From patchwork Tue Jul 31 20:10:28 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 10551479
X-Patchwork-Delegate: johannes@sipsolutions.net
Return-Path: <linux-wireless-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E4E5313BB
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Tue, 31 Jul 2018 21:26:42 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CBE302B336
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Tue, 31 Jul 2018 21:26:42 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id BEF132B4CF; Tue, 31 Jul 2018 21:26:42 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 609092B336
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Tue, 31 Jul 2018 21:26:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731484AbeGaXI5 (ORCPT
        <rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
        Tue, 31 Jul 2018 19:08:57 -0400
Received: from 1.mo2.mail-out.ovh.net ([46.105.63.121]:56073 "EHLO
        1.mo2.mail-out.ovh.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725886AbeGaXI5 (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Tue, 31 Jul 2018 19:08:57 -0400
X-Greylist: delayed 2412 seconds by postgrey-1.27 at vger.kernel.org;
 Tue, 31 Jul 2018 19:08:57 EDT
Received: from player794.ha.ovh.net (unknown [10.109.160.153])
        by mo2.mail-out.ovh.net (Postfix) with ESMTP id E0551146BE8
        for <linux-wireless@vger.kernel.org>;
 Tue, 31 Jul 2018 22:11:00 +0200 (CEST)
Received: from awhome.eu (p579AA6EE.dip0.t-ipconnect.de [87.154.166.238])
        (Authenticated sender: postmaster@awhome.eu)
        by player794.ha.ovh.net (Postfix) with ESMTPSA id 63DA11400A6;
        Tue, 31 Jul 2018 22:10:55 +0200 (CEST)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
        s=wetzel-home; t=1533067848;
        bh=HB+iqFHcBBy3VLD5/ikuADzXYmGADU3+cw7v7Gh6uc8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References;
        b=DW1VraAexc5ixb88mgi1rmwJ7NzRzKr3iuSwjIU89TGW5y2NpdGhFhWXhwNQ+HUER
         i+0IytKmJ+Jr/hbtFs1pkFATeNe8nZvISkhsl9VzPHNrhO9Q+TmzBOQqyvKyqkavNh
         XDGyvSrbZS03JfdaGR1BG5qJpGdueu0GE/tgvC00=
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org, greearb@candelatech.com,
        s.gottschall@dd-wrt.com, denkenz@gmail.com,
        Alexander Wetzel <alexander@wetzel-home.de>
Subject: [PATCH v4 1/3] nl80211: Add ATOMIC_KEY_REPLACE API
Date: Tue, 31 Jul 2018 22:10:28 +0200
Message-Id: <20180731201030.2619-2-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180731201030.2619-1-alexander@wetzel-home.de>
References: <20180731201030.2619-1-alexander@wetzel-home.de>
X-Ovh-Tracer-Id: 14002817144476212337
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedtiedrledtgdduvdeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecufedttdenuc
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Drivers able to replace a in-use should set
NL80211_EXT_FEATURE_ATOMIC_KEY_REPLACE to allow the userspace (e.g.
hostapd or wpa_supplicant) to rekey the PTK without a full
disassociation. The userspace must detect a PTK rekey attempt and only
go ahead with the rekey if the driver has set this flag. When the driver
is not supporting the feature the userspace has to perform
a re-association.

Ignoring this flag and continuing to rekey the connection can still
work but has to be considered insecure and broken. It can leak cleartext
packets or freeze the connection and is only supported to allow the
userspace to be updated.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 include/uapi/linux/nl80211.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 7acc16f34942..b41b9ade0449 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -5224,6 +5224,11 @@ enum nl80211_feature_flags {
  *	except for supported rates from the probe request content if requested
  *	by the %NL80211_SCAN_FLAG_MIN_PREQ_CONTENT flag.
  *
+ * @NL80211_EXT_FEATURE_ATOMIC_KEY_REPLACE: Driver/device confirm that they are
+ *      able to rekey an in-use key correctly. Userspace must not rekey PTK keys
+ *      if this flag is not set. Ignoring this can leak clear text packets and/or
+ *      freeze the connection.
+ *
  * @NUM_NL80211_EXT_FEATURES: number of extended features.
  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
  */
@@ -5259,6 +5264,7 @@ enum nl80211_ext_feature_index {
 	NL80211_EXT_FEATURE_TXQS,
 	NL80211_EXT_FEATURE_SCAN_RANDOM_SN,
 	NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT,
+	NL80211_EXT_FEATURE_ATOMIC_KEY_REPLACE,
 
 	/* add new features before the definition below */
 	NUM_NL80211_EXT_FEATURES,