3:48 a.m.
The kernel has two ways SET_KEY/NEW_KEY messages can be structured.
This implements parsers for the new key format.
---
monitor/nlmon.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 71 insertions(+), 1 deletion(-)
diff --git a/monitor/nlmon.c b/monitor/nlmon.c
index 728d7857..6ded9aa2 100644
--- a/monitor/nlmon.c
+++ b/monitor/nlmon.c
@@ -5863,6 +5863,76 @@ static void print_scan_flags(unsigned int level, const char
*label,
}
}
+static void print_key_type(unsigned int level, const char *label,
+ const void *data, uint16_t size)
+{
+ const uint8_t *ptr = data;
+ const char *str;
+
+ switch (*ptr) {
+ case NL80211_KEYTYPE_GROUP:
+ str = "Group";
+ break;
+ case NL80211_KEYTYPE_PAIRWISE:
+ str = "Pairwise";
+ break;
+ case NL80211_KEYTYPE_PEERKEY:
+ str = "Peerkey";
+ break;
+ default:
+ str = "Unknown";
+ }
+
+ print_attr(level, "%s: %s", label, str);
+}
+
+static void print_key_mode(unsigned int level, const char *label,
+ const void *data, uint16_t size)
+{
+ const uint8_t *ptr = data;
+ const char *str;
+
+ switch (*ptr) {
+ case NL80211_KEY_RX_TX:
+ str = "RX/TX";
+ break;
+ case NL80211_KEY_NO_TX:
+ str = "RX Only";
+ break;
+ case NL80211_KEY_SET_TX:
+ str = "Set TX";
+ break;
+ default:
+ str = "Unknown";
+ }
+
+ print_attr(level, "%s: %s", label, str);
+}
+
+static const struct attr_entry default_key_type_table[] = {
+ { NL80211_KEY_DEFAULT_TYPE_UNICAST, "Unicast", ATTR_FLAG },
+ { NL80211_KEY_DEFAULT_TYPE_MULTICAST, "Multicast", ATTR_FLAG },
+ { }
+};
+
+static const struct attr_entry key_table[] = {
+ { NL80211_KEY_DATA, "Key Data", ATTR_BINARY },
+ { NL80211_KEY_IDX, "Key Index", ATTR_U8 },
+ { NL80211_KEY_CIPHER, "Key Cipher", ATTR_CUSTOM,
+ { .function = print_cipher_suite } },
+ { NL80211_KEY_SEQ, "Key Sequence", ATTR_BINARY },
+ { NL80211_KEY_DEFAULT, "Default", ATTR_FLAG },
+ { NL80211_KEY_DEFAULT_MGMT, "Default Management", ATTR_FLAG },
+ { NL80211_KEY_TYPE, "Key Type", ATTR_CUSTOM,
+ { .function = print_key_type} },
+ { NL80211_KEY_DEFAULT_TYPES, "Default Key Types", ATTR_NESTED,
+ { default_key_type_table } },
+ { NL80211_KEY_MODE, "Key Mode", ATTR_CUSTOM,
+ { .function = print_key_mode } },
+ { NL80211_KEY_DEFAULT_BEACON, "Default Beacon", ATTR_FLAG },
+ { }
+};
+
static const struct attr_entry attr_table[] = {
{ NL80211_ATTR_WIPHY,
"Wiphy", ATTR_U32 },
@@ -6038,7 +6108,7 @@ static const struct attr_entry attr_table[] = {
{ NL80211_ATTR_PREV_BSSID,
"Previous BSSID", ATTR_ADDRESS },
{ NL80211_ATTR_KEY,
- "Key" },
+ "Key", ATTR_NESTED, { key_table } },
{ NL80211_ATTR_KEYS,
"Keys" },
{ NL80211_ATTR_PID,
--
2.31.1
3:48 a.m.
New subject: [PATCH 02/12] wiphy: add wiphy_supports_ext_key_id
---
src/wiphy.c | 5 +++++
src/wiphy.h | 1 +
2 files changed, 6 insertions(+)
diff --git a/src/wiphy.c b/src/wiphy.c
index e2222887..0ff10d46 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -433,6 +433,11 @@ bool wiphy_can_transition_disable(struct wiphy *wiphy)
return true;
}
+bool wiphy_supports_ext_key_id(struct wiphy *wiphy)
+{
+ return wiphy_has_ext_feature(wiphy, NL80211_EXT_FEATURE_EXT_KEY_ID);
+}
+
bool wiphy_supports_cmds_auth_assoc(struct wiphy *wiphy)
{
return wiphy->support_cmds_auth_assoc;
diff --git a/src/wiphy.h b/src/wiphy.h
index c32fd21e..d3bf16b8 100644
--- a/src/wiphy.h
+++ b/src/wiphy.h
@@ -86,6 +86,7 @@ bool wiphy_can_transition_disable(struct wiphy *wiphy);
bool wiphy_supports_cmds_auth_assoc(struct wiphy *wiphy);
bool wiphy_can_randomize_mac_addr(struct wiphy *wiphy);
bool wiphy_rrm_capable(struct wiphy *wiphy);
+bool wiphy_supports_ext_key_id(struct wiphy *wiphy);
bool wiphy_has_feature(struct wiphy *wiphy, uint32_t feature);
bool wiphy_has_ext_feature(struct wiphy *wiphy, uint32_t feature);
uint8_t wiphy_get_max_num_ssids_per_scan(struct wiphy *wiphy);
--
2.31.1
3:48 a.m.
New subject: [PATCH 03/12] handshake: add flags/key_index for extended key IDs
ext_key_id_capable indicates the handshake has set the capability bit
in the RSN info. This will only be set if the AP also has the capability
set.
use_ext_key_id indicates if extended key ID procedure should be used.
This is required because an AP may not send the KDE (even with capabilities
set) meaning we fall back to the legacy zero key index.
ptk_index is the key index the AP chose for a given rekey.
---
src/handshake.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/handshake.h b/src/handshake.h
index 36ccc3a2..e67e2c20 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -128,6 +128,7 @@ struct handshake_state {
bool support_fils : 1;
bool authenticator_ocvc : 1;
bool supplicant_ocvc : 1;
+ bool ext_key_id_capable : 1;
uint8_t ssid[32];
size_t ssid_len;
char *passphrase;
@@ -138,6 +139,8 @@ struct handshake_state {
uint8_t gtk_rsc[6];
uint8_t proto_version : 2;
unsigned int gtk_index;
+ bool use_ext_key_id : 1;
+ uint8_t ptk_index;
struct erp_cache_entry *erp_cache;
bool support_ip_allocation : 1;
uint32_t client_ip_addr;
--
2.31.1
3:48 a.m.
New subject: [PATCH 04/12] handshake: add callback for extended key IDs
The procedure for setting extended key IDs is different from the
single PTK key. The key ID is toggled between 0 and 1 and the new
key is set as RX only, then set to RX/TX after message 4/4 goes
out.
Since netdev needs to set this new key before message 4/4 a new
callback has been added to accomplish this. The callback itself
takes a callback so netdev can signal back to eapol that NEW_KEY
finished and message 4/4 can be sent.
---
src/handshake.c | 21 +++++++++++++++++++++
src/handshake.h | 12 ++++++++++++
2 files changed, 33 insertions(+)
diff --git a/src/handshake.c b/src/handshake.c
index 642a25a7..aa48c19d 100644
--- a/src/handshake.c
+++ b/src/handshake.c
@@ -76,6 +76,7 @@ static handshake_get_nonce_func_t get_nonce = handshake_get_nonce;
static handshake_install_tk_func_t install_tk = NULL;
static handshake_install_gtk_func_t install_gtk = NULL;
static handshake_install_igtk_func_t install_igtk = NULL;
+static handshake_install_rx_tk_func_t install_rx_tk = NULL;
void __handshake_set_get_nonce_func(handshake_get_nonce_func_t func)
{
@@ -97,6 +98,11 @@ void __handshake_set_install_igtk_func(handshake_install_igtk_func_t
func)
install_igtk = func;
}
+void __handshake_set_install_rx_tk_func(handshake_install_rx_tk_func_t func)
+{
+ install_rx_tk = func;
+}
+
void handshake_state_free(struct handshake_state *s)
{
__typeof__(s->free) destroy = s->free;
@@ -663,6 +669,21 @@ void handshake_state_install_ptk(struct handshake_state *s)
}
}
+void handshake_state_install_rx_ptk(struct handshake_state *s,
+ uint8_t key_idx,
+ handshake_install_rx_tk_cb_t callback,
+ void *user_data)
+{
+ if (install_rx_tk) {
+ uint32_t cipher =
+ ie_rsn_cipher_suite_to_cipher(s->pairwise_cipher);
+
+ install_rx_tk(s, key_idx, handshake_get_tk(s), cipher,
+ callback, user_data);
+ }
+}
+
+
void handshake_state_install_gtk(struct handshake_state *s,
uint16_t gtk_key_index,
const uint8_t *gtk, size_t gtk_len,
diff --git a/src/handshake.h b/src/handshake.h
index e67e2c20..303cffbf 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -78,11 +78,19 @@ typedef void (*handshake_install_igtk_func_t)(struct handshake_state
*hs,
const uint8_t *igtk, uint8_t igtk_len,
const uint8_t *ipn, uint8_t ipn_len,
uint32_t cipher);
+typedef void (*handshake_install_rx_tk_cb_t)(bool success, void *user_data);
+typedef void (*handshake_install_rx_tk_func_t)(struct handshake_state *hs,
+ uint8_t key_idx,
+ const uint8_t *tk,
+ uint32_t cipher,
+ handshake_install_rx_tk_cb_t callback,
+ void *user_data);
void __handshake_set_get_nonce_func(handshake_get_nonce_func_t func);
void __handshake_set_install_tk_func(handshake_install_tk_func_t func);
void __handshake_set_install_gtk_func(handshake_install_gtk_func_t func);
void __handshake_set_install_igtk_func(handshake_install_igtk_func_t func);
+void __handshake_set_install_rx_tk_func(handshake_install_rx_tk_func_t func);
struct handshake_state {
uint32_t ifindex;
@@ -227,6 +235,10 @@ size_t handshake_state_get_kek_len(struct handshake_state *s);
const uint8_t *handshake_state_get_kek(struct handshake_state *s);
void handshake_state_install_ptk(struct handshake_state *s);
+void handshake_state_install_rx_ptk(struct handshake_state *s,
+ uint8_t key_idx,
+ handshake_install_rx_tk_cb_t callback,
+ void *user_data);
void handshake_state_install_gtk(struct handshake_state *s,
uint16_t gtk_key_index,
const uint8_t *gtk, size_t gtk_len,
--
2.31.1
6:43 a.m.
New subject: [PATCH 04/12] handshake: add callback for extended key IDs
Hi James,
On 10/4/21 11:48 AM, James Prestwood wrote:
The procedure for setting extended key IDs is different from the
single PTK key. The key ID is toggled between 0 and 1 and the new
key is set as RX only, then set to RX/TX after message 4/4 goes
out.
So the problem is that we don't really know when the message actually goes out.
We know when we queue it, and CONTROL_PORT sort of helps with that. But in
the case of PAE socket, we only know we copied it over to the kernel buffers,
not that it has actually went out.
There's some sort of CMSG that the kernel sends when the message has been
"transmitted" and acked. There is now a similar mechanism for CONTROL_PORT
messages now with CONTROL_PORT_TX_STATUS. We could use this mechanism, but
you'd really need an async callback for this as well. Still, I'm not sure that
waiting for the ack is what the spec intends here.
Since netdev needs to set this new key before message 4/4 a new
callback has been added to accomplish this. The callback itself
takes a callback so netdev can signal back to eapol that NEW_KEY
It might have been easier to just add a handshake_state_ext_key_toggled_to_rx or
something. But my main concern is that eapol.c isn't really meant to be
re-entrant in the way you're proposing to do here. I wonder what can of worms
this opens up...
Do note that with CONTROL PORT over 80211, this is really not needed. The
control port messages will be transmitted in order given. The only issue is
really use of legacy PAE sockets. We can handle this in one of two ways:
1. Turn off EXT_KEY_ID if CONTROL_PORT isn't supported
2. Have netdev check whether an outstanding SET_KEY command is pending (to
toggle the current TK to RX-only) and delay the send over PAE until that command
returns.
#2 might need to take some care, but overall I think this would be a better
strategy than making eapol re-entrant.
finished and message 4/4 can be sent.
---
src/handshake.c | 21 +++++++++++++++++++++
src/handshake.h | 12 ++++++++++++
2 files changed, 33 insertions(+)
<snip>
diff --git a/src/handshake.h b/src/handshake.h
index e67e2c20..303cffbf 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -78,11 +78,19 @@ typedef void (*handshake_install_igtk_func_t)(struct handshake_state
*hs,
const uint8_t *igtk, uint8_t igtk_len,
const uint8_t *ipn, uint8_t ipn_len,
uint32_t cipher);
+typedef void (*handshake_install_rx_tk_cb_t)(bool success, void *user_data);
+typedef void (*handshake_install_rx_tk_func_t)(struct handshake_state *hs,
I wonder if the naming should be different. You're really setting the current
TK as read-only and not for transmission. So something that conveys this
meaning better would be nice.
+ uint8_t key_idx,
+ const uint8_t *tk,
+ uint32_t cipher,
+ handshake_install_rx_tk_cb_t callback,
+ void *user_data);
void __handshake_set_get_nonce_func(handshake_get_nonce_func_t func);
void __handshake_set_install_tk_func(handshake_install_tk_func_t func);
void __handshake_set_install_gtk_func(handshake_install_gtk_func_t func);
void __handshake_set_install_igtk_func(handshake_install_igtk_func_t func);
+void __handshake_set_install_rx_tk_func(handshake_install_rx_tk_func_t func);
struct handshake_state {
uint32_t ifindex;
@@ -227,6 +235,10 @@ size_t handshake_state_get_kek_len(struct handshake_state *s);
const uint8_t *handshake_state_get_kek(struct handshake_state *s);
void handshake_state_install_ptk(struct handshake_state *s);
+void handshake_state_install_rx_ptk(struct handshake_state *s,
+ uint8_t key_idx,
+ handshake_install_rx_tk_cb_t callback,
+ void *user_data);
void handshake_state_install_gtk(struct handshake_state *s,
uint16_t gtk_key_index,
const uint8_t *gtk, size_t gtk_len,
Regards,
-Denis
3:48 a.m.
New subject: [PATCH 05/12] eapol: support extended key IDs
802.11 added Extended Key IDs which aim to solve the issue of PTK
key replacement during rekeys. Since swapping out the existing PTK
may result in data loss because there may be in flight packets still
using the old PTK.
Extended Key IDs use two key IDs for the PTK, which toggle between
0 and 1. During a rekey a new PTK is derived which uses the key ID
not already taken by the existing PTK. This new PTK is added as RX
only, then message 4/4 is sent. This ensure message 4 is encrypted
using the previous PTK. Once sent, the new PTK can be modified to
both RX and TX and the rekey is complete.
To handle this in eapol the extended key ID KDE is parsed which
gives us the new PTK key index. Using the new handshake callbacks
an RX only PTK is installed into the kernel. Once that completes
eapol gets called back and message 4 is sent. Then the existing
handshake_state_install_ptk is used which will handle setting the
new PTK as RX/TX rather than installing the PTK (again).
---
src/eapol.c | 105 +++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 91 insertions(+), 14 deletions(-)
diff --git a/src/eapol.c b/src/eapol.c
index 07120fdb..02920180 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -860,6 +860,8 @@ struct eapol_sm {
uint8_t installed_igtk_len;
uint8_t installed_igtk[CRYPTO_MAX_IGTK_LEN];
unsigned int mic_len;
+ struct eapol_key *step4;
+ bool rekey : 1;
};
static void eapol_sm_destroy(void *value)
@@ -873,6 +875,7 @@ static void eapol_sm_destroy(void *value)
eap_free(sm->eap);
l_free(sm->early_frame);
+ l_free(sm->step4);
eapol_frame_watch_remove(sm->watch_id);
@@ -1223,6 +1226,9 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
return;
}
+ if (sm->handshake->ptk_complete)
+ sm->rekey = true;
+
handshake_state_new_snonce(sm->handshake);
handshake_state_set_anonce(sm->handshake, ek->key_nonce);
@@ -1634,6 +1640,44 @@ static int eapol_ie_matches(const void *ies, size_t ies_len,
return -ENOENT;
}
+static void eapol_finish_ptk_3_of_4(struct eapol_sm *sm,
+ struct eapol_key *step4,
+ bool unencrypted)
+{
+ struct handshake_state *hs = sm->handshake;
+ const uint8_t *kck = handshake_state_get_kck(hs);
+ const uint8_t *kek = handshake_state_get_kek(hs);
+
+ eapol_sm_write(sm, (struct eapol_frame *) step4, unencrypted);
+
+ if (hs->ptk_complete)
+ return;
+
+ handshake_state_install_ptk(hs);
+
+ if (rekey_offload)
+ rekey_offload(hs->ifindex, kek, kck,
+ sm->replay_counter, sm->user_data);
+
+ l_timeout_remove(sm->timeout);
+ sm->timeout = NULL;
+}
+
+static void eapol_rx_ptk_cb(bool success, void *user_data)
+{
+ struct eapol_sm *sm = user_data;
+
+ /* Netdev will take care of notifying of key setting failure */
+ if (!success)
+ goto done;
+
+ eapol_finish_ptk_3_of_4(sm, sm->step4, false);
+
+done:
+ l_free(sm->step4);
+ sm->step4 = NULL;
+}
+
static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
const struct eapol_key *ek,
const uint8_t *decrypted_key_data,
@@ -1642,13 +1686,14 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
{
struct handshake_state *hs = sm->handshake;
const uint8_t *kck;
- const uint8_t *kek;
struct eapol_key *step4;
uint8_t mic[MIC_MAXLEN];
const uint8_t *gtk = NULL;
size_t gtk_len;
const uint8_t *igtk = NULL;
size_t igtk_len;
+ const uint8_t *key_id = NULL;
+ size_t key_id_len;
const uint8_t *rsne;
struct ie_rsn_info rsn_info;
const uint8_t *optional_rsne = NULL;
@@ -1856,6 +1901,41 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
} else
igtk = NULL;
+ key_id = handshake_util_find_kde(HANDSHAKE_KDE_KEY_ID,
+ decrypted_key_data,
+ decrypted_key_data_size, &key_id_len);
+ if (key_id && hs->ext_key_id_capable) {
+ uint8_t idx;
+
+ if (key_id_len != 2) {
+ l_error("invalid Key ID KDE format");
+ handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
+ return;
+ }
+
+ idx = bit_field(key_id[0], 0, 2);
+
+ /*
+ * IEEE 802.11-2020 - 12.7.6.4 4-way handshake message 3
+ * "... the Authenticator assigns a new Key ID for the PTKSA in
+ * the range of 0 to 1 that is different from the Key ID
+ * assigned in the previous handshake"
+ */
+ if (idx != 0 && idx != 1 && idx != hs->ptk_index) {
+ l_error("invalid Key ID KDE value (%u)", idx);
+ handshake_failed(sm, MMPDU_REASON_CODE_UNSPECIFIED);
+ return;
+ }
+
+ hs->ptk_index = idx;
+
+ /* initial connection's don't do the RX only key dance */
+ if (sm->rekey)
+ hs->use_ext_key_id = true;
+
+ l_debug("using Extended key ID %u", hs->ptk_index);
+ }
+
if (hs->support_ip_allocation) {
size_t len;
const uint8_t *ip_alloc_kde =
@@ -1911,7 +1991,6 @@ retransmit:
hs->wpa_ie, sm->mic_len);
kck = handshake_state_get_kck(hs);
- kek = handshake_state_get_kek(hs);
if (sm->mic_len) {
if (!eapol_calculate_mic(hs->akm_suite, kck,
@@ -1934,12 +2013,6 @@ retransmit:
}
}
- eapol_sm_write(sm, (struct eapol_frame *) step4, unencrypted);
- l_free(step4);
-
- if (hs->ptk_complete)
- return;
-
/*
* For WPA1 the group handshake should be happening after we set the
* ptk, this flag tells netdev to wait for the gtk/igtk before
@@ -1954,14 +2027,18 @@ retransmit:
if (igtk)
eapol_install_igtk(sm, igtk_key_index, igtk, igtk_len);
- handshake_state_install_ptk(hs);
+ if (hs->use_ext_key_id && sm->rekey) {
+ sm->rekey = false;
+ sm->step4 = step4;
- if (rekey_offload)
- rekey_offload(hs->ifindex, kek, kck,
- sm->replay_counter, sm->user_data);
+ handshake_state_install_rx_ptk(hs, hs->ptk_index,
+ eapol_rx_ptk_cb, sm);
- l_timeout_remove(sm->timeout);
- sm->timeout = NULL;
+ return;
+ }
+
+ eapol_finish_ptk_3_of_4(sm, step4, unencrypted);
+ l_free(step4);
return;
--
2.31.1
3:48 a.m.
New subject: [PATCH 06/12] netdev: support RX only and TX modify keys
This implements the new handshake callback for setting an RX only
key. This uses NEW_KEY as well as the new kernel key format. Once
the NEW_KEY callback comes in netdev calls back into eapol with
success or failure. If successful eapol will ultimately set the
PTK again after sending message 4. netdev_set_tk was modified to
handle this new case and rather than set the new key, it does
SET_KEY to modify the new PTK as TX/RX.
---
src/netdev.c | 144 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 144 insertions(+)
diff --git a/src/netdev.c b/src/netdev.c
index c6867ce3..8847c4a9 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -170,6 +170,9 @@ struct netdev {
struct l_queue *ft_ds_list;
+ handshake_install_rx_tk_cb_t rx_tk_cb;
+ void *rx_tk_data;
+
bool connected : 1;
bool associated : 1;
bool operational : 1;
@@ -1731,6 +1734,34 @@ error:
netdev_setting_keys_failed(nhs, err);
}
+static void netdev_new_rx_pairwise_key_cb(struct l_genl_msg *msg, void *data)
+{
+ struct netdev_handshake_state *nhs = data;
+ struct netdev *netdev = nhs->netdev;
+ int err = l_genl_msg_get_error(msg);
+
+ nhs->pairwise_new_key_cmd_id = 0;
+
+ netdev->rx_tk_cb(err == 0, netdev->rx_tk_data);
+
+ netdev->rx_tk_cb = NULL;
+ netdev->rx_tk_data = NULL;
+
+ if (err < 0) {
+ const char *ext_error = l_genl_msg_get_extended_error(msg);
+
+ l_error("New Key for RX Pairwise Key failed for ifindex: %d:%s",
+ netdev->index,
+ ext_error ? ext_error : strerror(-err));
+ goto error;
+ }
+
+ return;
+
+error:
+ netdev_setting_keys_failed(nhs, err);
+}
+
static struct l_genl_msg *netdev_build_cmd_new_key_pairwise(
struct netdev *netdev,
uint32_t cipher,
@@ -1752,6 +1783,54 @@ static struct l_genl_msg *netdev_build_cmd_new_key_pairwise(
return msg;
}
+static struct l_genl_msg *netdev_build_cmd_new_rx_key_pairwise(
+ struct netdev *netdev,
+ uint32_t cipher,
+ const uint8_t *aa,
+ const uint8_t *tk,
+ size_t tk_len,
+ uint8_t key_id)
+{
+ uint8_t key_mode = NL80211_KEY_NO_TX;
+ uint32_t key_type = NL80211_KEYTYPE_PAIRWISE;
+ struct l_genl_msg *msg;
+
+ msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);
+
+ l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, aa);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
+
+ l_genl_msg_enter_nested(msg, NL80211_ATTR_KEY);
+
+ l_genl_msg_append_attr(msg, NL80211_KEY_DATA, tk_len, tk);
+ l_genl_msg_append_attr(msg, NL80211_KEY_CIPHER, 4, &cipher);
+ l_genl_msg_append_attr(msg, NL80211_KEY_IDX, 1, &key_id);
+ l_genl_msg_append_attr(msg, NL80211_KEY_MODE, 1, &key_mode);
+ l_genl_msg_append_attr(msg, NL80211_KEY_TYPE, 4, &key_type);
+
+ l_genl_msg_leave_nested(msg);
+
+ return msg;
+}
+
+static struct l_genl_msg *netdev_build_cmd_set_key_tx(struct netdev *netdev)
+{
+ uint8_t key_mode = NL80211_KEY_SET_TX;
+ struct l_genl_msg *msg = l_genl_msg_new_sized(NL80211_CMD_SET_KEY, 512);
+
+ l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN,
+ netdev->handshake->aa);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
+
+ l_genl_msg_enter_nested(msg, NL80211_ATTR_KEY);
+ l_genl_msg_append_attr(msg, NL80211_KEY_IDX, 1,
+ &netdev->handshake->ptk_index);
+ l_genl_msg_append_attr(msg, NL80211_KEY_MODE, 1, &key_mode);
+ l_genl_msg_leave_nested(msg);
+
+ return msg;
+}
+
static void netdev_group_timeout_cb(struct l_timeout *timeout, void *user_data)
{
struct netdev_handshake_state *nhs = user_data;
@@ -1776,6 +1855,61 @@ static void netdev_group_timeout_cb(struct l_timeout *timeout, void
*user_data)
netdev_connect_ok(nhs->netdev);
}
+static void netdev_set_tx_tk(struct handshake_state *hs)
+{
+ struct netdev_handshake_state *nhs =
+ l_container_of(hs, struct netdev_handshake_state, super);
+ struct netdev *netdev = nhs->netdev;
+ struct l_genl_msg *msg = netdev_build_cmd_set_key_tx(netdev);
+
+ nhs->pairwise_new_key_cmd_id =
+ l_genl_family_send(nl80211, msg, netdev_new_pairwise_key_cb,
+ nhs, NULL);
+ if (nhs->pairwise_new_key_cmd_id > 0)
+ return;
+
+ l_genl_msg_unref(msg);
+
+ netdev_setting_keys_failed(nhs, -EIO);
+}
+
+static void netdev_set_rx_tk(struct handshake_state *hs, uint8_t key_idx,
+ const uint8_t *tk, uint32_t cipher,
+ handshake_install_rx_tk_cb_t callback,
+ void *user_data)
+{
+ struct netdev_handshake_state *nhs =
+ l_container_of(hs, struct netdev_handshake_state, super);
+ uint8_t tk_buf[32];
+ struct netdev *netdev = nhs->netdev;
+ struct l_genl_msg *msg;
+ const uint8_t *addr = netdev_choose_key_address(nhs);
+ int err;
+
+ err = -ENOENT;
+ if (!netdev_copy_tk(tk_buf, tk, cipher, false))
+ goto invalid_key;
+
+ msg = netdev_build_cmd_new_rx_key_pairwise(netdev, cipher, addr, tk_buf,
+ crypto_cipher_key_len(cipher),
+ hs->ptk_index);
+ nhs->pairwise_new_key_cmd_id =
+ l_genl_family_send(nl80211, msg, netdev_new_rx_pairwise_key_cb,
+ nhs, NULL);
+
+ if (nhs->pairwise_new_key_cmd_id > 0) {
+ netdev->rx_tk_cb = callback;
+ netdev->rx_tk_data = user_data;
+ return;
+ }
+
+ err = -EIO;
+ l_genl_msg_unref(msg);
+
+invalid_key:
+ netdev_setting_keys_failed(nhs, err);
+}
+
static void netdev_set_tk(struct handshake_state *hs,
const uint8_t *tk, uint32_t cipher)
{
@@ -1819,6 +1953,15 @@ static void netdev_set_tk(struct handshake_state *hs,
l_debug("%d", netdev->index);
+ /*
+ * The new PTK has been installed, message 4/4 sent, now enable TX on
+ * the new key
+ */
+ if (hs->use_ext_key_id && nhs->complete) {
+ netdev_set_tx_tk(hs);
+ return;
+ }
+
err = -ENOENT;
if (!netdev_copy_tk(tk_buf, tk, cipher, false))
goto invalid_key;
@@ -6250,6 +6393,7 @@ static int netdev_init(void)
__handshake_set_install_tk_func(netdev_set_tk);
__handshake_set_install_gtk_func(netdev_set_gtk);
__handshake_set_install_igtk_func(netdev_set_igtk);
+ __handshake_set_install_rx_tk_func(netdev_set_rx_tk);
__eapol_set_rekey_offload_func(netdev_set_rekey_offload);
__eapol_set_tx_packet_func(netdev_control_port_frame);
--
2.31.1
3:48 a.m.
New subject: [PATCH 07/12] station: set extended key capability
If wiphy and the AP suppor it, set the Extended Key ID capability
bit in the RSN info and set the handshake to use it.
---
src/station.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/station.c b/src/station.c
index f12cdde5..5605142d 100644
--- a/src/station.c
+++ b/src/station.c
@@ -1087,6 +1087,12 @@ build_ie:
info.ocvc = !disable_ocv;
+ /* Extended Key IDs can only be used if supported by both AP and STA */
+ if (wiphy_supports_ext_key_id(wiphy) && bss_info.extended_key_id) {
+ info.extended_key_id = true;
+ hs->ext_key_id_capable = true;
+ }
+
/* RSN takes priority */
if (bss->rsne) {
ap_ie = bss->rsne;
--
2.31.1
3:48 a.m.
New subject: [PATCH 08/12] auto-t: iwd.py: make wait() a static method
This allows it to be used without initializing an IWD class:
IWD.wait(1)
---
autotests/util/iwd.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/autotests/util/iwd.py b/autotests/util/iwd.py
index 63b526fd..d6a7fe06 100755
--- a/autotests/util/iwd.py
+++ b/autotests/util/iwd.py
@@ -1133,7 +1133,8 @@ class IWD(AsyncOpAbstract):
' condition was not met in '\
+ str(max_wait) + ' sec'))
- def wait(self, time):
+ @staticmethod
+ def wait(time):
ctx.non_block_wait(lambda : False, time, exception=False)
@staticmethod
--
2.31.1
3:48 a.m.
New subject: [PATCH 09/12] nl80211util: set multicast on new group keys
This may not be required, but when working with extended key IDs
setting the key mode makes each NEW_KEY explicit whether or not
its the GTK or PTK key.
---
src/nl80211util.c | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/src/nl80211util.c b/src/nl80211util.c
index d9d4819d..d663c6dc 100644
--- a/src/nl80211util.c
+++ b/src/nl80211util.c
@@ -247,6 +247,7 @@ struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex,
uint32_t cipher
size_t ctr_len, const uint8_t *addr)
{
struct l_genl_msg *msg;
+ uint32_t type = NL80211_KEYTYPE_GROUP;
msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);
@@ -263,16 +264,11 @@ struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex,
uint32_t cipher
if (ctr)
l_genl_msg_append_attr(msg, NL80211_KEY_SEQ, ctr_len, ctr);
- if (addr) {
- uint32_t type = NL80211_KEYTYPE_GROUP;
-
- l_genl_msg_append_attr(msg, NL80211_KEY_TYPE, 4, &type);
- l_genl_msg_enter_nested(msg, NL80211_KEY_DEFAULT_TYPES);
- l_genl_msg_append_attr(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST,
+ l_genl_msg_append_attr(msg, NL80211_KEY_TYPE, 4, &type);
+ l_genl_msg_enter_nested(msg, NL80211_KEY_DEFAULT_TYPES);
+ l_genl_msg_append_attr(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST,
0, NULL);
- l_genl_msg_leave_nested(msg);
- }
-
+ l_genl_msg_leave_nested(msg);
l_genl_msg_leave_nested(msg);
return msg;
--
2.31.1
3:49 a.m.
New subject: [PATCH 10/12] auto-t: hostapd.py: separate GTK and PTK rekeys
REKEY_GTK kicks off the GTK only handshake where REKEY_PTK does
both (via the 4-way). The way this utility was written was causing
hostapd some major issues since both REKEY_GTK and REKEY_PTK was
used.
Instead if address is set only do REKEY_PTK. This will also rekey
the GTK via the 4-way handshake.
If no address is set do REKEY_GTK which will only rekey the GTK.
---
autotests/util/hostapd.py | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/autotests/util/hostapd.py b/autotests/util/hostapd.py
index 9f2dc745..22802be6 100644
--- a/autotests/util/hostapd.py
+++ b/autotests/util/hostapd.py
@@ -202,11 +202,15 @@ class HostapdCLI(object):
cmd = self.cmdline + ['req_beacon', addr, request]
ctx.start_process(cmd).wait()
- def rekey(self, address):
+ def rekey(self, address=None):
+ if address:
+ cmd = 'REKEY_PTK %s' % address
+ self.ctrl_sock.sendall(cmd.encode('utf-8'))
+ self.wait_for_event('EAPOL-4WAY-HS-COMPLETED')
+ return
+
cmd = 'REKEY_GTK'
self.ctrl_sock.sendall(cmd.encode('utf-8'))
- cmd = 'REKEY_PTK %s' % address
- self.ctrl_sock.sendall(cmd.encode('utf-8'))
@property
def bssid(self):
--
2.31.1
3:49 a.m.
New subject: [PATCH 11/12] auto-t: Add test for extended key IDs
---
.../testWPA2-ext-key-id/connection_test.py | 65 +++++++++++++++++++
autotests/testWPA2-ext-key-id/hw.conf | 5 ++
autotests/testWPA2-ext-key-id/ssidCCMP.conf | 11 ++++
3 files changed, 81 insertions(+)
create mode 100644 autotests/testWPA2-ext-key-id/connection_test.py
create mode 100644 autotests/testWPA2-ext-key-id/hw.conf
create mode 100644 autotests/testWPA2-ext-key-id/ssidCCMP.conf
diff --git a/autotests/testWPA2-ext-key-id/connection_test.py
b/autotests/testWPA2-ext-key-id/connection_test.py
new file mode 100644
index 00000000..6361d9bd
--- /dev/null
+++ b/autotests/testWPA2-ext-key-id/connection_test.py
@@ -0,0 +1,65 @@
+#!/usr/bin/python3
+
+import unittest
+import sys
+
+sys.path.append('../util')
+import iwd
+from iwd import IWD
+from iwd import PSKAgent
+from iwd import NetworkType
+from hostapd import HostapdCLI
+import testutil
+
+class Test(unittest.TestCase):
+
+ def test_connection_success(self):
+ hapd = HostapdCLI('ssidCCMP.conf')
+ wd = IWD()
+
+ psk_agent = PSKAgent("secret123")
+ wd.register_psk_agent(psk_agent)
+
+ devices = wd.list_devices(1)
+ device = devices[0]
+
+ ordered_network = device.get_ordered_network('ssidCCMP')
+
+ self.assertEqual(ordered_network.type, NetworkType.psk)
+
+ condition = 'not obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+ ordered_network.network_object.connect()
+
+ condition = 'obj.state == DeviceState.connected'
+ wd.wait_for_object_condition(device, condition)
+
+ testutil.test_iface_operstate()
+ testutil.test_ifaces_connected()
+
+ # Rekey 5 times just to make sure the key ID can be toggled back and
+ # forth without causing problems.
+ for i in range(5):
+ hapd.rekey(device.address)
+
+ testutil.test_iface_operstate()
+ testutil.test_ifaces_connected()
+
+ device.disconnect()
+
+ condition = 'not obj.connected'
+ wd.wait_for_object_condition(ordered_network.network_object, condition)
+
+ wd.unregister_psk_agent(psk_agent)
+
+ @classmethod
+ def setUpClass(cls):
+ pass
+
+ @classmethod
+ def tearDownClass(cls):
+ IWD.clear_storage()
+
+if __name__ == '__main__':
+ unittest.main(exit=True)
diff --git a/autotests/testWPA2-ext-key-id/hw.conf
b/autotests/testWPA2-ext-key-id/hw.conf
new file mode 100644
index 00000000..fad15b88
--- /dev/null
+++ b/autotests/testWPA2-ext-key-id/hw.conf
@@ -0,0 +1,5 @@
+[SETUP]
+num_radios=2
+
+[HOSTAPD]
+rad0=ssidCCMP.conf
diff --git a/autotests/testWPA2-ext-key-id/ssidCCMP.conf
b/autotests/testWPA2-ext-key-id/ssidCCMP.conf
new file mode 100644
index 00000000..b52bfb7c
--- /dev/null
+++ b/autotests/testWPA2-ext-key-id/ssidCCMP.conf
@@ -0,0 +1,11 @@
+hw_mode=g
+channel=1
+ssid=ssidCCMP
+
+wpa=2
+wpa_pairwise=CCMP
+wpa_passphrase=secret123
+
+ieee80211w=2
+wpa_key_mgmt=WPA-PSK-SHA256
+extended_key_id=1
--
2.31.1
3:49 a.m.
New subject: [PATCH 12/12] auto-t: update rekey() use to not wait for event
The hostapd event wait was moved into rekey() itself.
---
autotests/testFILS/fils_256_test.py | 1 -
autotests/testFILS/fils_384_test.py | 1 -
autotests/testFT-FILS/connection_test.py | 1 -
autotests/testPSK-roam/connection_test.py | 1 -
4 files changed, 4 deletions(-)
diff --git a/autotests/testFILS/fils_256_test.py b/autotests/testFILS/fils_256_test.py
index 02fad28e..a4e58715 100644
--- a/autotests/testFILS/fils_256_test.py
+++ b/autotests/testFILS/fils_256_test.py
@@ -56,7 +56,6 @@ class Test(unittest.TestCase):
testutil.test_ifaces_connected(device.name, hapd.ifname)
hapd.rekey(device.address)
- hapd.wait_for_event('EAPOL-4WAY-HS-COMPLETED')
device.disconnect()
diff --git a/autotests/testFILS/fils_384_test.py b/autotests/testFILS/fils_384_test.py
index 8ecd2fec..e6550a17 100644
--- a/autotests/testFILS/fils_384_test.py
+++ b/autotests/testFILS/fils_384_test.py
@@ -56,7 +56,6 @@ class Test(unittest.TestCase):
testutil.test_ifaces_connected(device.name, hapd.ifname)
hapd.rekey(device.address)
- hapd.wait_for_event('EAPOL-4WAY-HS-COMPLETED')
device.disconnect()
diff --git a/autotests/testFT-FILS/connection_test.py
b/autotests/testFT-FILS/connection_test.py
index d1389cea..14025a3b 100644
--- a/autotests/testFT-FILS/connection_test.py
+++ b/autotests/testFT-FILS/connection_test.py
@@ -96,7 +96,6 @@ class Test(unittest.TestCase):
(self.bss_hostapd[0].ifname, device.name, True, True))
self.bss_hostapd[1].rekey(device.address)
- self.bss_hostapd[1].wait_for_event('EAPOL-4WAY-HS-COMPLETED')
def test_fils_ft_roam_sha256(self):
wd = IWD(True)
diff --git a/autotests/testPSK-roam/connection_test.py
b/autotests/testPSK-roam/connection_test.py
index d1beb010..ee50e4a7 100644
--- a/autotests/testPSK-roam/connection_test.py
+++ b/autotests/testPSK-roam/connection_test.py
@@ -81,7 +81,6 @@ class Test(unittest.TestCase):
(self.bss_hostapd[0].ifname, device.name, True, True))
self.bss_hostapd[1].rekey(device.address)
- self.bss_hostapd[1].wait_for_event('EAPOL-4WAY-HS-COMPLETED')
device.roam(self.bss_hostapd[0].bssid)
--
2.31.1
5:43 a.m.
Hi James,
On 10/4/21 11:48 AM, James Prestwood wrote:
The kernel has two ways SET_KEY/NEW_KEY messages can be structured.
This implements parsers for the new key format.
---
monitor/nlmon.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 71 insertions(+), 1 deletion(-)
Patch 1 & 2 applied, thanks.
Regards,
-Denis
349
days inactive
349
days old
13 comments
2 participants
participants (2)
-
Denis Kenzior -
James Prestwood