From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [RFC] netdev: avoid PMKSA for fullmac drivers
Date: Tue, 28 Jan 2025 10:04:38 -0800 [thread overview]
Message-ID: <20250128180438.65113-1-prestwoj@gmail.com> (raw)
The fullmac drivers need additional support to correctly work with
PMKSA. This can be disabled via main.conf, but to avoid extra user
configuration avoid the use of PMKSA for fullmac drivers
automatically.
---
src/netdev.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/netdev.c b/src/netdev.c
index 2a6d94fc..7af3c39a 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1518,7 +1518,8 @@ static void try_handshake_complete(struct netdev_handshake_state *nhs)
l_debug("Invoking handshake_event()");
- handshake_state_cache_pmksa(&nhs->super);
+ if (nhs->type != CONNECTION_TYPE_FULLMAC)
+ handshake_state_cache_pmksa(&nhs->super);
if (handshake_event(&nhs->super, HANDSHAKE_EVENT_COMPLETE))
return;
@@ -2455,6 +2456,19 @@ static void netdev_driver_connected(struct netdev *netdev)
eapol_register(netdev->sm);
}
+static bool netdev_handshake_can_use_pmksa(struct netdev_handshake_state *nhs)
+{
+ /*
+ * Do not use PMKSA if this is a fullmac driver as they need additional
+ * support (SET_PMKSA) in order to function properly. Until this support
+ * is added fullmac drivers will not utilize PMKSA.
+ */
+ if (nhs->type == CONNECTION_TYPE_FULLMAC)
+ return false;
+
+ return nhs->super.have_pmksa;
+}
+
static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
struct handshake_state *hs,
const uint8_t *prev_bssid)
@@ -2473,7 +2487,8 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
* 0 (open) for FT Initial Mobility Domain Association over
* PMKSA caching
*/
- uint32_t auth_type = IE_AKM_IS_SAE(hs->akm_suite) && !hs->have_pmksa ?
+ uint32_t auth_type = IE_AKM_IS_SAE(hs->akm_suite) &&
+ !netdev_handshake_can_use_pmksa(nhs) ?
NL80211_AUTHTYPE_SAE :
NL80211_AUTHTYPE_OPEN_SYSTEM;
enum mpdu_management_subtype subtype = prev_bssid ?
@@ -4053,7 +4068,8 @@ static void netdev_connect_common(struct netdev *netdev,
* If SAE, and we have a valid PMKSA cache we can skip the entire SAE
* protocol and authenticate using the cached keys.
*/
- if (IE_AKM_IS_SAE(hs->akm_suite) && hs->have_pmksa) {
+ if (IE_AKM_IS_SAE(hs->akm_suite) &&
+ netdev_handshake_can_use_pmksa(nhs)) {
l_debug("Skipping SAE by using PMKSA cache");
goto build_cmd_connect;
}
--
2.34.1
next reply other threads:[~2025-01-28 18:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-28 18:04 James Prestwood [this message]
2025-01-29 8:54 ` [RFC] netdev: avoid PMKSA for fullmac drivers Martin Petzold
2025-01-29 14:17 ` James Prestwood
2025-01-29 16:17 ` KeithG
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250128180438.65113-1-prestwoj@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox