Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kirkstone migration: update wpa-supplicant package 

Mainly, refresh patches so they apply on top of wpa-supplicant 2.10

Murata patches from release: cypress-fmac-v5.10.9-2022_0331

NOTE: the wpa-supplicant patches in the cypress release apply on top of
1759a8e3f36a commit of the hostapd.git repository. That repository
includes both the wpa-supplicant and the hostapd packages code. In Yocto
the wpa-supplicant recipe uses the release tarball, so there is no
'hostapd' folder included. Thus, the cypress patches that changed code
in 'hostapd' and 'wpa_supplicant' folders, have been splitted in two
(the hostapd changes and the rest). In the recipe the patches that
changed 'hostapd' code have been marked as 'apply=no' because they won't
apply to the tarball, but they have not been deleted for traceability.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
This commit is contained in:
Javier Viguera 2022-05-25 14:23:25 +02:00
parent 674af78711
commit 11b802ddb6
33 changed files with 1883 additions and 1066 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-wpa_supplicant-enable-control-socket-interface-when-.patch
View File

@ -14,7 +14,7 @@ Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
index d97ff3921..98b72cf32 100644
index d97ff392175d..98b72cf32481 100644
--- a/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
+++ b/wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in
@@ -1,5 +1,5 @@

7
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-wpa_supplicant-systemd-enable-control-socket-interfa.patch
View File

@ -15,12 +15,10 @@ Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in
index 75a37a8cd..6d3a04a0e 100644
index 58a622887cd9..cdc547f2ac5b 100644
--- a/wpa_supplicant/systemd/wpa_supplicant.service.in
+++ b/wpa_supplicant/systemd/wpa_supplicant.service.in
@@ -4,10 +4,10 @@ Before=network.target
Wants=network.target
@@ -7,7 +7,7 @@ Wants=network.target
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
@ -29,4 +27,3 @@ index 75a37a8cd..6d3a04a0e 100644
[Install]
WantedBy=multi-user.target
Alias=dbus-fi.w1.wpa_supplicant1.service

35
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-mesh-encapsulate-VHT-property-with-the-proper-CONFIG.patch
View File

@ -1,35 +0,0 @@
From: Arturo Buzarra <arturo.buzarra@digi.com>
Date: Mon, 9 Mar 2020 17:18:35 +0100
Subject: [PATCH] mesh: Fix CONFIG_HT_OVERRIDES build without CONFIG_VHT_OVERRIDES
Commit e5a9b1e8a3 ("mesh: Implement use of VHT20 config in mesh mode")
introduced the possibility to check the disable_vht param. However, this
entry is only available when CONFIG_VHT_OVERRIDES is enabled and as
such, this broke the build for some cases.
Fix this by encapsulating VHT property with the proper CONFIG entry.
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
---
wpa_supplicant/wpa_supplicant.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 911d79d17..3fbcf2a70 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2237,12 +2237,14 @@ void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
freq->channel = pri_chan->chan;
#ifdef CONFIG_HT_OVERRIDES
if (ssid->disable_ht40) {
+#ifdef CONFIG_VHT_OVERRIDES
if (ssid->disable_vht)
return;
+#endif /* CONFIG_VHT_OVERRIDES */
goto skip_ht40;
}
#endif /* CONFIG_HT_OVERRIDES */
/* Check/setup HT40+/HT40- */

13
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch
View File

@ -1,21 +1,19 @@
From 6ce23de6fdd3fd610baa3aec65753b30804cefac Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 11:32:11 +0800
Subject: [PATCH 01/20] wpa_supplicant: Support 4-way handshake offload for
FT-EAP
Subject: [PATCH] wpa_supplicant: Support 4-way handshake offload for FT-EAP
Add support of 4-way handshake offload for FT-EAP.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
wpa_supplicant/wpa_supplicant.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 911d79d17..73e69ab8f 100644
index d37a994f98a5..7e0e030b8081 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -3228,7 +3228,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
@@ -3898,7 +3898,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
(params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
@ -25,6 +23,3 @@ index 911d79d17..73e69ab8f 100644
params.req_handshake_offload = 1;
if (wpa_s->conf->key_mgmt_offload) {
--
2.17.1

18
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch
View File

@ -1,20 +1,19 @@
From 69ffae75ad735b5236ac9425f36e6ede7b6fdb92 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 15:22:57 +0800
Subject: [PATCH 02/20] wpa_supplicant: Notify Neighbor Report for
driver-triggered request
Subject: [PATCH] wpa_supplicant: Notify Neighbor Report for driver-triggered
request
Sending a Neighbor Report request can be triggered by either supplicant
or device driver. This patch adds the notification of incoming Neighbor
Report response for the driver-triggered request.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
wpa_supplicant/rrm.c | 100 +++++++++++++++++++++++++++++++++++--------
1 file changed, 83 insertions(+), 17 deletions(-)
diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
index 8468b2f86..98efa856c 100644
index cf107ebaf639..16e3ab318250 100644
--- a/wpa_supplicant/rrm.c
+++ b/wpa_supplicant/rrm.c
@@ -52,6 +52,71 @@ void wpas_rrm_reset(struct wpa_supplicant *wpa_s)
@ -62,7 +61,7 @@ index 8468b2f86..98efa856c 100644
+ if ((pos[0] != WLAN_EID_NEIGHBOR_REPORT) ||
+ (nr_len < NR_IE_MIN_LEN) ||
+ (2U + nr_len > len)) {
+ wpa_printf(MSG_DEBUG,
+ wpa_dbg(wpa_s, MSG_DEBUG,
+ "RRM: Invalid Neighbor Report element: "
+ "id=%u len=%zu nr_len=%u",
+ data[0], len, nr_len);
@ -112,7 +111,7 @@ index 8468b2f86..98efa856c 100644
+ }
- if (!wpa_s->rrm.notify_neighbor_rep) {
- wpa_printf(MSG_ERROR, "RRM: Unexpected neighbor report");
- wpa_msg(wpa_s, MSG_INFO, "RRM: Unexpected neighbor report");
- return;
+ eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler,
+ &wpa_s->rrm, NULL);
@ -121,7 +120,7 @@ index 8468b2f86..98efa856c 100644
/* skipping the first byte, which is only an id (dialog token) */
@@ -92,12 +155,15 @@ void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s,
wpabuf_put_data(neighbor_rep, report + 1, report_len - 1);
wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report (token = %d)",
wpa_dbg(wpa_s, MSG_DEBUG, "RRM: Notifying neighbor report (token = %d)",
report[0]);
- wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx,
- neighbor_rep);
@ -140,6 +139,3 @@ index 8468b2f86..98efa856c 100644
#if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
/* Workaround different, undefined for Windows, error codes used here */
--
2.17.1

14
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch
View File

@ -1,7 +1,6 @@
From d1a1dfa41029ca67c93e360268c87330ff172b79 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 15:55:21 +0800
Subject: [PATCH 03/20] nl80211: Report connection authorized in EVENT_ASSOC
Subject: [PATCH] nl80211: Report connection authorized in EVENT_ASSOC
When roaming in a network that requires 802.1X authentication, device
driver could set the authorized flag if 4-way handshake offload or FT
@ -10,16 +9,16 @@ offload is considered.
This patch enables the report of connection authorized in EVENT_ASSOC to
indicate the requirement of 802.1X authentication.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/drivers/driver_nl80211_event.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index 7c1633066..cf9c72fbf 100644
index 0f0a01d0180b..fe91fff908ea 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -422,7 +422,7 @@ static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
@@ -557,7 +557,7 @@ static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
wpa_ssid_txt(drv->ssid, drv->ssid_len));
}
@ -28,7 +27,7 @@ index 7c1633066..cf9c72fbf 100644
event.assoc_info.authorized = 1;
wpa_printf(MSG_DEBUG, "nl80211: connection authorized");
}
@@ -2529,7 +2529,8 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
@@ -2988,7 +2988,8 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
tb[NL80211_ATTR_RESP_IE],
tb[NL80211_ATTR_TIMED_OUT],
tb[NL80211_ATTR_TIMEOUT_REASON],
@ -38,6 +37,3 @@ index 7c1633066..cf9c72fbf 100644
tb[NL80211_ATTR_FILS_KEK],
NULL,
tb[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM],
--
2.17.1

15
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch
View File

@ -1,19 +1,17 @@
From 45be35df00f026bb14d176988d1593b1ea541e60 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 16:05:49 +0800
Subject: [PATCH 04/20] wpa_supplicant: Add PMKSA cache for 802.1X 4-way
handshake
Subject: [PATCH] wpa_supplicant: Add PMKSA cache for 802.1X 4-way handshake
Add PMKSA cache and set PMK to the driver for 802.1X 4-way handshake
offload.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
wpa_supplicant/wpas_glue.c | 59 +++++++++++++++++++++++---------------
1 file changed, 36 insertions(+), 23 deletions(-)
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 62af7f6b1..3a63bc7ea 100644
index 17fc05bcbdab..0cffe52fa9be 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -12,6 +12,7 @@
@ -24,7 +22,7 @@ index 62af7f6b1..3a63bc7ea 100644
#include "eloop.h"
#include "config.h"
#include "l2_packet/l2_packet.h"
@@ -272,6 +273,7 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
@@ -285,6 +286,7 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
void *ctx)
{
struct wpa_supplicant *wpa_s = ctx;
@ -32,7 +30,7 @@ index 62af7f6b1..3a63bc7ea 100644
int res, pmk_len;
u8 pmk[PMK_LEN];
@@ -306,35 +308,46 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
@@ -319,35 +321,46 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
"handshake");
pmk_len = PMK_LEN;
@ -102,6 +100,3 @@ index 62af7f6b1..3a63bc7ea 100644
}
wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
--
2.17.1

12
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch → meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0005-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch
View File

@ -1,22 +1,21 @@
From 8fabb3a2f5c8c1efb7c92a03079e760e88aa04aa Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Fri, 8 Nov 2019 13:23:05 -0600
Subject: [PATCH 08/20] OpenSSL: Fix build with OpenSSL 1.0.1
Subject: [PATCH] OpenSSL: Fix build with OpenSSL 1.0.1
The openssl_debug_dump_certificate_chains() implementation used
SSL_CERT_SET_FIRST and SSL_CERT_SET_NEXT, which were added in OpenSSL
1.0.2. Bypass this function to fix build failure with OpenSSL 1.0.1.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/crypto/tls_openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 07d38e47b..a74af7bbf 100644
index c9e00b3af855..9e5b48a9c18b 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -5201,7 +5201,8 @@ static void openssl_debug_dump_certificates(SSL_CTX *ssl_ctx)
@@ -5410,7 +5410,8 @@ static void openssl_debug_dump_certificates(SSL_CTX *ssl_ctx)
static void openssl_debug_dump_certificate_chains(SSL_CTX *ssl_ctx)
{
@ -26,6 +25,3 @@ index 07d38e47b..a74af7bbf 100644
int res;
for (res = SSL_CTX_set_current_cert(ssl_ctx, SSL_CERT_SET_FIRST);
--
2.17.1

244
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch
View File

@ -1,244 +0,0 @@
From 0a05505eff7c36f81e946eeaa79e8f50900365aa Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 10 Sep 2019 13:42:14 +0300
Subject: [PATCH 05/20] Sync with mac80211-next.git
include/uapi/linux/nl80211.h
commit 262b71eead4752b4f3f3285f2ee2041c5b115202 master.
This brings in nl80211 definitions as of 2019-08-30.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/drivers/nl80211_copy.h | 91 ++++++++++++++++++++++++++++++++++++--
1 file changed, 88 insertions(+), 3 deletions(-)
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index 6f09d1500..beee59c83 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -52,6 +52,11 @@
#define NL80211_MULTICAST_GROUP_NAN "nan"
#define NL80211_MULTICAST_GROUP_TESTMODE "testmode"
+#define NL80211_EDMG_BW_CONFIG_MIN 4
+#define NL80211_EDMG_BW_CONFIG_MAX 15
+#define NL80211_EDMG_CHANNELS_MIN 1
+#define NL80211_EDMG_CHANNELS_MAX 0x3c /* 0b00111100 */
+
/**
* DOC: Station handling
*
@@ -234,6 +239,15 @@
* use in a FILS shared key connection with PMKSA caching.
*/
+/**
+ * DOC: SAE authentication offload
+ *
+ * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
+ * support offloading SAE authentication for WPA3-Personal networks. In
+ * %NL80211_CMD_CONNECT the password for SAE should be specified using
+ * %NL80211_ATTR_SAE_PASSWORD.
+ */
+
/**
* enum nl80211_commands - supported nl80211 commands
*
@@ -648,7 +662,9 @@
* is used during CSA period.
* @NL80211_CMD_FRAME_WAIT_CANCEL: When an off-channel TX was requested, this
* command may be used with the corresponding cookie to cancel the wait
- * time if it is known that it is no longer necessary.
+ * time if it is known that it is no longer necessary. This command is
+ * also sent as an event whenever the driver has completed the off-channel
+ * wait time.
* @NL80211_CMD_ACTION: Alias for @NL80211_CMD_FRAME for backward compatibility.
* @NL80211_CMD_FRAME_TX_STATUS: Report TX status of a management frame
* transmitted with %NL80211_CMD_FRAME. %NL80211_ATTR_COOKIE identifies
@@ -2341,6 +2357,22 @@ enum nl80211_commands {
* should be picking up the lowest tx power, either tx power per-interface
* or per-station.
*
+ * @NL80211_ATTR_SAE_PASSWORD: attribute for passing SAE password material. It
+ * is used with %NL80211_CMD_CONNECT to provide password for offloading
+ * SAE authentication for WPA3-Personal networks.
+ *
+ * @NL80211_ATTR_TWT_RESPONDER: Enable target wait time responder support.
+ *
+ * @NL80211_ATTR_HE_OBSS_PD: nested attribute for OBSS Packet Detection
+ * functionality.
+ *
+ * @NL80211_ATTR_WIPHY_EDMG_CHANNELS: bitmap that indicates the 2.16 GHz
+ * channel(s) that are allowed to be used for EDMG transmissions.
+ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251. (u8 attribute)
+ * @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG: Channel BW Configuration subfield encodes
+ * the allowed channel bandwidth configurations. (u8 attribute)
+ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251, Table 13.
+ *
* @NUM_NL80211_ATTR: total number of nl80211_attrs available
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
@@ -2794,6 +2826,15 @@ enum nl80211_attrs {
NL80211_ATTR_STA_TX_POWER_SETTING,
NL80211_ATTR_STA_TX_POWER,
+ NL80211_ATTR_SAE_PASSWORD,
+
+ NL80211_ATTR_TWT_RESPONDER,
+
+ NL80211_ATTR_HE_OBSS_PD,
+
+ NL80211_ATTR_WIPHY_EDMG_CHANNELS,
+ NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
+
/* add attributes here, update the policy in nl80211.c */
__NL80211_ATTR_AFTER_LAST,
@@ -2844,7 +2885,7 @@ enum nl80211_attrs {
#define NL80211_HT_CAPABILITY_LEN 26
#define NL80211_VHT_CAPABILITY_LEN 12
#define NL80211_HE_MIN_CAPABILITY_LEN 16
-#define NL80211_HE_MAX_CAPABILITY_LEN 51
+#define NL80211_HE_MAX_CAPABILITY_LEN 54
#define NL80211_MAX_NR_CIPHER_SUITES 5
#define NL80211_MAX_NR_AKM_SUITES 2
@@ -3175,6 +3216,8 @@ enum nl80211_sta_bss_param {
* sent to the station (u64, usec)
* @NL80211_STA_INFO_AIRTIME_WEIGHT: current airtime weight for station (u16)
* @NL80211_STA_INFO_AIRTIME_LINK_METRIC: airtime link metric for mesh station
+ * @NL80211_STA_INFO_ASSOC_AT_BOOTTIME: Timestamp (CLOCK_BOOTTIME, nanoseconds)
+ * of STA's association
* @__NL80211_STA_INFO_AFTER_LAST: internal
* @NL80211_STA_INFO_MAX: highest possible station info attribute
*/
@@ -3221,6 +3264,7 @@ enum nl80211_sta_info {
NL80211_STA_INFO_TX_DURATION,
NL80211_STA_INFO_AIRTIME_WEIGHT,
NL80211_STA_INFO_AIRTIME_LINK_METRIC,
+ NL80211_STA_INFO_ASSOC_AT_BOOTTIME,
/* keep last */
__NL80211_STA_INFO_AFTER_LAST,
@@ -3402,6 +3446,12 @@ enum nl80211_band_iftype_attr {
* @NL80211_BAND_ATTR_VHT_CAPA: VHT capabilities, as in the HT information IE
* @NL80211_BAND_ATTR_IFTYPE_DATA: nested array attribute, with each entry using
* attributes from &enum nl80211_band_iftype_attr
+ * @NL80211_BAND_ATTR_EDMG_CHANNELS: bitmap that indicates the 2.16 GHz
+ * channel(s) that are allowed to be used for EDMG transmissions.
+ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251.
+ * @NL80211_BAND_ATTR_EDMG_BW_CONFIG: Channel BW Configuration subfield encodes
+ * the allowed channel bandwidth configurations.
+ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251, Table 13.
* @NL80211_BAND_ATTR_MAX: highest band attribute currently defined
* @__NL80211_BAND_ATTR_AFTER_LAST: internal use
*/
@@ -3419,6 +3469,9 @@ enum nl80211_band_attr {
NL80211_BAND_ATTR_VHT_CAPA,
NL80211_BAND_ATTR_IFTYPE_DATA,
+ NL80211_BAND_ATTR_EDMG_CHANNELS,
+ NL80211_BAND_ATTR_EDMG_BW_CONFIG,
+
/* keep last */
__NL80211_BAND_ATTR_AFTER_LAST,
NL80211_BAND_ATTR_MAX = __NL80211_BAND_ATTR_AFTER_LAST - 1
@@ -3817,6 +3870,8 @@ enum nl80211_user_reg_hint_type {
* @NL80211_SURVEY_INFO_TIME_SCAN: time the radio spent for scan
* (on this channel or globally)
* @NL80211_SURVEY_INFO_PAD: attribute used for padding for 64-bit alignment
+ * @NL80211_SURVEY_INFO_TIME_BSS_RX: amount of time the radio spent
+ * receiving frames destined to the local BSS
* @NL80211_SURVEY_INFO_MAX: highest survey info attribute number
* currently defined
* @__NL80211_SURVEY_INFO_AFTER_LAST: internal use
@@ -3833,6 +3888,7 @@ enum nl80211_survey_info {
NL80211_SURVEY_INFO_TIME_TX,
NL80211_SURVEY_INFO_TIME_SCAN,
NL80211_SURVEY_INFO_PAD,
+ NL80211_SURVEY_INFO_TIME_BSS_RX,
/* keep last */
__NL80211_SURVEY_INFO_AFTER_LAST,
@@ -4406,6 +4462,7 @@ enum nl80211_mfp {
enum nl80211_wpa_versions {
NL80211_WPA_VERSION_1 = 1 << 0,
NL80211_WPA_VERSION_2 = 1 << 1,
+ NL80211_WPA_VERSION_3 = 1 << 2,
};
/**
@@ -4516,6 +4573,7 @@ enum nl80211_txrate_gi {
* @NL80211_BAND_2GHZ: 2.4 GHz ISM band
* @NL80211_BAND_5GHZ: around 5 GHz band (4.9 - 5.7 GHz)
* @NL80211_BAND_60GHZ: around 60 GHz band (58.32 - 69.12 GHz)
+ * @NL80211_BAND_6GHZ: around 6 GHz band (5.9 - 7.2 GHz)
* @NUM_NL80211_BANDS: number of bands, avoid using this in userspace
* since newer kernel versions may support more bands
*/
@@ -4523,6 +4581,7 @@ enum nl80211_band {
NL80211_BAND_2GHZ,
NL80211_BAND_5GHZ,
NL80211_BAND_60GHZ,
+ NL80211_BAND_6GHZ,
NUM_NL80211_BANDS,
};
@@ -5314,7 +5373,7 @@ enum nl80211_feature_flags {
NL80211_FEATURE_TDLS_CHANNEL_SWITCH = 1 << 28,
NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR = 1 << 29,
NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR = 1 << 30,
- NL80211_FEATURE_ND_RANDOM_MAC_ADDR = 1 << 31,
+ NL80211_FEATURE_ND_RANDOM_MAC_ADDR = 1U << 31,
};
/**
@@ -5422,6 +5481,9 @@ enum nl80211_feature_flags {
* @NL80211_EXT_FEATURE_STA_TX_PWR: This driver supports controlling tx power
* to a station.
*
+ * @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in
+ * station mode (SAE password is passed as part of the connect command).
+ *
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
*/
@@ -5466,6 +5528,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD,
NL80211_EXT_FEATURE_EXT_KEY_ID,
NL80211_EXT_FEATURE_STA_TX_PWR,
+ NL80211_EXT_FEATURE_SAE_OFFLOAD,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
@@ -6464,4 +6527,26 @@ enum nl80211_peer_measurement_ftm_resp {
NL80211_PMSR_FTM_RESP_ATTR_MAX = NUM_NL80211_PMSR_FTM_RESP_ATTR - 1
};
+/**
+ * enum nl80211_obss_pd_attributes - OBSS packet detection attributes
+ * @__NL80211_HE_OBSS_PD_ATTR_INVALID: Invalid
+ *
+ * @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET: the OBSS PD minimum tx power offset.
+ * @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET: the OBSS PD maximum tx power offset.
+ *
+ * @__NL80211_HE_OBSS_PD_ATTR_LAST: Internal
+ * @NL80211_HE_OBSS_PD_ATTR_MAX: highest OBSS PD attribute.
+ */
+enum nl80211_obss_pd_attributes {
+ __NL80211_HE_OBSS_PD_ATTR_INVALID,
+
+ NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET,
+ NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET,
+
+ /* keep last */
+ __NL80211_HE_OBSS_PD_ATTR_LAST,
+ NL80211_HE_OBSS_PD_ATTR_MAX = __NL80211_HE_OBSS_PD_ATTR_LAST - 1,
+};
+
+
#endif /* __LINUX_NL80211_H */
--
2.17.1

46
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0006-nl80211-Check-SAE-authentication-offload-support.patch
View File

@ -1,45 +1,41 @@
From 52e388892a333c8366de69a2a09c00b86c60fadb Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 17:13:27 +0800
Subject: [PATCH 06/20] nl80211: Check SAE authentication offload support
Subject: [PATCH] nl80211: Check SAE authentication offload support
Set WPA_DRIVER_FLAGS_SAE_OFFLOAD flag if driver indicates SAE
Set WPA_DRIVER_FLAGS2_SAE_OFFLOAD flag if driver indicates SAE
authentication offload support.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/drivers/driver.h | 2 ++
src/drivers/driver_nl80211_capa.c | 4 ++++
2 files changed, 6 insertions(+)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 2a8459ae3..a9ea3d77c 100644
index d3312a34d8f8..c563317d1ffc 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1659,6 +1659,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
/** Driver support 4-way handshake offload for WPA-Personal */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
+/** Driver takes care of SAE authentication internally */
+#define WPA_DRIVER_FLAGS_SAE_OFFLOAD 0x0400000000000000ULL
u64 flags;
@@ -2027,6 +2027,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS2_OCV 0x0000000000000080ULL
/** Driver expects user space implementation of SME in AP mode */
#define WPA_DRIVER_FLAGS2_AP_SME 0x0000000000000100ULL
+/** Driver supports SAE authentication offload */
+#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD 0x0000000000000200ULL
u64 flags2;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 8318b10ab..9aeddec22 100644
index 83868b78e6f0..a443b7c873f7 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -433,6 +433,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
capa->flags |= WPA_DRIVER_FLAGS_FTM_RESPONDER;
+
@@ -594,6 +594,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_SAE_OFFLOAD))
+ capa->flags |= WPA_DRIVER_FLAGS_SAE_OFFLOAD;
}
--
2.17.1
+ capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD;
+
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_MFP_OPTIONAL))
capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;

44
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch
View File

@ -1,13 +1,12 @@
From bce18a1340c4d27666182bf51648037b7db28065 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 17:22:18 +0800
Subject: [PATCH 07/20] SAE: Pass SAE password on connect for SAE
authentication offload support
Subject: [PATCH] SAE: Pass SAE password on connect for SAE authentication
offload support
Pass SAE password on connect if driver advertises SAE authentication
offload support.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/drivers/driver.h | 8 ++++++++
src/drivers/driver_nl80211.c | 26 ++++++++++++++++++++++++--
@ -15,10 +14,10 @@ Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
3 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index a9ea3d77c..ef47efe05 100644
index c563317d1ffc..7cfa92ed8523 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -976,6 +976,14 @@ struct wpa_driver_associate_params {
@@ -1014,6 +1014,14 @@ struct wpa_driver_associate_params {
*/
const u8 *psk;
@ -26,7 +25,7 @@ index a9ea3d77c..ef47efe05 100644
+ * sae_password - Password for SAE authentication
+ *
+ * This value is made available only for WPA3-Personal (SAE) and only
+ * for drivers that set WPA_DRIVER_FLAGS_SAE_OFFLOAD.
+ * for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD.
+ */
+ const char *sae_password;
+
@ -34,10 +33,10 @@ index a9ea3d77c..ef47efe05 100644
* drop_unencrypted - Enable/disable unencrypted frame filtering
*
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 0a356eefd..bd804b7f0 100644
index aec179ac38cf..91e8d44d8329 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -5517,8 +5517,12 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
@@ -6173,8 +6173,12 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
if (params->wpa_proto & WPA_PROTO_WPA)
ver |= NL80211_WPA_VERSION_1;
@ -52,13 +51,13 @@ index 0a356eefd..bd804b7f0 100644
wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver);
if (nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
@@ -5648,6 +5652,22 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
@@ -6304,6 +6308,22 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
return -1;
}
+ /* add SAE password in case of SAE authentication offload */
+ if ((params->sae_password || params->passphrase) &&
+ (drv->capa.flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)) {
+ (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD)) {
+ const char *password;
+ size_t pwd_len;
+
@ -75,7 +74,7 @@ index 0a356eefd..bd804b7f0 100644
if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
return -1;
@@ -5755,6 +5775,8 @@ static int wpa_driver_nl80211_try_connect(
@@ -6419,6 +6439,8 @@ static int wpa_driver_nl80211_try_connect(
algs++;
if (params->auth_alg & WPA_AUTH_ALG_FT)
algs++;
@ -85,24 +84,24 @@ index 0a356eefd..bd804b7f0 100644
wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
"selection");
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 73e69ab8f..2f91e1f0c 100644
index 7e0e030b8081..a0fb73f43ab3 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1407,7 +1407,8 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
"WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
ie.key_mgmt, ssid->key_mgmt, sel);
@@ -1537,7 +1537,8 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
sel = ie.key_mgmt & ssid->key_mgmt;
#ifdef CONFIG_SAE
- if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
+ if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) &&
+ !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD))
+ !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD))
sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
#endif /* CONFIG_SAE */
if (0) {
@@ -3250,6 +3251,18 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
#ifdef CONFIG_IEEE80211R
@@ -3920,6 +3921,18 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
params.psk = ssid->psk;
}
+ if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD) &&
+ if ((wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD) &&
+ wpa_key_mgmt_sae(params.key_mgmt_suite)) {
+ params.auth_alg = WPA_AUTH_ALG_SAE;
+ if (ssid->sae_password)
@ -116,7 +115,4 @@ index 73e69ab8f..2f91e1f0c 100644
+
params.drop_unencrypted = use_crypt;
#ifdef CONFIG_IEEE80211W
--
2.17.1
params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);

80
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch → meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0008-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch
View File

@ -1,34 +1,33 @@
From 1ea301a06353817680bc85abde6f2b684d37c16e Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:02:39 -0600
Subject: [PATCH 10/20] nl80211: Support 4-way handshake offload for
WPA/WPA2-PSK in AP mode
Subject: [PATCH] nl80211: Support 4-way handshake offload for WPA/WPA2-PSK in
AP mode
If driver advertises support for WPA/WPA2-PSK 4-way handshake offload in
AP mode, set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK flag and pass PSK in
NL80211_CMD_NEW_BEACON command.
AP mode, set WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK flag and pass PSK
in NL80211_CMD_NEW_BEACON command.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/drivers/driver.h | 29 ++++++++++++++++++++++++++---
src/drivers/driver.h | 30 +++++++++++++++++++++++++++---
src/drivers/driver_nl80211.c | 8 ++++++++
src/drivers/driver_nl80211_capa.c | 3 +++
3 files changed, 37 insertions(+), 3 deletions(-)
src/drivers/driver_nl80211_capa.c | 4 ++++
3 files changed, 39 insertions(+), 3 deletions(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index ef47efe05..462e6f677 100644
index 7cfa92ed8523..a42ec5e1fac5 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1450,6 +1450,27 @@ struct wpa_driver_ap_params {
* type 11 as defined in IEEE Std 802.11-2016, 9.4.2.22.13
@@ -1590,6 +1590,27 @@ struct wpa_driver_ap_params {
* Unsolicited broadcast Probe Response template length
*/
const struct wpabuf *civic;
size_t unsol_bcast_probe_resp_tmpl_len;
+
+ /**
+ * passphrase - RSN passphrase for PSK
+ *
+ * This value is made available only for WPA/WPA2-Personal (PSK) and
+ * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK.
+ * only for drivers that set WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK.
+ * This is the 8..63 character ASCII passphrase, if available. Please
+ * note that this can be %NULL if passphrase was not used to generate
+ * the PSK. In that case, the psk field must be used to fetch the PSK.
@ -39,7 +38,7 @@ index ef47efe05..462e6f677 100644
+ * psk - RSN PSK (alternative for passphrase for PSK)
+ *
+ * This value is made available only for WPA/WPA2-Personal (PSK) and
+ * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK.
+ * only for drivers that set WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK.
+ * This is the 32-octet (256-bit) PSK, if available. The driver wrapper
+ * should be prepared to handle %NULL value as an error.
+ */
@ -47,64 +46,67 @@ index ef47efe05..462e6f677 100644
};
struct wpa_driver_mesh_bss_params {
@@ -1539,8 +1560,8 @@ struct wpa_driver_capa {
@@ -1872,8 +1893,9 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC 0x00000002
/** Driver takes care of all DFS operations */
#define WPA_DRIVER_FLAGS_DFS_OFFLOAD 0x00000004
-/** Driver takes care of RSN 4-way handshake internally; PMK is configured with
- * struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */
- * struct wpa_driver_ops::set_key using key_flag = KEY_FLAG_PMK */
+/** Driver takes care of RSN 4-way handshake internally in station mode; PMK is
+ * configured with struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */
+ * configured with struct wpa_driver_ops::set_key using key_flag = KEY_FLAG_PMK
+ */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X 0x00000008
/** Driver is for a wired Ethernet interface */
#define WPA_DRIVER_FLAGS_WIRED 0x00000010
@@ -1665,10 +1686,12 @@ struct wpa_driver_capa {
@@ -1998,7 +2020,7 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS_SELF_MANAGED_REGULATORY 0x0080000000000000ULL
/** Driver supports FTM responder functionality */
#define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
-/** Driver support 4-way handshake offload for WPA-Personal */
+/** Driver supports 4-way handshake offload for WPA-Personal in station mode*/
+/** Driver supports 4-way handshake offload for WPA-Personal in station mode */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
/** Driver takes care of SAE authentication internally */
#define WPA_DRIVER_FLAGS_SAE_OFFLOAD 0x0400000000000000ULL
/** Driver supports a separate control port TX for EAPOL frames */
#define WPA_DRIVER_FLAGS_CONTROL_PORT 0x0400000000000000ULL
@@ -2037,6 +2059,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS2_AP_SME 0x0000000000000100ULL
/** Driver supports SAE authentication offload */
#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD 0x0000000000000200ULL
+/** Driver supports 4-way handshake offload for WPA-Personal in AP mode */
+#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK 0x0800000000000000ULL
u64 flags;
+#define WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK 0x0000000000000400ULL
u64 flags2;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index bd804b7f0..4679c43d9 100644
index 91e8d44d8329..f228a071596f 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -4188,6 +4188,14 @@ static int wpa_driver_nl80211_set_ap(void *priv,
@@ -4677,6 +4677,14 @@ static int wpa_driver_nl80211_set_ap(void *priv,
nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
goto fail;
+ /* Add PSK in case of 4-way handshake offload */
+ if (params->psk &&
+ (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)) {
+ (drv->capa.flags2 & WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK)) {
+ wpa_hexdump_key(MSG_DEBUG, "nl80211: PSK", params->psk, 32);
+ if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk))
+ goto fail;
+ }
+
if (params->ht_opmode != -1) {
switch (params->smps_mode) {
case HT_CAP_INFO_SMPS_DYNAMIC:
if (params->beacon_ies) {
wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
params->beacon_ies);
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 9aeddec22..bd77a50ec 100644
index a443b7c873f7..dc4988c7c383 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -408,6 +408,9 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
if (ext_feature_isset(ext_features, len,
@@ -594,6 +594,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
+ capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK;
+ capa->flags2 |= WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK;
+
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_MFP_OPTIONAL))
--
2.17.1
NL80211_EXT_FEATURE_SAE_OFFLOAD))
capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD;

76
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch → meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0009-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch
View File

@ -1,30 +1,31 @@
From 6df8c5e8669ddf2f0921b9c87a44e7d66b4e6d56 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:03:57 -0600
Subject: [PATCH 11/20] AP: Support 4-way handshake offload for WPA/WPA2-PSK
Subject: [PATCH] AP: Support 4-way handshake offload for WPA/WPA2-PSK
Add support for WPA/WPA2-PSK 4-way handshake offload in AP mode. In this
case, the 4-way handshake is handled by driver instead of user space.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/ap/beacon.c | 8 ++++++++
src/ap/beacon.c | 10 ++++++++++
src/ap/hostapd.c | 8 +++++++-
src/ap/wpa_auth.c | 8 ++++++++
src/ap/wpa_auth.c | 16 ++++++++++++++++
src/ap/wpa_auth.h | 1 +
src/ap/wpa_auth_glue.c | 2 ++
5 files changed, 26 insertions(+), 1 deletion(-)
src/ap/wpa_auth_glue.c | 4 ++++
5 files changed, 38 insertions(+), 1 deletion(-)
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index a51b94960..73b231ab1 100644
index 8cd1c417043e..583b6836ec33 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1378,6 +1378,14 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
@@ -1753,6 +1753,16 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
}
}
+ if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) &&
+ (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)) {
+ if ((hapd->iface->drv_flags2 &
+ WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK) &&
+ (params->key_mgmt_suites &
+ (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_PSK_SHA256))) {
+ if (hapd->conf->ssid.wpa_passphrase)
+ params->passphrase = hapd->conf->ssid.wpa_passphrase;
+ if (hapd->conf->ssid.wpa_psk->psk)
@ -35,10 +36,10 @@ index a51b94960..73b231ab1 100644
}
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index bf1975fbd..f569e7661 100644
index 4b88641a2dde..464d8fa95fed 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -3049,6 +3049,8 @@ int hostapd_remove_iface(struct hapd_interfaces *interfaces, char *buf)
@@ -3203,6 +3203,8 @@ int hostapd_remove_iface(struct hapd_interfaces *interfaces, char *buf)
void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
int reassoc)
{
@ -47,13 +48,13 @@ index bf1975fbd..f569e7661 100644
if (hapd->tkip_countermeasures) {
hostapd_drv_sta_deauth(hapd, sta->addr,
WLAN_REASON_MICHAEL_MIC_FAILURE);
@@ -3085,7 +3087,11 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
@@ -3236,7 +3238,11 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
/* Start IEEE 802.1X authentication process for new stations */
ieee802_1x_new_station(hapd, sta);
if (reassoc) {
- if (sta->auth_alg != WLAN_AUTH_FT &&
+ if ((hapd->iface->drv_flags &
+ WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) &&
+ if ((hapd->iface->drv_flags2 &
+ WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK) &&
+ wpa_key_mgmt_wpa_psk(key_mgmt))
+ wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm);
+ else if (sta->auth_alg != WLAN_AUTH_FT &&
@ -61,10 +62,10 @@ index bf1975fbd..f569e7661 100644
sta->auth_alg != WLAN_AUTH_FILS_SK_PFS &&
sta->auth_alg != WLAN_AUTH_FILS_PK &&
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c56077001..c64ca6688 100644
index 6d60f262991b..4b506c1db373 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -652,6 +652,14 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
@@ -696,6 +696,22 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
}
#endif /* CONFIG_FILS */
@ -72,38 +73,45 @@ index c56077001..c64ca6688 100644
+ wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
+ "4-way handshake offloading for WPA/WPA2-PSK");
+ sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
+ sm->Pair = TRUE;
+ sm->Pair = true;
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_authorized, 1);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_portValid, 1);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_keyAvailable, 0);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_keyDone, 1);
+ return 0;
+ }
+
if (sm->started) {
os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
sm->ReAuthenticationRequest = TRUE;
sm->ReAuthenticationRequest = true;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index a348bc25a..82cb3f7ae 100644
index fe47723b9e6b..d610c14804a2 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -232,6 +232,7 @@ struct wpa_auth_config {
unsigned int fils_cache_id_set:1;
u8 fils_cache_id[FILS_CACHE_ID_LEN];
#endif /* CONFIG_FILS */
@@ -273,6 +273,7 @@ struct wpa_auth_config {
* PTK derivation regardless of advertised capabilities.
*/
bool force_kdk_derivation;
+ int psk_4way_hs_offload;
};
typedef enum {
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 0800a8748..8d81fd785 100644
index 3e992155395e..26de12b5b775 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1305,6 +1305,8 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
_conf.tx_status = 1;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
_conf.ap_mlme = 1;
+ if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)
@@ -1528,6 +1528,10 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
_conf.prot_range_neg =
!!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG);
+ if (!hapd->conf->p2p &&
+ (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK))
+ _conf.psk_4way_hs_offload = 1;
+
hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
if (hapd->wpa_auth == NULL) {
wpa_printf(MSG_ERROR, "WPA initialization failed.");
--
2.17.1

110
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch
View File

@ -1,110 +0,0 @@
From ae98c14eb1e78ffaf2321e050a593f18ca67dae2 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:00:51 -0600
Subject: [PATCH 09/20] non-upstream: Sync nl80211.h for PSK 4-way HS offload
support in AP mode
This brings in nl80211 definition for WPA/WPA2-PSK 4-way handshake
offload support in AP mode.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/drivers/nl80211_copy.h | 51 +++++++++++++++++++++++++-------------
1 file changed, 34 insertions(+), 17 deletions(-)
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index beee59c83..1224f81c3 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -183,18 +183,27 @@
*
* By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers
* can indicate they support offloading EAPOL handshakes for WPA/WPA2
- * preshared key authentication. In %NL80211_CMD_CONNECT the preshared
- * key should be specified using %NL80211_ATTR_PMK. Drivers supporting
- * this offload may reject the %NL80211_CMD_CONNECT when no preshared
- * key material is provided, for example when that driver does not
- * support setting the temporal keys through %CMD_NEW_KEY.
+ * preshared key authentication in station mode. In %NL80211_CMD_CONNECT
+ * the preshared key should be specified using %NL80211_ATTR_PMK. Drivers
+ * supporting this offload may reject the %NL80211_CMD_CONNECT when no
+ * preshared key material is provided, for example when that driver does
+ * not support setting the temporal keys through %NL80211_CMD_NEW_KEY.
*
* Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be
* set by drivers indicating offload support of the PTK/GTK EAPOL
- * handshakes during 802.1X authentication. In order to use the offload
- * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS
- * attribute flag. Drivers supporting this offload may reject the
- * %NL80211_CMD_CONNECT when the attribute flag is not present.
+ * handshakes during 802.1X authentication in station mode. In order to
+ * use the offload the %NL80211_CMD_CONNECT should have
+ * %NL80211_ATTR_WANT_1X_4WAY_HS attribute flag. Drivers supporting this
+ * offload may reject the %NL80211_CMD_CONNECT when the attribute flag is
+ * not present.
+ *
+ * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK flag drivers
+ * can indicate they support offloading EAPOL handshakes for WPA/WPA2
+ * preshared key authentication in AP mode. In %NL80211_CMD_START_AP
+ * the preshared key should be specified using %NL80211_ATTR_PMK. Drivers
+ * supporting this offload may reject the %NL80211_CMD_START_AP when no
+ * preshared key material is provided, for example when that driver does
+ * not support setting the temporal keys through %NL80211_CMD_NEW_KEY.
*
* For 802.1X the PMK or PMK-R0 are set by providing %NL80211_ATTR_PMK
* using %NL80211_CMD_SET_PMK. For offloaded FT support also
@@ -243,9 +252,10 @@
* DOC: SAE authentication offload
*
* By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
- * support offloading SAE authentication for WPA3-Personal networks. In
- * %NL80211_CMD_CONNECT the password for SAE should be specified using
- * %NL80211_ATTR_SAE_PASSWORD.
+ * support offloading SAE authentication for WPA3-Personal networks. The
+ * password for SAE should be specified using %NL80211_ATTR_SAE_PASSWORD in
+ * %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP for station and AP mode
+ * respectively.
*/
/**
@@ -2285,10 +2295,11 @@ enum nl80211_commands {
*
* @NL80211_ATTR_PMK: attribute for passing PMK key material. Used with
* %NL80211_CMD_SET_PMKSA for the PMKSA identified by %NL80211_ATTR_PMKID.
- * For %NL80211_CMD_CONNECT it is used to provide PSK for offloading 4-way
- * handshake for WPA/WPA2-PSK networks. For 802.1X authentication it is
- * used with %NL80211_CMD_SET_PMK. For offloaded FT support this attribute
- * specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME is included as well.
+ * For %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP it is used to provide
+ * PSK for offloading 4-way handshake for WPA/WPA2-PSK networks. For 802.1X
+ * authentication it is used with %NL80211_CMD_SET_PMK. For offloaded FT
+ * support this attribute specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME
+ * is included as well.
*
* @NL80211_ATTR_SCHED_SCAN_MULTI: flag attribute which user-space shall use to
* indicate that it supports multiple active scheduled scan requests.
@@ -5482,7 +5493,12 @@ enum nl80211_feature_flags {
* to a station.
*
* @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in
- * station mode (SAE password is passed as part of the connect command).
+ * station mode (SAE password is passed as part of the connect command)
+ * or AP mode (SAE password is passed as part of the start AP command).
+ *
+ * @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK: Device wants to do 4-way
+ * handshake with PSK in AP mode (PSK is passed as part of the start AP
+ * command).
*
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
@@ -5529,6 +5545,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_EXT_KEY_ID,
NL80211_EXT_FEATURE_STA_TX_PWR,
NL80211_EXT_FEATURE_SAE_OFFLOAD,
+ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
--
2.17.1

109
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0010-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch Normal file
View File

@ -0,0 +1,109 @@
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:05:16 -0600
Subject: [PATCH] nl80211: Support SAE authentication offload in AP mode
If driver advertises support for SAE authentication offload, pass SAE
password in NL80211_CMD_NEW_BEACON command for AP mode.
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/drivers/driver.h | 12 +++++++++++-
src/drivers/driver_nl80211.c | 28 +++++++++++++++++++++++++++-
src/drivers/driver_nl80211_capa.c | 4 ++++
3 files changed, 42 insertions(+), 2 deletions(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index a42ec5e1fac5..45260e8c5e30 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1611,6 +1611,14 @@ struct wpa_driver_ap_params {
* should be prepared to handle %NULL value as an error.
*/
const u8 *psk;
+
+ /**
+ * sae_password - Password for SAE authentication
+ *
+ * This value is made available only for WPA3-Personal (SAE) and only
+ * for drivers that set WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP.
+ */
+ const char *sae_password;
};
struct wpa_driver_mesh_bss_params {
@@ -2057,10 +2065,12 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS2_OCV 0x0000000000000080ULL
/** Driver expects user space implementation of SME in AP mode */
#define WPA_DRIVER_FLAGS2_AP_SME 0x0000000000000100ULL
-/** Driver supports SAE authentication offload */
+/** Driver supports SAE authentication offload in station mode */
#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD 0x0000000000000200ULL
/** Driver supports 4-way handshake offload for WPA-Personal in AP mode */
#define WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK 0x0000000000000400ULL
+/** Driver supports SAE authentication offload in AP mode */
+#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP 0x0000000000000800ULL
u64 flags2;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index f228a071596f..b6afc6e7aa61 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -4630,8 +4630,13 @@ static int wpa_driver_nl80211_set_ap(void *priv,
ver = 0;
if (params->wpa_version & WPA_PROTO_WPA)
ver |= NL80211_WPA_VERSION_1;
- if (params->wpa_version & WPA_PROTO_RSN)
+ if (params->wpa_version & WPA_PROTO_RSN) {
ver |= NL80211_WPA_VERSION_2;
+#ifdef CONFIG_SAE
+ if (params->key_mgmt_suites & WPA_KEY_MGMT_SAE)
+ ver |= NL80211_WPA_VERSION_3;
+#endif /* CONFIG_SAE */
+ }
if (ver &&
nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
goto fail;
@@ -4685,6 +4690,27 @@ static int wpa_driver_nl80211_set_ap(void *priv,
goto fail;
}
+#ifdef CONFIG_SAE
+ /* Add SAE password in case of SAE authentication offload */
+ if ((params->sae_password || params->passphrase) &&
+ (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) &&
+ (drv->capa.flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP)) {
+ const char *password;
+ size_t pwd_len;
+
+ if (params->sae_password)
+ password = params->sae_password;
+ else
+ password = params->passphrase;
+
+ pwd_len = os_strlen(password);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "nl80211: SAE password",
+ (u8 *) password, pwd_len);
+ if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
+ goto fail;
+ }
+#endif /* CONFIG_SAE */
+
if (params->beacon_ies) {
wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
params->beacon_ies);
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index dc4988c7c383..ae6029a922b8 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -602,6 +602,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
NL80211_EXT_FEATURE_SAE_OFFLOAD))
capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD;
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
+ capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP;
+
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_MFP_OPTIONAL))
capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;

41
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch → meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0011-SAE-Support-SAE-authentication-offload-in-AP-mode.patch
View File

@ -1,29 +1,28 @@
From e03270a1aec0a480c3803b7b560bb199443172df Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:06:20 -0600
Subject: [PATCH 13/20] SAE: Support SAE authentication offload in AP mode
Subject: [PATCH] SAE: Support SAE authentication offload in AP mode
Add support for SAE authentication offload in AP mode. In this case, the
SAE authentication process is handled by driver instead of user space.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/ap/beacon.c | 11 +++++++++++
src/ap/wpa_auth.h | 3 +++
src/ap/wpa_auth_glue.c | 4 ++++
src/ap/wpa_auth_glue.c | 5 +++++
src/ap/wpa_auth_ie.c | 4 +++-
4 files changed, 21 insertions(+), 1 deletion(-)
4 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 73b231ab1..ff179f559 100644
index 583b6836ec33..e2d7c697014d 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1386,6 +1386,17 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
@@ -1763,6 +1763,17 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
params->psk = hapd->conf->ssid.wpa_psk->psk;
}
+#ifdef CONFIG_SAE
+ if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD) &&
+ if ((hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP) &&
+ (params->key_mgmt_suites & WPA_KEY_MGMT_SAE)) {
+ params->auth_algs |= WPA_AUTH_ALG_SAE;
+ if (hapd->conf->sae_passwords)
@ -37,12 +36,12 @@ index 73b231ab1..ff179f559 100644
}
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 82cb3f7ae..64eec2762 100644
index d610c14804a2..140147e79f31 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -233,6 +233,9 @@ struct wpa_auth_config {
u8 fils_cache_id[FILS_CACHE_ID_LEN];
#endif /* CONFIG_FILS */
@@ -274,6 +274,9 @@ struct wpa_auth_config {
*/
bool force_kdk_derivation;
int psk_4way_hs_offload;
+#ifdef CONFIG_SAE
+ int sae_offload;
@ -51,25 +50,26 @@ index 82cb3f7ae..64eec2762 100644
typedef enum {
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 8d81fd785..d3eb7b49a 100644
index 26de12b5b775..c8dee2aef347 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1307,6 +1307,10 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
_conf.ap_mlme = 1;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)
@@ -1532,6 +1532,11 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK))
_conf.psk_4way_hs_offload = 1;
+#ifdef CONFIG_SAE
+ if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)
+ if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP)
+ _conf.sae_offload = 1;
+#endif /* CONFIG_SAE */
+
hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
if (hapd->wpa_auth == NULL) {
wpa_printf(MSG_ERROR, "WPA initialization failed.");
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 2e5c9160d..527fbba72 100644
index 524922e4e686..30de0c19c9f3 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -916,7 +916,9 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
@@ -977,7 +977,9 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
}
#ifdef CONFIG_SAE
@ -80,6 +80,3 @@ index 2e5c9160d..527fbba72 100644
!sm->pmksa) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
"No PMKSA cache entry found for SAE");
--
2.17.1

13
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch → meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0012-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch
View File

@ -1,22 +1,22 @@
From 46f5b7c2fae8fbc0d49d34a38aaa6136cb4c99d8 Mon Sep 17 00:00:00 2001
From: Kurt Lee <kurt.lee@cypress.com>
Date: Mon, 18 May 2020 08:36:59 -0500
Subject: [PATCH 16/20] DPP: Do more condition test for AKM type DPP offload.
Subject: [PATCH] DPP: Do more condition test for AKM type DPP offload.
If supplicant recieves eapol frame with driver declared
WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK, supplicant will check AKM type
and process 4-way handshake if AKM type is not PSK.
Signed-off-by: Kurt Lee <kurt.lee@cypress.com>
Signed-off-by: Kurt Lee <kurt.lee@infineon.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
wpa_supplicant/wpa_supplicant.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 2f91e1f0c..40c77627e 100644
index a0fb73f43ab3..f00dd57da3c1 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -4313,7 +4313,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
@@ -5140,7 +5140,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
return;
wpa_drv_poll(wpa_s);
@ -26,6 +26,3 @@ index 2f91e1f0c..40c77627e 100644
wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
/*
--
2.17.1

94
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch
View File

@ -1,94 +0,0 @@
From e0162995700e44d7ec210f6ef2a5843286b06d02 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:05:16 -0600
Subject: [PATCH 12/20] nl80211: Support SAE authentication offload in AP mode
If driver advertises support for SAE authentication offload, pass SAE
password in NL80211_CMD_NEW_BEACON command for AP mode.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/drivers/driver.h | 8 ++++++++
src/drivers/driver_nl80211.c | 32 +++++++++++++++++++++++++++++++-
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 462e6f677..1159bc296 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1471,6 +1471,14 @@ struct wpa_driver_ap_params {
* should be prepared to handle %NULL value as an error.
*/
const u8 *psk;
+
+ /**
+ * sae_password - Password for SAE authentication
+ *
+ * This value is made available only for WPA3-Personal (SAE) and only
+ * for drivers that set WPA_DRIVER_FLAGS_SAE_OFFLOAD.
+ */
+ const char *sae_password;
};
struct wpa_driver_mesh_bss_params {
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 4679c43d9..e94d084fc 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -4142,8 +4142,13 @@ static int wpa_driver_nl80211_set_ap(void *priv,
ver = 0;
if (params->wpa_version & WPA_PROTO_WPA)
ver |= NL80211_WPA_VERSION_1;
- if (params->wpa_version & WPA_PROTO_RSN)
+ if (params->wpa_version & WPA_PROTO_RSN) {
ver |= NL80211_WPA_VERSION_2;
+#ifdef CONFIG_SAE
+ if (params->key_mgmt_suites & WPA_KEY_MGMT_SAE)
+ ver |= NL80211_WPA_VERSION_3;
+#endif /* CONFIG_SAE */
+ }
if (ver &&
nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
goto fail;
@@ -4155,6 +4160,10 @@ static int wpa_driver_nl80211_set_ap(void *priv,
suites[num_suites++] = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
suites[num_suites++] = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
+#ifdef CONFIG_SAE
+ if (params->key_mgmt_suites & WPA_KEY_MGMT_SAE)
+ suites[num_suites++] = RSN_AUTH_KEY_MGMT_SAE;
+#endif /* CONFIG_SAE */
if (num_suites &&
nla_put(msg, NL80211_ATTR_AKM_SUITES, num_suites * sizeof(u32),
suites))
@@ -4196,6 +4205,27 @@ static int wpa_driver_nl80211_set_ap(void *priv,
goto fail;
}
+#ifdef CONFIG_SAE
+ /* Add SAE password in case of SAE authentication offload */
+ if ((params->sae_password || params->passphrase) &&
+ (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) &&
+ (drv->capa.flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)) {
+ const char *password;
+ size_t pwd_len;
+
+ if (params->sae_password)
+ password = params->sae_password;
+ else
+ password = params->passphrase;
+
+ pwd_len = os_strlen(password);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "nl80211: SAE password",
+ (u8 *) password, pwd_len);
+ if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
+ goto fail;
+ }
+#endif /* CONFIG_SAE */
+
if (params->ht_opmode != -1) {
switch (params->smps_mode) {
case HT_CAP_INFO_SMPS_DYNAMIC:
--
2.17.1

658
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0013-non-upstream-defconfig_base-Add-Infineon-default-con.patch Normal file
View File

@ -0,0 +1,658 @@
From: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
Date: Mon, 2 Aug 2021 14:15:06 -0500
Subject: [PATCH] non-upstream: defconfig_base: Add Infineon default
configuration (first)
Add Infineon default configuration files (defconfig_base).
First part: changes not touching 'hostapd' directory.
Signed-off-by: Kurt Lee <kurt.lee@infineon.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
---
wpa_supplicant/defconfig_base | 635 ++++++++++++++++++++++++++++++++++
1 file changed, 635 insertions(+)
create mode 100644 wpa_supplicant/defconfig_base
diff --git a/wpa_supplicant/defconfig_base b/wpa_supplicant/defconfig_base
new file mode 100644
index 000000000000..15daf0ad2245
--- /dev/null
+++ b/wpa_supplicant/defconfig_base
@@ -0,0 +1,635 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# wpa_supplicant binary. All lines starting with # are ignored. Configuration
+# option lines must be commented out complete, if they are not to be included,
+# i.e., just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for MACsec capable Qualcomm Atheros drivers
+#CONFIG_DRIVER_MACSEC_QCA=y
+
+# Driver interface for Linux MACsec drivers
+#CONFIG_DRIVER_MACSEC_LINUX=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
+# MACsec is included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+#CONFIG_EAP_FAST=y
+
+# EAP-TEAP
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+#CONFIG_EAP_SIM=y
+
+# Enable SIM simulator (Milenage) for EAP-SIM
+#CONFIG_SIM_SIMULATOR=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+#CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# MACsec
+#CONFIG_MACSEC=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+#CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+#CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+#CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+CONFIG_SAE=y
+
+# Disable scan result processing (ap_scan=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+# path is given on command line, not here; this option is just used to
+# select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+#CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for new DBus control interface
+# (fi.w1.wpa_supplicant1)
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
+CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+#CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+#CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+#CONFIG_GETRANDOM=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+CONFIG_IEEE80211AC=y
+
+# IEEE 802.11ax HE support (mainly for AP mode)
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11ax version.
+CONFIG_IEEE80211AX=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+#CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Display
+# This can be used to enable Wi-Fi Display extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Support RSN on IBSS networks
+# This is needed to be able to use mode=1 network profile with proto=RSN and
+# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
+#CONFIG_IBSS_RSN=y
+
+# External PMKSA cache control
+# This can be used to enable control interface commands that allow the current
+# PMKSA cache entries to be fetched and new entries to be added.
+#CONFIG_PMKSA_CACHE_EXTERNAL=y
+
+# Mesh Networking (IEEE 802.11s)
+#CONFIG_MESH=y
+
+# Background scanning modules
+# These can be used to request wpa_supplicant to perform background scanning
+# operations for roaming within an ESS (same SSID). See the bgscan parameter in
+# the wpa_supplicant.conf file for more details.
+# Periodic background scans based on signal strength
+#CONFIG_BGSCAN_SIMPLE=y
+# Learn channels used by the network and try to avoid bgscans on other
+# channels (experimental)
+#CONFIG_BGSCAN_LEARN=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Device Provisioning Protocol (DPP)
+CONFIG_DPP=y
+
+# Wired equivalent privacy (WEP)
+# WEP is an obsolete cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used for anything anymore. The
+# functionality needed to use WEP is available in the current wpa_supplicant
+# release under this optional build parameter. This functionality is subject to
+# be completely removed in a future release.
+#CONFIG_WEP=y
+
+# Remove all TKIP functionality
+# TKIP is an old cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used anymore for anything else than a
+# backwards compatibility option as a group cipher when connecting to APs that
+# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes
+# support for this by default, but that functionality is subject to be removed
+# in the future.
+#CONFIG_NO_TKIP=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+CONFIG_TESTING_OPTIONS=y

33
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch
View File

@ -1,33 +0,0 @@
From 17d64099a48c32e480c72f553215f7dbba30b753 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Sun, 22 Dec 2019 20:21:54 -0600
Subject: [PATCH 14/20] P2P: Fix P2P authentication failure due to AP-mode
4-way handshake offload
Commit 6df8c5e8669d ("AP: Support 4-way handshake offload for
WPA/WPA2-PSK") offloaded the 4-way handshake in AP mode. P2P GO may not
support it so do not set the offload indication for the case.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/ap/wpa_auth_glue.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index d3eb7b49a..ec883bdf2 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1305,7 +1305,8 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
_conf.tx_status = 1;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
_conf.ap_mlme = 1;
- if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)
+ if (!hapd->conf->p2p &&
+ (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK))
_conf.psk_4way_hs_offload = 1;
#ifdef CONFIG_SAE
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)
--
2.17.1

426
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0014-non-upstream-defconfig_base-Add-Infineon-default-con.patch Normal file
View File

@ -0,0 +1,426 @@
From: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
Date: Mon, 2 Aug 2021 14:15:06 -0500
Subject: [PATCH] non-upstream: defconfig_base: Add Infineon default
configuration (second)
Add Infineon default configuration files (defconfig_base).
Second part: changes to 'hostapd' directory.
Signed-off-by: Kurt Lee <kurt.lee@infineon.com>
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
---
hostapd/defconfig_base | 403 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 403 insertions(+)
create mode 100644 hostapd/defconfig_base
diff --git a/hostapd/defconfig_base b/hostapd/defconfig_base
new file mode 100644
index 000000000000..9dcf7848df92
--- /dev/null
+++ b/hostapd/defconfig_base
@@ -0,0 +1,403 @@
+# Example hostapd build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cass, these lines should use += in order not
+# to override previous values of the variables.
+
+# Driver interface for Host AP driver
+CONFIG_DRIVER_HOSTAP=y
+
+# Driver interface for wired authenticator
+#CONFIG_DRIVER_WIRED=y
+
+# Driver interface for drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for no driver (e.g., RADIUS server only)
+#CONFIG_DRIVER_NONE=y
+
+# WPA2/IEEE 802.11i RSN pre-authentication
+CONFIG_RSN_PREAUTH=y
+
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
+# Integrated EAP server
+CONFIG_EAP=y
+
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+CONFIG_ERP=y
+
+# EAP-MD5 for the integrated EAP server
+CONFIG_EAP_MD5=y
+
+# EAP-TLS for the integrated EAP server
+CONFIG_EAP_TLS=y
+
+# EAP-MSCHAPv2 for the integrated EAP server
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-PEAP for the integrated EAP server
+CONFIG_EAP_PEAP=y
+
+# EAP-GTC for the integrated EAP server
+CONFIG_EAP_GTC=y
+
+# EAP-TTLS for the integrated EAP server
+CONFIG_EAP_TTLS=y
+
+# EAP-SIM for the integrated EAP server
+#CONFIG_EAP_SIM=y
+
+# EAP-AKA for the integrated EAP server
+#CONFIG_EAP_AKA=y
+
+# EAP-AKA' for the integrated EAP server
+# This requires CONFIG_EAP_AKA to be enabled, too.
+#CONFIG_EAP_AKA_PRIME=y
+
+# EAP-PAX for the integrated EAP server
+#CONFIG_EAP_PAX=y
+
+# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
+#CONFIG_EAP_PSK=y
+
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-SAKE for the integrated EAP server
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK for the integrated EAP server
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-FAST for the integrated EAP server
+#CONFIG_EAP_FAST=y
+
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable UPnP support for external WPS Registrars
+#CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# Trusted Network Connect (EAP-TNC)
+#CONFIG_EAP_TNC=y
+
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# RADIUS authentication server. This provides access to the integrated EAP
+# server from external hosts using RADIUS.
+#CONFIG_RADIUS_SERVER=y
+
+# Build IPv6 support for RADIUS operations
+CONFIG_IPV6=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+CONFIG_IEEE80211R=y
+
+# Use the hostapd's IEEE 802.11 authentication (ACL), but without
+# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
+#CONFIG_DRIVER_RADIUS_ACL=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
+# IEEE 802.11ax HE support
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11ax version.
+CONFIG_IEEE80211AX=y
+
+# Remove debugging code that is printing out debug messages to stdout.
+# This can be used to reduce the size of the hostapd considerably if debugging
+# code is not needed.
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+#CONFIG_DEBUG_SYSLOG=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+#CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+#CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+#CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+#CONFIG_GETRANDOM=y
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+#CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=openssl
+CONFIG_TLS_ADD_DL=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# Select which ciphers to use by default with OpenSSL if the user does not
+# specify them.
+#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
+#CONFIG_ACS=y
+
+# Multiband Operation support
+# These extensions facilitate efficient use of multiple frequency bands
+# available to the AP and the devices that may associate with it.
+#CONFIG_MBO=y
+
+# Client Taxonomy
+# Has the AP retain the Probe Request and (Re)Association Request frames from
+# a client, from which a signature can be produced which can identify the model
+# of client device like "Nexus 6P" or "iPhone 5s".
+#CONFIG_TAXONOMY=y
+
+# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
+#CONFIG_FILS=y
+# FILS shared key authentication with PFS
+#CONFIG_FILS_SK_PFS=y
+
+# Include internal line edit mode in hostapd_cli. This can be used to provide
+# limited command line editing and history support.
+#CONFIG_WPA_CLI_EDIT=y
+
+# Opportunistic Wireless Encryption (OWE)
+# Experimental implementation of draft-harkins-owe-07.txt
+#CONFIG_OWE=y
+
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
+# Override default value for the wpa_disable_eapol_key_retries configuration
+# parameter. See that parameter in hostapd.conf for more details.
+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
+
+# Wired equivalent privacy (WEP)
+# WEP is an obsolete cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used for anything anymore. The
+# functionality needed to use WEP is available in the current hostapd
+# release under this optional build parameter. This functionality is subject to
+# be completely removed in a future release.
+#CONFIG_WEP=y
+
+# Remove all TKIP functionality
+# TKIP is an old cryptographic data confidentiality algorithm that is not
+# considered secure. It should not be used anymore. For now, the default hostapd
+# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but
+# that functionality is subject to be removed in the future.
+#CONFIG_NO_TKIP=y
+
+# Simultaneous Authentication of Equals (SAE), WPA3-Personal
+CONFIG_SAE=y
+
+# Device Provisioning Protocol (DPP)
+CONFIG_DPP=y

75
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0015-AP-Silently-ignore-management-frame-from-unexpected-.patch
View File

@ -1,75 +0,0 @@
From a66cb7d9dede4dfccf0d1c2c70ee6837d5571aac Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH 15/20] AP: Silently ignore management frame from unexpected
source address
commit d86d66dc073bc21d3b12faf4112062ae00c1773f master.
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 31587685f..34ca379ed 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db4..e7065372e 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
--
2.17.1

112
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0015-Add-CONFIG_WPA3_SAE_AUTH_EARLY_SET-flags-and-codes-f.patch Normal file
View File

@ -0,0 +1,112 @@
From: Danny Chiu <Danny.Chiu@infineon.com>
Date: Thu, 4 Nov 2021 02:44:17 -0500
Subject: [PATCH] Add CONFIG_WPA3_SAE_AUTH_EARLY_SET flags and codes (first)
Enable this flags allow the AP to set authorization to firmware earier as the SAE confirm from is ok.
First part: changes not touching 'hostapd' directory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
---
src/ap/ieee802_11.c | 11 +++++++++++
wpa_supplicant/Android.mk | 4 ++++
wpa_supplicant/Makefile | 4 ++++
wpa_supplicant/android.config | 3 +++
wpa_supplicant/defconfig_base | 3 +++
5 files changed, 25 insertions(+)
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index db41049287fc..3b735c09fa2d 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -87,6 +87,10 @@ static void handle_auth(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
int rssi, int from_queue);
+#ifdef CONFIG_WPA3_SAE_AUTH_EARLY_SET
+static void sae_sme_send_external_auth_status(struct hostapd_data *hapd,
+ struct sta_info *sta, u16 status);
+#endif /* CONFIG_WPA3_SAE_AUTH_EARLY_SET */
u8 * hostapd_eid_multi_ap(struct hostapd_data *hapd, u8 *eid)
{
@@ -677,6 +681,11 @@ static int auth_sae_send_confirm(struct hostapd_data *hapd,
if (data == NULL)
return WLAN_STATUS_UNSPECIFIED_FAILURE;
+#ifdef CONFIG_WPA3_SAE_AUTH_EARLY_SET
+ wpa_printf(MSG_DEBUG, "\nCalling sae_sme_send_external_auth_status\n");
+ sae_sme_send_external_auth_status(hapd, sta, WLAN_STATUS_SUCCESS);
+#endif /* CONFIG_WPA3_SAE_AUTH_EARLY_SET */
+
reply_res = send_auth_reply(hapd, sta, sta->addr, bssid,
WLAN_AUTH_SAE, 2,
WLAN_STATUS_SUCCESS, wpabuf_head(data),
@@ -973,7 +982,9 @@ void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
sta->sae->peer_commit_scalar = NULL;
wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
sta->sae->pmk, sta->sae->pmkid);
+#ifndef CONFIG_WPA3_SAE_AUTH_EARLY_SET
sae_sme_send_external_auth_status(hapd, sta, WLAN_STATUS_SUCCESS);
+#endif /* CONFIG_WPA3_SAE_AUTH_EARLY_SET */
}
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 7e597f396a07..892cb7507137 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -255,6 +255,10 @@ NEED_DH_GROUPS_ALL=y
endif
endif
+ifdef CONFIG_WPA3_SAE_AUTH_EARLY_SET
+L_CFLAGS += -DCONFIG_WPA3_SAE_AUTH_EARLY_SET
+endif
+
ifdef CONFIG_DPP
L_CFLAGS += -DCONFIG_DPP
OBJS += src/common/dpp.c
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index cb66defac7c8..66aedaff7c34 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -254,6 +254,10 @@ OBJS += mesh_mpm.o
OBJS += mesh_rsn.o
endif
+ifdef CONFIG_WPA3_SAE_AUTH_EARLY_SET
+CFLAGS += -DCONFIG_WPA3_SAE_AUTH_EARLY_SET
+endif
+
ifdef CONFIG_SAE
CFLAGS += -DCONFIG_SAE
OBJS += ../src/common/sae.o
diff --git a/wpa_supplicant/android.config b/wpa_supplicant/android.config
index 283f8eb0a995..3c28f80c9c25 100644
--- a/wpa_supplicant/android.config
+++ b/wpa_supplicant/android.config
@@ -534,6 +534,9 @@ CONFIG_WIFI_DISPLAY=y
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
+# Set SAE Auth status early
+CONFIG_WPA3_SAE_AUTH_EARLY_SET=y
+
# Wired equivalent privacy (WEP)
# WEP is an obsolete cryptographic data confidentiality algorithm that is not
# considered secure. It should not be used for anything anymore. The
diff --git a/wpa_supplicant/defconfig_base b/wpa_supplicant/defconfig_base
index 15daf0ad2245..99c74853d404 100644
--- a/wpa_supplicant/defconfig_base
+++ b/wpa_supplicant/defconfig_base
@@ -248,6 +248,9 @@ CONFIG_CTRL_IFACE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
CONFIG_SAE=y
+# Set SAE Auth status early
+CONFIG_WPA3_SAE_AUTH_EARLY_SET=y
+
# Disable scan result processing (ap_scan=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y

70
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0016-Add-CONFIG_WPA3_SAE_AUTH_EARLY_SET-flags-and-codes-s.patch Normal file
View File

@ -0,0 +1,70 @@
From: Danny Chiu <Danny.Chiu@infineon.com>
Date: Thu, 4 Nov 2021 02:44:17 -0500
Subject: [PATCH] Add CONFIG_WPA3_SAE_AUTH_EARLY_SET flags and codes (second)
Enable this flags allow the AP to set authorization to firmware earier as the SAE confirm from is ok.
Second part: changes to 'hostapd' directory.
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
---
hostapd/Android.mk | 4 ++++
hostapd/Makefile | 4 ++++
hostapd/android.config | 3 +++
hostapd/defconfig_base | 3 +++
4 files changed, 14 insertions(+)
diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index bf26e41c6b23..997e9a44737b 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -264,6 +264,10 @@ NEED_HMAC_SHA256_KDF=y
NEED_DRAGONFLY=y
endif
+ifdef CONFIG_WPA3_SAE_AUTH_EARLY_SET
+L_CFLAGS += -DCONFIG_WPA3_SAE_AUTH_EARLY_SET
+endif
+
ifdef CONFIG_OWE
L_CFLAGS += -DCONFIG_OWE
NEED_ECC=y
diff --git a/hostapd/Makefile b/hostapd/Makefile
index e37c13b27a6e..c65a51227838 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -290,6 +290,10 @@ CFLAGS += -DCONFIG_ETH_P_OUI
OBJS += ../src/ap/eth_p_oui.o
endif
+ifdef CONFIG_WPA3_SAE_AUTH_EARLY_SET
+CFLAGS += -DCONFIG_WPA3_SAE_AUTH_EARLY_SET
+endif
+
ifdef CONFIG_SAE
CFLAGS += -DCONFIG_SAE
OBJS += ../src/common/sae.o
diff --git a/hostapd/android.config b/hostapd/android.config
index c8b3afabef8d..3664f1773a0e 100644
--- a/hostapd/android.config
+++ b/hostapd/android.config
@@ -212,3 +212,6 @@ CONFIG_NO_RANDOM_POOL=y
# release under this optional build parameter. This functionality is subject to
# be completely removed in a future release.
CONFIG_WEP=y
+
+# Set SAE Auth status early
+CONFIG_WPA3_SAE_AUTH_EARLY_SET=y
diff --git a/hostapd/defconfig_base b/hostapd/defconfig_base
index 9dcf7848df92..dafcf0f6cc5b 100644
--- a/hostapd/defconfig_base
+++ b/hostapd/defconfig_base
@@ -399,5 +399,8 @@ CONFIG_TESTING_OPTIONS=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
CONFIG_SAE=y
+# Set SAE Auth status early
+CONFIG_WPA3_SAE_AUTH_EARLY_SET=y
+
# Device Provisioning Protocol (DPP)
CONFIG_DPP=y

25
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0017-SAE-Set-the-right-WPA-Versions-for-FT-SAE-key-manage.patch Normal file
View File

@ -0,0 +1,25 @@
From: Darren Li <hsil@cypress.com>
Date: Fri, 26 Nov 2021 02:09:03 -0600
Subject: [PATCH] SAE: Set the right WPA Versions for FT-SAE key management
Set the right WPA Versions for FT-SAE key management
Signed-off-by: Darren Li Darren.Li@infineon.com
---
src/drivers/driver_nl80211.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index b6afc6e7aa61..341c753b3e83 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -6208,7 +6208,8 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
if (params->wpa_proto & WPA_PROTO_WPA)
ver |= NL80211_WPA_VERSION_1;
if (params->wpa_proto & WPA_PROTO_RSN) {
- if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE)
+ if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
+ params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)
ver |= NL80211_WPA_VERSION_3;
else
ver |= NL80211_WPA_VERSION_2;

30
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0017-hostapd-Fix-PMF-connection-issue.patch
View File

@ -1,30 +0,0 @@
From 7131adafd30b06066d51e0af10249d2236c40a13 Mon Sep 17 00:00:00 2001
From: Ryohei Kondo <ryohei.kondo@cypress.com>
Date: Mon, 7 Sep 2020 13:05:16 +0900
Subject: [PATCH 17/20] hostapd: Fix PMF connection issue
STA with MFPR:False MFPC:True cannot connect with SoftAP configured with hostapd.
Change to allow wpa_key_mgmt=WPA-PSK-SHA256 to fix the issue.
Signed-off-by: Ryohei Kondo <ryohei.kondo@cypress.com>
---
src/ap/beacon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index ff179f559..c114537e5 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1379,7 +1379,7 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
}
if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) &&
- (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)) {
+ (params->key_mgmt_suites & (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_PSK_SHA256))) {
if (hapd->conf->ssid.wpa_passphrase)
params->passphrase = hapd->conf->ssid.wpa_passphrase;
if (hapd->conf->ssid.wpa_psk->psk)
--
2.17.1

36
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch
View File

@ -1,36 +0,0 @@
From 71d764047bfc8c858fef6cc664458a33ccd93c6a Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Wed, 16 Dec 2020 01:57:36 -0600
Subject: [PATCH 18/20] AP: Set Authenticator state properly for PSK 4-way
handshake offload
Setup Authenticator state machines to PTKINITDONE and configure state
variables properly while offloading 4-way handshake for WPA/WPA2-PSK.
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/ap/wpa_auth.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c64ca6688..9b9ae9f96 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -657,6 +657,14 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
"4-way handshake offloading for WPA/WPA2-PSK");
sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
sm->Pair = TRUE;
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_authorized, 1);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_portValid, 1);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_keyAvailable, 0);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_keyDone, 1);
return 0;
}
--
2.17.1

127
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0018-wpa_supplicant-Support-WPA_KEY_MGMT_FT-for-eapol-off.patch Normal file
View File

@ -0,0 +1,127 @@
From: Chien-Chia Chen <carella.chen@infineon.com>
Date: Tue, 23 Nov 2021 21:29:08 -0600
Subject: [PATCH] wpa_supplicant: Support WPA_KEY_MGMT_FT for eapol offloading
and driver base roaming
Add WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK / WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X /
WPA_DRIVER_FLAGS_ROAM_OFFLOAD for IEEE80211R support
Signed-off-by: Chien-Chia Chen<carella.chen@infineon.com>
---
src/drivers/driver.h | 2 ++
src/drivers/driver_nl80211.c | 3 ++-
src/drivers/driver_nl80211_capa.c | 4 ++++
src/drivers/nl80211_copy.h | 1 +
wpa_supplicant/events.c | 3 ++-
wpa_supplicant/wpa_supplicant.c | 5 ++++-
wpa_supplicant/wpas_glue.c | 6 ++++--
7 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 45260e8c5e30..fb3f8b4a866c 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -2071,6 +2071,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK 0x0000000000000400ULL
/** Driver supports SAE authentication offload in AP mode */
#define WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP 0x0000000000000800ULL
+/** Driver supports FT / OKC fast roaming */
+#define WPA_DRIVER_FLAGS_ROAM_OFFLOAD 0x0000000000001000ULL
u64 flags2;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 341c753b3e83..964486c11c1b 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3301,7 +3301,8 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
#endif /* CONFIG_DRIVER_NL80211_QCA */
if (key_flag & KEY_FLAG_PMK) {
- if (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)
+ if ((drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) ||
+ (drv->capa.flags2 & WPA_DRIVER_FLAGS_ROAM_OFFLOAD))
return nl80211_set_pmk(drv, key, key_len, addr);
/* The driver does not have any offload mechanism for PMK, so
* there is no need to configure this key. */
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index ae6029a922b8..d5cdafa9f061 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -606,6 +606,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
capa->flags2 |= WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP;
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_ROAM_OFFLOAD))
+ capa->flags2 |= WPA_DRIVER_FLAGS_ROAM_OFFLOAD;
+
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_MFP_OPTIONAL))
capa->flags |= WPA_DRIVER_FLAGS_MFP_OPTIONAL;
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index f962c06e9818..a3e889b35b36 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -6010,6 +6010,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_SAE_OFFLOAD_AP,
NL80211_EXT_FEATURE_FILS_DISCOVERY,
NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP,
+ NL80211_EXT_FEATURE_ROAM_OFFLOAD,
NL80211_EXT_FEATURE_BEACON_RATE_HE,
NL80211_EXT_FEATURE_SECURE_LTF,
NL80211_EXT_FEATURE_SECURE_RTT,
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index f55e1846e205..fe8dbd91d50a 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -3425,7 +3425,8 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
eapol_sm_notify_portValid(wpa_s->eapol, true);
eapol_sm_notify_eap_success(wpa_s->eapol, true);
- } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
+ } else if (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) ||
+ (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS_ROAM_OFFLOAD)) &&
wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
/*
* The driver will take care of RSN 4-way handshake, so we need
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index f00dd57da3c1..f238dadcf27f 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1543,7 +1543,10 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
#endif /* CONFIG_SAE */
#ifdef CONFIG_IEEE80211R
if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
- WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
+ WPA_DRIVER_FLAGS_UPDATE_FT_IES |
+ WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK |
+ WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) &&
+ !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS_ROAM_OFFLOAD))
sel &= ~WPA_KEY_MGMT_FT;
#endif /* CONFIG_IEEE80211R */
wpa_dbg(wpa_s, MSG_DEBUG,
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 0cffe52fa9be..816a884a8179 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -311,7 +311,8 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
}
if (result != EAPOL_SUPP_RESULT_SUCCESS ||
- !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))
+ (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
+ !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS_ROAM_OFFLOAD)))
return;
if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))
@@ -321,7 +322,8 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
"handshake");
pmk_len = PMK_LEN;
- if (sm->cur_pmksa) {
+ if (sm->cur_pmksa &&
+ wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) {
pmk_len = sm->pmk_len;
os_memcpy(pmk, sm->pmk, pmk_len);
} else {

150
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch
View File

@ -1,150 +0,0 @@
From d4a40e0f9a21ae728255eaf951817880a4eabab4 Mon Sep 17 00:00:00 2001
From: Kurt Lee <kurt.lee@cypress.com>
Date: Tue, 2 Feb 2021 21:39:27 -0600
Subject: [PATCH 19/20] defconfig: Set to Cypress default configuration
Change defconfig as Cypress default configuration
Signed-off-by: Kurt Lee <kurt.lee@cypress.com>
---
wpa_supplicant/defconfig | 40 +++++++++++++++++++++++++---------------
1 files changed, 41 insertions(+), 21 deletions(-)
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index cdfb1974d..48cbf03a0 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -109,7 +109,7 @@ CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
# EAP-FAST
-CONFIG_EAP_FAST=y
+#CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
@@ -137,10 +137,10 @@ CONFIG_EAP_OTP=y
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
-CONFIG_EAP_PWD=y
+#CONFIG_EAP_PWD=y
# EAP-PAX
-CONFIG_EAP_PAX=y
+#CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
@@ -156,15 +156,15 @@ CONFIG_EAP_LEAP=y
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
-CONFIG_EAP_SAKE=y
+#CONFIG_EAP_SAKE=y
# EAP-GPSK
-CONFIG_EAP_GPSK=y
+#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
-CONFIG_EAP_GPSK_SHA256=y
+#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
-CONFIG_EAP_TNC=y
+#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
@@ -177,7 +177,7 @@ CONFIG_WPS=y
#CONFIG_WPS_NFC=y
# EAP-IKEv2
-CONFIG_EAP_IKEV2=y
+#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
@@ -310,6 +310,9 @@ CONFIG_BACKEND=file
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
@@ -367,10 +370,10 @@ CONFIG_IEEE80211W=y
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
-CONFIG_CTRL_IFACE_DBUS_NEW=y
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
-CONFIG_CTRL_IFACE_DBUS_INTRO=y
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
@@ -400,7 +403,7 @@ CONFIG_IEEE80211R=y
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
+#CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
@@ -482,6 +485,12 @@ CONFIG_IEEE80211N=y
# (depends on CONFIG_IEEE80211N)
CONFIG_IEEE80211AC=y
+# IEEE 802.11ax HE support (mainly for AP mode)
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11ax version.
+CONFIG_IEEE80211AX=y
+
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
@@ -490,10 +499,10 @@ CONFIG_IEEE80211AC=y
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
-CONFIG_INTERWORKING=y
+#CONFIG_INTERWORKING=y
# Hotspot 2.0
-CONFIG_HS20=y
+#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
@@ -506,7 +515,7 @@ CONFIG_HS20=y
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
-CONFIG_AP=y
+#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
@@ -519,7 +528,7 @@ CONFIG_P2P=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
-CONFIG_WIFI_DISPLAY=y
+#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
@@ -613,3 +622,4 @@ CONFIG_BGSCAN_SIMPLE=y
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
CONFIG_DPP=y
+CONFIG_TESTING_OPTIONS=y
--
2.17.1

118
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0019-wpa_supplicant-suppress-deauth-for-PMKSA-caching-dis.patch Normal file
View File

@ -0,0 +1,118 @@
From: Darren Li <hsil@cypress.com>
Date: Tue, 22 Feb 2022 00:34:47 -0600
Subject: [PATCH] wpa_supplicant: suppress deauth for PMKSA caching disabled
wpa_supplicant: Need a command/parameter suppress deauth for PMKSA caching disabled
Signed-off-by: Darren Li <Darren.Li@infineon.com>
---
src/rsn_supp/wpa.c | 5 ++++-
src/rsn_supp/wpa.h | 1 +
src/rsn_supp/wpa_i.h | 1 +
wpa_supplicant/config.c | 1 +
wpa_supplicant/config_file.c | 1 +
wpa_supplicant/config_ssid.h | 7 +++++++
wpa_supplicant/wpas_glue.c | 1 +
7 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 0a2f87787504..a9f1fb916a8d 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -2898,7 +2898,9 @@ static void wpa_sm_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry,
if (deauth) {
sm->pmk_len = 0;
os_memset(sm->pmk, 0, sizeof(sm->pmk));
- wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
+ if (!sm->suppress_deauth_no_pmksa) {
+ wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
+ }
}
}
@@ -3234,6 +3236,7 @@ void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
}
#endif /* CONFIG_FILS */
sm->beacon_prot = config->beacon_prot;
+ sm->suppress_deauth_no_pmksa = config->suppress_deauth_no_pmksa;
} else {
sm->network_ctx = NULL;
sm->allowed_pairwise_cipher = 0;
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 41daaae2cf72..2cd1826e43e1 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -136,6 +136,7 @@ struct rsn_supp_config {
const u8 *fils_cache_id;
int beacon_prot;
bool force_kdk_derivation;
+ int suppress_deauth_no_pmksa;
};
#ifndef CONFIG_NO_WPA
diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
index 6cdce321da3b..3989c9ab3dc2 100644
--- a/src/rsn_supp/wpa_i.h
+++ b/src/rsn_supp/wpa_i.h
@@ -216,6 +216,7 @@ struct wpa_sm {
struct wpabuf *dpp_z;
int dpp_pfs;
#endif /* CONFIG_DPP2 */
+ int suppress_deauth_no_pmksa;
};
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index bf062b0792b7..737e46be50f2 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2639,6 +2639,7 @@ static const struct parse_data ssid_fields[] = {
{ INT_RANGE(beacon_prot, 0, 1) },
{ INT_RANGE(transition_disable, 0, 255) },
{ INT_RANGE(sae_pk, 0, 2) },
+ { INT_RANGE(suppress_deauth_no_pmksa, 0, 1) },
};
#undef OFFSET
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 6db5010db3a7..fe383564d5db 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -844,6 +844,7 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
INT(beacon_prot);
INT(transition_disable);
INT(sae_pk);
+ INT(suppress_deauth_no_pmksa);
#ifdef CONFIG_HT_OVERRIDES
INT_DEF(disable_ht, DEFAULT_DISABLE_HT);
INT_DEF(disable_ht40, DEFAULT_DISABLE_HT40);
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 724534dd0123..ad0bd2b80749 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -1177,6 +1177,13 @@ struct wpa_ssid {
* 2 = both hunting-and-pecking loop and hash-to-element enabled
*/
int sae_pwe;
+
+ /**
+ * suppress_deauth_no_pmksa - Whether deauth when PMKSA is empty
+ * 0 = To deauthenticate if there is no PMKSA entry (default)
+ * 1 = To suppress deauthenticate if there is no PMKSA entry
+ */
+ int suppress_deauth_no_pmksa;
};
#endif /* CONFIG_SSID_H */
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 816a884a8179..afdcf43194c4 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1504,6 +1504,7 @@ void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
conf.force_kdk_derivation = wpa_s->conf->force_kdk_derivation;
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_PASN */
+ conf.suppress_deauth_no_pmksa = ssid->suppress_deauth_no_pmksa;
}
wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL);
}

32
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0020-Fix-to-check-Invalid-GTK-IE-length-in-M3-at-STA.patch Normal file
View File

@ -0,0 +1,32 @@
From: Suresh Sanaboina <suresh.sanaboina@infineon.com>
Date: Tue, 1 Feb 2022 13:02:07 +0000
Subject: [PATCH] Fix to check Invalid GTK IE length in M3 at STA
---
src/rsn_supp/wpa.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index a9f1fb916a8d..1f6401ef39a9 100644
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -1661,6 +1661,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
{
u16 key_info, keylen;
struct wpa_eapol_ie_parse ie;
+ struct wpa_gtk_data gd; /* Used for checking gtk length*/
wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 3 of 4-Way "
@@ -1763,6 +1764,11 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
wpa_supplicant_install_ptk(sm, key, KEY_FLAG_RX))
goto failed;
+ /* Checking gtk_len before sending msg 4/4. If it is greater than
+ * 32 bytes drop it. No GTK to be set EAPOL WPA KEY */
+ if (ie.gtk && (ie.gtk_len < 2 || ie.gtk_len - 2 > sizeof(gd.gtk)))
+ goto failed;
+
if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
&sm->ptk) < 0) {
goto failed;

28
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0020-defconfig-enable-CONFIG_TLS_ADD_DL-for-DPP.patch
View File

@ -1,28 +0,0 @@
From 259f32b95c6ac1efdae74f2df53eb322ab8c71de Mon Sep 17 00:00:00 2001
From: Kurt Lee <kurt.lee@cypress.com>
Date: Mon, 8 Feb 2021 01:45:30 -0600
Subject: [PATCH 20/20] defconfig: enable CONFIG_TLS_ADD_DL for DPP
DPP feature has dependency on CONFIG_TLS_ADD_DL thus we should enable
it.
---
hostapd/defconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hostapd/defconfig b/hostapd/defconfig
index cd247832b..548feaaa4 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -285,7 +285,8 @@ CONFIG_DEBUG_FILE=y
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
-#CONFIG_TLS=openssl
+CONFIG_TLS=openssl
+CONFIG_TLS_ADD_DL=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
--
2.17.1

42
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend
View File

@ -7,29 +7,33 @@ PACKAGECONFIG ?= "openssl"
SRC_URI += " \
file://0001-wpa_supplicant-enable-control-socket-interface-when-.patch \
${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'file://0002-wpa_supplicant-systemd-enable-control-socket-interfa.patch', '', d)} \
file://0003-mesh-encapsulate-VHT-property-with-the-proper-CONFIG.patch \
file://wpa_supplicant_p2p.conf \
"
# We maintain all patches from Infineon release, but do not apply the patches that
# touches files under 'hostapd' directory, as that directory is not available in the
# wpa_supplicant package from a release tarball.
MURATA_COMMON_PATCHES = " \
file://murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch;apply=yes \
file://murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch;apply=yes \
file://murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch;apply=yes \
file://murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch;apply=yes \
file://murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch;apply=yes \
file://murata/0006-nl80211-Check-SAE-authentication-offload-support.patch;apply=yes \
file://murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch;apply=yes \
file://murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch;apply=yes \
file://murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch;apply=yes \
file://murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch;apply=yes \
file://murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch;apply=yes \
file://murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch;apply=yes \
file://murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch;apply=yes \
file://murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch;apply=yes \
file://murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch;apply=yes \
file://murata/0017-hostapd-Fix-PMF-connection-issue.patch;apply=yes \
file://murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch;apply=yes \
file://murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch;apply=yes \
file://murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch \
file://murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch \
file://murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch \
file://murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch \
file://murata/0005-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch \
file://murata/0006-nl80211-Check-SAE-authentication-offload-support.patch \
file://murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch \
file://murata/0008-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch \
file://murata/0009-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch \
file://murata/0010-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch \
file://murata/0011-SAE-Support-SAE-authentication-offload-in-AP-mode.patch \
file://murata/0012-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch \
file://murata/0013-non-upstream-defconfig_base-Add-Infineon-default-con.patch \
file://murata/0014-non-upstream-defconfig_base-Add-Infineon-default-con.patch;apply=no \
file://murata/0015-Add-CONFIG_WPA3_SAE_AUTH_EARLY_SET-flags-and-codes-f.patch \
file://murata/0016-Add-CONFIG_WPA3_SAE_AUTH_EARLY_SET-flags-and-codes-s.patch;apply=no \
file://murata/0017-SAE-Set-the-right-WPA-Versions-for-FT-SAE-key-manage.patch \
file://murata/0018-wpa_supplicant-Support-WPA_KEY_MGMT_FT-for-eapol-off.patch \
file://murata/0019-wpa_supplicant-suppress-deauth-for-PMKSA-caching-dis.patch \
file://murata/0020-Fix-to-check-Invalid-GTK-IE-length-in-M3-at-STA.patch \
"
SRC_URI:append:ccimx6sbc = " file://wpa_supplicant_p2p.conf_atheros"