cfg80211: Allow user space to specify non-IEs to SAE Authentication

 * @key_len: length of WEP key for shared key authentication

 * @key_idx: index of WEP key for shared key authentication

 * @key: WEP key for shared key authentication

 * @sae_data: Non-IE data to use with SAE or %NULL. This starts with

 *	Authentication transaction sequence number field.

 * @sae_data_len: Length of sae_data buffer in octets

 */

struct cfg80211_auth_request {

	struct cfg80211_bss *bss;

	enum nl80211_auth_type auth_type;

	const u8 *key;

	u8 key_len, key_idx;

	const u8 *sae_data;

	size_t sae_data_len;

};

/**

 *	the connection request from a station. nl80211_connect_failed_reason

 *	enum has different reasons of connection failure.

 *

 * @NL80211_ATTR_SAE_DATA: SAE elements in Authentication frames. This starts

 *	with the Authentication transaction sequence number field.

 *

 * @NL80211_ATTR_MAX: highest attribute number currently defined

 * @__NL80211_ATTR_AFTER_LAST: internal use

 */

	NL80211_ATTR_CONN_FAILED_REASON,

	NL80211_ATTR_SAE_DATA,

	/* add attributes here, update the policy in nl80211.c */

	__NL80211_ATTR_AFTER_LAST,

 * @NL80211_AUTHTYPE_SHARED_KEY: Shared Key authentication (WEP only)

 * @NL80211_AUTHTYPE_FT: Fast BSS Transition (IEEE 802.11r)

 * @NL80211_AUTHTYPE_NETWORK_EAP: Network EAP (some Cisco APs and mainly LEAP)

 * @NL80211_AUTHTYPE_SAE: Simultaneous authentication of equals

 * @__NL80211_AUTHTYPE_NUM: internal

 * @NL80211_AUTHTYPE_MAX: maximum valid auth algorithm

 * @NL80211_AUTHTYPE_AUTOMATIC: determine automatically (if necessary by

	NL80211_AUTHTYPE_SHARED_KEY,

	NL80211_AUTHTYPE_FT,

	NL80211_AUTHTYPE_NETWORK_EAP,

	NL80211_AUTHTYPE_SAE,

	/* keep last */

	__NL80211_AUTHTYPE_NUM,

 *	in the interface combinations, even when it's only used for scan

 *	and remain-on-channel. This could be due to, for example, the

 *	remain-on-channel implementation requiring a channel context.

 * @NL80211_FEATURE_SAE: This driver supports simultaneous authentication of

 *	equals (SAE) with user space SME (NL80211_CMD_AUTHENTICATE) in station

 *	mode

 */

enum nl80211_feature_flags {

	NL80211_FEATURE_SK_TX_STATUS			= 1 << 0,

	NL80211_FEATURE_INACTIVITY_TIMER		= 1 << 2,

	NL80211_FEATURE_CELL_BASE_REG_HINTS		= 1 << 3,

	NL80211_FEATURE_P2P_DEVICE_NEEDS_CHANNEL	= 1 << 4,

	NL80211_FEATURE_SAE				= 1 << 5,

};

/**

			 const u8 *bssid,

			 const u8 *ssid, int ssid_len,

			 const u8 *ie, int ie_len,

			 const u8 *key, int key_len, int key_idx);

			 const u8 *key, int key_len, int key_idx,

			 const u8 *sae_data, int sae_data_len);

int cfg80211_mlme_auth(struct cfg80211_registered_device *rdev,

		       struct net_device *dev, struct ieee80211_channel *chan,

		       enum nl80211_auth_type auth_type, const u8 *bssid,

		       const u8 *ssid, int ssid_len,

		       const u8 *ie, int ie_len,

		       const u8 *key, int key_len, int key_idx);

		       const u8 *key, int key_len, int key_idx,

		       const u8 *sae_data, int sae_data_len);

int __cfg80211_mlme_assoc(struct cfg80211_registered_device *rdev,

			  struct net_device *dev,

			  struct ieee80211_channel *chan,

			 const u8 *bssid,

			 const u8 *ssid, int ssid_len,

			 const u8 *ie, int ie_len,

			 const u8 *key, int key_len, int key_idx)

			 const u8 *key, int key_len, int key_idx,

			 const u8 *sae_data, int sae_data_len)

{

	struct wireless_dev *wdev = dev->ieee80211_ptr;

	struct cfg80211_auth_request req;

	req.ie = ie;

	req.ie_len = ie_len;

	req.sae_data = sae_data;

	req.sae_data_len = sae_data_len;

	req.auth_type = auth_type;

	req.bss = cfg80211_get_bss(&rdev->wiphy, chan, bssid, ssid, ssid_len,

				   WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_ESS);

		       enum nl80211_auth_type auth_type, const u8 *bssid,

		       const u8 *ssid, int ssid_len,

		       const u8 *ie, int ie_len,

		       const u8 *key, int key_len, int key_idx)

		       const u8 *key, int key_len, int key_idx,

		       const u8 *sae_data, int sae_data_len)

{

	int err;

	wdev_lock(dev->ieee80211_ptr);

	err = __cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,

				   ssid, ssid_len, ie, ie_len,

				   key, key_len, key_idx);

				   key, key_len, key_idx,

				   sae_data, sae_data_len);

	wdev_unlock(dev->ieee80211_ptr);

	mutex_unlock(&rdev->devlist_mtx);

#include "nl80211.h"

#include "reg.h"

static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);

static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,

				   struct genl_info *info,

				   struct cfg80211_crypto_settings *settings,

	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },

	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },

	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },

	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },

};

/* policy for the key attributes */

	return ret;

}

static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,

				    enum nl80211_auth_type auth_type,

				    enum nl80211_commands cmd)

{

	if (auth_type > NL80211_AUTHTYPE_MAX)

		return false;

	switch (cmd) {

	case NL80211_CMD_AUTHENTICATE:

		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&

		    auth_type == NL80211_AUTHTYPE_SAE)

			return false;

		return true;

	case NL80211_CMD_CONNECT:

	case NL80211_CMD_START_AP:

		/* SAE not supported yet */

		if (auth_type == NL80211_AUTHTYPE_SAE)

			return false;

		return true;

	default:

		return false;

	}

}

static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)

{

	struct cfg80211_registered_device *rdev = info->user_ptr[0];

	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {

		params.auth_type = nla_get_u32(

			info->attrs[NL80211_ATTR_AUTH_TYPE]);

		if (!nl80211_valid_auth_type(params.auth_type))

		if (!nl80211_valid_auth_type(rdev, params.auth_type,

					     NL80211_CMD_START_AP))

			return -EINVAL;

	} else

		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;

	return res;

}

static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)

{

	return auth_type <= NL80211_AUTHTYPE_MAX;

}

static bool nl80211_valid_wpa_versions(u32 wpa_versions)

{

	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |

	struct cfg80211_registered_device *rdev = info->user_ptr[0];

	struct net_device *dev = info->user_ptr[1];

	struct ieee80211_channel *chan;

	const u8 *bssid, *ssid, *ie = NULL;

	int err, ssid_len, ie_len = 0;

	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;

	int err, ssid_len, ie_len = 0, sae_data_len = 0;

	enum nl80211_auth_type auth_type;

	struct key_parse key;

	bool local_state_change;

	}

	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);

	if (!nl80211_valid_auth_type(auth_type))

	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))

		return -EINVAL;

	if (auth_type == NL80211_AUTHTYPE_SAE &&

	    !info->attrs[NL80211_ATTR_SAE_DATA])

		return -EINVAL;

	if (info->attrs[NL80211_ATTR_SAE_DATA]) {

		if (auth_type != NL80211_AUTHTYPE_SAE)

			return -EINVAL;

		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);

		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);

		/* need to include at least Auth Transaction and Status Code */

		if (sae_data_len < 4)

			return -EINVAL;

	}

	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];

	/*

	return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,

				  ssid, ssid_len, ie, ie_len,

				  key.p.key, key.p.key_len, key.idx);

				  key.p.key, key.p.key_len, key.idx,

				  sae_data, sae_data_len);

}

static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,

	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {

		connect.auth_type =

			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);

		if (!nl80211_valid_auth_type(connect.auth_type))

		if (!nl80211_valid_auth_type(rdev, connect.auth_type,

					     NL80211_CMD_CONNECT))

			return -EINVAL;

	} else

		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;