From patchwork Thu Aug 25 05:53:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670067 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=lsq0kVgN; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=hn91V8h8; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCskK6dtlz1yg7 for ; Thu, 25 Aug 2022 15:59:53 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=CgGMbbg7W7WW8HLUijUj0stX2hz9pkU7m89lsfJELvg=; b=lsq0kVgN6E8B5c DrzWnBPp3pZFWEeBuLSMkpyUwKAI1LosMt1AMKHJYI79/Xn9DmvezOjLGSQ6jS9X1qexnitB6XnGm fBIFzh6u0pANYw1z0EM/wmLNLDlXBY1xH3rb62yJOUDIgfQ0HqT33/MjSrNFKIkTRq0iEbLYLPjkI 6p2w/5ZgSTpGWNp2PODJWMkBGY5/Sn/yJ+LBAUl8cHgv5a4dwE2+p6BatYhxS8TZTKRgumIM69cQm VfznuKx396sTBchykxxmBRC//nt3dPZpfdPmFKQ1VsoBVURHK+Dv1tA4T3OI7pu7kr16vBAvVnPdd BYWCDD2k5zYEyG36Dy7w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5tW-007f5i-1c; Thu, 25 Aug 2022 05:59:10 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5so-007egG-Ac for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:58:28 +0000 Received: from pps.filterd (m0279870.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P3Nveg012857 for ; Thu, 25 Aug 2022 05:58:25 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=0s7w0KL0qTYelXOLvQAr3AKUGcmK7RPr9ThAqU7HRH4=; b=hn91V8h8WFbVVXSd8PkfEitw+8HrpNr/6qjhJ6sQMtoonNIiYBMvIVQx88wcwXyV3kV9 xxHkMTEedZ1RuIqYT+QVSWJe6/VBmzJkictqLBaqLNue4N2DaPKvAdlWu/wto1Q+H/wI GKkl73iA878eJ8NnMyqfAovUHu0+hGjBWYEz58tHXY1JYcdkOvDLqSnvq3lb81xtZcia s1rlrCsFfKoc0bjIWRHfwDTG9/kvMMVfUr3aU/IIytSJUypG0xiwE7XBNpAovQt1GOdR +TqOdRYRJgT1zBX4fRQlaFCUuZxM8DdbbUBeWSjCFeJzA06TXvzLf5K2ZG3WZPlRlipJ VA== Received: from nalasppmta02.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j52pjnsp0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:58:25 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rOuK013306 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:24 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:22 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 01/12] MLD STA: Add support for parsing MLO KDEs Date: Thu, 25 Aug 2022 11:23:00 +0530 Message-ID: <20220825055311.3327147-2-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: pU_mZH15OqDl4z3TPz58dsX-kKN5WB23 X-Proofpoint-GUID: pU_mZH15OqDl4z3TPz58dsX-kKN5WB23 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 priorityscore=1501 mlxscore=0 lowpriorityscore=0 bulkscore=0 phishscore=0 suspectscore=0 adultscore=0 spamscore=0 malwarescore=0 mlxlogscore=999 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225826_522620_2F67F065 X-CRM114-Status: GOOD ( 18.38 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Rohan Dutta Add support for parsing MLO KDEs as defined in Table 12-10 KDE selectors in IEEE P802.11be/D2.0. Signed-off-by: Rohan Dutta --- src/common/wpa_common.c | 50 +++++++++++++++++++++++++++++++++ src/common/wpa_common.h | 61 +++++++++++++++++++++++++++++++++++++++++ 2 files c [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Rohan Dutta Add support for parsing MLO KDEs as defined in Table 12-10 KDE selectors in IEEE P802.11be/D2.0. Signed-off-by: Rohan Dutta --- src/common/wpa_common.c | 50 +++++++++++++++++++++++++++++++++ src/common/wpa_common.h | 61 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 6f37e5237..a38689471 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -3108,6 +3108,10 @@ static int wpa_parse_generic(const u8 *pos, struct wpa_eapol_ie_parse *ie) u32 selector; const u8 *p; size_t left; + struct wpa_mlo_gtk_hdr *gtk_hdr; + struct wpa_mlo_igtk_hdr *igtk_hdr; + struct wpa_mlo_bigtk_hdr *bigtk_hdr; + struct wpa_mlo_link_hdr *link_hdr; if (len == 0) return 1; @@ -3216,6 +3220,52 @@ static int wpa_parse_generic(const u8 *pos, struct wpa_eapol_ie_parse *ie) return 0; } + if (left >= sizeof(struct wpa_mlo_gtk_hdr) && + selector == RSN_KEY_DATA_MLO_GTK) { + ie->mlo_gtk_found = true; + gtk_hdr = (struct wpa_mlo_gtk_hdr *)(p); + ie->mlo_gtk[gtk_hdr->link_id] = p; + ie->mlo_gtk_len[gtk_hdr->link_id] = left; + wpa_printf(MSG_ERROR, "WPA: link id %u", gtk_hdr->link_id); + wpa_hexdump_key(MSG_DEBUG, "WPA: MLO_GTK in EAPOL-Key", + pos, dlen); + return 0; + } + + if (left >= sizeof(struct wpa_mlo_igtk_hdr) && + selector == RSN_KEY_DATA_MLO_IGTK) { + ie->mlo_igtk_found = true; + igtk_hdr = (struct wpa_mlo_igtk_hdr *)(p); + ie->mlo_igtk[igtk_hdr->link_id] = p; + ie->mlo_igtk_len[igtk_hdr->link_id] = left; + wpa_printf(MSG_ERROR, "WPA: link id %u", igtk_hdr->link_id); + wpa_hexdump_key(MSG_DEBUG, "WPA: MLO_IGTK in EAPOL-Key", + pos, dlen); + return 0; + } + + if (left >= sizeof(struct wpa_mlo_bigtk_hdr) && + selector == RSN_KEY_DATA_MLO_BIGTK) { + bigtk_hdr = (struct wpa_mlo_bigtk_hdr *)(p); + ie->mlo_bigtk[bigtk_hdr->link_id] = p; + ie->mlo_bigtk_len[bigtk_hdr->link_id] = left; + wpa_printf(MSG_ERROR, "WPA: link id %u", bigtk_hdr->link_id); + wpa_hexdump_key(MSG_DEBUG, "WPA: MLO_BIGTK in EAPOL-Key", + pos, dlen); + return 0; + } + + if (left >= sizeof(struct wpa_mlo_link_hdr) && + selector == RSN_KEY_DATA_MLO_LINK) { + link_hdr = (struct wpa_mlo_link_hdr *)(p); + ie->mlo_link[link_hdr->link_id] = p; + ie->mlo_link_len[link_hdr->link_id] = left; + wpa_printf(MSG_ERROR, "WPA: link id %u", link_hdr->link_id); + wpa_hexdump(MSG_DEBUG, "WPA: MLO_LINK in EAPOL-Key", + pos, dlen); + return 0; + } + return 2; } diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index 852dfe38f..5cd2894c7 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -132,6 +132,10 @@ WPA_CIPHER_BIP_CMAC_256) #define RSN_KEY_DATA_MULTIBAND_KEYID RSN_SELECTOR(0x00, 0x0f, 0xac, 12) #define RSN_KEY_DATA_OCI RSN_SELECTOR(0x00, 0x0f, 0xac, 13) #define RSN_KEY_DATA_BIGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 14) +#define RSN_KEY_DATA_MLO_GTK RSN_SELECTOR(0x00, 0x0f, 0xac, 16) +#define RSN_KEY_DATA_MLO_IGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 17) +#define RSN_KEY_DATA_MLO_BIGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 18) +#define RSN_KEY_DATA_MLO_LINK RSN_SELECTOR(0x00, 0x0f, 0xac, 19) #define WFA_KEY_DATA_IP_ADDR_REQ RSN_SELECTOR(0x50, 0x6f, 0x9a, 4) #define WFA_KEY_DATA_IP_ADDR_ALLOC RSN_SELECTOR(0x50, 0x6f, 0x9a, 5) @@ -336,6 +340,52 @@ struct wpa_bigtk_kde { u8 bigtk[WPA_BIGTK_MAX_LEN]; } STRUCT_PACKED; +struct wpa_mlo_gtk_hdr { + u8 keyid:2; + u8 tx:1; + u8 res:1; + u8 link_id:4; + u8 pn[6]; +} STRUCT_PACKED; + +struct wpa_mlo_gtk_kde { + struct wpa_mlo_gtk_hdr hdr; + u8 gtk[WPA_GTK_MAX_LEN]; +} STRUCT_PACKED; + +struct wpa_mlo_igtk_hdr { + u8 keyid[2]; + u8 pn[6]; + u8 res:4; + u8 link_id:4; +} STRUCT_PACKED; + +struct wpa_mlo_igtk_kde { + struct wpa_mlo_igtk_hdr hdr; + u8 igtk[WPA_IGTK_MAX_LEN]; +} STRUCT_PACKED; + +struct wpa_mlo_bigtk_hdr { + u8 keyid[2]; + u8 pn[6]; + u8 res:4; + u8 link_id:4; +} STRUCT_PACKED; + +struct wpa_mlo_bigtk_kde { + struct wpa_mlo_bigtk_hdr hdr; + u8 bigtk[WPA_BIGTK_MAX_LEN]; +} STRUCT_PACKED; + +struct wpa_mlo_link_hdr { + u8 link_id:4; + u8 rsne_present:1; + u8 rsnxe_present:1; + u8 res:2; + u8 mac[6]; + /* variable RSNE and RSNXE */ +} STRUCT_PACKED; + struct rsn_mdie { u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; u8 ft_capab; @@ -614,6 +664,17 @@ struct wpa_eapol_ie_parse { u16 aid; const u8 *wmm; size_t wmm_len; +#define MAX_NUM_MLO_LINKS 15 + bool mlo_gtk_found; + bool mlo_igtk_found; + const u8 *mlo_gtk[MAX_NUM_MLO_LINKS]; + size_t mlo_gtk_len[MAX_NUM_MLO_LINKS]; + const u8 *mlo_igtk[MAX_NUM_MLO_LINKS]; + size_t mlo_igtk_len[MAX_NUM_MLO_LINKS]; + const u8 *mlo_bigtk[MAX_NUM_MLO_LINKS]; + size_t mlo_bigtk_len[MAX_NUM_MLO_LINKS]; + const u8 *mlo_link[MAX_NUM_MLO_LINKS]; + size_t mlo_link_len[MAX_NUM_MLO_LINKS]; }; int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie); From patchwork Thu Aug 25 05:53:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670058 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=gwQQlJws; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=gzzI6FyN; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCscc4XjQz1yhC for ; Thu, 25 Aug 2022 15:54:56 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=IAIm1KAH7EJ3BqT/Iim1+gE2e+jLM5gD8dUf+3L5FzU=; b=gwQQlJws/ZCKd9 MnujY4Icj/Dgi89/8DCxsMkFF5xQTtH7b3K6yuIk78NYtRm4SgrE2ry/JybhvZdDzycyePkMwHDN2 R3cM9BSI9byd9cmXbXZV42G/mTph+LQ8PAJyW5XwEo7IINX8NYaxo9S1eUxzIZykE4jpFneEfcYSD 6K2czZT1RpLM9m/2aYsFq5EKyz3sh09P66w79yrIWEZka+TIGNKm4q90uKob/hdRtRzLe27k10CEZ AMdy51+asw2Zc6vjHX/GqWmvsb8IhOG8WncxqvLT8fW5WgqjWaM6g1jQ6ONnewaN+7ibYl3Qo/91I U2MAUU5zy2wO9NBtx49g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5o8-007ZIq-VR; Thu, 25 Aug 2022 05:53:37 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5o5-007Z1x-3I for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:53:34 +0000 Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P5fOpW007062 for ; Thu, 25 Aug 2022 05:53:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=J9umoSH86r8vHAp8a1d+GyIoiJcd+p/B3T27wChwKm0=; b=gzzI6FyNn8DWf/eVyA99M1oIXWzz6EmSDeAYxGpm05nbG8mgyLvhAGIM6jATAEB56dlf xVg/S0PWeyJ2TpvkgZQIyY5VpNdxdCtM+w+JYFDgFWdpMgKkY6GwZU7qOc7/5JiaLyT3 Me24RbAB8cAP39PkfcngIokDzdXG6K41nHdt/7CFeEui8Yafy4F2Wd1TJ2YcJvIBaw/O p0QeBrzIAC1atCjXx1pDwHa73BO++Vk0yOuJaRwXWXnNwqgtwEYM99y0jx6KmsprYUuJ U7i+/IhwYA7BDHac1VGzR5cuzPQRbRe3SCgasmTHQRnmObF9LDVlm1paWFIKUyRb/vZm Lg== Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j5xcugn09-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:27 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rQjv031894 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:26 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:24 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 02/12] MLD STA: set MLO connection info to wpa_sm Date: Thu, 25 Aug 2022 11:23:01 +0530 Message-ID: <20220825055311.3327147-3-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: z24xVbsmsoBD52zuaRf-e-Fpu05cbXHN X-Proofpoint-ORIG-GUID: z24xVbsmsoBD52zuaRf-e-Fpu05cbXHN X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 phishscore=0 adultscore=0 malwarescore=0 suspectscore=0 mlxlogscore=889 impostorscore=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 clxscore=1011 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225333_316417_07223640 X-CRM114-Status: GOOD ( 19.91 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Update MLO connection info such as valid links, AP MLD address and other link information to wpa_sm. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 23 +++++++++++++++++++++++ src/rsn_supp/wpa.h | 11 +++++++++++ src/rsn_supp/wpa_i.h | 7 +++++++ wpa_supplicant/e [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Update MLO connection info such as valid links, AP MLD address and other link information to wpa_sm. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 23 +++++++++++++++++++++++ src/rsn_supp/wpa.h | 11 +++++++++++ src/rsn_supp/wpa_i.h | 7 +++++++ wpa_supplicant/events.c | 18 ++++++++++++++++++ 4 files changed, 59 insertions(+) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index cf9b21039..a28d49225 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -3277,6 +3277,29 @@ void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config) } +void wpa_sm_set_ml_params(struct wpa_sm *sm, const u8 *ap_mld_addr, + u16 valid_links, const u8 (*link_addr)[ETH_ALEN], + const u8 (*link_bssid)[ETH_ALEN]) +{ + int i; + + if (!sm) + return; + + sm->valid_links = valid_links; + if (!valid_links) + return; + + os_memcpy(sm->ap_mld_addr, ap_mld_addr, ETH_ALEN); + for (i = 0; i < MAX_NUM_MLD_LINKS; i++) { + if (!(valid_links & BIT(i))) + continue; + + os_memcpy(sm->links[i].addr, link_addr[i], ETH_ALEN); + os_memcpy(sm->links[i].bssid, link_bssid[i], ETH_ALEN); + } +} + /** * wpa_sm_set_own_addr - Set own MAC address * @sm: Pointer to WPA state machine data from wpa_sm_init() diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index be70f4156..e6eef0c99 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -153,6 +153,9 @@ void wpa_sm_set_fast_reauth(struct wpa_sm *sm, int fast_reauth); void wpa_sm_set_scard_ctx(struct wpa_sm *sm, void *scard_ctx); void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config); void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr); +void wpa_sm_set_ml_params(struct wpa_sm *sm, const u8 *ap_mld_addr, + u16 valid_links, const u8 (*link_addr)[ETH_ALEN], + const u8 (*link_bssid)[ETH_ALEN]); void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, const char *bridge_ifname); void wpa_sm_set_eapol(struct wpa_sm *sm, struct eapol_sm *eapol); @@ -266,6 +269,14 @@ static inline void wpa_sm_set_own_addr(struct wpa_sm *sm, const u8 *addr) { } +static inline void wpa_sm_set_ml_params(struct wpa_sm *sm, + const u8 *ap_mld_addr, + u16 valid_links, + const u8 (*link_addr)[ETH_ALEN], + const u8 (*link_bssid)[ETH_ALEN]) +{ +} + static inline void wpa_sm_set_ifname(struct wpa_sm *sm, const char *ifname, const char *bridge_ifname) { diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index fabd6cb26..62b85cb2e 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -218,6 +218,13 @@ struct wpa_sm { struct wpabuf *dpp_z; int dpp_pfs; #endif /* CONFIG_DPP2 */ + + u16 valid_links; + u8 ap_mld_addr[ETH_ALEN]; + struct { + u8 addr[ETH_ALEN]; + u8 bssid[ETH_ALEN]; + } links[MAX_NUM_MLD_LINKS]; }; diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 0db2e8dd8..db4de316f 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3387,6 +3387,23 @@ static int wpa_drv_get_mlo_info(struct wpa_supplicant *wpa_s) return 0; } +static void wpa_sm_update_ml_params(struct wpa_supplicant *wpa_s) +{ + int i; + u8 link_addr[MAX_NUM_MLD_LINKS][ETH_ALEN]; + u8 link_bssid[MAX_NUM_MLD_LINKS][ETH_ALEN]; + + for (i = 0; i < MAX_NUM_MLD_LINKS && wpa_s->valid_links; i++) { + if (!(wpa_s->valid_links & BIT(i))) + continue; + + os_memcpy(link_addr[i], wpa_s->links[i].addr, ETH_ALEN); + os_memcpy(link_bssid[i], wpa_s->links[i].bssid, ETH_ALEN); + } + + wpa_sm_set_ml_params(wpa_s->wpa, wpa_s->ap_mld_addr, wpa_s->valid_links, + link_addr, link_bssid); +} static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, union wpa_event_data *data) @@ -3512,6 +3529,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid); } wpa_sm_notify_assoc(wpa_s->wpa, bssid); + wpa_sm_update_ml_params(wpa_s); if (wpa_s->l2) l2_packet_notify_auth_start(wpa_s->l2); From patchwork Thu Aug 25 05:53:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670060 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=l4YzdIJa; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=croncKwj; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCscn2sglz1ygc for ; Thu, 25 Aug 2022 15:55:05 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=4IVqStDB3b0To2ukWZ0lvsHuBZqloP7S6ijOln0hkwU=; b=l4YzdIJakTjKuN jJ2eb0fBg0TGNg96+Rd6HNfV2E6F7u4dpGkcvnuX42uD7fAamTd5O2WJd9PJeA9ZcMS1qsCKpiAo4 F5/7cbdGmugrcw6oolywS+RA0kuAtU+HQGr9yz58UtlhI6j04AyU/Kixw8Ep+yiSf2SwmjepKTX37 wqkxwhr+sdybaOfQb0cmEtdu0Ek6AaTQnE/DSgBnfUAWJ9UIur0Ubh7ziGOVJCBb4uu66VUn9Lfzc U1CjFul3mgCXV9TkQGtyjQrnpGYbbwxY6ClzCgjYasJatDSIOC6eEItJpuIsft4RtIUxi8HoHQo2D /qsplwCB5h99ASBjvIsw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5od-007aeq-1s; Thu, 25 Aug 2022 05:54:07 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5o5-007Z28-68 for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:53:37 +0000 Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P2lrvi018229 for ; Thu, 25 Aug 2022 05:53:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=ylAR0Sx+kMXGAVkPst8yzapKmpgM8Ppp5Haug1jT7B8=; b=croncKwjXHslsYZbCw0jg+gqpelpQQunBJMSKqGJDAQyHr2Bx0NM6Rrh5EcnaspDKMHZ FL81vjvUgy8PIvEKeYaepMHN54Ns6D1uX7V3nOAcbuwRC6sfdL4suS68ICqJ9TAPX+Cw xvoSOel84N2r0T8uN2tC53BDNSaTyVoSKMhoJ+Xfl1H+6W8E67hGd2/DbURhrNRO7xaN qZcDd54JSki7/7+LCLcXUNCfQERlfUFR1C/baNsHxpx6Hp2nGboo3iGKG5Gc2pehnKc/ FRm3G8MSg87zIMHV6Nfs1i0FsKPozwVQe5s/muPYOPu67aq9eFdkhLABQLzD9dn3O5Lp Bg== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j5w5jgsp9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:28 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rR3o008406 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:27 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:26 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 03/12] MLD STA: Add support to fetch per-link beacon WPA/RSN/RSNX IEs into wpa_sm Date: Thu, 25 Aug 2022 11:23:02 +0530 Message-ID: <20220825055311.3327147-4-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: DYwWOcZdynGMg4H2mfSR5nVbqNGJB4tW X-Proofpoint-GUID: DYwWOcZdynGMg4H2mfSR5nVbqNGJB4tW X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxlogscore=999 impostorscore=0 suspectscore=0 adultscore=0 priorityscore=1501 clxscore=1015 phishscore=0 mlxscore=0 spamscore=0 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225333_409686_56C5F9D4 X-CRM114-Status: GOOD ( 26.40 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: wpa_sm needs per-link beacon RSN and RSNX IEs for MLO KDE validation. Thus, Add required APIs to parse and set AP link WPA/RSN/RSNX IEs to wpa_sm. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 103 +++++++++++++----- src/rsn_supp/wpa.h | 22 ++-- src/rsn_supp/wpa_i.h | 8 ++ tests/fuzzing/eapol-key-supp/eap [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org wpa_sm needs per-link beacon RSN and RSNX IEs for MLO KDE validation. Thus, Add required APIs to parse and set AP link WPA/RSN/RSNX IEs to wpa_sm. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 103 +++++++++++++----- src/rsn_supp/wpa.h | 22 ++-- src/rsn_supp/wpa_i.h | 8 ++ tests/fuzzing/eapol-key-supp/eapol-key-supp.c | 2 +- wpa_supplicant/events.c | 66 ++++++++--- wpa_supplicant/ibss_rsn.c | 4 +- wpa_supplicant/wpa_supplicant.c | 19 ++-- wpa_supplicant/wpas_glue.c | 103 +++++++++++++++--- 8 files changed, 247 insertions(+), 80 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index a28d49225..f3965ca50 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -3716,6 +3716,7 @@ int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len) /** * wpa_sm_set_ap_wpa_ie - Set AP WPA IE from Beacon/ProbeResp * @sm: Pointer to WPA state machine data from wpa_sm_init() + * @link_id: MLO link ID to set specific link or -1 to set default * @ie: Pointer to IE data (starting from id) * @len: IE length * Returns: 0 on success, -1 on failure @@ -3723,24 +3724,40 @@ int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len) * Inform WPA state machine about the WPA IE used in Beacon / Probe Response * frame. */ -int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) +int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, int link_id, const u8 *ie, + size_t len) { - if (sm == NULL) + u8 **ap_wpa_ie; + size_t *ap_wpa_ie_len; + + if (!sm) return -1; - os_free(sm->ap_wpa_ie); - if (ie == NULL || len == 0) { + if (link_id == -1) { + ap_wpa_ie = &sm->ap_wpa_ie; + ap_wpa_ie_len = &sm->ap_wpa_ie_len; + } else { + if (link_id < 0 || link_id >= MAX_NUM_MLD_LINKS) + return -1; + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, - "WPA: clearing AP WPA IE"); - sm->ap_wpa_ie = NULL; - sm->ap_wpa_ie_len = 0; + "WPA: set AP WPA IE for link ID %d", link_id); + ap_wpa_ie = &sm->links[link_id].ap_wpa_ie; + ap_wpa_ie_len = &sm->links[link_id].ap_wpa_ie_len; + } + + os_free(*ap_wpa_ie); + if (ie == NULL || len == 0) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: clearing AP WPA IE"); + *ap_wpa_ie = NULL; + *ap_wpa_ie_len = 0; } else { wpa_hexdump(MSG_DEBUG, "WPA: set AP WPA IE", ie, len); - sm->ap_wpa_ie = os_memdup(ie, len); - if (sm->ap_wpa_ie == NULL) + *ap_wpa_ie = os_memdup(ie, len); + if (*ap_wpa_ie == NULL) return -1; - sm->ap_wpa_ie_len = len; + *ap_wpa_ie_len = len; } return 0; @@ -3750,6 +3767,7 @@ int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) /** * wpa_sm_set_ap_rsn_ie - Set AP RSN IE from Beacon/ProbeResp * @sm: Pointer to WPA state machine data from wpa_sm_init() + * @link_id: MLO link ID to set specific link or -1 to set default * @ie: Pointer to IE data (starting from id) * @len: IE length * Returns: 0 on success, -1 on failure @@ -3757,24 +3775,41 @@ int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len) * Inform WPA state machine about the RSN IE used in Beacon / Probe Response * frame. */ -int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) +int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, int link_id, const u8 *ie, + size_t len) { - if (sm == NULL) + u8 **ap_rsn_ie; + size_t *ap_rsn_ie_len; + + if (!sm) return -1; - os_free(sm->ap_rsn_ie); + if (link_id == -1) { + ap_rsn_ie = &sm->ap_rsn_ie; + ap_rsn_ie_len = &sm->ap_rsn_ie_len; + } else { + if (link_id < 0 || link_id >= MAX_NUM_MLD_LINKS) + return -1; + + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: set AP RSN IE for link ID %d", link_id); + ap_rsn_ie = &sm->links[link_id].ap_rsn_ie; + ap_rsn_ie_len = &sm->links[link_id].ap_rsn_ie_len; + } + + os_free(*ap_rsn_ie); if (ie == NULL || len == 0) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: clearing AP RSN IE"); - sm->ap_rsn_ie = NULL; - sm->ap_rsn_ie_len = 0; + *ap_rsn_ie = NULL; + *ap_rsn_ie_len = 0; } else { wpa_hexdump(MSG_DEBUG, "WPA: set AP RSN IE", ie, len); - sm->ap_rsn_ie = os_memdup(ie, len); - if (sm->ap_rsn_ie == NULL) + *ap_rsn_ie = os_memdup(ie, len); + if (*ap_rsn_ie == NULL) return -1; - sm->ap_rsn_ie_len = len; + *ap_rsn_ie_len = len; } return 0; @@ -3784,6 +3819,7 @@ int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) /** * wpa_sm_set_ap_rsnxe - Set AP RSNXE from Beacon/ProbeResp * @sm: Pointer to WPA state machine data from wpa_sm_init() + * @link_id: MLO link ID to set specific link or -1 to set default * @ie: Pointer to IE data (starting from id) * @len: IE length * Returns: 0 on success, -1 on failure @@ -3791,23 +3827,40 @@ int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len) * Inform WPA state machine about the RSNXE used in Beacon / Probe Response * frame. */ -int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len) +int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, int link_id, const u8 *ie, + size_t len) { + u8 **ap_rsnxe; + size_t *ap_rsnxe_len; + if (!sm) return -1; - os_free(sm->ap_rsnxe); + if (link_id == -1) { + ap_rsnxe = &sm->ap_rsnxe; + ap_rsnxe_len = &sm->ap_rsnxe_len; + } else { + if (link_id < 0 || link_id >= MAX_NUM_MLD_LINKS) + return -1; + + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: set AP RSNXE IE for link ID %d", link_id); + ap_rsnxe = &sm->links[link_id].ap_rsnxe; + ap_rsnxe_len = &sm->links[link_id].ap_rsnxe_len; + } + + os_free(*ap_rsnxe); if (!ie || len == 0) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: clearing AP RSNXE"); - sm->ap_rsnxe = NULL; - sm->ap_rsnxe_len = 0; + *ap_rsnxe = NULL; + *ap_rsnxe_len = 0; } else { wpa_hexdump(MSG_DEBUG, "WPA: set AP RSNXE", ie, len); - sm->ap_rsnxe = os_memdup(ie, len); - if (!sm->ap_rsnxe) + *ap_rsnxe = os_memdup(ie, len); + if (*ap_rsnxe == NULL) return -1; - sm->ap_rsnxe_len = len; + *ap_rsnxe_len = len; } return 0; diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index e6eef0c99..a56802b0a 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -93,6 +93,7 @@ struct wpa_sm_ctx { void (*transition_disable)(void *ctx, u8 bitmap); void (*store_ptk)(void *ctx, u8 *addr, int cipher, u32 life_time, const struct wpa_ptk *ptk); + int (*get_link_beacon_ie)(void *ctx, u8 link_id); }; @@ -165,9 +166,12 @@ int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, u8 *wpa_ie, int wpa_sm_set_assoc_rsnxe_default(struct wpa_sm *sm, u8 *rsnxe, size_t *rsnxe_len); int wpa_sm_set_assoc_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len); -int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, size_t len); -int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, size_t len); -int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, const u8 *ie, size_t len); +int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, int link_id, const u8 *ie, + size_t len); +int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, int link_id, const u8 *ie, + size_t len); +int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, int link_id, const u8 *ie, + size_t len); int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen); int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, @@ -299,20 +303,20 @@ static inline int wpa_sm_set_assoc_wpa_ie_default(struct wpa_sm *sm, return -1; } -static inline int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, const u8 *ie, - size_t len) +static inline int wpa_sm_set_ap_wpa_ie(struct wpa_sm *sm, int link_id, + const u8 *ie, size_t len) { return -1; } -static inline int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, const u8 *ie, - size_t len) +static inline int wpa_sm_set_ap_rsn_ie(struct wpa_sm *sm, int link_id, + const u8 *ie, size_t len) { return -1; } -static inline int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, const u8 *ie, - size_t len) +static inline int wpa_sm_set_ap_rsnxe(struct wpa_sm *sm, int link_id, + const u8 *ie, size_t len) { return -1; } diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 62b85cb2e..8bf0f28d8 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -224,6 +224,8 @@ struct wpa_sm { struct { u8 addr[ETH_ALEN]; u8 bssid[ETH_ALEN]; + u8 *ap_wpa_ie, *ap_rsn_ie, *ap_rsnxe; + size_t ap_wpa_ie_len, ap_rsn_ie_len, ap_rsnxe_len; } links[MAX_NUM_MLD_LINKS]; }; @@ -288,6 +290,12 @@ static inline int wpa_sm_get_beacon_ie(struct wpa_sm *sm) return sm->ctx->get_beacon_ie(sm->ctx->ctx); } +static inline int wpa_sm_get_link_beacon_ie(struct wpa_sm *sm, u8 link_id) +{ + WPA_ASSERT(sm->ctx->get_link_beacon_ie); + return sm->ctx->get_link_beacon_ie(sm->ctx->ctx, link_id); +} + static inline void wpa_sm_cancel_auth_timeout(struct wpa_sm *sm) { WPA_ASSERT(sm->ctx->cancel_auth_timeout); diff --git a/tests/fuzzing/eapol-key-supp/eapol-key-supp.c b/tests/fuzzing/eapol-key-supp/eapol-key-supp.c index 0c7189571..a86efd376 100644 --- a/tests/fuzzing/eapol-key-supp/eapol-key-supp.c +++ b/tests/fuzzing/eapol-key-supp/eapol-key-supp.c @@ -168,7 +168,7 @@ static int supp_get_beacon_ie(void *ctx) ie = wpa->wpa1 ? wpaie : rsne; if (ie[0] == WLAN_EID_RSN) return wpa_sm_set_ap_rsn_ie(wpa->supp, ie, 2 + ie[1]); - return wpa_sm_set_ap_wpa_ie(wpa->supp, ie, 2 + ie[1]); + return wpa_sm_set_ap_wpa_ie(wpa->supp, -1, ie, 2 + ie[1]); } diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index db4de316f..5f13d4674 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3223,27 +3223,27 @@ no_pfs: p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) { wpa_found = 1; - wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len); + wpa_sm_set_ap_wpa_ie(wpa_s->wpa, -1, p, len); } if (!rsn_found && p[0] == WLAN_EID_RSN && p[1] >= 2) { rsn_found = 1; - wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len); + wpa_sm_set_ap_rsn_ie(wpa_s->wpa, -1, p, len); } if (p[0] == WLAN_EID_RSNX && p[1] >= 1) - wpa_sm_set_ap_rsnxe(wpa_s->wpa, p, len); + wpa_sm_set_ap_rsnxe(wpa_s->wpa, -1, p, len); l -= len; p += len; } if (!wpa_found && data->assoc_info.beacon_ies) - wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0); + wpa_sm_set_ap_wpa_ie(wpa_s->wpa, -1, NULL, 0); if (!rsn_found && data->assoc_info.beacon_ies) { - wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0); - wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0); + wpa_sm_set_ap_rsn_ie(wpa_s->wpa, -1, NULL, 0); + wpa_sm_set_ap_rsnxe(wpa_s->wpa, -1, NULL, 0); } if (wpa_found || rsn_found) wpa_s->ap_ies_from_associnfo = 1; @@ -3265,26 +3265,23 @@ no_pfs: } -static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s) +static int wpa_supplicant_update_link_ie(struct wpa_supplicant *wpa_s, + int link_id, const struct wpa_bss *bss) { const u8 *bss_wpa = NULL, *bss_rsn = NULL, *bss_rsnx = NULL; - if (!wpa_s->current_bss || !wpa_s->current_ssid) + if (!bss) return -1; - if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt)) - return 0; - - bss_wpa = wpa_bss_get_vendor_ie(wpa_s->current_bss, - WPA_IE_VENDOR_TYPE); - bss_rsn = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSN); - bss_rsnx = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSNX); + bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); + bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); + bss_rsnx = wpa_bss_get_ie(bss, WLAN_EID_RSNX); - if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa, + if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, link_id, bss_wpa, bss_wpa ? 2 + bss_wpa[1] : 0) || - wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn, + wpa_sm_set_ap_rsn_ie(wpa_s->wpa, link_id, bss_rsn, bss_rsn ? 2 + bss_rsn[1] : 0) || - wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx, + wpa_sm_set_ap_rsnxe(wpa_s->wpa, link_id, bss_rsnx, bss_rsnx ? 2 + bss_rsnx[1] : 0)) return -1; @@ -3292,6 +3289,39 @@ static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s) } +static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s) +{ + int i; + + if (!wpa_s->current_bss || !wpa_s->current_ssid) + return -1; + + if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt)) + return 0; + + if (wpa_supplicant_update_link_ie(wpa_s, -1, wpa_s->current_bss)) + return -1; + + if (!wpa_s->valid_links) + return 0; + + for (i = 0; i < MAX_NUM_MLD_LINKS; i++) { + if (!(wpa_s->valid_links & BIT(i))) { + wpa_sm_set_ap_wpa_ie(wpa_s->wpa, i, NULL, 0); + wpa_sm_set_ap_rsn_ie(wpa_s->wpa, i, NULL, 0); + wpa_sm_set_ap_rsnxe(wpa_s->wpa, i, NULL, 0); + continue; + } + + if (wpa_supplicant_update_link_ie(wpa_s, i, + wpa_s->links[i].bss)) + return -1; + } + + return 0; +} + + static void wpas_fst_update_mb_assoc(struct wpa_supplicant *wpa_s, union wpa_event_data *data) { diff --git a/wpa_supplicant/ibss_rsn.c b/wpa_supplicant/ibss_rsn.c index 874c2bf1d..459d7bd2d 100644 --- a/wpa_supplicant/ibss_rsn.c +++ b/wpa_supplicant/ibss_rsn.c @@ -117,8 +117,8 @@ static int supp_get_beacon_ie(void *ctx) wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); /* TODO: get correct RSN IE */ - wpa_sm_set_ap_rsnxe(peer->supp, NULL, 0); - return wpa_sm_set_ap_rsn_ie(peer->supp, + wpa_sm_set_ap_rsnxe(peer->supp, -1, NULL, 0); + return wpa_sm_set_ap_rsn_ie(peer->supp, -1, (u8 *) "\x30\x14\x01\x00" "\x00\x0f\xac\x04" "\x01\x00\x00\x0f\xac\x04" diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index ba364324d..b0087328c 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -400,9 +400,7 @@ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { -#ifdef CONFIG_WEP int i; -#endif /* CONFIG_WEP */ if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) wpa_s->key_mgmt = WPA_KEY_MGMT_WPS; @@ -410,9 +408,14 @@ void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s, wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA; else wpa_s->key_mgmt = WPA_KEY_MGMT_NONE; - wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0); - wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0); - wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0); + wpa_sm_set_ap_wpa_ie(wpa_s->wpa, -1, NULL, 0); + wpa_sm_set_ap_rsn_ie(wpa_s->wpa, -1, NULL, 0); + wpa_sm_set_ap_rsnxe(wpa_s->wpa, -1, NULL, 0); + for (int i = 0; i < MAX_NUM_MLD_LINKS; i++) { + wpa_sm_set_ap_wpa_ie(wpa_s->wpa, i, NULL, 0); + wpa_sm_set_ap_rsn_ie(wpa_s->wpa, i, NULL, 0); + wpa_sm_set_ap_rsnxe(wpa_s->wpa, i, NULL, 0); + } wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0); wpa_s->rsnxe_len = 0; @@ -1505,11 +1508,11 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN))); if (bss || !wpa_s->ap_ies_from_associnfo) { - if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa, + if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, -1, bss_wpa, bss_wpa ? 2 + bss_wpa[1] : 0) || - wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn, + wpa_sm_set_ap_rsn_ie(wpa_s->wpa, -1, bss_rsn, bss_rsn ? 2 + bss_rsn[1] : 0) || - wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx, + wpa_sm_set_ap_rsnxe(wpa_s->wpa, -1, bss_rsnx, bss_rsnx ? 2 + bss_rsnx[1] : 0)) return -1; } diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index ccc72c4d6..2784fb096 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -390,15 +390,21 @@ static void wpa_supplicant_notify_eapol_done(void *ctx) #ifndef CONFIG_NO_WPA -static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s) +struct beacon_ies { + const u8 *wpa_ie, *rsn_ie, *rsnxe; + size_t wpa_ie_len, rsn_ie_len, rsnxe_len; +}; + + +static int wpa_get_bssid_beacon_ie(struct wpa_supplicant *wpa_s, + const u8 *bssid, struct beacon_ies *ies) { - int ret = 0; struct wpa_bss *curr = NULL, *bss; struct wpa_ssid *ssid = wpa_s->current_ssid; const u8 *ie; dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { - if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0) + if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0) continue; if (ssid == NULL || ((bss->ssid_len == ssid->ssid_len && @@ -416,23 +422,42 @@ static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s) #endif /* CONFIG_OWE */ } - if (curr) { - ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE); - if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) - ret = -1; + if (!curr) + return -1; - ie = wpa_bss_get_ie(curr, WLAN_EID_RSN); - if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) - ret = -1; + ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE); + ies->wpa_ie = ie; + ies->wpa_ie_len = ie ? 2 + ie[1] : 0; - ie = wpa_bss_get_ie(curr, WLAN_EID_RSNX); - if (wpa_sm_set_ap_rsnxe(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) - ret = -1; - } else { - ret = -1; - } + ie = wpa_bss_get_ie(curr, WLAN_EID_RSN); + ies->rsn_ie = ie; + ies->rsn_ie_len = ie ? 2 + ie[1] : 0; - return ret; + ie = wpa_bss_get_ie(curr, WLAN_EID_RSNX); + ies->rsnxe = ie; + ies->rsnxe_len = ie ? 2 + ie[1] : 0; + + return 0; +} + + +static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s) +{ + struct beacon_ies ies; + + if (wpa_get_bssid_beacon_ie(wpa_s, wpa_s->bssid, &ies)) + return -1; + + if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, -1, ies.wpa_ie, ies.wpa_ie_len)) + return -1; + + if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, -1, ies.rsn_ie, ies.rsn_ie_len)) + return -1; + + if (wpa_sm_set_ap_rsnxe(wpa_s->wpa, -1, ies.rsnxe, ies.rsnxe_len)) + return -1; + + return 0; } @@ -452,6 +477,49 @@ static int wpa_supplicant_get_beacon_ie(void *ctx) } +static int wpa_get_link_beacon_ie(struct wpa_supplicant *wpa_s, u8 link_id) +{ + struct beacon_ies ies; + + if (!(wpa_s->valid_links & BIT(link_id))) + return -1; + + + if (wpa_get_bssid_beacon_ie(wpa_s, wpa_s->links[link_id].bssid, &ies)) + return -1; + + if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, link_id, ies.wpa_ie, + ies.wpa_ie_len)) + return -1; + + if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, link_id, ies.rsn_ie, + ies.rsn_ie_len)) + return -1; + + if (wpa_sm_set_ap_rsnxe(wpa_s->wpa, link_id, ies.rsnxe, ies.rsnxe_len)) + return -1; + + return 0; +} + + +static int wpa_supplicant_get_link_beacon_ie(void *ctx, u8 link_id) +{ + struct wpa_supplicant *wpa_s = ctx; + if (wpa_get_link_beacon_ie(wpa_s, link_id) == 0) { + return 0; + } + + /* No WPA/RSN IE found in the cached scan results. Try to get updated + * scan results from the driver. */ + if (wpa_supplicant_update_scan_results(wpa_s) < 0) + return -1; + + return wpa_get_link_beacon_ie(wpa_s, link_id); +} + + + static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type, const void *data, u16 data_len, size_t *msg_len, void **data_pos) @@ -1412,6 +1480,7 @@ int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) ctx->get_bssid = wpa_supplicant_get_bssid; ctx->ether_send = _wpa_ether_send; ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie; + ctx->get_link_beacon_ie = wpa_supplicant_get_link_beacon_ie; ctx->alloc_eapol = _wpa_alloc_eapol; ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout; ctx->add_pmkid = wpa_supplicant_add_pmkid; From patchwork Thu Aug 25 05:53:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670059 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=ed4+94IX; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=Kzyasotj; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCscl0jcvz1ygc for ; Thu, 25 Aug 2022 15:55:02 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=w2y0p+4lFsOuSEwQ/vltWD+mrJH1UMOyRKGps92hMtI=; b=ed4+94IX1H/OLg ngN9ZVHrHkpak3mpoFQ+PJMT8NhauImnhDNtV5mUM597cvEegveNroUjA6/J6e8QzFIhRfHcdIG1h PX8FsmeMBtVughHVlf6jf26sRSK7D3Y1f+QaeM4RJ7/VN50mELYqsKGAl4+NzRqSnqqYANY5gEg+C RqXKTHgj2YaS92KY3cEJ5g0N1F1YkhM8bw2Q9SIPdY+T2q8IgZ0x6f+y0pS4FtizV/83Srq3BEZMz WgF4P2e0rNWcsom3XwnZiaj5mqQqBJdYqPA27QdL+Juuij+9XypdVOz7k8WzozyIn7OZqicBQW5au knOtiFVwEU0F0ir4HJPQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5oK-007Zn0-4B; Thu, 25 Aug 2022 05:53:48 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5o5-007Z3O-48 for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:53:35 +0000 Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P2PAZ5011847 for ; Thu, 25 Aug 2022 05:53:30 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=+tkadffK6y41QYIT2+JhZ46MIPGU5mwbXsBI/PZJRrs=; b=KzyasotjEvX87fGAfr5p8xhvfFaYxXiTOL8LI5km+Pb4tmTkkQfEQlTReja+jYLfbvVo qcFeJpWwJ+cabXXwlPP1m1ZgUp0baNYAEFrq/mykNQec/boCTIETldF2nnMxZf/G6csu /DThwygiraIBTWe1LBKp1C37beEU0kFeMyt3Whzv0qYnWVYVStaRm1J2XWwCXPtaNMYH RSocuFnOCgtIw3uhMUcPfRqHzwbgIYXEx9x2I+rNG23RdRAYgRIr0PeuKxJYWUj2WwF9 NXg16R/Bue+y4PzGb7JVVTLSILNh1/5aJmIKuHNwexqcLCL5y9lpJ7XbQQ+nO6EXoUu3 WA== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j5xcugn0d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:30 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rTb8008416 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:29 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:27 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 04/12] MLD STA: Add MLO KDEs for 2/4 and 4/4 EAPOL frames Date: Thu, 25 Aug 2022 11:23:03 +0530 Message-ID: <20220825055311.3327147-5-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: tRNMEtarc-_qA5d9-_o5SyXrbv2gbZ2_ X-Proofpoint-ORIG-GUID: tRNMEtarc-_qA5d9-_o5SyXrbv2gbZ2_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 phishscore=0 adultscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 impostorscore=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 clxscore=1015 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225333_314702_FA081610 X-CRM114-Status: GOOD ( 22.86 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Add new KDEs introduced for MLO connection as specified in 12.7.2 EAPOL-Key frames, IEEE P802.11be/D2.0. - Add MAC and MLO link KDE for each link in 2/4 EAPOL frame. - Add MAC KDE in 4/4 EAPOL frame. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add new KDEs introduced for MLO connection as specified in 12.7.2 EAPOL-Key frames, IEEE P802.11be/D2.0. - Add MAC and MLO link KDE for each link in 2/4 EAPOL frame. - Add MAC KDE in 4/4 EAPOL frame. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 106 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 102 insertions(+), 4 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index f3965ca50..4081dde79 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -671,6 +671,59 @@ static int wpa_handle_ext_key_id(struct wpa_sm *sm, } +static u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len, + const u8 *data2, size_t data2_len) +{ + *pos++ = WLAN_EID_VENDOR_SPECIFIC; + *pos++ = RSN_SELECTOR_LEN + data_len + data2_len; + RSN_SELECTOR_PUT(pos, kde); + pos += RSN_SELECTOR_LEN; + os_memcpy(pos, data, data_len); + pos += data_len; + if (data2) { + os_memcpy(pos, data2, data2_len); + pos += data2_len; + } + return pos; +} + + +static size_t wpa_mlo_link_kde_len(struct wpa_sm *sm) +{ + int i; + int num_links = 0; + + for (i = 0; i < MAX_NUM_MLO_LINKS; i++) { + if (!(sm->valid_links & BIT(i))) + continue; + + num_links++; + } + + return (num_links * (RSN_SELECTOR_LEN + 7 + 2)); +} + + +static u8 *wpa_mlo_link_kde(struct wpa_sm *sm, u8 *pos) +{ + int i; + u8 hdr[2 + ETH_ALEN]; + + for (i = 0; i < MAX_NUM_MLO_LINKS; i++) { + if (!(sm->valid_links & BIT(i))) + continue; + + wpa_printf(MSG_DEBUG, + "link_id %d: Add MLO Link KDE into EAPOL-Key 2/4", + i); + hdr[0] = i & 0xF; + os_memcpy(&hdr[1], sm->links[i].addr, ETH_ALEN); + pos = wpa_add_kde(pos, RSN_KEY_DATA_MLO_LINK, hdr, 7, NULL, 0); + } + + return pos; +} + static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, const unsigned char *src_addr, const struct wpa_eapol_key *key, @@ -683,6 +736,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, int res; u8 *kde, *kde_buf = NULL; size_t kde_len; + size_t mlo_kde_len = 0; if (encrypted == FRAME_NOT_ENCRYPTED && sm->tk_set && wpa_sm_pmf_enabled(sm)) { @@ -762,13 +816,19 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, } sm->tptk_set = 1; + /* Add MLO Link KDE and MAC KDE in M2 for ML connection */ + if (sm->valid_links) + mlo_kde_len = (wpa_mlo_link_kde_len(sm) + + RSN_SELECTOR_LEN + 6 + 2) ; + kde = sm->assoc_wpa_ie; kde_len = sm->assoc_wpa_ie_len; kde_buf = os_malloc(kde_len + 2 + RSN_SELECTOR_LEN + 3 + sm->assoc_rsnxe_len + 2 + RSN_SELECTOR_LEN + 1 + - 2 + RSN_SELECTOR_LEN + 2); + 2 + RSN_SELECTOR_LEN + 2 + mlo_kde_len); + if (!kde_buf) goto failed; os_memcpy(kde_buf, kde, kde_len); @@ -842,6 +902,21 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, } #endif /* CONFIG_DPP2 */ + if (sm->valid_links) { + u8 *pos; + + /* Add MAC KDE */ + wpa_printf(MSG_DEBUG, "MLO: Add MAC KDE into EAPOL-Key 2/4"); + pos = kde + kde_len; + pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->own_addr, + ETH_ALEN, NULL, 0); + + /* Add MLO link KDE */ + wpa_printf(MSG_DEBUG, "Add MLO Link KDE(s) into EAPOL-Key 2/4"); + pos = wpa_mlo_link_kde(sm, pos); + kde_len = pos - kde; + } + if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, kde, kde_len, ptk) < 0) goto failed; @@ -1636,13 +1711,32 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, size_t mic_len, hdrlen, rlen; struct wpa_eapol_key *reply; u8 *rbuf, *key_mic; + u8 *kde = NULL; + size_t kde_len = 0; + + if (sm->valid_links) { + u8 *pos; + + kde = os_malloc(RSN_SELECTOR_LEN + 6 + 2); + if (!kde) + return -1; + + /* Add MAC KDE */ + wpa_printf(MSG_DEBUG, "MLO: Add MAC KDE into EAPOL-Key 4/4"); + pos = kde; + pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->own_addr, + ETH_ALEN, NULL, 0); + kde_len = pos - kde; + } mic_len = wpa_mic_len(sm->key_mgmt, sm->pmk_len); hdrlen = sizeof(*reply) + mic_len + 2; rbuf = wpa_sm_alloc_eapol(sm, IEEE802_1X_TYPE_EAPOL_KEY, NULL, - hdrlen, &rlen, (void *) &reply); - if (rbuf == NULL) + hdrlen + kde_len, &rlen, (void *) &reply); + if (rbuf == NULL) { + os_free(kde); return -1; + } reply->type = (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) ? @@ -1662,7 +1756,11 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, WPA_REPLAY_COUNTER_LEN); key_mic = (u8 *) (reply + 1); - WPA_PUT_BE16(key_mic + mic_len, 0); + WPA_PUT_BE16(key_mic + mic_len, kde_len); /* Key Data Lenght */ + if (kde) { + os_memcpy(key_mic + mic_len + 2, kde, kde_len); /* Key Data */ + os_free(kde); + } wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4"); return wpa_eapol_key_send(sm, ptk, ver, dst, ETH_P_EAPOL, rbuf, rlen, From patchwork Thu Aug 25 05:53:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670057 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=BXnu+gvT; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=Hx3p249f; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCscZ3mP5z1ygc for ; Thu, 25 Aug 2022 15:54:52 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=3BoJs5Q6BcGz4x+HvNkNZ2NmYFR29qp5jTT4nL8fxdU=; b=BXnu+gvT7yoKp6 6SESQjkejNjWfmZfQtAKU99ckGEzLEvYanX/gi4n5wt3IbLkEJH7YAPcr5GVDOjS2pgzTrMC32ERX kPVBfT5EbeFm9ErLA2BThR/YNyCBsp/0ZwKdua+aSy9RBhWKhH4GSClwwNLBh/6AftXGcKOq/GL5a G5b2YAPL0jcdgLIbau9sB8nyolaTI8lAmVoap1WMGRCnysbdOaiNDoiiaZxw/Ik0fRNJ99HBoyWgO uZbVsID31MWJUHGcGQmTHhJL1xHsWyGt/TRxs3JC/mf/NpM2JX0wQK9MmFxpDiT9LqYK4Cf0TTYUU IumfYYG/mnbdQgC99qFg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5oT-007aMa-P8; Thu, 25 Aug 2022 05:53:57 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5o6-007Z3Y-06 for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:53:36 +0000 Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P31irx020634 for ; Thu, 25 Aug 2022 05:53:32 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=eGJq+6UOZb2RVI5sqEu2HhrDjSGVs+OgNuF52SvzjV8=; b=Hx3p249f9TZFplpuY9RkzwDG0IBRbgJACkGuUhknZbu4gGTeSPHNtoWdLEJrqW3I6L+g +kj8BvaF2s1I/mmIGCI2WNScGv76RiWXP8gJLq2KgFMFfHR5poLCm6v8+m6LoLQ7uTU+ aolN/mOLRD8sQE4ybCPAeFTXUvhO6iiebV5CuWeThkaOYSptjJP+pPgF0HBhTxIPqnEZ CPqzn/M43vLZe698L7dyBTnhKQwuyQURfNVARrky7/hYguIyles/KueUvRu1N6wFLO80 l3QgTpf6x4GFh4J+OgDhhYfEY+Iv6se604Yy2OoHmKCdSWdlRDUzhzkcWssFpOSUbKmy Xw== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j5w5jgspb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:31 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rUsW008420 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:30 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:29 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 05/12] MLD STA: Derive pairwise keys using MLD address Date: Thu, 25 Aug 2022 11:23:04 +0530 Message-ID: <20220825055311.3327147-6-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: wGkmh5EGtJvpmnxV1EshMIed95wPgZo6 X-Proofpoint-GUID: wGkmh5EGtJvpmnxV1EshMIed95wPgZo6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxlogscore=908 impostorscore=0 suspectscore=0 adultscore=0 priorityscore=1501 clxscore=1015 phishscore=0 mlxscore=0 spamscore=0 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225334_201080_9FE94B45 X-CRM114-Status: GOOD ( 18.21 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Pairwise keys must be derived using MLD for MLO connection. Current changes are handling only ptk derivation during EAPOL Four-Way handshake. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 8 +++++++- src/rsn_supp/wpa_ft.c | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Pairwise keys must be derived using MLD for MLO connection. Current changes are handling only ptk derivation during EAPOL Four-Way handshake. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 8 +++++++- src/rsn_supp/wpa_ft.c | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 4081dde79..66b94bd12 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -588,6 +588,7 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, const u8 *z = NULL; size_t z_len = 0, kdk_len; int akmp; + u8 *auth_addr; #ifdef CONFIG_IEEE80211R if (wpa_key_mgmt_ft(sm->key_mgmt)) @@ -618,8 +619,13 @@ static int wpa_derive_ptk(struct wpa_sm *sm, const unsigned char *src_addr, else kdk_len = 0; + if (sm->valid_links) + auth_addr = sm->ap_mld_addr; + else + auth_addr = sm->bssid; + return wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion", - sm->own_addr, sm->bssid, sm->snonce, + sm->own_addr, auth_addr, sm->snonce, key->key_nonce, ptk, akmp, sm->pairwise_cipher, z, z_len, kdk_len); diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 9d4044c14..06c74c47c 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -41,6 +41,7 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr, int use_sha384 = wpa_key_mgmt_sha384(sm->key_mgmt); const u8 *mpmk; size_t mpmk_len, kdk_len; + u8 *auth_addr; if (sm->xxkey_len > 0) { mpmk = sm->xxkey; @@ -75,8 +76,13 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr, else kdk_len = 0; + if (sm->valid_links) + auth_addr = sm->ap_mld_addr; + else + auth_addr = sm->bssid; + return wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len, sm->snonce, anonce, - sm->own_addr, sm->bssid, sm->pmk_r1_name, ptk, + sm->own_addr, auth_addr, sm->pmk_r1_name, ptk, ptk_name, sm->key_mgmt, sm->pairwise_cipher, kdk_len); } From patchwork Thu Aug 25 05:53:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670068 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=EIGyfY/G; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=Pwh8WFh4; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCslR526Zz1ygm for ; Thu, 25 Aug 2022 16:00:51 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Ugt9PLNcobE1KKKTV7R+jpFGfXcWqkmjIHtn3rTdZZ4=; b=EIGyfY/GA5lfZt Pk4hHfgYJa8YwfEscwPwXl57h9IjRgv38OgZBQMbXDGwswoZtiIPhaEqVDwgYFf+pqWw40e71DkVp raABa9c/5uAhuL1A0Cp2d4OB6K8gWLxY62r5LTZwXS2WgFZUVnoyRW3XfOB+TvZfE+bYcWayYoiSp QKvylp3mpjVnsEEdSV4XoX5hDpWW0aB/tm1TP4/SkIyldzd+gc4OttxFwB54Q6XlnfXZ9xE3n7gTY vOSIGK8+cF8nyIsnMBtZVXh0XByf/t8JflBxmJl7Tzkt1h3OBQ4mbIW0Re05h17A3EPI2vuc9ZQ1q hnuyNN6Hs/tHeYH6l7PQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5u6-007fqF-UJ; Thu, 25 Aug 2022 05:59:47 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5sw-007ekq-R7 for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:58:36 +0000 Received: from pps.filterd (m0279868.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P4pFQq015803 for ; Thu, 25 Aug 2022 05:58:33 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=RTJxhSbI9zWDqam7sAnDxI1VUF2kJviZ0xSQa1n/U9k=; b=Pwh8WFh4wecmtj02B35JPLXUU0Go1DYtikjSmGJ+yD+AhWp/KHfRaxQ38wRM9DT3SGAh DvuLZghIdmMBayw3Ih3qX+o6X8ipSuFzzlQzExPAweNTSy5XpOGdJPAyM+K/YNL463Wq 2P035y9tgJDAaJjjvuaAxOg2PejpkN1luDDZ5fVNVqFqeurgEpo4wqjtFfq46ps9vF0q LdyjgcdYQ0kjI93iC/vEeTrDD2k6VcVRFyA8IaOEIKf9eAIyZMkSRw0GdN8SoOxOY065 HEskZWlpMi9KKHIPEQH5bpAy3RnKd/m0R56aTNZPU/4X5d9JRbhUTZpSPJketnTo4N/1 AA== Received: from nalasppmta03.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j52pqnppm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:58:33 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA03.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rWRe022316 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:32 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:31 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 06/12] MLD STA: Configure pairwise keys using MLD address Date: Thu, 25 Aug 2022 11:23:05 +0530 Message-ID: <20220825055311.3327147-7-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: kGS3-3mGOQYR69wclVoFX4z6ZJNRDMEm X-Proofpoint-GUID: kGS3-3mGOQYR69wclVoFX4z6ZJNRDMEm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 mlxscore=0 adultscore=0 lowpriorityscore=0 spamscore=0 malwarescore=0 phishscore=0 clxscore=1015 bulkscore=0 priorityscore=1501 mlxlogscore=999 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225835_041011_A1011985 X-CRM114-Status: GOOD ( 17.54 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Configure the pairwise keys with MLD address when plubing to driver. Current changes handling only EAPOL Four-Way handshake. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Configure the pairwise keys with MLD address when plubing to driver. Current changes handling only EAPOL Four-Way handshake. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 66b94bd12..8ac22eac9 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1007,6 +1007,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, int keylen, rsclen; enum wpa_alg alg; const u8 *key_rsc; + u8 *auth_addr; if (sm->ptk.installed) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, @@ -1046,13 +1047,18 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen); } - if (wpa_sm_set_key(sm, alg, sm->bssid, sm->keyidx_active, 1, key_rsc, + if (sm->valid_links) + auth_addr = sm->ap_mld_addr; + else + auth_addr = sm->bssid; + + if (wpa_sm_set_key(sm, alg, auth_addr, sm->keyidx_active, 1, key_rsc, rsclen, sm->ptk.tk, keylen, KEY_FLAG_PAIRWISE | key_flag) < 0) { wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, - "WPA: Failed to set PTK to the driver (alg=%d keylen=%d bssid=" + "WPA: Failed to set PTK to the driver (alg=%d keylen=%d auth_addr=" MACSTR " idx=%d key_flag=0x%x)", - alg, keylen, MAC2STR(sm->bssid), + alg, keylen, MAC2STR(auth_addr), sm->keyidx_active, key_flag); return -1; } @@ -1077,11 +1083,13 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, static int wpa_supplicant_activate_ptk(struct wpa_sm *sm) { + const u8 *peer_addr = sm->valid_links ? sm->ap_mld_addr : sm->bssid; + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Activate PTK (idx=%d bssid=" MACSTR ")", sm->keyidx_active, MAC2STR(sm->bssid)); - if (wpa_sm_set_key(sm, 0, sm->bssid, sm->keyidx_active, 0, NULL, 0, + if (wpa_sm_set_key(sm, 0, peer_addr, sm->keyidx_active, 0, NULL, 0, NULL, 0, KEY_FLAG_PAIRWISE_RX_TX_MODIFY) < 0) { wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: Failed to activate PTK for TX (idx=%d bssid=" From patchwork Thu Aug 25 05:53:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670061 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=bPfKbgLI; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=c8tT/KzU; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCscw0205z1yg7 for ; Thu, 25 Aug 2022 15:55:12 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=CwheYRqNeK3RHINqcEJ7qOmih+bJJcvAT7FIk/emqBE=; b=bPfKbgLIN1+bzh w22o1voOdKhlIphgJf2LUXrhxirB0QOOb0ZmK7M2Qjhg5n8uY7lxdZNC/kfEIvqEj5OHUr+9GwuOc OZlUf2nI9g4XZmij0jJJFQsFb7xT9cwAQC2rxqgYS7MnQ+t5a75uT+CnyNrf19Fo6bJLar1vNqKvj Hq8Ro6lRUwWqkRGsNTMqfEYX8quV240GdFjHenr8pPqmkmhZsB2zgvmjMsFlH4Uqw2H3UBHg/IZkc 8qlfQ0SvWZU6IjuBah30KN/1sfJ39P1F1cj1H6oYsx9RJghGm0EFPkDoO3u9zJn/CiuvUfM2h+y+s PZMZ3i/7HLNcsbm7iDLA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5om-007aun-3b; Thu, 25 Aug 2022 05:54:16 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5o8-007ZEy-1w for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:53:38 +0000 Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P4uTq1017798 for ; Thu, 25 Aug 2022 05:53:35 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=2QNkIXovaz7hXCy5wXZ76fPNEnDxDLbCqrLfwWaOh4w=; b=c8tT/KzUdl4wPCzmAi6GGpFx8pumRarc9SjPyGa80TrOxOldkwJ7rc4IO8mxIfleKl4n 7d7ECFiQQJPQa8UkIFvqY1v+WRtNTZOVdOsGzxoaMXQ7mNFzE2TaLn2PsYUdkXTR3FN/ GJeZxe4PADKUHtT3fm93JJbe4ebxl2HoJpjBkC2Czixil9bBUxoIivImsoe14oUqEtkM 2qDEU7qxaaHq1RlM32dayl3AQbEkWTGQuJ5W6E3PPwzYHHwgMklGBrTDmsEg1yrH3zWm tIsnxfGkDt+mObsbyK3NXO2CLkhrTS1Y9KIwH2H4Isjd6ymha1koyZQnJVMc/lpSa9yw KQ== Received: from nalasppmta03.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j52pqdppe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:35 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA03.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rYPV022325 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:34 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:32 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 07/12] MLD STA: Add support to configure keys with MLO link ID param Date: Thu, 25 Aug 2022 11:23:06 +0530 Message-ID: <20220825055311.3327147-8-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: CCGvo19f4qRXigNeVWPAtykHa_eklc3v X-Proofpoint-GUID: CCGvo19f4qRXigNeVWPAtykHa_eklc3v X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 mlxlogscore=999 bulkscore=0 phishscore=0 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 malwarescore=0 mlxscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225336_240806_FF09D180 X-CRM114-Status: GOOD ( 23.26 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Add APIs to specify link ID for set key operations for MLO connection. Signed-off-by: Veerendranath Jakkam --- src/ap/ap_drv_ops.c | 1 + src/drivers/driver.h | 6 ++++++ src/drivers/driver_nl80211.c | 15 +++++++++++++++ src/rsn_supp/wpa.h | 4 ++ [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Add APIs to specify link ID for set key operations for MLO connection. Signed-off-by: Veerendranath Jakkam --- src/ap/ap_drv_ops.c | 1 + src/drivers/driver.h | 6 ++++++ src/drivers/driver_nl80211.c | 15 +++++++++++++++ src/rsn_supp/wpa.h | 4 ++++ src/rsn_supp/wpa_i.h | 12 ++++++++++++ wpa_supplicant/driver_i.h | 24 ++++++++++++++++++------ wpa_supplicant/wpas_glue.c | 16 ++++++++++++++++ 7 files changed, 72 insertions(+), 6 deletions(-) diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c index 87c3b9006..2102a2898 100644 --- a/src/ap/ap_drv_ops.c +++ b/src/ap/ap_drv_ops.c @@ -716,6 +716,7 @@ int hostapd_drv_set_key(const char *ifname, struct hostapd_data *hapd, params.key_len = key_len; params.vlan_id = vlan_id; params.key_flag = key_flag; + params.link_id = -1; return hapd->driver->set_key(hapd->drv_priv, ¶ms); } diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 3602224b6..9a2d9bbc2 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -1772,6 +1772,12 @@ struct wpa_driver_set_key_params { * %KEY_FLAG_RX_TX * RX/TX key. */ enum key_flag key_flag; + + /** + * link_id - MLO link ID + * + * set to valid link ID (0-14) when applicable, otherwise -1 */ + int link_id; }; enum wpa_driver_if_type { diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index a4675eb1d..af9d53b45 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -3343,6 +3343,7 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss, size_t key_len = params->key_len; int vlan_id = params->vlan_id; enum key_flag key_flag = params->key_flag; + int link_id = params->link_id; /* Ignore for P2P Device */ if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) @@ -3479,6 +3480,13 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss, goto fail; } + if (link_id != -1) { + wpa_printf(MSG_DEBUG, "nl80211: Link ID %d", + link_id); + if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) + goto fail; + } + ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE) ret = 0; @@ -3541,6 +3549,13 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss, goto fail; } + if (link_id != -1) { + wpa_printf(MSG_DEBUG, "nl80211: set_key default - Link ID %d", + link_id); + if (nla_put_u8(msg, NL80211_ATTR_MLO_LINK_ID, link_id)) + goto fail; + } + ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); if (ret) wpa_printf(MSG_DEBUG, diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index a56802b0a..ecfcf277f 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -33,6 +33,10 @@ struct wpa_sm_ctx { const u8 *addr, int key_idx, int set_tx, const u8 *seq, size_t seq_len, const u8 *key, size_t key_len, enum key_flag key_flag); + int (*mlo_set_key)(void *ctx, u8 link_id, enum wpa_alg alg, + const u8 *addr, int key_idx, int set_tx, + const u8 *seq, size_t seq_len, const u8 *key, + size_t key_len, enum key_flag key_flag); void * (*get_network_ctx)(void *ctx); int (*get_bssid)(void *ctx, u8 *bssid); int (*ether_send)(void *ctx, const u8 *dest, u16 proto, const u8 *buf, diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 8bf0f28d8..f60616352 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -259,6 +259,18 @@ static inline int wpa_sm_set_key(struct wpa_sm *sm, enum wpa_alg alg, seq, seq_len, key, key_len, key_flag); } +static inline int wpa_sm_mlo_set_key(struct wpa_sm *sm, u8 link_id, + enum wpa_alg alg, const u8 *addr, + int key_idx, int set_tx, const u8 *seq, + size_t seq_len, const u8 *key, + size_t key_len, enum key_flag key_flag) +{ + WPA_ASSERT(sm->ctx->mlo_set_key); + return sm->ctx->mlo_set_key(sm->ctx->ctx, link_id, alg, addr, key_idx, + set_tx, seq, seq_len, key, key_len, + key_flag); +} + static inline void wpa_sm_reconnect(struct wpa_sm *sm) { WPA_ASSERT(sm->ctx->reconnect); diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h index 0c838d341..841e147e2 100644 --- a/wpa_supplicant/driver_i.h +++ b/wpa_supplicant/driver_i.h @@ -143,12 +143,12 @@ static inline int wpa_drv_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid) return -1; } -static inline int wpa_drv_set_key(struct wpa_supplicant *wpa_s, - enum wpa_alg alg, const u8 *addr, - int key_idx, int set_tx, - const u8 *seq, size_t seq_len, - const u8 *key, size_t key_len, - enum key_flag key_flag) +static inline int wpa_drv_mlo_set_key(struct wpa_supplicant *wpa_s, int link_id, + enum wpa_alg alg, const u8 *addr, + int key_idx, int set_tx, + const u8 *seq, size_t seq_len, + const u8 *key, size_t key_len, + enum key_flag key_flag) { struct wpa_driver_set_key_params params; @@ -163,6 +163,7 @@ static inline int wpa_drv_set_key(struct wpa_supplicant *wpa_s, params.key = key; params.key_len = key_len; params.key_flag = key_flag; + params.link_id = link_id; if (alg != WPA_ALG_NONE) { /* keyidx = 1 can be either a broadcast or--with @@ -183,6 +184,17 @@ static inline int wpa_drv_set_key(struct wpa_supplicant *wpa_s, return -1; } +static inline int wpa_drv_set_key(struct wpa_supplicant *wpa_s, + enum wpa_alg alg, const u8 *addr, + int key_idx, int set_tx, + const u8 *seq, size_t seq_len, + const u8 *key, size_t key_len, + enum key_flag key_flag) +{ + return wpa_drv_mlo_set_key(wpa_s, -1, alg, addr, key_idx, set_tx, + seq, seq_len, key, key_len, key_flag); +} + static inline int wpa_drv_get_seqnum(struct wpa_supplicant *wpa_s, const u8 *addr, int idx, u8 *seq) { diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 2784fb096..62e7e3c5a 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -625,6 +625,21 @@ static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg, } +static int wpa_supplicant_mlo_set_key(void *_wpa_s, u8 link_id, + enum wpa_alg alg, const u8 *addr, + int key_idx, int set_tx, const u8 *seq, + size_t seq_len, const u8 *key, + size_t key_len, enum key_flag key_flag) +{ + struct wpa_supplicant *wpa_s = _wpa_s; + if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) { + /* Clear the MIC error counter when setting a new PTK. */ + wpa_s->mic_errors_seen = 0; + } + return wpa_drv_mlo_set_key(wpa_s, link_id, alg, addr, key_idx, set_tx, seq, + seq_len, key, key_len, key_flag); +} + static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr, int protection_type, int key_type) @@ -1476,6 +1491,7 @@ int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) ctx->deauthenticate = _wpa_supplicant_deauthenticate; ctx->reconnect = _wpa_supplicant_reconnect; ctx->set_key = wpa_supplicant_set_key; + ctx->mlo_set_key = wpa_supplicant_mlo_set_key; ctx->get_network_ctx = wpa_supplicant_get_network_ctx; ctx->get_bssid = wpa_supplicant_get_bssid; ctx->ether_send = _wpa_ether_send; From patchwork Thu Aug 25 05:53:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670062 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=f9DDlmoW; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=CcqSzgpF; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCsdD4S58z1yg7 for ; Thu, 25 Aug 2022 15:55:28 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=xBMhUbj86osqO3PGxyedTKzDqrG/O0oA4Pn9wDaMia0=; b=f9DDlmoW8gFJ0c SvOR0b/QiCFPly+pW4xGGOetRhZ9uamp0Nws+Ei5NrDxL4GnpCLhsTwEmUiu/Fki4x3lkzJUz0/vs 5tSTLw3qIYVDRgue8vLAlkPUX8rRCver6XI6yytP7FYoAZ+eGfDwiiZ95yuaR5IeLpS44hd4Dd1M5 RqlUpHVjQdwlfrxhciakpo10lFXjEYyhaZzG8Pa0EjbyR2wiVLOBTltr46RPy9u0pAihA07E3LggY Uoe7023oQ2TxyJACjfBSpPpvNBo3251Oo8SBoW7dnI8lWNkVmD0Z6hiwT+dLvDRXLNpDHhSBkAxLs 5w2D5FEbfzk4vMv7jHsA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5oz-007bGB-Rv; Thu, 25 Aug 2022 05:54:30 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5o9-007ZKv-SL for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:53:40 +0000 Received: from pps.filterd (m0279871.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P21WCT014840 for ; Thu, 25 Aug 2022 05:53:37 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=9aEiBwTi6lqF9CHFsgICDmNB+LsOs8psoCr/U/nr4eo=; b=CcqSzgpFa/r+GXSCumrZ2XsEhx5W9u9ZHJ1QEpJv/glQAOB0cTdN7UyqdPMZUIdpzHhr BGPWlgFPxz0jqs1ySfFCVQMIZn4XMIYgjatTKu8z7Z6O79+Nki/JbvBReBZb6cIlDw44 QPtle0dQKkAfmLv8dEfm1/rPrPsls9LXrlfUsZBmBCL5eSbPUpMiKjSkAB8lTy5hYFRT hOjT1G6WILs/zQsT+hyNYI4rVTEmPlqRgLoO0IKQbMleV99FCPlEAieG+WPrU2pWOFsN 4SBCMOKWE2HO3LSZkWSaNVHNctVynOnIYp6AVsr/NDbn+3qTWlj6Ll0j/EuRMi7ZVC7P QA== Received: from nalasppmta03.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j5xcugn0q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:36 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA03.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5raIG022335 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:36 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:34 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 08/12] MLD STA: Add support for processing EAPOL 3/4 frame Date: Thu, 25 Aug 2022 11:23:07 +0530 Message-ID: <20220825055311.3327147-9-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: F2wNo8cVI44rJOti_DuS-18g8xJFEjTm X-Proofpoint-ORIG-GUID: F2wNo8cVI44rJOti_DuS-18g8xJFEjTm X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 phishscore=0 adultscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 impostorscore=0 spamscore=0 priorityscore=1501 lowpriorityscore=0 clxscore=1015 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225338_089408_CE99D09E X-CRM114-Status: GOOD ( 28.28 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Process EAPOL 3/4 frame and plumb PTK and per-link GTK/IGTK/BIGTK keys to driver. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 494 ++++++++++++++++++++++++++++++++++++++++++- src/rsn_supp/wpa_i.h | 6 + 2 files changed, 498 insertions(+), 2 [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Process EAPOL 3/4 frame and plumb PTK and per-link GTK/IGTK/BIGTK keys to driver. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 494 ++++++++++++++++++++++++++++++++++++++++++- src/rsn_supp/wpa_i.h | 6 + 2 files changed, 498 insertions(+), 2 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 8ac22eac9..96adc4817 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1203,6 +1203,76 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm, } +static int wpa_supplicant_install_mlo_gtk(struct wpa_sm *sm, u8 link_id, + const struct wpa_gtk_data *gd, + const u8 *key_rsc, int wnm_sleep) +{ + const u8 *_gtk = gd->gtk; + u8 gtk_buf[32]; + + /* Detect possible key reinstallation */ + if ((sm->links[link_id].gtk.gtk_len == (size_t) gd->gtk_len && + os_memcmp(sm->links[link_id].gtk.gtk, gd->gtk, + sm->links[link_id].gtk.gtk_len) == 0) || + (sm->links[link_id].gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len && + os_memcmp(sm->links[link_id].gtk_wnm_sleep.gtk, gd->gtk, + sm->links[link_id].gtk_wnm_sleep.gtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA MLO: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)", + gd->keyidx, gd->tx, gd->gtk_len); + return 0; + } + + wpa_hexdump_key(MSG_DEBUG, "WPA MLO: Group Key", gd->gtk, gd->gtk_len); + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA MLO: Installing GTK to the driver (keyidx=%d tx=%d len=%d)", + gd->keyidx, gd->tx, gd->gtk_len); + wpa_hexdump(MSG_DEBUG, "WPA MLO: RSC", key_rsc, gd->key_rsc_len); + if (sm->group_cipher == WPA_CIPHER_TKIP) { + /* Swap Tx/Rx keys for Michael MIC */ + os_memcpy(gtk_buf, gd->gtk, 16); + os_memcpy(gtk_buf + 16, gd->gtk + 24, 8); + os_memcpy(gtk_buf + 24, gd->gtk + 16, 8); + _gtk = gtk_buf; + } + if (sm->pairwise_cipher == WPA_CIPHER_NONE) { + if (wpa_sm_mlo_set_key(sm, link_id, gd->alg, NULL, gd->keyidx, + 1, key_rsc, gd->key_rsc_len, _gtk, + gd->gtk_len, + KEY_FLAG_GROUP_RX_TX_DEFAULT) < 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA MLO: Failed to set GTK to the driver " + "(Group only)"); + forced_memzero(gtk_buf, sizeof(gtk_buf)); + return -1; + } + } else if (wpa_sm_mlo_set_key(sm, link_id, gd->alg, + broadcast_ether_addr, gd->keyidx, + gd->tx, key_rsc, gd->key_rsc_len, _gtk, + gd->gtk_len, KEY_FLAG_GROUP_RX) < 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA MLO: Failed to set GTK to " + "the driver (alg=%d keylen=%d keyidx=%d)", + gd->alg, gd->gtk_len, gd->keyidx); + forced_memzero(gtk_buf, sizeof(gtk_buf)); + return -1; + } + forced_memzero(gtk_buf, sizeof(gtk_buf)); + + if (wnm_sleep) { + sm->links[link_id].gtk_wnm_sleep.gtk_len = gd->gtk_len; + os_memcpy(sm->links[link_id].gtk_wnm_sleep.gtk, gd->gtk, + sm->links[link_id].gtk_wnm_sleep.gtk_len); + } else { + sm->links[link_id].gtk.gtk_len = gd->gtk_len; + os_memcpy(sm->links[link_id].gtk.gtk, gd->gtk, + sm->links[link_id].gtk.gtk_len); + } + + return 0; +} + + static int wpa_supplicant_gtk_tx_bit_workaround(const struct wpa_sm *sm, int tx) { @@ -1251,6 +1321,82 @@ static int wpa_supplicant_rsc_relaxation(const struct wpa_sm *sm, } +static int _wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm *sm, u8 link_id, + const u8 *gtk, size_t gtk_len, + int key_info) +{ + struct wpa_gtk_data gd; + const u8 *key_rsc; + + /* + * MLO GTK KDE format: + * KeyID[bits 0-1], Tx [bit 2], Reserved [bit 3], link id [4-7] + * PN + * GTK + */ + + os_memset(&gd, 0, sizeof(gd)); + wpa_hexdump_key(MSG_DEBUG, "MLO RSN: received GTK in pairwise handshake", + gtk, gtk_len); + + if (gtk_len < 7 || gtk_len - 7 > sizeof(gd.gtk)) + return -1; + + gd.keyidx = gtk[0] & 0x3; + gtk += 1; + gtk_len -= 1; + + key_rsc = gtk; + + gtk += 6; + gtk_len -= 6; + + os_memcpy(gd.gtk, gtk, gtk_len); + gd.gtk_len = gtk_len; + + if (sm->group_cipher != WPA_CIPHER_GTK_NOT_USED && + (wpa_supplicant_check_group_cipher(sm, sm->group_cipher, + gtk_len, gtk_len, + &gd.key_rsc_len, &gd.alg) || + wpa_supplicant_install_mlo_gtk(sm, link_id, &gd, key_rsc, 0))) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "MLO RSN: Failed to install GTK"); + forced_memzero(&gd, sizeof(gd)); + return -1; + } + forced_memzero(&gd, sizeof(gd)); + + return 0; +} + + +static int wpa_supplicant_pairwise_mlo_gtk(struct wpa_sm *sm, + const struct wpa_eapol_key *key, + struct wpa_eapol_ie_parse *ie, + int key_info) +{ + u8 i; + + for (i = 0; i < MAX_NUM_MLO_LINKS; i++) { + if (!(sm->valid_links & BIT(i))) + continue; + + if (!ie->mlo_gtk[i]) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "MLO RSN: GTK not found for link ID %u", i); + return -1; + } + + if (_wpa_supplicant_pairwise_mlo_gtk(sm, i, ie->mlo_gtk[i], + ie->mlo_gtk_len[i], + key_info)) + return -1; + } + + return 0; +} + + static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, const struct wpa_eapol_key *key, const u8 *gtk, size_t gtk_len, @@ -1421,6 +1567,170 @@ static int wpa_supplicant_install_bigtk(struct wpa_sm *sm, return 0; } +static int wpa_supplicant_install_mlo_igtk(struct wpa_sm *sm, u8 link_id, + const struct wpa_mlo_igtk_kde *igtk, + int wnm_sleep) +{ + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); + u16 keyidx = WPA_GET_LE16(igtk->hdr.keyid); + + /* Detect possible key reinstallation */ + if ((sm->links[link_id].igtk.igtk_len == len && + os_memcmp(sm->links[link_id].igtk.igtk, igtk->igtk, + sm->links[link_id].igtk.igtk_len) == 0) || + (sm->links[link_id].igtk_wnm_sleep.igtk_len == len && + os_memcmp(sm->links[link_id].igtk_wnm_sleep.igtk, igtk->igtk, + sm->links[link_id].igtk_wnm_sleep.igtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)", + keyidx); + return 0; + } + + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: IGTK keyid %d pn " COMPACT_MACSTR, + keyidx, MAC2STR(igtk->hdr.pn)); + wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len); + if (keyidx > 4095) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Invalid IGTK KeyID %d", keyidx); + return -1; + } + if (wpa_sm_mlo_set_key(sm, link_id, + wpa_cipher_to_alg(sm->mgmt_group_cipher), + broadcast_ether_addr, keyidx, 0, igtk->hdr.pn, + sizeof(igtk->hdr.pn), igtk->igtk, len, + KEY_FLAG_GROUP_RX) < 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Failed to configure IGTK to the driver"); + return -1; + } + + if (wnm_sleep) { + sm->links[link_id].igtk_wnm_sleep.igtk_len = len; + os_memcpy(sm->links[link_id].igtk_wnm_sleep.igtk, + igtk->igtk, + sm->links[link_id].igtk_wnm_sleep.igtk_len); + } else { + sm->links[link_id].igtk.igtk_len = len; + os_memcpy(sm->links[link_id].igtk.igtk, igtk->igtk, + sm->links[link_id].igtk.igtk_len); + } + + return 0; +} + + +static int +wpa_supplicant_install_mlo_bigtk(struct wpa_sm *sm, u8 link_id, + const struct wpa_mlo_bigtk_kde *bigtk, + int wnm_sleep) +{ + size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher); + u16 keyidx = WPA_GET_LE16(bigtk->hdr.keyid); + + /* Detect possible key reinstallation */ + if ((sm->links[link_id].bigtk.bigtk_len == len && + os_memcmp(sm->links[link_id].bigtk.bigtk, bigtk->bigtk, + sm->links[link_id].bigtk.bigtk_len) == 0) || + (sm->links[link_id].bigtk_wnm_sleep.bigtk_len == len && + os_memcmp(sm->links[link_id].bigtk_wnm_sleep.bigtk, bigtk->bigtk, + sm->links[link_id].bigtk_wnm_sleep.bigtk_len) == 0)) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: Not reinstalling already in-use BIGTK to the driver (keyidx=%d)", + keyidx); + return 0; + } + + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA: BIGTK keyid %d pn " COMPACT_MACSTR, + keyidx, MAC2STR(bigtk->hdr.pn)); + wpa_hexdump_key(MSG_DEBUG, "WPA: BIGTK", bigtk->bigtk, len); + if (keyidx < 6 || keyidx > 7) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Invalid BIGTK KeyID %d", keyidx); + return -1; + } + if (wpa_sm_mlo_set_key(sm, link_id, + wpa_cipher_to_alg(sm->mgmt_group_cipher), + broadcast_ether_addr, keyidx, 0, bigtk->hdr.pn, + sizeof(bigtk->hdr.pn), bigtk->bigtk, len, + KEY_FLAG_GROUP_RX) < 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA: Failed to configure BIGTK to the driver"); + return -1; + } + + if (wnm_sleep) { + sm->links[link_id].bigtk_wnm_sleep.bigtk_len = len; + os_memcpy(sm->links[link_id].bigtk_wnm_sleep.bigtk, + bigtk->bigtk, + sm->links[link_id].bigtk_wnm_sleep.bigtk_len); + } else { + sm->links[link_id].bigtk.bigtk_len = len; + os_memcpy(sm->links[link_id].bigtk.bigtk, bigtk->bigtk, + sm->links[link_id].bigtk.bigtk_len); + } + + return 0; +} + + +static int _mlo_ieee80211w_set_keys(struct wpa_sm *sm, u8 link_id, + struct wpa_eapol_ie_parse *ie) +{ + size_t len; + + if (!wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) || + sm->mgmt_group_cipher == WPA_CIPHER_GTK_NOT_USED) + return 0; + + if (ie->mlo_igtk[link_id]) { + const struct wpa_mlo_igtk_kde *igtk; + + len = wpa_cipher_key_len(sm->mgmt_group_cipher); + if (ie->mlo_igtk_len[link_id] != + sizeof(struct wpa_mlo_igtk_hdr) + len) + return -1; + + igtk = (const struct wpa_mlo_igtk_kde *) ie->mlo_igtk[link_id]; + if (wpa_supplicant_install_mlo_igtk(sm, link_id, igtk, 0) < 0) + return -1; + } + + if (ie->mlo_bigtk[link_id] && sm->beacon_prot) { + const struct wpa_mlo_bigtk_kde *bigtk; + + len = wpa_cipher_key_len(sm->mgmt_group_cipher); + if (ie->mlo_bigtk_len[link_id] != + sizeof(struct wpa_mlo_bigtk_hdr) + len) + return -1; + + bigtk = (const struct wpa_mlo_bigtk_kde *) ie->mlo_bigtk[link_id]; + if (wpa_supplicant_install_mlo_bigtk(sm, link_id, bigtk, 0) < 0) + return -1; + } + + return 0; +} + + +static int mlo_ieee80211w_set_keys(struct wpa_sm *sm, + struct wpa_eapol_ie_parse *ie) +{ + u8 i; + + for (i = 0; i < MAX_NUM_MLO_LINKS; i++) { + if (!(sm->valid_links & BIT(i))) + continue; + + if (_mlo_ieee80211w_set_keys(sm, i, ie)) + return -1; + } + + return 0; +} + static int ieee80211w_set_keys(struct wpa_sm *sm, struct wpa_eapol_ie_parse *ie) @@ -1782,6 +2092,162 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, } +static void wpa_supplicant_process_mlo_3_of_4(struct wpa_sm *sm, + const struct wpa_eapol_key *key, + u16 ver, const u8 *key_data, + size_t key_data_len) +{ + u16 key_info, keylen; + struct wpa_eapol_ie_parse ie; + + wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); + wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA MLO: RX message 3 of 4-Way " + "Handshake from " MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver); + + key_info = WPA_GET_BE16(key->key_info); + + wpa_hexdump(MSG_DEBUG, "WPA MLO: IE KeyData", key_data, key_data_len); + if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) + goto failed; + + if (ie.mlo_gtk_found && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA MLO: GTK IE in unencrypted key data"); + goto failed; + } + if (ie.mlo_igtk_found && !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA MLO: IGTK KDE in unencrypted key data"); + goto failed; + } + + +#ifdef CONFIG_IEEE80211R + if (wpa_key_mgmt_ft(sm->key_mgmt) && + wpa_supplicant_validate_ie_ft(sm, sm->bssid, &ie) < 0) + goto failed; +#endif /* CONFIG_IEEE80211R */ + + if (os_memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA MLO: ANonce from message 1 of 4-Way Handshake " + "differs from 3 of 4-Way Handshake - drop packet (src=" + MACSTR ")", MAC2STR(sm->bssid)); + goto failed; + } + + keylen = WPA_GET_BE16(key->key_length); + if (keylen != wpa_cipher_key_len(sm->pairwise_cipher)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA MLO: Invalid %s key length %d (src=" MACSTR + ")", wpa_cipher_txt(sm->pairwise_cipher), keylen, + MAC2STR(sm->bssid)); + goto failed; + } + +#ifdef CONFIG_OCV + if (wpa_sm_ocv_enabled(sm)) { + struct wpa_channel_info ci; + + if (wpa_sm_channel_info(sm, &ci) != 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "MLO: Failed to get channel info to validate received OCI in EAPOL-Key 3/4"); + return; + } + + if (ocv_verify_tx_params(ie.oci, ie.oci_len, &ci, + channel_width_to_int(ci.chanwidth), + ci.seg1_idx) != OCI_SUCCESS) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, OCV_FAILURE + "addr=" MACSTR " frame=eapol-key-m3 error=%s", + MAC2STR(sm->bssid), ocv_errorstr); + return; + } + } +#endif /* CONFIG_OCV */ + + if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, + &sm->ptk) < 0) + goto failed; + + /* SNonce was successfully used in msg 3/4, so mark it to be renewed + * for the next 4-Way Handshake. If msg 3 is received again, the old + * SNonce will still be used to avoid changing PTK. */ + sm->renew_snonce = 1; + + if (key_info & WPA_KEY_INFO_INSTALL) { + int res; + + if (sm->use_ext_key_id) + res = wpa_supplicant_activate_ptk(sm); + else + res = wpa_supplicant_install_ptk(sm, key, + KEY_FLAG_RX_TX); + if (res) + goto failed; + } + + if (key_info & WPA_KEY_INFO_SECURE) { + wpa_sm_mlme_setprotection( + sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX, + MLME_SETPROTECTION_KEY_TYPE_PAIRWISE); + eapol_sm_notify_portValid(sm->eapol, true); + } + wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); + + if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { + /* No GTK to be set to the driver */ + } else if (!ie.mlo_gtk_found && sm->proto == WPA_PROTO_RSN) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "MLO RSN: No GTK KDE included in EAPOL-Key msg 3/4"); + goto failed; + } else if (ie.mlo_gtk_found && + wpa_supplicant_pairwise_mlo_gtk(sm, key, &ie, key_info) < 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "MLO RSN: Failed to configure MLO GTKs"); + goto failed; + } + + if (mlo_ieee80211w_set_keys(sm, &ie) < 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "MLO RSN: Failed to configure IGTK"); + goto failed; + } + + if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED || ie.mlo_gtk_found) + wpa_supplicant_key_neg_complete(sm, sm->bssid, + key_info & WPA_KEY_INFO_SECURE); + + if (ie.mlo_gtk_found) + wpa_sm_set_rekey_offload(sm); + + /* Add PMKSA cache entry for Suite B AKMs here since PMKID can be + * calculated only after KCK has been derived. Though, do not replace an + * existing PMKSA entry after each 4-way handshake (i.e., new KCK/PMKID) + * to avoid unnecessary changes of PMKID while continuing to use the + * same PMK. */ + if (sm->proto == WPA_PROTO_RSN && wpa_key_mgmt_suite_b(sm->key_mgmt) && + !sm->cur_pmksa) { + struct rsn_pmksa_cache_entry *sa; + + sa = pmksa_cache_add(sm->pmksa, sm->pmk, sm->pmk_len, NULL, + sm->ptk.kck, sm->ptk.kck_len, + sm->bssid, sm->own_addr, + sm->network_ctx, sm->key_mgmt, NULL); + if (!sm->cur_pmksa) + sm->cur_pmksa = sa; + } + + if (ie.transition_disable) + wpa_sm_transition_disable(sm, ie.transition_disable[0]); + sm->msg_3_of_4_ok = 1; + return; + +failed: + wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED); +} + + static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, const struct wpa_eapol_key *key, u16 ver, const u8 *key_data, @@ -2844,8 +3310,13 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr, if (key_info & (WPA_KEY_INFO_MIC | WPA_KEY_INFO_ENCR_KEY_DATA)) { /* 3/4 4-Way Handshake */ - wpa_supplicant_process_3_of_4(sm, key, ver, key_data, - key_data_len); + if (sm->valid_links) + wpa_supplicant_process_mlo_3_of_4( + sm, key, ver, key_data, key_data_len); + else + wpa_supplicant_process_3_of_4(sm, key, ver, + key_data, + key_data_len); } else { /* 1/4 4-Way Handshake */ wpa_supplicant_process_1_of_4(sm, src_addr, key, @@ -3136,6 +3607,7 @@ void wpa_sm_deinit(struct wpa_sm *sm) void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) { int clear_keys = 1; + int i; if (sm == NULL) return; @@ -3193,6 +3665,14 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid) os_memset(&sm->igtk, 0, sizeof(sm->igtk)); os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); sm->tk_set = false; + for (i = 0; i < MAX_NUM_MLD_LINKS; i++) { + os_memset(&sm->links[i].gtk, 0, sizeof(sm->gtk)); + os_memset(&sm->links[i].gtk_wnm_sleep, 0, + sizeof(sm->gtk_wnm_sleep)); + os_memset(&sm->links[i].igtk, 0, sizeof(sm->igtk)); + os_memset(&sm->links[i].igtk_wnm_sleep, 0, + sizeof(sm->igtk_wnm_sleep)); + } } #ifdef CONFIG_TDLS @@ -4053,6 +4533,8 @@ struct rsn_pmksa_cache_entry * wpa_sm_pmksa_cache_get(struct wpa_sm *sm, void wpa_sm_drop_sa(struct wpa_sm *sm) { + int i; + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: Clear old PMK and PTK"); sm->ptk_set = 0; sm->tptk_set = 0; @@ -4065,6 +4547,14 @@ void wpa_sm_drop_sa(struct wpa_sm *sm) os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep)); os_memset(&sm->igtk, 0, sizeof(sm->igtk)); os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep)); + for (i = 0; i < MAX_NUM_MLD_LINKS; i++) { + os_memset(&sm->links[i].gtk, 0, sizeof(sm->gtk)); + os_memset(&sm->links[i].gtk_wnm_sleep, 0, + sizeof(sm->gtk_wnm_sleep)); + os_memset(&sm->links[i].igtk, 0, sizeof(sm->igtk)); + os_memset(&sm->links[i].igtk_wnm_sleep, 0, + sizeof(sm->igtk_wnm_sleep)); + } #ifdef CONFIG_IEEE80211R os_memset(sm->xxkey, 0, sizeof(sm->xxkey)); sm->xxkey_len = 0; diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index f60616352..abac0a2d3 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -226,6 +226,12 @@ struct wpa_sm { u8 bssid[ETH_ALEN]; u8 *ap_wpa_ie, *ap_rsn_ie, *ap_rsnxe; size_t ap_wpa_ie_len, ap_rsn_ie_len, ap_rsnxe_len; + struct wpa_gtk gtk; + struct wpa_gtk gtk_wnm_sleep; + struct wpa_igtk igtk; + struct wpa_igtk igtk_wnm_sleep; + struct wpa_bigtk bigtk; + struct wpa_bigtk bigtk_wnm_sleep; } links[MAX_NUM_MLD_LINKS]; }; From patchwork Thu Aug 25 05:53:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670069 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=eLLAqxSk; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=ioWonfeo; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCsm53y5Xz1ygm for ; Thu, 25 Aug 2022 16:01:25 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=FhzvQchzqWS2KXsgZHaKBWRHsjGIzkfK1vGWRUb+MTk=; b=eLLAqxSk0sWigD 6DAIIV9U/UTTLPG1/ZdHZupeXqTpN8DlINZBVKjTmkT6oDF+4PZ1uBgRKi6hpHZIVX7+9BC/NhOz0 ruyGdJ/k4Q8R+VdIFmeemZ8U8O96GOD18g6m+ujzY0VB7upbAmp2f2+IIpcTrh77lgo36FKNyzBpV U5+xaKpSerj0F+BvVuJbne4plZPcmSG3xP/ULz5zDuu6BwoHx9fGKgW5CPO10yH8U3y3DSDN5jVJy JH+oRarZTlkBfpSt9FVj4PajLas38OMqRHfRilXRSDkupCl7F1r7tqEsw0MVQxmPJ70W86O9ej3zd T8NAkmSW8q2YeHCiVbBQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5us-007ga3-Cw; Thu, 25 Aug 2022 06:00:34 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5t1-007enn-GE for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:58:41 +0000 Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P5kWNc027940 for ; Thu, 25 Aug 2022 05:58:38 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=zQLaQvAy5GeUj4JoXiTTEjoGRzeyjRcpDLiKl2N9MHA=; b=ioWonfeo3ZBe7oNsZlHoDf1UqZWmmkVEjncfiDRmwKG3vMRlCYj4pO5bRuD3Vo+TUPbr x7zklYR4GT+EMELgcT/m1cTda6BQdazbueTAjV41T0BwvdrhBBA7xN/S8AKsWWLI7oHk YwKxLNwdouYyb5A3XwL5s6sJ1/q5lXiufy/9ruXbaI71xG+gZl+0FTX6BCLY8o0EA+Ps 4hNplNq2EdSJzLH/RWzugPh4TTsW6OK3vxfnqtce9dsVS1SnV4rgIy8dejCcOE1PT7dm TYWcjcMLl8T4Y9pZRhc7rzuYun1Qs4QC+tfUDOVS6DTjfBIoeo3xHxM+3rDvAmcfuQnB fA== Received: from nalasppmta02.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j52pqdpyh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:58:38 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rbcS013433 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:37 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:36 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 09/12] MLD STA: Add support for validating MLO KDEs for 4WHS EAPOL frames Date: Thu, 25 Aug 2022 11:23:08 +0530 Message-ID: <20220825055311.3327147-10-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: gg_A9v5oKL51BETKyPVZO_JSor_Z_as8 X-Proofpoint-GUID: gg_A9v5oKL51BETKyPVZO_JSor_Z_as8 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 mlxlogscore=999 bulkscore=0 phishscore=0 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 malwarescore=0 mlxscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225839_724785_464B90BA X-CRM114-Status: GOOD ( 23.96 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Validate new KDEs defined for MLO connection in EAPOL 1/4 and 3/4 and reject the Four-Way handshake frames if any of the new KDE data is not matching expected key data. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 147 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Validate new KDEs defined for MLO connection in EAPOL 1/4 and 3/4 and reject the Four-Way handshake frames if any of the new KDE data is not matching expected key data. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 147 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 96adc4817..9a4e0ebee 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -785,6 +785,14 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, } } + if (sm->valid_links && + (!ie.mac_addr || ie.mac_addr_len < ETH_ALEN || + os_memcmp(ie.mac_addr, sm->ap_mld_addr, ETH_ALEN))) { + wpa_printf(MSG_INFO, + "RSN MLO: Discard EAPOL-Key msg 1/4 with invalid MAC address KDE"); + return; + } + res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid); if (res == -2) { wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to " @@ -2092,6 +2100,131 @@ int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *dst, } +static int wpa_supplicant_validate_link_kde(struct wpa_sm *sm, + u8 link_id, + const u8 *link_kde, + size_t link_kde_len) +{ + struct wpa_mlo_link_hdr *link_kde_hdr; + size_t rsn_ie_len = 0, rsnxe_len = 0; + const u8 *rsn_ie = NULL, *rsnxe = NULL; + + if (!link_kde || link_kde_len < sizeof(*link_kde_hdr)) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA MLO: Invalid link KDE for link ID %d", + link_id); + return -1; + } + + link_kde_hdr = (struct wpa_mlo_link_hdr *) link_kde; + + if (os_memcmp(sm->links[link_id].bssid, link_kde_hdr->mac, ETH_ALEN)) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA MLO: Link MAC address not matching with assoc response"); + return -1; + } + + if (link_kde_hdr->rsne_present) { + rsn_ie = link_kde + sizeof(*link_kde_hdr); + if (link_kde_len < (sizeof(*link_kde_hdr) + 2) || + link_kde_len < (sizeof(*link_kde_hdr) + 2 + rsn_ie[1])) + return -1; + + rsn_ie_len = rsn_ie[1] + 2; + } + + if (link_kde_hdr->rsnxe_present) { + rsnxe = link_kde + sizeof(*link_kde_hdr) + rsn_ie_len; + if (link_kde_len < (sizeof(*link_kde_hdr) + rsn_ie_len + 2) || + link_kde_len < (sizeof(*link_kde_hdr) + rsn_ie_len + 2 + + rsnxe[1])) + return -1; + + rsnxe_len = rsnxe[1] + 2; + } + + if (sm->links[link_id].ap_rsn_ie == NULL) { + wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA MLO: No RSN IE AP link ID %u known. " + "Trying to get from scan results", link_id); + if (wpa_sm_get_link_beacon_ie(sm, link_id) < 0) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA MLO: Could not find AP from " + "the scan results"); + return -1; + } + wpa_msg(sm->ctx->msg_ctx, MSG_DEBUG, + "WPA MLO: Found the current AP from updated scan results"); + } + + if (rsn_ie == NULL && sm->links[link_id].ap_rsn_ie) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA MLO: IE in 3/4 msg does not match with IE in Beacon/ProbeResp (no IE?) for link ID %u", + link_id); + return -1; + } + + if (rsn_ie && sm->links[link_id].ap_rsn_ie && + wpa_compare_rsn_ie(wpa_key_mgmt_ft(sm->key_mgmt), + sm->links[link_id].ap_rsn_ie, + sm->links[link_id].ap_rsn_ie_len, + rsn_ie, rsn_ie_len)) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA MLO: IE in 3/4 msg does not match with IE in Beacon/ProbeResp for link ID %u", + link_id); + wpa_hexdump(MSG_INFO, "RSNE in Beacon/ProbeResp", + sm->links[link_id].ap_rsnxe, + sm->links[link_id].ap_rsnxe_len); + wpa_hexdump(MSG_INFO, "RSNE in EAPOL-Key msg 3/4", + rsn_ie, rsn_ie_len); + return -1; + } + + if ((sm->links[link_id].ap_rsnxe && !rsnxe) || + (!sm->links[link_id].ap_rsnxe && rsnxe) || + (sm->links[link_id].ap_rsnxe && rsnxe && + (sm->links[link_id].ap_rsnxe_len != rsnxe_len || + os_memcmp(sm->links[link_id].ap_rsnxe, rsnxe, + sm->links[link_id].ap_rsnxe_len) != 0))) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "WPA MLO: RSNXE mismatch between Beacon/ProbeResp and EAPOL-Key msg 3/4 for link ID %u", + link_id); + wpa_hexdump(MSG_INFO, "RSNXE in Beacon/ProbeResp", + sm->links[link_id].ap_rsnxe, + sm->links[link_id].ap_rsnxe_len); + wpa_hexdump(MSG_INFO, "RSNXE in EAPOL-Key msg 3/4", + rsnxe, rsnxe_len); + wpa_sm_deauthenticate(sm, WLAN_REASON_IE_IN_4WAY_DIFFERS); + return -1; + } + + return 0; +} + + +static int wpa_validate_mlo_kdes(struct wpa_sm *sm, + u8 link_id, struct wpa_eapol_ie_parse *ie) +{ + if (ie->mlo_igtk[link_id] && + sm->mgmt_group_cipher != WPA_CIPHER_GTK_NOT_USED && + wpa_cipher_valid_mgmt_group(sm->mgmt_group_cipher) && + ie->mlo_igtk_len[link_id] != sizeof(struct wpa_mlo_igtk_hdr) + + (unsigned int) wpa_cipher_key_len(sm->mgmt_group_cipher)) { + wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, + "WPA MLO: Invalid IGTK KDE length %lu for link ID %u", + (unsigned long) ie->mlo_igtk_len, link_id); + return -1; + } + + if (wpa_supplicant_validate_link_kde(sm, link_id, + ie->mlo_link[link_id], + ie->mlo_link_len[link_id])) + return -1; + + return 0; +} + + static void wpa_supplicant_process_mlo_3_of_4(struct wpa_sm *sm, const struct wpa_eapol_key *key, u16 ver, const u8 *key_data, @@ -2099,6 +2232,7 @@ static void wpa_supplicant_process_mlo_3_of_4(struct wpa_sm *sm, { u16 key_info, keylen; struct wpa_eapol_ie_parse ie; + int i; wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE); wpa_dbg(sm->ctx->msg_ctx, MSG_INFO, "WPA MLO: RX message 3 of 4-Way " @@ -2121,6 +2255,19 @@ static void wpa_supplicant_process_mlo_3_of_4(struct wpa_sm *sm, goto failed; } + if (!ie.mac_addr || ie.mac_addr_len < ETH_ALEN || + os_memcmp(ie.mac_addr, sm->ap_mld_addr, ETH_ALEN)) { + wpa_printf(MSG_DEBUG, "RSN MLO: Invalid MAC address KDE"); + goto failed; + } + + for (i = 0; i < MAX_NUM_MLD_LINKS; i++) { + if (!(sm->valid_links & BIT(i))) + continue; + + if (wpa_validate_mlo_kdes(sm, i, &ie)) + goto failed; + } #ifdef CONFIG_IEEE80211R if (wpa_key_mgmt_ft(sm->key_mgmt) && From patchwork Thu Aug 25 05:53:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670063 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=I2AhTIc2; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=kKRL86Vn; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCsdZ4YyQz1yg7 for ; Thu, 25 Aug 2022 15:55:46 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=AIBm1T60JEbzmD4i91kdPBg/NNkG/0EmJBsV2UVeFpo=; b=I2AhTIc2Np2ipm uaGyyrbFdQVmHoH+3jvud4/L1BEIFlgSK2wyt4bfKbGEknInpXSwFEGQnyN5qR7IrakuIY4z2HW2k rxr6NWFD3lw8KbYC5C5+ONKIUHnARvwSj7DaO92szZaAavTL+Rov+U49Aj9V4josnqHWzz+FSXD9k fvn4s8A0373OpaNKMtxQKdhTjfODRqcuT10UtpeK2zlL8VOJ7bWspJpOv0TENESTUEoO9GhFjPavT ZdOsOJKsEowrX1QA0OFnFq+X3+Rit4ll4YjVaU31ef7ceqNS4EOeBIDiYIBnsESRq7vtYFWgIpZDQ Zv2MYBwesZOV+uqExbig==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5pK-007bdj-Ar; Thu, 25 Aug 2022 05:54:50 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5oC-007ZPj-TN for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:53:42 +0000 Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P4xVr5026303 for ; Thu, 25 Aug 2022 05:53:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=5EfoWEaq6VmsZEzbTqhjTfYFldyWcIlpyJTusOlPbGo=; b=kKRL86VnhWslCPIYMkC7ockaaejCFsSO1gvHIUA16VRTzsQB0viqhI+5DnciC9lPTARW 0HRMrsV2R5kkYpJWoQuPpnMKomXc6QQbqyd1hY0CshIS9zVZPMpIeSHSnDRa63H5wR7R 5OUjSKYksuebrxR/d+RYs6ULOaK7qWsr3D3xeE+3pAzNH49BdyGzT/PX+e/3FXm+44KE oBdyT8UpOXcCaR2jj2HlfyW/2rAFNiV0KBKaXWNelV1VxyKbrUyRca1dIhpCVt/Ums33 sd1v9gJZJCf+fTVn0BCgB1jGiPiwTSRkAlit4xfiqE9EbYPcOJl0K5abloSSFifMfz1w sg== Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j52pqdppm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:40 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rcLk008480 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:38 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:37 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 10/12] MLD STA: Use AP MLD address as destination for 4WHS EAPOL frames Date: Thu, 25 Aug 2022 11:23:09 +0530 Message-ID: <20220825055311.3327147-11-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: T283cvgXrjuOmqtStEM5fHsZGfZ_aVME X-Proofpoint-GUID: T283cvgXrjuOmqtStEM5fHsZGfZ_aVME X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 mlxlogscore=784 bulkscore=0 phishscore=0 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 malwarescore=0 mlxscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225341_101472_74CD6AA3 X-CRM114-Status: GOOD ( 17.98 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Use AP MLD address as destination address for EAPOL Four-Way handshake frames since authenticator/supplicant are operates above MLD. Driver/FW will use RA/TA based on the link used for transmitting th [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Use AP MLD address as destination address for EAPOL Four-Way handshake frames since authenticator/supplicant are operates above MLD. Driver/FW will use RA/TA based on the link used for transmitting the EAPOL frames. Signed-off-by: Veerendranath Jakkam --- src/rsn_supp/wpa.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 9a4e0ebee..4c0d05c7e 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -743,6 +743,8 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, u8 *kde, *kde_buf = NULL; size_t kde_len; size_t mlo_kde_len = 0; + const unsigned char *dst = sm->valid_links ? + sm->ap_mld_addr : sm->bssid; if (encrypted == FRAME_NOT_ENCRYPTED && sm->tk_set && wpa_sm_pmf_enabled(sm)) { @@ -931,7 +933,7 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm, kde_len = pos - kde; } - if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce, + if (wpa_supplicant_send_2_of_4(sm, dst, key, ver, sm->snonce, kde, kde_len, ptk) < 0) goto failed; @@ -2313,7 +2315,7 @@ static void wpa_supplicant_process_mlo_3_of_4(struct wpa_sm *sm, } #endif /* CONFIG_OCV */ - if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info, + if (wpa_supplicant_send_4_of_4(sm, sm->ap_mld_addr, key, ver, key_info, &sm->ptk) < 0) goto failed; From patchwork Thu Aug 25 05:53:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670070 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=Z0/BkKGW; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=aPBxFOCL; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCsmr75TZz1ygm for ; Thu, 25 Aug 2022 16:02:04 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=q5Fnt3AhuueFfFH3dWaGYCYKCBvBzRPkUCkuKtJN0PM=; b=Z0/BkKGW3R3cJk 0fpugdqWNPBVJ/Wa3iLtvjzt9g1B1LvolF3MUVTOFvA1b7tjq9gBFAv1+j4PVVKNMNpZYuSy+7taH r69MrKwS3rpILiBq2eEwA0IxD7TpvLMIq+XtBw+aCGV0dMKsfD7Hk1Sm04Cn8gP6C/pkAlzEPJF+5 yfoEAOKZWkLp+RbrKej+gLzlzgFN9WU+o1SzxwqmbhIm7BGAHICLhQVBQ9vXKXwtmJ0clySLhCEBw bGSp0U6jPOI4qVXh7DmAcbTaw+X5rALn1pxUh0YwF5BdFkeCwMFGzHRGR9CTsz5mouZlWYTiDNTOR wzQvXollVo3jBaJiLnhA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5vX-007hBN-CN; Thu, 25 Aug 2022 06:01:15 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5t4-007eq8-RU for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:58:45 +0000 Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P4UIFu012246 for ; Thu, 25 Aug 2022 05:58:42 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=TNPsa58bp/5D/WDeZlea79j12vIuOKhH3v4Q1fJX19I=; b=aPBxFOCL9xccCtpOrzz4U4/6qyNmBasADyIULLKI7/b/UyFeOls3hQG0IVaCGXPKTMQ6 qbQke7uI0UxsfXHLwIlyponLhBv5aPHXO9d3Pbr2sILlco0SxL7sEcZPMaI+voWQMLcV mnhq/Rkcn0U3Qoi2U6al1bKaqO0DT36Rkt5uUw9yVBWEsuiDstYCJTxXKl4GMOFkmxYg 1cLoRjJmuQGJItff/NSFsBVV3/wsTsda+az2u2ZRNwOSNZut7/4VI0xlc/M1ukupZw1/ CHiCy0g32upaHBg/Au8y0vKSkuCBauqx3LXrHS5ikwN54Cfo+k72I0LeeQyt8mqm4yju pw== Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j52pqdpym-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:58:41 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5reAw031992 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:40 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:39 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 11/12] MLD STA: Add support for SAE external auth support Date: Thu, 25 Aug 2022 11:23:10 +0530 Message-ID: <20220825055311.3327147-12-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: Q9yuBDQ7SlCWtEPFa_CPcO2_s2T-yPfn X-Proofpoint-GUID: Q9yuBDQ7SlCWtEPFa_CPcO2_s2T-yPfn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=0 mlxlogscore=999 bulkscore=0 phishscore=0 spamscore=0 impostorscore=0 clxscore=1015 adultscore=0 malwarescore=0 mlxscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225843_068763_F8EF6EB2 X-CRM114-Status: GOOD ( 30.32 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: - Add basic ML IE in SAE auth frames - Use TA address provided by driver for sending SAE auth frames - Use MLD address for SAE PWE derivation - Allow auth frames with RA address same as TA address pro [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org - Add basic ML IE in SAE auth frames - Use TA address provided by driver for sending SAE auth frames - Use MLD address for SAE PWE derivation - Allow auth frames with RA address same as TA address provided by driver Signed-off-by: Veerendranath Jakkam --- src/drivers/driver.h | 3 + src/drivers/driver_nl80211.h | 1 + src/drivers/driver_nl80211_event.c | 20 ++++++- wpa_supplicant/sme.c | 96 ++++++++++++++++++++++-------- wpa_supplicant/wpa_supplicant_i.h | 2 + 5 files changed, 97 insertions(+), 25 deletions(-) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 9a2d9bbc2..02c6604ce 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2595,6 +2595,8 @@ enum wpa_drv_update_connect_params_mask { * the real status code for failures. Used only for the request interface * from user space to the driver. * @pmkid: Generated PMKID as part of external auth exchange (e.g., SAE). + * @tx_addr: Transmit address to be used for the authentication frames. Optional + * for the request interface. */ struct external_auth { enum { @@ -2607,6 +2609,7 @@ struct external_auth { unsigned int key_mgmt_suite; u16 status; const u8 *pmkid; + const u8 *tx_addr; }; /* enum nested_attr - Used to specify if subcommand uses nested attributes */ diff --git a/src/drivers/driver_nl80211.h b/src/drivers/driver_nl80211.h index 44ac7ea95..773045ca4 100644 --- a/src/drivers/driver_nl80211.h +++ b/src/drivers/driver_nl80211.h @@ -80,6 +80,7 @@ struct i802_bss { struct nl80211_wiphy_data *wiphy_data; struct dl_list wiphy_list; u8 rand_addr[ETH_ALEN]; + u8 ext_auth_rand_addr[ETH_ALEN]; }; struct drv_nl80211_if_info { diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index f756eaa1b..abe944876 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -1206,15 +1206,22 @@ static void mlme_event(struct i802_bss *bss, nl80211_command_to_string(cmd), bss->ifname, MAC2STR(bss->addr), MAC2STR(data + 4), MAC2STR(data + 4 + ETH_ALEN)); + + if (!is_zero_ether_addr(bss->ext_auth_rand_addr) && + os_memcmp(bss->ext_auth_rand_addr, data + 4, ETH_ALEN) == 0) + goto skip_ra_check; + if (cmd != NL80211_CMD_FRAME_TX_STATUS && !(data[4] & 0x01) && os_memcmp(bss->addr, data + 4, ETH_ALEN) != 0 && (is_zero_ether_addr(bss->rand_addr) || os_memcmp(bss->rand_addr, data + 4, ETH_ALEN) != 0) && os_memcmp(bss->addr, data + 4 + ETH_ALEN, ETH_ALEN) != 0) { - wpa_printf(MSG_MSGDUMP, "nl80211: %s: Ignore MLME frame event " + wpa_printf(MSG_MSGDUMP, "nl80211: %s: skip check for Ignore MLME frame event " "for foreign address", bss->ifname); return; } + +skip_ra_check: wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame", nla_data(frame), nla_len(frame)); @@ -2798,6 +2805,17 @@ static void nl80211_external_auth(struct wpa_driver_nl80211_data *drv, event.external_auth.bssid = nla_data(tb[NL80211_ATTR_BSSID]); + if (tb[NL80211_ATTR_MAC]) { + event.external_auth.tx_addr = nla_data(tb[NL80211_ATTR_MAC]); + wpa_printf(MSG_ERROR, "TA addr for external auth: " MACSTR, + MAC2STR(event.external_auth.tx_addr)); + os_memcpy(drv->first_bss->ext_auth_rand_addr, + event.external_auth.tx_addr, + ETH_ALEN); + } else { + os_memset(drv->first_bss->ext_auth_rand_addr, 0, ETH_ALEN); + } + wpa_printf(MSG_DEBUG, "nl80211: External auth action: %u, AKM: 0x%x", event.external_auth.action, diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c index 2dad36ddc..d5f5d1f0d 100644 --- a/wpa_supplicant/sme.c +++ b/wpa_supplicant/sme.c @@ -95,7 +95,9 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, int use_pt = 0; bool use_pk = false; u8 rsnxe_capa = 0; + const u8 *peer_addr = bssid; + wpa_s->sme.ext_ml_auth = false; if (ret_use_pt) *ret_use_pt = 0; if (ret_use_pk) @@ -124,19 +126,6 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, return NULL; } - if (reuse && wpa_s->sme.sae.tmp && - os_memcmp(bssid, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) { - wpa_printf(MSG_DEBUG, - "SAE: Reuse previously generated PWE on a retry with the same AP"); - use_pt = wpa_s->sme.sae.h2e; - use_pk = wpa_s->sme.sae.pk; - goto reuse_data; - } - if (sme_set_sae_group(wpa_s) < 0) { - wpa_printf(MSG_DEBUG, "SAE: Failed to select group"); - return NULL; - } - bss = wpa_bss_get_bssid_latest(wpa_s, bssid); if (!bss) { wpa_printf(MSG_DEBUG, @@ -150,6 +139,27 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX); if (rsnxe && rsnxe[1] >= 1) rsnxe_capa = rsnxe[2]; + + if (external && !is_zero_ether_addr(bss->mld_addr)) { + wpa_printf(MSG_DEBUG, "SAE: AP MLD Addr: " MACSTR, + MAC2STR(bss->mld_addr)); + + wpa_s->sme.ext_ml_auth = true; + peer_addr = bss->mld_addr; + } + } + + if (reuse && wpa_s->sme.sae.tmp && + os_memcmp(peer_addr, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) { + wpa_printf(MSG_DEBUG, + "SAE: Reuse previously generated PWE on a retry with the same AP"); + use_pt = wpa_s->sme.sae.h2e; + use_pk = wpa_s->sme.sae.pk; + goto reuse_data; + } + if (sme_set_sae_group(wpa_s) < 0) { + wpa_printf(MSG_DEBUG, "SAE: Failed to select group"); + return NULL; } if (ssid->sae_password_id && wpa_s->conf->sae_pwe != 3) @@ -190,24 +200,24 @@ static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s, if (use_pt && sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt, - wpa_s->own_addr, bssid, + wpa_s->own_addr, peer_addr, wpa_s->sme.sae_rejected_groups, NULL) < 0) return NULL; if (!use_pt && - sae_prepare_commit(wpa_s->own_addr, bssid, + sae_prepare_commit(wpa_s->own_addr, peer_addr, (u8 *) password, os_strlen(password), &wpa_s->sme.sae) < 0) { wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); return NULL; } if (wpa_s->sme.sae.tmp) { - os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN); + os_memcpy(wpa_s->sme.sae.tmp->bssid, peer_addr, ETH_ALEN); if (use_pt && use_pk) wpa_s->sme.sae.pk = 1; #ifdef CONFIG_SAE_PK os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr, ETH_ALEN); - os_memcpy(wpa_s->sme.sae.tmp->peer_addr, bssid, ETH_ALEN); + os_memcpy(wpa_s->sme.sae.tmp->peer_addr, peer_addr, ETH_ALEN); sae_pk_set_password(&wpa_s->sme.sae, password); #endif /* CONFIG_SAE_PK */ } @@ -1041,11 +1051,26 @@ void sme_authenticate(struct wpa_supplicant *wpa_s, #ifdef CONFIG_SAE +#define WPA_AUTH_FRAME_ML_IE_LEN (6+ETH_ALEN) + +static void wpa_auth_ml_ie(struct wpabuf *buf, const u8 *mld_addr) +{ + + wpabuf_put_u8(buf, WLAN_EID_EXTENSION); + wpabuf_put_u8(buf, WPA_AUTH_FRAME_ML_IE_LEN -2); + wpabuf_put_u8(buf, WLAN_EID_EXT_MULTI_LINK); + wpabuf_put_u8(buf, 0x0); + wpabuf_put_u8(buf, 0x0); + wpabuf_put_u8(buf, 0x7); + wpabuf_put_data(buf, mld_addr, ETH_ALEN); +} + + static int sme_external_auth_build_buf(struct wpabuf *buf, struct wpabuf *params, const u8 *sa, const u8 *da, u16 auth_transaction, u16 seq_num, - u16 status_code) + u16 status_code, const u8 *mld_addr) { struct ieee80211_mgmt *resp; @@ -1064,10 +1089,17 @@ static int sme_external_auth_build_buf(struct wpabuf *buf, if (params) wpabuf_put_buf(buf, params); + if(mld_addr) { + wpa_auth_ml_ie(buf, mld_addr); + wpa_hexdump(MSG_DEBUG, "ML Auth Frame", wpabuf_head(buf), + wpabuf_len(buf)); + } + return 0; } + static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s, const u8 *bssid, struct wpa_ssid *ssid) @@ -1085,7 +1117,9 @@ static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s, } wpa_s->sme.sae.state = SAE_COMMITTED; - buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + wpabuf_len(resp)); + buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + wpabuf_len(resp) + + (wpa_s->sme.ext_ml_auth ? + WPA_AUTH_FRAME_ML_IE_LEN : 0)); if (!buf) { wpabuf_free(resp); return -1; @@ -1098,8 +1132,10 @@ static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s, status = WLAN_STATUS_SAE_HASH_TO_ELEMENT; else status = WLAN_STATUS_SUCCESS; - sme_external_auth_build_buf(buf, resp, wpa_s->own_addr, - bssid, 1, wpa_s->sme.seq_num, status); + sme_external_auth_build_buf(buf, resp, wpa_s->sme.ext_auth_tx_addr, + bssid, 1, wpa_s->sme.seq_num, status, + wpa_s->sme.ext_ml_auth ? + wpa_s->own_addr : NULL); wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0); wpabuf_free(resp); wpabuf_free(buf); @@ -1160,16 +1196,20 @@ static void sme_external_auth_send_sae_confirm(struct wpa_supplicant *wpa_s, } wpa_s->sme.sae.state = SAE_CONFIRMED; - buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN + wpabuf_len(resp)); + buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN + wpabuf_len(resp) + + (wpa_s->sme.ext_ml_auth ? WPA_AUTH_FRAME_ML_IE_LEN : 0)); if (!buf) { wpa_printf(MSG_DEBUG, "SAE: Auth Confirm buf alloc failure"); wpabuf_free(resp); return; } wpa_s->sme.seq_num++; - sme_external_auth_build_buf(buf, resp, wpa_s->own_addr, + sme_external_auth_build_buf(buf, resp, wpa_s->sme.ext_auth_tx_addr, da, 2, wpa_s->sme.seq_num, - WLAN_STATUS_SUCCESS); + WLAN_STATUS_SUCCESS, + wpa_s->sme.ext_ml_auth ? + wpa_s->own_addr : NULL); + wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0); wpabuf_free(resp); wpabuf_free(buf); @@ -1183,11 +1223,19 @@ void sme_external_auth_trigger(struct wpa_supplicant *wpa_s, RSN_AUTH_KEY_MGMT_SAE) return; + if (!data->external_auth.tx_addr) + data->external_auth.tx_addr = wpa_s->own_addr; + + wpa_printf(MSG_DEBUG, "SAE: External auth transmit address " MACSTR, + MAC2STR(data->external_auth.tx_addr)); + if (data->external_auth.action == EXT_AUTH_START) { if (!data->external_auth.bssid || !data->external_auth.ssid) return; os_memcpy(wpa_s->sme.ext_auth_bssid, data->external_auth.bssid, ETH_ALEN); + os_memcpy(wpa_s->sme.ext_auth_tx_addr, data->external_auth.tx_addr, + ETH_ALEN); os_memcpy(wpa_s->sme.ext_auth_ssid, data->external_auth.ssid, data->external_auth.ssid_len); wpa_s->sme.ext_auth_ssid_len = data->external_auth.ssid_len; diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 0ee4c01f9..e881ce1b5 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -1024,6 +1024,8 @@ struct wpa_supplicant { u8 ext_auth_bssid[ETH_ALEN]; u8 ext_auth_ssid[SSID_MAX_LEN]; size_t ext_auth_ssid_len; + u8 ext_auth_tx_addr[ETH_ALEN]; + bool ext_ml_auth; int *sae_rejected_groups; #endif /* CONFIG_SAE */ } sme; From patchwork Thu Aug 25 05:53:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Veerendranath Jakkam X-Patchwork-Id: 1670064 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=IgPhCU/u; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=quicinc.com header.i=@quicinc.com header.a=rsa-sha256 header.s=qcppdkim1 header.b=PAzztKHZ; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4MCsfY2qlMz1yg7 for ; Thu, 25 Aug 2022 15:56:37 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=JMCPqvf0k/mX7736CIFvfinrnKDE+eC1Lw92wrm6nZY=; b=IgPhCU/ukpaJKi y7xJPanHRTqoxfJBTXK3lnGasFnRGRJLlco4HamhYkZtZQiSNXGxbOAVoJvmeKnigPEmHV9PcTIwL q9Wt0NkD3o9WQimgbYWisv+T1K12/W1lBw6e+KH4rGFfpc8B7jRCxbFi5twE9eVcHql8MlflT5oDO tCGzSDP8iKbkQyfq2sIdJAfgJZJjRcHi5Tn7v7LkoYL087W6B7lEJuNny/Kma5VddC9MxCb6D0Iky sX3L+psRgTSVsNWjglM2zFOdz2HGlSuFb4jOsIR2yjHar7WnhxBhQe3GGxw6oxzehIduMYkF1fpzv Q3A7ilqu7pIipN6hHfAw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5px-007cNW-6Y; Thu, 25 Aug 2022 05:55:29 +0000 Received: from mx0b-0031df01.pphosted.com ([205.220.180.131]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oR5oG-007ZYX-8F for hostap@lists.infradead.org; Thu, 25 Aug 2022 05:53:45 +0000 Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27P4R2hC010170 for ; Thu, 25 Aug 2022 05:53:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=qcppdkim1; bh=VG6ehcJiOAo7oyyzE/Zr4kM3hKku3fBnQt4LCrgFhos=; b=PAzztKHZqkXprPlqpVbGz1g0IuJbEK8y3uTYax6BGAeXnhBHAzJcxVdxLgZSY3qWc0EX uB1HVMckNZxjFdKLN2c3uJOtQh6MEaH3HveHjVxjEzjMUg0oYBgpezpotz4tKezRetuk GEqvIXO0mobgjarVR+gAWWVZHP/2oG63jz6wl+rFs+AhBYUFAUQyNmHuCoK8q5/Xfr3R vPCXVL0sXhjfGXfVED6CpACTt6Z0Af88IVWYifkRMQiqJXcuA0VkJlRnfO6mbC20oxTC GJ2s4jbFq/KLgLhnwHCN8xVaz6DeLX08cE+n9GHkkAscLiaNcr3cwbxx9skIyLbfNfR3 RQ== Received: from nalasppmta02.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3j5w5jgspt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:43 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA02.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 27P5rgf7013447 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Aug 2022 05:53:42 GMT Received: from cnss-mw-linux.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 24 Aug 2022 22:53:41 -0700 From: Veerendranath Jakkam To: CC: Subject: [PATCH 12/12] MLD STA: Indicate MLO support for security modes to driver's SME Date: Thu, 25 Aug 2022 11:23:11 +0530 Message-ID: <20220825055311.3327147-13-quic_vjakkam@quicinc.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> References: <20220825055311.3327147-1-quic_vjakkam@quicinc.com> MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-ORIG-GUID: wzl5xe1G-g4Y9kBOyaOPxoR5_CR-b5IQ X-Proofpoint-GUID: wzl5xe1G-g4Y9kBOyaOPxoR5_CR-b5IQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-25_03,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxlogscore=999 impostorscore=0 suspectscore=0 adultscore=0 priorityscore=1501 clxscore=1015 phishscore=0 mlxscore=0 spamscore=0 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208250020 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220824_225344_452086_FF98C435 X-CRM114-Status: GOOD ( 16.44 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Send NL80211_ATTR_MLO_SUPPORT flag in NL80211_CMD_CONNECT for all security modes. Signed-off-by: Veerendranath Jakkam --- src/drivers/driver_nl80211.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [205.220.180.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Send NL80211_ATTR_MLO_SUPPORT flag in NL80211_CMD_CONNECT for all security modes. Signed-off-by: Veerendranath Jakkam --- src/drivers/driver_nl80211.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index af9d53b45..f19b97d1e 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -6482,14 +6482,7 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT)) return -1; - /* - * Indicate driver's SME to enable MLO connection only for non-WPA open - * connections. - */ - if ((!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) && - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->pairwise_suite == WPA_CIPHER_NONE && - params->group_suite == WPA_CIPHER_NONE && + if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME) && nla_put_flag(msg, NL80211_ATTR_MLO_SUPPORT)) return -1;