nl80211: SAE authentication offload support

Set WPA_DRIVER_FLAGS2_SAE_OFFLOAD flag if the driver indicates SAE
authentication offload support for STA mode. Allow SAE password to be
provided to the driver in such cases when using the CONNECT command.

Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
Signed-off-by: Daisuke Mizobuchi <mizo@atmark-techno.com>

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 10cbb4f93420ba93659a41b5260367ee5b7b4703..b23853a6b7cf4cfc396296342f1f8d5cc8d3b91c 100644 (file)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1128,6 +1128,23 @@ struct wpa_driver_associate_params {
         */
        const u8 *psk;
 
+       /**
+        * sae_password - Password for SAE authentication
+        *
+        * This value is made available only for WPA3-Personal (SAE) and only
+        * for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD.
+        */
+       const char *sae_password;
+
+       /**
+        * sae_password_id - Password Identifier for SAE authentication
+        *
+        * This value is made available only for WPA3-Personal (SAE) and only
+        * for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD. If %NULL, SAE
+        * password identifier is not used.
+        */
+       const char *sae_password_id;
+
        /**
         * drop_unencrypted - Enable/disable unencrypted frame filtering
         *
@@ -2262,6 +2279,8 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS2_MLO                  0x0000000000004000ULL
 /** Driver supports minimal scan request probe content  */
 #define WPA_DRIVER_FLAGS2_SCAN_MIN_PREQ         0x0000000000008000ULL
+/** Driver supports SAE authentication offload in STA mode */
+#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA      0x0000000000010000ULL
        u64 flags2;
 
 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index d686dbd45aeb10d28c683b412c2961ef7d064ec1..f399eafb7ec48486658599b1858c122b569e6200 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -7037,6 +7037,27 @@ static int wpa_driver_nl80211_try_connect(
             wpa_key_mgmt_sae(params->allowed_key_mgmts)) &&
            nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
                goto fail;
+
+       /* Add SAE password in case of SAE authentication offload */
+       if ((params->sae_password || params->passphrase) &&
+           (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA)) {
+               const char *password;
+               size_t pwd_len;
+
+               if (params->sae_password && params->sae_password_id) {
+                       wpa_printf(MSG_INFO,
+                                  "nl80211: Use of SAE password identifiers not supported with driver-based SAE");
+                       goto fail;
+               }
+
+               password = params->sae_password;
+               if (!password)
+                       password = params->passphrase;
+               pwd_len = os_strlen(password);
+               wpa_printf(MSG_DEBUG, "  * SAE password");
+               if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
+                       goto fail;
+       }
 #endif /* CONFIG_SAE */
 
        algs = 0;
@@ -7050,6 +7071,8 @@ static int wpa_driver_nl80211_try_connect(
                algs++;
        if (params->auth_alg & WPA_AUTH_ALG_FT)
                algs++;
+       if (params->auth_alg & WPA_AUTH_ALG_SAE)
+               algs++;
        if (algs > 1) {
                wpa_printf(MSG_DEBUG, "  * Leave out Auth Type for automatic "
                           "selection");

diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 1658da697b012e639b19a4d2f2a44c883fc9d9a6..600d4b67f0f63fab70a4b8d25f6148b1cfff7749 100644 (file)
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -600,6 +600,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
                              NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
                capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
 
+       if (ext_feature_isset(ext_features, len,
+                             NL80211_EXT_FEATURE_SAE_OFFLOAD))
+               capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA;
+
        if (ext_feature_isset(ext_features, len,
                              NL80211_EXT_FEATURE_MFP_OPTIONAL))
                capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;