nl80211: add support for SAE authentication offload

Let drivers advertise support for station-mode SAE authentication
offload with a new NL80211_EXT_FEATURE_SAE_OFFLOAD flag.

Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 61f0a316c6ac9dff9cdd75d9b358770ea07a375b..5dfd949ade252c86c9344622ccbc249e52c8b3a3 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2612,6 +2612,7 @@ enum ieee80211_key_len {
 #define FILS_ERP_MAX_RRK_LEN           64
 
 #define PMK_MAX_LEN                    64
+#define SAE_PASSWORD_MAX_LEN           128
 
 /* Public action codes (IEEE Std 802.11-2016, 9.6.8.1, Table 9-307) */
 enum ieee80211_pub_actioncode {

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index c1968783349360f912b04c2880853eae6a006147..4b45056dbb25e5e426e72f59e913070c0b33f900 100644 (file)
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -742,6 +742,9 @@ struct survey_info {
  *     CFG80211_MAX_WEP_KEYS WEP keys
  * @wep_tx_key: key index (0..3) of the default TX static WEP key
  * @psk: PSK (for devices supporting 4-way-handshake offload)
+ * @sae_pwd: password for SAE authentication (for devices supporting SAE
+ *     offload)
+ * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
  */
 struct cfg80211_crypto_settings {
        u32 wpa_versions;
@@ -757,6 +760,8 @@ struct cfg80211_crypto_settings {
        struct key_params *wep_keys;
        int wep_tx_key;
        const u8 *psk;
+       const u8 *sae_pwd;
+       u8 sae_pwd_len;
 };
 
 /**

diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index e9bf3d69d847c5bec6ee4bab7f16b4dd5279f141..8b1e43fecd256168ed135c70dbb6f608add1607a 100644 (file)
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -234,6 +234,15 @@
  * use in a FILS shared key connection with PMKSA caching.
  */
 
+/**
+ * DOC: SAE authentication offload
+ *
+ * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
+ * support offloading SAE authentication for WPA3-Personal networks. In
+ * %NL80211_CMD_CONNECT the password for SAE should be specified using
+ * %NL80211_ATTR_SAE_PASSWORD.
+ */
+
 /**
  * enum nl80211_commands - supported nl80211 commands
  *
@@ -2341,6 +2350,10 @@ enum nl80211_commands {
  *     should be picking up the lowest tx power, either tx power per-interface
  *     or per-station.
  *
+ * @NL80211_ATTR_SAE_PASSWORD: attribute for passing SAE password material. It
+ *     is used with %NL80211_CMD_CONNECT to provide password for offloading
+ *     SAE authentication for WPA3-Personal networks.
+ *
  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
  * @NL80211_ATTR_MAX: highest attribute number currently defined
  * @__NL80211_ATTR_AFTER_LAST: internal use
@@ -2794,6 +2807,8 @@ enum nl80211_attrs {
        NL80211_ATTR_STA_TX_POWER_SETTING,
        NL80211_ATTR_STA_TX_POWER,
 
+       NL80211_ATTR_SAE_PASSWORD,
+
        /* add attributes here, update the policy in nl80211.c */
 
        __NL80211_ATTR_AFTER_LAST,
@@ -5423,6 +5438,9 @@ enum nl80211_feature_flags {
  * @NL80211_EXT_FEATURE_STA_TX_PWR: This driver supports controlling tx power
  *     to a station.
  *
+ * @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in
+ *     station mode (SAE password is passed as part of the connect command).
+ *
  * @NUM_NL80211_EXT_FEATURES: number of extended features.
  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
  */
@@ -5467,6 +5485,7 @@ enum nl80211_ext_feature_index {
        NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD,
        NL80211_EXT_FEATURE_EXT_KEY_ID,
        NL80211_EXT_FEATURE_STA_TX_PWR,
+       NL80211_EXT_FEATURE_SAE_OFFLOAD,
 
        /* add new features before the definition below */
        NUM_NL80211_EXT_FEATURES,

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 8332a5731c57b5b3febb1202c5fa31d9053b4587..80e514872719a398703431bc96824f6efe68162a 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -571,6 +571,8 @@ const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
        [NL80211_ATTR_PEER_MEASUREMENTS] =
                NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
        [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
+       [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
+                                       .len = SAE_PASSWORD_MAX_LEN },
 };
 
 /* policy for the key attributes */
@@ -4434,6 +4436,8 @@ static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
                return true;
        case NL80211_CMD_CONNECT:
                if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
+                   !wiphy_ext_feature_isset(&rdev->wiphy,
+                                            NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
                    auth_type == NL80211_AUTHTYPE_SAE)
                        return false;
 
@@ -8973,6 +8977,16 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
                settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
        }
 
+       if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
+               if (!wiphy_ext_feature_isset(&rdev->wiphy,
+                                            NL80211_EXT_FEATURE_SAE_OFFLOAD))
+                       return -EINVAL;
+               settings->sae_pwd =
+                       nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
+               settings->sae_pwd_len =
+                       nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
+       }
+
        return 0;
 }