From patchwork Mon Aug 17 07:33:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chung-Hsien Hsu X-Patchwork-Id: 259604 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDF9EC433E1 for ; Mon, 17 Aug 2020 07:33:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B4793207FB for ; Mon, 17 Aug 2020 07:33:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cypress.com header.i=@cypress.com header.b="OQH0Ou8u" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727783AbgHQHdp (ORCPT ); Mon, 17 Aug 2020 03:33:45 -0400 Received: from mail-eopbgr760113.outbound.protection.outlook.com ([40.107.76.113]:42094 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727772AbgHQHdk (ORCPT ); Mon, 17 Aug 2020 03:33:40 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kcZI7ZWFef2nEXL4jmmU9SB8gz02/P63YrGqPo+hKzGgYZBDvD/1MVyaS/WAsWaVjmR7mAH0OYFl/J/BRS11CaPC2VYHBqFEFe/j0WG4dHj/mQlacGULhyBmoBDS5Uv6KHTwAblio1e7Q28DlbtFuWHgSrxCzB+5eCeVz/RwFR8REGouUkyQO0saKanAQfnIT/axxGfkLpwyRTdSS3F3xziZ/loWF08MeGluLz6Kl/QQTCdfUr/FZhsiOCGTfWcUxQL+6wkAUrD2UNMNMhFGfzoZKd3CrNo+pOxaW/Tv68Suzow4zSC/iphkZMW1nPRZPPozi9y21g9rafcUzscMhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A8ee4sdvyBqT7GHvkto+o5x2P2mshBK5Km2+hujcD5g=; b=ZZUx9Bas8ObPqQp2Wo8ZIsncdOCJDRafDkZ6oQLnGnJu3s2HAGmGlJuK2SuRhlWXcwuXzi8jBeSG1dfAkjBi97SxgI5q6rJyqCYEJWMAfmbKh4KVfMUrzuzlystriKEbcZo5Xp4gUOUqVrdaONT6UNPOzgBV7biEPGVDOczns+Dzo6RQl2rJ3rQuTXp+uDivq1KcjzbqKK+3sGFQDE8JVG9BUdcaAfaU6CpUqiqDrJXaw6daK5GhYTz0QDMcc030Y7tNJhckcAWYAHhE4VNPBdqXSVorVUQoRb2ogQImnTbQgI+s5X2MmRKosKAL8QbnZsyAEq1XLzw+rxKRyoAfGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cypress.com; dmarc=pass action=none header.from=cypress.com; dkim=pass header.d=cypress.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cypress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A8ee4sdvyBqT7GHvkto+o5x2P2mshBK5Km2+hujcD5g=; b=OQH0Ou8uBpDay6m5yv/ho6TTQAFS5jBpKOzQWiPa7VjNmcIc/LbsiMpnRa6s5RHMLtGqglIq+MLaYOuchRiGgipspNHYWDprXDLKyquBRUv6UkWWiCKNnfgROz5Y28vEYH+9ZYV/Pvte+Z86ELqAYUDJvmg+vpxH5me1OZ7DvvU= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=cypress.com; Received: from BN6PR06MB3043.namprd06.prod.outlook.com (2603:10b6:404:5a::23) by BN6PR06MB3009.namprd06.prod.outlook.com (2603:10b6:404:57::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.15; Mon, 17 Aug 2020 07:33:35 +0000 Received: from BN6PR06MB3043.namprd06.prod.outlook.com ([fe80::4196:7f99:bc78:4e7e]) by BN6PR06MB3043.namprd06.prod.outlook.com ([fe80::4196:7f99:bc78:4e7e%12]) with mapi id 15.20.3283.020; Mon, 17 Aug 2020 07:33:35 +0000 From: Chung-Hsien Hsu To: linux-wireless@vger.kernel.org, Johannes Berg Cc: brcm80211-dev-list@broadcom.com, brcm80211-dev-list@cypress.com, Arend van Spriel , Franky Lin , Hante Meuleman , Chi-Hsien Lin , Wright Feng , Kalle Valo , Chung-Hsien Hsu Subject: [PATCH v2 1/4] nl80211: support 4-way handshake offloading for WPA/WPA2-PSK in AP mode Date: Mon, 17 Aug 2020 02:33:13 -0500 Message-Id: <20200817073316.33402-2-stanley.hsu@cypress.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200817073316.33402-1-stanley.hsu@cypress.com> References: <20200817073316.33402-1-stanley.hsu@cypress.com> X-ClientProxiedBy: MN2PR15CA0023.namprd15.prod.outlook.com (2603:10b6:208:1b4::36) To BN6PR06MB3043.namprd06.prod.outlook.com (2603:10b6:404:5a::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from aremote06.aus.cypress.com (157.95.12.33) by MN2PR15CA0023.namprd15.prod.outlook.com (2603:10b6:208:1b4::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.16 via Frontend Transport; Mon, 17 Aug 2020 07:33:33 +0000 X-Mailer: git-send-email 2.25.0 X-Originating-IP: [157.95.12.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 782b4c8f-5de3-438b-e802-08d8427fd919 X-MS-TrafficTypeDiagnostic: BN6PR06MB3009: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: SDZsoZGGD22KROESAdNB/aSza2TrGGuK9bXxiRgzvCx0Xve7EJCt6W1jf6ozsJHYjvcvXSTwQllGYNCtsG+XOQAvnggmPTTn5LL2FkR6yaF7Wta5ITRzFdDCQqBJYzIOLNlB1oqZu8VEE7NXNxp3hROmizdmMRXzBRTzncANSrefLi5x5UbWsH+mXu2Vy3k+/Tv/eIfc6IfGqCg4x4m5IiWU/9lCk9J5J7ksPqON7r7gQALF1UvI1YGgUQix2Fys1QSAL8Rg6cso4FRM8vqiSSLY3BEnv00r85h13wyuY6Tb1vMeSV/DjT3JQ0MYY1Of X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR06MB3043.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(346002)(366004)(376002)(136003)(66946007)(2906002)(66476007)(4326008)(16526019)(83380400001)(54906003)(66556008)(186003)(8676002)(1076003)(6916009)(5660300002)(316002)(8936002)(36756003)(6666004)(7696005)(52116002)(107886003)(478600001)(86362001)(2616005)(26005)(6486002)(956004); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: Br1j+v5kL8KmxfEniaiAio//otQrPxpEk3AOB9TPlg6KLlmhUz7i2fW9EBxeStpWMdROzX1KabYWp3J6om4Mg0765oNi9Bs7t8W1GjFNjLKt5QgaWvvyM4Hgodhp9I+k9HHYFctT758oLAVUaXqJ+vVGARTYnW2cl7xZs+8V5aYy7aLPWqAoCon3EQCeYHBYrgM/NgkCJWDLH24tRWlI+T1pwDj2POs5jd/rG8Qo5mKiws4CstuebW4p54qPMvj5LNW1Uw45MzobK2cVOF/NhDUYO9748KW9D2Nff5UQ2lgGU46Hp7tQwqfKvrGf9nOlrZTEjiaznxcg/O6kuMAFl9oqgofPGfmTeQ2KWRxSPm9jmeu9/5fu9BdBW2+NUW0dShzYS44kMR5yDlgcHfOFlQ9D1FuhaOOKKf1T84y6C7sSFNi7Cyi/eCM7SkNhUkLk17WD75Pdl1xrtWXc1PfuArTk0fHARyX6KqK0Sg0i6/4O7BlOK8YLitqOv3b3z79FI1aYrretK0SGusTMmrusASIM4iTNxxfq6sZxRxxjuJsCTigxWup2xie0I4AZd8p+7utTjmmVs6bDz0hPu80Dwg+MNl2x5pgGb3N8hvwD688B3WShecXOcM45FuBfNR95buRBvvwZW87HHHKmTsINKg== X-OriginatorOrg: cypress.com X-MS-Exchange-CrossTenant-Network-Message-Id: 782b4c8f-5de3-438b-e802-08d8427fd919 X-MS-Exchange-CrossTenant-AuthSource: BN6PR06MB3043.namprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2020 07:33:34.9805 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 011addfc-2c09-450d-8938-e0bbc2dd2376 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 5qE83G4GlhLtH4S0xCjT2w8cX57uTXcKy8cyGi4d+w3o6A1iFK1f3Sa2aBFPomCDHTz0dY4uib11TuA+ij4WPQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB3009 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Let drivers advertise support for AP-mode WPA/WPA2-PSK 4-way handshake offloading with a new NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK flag. Extend use of NL80211_ATTR_PMK attribute indicating it might be passed as part of NL80211_CMD_START_AP command, and contain the PSK (which is the PMK, hence the name). The driver is assumed to handle the 4-way handshake by itself in this case, instead of relying on user space. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Chi-Hsien Lin --- include/uapi/linux/nl80211.h | 41 ++++++++++++++++++++++++------------ net/wireless/nl80211.c | 4 +++- 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 4e6339ab1fce..0d267ac3858c 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -183,18 +183,27 @@ * * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers * can indicate they support offloading EAPOL handshakes for WPA/WPA2 - * preshared key authentication. In %NL80211_CMD_CONNECT the preshared - * key should be specified using %NL80211_ATTR_PMK. Drivers supporting - * this offload may reject the %NL80211_CMD_CONNECT when no preshared - * key material is provided, for example when that driver does not - * support setting the temporal keys through %CMD_NEW_KEY. + * preshared key authentication in station mode. In %NL80211_CMD_CONNECT + * the preshared key should be specified using %NL80211_ATTR_PMK. Drivers + * supporting this offload may reject the %NL80211_CMD_CONNECT when no + * preshared key material is provided, for example when that driver does + * not support setting the temporal keys through %NL80211_CMD_NEW_KEY. * * Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be * set by drivers indicating offload support of the PTK/GTK EAPOL - * handshakes during 802.1X authentication. In order to use the offload - * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS - * attribute flag. Drivers supporting this offload may reject the - * %NL80211_CMD_CONNECT when the attribute flag is not present. + * handshakes during 802.1X authentication in station mode. In order to + * use the offload the %NL80211_CMD_CONNECT should have + * %NL80211_ATTR_WANT_1X_4WAY_HS attribute flag. Drivers supporting this + * offload may reject the %NL80211_CMD_CONNECT when the attribute flag is + * not present. + * + * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK flag drivers + * can indicate they support offloading EAPOL handshakes for WPA/WPA2 + * preshared key authentication in AP mode. In %NL80211_CMD_START_AP + * the preshared key should be specified using %NL80211_ATTR_PMK. Drivers + * supporting this offload may reject the %NL80211_CMD_START_AP when no + * preshared key material is provided, for example when that driver does + * not support setting the temporal keys through %NL80211_CMD_NEW_KEY. * * For 802.1X the PMK or PMK-R0 are set by providing %NL80211_ATTR_PMK * using %NL80211_CMD_SET_PMK. For offloaded FT support also @@ -2362,10 +2371,11 @@ enum nl80211_commands { * * @NL80211_ATTR_PMK: attribute for passing PMK key material. Used with * %NL80211_CMD_SET_PMKSA for the PMKSA identified by %NL80211_ATTR_PMKID. - * For %NL80211_CMD_CONNECT it is used to provide PSK for offloading 4-way - * handshake for WPA/WPA2-PSK networks. For 802.1X authentication it is - * used with %NL80211_CMD_SET_PMK. For offloaded FT support this attribute - * specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME is included as well. + * For %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP it is used to provide + * PSK for offloading 4-way handshake for WPA/WPA2-PSK networks. For 802.1X + * authentication it is used with %NL80211_CMD_SET_PMK. For offloaded FT + * support this attribute specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME + * is included as well. * * @NL80211_ATTR_SCHED_SCAN_MULTI: flag attribute which user-space shall use to * indicate that it supports multiple active scheduled scan requests. @@ -5773,6 +5783,10 @@ enum nl80211_feature_flags { * @NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211_TX_STATUS: The driver * can report tx status for control port over nl80211 tx operations. * + * @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK: Device wants to do 4-way + * handshake with PSK in AP mode (PSK is passed as part of the start AP + * command). + * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. */ @@ -5828,6 +5842,7 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT, NL80211_EXT_FEATURE_SCAN_FREQ_KHZ, NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211_TX_STATUS, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 0e07fb8585fb..8e7c6a022205 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -9438,7 +9438,9 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN) return -EINVAL; if (!wiphy_ext_feature_isset(&rdev->wiphy, - NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK)) + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) && + !wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK)) return -EINVAL; settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]); } From patchwork Mon Aug 17 07:33:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chung-Hsien Hsu X-Patchwork-Id: 259603 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7036FC433DF for ; Mon, 17 Aug 2020 07:33:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4AC8C20855 for ; Mon, 17 Aug 2020 07:33:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cypress.com header.i=@cypress.com header.b="EUNHSGfC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727793AbgHQHdz (ORCPT ); Mon, 17 Aug 2020 03:33:55 -0400 Received: from mail-eopbgr760113.outbound.protection.outlook.com ([40.107.76.113]:42094 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726746AbgHQHdp (ORCPT ); Mon, 17 Aug 2020 03:33:45 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cel/WD/VUyk/D2PXz9YH39G/amo42AnaklYlF/diS1z0IZxVqMObWhMzXPaHU35qG/sFRIx/shbTiEIFbaQfwFnhtAgW2v+87VnVBaNGBdOWD3sS1lAQDaFmLW7JOqX+w45e3y1ZoCqw1eLQ+w3ZBxZ94t2dSOCPy4W6G16SqEAypt1FmTPwUwFWff1qXmcbZUcU4uZFrNMi5ShUfYnUsK2WHKA0JEWK0jLbMlhxionJY+7r8+cx3f2FPvYIMooqxVRzGxe0kEl3rE4lUC/X2S/LhW8F7cGF9oqmcviS5MwuviSHGWTV+HdSL5nR3d0PMO5l+LF/E+7fkYpLC6GiUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QaCcT+FmsHGT+Om9rnn3tCtvLP3thoKdw2NHKruOpoU=; b=KFsOt253RN3Hq3OrVN83r5VrgjxuJdFIhfy2kc7T3iZcrI4qSEtuJM1anzQzM1D2v8+bxk18CQ3y+Vl/LMLdSpG/vnAFfiXUy6L3LvUciBsAx/hfK6LVr028YQzBOx3pZ9sfe7iw4Zhe0uVrE09H+eDi6UKfNcNF/bgsA0rerQFCC4yASMycjVZtZ4LclYIYlhquILY5T2szOqPAS/cz/mIcCzOheF2C+N3oWXJXVl05eXKDO8fw4M6+DfvjI+yV9UQ/0Tfeaa+mDmrnkygWcqmC2xgZ9YZEYv8jjXZIRoq9ymb4kfWBvVCsMkuW1Ih8UCuoAFfWSNRgn4CrcrtvAw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cypress.com; dmarc=pass action=none header.from=cypress.com; dkim=pass header.d=cypress.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cypress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QaCcT+FmsHGT+Om9rnn3tCtvLP3thoKdw2NHKruOpoU=; b=EUNHSGfCWUd/EXOAh2wXp8NCQ2mAmV0Kn7o8uHZkyp0IK5pUVcoyInNM8XHMTDr0gG1PT1UC8/dIQlAPg8mlfijoyVcf109IenjcdkU/72VV418iQDQOUZlzGgxnMtzBhD2k8GjZa1ckMrnsZbbltCj1lEkLUdWKQ9cS6XYXXqE= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=cypress.com; Received: from BN6PR06MB3043.namprd06.prod.outlook.com (2603:10b6:404:5a::23) by BN6PR06MB3009.namprd06.prod.outlook.com (2603:10b6:404:57::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.15; Mon, 17 Aug 2020 07:33:39 +0000 Received: from BN6PR06MB3043.namprd06.prod.outlook.com ([fe80::4196:7f99:bc78:4e7e]) by BN6PR06MB3043.namprd06.prod.outlook.com ([fe80::4196:7f99:bc78:4e7e%12]) with mapi id 15.20.3283.020; Mon, 17 Aug 2020 07:33:39 +0000 From: Chung-Hsien Hsu To: linux-wireless@vger.kernel.org, Johannes Berg Cc: brcm80211-dev-list@broadcom.com, brcm80211-dev-list@cypress.com, Arend van Spriel , Franky Lin , Hante Meuleman , Chi-Hsien Lin , Wright Feng , Kalle Valo , Chung-Hsien Hsu Subject: [PATCH v2 2/4] brcmfmac: support 4-way handshake offloading for WPA/WPA2-PSK in AP mode Date: Mon, 17 Aug 2020 02:33:14 -0500 Message-Id: <20200817073316.33402-3-stanley.hsu@cypress.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200817073316.33402-1-stanley.hsu@cypress.com> References: <20200817073316.33402-1-stanley.hsu@cypress.com> X-ClientProxiedBy: MN2PR15CA0023.namprd15.prod.outlook.com (2603:10b6:208:1b4::36) To BN6PR06MB3043.namprd06.prod.outlook.com (2603:10b6:404:5a::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from aremote06.aus.cypress.com (157.95.12.33) by MN2PR15CA0023.namprd15.prod.outlook.com (2603:10b6:208:1b4::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.16 via Frontend Transport; Mon, 17 Aug 2020 07:33:38 +0000 X-Mailer: git-send-email 2.25.0 X-Originating-IP: [157.95.12.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: f9dbfe82-29b4-44ca-02ca-08d8427fdbc9 X-MS-TrafficTypeDiagnostic: BN6PR06MB3009: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:3826; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pszd3zj8F+cSCuw2mWZ0q4hVS+E6+8XnwcebigXYT/cJ2NFiOm4R2269QIeNQ2dCt5B2CJJO5OQLE6RYAlCVTIKD2opZmmM/nttNDMpqci+jpuPpVNkeBmHaNKywXIyJ1WeljxNedoi8K0dc4/tVWvIZvzyuRD/aWcKheGyzrvJCPCapCN5Sa7aDTDZKeBLkg9gdZocqzDwavjJh3P1kj6Kal2Z0PNwiTDnx7k/iXeDj2cqSTDK5pt5goX2q7orn5dSTkxT0WgvvVN7quM48isSSA+iB1pI4r/LxlWTliHpPyaGfGHvCbQPkzpfNHO+a X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR06MB3043.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(346002)(366004)(376002)(136003)(66946007)(2906002)(66476007)(4326008)(16526019)(83380400001)(54906003)(66556008)(186003)(8676002)(1076003)(6916009)(5660300002)(316002)(8936002)(36756003)(6666004)(7696005)(52116002)(107886003)(478600001)(86362001)(2616005)(26005)(6486002)(956004); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: z6V9k8vQcAwIvKXQYS1ERhowdPexfArQutnpt+N6Thaf5r9HS5D85haII81JbNdItnUwWRQYB4l2NvyVC3l02oqhuUA+AE7GcQPyWRGOkBdE/oxWSmZt7Sj93PFxtRv9g7v0Mdu/T7rE0x22C6vie2OAS7YAUiIEos6lBMpKiEr4LiEIqf2QxGPjx8/FQtfDscME9WpscgP2aofPdu+JcANatZxvOGEKDyhB9xTgnFt+XWJhxoNEjmbx0FnrTBrWYddfp40i/WAeG6T8CDpOItPes6IK1BcSyclXaZ0ujnK+z9sTwRwHBk/NcC2u4LbHwVitvNDsb/kWoSpCzL5moTXwBe5SVPGsMAv98DM0U1NoxdqAWwPRpv7CAmoWpWS6ZrvYArUm+y5fkDWAnp+WogmsSnWmUteNsPgUdGoqVBZ9Wa80HdlHjgfkVFkp+rdPzFvEIzFADQFZ9sOI0dmWqtd+Dp0T5KrD7f6WOxV5oCddbQ7zal4jkBnWL6ucEZlp20apovfBQR6vFaEM3Bx66BwNzrzqS4P1HZsiD7ZGQG0Wlix7P3cKFHLxI6HOJE57Hfc+UlcbFeUw28SL+ceIPZwK029GibVJlEOncy3utNKxdw32ar3p1m9m+Zl+IQNewic6KK6A5e+REvrAivXLYg== X-OriginatorOrg: cypress.com X-MS-Exchange-CrossTenant-Network-Message-Id: f9dbfe82-29b4-44ca-02ca-08d8427fdbc9 X-MS-Exchange-CrossTenant-AuthSource: BN6PR06MB3043.namprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2020 07:33:39.5215 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 011addfc-2c09-450d-8938-e0bbc2dd2376 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: HKY+qIN9XdGSCKrSD5aXfX1p5NuZo2/9W8aybfHIWauwPrl/s9M103tpiaeRlGyHZUEfEZhtYFZ6nroXdJ1PMQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB3009 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Firmware may have authenticator code built-in. This is detected by the driver and indicated in the wiphy features flags. User space can use this flag to determine whether or not to provide the pre-shared key material in the nl80211 start AP command to offload the 4-way handshake in AP mode. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Chi-Hsien Lin --- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 23 +++++++++++++++++++ .../broadcom/brcm80211/brcmfmac/cfg80211.h | 12 ++++++++++ .../broadcom/brcm80211/brcmfmac/feature.c | 1 + .../broadcom/brcm80211/brcmfmac/feature.h | 4 +++- 4 files changed, 39 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c index 5d99771c3f64..0dc6afa2ee0e 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -4674,6 +4674,8 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev, struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy); struct brcmf_if *ifp = netdev_priv(ndev); struct brcmf_pub *drvr = cfg->pub; + struct brcmf_cfg80211_profile *profile = &ifp->vif->profile; + struct cfg80211_crypto_settings *crypto = &settings->crypto; const struct brcmf_tlv *ssid_ie; const struct brcmf_tlv *country_ie; struct brcmf_ssid_le ssid_le; @@ -4813,6 +4815,17 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev, goto exit; } + if (crypto->psk) { + brcmf_dbg(INFO, "using PSK offload\n"); + profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_PSK); + err = brcmf_set_pmk(ifp, crypto->psk, + BRCMF_WSEC_MAX_PSK_LEN); + if (err < 0) + goto exit; + } + if (profile->use_fwauth == 0) + profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE); + err = brcmf_parse_configure_security(ifp, settings, NL80211_IFTYPE_AP); if (err < 0) { @@ -4899,6 +4912,7 @@ static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev) struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy); struct brcmf_if *ifp = netdev_priv(ndev); struct brcmf_pub *drvr = cfg->pub; + struct brcmf_cfg80211_profile *profile = &ifp->vif->profile; s32 err; struct brcmf_fil_bss_enable_le bss_enable; struct brcmf_join_params join_params; @@ -4910,6 +4924,12 @@ static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev) /* first to make sure they get processed by fw. */ msleep(400); + if (profile->use_fwauth != BIT(BRCMF_PROFILE_FWAUTH_NONE)) { + if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_PSK)) + brcmf_set_pmk(ifp, NULL, 0); + profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE); + } + if (ifp->vif->mbss) { err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1); return err; @@ -7058,6 +7078,9 @@ static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp) wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_SAE_OFFLOAD); } + if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWAUTH)) + wiphy_ext_feature_set(wiphy, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK); wiphy->mgmt_stypes = brcmf_txrx_stypes; wiphy->max_remain_on_channel_duration = 5000; if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) { diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h index 333fdf394f95..bf86e0ca941e 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h @@ -128,6 +128,17 @@ enum brcmf_profile_fwsup { BRCMF_PROFILE_FWSUP_SAE }; +/** + * enum brcmf_profile_fwauth - firmware authenticator profile + * + * @BRCMF_PROFILE_FWAUTH_NONE: no firmware authenticator + * @BRCMF_PROFILE_FWAUTH_PSK: authenticator for WPA/WPA2-PSK + */ +enum brcmf_profile_fwauth { + BRCMF_PROFILE_FWAUTH_NONE, + BRCMF_PROFILE_FWAUTH_PSK +}; + /** * struct brcmf_cfg80211_profile - profile information. * @@ -140,6 +151,7 @@ struct brcmf_cfg80211_profile { struct brcmf_cfg80211_security sec; struct brcmf_wsec_key key[BRCMF_MAX_DEFAULT_KEYS]; enum brcmf_profile_fwsup use_fwsup; + u16 use_fwauth; bool is_ft; }; diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c index 0dcefbd0c000..7c68d9849324 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c @@ -42,6 +42,7 @@ static const struct brcmf_feat_fwcap brcmf_fwcap_map[] = { { BRCMF_FEAT_MONITOR_FMT_RADIOTAP, "rtap" }, { BRCMF_FEAT_DOT11H, "802.11h" }, { BRCMF_FEAT_SAE, "sae" }, + { BRCMF_FEAT_FWAUTH, "idauth" }, }; #ifdef DEBUG diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h index cda3fc1bab7f..d1f4257af696 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h @@ -28,6 +28,7 @@ * MONITOR_FMT_HW_RX_HDR: firmware provides monitor packets with hw/ucode header * DOT11H: firmware supports 802.11h * SAE: simultaneous authentication of equals + * FWAUTH: Firmware authenticator */ #define BRCMF_FEAT_LIST \ BRCMF_FEAT_DEF(MBSS) \ @@ -49,7 +50,8 @@ BRCMF_FEAT_DEF(MONITOR_FMT_RADIOTAP) \ BRCMF_FEAT_DEF(MONITOR_FMT_HW_RX_HDR) \ BRCMF_FEAT_DEF(DOT11H) \ - BRCMF_FEAT_DEF(SAE) + BRCMF_FEAT_DEF(SAE) \ + BRCMF_FEAT_DEF(FWAUTH) /* * Quirks: From patchwork Mon Aug 17 07:33:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chung-Hsien Hsu X-Patchwork-Id: 259602 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, MSGID_FROM_MTA_HEADER, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B239DC433E1 for ; Mon, 17 Aug 2020 07:34:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 72FF220758 for ; Mon, 17 Aug 2020 07:34:04 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=cypress.com header.i=@cypress.com header.b="bshYY6bd" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726746AbgHQHeC (ORCPT ); Mon, 17 Aug 2020 03:34:02 -0400 Received: from mail-eopbgr760113.outbound.protection.outlook.com ([40.107.76.113]:42094 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726583AbgHQHeA (ORCPT ); Mon, 17 Aug 2020 03:34:00 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VUcOoCpl/3Yr/szPr3p7mYAqs2m/3+1GngbY/dLsfcsvP4bk5jSD1y/ePOoaVyVP489KRZEbku6MMXd0qoXU4Z+BflRwBuG3nMACYbbHcohq1FfU5CcwoUguEX4U4FF0Cd0HrvUdxASp21/j/tpSJPBoPXacT8vH/HIkwu/lL4Sef8USgZdpaKakG618i2Pqa3XduAP2ojwncZrwmNGWLeepZFEE9U/AUzjGm1QPUkATJkZN7rGc70hk37h81HOSWKCjkq9iojS8xd5RIbBB4P00MsZjJqAr7X8rzZsEtEJD7892530L/N115GC+Sm2RSlFhmT+jTEH+PPp7Yd+dWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yF9rRNKFsjihk0VwblQdA9sIfWTQ9v972BP3Po7ZEaE=; b=DE17bAFlpKQJ+At5wBLU2ONjUkuTgyT0+lnnmafdgQaPMgTGks7+IJ+9eCYeJ2ZiNLI+Q04d5Kd14ZgwJTVjtJfRthbXHZQtsaNaG0bItpLe2iFHGe3+/BBOE/491bo4Ek1hPuHkHvSv2lqdjfU7jXn5p7I5bBvzU3U+X3X8kd4WeHZOW8PKxx2lNBUw/ciunUE3kLMin0O/hoRSoAbgIN5PIiXHZ24NAmoMtW90bNMF/SKZP8H/pir0aZDCAk/Cx7CykL3o5V6M5rU2HqLECNxzKmPaYaBVzL4XK8br2CG9UstWaV4fWRBk6IyXnLwayvdxl3JikdgG/d8IBaryxg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cypress.com; dmarc=pass action=none header.from=cypress.com; dkim=pass header.d=cypress.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cypress.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yF9rRNKFsjihk0VwblQdA9sIfWTQ9v972BP3Po7ZEaE=; b=bshYY6bducVhYvC51R/uZB0cvHDoWKY1lNfxRuU0TD5BIE5n05Gir49SUHV5r0cv3p/zBEojnTncGo9nD5zEFAwV+6BCR/HXn+pmJdT512tG4KtPNIR8Q1FemItkO+nRSS5DjJjzvX9BSfQ1XElLEq63M6Kc7XkrcWnirhNyW68= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=cypress.com; Received: from BN6PR06MB3043.namprd06.prod.outlook.com (2603:10b6:404:5a::23) by BN6PR06MB3009.namprd06.prod.outlook.com (2603:10b6:404:57::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.15; Mon, 17 Aug 2020 07:33:46 +0000 Received: from BN6PR06MB3043.namprd06.prod.outlook.com ([fe80::4196:7f99:bc78:4e7e]) by BN6PR06MB3043.namprd06.prod.outlook.com ([fe80::4196:7f99:bc78:4e7e%12]) with mapi id 15.20.3283.020; Mon, 17 Aug 2020 07:33:46 +0000 From: Chung-Hsien Hsu To: linux-wireless@vger.kernel.org, Johannes Berg Cc: brcm80211-dev-list@broadcom.com, brcm80211-dev-list@cypress.com, Arend van Spriel , Franky Lin , Hante Meuleman , Chi-Hsien Lin , Wright Feng , Kalle Valo , Chung-Hsien Hsu Subject: [PATCH v2 4/4] brcmfmac: support SAE authentication offload in AP mode Date: Mon, 17 Aug 2020 02:33:16 -0500 Message-Id: <20200817073316.33402-5-stanley.hsu@cypress.com> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200817073316.33402-1-stanley.hsu@cypress.com> References: <20200817073316.33402-1-stanley.hsu@cypress.com> X-ClientProxiedBy: MN2PR15CA0023.namprd15.prod.outlook.com (2603:10b6:208:1b4::36) To BN6PR06MB3043.namprd06.prod.outlook.com (2603:10b6:404:5a::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from aremote06.aus.cypress.com (157.95.12.33) by MN2PR15CA0023.namprd15.prod.outlook.com (2603:10b6:208:1b4::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3283.16 via Frontend Transport; Mon, 17 Aug 2020 07:33:44 +0000 X-Mailer: git-send-email 2.25.0 X-Originating-IP: [157.95.12.33] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 5831df53-1d5f-48f3-bb5d-08d8427fdfad X-MS-TrafficTypeDiagnostic: BN6PR06MB3009: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zIh5jT5pNDf4AOLWFywwS087r/Q3MvqwI9G/RkM31xN6iJ3IsUoFpc0i3ojEm2oJKECkXq2sLnKFfsDDdMr4SeT+9dC40sGzyXLnVASGipn2WyU8hNNdX2ZfpKG+ciJrqmtW7SJq+r/XuTbRuesZTSRIirG/kTOdAo/32vUexoIK7oB9JjCT8otAES7Zy7TyCOrmdT8Ktsfe2ZuVDGWf5ngasMoiYLvcqTtmsoMq/Zg6NHJ9NIeIV4Npkl+6OkDnURgJ954I6z9DoXw9gR4N46ES5lnrTxXt/blbiMvCnaMtAZpWjWMMRHnJ3k08y8MikD0mrvBZQEmNBRXks/8g/w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR06MB3043.namprd06.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(346002)(366004)(376002)(136003)(66946007)(2906002)(66476007)(4326008)(16526019)(83380400001)(54906003)(66556008)(186003)(8676002)(1076003)(6916009)(5660300002)(316002)(8936002)(36756003)(6666004)(7696005)(52116002)(107886003)(478600001)(86362001)(2616005)(26005)(6486002)(956004); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData: QsKfoDNakD7UwLqmKeE8ZXlx5QzhiCNr1VJhTOauqFBaksat3e/Jn0LzvHYMYXw9tE2lZNv71ct8xfE1cN0dH/sHc6wDLq3HImNwGFWx6lvIJiqgni342O9Mc+NKRQ7nXzusNj2MAe3m6GOU6RYx7tTNGqUoJBm246pkp3kL++N34zp824s4yqY60hpu14yRK039NgW46IUgusF2C7RhYJbm5/o4xMK8dOkdyUIF0qPzrx8QCn4CR5o1weAnzk1EmAraRB19t7FHB57WAHg5OYhbFEaMRFdfAVxxe6vETOwSSkBByzHmj0KWYpp5ysnYQAFwVjoBj1hv3LtqYNdh0jDCK6il2dWit5hWXY+HnjND5fWQwKviEzZB8VBgElvMtQ75ox2y5iJ6nhPfcwzEM/6TlVWaZkZwUARdT8pXy+Qdk4VCNM4w8u9K4TwsSOsGtllbsd86OTgBw2QmvR4F0vSPtfbuXEsN2xo8Qm1N+Z6kPJdWbSy2HvB198JwMXeaGnDgquEsQ5CLx8VjzkYZ1EgOfdWw8Fmc4qnlSm/w29MAfvMbxeGq/kzyagX37+5RD9Uqf+fAHF0JSf5dctCwIMLnJa/kaUeBfSeUsPZsf8ZOoxHnfsLxD8hTTriZ5O/0YmS4mopXpx0MgoxcPf3JjA== X-OriginatorOrg: cypress.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5831df53-1d5f-48f3-bb5d-08d8427fdfad X-MS-Exchange-CrossTenant-AuthSource: BN6PR06MB3043.namprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Aug 2020 07:33:46.0227 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 011addfc-2c09-450d-8938-e0bbc2dd2376 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: MYpXMzzqKHlJzSr6Yhf1Zt1n2vaPvg9knC+MNsnEuhpoSHjND6dWD332LM69HcsgHnFK0y4hL37EkfyQuxL4Nw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB3009 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Firmware may have SAE authenticator code built-in. This is detected by the driver and indicated in the wiphy features flags. User space can use this flag to determine whether or not to provide the password material in the nl80211 start AP command to offload the SAE authentication in AP mode. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Chi-Hsien Lin --- Changes in v2: - use a new flag for SAE offload in AP mode. --- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 28 ++++++++++++++++--- .../broadcom/brcm80211/brcmfmac/cfg80211.h | 4 ++- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c index 0dc6afa2ee0e..3e6e8479f95c 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -56,6 +56,7 @@ #define RSN_AKM_PSK 2 /* Pre-shared Key */ #define RSN_AKM_SHA256_1X 5 /* SHA256, 802.1X */ #define RSN_AKM_SHA256_PSK 6 /* SHA256, Pre-shared Key */ +#define RSN_AKM_SAE 8 /* SAE */ #define RSN_CAP_LEN 2 /* Length of RSN capabilities */ #define RSN_CAP_PTK_REPLAY_CNTR_MASK (BIT(2) | BIT(3)) #define RSN_CAP_MFPR_MASK BIT(6) @@ -4237,6 +4238,10 @@ brcmf_configure_wpaie(struct brcmf_if *ifp, brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n"); wpa_auth |= WPA2_AUTH_1X_SHA256; break; + case RSN_AKM_SAE: + brcmf_dbg(TRACE, "RSN_AKM_SAE\n"); + wpa_auth |= WPA3_AUTH_SAE_PSK; + break; default: bphy_err(drvr, "Invalid key mgmt info\n"); } @@ -4254,11 +4259,12 @@ brcmf_configure_wpaie(struct brcmf_if *ifp, brcmf_dbg(TRACE, "MFP Required\n"); mfp = BRCMF_MFP_REQUIRED; /* Firmware only supports mfp required in - * combination with WPA2_AUTH_PSK_SHA256 or - * WPA2_AUTH_1X_SHA256. + * combination with WPA2_AUTH_PSK_SHA256, + * WPA2_AUTH_1X_SHA256, or WPA3_AUTH_SAE_PSK. */ if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 | - WPA2_AUTH_1X_SHA256))) { + WPA2_AUTH_1X_SHA256 | + WPA3_AUTH_SAE_PSK))) { err = -EINVAL; goto exit; } @@ -4823,6 +4829,14 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev, if (err < 0) goto exit; } + if (crypto->sae_pwd) { + brcmf_dbg(INFO, "using SAE offload\n"); + profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_SAE); + err = brcmf_set_sae_password(ifp, crypto->sae_pwd, + crypto->sae_pwd_len); + if (err < 0) + goto exit; + } if (profile->use_fwauth == 0) profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE); @@ -4927,6 +4941,8 @@ static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev) if (profile->use_fwauth != BIT(BRCMF_PROFILE_FWAUTH_NONE)) { if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_PSK)) brcmf_set_pmk(ifp, NULL, 0); + if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_SAE)) + brcmf_set_sae_password(ifp, NULL, 0); profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE); } @@ -7078,9 +7094,13 @@ static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp) wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_SAE_OFFLOAD); } - if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWAUTH)) + if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWAUTH)) { wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK); + if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE)) + wiphy_ext_feature_set(wiphy, + NL80211_EXT_FEATURE_SAE_OFFLOAD_AP); + } wiphy->mgmt_stypes = brcmf_txrx_stypes; wiphy->max_remain_on_channel_duration = 5000; if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) { diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h index bf86e0ca941e..17817cdb5de2 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h @@ -133,10 +133,12 @@ enum brcmf_profile_fwsup { * * @BRCMF_PROFILE_FWAUTH_NONE: no firmware authenticator * @BRCMF_PROFILE_FWAUTH_PSK: authenticator for WPA/WPA2-PSK + * @BRCMF_PROFILE_FWAUTH_SAE: authenticator for SAE */ enum brcmf_profile_fwauth { BRCMF_PROFILE_FWAUTH_NONE, - BRCMF_PROFILE_FWAUTH_PSK + BRCMF_PROFILE_FWAUTH_PSK, + BRCMF_PROFILE_FWAUTH_SAE }; /**