From: James Prestwood <prestwoj@gmail.com>
To: Wen Gong <quic_wgong@quicinc.com>, iwd@lists.01.org, iwd@lists.linux.dev
Cc: Denis Kenzior <denkenz@gmail.com>
Subject: Re: [PATCH v3 3/3] owe: netdev: refactor to remove OWE as an auth-proto
Date: Wed, 12 Jul 2023 19:33:59 -0700 [thread overview]
Message-ID: <d2a490cf-ae06-ed26-33eb-5475616bd725@gmail.com> (raw)
In-Reply-To: <00246aa8-fe45-f5c2-cf2a-3450cee414f2@quicinc.com>
Hi Wen,
On 7/12/23 7:23 PM, Wen Gong wrote:
> On 7/12/2023 10:52 PM, James Prestwood wrote:
>> Hi Wen,
>>
>> On 7/12/23 4:17 AM, Wen Gong wrote:
>>> On 9/4/2021 3:35 AM, James Prestwood wrote:
>>>> ---
>>> ...
>>>> +
>>>> + case IE_TYPE_RSN:
>>>> + if (!netdev->owe_sm)
>>>> + continue;
>>>> +
>>>> + if (ie_parse_rsne(&iter, &info) < 0) {
>>>> + l_error("could not parse RSN IE");
>>>> + goto error;
>>>> + }
>>>> +
>>>> + /*
>>>> + * RFC 8110 Section 4.2
>>>> + * An AP agreeing to do OWE MUST include the OWE
>>>> AKM in
>>>> + * the RSN element portion of the 802.11 association
>>>> + * response.
>>>> + */
>>> Now it is happen connect to OWE AP fail with some APs, because the
>>> assoc resp do not inclued RSNE.
>>>> + if (info.akm_suites != IE_RSN_AKM_SUITE_OWE) {
>>>> + l_error("OWE AKM not included");
>>>> + goto deauth;
>>>> + }
>>>> +
>>>> + owe_akm_found = true;
>>>> +
>>>> + break;
>>>> + }
>>>> + }
>>>> +
>>>> + if (netdev->owe_sm) {
>>>> + if (!owe_dh || !owe_akm_found) {
>>>> + l_error("OWE DH element/RSN not found");
>>>
>>> It failed here.
>>>
>>> So is the check for owe_akm_found MUST added here if owe_dh is
>>> existed in assoc resp?
>>
>> As the comment states, the OWE RFC says that the RSN element must be
>> included in the associate response if we are to stay compliant with
>> the spec.
>>
>> But as you may have noticed we don't actually do anything with this
>> element besides parse it. I don't see that wpa_supplicant enforces
>> this either, so it may be fine to relax this check.
> Thanks for you to relax the check.
>>
>> I would prefer to see iwmon logs when you connect to this AP, just to
>> confirm that the AP isn't including the IE and not something else.
>> Would you be able to get those?
>>
> I have collected iwd log with hexdump, it does not include RSNIE in
> assoc resp ies:
Sorry, I should have been more specific. Using IWD_GENL_DEBUG does
contain the information, but its not really a readable format. We have a
tool called iwmon which you run in parallel to IWD. This parses the raw
data and displays a human readable output:
$ sudo iwmon --nortnl --nowiphy --noscan
Denis,
Is relaxing the RSNE check in the associate response (for OWE only)
something you'd be ok with? Obviously with an L_WARN_ON/l_warn message.
Thanks,
James
next prev parent reply other threads:[~2023-07-13 2:34 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-03 19:35 [PATCH v3 1/3] netdev: factor out scan_bss from CMD_CONNECT builder James Prestwood
2021-09-03 19:35 ` [PATCH v3 2/3] wsc: set ssid in handshake James Prestwood
2021-09-03 19:35 ` [PATCH v3 3/3] owe: netdev: refactor to remove OWE as an auth-proto James Prestwood
2021-09-03 19:44 ` Denis Kenzior
2023-07-12 11:17 ` Wen Gong
2023-07-12 14:52 ` James Prestwood
[not found] ` <00246aa8-fe45-f5c2-cf2a-3450cee414f2@quicinc.com>
2023-07-13 2:33 ` James Prestwood [this message]
2023-07-13 2:52 ` Wen Gong
2023-07-13 3:04 ` James Prestwood
2023-07-13 3:07 ` Wen Gong
2023-07-13 3:56 ` Wen Gong
2023-07-13 14:14 ` Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d2a490cf-ae06-ed26-33eb-5475616bd725@gmail.com \
--to=prestwoj@gmail.com \
--cc=denkenz@gmail.com \
--cc=iwd@lists.01.org \
--cc=iwd@lists.linux.dev \
--cc=quic_wgong@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).