From patchwork Sun Apr 21 12:50:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637333
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A5EB0C8DE
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:52:26 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.181
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713703947; cv=none;
 b=izAFIXkL5OdLFFtSbZQ9AY+BpRLi/IGYNlQDgAFzsfD3EV3z1F3D0bgpY2+TPTHmQ5JpgWNEZ6iuai9aMuDQQPoasF4A4em0FhwuK0RkJsLuRa1kbx07cBGwAxE1v9f8fPHwHFGTbE7V+ddl8meCyZfrjZEfzYNUFBLCAhOyG1U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713703947; c=relaxed/simple;
	bh=w3TKeFM1KimJ4aJWJglCBsRkmLbYuLakaPCjm8K13+I=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=Zw9+x02WkaMJTuFqX1IYoBL1lI61JsyN3SOLTUPVwxjGeBqzGpWc8pvKVPvi2Fn2ciIO/uPQ0VJ7igL6IGbBO2cKU7a8XnreQMzMweGjeaGGxRMWjrW0WnH/0FcaLPp4regFdPcL8jS1NZ6NzqGSij1keIM7r2fDJKMxOg0K/vo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=FdbsUIoe; arc=none smtp.client-ip=209.85.210.181
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="FdbsUIoe"
Received: by mail-pf1-f181.google.com with SMTP id
 d2e1a72fcca58-6f0aeee172dso1674899b3a.1
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:52:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713703946; x=1714308746;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=T0w0cZSMYhki2e5Ps51YDWTfICjiJNw9DXP+Y8XATlU=;
        b=FdbsUIoe5S3DIjM36gCk11nlwRoroSuHOI6L7OUuMtOOvoZJpBEKbVvd8cTFUEjs76
         tFAbirnBloq2Y6xwAmoSJtWsnhZM4gxog8O3c9Q95dg7En5DuYb4sBLx8TEQvXFbL2BF
         ILM2lZTTtY47uvN4y7u0pUYqxsbU5gNI0IY1M6VAmUZnyZQdUohIvoFAjibsqdeT/iex
         8hxNtSo8L+NsZkdT4Wv4DfS49DbUHnXeao7elLNcroNq7Anw4epsvnFQOJmD1183YKcZ
         taTdjCjN3Bif/Kwm7cG/0O+bOpmCwQOzkv/GeQYP+OGgzSW+bHy6HHx1jSgQ+RorICx0
         HEbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713703946; x=1714308746;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=T0w0cZSMYhki2e5Ps51YDWTfICjiJNw9DXP+Y8XATlU=;
        b=wCVOiEbrenPprYv4S/bYJLRfPbpJpTziJlaUJTxVHbRais3QwQxXcJlkAs/cxrbdF9
         2abqBzA4UbA1xGd4rLWj1EGWbbXfEuDdiiWTRmINZ9ybRu7IA0sAvy+OGa/5FOdLMUde
         C20hV7/NHsSoXQ7d68Uy36i+d1nb4pnIWHUVcZN0W/iFabCOoyksL2FxLYy32XE6IwXx
         v9mqpOC7UrIY/yUKiRIzkRbKl/PmqifGC1PS5Ab68B6242DXHxoWvhXILerRTacFC/YJ
         Dm/mScBi5HLDmU7OdKGJInKehHFobB6sc/10iLbh0zCzeuY7mKZSgqHuDbZTllO8Lmrq
         jfaQ==
X-Gm-Message-State: AOJu0YzAzNzLIAJpAgoXJ9fRrdKQCiKWCVYNKiIDG0Hld7Hr2kbnbFc4
	VQEvHCW3r82FCVLnzP9Cv3n7MsImAo3lKFKc7iLPryxXcQIlUNUaTD+pWHvWsSo=
X-Google-Smtp-Source: 
 AGHT+IEFUs6mlsuA/naGlylsBRThPGL6ssZA2VDLpGKNmtgSIIOvs4zBpojm4wZDpKxGXWTU7EJyyQ==
X-Received: by 2002:a05:6a00:189b:b0:6ea:f05c:5c16 with SMTP id
 x27-20020a056a00189b00b006eaf05c5c16mr11076255pfh.5.1713703945742;
        Sun, 21 Apr 2024 05:52:25 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 fh9-20020a056a00390900b006ecf1922df7sm6102706pfb.36.2024.04.21.05.52.24
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:52:25 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 01/11] ap: ability to advertise PSK and SAE
Date: Sun, 21 Apr 2024 05:50:31 -0700
Message-ID: <20240421125050.6649-2-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

Add the configuration option AKMSuites under Security so it becomes
possible to support both PSK and SAE. This influences the advertised
AKMs in the beacon.
---
 src/ap.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/ap.c b/src/ap.c
index b4e7593e..d50f9e4f 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -80,6 +80,7 @@ struct ap_state {
 
 	unsigned int ciphers;
 	enum ie_rsn_cipher_suite group_cipher;
+	unsigned int akm_suites;
 	uint32_t beacon_interval;
 	struct l_uintset *rates;
 	uint32_t start_stop_cmd_id;
@@ -631,7 +632,7 @@ static void ap_drop_rsna(struct sta_state *sta)
 static void ap_set_rsn_info(struct ap_state *ap, struct ie_rsn_info *rsn)
 {
 	memset(rsn, 0, sizeof(*rsn));
-	rsn->akm_suites = IE_RSN_AKM_SUITE_PSK;
+	rsn->akm_suites = ap->akm_suites;
 	rsn->pairwise_ciphers = ap->ciphers;
 	rsn->group_cipher = ap->group_cipher;
 }
@@ -3620,6 +3621,7 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config,
 	size_t len;
 	L_AUTO_FREE_VAR(char *, strval) = NULL;
 	_auto_(l_strv_free) char **ciphers_str = NULL;
+	_auto_(l_strv_free) char **akms_str = NULL;
 	uint16_t cipher_mask;
 	int err;
 	int i;
@@ -3838,6 +3840,28 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config,
 		ap->ciphers |= cipher;
 	}
 
+	akms_str = l_settings_get_string_list(config, "Security",
+						"AKMSuites", ',');
+	for (i = 0; akms_str && akms_str[i]; i++) {
+		if (!strcmp(akms_str[i], "PSK"))
+			ap->akm_suites |= IE_RSN_AKM_SUITE_PSK;
+		else if (!strcmp(akms_str[i], "SAE"))
+			ap->akm_suites |= IE_RSN_AKM_SUITE_SAE_SHA256;
+		else {
+			l_warn("Unsupported or unknown AKM suite %s",
+					akms_str[i]);
+			return -ENOTSUP;
+		}
+	}
+
+	if (ap->akm_suites == 0) {
+		/*
+		 * Default behavior if no AKMs are specified but a passphrase
+		 * is to only enable PSK == WPA2.
+		 */
+		 ap->akm_suites |= IE_RSN_AKM_SUITE_PSK;
+	}
+
 	if (!ap->ciphers) {
 		/*
 		 * Default behavior if no ciphers are specified, disable TKIP

From patchwork Sun Apr 21 12:50:32 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637334
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40942C8DE
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:52:32 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.179
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713703953; cv=none;
 b=l+ErKnn7S0zwZghDm65eEaJF3bvrUHfBqW/lEsIr4+B2JmTAFg1gMfvQ0ffBifsZkvBz+adyxdb4v2x+BSPnK1SrOazvg+s5rK/pgKD4dfvAZtNKbO8B1bQHXmdWsmuoXLv3h8I/znccJgcslcqvsRyybuNFP1+zr/+Rqfcsj7U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713703953; c=relaxed/simple;
	bh=ZH5x9ATGv2Xx/ubGDt4J9KfabwYuBMBME0PJ2i2205o=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=tD641x2ayJ9w2D3NBHFXo+4vvFoT+oAPa+SwkNDJBkF09nc9+zWLlMPzLQVduk/nz1heEf9IaoqhbyKbGDGO0jOpNc3iQzUYH38o/RhVQVfeM1gH5eXjfa0T9woPjxTgbb/9+nkQBK7uGl3olL8UpG2J1vsFlBLXpNzDAkenz3k=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=PcPyMEcz; arc=none smtp.client-ip=209.85.210.179
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="PcPyMEcz"
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-6f28bb6d747so342376b3a.3
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:52:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713703951; x=1714308751;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=+lB//zIMayDnKBIFfFR1upol5JgGtsL17HmLjVPPniA=;
        b=PcPyMEczJpwissdb/5DQawRnY3HC0T2CBnu4Mce8N9SX2wFjJu6uey4yneXWflMgUi
         Dm+/IQOnJ8KjI1jdni1Iwhut3nIjY/ncFYKbD62a6LXVFa0qZItM2jBhaouuQhIw0s+i
         RL6Awz7gVg3iF4yCwUgLdaRhnC6CQ1uz+XS8b1qMXzTzHDR4PgJYOBADKGuCT8tkiSmC
         cBm3g2GJOSPorsYpAiTiu+TGwG/skuFEvx1OG4jfzg2bNAeMA0uqE5agyC08CdlWc/5F
         RLuyyXEqWtO5Iz3pyc0WPDq/LqX7IOVa855U2zjF+Bzsq7tYRwHdJ+fKPOD44na6F4ds
         0hzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713703951; x=1714308751;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+lB//zIMayDnKBIFfFR1upol5JgGtsL17HmLjVPPniA=;
        b=U901kor23l/EDh9dLAo4II/VjAaG6PdKVVhT5OyfVnCaBn9OAbXGwS/6Aj6D4KYAGc
         0sqvQIFgLKEV4R+I1AGPwAGnnmZAz0Sb1S4yiGE1VCT+UufOA+l4wYvLIrC/FCX6GDBA
         3g8J4eoS/sP9EerlBtafLWvacOXjP8dIwziYKLvHfVtowD4suCv0C+BbujTk7IkOnMLa
         GELBqEwnOeuNZP8aWZXim3NP69GhABxN0e2dUpDCH6t4n/yopIA3V5LDaXPq62Nh70ls
         U7nI8Qe4KRfJqxCKxbCn1cYc7fquVX6hk6BuCPbGMGUHlqtCqT/z9/5VML+CwRW+sJeD
         9iRg==
X-Gm-Message-State: AOJu0YzAaK3qeHiEwThDbY5l87YfMQWBlHWLgC7qK9jiwjdYNfVVIGTr
	7MgvHWP5rKjbVcldw8+nl6BOTwH/QxJxkXwF2+vTqaUW8/aaE67ORvoHyzglynk=
X-Google-Smtp-Source: 
 AGHT+IFNjmPv30b0UOzFHuXSnqbzteGyS0BCTtuhgsWKMRfT/6HlJ0v8Urnw+wXqJj/sI1ESxyCZWg==
X-Received: by 2002:a05:6a21:8015:b0:1a9:8152:511c with SMTP id
 ou21-20020a056a21801500b001a98152511cmr5888735pzb.62.1713703951392;
        Sun, 21 Apr 2024 05:52:31 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 e7-20020a17090a77c700b002a55d8a99d5sm7538838pjs.22.2024.04.21.05.52.30
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:52:31 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 02/11] ap: accept PSK/SAE in auth depending on config
Date: Sun, 21 Apr 2024 05:50:32 -0700
Message-ID: <20240421125050.6649-3-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

On reception of an authentication frame, accept both PSK and SAE as AKM
depending on the config. Save the client's AKM for later use.
---
 src/ap.c | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/ap.c b/src/ap.c
index d50f9e4f..14268551 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -132,6 +132,7 @@ struct sta_state {
 	uint8_t *assoc_ies;
 	size_t assoc_ies_len;
 	uint8_t *assoc_rsne;
+	enum ie_rsn_akm_suite akm_suite;
 	struct eapol_sm *sm;
 	struct handshake_state *hs;
 	uint32_t gtk_query_cmd_id;
@@ -2606,6 +2607,7 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body,
 	const uint8_t *from = hdr->address_2;
 	const uint8_t *bssid = netdev_get_address(ap->netdev);
 	struct sta_state *sta;
+	enum ie_rsn_akm_suite akm_suite;
 
 	l_info("AP Authentication from %s", util_address_to_string(from));
 
@@ -2627,17 +2629,27 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body,
 		}
 	}
 
-	/* Only Open System authentication implemented here */
-	if (L_LE16_TO_CPU(auth->algorithm) !=
-			MMPDU_AUTH_ALGO_OPEN_SYSTEM) {
+	if ((ap->akm_suites & IE_RSN_AKM_SUITE_SAE_SHA256) &&
+	    (L_LE16_TO_CPU(auth->algorithm) == MMPDU_AUTH_ALGO_SAE) ) {
+		/* When using SAE it must be COMMIT or CONFIRM frame */
+		if (L_LE16_TO_CPU(auth->transaction_sequence) > 2) {
+			ap_auth_reply(ap, from, MMPDU_REASON_CODE_UNSPECIFIED);
+			return;
+		}
+		akm_suite = IE_RSN_AKM_SUITE_SAE_SHA256;
+	} else if ((ap->akm_suites & IE_RSN_AKM_SUITE_PSK) &&
+		   (L_LE16_TO_CPU(auth->algorithm) == MMPDU_AUTH_ALGO_OPEN_SYSTEM) ) {
+		/* When using PSK it must be Open System authentication */
+		if (L_LE16_TO_CPU(auth->transaction_sequence) != 1) {
+			ap_auth_reply(ap, from, MMPDU_REASON_CODE_UNSPECIFIED);
+			return;
+		}
+		akm_suite = IE_RSN_AKM_SUITE_PSK;
+	} else {
 		ap_auth_reply(ap, from, MMPDU_REASON_CODE_UNSPECIFIED);
 		return;
 	}
 
-	if (L_LE16_TO_CPU(auth->transaction_sequence) != 1) {
-		ap_auth_reply(ap, from, MMPDU_REASON_CODE_UNSPECIFIED);
-		return;
-	}
 
 	sta = l_queue_find(ap->sta_states, ap_sta_match_addr, from);
 
@@ -2666,6 +2678,8 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body,
 	if (!ap->sta_states)
 		ap->sta_states = l_queue_new();
 
+	sta->akm_suite = akm_suite;
+
 	l_queue_push_tail(ap->sta_states, sta);
 
 	/*

From patchwork Sun Apr 21 12:50:33 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637335
Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com
 [209.85.214.176])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 62E1E12E5D
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:52:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.176
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713703959; cv=none;
 b=P1XxEHeeBdZWpgZXNKY2oqEMUKKgRGno1O7RRqwsad04FJwUzXbhaX00xENiHeOeAoY7Thud18RZT/fZsokoDvv6+UksDvJAoAlghGlgiavDo9y8qhCqDGWLNo6tNTZgnLjcPPh+iZbhrRIbS3Rq/tTbPejB3ZzKqaH9WphKTIc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713703959; c=relaxed/simple;
	bh=XS3N9TXiZR2t9btDNSsbSR2l4D53tczUBHoPxliL248=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=D5Fi/LLKn4AjUs9IBeGJUsUgG849k5ANt8t0mbxrnf9nYvnysN6z88XGD8EWt9l3mnW9baKl7RQm2IZ9gdPSmw0MCPP8rfCqRHcgL9rI6huUHp+wZTwFp4exSZZQGhk0aeuk91Ny/TdYHsFD/fTnjikX0HY1rReiJd8r7OY9ujc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=ZLHg00z2; arc=none smtp.client-ip=209.85.214.176
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="ZLHg00z2"
Received: by mail-pl1-f176.google.com with SMTP id
 d9443c01a7336-1e3f17c64daso23446665ad.3
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:52:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713703957; x=1714308757;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=qizgE6fsw46paMjka8kiwSg1lVdq4XDQntLc2mKU4Bw=;
        b=ZLHg00z2faxtzxfEAWqIiJSc0hQ7T6tkEFLtAA7QO13VvrdVrN9ktSXbne2m7nYYvc
         uNObK4cReumkOyqsKkOS+wxXtpW7V7E3FmuNewABUzRzGeXtYS4Q/V1AwzS2EakLny/1
         NUHeooTAg/mGVZ2tWvwQnmWZ4bb9kQ8nxjix2nvdqoJJUpSaiAywFzsZRB6bl88b4TAy
         dgJdK8I5PIs0GPm4LzF/VAX38RQ4d1NIa1/6Iq/0c0BcqrOrc3MNqFoYl/bBUVpKq26E
         mKuJKvdLpDNPferiJbl4Tj36OOsweTB9oIk9eHFMWUMHc1iRBFkQmXuuHYWYiDCXv5p1
         rngA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713703957; x=1714308757;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=qizgE6fsw46paMjka8kiwSg1lVdq4XDQntLc2mKU4Bw=;
        b=dKwOlYQ2O6YYO+Yd6diCqzuA0UJZuOPIcDCtze0tg1Fq4hHys8qFap74fmfOsKOVV+
         4X3VfCPCTb9Ptbcm5uK/hv3mzBT0tbFGtLuoaqYAuzpo/oeub08PezlZqeJP0IIz0tfE
         gQeK7svpQcfxB22IGh1gf3FkCkpPPiCI4bIvaSNo37mf3wQK833HK3KUTpBggGDOnyz7
         Sobn+Hos7oMmhfDBbx4FfBHrb7R6Xp37Pqcg/xkQwjKiM+ZfkSAFi8r/OXQxlq99McOx
         f/ETo/d1PQHAHpS17G+k9v4ehWla+fCq58wahlyBMuK1ec/vg5Umv/iE5cGPPHa72VSS
         gujQ==
X-Gm-Message-State: AOJu0Yy1WjjObR5NdWTQvIZIzcXm/FHiPqPuY5E1/eDkkAV8+OYhkgzK
	dg9ops7JDy5vRxFlxVFKGlBVTAgwdwtLnLJ/N7S7U6h4tzx6OnYkJI2pJ11Xdnk=
X-Google-Smtp-Source: 
 AGHT+IG6StZmp1j0W5Kk8uMuIu0PYNVDF7wFcD7sZpqF+62fCq6vZvjHNOCJyNWy/orEjemhn1iukw==
X-Received: by 2002:a17:902:8210:b0:1e5:c0ee:a7f5 with SMTP id
 x16-20020a170902821000b001e5c0eea7f5mr6522751pln.24.1713703957438;
        Sun, 21 Apr 2024 05:52:37 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 u8-20020a170902e5c800b001e420abf8c1sm6303975plf.165.2024.04.21.05.52.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:52:37 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 03/11] sae: add function sae_set_group
Date: Sun, 21 Apr 2024 05:50:33 -0700
Message-ID: <20240421125050.6649-4-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

Refactor code by adding function sae_set_group. This will make the next
commits easier where basic SAE support for APs is added.
---
 src/sae.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/sae.c b/src/sae.c
index bf9fb0ff..c133386f 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -148,6 +148,16 @@ static void sae_reset_state(struct sae_sm *sm)
 	sm->pwe = NULL;
 }
 
+static int sae_set_group(struct sae_sm *sm, int group)
+{
+	sae_debug("Using group %u", group);
+
+	sm->group = group;
+	sm->curve = l_ecc_curve_from_ike_group(group);
+
+	return 0;
+}
+
 static int sae_choose_next_group(struct sae_sm *sm)
 {
 	const unsigned int *ecc_groups = l_ecc_supported_ike_groups();
@@ -166,9 +176,7 @@ static int sae_choose_next_group(struct sae_sm *sm)
 		sae_debug("Forcing default SAE group 19");
 
 		sm->group_retry++;
-		sm->group = 19;
-
-		goto get_curve;
+		return sae_set_group(sm, 19);
 	}
 
 	do {
@@ -182,14 +190,7 @@ static int sae_choose_next_group(struct sae_sm *sm)
 	if (reset)
 		sae_reset_state(sm);
 
-	sm->group = ecc_groups[sm->group_retry];
-
-get_curve:
-	sae_debug("Using group %u", sm->group);
-
-	sm->curve = l_ecc_curve_from_ike_group(sm->group);
-
-	return 0;
+	return sae_set_group(sm, ecc_groups[sm->group_retry]);
 }
 
 static int sae_valid_group(struct sae_sm *sm, unsigned int group)

From patchwork Sun Apr 21 12:50:34 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637336
Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com
 [209.85.215.173])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40FAE12E5D
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:52:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.173
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713703965; cv=none;
 b=bgEhPlzFIHKUunSyoV8nH39As2VfQzk59ouTDV9EMs1atIeTJ3BNechwVd4LTjUSVKRwlgCfCqXxzHLnl+1kr+ze6RH95HxmuGeqIjfQyxGTqg/2FrawfJSlI6sjJ62vNP6sycQIFKM1lnratpypbK0KcVEjfGx6S58N/cEFJQ8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713703965; c=relaxed/simple;
	bh=mOrBtvb/O87DA9cM+OzwQGRSxUY6LlePRXqX2XtUbX0=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=RfS8k6ZzJ4ReXPG982gUX49/G1SNrmVSoO7yzGn8ziL5aBFqPTnQsSGdj8Hno+6UikhcVsSSrV1vkOgh1aT6cPbdET/uZ2NOooqyKB7n+jkZiXnJEwpejWXt9C7AAMBSpR47Z3RpcqQ6Qi2rs+njRS43CLHDmD3/J7RWS4wJlSM=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=mnUtn90u; arc=none smtp.client-ip=209.85.215.173
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="mnUtn90u"
Received: by mail-pg1-f173.google.com with SMTP id
 41be03b00d2f7-5e152c757a5so1912671a12.2
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:52:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713703963; x=1714308763;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=3LzaY6A57nF1oLrl5mii6eRbRZ0QKu/MJ5EaRnOTB94=;
        b=mnUtn90uGSNLxhDWCXDxRQfMFrQKRieNg+PHVziJtbXpM5D63cmwhSqatqm7kJ2CWh
         osE/tTzsG9HE06So/2ROzCm5exBsOUki7j6dL1uurK/TiafV59frv+aHBLlSzlUhQlTg
         pYSwvuL/WX/AEyRrXvQ/NTjNb9P2zm2bjfjz+Ksry2ZojwgC0eDMoYIGj3jA7Tw+95pZ
         aK0qclYD5A0Msymrj5UKgaxL/W32bLU2WCNr3GQDssiNHyuEVGofTpUdWFtOu0IdsIxZ
         xe5+Aby8R3GwiBaO92Jv3WF++paoVIr2HSSt8jpJPTfsdGB7mPAqCA/fEqkk2oTFYfa8
         2a5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713703963; x=1714308763;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=3LzaY6A57nF1oLrl5mii6eRbRZ0QKu/MJ5EaRnOTB94=;
        b=gXYPtd5PNotLjeL3JDSg+evvdwrC6h6YyIW8pMkUP3DSUO4HId98gyhreqxSDg1TnC
         S3Oy5KGlQjzDoXsqly/e37Ms9pw1RawvxbMSx8GPPXb7FcwgT2bwvFK2+ZP+iIWCKPv2
         Oe2LtkPg0i4RbvkE98ni4KajlFFeTa5Lhms6Et3dDlok9SjB082vHIdKv/LgxRzCA6PQ
         nJbL20rAN1gZutH8lYvphCVd33cWNThp+zdxeEDVhetN2PNHyHZydJsJn1m37tS9ihRi
         ZvvDHeWAIJzAgipRQsNixKYDq+XpUF8Fl+RBorhP1iKi33zQMU32blaXtFDLt0fC2iPp
         HuYA==
X-Gm-Message-State: AOJu0YyDKCAS0TW4huWMWSKuGYhvDSic+NTbcDDypbXPGxe9fv5Yfujr
	d8cskyqmQs+Qtf0GpnisYQCFHbsug9ZcEN3Q7buOHVdHw0KHIHJk9EavmD4G1UQ=
X-Google-Smtp-Source: 
 AGHT+IH9oJal4FWJYTOElKfBMUd1yvJAs0/8E7Mgcky1Gav9dimq6UlHytILPdsH6pS604RMKTi7NA==
X-Received: by 2002:a05:6a20:9144:b0:1a7:919f:2b60 with SMTP id
 x4-20020a056a20914400b001a7919f2b60mr8064815pzc.37.1713703963337;
        Sun, 21 Apr 2024 05:52:43 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 az24-20020a17090b029800b0029bacd0f271sm7619545pjb.31.2024.04.21.05.52.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:52:43 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 04/11] sae: refactor and add function sae_calculate_keys
Date: Sun, 21 Apr 2024 05:50:34 -0700
Message-ID: <20240421125050.6649-5-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

Refactor code by moving code to the new function sae_calculate_keys.
This will make it easier in the next commits to add SAE support for AP
mode.
---
 src/sae.c | 83 +++++++++++++++++++++++++++++++------------------------
 1 file changed, 47 insertions(+), 36 deletions(-)

diff --git a/src/sae.c b/src/sae.c
index c133386f..314fc28f 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -683,10 +683,9 @@ static bool sae_send_confirm(struct sae_sm *sm)
 	return true;
 }
 
-static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
-					const uint8_t *frame, size_t len)
+
+static int sae_calculate_keys(struct sae_sm *sm)
 {
-	uint8_t *ptr = (uint8_t *) frame;
 	unsigned int nbytes = l_ecc_curve_get_scalar_bytes(sm->curve);
 	enum l_checksum_type hash =
 		crypto_sae_hash_from_ecc_prime_len(sm->sae_type, nbytes);
@@ -702,39 +701,6 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
 	struct l_ecc_scalar *tmp_scalar;
 	struct l_ecc_scalar *order;
 
-	ptr += 2;
-
-	sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes);
-	if (!sm->p_scalar) {
-		l_error("Server sent invalid P_Scalar during commit");
-		return sae_reject(sm, SAE_STATE_COMMITTED,
-				MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP);
-	}
-
-	ptr += nbytes;
-
-	sm->p_element = l_ecc_point_from_data(sm->curve, L_ECC_POINT_TYPE_FULL,
-						ptr, nbytes * 2);
-	if (!sm->p_element) {
-		l_error("Server sent invalid P_Element during commit");
-		return sae_reject(sm, SAE_STATE_COMMITTED,
-				MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP);
-	}
-
-	/*
-	 * If they match those sent as part of the protocol instance's own
-	 * SAE Commit message, the frame shall be silently discarded (because
-	 * it is evidence of a reflection attack) and the t0 (retransmission)
-	 * timer shall be set.
-	 */
-	if (l_ecc_scalars_are_equal(sm->p_scalar, sm->scalar) ||
-			l_ecc_points_are_equal(sm->p_element, sm->element)) {
-		l_warn("peer scalar or element matched own, discarding frame");
-		return -ENOMSG;
-	}
-
-	sm->sc++;
-
 	/*
 	 * K = scalar-op(rand, (element-op(scalar-op(peer-commit-scalar, PWE),
 	 *			PEER-COMMIT-ELEMENT)))
@@ -823,6 +789,51 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
 	/* don't set the handshakes pmkid until confirm is verified */
 	memcpy(sm->pmkid, tmp, 16);
 
+	return 0;
+}
+
+
+static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
+					const uint8_t *frame, size_t len)
+{
+	uint8_t *ptr = (uint8_t *) frame;
+	unsigned int nbytes = l_ecc_curve_get_scalar_bytes(sm->curve);
+
+	ptr += 2;
+
+	sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes);
+	if (!sm->p_scalar) {
+		l_error("Server sent invalid P_Scalar during commit");
+		return sae_reject(sm, SAE_STATE_COMMITTED,
+				MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP);
+	}
+
+	ptr += nbytes;
+
+	sm->p_element = l_ecc_point_from_data(sm->curve, L_ECC_POINT_TYPE_FULL,
+						ptr, nbytes * 2);
+	if (!sm->p_element) {
+		l_error("Server sent invalid P_Element during commit");
+		return sae_reject(sm, SAE_STATE_COMMITTED,
+				MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP);
+	}
+
+	/*
+	 * If they match those sent as part of the protocol instance's own
+	 * SAE Commit message, the frame shall be silently discarded (because
+	 * it is evidence of a reflection attack) and the t0 (retransmission)
+	 * timer shall be set.
+	 */
+	if (l_ecc_scalars_are_equal(sm->p_scalar, sm->scalar) ||
+			l_ecc_points_are_equal(sm->p_element, sm->element)) {
+		l_warn("peer scalar or element matched own, discarding frame");
+		return -ENOMSG;
+	}
+
+	sm->sc++;
+
+	sae_calculate_keys(sm);
+
 	if (!sae_send_confirm(sm))
 		return -EPROTO;
 

From patchwork Sun Apr 21 12:50:35 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637337
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF50112E5D
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:53:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.173
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713704020; cv=none;
 b=Zqg4sXqLXZQjAWLju9QKdVNNtWFbuPlp9lXzqAw7V4c9F50jv60aGJC/PwraT8lKVl02HhzYc8eeVTau2cMFznaEAUgn+mft4I4EdyXcBLzqL5V2yC/mRQaYmn/XeV9dw2fADVFDpmZaKXMBkwULFqBYk6wWkgSuWoHf4Wjwrgo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713704020; c=relaxed/simple;
	bh=sPQxcd8jI0JgzeXjn8Pba5twbdYYSCaqwOiSEmoxPJw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=cf8mm2FfbBVoaV1IQnoo9zLV2V0365OuuC5puvPtF/RVyLhro6zR0RfTrHPVJdGuv9uOkCpSenubqJN0HuESYsLM598O7uokHWcXQYZVZhXzfObzboZ3nmF1M6xqzzmvsBlhH9kOjI9x2aWCQ0dT3t3tbYJ9TNT1TK0iW5MI3rA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=hGS0saQx; arc=none smtp.client-ip=209.85.210.173
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="hGS0saQx"
Received: by mail-pf1-f173.google.com with SMTP id
 d2e1a72fcca58-6ecec796323so3644698b3a.3
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:53:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713704018; x=1714308818;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=VLlVMSlAe4F5N1sLrJ8Ppth4eaMxLQpCenGNlzdR3FQ=;
        b=hGS0saQxv8wpR7M3TOq8GnHMZB40v4+DjE7eZMMxwM+Fi1JZBhFEcYp4UlJEiQD25C
         0UDnHK8dH/M9Wm39yIv6jPQktJPQFoOYq+t0G7bq1r4POeWTv9BLDrGpRGIHZLhhwdOC
         VfvKQ8xz9/jATCuyRzqWVb/udMQAcWx3ObUBtsYofGhRIafkGIdTsxwZpISMfzzGQioG
         Y6ggODCS9IeHhRI8OSb54vOUY70cvB1AKsZArxsznsQQUEGMG6kQYSozhuIy6U/LL7Af
         E4WDyI4HYjVxeMqsGEXdQMNsF84HoVdDw0XNNNT30D1VF6tzVsHW7ArwfGWdD/lPFih1
         UNqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713704018; x=1714308818;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=VLlVMSlAe4F5N1sLrJ8Ppth4eaMxLQpCenGNlzdR3FQ=;
        b=f36gON/P0L/86wHvXoZblNOMLAmL/Wf3czP0Qcx2xUSA0w2K1qkU/UVGRsxMj4siVz
         kZqJaWfiJOslfxxXj8u+XFGyMRG68SGo29vydrI4REhvFZKiyLFe5T1HQ2qjSgIj/+wN
         kzDLXTeEeeu/eE+YsAY6Rds1tEpkdefztz95lGleoOPEl6I6Q+MqrX3zSmZR8qMF0ZnV
         lclkuo9evg0q04NUhSu/eRjurPcyaPg10tpiuluoFdeZ8aLfjtxcVgO8qiBRgMIZH3lh
         B+dJQ1iHO7zrq14xmqMguGBKDVqUpZXjtRMQAYPvwntOMq2BSMmYSZE4w/6eEbFuuSlA
         bfhg==
X-Gm-Message-State: AOJu0YxeS81v7iFO89xWGOfUIgvgvNjzNhm5k6B08oLlYDmWzm4Sejxi
	A4JukuTQwM8oRQ04K/sZvd9yZydUSnAdFyCh3a3TYFIvXvfBpyqRme3kBdYwF6U=
X-Google-Smtp-Source: 
 AGHT+IFtJmZ+JqXzyj5zMYTVtsy+L0Gcl37VEbNARCQ65UbGK+8FK3simP2vsHKXYZO+luCGwU66lQ==
X-Received: by 2002:a17:902:c944:b0:1e3:d8ae:df34 with SMTP id
 i4-20020a170902c94400b001e3d8aedf34mr10085792pla.11.1713704018022;
        Sun, 21 Apr 2024 05:53:38 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 ju24-20020a170903429800b001e3d8c237a2sm6279864plb.260.2024.04.21.05.53.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:53:37 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 05/11] sae: make sae_process_commit callable in AP mode
Date: Sun, 21 Apr 2024 05:50:35 -0700
Message-ID: <20240421125050.6649-6-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

As an AP, the function sae_process_commit will pick the group offered by
the client. In a subsuquent commit the offered group will first be
verified before calling sae_process_commit. The AP will reply with a
Commit frame, calculate current keys, and move to the COMMITTED state.
---
 src/sae.c | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/src/sae.c b/src/sae.c
index 314fc28f..2c97d94c 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -48,6 +48,8 @@ static bool debug;
 #define SAE_SYNC_MAX		3
 #define SAE_MAX_ASSOC_RETRY	3
 
+static bool sae_send_commit(struct sae_sm *sm, bool retry);
+
 #define sae_debug(fmat, ...) \
 ({	\
 	if (debug) \
@@ -797,8 +799,12 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
 					const uint8_t *frame, size_t len)
 {
 	uint8_t *ptr = (uint8_t *) frame;
-	unsigned int nbytes = l_ecc_curve_get_scalar_bytes(sm->curve);
+	unsigned int nbytes;
+
+	if (sm->handshake->authenticator && sae_set_group(sm, l_get_le16(frame)) < 0)
+		return -1;
 
+	nbytes = l_ecc_curve_get_scalar_bytes(sm->curve);
 	ptr += 2;
 
 	sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes);
@@ -824,20 +830,22 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from,
 	 * it is evidence of a reflection attack) and the t0 (retransmission)
 	 * timer shall be set.
 	 */
-	if (l_ecc_scalars_are_equal(sm->p_scalar, sm->scalar) ||
-			l_ecc_points_are_equal(sm->p_element, sm->element)) {
-		l_warn("peer scalar or element matched own, discarding frame");
+	if ((sm->scalar && l_ecc_scalars_are_equal(sm->p_scalar, sm->scalar)) ||
+			(sm->element && l_ecc_points_are_equal(sm->p_element, sm->element)))
 		return -ENOMSG;
-	}
 
 	sm->sc++;
 
-	sae_calculate_keys(sm);
-
-	if (!sae_send_confirm(sm))
-		return -EPROTO;
-
-	sm->state = SAE_STATE_CONFIRMED;
+	if (sm->handshake->authenticator) {
+		sae_send_commit(sm, false);
+		sae_calculate_keys(sm);
+		sm->state = SAE_STATE_COMMITTED;
+	} else {
+		sae_calculate_keys(sm);
+		if (!sae_send_confirm(sm))
+			return -EPROTO;
+		sm->state = SAE_STATE_CONFIRMED;
+	}
 
 	return 0;
 }
@@ -1008,7 +1016,7 @@ static int sae_verify_nothing(struct sae_sm *sm, uint16_t transaction,
 	/*
 	 * TODO: This does not handle the transition from NOTHING -> CONFIRMED
 	 * as this is only relevant to the AP or in Mesh mode which is not
-	 * yet supported.
+	 * yet fully supported.
 	 */
 	if (transaction != SAE_STATE_COMMITTED)
 		return -EBADMSG;

From patchwork Sun Apr 21 12:50:36 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637338
Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com
 [209.85.210.180])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E64B134BD
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:53:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.180
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713704025; cv=none;
 b=qdaW0z63zMjDnXYaTW2nGM4wPSPVYPeW1ho8Ci13xh6xzsr9miSRB56SjG9LxU6l9bOW9bloS1cDNCZPEp1M2iVt4h0KAy0XxhNCO4DosvW6Cbo/tPHfirdkjOt6HWBGzOokMihnuzeQ5dBuaWA/nU3acS6xkHTMY6yLqXkBtos=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713704025; c=relaxed/simple;
	bh=5JaKa7XswDeLp/H7eDcv/gbdrRBQy8+VZJgXy5jvH/w=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=PYb81JDx2HU2KSqUXwOIISV3o2ZiK5fQ4s0E3OvlUVGr9f45WH0QvnoUQHcA6SR6066YOTBlwX3i2CT7YTjIonAmcnqZfrowXkqYomwNSorez0PzDt/3lGLXmI6e4jJAReTLC1Vvx+OLB+clHTw66CMUnTUZCO3ljz+23ue87a4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=KnxLhp+g; arc=none smtp.client-ip=209.85.210.180
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="KnxLhp+g"
Received: by mail-pf1-f180.google.com with SMTP id
 d2e1a72fcca58-6f103b541aeso1008067b3a.3
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:53:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713704024; x=1714308824;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=S1ZoSr21MYoeKBvlARhQMn9pEsip9RAifE2zpohqtDg=;
        b=KnxLhp+gyS+KTGGBgRW5kTcDyramM2LWj/ncupL/SiBR3pfCz7yRzCv6xlKIIr3ihg
         faInbvEXJOna3EHhvANs/sh+nqPTN7L2qIHlAgjFLw/07aOkEQlublE+WyR+X53DhLG8
         L6TZ0A62MGNU5BfYQXLbppFfUwZNtOdJoQDTi7E9kTP7mE4GDtfk5VQRBZ1PLLfIjcB/
         1B6qKq4R1jIbORUvoMPzle0P/zPKCh09xV707CEF3MGQn1+ljfEnSwv2z/YaFkGM2N1w
         caWsaKtnjxfLX6c9QaQYs5D75/tvfsfpUTBXmpmH5vuuXNtYIq2/2kYdj9E+7HygRHUv
         GiCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713704024; x=1714308824;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=S1ZoSr21MYoeKBvlARhQMn9pEsip9RAifE2zpohqtDg=;
        b=m2U53bloZK7uXa6nLUsi+kHyPxq6HXBRNoE2JbCHrOqrkA7wop1rK0BI0KvQEESSdQ
         WuzTabJ26LUCUpznq+Fugf81pk1HQRw2HnU0266ubAgZg7BTRyohbT0iPIbmWEZJf9cN
         fLMsq9XTc/i9rl97AnkgKW6qvTvK8Yp5I01/7HWzNDjuPFKi7+x9tZsPlDEv9SjpE2Qo
         Lyrv7OEb7wC4+lc+Jl5gdjXuCNRUgRejHHXL5SfVO31g8riKVm28Z65Uzypj48e0UFEA
         9pA2KbaLGHEvATaMEcrcE5l61QtICgHpQeVg91elmpeRFeG1QxOjMB0P8qevZJZH+aEo
         6/qQ==
X-Gm-Message-State: AOJu0YycxNQBSjnGCBNP2AMLOyl0W+5QVKgVJVQRX/IwCtHpq0nbzTpB
	W2/YfamzpzLUC3zn/RoAV66IzdDZQuDEOmnirmnrg8RGAZZHsUz8vl4JYbALcLM=
X-Google-Smtp-Source: 
 AGHT+IEOgN2XBz/6q6YmJ1Hh6AGeldaBnjo7Z1e/RJUjf8QHW1DpXW3uf/6ISJZL3G6f55wGGCUNOw==
X-Received: by 2002:a05:6a00:2e02:b0:6ec:f84c:902c with SMTP id
 fc2-20020a056a002e0200b006ecf84c902cmr8934966pfb.24.1713704023821;
        Sun, 21 Apr 2024 05:53:43 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 a5-20020aa78e85000000b006e554afa254sm6114686pfr.38.2024.04.21.05.53.42
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:53:43 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 06/11] sae: verify offered group in AP mode
Date: Sun, 21 Apr 2024 05:50:36 -0700
Message-ID: <20240421125050.6649-7-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

When receiving a Commit frame in AP mode, first verify that we support
the offered group before further processing the frame.
---
 src/sae.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/sae.c b/src/sae.c
index 2c97d94c..8a1e311a 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -214,6 +214,18 @@ static int sae_valid_group(struct sae_sm *sm, unsigned int group)
 	return -ENOENT;
 }
 
+static int sae_supported_group(struct sae_sm *sm, unsigned int group)
+{
+	const unsigned int *ecc_groups = l_ecc_supported_ike_groups();
+	unsigned int i;
+
+	for (i = 0; ecc_groups[i]; i++)
+		if (ecc_groups[i] == group)
+			return true;
+
+	return false;
+}
+
 static bool sae_pwd_seed(const uint8_t *addr1, const uint8_t *addr2,
 				uint8_t *base, size_t base_len,
 				uint8_t counter, uint8_t *out)
@@ -1029,7 +1041,8 @@ static int sae_verify_nothing(struct sae_sm *sm, uint16_t transaction,
 		return -EBADMSG;
 
 	/* reject with unsupported group */
-	if (l_get_le16(frame) != sm->group)
+	if ((sm->handshake->authenticator && sae_supported_group(sm, l_get_le16(frame)) < 0) ||
+	    (!sm->handshake->authenticator && l_get_le16(frame) != sm->group))
 		return sae_reject(sm, SAE_STATE_COMMITTED,
 				MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP);
 

From patchwork Sun Apr 21 12:50:37 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637339
Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com
 [209.85.214.174])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 93E4F134BD
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:53:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.174
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713704033; cv=none;
 b=iqODEcohaRgMRxtcsYhG1ehFX6mTPfonVizhIPIighc7/so7ytcZnfaTKdoG5E9RPE2G3PXbZinhN2Wfh8+f623bI3A6U7Iw2fea858N7IpKC0UY/4qioMtP5RA+QP5NKAMX5pAfcgZoao9ylLmyH5LDDiyew/wbydVHNE9vQ4U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713704033; c=relaxed/simple;
	bh=KSqVNXJAzwRZNdXuYPVxpWhELcovp1U195/KHof8DKc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=ju3PqBGeODWengkNgUARsqT/947fH0ZECz/44HRzrMrK6i586So3t9pSeQK/bL4uKmI1LtbSwfLZTKiqs6OfuJzyrKb5mdM95gTOSAERBTibI+HHzgDG3/xWBmnXi5rdbKJBYZ1fw92ZaYZmfz/v5mr7CgBtQO4YzZUkUpAxNLQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=HGCWPTyg; arc=none smtp.client-ip=209.85.214.174
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="HGCWPTyg"
Received: by mail-pl1-f174.google.com with SMTP id
 d9443c01a7336-1e3ca546d40so28486325ad.3
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:53:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713704031; x=1714308831;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=sc7Bi3BtpcquWPNmKpc6bVHtZ49jfz+XY+SvcGcoCR8=;
        b=HGCWPTygEuuEY0tTY1LtNNJ7A4rEQpkDNKQbFALeEgMRn9jxlBrkIYBQ7/IYCyJN/u
         FN0NEaZ0y8p4Mz+OREwq0j8ujzrYnWZQuiB8dZH/bPMuspgttp9kCfwjl2RXL7bCfDui
         xsDW2HlmTNVCLO9m4qEGSii1JAcwYPyAhkj5fnmX3SXS2ot9maQmwfz8vRcw2IoQmYlr
         pRmO3lxIRLBRLVICeCsoDd3L4nJyvg7CngosVfIObvKIDODSfOO+VsNDpNJks6NTLeZ0
         SRqz02aTkCn2ZSgYyKKmZxkPvix+a5sM9l3fGmuvhf9waNUOEeZ8yeZQP2QFY9CKPzXA
         0BEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713704031; x=1714308831;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=sc7Bi3BtpcquWPNmKpc6bVHtZ49jfz+XY+SvcGcoCR8=;
        b=L6kW+ZfebyssKkVjryP+/OHBYXTE3cue7LEXJCLCbhJQEMk8khvgA4QNEr/ztg2nDg
         UehwCZo7eOFl8YPjAtZ19Zbvf4jRk9PxSbGwZJanbSmGM99eO74ZP7Flbfz9oJ2UJbs6
         dbhc+X4r34DEf6aPdrXWp2iT7hqFb9RrerEIhIK5P1m+zHPQ4oT1jE2Ia0oTm8mFOOI5
         jfvxhortC15/ToEVCviFCEoxzEYeFHZnIC9sjze/T26dJli9VsHadP4bonj7sRL5/H9S
         iW3fseK5R3GeEVxC+62B/Ygxds/ccOKmlrmEIuICEC6/6f4OBetJ+kFF6Pc7One26zHH
         AVhw==
X-Gm-Message-State: AOJu0YxNqPR0QZyNa73LkMHv/4IyOR6ipqakJpUHThmyXtRZ+mu1txs3
	zIzSulU5iffybNp+vtcRVvvk/CbhrReBUqkyRoplMgcMTmkYEdXt8csKoN/D6Ig=
X-Google-Smtp-Source: 
 AGHT+IG0/D5+JedD95KCmpaw28VfbQmzZenhjnY70qfXnugWHLdtYtkmS/acUt+8W8pZVcFlwfCSNg==
X-Received: by 2002:a17:903:943:b0:1e4:3c7f:c060 with SMTP id
 ma3-20020a170903094300b001e43c7fc060mr9715528plb.66.1713704031485;
        Sun, 21 Apr 2024 05:53:51 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 e11-20020a170902784b00b001e0bae4490fsm6398646pln.154.2024.04.21.05.53.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:53:51 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 07/11] sae: support reception of Confirm frame by AP
Date: Sun, 21 Apr 2024 05:50:37 -0700
Message-ID: <20240421125050.6649-8-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

Experimental AP-mode support for receiving a Confirm frame when in the
COMMITTED state. The AP will reply with a Confirm frame.

Note that when acting as an AP, on reception of a Commit frame, the AP
only replies with a Commit frame. The protocols allows to also already
send the Confirm frame, but older clients may not support simultaneously
receiving a Commit and Confirm frame.
---
 src/sae.c | 38 +++++++++++++++++++++++++-------------
 1 file changed, 25 insertions(+), 13 deletions(-)

diff --git a/src/sae.c b/src/sae.c
index 8a1e311a..da55c764 100644
--- a/src/sae.c
+++ b/src/sae.c
@@ -906,9 +906,13 @@ static int sae_process_confirm(struct sae_sm *sm, const uint8_t *from,
 
 	sm->state = SAE_STATE_ACCEPTED;
 
-	sae_debug("Sending Associate to "MAC, MAC_STR(sm->handshake->aa));
-
-	sm->tx_assoc(sm->user_data);
+	if (!sm->handshake->authenticator) {
+		sae_debug("Sending Associate to "MAC, MAC_STR(sm->handshake->aa));
+		sm->tx_assoc(sm->user_data);
+	} else {
+		if (!sae_send_confirm(sm))
+			return -EPROTO;
+	}
 
 	return 0;
 }
@@ -1059,16 +1063,24 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction,
 	unsigned int skip;
 	struct ie_tlv_iter iter;
 
-	/*
-	 * Upon receipt of a Con event...
-	 * Then the protocol instance checks the value of Sync. If it
-	 * is greater than dot11RSNASAESync, the protocol instance shall send a
-	 * Del event to the parent process and transition back to Nothing state.
-	 * If Sync is not greater than dot11RSNASAESync, the protocol instance
-	 * shall increment Sync, transmit the last SAE Commit message sent to
-	 * the peer...
-	 */
-	if (transaction == SAE_STATE_CONFIRMED) {
+	if (sm->handshake->authenticator && transaction == SAE_STATE_CONFIRMED) {
+		/*
+		 * TODO: Sanity-check received Confirm frame from the client. For now
+		 * AP-mode SAE support is experimental and we simply accept the frame.
+		 * Note that the cryptographic confirm field value will still be checked
+		 * before replying with a Confirm frame.
+		 */
+		return 0;
+	} else if (transaction == SAE_STATE_CONFIRMED) {
+		/*
+		 * Upon receipt of a Con event...
+		 * Then the protocol instance checks the value of Sync. If it
+		 * is greater than dot11RSNASAESync, the protocol instance shall send a
+		 * Del event to the parent process and transition back to Nothing state.
+		 * If Sync is not greater than dot11RSNASAESync, the protocol instance
+		 * shall increment Sync, transmit the last SAE Commit message sent to
+		 * the peer...
+		 */
 		if (sm->sync > SAE_SYNC_MAX)
 			return -ETIMEDOUT;
 

From patchwork Sun Apr 21 12:50:38 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637340
Received: from mail-oa1-f44.google.com (mail-oa1-f44.google.com
 [209.85.160.44])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DB8B13FFC
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:53:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.160.44
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713704039; cv=none;
 b=GUVNRORUpbXIqZ0No/ctOCGg9p+mqMMjD4Mum6J5N1UA17FDtzdpyASrKfvls9lZZ8OvPxgaVPZwAj11ufCsfYvWitLYXNcmbK/XX9S4/qnq2ZXkN6eXcErbzFfAdwIaEfeAhMgnYoCNdYP63BKZJr6SHswA8vPWJSsHZC2WnYY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713704039; c=relaxed/simple;
	bh=yCmx85wBVN/7EiI+ez6K2mx5NWXkfMYkMnIgjaEM2sw=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=uemI7bv4ONVFpZMKYXrZ/RH5FmP48uPA0tF8rLp2Pu2P3vNgxfLEOfBwJx3t0DkvB+nPws+CAuIZ4kiPR3dAuJfaVC0S+mqSYuiqsTFMyYJanTCS9tYIQmcnSOHnnC/QNQ1NZ3d+ouTAYe3hoS4wA+L+wG7qi9FlNpmiPoWUU2g=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=fEHKPzhF; arc=none smtp.client-ip=209.85.160.44
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="fEHKPzhF"
Received: by mail-oa1-f44.google.com with SMTP id
 586e51a60fabf-222a9eae9a7so1884765fac.3
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:53:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713704037; x=1714308837;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=ndBxbfX4iSMh44sy1SZlErIMMSFuRVM7SNywOFhVQv4=;
        b=fEHKPzhFAoq1mzIfJEjGAISinS1Ir3MOl63+nfkQ7NYSCva31sU2D+m8vEQnttD+iV
         rw+UABJ1/vN6CQlscvaalX7CBkCxiBsfuxLhxJ9E4JNjegtEjBaNlanl80VsLYy+A1xw
         9Ks5iKoAOklly8IMpgZTv2+1kj1b7/sTNh/JYdrzdnAv6qOgwgTrdUO/Tc6DLTipXRen
         xejBhXe4mXai9E/xrgoGihmPunUIUSeoYSJpWWocZWbi66AVHoN5+LKxlF/m/19wt621
         ofTOEA1Lrg0sAhAkJ43xugrgLiDmt3Fn877p7KaxirYyzJcbKPq3htyDH1oNz8ccvvkq
         xZXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713704037; x=1714308837;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ndBxbfX4iSMh44sy1SZlErIMMSFuRVM7SNywOFhVQv4=;
        b=fgFtnzBiIKLnLUxBWxWD0jbJ30xTA4vm/mLxIRbI3c6wd7di3/TXxfGEFFJtqC99Qy
         2RX1el3ditju2ESxmhCYxyOBZOwTBYY9dRmK2ELe0ll7YXVS2sugsSQR+qWKcjOtBQIt
         rRaDUk5McMW+2xVhHGkKzkafeeM3G2VEzGc2LvOQIVEh+N/LEr9Ixict5vr5+OppdgxQ
         00RMNNNXkzzfQQuIlT7UhEoCybfC8munniB3e75BZGbBc/0b9E3+tuMd76POz9RfC3q+
         pRhK05mhg2tX1OTM7M4g7iNsascvX4AmWu5MYBjt+ZUZ+DoBHTdZT1xeAgJIHCxf83vd
         RMDA==
X-Gm-Message-State: AOJu0YzYhUE4qsHhBgqXU+TJrinS8YRZtbG3+7A1w4uNp4xkOUnriPrm
	nIE9s0KSTtQu7wc8GMElbJ/0hHmy5TKGeDmqACaOPiMvh53rmiwsmRxO/NNr9fk=
X-Google-Smtp-Source: 
 AGHT+IH0Fh/7ZKKOgDIt5mNir9tQSwbzR4uFX5s5YZQPZx6vwzu9LFRjFHwkPTiFYNTV0auDcJu9jw==
X-Received: by 2002:a05:6870:2252:b0:229:a47f:72cc with SMTP id
 j18-20020a056870225200b00229a47f72ccmr9559953oaf.38.1713704037380;
        Sun, 21 Apr 2024 05:53:57 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 d16-20020a056a0010d000b006ed36f2c0dcsm6312549pfu.90.2024.04.21.05.53.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:53:57 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 08/11] ap: add support to handle SAE authentication
Date: Sun, 21 Apr 2024 05:50:38 -0700
Message-ID: <20240421125050.6649-9-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

When the client requests SAE authentication, and it is enabled, allocate
an auth_proto instance to handle SAE authentication. This also adds a
new function to send SAE frames in AP mode that can be used by the
auth_proto instance.
---
 src/ap.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 55 insertions(+), 9 deletions(-)

diff --git a/src/ap.c b/src/ap.c
index 14268551..ab0cbdcd 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -59,6 +59,8 @@
 #include "src/diagnostic.h"
 #include "src/band.h"
 #include "src/common.h"
+#include "src/sae.h"
+#include "src/auth-proto.h"
 
 struct ap_state {
 	struct netdev *netdev;
@@ -132,6 +134,7 @@ struct sta_state {
 	uint8_t *assoc_ies;
 	size_t assoc_ies_len;
 	uint8_t *assoc_rsne;
+	struct auth_proto *auth_proto;
 	enum ie_rsn_akm_suite akm_suite;
 	struct eapol_sm *sm;
 	struct handshake_state *hs;
@@ -2595,6 +2598,35 @@ static void ap_auth_reply(struct ap_state *ap, const uint8_t *dest,
 				ap_auth_reply_cb, NULL);
 }
 
+static void sae_auth_reply(const uint8_t *data, size_t len, void *user_data)
+{
+	struct sta_state *sta = (struct sta_state *)user_data;
+	struct ap_state *ap = (struct ap_state *)sta->ap;
+	const uint8_t *addr = netdev_get_address(ap->netdev);
+	uint8_t sae_buf[2048];
+	struct mmpdu_header *mpdu = (struct mmpdu_header *) sae_buf;
+	struct mmpdu_authentication *auth;
+
+	memset(mpdu, 0, sizeof(*mpdu));
+
+	/* Header */
+	mpdu->fc.protocol_version = 0;
+	mpdu->fc.type = MPDU_TYPE_MANAGEMENT;
+	mpdu->fc.subtype = MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION;
+	memcpy(mpdu->address_1, sta->addr, 6);	/* DA */
+	memcpy(mpdu->address_2, addr, 6);	/* SA */
+	memcpy(mpdu->address_3, addr, 6);	/* BSSID */
+
+	/* Authentication body */
+	auth = (void *) mmpdu_body(mpdu);
+	auth->algorithm = L_CPU_TO_LE16(MMPDU_AUTH_ALGO_SAE);
+
+	/* SAE elements */
+	memcpy(sae_buf + 26, data, len);
+	ap_send_mgmt_frame(ap, mpdu, 26 + len,
+				ap_auth_reply_cb, NULL);
+}
+
 /*
  * 802.11-2016 9.3.3.12 (frame format), 802.11-2016 11.3.4.3 and
  * 802.11-2016 12.3.3.2 (MLME/SME)
@@ -2664,7 +2696,7 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body,
 	 * than State 1."
 	 */
 	if (sta)
-		goto done;
+		goto have_sta;
 
 	/*
 	 * Per 12.3.3.2.3 with Open System the state change is immediate,
@@ -2679,18 +2711,32 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body,
 		ap->sta_states = l_queue_new();
 
 	sta->akm_suite = akm_suite;
+	if (sta->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) {
+		sta->hs = netdev_handshake_state_new(sta->ap->netdev);
+		handshake_state_set_authenticator(sta->hs, true);
+		handshake_state_set_passphrase(sta->hs, ap->passphrase);
+		handshake_state_set_supplicant_address(sta->hs, sta->addr);
+		handshake_state_set_authenticator_address(sta->hs, bssid);
+
+		sta->auth_proto = sae_sm_new(sta->hs, sae_auth_reply, NULL, sta);
+	}
 
 	l_queue_push_tail(ap->sta_states, sta);
 
-	/*
-	 * Nothing to do here netlink-wise as we can't receive any data
-	 * frames until after association anyway.  We do need to add a
-	 * timeout for the authentication and possibly the kernel could
-	 * handle that if we registered the STA with NEW_STATION now (TODO)
-	 */
 
-done:
-	ap_auth_reply(ap, from, 0);
+have_sta:
+	if (sta->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) {
+		auth_proto_rx_authenticate(sta->auth_proto, (const uint8_t *)hdr,
+					   body + body_len - (void *) hdr);
+	} else {
+		/*
+		 * Nothing to do here netlink-wise as we can't receive any data
+		 * frames until after association anyway.  We do need to add a
+		 * timeout for the authentication and possibly the kernel could
+		 * handle that if we registered the STA with NEW_STATION now (TODO)
+		 */
+		ap_auth_reply(ap, from, 0);
+	}
 }
 
 /* 802.11-2016 9.3.3.13 (frame format), 802.11-2016 11.3.4.5 (MLME/SME) */

From patchwork Sun Apr 21 12:50:39 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637341
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id AAB6213FFC
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:54:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.216.54
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713704046; cv=none;
 b=cNUFJVzOIuzVvo7MTA2h4jjSs/28+gyHlJ+tggRoFBTU0Fbb7XUmnXZiCokGLtkELy2G1PpFHrwXYzQAyk/JmFZRe+NMDoDHFhlcvPk1n2fq9XOzEjxq8owj452ydweoEPpKQRfbSHEvAah4QzLwuL2z2EnPxeRoThjEY9kZuyk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713704046; c=relaxed/simple;
	bh=Ne09aV/bABuP0YqcwfKF2nlerO45xRpbn200bYN7DjE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=hzFhp+YrUhC/1R8jmKcAcIwDYbcCr2MzQ87C0AfzxizV4LTOM7UMdU8TWyQCllKS5+hpFkJOfpEhwi3zGvyi5R9DoKrLIqjFnyXgn9ZLQToE/R8HU/lRnBxRt2NCMKvt4hlNGTzqT1Ucv7fxWEpknliEnRRO6C02f5bdSdjpGnQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=YcwdShd3; arc=none smtp.client-ip=209.85.216.54
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="YcwdShd3"
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-2ab1ddfded1so2876434a91.1
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:54:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713704044; x=1714308844;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=uZCBRJ6KKyf1ut9BMuJ50apuGKXn4zyytljFybP+OJ0=;
        b=YcwdShd3GtW94yxMe9XSr+qrpwlXajZKT6lTmSwopK1Fl8daYaQf6QYI33w3ynYAHz
         ThzHXx6iWTNFtm0jQTfYOubdKgO5dp/b1ewA9tIjKrFPLYSZ/JCfpeAR7jwMTHED+fBZ
         Q2xkhh+HPqQf8csOVSTEvEL8BP1gMA65UsFMsobOM9mg57ixaJnnUMwDZmu00xiBQgx0
         b6I56t6sWTeK9DmdbJAP5jtk8d4FqLpsLlkgpZyC7yxGvyAtfayIjTtKkBBTUBOUv76T
         5+QUrqgwgQZTcS8yBU/BZe0TtNd4C7BDFW2XYJrg283H7YsEin16OSI1k8dpstfJGwWQ
         6TyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713704044; x=1714308844;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=uZCBRJ6KKyf1ut9BMuJ50apuGKXn4zyytljFybP+OJ0=;
        b=clo+HjlS2PCF29B2PICatTdE8xRijGxYzeH7raBCAtVxdRheV6ZJrq7Ykt/KffY/ow
         Lu9gNPbSiDOfsS4Fxv5sdI7nT8TuztQU6Dz65GsyUvwd+IVSlJZ5H1aQ06a6IbjIRda2
         6P4a44+sOnGzDoZ3uAltG5RsuRSuRnyj8bkuztJeNuZF5ipUVacT3/NNMJKx51vQi656
         WPXYUnjZv8GEjXL1+eGfdh0NmKWurQSQn2hz9279t1BkM92XWrEzblqD05TaECiCLvAy
         MZphRHajIiDM7Ng1uQYo6vebRPBuM34eJCFJmB90/eF4fn+0uP4TsB0/pwwbeeeQaWu1
         RLWg==
X-Gm-Message-State: AOJu0YwyVr92u+H/yMr2QiioS6MKoKDVZHoYJfGBuL+HxF2DW3AHuKQc
	i/CL2UX8S3Nrx0QTHJQRVhHtpw/lAFmM/LKQoycY42JF2x/2S2eFjMgbiRvAGlk=
X-Google-Smtp-Source: 
 AGHT+IHlAQo3WhY+9+GvQvPp+SVSs87meZoHE3xf89lrIP5a+0AcnAMtTgJk4qPN2AHB3EXjeyonDA==
X-Received: by 2002:a17:90a:aa87:b0:2a5:2870:6d with SMTP id
 l7-20020a17090aaa8700b002a52870006dmr6145610pjq.48.1713704043856;
        Sun, 21 Apr 2024 05:54:03 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 x6-20020a17090a6b4600b002a0544b81d6sm5834222pjl.35.2024.04.21.05.54.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:54:03 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 09/11] ap: enable start of 4-way HS after SAE
Date: Sun, 21 Apr 2024 05:50:39 -0700
Message-ID: <20240421125050.6649-10-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

Accept association frames that request SAE if SAE is enabled by the AP.
When SAE is being used, get the PMK as negoticated by SAE.
---
 src/ap.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/ap.c b/src/ap.c
index ab0cbdcd..27b30e5b 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -1500,12 +1500,19 @@ static void ap_handshake_event(struct handshake_state *hs,
 
 static void ap_start_rsna(struct sta_state *sta, const uint8_t *gtk_rsc)
 {
-	/* this handshake setup assumes PSK network */
-	sta->hs = netdev_handshake_state_new(sta->ap->netdev);
-	handshake_state_set_authenticator(sta->hs, true);
+	/* this handshake setup assumes SAE or PSK network */
+	if (sta->hs && sta->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) {
+		handshake_state_set_pmk(sta->hs, sta->hs->pmk, 32);
+		handshake_state_set_pmkid(sta->hs, sta->hs->pmkid);
+	} else {
+		sta->hs = netdev_handshake_state_new(sta->ap->netdev);
+		handshake_state_set_authenticator(sta->hs, true);
+		handshake_state_set_pmk(sta->hs, sta->ap->psk, 32);
+	}
+
 	handshake_state_set_event_func(sta->hs, ap_handshake_event, sta);
 	handshake_state_set_supplicant_ie(sta->hs, sta->assoc_rsne);
-	handshake_state_set_pmk(sta->hs, sta->ap->psk, 32);
+
 	ap_start_handshake(sta, false, gtk_rsc);
 }
 
@@ -2258,7 +2265,7 @@ static void ap_assoc_reassoc(struct sta_state *sta, bool reassoc,
 			goto unsupported;
 		}
 
-		if (rsn_info.akm_suites != IE_RSN_AKM_SUITE_PSK) {
+		if ((rsn_info.akm_suites & ap->akm_suites) == 0) {
 			err = MMPDU_REASON_CODE_INVALID_AKMP;
 			goto unsupported;
 		}

From patchwork Sun Apr 21 12:50:40 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637342
Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com
 [209.85.210.170])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 227F31772D
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:54:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.170
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713704051; cv=none;
 b=Stx4mEdc1APRdFEXlxAE4HvzyFwt5sEm3krvnptQIn8YDL6gq3jfMbLJqqG1YI+jg5ckj4/XnHoVJ7+16dj2njTrgqAPzDD93muaDWeV0qhB1bRZXdCR/MKsAO8SlNBs3UMN1kEdFc0RzZArZu5RPy5yvaUAqPr0hCptO4Q1AjQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713704051; c=relaxed/simple;
	bh=2ICwD8LyaS27Ec2QG4vWlF1Xt45cr0o3QPTwyfFVok0=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=B6Z0jJatGGY23fAmE3xGOI0Y9vIRMKm0uo8prEQXAUKqfyZGjJTdoQNpWDPiVda8d9OF1l35NJdH9dDlEAfgEAGm9SGIGGGw8012wUheSLeULRI6Olk73itqXEdJXuWruzM3DlGhgY4gdUWkUtTAGbgS3DKLM+LElJOPyGBVyys=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=WRcCXnIr; arc=none smtp.client-ip=209.85.210.170
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="WRcCXnIr"
Received: by mail-pf1-f170.google.com with SMTP id
 d2e1a72fcca58-6ecec796323so3645008b3a.3
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:54:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713704049; x=1714308849;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=naU7Lyu1k5xtNysxMGI2m4bg7w8Id9aqwjGgjWeYPZ0=;
        b=WRcCXnIrVTWhBI4QTGHYx8g56snWCpxpJyK3eGV+P/kXJFE6ZPJt2zoibIsuEVuM/4
         JVPY4W/RvPLo5PnvK6MxFuZFf8+MimlGal5k/FQCMoLF1ATWeUMGqk2u4NYR8fPOvav5
         2R0CtKGCxiKdWvqD7ssZp9c0kS+IDc+MTxKw+NRT0Md+ktf7ywWncA6dbiUEH/8a0MjT
         q228UrPaOjvyByjDrU9tXAH+RIIeq7dyRcMpvYq1O65AxWiQQGvSYlZTYxGbtgCGY2CR
         1B1/JMZSqS0OwFaSiPv5r6COTWDHBD2sRZKXBynuzrU0KqIsdwmLRhLlOUvlGWlbFdrR
         PApw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713704049; x=1714308849;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=naU7Lyu1k5xtNysxMGI2m4bg7w8Id9aqwjGgjWeYPZ0=;
        b=mbgWs37ObYjElmbc/s27aJtr7jJg3fZY3GdjuKQ0Vy7rFVZ2Khb6eI6Yi3xtQkjlGq
         FId8s2vngE8vwSMUthP93b0S8zDMMtl8zmeFrbK7nXdIQSROkoOouL7sn1Vq3pOfrfcg
         NVQNnrEY4pu++7QjMVmXDgBqzU3AugXY4Auh/QYvz4g++UgoKV4BbmECZA8onVBzU8wE
         tuQwIYmNUZrxIUI6IEBatESYjELITQtBo4TzTucM3Bp4Mvr1AG2s/8rm7z6RLDhGra68
         n3lUpgXlANdGOD5okeJWxQRotSIVreROv5jg2hHLhlBz5ODd8gwV2VzQHCH7pP/bVAiX
         z8Bg==
X-Gm-Message-State: AOJu0Yx+BubD3uY8buGctsLPSRkUuS7dDkfMwEQrLsyHW4R8sPWAjJBQ
	WY0QBLYVrCcxSNuOCqsPhDS2ebZ5+rfm/hVABZoy7un7lFjWp9CrRDkxvir4lEY=
X-Google-Smtp-Source: 
 AGHT+IGpmNTzoeiuITSUPOa1C+Cb5mOXvQxETUO85ubYpEAWj5gamW+N2zuJCJPEZ6qAtHTvd6soLA==
X-Received: by 2002:a05:6a00:188b:b0:6f0:c214:7974 with SMTP id
 x11-20020a056a00188b00b006f0c2147974mr9481494pfh.12.1713704049355;
        Sun, 21 Apr 2024 05:54:09 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 z25-20020a637e19000000b005f80aced5f3sm2742541pgc.0.2024.04.21.05.54.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:54:09 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 10/11] eapol: support PTK derivation with SHA256
Date: Sun, 21 Apr 2024 05:50:40 -0700
Message-ID: <20240421125050.6649-11-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

Support PTK derivation in case the negotiated AKM requires SHA256. This
is needed to support SAE in AP mode.
---
 src/eapol.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/eapol.c b/src/eapol.c
index 3ce14d5c..a9b4f3ba 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -1560,6 +1560,7 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
 	size_t ptk_size;
 	const uint8_t *kck;
 	const uint8_t *aa = sm->handshake->aa;
+	enum l_checksum_type type;
 
 	l_debug("ifindex=%u", sm->handshake->ifindex);
 
@@ -1571,12 +1572,16 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
 
 	ptk_size = handshake_state_get_ptk_size(sm->handshake);
 
+	type = L_CHECKSUM_SHA1;
+	if (sm->handshake->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256)
+		type = L_CHECKSUM_SHA256;
+
 	if (!crypto_derive_pairwise_ptk(sm->handshake->pmk,
 					sm->handshake->pmk_len,
 					sm->handshake->spa, aa,
 					sm->handshake->anonce, ek->key_nonce,
 					sm->handshake->ptk, ptk_size,
-					L_CHECKSUM_SHA1))
+					type))
 		return;
 
 	kck = handshake_state_get_kck(sm->handshake);

From patchwork Sun Apr 21 12:50:41 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Brandt <brandtwjohn@gmail.com>
X-Patchwork-Id: 13637343
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FAA715ACB
	for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 12:54:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.179
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1713704057; cv=none;
 b=JF9uElTg+7Azf8NHQCLjzvTO7vXl0yW8+vv9Hzg4q1NnzvrUYGa1LivMrp8da3tRzQjhgdJgNSSomtMvvvdX+KoduaBirYCqfKHtWYWE8t3FTrBczP5rRU2sztbS2oBK9WIebftmZML6O3FVtCCoKUzl2tw4BTZXfEe9Ky2UyUQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1713704057; c=relaxed/simple;
	bh=qlnxvCEvGuKHk7cMN069fLQZYLphU+QadhK3WPeK8wg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=ki21146A67nTwfs8ohcdVv1m5asK8gmBI7/bxTxxMJcqs00LVsYn7UgN+djOmVAQ7e05C+io8qYenAWn9Dut4MKMlix1CaFJ6zJQVvRTwsQEBHVY04duUmFYF1j1o2ey9o8CzdQXbyYvHWneWLRWWk4R8Z9NcXVfRhXRmh+By2o=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=BSYzX1uB; arc=none smtp.client-ip=209.85.210.179
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="BSYzX1uB"
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-6ecec796323so3645069b3a.3
        for <iwd@lists.linux.dev>; Sun, 21 Apr 2024 05:54:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1713704055; x=1714308855;
 darn=lists.linux.dev;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=g/39Tl9fV3mE8KRJQM0Q7l/VA1W53h/eZdlPp/oMDTk=;
        b=BSYzX1uBzBMwWngrvYYEFtS10f/yeeA22wWuCPhCPo6lUHWefY7ZTbfVFgFgzDyvUO
         poWvXBJyYEa7112l1qQA+xkvIGnZeedZySVswVOmgylsf85sWXPaiwhtxcstxnsB41HQ
         2pNDwfbs4LOLcr2a0nq88IyM8kU56wdkrxTqhGl6622fJbUk5cZe8D57e8wK3SvbITTm
         6AGYpCUTeKcsqDqbiIYEyMiLU4sk4EKKSwZZwoGXlSp4WpHvveP/RRL0V/U6pSQkGxrE
         ig+kXxsxyPUncEVJmoOswIVL8GKc4ixrGak3h8HQveAxP1/SqPcYHqYOuh9UbXqRJ2UE
         4xew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1713704055; x=1714308855;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=g/39Tl9fV3mE8KRJQM0Q7l/VA1W53h/eZdlPp/oMDTk=;
        b=SCaJjCfV9A5ynSGz19qXpMq/+qRRSCZddDUcNya1SD9yBultcnzs650uMTBKupQxog
         DBJFpLhAXSmsJajCGQnng4I5H70AA/ueB1BRhlx/3FmDcG4WW9F7Dm/mn20V7l6gdRw6
         vrUmC7NuntS/ks5GqN7rnLlSFkfOcc8xXszwTwXdyY36rTRoGY1RZM1Hy+9GyBnt60Dd
         4hLX9gZRmUP2i7NFb2Dv2AL3GXBJjPO3NuBos4Wr+wsmN7Z6DT0Vh14inw7JUyLR32nB
         qQGs/vDXtlIjQj4F2jyDXXuXIsZBZfMse+nAzvfHV5gjQhc+OzTqCeeEq6gzboNuW6PX
         4GBw==
X-Gm-Message-State: AOJu0YyyrreAVv8vQ8vVsmXSPzc6cmLctRDuaz3Mf3z18Ah8RThysWYr
	FQD5bz6ARsTvSRPSiyw+4hBqNf15CF+oPfUxUgn/4EwkhVtLYVacp7kbgaUNLRY=
X-Google-Smtp-Source: 
 AGHT+IHLbzT4wUY/25jDwgVKMpPRRILzWu0aEYxgSTWLqoRdkt7NRzR0bY56+CQhfOvSW75scQ9CWw==
X-Received: by 2002:a05:6a00:cc8:b0:6ed:de6f:d738 with SMTP id
 b8-20020a056a000cc800b006edde6fd738mr11359918pfv.9.1713704055356;
        Sun, 21 Apr 2024 05:54:15 -0700 (PDT)
Received: from localhost ([185.169.0.163])
        by smtp.gmail.com with ESMTPSA id
 l10-20020a056a00140a00b006ed0d0307aasm6121745pfu.70.2024.04.21.05.54.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 21 Apr 2024 05:54:15 -0700 (PDT)
From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH 11/11] eapol: encrypt key data for AKM-defined ciphers
Date: Sun, 21 Apr 2024 05:50:41 -0700
Message-ID: <20240421125050.6649-12-brandtwjohn@gmail.com>
X-Mailer: git-send-email 2.44.0
In-Reply-To: <20240421125050.6649-1-brandtwjohn@gmail.com>
References: <20240421125050.6649-1-brandtwjohn@gmail.com>
Precedence: bulk
X-Mailing-List: iwd@lists.linux.dev
List-Id: <iwd.lists.linux.dev>
List-Subscribe: <mailto:iwd+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:iwd+unsubscribe@lists.linux.dev>
MIME-Version: 1.0

Support encrypting key data when the cipher is AKM-defined. This is
needed to support SAE in AP mode.
---
 src/eapol.c | 51 ++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 36 insertions(+), 15 deletions(-)

diff --git a/src/eapol.c b/src/eapol.c
index a9b4f3ba..524a26c9 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -387,6 +387,23 @@ error:
 	return NULL;
 }
 
+static int padded_aes_wrap(const uint8_t *kek, uint8_t *key_data,
+				size_t *key_data_len,
+				struct eapol_key *out_frame, size_t mic_len)
+{
+	if (*key_data_len < 16 || *key_data_len % 8)
+		key_data[(*key_data_len)++] = 0xdd;
+	while (*key_data_len < 16 || *key_data_len % 8)
+		key_data[(*key_data_len)++] = 0x00;
+
+	if (!aes_wrap(kek, key_data, *key_data_len,
+				EAPOL_KEY_DATA(out_frame, mic_len)))
+		return -ENOPROTOOPT;
+
+	*key_data_len += 8;
+	return 0;
+}
+
 /*
  * Pad and encrypt the plaintext Key Data contents in @key_data using
  * the encryption scheme required by @out_frame->key_descriptor_version,
@@ -395,12 +412,12 @@ error:
  * Note that for efficiency @key_data is being modified, including in
  * case of failure, so it must be sufficiently larger than @key_data_len.
  */
-static int eapol_encrypt_key_data(const uint8_t *kek, uint8_t *key_data,
-				size_t key_data_len,
+static int eapol_encrypt_key_data(enum ie_rsn_akm_suite akm, const uint8_t *kek,
+				uint8_t *key_data, size_t key_data_len,
 				struct eapol_key *out_frame, size_t mic_len)
 {
 	uint8_t key[32];
-	bool ret;
+	int ret;
 
 	switch (out_frame->key_descriptor_version) {
 	case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4:
@@ -426,18 +443,21 @@ static int eapol_encrypt_key_data(const uint8_t *kek, uint8_t *key_data,
 		break;
 	case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES:
 	case EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES:
-		if (key_data_len < 16 || key_data_len % 8)
-			key_data[key_data_len++] = 0xdd;
-		while (key_data_len < 16 || key_data_len % 8)
-			key_data[key_data_len++] = 0x00;
-
-		if (!aes_wrap(kek, key_data, key_data_len,
-					EAPOL_KEY_DATA(out_frame, mic_len)))
-			return -ENOPROTOOPT;
-
-		key_data_len += 8;
+		ret = padded_aes_wrap(kek, key_data, &key_data_len, out_frame, mic_len);
+		if (ret < 0)
+			return ret;
 
 		break;
+	case EAPOL_KEY_DESCRIPTOR_VERSION_AKM_DEFINED:
+		switch (akm) {
+		case IE_RSN_AKM_SUITE_SAE_SHA256:
+			ret = padded_aes_wrap(kek, key_data, &key_data_len, out_frame, mic_len);
+			if (ret < 0)
+				return ret;
+			break;
+		default:
+			return -ENOTSUP;
+		}
 	}
 
 	l_put_be16(key_data_len, EAPOL_KEY_DATA(out_frame, mic_len) - 2);
@@ -1467,8 +1487,9 @@ static void eapol_send_ptk_3_of_4(struct eapol_sm *sm)
 	}
 
 	kek = handshake_state_get_kek(sm->handshake);
-	key_data_len = eapol_encrypt_key_data(kek, key_data_buf,
-						key_data_len, ek, sm->mic_len);
+	key_data_len = eapol_encrypt_key_data(sm->handshake->akm_suite, kek,
+						key_data_buf, key_data_len, ek,
+						sm->mic_len);
 	explicit_bzero(key_data_buf, sizeof(key_data_buf));
 
 	if (key_data_len < 0)