mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-30 14:19:16 +00:00
brcmfmac: support SAE authentication offload in AP mode
Firmware may have SAE authenticator code built-in. This is detected by the driver and indicated in the wiphy features flags. User space can use this flag to determine whether or not to provide the password material in the nl80211 start AP command to offload the SAE authentication in AP mode. Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com> Signed-off-by: Chi-Hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200817073316.33402-5-stanley.hsu@cypress.com
This commit is contained in:
parent
787fb926f8
commit
d5f59c964e
2 changed files with 27 additions and 5 deletions
|
@ -56,6 +56,7 @@
|
|||
#define RSN_AKM_PSK 2 /* Pre-shared Key */
|
||||
#define RSN_AKM_SHA256_1X 5 /* SHA256, 802.1X */
|
||||
#define RSN_AKM_SHA256_PSK 6 /* SHA256, Pre-shared Key */
|
||||
#define RSN_AKM_SAE 8 /* SAE */
|
||||
#define RSN_CAP_LEN 2 /* Length of RSN capabilities */
|
||||
#define RSN_CAP_PTK_REPLAY_CNTR_MASK (BIT(2) | BIT(3))
|
||||
#define RSN_CAP_MFPR_MASK BIT(6)
|
||||
|
@ -4242,6 +4243,10 @@ brcmf_configure_wpaie(struct brcmf_if *ifp,
|
|||
brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n");
|
||||
wpa_auth |= WPA2_AUTH_1X_SHA256;
|
||||
break;
|
||||
case RSN_AKM_SAE:
|
||||
brcmf_dbg(TRACE, "RSN_AKM_SAE\n");
|
||||
wpa_auth |= WPA3_AUTH_SAE_PSK;
|
||||
break;
|
||||
default:
|
||||
bphy_err(drvr, "Invalid key mgmt info\n");
|
||||
}
|
||||
|
@ -4259,11 +4264,12 @@ brcmf_configure_wpaie(struct brcmf_if *ifp,
|
|||
brcmf_dbg(TRACE, "MFP Required\n");
|
||||
mfp = BRCMF_MFP_REQUIRED;
|
||||
/* Firmware only supports mfp required in
|
||||
* combination with WPA2_AUTH_PSK_SHA256 or
|
||||
* WPA2_AUTH_1X_SHA256.
|
||||
* combination with WPA2_AUTH_PSK_SHA256,
|
||||
* WPA2_AUTH_1X_SHA256, or WPA3_AUTH_SAE_PSK.
|
||||
*/
|
||||
if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 |
|
||||
WPA2_AUTH_1X_SHA256))) {
|
||||
WPA2_AUTH_1X_SHA256 |
|
||||
WPA3_AUTH_SAE_PSK))) {
|
||||
err = -EINVAL;
|
||||
goto exit;
|
||||
}
|
||||
|
@ -4828,6 +4834,14 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
|
|||
if (err < 0)
|
||||
goto exit;
|
||||
}
|
||||
if (crypto->sae_pwd) {
|
||||
brcmf_dbg(INFO, "using SAE offload\n");
|
||||
profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_SAE);
|
||||
err = brcmf_set_sae_password(ifp, crypto->sae_pwd,
|
||||
crypto->sae_pwd_len);
|
||||
if (err < 0)
|
||||
goto exit;
|
||||
}
|
||||
if (profile->use_fwauth == 0)
|
||||
profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
|
||||
|
||||
|
@ -4932,6 +4946,8 @@ static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev)
|
|||
if (profile->use_fwauth != BIT(BRCMF_PROFILE_FWAUTH_NONE)) {
|
||||
if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_PSK))
|
||||
brcmf_set_pmk(ifp, NULL, 0);
|
||||
if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_SAE))
|
||||
brcmf_set_sae_password(ifp, NULL, 0);
|
||||
profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
|
||||
}
|
||||
|
||||
|
@ -7083,9 +7099,13 @@ static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp)
|
|||
wiphy_ext_feature_set(wiphy,
|
||||
NL80211_EXT_FEATURE_SAE_OFFLOAD);
|
||||
}
|
||||
if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWAUTH))
|
||||
if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWAUTH)) {
|
||||
wiphy_ext_feature_set(wiphy,
|
||||
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK);
|
||||
if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE))
|
||||
wiphy_ext_feature_set(wiphy,
|
||||
NL80211_EXT_FEATURE_SAE_OFFLOAD_AP);
|
||||
}
|
||||
wiphy->mgmt_stypes = brcmf_txrx_stypes;
|
||||
wiphy->max_remain_on_channel_duration = 5000;
|
||||
if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
|
||||
|
|
|
@ -133,10 +133,12 @@ enum brcmf_profile_fwsup {
|
|||
*
|
||||
* @BRCMF_PROFILE_FWAUTH_NONE: no firmware authenticator
|
||||
* @BRCMF_PROFILE_FWAUTH_PSK: authenticator for WPA/WPA2-PSK
|
||||
* @BRCMF_PROFILE_FWAUTH_SAE: authenticator for SAE
|
||||
*/
|
||||
enum brcmf_profile_fwauth {
|
||||
BRCMF_PROFILE_FWAUTH_NONE,
|
||||
BRCMF_PROFILE_FWAUTH_PSK
|
||||
BRCMF_PROFILE_FWAUTH_PSK,
|
||||
BRCMF_PROFILE_FWAUTH_SAE
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue