projects / openwrt / svn-archive / archive.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
rpcd: iwinfo plugin fixes
[openwrt/svn-archive/archive.git] / package / kernel / mac80211 / patches / 344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch
1 From: Hante Meuleman <hante.meuleman@broadcom.com>
2 Date: Wed, 17 Feb 2016 11:27:10 +0100
3 Subject: [PATCH] brcmfmac: add 802.11w management frame protection support
4
5 Add full support for both AP and STA for management frame protection.
6
7 Reviewed-by: Arend Van Spriel <arend.van@broadcom.com>
8 Reviewed-by: Franky (Zhenhui) Lin <franky.lin@broadcom.com>
9 Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
10 Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com>
11 Signed-off-by: Arend van Spriel <arend@broadcom.com>
12 Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
13 ---
14
15 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
16 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
17 @@ -72,8 +72,13 @@
18 #define RSN_AKM_NONE 0 /* None (IBSS) */
19 #define RSN_AKM_UNSPECIFIED 1 /* Over 802.1x */
20 #define RSN_AKM_PSK 2 /* Pre-shared Key */
21 +#define RSN_AKM_SHA256_1X 5 /* SHA256, 802.1X */
22 +#define RSN_AKM_SHA256_PSK 6 /* SHA256, Pre-shared Key */
23 #define RSN_CAP_LEN 2 /* Length of RSN capabilities */
24 -#define RSN_CAP_PTK_REPLAY_CNTR_MASK 0x000C
25 +#define RSN_CAP_PTK_REPLAY_CNTR_MASK (BIT(2) | BIT(3))
26 +#define RSN_CAP_MFPR_MASK BIT(6)
27 +#define RSN_CAP_MFPC_MASK BIT(7)
28 +#define RSN_PMKID_COUNT_LEN 2
29
30 #define VNDR_IE_CMD_LEN 4 /* length of the set command
31 * string :"add", "del" (+ NUL)
32 @@ -211,12 +216,19 @@ static const struct ieee80211_regdomain
33 REG_RULE(5470-10, 5850+10, 80, 6, 20, 0), }
34 };
35
36 -static const u32 __wl_cipher_suites[] = {
37 +/* Note: brcmf_cipher_suites is an array of int defining which cipher suites
38 + * are supported. A pointer to this array and the number of entries is passed
39 + * on to upper layers. AES_CMAC defines whether or not the driver supports MFP.
40 + * So the cipher suite AES_CMAC has to be the last one in the array, and when
41 + * device does not support MFP then the number of suites will be decreased by 1
42 + */
43 +static const u32 brcmf_cipher_suites[] = {
44 WLAN_CIPHER_SUITE_WEP40,
45 WLAN_CIPHER_SUITE_WEP104,
46 WLAN_CIPHER_SUITE_TKIP,
47 WLAN_CIPHER_SUITE_CCMP,
48 - WLAN_CIPHER_SUITE_AES_CMAC,
49 + /* Keep as last entry: */
50 + WLAN_CIPHER_SUITE_AES_CMAC
51 };
52
53 /* Vendor specific ie. id = 221, oui and type defines exact ie */
54 @@ -1533,7 +1545,7 @@ static s32 brcmf_set_auth_type(struct ne
55
56 static s32
57 brcmf_set_wsec_mode(struct net_device *ndev,
58 - struct cfg80211_connect_params *sme, bool mfp)
59 + struct cfg80211_connect_params *sme)
60 {
61 struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
62 struct brcmf_cfg80211_security *sec;
63 @@ -1592,10 +1604,7 @@ brcmf_set_wsec_mode(struct net_device *n
64 sme->privacy)
65 pval = AES_ENABLED;
66
67 - if (mfp)
68 - wsec = pval | gval | MFP_CAPABLE;
69 - else
70 - wsec = pval | gval;
71 + wsec = pval | gval;
72 err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wsec", wsec);
73 if (err) {
74 brcmf_err("error (%d)\n", err);
75 @@ -1612,56 +1621,100 @@ brcmf_set_wsec_mode(struct net_device *n
76 static s32
77 brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme)
78 {
79 - struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
80 - struct brcmf_cfg80211_security *sec;
81 - s32 val = 0;
82 - s32 err = 0;
83 + struct brcmf_if *ifp = netdev_priv(ndev);
84 + s32 val;
85 + s32 err;
86 + const struct brcmf_tlv *rsn_ie;
87 + const u8 *ie;
88 + u32 ie_len;
89 + u32 offset;
90 + u16 rsn_cap;
91 + u32 mfp;
92 + u16 count;
93
94 - if (sme->crypto.n_akm_suites) {
95 - err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev),
96 - "wpa_auth", &val);
97 - if (err) {
98 - brcmf_err("could not get wpa_auth (%d)\n", err);
99 - return err;
100 + if (!sme->crypto.n_akm_suites)
101 + return 0;
102 +
103 + err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), "wpa_auth", &val);
104 + if (err) {
105 + brcmf_err("could not get wpa_auth (%d)\n", err);
106 + return err;
107 + }
108 + if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
109 + switch (sme->crypto.akm_suites[0]) {
110 + case WLAN_AKM_SUITE_8021X:
111 + val = WPA_AUTH_UNSPECIFIED;
112 + break;
113 + case WLAN_AKM_SUITE_PSK:
114 + val = WPA_AUTH_PSK;
115 + break;
116 + default:
117 + brcmf_err("invalid cipher group (%d)\n",
118 + sme->crypto.cipher_group);
119 + return -EINVAL;
120 }
121 - if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
122 - switch (sme->crypto.akm_suites[0]) {
123 - case WLAN_AKM_SUITE_8021X:
124 - val = WPA_AUTH_UNSPECIFIED;
125 - break;
126 - case WLAN_AKM_SUITE_PSK:
127 - val = WPA_AUTH_PSK;
128 - break;
129 - default:
130 - brcmf_err("invalid cipher group (%d)\n",
131 - sme->crypto.cipher_group);
132 - return -EINVAL;
133 - }
134 - } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
135 - switch (sme->crypto.akm_suites[0]) {
136 - case WLAN_AKM_SUITE_8021X:
137 - val = WPA2_AUTH_UNSPECIFIED;
138 - break;
139 - case WLAN_AKM_SUITE_PSK:
140 - val = WPA2_AUTH_PSK;
141 - break;
142 - default:
143 - brcmf_err("invalid cipher group (%d)\n",
144 - sme->crypto.cipher_group);
145 - return -EINVAL;
146 - }
147 + } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
148 + switch (sme->crypto.akm_suites[0]) {
149 + case WLAN_AKM_SUITE_8021X:
150 + val = WPA2_AUTH_UNSPECIFIED;
151 + break;
152 + case WLAN_AKM_SUITE_8021X_SHA256:
153 + val = WPA2_AUTH_1X_SHA256;
154 + break;
155 + case WLAN_AKM_SUITE_PSK_SHA256:
156 + val = WPA2_AUTH_PSK_SHA256;
157 + break;
158 + case WLAN_AKM_SUITE_PSK:
159 + val = WPA2_AUTH_PSK;
160 + break;
161 + default:
162 + brcmf_err("invalid cipher group (%d)\n",
163 + sme->crypto.cipher_group);
164 + return -EINVAL;
165 }
166 + }
167
168 - brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
169 - err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev),
170 - "wpa_auth", val);
171 - if (err) {
172 - brcmf_err("could not set wpa_auth (%d)\n", err);
173 - return err;
174 - }
175 + if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
176 + goto skip_mfp_config;
177 + /* The MFP mode (1 or 2) needs to be determined, parse IEs. The
178 + * IE will not be verified, just a quick search for MFP config
179 + */
180 + rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie, sme->ie_len,
181 + WLAN_EID_RSN);
182 + if (!rsn_ie)
183 + goto skip_mfp_config;
184 + ie = (const u8 *)rsn_ie;
185 + ie_len = rsn_ie->len + TLV_HDR_LEN;
186 + /* Skip unicast suite */
187 + offset = TLV_HDR_LEN + WPA_IE_VERSION_LEN + WPA_IE_MIN_OUI_LEN;
188 + if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
189 + goto skip_mfp_config;
190 + /* Skip multicast suite */
191 + count = ie[offset] + (ie[offset + 1] << 8);
192 + offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
193 + if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
194 + goto skip_mfp_config;
195 + /* Skip auth key management suite(s) */
196 + count = ie[offset] + (ie[offset + 1] << 8);
197 + offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
198 + if (offset + WPA_IE_SUITE_COUNT_LEN > ie_len)
199 + goto skip_mfp_config;
200 + /* Ready to read capabilities */
201 + mfp = BRCMF_MFP_NONE;
202 + rsn_cap = ie[offset] + (ie[offset + 1] << 8);
203 + if (rsn_cap & RSN_CAP_MFPR_MASK)
204 + mfp = BRCMF_MFP_REQUIRED;
205 + else if (rsn_cap & RSN_CAP_MFPC_MASK)
206 + mfp = BRCMF_MFP_CAPABLE;
207 + brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "mfp", mfp);
208 +
209 +skip_mfp_config:
210 + brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
211 + err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val);
212 + if (err) {
213 + brcmf_err("could not set wpa_auth (%d)\n", err);
214 + return err;
215 }
216 - sec = &profile->sec;
217 - sec->wpa_auth = sme->crypto.akm_suites[0];
218
219 return err;
220 }
221 @@ -1827,7 +1880,7 @@ brcmf_cfg80211_connect(struct wiphy *wip
222 goto done;
223 }
224
225 - err = brcmf_set_wsec_mode(ndev, sme, sme->mfp == NL80211_MFP_REQUIRED);
226 + err = brcmf_set_wsec_mode(ndev, sme);
227 if (err) {
228 brcmf_err("wl_set_set_cipher failed (%d)\n", err);
229 goto done;
230 @@ -2077,10 +2130,12 @@ brcmf_cfg80211_del_key(struct wiphy *wip
231 u8 key_idx, bool pairwise, const u8 *mac_addr)
232 {
233 struct brcmf_if *ifp = netdev_priv(ndev);
234 - struct brcmf_wsec_key key;
235 - s32 err = 0;
236 + struct brcmf_wsec_key *key;
237 + s32 err;
238
239 brcmf_dbg(TRACE, "Enter\n");
240 + brcmf_dbg(CONN, "key index (%d)\n", key_idx);
241 +
242 if (!check_vif_up(ifp->vif))
243 return -EIO;
244
245 @@ -2089,16 +2144,19 @@ brcmf_cfg80211_del_key(struct wiphy *wip
246 return -EINVAL;
247 }
248
249 - memset(&key, 0, sizeof(key));
250 + key = &ifp->vif->profile.key[key_idx];
251
252 - key.index = (u32)key_idx;
253 - key.flags = BRCMF_PRIMARY_KEY;
254 - key.algo = CRYPTO_ALGO_OFF;
255 + if (key->algo == CRYPTO_ALGO_OFF) {
256 + brcmf_dbg(CONN, "Ignore clearing of (never configured) key\n");
257 + return -EINVAL;
258 + }
259
260 - brcmf_dbg(CONN, "key index (%d)\n", key_idx);
261 + memset(key, 0, sizeof(*key));
262 + key->index = (u32)key_idx;
263 + key->flags = BRCMF_PRIMARY_KEY;
264
265 - /* Set the new key/index */
266 - err = send_key_to_dongle(ifp, &key);
267 + /* Clear the key/index */
268 + err = send_key_to_dongle(ifp, key);
269
270 brcmf_dbg(TRACE, "Exit\n");
271 return err;
272 @@ -2106,8 +2164,8 @@ brcmf_cfg80211_del_key(struct wiphy *wip
273
274 static s32
275 brcmf_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
276 - u8 key_idx, bool pairwise, const u8 *mac_addr,
277 - struct key_params *params)
278 + u8 key_idx, bool pairwise, const u8 *mac_addr,
279 + struct key_params *params)
280 {
281 struct brcmf_if *ifp = netdev_priv(ndev);
282 struct brcmf_wsec_key *key;
283 @@ -2214,9 +2272,10 @@ done:
284 }
285
286 static s32
287 -brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev,
288 - u8 key_idx, bool pairwise, const u8 *mac_addr, void *cookie,
289 - void (*callback) (void *cookie, struct key_params * params))
290 +brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, u8 key_idx,
291 + bool pairwise, const u8 *mac_addr, void *cookie,
292 + void (*callback)(void *cookie,
293 + struct key_params *params))
294 {
295 struct key_params params;
296 struct brcmf_if *ifp = netdev_priv(ndev);
297 @@ -2268,8 +2327,15 @@ done:
298
299 static s32
300 brcmf_cfg80211_config_default_mgmt_key(struct wiphy *wiphy,
301 - struct net_device *ndev, u8 key_idx)
302 + struct net_device *ndev, u8 key_idx)
303 {
304 + struct brcmf_if *ifp = netdev_priv(ndev);
305 +
306 + brcmf_dbg(TRACE, "Enter key_idx %d\n", key_idx);
307 +
308 + if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
309 + return 0;
310 +
311 brcmf_dbg(INFO, "Not supported\n");
312
313 return -EOPNOTSUPP;
314 @@ -3769,7 +3835,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
315 u32 auth = 0; /* d11 open authentication */
316 u16 count;
317 s32 err = 0;
318 - s32 len = 0;
319 + s32 len;
320 u32 i;
321 u32 wsec;
322 u32 pval = 0;
323 @@ -3779,6 +3845,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
324 u8 *data;
325 u16 rsn_cap;
326 u32 wme_bss_disable;
327 + u32 mfp;
328
329 brcmf_dbg(TRACE, "Enter\n");
330 if (wpa_ie == NULL)
331 @@ -3893,19 +3960,53 @@ brcmf_configure_wpaie(struct brcmf_if *i
332 is_rsn_ie ? (wpa_auth |= WPA2_AUTH_PSK) :
333 (wpa_auth |= WPA_AUTH_PSK);
334 break;
335 + case RSN_AKM_SHA256_PSK:
336 + brcmf_dbg(TRACE, "RSN_AKM_MFP_PSK\n");
337 + wpa_auth |= WPA2_AUTH_PSK_SHA256;
338 + break;
339 + case RSN_AKM_SHA256_1X:
340 + brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n");
341 + wpa_auth |= WPA2_AUTH_1X_SHA256;
342 + break;
343 default:
344 brcmf_err("Ivalid key mgmt info\n");
345 }
346 offset++;
347 }
348
349 + mfp = BRCMF_MFP_NONE;
350 if (is_rsn_ie) {
351 wme_bss_disable = 1;
352 if ((offset + RSN_CAP_LEN) <= len) {
353 rsn_cap = data[offset] + (data[offset + 1] << 8);
354 if (rsn_cap & RSN_CAP_PTK_REPLAY_CNTR_MASK)
355 wme_bss_disable = 0;
356 + if (rsn_cap & RSN_CAP_MFPR_MASK) {
357 + brcmf_dbg(TRACE, "MFP Required\n");
358 + mfp = BRCMF_MFP_REQUIRED;
359 + /* Firmware only supports mfp required in
360 + * combination with WPA2_AUTH_PSK_SHA256 or
361 + * WPA2_AUTH_1X_SHA256.
362 + */
363 + if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 |
364 + WPA2_AUTH_1X_SHA256))) {
365 + err = -EINVAL;
366 + goto exit;
367 + }
368 + /* Firmware has requirement that WPA2_AUTH_PSK/
369 + * WPA2_AUTH_UNSPECIFIED be set, if SHA256 OUI
370 + * is to be included in the rsn ie.
371 + */
372 + if (wpa_auth & WPA2_AUTH_PSK_SHA256)
373 + wpa_auth |= WPA2_AUTH_PSK;
374 + else if (wpa_auth & WPA2_AUTH_1X_SHA256)
375 + wpa_auth |= WPA2_AUTH_UNSPECIFIED;
376 + } else if (rsn_cap & RSN_CAP_MFPC_MASK) {
377 + brcmf_dbg(TRACE, "MFP Capable\n");
378 + mfp = BRCMF_MFP_CAPABLE;
379 + }
380 }
381 + offset += RSN_CAP_LEN;
382 /* set wme_bss_disable to sync RSN Capabilities */
383 err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable",
384 wme_bss_disable);
385 @@ -3913,6 +4014,21 @@ brcmf_configure_wpaie(struct brcmf_if *i
386 brcmf_err("wme_bss_disable error %d\n", err);
387 goto exit;
388 }
389 +
390 + /* Skip PMKID cnt as it is know to be 0 for AP. */
391 + offset += RSN_PMKID_COUNT_LEN;
392 +
393 + /* See if there is BIP wpa suite left for MFP */
394 + if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP) &&
395 + ((offset + WPA_IE_MIN_OUI_LEN) <= len)) {
396 + err = brcmf_fil_bsscfg_data_set(ifp, "bip",
397 + &data[offset],
398 + WPA_IE_MIN_OUI_LEN);
399 + if (err < 0) {
400 + brcmf_err("bip error %d\n", err);
401 + goto exit;
402 + }
403 + }
404 }
405 /* FOR WPS , set SES_OW_ENABLED */
406 wsec = (pval | gval | SES_OW_ENABLED);
407 @@ -3929,6 +4045,16 @@ brcmf_configure_wpaie(struct brcmf_if *i
408 brcmf_err("wsec error %d\n", err);
409 goto exit;
410 }
411 + /* Configure MFP, this needs to go after wsec otherwise the wsec command
412 + * will overwrite the values set by MFP
413 + */
414 + if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) {
415 + err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp);
416 + if (err < 0) {
417 + brcmf_err("mfp error %d\n", err);
418 + goto exit;
419 + }
420 + }
421 /* set upper-layer auth */
422 err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_auth);
423 if (err < 0) {
424 @@ -6149,8 +6275,10 @@ static int brcmf_setup_wiphy(struct wiph
425 wiphy->n_addresses = i;
426
427 wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
428 - wiphy->cipher_suites = __wl_cipher_suites;
429 - wiphy->n_cipher_suites = ARRAY_SIZE(__wl_cipher_suites);
430 + wiphy->cipher_suites = brcmf_cipher_suites;
431 + wiphy->n_cipher_suites = ARRAY_SIZE(brcmf_cipher_suites);
432 + if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
433 + wiphy->n_cipher_suites--;
434 wiphy->flags |= WIPHY_FLAG_PS_ON_BY_DEFAULT |
435 WIPHY_FLAG_OFFCHAN_TX |
436 WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
437 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
438 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
439 @@ -72,7 +72,7 @@
440
441 #define BRCMF_VNDR_IE_P2PAF_SHIFT 12
442
443 -#define BRCMF_MAX_DEFAULT_KEYS 4
444 +#define BRCMF_MAX_DEFAULT_KEYS 6
445
446 /* beacon loss timeout defaults */
447 #define BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON 2
448 @@ -107,7 +107,6 @@ struct brcmf_cfg80211_security {
449 u32 auth_type;
450 u32 cipher_pairwise;
451 u32 cipher_group;
452 - u32 wpa_auth;
453 };
454
455 /**
456 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
457 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
458 @@ -161,6 +161,7 @@ void brcmf_feat_attach(struct brcmf_pub
459 ifp->drvr->feat_flags &= ~BIT(BRCMF_FEAT_MBSS);
460 brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_RSDB, "rsdb_mode");
461 brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_TDLS, "tdls_enable");
462 + brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_MFP, "mfp");
463
464 pfn_mac.version = BRCMF_PFN_MACADDR_CFG_VER;
465 err = brcmf_fil_iovar_data_get(ifp, "pfn_macaddr", &pfn_mac,
466 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h
467 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h
468 @@ -30,6 +30,7 @@
469 * WOWL_ND: WOWL net detect (PNO)
470 * WOWL_GTK: (WOWL) GTK rekeying offload
471 * WOWL_ARP_ND: ARP and Neighbor Discovery offload support during WOWL.
472 + * MFP: 802.11w Management Frame Protection.
473 */
474 #define BRCMF_FEAT_LIST \
475 BRCMF_FEAT_DEF(MBSS) \
476 @@ -42,7 +43,8 @@
477 BRCMF_FEAT_DEF(SCAN_RANDOM_MAC) \
478 BRCMF_FEAT_DEF(WOWL_ND) \
479 BRCMF_FEAT_DEF(WOWL_GTK) \
480 - BRCMF_FEAT_DEF(WOWL_ARP_ND)
481 + BRCMF_FEAT_DEF(WOWL_ARP_ND) \
482 + BRCMF_FEAT_DEF(MFP)
483
484 /*
485 * Quirks:
486 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
487 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
488 @@ -142,6 +142,10 @@
489 #define BRCMF_RSN_KEK_LENGTH 16
490 #define BRCMF_RSN_REPLAY_LEN 8
491
492 +#define BRCMF_MFP_NONE 0
493 +#define BRCMF_MFP_CAPABLE 1
494 +#define BRCMF_MFP_REQUIRED 2
495 +
496 /* join preference types for join_pref iovar */
497 enum brcmf_join_pref_types {
498 BRCMF_JOIN_PREF_RSSI = 1,
499 --- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h
500 +++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h
501 @@ -236,6 +236,8 @@ static inline bool ac_bitmap_tst(u8 bitm
502 #define WPA2_AUTH_RESERVED3 0x0200
503 #define WPA2_AUTH_RESERVED4 0x0400
504 #define WPA2_AUTH_RESERVED5 0x0800
505 +#define WPA2_AUTH_1X_SHA256 0x1000 /* 1X with SHA256 key derivation */
506 +#define WPA2_AUTH_PSK_SHA256 0x8000 /* PSK with SHA256 key derivation */
507
508 #define DOT11_DEFAULT_RTS_LEN 2347
509 #define DOT11_DEFAULT_FRAG_LEN 2346
OpenWrt SVN history