P2P: Use SAE+PMF for P2P connection in 6 GHz
Use WPA3-Personal (SAE+PMF) for P2P connections in the 6 GHz band to enable the Wi-Fi Display use case on the 6 GHz band without having to use WPA2-Personal (PSK) on that new band. Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
This commit is contained in:
parent
f0cdacacb3
commit
311091eb43
7 changed files with 37 additions and 7 deletions
|
@ -1172,6 +1172,8 @@ int hostapd_init_wps(struct hostapd_data *hapd,
|
||||||
wps->auth_types |= WPS_AUTH_WPA2PSK;
|
wps->auth_types |= WPS_AUTH_WPA2PSK;
|
||||||
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
|
||||||
wps->auth_types |= WPS_AUTH_WPA2;
|
wps->auth_types |= WPS_AUTH_WPA2;
|
||||||
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE)
|
||||||
|
wps->auth_types |= WPS_AUTH_WPA2PSK;
|
||||||
|
|
||||||
if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
|
if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
|
||||||
WPA_CIPHER_CCMP_256 |
|
WPA_CIPHER_CCMP_256 |
|
||||||
|
@ -1328,6 +1330,11 @@ int hostapd_init_wps(struct hostapd_data *hapd,
|
||||||
|
|
||||||
hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
|
hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
|
||||||
|
|
||||||
|
#ifdef CONFIG_P2P
|
||||||
|
if ((hapd->conf->p2p & P2P_ENABLED) &&
|
||||||
|
is_6ghz_op_class(hapd->iconf->op_class))
|
||||||
|
wps->use_passphrase = true;
|
||||||
|
#endif /* CONFIG_P2P */
|
||||||
hapd->wps = wps;
|
hapd->wps = wps;
|
||||||
bin_clear_free(multi_ap_netw_key, 2 * PMK_LEN);
|
bin_clear_free(multi_ap_netw_key, 2 * PMK_LEN);
|
||||||
|
|
||||||
|
|
|
@ -132,9 +132,11 @@ static void * eap_wsc_init(struct eap_sm *sm)
|
||||||
cfg.peer_addr = sm->peer_addr;
|
cfg.peer_addr = sm->peer_addr;
|
||||||
#ifdef CONFIG_P2P
|
#ifdef CONFIG_P2P
|
||||||
if (sm->assoc_p2p_ie) {
|
if (sm->assoc_p2p_ie) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-WSC: Prefer PSK format for P2P "
|
if (!sm->cfg->wps->use_passphrase) {
|
||||||
"client");
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"EAP-WSC: Prefer PSK format for non-6 GHz P2P client");
|
||||||
cfg.use_psk_key = 1;
|
cfg.use_psk_key = 1;
|
||||||
|
}
|
||||||
cfg.p2p_dev_addr = p2p_get_go_dev_addr(sm->assoc_p2p_ie);
|
cfg.p2p_dev_addr = p2p_get_go_dev_addr(sm->assoc_p2p_ie);
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_P2P */
|
#endif /* CONFIG_P2P */
|
||||||
|
|
|
@ -841,6 +841,10 @@ struct wps_context {
|
||||||
struct wpabuf *ap_nfc_dh_pubkey;
|
struct wpabuf *ap_nfc_dh_pubkey;
|
||||||
struct wpabuf *ap_nfc_dh_privkey;
|
struct wpabuf *ap_nfc_dh_privkey;
|
||||||
struct wpabuf *ap_nfc_dev_pw;
|
struct wpabuf *ap_nfc_dev_pw;
|
||||||
|
|
||||||
|
/* Whether to send WPA2-PSK passphrase as a passphrase instead of PSK
|
||||||
|
* for WPA3-Personal transition mode needs. */
|
||||||
|
bool use_passphrase;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct wps_registrar *
|
struct wps_registrar *
|
||||||
|
|
|
@ -1753,8 +1753,10 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
|
||||||
wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN);
|
wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN);
|
||||||
os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
|
os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
|
||||||
wps->cred.key_len = PMK_LEN * 2;
|
wps->cred.key_len = PMK_LEN * 2;
|
||||||
} else if (!wps->wps->registrar->force_per_enrollee_psk &&
|
} else if ((!wps->wps->registrar->force_per_enrollee_psk ||
|
||||||
wps->wps->network_key) {
|
wps->wps->use_passphrase) && wps->wps->network_key) {
|
||||||
|
wpa_printf(MSG_DEBUG,
|
||||||
|
"WPS: Use passphrase format for Network key");
|
||||||
os_memcpy(wps->cred.key, wps->wps->network_key,
|
os_memcpy(wps->cred.key, wps->wps->network_key,
|
||||||
wps->wps->network_key_len);
|
wps->wps->network_key_len);
|
||||||
wps->cred.key_len = wps->wps->network_key_len;
|
wps->cred.key_len = wps->wps->network_key_len;
|
||||||
|
|
|
@ -892,6 +892,8 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
|
||||||
params.wpa_proto = ssid->proto;
|
params.wpa_proto = ssid->proto;
|
||||||
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
|
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
|
||||||
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
|
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
|
||||||
|
else if (ssid->key_mgmt & WPA_KEY_MGMT_SAE)
|
||||||
|
wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
|
||||||
else
|
else
|
||||||
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
|
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
|
||||||
params.key_mgmt_suite = wpa_s->key_mgmt;
|
params.key_mgmt_suite = wpa_s->key_mgmt;
|
||||||
|
|
|
@ -2065,6 +2065,14 @@ static void wpas_start_wps_go(struct wpa_supplicant *wpa_s,
|
||||||
}
|
}
|
||||||
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
||||||
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
||||||
|
if (is_6ghz_freq(ssid->frequency) &&
|
||||||
|
is_p2p_6ghz_capable(wpa_s->global->p2p)) {
|
||||||
|
ssid->auth_alg |= WPA_AUTH_ALG_SAE;
|
||||||
|
ssid->key_mgmt = WPA_KEY_MGMT_SAE;
|
||||||
|
wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt");
|
||||||
|
} else {
|
||||||
|
p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);
|
||||||
|
}
|
||||||
ssid->proto = WPA_PROTO_RSN;
|
ssid->proto = WPA_PROTO_RSN;
|
||||||
ssid->pairwise_cipher = WPA_CIPHER_CCMP;
|
ssid->pairwise_cipher = WPA_CIPHER_CCMP;
|
||||||
ssid->group_cipher = WPA_CIPHER_CCMP;
|
ssid->group_cipher = WPA_CIPHER_CCMP;
|
||||||
|
|
|
@ -372,6 +372,7 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
||||||
#ifdef CONFIG_WPS_REG_DISABLE_OPEN
|
#ifdef CONFIG_WPS_REG_DISABLE_OPEN
|
||||||
int registrar = 0;
|
int registrar = 0;
|
||||||
#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
|
#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
|
||||||
|
bool add_sae;
|
||||||
|
|
||||||
if ((wpa_s->conf->wps_cred_processing == 1 ||
|
if ((wpa_s->conf->wps_cred_processing == 1 ||
|
||||||
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
|
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
|
||||||
|
@ -534,8 +535,12 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
||||||
case WPS_AUTH_WPA2PSK:
|
case WPS_AUTH_WPA2PSK:
|
||||||
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
||||||
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
||||||
if (wpa_s->conf->wps_cred_add_sae &&
|
add_sae = wpa_s->conf->wps_cred_add_sae;
|
||||||
cred->key_len != 2 * PMK_LEN) {
|
#ifdef CONFIG_P2P
|
||||||
|
if (ssid->p2p_group && is_p2p_6ghz_capable(wpa_s->global->p2p))
|
||||||
|
add_sae = true;
|
||||||
|
#endif /* CONFIG_P2P */
|
||||||
|
if (add_sae && cred->key_len != 2 * PMK_LEN) {
|
||||||
ssid->auth_alg = 0;
|
ssid->auth_alg = 0;
|
||||||
ssid->key_mgmt |= WPA_KEY_MGMT_SAE;
|
ssid->key_mgmt |= WPA_KEY_MGMT_SAE;
|
||||||
ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
|
ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;
|
||||||
|
|
Loading…
Reference in a new issue