From: Chi-Hsien Lin <Chi-Hsien.Lin@cypress.com>
To: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>
Cc: "brcm80211-dev-list@broadcom.com"
<brcm80211-dev-list@broadcom.com>,
brcm80211-dev-list <brcm80211-dev-list@cypress.com>,
Arend van Spriel <arend.vanspriel@broadcom.com>,
Franky Lin <franky.lin@broadcom.com>,
Hante Meuleman <hante.meuleman@broadcom.com>,
Wright Feng <Wright.Feng@cypress.com>,
Kalle Valo <kvalo@codeaurora.org>,
Stanley Hsu <Stanley.Hsu@cypress.com>,
Chi-Hsien Lin <Chi-Hsien.Lin@cypress.com>
Subject: [PATCH 5/6] cfg80211: add support for SAE authentication offload
Date: Fri, 4 Jan 2019 06:11:14 +0000 [thread overview]
Message-ID: <1546582221-143220-5-git-send-email-chi-hsien.lin@cypress.com> (raw)
In-Reply-To: <1546582221-143220-1-git-send-email-chi-hsien.lin@cypress.com>
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Let drivers advertise support for station-mode SAE authentication
offload with a new NL80211_EXT_FEATURE_SAE_OFFLOAD flag.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com>
---
include/linux/ieee80211.h | 1 +
include/net/cfg80211.h | 5 +++++
include/uapi/linux/nl80211.h | 16 ++++++++++++++++
net/wireless/nl80211.c | 14 ++++++++++++++
4 files changed, 36 insertions(+)
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 3b04e72315e1..37d3e655e547 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2596,6 +2596,7 @@ enum ieee80211_key_len {
#define FILS_ERP_MAX_RRK_LEN 64
#define PMK_MAX_LEN 64
+#define SAE_PASSWORD_MAX_LEN 128
/* Public action codes (IEEE Std 802.11-2016, 9.6.8.1, Table 9-307) */
enum ieee80211_pub_actioncode {
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index e0c41eb1c860..5809dac97b33 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -740,6 +740,9 @@ struct survey_info {
* CFG80211_MAX_WEP_KEYS WEP keys
* @wep_tx_key: key index (0..3) of the default TX static WEP key
* @psk: PSK (for devices supporting 4-way-handshake offload)
+ * @sae_pwd: password for SAE authentication (for devices supporting SAE
+ * offload)
+ * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
*/
struct cfg80211_crypto_settings {
u32 wpa_versions;
@@ -755,6 +758,8 @@ struct cfg80211_crypto_settings {
struct key_params *wep_keys;
int wep_tx_key;
const u8 *psk;
+ const u8 *sae_pwd;
+ u16 sae_pwd_len;
};
/**
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 12762afb3a07..4840aaed39ba 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -235,6 +235,15 @@
*/
/**
+ * DOC: SAE authentication offload
+ *
+ * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
+ * support offloading SAE authentication for WPA3-Personal networks. In
+ * %NL80211_CMD_CONNECT the password for SAE should be specified using
+ * %NL80211_ATTR_SAE_PASSWORD.
+ */
+
+/**
* enum nl80211_commands - supported nl80211 commands
*
* @NL80211_CMD_UNSPEC: unspecified command to catch errors
@@ -2288,6 +2297,9 @@ enum nl80211_commands {
*
* @NL80211_ATTR_FTM_RESPONDER_STATS: Nested attribute with FTM responder
* statistics, see &enum nl80211_ftm_responder_stats.
+ * @NL80211_ATTR_SAE_PASSWORD: attribute for passing SAE password material. It
+ * is used with %NL80211_CMD_CONNECT to provide password for offloading
+ * SAE authentication for WPA3-Personal networks.
*
* @NL80211_ATTR_TIMEOUT: Timeout for the given operation in milliseconds (u32),
* if the attribute is not given no timeout is requested. Note that 0 is an
@@ -2743,6 +2755,7 @@ enum nl80211_attrs {
NL80211_ATTR_FTM_RESPONDER,
NL80211_ATTR_FTM_RESPONDER_STATS,
+ NL80211_ATTR_SAE_PASSWORD,
NL80211_ATTR_TIMEOUT,
@@ -5316,6 +5329,8 @@ enum nl80211_feature_flags {
* able to rekey an in-use key correctly. Userspace must not rekey PTK keys
* if this flag is not set. Ignoring this can leak clear text packets and/or
* freeze the connection.
+ * @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in
+ * station mode (SAE password is passed as part of the connect command).
*
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
@@ -5356,6 +5371,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT,
NL80211_EXT_FEATURE_CAN_REPLACE_PTK0,
NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER,
+ NL80211_EXT_FEATURE_SAE_OFFLOAD,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index c464ce8bc248..d1ebc93d5d56 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -557,6 +557,8 @@ const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
[NL80211_ATTR_PEER_MEASUREMENTS] =
NLA_POLICY_NESTED(NL80211_PMSR_FTM_REQ_ATTR_MAX,
nl80211_pmsr_attr_policy),
+ [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
+ .len = SAE_PASSWORD_MAX_LEN },
};
/* policy for the key attributes */
@@ -4348,6 +4350,8 @@ static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
return true;
case NL80211_CMD_CONNECT:
if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
+ !wiphy_ext_feature_isset(&rdev->wiphy,
+ NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
auth_type == NL80211_AUTHTYPE_SAE)
return false;
@@ -8769,6 +8773,16 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
}
+ if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
+ if (!wiphy_ext_feature_isset(&rdev->wiphy,
+ NL80211_EXT_FEATURE_SAE_OFFLOAD))
+ return -EINVAL;
+ settings->sae_pwd =
+ nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
+ settings->sae_pwd_len =
+ nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
+ }
+
return 0;
}
--
2.1.0
next prev parent reply other threads:[~2019-01-04 6:11 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-04 6:11 [PATCH 1/6] nl80211: add NL80211_ATTR_IFINDEX to port authorized event Chi-Hsien Lin
2019-01-04 6:11 ` [PATCH 2/6] brcmfmac: send port authorized event for 802.1X 4-way handshake offload Chi-Hsien Lin
2019-01-07 9:44 ` Arend Van Spriel
2019-05-09 8:58 ` Stanley Hsu
2019-05-09 11:54 ` Arend Van Spriel
2019-01-04 6:11 ` [PATCH 3/6] brcmfmac: send port authorized event for FT-802.1X Chi-Hsien Lin
2019-01-07 12:00 ` Arend Van Spriel
2019-01-04 6:11 ` [PATCH 4/6] nl80211: add WPA3 definition for SAE authentication Chi-Hsien Lin
2019-01-04 6:11 ` Chi-Hsien Lin [this message]
2019-01-04 9:26 ` [PATCH 5/6] cfg80211: add support for SAE authentication offload Marcel Holtmann
2019-05-09 9:21 ` Stanley Hsu
2019-05-10 8:32 ` Marcel Holtmann
2019-01-04 11:10 ` Arend Van Spriel
2019-05-09 9:02 ` Stanley Hsu
2019-01-04 6:11 ` [PATCH 6/6] brcmfmac: " Chi-Hsien Lin
2019-01-04 10:51 ` [PATCH 1/6] nl80211: add NL80211_ATTR_IFINDEX to port authorized event Arend Van Spriel
2019-05-09 8:51 ` Stanley Hsu
2019-01-15 13:42 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1546582221-143220-5-git-send-email-chi-hsien.lin@cypress.com \
--to=chi-hsien.lin@cypress.com \
--cc=Stanley.Hsu@cypress.com \
--cc=Wright.Feng@cypress.com \
--cc=arend.vanspriel@broadcom.com \
--cc=brcm80211-dev-list@broadcom.com \
--cc=brcm80211-dev-list@cypress.com \
--cc=franky.lin@broadcom.com \
--cc=hante.meuleman@broadcom.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).