nl80211: SAE authentication offload support
Set WPA_DRIVER_FLAGS2_SAE_OFFLOAD flag if the driver indicates SAE authentication offload support for STA mode. Allow SAE password to be provided to the driver in such cases when using the CONNECT command. Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com> Signed-off-by: Daisuke Mizobuchi <mizo@atmark-techno.com>
This commit is contained in:
parent
750403f3ad
commit
c3b8452e0e
3 changed files with 46 additions and 0 deletions
|
@ -1128,6 +1128,23 @@ struct wpa_driver_associate_params {
|
|||
*/
|
||||
const u8 *psk;
|
||||
|
||||
/**
|
||||
* sae_password - Password for SAE authentication
|
||||
*
|
||||
* This value is made available only for WPA3-Personal (SAE) and only
|
||||
* for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD.
|
||||
*/
|
||||
const char *sae_password;
|
||||
|
||||
/**
|
||||
* sae_password_id - Password Identifier for SAE authentication
|
||||
*
|
||||
* This value is made available only for WPA3-Personal (SAE) and only
|
||||
* for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD. If %NULL, SAE
|
||||
* password identifier is not used.
|
||||
*/
|
||||
const char *sae_password_id;
|
||||
|
||||
/**
|
||||
* drop_unencrypted - Enable/disable unencrypted frame filtering
|
||||
*
|
||||
|
@ -2262,6 +2279,8 @@ struct wpa_driver_capa {
|
|||
#define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL
|
||||
/** Driver supports minimal scan request probe content */
|
||||
#define WPA_DRIVER_FLAGS2_SCAN_MIN_PREQ 0x0000000000008000ULL
|
||||
/** Driver supports SAE authentication offload in STA mode */
|
||||
#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA 0x0000000000010000ULL
|
||||
u64 flags2;
|
||||
|
||||
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
|
||||
|
|
|
@ -7037,6 +7037,27 @@ static int wpa_driver_nl80211_try_connect(
|
|||
wpa_key_mgmt_sae(params->allowed_key_mgmts)) &&
|
||||
nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
|
||||
goto fail;
|
||||
|
||||
/* Add SAE password in case of SAE authentication offload */
|
||||
if ((params->sae_password || params->passphrase) &&
|
||||
(drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA)) {
|
||||
const char *password;
|
||||
size_t pwd_len;
|
||||
|
||||
if (params->sae_password && params->sae_password_id) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"nl80211: Use of SAE password identifiers not supported with driver-based SAE");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
password = params->sae_password;
|
||||
if (!password)
|
||||
password = params->passphrase;
|
||||
pwd_len = os_strlen(password);
|
||||
wpa_printf(MSG_DEBUG, " * SAE password");
|
||||
if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
|
||||
goto fail;
|
||||
}
|
||||
#endif /* CONFIG_SAE */
|
||||
|
||||
algs = 0;
|
||||
|
@ -7050,6 +7071,8 @@ static int wpa_driver_nl80211_try_connect(
|
|||
algs++;
|
||||
if (params->auth_alg & WPA_AUTH_ALG_FT)
|
||||
algs++;
|
||||
if (params->auth_alg & WPA_AUTH_ALG_SAE)
|
||||
algs++;
|
||||
if (algs > 1) {
|
||||
wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
|
||||
"selection");
|
||||
|
|
|
@ -600,6 +600,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
|
|||
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
|
||||
capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
|
||||
|
||||
if (ext_feature_isset(ext_features, len,
|
||||
NL80211_EXT_FEATURE_SAE_OFFLOAD))
|
||||
capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA;
|
||||
|
||||
if (ext_feature_isset(ext_features, len,
|
||||
NL80211_EXT_FEATURE_MFP_OPTIONAL))
|
||||
capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;
|
||||
|
|
Loading…
Reference in a new issue