From 20b9eb52553e705055ba0d33e063da3420b5e160 Mon Sep 17 00:00:00 2001 From: Arturo Buzarra Date: Mon, 9 May 2022 11:54:26 +0200 Subject: [PATCH] wpa_supplicant: add support to Murata wireless chips This patch series is based on the support software package "Infineon-cypress-fmac-v5.4.18-2021_0527" which is the latest based on Hostap v2.9. Signed-off-by: Arturo Buzarra --- ...upport-4-way-handshake-offload-for-F.patch | 30 +++ ...otify-Neighbor-Report-for-driver-tri.patch | 145 +++++++++++ ...connection-authorized-in-EVENT_ASSOC.patch | 43 +++ ...dd-PMKSA-cache-for-802.1X-4-way-hand.patch | 107 ++++++++ ...11-next.git-include-uapi-linux-nl802.patch | 244 ++++++++++++++++++ ...k-SAE-authentication-offload-support.patch | 45 ++++ ...sword-on-connect-for-SAE-authenticat.patch | 122 +++++++++ ...OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch | 31 +++ ...c-nl80211.h-for-PSK-4-way-HS-offload.patch | 110 ++++++++ ...4-way-handshake-offload-for-WPA-WPA2.patch | 110 ++++++++ ...y-handshake-offload-for-WPA-WPA2-PSK.patch | 109 ++++++++ ...SAE-authentication-offload-in-AP-mod.patch | 94 +++++++ ...AE-authentication-offload-in-AP-mode.patch | 85 ++++++ ...entication-failure-due-to-AP-mode-4-.patch | 33 +++ ...re-management-frame-from-unexpected-.patch | 75 ++++++ ...dition-test-for-AKM-type-DPP-offload.patch | 31 +++ ...017-hostapd-Fix-PMF-connection-issue.patch | 30 +++ ...ator-state-properly-for-PSK-4-way-ha.patch | 36 +++ ...Set-to-Cypress-default-configuration.patch | 150 +++++++++++ ...fig-enable-CONFIG_TLS_ADD_DL-for-DPP.patch | 28 ++ .../wpa-supplicant/wpa-supplicant_%.bbappend | 25 +- 21 files changed, 1682 insertions(+), 1 deletion(-) create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0006-nl80211-Check-SAE-authentication-offload-support.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0015-AP-Silently-ignore-management-frame-from-unexpected-.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0017-hostapd-Fix-PMF-connection-issue.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch create mode 100644 meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0020-defconfig-enable-CONFIG_TLS_ADD_DL-for-DPP.patch diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch new file mode 100644 index 000000000..4dc83c365 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch @@ -0,0 +1,30 @@ +From 6ce23de6fdd3fd610baa3aec65753b30804cefac Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 29 Oct 2019 11:32:11 +0800 +Subject: [PATCH 01/20] wpa_supplicant: Support 4-way handshake offload for + FT-EAP + +Add support of 4-way handshake offload for FT-EAP. + +Signed-off-by: Chung-Hsien Hsu +--- + wpa_supplicant/wpa_supplicant.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c +index 911d79d17..73e69ab8f 100644 +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -3228,7 +3228,8 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit) + (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X || + params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 || + params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B || +- params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)) ++ params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 || ++ params.key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X)) + params.req_handshake_offload = 1; + + if (wpa_s->conf->key_mgmt_offload) { +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch new file mode 100644 index 000000000..3f00c4c12 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch @@ -0,0 +1,145 @@ +From 69ffae75ad735b5236ac9425f36e6ede7b6fdb92 Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 29 Oct 2019 15:22:57 +0800 +Subject: [PATCH 02/20] wpa_supplicant: Notify Neighbor Report for + driver-triggered request + +Sending a Neighbor Report request can be triggered by either supplicant +or device driver. This patch adds the notification of incoming Neighbor +Report response for the driver-triggered request. + +Signed-off-by: Chung-Hsien Hsu +--- + wpa_supplicant/rrm.c | 100 +++++++++++++++++++++++++++++++++++-------- + 1 file changed, 83 insertions(+), 17 deletions(-) + +diff --git a/wpa_supplicant/rrm.c b/wpa_supplicant/rrm.c +index 8468b2f86..98efa856c 100644 +--- a/wpa_supplicant/rrm.c ++++ b/wpa_supplicant/rrm.c +@@ -52,6 +52,71 @@ void wpas_rrm_reset(struct wpa_supplicant *wpa_s) + wpas_clear_beacon_rep_data(wpa_s); + } + ++/* ++ * wpas_rrm_notify_neighbor_rep - Notify received neighbor report ++ * @wpa_s: Pointer to wpa_supplicant ++ * @neighbor_rep: Pointer to neighbor report elements ++ */ ++void wpas_rrm_notify_neighbor_rep(struct wpa_supplicant *wpa_s, ++ struct wpabuf *neighbor_rep) ++{ ++ size_t len; ++ const u8 *data; ++ ++ /* ++ * Neighbor Report element (IEEE Std 802.11-2016: 9.4.2.37) ++ * Element ID[1] ++ * Length[1] ++ * BSSID[6] ++ * BSSID Information[4] ++ * Operating Class[1] ++ * Channel Number[1] ++ * PHY Type[1] ++ * Optional Subelements[variable] ++ */ ++#define NR_IE_MIN_LEN (ETH_ALEN + 4 + 1 + 1 + 1) ++ ++ if (wpabuf_len(neighbor_rep) == 0) { ++ wpa_msg(wpa_s, MSG_INFO, RRM_EVENT_NEIGHBOR_REP_RXED ++ "No neighbors of the associated AP"); ++ goto out; ++ } ++ ++ data = wpabuf_head_u8(neighbor_rep); ++ len = wpabuf_len(neighbor_rep); ++ ++ while (len >= 2 + NR_IE_MIN_LEN) { ++ const u8 *nr; ++ u8 nr_len = data[1]; ++ const u8 *pos = data, *end; ++ ++ if ((pos[0] != WLAN_EID_NEIGHBOR_REPORT) || ++ (nr_len < NR_IE_MIN_LEN) || ++ (2U + nr_len > len)) { ++ wpa_printf(MSG_DEBUG, ++ "RRM: Invalid Neighbor Report element: " ++ "id=%u len=%zu nr_len=%u", ++ data[0], len, nr_len); ++ goto out; ++ } ++ ++ pos += 2; ++ end = pos + nr_len; ++ nr = pos; ++ ++ wpa_msg(wpa_s, MSG_INFO, RRM_EVENT_NEIGHBOR_REP_RXED ++ "bssid=" MACSTR ++ " info=0x%x op_class=%u chan=%u phy_type=%u", ++ MAC2STR(nr), WPA_GET_LE32(nr + ETH_ALEN), ++ nr[ETH_ALEN + 4], nr[ETH_ALEN + 5], nr[ETH_ALEN + 6]); ++ ++ data = end; ++ len -= 2 + nr_len; ++ } ++ ++out: ++ wpabuf_free(neighbor_rep); ++} + + /* + * wpas_rrm_process_neighbor_rep - Handle incoming neighbor report +@@ -68,19 +133,17 @@ void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s, + if (report_len < 1) + return; + +- if (report[0] != wpa_s->rrm.next_neighbor_rep_token - 1) { +- wpa_printf(MSG_DEBUG, +- "RRM: Discarding neighbor report with token %d (expected %d)", +- report[0], wpa_s->rrm.next_neighbor_rep_token - 1); +- return; +- } +- +- eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm, +- NULL); ++ if (wpa_s->rrm.notify_neighbor_rep) { ++ if (report[0] != wpa_s->rrm.next_neighbor_rep_token - 1) { ++ wpa_printf(MSG_DEBUG, ++ "RRM: Discarding neighbor report with token " ++ "%d (expected %d)", report[0], ++ wpa_s->rrm.next_neighbor_rep_token - 1); ++ return; ++ } + +- if (!wpa_s->rrm.notify_neighbor_rep) { +- wpa_printf(MSG_ERROR, "RRM: Unexpected neighbor report"); +- return; ++ eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, ++ &wpa_s->rrm, NULL); + } + + /* skipping the first byte, which is only an id (dialog token) */ +@@ -92,12 +155,15 @@ void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s, + wpabuf_put_data(neighbor_rep, report + 1, report_len - 1); + wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report (token = %d)", + report[0]); +- wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx, +- neighbor_rep); +- wpa_s->rrm.notify_neighbor_rep = NULL; +- wpa_s->rrm.neighbor_rep_cb_ctx = NULL; +-} + ++ if (wpa_s->rrm.notify_neighbor_rep) { ++ wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx, ++ neighbor_rep); ++ wpa_s->rrm.notify_neighbor_rep = NULL; ++ wpa_s->rrm.neighbor_rep_cb_ctx = NULL; ++ } else ++ wpas_rrm_notify_neighbor_rep(wpa_s, neighbor_rep); ++} + + #if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS) + /* Workaround different, undefined for Windows, error codes used here */ +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch new file mode 100644 index 000000000..3d12c679f --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch @@ -0,0 +1,43 @@ +From d1a1dfa41029ca67c93e360268c87330ff172b79 Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 29 Oct 2019 15:55:21 +0800 +Subject: [PATCH 03/20] nl80211: Report connection authorized in EVENT_ASSOC + +When roaming in a network that requires 802.1X authentication, device +driver could set the authorized flag if 4-way handshake offload or FT +offload is considered. + +This patch enables the report of connection authorized in EVENT_ASSOC to +indicate the requirement of 802.1X authentication. + +Signed-off-by: Chung-Hsien Hsu +--- + src/drivers/driver_nl80211_event.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c +index 7c1633066..cf9c72fbf 100644 +--- a/src/drivers/driver_nl80211_event.c ++++ b/src/drivers/driver_nl80211_event.c +@@ -422,7 +422,7 @@ static void mlme_event_connect(struct wpa_driver_nl80211_data *drv, + wpa_ssid_txt(drv->ssid, drv->ssid_len)); + } + +- if (authorized && nla_get_u8(authorized)) { ++ if (authorized && nla_get_flag(authorized)) { + event.assoc_info.authorized = 1; + wpa_printf(MSG_DEBUG, "nl80211: connection authorized"); + } +@@ -2529,7 +2529,8 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd, + tb[NL80211_ATTR_RESP_IE], + tb[NL80211_ATTR_TIMED_OUT], + tb[NL80211_ATTR_TIMEOUT_REASON], +- NULL, NULL, NULL, ++ tb[NL80211_ATTR_PORT_AUTHORIZED], ++ NULL, NULL, + tb[NL80211_ATTR_FILS_KEK], + NULL, + tb[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM], +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch new file mode 100644 index 000000000..89151cd08 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch @@ -0,0 +1,107 @@ +From 45be35df00f026bb14d176988d1593b1ea541e60 Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 29 Oct 2019 16:05:49 +0800 +Subject: [PATCH 04/20] wpa_supplicant: Add PMKSA cache for 802.1X 4-way + handshake + +Add PMKSA cache and set PMK to the driver for 802.1X 4-way handshake +offload. + +Signed-off-by: Chung-Hsien Hsu +--- + wpa_supplicant/wpas_glue.c | 59 +++++++++++++++++++++++--------------- + 1 file changed, 36 insertions(+), 23 deletions(-) + +diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c +index 62af7f6b1..3a63bc7ea 100644 +--- a/wpa_supplicant/wpas_glue.c ++++ b/wpa_supplicant/wpas_glue.c +@@ -12,6 +12,7 @@ + #include "eapol_supp/eapol_supp_sm.h" + #include "eap_peer/eap.h" + #include "rsn_supp/wpa.h" ++#include "rsn_supp/wpa_i.h" + #include "eloop.h" + #include "config.h" + #include "l2_packet/l2_packet.h" +@@ -272,6 +273,7 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, + void *ctx) + { + struct wpa_supplicant *wpa_s = ctx; ++ struct wpa_sm *sm = wpa_s->wpa; + int res, pmk_len; + u8 pmk[PMK_LEN]; + +@@ -306,35 +308,46 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, + "handshake"); + + pmk_len = PMK_LEN; +- if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) { ++ if (sm->cur_pmksa) { ++ pmk_len = sm->pmk_len; ++ os_memcpy(pmk, sm->pmk, pmk_len); ++ } else { ++ if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) { + #ifdef CONFIG_IEEE80211R +- u8 buf[2 * PMK_LEN]; +- wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for " +- "driver-based 4-way hs and FT"); +- res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN); +- if (res == 0) { +- os_memcpy(pmk, buf + PMK_LEN, PMK_LEN); +- os_memset(buf, 0, sizeof(buf)); +- } ++ u8 buf[2 * PMK_LEN]; ++ wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for " ++ "driver-based 4-way hs and FT"); ++ res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN); ++ if (res == 0) { ++ os_memcpy(pmk, buf + PMK_LEN, PMK_LEN); ++ os_memset(buf, 0, sizeof(buf)); ++ } + #else /* CONFIG_IEEE80211R */ +- res = -1; ++ res = -1; + #endif /* CONFIG_IEEE80211R */ +- } else { +- res = eapol_sm_get_key(eapol, pmk, PMK_LEN); ++ } else { ++ res = eapol_sm_get_key(eapol, pmk, PMK_LEN); ++ if (res) { ++ /* ++ * EAP-LEAP is an exception from other EAP ++ * methods: it uses only 16-byte PMK. ++ */ ++ res = eapol_sm_get_key(eapol, pmk, 16); ++ pmk_len = 16; ++ } ++ } ++ + if (res) { +- /* +- * EAP-LEAP is an exception from other EAP methods: it +- * uses only 16-byte PMK. +- */ +- res = eapol_sm_get_key(eapol, pmk, 16); +- pmk_len = 16; ++ wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL " ++ "state machines"); ++ return; + } +- } + +- if (res) { +- wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state " +- "machines"); +- return; ++ sm->pmk_len = pmk_len; ++ os_memcpy(sm->pmk, pmk, pmk_len); ++ pmksa_cache_add(sm->pmksa, pmk, pmk_len, NULL, NULL, 0, ++ sm->bssid, sm->own_addr, ++ sm->network_ctx, sm->key_mgmt, NULL); + } + + wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way " +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch new file mode 100644 index 000000000..2195f8eb9 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch @@ -0,0 +1,244 @@ +From 0a05505eff7c36f81e946eeaa79e8f50900365aa Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Tue, 10 Sep 2019 13:42:14 +0300 +Subject: [PATCH 05/20] Sync with mac80211-next.git + include/uapi/linux/nl80211.h + +commit 262b71eead4752b4f3f3285f2ee2041c5b115202 master. + +This brings in nl80211 definitions as of 2019-08-30. + +Signed-off-by: Jouni Malinen +--- + src/drivers/nl80211_copy.h | 91 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 88 insertions(+), 3 deletions(-) + +diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h +index 6f09d1500..beee59c83 100644 +--- a/src/drivers/nl80211_copy.h ++++ b/src/drivers/nl80211_copy.h +@@ -52,6 +52,11 @@ + #define NL80211_MULTICAST_GROUP_NAN "nan" + #define NL80211_MULTICAST_GROUP_TESTMODE "testmode" + ++#define NL80211_EDMG_BW_CONFIG_MIN 4 ++#define NL80211_EDMG_BW_CONFIG_MAX 15 ++#define NL80211_EDMG_CHANNELS_MIN 1 ++#define NL80211_EDMG_CHANNELS_MAX 0x3c /* 0b00111100 */ ++ + /** + * DOC: Station handling + * +@@ -234,6 +239,15 @@ + * use in a FILS shared key connection with PMKSA caching. + */ + ++/** ++ * DOC: SAE authentication offload ++ * ++ * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they ++ * support offloading SAE authentication for WPA3-Personal networks. In ++ * %NL80211_CMD_CONNECT the password for SAE should be specified using ++ * %NL80211_ATTR_SAE_PASSWORD. ++ */ ++ + /** + * enum nl80211_commands - supported nl80211 commands + * +@@ -648,7 +662,9 @@ + * is used during CSA period. + * @NL80211_CMD_FRAME_WAIT_CANCEL: When an off-channel TX was requested, this + * command may be used with the corresponding cookie to cancel the wait +- * time if it is known that it is no longer necessary. ++ * time if it is known that it is no longer necessary. This command is ++ * also sent as an event whenever the driver has completed the off-channel ++ * wait time. + * @NL80211_CMD_ACTION: Alias for @NL80211_CMD_FRAME for backward compatibility. + * @NL80211_CMD_FRAME_TX_STATUS: Report TX status of a management frame + * transmitted with %NL80211_CMD_FRAME. %NL80211_ATTR_COOKIE identifies +@@ -2341,6 +2357,22 @@ enum nl80211_commands { + * should be picking up the lowest tx power, either tx power per-interface + * or per-station. + * ++ * @NL80211_ATTR_SAE_PASSWORD: attribute for passing SAE password material. It ++ * is used with %NL80211_CMD_CONNECT to provide password for offloading ++ * SAE authentication for WPA3-Personal networks. ++ * ++ * @NL80211_ATTR_TWT_RESPONDER: Enable target wait time responder support. ++ * ++ * @NL80211_ATTR_HE_OBSS_PD: nested attribute for OBSS Packet Detection ++ * functionality. ++ * ++ * @NL80211_ATTR_WIPHY_EDMG_CHANNELS: bitmap that indicates the 2.16 GHz ++ * channel(s) that are allowed to be used for EDMG transmissions. ++ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251. (u8 attribute) ++ * @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG: Channel BW Configuration subfield encodes ++ * the allowed channel bandwidth configurations. (u8 attribute) ++ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251, Table 13. ++ * + * @NUM_NL80211_ATTR: total number of nl80211_attrs available + * @NL80211_ATTR_MAX: highest attribute number currently defined + * @__NL80211_ATTR_AFTER_LAST: internal use +@@ -2794,6 +2826,15 @@ enum nl80211_attrs { + NL80211_ATTR_STA_TX_POWER_SETTING, + NL80211_ATTR_STA_TX_POWER, + ++ NL80211_ATTR_SAE_PASSWORD, ++ ++ NL80211_ATTR_TWT_RESPONDER, ++ ++ NL80211_ATTR_HE_OBSS_PD, ++ ++ NL80211_ATTR_WIPHY_EDMG_CHANNELS, ++ NL80211_ATTR_WIPHY_EDMG_BW_CONFIG, ++ + /* add attributes here, update the policy in nl80211.c */ + + __NL80211_ATTR_AFTER_LAST, +@@ -2844,7 +2885,7 @@ enum nl80211_attrs { + #define NL80211_HT_CAPABILITY_LEN 26 + #define NL80211_VHT_CAPABILITY_LEN 12 + #define NL80211_HE_MIN_CAPABILITY_LEN 16 +-#define NL80211_HE_MAX_CAPABILITY_LEN 51 ++#define NL80211_HE_MAX_CAPABILITY_LEN 54 + #define NL80211_MAX_NR_CIPHER_SUITES 5 + #define NL80211_MAX_NR_AKM_SUITES 2 + +@@ -3175,6 +3216,8 @@ enum nl80211_sta_bss_param { + * sent to the station (u64, usec) + * @NL80211_STA_INFO_AIRTIME_WEIGHT: current airtime weight for station (u16) + * @NL80211_STA_INFO_AIRTIME_LINK_METRIC: airtime link metric for mesh station ++ * @NL80211_STA_INFO_ASSOC_AT_BOOTTIME: Timestamp (CLOCK_BOOTTIME, nanoseconds) ++ * of STA's association + * @__NL80211_STA_INFO_AFTER_LAST: internal + * @NL80211_STA_INFO_MAX: highest possible station info attribute + */ +@@ -3221,6 +3264,7 @@ enum nl80211_sta_info { + NL80211_STA_INFO_TX_DURATION, + NL80211_STA_INFO_AIRTIME_WEIGHT, + NL80211_STA_INFO_AIRTIME_LINK_METRIC, ++ NL80211_STA_INFO_ASSOC_AT_BOOTTIME, + + /* keep last */ + __NL80211_STA_INFO_AFTER_LAST, +@@ -3402,6 +3446,12 @@ enum nl80211_band_iftype_attr { + * @NL80211_BAND_ATTR_VHT_CAPA: VHT capabilities, as in the HT information IE + * @NL80211_BAND_ATTR_IFTYPE_DATA: nested array attribute, with each entry using + * attributes from &enum nl80211_band_iftype_attr ++ * @NL80211_BAND_ATTR_EDMG_CHANNELS: bitmap that indicates the 2.16 GHz ++ * channel(s) that are allowed to be used for EDMG transmissions. ++ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251. ++ * @NL80211_BAND_ATTR_EDMG_BW_CONFIG: Channel BW Configuration subfield encodes ++ * the allowed channel bandwidth configurations. ++ * Defined by IEEE P802.11ay/D4.0 section 9.4.2.251, Table 13. + * @NL80211_BAND_ATTR_MAX: highest band attribute currently defined + * @__NL80211_BAND_ATTR_AFTER_LAST: internal use + */ +@@ -3419,6 +3469,9 @@ enum nl80211_band_attr { + NL80211_BAND_ATTR_VHT_CAPA, + NL80211_BAND_ATTR_IFTYPE_DATA, + ++ NL80211_BAND_ATTR_EDMG_CHANNELS, ++ NL80211_BAND_ATTR_EDMG_BW_CONFIG, ++ + /* keep last */ + __NL80211_BAND_ATTR_AFTER_LAST, + NL80211_BAND_ATTR_MAX = __NL80211_BAND_ATTR_AFTER_LAST - 1 +@@ -3817,6 +3870,8 @@ enum nl80211_user_reg_hint_type { + * @NL80211_SURVEY_INFO_TIME_SCAN: time the radio spent for scan + * (on this channel or globally) + * @NL80211_SURVEY_INFO_PAD: attribute used for padding for 64-bit alignment ++ * @NL80211_SURVEY_INFO_TIME_BSS_RX: amount of time the radio spent ++ * receiving frames destined to the local BSS + * @NL80211_SURVEY_INFO_MAX: highest survey info attribute number + * currently defined + * @__NL80211_SURVEY_INFO_AFTER_LAST: internal use +@@ -3833,6 +3888,7 @@ enum nl80211_survey_info { + NL80211_SURVEY_INFO_TIME_TX, + NL80211_SURVEY_INFO_TIME_SCAN, + NL80211_SURVEY_INFO_PAD, ++ NL80211_SURVEY_INFO_TIME_BSS_RX, + + /* keep last */ + __NL80211_SURVEY_INFO_AFTER_LAST, +@@ -4406,6 +4462,7 @@ enum nl80211_mfp { + enum nl80211_wpa_versions { + NL80211_WPA_VERSION_1 = 1 << 0, + NL80211_WPA_VERSION_2 = 1 << 1, ++ NL80211_WPA_VERSION_3 = 1 << 2, + }; + + /** +@@ -4516,6 +4573,7 @@ enum nl80211_txrate_gi { + * @NL80211_BAND_2GHZ: 2.4 GHz ISM band + * @NL80211_BAND_5GHZ: around 5 GHz band (4.9 - 5.7 GHz) + * @NL80211_BAND_60GHZ: around 60 GHz band (58.32 - 69.12 GHz) ++ * @NL80211_BAND_6GHZ: around 6 GHz band (5.9 - 7.2 GHz) + * @NUM_NL80211_BANDS: number of bands, avoid using this in userspace + * since newer kernel versions may support more bands + */ +@@ -4523,6 +4581,7 @@ enum nl80211_band { + NL80211_BAND_2GHZ, + NL80211_BAND_5GHZ, + NL80211_BAND_60GHZ, ++ NL80211_BAND_6GHZ, + + NUM_NL80211_BANDS, + }; +@@ -5314,7 +5373,7 @@ enum nl80211_feature_flags { + NL80211_FEATURE_TDLS_CHANNEL_SWITCH = 1 << 28, + NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR = 1 << 29, + NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR = 1 << 30, +- NL80211_FEATURE_ND_RANDOM_MAC_ADDR = 1 << 31, ++ NL80211_FEATURE_ND_RANDOM_MAC_ADDR = 1U << 31, + }; + + /** +@@ -5422,6 +5481,9 @@ enum nl80211_feature_flags { + * @NL80211_EXT_FEATURE_STA_TX_PWR: This driver supports controlling tx power + * to a station. + * ++ * @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in ++ * station mode (SAE password is passed as part of the connect command). ++ * + * @NUM_NL80211_EXT_FEATURES: number of extended features. + * @MAX_NL80211_EXT_FEATURES: highest extended feature index. + */ +@@ -5466,6 +5528,7 @@ enum nl80211_ext_feature_index { + NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD, + NL80211_EXT_FEATURE_EXT_KEY_ID, + NL80211_EXT_FEATURE_STA_TX_PWR, ++ NL80211_EXT_FEATURE_SAE_OFFLOAD, + + /* add new features before the definition below */ + NUM_NL80211_EXT_FEATURES, +@@ -6464,4 +6527,26 @@ enum nl80211_peer_measurement_ftm_resp { + NL80211_PMSR_FTM_RESP_ATTR_MAX = NUM_NL80211_PMSR_FTM_RESP_ATTR - 1 + }; + ++/** ++ * enum nl80211_obss_pd_attributes - OBSS packet detection attributes ++ * @__NL80211_HE_OBSS_PD_ATTR_INVALID: Invalid ++ * ++ * @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET: the OBSS PD minimum tx power offset. ++ * @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET: the OBSS PD maximum tx power offset. ++ * ++ * @__NL80211_HE_OBSS_PD_ATTR_LAST: Internal ++ * @NL80211_HE_OBSS_PD_ATTR_MAX: highest OBSS PD attribute. ++ */ ++enum nl80211_obss_pd_attributes { ++ __NL80211_HE_OBSS_PD_ATTR_INVALID, ++ ++ NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET, ++ NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET, ++ ++ /* keep last */ ++ __NL80211_HE_OBSS_PD_ATTR_LAST, ++ NL80211_HE_OBSS_PD_ATTR_MAX = __NL80211_HE_OBSS_PD_ATTR_LAST - 1, ++}; ++ ++ + #endif /* __LINUX_NL80211_H */ +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0006-nl80211-Check-SAE-authentication-offload-support.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0006-nl80211-Check-SAE-authentication-offload-support.patch new file mode 100644 index 000000000..3ab89a2bd --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0006-nl80211-Check-SAE-authentication-offload-support.patch @@ -0,0 +1,45 @@ +From 52e388892a333c8366de69a2a09c00b86c60fadb Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 29 Oct 2019 17:13:27 +0800 +Subject: [PATCH 06/20] nl80211: Check SAE authentication offload support + +Set WPA_DRIVER_FLAGS_SAE_OFFLOAD flag if driver indicates SAE +authentication offload support. + +Signed-off-by: Chung-Hsien Hsu +--- + src/drivers/driver.h | 2 ++ + src/drivers/driver_nl80211_capa.c | 4 ++++ + 2 files changed, 6 insertions(+) + +diff --git a/src/drivers/driver.h b/src/drivers/driver.h +index 2a8459ae3..a9ea3d77c 100644 +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -1659,6 +1659,8 @@ struct wpa_driver_capa { + #define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL + /** Driver support 4-way handshake offload for WPA-Personal */ + #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL ++/** Driver takes care of SAE authentication internally */ ++#define WPA_DRIVER_FLAGS_SAE_OFFLOAD 0x0400000000000000ULL + u64 flags; + + #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ +diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c +index 8318b10ab..9aeddec22 100644 +--- a/src/drivers/driver_nl80211_capa.c ++++ b/src/drivers/driver_nl80211_capa.c +@@ -433,6 +433,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER)) + capa->flags |= WPA_DRIVER_FLAGS_FTM_RESPONDER; ++ ++ if (ext_feature_isset(ext_features, len, ++ NL80211_EXT_FEATURE_SAE_OFFLOAD)) ++ capa->flags |= WPA_DRIVER_FLAGS_SAE_OFFLOAD; + } + + +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch new file mode 100644 index 000000000..a2e1c4d6d --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch @@ -0,0 +1,122 @@ +From bce18a1340c4d27666182bf51648037b7db28065 Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 29 Oct 2019 17:22:18 +0800 +Subject: [PATCH 07/20] SAE: Pass SAE password on connect for SAE + authentication offload support + +Pass SAE password on connect if driver advertises SAE authentication +offload support. + +Signed-off-by: Chung-Hsien Hsu +--- + src/drivers/driver.h | 8 ++++++++ + src/drivers/driver_nl80211.c | 26 ++++++++++++++++++++++++-- + wpa_supplicant/wpa_supplicant.c | 15 ++++++++++++++- + 3 files changed, 46 insertions(+), 3 deletions(-) + +diff --git a/src/drivers/driver.h b/src/drivers/driver.h +index a9ea3d77c..ef47efe05 100644 +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -976,6 +976,14 @@ struct wpa_driver_associate_params { + */ + const u8 *psk; + ++ /** ++ * sae_password - Password for SAE authentication ++ * ++ * This value is made available only for WPA3-Personal (SAE) and only ++ * for drivers that set WPA_DRIVER_FLAGS_SAE_OFFLOAD. ++ */ ++ const char *sae_password; ++ + /** + * drop_unencrypted - Enable/disable unencrypted frame filtering + * +diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c +index 0a356eefd..bd804b7f0 100644 +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -5517,8 +5517,12 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, + + if (params->wpa_proto & WPA_PROTO_WPA) + ver |= NL80211_WPA_VERSION_1; +- if (params->wpa_proto & WPA_PROTO_RSN) +- ver |= NL80211_WPA_VERSION_2; ++ if (params->wpa_proto & WPA_PROTO_RSN) { ++ if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE) ++ ver |= NL80211_WPA_VERSION_3; ++ else ++ ver |= NL80211_WPA_VERSION_2; ++ } + + wpa_printf(MSG_DEBUG, " * WPA Versions 0x%x", ver); + if (nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver)) +@@ -5648,6 +5652,22 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv, + return -1; + } + ++ /* add SAE password in case of SAE authentication offload */ ++ if ((params->sae_password || params->passphrase) && ++ (drv->capa.flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)) { ++ const char *password; ++ size_t pwd_len; ++ ++ password = params->sae_password; ++ if (!password) ++ password = params->passphrase; ++ pwd_len = os_strlen(password); ++ wpa_hexdump_ascii_key(MSG_DEBUG, " * SAE password", ++ (u8 *) password, pwd_len); ++ if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password)) ++ return -1; ++ } ++ + if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT)) + return -1; + +@@ -5755,6 +5775,8 @@ static int wpa_driver_nl80211_try_connect( + algs++; + if (params->auth_alg & WPA_AUTH_ALG_FT) + algs++; ++ if (params->auth_alg & WPA_AUTH_ALG_SAE) ++ algs++; + if (algs > 1) { + wpa_printf(MSG_DEBUG, " * Leave out Auth Type for automatic " + "selection"); +diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c +index 73e69ab8f..2f91e1f0c 100644 +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -1407,7 +1407,8 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, + "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x", + ie.key_mgmt, ssid->key_mgmt, sel); + #ifdef CONFIG_SAE +- if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) ++ if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) && ++ !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)) + sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE); + #endif /* CONFIG_SAE */ + if (0) { +@@ -3250,6 +3251,18 @@ static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit) + params.psk = ssid->psk; + } + ++ if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD) && ++ wpa_key_mgmt_sae(params.key_mgmt_suite)) { ++ params.auth_alg = WPA_AUTH_ALG_SAE; ++ if (ssid->sae_password) ++ params.sae_password = ssid->sae_password; ++ else if (ssid->passphrase) ++ params.passphrase = ssid->passphrase; ++ ++ if (ssid->psk_set) ++ params.psk = ssid->psk; ++ } ++ + params.drop_unencrypted = use_crypt; + + #ifdef CONFIG_IEEE80211W +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch new file mode 100644 index 000000000..01ed85567 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch @@ -0,0 +1,31 @@ +From 8fabb3a2f5c8c1efb7c92a03079e760e88aa04aa Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Fri, 8 Nov 2019 13:23:05 -0600 +Subject: [PATCH 08/20] OpenSSL: Fix build with OpenSSL 1.0.1 + +The openssl_debug_dump_certificate_chains() implementation used +SSL_CERT_SET_FIRST and SSL_CERT_SET_NEXT, which were added in OpenSSL +1.0.2. Bypass this function to fix build failure with OpenSSL 1.0.1. + +Signed-off-by: Chung-Hsien Hsu +--- + src/crypto/tls_openssl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c +index 07d38e47b..a74af7bbf 100644 +--- a/src/crypto/tls_openssl.c ++++ b/src/crypto/tls_openssl.c +@@ -5201,7 +5201,8 @@ static void openssl_debug_dump_certificates(SSL_CTX *ssl_ctx) + + static void openssl_debug_dump_certificate_chains(SSL_CTX *ssl_ctx) + { +-#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(BORINGSSL_API_VERSION) ++#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(BORINGSSL_API_VERSION) && \ ++ OPENSSL_VERSION_NUMBER >= 0x10002000L + int res; + + for (res = SSL_CTX_set_current_cert(ssl_ctx, SSL_CERT_SET_FIRST); +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch new file mode 100644 index 000000000..56d1eb95b --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch @@ -0,0 +1,110 @@ +From ae98c14eb1e78ffaf2321e050a593f18ca67dae2 Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 10 Dec 2019 14:00:51 -0600 +Subject: [PATCH 09/20] non-upstream: Sync nl80211.h for PSK 4-way HS offload + support in AP mode + +This brings in nl80211 definition for WPA/WPA2-PSK 4-way handshake +offload support in AP mode. + +Signed-off-by: Chung-Hsien Hsu +--- + src/drivers/nl80211_copy.h | 51 +++++++++++++++++++++++++------------- + 1 file changed, 34 insertions(+), 17 deletions(-) + +diff --git a/src/drivers/nl80211_copy.h b/src/drivers/nl80211_copy.h +index beee59c83..1224f81c3 100644 +--- a/src/drivers/nl80211_copy.h ++++ b/src/drivers/nl80211_copy.h +@@ -183,18 +183,27 @@ + * + * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers + * can indicate they support offloading EAPOL handshakes for WPA/WPA2 +- * preshared key authentication. In %NL80211_CMD_CONNECT the preshared +- * key should be specified using %NL80211_ATTR_PMK. Drivers supporting +- * this offload may reject the %NL80211_CMD_CONNECT when no preshared +- * key material is provided, for example when that driver does not +- * support setting the temporal keys through %CMD_NEW_KEY. ++ * preshared key authentication in station mode. In %NL80211_CMD_CONNECT ++ * the preshared key should be specified using %NL80211_ATTR_PMK. Drivers ++ * supporting this offload may reject the %NL80211_CMD_CONNECT when no ++ * preshared key material is provided, for example when that driver does ++ * not support setting the temporal keys through %NL80211_CMD_NEW_KEY. + * + * Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be + * set by drivers indicating offload support of the PTK/GTK EAPOL +- * handshakes during 802.1X authentication. In order to use the offload +- * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS +- * attribute flag. Drivers supporting this offload may reject the +- * %NL80211_CMD_CONNECT when the attribute flag is not present. ++ * handshakes during 802.1X authentication in station mode. In order to ++ * use the offload the %NL80211_CMD_CONNECT should have ++ * %NL80211_ATTR_WANT_1X_4WAY_HS attribute flag. Drivers supporting this ++ * offload may reject the %NL80211_CMD_CONNECT when the attribute flag is ++ * not present. ++ * ++ * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK flag drivers ++ * can indicate they support offloading EAPOL handshakes for WPA/WPA2 ++ * preshared key authentication in AP mode. In %NL80211_CMD_START_AP ++ * the preshared key should be specified using %NL80211_ATTR_PMK. Drivers ++ * supporting this offload may reject the %NL80211_CMD_START_AP when no ++ * preshared key material is provided, for example when that driver does ++ * not support setting the temporal keys through %NL80211_CMD_NEW_KEY. + * + * For 802.1X the PMK or PMK-R0 are set by providing %NL80211_ATTR_PMK + * using %NL80211_CMD_SET_PMK. For offloaded FT support also +@@ -243,9 +252,10 @@ + * DOC: SAE authentication offload + * + * By setting @NL80211_EXT_FEATURE_SAE_OFFLOAD flag drivers can indicate they +- * support offloading SAE authentication for WPA3-Personal networks. In +- * %NL80211_CMD_CONNECT the password for SAE should be specified using +- * %NL80211_ATTR_SAE_PASSWORD. ++ * support offloading SAE authentication for WPA3-Personal networks. The ++ * password for SAE should be specified using %NL80211_ATTR_SAE_PASSWORD in ++ * %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP for station and AP mode ++ * respectively. + */ + + /** +@@ -2285,10 +2295,11 @@ enum nl80211_commands { + * + * @NL80211_ATTR_PMK: attribute for passing PMK key material. Used with + * %NL80211_CMD_SET_PMKSA for the PMKSA identified by %NL80211_ATTR_PMKID. +- * For %NL80211_CMD_CONNECT it is used to provide PSK for offloading 4-way +- * handshake for WPA/WPA2-PSK networks. For 802.1X authentication it is +- * used with %NL80211_CMD_SET_PMK. For offloaded FT support this attribute +- * specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME is included as well. ++ * For %NL80211_CMD_CONNECT and %NL80211_CMD_START_AP it is used to provide ++ * PSK for offloading 4-way handshake for WPA/WPA2-PSK networks. For 802.1X ++ * authentication it is used with %NL80211_CMD_SET_PMK. For offloaded FT ++ * support this attribute specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME ++ * is included as well. + * + * @NL80211_ATTR_SCHED_SCAN_MULTI: flag attribute which user-space shall use to + * indicate that it supports multiple active scheduled scan requests. +@@ -5482,7 +5493,12 @@ enum nl80211_feature_flags { + * to a station. + * + * @NL80211_EXT_FEATURE_SAE_OFFLOAD: Device wants to do SAE authentication in +- * station mode (SAE password is passed as part of the connect command). ++ * station mode (SAE password is passed as part of the connect command) ++ * or AP mode (SAE password is passed as part of the start AP command). ++ * ++ * @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK: Device wants to do 4-way ++ * handshake with PSK in AP mode (PSK is passed as part of the start AP ++ * command). + * + * @NUM_NL80211_EXT_FEATURES: number of extended features. + * @MAX_NL80211_EXT_FEATURES: highest extended feature index. +@@ -5529,6 +5545,7 @@ enum nl80211_ext_feature_index { + NL80211_EXT_FEATURE_EXT_KEY_ID, + NL80211_EXT_FEATURE_STA_TX_PWR, + NL80211_EXT_FEATURE_SAE_OFFLOAD, ++ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK, + + /* add new features before the definition below */ + NUM_NL80211_EXT_FEATURES, +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch new file mode 100644 index 000000000..5c7b52033 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch @@ -0,0 +1,110 @@ +From 1ea301a06353817680bc85abde6f2b684d37c16e Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 10 Dec 2019 14:02:39 -0600 +Subject: [PATCH 10/20] nl80211: Support 4-way handshake offload for + WPA/WPA2-PSK in AP mode + +If driver advertises support for WPA/WPA2-PSK 4-way handshake offload in +AP mode, set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK flag and pass PSK in +NL80211_CMD_NEW_BEACON command. + +Signed-off-by: Chung-Hsien Hsu +--- + src/drivers/driver.h | 29 ++++++++++++++++++++++++++--- + src/drivers/driver_nl80211.c | 8 ++++++++ + src/drivers/driver_nl80211_capa.c | 3 +++ + 3 files changed, 37 insertions(+), 3 deletions(-) + +diff --git a/src/drivers/driver.h b/src/drivers/driver.h +index ef47efe05..462e6f677 100644 +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -1450,6 +1450,27 @@ struct wpa_driver_ap_params { + * type 11 as defined in IEEE Std 802.11-2016, 9.4.2.22.13 + */ + const struct wpabuf *civic; ++ ++ /** ++ * passphrase - RSN passphrase for PSK ++ * ++ * This value is made available only for WPA/WPA2-Personal (PSK) and ++ * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK. ++ * This is the 8..63 character ASCII passphrase, if available. Please ++ * note that this can be %NULL if passphrase was not used to generate ++ * the PSK. In that case, the psk field must be used to fetch the PSK. ++ */ ++ const char *passphrase; ++ ++ /** ++ * psk - RSN PSK (alternative for passphrase for PSK) ++ * ++ * This value is made available only for WPA/WPA2-Personal (PSK) and ++ * only for drivers that set WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK. ++ * This is the 32-octet (256-bit) PSK, if available. The driver wrapper ++ * should be prepared to handle %NULL value as an error. ++ */ ++ const u8 *psk; + }; + + struct wpa_driver_mesh_bss_params { +@@ -1539,8 +1560,8 @@ struct wpa_driver_capa { + #define WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC 0x00000002 + /** Driver takes care of all DFS operations */ + #define WPA_DRIVER_FLAGS_DFS_OFFLOAD 0x00000004 +-/** Driver takes care of RSN 4-way handshake internally; PMK is configured with +- * struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */ ++/** Driver takes care of RSN 4-way handshake internally in station mode; PMK is ++ * configured with struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */ + #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X 0x00000008 + /** Driver is for a wired Ethernet interface */ + #define WPA_DRIVER_FLAGS_WIRED 0x00000010 +@@ -1665,10 +1686,12 @@ struct wpa_driver_capa { + #define WPA_DRIVER_FLAGS_SELF_MANAGED_REGULATORY 0x0080000000000000ULL + /** Driver supports FTM responder functionality */ + #define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL +-/** Driver support 4-way handshake offload for WPA-Personal */ ++/** Driver supports 4-way handshake offload for WPA-Personal in station mode*/ + #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL + /** Driver takes care of SAE authentication internally */ + #define WPA_DRIVER_FLAGS_SAE_OFFLOAD 0x0400000000000000ULL ++/** Driver supports 4-way handshake offload for WPA-Personal in AP mode */ ++#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK 0x0800000000000000ULL + u64 flags; + + #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ +diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c +index bd804b7f0..4679c43d9 100644 +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -4188,6 +4188,14 @@ static int wpa_driver_nl80211_set_ap(void *priv, + nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite)) + goto fail; + ++ /* Add PSK in case of 4-way handshake offload */ ++ if (params->psk && ++ (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)) { ++ wpa_hexdump_key(MSG_DEBUG, "nl80211: PSK", params->psk, 32); ++ if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk)) ++ goto fail; ++ } ++ + if (params->ht_opmode != -1) { + switch (params->smps_mode) { + case HT_CAP_INFO_SMPS_DYNAMIC: +diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c +index 9aeddec22..bd77a50ec 100644 +--- a/src/drivers/driver_nl80211_capa.c ++++ b/src/drivers/driver_nl80211_capa.c +@@ -408,6 +408,9 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X)) + capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X; ++ if (ext_feature_isset(ext_features, len, ++ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK)) ++ capa->flags |= WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK; + + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_MFP_OPTIONAL)) +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch new file mode 100644 index 000000000..dd617c178 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch @@ -0,0 +1,109 @@ +From 6df8c5e8669ddf2f0921b9c87a44e7d66b4e6d56 Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 10 Dec 2019 14:03:57 -0600 +Subject: [PATCH 11/20] AP: Support 4-way handshake offload for WPA/WPA2-PSK + +Add support for WPA/WPA2-PSK 4-way handshake offload in AP mode. In this +case, the 4-way handshake is handled by driver instead of user space. + +Signed-off-by: Chung-Hsien Hsu +--- + src/ap/beacon.c | 8 ++++++++ + src/ap/hostapd.c | 8 +++++++- + src/ap/wpa_auth.c | 8 ++++++++ + src/ap/wpa_auth.h | 1 + + src/ap/wpa_auth_glue.c | 2 ++ + 5 files changed, 26 insertions(+), 1 deletion(-) + +diff --git a/src/ap/beacon.c b/src/ap/beacon.c +index a51b94960..73b231ab1 100644 +--- a/src/ap/beacon.c ++++ b/src/ap/beacon.c +@@ -1378,6 +1378,14 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd, + } + } + ++ if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) && ++ (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)) { ++ if (hapd->conf->ssid.wpa_passphrase) ++ params->passphrase = hapd->conf->ssid.wpa_passphrase; ++ if (hapd->conf->ssid.wpa_psk->psk) ++ params->psk = hapd->conf->ssid.wpa_psk->psk; ++ } ++ + return 0; + } + +diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c +index bf1975fbd..f569e7661 100644 +--- a/src/ap/hostapd.c ++++ b/src/ap/hostapd.c +@@ -3049,6 +3049,8 @@ int hostapd_remove_iface(struct hapd_interfaces *interfaces, char *buf) + void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, + int reassoc) + { ++ int key_mgmt = wpa_auth_sta_key_mgmt(sta->wpa_sm); ++ + if (hapd->tkip_countermeasures) { + hostapd_drv_sta_deauth(hapd, sta->addr, + WLAN_REASON_MICHAEL_MIC_FAILURE); +@@ -3085,7 +3087,11 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, + /* Start IEEE 802.1X authentication process for new stations */ + ieee802_1x_new_station(hapd, sta); + if (reassoc) { +- if (sta->auth_alg != WLAN_AUTH_FT && ++ if ((hapd->iface->drv_flags & ++ WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) && ++ wpa_key_mgmt_wpa_psk(key_mgmt)) ++ wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm); ++ else if (sta->auth_alg != WLAN_AUTH_FT && + sta->auth_alg != WLAN_AUTH_FILS_SK && + sta->auth_alg != WLAN_AUTH_FILS_SK_PFS && + sta->auth_alg != WLAN_AUTH_FILS_PK && +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index c56077001..c64ca6688 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -652,6 +652,14 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, + } + #endif /* CONFIG_FILS */ + ++ if (wpa_auth->conf.psk_4way_hs_offload) { ++ wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, ++ "4-way handshake offloading for WPA/WPA2-PSK"); ++ sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; ++ sm->Pair = TRUE; ++ return 0; ++ } ++ + if (sm->started) { + os_memset(&sm->key_replay, 0, sizeof(sm->key_replay)); + sm->ReAuthenticationRequest = TRUE; +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index a348bc25a..82cb3f7ae 100644 +--- a/src/ap/wpa_auth.h ++++ b/src/ap/wpa_auth.h +@@ -232,6 +232,7 @@ struct wpa_auth_config { + unsigned int fils_cache_id_set:1; + u8 fils_cache_id[FILS_CACHE_ID_LEN]; + #endif /* CONFIG_FILS */ ++ int psk_4way_hs_offload; + }; + + typedef enum { +diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c +index 0800a8748..8d81fd785 100644 +--- a/src/ap/wpa_auth_glue.c ++++ b/src/ap/wpa_auth_glue.c +@@ -1305,6 +1305,8 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) + _conf.tx_status = 1; + if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME) + _conf.ap_mlme = 1; ++ if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) ++ _conf.psk_4way_hs_offload = 1; + hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd); + if (hapd->wpa_auth == NULL) { + wpa_printf(MSG_ERROR, "WPA initialization failed."); +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch new file mode 100644 index 000000000..ad9e5360f --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch @@ -0,0 +1,94 @@ +From e0162995700e44d7ec210f6ef2a5843286b06d02 Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 10 Dec 2019 14:05:16 -0600 +Subject: [PATCH 12/20] nl80211: Support SAE authentication offload in AP mode + +If driver advertises support for SAE authentication offload, pass SAE +password in NL80211_CMD_NEW_BEACON command for AP mode. + +Signed-off-by: Chung-Hsien Hsu +--- + src/drivers/driver.h | 8 ++++++++ + src/drivers/driver_nl80211.c | 32 +++++++++++++++++++++++++++++++- + 2 files changed, 39 insertions(+), 1 deletion(-) + +diff --git a/src/drivers/driver.h b/src/drivers/driver.h +index 462e6f677..1159bc296 100644 +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -1471,6 +1471,14 @@ struct wpa_driver_ap_params { + * should be prepared to handle %NULL value as an error. + */ + const u8 *psk; ++ ++ /** ++ * sae_password - Password for SAE authentication ++ * ++ * This value is made available only for WPA3-Personal (SAE) and only ++ * for drivers that set WPA_DRIVER_FLAGS_SAE_OFFLOAD. ++ */ ++ const char *sae_password; + }; + + struct wpa_driver_mesh_bss_params { +diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c +index 4679c43d9..e94d084fc 100644 +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -4142,8 +4142,13 @@ static int wpa_driver_nl80211_set_ap(void *priv, + ver = 0; + if (params->wpa_version & WPA_PROTO_WPA) + ver |= NL80211_WPA_VERSION_1; +- if (params->wpa_version & WPA_PROTO_RSN) ++ if (params->wpa_version & WPA_PROTO_RSN) { + ver |= NL80211_WPA_VERSION_2; ++#ifdef CONFIG_SAE ++ if (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) ++ ver |= NL80211_WPA_VERSION_3; ++#endif /* CONFIG_SAE */ ++ } + if (ver && + nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver)) + goto fail; +@@ -4155,6 +4160,10 @@ static int wpa_driver_nl80211_set_ap(void *priv, + suites[num_suites++] = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; + if (params->key_mgmt_suites & WPA_KEY_MGMT_PSK) + suites[num_suites++] = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; ++#ifdef CONFIG_SAE ++ if (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) ++ suites[num_suites++] = RSN_AUTH_KEY_MGMT_SAE; ++#endif /* CONFIG_SAE */ + if (num_suites && + nla_put(msg, NL80211_ATTR_AKM_SUITES, num_suites * sizeof(u32), + suites)) +@@ -4196,6 +4205,27 @@ static int wpa_driver_nl80211_set_ap(void *priv, + goto fail; + } + ++#ifdef CONFIG_SAE ++ /* Add SAE password in case of SAE authentication offload */ ++ if ((params->sae_password || params->passphrase) && ++ (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) && ++ (drv->capa.flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD)) { ++ const char *password; ++ size_t pwd_len; ++ ++ if (params->sae_password) ++ password = params->sae_password; ++ else ++ password = params->passphrase; ++ ++ pwd_len = os_strlen(password); ++ wpa_hexdump_ascii_key(MSG_DEBUG, "nl80211: SAE password", ++ (u8 *) password, pwd_len); ++ if (nla_put(msg, NL80211_ATTR_SAE_PASSWORD, pwd_len, password)) ++ goto fail; ++ } ++#endif /* CONFIG_SAE */ ++ + if (params->ht_opmode != -1) { + switch (params->smps_mode) { + case HT_CAP_INFO_SMPS_DYNAMIC: +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch new file mode 100644 index 000000000..71b8272e1 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch @@ -0,0 +1,85 @@ +From e03270a1aec0a480c3803b7b560bb199443172df Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Tue, 10 Dec 2019 14:06:20 -0600 +Subject: [PATCH 13/20] SAE: Support SAE authentication offload in AP mode + +Add support for SAE authentication offload in AP mode. In this case, the +SAE authentication process is handled by driver instead of user space. + +Signed-off-by: Chung-Hsien Hsu +--- + src/ap/beacon.c | 11 +++++++++++ + src/ap/wpa_auth.h | 3 +++ + src/ap/wpa_auth_glue.c | 4 ++++ + src/ap/wpa_auth_ie.c | 4 +++- + 4 files changed, 21 insertions(+), 1 deletion(-) + +diff --git a/src/ap/beacon.c b/src/ap/beacon.c +index 73b231ab1..ff179f559 100644 +--- a/src/ap/beacon.c ++++ b/src/ap/beacon.c +@@ -1386,6 +1386,17 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd, + params->psk = hapd->conf->ssid.wpa_psk->psk; + } + ++#ifdef CONFIG_SAE ++ if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD) && ++ (params->key_mgmt_suites & WPA_KEY_MGMT_SAE)) { ++ params->auth_algs |= WPA_AUTH_ALG_SAE; ++ if (hapd->conf->sae_passwords) ++ params->sae_password = hapd->conf->sae_passwords->password; ++ else if (hapd->conf->ssid.wpa_passphrase) ++ params->passphrase = hapd->conf->ssid.wpa_passphrase; ++ } ++#endif /* CONFIG_SAE */ ++ + return 0; + } + +diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h +index 82cb3f7ae..64eec2762 100644 +--- a/src/ap/wpa_auth.h ++++ b/src/ap/wpa_auth.h +@@ -233,6 +233,9 @@ struct wpa_auth_config { + u8 fils_cache_id[FILS_CACHE_ID_LEN]; + #endif /* CONFIG_FILS */ + int psk_4way_hs_offload; ++#ifdef CONFIG_SAE ++ int sae_offload; ++#endif /* CONFIG_SAE */ + }; + + typedef enum { +diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c +index 8d81fd785..d3eb7b49a 100644 +--- a/src/ap/wpa_auth_glue.c ++++ b/src/ap/wpa_auth_glue.c +@@ -1307,6 +1307,10 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) + _conf.ap_mlme = 1; + if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) + _conf.psk_4way_hs_offload = 1; ++#ifdef CONFIG_SAE ++ if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD) ++ _conf.sae_offload = 1; ++#endif /* CONFIG_SAE */ + hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd); + if (hapd->wpa_auth == NULL) { + wpa_printf(MSG_ERROR, "WPA initialization failed."); +diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c +index 2e5c9160d..527fbba72 100644 +--- a/src/ap/wpa_auth_ie.c ++++ b/src/ap/wpa_auth_ie.c +@@ -916,7 +916,9 @@ int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, + } + + #ifdef CONFIG_SAE +- if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid && ++ if (!wpa_auth->conf.psk_4way_hs_offload && ++ !wpa_auth->conf.sae_offload && ++ sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid && + !sm->pmksa) { + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, + "No PMKSA cache entry found for SAE"); +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch new file mode 100644 index 000000000..db14fb3ad --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch @@ -0,0 +1,33 @@ +From 17d64099a48c32e480c72f553215f7dbba30b753 Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Sun, 22 Dec 2019 20:21:54 -0600 +Subject: [PATCH 14/20] P2P: Fix P2P authentication failure due to AP-mode + 4-way handshake offload + +Commit 6df8c5e8669d ("AP: Support 4-way handshake offload for +WPA/WPA2-PSK") offloaded the 4-way handshake in AP mode. P2P GO may not +support it so do not set the offload indication for the case. + +Signed-off-by: Chung-Hsien Hsu + +--- + src/ap/wpa_auth_glue.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c +index d3eb7b49a..ec883bdf2 100644 +--- a/src/ap/wpa_auth_glue.c ++++ b/src/ap/wpa_auth_glue.c +@@ -1305,7 +1305,8 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) + _conf.tx_status = 1; + if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME) + _conf.ap_mlme = 1; +- if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) ++ if (!hapd->conf->p2p && ++ (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK)) + _conf.psk_4way_hs_offload = 1; + #ifdef CONFIG_SAE + if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAE_OFFLOAD) +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0015-AP-Silently-ignore-management-frame-from-unexpected-.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0015-AP-Silently-ignore-management-frame-from-unexpected-.patch new file mode 100644 index 000000000..b1a03f7e0 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0015-AP-Silently-ignore-management-frame-from-unexpected-.patch @@ -0,0 +1,75 @@ +From a66cb7d9dede4dfccf0d1c2c70ee6837d5571aac Mon Sep 17 00:00:00 2001 +From: Jouni Malinen +Date: Thu, 29 Aug 2019 11:52:04 +0300 +Subject: [PATCH 15/20] AP: Silently ignore management frame from unexpected + source address + +commit d86d66dc073bc21d3b12faf4112062ae00c1773f master. + +Do not process any received Management frames with unexpected/invalid SA +so that we do not add any state for unexpected STA addresses or end up +sending out frames to unexpected destination. This prevents unexpected +sequences where an unprotected frame might end up causing the AP to send +out a response to another device and that other device processing the +unexpected response. + +In particular, this prevents some potential denial of service cases +where the unexpected response frame from the AP might result in a +connected station dropping its association. + +Signed-off-by: Jouni Malinen +--- + src/ap/drv_callbacks.c | 13 +++++++++++++ + src/ap/ieee802_11.c | 12 ++++++++++++ + 2 files changed, 25 insertions(+) + +diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c +index 31587685f..34ca379ed 100644 +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -131,6 +131,19 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, + "hostapd_notif_assoc: Skip event with no address"); + return -1; + } ++ ++ if (is_multicast_ether_addr(addr) || ++ is_zero_ether_addr(addr) || ++ os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR ++ " in received indication - ignore this indication silently", ++ __func__, MAC2STR(addr)); ++ return 0; ++ } ++ + random_add_randomness(addr, ETH_ALEN); + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, +diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c +index c85a28db4..e7065372e 100644 +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -4626,6 +4626,18 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, + fc = le_to_host16(mgmt->frame_control); + stype = WLAN_FC_GET_STYPE(fc); + ++ if (is_multicast_ether_addr(mgmt->sa) || ++ is_zero_ether_addr(mgmt->sa) || ++ os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { ++ /* Do not process any frames with unexpected/invalid SA so that ++ * we do not add any state for unexpected STA addresses or end ++ * up sending out frames to unexpected destination. */ ++ wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR ++ " in received frame - ignore this frame silently", ++ MAC2STR(mgmt->sa)); ++ return 0; ++ } ++ + if (stype == WLAN_FC_STYPE_BEACON) { + handle_beacon(hapd, mgmt, len, fi); + return 1; +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch new file mode 100644 index 000000000..005857725 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch @@ -0,0 +1,31 @@ +From 46f5b7c2fae8fbc0d49d34a38aaa6136cb4c99d8 Mon Sep 17 00:00:00 2001 +From: Kurt Lee +Date: Mon, 18 May 2020 08:36:59 -0500 +Subject: [PATCH 16/20] DPP: Do more condition test for AKM type DPP offload. + +If supplicant recieves eapol frame with driver declared +WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK, supplicant will check AKM type +and process 4-way handshake if AKM type is not PSK. + +Signed-off-by: Kurt Lee +--- + wpa_supplicant/wpa_supplicant.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c +index 2f91e1f0c..40c77627e 100644 +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -4313,7 +4313,8 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, + eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0) + return; + wpa_drv_poll(wpa_s); +- if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)) ++ if (!(wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) && ++ (wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))) + wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len); + else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { + /* +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0017-hostapd-Fix-PMF-connection-issue.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0017-hostapd-Fix-PMF-connection-issue.patch new file mode 100644 index 000000000..dc8d0a438 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0017-hostapd-Fix-PMF-connection-issue.patch @@ -0,0 +1,30 @@ +From 7131adafd30b06066d51e0af10249d2236c40a13 Mon Sep 17 00:00:00 2001 +From: Ryohei Kondo +Date: Mon, 7 Sep 2020 13:05:16 +0900 +Subject: [PATCH 17/20] hostapd: Fix PMF connection issue + +STA with MFPR:False MFPC:True cannot connect with SoftAP configured with hostapd. +Change to allow wpa_key_mgmt=WPA-PSK-SHA256 to fix the issue. + + +Signed-off-by: Ryohei Kondo +--- + src/ap/beacon.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ap/beacon.c b/src/ap/beacon.c +index ff179f559..c114537e5 100644 +--- a/src/ap/beacon.c ++++ b/src/ap/beacon.c +@@ -1379,7 +1379,7 @@ int ieee802_11_build_ap_params(struct hostapd_data *hapd, + } + + if ((hapd->iface->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_AP_PSK) && +- (params->key_mgmt_suites & WPA_KEY_MGMT_PSK)) { ++ (params->key_mgmt_suites & (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_PSK_SHA256))) { + if (hapd->conf->ssid.wpa_passphrase) + params->passphrase = hapd->conf->ssid.wpa_passphrase; + if (hapd->conf->ssid.wpa_psk->psk) +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch new file mode 100644 index 000000000..017317b53 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch @@ -0,0 +1,36 @@ +From 71d764047bfc8c858fef6cc664458a33ccd93c6a Mon Sep 17 00:00:00 2001 +From: Chung-Hsien Hsu +Date: Wed, 16 Dec 2020 01:57:36 -0600 +Subject: [PATCH 18/20] AP: Set Authenticator state properly for PSK 4-way + handshake offload + +Setup Authenticator state machines to PTKINITDONE and configure state +variables properly while offloading 4-way handshake for WPA/WPA2-PSK. + +Signed-off-by: Chung-Hsien Hsu +--- + src/ap/wpa_auth.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c +index c64ca6688..9b9ae9f96 100644 +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -657,6 +657,14 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, + "4-way handshake offloading for WPA/WPA2-PSK"); + sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; + sm->Pair = TRUE; ++ wpa_auth_set_eapol(sm->wpa_auth, sm->addr, ++ WPA_EAPOL_authorized, 1); ++ wpa_auth_set_eapol(sm->wpa_auth, sm->addr, ++ WPA_EAPOL_portValid, 1); ++ wpa_auth_set_eapol(sm->wpa_auth, sm->addr, ++ WPA_EAPOL_keyAvailable, 0); ++ wpa_auth_set_eapol(sm->wpa_auth, sm->addr, ++ WPA_EAPOL_keyDone, 1); + return 0; + } + +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch new file mode 100644 index 000000000..ca1a57354 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch @@ -0,0 +1,150 @@ +From d4a40e0f9a21ae728255eaf951817880a4eabab4 Mon Sep 17 00:00:00 2001 +From: Kurt Lee +Date: Tue, 2 Feb 2021 21:39:27 -0600 +Subject: [PATCH 19/20] defconfig: Set to Cypress default configuration + +Change defconfig as Cypress default configuration +Signed-off-by: Kurt Lee +--- + wpa_supplicant/defconfig | 40 +++++++++++++++++++++++++--------------- + 1 files changed, 41 insertions(+), 21 deletions(-) + +diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig +index cdfb1974d..48cbf03a0 100644 +--- a/wpa_supplicant/defconfig ++++ b/wpa_supplicant/defconfig +@@ -109,7 +109,7 @@ CONFIG_EAP_PEAP=y + CONFIG_EAP_TTLS=y + + # EAP-FAST +-CONFIG_EAP_FAST=y ++#CONFIG_EAP_FAST=y + + # EAP-TEAP + # Note: The current EAP-TEAP implementation is experimental and should not be +@@ -137,10 +137,10 @@ CONFIG_EAP_OTP=y + #CONFIG_EAP_PSK=y + + # EAP-pwd (secure authentication using only a password) +-CONFIG_EAP_PWD=y ++#CONFIG_EAP_PWD=y + + # EAP-PAX +-CONFIG_EAP_PAX=y ++#CONFIG_EAP_PAX=y + + # LEAP + CONFIG_EAP_LEAP=y +@@ -156,15 +156,15 @@ CONFIG_EAP_LEAP=y + #CONFIG_USIM_SIMULATOR=y + + # EAP-SAKE +-CONFIG_EAP_SAKE=y ++#CONFIG_EAP_SAKE=y + + # EAP-GPSK +-CONFIG_EAP_GPSK=y ++#CONFIG_EAP_GPSK=y + # Include support for optional SHA256 cipher suite in EAP-GPSK +-CONFIG_EAP_GPSK_SHA256=y ++#CONFIG_EAP_GPSK_SHA256=y + + # EAP-TNC and related Trusted Network Connect support (experimental) +-CONFIG_EAP_TNC=y ++#CONFIG_EAP_TNC=y + + # Wi-Fi Protected Setup (WPS) + CONFIG_WPS=y +@@ -177,7 +177,7 @@ CONFIG_WPS=y + #CONFIG_WPS_NFC=y + + # EAP-IKEv2 +-CONFIG_EAP_IKEV2=y ++#CONFIG_EAP_IKEV2=y + + # EAP-EKE + #CONFIG_EAP_EKE=y +@@ -310,6 +310,9 @@ CONFIG_BACKEND=file + # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). + #CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y + ++# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) ++CONFIG_PEERKEY=y ++ + # IEEE 802.11w (management frame protection), also known as PMF + # Driver support is also needed for IEEE 802.11w. + CONFIG_IEEE80211W=y +@@ -367,10 +370,10 @@ CONFIG_IEEE80211W=y + + # Add support for new DBus control interface + # (fi.w1.hostap.wpa_supplicant1) +-CONFIG_CTRL_IFACE_DBUS_NEW=y ++#CONFIG_CTRL_IFACE_DBUS_NEW=y + + # Add introspection support for new DBus control interface +-CONFIG_CTRL_IFACE_DBUS_INTRO=y ++#CONFIG_CTRL_IFACE_DBUS_INTRO=y + + # Add support for loading EAP methods dynamically as shared libraries. + # When this option is enabled, each EAP method can be either included +@@ -400,7 +403,7 @@ CONFIG_IEEE80211R=y + CONFIG_DEBUG_FILE=y + + # Send debug messages to syslog instead of stdout +-CONFIG_DEBUG_SYSLOG=y ++#CONFIG_DEBUG_SYSLOG=y + # Set syslog facility for debug messages + #CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + +@@ -482,6 +485,12 @@ CONFIG_IEEE80211N=y + # (depends on CONFIG_IEEE80211N) + CONFIG_IEEE80211AC=y + ++# IEEE 802.11ax HE support (mainly for AP mode) ++# Note: This is experimental and work in progress. The definitions are still ++# subject to change and this should not be expected to interoperate with the ++# final IEEE 802.11ax version. ++CONFIG_IEEE80211AX=y ++ + # Wireless Network Management (IEEE Std 802.11v-2011) + # Note: This is experimental and not complete implementation. + #CONFIG_WNM=y +@@ -490,10 +499,10 @@ CONFIG_IEEE80211AC=y + # This can be used to enable functionality to improve interworking with + # external networks (GAS/ANQP to learn more about the networks and network + # selection based on available credentials). +-CONFIG_INTERWORKING=y ++#CONFIG_INTERWORKING=y + + # Hotspot 2.0 +-CONFIG_HS20=y ++#CONFIG_HS20=y + + # Enable interface matching in wpa_supplicant + #CONFIG_MATCH_IFACE=y +@@ -506,7 +515,7 @@ CONFIG_HS20=y + # should be noted that this is mainly aimed at simple cases like + # WPA2-Personal while more complex configurations like WPA2-Enterprise with an + # external RADIUS server can be supported with hostapd. +-CONFIG_AP=y ++#CONFIG_AP=y + + # P2P (Wi-Fi Direct) + # This can be used to enable P2P support in wpa_supplicant. See README-P2P for +@@ -519,7 +528,7 @@ CONFIG_P2P=y + # Wi-Fi Display + # This can be used to enable Wi-Fi Display extensions for P2P using an external + # program to control the additional information exchanges in the messages. +-CONFIG_WIFI_DISPLAY=y ++#CONFIG_WIFI_DISPLAY=y + + # Autoscan + # This can be used to enable automatic scan support in wpa_supplicant. +@@ -613,3 +622,4 @@ CONFIG_BGSCAN_SIMPLE=y + # This requires CONFIG_IEEE80211W=y to be enabled, too. (see + # wpa_supplicant/README-DPP for details) + CONFIG_DPP=y ++CONFIG_TESTING_OPTIONS=y +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0020-defconfig-enable-CONFIG_TLS_ADD_DL-for-DPP.patch b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0020-defconfig-enable-CONFIG_TLS_ADD_DL-for-DPP.patch new file mode 100644 index 000000000..911a92ed8 --- /dev/null +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant/murata/0020-defconfig-enable-CONFIG_TLS_ADD_DL-for-DPP.patch @@ -0,0 +1,28 @@ +From 259f32b95c6ac1efdae74f2df53eb322ab8c71de Mon Sep 17 00:00:00 2001 +From: Kurt Lee +Date: Mon, 8 Feb 2021 01:45:30 -0600 +Subject: [PATCH 20/20] defconfig: enable CONFIG_TLS_ADD_DL for DPP + +DPP feature has dependency on CONFIG_TLS_ADD_DL thus we should enable +it. +--- + hostapd/defconfig | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/hostapd/defconfig b/hostapd/defconfig +index cd247832b..548feaaa4 100644 +--- a/hostapd/defconfig ++++ b/hostapd/defconfig +@@ -285,7 +285,8 @@ CONFIG_DEBUG_FILE=y + # internal = Internal TLSv1 implementation (experimental) + # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) + # none = Empty template +-#CONFIG_TLS=openssl ++CONFIG_TLS=openssl ++CONFIG_TLS_ADD_DL=y + + # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) + # can be enabled to get a stronger construction of messages when block ciphers +-- +2.17.1 + diff --git a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend index d11f5531d..3df746486 100644 --- a/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend +++ b/meta-digi-dey/recipes-connectivity/wpa-supplicant/wpa-supplicant_%.bbappend @@ -1,4 +1,4 @@ -# Copyright (C) 2013-2021 Digi International. +# Copyright (C) 2013-2022 Digi International. FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" @@ -11,7 +11,30 @@ SRC_URI += " \ file://wpa_supplicant_p2p.conf \ " +MURATA_COMMON_PATCHES = " \ + file://murata/0001-wpa_supplicant-Support-4-way-handshake-offload-for-F.patch;apply=yes \ + file://murata/0002-wpa_supplicant-Notify-Neighbor-Report-for-driver-tri.patch;apply=yes \ + file://murata/0003-nl80211-Report-connection-authorized-in-EVENT_ASSOC.patch;apply=yes \ + file://murata/0004-wpa_supplicant-Add-PMKSA-cache-for-802.1X-4-way-hand.patch;apply=yes \ + file://murata/0005-Sync-with-mac80211-next.git-include-uapi-linux-nl802.patch;apply=yes \ + file://murata/0006-nl80211-Check-SAE-authentication-offload-support.patch;apply=yes \ + file://murata/0007-SAE-Pass-SAE-password-on-connect-for-SAE-authenticat.patch;apply=yes \ + file://murata/0008-OpenSSL-Fix-build-with-OpenSSL-1.0.1.patch;apply=yes \ + file://murata/0009-non-upstream-Sync-nl80211.h-for-PSK-4-way-HS-offload.patch;apply=yes \ + file://murata/0010-nl80211-Support-4-way-handshake-offload-for-WPA-WPA2.patch;apply=yes \ + file://murata/0011-AP-Support-4-way-handshake-offload-for-WPA-WPA2-PSK.patch;apply=yes \ + file://murata/0012-nl80211-Support-SAE-authentication-offload-in-AP-mod.patch;apply=yes \ + file://murata/0013-SAE-Support-SAE-authentication-offload-in-AP-mode.patch;apply=yes \ + file://murata/0014-P2P-Fix-P2P-authentication-failure-due-to-AP-mode-4-.patch;apply=yes \ + file://murata/0016-DPP-Do-more-condition-test-for-AKM-type-DPP-offload.patch;apply=yes \ + file://murata/0017-hostapd-Fix-PMF-connection-issue.patch;apply=yes \ + file://murata/0018-AP-Set-Authenticator-state-properly-for-PSK-4-way-ha.patch;apply=yes \ + file://murata/0019-wpa-supplicant-defconfig-Set-to-Cypress-default-configuration.patch;apply=yes \ +" + SRC_URI_append_ccimx6sbc = " file://wpa_supplicant_p2p.conf_atheros" +SRC_URI_append_ccmp1 = " ${MURATA_COMMON_PATCHES}" +SRC_URI_append_ccimx8mp = " ${MURATA_COMMON_PATCHES}" do_install_append() { install -m 600 ${WORKDIR}/wpa_supplicant_p2p.conf ${D}${sysconfdir}/wpa_supplicant_p2p.conf