[PATCH] cfg80211: add key management offload feature

[PATCH] cfg80211: add key management offload feature

[Amitkumar Karwar]

From: lihz <lihz@marvell.com>

This patch adds key management offload feature. It needs to be
advertised through NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD flag.
Existing cfg80211_roamed API has been extended to report keys
for roaming offload.

Signed-off-by: Huazeng Li <lihz@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
---
 drivers/net/wireless/ath/ath6kl/cfg80211.c         |  3 ++-
 .../broadcom/brcm80211/brcmfmac/cfg80211.c         |  3 ++-
 drivers/net/wireless/rndis_wlan.c                  |  3 ++-
 drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c  |  2 +-
 drivers/staging/wlan-ng/cfg80211.c                 |  2 +-
 include/linux/ieee80211.h                          |  3 +++
 include/net/cfg80211.h                             |  8 +++++--
 include/uapi/linux/nl80211.h                       | 11 +++++++++
 net/wireless/core.h                                |  8 ++++++-
 net/wireless/nl80211.c                             | 19 ++++++++++++++--
 net/wireless/nl80211.h                             |  4 +++-
 net/wireless/sme.c                                 | 26 +++++++++++++++++-----
 net/wireless/util.c                                |  4 +++-
 13 files changed, 79 insertions(+), 17 deletions(-)
 mode change 100644 => 100755 net/wireless/nl80211.c

diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c
index b7fe0af..9511f73 100644
--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
+++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
@@ -809,7 +809,8 @@ void ath6kl_cfg80211_connect_event(struct ath6kl_vif *vif, u16 channel,
 	} else if (vif->sme_state == SME_CONNECTED) {
 		/* inform roam event to cfg80211 */
 		cfg80211_roamed_bss(vif->ndev, bss, assoc_req_ie, assoc_req_len,
-				    assoc_resp_ie, assoc_resp_len, GFP_KERNEL);
+				    assoc_resp_ie, assoc_resp_len, GFP_KERNEL,
+				    NULL, NULL, NULL, 0);
 	}
 }
 
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index 748eaa6..5934b77 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5450,7 +5450,8 @@ done:
 	kfree(buf);
 	cfg80211_roamed(ndev, notify_channel, (u8 *)profile->bssid,
 			conn_info->req_ie, conn_info->req_ie_len,
-			conn_info->resp_ie, conn_info->resp_ie_len, GFP_KERNEL);
+			conn_info->resp_ie, conn_info->resp_ie_len, GFP_KERNEL,
+			NULL, NULL, NULL, 0);
 	brcmf_dbg(CONN, "Report roaming result\n");
 
 	set_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
index 603c904..ad9535f 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
@@ -2838,7 +2838,8 @@ static void rndis_wlan_do_link_up_work(struct usbnet *usbdev)
 			cfg80211_roamed(usbdev->net,
 					get_current_channel(usbdev, NULL),
 					bssid, req_ie, req_ie_len,
-					resp_ie, resp_ie_len, GFP_KERNEL);
+					resp_ie, resp_ie_len, GFP_KERNEL,
+					NULL, NULL, NULL, 0);
 	} else if (priv->infra_mode == NDIS_80211_INFRA_ADHOC)
 		cfg80211_ibss_joined(usbdev->net, bssid,
 				     get_current_channel(usbdev, NULL),
diff --git a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c
index d0ba377..e74216a 100644
--- a/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c
+++ b/drivers/staging/rtl8723au/os_dep/ioctl_cfg80211.c
@@ -341,7 +341,7 @@ void rtw_cfg80211_indicate_connect(struct rtw_adapter *padapter)
 				sizeof(struct ieee80211_hdr_3addr) + 6,
 				pmlmepriv->assoc_rsp_len -
 				sizeof(struct ieee80211_hdr_3addr) - 6,
-				GFP_ATOMIC);
+				GFP_ATOMIC, NULL, NULL, NULL, 0);
 	} else {
 		cfg80211_connect_result(padapter->pnetdev,
 					cur_network->network.MacAddress,
diff --git a/drivers/staging/wlan-ng/cfg80211.c b/drivers/staging/wlan-ng/cfg80211.c
index f46dfe6..178d955 100644
--- a/drivers/staging/wlan-ng/cfg80211.c
+++ b/drivers/staging/wlan-ng/cfg80211.c
@@ -722,7 +722,7 @@ void prism2_disconnected(wlandevice_t *wlandev)
 void prism2_roamed(wlandevice_t *wlandev)
 {
 	cfg80211_roamed(wlandev->netdev, NULL, wlandev->bssid,
-		NULL, 0, NULL, 0, GFP_KERNEL);
+		NULL, 0, NULL, 0, GFP_KERNEL, NULL, NULL, NULL, 0);
 }
 
 /* Structures for declaring wiphy interface */
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index a80516f..8cf3535 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2312,6 +2312,9 @@ enum ieee80211_sa_query_action {
 #define WLAN_CIPHER_SUITE_BIP_CMAC_256	0x000FAC0D
 
 #define WLAN_CIPHER_SUITE_SMS4		0x00147201
+#define WLAN_CIPHER_SUITE_PMK           0x00147202
+#define WLAN_CIPHER_SUITE_PMK_R0        0x00147203
+#define WLAN_CIPHER_SUITE_PMK_R0_NAME   0x00147204
 
 /* AKM suite selectors */
 #define WLAN_AKM_SUITE_8021X		0x000FAC01
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index ed37304..817df07 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -4865,7 +4865,9 @@ void cfg80211_roamed(struct net_device *dev,
 		     struct ieee80211_channel *channel,
 		     const u8 *bssid,
 		     const u8 *req_ie, size_t req_ie_len,
-		     const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp);
+		     const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp,
+		     const u8 *key_replay_ctr, const u8 *ptk_kck,
+		     const u8 *ptk_kek, const u8 authorized);
 
 /**
  * cfg80211_roamed_bss - notify cfg80211 of roaming
@@ -4891,7 +4893,9 @@ void cfg80211_roamed(struct net_device *dev,
  */
 void cfg80211_roamed_bss(struct net_device *dev, struct cfg80211_bss *bss,
 			 const u8 *req_ie, size_t req_ie_len,
-			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp);
+			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp,
+			 const u8 *key_replay_ctr, const u8 *ptk_kck,
+			 const u8 *ptk_kek, const u8 authorized);
 
 /**
  * cfg80211_disconnected - notify cfg80211 that connection was dropped
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index ec10d1b..c56df53 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -1873,6 +1873,9 @@ enum nl80211_commands {
  * @NL80211_ATTR_MESH_PEER_AID: Association ID for the mesh peer (u16). This is
  *	used to pull the stored data for mesh peer in power save state.
  *
+ * @NL80211_ATTR_AUTHORIZED: flag attribute, if set indicates that the
+ *      connection is authorized.
+ *
  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
  * @NL80211_ATTR_MAX: highest attribute number currently defined
  * @__NL80211_ATTR_AFTER_LAST: internal use
@@ -2267,6 +2270,8 @@ enum nl80211_attrs {
 
 	NL80211_ATTR_MESH_PEER_AID,
 
+	NL80211_ATTR_AUTHORIZED,
+
 	/* add attributes here, update the policy in nl80211.c */
 
 	__NL80211_ATTR_AFTER_LAST,
@@ -3687,6 +3692,9 @@ enum nl80211_key_attributes {
 	NL80211_KEY_DEFAULT_MGMT,
 	NL80211_KEY_TYPE,
 	NL80211_KEY_DEFAULT_TYPES,
+	NL80211_KEY_REPLAY_CTR,
+	NL80211_KEY_KCK,
+	NL80211_KEY_KEK,
 
 	/* keep last */
 	__NL80211_KEY_AFTER_LAST,
@@ -4563,6 +4571,8 @@ enum nl80211_feature_flags {
  *	configuration (AP/mesh) with HT rates.
  * @NL80211_EXT_FEATURE_BEACON_RATE_VHT: Driver supports beacon rate
  *	configuration (AP/mesh) with VHT rates.
+ * @NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD: This driver supports key management
+ *	auth offload.
  *
  * @NUM_NL80211_EXT_FEATURES: number of extended features.
  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
@@ -4577,6 +4587,7 @@ enum nl80211_ext_feature_index {
 	NL80211_EXT_FEATURE_BEACON_RATE_LEGACY,
 	NL80211_EXT_FEATURE_BEACON_RATE_HT,
 	NL80211_EXT_FEATURE_BEACON_RATE_VHT,
+	NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD,
 
 	/* add new features before the definition below */
 	NUM_NL80211_EXT_FEATURES,
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 5555e3c..bd9914b2 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -231,8 +231,12 @@ struct cfg80211_event {
 		struct {
 			const u8 *req_ie;
 			const u8 *resp_ie;
+			const u8 *key_replay_ctr;
+			const u8 *key_kck;
+			const u8 *key_kek;
 			size_t req_ie_len;
 			size_t resp_ie_len;
+			u8 authorized;
 			struct cfg80211_bss *bss;
 		} rm;
 		struct {
@@ -396,7 +400,9 @@ int cfg80211_disconnect(struct cfg80211_registered_device *rdev,
 void __cfg80211_roamed(struct wireless_dev *wdev,
 		       struct cfg80211_bss *bss,
 		       const u8 *req_ie, size_t req_ie_len,
-		       const u8 *resp_ie, size_t resp_ie_len);
+		       const u8 *resp_ie, size_t resp_ie_len,
+		       const u8 authorized, const u8 *key_replay_ctr,
+		       const u8 *key_kck, const u8 *key_kek);
 int cfg80211_mgd_wext_connect(struct cfg80211_registered_device *rdev,
 			      struct wireless_dev *wdev);
 
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
old mode 100644
new mode 100755
index b8441e6..06754f9
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -928,7 +928,9 @@ static int nl80211_key_allowed(struct wireless_dev *wdev)
 	case NL80211_IFTYPE_ADHOC:
 	case NL80211_IFTYPE_STATION:
 	case NL80211_IFTYPE_P2P_CLIENT:
-		if (!wdev->current_bss)
+		if (!wdev->current_bss &&
+		    !wiphy_ext_feature_isset(wdev->wiphy,
+		    NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD))
 			return -ENOLINK;
 		break;
 	case NL80211_IFTYPE_UNSPECIFIED:
@@ -12481,7 +12483,9 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
 			 struct net_device *netdev, const u8 *bssid,
 			 const u8 *req_ie, size_t req_ie_len,
-			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
+			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp,
+			 const u8 authorized, const u8 *key_replay_ctr,
+			 const u8 *key_kck, const u8 *key_kek)
 {
 	struct sk_buff *msg;
 	void *hdr;
@@ -12505,6 +12509,17 @@ void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
 		goto nla_put_failure;
 
+	if (wiphy_ext_feature_isset(&rdev->wiphy,
+				    NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD) &&
+	    (nla_put_u8(msg, NL80211_ATTR_AUTHORIZED, authorized) ||
+	    (key_replay_ctr && nla_put(msg, NL80211_KEY_REPLAY_CTR,
+	     NL80211_REPLAY_CTR_LEN, key_replay_ctr)) ||
+	    (key_kck &&
+	     nla_put(msg, NL80211_KEY_KCK, NL80211_KCK_LEN, key_kck)) ||
+	    (key_kek &&
+	     nla_put(msg, NL80211_KEY_KEK, NL80211_KEK_LEN, key_kek))))
+		goto nla_put_failure;
+
 	genlmsg_end(msg, hdr);
 
 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
diff --git a/net/wireless/nl80211.h b/net/wireless/nl80211.h
index 7e3821d..5d2fe3a 100644
--- a/net/wireless/nl80211.h
+++ b/net/wireless/nl80211.h
@@ -62,7 +62,9 @@ void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
 			 struct net_device *netdev, const u8 *bssid,
 			 const u8 *req_ie, size_t req_ie_len,
-			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp);
+			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp,
+			 const u8 authorized, const u8 *key_replay_ctr,
+			 const u8 *key_kck, const u8 *key_kek);
 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
 			       struct net_device *netdev, u16 reason,
 			       const u8 *ie, size_t ie_len, bool from_ap);
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index c08a3b5..a6ddbb4 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -807,7 +807,9 @@ EXPORT_SYMBOL(cfg80211_connect_bss);
 void __cfg80211_roamed(struct wireless_dev *wdev,
 		       struct cfg80211_bss *bss,
 		       const u8 *req_ie, size_t req_ie_len,
-		       const u8 *resp_ie, size_t resp_ie_len)
+		       const u8 *resp_ie, size_t resp_ie_len,
+		       const u8 authorized, const u8 *key_replay_ctr,
+		       const u8 *key_kck, const u8 *key_kek)
 {
 #ifdef CONFIG_CFG80211_WEXT
 	union iwreq_data wrqu;
@@ -831,7 +833,8 @@ void __cfg80211_roamed(struct wireless_dev *wdev,
 	nl80211_send_roamed(wiphy_to_rdev(wdev->wiphy),
 			    wdev->netdev, bss->bssid,
 			    req_ie, req_ie_len, resp_ie, resp_ie_len,
-			    GFP_KERNEL);
+			    GFP_KERNEL, authorized, key_replay_ctr,
+			    key_kck, key_kek);
 
 #ifdef CONFIG_CFG80211_WEXT
 	if (req_ie) {
@@ -865,7 +868,9 @@ void cfg80211_roamed(struct net_device *dev,
 		     struct ieee80211_channel *channel,
 		     const u8 *bssid,
 		     const u8 *req_ie, size_t req_ie_len,
-		     const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
+		     const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp,
+		     const u8 *key_replay_ctr, const u8 *ptk_kck,
+		     const u8 *ptk_kek, const u8 authorized)
 {
 	struct wireless_dev *wdev = dev->ieee80211_ptr;
 	struct cfg80211_bss *bss;
@@ -877,7 +882,8 @@ void cfg80211_roamed(struct net_device *dev,
 		return;
 
 	cfg80211_roamed_bss(dev, bss, req_ie, req_ie_len, resp_ie,
-			    resp_ie_len, gfp);
+			    resp_ie_len, gfp, key_replay_ctr, ptk_kck,
+			    ptk_kek, authorized);
 }
 EXPORT_SYMBOL(cfg80211_roamed);
 
@@ -885,7 +891,9 @@ EXPORT_SYMBOL(cfg80211_roamed);
 void cfg80211_roamed_bss(struct net_device *dev,
 			 struct cfg80211_bss *bss, const u8 *req_ie,
 			 size_t req_ie_len, const u8 *resp_ie,
-			 size_t resp_ie_len, gfp_t gfp)
+			 size_t resp_ie_len, gfp_t gfp,
+			 const u8 *key_replay_ctr, const u8 *ptk_kck,
+			 const u8 *ptk_kek, const u8 authorized)
 {
 	struct wireless_dev *wdev = dev->ieee80211_ptr;
 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
@@ -908,6 +916,14 @@ void cfg80211_roamed_bss(struct net_device *dev,
 	ev->rm.resp_ie = ((u8 *)ev) + sizeof(*ev) + req_ie_len;
 	ev->rm.resp_ie_len = resp_ie_len;
 	memcpy((void *)ev->rm.resp_ie, resp_ie, resp_ie_len);
+	ev->rm.key_replay_ctr = ((u8 *)ev) + sizeof(*ev) + resp_ie_len;
+	memcpy((void *)ev->rm.key_replay_ctr, key_replay_ctr,
+	       NL80211_REPLAY_CTR_LEN);
+	ev->rm.key_kck = ((u8 *)ev) + sizeof(*ev) + NL80211_REPLAY_CTR_LEN;
+	memcpy((void *)ev->rm.key_kck, ptk_kck, NL80211_KCK_LEN);
+	ev->rm.key_kek = ((u8 *)ev) + sizeof(*ev) + NL80211_KCK_LEN;
+	memcpy((void *)ev->rm.key_kek, ptk_kek, NL80211_KEK_LEN);
+	ev->rm.authorized = authorized;
 	ev->rm.bss = bss;
 
 	spin_lock_irqsave(&wdev->event_lock, flags);
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 9e6e2aa..30c4628 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -960,7 +960,9 @@ void cfg80211_process_wdev_events(struct wireless_dev *wdev)
 		case EVENT_ROAMED:
 			__cfg80211_roamed(wdev, ev->rm.bss, ev->rm.req_ie,
 					  ev->rm.req_ie_len, ev->rm.resp_ie,
-					  ev->rm.resp_ie_len);
+					  ev->rm.resp_ie_len, ev->rm.authorized,
+					  ev->rm.key_replay_ctr, ev->rm.key_kck,
+					  ev->rm.key_kek);
 			break;
 		case EVENT_DISCONNECTED:
 			__cfg80211_disconnected(wdev->netdev,
-- 
1.9.1

[PATCH] nl80211: add key management offload feature

[Amitkumar Karwar]

From: lihz <lihz@marvell.com>

Currently this feature is available under CONFIG_DRIVER_NL80211_QCA
flag. It makes use of vendor command approach.

This patch along with a kernel patch is an attempt to make the
feature generic. psk is downloaded through standard set_key path
There is an extra handling in ROAM event from driver.

Signed-off-by: Huazeng Li <lihz@marvell.com>
Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
---
 src/common/defs.h                  |  4 +++-
 src/common/ieee802_11_defs.h       |  3 +++
 src/drivers/driver_nl80211.c       | 40 +++++++++++++++++++++++++++++---------
 src/drivers/driver_nl80211_capa.c  |  4 ++++
 src/drivers/driver_nl80211_event.c | 17 ++++------------
 src/drivers/nl80211_copy.h         |  8 ++++++++
 src/rsn_supp/wpa_ft.c              |  4 ++++
 7 files changed, 57 insertions(+), 23 deletions(-)

diff --git a/src/common/defs.h b/src/common/defs.h
index 4f56794..e9e9692 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -148,7 +148,9 @@ enum wpa_alg {
 	WPA_ALG_CCMP_256,
 	WPA_ALG_BIP_GMAC_128,
 	WPA_ALG_BIP_GMAC_256,
-	WPA_ALG_BIP_CMAC_256
+	WPA_ALG_BIP_CMAC_256,
+	WPA_ALG_PMK_R0,
+	WPA_ALG_PMK_R0_NAME,
 };
 
 /**
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index 02d2ad7..632374a 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -1376,6 +1376,9 @@ enum plink_action_field {
 #define WLAN_CIPHER_SUITE_BIP_CMAC_256	0x000FAC0D
 
 #define WLAN_CIPHER_SUITE_SMS4		0x00147201
+#define WLAN_CIPHER_SUITE_PMK		0x00147202
+#define WLAN_CIPHER_SUITE_PMK_R0	0x00147203
+#define WLAN_CIPHER_SUITE_PMK_R0_NAME	0x00147204
 
 #define WLAN_CIPHER_SUITE_CKIP		0x00409600
 #define WLAN_CIPHER_SUITE_CKIP_CMIC	0x00409601
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 1210d43..7024b8a 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -2675,21 +2675,34 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 	}
 #endif /* CONFIG_TDLS */
 
-#ifdef CONFIG_DRIVER_NL80211_QCA
-	if (alg == WPA_ALG_PMK &&
-	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
-		wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
-			   __func__);
-		ret = issue_key_mgmt_set_key(drv, key, key_len);
-		return ret;
+
+	if ((alg == WPA_ALG_PMK || alg == WPA_ALG_PMK_R0 ||
+	     alg == WPA_ALG_PMK_R0_NAME) &&
+	     (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
+		u32 suite;
+
+		if (alg == WPA_ALG_PMK_R0)
+			suite = WLAN_CIPHER_SUITE_PMK_R0;
+		else if (alg == WPA_ALG_PMK_R0_NAME)
+			suite = WLAN_CIPHER_SUITE_PMK_R0_NAME;
+		else if (alg == WPA_ALG_PMK)
+			suite = WLAN_CIPHER_SUITE_PMK;
+		if (!suite)
+			goto fail;
+		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY);
+		if (!msg ||
+		    nla_put(msg, NL80211_ATTR_KEY_DATA, key_len, key) ||
+		    nla_put_u32(msg, NL80211_ATTR_KEY_CIPHER, suite))
+			goto fail;
+		wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
 	}
-#endif /* CONFIG_DRIVER_NL80211_QCA */
 
 	if (alg == WPA_ALG_NONE) {
 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
 		if (!msg)
 			return -ENOBUFS;
-	} else {
+	} else if (alg != WPA_ALG_PMK && alg != WPA_ALG_PMK_R0 &&
+		   alg != WPA_ALG_PMK_R0_NAME) {
 		u32 suite;
 
 		suite = wpa_alg_to_cipher_suite(alg, key_len);
@@ -5137,6 +5150,15 @@ static int wpa_driver_nl80211_associate(
 
 		if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
 			return -1;
+		if (params->req_key_mgmt_offload && params->psk &&
+		    (params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
+		     params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
+		     params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
+			wpa_driver_nl80211_set_key(bss->ifname, bss,
+						   WPA_ALG_PMK,
+						   NULL, 0, 1, NULL, 0,
+						   params->psk, 32);
+		}
 		return wpa_driver_nl80211_connect(drv, params);
 	}
 
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 6adc3f6..26bd7bd 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -362,6 +362,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
 
 	if (ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_RRM))
 		capa->rrm_flags |= WPA_DRIVER_FLAGS_SUPPORT_RRM;
+
+	if (ext_feature_isset(nla_data(tb), nla_len(tb),
+			      NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD))
+		capa->flags |= WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD;
 }
 
 
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index 762e3ac..ae11c2b 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -2065,18 +2065,6 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
 	wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
 		   cmd, nl80211_command_to_string(cmd), bss->ifname);
 
-	if (cmd == NL80211_CMD_ROAM &&
-	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
-		/*
-		 * Device will use roam+auth vendor event to indicate
-		 * roaming, so ignore the regular roam event.
-		 */
-		wpa_printf(MSG_DEBUG,
-			   "nl80211: Ignore roam event (cmd=%d), device will use vendor event roam+auth",
-			   cmd);
-		return;
-	}
-
 	if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
 	    (cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
 	     cmd == NL80211_CMD_SCAN_ABORTED)) {
@@ -2168,7 +2156,10 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
 				   tb[NL80211_ATTR_REQ_IE],
 				   tb[NL80211_ATTR_RESP_IE],
 				   tb[NL80211_ATTR_TIMED_OUT],
-				   NULL, NULL, NULL, NULL, NULL);
+				   tb[NL80211_ATTR_AUTHORIZED],
+				   tb[NL80211_KEY_REPLAY_CTR],
+				   tb[NL80211_KEY_KCK],
+				   tb[NL80211_KEY_KEK]);
 		break;
 	case NL80211_CMD_CH_SWITCH_NOTIFY:
 		mlme_event_ch_switch(drv,
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index 2206941..1068ea4 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -2261,6 +2261,8 @@ enum nl80211_attrs {
 
 	NL80211_ATTR_MESH_PEER_AID,
 
+	NL80211_ATTR_AUTHORIZED,
+
 	/* add attributes here, update the policy in nl80211.c */
 
 	__NL80211_ATTR_AFTER_LAST,
@@ -3681,6 +3683,9 @@ enum nl80211_key_attributes {
 	NL80211_KEY_DEFAULT_MGMT,
 	NL80211_KEY_TYPE,
 	NL80211_KEY_DEFAULT_TYPES,
+	NL80211_KEY_REPLAY_CTR,
+	NL80211_KEY_KCK,
+	NL80211_KEY_KEK,
 
 	/* keep last */
 	__NL80211_KEY_AFTER_LAST,
@@ -4551,6 +4556,8 @@ enum nl80211_feature_flags {
  *	(if available).
  * @NL80211_EXT_FEATURE_SET_SCAN_DWELL: This driver supports configuration of
  *	channel dwell time.
+ * @NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD: This driver supports key management
+ *	offload.
  *
  * @NUM_NL80211_EXT_FEATURES: number of extended features.
  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
@@ -4562,6 +4569,7 @@ enum nl80211_ext_feature_index {
 	NL80211_EXT_FEATURE_SCAN_START_TIME,
 	NL80211_EXT_FEATURE_BSS_PARENT_TSF,
 	NL80211_EXT_FEATURE_SET_SCAN_DWELL,
+	NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD,
 
 	/* add new features before the definition below */
 	NUM_NL80211_EXT_FEATURES,
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 205793e..7729d32 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -37,6 +37,10 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, PMK_LEN);
 	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name",
 		    sm->pmk_r0_name, WPA_PMK_NAME_LEN);
+	wpa_sm_set_key(sm, WPA_ALG_PMK_R0, NULL, 0, 1, NULL,
+		       0, sm->pmk_r0, PMK_LEN);
+	wpa_sm_set_key(sm, WPA_ALG_PMK_R0_NAME, NULL, 0, 1, NULL,
+		       0, sm->pmk_r0_name, WPA_PMK_NAME_LEN);
 	wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_name, sm->r1kh_id,
 			  sm->own_addr, sm->pmk_r1, sm->pmk_r1_name);
 	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, PMK_LEN);
-- 
1.8.1.4

Re: [PATCH] cfg80211: add key management offload feature

[Kalle Valo]

Amitkumar Karwar <akarwar@marvell.com> writes:

> From: lihz <lihz@marvell.com>

A minor thing, but the from header in both of the patches don't have the
full name and the git log would look ugly. It should be something like
this:

From: Huazeng Li <lihz@marvell.com>

-- 
Kalle Valo

Re: [PATCH] nl80211: add key management offload feature

[Arend Van Spriel]

On 27-9-2016 12:56, Amitkumar Karwar wrote:
> From: lihz <lihz@marvell.com>

minor thing. Could you use another prefix iso 'nl80211:'. That has
different expectation for me at least, ie. changes in nl80211 api, but
this patch is for hostap repo so 'hostap:' or 'wpa_supp:' would be
better fit here.

Regards,
Arend

> Currently this feature is available under CONFIG_DRIVER_NL80211_QCA
> flag. It makes use of vendor command approach.
> 
> This patch along with a kernel patch is an attempt to make the
> feature generic. psk is downloaded through standard set_key path
> There is an extra handling in ROAM event from driver.
> 
> Signed-off-by: Huazeng Li <lihz@marvell.com>
> Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
> ---
>  src/common/defs.h                  |  4 +++-
>  src/common/ieee802_11_defs.h       |  3 +++
>  src/drivers/driver_nl80211.c       | 40 +++++++++++++++++++++++++++++---------
>  src/drivers/driver_nl80211_capa.c  |  4 ++++
>  src/drivers/driver_nl80211_event.c | 17 ++++------------
>  src/drivers/nl80211_copy.h         |  8 ++++++++
>  src/rsn_supp/wpa_ft.c              |  4 ++++
>  7 files changed, 57 insertions(+), 23 deletions(-)
> 
> diff --git a/src/common/defs.h b/src/common/defs.h
> index 4f56794..e9e9692 100644
> --- a/src/common/defs.h
> +++ b/src/common/defs.h
> @@ -148,7 +148,9 @@ enum wpa_alg {
>  	WPA_ALG_CCMP_256,
>  	WPA_ALG_BIP_GMAC_128,
>  	WPA_ALG_BIP_GMAC_256,
> -	WPA_ALG_BIP_CMAC_256
> +	WPA_ALG_BIP_CMAC_256,
> +	WPA_ALG_PMK_R0,
> +	WPA_ALG_PMK_R0_NAME,
>  };
>  
>  /**
> diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
> index 02d2ad7..632374a 100644
> --- a/src/common/ieee802_11_defs.h
> +++ b/src/common/ieee802_11_defs.h
> @@ -1376,6 +1376,9 @@ enum plink_action_field {
>  #define WLAN_CIPHER_SUITE_BIP_CMAC_256	0x000FAC0D
>  
>  #define WLAN_CIPHER_SUITE_SMS4		0x00147201
> +#define WLAN_CIPHER_SUITE_PMK		0x00147202
> +#define WLAN_CIPHER_SUITE_PMK_R0	0x00147203
> +#define WLAN_CIPHER_SUITE_PMK_R0_NAME	0x00147204
>  
>  #define WLAN_CIPHER_SUITE_CKIP		0x00409600
>  #define WLAN_CIPHER_SUITE_CKIP_CMIC	0x00409601
> diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
> index 1210d43..7024b8a 100644
> --- a/src/drivers/driver_nl80211.c
> +++ b/src/drivers/driver_nl80211.c
> @@ -2675,21 +2675,34 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
>  	}
>  #endif /* CONFIG_TDLS */
>  
> -#ifdef CONFIG_DRIVER_NL80211_QCA
> -	if (alg == WPA_ALG_PMK &&
> -	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
> -		wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
> -			   __func__);
> -		ret = issue_key_mgmt_set_key(drv, key, key_len);
> -		return ret;
> +
> +	if ((alg == WPA_ALG_PMK || alg == WPA_ALG_PMK_R0 ||
> +	     alg == WPA_ALG_PMK_R0_NAME) &&
> +	     (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
> +		u32 suite;
> +
> +		if (alg == WPA_ALG_PMK_R0)
> +			suite = WLAN_CIPHER_SUITE_PMK_R0;
> +		else if (alg == WPA_ALG_PMK_R0_NAME)
> +			suite = WLAN_CIPHER_SUITE_PMK_R0_NAME;
> +		else if (alg == WPA_ALG_PMK)
> +			suite = WLAN_CIPHER_SUITE_PMK;
> +		if (!suite)
> +			goto fail;
> +		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY);
> +		if (!msg ||
> +		    nla_put(msg, NL80211_ATTR_KEY_DATA, key_len, key) ||
> +		    nla_put_u32(msg, NL80211_ATTR_KEY_CIPHER, suite))
> +			goto fail;
> +		wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
>  	}
> -#endif /* CONFIG_DRIVER_NL80211_QCA */
>  
>  	if (alg == WPA_ALG_NONE) {
>  		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
>  		if (!msg)
>  			return -ENOBUFS;
> -	} else {
> +	} else if (alg != WPA_ALG_PMK && alg != WPA_ALG_PMK_R0 &&
> +		   alg != WPA_ALG_PMK_R0_NAME) {
>  		u32 suite;
>  
>  		suite = wpa_alg_to_cipher_suite(alg, key_len);
> @@ -5137,6 +5150,15 @@ static int wpa_driver_nl80211_associate(
>  
>  		if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
>  			return -1;
> +		if (params->req_key_mgmt_offload && params->psk &&
> +		    (params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
> +		     params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
> +		     params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
> +			wpa_driver_nl80211_set_key(bss->ifname, bss,
> +						   WPA_ALG_PMK,
> +						   NULL, 0, 1, NULL, 0,
> +						   params->psk, 32);
> +		}
>  		return wpa_driver_nl80211_connect(drv, params);
>  	}
>  
> diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
> index 6adc3f6..26bd7bd 100644
> --- a/src/drivers/driver_nl80211_capa.c
> +++ b/src/drivers/driver_nl80211_capa.c
> @@ -362,6 +362,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
>  
>  	if (ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_RRM))
>  		capa->rrm_flags |= WPA_DRIVER_FLAGS_SUPPORT_RRM;
> +
> +	if (ext_feature_isset(nla_data(tb), nla_len(tb),
> +			      NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD))
> +		capa->flags |= WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD;
>  }
>  
>  
> diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
> index 762e3ac..ae11c2b 100644
> --- a/src/drivers/driver_nl80211_event.c
> +++ b/src/drivers/driver_nl80211_event.c
> @@ -2065,18 +2065,6 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
>  	wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
>  		   cmd, nl80211_command_to_string(cmd), bss->ifname);
>  
> -	if (cmd == NL80211_CMD_ROAM &&
> -	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
> -		/*
> -		 * Device will use roam+auth vendor event to indicate
> -		 * roaming, so ignore the regular roam event.
> -		 */
> -		wpa_printf(MSG_DEBUG,
> -			   "nl80211: Ignore roam event (cmd=%d), device will use vendor event roam+auth",
> -			   cmd);
> -		return;
> -	}
> -
>  	if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED &&
>  	    (cmd == NL80211_CMD_NEW_SCAN_RESULTS ||
>  	     cmd == NL80211_CMD_SCAN_ABORTED)) {
> @@ -2168,7 +2156,10 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
>  				   tb[NL80211_ATTR_REQ_IE],
>  				   tb[NL80211_ATTR_RESP_IE],
>  				   tb[NL80211_ATTR_TIMED_OUT],
> -				   NULL, NULL, NULL, NULL, NULL);
> +				   tb[NL80211_ATTR_AUTHORIZED],
> +				   tb[NL80211_KEY_REPLAY_CTR],
> +				   tb[NL80211_KEY_KCK],
> +				   tb[NL80211_KEY_KEK]);
>  		break;
>  	case NL80211_CMD_CH_SWITCH_NOTIFY:
>  		mlme_event_ch_switch(drv,
> diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
> index 2206941..1068ea4 100644
> --- a/src/drivers/nl80211_copy.h
> +++ b/src/drivers/nl80211_copy.h
> @@ -2261,6 +2261,8 @@ enum nl80211_attrs {
>  
>  	NL80211_ATTR_MESH_PEER_AID,
>  
> +	NL80211_ATTR_AUTHORIZED,
> +
>  	/* add attributes here, update the policy in nl80211.c */
>  
>  	__NL80211_ATTR_AFTER_LAST,
> @@ -3681,6 +3683,9 @@ enum nl80211_key_attributes {
>  	NL80211_KEY_DEFAULT_MGMT,
>  	NL80211_KEY_TYPE,
>  	NL80211_KEY_DEFAULT_TYPES,
> +	NL80211_KEY_REPLAY_CTR,
> +	NL80211_KEY_KCK,
> +	NL80211_KEY_KEK,
>  
>  	/* keep last */
>  	__NL80211_KEY_AFTER_LAST,
> @@ -4551,6 +4556,8 @@ enum nl80211_feature_flags {
>   *	(if available).
>   * @NL80211_EXT_FEATURE_SET_SCAN_DWELL: This driver supports configuration of
>   *	channel dwell time.
> + * @NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD: This driver supports key management
> + *	offload.
>   *
>   * @NUM_NL80211_EXT_FEATURES: number of extended features.
>   * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
> @@ -4562,6 +4569,7 @@ enum nl80211_ext_feature_index {
>  	NL80211_EXT_FEATURE_SCAN_START_TIME,
>  	NL80211_EXT_FEATURE_BSS_PARENT_TSF,
>  	NL80211_EXT_FEATURE_SET_SCAN_DWELL,
> +	NL80211_EXT_FEATURE_KEY_MGMT_OFFLOAD,
>  
>  	/* add new features before the definition below */
>  	NUM_NL80211_EXT_FEATURES,
> diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
> index 205793e..7729d32 100644
> --- a/src/rsn_supp/wpa_ft.c
> +++ b/src/rsn_supp/wpa_ft.c
> @@ -37,6 +37,10 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
>  	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R0", sm->pmk_r0, PMK_LEN);
>  	wpa_hexdump(MSG_DEBUG, "FT: PMKR0Name",
>  		    sm->pmk_r0_name, WPA_PMK_NAME_LEN);
> +	wpa_sm_set_key(sm, WPA_ALG_PMK_R0, NULL, 0, 1, NULL,
> +		       0, sm->pmk_r0, PMK_LEN);
> +	wpa_sm_set_key(sm, WPA_ALG_PMK_R0_NAME, NULL, 0, 1, NULL,
> +		       0, sm->pmk_r0_name, WPA_PMK_NAME_LEN);
>  	wpa_derive_pmk_r1(sm->pmk_r0, sm->pmk_r0_name, sm->r1kh_id,
>  			  sm->own_addr, sm->pmk_r1, sm->pmk_r1_name);
>  	wpa_hexdump_key(MSG_DEBUG, "FT: PMK-R1", sm->pmk_r1, PMK_LEN);
> 

Re: [PATCH] nl80211: add key management offload feature

[Arend Van Spriel]

On 27-9-2016 12:56, Amitkumar Karwar wrote:
> From: lihz <lihz@marvell.com>

Also the mailing list is no longer at shmoo.com. Should be:
hostap@lists.infradead.org

Regards,
Arend

Re: [PATCH] cfg80211: add key management offload feature

[Johannes Berg]

>  #define WLAN_CIPHER_SUITE_SMS4		0x00147201
> +#define WLAN_CIPHER_SUITE_PMK           0x00147202
> +#define WLAN_CIPHER_SUITE_PMK_R0        0x00147203
> +#define WLAN_CIPHER_SUITE_PMK_R0_NAME   0x00147204

Err, what? No, things can't work that way. This is the Chinese
company's OUI, you can't just assign it to PMK stuff.

> + * @NL80211_ATTR_AUTHORIZED: flag attribute, if set indicates that the
> + *      connection is authorized.
> + *
>   * @NUM_NL80211_ATTR: total number of nl80211_attrs available
>   * @NL80211_ATTR_MAX: highest attribute number currently defined
>   * @__NL80211_ATTR_AFTER_LAST: internal use
> @@ -2267,6 +2270,8 @@ enum nl80211_attrs {
>  
>  	NL80211_ATTR_MESH_PEER_AID,
>  
> +	NL80211_ATTR_AUTHORIZED,

This already exists, no?

NL80211_STA_FLAG_AUTHORIZED should be more or less equivalent, if you
do it per station (or just for the AP in case of managed connection)

>  	/* add attributes here, update the policy in nl80211.c */
>  
>  	__NL80211_ATTR_AFTER_LAST,
> @@ -3687,6 +3692,9 @@ enum nl80211_key_attributes {
>  	NL80211_KEY_DEFAULT_MGMT,
>  	NL80211_KEY_TYPE,
>  	NL80211_KEY_DEFAULT_TYPES,
> +	NL80211_KEY_REPLAY_CTR,
> +	NL80211_KEY_KCK,
> +	NL80211_KEY_KEK,

I don't think we should conflate the (P)MK and *TK concepts in nl80211,
they're both keys, but they're completely separate in terms of expected
usage.


Ilan and I looked at this, considering 4-way-HS offload after 1X
authentication, and think that the more natural API would be to add all
the necessary data to the PMKSA cache entry. Thus, a PMKSA cache entry
for a device that does 4-way-handshake offloading would include the PMK
(or perhaps MSK?), and for FT it would also including the PMK-R0,
PMKR0Name (and possibly the MDID, or can it be derived?)


However, I'm wondering what exactly the offloads here do. Jouni, could
you also chime in with the QCA (vendor command) design?

In particular, with key management offloaded, it's not clear to me what
exactly the roles of the device and host are here. I'm considering that
the device would handle the 4-way and 2-way handshakes, but then you
wouldn't need the KEK/KCK/ReplayCounter in the host, so there wouldn't
be much point in giving them to it.
But if the device doesn't do that, what exactly *does* it do?


Thanks,
johannes

Re: [PATCH] nl80211: add key management offload feature

[Jouni Malinen]

On Tue, Sep 27, 2016 at 01:24:24PM +0200, Arend Van Spriel wrote:
> On 27-9-2016 12:56, Amitkumar Karwar wrote:
> > From: lihz <lihz@marvell.com>
> 
> minor thing. Could you use another prefix iso 'nl80211:'. That has
> different expectation for me at least, ie. changes in nl80211 api, but
> this patch is for hostap repo so 'hostap:' or 'wpa_supp:' would be
> better fit here.

Well.. That's for the context of linux-wireless. As far as the actual
commit in hostap.git and the hostap mailing list (now with the correct
address) is concerned, "nl80211:" is the correct prefix to use in the
commit message.

> > diff --git a/src/common/defs.h b/src/common/defs.h
> > @@ -148,7 +148,9 @@ enum wpa_alg {
> > -	WPA_ALG_BIP_CMAC_256
> > +	WPA_ALG_BIP_CMAC_256,
> > +	WPA_ALG_PMK_R0,
> > +	WPA_ALG_PMK_R0_NAME,

I guess I could kind of understand WPA_ALG_PMK_R0 as a new "algorithm"
since this is also used to configure keys, but PMK-R0-Name is going
pretty far in that regard. It most certainly is not a key..

> >  #define WLAN_CIPHER_SUITE_SMS4		0x00147201
> > +#define WLAN_CIPHER_SUITE_PMK		0x00147202
> > +#define WLAN_CIPHER_SUITE_PMK_R0	0x00147203
> > +#define WLAN_CIPHER_SUITE_PMK_R0_NAME	0x00147204

As noted previously, it is not acceptable to assign new AKMs from
someone else's OUI. Once there is consensus on what values are needed, I
can assign the needed values from the 00:13:74 OUI.

> > diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
> > @@ -2675,21 +2675,34 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
> > -#ifdef CONFIG_DRIVER_NL80211_QCA
> > -	if (alg == WPA_ALG_PMK &&
> > -	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
> > -		wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
> > -			   __func__);
> > -		ret = issue_key_mgmt_set_key(drv, key, key_len);
> > -		return ret;
> > +
> > +	if ((alg == WPA_ALG_PMK || alg == WPA_ALG_PMK_R0 ||
> > +	     alg == WPA_ALG_PMK_R0_NAME) &&

I understand PMK as a new key that is being configured. For FT, I'm not
completely sure about PMK-R0 as a separate algorithm and especially not
about using this interface for setting PMK-R0-Name which is tightly
coupled name with a specific PMK-R0 and not something that one would
configure separately.

> > diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
> > @@ -2065,18 +2065,6 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
> >  	wpa_printf(MSG_DEBUG, "nl80211: Drv Event %d (%s) received for %s",
> >  		   cmd, nl80211_command_to_string(cmd), bss->ifname);
> >  
> > -	if (cmd == NL80211_CMD_ROAM &&
> > -	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
> > -		/*
> > -		 * Device will use roam+auth vendor event to indicate
> > -		 * roaming, so ignore the regular roam event.
> > -		 */
> > -		wpa_printf(MSG_DEBUG,
> > -			   "nl80211: Ignore roam event (cmd=%d), device will use vendor event roam+auth",
> > -			   cmd);
> > -		return;
> > -	}

It is not going to be acceptable to break the existing mechanism that
uses QCA vendor specific commands/events. In other words, the new
extensions need to be done in a backwards compatible manner that allow
both to work based on driver capabilities.

> > diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
> > @@ -37,6 +37,10 @@ int wpa_derive_ptk_ft(struct wpa_sm *sm, const unsigned char *src_addr,
> > +	wpa_sm_set_key(sm, WPA_ALG_PMK_R0, NULL, 0, 1, NULL,
> > +		       0, sm->pmk_r0, PMK_LEN);
> > +	wpa_sm_set_key(sm, WPA_ALG_PMK_R0_NAME, NULL, 0, 1, NULL,
> > +		       0, sm->pmk_r0_name, WPA_PMK_NAME_LEN);

This looks quite bad. I don't think I can really support two separate
nl80211 commands to set a PMK-R0 and the matching PMK-R0-Name, i.e.,
this should really be a single (atomic) operation.

-- 
Jouni Malinen                                            PGP id EFC895FA

Re: [PATCH] cfg80211: add key management offload feature

[Jouni Malinen]

On Tue, Sep 27, 2016 at 02:36:15PM +0200, Johannes Berg wrote:
> > + * @NL80211_ATTR_AUTHORIZED: flag attribute, if set indicates that the
> > + *      connection is authorized.
> > @@ -2267,6 +2270,8 @@ enum nl80211_attrs {
> > +	NL80211_ATTR_AUTHORIZED,
> 
> This already exists, no?
> 
> NL80211_STA_FLAG_AUTHORIZED should be more or less equivalent, if you
> do it per station (or just for the AP in case of managed connection)

It does indeed have a very similar meaning to the proposed
NL80211_ATTR_AUTHORIZED. However, NL80211_STA_FLAG_AUTHORIZED is
something that gets nested in NL80211_ATTR_STA or used with the mask/set
struct in NL80211_ATTR_STA_FLAGS2. I'm not sure either of those would
really be very clean ways to use with a connection/roam event..

> > @@ -3687,6 +3692,9 @@ enum nl80211_key_attributes {
> > +	NL80211_KEY_REPLAY_CTR,
> > +	NL80211_KEY_KCK,
> > +	NL80211_KEY_KEK,
> 
> I don't think we should conflate the (P)MK and *TK concepts in nl80211,
> they're both keys, but they're completely separate in terms of expected
> usage.
> 
> 
> Ilan and I looked at this, considering 4-way-HS offload after 1X
> authentication, and think that the more natural API would be to add all
> the necessary data to the PMKSA cache entry. Thus, a PMKSA cache entry
> for a device that does 4-way-handshake offloading would include the PMK
> (or perhaps MSK?), and for FT it would also including the PMK-R0,
> PMKR0Name (and possibly the MDID, or can it be derived?)

PMKSA caching cases, FT protocol, and 4-way handshake following EAP
might be doable in this manner and that might indeed be the cleanest
approach there. However, there will also be need to cover possibility
for offloading FILS at some point in the future.. For FILS with shared
key, the configuration will actually include ERP keys that are not bound
to any specific Authenticator/AP/BSSID and do not really have a PMKSA
cache entry.. At latest at that point, I'd think we'll end up needing
something else and that something else could be defined already now to
cover all these cases instead of trying to force the current cases to go
through NL80211_CMD_SET_PMKSA.


> However, I'm wondering what exactly the offloads here do. Jouni, could
> you also chime in with the QCA (vendor command) design?

The QCA vendor command/event allows multiple different authentication
cases to be offloaded to the driver (well, firmware) and depending on
the driver/firmware version, there could be a bit different behavior
based on whether the particular exchange was offloaded. In other words,
there is automatic fallback to wpa_supplicant completing the exchange if
the driver does not report that it was completed.

> In particular, with key management offloaded, it's not clear to me what
> exactly the roles of the device and host are here. I'm considering that
> the device would handle the 4-way and 2-way handshakes, but then you
> wouldn't need the KEK/KCK/ReplayCounter in the host, so there wouldn't
> be much point in giving them to it.
> But if the device doesn't do that, what exactly *does* it do?

One of the key uses is to allow the Wi-Fi firmware to complete roaming
(say, 4-way handshake based on existing PMKSA) when the host processor
is not awake (i.e., wpa_supplicant is not running at all). However, this
does not mean that we would necessarily offload all EAPOL-Key
processing. GTK rekeying and the initial 4-way handshake for the first
connection to an ESS might be performed by wpa_supplicant especially in
cases where the host is awake anyway. That's why those PTK-related
values need to be kept in sync between the driver/firmware and host
(wpa_supplicant).

-- 
Jouni Malinen                                            PGP id EFC895FA

Re: [PATCH] cfg80211: add key management offload feature

[Johannes Berg]

On Fri, 2016-10-14 at 16:52 +0300, Jouni Malinen wrote:
> On Tue, Sep 27, 2016 at 02:36:15PM +0200, Johannes Berg wrote:
> > 
> > > 
> > > + * @NL80211_ATTR_AUTHORIZED: flag attribute, if set indicates
> > > that the
> > > + *      connection is authorized.
> > > @@ -2267,6 +2270,8 @@ enum nl80211_attrs {
> > > +	NL80211_ATTR_AUTHORIZED,
> > 
> > This already exists, no?
> > 
> > NL80211_STA_FLAG_AUTHORIZED should be more or less equivalent, if
> > you do it per station (or just for the AP in case of managed
> > connection)
> 
> It does indeed have a very similar meaning to the proposed
> NL80211_ATTR_AUTHORIZED. However, NL80211_STA_FLAG_AUTHORIZED is
> something that gets nested in NL80211_ATTR_STA or used with the
> mask/set struct in NL80211_ATTR_STA_FLAGS2. I'm not sure either of
> those would really be very clean ways to use with a connection/roam
> event..

Oh, right, this is used in the event, not for control...

I guess that makes sense then, although it should be a flag attribute
instead of a u8?

We could still put a nested NL80211_ATTR_STA, but I agree that seems
awkward.

> PMKSA caching cases, FT protocol, and 4-way handshake following EAP
> might be doable in this manner and that might indeed be the cleanest
> approach there. 

Ok

> However, there will also be need to cover possibility
> for offloading FILS at some point in the future.. 

Yeah, I hadn't considered FILS.

> For FILS with shared key, the configuration will actually include ERP
> keys that are not bound to any specific Authenticator/AP/BSSID and do
> not really have a PMKSA cache entry.. At latest at that point, I'd
> think we'll end up needing something else and that something else
> could be defined already now to cover all these cases instead of
> trying to force the current cases to go through
> NL80211_CMD_SET_PMKSA.

Could be done, I guess. But don't we then have to be careful to
actually bind the non-FILS keys to the right Authenticator/AP/BSSID,
and then we have to invent a way to bind it? Does that make sense?

> > In particular, with key management offloaded, it's not clear to me
> > what exactly the roles of the device and host are here. I'm
> > considering that the device would handle the 4-way and 2-way
> > handshakes, but then you wouldn't need the KEK/KCK/ReplayCounter in
> > the host, so there wouldn't be much point in giving them to it.
> > But if the device doesn't do that, what exactly *does* it do?
> 
> One of the key uses is to allow the Wi-Fi firmware to complete
> roaming (say, 4-way handshake based on existing PMKSA) when the host
> processor is not awake (i.e., wpa_supplicant is not running at all). 

Ah. So this might not be used when the processor *is* awake? That's a
key point I was missing, perhaps, since we're building something where
it's simply always done by the device.

Why would you want to do it in the processor when you have the ability
to do it in the firmware?

> However, this does not mean that we would necessarily offload all
> EAPOL-Key processing. GTK rekeying and the initial 4-way handshake
> for the first connection to an ESS might be performed by
> wpa_supplicant especially in cases where the host is awake anyway.
> That's why those PTK-related values need to be kept in sync between
> the driver/firmware and host (wpa_supplicant).

Interesting, ok. Whatever the reason, I guess we have to support it
being done that way.

I guess we'll have to hash out the exact details.

I think we can publish a proposal soon that uses the PMKSA cache, but
lacks all the event data since we never see EAPOL-key messages on the
host in that model.

This model here with the temporal key etc. stuff is clearly unworkable.

I'm not sure I've made up my mind on introducing a new mechanism that
covers FILS vs. PMKSA (and then later an only-FILS-style mechanism) -
that's the issue with binding to a BSSID above.

johannes

Re: [PATCH] cfg80211: add key management offload feature

[Johannes Berg]

Getting back to this ... as I was preparing my patch.

> @@ -3687,6 +3692,9 @@ enum nl80211_key_attributes {
>  	NL80211_KEY_DEFAULT_MGMT,
>  	NL80211_KEY_TYPE,
>  	NL80211_KEY_DEFAULT_TYPES,
> +	NL80211_KEY_REPLAY_CTR,
> +	NL80211_KEY_KCK,
> +	NL80211_KEY_KEK,

You made those key attributes, but ...
 
>  	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len,
> resp_ie)))
>  		goto nla_put_failure;
>  
> +	if (wiphy_ext_feature_isset(&rdev->wiphy,
> +				    NL80211_EXT_FEATURE_KEY_MGMT_OFF
> LOAD) &&
> +	    (nla_put_u8(msg, NL80211_ATTR_AUTHORIZED, authorized) ||
> +	    (key_replay_ctr && nla_put(msg, NL80211_KEY_REPLAY_CTR,
> +	     NL80211_REPLAY_CTR_LEN, key_replay_ctr)) ||
> +	    (key_kck &&
> +	     nla_put(msg, NL80211_KEY_KCK, NL80211_KCK_LEN,
> key_kck)) ||
> +	    (key_kek &&
> +	     nla_put(msg, NL80211_KEY_KEK, NL80211_KEK_LEN,
> key_kek))))
> +		goto nla_put_failure;

Used them at a top level here! That can't possibly have worked.

Anyway, I checked and we can transport these without adding new
attributes, but adding the NL80211_ATTR_REKEY_DATA attribute with its
nested KEK, KCK and REPLAY_CTR.

That leaves the authorized attribute, I guess nesting a whole bunch of
station info etc. doesn't make a lot of sense.

I also fail to see how the data is actually configured down, since you
just pass it through. I'll send our patch for configuring the PMK/PSK
via the PMKSA cache separately in a few minutes.

johannes

[RFC] cfg80211: support 4-way-handshake offload with PSK and 802.1X

[Johannes Berg]

From: Avraham Stern <avraham.stern@intel.com>

TODO:
 * add a separate capability flag? and explain how the offload
   is supposed to work in 802.1X, EAPOL-Key messages are going
   to be processed by the supplicant, but then the 4-way-HS is
   done by the device after getting the PMK in the PMKSA cache
   entry - explain that mechanism
 * does anyone still want EAP-LEAP 16-byte PMK?

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 include/linux/ieee80211.h    |  3 +++
 include/net/cfg80211.h       |  8 +++++++-
 include/uapi/linux/nl80211.h | 14 +++++++++++++-
 net/wireless/nl80211.c       | 15 +++++++++++++++
 4 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index a80516fd65c8..40206b2a6e6d 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2326,6 +2326,9 @@ enum ieee80211_sa_query_action {
 
 #define WLAN_PMKID_LEN			16
 
+#define WLAN_PMK_LEN			32
+#define WLAN_PMK_LEN_SUITE_B_192	48
+
 #define WLAN_OUI_WFA			0x506f9a
 #define WLAN_OUI_TYPE_WFA_P2P		9
 #define WLAN_OUI_MICROSOFT		0x0050f2
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index d1ffbc3a8e55..3bb407c57177 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -615,6 +615,7 @@ struct survey_info {
  * @wep_keys: static WEP keys, if not NULL points to an array of
  *	CFG80211_MAX_WEP_KEYS WEP keys
  * @wep_tx_key: key index (0..3) of the default TX static WEP key
+ * @psk: PSK (for devices supporting 4-way-handshake offload, 32 bytes)
  */
 struct cfg80211_crypto_settings {
 	u32 wpa_versions;
@@ -628,6 +629,7 @@ struct cfg80211_crypto_settings {
 	bool control_port_no_encrypt;
 	struct key_params *wep_keys;
 	int wep_tx_key;
+	const u8 *psk;
 };
 
 /**
@@ -2064,11 +2066,15 @@ enum wiphy_params_flags {
  * caching.
  *
  * @bssid: The AP's BSSID.
- * @pmkid: The PMK material itself.
+ * @pmkid: The PMK identifier.
+ * @pmk: The PMK material itself.
+ * @pmk_len: The PMK length in bytes.
  */
 struct cfg80211_pmksa {
 	const u8 *bssid;
 	const u8 *pmkid;
+	const u8 *pmk;
+	u8 pmk_len;
 };
 
 /**
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 1362d24957b5..40b003cc07bd 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -371,7 +371,8 @@
  *	NL80211_CMD_GET_SURVEY and on the "scan" multicast group)
  *
  * @NL80211_CMD_SET_PMKSA: Add a PMKSA cache entry, using %NL80211_ATTR_MAC
- *	(for the BSSID) and %NL80211_ATTR_PMKID.
+ *	(for the BSSID) and %NL80211_ATTR_PMKID. Optionally, %NL80211_ATTR_PMK
+ *	can be used to specify the PMK.
  * @NL80211_CMD_DEL_PMKSA: Delete a PMKSA cache entry, using %NL80211_ATTR_MAC
  *	(for the BSSID) and %NL80211_ATTR_PMKID.
  * @NL80211_CMD_FLUSH_PMKSA: Flush all PMKSA cache entries.
@@ -1937,6 +1938,11 @@ enum nl80211_commands {
  * @NL80211_ATTR_NAN_MATCH: used to report a match. This is a nested attribute.
  *	See &enum nl80211_nan_match_attributes.
  *
+ * @NL80211_ATTR_PMK: PMK for offloaded 4-Way Handshake. Relevant with
+ *	%NL80211_CMD_CONNECT (for WPA/WPA2-PSK networks) when PSK is used, or
+ *	with %NL80211_CMD_SET_PMKSA when 802.1X authentication is used and for
+ *	PMKSA caching.
+ *
  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
  * @NL80211_ATTR_MAX: highest attribute number currently defined
  * @__NL80211_ATTR_AFTER_LAST: internal use
@@ -2336,6 +2342,8 @@ enum nl80211_attrs {
 	NL80211_ATTR_NAN_FUNC,
 	NL80211_ATTR_NAN_MATCH,
 
+	NL80211_ATTR_PMK,
+
 	/* add attributes here, update the policy in nl80211.c */
 
 	__NL80211_ATTR_AFTER_LAST,
@@ -4638,6 +4646,9 @@ enum nl80211_feature_flags {
  *	configuration (AP/mesh) with HT rates.
  * @NL80211_EXT_FEATURE_BEACON_RATE_VHT: Driver supports beacon rate
  *	configuration (AP/mesh) with VHT rates.
+ * @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_OFFLOAD_STA: Device supports
+ *	doing 4-way handshake in station mode (PSK is passed as part
+ *	of the connect command).
  *
  * @NUM_NL80211_EXT_FEATURES: number of extended features.
  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
@@ -4652,6 +4663,7 @@ enum nl80211_ext_feature_index {
 	NL80211_EXT_FEATURE_BEACON_RATE_LEGACY,
 	NL80211_EXT_FEATURE_BEACON_RATE_HT,
 	NL80211_EXT_FEATURE_BEACON_RATE_VHT,
+	NL80211_EXT_FEATURE_4WAY_HANDSHAKE_OFFLOAD_STA,
 
 	/* add new features before the definition below */
 	NUM_NL80211_EXT_FEATURES,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index b0440de82171..6720c7bf3ed1 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -414,6 +414,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
 	[NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
 	[NL80211_ATTR_NAN_DUAL] = { .type = NLA_U8 },
 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
+	[NL80211_ATTR_PMK] = { .len = WLAN_PMK_LEN },
 };
 
 /* policy for the key attributes */
@@ -7922,6 +7923,13 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
 		memcpy(settings->akm_suites, data, len);
 	}
 
+	if (info->attrs[NL80211_ATTR_PMK]) {
+		if (!wiphy_ext_feature_isset(&rdev->wiphy,
+					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_OFFLOAD_STA))
+			return -EINVAL;
+		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
+	}
+
 	return 0;
 }
 
@@ -8824,6 +8832,13 @@ static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
 
 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
+	if (info->attrs[NL80211_ATTR_PMK]) {
+		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
+		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
+		if (pmksa.pmk_len != WLAN_PMK_LEN &&
+		    pmksa.pmk_len != WLAN_PMK_LEN_SUITE_B_192)
+			return -EINVAL;
+	}
 
 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
-- 
2.8.1