From patchwork Wed Aug 29 16:34:51 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Wetzel <alexander@wetzel-home.de>
X-Patchwork-Id: 10580639
X-Patchwork-Delegate: johannes@sipsolutions.net
Return-Path: <linux-wireless-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B50D017DE
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Wed, 29 Aug 2018 16:42:05 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9B46D2B78D
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Wed, 29 Aug 2018 16:42:05 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 8F2CD2B7C2; Wed, 29 Aug 2018 16:42:05 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham
	version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E0DFF2B78D
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Wed, 29 Aug 2018 16:42:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727693AbeH2Ujs (ORCPT
        <rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
        Wed, 29 Aug 2018 16:39:48 -0400
Received: from 19.mo5.mail-out.ovh.net ([46.105.35.78]:46011 "EHLO
        19.mo5.mail-out.ovh.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727245AbeH2Ujs (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Wed, 29 Aug 2018 16:39:48 -0400
X-Greylist: delayed 88221 seconds by postgrey-1.27 at vger.kernel.org;
 Wed, 29 Aug 2018 16:39:48 EDT
Received: from player756.ha.ovh.net (unknown [10.109.146.106])
        by mo5.mail-out.ovh.net (Postfix) with ESMTP id ACD8B1E0CA5
        for <linux-wireless@vger.kernel.org>;
 Wed, 29 Aug 2018 18:35:31 +0200 (CEST)
Received: from awhome.eu (p579AA453.dip0.t-ipconnect.de [87.154.164.83])
        (Authenticated sender: postmaster@awhome.eu)
        by player756.ha.ovh.net (Postfix) with ESMTPSA id 14DDA12009A;
        Wed, 29 Aug 2018 18:35:29 +0200 (CEST)
From: Alexander Wetzel <alexander@wetzel-home.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de;
        s=wetzel-home; t=1535560519;
        bh=sIF0gscFXBEvWzEAUtcA/BJawrthWPXzxtSeG893C/8=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References;
        b=nIX2UWFcFHFUd2LWzbbH7H9hBl3spdtzqnV4vu50m1i27aez9ORal4gz6iAATFrfn
         juNj2Yhvl9B2nNq2MeBe77P0SzivK0Sx9lWpz3rqfER80mfa0yHikxKuKFlO3n78Uw
         CQs7bB8IXUUInEWcMVxQjTQBqET/c49MlH9GRzMo=
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org, denkenz@gmail.com,
        Alexander Wetzel <alexander@wetzel-home.de>
Subject: [PATCH v7 1/2] nl80211: Add CAN_REPLACE_PTK0 API
Date: Wed, 29 Aug 2018 18:34:51 +0200
Message-Id: <20180829163452.32666-2-alexander@wetzel-home.de>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180829163452.32666-1-alexander@wetzel-home.de>
References: <20180829163452.32666-1-alexander@wetzel-home.de>
X-Ovh-Tracer-Id: 14651054016860986438
X-VR-SPAMSTATE: OK
X-VR-SPAMSCORE: 0
X-VR-SPAMCAUSE: 
 gggruggvucftvghtrhhoucdtuddrgedtjedrgeeigddutdegucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecufedttdenuc
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Drivers able to correctly replace a in-use key should set
@NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 to allow the user space (e.g.
hostapd or wpa_supplicant) to rekey PTK keys.

The user space must detect a PTK rekey attempt and only go ahead with it
when the driver has set this flag. If the driver is not supporting the
feature the user space either must not replace the PTK key or perform a
full re-association instead.

Ignoring this flag and continuing to rekey the connection can still work
but has to be considered insecure and broken. Depending on the driver it
can leak clear text packets or freeze the connection and is only
supported to allow the user space to be updated.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
Reviewed-by: Denis Kenzior <denkenz@gmail.com>
---
 include/uapi/linux/nl80211.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 7acc16f34942..cf238064d8ab 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -5224,6 +5224,11 @@ enum nl80211_feature_flags {
  *	except for supported rates from the probe request content if requested
  *	by the %NL80211_SCAN_FLAG_MIN_PREQ_CONTENT flag.
  *
+ * @NL80211_EXT_FEATURE_CAN_REPLACE_PTK0: Driver/device confirm that they are
+ *      able to rekey an in-use key correctly. Userspace must not rekey PTK keys
+ *      if this flag is not set. Ignoring this can leak clear text packets and/or
+ *      freeze the connection.
+ *
  * @NUM_NL80211_EXT_FEATURES: number of extended features.
  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
  */
@@ -5259,6 +5264,7 @@ enum nl80211_ext_feature_index {
 	NL80211_EXT_FEATURE_TXQS,
 	NL80211_EXT_FEATURE_SCAN_RANDOM_SN,
 	NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT,
+	NL80211_EXT_FEATURE_CAN_REPLACE_PTK0,
 
 	/* add new features before the definition below */
 	NUM_NL80211_EXT_FEATURES,