[v2,2/3] nl80211: Allow SAE Authentication for NL80211_CMD_CONNECT

Commit Message

Jouni Malinen Dec. 22, 2017, 4:33 p.m. UTC

From: Srinivas Dasari <dasaris@qti.qualcomm.com>

This commit allows SAE Authentication for NL80211_CMD_CONNECT
interface, provided this is supported by the host driver.

Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 net/wireless/nl80211.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

v2:
- no changes; just rebased and included in the full patch series

Comments

Johannes Berg Jan. 4, 2018, 2:48 p.m. UTC | #1

On Fri, 2017-12-22 at 18:33 +0200, Jouni Malinen wrote:
> From: Srinivas Dasari <dasaris@qti.qualcomm.com>
> 
> This commit allows SAE Authentication for NL80211_CMD_CONNECT
> interface, provided this is supported by the host driver.

Now this is interesting - there could potentially be a case where you
request SAE, but don't set NL80211_ATTR_EXTERNAL_AUTH_SUPP[ORT], and
then SAE *isn't* supported, right?

What happens then? Do we expect the driver to reject it? Better at
least document the expected behaviour...

johannes

Patch

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 41a0373..ea36514 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3917,7 +3917,8 @@  static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
 		return true;
 	case NL80211_CMD_CONNECT:
 		/* SAE not supported yet */
-		if (auth_type == NL80211_AUTHTYPE_SAE)
+		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
+		    auth_type == NL80211_AUTHTYPE_SAE)
 			return false;
 		/* FILS with SK PFS or PK not supported yet */
 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||