| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3e7f9763-a481-40d1-a5aa-9d71ebe13d98@marcan.st> Date: Thu, 21 Dec 2023 03:02:00 +0900 From: Hector Martin <marcan@...can.st> To: Paul Fertser <fercerpav@...il.com> Cc: Arend van Spriel <aspriel@...il.com>, Franky Lin <franky.lin@...adcom.com>, Hante Meuleman <hante.meuleman@...adcom.com>, Kalle Valo <kvalo@...nel.org>, Daniel Berlin <dberlin@...rlin.org>, linux-wireless@...r.kernel.org, brcm80211-dev-list.pdl@...adcom.com, SHA-cyfmac-dev-list@...ineon.com, linux-kernel@...r.kernel.org, asahi@...ts.linux.dev Subject: Re: [PATCH] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password On 2023/12/20 19:16, Paul Fertser wrote: > Hey Hector, > > On Tue, Nov 07, 2023 at 03:05:31PM +0900, Hector Martin wrote: >> Using the WSEC command instead of sae_password seems to be the supported >> mechanism on newer firmware, and also how the brcmdhd driver does it. >> >> According to user reports [1], the sae_password codepath doesn't actually >> work on machines with Cypress chips anyway, so no harm in removing it. > > I'm sorry to disappoint you but I've just tested this patch on a > "Pinebook Pro" which has AP6255 module and it broke WPA3 Personal. > > No error messages are emitted to the kernel log, just iwctl saying it > can't establish connection. > > This is using "Cypress" firmware from the Linux firmware tree [0] > renamed to "brcmfmac43455-sdio.bin" which has the following features > (extracted from last two lines): > > 43455c0-roml/43455_sdio-pno-aoe-pktfilter-pktctx-wfds-mfp-dfsradar-wowlpf-idsup-idauth-noclminc-clm_min-obss-obssdump-swdiv-gtkoe-roamprof-txbf-ve-sae-dpp-sr-okc-bpd Version: 7.45.234 (4ca95bb CY) CRC: 212e223d Date: Thu 2021-04-15 03:06:00 PDT Ucode Ver: 1043.2161 FWID 01-996384e2 > DVID 01-1fda2915 > > > This module is used on many SBCs, including some RaspberryPi > boards. The reason RaspberryPi owners complain about lack of WPA3 > Personal support is that most of them are using obscure downstream > distros which ship brcmfmac firmware from somewhere else rather than > the Linux firmware tree, so they lack the "sae" feature. Another is > that it only works with iwd while default is wpa_supplicant. > > So far all known reports of those who tried the right firmware on > RaspberryPi boards confirm WPA3 Personal was working with iwd [1]. > > > I'll be happy to do more testing if needed. Thank you very much for > your hard and insightful work! Thank you for being the first person to actually test any of this :) Now we actually have a reason to keep the code. The next thing I wonder is whether any of the *other* Cypress chips will respond to WSEC (in addition to or instead of sae_password)... Are you willing to test all the other wifi stuff we have queued up downstream? There's a whole pile of changes here: https://github.com/AsahiLinux/linux/commits/bits/080-wifi/ If things break it would be very helpful if you could bisect it down to the specific commit. This patch is also in there of course, feel free to revert/rebase it out. - Hector
Powered by blists - more mailing lists