywSTPAWmtbptI3k8Om1FkC3Q+gDW+CiSyWJu2zZ3LKlG+nsdK qyUOIkUML2w0814wefT9MJFo6kpyI4j0PUnvwGIvj+MZBXT6uRbxxWv8EAN8N5Rs5Tw3NHaI0r7Y2 hAOaMjRA==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lLnok-00G2bp-RM; Mon, 15 Mar 2021 14:03:35 +0000 Received: from mga02.intel.com ([134.134.136.20]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lLmml-00FtU2-7S for hostap@lists.infradead.org; Mon, 15 Mar 2021 12:59:30 +0000 IronPort-SDR: Y1q5i3rVvj5Wq7a/TyEUTJmxyQPUtSUBvCuRUeiu7qIgyih48IYYKGjcDQZOSa77k+6zJDCyXg o+1SmBK9ZU8g== X-IronPort-AV: E=McAfee;i="6000,8403,9923"; a="176210843" X-IronPort-AV: E=Sophos;i="5.81,249,1610438400"; d="scan'208";a="176210843" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Mar 2021 05:57:20 -0700 IronPort-SDR: I4ykYAjjs+4T44LDA82NlsRku7yhqZRXeCXUvIt4YZmiBWsYa+m26cQCXrDJEg86HO4637nFN8 NkKKBSCoRkEQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,249,1610438400"; d="scan'208";a="378499631" Received: from jed01615.jer.intel.com ([10.12.217.51]) by fmsmga007.fm.intel.com with ESMTP; 15 Mar 2021 05:57:19 -0700 From: Ilan Peer To: hostap@lists.infradead.org Cc: Ilan Peer Subject: [PATCH 02/15] AP: Include PMKID in RSNIE in PASN response Date: Mon, 15 Mar 2021 14:57:00 +0200 Message-Id: <20210315125713.23355-3-ilan.peer@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210315125713.23355-1-ilan.peer@intel.com> References: <20210315125713.23355-1-ilan.peer@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210315_125927_803957_73C02286 X-CRM114-Status: GOOD ( 10.90 ) X-Spam-Score: -2.3 (--) X-Spam-Report: Spam detection software, running on the system "desiato.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: As defined in Draft P802.11az_D3.0, section 12.12.3.2. Signed-off-by: Ilan Peer --- src/ap/ieee802_11.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 2c3832960d..c378a1c95b 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2887, 6 +2887, 7 @@ static int handle_auth_pasn_resp(st [...] Content analysis details: (-2.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [134.134.136.20 listed in wl.mailspike.net] -2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at https://www.dnswl.org/, medium trust [134.134.136.20 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org As defined in Draft P802.11az_D3.0, section 12.12.3.2. Signed-off-by: Ilan Peer --- src/ap/ieee802_11.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 2c3832960d..c378a1c95b 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2887,6 +2887,7 @@ static int handle_auth_pasn_resp(struct hostapd_data *hapd, u8 *data_buf = NULL; size_t rsn_ie_len, frame_len, data_len; int ret; + const u8 *pmkid = NULL; wpa_printf(MSG_DEBUG, "PASN: Building frame 2: status=%u", status); @@ -2900,7 +2901,22 @@ static int handle_auth_pasn_resp(struct hostapd_data *hapd, if (status != WLAN_STATUS_SUCCESS) goto done; - if (wpa_pasn_add_rsne(buf, pmksa ? pmksa->pmkid : NULL, + if (pmksa) { + pmkid = pmksa->pmkid; +#ifdef CONFIG_SAE_AP + } else if (sta->pasn->akmp == WPA_KEY_MGMT_SAE) { + wpa_printf(MSG_DEBUG, "PASN: use SAE PMKID"); + pmkid = sta->pasn->sae.pmkid; +#endif /* CONFIG_SAE_AP */ +#ifdef CONFIG_FILS + } else if (sta->pasn->akmp == WPA_KEY_MGMT_FILS_SHA256 || + sta->pasn->akmp == WPA_KEY_MGMT_FILS_SHA384) { + wpa_printf(MSG_DEBUG, "PASN: use FILS ERP PMKID"); + pmkid = sta->pasn->fils.erp_pmkid; +#endif /* CONFIG_FILS */ + } + + if (wpa_pasn_add_rsne(buf, pmkid, sta->pasn->akmp, sta->pasn->cipher) < 0) goto fail;