From patchwork Sun Dec 4 12:46:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrei Otcheretianski X-Patchwork-Id: 1711863 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=memY+O/y; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=FLuOZe/1; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4NQ60d5mTnz23mf for ; Sun, 4 Dec 2022 23:48:01 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=7mbHWhiPTNhiNl5o+OvRkeBaLPvA5oW49uRJ1ezVn5o=; b=memY+O/yhHAN+O 0PXLxv34gZjiUm+deA7FXW8+A1BzQu2MnhLok9LzdEBuk1xoRGNTV9jFxPNLa3x2BWxQ9WG0ST41T 3RVTdwtvs2+vjyzUz7kcHiT0XXIlz+PABL0BSGwk4KCLelSTtH2wXlRLgFItfqgTYsbiY+oPLdjER XdsBjk6zl1tYSL378kKjEDJ0CaZy/oij/v3hO3cXhKA/bZYMXeT5+YAQBGBpt6ea76Q7uYc1PqF+y kiO+ilU/k3Q/XowRc1Ft4fntmt9xT5zp4y+w6BHnraE2JRiw+B35OWJK+7WKM5qvUedDldDXz/ktu AJCCKcA3v7uKPaYeAPqg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1p1oOO-007rdv-A0; Sun, 04 Dec 2022 12:46:48 +0000 Received: from mga01.intel.com ([192.55.52.88]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1p1oOA-007rS0-NZ for hostap@lists.infradead.org; Sun, 04 Dec 2022 12:46:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1670157994; x=1701693994; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=4jQDkg+HRrQKs5CNPV1+L9LDlqaZk+Q2DejE9SCIX5o=; b=FLuOZe/159JzR5FnR69Hse5H9IhGqBWrzt3JqKEow2pLWn2qUyrzlrvg PxsTBiVfkSBcslx6HKtfNI0XdMqqgmNzoaqabnaSa/KRF0lr53IcGh2rW //4vscMRqmz2mlRBbrOX1nE9C+yAi5dy2q4LAX4ZRSzGNM5czLSoIGGxA h8gNatvhCZVZk6tVp7H/ifwTKQgSK3WqN388ttZqw+zqih49uXXB+ZzWD CiIiTlJvK0gfEO6JLM+n/Oqwj4gpN1zaX3azXLcTt8qj1x7GX1OFfjXow q47yKBz4xN0uKM2646BE0fXdA88qEwetcOrL3ssaz4MZiIyCHwlJWFio+ A==; X-IronPort-AV: E=McAfee;i="6500,9779,10550"; a="343174746" X-IronPort-AV: E=Sophos;i="5.96,217,1665471600"; d="scan'208";a="343174746" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Dec 2022 04:46:30 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10550"; a="678074406" X-IronPort-AV: E=Sophos;i="5.96,217,1665471600"; d="scan'208";a="678074406" Received: from aotchere-desk.jer.intel.com ([10.13.21.31]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Dec 2022 04:46:28 -0800 From: Andrei Otcheretianski To: hostap@lists.infradead.org Cc: Andrei Otcheretianski , Ilan Peer Subject: [PATCH] PASN: Align with Draft P802.11az_D6.0 definitions Date: Sun, 4 Dec 2022 14:46:15 +0200 Message-Id: <20221204124615.117304-1-andrei.otcheretianski@intel.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221204_044634_879252_A6C8BB37 X-CRM114-Status: GOOD ( 14.89 ) X-Spam-Score: -5.4 (-----) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: These include: - RSNXE bits were modified, so update the relevant places accordingly. - Some PASN status fields were changed/added. Please note, WLAN_RSNX_CAPAB_PROT_RANGE_NEG was renamed to WLAN_RSNX_CAPAB_URNM_MFPR and the bit position is changed to 15 instead of 10, while BIT 10 is used for WLAN_RSNX_CAPAB_URNM_MFPR_X20 and is [...] Content analysis details: (-5.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [192.55.52.88 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [192.55.52.88 listed in wl.mailspike.net] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org These include: - RSNXE bits were modified, so update the relevant places accordingly. - Some PASN status fields were changed/added. Please note, WLAN_RSNX_CAPAB_PROT_RANGE_NEG was renamed to WLAN_RSNX_CAPAB_URNM_MFPR and the bit position is changed to 15 instead of 10, while BIT 10 is used for WLAN_RSNX_CAPAB_URNM_MFPR_X20 and is not supported yet. Signed-off-by: Ilan Peer Signed-off-by: Andrei Otcheretianski --- src/ap/ieee802_11_shared.c | 2 +- src/ap/wpa_auth_ie.c | 2 +- src/common/ieee802_11_defs.h | 6 +++++- src/pasn/pasn_responder.c | 8 ++++---- src/rsn_supp/wpa_ie.c | 2 +- wpa_supplicant/pasn_supplicant.c | 2 +- 6 files changed, 13 insertions(+), 9 deletions(-) diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c index a7ab3a2d77..31dfb62543 100644 --- a/src/ap/ieee802_11_shared.c +++ b/src/ap/ieee802_11_shared.c @@ -1095,7 +1095,7 @@ u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len) if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_AP) capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP) - capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG); + capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR); flen = (capab & 0xff00) ? 2 : 1; if (len < 2 + flen || !capab) diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 2a17891032..89d4a3ca03 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -420,7 +420,7 @@ int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len) if (conf->secure_rtt) capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); if (conf->prot_range_neg) - capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG); + capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR); flen = (capab & 0xff00) ? 2 : 1; if (!capab) diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h index 6ded79deca..93c8b7ae41 100644 --- a/src/common/ieee802_11_defs.h +++ b/src/common/ieee802_11_defs.h @@ -209,6 +209,9 @@ #define WLAN_STATUS_DENIED_HE_NOT_SUPPORTED 124 #define WLAN_STATUS_SAE_HASH_TO_ELEMENT 126 #define WLAN_STATUS_SAE_PK 127 +#define WLAN_STATUS_INVALID_PUBKEY 136 +#define WLAN_STATUS_PASN_BASE_AKMP_FAILED 137 +#define WLAN_STATUS_OCI_MISMATCH 138 /* Reason codes (IEEE Std 802.11-2016, 9.4.1.7, Table 9-45) */ #define WLAN_REASON_UNSPECIFIED 1 @@ -589,7 +592,8 @@ #define WLAN_RSNX_CAPAB_SAE_PK 6 #define WLAN_RSNX_CAPAB_SECURE_LTF 8 #define WLAN_RSNX_CAPAB_SECURE_RTT 9 -#define WLAN_RSNX_CAPAB_PROT_RANGE_NEG 10 +#define WLAN_RSNX_CAPAB_URNM_MFPR_X20 10 +#define WLAN_RSNX_CAPAB_URNM_MFPR 15 /* Multiple BSSID element subelements */ #define WLAN_MBSSID_SUBELEMENT_NONTRANSMITTED_BSSID_PROFILE 0 diff --git a/src/pasn/pasn_responder.c b/src/pasn/pasn_responder.c index ea2737c0f3..c67fac4540 100644 --- a/src/pasn/pasn_responder.c +++ b/src/pasn/pasn_responder.c @@ -687,7 +687,7 @@ int handle_auth_pasn_1(struct pasn_data *pasn, if (!pasn_params.pubkey || !pasn_params.pubkey_len) { wpa_printf(MSG_DEBUG, "PASN: Invalid public key"); - status = WLAN_STATUS_UNSPECIFIED_FAILURE; + status = WLAN_STATUS_INVALID_PARAMETERS; goto send_resp; } @@ -702,7 +702,7 @@ int handle_auth_pasn_1(struct pasn_data *pasn, if (ret) { wpa_printf(MSG_DEBUG, "PASN: Invalid comeback token"); - status = WLAN_STATUS_UNSPECIFIED_FAILURE; + status = WLAN_STATUS_INVALID_PARAMETERS; goto send_resp; } } else if (pasn->use_anti_clogging) { @@ -730,7 +730,7 @@ int handle_auth_pasn_1(struct pasn_data *pasn, wpa_printf(MSG_DEBUG, "PASN: Invalid first octet in pubkey=0x%x", pasn_params.pubkey[0]); - status = WLAN_STATUS_UNSPECIFIED_FAILURE; + status = WLAN_STATUS_INVALID_PUBKEY; goto send_resp; } @@ -863,7 +863,7 @@ int handle_auth_pasn_1(struct pasn_data *pasn, &pasn_params, wrapped_data, secret); if (ret) { wpa_printf(MSG_DEBUG, "PASN: Failed to derive keys"); - status = WLAN_STATUS_UNSPECIFIED_FAILURE; + status = WLAN_STATUS_PASN_BASE_AKMP_FAILED; goto send_resp; } diff --git a/src/rsn_supp/wpa_ie.c b/src/rsn_supp/wpa_ie.c index 2d7f68e8f4..50bd2b276e 100644 --- a/src/rsn_supp/wpa_ie.c +++ b/src/rsn_supp/wpa_ie.c @@ -376,7 +376,7 @@ int wpa_gen_rsnxe(struct wpa_sm *sm, u8 *rsnxe, size_t rsnxe_len) if (sm->secure_rtt) capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); if (sm->prot_range_neg) - capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG); + capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR); flen = (capab & 0xff00) ? 2 : 1; if (!capab) diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c index fbef7f2dff..b1f9878a4c 100644 --- a/wpa_supplicant/pasn_supplicant.c +++ b/wpa_supplicant/pasn_supplicant.c @@ -577,7 +577,7 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit) if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_STA) capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT); if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA) - capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG); + capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR); pasn->rsnxe_capab = capab; pasn->send_mgmt = wpas_pasn_send_mlme;