nl80211: support SAE authentication offload in AP mode

Let drivers advertise support for AP-mode SAE authentication offload
with a new NL80211_EXT_FEATURE_SAE_OFFLOAD_AP flag.

Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com>
Link: https://lore.kernel.org/r/20200817073316.33402-4-stanley.hsu@cypress.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index ec96d5fe0e057b722d3492d7d9d2f6ffd3f57313..0584e0d349f0b890b0ca920af025ddd9fe12b9c2 100644 (file)
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -252,9 +252,13 @@
  * DOC: SAE authentication offload
  *
  * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
- * support offloading SAE authentication for WPA3-Personal networks. In
- * %NL80211_CMD_CONNECT the password for SAE should be specified using
- * %NL80211_ATTR_SAE_PASSWORD.
+ * support offloading SAE authentication for WPA3-Personal networks in station
+ * mode. Similarly @NL80211_EXT_FEATURE_SAE_OFFLOAD_AP flag can be set by
+ * drivers indicating the offload support in AP mode.
+ *
+ * The password for SAE should be specified using %NL80211_ATTR_SAE_PASSWORD in
+ * %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP for station and AP mode
+ * respectively.
  */
 
 /**
@@ -5845,6 +5849,9 @@ enum nl80211_feature_flags {
  *     handshake with PSK in AP mode (PSK is passed as part of the start AP
  *     command).
  *
+ * @NL80211_EXT_FEATURE_SAE_OFFLOAD_AP: Device wants to do SAE authentication
+ *     in AP mode (SAE password is passed as part of the start AP command).
+ *
  * @NUM_NL80211_EXT_FEATURES: number of extended features.
  * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
  */
@@ -5902,6 +5909,7 @@ enum nl80211_ext_feature_index {
        NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211_TX_STATUS,
        NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION,
        NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK,
+       NL80211_EXT_FEATURE_SAE_OFFLOAD_AP,
 
        /* add new features before the definition below */
        NUM_NL80211_EXT_FEATURES,

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e640e65f3255270147ee570accc85ebecb496723..201d029687cc367923deef516bc59b2271cf0929 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4960,8 +4960,9 @@ static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
                        return false;
                return true;
        case NL80211_CMD_START_AP:
-               /* SAE not supported yet */
-               if (auth_type == NL80211_AUTHTYPE_SAE)
+               if (!wiphy_ext_feature_isset(&rdev->wiphy,
+                                            NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
+                   auth_type == NL80211_AUTHTYPE_SAE)
                        return false;
                /* FILS not supported yet */
                if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
@@ -9552,7 +9553,9 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
 
        if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
                if (!wiphy_ext_feature_isset(&rdev->wiphy,
-                                            NL80211_EXT_FEATURE_SAE_OFFLOAD))
+                                            NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
+                   !wiphy_ext_feature_isset(&rdev->wiphy,
+                                            NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
                        return -EINVAL;
                settings->sae_pwd =
                        nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);