* [PATCH v2 1/4] handshake: add force_default_owe_group flag
@ 2022-08-08 18:22 James Prestwood
2022-08-08 18:22 ` [PATCH v2 2/4] owe: allow OWE to force group 19 James Prestwood
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: James Prestwood @ 2022-08-08 18:22 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Indicates the OWE SM should only use the default group
---
src/handshake.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/handshake.h b/src/handshake.h
index 7f597b06..f2321634 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -137,6 +137,7 @@ struct handshake_state {
bool authenticator_ocvc : 1;
bool supplicant_ocvc : 1;
bool ext_key_id_capable : 1;
+ bool force_default_owe_group : 1;
uint8_t ssid[32];
size_t ssid_len;
char *passphrase;
--
2.34.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2 2/4] owe: allow OWE to force group 19
2022-08-08 18:22 [PATCH v2 1/4] handshake: add force_default_owe_group flag James Prestwood
@ 2022-08-08 18:22 ` James Prestwood
2022-08-08 18:22 ` [PATCH v2 3/4] network: add setter/getter/flag for forcing default OWE group James Prestwood
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: James Prestwood @ 2022-08-08 18:22 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Similarly with SAE, some AP's either don't do group negotiations
right, or specifically with OWE, incorrectly derive the PTK unless
group 19 is used.
---
src/owe.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
v2:
* Remove extra flag from owe_sm since this is already in handshake_state
diff --git a/src/owe.c b/src/owe.c
index eed3e266..faa4e17d 100644
--- a/src/owe.c
+++ b/src/owe.c
@@ -45,6 +45,20 @@ struct owe_sm {
static bool owe_reset(struct owe_sm *owe)
{
+ if (owe->hs->force_default_owe_group) {
+ if (owe->retry != 0) {
+ l_warn("Forced default OWE group but was rejected!");
+ return false;
+ }
+
+ l_debug("Forcing default OWE group 19");
+
+ owe->retry++;
+ owe->group = 19;
+
+ goto get_curve;
+ }
+
/*
* Reset OWE with a different curve group and generate a new key pair
*/
@@ -52,6 +66,8 @@ static bool owe_reset(struct owe_sm *owe)
return false;
owe->group = owe->ecc_groups[owe->retry];
+
+get_curve:
owe->curve = l_ecc_curve_from_ike_group(owe->group);
if (owe->private)
--
2.34.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2 3/4] network: add setter/getter/flag for forcing default OWE group
2022-08-08 18:22 [PATCH v2 1/4] handshake: add force_default_owe_group flag James Prestwood
2022-08-08 18:22 ` [PATCH v2 2/4] owe: allow OWE to force group 19 James Prestwood
@ 2022-08-08 18:22 ` James Prestwood
2022-08-08 18:22 ` [PATCH v2 4/4] station: re-try OWE if buggy AP is detected James Prestwood
2022-08-08 18:37 ` [PATCH v2 1/4] handshake: add force_default_owe_group flag Denis Kenzior
3 siblings, 0 replies; 5+ messages in thread
From: James Prestwood @ 2022-08-08 18:22 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
If a OWE network is buggy and requires the default group this info
needs to be stored in network in order for it to set this into the
handshake on future connect attempts.
---
src/network.c | 14 ++++++++++++++
src/network.h | 2 ++
2 files changed, 16 insertions(+)
diff --git a/src/network.c b/src/network.c
index 70cb925c..c0befa42 100644
--- a/src/network.c
+++ b/src/network.c
@@ -88,6 +88,7 @@ struct network {
bool provisioning_hidden:1;
uint8_t transition_disable; /* Temporary cache until info is set */
bool have_transition_disable:1;
+ bool force_default_owe_group:1;
int rank;
/* Holds DBus Connect() message if it comes in before ANQP finishes */
struct l_dbus_message *connect_after_anqp;
@@ -525,6 +526,9 @@ int network_handshake_setup(struct network *network, struct scan_bss *bss,
handshake_state_set_protocol_version(hs, eapol_proto_version);
}
+ if (hs->akm_suite == IE_RSN_AKM_SUITE_OWE)
+ hs->force_default_owe_group = network->force_default_owe_group;
+
/*
* The randomization options in the provisioning file are dependent on
* main.conf: [General].AddressRandomization=network. Any other value
@@ -764,6 +768,16 @@ void network_set_info(struct network *network, struct network_info *info)
IWD_NETWORK_INTERFACE, "KnownNetwork");
}
+void network_set_force_default_owe_group(struct network *network)
+{
+ network->force_default_owe_group = true;
+}
+
+bool network_get_force_default_owe_group(struct network *network)
+{
+ return network->force_default_owe_group;
+}
+
static inline bool __bss_is_sae(const struct scan_bss *bss,
const struct ie_rsn_info *rsn)
{
diff --git a/src/network.h b/src/network.h
index d69d63b0..c6b99f6c 100644
--- a/src/network.h
+++ b/src/network.h
@@ -58,6 +58,8 @@ void network_sync_settings(struct network *network);
const struct network_info *network_get_info(const struct network *network);
void network_set_info(struct network *network, struct network_info *info);
+void network_set_force_default_owe_group(struct network *network);
+bool network_get_force_default_owe_group(struct network *network);
int network_can_connect_bss(struct network *network,
const struct scan_bss *bss);
--
2.34.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2 4/4] station: re-try OWE if buggy AP is detected
2022-08-08 18:22 [PATCH v2 1/4] handshake: add force_default_owe_group flag James Prestwood
2022-08-08 18:22 ` [PATCH v2 2/4] owe: allow OWE to force group 19 James Prestwood
2022-08-08 18:22 ` [PATCH v2 3/4] network: add setter/getter/flag for forcing default OWE group James Prestwood
@ 2022-08-08 18:22 ` James Prestwood
2022-08-08 18:37 ` [PATCH v2 1/4] handshake: add force_default_owe_group flag Denis Kenzior
3 siblings, 0 replies; 5+ messages in thread
From: James Prestwood @ 2022-08-08 18:22 UTC (permalink / raw)
To: iwd; +Cc: James Prestwood
Some APs use an older hostapd OWE implementation which incorrectly
derives the PTK. To work around this group 19 should be used for
these APs. If there is a failure (reason=2) and the AKM is OWE
set force default group into network and retry. If this has been
done already the behavior is no different and the BSS will be
blacklisted.
---
src/station.c | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
v2:
* Made warning print more descriptive
* Just check network security rather than parse rsne
diff --git a/src/station.c b/src/station.c
index c5dfc48e..17a48670 100644
--- a/src/station.c
+++ b/src/station.c
@@ -2815,6 +2815,29 @@ static bool station_try_next_bss(struct station *station)
return true;
}
+static bool station_retry_owe_default_group(struct station *station)
+{
+ /*
+ * Shouldn't ever get here with classic open networks so its safe to
+ * assume if the security is none this is an OWE network.
+ */
+ if (network_get_security(station->connected_network) != SECURITY_NONE)
+ return false;
+
+ /* If we already forced group 19, allow the BSS to be blacklisted */
+ if (network_get_force_default_owe_group(station->connected_network))
+ return false;
+
+ l_warn("Failed to connect to OWE BSS "MAC" possibly because the AP is "
+ "incorrectly deriving the PTK, this AP should be fixed. "
+ "Retrying with group 19 as a workaround",
+ MAC_STR(station->connected_bss->addr));
+
+ network_set_force_default_owe_group(station->connected_network);
+
+ return true;
+}
+
static bool station_retry_with_reason(struct station *station,
uint16_t reason_code)
{
@@ -2825,12 +2848,20 @@ static bool station_retry_with_reason(struct station *station,
* Other reason codes can be added here if its decided we want to
* fail in those cases.
*/
- if (reason_code == MMPDU_REASON_CODE_PREV_AUTH_NOT_VALID ||
- reason_code == MMPDU_REASON_CODE_IEEE8021X_FAILED)
+ switch (reason_code) {
+ case MMPDU_REASON_CODE_PREV_AUTH_NOT_VALID:
+ if (station_retry_owe_default_group(station))
+ goto try_next;
+ /* fall through */
+ case MMPDU_REASON_CODE_IEEE8021X_FAILED:
return false;
+ default:
+ break;
+ }
blacklist_add_bss(station->connected_bss->addr);
+try_next:
return station_try_next_bss(station);
}
--
2.34.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/4] handshake: add force_default_owe_group flag
2022-08-08 18:22 [PATCH v2 1/4] handshake: add force_default_owe_group flag James Prestwood
` (2 preceding siblings ...)
2022-08-08 18:22 ` [PATCH v2 4/4] station: re-try OWE if buggy AP is detected James Prestwood
@ 2022-08-08 18:37 ` Denis Kenzior
3 siblings, 0 replies; 5+ messages in thread
From: Denis Kenzior @ 2022-08-08 18:37 UTC (permalink / raw)
To: James Prestwood, iwd
Hi James,
On 8/8/22 13:22, James Prestwood wrote:
> Indicates the OWE SM should only use the default group
> ---
> src/handshake.h | 1 +
> 1 file changed, 1 insertion(+)
>
All applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-08-08 18:57 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-08 18:22 [PATCH v2 1/4] handshake: add force_default_owe_group flag James Prestwood
2022-08-08 18:22 ` [PATCH v2 2/4] owe: allow OWE to force group 19 James Prestwood
2022-08-08 18:22 ` [PATCH v2 3/4] network: add setter/getter/flag for forcing default OWE group James Prestwood
2022-08-08 18:22 ` [PATCH v2 4/4] station: re-try OWE if buggy AP is detected James Prestwood
2022-08-08 18:37 ` [PATCH v2 1/4] handshake: add force_default_owe_group flag Denis Kenzior
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox