From 311091eb43eb8a5210745b667de7146012abff02 Mon Sep 17 00:00:00 2001 From: Sreeramya Soratkal Date: Tue, 4 May 2021 13:04:10 +0530 Subject: [PATCH] P2P: Use SAE+PMF for P2P connection in 6 GHz Use WPA3-Personal (SAE+PMF) for P2P connections in the 6 GHz band to enable the Wi-Fi Display use case on the 6 GHz band without having to use WPA2-Personal (PSK) on that new band. Signed-off-by: Sreeramya Soratkal --- src/ap/wps_hostapd.c | 7 +++++++ src/eap_server/eap_server_wsc.c | 8 +++++--- src/wps/wps.h | 4 ++++ src/wps/wps_registrar.c | 6 ++++-- wpa_supplicant/ap.c | 2 ++ wpa_supplicant/p2p_supplicant.c | 8 ++++++++ wpa_supplicant/wps_supplicant.c | 9 +++++++-- 7 files changed, 37 insertions(+), 7 deletions(-) diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c index e97dbf996..9f22e39a2 100644 --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c @@ -1172,6 +1172,8 @@ int hostapd_init_wps(struct hostapd_data *hapd, wps->auth_types |= WPS_AUTH_WPA2PSK; if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) wps->auth_types |= WPS_AUTH_WPA2; + if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) + wps->auth_types |= WPS_AUTH_WPA2PSK; if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_CCMP_256 | @@ -1328,6 +1330,11 @@ int hostapd_init_wps(struct hostapd_data *hapd, hostapd_register_probereq_cb(hapd, hostapd_wps_probe_req_rx, hapd); +#ifdef CONFIG_P2P + if ((hapd->conf->p2p & P2P_ENABLED) && + is_6ghz_op_class(hapd->iconf->op_class)) + wps->use_passphrase = true; +#endif /* CONFIG_P2P */ hapd->wps = wps; bin_clear_free(multi_ap_netw_key, 2 * PMK_LEN); diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c index fc70cf196..a162deb9e 100644 --- a/src/eap_server/eap_server_wsc.c +++ b/src/eap_server/eap_server_wsc.c @@ -132,9 +132,11 @@ static void * eap_wsc_init(struct eap_sm *sm) cfg.peer_addr = sm->peer_addr; #ifdef CONFIG_P2P if (sm->assoc_p2p_ie) { - wpa_printf(MSG_DEBUG, "EAP-WSC: Prefer PSK format for P2P " - "client"); - cfg.use_psk_key = 1; + if (!sm->cfg->wps->use_passphrase) { + wpa_printf(MSG_DEBUG, + "EAP-WSC: Prefer PSK format for non-6 GHz P2P client"); + cfg.use_psk_key = 1; + } cfg.p2p_dev_addr = p2p_get_go_dev_addr(sm->assoc_p2p_ie); } #endif /* CONFIG_P2P */ diff --git a/src/wps/wps.h b/src/wps/wps.h index 6a12255c8..fed3e2848 100644 --- a/src/wps/wps.h +++ b/src/wps/wps.h @@ -841,6 +841,10 @@ struct wps_context { struct wpabuf *ap_nfc_dh_pubkey; struct wpabuf *ap_nfc_dh_privkey; struct wpabuf *ap_nfc_dev_pw; + + /* Whether to send WPA2-PSK passphrase as a passphrase instead of PSK + * for WPA3-Personal transition mode needs. */ + bool use_passphrase; }; struct wps_registrar * diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c index 45f7e947e..173fbbd68 100644 --- a/src/wps/wps_registrar.c +++ b/src/wps/wps_registrar.c @@ -1753,8 +1753,10 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg) wpa_snprintf_hex(hex, sizeof(hex), wps->wps->psk, PMK_LEN); os_memcpy(wps->cred.key, hex, PMK_LEN * 2); wps->cred.key_len = PMK_LEN * 2; - } else if (!wps->wps->registrar->force_per_enrollee_psk && - wps->wps->network_key) { + } else if ((!wps->wps->registrar->force_per_enrollee_psk || + wps->wps->use_passphrase) && wps->wps->network_key) { + wpa_printf(MSG_DEBUG, + "WPS: Use passphrase format for Network key"); os_memcpy(wps->cred.key, wps->wps->network_key, wps->wps->network_key_len); wps->cred.key_len = wps->wps->network_key_len; diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c index a2bd08d4c..cdf0ed5c7 100644 --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -892,6 +892,8 @@ int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s, params.wpa_proto = ssid->proto; if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) wpa_s->key_mgmt = WPA_KEY_MGMT_PSK; + else if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) + wpa_s->key_mgmt = WPA_KEY_MGMT_SAE; else wpa_s->key_mgmt = WPA_KEY_MGMT_NONE; params.key_mgmt_suite = wpa_s->key_mgmt; diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index 74acb1d43..62c9a26a3 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -2065,6 +2065,14 @@ static void wpas_start_wps_go(struct wpa_supplicant *wpa_s, } ssid->auth_alg = WPA_AUTH_ALG_OPEN; ssid->key_mgmt = WPA_KEY_MGMT_PSK; + if (is_6ghz_freq(ssid->frequency) && + is_p2p_6ghz_capable(wpa_s->global->p2p)) { + ssid->auth_alg |= WPA_AUTH_ALG_SAE; + ssid->key_mgmt = WPA_KEY_MGMT_SAE; + wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Use SAE auth_alg and key_mgmt"); + } else { + p2p_set_6ghz_dev_capab(wpa_s->global->p2p, false); + } ssid->proto = WPA_PROTO_RSN; ssid->pairwise_cipher = WPA_CIPHER_CCMP; ssid->group_cipher = WPA_CIPHER_CCMP; diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index 029349b08..5633f3d1e 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -372,6 +372,7 @@ static int wpa_supplicant_wps_cred(void *ctx, #ifdef CONFIG_WPS_REG_DISABLE_OPEN int registrar = 0; #endif /* CONFIG_WPS_REG_DISABLE_OPEN */ + bool add_sae; if ((wpa_s->conf->wps_cred_processing == 1 || wpa_s->conf->wps_cred_processing == 2) && cred->cred_attr) { @@ -534,8 +535,12 @@ static int wpa_supplicant_wps_cred(void *ctx, case WPS_AUTH_WPA2PSK: ssid->auth_alg = WPA_AUTH_ALG_OPEN; ssid->key_mgmt = WPA_KEY_MGMT_PSK; - if (wpa_s->conf->wps_cred_add_sae && - cred->key_len != 2 * PMK_LEN) { + add_sae = wpa_s->conf->wps_cred_add_sae; +#ifdef CONFIG_P2P + if (ssid->p2p_group && is_p2p_6ghz_capable(wpa_s->global->p2p)) + add_sae = true; +#endif /* CONFIG_P2P */ + if (add_sae && cred->key_len != 2 * PMK_LEN) { ssid->auth_alg = 0; ssid->key_mgmt |= WPA_KEY_MGMT_SAE; ssid->ieee80211w = MGMT_FRAME_PROTECTION_OPTIONAL;