aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch')
-rw-r--r--package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch509
1 files changed, 509 insertions, 0 deletions
diff --git a/package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch b/package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch
new file mode 100644
index 0000000000..c20d40c049
--- /dev/null
+++ b/package/kernel/mac80211/patches/344-0020-brcmfmac-add-802.11w-management-frame-protection-sup.patch
@@ -0,0 +1,509 @@
+From: Hante Meuleman <hante.meuleman@broadcom.com>
+Date: Wed, 17 Feb 2016 11:27:10 +0100
+Subject: [PATCH] brcmfmac: add 802.11w management frame protection support
+
+Add full support for both AP and STA for management frame protection.
+
+Reviewed-by: Arend Van Spriel <arend.van@broadcom.com>
+Reviewed-by: Franky (Zhenhui) Lin <franky.lin@broadcom.com>
+Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
+Signed-off-by: Hante Meuleman <hante.meuleman@broadcom.com>
+Signed-off-by: Arend van Spriel <arend@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+@@ -72,8 +72,13 @@
+ #define RSN_AKM_NONE 0 /* None (IBSS) */
+ #define RSN_AKM_UNSPECIFIED 1 /* Over 802.1x */
+ #define RSN_AKM_PSK 2 /* Pre-shared Key */
++#define RSN_AKM_SHA256_1X 5 /* SHA256, 802.1X */
++#define RSN_AKM_SHA256_PSK 6 /* SHA256, Pre-shared Key */
+ #define RSN_CAP_LEN 2 /* Length of RSN capabilities */
+-#define RSN_CAP_PTK_REPLAY_CNTR_MASK 0x000C
++#define RSN_CAP_PTK_REPLAY_CNTR_MASK (BIT(2) | BIT(3))
++#define RSN_CAP_MFPR_MASK BIT(6)
++#define RSN_CAP_MFPC_MASK BIT(7)
++#define RSN_PMKID_COUNT_LEN 2
+
+ #define VNDR_IE_CMD_LEN 4 /* length of the set command
+ * string :"add", "del" (+ NUL)
+@@ -211,12 +216,19 @@ static const struct ieee80211_regdomain
+ REG_RULE(5470-10, 5850+10, 80, 6, 20, 0), }
+ };
+
+-static const u32 __wl_cipher_suites[] = {
++/* Note: brcmf_cipher_suites is an array of int defining which cipher suites
++ * are supported. A pointer to this array and the number of entries is passed
++ * on to upper layers. AES_CMAC defines whether or not the driver supports MFP.
++ * So the cipher suite AES_CMAC has to be the last one in the array, and when
++ * device does not support MFP then the number of suites will be decreased by 1
++ */
++static const u32 brcmf_cipher_suites[] = {
+ WLAN_CIPHER_SUITE_WEP40,
+ WLAN_CIPHER_SUITE_WEP104,
+ WLAN_CIPHER_SUITE_TKIP,
+ WLAN_CIPHER_SUITE_CCMP,
+- WLAN_CIPHER_SUITE_AES_CMAC,
++ /* Keep as last entry: */
++ WLAN_CIPHER_SUITE_AES_CMAC
+ };
+
+ /* Vendor specific ie. id = 221, oui and type defines exact ie */
+@@ -1533,7 +1545,7 @@ static s32 brcmf_set_auth_type(struct ne
+
+ static s32
+ brcmf_set_wsec_mode(struct net_device *ndev,
+- struct cfg80211_connect_params *sme, bool mfp)
++ struct cfg80211_connect_params *sme)
+ {
+ struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
+ struct brcmf_cfg80211_security *sec;
+@@ -1592,10 +1604,7 @@ brcmf_set_wsec_mode(struct net_device *n
+ sme->privacy)
+ pval = AES_ENABLED;
+
+- if (mfp)
+- wsec = pval | gval | MFP_CAPABLE;
+- else
+- wsec = pval | gval;
++ wsec = pval | gval;
+ err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wsec", wsec);
+ if (err) {
+ brcmf_err("error (%d)\n", err);
+@@ -1612,56 +1621,100 @@ brcmf_set_wsec_mode(struct net_device *n
+ static s32
+ brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme)
+ {
+- struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
+- struct brcmf_cfg80211_security *sec;
+- s32 val = 0;
+- s32 err = 0;
++ struct brcmf_if *ifp = netdev_priv(ndev);
++ s32 val;
++ s32 err;
++ const struct brcmf_tlv *rsn_ie;
++ const u8 *ie;
++ u32 ie_len;
++ u32 offset;
++ u16 rsn_cap;
++ u32 mfp;
++ u16 count;
+
+- if (sme->crypto.n_akm_suites) {
+- err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev),
+- "wpa_auth", &val);
+- if (err) {
+- brcmf_err("could not get wpa_auth (%d)\n", err);
+- return err;
++ if (!sme->crypto.n_akm_suites)
++ return 0;
++
++ err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), "wpa_auth", &val);
++ if (err) {
++ brcmf_err("could not get wpa_auth (%d)\n", err);
++ return err;
++ }
++ if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
++ switch (sme->crypto.akm_suites[0]) {
++ case WLAN_AKM_SUITE_8021X:
++ val = WPA_AUTH_UNSPECIFIED;
++ break;
++ case WLAN_AKM_SUITE_PSK:
++ val = WPA_AUTH_PSK;
++ break;
++ default:
++ brcmf_err("invalid cipher group (%d)\n",
++ sme->crypto.cipher_group);
++ return -EINVAL;
+ }
+- if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
+- switch (sme->crypto.akm_suites[0]) {
+- case WLAN_AKM_SUITE_8021X:
+- val = WPA_AUTH_UNSPECIFIED;
+- break;
+- case WLAN_AKM_SUITE_PSK:
+- val = WPA_AUTH_PSK;
+- break;
+- default:
+- brcmf_err("invalid cipher group (%d)\n",
+- sme->crypto.cipher_group);
+- return -EINVAL;
+- }
+- } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
+- switch (sme->crypto.akm_suites[0]) {
+- case WLAN_AKM_SUITE_8021X:
+- val = WPA2_AUTH_UNSPECIFIED;
+- break;
+- case WLAN_AKM_SUITE_PSK:
+- val = WPA2_AUTH_PSK;
+- break;
+- default:
+- brcmf_err("invalid cipher group (%d)\n",
+- sme->crypto.cipher_group);
+- return -EINVAL;
+- }
++ } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
++ switch (sme->crypto.akm_suites[0]) {
++ case WLAN_AKM_SUITE_8021X:
++ val = WPA2_AUTH_UNSPECIFIED;
++ break;
++ case WLAN_AKM_SUITE_8021X_SHA256:
++ val = WPA2_AUTH_1X_SHA256;
++ break;
++ case WLAN_AKM_SUITE_PSK_SHA256:
++ val = WPA2_AUTH_PSK_SHA256;
++ break;
++ case WLAN_AKM_SUITE_PSK:
++ val = WPA2_AUTH_PSK;
++ break;
++ default:
++ brcmf_err("invalid cipher group (%d)\n",
++ sme->crypto.cipher_group);
++ return -EINVAL;
+ }
++ }
+
+- brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
+- err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev),
+- "wpa_auth", val);
+- if (err) {
+- brcmf_err("could not set wpa_auth (%d)\n", err);
+- return err;
+- }
++ if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
++ goto skip_mfp_config;
++ /* The MFP mode (1 or 2) needs to be determined, parse IEs. The
++ * IE will not be verified, just a quick search for MFP config
++ */
++ rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie, sme->ie_len,
++ WLAN_EID_RSN);
++ if (!rsn_ie)
++ goto skip_mfp_config;
++ ie = (const u8 *)rsn_ie;
++ ie_len = rsn_ie->len + TLV_HDR_LEN;
++ /* Skip unicast suite */
++ offset = TLV_HDR_LEN + WPA_IE_VERSION_LEN + WPA_IE_MIN_OUI_LEN;
++ if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
++ goto skip_mfp_config;
++ /* Skip multicast suite */
++ count = ie[offset] + (ie[offset + 1] << 8);
++ offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
++ if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
++ goto skip_mfp_config;
++ /* Skip auth key management suite(s) */
++ count = ie[offset] + (ie[offset + 1] << 8);
++ offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
++ if (offset + WPA_IE_SUITE_COUNT_LEN > ie_len)
++ goto skip_mfp_config;
++ /* Ready to read capabilities */
++ mfp = BRCMF_MFP_NONE;
++ rsn_cap = ie[offset] + (ie[offset + 1] << 8);
++ if (rsn_cap & RSN_CAP_MFPR_MASK)
++ mfp = BRCMF_MFP_REQUIRED;
++ else if (rsn_cap & RSN_CAP_MFPC_MASK)
++ mfp = BRCMF_MFP_CAPABLE;
++ brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "mfp", mfp);
++
++skip_mfp_config:
++ brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
++ err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val);
++ if (err) {
++ brcmf_err("could not set wpa_auth (%d)\n", err);
++ return err;
+ }
+- sec = &profile->sec;
+- sec->wpa_auth = sme->crypto.akm_suites[0];
+
+ return err;
+ }
+@@ -1827,7 +1880,7 @@ brcmf_cfg80211_connect(struct wiphy *wip
+ goto done;
+ }
+
+- err = brcmf_set_wsec_mode(ndev, sme, sme->mfp == NL80211_MFP_REQUIRED);
++ err = brcmf_set_wsec_mode(ndev, sme);
+ if (err) {
+ brcmf_err("wl_set_set_cipher failed (%d)\n", err);
+ goto done;
+@@ -2077,10 +2130,12 @@ brcmf_cfg80211_del_key(struct wiphy *wip
+ u8 key_idx, bool pairwise, const u8 *mac_addr)
+ {
+ struct brcmf_if *ifp = netdev_priv(ndev);
+- struct brcmf_wsec_key key;
+- s32 err = 0;
++ struct brcmf_wsec_key *key;
++ s32 err;
+
+ brcmf_dbg(TRACE, "Enter\n");
++ brcmf_dbg(CONN, "key index (%d)\n", key_idx);
++
+ if (!check_vif_up(ifp->vif))
+ return -EIO;
+
+@@ -2089,16 +2144,19 @@ brcmf_cfg80211_del_key(struct wiphy *wip
+ return -EINVAL;
+ }
+
+- memset(&key, 0, sizeof(key));
++ key = &ifp->vif->profile.key[key_idx];
+
+- key.index = (u32)key_idx;
+- key.flags = BRCMF_PRIMARY_KEY;
+- key.algo = CRYPTO_ALGO_OFF;
++ if (key->algo == CRYPTO_ALGO_OFF) {
++ brcmf_dbg(CONN, "Ignore clearing of (never configured) key\n");
++ return -EINVAL;
++ }
+
+- brcmf_dbg(CONN, "key index (%d)\n", key_idx);
++ memset(key, 0, sizeof(*key));
++ key->index = (u32)key_idx;
++ key->flags = BRCMF_PRIMARY_KEY;
+
+- /* Set the new key/index */
+- err = send_key_to_dongle(ifp, &key);
++ /* Clear the key/index */
++ err = send_key_to_dongle(ifp, key);
+
+ brcmf_dbg(TRACE, "Exit\n");
+ return err;
+@@ -2106,8 +2164,8 @@ brcmf_cfg80211_del_key(struct wiphy *wip
+
+ static s32
+ brcmf_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
+- u8 key_idx, bool pairwise, const u8 *mac_addr,
+- struct key_params *params)
++ u8 key_idx, bool pairwise, const u8 *mac_addr,
++ struct key_params *params)
+ {
+ struct brcmf_if *ifp = netdev_priv(ndev);
+ struct brcmf_wsec_key *key;
+@@ -2214,9 +2272,10 @@ done:
+ }
+
+ static s32
+-brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev,
+- u8 key_idx, bool pairwise, const u8 *mac_addr, void *cookie,
+- void (*callback) (void *cookie, struct key_params * params))
++brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, u8 key_idx,
++ bool pairwise, const u8 *mac_addr, void *cookie,
++ void (*callback)(void *cookie,
++ struct key_params *params))
+ {
+ struct key_params params;
+ struct brcmf_if *ifp = netdev_priv(ndev);
+@@ -2268,8 +2327,15 @@ done:
+
+ static s32
+ brcmf_cfg80211_config_default_mgmt_key(struct wiphy *wiphy,
+- struct net_device *ndev, u8 key_idx)
++ struct net_device *ndev, u8 key_idx)
+ {
++ struct brcmf_if *ifp = netdev_priv(ndev);
++
++ brcmf_dbg(TRACE, "Enter key_idx %d\n", key_idx);
++
++ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
++ return 0;
++
+ brcmf_dbg(INFO, "Not supported\n");
+
+ return -EOPNOTSUPP;
+@@ -3769,7 +3835,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
+ u32 auth = 0; /* d11 open authentication */
+ u16 count;
+ s32 err = 0;
+- s32 len = 0;
++ s32 len;
+ u32 i;
+ u32 wsec;
+ u32 pval = 0;
+@@ -3779,6 +3845,7 @@ brcmf_configure_wpaie(struct brcmf_if *i
+ u8 *data;
+ u16 rsn_cap;
+ u32 wme_bss_disable;
++ u32 mfp;
+
+ brcmf_dbg(TRACE, "Enter\n");
+ if (wpa_ie == NULL)
+@@ -3893,19 +3960,53 @@ brcmf_configure_wpaie(struct brcmf_if *i
+ is_rsn_ie ? (wpa_auth |= WPA2_AUTH_PSK) :
+ (wpa_auth |= WPA_AUTH_PSK);
+ break;
++ case RSN_AKM_SHA256_PSK:
++ brcmf_dbg(TRACE, "RSN_AKM_MFP_PSK\n");
++ wpa_auth |= WPA2_AUTH_PSK_SHA256;
++ break;
++ case RSN_AKM_SHA256_1X:
++ brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n");
++ wpa_auth |= WPA2_AUTH_1X_SHA256;
++ break;
+ default:
+ brcmf_err("Ivalid key mgmt info\n");
+ }
+ offset++;
+ }
+
++ mfp = BRCMF_MFP_NONE;
+ if (is_rsn_ie) {
+ wme_bss_disable = 1;
+ if ((offset + RSN_CAP_LEN) <= len) {
+ rsn_cap = data[offset] + (data[offset + 1] << 8);
+ if (rsn_cap & RSN_CAP_PTK_REPLAY_CNTR_MASK)
+ wme_bss_disable = 0;
++ if (rsn_cap & RSN_CAP_MFPR_MASK) {
++ brcmf_dbg(TRACE, "MFP Required\n");
++ mfp = BRCMF_MFP_REQUIRED;
++ /* Firmware only supports mfp required in
++ * combination with WPA2_AUTH_PSK_SHA256 or
++ * WPA2_AUTH_1X_SHA256.
++ */
++ if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 |
++ WPA2_AUTH_1X_SHA256))) {
++ err = -EINVAL;
++ goto exit;
++ }
++ /* Firmware has requirement that WPA2_AUTH_PSK/
++ * WPA2_AUTH_UNSPECIFIED be set, if SHA256 OUI
++ * is to be included in the rsn ie.
++ */
++ if (wpa_auth & WPA2_AUTH_PSK_SHA256)
++ wpa_auth |= WPA2_AUTH_PSK;
++ else if (wpa_auth & WPA2_AUTH_1X_SHA256)
++ wpa_auth |= WPA2_AUTH_UNSPECIFIED;
++ } else if (rsn_cap & RSN_CAP_MFPC_MASK) {
++ brcmf_dbg(TRACE, "MFP Capable\n");
++ mfp = BRCMF_MFP_CAPABLE;
++ }
+ }
++ offset += RSN_CAP_LEN;
+ /* set wme_bss_disable to sync RSN Capabilities */
+ err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable",
+ wme_bss_disable);
+@@ -3913,6 +4014,21 @@ brcmf_configure_wpaie(struct brcmf_if *i
+ brcmf_err("wme_bss_disable error %d\n", err);
+ goto exit;
+ }
++
++ /* Skip PMKID cnt as it is know to be 0 for AP. */
++ offset += RSN_PMKID_COUNT_LEN;
++
++ /* See if there is BIP wpa suite left for MFP */
++ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP) &&
++ ((offset + WPA_IE_MIN_OUI_LEN) <= len)) {
++ err = brcmf_fil_bsscfg_data_set(ifp, "bip",
++ &data[offset],
++ WPA_IE_MIN_OUI_LEN);
++ if (err < 0) {
++ brcmf_err("bip error %d\n", err);
++ goto exit;
++ }
++ }
+ }
+ /* FOR WPS , set SES_OW_ENABLED */
+ wsec = (pval | gval | SES_OW_ENABLED);
+@@ -3929,6 +4045,16 @@ brcmf_configure_wpaie(struct brcmf_if *i
+ brcmf_err("wsec error %d\n", err);
+ goto exit;
+ }
++ /* Configure MFP, this needs to go after wsec otherwise the wsec command
++ * will overwrite the values set by MFP
++ */
++ if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) {
++ err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp);
++ if (err < 0) {
++ brcmf_err("mfp error %d\n", err);
++ goto exit;
++ }
++ }
+ /* set upper-layer auth */
+ err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_auth);
+ if (err < 0) {
+@@ -6149,8 +6275,10 @@ static int brcmf_setup_wiphy(struct wiph
+ wiphy->n_addresses = i;
+
+ wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
+- wiphy->cipher_suites = __wl_cipher_suites;
+- wiphy->n_cipher_suites = ARRAY_SIZE(__wl_cipher_suites);
++ wiphy->cipher_suites = brcmf_cipher_suites;
++ wiphy->n_cipher_suites = ARRAY_SIZE(brcmf_cipher_suites);
++ if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
++ wiphy->n_cipher_suites--;
+ wiphy->flags |= WIPHY_FLAG_PS_ON_BY_DEFAULT |
+ WIPHY_FLAG_OFFCHAN_TX |
+ WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
+@@ -72,7 +72,7 @@
+
+ #define BRCMF_VNDR_IE_P2PAF_SHIFT 12
+
+-#define BRCMF_MAX_DEFAULT_KEYS 4
++#define BRCMF_MAX_DEFAULT_KEYS 6
+
+ /* beacon loss timeout defaults */
+ #define BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON 2
+@@ -107,7 +107,6 @@ struct brcmf_cfg80211_security {
+ u32 auth_type;
+ u32 cipher_pairwise;
+ u32 cipher_group;
+- u32 wpa_auth;
+ };
+
+ /**
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
+@@ -161,6 +161,7 @@ void brcmf_feat_attach(struct brcmf_pub
+ ifp->drvr->feat_flags &= ~BIT(BRCMF_FEAT_MBSS);
+ brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_RSDB, "rsdb_mode");
+ brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_TDLS, "tdls_enable");
++ brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_MFP, "mfp");
+
+ pfn_mac.version = BRCMF_PFN_MACADDR_CFG_VER;
+ err = brcmf_fil_iovar_data_get(ifp, "pfn_macaddr", &pfn_mac,
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.h
+@@ -30,6 +30,7 @@
+ * WOWL_ND: WOWL net detect (PNO)
+ * WOWL_GTK: (WOWL) GTK rekeying offload
+ * WOWL_ARP_ND: ARP and Neighbor Discovery offload support during WOWL.
++ * MFP: 802.11w Management Frame Protection.
+ */
+ #define BRCMF_FEAT_LIST \
+ BRCMF_FEAT_DEF(MBSS) \
+@@ -42,7 +43,8 @@
+ BRCMF_FEAT_DEF(SCAN_RANDOM_MAC) \
+ BRCMF_FEAT_DEF(WOWL_ND) \
+ BRCMF_FEAT_DEF(WOWL_GTK) \
+- BRCMF_FEAT_DEF(WOWL_ARP_ND)
++ BRCMF_FEAT_DEF(WOWL_ARP_ND) \
++ BRCMF_FEAT_DEF(MFP)
+
+ /*
+ * Quirks:
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
+@@ -142,6 +142,10 @@
+ #define BRCMF_RSN_KEK_LENGTH 16
+ #define BRCMF_RSN_REPLAY_LEN 8
+
++#define BRCMF_MFP_NONE 0
++#define BRCMF_MFP_CAPABLE 1
++#define BRCMF_MFP_REQUIRED 2
++
+ /* join preference types for join_pref iovar */
+ enum brcmf_join_pref_types {
+ BRCMF_JOIN_PREF_RSSI = 1,
+--- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h
++++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h
+@@ -236,6 +236,8 @@ static inline bool ac_bitmap_tst(u8 bitm
+ #define WPA2_AUTH_RESERVED3 0x0200
+ #define WPA2_AUTH_RESERVED4 0x0400
+ #define WPA2_AUTH_RESERVED5 0x0800
++#define WPA2_AUTH_1X_SHA256 0x1000 /* 1X with SHA256 key derivation */
++#define WPA2_AUTH_PSK_SHA256 0x8000 /* PSK with SHA256 key derivation */
+
+ #define DOT11_DEFAULT_RTS_LEN 2347
+ #define DOT11_DEFAULT_FRAG_LEN 2346
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-06 07:23:13 +0000