From patchwork Tue Sep 25 08:30:30 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Mathieu Monney (mamonney)" X-Patchwork-Id: 974298 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none) header.from=cisco.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="jEDsbd0G"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=cisco.com header.i=@cisco.com header.b="RH/hOu9T"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42KDng75TCz9s47 for ; Tue, 25 Sep 2018 18:31:51 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Content-ID:Message-ID:Date :Subject:To:From:Reply-To:Cc:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=lysmI0v6to2tYWCPLea16l7LjKzd/2mB6QrunqC3638=; b=jEDsbd0GWBoQW+ AQ9Wo5vWFLUQ6RR9O/NC5Po/W2H7Oi0LOfgHBLg+j9pVLWeeW6b1lgUOj80X3eRhI+GEMW6Vty7Yp VeEfun2N7WEOoMKVUQhaZSLa96FUtHnENVK03SdPiD8IkQ6E3JEr38ZwwqjhKirLiJl4xaYDwPdLR QZgBBs8+drqQ1bnELnEDhITKGpk6N5KAjUoWRnLRtpWUNGBrkub7XEaNOt9uzyT7nCpABjsOh/j57 7zn3rUKaFo6JzoWBM0yqiPvHKzW7jBien97lYTTD5oQf/Zh+oR6rUX1MRGgPpuyQcKgdo2DlTfCr0 NHrnpGi6rNl+20cNUGCg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g4ikm-0004uH-6G; Tue, 25 Sep 2018 08:31:32 +0000 Received: from rcdn-iport-4.cisco.com ([173.37.86.75]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g4ikT-0004sN-7B for hostap@lists.infradead.org; Tue, 25 Sep 2018 08:31:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2750; q=dns/txt; s=iport; t=1537864273; x=1539073873; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=BGDDloOZEDBqZK4ZxY0kZ/PU/UZx4CEVAZ/CoBVNU88=; b=RH/hOu9T8mz/ikyXAUv7lo0FjhsY6Vy/Y+njN5xtBmAbpxiZQX1bdrfF C1aU9G5PgJIsWlOQLbVc2k7bmBRDACbqLfbu9nMUidZZerwwY/nDftNm1 rtJoF1w9VZ61ojjfQT4FGqI4mq63i6ttI1SYrSQxra5WAkkvE0JDDDsiz U=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0AJAADm8alb/4sNJK1bGgEBAQEBAgEBAQEHAgEBAQGBUYFkKoFkKAqLf4wtgWiWc4F6C4hOITQYAQMBAQIBAQJtHQuFOAEtE1EBGQMBAh9CHQoEE4MhggKkGzOEd4UminkXgUE/gTkME4IegW+Gb4ImApx/CQKQJxePLJRiAhEUgSUdOIFVcBVlAYJBgjEcagECjRpvjAuBHgEB X-IronPort-AV: E=Sophos;i="5.54,301,1534809600"; d="scan'208";a="456792147" Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Sep 2018 08:30:31 +0000 Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by alln-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id w8P8UUkb014156 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Tue, 25 Sep 2018 08:30:31 GMT Received: from xch-rtp-020.cisco.com (64.101.220.160) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 25 Sep 2018 04:30:30 -0400 Received: from xch-rtp-020.cisco.com ([64.101.220.160]) by XCH-RTP-020.cisco.com ([64.101.220.160]) with mapi id 15.00.1395.000; Tue, 25 Sep 2018 04:30:30 -0400 From: "Mathieu Monney (mamonney)" To: "hostap@lists.infradead.org" Subject: [nl80211] Add support for 4-way handshake offloading to firmware in NL80211 driver Thread-Topic: [nl80211] Add support for 4-way handshake offloading to firmware in NL80211 driver Thread-Index: AQHUVKoEusKTsjoOw0KAXcQ+70QUIA== Date: Tue, 25 Sep 2018 08:30:30 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.228.220.32] Content-ID: <9EC8C796F2E32D44BE35E9E6AF8F46DE@emea.cisco.com> MIME-Version: 1.0 X-Outbound-SMTP-Client: 64.101.220.158, xch-rtp-018.cisco.com X-Outbound-Node: alln-core-6.cisco.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180925_013113_346712_327983FC X-CRM114-Status: GOOD ( 16.09 ) X-Spam-Score: -12.6 (------------) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-12.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [173.37.86.75 listed in list.dnswl.org] -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_MED DKIMwl.org - Whitelisted Medium sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Hi all, While using wpa_supplicant on a device (Raspberry Pi 3B+) with bcm43455c0 chipset and broadcom drivers, we noticed that wpa_supplicant would correctly connect to a WPA2-Enterprise network and do the 4-way handshake but it would immediately disconnect afterward. After debugging the broadcom kernel driver, we noticed that wpa_supplicant is not sending the NL80211_ATTR_WANT_1X_4WAY_HS flag although the broadcom driver reports through NL80211 that it supports 4-way handshake offloading to firmware. This breaks some checks on the broadcom driver side as it is expected to have this flag set if the PMK is set into the driver. I inlined below a simple patch to fix this. Let me know if this can be merged into the latest master. Best regards, Mathieu Monney --- From 8477d67439b2d5877f7f60b1d23ef982345df62e Mon Sep 17 00:00:00 2001 From: Mathieu Bastien Monney Date: Tue, 25 Sep 2018 10:22:41 +0200 Subject: [PATCH] nl80211: Add proper flag for 4-way handshake offloading to firmware Signed-off-by: Mathieu Bastien Monney --- src/drivers/driver_nl80211.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) -- 2.15.2 (Apple Git-101.1) diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 39a02d3ee..4aff5feab 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -2902,8 +2902,11 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, #endif /* CONFIG_DRIVER_NL80211_QCA */ if (alg == WPA_ALG_PMK && - (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) + (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) { + if(nla_put_flag(msg, NL80211_ATTR_WANT_1X_4WAY_HS)) + return -1; return nl80211_set_pmk(drv, key, key_len, addr); + } if (alg == WPA_ALG_NONE) { msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY); @@ -5406,11 +5409,15 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, } /* Add PSK in case of 4-way handshake offload */ - if (params->psk && - (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) { - wpa_hexdump_key(MSG_DEBUG, " * PSK", params->psk, 32); - if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk)) + if (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) { + /* Ask the driver we want offloading */ + if(nla_put_flag(msg, NL80211_ATTR_WANT_1X_4WAY_HS)) return -1; + if (params->psk) { + wpa_hexdump_key(MSG_DEBUG, " * PSK", params->psk, 32); + if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk)) + return -1; + } } if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))