P2P: Use SAE+PMF for P2P connection in 6 GHz

Use WPA3-Personal (SAE+PMF) for P2P connections in the 6 GHz band to
enable the Wi-Fi Display use case on the 6 GHz band without having to
use WPA2-Personal (PSK) on that new band.

Signed-off-by: Sreeramya Soratkal <ssramya@codeaurora.org>

diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c
index e97dbf996749ec735ee5905348791f3159416b28..9f22e39a2e6a5133330ce89d68e6c190c7933fd3 100644 (file)
--- a/src/ap/wps_hostapd.c
+++ b/src/ap/wps_hostapd.c
@@ -1172,6 +1172,8 @@ int hostapd_init_wps(struct hostapd_data *hapd,
                        wps->auth_types |= WPS_AUTH_WPA2PSK;
                if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X)
                        wps->auth_types |= WPS_AUTH_WPA2;
+               if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE)
+                       wps->auth_types |= WPS_AUTH_WPA2PSK;
 
                if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
                                          WPA_CIPHER_CCMP_256 |
@@ -1328,6 +1330,11 @@ int hostapd_init_wps(struct hostapd_data *hapd,
 
        hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd);
 
+#ifdef CONFIG_P2P
+       if ((hapd->conf->p2p & P2P_ENABLED) &&
+           is_6ghz_op_class(hapd->iconf->op_class))
+               wps->use_passphrase = true;
+#endif /* CONFIG_P2P */
        hapd->wps = wps;
        bin_clear_free(multi_ap_netw_key, 2 * PMK_LEN);
 

diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c
index fc70cf1962dbe9b552609b7fd72eea8e35cd0b8e..a162deb9ef6b71398d6c0a149fd0df181e23fe00 100644 (file)
--- a/src/eap_server/eap_server_wsc.c
+++ b/src/eap_server/eap_server_wsc.c
@@ -132,9 +132,11 @@ static void * eap_wsc_init(struct eap_sm *sm)
        cfg.peer_addr = sm->peer_addr;
 #ifdef CONFIG_P2P
        if (sm->assoc_p2p_ie) {
-               wpa_printf(MSG_DEBUG, "EAP-WSC: Prefer PSK format for P2P "
-                          "client");
-               cfg.use_psk_key = 1;
+               if (!sm->cfg->wps->use_passphrase) {
+                       wpa_printf(MSG_DEBUG,
+                                  "EAP-WSC: Prefer PSK format for non-6 GHz P2P client");
+                       cfg.use_psk_key = 1;
+               }
                cfg.p2p_dev_addr = p2p_get_go_dev_addr(sm->assoc_p2p_ie);
        }
 #endif /* CONFIG_P2P */

diff --git a/src/wps/wps.h b/src/wps/wps.h
index 6a12255c8a687a386538ac3f8f7b992d69c8b852..fed3e284895fe5761e4b82ac32fdb81ed1000253 100644 (file)
--- a/src/wps/wps.h
+++ b/src/wps/wps.h
@@ -841,6 +841,10 @@ struct wps_context {
        struct wpabuf *ap_nfc_dh_pubkey;
        struct wpabuf *ap_nfc_dh_privkey;
        struct wpabuf *ap_nfc_dev_pw;
+
+       /* Whether to send WPA2-PSK passphrase as a passphrase instead of PSK
+        * for WPA3-Personal transition mode needs. */
+       bool use_passphrase;
 };
 
 struct wps_registrar *

diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c
index 45f7e947e0fdca628ae42831c552f62c88237e4d..173fbbd68aa080ce4a88468b6aeee747e0a5b557 100644 (file)
--- a/src/wps/wps_registrar.c
+++ b/src/wps/wps_registrar.c
@@ -1753,8 +1753,10 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
                wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN);
                os_memcpy(wps->cred.key, hex, PMK_LEN * 2);
                wps->cred.key_len = PMK_LEN * 2;
-       } else if (!wps->wps->registrar->force_per_enrollee_psk &&
-                  wps->wps->network_key) {
+       } else if ((!wps->wps->registrar->force_per_enrollee_psk ||
+                   wps->wps->use_passphrase) && wps->wps->network_key) {
+               wpa_printf(MSG_DEBUG,
+                          "WPS: Use passphrase format for Network key");
                os_memcpy(wps->cred.key, wps->wps->network_key,
                          wps->wps->network_key_len);
                wps->cred.key_len = wps->wps->network_key_len;

diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index a2bd08d4c16ae1ca05a8dce5a6cdded2dcf79d04..cdf0ed5c7b5f3c3e0c1f374e62a378eb38fc9872 100644 (file)
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -892,6 +892,8 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
        params.wpa_proto = ssid->proto;
        if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
                wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
+       else if (ssid->key_mgmt & WPA_KEY_MGMT_SAE)
+               wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
        else
                wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
        params.key_mgmt_suite = wpa_s->key_mgmt;

diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 74acb1d436fc125367b4c3f3f36434ef2675e810..62c9a26a3490a398e1bdbe3b1232aa311f45eafe 100644 (file)
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -2065,6 +2065,14 @@ static void wpas_start_wps_go(struct wpa_supplicant *wpa_s,
        }
        ssid->auth_alg = WPA_AUTH_ALG_OPEN;
        ssid->key_mgmt = WPA_KEY_MGMT_PSK;
+       if (is_6ghz_freq(ssid->frequency) &&
+           is_p2p_6ghz_capable(wpa_s->global->p2p)) {
+               ssid->auth_alg |= WPA_AUTH_ALG_SAE;
+               ssid->key_mgmt = WPA_KEY_MGMT_SAE;
+               wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt");
+       } else {
+               p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false);
+       }
        ssid->proto = WPA_PROTO_RSN;
        ssid->pairwise_cipher = WPA_CIPHER_CCMP;
        ssid->group_cipher = WPA_CIPHER_CCMP;

diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index 029349b08d209b4c4a75e81ed3128bc2e5d59c9c..5633f3d1ecaf4a65168146b916708dcb2ec3a706 100644 (file)
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -372,6 +372,7 @@ static int wpa_supplicant_wps_cred(void *ctx,
 #ifdef CONFIG_WPS_REG_DISABLE_OPEN
        int registrar = 0;
 #endif /* CONFIG_WPS_REG_DISABLE_OPEN */
+       bool add_sae;
 
        if ((wpa_s->conf->wps_cred_processing == 1 ||
             wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) {
@@ -534,8 +535,12 @@ static int wpa_supplicant_wps_cred(void *ctx,
        case WPS_AUTH_WPA2PSK:
                ssid->auth_alg = WPA_AUTH_ALG_OPEN;
                ssid->key_mgmt = WPA_KEY_MGMT_PSK;
-               if (wpa_s->conf->wps_cred_add_sae &&
-                   cred->key_len != 2 * PMK_LEN) {
+               add_sae = wpa_s->conf->wps_cred_add_sae;
+#ifdef CONFIG_P2P
+               if (ssid->p2p_group && is_p2p_6ghz_capable(wpa_s->global->p2p))
+                       add_sae = true;
+#endif /* CONFIG_P2P */
+               if (add_sae && cred->key_len != 2 * PMK_LEN) {
                        ssid->auth_alg = 0;
                        ssid->key_mgmt |= WPA_KEY_MGMT_SAE;
                        ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;