nl80211: SAE authentication offload support

Set WPA_DRIVER_FLAGS2_SAE_OFFLOAD flag if the driver indicates SAE
authentication offload support for STA mode. Allow SAE password to be
provided to the driver in such cases when using the CONNECT command.

Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
Signed-off-by: Daisuke Mizobuchi <mizo@atmark-techno.com>
This commit is contained in:
Chung-Hsien Hsu 2023-07-19 14:22:26 +09:00 committed by Jouni Malinen
parent 750403f3ad
commit c3b8452e0e
3 changed files with 46 additions and 0 deletions

View file

@ -1128,6 +1128,23 @@ struct wpa_driver_associate_params {
*/ */
const u8 *psk; const u8 *psk;
/**
* sae_password - Password for SAE authentication
*
* This value is made available only for WPA3-Personal (SAE) and only
* for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD.
*/
const char *sae_password;
/**
* sae_password_id - Password Identifier for SAE authentication
*
* This value is made available only for WPA3-Personal (SAE) and only
* for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD. If %NULL, SAE
* password identifier is not used.
*/
const char *sae_password_id;
/** /**
* drop_unencrypted - Enable/disable unencrypted frame filtering * drop_unencrypted - Enable/disable unencrypted frame filtering
* *
@ -2262,6 +2279,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL #define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL
/** Driver supports minimal scan request probe content */ /** Driver supports minimal scan request probe content */
#define WPA_DRIVER_FLAGS2_SCAN_MIN_PREQ 0x0000000000008000ULL #define WPA_DRIVER_FLAGS2_SCAN_MIN_PREQ 0x0000000000008000ULL
/** Driver supports SAE authentication offload in STA mode */
#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA 0x0000000000010000ULL
u64 flags2; u64 flags2;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \

View file

@ -7037,6 +7037,27 @@ static int wpa_driver_nl80211_try_connect(
wpa_key_mgmt_sae(params->allowed_key_mgmts)) && wpa_key_mgmt_sae(params->allowed_key_mgmts)) &&
nl80211_put_sae_pwe(msg, params->sae_pwe) < 0) nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
goto fail; goto fail;
/* Add SAE password in case of SAE authentication offload */
if ((params->sae_password || params->passphrase) &&
(drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA)) {
const char *password;
size_t pwd_len;
if (params->sae_password && params->sae_password_id) {
wpa_printf(MSG_INFO,
"nl80211: Use of SAE password identifiers not supported with driver-based SAE");
goto fail;
}
password = params->sae_password;
if (!password)
password = params->passphrase;
pwd_len = os_strlen(password);
wpa_printf(MSG_DEBUG, " * SAE password");
if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
goto fail;
}
#endif /* CONFIG_SAE */ #endif /* CONFIG_SAE */
algs = 0; algs = 0;
@ -7050,6 +7071,8 @@ static int wpa_driver_nl80211_try_connect(
algs++; algs++;
if (params->auth_alg & WPA_AUTH_ALG_FT) if (params->auth_alg & WPA_AUTH_ALG_FT)
algs++; algs++;
if (params->auth_alg & WPA_AUTH_ALG_SAE)
algs++;
if (algs > 1) { if (algs > 1) {
wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
"selection"); "selection");

View file

@ -600,6 +600,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X; capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_SAE_OFFLOAD))
capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA;
if (ext_feature_isset(ext_features, len, if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_MFP_OPTIONAL)) NL80211_EXT_FEATURE_MFP_OPTIONAL))
capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL; capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;