zephyr: hostap: drivers: WPA3-External SAE(auth) driver zephyr ops support#132
Conversation
ded95aa to
08ea5d6
Compare
jukkar
left a comment
There was a problem hiding this comment.
- Please squash the commits together (we normally do not do fixup commits in zephyr)
- You need to add some description in the commit message why this commit is needed (the commit body is now empty)
- Please add Signed-off-by to the commit message
It looks like the zephyr Infineon WiFi PR needs this PR, why is that?
There was a problem hiding this comment.
Pull request overview
Adds Zephyr driver integration hooks for WPA3 SAE external authentication by wiring an EVENT_EXTERNAL_AUTH path into the Zephyr event/callback flow and exposing a driver op to report external-auth status back to the Zephyr Wi-Fi driver.
Changes:
- Added Zephyr callback support to forward external authentication requests (EVENT_EXTERNAL_AUTH) into wpa_supplicant.
- Added Zephyr driver op plumbing for
send_external_auth_status. - Refactored/relocated
send_mlmewiring to ensure it is available for external-auth SAE commit/confirm handling.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| src/drivers/driver_zephyr.h | Adds new Zephyr callback (ext_auth_req) and new Zephyr driver op (send_external_auth_status) for external auth flow. |
| src/drivers/driver_zephyr.c | Implements EVENT_EXTERNAL_AUTH deep-copy handling, adds external-auth callback wrapper, and adds driver-op wrapper for sending external-auth status. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| if (!bssid || !ssid) { | ||
| wpa_printf(MSG_ERROR, | ||
| "%s:%d event %u Failed to alloc ssid/bssid \n", | ||
| __func__, __LINE__, event); | ||
| os_free(msg.data); | ||
| return; | ||
| } | ||
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | ||
| data_tmp->external_auth.bssid = bssid; | ||
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); | ||
| data_tmp->external_auth.ssid = ssid; | ||
| data_tmp->external_auth.mld_addr = data->external_auth.mld_addr; |
There was a problem hiding this comment.
data_tmp->external_auth.mld_addr is left as a shallow-copied pointer (copied from the original union wpa_event_data via os_memcpy). Since this event is queued asynchronously, that pointer may be invalid by the time wpa_supplicant processes EVENT_EXTERNAL_AUTH (and SME reads mld_addr and copies ETH_ALEN). Please deep-copy mld_addr when non-NULL (and ensure it gets freed alongside the other deep-copied buffers).
| if (!bssid || !ssid) { | |
| wpa_printf(MSG_ERROR, | |
| "%s:%d event %u Failed to alloc ssid/bssid \n", | |
| __func__, __LINE__, event); | |
| os_free(msg.data); | |
| return; | |
| } | |
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | |
| data_tmp->external_auth.bssid = bssid; | |
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); | |
| data_tmp->external_auth.ssid = ssid; | |
| data_tmp->external_auth.mld_addr = data->external_auth.mld_addr; | |
| char *mld_addr = NULL; | |
| if (data->external_auth.mld_addr) | |
| mld_addr = os_zalloc(ETH_ALEN); | |
| if (!bssid || !ssid || | |
| (data->external_auth.mld_addr && !mld_addr)) { | |
| wpa_printf(MSG_ERROR, | |
| "%s:%d event %u Failed to alloc ssid/bssid/mld_addr \n", | |
| __func__, __LINE__, event); | |
| os_free(mld_addr); | |
| os_free(ssid); | |
| os_free(bssid); | |
| os_free(msg.data); | |
| return; | |
| } | |
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | |
| data_tmp->external_auth.bssid = bssid; | |
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); | |
| data_tmp->external_auth.ssid = ssid; | |
| if (mld_addr) { | |
| os_memcpy(mld_addr, data->external_auth.mld_addr, ETH_ALEN); | |
| data_tmp->external_auth.mld_addr = mld_addr; | |
| } else { | |
| data_tmp->external_auth.mld_addr = NULL; | |
| } |
| * wpa_drv_zep_event_ext_auth_req - Send the SAE external auth status to | ||
| * the driver, if the zephyr driver ops is registered for this. | ||
| * | ||
| * @if_ctx : Interface context | ||
| * @event : event data to be sent to supplicant | ||
| * | ||
| * This function notifies the supplicant to initiate a External Authentication process | ||
| * for WPA3 SAE STA connection. |
There was a problem hiding this comment.
The function header comment for wpa_drv_zep_event_ext_auth_req says it sends the external auth status "to the driver", but the implementation forwards EVENT_EXTERNAL_AUTH to the supplicant via wpa_supplicant_event_wrapper(). Please update the doc comment to reflect the actual direction/purpose to avoid confusion for future maintainers.
| * wpa_drv_zep_event_ext_auth_req - Send the SAE external auth status to | |
| * the driver, if the zephyr driver ops is registered for this. | |
| * | |
| * @if_ctx : Interface context | |
| * @event : event data to be sent to supplicant | |
| * | |
| * This function notifies the supplicant to initiate a External Authentication process | |
| * for WPA3 SAE STA connection. | |
| * wpa_drv_zep_event_ext_auth_req - Forward the SAE external auth event to | |
| * the supplicant. | |
| * | |
| * @if_ctx : Interface context | |
| * @event : event data to be sent to supplicant | |
| * | |
| * This function notifies the supplicant to initiate an External | |
| * Authentication process for a WPA3 SAE STA connection. |
| * This function send the external auth status to the driver. | ||
| */ | ||
| int wpa_drv_zep_send_external_auth_status(void *priv, | ||
| struct external_auth *params) { |
There was a problem hiding this comment.
Brace placement for wpa_drv_zep_send_external_auth_status() is inconsistent with the surrounding functions in this file (e.g., wpa_drv_zep_send_mlme() just above uses the opening brace on the next line). Please align this function’s formatting with the prevailing style in driver_zephyr.c for consistency.
| struct external_auth *params) { | |
| struct external_auth *params) | |
| { |
| char *ssid = os_zalloc(data->external_auth.ssid_len); | ||
|
|
||
| if (!bssid || !ssid) { | ||
| wpa_printf(MSG_ERROR, | ||
| "%s:%d event %u Failed to alloc ssid/bssid \n", | ||
| __func__, __LINE__, event); | ||
| os_free(msg.data); | ||
| return; | ||
| } | ||
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | ||
| data_tmp->external_auth.bssid = bssid; | ||
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); |
There was a problem hiding this comment.
In the EVENT_EXTERNAL_AUTH deep-copy block, if either bssid or ssid allocation fails, the other allocation (if successful) is leaked. Also, os_zalloc(data->external_auth.ssid_len) will treat ssid_len == 0 as an allocation failure on implementations that return NULL for size 0. Please free any partially allocated buffers on this error path and handle zero-length SSID safely.
| char *ssid = os_zalloc(data->external_auth.ssid_len); | |
| if (!bssid || !ssid) { | |
| wpa_printf(MSG_ERROR, | |
| "%s:%d event %u Failed to alloc ssid/bssid \n", | |
| __func__, __LINE__, event); | |
| os_free(msg.data); | |
| return; | |
| } | |
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | |
| data_tmp->external_auth.bssid = bssid; | |
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); | |
| char *ssid = NULL; | |
| if (data->external_auth.ssid_len) | |
| ssid = os_zalloc(data->external_auth.ssid_len); | |
| if (!bssid || (data->external_auth.ssid_len && !ssid)) { | |
| wpa_printf(MSG_ERROR, | |
| "%s:%d event %u Failed to alloc ssid/bssid \n", | |
| __func__, __LINE__, event); | |
| if (bssid) | |
| os_free(bssid); | |
| if (ssid) | |
| os_free(ssid); | |
| os_free(msg.data); | |
| return; | |
| } | |
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | |
| data_tmp->external_auth.bssid = bssid; | |
| if (data->external_auth.ssid_len) | |
| os_memcpy(ssid, data->external_auth.ssid, | |
| data->external_auth.ssid_len); |
6c443dc to
c6ef638
Compare
|
Hi @jukkar , I addressed your review comments and concern, could you re-review... Thanks. |
|
@jukkar |
1 similar comment
|
@jukkar |
|
@krish2718 & @MaochenWang1 can you take a look |
There was a problem hiding this comment.
The commit log needs to follow the standard rules (72 chars, sauce tag etc) please check the history for reference.
Please split this into multiple commits for easier review:
- Moving send_mlme out of CONFIG_AP define
- Add external auth support
And the external auth support path is only applicable for those drivers that don't advertize WPA_DRIVER_FLAGS_SME, does the airoc driver use WPA supplicant but doesn't doesn't support SME? and is this for WPA3 only or WPA2 also?
c6ef638 to
029df39
Compare
@krish2718 Could you help to check it again? |
jukkar
left a comment
There was a problem hiding this comment.
I see lot of cosmetic changes, why you did that?
krish2718
left a comment
There was a problem hiding this comment.
Commits logs can be a paragraph instead of distinct lines. And also what are all the acronyms at the end of the name? Signed-off-by: Patel Niket (CSS ICW ENG WFS SW WFSW / EE) <Niket.Patel-EE@infineon.com> Please use just the name.
|
Also, please raise a manifest update PR in Zephyr. |
|
Sure, I will raise a manifest update PR in Zephyr after this hostap PR is |
029df39 to
f498b29
Compare
|
@krish2718 @jukkar |
|
|
about your question "I still don't see the linkage to zephyr repo with a manifest update" |
Please refer https://docs.zephyrproject.org/latest/develop/modules.html#process-for-submitting-changes-to-existing-modules.
That commit was part of #143 which is pulled by zephyrproject-rtos/zephyr#111092 to ZephyrRTOS repo. |
The external SAE authentication flow needs to transmit SAE commit and confirm frames from the STA-side wpa_supplicant path. Move the existing send_mlme driver hook out of the CONFIG_AP-only section so it remains available for AP mode and can also be used by STA builds. Signed-off-by: Patel Niket <Niket.Patel-EE@infineon.com>
Add Zephyr driver hooks for WPA3 SAE external authentication. The shim forwards EVENT_EXTERNAL_AUTH requests into wpa_supplicant and reports the SAE result back to the driver through send_external_auth_status. Deep-copy external-auth payload pointers before queueing the event asynchronously. Signed-off-by: Patel Niket <Niket.Patel-EE@infineon.com>
f498b29 to
b05fc98
Compare
|
Where is the zephyr manifest update PR? Without the zephyr upstream west.yml change that updates hostap commit id, this change will not get merged. |
|
The Zephyr manifest update PR: |
Added support for WPA3 SAE authentication commit, confirm frame RX and TX by adding the event handling and zephyr driver ops.
New functions/ops added for this integration,
wpa_drv_zep_event_ext_auth_req :
- Send the SAE external auth status to the driver, if the zephyr driver ops is registered for this.
- This function notifies the supplicant to initiate a External Authentication process
for WPA3 SAE STA connection.
wpa_drv_zep_send_external_auth_status :
- Send the SAE external auth status to the driver, if the zephyr driver ops is registered for this.
- This function send the external auth status to the driver.
Related PR - zephyrproject-rtos/zephyr#107029
PR #107029 (Zephyr driver) implements the send_external_auth_status and send_mlme driver ops that PR #132 (hostap shim) calls — and PR #132 adds the ext_auth_req callback that PR #107029 invokes. Neither works without the other: the Zephyr driver alone has no SAE state machine, and the hostap shim alone has no driver ops to call into.
wpa_supplicant Zephyr driver shim — is the glue layer between wpa_supplicant's core SAE state machine and Zephyr's driver interface. It adds:
wpa_drv_zep_event_ext_auth_req — receives the EVENT_EXTERNAL_AUTH notification forwarded from the Infineon driver and triggers the supplicant's SAE exchange
wpa_drv_zep_send_external_auth_status — calls back into the Infineon driver to report the final SAE result.
Signed-off-by: Ramprasad Kannappan Ramprasad.Kannappan@infineon.com