From c3b8452e0e04038349fbfe757639ff3b377e98da Mon Sep 17 00:00:00 2001 From: Chung-Hsien Hsu Date: Wed, 19 Jul 2023 14:22:26 +0900 Subject: [PATCH] nl80211: SAE authentication offload support Set WPA_DRIVER_FLAGS2_SAE_OFFLOAD flag if the driver indicates SAE authentication offload support for STA mode. Allow SAE password to be provided to the driver in such cases when using the CONNECT command. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Daisuke Mizobuchi --- src/drivers/driver.h | 19 +++++++++++++++++++ src/drivers/driver_nl80211.c | 23 +++++++++++++++++++++++ src/drivers/driver_nl80211_capa.c | 4 ++++ 3 files changed, 46 insertions(+) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 10cbb4f93..b23853a6b 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -1128,6 +1128,23 @@ struct wpa_driver_associate_params { */ const u8 *psk; + /** + * sae_password - Password for SAE authentication + * + * This value is made available only for WPA3-Personal (SAE) and only + * for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD. + */ + const char *sae_password; + + /** + * sae_password_id - Password Identifier for SAE authentication + * + * This value is made available only for WPA3-Personal (SAE) and only + * for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD. If %NULL, SAE + * password identifier is not used. + */ + const char *sae_password_id; + /** * drop_unencrypted - Enable/disable unencrypted frame filtering * @@ -2262,6 +2279,8 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL /** Driver supports minimal scan request probe content */ #define WPA_DRIVER_FLAGS2_SCAN_MIN_PREQ 0x0000000000008000ULL +/** Driver supports SAE authentication offload in STA mode */ +#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA 0x0000000000010000ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index d686dbd45..f399eafb7 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -7037,6 +7037,27 @@ static int wpa_driver_nl80211_try_connect( wpa_key_mgmt_sae(params->allowed_key_mgmts)) && nl80211_put_sae_pwe(msg, params->sae_pwe) < 0) goto fail; + + /* Add SAE password in case of SAE authentication offload */ + if ((params->sae_password || params->passphrase) && + (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA)) { + const char *password; + size_t pwd_len; + + if (params->sae_password && params->sae_password_id) { + wpa_printf(MSG_INFO, + "nl80211: Use of SAE password identifiers not supported with driver-based SAE"); + goto fail; + } + + password = params->sae_password; + if (!password) + password = params->passphrase; + pwd_len = os_strlen(password); + wpa_printf(MSG_DEBUG, " * SAE password"); + if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password)) + goto fail; + } #endif /* CONFIG_SAE */ algs = 0; @@ -7050,6 +7071,8 @@ static int wpa_driver_nl80211_try_connect( algs++; if (params->auth_alg & WPA_AUTH_ALG_FT) algs++; + if (params->auth_alg & WPA_AUTH_ALG_SAE) + algs++; if (algs > 1) { wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " "selection"); diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index 1658da697..600d4b67f 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -600,6 +600,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X; + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_SAE_OFFLOAD)) + capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA; + if (ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_MFP_OPTIONAL)) capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;