Add QCA vendor interface for PASN offload to userspace
Define QCA vendor interface for PASN offload to userspace from the driver. The driver can send this command as an event to a userspace component to perform PASN authentication with a list of peers with which the driver needs to do ranging. The userspace component, if capable of performing PASN handshake, can perform PASN handshake with all the peer devices and set the relevant keys by sending the QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT command for each peer to the driver. Once PASN handshake is completed with all requested peers, the userspace component sends consolidated status for all the peers to the driver. The consolidated report is required for the driver to understand that the PASN handshake process is complete and whether it succeeded/failed for each of the peers it was requested for. The secure ranging context is configured only for the peers with which the PASN handshake succeeded. When the driver requests PASN keys, the userspace component can set the keys from its cache if those keys have not already expired and were derived with the same source MAC address that is requested by the driver instead of doing the full PASN handshake again. If the driver detects that current keys of a peer are not valid anymore, it sends a notification to userspace using the QCA_NL80211_VENDOR_SUBCMD_PASN command and setting the action to QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT. The userspace component should delete the corresponding keys from its cache. Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Vinay Gannevaram
Jouni Malinen
parent
809fb96fa0
commit
09a281e52a
1 changed files with 175 additions and 0 deletions
|
|
@ -801,6 +801,24 @@ enum qca_radiotap_vendor_ids {
|
|||
* that the driver is ready for operations again after recovering from
|
||||
* internal failures. This occurs following a failure that was indicated by
|
||||
* @QCA_NL80211_VENDOR_SUBCMD_HANG.
|
||||
*
|
||||
* @QCA_NL80211_VENDOR_SUBCMD_PASN: Subcommand used to offload preassociation
|
||||
* security negotiation and key generation to user space.
|
||||
*
|
||||
* When used as an event, the driver requests userspace to trigger the PASN
|
||||
* authentication or dropping of a PTKSA for the indicated peer devices.
|
||||
* When used as a command response, userspace indicates a consolidated
|
||||
* status report for all the peers that were requested for.
|
||||
*
|
||||
* The attributes used with this command are defined in
|
||||
* enum qca_wlan_vendor_attr_pasn.
|
||||
*
|
||||
* @QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT: Subcommand used to set
|
||||
* secure ranging context such as TK and LTF keyseed for each peer
|
||||
* requested by the driver with a @QCA_NL80211_VENDOR_SUBCMD_PASN event.
|
||||
*
|
||||
* The attributes used with this command are defined in
|
||||
* enum qca_wlan_vendor_attr_secure_ranging_ctx.
|
||||
*/
|
||||
enum qca_nl80211_vendor_subcmds {
|
||||
QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0,
|
||||
|
|
@ -999,6 +1017,8 @@ enum qca_nl80211_vendor_subcmds {
|
|||
/* 206..212 - reserved for QCA */
|
||||
QCA_NL80211_VENDOR_SUBCMD_GET_RADIO_COMBINATION_MATRIX = 213,
|
||||
QCA_NL80211_VENDOR_SUBCMD_DRIVER_READY = 214,
|
||||
QCA_NL80211_VENDOR_SUBCMD_PASN = 215,
|
||||
QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT = 216,
|
||||
};
|
||||
|
||||
/* Compatibility defines for previously used subcmd names.
|
||||
|
|
@ -12365,4 +12385,159 @@ enum qca_wlan_audio_data_path {
|
|||
QCA_WLAN_AUDIO_DATA_PATH_VIA_LOW_POWER_DSP = 1,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum qca_wlan_vendor_pasn_action - Action to authenticate (and generate keys
|
||||
* for) or drop existing PASN security association for the listed the
|
||||
* peers. Used by QCA_WLAN_VENDOR_ATTR_PASN_ACTION and sent from the driver
|
||||
* to userspace.
|
||||
*
|
||||
* @QCA_WLAN_VENDOR_PASN_ACTION_AUTH: Initiate PASN handshake with the peer
|
||||
* devices indicated with %QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR.
|
||||
* @QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT: Indication from
|
||||
* the driver to userspace to inform that the existing PASN keys of the
|
||||
* peer devices specified with %QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR are
|
||||
* not valid anymore.
|
||||
*/
|
||||
enum qca_wlan_vendor_pasn_action {
|
||||
QCA_WLAN_VENDOR_PASN_ACTION_AUTH,
|
||||
QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum qca_wlan_vendor_attr_pasn_peer: Defines the nested attributes used in
|
||||
* QCA_WLAN_VENDOR_ATTR_PASN_PEERS.
|
||||
*
|
||||
* @QCA_WLAN_VENDOR_ATTR_PASN_PEER_SRC_ADDR: This attribute is optional in the
|
||||
* event from the driver to userspace and represents the local MAC address
|
||||
* to be used for PASN handshake. When this attribute is present, userspace
|
||||
* shall use the source address specified in this attribute by the driver
|
||||
* for PASN handshake with peer device.
|
||||
* This attribute is required in a command response from userspace to the
|
||||
* driver and represents the MAC address that was used in PASN handshake
|
||||
* with the peer device.
|
||||
* @QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR: Indicates the MAC address of the
|
||||
* peer device to which PASN handshake is requested in an event from the
|
||||
* driver to userspace when QCA_WLAN_VENDOR_ATTR_PASN_ACTION is set to
|
||||
* QCA_WLAN_VENDOR_PASN_ACTION_AUTH.
|
||||
* Indicates the MAC address of the peer device for which the keys are to
|
||||
* be invalidated in an event from the driver to userspace when
|
||||
* QCA_WLAN_VENDOR_ATTR_PASN_ACTION is set to
|
||||
* QCA_WLAN_VENDOR_PASN_ACTION_DELETE_SECURE_RANGING_CONTEXT.
|
||||
* Indicates the MAC address of the peer device for which the status is
|
||||
* being sent in a status report from userspace to the driver.
|
||||
* @QCA_WLAN_VENDOR_ATTR_PASN_PEER_LTF_KEYSEED_REQUIRED: NLA_FLAG attribute used
|
||||
* in the event from the driver to userspace. When set, userspace is
|
||||
* required to derive LTF key seed from KDK and set it to the driver.
|
||||
* @QCA_WLAN_VENDOR_ATTR_PASN_PEER_STATUS_SUCCESS: NLA_FLAG attribute. This
|
||||
* attribute is used in the command response from userspace to the driver.
|
||||
* If present, it indicates the successful PASN handshake with the peer. If
|
||||
* this flag is not present, it indicates that the PASN handshake with the
|
||||
* peer device failed.
|
||||
*/
|
||||
enum qca_wlan_vendor_attr_pasn_peer {
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEER_INVALID = 0,
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEER_SRC_ADDR = 1,
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAC_ADDR = 2,
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEER_LTF_KEYSEED_REQUIRED = 3,
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEER_STATUS_SUCCESS = 4,
|
||||
|
||||
/* keep last */
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEER_AFTER_LAST,
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEER_MAX =
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEER_AFTER_LAST - 1,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum qca_wlan_vendor_attr_pasn: Defines the attributes used in the
|
||||
* QCA_NL80211_VENDOR_SUBCMD_PASN command.
|
||||
*
|
||||
* @QCA_WLAN_VENDOR_ATTR_PASN_ACTION: u32 attribute, possible values are
|
||||
* defined in enum qca_wlan_vendor_pasn_action and used only in an event
|
||||
* from the driver to userspace.
|
||||
* @QCA_WLAN_VENDOR_ATTR_PASN_PEERS: Nested attribute, used to pass PASN peer
|
||||
* details for each peer and used in both an event and a command response.
|
||||
* The nested attributes used inside QCA_WLAN_VENDOR_ATTR_PASN_PEERS are
|
||||
* defined in enum qca_wlan_vendor_attr_pasn_peer.
|
||||
*/
|
||||
enum qca_wlan_vendor_attr_pasn {
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_INVALID = 0,
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_ACTION = 1,
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_PEERS = 2,
|
||||
|
||||
/* keep last */
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_AFTER_LAST,
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_MAX =
|
||||
QCA_WLAN_VENDOR_ATTR_PASN_AFTER_LAST - 1,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum qca_wlan_vendor_secure_ranging_ctx_action - Used to add or delete
|
||||
* the ranging security context derived from PASN for each peer. Used in
|
||||
* QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_ACTION.
|
||||
*
|
||||
* @QCA_WLAN_VENDOR_SECURE_RANGING_CTX_ACTION_ADD: Add the secure ranging
|
||||
* context for the peer.
|
||||
* @QCA_WLAN_VENDOR_SECURE_RANGING_CTX_ACTION_DELETE: Delete the secure ranging
|
||||
* context for the peer.
|
||||
*/
|
||||
enum qca_wlan_vendor_secure_ranging_ctx_action {
|
||||
QCA_WLAN_VENDOR_SECURE_RANGING_CTX_ACTION_ADD,
|
||||
QCA_WLAN_VENDOR_SECURE_RANGING_CTX_ACTION_DELETE,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum qca_wlan_vendor_sha_type - SHA types. Used to configure the SHA type
|
||||
* used for deriving PASN keys to the driver. Used in
|
||||
* QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE
|
||||
* @QCA_WLAN_VENDOR_SHA_256: SHA-256
|
||||
* @QCA_WLAN_VENDOR_SHA_384: SHA-384
|
||||
*/
|
||||
enum qca_wlan_vendor_sha_type {
|
||||
QCA_WLAN_VENDOR_SHA_256,
|
||||
QCA_WLAN_VENDOR_SHA_384,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum qca_wlan_vendor_attr_secure_ranging_ctx: Defines the attributes used
|
||||
* to set security context for the PASN peer from userspace to the driver.
|
||||
* Used with QCA_NL80211_VENDOR_SUBCMD_SECURE_RANGING_CONTEXT.
|
||||
*
|
||||
* @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_ACTION: u32 attribute, possible
|
||||
* values are defined in enum qca_wlan_vendor_secure_ranging_ctx_action
|
||||
* @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SRC_ADDR: The local MAC address that
|
||||
* was used during the PASN handshake.
|
||||
* @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_PEER_MAC_ADDR: The MAC address of
|
||||
* the peer device for which secure ranging context is being configured.
|
||||
* @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE: u32 attribute, defines the
|
||||
* hash algorithm to be used, possible values are defined in enum
|
||||
* qca_wlan_vendor_sha_type.
|
||||
* @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_TK: Variable length attribute, holds
|
||||
* the temporal key generated from the PASN handshake. The length of this
|
||||
* attribute is dependent on the value of
|
||||
* %QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_CIPHER.
|
||||
* @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_CIPHER: cipher suite to use with the
|
||||
* TK, u32, as defined in IEEE Std 802.11-2020, 9.4.2.24.2 (Cipher suites)
|
||||
* (e.g., 0x000FAC04).
|
||||
* @QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_LTF_KEYSEED: Variable length
|
||||
* attribute, holds the LTF keyseed derived from KDK of PASN handshake.
|
||||
* The length of this attribute is dependent on the value of
|
||||
* %QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE.
|
||||
|
||||
*/
|
||||
enum qca_wlan_vendor_attr_secure_ranging_ctx {
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_INVALID = 0,
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_ACTION = 1,
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SRC_ADDR = 2,
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_PEER_MAC_ADDR = 3,
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_SHA_TYPE = 4,
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_TK = 5,
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_CIPHER = 6,
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_LTF_KEYSEED = 7,
|
||||
|
||||
/* keep last */
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_AFTER_LAST,
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_MAX =
|
||||
QCA_WLAN_VENDOR_ATTR_SECURE_RANGING_CTX_AFTER_LAST - 1,
|
||||
};
|
||||
|
||||
#endif /* QCA_VENDOR_H */
|
||||
|
|
|
|||
Loading…
Reference in a new issue