101 lines
3.2 KiB
Diff
101 lines
3.2 KiB
Diff
diff -Naur a/src/drivers/driver.h b/src/drivers/driver.h
|
|
--- a/src/drivers/driver.h 2022-01-16 15:51:29.000000000 -0500
|
|
+++ b/src/drivers/driver.h 2023-08-30 10:22:48.193810598 -0400
|
|
@@ -1015,6 +1015,14 @@
|
|
const u8 *psk;
|
|
|
|
/**
|
|
+ * sae_password - Password for SAE authentication
|
|
+ *
|
|
+ * This value is made available only for WPA3-Personal (SAE) and only
|
|
+ * for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD.
|
|
+ */
|
|
+ const char *sae_password;
|
|
+
|
|
+ /**
|
|
* drop_unencrypted - Enable/disable unencrypted frame filtering
|
|
*
|
|
* Configure the driver to drop all non-EAPOL frames (both receive and
|
|
diff -Naur a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
|
|
--- a/src/drivers/driver_nl80211.c 2022-01-16 15:51:29.000000000 -0500
|
|
+++ b/src/drivers/driver_nl80211.c 2023-08-30 10:22:48.195810610 -0400
|
|
@@ -6173,8 +6173,12 @@
|
|
|
|
if (params->wpa_proto & WPA_PROTO_WPA)
|
|
ver |= NL80211_WPA_VERSION_1;
|
|
- if (params->wpa_proto & WPA_PROTO_RSN)
|
|
- ver |= NL80211_WPA_VERSION_2;
|
|
+ if (params->wpa_proto & WPA_PROTO_RSN) {
|
|
+ if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE)
|
|
+ ver |= NL80211_WPA_VERSION_3;
|
|
+ else
|
|
+ ver |= NL80211_WPA_VERSION_2;
|
|
+ }
|
|
|
|
wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver);
|
|
if (nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
|
|
@@ -6304,6 +6308,22 @@
|
|
return -1;
|
|
}
|
|
|
|
+ /* add SAE password in case of SAE authentication offload */
|
|
+ if ((params->sae_password || params->passphrase) &&
|
|
+ (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD)) {
|
|
+ const char *password;
|
|
+ size_t pwd_len;
|
|
+
|
|
+ password = params->sae_password;
|
|
+ if (!password)
|
|
+ password = params->passphrase;
|
|
+ pwd_len = os_strlen(password);
|
|
+ wpa_hexdump_ascii_key(MSG_DEBUG, " * SAE password",
|
|
+ (u8 *) password, pwd_len);
|
|
+ if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
|
|
return -1;
|
|
|
|
@@ -6419,6 +6439,8 @@
|
|
algs++;
|
|
if (params->auth_alg & WPA_AUTH_ALG_FT)
|
|
algs++;
|
|
+ if (params->auth_alg & WPA_AUTH_ALG_SAE)
|
|
+ algs++;
|
|
if (algs > 1) {
|
|
wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
|
|
"selection");
|
|
diff -Naur a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
|
|
--- a/wpa_supplicant/wpa_supplicant.c 2023-08-30 10:18:04.154061324 -0400
|
|
+++ b/wpa_supplicant/wpa_supplicant.c 2023-08-30 10:24:53.619588124 -0400
|
|
@@ -1537,7 +1537,8 @@
|
|
|
|
sel = ie.key_mgmt & ssid->key_mgmt;
|
|
#ifdef CONFIG_SAE
|
|
- if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
|
|
+ if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) &&
|
|
+ !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD))
|
|
sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
|
|
#endif /* CONFIG_SAE */
|
|
#ifdef CONFIG_IEEE80211R
|
|
@@ -3919,6 +3920,18 @@
|
|
params.psk = ssid->psk;
|
|
}
|
|
|
|
+ if ((wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD) &&
|
|
+ wpa_key_mgmt_sae(params.key_mgmt_suite)) {
|
|
+ params.auth_alg = WPA_AUTH_ALG_SAE;
|
|
+ if (ssid->sae_password)
|
|
+ params.sae_password = ssid->sae_password;
|
|
+ else if (ssid->passphrase)
|
|
+ params.passphrase = ssid->passphrase;
|
|
+
|
|
+ if (ssid->psk_set)
|
|
+ params.psk = ssid->psk;
|
|
+ }
|
|
+
|
|
params.drop_unencrypted = use_crypt;
|
|
|
|
params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
|