From patchwork Mon May 6 00:30:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654713 Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DB3E28EB for ; Mon, 6 May 2024 00:45:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956342; cv=none; b=eXq6LKtuA67sARhmEVjRsVLZUlbegEwSLBSp8sU8xOG7Msmg29KiZ37GH3IoKfK2RLHL+fSvo86irbZAGqt49jSomghE3vL2V3xl6lGLM1PLx02HBMDiHiobBgvy8eXdO47KXytCnK71+6pZBOSNB/DE9XX+ZFMWrlwxbpWqACc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956342; c=relaxed/simple; bh=jNR8IihZLKfjwMAygd1WFGDQjc/Ew7pAnL9n17hFtOQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Bi0iaetl7a/cEKZGeojzyTqwJUBw/cNamz/wO8MBOiMiCoEGYDyj5n/6JYLhB2p2sJ5Xpq7z2sOYrSDwqekxAP3YFiZiAXWvepwqZBKdtGcY5pplb+ZxVYya0xMnOmhrLVSMCpDEkQ0BpQINa+FkrJoc+clVR6OPN0JygHA9O9g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=KdpCawoe; arc=none smtp.client-ip=209.85.215.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KdpCawoe" Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-5cdbc4334edso519297a12.3 for ; Sun, 05 May 2024 17:45:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956340; x=1715561140; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4nBnq88RAoXUrvOe2O0RRbR/QVucTgDmeKC1b5eQZp0=; b=KdpCawoehdyw9wUEA59iS0wSbLc7+KIAiJm+V4dZjD+ts/WEEYUnQxblYZDen+XOcN hKwD01I8e+E10JGsDAjwbLMzrJz56iVLpf2O5ZydoeJeWsQqh2riyV92PuS0CrOfYR3N Ux0LBu80PDaCSjgOTcWJFFWTktHvv+ayynxLgZVq9AuOHjlNatJxn2y2z55AX37eKf7w WDRd5J92tqoAzVRpqGxpGeFHvTK4hI4B3gaNlfUKDvoFHs6bGYZPGw88CLo4W3YKdsb7 FdbflUAYbTKNg8u2pxy++2dlZ9S6Sa+galwu5wetB63vBnWowK1sfPisC2NU93b+42C0 0ZCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956340; x=1715561140; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4nBnq88RAoXUrvOe2O0RRbR/QVucTgDmeKC1b5eQZp0=; b=dqDo4JO1kXaK6uZMptV50zpwz32vCerpllakEg9I0GQfY+GmQ81A/CHVUOEArsuJGL XBGWshoGXTFEGoPrflrrPnGI/gFgzRwzS47tqmObnMwMADOecu6GjuqqhcA0uRBzOucV gOlNWyfvNXIH65nunXzUg1Dp6XNprxny8KYQZSQzCHP3crCaXDZTpY+WezSl1a5+0TOZ gTbi7tGqX3VWzukEgUb2k/jurB9rhMbYpFAYMH/fGtP2WR6RWRPKrqdVsFV2qKu2S56o L1SVlreR+IVebdSCsWV2eFqzf++9XLVyEVPlYfvaqjxOKX+55wu8zv2PTRlMJm+ZcWhS R2BQ== X-Gm-Message-State: AOJu0YzDWzhQmNMD9x95+LsDT9LfCdsUGnZ1ZC6orfCznyF0Qi3HjvEM u7j2QALgwr0EdKrUcO7mr3/vUGGqgBjPKS0cMsjdTPruxQ3g1SmI4zf5rg== X-Google-Smtp-Source: AGHT+IHYz0VfcZbCahGk7+Y4M5NVKEa7GdW2EAy5ut73SylwV3pfSG43iX9qHRXWDN53XAuGgeQhGQ== X-Received: by 2002:a17:90a:8185:b0:2b2:c73a:7acc with SMTP id e5-20020a17090a818500b002b2c73a7accmr6854497pjn.37.1714956340405; Sun, 05 May 2024 17:45:40 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id ta5-20020a17090b4ec500b002b2cada0c6fsm8792828pjb.26.2024.05.05.17.45.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:45:40 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 01/18] ap: ability to advertise PSK and SAE Date: Sun, 5 May 2024 17:30:24 -0700 Message-ID: <20240506003518.320176-2-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add the configuration option AKMSuites under Security so it becomes possible to support both PSK and SAE. This influences the advertised AKMs in the beacon. --- src/ap.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/ap.c b/src/ap.c index b4e7593e..d50f9e4f 100644 --- a/src/ap.c +++ b/src/ap.c @@ -80,6 +80,7 @@ struct ap_state { unsigned int ciphers; enum ie_rsn_cipher_suite group_cipher; + unsigned int akm_suites; uint32_t beacon_interval; struct l_uintset *rates; uint32_t start_stop_cmd_id; @@ -631,7 +632,7 @@ static void ap_drop_rsna(struct sta_state *sta) static void ap_set_rsn_info(struct ap_state *ap, struct ie_rsn_info *rsn) { memset(rsn, 0, sizeof(*rsn)); - rsn->akm_suites = IE_RSN_AKM_SUITE_PSK; + rsn->akm_suites = ap->akm_suites; rsn->pairwise_ciphers = ap->ciphers; rsn->group_cipher = ap->group_cipher; } @@ -3620,6 +3621,7 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config, size_t len; L_AUTO_FREE_VAR(char *, strval) = NULL; _auto_(l_strv_free) char **ciphers_str = NULL; + _auto_(l_strv_free) char **akms_str = NULL; uint16_t cipher_mask; int err; int i; @@ -3838,6 +3840,28 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config, ap->ciphers |= cipher; } + akms_str = l_settings_get_string_list(config, "Security", + "AKMSuites", ','); + for (i = 0; akms_str && akms_str[i]; i++) { + if (!strcmp(akms_str[i], "PSK")) + ap->akm_suites |= IE_RSN_AKM_SUITE_PSK; + else if (!strcmp(akms_str[i], "SAE")) + ap->akm_suites |= IE_RSN_AKM_SUITE_SAE_SHA256; + else { + l_warn("Unsupported or unknown AKM suite %s", + akms_str[i]); + return -ENOTSUP; + } + } + + if (ap->akm_suites == 0) { + /* + * Default behavior if no AKMs are specified but a passphrase + * is to only enable PSK == WPA2. + */ + ap->akm_suites |= IE_RSN_AKM_SUITE_PSK; + } + if (!ap->ciphers) { /* * Default behavior if no ciphers are specified, disable TKIP From patchwork Mon May 6 00:30:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654716 Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05899A926 for ; Mon, 6 May 2024 00:48:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956486; cv=none; b=bIJC93jUDjEn5Pl3B5svMbn/yNNPCqwp2yVMhw9xopoNJXomLX4hdMn8FncFDrYPmKrX+qG20mF2LYFyOi3QuXTYt32BWx0CYq+qwfjmiQWGjluGUDRJOfXdR7iZaIj691zChh4Rqlb14Ji0hWaN61DB9Ss2mcrYDTX9IafymwU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956486; c=relaxed/simple; bh=0dTOU953Ko/R+LGqBWluYSwr7Lid0eqL4mwHjutpo/s=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Wa8zvzO6FBZK9q60wRY3ZGa7FzjYP4HksmHZO88c6wJlri3gJ+uxzgTLsXOPW6oh4evaA3q7+fWO2eex657ZW+D3dAS7fMTFP5nXdofB65N5Wj7cywRuXpuQ3iChaTQ2wUxj3BTDJg8ZLPTabSPt0fSwX/rGSdF4EKh9PZnmMQ0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Y5mJ+Ho/; arc=none smtp.client-ip=209.85.215.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Y5mJ+Ho/" Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-602801ea164so998424a12.0 for ; Sun, 05 May 2024 17:48:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956484; x=1715561284; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7xuKzms716d8gYfRXHdFYfGzv/exCi/KSc543e/jq0o=; b=Y5mJ+Ho/HNLFKeKjrzVjxm28OSLaG7JYAgEnDtTmh0nZyuofTnzTnvUMw6388LAY+T cEOfzo7Gu7FLpDbj8rSVggCqn53ncuCeoJqzx5nKjnXzFaWRLVfZ5+DTW+bOWuKfbRVB /3h0zCiUoRCFq6NfpL4tbvRpR9fSwgf4H2BtyeZCPYgQQsiB2g/pB1ekZqKM0mlQ8C+3 PODLyQJp7CjpKdJthb+72BrWeGZCZnFMHoUGk/punfGE6fE8YhdvaTyMNllndrVm1yEU NmJb+AjgLQ3ceB5uPditO4HVKPEaccFO48L+sUl3gEu1jWOOmFMhGa7eEKa2Uulw6hE6 lsfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956484; x=1715561284; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7xuKzms716d8gYfRXHdFYfGzv/exCi/KSc543e/jq0o=; b=D2jsDdkZC9shV/oGLRM/R3PbOHL9YE6K/Ig+f7Jy8pMmqxDFA91672fa2lf8jUUqOr ypGGqhYNvF0dvlszoCN18yggl2L29AeuOydCRAuE1G14X29cm4K/DAB6bG64OdpgXzQN 3HdA426gq6U0ycAL0WWbBtimeoW5V7VgDAvnuKi1dIxSwsyYpPD0jRbdLFIO/O2KzO5O v6nGLcSZtNJkGWv3cRUTpSJ5SPxnkvIt2BeR8pulv35kB8BOxABxHE2NXCgncEUHfn+M 1rkWM47DNjk7eZJK3OO+r6hV2DVX++s79MAdboaRWi+z20jKAsJbC6TeNKRSRqIsSWuF eZmA== X-Gm-Message-State: AOJu0Yx87At38Bmf3qHzpvM3AHrHJHp1V2Gqk1GFvRGBax1qTQYVlZ4V vy87rJPJ4Qpy7eIUa02aV0SZLI6WDg0nGlBqSGXS9sWr8/GMvJ8sQqlVUQ== X-Google-Smtp-Source: AGHT+IFSVb4HUI3/3nvzdSjM8kkaD1SZwRsHRE4uAUssFfsZKNh/N557I4yi6Rd2febd3Y3ygHO8bQ== X-Received: by 2002:a05:6a20:72a8:b0:1af:aec3:2841 with SMTP id o40-20020a056a2072a800b001afaec32841mr1714097pzk.56.1714956483956; Sun, 05 May 2024 17:48:03 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id ch2-20020a17090af40200b002abdb19f499sm6895053pjb.26.2024.05.05.17.48.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:48:03 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 02/18] ap: accept PSK/SAE in auth depending on config Date: Sun, 5 May 2024 17:30:25 -0700 Message-ID: <20240506003518.320176-3-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 On reception of an authentication frame, accept both PSK and SAE as AKM depending on the config. Save the client's AKM for later use. --- src/ap.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/src/ap.c b/src/ap.c index d50f9e4f..cd253ce3 100644 --- a/src/ap.c +++ b/src/ap.c @@ -132,6 +132,7 @@ struct sta_state { uint8_t *assoc_ies; size_t assoc_ies_len; uint8_t *assoc_rsne; + enum ie_rsn_akm_suite akm_suite; struct eapol_sm *sm; struct handshake_state *hs; uint32_t gtk_query_cmd_id; @@ -2606,6 +2607,7 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body, const uint8_t *from = hdr->address_2; const uint8_t *bssid = netdev_get_address(ap->netdev); struct sta_state *sta; + enum ie_rsn_akm_suite akm_suite; l_info("AP Authentication from %s", util_address_to_string(from)); @@ -2627,17 +2629,28 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body, } } - /* Only Open System authentication implemented here */ - if (L_LE16_TO_CPU(auth->algorithm) != - MMPDU_AUTH_ALGO_OPEN_SYSTEM) { + if ((ap->akm_suites & IE_RSN_AKM_SUITE_SAE_SHA256) && + (L_LE16_TO_CPU(auth->algorithm) == MMPDU_AUTH_ALGO_SAE) ) { + /* When using SAE it must be COMMIT or CONFIRM frame */ + if (L_LE16_TO_CPU(auth->transaction_sequence) != 1 && + L_LE16_TO_CPU(auth->transaction_sequence) != 2) { + ap_auth_reply(ap, from, MMPDU_REASON_CODE_UNSPECIFIED); + return; + } + akm_suite = IE_RSN_AKM_SUITE_SAE_SHA256; + } else if ((ap->akm_suites & IE_RSN_AKM_SUITE_PSK) && + (L_LE16_TO_CPU(auth->algorithm) == MMPDU_AUTH_ALGO_OPEN_SYSTEM) ) { + /* When using PSK it must be Open System authentication */ + if (L_LE16_TO_CPU(auth->transaction_sequence) != 1) { + ap_auth_reply(ap, from, MMPDU_REASON_CODE_UNSPECIFIED); + return; + } + akm_suite = IE_RSN_AKM_SUITE_PSK; + } else { ap_auth_reply(ap, from, MMPDU_REASON_CODE_UNSPECIFIED); return; } - if (L_LE16_TO_CPU(auth->transaction_sequence) != 1) { - ap_auth_reply(ap, from, MMPDU_REASON_CODE_UNSPECIFIED); - return; - } sta = l_queue_find(ap->sta_states, ap_sta_match_addr, from); @@ -2666,6 +2679,8 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body, if (!ap->sta_states) ap->sta_states = l_queue_new(); + sta->akm_suite = akm_suite; + l_queue_push_tail(ap->sta_states, sta); /* From patchwork Mon May 6 00:30:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654717 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C86B8BFA for ; Mon, 6 May 2024 00:48:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956501; cv=none; b=NLoRntviwBh+AUGV/MmNL6o0W/gqeenVld29MOFSYLImuJz8riRW1SHr41DeoiC6p0BB1+0k85Ci7K3fgREUBSf0f0QKazajWyVQHCEy/vzyCviGPv/TVuCE4PEKktJk6cU5/sExVCKun9yMoyT65rlo4Oui76SA443UtlGZBlY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956501; c=relaxed/simple; bh=/bJVwoD1a/l1DOgdYi4ajgxDTE6dyLk1Pn0D2X66mSE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MV0Sb/htoG9VNBOxg/ZKGidHZxhbiiY2H50qpupj7VxlNouwjiAdgnj/ddoSVW59P2L87Z2wUaOxZaDNOtsU48rtjwv7oLImxkeecR1Ivdo7nVPkmsyZ5w3YNbhdN7X4rwcqSq40c5x5DQ1NRNNznENhCR3YP3rIJXg4BhCgMfE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TPvlpI8U; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TPvlpI8U" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1ecd3867556so8131555ad.0 for ; Sun, 05 May 2024 17:48:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956499; x=1715561299; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=I/66dZsH6jmh4n0HTCCoJR2S9p2rhXmogodRNKEcFdA=; b=TPvlpI8UM304ESpSnyrNbCVWiUzTdOVmgu29188zNQ0ER7X4Wogd1Xvx3FyiDPiA9x em3Mj88G9alsxeGWwja/DhD34VeWEH2KDAmLtTMZbJE8ujp/WppMcRs02v6duDEQn4k0 B4KiGKIwlDMfawrCawRxAz83xiPiRsEFnFxsjywqAvPX10FF3rMrUF3/yivNQYfiG4LX nhu06zwbF/PHvSEvR/iqC9EGGrg1jIMQhnTRUUIeq+N50t0SUlogP+VHrUETPa05xdGF LOVj8fJ3nZ3gl4+BWrH0nf4tvBu85FP1lWUF0bqDEtPFFO8xQkx3cAElckwsCzd6RO6J rzxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956499; x=1715561299; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=I/66dZsH6jmh4n0HTCCoJR2S9p2rhXmogodRNKEcFdA=; b=bArc1GmsTR5sWVyG0HdkMiKXlmtxWV9ykOyI99sxHLPcW4JbO9b2nz12wxNhAvC7IO 2yluq5m9E0CtSVjZE+fn+NAqiaHEhD4i/Aa5ZRYSWvaHDx71WqaZBB8GzLKGjtcKBIxK HA7geym00rGJE770pQJXwPvQWQVbfUeFKpeWeiD62+y1Bc/8TvHl21uLtzI2oTW0jbfa 8K/jktWoeMI5mNwpx9dEefpYjM9yMZlAG+a8yGuYyBvFQETfIFz2fEV0tUeRn8YU1Nhy +wvT/mHTnOwqUAQ78WfHUem5HwBaJAdyZ9ku5lZtR+sJE33WiQevQPB7B9k64THlhoxI OPzQ== X-Gm-Message-State: AOJu0Yw1OgKIwKxwwqyh7xkobq8KPqOnN38LWqo1aOKK9V2/bPXhZSpA gqkieZ5aY8Vaei9T6HAEvbM4f5V2sOcmd80x9HhQzPHVLl4Lf5sR0hUpNA== X-Google-Smtp-Source: AGHT+IHYt5gw3Q+K+yEPCPTqFfTECMfIC3I0HYJZbmP9rhyOnOSfO85qZS5Dg6eeiBLEEwrFziw3qQ== X-Received: by 2002:a17:903:48f:b0:1e4:4a3f:9a88 with SMTP id jj15-20020a170903048f00b001e44a3f9a88mr6836714plb.46.1714956499047; Sun, 05 May 2024 17:48:19 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id jw19-20020a170903279300b001eab3ba8ccfsm6997973plb.285.2024.05.05.17.48.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:48:18 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 03/18] unit: fix SAE unit tests Date: Sun, 5 May 2024 17:30:26 -0700 Message-ID: <20240506003518.320176-4-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Don't mark either client as being the authenticator. In the current unit tests, both instances act as clients to test functionality. This ensures the unit does not show an error during the following commits where SAE for AP mode is added. --- unit/test-sae.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/unit/test-sae.c b/unit/test-sae.c index d9ec6b31..04783d18 100644 --- a/unit/test-sae.c +++ b/unit/test-sae.c @@ -421,7 +421,6 @@ static void test_bad_confirm(const void *arg) handshake_state_set_supplicant_address(hs2, aa); handshake_state_set_authenticator_address(hs2, spa); handshake_state_set_passphrase(hs2, passphrase); - handshake_state_set_authenticator(hs2, true); ap1 = sae_sm_new(hs1, end_to_end_tx_func, test_tx_assoc_func, td1); ap2 = sae_sm_new(hs2, end_to_end_tx_func, test_tx_assoc_func, td2); @@ -496,7 +495,6 @@ static void test_confirm_after_accept(const void *arg) handshake_state_set_supplicant_address(hs2, aa); handshake_state_set_authenticator_address(hs2, spa); handshake_state_set_passphrase(hs2, passphrase); - handshake_state_set_authenticator(hs2, true); ap1 = sae_sm_new(hs1, end_to_end_tx_func, test_tx_assoc_func, td1); ap2 = sae_sm_new(hs2, end_to_end_tx_func, test_tx_assoc_func, td2); @@ -581,7 +579,6 @@ static void test_end_to_end(const void *arg) handshake_state_set_supplicant_address(hs2, aa); handshake_state_set_authenticator_address(hs2, spa); handshake_state_set_passphrase(hs2, passphrase); - handshake_state_set_authenticator(hs2, true); ap1 = sae_sm_new(hs1, end_to_end_tx_func, test_tx_assoc_func, td1); ap2 = sae_sm_new(hs2, end_to_end_tx_func, test_tx_assoc_func, td2); From patchwork Mon May 6 00:30:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654718 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13F4F8BFA for ; Mon, 6 May 2024 00:48:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956508; cv=none; b=TrWZFIVsBLns9z5VDZ1n3trZxWM+WjiPOcij1hk90/tweXguegNQelrzEBUMQWaGYe/I3ou6eAu1TxQcTS1xEdWVdQx0WpD/AQmZZYHndUE79M3b55tjid+IyZ/gc53IfoLyoAT7Xwae32C2+6H4bGZAMjOHGgcYMv637cZ/Zv8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956508; c=relaxed/simple; bh=OeuAfC5/i4anyI1Sr1JU8BOz6JYpFG5PZ8FtkVWlGnI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ocXlYmccR50C+Z3XTJF1mcUgVrENJItAZkt9m8lShKz7Lbxr4tuK9bTjKbC5LeWBN3e4NtKFyRLb2WKeW5t8VWG8ALzNeKXv7r7E98SRvbMM0EmU3nXCjhiBwQ/2WPADfloYX1aoZMVJW8YoAZJ+kPdMSK2AwK9qMAuybJnQaZ4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OZD6GNb2; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OZD6GNb2" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1ec4b2400b6so9095725ad.3 for ; Sun, 05 May 2024 17:48:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956506; x=1715561306; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ogxyIB/BEIoUGrPRouwJmtOO4YR/Fl+j9yOQFR7H35w=; b=OZD6GNb2bx4sop69f2SMm/E4y5jxEktNnw/+Oj2APhuYvUQpVx1/m2sdlD+hUn1zma pMyqvmk0KL3r92SgqmQTu3vsrrDCFa3p6M30icoh9qhkYPzLUUK7f6o7dpCfTgZS6bkl 8JqffMymVGo7OuEe7sCjtBPxokSGArlELEv7T/iBWuMV4gKUcxTPxUzeF49XeFoPaNkI VT5b82e2tb+8vsFocVZglKyX4U9xt3oAb8UKnZDNDuPwMazlalk7Y6wH8a+43AGUSa04 owleKviVVl8SsuVf798bCPpE4rS5XSN4pZ2sjJKtoJ0ouZQioRZBiA6BmV02jZI7ZMZM t9DA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956506; x=1715561306; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ogxyIB/BEIoUGrPRouwJmtOO4YR/Fl+j9yOQFR7H35w=; b=jpYiFozGhJ/jg9XDAaIiwrDu/U39ZQtp6EtmRIXIbl8n5aJxw2aUcwwbVNrN5+IPEL WphLOKyrAlSmf3iC5QCelLCCOHUntTeQNTBoftCiIfH2jgTYu7r+CFLzpibU15+23b9M j6N7ws5aH1HT8469iFBcG3NIcrciCpIdMGB9PA4AHQLXiQzn/evA9BZ5ccADfG9PqDNN Pa4oxly0njeq6NHp1G0OMi3vXbjkPzFuI6+7NBJS3HzFLwgH9LVEuVP7JzAxeRDgRqnt Dotg0f/IfonYO+9/dEFmHxp2eeBUQoyG8HhYNGLh/T4jo70ZgfPbfM2bZnC9B1ge0zyc COeQ== X-Gm-Message-State: AOJu0YyusrDMDZqh1G+qiFeizHBmMl/1fOFjTiZRu67EQ65eazAiS6Tv uwW8y6TBH0lJp7Wi3Y7TheWV2J+ITanJJ6M0fOp0WiyVdhNmoVQ41qDg2g== X-Google-Smtp-Source: AGHT+IG1HehAPQCiegyZk8dnRXiNG62f3o+vIrIoH5oa4DxL7WqwLZ/iWEDYUgxqCZW2njXrEPU4pA== X-Received: by 2002:a17:902:dacb:b0:1eb:527e:a8ad with SMTP id q11-20020a170902dacb00b001eb527ea8admr12654660plx.51.1714956506119; Sun, 05 May 2024 17:48:26 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id d13-20020a170903230d00b001e43df03096sm7030342plh.30.2024.05.05.17.48.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:48:25 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 04/18] sae: add function sae_set_group Date: Sun, 5 May 2024 17:30:27 -0700 Message-ID: <20240506003518.320176-5-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Refactor code by adding function sae_set_group. This will make the next commits easier where basic SAE support for APs is added. --- src/sae.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/src/sae.c b/src/sae.c index bf9fb0ff..4e0b73d8 100644 --- a/src/sae.c +++ b/src/sae.c @@ -148,6 +148,18 @@ static void sae_reset_state(struct sae_sm *sm) sm->pwe = NULL; } +static int sae_set_group(struct sae_sm *sm, int group) +{ + sm->curve = l_ecc_curve_from_ike_group(group); + if (sm->curve == NULL) + return -ENOENT; + + sae_debug("Using group %u", group); + sm->group = group; + + return 0; +} + static int sae_choose_next_group(struct sae_sm *sm) { const unsigned int *ecc_groups = l_ecc_supported_ike_groups(); @@ -166,9 +178,7 @@ static int sae_choose_next_group(struct sae_sm *sm) sae_debug("Forcing default SAE group 19"); sm->group_retry++; - sm->group = 19; - - goto get_curve; + return sae_set_group(sm, 19); } do { @@ -182,14 +192,7 @@ static int sae_choose_next_group(struct sae_sm *sm) if (reset) sae_reset_state(sm); - sm->group = ecc_groups[sm->group_retry]; - -get_curve: - sae_debug("Using group %u", sm->group); - - sm->curve = l_ecc_curve_from_ike_group(sm->group); - - return 0; + return sae_set_group(sm, ecc_groups[sm->group_retry]); } static int sae_valid_group(struct sae_sm *sm, unsigned int group) From patchwork Mon May 6 00:30:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654719 Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com [209.85.210.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1493811721 for ; Mon, 6 May 2024 00:48:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956517; cv=none; b=YaQDFi5VIr1kc4O5Vw+pV1KierKCWQ3E6Mchn83Flsgge20Rk/wPPXOHZeMlMyjGdJHFdf9Hv3eu3BafYQZFn8WOve2Sb2RawU5sKgYuapLXSd69VaLib4w0Sek+mXB0f7teCWOtJBlPQxE86rirzOSsSp2minFrLZsMRnEIQpQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956517; c=relaxed/simple; bh=Y6cuD+Bxg1iV4E9ycexaBAEwfqRA0yw7SN8DaeNhTU0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=B50Jscz8NSmifKu24vJenZEJ/sctzp/pFJrHUycOiKShVOKNJ53smyikkXSCWt6lrt3jEYeqSCkGjnqay+IdMVlWaNlZvzT3tTlATzKr009autzBK2Z31FoQBmS+zieJ+I3vvMITFm6Qsn1IwtVDo29MMs2ZskV83jgPQ0RlxZo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RW/KOgWI; arc=none smtp.client-ip=209.85.210.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RW/KOgWI" Received: by mail-ot1-f42.google.com with SMTP id 46e09a7af769-6f06e836d5aso44242a34.3 for ; Sun, 05 May 2024 17:48:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956515; x=1715561315; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QwVggoRUwLeFkQ4iPmQh35xD/Dk3FiY62I1QDinlZaQ=; b=RW/KOgWI8ajUWdbtz1RhiAOsUiJi5GDAXgFi03ip5WgMfqN+4f03KsD/t8Q6TEvbuy b+kkT4g3hHeTEp0DHQbFL0HnwMYTFtNMpMruVUinB8pvjnL2/HJ49NJoXutMmw0BhzMu 61X+vd+dAGRH9Agpi1rY4hJajgyjzVhLkzjj+QFmdrN3GUKiHwZKNDbzU91RwbLPFAyo pXMxcsEQnv1xeQ8KJ4zZWBI5bzF+xQsMxbyEuTfZ6jWsqyJIlb4Jljkl8CiqdFSk3/Ea A/OV8r3lUl67TlPum39Jn+kWXWbXs9w3rn0xfh33DfbdXPDf41/VopO0gTIIgWeP2jXz ZMGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956515; x=1715561315; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QwVggoRUwLeFkQ4iPmQh35xD/Dk3FiY62I1QDinlZaQ=; b=Y8JW6q9GguL3eDD3fVIwYN3EOI0vfPEOXi5cVGm/DTUvduAvldufP2EWutS7mwu62U vKV1rgLyk02pk35w3JMNg2EljUm8kep5a+BpFeV9FkOtf5zGAPbrCBrpZ/XRMDGYS7FA e31yhl83DcT8UjJwIEwsamaWsj7HwWj6LnEckn44mwLTIrSIGHULiAiLB4YkNfPkZLCC JTvwn3uy8Y7UI1gFyUtfMBMtZeCFKaVk+mYKZvDnpiwkMBOqR5d5RUsT8ltKgMUonTeM L6WG4+k6UNXBbO52J//S7USZv+jKWrpNm+Bm582Yr8wXp9uMVwBSsPjbaFsHOLcx4MZu WFTw== X-Gm-Message-State: AOJu0YxfZNKAGYfLSvxGMO159XONcbEz+menUBOFkntufB8AcZi9vshL M3dnhaPVl9dSUXQR5HhjcInQtveU4HTXv4r2+Y4cKlRo/edSoNn723Cb3A== X-Google-Smtp-Source: AGHT+IHGhFCgDjAYuhoHKziTiaMgHflhPiVKj3fLG0Kyq9I/5GQ7f2L4rau72Smr2+YNgapYzJulcQ== X-Received: by 2002:a9d:7d8e:0:b0:6ed:51e8:4d0b with SMTP id j14-20020a9d7d8e000000b006ed51e84d0bmr9873054otn.11.1714956514995; Sun, 05 May 2024 17:48:34 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id m13-20020a62f20d000000b006f45831ac05sm3226160pfh.0.2024.05.05.17.48.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:48:34 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 05/18] sae: refactor and add function sae_calculate_keys Date: Sun, 5 May 2024 17:30:28 -0700 Message-ID: <20240506003518.320176-6-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Refactor code by moving code to the new function sae_calculate_keys. This will make it easier in the next commits to add SAE support for AP mode. --- src/sae.c | 86 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 50 insertions(+), 36 deletions(-) diff --git a/src/sae.c b/src/sae.c index 4e0b73d8..7787a390 100644 --- a/src/sae.c +++ b/src/sae.c @@ -685,10 +685,9 @@ static bool sae_send_confirm(struct sae_sm *sm) return true; } -static int sae_process_commit(struct sae_sm *sm, const uint8_t *from, - const uint8_t *frame, size_t len) + +static int sae_calculate_keys(struct sae_sm *sm) { - uint8_t *ptr = (uint8_t *) frame; unsigned int nbytes = l_ecc_curve_get_scalar_bytes(sm->curve); enum l_checksum_type hash = crypto_sae_hash_from_ecc_prime_len(sm->sae_type, nbytes); @@ -704,39 +703,6 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from, struct l_ecc_scalar *tmp_scalar; struct l_ecc_scalar *order; - ptr += 2; - - sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes); - if (!sm->p_scalar) { - l_error("Server sent invalid P_Scalar during commit"); - return sae_reject(sm, SAE_STATE_COMMITTED, - MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP); - } - - ptr += nbytes; - - sm->p_element = l_ecc_point_from_data(sm->curve, L_ECC_POINT_TYPE_FULL, - ptr, nbytes * 2); - if (!sm->p_element) { - l_error("Server sent invalid P_Element during commit"); - return sae_reject(sm, SAE_STATE_COMMITTED, - MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP); - } - - /* - * If they match those sent as part of the protocol instance's own - * SAE Commit message, the frame shall be silently discarded (because - * it is evidence of a reflection attack) and the t0 (retransmission) - * timer shall be set. - */ - if (l_ecc_scalars_are_equal(sm->p_scalar, sm->scalar) || - l_ecc_points_are_equal(sm->p_element, sm->element)) { - l_warn("peer scalar or element matched own, discarding frame"); - return -ENOMSG; - } - - sm->sc++; - /* * K = scalar-op(rand, (element-op(scalar-op(peer-commit-scalar, PWE), * PEER-COMMIT-ELEMENT))) @@ -825,6 +791,54 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from, /* don't set the handshakes pmkid until confirm is verified */ memcpy(sm->pmkid, tmp, 16); + return 0; +} + + +static int sae_process_commit(struct sae_sm *sm, const uint8_t *from, + const uint8_t *frame, size_t len) +{ + uint8_t *ptr = (uint8_t *) frame; + unsigned int nbytes = l_ecc_curve_get_scalar_bytes(sm->curve); + int r; + + ptr += 2; + + sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes); + if (!sm->p_scalar) { + l_error("Server sent invalid P_Scalar during commit"); + return sae_reject(sm, SAE_STATE_COMMITTED, + MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP); + } + + ptr += nbytes; + + sm->p_element = l_ecc_point_from_data(sm->curve, L_ECC_POINT_TYPE_FULL, + ptr, nbytes * 2); + if (!sm->p_element) { + l_error("Server sent invalid P_Element during commit"); + return sae_reject(sm, SAE_STATE_COMMITTED, + MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP); + } + + /* + * If they match those sent as part of the protocol instance's own + * SAE Commit message, the frame shall be silently discarded (because + * it is evidence of a reflection attack) and the t0 (retransmission) + * timer shall be set. + */ + if (l_ecc_scalars_are_equal(sm->p_scalar, sm->scalar) || + l_ecc_points_are_equal(sm->p_element, sm->element)) { + l_warn("peer scalar or element matched own, discarding frame"); + return -ENOMSG; + } + + sm->sc++; + + r = sae_calculate_keys(sm); + if (r != 0) + return r; + if (!sae_send_confirm(sm)) return -EPROTO; From patchwork Mon May 6 00:30:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654720 Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com [209.85.215.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AAC48A930 for ; Mon, 6 May 2024 00:48:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956523; cv=none; b=li0jVBqjstLQAAnFquCICRY3kPxOBrdztTjKcX4ncfhAvi9y7Y+p/u4tXDYTWBliCUR+fvQFR0TMqvfX8rSz6XJaPfobwIkeX8uatwARX02xuFu+SdoJQwLYILs5MwU9My1xiIWZybpPui+RLloC6Icp2i8BwKrGTAu0FzMY2+A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956523; c=relaxed/simple; bh=h7dsVWt/9UiLbZuYBDVMV64DtHh+7oJZAnDX14IP4Go=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KJRRXHxWX+sA7hgEeKj5bSh/WdUHY/pOH7jz0+b2CF5PvFwatnh/dqvR9/NybF7OSdW0g/ArS+DpM0xpaG7Imp6kXJrvhtoLETy99+sl9dNMuUWBh6wG1n0+Or3KNkewoWaQBV7Mr66fVmxBRAiqMI5dlcne410gkO0ppvCBZiE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=fhRpfQSq; arc=none smtp.client-ip=209.85.215.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="fhRpfQSq" Received: by mail-pg1-f178.google.com with SMTP id 41be03b00d2f7-6123726725eso1223112a12.3 for ; Sun, 05 May 2024 17:48:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956521; x=1715561321; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3qHGirSnaACK44IoejWoHlILwfNvSGtABQpMM0/KdUc=; b=fhRpfQSqeq5O/9TtHlHzOP5k2PIRYL1Hnt4ROr+17mG/iwY493MCSkRKUb6x7GnIuS fub+gfD7pm3ob3zCVBdOYIuw5E9qveCu54kvJA4QCFFWW+xq0sh8/u+AcgfKtcEjnq2C B5xsQ6eSXm0T+7OuvegemFEpE8dplmApyOkFskRcfiLGSp6me6+aOL7/GCiFqIeemK8/ TMT0hD7G4pvHR84aZM7Ia5X54xSldIX7CxBTltR0haiJrlmaMYhSrhsXFHV34VkYkRsf aFohGY70l8Eb14Jrqe6P+LIiKXnAspSXpLJ1lKIHn++496vfSzUEqHYLY5YsmsKGWrwZ /cMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956521; x=1715561321; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3qHGirSnaACK44IoejWoHlILwfNvSGtABQpMM0/KdUc=; b=euybyb0Lfhxn6ys4vA0c67Hmv9scHG0GxXXr20lk+tpb7Bz5xVYGW7mW/XVf+lXnN1 qnutEqcSgPX+hElBUkO63I0H9VPRb8m+TMfzPu8hO5wSfU5FgdFBYUqKmSXXORAaDDRD yVdmK+kZs+WpISC66pcMXEJIvmRqgzupsOVtmpsuO8u3BNF9gG1vtZhktW+BfRil+FiO wUGMMgXf3H3pRY1JKXfGf97mxJ4K2tq9vPKIXulodwaNcAkdd8vapPSt7MJLAiyDyza6 JFbXbz1PsmZZOLqBAo4fqFoh5o3USZXxpx6bN1gDq+geUm5LU4mDexq9ipg2r5Jkd/08 4shA== X-Gm-Message-State: AOJu0Yx/53xGl25IQ/zBEahK5afHvtXmhatFSEES3CEZ5HfKESDNguYi r9XlLXx/W9yMnJn4b+WZSkstQttZ/nZp0CUffaI8k0CBt71stc8UIhKU5g== X-Google-Smtp-Source: AGHT+IHNGICo4/thHDS5AUPv0dlNYf4K0EtvkZ+s8ixlurZdlO2mp8JQWa+ozMTJlsTFqmSHPHuZRA== X-Received: by 2002:a05:6a21:6d9e:b0:1a9:88ac:df47 with SMTP id wl30-20020a056a216d9e00b001a988acdf47mr8977217pzb.36.1714956520741; Sun, 05 May 2024 17:48:40 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id b14-20020a170902650e00b001e4458831f7sm7136587plk.77.2024.05.05.17.48.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:48:40 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 06/18] sae: make sae_process_commit callable in AP mode Date: Sun, 5 May 2024 17:30:29 -0700 Message-ID: <20240506003518.320176-7-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 As an AP, the function sae_process_commit will pick the group offered by the client. In a subsuquent commit the offered group will first be verified before calling sae_process_commit. The AP will reply with a Commit frame, calculate current keys, and move to the COMMITTED state. --- src/sae.c | 67 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 47 insertions(+), 20 deletions(-) diff --git a/src/sae.c b/src/sae.c index 7787a390..7ba9b0eb 100644 --- a/src/sae.c +++ b/src/sae.c @@ -48,6 +48,8 @@ static bool debug; #define SAE_SYNC_MAX 3 #define SAE_MAX_ASSOC_RETRY 3 +static bool sae_send_commit(struct sae_sm *sm, bool retry); + #define sae_debug(fmat, ...) \ ({ \ if (debug) \ @@ -321,6 +323,21 @@ static ssize_t sae_cn(struct sae_sm *sm, uint16_t send_confirm, return ret; } +static bool sae_check_reflection(struct sae_sm *sm) +{ + /* + * If they match those sent as part of the protocol instance's own + * SAE Commit message, the frame shall be silently discarded (because + * it is evidence of a reflection attack) and the t0 (retransmission) + * timer shall be set. + */ + if ((sm->scalar && sm->p_scalar && l_ecc_scalars_are_equal(sm->scalar, sm->p_scalar)) || + (sm->element && sm->p_element && l_ecc_points_are_equal(sm->element, sm->p_element))) + return false; + + return true; +} + static int sae_reject(struct sae_sm *sm, uint16_t transaction, uint16_t status) { uint8_t reject[6]; @@ -593,6 +610,10 @@ static int sae_build_commit(struct sae_sm *sm, const uint8_t *addr1, l_ecc_scalar_free(mask); + /* ensure the scalar and element are different from peer */ + if (!sae_check_reflection(sm)) + return -EPROTO; + /* * Several cases require retransmitting the same commit message. The * anti-clogging code path requires this as well as the retransmission @@ -799,9 +820,13 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from, const uint8_t *frame, size_t len) { uint8_t *ptr = (uint8_t *) frame; - unsigned int nbytes = l_ecc_curve_get_scalar_bytes(sm->curve); + unsigned int nbytes; int r; + if (sm->handshake->authenticator && sae_set_group(sm, l_get_le16(frame)) < 0) + return -1; + + nbytes = l_ecc_curve_get_scalar_bytes(sm->curve); ptr += 2; sm->p_scalar = l_ecc_scalar_new(sm->curve, ptr, nbytes); @@ -821,28 +846,30 @@ static int sae_process_commit(struct sae_sm *sm, const uint8_t *from, MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP); } - /* - * If they match those sent as part of the protocol instance's own - * SAE Commit message, the frame shall be silently discarded (because - * it is evidence of a reflection attack) and the t0 (retransmission) - * timer shall be set. - */ - if (l_ecc_scalars_are_equal(sm->p_scalar, sm->scalar) || - l_ecc_points_are_equal(sm->p_element, sm->element)) { - l_warn("peer scalar or element matched own, discarding frame"); - return -ENOMSG; - } - sm->sc++; - r = sae_calculate_keys(sm); - if (r != 0) - return r; + if (sm->handshake->authenticator) { + if (!sae_send_commit(sm, false)) + return -EPROTO; + + r = sae_calculate_keys(sm); + if (r != 0) + return r; - if (!sae_send_confirm(sm)) - return -EPROTO; + sm->state = SAE_STATE_COMMITTED; + } else { + if (!sae_check_reflection(sm)) + return -EPROTO; - sm->state = SAE_STATE_CONFIRMED; + r = sae_calculate_keys(sm); + if (r != 0) + return r; + + if (!sae_send_confirm(sm)) + return -EPROTO; + + sm->state = SAE_STATE_CONFIRMED; + } return 0; } @@ -1013,7 +1040,7 @@ static int sae_verify_nothing(struct sae_sm *sm, uint16_t transaction, /* * TODO: This does not handle the transition from NOTHING -> CONFIRMED * as this is only relevant to the AP or in Mesh mode which is not - * yet supported. + * yet fully supported. */ if (transaction != SAE_STATE_COMMITTED) return -EBADMSG; From patchwork Mon May 6 00:30:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654721 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F211A932 for ; Mon, 6 May 2024 00:48:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956536; cv=none; b=EZlENMZ5z2DEm24uX8bM5zms1jR/OCyPbM+CxXzrHtPN496UzIH6PAQjLgFXVopVitH8qcL78gRSwfqOaPPO3HAIKer/GAiIifD8sK8RjJvbWvUY4jm5VqJOck/FR02C1liuM7R7XaGOj9NTh0/uqzIOrh2zpgDfWuaAht3PNSw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956536; c=relaxed/simple; bh=rQIgQatvjCAJ0YijxMVwQ75DZJ3Wa+9kkyp7KMgtMRk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XqrQ5c1Cbxn5cUbwoPG+V2ExecqR5GXzXYf7Do68sDIdl2zUjUDGw0StJs8Znj92CX/sVLciG4tCqxGS0wTDovhIo3n2A84n02pGM0oeYvzn4l0GLUalkcdKdW8VVtFL11muZ4kJeKGJc+p3aZPoSMas/OgsFfunVWghRW9dAJ0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Xj2ZNfmo; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Xj2ZNfmo" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1e4c4fb6af3so7070195ad.0 for ; Sun, 05 May 2024 17:48:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956534; x=1715561334; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fEv4LZx8WPK1WJDqrgB3tecjENbWp8IMFV6HYPMSNeA=; b=Xj2ZNfmodwdr+6mCgff11y4zTK8ZwbjMOFzQOguBxoFGotedXBqni6qQ/7TlOmxTqB +Hl1tDNG9z9Gdi+Jkkr33jRYlqMrSCrsD7r9nH3D7aexGnq1CWcVdHQdUoy6vtmI0oZk KAIgg45DBKeMWaRqLE0ixtsBXPgPV3SJnrz4/Vs1YzW8pfGn7+PuOo8MgrJBajDqSaXp QS3X8FyVT4Mll/rozs30TKBdeFBwJzgZCXB8mdezzGCGkIH7KY0Y1NiZqvfPDmPcn5Sd qapcYHTUzIzR/NtqNnXeJ4f349HjJVPIMx2HPKx/UJg3fo0wdle1jGJGzaJBU0Su+AdD Jgvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956534; x=1715561334; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fEv4LZx8WPK1WJDqrgB3tecjENbWp8IMFV6HYPMSNeA=; b=AKzxevccetYUEAjXBi5R3KplYnp+csZ8BGQeNR8TzIrRits6o8SohLSJAGnfiIkyQX TM0v4DQYPfoyNbSCUasp/+5eqri4pc0gEYJcC38JVVChOmf0n4l/rzCZtuJeimuAl4sy OiYtl7Bo3G2EqNEWd210pGvU43DCnaGgn47qhlNbiceG9tJx572qWg9B2fcEFGOVpRId s/uNxn++RQGfikhFbqpYz/iiuLVePABYZvbt1p1aTbPEPxY0E3N7BTYO+m2uMwqBrcD0 c5n1dghbg1hNqkzbZdXAvFKVSvPw9iHdqBiotcApwoNKAtgWNE5AlTqYJlv3XGP1QPj/ EgnA== X-Gm-Message-State: AOJu0YwY+XV/PbfMxCJsyhtLY0ppOrp4iPEMs5sCxmtbJCUlEMtnwftt 0Gjqjw5KAGg/fWE7fule709cXkXN6dqYDD1TY4VAALUGeCipLM75S5Bbjw== X-Google-Smtp-Source: AGHT+IF4yFCrzUH1pYQntqD8A6frUuAaLBQKpsyHJ0mKSJzhxcvgyHVqyYIWXVNaFXB+wwUR7qzgWg== X-Received: by 2002:a17:902:e54c:b0:1e5:1041:7ed4 with SMTP id n12-20020a170902e54c00b001e510417ed4mr18123925plf.14.1714956534345; Sun, 05 May 2024 17:48:54 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id jy8-20020a17090342c800b001ec5f1f363csm7050584plb.90.2024.05.05.17.48.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:48:54 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 07/18] sae: verify offered group in AP mode Date: Sun, 5 May 2024 17:30:30 -0700 Message-ID: <20240506003518.320176-8-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When receiving a Commit frame in AP mode, first verify that we support the offered group before further processing the frame. --- src/sae.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/sae.c b/src/sae.c index 7ba9b0eb..7405a561 100644 --- a/src/sae.c +++ b/src/sae.c @@ -216,6 +216,18 @@ static int sae_valid_group(struct sae_sm *sm, unsigned int group) return -ENOENT; } +static int sae_supported_group(struct sae_sm *sm, unsigned int group) +{ + const unsigned int *ecc_groups = l_ecc_supported_ike_groups(); + unsigned int i; + + for (i = 0; ecc_groups[i]; i++) + if (ecc_groups[i] == group) + return true; + + return false; +} + static bool sae_pwd_seed(const uint8_t *addr1, const uint8_t *addr2, uint8_t *base, size_t base_len, uint8_t counter, uint8_t *out) @@ -1053,7 +1065,8 @@ static int sae_verify_nothing(struct sae_sm *sm, uint16_t transaction, return -EBADMSG; /* reject with unsupported group */ - if (l_get_le16(frame) != sm->group) + if ((sm->handshake->authenticator && sae_supported_group(sm, l_get_le16(frame)) < 0) || + (!sm->handshake->authenticator && l_get_le16(frame) != sm->group)) return sae_reject(sm, SAE_STATE_COMMITTED, MMPDU_STATUS_CODE_UNSUPP_FINITE_CYCLIC_GROUP); From patchwork Mon May 6 00:30:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654722 Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DA4AA934 for ; Mon, 6 May 2024 00:49:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956546; cv=none; b=gI3X4ndJkqV4GkBgluJ9RHb2JezRY/3Uhf5dGPwyhKumWCnEUKZXVbiq/Xc96A6qvmdh0Pn45GntEue/+rFFjZuxjyw/UeMhgQRgn+ziiAmNM+dVjgh7dJWiypiOyhAdtPTYIMUNvcBH2VPk1X0qmgztz+uQ3t3Z46d+utiIbMM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956546; c=relaxed/simple; bh=tkPFAkN4DbopzBk+oQr79nVQHvTDl/GW/hsYV9DHWEw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T6bpQiMeBeCXoMsKAYjS6B8UDcjCQZ/Ge/Y19f00zE2bhPbQLUaPIVivURNXOiL2vqOj6ImyitN7aJkDnhRM4rN3gFM1J6bR0Ljms52cmq5vdiPgn6N+OQL1eL+44v11yp4Ni1zJZCsqL1kjQmVjc3z6XLHeFF44cbIjyBfX3Y4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nKS52Vkv; arc=none smtp.client-ip=209.85.216.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nKS52Vkv" Received: by mail-pj1-f48.google.com with SMTP id 98e67ed59e1d1-2b3c1ea9a68so824409a91.1 for ; Sun, 05 May 2024 17:49:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956545; x=1715561345; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=x5CrnkIpfWXsq735qycDcBC7SdKFyw2URaeP/5UWloM=; b=nKS52VkvIghjSGt57+oL75ffmL0J+fOuWJOU1qnXdxXEkmvRE5BYVvF+ew0S+xdSmw bVAcYifNEQFIoGJB8p9V5VEH0OYhRXmVznqwjW/QC0MmRD7afzDQ0IKEFQuGTSCN1uqd 4aZD9KYrCeZIDguxmM6f4g0doSNi4eeWw/5xCOI6Md1zsZzXhGaRoB3S8hzk68cPQO2J 4AODdol4TApA3OyE3vNxG/yENIJ4FXj/KqE32eYsP0TY82+fu3KCOOz/4ZbpFR7JSrzz FLIlpWYT1jtVPGsSIezHwdrjloVcxVJmsYL/9lf5z2yDm/41AIRjFy0AGr/rZ5nf4UhG dm0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956545; x=1715561345; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=x5CrnkIpfWXsq735qycDcBC7SdKFyw2URaeP/5UWloM=; b=pUFVyFv+hboa7erJj293jGx+yVhhab/3NEe2W8sBjSsqbd2OQFHV7e8sZPvlFWWT1b pumO3d/kzICZDJaOl4Re84CGfgA7UW/BrEBJueI6SCWzd41IVGIShFs0roOOHuybvXc7 1yc9zwJ8ubJD7VlaO/IcTcmoTFTKZqBQp/NbxKAUEFL8PsUxMjxnJFYckoVL+nX3jtpG wFTxA3l3VBkXbCyyqLYJ7Hmw12Vp29Uj+lJa7DCCNmaHR4/Be8ES2cibqRVDHzK7nXCB GfO06RF1RmW/vkqeFO8jagRgERVKFcz7Prgk/sA8EC3Ry87F23DF0sR/ngYTdtaxSTHl rLsQ== X-Gm-Message-State: AOJu0Yy7IOfnc0QfWXAgB3tMbvA89OjCgDIngCsIKpnZktvHFbBnzT0U EWpLqO/vcv5T6bjogvgjpyE52h71phBN8389R+mtJUusIm/6nYQyRAEUkg== X-Google-Smtp-Source: AGHT+IG1tbdTzRVwxnTT7lmXrKqZMSeEtL6Qr+ve3bzFUbLL39nCjx6Vap1jz1HSoZJE20DL+unGgw== X-Received: by 2002:a17:90a:f492:b0:2a6:217b:4492 with SMTP id bx18-20020a17090af49200b002a6217b4492mr12927825pjb.3.1714956544405; Sun, 05 May 2024 17:49:04 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id gt14-20020a17090af2ce00b002adc80dab50sm6942900pjb.18.2024.05.05.17.49.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:49:04 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 08/18] sae: support reception of Confirm frame by AP Date: Sun, 5 May 2024 17:30:31 -0700 Message-ID: <20240506003518.320176-9-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Experimental AP-mode support for receiving a Confirm frame when in the COMMITTED state. The AP will reply with a Confirm frame. Note that when acting as an AP, on reception of a Commit frame, the AP only replies with a Commit frame. The protocols allows to also already send the Confirm frame, but older clients may not support simultaneously receiving a Commit and Confirm frame. --- src/sae.c | 48 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/src/sae.c b/src/sae.c index 7405a561..3ad28fab 100644 --- a/src/sae.c +++ b/src/sae.c @@ -930,9 +930,13 @@ static int sae_process_confirm(struct sae_sm *sm, const uint8_t *from, sm->state = SAE_STATE_ACCEPTED; - sae_debug("Sending Associate to "MAC, MAC_STR(sm->handshake->aa)); - - sm->tx_assoc(sm->user_data); + if (!sm->handshake->authenticator) { + sae_debug("Sending Associate to "MAC, MAC_STR(sm->handshake->aa)); + sm->tx_assoc(sm->user_data); + } else { + if (!sae_send_confirm(sm)) + return -EPROTO; + } return 0; } @@ -1083,16 +1087,34 @@ static int sae_verify_committed(struct sae_sm *sm, uint16_t transaction, unsigned int skip; struct ie_tlv_iter iter; - /* - * Upon receipt of a Con event... - * Then the protocol instance checks the value of Sync. If it - * is greater than dot11RSNASAESync, the protocol instance shall send a - * Del event to the parent process and transition back to Nothing state. - * If Sync is not greater than dot11RSNASAESync, the protocol instance - * shall increment Sync, transmit the last SAE Commit message sent to - * the peer... - */ - if (transaction == SAE_STATE_CONFIRMED) { + if (sm->handshake->authenticator && transaction == SAE_STATE_CONFIRMED) { + enum l_checksum_type hash = + crypto_sae_hash_from_ecc_prime_len(sm->sae_type, + l_ecc_curve_get_scalar_bytes(sm->curve)); + size_t hash_len = l_checksum_digest_length(hash); + + if (len < hash_len + 2) { + l_error("SAE: Confirm packet too short"); + return -EBADMSG; + } + + /* + * TODO: Add extra functionality such as supporting anti-clogging + * tokens and tracking rejected groups. Note that the cryptographic + * confirm field value will be checked at a later point. + */ + + return 0; + } else if (transaction == SAE_STATE_CONFIRMED) { + /* + * Upon receipt of a Con event... + * Then the protocol instance checks the value of Sync. If it + * is greater than dot11RSNASAESync, the protocol instance shall send a + * Del event to the parent process and transition back to Nothing state. + * If Sync is not greater than dot11RSNASAESync, the protocol instance + * shall increment Sync, transmit the last SAE Commit message sent to + * the peer... + */ if (sm->sync > SAE_SYNC_MAX) return -ETIMEDOUT; From patchwork Mon May 6 00:30:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654723 Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4859A936 for ; Mon, 6 May 2024 00:49:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956559; cv=none; b=D61fOmxzCsoOCzMS+3/H7OuHmJKhigfrHiEIb4MawrHxfR5lAs+yr4XXMzTdxjIiBVIf7DTLXIgpXqSuM3p0Q+xDpX9KHH5gUNFMOCHpwi4pL8GrRzoVwZmyb2P3PawHDHh0Nicy6b+o1/CeZwmbVI6yJoKbMzrxZtk7iHS9ODw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956559; c=relaxed/simple; bh=fVD87+qvQU2HsRwaGcnyMqcn/S+4DS4birRdDhUq2a4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cCMMNfjU0XVkowlqpYNbYCTDE5mSSeSQQk+QQ9Xe9Yzy2KsxeCeeEuk1B06XkEEMfjCb/mgTN6fjYrWPg49nSEHmroXWNdnYZNjxkzoQsrCNTWxsqxPoeZtNpuqrz7orOgELycAGInRl+7JJQsWljpDkrn/Immr3t4AZ1P7FRyo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=l4V6QcfR; arc=none smtp.client-ip=209.85.216.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="l4V6QcfR" Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-2b4952a1b51so1046372a91.0 for ; Sun, 05 May 2024 17:49:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956557; x=1715561357; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7M+EmCbakxU9OFzT4Nayb2gd4JGR7jTTVLjzWXJUAl0=; b=l4V6QcfRTZuizoE/iXLC93PlLytqO2Us0ReY3P46V0IAW5aNTDkKR0XE3zNS1P9KbL 9FCDbJvlv3Manwo1habdVuV9+9BZ3Yu84QB+hz3Hvz2SKaYp99TRHd5yMUpHbT0Lvxdb O+9uN7HWnkjZMTgtuIlUpccWQ2sg0haDwWl3Qt/3frsqsoJMowwX4H0G4yHPKYK3mRNd ABmqT+dyWk78xiss+UQDkj0cPklSGrRzQrHLDU4Avgzu+KkZDNbwvTHfdbSufnirp8QG zv5ALJxwQUjURWDDQ4qxhkrWmcletD9cKwQYIGoX1tifB8gxPzGo/KB794axIQGvrD0s VOHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956557; x=1715561357; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7M+EmCbakxU9OFzT4Nayb2gd4JGR7jTTVLjzWXJUAl0=; b=cx80nqo0Yuba6Bp3dJsNAgI3gbaT8LLa4GtSvQ7N3wXNX6GlF2Q9NbR03JheLAVS9f k4vekXtBm/uUu7g+H6o2gaDdG2ivJ4yN4xVZyEWUd+ZAnfIZmJADrdXt40o2+GpibYqa zfQIaasU6EqBOGkJLvYzljEZTJrc3TUj3d2mOlHvTORdhj/duFk5jaRfu3qNJFPy8PQ7 QVckfYKP2Ffb1KmRedZsWaaLMSHW7Ida2KBOklDJrFiVMIRCYQcT9OaimlykIr/pMQY6 ENq9gEzrJwkcUazDRFSqBjMHy3kLNdyLcVhq5a3NlIsNagGskmUucEpeKNrfcFsbSDTv gMhg== X-Gm-Message-State: AOJu0YyzPCYk9PMM9i4i2yArC4NB6bXu1CM0rztg5dHC7RtMSl6G8LOk 874zIAGfDHtZVaIexg2PdWPE9XWtF3IA7edYRR8nd9TWXx9ceqWJ4oOSdw== X-Google-Smtp-Source: AGHT+IEKRTuvzWPNeDz1fpYlvVFprd5kzXJnuuvzkSBYTryigZ0mEgLSRiiCDN3PVO4sXmMIWsw9hA== X-Received: by 2002:a17:90a:bb81:b0:2b5:1f7d:7eae with SMTP id v1-20020a17090abb8100b002b51f7d7eaemr1132286pjr.24.1714956557026; Sun, 05 May 2024 17:49:17 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id q8-20020a17090a064800b002ae2579ffeesm7654469pje.19.2024.05.05.17.49.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:49:16 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 09/18] ap: add support to handle SAE authentication Date: Sun, 5 May 2024 17:30:32 -0700 Message-ID: <20240506003518.320176-10-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When the client requests SAE authentication, and it is enabled, allocate an auth_proto instance to handle SAE authentication. This also adds a new function to send SAE frames in AP mode that can be used by the auth_proto instance. --- src/ap.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 58 insertions(+), 9 deletions(-) diff --git a/src/ap.c b/src/ap.c index cd253ce3..ec27180e 100644 --- a/src/ap.c +++ b/src/ap.c @@ -59,6 +59,8 @@ #include "src/diagnostic.h" #include "src/band.h" #include "src/common.h" +#include "src/sae.h" +#include "src/auth-proto.h" struct ap_state { struct netdev *netdev; @@ -132,6 +134,7 @@ struct sta_state { uint8_t *assoc_ies; size_t assoc_ies_len; uint8_t *assoc_rsne; + struct auth_proto *auth_proto; enum ie_rsn_akm_suite akm_suite; struct eapol_sm *sm; struct handshake_state *hs; @@ -2595,6 +2598,38 @@ static void ap_auth_reply(struct ap_state *ap, const uint8_t *dest, ap_auth_reply_cb, NULL); } +static void sae_auth_reply(const uint8_t *data, size_t len, void *user_data) +{ + struct sta_state *sta = (struct sta_state *)user_data; + struct ap_state *ap = (struct ap_state *)sta->ap; + const uint8_t *addr = netdev_get_address(ap->netdev); + uint8_t sae_buf[512]; + struct mmpdu_header *mpdu = (struct mmpdu_header *) sae_buf; + struct mmpdu_authentication *auth; + + if (L_WARN_ON(26 + len > sizeof(sae_buf))) + return; + + memset(mpdu, 0, sizeof(*mpdu)); + + /* Header */ + mpdu->fc.protocol_version = 0; + mpdu->fc.type = MPDU_TYPE_MANAGEMENT; + mpdu->fc.subtype = MPDU_MANAGEMENT_SUBTYPE_AUTHENTICATION; + memcpy(mpdu->address_1, sta->addr, 6); /* DA */ + memcpy(mpdu->address_2, addr, 6); /* SA */ + memcpy(mpdu->address_3, addr, 6); /* BSSID */ + + /* Authentication body */ + auth = (void *) mmpdu_body(mpdu); + auth->algorithm = L_CPU_TO_LE16(MMPDU_AUTH_ALGO_SAE); + + /* SAE elements */ + memcpy(sae_buf + 26, data, len); + ap_send_mgmt_frame(ap, mpdu, 26 + len, + ap_auth_reply_cb, NULL); +} + /* * 802.11-2016 9.3.3.12 (frame format), 802.11-2016 11.3.4.3 and * 802.11-2016 12.3.3.2 (MLME/SME) @@ -2665,7 +2700,7 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body, * than State 1." */ if (sta) - goto done; + goto have_sta; /* * Per 12.3.3.2.3 with Open System the state change is immediate, @@ -2680,18 +2715,32 @@ static void ap_auth_cb(const struct mmpdu_header *hdr, const void *body, ap->sta_states = l_queue_new(); sta->akm_suite = akm_suite; + if (sta->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) { + sta->hs = netdev_handshake_state_new(sta->ap->netdev); + handshake_state_set_authenticator(sta->hs, true); + handshake_state_set_passphrase(sta->hs, ap->passphrase); + handshake_state_set_supplicant_address(sta->hs, sta->addr); + handshake_state_set_authenticator_address(sta->hs, bssid); + + sta->auth_proto = sae_sm_new(sta->hs, sae_auth_reply, NULL, sta); + } l_queue_push_tail(ap->sta_states, sta); - /* - * Nothing to do here netlink-wise as we can't receive any data - * frames until after association anyway. We do need to add a - * timeout for the authentication and possibly the kernel could - * handle that if we registered the STA with NEW_STATION now (TODO) - */ -done: - ap_auth_reply(ap, from, 0); +have_sta: + if (sta->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) { + auth_proto_rx_authenticate(sta->auth_proto, (const uint8_t *)hdr, + body + body_len - (void *) hdr); + } else { + /* + * Nothing to do here netlink-wise as we can't receive any data + * frames until after association anyway. We do need to add a + * timeout for the authentication and possibly the kernel could + * handle that if we registered the STA with NEW_STATION now (TODO) + */ + ap_auth_reply(ap, from, 0); + } } /* 802.11-2016 9.3.3.13 (frame format), 802.11-2016 11.3.4.5 (MLME/SME) */ From patchwork Mon May 6 00:30:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654724 Received: from mail-oo1-f41.google.com (mail-oo1-f41.google.com [209.85.161.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0BE99A934 for ; Mon, 6 May 2024 00:49:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.161.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956576; cv=none; b=Pw2kogJVzzWC1/v659J5Kk6IJKOFsr79n1kq6fH5Os0ROYUQlODwk1rh7QYcwvSXQkX+UHv1xfMRE0yeqp6tFepXDGTuIJYDhysBKfp2VWc/7fJPa3BzgM/X7lIHZ0LVAfb9BoTjVSmy9Bs4C6t/XpG9dAycAOSvhO0C/PR5wxo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956576; c=relaxed/simple; bh=6fNUlTMf4D1XF5Cz7EsH/Fk1taGOayyBLPs9cr6k+eg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=psHbMaKYjgLEkHb/v6tAh/15pKbRDLAA+yHvhUKb4qCItq2HT2EjbEEmvFi5rqkO6ofTjfoI9Rp/mbsudDIpZ+ngbnU4V/ffUEIeCmiCO557bol5XU3AXjOHCJHxJXFgm6bK/1vPXhY2ADfWDJjr6MPc1ks3GODXIUei4TG0RiY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Yj+6nW/6; arc=none smtp.client-ip=209.85.161.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Yj+6nW/6" Received: by mail-oo1-f41.google.com with SMTP id 006d021491bc7-5b206048ac2so428140eaf.3 for ; Sun, 05 May 2024 17:49:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956574; x=1715561374; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LolnO6L7lvPzalyIjZImicREyy8Oz95WG7dGLXReUBY=; b=Yj+6nW/6sP7KSSK5ud3PQQJbLP9Qc+j9CSJEpsQGbseBaHbWH4GUJGek9XSVC96ZVB bDg6nxMyD8UrkQh2HOgqy4SydQALyknmjvVSRwxAwLqUOxerA7RMSgF3FBooBurxxMUD srVUJK/DhJXctoIc0F7aoL9aLGcunEJ5L5ojeuqWwYXt1iEV5/tUMJkeptaNqc7hxbfl lvDxMd1yWZrXKdlKLv46D/2GgIpGdCAeyDQfw1T1mOl14x7vim/ci3nRHBGmupev7MsQ ZGcFrS2bx8lX8ghoGy26ZrqMX3p4xK5VcHgCHOFT0wuks4TO155w0ZPxQm+az6vFcqVQ zugw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956574; x=1715561374; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LolnO6L7lvPzalyIjZImicREyy8Oz95WG7dGLXReUBY=; b=wfp7QGksPZ8MrneImbRMLSTlXKpjAjTpeyXKkN4DK0DHyCa9DZjMnEvXxGkBaRPF6n ORXC84LdV9CjWUZ7UJzhb/bScyocp7GNm1hb/s3kU39IN8wEnpV8wsFa0jLIfxz7x3lY xymZ0E93NFfBHVlNinaMohcP8xySsiJhXBXrz9EIpaSVQSiYyknz9fZxAiMt3dn/7124 xQL++Nj6P9jhGDf8NHU1+/+8PzZi9nVSlW9T2E5Zz0W3C9s667WuKTS4E8eWhsCwGNX4 E5qswElXz4v4G0PJNfdDhyBmIafcXqDSbVNaODfNXSfh3ZkfgwJoaP0B75VNM1wgprwb 2cig== X-Gm-Message-State: AOJu0YzMQoNwwHe/Zb6gtAIcJLSkIM8F0QO/g11FvXVpVwjT1w4U1gqp hIpryV7KDSyzxYsOT4qLEK+ii4ut4vt9AbE7cuVxdLFkl/PMFbn+g0xbKA== X-Google-Smtp-Source: AGHT+IHgSyg9zva1nYrv6IbSfnlwicYjWjc36HwSi06G4IAoCX/BD0OYGDP5BVg7pPyucflLqN+YfA== X-Received: by 2002:a05:6358:598e:b0:18e:a0ce:a34f with SMTP id c14-20020a056358598e00b0018ea0cea34fmr11418342rwf.14.1714956573716; Sun, 05 May 2024 17:49:33 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id g1-20020a63dd41000000b00606dd49d3b8sm6836017pgj.57.2024.05.05.17.49.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:49:33 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 10/18] ap: enable start of 4-way HS after SAE Date: Sun, 5 May 2024 17:30:33 -0700 Message-ID: <20240506003518.320176-11-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Accept association frames that request SAE if SAE is enabled by the AP. When SAE is being used, get the PMK as negoticated by SAE. --- src/ap.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/ap.c b/src/ap.c index ec27180e..ae406e16 100644 --- a/src/ap.c +++ b/src/ap.c @@ -1500,12 +1500,19 @@ static void ap_handshake_event(struct handshake_state *hs, static void ap_start_rsna(struct sta_state *sta, const uint8_t *gtk_rsc) { - /* this handshake setup assumes PSK network */ - sta->hs = netdev_handshake_state_new(sta->ap->netdev); - handshake_state_set_authenticator(sta->hs, true); + /* this handshake setup assumes SAE or PSK network */ + if (sta->hs && sta->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) { + handshake_state_set_pmk(sta->hs, sta->hs->pmk, 32); + handshake_state_set_pmkid(sta->hs, sta->hs->pmkid); + } else { + sta->hs = netdev_handshake_state_new(sta->ap->netdev); + handshake_state_set_authenticator(sta->hs, true); + handshake_state_set_pmk(sta->hs, sta->ap->psk, 32); + } + handshake_state_set_event_func(sta->hs, ap_handshake_event, sta); handshake_state_set_supplicant_ie(sta->hs, sta->assoc_rsne); - handshake_state_set_pmk(sta->hs, sta->ap->psk, 32); + ap_start_handshake(sta, false, gtk_rsc); } @@ -2258,7 +2265,7 @@ static void ap_assoc_reassoc(struct sta_state *sta, bool reassoc, goto unsupported; } - if (rsn_info.akm_suites != IE_RSN_AKM_SUITE_PSK) { + if ((rsn_info.akm_suites & ap->akm_suites) == 0) { err = MMPDU_REASON_CODE_INVALID_AKMP; goto unsupported; } From patchwork Mon May 6 00:30:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654725 Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4EE32A934 for ; Mon, 6 May 2024 00:49:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956591; cv=none; b=GVGW7ilUlsIOs90PSggSjVRGPkXacD95KTwl/G2+9j7SrBGBPpYtiCs53eSLeJXXrYZgrM3ugk51BLFLjjkaaVjMoQP35+LwLecgJrRQ/ZUth8Ij2rwN+ivhM2F1ve122x/0hkEHqYvriLaPCwb+4/BClu/xe2P9z+yet99RYyM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956591; c=relaxed/simple; bh=cRkHBy2uD1YnFwVVq3Mdddj1F6MNIx9//mM6zwBi0uo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MEeTribXrk/fkfOn0IP/FqPxg1o4x+keToeoXK/3uxLN4s6UcuUIADzgvUffb2rn7SK9NtcOLLAFWMND/xkptrJUg2yg09hXxtGbf4IRpmFHrXjgHg826ZSSZxKQcB1cW6uF2Qkz8vJcFZKGuFEl7shm8xk75PBK0tfNSaXXpt8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=QccfYH9D; arc=none smtp.client-ip=209.85.210.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QccfYH9D" Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-6f4603237e0so612939b3a.0 for ; Sun, 05 May 2024 17:49:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956589; x=1715561389; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=07folLyvhfiD5Dm79rxRPKnpxAOoFCM++kQlgQBZgfs=; b=QccfYH9D2SQNlVFFJygiXz3hx5h/+CaT99/Dv0EX/7oJ2gBJCHsw+GeLUM6/3KSIcm 9vaSTE11NiAGp8z082o4ma5X6XXP5bk9DMzbJYFkJ8c2Zb2sPYycFS2FajZOAVyrK+EC 9dhc0TFQrpsn1zs1WnQGPbZNQ1fETu4cJ8EOg0BqQksNCCMvB2zFfcEhKdzPFKAtPmbN LzcSjdcS9eZpYVv7z1f/UTPtQC5hQtPW5K55zIJsRVVMJUN2IdjPkXilvLj3mvV40QuX vBViWgcVYOpTvd+LD4o4r5xqO/omXVOQhn455+tsKvjEF1iMaxTPUq0kRAlhUjQmi1WH gxFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956589; x=1715561389; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=07folLyvhfiD5Dm79rxRPKnpxAOoFCM++kQlgQBZgfs=; b=gkYTb9rG89leCmbsCFpwSjWOEziR4XGdZDn/OTLHDy01tGRwAYfg8nfK9cubmG8PUr 4hxy9OXRmXbstopDy4La8kaJJi53Vy9dmJXuzlfSWHXE6IBnSBGV7wwdJ3kHYLhWKIqS wzqT/6DeBj5eLz65zOcgbCMnF1UDXq2OkEWOUQJ9M64NjPEyD3sw+qPW1zupsb6+n9MK pXD0KxyhHd6y9pJk920ByEu3sHR7nv7QUNJ94/2llx/gIhx1dnORpj59sY/n9uEgYUFi Y9kcfqJuZC2fWEoKNAKleQyiAlkA+D6SMYdf93+GBwPVWmBHJ1gPJMAES8YgLK8fb7DG hhnA== X-Gm-Message-State: AOJu0YyIXQhcGz7I/xKeGd0ODKXH4H1K+7CFxO3HtPaJl1r68hraYZyO DjJl0mw74F/HHSj4W/M1WRzS669EbpvVOYB+GtgNDjnfWsMdrY98AVPJvA== X-Google-Smtp-Source: AGHT+IGV0SE8hGBYdhBoT/+5o5/mkZhl0OMNjQwt9jWDiHVBK8wZj9pKXd5VuMN63FEl4ffHHl6VeA== X-Received: by 2002:a05:6a00:3a28:b0:6f4:4b35:d7b5 with SMTP id fj40-20020a056a003a2800b006f44b35d7b5mr12242369pfb.1.1714956589535; Sun, 05 May 2024 17:49:49 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id kt20-20020a056a004bb400b006ee1e2eedf3sm6578093pfb.27.2024.05.05.17.49.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:49:49 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 11/18] eapol: support PTK derivation with SHA256 Date: Sun, 5 May 2024 17:30:34 -0700 Message-ID: <20240506003518.320176-12-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Support PTK derivation in case the negotiated AKM requires SHA256. This is needed to support SAE in AP mode. --- src/eapol.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/eapol.c b/src/eapol.c index 3ce14d5c..a9b4f3ba 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1560,6 +1560,7 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, size_t ptk_size; const uint8_t *kck; const uint8_t *aa = sm->handshake->aa; + enum l_checksum_type type; l_debug("ifindex=%u", sm->handshake->ifindex); @@ -1571,12 +1572,16 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, ptk_size = handshake_state_get_ptk_size(sm->handshake); + type = L_CHECKSUM_SHA1; + if (sm->handshake->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) + type = L_CHECKSUM_SHA256; + if (!crypto_derive_pairwise_ptk(sm->handshake->pmk, sm->handshake->pmk_len, sm->handshake->spa, aa, sm->handshake->anonce, ek->key_nonce, sm->handshake->ptk, ptk_size, - L_CHECKSUM_SHA1)) + type)) return; kck = handshake_state_get_kck(sm->handshake); From patchwork Mon May 6 00:30:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654726 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D714EA934 for ; Mon, 6 May 2024 00:50:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956603; cv=none; b=f3nfLLIBFbZD6zazO5nOVfYlCskSx509qlpL0VRv+UDbdBoUlFAH1CgTCU39fWpbPGejA1NPtglMjsUMy4jekfqebjp2sH6s8Rz5EEFJ5nw5wucZqzjgribQuztZdrvh7BIvngg6UmV2wJrWBFj1n0Ajsd6Q4o5w9bJe1DXJNh8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956603; c=relaxed/simple; bh=eEq9Td+YFyMLbQxlT4nLIpPILrfWB3pFM6RwDSO05p4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KO00IMdVVUuDuHTrDlVcwW+exFkOvnjrSmsiugf+u2k6qmm0x2nS69u+6Gj7b4MgTVAEsMzlgxTQ/e/mZWitjK+IowguS10RGOIUaXdVLYPv85xCS+SfljranN5Mhug1CfbBVLoDkYOypjy9eRov6YOt3JPU1INm0akX969JYTk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YCkGPumH; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YCkGPumH" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1e3ca546d40so8969515ad.3 for ; Sun, 05 May 2024 17:50:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956601; x=1715561401; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=m4WaFKoi3gYbHn3QYKFOplN1UMqY7nh1w7n7PFZNIWs=; b=YCkGPumHFlCjiPO/31QZhdnOfPrx89oMDq2HjMR5b019wWP499bjEeSHOJ3ckPW8yB eaoIiziCeX1h8BNXpCYMrHvZu7rv3tvXp8NLe+dGsiCjQQrEhQmic83mbmamMg0NPtQh P1JRdmzhV8pEphY98J3OX2hSwBhqNyc1WaU9vDC8Pm1daoIpURq5VhqARWNV5pjzn6Qg HTPdaPWTgTqQkHYADAGEAkzln1ChfOTxl/2+m/7gBSvRwwXihehdWRnEF+dC0OwSlkeb +urPeXn3UzyE2J0lEErIrFQaOfPL0YwxrpucSXgEkojT0IR40yQ+EKcMe125oiM98A3W dZCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956601; x=1715561401; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=m4WaFKoi3gYbHn3QYKFOplN1UMqY7nh1w7n7PFZNIWs=; b=RbbcHfMTJDrpwVvYvYzr9aCdpe+W5kYso4Ykg00+N8oH1VsPz3Mf+LGu7EWTqHp36w HGCc6IX+F9xBhUpCaG0gpQDo8OIb6iG4kmbQgi3nlvq1mmcd5uCNLTbFtnGRUXVhqUDy tT99OGVY4Lfx4lv43zRoGpZ5SuK5+3ZYfNEc3yrEuza5T4HZzA8FevDwSKvW15ICqzRH Ouh6KO8NOfOz1n0J+sAHOOAoqamljv7dh4BxjlipX21G6lxDiU0XObGGg7bCe2h/Wlid ednS4K4ZUPSeVqch0JyDvbCUQNDIEGrxKg0z3mic4kNPHZ09thVQlfIC0PlH3DWgilGL s96Q== X-Gm-Message-State: AOJu0YwXktxoOZFI63KhsNX6tNu3Y0oGAaJ9s7R0VChVBPHaRxPgVMoJ 6MzPhIzdTkq8nkwELx8nHBPs7ii+WgU4ctp8zk+v9vEhQ+ipNEfBriOQKA== X-Google-Smtp-Source: AGHT+IE16+xhwZKMSYRlNAaQ/PZ9Nyrscu4RyFkD2ihSto1kO22XwGjoY1q7NfB138mTwxsyEZdQeA== X-Received: by 2002:a17:902:a513:b0:1ec:8d50:8dec with SMTP id s19-20020a170902a51300b001ec8d508decmr7678440plq.39.1714956600971; Sun, 05 May 2024 17:50:00 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id d10-20020a170902654a00b001e435350a7bsm3247619pln.259.2024.05.05.17.49.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:50:00 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 12/18] eapol: encrypt key data for AKM-defined ciphers Date: Sun, 5 May 2024 17:30:35 -0700 Message-ID: <20240506003518.320176-13-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Support encrypting key data when the cipher is AKM-defined. This is needed to support SAE in AP mode. --- src/eapol.c | 51 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 36 insertions(+), 15 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index a9b4f3ba..524a26c9 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -387,6 +387,23 @@ error: return NULL; } +static int padded_aes_wrap(const uint8_t *kek, uint8_t *key_data, + size_t *key_data_len, + struct eapol_key *out_frame, size_t mic_len) +{ + if (*key_data_len < 16 || *key_data_len % 8) + key_data[(*key_data_len)++] = 0xdd; + while (*key_data_len < 16 || *key_data_len % 8) + key_data[(*key_data_len)++] = 0x00; + + if (!aes_wrap(kek, key_data, *key_data_len, + EAPOL_KEY_DATA(out_frame, mic_len))) + return -ENOPROTOOPT; + + *key_data_len += 8; + return 0; +} + /* * Pad and encrypt the plaintext Key Data contents in @key_data using * the encryption scheme required by @out_frame->key_descriptor_version, @@ -395,12 +412,12 @@ error: * Note that for efficiency @key_data is being modified, including in * case of failure, so it must be sufficiently larger than @key_data_len. */ -static int eapol_encrypt_key_data(const uint8_t *kek, uint8_t *key_data, - size_t key_data_len, +static int eapol_encrypt_key_data(enum ie_rsn_akm_suite akm, const uint8_t *kek, + uint8_t *key_data, size_t key_data_len, struct eapol_key *out_frame, size_t mic_len) { uint8_t key[32]; - bool ret; + int ret; switch (out_frame->key_descriptor_version) { case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_MD5_ARC4: @@ -426,18 +443,21 @@ static int eapol_encrypt_key_data(const uint8_t *kek, uint8_t *key_data, break; case EAPOL_KEY_DESCRIPTOR_VERSION_HMAC_SHA1_AES: case EAPOL_KEY_DESCRIPTOR_VERSION_AES_128_CMAC_AES: - if (key_data_len < 16 || key_data_len % 8) - key_data[key_data_len++] = 0xdd; - while (key_data_len < 16 || key_data_len % 8) - key_data[key_data_len++] = 0x00; - - if (!aes_wrap(kek, key_data, key_data_len, - EAPOL_KEY_DATA(out_frame, mic_len))) - return -ENOPROTOOPT; - - key_data_len += 8; + ret = padded_aes_wrap(kek, key_data, &key_data_len, out_frame, mic_len); + if (ret < 0) + return ret; break; + case EAPOL_KEY_DESCRIPTOR_VERSION_AKM_DEFINED: + switch (akm) { + case IE_RSN_AKM_SUITE_SAE_SHA256: + ret = padded_aes_wrap(kek, key_data, &key_data_len, out_frame, mic_len); + if (ret < 0) + return ret; + break; + default: + return -ENOTSUP; + } } l_put_be16(key_data_len, EAPOL_KEY_DATA(out_frame, mic_len) - 2); @@ -1467,8 +1487,9 @@ static void eapol_send_ptk_3_of_4(struct eapol_sm *sm) } kek = handshake_state_get_kek(sm->handshake); - key_data_len = eapol_encrypt_key_data(kek, key_data_buf, - key_data_len, ek, sm->mic_len); + key_data_len = eapol_encrypt_key_data(sm->handshake->akm_suite, kek, + key_data_buf, key_data_len, ek, + sm->mic_len); explicit_bzero(key_data_buf, sizeof(key_data_buf)); if (key_data_len < 0) From patchwork Mon May 6 00:30:36 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654727 Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F846182DA for ; Mon, 6 May 2024 00:50:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956612; cv=none; b=UbSx78bNIRMhkzuC5zVK6Nt6rxXmhoxChVIxjhf6IbSPFU+MhT7gyNazEpLAizfiDU+v+syzLhOZNh6V1fTRlqyrf27+tFxuJ69xmwa7ezfEnyNealEduE2F/A1sXO8HVQT+AwQtGvQkfYeMhi2LqthdvOwIqeD1bFKugVt6P8A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956612; c=relaxed/simple; bh=wLZ20aAvwxqooNqKINzsGpjS+1yMxQi6jW3Bx/oZZL4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=m+QuoI3IdOkVhexKMA/6goWKs5aS00t4W1J/J/cKgxztfO3H+Gysdz9oRpvDNIbClW+RaBB2gArA7JMRpnSw1nJhprUQ6U1zHObXvf9o/j86KhoW/OSnuxmlZJIa1IbbR1Es7JU4ElCavLG5s9TtQNiQhL5scE+amz4D8/Ss/9M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lQsSJCIV; arc=none smtp.client-ip=209.85.210.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lQsSJCIV" Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-6f30f69a958so805273b3a.1 for ; Sun, 05 May 2024 17:50:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956610; x=1715561410; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6nNm6WDmFWUrK7tEKHQFGw9/TWYHnwuyyFKXj5Lrdkg=; b=lQsSJCIVzKDvp/D8u+r6tEual1NRnx/v820bg1eSEamqiLwn100/+Y8msGU021kvz4 /lXGZ8OKXZBKu9y9y5n5IoP6BHXDIShqwTpdzM75MVBUhijBeWpaOWTFADREIp7pMkpE nVClle5qY39WYeyokx0Ficr+11OR9hjV6QEQRO3Hm83owS7niOLtGUJYMfCRvv5eZrUU r42SDZ8Z86lN2uW7o/sPbEqM+v+gYKc5lE5horW1f+N2kduLynveCFh+X5kguSX1rgLC 054AzTDgfx5s0HkePMmQlHK7ntekUZyhbjap6oYUW+gGCpCGvM9QKMNGFKE/8gFnrZi1 uRIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956610; x=1715561410; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6nNm6WDmFWUrK7tEKHQFGw9/TWYHnwuyyFKXj5Lrdkg=; b=hmUMGmnzBEmYo3PWli70gmN4qTvDDJhOxLeZFB0y/j/LcEfLWy8O9msj4yf8ZlOtJT 9BoDTSdnXRn0mIFs33qnZwvmL7nLFcnf8UUvkg8saRr4gWcO/WHbjToUQqVAf0vS9e7W 7DweRn92Y4l/ZEgNiZQ0tJ8I7NheM0EJqYZdCp3u5kW/hOgbD9Z/wL150n22BYRyl8oe FL9SNv/jxemAHwq0gce6pHyktU/VHS3uiu+EqypsZiOxtS+wLHHgvcbfk+99UUy6yl6X im2upN2fObiWaAr4vFmQbIawwaisVWZ+Xm80WM6emShNe7tkK4viNLpdVLsZxj0znAiS MA4A== X-Gm-Message-State: AOJu0YxqeAUQ6jlTE28OFjNfWGUiGf0JqwEWQIH/tc+4a0gCJWQno58U VZnkXj8rLPm2CuXCIY2EDWp/VrrwDwrAMgbHLzQAdY+BCC9AqUd23+r8ow== X-Google-Smtp-Source: AGHT+IHXiGymzWPLdPahFpAncra7OxwKeL4nCLcw+5Yzjr9C4ACztG4VQey0cPEY0+01cAqM2PcOEA== X-Received: by 2002:a05:6a00:2185:b0:6ed:4f2e:ef22 with SMTP id h5-20020a056a00218500b006ed4f2eef22mr9868759pfi.31.1714956610498; Sun, 05 May 2024 17:50:10 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id w11-20020aa7858b000000b006efd89cea71sm6586879pfn.84.2024.05.05.17.50.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:50:10 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 13/18] unit: add unit test for SAE AP mode Date: Sun, 5 May 2024 17:30:36 -0700 Message-ID: <20240506003518.320176-14-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add unit test that simulates client and AP in SAE handshake. Test that both the client and AP complete the SAE handshake. --- unit/test-sae.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) diff --git a/unit/test-sae.c b/unit/test-sae.c index 04783d18..87e3554d 100644 --- a/unit/test-sae.c +++ b/unit/test-sae.c @@ -631,6 +631,116 @@ static void test_end_to_end(const void *arg) l_free(td2); } +static void ap_to_client_tx_func(const uint8_t *frame, size_t len, void *user_data) +{ + struct test_data *td = user_data; + uint16_t trans; + + memcpy(td->tx_packet, frame, len); + td->tx_packet_len = len; + + if (len <= 6 && l_get_le16(frame + 2) != 0) { + td->tx_reject_occurred = true; + return; + } + + trans = l_get_le16(frame); /* transaction */ + + switch (trans) { + case 1: + assert(l_get_le16(frame + 2) == 0); /* status */ + assert(l_get_le16(frame + 4) == 19); /* group */ + + td->commit_success = true; + + return; + case 2: + assert(l_get_le16(frame + 2) == 0); + assert(len == 38); + + td->confirm_success = true; + + return; + } + + assert(false); +} + +static void test_client_to_ap(const void *arg) +{ + struct auth_proto *ap_sta; + struct auth_proto *ap_ap; + struct test_data *td_sta = l_new(struct test_data, 1); + struct test_data *td_ap = l_new(struct test_data, 1); + struct handshake_state *hs_sta = test_handshake_state_new(1); + struct handshake_state *hs_ap = test_handshake_state_new(2); + struct authenticate_frame *frame = alloca( + sizeof(struct authenticate_frame) + 512); + struct associate_frame *assoc = alloca(sizeof(struct associate_frame)); + size_t frame_len; + + td_sta->status = 0xffff; + td_ap->status = 0xffff; + + handshake_state_set_supplicant_address(hs_sta, spa); + handshake_state_set_authenticator_address(hs_sta, aa); + handshake_state_set_passphrase(hs_sta, passphrase); + + handshake_state_set_supplicant_address(hs_ap, aa); + handshake_state_set_authenticator_address(hs_ap, spa); + handshake_state_set_passphrase(hs_ap, passphrase); + handshake_state_set_authenticator(hs_ap, true); + + ap_sta = sae_sm_new(hs_sta, end_to_end_tx_func, test_tx_assoc_func, td_sta); + ap_ap = sae_sm_new(hs_ap, ap_to_client_tx_func, test_tx_assoc_func, td_ap); + + /* let client send a commit */ + auth_proto_start(ap_sta); + + /* forward commit from client to the AP */ + frame_len = setup_auth_frame(frame, aa, 1, 0, td_sta->tx_packet + 4, + td_sta->tx_packet_len - 4); + assert(auth_proto_rx_authenticate(ap_ap, (uint8_t *)frame, + frame_len) == 0); + + /* forward commit from AP to the client */ + frame_len = setup_auth_frame(frame, spa, 1, 0, td_ap->tx_packet + 4, + td_ap->tx_packet_len - 4); + assert(auth_proto_rx_authenticate(ap_sta, (uint8_t *)frame, + frame_len) == 0); + + /* forward confirm from client to the AP */ + frame_len = setup_auth_frame(frame, aa, 2, 0, td_sta->tx_packet + 4, + td_sta->tx_packet_len - 4); + assert(auth_proto_rx_authenticate(ap_ap, (uint8_t *)frame, + frame_len) == 0); + + /* forward confirm from AP to the client */ + frame_len = setup_auth_frame(frame, spa, 2, 0, td_ap->tx_packet + 4, + td_ap->tx_packet_len - 4); + assert(auth_proto_rx_authenticate(ap_sta, (uint8_t *)frame, + frame_len) == 0); + + /* client should by now have sent association request to AP */ + assert(td_sta->tx_assoc_called); + /* AP should have sent a confirm frame to complete handshake */ + assert(td_ap->confirm_success); + + /* confirm association frame doesn't return an error */ + frame_len = setup_assoc_frame(assoc, 0); + assert(auth_proto_rx_associate(ap_sta, (uint8_t *)assoc, frame_len) == 0); + assert(auth_proto_rx_associate(ap_ap, (uint8_t *)assoc, frame_len) == 0); + + handshake_state_free(hs_sta); + handshake_state_free(hs_ap); + + auth_proto_free(ap_sta); + auth_proto_free(ap_ap); + + l_free(td_sta); + l_free(td_ap); +} + static void test_pt_pwe(const void *data) { static const char *ssid = "byteme"; @@ -893,6 +1003,7 @@ int main(int argc, char *argv[]) l_test_add("SAE bad confirm", test_bad_confirm, NULL); l_test_add("SAE confirm after accept", test_confirm_after_accept, NULL); l_test_add("SAE end-to-end", test_end_to_end, NULL); + l_test_add("SAE client-to-ap", test_client_to_ap, NULL); l_test_add("SAE pt-pwe", test_pt_pwe, NULL); From patchwork Mon May 6 00:30:37 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654728 Received: from mail-oi1-f172.google.com (mail-oi1-f172.google.com [209.85.167.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BA364B673 for ; Mon, 6 May 2024 00:50:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956626; cv=none; b=NL/yIjoUv+S6DCpnYXd8t/SWri/vYqyBScehUIcwS/g6swJBBlrbx/vBwveqSF3tfh7LSyHmdDWDECWiNxspJmZEJg6dHMYOltbPTtgcxWsC5FIjGO1bbkEdL6/yp6ACgIzDwIwNKuwPIXuPCRsbP2F76eXu9tpslHksRptsEa4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956626; c=relaxed/simple; bh=kbyJhhrxU4mE6ZZc0Mx9u/14LBLLLW915QVOrVc3t5c=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oRjmkhiduGpIgPe8PXErI+29PmxAHDq8Mb4oXvHbVD9tsV3e3CXvV1z4poOVqb4S537p45YtbDUDuI0yV1Q9b/svPVg8Hx0H2tqD7Z9+NI2FTO+eJmvI37GhJYoBXt7jYqjuqur3G8TebmweOL4JzExERxO2wGbVc9BDxCV9rWM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Zd3jLt6b; arc=none smtp.client-ip=209.85.167.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Zd3jLt6b" Received: by mail-oi1-f172.google.com with SMTP id 5614622812f47-3c96c1e27a3so294362b6e.2 for ; Sun, 05 May 2024 17:50:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956624; x=1715561424; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aTXjM9WUFKL8XGPzF+cuiI2OWaB05tCHhnayPlf4miY=; b=Zd3jLt6bOnZ2T6BeGqGVq5g/mlV+9oInwl8ibTAi/Rn5P5u4ZQI8ezq7umwtlxUvRE l+aqOMV+dwLFn64MqkfOxTkdcB1uf4jzhe6mkdYSSfHgD1DFPob18nerlL1b1e0QrnI8 5K49H2Ugt2REOV2YIWfcFp+rlsz42QDCkcXOt+lhTjH4T7YH7C8ywNoASmkrEGKxMw3X Xd76dFAiYrqiBzHZziqHoG10l2eB34waEgCO53aq/D+1DlEl9PLoB9Upa5A7ojO0n3a1 XV8SOOU/37utXg0/8wysjGvWKHF18+OK13Tbzsea0iHo34LBJS140e73xAbuhiy30gfe lzgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956624; x=1715561424; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aTXjM9WUFKL8XGPzF+cuiI2OWaB05tCHhnayPlf4miY=; b=DBY5lz8So4xNWwT8vuAySXGZ2AVJhpqpQYDe5zs0QYedKJx8nhy+0j8zog0aUCwUkO ypzDAbM6F/q6Kq6QevVBwTM7sOQ125/qT/hoTlFfelXBzlUfcQuPt63cVZKVXh3Lq01S qLYmnUhxkQp06Jkhx2Sfu4hDWU9j2wwdToMqMDNjcsck3qmUKw7zUJltnI5O+naVwjmz xuI3Kbooy1gn5oT18Cr3g4XHumMCTaTJTpyfJVqQmUhEQlLR2R46kt3q5DE5tHc6HNlF cBnKQVd4GOneA5Pto+qGoEMSAF3HxAAXiGzQmvKtQCPRVD5RSg3hAwwUf1+DxwRduU3V seIw== X-Gm-Message-State: AOJu0Yw0aHlW5TMk18afiU4z7Z7k32LbBETN+9dxbBZjGeDPLGGyAuhK zkvPVbH1vAl5nBsHaOOf9ROcYMGKlMe/xsVbKYyJJNb3nHSqqIBLIAsG4Q== X-Google-Smtp-Source: AGHT+IGUwihI8HdaHutT8LexIfVN0NzBv/NrfWiUJu2Ha6bQ6e89qt81djlCl9gPkB15zcr7/9l7nw== X-Received: by 2002:a05:6808:300e:b0:3c7:513b:4298 with SMTP id ay14-20020a056808300e00b003c7513b4298mr12693957oib.54.1714956623754; Sun, 05 May 2024 17:50:23 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id u9-20020a056a00098900b006f3ef4e7551sm2516945pfg.217.2024.05.05.17.50.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:50:23 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 14/18] ap: move toward requiring MFP when using SAE Date: Sun, 5 May 2024 17:30:37 -0700 Message-ID: <20240506003518.320176-15-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When wanting to use SAE, confirm that MFP is also supported, and automatically enable MFP. Advertise as MFP capable in the beacon. --- src/ap.c | 13 +++++++++++-- src/wiphy.c | 2 +- src/wiphy.h | 2 ++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/ap.c b/src/ap.c index ae406e16..8cebef42 100644 --- a/src/ap.c +++ b/src/ap.c @@ -82,6 +82,7 @@ struct ap_state { unsigned int ciphers; enum ie_rsn_cipher_suite group_cipher; + enum ie_rsn_cipher_suite group_management_cipher; unsigned int akm_suites; uint32_t beacon_interval; struct l_uintset *rates; @@ -93,6 +94,7 @@ struct ap_state { struct l_timeout *wsc_pbc_timeout; uint16_t wsc_dpid; uint8_t wsc_uuid_r[16]; + bool mfpc; uint16_t last_aid; struct l_queue *sta_states; @@ -639,6 +641,9 @@ static void ap_set_rsn_info(struct ap_state *ap, struct ie_rsn_info *rsn) rsn->akm_suites = ap->akm_suites; rsn->pairwise_ciphers = ap->ciphers; rsn->group_cipher = ap->group_cipher; + + rsn->group_management_cipher = ap->group_management_cipher; + rsn->mfpc = ap->mfpc; } static void ap_wsc_exit_pbc(struct ap_state *ap) @@ -3916,9 +3921,13 @@ static int ap_load_config(struct ap_state *ap, const struct l_settings *config, for (i = 0; akms_str && akms_str[i]; i++) { if (!strcmp(akms_str[i], "PSK")) ap->akm_suites |= IE_RSN_AKM_SUITE_PSK; - else if (!strcmp(akms_str[i], "SAE")) + else if (!strcmp(akms_str[i], "SAE")) { + if (!wiphy_can_connect_sae(wiphy)) + return -ENOTSUP; ap->akm_suites |= IE_RSN_AKM_SUITE_SAE_SHA256; - else { + ap->group_management_cipher = IE_RSN_CIPHER_SUITE_BIP_CMAC; + ap->mfpc = true; + } else { l_warn("Unsupported or unknown AKM suite %s", akms_str[i]); return -ENOTSUP; diff --git a/src/wiphy.c b/src/wiphy.c index fb36ebb2..fb30e7a6 100644 --- a/src/wiphy.c +++ b/src/wiphy.c @@ -195,7 +195,7 @@ uint16_t wiphy_get_supported_ciphers(struct wiphy *wiphy, uint16_t mask) return wiphy->supported_ciphers & mask; } -static bool wiphy_can_connect_sae(struct wiphy *wiphy) +bool wiphy_can_connect_sae(struct wiphy *wiphy) { /* * WPA3 Specification version 3, Section 2.2: diff --git a/src/wiphy.h b/src/wiphy.h index bc82a007..9472b253 100644 --- a/src/wiphy.h +++ b/src/wiphy.h @@ -72,6 +72,8 @@ enum ie_rsn_cipher_suite wiphy_select_cipher(struct wiphy *wiphy, uint16_t mask); uint16_t wiphy_get_supported_ciphers(struct wiphy *wiphy, uint16_t mask); +bool wiphy_can_connect_sae(struct wiphy *wiphy); + enum ie_rsn_akm_suite wiphy_select_akm(struct wiphy *wiphy, const struct scan_bss *bss, enum security security, From patchwork Mon May 6 00:30:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654729 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05FDCB673 for ; Mon, 6 May 2024 00:50:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956640; cv=none; b=UfoMJAFUWQSVY7Ni2TY2SwH1UPzF1pukFjz+m6KomJnr33ZyYNmqfdVaJXqBE+ByJCPvuMhaozXsCF6FgoydKmA8qnpNwCs2GXlcmlEE4rQdO5df76g6xrBGmg0IAmDeTByREnleTrdnNwqQv+yJRIHetftYmyh5pR8mzCIdmRY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956640; c=relaxed/simple; bh=VydOKVJuPBTss2PStFya0mkiAZeXJlVm1B0Smv+bZCA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=YgtMw7Yr0eAO2bd4bdFXoNIHA1PhtUI4t6uSrKCsrSUi+yL7SL8v20ryIFgQbGoHwLLWDncCuEcwAbHK2D5d0t64Gmnnqy4mEyIsBewJ5Unvof0bOZ4mduFAApAmW1QCygGlOkIEOxKXOjd8s8l+6PfRhKRjf92Jb+9vIHwsAbw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DVZYoj1s; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DVZYoj1s" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1e9ffd3f96eso8487185ad.3 for ; Sun, 05 May 2024 17:50:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956638; x=1715561438; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K5580yddf2aMg8WBhr7IZrzQ4F8u9ZGBSofyZ1Dq2gY=; b=DVZYoj1sJF9Qoz/0ukpCG2E1ft8ga90kaG3fnz2WrU8Mtez2/wXBiueqKNCyVFAhau Vc54wu2esQwqL04aZvk5FLggxTZVhM6yeWt4sU0jykuYO0AKiWDebvaPhpnXSbzaW0nk jArXX8EpRN4PLw1m+6QwW2xTyDVJ8RculH60OmZnZG0+mF6rfOlxUImBfPmvvv2N8apk NFEXbHfxsrgcM5cB57CUQ/RvupNupIt1BmudBKUc8FSbjQj4jP4ZIyuZktJoZwJ36bZe JRxsMEz8oUaLye21xoozQDXFfsrM5HwvuvVFquSB3xu0soaUZb0hDXvdGF/fecnUsPRG DmKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956638; x=1715561438; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5580yddf2aMg8WBhr7IZrzQ4F8u9ZGBSofyZ1Dq2gY=; b=ThUr+MD5gxZOfeC6gmMZS5sQvkL5zr8ziHMtSdO1qAq3sLbDr4/58DJ4w5Zcd+9o55 lDYQeZtElSMgPo2MEB3fM08mVk6a7/Uk8+hQBozwzrGAE2jv9F7xZdzUWhR8G4RaRaXI R6vgxOJhDjN9+C7UEtd1r8TucJdYmzlB9DSttZBGN9IaoLfXGhpZTPpHCdI82ZP3vrB5 TB04tbPDn0SR+55efY+yqKso+inDCK7sOOSL6lyX9IxLIYpqK3w3qd96v1nyuOYbnx6O 4HqN3PZCl93WEwwntiVvs+JP8l8lOrS527QCzEyRb3S2wFJrkR7FgyiCGpiQnyPEkdWc MyvA== X-Gm-Message-State: AOJu0YwGKZaGNG0HZDa3hoiPWS/i2hYoAp4zHSusQog+CmnaYZkDXuHR TilnbIHw3ZUUk1ZOFF9yqeyJCBfrinCirlusi6CAZp21EjlU2/9O/VSzew== X-Google-Smtp-Source: AGHT+IHGTTbnJ5sEsjxjA1Yb3rMqJ1pWq8LEOHhVkRhseZ549M9b4ZK/o4hycFWN5jaARTGmcQmEFw== X-Received: by 2002:a17:902:db0a:b0:1eb:acff:63ba with SMTP id m10-20020a170902db0a00b001ebacff63bamr11783239plx.67.1714956637890; Sun, 05 May 2024 17:50:37 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id n5-20020a170903110500b001eab26889a7sm7043391plh.136.2024.05.05.17.50.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:50:37 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 15/18] handshake: add functions to save and set IGTK Date: Sun, 5 May 2024 17:30:38 -0700 Message-ID: <20240506003518.320176-16-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To add MFP support in the AP mode, add utility functions to save the IGTK and to add the IGTK to handshake messages. --- src/handshake.c | 34 ++++++++++++++++++++++++++++++++++ src/handshake.h | 8 ++++++++ 2 files changed, 42 insertions(+) diff --git a/src/handshake.c b/src/handshake.c index ee23dbad..fc1978df 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -838,6 +838,21 @@ void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key, memcpy(s->gtk_rsc, rsc, 6); } +void handshake_state_set_igtk(struct handshake_state *s, const uint8_t *key, + unsigned int key_index, const uint8_t *rsc) +{ + enum crypto_cipher cipher = + ie_rsn_cipher_suite_to_cipher(s->group_management_cipher); + int key_len = crypto_cipher_key_len(cipher); + + if (!key_len) + return; + + memcpy(s->igtk, key, key_len); + s->igtk_index = key_index; + memcpy(s->igtk_rsc, rsc, 6); +} + /* * This function performs a match of the RSN/WPA IE obtained from the scan * results vs the RSN/WPA IE obtained as part of the 4-way handshake. If they @@ -1027,6 +1042,25 @@ void handshake_util_build_gtk_kde(enum crypto_cipher cipher, const uint8_t *key, memcpy(to, key, key_len); } +void handshake_util_build_igtk_kde(enum crypto_cipher cipher, const uint8_t *key, + unsigned int key_index, uint8_t *to) +{ + size_t key_len = crypto_cipher_key_len(cipher); + + *to++ = IE_TYPE_VENDOR_SPECIFIC; + *to++ = 12 + key_len; + l_put_be32(HANDSHAKE_KDE_IGTK, to); + to += 4; + *to++ = key_index; + *to++ = 0; + + /** Initialize PN to zero **/ + memset(to, 0, 6); + to += 6; + + memcpy(to, key, key_len); +} + static const uint8_t *handshake_state_get_ft_fils_kek(struct handshake_state *s, size_t *len) { diff --git a/src/handshake.h b/src/handshake.h index 62118fe2..8a356e6b 100644 --- a/src/handshake.h +++ b/src/handshake.h @@ -150,8 +150,11 @@ struct handshake_state { uint8_t r1khid[6]; uint8_t gtk[32]; uint8_t gtk_rsc[6]; + uint8_t igtk[32]; + uint8_t igtk_rsc[6]; uint8_t proto_version : 2; unsigned int gtk_index; + unsigned int igtk_index; uint8_t active_tk_index; struct erp_cache_entry *erp_cache; bool support_ip_allocation : 1; @@ -288,6 +291,9 @@ bool handshake_decode_fte_key(struct handshake_state *s, const uint8_t *wrapped, void handshake_state_set_gtk(struct handshake_state *s, const uint8_t *key, unsigned int key_index, const uint8_t *rsc); +void handshake_state_set_igtk(struct handshake_state *s, const uint8_t *key, + unsigned int key_index, const uint8_t *rsc); + void handshake_state_set_chandef(struct handshake_state *s, struct band_chandef *chandef); int handshake_state_verify_oci(struct handshake_state *s, const uint8_t *oci, @@ -307,5 +313,7 @@ const uint8_t *handshake_util_find_pmkid_kde(const uint8_t *data, size_t data_len); void handshake_util_build_gtk_kde(enum crypto_cipher cipher, const uint8_t *key, unsigned int key_index, uint8_t *to); +void handshake_util_build_igtk_kde(enum crypto_cipher cipher, const uint8_t *key, + unsigned int key_index, uint8_t *to); DEFINE_CLEANUP_FUNC(handshake_state_free); From patchwork Mon May 6 00:30:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654730 Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D39BB673 for ; Mon, 6 May 2024 00:50:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956651; cv=none; b=G9jmvjsBnpga9pLc9OVIfKueRotD/lAfH+qfhvqPEM3CGK4gCIJaXYeaiVbZzEvC3OTYwzSi2sf56Nxn1sQ+umge5qP0pkFaCUPfu3UMHYA+Ufg1i2clcWVzpispKFQNaglfLm/4bdAVO4TEx2nfBTbWtg1VSNLkJObSy+mcoz8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956651; c=relaxed/simple; bh=c6SY4E9wmMW/mE0KPPLBr2qFnzdmzHOyEjXrpu0iqtc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Lyvq5Ii/XL/nHw9M2chgVvebP55QyrXm0XA+v1difj5AnW8TPuduJIc6Yd4XBHU4zMiXfE/Is5tBy2KvYB2QKkb8QwdLonNzpcePnTJH9t0FUotDPBa8bn4ufFF9OKfHV60EpEMAQEeoxqTJPMunXgTk6wVWkN4r4w9LCoKR608= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=COaDIFP2; arc=none smtp.client-ip=209.85.214.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="COaDIFP2" Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1ec4b2400b6so9104725ad.3 for ; Sun, 05 May 2024 17:50:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956649; x=1715561449; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4SxEZPUTntS6l0z3SFOZC+kHiFFzrVFOqbytO/m/LnI=; b=COaDIFP2g+NiF2aD9o15YgpTjDHwnsWUnh6OZ+Doj5vzLQLFGiHRpLiRy4UDKsmhJw 71gUTNfIN9/GH5u9dzJmwIv8Jh4j6Kt8zjS3fJ4SXclQbd8Ux40VHSl0L+tixi+b8YGZ 9nFsdF8HAJo81tNoN47o/AAX9ocxanx3Loz+cvBw1ME9rVHwY+ARMH312+EAli8h7ZlH IcmJuUXbQ6TQsS3/UM8LVhvjX/x7JFTZduj2xSnKBHNkeRaNzvq6lerGDVBJfaENichZ 3oA6R3UBx5dL9rNG8/6jIwfS63KCV4JV3KFhtjOqBAWZAFrS7J4B8b1ZpJ3UHbqkV4my txRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956649; x=1715561449; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4SxEZPUTntS6l0z3SFOZC+kHiFFzrVFOqbytO/m/LnI=; b=V8SGxY+1/9TvG2M7amkv2Mv+tltPhgGIC9+u6PMJInr1bu4u08SMDD52tIj9UY6f72 d4OuCmGaYZhp8KHP8RKSQ7RKwK1F9XFTglUA7/WcbMLCQ1zRD8AmluHBABCNr1Ihk1vp lqIFIYGbgGwpv+PEDp5wiCgeV4uXle/Shn4POFw5tu6sjMLLaB0H89gZREUQwfT/baEs jO3jW3MkcO6x/OPdwYllCGyG8doUYv9jwJOWn8DBZPF8122HSynS+dZjhPSDa8W9q9eR kbvh1QsxDlnspwqcN63jdkaNGyVwuR3oMQIdSI3HlGSv5GtCi/n8xzKjvaiXVXfBijXz Rv0Q== X-Gm-Message-State: AOJu0Yym6kT8/7KrxF4ylEyzZ/gyB+KoUpPsutscvPF2+UBXs6IJOamE fFjYwaS0Ck0fcxHsv+uSFry3fIWHxXA4yZ03tguCVUsqHtfhQnTbbUCA4g== X-Google-Smtp-Source: AGHT+IEXv/NgNgn+0jtUPtCJRhdZ/nnLZz2EcySLffEsIxfY8X94JGUFW7uxglZH3ppLca+i7tDmbA== X-Received: by 2002:a17:902:f815:b0:1ea:5aff:c8ce with SMTP id ix21-20020a170902f81500b001ea5affc8cemr7049875plb.29.1714956649282; Sun, 05 May 2024 17:50:49 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id jw5-20020a170903278500b001e26ba8882fsm7019286plb.287.2024.05.05.17.50.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:50:49 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 16/18] eapol: include IGTK in 4-way handshake as AP Date: Sun, 5 May 2024 17:30:39 -0700 Message-ID: <20240506003518.320176-17-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When SAE with MFP is being used, include the IGTK in message 3 of the 4-way handshake. --- src/eapol.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/eapol.c b/src/eapol.c index 524a26c9..8b21b886 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1454,6 +1454,18 @@ static void eapol_send_ptk_3_of_4(struct eapol_sm *sm) key_data_len += gtk_kde[1] + 2; } + if (sm->handshake->mfp) { + enum crypto_cipher group_management_cipher = ie_rsn_cipher_suite_to_cipher( + sm->handshake->group_management_cipher); + uint8_t *igtk_kde = key_data_buf + key_data_len; + + handshake_util_build_igtk_kde(group_management_cipher, + sm->handshake->igtk, + sm->handshake->igtk_index, + igtk_kde); + key_data_len += igtk_kde[1] + 2; + } + if (sm->handshake->support_ip_allocation && !sm->handshake->client_ip_addr) { handshake_event(sm->handshake, HANDSHAKE_EVENT_P2P_IP_REQUEST); From patchwork Mon May 6 00:30:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654731 Received: from mail-oi1-f175.google.com (mail-oi1-f175.google.com [209.85.167.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3C9AB673 for ; Mon, 6 May 2024 00:51:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956664; cv=none; b=OeJ7J62Y6EhPQKfJQhZHj7ybgaOkGvV/PBeEbySvxeYzTeolM/k4a/dD1Nyd7GgD79m6MVoZPHJhl2rkkRq0jYfbejpBNMna68oJMkFZ0Hc2h97vRg5f4VkZ+ktykFNnS4zq8h3t05JbqIkEbCkO8aHb0pA4V9R4AgINkkb1QHw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956664; c=relaxed/simple; bh=Cebp0fVhXT2hUFnsgvSfuPuKbiUe93Vxldhl7y0ucQw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gh6I+4FTh1gkwBahSX5JQKXqp0kihQQNHNa9+YBppqeR0HmxCDxFYUOG/JxvnZD0ZQb2DZsP0SgPCNkFhAtKUZQAUDWvdH39Nga3xh/9jomst9XsRnOYdjL+Q5Lz3wqU9cJq3QBFbFOQa9558tqFci2yPPuyUocR1lINbkec5Yw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OULRQf0O; arc=none smtp.client-ip=209.85.167.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OULRQf0O" Received: by mail-oi1-f175.google.com with SMTP id 5614622812f47-3c70e46f3caso988368b6e.2 for ; Sun, 05 May 2024 17:51:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956661; x=1715561461; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LVuH3pK8qDTZgciFOQadd7MMfhSfydB8OIb+gsEQG6o=; b=OULRQf0O1WQmRKX0NKiurXr7NZ94Qr/rYzr0Q5NsUoDFTbA012r3K+IOCp2cKnJLMa CmAx+zsQ8Qiml2aUvSvcWts7AqSvTC57Nei4jbnxx0xv2BbF5OESH14EoU/mZzDjk74b U8MKTZ+YwaJxfYVAx7eJBabnAgY8kT7SzM9U8wB1svQRCqGjhaG3OpsuLQ63GHe/Avyw F7Ak2R4ktwsM9zhj3qlIPrzi42TtmLQpyAnb1n/PwKPTCyXhddjXPiJK83aWgxkljief Y9F9+mbkmSRybtwdXVpfBdziqpyQAVb2IEh4EiftvcUhd+7AfQuRvsC8ln2fN04JJ8ee SbXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956661; x=1715561461; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LVuH3pK8qDTZgciFOQadd7MMfhSfydB8OIb+gsEQG6o=; b=lXGuAVUlPoEKnP25hEmilHctp3wZ72QAW/ITNMHAOZb4TEbnX0TpbhCzvRLL88qidd 4Qj3ev3rUtNxHDrXyp2Arm50TZnfwuLGKTFF0PkhVvAS577/R42e1sQhMeFIi9h+sWrE Hv99sV8EL2Imoy5lkKt9W3N+ozwQcBRiIx4B8eUV7xAa+IV1+tOzE7GnG6NDAG+2zlQe kHQC4sKE2ur9Zoxo7BhO6vBRJNyls85GxmLo7YQuwDad6hh2j1ZGkUek6oAGfbWkAHG0 iXDxkb+zmjQPHzEEhI8AH93+rXRz757/qXWoOVySkdmUs71d8TgAuhKJqOK92aM6/3so fi+g== X-Gm-Message-State: AOJu0YwJeuWCtgiI75cZ23m/s7rPXHBvBrQKuoR9GUdzXUpjFXa/vzHz EcO+5lJA2UxInfeM3NEDM+4ef7S/7NQIwTE1hTJSgWZ33mstPfudIuHkrg== X-Google-Smtp-Source: AGHT+IHUvs9mP9gncL8hTt6J8JMAyFu/reZscrzKG8mc+32KY+AszORKjmiUZ/IjFCWsvDw2kHjkMg== X-Received: by 2002:a05:6808:4383:b0:3c5:f7fc:bb90 with SMTP id dz3-20020a056808438300b003c5f7fcbb90mr9850076oib.39.1714956661580; Sun, 05 May 2024 17:51:01 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id o16-20020a056a001b5000b006f473177c80sm1492756pfv.181.2024.05.05.17.51.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:51:01 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 17/18] ap: generate IGTK on startup if MFP is enabled Date: Sun, 5 May 2024 17:30:40 -0700 Message-ID: <20240506003518.320176-18-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When using MFP, generate the IGTK group key on startup, and install it for use. When installing the IGTK, which has either key index 4 or 5, use the appropriate NL80211 flags so it is installed properly. --- src/ap.c | 61 +++++++++++++++++++++++++++++++++++++++++++---- src/nl80211util.c | 7 +++++- 2 files changed, 63 insertions(+), 5 deletions(-) diff --git a/src/ap.c b/src/ap.c index 8cebef42..f598c173 100644 --- a/src/ap.c +++ b/src/ap.c @@ -90,6 +90,8 @@ struct ap_state { uint32_t mlme_watch; uint8_t gtk[CRYPTO_MAX_GTK_LEN]; uint8_t gtk_index; + uint8_t igtk[CRYPTO_MAX_GTK_LEN]; + uint8_t igtk_index; struct l_queue *wsc_pbc_probes; struct l_timeout *wsc_pbc_timeout; uint16_t wsc_dpid; @@ -116,6 +118,7 @@ struct ap_state { bool started : 1; bool gtk_set : 1; + bool igtk_set : 1; bool netconfig_set_addr4 : 1; bool in_event : 1; bool free_pending : 1; @@ -1656,7 +1659,7 @@ static void ap_start_eap_wsc(struct sta_state *sta) ap_start_handshake(sta, wait_for_eapol_start, NULL); } -static struct l_genl_msg *ap_build_cmd_del_key(struct ap_state *ap) +static struct l_genl_msg *ap_build_cmd_del_key(struct ap_state *ap, uint8_t index) { uint32_t ifindex = netdev_get_ifindex(ap->netdev); struct l_genl_msg *msg; @@ -1665,7 +1668,7 @@ static struct l_genl_msg *ap_build_cmd_del_key(struct ap_state *ap) l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex); l_genl_msg_enter_nested(msg, NL80211_ATTR_KEY); - l_genl_msg_append_attr(msg, NL80211_KEY_IDX, 1, &ap->gtk_index); + l_genl_msg_append_attr(msg, NL80211_KEY_IDX, 1, &index); l_genl_msg_leave_nested(msg); return msg; @@ -1709,7 +1712,7 @@ static void ap_gtk_op_cb(struct l_genl_msg *msg, void *user_data) cmd == NL80211_CMD_SET_KEY ? "SET_KEY" : "DEL_KEY"; - l_error("%s failed for the GTK: %i", + l_error("%s failed for the (I)GTK: %i", cmd_name, l_genl_msg_get_error(msg)); } } @@ -1797,6 +1800,39 @@ static void ap_associate_sta_cb(struct l_genl_msg *msg, void *user_data) ap->gtk_set = true; } + if (ap->mfpc && !ap->igtk_set) { + enum crypto_cipher group_management_cipher = + ie_rsn_cipher_suite_to_cipher(ap->group_management_cipher); + int igtk_len = crypto_cipher_key_len(group_management_cipher); + + l_getrandom(ap->igtk, igtk_len); + ap->igtk_index = 4; + + msg = nl80211_build_new_key_group( + netdev_get_ifindex(ap->netdev), + group_management_cipher, ap->igtk_index, + ap->igtk, igtk_len, NULL, + 0, NULL); + + if (!l_genl_family_send(ap->nl80211, msg, ap_gtk_op_cb, NULL, + NULL)) { + l_genl_msg_unref(msg); + l_error("Issuing NEW_KEY failed"); + goto error; + } + + msg = nl80211_build_set_key(netdev_get_ifindex(ap->netdev), + ap->igtk_index); + if (!l_genl_family_send(ap->nl80211, msg, ap_gtk_op_cb, NULL, + NULL)) { + l_genl_msg_unref(msg); + l_error("Issuing SET_KEY failed"); + goto error; + } + + ap->igtk_set = true; + } + if (ap->group_cipher == IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC) ap_start_rsna(sta, NULL); else { @@ -4137,10 +4173,27 @@ void ap_shutdown(struct ap_state *ap, ap_stopped_func_t stopped_func, ap_reset(ap); + if (ap->igtk_set) { + ap->igtk_set = false; + + cmd = ap_build_cmd_del_key(ap, ap->igtk_index); + if (!cmd) { + l_error("ap_build_cmd_del_key failed"); + goto free_ap; + } + + if (!l_genl_family_send(ap->nl80211, cmd, ap_gtk_op_cb, NULL, + NULL)) { + l_genl_msg_unref(cmd); + l_error("Issuing DEL_KEY failed"); + goto free_ap; + } + } + if (ap->gtk_set) { ap->gtk_set = false; - cmd = ap_build_cmd_del_key(ap); + cmd = ap_build_cmd_del_key(ap, ap->gtk_index); if (!cmd) { l_error("ap_build_cmd_del_key failed"); goto free_ap; diff --git a/src/nl80211util.c b/src/nl80211util.c index 3f9a43ac..289a73f6 100644 --- a/src/nl80211util.c +++ b/src/nl80211util.c @@ -486,14 +486,19 @@ struct l_genl_msg *nl80211_build_set_station_unauthorized(uint32_t ifindex, struct l_genl_msg *nl80211_build_set_key(uint32_t ifindex, uint8_t key_index) { struct l_genl_msg *msg; + int key_type; msg = l_genl_msg_new_sized(NL80211_CMD_SET_KEY, 128); l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex); + key_type = NL80211_KEY_DEFAULT; + if (key_index == 4 || key_index == 5) + key_type = NL80211_KEY_DEFAULT_MGMT; + l_genl_msg_enter_nested(msg, NL80211_ATTR_KEY); l_genl_msg_append_attr(msg, NL80211_KEY_IDX, 1, &key_index); - l_genl_msg_append_attr(msg, NL80211_KEY_DEFAULT, 0, NULL); + l_genl_msg_append_attr(msg, key_type, 0, NULL); l_genl_msg_enter_nested(msg, NL80211_KEY_DEFAULT_TYPES); l_genl_msg_append_attr(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST, 0, NULL); From patchwork Mon May 6 00:30:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Brandt X-Patchwork-Id: 13654732 Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACABB5CB0 for ; Mon, 6 May 2024 00:51:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956676; cv=none; b=S1+/s20mD/hieaUkHoRZmw8LB3YgHM+MZth0jJ8EwR39wZAbLyjyHVAAnvd0rhwBts6pII8c/HekdgHYZ+P0k9wNbGojK/NMpkJ/90b84jcM929DmpcFwe0vmoamjuo4wZJnEms6vnUl6x0EvDQHrJ+BTELnrXsQtoz4uQGTmxg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714956676; c=relaxed/simple; bh=g13A95xIBuvnuaDLoK6acafqHx9DsXHsiO9kPwfiOmQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=C2Hl+16x20WCJIv8M4hJHv12jkEjPwY/4NmBDewS39QFEO5BFuFB7+qqAPFGHBuytUS/Ae8uvwCeNZnDRCPbMCALJgCVBYS/diOxTPuY5sgVvILEaOGUFspoqAw2mVP0EK0Xhbh5f+A8gNhnq4/aJKL2UtrOWKEugEz10f+Njs0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZFRZlf4z; arc=none smtp.client-ip=209.85.210.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZFRZlf4z" Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-6f30f69a958so805759b3a.1 for ; Sun, 05 May 2024 17:51:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714956674; x=1715561474; darn=lists.linux.dev; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8p6aGW2BhpL/FR3VvsYOv36Uqn0LWX592NCfsKCEaCo=; b=ZFRZlf4zfzW7Kh2GUBBtm9u8E7dTkvABdGM7f53WbX+NeeHACZu3xVk+TVdrIKHdZk pBsCkQygt3lDtC1MZF6qZbA6rN1hQucsO4mS/236s3c/e4OAzvWU5RX2IaQUI6qSTxXp JxIelQomjhYSB2fyAiXuRiL9AcDrcPjOuEDZ03KziN/y7FI5L4p5xQKOyfJlQBBq2cUo Gis2wV/PDXIMW5Xalz1XQRP62asJlirGwSUsx0gU1Q324C4ugazxrCxUxG8+v6NTt8z9 ETuOwh7f4iP6PXv8RqYTCyosOo3bWSizU6LKiL8iObA7YYgYKSib3BEkARpH/ZUXgZch 4bJg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714956674; x=1715561474; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8p6aGW2BhpL/FR3VvsYOv36Uqn0LWX592NCfsKCEaCo=; b=E0fCx+ZLXt21EGckvnVM7bH4GA9DS3xOnUxl2oF40YrmcDoL0UtFqjS9MJBtXPc+9V kLhXApSxjzfqPny4pTTf1F9+3Lzr8aG2xi8r5lmfqzx15Za9U74PC+SSLTJaAYrlgJ14 gDrDhLT818yCYpXkhDyxZD43phFYL7TL+xLOMqmR2Wf3RHgimI2880Z8RvJDbXS3lLSL Y2NEer70150VVKUOwFCYgYQbRA6lJclAxf1HJezfvje2AqLjF+PB2mvWwCoRu9vT7iaY ZGUJE+/XZ1LNCOJjgxwiYhSg+gr21bK7oA6+k4+3/7+73HVwcHaxHiDWrULrngs13Ass naEA== X-Gm-Message-State: AOJu0YxrRD1bP23hGcjh0zpRlPGa/A30q89Pk/dcFaZQyCOastR1NBrh 9UDzGYpF1Fu9DkfTWKmz/xPxRHMq/Q+nfhS2MkImEhxaomsevIjHYGT9yw== X-Google-Smtp-Source: AGHT+IHshjHc9BqrdZtgCCyZiDCmncs62X86iidhuCdPMfuJPuPUWiqueYAgnyuhfYicL7EmSxvOkw== X-Received: by 2002:a05:6a21:6d99:b0:1a7:a72c:6f4 with SMTP id wl25-20020a056a216d9900b001a7a72c06f4mr9685679pzb.41.1714956673706; Sun, 05 May 2024 17:51:13 -0700 (PDT) Received: from localhost ([192.145.118.41]) by smtp.gmail.com with ESMTPSA id u15-20020a170902e5cf00b001e223b9eb25sm7024531plf.153.2024.05.05.17.51.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 May 2024 17:51:13 -0700 (PDT) From: John Brandt To: iwd@lists.linux.dev Cc: John Brandt Subject: [PATCH v2 18/18] ap: propogate IGTK and RSC to handshake Date: Sun, 5 May 2024 17:30:41 -0700 Message-ID: <20240506003518.320176-19-brandtwjohn@gmail.com> X-Mailer: git-send-email 2.45.0 In-Reply-To: <20240506003518.320176-1-brandtwjohn@gmail.com> References: <20240506003518.320176-1-brandtwjohn@gmail.com> Precedence: bulk X-Mailing-List: iwd@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When a client is connecting, remember whether it supports MFP, and if so, propogate the IGTK to the handshake. Also get the current Receive Sequence Counter (RSC) of the IGTK and propogate it to the handshake. --- src/ap.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 52 insertions(+), 9 deletions(-) diff --git a/src/ap.c b/src/ap.c index f598c173..c7ca49e8 100644 --- a/src/ap.c +++ b/src/ap.c @@ -144,6 +144,7 @@ struct sta_state { struct eapol_sm *sm; struct handshake_state *hs; uint32_t gtk_query_cmd_id; + uint8_t prev_igtk_rsc[6]; struct l_idle *stop_handshake_work; struct l_settings *wsc_settings; uint8_t wsc_uuid_e[16]; @@ -154,6 +155,7 @@ struct sta_state { bool ht_support : 1; bool ht_greenfield : 1; + bool mfp : 1; }; struct ap_wsc_pbc_probe_record { @@ -1379,7 +1381,7 @@ static uint32_t ap_send_mgmt_frame(struct ap_state *ap, })) static void ap_start_handshake(struct sta_state *sta, bool use_eapol_start, - const uint8_t *gtk_rsc) + const uint8_t *gtk_rsc, const uint8_t *igtk_rsc) { struct ap_state *ap = sta->ap; const uint8_t *own_addr = netdev_get_address(ap->netdev); @@ -1401,6 +1403,9 @@ static void ap_start_handshake(struct sta_state *sta, bool use_eapol_start, if (gtk_rsc) handshake_state_set_gtk(sta->hs, sta->ap->gtk, sta->ap->gtk_index, gtk_rsc); + if (sta->mfp && igtk_rsc) + handshake_state_set_igtk(sta->hs, sta->ap->igtk, + sta->ap->igtk_index, igtk_rsc); if (ap->netconfig_dhcp) sta->hs->support_ip_allocation = true; @@ -1506,7 +1511,8 @@ static void ap_handshake_event(struct handshake_state *hs, va_end(args); } -static void ap_start_rsna(struct sta_state *sta, const uint8_t *gtk_rsc) +static void ap_start_rsna(struct sta_state *sta, const uint8_t *gtk_rsc, + const uint8_t *igtk_rsc) { /* this handshake setup assumes SAE or PSK network */ if (sta->hs && sta->akm_suite == IE_RSN_AKM_SUITE_SAE_SHA256) { @@ -1521,7 +1527,7 @@ static void ap_start_rsna(struct sta_state *sta, const uint8_t *gtk_rsc) handshake_state_set_event_func(sta->hs, ap_handshake_event, sta); handshake_state_set_supplicant_ie(sta->hs, sta->assoc_rsne); - ap_start_handshake(sta, false, gtk_rsc); + ap_start_handshake(sta, false, gtk_rsc, igtk_rsc); } static void ap_gtk_query_cb(struct l_genl_msg *msg, void *user_data) @@ -1546,13 +1552,48 @@ zero_rsc: gtk_rsc = zero_gtk_rsc; } - ap_start_rsna(sta, gtk_rsc); + ap_start_rsna(sta, gtk_rsc, sta->prev_igtk_rsc); return; error: ap_del_station(sta, MMPDU_REASON_CODE_UNSPECIFIED, true); } +static void ap_igtk_query_cb(struct l_genl_msg *msg, void *user_data) +{ + struct sta_state *sta = user_data; + struct ap_state *ap = sta->ap; + + const void *igtk_rsc; + uint8_t zero_igtk_rsc[6]; + int err; + + sta->gtk_query_cmd_id = 0; + + err = l_genl_msg_get_error(msg); + if (err == -ENOTSUP) + goto zero_rsc; + else if (err < 0) + return; + + igtk_rsc = nl80211_parse_get_key_seq(msg); + if (!igtk_rsc) { +zero_rsc: + memset(zero_igtk_rsc, 0, 6); + igtk_rsc = zero_igtk_rsc; + } + + memcpy(sta->prev_igtk_rsc, igtk_rsc, 6); + + msg = nl80211_build_get_key(netdev_get_ifindex(ap->netdev), + ap->gtk_index); + sta->gtk_query_cmd_id = l_genl_family_send(ap->nl80211, msg, ap_gtk_query_cb, sta, NULL); + if (!sta->gtk_query_cmd_id) { + l_genl_msg_unref(msg); + l_error("Issuing GET_KEY failed"); + } +} + static void ap_stop_handshake_schedule(struct sta_state *sta) { if (sta->stop_handshake_work) @@ -1656,7 +1697,7 @@ static void ap_start_eap_wsc(struct sta_state *sta) handshake_state_set_event_func(sta->hs, ap_wsc_handshake_event, sta); handshake_state_set_8021x_config(sta->hs, sta->wsc_settings); - ap_start_handshake(sta, wait_for_eapol_start, NULL); + ap_start_handshake(sta, wait_for_eapol_start, NULL, NULL); } static struct l_genl_msg *ap_build_cmd_del_key(struct ap_state *ap, uint8_t index) @@ -1834,13 +1875,13 @@ static void ap_associate_sta_cb(struct l_genl_msg *msg, void *user_data) } if (ap->group_cipher == IE_RSN_CIPHER_SUITE_NO_GROUP_TRAFFIC) - ap_start_rsna(sta, NULL); + ap_start_rsna(sta, NULL, NULL); else { msg = nl80211_build_get_key(netdev_get_ifindex(ap->netdev), - ap->gtk_index); + sta->mfp ? ap->igtk_index : ap->gtk_index); sta->gtk_query_cmd_id = l_genl_family_send(ap->nl80211, msg, - ap_gtk_query_cb, - sta, NULL); + sta->mfp ? ap_igtk_query_cb : ap_gtk_query_cb, + sta, NULL); if (!sta->gtk_query_cmd_id) { l_genl_msg_unref(msg); l_error("Issuing GET_KEY failed"); @@ -2315,6 +2356,8 @@ static void ap_assoc_reassoc(struct sta_state *sta, bool reassoc, err = MMPDU_REASON_CODE_INVALID_GROUP_CIPHER; goto unsupported; } + + sta->mfp = rsn_info.mfpc && ap->mfpc; } /* 802.11-2016 11.3.5.3 j) */