[PATCH] iw: connect: Add support for WPA3 SAE association

[Wonseok Kim <wonseok.kim@morsemicro.com>]

If the driver advertises NL80211_EXT_FEATURE_SAE_OFFLOAD, pass the
SAE password and let it handle SAE.

Added extra auth and key option to connect since SAE requires a separate
AUTHTYPE and a password instead of pre-shared keys.

Signed-off-by: Wonseok Kim <wonseok.kim@morsemicro.com>
---
 connect.c |  8 ++++++++
 util.c    | 28 ++++++++++++++++++++++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/connect.c b/connect.c
index 33e1a5f..14a8a7b 100644
--- a/connect.c
+++ b/connect.c
@@ -63,6 +63,10 @@ static int iw_conn(struct nl80211_state *state,
 			NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
 			    NL80211_AUTHTYPE_SHARED_KEY);
 			need_key = true;
+		} else if (strcmp(argv[0], "sae") == 0) {
+			NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
+			    NL80211_AUTHTYPE_SAE);
+			need_key = true;
 		} else {
 			return 1;
 		}
@@ -229,6 +233,10 @@ static int iw_auth(struct nl80211_state *state,
 		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
 			    NL80211_AUTHTYPE_SHARED_KEY);
 		need_key = true;
+	} else if (strcmp(argv[0], "sae") == 0) {
+		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE,
+			    NL80211_AUTHTYPE_SAE);
+		need_key = true;
 	} else {
 		return 1;
 	}
diff --git a/util.c b/util.c
index 36c1185..5b314cf 100644
--- a/util.c
+++ b/util.c
@@ -285,6 +285,9 @@ static int parse_akm_suite(const char *cipher_str)
 		return 0x000FAC03;
 	if (!strcmp(cipher_str, "PSK/SHA-256"))
 		return 0x000FAC06;
+	if (!strcmp(cipher_str, "SAE"))
+		return 0x000FAC08;
+
 	return -EINVAL;
 }
 
@@ -373,6 +376,25 @@ int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
 		return 0;
 	}
 
+	if (!memcmp(&arg[pos], "sae_pwd", 7)) {
+		pos += 7;
+		if (arg[pos] != ':')
+			goto explain;
+		pos++;
+
+		NLA_PUT_U32(msg, NL80211_ATTR_WPA_VERSIONS, NL80211_WPA_VERSION_3);
+		NLA_PUT(msg, NL80211_ATTR_SAE_PASSWORD, strlen(&arg[pos]), &arg[pos]);
+		NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, NL80211_AUTHTYPE_SAE);
+		NLA_PUT_U32(msg, NL80211_ATTR_AKM_SUITES, parse_akm_suite("SAE"));
+		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, parse_cipher_suite("CCMP"));
+		NLA_PUT_U32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, parse_cipher_suite("CCMP"));
+
+		*argv += 1;
+		*argc -= 1;
+
+		return 0;
+	}
+
 	NLA_PUT_FLAG(msg, NL80211_ATTR_PRIVACY);
 
 	keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
@@ -453,10 +475,12 @@ int parse_keys(struct nl_msg *msg, char **argv[], int *argc)
 			"           or 10 or 26 hex digits\n"
 			"for example: d:2:6162636465 is the same as d:2:abcde\n"
 			"or psk:data <AKM Suite> <pairwise CIPHER> <groupwise CIPHER> where\n"
-			"  'data' is the PSK (output of wpa_passphrase and the CIPHER can be CCMP or GCMP\n"
+			"  'data' is the PSK (output of wpa_passphrase and the CIPHER can be CCMP or GCMP)\n"
 			"for example: psk:0123456789abcdef PSK CCMP CCMP\n"
 			"The allowed AKM suites are PSK, FT/PSK, PSK/SHA-256\n"
-			"The allowed Cipher suites are TKIP, CCMP, GCMP, GCMP-256, CCMP-256\n");
+			"The allowed Cipher suites are TKIP, CCMP, GCMP, GCMP-256, CCMP-256\n"
+			"or sae_pwd:data where 'data' is the password\n"
+			"for example: sae_pwd:foobar\n");
 	return 2;
 }
 
-- 
2.51.0