[PATCH 1/4] wiphy: add wiphy_can_offload API

[PATCH 1/4] wiphy: add wiphy_can_offload API

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 2073 bytes --]

This checks if offload is an available extended feature and
compatible with the desired BSS. It is also conditional on
the [General].PreferOffload setting which, for now, is being
added as a 'hidden' developer feature (not documented).
---
 src/wiphy.c | 33 +++++++++++++++++++++++++++++++++
 src/wiphy.h |  1 +
 2 files changed, 34 insertions(+)

diff --git a/src/wiphy.c b/src/wiphy.c
index 3adc5669..2493e8eb 100644
--- a/src/wiphy.c
+++ b/src/wiphy.c
@@ -412,6 +412,39 @@ bool wiphy_can_randomize_mac_addr(struct wiphy *wiphy)
 	return wiphy_has_feature(wiphy, NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR);
 }
 
+bool wiphy_can_offload(struct wiphy *wiphy, struct scan_bss *bss)
+{
+	struct ie_rsn_info rsn_info;
+	int r;
+	bool prefer_offload = false;
+
+	if (!wiphy_has_ext_feature(wiphy,
+				NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
+		return false;
+
+	if (!l_settings_get_bool(iwd_get_config(), "General", "PreferOffload",
+				&prefer_offload) || !prefer_offload)
+		return false;
+
+	memset(&rsn_info, 0, sizeof(rsn_info));
+	r = scan_bss_get_rsn_info(bss, &rsn_info);
+
+	if (r < 0)
+		return false;
+
+	/*
+	 * For now offload is only allowed on PSK networks.
+	 */
+	switch (rsn_info.akm_suites) {
+	case IE_RSN_AKM_SUITE_PSK:
+	case IE_RSN_AKM_SUITE_PSK_SHA256:
+		return true;
+	default:
+		return false;
+	}
+}
+
+
 bool wiphy_rrm_capable(struct wiphy *wiphy)
 {
 	if (wiphy_has_feature(wiphy,
diff --git a/src/wiphy.h b/src/wiphy.h
index 50c8c936..016e5879 100644
--- a/src/wiphy.h
+++ b/src/wiphy.h
@@ -80,6 +80,7 @@ const struct scan_freq_set *wiphy_get_supported_freqs(
 						const struct wiphy *wiphy);
 bool wiphy_can_connect(struct wiphy *wiphy, struct scan_bss *bss);
 bool wiphy_can_randomize_mac_addr(struct wiphy *wiphy);
+bool wiphy_can_offload(struct wiphy *wiphy, struct scan_bss *bss);
 bool wiphy_rrm_capable(struct wiphy *wiphy);
 bool wiphy_has_feature(struct wiphy *wiphy, uint32_t feature);
 bool wiphy_has_ext_feature(struct wiphy *wiphy, uint32_t feature);
-- 
2.26.2

[PATCH 2/4] handshake: add offload member

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 488 bytes --]

This flag indicates the handshake is being offloaded to the
kernel/driver.
---
 src/handshake.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/handshake.h b/src/handshake.h
index b738efd9..0468cbd1 100644
--- a/src/handshake.h
+++ b/src/handshake.h
@@ -116,6 +116,7 @@ struct handshake_state {
 	bool wait_for_gtk : 1;
 	bool no_rekey : 1;
 	bool support_fils : 1;
+	bool offload_psk : 1;
 	uint8_t ssid[32];
 	size_t ssid_len;
 	char *passphrase;
-- 
2.26.2

[PATCH 3/4] station: set handshake offload if supported

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 629 bytes --]

When setting up the handshake check if wiphy supports handshake
offload for PSK networks (not including SAE, for now).
---
 src/station.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/station.c b/src/station.c
index 6496be10..93701e7f 100644
--- a/src/station.c
+++ b/src/station.c
@@ -986,6 +986,8 @@ static struct handshake_state *station_handshake_setup(struct station *station,
 				goto no_psk;
 
 			handshake_state_set_pmk(hs, psk, 32);
+
+			hs->offload_psk = wiphy_can_offload(wiphy, bss);
 		}
 	} else if (security == SECURITY_8021X)
 		handshake_state_set_8021x_config(hs,
-- 
2.26.2

[PATCH 4/4] netdev: offload handshake when requested

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 1562 bytes --]

Set the PMK attribute if offloading the handshake is requested.
Since station relies on handshake events the key setting event
must be simulated in order to sync the PSK. As of now, no other
handshake events are required explicitly.
---
 src/netdev.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/netdev.c b/src/netdev.c
index 1f2aa51c..2c96d611 100644
--- a/src/netdev.c
+++ b/src/netdev.c
@@ -1958,6 +1958,16 @@ process_resp_ies:
 		return;
 	}
 
+	/*
+	 * In the offload case this handshake is completed, simulate setting
+	 * the keys so station sync's PSK and treats this the same as a
+	 * non-offload connection
+	 */
+	if (netdev->handshake->offload_psk) {
+		handshake_event(netdev->handshake,
+					HANDSHAKE_EVENT_SETTING_KEYS);
+	}
+
 	netdev_connect_ok(netdev);
 
 	return;
@@ -2635,6 +2645,10 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
 				NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
 				0, NULL);
 
+	if (hs->offload_psk)
+		l_genl_msg_append_attr(msg, NL80211_ATTR_PMK, hs->pmk_len,
+					hs->pmk);
+
 	rm_enabled_capabilities =
 			wiphy_get_rm_enabled_capabilities(netdev->wiphy);
 	if (rm_enabled_capabilities && bss->capability & IE_BSS_CAP_RM) {
@@ -3000,7 +3014,7 @@ int netdev_connect(struct netdev *netdev, struct scan_bss *bss,
 		if (!cmd_connect)
 			return -EINVAL;
 
-		if (is_rsn || hs->settings_8021x)
+		if (!hs->offload_psk && (is_rsn || hs->settings_8021x))
 			sm = eapol_sm_new(hs);
 	}
 
-- 
2.26.2

Re: [PATCH 1/4] wiphy: add wiphy_can_offload API

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 2659 bytes --]

Hi James,

On 3/3/21 11:47 AM, James Prestwood wrote:
> This checks if offload is an available extended feature and
> compatible with the desired BSS. It is also conditional on
> the [General].PreferOffload setting which, for now, is being
> added as a 'hidden' developer feature (not documented).
> ---
>   src/wiphy.c | 33 +++++++++++++++++++++++++++++++++
>   src/wiphy.h |  1 +
>   2 files changed, 34 insertions(+)
> 
> diff --git a/src/wiphy.c b/src/wiphy.c
> index 3adc5669..2493e8eb 100644
> --- a/src/wiphy.c
> +++ b/src/wiphy.c
> @@ -412,6 +412,39 @@ bool wiphy_can_randomize_mac_addr(struct wiphy *wiphy)
>   	return wiphy_has_feature(wiphy, NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR);
>   }
>   
> +bool wiphy_can_offload(struct wiphy *wiphy, struct scan_bss *bss)

In theory you're only checking the AKM, which is already available through 
hs->akm_suite after we setup the handshake_state...  So you may as well just 
pass that in instead of struct scan_bss.

> +{
> +	struct ie_rsn_info rsn_info;
> +	int r;
> +	bool prefer_offload = false;
> +
> +	if (!wiphy_has_ext_feature(wiphy,
> +				NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
> +		return false;
> +
> +	if (!l_settings_get_bool(iwd_get_config(), "General", "PreferOffload",
> +				&prefer_offload) || !prefer_offload)
> +		return false;
> +

Can we make this more future proof and turn it into something like:

if (!l_settings_get_bool(...))
	prefer_offload = false;

if (!prefer_offload)
	return false;

> +	memset(&rsn_info, 0, sizeof(rsn_info));
> +	r = scan_bss_get_rsn_info(bss, &rsn_info);
> +
> +	if (r < 0)
> +		return false;
> +
> +	/*
> +	 * For now offload is only allowed on PSK networks.
> +	 */
> +	switch (rsn_info.akm_suites) {
> +	case IE_RSN_AKM_SUITE_PSK:
> +	case IE_RSN_AKM_SUITE_PSK_SHA256:
> +		return true;
> +	default:
> +		return false;
> +	}
> +}
> +
> +
>   bool wiphy_rrm_capable(struct wiphy *wiphy)
>   {
>   	if (wiphy_has_feature(wiphy,
> diff --git a/src/wiphy.h b/src/wiphy.h
> index 50c8c936..016e5879 100644
> --- a/src/wiphy.h
> +++ b/src/wiphy.h
> @@ -80,6 +80,7 @@ const struct scan_freq_set *wiphy_get_supported_freqs(
>   						const struct wiphy *wiphy);
>   bool wiphy_can_connect(struct wiphy *wiphy, struct scan_bss *bss);
>   bool wiphy_can_randomize_mac_addr(struct wiphy *wiphy);
> +bool wiphy_can_offload(struct wiphy *wiphy, struct scan_bss *bss);
>   bool wiphy_rrm_capable(struct wiphy *wiphy);
>   bool wiphy_has_feature(struct wiphy *wiphy, uint32_t feature);
>   bool wiphy_has_ext_feature(struct wiphy *wiphy, uint32_t feature);
> 

Regards,
-Denis

Re: [PATCH 2/4] handshake: add offload member

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 659 bytes --]

Hi James,

On 3/3/21 11:47 AM, James Prestwood wrote:
> This flag indicates the handshake is being offloaded to the
> kernel/driver.
> ---
>   src/handshake.h | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/src/handshake.h b/src/handshake.h
> index b738efd9..0468cbd1 100644
> --- a/src/handshake.h
> +++ b/src/handshake.h
> @@ -116,6 +116,7 @@ struct handshake_state {
>   	bool wait_for_gtk : 1;
>   	bool no_rekey : 1;
>   	bool support_fils : 1;
> +	bool offload_psk : 1;

Maybe offloaded_4way would be a more future-proof name?

>   	uint8_t ssid[32];
>   	size_t ssid_len;
>   	char *passphrase;
> 

Regards,
-Denis

Re: [PATCH 3/4] station: set handshake offload if supported

[Denis Kenzior]

[-- Attachment #1: Type: text/plain, Size: 1017 bytes --]

Hi James,

On 3/3/21 11:47 AM, James Prestwood wrote:
> When setting up the handshake check if wiphy supports handshake
> offload for PSK networks (not including SAE, for now).
> ---
>   src/station.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/src/station.c b/src/station.c
> index 6496be10..93701e7f 100644
> --- a/src/station.c
> +++ b/src/station.c
> @@ -986,6 +986,8 @@ static struct handshake_state *station_handshake_setup(struct station *station,
>   				goto no_psk;
>   
>   			handshake_state_set_pmk(hs, psk, 32);
> +
> +			hs->offload_psk = wiphy_can_offload(wiphy, bss);

I actually wonder whether we need to put some of the logic from 
wiphy_can_offload into wiphy_select_akm instead?  Maybe the offload bit can be 
an extra out parameter?

I suspect we need to implement the logic for offloaded SAE to really know what 
will look best.

>   		}
>   	} else if (security == SECURITY_8021X)
>   		handshake_state_set_8021x_config(hs,
> 

Regards,
-Denis