Hi,
> Let drivers advertise support for station-mode SAE authentication
> offload with a new NL80211_EXT_FEATURE_SAE_OFFLOAD flag.
>
> Signed-off-by: Chung-Hsien Hsu <[email protected]>
> Signed-off-by: Chi-Hsien Lin <[email protected]>
> ---
> include/linux/ieee80211.h | 1 +
> include/net/cfg80211.h | 5 +++++
> include/uapi/linux/nl80211.h | 16 ++++++++++++++++
> net/wireless/nl80211.c | 14 ++++++++++++++
> 4 files changed, 36 insertions(+)
>
> diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
> index 3b04e72315e1..37d3e655e547 100644
> --- a/include/linux/ieee80211.h
> +++ b/include/linux/ieee80211.h
> @@ -2596,6 +2596,7 @@ enum ieee80211_key_len {
> #define FILS_ERP_MAX_RRK_LEN 64
>
> #define PMK_MAX_LEN 64
> +#define SAE_PASSWORD_MAX_LEN 128
>
> /* Public action codes (IEEE Std 802.11-2016, 9.6.8.1, Table 9-307) */
> enum ieee80211_pub_actioncode {
> diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
> index e0c41eb1c860..5809dac97b33 100644
> --- a/include/net/cfg80211.h
> +++ b/include/net/cfg80211.h
> @@ -740,6 +740,9 @@ struct survey_info {
> * CFG80211_MAX_WEP_KEYS WEP keys
> * @wep_tx_key: key index (0..3) of the default TX static WEP key
> * @psk: PSK (for devices supporting 4-way-handshake offload)
> + * @sae_pwd: password for SAE authentication (for devices supporting SAE
> + * offload)
> + * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
> */
> struct cfg80211_crypto_settings {
> u32 wpa_versions;
> @@ -755,6 +758,8 @@ struct cfg80211_crypto_settings {
> struct key_params *wep_keys;
> int wep_tx_key;
> const u8 *psk;
> + const u8 *sae_pwd;
> + u16 sae_pwd_len;
> };
>
> /**
> diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
> index 12762afb3a07..4840aaed39ba 100644
> --- a/include/uapi/linux/nl80211.h
> +++ b/include/uapi/linux/nl80211.h
> @@ -235,6 +235,15 @@
> */
>
> /**
> + * DOC: SAE authentication offload
> + *
> + * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
> + * support offloading SAE authentication for WPA3-Personal networks. In
> + * %NL80211_CMD_CONNECT the password for SAE should be specified using
> + * %NL80211_ATTR_SAE_PASSWORD.
> + */
> +
> +/**
> * enum nl80211_commands - supported nl80211 commands
> *
> * @NL80211_CMD_UNSPEC: unspecified command to catch errors
> @@ -2288,6 +2297,9 @@ enum nl80211_commands {
> *
> * @NL80211_ATTR_FTM_RESPONDER_STATS: Nested attribute with FTM responder
> * statistics, see &enum nl80211_ftm_responder_stats.
> + * @NL80211_ATTR_SAE_PASSWORD: attribute for passing SAE password material.
> It
> + * is used with %NL80211_CMD_CONNECT to provide password for offloading
> + * SAE authentication for WPA3-Personal networks.
> *
> * @NL80211_ATTR_TIMEOUT: Timeout for the given operation in milliseconds
> (u32),
> * if the attribute is not given no timeout is requested. Note that 0 is an
> @@ -2743,6 +2755,7 @@ enum nl80211_attrs {
> NL80211_ATTR_FTM_RESPONDER,
>
> NL80211_ATTR_FTM_RESPONDER_STATS,
> + NL80211_ATTR_SAE_PASSWORD,
>
> NL80211_ATTR_TIMEOUT,
so you are breaking user-space API on purpose here even when there was a clear
comment where to add new attributes:
/* add attributes here, update the policy in nl80211.c */
More importantly, does this actually need a new attribute and you can not
utilize what has already been added for mesh? If this attribute is solely for
offload cases, then it might be better named accordingly. Also I am curious on
how mixed WPA1/WPA2/WPA3 network credentials are now provided to a CMD_CONNECT.
So the CMD_CONNECT description might require an update as well.
Regards
Marcel
