Use Apple RSN supplicant

[usr-sse2]

Use IO80211Family's RSN supplicant. It works, but I've not yet backported some things that are necessary before merging:

• RSN IE override. It's necessary to connect to (at least my) WPA2 Enterprise network
• setDISASSOCIATE IOCTL. It's necessary to disconnect from network manually or in case of authentication failure (now it remains connected and can't scan).
• Message for completing RSN authentication (needed on Big Sur to inform macOS that the authentication succeeded, else it calls setDISASSOCIATE)
• Message when changing state – maybe it's already implemented, need to look code and test

[usr-sse2]

Tested on Catalina and Big Sur, WPA2-PSK and WPA2-Enterprise both work.

[zxystd]

Nice job!! I don't have enterprise network to test, but here is a error log from a user, tested with this PR version, can you help to check it?
wpa2enterprise.log

[usr-sse2]

@zxystd This is not all: /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport logger is also needed (need to enable first by sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport debug +AllUserland +AllDriver +AllVendor).
The log output is also incomplete – macOS omits too long messages like packet dumps (the doc says that it should truncate them, but really it just skips them), so it's better to do both log stream and sudo dmesg to save all messages but have timestamps.
Packet captures and logs from the access point can also be useful.

[williambj1]

@usr-sse2 Thanks for your contribution, really appreciate your time and effort!

The contributed code is indented with hard tabs. Would you mind changing them to 4 spaces so they are consistent with the rest of the project? Xcode configuration files use tabs by default, so it is fine to leave them as they are.

[usr-sse2]

@usr-sse2 Thanks for your contribution, really appreciate your time and effort!

The contributed code is indented with hard tabs. Would you mind changing them to 4 spaces so they are consistent with the rest of the project? Xcode configuration files use tabs by default, so it is fine to leave them as they are.

Done; left tabs in files that are indented with tabs, for example, ieee80211_output.c.

[usr-sse2]

I also enabled Instant Hostpot and Auto Unlock by setting all card capabilities to 0xFF. Auto Unlock enables successfully on both Intel and external Broadcom Bluetooth, and on one boot it even worked with Broadcom Bluetooth, but I can't reproduce it any more, don't know why. Besides, here are the logs for Handoff, AirDrop, Auto Unlock and Tethering, may be useful in development:

log stream --predicate 'sender="sharingd"'

[igorkulman]

I tried Airportitlwm built from this PR and my computer always restarts after wake up from sleep when using it. No problem with the code from the master branch.

[jqqqqqqqqqq]

I also enabled Instant Hostpot and Auto Unlock by setting all card capabilities to 0xFF. Auto Unlock enables successfully on both Intel and external Broadcom Bluetooth, and on one boot it even worked with Broadcom Bluetooth, but I can't reproduce it any more, don't know why. Besides, here are the logs for Handoff, AirDrop, Auto Unlock and Tethering, may be useful in development:

log stream --predicate 'sender="sharingd"'

Doesn't need to sleep every time, for unlocking from login screen, if you have multiple account, just select login window from top right corner.

Another equivalent way is to use the lock icon in System Preferences -> Security & Privacy. It triggers a unlock prompt on watch, and the logs in log stream --predicate 'sender="sharingd"' looks pretty similar to Auto Unlock.

[usr-sse2]

@jqqqqqqqqqq What's the purpose of your comment? I know how to use Auto Unlock, and this is exactly what I did while testing.

[usr-sse2]

I tried Airportitlwm built from this PR and my computer always restarts after wake up from sleep when using it. No problem with the code from the master branch.

Post the panic log here

[igorkulman]

I tried Airportitlwm built from this PR and my computer always restarts after wake up from sleep when using it. No problem with the code from the master branch.

Post the panic log here

Here you go, for the last crash

panic(cpu 1 caller 0xffffff80110469aa): Kernel trap at 0xffffff7f94504982, type 13=general protection, registers:CR0: 0x000000008001003b, CR2: 0x0000000111e8b000, CR3: 0x0000000015ca6000, CR4: 0x00000000001626e0
RAX: 0x7275746552203131, RBX: 0xffffff802e6ed1e0, RCX: 0x0000000000000000, RDX: 0xffffff802e6ed550
RSP: 0xffffff818d383c90, RBP: 0xffffff818d383cd0, RSI: 0xffffff8032076450, RDI: 0xffffff802e238800
R8:  0x0000000000000000, R9:  0x0000000000989680, R10: 0x0000000000000000, R11: 0xffffff80119f5280
R12: 0xffffff7f944d95b0, R13: 0x0000000000000000, R14: 0xffffff802e6ed550, R15: 0xffffff8032076450
RFL: 0x0000000000010202, RIP: 0xffffff7f94504982, CS:  0x0000000000000008, SS:  0x0000000000000010
Fault CR2: 0x0000000111e8b000, Error code: 0x0000000000000000, Fault CPU: 0x1, PL: 0, VF: 0

Backtrace (CPU 1), Frame : Return Address
0xffffff8010d51a20 : 0xffffff8010f1a65d 
0xffffff8010d51a70 : 0xffffff8011054a75 
0xffffff8010d51ab0 : 0xffffff80110465fe 
0xffffff8010d51b00 : 0xffffff8010ec0a40 
0xffffff8010d51b20 : 0xffffff8010f19d27 
0xffffff8010d51c20 : 0xffffff8010f1a117 
0xffffff8010d51c70 : 0xffffff80116c1a6c 
0xffffff8010d51ce0 : 0xffffff80110469aa 
0xffffff8010d51e60 : 0xffffff80110466a8 
0xffffff8010d51eb0 : 0xffffff8010ec0a40 
0xffffff8010d51ed0 : 0xffffff7f94504982 
0xffffff818d383cd0 : 0xffffff801162e9d8 
0xffffff818d383d30 : 0xffffff7f944f04ec 
0xffffff818d383d70 : 0xffffff7f944f1e2e 
0xffffff818d383d90 : 0xffffff7f94555d37 
0xffffff818d383df0 : 0xffffff7f9455a477 
0xffffff818d383e40 : 0xffffff7f944d961f 
0xffffff818d383fa0 : 0xffffff8010ec013e 
      Kernel Extensions in backtrace:
         com.zxystd.AirportItlwm(1.0)[98A9DBBF-9BD8-3C4E-AC74-043385AC341B]@0xffffff7f944d8000->0xffffff7f9466dfff
            dependency: com.apple.iokit.IOPCIFamily(2.9)[44472E6F-8DA0-3B46-ADEF-AFF76EC6C6DB]@0xffffff7f91931000
            dependency: com.apple.iokit.IO80211Family(1200.12.2b1)[D6EB9626-5A80-3FE4-A1F3-4F455A48C64A]@0xffffff7f9437d000
            dependency: com.apple.iokit.IONetworkingFamily(3.4)[26FE14A5-825D-35E4-BD06-C5B8A1AE1FD9]@0xffffff7f91865000

BSD process name corresponding to current thread: kernel_task
Boot args: -rtsx_mimic_linux 

Mac OS version:
19H2

Kernel version:
Darwin Kernel Version 19.6.0: Mon Aug 31 22:12:52 PDT 2020; root:xnu-6153.141.2~1\/RELEASE_X86_64
Kernel UUID: 05D51A3D-3A87-3FF0-98C3-9CF3827A3EDD
Kernel slide:     0x0000000010c00000
Kernel text base: 0xffffff8010e00000
__HIB  text base: 0xffffff8010d00000
System model name: MacBookPro11,1 (Mac-189A3D4F975D5FFC)
System shutdown begun: NO
Panic diags file available: YES (0x0)

System uptime in nanoseconds: 1998050578303

[usr-sse2]

@igorkulman With keepsyms=1 boot argument, please, to show function names instead of just addresses.

[usr-sse2]

@zxystd So what? Did the WPA2 Enterprise user send the logs?

I found another useful log command for debugging EAP authentication:

log stream --predicate 'sender="eapolclient"`

[jqqqqqqqqqq]

@jqqqqqqqqqq What's the purpose of your comment? I know how to use Auto Unlock, and this is exactly what I did while testing.

My bad, I want to help discovering what is behind unlock w/ apple watch, but so far I had no discovery. I’m looking into frameworks to see if the limitation is outside the drivers. Is there anything I can help?

[williambj1]

@zxystd So what? Did the WPA2 Enterprise user send the logs?

I found another useful log command for debugging EAP authentication:

log stream --predicate 'sender="eapolclient"`

After discussing and investigating with that user for a while, turns out that it was a user mistake. Now he can successfully connect to enterprise networks.

[williambj1]

@usr-sse2 zxy told me he is happy to merge this PR right now and asked me to help him do so. Should we wait for @igorkulman's panic report with keepsyms=1 or fix it later in another PR?

[igorkulman]

@usr-sse2 zxy told me he is happy to merge this PR right now and asked me to help him do so. Should we wait for @igorkulman's panic report with keepsyms=1 or fix it later in another PR?

Do not wait for my panic report, I cannot reproduce right now. I think there were some other factors not just sleep. I will open an issue with a proper panic report when it happens again.