From patchwork Thu Sep 9 23:09:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Prestwood X-Patchwork-Id: 1526348 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=pY9GZCsv; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=WjrDucYr; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H5FCf0Xz4z9ssP for ; Fri, 10 Sep 2021 09:12:41 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:MIME-Version:Content-Type: Date:To:From:Subject:Message-ID:Reply-To:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=eRNf+iCU4NDY/Tp8E5Ta4QHeDwwURhraHx9DvH5xE64=; b=pY9GZCsvG6z4bDXHXM3flf1jY7 6x9hUdHcP3SEaKqHfZC+nitBgRyQTxot6nej08Et3q20h1PIzZSczmLu0vvPknIu5qOC5EyupZcsa gYO9+9V2JU5tj6rCM6OAUSpPz3FLzNyStaWtuMm3uWVb6rvBv8oHhR3Oo6huIN94Jh1yLqv43K5OY VZt7rRXZuYXhdwrMTKZ1+aLA+DPRLbawrk0Hq2EC6t98WJsZN2V0vPdtklfYMwfMAPtxTfGfSDE10 jvyiem5TlUb+jP20bWFd+/3nsXrDiKSm2IN38XR+btuHp2GXgJacQ20kwRykjO6hOqpRXbFz/IG7s JbKP28Cw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mOTCg-00B7Df-I4; Thu, 09 Sep 2021 23:11:34 +0000 Received: from mail-pj1-x102b.google.com ([2607:f8b0:4864:20::102b]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mOTCd-00B7DB-Hy for hostap@lists.infradead.org; Thu, 09 Sep 2021 23:11:33 +0000 Received: by mail-pj1-x102b.google.com with SMTP id w19-20020a17090aaf9300b00191e6d10a19so130386pjq.1 for ; Thu, 09 Sep 2021 16:11:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:subject:from:to:date:user-agent:mime-version; bh=Wh4KTYMW8tzZAwc00XBvCj32Dfoqq41agx5ZEOhtLdg=; b=WjrDucYriAqF0Y7FIYMv7OMdoMB8AQNEfako0jysucOq6yQf4mzw7C6AyqePw+QnCz GMVmd44ffUMnppDP0p/1OnB0wvTSWR0SH1/7HQR65HEY0J6N17lALRbexXgd9KUDHqu3 tcrQt+x2ScvSOgbQufwDSxbSrW3VCGW+buMHsis5JGn7Pr16TVS/3Y15PNSogM3FIPAV n4SeHTRAbwY0vEdItU47mKg+5RGgD72OJpShfvsceeejRvP7HXuuldQGLQiQs8m8XYjK jvPN0V9hKsM/ozdnWfJVz6eaUNrTD9eSv/LCCSEZ8gpJHHS5KyjCtNe1vb+7Amz4RC1o kLaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:subject:from:to:date:user-agent :mime-version; bh=Wh4KTYMW8tzZAwc00XBvCj32Dfoqq41agx5ZEOhtLdg=; b=PG4ufYFJTxdOGRWVQ50f26lOkRQKcAU//ba/G2iWyS7PSbeLAVdr6LmO6VMOFE/mmR qiy5SknzrJlFpLsiXDkkR1fjeKBYC+RMsh3GB3qFod6OpCHS2aYt3JeFak4BIbBXHone oDEaPie5tcsTV0fc9GLCdOtYzrHJUPKk21X5lMIpDqytSXMrssJn9VEfLsbvyzosukik G9gPl0mqZCPMfKi8BrNe1x29QhgbmslJHnPsOgY37B8TwEmR5XcZZIlQqzoCUBsi0s7q OLAMJPvAaWdsFmWxG/cTlUfvu3oIgLeBj3UGQlK7IIVFX8/jg+Vk4oRYHxdbAWu5h8Xi qhbg== X-Gm-Message-State: AOAM533PRoYfpT9aDUJYSKevLf1iLDfjUjQIhNudznV1pZLtkHjFWThF kirTtyYfBBJhDu87SdCaP7BKLMXfPkd4AQ== X-Google-Smtp-Source: ABdhPJzJwInKavWKwtEL7WlYOfb7A05pE/WG5Vjhzjf5RRh3SGXtbMvmJAzi5MrxMlPRnSASukCTXw== X-Received: by 2002:a17:902:8bc4:b029:12b:8470:e29e with SMTP id r4-20020a1709028bc4b029012b8470e29emr4810399plo.2.1631229088599; Thu, 09 Sep 2021 16:11:28 -0700 (PDT) Received: from [192.168.254.59] ([50.39.173.103]) by smtp.gmail.com with ESMTPSA id p24sm3262849pfh.136.2021.09.09.16.11.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Sep 2021 16:11:27 -0700 (PDT) Message-ID: <47393b395140d0a6a3a583a4c2d2f503f2e2e872.camel@gmail.com> Subject: No OWE transition mode element on hidden OWE network From: James Prestwood To: "hostap@lists.infradead.org" Date: Thu, 09 Sep 2021 16:09:02 -0700 User-Agent: Evolution 3.40.4 (3.40.4-1.fc34) MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210909_161131_856542_CE32FC1C X-CRM114-Status: GOOD ( 17.02 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi, While playing around with OWE transition mode I noticed the hidden OWE network has no OWE transition mode element. The two network configs are attached. According to the OWE Spec v1.1, section 2.2.1: Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:102b listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [prestwoj[at]gmail.com] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Hi, While playing around with OWE transition mode I noticed the hidden OWE network has no OWE transition mode element. The two network configs are attached. According to the OWE Spec v1.1, section 2.2.1: "The OWE BSS shall include the OWE Transition Mode element in all Beacon and Probe Response frames to encapsulate the BSSID and SSID of the Open BSS." I figured it was a misconfiguration but then I found the following code in src/ap/ieee802_11_shared.c: static int hostapd_eid_owe_trans_enabled(struct hostapd_data *hapd) { return hapd->conf->owe_transition_ssid_len > 0 && !is_zero_ether_addr(hapd->conf->owe_transition_bssid); } This is called prior to appending the OWE transition element so for the hidden SSID (where ssid_len < 0) it returns false and the IE is never built/appended. Removing the SSID length check seems to fix this and I see the OWE transition element for the hidden OWE network. Attached is the patch to remove this length check. Thanks, James ssid=owe-hidden bssid=a6:44:ce:d8:61:6f channel=1 ignore_broadcast_ssid=1 ieee80211w=1 wpa=2 wpa_key_mgmt=OWE rsn_pairwise=CCMP owe_transition_ssid="transition" owe_transition_bssid=fe:e1:de:ce:a5:ed channel=1 ssid=transition bssid=fe:e1:de:ce:a5:ed owe_transition_ssid="owe-hidden" owe_transition_bssid=a6:44:ce:d8:61:6f From 49bc686b2d05acef909449e61f1492e346a7dff4 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Thu, 9 Sep 2021 16:05:24 -0700 Subject: [PATCH] owe: remove ssid length check for OWE transition element This removes the SSID length check when appending the OWE transition element. With this check in place the transition element is never appended to the hidden OWE network. Signed-off-by: James Prestwood --- src/ap/ieee802_11_shared.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c index 4bff9e591..fc3b2e01e 100644 --- a/src/ap/ieee802_11_shared.c +++ b/src/ap/ieee802_11_shared.c @@ -812,8 +812,7 @@ u8 hostapd_mbo_ie_len(struct hostapd_data *hapd) #ifdef CONFIG_OWE static int hostapd_eid_owe_trans_enabled(struct hostapd_data *hapd) { - return hapd->conf->owe_transition_ssid_len > 0 && - !is_zero_ether_addr(hapd->conf->owe_transition_bssid); + return !is_zero_ether_addr(hapd->conf->owe_transition_bssid); } #endif /* CONFIG_OWE */ -- 2.31.1