--- /dev/null
+From 9f0ffa418483938d25a15f6ad3891389f333bc59 Mon Sep 17 00:00:00 2001
+From: Rohan Dutta <drohan@codeaurora.org>
+Date: Tue, 27 Oct 2020 12:09:10 +0200
+Subject: [PATCH] cfg80211: Add support to configure SAE PWE value to drivers
+
+Add support to configure SAE PWE preference from userspace to drivers in
+both AP and STA modes. This is needed for cases where the driver takes
+care of Authentication frame processing (SME in the driver) so that
+correct enforcement of the acceptable PWE derivation mechanism can be
+performed.
+
+The userspace applications can pass the sae_pwe value using the
+NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and
+NL80211_CMD_START_AP commands to the driver. This allows selection
+between the hunting-and-pecking loop and hash-to-element options for PWE
+derivation. For backwards compatibility, this new attribute is optional
+and if not included, the driver is notified of the value being
+unspecified.
+
+Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+ include/net/cfg80211.h | 9 +++++++++
+ include/uapi/linux/nl80211.h | 26 ++++++++++++++++++++++++++
+ net/wireless/nl80211.c | 9 +++++++++
+ 3 files changed, 44 insertions(+)
+
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -1009,6 +1009,14 @@ struct survey_info {
+ * @sae_pwd: password for SAE authentication (for devices supporting SAE
+ * offload)
+ * @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
++ * @sae_pwe: The mechanisms allowed for SAE PWE derivation
++ * NL80211_SAE_PWE_UNSPECIFIED: Not-specified, used to indicate userspace
++ * did not specify any preference. The driver should follow its
++ * internal policy in such a scenario.
++ * NL80211_SAE_PWE_HUNT_AND_PECK: Allow hunting-and-pecking loop only
++ * NL80211_SAE_PWE_HASH_TO_ELEMENT: Allow hash-to-element only
++ * NL80211_SAE_PWE_BOTH: Allow either hunting-and-pecking loop
++ * or hash-to-element
+ */
+ struct cfg80211_crypto_settings {
+ u32 wpa_versions;
+@@ -1027,6 +1035,7 @@ struct cfg80211_crypto_settings {
+ const u8 *psk;
+ const u8 *sae_pwd;
+ u8 sae_pwd_len;
++ enum nl80211_sae_pwe_mechanism sae_pwe;
+ };
+
+ /**
+--- a/include/uapi/linux/nl80211.h
++++ b/include/uapi/linux/nl80211.h
+@@ -2527,6 +2527,11 @@ enum nl80211_commands {
+ * override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
+ * NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
+ *
++ * @NL80211_ATTR_SAE_PWE: Indicates the mechanism(s) allowed for SAE PWE
++ * derivation in WPA3-Personal networks which are using SAE authentication.
++ * This is a u8 attribute that encapsulates one of the values from
++ * &enum nl80211_sae_pwe_mechanism.
++ *
+ * @NUM_NL80211_ATTR: total number of nl80211_attrs available
+ * @NL80211_ATTR_MAX: highest attribute number currently defined
+ * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -3016,6 +3021,8 @@ enum nl80211_attrs {
+ NL80211_ATTR_S1G_CAPABILITY,
+ NL80211_ATTR_S1G_CAPABILITY_MASK,
+
++ NL80211_ATTR_SAE_PWE,
++
+ /* add attributes here, update the policy in nl80211.c */
+
+ __NL80211_ATTR_AFTER_LAST,
+@@ -7124,4 +7131,23 @@ enum nl80211_unsol_bcast_probe_resp_attr
+ NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX =
+ __NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_LAST - 1
+ };
++
++/**
++ * enum nl80211_sae_pwe_mechanism - The mechanism(s) allowed for SAE PWE
++ * derivation. Applicable only when WPA3-Personal SAE authentication is
++ * used.
++ *
++ * @NL80211_SAE_PWE_UNSPECIFIED: not specified, used internally to indicate that
++ * attribute is not present from userspace.
++ * @NL80211_SAE_PWE_HUNT_AND_PECK: hunting-and-pecking loop only
++ * @NL80211_SAE_PWE_HASH_TO_ELEMENT: hash-to-element only
++ * @NL80211_SAE_PWE_BOTH: both hunting-and-pecking loop and hash-to-element
++ * can be used.
++ */
++enum nl80211_sae_pwe_mechanism {
++ NL80211_SAE_PWE_UNSPECIFIED,
++ NL80211_SAE_PWE_HUNT_AND_PECK,
++ NL80211_SAE_PWE_HASH_TO_ELEMENT,
++ NL80211_SAE_PWE_BOTH,
++};
+ #endif /* __LINUX_NL80211_H */
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -732,6 +732,9 @@ static const struct nla_policy nl80211_p
+ NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+ [NL80211_ATTR_S1G_CAPABILITY_MASK] =
+ NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
++ [NL80211_ATTR_SAE_PWE] =
++ NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
++ NL80211_SAE_PWE_BOTH),
+ };
+
+ /* policy for the key attributes */
+@@ -9759,6 +9762,12 @@ static int nl80211_crypto_settings(struc
+ nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
+ }
+
++ if (info->attrs[NL80211_ATTR_SAE_PWE])
++ settings->sae_pwe =
++ nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
++ else
++ settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
++
+ return 0;
+ }
+
+From 3bb02143ff55fec55558da4ad48425bf368eb8ed Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Sun, 6 Dec 2020 14:54:42 +0200
Subject: [PATCH] cfg80211: support immediate reconnect request hint
Link: https://lore.kernel.org/r/iwlwifi.20201206145305.58d33941fb9d.I0e7168c205c7949529c8e3b86f3c9b12c01a7017@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
+ include/net/cfg80211.h | 4 +++-
+ include/uapi/linux/nl80211.h | 6 ++++++
+ net/mac80211/mlme.c | 5 +++--
+ net/wireless/mlme.c | 26 +++++++++++++++-----------
+ net/wireless/nl80211.c | 23 +++++++++++++++--------
+ net/wireless/nl80211.h | 8 +++++---
+ net/wireless/trace.h | 12 ++++++++----
+ 7 files changed, 55 insertions(+), 29 deletions(-)
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
-@@ -6410,13 +6410,15 @@ void cfg80211_abandon_assoc(struct net_d
+@@ -6419,13 +6419,15 @@ void cfg80211_abandon_assoc(struct net_d
* @dev: network device
* @buf: 802.11 frame (header + body)
* @len: length of the frame data
* cfg80211_rx_unprot_mlme_mgmt - notification of unprotected mlme mgmt frame
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
-@@ -2527,6 +2527,10 @@ enum nl80211_commands {
- * override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
- * NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
+@@ -2532,6 +2532,10 @@ enum nl80211_commands {
+ * This is a u8 attribute that encapsulates one of the values from
+ * &enum nl80211_sae_pwe_mechanism.
*
+ * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and
+ * disassoc events to indicate that an immediate reconnect to the AP
* @NUM_NL80211_ATTR: total number of nl80211_attrs available
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3016,6 +3020,8 @@ enum nl80211_attrs {
- NL80211_ATTR_S1G_CAPABILITY,
- NL80211_ATTR_S1G_CAPABILITY_MASK,
+@@ -3023,6 +3027,8 @@ enum nl80211_attrs {
+
+ NL80211_ATTR_SAE_PWE,
+ NL80211_ATTR_RECONNECT_REQUESTED,
+
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -732,6 +732,7 @@ static const struct nla_policy nl80211_p
- NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
- [NL80211_ATTR_S1G_CAPABILITY_MASK] =
- NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+@@ -735,6 +735,7 @@ static const struct nla_policy nl80211_p
+ [NL80211_ATTR_SAE_PWE] =
+ NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
+ NL80211_SAE_PWE_BOTH),
+ [NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
};
/* policy for the key attributes */
-@@ -15899,7 +15900,7 @@ static void nl80211_send_mlme_event(stru
+@@ -15908,7 +15909,7 @@ static void nl80211_send_mlme_event(stru
const u8 *buf, size_t len,
enum nl80211_commands cmd, gfp_t gfp,
int uapsd_queues, const u8 *req_ies,
{
struct sk_buff *msg;
void *hdr;
-@@ -15921,6 +15922,9 @@ static void nl80211_send_mlme_event(stru
+@@ -15930,6 +15931,9 @@ static void nl80211_send_mlme_event(stru
nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
goto nla_put_failure;
if (uapsd_queues >= 0) {
struct nlattr *nla_wmm =
nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
-@@ -15949,7 +15953,8 @@ void nl80211_send_rx_auth(struct cfg8021
+@@ -15958,7 +15962,8 @@ void nl80211_send_rx_auth(struct cfg8021
size_t len, gfp_t gfp)
{
nl80211_send_mlme_event(rdev, netdev, buf, len,
}
void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
-@@ -15959,23 +15964,25 @@ void nl80211_send_rx_assoc(struct cfg802
+@@ -15968,23 +15973,25 @@ void nl80211_send_rx_assoc(struct cfg802
{
nl80211_send_mlme_event(rdev, netdev, buf, len,
NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
}
void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
-@@ -16006,7 +16013,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
+@@ -16015,7 +16022,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
-@@ -3736,6 +3736,7 @@ struct mgmt_frame_regs {
+@@ -3745,6 +3745,7 @@ struct mgmt_frame_regs {
* (as advertised by the nl80211 feature flag.)
* @get_tx_power: store the current TX power into the dbm variable;
* return 0 if successful
*
* @set_wds_peer: set the WDS peer for a WDS interface
*
-@@ -4058,6 +4059,7 @@ struct cfg80211_ops {
+@@ -4067,6 +4068,7 @@ struct cfg80211_ops {
enum nl80211_tx_power_setting type, int mbm);
int (*get_tx_power)(struct wiphy *wiphy, struct wireless_dev *wdev,
int *dbm);
u8 ps_dtim_period;
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
-@@ -2531,6 +2531,9 @@ enum nl80211_commands {
+@@ -2536,6 +2536,9 @@ enum nl80211_commands {
* disassoc events to indicate that an immediate reconnect to the AP
* is desired.
*
* @NUM_NL80211_ATTR: total number of nl80211_attrs available
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3022,6 +3025,8 @@ enum nl80211_attrs {
+@@ -3029,6 +3032,8 @@ enum nl80211_attrs {
NL80211_ATTR_RECONNECT_REQUESTED,
local->hw.max_mtu = IEEE80211_MAX_DATA_LEN;
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -733,6 +733,7 @@ static const struct nla_policy nl80211_p
- [NL80211_ATTR_S1G_CAPABILITY_MASK] =
- NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+@@ -736,6 +736,7 @@ static const struct nla_policy nl80211_p
+ NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
+ NL80211_SAE_PWE_BOTH),
[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
+ [NL80211_ATTR_WIPHY_ANTENNA_GAIN] = { .type = NLA_U32 },
};
/* policy for the key attributes */
-@@ -3241,6 +3242,20 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -3244,6 +3245,20 @@ static int nl80211_set_wiphy(struct sk_b
if (result)
return result;
}
+diff --git a/nl80211.h b/nl80211.h
+index 47700a2..09892ca 100644
--- a/nl80211.h
+++ b/nl80211.h
-@@ -2527,6 +2527,13 @@ enum nl80211_commands {
+@@ -2527,6 +2527,18 @@ enum nl80211_commands {
* override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
* NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
*
++ * @NL80211_ATTR_SAE_PWE: Indicates the mechanism(s) allowed for SAE PWE
++ * derivation in WPA3-Personal networks which are using SAE authentication.
++ * This is a u8 attribute that encapsulates one of the values from
++ * &enum nl80211_sae_pwe_mechanism.
++ *
+ * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and
+ * disassoc events to indicate that an immediate reconnect to the AP
+ * is desired.
* @NUM_NL80211_ATTR: total number of nl80211_attrs available
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3016,6 +3023,10 @@ enum nl80211_attrs {
+@@ -3016,6 +3028,12 @@ enum nl80211_attrs {
NL80211_ATTR_S1G_CAPABILITY,
NL80211_ATTR_S1G_CAPABILITY_MASK,
++ NL80211_ATTR_SAE_PWE,
++
+ NL80211_ATTR_RECONNECT_REQUESTED,
+
+ NL80211_ATTR_WIPHY_ANTENNA_GAIN,
/* add attributes here, update the policy in nl80211.c */
__NL80211_ATTR_AFTER_LAST,
+@@ -7124,4 +7142,23 @@ enum nl80211_unsol_bcast_probe_resp_attributes {
+ NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX =
+ __NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_LAST - 1
+ };
++
++/**
++ * enum nl80211_sae_pwe_mechanism - The mechanism(s) allowed for SAE PWE
++ * derivation. Applicable only when WPA3-Personal SAE authentication is
++ * used.
++ *
++ * @NL80211_SAE_PWE_UNSPECIFIED: not specified, used internally to indicate that
++ * attribute is not present from userspace.
++ * @NL80211_SAE_PWE_HUNT_AND_PECK: hunting-and-pecking loop only
++ * @NL80211_SAE_PWE_HASH_TO_ELEMENT: hash-to-element only
++ * @NL80211_SAE_PWE_BOTH: both hunting-and-pecking loop and hash-to-element
++ * can be used.
++ */
++enum nl80211_sae_pwe_mechanism {
++ NL80211_SAE_PWE_UNSPECIFIED,
++ NL80211_SAE_PWE_HUNT_AND_PECK,
++ NL80211_SAE_PWE_HASH_TO_ELEMENT,
++ NL80211_SAE_PWE_BOTH,
++};
+ #endif /* __LINUX_NL80211_H */
projects / openwrt / staging / hauke.git / commitdiff