[PATCH v2 00/18] Basic WPA3 support in AP mode

($INBOX_DIR/description missing)
 help / color / mirror / Atom feed

From: John Brandt <brandtwjohn@gmail.com>
To: iwd@lists.linux.dev
Cc: John Brandt <brandtwjohn@gmail.com>
Subject: [PATCH v2 00/18] Basic WPA3 support in AP mode
Date: Sun,  5 May 2024 17:30:23 -0700	[thread overview]
Message-ID: <20240506003518.320176-1-brandtwjohn@gmail.com> (raw)

This set of patches adds basic WPA3 support for IWD in AP mode. It has
been tested by connecting to IWD AP using wpa_supplicant, both when WPA3
is enabled and when it was not. A unit test for SAE mode is now also
included and all other unit tests now pass again.

Compared to the previous version, this patch now also includes MFP
support for AP mode. The AP will generate an IGTK on startup, and
distribute it to MFP-capable clients. Sanity checks on received SAE
frames are now also added.

John Brandt (18):
  ap: ability to advertise PSK and SAE
  ap: accept PSK/SAE in auth depending on config
  unit: fix SAE unit tests
  sae: add function sae_set_group
  sae: refactor and add function sae_calculate_keys
  sae: make sae_process_commit callable in AP mode
  sae: verify offered group in AP mode
  sae: support reception of Confirm frame by AP
  ap: add support to handle SAE authentication
  ap: enable start of 4-way HS after SAE
  eapol: support PTK derivation with SHA256
  eapol: encrypt key data for AKM-defined ciphers
  unit: add unit test for SAE AP mode
  ap: move toward requiring MFP when using SAE
  handshake: add functions to save and set IGTK
  eapol: include IGTK in 4-way handshake as AP
  ap: generate IGTK on startup if MFP is enabled
  ap: propogate IGTK and RSC to handshake

 src/ap.c          | 270 ++++++++++++++++++++++++++++++++++++++++------
 src/eapol.c       |  70 +++++++++---
 src/handshake.c   |  34 ++++++
 src/handshake.h   |   8 ++
 src/nl80211util.c |   7 +-
 src/sae.c         | 209 ++++++++++++++++++++++++-----------
 src/wiphy.c       |   2 +-
 src/wiphy.h       |   2 +
 unit/test-sae.c   | 114 +++++++++++++++++++-
 9 files changed, 595 insertions(+), 121 deletions(-)

-- 
2.45.0

next             reply	other threads:[~2024-05-06  0:45 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-06  0:30 John Brandt [this message]
2024-05-06  0:30 ` [PATCH v2 01/18] ap: ability to advertise PSK and SAE John Brandt
2024-05-06  0:30 ` [PATCH v2 02/18] ap: accept PSK/SAE in auth depending on config John Brandt
2024-05-07 15:07   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 03/18] unit: fix SAE unit tests John Brandt
2024-05-07 15:51   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 04/18] sae: add function sae_set_group John Brandt
2024-05-07 14:53   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 05/18] sae: refactor and add function sae_calculate_keys John Brandt
2024-05-07 15:13   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 06/18] sae: make sae_process_commit callable in AP mode John Brandt
2024-05-06  0:30 ` [PATCH v2 07/18] sae: verify offered group " John Brandt
2024-05-07 15:11   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 08/18] sae: support reception of Confirm frame by AP John Brandt
2024-05-07 15:51   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 09/18] ap: add support to handle SAE authentication John Brandt
2024-05-07 15:44   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 10/18] ap: enable start of 4-way HS after SAE John Brandt
2024-05-06  0:30 ` [PATCH v2 11/18] eapol: support PTK derivation with SHA256 John Brandt
2024-05-07 15:52   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 12/18] eapol: encrypt key data for AKM-defined ciphers John Brandt
2024-05-07 16:04   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 13/18] unit: add unit test for SAE AP mode John Brandt
2024-05-06  0:30 ` [PATCH v2 14/18] ap: move toward requiring MFP when using SAE John Brandt
2024-05-07 16:12   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 15/18] handshake: add functions to save and set IGTK John Brandt
2024-05-07 16:20   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 16/18] eapol: include IGTK in 4-way handshake as AP John Brandt
2024-05-07 16:20   ` Denis Kenzior
2024-05-06  0:30 ` [PATCH v2 17/18] ap: generate IGTK on startup if MFP is enabled John Brandt
2024-05-06  0:30 ` [PATCH v2 18/18] ap: propogate IGTK and RSC to handshake John Brandt
2024-05-07 16:23 ` [PATCH v2 00/18] Basic WPA3 support in AP mode Denis Kenzior

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240506003518.320176-1-brandtwjohn@gmail.com \
    --to=brandtwjohn@gmail.com \
    --cc=iwd@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).