[PATCH v6 1/4] netdev: better handle disconnect after FW scan

[PATCH v6 1/4] netdev: better handle disconnect after FW scan

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1122 bytes --]

This should have been updated along with the connect and roam
event separation. Since netdev_connect_event is not being
re-used for CMD_ROAM the comment did not make sense anymore.
Still, there needs to be a check to ensure we were not disconnected
while waiting for GET_SCAN to come back.
---
 src/netdev.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index 9f26ce68..db7f6bbc 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -4099,12 +4099,10 @@ static bool netdev_get_fw_scan_cb(int err, struct l_queue *bss_list,
 	struct scan_bss *bss = NULL;
 
 	/*
-	 * If there was a failure in netdev_connect_event this would reset
-	 * the connect state (netdev_connect_free) causing the sm to be freed.
-	 * In this case we should just ignore this and allow the disconnect
-	 * logic to continue.
+	 * If we happened to be disconnected prior to  GET_SCAN coming back
+	 * just bail out now. This disconnect should already have been handled.
 	 */
-	if (!netdev->sm)
+	if (!netdev->connected)
 		return false;
 
 	if (err < 0) {
-- 
2.26.2

[PATCH v6 2/4] netdev: fix CMD_ROAM for open networks

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1414 bytes --]

In the FW scan callback eapol was being stared unconditionally which
isn't correct as roaming on open networks is possible. Instead check
that a SM exists just like is done in netdev_connect_event.
---
 src/netdev.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index db7f6bbc..fe29de8f 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -4107,9 +4107,7 @@ static bool netdev_get_fw_scan_cb(int err, struct l_queue *bss_list,
 
 	if (err < 0) {
 		l_error("Failed to get scan after roam (%d)", err);
-		netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
-					MMPDU_REASON_CODE_UNSPECIFIED);
-		return false;
+		goto failed;
 	}
 
 	/*
@@ -4121,17 +4119,23 @@ static bool netdev_get_fw_scan_cb(int err, struct l_queue *bss_list,
 
 	if (!bss) {
 		l_error("Roam target BSS not found in scan results");
-		netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
-					MMPDU_REASON_CODE_UNSPECIFIED);
-		return false;
+		goto failed;
 	}
 
 	netdev->fw_roam_bss = bss;
 
 	handshake_state_set_authenticator_ie(netdev->handshake, bss->rsne);
 
-	eapol_start(netdev->sm);
+	if (netdev->sm) {
+		if (!eapol_start(netdev->sm))
+			goto failed;
+	}
+
+	return false;
 
+failed:
+	netdev_connect_failed(netdev, NETDEV_RESULT_ABORTED,
+					MMPDU_REASON_CODE_UNSPECIFIED);
 	return false;
 }
 
-- 
2.26.2

[PATCH v6 3/4] wiphy: allow FT AKM to be used if Auth/Assoc is not supported

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1567 bytes --]

Until now FT was only supported via Auth/Assoc commands which barred
any fullmac cards from using FT AKMs. With PSK offload support these
cards can do FT but only when offloading is used.
---
 src/wiphy.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

v6:
 * Check both PSK offload and fw roam support before choosing FT

diff --git a/src/wiphy.c b/src/wiphy.c
index ab57a2d2..9cf0e07c 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -178,6 +178,8 @@ enum ie_rsn_akm_suite wiphy_select_akm(struct wiphy *wiphy,
 {
 	struct ie_rsn_info info;
 	enum security security;
+	bool psk_offload = wiphy_has_ext_feature(wiphy,
+				NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK);
 
 	memset(&info, 0, sizeof(info));
 	scan_bss_get_rsn_info(bss, &info);
@@ -246,10 +248,17 @@ enum ie_rsn_akm_suite wiphy_select_akm(struct wiphy *wiphy,
 		}
 
 wpa2_personal:
+		/*
+		 * Allow FT if either Auth/Assoc is supported OR if the card
+		 * supports PSK offload. Without Auth/Assoc, PSK offload is the
+		 * only mechanism to allow FT on these cards.
+		 */
 		if ((info.akm_suites & IE_RSN_AKM_SUITE_FT_USING_PSK) &&
-				bss->rsne && bss->mde_present &&
-				wiphy->support_cmds_auth_assoc)
-			return IE_RSN_AKM_SUITE_FT_USING_PSK;
+					bss->rsne && bss->mde_present) {
+			if (wiphy->support_cmds_auth_assoc ||
+					(psk_offload && wiphy->support_fw_roam))
+				return IE_RSN_AKM_SUITE_FT_USING_PSK;
+		}
 
 		if (info.akm_suites & IE_RSN_AKM_SUITE_PSK_SHA256)
 			return IE_RSN_AKM_SUITE_PSK_SHA256;
-- 
2.26.2

[PATCH v6 4/4] netdev: allow PSK offload for FT AKMs

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 4660 bytes --]

This adds a new connection type, TYPE_PSK_OFFLOAD, which
allows the 4-way handshake to be offloaded by the firmware.
Offloading will be used if the driver advertises support.

The CMD_ROAM event path was also modified to take into account
handshake offloading. If the handshake is offloaded we still
must issue GET_SCAN, but not start eapol since the firmware
takes care of this.
---
 src/netdev.c | 50 ++++++++++++++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 18 deletions(-)

diff --git a/src/netdev.c b/src/netdev.c
index fe29de8f..e7ffb635 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -71,6 +71,7 @@ enum connection_type {
 	CONNECTION_TYPE_SOFTMAC,
 	CONNECTION_TYPE_FULLMAC,
 	CONNECTION_TYPE_SAE_OFFLOAD,
+	CONNECTION_TYPE_PSK_OFFLOAD,
 };
 
 static uint32_t unicast_watch;
@@ -202,6 +203,7 @@ static inline bool is_offload(struct handshake_state *hs)
 	case CONNECTION_TYPE_FULLMAC:
 		return false;
 	case CONNECTION_TYPE_SAE_OFFLOAD:
+	case CONNECTION_TYPE_PSK_OFFLOAD:
 		return true;
 	}
 
@@ -1238,11 +1240,6 @@ static void netdev_connect_ok(struct netdev *netdev)
 		netdev->fw_roam_bss = NULL;
 	}
 
-	/* Allow station to sync the PSK to disk */
-	if (is_offload(netdev->handshake))
-		handshake_event(netdev->handshake,
-				HANDSHAKE_EVENT_SETTING_KEYS);
-
 	if (netdev->connect_cb) {
 		netdev->connect_cb(netdev, NETDEV_RESULT_OK, NULL,
 					netdev->user_data);
@@ -2012,14 +2009,6 @@ process_resp_ies:
 			netdev_send_qos_map_set(netdev, qos_set, qos_len);
 	}
 
-	/*
-	 * TODO: Only SAE/WPA3-personal offload is supported. In this case IWD
-	 * is 'done'. In the case of 8021x offload EAP still needs to take
-	 * place, so this must be updated accordingly when that is implemented.
-	 */
-	if (is_offload(netdev->handshake))
-		goto done;
-
 	if (netdev->sm) {
 		/*
 		 * Start processing EAPoL frames now that the state machine
@@ -2031,7 +2020,11 @@ process_resp_ies:
 		return;
 	}
 
-done:
+	/* Allow station to sync the PSK to disk */
+	if (is_offload(netdev->handshake))
+		handshake_event(netdev->handshake,
+				HANDSHAKE_EVENT_SETTING_KEYS);
+
 	netdev_connect_ok(netdev);
 
 	return;
@@ -2663,6 +2656,9 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
 		l_genl_msg_append_attr(msg, NL80211_ATTR_SAE_PASSWORD,
 					strlen(hs->passphrase), hs->passphrase);
 		break;
+	case CONNECTION_TYPE_PSK_OFFLOAD:
+		l_genl_msg_append_attr(msg, NL80211_ATTR_PMK, 32, hs->pmk);
+		break;
 	}
 
 	if (prev_bssid)
@@ -3036,15 +3032,19 @@ static int netdev_handshake_state_setup_connection_type(
 		return -ENOTSUP;
 
 	switch (hs->akm_suite) {
+	case IE_RSN_AKM_SUITE_PSK:
+	case IE_RSN_AKM_SUITE_FT_USING_PSK:
+	case IE_RSN_AKM_SUITE_PSK_SHA256:
+		if (wiphy_has_ext_feature(wiphy,
+				NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
+			goto psk_offload;
+		/* fall through */
 	case IE_RSN_AKM_SUITE_8021X:
 	case IE_RSN_AKM_SUITE_FT_OVER_8021X:
 	case IE_RSN_AKM_SUITE_8021X_SHA256:
 	case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA256:
 	case IE_RSN_AKM_SUITE_8021X_SUITE_B_SHA384:
 	case IE_RSN_AKM_SUITE_FT_OVER_8021X_SHA384:
-	case IE_RSN_AKM_SUITE_PSK:
-	case IE_RSN_AKM_SUITE_FT_USING_PSK:
-	case IE_RSN_AKM_SUITE_PSK_SHA256:
 		if (softmac)
 			goto softmac;
 
@@ -3086,6 +3086,9 @@ fullmac:
 sae_offload:
 	nhs->type = CONNECTION_TYPE_SAE_OFFLOAD;
 	return 0;
+psk_offload:
+	nhs->type = CONNECTION_TYPE_PSK_OFFLOAD;
+	return 0;
 }
 
 static int netdev_connect_common(struct netdev *netdev,
@@ -4126,6 +4129,11 @@ static bool netdev_get_fw_scan_cb(int err, struct l_queue *bss_list,
 
 	handshake_state_set_authenticator_ie(netdev->handshake, bss->rsne);
 
+	if (is_offload(netdev->handshake)) {
+		netdev_connect_ok(netdev);
+		return false;
+	}
+
 	if (netdev->sm) {
 		if (!eapol_start(netdev->sm))
 			goto failed;
@@ -4184,14 +4192,20 @@ static void netdev_roam_event(struct l_genl_msg *msg, struct netdev *netdev)
 		goto failed;
 	}
 
+	/* Handshake completed in firmware, just get the roamed BSS */
+	if (is_offload(netdev->handshake))
+		goto get_fw_scan;
+
 	/* Reset handshake state */
 	nhs->complete = false;
 	nhs->ptk_installed = false;
 	nhs->gtk_installed = true;
 	nhs->igtk_installed = true;
-	handshake_state_set_authenticator_address(netdev->handshake, mac);
 	netdev->handshake->ptk_complete = false;
 
+get_fw_scan:
+	handshake_state_set_authenticator_address(netdev->handshake, mac);
+
 	if (!scan_get_firmware_scan(netdev->wdev_id, netdev_get_fw_scan_cb,
 					netdev, NULL))
 		goto failed;
-- 
2.26.2

Re: [PATCH v6 1/4] netdev: better handle disconnect after FW scan

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 500 bytes --]

Hi James,

On 4/2/21 5:06 PM, James Prestwood wrote:
> This should have been updated along with the connect and roam
> event separation. Since netdev_connect_event is not being
> re-used for CMD_ROAM the comment did not make sense anymore.
> Still, there needs to be a check to ensure we were not disconnected
> while waiting for GET_SCAN to come back.
> ---
>   src/netdev.c | 8 +++-----
>   1 file changed, 3 insertions(+), 5 deletions(-)
> 

All applied, thanks.

Regards,
-Denis