Commit 69334861 authored by Veerendranath Jakkam's avatar Veerendranath Jakkam Committed by Johannes Berg

wifi: nl80211: Add support for randomizing TA of auth and deauth frames

Add support to use a random local address in authentication and
deauthentication frames sent to unassociated peer when the driver
supports.

The driver needs to configure receive behavior to accept frames with
random transmit address specified in TX path authentication frames
during the time of the frame exchange is pending and such frames need to
be acknowledged similarly to frames sent to the local permanent address
when this random address functionality is used.

This capability allows use of randomized transmit address for PASN
authentication frames to improve privacy of WLAN clients.
Signed-off-by: default avatarVeerendranath Jakkam <quic_vjakkam@quicinc.com>
Link: https://lore.kernel.org/r/20230112012415.167556-2-quic_vjakkam@quicinc.comSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 2ad7dd94
...@@ -6348,6 +6348,10 @@ enum nl80211_feature_flags { ...@@ -6348,6 +6348,10 @@ enum nl80211_feature_flags {
* @NL80211_EXT_FEATURE_SECURE_NAN: Device supports NAN Pairing which enables * @NL80211_EXT_FEATURE_SECURE_NAN: Device supports NAN Pairing which enables
* authentication, data encryption and message integrity. * authentication, data encryption and message integrity.
* *
* @NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA: Device supports randomized TA
* in authentication and deauthentication frames sent to unassociated peer
* using @NL80211_CMD_FRAME.
*
* @NUM_NL80211_EXT_FEATURES: number of extended features. * @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index. * @MAX_NL80211_EXT_FEATURES: highest extended feature index.
*/ */
...@@ -6418,6 +6422,7 @@ enum nl80211_ext_feature_index { ...@@ -6418,6 +6422,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE, NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE,
NL80211_EXT_FEATURE_PUNCT, NL80211_EXT_FEATURE_PUNCT,
NL80211_EXT_FEATURE_SECURE_NAN, NL80211_EXT_FEATURE_SECURE_NAN,
NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA,
/* add new features before the definition below */ /* add new features before the definition below */
NUM_NL80211_EXT_FEATURES, NUM_NL80211_EXT_FEATURES,
......
...@@ -673,6 +673,39 @@ static bool cfg80211_allowed_address(struct wireless_dev *wdev, const u8 *addr) ...@@ -673,6 +673,39 @@ static bool cfg80211_allowed_address(struct wireless_dev *wdev, const u8 *addr)
return ether_addr_equal(addr, wdev_address(wdev)); return ether_addr_equal(addr, wdev_address(wdev));
} }
static bool cfg80211_allowed_random_address(struct wireless_dev *wdev,
const struct ieee80211_mgmt *mgmt)
{
if (ieee80211_is_auth(mgmt->frame_control) ||
ieee80211_is_deauth(mgmt->frame_control)) {
/* Allow random TA to be used with authentication and
* deauthentication frames if the driver has indicated support.
*/
if (wiphy_ext_feature_isset(
wdev->wiphy,
NL80211_EXT_FEATURE_AUTH_AND_DEAUTH_RANDOM_TA))
return true;
} else if (ieee80211_is_action(mgmt->frame_control) &&
mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
/* Allow random TA to be used with Public Action frames if the
* driver has indicated support.
*/
if (!wdev->connected &&
wiphy_ext_feature_isset(
wdev->wiphy,
NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
return true;
if (wdev->connected &&
wiphy_ext_feature_isset(
wdev->wiphy,
NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
return true;
}
return false;
}
int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
struct wireless_dev *wdev, struct wireless_dev *wdev,
struct cfg80211_mgmt_tx_params *params, u64 *cookie) struct cfg80211_mgmt_tx_params *params, u64 *cookie)
...@@ -774,25 +807,9 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev, ...@@ -774,25 +807,9 @@ int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
return err; return err;
} }
if (!cfg80211_allowed_address(wdev, mgmt->sa)) { if (!cfg80211_allowed_address(wdev, mgmt->sa) &&
/* Allow random TA to be used with Public Action frames if the !cfg80211_allowed_random_address(wdev, mgmt))
* driver has indicated support for this. Otherwise, only allow return -EINVAL;
* the local address to be used.
*/
if (!ieee80211_is_action(mgmt->frame_control) ||
mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
return -EINVAL;
if (!wdev->connected &&
!wiphy_ext_feature_isset(
&rdev->wiphy,
NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA))
return -EINVAL;
if (wdev->connected &&
!wiphy_ext_feature_isset(
&rdev->wiphy,
NL80211_EXT_FEATURE_MGMT_TX_RANDOM_TA_CONNECTED))
return -EINVAL;
}
/* Transmit the management frame as requested by user space */ /* Transmit the management frame as requested by user space */
return rdev_mgmt_tx(rdev, wdev, params, cookie); return rdev_mgmt_tx(rdev, wdev, params, cookie);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment