* [PATCH v4] network: add 6GHz restrictions to network_can_connect_bss
@ 2022-02-26 1:06 James Prestwood
0 siblings, 0 replies; 2+ messages in thread
From: James Prestwood @ 2022-02-26 1:06 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 3615 bytes --]
The 802.11ax standards adds some restrictions for the 6GHz band. In short
stations must use SAE, OWE, or 8021x on this band and frame protection is
required.
---
src/network.c | 58 +++++++++++++++++++++++++++++++++++++++------------
1 file changed, 45 insertions(+), 13 deletions(-)
v4:
* Renamed label to mfp_no_tkip
* Fixed missing parentheses after IS_SAE
diff --git a/src/network.c b/src/network.c
index 4e7af27c..7330126e 100644
--- a/src/network.c
+++ b/src/network.c
@@ -55,6 +55,7 @@
#include "src/util.h"
#include "src/erp.h"
#include "src/handshake.h"
+#include "src/band.h"
#define SAE_PT_SETTING "SAE-PT-Group%u"
@@ -774,6 +775,7 @@ int network_can_connect_bss(struct network *network, const struct scan_bss *bss)
struct network_config *config = info ? &info->config : NULL;
bool can_transition_disable = wiphy_can_transition_disable(wiphy);
struct ie_rsn_info rsn;
+ enum band_freq band;
int ret;
switch (security) {
@@ -785,6 +787,9 @@ int network_can_connect_bss(struct network *network, const struct scan_bss *bss)
return -ENOSYS;
}
+ if (!band_freq_to_channel(bss->frequency, &band))
+ return -ENOTSUP;
+
memset(&rsn, 0, sizeof(rsn));
ret = scan_bss_get_rsn_info(bss, &rsn);
if (ret < 0) {
@@ -797,6 +802,13 @@ int network_can_connect_bss(struct network *network, const struct scan_bss *bss)
* We assume the spec means us to check bit 3 here
*/
if (ret == -ENOENT && security == SECURITY_NONE) {
+ /*
+ * 802.11ax 12.12.2 - STA shall not use Open System
+ * authentication without encryption
+ */
+ if (band == BAND_FREQ_6_GHZ)
+ return -EPERM;
+
if (!config)
return 0;
@@ -814,26 +826,21 @@ int network_can_connect_bss(struct network *network, const struct scan_bss *bss)
return ret;
}
- if (!config || !config->have_transition_disable)
+ if (!config || !config->have_transition_disable) {
+ if (band == BAND_FREQ_6_GHZ)
+ goto mfp_no_tkip;
+
goto no_transition_disable;
+ }
if (!can_transition_disable) {
+ if (band == BAND_FREQ_6_GHZ)
+ return -EPERM;
+
l_debug("HW not capable of Transition Disable, skip");
goto no_transition_disable;
}
- /*
- * WPA3 Specification, v3, Section 8:
- * - Disable use of WEP and TKIP
- * - Disallow association without negotiation of PMF
- */
- rsn.pairwise_ciphers &= ~IE_RSN_CIPHER_SUITE_TKIP;
-
- if (!rsn.group_management_cipher)
- return -EPERM;
-
- rsn.mfpr = true;
-
/* WPA3-Personal */
if (test_bit(&config->transition_disable, 0)) {
rsn.akm_suites &= ~IE_RSN_AKM_SUITE_PSK;
@@ -851,6 +858,31 @@ int network_can_connect_bss(struct network *network, const struct scan_bss *bss)
return -EPERM;
}
+mfp_no_tkip:
+ /*
+ * WPA3 Specification, v3, Section 8:
+ * - Disable use of WEP and TKIP
+ * - Disallow association without negotiation of PMF
+ */
+ rsn.pairwise_ciphers &= ~IE_RSN_CIPHER_SUITE_TKIP;
+
+ if (!rsn.group_management_cipher)
+ return -EPERM;
+
+ rsn.mfpr = true;
+
+ /* 802.11ax Section 12.12.2 */
+ if (band == BAND_FREQ_6_GHZ) {
+ /* STA shall not use the following cipher suite selectors */
+ rsn.pairwise_ciphers &= ~IE_RSN_CIPHER_SUITE_USE_GROUP_CIPHER;
+
+ /* Basically the STA must use OWE, SAE, or 8021x */
+ if (!IE_AKM_IS_SAE(rsn.akm_suites) &&
+ !IE_AKM_IS_8021X(rsn.akm_suites) &&
+ (!(rsn.akm_suites | IE_RSN_AKM_SUITE_OWE)))
+ return -EPERM;
+ }
+
no_transition_disable:
if (!wiphy_select_cipher(wiphy, rsn.pairwise_ciphers))
return -ENOTSUP;
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v4] network: add 6GHz restrictions to network_can_connect_bss
@ 2022-02-28 17:32 Denis Kenzior
0 siblings, 0 replies; 2+ messages in thread
From: Denis Kenzior @ 2022-02-28 17:32 UTC (permalink / raw)
To: iwd
[-- Attachment #1: Type: text/plain, Size: 737 bytes --]
On 2/25/22 19:06, James Prestwood wrote:
> The 802.11ax standards adds some restrictions for the 6GHz band. In short
> stations must use SAE, OWE, or 8021x on this band and frame protection is
> required.
> ---
> src/network.c | 58 +++++++++++++++++++++++++++++++++++++++------------
> 1 file changed, 45 insertions(+), 13 deletions(-)
>
> v4:
> * Renamed label to mfp_no_tkip
> * Fixed missing parentheses after IS_SAE
>
<snip>
> + /* Basically the STA must use OWE, SAE, or 8021x */
> + if (!IE_AKM_IS_SAE(rsn.akm_suites) &&
> + !IE_AKM_IS_8021X(rsn.akm_suites) &&
> + (!(rsn.akm_suites | IE_RSN_AKM_SUITE_OWE)))
I amended this to use '&' instead of '|' and applied, thanks.
Regards,
-Denis
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-28 17:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-26 1:06 [PATCH v4] network: add 6GHz restrictions to network_can_connect_bss James Prestwood
2022-02-28 17:32 Denis Kenzior
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.