diff options
| author | Kavita Kavita <kavita.kavita@oss.qualcomm.com> | 2026-05-04 18:06:23 +0530 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2026-05-05 12:09:19 +0200 |
| commit | 829b815e910b8cc7bf36c85005abc3e66b59303b (patch) | |
| tree | 9b3368531ed05c885de342cc6556a5a9a126b361 /include/uapi/linux | |
| parent | 0814869dc26e7f82b31683fdfc5d43dcf3331f9f (diff) | |
wifi: cfg80211: indicate (Re)Association frame encryption to userspace
In SME-in-driver mode, the driver handles the entire (re)association
exchange. Userspace (e.g., wpa_supplicant) currently has no explicit
indication of whether the (re)association exchange was encrypted,
making it difficult to distinguish EPP (Enhanced Privacy Protection,
IEEE 802.11bi) associations from non-EPP associations.
When (Re)Association frame encryption is used, the (Re)Association
Response frame must contain a Key Delivery element as specified in
IEEE P802.11bi/D4.0, Table 9-65. Userspace must process this element
only when the (Re)Association Response frame is actually encrypted.
Processing it unconditionally for unencrypted frames leads to incorrect
behavior. Without an explicit indication from the driver, userspace
cannot determine whether encryption was used and whether the Key
Delivery element is valid.
Add a new flag attribute NL80211_ATTR_ASSOC_ENCRYPTED and a
corresponding field "assoc_encrypted" in cfg80211_connect_resp_params
to indicate that both the (Re)Association Request and Response frames
are transmitted encrypted over the air.
For mac80211-based drivers, extend cfg80211_rx_assoc_resp_data with
the assoc_encrypted field as well, which is then propagated to
cfg80211_connect_resp_params.
Pass the flag to userspace via NL80211_CMD_CONNECT event.
Signed-off-by: Kavita Kavita <kavita.kavita@oss.qualcomm.com>
Link: https://patch.msgid.link/20260504123624.529218-2-kavita.kavita@oss.qualcomm.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'include/uapi/linux')
| -rw-r--r-- | include/uapi/linux/nl80211.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index 072b383d7d3c..e26d65c1b737 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -3142,6 +3142,13 @@ enum nl80211_commands { * association response etc., since it's abridged in the beacon. Used * for START_AP etc. * + * @NL80211_ATTR_ASSOC_ENCRYPTED: Flag attribute, used only with the + * %NL80211_CMD_CONNECT event in SME-in-driver mode. The driver should + * set this flag to indicate that both the (Re)Association Request frame + * and the corresponding (Re)Association Response frame are transmitted + * encrypted over the air. Enhanced Privacy Protection (EPP), as defined + * in IEEE P802.11bi/D4.0, mandates this encryption. + * * @NUM_NL80211_ATTR: total number of nl80211_attrs available * @NL80211_ATTR_MAX: highest attribute number currently defined * @__NL80211_ATTR_AFTER_LAST: internal use @@ -3735,6 +3742,8 @@ enum nl80211_attrs { NL80211_ATTR_NAN_MAX_CHAN_SWITCH_TIME, NL80211_ATTR_NAN_PEER_MAPS, + NL80211_ATTR_ASSOC_ENCRYPTED, + /* add attributes here, update the policy in nl80211.c */ __NL80211_ATTR_AFTER_LAST, |