[PATCH 0/8] Extended Key ID support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is basically V10 for Extended Key ID support from the broken up
"[Patch v9 00/16] Seamless PTK rekeys" series.

It has now the different options how to handle FT and FILS as
configuration options which should make the different trade-offs more
obvious.
The main issue are the beacon frames of the AP: When Extended Key ID is
supported they must announce support for it. But when a station using
FILS or FT tries to connect there is no defined way to handle it. The
only way to avoid that is not supporting it at all when FT or FILS can
be used.
This is now how the BASIC Extended Key ID support now handles the
issue.

The non-standard extensions FT0, FILS0 and FILS_CUSTOM are the most
obvious ways how to handle a bit less radical. (There is no FT_CUSTOM
mode since the standard has no FT IE to transmit it. As soon as one
becomes available we could implement that, too.)

For good measure I also added the option PREFER0, controlling if we like
to start with keyidy 0 instead of 1 when either can be chosen. (I still
like to start with 1 when possible to get more predictable failures.)

So far I have BASIC Extended Key ID support enabled by default which
still can cause inseparability issues with broken STAs when the AP
supports it. (Should be trivial to change the default, though.)

As of today it can only be used with cards using mac80211 with a kernel
>=4.20 and not offering HW encryption. The in-tree drivers matching that
description are:
 - ADMtek ADM8211
 - Atheros AR5523
 - Broadcom 43xx
 - Mac80211 hwsim
 - Marvell 8xxx
 - Ralink rt2400
 - Ralink rt2500
 - Realtek 8180
 - ZyDAS ZD1211

In the near future all iwlwifi (dmm and mvm) cards below the 22000
series should follow. (Fully supported, only not yet officially
enabled.)

Changes compared to the Extended Key ID patches from
"[Patch v9 00/16] Seamless PTK rekeys":
 - To decide if Extended Key ID can be used the RSN information is now
   always taken from the most recent frame (EAPOL #3 for standard
   compliant handshakes.)
 - Fixed FT Extended Key ID support which was not properly initializing
   the active keyid and basically only worked in the tests due to
   happenstance.
 - better but much more complicated configuration options and parsing
 - reworked (mostly reduced) log messages
 - changed detection for Extended Key ID support in the unit tests to
   driver flags (instead of now removed log messages)
 - broken out some parts as separate patches

Alexander Wetzel (8):
  Add KEY_FLAG_MODIFY for Extended Key ID support
  common: Add RSN parsing for Extended Key ID
  common: Extended Key ID support
  AP: Support Extended Key ID
  STA: Support Extended Key ID
  nl80211: Extended Key ID support
  wlantest: Basic Extended Key ID support
  tests: Extended Key ID tests

 hostapd/config_file.c                   |  18 +++
 hostapd/ctrl_iface.c                    |  16 ++
 hostapd/hostapd.conf                    |  38 +++++
 src/ap/ap_config.c                      |  25 +++
 src/ap/ap_config.h                      |   1 +
 src/ap/ieee802_11.c                     |   7 +
 src/ap/wpa_auth.c                       |  92 +++++++++--
 src/ap/wpa_auth.h                       |   3 +
 src/ap/wpa_auth_ft.c                    |  26 ++-
 src/ap/wpa_auth_glue.c                  |  14 +-
 src/ap/wpa_auth_i.h                     |   4 +
 src/ap/wpa_auth_ie.c                    |  77 ++++++++-
 src/common/defs.h                       |  17 +-
 src/common/wpa_common.c                 | 131 +++++++++++++++
 src/common/wpa_common.h                 |   3 +
 src/drivers/driver.h                    |   9 ++
 src/drivers/driver_common.c             |   1 +
 src/drivers/driver_nl80211.c            |  19 ++-
 src/drivers/driver_nl80211_capa.c       |   4 +
 src/rsn_supp/wpa.c                      | 183 +++++++++++++++++++--
 src/rsn_supp/wpa.h                      |  14 ++
 src/rsn_supp/wpa_ft.c                   |  27 +++-
 src/rsn_supp/wpa_i.h                    |   3 +
 src/rsn_supp/wpa_ie.c                   |   7 +
 tests/hwsim/hostapd.py                  |  12 +-
 tests/hwsim/test_ap_eap.py              |  24 ++-
 tests/hwsim/test_ap_ft.py               |  14 +-
 tests/hwsim/test_ap_psk.py              | 145 +++++++++++++++--
 tests/hwsim/test_fils.py                | 203 +++++++++++++++++++++++-
 tests/hwsim/test_ocv.py                 |  13 +-
 tests/hwsim/test_rrm.py                 |   7 +-
 tests/hwsim/wpasupplicant.py            |   2 +-
 wlantest/bss.c                          |   6 +-
 wlantest/rx_data.c                      |   6 +-
 wlantest/rx_eapol.c                     |   4 +
 wpa_supplicant/ap.c                     |   1 +
 wpa_supplicant/config.c                 |  50 ++++++
 wpa_supplicant/config_file.c            |   1 +
 wpa_supplicant/config_ssid.h            |   8 +
 wpa_supplicant/ctrl_iface.c             |   3 +
 wpa_supplicant/dbus/dbus_new_handlers.c |   3 +-
 wpa_supplicant/driver_i.h               |   9 +-
 wpa_supplicant/wpa_cli.c                |   2 +-
 wpa_supplicant/wpa_supplicant.c         |  24 ++-
 wpa_supplicant/wpa_supplicant.conf      |  38 +++++
 wpa_supplicant/wpas_glue.c              |   7 +-
 46 files changed, 1251 insertions(+), 70 deletions(-)

-- 
2.25.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux