From patchwork Mon Jan  7 11:14:41 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arend van Spriel <arend.vanspriel@broadcom.com>
X-Patchwork-Id: 1021274
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=quarantine dis=none)
	header.from=broadcom.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="Iryl7Bk4";
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=broadcom.com header.i=@broadcom.com
	header.b="O5YBeu5W"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43YCV80y25z9sDr
	for <incoming@patchwork.ozlabs.org>;
	Mon,  7 Jan 2019 22:15:12 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:References:
	In-Reply-To:Message-Id:Date:Subject:To:From:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=jgjPZmPdlLUsj0iq19HPccMpu/JB6/2rkmuYdrsB4V8=;
	b=Iryl7Bk41VoxFLAl9RB7E+eKNn
	rleLNZSQI2Rz6lqMu3nn5FHLBl26qybTEK6QgFL3cw8jL8n66CNied1usmUeGf+/tjAvNrA3wGZct
	56Hjpo7qZIMKEa2nQj/AAnTqx+yOohe1xsk+H0mFN56rFnJKJd2Dhnkuw/dGM+XXpT4ECEyoW2vZR
	HR+4cK4n68rxihRK56/4tnXXNIA+JobjC/mfZci6rP4QN+eLYfuGvIQdv93kUz905DQ9aCk303a5l
	F/plj9Z8AeuatkMcZic5pshAcz8uUNqGV8gb53XEcvxFofhF3ZnsxR/mxiWNFj/NRZYSAl2OeCJo2
	i4BlS1ew==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1ggSrz-000676-PK; Mon, 07 Jan 2019 11:14:59 +0000
Received: from rnd-relay.smtp.broadcom.com ([192.19.229.170])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1ggSrw-00066J-Ow
	for hostap@lists.infradead.org; Mon, 07 Jan 2019 11:14:58 +0000
Received: from mail-irv-17.broadcom.com (mail-irv-17.lvn.broadcom.net
	[10.75.224.233])
	by rnd-relay.smtp.broadcom.com (Postfix) with ESMTP id 6F98C30C01C;
	Mon,  7 Jan 2019 03:14:40 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.10.3 rnd-relay.smtp.broadcom.com 6F98C30C01C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=broadcom.com;
	s=dkimrelay; t=1546859680;
	bh=jCQQf498wvBLSA/b3vCXl1FZW3IqAVe2v6QhRv+Wb4g=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=O5YBeu5WALsd+Oe+3h/Dk8fCSGZaMDZa8ZEVCccB6nQk/8SG2xbvIvpoSICrE8nYl
	yxM/bWaVhlETa7sRj1LHe4Aej+n47/T2iqV6hKUeF+H1shXCOdiI73xiyckd9tuDC1
	RvV0cdSQ2kEkZi5o+IfgcOlaq/JLBMQNeh2ZaLnw=
Received: from bld-bun-01.bun.broadcom.com (bld-bun-01.bun.broadcom.com
	[10.176.128.83])
	by mail-irv-17.broadcom.com (Postfix) with ESMTP id 3C54C81EC4;
	Mon,  7 Jan 2019 03:14:49 -0800 (PST)
Received: by bld-bun-01.bun.broadcom.com (Postfix, from userid 25152)
	id F2709B006CB; Mon,  7 Jan 2019 12:14:47 +0100 (CET)
From: Arend van Spriel <arend.vanspriel@broadcom.com>
To: Jouni Malinen <j@w1.fi>
Subject: [PATCH 2/2] drivers: nl80211: indicate 802.1X 4-way handshake
	offload in connect
Date: Mon,  7 Jan 2019 12:14:41 +0100
Message-Id: <1546859681-4597-2-git-send-email-arend.vanspriel@broadcom.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1546859681-4597-1-git-send-email-arend.vanspriel@broadcom.com>
References: <1546859681-4597-1-git-send-email-arend.vanspriel@broadcom.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20190107_031456_947864_92A4A7B0 
X-CRM114-Status: GOOD (  10.37  )
X-Spam-Score: -7.1 (-------)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
	Content analysis details:   (-7.1 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 SPF_PASS               SPF: sender matches SPF record
	-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/,
	medium trust [192.19.229.170 listed in list.dnswl.org]
	-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
	envelope-from domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	-4.6 DKIMWL_WL_HIGH         DKIMwl.org - Whitelisted High sender
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
Cc: hostap@lists.infradead.org,
	Arend van Spriel <arend.vanspriel@broadcom.com>
MIME-Version: 1.0
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Upon issuing a connect request we need to indicate that we want the
driver to offload the 802.1X 4-way handshake for us. Indicate it if
the driver capability supports the offload.

Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
---
Hi Jouni,

Here the patch to indicate to the driver that it should offload the 802.1X
handshake. I am not entirely sure about all the key management suites that
are to be considered as 802.1X offload. I reused the req_key_mgmt_offload flag
as it sounded like a nice fit, but not sure if that could cause issues. At
least with the brcmfmac it seems to work as intended.

Regards,
Arend
---
 src/drivers/driver_nl80211.c    | 5 +++++
 wpa_supplicant/wpa_supplicant.c | 7 +++++++
 2 files changed, 12 insertions(+)

--
1.9.1

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 5081b5b..e260d56 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -5568,6 +5568,11 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
 			return -1;
 	}

+	if (params->req_key_mgmt_offload &&
+	    (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
+	    nla_put_flag(msg, NL80211_ATTR_WANT_1X_4WAY_HS))
+		return -1;
+
 	/* Add PSK in case of 4-way handshake offload */
 	if (params->psk &&
 	    (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)) {
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 7d80946..68f2b1f 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -3113,6 +3113,13 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
 		if (ssid->psk_set)
 			params.psk = ssid->psk;
 	}
+	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
+	    (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
+	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
+	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
+	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ||
+	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X))
+		params.req_key_mgmt_offload = 1;

 	if (wpa_s->conf->key_mgmt_offload) {
 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||