Commit 11b6b5a4 authored by Jouni Malinen's avatar Jouni Malinen Committed by Johannes Berg

cfg80211: Rename SAE_DATA to more generic AUTH_DATA

This adds defines and nl80211 extensions to allow FILS Authentication to
be implemented similarly to SAE. FILS does not need the special rules
for the Authentication transaction number and Status code fields, but it
does need to add non-IE fields. The previously used
NL80211_ATTR_SAE_DATA can be reused for this to avoid having to
duplicate that implementation. Rename that attribute to more generic
NL80211_ATTR_AUTH_DATA (with backwards compatibility define for
NL80211_SAE_DATA).

Also document the special rules related to the Authentication
transaction number and Status code fiels.
Signed-off-by: default avatarJouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent bfe2c7b1
...@@ -1785,9 +1785,11 @@ const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 ie); ...@@ -1785,9 +1785,11 @@ const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 ie);
* @key_len: length of WEP key for shared key authentication * @key_len: length of WEP key for shared key authentication
* @key_idx: index of WEP key for shared key authentication * @key_idx: index of WEP key for shared key authentication
* @key: WEP key for shared key authentication * @key: WEP key for shared key authentication
* @sae_data: Non-IE data to use with SAE or %NULL. This starts with * @auth_data: Fields and elements in Authentication frames. This contains
* Authentication transaction sequence number field. * the authentication frame body (non-IE and IE data), excluding the
* @sae_data_len: Length of sae_data buffer in octets * Authentication algorithm number, i.e., starting at the Authentication
* transaction sequence number field.
* @auth_data_len: Length of auth_data buffer in octets
*/ */
struct cfg80211_auth_request { struct cfg80211_auth_request {
struct cfg80211_bss *bss; struct cfg80211_bss *bss;
...@@ -1796,8 +1798,8 @@ struct cfg80211_auth_request { ...@@ -1796,8 +1798,8 @@ struct cfg80211_auth_request {
enum nl80211_auth_type auth_type; enum nl80211_auth_type auth_type;
const u8 *key; const u8 *key;
u8 key_len, key_idx; u8 key_len, key_idx;
const u8 *sae_data; const u8 *auth_data;
size_t sae_data_len; size_t auth_data_len;
}; };
/** /**
......
...@@ -1638,8 +1638,16 @@ enum nl80211_commands { ...@@ -1638,8 +1638,16 @@ enum nl80211_commands {
* the connection request from a station. nl80211_connect_failed_reason * the connection request from a station. nl80211_connect_failed_reason
* enum has different reasons of connection failure. * enum has different reasons of connection failure.
* *
* @NL80211_ATTR_SAE_DATA: SAE elements in Authentication frames. This starts * @NL80211_ATTR_AUTH_DATA: Fields and elements in Authentication frames.
* with the Authentication transaction sequence number field. * This contains the authentication frame body (non-IE and IE data),
* excluding the Authentication algorithm number, i.e., starting at the
* Authentication transaction sequence number field. It is used with
* authentication algorithms that need special fields to be added into
* the frames (SAE and FILS). Currently, only the SAE cases use the
* initial two fields (Authentication transaction sequence number and
* Status code). However, those fields are included in the attribute data
* for all authentication algorithms to keep the attribute definition
* consistent.
* *
* @NL80211_ATTR_VHT_CAPABILITY: VHT Capability information element (from * @NL80211_ATTR_VHT_CAPABILITY: VHT Capability information element (from
* association request when used with NL80211_CMD_NEW_STATION) * association request when used with NL80211_CMD_NEW_STATION)
...@@ -2195,7 +2203,7 @@ enum nl80211_attrs { ...@@ -2195,7 +2203,7 @@ enum nl80211_attrs {
NL80211_ATTR_CONN_FAILED_REASON, NL80211_ATTR_CONN_FAILED_REASON,
NL80211_ATTR_SAE_DATA, NL80211_ATTR_AUTH_DATA,
NL80211_ATTR_VHT_CAPABILITY, NL80211_ATTR_VHT_CAPABILITY,
...@@ -2347,6 +2355,7 @@ enum nl80211_attrs { ...@@ -2347,6 +2355,7 @@ enum nl80211_attrs {
#define NL80211_ATTR_SCAN_GENERATION NL80211_ATTR_GENERATION #define NL80211_ATTR_SCAN_GENERATION NL80211_ATTR_GENERATION
#define NL80211_ATTR_MESH_PARAMS NL80211_ATTR_MESH_CONFIG #define NL80211_ATTR_MESH_PARAMS NL80211_ATTR_MESH_CONFIG
#define NL80211_ATTR_IFACE_SOCKET_OWNER NL80211_ATTR_SOCKET_OWNER #define NL80211_ATTR_IFACE_SOCKET_OWNER NL80211_ATTR_SOCKET_OWNER
#define NL80211_ATTR_SAE_DATA NL80211_ATTR_AUTH_DATA
/* /*
* Allow user space programs to use #ifdef on new attributes by defining them * Allow user space programs to use #ifdef on new attributes by defining them
......
...@@ -4483,20 +4483,20 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, ...@@ -4483,20 +4483,20 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len + auth_data = kzalloc(sizeof(*auth_data) + req->auth_data_len +
req->ie_len, GFP_KERNEL); req->ie_len, GFP_KERNEL);
if (!auth_data) if (!auth_data)
return -ENOMEM; return -ENOMEM;
auth_data->bss = req->bss; auth_data->bss = req->bss;
if (req->sae_data_len >= 4) { if (req->auth_data_len >= 4) {
__le16 *pos = (__le16 *) req->sae_data; __le16 *pos = (__le16 *) req->auth_data;
auth_data->sae_trans = le16_to_cpu(pos[0]); auth_data->sae_trans = le16_to_cpu(pos[0]);
auth_data->sae_status = le16_to_cpu(pos[1]); auth_data->sae_status = le16_to_cpu(pos[1]);
memcpy(auth_data->data, req->sae_data + 4, memcpy(auth_data->data, req->auth_data + 4,
req->sae_data_len - 4); req->auth_data_len - 4);
auth_data->data_len += req->sae_data_len - 4; auth_data->data_len += req->auth_data_len - 4;
} }
if (req->ie && req->ie_len) { if (req->ie && req->ie_len) {
......
...@@ -345,7 +345,7 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, ...@@ -345,7 +345,7 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
const u8 *ssid, int ssid_len, const u8 *ssid, int ssid_len,
const u8 *ie, int ie_len, const u8 *ie, int ie_len,
const u8 *key, int key_len, int key_idx, const u8 *key, int key_len, int key_idx,
const u8 *sae_data, int sae_data_len); const u8 *auth_data, int auth_data_len);
int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev, int cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,
struct net_device *dev, struct net_device *dev,
struct ieee80211_channel *chan, struct ieee80211_channel *chan,
......
...@@ -204,14 +204,14 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev, ...@@ -204,14 +204,14 @@ int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,
const u8 *ssid, int ssid_len, const u8 *ssid, int ssid_len,
const u8 *ie, int ie_len, const u8 *ie, int ie_len,
const u8 *key, int key_len, int key_idx, const u8 *key, int key_len, int key_idx,
const u8 *sae_data, int sae_data_len) const u8 *auth_data, int auth_data_len)
{ {
struct wireless_dev *wdev = dev->ieee80211_ptr; struct wireless_dev *wdev = dev->ieee80211_ptr;
struct cfg80211_auth_request req = { struct cfg80211_auth_request req = {
.ie = ie, .ie = ie,
.ie_len = ie_len, .ie_len = ie_len,
.sae_data = sae_data, .auth_data = auth_data,
.sae_data_len = sae_data_len, .auth_data_len = auth_data_len,
.auth_type = auth_type, .auth_type = auth_type,
.key = key, .key = key,
.key_len = key_len, .key_len = key_len,
......
...@@ -357,7 +357,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { ...@@ -357,7 +357,7 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 }, [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
[NL80211_ATTR_WDEV] = { .type = NLA_U64 }, [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 }, [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, }, [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN }, [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 }, [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 }, [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
...@@ -7729,8 +7729,8 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) ...@@ -7729,8 +7729,8 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
struct cfg80211_registered_device *rdev = info->user_ptr[0]; struct cfg80211_registered_device *rdev = info->user_ptr[0];
struct net_device *dev = info->user_ptr[1]; struct net_device *dev = info->user_ptr[1];
struct ieee80211_channel *chan; struct ieee80211_channel *chan;
const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL; const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
int err, ssid_len, ie_len = 0, sae_data_len = 0; int err, ssid_len, ie_len = 0, auth_data_len = 0;
enum nl80211_auth_type auth_type; enum nl80211_auth_type auth_type;
struct key_parse key; struct key_parse key;
bool local_state_change; bool local_state_change;
...@@ -7811,16 +7811,16 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) ...@@ -7811,16 +7811,16 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
return -EINVAL; return -EINVAL;
if (auth_type == NL80211_AUTHTYPE_SAE && if (auth_type == NL80211_AUTHTYPE_SAE &&
!info->attrs[NL80211_ATTR_SAE_DATA]) !info->attrs[NL80211_ATTR_AUTH_DATA])
return -EINVAL; return -EINVAL;
if (info->attrs[NL80211_ATTR_SAE_DATA]) { if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
if (auth_type != NL80211_AUTHTYPE_SAE) if (auth_type != NL80211_AUTHTYPE_SAE)
return -EINVAL; return -EINVAL;
sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]); auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]); auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
/* need to include at least Auth Transaction and Status Code */ /* need to include at least Auth Transaction and Status Code */
if (sae_data_len < 4) if (auth_data_len < 4)
return -EINVAL; return -EINVAL;
} }
...@@ -7837,7 +7837,7 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) ...@@ -7837,7 +7837,7 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
ssid, ssid_len, ie, ie_len, ssid, ssid_len, ie, ie_len,
key.p.key, key.p.key_len, key.idx, key.p.key, key.p.key_len, key.idx,
sae_data, sae_data_len); auth_data, auth_data_len);
wdev_unlock(dev->ieee80211_ptr); wdev_unlock(dev->ieee80211_ptr);
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment