mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-23 12:58:23 +00:00
510 lines
16 KiB
Diff
510 lines
16 KiB
Diff
|
From: Hante Meuleman <hante.meuleman@broadcom.com>
|
||
|
Date: Wed, 17 Feb 2016 11:27:10 +0100
|
||
|
Subject: [PATCH] brcmfmac: add 802.11w management frame protection support
|
||
|
|
||
|
Add full support for both AP and STA for management frame protection.
|
||
|
|
||
|
Reviewed-by: Arend Van Spriel <arend.van@broadcom.com>
|
||
|
Reviewed-by: Franky (Zhenhui) Lin <franky.lin@broadcom.com>
|
||
|
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
|
||
|
Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com>
|
||
|
Signed-off-by: Arend van Spriel <arend@broadcom.com>
|
||
|
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
|
||
|
---
|
||
|
|
||
|
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
|
||
|
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
|
||
|
@@ -72,8 +72,13 @@
|
||
|
#define RSN_AKM_NONE 0 /* None (IBSS) */
|
||
|
#define RSN_AKM_UNSPECIFIED 1 /* Over 802.1x */
|
||
|
#define RSN_AKM_PSK 2 /* Pre-shared Key */
|
||
|
+#define RSN_AKM_SHA256_1X 5 /* SHA256, 802.1X */
|
||
|
+#define RSN_AKM_SHA256_PSK 6 /* SHA256, Pre-shared Key */
|
||
|
#define RSN_CAP_LEN 2 /* Length of RSN capabilities */
|
||
|
-#define RSN_CAP_PTK_REPLAY_CNTR_MASK 0x000C
|
||
|
+#define RSN_CAP_PTK_REPLAY_CNTR_MASK (BIT(2) | BIT(3))
|
||
|
+#define RSN_CAP_MFPR_MASK BIT(6)
|
||
|
+#define RSN_CAP_MFPC_MASK BIT(7)
|
||
|
+#define RSN_PMKID_COUNT_LEN 2
|
||
|
|
||
|
#define VNDR_IE_CMD_LEN 4 /* length of the set command
|
||
|
* string :"add", "del" (+ NUL)
|
||
|
@@ -211,12 +216,19 @@ static const struct ieee80211_regdomain
|
||
|
REG_RULE(5470-10, 5850+10, 80, 6, 20, 0), }
|
||
|
};
|
||
|
|
||
|
-static const u32 __wl_cipher_suites[] = {
|
||
|
+/* Note: brcmf_cipher_suites is an array of int defining which cipher suites
|
||
|
+ * are supported. A pointer to this array and the number of entries is passed
|
||
|
+ * on to upper layers. AES_CMAC defines whether or not the driver supports MFP.
|
||
|
+ * So the cipher suite AES_CMAC has to be the last one in the array, and when
|
||
|
+ * device does not support MFP then the number of suites will be decreased by 1
|
||
|
+ */
|
||
|
+static const u32 brcmf_cipher_suites[] = {
|
||
|
WLAN_CIPHER_SUITE_WEP40,
|
||
|
WLAN_CIPHER_SUITE_WEP104,
|
||
|
WLAN_CIPHER_SUITE_TKIP,
|
||
|
WLAN_CIPHER_SUITE_CCMP,
|
||
|
- WLAN_CIPHER_SUITE_AES_CMAC,
|
||
|
+ /* Keep as last entry: */
|
||
|
+ WLAN_CIPHER_SUITE_AES_CMAC
|
||
|
};
|
||
|
|
||
|
/* Vendor specific ie. id = 221, oui and type defines exact ie */
|
||
|
@@ -1533,7 +1545,7 @@ static s32 brcmf_set_auth_type(struct ne
|
||
|
|
||
|
static s32
|
||
|
brcmf_set_wsec_mode(struct net_device *ndev,
|
||
|
- struct cfg80211_connect_params *sme, bool mfp)
|
||
|
+ struct cfg80211_connect_params *sme)
|
||
|
{
|
||
|
struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
|
||
|
struct brcmf_cfg80211_security *sec;
|
||
|
@@ -1592,10 +1604,7 @@ brcmf_set_wsec_mode(struct net_device *n
|
||
|
sme->privacy)
|
||
|
pval = AES_ENABLED;
|
||
|
|
||
|
- if (mfp)
|
||
|
- wsec = pval | gval | MFP_CAPABLE;
|
||
|
- else
|
||
|
- wsec = pval | gval;
|
||
|
+ wsec = pval | gval;
|
||
|
err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wsec", wsec);
|
||
|
if (err) {
|
||
|
brcmf_err("error (%d)\n", err);
|
||
|
@@ -1612,56 +1621,100 @@ brcmf_set_wsec_mode(struct net_device *n
|
||
|
static s32
|
||
|
brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme)
|
||
|
{
|
||
|
- struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
|
||
|
- struct brcmf_cfg80211_security *sec;
|
||
|
- s32 val = 0;
|
||
|
- s32 err = 0;
|
||
|
+ struct brcmf_if *ifp = netdev_priv(ndev);
|
||
|
+ s32 val;
|
||
|
+ s32 err;
|
||
|
+ const struct brcmf_tlv *rsn_ie;
|
||
|
+ const u8 *ie;
|
||
|
+ u32 ie_len;
|
||
|
+ u32 offset;
|
||
|
+ u16 rsn_cap;
|
||
|
+ u32 mfp;
|
||
|
+ u16 count;
|
||
|
|
||
|
- if (sme->crypto.n_akm_suites) {
|
||
|
- err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev),
|
||
|
- "wpa_auth", &val);
|
||
|
- if (err) {
|
||
|
- brcmf_err("could not get wpa_auth (%d)\n", err);
|
||
|
- return err;
|
||
|
+ if (!sme->crypto.n_akm_suites)
|
||
|
+ return 0;
|
||
|
+
|
||
|
+ err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), "wpa_auth", &val);
|
||
|
+ if (err) {
|
||
|
+ brcmf_err("could not get wpa_auth (%d)\n", err);
|
||
|
+ return err;
|
||
|
+ }
|
||
|
+ if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
|
||
|
+ switch (sme->crypto.akm_suites[0]) {
|
||
|
+ case WLAN_AKM_SUITE_8021X:
|
||
|
+ val = WPA_AUTH_UNSPECIFIED;
|
||
|
+ break;
|
||
|
+ case WLAN_AKM_SUITE_PSK:
|
||
|
+ val = WPA_AUTH_PSK;
|
||
|
+ break;
|
||
|
+ default:
|
||
|
+ brcmf_err("invalid cipher group (%d)\n",
|
||
|
+ sme->crypto.cipher_group);
|
||
|
+ return -EINVAL;
|
||
|
}
|
||
|
- if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
|
||
|
- switch (sme->crypto.akm_suites[0]) {
|
||
|
- case WLAN_AKM_SUITE_8021X:
|
||
|
- val = WPA_AUTH_UNSPECIFIED;
|
||
|
- break;
|
||
|
- case WLAN_AKM_SUITE_PSK:
|
||
|
- val = WPA_AUTH_PSK;
|
||
|
- break;
|
||
|
- default:
|
||
|
- brcmf_err("invalid cipher group (%d)\n",
|
||
|
- sme->crypto.cipher_group);
|
||
|
- return -EINVAL;
|
||
|
- }
|
||
|
- } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
|
||
|
- switch (sme->crypto.akm_suites[0]) {
|
||
|
- case WLAN_AKM_SUITE_8021X:
|
||
|
- val = WPA2_AUTH_UNSPECIFIED;
|
||
|
- break;
|
||
|
- case WLAN_AKM_SUITE_PSK:
|
||
|
- val = WPA2_AUTH_PSK;
|
||
|
- break;
|
||
|
- default:
|
||
|
- brcmf_err("invalid cipher group (%d)\n",
|
||
|
- sme->crypto.cipher_group);
|
||
|
- return -EINVAL;
|
||
|
- }
|
||
|
+ } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
|
||
|
+ switch (sme->crypto.akm_suites[0]) {
|
||
|
+ case WLAN_AKM_SUITE_8021X:
|
||
|
+ val = WPA2_AUTH_UNSPECIFIED;
|
||
|
+ break;
|
||
|
+ case WLAN_AKM_SUITE_8021X_SHA256:
|
||
|
+ val = WPA2_AUTH_1X_SHA256;
|
||
|
+ break;
|
||
|
+ case WLAN_AKM_SUITE_PSK_SHA256:
|
||
|
+ val = WPA2_AUTH_PSK_SHA256;
|
||
|
+ break;
|
||
|
+ case WLAN_AKM_SUITE_PSK:
|
||
|
+ val = WPA2_AUTH_PSK;
|
||
|
+ break;
|
||
|
+ default:
|
||
|
+ brcmf_err("invalid cipher group (%d)\n",
|
||
|
+ sme->crypto.cipher_group);
|
||
|
+ return -EINVAL;
|
||
|
}
|
||
|
+ }
|
||
|
|
||
|
- brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
|
||
|
- err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev),
|
||
|
- "wpa_auth", val);
|
||
|
- if (err) {
|
||
|
- brcmf_err("could not set wpa_auth (%d)\n", err);
|
||
|
- return err;
|
||
|
- }
|
||
|
+ if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
|
||
|
+ goto skip_mfp_config;
|
||
|
+ /* The MFP mode (1 or 2) needs to be determined, parse IEs. The
|
||
|
+ * IE will not be verified, just a quick search for MFP config
|
||
|
+ */
|
||
|
+ rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie, sme->ie_len,
|
||
|
+ WLAN_EID_RSN);
|
||
|
+ if (!rsn_ie)
|
||
|
+ goto skip_mfp_config;
|
||
|
+ ie = (const u8 *)rsn_ie;
|
||
|
+ ie_len = rsn_ie->len + TLV_HDR_LEN;
|
||
|
+ /* Skip unicast suite */
|
||
|
+ offset = TLV_HDR_LEN + WPA_IE_VERSION_LEN + WPA_IE_MIN_OUI_LEN;
|
||
|
+ if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
|
||
|
+ goto skip_mfp_config;
|
||
|
+ /* Skip multicast suite */
|
||
|
+ count = ie[offset] + (ie[offset + 1] << 8);
|
||
|
+ offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
|
||
|
+ if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
|
||
|
+ goto skip_mfp_config;
|
||
|
+ /* Skip auth key management suite(s) */
|
||
|
+ count = ie[offset] + (ie[offset + 1] << 8);
|
||
|
+ offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
|
||
|
+ if (offset + WPA_IE_SUITE_COUNT_LEN > ie_len)
|
||
|
+ goto skip_mfp_config;
|
||
|
+ /* Ready to read capabilities */
|
||
|
+ mfp = BRCMF_MFP_NONE;
|
||
|
+ rsn_cap = ie[offset] + (ie[offset + 1] << 8);
|
||
|
+ if (rsn_cap & RSN_CAP_MFPR_MASK)
|
||
|
+ mfp = BRCMF_MFP_REQUIRED;
|
||
|
+ else if (rsn_cap & RSN_CAP_MFPC_MASK)
|
||
|
+ mfp = BRCMF_MFP_CAPABLE;
|
||
|
+ brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "mfp", mfp);
|
||
|
+
|
||
|
+skip_mfp_config:
|
||
|
+ brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
|
||
|
+ err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val);
|
||
|
+ if (err) {
|
||
|
+ brcmf_err("could not set wpa_auth (%d)\n", err);
|
||
|
+ return err;
|
||
|
}
|
||
|
- sec = &profile->sec;
|
||
|
- sec->wpa_auth = sme->crypto.akm_suites[0];
|
||
|
|
||
|
return err;
|
||
|
}
|
||
|
@@ -1827,7 +1880,7 @@ brcmf_cfg80211_connect(struct wiphy *wip
|
||
|
goto done;
|
||
|
}
|
||
|
|
||
|
- err = brcmf_set_wsec_mode(ndev, sme, sme->mfp == NL80211_MFP_REQUIRED);
|
||
|
+ err = brcmf_set_wsec_mode(ndev, sme);
|
||
|
if (err) {
|
||
|
brcmf_err("wl_set_set_cipher failed (%d)\n", err);
|
||
|
goto done;
|
||
|
@@ -2077,10 +2130,12 @@ brcmf_cfg80211_del_key(struct wiphy *wip
|
||
|
u8 key_idx, bool pairwise, const u8 *mac_addr)
|
||
|
{
|
||
|
struct brcmf_if *ifp = netdev_priv(ndev);
|
||
|
- struct brcmf_wsec_key key;
|
||
|
- s32 err = 0;
|
||
|
+ struct brcmf_wsec_key *key;
|
||
|
+ s32 err;
|
||
|
|
||
|
brcmf_dbg(TRACE, "Enter\n");
|
||
|
+ brcmf_dbg(CONN, "key index (%d)\n", key_idx);
|
||
|
+
|
||
|
if (!check_vif_up(ifp->vif))
|
||
|
return -EIO;
|
||
|
|
||
|
@@ -2089,16 +2144,19 @@ brcmf_cfg80211_del_key(struct wiphy *wip
|
||
|
return -EINVAL;
|
||
|
}
|
||
|
|
||
|
- memset(&key, 0, sizeof(key));
|
||
|
+ key = &ifp->vif->profile.key[key_idx];
|
||
|
|
||
|
- key.index = (u32)key_idx;
|
||
|
- key.flags = BRCMF_PRIMARY_KEY;
|
||
|
- key.algo = CRYPTO_ALGO_OFF;
|
||
|
+ if (key->algo == CRYPTO_ALGO_OFF) {
|
||
|
+ brcmf_dbg(CONN, "Ignore clearing of (never configured) key\n");
|
||
|
+ return -EINVAL;
|
||
|
+ }
|
||
|
|
||
|
- brcmf_dbg(CONN, "key index (%d)\n", key_idx);
|
||
|
+ memset(key, 0, sizeof(*key));
|
||
|
+ key->index = (u32)key_idx;
|
||
|
+ key->flags = BRCMF_PRIMARY_KEY;
|
||
|
|
||
|
- /* Set the new key/index */
|
||
|
- err = send_key_to_dongle(ifp, &key);
|
||
|
+ /* Clear the key/index */
|
||
|
+ err = send_key_to_dongle(ifp, key);
|
||
|
|
||
|
brcmf_dbg(TRACE, "Exit\n");
|
||
|
return err;
|
||
|
@@ -2106,8 +2164,8 @@ brcmf_cfg80211_del_key(struct wiphy *wip
|
||
|
|
||
|
static s32
|
||
|
brcmf_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
|
||
|
- u8 key_idx, bool pairwise, const u8 *mac_addr,
|
||
|
- struct key_params *params)
|
||
|
+ u8 key_idx, bool pairwise, const u8 *mac_addr,
|
||
|
+ struct key_params *params)
|
||
|
{
|
||
|
struct brcmf_if *ifp = netdev_priv(ndev);
|
||
|
struct brcmf_wsec_key *key;
|
||
|
@@ -2214,9 +2272,10 @@ done:
|
||
|
}
|
||
|
|
||
|
static s32
|
||
|
-brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev,
|
||
|
- u8 key_idx, bool pairwise, const u8 *mac_addr, void *cookie,
|
||
|
- void (*callback) (void *cookie, struct key_params * params))
|
||
|
+brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, u8 key_idx,
|
||
|
+ bool pairwise, const u8 *mac_addr, void *cookie,
|
||
|
+ void (*callback)(void *cookie,
|
||
|
+ struct key_params *params))
|
||
|
{
|
||
|
struct key_params params;
|
||
|
struct brcmf_if *ifp = netdev_priv(ndev);
|
||
|
@@ -2268,8 +2327,15 @@ done:
|
||
|
|
||
|
static s32
|
||
|
brcmf_cfg80211_config_default_mgmt_key(struct wiphy *wiphy,
|
||
|
- struct net_device *ndev, u8 key_idx)
|
||
|
+ struct net_device *ndev, u8 key_idx)
|
||
|
{
|
||
|
+ struct brcmf_if *ifp = netdev_priv(ndev);
|
||
|
+
|
||
|
+ brcmf_dbg(TRACE, "Enter key_idx %d\n", key_idx);
|
||
|
+
|
||
|
+ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
|
||
|
+ return 0;
|
||
|
+
|
||
|
brcmf_dbg(INFO, "Not supported\n");
|
||
|
|
||
|
return -EOPNOTSUPP;
|
||
|
@@ -3769,7 +3835,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
|
||
|
u32 auth = 0; /* d11 open authentication */
|
||
|
u16 count;
|
||
|
s32 err = 0;
|
||
|
- s32 len = 0;
|
||
|
+ s32 len;
|
||
|
u32 i;
|
||
|
u32 wsec;
|
||
|
u32 pval = 0;
|
||
|
@@ -3779,6 +3845,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
|
||
|
u8 *data;
|
||
|
u16 rsn_cap;
|
||
|
u32 wme_bss_disable;
|
||
|
+ u32 mfp;
|
||
|
|
||
|
brcmf_dbg(TRACE, "Enter\n");
|
||
|
if (wpa_ie == NULL)
|
||
|
@@ -3893,19 +3960,53 @@ brcmf_configure_wpaie(struct brcmf_if *i
|
||
|
is_rsn_ie ? (wpa_auth |= WPA2_AUTH_PSK) :
|
||
|
(wpa_auth |= WPA_AUTH_PSK);
|
||
|
break;
|
||
|
+ case RSN_AKM_SHA256_PSK:
|
||
|
+ brcmf_dbg(TRACE, "RSN_AKM_MFP_PSK\n");
|
||
|
+ wpa_auth |= WPA2_AUTH_PSK_SHA256;
|
||
|
+ break;
|
||
|
+ case RSN_AKM_SHA256_1X:
|
||
|
+ brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n");
|
||
|
+ wpa_auth |= WPA2_AUTH_1X_SHA256;
|
||
|
+ break;
|
||
|
default:
|
||
|
brcmf_err("Ivalid key mgmt info\n");
|
||
|
}
|
||
|
offset++;
|
||
|
}
|
||
|
|
||
|
+ mfp = BRCMF_MFP_NONE;
|
||
|
if (is_rsn_ie) {
|
||
|
wme_bss_disable = 1;
|
||
|
if ((offset + RSN_CAP_LEN) <= len) {
|
||
|
rsn_cap = data[offset] + (data[offset + 1] << 8);
|
||
|
if (rsn_cap & RSN_CAP_PTK_REPLAY_CNTR_MASK)
|
||
|
wme_bss_disable = 0;
|
||
|
+ if (rsn_cap & RSN_CAP_MFPR_MASK) {
|
||
|
+ brcmf_dbg(TRACE, "MFP Required\n");
|
||
|
+ mfp = BRCMF_MFP_REQUIRED;
|
||
|
+ /* Firmware only supports mfp required in
|
||
|
+ * combination with WPA2_AUTH_PSK_SHA256 or
|
||
|
+ * WPA2_AUTH_1X_SHA256.
|
||
|
+ */
|
||
|
+ if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 |
|
||
|
+ WPA2_AUTH_1X_SHA256))) {
|
||
|
+ err = -EINVAL;
|
||
|
+ goto exit;
|
||
|
+ }
|
||
|
+ /* Firmware has requirement that WPA2_AUTH_PSK/
|
||
|
+ * WPA2_AUTH_UNSPECIFIED be set, if SHA256 OUI
|
||
|
+ * is to be included in the rsn ie.
|
||
|
+ */
|
||
|
+ if (wpa_auth & WPA2_AUTH_PSK_SHA256)
|
||
|
+ wpa_auth |= WPA2_AUTH_PSK;
|
||
|
+ else if (wpa_auth & WPA2_AUTH_1X_SHA256)
|
||
|
+ wpa_auth |= WPA2_AUTH_UNSPECIFIED;
|
||
|
+ } else if (rsn_cap & RSN_CAP_MFPC_MASK) {
|
||
|
+ brcmf_dbg(TRACE, "MFP Capable\n");
|
||
|
+ mfp = BRCMF_MFP_CAPABLE;
|
||
|
+ }
|
||
|
}
|
||
|
+ offset += RSN_CAP_LEN;
|
||
|
/* set wme_bss_disable to sync RSN Capabilities */
|
||
|
err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable",
|
||
|
wme_bss_disable);
|
||
|
@@ -3913,6 +4014,21 @@ brcmf_configure_wpaie(struct brcmf_if *i
|
||
|
brcmf_err("wme_bss_disable error %d\n", err);
|
||
|
goto exit;
|
||
|
}
|
||
|
+
|
||
|
+ /* Skip PMKID cnt as it is know to be 0 for AP. */
|
||
|
+ offset += RSN_PMKID_COUNT_LEN;
|
||
|
+
|
||
|
+ /* See if there is BIP wpa suite left for MFP */
|
||
|
+ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP) &&
|
||
|
+ ((offset + WPA_IE_MIN_OUI_LEN) <= len)) {
|
||
|
+ err = brcmf_fil_bsscfg_data_set(ifp, "bip",
|
||
|
+ &data[offset],
|
||
|
+ WPA_IE_MIN_OUI_LEN);
|
||
|
+ if (err < 0) {
|
||
|
+ brcmf_err("bip error %d\n", err);
|
||
|
+ goto exit;
|
||
|
+ }
|
||
|
+ }
|
||
|
}
|
||
|
/* FOR WPS , set SES_OW_ENABLED */
|
||
|
wsec = (pval | gval | SES_OW_ENABLED);
|
||
|
@@ -3929,6 +4045,16 @@ brcmf_configure_wpaie(struct brcmf_if *i
|
||
|
brcmf_err("wsec error %d\n", err);
|
||
|
goto exit;
|
||
|
}
|
||
|
+ /* Configure MFP, this needs to go after wsec otherwise the wsec command
|
||
|
+ * will overwrite the values set by MFP
|
||
|
+ */
|
||
|
+ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) {
|
||
|
+ err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp);
|
||
|
+ if (err < 0) {
|
||
|
+ brcmf_err("mfp error %d\n", err);
|
||
|
+ goto exit;
|
||
|
+ }
|
||
|
+ }
|
||
|
/* set upper-layer auth */
|
||
|
err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_auth);
|
||
|
if (err < 0) {
|
||
|
@@ -6149,8 +6275,10 @@ static int brcmf_setup_wiphy(struct wiph
|
||
|
wiphy->n_addresses = i;
|
||
|
|
||
|
wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
|
||
|
- wiphy->cipher_suites = __wl_cipher_suites;
|
||
|
- wiphy->n_cipher_suites = ARRAY_SIZE(__wl_cipher_suites);
|
||
|
+ wiphy->cipher_suites = brcmf_cipher_suites;
|
||
|
+ wiphy->n_cipher_suites = ARRAY_SIZE(brcmf_cipher_suites);
|
||
|
+ if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
|
||
|
+ wiphy->n_cipher_suites--;
|
||
|
wiphy->flags |= WIPHY_FLAG_PS_ON_BY_DEFAULT |
|
||
|
WIPHY_FLAG_OFFCHAN_TX |
|
||
|
WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
|
||
|
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
|
||
|
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
|
||
|
@@ -72,7 +72,7 @@
|
||
|
|
||
|
#define BRCMF_VNDR_IE_P2PAF_SHIFT 12
|
||
|
|
||
|
-#define BRCMF_MAX_DEFAULT_KEYS 4
|
||
|
+#define BRCMF_MAX_DEFAULT_KEYS 6
|
||
|
|
||
|
/* beacon loss timeout defaults */
|
||
|
#define BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON 2
|
||
|
@@ -107,7 +107,6 @@ struct brcmf_cfg80211_security {
|
||
|
u32 auth_type;
|
||
|
u32 cipher_pairwise;
|
||
|
u32 cipher_group;
|
||
|
- u32 wpa_auth;
|
||
|
};
|
||
|
|
||
|
/**
|
||
|
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
|
||
|
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
|
||
|
@@ -161,6 +161,7 @@ void brcmf_feat_attach(struct brcmf_pub
|
||
|
ifp->drvr->feat_flags &= ~BIT(BRCMF_FEAT_MBSS);
|
||
|
brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_RSDB, "rsdb_mode");
|
||
|
brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_TDLS, "tdls_enable");
|
||
|
+ brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_MFP, "mfp");
|
||
|
|
||
|
pfn_mac.version = BRCMF_PFN_MACADDR_CFG_VER;
|
||
|
err = brcmf_fil_iovar_data_get(ifp, "pfn_macaddr", &pfn_mac,
|
||
|
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h
|
||
|
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h
|
||
|
@@ -30,6 +30,7 @@
|
||
|
* WOWL_ND: WOWL net detect (PNO)
|
||
|
* WOWL_GTK: (WOWL) GTK rekeying offload
|
||
|
* WOWL_ARP_ND: ARP and Neighbor Discovery offload support during WOWL.
|
||
|
+ * MFP: 802.11w Management Frame Protection.
|
||
|
*/
|
||
|
#define BRCMF_FEAT_LIST \
|
||
|
BRCMF_FEAT_DEF(MBSS) \
|
||
|
@@ -42,7 +43,8 @@
|
||
|
BRCMF_FEAT_DEF(SCAN_RANDOM_MAC) \
|
||
|
BRCMF_FEAT_DEF(WOWL_ND) \
|
||
|
BRCMF_FEAT_DEF(WOWL_GTK) \
|
||
|
- BRCMF_FEAT_DEF(WOWL_ARP_ND)
|
||
|
+ BRCMF_FEAT_DEF(WOWL_ARP_ND) \
|
||
|
+ BRCMF_FEAT_DEF(MFP)
|
||
|
|
||
|
/*
|
||
|
* Quirks:
|
||
|
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
|
||
|
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
|
||
|
@@ -142,6 +142,10 @@
|
||
|
#define BRCMF_RSN_KEK_LENGTH 16
|
||
|
#define BRCMF_RSN_REPLAY_LEN 8
|
||
|
|
||
|
+#define BRCMF_MFP_NONE 0
|
||
|
+#define BRCMF_MFP_CAPABLE 1
|
||
|
+#define BRCMF_MFP_REQUIRED 2
|
||
|
+
|
||
|
/* join preference types for join_pref iovar */
|
||
|
enum brcmf_join_pref_types {
|
||
|
BRCMF_JOIN_PREF_RSSI = 1,
|
||
|
--- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h
|
||
|
+++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h
|
||
|
@@ -236,6 +236,8 @@ static inline bool ac_bitmap_tst(u8 bitm
|
||
|
#define WPA2_AUTH_RESERVED3 0x0200
|
||
|
#define WPA2_AUTH_RESERVED4 0x0400
|
||
|
#define WPA2_AUTH_RESERVED5 0x0800
|
||
|
+#define WPA2_AUTH_1X_SHA256 0x1000 /* 1X with SHA256 key derivation */
|
||
|
+#define WPA2_AUTH_PSK_SHA256 0x8000 /* PSK with SHA256 key derivation */
|
||
|
|
||
|
#define DOT11_DEFAULT_RTS_LEN 2347
|
||
|
#define DOT11_DEFAULT_FRAG_LEN 2346
|