From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH v2 00/18] Basic WPA3 support in AP mode
Date: Sun, 5 May 2024 17:30:23 -0700 [thread overview]
Message-ID: <20240506003518.320176-1-brandtwjohn@gmail.com> (raw)
This set of patches adds basic WPA3 support for IWD in AP mode. It has
been tested by connecting to IWD AP using wpa_supplicant, both when WPA3
is enabled and when it was not. A unit test for SAE mode is now also
included and all other unit tests now pass again.
Compared to the previous version, this patch now also includes MFP
support for AP mode. The AP will generate an IGTK on startup, and
distribute it to MFP-capable clients. Sanity checks on received SAE
frames are now also added.
John Brandt (18):
ap: ability to advertise PSK and SAE
ap: accept PSK/SAE in auth depending on config
unit: fix SAE unit tests
sae: add function sae_set_group
sae: refactor and add function sae_calculate_keys
sae: make sae_process_commit callable in AP mode
sae: verify offered group in AP mode
sae: support reception of Confirm frame by AP
ap: add support to handle SAE authentication
ap: enable start of 4-way HS after SAE
eapol: support PTK derivation with SHA256
eapol: encrypt key data for AKM-defined ciphers
unit: add unit test for SAE AP mode
ap: move toward requiring MFP when using SAE
handshake: add functions to save and set IGTK
eapol: include IGTK in 4-way handshake as AP
ap: generate IGTK on startup if MFP is enabled
ap: propogate IGTK and RSC to handshake
src/ap.c | 270 ++++++++++++++++++++++++++++++++++++++++------
src/eapol.c | 70 +++++++++---
src/handshake.c | 34 ++++++
src/handshake.h | 8 ++
src/nl80211util.c | 7 +-
src/sae.c | 209 ++++++++++++++++++++++++-----------
src/wiphy.c | 2 +-
src/wiphy.h | 2 +
unit/test-sae.c | 114 +++++++++++++++++++-
9 files changed, 595 insertions(+), 121 deletions(-)
--
2.45.0
next reply other threads:[~2024-05-06 0:45 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-06 0:30 John Brandt [this message]
2024-05-06 0:30 ` [PATCH v2 01/18] ap: ability to advertise PSK and SAE John Brandt
2024-05-06 0:30 ` [PATCH v2 02/18] ap: accept PSK/SAE in auth depending on config John Brandt
2024-05-07 15:07 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 03/18] unit: fix SAE unit tests John Brandt
2024-05-07 15:51 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 04/18] sae: add function sae_set_group John Brandt
2024-05-07 14:53 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 05/18] sae: refactor and add function sae_calculate_keys John Brandt
2024-05-07 15:13 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 06/18] sae: make sae_process_commit callable in AP mode John Brandt
2024-05-06 0:30 ` [PATCH v2 07/18] sae: verify offered group " John Brandt
2024-05-07 15:11 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 08/18] sae: support reception of Confirm frame by AP John Brandt
2024-05-07 15:51 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 09/18] ap: add support to handle SAE authentication John Brandt
2024-05-07 15:44 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 10/18] ap: enable start of 4-way HS after SAE John Brandt
2024-05-06 0:30 ` [PATCH v2 11/18] eapol: support PTK derivation with SHA256 John Brandt
2024-05-07 15:52 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 12/18] eapol: encrypt key data for AKM-defined ciphers John Brandt
2024-05-07 16:04 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 13/18] unit: add unit test for SAE AP mode John Brandt
2024-05-06 0:30 ` [PATCH v2 14/18] ap: move toward requiring MFP when using SAE John Brandt
2024-05-07 16:12 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 15/18] handshake: add functions to save and set IGTK John Brandt
2024-05-07 16:20 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 16/18] eapol: include IGTK in 4-way handshake as AP John Brandt
2024-05-07 16:20 ` Denis Kenzior
2024-05-06 0:30 ` [PATCH v2 17/18] ap: generate IGTK on startup if MFP is enabled John Brandt
2024-05-06 0:30 ` [PATCH v2 18/18] ap: propogate IGTK and RSC to handshake John Brandt
2024-05-07 16:23 ` [PATCH v2 00/18] Basic WPA3 support in AP mode Denis Kenzior
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240506003518.320176-1-brandtwjohn@gmail.com \
--to=brandtwjohn@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).