[PATCH 1/2] mac80211: Fix Extended Key ID auto activation

[PATCH 1/2] mac80211: Fix Extended Key ID auto activation

[Alexander Wetzel]

Only enable Extended Key ID support for drivers which are not supporting
crypto offload and also do not support A-MPDU.

While any driver using SW crypto from mac80211 is generally able to also
support Extended Key ID these drivers are likely to mix keyIDs in
AMPDUs when rekeying.

According to IEEE 802.11-2016 "9.7.3 A-MPDU contents" this is not
allowed.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 net/mac80211/main.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 5d6b93050c0b..af73f42960fa 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -1051,7 +1051,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
 		}
 	}
 
-	if (!local->ops->set_key ||
+	/* Enable Extended Key IDs when driver is either allowing it or only
+	 * supporting SW crypto without A-MPDU
+	 */
+	if (!(local->ops->set_key ||
+	      ieee80211_hw_check(hw, AMPDU_AGGREGATION)) ||
 	    ieee80211_hw_check(&local->hw, EXT_KEY_ID_NATIVE))
 		wiphy_ext_feature_set(local->hw.wiphy,
 				      NL80211_EXT_FEATURE_EXT_KEY_ID);
-- 
2.21.0

[PATCH 2/2] mac80211_hwsim: Update feature flags

[Alexander Wetzel]

Hwsim is not using HW crypto offload and can correctly rekey PTK keys.
Set NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 to not trigger workarounds.

Also allow Extended Key ID to be used with hwsim, regardless that the
driver A-MPDU aggregation is violating IEEE 802.11 and can aggregate
MPDUs using different key IDs into one A-MPDU.

Hwsim can only communicate with other hwsim cards and itself is able to
handle the non-standard A-MPDUs on Rx.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
---
 drivers/net/wireless/mac80211_hwsim.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index 44cffd1f6dbf..7abe52e3357f 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -2810,6 +2810,7 @@ static int mac80211_hwsim_new_radio(struct genl_info *info,
 	ieee80211_hw_set(hw, SIGNAL_DBM);
 	ieee80211_hw_set(hw, SUPPORTS_PS);
 	ieee80211_hw_set(hw, TDLS_WIDER_BW);
+	ieee80211_hw_set(hw, EXT_KEY_ID_NATIVE);
 	if (rctbl)
 		ieee80211_hw_set(hw, SUPPORTS_RC_TABLE);
 	ieee80211_hw_set(hw, SUPPORTS_MULTI_BSSID);
@@ -2824,6 +2825,7 @@ static int mac80211_hwsim_new_radio(struct genl_info *info,
 			       NL80211_FEATURE_DYNAMIC_SMPS |
 			       NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
+	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CAN_REPLACE_PTK0);
 
 	hw->wiphy->interface_modes = param->iftypes;
 
-- 
2.21.0

Re: [PATCH 2/2] mac80211_hwsim: Update feature flags

[Johannes Berg]

On Mon, 2019-04-22 at 23:34 +0200, Alexander Wetzel wrote:
> Hwsim is not using HW crypto offload and can correctly rekey PTK keys.
> Set NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 to not trigger workarounds.

Why not do this generally also in mac80211 when only software crypto is
possible?

> Also allow Extended Key ID to be used with hwsim, regardless that the
> driver A-MPDU aggregation is violating IEEE 802.11 and can aggregate
> MPDUs using different key IDs into one A-MPDU.
> 
> Hwsim can only communicate with other hwsim cards and itself is able to
> handle the non-standard A-MPDUs on Rx.

Makes sense, but a comment would be nice.

Actually though, hwsim never even builds aggregates :-) It negotiates
sessions, but doesn't really make A-MPDUs.

johannes

Re: [PATCH 1/2] mac80211: Fix Extended Key ID auto activation

[Johannes Berg]

On Mon, 2019-04-22 at 23:34 +0200, Alexander Wetzel wrote:
> Only enable Extended Key ID support for drivers which are not supporting
> crypto offload and also do not support A-MPDU.
> 
> While any driver using SW crypto from mac80211 is generally able to also
> support Extended Key ID these drivers are likely to mix keyIDs in
> AMPDUs when rekeying.
> 
> According to IEEE 802.11-2016 "9.7.3 A-MPDU contents" this is not
> allowed.
> 

I applied this (with some changes), but please resend the other patch as
two separate patches to mac80211/hwsim.

johannes

Re: [PATCH 1/2] mac80211: Fix Extended Key ID auto activation

[Alexander Wetzel]

Am 23.04.19 um 14:14 schrieb Johannes Berg:
> On Mon, 2019-04-22 at 23:34 +0200, Alexander Wetzel wrote:
>> Only enable Extended Key ID support for drivers which are not supporting
>> crypto offload and also do not support A-MPDU.
>>
>> While any driver using SW crypto from mac80211 is generally able to also
>> support Extended Key ID these drivers are likely to mix keyIDs in
>> AMPDUs when rekeying.
>>
>> According to IEEE 802.11-2016 "9.7.3 A-MPDU contents" this is not
>> allowed.
>>
> 
> I applied this (with some changes), but please resend the other patch as
> two separate patches to mac80211/hwsim.

I've just dropped you the updated patch for hwsim Extended Key ID 
support. That's kind of critical for the attempt to get Extended Key ID 
support merged in hostapd/wpa_supplicant.

The patch to allow ptk0 rekeys with hwsim should follow soon. (The PTK0 
rekey patches I have for hostapd/wpa_supplicant still need serious work 
anyhow and are far away to be ready for merge.)

Alexander