From: James Prestwood <prestwoj@gmail.com>
To: iwd@lists.linux.dev
Cc: James Prestwood <prestwoj@gmail.com>
Subject: [PATCH 3/4] netdev: implement PMKSA for fullmac drivers
Date: Wed, 12 Feb 2025 08:24:00 -0800 [thread overview]
Message-ID: <20250212162401.130792-4-prestwoj@gmail.com> (raw)
In-Reply-To: <20250212162401.130792-1-prestwoj@gmail.com>
Supporting PMKSA on fullmac drivers requires that we set the PMKSA
into the kernel as well as remove it. Since station has a removal
path netdev_remove_pmksa needed to be added which station will
call. This will handle both removing IWD's PMKSA cache as well as
in the kernels.
On addition its similar, we add to both IWDs cache and the kernels.
---
src/netdev.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++
src/netdev.h | 2 ++
2 files changed, 70 insertions(+)
diff --git a/src/netdev.c b/src/netdev.c
index 06282c2a..42fb6a4b 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1498,6 +1498,52 @@ static void netdev_setting_keys_failed(struct netdev_handshake_state *nhs,
handshake_event(&nhs->super, HANDSHAKE_EVENT_SETTING_KEYS_FAILED, &err);
}
+static void netdev_set_pmksa(struct handshake_state *hs)
+{
+ struct l_genl_msg *msg;
+ uint32_t expiration = (uint32_t)hs->expiration;
+
+ if (!hs->have_pmkid)
+ return;
+
+ msg = l_genl_msg_new(NL80211_CMD_SET_PMKSA);
+
+ l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &hs->ifindex);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_PMKID, 16, hs->pmkid);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, hs->aa);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_SSID, hs->ssid_len, hs->ssid);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_PMK_LIFETIME, 4, &expiration);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_PMK, hs->pmk_len, hs->pmk);
+
+ if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
+ l_error("error sending SET_PMKSA");
+}
+
+void netdev_remove_pmksa(struct netdev *netdev)
+{
+ struct l_genl_msg *msg;
+ struct handshake_state *hs = netdev->handshake;
+ struct netdev_handshake_state *nhs = l_container_of(hs,
+ struct netdev_handshake_state, super);
+
+ handshake_state_remove_pmksa(netdev->handshake);
+
+ if (nhs->type != CONNECTION_TYPE_FULLMAC)
+ return;
+
+ /* Fullmac cards need to set/remove the PMKSA within the kernel */
+
+ msg = l_genl_msg_new(NL80211_CMD_DEL_PMKSA);
+
+ l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_PMKID, 16, hs->pmkid);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, hs->aa);
+ l_genl_msg_append_attr(msg, NL80211_ATTR_SSID, hs->ssid_len, hs->ssid);
+
+ if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
+ l_error("error sending DEL_PMKSA");
+}
+
static void try_handshake_complete(struct netdev_handshake_state *nhs)
{
l_debug("ptk_installed: %u, gtk_installed: %u, igtk_installed: %u",
@@ -1518,6 +1564,9 @@ static void try_handshake_complete(struct netdev_handshake_state *nhs)
l_debug("Invoking handshake_event()");
+ if (nhs->type == CONNECTION_TYPE_FULLMAC)
+ netdev_set_pmksa(&nhs->super);
+
handshake_state_cache_pmksa(&nhs->super);
if (handshake_event(&nhs->super, HANDSHAKE_EVENT_COMPLETE))
@@ -6469,6 +6518,23 @@ static void netdev_get_link(struct netdev *netdev)
L_WARN_ON(netdev->get_link_cmd_id == 0);
}
+static void netdev_flush_pmksa(struct netdev *netdev)
+{
+ struct l_genl_msg *msg = l_genl_msg_new(NL80211_CMD_FLUSH_PMKSA);
+
+ /*
+ * We only utilize the kernel's PMKSA cache for fullmac cards, so no
+ * need to flush if this is a softmac
+ */
+ if (wiphy_supports_cmds_auth_assoc(netdev->wiphy))
+ return;
+
+ l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
+
+ if (!l_genl_family_send(nl80211, msg, NULL, NULL, NULL))
+ l_error("Failed to flush PMKSA");
+}
+
struct netdev *netdev_create_from_genl(struct l_genl_msg *msg,
const uint8_t *set_mac)
{
@@ -6544,6 +6610,8 @@ struct netdev *netdev_create_from_genl(struct l_genl_msg *msg,
netdev_get_link(netdev);
+ netdev_flush_pmksa(netdev);
+
return netdev;
}
diff --git a/src/netdev.h b/src/netdev.h
index 6299934e..0c7d7550 100644
--- a/src/netdev.h
+++ b/src/netdev.h
@@ -218,6 +218,8 @@ int netdev_get_all_stations(struct netdev *netdev, netdev_get_station_cb_t cb,
void netdev_handshake_failed(struct handshake_state *hs, uint16_t reason_code);
+void netdev_remove_pmksa(struct netdev *netdev);
+
struct netdev *netdev_find(int ifindex);
uint32_t netdev_watch_add(netdev_watch_func_t func,
--
2.34.1
next prev parent reply other threads:[~2025-02-12 16:24 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-12 16:23 [PATCH 0/4] PMKSA support for fullmac drivers James Prestwood
2025-02-12 16:23 ` [PATCH 1/4] netdev: don't set CQM thresholds for fullmac cards James Prestwood
2025-02-12 16:23 ` [PATCH 2/4] netdev: remove/update some iwd_notice logs James Prestwood
2025-02-12 16:24 ` James Prestwood [this message]
2025-02-12 16:27 ` [PATCH 3/4] netdev: implement PMKSA for fullmac drivers James Prestwood
2025-02-12 16:24 ` [PATCH 4/4] station: use netdev_remove_pmksa James Prestwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250212162401.130792-4-prestwoj@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox