From patchwork Tue Oct 31 10:03:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinayak Yadawad X-Patchwork-Id: 1857483 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=PTrMiRb7; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=broadcom.com header.i=@broadcom.com header.a=rsa-sha256 header.s=google header.b=WsaPRXyG; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SKQkb6jxlz1yQZ for ; Tue, 31 Oct 2023 21:05:40 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=pUvZQymoILm0a3a4N4F2vGhLw1GEEfw4TR/WB2juS9I=; b=PTr MiRb7l36FmmzcZu1h7W+DxwMXiPAFi4iLB8FTE52oUY1YfSiSN9wiaeVGaKjERJMQi/nYs53D/9KM K/0PcfFzbSo3+xzgyP4zbjY+fAOHx6v/im6x6uiTVvdhUb1Vuy4oMKb146JIdHLpeVYl/IY4JKE+a /8QOErXfmfgNBagE9RnN8HrcdUAc+6A+5EQJV8/PwHxDAclirVwqdnPsxP96mOnf/walEQGWm9CfR l92mlk3faORNVtMXoY1Q9ne9a59Lm7RDtF9hwNOXsDCRMFruoPtAjMtZwUEI23jr74VOy92H1bJOi 8Wdo36qAs5LbPET9JjyGE5OkRPLIV6g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qxlbN-004vnC-2d; Tue, 31 Oct 2023 10:04:01 +0000 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qxlbK-004vmY-2B for hostap@lists.infradead.org; Tue, 31 Oct 2023 10:04:00 +0000 Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-6b5af4662b7so4841758b3a.3 for ; Tue, 31 Oct 2023 03:03:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1698746634; x=1699351434; darn=lists.infradead.org; h=mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=ak7FUJL+SiIkqwdRQ4rjUYVABekfRDbJhUvfL898Fp0=; b=WsaPRXyGnzvtnv7OBLZunq31JZlSeJ9kTyIqVLJv8vxOeko2Tbip4YCM+iFLLD1cH6 QksjpC9pvcj0mw1RTiKSvh77GEyJRI+Pp6wTQxLQKa2OTEqq07xziBTnCiNt1PnagMI/ 4aMSkDB5X5I2nsvyx7ruMo2oerjOHdXkMDwpQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698746634; x=1699351434; h=mime-version:message-id:date:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ak7FUJL+SiIkqwdRQ4rjUYVABekfRDbJhUvfL898Fp0=; b=reCuslxAEpQZqyUcaPi1y8ozhFqHjDxrivcP76iqDMCX9UNgzXdcboOHkwEQhaqqZ4 YJkwZKmV3RD6oxpi+6Io+aEO9nMoSnYBFAtYllu//mTPuEnEJLGRgOIt0+EnFkiMkmfA 9C8eADgCAXE6s/Xg8JW2nk4DMz57CvCvL/cxVeBjwcLy7MPkNaRV+el08kscSAkTePAs a8Olp0gzaHCMAbPjyiD9bG0vuiHiCwIdUAsrWXjNlLNnHM3kQS/QdSiRQcPY0fH2BCtn /OmgnkzoAuD9XpW7qdg1U+zEnwtm5SkF+u2c6XYhRF8bABH3HXwxzPHx+4jbvragjUqt Si1g== X-Gm-Message-State: AOJu0YytJLP4Ho5fMLsv2FkUSP5pmbPEir+bpH0N9rA1t+k+DpRNi+S1 D2mYzzdbE8YCCEqAs64hitND392Oj9yh32bHgsnmc+sQO577ckPd0ccIl+cHmBIlTpr5eAWUgsf cszVN0MCcfISFbNrLRT4G36zG6tiI5X+qW8HgJG234VRFS0bVqQRV54ND6j1uAUw5oYh4KwShaf VKjF7v0U0siJl2sg== X-Google-Smtp-Source: AGHT+IFihxQMFqshffkbo+7W/C2+WU193mT02IFAiMsNDRpqOPP+eLgCVat7ZN/+bcgc3QUQlAjmXw== X-Received: by 2002:a05:6a20:1595:b0:17b:3822:e5ea with SMTP id h21-20020a056a20159500b0017b3822e5eamr12704243pzj.19.1698746633631; Tue, 31 Oct 2023 03:03:53 -0700 (PDT) Received: from ibnvda0196.ibn.broadcom.net ([192.19.252.250]) by smtp.gmail.com with ESMTPSA id t4-20020a170902e84400b001c61df93afdsm964415plg.59.2023.10.31.03.03.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 31 Oct 2023 03:03:53 -0700 (PDT) From: Vinayak Yadawad To: hostap@lists.infradead.org Cc: jithu.jance@broadcom.com, Vinayak Yadawad Subject: [PATCH v2 1/1] hostapd: Add support for OWE offload for STA/AP interface Date: Tue, 31 Oct 2023 15:33:47 +0530 Message-Id: <6c05d1ccadba184337fecfdebf1cda74843b6415.1698746327.git.vinayak.yadawad@broadcom.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231031_030358_765532_616E4A9C X-CRM114-Status: GOOD ( 20.43 ) X-Spam-Score: 0.6 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Driver/fw advertising OWE offload support would take care of DH IE generation and processing part. Driver/FW would be responsible for OWE PMK generation in this case. This patch avoids the DH IE handl [...] Content analysis details: (0.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:42e listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 1.0 MIME_NO_TEXT No (properly identified) text body parts -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Driver/fw advertising OWE offload support would take care of DH IE generation and processing part. Driver/FW would be responsible for OWE PMK generation in this case. This patch avoids the DH IE handling in wpa_supplicant/hostapd for drivers advertising OWE offload support. Signed-off-by: Vinayak Yadawad --- v1->v2: Addressed review comments and patch description --- src/ap/drv_callbacks.c | 2 ++ src/drivers/driver.h | 4 ++++ src/drivers/driver_nl80211_capa.c | 8 ++++++++ src/drivers/driver_nl80211_event.c | 3 ++- src/drivers/nl80211_copy.h | 17 +++++++++++++++++ wpa_supplicant/events.c | 1 + wpa_supplicant/wpa_supplicant.c | 3 ++- 7 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index ff826dd67..a873a1916 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -260,6 +260,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, u16 reason = WLAN_REASON_UNSPECIFIED; int status = WLAN_STATUS_SUCCESS; const u8 *p2p_dev_addr = NULL; + struct hostapd_iface *iface = hapd->iface; if (addr == NULL) { /* @@ -785,6 +786,7 @@ skip_wpa_check: #ifdef CONFIG_OWE if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && + !(iface->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP) && wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE && elems.owe_dh) { u8 *npos; diff --git a/src/drivers/driver.h b/src/drivers/driver.h index dbe2ad5e4..43000ebfd 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2253,6 +2253,10 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA 0x0000000000002000ULL /** Driver supports MLO in station/AP mode */ #define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL +/** Driver supports OWE STA offload */ +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD 0x0000000000008000ULL +/** Driver supports OWE AP offload */ +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP 0x0000000000010000ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index 5e6406885..71c74e081 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -697,6 +697,14 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA; capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP; } + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_OWE_OFFLOAD)) + capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_OWE_OFFLOAD_AP)) + capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP; } diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index 9d39703e0..4cffa82b7 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -1908,7 +1908,8 @@ static void mlme_event_dh_event(struct wpa_driver_nl80211_data *drv, u8 *addr, *link_addr = NULL; int assoc_link_id = -1; - if (!is_ap_interface(drv->nlmode)) + if (!is_ap_interface(drv->nlmode) || + (drv->capa.flags2 & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP)) return; if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_IE]) return; diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h index c59fec406..6cbd63aab 100644 --- a/src/drivers/nl80211_copy.h +++ b/src/drivers/nl80211_copy.h @@ -334,6 +334,15 @@ * use %NL80211_CMD_START_AP or similar functions. */ +/** + * DOC: OWE DH IE handling offload + * + * By setting @NL80211_EXT_FEATURE_OWE_OFFLOAD flag, drivers can indicate + * kernel/application space to avoid DH IE handling. When this flag is + * advertised, the driver/device will take care of DH IE inclusion and + * processing of peer DH IE to generate PMK. + */ + /** * enum nl80211_commands - supported nl80211 commands * @@ -6372,6 +6381,12 @@ enum nl80211_feature_flags { * in authentication and deauthentication frames sent to unassociated peer * using @NL80211_CMD_FRAME. * + * @NL80211_EXT_FEATURE_OWE_OFFLOAD: Driver/Device wants to do OWE DH IE + * handling in station mode. + * + * @NL80211_EXT_FEATURE_OWE_OFFLOAD_AP: Driver/Device wants to do OWE DH IE + * handling in AP mode. + * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. */ @@ -6443,6 +6458,8 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_PUNCT, NL80211_EXT_FEATURE_SECURE_NAN, NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA, + NL80211_EXT_FEATURE_OWE_OFFLOAD, + NL80211_EXT_FEATURE_OWE_OFFLOAD_AP, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index f205b91d5..a9ab4aea4 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3206,6 +3206,7 @@ static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s, #ifdef CONFIG_OWE if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE && + (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD)) && (!bssid_known || owe_process_assoc_resp(wpa_s->wpa, wpa_s->valid_links ? diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index ba68e8198..a088bee73 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -3588,7 +3588,8 @@ static u8 * wpas_populate_assoc_ies( } else #endif /* CONFIG_TESTING_OPTIONS */ if (algs == WPA_AUTH_ALG_OPEN && - ssid->key_mgmt == WPA_KEY_MGMT_OWE) { + ssid->key_mgmt == WPA_KEY_MGMT_OWE && + !(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD)) { struct wpabuf *owe_ie; u16 group;