[PATCH v2 1/1] hostapd: Add support for OWE offload for STA/AP interface
Vinayak Yadawad
vinayak.yadawad at broadcom.com
Tue Oct 31 03:03:47 PDT 2023
Driver/fw advertising OWE offload support would take care of
DH IE generation and processing part. Driver/FW would be
responsible for OWE PMK generation in this case.
This patch avoids the DH IE handling in wpa_supplicant/hostapd
for drivers advertising OWE offload support.
Signed-off-by: Vinayak Yadawad <vinayak.yadawad at broadcom.com>
---
v1->v2: Addressed review comments and patch description
---
src/ap/drv_callbacks.c | 2 ++
src/drivers/driver.h | 4 ++++
src/drivers/driver_nl80211_capa.c | 8 ++++++++
src/drivers/driver_nl80211_event.c | 3 ++-
src/drivers/nl80211_copy.h | 17 +++++++++++++++++
wpa_supplicant/events.c | 1 +
wpa_supplicant/wpa_supplicant.c | 3 ++-
7 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index ff826dd67..a873a1916 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -260,6 +260,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
u16 reason = WLAN_REASON_UNSPECIFIED;
int status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
+ struct hostapd_iface *iface = hapd->iface;
if (addr == NULL) {
/*
@@ -785,6 +786,7 @@ skip_wpa_check:
#ifdef CONFIG_OWE
if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
+ !(iface->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP) &&
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
elems.owe_dh) {
u8 *npos;
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index dbe2ad5e4..43000ebfd 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -2253,6 +2253,10 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA 0x0000000000002000ULL
/** Driver supports MLO in station/AP mode */
#define WPA_DRIVER_FLAGS2_MLO 0x0000000000004000ULL
+/** Driver supports OWE STA offload */
+#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD 0x0000000000008000ULL
+/** Driver supports OWE AP offload */
+#define WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP 0x0000000000010000ULL
u64 flags2;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 5e6406885..71c74e081 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -697,6 +697,14 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_STA;
capa->flags2 |= WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP;
}
+
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_OWE_OFFLOAD))
+ capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD;
+
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_OWE_OFFLOAD_AP))
+ capa->flags2 |= WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP;
}
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index 9d39703e0..4cffa82b7 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -1908,7 +1908,8 @@ static void mlme_event_dh_event(struct wpa_driver_nl80211_data *drv,
u8 *addr, *link_addr = NULL;
int assoc_link_id = -1;
- if (!is_ap_interface(drv->nlmode))
+ if (!is_ap_interface(drv->nlmode) ||
+ (drv->capa.flags2 & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_AP))
return;
if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_IE])
return;
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index c59fec406..6cbd63aab 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -334,6 +334,15 @@
* use %NL80211_CMD_START_AP or similar functions.
*/
+/**
+ * DOC: OWE DH IE handling offload
+ *
+ * By setting @NL80211_EXT_FEATURE_OWE_OFFLOAD flag, drivers can indicate
+ * kernel/application space to avoid DH IE handling. When this flag is
+ * advertised, the driver/device will take care of DH IE inclusion and
+ * processing of peer DH IE to generate PMK.
+ */
+
/**
* enum nl80211_commands - supported nl80211 commands
*
@@ -6372,6 +6381,12 @@ enum nl80211_feature_flags {
* in authentication and deauthentication frames sent to unassociated peer
* using @NL80211_CMD_FRAME.
*
+ * @NL80211_EXT_FEATURE_OWE_OFFLOAD: Driver/Device wants to do OWE DH IE
+ * handling in station mode.
+ *
+ * @NL80211_EXT_FEATURE_OWE_OFFLOAD_AP: Driver/Device wants to do OWE DH IE
+ * handling in AP mode.
+ *
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
*/
@@ -6443,6 +6458,8 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_PUNCT,
NL80211_EXT_FEATURE_SECURE_NAN,
NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA,
+ NL80211_EXT_FEATURE_OWE_OFFLOAD,
+ NL80211_EXT_FEATURE_OWE_OFFLOAD_AP,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index f205b91d5..a9ab4aea4 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3206,6 +3206,7 @@ static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
#ifdef CONFIG_OWE
if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
+ (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD)) &&
(!bssid_known ||
owe_process_assoc_resp(wpa_s->wpa,
wpa_s->valid_links ?
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index ba68e8198..a088bee73 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -3588,7 +3588,8 @@ static u8 * wpas_populate_assoc_ies(
} else
#endif /* CONFIG_TESTING_OPTIONS */
if (algs == WPA_AUTH_ALG_OPEN &&
- ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
+ ssid->key_mgmt == WPA_KEY_MGMT_OWE &&
+ !(wpa_s->drv_flags & WPA_DRIVER_FLAGS2_OWE_OFFLOAD)) {
struct wpabuf *owe_ie;
u16 group;
--
2.32.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4218 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20231031/4d91837f/attachment-0001.p7s>
More information about the Hostap
mailing list