diff mbox series

[v2] cfg80211: Include the PMK and PMKID in NL80211_CMD_EXTERNAL_AUTH

Message ID 20190206080234.15750-1-luca@coelho.fi (mailing list archive)
State Changes Requested
Delegated to: Johannes Berg
Headers show
Series [v2] cfg80211: Include the PMK and PMKID in NL80211_CMD_EXTERNAL_AUTH | expand

Commit Message

Luca Coelho Feb. 6, 2019, 8:02 a.m. UTC 
From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>

This is needed for the devices that rely on user space to perform the
authentication, but offload the 4-way handshake and PMKSA caching.
Such devices don't implement SET/DEL_PMKSA commands, however they
still need to know the derived PMK and PMKID in order to proceed to
association and 4-way handshake phase.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
 include/net/cfg80211.h       |  4 ++++
 include/uapi/linux/nl80211.h |  4 +++-
 net/wireless/nl80211.c       | 13 ++++++++++++-
 3 files changed, 19 insertions(+), 2 deletions(-)

Comments

Johannes Berg Feb. 22, 2019, 12:41 p.m. UTC | #1 
> +++ b/net/wireless/nl80211.c
> @@ -13098,6 +13098,12 @@ static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
>  	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
>  		return -EINVAL;
>  
> +	if ((info->attrs[NL80211_ATTR_PMK] &&
> +	     !info->attrs[NL80211_ATTR_PMKID]) ||
> +	    (info->attrs[NL80211_ATTR_PMKID] &&
> +	     !info->attrs[NL80211_ATTR_PMK]))
> +		return -EINVAL;

This constitutes a netlink API change, so no, can't be right? PMKID was
perfectly reasonable to pass by itself before.

johannes
Luca Coelho March 8, 2019, 11:26 a.m. UTC | #2 
On Fri, 2019-02-22 at 13:41 +0100, Johannes Berg wrote:
> > +++ b/net/wireless/nl80211.c
> > @@ -13098,6 +13098,12 @@ static int nl80211_external_auth(struct
> > sk_buff *skb, struct genl_info *info)
> >  	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
> >  		return -EINVAL;
> >  
> > +	if ((info->attrs[NL80211_ATTR_PMK] &&
> > +	     !info->attrs[NL80211_ATTR_PMKID]) ||
> > +	    (info->attrs[NL80211_ATTR_PMKID] &&
> > +	     !info->attrs[NL80211_ATTR_PMK]))
> > +		return -EINVAL;
> 
> This constitutes a netlink API change, so no, can't be right? PMKID
> was
> perfectly reasonable to pass by itself before.

Good point.  Andrei, can you fix this? This can easily be changed to
accept PMKID alone but still do what you want when both are included.

--
Luca.
diff mbox series

Patch

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 7f2739a90bdb..5566a95b27d8 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -2846,6 +2846,8 @@  struct cfg80211_pmk_conf {
  *	the real status code for failures. Used only for the authentication
  *	response command interface (user space to driver).
  * @pmkid: The identifier to refer a PMKSA.
+ * @pmk_len: Length of PMK if present.
+ * @pmk: Derived PMK
  */
 struct cfg80211_external_auth_params {
 	enum nl80211_external_auth_action action;
@@ -2854,6 +2856,8 @@  struct cfg80211_external_auth_params {
 	unsigned int key_mgmt_suite;
 	u16 status;
 	const u8 *pmkid;
+	int pmk_len;
+	const u8 *pmk;
 };
 
 /**
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index dd4f86ee286e..10315b181ec4 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -1022,7 +1022,9 @@ 
  *	further with the association after getting successful authentication
  *	status. User space indicates the authentication status through
  *	%NL80211_ATTR_STATUS_CODE attribute in %NL80211_CMD_EXTERNAL_AUTH
- *	command interface.
+ *	command interface. In case of success, user space also includes the
+ *	derived PMK and PMKID through %NL80211_ATTR_PMK and
+ *	%NL80211_ATTR_PMKID.
  *
  *	Host driver reports this status on an authentication failure to the
  *	user space through the connect result as the user space would have
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index a3cc039b9f55..ce5d87d512e2 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -13098,6 +13098,12 @@  static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
 		return -EINVAL;
 
+	if ((info->attrs[NL80211_ATTR_PMK] &&
+	     !info->attrs[NL80211_ATTR_PMKID]) ||
+	    (info->attrs[NL80211_ATTR_PMKID] &&
+	     !info->attrs[NL80211_ATTR_PMK]))
+		return -EINVAL;
+
 	memset(&params, 0, sizeof(params));
 
 	if (info->attrs[NL80211_ATTR_SSID]) {
@@ -13115,8 +13121,13 @@  static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
 
 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
 
-	if (info->attrs[NL80211_ATTR_PMKID])
+	if (info->attrs[NL80211_ATTR_PMKID]) {
+		if (info->attrs[NL80211_ATTR_PMK]) {
+			params.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
+			params.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
+		}
 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
+	}
 
 	return rdev_external_auth(rdev, dev, &params);
 }