lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 22 May 2024 17:50:26 -0700
From: Brian Norris <briannorris@...omium.org>
To: David Lin <yu-hao.lin@....com>
Cc: Marcel Holtmann <marcel@...tmann.org>,
	"linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>, Kalle Valo <kvalo@...nel.org>,
	"francesco@...cini.it" <francesco@...cini.it>,
	Pete Hsieh <tsung-hsien.hsieh@....com>,
	"rafael.beims" <rafael.beims@...adex.com>,
	Francesco Dolcini <francesco.dolcini@...adex.com>
Subject: Re: [EXT] [PATCH v10 0/2] wifi: mwifiex: add code to support host
 mlme

On Mon, May 13, 2024 at 01:27:13AM +0000, David Lin wrote:
> > From: David Lin <yu-hao.lin@....com>
> > Sent: Thursday, May 2, 2024 4:35 PM
> > 
> > 1. The process of external_auth should be as follows:
> >   a. cfg80211_ops.connect() is called to establish connection with remote
> > AP.
> >   b. If authentication is not WLAN_AUTH_SAE, FW will process
> > authentication/association
> >   and reply connection result to cfg80211.
> >   c. If authentication is WLAN_AUTH_SAE, FW should notify driver to call
> >   cfg80211_external_auth_request() to offload authentication to
> > wpa_supplicant.

FWIW, I expect you could just as well teach the driver to detect this --
I don't think we'd strictly require that firmware notify the driver.
Essentially, you could teach the driver to notice any sort of CONNECT
request (e.g., keep a list of FW-supported WLAN_AUTH_* modes?) that the
firmware can't handle on its own, and begin the external_auth() process.

I'm not sure this is ideal, but it does sound doable even without FW
notification.

> >   d. FW will wait for authentication result passed by
> > cfg80211_ops.external_auth() to
> >   decide if association should be processed with remote AP for the original
> > connection
> >   request and reply connection result to cfg80211.
> >   NXP FW only supports association with or without authentication, it can't
> > support external_auth.

But could it support my above description? Basically, the driver decides
whether to submit the connection request directly to the firmware, or
go with external_auth() instead.

> > 2. Hook separating auth/assoc will offload SME to wpa_supplicant
> > completely. Driver/FW don't need
> >   to involve the process of authentication just like external_auth did. There
> > is no effort for driver/FW
> >   to support any future modifications of authentication process.
> 
> Can we confirm that hooking separating auth/assoc is more suitable than "external_auth" for mwifiex?

I have one clarification question above. And I haven't heard anything
more from Marcel, so assuming the above is clarified, I suppose we can
drop the external_auth question.

Brian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ