package/kernel/mac80211/patches/subsys/302-cfg80211-Add-support-to-configure-SAE-PWE-value-to-d.patch - T108 - Gitiles

 From: Rohan Dutta <drohan@codeaurora.org>
 Date: Tue, 27 Oct 2020 12:09:10 +0200
 Subject: [PATCH] cfg80211: Add support to configure SAE PWE value to drivers

 Add support to configure SAE PWE preference from userspace to drivers in
 both AP and STA modes. This is needed for cases where the driver takes
 care of Authentication frame processing (SME in the driver) so that
 correct enforcement of the acceptable PWE derivation mechanism can be
 performed.

 The userspace applications can pass the sae_pwe value using the
 NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and
 NL80211_CMD_START_AP commands to the driver. This allows selection
 between the hunting-and-pecking loop and hash-to-element options for PWE
 derivation. For backwards compatibility, this new attribute is optional
 and if not included, the driver is notified of the value being
 unspecified.

 Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
 Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
 Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org
 Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 ---

 --- a/include/net/cfg80211.h
 +++ b/include/net/cfg80211.h
 @@ -1009,6 +1009,14 @@ struct survey_info {
   * @sae_pwd: password for SAE authentication (for devices supporting SAE
   *	offload)
   * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
 + * @sae_pwe: The mechanisms allowed for SAE PWE derivation
 + *	NL80211_SAE_PWE_UNSPECIFIED: Not-specified, used to indicate userspace
 + *		did not specify any preference. The driver should follow its
 + *		internal policy in such a scenario.
 + *	NL80211_SAE_PWE_HUNT_AND_PECK: Allow hunting-and-pecking loop only
 + *	NL80211_SAE_PWE_HASH_TO_ELEMENT: Allow hash-to-element only
 + *	NL80211_SAE_PWE_BOTH: Allow either hunting-and-pecking loop
 + *		or hash-to-element
   */
  struct cfg80211_crypto_settings {
  	u32 wpa_versions;
 @@ -1027,6 +1035,7 @@ struct cfg80211_crypto_settings {
  	const u8 *psk;
  	const u8 *sae_pwd;
  	u8 sae_pwd_len;
 +	enum nl80211_sae_pwe_mechanism sae_pwe;
  };

  /**
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
 @@ -741,6 +741,9 @@ static const struct nla_policy nl80211_p
  		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
  	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
  		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
 +	[NL80211_ATTR_SAE_PWE] =
 +		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
 +				 NL80211_SAE_PWE_BOTH),
  	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
  };

 @@ -9778,6 +9781,12 @@ static int nl80211_crypto_settings(struc
  			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
  	}

 +	if (info->attrs[NL80211_ATTR_SAE_PWE])
 +		settings->sae_pwe =
 +			nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
 +	else
 +		settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
 +
  	return 0;
  }
	From: Rohan Dutta <drohan@codeaurora.org>
	Date: Tue, 27 Oct 2020 12:09:10 +0200
	Subject: [PATCH] cfg80211: Add support to configure SAE PWE value to drivers

	Add support to configure SAE PWE preference from userspace to drivers in
	both AP and STA modes. This is needed for cases where the driver takes
	care of Authentication frame processing (SME in the driver) so that
	correct enforcement of the acceptable PWE derivation mechanism can be
	performed.

	The userspace applications can pass the sae_pwe value using the
	NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and
	NL80211_CMD_START_AP commands to the driver. This allows selection
	between the hunting-and-pecking loop and hash-to-element options for PWE
	derivation. For backwards compatibility, this new attribute is optional
	and if not included, the driver is notified of the value being
	unspecified.

	Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
	Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
	Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org
	Signed-off-by: Johannes Berg <johannes.berg@intel.com>
	---

	--- a/include/net/cfg80211.h
	+++ b/include/net/cfg80211.h
	@@ -1009,6 +1009,14 @@ struct survey_info {
	* @sae_pwd: password for SAE authentication (for devices supporting SAE
	* offload)
	* @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
	+ * @sae_pwe: The mechanisms allowed for SAE PWE derivation
	+ * NL80211_SAE_PWE_UNSPECIFIED: Not-specified, used to indicate userspace
	+ * did not specify any preference. The driver should follow its
	+ * internal policy in such a scenario.
	+ * NL80211_SAE_PWE_HUNT_AND_PECK: Allow hunting-and-pecking loop only
	+ * NL80211_SAE_PWE_HASH_TO_ELEMENT: Allow hash-to-element only
	+ * NL80211_SAE_PWE_BOTH: Allow either hunting-and-pecking loop
	+ * or hash-to-element
	*/
	struct cfg80211_crypto_settings {
	u32 wpa_versions;
	@@ -1027,6 +1035,7 @@ struct cfg80211_crypto_settings {
	const u8 *psk;
	const u8 *sae_pwd;
	u8 sae_pwd_len;
	+ enum nl80211_sae_pwe_mechanism sae_pwe;
	};

	/**
	--- a/net/wireless/nl80211.c
	+++ b/net/wireless/nl80211.c
	@@ -741,6 +741,9 @@ static const struct nla_policy nl80211_p
	NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
	NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
	+ [NL80211_ATTR_SAE_PWE] =
	+ NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
	+ NL80211_SAE_PWE_BOTH),
	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
	};

	@@ -9778,6 +9781,12 @@ static int nl80211_crypto_settings(struc
	nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
	}

	+ if (info->attrs[NL80211_ATTR_SAE_PWE])
	+ settings->sae_pwe =
	+ nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
	+ else
	+ settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
	+
	return 0;
	}