zephyr: hostap: drivers: WPA3-External SAE(auth) driver zephyr ops support#132
Conversation
Ramprasad-Kannappan
requested review from
MaochenWang1,
jukkar and
krish2718
as code owners
Ramprasad-Kannappan
force-pushed
the
topic/ramprasad-wpa3-external-auth-driver-zep-support
branch
from
ded95aa to
08ea5d6
Compare
jukkar
left a comment
jukkar
left a comment
There was a problem hiding this comment.
- Please squash the commits together (we normally do not do fixup commits in zephyr)
- You need to add some description in the commit message why this commit is needed (the commit body is now empty)
- Please add Signed-off-by to the commit message
It looks like the zephyr Infineon WiFi PR needs this PR, why is that?
There was a problem hiding this comment.
Pull request overview
Adds Zephyr driver integration hooks for WPA3 SAE external authentication by wiring an EVENT_EXTERNAL_AUTH path into the Zephyr event/callback flow and exposing a driver op to report external-auth status back to the Zephyr Wi-Fi driver.
Changes:
- Added Zephyr callback support to forward external authentication requests (EVENT_EXTERNAL_AUTH) into wpa_supplicant.
- Added Zephyr driver op plumbing for
send_external_auth_status. - Refactored/relocated
send_mlmewiring to ensure it is available for external-auth SAE commit/confirm handling.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| src/drivers/driver_zephyr.h | Adds new Zephyr callback (ext_auth_req) and new Zephyr driver op (send_external_auth_status) for external auth flow. |
| src/drivers/driver_zephyr.c | Implements EVENT_EXTERNAL_AUTH deep-copy handling, adds external-auth callback wrapper, and adds driver-op wrapper for sending external-auth status. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| if (!bssid || !ssid) { | ||
| wpa_printf(MSG_ERROR, | ||
| "%s:%d event %u Failed to alloc ssid/bssid \n", | ||
| __func__, __LINE__, event); | ||
| os_free(msg.data); | ||
| return; | ||
| } | ||
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | ||
| data_tmp->external_auth.bssid = bssid; | ||
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); | ||
| data_tmp->external_auth.ssid = ssid; | ||
| data_tmp->external_auth.mld_addr = data->external_auth.mld_addr; |
There was a problem hiding this comment.
data_tmp->external_auth.mld_addr is left as a shallow-copied pointer (copied from the original union wpa_event_data via os_memcpy). Since this event is queued asynchronously, that pointer may be invalid by the time wpa_supplicant processes EVENT_EXTERNAL_AUTH (and SME reads mld_addr and copies ETH_ALEN). Please deep-copy mld_addr when non-NULL (and ensure it gets freed alongside the other deep-copied buffers).
| if (!bssid || !ssid) { | |
| wpa_printf(MSG_ERROR, | |
| "%s:%d event %u Failed to alloc ssid/bssid \n", | |
| __func__, __LINE__, event); | |
| os_free(msg.data); | |
| return; | |
| } | |
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | |
| data_tmp->external_auth.bssid = bssid; | |
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); | |
| data_tmp->external_auth.ssid = ssid; | |
| data_tmp->external_auth.mld_addr = data->external_auth.mld_addr; | |
| char *mld_addr = NULL; | |
| if (data->external_auth.mld_addr) | |
| mld_addr = os_zalloc(ETH_ALEN); | |
| if (!bssid || !ssid || | |
| (data->external_auth.mld_addr && !mld_addr)) { | |
| wpa_printf(MSG_ERROR, | |
| "%s:%d event %u Failed to alloc ssid/bssid/mld_addr \n", | |
| __func__, __LINE__, event); | |
| os_free(mld_addr); | |
| os_free(ssid); | |
| os_free(bssid); | |
| os_free(msg.data); | |
| return; | |
| } | |
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | |
| data_tmp->external_auth.bssid = bssid; | |
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); | |
| data_tmp->external_auth.ssid = ssid; | |
| if (mld_addr) { | |
| os_memcpy(mld_addr, data->external_auth.mld_addr, ETH_ALEN); | |
| data_tmp->external_auth.mld_addr = mld_addr; | |
| } else { | |
| data_tmp->external_auth.mld_addr = NULL; | |
| } |
| * wpa_drv_zep_event_ext_auth_req - Send the SAE external auth status to | ||
| * the driver, if the zephyr driver ops is registered for this. | ||
| * | ||
| * @if_ctx : Interface context | ||
| * @event : event data to be sent to supplicant | ||
| * | ||
| * This function notifies the supplicant to initiate a External Authentication process | ||
| * for WPA3 SAE STA connection. |
There was a problem hiding this comment.
The function header comment for wpa_drv_zep_event_ext_auth_req says it sends the external auth status "to the driver", but the implementation forwards EVENT_EXTERNAL_AUTH to the supplicant via wpa_supplicant_event_wrapper(). Please update the doc comment to reflect the actual direction/purpose to avoid confusion for future maintainers.
| * wpa_drv_zep_event_ext_auth_req - Send the SAE external auth status to | |
| * the driver, if the zephyr driver ops is registered for this. | |
| * | |
| * @if_ctx : Interface context | |
| * @event : event data to be sent to supplicant | |
| * | |
| * This function notifies the supplicant to initiate a External Authentication process | |
| * for WPA3 SAE STA connection. | |
| * wpa_drv_zep_event_ext_auth_req - Forward the SAE external auth event to | |
| * the supplicant. | |
| * | |
| * @if_ctx : Interface context | |
| * @event : event data to be sent to supplicant | |
| * | |
| * This function notifies the supplicant to initiate an External | |
| * Authentication process for a WPA3 SAE STA connection. |
| * This function send the external auth status to the driver. | ||
| */ | ||
| int wpa_drv_zep_send_external_auth_status(void *priv, | ||
| struct external_auth *params) { |
There was a problem hiding this comment.
Brace placement for wpa_drv_zep_send_external_auth_status() is inconsistent with the surrounding functions in this file (e.g., wpa_drv_zep_send_mlme() just above uses the opening brace on the next line). Please align this function’s formatting with the prevailing style in driver_zephyr.c for consistency.
| struct external_auth *params) { | |
| struct external_auth *params) | |
| { |
| char *ssid = os_zalloc(data->external_auth.ssid_len); | ||
|
|
||
| if (!bssid || !ssid) { | ||
| wpa_printf(MSG_ERROR, | ||
| "%s:%d event %u Failed to alloc ssid/bssid \n", | ||
| __func__, __LINE__, event); | ||
| os_free(msg.data); | ||
| return; | ||
| } | ||
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | ||
| data_tmp->external_auth.bssid = bssid; | ||
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); |
There was a problem hiding this comment.
In the EVENT_EXTERNAL_AUTH deep-copy block, if either bssid or ssid allocation fails, the other allocation (if successful) is leaked. Also, os_zalloc(data->external_auth.ssid_len) will treat ssid_len == 0 as an allocation failure on implementations that return NULL for size 0. Please free any partially allocated buffers on this error path and handle zero-length SSID safely.
| char *ssid = os_zalloc(data->external_auth.ssid_len); | |
| if (!bssid || !ssid) { | |
| wpa_printf(MSG_ERROR, | |
| "%s:%d event %u Failed to alloc ssid/bssid \n", | |
| __func__, __LINE__, event); | |
| os_free(msg.data); | |
| return; | |
| } | |
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | |
| data_tmp->external_auth.bssid = bssid; | |
| os_memcpy(ssid, data->external_auth.ssid, data->external_auth.ssid_len); | |
| char *ssid = NULL; | |
| if (data->external_auth.ssid_len) | |
| ssid = os_zalloc(data->external_auth.ssid_len); | |
| if (!bssid || (data->external_auth.ssid_len && !ssid)) { | |
| wpa_printf(MSG_ERROR, | |
| "%s:%d event %u Failed to alloc ssid/bssid \n", | |
| __func__, __LINE__, event); | |
| if (bssid) | |
| os_free(bssid); | |
| if (ssid) | |
| os_free(ssid); | |
| os_free(msg.data); | |
| return; | |
| } | |
| os_memcpy(bssid, data->external_auth.bssid, ETH_ALEN); | |
| data_tmp->external_auth.bssid = bssid; | |
| if (data->external_auth.ssid_len) | |
| os_memcpy(ssid, data->external_auth.ssid, | |
| data->external_auth.ssid_len); |
Added support for WPA3 SAE authentication commit, confirm frame RX and TX by adding the event handling and zephyr driver ops. Signed-off-by: Ramprasad Kannappan <Ramprasad.Kannappan@infineon.com>
Ramprasad-Kannappan
force-pushed
the
topic/ramprasad-wpa3-external-auth-driver-zep-support
branch
from
6c443dc to
c6ef638
Compare
|
Hi @jukkar , I addressed your review comments and concern, could you re-review... Thanks. |
|
@jukkar |
1 similar comment
|
@jukkar |
Added support for WPA3 SAE authentication commit, confirm frame RX and TX by adding the event handling and zephyr driver ops.
New functions/ops added for this integration,
wpa_drv_zep_event_ext_auth_req :
- Send the SAE external auth status to the driver, if the zephyr driver ops is registered for this.
- This function notifies the supplicant to initiate a External Authentication process
for WPA3 SAE STA connection.
wpa_drv_zep_send_external_auth_status :
- Send the SAE external auth status to the driver, if the zephyr driver ops is registered for this.
- This function send the external auth status to the driver.
Related PR - zephyrproject-rtos/zephyr#107029
PR #107029 (Zephyr driver) implements the send_external_auth_status and send_mlme driver ops that PR #132 (hostap shim) calls — and PR #132 adds the ext_auth_req callback that PR #107029 invokes. Neither works without the other: the Zephyr driver alone has no SAE state machine, and the hostap shim alone has no driver ops to call into.
wpa_supplicant Zephyr driver shim — is the glue layer between wpa_supplicant's core SAE state machine and Zephyr's driver interface. It adds:
wpa_drv_zep_event_ext_auth_req — receives the EVENT_EXTERNAL_AUTH notification forwarded from the Infineon driver and triggers the supplicant's SAE exchange
wpa_drv_zep_send_external_auth_status — calls back into the Infineon driver to report the final SAE result.
Signed-off-by: Ramprasad Kannappan Ramprasad.Kannappan@infineon.com