From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [PATCH 11/15] netdev: add support to use PMKSA over SAE if available
Date: Fri, 22 Nov 2024 07:15:47 -0800 [thread overview]
Message-ID: <20241122151551.286355-12-prestwoj@gmail.com> (raw)
In-Reply-To: <20241122151551.286355-1-prestwoj@gmail.com>
This was quite simple and only requiring caching the PMKSA after a
successful handshake, and using the correct authentication type
for connections if we have a prior PMKSA cached.
This is only being added for initial SAE associations for now since
this is where we gain the biggest improvement, in addition to the
requirement by the WiFi alliance to label products as "WPA3 capable"
---
src/netdev.c | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/src/netdev.c b/src/netdev.c
index 4dccb78a..02496c92 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -65,6 +65,7 @@
#include "src/frame-xchg.h"
#include "src/diagnostic.h"
#include "src/band.h"
+#include "src/pmksa.h"
#ifndef ENOTSUPP
#define ENOTSUPP 524
@@ -1517,6 +1518,8 @@ static void try_handshake_complete(struct netdev_handshake_state *nhs)
l_debug("Invoking handshake_event()");
+ handshake_state_cache_pmksa(&nhs->super);
+
if (handshake_event(&nhs->super, HANDSHAKE_EVENT_COMPLETE))
return;
@@ -2458,7 +2461,19 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
{
struct netdev_handshake_state *nhs =
l_container_of(hs, struct netdev_handshake_state, super);
- uint32_t auth_type = IE_AKM_IS_SAE(hs->akm_suite) ?
+ /*
+ * Choose Open system auth type if PMKSA caching is used for an SAE AKM:
+ *
+ * IEEE 802.11-2020 Table 9-151
+ * - SAE authentication:
+ * 3 (SAE) for SAE Authentication
+ * 0 (open) for PMKSA caching
+ * - FT authentication over SAE:
+ * 3 (SAE) for FT Initial Mobility Domain Association
+ * 0 (open) for FT Initial Mobility Domain Association over
+ * PMKSA caching
+ */
+ uint32_t auth_type = IE_AKM_IS_SAE(hs->akm_suite) && !hs->have_pmksa ?
NL80211_AUTHTYPE_SAE :
NL80211_AUTHTYPE_OPEN_SYSTEM;
enum mpdu_management_subtype subtype = prev_bssid ?
@@ -4027,6 +4042,15 @@ static void netdev_connect_common(struct netdev *netdev,
goto done;
}
+ /*
+ * If SAE, and we have a valid PMKSA cache we can skip the entire SAE
+ * protocol and authenticate using the cached keys.
+ */
+ if (IE_AKM_IS_SAE(hs->akm_suite) && hs->have_pmksa) {
+ l_debug("Skipping SAE by using PMKSA cache");
+ goto build_cmd_connect;
+ }
+
if (!IE_AKM_IS_SAE(hs->akm_suite) ||
nhs->type == CONNECTION_TYPE_SAE_OFFLOAD)
goto build_cmd_connect;
--
2.34.1
next prev parent reply other threads:[~2024-11-22 15:16 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-22 15:15 [PATCH 00/15] PMKSA support (SAE only) James Prestwood
2024-11-22 15:15 ` [PATCH 01/15] handshake: add ref counting to handshake_state James Prestwood
2024-11-22 15:15 ` [PATCH 02/15] unit: update use of handshake_state with ref/unref James Prestwood
2024-11-22 15:15 ` [PATCH 03/15] auto-t: always initialize StationDebug in Device class James Prestwood
2024-11-22 15:15 ` [PATCH 04/15] auto-t: add pmksa_flush() to hostapd module James Prestwood
2024-11-22 15:15 ` [PATCH 05/15] auto-t: update testSAE to disable PMKSA James Prestwood
2024-11-22 15:15 ` [PATCH 06/15] pmksa: Add skeleton James Prestwood
2024-11-22 15:15 ` [PATCH 07/15] unit: Add basic pmksa test James Prestwood
2024-11-22 15:15 ` [PATCH 08/15] pmksa: Add debugging James Prestwood
2024-11-22 15:15 ` [PATCH 09/15] handshake: Add pmksa setter & stealer James Prestwood
2024-11-25 14:56 ` Denis Kenzior
2024-11-25 15:01 ` James Prestwood
2024-11-25 19:25 ` Bryce Johnson
2024-11-25 19:49 ` James Prestwood
2024-11-25 20:18 ` Bryce Johnson
2024-11-22 15:15 ` [PATCH 10/15] handshake: add handshake_state_remove_pmksa James Prestwood
2024-11-22 15:15 ` James Prestwood [this message]
2024-11-22 15:15 ` [PATCH 12/15] station: hold reference to handshake object James Prestwood
2024-11-22 15:15 ` [PATCH 13/15] station: support PMKSA connections James Prestwood
2024-11-22 15:15 ` [PATCH 14/15] auto-t: add PMKSA tests James Prestwood
2024-11-22 15:15 ` [PATCH 15/15] doc: document DisablePMKSA option James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241122151551.286355-12-prestwoj@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox