802.11r FT authentication with FullMAC driver

[Bart Smink]

Hello,

We’re currently in the process of patching firmware of a Realtek device to work with 802.11r. As the device is FullMAC, there is no nl80211 usage in the driver, only cfg80211. 

>From what I have seen from SoftMAC drivers is that when hopping at first an authentication frame is sent to hostapd to indicate the station authentication algorithm uses FT. Then the association ies are sent and hostapd knows the authentication method is FT based on the info from the authentication frame. 

With the FullMAC driver there are no MLME messages as the SME is implemented in the firmware. And from what I have seen only cfg80211_add_sta is called with the information elements of the association, not the authentication. From the source code of hostapd there is no way to install the ft keys when not having sta->auth_algs == WLAN_AUTH_FT and having reassoc set to true. This is on line 702 of drv_callbacks.c:
if (reassoc && (sta->auth_alg == WLAN_AUTH_FT))

The variable reassoc is hardcoded to 0, and auth_alg is only set when receiving an authentication frame, which does not happen. What is the recommended way to fix this? Some way of sending the authentication frame would solve it, but there is no public function available in cfg80211 for such purpose or I did not find it. 

For now I have patched this line at drv_callbacks.c:702 with:
If (elems.ftie_len && sta->wpa_sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_PSK)

Which then triggers wpa_authm_sm_event which prevents the 4way handshake from occuring, which is not needed as the driver already has all the keys installed. This seems to work for now, but it could lead to more problems. 

Kind regards,

Bart Smink