net80211: add initial key management suites from 802.11-2016, APIs to register them
Needs ReviewPublic
Actions

Authored by adrian on Tue, Apr 23, 10:07 PM.

Details

Reviewers

None

Group Reviewers

Summary

The WPA1/WPA2 driver capabilities aren't really enough in today's world.
There are a /lot/ more key management suites to support!

So, add initial support for net80211 and drivers to announce what
key management suites are supported. These are the list from 802.11-2016
section 9.4.2.25.3 (AKM suites.)

The flags are (a) HW and SW, and (b) global and per-VAP.
Drivers may support more key management suites and are welcome to
announce more; net80211 will only announce ones that we know
net80211 knows "enough" about to support correctly.

(Note: For now are limited to WPA-PSK / WPA2-PSK, which is what
net80211 "supports".)

There /are/ other suites that may be interesting to some people in
the future thta are not part of this set - eg if anyone ever
wants to support the Chinese WAPI standard - so this bitmap is not
specifically just the AKM suites in the RSN OUI.

This should eventually be communicated up to the wpa_supplicant and
hostapd via a replacement driver/vap capabilities call so they know
what to enable rather than just IEEE80211_C_WPA1 / IEEE80211_C_WPA2.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 57439
Build 54327: arc lint + arc unit

Event Timeline

adrian created this revision.Tue, Apr 23, 10:07 PM

Herald added subscribers: glebius, melifaro, imp. · View Herald TranscriptTue, Apr 23, 10:07 PM

add differential link

Harbormaster completed remote builds in B57310: Diff 137579.Tue, Apr 23, 10:08 PM

adrian added a parent revision: D44901: net80211: allow a single wlan crypto module to register for >1 cipher.Tue, Apr 23, 10:08 PM

Harbormaster completed remote builds in B57311: Diff 137580.Tue, Apr 23, 10:08 PM

adrian added a reviewer: wireless.Tue, Apr 23, 10:09 PM

adrian added a project: wireless.

adrian added a child revision: D44920: net80211: bump maximum key size to 384 bits.Tue, Apr 23, 11:07 PM

bz requested changes to this revision.Thu, Apr 25, 3:28 AM

bz added a subscriber: bz.

bz added inline comments.

sys/net80211/ieee80211_crypto.c
161	supported what?
166	Someone will soon by tool remove the duplicate word here so better just not add it.
214	I find this a misalignment (driver vs. hw); I still think of the driver as software and in these cases as "hw" as what can be offloaded.
sys/net80211/ieee80211_var.h
414	Why do you sort them differently to above?

This revision now requires changes to proceed.Thu, Apr 25, 3:28 AM

adrian removed a reviewer: bz.Sun, Apr 28, 11:40 PM

adrian added inline comments.

sys/net80211/ieee80211_crypto.c
214	I'm actually wondering about that specific distinction myself. I think it'll be a good thing to plan for, for NICs that actually do full MLME (ie, don't use mac80211) and/or don't require full / any wpa_supplicant / hostapd (ie, nl80211 only NICs, through to things like the broadcom NICs that don't even SUPPORT supplicant APIs; you just control them entirely over ioctl APIs.) Lemme think about this a bit more. I don't think we FULLY have all the pieces abstracted out to support completely smart wifi parts, but it would be a good eventual goal to support.

address comments

Harbormaster completed remote builds in B57439: Diff 137810.Mon, Apr 29, 3:01 AM

I just removed the hw caps for now, i'll chase that up later when this stuff has landed and we've had a chance to think about how to support full supplicant/mlme management (like VERY fullmac) NICs.

emaste added a subscriber: emaste.Tue, Apr 30, 4:34 PM

Is there any implementation for these new functions, i.e., something which updates the drivers or is this just dead wood swimming down the river?