Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 63181060 authored by Jouni Malinen's avatar Jouni Malinen Committed by Johannes Berg
Browse files

cfg80211: Add Fast Initial Link Setup (FILS) auth algs 



This defines authentication algorithms for FILS (IEEE 802.11ai).

Signed-off-by: default avatarJouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 3f817fe7

include/linux/ieee80211.h

+3 −0
Original line number Diff line number Diff line
@@ -1576,6 +1576,9 @@ struct ieee80211_vht_operation { 
#define WLAN_AUTH_SHARED_KEY 1

#define WLAN_AUTH_FT 2

#define WLAN_AUTH_SAE 3

#define WLAN_AUTH_FILS_SK 4

#define WLAN_AUTH_FILS_SK_PFS 5

#define WLAN_AUTH_FILS_PK 6

#define WLAN_AUTH_LEAP 128



#define WLAN_AUTH_CHALLENGE_LEN 128

include/uapi/linux/nl80211.h

+6 −0
Original line number Diff line number Diff line
@@ -3669,6 +3669,9 @@ enum nl80211_bss_status { 
 * @NL80211_AUTHTYPE_FT: Fast BSS Transition (IEEE 802.11r)

 * @NL80211_AUTHTYPE_NETWORK_EAP: Network EAP (some Cisco APs and mainly LEAP)

 * @NL80211_AUTHTYPE_SAE: Simultaneous authentication of equals

 * @NL80211_AUTHTYPE_FILS_SK: Fast Initial Link Setup shared key

 * @NL80211_AUTHTYPE_FILS_SK_PFS: Fast Initial Link Setup shared key with PFS

 * @NL80211_AUTHTYPE_FILS_PK: Fast Initial Link Setup public key

 * @__NL80211_AUTHTYPE_NUM: internal

 * @NL80211_AUTHTYPE_MAX: maximum valid auth algorithm

 * @NL80211_AUTHTYPE_AUTOMATIC: determine automatically (if necessary by
@@ -3681,6 +3684,9 @@ enum nl80211_auth_type { 
	NL80211_AUTHTYPE_FT,

	NL80211_AUTHTYPE_NETWORK_EAP,

	NL80211_AUTHTYPE_SAE,

	NL80211_AUTHTYPE_FILS_SK,

	NL80211_AUTHTYPE_FILS_SK_PFS,

	NL80211_AUTHTYPE_FILS_PK,



	/* keep last */

	__NL80211_AUTHTYPE_NUM,

net/wireless/nl80211.c

+19 −2
Original line number Diff line number Diff line
@@ -3778,12 +3778,23 @@ static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev, 
		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&

		    auth_type == NL80211_AUTHTYPE_SAE)

			return false;

		if (!wiphy_ext_feature_isset(&rdev->wiphy,

					     NL80211_EXT_FEATURE_FILS_STA) &&

		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||

		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||

		     auth_type == NL80211_AUTHTYPE_FILS_PK))

			return false;

		return true;

	case NL80211_CMD_CONNECT:

	case NL80211_CMD_START_AP:

		/* SAE not supported yet */

		if (auth_type == NL80211_AUTHTYPE_SAE)

			return false;

		/* FILS not supported yet */

		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||

		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||

		    auth_type == NL80211_AUTHTYPE_FILS_PK)

			return false;

		return true;

	default:

		return false;
@@ -7810,12 +7821,18 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 
	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))

		return -EINVAL;



	if (auth_type == NL80211_AUTHTYPE_SAE &&

	if ((auth_type == NL80211_AUTHTYPE_SAE ||

	     auth_type == NL80211_AUTHTYPE_FILS_SK ||

	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||

	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&

	    !info->attrs[NL80211_ATTR_AUTH_DATA])

		return -EINVAL;



	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {

		if (auth_type != NL80211_AUTHTYPE_SAE)

		if (auth_type != NL80211_AUTHTYPE_SAE &&

		    auth_type != NL80211_AUTHTYPE_FILS_SK &&

		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&

		    auth_type != NL80211_AUTHTYPE_FILS_PK)

			return -EINVAL;

		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);

		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);