Digi
/
meta-digi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wpa_supplicant: add support to Murata wireless chips 

This patch series is based on the support software package
"Infineon-cypress-fmac-v5.4.18-2021_0527" which is the latest based on
Hostap v2.9.

Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
This commit is contained in:
Arturo Buzarra 2022-05-09 11:54:26 +02:00
parent 7b61614eae
commit 20b9eb5255
21 changed files with 1682 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch Normal file
View File

@ -0,0 +1,30 @@
From 6ce23de6fdd3fd610baa3aec65753b30804cefac Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 11:32:11 +0800
Subject: [PATCH 01/20] wpa_supplicant: Support 4-way handshake offload for
FT-EAP
Add support of 4-way handshake offload for FT-EAP.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
wpa_supplicant/wpa_supplicant.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 911d79d17..73e69ab8f 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -3228,7 +3228,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
(params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
- params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
+ params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ||
+ params.key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X))
params.req_handshake_offload = 1;
if (wpa_s->conf->key_mgmt_offload) {
--
2.17.1

145
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch Normal file
View File

@ -0,0 +1,145 @@
From 69ffae75ad735b5236ac9425f36e6ede7b6fdb92 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 15:22:57 +0800
Subject: [PATCH 02/20] wpa_supplicant: Notify Neighbor Report for
driver-triggered request
Sending a Neighbor Report request can be triggered by either supplicant
or device driver. This patch adds the notification of incoming Neighbor
Report response for the driver-triggered request.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
wpa_supplicant/rrm.c | 100 +++++++++++++++++++++++++++++++++++--------
1 file changed, 83 insertions(+), 17 deletions(-)
diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c
index 8468b2f86..98efa856c 100644
--- a/wpa_supplicant/rrm.c
+++ b/wpa_supplicant/rrm.c
@@ -52,6 +52,71 @@ void wpas_rrm_reset(struct wpa_supplicant *wpa_s)
wpas_clear_beacon_rep_data(wpa_s);
}
+/*
+ * wpas_rrm_notify_neighbor_rep - Notify received neighbor report
+ * @wpa_s: Pointer to wpa_supplicant
+ * @neighbor_rep: Pointer to neighbor report elements
+ */
+void wpas_rrm_notify_neighbor_rep(struct wpa_supplicant *wpa_s,
+ struct wpabuf *neighbor_rep)
+{
+ size_t len;
+ const u8 *data;
+
+ /*
+ * Neighbor Report element (IEEE Std 802.11-2016: 9.4.2.37)
+ * Element ID[1]
+ * Length[1]
+ * BSSID[6]
+ * BSSID Information[4]
+ * Operating Class[1]
+ * Channel Number[1]
+ * PHY Type[1]
+ * Optional Subelements[variable]
+ */
+#define NR_IE_MIN_LEN (ETH_ALEN + 4 + 1 + 1 + 1)
+
+ if (wpabuf_len(neighbor_rep) == 0) {
+ wpa_msg(wpa_s, MSG_INFO, RRM_EVENT_NEIGHBOR_REP_RXED
+ "No neighbors of the associated AP");
+ goto out;
+ }
+
+ data = wpabuf_head_u8(neighbor_rep);
+ len = wpabuf_len(neighbor_rep);
+
+ while (len >= 2 + NR_IE_MIN_LEN) {
+ const u8 *nr;
+ u8 nr_len = data[1];
+ const u8 *pos = data, *end;
+
+ if ((pos[0] != WLAN_EID_NEIGHBOR_REPORT) ||
+ (nr_len < NR_IE_MIN_LEN) ||
+ (2U + nr_len > len)) {
+ wpa_printf(MSG_DEBUG,
+ "RRM: Invalid Neighbor Report element: "
+ "id=%u len=%zu nr_len=%u",
+ data[0], len, nr_len);
+ goto out;
+ }
+
+ pos += 2;
+ end = pos + nr_len;
+ nr = pos;
+
+ wpa_msg(wpa_s, MSG_INFO, RRM_EVENT_NEIGHBOR_REP_RXED
+ "bssid=" MACSTR
+ " info=0x%x op_class=%u chan=%u phy_type=%u",
+ MAC2STR(nr), WPA_GET_LE32(nr + ETH_ALEN),
+ nr[ETH_ALEN + 4], nr[ETH_ALEN + 5], nr[ETH_ALEN + 6]);
+
+ data = end;
+ len -= 2 + nr_len;
+ }
+
+out:
+ wpabuf_free(neighbor_rep);
+}
/*
* wpas_rrm_process_neighbor_rep - Handle incoming neighbor report
@@ -68,19 +133,17 @@ void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s,
if (report_len < 1)
return;
- if (report[0] != wpa_s->rrm.next_neighbor_rep_token - 1) {
- wpa_printf(MSG_DEBUG,
- "RRM: Discarding neighbor report with token %d (expected %d)",
- report[0], wpa_s->rrm.next_neighbor_rep_token - 1);
- return;
- }
-
- eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
- NULL);
+ if (wpa_s->rrm.notify_neighbor_rep) {
+ if (report[0] != wpa_s->rrm.next_neighbor_rep_token - 1) {
+ wpa_printf(MSG_DEBUG,
+ "RRM: Discarding neighbor report with token "
+ "%d (expected %d)", report[0],
+ wpa_s->rrm.next_neighbor_rep_token - 1);
+ return;
+ }
- if (!wpa_s->rrm.notify_neighbor_rep) {
- wpa_printf(MSG_ERROR, "RRM: Unexpected neighbor report");
- return;
+ eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler,
+ &wpa_s->rrm, NULL);
}
/* skipping the first byte, which is only an id (dialog token) */
@@ -92,12 +155,15 @@ void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s,
wpabuf_put_data(neighbor_rep, report + 1, report_len - 1);
wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report (token = %d)",
report[0]);
- wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx,
- neighbor_rep);
- wpa_s->rrm.notify_neighbor_rep = NULL;
- wpa_s->rrm.neighbor_rep_cb_ctx = NULL;
-}
+ if (wpa_s->rrm.notify_neighbor_rep) {
+ wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx,
+ neighbor_rep);
+ wpa_s->rrm.notify_neighbor_rep = NULL;
+ wpa_s->rrm.neighbor_rep_cb_ctx = NULL;
+ } else
+ wpas_rrm_notify_neighbor_rep(wpa_s, neighbor_rep);
+}
#if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
/* Workaround different, undefined for Windows, error codes used here */
--
2.17.1

43
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch Normal file
View File

@ -0,0 +1,43 @@
From d1a1dfa41029ca67c93e360268c87330ff172b79 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 15:55:21 +0800
Subject: [PATCH 03/20] nl80211: Report connection authorized in EVENT_ASSOC
When roaming in a network that requires 802.1X authentication, device
driver could set the authorized flag if 4-way handshake offload or FT
offload is considered.
This patch enables the report of connection authorized in EVENT_ASSOC to
indicate the requirement of 802.1X authentication.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/drivers/driver_nl80211_event.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c
index 7c1633066..cf9c72fbf 100644
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -422,7 +422,7 @@ static void mlme_event_connect(struct wpa_driver_nl80211_data *drv,
wpa_ssid_txt(drv->ssid, drv->ssid_len));
}
- if (authorized && nla_get_u8(authorized)) {
+ if (authorized && nla_get_flag(authorized)) {
event.assoc_info.authorized = 1;
wpa_printf(MSG_DEBUG, "nl80211: connection authorized");
}
@@ -2529,7 +2529,8 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd,
tb[NL80211_ATTR_RESP_IE],
tb[NL80211_ATTR_TIMED_OUT],
tb[NL80211_ATTR_TIMEOUT_REASON],
- NULL, NULL, NULL,
+ tb[NL80211_ATTR_PORT_AUTHORIZED],
+ NULL, NULL,
tb[NL80211_ATTR_FILS_KEK],
NULL,
tb[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM],
--
2.17.1

107
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch Normal file
View File

@ -0,0 +1,107 @@
From 45be35df00f026bb14d176988d1593b1ea541e60 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 16:05:49 +0800
Subject: [PATCH 04/20] wpa_supplicant: Add PMKSA cache for 802.1X 4-way
handshake
Add PMKSA cache and set PMK to the driver for 802.1X 4-way handshake
offload.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
wpa_supplicant/wpas_glue.c | 59 +++++++++++++++++++++++---------------
1 file changed, 36 insertions(+), 23 deletions(-)
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 62af7f6b1..3a63bc7ea 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -12,6 +12,7 @@
#include "eapol_supp/eapol_supp_sm.h"
#include "eap_peer/eap.h"
#include "rsn_supp/wpa.h"
+#include "rsn_supp/wpa_i.h"
#include "eloop.h"
#include "config.h"
#include "l2_packet/l2_packet.h"
@@ -272,6 +273,7 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
void *ctx)
{
struct wpa_supplicant *wpa_s = ctx;
+ struct wpa_sm *sm = wpa_s->wpa;
int res, pmk_len;
u8 pmk[PMK_LEN];
@@ -306,35 +308,46 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
"handshake");
pmk_len = PMK_LEN;
- if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
+ if (sm->cur_pmksa) {
+ pmk_len = sm->pmk_len;
+ os_memcpy(pmk, sm->pmk, pmk_len);
+ } else {
+ if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
#ifdef CONFIG_IEEE80211R
- u8 buf[2 * PMK_LEN];
- wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
- "driver-based 4-way hs and FT");
- res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
- if (res == 0) {
- os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
- os_memset(buf, 0, sizeof(buf));
- }
+ u8 buf[2 * PMK_LEN];
+ wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
+ "driver-based 4-way hs and FT");
+ res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
+ if (res == 0) {
+ os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
+ os_memset(buf, 0, sizeof(buf));
+ }
#else /* CONFIG_IEEE80211R */
- res = -1;
+ res = -1;
#endif /* CONFIG_IEEE80211R */
- } else {
- res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
+ } else {
+ res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
+ if (res) {
+ /*
+ * EAP-LEAP is an exception from other EAP
+ * methods: it uses only 16-byte PMK.
+ */
+ res = eapol_sm_get_key(eapol, pmk, 16);
+ pmk_len = 16;
+ }
+ }
+
if (res) {
- /*
- * EAP-LEAP is an exception from other EAP methods: it
- * uses only 16-byte PMK.
- */
- res = eapol_sm_get_key(eapol, pmk, 16);
- pmk_len = 16;
+ wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL "
+ "state machines");
+ return;
}
- }
- if (res) {
- wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state "
- "machines");
- return;
+ sm->pmk_len = pmk_len;
+ os_memcpy(sm->pmk, pmk, pmk_len);
+ pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, NULL, 0,
+ sm->bssid, sm->own_addr,
+ sm->network_ctx, sm->key_mgmt, NULL);
}
wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
--
2.17.1

244
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch Normal file
View File

@ -0,0 +1,244 @@
From 0a05505eff7c36f81e946eeaa79e8f50900365aa Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Tue, 10 Sep 2019 13:42:14 +0300
Subject: [PATCH 05/20] Sync with mac80211-next.git
include/uapi/linux/nl80211.h
commit 262b71eead4752b4f3f3285f2ee2041c5b115202 master.
This brings in nl80211 definitions as of 2019-08-30.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/drivers/nl80211_copy.h | 91 ++++++++++++++++++++++++++++++++++++--
1 file changed, 88 insertions(+), 3 deletions(-)
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index 6f09d1500..beee59c83 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -52,6 +52,11 @@
#define NL80211_MULTICAST_GROUP_NAN "nan"
#define NL80211_MULTICAST_GROUP_TESTMODE "testmode"
+#define NL80211_EDMG_BW_CONFIG_MIN 4
+#define NL80211_EDMG_BW_CONFIG_MAX 15
+#define NL80211_EDMG_CHANNELS_MIN 1
+#define NL80211_EDMG_CHANNELS_MAX 0x3c /* 0b00111100 */
+
/**
* DOC: Station handling
*
@@ -234,6 +239,15 @@
* use in a FILS shared key connection with PMKSA caching.
*/
+/**
+ * DOC: SAE authentication offload
+ *
+ * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
+ * support offloading SAE authentication for WPA3-Personal networks. In
+ * %NL80211_CMD_CONNECT the password for SAE should be specified using
+ * %NL80211_ATTR_SAE_PASSWORD.
+ */
+
/**
* enum nl80211_commands - supported nl80211 commands
*
@@ -648,7 +662,9 @@
* is used during CSA period.
* @NL80211_CMD_FRAME_WAIT_CANCEL: When an off-channel TX was requested, this
* command may be used with the corresponding cookie to cancel the wait
- * time if it is known that it is no longer necessary.
+ * time if it is known that it is no longer necessary. This command is
+ * also sent as an event whenever the driver has completed the off-channel
+ * wait time.
* @NL80211_CMD_ACTION: Alias for @NL80211_CMD_FRAME for backward compatibility.
* @NL80211_CMD_FRAME_TX_STATUS: Report TX status of a management frame
* transmitted with %NL80211_CMD_FRAME. %NL80211_ATTR_COOKIE identifies
@@ -2341,6 +2357,22 @@ enum nl80211_commands {
* should be picking up the lowest tx power, either tx power per-interface
* or per-station.
*
+ * @NL80211_ATTR_SAE_PASSWORD: attribute for passing SAE password material. It
+ * is used with %NL80211_CMD_CONNECT to provide password for offloading
+ * SAE authentication for WPA3-Personal networks.
+ *
+ * @NL80211_ATTR_TWT_RESPONDER: Enable target wait time responder support.
+ *
+ * @NL80211_ATTR_HE_OBSS_PD: nested attribute for OBSS Packet Detection
+ * functionality.
+ *
+ * @NL80211_ATTR_WIPHY_EDMG_CHANNELS: bitmap that indicates the 2.16 GHz
+ * channel(s) that are allowed to be used for EDMG transmissions.
+ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251. (u8 attribute)
+ * @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG: Channel BW Configuration subfield encodes
+ * the allowed channel bandwidth configurations. (u8 attribute)
+ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251, Table 13.
+ *
* @NUM_NL80211_ATTR: total number of nl80211_attrs available
* @NL80211_ATTR_MAX: highest attribute number currently defined
* @__NL80211_ATTR_AFTER_LAST: internal use
@@ -2794,6 +2826,15 @@ enum nl80211_attrs {
NL80211_ATTR_STA_TX_POWER_SETTING,
NL80211_ATTR_STA_TX_POWER,
+ NL80211_ATTR_SAE_PASSWORD,
+
+ NL80211_ATTR_TWT_RESPONDER,
+
+ NL80211_ATTR_HE_OBSS_PD,
+
+ NL80211_ATTR_WIPHY_EDMG_CHANNELS,
+ NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
+
/* add attributes here, update the policy in nl80211.c */
__NL80211_ATTR_AFTER_LAST,
@@ -2844,7 +2885,7 @@ enum nl80211_attrs {
#define NL80211_HT_CAPABILITY_LEN 26
#define NL80211_VHT_CAPABILITY_LEN 12
#define NL80211_HE_MIN_CAPABILITY_LEN 16
-#define NL80211_HE_MAX_CAPABILITY_LEN 51
+#define NL80211_HE_MAX_CAPABILITY_LEN 54
#define NL80211_MAX_NR_CIPHER_SUITES 5
#define NL80211_MAX_NR_AKM_SUITES 2
@@ -3175,6 +3216,8 @@ enum nl80211_sta_bss_param {
* sent to the station (u64, usec)
* @NL80211_STA_INFO_AIRTIME_WEIGHT: current airtime weight for station (u16)
* @NL80211_STA_INFO_AIRTIME_LINK_METRIC: airtime link metric for mesh station
+ * @NL80211_STA_INFO_ASSOC_AT_BOOTTIME: Timestamp (CLOCK_BOOTTIME, nanoseconds)
+ * of STA's association
* @__NL80211_STA_INFO_AFTER_LAST: internal
* @NL80211_STA_INFO_MAX: highest possible station info attribute
*/
@@ -3221,6 +3264,7 @@ enum nl80211_sta_info {
NL80211_STA_INFO_TX_DURATION,
NL80211_STA_INFO_AIRTIME_WEIGHT,
NL80211_STA_INFO_AIRTIME_LINK_METRIC,
+ NL80211_STA_INFO_ASSOC_AT_BOOTTIME,
/* keep last */
__NL80211_STA_INFO_AFTER_LAST,
@@ -3402,6 +3446,12 @@ enum nl80211_band_iftype_attr {
* @NL80211_BAND_ATTR_VHT_CAPA: VHT capabilities, as in the HT information IE
* @NL80211_BAND_ATTR_IFTYPE_DATA: nested array attribute, with each entry using
* attributes from &enum nl80211_band_iftype_attr
+ * @NL80211_BAND_ATTR_EDMG_CHANNELS: bitmap that indicates the 2.16 GHz
+ * channel(s) that are allowed to be used for EDMG transmissions.
+ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251.
+ * @NL80211_BAND_ATTR_EDMG_BW_CONFIG: Channel BW Configuration subfield encodes
+ * the allowed channel bandwidth configurations.
+ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251, Table 13.
* @NL80211_BAND_ATTR_MAX: highest band attribute currently defined
* @__NL80211_BAND_ATTR_AFTER_LAST: internal use
*/
@@ -3419,6 +3469,9 @@ enum nl80211_band_attr {
NL80211_BAND_ATTR_VHT_CAPA,
NL80211_BAND_ATTR_IFTYPE_DATA,
+ NL80211_BAND_ATTR_EDMG_CHANNELS,
+ NL80211_BAND_ATTR_EDMG_BW_CONFIG,
+
/* keep last */
__NL80211_BAND_ATTR_AFTER_LAST,
NL80211_BAND_ATTR_MAX = __NL80211_BAND_ATTR_AFTER_LAST - 1
@@ -3817,6 +3870,8 @@ enum nl80211_user_reg_hint_type {
* @NL80211_SURVEY_INFO_TIME_SCAN: time the radio spent for scan
* (on this channel or globally)
* @NL80211_SURVEY_INFO_PAD: attribute used for padding for 64-bit alignment
+ * @NL80211_SURVEY_INFO_TIME_BSS_RX: amount of time the radio spent
+ * receiving frames destined to the local BSS
* @NL80211_SURVEY_INFO_MAX: highest survey info attribute number
* currently defined
* @__NL80211_SURVEY_INFO_AFTER_LAST: internal use
@@ -3833,6 +3888,7 @@ enum nl80211_survey_info {
NL80211_SURVEY_INFO_TIME_TX,
NL80211_SURVEY_INFO_TIME_SCAN,
NL80211_SURVEY_INFO_PAD,
+ NL80211_SURVEY_INFO_TIME_BSS_RX,
/* keep last */
__NL80211_SURVEY_INFO_AFTER_LAST,
@@ -4406,6 +4462,7 @@ enum nl80211_mfp {
enum nl80211_wpa_versions {
NL80211_WPA_VERSION_1 = 1 << 0,
NL80211_WPA_VERSION_2 = 1 << 1,
+ NL80211_WPA_VERSION_3 = 1 << 2,
};
/**
@@ -4516,6 +4573,7 @@ enum nl80211_txrate_gi {
* @NL80211_BAND_2GHZ: 2.4 GHz ISM band
* @NL80211_BAND_5GHZ: around 5 GHz band (4.9 - 5.7 GHz)
* @NL80211_BAND_60GHZ: around 60 GHz band (58.32 - 69.12 GHz)
+ * @NL80211_BAND_6GHZ: around 6 GHz band (5.9 - 7.2 GHz)
* @NUM_NL80211_BANDS: number of bands, avoid using this in userspace
* since newer kernel versions may support more bands
*/
@@ -4523,6 +4581,7 @@ enum nl80211_band {
NL80211_BAND_2GHZ,
NL80211_BAND_5GHZ,
NL80211_BAND_60GHZ,
+ NL80211_BAND_6GHZ,
NUM_NL80211_BANDS,
};
@@ -5314,7 +5373,7 @@ enum nl80211_feature_flags {
NL80211_FEATURE_TDLS_CHANNEL_SWITCH = 1 << 28,
NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR = 1 << 29,
NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR = 1 << 30,
- NL80211_FEATURE_ND_RANDOM_MAC_ADDR = 1 << 31,
+ NL80211_FEATURE_ND_RANDOM_MAC_ADDR = 1U << 31,
};
/**
@@ -5422,6 +5481,9 @@ enum nl80211_feature_flags {
* @NL80211_EXT_FEATURE_STA_TX_PWR: This driver supports controlling tx power
* to a station.
*
+ * @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in
+ * station mode (SAE password is passed as part of the connect command).
+ *
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
*/
@@ -5466,6 +5528,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD,
NL80211_EXT_FEATURE_EXT_KEY_ID,
NL80211_EXT_FEATURE_STA_TX_PWR,
+ NL80211_EXT_FEATURE_SAE_OFFLOAD,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
@@ -6464,4 +6527,26 @@ enum nl80211_peer_measurement_ftm_resp {
NL80211_PMSR_FTM_RESP_ATTR_MAX = NUM_NL80211_PMSR_FTM_RESP_ATTR - 1
};
+/**
+ * enum nl80211_obss_pd_attributes - OBSS packet detection attributes
+ * @__NL80211_HE_OBSS_PD_ATTR_INVALID: Invalid
+ *
+ * @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET: the OBSS PD minimum tx power offset.
+ * @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET: the OBSS PD maximum tx power offset.
+ *
+ * @__NL80211_HE_OBSS_PD_ATTR_LAST: Internal
+ * @NL80211_HE_OBSS_PD_ATTR_MAX: highest OBSS PD attribute.
+ */
+enum nl80211_obss_pd_attributes {
+ __NL80211_HE_OBSS_PD_ATTR_INVALID,
+
+ NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET,
+ NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET,
+
+ /* keep last */
+ __NL80211_HE_OBSS_PD_ATTR_LAST,
+ NL80211_HE_OBSS_PD_ATTR_MAX = __NL80211_HE_OBSS_PD_ATTR_LAST - 1,
+};
+
+
#endif /* __LINUX_NL80211_H */
--
2.17.1

45
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0006-nl80211-Check-SAE-authentication-offload-support.patch Normal file
View File

@ -0,0 +1,45 @@
From 52e388892a333c8366de69a2a09c00b86c60fadb Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 17:13:27 +0800
Subject: [PATCH 06/20] nl80211: Check SAE authentication offload support
Set WPA_DRIVER_FLAGS_SAE_OFFLOAD flag if driver indicates SAE
authentication offload support.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/drivers/driver.h | 2 ++
src/drivers/driver_nl80211_capa.c | 4 ++++
2 files changed, 6 insertions(+)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 2a8459ae3..a9ea3d77c 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1659,6 +1659,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
/** Driver support 4-way handshake offload for WPA-Personal */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
+/** Driver takes care of SAE authentication internally */
+#define WPA_DRIVER_FLAGS_SAE_OFFLOAD 0x0400000000000000ULL
u64 flags;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 8318b10ab..9aeddec22 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -433,6 +433,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
capa->flags |= WPA_DRIVER_FLAGS_FTM_RESPONDER;
+
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_SAE_OFFLOAD))
+ capa->flags |= WPA_DRIVER_FLAGS_SAE_OFFLOAD;
}
--
2.17.1

122
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch Normal file
View File

@ -0,0 +1,122 @@
From bce18a1340c4d27666182bf51648037b7db28065 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 29 Oct 2019 17:22:18 +0800
Subject: [PATCH 07/20] SAE: Pass SAE password on connect for SAE
authentication offload support
Pass SAE password on connect if driver advertises SAE authentication
offload support.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/drivers/driver.h | 8 ++++++++
src/drivers/driver_nl80211.c | 26 ++++++++++++++++++++++++--
wpa_supplicant/wpa_supplicant.c | 15 ++++++++++++++-
3 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index a9ea3d77c..ef47efe05 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -976,6 +976,14 @@ struct wpa_driver_associate_params {
*/
const u8 *psk;
+ /**
+ * sae_password - Password for SAE authentication
+ *
+ * This value is made available only for WPA3-Personal (SAE) and only
+ * for drivers that set WPA_DRIVER_FLAGS_SAE_OFFLOAD.
+ */
+ const char *sae_password;
+
/**
* drop_unencrypted - Enable/disable unencrypted frame filtering
*
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 0a356eefd..bd804b7f0 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -5517,8 +5517,12 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
if (params->wpa_proto & WPA_PROTO_WPA)
ver |= NL80211_WPA_VERSION_1;
- if (params->wpa_proto & WPA_PROTO_RSN)
- ver |= NL80211_WPA_VERSION_2;
+ if (params->wpa_proto & WPA_PROTO_RSN) {
+ if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE)
+ ver |= NL80211_WPA_VERSION_3;
+ else
+ ver |= NL80211_WPA_VERSION_2;
+ }
wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver);
if (nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
@@ -5648,6 +5652,22 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
return -1;
}
+ /* add SAE password in case of SAE authentication offload */
+ if ((params->sae_password || params->passphrase) &&
+ (drv->capa.flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)) {
+ const char *password;
+ size_t pwd_len;
+
+ password = params->sae_password;
+ if (!password)
+ password = params->passphrase;
+ pwd_len = os_strlen(password);
+ wpa_hexdump_ascii_key(MSG_DEBUG, " * SAE password",
+ (u8 *) password, pwd_len);
+ if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
+ return -1;
+ }
+
if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
return -1;
@@ -5755,6 +5775,8 @@ static int wpa_driver_nl80211_try_connect(
algs++;
if (params->auth_alg & WPA_AUTH_ALG_FT)
algs++;
+ if (params->auth_alg & WPA_AUTH_ALG_SAE)
+ algs++;
if (algs > 1) {
wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic "
"selection");
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 73e69ab8f..2f91e1f0c 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1407,7 +1407,8 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
"WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
ie.key_mgmt, ssid->key_mgmt, sel);
#ifdef CONFIG_SAE
- if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
+ if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) &&
+ !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD))
sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
#endif /* CONFIG_SAE */
if (0) {
@@ -3250,6 +3251,18 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
params.psk = ssid->psk;
}
+ if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD) &&
+ wpa_key_mgmt_sae(params.key_mgmt_suite)) {
+ params.auth_alg = WPA_AUTH_ALG_SAE;
+ if (ssid->sae_password)
+ params.sae_password = ssid->sae_password;
+ else if (ssid->passphrase)
+ params.passphrase = ssid->passphrase;
+
+ if (ssid->psk_set)
+ params.psk = ssid->psk;
+ }
+
params.drop_unencrypted = use_crypt;
#ifdef CONFIG_IEEE80211W
--
2.17.1

31
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch Normal file
View File

@ -0,0 +1,31 @@
From 8fabb3a2f5c8c1efb7c92a03079e760e88aa04aa Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Fri, 8 Nov 2019 13:23:05 -0600
Subject: [PATCH 08/20] OpenSSL: Fix build with OpenSSL 1.0.1
The openssl_debug_dump_certificate_chains() implementation used
SSL_CERT_SET_FIRST and SSL_CERT_SET_NEXT, which were added in OpenSSL
1.0.2. Bypass this function to fix build failure with OpenSSL 1.0.1.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/crypto/tls_openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 07d38e47b..a74af7bbf 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -5201,7 +5201,8 @@ static void openssl_debug_dump_certificates(SSL_CTX *ssl_ctx)
static void openssl_debug_dump_certificate_chains(SSL_CTX *ssl_ctx)
{
-#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(BORINGSSL_API_VERSION)
+#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(BORINGSSL_API_VERSION) && \
+ OPENSSL_VERSION_NUMBER >= 0x10002000L
int res;
for (res = SSL_CTX_set_current_cert(ssl_ctx, SSL_CERT_SET_FIRST);
--
2.17.1

110
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch Normal file
View File

@ -0,0 +1,110 @@
From ae98c14eb1e78ffaf2321e050a593f18ca67dae2 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:00:51 -0600
Subject: [PATCH 09/20] non-upstream: Sync nl80211.h for PSK 4-way HS offload
support in AP mode
This brings in nl80211 definition for WPA/WPA2-PSK 4-way handshake
offload support in AP mode.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/drivers/nl80211_copy.h | 51 +++++++++++++++++++++++++-------------
1 file changed, 34 insertions(+), 17 deletions(-)
diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h
index beee59c83..1224f81c3 100644
--- a/src/drivers/nl80211_copy.h
+++ b/src/drivers/nl80211_copy.h
@@ -183,18 +183,27 @@
*
* By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers
* can indicate they support offloading EAPOL handshakes for WPA/WPA2
- * preshared key authentication. In %NL80211_CMD_CONNECT the preshared
- * key should be specified using %NL80211_ATTR_PMK. Drivers supporting
- * this offload may reject the %NL80211_CMD_CONNECT when no preshared
- * key material is provided, for example when that driver does not
- * support setting the temporal keys through %CMD_NEW_KEY.
+ * preshared key authentication in station mode. In %NL80211_CMD_CONNECT
+ * the preshared key should be specified using %NL80211_ATTR_PMK. Drivers
+ * supporting this offload may reject the %NL80211_CMD_CONNECT when no
+ * preshared key material is provided, for example when that driver does
+ * not support setting the temporal keys through %NL80211_CMD_NEW_KEY.
*
* Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be
* set by drivers indicating offload support of the PTK/GTK EAPOL
- * handshakes during 802.1X authentication. In order to use the offload
- * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS
- * attribute flag. Drivers supporting this offload may reject the
- * %NL80211_CMD_CONNECT when the attribute flag is not present.
+ * handshakes during 802.1X authentication in station mode. In order to
+ * use the offload the %NL80211_CMD_CONNECT should have
+ * %NL80211_ATTR_WANT_1X_4WAY_HS attribute flag. Drivers supporting this
+ * offload may reject the %NL80211_CMD_CONNECT when the attribute flag is
+ * not present.
+ *
+ * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK flag drivers
+ * can indicate they support offloading EAPOL handshakes for WPA/WPA2
+ * preshared key authentication in AP mode. In %NL80211_CMD_START_AP
+ * the preshared key should be specified using %NL80211_ATTR_PMK. Drivers
+ * supporting this offload may reject the %NL80211_CMD_START_AP when no
+ * preshared key material is provided, for example when that driver does
+ * not support setting the temporal keys through %NL80211_CMD_NEW_KEY.
*
* For 802.1X the PMK or PMK-R0 are set by providing %NL80211_ATTR_PMK
* using %NL80211_CMD_SET_PMK. For offloaded FT support also
@@ -243,9 +252,10 @@
* DOC: SAE authentication offload
*
* By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they
- * support offloading SAE authentication for WPA3-Personal networks. In
- * %NL80211_CMD_CONNECT the password for SAE should be specified using
- * %NL80211_ATTR_SAE_PASSWORD.
+ * support offloading SAE authentication for WPA3-Personal networks. The
+ * password for SAE should be specified using %NL80211_ATTR_SAE_PASSWORD in
+ * %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP for station and AP mode
+ * respectively.
*/
/**
@@ -2285,10 +2295,11 @@ enum nl80211_commands {
*
* @NL80211_ATTR_PMK: attribute for passing PMK key material. Used with
* %NL80211_CMD_SET_PMKSA for the PMKSA identified by %NL80211_ATTR_PMKID.
- * For %NL80211_CMD_CONNECT it is used to provide PSK for offloading 4-way
- * handshake for WPA/WPA2-PSK networks. For 802.1X authentication it is
- * used with %NL80211_CMD_SET_PMK. For offloaded FT support this attribute
- * specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME is included as well.
+ * For %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP it is used to provide
+ * PSK for offloading 4-way handshake for WPA/WPA2-PSK networks. For 802.1X
+ * authentication it is used with %NL80211_CMD_SET_PMK. For offloaded FT
+ * support this attribute specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME
+ * is included as well.
*
* @NL80211_ATTR_SCHED_SCAN_MULTI: flag attribute which user-space shall use to
* indicate that it supports multiple active scheduled scan requests.
@@ -5482,7 +5493,12 @@ enum nl80211_feature_flags {
* to a station.
*
* @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in
- * station mode (SAE password is passed as part of the connect command).
+ * station mode (SAE password is passed as part of the connect command)
+ * or AP mode (SAE password is passed as part of the start AP command).
+ *
+ * @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK: Device wants to do 4-way
+ * handshake with PSK in AP mode (PSK is passed as part of the start AP
+ * command).
*
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
@@ -5529,6 +5545,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_EXT_KEY_ID,
NL80211_EXT_FEATURE_STA_TX_PWR,
NL80211_EXT_FEATURE_SAE_OFFLOAD,
+ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
--
2.17.1

110
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch Normal file
View File

@ -0,0 +1,110 @@
From 1ea301a06353817680bc85abde6f2b684d37c16e Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:02:39 -0600
Subject: [PATCH 10/20] nl80211: Support 4-way handshake offload for
WPA/WPA2-PSK in AP mode
If driver advertises support for WPA/WPA2-PSK 4-way handshake offload in
AP mode, set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK flag and pass PSK in
NL80211_CMD_NEW_BEACON command.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/drivers/driver.h | 29 ++++++++++++++++++++++++++---
src/drivers/driver_nl80211.c | 8 ++++++++
src/drivers/driver_nl80211_capa.c | 3 +++
3 files changed, 37 insertions(+), 3 deletions(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index ef47efe05..462e6f677 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1450,6 +1450,27 @@ struct wpa_driver_ap_params {
* type 11 as defined in IEEE Std 802.11-2016, 9.4.2.22.13
*/
const struct wpabuf *civic;
+
+ /**
+ * passphrase - RSN passphrase for PSK
+ *
+ * This value is made available only for WPA/WPA2-Personal (PSK) and
+ * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK.
+ * This is the 8..63 character ASCII passphrase, if available. Please
+ * note that this can be %NULL if passphrase was not used to generate
+ * the PSK. In that case, the psk field must be used to fetch the PSK.
+ */
+ const char *passphrase;
+
+ /**
+ * psk - RSN PSK (alternative for passphrase for PSK)
+ *
+ * This value is made available only for WPA/WPA2-Personal (PSK) and
+ * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK.
+ * This is the 32-octet (256-bit) PSK, if available. The driver wrapper
+ * should be prepared to handle %NULL value as an error.
+ */
+ const u8 *psk;
};
struct wpa_driver_mesh_bss_params {
@@ -1539,8 +1560,8 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC 0x00000002
/** Driver takes care of all DFS operations */
#define WPA_DRIVER_FLAGS_DFS_OFFLOAD 0x00000004
-/** Driver takes care of RSN 4-way handshake internally; PMK is configured with
- * struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */
+/** Driver takes care of RSN 4-way handshake internally in station mode; PMK is
+ * configured with struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X 0x00000008
/** Driver is for a wired Ethernet interface */
#define WPA_DRIVER_FLAGS_WIRED 0x00000010
@@ -1665,10 +1686,12 @@ struct wpa_driver_capa {
#define WPA_DRIVER_FLAGS_SELF_MANAGED_REGULATORY 0x0080000000000000ULL
/** Driver supports FTM responder functionality */
#define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL
-/** Driver support 4-way handshake offload for WPA-Personal */
+/** Driver supports 4-way handshake offload for WPA-Personal in station mode*/
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL
/** Driver takes care of SAE authentication internally */
#define WPA_DRIVER_FLAGS_SAE_OFFLOAD 0x0400000000000000ULL
+/** Driver supports 4-way handshake offload for WPA-Personal in AP mode */
+#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK 0x0800000000000000ULL
u64 flags;
#define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index bd804b7f0..4679c43d9 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -4188,6 +4188,14 @@ static int wpa_driver_nl80211_set_ap(void *priv,
nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
goto fail;
+ /* Add PSK in case of 4-way handshake offload */
+ if (params->psk &&
+ (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)) {
+ wpa_hexdump_key(MSG_DEBUG, "nl80211: PSK", params->psk, 32);
+ if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk))
+ goto fail;
+ }
+
if (params->ht_opmode != -1) {
switch (params->smps_mode) {
case HT_CAP_INFO_SMPS_DYNAMIC:
diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 9aeddec22..bd77a50ec 100644
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -408,6 +408,9 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X;
+ if (ext_feature_isset(ext_features, len,
+ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
+ capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK;
if (ext_feature_isset(ext_features, len,
NL80211_EXT_FEATURE_MFP_OPTIONAL))
--
2.17.1

109
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch Normal file
View File

@ -0,0 +1,109 @@
From 6df8c5e8669ddf2f0921b9c87a44e7d66b4e6d56 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:03:57 -0600
Subject: [PATCH 11/20] AP: Support 4-way handshake offload for WPA/WPA2-PSK
Add support for WPA/WPA2-PSK 4-way handshake offload in AP mode. In this
case, the 4-way handshake is handled by driver instead of user space.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/ap/beacon.c | 8 ++++++++
src/ap/hostapd.c | 8 +++++++-
src/ap/wpa_auth.c | 8 ++++++++
src/ap/wpa_auth.h | 1 +
src/ap/wpa_auth_glue.c | 2 ++
5 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index a51b94960..73b231ab1 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1378,6 +1378,14 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
}
}
+ if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) &&
+ (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)) {
+ if (hapd->conf->ssid.wpa_passphrase)
+ params->passphrase = hapd->conf->ssid.wpa_passphrase;
+ if (hapd->conf->ssid.wpa_psk->psk)
+ params->psk = hapd->conf->ssid.wpa_psk->psk;
+ }
+
return 0;
}
diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c
index bf1975fbd..f569e7661 100644
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -3049,6 +3049,8 @@ int hostapd_remove_iface(struct hapd_interfaces *interfaces, char *buf)
void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
int reassoc)
{
+ int key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm);
+
if (hapd->tkip_countermeasures) {
hostapd_drv_sta_deauth(hapd, sta->addr,
WLAN_REASON_MICHAEL_MIC_FAILURE);
@@ -3085,7 +3087,11 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
/* Start IEEE 802.1X authentication process for new stations */
ieee802_1x_new_station(hapd, sta);
if (reassoc) {
- if (sta->auth_alg != WLAN_AUTH_FT &&
+ if ((hapd->iface->drv_flags &
+ WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) &&
+ wpa_key_mgmt_wpa_psk(key_mgmt))
+ wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm);
+ else if (sta->auth_alg != WLAN_AUTH_FT &&
sta->auth_alg != WLAN_AUTH_FILS_SK &&
sta->auth_alg != WLAN_AUTH_FILS_SK_PFS &&
sta->auth_alg != WLAN_AUTH_FILS_PK &&
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c56077001..c64ca6688 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -652,6 +652,14 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
}
#endif /* CONFIG_FILS */
+ if (wpa_auth->conf.psk_4way_hs_offload) {
+ wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
+ "4-way handshake offloading for WPA/WPA2-PSK");
+ sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
+ sm->Pair = TRUE;
+ return 0;
+ }
+
if (sm->started) {
os_memset(&sm->key_replay, 0, sizeof(sm->key_replay));
sm->ReAuthenticationRequest = TRUE;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index a348bc25a..82cb3f7ae 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -232,6 +232,7 @@ struct wpa_auth_config {
unsigned int fils_cache_id_set:1;
u8 fils_cache_id[FILS_CACHE_ID_LEN];
#endif /* CONFIG_FILS */
+ int psk_4way_hs_offload;
};
typedef enum {
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 0800a8748..8d81fd785 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1305,6 +1305,8 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
_conf.tx_status = 1;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
_conf.ap_mlme = 1;
+ if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)
+ _conf.psk_4way_hs_offload = 1;
hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
if (hapd->wpa_auth == NULL) {
wpa_printf(MSG_ERROR, "WPA initialization failed.");
--
2.17.1

94
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch Normal file
View File

@ -0,0 +1,94 @@
From e0162995700e44d7ec210f6ef2a5843286b06d02 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:05:16 -0600
Subject: [PATCH 12/20] nl80211: Support SAE authentication offload in AP mode
If driver advertises support for SAE authentication offload, pass SAE
password in NL80211_CMD_NEW_BEACON command for AP mode.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/drivers/driver.h | 8 ++++++++
src/drivers/driver_nl80211.c | 32 +++++++++++++++++++++++++++++++-
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 462e6f677..1159bc296 100644
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1471,6 +1471,14 @@ struct wpa_driver_ap_params {
* should be prepared to handle %NULL value as an error.
*/
const u8 *psk;
+
+ /**
+ * sae_password - Password for SAE authentication
+ *
+ * This value is made available only for WPA3-Personal (SAE) and only
+ * for drivers that set WPA_DRIVER_FLAGS_SAE_OFFLOAD.
+ */
+ const char *sae_password;
};
struct wpa_driver_mesh_bss_params {
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 4679c43d9..e94d084fc 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -4142,8 +4142,13 @@ static int wpa_driver_nl80211_set_ap(void *priv,
ver = 0;
if (params->wpa_version & WPA_PROTO_WPA)
ver |= NL80211_WPA_VERSION_1;
- if (params->wpa_version & WPA_PROTO_RSN)
+ if (params->wpa_version & WPA_PROTO_RSN) {
ver |= NL80211_WPA_VERSION_2;
+#ifdef CONFIG_SAE
+ if (params->key_mgmt_suites & WPA_KEY_MGMT_SAE)
+ ver |= NL80211_WPA_VERSION_3;
+#endif /* CONFIG_SAE */
+ }
if (ver &&
nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
goto fail;
@@ -4155,6 +4160,10 @@ static int wpa_driver_nl80211_set_ap(void *priv,
suites[num_suites++] = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)
suites[num_suites++] = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
+#ifdef CONFIG_SAE
+ if (params->key_mgmt_suites & WPA_KEY_MGMT_SAE)
+ suites[num_suites++] = RSN_AUTH_KEY_MGMT_SAE;
+#endif /* CONFIG_SAE */
if (num_suites &&
nla_put(msg, NL80211_ATTR_AKM_SUITES, num_suites * sizeof(u32),
suites))
@@ -4196,6 +4205,27 @@ static int wpa_driver_nl80211_set_ap(void *priv,
goto fail;
}
+#ifdef CONFIG_SAE
+ /* Add SAE password in case of SAE authentication offload */
+ if ((params->sae_password || params->passphrase) &&
+ (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) &&
+ (drv->capa.flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)) {
+ const char *password;
+ size_t pwd_len;
+
+ if (params->sae_password)
+ password = params->sae_password;
+ else
+ password = params->passphrase;
+
+ pwd_len = os_strlen(password);
+ wpa_hexdump_ascii_key(MSG_DEBUG, "nl80211: SAE password",
+ (u8 *) password, pwd_len);
+ if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password))
+ goto fail;
+ }
+#endif /* CONFIG_SAE */
+
if (params->ht_opmode != -1) {
switch (params->smps_mode) {
case HT_CAP_INFO_SMPS_DYNAMIC:
--
2.17.1

85
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch Normal file
View File

@ -0,0 +1,85 @@
From e03270a1aec0a480c3803b7b560bb199443172df Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Tue, 10 Dec 2019 14:06:20 -0600
Subject: [PATCH 13/20] SAE: Support SAE authentication offload in AP mode
Add support for SAE authentication offload in AP mode. In this case, the
SAE authentication process is handled by driver instead of user space.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/ap/beacon.c | 11 +++++++++++
src/ap/wpa_auth.h | 3 +++
src/ap/wpa_auth_glue.c | 4 ++++
src/ap/wpa_auth_ie.c | 4 +++-
4 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index 73b231ab1..ff179f559 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1386,6 +1386,17 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
params->psk = hapd->conf->ssid.wpa_psk->psk;
}
+#ifdef CONFIG_SAE
+ if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD) &&
+ (params->key_mgmt_suites & WPA_KEY_MGMT_SAE)) {
+ params->auth_algs |= WPA_AUTH_ALG_SAE;
+ if (hapd->conf->sae_passwords)
+ params->sae_password = hapd->conf->sae_passwords->password;
+ else if (hapd->conf->ssid.wpa_passphrase)
+ params->passphrase = hapd->conf->ssid.wpa_passphrase;
+ }
+#endif /* CONFIG_SAE */
+
return 0;
}
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index 82cb3f7ae..64eec2762 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -233,6 +233,9 @@ struct wpa_auth_config {
u8 fils_cache_id[FILS_CACHE_ID_LEN];
#endif /* CONFIG_FILS */
int psk_4way_hs_offload;
+#ifdef CONFIG_SAE
+ int sae_offload;
+#endif /* CONFIG_SAE */
};
typedef enum {
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 8d81fd785..d3eb7b49a 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1307,6 +1307,10 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
_conf.ap_mlme = 1;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)
_conf.psk_4way_hs_offload = 1;
+#ifdef CONFIG_SAE
+ if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)
+ _conf.sae_offload = 1;
+#endif /* CONFIG_SAE */
hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
if (hapd->wpa_auth == NULL) {
wpa_printf(MSG_ERROR, "WPA initialization failed.");
diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c
index 2e5c9160d..527fbba72 100644
--- a/src/ap/wpa_auth_ie.c
+++ b/src/ap/wpa_auth_ie.c
@@ -916,7 +916,9 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
}
#ifdef CONFIG_SAE
- if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
+ if (!wpa_auth->conf.psk_4way_hs_offload &&
+ !wpa_auth->conf.sae_offload &&
+ sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
!sm->pmksa) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
"No PMKSA cache entry found for SAE");
--
2.17.1

33
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch Normal file
View File

@ -0,0 +1,33 @@
From 17d64099a48c32e480c72f553215f7dbba30b753 Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Sun, 22 Dec 2019 20:21:54 -0600
Subject: [PATCH 14/20] P2P: Fix P2P authentication failure due to AP-mode
4-way handshake offload
Commit 6df8c5e8669d ("AP: Support 4-way handshake offload for
WPA/WPA2-PSK") offloaded the 4-way handshake in AP mode. P2P GO may not
support it so do not set the offload indication for the case.
Signed-off-by: Chung-Hsien Hsu <stanley.hsu@cypress.com>
---
src/ap/wpa_auth_glue.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index d3eb7b49a..ec883bdf2 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1305,7 +1305,8 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
_conf.tx_status = 1;
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
_conf.ap_mlme = 1;
- if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)
+ if (!hapd->conf->p2p &&
+ (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK))
_conf.psk_4way_hs_offload = 1;
#ifdef CONFIG_SAE
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)
--
2.17.1

75
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0015-AP-Silently-ignore-management-frame-from-unexpected-.patch Normal file
View File

@ -0,0 +1,75 @@
From a66cb7d9dede4dfccf0d1c2c70ee6837d5571aac Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 29 Aug 2019 11:52:04 +0300
Subject: [PATCH 15/20] AP: Silently ignore management frame from unexpected
source address
commit d86d66dc073bc21d3b12faf4112062ae00c1773f master.
Do not process any received Management frames with unexpected/invalid SA
so that we do not add any state for unexpected STA addresses or end up
sending out frames to unexpected destination. This prevents unexpected
sequences where an unprotected frame might end up causing the AP to send
out a response to another device and that other device processing the
unexpected response.
In particular, this prevents some potential denial of service cases
where the unexpected response frame from the AP might result in a
connected station dropping its association.
Signed-off-by: Jouni Malinen <j@w1.fi>
---
src/ap/drv_callbacks.c | 13 +++++++++++++
src/ap/ieee802_11.c | 12 ++++++++++++
2 files changed, 25 insertions(+)
diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c
index 31587685f..34ca379ed 100644
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
"hostapd_notif_assoc: Skip event with no address");
return -1;
}
+
+ if (is_multicast_ether_addr(addr) ||
+ is_zero_ether_addr(addr) ||
+ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
+ " in received indication - ignore this indication silently",
+ __func__, MAC2STR(addr));
+ return 0;
+ }
+
random_add_randomness(addr, ETH_ALEN);
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index c85a28db4..e7065372e 100644
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
fc = le_to_host16(mgmt->frame_control);
stype = WLAN_FC_GET_STYPE(fc);
+ if (is_multicast_ether_addr(mgmt->sa) ||
+ is_zero_ether_addr(mgmt->sa) ||
+ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
+ /* Do not process any frames with unexpected/invalid SA so that
+ * we do not add any state for unexpected STA addresses or end
+ * up sending out frames to unexpected destination. */
+ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
+ " in received frame - ignore this frame silently",
+ MAC2STR(mgmt->sa));
+ return 0;
+ }
+
if (stype == WLAN_FC_STYPE_BEACON) {
handle_beacon(hapd, mgmt, len, fi);
return 1;
--
2.17.1

31
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch Normal file
View File

@ -0,0 +1,31 @@
From 46f5b7c2fae8fbc0d49d34a38aaa6136cb4c99d8 Mon Sep 17 00:00:00 2001
From: Kurt Lee <kurt.lee@cypress.com>
Date: Mon, 18 May 2020 08:36:59 -0500
Subject: [PATCH 16/20] DPP: Do more condition test for AKM type DPP offload.
If supplicant recieves eapol frame with driver declared
WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK, supplicant will check AKM type
and process 4-way handshake if AKM type is not PSK.
Signed-off-by: Kurt Lee <kurt.lee@cypress.com>
---
wpa_supplicant/wpa_supplicant.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 2f91e1f0c..40c77627e 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -4313,7 +4313,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
return;
wpa_drv_poll(wpa_s);
- if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
+ if (!(wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
+ (wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)))
wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
/*
--
2.17.1

30
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0017-hostapd-Fix-PMF-connection-issue.patch Normal file
View File

@ -0,0 +1,30 @@
From 7131adafd30b06066d51e0af10249d2236c40a13 Mon Sep 17 00:00:00 2001
From: Ryohei Kondo <ryohei.kondo@cypress.com>
Date: Mon, 7 Sep 2020 13:05:16 +0900
Subject: [PATCH 17/20] hostapd: Fix PMF connection issue
STA with MFPR:False MFPC:True cannot connect with SoftAP configured with hostapd.
Change to allow wpa_key_mgmt=WPA-PSK-SHA256 to fix the issue.
Signed-off-by: Ryohei Kondo <ryohei.kondo@cypress.com>
---
src/ap/beacon.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ap/beacon.c b/src/ap/beacon.c
index ff179f559..c114537e5 100644
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1379,7 +1379,7 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd,
}
if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) &&
- (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)) {
+ (params->key_mgmt_suites & (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_PSK_SHA256))) {
if (hapd->conf->ssid.wpa_passphrase)
params->passphrase = hapd->conf->ssid.wpa_passphrase;
if (hapd->conf->ssid.wpa_psk->psk)
--
2.17.1

36
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch Normal file
View File

@ -0,0 +1,36 @@
From 71d764047bfc8c858fef6cc664458a33ccd93c6a Mon Sep 17 00:00:00 2001
From: Chung-Hsien Hsu <stanley.hsu@cypress.com>
Date: Wed, 16 Dec 2020 01:57:36 -0600
Subject: [PATCH 18/20] AP: Set Authenticator state properly for PSK 4-way
handshake offload
Setup Authenticator state machines to PTKINITDONE and configure state
variables properly while offloading 4-way handshake for WPA/WPA2-PSK.
Signed-off-by: Chung-Hsien Hsu <chung-hsien.hsu@infineon.com>
---
src/ap/wpa_auth.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index c64ca6688..9b9ae9f96 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -657,6 +657,14 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
"4-way handshake offloading for WPA/WPA2-PSK");
sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
sm->Pair = TRUE;
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_authorized, 1);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_portValid, 1);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_keyAvailable, 0);
+ wpa_auth_set_eapol(sm->wpa_auth, sm->addr,
+ WPA_EAPOL_keyDone, 1);
return 0;
}
--
2.17.1

150
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch Normal file
View File

@ -0,0 +1,150 @@
From d4a40e0f9a21ae728255eaf951817880a4eabab4 Mon Sep 17 00:00:00 2001
From: Kurt Lee <kurt.lee@cypress.com>
Date: Tue, 2 Feb 2021 21:39:27 -0600
Subject: [PATCH 19/20] defconfig: Set to Cypress default configuration
Change defconfig as Cypress default configuration
Signed-off-by: Kurt Lee <kurt.lee@cypress.com>
---
wpa_supplicant/defconfig | 40 +++++++++++++++++++++++++---------------
1 files changed, 41 insertions(+), 21 deletions(-)
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index cdfb1974d..48cbf03a0 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -109,7 +109,7 @@ CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
# EAP-FAST
-CONFIG_EAP_FAST=y
+#CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
@@ -137,10 +137,10 @@ CONFIG_EAP_OTP=y
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
-CONFIG_EAP_PWD=y
+#CONFIG_EAP_PWD=y
# EAP-PAX
-CONFIG_EAP_PAX=y
+#CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
@@ -156,15 +156,15 @@ CONFIG_EAP_LEAP=y
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
-CONFIG_EAP_SAKE=y
+#CONFIG_EAP_SAKE=y
# EAP-GPSK
-CONFIG_EAP_GPSK=y
+#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
-CONFIG_EAP_GPSK_SHA256=y
+#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
-CONFIG_EAP_TNC=y
+#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
@@ -177,7 +177,7 @@ CONFIG_WPS=y
#CONFIG_WPS_NFC=y
# EAP-IKEv2
-CONFIG_EAP_IKEV2=y
+#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
@@ -310,6 +310,9 @@ CONFIG_BACKEND=file
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
@@ -367,10 +370,10 @@ CONFIG_IEEE80211W=y
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
-CONFIG_CTRL_IFACE_DBUS_NEW=y
+#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
-CONFIG_CTRL_IFACE_DBUS_INTRO=y
+#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
@@ -400,7 +403,7 @@ CONFIG_IEEE80211R=y
CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
-CONFIG_DEBUG_SYSLOG=y
+#CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
@@ -482,6 +485,12 @@ CONFIG_IEEE80211N=y
# (depends on CONFIG_IEEE80211N)
CONFIG_IEEE80211AC=y
+# IEEE 802.11ax HE support (mainly for AP mode)
+# Note: This is experimental and work in progress. The definitions are still
+# subject to change and this should not be expected to interoperate with the
+# final IEEE 802.11ax version.
+CONFIG_IEEE80211AX=y
+
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
@@ -490,10 +499,10 @@ CONFIG_IEEE80211AC=y
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
-CONFIG_INTERWORKING=y
+#CONFIG_INTERWORKING=y
# Hotspot 2.0
-CONFIG_HS20=y
+#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
@@ -506,7 +515,7 @@ CONFIG_HS20=y
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
-CONFIG_AP=y
+#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
@@ -519,7 +528,7 @@ CONFIG_P2P=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
-CONFIG_WIFI_DISPLAY=y
+#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
@@ -613,3 +622,4 @@ CONFIG_BGSCAN_SIMPLE=y
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
CONFIG_DPP=y
+CONFIG_TESTING_OPTIONS=y
--
2.17.1

28
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0020-defconfig-enable-CONFIG_TLS_ADD_DL-for-DPP.patch Normal file
View File

@ -0,0 +1,28 @@
From 259f32b95c6ac1efdae74f2df53eb322ab8c71de Mon Sep 17 00:00:00 2001
From: Kurt Lee <kurt.lee@cypress.com>
Date: Mon, 8 Feb 2021 01:45:30 -0600
Subject: [PATCH 20/20] defconfig: enable CONFIG_TLS_ADD_DL for DPP
DPP feature has dependency on CONFIG_TLS_ADD_DL thus we should enable
it.
---
hostapd/defconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hostapd/defconfig b/hostapd/defconfig
index cd247832b..548feaaa4 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -285,7 +285,8 @@ CONFIG_DEBUG_FILE=y
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
-#CONFIG_TLS=openssl
+CONFIG_TLS=openssl
+CONFIG_TLS_ADD_DL=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
--
2.17.1

25
meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend
View File

@ -1,4 +1,4 @@
# Copyright (C) 2013-2021 Digi International.
# Copyright (C) 2013-2022 Digi International.
FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:"
@ -11,7 +11,30 @@ SRC_URI += " \
file://wpa_supplicant_p2p.conf \
"
MURATA_COMMON_PATCHES = " \
file://murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch;apply=yes \
file://murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch;apply=yes \
file://murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch;apply=yes \
file://murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch;apply=yes \
file://murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch;apply=yes \
file://murata/0006-nl80211-Check-SAE-authentication-offload-support.patch;apply=yes \
file://murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch;apply=yes \
file://murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch;apply=yes \
file://murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch;apply=yes \
file://murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch;apply=yes \
file://murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch;apply=yes \
file://murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch;apply=yes \
file://murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch;apply=yes \
file://murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch;apply=yes \
file://murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch;apply=yes \
file://murata/0017-hostapd-Fix-PMF-connection-issue.patch;apply=yes \
file://murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch;apply=yes \
file://murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch;apply=yes \
"
SRC_URI_append_ccimx6sbc = " file://wpa_supplicant_p2p.conf_atheros"
SRC_URI_append_ccmp1 = " ${MURATA_COMMON_PATCHES}"
SRC_URI_append_ccimx8mp = " ${MURATA_COMMON_PATCHES}"
do_install_append() {
install -m 600 ${WORKDIR}/wpa_supplicant_p2p.conf ${D}${sysconfdir}/wpa_supplicant_p2p.conf