package/kernel/mac80211/patches/subsys/302-cfg80211-Add-support-to-configure-SAE-PWE-value-to-d.patch

   1 From: Rohan Dutta <drohan@codeaurora.org>
   2 Date: Tue, 27 Oct 2020 12:09:10 +0200
   3 Subject: [PATCH] cfg80211: Add support to configure SAE PWE value to drivers
   4
   5 Add support to configure SAE PWE preference from userspace to drivers in
   6 both AP and STA modes. This is needed for cases where the driver takes
   7 care of Authentication frame processing (SME in the driver) so that
   8 correct enforcement of the acceptable PWE derivation mechanism can be
   9 performed.
  10
  11 The userspace applications can pass the sae_pwe value using the
  12 NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and
  13 NL80211_CMD_START_AP commands to the driver. This allows selection
  14 between the hunting-and-pecking loop and hash-to-element options for PWE
  15 derivation. For backwards compatibility, this new attribute is optional
  16 and if not included, the driver is notified of the value being
  17 unspecified.
  18
  19 Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
  20 Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
  21 Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org
  22 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
  23 ---
  24
  25 --- a/include/net/cfg80211.h
  26 +++ b/include/net/cfg80211.h
  27 @@ -1009,6 +1009,14 @@ struct survey_info {
  28   * @sae_pwd: password for SAE authentication (for devices supporting SAE
  29   *     offload)
  30   * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
  31 + * @sae_pwe: The mechanisms allowed for SAE PWE derivation
  32 + *     NL80211_SAE_PWE_UNSPECIFIED: Not-specified, used to indicate userspace
  33 + *             did not specify any preference. The driver should follow its
  34 + *             internal policy in such a scenario.
  35 + *     NL80211_SAE_PWE_HUNT_AND_PECK: Allow hunting-and-pecking loop only
  36 + *     NL80211_SAE_PWE_HASH_TO_ELEMENT: Allow hash-to-element only
  37 + *     NL80211_SAE_PWE_BOTH: Allow either hunting-and-pecking loop
  38 + *             or hash-to-element
  39   */
  40  struct cfg80211_crypto_settings {
  41         u32 wpa_versions;
  42 @@ -1027,6 +1035,7 @@ struct cfg80211_crypto_settings {
  43         const u8 *psk;
  44         const u8 *sae_pwd;
  45         u8 sae_pwd_len;
  46 +       enum nl80211_sae_pwe_mechanism sae_pwe;
  47  };
  48
  49  /**
  50 --- a/net/wireless/nl80211.c
  51 +++ b/net/wireless/nl80211.c
  52 @@ -736,6 +736,9 @@ static const struct nla_policy nl80211_p
  53                 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
  54         [NL80211_ATTR_S1G_CAPABILITY_MASK] =
  55                 NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
  56 +       [NL80211_ATTR_SAE_PWE] =
  57 +               NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
  58 +                                NL80211_SAE_PWE_BOTH),
  59         [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
  60  };
  61
  62 @@ -9764,6 +9767,12 @@ static int nl80211_crypto_settings(struc
  63                         nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
  64         }
  65
  66 +       if (info->attrs[NL80211_ATTR_SAE_PWE])
  67 +               settings->sae_pwe =
  68 +                       nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
  69 +       else
  70 +               settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
  71 +
  72         return 0;
  73  }
  74