The IEEE 802.11bi standard introduces the Enhanced Privacy Protection Key Exchange (EPPKE) authentication protocol as specified in "IEEE P802.11bi/D3.0, 12.16.9". This protocol requires passing a Key Confirmation Key (KCK) from userspace to the driver to construct the Message Integrity Code (MIC) for authentication frames. Introduce a new netlink attribute, NL80211_ATTR_KEY_KCK, to allow userspace to provide the KCK via the NL80211_CMD_AUTHENTICATE command. This attribute is only present when the connection uses the EPPKE authentication protocol. Extend struct cfg80211_auth_request with a kck field to carry the key from cfg80211 to the mac80211 layer. Signed-off-by: Kavita Kavita --- include/net/cfg80211.h | 4 ++++ include/uapi/linux/nl80211.h | 8 ++++++++ net/wireless/nl80211.c | 10 ++++++++++ 3 files changed, 22 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 38d201d4e676..6f02d2fdfc71 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -3187,6 +3187,8 @@ static inline const u8 *ieee80211_bss_get_ie(struct cfg80211_bss *bss, u8 id) * @key_len: length of WEP key for shared key authentication * @key_idx: index of WEP key for shared key authentication * @key: WEP key for shared key authentication + * @kck: Key Confirmation Key for EPPKE Authentication. + * @kck_len: length of the KCK key for EPPKE Authentication. * @auth_data: Fields and elements in Authentication frames. This contains * the authentication frame body (non-IE and IE data), excluding the * Authentication algorithm number, i.e., starting at the Authentication @@ -3209,6 +3211,8 @@ struct cfg80211_auth_request { const u8 *key; u8 key_len; s8 key_idx; + const u8 *kck; + u8 kck_len; const u8 *auth_data; size_t auth_data_len; s8 link_id; diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index f78f6e7c4ab7..d0008780ffcb 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -2981,6 +2981,12 @@ enum nl80211_commands { * (e.g., EPPKE). If set, transmit key data to the driver for installation/ * removal/modification before the non-AP STA is associated. * + * @NL80211_ATTR_KEY_KCK: (Binary) Key Confirmation Key (KCK); + * This attribute is used with %NL80211_CMD_AUTHENTICATE. In case of the + * Enhanced Privacy Protection Key Exchange (EPPKE) authentication protocol + * as specified in "IEEE P802.11bi/D3.0, 12.16.9", this attribute + * is used for MIC calculation. + * * @NUM_NL80211_ATTR: total number of nl80211_attrs available * @NL80211_ATTR_MAX: highest attribute number currently defined * @__NL80211_ATTR_AFTER_LAST: internal use @@ -3551,6 +3557,8 @@ enum nl80211_attrs { NL80211_ATTR_KEY_PREASSOC, + NL80211_ATTR_KEY_KCK, + /* add attributes here, update the policy in nl80211.c */ __NL80211_ATTR_AFTER_LAST, diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index f297639b916f..d890d0f25191 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -933,6 +933,8 @@ static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = { [NL80211_ATTR_BSS_PARAM] = { .type = NLA_FLAG }, [NL80211_ATTR_S1G_PRIMARY_2MHZ] = { .type = NLA_FLAG }, [NL80211_ATTR_KEY_PREASSOC] = { .type = NLA_FLAG }, + [NL80211_ATTR_KEY_KCK] = { .type = NLA_BINARY, + .len = WLAN_MAX_KEY_LEN }, }; /* policy for the key attributes */ @@ -12034,6 +12036,14 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) if (!cfg80211_is_sae_akmp(akm_suite)) return -EINVAL; } + + if (auth_trans == 3) { + if (!info->attrs[NL80211_ATTR_KEY_KCK]) + return -EINVAL; + + req.kck_len = nla_len(info->attrs[NL80211_ATTR_KEY_KCK]); + req.kck = nla_data(info->attrs[NL80211_ATTR_KEY_KCK]); + } } local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; -- 2.34.1