OWE: Add AP mode handling of OWE with drivers that implement SME

Handle OWE DH exchange and key setup when processing the association
event from a driver that implements AP SME.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 648f20e8e7b046e1dcffa5c8e8be642fd976e604..eabea830603c9bb336bd24ffd9b35d01fc0c24ce 100644 (file)
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -520,7 +520,19 @@ skip_wpa_check:
        }
 #endif /* CONFIG_FILS */
 
-#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_FILS)
+#ifdef CONFIG_OWE
+       if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
+           wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
+           elems.owe_dh) {
+               p = owe_auth_req_process(hapd, sta,
+                                        elems.owe_dh, elems.owe_dh_len,
+                                        p, &reason);
+               if (!p || reason != WLAN_STATUS_SUCCESS)
+                       goto fail;
+       }
+#endif /* CONFIG_OWE */
+
+#if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_FILS) || defined(CONFIG_OWE)
        hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
 
        if (sta->auth_alg == WLAN_AUTH_FT ||

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index 1aeff8798ffe920ec7339e72f31cc99740013c38..72ff50f03529195bc0529d605b219e15ded024a5 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2932,6 +2932,37 @@ done:
 }
 
 
+#ifdef CONFIG_OWE
+u8 * owe_auth_req_process(struct hostapd_data *hapd, struct sta_info *sta,
+                         const u8 *owe_dh, u8 owe_dh_len,
+                         u8 *owe_buf, u16 *reason)
+{
+       struct wpabuf *pub;
+
+       *reason = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len);
+       if (*reason != WLAN_STATUS_SUCCESS)
+               return NULL;
+       pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
+       if (!pub) {
+               *reason = WLAN_STATUS_UNSPECIFIED_FAILURE;
+               return NULL;
+       }
+
+       /* OWE Diffie-Hellman Parameter element */
+       *owe_buf++ = WLAN_EID_EXTENSION; /* Element ID */
+       *owe_buf++ = 1 + 2 + wpabuf_len(pub); /* Length */
+       *owe_buf++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */
+       WPA_PUT_LE16(owe_buf, OWE_DH_GROUP);
+       owe_buf += 2;
+       os_memcpy(owe_buf, wpabuf_head(pub), wpabuf_len(pub));
+       owe_buf += wpabuf_len(pub);
+       wpabuf_free(pub);
+       *reason = WLAN_STATUS_SUCCESS;
+       return owe_buf;
+}
+#endif /* CONFIG_OWE */
+
+
 #ifdef CONFIG_FILS
 
 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)

diff --git a/src/ap/ieee802_11.h b/src/ap/ieee802_11.h
index 3b381b4e77f2355579018eeed696e7afc58b7d49..47b28e2ae70625cd113b80e52d71e2679abd73c1 100644 (file)
--- a/src/ap/ieee802_11.h
+++ b/src/ap/ieee802_11.h
@@ -142,6 +142,9 @@ void ieee802_11_finish_fils_auth(struct hostapd_data *hapd,
                                 struct sta_info *sta, int success,
                                 struct wpabuf *erp_resp,
                                 const u8 *msk, size_t msk_len);
+u8 * owe_auth_req_process(struct hostapd_data *hapd, struct sta_info *sta,
+                         const u8 *owe_dh, u8 owe_dh_len,
+                         u8 *owe_buf, u16 *reason);
 void fils_hlp_timeout(void *eloop_ctx, void *eloop_data);
 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta);
 void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,