cfg80211: Key management offload support for SHA-256 and FT/8021.X

Changes to add key management offload support for SHA-256 key derivation. Also changes to support connections that are both FT (802.11r) and 802.1X. The changes allow the device to advertise support for these features. Supplicant changes are also needed for full support. CRs-Fixed: 707166 Change-Id: Idd5c79288c5dd85198dddacdd4b64684b5d565e5 Signed-off-by: Chet Lanctot <clanctot@codeaurora.org>
2024-11-27 06:01:12 +00:00 · 2014-08-08 16:09:53 -07:00 · 2014-08-08 16:09:53 -07:00 · 3bb41fde01
commit 3bb41fde01
parent e92aa60f73
5 changed files with 23 additions and 13 deletions
--- a/Documentation/networking/key-mgmt-offload.txt
+++ b/Documentation/networking/key-mgmt-offload.txt
@ -6,7 +6,7 @@ Security Network during initial connection or after a roam between
 APs occurs.  It might also happen during after the device handles a
 PTK rekeying operation.

-This design only supports key managment offload in a station
+This design only supports key management offload in a station
 (non-AP STA).

 There are a couple of possible advantages to offloading key
@ -83,8 +83,7 @@ NL80211_KEY_MGMT_OFFLOAD_SUPPORT_PMKSA
   association connect time because the 802.1X authentication must
   first take place before the PMK is established.  The PMK will be
   passed to the driver using cfg80211_key_mgmt_set_pmk in this case
-   once it is known.  A new cipher suite type is defined to identify
-   the value as a PMK when cfg80211_add_key is used in this way.
+   once it is known.

 Indication
 ----------
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@ -2090,7 +2090,9 @@ struct cfg80211_qos_map {
 *
 * @key_mgmt_set_pmk: Used to pass the PMK to the device for key management
 *	offload.  This will be used in the case of key management offload on an
- *	already established PMKSA.
+ *	already established PMKSA.  If connection is FT (802.11r) enabled with
+ *	802.1X, then the second 256 bits of the MSK is passed instead of the
+ *	PMK.
 */
 struct cfg80211_ops {
 	int	(*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow);
@ -2336,7 +2338,7 @@ struct cfg80211_ops {
 				    struct cfg80211_chan_def *chandef);

 	int	(*key_mgmt_set_pmk)(struct wiphy *wiphy, struct net_device *dev,
-				   u8 *pmk);
+				    const u8 *pmk);
 };

 /*
@ -2726,8 +2728,8 @@ struct wiphy_vendor_command {
 *
 * @key_mgmt_offload_support: Bitmap of supported types of key management
 *	that can be offloaded to the device.  See
- *	nl80211_key_mgmt_offload_support.
- *	Only valid when WIPHY_FLAG_HAS_KEY_MGMT_OFFLOAD is set.
+ *	nl80211_key_mgmt_offload_support.  Only valid when
+ *	WIPHY_FLAG_HAS_KEY_MGMT_OFFLOAD is set.
 * @key_derive_offload_support: Bitmap of supported key derivations used as
 *	part of key management offload.  See nl80211_key_derive_offload_support.
 *	Only valid when WIPHY_FLAG_HAS_KEY_MGMT_OFFLOAD is set.
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@ -700,7 +700,9 @@
 * @NL80211_CMD_KEY_MGMT_SET_PMK: Used to pass the PMK to the device for
 *	key management offload.  This will be used in the case of key
 *	management offload on an already established PMKSA.  The PMK is passed
- *	in NL80211_ATTR_PMK once it is known by the supplicant.
+ *	in NL80211_ATTR_PMK once it is known by the supplicant.  If connection
+ *	is FT (802.11r) enabled with 802.1X, then the second 256 bits of the
+ *	MSK is passed instead of the PMK.
 *
 * @NL80211_CMD_MAX: highest used command number
 * @__NL80211_CMD_AFTER_LAST: internal use
@ -4000,11 +4002,15 @@ enum nl80211_tdls_peer_capability {
 * @NL80211_KEY_MGMT_OFFLOAD_SUPPORT_PMKSA: Key management on already
 *	established PMKSA.  The PMK will be passed using
 *	NL80211_CMD_KEY_MGMT_SET_PMK once it is known.
+ * @NL80211_KEY_MGMT_OFFLOAD_SUPPORT_FT_802_1X: 802.11r (FT) with
+ *	802.1X.  The second 256 bits of the MSK is passed using
+ *	NL80211_CMD_KEY_MGMT_SET_PMK once it is known.
 */
 enum nl80211_key_mgmt_offload_support {
-	NL80211_KEY_MGMT_OFFLOAD_SUPPORT_PSK	= 1 << 0,
-	NL80211_KEY_MGMT_OFFLOAD_SUPPORT_FT_PSK	= 1 << 1,
-	NL80211_KEY_MGMT_OFFLOAD_SUPPORT_PMKSA	= 1 << 2,
+	NL80211_KEY_MGMT_OFFLOAD_SUPPORT_PSK		= 1 << 0,
+	NL80211_KEY_MGMT_OFFLOAD_SUPPORT_FT_PSK		= 1 << 1,
+	NL80211_KEY_MGMT_OFFLOAD_SUPPORT_PMKSA		= 1 << 2,
+	NL80211_KEY_MGMT_OFFLOAD_SUPPORT_FT_802_1X	= 1 << 3,
 };

 /**
@ -4015,9 +4021,11 @@ enum nl80211_key_mgmt_offload_support {
 * by default for all supported key management offload types.
 *
 * @NL80211_KEY_DERIVE_OFFLOAD_SUPPORT_IGTK: IGTK key derivation.
+ * @NL80211_KEY_DERIVE_OFFLOAD_SUPPORT_SHA256: SHA-256 key derivation.
 */
 enum nl80211_key_derive_offload_support {
-	NL80211_KEY_DERIVE_OFFLOAD_SUPPORT_IGTK	= 1 << 0,
+	NL80211_KEY_DERIVE_OFFLOAD_SUPPORT_IGTK		= 1 << 0,
+	NL80211_KEY_DERIVE_OFFLOAD_SUPPORT_SHA256	= 1 << 1,
 };

 /**
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@ -9436,7 +9436,7 @@ static struct genl_ops nl80211_ops[] = {
 				  NL80211_FLAG_NEED_RTNL,
 	},
 	{
-	.cmd = NL80211_CMD_KEY_MGMT_SET_PMK,
+		.cmd = NL80211_CMD_KEY_MGMT_SET_PMK,
 		.doit = nl80211_key_mgmt_set_pmk,
 		.policy = nl80211_policy,
 		.flags = GENL_ADMIN_PERM,
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@ -794,6 +794,7 @@ void cfg80211_process_wdev_events(struct wireless_dev *wdev)
 			__cfg80211_authorization_event(wdev->netdev,
 						       ev->au.auth_status,
 						       ev->au.key_replay_ctr);
+			break;
 		}
 		wdev_unlock(wdev);