Re: [RFC PATCH v1 0/2] External Auth support

[Denis Kenzior <denkenz@gmail.com>]

Hi Keith,

On 8/23/24 7:38 PM, KeithG wrote:
> Denis,
> 
> 
> On Fri, Aug 23, 2024 at 12:42 PM Denis Kenzior <denkenz@gmail.com> wrote:
>>
>> This series implements External Auth support on Full MAC cards that do
>> not support SAE offload.  I have not been able to test this fully since
>> the brcmfmac firmware on the RPi 5 does not actually work properly.
>> Maybe some enterprising person can test it on a firmware that does work?
>>
>> Denis Kenzior (2):
>>    netdev: external auth support
>>    sae: Allow ability to force Group 19 / Hunt and Peck
>>
>>   src/netdev.c      | 258 +++++++++++++++++++++++++++++++++++++++++-----
>>   src/nl80211util.c |   4 +-
>>   src/sae.c         |  20 ++++
>>   src/sae.h         |   3 +
>>   src/wiphy.c       |  19 ++--
>>   5 files changed, 263 insertions(+), 41 deletions(-)
>>
>> --
>> 2.45.2
>>
>>
> I was watching for this. I built iwd from git and tried it on my Pi5.
> As you said, it did not work:
> 
> Aug 23 19:24:29 pi5 iwd[16297]: SAE unsupported: brcmfmac needs
> CMD_EXTERNAL_AUTH for SAE

I don't think you applied the patch correctly.  You should see:

+               /* Case 3 */
+               iwd_notice(IWD_NOTICE_CONNECT_INFO,
+                       "FullMAC driver: %s using SAE.  Expect EXTERNAL_AUTH",
                         wiphy->driver_str);

> Aug 23 19:24:29 pi5 iwd[16297]: src/wiphy.c:wiphy_select_akm() Can't
> use SAE, trying WPA2
> Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_disconnect() agent
> :1.471 disconnected
> Aug 23 19:24:32 pi5 iwd[16297]: src/agent.c:agent_free() agent free
> 0x5555946ddaf0
> 
> I believe this is the latest firmware from Infineon for the RPi fmac cards:
> Firmware: BCM4345/6 wl0: Aug 29 2023 01:47:08 version 7.45.265
> (28bca26 CY) FWID 01-b677b91b
> Firmware: BCM43430/1 wl0: Jun 14 2023 07:27:45 version 7.45.96.s1
> (gf031a129) FWID 01-70bd2af7 es7
> 
> I know there are a number of fmac cards. Does the firmware on these
> work differently to other brcmfmac cards? Do all of them use
> CMD_EXTERNAL_AUTH?

No idea.  All other brcmfmac cards used SAE offload.  Cypress firmware seems to 
have gone with EXTERNAL_AUTH.  Not sure about other full mac cards.  I can see 
references to EXTERNAL_AUTH in two upstream drivers:

[denkenz@archdev linux]$ grep -R "cfg80211_external_auth_request" *
drivers/net/wireless/microchip/wilc1000/hif.c: 
cfg80211_external_auth_request(vif->ndev, &vif->auth,
drivers/net/wireless/quantenna/qtnfmac/event.c:	ret = 
cfg80211_external_auth_request(vif->netdev, &auth, GFP_KERNEL);

But the hardware seems to be unobtanium.  Maybe others can report what other 
solutions use EXTERNAL_AUTH?  Maybe Pinephone?

Regards,
-Denis