From patchwork Fri Oct 27 13:24:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vinayak Yadawad X-Patchwork-Id: 1856186 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=ntVUAkW4; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=broadcom.com header.i=@broadcom.com header.a=rsa-sha256 header.s=google header.b=XczoNUw/; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SH3MG1x8Vz202k for ; Sat, 28 Oct 2023 00:25:44 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=Pg/9hIescK06dmTscgG7FeM3JFlIh50eGSy8Ozr/zMg=; b=ntV UAkW4l2uXNyl5P1Rl3v4goc+QiRLalc1hGR++805Lto4UldFtNC64u6lXnWW5QTdKpHPmfe9VtfJy y3zV15tjM7DrRqtam7weGZmTzUHj50nOu4AWYyF5TnB/4NzoZinq6wPSFVfngOpteBfoFctdpu5oX HxBMyav+ymuy9La9EWz2wABxyz82E7OK0s+WKZb4WwQrSaVjbcb0mEwjUDmre26AGLOLZZZoMmQEX +t6C4xx0aAU4pUJs1K9TMT9vBcJ0jLHC0h6QPFjzp45e43fDmOuIDqZQFY5lm++Mg0wKKdeO7RGgk K1xfyTfcpB8ZRgarPaWG36c5KAtoGLQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1qwMp1-00GUXH-03; Fri, 27 Oct 2023 13:24:19 +0000 Received: from mail-pl1-x62f.google.com ([2607:f8b0:4864:20::62f]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1qwMow-00GUVy-2x for hostap@lists.infradead.org; Fri, 27 Oct 2023 13:24:17 +0000 Received: by mail-pl1-x62f.google.com with SMTP id d9443c01a7336-1cc20df5187so4373875ad.0 for ; Fri, 27 Oct 2023 06:24:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1698413050; x=1699017850; darn=lists.infradead.org; h=mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject :date:message-id:reply-to; bh=CsEAcIanOIdSVudrcFm/5kA/DGnFywOsowjXPqiBLXU=; b=XczoNUw/LcT0S+/nGVk1xFQxBJSSUHUKqxm46ISq7BEZKd46wQGdCULRzwn1zA8Cmb 4mNZcg6JkU60LI1Cyjz1Q00GnVSxgolv1f8B76g9Myw5xnsw/qxvmUpr9Jwt+7rVIjWX ZsM5wx++i5qL8GjQdMG/8X+zCcWECWtwjCYz0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698413050; x=1699017850; h=mime-version:message-id:date:subject:cc:to:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=CsEAcIanOIdSVudrcFm/5kA/DGnFywOsowjXPqiBLXU=; b=LI6gsEpY2zUo1qrqtOwBXWl+kSu2wsXNmUcO8CK5lxSvujfdFASOdy7besnUahI9oT WswIXFBzON09+Ewp4r1mgPcbbpq/anSnNfIWUHr/7nHI9fbHNMgxnijLY+FhG/Ep+PUU DCV7uWLV5sVm55ky/F3szhs3/edke9dnJf8uddFRpHkdW2v0rnxFmZ5RfLDUtUlHRhMa 9Kp01kZLqw+vxKZ+7qq60+vyEUFWEk5A3hVKrSsOr8L//wtmF6A7VWhUQxzdyZp2D3li 540Om6e2m32pNPJok+16dpPKGyANbxFKObB0eUYAzVX75SO7exHnFpq58VH5SUqI23zv 13Rw== X-Gm-Message-State: AOJu0YzXi61mkOUfKUmKWx6/E4kG0YNM0Uvt2lyNc4Pt27LjvZ6wldA+ /L+H70OlTHjBBTpE9v5lbn8dqKslBgiokvcauEfKk8GMh9h8FZ80s0V7cZTNiPey7v7BKpt5hJs PwIr8zFhreD3jiSPDI7wQDpwWJUsv++jgtR49E26RgXxR9PDrYNePaYzeb27NJWaGqRGq0aZioI P7d0tlf3UoMTORPQ== X-Google-Smtp-Source: AGHT+IEDBbwu6Z1DLmv5WpCLFWq7L4gic9BH0tXmiISRNStNrZu5kNMd76X29BtfU63wkaq5rYQN/g== X-Received: by 2002:a17:902:d4c6:b0:1ca:71:ea41 with SMTP id o6-20020a170902d4c600b001ca0071ea41mr7544247plg.22.1698413050217; Fri, 27 Oct 2023 06:24:10 -0700 (PDT) Received: from ibnvda0196.ibn.broadcom.net ([192.19.252.250]) by smtp.gmail.com with ESMTPSA id c11-20020a170902d48b00b001c613b4aa33sm1507940plg.287.2023.10.27.06.24.08 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Oct 2023 06:24:09 -0700 (PDT) From: Vinayak Yadawad To: hostap@lists.infradead.org Cc: jithu.jance@broadcom.com, Vinayak Yadawad Subject: [PATCH 1/1] hostapd: Add support for OWE offload for STA/AP interface Date: Fri, 27 Oct 2023 18:54:03 +0530 Message-Id: X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231027_062414_983216_6DFCD611 X-CRM114-Status: GOOD ( 20.72 ) X-Spam-Score: 0.6 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: The current change enables OWE DH IE inclusion and processing of peer DH IE to generate PMK by the driver. The OWE offload is enabled based on NL80211_EXT_FEATURE_OWE_OFFLOAD flag advertised by the dr [...] Content analysis details: (0.6 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:62f listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 1.0 MIME_NO_TEXT No (properly identified) text body parts -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org The current change enables OWE DH IE inclusion and processing of peer DH IE to generate PMK by the driver. The OWE offload is enabled based on NL80211_EXT_FEATURE_OWE_OFFLOAD flag advertised by the driver. Signed-off-by: Vinayak Yadawad --- src/ap/drv_callbacks.c | 2 ++ src/ap/ieee802_11.c | 20 ++++++++++++-------- src/drivers/driver.h | 4 ++++ src/drivers/driver_nl80211_capa.c | 8 ++++++++ src/drivers/nl80211_copy.h | 17 +++++++++++++++++ wpa_supplicant/events.c | 1 + wpa_supplicant/wpa_supplicant.c | 3 ++- 7 files changed, 46 insertions(+), 9 deletions(-) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index ff826dd67..a873a1916 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -260,6 +260,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, u16 reason = WLAN_REASON_UNSPECIFIED; int status = WLAN_STATUS_SUCCESS; const u8 *p2p_dev_addr = NULL; + struct hostapd_iface *iface = hapd->iface; if (addr == NULL) { /* @@ -785,6 +786,7 @@ skip_wpa_check: #ifdef CONFIG_OWE if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && + !(iface->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP) && wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE && elems.owe_dh) { u8 *npos; diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index a9b3e8c60..e3162ef6c 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -3709,6 +3709,7 @@ u16 owe_process_rsn_ie(struct hostapd_data *hapd, u8 *owe_buf, ie[256 * 2]; size_t ie_len = 0; enum wpa_validate_result res; + struct hostapd_iface *iface = hapd->iface; if (!rsn_ie || rsn_ie_len < 2) { wpa_printf(MSG_DEBUG, "OWE: No RSNE in (Re)AssocReq"); @@ -3738,14 +3739,17 @@ u16 owe_process_rsn_ie(struct hostapd_data *hapd, status = wpa_res_to_status_code(res); if (status != WLAN_STATUS_SUCCESS) goto end; - status = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len); - if (status != WLAN_STATUS_SUCCESS) - goto end; - owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, ie, sizeof(ie), - NULL, 0); - if (!owe_buf) { - status = WLAN_STATUS_UNSPECIFIED_FAILURE; - goto end; + + if (!(iface->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP)) { + status = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len); + if (status != WLAN_STATUS_SUCCESS) + goto end; + owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, ie, sizeof(ie), + NULL, 0); + if (!owe_buf) { + status = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto end; + } } if (sta->owe_ecdh) { diff --git a/src/drivers/driver.h b/src/drivers/driver.h index dbe2ad5e4..43000ebfd 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2253,6 +2253,10 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA 0x0000000000002000ULL /** Driver supports MLO in station/AP mode */ #define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL +/** Driver supports OWE STA offload */ +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD 0x0000000000008000ULL +/** Driver supports OWE AP offload */ +#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP 0x0000000000010000ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index 5e6406885..71c74e081 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -697,6 +697,14 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA; capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP; } + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_OWE_OFFLOAD)) + capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_OWE_OFFLOAD_AP)) + capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP; } diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h index c59fec406..6cbd63aab 100644 --- a/src/drivers/nl80211_copy.h +++ b/src/drivers/nl80211_copy.h @@ -334,6 +334,15 @@ * use %NL80211_CMD_START_AP or similar functions. */ +/** + * DOC: OWE DH IE handling offload + * + * By setting @NL80211_EXT_FEATURE_OWE_OFFLOAD flag, drivers can indicate + * kernel/application space to avoid DH IE handling. When this flag is + * advertised, the driver/device will take care of DH IE inclusion and + * processing of peer DH IE to generate PMK. + */ + /** * enum nl80211_commands - supported nl80211 commands * @@ -6372,6 +6381,12 @@ enum nl80211_feature_flags { * in authentication and deauthentication frames sent to unassociated peer * using @NL80211_CMD_FRAME. * + * @NL80211_EXT_FEATURE_OWE_OFFLOAD: Driver/Device wants to do OWE DH IE + * handling in station mode. + * + * @NL80211_EXT_FEATURE_OWE_OFFLOAD_AP: Driver/Device wants to do OWE DH IE + * handling in AP mode. + * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. */ @@ -6443,6 +6458,8 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_PUNCT, NL80211_EXT_FEATURE_SECURE_NAN, NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA, + NL80211_EXT_FEATURE_OWE_OFFLOAD, + NL80211_EXT_FEATURE_OWE_OFFLOAD_AP, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index f205b91d5..a9ab4aea4 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -3206,6 +3206,7 @@ static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s, #ifdef CONFIG_OWE if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE && + (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD)) && (!bssid_known || owe_process_assoc_resp(wpa_s->wpa, wpa_s->valid_links ? diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index ba68e8198..a088bee73 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -3588,7 +3588,8 @@ static u8 * wpas_populate_assoc_ies( } else #endif /* CONFIG_TESTING_OPTIONS */ if (algs == WPA_AUTH_ALG_OPEN && - ssid->key_mgmt == WPA_KEY_MGMT_OWE) { + ssid->key_mgmt == WPA_KEY_MGMT_OWE && + !(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD)) { struct wpabuf *owe_ie; u16 group;