mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-09-21 07:36:38 +02:00
net80211: add initial key management suites from 802.11-2016, APIs to register them
The WPA1/WPA2 driver capabilities aren't really enough in today's world. There are a /lot/ more key management suites to support! So, add initial support for net80211 and drivers to announce what key management suites are supported. These are the list from 802.11-2016 section 9.4.2.25.3 (AKM suites.) The flags are for software supported key management. Drivers may support more key management suites and are welcome to announce more; net80211 will only announce ones that we know net80211 knows "enough" about to support correctly. There /are/ other suites that may be interesting to some people in the future that are not part of this set - eg if anyone ever wants to support the Chinese WAPI standard - so this bitmap is not specifically just the AKM suites in the RSN OUI. This should eventually be communicated up to the wpa_supplicant and hostapd via a replacement driver/vap capabilities call so they know what to enable rather than just IEEE80211_C_WPA1 / IEEE80211_C_WPA2. Differential Revision: https://reviews.freebsd.org/D44919 Reviewed by: bz
This commit is contained in:
parent
dcf6ab2f2e
commit
c7f5f140bf
@ -536,6 +536,27 @@ struct ieee80211_mimo_info {
|
||||
"\21AMPDU\22AMSDU\23HT\24SMPS\25RIFS\32TXLDPC\33RXAMSDUAMPDU" \
|
||||
"\34TXAMSDUAMPDU"
|
||||
|
||||
/*
|
||||
* AKM (key management) suite capability list.
|
||||
*
|
||||
* These represent what's in 802.11-2016 - Table 9-133 - AKM Suite Selectors.
|
||||
* Note that they do not match what the table values are, in case other key
|
||||
* management suites want to be added with different OUIs.
|
||||
*/
|
||||
#define IEEE80211_KEYMGMT_RSN_UNSPEC_802_1X 0x00000001 /* RSN suite 1 */
|
||||
#define IEEE80211_KEYMGMT_RSN_PSK_OVER_802_1X 0x00000002 /* RSN suite 2 */
|
||||
#define IEEE80211_KEYMGMT_RSN_FT_OVER_802_1X 0x00000004 /* RSN suite 3 */
|
||||
#define IEEE80211_KEYMGMT_RSN_FT_PSK 0x00000008 /* RSN suite 4 */
|
||||
#define IEEE80211_KEYMGMT_RSN_802_1X_SHA256 0x00000010 /* RSN suite 5 */
|
||||
#define IEEE80211_KEYMGMT_RSN_PSK_SHA256 0x00000020 /* RSN suite 6 */
|
||||
#define IEEE80211_KEYMGMT_RSN_TPK_HANDSHAKE 0x00000040 /* RSN suite 7 */
|
||||
#define IEEE80211_KEYMGMT_RSN_SAE 0x00000080 /* RSN suite 8 */
|
||||
#define IEEE80211_KEYMGMT_RSN_FT_SAE 0x00000100 /* RSN suite 9 */
|
||||
#define IEEE80211_KEYMGMT_RSN_APPEERKEY_SHA256 0x00000200 /* RSN suite 10 */
|
||||
#define IEEE80211_KEYMGMT_RSN_802_1X_SUITE_B 0x00000400 /* RSN suite 11 */
|
||||
#define IEEE80211_KEYMGMT_RSN_802_1X_SUITE_B_192 0x00000800 /* RSN suite 12 */
|
||||
#define IEEE80211_KEYMGMT_RSN_FT_802_1X_SHA384 0x00001000 /* RSN suite 13 */
|
||||
|
||||
/*
|
||||
* RX status notification - which fields are valid.
|
||||
*/
|
||||
|
@ -456,6 +456,18 @@ ieee80211_set_hardware_ciphers(struct ieee80211com *ic,
|
||||
ieee80211_crypto_set_supported_hardware_ciphers(ic, cipher_suite);
|
||||
}
|
||||
|
||||
/*
|
||||
* Called by drivers during attach to set the supported
|
||||
* key management suites by the driver/hardware.
|
||||
*/
|
||||
void
|
||||
ieee80211_set_driver_keymgmt_suites(struct ieee80211com *ic,
|
||||
uint32_t keymgmt_set)
|
||||
{
|
||||
ieee80211_crypto_set_supported_driver_keymgmt(ic,
|
||||
keymgmt_set);
|
||||
}
|
||||
|
||||
struct ieee80211com *
|
||||
ieee80211_find_com(const char *name)
|
||||
{
|
||||
|
@ -154,6 +154,25 @@ ieee80211_crypto_attach(struct ieee80211com *ic)
|
||||
*/
|
||||
ic->ic_sw_cryptocaps = IEEE80211_CRYPTO_WEP |
|
||||
IEEE80211_CRYPTO_TKIP | IEEE80211_CRYPTO_AES_CCM;
|
||||
|
||||
/*
|
||||
* Default set of key management types supported by net80211.
|
||||
*
|
||||
* These are supported by software net80211 and announced/
|
||||
* driven by hostapd + wpa_supplicant.
|
||||
*
|
||||
* Drivers doing full supplicant offload must not set
|
||||
* anything here.
|
||||
*
|
||||
* Note that IEEE80211_C_WPA1 and IEEE80211_C_WPA2 are the
|
||||
* "old" style way of drivers announcing key management
|
||||
* capabilities. There are many, many more key management
|
||||
* suites in 802.11-2016 (see 9.4.2.25.3 - AKM suites.)
|
||||
* For now they still need to be set - these flags are checked
|
||||
* when assembling a beacon to reserve space for the WPA
|
||||
* vendor IE (WPA 1) and RSN IE (WPA 2).
|
||||
*/
|
||||
ic->ic_sw_keymgmtcaps = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -184,6 +203,22 @@ ieee80211_crypto_set_supported_hardware_ciphers(struct ieee80211com *ic,
|
||||
ic->ic_cryptocaps = cipher_set;
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the supported software key management by the driver.
|
||||
*
|
||||
* These are the key management suites that are supported via
|
||||
* the driver via hostapd/wpa_supplicant.
|
||||
*
|
||||
* Key management which is completely offloaded (ie, the supplicant
|
||||
* runs in hardware/firmware) must not be set here.
|
||||
*/
|
||||
void
|
||||
ieee80211_crypto_set_supported_driver_keymgmt(struct ieee80211com *ic,
|
||||
uint32_t keymgmt_set)
|
||||
{
|
||||
|
||||
ic->ic_sw_keymgmtcaps = keymgmt_set;
|
||||
}
|
||||
|
||||
/*
|
||||
* Setup crypto support for a vap.
|
||||
|
@ -184,6 +184,8 @@ void ieee80211_crypto_set_supported_software_ciphers(struct ieee80211com *,
|
||||
uint32_t cipher_set);
|
||||
void ieee80211_crypto_set_supported_hardware_ciphers(struct ieee80211com *,
|
||||
uint32_t cipher_set);
|
||||
void ieee80211_crypto_set_supported_driver_keymgmt(struct ieee80211com *,
|
||||
uint32_t keymgmt_set);
|
||||
void ieee80211_crypto_vattach(struct ieee80211vap *);
|
||||
void ieee80211_crypto_vdetach(struct ieee80211vap *);
|
||||
int ieee80211_crypto_newkey(struct ieee80211vap *,
|
||||
|
@ -167,6 +167,8 @@ struct ieee80211com {
|
||||
uint32_t ic_sw_cryptocaps;
|
||||
uint32_t ic_cryptocaps; /* hardware crypto caps */
|
||||
/* set of mode capabilities */
|
||||
/* driver/net80211 sw KEYMGMT capabilities */
|
||||
uint32_t ic_sw_keymgmtcaps;
|
||||
uint8_t ic_modecaps[IEEE80211_MODE_BYTES];
|
||||
uint8_t ic_promisc; /* vap's needing promisc mode */
|
||||
uint8_t ic_allmulti; /* vap's needing all multicast*/
|
||||
@ -755,6 +757,8 @@ void ieee80211_set_software_ciphers(struct ieee80211com *,
|
||||
uint32_t cipher_suite);
|
||||
void ieee80211_set_hardware_ciphers(struct ieee80211com *,
|
||||
uint32_t cipher_suite);
|
||||
void ieee80211_set_driver_keymgmt_suites(struct ieee80211com *ic,
|
||||
uint32_t keymgmt_set);
|
||||
int ieee80211_vap_setup(struct ieee80211com *, struct ieee80211vap *,
|
||||
const char name[IFNAMSIZ], int unit,
|
||||
enum ieee80211_opmode opmode, int flags,
|
||||
|
Loading…
Reference in New Issue
Block a user