The branch main has been updated by adrian:
URL:
https://cgit.FreeBSD.org/src/commit/?id=c2a005a0a97d98472d81c5c9606e5d6e546dd40a
commit c2a005a0a97d98472d81c5c9606e5d6e546dd40a
Author: Adrian Chadd <adr...@freebsd.org>
AuthorDate: 2024-04-19 14:05:44 +0000
Commit: Adrian Chadd <adr...@freebsd.org>
CommitDate: 2024-05-09 00:49:34 +0000
net80211: add new ciphers and RSN flags
These are the rest of the ciphers and RSN flags from 802.11-2016.
* add the rest of the ciphers from 802.11-2016
* add the rest of the RSN flags from 802.11-2016
Of special interest here are the extended key ID field for supporting
>1 unicast key (to support seamless rekeying w/out dropping frames)
and the MFP (management frame protection) config bits.
This is a no-op; no code is using these new fields.
(In particular, no code in net80211 uses the RSN capability bits;
but that will change when we start on MFP support.)
Differential Revision: https://reviews.freebsd.org/D44864
---
sys/net80211/ieee80211.h | 67 ++++++++++++++++++++++++++++++++++++++----------
1 file changed, 54 insertions(+), 13 deletions(-)
diff --git a/sys/net80211/ieee80211.h b/sys/net80211/ieee80211.h
index 47e496bf42a1..fe2a0a7f3b64 100644
--- a/sys/net80211/ieee80211.h
+++ b/sys/net80211/ieee80211.h
@@ -1266,7 +1266,7 @@ struct ieee80211_csa_ie {
#define WPA_CSE_NULL 0x00
#define WPA_CSE_WEP40 0x01
#define WPA_CSE_TKIP 0x02
-#define WPA_CSE_CCMP 0x04
+#define WPA_CSE_CCMP 0x04 /* CCMP 128-bit */
#define WPA_CSE_WEP104 0x05
#define WPA_ASE_NONE 0x00
@@ -1275,21 +1275,62 @@ struct ieee80211_csa_ie {
#define WPS_OUI_TYPE 0x04
+/* 802.11-2016 Table 9-131 - Cipher Suite Selectors */
#define RSN_OUI 0xac0f00
#define RSN_VERSION 1 /* current supported
version */
-#define RSN_CSE_NULL 0x00
-#define RSN_CSE_WEP40 0x01
-#define RSN_CSE_TKIP 0x02
-#define RSN_CSE_WRAP 0x03
-#define RSN_CSE_CCMP 0x04
-#define RSN_CSE_WEP104 0x05
-
-#define RSN_ASE_NONE 0x00
-#define RSN_ASE_8021X_UNSPEC 0x01
-#define RSN_ASE_8021X_PSK 0x02
-
-#define RSN_CAP_PREAUTH 0x01
+/* RSN cipher suite element */
+#define RSN_CSE_NULL 0
+#define RSN_CSE_WEP40 1
+#define RSN_CSE_TKIP 2
+#define RSN_CSE_WRAP 3 /* Reserved in the
802.11-2016 */
+#define RSN_CSE_CCMP 4 /* CCMP 128 bit */
+#define RSN_CSE_WEP104 5
+#define RSN_CSE_BIP_CMAC_128 6
+/* 7 - "Group addressed traffic not allowed" */
+#define RSN_CSE_GCMP_128 8
+#define RSN_CSE_GCMP_256 9
+#define RSN_CSE_CCMP_256 10
+#define RSN_CSE_BIP_GMAC_128 11
+#define RSN_CSE_BIP_GMAC_256 12
+#define RSN_CSE_BIP_CMAC_256 13
+
+/* 802.11-2016 Table 9-133 - AKM suite selectors */
+/* RSN AKM suite element */
+#define RSN_ASE_NONE 0
+#define RSN_ASE_8021X_UNSPEC 1
+#define RSN_ASE_8021X_PSK 2
+#define RSN_ASE_FT_8021X 3 /* SHA-256 */
+#define RSN_ASE_FT_PSK 4 /* SHA-256 */
+#define RSN_ASE_8021X_UNSPEC_SHA256 5
+#define RSN_ASE_8021X_PSK_SHA256 6
+#define RSN_ASE_8021X_TDLS 7 /* SHA-256 */
+#define RSN_ASE_SAE_UNSPEC 8 /* SHA-256 */
+#define RSN_ASE_FT_SAE 9 /* SHA-256 */
+#define RSN_ASE_AP_PEERKEY 10 /* SHA-256 */
+#define RSN_ASE_8021X_SUITE_B_SHA256 11
+#define RSN_ASE_8021X_SUITE_B_SHA384 12
+#define RSN_ASE_FT_8021X_SHA384 13
+
+/* 802.11-2016 Figure 9-257 - RSN Capabilities (2 byte field) */
+#define RSN_CAP_PREAUTH 0x0001
+#define RSN_CAP_NO_PAIRWISE 0x0002
+#define RSN_CAP_PTKSA_REPLAY_COUNTER 0x000c /* 2 bit field */
+#define RSN_CAP_GTKSA_REPLAY_COUNTER 0x0030 /* 2 bit field */
+#define RSN_CAP_MFP_REQUIRED 0x0040
+#define RSN_CAP_MFP_CAPABLE 0x0080
+#define RSN_CAP_JOINT_MULTIBAND_RSNA 0x0100
+#define RSN_CAP_PEERKEY_ENABLED 0x0200
+#define RSN_CAP_SPP_AMSDU_CAPABLE 0x0400
+#define RSN_CAP_SPP_AMSDU_REQUIRED 0x0800
+#define RSN_CAP_PBAC_CAPABLE 0x1000
+#define RSN_CAP_EXT_KEYID_CAPABLE 0x0200
+
+/* 802.11-2016 Table 9-134 PTKSA/GTKSA/STKSA replay counters usage */
+#define RSN_CAP_REPLAY_COUNTER_1_PER 0
+#define RSN_CAP_REPLAY_COUNTER_2_PER 1
+#define RSN_CAP_REPLAY_COUNTER_4_PER 2
+#define RSN_CAP_REPLAY_COUNTER_16_PER 3
#define WME_OUI 0xf25000
#define WME_OUI_TYPE 0x02
