P2P: Use SAE+PMF for P2P connection in 6 GHz

Use WPA3-Personal (SAE+PMF) for P2P connections in the 6 GHz band to
enable the Wi-Fi Display use case on the 6 GHz band without having to
use WPA2-Personal (PSK) on that new band.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>
This commit is contained in:
Sreeramya Soratkal 2021-05-04 13:04:10 +05:30 committed by Jouni Malinen
parent f0cdacacb3
commit 311091eb43
7 changed files with 37 additions and 7 deletions

View file

@ -1172,6 +1172,8 @@ int hostapd_init_wps(struct hostapd_data *hapd,
wps->auth_types |= WPS_AUTH_WPA2PSK; wps->auth_types |= WPS_AUTH_WPA2PSK;
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
wps->auth_types |= WPS_AUTH_WPA2; wps->auth_types |= WPS_AUTH_WPA2;
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE)
wps->auth_types |= WPS_AUTH_WPA2PSK;
if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
WPA_CIPHER_CCMP_256 | WPA_CIPHER_CCMP_256 |
@ -1328,6 +1330,11 @@ int hostapd_init_wps(struct hostapd_data *hapd,
hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd); hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
#ifdef CONFIG_P2P
if ((hapd->conf->p2p & P2P_ENABLED) &&
is_6ghz_op_class(hapd->iconf->op_class))
wps->use_passphrase = true;
#endif /* CONFIG_P2P */
hapd->wps = wps; hapd->wps = wps;
bin_clear_free(multi_ap_netw_key, 2 * PMK_LEN); bin_clear_free(multi_ap_netw_key, 2 * PMK_LEN);

View file

@ -132,9 +132,11 @@ static void * eap_wsc_init(struct eap_sm *sm)
cfg.peer_addr = sm->peer_addr; cfg.peer_addr = sm->peer_addr;
#ifdef CONFIG_P2P #ifdef CONFIG_P2P
if (sm->assoc_p2p_ie) { if (sm->assoc_p2p_ie) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Prefer PSK format for P2P " if (!sm->cfg->wps->use_passphrase) {
"client"); wpa_printf(MSG_DEBUG,
"EAP-WSC: Prefer PSK format for non-6 GHz P2P client");
cfg.use_psk_key = 1; cfg.use_psk_key = 1;
}
cfg.p2p_dev_addr = p2p_get_go_dev_addr(sm->assoc_p2p_ie); cfg.p2p_dev_addr = p2p_get_go_dev_addr(sm->assoc_p2p_ie);
} }
#endif /* CONFIG_P2P */ #endif /* CONFIG_P2P */

View file

@ -841,6 +841,10 @@ struct wps_context {
struct wpabuf *ap_nfc_dh_pubkey; struct wpabuf *ap_nfc_dh_pubkey;
struct wpabuf *ap_nfc_dh_privkey; struct wpabuf *ap_nfc_dh_privkey;
struct wpabuf *ap_nfc_dev_pw; struct wpabuf *ap_nfc_dev_pw;
/* Whether to send WPA2-PSK passphrase as a passphrase instead of PSK
* for WPA3-Personal transition mode needs. */
bool use_passphrase;
}; };
struct wps_registrar * struct wps_registrar *

View file

@ -1753,8 +1753,10 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN); wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN);
os_memcpy(wps->cred.key, hex, PMK_LEN * 2); os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
wps->cred.key_len = PMK_LEN * 2; wps->cred.key_len = PMK_LEN * 2;
} else if (!wps->wps->registrar->force_per_enrollee_psk && } else if ((!wps->wps->registrar->force_per_enrollee_psk ||
wps->wps->network_key) { wps->wps->use_passphrase) && wps->wps->network_key) {
wpa_printf(MSG_DEBUG,
"WPS: Use passphrase format for Network key");
os_memcpy(wps->cred.key, wps->wps->network_key, os_memcpy(wps->cred.key, wps->wps->network_key,
wps->wps->network_key_len); wps->wps->network_key_len);
wps->cred.key_len = wps->wps->network_key_len; wps->cred.key_len = wps->wps->network_key_len;

View file

@ -892,6 +892,8 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
params.wpa_proto = ssid->proto; params.wpa_proto = ssid->proto;
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK; wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
else if (ssid->key_mgmt & WPA_KEY_MGMT_SAE)
wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
else else
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE; wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
params.key_mgmt_suite = wpa_s->key_mgmt; params.key_mgmt_suite = wpa_s->key_mgmt;

View file

@ -2065,6 +2065,14 @@ static void wpas_start_wps_go(struct wpa_supplicant *wpa_s,
} }
ssid->auth_alg = WPA_AUTH_ALG_OPEN; ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_PSK; ssid->key_mgmt = WPA_KEY_MGMT_PSK;
if (is_6ghz_freq(ssid->frequency) &&
is_p2p_6ghz_capable(wpa_s->global->p2p)) {
ssid->auth_alg |= WPA_AUTH_ALG_SAE;
ssid->key_mgmt = WPA_KEY_MGMT_SAE;
wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt");
} else {
p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);
}
ssid->proto = WPA_PROTO_RSN; ssid->proto = WPA_PROTO_RSN;
ssid->pairwise_cipher = WPA_CIPHER_CCMP; ssid->pairwise_cipher = WPA_CIPHER_CCMP;
ssid->group_cipher = WPA_CIPHER_CCMP; ssid->group_cipher = WPA_CIPHER_CCMP;

View file

@ -372,6 +372,7 @@ static int wpa_supplicant_wps_cred(void *ctx,
#ifdef CONFIG_WPS_REG_DISABLE_OPEN #ifdef CONFIG_WPS_REG_DISABLE_OPEN
int registrar = 0; int registrar = 0;
#endif /* CONFIG_WPS_REG_DISABLE_OPEN */ #endif /* CONFIG_WPS_REG_DISABLE_OPEN */
bool add_sae;
if ((wpa_s->conf->wps_cred_processing == 1 || if ((wpa_s->conf->wps_cred_processing == 1 ||
wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) { wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
@ -534,8 +535,12 @@ static int wpa_supplicant_wps_cred(void *ctx,
case WPS_AUTH_WPA2PSK: case WPS_AUTH_WPA2PSK:
ssid->auth_alg = WPA_AUTH_ALG_OPEN; ssid->auth_alg = WPA_AUTH_ALG_OPEN;
ssid->key_mgmt = WPA_KEY_MGMT_PSK; ssid->key_mgmt = WPA_KEY_MGMT_PSK;
if (wpa_s->conf->wps_cred_add_sae && add_sae = wpa_s->conf->wps_cred_add_sae;
cred->key_len != 2 * PMK_LEN) { #ifdef CONFIG_P2P
if (ssid->p2p_group && is_p2p_6ghz_capable(wpa_s->global->p2p))
add_sae = true;
#endif /* CONFIG_P2P */
if (add_sae && cred->key_len != 2 * PMK_LEN) {
ssid->auth_alg = 0; ssid->auth_alg = 0;
ssid->key_mgmt |= WPA_KEY_MGMT_SAE; ssid->key_mgmt |= WPA_KEY_MGMT_SAE;
ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL; ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;