From patchwork Thu May 9 09:49:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chi-Hsien Lin X-Patchwork-Id: 10936949 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1C05D912 for ; Thu, 9 May 2019 09:49:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0C8AA28928 for ; Thu, 9 May 2019 09:49:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EE0DC289DA; Thu, 9 May 2019 09:49:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A7D728928 for ; Thu, 9 May 2019 09:49:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726415AbfEIJtJ (ORCPT ); Thu, 9 May 2019 05:49:09 -0400 Received: from mail-eopbgr770105.outbound.protection.outlook.com ([40.107.77.105]:31457 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725928AbfEIJtI (ORCPT ); Thu, 9 May 2019 05:49:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cypress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ovxiVdpP/ywtD16o8mFoyqWBJYb1bxlvBLbTQBRMdE=; b=S53Hjp5oTD6A1joNIUglcmzyW93iku2/NTAclnUqePJCbFsSa7Xq0a/YkqVm48PW9aKR9UkcILlpqs/t4ylsDiRz1woJCnQ8z7PM/Mbc8pqBFCvLbOQyy+NndA2jBtofIgCKaVcA1DXYKnew8uNr/Ul+29xmqMFQRctkH0wsg8I= Received: from DM6PR06MB5804.namprd06.prod.outlook.com (20.179.161.141) by DM6PR06MB4777.namprd06.prod.outlook.com (20.176.112.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.12; Thu, 9 May 2019 09:49:05 +0000 Received: from DM6PR06MB5804.namprd06.prod.outlook.com ([fe80::e08f:7f34:9d7d:5a7c]) by DM6PR06MB5804.namprd06.prod.outlook.com ([fe80::e08f:7f34:9d7d:5a7c%3]) with mapi id 15.20.1856.012; Thu, 9 May 2019 09:49:05 +0000 From: Chi-Hsien Lin To: "linux-wireless@vger.kernel.org" CC: "brcm80211-dev-list@broadcom.com" , brcm80211-dev-list , Arend van Spriel , Franky Lin , Hante Meuleman , Wright Feng , Kalle Valo , Stanley Hsu , Chi-Hsien Lin Subject: [PATCH V2 1/3] nl80211: add WPA3 definition for SAE authentication Thread-Topic: [PATCH V2 1/3] nl80211: add WPA3 definition for SAE authentication Thread-Index: AQHVBkxwfJ5nEm0ck0ukLW6pn3CIxg== Date: Thu, 9 May 2019 09:49:05 +0000 Message-ID: <1557395332-41426-2-git-send-email-chi-hsien.lin@cypress.com> References: <1557395332-41426-1-git-send-email-chi-hsien.lin@cypress.com> In-Reply-To: <1557395332-41426-1-git-send-email-chi-hsien.lin@cypress.com> Accept-Language: en-US, zh-TW Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [12.110.209.245] x-clientproxiedby: BYAPR02CA0032.namprd02.prod.outlook.com (2603:10b6:a02:ee::45) To DM6PR06MB5804.namprd06.prod.outlook.com (2603:10b6:5:1a6::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Chi-Hsien.Lin@cypress.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.1.0 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7c285cf9-3eae-4499-8352-08d6d46392a4 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020);SRVR:DM6PR06MB4777; x-ms-traffictypediagnostic: DM6PR06MB4777: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1186; x-forefront-prvs: 003245E729 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(376002)(136003)(396003)(346002)(39860400002)(366004)(189003)(199004)(25786009)(52116002)(66476007)(64756008)(66446008)(53936002)(6436002)(66066001)(14444005)(5640700003)(50226002)(66556008)(6512007)(3846002)(256004)(8936002)(66946007)(6486002)(99286004)(446003)(2906002)(107886003)(4326008)(2616005)(486006)(11346002)(476003)(478600001)(305945005)(76176011)(6916009)(7736002)(386003)(6506007)(71200400001)(71190400001)(54906003)(2501003)(2351001)(186003)(86362001)(14454004)(102836004)(8676002)(26005)(68736007)(6116002)(73956011)(36756003)(5660300002)(316002)(81156014)(81166006)(72206003);DIR:OUT;SFP:1102;SCL:1;SRVR:DM6PR06MB4777;H:DM6PR06MB5804.namprd06.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: cypress.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Rdm59bZC7K8SldGwQ1K4vriR2OBu0mSR5OTvZEk14511eJAbLfdYhAzwilRjqZXbzdnhxehVSZZraLXsu3Yl/OU+vkwCE+cdlq6+RNVBLGxlN5c5p7Wn1JkQUBhz538R4+X703q9vdiT1EDqGdImVTdh8zcsjiK3EaUjZ9B1QiMk+QY5XyuliEJR108LiZVMWBTKv7fSNJxRtAR2xUStzhc1H7PUkGvwoMNIaBK46o0NqBkJL62ZmSX0KBMwRqeb7pWcyOpvdgaGEVuP9hZ9OxIpYFI6oWhKuWBOyiwDyOgYxqK8/Ucou+JGHWHfvdnITsXO1mZOh48lPVUE4qCMeA9RA7z/o7x95qBLayd91uRo1/OSt2Koj0iek8DTJlwNOh3HGZ1n2y6MOSHA7BsvtofUrqAOb52gD7KmFLrj90o= MIME-Version: 1.0 X-OriginatorOrg: cypress.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c285cf9-3eae-4499-8352-08d6d46392a4 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2019 09:49:05.1723 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 011addfc-2c09-450d-8938-e0bbc2dd2376 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB4777 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Chung-Hsien Hsu Add definition of WPA version 3 for SAE authentication. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Chi-Hsien Lin --- include/uapi/linux/nl80211.h | 1 + net/wireless/nl80211.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 6f09d1500960..e9bf3d69d847 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -4406,6 +4406,7 @@ enum nl80211_mfp { enum nl80211_wpa_versions { NL80211_WPA_VERSION_1 = 1 << 0, NL80211_WPA_VERSION_2 = 1 << 1, + NL80211_WPA_VERSION_3 = 1 << 2, }; /** diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index fffe4b371e23..8e470591c424 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -8699,7 +8699,8 @@ static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb) static bool nl80211_valid_wpa_versions(u32 wpa_versions) { return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | - NL80211_WPA_VERSION_2)); + NL80211_WPA_VERSION_2 | + NL80211_WPA_VERSION_3)); } static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) From patchwork Thu May 9 09:49:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chi-Hsien Lin X-Patchwork-Id: 10936951 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 62EE714B6 for ; Thu, 9 May 2019 09:49:12 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 51B1928727 for ; Thu, 9 May 2019 09:49:12 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4556F28928; Thu, 9 May 2019 09:49:12 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A39D228727 for ; Thu, 9 May 2019 09:49:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726511AbfEIJtL (ORCPT ); Thu, 9 May 2019 05:49:11 -0400 Received: from mail-eopbgr770105.outbound.protection.outlook.com ([40.107.77.105]:31457 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725826AbfEIJtK (ORCPT ); Thu, 9 May 2019 05:49:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cypress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X7GaokOwdqlR0groIxfixQzgum/YNpJeNIL9rhrUGr8=; b=fA0F29mjgvrPCtAt/YZhVWeAEapeVHwXQsYRugIZBz4kl4qkuZFw7PX2Al+lhcTOUcPc7Ud/gd3crptxuZKQ51sHW9ZQN5U827rUsD/tBG2n1kEhXIx/w2uwKKCBP0mxluGqFQtS+MllLB0viKZdxI4gMzmI/3kyg73iRikux5k= Received: from DM6PR06MB5804.namprd06.prod.outlook.com (20.179.161.141) by DM6PR06MB4777.namprd06.prod.outlook.com (20.176.112.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.12; Thu, 9 May 2019 09:49:06 +0000 Received: from DM6PR06MB5804.namprd06.prod.outlook.com ([fe80::e08f:7f34:9d7d:5a7c]) by DM6PR06MB5804.namprd06.prod.outlook.com ([fe80::e08f:7f34:9d7d:5a7c%3]) with mapi id 15.20.1856.012; Thu, 9 May 2019 09:49:06 +0000 From: Chi-Hsien Lin To: "linux-wireless@vger.kernel.org" CC: "brcm80211-dev-list@broadcom.com" , brcm80211-dev-list , Arend van Spriel , Franky Lin , Hante Meuleman , Wright Feng , Kalle Valo , Stanley Hsu , Chi-Hsien Lin Subject: [PATCH V2 2/3] nl80211: add support for SAE authentication offload Thread-Topic: [PATCH V2 2/3] nl80211: add support for SAE authentication offload Thread-Index: AQHVBkxxgLQSiZ1pREysA5TSDvl90w== Date: Thu, 9 May 2019 09:49:06 +0000 Message-ID: <1557395332-41426-3-git-send-email-chi-hsien.lin@cypress.com> References: <1557395332-41426-1-git-send-email-chi-hsien.lin@cypress.com> In-Reply-To: <1557395332-41426-1-git-send-email-chi-hsien.lin@cypress.com> Accept-Language: en-US, zh-TW Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [12.110.209.245] x-clientproxiedby: BYAPR02CA0032.namprd02.prod.outlook.com (2603:10b6:a02:ee::45) To DM6PR06MB5804.namprd06.prod.outlook.com (2603:10b6:5:1a6::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Chi-Hsien.Lin@cypress.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.1.0 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 660eb1e8-88ec-400a-cf96-08d6d463939a x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020);SRVR:DM6PR06MB4777; x-ms-traffictypediagnostic: DM6PR06MB4777: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 003245E729 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(376002)(136003)(396003)(346002)(39860400002)(366004)(15594002)(189003)(199004)(25786009)(52116002)(66476007)(64756008)(66446008)(53936002)(6436002)(66066001)(14444005)(5640700003)(50226002)(66556008)(6512007)(3846002)(256004)(8936002)(66946007)(6486002)(99286004)(446003)(2906002)(107886003)(4326008)(2616005)(486006)(11346002)(476003)(478600001)(305945005)(76176011)(6916009)(7736002)(386003)(6506007)(71200400001)(71190400001)(54906003)(2501003)(2351001)(186003)(86362001)(14454004)(102836004)(8676002)(26005)(68736007)(6116002)(73956011)(36756003)(5660300002)(316002)(81156014)(81166006)(72206003);DIR:OUT;SFP:1102;SCL:1;SRVR:DM6PR06MB4777;H:DM6PR06MB5804.namprd06.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: cypress.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: SIDP/XY/LxsP5ym+OkE4UQNKMQ9S9dzwpZR3ymLRVpjZri94Nl1m+0QJv9y9FyVtE9b9ZDVnW1AXYiSXMvsTFTFwloH8WXdLh0LmrVlGRw3tAfVxv1suQuXufG/qEHQcA0iTVu6eTBOYMTU27G6kBpGYuduvokzibBxg0LLsBJnVw+SKqMn+Idqiasd0AiOfUQXX33GcQe8sSCXliOOHP+FfAo/t3iVC5sYHZY+Rl79mfaOhwwnS6So4VngxIH8EqBgB1qOIjPFf247qQxVT7/KxjHLv77P01qRFHtDqV/Iqp3OTui3/AHNlyc2tGXOVCGKSMN4u3Efc+g8oA9pHuNT0RomRDN5gsIfmhbD1dd32Aupp5iEn60iuwK1dVV6kekwhuTJ/bXiyVSbO3vGJhXtf3y6dPsSANk/KW5aG8Uo= MIME-Version: 1.0 X-OriginatorOrg: cypress.com X-MS-Exchange-CrossTenant-Network-Message-Id: 660eb1e8-88ec-400a-cf96-08d6d463939a X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2019 09:49:06.6733 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 011addfc-2c09-450d-8938-e0bbc2dd2376 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB4777 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Chung-Hsien Hsu Let drivers advertise support for station-mode SAE authentication offload with a new NL80211_EXT_FEATURE_SAE_OFFLOAD flag. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Chi-Hsien Lin --- include/linux/ieee80211.h | 1 + include/net/cfg80211.h | 5 +++++ include/uapi/linux/nl80211.h | 19 +++++++++++++++++++ net/wireless/nl80211.c | 14 ++++++++++++++ 4 files changed, 39 insertions(+) diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 61f0a316c6ac..5dfd949ade25 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -2612,6 +2612,7 @@ enum ieee80211_key_len { #define FILS_ERP_MAX_RRK_LEN 64 #define PMK_MAX_LEN 64 +#define SAE_PASSWORD_MAX_LEN 128 /* Public action codes (IEEE Std 802.11-2016, 9.6.8.1, Table 9-307) */ enum ieee80211_pub_actioncode { diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 87dae868707e..6d4c4d4fd571 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -742,6 +742,9 @@ struct survey_info { * CFG80211_MAX_WEP_KEYS WEP keys * @wep_tx_key: key index (0..3) of the default TX static WEP key * @psk: PSK (for devices supporting 4-way-handshake offload) + * @sae_pwd: password for SAE authentication (for devices supporting SAE + * offload) + * @sae_pwd_len: length of SAE password (for devices supporting SAE offload) */ struct cfg80211_crypto_settings { u32 wpa_versions; @@ -757,6 +760,8 @@ struct cfg80211_crypto_settings { struct key_params *wep_keys; int wep_tx_key; const u8 *psk; + const u8 *sae_pwd; + u8 sae_pwd_len; }; /** diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index e9bf3d69d847..8b1e43fecd25 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -235,6 +235,15 @@ */ /** + * DOC: SAE authentication offload + * + * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they + * support offloading SAE authentication for WPA3-Personal networks. In + * %NL80211_CMD_CONNECT the password for SAE should be specified using + * %NL80211_ATTR_SAE_PASSWORD. + */ + +/** * enum nl80211_commands - supported nl80211 commands * * @NL80211_CMD_UNSPEC: unspecified command to catch errors @@ -2341,6 +2350,10 @@ enum nl80211_commands { * should be picking up the lowest tx power, either tx power per-interface * or per-station. * + * @NL80211_ATTR_SAE_PASSWORD: attribute for passing SAE password material. It + * is used with %NL80211_CMD_CONNECT to provide password for offloading + * SAE authentication for WPA3-Personal networks. + * * @NUM_NL80211_ATTR: total number of nl80211_attrs available * @NL80211_ATTR_MAX: highest attribute number currently defined * @__NL80211_ATTR_AFTER_LAST: internal use @@ -2794,6 +2807,8 @@ enum nl80211_attrs { NL80211_ATTR_STA_TX_POWER_SETTING, NL80211_ATTR_STA_TX_POWER, + NL80211_ATTR_SAE_PASSWORD, + /* add attributes here, update the policy in nl80211.c */ __NL80211_ATTR_AFTER_LAST, @@ -5423,6 +5438,9 @@ enum nl80211_feature_flags { * @NL80211_EXT_FEATURE_STA_TX_PWR: This driver supports controlling tx power * to a station. * + * @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in + * station mode (SAE password is passed as part of the connect command). + * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. */ @@ -5467,6 +5485,7 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD, NL80211_EXT_FEATURE_EXT_KEY_ID, NL80211_EXT_FEATURE_STA_TX_PWR, + NL80211_EXT_FEATURE_SAE_OFFLOAD, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 8e470591c424..d51015405e6f 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -546,6 +546,8 @@ const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { [NL80211_ATTR_PEER_MEASUREMENTS] = NLA_POLICY_NESTED(nl80211_pmsr_attr_policy), [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1), + [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY, + .len = SAE_PASSWORD_MAX_LEN }, }; /* policy for the key attributes */ @@ -4397,6 +4399,8 @@ static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, return true; case NL80211_CMD_CONNECT: if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) && + !wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_SAE_OFFLOAD) && auth_type == NL80211_AUTHTYPE_SAE) return false; @@ -8936,6 +8940,16 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]); } + if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) { + if (!wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_SAE_OFFLOAD)) + return -EINVAL; + settings->sae_pwd = + nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]); + settings->sae_pwd_len = + nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]); + } + return 0; } From patchwork Thu May 9 09:49:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chi-Hsien Lin X-Patchwork-Id: 10936953 X-Patchwork-Delegate: kvalo@adurom.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D4D4614B6 for ; Thu, 9 May 2019 09:49:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C31A728727 for ; Thu, 9 May 2019 09:49:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B781D28928; Thu, 9 May 2019 09:49:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E424928727 for ; Thu, 9 May 2019 09:49:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726594AbfEIJt3 (ORCPT ); Thu, 9 May 2019 05:49:29 -0400 Received: from mail-eopbgr770105.outbound.protection.outlook.com ([40.107.77.105]:31457 "EHLO NAM02-SN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725928AbfEIJt2 (ORCPT ); Thu, 9 May 2019 05:49:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cypress.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fceVJKmeouA+YzrhkeEfa9aogXtwDYyYlPx+pVvZ5D0=; b=bL71+H3R3uwfkRzRzggtPaF1GlTsT6d2UUbCQ4G8XODfhGX1nJs3aKDEEfTNqfTI00zYbd36rzRN/wjUFWKpMzXQu0ADiT9SsCPj5h4D+h8NzJHKS0iY+4GJPpUNvAwlArb61qevT6Ykr8aqb7mglVIpbPmFrUg6btrS6M6rqyQ= Received: from DM6PR06MB5804.namprd06.prod.outlook.com (20.179.161.141) by DM6PR06MB4777.namprd06.prod.outlook.com (20.176.112.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1856.12; Thu, 9 May 2019 09:49:08 +0000 Received: from DM6PR06MB5804.namprd06.prod.outlook.com ([fe80::e08f:7f34:9d7d:5a7c]) by DM6PR06MB5804.namprd06.prod.outlook.com ([fe80::e08f:7f34:9d7d:5a7c%3]) with mapi id 15.20.1856.012; Thu, 9 May 2019 09:49:08 +0000 From: Chi-Hsien Lin To: "linux-wireless@vger.kernel.org" CC: "brcm80211-dev-list@broadcom.com" , brcm80211-dev-list , Arend van Spriel , Franky Lin , Hante Meuleman , Wright Feng , Kalle Valo , Stanley Hsu , Chi-Hsien Lin Subject: [PATCH V2 3/3] brcmfmac: add support for SAE authentication offload Thread-Topic: [PATCH V2 3/3] brcmfmac: add support for SAE authentication offload Thread-Index: AQHVBkxyrag17FjofEu4hQ9qaQqbKg== Date: Thu, 9 May 2019 09:49:08 +0000 Message-ID: <1557395332-41426-4-git-send-email-chi-hsien.lin@cypress.com> References: <1557395332-41426-1-git-send-email-chi-hsien.lin@cypress.com> In-Reply-To: <1557395332-41426-1-git-send-email-chi-hsien.lin@cypress.com> Accept-Language: en-US, zh-TW Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [12.110.209.245] x-clientproxiedby: BYAPR02CA0032.namprd02.prod.outlook.com (2603:10b6:a02:ee::45) To DM6PR06MB5804.namprd06.prod.outlook.com (2603:10b6:5:1a6::13) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Chi-Hsien.Lin@cypress.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.1.0 x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 73d62417-1494-485a-dab8-08d6d463947f x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(4618075)(2017052603328)(7193020);SRVR:DM6PR06MB4777; x-ms-traffictypediagnostic: DM6PR06MB4777: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 003245E729 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(376002)(136003)(396003)(346002)(39860400002)(366004)(189003)(199004)(25786009)(52116002)(66476007)(64756008)(66446008)(53936002)(6436002)(66066001)(14444005)(5640700003)(50226002)(66556008)(6512007)(3846002)(256004)(8936002)(66946007)(6486002)(99286004)(446003)(2906002)(107886003)(4326008)(2616005)(486006)(11346002)(476003)(478600001)(305945005)(76176011)(6916009)(7736002)(386003)(6506007)(71200400001)(71190400001)(54906003)(2501003)(2351001)(186003)(86362001)(14454004)(102836004)(8676002)(26005)(68736007)(6116002)(73956011)(36756003)(5660300002)(316002)(81156014)(81166006)(72206003);DIR:OUT;SFP:1102;SCL:1;SRVR:DM6PR06MB4777;H:DM6PR06MB5804.namprd06.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: cypress.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: CPM7M3nkFs4A4Z7IQwIfrrjZA7BdDso4wlMxzWRkqY0ZpdaSCWL/aEW9b+lKvMnBSdp5Hbu87Pck29kQCJGQq0naesOH/i4yL/BW4hyfli3I13WbfskB7fmv2nUtBn95/IdegY6i9RUf0zqsf+KF588bE4UT5NZQFmEje4959TjEQaWkjA9JI+mck1QF1nepNHeaIspLyHuTECKbf9eCGVAm8JhhavooX6dxfbqKuOaRsAa6qD3lMZuliLTrfmoa9oExJpWs+QAFTPCUSuCE3ccKJxOJ+HANYbnegQUp0VKG3/5u3hGvVv0q3zrGMMfnB+SacKqLkQySYYiDiiaq0vorsRfSZaiBMYUjKiZqGE/kCjecqB/p7qX1vJRtfkrh4eWTNItDJthDe99B0kvOMTbAnH02oMUJQzLNalgrHkA= MIME-Version: 1.0 X-OriginatorOrg: cypress.com X-MS-Exchange-CrossTenant-Network-Message-Id: 73d62417-1494-485a-dab8-08d6d463947f X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2019 09:49:08.2014 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 011addfc-2c09-450d-8938-e0bbc2dd2376 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR06MB4777 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Chung-Hsien Hsu The firmware may have SAE authentication code built-in. This is detected by the driver and indicated in the wiphy features flags. User-space can use this flag to determine whether or not to provide the password material for SAE authentication in the nl80211 CONNECT command. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Chi-Hsien Lin --- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 73 ++++++++++++++++++++-- .../broadcom/brcm80211/brcmfmac/cfg80211.h | 3 +- .../wireless/broadcom/brcm80211/brcmfmac/feature.c | 1 + .../wireless/broadcom/brcm80211/brcmfmac/feature.h | 4 +- .../broadcom/brcm80211/brcmfmac/fwil_types.h | 13 ++++ .../broadcom/brcm80211/include/brcmu_wifi.h | 2 + 6 files changed, 89 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c index 8ee8af4e7ec4..30f464a958db 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -1274,6 +1274,31 @@ static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len) return err; } +static int brcmf_set_sae_password(struct brcmf_if *ifp, const u8 *pwd_data, + u16 pwd_len) +{ + struct brcmf_pub *drvr = ifp->drvr; + struct brcmf_wsec_sae_pwd_le sae_pwd; + int err; + + if (pwd_len > BRCMF_WSEC_MAX_SAE_PASSWORD_LEN) { + bphy_err(drvr, "sae_password must be less than %d\n", + BRCMF_WSEC_MAX_SAE_PASSWORD_LEN); + return -EINVAL; + } + + sae_pwd.key_len = cpu_to_le16(pwd_len); + memcpy(sae_pwd.key, pwd_data, pwd_len); + + err = brcmf_fil_iovar_data_set(ifp, "sae_password", &sae_pwd, + sizeof(sae_pwd)); + if (err < 0) + bphy_err(drvr, "failed to set SAE password in firmware (len=%u)\n", + pwd_len); + + return err; +} + static void brcmf_link_down(struct brcmf_cfg80211_vif *vif, u16 reason) { struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(vif->wdev.wiphy); @@ -1492,6 +1517,8 @@ static s32 brcmf_set_wpa_version(struct net_device *ndev, val = WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED; else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_2) val = WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED; + else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_3) + val = WPA3_AUTH_SAE_PSK; else val = WPA_AUTH_DISABLED; brcmf_dbg(CONN, "setting wpa_auth to 0x%0x\n", val); @@ -1524,6 +1551,10 @@ static s32 brcmf_set_auth_type(struct net_device *ndev, val = 1; brcmf_dbg(CONN, "shared key\n"); break; + case NL80211_AUTHTYPE_SAE: + val = 3; + brcmf_dbg(CONN, "SAE authentication\n"); + break; default: val = 2; brcmf_dbg(CONN, "automatic, auth type (%d)\n", sme->auth_type); @@ -1689,6 +1720,16 @@ brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme) sme->crypto.cipher_group); return -EINVAL; } + } else if (val & WPA3_AUTH_SAE_PSK) { + switch (sme->crypto.akm_suites[0]) { + case WLAN_AKM_SUITE_SAE: + val = WPA3_AUTH_SAE_PSK; + break; + default: + bphy_err(drvr, "invalid cipher group (%d)\n", + sme->crypto.cipher_group); + return -EINVAL; + } } if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_1X) @@ -1760,7 +1801,8 @@ brcmf_set_sharedkey(struct net_device *ndev, brcmf_dbg(CONN, "wpa_versions 0x%x cipher_pairwise 0x%x\n", sec->wpa_versions, sec->cipher_pairwise); - if (sec->wpa_versions & (NL80211_WPA_VERSION_1 | NL80211_WPA_VERSION_2)) + if (sec->wpa_versions & (NL80211_WPA_VERSION_1 | NL80211_WPA_VERSION_2 | + NL80211_WPA_VERSION_3)) return 0; if (!(sec->cipher_pairwise & @@ -1967,7 +2009,13 @@ brcmf_cfg80211_connect(struct wiphy *wiphy, struct net_device *ndev, goto done; } - if (sme->crypto.psk) { + if (sme->crypto.sae_pwd) { + brcmf_dbg(INFO, "using SAE offload\n"); + profile->use_fwsup = BRCMF_PROFILE_FWSUP_SAE; + } + + if (sme->crypto.psk && + profile->use_fwsup != BRCMF_PROFILE_FWSUP_SAE) { if (WARN_ON(profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE)) { err = -EINVAL; goto done; @@ -1985,12 +2033,23 @@ brcmf_cfg80211_connect(struct wiphy *wiphy, struct net_device *ndev, } } - if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_PSK) { + if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_PSK) err = brcmf_set_pmk(ifp, sme->crypto.psk, BRCMF_WSEC_MAX_PSK_LEN); - if (err) + else if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_SAE) { + /* clean up user-space RSNE */ + if (brcmf_fil_iovar_data_set(ifp, "wpaie", NULL, 0)) { + bphy_err(drvr, "failed to clean up user-space RSNE\n"); goto done; + } + err = brcmf_set_sae_password(ifp, sme->crypto.sae_pwd, + sme->crypto.sae_pwd_len); + if (!err && sme->crypto.psk) + err = brcmf_set_pmk(ifp, sme->crypto.psk, + BRCMF_WSEC_MAX_PSK_LEN); } + if (err) + goto done; /* Join with specific BSSID and cached SSID * If SSID is zero join based on BSSID only @@ -5362,7 +5421,8 @@ static bool brcmf_is_linkup(struct brcmf_cfg80211_vif *vif, if (event == BRCMF_E_SET_SSID && status == BRCMF_E_STATUS_SUCCESS) { brcmf_dbg(CONN, "Processing set ssid\n"); memcpy(vif->profile.bssid, e->addr, ETH_ALEN); - if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_PSK) + if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_PSK && + vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_SAE) return true; set_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state); @@ -6667,6 +6727,9 @@ static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp) NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK); wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X); + if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE)) + wiphy_ext_feature_set(wiphy, + NL80211_EXT_FEATURE_SAE_OFFLOAD); } wiphy->mgmt_stypes = brcmf_txrx_stypes; wiphy->max_remain_on_channel_duration = 5000; diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h index 9a6287f084a9..dd355dff2ef2 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h @@ -118,7 +118,8 @@ struct brcmf_cfg80211_security { enum brcmf_profile_fwsup { BRCMF_PROFILE_FWSUP_NONE, BRCMF_PROFILE_FWSUP_PSK, - BRCMF_PROFILE_FWSUP_1X + BRCMF_PROFILE_FWSUP_1X, + BRCMF_PROFILE_FWSUP_SAE }; /** diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c index acca719b3907..ca35809d6a10 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c @@ -50,6 +50,7 @@ static const struct brcmf_feat_fwcap brcmf_fwcap_map[] = { { BRCMF_FEAT_P2P, "p2p" }, { BRCMF_FEAT_MONITOR, "monitor" }, { BRCMF_FEAT_MONITOR_FMT_RADIOTAP, "rtap" }, + { BRCMF_FEAT_SAE, "sae" }, }; #ifdef DEBUG diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h index 5e88a7f16ad2..ee250e7de059 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h @@ -36,6 +36,7 @@ * MONITOR: firmware can pass monitor packets to host. * MONITOR_FMT_RADIOTAP: firmware provides monitor packets with radiotap header * MONITOR_FMT_HW_RX_HDR: firmware provides monitor packets with hw/ucode header + * SAE: simultaneous authentication of equals */ #define BRCMF_FEAT_LIST \ BRCMF_FEAT_DEF(MBSS) \ @@ -54,7 +55,8 @@ BRCMF_FEAT_DEF(FWSUP) \ BRCMF_FEAT_DEF(MONITOR) \ BRCMF_FEAT_DEF(MONITOR_FMT_RADIOTAP) \ - BRCMF_FEAT_DEF(MONITOR_FMT_HW_RX_HDR) + BRCMF_FEAT_DEF(MONITOR_FMT_HW_RX_HDR) \ + BRCMF_FEAT_DEF(SAE) /* * Quirks: diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h index 39ac1bbb6cc0..d81ad6542513 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h @@ -72,6 +72,8 @@ #define BRCMF_WSEC_MAX_PSK_LEN 32 #define BRCMF_WSEC_PASSPHRASE BIT(0) +#define BRCMF_WSEC_MAX_SAE_PASSWORD_LEN 128 + /* primary (ie tx) key */ #define BRCMF_PRIMARY_KEY (1 << 1) #define DOT11_BSSTYPE_ANY 2 @@ -529,6 +531,17 @@ struct brcmf_wsec_pmk_le { u8 key[2 * BRCMF_WSEC_MAX_PSK_LEN + 1]; }; +/** + * struct brcmf_wsec_sae_pwd_le - firmware SAE password material. + * + * @key_len: number of octets in key materials. + * @key: SAE password material. + */ +struct brcmf_wsec_sae_pwd_le { + __le16 key_len; + u8 key[BRCMF_WSEC_MAX_SAE_PASSWORD_LEN]; +}; + /* Used to get specific STA parameters */ struct brcmf_scb_val_le { __le32 val; diff --git a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h index dddebaa60352..60d7e3221b35 100644 --- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h +++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h @@ -242,6 +242,8 @@ static inline bool ac_bitmap_tst(u8 bitmap, int prec) #define WPA2_AUTH_FT 0x4000 /* Fast BSS Transition */ #define WPA2_AUTH_PSK_SHA256 0x8000 /* PSK with SHA256 key derivation */ +#define WPA3_AUTH_SAE_PSK 0x40000 /* SAE with 4-way handshake */ + #define DOT11_DEFAULT_RTS_LEN 2347 #define DOT11_DEFAULT_FRAG_LEN 2346