diff --git a/sys/net80211/_ieee80211.h b/sys/net80211/_ieee80211.h --- a/sys/net80211/_ieee80211.h +++ b/sys/net80211/_ieee80211.h @@ -536,6 +536,27 @@ "\21AMPDU\22AMSDU\23HT\24SMPS\25RIFS\32TXLDPC\33RXAMSDUAMPDU" \ "\34TXAMSDUAMPDU" +/* + * AKM (key management) suite capability list. + * + * These represent what's in 802.11-2016 - Table 9-133 - AKM Suite Selectors. + * Note that they do not match what the table values are, in case other key + * management suites want to be added with different OUIs. + */ +#define IEEE80211_KEYMGMT_RSN_UNSPEC_802_1X 0x00000001 /* RSN suite 1 */ +#define IEEE80211_KEYMGMT_RSN_PSK_OVER_802_1X 0x00000002 /* RSN suite 2 */ +#define IEEE80211_KEYMGMT_RSN_FT_OVER_802_1X 0x00000004 /* RSN suite 3 */ +#define IEEE80211_KEYMGMT_RSN_FT_PSK 0x00000008 /* RSN suite 4 */ +#define IEEE80211_KEYMGMT_RSN_802_1X_SHA256 0x00000010 /* RSN suite 5 */ +#define IEEE80211_KEYMGMT_RSN_PSK_SHA256 0x00000020 /* RSN suite 6 */ +#define IEEE80211_KEYMGMT_RSN_TPK_HANDSHAKE 0x00000040 /* RSN suite 7 */ +#define IEEE80211_KEYMGMT_RSN_SAE 0x00000080 /* RSN suite 8 */ +#define IEEE80211_KEYMGMT_RSN_FT_SAE 0x00000100 /* RSN suite 9 */ +#define IEEE80211_KEYMGMT_RSN_APPEERKEY_SHA256 0x00000200 /* RSN suite 10 */ +#define IEEE80211_KEYMGMT_RSN_802_1X_SUITE_B 0x00000400 /* RSN suite 11 */ +#define IEEE80211_KEYMGMT_RSN_802_1X_SUITE_B_192 0x00000800 /* RSN suite 12 */ +#define IEEE80211_KEYMGMT_RSN_FT_802_1X_SHA384 0x00001000 /* RSN suite 13 */ + /* * RX status notification - which fields are valid. */ diff --git a/sys/net80211/ieee80211.c b/sys/net80211/ieee80211.c --- a/sys/net80211/ieee80211.c +++ b/sys/net80211/ieee80211.c @@ -458,6 +458,18 @@ cipher_suite); } +/* + * Called by drivers during attach to set the supported + * key management suites by the driver/hardware. + */ +void +ieee80211_set_driver_keymgmt_suites(struct ieee80211com *ic, + uint32_t keymgmt_set) +{ + ieee80211_crypto_set_supported_driver_keymgmt(ic, + keymgmt_set); +} + struct ieee80211com * ieee80211_find_com(const char *name) { @@ -580,6 +592,9 @@ vap->iv_vht_cap.vht_cap_info = ic->ic_vht_cap.vht_cap_info; vap->iv_vhtextcaps = ic->ic_vhtextcaps; + /* key management capabilities */ + vap->iv_sw_keymgmtcaps = ic->ic_sw_keymgmtcaps; + vap->iv_opmode = opmode; vap->iv_caps |= ieee80211_opcap[opmode]; IEEE80211_ADDR_COPY(vap->iv_myaddr, ic->ic_macaddr); diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h --- a/sys/net80211/ieee80211_crypto.h +++ b/sys/net80211/ieee80211_crypto.h @@ -184,6 +184,8 @@ uint32_t cipher_set); void ieee80211_crypto_set_supported_hardware_ciphers(struct ieee80211com *, uint32_t cipher_set); +void ieee80211_crypto_set_supported_driver_keymgmt(struct ieee80211com *, + uint32_t keymgmt_set); void ieee80211_crypto_vattach(struct ieee80211vap *); void ieee80211_crypto_vdetach(struct ieee80211vap *); int ieee80211_crypto_newkey(struct ieee80211vap *, diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -154,6 +154,25 @@ */ ic->ic_sw_cryptocaps = IEEE80211_CRYPTO_WEP | IEEE80211_CRYPTO_TKIP | IEEE80211_CRYPTO_AES_CCM; + + /* + * Default set of key management types supported by net80211. + * + * These are supported by software net80211 and announced/ + * driven by hostapd + wpa_supplicant. + * + * Drivers doing full supplicant offload must not set + * anything here. + * + * Note that IEEE80211_C_WPA1 and IEEE80211_C_WPA2 are the + * "old" style way of drivers announcing key management + * capabilities. There are many, many more key management + * suites in 802.11-2016 (see 9.4.2.25.3 - AKM suites.) + * For now they still need to be set - these flags are checked + * when assembling a beacon to reserve space for the WPA + * vendor IE (WPA 1) and RSN IE (WPA 2). + */ + ic->ic_sw_keymgmtcaps = 0; } /* @@ -184,6 +203,22 @@ ic->ic_cryptocaps = cipher_set; } +/* + * Set the supported software key management by the driver. + * + * These are the key management suites that are supported via + * the driver via hostapd/wpa_supplicant. + * + * Key management which is completely offloaded (ie, the supplicant + * runs in hardware/firmware) must not be set here. + */ +void +ieee80211_crypto_set_supported_driver_keymgmt(struct ieee80211com *ic, + uint32_t keymgmt_set) +{ + + ic->ic_sw_keymgmtcaps = keymgmt_set; +} /* * Setup crypto support for a vap. diff --git a/sys/net80211/ieee80211_var.h b/sys/net80211/ieee80211_var.h --- a/sys/net80211/ieee80211_var.h +++ b/sys/net80211/ieee80211_var.h @@ -167,6 +167,8 @@ uint32_t ic_sw_cryptocaps; uint32_t ic_cryptocaps; /* hardware crypto caps */ /* set of mode capabilities */ + /* driver/net80211 sw KEYMGMT capabilities */ + uint32_t ic_sw_keymgmtcaps; uint8_t ic_modecaps[IEEE80211_MODE_BYTES]; uint8_t ic_promisc; /* vap's needing promisc mode */ uint8_t ic_allmulti; /* vap's needing all multicast*/ @@ -409,6 +411,8 @@ uint32_t iv_caps; /* capabilities */ uint32_t iv_htcaps; /* HT capabilities */ uint32_t iv_htextcaps; /* HT extended capabilities */ + /* driver/net80211 KEYMGMT capabilities */ + uint32_t iv_sw_keymgmtcaps; uint32_t iv_com_state; /* com usage / detached flag */ enum ieee80211_opmode iv_opmode; /* operation mode */ enum ieee80211_state iv_state; /* state machine state */ @@ -755,6 +759,8 @@ uint32_t cipher_suite); void ieee80211_set_hardware_ciphers(struct ieee80211com *, uint32_t cipher_suite); +void ieee80211_set_driver_keymgmt_suites(struct ieee80211com *ic, + uint32_t keymgmt_set); int ieee80211_vap_setup(struct ieee80211com *, struct ieee80211vap *, const char name[IFNAMSIZ], int unit, enum ieee80211_opmode opmode, int flags,