diff options
author | Rafał Miłecki <zajec5@gmail.com> | 2016-03-07 22:37:09 +0000 |
---|---|---|
committer | Rafał Miłecki <zajec5@gmail.com> | 2016-03-07 22:37:09 +0000 |
commit | f5317ed5d2e06765982b44fb4f42b80686790b37 (patch) | |
tree | 9ebd76a7389d8bf6d7849c1f9c7d412c4fbab2d4 /package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch | |
parent | 296abba16141996aaaa510ca9b3bb41fc169ff36 (diff) | |
download | upstream-f5317ed5d2e06765982b44fb4f42b80686790b37.tar.gz upstream-f5317ed5d2e06765982b44fb4f42b80686790b37.tar.bz2 upstream-f5317ed5d2e06765982b44fb4f42b80686790b37.zip |
mac80211: backport brcmfmac patchset with driver setting concept
This prepares brcmfmac for better country handling and fixes BCM4360
support which was always failing with:
[ 13.249195] brcmfmac: brcmf_pcie_download_fw_nvram: FW failed to initialize
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48959
Diffstat (limited to 'package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch')
-rw-r--r-- | package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch | 509 |
1 files changed, 509 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch b/package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch new file mode 100644 index 0000000000..c20d40c049 --- /dev/null +++ b/package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch @@ -0,0 +1,509 @@ +From: Hante Meuleman <hante.meuleman@broadcom.com> +Date: Wed, 17 Feb 2016 11:27:10 +0100 +Subject: [PATCH] brcmfmac: add 802.11w management frame protection support + +Add full support for both AP and STA for management frame protection. + +Reviewed-by: Arend Van Spriel <arend.van@broadcom.com> +Reviewed-by: Franky (Zhenhui) Lin <franky.lin@broadcom.com> +Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com> +Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com> +Signed-off-by: Arend van Spriel <arend@broadcom.com> +Signed-off-by: Kalle Valo <kvalo@codeaurora.org> +--- + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +@@ -72,8 +72,13 @@ + #define RSN_AKM_NONE 0 /* None (IBSS) */ + #define RSN_AKM_UNSPECIFIED 1 /* Over 802.1x */ + #define RSN_AKM_PSK 2 /* Pre-shared Key */ ++#define RSN_AKM_SHA256_1X 5 /* SHA256, 802.1X */ ++#define RSN_AKM_SHA256_PSK 6 /* SHA256, Pre-shared Key */ + #define RSN_CAP_LEN 2 /* Length of RSN capabilities */ +-#define RSN_CAP_PTK_REPLAY_CNTR_MASK 0x000C ++#define RSN_CAP_PTK_REPLAY_CNTR_MASK (BIT(2) | BIT(3)) ++#define RSN_CAP_MFPR_MASK BIT(6) ++#define RSN_CAP_MFPC_MASK BIT(7) ++#define RSN_PMKID_COUNT_LEN 2 + + #define VNDR_IE_CMD_LEN 4 /* length of the set command + * string :"add", "del" (+ NUL) +@@ -211,12 +216,19 @@ static const struct ieee80211_regdomain + REG_RULE(5470-10, 5850+10, 80, 6, 20, 0), } + }; + +-static const u32 __wl_cipher_suites[] = { ++/* Note: brcmf_cipher_suites is an array of int defining which cipher suites ++ * are supported. A pointer to this array and the number of entries is passed ++ * on to upper layers. AES_CMAC defines whether or not the driver supports MFP. ++ * So the cipher suite AES_CMAC has to be the last one in the array, and when ++ * device does not support MFP then the number of suites will be decreased by 1 ++ */ ++static const u32 brcmf_cipher_suites[] = { + WLAN_CIPHER_SUITE_WEP40, + WLAN_CIPHER_SUITE_WEP104, + WLAN_CIPHER_SUITE_TKIP, + WLAN_CIPHER_SUITE_CCMP, +- WLAN_CIPHER_SUITE_AES_CMAC, ++ /* Keep as last entry: */ ++ WLAN_CIPHER_SUITE_AES_CMAC + }; + + /* Vendor specific ie. id = 221, oui and type defines exact ie */ +@@ -1533,7 +1545,7 @@ static s32 brcmf_set_auth_type(struct ne + + static s32 + brcmf_set_wsec_mode(struct net_device *ndev, +- struct cfg80211_connect_params *sme, bool mfp) ++ struct cfg80211_connect_params *sme) + { + struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev); + struct brcmf_cfg80211_security *sec; +@@ -1592,10 +1604,7 @@ brcmf_set_wsec_mode(struct net_device *n + sme->privacy) + pval = AES_ENABLED; + +- if (mfp) +- wsec = pval | gval | MFP_CAPABLE; +- else +- wsec = pval | gval; ++ wsec = pval | gval; + err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wsec", wsec); + if (err) { + brcmf_err("error (%d)\n", err); +@@ -1612,56 +1621,100 @@ brcmf_set_wsec_mode(struct net_device *n + static s32 + brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme) + { +- struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev); +- struct brcmf_cfg80211_security *sec; +- s32 val = 0; +- s32 err = 0; ++ struct brcmf_if *ifp = netdev_priv(ndev); ++ s32 val; ++ s32 err; ++ const struct brcmf_tlv *rsn_ie; ++ const u8 *ie; ++ u32 ie_len; ++ u32 offset; ++ u16 rsn_cap; ++ u32 mfp; ++ u16 count; + +- if (sme->crypto.n_akm_suites) { +- err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), +- "wpa_auth", &val); +- if (err) { +- brcmf_err("could not get wpa_auth (%d)\n", err); +- return err; ++ if (!sme->crypto.n_akm_suites) ++ return 0; ++ ++ err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), "wpa_auth", &val); ++ if (err) { ++ brcmf_err("could not get wpa_auth (%d)\n", err); ++ return err; ++ } ++ if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) { ++ switch (sme->crypto.akm_suites[0]) { ++ case WLAN_AKM_SUITE_8021X: ++ val = WPA_AUTH_UNSPECIFIED; ++ break; ++ case WLAN_AKM_SUITE_PSK: ++ val = WPA_AUTH_PSK; ++ break; ++ default: ++ brcmf_err("invalid cipher group (%d)\n", ++ sme->crypto.cipher_group); ++ return -EINVAL; + } +- if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) { +- switch (sme->crypto.akm_suites[0]) { +- case WLAN_AKM_SUITE_8021X: +- val = WPA_AUTH_UNSPECIFIED; +- break; +- case WLAN_AKM_SUITE_PSK: +- val = WPA_AUTH_PSK; +- break; +- default: +- brcmf_err("invalid cipher group (%d)\n", +- sme->crypto.cipher_group); +- return -EINVAL; +- } +- } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) { +- switch (sme->crypto.akm_suites[0]) { +- case WLAN_AKM_SUITE_8021X: +- val = WPA2_AUTH_UNSPECIFIED; +- break; +- case WLAN_AKM_SUITE_PSK: +- val = WPA2_AUTH_PSK; +- break; +- default: +- brcmf_err("invalid cipher group (%d)\n", +- sme->crypto.cipher_group); +- return -EINVAL; +- } ++ } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) { ++ switch (sme->crypto.akm_suites[0]) { ++ case WLAN_AKM_SUITE_8021X: ++ val = WPA2_AUTH_UNSPECIFIED; ++ break; ++ case WLAN_AKM_SUITE_8021X_SHA256: ++ val = WPA2_AUTH_1X_SHA256; ++ break; ++ case WLAN_AKM_SUITE_PSK_SHA256: ++ val = WPA2_AUTH_PSK_SHA256; ++ break; ++ case WLAN_AKM_SUITE_PSK: ++ val = WPA2_AUTH_PSK; ++ break; ++ default: ++ brcmf_err("invalid cipher group (%d)\n", ++ sme->crypto.cipher_group); ++ return -EINVAL; + } ++ } + +- brcmf_dbg(CONN, "setting wpa_auth to %d\n", val); +- err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), +- "wpa_auth", val); +- if (err) { +- brcmf_err("could not set wpa_auth (%d)\n", err); +- return err; +- } ++ if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) ++ goto skip_mfp_config; ++ /* The MFP mode (1 or 2) needs to be determined, parse IEs. The ++ * IE will not be verified, just a quick search for MFP config ++ */ ++ rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie, sme->ie_len, ++ WLAN_EID_RSN); ++ if (!rsn_ie) ++ goto skip_mfp_config; ++ ie = (const u8 *)rsn_ie; ++ ie_len = rsn_ie->len + TLV_HDR_LEN; ++ /* Skip unicast suite */ ++ offset = TLV_HDR_LEN + WPA_IE_VERSION_LEN + WPA_IE_MIN_OUI_LEN; ++ if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len) ++ goto skip_mfp_config; ++ /* Skip multicast suite */ ++ count = ie[offset] + (ie[offset + 1] << 8); ++ offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN); ++ if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len) ++ goto skip_mfp_config; ++ /* Skip auth key management suite(s) */ ++ count = ie[offset] + (ie[offset + 1] << 8); ++ offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN); ++ if (offset + WPA_IE_SUITE_COUNT_LEN > ie_len) ++ goto skip_mfp_config; ++ /* Ready to read capabilities */ ++ mfp = BRCMF_MFP_NONE; ++ rsn_cap = ie[offset] + (ie[offset + 1] << 8); ++ if (rsn_cap & RSN_CAP_MFPR_MASK) ++ mfp = BRCMF_MFP_REQUIRED; ++ else if (rsn_cap & RSN_CAP_MFPC_MASK) ++ mfp = BRCMF_MFP_CAPABLE; ++ brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "mfp", mfp); ++ ++skip_mfp_config: ++ brcmf_dbg(CONN, "setting wpa_auth to %d\n", val); ++ err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val); ++ if (err) { ++ brcmf_err("could not set wpa_auth (%d)\n", err); ++ return err; + } +- sec = &profile->sec; +- sec->wpa_auth = sme->crypto.akm_suites[0]; + + return err; + } +@@ -1827,7 +1880,7 @@ brcmf_cfg80211_connect(struct wiphy *wip + goto done; + } + +- err = brcmf_set_wsec_mode(ndev, sme, sme->mfp == NL80211_MFP_REQUIRED); ++ err = brcmf_set_wsec_mode(ndev, sme); + if (err) { + brcmf_err("wl_set_set_cipher failed (%d)\n", err); + goto done; +@@ -2077,10 +2130,12 @@ brcmf_cfg80211_del_key(struct wiphy *wip + u8 key_idx, bool pairwise, const u8 *mac_addr) + { + struct brcmf_if *ifp = netdev_priv(ndev); +- struct brcmf_wsec_key key; +- s32 err = 0; ++ struct brcmf_wsec_key *key; ++ s32 err; + + brcmf_dbg(TRACE, "Enter\n"); ++ brcmf_dbg(CONN, "key index (%d)\n", key_idx); ++ + if (!check_vif_up(ifp->vif)) + return -EIO; + +@@ -2089,16 +2144,19 @@ brcmf_cfg80211_del_key(struct wiphy *wip + return -EINVAL; + } + +- memset(&key, 0, sizeof(key)); ++ key = &ifp->vif->profile.key[key_idx]; + +- key.index = (u32)key_idx; +- key.flags = BRCMF_PRIMARY_KEY; +- key.algo = CRYPTO_ALGO_OFF; ++ if (key->algo == CRYPTO_ALGO_OFF) { ++ brcmf_dbg(CONN, "Ignore clearing of (never configured) key\n"); ++ return -EINVAL; ++ } + +- brcmf_dbg(CONN, "key index (%d)\n", key_idx); ++ memset(key, 0, sizeof(*key)); ++ key->index = (u32)key_idx; ++ key->flags = BRCMF_PRIMARY_KEY; + +- /* Set the new key/index */ +- err = send_key_to_dongle(ifp, &key); ++ /* Clear the key/index */ ++ err = send_key_to_dongle(ifp, key); + + brcmf_dbg(TRACE, "Exit\n"); + return err; +@@ -2106,8 +2164,8 @@ brcmf_cfg80211_del_key(struct wiphy *wip + + static s32 + brcmf_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev, +- u8 key_idx, bool pairwise, const u8 *mac_addr, +- struct key_params *params) ++ u8 key_idx, bool pairwise, const u8 *mac_addr, ++ struct key_params *params) + { + struct brcmf_if *ifp = netdev_priv(ndev); + struct brcmf_wsec_key *key; +@@ -2214,9 +2272,10 @@ done: + } + + static s32 +-brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, +- u8 key_idx, bool pairwise, const u8 *mac_addr, void *cookie, +- void (*callback) (void *cookie, struct key_params * params)) ++brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, u8 key_idx, ++ bool pairwise, const u8 *mac_addr, void *cookie, ++ void (*callback)(void *cookie, ++ struct key_params *params)) + { + struct key_params params; + struct brcmf_if *ifp = netdev_priv(ndev); +@@ -2268,8 +2327,15 @@ done: + + static s32 + brcmf_cfg80211_config_default_mgmt_key(struct wiphy *wiphy, +- struct net_device *ndev, u8 key_idx) ++ struct net_device *ndev, u8 key_idx) + { ++ struct brcmf_if *ifp = netdev_priv(ndev); ++ ++ brcmf_dbg(TRACE, "Enter key_idx %d\n", key_idx); ++ ++ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) ++ return 0; ++ + brcmf_dbg(INFO, "Not supported\n"); + + return -EOPNOTSUPP; +@@ -3769,7 +3835,7 @@ brcmf_configure_wpaie(struct brcmf_if *i + u32 auth = 0; /* d11 open authentication */ + u16 count; + s32 err = 0; +- s32 len = 0; ++ s32 len; + u32 i; + u32 wsec; + u32 pval = 0; +@@ -3779,6 +3845,7 @@ brcmf_configure_wpaie(struct brcmf_if *i + u8 *data; + u16 rsn_cap; + u32 wme_bss_disable; ++ u32 mfp; + + brcmf_dbg(TRACE, "Enter\n"); + if (wpa_ie == NULL) +@@ -3893,19 +3960,53 @@ brcmf_configure_wpaie(struct brcmf_if *i + is_rsn_ie ? (wpa_auth |= WPA2_AUTH_PSK) : + (wpa_auth |= WPA_AUTH_PSK); + break; ++ case RSN_AKM_SHA256_PSK: ++ brcmf_dbg(TRACE, "RSN_AKM_MFP_PSK\n"); ++ wpa_auth |= WPA2_AUTH_PSK_SHA256; ++ break; ++ case RSN_AKM_SHA256_1X: ++ brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n"); ++ wpa_auth |= WPA2_AUTH_1X_SHA256; ++ break; + default: + brcmf_err("Ivalid key mgmt info\n"); + } + offset++; + } + ++ mfp = BRCMF_MFP_NONE; + if (is_rsn_ie) { + wme_bss_disable = 1; + if ((offset + RSN_CAP_LEN) <= len) { + rsn_cap = data[offset] + (data[offset + 1] << 8); + if (rsn_cap & RSN_CAP_PTK_REPLAY_CNTR_MASK) + wme_bss_disable = 0; ++ if (rsn_cap & RSN_CAP_MFPR_MASK) { ++ brcmf_dbg(TRACE, "MFP Required\n"); ++ mfp = BRCMF_MFP_REQUIRED; ++ /* Firmware only supports mfp required in ++ * combination with WPA2_AUTH_PSK_SHA256 or ++ * WPA2_AUTH_1X_SHA256. ++ */ ++ if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 | ++ WPA2_AUTH_1X_SHA256))) { ++ err = -EINVAL; ++ goto exit; ++ } ++ /* Firmware has requirement that WPA2_AUTH_PSK/ ++ * WPA2_AUTH_UNSPECIFIED be set, if SHA256 OUI ++ * is to be included in the rsn ie. ++ */ ++ if (wpa_auth & WPA2_AUTH_PSK_SHA256) ++ wpa_auth |= WPA2_AUTH_PSK; ++ else if (wpa_auth & WPA2_AUTH_1X_SHA256) ++ wpa_auth |= WPA2_AUTH_UNSPECIFIED; ++ } else if (rsn_cap & RSN_CAP_MFPC_MASK) { ++ brcmf_dbg(TRACE, "MFP Capable\n"); ++ mfp = BRCMF_MFP_CAPABLE; ++ } + } ++ offset += RSN_CAP_LEN; + /* set wme_bss_disable to sync RSN Capabilities */ + err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable", + wme_bss_disable); +@@ -3913,6 +4014,21 @@ brcmf_configure_wpaie(struct brcmf_if *i + brcmf_err("wme_bss_disable error %d\n", err); + goto exit; + } ++ ++ /* Skip PMKID cnt as it is know to be 0 for AP. */ ++ offset += RSN_PMKID_COUNT_LEN; ++ ++ /* See if there is BIP wpa suite left for MFP */ ++ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP) && ++ ((offset + WPA_IE_MIN_OUI_LEN) <= len)) { ++ err = brcmf_fil_bsscfg_data_set(ifp, "bip", ++ &data[offset], ++ WPA_IE_MIN_OUI_LEN); ++ if (err < 0) { ++ brcmf_err("bip error %d\n", err); ++ goto exit; ++ } ++ } + } + /* FOR WPS , set SES_OW_ENABLED */ + wsec = (pval | gval | SES_OW_ENABLED); +@@ -3929,6 +4045,16 @@ brcmf_configure_wpaie(struct brcmf_if *i + brcmf_err("wsec error %d\n", err); + goto exit; + } ++ /* Configure MFP, this needs to go after wsec otherwise the wsec command ++ * will overwrite the values set by MFP ++ */ ++ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) { ++ err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp); ++ if (err < 0) { ++ brcmf_err("mfp error %d\n", err); ++ goto exit; ++ } ++ } + /* set upper-layer auth */ + err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_auth); + if (err < 0) { +@@ -6149,8 +6275,10 @@ static int brcmf_setup_wiphy(struct wiph + wiphy->n_addresses = i; + + wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM; +- wiphy->cipher_suites = __wl_cipher_suites; +- wiphy->n_cipher_suites = ARRAY_SIZE(__wl_cipher_suites); ++ wiphy->cipher_suites = brcmf_cipher_suites; ++ wiphy->n_cipher_suites = ARRAY_SIZE(brcmf_cipher_suites); ++ if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) ++ wiphy->n_cipher_suites--; + wiphy->flags |= WIPHY_FLAG_PS_ON_BY_DEFAULT | + WIPHY_FLAG_OFFCHAN_TX | + WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL; +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h +@@ -72,7 +72,7 @@ + + #define BRCMF_VNDR_IE_P2PAF_SHIFT 12 + +-#define BRCMF_MAX_DEFAULT_KEYS 4 ++#define BRCMF_MAX_DEFAULT_KEYS 6 + + /* beacon loss timeout defaults */ + #define BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON 2 +@@ -107,7 +107,6 @@ struct brcmf_cfg80211_security { + u32 auth_type; + u32 cipher_pairwise; + u32 cipher_group; +- u32 wpa_auth; + }; + + /** +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c +@@ -161,6 +161,7 @@ void brcmf_feat_attach(struct brcmf_pub + ifp->drvr->feat_flags &= ~BIT(BRCMF_FEAT_MBSS); + brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_RSDB, "rsdb_mode"); + brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_TDLS, "tdls_enable"); ++ brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_MFP, "mfp"); + + pfn_mac.version = BRCMF_PFN_MACADDR_CFG_VER; + err = brcmf_fil_iovar_data_get(ifp, "pfn_macaddr", &pfn_mac, +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h +@@ -30,6 +30,7 @@ + * WOWL_ND: WOWL net detect (PNO) + * WOWL_GTK: (WOWL) GTK rekeying offload + * WOWL_ARP_ND: ARP and Neighbor Discovery offload support during WOWL. ++ * MFP: 802.11w Management Frame Protection. + */ + #define BRCMF_FEAT_LIST \ + BRCMF_FEAT_DEF(MBSS) \ +@@ -42,7 +43,8 @@ + BRCMF_FEAT_DEF(SCAN_RANDOM_MAC) \ + BRCMF_FEAT_DEF(WOWL_ND) \ + BRCMF_FEAT_DEF(WOWL_GTK) \ +- BRCMF_FEAT_DEF(WOWL_ARP_ND) ++ BRCMF_FEAT_DEF(WOWL_ARP_ND) \ ++ BRCMF_FEAT_DEF(MFP) + + /* + * Quirks: +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h +@@ -142,6 +142,10 @@ + #define BRCMF_RSN_KEK_LENGTH 16 + #define BRCMF_RSN_REPLAY_LEN 8 + ++#define BRCMF_MFP_NONE 0 ++#define BRCMF_MFP_CAPABLE 1 ++#define BRCMF_MFP_REQUIRED 2 ++ + /* join preference types for join_pref iovar */ + enum brcmf_join_pref_types { + BRCMF_JOIN_PREF_RSSI = 1, +--- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h ++++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h +@@ -236,6 +236,8 @@ static inline bool ac_bitmap_tst(u8 bitm + #define WPA2_AUTH_RESERVED3 0x0200 + #define WPA2_AUTH_RESERVED4 0x0400 + #define WPA2_AUTH_RESERVED5 0x0800 ++#define WPA2_AUTH_1X_SHA256 0x1000 /* 1X with SHA256 key derivation */ ++#define WPA2_AUTH_PSK_SHA256 0x8000 /* PSK with SHA256 key derivation */ + + #define DOT11_DEFAULT_RTS_LEN 2347 + #define DOT11_DEFAULT_FRAG_LEN 2346 |