linux-wireless.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Marcel Holtmann <marcel@holtmann.org>
To: Chi-Hsien Lin <chi-hsien.lin@cypress.com>
Cc: "linux-wireless@vger.kernel.org" <linux-wireless@vger.kernel.org>,
	"brcm80211-dev-list@broadcom.com"
	<brcm80211-dev-list@broadcom.com>,
	brcm80211-dev-list <brcm80211-dev-list@cypress.com>,
	Arend van Spriel <arend.vanspriel@broadcom.com>,
	Franky Lin <franky.lin@broadcom.com>,
	Hante Meuleman <hante.meuleman@broadcom.com>,
	Wright Feng <Wright.Feng@cypress.com>,
	Kalle Valo <kvalo@codeaurora.org>,
	Stanley Hsu <Stanley.Hsu@cypress.com>
Subject: Re: [PATCH 5/6] cfg80211: add support for SAE authentication offload
Date: Fri, 4 Jan 2019 10:26:33 +0100	[thread overview]
Message-ID: <2FC4C72C-9E57-4195-A682-F7BAE7F3981E@holtmann.org> (raw)
In-Reply-To: <1546582221-143220-5-git-send-email-chi-hsien.lin@cypress.com>

Hi,

> Let drivers advertise support for station-mode SAE authentication
> offload with a new NL80211_EXT_FEATURE_SAE_OFFLOAD flag.
> 
> Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com>
> ---
> include/linux/ieee80211.h    |  1 +
> include/net/cfg80211.h       |  5 +++++
> include/uapi/linux/nl80211.h | 16 ++++++++++++++++
> net/wireless/nl80211.c       | 14 ++++++++++++++
> 4 files changed, 36 insertions(+)
> 
> diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
> index 3b04e72315e1..37d3e655e547 100644
> --- a/include/linux/ieee80211.h
> +++ b/include/linux/ieee80211.h
> @@ -2596,6 +2596,7 @@ enum ieee80211_key_len {
> #define FILS_ERP_MAX_RRK_LEN		64
> 
> #define PMK_MAX_LEN			64
> +#define SAE_PASSWORD_MAX_LEN		128
> 
> /* Public action codes (IEEE Std 802.11-2016, 9.6.8.1, Table 9-307) */
> enum ieee80211_pub_actioncode {
> diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
> index e0c41eb1c860..5809dac97b33 100644
> --- a/include/net/cfg80211.h
> +++ b/include/net/cfg80211.h
> @@ -740,6 +740,9 @@ struct survey_info {
>  *	CFG80211_MAX_WEP_KEYS WEP keys
>  * @wep_tx_key: key index (0..3) of the default TX static WEP key
>  * @psk: PSK (for devices supporting 4-way-handshake offload)
> + * @sae_pwd: password for SAE authentication (for devices supporting SAE
> + *	offload)
> + * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
>  */
> struct cfg80211_crypto_settings {
> 	u32 wpa_versions;
> @@ -755,6 +758,8 @@ struct cfg80211_crypto_settings {
> 	struct key_params *wep_keys;
> 	int wep_tx_key;
> 	const u8 *psk;
> +	const u8 *sae_pwd;
> +	u16 sae_pwd_len;
> };
> 
> /**
> diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
> index 12762afb3a07..4840aaed39ba 100644
> --- a/include/uapi/linux/nl80211.h
> +++ b/include/uapi/linux/nl80211.h
> @@ -235,6 +235,15 @@
>  */
> 
> /**
> + * DOC: SAE authentication offload
> + *
> + * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
> + * support offloading SAE authentication for WPA3-Personal networks. In
> + * %NL80211_CMD_CONNECT the password for SAE should be specified using
> + * %NL80211_ATTR_SAE_PASSWORD.
> + */
> +
> +/**
>  * enum nl80211_commands - supported nl80211 commands
>  *
>  * @NL80211_CMD_UNSPEC: unspecified command to catch errors
> @@ -2288,6 +2297,9 @@ enum nl80211_commands {
>  *
>  * @NL80211_ATTR_FTM_RESPONDER_STATS: Nested attribute with FTM responder
>  *	statistics, see &enum nl80211_ftm_responder_stats.
> + * @NL80211_ATTR_SAE_PASSWORD: attribute for passing SAE password material. It
> + *	is used with %NL80211_CMD_CONNECT to provide password for offloading
> + *	SAE authentication for WPA3-Personal networks.
>  *
>  * @NL80211_ATTR_TIMEOUT: Timeout for the given operation in milliseconds (u32),
>  *	if the attribute is not given no timeout is requested. Note that 0 is an
> @@ -2743,6 +2755,7 @@ enum nl80211_attrs {
> 	NL80211_ATTR_FTM_RESPONDER,
> 
> 	NL80211_ATTR_FTM_RESPONDER_STATS,
> +	NL80211_ATTR_SAE_PASSWORD,
> 
> 	NL80211_ATTR_TIMEOUT,

so you are breaking user-space API on purpose here even when there was a clear comment where to add new attributes:

	/* add attributes here, update the policy in nl80211.c */

More importantly, does this actually need a new attribute and you can not utilize what has already been added for mesh? If this attribute is solely for offload cases, then it might be better named accordingly. Also I am curious on how mixed WPA1/WPA2/WPA3 network credentials are now provided to a CMD_CONNECT. So the CMD_CONNECT description might require an update as well.

Regards

Marcel


  reply	other threads:[~2019-01-04  9:26 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-04  6:11 [PATCH 1/6] nl80211: add NL80211_ATTR_IFINDEX to port authorized event Chi-Hsien Lin
2019-01-04  6:11 ` [PATCH 2/6] brcmfmac: send port authorized event for 802.1X 4-way handshake offload Chi-Hsien Lin
2019-01-07  9:44   ` Arend Van Spriel
2019-05-09  8:58     ` Stanley Hsu
2019-05-09 11:54       ` Arend Van Spriel
2019-01-04  6:11 ` [PATCH 3/6] brcmfmac: send port authorized event for FT-802.1X Chi-Hsien Lin
2019-01-07 12:00   ` Arend Van Spriel
2019-01-04  6:11 ` [PATCH 4/6] nl80211: add WPA3 definition for SAE authentication Chi-Hsien Lin
2019-01-04  6:11 ` [PATCH 5/6] cfg80211: add support for SAE authentication offload Chi-Hsien Lin
2019-01-04  9:26   ` Marcel Holtmann [this message]
2019-05-09  9:21     ` Stanley Hsu
2019-05-10  8:32       ` Marcel Holtmann
2019-01-04 11:10   ` Arend Van Spriel
2019-05-09  9:02     ` Stanley Hsu
2019-01-04  6:11 ` [PATCH 6/6] brcmfmac: " Chi-Hsien Lin
2019-01-04 10:51 ` [PATCH 1/6] nl80211: add NL80211_ATTR_IFINDEX to port authorized event Arend Van Spriel
2019-05-09  8:51   ` Stanley Hsu
2019-01-15 13:42 ` Johannes Berg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2FC4C72C-9E57-4195-A682-F7BAE7F3981E@holtmann.org \
    --to=marcel@holtmann.org \
    --cc=Stanley.Hsu@cypress.com \
    --cc=Wright.Feng@cypress.com \
    --cc=arend.vanspriel@broadcom.com \
    --cc=brcm80211-dev-list@broadcom.com \
    --cc=brcm80211-dev-list@cypress.com \
    --cc=chi-hsien.lin@cypress.com \
    --cc=franky.lin@broadcom.com \
    --cc=hante.meuleman@broadcom.com \
    --cc=kvalo@codeaurora.org \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).