[PATCH v3 1/3] station: network: rework ERP/FILS code path
by James Prestwood
This refactors some code to eliminate getting the ERP entry twice
by simply returning it from network_has_erp_identity (now renamed
to network_get_erp_cache). In addition this code was moved into
station_build_handshake_rsn and properly cleaned up in case there
was an error or if a FILS AKM was not chosen.
---
src/network.c | 15 ++++++++-------
src/network.h | 3 ++-
src/station.c | 33 +++++++++++++++++++--------------
3 files changed, 29 insertions(+), 22 deletions(-)
diff --git a/src/network.c b/src/network.c
index b78a7cbf..a6da0cab 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1056,7 +1056,7 @@ static bool match_bss(const void *a, const void *b)
return a == b;
}
-bool network_has_erp_identity(struct network *network)
+struct erp_cache_entry *network_get_erp_cache(struct network *network)
{
struct erp_cache_entry *cache;
struct l_settings *settings;
@@ -1066,16 +1066,16 @@ bool network_has_erp_identity(struct network *network)
settings = network_get_settings(network);
if (!settings)
- return false;
+ return NULL;
check_id = l_settings_get_string(settings, "Security", "EAP-Identity");
if (!check_id)
- return false;
+ return NULL;
cache = erp_cache_get(network_get_ssid(network));
if (!cache) {
l_free(check_id);
- return false;
+ return NULL;
}
identity = erp_cache_entry_get_identity(cache);
@@ -1083,17 +1083,18 @@ bool network_has_erp_identity(struct network *network)
ret = strcmp(check_id, identity) == 0;
l_free(check_id);
- erp_cache_put(cache);
/*
* The settings file must have change out from under us. In this
* case we want to remove the ERP entry because it is no longer
* valid.
*/
- if (!ret)
+ if (!ret) {
erp_cache_remove(identity);
+ return NULL;
+ }
- return ret;
+ return cache;
}
const struct l_queue_entry *network_bss_list_get_entries(
diff --git a/src/network.h b/src/network.h
index 58c26e6b..2cca7ffb 100644
--- a/src/network.h
+++ b/src/network.h
@@ -29,6 +29,7 @@ struct station;
struct network;
struct scan_bss;
struct handshake_state;
+struct erp_cache_entry;
void network_connected(struct network *network);
void network_disconnected(struct network *network);
@@ -87,7 +88,7 @@ void network_blacklist_add(struct network *network, struct scan_bss *bss);
const struct iovec *network_get_extra_ies(struct network *network,
size_t *num_elems);
-bool network_has_erp_identity(struct network *network);
+struct erp_cache_entry *network_get_erp_cache(struct network *network);
const struct l_queue_entry *network_bss_list_get_entries(
struct network *network);
diff --git a/src/station.c b/src/station.c
index e914abb3..5414283c 100644
--- a/src/station.c
+++ b/src/station.c
@@ -743,7 +743,7 @@ static int station_build_handshake_rsn(struct handshake_state *hs,
{
enum security security = network_get_security(network);
bool add_mde = false;
- bool fils_hint = false;
+ struct erp_cache_entry *erp_cache = NULL;
struct ie_rsn_info bss_info;
uint8_t rsne_buf[256];
@@ -764,10 +764,10 @@ static int station_build_handshake_rsn(struct handshake_state *hs,
* wiphy may select FILS if supported by the AP.
*/
if (security == SECURITY_8021X && hs->support_fils)
- fils_hint = network_has_erp_identity(network);
+ erp_cache = network_get_erp_cache(network);
info.akm_suites = wiphy_select_akm(wiphy, bss, security,
- &bss_info, fils_hint);
+ &bss_info, erp_cache != NULL);
/*
* Special case for OWE. With OWE we still need to build up the
@@ -848,6 +848,19 @@ build_ie:
if (IE_AKM_IS_FT(info.akm_suites))
add_mde = true;
+ /*
+ * If FILS was chosen, the ERP cache has been verified to exist. Take
+ * a reference now so it remains valid (in case of expiration) until
+ * FILS starts.
+ */
+ if (hs->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
+ IE_RSN_AKM_SUITE_FILS_SHA384 |
+ IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
+ IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
+ hs->erp_cache = erp_cache;
+ else if (erp_cache)
+ erp_cache_put(erp_cache);
+
open_network:
if (security == SECURITY_NONE)
/* Perform FT association if available */
@@ -867,6 +880,9 @@ open_network:
return 0;
not_supported:
+ if (erp_cache)
+ erp_cache_put(erp_cache);
+
return -ENOTSUP;
}
@@ -889,17 +905,6 @@ static struct handshake_state *station_handshake_setup(struct station *station,
if (network_handshake_setup(network, hs) < 0)
goto not_supported;
- /*
- * If FILS was chosen, the ERP cache has been verified to exist. We
- * wait to get it until here because at this point so there are no
- * failure paths before fils_sm_new
- */
- if (hs->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
- IE_RSN_AKM_SUITE_FILS_SHA384 |
- IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
- IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
- hs->erp_cache = erp_cache_get(network_get_ssid(network));
-
return hs;
not_supported:
--
2.31.1
9 months, 2 weeks
[PATCH v2 1/2] station: network: rework ERP/FILS code path
by James Prestwood
This refactors some code to eliminate getting the ERP entry twice
by simply returning it from network_has_erp_identity (now renamed
to network_get_erp_cache). In addition this code was moved into
station_build_handshake_rsn and properly cleaned up in case there
was an error or if a FILS AKM was not chosen.
---
src/network.c | 15 ++++++++-------
src/network.h | 3 ++-
src/station.c | 33 +++++++++++++++++++--------------
3 files changed, 29 insertions(+), 22 deletions(-)
diff --git a/src/network.c b/src/network.c
index b78a7cbf..a6da0cab 100644
--- a/src/network.c
+++ b/src/network.c
@@ -1056,7 +1056,7 @@ static bool match_bss(const void *a, const void *b)
return a == b;
}
-bool network_has_erp_identity(struct network *network)
+struct erp_cache_entry *network_get_erp_cache(struct network *network)
{
struct erp_cache_entry *cache;
struct l_settings *settings;
@@ -1066,16 +1066,16 @@ bool network_has_erp_identity(struct network *network)
settings = network_get_settings(network);
if (!settings)
- return false;
+ return NULL;
check_id = l_settings_get_string(settings, "Security", "EAP-Identity");
if (!check_id)
- return false;
+ return NULL;
cache = erp_cache_get(network_get_ssid(network));
if (!cache) {
l_free(check_id);
- return false;
+ return NULL;
}
identity = erp_cache_entry_get_identity(cache);
@@ -1083,17 +1083,18 @@ bool network_has_erp_identity(struct network *network)
ret = strcmp(check_id, identity) == 0;
l_free(check_id);
- erp_cache_put(cache);
/*
* The settings file must have change out from under us. In this
* case we want to remove the ERP entry because it is no longer
* valid.
*/
- if (!ret)
+ if (!ret) {
erp_cache_remove(identity);
+ return NULL;
+ }
- return ret;
+ return cache;
}
const struct l_queue_entry *network_bss_list_get_entries(
diff --git a/src/network.h b/src/network.h
index 58c26e6b..2cca7ffb 100644
--- a/src/network.h
+++ b/src/network.h
@@ -29,6 +29,7 @@ struct station;
struct network;
struct scan_bss;
struct handshake_state;
+struct erp_cache_entry;
void network_connected(struct network *network);
void network_disconnected(struct network *network);
@@ -87,7 +88,7 @@ void network_blacklist_add(struct network *network, struct scan_bss *bss);
const struct iovec *network_get_extra_ies(struct network *network,
size_t *num_elems);
-bool network_has_erp_identity(struct network *network);
+struct erp_cache_entry *network_get_erp_cache(struct network *network);
const struct l_queue_entry *network_bss_list_get_entries(
struct network *network);
diff --git a/src/station.c b/src/station.c
index e914abb3..5414283c 100644
--- a/src/station.c
+++ b/src/station.c
@@ -743,7 +743,7 @@ static int station_build_handshake_rsn(struct handshake_state *hs,
{
enum security security = network_get_security(network);
bool add_mde = false;
- bool fils_hint = false;
+ struct erp_cache_entry *erp_cache = NULL;
struct ie_rsn_info bss_info;
uint8_t rsne_buf[256];
@@ -764,10 +764,10 @@ static int station_build_handshake_rsn(struct handshake_state *hs,
* wiphy may select FILS if supported by the AP.
*/
if (security == SECURITY_8021X && hs->support_fils)
- fils_hint = network_has_erp_identity(network);
+ erp_cache = network_get_erp_cache(network);
info.akm_suites = wiphy_select_akm(wiphy, bss, security,
- &bss_info, fils_hint);
+ &bss_info, erp_cache != NULL);
/*
* Special case for OWE. With OWE we still need to build up the
@@ -848,6 +848,19 @@ build_ie:
if (IE_AKM_IS_FT(info.akm_suites))
add_mde = true;
+ /*
+ * If FILS was chosen, the ERP cache has been verified to exist. Take
+ * a reference now so it remains valid (in case of expiration) until
+ * FILS starts.
+ */
+ if (hs->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
+ IE_RSN_AKM_SUITE_FILS_SHA384 |
+ IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
+ IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
+ hs->erp_cache = erp_cache;
+ else if (erp_cache)
+ erp_cache_put(erp_cache);
+
open_network:
if (security == SECURITY_NONE)
/* Perform FT association if available */
@@ -867,6 +880,9 @@ open_network:
return 0;
not_supported:
+ if (erp_cache)
+ erp_cache_put(erp_cache);
+
return -ENOTSUP;
}
@@ -889,17 +905,6 @@ static struct handshake_state *station_handshake_setup(struct station *station,
if (network_handshake_setup(network, hs) < 0)
goto not_supported;
- /*
- * If FILS was chosen, the ERP cache has been verified to exist. We
- * wait to get it until here because at this point so there are no
- * failure paths before fils_sm_new
- */
- if (hs->akm_suite & (IE_RSN_AKM_SUITE_FILS_SHA256 |
- IE_RSN_AKM_SUITE_FILS_SHA384 |
- IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA256 |
- IE_RSN_AKM_SUITE_FT_OVER_FILS_SHA384))
- hs->erp_cache = erp_cache_get(network_get_ssid(network));
-
return hs;
not_supported:
--
2.31.1
9 months, 2 weeks
[PATCH 1/6] fils: isolate ERP cache into fils.c
by James Prestwood
This removes the need for the handshake_state to hold a reference
to the ERP cache. Really the handshake_state was merely holding a
pointer between station and fils and never needed to reference it
beyond fils_sm_new.
---
src/fils.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/fils.c b/src/fils.c
index 7fffefb3..4e67d8df 100644
--- a/src/fils.c
+++ b/src/fils.c
@@ -567,6 +567,8 @@ struct auth_proto *fils_sm_new(struct handshake_state *hs,
void *user_data)
{
struct fils_sm *fils;
+ struct erp_cache_entry *erp;
+ char ssid[33];
fils = l_new(struct fils_sm, 1);
@@ -580,7 +582,17 @@ struct auth_proto *fils_sm_new(struct handshake_state *hs,
fils->ap.rx_authenticate = fils_rx_authenticate;
fils->ap.rx_associate = fils_rx_associate;
- fils->erp = erp_new(hs->erp_cache, fils_erp_tx_func, fils);
+ memcpy(ssid, hs->ssid, hs->ssid_len);
+ ssid[hs->ssid_len] = '\0';
+
+ /*
+ * If FILS was chosen the ERP identity is known to exist, checked by
+ * network_has_erp_identity. erp_new takes ownership of the cache and
+ * will free it upon erp_free.
+ */
+ erp = erp_cache_get(ssid);
+
+ fils->erp = erp_new(erp, fils_erp_tx_func, fils);
return &fils->ap;
}
--
2.31.1
9 months, 2 weeks
[RFC connman v2 0/1] Add wpa_supplicant WPA3-SAE support
by Ariel D'Alessandro
Hi all,
Here's another attemp on adding WPA3-SAE support to connman
(wpa_supplicant backend).
I'd like comments on the following mainly:
Based on plugin/iwd.c, a private data struct is added to each network
in plugin/wifi.c so it can keep track of keymgmt capabilities, needed to
use WPA3-SAE if it's available. See RFC v1 thread for more details.
Note that this is an RFC patchset. Feel free to give any kind of
feedback, always appreciated :-)
Changes from v1:
* Dropped changes to service API.
* Unified WPA3-SAE under WPA-PSK.
* Added private data struct to network in plugin/wifi.c
Regards,
Ariel D'Alessandro (1):
WIP: Add wpa_supplicant WPA3-SAE support
gsupplicant/gsupplicant.h | 10 ++++++++++
gsupplicant/supplicant.c | 33 ++++++++++++++++++++++++++++++---
plugins/wifi.c | 21 +++++++++++++++++++++
3 files changed, 61 insertions(+), 3 deletions(-)
--
2.30.2
9 months, 2 weeks
