Message ID | 6c05d1ccadba184337fecfdebf1cda74843b6415.1698746327.git.vinayak.yadawad@broadcom.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [v2,1/1] hostapd: Add support for OWE offload for STA/AP interface | expand |
On Tue, Oct 31, 2023 at 03:33:47PM +0530, Vinayak Yadawad wrote: > Driver/fw advertising OWE offload support would take care of > DH IE generation and processing part. Driver/FW would be > responsible for OWE PMK generation in this case. > This patch avoids the DH IE handling in wpa_supplicant/hostapd > for drivers advertising OWE offload support. How would this work for 4-way handshake since hostapd and wpa_supplicant would need to know the PMK? Or is this limited only to cases where the 4-way handshake is offloaded? If so, that should be clearly mentioned here in the commit message. And for the AP mode, I guess that would imply dependency on the SAE offloading patch (or the part of it that I asked to be separated to an independent patch). > diff --git a/src/drivers/driver.h b/src/drivers/driver.h > @@ -2253,6 +2253,10 @@ struct wpa_driver_capa { > +/** Driver supports OWE STA offload */ > +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD 0x0000000000008000ULL > +/** Driver supports OWE AP offload */ > +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP 0x0000000000010000ULL Please use _STA postfix for the STA capability to match the _AP postfix style. > diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c > @@ -1908,7 +1908,8 @@ static void mlme_event_dh_event(struct wpa_driver_nl80211_data *drv, > u8 *addr, *link_addr = NULL; > int assoc_link_id = -1; > > - if (!is_ap_interface(drv->nlmode)) > + if (!is_ap_interface(drv->nlmode) || > + (drv->capa.flags2 & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP)) > return; Why is this needed? Why would there be an NL80211_CMD_UPDATE_OWE_INFO event from a driver that uses OWE offloading? > diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h No need to include this in hostap.git contributions; I update this file directly from wireless-next.git.
Hi Jouni, Thanks for the review comments. >How would this work for 4-way handshake since hostapd and wpa_supplicant >would need to know the PMK? Or is this limited only to cases where the >4-way handshake is offloaded? If so, that should be clearly mentioned >here in the commit message. And for the AP mode, I guess that would >imply dependency on the SAE offloading patch (or the part of it that I >asked to be separated to an independent patch). Yes, as suggested we will update the description to indicate dependency on 4way HS offload. We will also have separate patches for PSK offload, SAE offload and the current OWE offload. >Please use _STA postfix for the STA capability to match the _AP postfix >style. Ack. >Why is this needed? Why would there be an NL80211_CMD_UPDATE_OWE_INFO >event from a driver that uses OWE offloading? Agree. We added this as a safety check, but will remove. >No need to include this in hostap.git contributions; I update this file >directly from wireless-next.git. Ack Regards, Vinayak On Tue, Nov 7, 2023 at 3:11 PM Jouni Malinen <j@w1.fi> wrote: > > On Tue, Oct 31, 2023 at 03:33:47PM +0530, Vinayak Yadawad wrote: > > Driver/fw advertising OWE offload support would take care of > > DH IE generation and processing part. Driver/FW would be > > responsible for OWE PMK generation in this case. > > This patch avoids the DH IE handling in wpa_supplicant/hostapd > > for drivers advertising OWE offload support. > > How would this work for 4-way handshake since hostapd and wpa_supplicant > would need to know the PMK? Or is this limited only to cases where the > 4-way handshake is offloaded? If so, that should be clearly mentioned > here in the commit message. And for the AP mode, I guess that would > imply dependency on the SAE offloading patch (or the part of it that I > asked to be separated to an independent patch). > > > diff --git a/src/drivers/driver.h b/src/drivers/driver.h > > @@ -2253,6 +2253,10 @@ struct wpa_driver_capa { > > +/** Driver supports OWE STA offload */ > > +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD 0x0000000000008000ULL > > +/** Driver supports OWE AP offload */ > > +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP 0x0000000000010000ULL > > Please use _STA postfix for the STA capability to match the _AP postfix > style. > > > diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c > > @@ -1908,7 +1908,8 @@ static void mlme_event_dh_event(struct wpa_driver_nl80211_data *drv, > > u8 *addr, *link_addr = NULL; > > int assoc_link_id = -1; > > > > - if (!is_ap_interface(drv->nlmode)) > > + if (!is_ap_interface(drv->nlmode) || > > + (drv->capa.flags2 & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP)) > > return; > > Why is this needed? Why would there be an NL80211_CMD_UPDATE_OWE_INFO > event from a driver that uses OWE offloading? > > > diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h > > No need to include this in hostap.git contributions; I update this file > directly from wireless-next.git. > > -- > Jouni Malinen PGP id EFC895FA
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index ff826dd67..a873a1916 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -260,6 +260,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, u16 reason = WLAN_REASON_UNSPECIFIED; int status = WLAN_STATUS_SUCCESS; const u8 *p2p_dev_addr = NULL; + struct hostapd_iface *iface = hapd->iface; if (addr == NULL) { /* @@ -785,6 +786,7 @@ skip_wpa_check: #ifdef CONFIG_OWE if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && + !(iface->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP) && wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE && elems.owe_dh) { u8 *npos; diff --git a/src/drivers/driver.h b/src/drivers/driver.h index dbe2ad5e4..43000ebfd 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2253,6 +2253,10 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA 0x0000000000002000ULL /** Driver supports MLO in station/AP mode */ #define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL +/** Driver supports OWE STA offload */ +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD 0x0000000000008000ULL +/** Driver supports OWE AP offload */ +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP 0x0000000000010000ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index 5e6406885..71c74e081 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -697,6 +697,14 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA; capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP; } + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_OWE_OFFLOAD)) + capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_OWE_OFFLOAD_AP)) + capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP; } diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index 9d39703e0..4cffa82b7 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -1908,7 +1908,8 @@ static void mlme_event_dh_event(struct wpa_driver_nl80211_data *drv, u8 *addr, *link_addr = NULL; int assoc_link_id = -1; - if (!is_ap_interface(drv->nlmode)) + if (!is_ap_interface(drv->nlmode) || + (drv->capa.flags2 & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP)) return; if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_IE]) return; diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h index c59fec406..6cbd63aab 100644 --- a/src/drivers/nl80211_copy.h +++ b/src/drivers/nl80211_copy.h @@ -334,6 +334,15 @@ * use %NL80211_CMD_START_AP or similar functions. */ +/** + * DOC: OWE DH IE handling offload + * + * By setting @NL80211_EXT_FEATURE_OWE_OFFLOAD flag, drivers can indicate + * kernel/application space to avoid DH IE handling. When this flag is + * advertised, the driver/device will take care of DH IE inclusion and + * processing of peer DH IE to generate PMK. + */ + /** * enum nl80211_commands - supported nl80211 commands * @@ -6372,6 +6381,12 @@ enum nl80211_feature_flags { * in authentication and deauthentication frames sent to unassociated peer * using @NL80211_CMD_FRAME. * + * @NL80211_EXT_FEATURE_OWE_OFFLOAD: Driver/Device wants to do OWE DH IE + * handling in station mode. + * + * @NL80211_EXT_FEATURE_OWE_OFFLOAD_AP: Driver/Device wants to do OWE DH IE + * handling in AP mode. + * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. */ @@ -6443,6 +6458,8 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_PUNCT, NL80211_EXT_FEATURE_SECURE_NAN, NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA, + NL80211_EXT_FEATURE_OWE_OFFLOAD, + NL80211_EXT_FEATURE_OWE_OFFLOAD_AP, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index f205b91d5..a9ab4aea4 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3206,6 +3206,7 @@ static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s, #ifdef CONFIG_OWE if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE && + (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD)) && (!bssid_known || owe_process_assoc_resp(wpa_s->wpa, wpa_s->valid_links ? diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index ba68e8198..a088bee73 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -3588,7 +3588,8 @@ static u8 * wpas_populate_assoc_ies( } else #endif /* CONFIG_TESTING_OPTIONS */ if (algs == WPA_AUTH_ALG_OPEN && - ssid->key_mgmt == WPA_KEY_MGMT_OWE) { + ssid->key_mgmt == WPA_KEY_MGMT_OWE && + !(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD)) { struct wpabuf *owe_ie; u16 group;
Driver/fw advertising OWE offload support would take care of DH IE generation and processing part. Driver/FW would be responsible for OWE PMK generation in this case. This patch avoids the DH IE handling in wpa_supplicant/hostapd for drivers advertising OWE offload support. Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com> --- v1->v2: Addressed review comments and patch description --- src/ap/drv_callbacks.c | 2 ++ src/drivers/driver.h | 4 ++++ src/drivers/driver_nl80211_capa.c | 8 ++++++++ src/drivers/driver_nl80211_event.c | 3 ++- src/drivers/nl80211_copy.h | 17 +++++++++++++++++ wpa_supplicant/events.c | 1 + wpa_supplicant/wpa_supplicant.c | 3 ++- 7 files changed, 36 insertions(+), 2 deletions(-)