cfg80211: Add Fast Initial Link Setup (FILS) auth algs

This defines authentication algorithms for FILS (IEEE 802.11ai).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index d428adf514464bdb15e7c1d0ae298bc3a9b70956..793a0174ba293af8920fac390cc37b2cf3ddbfae 100644 (file)
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -1576,6 +1576,9 @@ struct ieee80211_vht_operation {
 #define WLAN_AUTH_SHARED_KEY 1
 #define WLAN_AUTH_FT 2
 #define WLAN_AUTH_SAE 3
+#define WLAN_AUTH_FILS_SK 4
+#define WLAN_AUTH_FILS_SK_PFS 5
+#define WLAN_AUTH_FILS_PK 6
 #define WLAN_AUTH_LEAP 128
 
 #define WLAN_AUTH_CHALLENGE_LEN 128

diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index 7825fd4db19e260af52f538138a2035e8cda0b90..4dc21265cd12aa9e8df7cb60443b9f9940fe2ec4 100644 (file)
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -3669,6 +3669,9 @@ enum nl80211_bss_status {
  * @NL80211_AUTHTYPE_FT: Fast BSS Transition (IEEE 802.11r)
  * @NL80211_AUTHTYPE_NETWORK_EAP: Network EAP (some Cisco APs and mainly LEAP)
  * @NL80211_AUTHTYPE_SAE: Simultaneous authentication of equals
+ * @NL80211_AUTHTYPE_FILS_SK: Fast Initial Link Setup shared key
+ * @NL80211_AUTHTYPE_FILS_SK_PFS: Fast Initial Link Setup shared key with PFS
+ * @NL80211_AUTHTYPE_FILS_PK: Fast Initial Link Setup public key
  * @__NL80211_AUTHTYPE_NUM: internal
  * @NL80211_AUTHTYPE_MAX: maximum valid auth algorithm
  * @NL80211_AUTHTYPE_AUTOMATIC: determine automatically (if necessary by
@@ -3681,6 +3684,9 @@ enum nl80211_auth_type {
        NL80211_AUTHTYPE_FT,
        NL80211_AUTHTYPE_NETWORK_EAP,
        NL80211_AUTHTYPE_SAE,
+       NL80211_AUTHTYPE_FILS_SK,
+       NL80211_AUTHTYPE_FILS_SK_PFS,
+       NL80211_AUTHTYPE_FILS_PK,
 
        /* keep last */
        __NL80211_AUTHTYPE_NUM,

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 704851142eedba29961d2dc5f0a11f54c11b7831..ff798620e929378f6f84025de315d0f52e2201df 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -3778,12 +3778,23 @@ static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
                if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
                    auth_type == NL80211_AUTHTYPE_SAE)
                        return false;
+               if (!wiphy_ext_feature_isset(&rdev->wiphy,
+                                            NL80211_EXT_FEATURE_FILS_STA) &&
+                   (auth_type == NL80211_AUTHTYPE_FILS_SK ||
+                    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
+                    auth_type == NL80211_AUTHTYPE_FILS_PK))
+                       return false;
                return true;
        case NL80211_CMD_CONNECT:
        case NL80211_CMD_START_AP:
                /* SAE not supported yet */
                if (auth_type == NL80211_AUTHTYPE_SAE)
                        return false;
+               /* FILS not supported yet */
+               if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
+                   auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
+                   auth_type == NL80211_AUTHTYPE_FILS_PK)
+                       return false;
                return true;
        default:
                return false;
@@ -7810,12 +7821,18 @@ static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
        if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
                return -EINVAL;
 
-       if (auth_type == NL80211_AUTHTYPE_SAE &&
+       if ((auth_type == NL80211_AUTHTYPE_SAE ||
+            auth_type == NL80211_AUTHTYPE_FILS_SK ||
+            auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
+            auth_type == NL80211_AUTHTYPE_FILS_PK) &&
            !info->attrs[NL80211_ATTR_AUTH_DATA])
                return -EINVAL;
 
        if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
-               if (auth_type != NL80211_AUTHTYPE_SAE)
+               if (auth_type != NL80211_AUTHTYPE_SAE &&
+                   auth_type != NL80211_AUTHTYPE_FILS_SK &&
+                   auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
+                   auth_type != NL80211_AUTHTYPE_FILS_PK)
                        return -EINVAL;
                auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
                auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);