mbox series

[RFC,v3,00/12] Draft for Extended Key ID support

Message ID 20190210210620.31181-1-alexander@wetzel-home.de (mailing list archive)
Headers show
Series Draft for Extended Key ID support | expand

Message

Alexander Wetzel Feb. 10, 2019, 9:06 p.m. UTC
This is my current development version for Extended Key ID support in
linux and mac80211.
I consider the all patches in this series against nl80211/mac80211 ready
for merge and if they still have defects not mentioned in the patch I
need your help to see them.
There are still some questions if we even want/need all those patches,
and so I've added some remarks to behind some commit message to start the
different discussions.

The driver patches are - with the exception of the hwsim patch -
definitely not ready for merge and mostly here to illustrate how the
different APIs can be used and to start some discussions how to handle HW
specific challenges. Of course if someone wants to play with Extended Key
ID they also should be useful... (I can provide updated mostly working
hostapd/wpa_supplicant patches if someone is interested. Don't try to
use the old ones I sent to hostapd mailing list in November.)

That said I'm now using most of the patches or their predecessor in my
private Wlan with devices both supporting and not supporting Extended
Key ID fine.

Compared to the last RFC patch only the nl80211 patch is still close to
what we discussed. It got the API cleanup/changes and the open sanity
checks and not much more.

The mac80211 patch from RFC v2 had serious defects. The most serious one
was probably to not select the key based on the keyid of the MPDU.
I think outlining all the changes will not be useful here, the initial
patch was too broken for anything but SW crypto. (Which also had
issues...)
It started out with more or less all the fixes we discussed but when
trying to get it really correct and feature complete it became three
different patches we better review from the scratch. They are now
touching much more code and make in some cases drastic changes.

Here a short overview of the patches in the series and why they are in
it:

1) mac80211: Optimize tailroom_needed update checks:
   This would be a standalone patch, but some other patches depend on it
   to apply cleanly.

2) nl80211/cfg80211: Extended Key ID support
   Generic support for Extended Key ID.

3) mac80211: IEEE 802.11 Extended Key ID support
   Mac80211 Extended Key ID support for drivers when the hardware is able to
   handle Extended Key ID (aka two pairwise keys in HW).

4) mac80211: Compatibility Extended Key ID support
   Mac80211 Extended Key ID support for most devices not able to handle
   two unicast keys in HW.

5) mac80211: Mark A-MPDU keyid borders for drivers
   This is one big question, see the patch for why we may want this or
   not...

6) mac80211_hwsim: Ext Key ID support (NATIVE)
   Just a one-liner to allow Extended Key ID to be used with hwsim.

--- No patch below this line is ready for merge ---

7) iwlwifi: Extended Key ID support (NATIVE)
   Hopefully the seed to support Extended Key ID for all iwlwifi cards,
   see the patch description for the (big) issue it has.
   As it is it's mostly an example how Native Extended Key ID support
   will look like working with only some cards.

8) iwlwifi: dvm - EXT_KEY_ID A-MPDU API update
   Stops iwldvm drivers to complain when used together with the
   experimental "mac80211: Mark A-MPDU keyid boarders for drivers"
   patch.

The following patches in the series are only illustrating the COMPAT
Extended Key ID support:

9) ath: Basic Extended Key ID support
   Experimental patch for generic Extended Key ID support for all ath
   drivers.

10) ath5k: ath_key_config() API compatibility update
    Allows to still compile ath5k drivers with the patch above.
    Only provided to not break any drivers if someone wants to test
    this.

11) ath9k: Extended Key ID support (COMPAT)
    The example for Compatibility Key ID support, works together with
    "ath: Basic Extended Key ID support".
 
12) ath9k: EXT_KEY_ID A-MPDU API update
    A mostly untested example how drivers may benefit from "mac80211:
    Mark A-MPDU keyid boarders for drivers".

Alexander Wetzel (12):
  mac80211: Optimize tailroom_needed update checks
  nl80211/cfg80211: Extended Key ID support
  mac80211: IEEE 802.11 Extended Key ID support
  mac80211: Compatibility Extended Key ID support
  mac80211: Mark A-MPDU keyid boarders for drivers
  mac80211_hwsim: Ext Key ID support (NATIVE)
  iwlwifi: Extended Key ID support (NATIVE)
  iwlwifi: dvm - EXT_KEY_ID A-MPDU API update
  ath: Basic Extended Key ID support (COMPAT+NATIVE)
  ath5k: ath_key_config() API compatibility update
  ath9k: Extended Key ID support (COMPAT)
  ath9k: EXT_KEY_ID A-MPDU API update

 drivers/net/wireless/ath/ath.h                |   7 +-
 drivers/net/wireless/ath/ath5k/mac80211-ops.c |   2 +-
 drivers/net/wireless/ath/ath9k/htc_drv_main.c |   2 +-
 drivers/net/wireless/ath/ath9k/init.c         |   1 +
 drivers/net/wireless/ath/ath9k/main.c         |  20 +-
 drivers/net/wireless/ath/ath9k/xmit.c         |  14 +-
 drivers/net/wireless/ath/key.c                |  35 ++-
 .../net/wireless/intel/iwlwifi/dvm/mac80211.c |   5 +
 drivers/net/wireless/intel/iwlwifi/dvm/tx.c   |   2 +-
 .../net/wireless/intel/iwlwifi/mvm/mac80211.c |   5 +
 drivers/net/wireless/mac80211_hwsim.c         |   1 +
 include/net/cfg80211.h                        |   2 +
 include/net/mac80211.h                        |  65 ++++-
 include/uapi/linux/nl80211.h                  |  23 +-
 net/mac80211/cfg.c                            |  38 +++
 net/mac80211/debugfs.c                        |   2 +
 net/mac80211/ieee80211_i.h                    |   2 +-
 net/mac80211/key.c                            | 223 +++++++++++++++---
 net/mac80211/key.h                            |   9 +
 net/mac80211/main.c                           |   6 +
 net/mac80211/rx.c                             |  81 ++++---
 net/mac80211/sta_info.c                       |  13 +
 net/mac80211/sta_info.h                       |   6 +-
 net/mac80211/tx.c                             |  77 ++++--
 net/wireless/nl80211.c                        |  32 ++-
 net/wireless/rdev-ops.h                       |   3 +-
 net/wireless/trace.h                          |  31 ++-
 net/wireless/util.c                           |  20 +-
 28 files changed, 601 insertions(+), 126 deletions(-)

Comments

Johannes Berg Feb. 15, 2019, 11:10 a.m. UTC | #1
On Sun, 2019-02-10 at 22:06 +0100, Alexander Wetzel wrote:
> 
> The driver patches are - with the exception of the hwsim patch -
> definitely not ready for merge and mostly here to illustrate how the
> different APIs can be used and to start some discussions how to handle HW
> specific challenges. Of course if someone wants to play with Extended Key
> ID they also should be useful... (I can provide updated mostly working
> hostapd/wpa_supplicant patches if someone is interested.

Of course :-)

Some tests for the hwsim tests there would also be nice, that's the
easiest way to see something working - if you have them.

johannes
Alexander Wetzel Feb. 21, 2019, 8:44 p.m. UTC | #2
Am 15.02.19 um 12:10 schrieb Johannes Berg:
> On Sun, 2019-02-10 at 22:06 +0100, Alexander Wetzel wrote:
>>
>> The driver patches are - with the exception of the hwsim patch -
>> definitely not ready for merge and mostly here to illustrate how the
>> different APIs can be used and to start some discussions how to handle HW
>> specific challenges. Of course if someone wants to play with Extended Key
>> ID they also should be useful... (I can provide updated mostly working
>> hostapd/wpa_supplicant patches if someone is interested.
> 
> Of course :-)

I've just upload my current hostapd patches here:
https://www.awhome.eu/index.php/s/FZx68eGMGbwf6EK

These are slightly updated versions of the patches I send to the hostapd 
mailing list used in my tests. I'm using them since months in mixed 
environments with and without Extennded Key ID support.
Once the nl80211 API stabilizes I'll plan to polish them, fill in the 
known gaps and try to get them merged.

> 
> Some tests for the hwsim tests there would also be nice, that's the
> easiest way to see something working - if you have them.

I did run the the existing PTK tests but proper tests for Extended Key 
ID are the biggest open topic. I suspect proper tests will the most 
complicated open task here.

The others are:
- No support for Extended Key ID in mesh mode
- Update to new kernel API (the one we extended for Extended KEY ID) 
needs some more work.
- Make sure we do not install the keys twice when repeating either EAPOL 
3 or 4 (I think one of them was ok, but I did not look at that for 
ages... It's still working fine, mac80211 detects a duplicate key 
install and just reports success.)

Alexander