From patchwork Thu Mar 23 19:56:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arend van Spriel X-Patchwork-Id: 742880 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3vpy555Qh7z9s7b for ; Fri, 24 Mar 2017 06:57:29 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="o+3yI2vY"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References: In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=itoOcl2yulmaycb8uhrZDAF3hWidzDhX4P0rwoUlrKk=; b=o+3yI2vYXnT62LUO7bEPQNz6Fc HKhZb9ggmioA3FcK+E01RU33MNYre3HZWx3SIMKnXN9ZfAeef9manm2dqYXgvV44w8KLN0T8kAvEF zw9GhniuQ8y6TJ6En1C4F5MRbj+e2kQ3HFHbby97nzFtnwRIN/pUGBR9V6WsGhLmXcMLdqfJkrgTG ZkAqvxtK/BOwdKwQSjiuhwZgA26iyOIM9FMNtBVCuoihI/zHy6e//Dcnr/j6ydSaqh60e8/AhPax5 uSqOcRJm83n78RlgoRB1vzNVS/xUb30THOMIQIGpo9NvViFC2BHr8SFejoS23c5WOcsqsqqD8zJ+B KEDY7owA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1cr8rP-0001HV-4Z; Thu, 23 Mar 2017 19:57:27 +0000 Received: from lpdvrndsmtp01.broadcom.com ([192.19.229.170] helo=rnd-relay.smtp.broadcom.com) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1cr8rL-0001EM-Ed for hostap@lists.infradead.org; Thu, 23 Mar 2017 19:57:25 +0000 Received: from mail-irv-17.broadcom.com (mail-irv-17.lvn.broadcom.net [10.75.224.233]) by rnd-relay.smtp.broadcom.com (Postfix) with ESMTP id 3F59630C0BC; Thu, 23 Mar 2017 12:56:59 -0700 (PDT) Received: from jenkins-cam-14.cam.broadcom.com (jenkins-cam-14.cam.broadcom.com [10.177.128.77]) by mail-irv-17.broadcom.com (Postfix) with ESMTP id 238629445A; Thu, 23 Mar 2017 12:56:58 -0700 (PDT) Received: by jenkins-cam-14.cam.broadcom.com (Postfix, from userid 25152) id 8A236B810AC; Thu, 23 Mar 2017 19:56:57 +0000 (GMT) From: Arend van Spriel To: Jouni Malinen Subject: [RFC] drivers: add separate driver flags for 802.1X and WPA/WPA2-Personal Date: Thu, 23 Mar 2017 19:56:39 +0000 Message-Id: <1490298999-16464-1-git-send-email-arend.vanspriel@broadcom.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1488792862-23326-1-git-send-email-andrei.otcheretianski@intel.com> References: <1488792862-23326-1-git-send-email-andrei.otcheretianski@intel.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170323_125723_549391_2F674439 X-CRM114-Status: GOOD ( 16.90 ) X-Spam-Score: -1.9 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Johannes Berg , hostap@lists.infradead.org, Andrei Otcheretianski , Arend van Spriel MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Allow drivers to indicate support for either 802.1X and/or WPA/WPA2-PSK introducing two separate drivers flags. Cc: Andrei Otcheretianski Cc: Johannes Berg Signed-off-by: Arend van Spriel --- In reply to RFC "driver_nl80211: Support 4-way HS offloading for 1X and PSK" posted by Andrei I decided to post this follow-up RFC. Having wpa_supplicant specifying drivers flags with this granularity seems to have merit. Not sure if I got all conditions checking the 4-way HS offload flag right. The one under CONFIG_PEERKEY was assumed PSK offload but not sure if that is true here. Anyway, hope this will help decide which way to go with this. Regards, Arend --- src/drivers/driver.h | 18 ++++++++++-------- src/drivers/driver_common.c | 3 ++- src/drivers/driver_nl80211.c | 4 ++-- src/drivers/driver_nl80211_capa.c | 7 ++++--- src/drivers/driver_openbsd.c | 3 ++- src/drivers/driver_wext.c | 7 ++++--- wpa_supplicant/events.c | 4 ++-- wpa_supplicant/wpa_supplicant.c | 8 ++++---- wpa_supplicant/wpas_glue.c | 2 +- 9 files changed, 31 insertions(+), 25 deletions(-) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index fc2593e..fee91c2 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -865,10 +865,10 @@ struct wpa_driver_associate_params { * passphrase - RSN passphrase for PSK * * This value is made available only for WPA/WPA2-Personal (PSK) and - * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE. This is - * the 8..63 character ASCII passphrase, if available. Please note that - * this can be %NULL if passphrase was not used to generate the PSK. In - * that case, the psk field must be used to fetch the PSK. + * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK. This + * is the 8..63 character ASCII passphrase, if available. Please note + * that this can be %NULL if passphrase was not used to generate the + * PSK. In that case, the psk field must be used to fetch the PSK. */ const char *passphrase; @@ -876,9 +876,9 @@ struct wpa_driver_associate_params { * psk - RSN PSK (alternative for passphrase for PSK) * * This value is made available only for WPA/WPA2-Personal (PSK) and - * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE. This is - * the 32-octet (256-bit) PSK, if available. The driver wrapper should - * be prepared to handle %NULL value as an error. + * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK. This + * is the 32-octet (256-bit) PSK, if available. The driver wrapper + * should be prepared to handle %NULL value as an error. */ const u8 *psk; @@ -1364,7 +1364,7 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS_DFS_OFFLOAD 0x00000004 /** Driver takes care of RSN 4-way handshake internally; PMK is configured with * struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */ -#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE 0x00000008 +#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X 0x00000008 /** Driver is for a wired Ethernet interface */ #define WPA_DRIVER_FLAGS_WIRED 0x00000010 /** Driver provides separate commands for authentication and association (SME in @@ -1469,6 +1469,8 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS_SCHED_SCAN_RELATIVE_RSSI 0x0001000000000000ULL /** Driver supports HE capabilities */ #define WPA_DRIVER_FLAGS_HE_CAPABILITIES 0x0002000000000000ULL +/** Driver support 4-way handshake offload for WPA-Personal */ +#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0004000000000000ULL u64 flags; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c index 220b7d4..89b2135 100644 --- a/src/drivers/driver_common.c +++ b/src/drivers/driver_common.c @@ -230,7 +230,8 @@ const char * driver_flag_to_string(u64 flag) DF2S(DRIVER_IE); DF2S(SET_KEYS_AFTER_ASSOC); DF2S(DFS_OFFLOAD); - DF2S(4WAY_HANDSHAKE); + DF2S(4WAY_HANDSHAKE_PSK); + DF2S(4WAY_HANDSHAKE_8021X); DF2S(WIRED); DF2S(SME); DF2S(AP); diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 1768522..669aa04 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -2825,7 +2825,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss, #endif /* CONFIG_DRIVER_NL80211_QCA */ if (alg == WPA_ALG_PMK && - (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) + (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) return wpa_driver_nl80211_set_pmk(drv, key, key_len, addr); if (alg == WPA_ALG_NONE) { @@ -5255,7 +5255,7 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, /* add psk in case of 4way handshake offload */ if (params->psk && - (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) { + (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)) { wpa_printf(MSG_DEBUG, "Adding psk (len=32)"); wpa_hexdump_key(MSG_DEBUG, "PSK", params->psk, 32); if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk)) diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index 54f9a03..4b3327e 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -400,10 +400,11 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, capa->flags |= WPA_DRIVER_FLAGS_SCHED_SCAN_RELATIVE_RSSI; if (ext_feature_isset(ext_features, len, - NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) && - ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK)) + capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK; + if (ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) - capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; + capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X; } diff --git a/src/drivers/driver_openbsd.c b/src/drivers/driver_openbsd.c index e94eda0..ae61d74 100644 --- a/src/drivers/driver_openbsd.c +++ b/src/drivers/driver_openbsd.c @@ -62,7 +62,8 @@ static int wpa_driver_openbsd_get_capa(void *priv, struct wpa_driver_capa *capa) { os_memset(capa, 0, sizeof(*capa)); - capa->flags = WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; + capa->flags = WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK & + WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X; return 0; } diff --git a/src/drivers/driver_wext.c b/src/drivers/driver_wext.c index 47b90eb..f2bf012 100644 --- a/src/drivers/driver_wext.c +++ b/src/drivers/driver_wext.c @@ -470,7 +470,7 @@ static void wpa_driver_wext_event_wireless(struct wpa_driver_wext_data *drv, drv->assoc_resp_ies = NULL; wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL); - + } else { wpa_driver_wext_event_assoc_ies(drv); wpa_supplicant_event(drv->ctx, EVENT_ASSOC, @@ -1654,7 +1654,8 @@ static int wpa_driver_wext_get_range(void *priv) if (range->enc_capa & IW_ENC_CAPA_CIPHER_CCMP) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; if (range->enc_capa & IW_ENC_CAPA_4WAY_HANDSHAKE) - drv->capa.flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE; + drv->capa.flags |= (WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK & + WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X); drv->capa.auth = WPA_DRIVER_AUTH_OPEN | WPA_DRIVER_AUTH_SHARED | WPA_DRIVER_AUTH_LEAP; @@ -1685,7 +1686,7 @@ static int wpa_driver_wext_set_psk(struct wpa_driver_wext_data *drv, wpa_printf(MSG_DEBUG, "%s", __FUNCTION__); - if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) + if (!(drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) return 0; if (!psk) diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c index 4ef8e28..c93ee84 100644 --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -2563,7 +2563,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, } wpa_supplicant_cancel_scan(wpa_s); - if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && + if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) && wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { /* * We are done; the driver will take care of RSN 4-way @@ -2573,7 +2573,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); eapol_sm_notify_portValid(wpa_s->eapol, TRUE); eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); - } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && + } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) && wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { /* * The driver will take care of RSN 4-way handshake, so we need diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index e65441d..6ea8519 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -2572,7 +2572,7 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit) } params.wep_tx_keyidx = ssid->wep_tx_keyidx; - if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && + if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) && (params.key_mgmt_suite == WPA_KEY_MGMT_PSK || params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) { params.passphrase = ssid->passphrase; @@ -3464,7 +3464,7 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, #ifdef CONFIG_PEERKEY if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid && wpa_s->current_ssid->peerkey && - !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && + !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) && wpa_sm_rx_eapol_peerkey(wpa_s->wpa, src_addr, buf, len) == 1) { wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Processed PeerKey EAPOL-Key"); return; @@ -3520,7 +3520,7 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, } if (wpa_s->eapol_received == 0 && - (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) || + (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) || !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || wpa_s->wpa_state != WPA_COMPLETED) && (wpa_s->current_ssid == NULL || @@ -3585,7 +3585,7 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0) return; wpa_drv_poll(wpa_s); - if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) + if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)) wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len); else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { /* diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c index 52904d3..a49d0c0 100644 --- a/wpa_supplicant/wpas_glue.c +++ b/wpa_supplicant/wpas_glue.c @@ -295,7 +295,7 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, } if (result != EAPOL_SUPP_RESULT_SUCCESS || - !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) + !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) return; if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))