From patchwork Wed Oct 10 21:21:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jouni Malinen X-Patchwork-Id: 10635303 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D152315E2 for ; Wed, 10 Oct 2018 21:21:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B9BC62AE58 for ; Wed, 10 Oct 2018 21:21:47 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B75812AE61; Wed, 10 Oct 2018 21:21:47 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.7 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3C5902AE76 for ; Wed, 10 Oct 2018 21:21:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726515AbeJKEpp (ORCPT ); Thu, 11 Oct 2018 00:45:45 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:38268 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725899AbeJKEpp (ORCPT ); Thu, 11 Oct 2018 00:45:45 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id C090B60C5F; Wed, 10 Oct 2018 21:21:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1539206504; bh=VfrUAVOs/fI+UopPWSMHFdn2SB770pkuVDUqVSdZ//g=; h=From:To:Cc:Subject:Date:From; b=O6i7ouiBH3VvIvXUXmQzrW3ald+ri9uyxIP2UurObBl0L1UTFA9ZeT1kcD2b3mQjY 3oUBj3b0O0oxYjL1sufn8Dah/XoLgytsBlWmJXPbN1e8KRnfrWc13pkWXyxx+iXV4V 2Y3KL7Nr93Y/4oQer5NqRRKNfYF1LZuPz96tJVpg= Received: from jouni.codeaurora.org (188-67-66-156.bb.dnainternet.fi [188.67.66.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jouni@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 9455560C60; Wed, 10 Oct 2018 21:21:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1539206501; bh=VfrUAVOs/fI+UopPWSMHFdn2SB770pkuVDUqVSdZ//g=; h=From:To:Cc:Subject:Date:From; b=nVWTrikr8W7QvtdoZK07C9Rx9E5ets9k2JRiMTqCQ7DBl4vM7+ceUyKydWU81ZEu8 tD1i9Qnxrcje5MCydMuJZN4ZYSEMgSYOwCs2nJOcVvMxSjHEH8VpYJGLsdOx2800m4 yDD5soqrBQdwzb9K6CEWJTB6YWOy6LA6qK1w1l+Y= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 9455560C60 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=jouni@codeaurora.org From: Jouni Malinen To: Johannes Berg Cc: linux-wireless@vger.kernel.org, Jouni Malinen Subject: [PATCH 1/3] mac80211: Helper function for marking STA authenticated Date: Thu, 11 Oct 2018 00:21:19 +0300 Message-Id: <1539206481-8798-1-git-send-email-jouni@codeaurora.org> X-Mailer: git-send-email 2.7.4 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Authentication exchange can be completed in both TX and RX paths for SAE, so move this common functionality into a helper function to avoid having to implement practically the same operations in two places when extending SAE implementation in the following commits. Signed-off-by: Jouni Malinen --- net/mac80211/mlme.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 89dac79..2d3ec01 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -2761,13 +2761,33 @@ static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, auth_data->key_idx, tx_flags); } +static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata, + const u8 *bssid) +{ + struct sta_info *sta; + + /* move station state to auth */ + mutex_lock(&sdata->local->sta_mtx); + sta = sta_info_get(sdata, bssid); + if (!sta) { + WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); + return false; + } + if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { + sdata_info(sdata, "failed moving %pM to auth\n", bssid); + return false; + } + mutex_unlock(&sdata->local->sta_mtx); + + return true; +} + static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, struct ieee80211_mgmt *mgmt, size_t len) { struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; u8 bssid[ETH_ALEN]; u16 auth_alg, auth_transaction, status_code; - struct sta_info *sta; struct ieee80211_event event = { .type = MLME_EVENT, .u.mlme.data = AUTH_EVENT, @@ -2850,18 +2870,8 @@ static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, return; } - /* move station state to auth */ - mutex_lock(&sdata->local->sta_mtx); - sta = sta_info_get(sdata, bssid); - if (!sta) { - WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid); + if (!ieee80211_mark_sta_auth(sdata, bssid)) goto out_err; - } - if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) { - sdata_info(sdata, "failed moving %pM to auth\n", bssid); - goto out_err; - } - mutex_unlock(&sdata->local->sta_mtx); cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); return; From patchwork Wed Oct 10 21:21:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jouni Malinen X-Patchwork-Id: 10635305 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 80B1F15E2 for ; Wed, 10 Oct 2018 21:21:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6FB602AEBF for ; Wed, 10 Oct 2018 21:21:51 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6D1E12AD97; Wed, 10 Oct 2018 21:21:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.7 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BBDB32AD97 for ; Wed, 10 Oct 2018 21:21:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726567AbeJKEps (ORCPT ); Thu, 11 Oct 2018 00:45:48 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:38372 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725899AbeJKEps (ORCPT ); Thu, 11 Oct 2018 00:45:48 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id EB32D60C7E; Wed, 10 Oct 2018 21:21:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1539206508; bh=tFPteFBlNfN0muu+Rux2207GOaQMORFJ+IXmlOyi6sI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DnwXCmSmGvPYv8bJXJtDpxYeMKBGWyoQyGepGnRfvnGscmjBprqasC1ICOvDRgsJW dHIy55VBw3diClB7z5j4lGR0dxROJIivfibNjV+JTsJHDHFqYyJnmGKoG1lOyGvVO3 KxqQrGByBOqRtDNVFpg8k3SupDfNYs6LaiHJDLdk= Received: from jouni.codeaurora.org (188-67-66-156.bb.dnainternet.fi [188.67.66.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jouni@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id D67CE60C8E; Wed, 10 Oct 2018 21:21:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1539206503; bh=tFPteFBlNfN0muu+Rux2207GOaQMORFJ+IXmlOyi6sI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cy2w9EsbfFtc1/2NX7j+WZoRQUaTDg5Qd3ZSF2Uo0wYioBiG0MECxPAwVbZEdGml3 dLY/YY0e14PRqvXD1UbEN66bVikqCoh7W8R3KWL+UkE18PLxorWFOANMmBWGDv435N 7ceBVdr+Zf3v47ag5h1OQ79Z3mCj4ZunGeJOL9xM= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org D67CE60C8E Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=jouni@codeaurora.org From: Jouni Malinen To: Johannes Berg Cc: linux-wireless@vger.kernel.org, Jouni Malinen Subject: [PATCH 2/3] mac80211: Move ieee80211_mgd_auth() EBUSY check to be before allocation Date: Thu, 11 Oct 2018 00:21:20 +0300 Message-Id: <1539206481-8798-2-git-send-email-jouni@codeaurora.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1539206481-8798-1-git-send-email-jouni@codeaurora.org> References: <1539206481-8798-1-git-send-email-jouni@codeaurora.org> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This makes it easier to conditionally replace full allocation of auth_data to use reallocation for the case of continuing SAE authentication. Furthermore, there was not really any point in having this check done so late in the function after having already completed number of steps that cannot be used anyway in the error case. Signed-off-by: Jouni Malinen --- net/mac80211/mlme.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 2d3ec01..1818dbc 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -4922,6 +4922,10 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, return -EOPNOTSUPP; } + if ((ifmgd->auth_data && !ifmgd->auth_data->done) || + ifmgd->assoc_data) + return -EBUSY; + auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len + req->ie_len, GFP_KERNEL); if (!auth_data) @@ -4957,12 +4961,6 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, /* try to authenticate/probe */ - if ((ifmgd->auth_data && !ifmgd->auth_data->done) || - ifmgd->assoc_data) { - err = -EBUSY; - goto err_free; - } - if (ifmgd->auth_data) ieee80211_destroy_auth_data(sdata, false); @@ -5007,7 +5005,6 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, mutex_lock(&sdata->local->mtx); ieee80211_vif_release_channel(sdata); mutex_unlock(&sdata->local->mtx); - err_free: kfree(auth_data); return err; } From patchwork Wed Oct 10 21:21:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jouni Malinen X-Patchwork-Id: 10635315 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0DB46679F for ; Wed, 10 Oct 2018 21:22:05 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 00C482ADA2 for ; Wed, 10 Oct 2018 21:22:05 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E92C72ADE2; Wed, 10 Oct 2018 21:22:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.7 required=2.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 43F422ADD3 for ; Wed, 10 Oct 2018 21:22:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726822AbeJKEqC (ORCPT ); Thu, 11 Oct 2018 00:46:02 -0400 Received: from smtp.codeaurora.org ([198.145.29.96]:38508 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725886AbeJKEpy (ORCPT ); Thu, 11 Oct 2018 00:45:54 -0400 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id EFAC460C89; Wed, 10 Oct 2018 21:21:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1539206513; bh=FdUyj0Kk8glyuQvxo9pcQLqKLOW4zqxY/HQ00MFVL3k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QSbfPj5QghcC7ZGTuPY4wsARhEw0lRdlbd8P9UDLaU99eaTJTrPIlbZErRzl0v9cJ AqD4bLSXL7IVyrprOhdAiT0yKiuy5LrSJy6Y/8xSX4/sABH4TYWJURg2pMK5hqeXd9 uVMDoper+SjDMVWHnOCiDBIQYsoQnUbY1AcKyVb4= Received: from jouni.codeaurora.org (188-67-66-156.bb.dnainternet.fi [188.67.66.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jouni@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id B050360C86; Wed, 10 Oct 2018 21:21:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1539206507; bh=FdUyj0Kk8glyuQvxo9pcQLqKLOW4zqxY/HQ00MFVL3k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bHc4+PnJ1UrPp+EmL6A3HBP+mWp7aN6Om4/mWOU74FsfWq8sCs7N9OPJME4147/cY gCXdE72cVrvODanR+1Wj1+ZeDUkI4A8ZIxSrZyYkF7/m6I5W00jn9XuyH5nP2skaKc XbZGMGu8dIDiwtRBZ50Y+xwl+lCSy53jH0NdwI4s= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org B050360C86 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=jouni@codeaurora.org From: Jouni Malinen To: Johannes Berg Cc: linux-wireless@vger.kernel.org, Jouni Malinen Subject: [PATCH 3/3] mac80211: Extend SAE authentication in infra BSS STA mode Date: Thu, 11 Oct 2018 00:21:21 +0300 Message-Id: <1539206481-8798-3-git-send-email-jouni@codeaurora.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1539206481-8798-1-git-send-email-jouni@codeaurora.org> References: <1539206481-8798-1-git-send-email-jouni@codeaurora.org> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Previous implementation of SAE authentication in infrastructure BSS was somewhat restricting and not exactly clean way of handling the two auth() operations. This ended up removing and re-adding the STA entry for the AP in the middle of authentication and also messing up authentication state tracking through the sequence of four Authentication frames. Furthermore, this did not work if the AP ended up sending out SAE Confirm (auth trans #2) immediately after SAE Commit (auth trans #1) before the station had time to transmit its SAE Confirm. Clean up authentication state handling for the SAE case to allow two rounds of auth() calls without dropping all state between those operations. Track peer Confirmed status and mark authentication completed only once both ends have confirmed. ieee80211_mgd_auth() check for EBUSY cases is now handling only the pending association (ifmgd->assoc_data) while all pending authentication (ifmgd->auth_data) cases are allowed to proceed to allow user space to start a new connection attempt from scratch even if the previously requested authentication is still waiting completion. This is needed to avoid making SAE error cases with retries take excessive amount of time with no means for the user space to stop that (apart from setting the netdev down). As an extra bonus, the end of ieee80211_rx_mgmt_auth() can be cleaned up to avoid the extra copy of the cfg80211_rx_mlme_mgmt() call for ongoing SAE authentication since the new ieee80211_mark_sta_auth() helper function can handle both completion of authentication and updates to the STA entry under the same condition and there is no need to return from the function between those operations. Signed-off-by: Jouni Malinen --- net/mac80211/ieee80211_i.h | 1 + net/mac80211/mlme.c | 70 +++++++++++++++++++++++++++++++--------------- 2 files changed, 48 insertions(+), 23 deletions(-) diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index f40a216..10a0506 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -377,6 +377,7 @@ struct ieee80211_mgd_auth_data { u8 key[WLAN_KEY_LEN_WEP104]; u8 key_len, key_idx; bool done; + bool peer_confirmed; bool timeout_started; u16 sae_trans, sae_status; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 1818dbc..d2bc8d5 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -2764,8 +2764,15 @@ static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, static bool ieee80211_mark_sta_auth(struct ieee80211_sub_if_data *sdata, const u8 *bssid) { + struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; struct sta_info *sta; + sdata_info(sdata, "authenticated\n"); + ifmgd->auth_data->done = true; + ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; + ifmgd->auth_data->timeout_started = true; + run_again(sdata, ifmgd->auth_data->timeout); + /* move station state to auth */ mutex_lock(&sdata->local->sta_mtx); sta = sta_info_get(sdata, bssid); @@ -2811,7 +2818,11 @@ static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, status_code = le16_to_cpu(mgmt->u.auth.status_code); if (auth_alg != ifmgd->auth_data->algorithm || - auth_transaction != ifmgd->auth_data->expected_transaction) { + (auth_alg != WLAN_AUTH_SAE && + auth_transaction != ifmgd->auth_data->expected_transaction) || + (auth_alg == WLAN_AUTH_SAE && + (auth_transaction < ifmgd->auth_data->expected_transaction || + auth_transaction > 2))) { sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n", mgmt->sa, auth_alg, ifmgd->auth_data->algorithm, auth_transaction, @@ -2854,25 +2865,17 @@ static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata, event.u.mlme.status = MLME_SUCCESS; drv_event_callback(sdata->local, sdata, &event); - sdata_info(sdata, "authenticated\n"); - ifmgd->auth_data->done = true; - ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC; - ifmgd->auth_data->timeout_started = true; - run_again(sdata, ifmgd->auth_data->timeout); - - if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && - ifmgd->auth_data->expected_transaction != 2) { - /* - * Report auth frame to user space for processing since another - * round of Authentication frames is still needed. - */ - cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); - return; + if (ifmgd->auth_data->algorithm != WLAN_AUTH_SAE || + (auth_transaction == 2 && + ifmgd->auth_data->expected_transaction == 2)) { + if (!ieee80211_mark_sta_auth(sdata, bssid)) + goto out_err; + } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE && + auth_transaction == 2) { + sdata_info(sdata, "SAE peer confirmed\n"); + ifmgd->auth_data->peer_confirmed = true; } - if (!ieee80211_mark_sta_auth(sdata, bssid)) - goto out_err; - cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len); return; out_err: @@ -4888,6 +4891,7 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, struct ieee80211_mgd_auth_data *auth_data; u16 auth_alg; int err; + bool cont_auth; /* prepare auth data structure */ @@ -4922,8 +4926,7 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, return -EOPNOTSUPP; } - if ((ifmgd->auth_data && !ifmgd->auth_data->done) || - ifmgd->assoc_data) + if (ifmgd->assoc_data) return -EBUSY; auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len + @@ -4945,6 +4948,13 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, auth_data->data_len += req->auth_data_len - 4; } + /* Check if continuing authentication or trying to authenticate with the + * same BSS that we were in the process of authenticating with and avoid + * removal and re-addition of the STA entry in + * ieee80211_prep_connection(). + */ + cont_auth = ifmgd->auth_data && req->bss == ifmgd->auth_data->bss; + if (req->ie && req->ie_len) { memcpy(&auth_data->data[auth_data->data_len], req->ie, req->ie_len); @@ -4961,12 +4971,26 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, /* try to authenticate/probe */ - if (ifmgd->auth_data) - ieee80211_destroy_auth_data(sdata, false); + if (ifmgd->auth_data) { + if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE) { + auth_data->peer_confirmed = + ifmgd->auth_data->peer_confirmed; + } + ieee80211_destroy_auth_data(sdata, cont_auth); + } /* prep auth_data so we don't go into idle on disassoc */ ifmgd->auth_data = auth_data; + /* If this is continuation of an ongoing SAE authentication exchange + * (i.e., request to send SAE Confirm) and the peer has already + * confirmed, mark authentication completed since we are about to send + * out SAE Confirm. + */ + if (cont_auth && req->auth_type == NL80211_AUTHTYPE_SAE && + auth_data->peer_confirmed && auth_data->sae_trans == 2) + ieee80211_mark_sta_auth(sdata, req->bss->bssid); + if (ifmgd->associated) { u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; @@ -4984,7 +5008,7 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); - err = ieee80211_prep_connection(sdata, req->bss, false, false); + err = ieee80211_prep_connection(sdata, req->bss, cont_auth, false); if (err) goto err_clear;