diff options
| -rw-r--r-- | include/linux/ieee80211.h | 1 | ||||
| -rw-r--r-- | include/net/cfg80211.h | 4 | ||||
| -rw-r--r-- | include/uapi/linux/nl80211.h | 18 | ||||
| -rw-r--r-- | net/wireless/nl80211.c | 9 | ||||
| -rw-r--r-- | net/wireless/util.c | 15 |
5 files changed, 47 insertions, 0 deletions
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h index 23f9df9be837..11106589acc6 100644 --- a/include/linux/ieee80211.h +++ b/include/linux/ieee80211.h @@ -2236,6 +2236,7 @@ struct ieee80211_multiple_bssid_configuration { #define WLAN_AKM_SUITE_WFA_DPP SUITE(WLAN_OUI_WFA, 2) #define WLAN_MAX_KEY_LEN 32 +#define WLAN_MAX_SECURE_LTF_KEYSEED_LEN 48 #define WLAN_PMK_NAME_LEN 16 #define WLAN_PMKID_LEN 16 diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index fdc8363b296c..13e035fecf7f 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -830,6 +830,8 @@ struct vif_params { * @seq_len: length of @seq. * @vlan_id: vlan_id for VLAN group key (if nonzero) * @mode: key install mode (RX_TX, NO_TX or SET_TX) + * @ltf_keyseed: LTF key seed material + * @ltf_keyseed_len: length of LTF key seed material */ struct key_params { const u8 *key; @@ -839,6 +841,8 @@ struct key_params { u16 vlan_id; u32 cipher; enum nl80211_key_mode mode; + const u8 *ltf_keyseed; + size_t ltf_keyseed_len; }; /** diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 1da4dc3fc816..6c7e6c05b9a8 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -5814,6 +5814,18 @@ enum nl80211_key_default_types { * @NL80211_KEY_MODE: the mode from enum nl80211_key_mode. * Defaults to @NL80211_KEY_RX_TX. * @NL80211_KEY_DEFAULT_BEACON: flag indicating default Beacon frame key + * @NL80211_KEY_LTF_SEED: LTF key seed is used by the driver to generate + * secure LTF keys used in case of peer measurement request with FTM + * request type as either %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED + * or %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED. Secure LTF key seeds + * will help enable PHY security in peer measurement session. + * The LTF key seed is installed along with the TK (Temporal Key) using + * %NL80211_CMD_NEW_KEY. The TK is configured using the + * %NL80211_ATTR_KEY_DATA attribute, while the LTF key seed is configured + * using this attribute. Both keys must be configured before initiation + * of peer measurement to ensure peer measurement session is secure. + * Only valid if %NL80211_EXT_FEATURE_SET_KEY_LTF_SEED is set. This + * attribute is restricted to pairwise keys (%NL80211_KEYTYPE_PAIRWISE). * * @__NL80211_KEY_AFTER_LAST: internal * @NL80211_KEY_MAX: highest key attribute @@ -5830,6 +5842,7 @@ enum nl80211_key_attributes { NL80211_KEY_DEFAULT_TYPES, NL80211_KEY_MODE, NL80211_KEY_DEFAULT_BEACON, + NL80211_KEY_LTF_SEED, /* keep last */ __NL80211_KEY_AFTER_LAST, @@ -7059,6 +7072,10 @@ enum nl80211_feature_flags { * forward frames with a matching MAC address to userspace during * the off-channel period. * + * @NL80211_EXT_FEATURE_SET_KEY_LTF_SEED: Driver supports installing the + * LTF key seed via %NL80211_KEY_LTF_SEED. The seed is used to generate + * secure LTF keys for secure LTF measurement sessions. + * * @NUM_NL80211_EXT_FEATURES: number of extended features. * @MAX_NL80211_EXT_FEATURES: highest extended feature index. */ @@ -7139,6 +7156,7 @@ enum nl80211_ext_feature_index { NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION, NL80211_EXT_FEATURE_IEEE8021X_AUTH, NL80211_EXT_FEATURE_ROC_ADDR_FILTER, + NL80211_EXT_FEATURE_SET_KEY_LTF_SEED, /* add new features before the definition below */ NUM_NL80211_EXT_FEATURES, diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index b33f688b983a..61b1716daf1e 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -1103,6 +1103,10 @@ static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1), [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED }, [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX), + [NL80211_KEY_LTF_SEED] = { + .type = NLA_BINARY, + .len = WLAN_MAX_SECURE_LTF_KEYSEED_LEN, + }, }; /* policy for the key default flags */ @@ -1634,6 +1638,11 @@ static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key, if (tb[NL80211_KEY_MODE]) k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]); + if (tb[NL80211_KEY_LTF_SEED]) { + k->p.ltf_keyseed = nla_data(tb[NL80211_KEY_LTF_SEED]); + k->p.ltf_keyseed_len = nla_len(tb[NL80211_KEY_LTF_SEED]); + } + return 0; } diff --git a/net/wireless/util.c b/net/wireless/util.c index b638e205c71e..8dd7545b9097 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -434,6 +434,21 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher)) return -EINVAL; + if (params->ltf_keyseed) { + if (!wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_SECURE_LTF) || + !wiphy_ext_feature_isset(&rdev->wiphy, + NL80211_EXT_FEATURE_SET_KEY_LTF_SEED)) + return -EOPNOTSUPP; + + /* + * LTF key seed is pairwise key material and must only be + * used with a pairwise key + */ + if (!pairwise) + return -EINVAL; + } + return 0; } |