This is basically V10 for Extended Key ID support from the broken up "[Patch v9 00/16] Seamless PTK rekeys" series. It has now the different options how to handle FT and FILS as configuration options which should make the different trade-offs more obvious. The main issue are the beacon frames of the AP: When Extended Key ID is supported they must announce support for it. But when a station using FILS or FT tries to connect there is no defined way to handle it. The only way to avoid that is not supporting it at all when FT or FILS can be used. This is now how the BASIC Extended Key ID support now handles the issue. The non-standard extensions FT0, FILS0 and FILS_CUSTOM are the most obvious ways how to handle a bit less radical. (There is no FT_CUSTOM mode since the standard has no FT IE to transmit it. As soon as one becomes available we could implement that, too.) For good measure I also added the option PREFER0, controlling if we like to start with keyidy 0 instead of 1 when either can be chosen. (I still like to start with 1 when possible to get more predictable failures.) So far I have BASIC Extended Key ID support enabled by default which still can cause inseparability issues with broken STAs when the AP supports it. (Should be trivial to change the default, though.) As of today it can only be used with cards using mac80211 with a kernel >=4.20 and not offering HW encryption. The in-tree drivers matching that description are: - ADMtek ADM8211 - Atheros AR5523 - Broadcom 43xx - Mac80211 hwsim - Marvell 8xxx - Ralink rt2400 - Ralink rt2500 - Realtek 8180 - ZyDAS ZD1211 In the near future all iwlwifi (dmm and mvm) cards below the 22000 series should follow. (Fully supported, only not yet officially enabled.) Changes compared to the Extended Key ID patches from "[Patch v9 00/16] Seamless PTK rekeys": - To decide if Extended Key ID can be used the RSN information is now always taken from the most recent frame (EAPOL #3 for standard compliant handshakes.) - Fixed FT Extended Key ID support which was not properly initializing the active keyid and basically only worked in the tests due to happenstance. - better but much more complicated configuration options and parsing - reworked (mostly reduced) log messages - changed detection for Extended Key ID support in the unit tests to driver flags (instead of now removed log messages) - broken out some parts as separate patches Alexander Wetzel (8): Add KEY_FLAG_MODIFY for Extended Key ID support common: Add RSN parsing for Extended Key ID common: Extended Key ID support AP: Support Extended Key ID STA: Support Extended Key ID nl80211: Extended Key ID support wlantest: Basic Extended Key ID support tests: Extended Key ID tests hostapd/config_file.c | 18 +++ hostapd/ctrl_iface.c | 16 ++ hostapd/hostapd.conf | 38 +++++ src/ap/ap_config.c | 25 +++ src/ap/ap_config.h | 1 + src/ap/ieee802_11.c | 7 + src/ap/wpa_auth.c | 92 +++++++++-- src/ap/wpa_auth.h | 3 + src/ap/wpa_auth_ft.c | 26 ++- src/ap/wpa_auth_glue.c | 14 +- src/ap/wpa_auth_i.h | 4 + src/ap/wpa_auth_ie.c | 77 ++++++++- src/common/defs.h | 17 +- src/common/wpa_common.c | 131 +++++++++++++++ src/common/wpa_common.h | 3 + src/drivers/driver.h | 9 ++ src/drivers/driver_common.c | 1 + src/drivers/driver_nl80211.c | 19 ++- src/drivers/driver_nl80211_capa.c | 4 + src/rsn_supp/wpa.c | 183 +++++++++++++++++++-- src/rsn_supp/wpa.h | 14 ++ src/rsn_supp/wpa_ft.c | 27 +++- src/rsn_supp/wpa_i.h | 3 + src/rsn_supp/wpa_ie.c | 7 + tests/hwsim/hostapd.py | 12 +- tests/hwsim/test_ap_eap.py | 24 ++- tests/hwsim/test_ap_ft.py | 14 +- tests/hwsim/test_ap_psk.py | 145 +++++++++++++++-- tests/hwsim/test_fils.py | 203 +++++++++++++++++++++++- tests/hwsim/test_ocv.py | 13 +- tests/hwsim/test_rrm.py | 7 +- tests/hwsim/wpasupplicant.py | 2 +- wlantest/bss.c | 6 +- wlantest/rx_data.c | 6 +- wlantest/rx_eapol.c | 4 + wpa_supplicant/ap.c | 1 + wpa_supplicant/config.c | 50 ++++++ wpa_supplicant/config_file.c | 1 + wpa_supplicant/config_ssid.h | 8 + wpa_supplicant/ctrl_iface.c | 3 + wpa_supplicant/dbus/dbus_new_handlers.c | 3 +- wpa_supplicant/driver_i.h | 9 +- wpa_supplicant/wpa_cli.c | 2 +- wpa_supplicant/wpa_supplicant.c | 24 ++- wpa_supplicant/wpa_supplicant.conf | 38 +++++ wpa_supplicant/wpas_glue.c | 7 +- 46 files changed, 1251 insertions(+), 70 deletions(-) -- 2.25.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
