From patchwork Thu Nov  9 05:02:23 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
X-Patchwork-Id: 1861847
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=YuFk4hx7;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=broadcom.com header.i=@broadcom.com header.a=rsa-sha256
 header.s=google header.b=ACQSsBNj;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=patchwork.ozlabs.org)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4SQqbr2T6Nz1yRF
	for <incoming@patchwork.ozlabs.org>; Thu,  9 Nov 2023 16:03:36 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	MIME-Version:Message-Id:Date:Subject:Cc:To:From:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:
	References:List-Owner; bh=A+DJ80XTT17FIS8OULwIqqzQi9aeO2vBjvTaS0HRRNI=; b=YuF
	k4hx7rpn8rsbSmuPeISv1/Stbw0S/3/EnGrIEj0Mv/9e3ewBLOKmg8nJPxtn8FqfFf2ooH9CmOCNE
	QdBs/iVthjrYzAWhR6oOMi1dYI4ZEFBIUaNfCEmkv1NiULf8NCRi6ty75krjy+qaiYoDCSfy8nHsA
	jCNDvZlaPDLvXV0KO/UgKeeSSrbT7JGUN5pVunvsD+Tvl7URF2Ujzrn1U2LwyhFUtx+qLJ+IKzFMM
	N0MSRex4+EavCEJg4Exjuhh6Ka443As3qvCxcuBN8B/iOozdY9QbSyluaN6EDUXOXCLFayrw3sEl2
	uQM9p6vHDog/R+/R49TLAKtSNYUqBpg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1r0xBa-005IHa-0V;
	Thu, 09 Nov 2023 05:02:34 +0000
Received: from mail-pf1-x42f.google.com ([2607:f8b0:4864:20::42f])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1r0xBW-005IH9-13
	for hostap@lists.infradead.org;
	Thu, 09 Nov 2023 05:02:32 +0000
Received: by mail-pf1-x42f.google.com with SMTP id
 d2e1a72fcca58-6c3363a2b93so445910b3a.3
        for <hostap@lists.infradead.org>;
 Wed, 08 Nov 2023 21:02:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=broadcom.com; s=google; t=1699506149; x=1700110949;
 darn=lists.infradead.org;
        h=mime-version:message-id:date:subject:cc:to:from:from:to:cc:subject
         :date:message-id:reply-to;
        bh=iDM32TgecbQgncQ5JmfT3AHDt+dDb/Y9FVgPN9i2FR4=;
        b=ACQSsBNjRZ16ziAqN7ByHnTkUUEeEQs1in88voajGv9RaR6tR2BGTs0l15NGBps6bq
         LOyS5wzl/nyPhn/ffNJlvVVymsWJmr/7g6kAHNuFk4YaWzqMdpKBZTWAFhDqCDHxoTAj
         A/c7Qsxwt27DCdloNV5QTKArYwzHB65oSCCS0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699506149; x=1700110949;
        h=mime-version:message-id:date:subject:cc:to:from:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=iDM32TgecbQgncQ5JmfT3AHDt+dDb/Y9FVgPN9i2FR4=;
        b=dpJ2ibcXafxGT23tCBk8WENoZnuVn9lSH/f1bcgL0s1QN9KnC6HpjsG79Kht9/KuFR
         jdAAmoOvfLHavp5SlmsH95d6lYHImMMrksdpgXeftfwunyLkArW2xrbhmc8A/I9DD64/
         BIR2JYGQb8fbt/ogcab3tv+lIMEF7v1phf/ECJseub3v1BR3iSFkqzdo0dULx3I2DuSM
         mm5stxUNVVH5OGedLgrBBTcRKmvv4nCh+gKbjzqx3b9eR3BYBB10fahE6WhvJvNyT/4+
         t+K/fsyeJEh00QmaEdutzl/iERe9LsMe/rSGCAwDX30b0nBAqXzblLniOhKkRvXP319o
         jB8g==
X-Gm-Message-State: AOJu0YwrfXi9RMtcrPjcYs7kdtdwuyhMPvSf6Si6+AeqqykKsVgF+0Os
	s/U3xXV2Vs39BNoHDEUX006Iqahjt3K0XJFEpq3YBRACdbw/R10FtxfmgXnIBAYMStkiv93Z73t
	liRorP36Ae+3rJ0rFsDCo+KfOTRjDMPvL5BswX6SgjWz2RyXyJd2+V2N0p7Chpoi61BAZ+WZ7LX
	BfmkP5N8zY9E4NBg==
X-Google-Smtp-Source: 
 AGHT+IHO4geL4HVdcvgGrS9f/nbNpuvTHklOj9ORKQr8iM8KCjQkGXLBbM9bTwNbpCO5k014jmAScA==
X-Received: by 2002:a05:6a00:1995:b0:6c3:6b26:bba4 with SMTP id
 d21-20020a056a00199500b006c36b26bba4mr3808174pfl.33.1699506148473;
        Wed, 08 Nov 2023 21:02:28 -0800 (PST)
Received: from ibnvda0196.ibn.broadcom.net ([192.19.252.250])
        by smtp.gmail.com with ESMTPSA id
 x14-20020aa793ae000000b0068bc6a75848sm9767278pff.156.2023.11.08.21.02.26
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 08 Nov 2023 21:02:27 -0800 (PST)
From: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
To: hostap@lists.infradead.org
Cc: jithu.jance@broadcom.com,
	Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Subject: [PATCH v3 1/1] hostapd: Add support for OWE offload for STA/AP
 interface
Date: Thu,  9 Nov 2023 10:32:23 +0530
Message-Id: 
 <7b2dc8575ff8acd199d55f61650a23a5a3bd83a2.1699505942.git.vinayak.yadawad@broadcom.com>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20231108_210230_520475_7DAACFB1 
X-CRM114-Status: GOOD (  17.04  )
X-Spam-Score: 0.6 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Driver/fw advertising OWE offload support would take care
   of DH IE generation and processing part. Driver/FW would be responsible for
    OWE PMK generation in this case. This patch avoids the DH IE handl [...]
 Content analysis details:   (0.6 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2607:f8b0:4864:20:0:0:0:42f listed in]
                             [list.dnswl.org]
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 SPF_NONE               SPF: sender does not publish an SPF Record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
  1.0 MIME_NO_TEXT           No (properly identified) text body parts
 -0.2 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Driver/fw advertising OWE offload support would take care of
DH IE generation and processing part. Driver/FW would be
responsible for OWE PMK generation in this case.
This patch avoids the DH IE handling in wpa_supplicant/hostapd
for drivers advertising OWE offload support. This change
is applicable for drivers supporting 4-way HS offload.
---
v1->v2: Addressed review comments and patch description
v2->v3: Addressed review comments
Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
---
 src/ap/drv_callbacks.c            | 4 ++++
 src/drivers/driver.h              | 4 ++++
 src/drivers/driver_nl80211_capa.c | 8 ++++++++
 wpa_supplicant/events.c           | 1 +
 wpa_supplicant/wpa_supplicant.c   | 3 ++-
 5 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index bc575e260..77970a5f6 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -260,6 +260,9 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
 	u16 reason = WLAN_REASON_UNSPECIFIED;
 	int status = WLAN_STATUS_SUCCESS;
 	const u8 *p2p_dev_addr = NULL;
+#ifdef CONFIG_OWE
+	struct hostapd_iface *iface = hapd->iface;
+#endif /* CONFIG_OWE */
 
 	if (addr == NULL) {
 		/*
@@ -772,6 +775,7 @@ skip_wpa_check:
 
 #ifdef CONFIG_OWE
 	if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
+	    !(iface->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP) &&
 	    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
 	    elems.owe_dh) {
 		u8 *npos;
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 24016b344..c1bb406b6 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -2281,6 +2281,10 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS2_SCAN_MIN_PREQ         0x0000000000008000ULL
 /** Driver supports SAE authentication offload in STA mode */
 #define WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA	0x0000000000010000ULL
+/** Driver supports OWE STA offload */
+#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD_STA	0x0000000000020000ULL
+/** Driver supports OWE AP offload */
+#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP   0x0000000000040000ULL
 	u64 flags2;
 
 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index b7d914140..49b873df6 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -705,6 +705,14 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
 	if (ext_feature_isset(ext_features, len,
 			      NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
 		capa->flags2 |= WPA_DRIVER_FLAGS2_SCAN_MIN_PREQ;
+
+	if (ext_feature_isset(ext_features, len,
+			      NL80211_EXT_FEATURE_OWE_OFFLOAD))
+		capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD_STA;
+
+	if (ext_feature_isset(ext_features, len,
+			      NL80211_EXT_FEATURE_OWE_OFFLOAD_AP))
+		capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP;
 }
 
 
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 081f3c434..ef4fd4453 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3348,6 +3348,7 @@ static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
 
 #ifdef CONFIG_OWE
 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
+	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_STA)) &&
 	    (!bssid_known ||
 	     owe_process_assoc_resp(wpa_s->wpa,
 				    wpa_s->valid_links ?
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 972f54fcb..a292f05da 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -3616,7 +3616,8 @@ static u8 * wpas_populate_assoc_ies(
 	} else
 #endif /* CONFIG_TESTING_OPTIONS */
 	if (algs == WPA_AUTH_ALG_OPEN &&
-	    ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
+	    ssid->key_mgmt == WPA_KEY_MGMT_OWE &&
+	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_STA)) {
 		struct wpabuf *owe_ie;
 		u16 group;