From 40d66c29a658a4d60f7598586aafc2a2aa31a3cf Mon Sep 17 00:00:00 2001
From: KOLANICH <kolan_n@mail.ru>
Date: Fri, 17 Dec 2021 00:00:00 +0000
Subject: [PATCH 3/3] Trying to implement cyphersuites support by porting some code from brcm80211. Doesn't work.

---
 src/include/wlioctl.h           |  5 +++++
 src/wl/sys/wl_cfg80211_hybrid.c | 18 +++++++++++++++++-
 src/wl/sys/wl_iw.c              | 11 +++++++++++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/include/wlioctl.h b/src/include/wlioctl.h
index 2c05c7c..a7b92fc 100644
--- a/src/include/wlioctl.h
+++ b/src/include/wlioctl.h
@@ -234,10 +234,15 @@ typedef struct {
 #define BRCM_AUTH_PSK           0x0100  
 #define BRCM_AUTH_DPT		0x0200	
 #define WPA2_AUTH_MFP           0x1000  
+#define WPA2_AUTH_1X_SHA256	0x1000  /* 1X with SHA256 key derivation */
+#define WPA2_AUTH_PSK_SHA256	0x8000	/* PSK with SHA256 key derivation */
+
 #define WPA2_AUTH_TPK		0x2000 	
 #define WPA2_AUTH_FT		0x4000 	
 #define WPA_AUTH_PFN_ANY	0xffffffff	
 
+#define WPA3_AUTH_SAE_PSK	0x40000	/* SAE with 4-way handshake */
+
 #define	MAXPMKID		16
 
 typedef struct _pmkid {
diff --git a/src/wl/sys/wl_cfg80211_hybrid.c b/src/wl/sys/wl_cfg80211_hybrid.c
index 48ec2a2..740805c 100644
--- a/src/wl/sys/wl_cfg80211_hybrid.c
+++ b/src/wl/sys/wl_cfg80211_hybrid.c
@@ -916,7 +916,7 @@ wl_set_key_mgmt(struct net_device *dev, struct cfg80211_connect_params *sme)
 				val = WPA2_AUTH_UNSPECIFIED;
 				break;
 			case WLAN_AKM_SUITE_PSK_SHA256:
-				//val = WPA2_AUTH_PSK_SHA256;
+				val = WPA2_AUTH_PSK_SHA256;
 				WL_ERR(("unsupported akm suite (WLAN_AKM_SUITE_PSK_SHA256). Disable WPA-PSK-SHA256 in hostapd config (or explicitly set ieee80211w=0 in OpenWRT UCI) as a workaround. Or alternatively find the way to implement it (IDK if the firmware has to be fixed too).\n"));
 				return -EINVAL;
 				break;
@@ -930,6 +930,22 @@ wl_set_key_mgmt(struct net_device *dev, struct cfg80211_connect_params *sme)
 		} else if (val & WPA3_AUTH_SAE_PSK) {
 			WL_ERR(("WPA3 is not implemented in the driver (IDK if firmware has to be fixed too)\n"));
 			return -EINVAL;
+
+			switch (sme->crypto.akm_suites[0]) {
+			case WLAN_AKM_SUITE_SAE:
+				val = WPA3_AUTH_SAE_PSK;
+				WL_ERR(("unsupported akm suite (WLAN_AKM_SUITE_SAE).\n"));
+				return -EINVAL;
+				break;
+			case WLAN_AKM_SUITE_FT_OVER_SAE:
+				val = WPA3_AUTH_SAE_PSK | WPA2_AUTH_FT;
+				WL_ERR(("unsupported akm suite (WLAN_AKM_SUITE_FT_OVER_SAE).\n"));
+				return -EINVAL;
+				break;
+			default:
+				WL_ERR(("invalid akm suite (%d)\n", sme->crypto.akm_suites[0]));
+				return -EINVAL;
+			}
 		}
 
 		WL_DBG(("setting wpa_auth to %d\n", val));
diff --git a/src/wl/sys/wl_iw.c b/src/wl/sys/wl_iw.c
index c4c610b..73fd1f6 100644
--- a/src/wl/sys/wl_iw.c
+++ b/src/wl/sys/wl_iw.c
@@ -2076,6 +2076,12 @@ wl_iw_set_wpaauth(
 		if ((error = dev_wlc_intvar_get(dev, "wpa_auth", &val)))
 			return error;
 
+		enum{
+			IW_AUTH_KEY_MGMT_802_1X_SHA256 = 7,
+			IW_AUTH_KEY_MGMT_PSK_SHA256 = 8
+			// not sure about it, https://android.googlesource.com/kernel/mediatek/+/android-mtk-3.18/drivers/misc/mediatek/connectivity/wlan/gen3/os/linux/include/gl_wext.h#312
+		};
+
 		if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
 			if (paramval & IW_AUTH_KEY_MGMT_PSK)
 				val = WPA_AUTH_PSK;
@@ -2087,6 +2093,11 @@ wl_iw_set_wpaauth(
 				val = WPA2_AUTH_PSK;
 			else
 				val = WPA2_AUTH_UNSPECIFIED;
+		} else if (val & (WPA2_AUTH_PSK_SHA256 | WPA2_AUTH_UNSPECIFIED)){
+			if (paramval & IW_AUTH_KEY_MGMT_PSK_SHA256)
+				val = WPA2_AUTH_PSK_SHA256;
+			else
+				val = WPA2_AUTH_UNSPECIFIED;
 		}
 		WL_TRACE(("%s: %d: setting wpa_auth to %d\n", __FUNCTION__, __LINE__, val));
 		if ((error = dev_wlc_intvar_set(dev, "wpa_auth", val)))
-- 
2.32.0