From patchwork Mon Mar 5 14:37:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Janusz Dziedzic X-Patchwork-Id: 881526 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="MahFXo2j"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="iNCWPLeS"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zw2ZR5SHFz9s4X for ; Tue, 6 Mar 2018 01:38:07 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=+zlSq8oBUN6fIQfOvhljhAQeHYbzA6imnfzyc1bX9go=; b=Mah FXo2j41hzt+2XEyUGAZLNbuNF7owkzldewsfsZPSLVkeamW3WOGLv08L3jDTOqqhD5gY9UZhzGN2r qtyLuSjHkNzu0Hx2RPsopd7VRUSEBzPTLjfmOKlycXh6Y/GNS7E9tmowoDczyRcDIyZzNYD0OhI6h wOTD+/HT610pWy6abELmBl4ynhe+7A1OJ0HDWFrgdj0IMZcFwUjLdtilP7s3Y/A9fAr/ExXbPnxcq GFbBeTu1M0HSbVSpF1L7/L2nSTbGkQBWjLgCE5eVMgyb7OtjuL/DTW6U10b/c5CYGTY5YLeeuzCyt 3GRY0hQkgDPwGE9FTr3+nQzDQLhnPhA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux)) id 1esrFP-00075Y-Ld; Mon, 05 Mar 2018 14:37:51 +0000 Received: from mail-wm0-x244.google.com ([2a00:1450:400c:c09::244]) by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux)) id 1esrF9-00073C-AE for hostap@lists.infradead.org; Mon, 05 Mar 2018 14:37:36 +0000 Received: by mail-wm0-x244.google.com with SMTP id q83so16347953wme.5 for ; Mon, 05 Mar 2018 06:37:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=AfTPjYNmwWxBv1jR9BhCMgZ7lWT7GIK5mAIigQKWwU4=; b=iNCWPLeS1qL4pBPA0CY19VFj9NUdhjDr7iyqR6z49z2qmAcXPjyfJfOEqCVbEkZOFS UvCAjKkig107L5/l6j4irTCCKwgHGMK6N5FM05rcm47u2LaOe6AwruTCRJ5cYYmkK+cn sq74slVDGuvN7WXZSA0v9+DnGdBrs7gQybPLh4vVD9w/4TzUmNchKc0YYzwJLdgPqDR+ WQ7j5hIj4b2huEooltyqtb2/IK1857IKjlgYsfgXYDWWBl2GaDjaYMGDaHELyMTvRn/k hp4TCFjOmevMEecAGdw5bE2LAakHi2tT6SNpAllJDo8QEVgVXtLhT5CbcLXys74lMrAv wGaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=AfTPjYNmwWxBv1jR9BhCMgZ7lWT7GIK5mAIigQKWwU4=; b=Mj5hCNDZ2Pj29cL/GI4m3R+6kjJ7RGZptefxrHFRwjMfeZyw6Ec/51BZtnTNnZCE+8 TGZiYgKoPLpStfRMvy5EuQfgm4zA3DOGfga2998NfMJC9AZtev93e/N1RQDeLTeVnnFF 9fncc7gbYy49NUVODFnLIXol/Sp5xb9JlEuYGXKTWQL/9YJ8/zxy8Pj7OndqBTgzW03T /smQAiIxKjLFvJcYXTVpAOBVppXsXQBzKSZb8f+PNrgMejsH2cRXUnciraWipBBKZGUl 3//YV4BJu96rKKmBd5jh14PbRQUl7eM1IxKf5KrzKLXl7ccwKBJ8l7NjG38Fhy+Cuuw/ Sp6Q== X-Gm-Message-State: AElRT7E7yOHf8ngWCD0vzZjYGDQX+JaUXl+5fZZrIfDnxWQq2w1ecmL0 Ie+5FBLgT5KjvBLco6+0oq/FMe33 X-Google-Smtp-Source: AG47ELvCTpmq1rBJF7lAxdEzNe5GW1DHV3GiRm+3ksnUZ+Ka4ddM7nYyugNUvSvMQhHK25lsivhNJA== X-Received: by 10.28.174.80 with SMTP id x77mr8749966wme.130.1520260642759; Mon, 05 Mar 2018 06:37:22 -0800 (PST) Received: from t560.lj.wildfire.exchange ([213.250.20.88]) by smtp.gmail.com with ESMTPSA id f8sm4307542wmc.1.2018.03.05.06.37.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 05 Mar 2018 06:37:21 -0800 (PST) From: Janusz Dziedzic To: hostap@lists.infradead.org Subject: [PATCH] hostapd: FT, fix interop connection issue Date: Mon, 5 Mar 2018 15:37:10 +0100 Message-Id: <20180305143710.3764-1-janusz.dziedzic@gmail.com> X-Mailer: git-send-email 2.9.3 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180305_063735_442461_D83045AA X-CRM114-Status: GOOD ( 14.02 ) X-Spam-Score: -2.0 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a00:1450:400c:c09:0:0:0:244 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (janusz.dziedzic[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: j@w1.fi, Janusz Dziedzic MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Janusz Dziedzic While configure AP for FT-PSK and WPA-PSK, HP printer in assoc frame request both AKMs, but don't add MDIE and don't use FT. Next in logs we see: RSN: Trying to use FT, but MDIE not included IE - hexdump(len=26): 30 18 01 00 00 0f ac 04 01 00 00 0f ac 04 02 00 00 0f ac 02 00 0f ac 04 00 00 This is seen with some HP and Epson printers. This patch strip FT when MDIE is not present and there is still non-FT key mgmt available. Signed-off-by: Janusz Dziedzic --- src/ap/wpa_auth_ie.c | 7 +++++++ src/common/defs.h | 19 ++++++++++++++----- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 28db952..2ea081b 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -539,6 +539,13 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, if (version == WPA_PROTO_RSN) { res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data); + if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie && + !wpa_key_mgmt_only_ft(data.key_mgmt)) { + wpa_printf(MSG_DEBUG, "RSN: FT set in AKM but MDIE is missing, " + "stripping FT because there's still non-FT key mgmt available"); + data.key_mgmt &= ~WPA_KEY_MGMT_FT; + } + selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; if (0) { } diff --git a/src/common/defs.h b/src/common/defs.h index 1de099f..38f5059 100644 --- a/src/common/defs.h +++ b/src/common/defs.h @@ -58,6 +58,12 @@ typedef enum { FALSE = 0, TRUE = 1 } Boolean; #define WPA_KEY_MGMT_OWE BIT(22) #define WPA_KEY_MGMT_DPP BIT(23) +#define WPA_KEY_MGMT_FT (WPA_KEY_MGMT_FT_IEEE8021X | \ + WPA_KEY_MGMT_FT_PSK | \ + WPA_KEY_MGMT_FT_SAE | \ + WPA_KEY_MGMT_FT_FILS_SHA256 | \ + WPA_KEY_MGMT_FT_FILS_SHA384) + static inline int wpa_key_mgmt_wpa_ieee8021x(int akm) { return !!(akm & (WPA_KEY_MGMT_IEEE8021X | @@ -84,11 +90,14 @@ static inline int wpa_key_mgmt_wpa_psk(int akm) static inline int wpa_key_mgmt_ft(int akm) { - return !!(akm & (WPA_KEY_MGMT_FT_PSK | - WPA_KEY_MGMT_FT_IEEE8021X | - WPA_KEY_MGMT_FT_SAE | - WPA_KEY_MGMT_FT_FILS_SHA256 | - WPA_KEY_MGMT_FT_FILS_SHA384)); + return !!(akm & WPA_KEY_MGMT_FT); +} + +static inline int wpa_key_mgmt_only_ft(int akm) +{ + int ft = wpa_key_mgmt_ft(akm); + akm &= ~WPA_KEY_MGMT_FT; + return ft && !akm; } static inline int wpa_key_mgmt_ft_psk(int akm)