mbox series

[v2,00/18] Basic WPA3 support in AP mode

Message ID 20240506003518.320176-1-brandtwjohn@gmail.com (mailing list archive)
Headers show
Series Basic WPA3 support in AP mode | expand

Message

John Brandt May 6, 2024, 12:30 a.m. UTC 
This set of patches adds basic WPA3 support for IWD in AP mode. It has
been tested by connecting to IWD AP using wpa_supplicant, both when WPA3
is enabled and when it was not. A unit test for SAE mode is now also
included and all other unit tests now pass again.

Compared to the previous version, this patch now also includes MFP
support for AP mode. The AP will generate an IGTK on startup, and
distribute it to MFP-capable clients. Sanity checks on received SAE
frames are now also added.

John Brandt (18):
  ap: ability to advertise PSK and SAE
  ap: accept PSK/SAE in auth depending on config
  unit: fix SAE unit tests
  sae: add function sae_set_group
  sae: refactor and add function sae_calculate_keys
  sae: make sae_process_commit callable in AP mode
  sae: verify offered group in AP mode
  sae: support reception of Confirm frame by AP
  ap: add support to handle SAE authentication
  ap: enable start of 4-way HS after SAE
  eapol: support PTK derivation with SHA256
  eapol: encrypt key data for AKM-defined ciphers
  unit: add unit test for SAE AP mode
  ap: move toward requiring MFP when using SAE
  handshake: add functions to save and set IGTK
  eapol: include IGTK in 4-way handshake as AP
  ap: generate IGTK on startup if MFP is enabled
  ap: propogate IGTK and RSC to handshake

 src/ap.c          | 270 ++++++++++++++++++++++++++++++++++++++++------
 src/eapol.c       |  70 +++++++++---
 src/handshake.c   |  34 ++++++
 src/handshake.h   |   8 ++
 src/nl80211util.c |   7 +-
 src/sae.c         | 209 ++++++++++++++++++++++++-----------
 src/wiphy.c       |   2 +-
 src/wiphy.h       |   2 +
 unit/test-sae.c   | 114 +++++++++++++++++++-
 9 files changed, 595 insertions(+), 121 deletions(-)

Comments

Denis Kenzior May 7, 2024, 4:23 p.m. UTC | #1 
Hi John,

On 5/5/24 7:30 PM, John Brandt wrote:
> This set of patches adds basic WPA3 support for IWD in AP mode. It has
> been tested by connecting to IWD AP using wpa_supplicant, both when WPA3
> is enabled and when it was not. A unit test for SAE mode is now also
> included and all other unit tests now pass again.
> 
> Compared to the previous version, this patch now also includes MFP
> support for AP mode. The AP will generate an IGTK on startup, and
> distribute it to MFP-capable clients. Sanity checks on received SAE
> frames are now also added.

Very nice series.  Thanks for doing this.  I applied what looked good and seemed 
safe to apply.  For the rest, please send a v3.

Thanks,
-Denis