public inbox for iwd@lists.linux.dev
 help / color / mirror / Atom feed
From: Denis Kenzior <denkenz@gmail.com>
To: KeithG <ys3al35l@gmail.com>
Cc: Yuxuan Shui <yshuiv7@gmail.com>,
	iwd@lists.linux.dev,
	Arend Van Spriel <arend.vanspriel@broadcom.com>,
	James Prestwood <prestwoj@gmail.com>
Subject: Re: [RFC PATCH v1 0/2] External Auth support
Date: Sat, 21 Sep 2024 23:23:17 -0500	[thread overview]
Message-ID: <490a625e-a204-4505-877c-27494413a55e@gmail.com> (raw)
In-Reply-To: <CAG17S_NOs=rdUFsFRk4ZPsC=GER2J7nHikGEw=3AW0SBYHUEfg@mail.gmail.com>

Hi Keith,

> 
> Just to be sure... Are you saying that both wpa_supplicant and iwd fail the same 
> way, but wpa_supplicant ignores the failure and still connects?

Pretty much.  But really more by accident than design.

What happens is:
   1. wpa_s completes the SAE handshake via external auth
   2. It then (without waiting for the connection succeeded event) uploads
      the resulting PMKSA into the kernel
   3. Tells the firmware that the handshake succeeded
   4. The firmware nopes out with error -52.
   5. wpa_s then times out / fails the current connection attempt
   6. Re-tries.  On the retry attempt the firmware picks the PMKSA cache
      entry and uses that, skipping SAE step entirely.

Regards,
-Denis

  parent reply	other threads:[~2024-09-22  4:23 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-23 17:41 [RFC PATCH v1 0/2] External Auth support Denis Kenzior
2024-08-23 17:41 ` [RFC PATCH v1 1/2] netdev: external auth support Denis Kenzior
2024-08-26 12:03   ` James Prestwood
2024-08-23 17:41 ` [RFC PATCH v1 2/2] sae: Allow ability to force Group 19 / Hunt and Peck Denis Kenzior
2024-08-24  0:38 ` [RFC PATCH v1 0/2] External Auth support KeithG
2024-08-24  3:21   ` Denis Kenzior
2024-08-24 16:20     ` KeithG
2024-08-24 23:32       ` KeithG
2024-08-26 15:43         ` Denis Kenzior
2024-08-26 16:54           ` Arend Van Spriel
2024-09-02 19:32             ` KeithG
2024-09-07 18:43               ` KeithG
2024-09-21 18:58 ` Yuxuan Shui
2024-09-22  3:35   ` Denis Kenzior
     [not found]     ` <CAG17S_NOs=rdUFsFRk4ZPsC=GER2J7nHikGEw=3AW0SBYHUEfg@mail.gmail.com>
2024-09-22  4:23       ` Denis Kenzior [this message]
2024-09-22  6:09     ` Arend Van Spriel
2024-09-22 15:36       ` KeithG
2024-09-22 16:20         ` Arend Van Spriel
2024-09-22 16:29           ` KeithG
2024-10-10 15:38             ` KeithG
2024-12-11 22:59               ` Jeremy Blum
2024-12-12 14:33                 ` KeithG
2024-09-22 18:56 ` KeithG
2024-09-22 21:01   ` Denis Kenzior

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=490a625e-a204-4505-877c-27494413a55e@gmail.com \
    --to=denkenz@gmail.com \
    --cc=arend.vanspriel@broadcom.com \
    --cc=iwd@lists.linux.dev \
    --cc=prestwoj@gmail.com \
    --cc=ys3al35l@gmail.com \
    --cc=yshuiv7@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox