scottk/wlan-ap
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-10-29 17:42:41 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

Compare commits

base: scottk:WIFI-14788-CIG-WF189W-H-Add-temperature-control
Branches Tags
scottk:main scottk:staging-r4.0-memleak scottk:staging-WIFI-15216-ath12k-wifi-update-NWA130BE-BDF-files scottk:staging-WIFI-15175-Add-emplus-wap588m-to-support-kernel-6.6-at-staging-upstream-mediatek scottk:staging-WIFI-14996-Support-NAT-Logging scottk:next scottk:release/v4.1.0 scottk:staging-WIFI-14583-Support-Edgecore-OAP106 scottk:staging-WIFI-14822 scottk:staging-WIFI-14998-reworked scottk:staging-WIFI-14179 scottk:staging-WIFI-15164-ath12k-wifi-update-NWA50BE-BDF-files scottk:staging-WIFI-15163-LAN-switch-exposes-single-eth1-instead-of-per-port-interfaces-for-RAP750W-311A scottk:staging-upstream-mediatek scottk:staging-linux-6.6-EAP111-disable-ubi-auto-attach scottk:staging-WIFI-15027 scottk:staging-WIFI-14859-hostapd_cli-chan_switch-NOHT scottk:staging-WIFI-14987-EAP112-support-AN8801SB scottk:staging-WIFI-14917-log-backup-helper scottk:cloud_discovery_fix_improv scottk:WIFI-15123 scottk:WIFI-15155-CIG189H-wifi-status-and-iwinfo-show-empty-after-upgrade-to-latest-main scottk:staging-WIFI-15139-support-dhcp-opt138-opt224 scottk:WIFI-15138-rap7110c-341x-thermal-setting scottk:staging-WIFI-15146-qca-ssdk-remove-the-unused-patch-of-pinctrl scottk:staging-WIFI-14742 scottk:staging-WIFI-15125-Support-multiple-upstream scottk:WIFI-15130-WF672-Update-FCC-BDF scottk:staging-WIFI-14998-3 scottk:staging-WIFI-14998-2 scottk:release/v4.0.0 scottk:for-4.0 scottk:for-4.1 scottk:staging-WIFI-15127-zyxel_nwa130be-use-LED-of-DTS-instead-of-ssdk-cmd scottk:staging-WIFI-15126-Zyxel-NWA130BE-save-crash-log-into-pstore scottk:staging-WIFI-14676-Support-Zyxel-NWA50BE scottk:staging-WIFI-15124-Add-KERNEL-flag-IPQ_MEM_PROFILE-for-IPQ53XX scottk:WIFI-15120-Sonicfi-squashfs-certification-backup-improve scottk:staging-v4.1 scottk:staging-WIFI-14998 scottk:staging-WIFI-14998-1 scottk:staging-WIFI-14999 scottk:origin/WIFI-15000-WF672A-Check-Wi-Fi-mode-at-boot scottk:WIFI-14997-Multi-country-BDF-support scottk:staging-WIFI-14994-EAP111-support-AN8801SB-PHY scottk:WIFI-14993-enable-pstore-for-SonicFi-Wi-Fi-6-models scottk:14493 scottk:WIFI-15000-WF672A-Check-Wi-Fi-mode-at-boot scottk:led_respect_config scottk:staging-WIFI-14986-EAP112-an8801sb-disable-surge-protection-mode scottk:staging-fix-cloud-discovery-typo-dhcp138 scottk:staging-fix-cloud-discovery-typo scottk:uci_defaults_sync scottk:WIFI-14966 scottk:staging-WIFI-14869-Ramoops-Not-Initialized-on-Cybertan_rap7110c-341x scottk:staging-WIFI-14957-fix-bootbank-switch-upgrade scottk:staging-remove-extra-lines-mtk-sr-scene scottk:staging-WIFI-14951-Store-PKI2.0-key-for-RAP6x-production scottk:staging-WIFI-14901-improve-rrm-with-chanutil-fix scottk:staging-WIFI-14427-afc-use-curl-add-cert scottk:staging-WIFI-14427-afc-use-curl-wifi7 scottk:staging-WIFI-14427-afc-use-curl scottk:staging-mtk-update scottk:staging-WIFI-14904-PKI1.0-to-PKI2.0-enrollment-does-not-complete-properly-on-squashfs-based-certificate-storage-SonicFi-RAP6-series- scottk:staging-WIFI-14901-improve-rrm-with-chanutil scottk:staging-WIFI-14906-add-sync-after-file-generation scottk:WIFI-14896-support-HaLow-Mesh scottk:staging-WIFI-14895-add-support-for-EMPLUS-WAP7635 scottk:WIFI-14890-CIG-Support-dual-BDF scottk:WIFI-14884 scottk:staging-WIFI-14594 scottk:feeds_use_git scottk:WIFI-14873-add-smp-affinity-for-wf186h-and-wf186w scottk:staging-WIFI-14837-support-rrm-EAP11X scottk:staging-mtk-ramoops scottk:staging-WIFI-14847 scottk:WIFI-14545-EAP112-LTE-handle-username-password scottk:staging-add-hostapd_cli-to-hostapd-mtk scottk:staging-WIFI-14849-When-device-is-booting-it-causes-lan-wan-ports-bridge-together scottk:staging-WIFI-14858-ath12k-wifi-update-NWA130BE-BDF-files scottk:staging-WIFI-14848-zyxel_nwa130be-fine-tune-thermal-setting scottk:staging-WIFI-14842-save-crash-log-eap105 scottk:WIFI-14840-6G-CBP-Test-Will-fail-Sometimes scottk:WIFI-14751-EAP112-LTE-auto-connect-after-reboot scottk:WIFI-14817-6G-CBP-fail-on-20M-BW scottk:WIFI-14825-Enable-mpstats-and-iperf3-On-CIG-WiFi-7-Products scottk:WIFI-14631-CIG-WiFi-7-Product-Save-crash-log-into-pstore scottk:staging-WIFI-14824-zyxel_nwa130be-fine-tune-thermal-setting scottk:nwa50be-dev scottk:staging-WIFI-14823-change-patches-zyxel_nwa130be-path scottk:staging-WIFI-14791-add-EMPLUS-WAP380C-support scottk:origin/WIFI-14788-CIG-WF189W-H-Add-temperature-control scottk:WIFI-14789-update-WF672A-configuration scottk:WIFI-14788-CIG-WF189W-H-Add-temperature-control scottk:staging-WIFI-14723-Add-Support-for-EMPLUS-WAP581 scottk:WIFI-14728-ipq50xx-add-sonicfi-rap630e scottk:staging-WIFI-14740-adjust-the-amplitude-level-of-SGMII-for-Zyxel-NWA130BE scottk:staging-WIFI-14615-fix-halow-client-cannot-access-network scottk:wifi-14697 scottk:staging-pki2.0 scottk:WIFI-14697-Implement-API-to-query-negotiated-PoE-class scottk:staging-WIFI-14588-cloud-package-manager scottk:staging-WIFI-14484-WIFI-14544 scottk:WIFI-14699-RAP630-serials-PWM-LED-max-brightness-range-open scottk:WIFI-14574-update-BDF-for-SonicFi-RAP650C scottk:staging-WIFI-14684-add-EMPLUS-WAP385C-support scottk:silent_reboot_fix scottk:WIFI-14666 scottk:staging-WIFI-14668-Add-thermal-protection-for-EMPLUS-WAP588M-model scottk:staging-WIFI-14667-Fix-image-upgrade-fail-for-EMPLUS-WAP588M scottk:staging-WIFI-14579-enable-dualboot-eap111-eap112 scottk:WIFI-14650-CIG-WF-189-CIG-WF-189H-LAN-and-WAN-Ports-Swapped-After-Upgrading-to-TIP-devel-14a0c2d-Image scottk:staging-WIFI-14632-Add-Support-for-EMPLUS-WAP386V2 scottk:WIFI-14644-AP72TIP-support-dual-image-and-fix-reset-button-issue scottk:WIFI-14630-Add-WF189W-WF189H-WF672-into-build-list scottk:staging-WIFI-14645-add-hostapd-patch-eap112 scottk:staging-WIFI-14579-dualboot-in-eap111-eap112 scottk:staging-eap-105-fixes scottk:WIFI-14603-Default-TC-fq_codel-queue-on-GRE-cause-low-GRE-RX-throughput scottk:WIFI-14623-WF188n-WF196-lost-the-certificates-files-after-upgrade scottk:WIFI-14509-CIG-WiFi7-WF-672A-bring-up scottk:staging-WIFI-14605-Swiitch-LAN-and-WAN-port-for-EMPLUS-WAP588M scottk:staging-WIFI-14580-Support-Zyxel-NWA130BE scottk:staging-WIFI-14576-support-phy-AN8801-EAP111 scottk:WIFI-14582-WF189-Save-crash-log-into-pstore scottk:staging-WIFI-14575-rrm-chanutil-fix-radio-status-check scottk:staging-WIFI-14549-Add-Support-for-EMPLUS-WAP588M scottk:WIFI-14567-WF189-10G-PHY-code-optimization scottk:staging-WIFI-14564-Multiple-ssids scottk:WIFI-14546-WF189-ETH-port-issue-start-from-12.5 scottk:staging-WIFI-14560-fix-rrmd-init-script scottk:WIFI-14547-Bringup-Sercomm-AP72TIP-on-v4.x scottk:WIFI-14538-WF189-Reset-button-does-not-work scottk:staging-WIFI-14536-update-chanutil-calculation-in-rrm scottk:staging-WIFI-14459 scottk:staging-WIFI-14529-udhcpinject-missing scottk:WIFI-14524-WF189-W-H-Add-189H-support scottk:WIFI-14526-CIG-smp-affinity-for-supporting-53XX-platform-with-wikiki-and-pebble scottk:staging-test-chuiyeh scottk:release/4.0.0 scottk:staging-test-fridayhung-ec scottk:staging-test-jacky1100002 scottk:staging-WIFI-14522 scottk:staging-testjoe scottk:staging-WIFI-14018-DHCP-82 scottk:WIFI-14456-CIG-WiFi7-WF-189W-H-bring-up scottk:staging-WIFI-14507 scottk:staging-WIFI-14326 scottk:staging-WIFI-14454-support-for-indio-525axm-wifi6-ap scottk:staging-WIFI-14457 scottk:release/v3.2.0 scottk:release/v3.1.0 scottk:release/v3.0.0 scottk:release/v2.11.0 scottk:release/v2.10.0 scottk:release/v2.9.0 scottk:release/v2.8.0 scottk:release/v2.7.0 scottk:release/v2.6.0 scottk:release/v2.5.0 scottk:release/v2.4.0 scottk:pending scottk:release/v2.3.0 scottk:release/v2.3.00 scottk:release/v2.2.0 scottk:release/v2.1.0 scottk:uCentral-trunk scottk:release/v1.2 scottk:trunk scottk:release/v2.0.0 scottk:staging-eap101-usb-storage scottk:release/v1.1 scottk:release/v1.0.0
scottk:v4.1.1 scottk:v4.1.1-RC1 scottk:v4.1.0 scottk:v4.1.0-rc3 scottk:v4.1.0-rc2 scottk:v4.1.0-rc1 scottk:v4.0.0-rc3 scottk:v4.0.0 scottk:v4.0.0-rc2 scottk:v4.0.0-rc1 scottk:v3.2.1 scottk:v3.2.1-rc3 scottk:v3.2.1-rc2 scottk:v3.2.1-rc1 scottk:v3.2.0 scottk:v3.2.0-rc3 scottk:v3.2.0-rc2 scottk:v3.2.0-rc1 scottk:v3.1.0-rc4 scottk:v3.1.0 scottk:v3.1.0-rc3 scottk:v3.1.0-rc2 scottk:v3.1.0-rc1 scottk:v3.0.2-rc3 scottk:v3.0.2 scottk:v3.0.2-rc2 scottk:v3.0.2-rc1 scottk:v3.0.1 scottk:v3.0.1-rc1 scottk:v3.0.0-rc3 scottk:v3.0.0 scottk:v3.0.0-rc2 scottk:v3.0.0-rc1 scottk:v2.11.0-rc3 scottk:v2.11.0 scottk:v2.11.0-rc2 scottk:v2.11.0-rc1 scottk:v2.10.0-rc3 scottk:v2.10.0 scottk:v2.10.0-rc2 scottk:v2.10.0-rc1 scottk:v2.9.1 scottk:v2.9.0 scottk:v2.9.0-rc5 scottk:v2.9.0-rc3 scottk:v2.9.0-rc4 scottk:v2.9.0-rc2 scottk:v2.9.0-rc1 scottk:v2.8.0-rc6 scottk:v2.8.0 scottk:v2.8.0-rc5 scottk:v2.8.0-rc4 scottk:v2.8.0-rc3 scottk:v2.8.0-rc2 scottk:v2.8.0-rc1 scottk:v2.7.2 scottk:v2.7.2-rc2 scottk:v2.7.2-rc1 scottk:v2.7.1 scottk:v2.7.1-rc2 scottk:v2.7.1-rc1 scottk:v2.7.0 scottk:v2.7.0-rc2 scottk:v2.7.0-rc1 scottk:v2.6.0 scottk:v2.6.0-rc5 scottk:v2.6.0-rc4 scottk:v2.6.0-rc3 scottk:v2.6.0-rc2 scottk:v2.6.0-rc1 scottk:v2.5.0 scottk:v2.5.0-rc4 scottk:v2.5.0-rc3 scottk:v2.5.0-rc2 scottk:v2.5.0-rc1 scottk:v2.4.1 scottk:v2.4.0 scottk:v2.4.0-rc3 scottk:v2.4.0-rc2 scottk:v2.4.0-rc1 scottk:v2.3.0-rc3 scottk:v2.3.0-rc2 scottk:v2.3.0-rc1 scottk:v2.2.0-rc2 scottk:v2.2.0-rc1 scottk:v2.1.0-rc3 scottk:v2.1.0-rc2 scottk:v2.1.0-rc1 scottk:v1.2.0 scottk:v1.2.0-rc2 scottk:v1.2.0-rc1 scottk:v2.0.0 scottk:v2.0.0-rc3 scottk:v2.0.0-rc2 scottk:v2.0.0-rc1 scottk:v1.1.1-rc1 scottk:v1.1.0 scottk:v1.1.0-rc4 scottk:v1.1.0-rc3 scottk:v1.0.4 scottk:v1.0.4-rc5 scottk:v1.0.4-rc4 scottk:v1.0.4-rc3 scottk:v1.0.4-rc2 scottk:v1.0.4-rc1 scottk:v1.1.0-rc2 scottk:v1.1.0-rc1 scottk:v1.0.3 scottk:v1.0.2 scottk:v1.0.1 scottk:v1.0.0-rc2 scottk:v1.0.0 scottk:v1.0.0-rc1
..
compare: scottk:v3.0.2
Branches Tags
scottk:staging-r4.0-memleak scottk:staging-WIFI-15216-ath12k-wifi-update-NWA130BE-BDF-files scottk:staging-WIFI-15175-Add-emplus-wap588m-to-support-kernel-6.6-at-staging-upstream-mediatek scottk:main scottk:staging-WIFI-14996-Support-NAT-Logging scottk:next scottk:release/v4.1.0 scottk:staging-WIFI-14583-Support-Edgecore-OAP106 scottk:staging-WIFI-14822 scottk:staging-WIFI-14998-reworked scottk:staging-WIFI-14179 scottk:staging-WIFI-15164-ath12k-wifi-update-NWA50BE-BDF-files scottk:staging-WIFI-15163-LAN-switch-exposes-single-eth1-instead-of-per-port-interfaces-for-RAP750W-311A scottk:staging-upstream-mediatek scottk:staging-linux-6.6-EAP111-disable-ubi-auto-attach scottk:staging-WIFI-15027 scottk:staging-WIFI-14859-hostapd_cli-chan_switch-NOHT scottk:staging-WIFI-14987-EAP112-support-AN8801SB scottk:staging-WIFI-14917-log-backup-helper scottk:cloud_discovery_fix_improv scottk:WIFI-15123 scottk:WIFI-15155-CIG189H-wifi-status-and-iwinfo-show-empty-after-upgrade-to-latest-main scottk:staging-WIFI-15139-support-dhcp-opt138-opt224 scottk:WIFI-15138-rap7110c-341x-thermal-setting scottk:staging-WIFI-15146-qca-ssdk-remove-the-unused-patch-of-pinctrl scottk:staging-WIFI-14742 scottk:staging-WIFI-15125-Support-multiple-upstream scottk:WIFI-15130-WF672-Update-FCC-BDF scottk:staging-WIFI-14998-3 scottk:staging-WIFI-14998-2 scottk:release/v4.0.0 scottk:for-4.0 scottk:for-4.1 scottk:staging-WIFI-15127-zyxel_nwa130be-use-LED-of-DTS-instead-of-ssdk-cmd scottk:staging-WIFI-15126-Zyxel-NWA130BE-save-crash-log-into-pstore scottk:staging-WIFI-14676-Support-Zyxel-NWA50BE scottk:staging-WIFI-15124-Add-KERNEL-flag-IPQ_MEM_PROFILE-for-IPQ53XX scottk:WIFI-15120-Sonicfi-squashfs-certification-backup-improve scottk:staging-v4.1 scottk:staging-WIFI-14998 scottk:staging-WIFI-14998-1 scottk:staging-WIFI-14999 scottk:origin/WIFI-15000-WF672A-Check-Wi-Fi-mode-at-boot scottk:WIFI-14997-Multi-country-BDF-support scottk:staging-WIFI-14994-EAP111-support-AN8801SB-PHY scottk:WIFI-14993-enable-pstore-for-SonicFi-Wi-Fi-6-models scottk:14493 scottk:WIFI-15000-WF672A-Check-Wi-Fi-mode-at-boot scottk:led_respect_config scottk:staging-WIFI-14986-EAP112-an8801sb-disable-surge-protection-mode scottk:staging-fix-cloud-discovery-typo-dhcp138 scottk:staging-fix-cloud-discovery-typo scottk:uci_defaults_sync scottk:WIFI-14966 scottk:staging-WIFI-14869-Ramoops-Not-Initialized-on-Cybertan_rap7110c-341x scottk:staging-WIFI-14957-fix-bootbank-switch-upgrade scottk:staging-remove-extra-lines-mtk-sr-scene scottk:staging-WIFI-14951-Store-PKI2.0-key-for-RAP6x-production scottk:staging-WIFI-14901-improve-rrm-with-chanutil-fix scottk:staging-WIFI-14427-afc-use-curl-add-cert scottk:staging-WIFI-14427-afc-use-curl-wifi7 scottk:staging-WIFI-14427-afc-use-curl scottk:staging-mtk-update scottk:staging-WIFI-14904-PKI1.0-to-PKI2.0-enrollment-does-not-complete-properly-on-squashfs-based-certificate-storage-SonicFi-RAP6-series- scottk:staging-WIFI-14901-improve-rrm-with-chanutil scottk:staging-WIFI-14906-add-sync-after-file-generation scottk:WIFI-14896-support-HaLow-Mesh scottk:staging-WIFI-14895-add-support-for-EMPLUS-WAP7635 scottk:WIFI-14890-CIG-Support-dual-BDF scottk:WIFI-14884 scottk:staging-WIFI-14594 scottk:feeds_use_git scottk:WIFI-14873-add-smp-affinity-for-wf186h-and-wf186w scottk:staging-WIFI-14837-support-rrm-EAP11X scottk:staging-mtk-ramoops scottk:staging-WIFI-14847 scottk:WIFI-14545-EAP112-LTE-handle-username-password scottk:staging-add-hostapd_cli-to-hostapd-mtk scottk:staging-WIFI-14849-When-device-is-booting-it-causes-lan-wan-ports-bridge-together scottk:staging-WIFI-14858-ath12k-wifi-update-NWA130BE-BDF-files scottk:staging-WIFI-14848-zyxel_nwa130be-fine-tune-thermal-setting scottk:staging-WIFI-14842-save-crash-log-eap105 scottk:WIFI-14840-6G-CBP-Test-Will-fail-Sometimes scottk:WIFI-14751-EAP112-LTE-auto-connect-after-reboot scottk:WIFI-14817-6G-CBP-fail-on-20M-BW scottk:WIFI-14825-Enable-mpstats-and-iperf3-On-CIG-WiFi-7-Products scottk:WIFI-14631-CIG-WiFi-7-Product-Save-crash-log-into-pstore scottk:staging-WIFI-14824-zyxel_nwa130be-fine-tune-thermal-setting scottk:nwa50be-dev scottk:staging-WIFI-14823-change-patches-zyxel_nwa130be-path scottk:staging-WIFI-14791-add-EMPLUS-WAP380C-support scottk:origin/WIFI-14788-CIG-WF189W-H-Add-temperature-control scottk:WIFI-14789-update-WF672A-configuration scottk:WIFI-14788-CIG-WF189W-H-Add-temperature-control scottk:staging-WIFI-14723-Add-Support-for-EMPLUS-WAP581 scottk:WIFI-14728-ipq50xx-add-sonicfi-rap630e scottk:staging-WIFI-14740-adjust-the-amplitude-level-of-SGMII-for-Zyxel-NWA130BE scottk:staging-WIFI-14615-fix-halow-client-cannot-access-network scottk:wifi-14697 scottk:staging-pki2.0 scottk:WIFI-14697-Implement-API-to-query-negotiated-PoE-class scottk:staging-WIFI-14588-cloud-package-manager scottk:staging-WIFI-14484-WIFI-14544 scottk:WIFI-14699-RAP630-serials-PWM-LED-max-brightness-range-open scottk:WIFI-14574-update-BDF-for-SonicFi-RAP650C scottk:staging-WIFI-14684-add-EMPLUS-WAP385C-support scottk:silent_reboot_fix scottk:WIFI-14666 scottk:staging-WIFI-14668-Add-thermal-protection-for-EMPLUS-WAP588M-model scottk:staging-WIFI-14667-Fix-image-upgrade-fail-for-EMPLUS-WAP588M scottk:staging-WIFI-14579-enable-dualboot-eap111-eap112 scottk:WIFI-14650-CIG-WF-189-CIG-WF-189H-LAN-and-WAN-Ports-Swapped-After-Upgrading-to-TIP-devel-14a0c2d-Image scottk:staging-WIFI-14632-Add-Support-for-EMPLUS-WAP386V2 scottk:WIFI-14644-AP72TIP-support-dual-image-and-fix-reset-button-issue scottk:WIFI-14630-Add-WF189W-WF189H-WF672-into-build-list scottk:staging-WIFI-14645-add-hostapd-patch-eap112 scottk:staging-WIFI-14579-dualboot-in-eap111-eap112 scottk:staging-eap-105-fixes scottk:WIFI-14603-Default-TC-fq_codel-queue-on-GRE-cause-low-GRE-RX-throughput scottk:WIFI-14623-WF188n-WF196-lost-the-certificates-files-after-upgrade scottk:WIFI-14509-CIG-WiFi7-WF-672A-bring-up scottk:staging-WIFI-14605-Swiitch-LAN-and-WAN-port-for-EMPLUS-WAP588M scottk:staging-WIFI-14580-Support-Zyxel-NWA130BE scottk:staging-WIFI-14576-support-phy-AN8801-EAP111 scottk:WIFI-14582-WF189-Save-crash-log-into-pstore scottk:staging-WIFI-14575-rrm-chanutil-fix-radio-status-check scottk:staging-WIFI-14549-Add-Support-for-EMPLUS-WAP588M scottk:WIFI-14567-WF189-10G-PHY-code-optimization scottk:staging-WIFI-14564-Multiple-ssids scottk:WIFI-14546-WF189-ETH-port-issue-start-from-12.5 scottk:staging-WIFI-14560-fix-rrmd-init-script scottk:WIFI-14547-Bringup-Sercomm-AP72TIP-on-v4.x scottk:WIFI-14538-WF189-Reset-button-does-not-work scottk:staging-WIFI-14536-update-chanutil-calculation-in-rrm scottk:staging-WIFI-14459 scottk:staging-WIFI-14529-udhcpinject-missing scottk:WIFI-14524-WF189-W-H-Add-189H-support scottk:WIFI-14526-CIG-smp-affinity-for-supporting-53XX-platform-with-wikiki-and-pebble scottk:staging-test-chuiyeh scottk:release/4.0.0 scottk:staging-test-fridayhung-ec scottk:staging-test-jacky1100002 scottk:staging-WIFI-14522 scottk:staging-testjoe scottk:staging-WIFI-14018-DHCP-82 scottk:WIFI-14456-CIG-WiFi7-WF-189W-H-bring-up scottk:staging-WIFI-14507 scottk:staging-WIFI-14326 scottk:staging-WIFI-14454-support-for-indio-525axm-wifi6-ap scottk:staging-WIFI-14457 scottk:release/v3.2.0 scottk:release/v3.1.0 scottk:release/v3.0.0 scottk:release/v2.11.0 scottk:release/v2.10.0 scottk:release/v2.9.0 scottk:release/v2.8.0 scottk:release/v2.7.0 scottk:release/v2.6.0 scottk:release/v2.5.0 scottk:release/v2.4.0 scottk:pending scottk:release/v2.3.0 scottk:release/v2.3.00 scottk:release/v2.2.0 scottk:release/v2.1.0 scottk:uCentral-trunk scottk:release/v1.2 scottk:trunk scottk:release/v2.0.0 scottk:staging-eap101-usb-storage scottk:release/v1.1 scottk:release/v1.0.0
scottk:v4.1.1 scottk:v4.1.1-RC1 scottk:v4.1.0 scottk:v4.1.0-rc3 scottk:v4.1.0-rc2 scottk:v4.1.0-rc1 scottk:v4.0.0-rc3 scottk:v4.0.0 scottk:v4.0.0-rc2 scottk:v4.0.0-rc1 scottk:v3.2.1 scottk:v3.2.1-rc3 scottk:v3.2.1-rc2 scottk:v3.2.1-rc1 scottk:v3.2.0 scottk:v3.2.0-rc3 scottk:v3.2.0-rc2 scottk:v3.2.0-rc1 scottk:v3.1.0-rc4 scottk:v3.1.0 scottk:v3.1.0-rc3 scottk:v3.1.0-rc2 scottk:v3.1.0-rc1 scottk:v3.0.2-rc3 scottk:v3.0.2 scottk:v3.0.2-rc2 scottk:v3.0.2-rc1 scottk:v3.0.1 scottk:v3.0.1-rc1 scottk:v3.0.0-rc3 scottk:v3.0.0 scottk:v3.0.0-rc2 scottk:v3.0.0-rc1 scottk:v2.11.0-rc3 scottk:v2.11.0 scottk:v2.11.0-rc2 scottk:v2.11.0-rc1 scottk:v2.10.0-rc3 scottk:v2.10.0 scottk:v2.10.0-rc2 scottk:v2.10.0-rc1 scottk:v2.9.1 scottk:v2.9.0 scottk:v2.9.0-rc5 scottk:v2.9.0-rc3 scottk:v2.9.0-rc4 scottk:v2.9.0-rc2 scottk:v2.9.0-rc1 scottk:v2.8.0-rc6 scottk:v2.8.0 scottk:v2.8.0-rc5 scottk:v2.8.0-rc4 scottk:v2.8.0-rc3 scottk:v2.8.0-rc2 scottk:v2.8.0-rc1 scottk:v2.7.2 scottk:v2.7.2-rc2 scottk:v2.7.2-rc1 scottk:v2.7.1 scottk:v2.7.1-rc2 scottk:v2.7.1-rc1 scottk:v2.7.0 scottk:v2.7.0-rc2 scottk:v2.7.0-rc1 scottk:v2.6.0 scottk:v2.6.0-rc5 scottk:v2.6.0-rc4 scottk:v2.6.0-rc3 scottk:v2.6.0-rc2 scottk:v2.6.0-rc1 scottk:v2.5.0 scottk:v2.5.0-rc4 scottk:v2.5.0-rc3 scottk:v2.5.0-rc2 scottk:v2.5.0-rc1 scottk:v2.4.1 scottk:v2.4.0 scottk:v2.4.0-rc3 scottk:v2.4.0-rc2 scottk:v2.4.0-rc1 scottk:v2.3.0-rc3 scottk:v2.3.0-rc2 scottk:v2.3.0-rc1 scottk:v2.2.0-rc2 scottk:v2.2.0-rc1 scottk:v2.1.0-rc3 scottk:v2.1.0-rc2 scottk:v2.1.0-rc1 scottk:v1.2.0 scottk:v1.2.0-rc2 scottk:v1.2.0-rc1 scottk:v2.0.0 scottk:v2.0.0-rc3 scottk:v2.0.0-rc2 scottk:v2.0.0-rc1 scottk:v1.1.1-rc1 scottk:v1.1.0 scottk:v1.1.0-rc4 scottk:v1.1.0-rc3 scottk:v1.0.4 scottk:v1.0.4-rc5 scottk:v1.0.4-rc4 scottk:v1.0.4-rc3 scottk:v1.0.4-rc2 scottk:v1.0.4-rc1 scottk:v1.1.0-rc2 scottk:v1.1.0-rc1 scottk:v1.0.3 scottk:v1.0.2 scottk:v1.0.1 scottk:v1.0.0-rc2 scottk:v1.0.0 scottk:v1.0.0-rc1

10 Commits
WIFI-14788 ... v3.0.2

Author SHA1 Message Date
jaspreetsachdev
192261318c Merge pull request #656 from Telecominfraproject/main 
Merge for 3.0.2-rc3
 2024-04-13 09:36:24 -04:00
jaspreetsachdev
dcff5c6932 Merge pull request #655 from Telecominfraproject/main 
Merge for 3.0.2-rc3
 2024-04-12 12:21:01 -04:00
jaspreetsachdev
ca1eabfbd5 Merge pull request #648 from Telecominfraproject/main 
merge for 3.0.2-RC2
 2024-04-05 15:37:27 -04:00
jaspreetsachdev
f0035a9908 Merge pull request #640 from Telecominfraproject/main 
Merge main for RC1 of 3.0.2 patch release
 2024-03-21 12:53:43 -04:00
jaspreetsachdev
14aa04ad10 Merge pull request #620 from Telecominfraproject/v3.0.0-release 
V3.0.1 release
 2024-01-24 22:56:45 -05:00
Jaspreet Sachdev
589cdf6795 Merge branch 'main' into v3.0.0-release 2024-01-24 22:55:00 -05:00
jaspreetsachdev
bf06374839 Merge pull request #614 from Telecominfraproject/v3.0.0-release 
Merge from main
 2023-12-20 13:29:24 -05:00
Jaspreet Sachdev
d2ff492853 Merge branch 'main' into v3.0.0-release 2023-12-20 13:26:46 -05:00
jaspreetsachdev
18ba90f5b4 Merge pull request #613 from Telecominfraproject/v3.0.0-release 
V3.0.0 release
 2023-12-15 18:09:18 -05:00
jaspreetsachdev
8301bfbf89 Merge pull request #601 from Telecominfraproject/v3.0.0-release 
ipq807x: enable CIG wf188/196 for RC1
 2023-11-24 14:58:21 -05:00
10391 changed files with 1614744 additions and 1511336 deletions
Expand all files Collapse all files

11
.github/workflows/build-dev.yml vendored Executable file → Normal file
View File

@@ -15,20 +15,21 @@ on:
jobs:
build:
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
outputs:
x64_vm_image_name: ${{ steps.package_and_upload_image.outputs.x64_vm_image_name }}
strategy:
fail-fast: false
matrix:
target: [ 'cig_wf189h', 'cig_wf189w', 'cig_wf660a', 'cig_wf672', 'cig_wf186h', 'cig_wf186w', 'cig_wf188n', 'cig_wf189', 'cig_wf196', 'cig_wf196', 'cybertan_eww631-a1', 'cybertan_eww631-b1', 'sonicfi_rap630w-312g', 'sonicfi_rap63xc-211g', 'sonicfi_rap630c-311g', 'sonicfi_rap630w-311g', 'sonicfi_rap630w-211g', 'sonicfi_rap650c', 'sonicfi_rap7110c-341x', 'sonicfi_rap750e-h', 'sonicfi_rap750e-s', 'sonicfi_rap750w-311a', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_eap105', 'edgecore_eap111', 'edgecore_eap112', 'edgecore_oap101', 'edgecore_oap101-6e', 'edgecore_oap101e', 'edgecore_oap101e-6e', 'edgecore_oap103', 'hfcl_ion4xe', 'hfcl_ion4xi', 'hfcl_ion4x', 'hfcl_ion4x_2', 'hfcl_ion4x_3', 'hfcl_ion4xi_w', 'hfcl_ion4x_w', 'indio_um-305ax', 'senao_iap4300m', 'senao_iap2300m', 'senao_jeap6500', 'udaya_a6-id2', 'udaya_a6-od2', 'yuncore_ax820', 'yuncore_ax840', 'yuncore_fap640', 'yuncore_fap650', 'yuncore_fap655', 'emplus_wap588m', 'zyxel_nwa130be', 'sercomm_ap72tip-v4' ]
target: [ 'cig_wf186h', 'cig_wf186w', 'cig_wf188n', 'cig_wf196', 'cig_wf189', 'cig_wf660a', 'cybertan_eww622-a1', 'cybertan_eww631-a1', 'cybertan_eww631-b1', 'edgecore_eap101', 'edgecore_eap102', 'edgecore_eap104', 'edgecore_eap111', 'edgecore_ecw5211', 'edgecore_oap101', 'edgecore_oap101-6e', 'edgecore_oap101e', 'edgecore_oap101e-6e', 'edgecore_oap102', 'hfcl_ion4','hfcl_ion4xi_wp', 'hfcl_ion4xe', 'hfcl_ion4xi', 'hfcl_ion4x', 'hfcl_ion4x_2', 'hfcl_ion4xi_w', 'hfcl_ion4xi_HMR', 'hfcl_ion4x_w', 'indio_um-305ax', 'indio_um-325ac', 'indio_um-510ac-v3', 'indio_um-550ac', 'indio_um-310ax-v1', 'indio_um-510axp-v1', 'indio_um-510axm-v1', 'sercomm_ap72tip', 'udaya_a5-id2', 'wallys_dr40x9', 'wallys_dr6018', 'wallys_dr6018-v4', 'yuncore_ax820', 'yuncore_ax840', 'yuncore_fap640', 'yuncore_fap650', 'yuncore_fap655' ]
steps:
- uses: actions/checkout@v3
# Clean unnecessary files to save disk space
- name: clean unncessary files to save space
run: |
docker rmi `docker images -q` || true
docker rmi `docker images -q`
- name: Build image for ${{ matrix.target }}
id: build
@@ -80,7 +81,7 @@ jobs:
fi
trigger-testing:
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
needs: build
if: startsWith(github.ref, 'refs/tags/v')
steps:
@@ -93,7 +94,7 @@ jobs:
client-payload: '{"ref": "${GITHUB_REF#refs/tags/}", "sha": "${{ github.sha }}"}'
create-x64_vm-ami:
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
needs: build
if: startsWith(github.ref, 'refs/tags/v')
steps:

3
feeds/bluetooth/nrf52840/files/etc/init.d/nrf52840
View File

@@ -6,8 +6,7 @@ boot() {
. /lib/functions/system.sh
case $(board_name) in
edgecore,eap102|\
edgecore,oap102|\
edgecore,oap103)
edgecore,oap102)
echo 54 > /sys/class/gpio/export
echo out > /sys/class/gpio/gpio54/direction
echo 0 > /sys/class/gpio/gpio54/value

29
feeds/hfcl/hfcl/Makefile
View File

@@ -1,29 +0,0 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hfcl
PKG_VERSION:=1.0
PKG_BUILD_DIR:= $(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk
define Package/hfcl
SECTION:=base
CATEGORY:=Utilities
TITLE:=hfcl
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
endef
define Build/Compile/Default
endef
Build/Compile = $(Build/Compile/Default)
define Package/hfcl/install
cp -rf ./files/* $(1)
endef
$(eval $(call BuildPackage,hfcl))

43
feeds/hfcl/hfcl/files/etc/ucentral_check.sh
View File

@@ -1,43 +0,0 @@
#!/bin/sh
echo "Start Websocket check/recovery script"
ucentral_conn=$(netstat -atulpn | grep -i ucentral | awk '{print $6}')
hostname_AP=$(uci get system.@system[0].hostname)
uc_file_check=$(du /etc/config/ucentral | awk '{print $1}' )
sleep 20
curr_date=$(date)
if [[ "$uc_file_check" = 0 ]]
then
echo "[[$curr_date]] empty ucentral file found, need to factory reset"
ubi_mount=$(mount | grep ubifs | grep noatime | awk '{print $1}')
if [[ "$ubi_mount" != "/dev/ubi0_3" ]]
then
echo "[[$curr_date]] ubifs not mounted, need to reboot before factory reset, mount was $ubi_mount"
/sbin/reboot
else
/sbin/jffs2reset -y -r
fi
elif [[ "$hostname_AP" = "OpenWrt" ]]
then
echo "[[$curr_date]] hostname set to openwrt, doing ucentral and capabilities load"
/usr/share/ucentral/capabilities.uc
rlink=$(readlink -f /etc/ucentral/ucentral.active)
/usr/share/ucentral/ucentral.uc /etc/ucentral/ucentral.active
rm -rf /etc/ucentral/ucentral.active
ln -s $rlink /etc/ucentral/ucentral.active
sleep 60
ucentral_check=$(netstat -atulpn | grep -i ucentral | awk '{print $6}')
if [[ "$ucentral_check" != "ESTABLIHED" ]]
then
echo "[[$curr_date]] loading didn't work, need to factory reset"
/sbin/jffs2reset -y -r
fi
elif [[ "$ucentral_conn" != "ESTABLISHED" ]]
then
echo "[[$curr_date]] Ucentral either crashed or stopped, restarting the same"
/etc/init.d/ucentral restart
else
echo "[[$curr_date]] Ucentral working all fine, nothing to do"
fi

18
feeds/hfcl/hfcl/files/etc/uci-defaults/abc-hfcl-ucentral
View File

@@ -1,18 +0,0 @@
#!/bin/sh
#rm -f /etc/rc.local
#cp -f /etc/loop.local /etc/rc.local
crontab -r
/etc/init.d/cron enable
/etc/init.d/cron start
sleep 60
crontab -l | { cat; echo "*/3 * * * * /bin/sh /etc/ucentral_check.sh >> /tmp/ucentral_check";} | crontab -
crontab -l | { cat; echo "* */4 * * * rm -rf /tmp/ucentral_check";} | crontab -
/etc/init.d/cron restart

108
feeds/hostapd/hostapd/Config.in
View File

@@ -1,108 +0,0 @@
# wpa_supplicant config
config WPA_RFKILL_SUPPORT
bool "Add rfkill support"
depends on PACKAGE_wpa-supplicant || \
PACKAGE_wpa-supplicant-openssl || \
PACKAGE_wpa-supplicant-wolfssl || \
PACKAGE_wpa-supplicant-mbedtls || \
PACKAGE_wpa-supplicant-mesh-openssl || \
PACKAGE_wpa-supplicant-mesh-wolfssl || \
PACKAGE_wpa-supplicant-mesh-mbedtls || \
PACKAGE_wpa-supplicant-basic || \
PACKAGE_wpa-supplicant-mini || \
PACKAGE_wpa-supplicant-p2p || \
PACKAGE_wpad || \
PACKAGE_wpad-openssl || \
PACKAGE_wpad-wolfssl || \
PACKAGE_wpad-mbedtls || \
PACKAGE_wpad-basic || \
PACKAGE_wpad-basic-openssl || \
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-basic-mbedtls || \
PACKAGE_wpad-mini || \
PACKAGE_wpad-mesh-openssl || \
PACKAGE_wpad-mesh-wolfssl || \
PACKAGE_wpad-mesh-mbedtls
default n
config WPA_MSG_MIN_PRIORITY
int "Minimum debug message priority"
depends on PACKAGE_wpa-supplicant || \
PACKAGE_wpa-supplicant-openssl || \
PACKAGE_wpa-supplicant-wolfssl || \
PACKAGE_wpa-supplicant-mbedtls || \
PACKAGE_wpa-supplicant-mesh-openssl || \
PACKAGE_wpa-supplicant-mesh-wolfssl || \
PACKAGE_wpa-supplicant-mesh-mbedtls || \
PACKAGE_wpa-supplicant-basic || \
PACKAGE_wpa-supplicant-mini || \
PACKAGE_wpa-supplicant-p2p || \
PACKAGE_wpad || \
PACKAGE_wpad-openssl || \
PACKAGE_wpad-wolfssl || \
PACKAGE_wpad-mbedtls || \
PACKAGE_wpad-basic || \
PACKAGE_wpad-basic-openssl || \
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-basic-mbedtls || \
PACKAGE_wpad-mini || \
PACKAGE_wpad-mesh-openssl || \
PACKAGE_wpad-mesh-wolfssl || \
PACKAGE_wpad-mesh-mbedtls
default 3
help
Useful values are:
0 = all messages
1 = raw message dumps
2 = most debugging messages
3 = info messages
4 = warnings
5 = errors
config WPA_WOLFSSL
bool
default PACKAGE_wpa-supplicant-wolfssl ||\
PACKAGE_wpad-wolfssl ||\
PACKAGE_wpad-basic-wolfssl || \
PACKAGE_wpad-mesh-wolfssl ||\
PACKAGE_eapol-test-wolfssl
select WOLFSSL_HAS_AES_CCM
select WOLFSSL_HAS_ARC4
select WOLFSSL_HAS_DH
select WOLFSSL_HAS_OCSP
select WOLFSSL_HAS_SESSION_TICKET
select WOLFSSL_HAS_WPAS
config DRIVER_11AC_SUPPORT
bool
default n
config DRIVER_11AX_SUPPORT
bool
default n
select WPA_MBO_SUPPORT
config WPA_ENABLE_WEP
bool "Enable support for unsecure and obsolete WEP"
help
Wired equivalent privacy (WEP) is an obsolete cryptographic data
confidentiality algorithm that is not considered secure. It should not be used
for anything anymore. The functionality needed to use WEP is available in the
current hostapd release under this optional build parameter and completely
removed in a future release.
config WPA_MBO_SUPPORT
bool "Multi Band Operation (Agile Multiband)"
default PACKAGE_wpa-supplicant || \
PACKAGE_wpa-supplicant-openssl || \
PACKAGE_wpa-supplicant-wolfssl || \
PACKAGE_wpa-supplicant-mbedtls || \
PACKAGE_wpad || \
PACKAGE_wpad-openssl || \
PACKAGE_wpad-wolfssl || \
PACKAGE_wpad-mbedtls
help
Multi Band Operation aka (Agile Multiband) enables features
that facilitate efficient use of multiple frequency bands.
Enabling MBO on an AP using RSN requires 802.11w to be enabled.
Hostapd will refuse to start if MBO and RSN are enabled without 11w.

851
feeds/hostapd/hostapd/Makefile
View File

@@ -1,851 +0,0 @@
# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright (C) 2006-2021 OpenWrt.org
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
PKG_RELEASE:=4
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_DATE:=2023-09-08
PKG_SOURCE_VERSION:=e5ccbfc69ecf297590341ae8b461edba9d8e964c
PKG_MIRROR_HASH:=fcc6550f46c7f8bbdbf71e63f8f699b9a0878565ad1b90a17855f5ec21283b8f
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause
PKG_CPE_ID:=cpe:/a:w1.fi:hostapd
PKG_BUILD_PARALLEL:=1
PKG_ASLR_PIE_REGULAR:=1
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_hostapd \
CONFIG_PACKAGE_hostapd-basic \
CONFIG_PACKAGE_hostapd-mini \
CONFIG_WPA_RFKILL_SUPPORT \
CONFIG_DRIVER_11AC_SUPPORT \
CONFIG_DRIVER_11AX_SUPPORT \
CONFIG_WPA_ENABLE_WEP
PKG_BUILD_FLAGS:=gc-sections lto
EAPOL_TEST_PROVIDERS:=eapol-test eapol-test-openssl eapol-test-wolfssl
SUPPLICANT_PROVIDERS:=
HOSTAPD_PROVIDERS:=
LOCAL_TYPE=$(strip \
$(if $(findstring wpad,$(BUILD_VARIANT)),wpad, \
$(if $(findstring supplicant,$(BUILD_VARIANT)),supplicant, \
hostapd \
)))
LOCAL_AND_LIB_VARIANT=$(patsubst hostapd-%,%,\
$(patsubst wpad-%,%,\
$(patsubst supplicant-%,%,\
$(BUILD_VARIANT)\
)))
LOCAL_VARIANT=$(patsubst %-internal,%,\
$(patsubst %-openssl,%,\
$(patsubst %-wolfssl,%,\
$(patsubst %-mbedtls,%,\
$(LOCAL_AND_LIB_VARIANT)\
))))
SSL_VARIANT=$(strip \
$(if $(findstring openssl,$(LOCAL_AND_LIB_VARIANT)),openssl,\
$(if $(findstring wolfssl,$(LOCAL_AND_LIB_VARIANT)),wolfssl,\
$(if $(findstring mbedtls,$(LOCAL_AND_LIB_VARIANT)),mbedtls,\
internal\
))))
CONFIG_VARIANT:=$(LOCAL_VARIANT)
ifeq ($(LOCAL_VARIANT),mesh)
CONFIG_VARIANT:=full
endif
include $(INCLUDE_DIR)/package.mk
STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_$(CONFIG_WPA_MSG_MIN_PRIORITY)
ifneq ($(CONFIG_DRIVER_11AC_SUPPORT),)
HOSTAPD_IEEE80211AC:=y
endif
ifneq ($(CONFIG_DRIVER_11AX_SUPPORT),)
HOSTAPD_IEEE80211AX:=y
endif
CORE_DEPENDS = +ucode +libubus +libucode +ucode-mod-fs +ucode-mod-nl80211 +ucode-mod-rtnl +ucode-mod-ubus +ucode-mod-uloop +libblobmsg-json
OPENSSL_DEPENDS = +PACKAGE_$(1):libopenssl +PACKAGE_$(1):libopenssl-legacy
DRIVER_MAKEOPTS= \
CONFIG_ACS=y CONFIG_DRIVER_NL80211=y \
CONFIG_IEEE80211AC=$(HOSTAPD_IEEE80211AC) \
CONFIG_IEEE80211AX=$(HOSTAPD_IEEE80211AX) \
CONFIG_MBO=$(CONFIG_WPA_MBO_SUPPORT) \
CONFIG_UCODE=y
ifeq ($(SSL_VARIANT),openssl)
DRIVER_MAKEOPTS += CONFIG_TLS=openssl CONFIG_SAE=y
TARGET_LDFLAGS += -lcrypto -lssl
ifeq ($(LOCAL_VARIANT),basic)
DRIVER_MAKEOPTS += CONFIG_OWE=y
endif
ifeq ($(LOCAL_VARIANT),mesh)
DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y
endif
ifeq ($(LOCAL_VARIANT),full)
DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y
endif
endif
ifeq ($(SSL_VARIANT),wolfssl)
DRIVER_MAKEOPTS += CONFIG_TLS=wolfssl CONFIG_SAE=y
TARGET_LDFLAGS += -lwolfssl
ifeq ($(LOCAL_VARIANT),basic)
DRIVER_MAKEOPTS += CONFIG_OWE=y
endif
ifeq ($(LOCAL_VARIANT),mesh)
DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
endif
ifeq ($(LOCAL_VARIANT),full)
DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
endif
endif
ifeq ($(SSL_VARIANT),mbedtls)
DRIVER_MAKEOPTS += CONFIG_TLS=mbedtls CONFIG_SAE=y
TARGET_LDFLAGS += -lmbedcrypto -lmbedx509 -lmbedtls
ifeq ($(LOCAL_VARIANT),basic)
DRIVER_MAKEOPTS += CONFIG_OWE=y
endif
ifeq ($(LOCAL_VARIANT),mesh)
DRIVER_MAKEOPTS += CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
endif
ifeq ($(LOCAL_VARIANT),full)
DRIVER_MAKEOPTS += CONFIG_OWE=y CONFIG_SUITEB192=y CONFIG_AP=y CONFIG_MESH=y CONFIG_WPS_NFC=1
endif
endif
ifneq ($(LOCAL_TYPE),hostapd)
ifdef CONFIG_WPA_RFKILL_SUPPORT
DRIVER_MAKEOPTS += NEED_RFKILL=y
endif
endif
DRV_DEPENDS:=+libnl-tiny
define Package/hostapd/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
TITLE:=IEEE 802.1x Authenticator
URL:=http://hostap.epitest.fi/
DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-$(PKG_RELEASE))
USERID:=network=101:network=101
PROVIDES:=hostapd
CONFLICTS:=$(HOSTAPD_PROVIDERS)
HOSTAPD_PROVIDERS+=$(1)
endef
define Package/hostapd
$(call Package/hostapd/Default,$(1))
TITLE+= (built-in full)
VARIANT:=full-internal
endef
define Package/hostapd/description
This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
Authenticator.
endef
define Package/hostapd-openssl
$(call Package/hostapd/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=full-openssl
DEPENDS+=$(OPENSSL_DEPENDS)
endef
Package/hostapd-openssl/description = $(Package/hostapd/description)
define Package/hostapd-wolfssl
$(call Package/hostapd/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=full-wolfssl
DEPENDS+=+PACKAGE_hostapd-wolfssl:libwolfssl
endef
Package/hostapd-wolfssl/description = $(Package/hostapd/description)
define Package/hostapd-mbedtls
$(call Package/hostapd/Default,$(1))
TITLE+= (mbedTLS full)
VARIANT:=full-mbedtls
DEPENDS+=+PACKAGE_hostapd-mbedtls:libmbedtls
endef
Package/hostapd-mbedtls/description = $(Package/hostapd/description)
define Package/hostapd-basic
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK, 11r, 11w)
VARIANT:=basic
endef
define Package/hostapd-basic/description
This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/hostapd-basic-openssl
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK, 11r and 11w)
VARIANT:=basic-openssl
DEPENDS+=+PACKAGE_hostapd-basic-openssl:libopenssl
endef
define Package/hostapd-basic-openssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/hostapd-basic-wolfssl
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK, 11r and 11w)
VARIANT:=basic-wolfssl
DEPENDS+=+PACKAGE_hostapd-basic-wolfssl:libwolfssl
endef
define Package/hostapd-basic-wolfssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/hostapd-basic-mbedtls
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK, 11r and 11w)
VARIANT:=basic-mbedtls
DEPENDS+=+PACKAGE_hostapd-basic-mbedtls:libmbedtls
endef
define Package/hostapd-basic-mbedtls/description
This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/hostapd-mini
$(call Package/hostapd/Default,$(1))
TITLE+= (WPA-PSK only)
VARIANT:=mini
endef
define Package/hostapd-mini/description
This package contains a minimal IEEE 802.1x/WPA Authenticator (WPA-PSK only).
endef
define Package/wpad/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
TITLE:=IEEE 802.1x Auth/Supplicant
DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-$(PKG_RELEASE))
USERID:=network=101:network=101
URL:=http://hostap.epitest.fi/
PROVIDES:=hostapd wpa-supplicant
CONFLICTS:=$(HOSTAPD_PROVIDERS) $(SUPPLICANT_PROVIDERS)
HOSTAPD_PROVIDERS+=$(1)
SUPPLICANT_PROVIDERS+=$(1)
endef
define Package/wpad
$(call Package/wpad/Default,$(1))
TITLE+= (built-in full)
VARIANT:=wpad-full-internal
endef
define Package/wpad/description
This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
Authenticator and Supplicant
endef
define Package/wpad-openssl
$(call Package/wpad/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=wpad-full-openssl
DEPENDS+=$(OPENSSL_DEPENDS)
endef
Package/wpad-openssl/description = $(Package/wpad/description)
define Package/wpad-wolfssl
$(call Package/wpad/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=wpad-full-wolfssl
DEPENDS+=+PACKAGE_wpad-wolfssl:libwolfssl
endef
Package/wpad-wolfssl/description = $(Package/wpad/description)
define Package/wpad-mbedtls
$(call Package/wpad/Default,$(1))
TITLE+= (mbedTLS full)
VARIANT:=wpad-full-mbedtls
DEPENDS+=+PACKAGE_wpad-mbedtls:libmbedtls
endef
Package/wpad-mbedtls/description = $(Package/wpad/description)
define Package/wpad-basic
$(call Package/wpad/Default,$(1))
TITLE+= (WPA-PSK, 11r, 11w)
VARIANT:=wpad-basic
endef
define Package/wpad-basic/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, 802.11r and 802.11w support.
endef
define Package/wpad-basic-openssl
$(call Package/wpad/Default,$(1))
TITLE+= (OpenSSL, 11r, 11w)
VARIANT:=wpad-basic-openssl
DEPENDS+=$(OPENSSL_DEPENDS)
endef
define Package/wpad-basic-openssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
endef
define Package/wpad-basic-wolfssl
$(call Package/wpad/Default,$(1))
TITLE+= (wolfSSL, 11r, 11w)
VARIANT:=wpad-basic-wolfssl
DEPENDS+=+PACKAGE_wpad-basic-wolfssl:libwolfssl
endef
define Package/wpad-basic-wolfssl/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
endef
define Package/wpad-basic-mbedtls
$(call Package/wpad/Default,$(1))
TITLE+= (mbedTLS, 11r, 11w)
VARIANT:=wpad-basic-mbedtls
DEPENDS+=+PACKAGE_wpad-basic-mbedtls:libmbedtls
endef
define Package/wpad-basic-mbedtls/description
This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w support.
endef
define Package/wpad-mini
$(call Package/wpad/Default,$(1))
TITLE+= (WPA-PSK only)
VARIANT:=wpad-mini
endef
define Package/wpad-mini/description
This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (WPA-PSK only).
endef
define Package/wpad-mesh
$(call Package/wpad/Default,$(1))
DEPENDS+=@(!TARGET_uml||BROKEN)
PROVIDES+=wpa-supplicant-mesh wpad-mesh
endef
define Package/wpad-mesh/description
This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
endef
define Package/wpad-mesh-openssl
$(call Package/wpad-mesh,$(1))
TITLE+= (OpenSSL, 11s, SAE)
DEPENDS+=$(OPENSSL_DEPENDS)
VARIANT:=wpad-mesh-openssl
endef
Package/wpad-mesh-openssl/description = $(Package/wpad-mesh/description)
define Package/wpad-mesh-wolfssl
$(call Package/wpad-mesh,$(1))
TITLE+= (wolfSSL, 11s, SAE)
DEPENDS+=+PACKAGE_wpad-mesh-wolfssl:libwolfssl
VARIANT:=wpad-mesh-wolfssl
endef
Package/wpad-mesh-wolfssl/description = $(Package/wpad-mesh/description)
define Package/wpad-mesh-mbedtls
$(call Package/wpad-mesh,$(1))
TITLE+= (mbedTLS, 11s, SAE)
DEPENDS+=+PACKAGE_wpad-mesh-mbedtls:libmbedtls
VARIANT:=wpad-mesh-mbedtls
endef
Package/wpad-mesh-mbedtls/description = $(Package/wpad-mesh/description)
define Package/wpa-supplicant/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
TITLE:=WPA Supplicant
URL:=http://hostap.epitest.fi/wpa_supplicant/
DEPENDS:=$(DRV_DEPENDS) +hostapd-common $(CORE_DEPENDS)
EXTRA_DEPENDS:=hostapd-common (=$(PKG_VERSION)-$(PKG_RELEASE))
USERID:=network=101:network=101
PROVIDES:=wpa-supplicant
CONFLICTS:=$(SUPPLICANT_PROVIDERS)
SUPPLICANT_PROVIDERS+=$(1)
endef
define Package/wpa-supplicant
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (built-in full)
VARIANT:=supplicant-full-internal
endef
define Package/wpa-supplicant-openssl
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=supplicant-full-openssl
DEPENDS+=$(OPENSSL_DEPENDS)
endef
define Package/wpa-supplicant-wolfssl
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=supplicant-full-wolfssl
DEPENDS+=+PACKAGE_wpa-supplicant-wolfssl:libwolfssl
endef
define Package/wpa-supplicant-mbedtls
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (mbedTLS full)
VARIANT:=supplicant-full-mbedtls
DEPENDS+=+PACKAGE_wpa-supplicant-mbedtls:libmbedtls
endef
define Package/wpa-supplicant/config
source "$(SOURCE)/Config.in"
endef
define Package/wpa-supplicant-p2p
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (Wi-Fi P2P support)
VARIANT:=supplicant-p2p-internal
endef
define Package/wpa-supplicant-mesh/Default
$(call Package/wpa-supplicant/Default,$(1))
DEPENDS+=@(!TARGET_uml||BROKEN)
PROVIDES+=wpa-supplicant-mesh
endef
define Package/wpa-supplicant-mesh-openssl
$(call Package/wpa-supplicant-mesh/Default,$(1))
TITLE+= (OpenSSL, 11s, SAE)
VARIANT:=supplicant-mesh-openssl
DEPENDS+=$(OPENSSL_DEPENDS)
endef
define Package/wpa-supplicant-mesh-wolfssl
$(call Package/wpa-supplicant-mesh/Default,$(1))
TITLE+= (wolfSSL, 11s, SAE)
VARIANT:=supplicant-mesh-wolfssl
DEPENDS+=+PACKAGE_wpa-supplicant-mesh-wolfssl:libwolfssl
endef
define Package/wpa-supplicant-mesh-mbedtls
$(call Package/wpa-supplicant-mesh/Default,$(1))
TITLE+= (mbedTLS, 11s, SAE)
VARIANT:=supplicant-mesh-mbedtls
DEPENDS+=+PACKAGE_wpa-supplicant-mesh-mbedtls:libmbedtls
endef
define Package/wpa-supplicant-basic
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (11r, 11w)
VARIANT:=supplicant-basic
endef
define Package/wpa-supplicant-mini
$(call Package/wpa-supplicant/Default,$(1))
TITLE+= (minimal)
VARIANT:=supplicant-mini
endef
define Package/hostapd-common
TITLE:=hostapd/wpa_supplicant common support files
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
endef
define Package/hostapd-utils
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
TITLE:=IEEE 802.1x Authenticator (utils)
URL:=http://hostap.epitest.fi/
DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(HOSTAPD_PROVIDERS),PACKAGE_$(pkg)))
VARIANT:=*
endef
define Package/hostapd-utils/description
This package contains a command line utility to control the
IEEE 802.1x/WPA/EAP/RADIUS Authenticator.
endef
define Package/wpa-cli
SECTION:=net
CATEGORY:=Network
SUBMENU:=WirelessAPD
DEPENDS:=@$(subst $(space),||,$(foreach pkg,$(SUPPLICANT_PROVIDERS),PACKAGE_$(pkg)))
TITLE:=WPA Supplicant command line control utility
VARIANT:=*
endef
define Package/eapol-test/Default
TITLE:=802.1x auth test utility
SECTION:=net
SUBMENU:=WirelessAPD
CATEGORY:=Network
DEPENDS:=$(DRV_DEPENDS) $(CORE_DEPENDS)
endef
define Package/eapol-test
$(call Package/eapol-test/Default,$(1))
TITLE+= (built-in full)
VARIANT:=supplicant-full-internal
endef
define Package/eapol-test-openssl
$(call Package/eapol-test/Default,$(1))
TITLE+= (OpenSSL full)
VARIANT:=supplicant-full-openssl
CONFLICTS:=$(filter-out eapol-test-openssl ,$(EAPOL_TEST_PROVIDERS))
DEPENDS+=$(OPENSSL_DEPENDS)
PROVIDES:=eapol-test
endef
define Package/eapol-test-wolfssl
$(call Package/eapol-test/Default,$(1))
TITLE+= (wolfSSL full)
VARIANT:=supplicant-full-wolfssl
CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-wolfssl ,$(EAPOL_TEST_PROVIDERS)))
DEPENDS+=+PACKAGE_eapol-test-wolfssl:libwolfssl
PROVIDES:=eapol-test
endef
define Package/eapol-test-mbedtls
$(call Package/eapol-test/Default,$(1))
TITLE+= (mbedTLS full)
VARIANT:=supplicant-full-mbedtls
CONFLICTS:=$(filter-out eapol-test-openssl ,$(filter-out eapol-test-mbedtls ,$(EAPOL_TEST_PROVIDERS)))
DEPENDS+=+PACKAGE_eapol-test-mbedtls:libmbedtls
PROVIDES:=eapol-test
endef
ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
define Build/Configure/rebuild
$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.a | $(XARGS) rm -f
rm -f $(PKG_BUILD_DIR)/hostapd/hostapd
rm -f $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant
rm -f $(PKG_BUILD_DIR)/.config_*
touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
endef
endif
define Build/Configure
$(Build/Configure/rebuild)
$(if $(wildcard ./files/hostapd-$(CONFIG_VARIANT).config), \
$(CP) ./files/hostapd-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \
)
$(if $(wildcard ./files/wpa_supplicant-$(CONFIG_VARIANT).config), \
$(CP) ./files/wpa_supplicant-$(CONFIG_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config
)
endef
TARGET_CPPFLAGS := \
-I$(STAGING_DIR)/usr/include/libnl-tiny \
-I$(PKG_BUILD_DIR)/src/crypto \
$(TARGET_CPPFLAGS) \
-DCONFIG_LIBNL20 \
-D_GNU_SOURCE \
$(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY))
TARGET_LDFLAGS += -lubox -lubus -lblobmsg_json -lucode -lm -lnl-tiny
ifdef CONFIG_WPA_ENABLE_WEP
DRIVER_MAKEOPTS += CONFIG_WEP=y
endif
define Build/RunMake
CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(1) \
$(TARGET_CONFIGURE_OPTS) \
$(DRIVER_MAKEOPTS) \
LIBS="$(TARGET_LDFLAGS)" \
LIBS_c="$(TARGET_LDFLAGS_C)" \
AR="$(TARGET_CROSS)gcc-ar" \
BCHECK= \
$(if $(findstring s,$(OPENWRT_VERBOSE)),V=1) \
$(2)
endef
define Build/Compile/wpad
echo ` \
$(call Build/RunMake,hostapd,-s MULTICALL=1 dump_cflags); \
$(call Build/RunMake,wpa_supplicant,-s MULTICALL=1 dump_cflags) | \
sed -e 's,-n ,,g' -e 's^$(TARGET_CFLAGS)^^' \
` > $(PKG_BUILD_DIR)/.cflags
sed -i 's/"/\\"/g' $(PKG_BUILD_DIR)/.cflags
+$(call Build/RunMake,hostapd, \
CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
MULTICALL=1 \
hostapd_cli hostapd_multi.a \
)
+$(call Build/RunMake,wpa_supplicant, \
CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
MULTICALL=1 \
wpa_cli wpa_supplicant_multi.a \
)
+export MAKEFLAGS="$(MAKE_JOBSERVER)"; $(TARGET_CC) -o $(PKG_BUILD_DIR)/wpad \
$(TARGET_CFLAGS) \
./files/multicall.c \
$(PKG_BUILD_DIR)/hostapd/hostapd_multi.a \
$(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant_multi.a \
$(TARGET_LDFLAGS)
endef
define Build/Compile/hostapd
+$(call Build/RunMake,hostapd, \
hostapd hostapd_cli \
)
endef
define Build/Compile/supplicant
+$(call Build/RunMake,wpa_supplicant, \
wpa_cli wpa_supplicant \
)
endef
define Build/Compile/supplicant-full-internal
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile/supplicant-full-openssl
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile/supplicant-full-wolfssl
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile/supplicant-full-mbedtls
+$(call Build/RunMake,wpa_supplicant, \
eapol_test \
)
endef
define Build/Compile
$(Build/Compile/$(LOCAL_TYPE))
$(Build/Compile/$(BUILD_VARIANT))
endef
define Install/hostapd/full
$(INSTALL_DIR) $(1)/etc/init.d $(1)/etc/config $(1)/etc/radius
ln -sf hostapd $(1)/usr/sbin/hostapd-radius
$(INSTALL_BIN) ./files/radius.init $(1)/etc/init.d/radius
$(INSTALL_DATA) ./files/radius.config $(1)/etc/config/radius
$(INSTALL_DATA) ./files/radius.clients $(1)/etc/radius/clients
$(INSTALL_DATA) ./files/radius.users $(1)/etc/radius/users
endef
define Package/hostapd-full/conffiles
/etc/config/radius
/etc/radius
endef
ifeq ($(CONFIG_VARIANT),full)
Package/wpad-mesh-openssl/conffiles = $(Package/hostapd-full/conffiles)
Package/wpad-mesh-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
Package/wpad-mesh-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
Package/wpad/conffiles = $(Package/hostapd-full/conffiles)
Package/wpad-openssl/conffiles = $(Package/hostapd-full/conffiles)
Package/wpad-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
Package/wpad-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
Package/hostapd/conffiles = $(Package/hostapd-full/conffiles)
Package/hostapd-openssl/conffiles = $(Package/hostapd-full/conffiles)
Package/hostapd-wolfssl/conffiles = $(Package/hostapd-full/conffiles)
Package/hostapd-mbedtls/conffiles = $(Package/hostapd-full/conffiles)
endif
define Install/hostapd
$(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/share/hostap
$(INSTALL_DATA) ./files/hostapd.uc $(1)/usr/share/hostap/
$(if $(findstring full,$(CONFIG_VARIANT)),$(Install/hostapd/full))
endef
define Install/supplicant
$(INSTALL_DIR) $(1)/usr/sbin $(1)/usr/share/hostap
$(INSTALL_DATA) ./files/wpa_supplicant.uc $(1)/usr/share/hostap/
endef
define Package/hostapd-common/install
$(INSTALL_DIR) $(1)/etc/capabilities $(1)/etc/rc.button $(1)/etc/hotplug.d/ieee80211 $(1)/etc/init.d $(1)/lib/netifd $(1)/usr/share/acl.d $(1)/usr/share/hostap
$(INSTALL_BIN) ./files/dhcp-get-server.sh $(1)/lib/netifd/dhcp-get-server.sh
$(INSTALL_DATA) ./files/hostapd.sh $(1)/lib/netifd/hostapd.sh
$(INSTALL_BIN) ./files/wpad.init $(1)/etc/init.d/wpad
$(INSTALL_BIN) ./files/wps-hotplug.sh $(1)/etc/rc.button/wps
$(INSTALL_DATA) ./files/wpad_acl.json $(1)/usr/share/acl.d
$(INSTALL_DATA) ./files/wpad.json $(1)/etc/capabilities
$(INSTALL_DATA) ./files/common.uc $(1)/usr/share/hostap/
$(INSTALL_DATA) ./files/wdev.uc $(1)/usr/share/hostap/
endef
define Package/hostapd/install
$(call Install/hostapd,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd $(1)/usr/sbin/
endef
Package/hostapd-basic/install = $(Package/hostapd/install)
Package/hostapd-basic-openssl/install = $(Package/hostapd/install)
Package/hostapd-basic-wolfssl/install = $(Package/hostapd/install)
Package/hostapd-basic-mbedtls/install = $(Package/hostapd/install)
Package/hostapd-mini/install = $(Package/hostapd/install)
Package/hostapd-openssl/install = $(Package/hostapd/install)
Package/hostapd-wolfssl/install = $(Package/hostapd/install)
Package/hostapd-mbedtls/install = $(Package/hostapd/install)
ifneq ($(LOCAL_TYPE),supplicant)
define Package/hostapd-utils/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd_cli $(1)/usr/sbin/
endef
endif
define Package/wpad/install
$(call Install/hostapd,$(1))
$(call Install/supplicant,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpad $(1)/usr/sbin/
$(LN) wpad $(1)/usr/sbin/hostapd
$(LN) wpad $(1)/usr/sbin/wpa_supplicant
endef
Package/wpad-basic/install = $(Package/wpad/install)
Package/wpad-basic-openssl/install = $(Package/wpad/install)
Package/wpad-basic-wolfssl/install = $(Package/wpad/install)
Package/wpad-basic-mbedtls/install = $(Package/wpad/install)
Package/wpad-mini/install = $(Package/wpad/install)
Package/wpad-openssl/install = $(Package/wpad/install)
Package/wpad-wolfssl/install = $(Package/wpad/install)
Package/wpad-mbedtls/install = $(Package/wpad/install)
Package/wpad-mesh-openssl/install = $(Package/wpad/install)
Package/wpad-mesh-wolfssl/install = $(Package/wpad/install)
Package/wpad-mesh-mbedtls/install = $(Package/wpad/install)
define Package/wpa-supplicant/install
$(call Install/supplicant,$(1))
$(INSTALL_BIN) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant $(1)/usr/sbin/
endef
Package/wpa-supplicant-basic/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mini/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-p2p/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-openssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-wolfssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mbedtls/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mesh-openssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mesh-wolfssl/install = $(Package/wpa-supplicant/install)
Package/wpa-supplicant-mesh-mbedtls/install = $(Package/wpa-supplicant/install)
ifneq ($(LOCAL_TYPE),hostapd)
define Package/wpa-cli/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_cli $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-internal)
define Package/eapol-test/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-openssl)
define Package/eapol-test-openssl/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl)
define Package/eapol-test-wolfssl/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
ifeq ($(BUILD_VARIANT),supplicant-full-mbedtls)
define Package/eapol-test-mbedtls/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/
endef
endif
# Build hostapd-common before its dependents, to avoid
# spurious rebuilds when building multiple variants.
$(eval $(call BuildPackage,hostapd-common))
$(eval $(call BuildPackage,hostapd))
$(eval $(call BuildPackage,hostapd-basic))
$(eval $(call BuildPackage,hostapd-basic-openssl))
$(eval $(call BuildPackage,hostapd-basic-wolfssl))
$(eval $(call BuildPackage,hostapd-basic-mbedtls))
$(eval $(call BuildPackage,hostapd-mini))
$(eval $(call BuildPackage,hostapd-openssl))
$(eval $(call BuildPackage,hostapd-wolfssl))
$(eval $(call BuildPackage,hostapd-mbedtls))
$(eval $(call BuildPackage,wpad))
$(eval $(call BuildPackage,wpad-mesh-openssl))
$(eval $(call BuildPackage,wpad-mesh-wolfssl))
$(eval $(call BuildPackage,wpad-mesh-mbedtls))
$(eval $(call BuildPackage,wpad-basic))
$(eval $(call BuildPackage,wpad-basic-openssl))
$(eval $(call BuildPackage,wpad-basic-wolfssl))
$(eval $(call BuildPackage,wpad-basic-mbedtls))
$(eval $(call BuildPackage,wpad-mini))
$(eval $(call BuildPackage,wpad-openssl))
$(eval $(call BuildPackage,wpad-wolfssl))
$(eval $(call BuildPackage,wpad-mbedtls))
$(eval $(call BuildPackage,wpa-supplicant))
$(eval $(call BuildPackage,wpa-supplicant-mesh-openssl))
$(eval $(call BuildPackage,wpa-supplicant-mesh-wolfssl))
$(eval $(call BuildPackage,wpa-supplicant-mesh-mbedtls))
$(eval $(call BuildPackage,wpa-supplicant-basic))
$(eval $(call BuildPackage,wpa-supplicant-mini))
$(eval $(call BuildPackage,wpa-supplicant-p2p))
$(eval $(call BuildPackage,wpa-supplicant-openssl))
$(eval $(call BuildPackage,wpa-supplicant-wolfssl))
$(eval $(call BuildPackage,wpa-supplicant-mbedtls))
$(eval $(call BuildPackage,wpa-cli))
$(eval $(call BuildPackage,hostapd-utils))
$(eval $(call BuildPackage,eapol-test))
$(eval $(call BuildPackage,eapol-test-openssl))
$(eval $(call BuildPackage,eapol-test-wolfssl))
$(eval $(call BuildPackage,eapol-test-mbedtls))

419
feeds/hostapd/hostapd/README.md
View File

@@ -1,419 +0,0 @@
# UBUS methods - hostapd
## bss_mgmt_enable
Enable 802.11k/v features.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| neighbor_report | bool | no | enable 802.11k neighbor reports |
| beacon_report | bool | no | enable 802.11k beacon reports |
| link_measurements | bool | no | enable 802.11k link measurements |
| bss_transition | bool | no | enable 802.11v BSS transition support |
### example
`ubus call hostapd.wl5-fb bss_mgmt_enable '{ "neighbor_report": true, "beacon_report": true, "link_measurements": true, "bss_transition": true
}'`
## bss_transition_request
Initiate an 802.11v transition request.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| addr | string | yes | client MAC address |
| disassociation_imminent | bool | no | set Disassociation Imminent bit |
| disassociation_timer | int32 | no | disassociate client if it doesn't roam after this time |
| validity_period | int32 | no | validity of the BSS Transition Candiate List |
| neighbors | array | no | BSS Transition Candidate List |
| abridged | bool | no | prefer APs in the BSS Transition Candidate List |
| dialog_token | int32 | no | identifier for the request/report transaction |
| mbo_reason | int32 | no | MBO Transition Reason Code Attribute |
| cell_pref | int32 | no | MBO Cellular Data Connection Preference Attribute |
| reassoc_delay | int32 | no | MBO Re-association retry delay |
### example
`ubus call hostapd.wl5-fb bss_transition_request '{ "addr": "68:2F:67:8B:98:ED", "disassociation_imminent": false, "disassociation_timer": 0, "validity_period": 30, "neighbors": ["b6a7b9cbeebabf5900008064090603026a00"], "abridged": 1 }'`
## config_add
Dynamically load a BSS configuration from a file. This is used by netifd's mac80211 support script to configure BSSes on multiple PHYs in a single hostapd instance.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| iface | string | yes | WiFi interface name |
| config | string | yes | path to hostapd config file |
## config_remove
Dynamically remove a BSS configuration.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| iface | string | yes | WiFi interface name |
## del_client
Kick a client off the network.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| addr | string | yes | client MAC address |
| reason | int32 | no | 802.11 reason code |
| deauth | bool | no | deauthenticates client instead of disassociating |
| ban_time | int32 | no | ban client for N milliseconds |
### example
`ubus call hostapd.wl5-fb del_client '{ "addr": "68:2f:67:8b:98:ed", "reason": 5, "deauth": true, "ban_time": 10000 }'`
## get_clients
Show associated clients.
### example
`ubus call hostapd.wl5-fb get_clients`
### output
```json
{
"freq": 5260,
"clients": {
"68:2f:67:8b:98:ed": {
"auth": true,
"assoc": true,
"authorized": true,
"preauth": false,
"wds": false,
"wmm": true,
"ht": true,
"vht": true,
"he": false,
"wps": false,
"mfp": true,
"rrm": [
0,
0,
0,
0,
0
],
"extended_capabilities": [
0,
0,
0,
0,
0,
0,
0,
64
],
"aid": 3,
"signature": "wifi4|probe:0,1,45,127,107,191,221(0017f2,10),221(001018,2),htcap:006f,htagg:1b,htmcs:0000ffff,vhtcap:0f825832,vhtrxmcs:0000ffea,vhttxmcs:0000ffea,extcap:0000008000000040|assoc:0,1,33,36,48,45,127,191,221(0017f2,10),221(001018,2),221(0050f2,2),htcap:006f,htagg:1b,htmcs:0000ffff,vhtcap:0f825832,vhtrxmcs:0000ffea,vhttxmcs:0000ffea,txpow:14f9,extcap:0000000000000040",
"bytes": {
"rx": 1933667,
"tx": 746805
},
"airtime": {
"rx": 208863,
"tx": 9037883
},
"packets": {
"rx": 3587,
"tx": 2185
},
"rate": {
"rx": 866700,
"tx": 866700
},
"signal": -50,
"capabilities": {
"vht": {
"su_beamformee": true,
"mu_beamformee": false,
"mcs_map": {
"rx": {
"1ss": 9,
"2ss": 9,
"3ss": 9,
"4ss": -1,
"5ss": -1,
"6ss": -1,
"7ss": -1,
"8ss": -1
},
"tx": {
"1ss": 9,
"2ss": 9,
"3ss": 9,
"4ss": -1,
"5ss": -1,
"6ss": -1,
"7ss": -1,
"8ss": -1
}
}
}
}
}
}
}
```
## get_features
Show HT/VHT support.
### example
`ubus call hostapd.wl5-fb get_features`
### output
```json
{
"ht_supported": true,
"vht_supported": true
}
```
## get_status
Get BSS status.
### example
`ubus call hostapd.wl5-fb get_status`
### output
```json
{
"status": "ENABLED",
"bssid": "b6:a7:b9:cb:ee:bc",
"ssid": "fb",
"freq": 5260,
"channel": 52,
"op_class": 128,
"beacon_interval": 100,
"phy": "wl5-lan",
"rrm": {
"neighbor_report_tx": 0
},
"wnm": {
"bss_transition_query_rx": 0,
"bss_transition_request_tx": 0,
"bss_transition_response_rx": 0
},
"airtime": {
"time": 259561738,
"time_busy": 2844249,
"utilization": 0
},
"dfs": {
"cac_seconds": 60,
"cac_active": false,
"cac_seconds_left": 0
}
}
```
## link_measurement_req
Initiate an 802.11k Link Measurement Request.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| addr | string | yes | client MAC address |
| tx-power-used | int32 | no | transmit power used to transmit the Link Measurement Request frame |
| tx-power-max | int32 | no | upper limit of transmit power to be used by the client |
## list_bans
List banned clients.
### example
`ubus call hostapd.wl5-fb list_bans`
### output
```json
{
"clients": [
"68:2f:67:8b:98:ed"
]
}
```
## notify_response
When enabled, hostapd will send a ubus notification and wait for a response before responding to various requests. This is used by e.g. usteer to make it possible to ignore probe requests.
:warning: enabling this will cause hostapd to stop responding to probe requests unless a ubus subscriber responds to the ubus notifications.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| notify_response | int32 | yes | disable (0) or enable (!0) |
### example
`ubus call hostapd.wl5-fb notify_response '{ "notify_response": 1 }'`
## reload
Reload BSS configuration.
:warning: this can cause problems for certain configurations:
```
Mon May 16 16:09:08 2022 daemon.warn hostapd: Failed to check if DFS is required; ret=-1
Mon May 16 16:09:08 2022 daemon.warn hostapd: Failed to check if DFS is required; ret=-1
Mon May 16 16:09:08 2022 daemon.err hostapd: Wrong coupling between HT and VHT/HE channel setting
```
### example
`ubus call hostapd.wl5-fb reload`
## rrm_beacon_req
Send a Beacon Measurement Request to a client.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| addr | string | yes | client MAC address |
| op_class | int32 | yes | the Regulatory Class for which this Measurement Request applies |
| channel | int32 | yes | channel to measure |
| duration | int32 | yes | compile Beacon Measurement Report after N TU |
| mode | int32 | yes | mode to be used for measurement (0: passive, 1: active, 2: beacon table) |
| bssid | string | no | filter BSSes in Beacon Measurement Report by BSSID |
| ssid | string | no | filter BSSes in Beacon Measurement Report by SSID|
## rrm_nr_get_own
Show Neighbor Report Element for this BSS.
### example
`ubus call hostapd.wl5-fb rrm_nr_get_own`
### output
```json
{
"value": [
"b6:a7:b9:cb:ee:bc",
"fb",
"b6a7b9cbeebcaf5900008095090603029b00"
]
}
```
## rrm_nr_list
Show Neighbor Report Elements for other BSSes in this ESS.
### example
`ubus call hostapd.wl5-fb rrm_nr_list`
### output
```json
{
"list": [
[
"b6:a7:b9:cb:ee:ba",
"fb",
"b6a7b9cbeebabf5900008064090603026a00"
]
]
}
```
## rrm_nr_set
Set the Neighbor Report Elements. An element for the node on which this command is executed will always be added.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| list | array | yes | array of Neighbor Report Elements in the format of the rrm_nr_list output |
### example
`ubus call hostapd.wl5-fb rrm_nr_set '{ "list": [ [ "b6:a7:b9:cb:ee:ba", "fb", "b6a7b9cbeebabf5900008064090603026a00" ] ] }'`
## set_vendor_elements
Configure Vendor-specific Information Elements for BSS.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| vendor_elements | string | yes | Vendor-specific Information Elements as hex string |
### example
`ubus call hostapd.wl5-fb set_vendor_elements '{ "vendor_elements": "dd054857dd6662" }'`
## switch_chan
Initiate a channel switch.
:warning: trying to switch to the channel that is currently in use will fail: `Command failed: Operation not supported`
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| freq | int32 | yes | frequency in MHz to switch to |
| bcn_count | int32 | no | count in Beacon frames (TBTT) to perform the switch |
| center_freq1 | int32 | no | segment 0 center frequency in MHz (valid for HT and VHT) |
| center_freq2 | int32 | no | segment 1 center frequency in MHz (valid only for 80 MHz channel width and an 80+80 channel) |
| bandwidth | int32 | no | channel width to use |
| sec_channel_offset| int32 | no | secondary channel offset for HT40 (0 = disabled, 1 = HT40+, -1 = HT40-) |
| ht | bool | no | enable 802.11n |
| vht | bool | no | enable 802.11ac |
| he | bool | no | enable 802.11ax |
| block_tx | bool | no | block transmission during CSA period |
| csa_force | bool | no | restart the interface in case the CSA fails |
## example
`ubus call hostapd.wl5-fb switch_chan '{ "freq": 5180, "bcn_count": 10, "center_freq1": 5210, "bandwidth": 80, "he": 1, "block_tx": 1, "csa_force": 0 }'`
## update_airtime
Set dynamic airtime weight for client.
### arguments
| Name | Type | Required | Description |
|---|---|---|---|
| sta | string | yes | client MAC address |
| weight | int32 | yes | airtime weight |
## update_beacon
Force beacon frame content to be updated and to start beaconing on an interface that uses start_disabled=1.
### example
`ubus call hostapd.wl5-fb update_beacon`
## wps_status
Get WPS status for BSS.
### example
`ubus call hostapd.wl5-fb wps_status`
### output
```json
{
"pbc_status": "Disabled",
"last_wps_result": "None"
}
```
## wps_cancel
Cancel WPS Push Button Configuration.
### example
`ubus call hostapd.wl5-fb wps_cancel`
## wps_start
Start WPS Push Button Configuration.
### example
`ubus call hostapd.wl5-fb wps_start`

2
feeds/hostapd/hostapd/files/dhcp-get-server.sh
View File

@@ -1,2 +0,0 @@
#!/bin/sh
[ "$1" = bound ] && echo "$serverid"

404
feeds/hostapd/hostapd/files/hostapd-basic.config
View File

@@ -1,404 +0,0 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
#CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
#CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
#CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
#CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
#CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
#CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
#CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
#CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
#CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

404
feeds/hostapd/hostapd/files/hostapd-full.config
View File

@@ -1,404 +0,0 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
CONFIG_CTRL_IFACE_MIB=y

404
feeds/hostapd/hostapd/files/hostapd-mini.config
View File

@@ -1,404 +0,0 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
#CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
#CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
#CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
#CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
#CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
#CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
#CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
#CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
#CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
#CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
#CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

1727
feeds/hostapd/hostapd/files/hostapd.sh
View File

File diff suppressed because it is too large Load Diff

1
feeds/hostapd/hostapd/files/radius.clients
View File

@@ -1 +0,0 @@
0.0.0.0/0 radius

9
feeds/hostapd/hostapd/files/radius.config
View File

@@ -1,9 +0,0 @@
config radius
option disabled '1'
option ca_cert '/etc/radius/ca.pem'
option cert '/etc/radius/cert.pem'
option key '/etc/radius/key.pem'
option users '/etc/radius/users'
option clients '/etc/radius/clients'
option auth_port '1812'
option acct_port '1813'

42
feeds/hostapd/hostapd/files/radius.init
View File

@@ -1,42 +0,0 @@
#!/bin/sh /etc/rc.common
START=30
USE_PROCD=1
NAME=radius
radius_start() {
local cfg="$1"
config_get_bool disabled "$cfg" disabled 0
[ "$disabled" -gt 0 ] && return
config_get ca "$cfg" ca_cert
config_get key "$cfg" key
config_get cert "$cfg" cert
config_get users "$cfg" users
config_get clients "$cfg" clients
config_get auth_port "$cfg" auth_port 1812
config_get acct_port "$cfg" acct_port 1813
config_get identity "$cfg" identity "$(cat /proc/sys/kernel/hostname)"
procd_open_instance $cfg
procd_set_param command /usr/sbin/hostapd-radius \
-C "$ca" \
-c "$cert" -k "$key" \
-s "$clients" -u "$users" \
-p "$auth_port" -P "$acct_port" \
-i "$identity"
procd_close_instance
}
start_service() {
config_load radius
config_foreach radius_start radius
}
service_triggers()
{
procd_add_reload_trigger "radius"
}

14
feeds/hostapd/hostapd/files/radius.users
View File

@@ -1,14 +0,0 @@
{
"phase1": {
"wildcard": [
{
"name": "*",
"methods": [ "PEAP" ]
}
]
},
"phase2": {
"users": {
}
}
}

625
feeds/hostapd/hostapd/files/wpa_supplicant-basic.config
View File

@@ -1,625 +0,0 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
#CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
#CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
#CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
#CONFIG_EAP_TLS=y
# EAL-PEAP
#CONFIG_EAP_PEAP=y
# EAP-TTLS
#CONFIG_EAP_TTLS=y
# EAP-FAST
#CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
#CONFIG_EAP_GTC=y
# EAP-OTP
#CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
#CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
#CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
#CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

625
feeds/hostapd/hostapd/files/wpa_supplicant-full.config
View File

@@ -1,625 +0,0 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
CONFIG_CTRL_IFACE_MIB=y

625
feeds/hostapd/hostapd/files/wpa_supplicant-mini.config
View File

@@ -1,625 +0,0 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
#CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
#CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
#CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
#CONFIG_EAP_TLS=y
# EAL-PEAP
#CONFIG_EAP_PEAP=y
# EAP-TTLS
#CONFIG_EAP_TTLS=y
# EAP-FAST
#CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
#CONFIG_EAP_GTC=y
# EAP-OTP
#CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
#CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
#CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
#CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
#CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

625
feeds/hostapd/hostapd/files/wpa_supplicant-p2p.config
View File

@@ -1,625 +0,0 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
#CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
CONFIG_CTRL_IFACE_MIB=y

16
feeds/hostapd/hostapd/files/wpad_acl.json
View File

@@ -1,16 +0,0 @@
{
"user": "network",
"access": {
"service": {
"methods": [ "event" ]
},
"wpa_supplicant": {
"methods": [ "phy_set_state", "phy_set_macaddr_list", "phy_status" ]
},
"hostapd": {
"methods": [ "apsta_state" ]
}
},
"publish": [ "hostapd", "hostapd.*", "wpa_supplicant", "wpa_supplicant.*" ],
"send": [ "bss.*", "wps_credentials" ]
}

69
feeds/hostapd/hostapd/files/wps-hotplug.sh
View File

@@ -1,69 +0,0 @@
#!/bin/sh
wps_catch_credentials() {
local iface ifaces ifc ifname ssid encryption key radio radios
local found=0
. /usr/share/libubox/jshn.sh
ubus -S -t 30 listen wps_credentials | while read creds; do
json_init
json_load "$creds"
json_select wps_credentials || continue
json_get_vars ifname ssid key encryption
local ifcname="$ifname"
json_init
json_load "$(ubus -S call network.wireless status)"
json_get_keys radios
for radio in $radios; do
json_select $radio
json_select interfaces
json_get_keys ifaces
for ifc in $ifaces; do
json_select $ifc
json_get_vars ifname
[ "$ifname" = "$ifcname" ] && {
ubus -S call uci set "{\"config\":\"wireless\", \"type\":\"wifi-iface\", \
\"match\": { \"device\": \"$radio\", \"encryption\": \"wps\" }, \
\"values\": { \"encryption\": \"$encryption\", \
\"ssid\": \"$ssid\", \
\"key\": \"$key\" } }"
ubus -S call uci commit '{"config": "wireless"}'
ubus -S call uci apply
}
json_select ..
done
json_select ..
json_select ..
done
done
}
if [ "$ACTION" = "released" ] && [ "$BUTTON" = "wps" ]; then
# If the button was pressed for 3 seconds or more, trigger WPS on
# wpa_supplicant only, no matter if hostapd is running or not. If
# was pressed for less than 3 seconds, try triggering on
# hostapd. If there is no hostapd instance to trigger it on or WPS
# is not enabled on them, trigger it on wpa_supplicant.
if [ "$SEEN" -lt 3 ] ; then
wps_done=0
ubusobjs="$( ubus -S list hostapd.* )"
for ubusobj in $ubusobjs; do
ubus -S call $ubusobj wps_start && wps_done=1
done
[ $wps_done = 0 ] || return 0
fi
wps_done=0
ubusobjs="$( ubus -S list wpa_supplicant.* )"
for ubusobj in $ubusobjs; do
ifname="$(echo $ubusobj | cut -d'.' -f2 )"
multi_ap=""
if [ -e "/var/run/wpa_supplicant-${ifname}.conf.is_multiap" ]; then
ubus -S call $ubusobj wps_start '{ "multi_ap": true }' && wps_done=1
else
ubus -S call $ubusobj wps_start && wps_done=1
fi
done
[ $wps_done = 0 ] || wps_catch_credentials &
fi
return 0

135
feeds/hostapd/hostapd/patches/010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
View File

@@ -1,135 +0,0 @@
From 8de8cd8380af0c43d4fde67a668d79ef73b26b26 Mon Sep 17 00:00:00 2001
From: Peter Oh <peter.oh@bowerswilkins.com>
Date: Tue, 30 Jun 2020 14:18:58 +0200
Subject: [PATCH 10/19] mesh: Allow DFS channels to be selected if dfs is
enabled
Note: DFS is assumed to be usable if a country code has been set
Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
---
wpa_supplicant/wpa_supplicant.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2638,7 +2638,7 @@ static int drv_supports_vht(struct wpa_s
}
-static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode)
+static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode, bool dfs_enabled)
{
int i;
@@ -2647,7 +2647,10 @@ static bool ibss_mesh_is_80mhz_avail(int
chan = hw_get_channel_chan(mode, i, NULL);
if (!chan ||
- chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
+ chan->flag & HOSTAPD_CHAN_DISABLED)
+ return false;
+
+ if (!dfs_enabled && chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
return false;
}
@@ -2774,7 +2777,7 @@ static void ibss_mesh_select_40mhz(struc
const struct wpa_ssid *ssid,
struct hostapd_hw_modes *mode,
struct hostapd_freq_params *freq,
- int obss_scan) {
+ int obss_scan, bool dfs_enabled) {
int chan_idx;
struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
int i, res;
@@ -2798,8 +2801,11 @@ static void ibss_mesh_select_40mhz(struc
return;
/* Check primary channel flags */
- if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
+ if (pri_chan->flag & HOSTAPD_CHAN_DISABLED)
return;
+ if (pri_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
+ if (!dfs_enabled)
+ return;
#ifdef CONFIG_HT_OVERRIDES
if (ssid->disable_ht40)
@@ -2825,8 +2831,11 @@ static void ibss_mesh_select_40mhz(struc
return;
/* Check secondary channel flags */
- if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
+ if (sec_chan->flag & HOSTAPD_CHAN_DISABLED)
return;
+ if (sec_chan->flag & (HOSTAPD_CHAN_RADAR | HOSTAPD_CHAN_NO_IR))
+ if (!dfs_enabled)
+ return;
if (ht40 == -1) {
if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
@@ -2880,7 +2889,7 @@ static bool ibss_mesh_select_80_160mhz(s
const struct wpa_ssid *ssid,
struct hostapd_hw_modes *mode,
struct hostapd_freq_params *freq,
- int ieee80211_mode, bool is_6ghz) {
+ int ieee80211_mode, bool is_6ghz, bool dfs_enabled) {
static const int bw80[] = {
5180, 5260, 5500, 5580, 5660, 5745, 5825,
5955, 6035, 6115, 6195, 6275, 6355, 6435,
@@ -2925,7 +2934,7 @@ static bool ibss_mesh_select_80_160mhz(s
goto skip_80mhz;
/* Use 40 MHz if channel not usable */
- if (!ibss_mesh_is_80mhz_avail(channel, mode))
+ if (!ibss_mesh_is_80mhz_avail(channel, mode, dfs_enabled))
goto skip_80mhz;
chwidth = CONF_OPER_CHWIDTH_80MHZ;
@@ -2939,7 +2948,7 @@ static bool ibss_mesh_select_80_160mhz(s
if ((mode->he_capab[ieee80211_mode].phy_cap[
HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz &&
- ibss_mesh_is_80mhz_avail(channel + 16, mode)) {
+ ibss_mesh_is_80mhz_avail(channel + 16, mode, dfs_enabled)) {
for (j = 0; j < ARRAY_SIZE(bw160); j++) {
if (freq->freq == bw160[j]) {
chwidth = CONF_OPER_CHWIDTH_160MHZ;
@@ -2967,10 +2976,12 @@ static bool ibss_mesh_select_80_160mhz(s
if (!chan)
continue;
- if (chan->flag & (HOSTAPD_CHAN_DISABLED |
- HOSTAPD_CHAN_NO_IR |
- HOSTAPD_CHAN_RADAR))
+ if (chan->flag & HOSTAPD_CHAN_DISABLED)
continue;
+ if (chan->flag & (HOSTAPD_CHAN_RADAR |
+ HOSTAPD_CHAN_NO_IR))
+ if (!dfs_enabled)
+ continue;
/* Found a suitable second segment for 80+80 */
chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
@@ -3025,6 +3036,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
int i, obss_scan = 1;
u8 channel;
bool is_6ghz;
+ bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
freq->freq = ssid->frequency;
@@ -3070,9 +3082,9 @@ void ibss_mesh_setup_freq(struct wpa_sup
freq->channel = channel;
/* Setup higher BW only for 5 GHz */
if (mode->mode == HOSTAPD_MODE_IEEE80211A) {
- ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan);
+ ibss_mesh_select_40mhz(wpa_s, ssid, mode, freq, obss_scan, dfs_enabled);
if (!ibss_mesh_select_80_160mhz(wpa_s, ssid, mode, freq,
- ieee80211_mode, is_6ghz))
+ ieee80211_mode, is_6ghz, dfs_enabled))
freq->he_enabled = freq->vht_enabled = false;
}

81
feeds/hostapd/hostapd/patches/011-mesh-use-deterministic-channel-on-channel-switch.patch
View File

@@ -1,81 +0,0 @@
From fc8ea40f6130ac18d9c66797de2cf1d5af55d496 Mon Sep 17 00:00:00 2001
From: Markus Theil <markus.theil@tu-ilmenau.de>
Date: Tue, 30 Jun 2020 14:19:07 +0200
Subject: [PATCH 19/19] mesh: use deterministic channel on channel switch
This patch uses a deterministic channel on DFS channel switch
in mesh networks. Otherwise, when switching to a usable but not
available channel, no CSA can be sent and a random channel is choosen
without notification of other nodes. It is then quite likely, that
the mesh network gets disconnected.
Fix this by using a deterministic number, based on the sha256 hash
of the mesh ID, in order to use at least a different number in each
mesh network.
Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
---
src/ap/dfs.c | 20 +++++++++++++++++++-
src/drivers/driver_nl80211.c | 4 ++++
2 files changed, 23 insertions(+), 1 deletion(-)
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
@@ -17,6 +17,7 @@
#include "ap_drv_ops.h"
#include "drivers/driver.h"
#include "dfs.h"
+#include "crypto/crypto.h"
enum dfs_channel_type {
@@ -526,9 +527,14 @@ dfs_get_valid_channel(struct hostapd_ifa
int num_available_chandefs;
int chan_idx, chan_idx2;
int sec_chan_idx_80p80 = -1;
+ bool is_mesh = false;
int i;
u32 _rand;
+#ifdef CONFIG_MESH
+ is_mesh = iface->mconf;
+#endif
+
wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
*secondary_channel = 0;
*oper_centr_freq_seg0_idx = 0;
@@ -548,8 +554,20 @@ dfs_get_valid_channel(struct hostapd_ifa
if (num_available_chandefs == 0)
return NULL;
- if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
+ /* try to use deterministic channel in mesh, so that both sides
+ * have a chance to switch to the same channel */
+ if (is_mesh) {
+#ifdef CONFIG_MESH
+ u64 hash[4];
+ const u8 *meshid[1] = { &iface->mconf->meshid[0] };
+ const size_t meshid_len = iface->mconf->meshid_len;
+
+ sha256_vector(1, meshid, &meshid_len, (u8 *)&hash[0]);
+ _rand = hash[0] + hash[1] + hash[2] + hash[3];
+#endif
+ } else if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
return NULL;
+
chan_idx = _rand % num_available_chandefs;
dfs_find_channel(iface, &chan, chan_idx, type);
if (!chan) {
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -11017,6 +11017,10 @@ static int nl80211_switch_channel(void *
if (ret)
goto error;
+ if (drv->nlmode == NL80211_IFTYPE_MESH_POINT) {
+ nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS);
+ }
+
/* beacon_csa params */
beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
if (!beacon_csa)

25
feeds/hostapd/hostapd/patches/022-hostapd-fix-use-of-uninitialized-stack-variables.patch
View File

@@ -1,25 +0,0 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 8 Jul 2021 16:33:03 +0200
Subject: [PATCH] hostapd: fix use of uninitialized stack variables
When a CSA is performed on an 80 MHz channel, hostapd_change_config_freq
unconditionally calls hostapd_set_oper_centr_freq_seg0/1_idx with seg0/1
filled by ieee80211_freq_to_chan.
However, if ieee80211_freq_to_chan fails (because the freq is 0 or invalid),
seg0/1 remains uninitialized and filled with stack garbage, causing errors
such as "hostapd: 80 MHz: center segment 1 configured"
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -3764,7 +3764,7 @@ static int hostapd_change_config_freq(st
struct hostapd_freq_params *old_params)
{
int channel;
- u8 seg0, seg1;
+ u8 seg0 = 0, seg1 = 0;
struct hostapd_hw_modes *mode;
if (!params->channel) {

275
feeds/hostapd/hostapd/patches/030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
View File

@@ -1,275 +0,0 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Wed, 28 Jul 2021 05:49:46 +0200
Subject: [PATCH] driver_nl80211: rewrite neigh code to not depend on
libnl3-route
Removes an unnecessary dependency and also makes the code smaller
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -16,9 +16,6 @@
#include <net/if.h>
#include <netlink/genl/genl.h>
#include <netlink/genl/ctrl.h>
-#ifdef CONFIG_LIBNL3_ROUTE
-#include <netlink/route/neighbour.h>
-#endif /* CONFIG_LIBNL3_ROUTE */
#include <linux/rtnetlink.h>
#include <netpacket/packet.h>
#include <linux/errqueue.h>
@@ -5783,26 +5780,29 @@ fail:
static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
{
-#ifdef CONFIG_LIBNL3_ROUTE
struct wpa_driver_nl80211_data *drv = bss->drv;
- struct rtnl_neigh *rn;
- struct nl_addr *nl_addr;
+ struct ndmsg nhdr = {
+ .ndm_state = NUD_PERMANENT,
+ .ndm_ifindex = bss->ifindex,
+ .ndm_family = AF_BRIDGE,
+ };
+ struct nl_msg *msg;
int err;
- rn = rtnl_neigh_alloc();
- if (!rn)
+ msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
+ if (!msg)
return;
- rtnl_neigh_set_family(rn, AF_BRIDGE);
- rtnl_neigh_set_ifindex(rn, bss->ifindex);
- nl_addr = nl_addr_build(AF_BRIDGE, (void *) addr, ETH_ALEN);
- if (!nl_addr) {
- rtnl_neigh_put(rn);
- return;
- }
- rtnl_neigh_set_lladdr(rn, nl_addr);
+ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
+ goto errout;
+
+ if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
+ goto errout;
+
+ if (nl_send_auto_complete(drv->rtnl_sk, msg) < 0)
+ goto errout;
- err = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
+ err = nl_wait_for_ack(drv->rtnl_sk);
if (err < 0) {
wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
@@ -5812,9 +5812,8 @@ static void rtnl_neigh_delete_fdb_entry(
MACSTR, MAC2STR(addr));
}
- nl_addr_put(nl_addr);
- rtnl_neigh_put(rn);
-#endif /* CONFIG_LIBNL3_ROUTE */
+errout:
+ nlmsg_free(msg);
}
@@ -8492,7 +8491,6 @@ static void *i802_init(struct hostapd_da
(params->num_bridge == 0 || !params->bridge[0]))
add_ifidx(drv, br_ifindex, drv->ifindex);
-#ifdef CONFIG_LIBNL3_ROUTE
if (bss->added_if_into_bridge || bss->already_in_bridge) {
int err;
@@ -8509,7 +8507,6 @@ static void *i802_init(struct hostapd_da
goto failed;
}
}
-#endif /* CONFIG_LIBNL3_ROUTE */
if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
wpa_printf(MSG_DEBUG,
@@ -11883,13 +11880,14 @@ static int wpa_driver_br_add_ip_neigh(vo
const u8 *ipaddr, int prefixlen,
const u8 *addr)
{
-#ifdef CONFIG_LIBNL3_ROUTE
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
- struct rtnl_neigh *rn;
- struct nl_addr *nl_ipaddr = NULL;
- struct nl_addr *nl_lladdr = NULL;
- int family, addrsize;
+ struct ndmsg nhdr = {
+ .ndm_state = NUD_PERMANENT,
+ .ndm_ifindex = bss->br_ifindex,
+ };
+ struct nl_msg *msg;
+ int addrsize;
int res;
if (!ipaddr || prefixlen == 0 || !addr)
@@ -11908,85 +11906,66 @@ static int wpa_driver_br_add_ip_neigh(vo
}
if (version == 4) {
- family = AF_INET;
+ nhdr.ndm_family = AF_INET;
addrsize = 4;
} else if (version == 6) {
- family = AF_INET6;
+ nhdr.ndm_family = AF_INET6;
addrsize = 16;
} else {
return -EINVAL;
}
- rn = rtnl_neigh_alloc();
- if (rn == NULL)
+ msg = nlmsg_alloc_simple(RTM_NEWNEIGH, NLM_F_CREATE);
+ if (!msg)
return -ENOMEM;
- /* set the destination ip address for neigh */
- nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
- if (nl_ipaddr == NULL) {
- wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
- res = -ENOMEM;
+ res = -ENOMEM;
+ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
goto errout;
- }
- nl_addr_set_prefixlen(nl_ipaddr, prefixlen);
- res = rtnl_neigh_set_dst(rn, nl_ipaddr);
- if (res) {
- wpa_printf(MSG_DEBUG,
- "nl80211: neigh set destination addr failed");
+
+ if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
goto errout;
- }
- /* set the corresponding lladdr for neigh */
- nl_lladdr = nl_addr_build(AF_BRIDGE, (u8 *) addr, ETH_ALEN);
- if (nl_lladdr == NULL) {
- wpa_printf(MSG_DEBUG, "nl80211: neigh set lladdr failed");
- res = -ENOMEM;
+ if (nla_put(msg, NDA_LLADDR, ETH_ALEN, (void *)addr))
goto errout;
- }
- rtnl_neigh_set_lladdr(rn, nl_lladdr);
- rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
- rtnl_neigh_set_state(rn, NUD_PERMANENT);
+ res = nl_send_auto_complete(drv->rtnl_sk, msg);
+ if (res < 0)
+ goto errout;
- res = rtnl_neigh_add(drv->rtnl_sk, rn, NLM_F_CREATE);
+ res = nl_wait_for_ack(drv->rtnl_sk);
if (res) {
wpa_printf(MSG_DEBUG,
"nl80211: Adding bridge ip neigh failed: %s",
nl_geterror(res));
}
errout:
- if (nl_lladdr)
- nl_addr_put(nl_lladdr);
- if (nl_ipaddr)
- nl_addr_put(nl_ipaddr);
- if (rn)
- rtnl_neigh_put(rn);
+ nlmsg_free(msg);
return res;
-#else /* CONFIG_LIBNL3_ROUTE */
- return -1;
-#endif /* CONFIG_LIBNL3_ROUTE */
}
static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
const u8 *ipaddr)
{
-#ifdef CONFIG_LIBNL3_ROUTE
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
- struct rtnl_neigh *rn;
- struct nl_addr *nl_ipaddr;
- int family, addrsize;
+ struct ndmsg nhdr = {
+ .ndm_state = NUD_PERMANENT,
+ .ndm_ifindex = bss->br_ifindex,
+ };
+ struct nl_msg *msg;
+ int addrsize;
int res;
if (!ipaddr)
return -EINVAL;
if (version == 4) {
- family = AF_INET;
+ nhdr.ndm_family = AF_INET;
addrsize = 4;
} else if (version == 6) {
- family = AF_INET6;
+ nhdr.ndm_family = AF_INET6;
addrsize = 16;
} else {
return -EINVAL;
@@ -12004,41 +11983,30 @@ static int wpa_driver_br_delete_ip_neigh
return -1;
}
- rn = rtnl_neigh_alloc();
- if (rn == NULL)
+ msg = nlmsg_alloc_simple(RTM_DELNEIGH, NLM_F_CREATE);
+ if (!msg)
return -ENOMEM;
- /* set the destination ip address for neigh */
- nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
- if (nl_ipaddr == NULL) {
- wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
- res = -ENOMEM;
+ res = -ENOMEM;
+ if (nlmsg_append(msg, &nhdr, sizeof(nhdr), NLMSG_ALIGNTO) < 0)
goto errout;
- }
- res = rtnl_neigh_set_dst(rn, nl_ipaddr);
- if (res) {
- wpa_printf(MSG_DEBUG,
- "nl80211: neigh set destination addr failed");
+
+ if (nla_put(msg, NDA_DST, addrsize, (void *)ipaddr))
goto errout;
- }
- rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
+ res = nl_send_auto_complete(drv->rtnl_sk, msg);
+ if (res < 0)
+ goto errout;
- res = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
+ res = nl_wait_for_ack(drv->rtnl_sk);
if (res) {
wpa_printf(MSG_DEBUG,
"nl80211: Deleting bridge ip neigh failed: %s",
nl_geterror(res));
}
errout:
- if (nl_ipaddr)
- nl_addr_put(nl_ipaddr);
- if (rn)
- rtnl_neigh_put(rn);
+ nlmsg_free(msg);
return res;
-#else /* CONFIG_LIBNL3_ROUTE */
- return -1;
-#endif /* CONFIG_LIBNL3_ROUTE */
}

34
feeds/hostapd/hostapd/patches/040-mesh-allow-processing-authentication-frames-in-block.patch
View File

@@ -1,34 +0,0 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Mon, 18 Feb 2019 12:57:11 +0100
Subject: [PATCH] mesh: allow processing authentication frames in blocked state
If authentication fails repeatedly e.g. because of a weak signal, the link
can end up in blocked state. If one of the nodes tries to establish a link
again before it is unblocked on the other side, it will block the link to
that other side. The same happens on the other side when it unblocks the
link. In that scenario, the link never recovers on its own.
To fix this, allow restarting authentication even if the link is in blocked
state, but don't initiate the attempt until the blocked period is over.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -3020,15 +3020,6 @@ static void handle_auth(struct hostapd_d
seq_ctrl);
return;
}
-#ifdef CONFIG_MESH
- if ((hapd->conf->mesh & MESH_ENABLED) &&
- sta->plink_state == PLINK_BLOCKED) {
- wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
- " is blocked - drop Authentication frame",
- MAC2STR(sa));
- return;
- }
-#endif /* CONFIG_MESH */
#ifdef CONFIG_PASN
if (auth_alg == WLAN_AUTH_PASN &&
(sta->flags & WLAN_STA_ASSOC)) {

141
feeds/hostapd/hostapd/patches/170-hostapd-update-cfs0-and-cfs1-for-160MHz.patch
View File

@@ -1,141 +0,0 @@
From d4c4ef302f98fd6bce173b8636e7e350d8b44981 Mon Sep 17 00:00:00 2001
From: P Praneesh <ppranees@codeaurora.org>
Date: Fri, 19 Mar 2021 12:17:27 +0530
Subject: [PATCH] hostapd: update cfs0 and cfs1 for 160MHz
As per standard Draft P802.11ax_D8.0,( Table 26-9—Setting
of the VHT Channel Width and VHT NSS at an HE STA
transmitting the OM Control subfield ), center frequency of
160MHz should be published in HT information subset 2 of
HT information when EXT NSS BW field is enabled.
If the supported number of NSS in 160MHz is at least max NSS
support, then center_freq_seg0 indicates the center frequency of 80MHz and
center_freq_seg1 indicates the center frequency of 160MHz.
If the supported number of NSS in 160MHz is less than max NSS
support, then center_freq_seg0 indicates the center frequency of 80MHz and
center_freq_seg1 is 0. The center frequency of 160MHz is published in HT
operation information element instead.
Signed-off-by: P Praneesh <ppranees@codeaurora.org>
---
hostapd/config_file.c | 2 ++
src/ap/ieee802_11_ht.c | 7 +++++++
src/ap/ieee802_11_vht.c | 16 ++++++++++++++++
src/common/hw_features_common.c | 1 +
src/common/ieee802_11_defs.h | 1 +
5 files changed, 27 insertions(+)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1153,6 +1153,8 @@ static int hostapd_config_vht_capab(stru
conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
+ if (os_strstr(capab, "[EXT-NSS-BW-SUPP]"))
+ conf->vht_capab |= VHT_CAP_EXTENDED_NSS_BW_SUPPORT;
return 0;
}
#endif /* CONFIG_IEEE80211AC */
--- a/src/ap/ieee802_11_ht.c
+++ b/src/ap/ieee802_11_ht.c
@@ -82,7 +82,9 @@ u8 * hostapd_eid_ht_capabilities(struct
u8 * hostapd_eid_ht_operation(struct hostapd_data *hapd, u8 *eid)
{
struct ieee80211_ht_operation *oper;
+ le32 vht_capabilities_info;
u8 *pos = eid;
+ u8 chwidth;
if (!hapd->iconf->ieee80211n || hapd->conf->disable_11n ||
is_6ghz_op_class(hapd->iconf->op_class))
@@ -103,6 +105,13 @@ u8 * hostapd_eid_ht_operation(struct hos
oper->ht_param |= HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW |
HT_INFO_HT_PARAM_STA_CHNL_WIDTH;
+ vht_capabilities_info = host_to_le32(hapd->iface->current_mode->vht_capab);
+ chwidth = hostapd_get_oper_chwidth(hapd->iconf);
+ if (vht_capabilities_info & VHT_CAP_EXTENDED_NSS_BW_SUPPORT
+ && ((chwidth == CHANWIDTH_160MHZ) || (chwidth == CHANWIDTH_80P80MHZ))) {
+ oper->operation_mode = host_to_le16(hapd->iconf->vht_oper_centr_freq_seg0_idx << 5);
+ }
+
pos += sizeof(*oper);
return pos;
--- a/src/ap/ieee802_11_vht.c
+++ b/src/ap/ieee802_11_vht.c
@@ -25,6 +25,7 @@ u8 * hostapd_eid_vht_capabilities(struct
struct ieee80211_vht_capabilities *cap;
struct hostapd_hw_modes *mode = hapd->iface->current_mode;
u8 *pos = eid;
+ u8 chwidth;
if (!mode || is_6ghz_op_class(hapd->iconf->op_class))
return eid;
@@ -62,6 +63,17 @@ u8 * hostapd_eid_vht_capabilities(struct
host_to_le32(nsts << VHT_CAP_BEAMFORMEE_STS_OFFSET);
}
+ chwidth = hostapd_get_oper_chwidth(hapd->iconf);
+ if (((host_to_le32(mode->vht_capab)) & VHT_CAP_EXTENDED_NSS_BW_SUPPORT)
+ && ((chwidth == CHANWIDTH_160MHZ) || (chwidth == CHANWIDTH_80P80MHZ))) {
+ cap->vht_capabilities_info |= VHT_CAP_EXTENDED_NSS_BW_SUPPORT;
+ cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ));
+ cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_160MHZ));
+ cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_MASK));
+ } else {
+ cap->vht_capabilities_info &= ~VHT_CAP_EXTENDED_NSS_BW_SUPPORT_MASK;
+ }
+
/* Supported MCS set comes from hw */
os_memcpy(&cap->vht_supported_mcs_set, mode->vht_mcs_set, 8);
@@ -74,6 +86,7 @@ u8 * hostapd_eid_vht_capabilities(struct
u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid)
{
struct ieee80211_vht_operation *oper;
+ le32 vht_capabilities_info;
u8 *pos = eid;
enum oper_chan_width oper_chwidth =
hostapd_get_oper_chwidth(hapd->iconf);
@@ -106,6 +119,7 @@ u8 * hostapd_eid_vht_operation(struct ho
oper->vht_op_info_chan_center_freq_seg1_idx = seg1;
oper->vht_op_info_chwidth = oper_chwidth;
+ vht_capabilities_info = host_to_le32(hapd->iface->current_mode->vht_capab);
if (oper_chwidth == CONF_OPER_CHWIDTH_160MHZ) {
/*
* Convert 160 MHz channel width to new style as interop
@@ -119,6 +133,9 @@ u8 * hostapd_eid_vht_operation(struct ho
oper->vht_op_info_chan_center_freq_seg0_idx -= 8;
else
oper->vht_op_info_chan_center_freq_seg0_idx += 8;
+
+ if (vht_capabilities_info & VHT_CAP_EXTENDED_NSS_BW_SUPPORT)
+ oper->vht_op_info_chan_center_freq_seg1_idx = 0;
} else if (oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ) {
/*
* Convert 80+80 MHz channel width to new style as interop
--- a/src/common/hw_features_common.c
+++ b/src/common/hw_features_common.c
@@ -811,6 +811,7 @@ int ieee80211ac_cap_check(u32 hw, u32 co
VHT_CAP_CHECK(VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB);
VHT_CAP_CHECK(VHT_CAP_RX_ANTENNA_PATTERN);
VHT_CAP_CHECK(VHT_CAP_TX_ANTENNA_PATTERN);
+ VHT_CAP_CHECK(VHT_CAP_EXTENDED_NSS_BW_SUPPORT);
#undef VHT_CAP_CHECK
#undef VHT_CAP_CHECK_MAX
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -1349,6 +1349,8 @@ struct ieee80211_ampe_ie {
#define VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB ((u32) BIT(26) | BIT(27))
#define VHT_CAP_RX_ANTENNA_PATTERN ((u32) BIT(28))
#define VHT_CAP_TX_ANTENNA_PATTERN ((u32) BIT(29))
+#define VHT_CAP_EXTENDED_NSS_BW_SUPPORT ((u32) BIT(30))
+#define VHT_CAP_EXTENDED_NSS_BW_SUPPORT_MASK ((u32) BIT(30) | BIT(31))
#define VHT_OPMODE_CHANNEL_WIDTH_MASK ((u8) BIT(0) | BIT(1))
#define VHT_OPMODE_CHANNEL_RxNSS_MASK ((u8) BIT(4) | BIT(5) | \

71
feeds/hostapd/hostapd/patches/301-mesh-noscan.patch
View File

@@ -1,71 +0,0 @@
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -2600,6 +2600,7 @@ static const struct parse_data ssid_fiel
#else /* CONFIG_MESH */
{ INT_RANGE(mode, 0, 4) },
#endif /* CONFIG_MESH */
+ { INT_RANGE(noscan, 0, 1) },
{ INT_RANGE(proactive_key_caching, 0, 1) },
{ INT_RANGE(disabled, 0, 2) },
{ STR(id_str) },
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -775,6 +775,7 @@ static void wpa_config_write_network(FIL
#endif /* IEEE8021X_EAPOL */
INT(mode);
INT(no_auto_peer);
+ INT(noscan);
INT(mesh_fwding);
INT(frequency);
INT(enable_edmg);
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -506,6 +506,8 @@ static int wpa_supplicant_mesh_init(stru
frequency);
goto out_free;
}
+ if (ssid->noscan)
+ conf->noscan = 1;
if (ssid->mesh_basic_rates == NULL) {
/*
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2710,7 +2710,7 @@ static bool ibss_mesh_can_use_vht(struct
const struct wpa_ssid *ssid,
struct hostapd_hw_modes *mode)
{
- if (mode->mode != HOSTAPD_MODE_IEEE80211A)
+ if (mode->mode != HOSTAPD_MODE_IEEE80211A && !(ssid->noscan))
return false;
if (!drv_supports_vht(wpa_s, ssid))
@@ -2783,7 +2783,7 @@ static void ibss_mesh_select_40mhz(struc
int i, res;
unsigned int j;
static const int ht40plus[] = {
- 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
+ 1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157, 165, 173,
184, 192
};
int ht40 = -1;
@@ -3033,7 +3033,7 @@ void ibss_mesh_setup_freq(struct wpa_sup
int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
enum hostapd_hw_mode hw_mode;
struct hostapd_hw_modes *mode = NULL;
- int i, obss_scan = 1;
+ int i, obss_scan = !(ssid->noscan);
u8 channel;
bool is_6ghz;
bool dfs_enabled = wpa_s->conf->country[0] && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_RADAR);
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -1035,6 +1035,8 @@ struct wpa_ssid {
*/
int no_auto_peer;
+ int noscan;
+
/**
* mesh_rssi_threshold - Set mesh parameter mesh_rssi_threshold (dBm)
*

11
feeds/hostapd/hostapd/patches/310-rescan_immediately.patch
View File

@@ -1,11 +0,0 @@
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -5767,7 +5767,7 @@ wpa_supplicant_alloc(struct wpa_supplica
if (wpa_s == NULL)
return NULL;
wpa_s->scan_req = INITIAL_SCAN_REQ;
- wpa_s->scan_interval = 5;
+ wpa_s->scan_interval = 1;
wpa_s->new_connection = 1;
wpa_s->parent = parent ? parent : wpa_s;
wpa_s->p2pdev = wpa_s->parent;

39
feeds/hostapd/hostapd/patches/341-mesh-ctrl-iface-channel-switch.patch
View File

@@ -1,39 +0,0 @@
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -1825,15 +1825,35 @@ int ap_switch_channel(struct wpa_supplic
#ifdef CONFIG_CTRL_IFACE
+
+static int __ap_ctrl_iface_chanswitch(struct hostapd_iface *iface,
+ struct csa_settings *settings)
+{
+#ifdef NEED_AP_MLME
+ if (!iface || !iface->bss[0])
+ return 0;
+
+ return hostapd_switch_channel(iface->bss[0], settings);
+#else
+ return -1;
+#endif
+}
+
+
int ap_ctrl_iface_chanswitch(struct wpa_supplicant *wpa_s, const char *pos)
{
struct csa_settings settings;
int ret = hostapd_parse_csa_settings(pos, &settings);
+ if (!(wpa_s->ap_iface && wpa_s->ap_iface->bss[0]) &&
+ !(wpa_s->ifmsh && wpa_s->ifmsh->bss[0]))
+ return -1;
+
+ ret = __ap_ctrl_iface_chanswitch(wpa_s->ap_iface, &settings);
if (ret)
return ret;
- return ap_switch_channel(wpa_s, &settings);
+ return __ap_ctrl_iface_chanswitch(wpa_s->ifmsh, &settings);
}
#endif /* CONFIG_CTRL_IFACE */

35
feeds/hostapd/hostapd/patches/350-nl80211_del_beacon_bss.patch
View File

@@ -1,35 +0,0 @@
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3008,12 +3008,12 @@ static int wpa_driver_nl80211_del_beacon
return 0;
wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
- drv->ifindex);
+ bss->ifindex);
link->beacon_set = 0;
link->freq = 0;
nl80211_put_wiphy_data_ap(bss);
- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
+ msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
if (!msg)
return -ENOBUFS;
@@ -6100,7 +6100,7 @@ static void nl80211_teardown_ap(struct i
nl80211_mgmt_unsubscribe(bss, "AP teardown");
nl80211_put_wiphy_data_ap(bss);
- bss->flink->beacon_set = 0;
+ wpa_driver_nl80211_del_beacon_all(bss);
}
@@ -8859,8 +8859,6 @@ static int wpa_driver_nl80211_if_remove(
} else {
wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
nl80211_teardown_ap(bss);
- if (!bss->added_if && !drv->first_bss->next)
- wpa_driver_nl80211_del_beacon_all(bss);
nl80211_destroy_bss(bss);
if (!bss->added_if)
i802_set_iface_flags(bss, 0);

239
feeds/hostapd/hostapd/patches/380-disable_ctrl_iface_mib.patch
View File

@@ -1,239 +0,0 @@
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -221,6 +221,9 @@ endif
ifdef CONFIG_NO_CTRL_IFACE
CFLAGS += -DCONFIG_NO_CTRL_IFACE
else
+ifdef CONFIG_CTRL_IFACE_MIB
+CFLAGS += -DCONFIG_CTRL_IFACE_MIB
+endif
ifeq ($(CONFIG_CTRL_IFACE), udp)
CFLAGS += -DCONFIG_CTRL_IFACE_UDP
else
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -3314,6 +3314,7 @@ static int hostapd_ctrl_iface_receive_pr
reply_size);
} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
reply_len = hostapd_drv_status(hapd, reply, reply_size);
+#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
if (reply_len >= 0) {
@@ -3355,6 +3356,7 @@ static int hostapd_ctrl_iface_receive_pr
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
reply_size);
+#endif
} else if (os_strcmp(buf, "ATTACH") == 0) {
if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
reply_len = -1;
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -983,6 +983,9 @@ ifdef CONFIG_FILS
OBJS += ../src/ap/fils_hlp.o
endif
ifdef CONFIG_CTRL_IFACE
+ifdef CONFIG_CTRL_IFACE_MIB
+CFLAGS += -DCONFIG_CTRL_IFACE_MIB
+endif
OBJS += ../src/ap/ctrl_iface_ap.o
endif
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -2326,7 +2326,7 @@ static int wpa_supplicant_ctrl_iface_sta
pos += ret;
}
-#ifdef CONFIG_AP
+#if defined(CONFIG_AP) && defined(CONFIG_CTRL_IFACE_MIB)
if (wpa_s->ap_iface) {
pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
end - pos,
@@ -12087,6 +12087,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = -1;
} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
+#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
if (reply_len >= 0) {
@@ -12099,6 +12100,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_size - reply_len);
#endif /* CONFIG_MACSEC */
}
+#endif
} else if (os_strncmp(buf, "STATUS", 6) == 0) {
reply_len = wpa_supplicant_ctrl_iface_status(
wpa_s, buf + 6, reply, reply_size);
@@ -12587,6 +12589,7 @@ char * wpa_supplicant_ctrl_iface_process
reply_len = wpa_supplicant_ctrl_iface_bss(
wpa_s, buf + 4, reply, reply_size);
#ifdef CONFIG_AP
+#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strcmp(buf, "STA-FIRST") == 0) {
reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
} else if (os_strncmp(buf, "STA ", 4) == 0) {
@@ -12595,12 +12598,15 @@ char * wpa_supplicant_ctrl_iface_process
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
reply_size);
+#endif
+#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) {
if (ap_ctrl_iface_sta_deauthenticate(wpa_s, buf + 15))
reply_len = -1;
} else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
if (ap_ctrl_iface_sta_disassociate(wpa_s, buf + 13))
reply_len = -1;
+#endif
} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
if (ap_ctrl_iface_chanswitch(wpa_s, buf + 12))
reply_len = -1;
--- a/src/ap/ctrl_iface_ap.c
+++ b/src/ap/ctrl_iface_ap.c
@@ -26,6 +26,26 @@
#include "taxonomy.h"
#include "wnm_ap.h"
+static const char * hw_mode_str(enum hostapd_hw_mode mode)
+{
+ switch (mode) {
+ case HOSTAPD_MODE_IEEE80211B:
+ return "b";
+ case HOSTAPD_MODE_IEEE80211G:
+ return "g";
+ case HOSTAPD_MODE_IEEE80211A:
+ return "a";
+ case HOSTAPD_MODE_IEEE80211AD:
+ return "ad";
+ case HOSTAPD_MODE_IEEE80211ANY:
+ return "any";
+ case NUM_HOSTAPD_MODES:
+ return "invalid";
+ }
+ return "unknown";
+}
+
+#ifdef CONFIG_CTRL_IFACE_MIB
static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
size_t curr_len, const u8 *mcs_set)
@@ -212,26 +232,6 @@ static const char * timeout_next_str(int
}
-static const char * hw_mode_str(enum hostapd_hw_mode mode)
-{
- switch (mode) {
- case HOSTAPD_MODE_IEEE80211B:
- return "b";
- case HOSTAPD_MODE_IEEE80211G:
- return "g";
- case HOSTAPD_MODE_IEEE80211A:
- return "a";
- case HOSTAPD_MODE_IEEE80211AD:
- return "ad";
- case HOSTAPD_MODE_IEEE80211ANY:
- return "any";
- case NUM_HOSTAPD_MODES:
- return "invalid";
- }
- return "unknown";
-}
-
-
static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
struct sta_info *sta,
char *buf, size_t buflen)
@@ -493,6 +493,7 @@ int hostapd_ctrl_iface_sta_next(struct h
return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
}
+#endif
#ifdef CONFIG_P2P_MANAGER
static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
@@ -884,12 +885,12 @@ int hostapd_ctrl_iface_status(struct hos
return len;
len += ret;
}
-
+#ifdef CONFIG_CTRL_IFACE_MIB
if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
mode->mcs_set);
}
-
+#endif /* CONFIG_CTRL_IFACE_MIB */
if (iface->current_rates && iface->num_rates) {
ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
if (os_snprintf_error(buflen - len, ret))
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2834,6 +2834,7 @@ static const char * bool_txt(bool val)
return val ? "TRUE" : "FALSE";
}
+#ifdef CONFIG_CTRL_IFACE_MIB
int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
{
@@ -3020,6 +3021,7 @@ int ieee802_1x_get_mib_sta(struct hostap
return len;
}
+#endif
#ifdef CONFIG_HS20
static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -5328,6 +5328,7 @@ static const char * wpa_bool_txt(int val
return val ? "TRUE" : "FALSE";
}
+#ifdef CONFIG_CTRL_IFACE_MIB
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
@@ -5480,7 +5481,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
return len;
}
-
+#endif
void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
{
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -3834,6 +3834,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
}
+#ifdef CONFIG_CTRL_IFACE_MIB
+
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
@@ -3915,6 +3917,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
return (int) len;
}
+#endif
#endif /* CONFIG_CTRL_IFACE */
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -1499,7 +1499,7 @@ int wpas_ap_wps_nfc_report_handover(stru
#endif /* CONFIG_WPS */
-#ifdef CONFIG_CTRL_IFACE
+#if defined(CONFIG_CTRL_IFACE) && defined(CONFIG_CTRL_IFACE_MIB)
int ap_ctrl_iface_sta_first(struct wpa_supplicant *wpa_s,
char *buf, size_t buflen)

189
feeds/hostapd/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
View File

@@ -1,189 +0,0 @@
From 4bb69d15477e0f2b00e166845341dc933de47c58 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <ordex@autistici.org>
Date: Sun, 3 Jun 2012 18:22:56 +0200
Subject: [PATCHv2 601/602] wpa_supplicant: add new config params to be used
with the ibss join command
Signed-hostap: Antonio Quartulli <ordex@autistici.org>
---
src/drivers/driver.h | 6 +++
wpa_supplicant/config.c | 96 +++++++++++++++++++++++++++++++++++++++
wpa_supplicant/config_ssid.h | 6 +++
wpa_supplicant/wpa_supplicant.c | 23 +++++++---
4 files changed, 124 insertions(+), 7 deletions(-)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -19,6 +19,7 @@
#define WPA_SUPPLICANT_DRIVER_VERSION 4
+#include "ap/sta_info.h"
#include "common/defs.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_common.h"
@@ -953,6 +954,9 @@ struct wpa_driver_associate_params {
* responsible for selecting with which BSS to associate. */
const u8 *bssid;
+ unsigned char rates[WLAN_SUPP_RATES_MAX];
+ int mcast_rate;
+
/**
* bssid_hint - BSSID of a proposed AP
*
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -18,6 +18,7 @@
#include "eap_peer/eap.h"
#include "p2p/p2p.h"
#include "fst/fst.h"
+#include "ap/sta_info.h"
#include "config.h"
@@ -2389,6 +2390,97 @@ static char * wpa_config_write_mac_value
#endif /* NO_CONFIG_WRITE */
+static int wpa_config_parse_mcast_rate(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ ssid->mcast_rate = (int)(strtod(value, NULL) * 10);
+
+ return 0;
+}
+
+#ifndef NO_CONFIG_WRITE
+static char * wpa_config_write_mcast_rate(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ char *value;
+ int res;
+
+ if (!ssid->mcast_rate == 0)
+ return NULL;
+
+ value = os_malloc(6); /* longest: 300.0 */
+ if (value == NULL)
+ return NULL;
+ res = os_snprintf(value, 5, "%.1f", (double)ssid->mcast_rate / 10);
+ if (res < 0) {
+ os_free(value);
+ return NULL;
+ }
+ return value;
+}
+#endif /* NO_CONFIG_WRITE */
+
+static int wpa_config_parse_rates(const struct parse_data *data,
+ struct wpa_ssid *ssid, int line,
+ const char *value)
+{
+ int i;
+ char *pos, *r, *sptr, *end;
+ double rate;
+
+ pos = (char *)value;
+ r = strtok_r(pos, ",", &sptr);
+ i = 0;
+ while (pos && i < WLAN_SUPP_RATES_MAX) {
+ rate = 0.0;
+ if (r)
+ rate = strtod(r, &end);
+ ssid->rates[i] = rate * 2;
+ if (*end != '\0' || rate * 2 != ssid->rates[i])
+ return 1;
+
+ i++;
+ r = strtok_r(NULL, ",", &sptr);
+ }
+
+ return 0;
+}
+
+#ifndef NO_CONFIG_WRITE
+static char * wpa_config_write_rates(const struct parse_data *data,
+ struct wpa_ssid *ssid)
+{
+ char *value, *pos;
+ int res, i;
+
+ if (ssid->rates[0] <= 0)
+ return NULL;
+
+ value = os_malloc(6 * WLAN_SUPP_RATES_MAX + 1);
+ if (value == NULL)
+ return NULL;
+ pos = value;
+ for (i = 0; i < WLAN_SUPP_RATES_MAX - 1; i++) {
+ res = os_snprintf(pos, 6, "%.1f,", (double)ssid->rates[i] / 2);
+ if (res < 0) {
+ os_free(value);
+ return NULL;
+ }
+ pos += res;
+ }
+ res = os_snprintf(pos, 6, "%.1f",
+ (double)ssid->rates[WLAN_SUPP_RATES_MAX - 1] / 2);
+ if (res < 0) {
+ os_free(value);
+ return NULL;
+ }
+
+ value[6 * WLAN_SUPP_RATES_MAX] = '\0';
+ return value;
+}
+#endif /* NO_CONFIG_WRITE */
+
/* Helper macros for network block parser */
#ifdef OFFSET
@@ -2674,6 +2766,8 @@ static const struct parse_data ssid_fiel
{ INT(ap_max_inactivity) },
{ INT(dtim_period) },
{ INT(beacon_int) },
+ { FUNC(rates) },
+ { FUNC(mcast_rate) },
#ifdef CONFIG_MACSEC
{ INT_RANGE(macsec_policy, 0, 1) },
{ INT_RANGE(macsec_integ_only, 0, 1) },
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -10,8 +10,10 @@
#define CONFIG_SSID_H
#include "common/defs.h"
+#include "ap/sta_info.h"
#include "utils/list.h"
#include "eap_peer/eap_config.h"
+#include "drivers/nl80211_copy.h"
#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
@@ -879,6 +881,9 @@ struct wpa_ssid {
*/
void *parent_cred;
+ unsigned char rates[WLAN_SUPP_RATES_MAX];
+ double mcast_rate;
+
#ifdef CONFIG_MACSEC
/**
* macsec_policy - Determines the policy for MACsec secure session
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -4175,6 +4175,12 @@ static void wpas_start_assoc_cb(struct w
params.beacon_int = ssid->beacon_int;
else
params.beacon_int = wpa_s->conf->beacon_int;
+ int i = 0;
+ while (i < WLAN_SUPP_RATES_MAX) {
+ params.rates[i] = ssid->rates[i];
+ i++;
+ }
+ params.mcast_rate = ssid->mcast_rate;
}
if (bss && ssid->enable_edmg)

68
feeds/hostapd/hostapd/patches/463-add-mcast_rate-to-11s.patch
View File

@@ -1,68 +0,0 @@
From: Sven Eckelmann <sven.eckelmann@openmesh.com>
Date: Thu, 11 May 2017 08:21:45 +0200
Subject: [PATCH] set mcast_rate in mesh mode
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.
This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -1827,6 +1827,7 @@ struct wpa_driver_mesh_join_params {
#define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
unsigned int flags;
bool handle_dfs;
+ int mcast_rate;
};
struct wpa_driver_set_key_params {
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -11667,6 +11667,18 @@ static int nl80211_put_mesh_id(struct nl
}
+static int nl80211_put_mcast_rate(struct nl_msg *msg, int mcast_rate)
+{
+ if (mcast_rate > 0) {
+ wpa_printf(MSG_DEBUG, " * mcast_rate=%.1f",
+ (double)mcast_rate / 10);
+ return nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, mcast_rate);
+ }
+
+ return 0;
+}
+
+
static int nl80211_put_mesh_config(struct nl_msg *msg,
struct wpa_driver_mesh_bss_params *params)
{
@@ -11728,6 +11740,7 @@ static int nl80211_join_mesh(struct i802
nl80211_put_basic_rates(msg, params->basic_rates) ||
nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
nl80211_put_beacon_int(msg, params->beacon_int) ||
+ nl80211_put_mcast_rate(msg, params->mcast_rate) ||
nl80211_put_dtim_period(msg, params->dtim_period))
goto fail;
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -632,6 +632,7 @@ int wpa_supplicant_join_mesh(struct wpa_
params->meshid = ssid->ssid;
params->meshid_len = ssid->ssid_len;
+ params->mcast_rate = ssid->mcast_rate;
ibss_mesh_setup_freq(wpa_s, ssid, &params->freq);
wpa_s->mesh_ht_enabled = !!params->freq.ht_enabled;
wpa_s->mesh_vht_enabled = !!params->freq.vht_enabled;

13
feeds/hostapd/hostapd/patches/464-fix-mesh-obss-check.patch
View File

@@ -1,13 +0,0 @@
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -3040,6 +3040,10 @@ void ibss_mesh_setup_freq(struct wpa_sup
freq->freq = ssid->frequency;
+ if (ssid->fixed_freq) {
+ obss_scan = 0;
+ }
+
if (ssid->mode == WPAS_MODE_IBSS && !ssid->fixed_freq) {
struct wpa_bss *bss = ibss_find_existing_bss(wpa_s, ssid);

24
feeds/hostapd/hostapd/patches/465-hostapd-config-support-random-BSS-color.patch
View File

@@ -1,24 +0,0 @@
From c9304d3303d563ad6d2619f4e07864ed12f96889 Mon Sep 17 00:00:00 2001
From: David Bauer <mail@david-bauer.net>
Date: Sat, 14 May 2022 21:41:03 +0200
Subject: [PATCH] hostapd: config: support random BSS color
Configure the HE BSS color to a random value in case the config defines
a BSS color which exceeds the max BSS color (63).
Signed-off-by: David Bauer <mail@david-bauer.net>
---
hostapd/config_file.c | 2 ++
1 file changed, 2 insertions(+)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3500,6 +3500,8 @@ static int hostapd_config_fill(struct ho
} else if (os_strcmp(buf, "he_bss_color") == 0) {
conf->he_op.he_bss_color = atoi(pos) & 0x3f;
conf->he_op.he_bss_color_disabled = 0;
+ if (atoi(pos) > 63)
+ conf->he_op.he_bss_color = os_random() % 63 + 1;
} else if (os_strcmp(buf, "he_bss_color_partial") == 0) {
conf->he_op.he_bss_color_partial = atoi(pos);
} else if (os_strcmp(buf, "he_default_pe_duration") == 0) {

738
feeds/hostapd/hostapd/patches/600-ubus_support.patch
View File

@@ -1,738 +0,0 @@
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -166,6 +166,12 @@ OBJS += ../src/common/hw_features_common
OBJS += ../src/eapol_auth/eapol_auth_sm.o
+ifdef CONFIG_UBUS
+CFLAGS += -DUBUS_SUPPORT
+OBJS += ../src/utils/uloop.o
+OBJS += ../src/ap/ubus.o
+LIBS += -lubox -lubus
+endif
ifdef CONFIG_CODE_COVERAGE
CFLAGS += -O0 -fprofile-arcs -ftest-coverage
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -18,6 +18,7 @@
#include "utils/list.h"
#include "ap_config.h"
#include "drivers/driver.h"
+#include "ubus.h"
#define OCE_STA_CFON_ENABLED(hapd) \
((hapd->conf->oce & OCE_STA_CFON) && \
@@ -184,6 +185,7 @@ struct hostapd_data {
struct hostapd_iface *iface;
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
+ struct hostapd_ubus_bss ubus;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
@@ -695,6 +697,7 @@ hostapd_alloc_bss_data(struct hostapd_if
struct hostapd_bss_config *bss);
int hostapd_setup_interface(struct hostapd_iface *iface);
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
+void hostapd_set_own_neighbor_report(struct hostapd_data *hapd);
void hostapd_interface_deinit(struct hostapd_iface *iface);
void hostapd_interface_free(struct hostapd_iface *iface);
struct hostapd_iface * hostapd_alloc_iface(void);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -435,6 +435,7 @@ void hostapd_free_hapd_data(struct hosta
hapd->beacon_set_done = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
+ hostapd_ubus_free_bss(hapd);
accounting_deinit(hapd);
hostapd_deinit_wpa(hapd);
vlan_deinit(hapd);
@@ -1187,6 +1188,8 @@ static int hostapd_start_beacon(struct h
if (hapd->driver && hapd->driver->set_operstate)
hapd->driver->set_operstate(hapd->drv_priv, 1);
+ hostapd_ubus_add_bss(hapd);
+
return 0;
}
@@ -2275,6 +2278,7 @@ static int hostapd_setup_interface_compl
if (err)
goto fail;
+ hostapd_ubus_add_iface(iface);
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (iface->freq) {
#ifdef NEED_AP_MLME
@@ -2494,6 +2498,7 @@ dfs_offload:
fail:
wpa_printf(MSG_ERROR, "Interface initialization failed");
+ hostapd_ubus_free_iface(iface);
if (iface->is_no_ir) {
hostapd_set_state(iface, HAPD_IFACE_NO_IR);
@@ -2984,6 +2989,7 @@ void hostapd_interface_deinit_free(struc
(unsigned int) iface->conf->num_bss);
driver = iface->bss[0]->driver;
drv_priv = iface->bss[0]->drv_priv;
+ hostapd_ubus_free_iface(iface);
hostapd_interface_deinit(iface);
wpa_printf(MSG_DEBUG, "%s: driver=%p drv_priv=%p -> hapd_deinit",
__func__, driver, drv_priv);
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -2786,7 +2786,7 @@ static void handle_auth(struct hostapd_d
u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS;
struct sta_info *sta = NULL;
- int res, reply_res;
+ int res, reply_res, ubus_resp;
u16 fc;
const u8 *challenge = NULL;
u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
@@ -2795,6 +2795,11 @@ static void handle_auth(struct hostapd_d
struct radius_sta rad_info;
const u8 *dst, *sa, *bssid;
bool mld_sta = false;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_AUTH_REQ,
+ .mgmt_frame = mgmt,
+ .ssi_signal = rssi,
+ };
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
@@ -2986,6 +2991,13 @@ static void handle_auth(struct hostapd_d
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
+ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+ if (0 && ubus_resp) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
if (res == HOSTAPD_ACL_PENDING)
return;
@@ -5161,7 +5173,7 @@ static void handle_assoc(struct hostapd_
int resp = WLAN_STATUS_SUCCESS;
u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
const u8 *pos;
- int left, i;
+ int left, i, ubus_resp;
struct sta_info *sta;
u8 *tmp = NULL;
#ifdef CONFIG_FILS
@@ -5374,6 +5386,11 @@ static void handle_assoc(struct hostapd_
left = res;
}
#endif /* CONFIG_FILS */
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_ASSOC_REQ,
+ .mgmt_frame = mgmt,
+ .ssi_signal = rssi,
+ };
/* followed by SSID and Supported rates; and HT capabilities if 802.11n
* is used */
@@ -5472,6 +5489,13 @@ static void handle_assoc(struct hostapd_
}
#endif /* CONFIG_FILS */
+ ubus_resp = hostapd_ubus_handle_event(hapd, &req);
+ if (0 && ubus_resp) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
+ goto fail;
+ }
fail:
/*
@@ -5753,6 +5777,7 @@ static void handle_disassoc(struct hosta
(unsigned long) len);
return;
}
+ hostapd_ubus_notify(hapd, "disassoc", mgmt->sa);
sta = ap_get_sta(hapd, mgmt->sa);
if (!sta) {
@@ -5784,6 +5809,8 @@ static void handle_deauth(struct hostapd
/* Clear the PTKSA cache entries for PASN */
ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
+ hostapd_ubus_notify(hapd, "deauth", mgmt->sa);
+
sta = ap_get_sta(hapd, mgmt->sa);
if (!sta) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1036,6 +1036,12 @@ void handle_probe_req(struct hostapd_dat
u16 csa_offs[2];
size_t csa_offs_len;
struct radius_sta rad_info;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_PROBE_REQ,
+ .mgmt_frame = mgmt,
+ .ssi_signal = ssi_signal,
+ .elems = &elems,
+ };
if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
ssi_signal < hapd->iconf->rssi_ignore_probe_request)
@@ -1222,6 +1228,12 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
+ if (hostapd_ubus_handle_event(hapd, &req)) {
+ wpa_printf(MSG_DEBUG, "Probe request for " MACSTR " rejected by ubus handler.\n",
+ MAC2STR(mgmt->sa));
+ return;
+ }
+
/* TODO: verify that supp_rates contains at least one matching rate
* with AP configuration */
--- a/src/ap/drv_callbacks.c
+++ b/src/ap/drv_callbacks.c
@@ -260,6 +260,10 @@ int hostapd_notif_assoc(struct hostapd_d
u16 reason = WLAN_REASON_UNSPECIFIED;
int status = WLAN_STATUS_SUCCESS;
const u8 *p2p_dev_addr = NULL;
+ struct hostapd_ubus_request req = {
+ .type = HOSTAPD_UBUS_ASSOC_REQ,
+ .addr = addr,
+ };
if (addr == NULL) {
/*
@@ -396,6 +400,12 @@ int hostapd_notif_assoc(struct hostapd_d
goto fail;
}
+ if (hostapd_ubus_handle_event(hapd, &req)) {
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
+ MAC2STR(req.addr));
+ goto fail;
+ }
+
#ifdef CONFIG_P2P
if (elems.p2p) {
wpabuf_free(sta->p2p_ie);
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -471,6 +471,7 @@ void ap_handle_timer(void *eloop_ctx, vo
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"local deauth request");
+ hostapd_ubus_notify(hapd, "local-deauth", sta->addr);
ap_free_sta(hapd, sta);
return;
}
@@ -626,6 +627,7 @@ skip_poll:
mlme_deauthenticate_indication(
hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
+ hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr);
ap_free_sta(hapd, sta);
break;
}
@@ -1344,15 +1346,28 @@ void ap_sta_set_authorized(struct hostap
sta->addr, authorized, dev_addr);
if (authorized) {
+ static const char * const auth_algs[] = {
+ [WLAN_AUTH_OPEN] = "open",
+ [WLAN_AUTH_SHARED_KEY] = "shared",
+ [WLAN_AUTH_FT] = "ft",
+ [WLAN_AUTH_SAE] = "sae",
+ [WLAN_AUTH_FILS_SK] = "fils-sk",
+ [WLAN_AUTH_FILS_SK_PFS] = "fils-sk-pfs",
+ [WLAN_AUTH_FILS_PK] = "fils-pk",
+ [WLAN_AUTH_PASN] = "pasn",
+ };
+ const char *auth_alg = NULL;
const u8 *dpp_pkhash;
const char *keyid;
char dpp_pkhash_buf[100];
char keyid_buf[100];
char ip_addr[100];
+ char alg_buf[100];
dpp_pkhash_buf[0] = '\0';
keyid_buf[0] = '\0';
ip_addr[0] = '\0';
+ alg_buf[0] = '\0';
#ifdef CONFIG_P2P
if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
os_snprintf(ip_addr, sizeof(ip_addr),
@@ -1362,6 +1377,13 @@ void ap_sta_set_authorized(struct hostap
}
#endif /* CONFIG_P2P */
+ if (sta->auth_alg < ARRAY_SIZE(auth_algs))
+ auth_alg = auth_algs[sta->auth_alg];
+
+ if (auth_alg)
+ os_snprintf(alg_buf, sizeof(alg_buf),
+ " auth_alg=%s", auth_alg);
+
keyid = ap_sta_wpa_get_keyid(hapd, sta);
if (keyid) {
os_snprintf(keyid_buf, sizeof(keyid_buf),
@@ -1380,17 +1402,19 @@ void ap_sta_set_authorized(struct hostap
dpp_pkhash, SHA256_MAC_LEN);
}
- wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
- buf, ip_addr, keyid_buf, dpp_pkhash_buf);
+ hostapd_ubus_notify_authorized(hapd, sta);
+ wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
+ buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
if (hapd->msg_ctx_parent &&
hapd->msg_ctx_parent != hapd->msg_ctx)
wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
- AP_STA_CONNECTED "%s%s%s%s",
+ AP_STA_CONNECTED "%s%s%s%s%s",
buf, ip_addr, keyid_buf,
- dpp_pkhash_buf);
+ dpp_pkhash_buf, alg_buf);
} else {
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
+ hostapd_ubus_notify(hapd, "disassoc", sta->addr);
if (hapd->msg_ctx_parent &&
hapd->msg_ctx_parent != hapd->msg_ctx)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -269,6 +269,7 @@ static void hostapd_wpa_auth_psk_failure
struct hostapd_data *hapd = ctx;
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
MAC2STR(addr));
+ hostapd_ubus_notify(hapd, "key-mismatch", addr);
}
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -192,6 +192,13 @@ ifdef CONFIG_EAPOL_TEST
CFLAGS += -Werror -DEAPOL_TEST
endif
+ifdef CONFIG_UBUS
+CFLAGS += -DUBUS_SUPPORT
+OBJS += ubus.o
+OBJS += ../src/utils/uloop.o
+LIBS += -lubox -lubus
+endif
+
ifdef CONFIG_CODE_COVERAGE
CFLAGS += -O0 -fprofile-arcs -ftest-coverage
LIBS += -lgcov
@@ -987,6 +994,9 @@ ifdef CONFIG_CTRL_IFACE_MIB
CFLAGS += -DCONFIG_CTRL_IFACE_MIB
endif
OBJS += ../src/ap/ctrl_iface_ap.o
+ifdef CONFIG_UBUS
+OBJS += ../src/ap/ubus.o
+endif
endif
CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -7593,6 +7593,8 @@ struct wpa_supplicant * wpa_supplicant_a
}
#endif /* CONFIG_P2P */
+ wpas_ubus_add_bss(wpa_s);
+
return wpa_s;
}
@@ -7619,6 +7621,8 @@ int wpa_supplicant_remove_iface(struct w
struct wpa_supplicant *parent = wpa_s->parent;
#endif /* CONFIG_MESH */
+ wpas_ubus_free_bss(wpa_s);
+
/* Remove interface from the global list of interfaces */
prev = global->ifaces;
if (prev == wpa_s) {
@@ -7965,8 +7969,12 @@ int wpa_supplicant_run(struct wpa_global
eloop_register_signal_terminate(wpa_supplicant_terminate, global);
eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
+ wpas_ubus_add(global);
+
eloop_run();
+ wpas_ubus_free(global);
+
return 0;
}
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -21,6 +21,7 @@
#include "config_ssid.h"
#include "wmm_ac.h"
#include "pasn/pasn_common.h"
+#include "ubus.h"
extern const char *const wpa_supplicant_version;
extern const char *const wpa_supplicant_license;
@@ -319,6 +320,8 @@ struct wpa_global {
#endif /* CONFIG_WIFI_DISPLAY */
struct psk_list_entry *add_psk; /* From group formation */
+
+ struct ubus_object ubus_global;
};
@@ -685,6 +688,7 @@ struct wpa_supplicant {
unsigned char own_addr[ETH_ALEN];
unsigned char perm_addr[ETH_ALEN];
char ifname[100];
+ struct wpas_ubus_bss ubus;
#ifdef CONFIG_MATCH_IFACE
int matched;
#endif /* CONFIG_MATCH_IFACE */
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -33,6 +33,7 @@
#include "p2p/p2p.h"
#include "p2p_supplicant.h"
#include "wps_supplicant.h"
+#include "ubus.h"
#ifndef WPS_PIN_SCAN_IGNORE_SEL_REG
@@ -402,6 +403,8 @@ static int wpa_supplicant_wps_cred(void
wpa_hexdump_key(MSG_DEBUG, "WPS: Received Credential attribute",
cred->cred_attr, cred->cred_attr_len);
+ wpas_ubus_notify(wpa_s, cred);
+
if (wpa_s->conf->wps_cred_processing == 1)
return 0;
--- a/wpa_supplicant/main.c
+++ b/wpa_supplicant/main.c
@@ -203,7 +203,7 @@ int main(int argc, char *argv[])
for (;;) {
c = getopt(argc, argv,
- "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuv::W");
+ "b:Bc:C:D:de:f:g:G:hi:I:KLMm:nNo:O:p:P:qsTtuv::W");
if (c < 0)
break;
switch (c) {
@@ -268,6 +268,9 @@ int main(int argc, char *argv[])
params.conf_p2p_dev = optarg;
break;
#endif /* CONFIG_P2P */
+ case 'n':
+ iface_count = 0;
+ break;
case 'o':
params.override_driver = optarg;
break;
--- a/src/ap/rrm.c
+++ b/src/ap/rrm.c
@@ -89,6 +89,9 @@ static void hostapd_handle_beacon_report
return;
wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_RESP_RX MACSTR " %u %02x %s",
MAC2STR(addr), token, rep_mode, report);
+ if (len < sizeof(struct rrm_measurement_beacon_report))
+ return;
+ hostapd_ubus_notify_beacon_report(hapd, addr, token, rep_mode, (struct rrm_measurement_beacon_report*) pos, len);
}
--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
@@ -22,6 +22,7 @@
static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
int existsok)
{
+ bool vlan_exists = iface_exists(vlan->ifname);
int ret;
#ifdef CONFIG_WEP
int i;
@@ -36,7 +37,7 @@ static int vlan_if_add(struct hostapd_da
}
#endif /* CONFIG_WEP */
- if (!iface_exists(vlan->ifname))
+ if (!vlan_exists)
ret = hostapd_vlan_if_add(hapd, vlan->ifname);
else if (!existsok)
return -1;
@@ -51,6 +52,9 @@ static int vlan_if_add(struct hostapd_da
if (hapd->wpa_auth)
ret = wpa_auth_ensure_group(hapd->wpa_auth, vlan->vlan_id);
+ if (!ret && !vlan_exists)
+ hostapd_ubus_add_vlan(hapd, vlan);
+
if (ret == 0)
return ret;
@@ -77,6 +81,8 @@ int vlan_if_remove(struct hostapd_data *
"WPA deinitialization for VLAN %d failed (%d)",
vlan->vlan_id, ret);
+ hostapd_ubus_remove_vlan(hapd, vlan);
+
return hostapd_vlan_if_remove(hapd, vlan->ifname);
}
--- a/src/ap/dfs.c
+++ b/src/ap/dfs.c
@@ -1216,6 +1216,8 @@ int hostapd_dfs_pre_cac_expired(struct h
"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
+ hostapd_ubus_notify_radar_detected(iface, freq, chan_width, cf1, cf2);
+
/* Proceed only if DFS is not offloaded to the driver */
if (iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD)
return 0;
--- a/src/ap/airtime_policy.c
+++ b/src/ap/airtime_policy.c
@@ -112,8 +112,14 @@ static void set_sta_weights(struct hosta
{
struct sta_info *sta;
- for (sta = hapd->sta_list; sta; sta = sta->next)
- sta_set_airtime_weight(hapd, sta, weight);
+ for (sta = hapd->sta_list; sta; sta = sta->next) {
+ unsigned int sta_weight = weight;
+
+ if (sta->dyn_airtime_weight)
+ sta_weight = (weight * sta->dyn_airtime_weight) / 256;
+
+ sta_set_airtime_weight(hapd, sta, sta_weight);
+ }
}
@@ -244,7 +250,10 @@ int airtime_policy_new_sta(struct hostap
unsigned int weight;
if (hapd->iconf->airtime_mode == AIRTIME_MODE_STATIC) {
- weight = get_weight_for_sta(hapd, sta->addr);
+ if (sta->dyn_airtime_weight)
+ weight = sta->dyn_airtime_weight;
+ else
+ weight = get_weight_for_sta(hapd, sta->addr);
if (weight)
return sta_set_airtime_weight(hapd, sta, weight);
}
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -322,6 +322,7 @@ struct sta_info {
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_AIRTIME_POLICY
unsigned int airtime_weight;
+ unsigned int dyn_airtime_weight;
struct os_reltime backlogged_until;
#endif /* CONFIG_AIRTIME_POLICY */
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c
@@ -455,7 +455,8 @@ static void ieee802_11_rx_bss_trans_mgmt
MAC2STR(addr), reason, hex ? " neighbor=" : "", hex);
os_free(hex);
- ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
+ if (!hostapd_ubus_notify_bss_transition_query(hapd, addr, dialog_token, reason, pos, end - pos))
+ ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
}
@@ -477,7 +478,7 @@ static void ieee802_11_rx_bss_trans_mgmt
size_t len)
{
u8 dialog_token, status_code, bss_termination_delay;
- const u8 *pos, *end;
+ const u8 *pos, *end, *target_bssid = NULL;
int enabled = hapd->conf->bss_transition;
struct sta_info *sta;
@@ -524,6 +525,7 @@ static void ieee802_11_rx_bss_trans_mgmt
wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field");
return;
}
+ target_bssid = pos;
sta->agreed_to_steer = 1;
eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
@@ -543,6 +545,10 @@ static void ieee802_11_rx_bss_trans_mgmt
MAC2STR(addr), status_code, bss_termination_delay);
}
+ hostapd_ubus_notify_bss_transition_response(hapd, sta->addr, dialog_token,
+ status_code, bss_termination_delay,
+ target_bssid, pos, end - pos);
+
wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
pos, end - pos);
}
--- a/src/utils/eloop.c
+++ b/src/utils/eloop.c
@@ -77,6 +77,9 @@ struct eloop_sock_table {
struct eloop_data {
int max_sock;
+ eloop_timeout_poll_handler timeout_poll_cb;
+ eloop_poll_handler poll_cb;
+
size_t count; /* sum of all table counts */
#ifdef CONFIG_ELOOP_POLL
size_t max_pollfd_map; /* number of pollfds_map currently allocated */
@@ -1121,6 +1124,12 @@ void eloop_run(void)
os_reltime_sub(&timeout->time, &now, &tv);
else
tv.sec = tv.usec = 0;
+ }
+
+ if (eloop.timeout_poll_cb && eloop.timeout_poll_cb(&tv, !!timeout))
+ timeout = (void *)1;
+
+ if (timeout) {
#if defined(CONFIG_ELOOP_POLL) || defined(CONFIG_ELOOP_EPOLL)
timeout_ms = tv.sec * 1000 + tv.usec / 1000;
#endif /* defined(CONFIG_ELOOP_POLL) || defined(CONFIG_ELOOP_EPOLL) */
@@ -1190,7 +1199,8 @@ void eloop_run(void)
eloop.exceptions.changed = 0;
eloop_process_pending_signals();
-
+ if (eloop.poll_cb)
+ eloop.poll_cb();
/* check if some registered timeouts have occurred */
timeout = dl_list_first(&eloop.timeout, struct eloop_timeout,
@@ -1252,6 +1262,14 @@ out:
return;
}
+int eloop_register_cb(eloop_poll_handler poll_cb,
+ eloop_timeout_poll_handler timeout_cb)
+{
+ eloop.poll_cb = poll_cb;
+ eloop.timeout_poll_cb = timeout_cb;
+
+ return 0;
+}
void eloop_terminate(void)
{
--- a/src/utils/eloop.h
+++ b/src/utils/eloop.h
@@ -65,6 +65,9 @@ typedef void (*eloop_timeout_handler)(vo
*/
typedef void (*eloop_signal_handler)(int sig, void *signal_ctx);
+typedef bool (*eloop_timeout_poll_handler)(struct os_reltime *tv, bool tv_set);
+typedef void (*eloop_poll_handler)(void);
+
/**
* eloop_init() - Initialize global event loop data
* Returns: 0 on success, -1 on failure
@@ -73,6 +76,9 @@ typedef void (*eloop_signal_handler)(int
*/
int eloop_init(void);
+int eloop_register_cb(eloop_poll_handler poll_cb,
+ eloop_timeout_poll_handler timeout_cb);
+
/**
* eloop_register_read_sock - Register handler for read events
* @sock: File descriptor number for the socket
@@ -320,6 +326,8 @@ int eloop_register_signal_reconfig(eloop
*/
int eloop_sock_requeue(void);
+void eloop_add_uloop(void);
+
/**
* eloop_run - Start the event loop
*
--- /dev/null
+++ b/src/utils/uloop.c
@@ -0,0 +1,64 @@
+#include <libubox/uloop.h>
+#include "includes.h"
+#include "common.h"
+#include "eloop.h"
+
+static void eloop_uloop_event_cb(int sock, void *eloop_ctx, void *sock_ctx)
+{
+}
+
+static void eloop_uloop_fd_cb(struct uloop_fd *fd, unsigned int events)
+{
+ unsigned int changed = events ^ fd->flags;
+
+ if (changed & ULOOP_READ) {
+ if (events & ULOOP_READ)
+ eloop_register_sock(fd->fd, EVENT_TYPE_READ, eloop_uloop_event_cb, fd, fd);
+ else
+ eloop_unregister_sock(fd->fd, EVENT_TYPE_READ);
+ }
+
+ if (changed & ULOOP_WRITE) {
+ if (events & ULOOP_WRITE)
+ eloop_register_sock(fd->fd, EVENT_TYPE_WRITE, eloop_uloop_event_cb, fd, fd);
+ else
+ eloop_unregister_sock(fd->fd, EVENT_TYPE_WRITE);
+ }
+}
+
+static bool uloop_timeout_poll_handler(struct os_reltime *tv, bool tv_set)
+{
+ struct os_reltime tv_uloop;
+ int timeout_ms = uloop_get_next_timeout();
+
+ if (timeout_ms < 0)
+ return false;
+
+ tv_uloop.sec = timeout_ms / 1000;
+ tv_uloop.usec = (timeout_ms % 1000) * 1000;
+
+ if (!tv_set || os_reltime_before(&tv_uloop, tv)) {
+ *tv = tv_uloop;
+ return true;
+ }
+
+ return false;
+}
+
+static void uloop_poll_handler(void)
+{
+ uloop_run_timeout(0);
+}
+
+void eloop_add_uloop(void)
+{
+ static bool init_done = false;
+
+ if (!init_done) {
+ uloop_init();
+ uloop_fd_set_cb = eloop_uloop_fd_cb;
+ init_done = true;
+ }
+
+ eloop_register_cb(uloop_poll_handler, uloop_timeout_poll_handler);
+}

723
feeds/hostapd/hostapd/patches/601-ucode_support.patch
View File

@@ -1,723 +0,0 @@
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -168,9 +168,21 @@ OBJS += ../src/eapol_auth/eapol_auth_sm.
ifdef CONFIG_UBUS
CFLAGS += -DUBUS_SUPPORT
-OBJS += ../src/utils/uloop.o
OBJS += ../src/ap/ubus.o
-LIBS += -lubox -lubus
+LIBS += -lubus
+NEED_ULOOP:=y
+endif
+
+ifdef CONFIG_UCODE
+CFLAGS += -DUCODE_SUPPORT
+OBJS += ../src/utils/ucode.o
+OBJS += ../src/ap/ucode.o
+NEED_ULOOP:=y
+endif
+
+ifdef NEED_ULOOP
+OBJS += ../src/utils/uloop.o
+LIBS += -lubox
endif
ifdef CONFIG_CODE_COVERAGE
--- a/hostapd/main.c
+++ b/hostapd/main.c
@@ -1007,6 +1007,7 @@ int main(int argc, char *argv[])
}
hostapd_global_ctrl_iface_init(&interfaces);
+ hostapd_ucode_init(&interfaces);
if (hostapd_global_run(&interfaces, daemonize, pid_file)) {
wpa_printf(MSG_ERROR, "Failed to start eloop");
@@ -1016,6 +1017,7 @@ int main(int argc, char *argv[])
ret = 0;
out:
+ hostapd_ucode_free();
hostapd_global_ctrl_iface_deinit(&interfaces);
/* Deinitialize all interfaces */
for (i = 0; i < interfaces.count; i++) {
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -19,6 +19,7 @@
#include "ap_config.h"
#include "drivers/driver.h"
#include "ubus.h"
+#include "ucode.h"
#define OCE_STA_CFON_ENABLED(hapd) \
((hapd->conf->oce & OCE_STA_CFON) && \
@@ -51,6 +52,10 @@ struct hapd_interfaces {
struct hostapd_config * (*config_read_cb)(const char *config_fname);
int (*ctrl_iface_init)(struct hostapd_data *hapd);
void (*ctrl_iface_deinit)(struct hostapd_data *hapd);
+ int (*ctrl_iface_recv)(struct hostapd_data *hapd,
+ char *buf, char *reply, int reply_size,
+ struct sockaddr_storage *from,
+ socklen_t fromlen);
int (*for_each_interface)(struct hapd_interfaces *interfaces,
int (*cb)(struct hostapd_iface *iface,
void *ctx), void *ctx);
@@ -186,6 +191,7 @@ struct hostapd_data {
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
struct hostapd_ubus_bss ubus;
+ struct hostapd_ucode_bss ucode;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
@@ -506,6 +512,7 @@ struct hostapd_sta_info {
*/
struct hostapd_iface {
struct hapd_interfaces *interfaces;
+ struct hostapd_ucode_iface ucode;
void *owner;
char *config_fname;
struct hostapd_config *conf;
@@ -706,6 +713,8 @@ struct hostapd_iface * hostapd_init(stru
struct hostapd_iface *
hostapd_interface_init_bss(struct hapd_interfaces *interfaces, const char *phy,
const char *config_fname, int debug);
+int hostapd_setup_bss(struct hostapd_data *hapd, int first, bool start_beacon);
+void hostapd_bss_deinit(struct hostapd_data *hapd);
void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
int reassoc);
void hostapd_interface_deinit_free(struct hostapd_iface *iface);
@@ -732,6 +741,7 @@ hostapd_switch_channel_fallback(struct h
void hostapd_cleanup_cs_params(struct hostapd_data *hapd);
void hostapd_periodic_iface(struct hostapd_iface *iface);
int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
+void hostapd_owe_update_trans(struct hostapd_iface *iface);
void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
void hostapd_switch_color(struct hostapd_data *hapd, u64 bitmap);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -252,6 +252,8 @@ int hostapd_reload_config(struct hostapd
struct hostapd_config *newconf, *oldconf;
size_t j;
+ hostapd_ucode_reload_bss(hapd);
+
if (iface->config_fname == NULL) {
/* Only in-memory config in use - assume it has been updated */
hostapd_clear_old(iface);
@@ -435,6 +437,7 @@ void hostapd_free_hapd_data(struct hosta
hapd->beacon_set_done = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
+ hostapd_ucode_free_bss(hapd);
hostapd_ubus_free_bss(hapd);
accounting_deinit(hapd);
hostapd_deinit_wpa(hapd);
@@ -538,7 +541,7 @@ void hostapd_free_hapd_data(struct hosta
* Most of the modules that are initialized in hostapd_setup_bss() are
* deinitialized here.
*/
-static void hostapd_cleanup(struct hostapd_data *hapd)
+void hostapd_cleanup(struct hostapd_data *hapd)
{
wpa_printf(MSG_DEBUG, "%s(hapd=%p (%s))", __func__, hapd,
hapd->conf ? hapd->conf->iface : "N/A");
@@ -600,6 +603,7 @@ void hostapd_cleanup_iface_partial(struc
static void hostapd_cleanup_iface(struct hostapd_iface *iface)
{
wpa_printf(MSG_DEBUG, "%s(%p)", __func__, iface);
+ hostapd_ucode_free_iface(iface);
eloop_cancel_timeout(hostapd_interface_setup_failure_handler, iface,
NULL);
@@ -1189,6 +1193,7 @@ static int hostapd_start_beacon(struct h
hapd->driver->set_operstate(hapd->drv_priv, 1);
hostapd_ubus_add_bss(hapd);
+ hostapd_ucode_add_bss(hapd);
return 0;
}
@@ -1211,7 +1216,7 @@ static int hostapd_start_beacon(struct h
* initialized. Most of the modules that are initialized here will be
* deinitialized in hostapd_cleanup().
*/
-static int hostapd_setup_bss(struct hostapd_data *hapd, int first,
+int hostapd_setup_bss(struct hostapd_data *hapd, int first,
bool start_beacon)
{
struct hostapd_bss_config *conf = hapd->conf;
@@ -2237,7 +2242,7 @@ static int hostapd_owe_iface_iter2(struc
#endif /* CONFIG_OWE */
-static void hostapd_owe_update_trans(struct hostapd_iface *iface)
+void hostapd_owe_update_trans(struct hostapd_iface *iface)
{
#ifdef CONFIG_OWE
/* Check whether the enabled BSS can complete OWE transition mode
@@ -2698,7 +2703,7 @@ hostapd_alloc_bss_data(struct hostapd_if
}
-static void hostapd_bss_deinit(struct hostapd_data *hapd)
+void hostapd_bss_deinit(struct hostapd_data *hapd)
{
if (!hapd)
return;
@@ -3491,7 +3496,8 @@ int hostapd_remove_iface(struct hapd_int
hapd_iface = interfaces->iface[i];
if (hapd_iface == NULL)
return -1;
- if (!os_strcmp(hapd_iface->conf->bss[0]->iface, buf)) {
+ if (!os_strcmp(hapd_iface->phy, buf) ||
+ !os_strcmp(hapd_iface->conf->bss[0]->iface, buf)) {
wpa_printf(MSG_INFO, "Remove interface '%s'", buf);
hapd_iface->driver_ap_teardown =
!!(hapd_iface->drv_flags &
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -195,8 +195,20 @@ endif
ifdef CONFIG_UBUS
CFLAGS += -DUBUS_SUPPORT
OBJS += ubus.o
+LIBS += -lubus
+NEED_ULOOP:=y
+endif
+
+ifdef CONFIG_UCODE
+CFLAGS += -DUCODE_SUPPORT
+OBJS += ../src/utils/ucode.o
+OBJS += ucode.o
+NEED_ULOOP:=y
+endif
+
+ifdef NEED_ULOOP
OBJS += ../src/utils/uloop.o
-LIBS += -lubox -lubus
+LIBS += -lubox
endif
ifdef CONFIG_CODE_COVERAGE
@@ -997,6 +1009,9 @@ OBJS += ../src/ap/ctrl_iface_ap.o
ifdef CONFIG_UBUS
OBJS += ../src/ap/ubus.o
endif
+ifdef CONFIG_UCODE
+OBJS += ../src/ap/ucode.o
+endif
endif
CFLAGS += -DEAP_SERVER -DEAP_SERVER_IDENTITY
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1044,6 +1044,7 @@ void wpa_supplicant_set_state(struct wpa
sme_sched_obss_scan(wpa_s, 0);
}
wpa_s->wpa_state = state;
+ wpas_ucode_update_state(wpa_s);
#ifdef CONFIG_BGSCAN
if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid)
@@ -7594,6 +7595,7 @@ struct wpa_supplicant * wpa_supplicant_a
#endif /* CONFIG_P2P */
wpas_ubus_add_bss(wpa_s);
+ wpas_ucode_add_bss(wpa_s);
return wpa_s;
}
@@ -7621,6 +7623,7 @@ int wpa_supplicant_remove_iface(struct w
struct wpa_supplicant *parent = wpa_s->parent;
#endif /* CONFIG_MESH */
+ wpas_ucode_free_bss(wpa_s);
wpas_ubus_free_bss(wpa_s);
/* Remove interface from the global list of interfaces */
@@ -7931,6 +7934,7 @@ struct wpa_global * wpa_supplicant_init(
eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
wpas_periodic, global, NULL);
+ wpas_ucode_init(global);
return global;
}
@@ -7969,12 +7973,8 @@ int wpa_supplicant_run(struct wpa_global
eloop_register_signal_terminate(wpa_supplicant_terminate, global);
eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
- wpas_ubus_add(global);
-
eloop_run();
- wpas_ubus_free(global);
-
return 0;
}
@@ -8007,6 +8007,8 @@ void wpa_supplicant_deinit(struct wpa_gl
wpas_notify_supplicant_deinitialized(global);
+ wpas_ucode_free();
+
eap_peer_unregister_methods();
#ifdef CONFIG_AP
eap_server_unregister_methods();
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -22,6 +22,7 @@
#include "wmm_ac.h"
#include "pasn/pasn_common.h"
#include "ubus.h"
+#include "ucode.h"
extern const char *const wpa_supplicant_version;
extern const char *const wpa_supplicant_license;
@@ -689,6 +690,7 @@ struct wpa_supplicant {
unsigned char perm_addr[ETH_ALEN];
char ifname[100];
struct wpas_ubus_bss ubus;
+ struct wpas_ucode_bss ucode;
#ifdef CONFIG_MATCH_IFACE
int matched;
#endif /* CONFIG_MATCH_IFACE */
--- a/hostapd/ctrl_iface.c
+++ b/hostapd/ctrl_iface.c
@@ -4856,6 +4856,7 @@ try_again:
return -1;
}
+ interface->ctrl_iface_recv = hostapd_ctrl_iface_receive_process;
wpa_msg_register_cb(hostapd_ctrl_iface_msg_cb);
return 0;
@@ -4957,6 +4958,7 @@ fail:
os_free(fname);
interface->global_ctrl_sock = s;
+ interface->ctrl_iface_recv = hostapd_ctrl_iface_receive_process;
eloop_register_read_sock(s, hostapd_global_ctrl_iface_receive,
interface, NULL);
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -3787,6 +3787,25 @@ struct wpa_driver_ops {
const char *ifname);
/**
+ * if_rename - Rename a virtual interface
+ * @priv: Private driver interface data
+ * @type: Interface type
+ * @ifname: Interface name of the virtual interface to be renamed
+ * (NULL when renaming the AP BSS interface)
+ * @new_name: New interface name of the virtual interface
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*if_rename)(void *priv, enum wpa_driver_if_type type,
+ const char *ifname, const char *new_name);
+
+ /**
+ * set_first_bss - Make a virtual interface the first (primary) bss
+ * @priv: Private driver interface data
+ * Returns: 0 on success, -1 on failure
+ */
+ int (*set_first_bss)(void *priv);
+
+ /**
* set_sta_vlan - Bind a station into a specific interface (AP only)
* @priv: Private driver interface data
* @ifname: Interface (main or virtual BSS or VLAN)
@@ -6440,6 +6459,7 @@ union wpa_event_data {
/**
* struct ch_switch
+ * @count: Count until channel switch activates
* @freq: Frequency of new channel in MHz
* @ht_enabled: Whether this is an HT channel
* @ch_offset: Secondary channel offset
@@ -6450,6 +6470,7 @@ union wpa_event_data {
* @punct_bitmap: Puncturing bitmap
*/
struct ch_switch {
+ int count;
int freq;
int ht_enabled;
int ch_offset;
--- a/src/drivers/driver_nl80211_event.c
+++ b/src/drivers/driver_nl80211_event.c
@@ -1202,6 +1202,7 @@ static void mlme_event_ch_switch(struct
struct nlattr *bw, struct nlattr *cf1,
struct nlattr *cf2,
struct nlattr *punct_bitmap,
+ struct nlattr *count,
int finished)
{
struct i802_bss *bss;
@@ -1265,6 +1266,8 @@ static void mlme_event_ch_switch(struct
data.ch_switch.cf1 = nla_get_u32(cf1);
if (cf2)
data.ch_switch.cf2 = nla_get_u32(cf2);
+ if (count)
+ data.ch_switch.count = nla_get_u32(count);
if (finished)
bss->flink->freq = data.ch_switch.freq;
@@ -3912,6 +3915,7 @@ static void do_process_drv_event(struct
tb[NL80211_ATTR_CENTER_FREQ1],
tb[NL80211_ATTR_CENTER_FREQ2],
tb[NL80211_ATTR_PUNCT_BITMAP],
+ tb[NL80211_ATTR_CH_SWITCH_COUNT],
0);
break;
case NL80211_CMD_CH_SWITCH_NOTIFY:
@@ -3924,6 +3928,7 @@ static void do_process_drv_event(struct
tb[NL80211_ATTR_CENTER_FREQ1],
tb[NL80211_ATTR_CENTER_FREQ2],
tb[NL80211_ATTR_PUNCT_BITMAP],
+ NULL,
1);
break;
case NL80211_CMD_DISCONNECT:
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -5389,6 +5389,7 @@ void supplicant_event(void *ctx, enum wp
event_to_string(event), event);
#endif /* CONFIG_NO_STDOUT_DEBUG */
+ wpas_ucode_event(wpa_s, event, data);
switch (event) {
case EVENT_AUTH:
#ifdef CONFIG_FST
--- a/src/ap/ap_drv_ops.h
+++ b/src/ap/ap_drv_ops.h
@@ -393,6 +393,23 @@ static inline int hostapd_drv_stop_ap(st
return hapd->driver->stop_ap(hapd->drv_priv);
}
+static inline int hostapd_drv_if_rename(struct hostapd_data *hapd,
+ enum wpa_driver_if_type type,
+ const char *ifname,
+ const char *new_name)
+{
+ if (!hapd->driver || !hapd->driver->if_rename || !hapd->drv_priv)
+ return -1;
+ return hapd->driver->if_rename(hapd->drv_priv, type, ifname, new_name);
+}
+
+static inline int hostapd_drv_set_first_bss(struct hostapd_data *hapd)
+{
+ if (!hapd->driver || !hapd->driver->set_first_bss || !hapd->drv_priv)
+ return 0;
+ return hapd->driver->set_first_bss(hapd->drv_priv);
+}
+
static inline int hostapd_drv_channel_info(struct hostapd_data *hapd,
struct wpa_channel_info *ci)
{
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -1333,7 +1333,7 @@ static void wpa_driver_nl80211_event_rtm
}
wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)",
namebuf, ifname);
- if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
+ if (drv->first_bss->ifindex != ifi->ifi_index) {
wpa_printf(MSG_DEBUG,
"nl80211: Not the main interface (%s) - do not indicate interface down",
drv->first_bss->ifname);
@@ -1369,7 +1369,7 @@ static void wpa_driver_nl80211_event_rtm
}
wpa_printf(MSG_DEBUG, "nl80211: Interface up (%s/%s)",
namebuf, ifname);
- if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
+ if (drv->first_bss->ifindex != ifi->ifi_index) {
wpa_printf(MSG_DEBUG,
"nl80211: Not the main interface (%s) - do not indicate interface up",
drv->first_bss->ifname);
@@ -8432,6 +8432,7 @@ static void *i802_init(struct hostapd_da
char master_ifname[IFNAMSIZ];
int ifindex, br_ifindex = 0;
int br_added = 0;
+ int err;
bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
params->global_priv, 1,
@@ -8491,21 +8492,17 @@ static void *i802_init(struct hostapd_da
(params->num_bridge == 0 || !params->bridge[0]))
add_ifidx(drv, br_ifindex, drv->ifindex);
- if (bss->added_if_into_bridge || bss->already_in_bridge) {
- int err;
-
- drv->rtnl_sk = nl_socket_alloc();
- if (drv->rtnl_sk == NULL) {
- wpa_printf(MSG_ERROR, "nl80211: Failed to allocate nl_sock");
- goto failed;
- }
+ drv->rtnl_sk = nl_socket_alloc();
+ if (drv->rtnl_sk == NULL) {
+ wpa_printf(MSG_ERROR, "nl80211: Failed to allocate nl_sock");
+ goto failed;
+ }
- err = nl_connect(drv->rtnl_sk, NETLINK_ROUTE);
- if (err) {
- wpa_printf(MSG_ERROR, "nl80211: Failed to connect nl_sock to NETLINK_ROUTE: %s",
- nl_geterror(err));
- goto failed;
- }
+ err = nl_connect(drv->rtnl_sk, NETLINK_ROUTE);
+ if (err) {
+ wpa_printf(MSG_ERROR, "nl80211: Failed to connect nl_sock to NETLINK_ROUTE: %s",
+ nl_geterror(err));
+ goto failed;
}
if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
@@ -8875,6 +8872,50 @@ static int wpa_driver_nl80211_if_remove(
return 0;
}
+static int wpa_driver_nl80211_if_rename(struct i802_bss *bss,
+ enum wpa_driver_if_type type,
+ const char *ifname, const char *new_name)
+{
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+ struct ifinfomsg ifi = {
+ .ifi_family = AF_UNSPEC,
+ .ifi_index = bss->ifindex,
+ };
+ struct nl_msg *msg;
+ int res = -ENOMEM;
+
+ if (ifname)
+ ifi.ifi_index = if_nametoindex(ifname);
+
+ msg = nlmsg_alloc_simple(RTM_SETLINK, 0);
+ if (!msg)
+ return res;
+
+ if (nlmsg_append(msg, &ifi, sizeof(ifi), NLMSG_ALIGNTO) < 0)
+ goto out;
+
+ if (nla_put_string(msg, IFLA_IFNAME, new_name))
+ goto out;
+
+ res = nl_send_auto_complete(drv->rtnl_sk, msg);
+ if (res < 0)
+ goto out;
+
+ res = nl_wait_for_ack(drv->rtnl_sk);
+ if (res) {
+ wpa_printf(MSG_INFO,
+ "nl80211: Renaming device %s to %s failed: %s",
+ ifname ? ifname : bss->ifname, new_name, nl_geterror(res));
+ goto out;
+ }
+
+ if (type == WPA_IF_AP_BSS && !ifname)
+ os_strlcpy(bss->ifname, new_name, sizeof(bss->ifname));
+
+out:
+ nlmsg_free(msg);
+ return res;
+}
static int cookie_handler(struct nl_msg *msg, void *arg)
{
@@ -10513,6 +10554,37 @@ static int driver_nl80211_if_remove(void
}
+static int driver_nl80211_if_rename(void *priv, enum wpa_driver_if_type type,
+ const char *ifname, const char *new_name)
+{
+ struct i802_bss *bss = priv;
+ return wpa_driver_nl80211_if_rename(bss, type, ifname, new_name);
+}
+
+
+static int driver_nl80211_set_first_bss(void *priv)
+{
+ struct i802_bss *bss = priv, *tbss;
+ struct wpa_driver_nl80211_data *drv = bss->drv;
+
+ if (drv->first_bss == bss)
+ return 0;
+
+ for (tbss = drv->first_bss; tbss; tbss = tbss->next) {
+ if (tbss->next != bss)
+ continue;
+
+ tbss->next = bss->next;
+ bss->next = drv->first_bss;
+ drv->first_bss = bss;
+ drv->ctx = bss->ctx;
+ return 0;
+ }
+
+ return -1;
+}
+
+
static int driver_nl80211_send_mlme(void *priv, const u8 *data,
size_t data_len, int noack,
unsigned int freq,
@@ -13697,6 +13769,8 @@ const struct wpa_driver_ops wpa_driver_n
.set_acl = wpa_driver_nl80211_set_acl,
.if_add = wpa_driver_nl80211_if_add,
.if_remove = driver_nl80211_if_remove,
+ .if_rename = driver_nl80211_if_rename,
+ .set_first_bss = driver_nl80211_set_first_bss,
.send_mlme = driver_nl80211_send_mlme,
.get_hw_feature_data = nl80211_get_hw_feature_data,
.sta_add = wpa_driver_nl80211_sta_add,
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -547,11 +547,16 @@ static const char * sae_get_password(str
struct sae_pt **s_pt,
const struct sae_pk **s_pk)
{
+ struct hostapd_bss_config *conf = hapd->conf;
+ struct hostapd_ssid *ssid = &conf->ssid;
+ struct hostapd_sta_wpa_psk_short *psk;
const char *password = NULL;
- struct sae_password_entry *pw;
- struct sae_pt *pt = NULL;
- const struct sae_pk *pk = NULL;
- struct hostapd_sta_wpa_psk_short *psk = NULL;
+ struct sae_password_entry *pw = NULL;
+ struct sae_pt *pt = NULL;
+ const struct sae_pk *pk = NULL;
+
+ if (sta && sta->use_sta_psk)
+ goto use_sta_psk;
for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) {
if (!is_broadcast_ether_addr(pw->peer_addr) &&
@@ -582,6 +587,31 @@ static const char * sae_get_password(str
}
}
+use_sta_psk:
+ if (!password && sta) {
+ for (psk = sta->psk; psk; psk = psk->next) {
+ if (!psk->is_passphrase)
+ continue;
+
+ password = psk->passphrase;
+ if (!sta->use_sta_psk)
+ break;
+
+ if (sta->sae_pt) {
+ pt = sta->sae_pt;
+ break;
+ }
+
+ pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
+ ssid->ssid_len,
+ (const u8 *) password,
+ os_strlen(password),
+ NULL);
+ sta->sae_pt = pt;
+ break;
+ }
+ }
+
if (pw_entry)
*pw_entry = pw;
if (s_pt)
@@ -3105,6 +3135,12 @@ static void handle_auth(struct hostapd_d
goto fail;
}
+ res = hostapd_ucode_sta_auth(hapd, sta);
+ if (res) {
+ resp = res;
+ goto fail;
+ }
+
sta->flags &= ~WLAN_STA_PREAUTH;
ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -425,6 +425,9 @@ void ap_free_sta(struct hostapd_data *ha
forced_memzero(sta->last_tk, WPA_TK_MAX_LEN);
#endif /* CONFIG_TESTING_OPTIONS */
+ if (sta->sae_pt)
+ sae_deinit_pt(sta->sae_pt);
+
os_free(sta);
}
@@ -1326,6 +1329,8 @@ void ap_sta_set_authorized(struct hostap
sta->flags &= ~WLAN_STA_AUTHORIZED;
}
+ if (authorized)
+ hostapd_ucode_sta_connected(hapd, sta);
#ifdef CONFIG_P2P
if (hapd->p2p_group == NULL) {
if (sta->p2p_ie != NULL &&
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -198,6 +198,9 @@ struct sta_info {
int vlan_id_bound; /* updated by ap_sta_bind_vlan() */
/* PSKs from RADIUS authentication server */
struct hostapd_sta_wpa_psk_short *psk;
+ struct sae_pt *sae_pt;
+ int use_sta_psk;
+ int psk_idx;
char *identity; /* User-Name from RADIUS */
char *radius_cui; /* Chargeable-User-Identity from RADIUS */
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -341,6 +341,7 @@ static const u8 * hostapd_wpa_auth_get_p
struct sta_info *sta = ap_get_sta(hapd, addr);
const u8 *psk;
+ sta->psk_idx = 0;
if (vlan_id)
*vlan_id = 0;
if (psk_len)
@@ -387,13 +388,18 @@ static const u8 * hostapd_wpa_auth_get_p
* returned psk which should not be returned again.
* logic list (all hostapd_get_psk; all sta->psk)
*/
+ if (sta && sta->use_sta_psk)
+ psk = NULL;
if (sta && sta->psk && !psk) {
struct hostapd_sta_wpa_psk_short *pos;
+ int psk_idx;
if (vlan_id)
*vlan_id = 0;
psk = sta->psk->psk;
+ sta->psk_idx = psk_idx = 1;
for (pos = sta->psk; pos; pos = pos->next) {
+ psk_idx++;
if (pos->is_passphrase) {
if (pbkdf2_sha1(pos->passphrase,
hapd->conf->ssid.ssid,
@@ -406,10 +412,14 @@ static const u8 * hostapd_wpa_auth_get_p
pos->is_passphrase = 0;
}
if (pos->psk == prev_psk) {
+ sta->psk_idx = psk_idx;
psk = pos->next ? pos->next->psk : NULL;
break;
}
}
+
+ if (!psk)
+ sta->psk_idx = 0;
}
return psk;
}

22
feeds/hostapd/hostapd/patches/711-wds_bridge_force.patch
View File

@@ -1,22 +0,0 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2318,6 +2318,8 @@ static int hostapd_config_fill(struct ho
sizeof(conf->bss[0]->iface));
} else if (os_strcmp(buf, "bridge") == 0) {
os_strlcpy(bss->bridge, pos, sizeof(bss->bridge));
+ if (!bss->wds_bridge[0])
+ os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
} else if (os_strcmp(buf, "bridge_hairpin") == 0) {
bss->bridge_hairpin = atoi(pos);
} else if (os_strcmp(buf, "vlan_bridge") == 0) {
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -348,8 +348,6 @@ int hostapd_set_wds_sta(struct hostapd_d
return -1;
if (hapd->conf->wds_bridge[0])
bridge = hapd->conf->wds_bridge;
- else if (hapd->conf->bridge[0])
- bridge = hapd->conf->bridge;
return hapd->driver->set_wds_sta(hapd->drv_priv, addr, aid, val,
bridge, ifname_wds);
}

81
feeds/hostapd/hostapd/patches/720-iface_max_num_sta.patch
View File

@@ -1,81 +0,0 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2848,6 +2848,14 @@ static int hostapd_config_fill(struct ho
line, bss->max_num_sta, MAX_STA_COUNT);
return 1;
}
+ } else if (os_strcmp(buf, "iface_max_num_sta") == 0) {
+ conf->max_num_sta = atoi(pos);
+ if (conf->max_num_sta < 0 ||
+ conf->max_num_sta > MAX_STA_COUNT) {
+ wpa_printf(MSG_ERROR, "Line %d: Invalid max_num_sta=%d; allowed range 0..%d",
+ line, conf->max_num_sta, MAX_STA_COUNT);
+ return 1;
+ }
} else if (os_strcmp(buf, "wpa") == 0) {
bss->wpa = atoi(pos);
} else if (os_strcmp(buf, "extended_key_id") == 0) {
--- a/src/ap/hostapd.h
+++ b/src/ap/hostapd.h
@@ -742,6 +742,7 @@ void hostapd_cleanup_cs_params(struct ho
void hostapd_periodic_iface(struct hostapd_iface *iface);
int hostapd_owe_trans_get_info(struct hostapd_data *hapd);
void hostapd_ocv_check_csa_sa_query(void *eloop_ctx, void *timeout_ctx);
+int hostapd_check_max_sta(struct hostapd_data *hapd);
void hostapd_switch_color(struct hostapd_data *hapd, u64 bitmap);
void hostapd_cleanup_cca_params(struct hostapd_data *hapd);
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -244,6 +244,29 @@ static int hostapd_iface_conf_changed(st
return 0;
}
+static inline int hostapd_iface_num_sta(struct hostapd_iface *iface)
+{
+ int num_sta = 0;
+ int i;
+
+ for (i = 0; i < iface->num_bss; i++)
+ num_sta += iface->bss[i]->num_sta;
+
+ return num_sta;
+}
+
+
+int hostapd_check_max_sta(struct hostapd_data *hapd)
+{
+ if (hapd->num_sta >= hapd->conf->max_num_sta)
+ return 1;
+
+ if (hapd->iconf->max_num_sta &&
+ hostapd_iface_num_sta(hapd->iface) >= hapd->iconf->max_num_sta)
+ return 1;
+
+ return 0;
+}
int hostapd_reload_config(struct hostapd_iface *iface)
{
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -1252,7 +1252,7 @@ void handle_probe_req(struct hostapd_dat
if (hapd->conf->no_probe_resp_if_max_sta &&
is_multicast_ether_addr(mgmt->da) &&
is_multicast_ether_addr(mgmt->bssid) &&
- hapd->num_sta >= hapd->conf->max_num_sta &&
+ hostapd_check_max_sta(hapd) &&
!ap_get_sta(hapd, mgmt->sa)) {
wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR
" since no room for additional STA",
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -1039,6 +1039,8 @@ struct hostapd_config {
unsigned int track_sta_max_num;
unsigned int track_sta_max_age;
+ int max_num_sta;
+
char country[3]; /* first two octets: country code as described in
* ISO/IEC 3166-1. Third octet:
* ' ' (ascii 32): all environments

139
feeds/hostapd/hostapd/patches/740-snoop_iface.patch
View File

@@ -1,139 +0,0 @@
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -284,6 +284,7 @@ struct hostapd_bss_config {
char iface[IFNAMSIZ + 1];
char bridge[IFNAMSIZ + 1];
char ft_iface[IFNAMSIZ + 1];
+ char snoop_iface[IFNAMSIZ + 1];
char vlan_bridge[IFNAMSIZ + 1];
char wds_bridge[IFNAMSIZ + 1];
int bridge_hairpin; /* hairpin_mode on bridge members */
--- a/src/ap/x_snoop.c
+++ b/src/ap/x_snoop.c
@@ -33,28 +33,31 @@ int x_snoop_init(struct hostapd_data *ha
hapd->x_snoop_initialized = true;
- if (hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE,
+ if (!conf->snoop_iface[0] &&
+ hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE,
1)) {
wpa_printf(MSG_DEBUG,
"x_snoop: Failed to enable hairpin_mode on the bridge port");
return -1;
}
- if (hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_PROXYARP, 1)) {
+ if (!conf->snoop_iface[0] &&
+ hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_PROXYARP, 1)) {
wpa_printf(MSG_DEBUG,
"x_snoop: Failed to enable proxyarp on the bridge port");
return -1;
}
if (hostapd_drv_br_set_net_param(hapd, DRV_BR_NET_PARAM_GARP_ACCEPT,
- 1)) {
+ conf->snoop_iface[0] ? conf->snoop_iface : NULL, 1)) {
wpa_printf(MSG_DEBUG,
"x_snoop: Failed to enable accepting gratuitous ARP on the bridge");
return -1;
}
#ifdef CONFIG_IPV6
- if (hostapd_drv_br_set_net_param(hapd, DRV_BR_MULTICAST_SNOOPING, 1)) {
+ if (!conf->snoop_iface[0] &&
+ hostapd_drv_br_set_net_param(hapd, DRV_BR_MULTICAST_SNOOPING, NULL, 1)) {
wpa_printf(MSG_DEBUG,
"x_snoop: Failed to enable multicast snooping on the bridge");
return -1;
@@ -73,8 +76,12 @@ x_snoop_get_l2_packet(struct hostapd_dat
{
struct hostapd_bss_config *conf = hapd->conf;
struct l2_packet_data *l2;
+ const char *ifname = conf->bridge;
+
+ if (conf->snoop_iface[0])
+ ifname = conf->snoop_iface;
- l2 = l2_packet_init(conf->bridge, NULL, ETH_P_ALL, handler, hapd, 1);
+ l2 = l2_packet_init(ifname, NULL, ETH_P_ALL, handler, hapd, 1);
if (l2 == NULL) {
wpa_printf(MSG_DEBUG,
"x_snoop: Failed to initialize L2 packet processing %s",
@@ -127,9 +134,12 @@ void x_snoop_mcast_to_ucast_convert_send
void x_snoop_deinit(struct hostapd_data *hapd)
{
+ struct hostapd_bss_config *conf = hapd->conf;
+
if (!hapd->x_snoop_initialized)
return;
- hostapd_drv_br_set_net_param(hapd, DRV_BR_NET_PARAM_GARP_ACCEPT, 0);
+ hostapd_drv_br_set_net_param(hapd, DRV_BR_NET_PARAM_GARP_ACCEPT,
+ conf->snoop_iface[0] ? conf->snoop_iface : NULL, 0);
hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_PROXYARP, 0);
hostapd_drv_br_port_set_attr(hapd, DRV_BR_PORT_ATTR_HAIRPIN_MODE, 0);
hapd->x_snoop_initialized = false;
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -2322,6 +2322,8 @@ static int hostapd_config_fill(struct ho
os_strlcpy(bss->wds_bridge, pos, sizeof(bss->wds_bridge));
} else if (os_strcmp(buf, "bridge_hairpin") == 0) {
bss->bridge_hairpin = atoi(pos);
+ } else if (os_strcmp(buf, "snoop_iface") == 0) {
+ os_strlcpy(bss->snoop_iface, pos, sizeof(bss->snoop_iface));
} else if (os_strcmp(buf, "vlan_bridge") == 0) {
os_strlcpy(bss->vlan_bridge, pos, sizeof(bss->vlan_bridge));
} else if (os_strcmp(buf, "wds_bridge") == 0) {
--- a/src/ap/ap_drv_ops.h
+++ b/src/ap/ap_drv_ops.h
@@ -366,12 +366,12 @@ static inline int hostapd_drv_br_port_se
static inline int hostapd_drv_br_set_net_param(struct hostapd_data *hapd,
enum drv_br_net_param param,
- unsigned int val)
+ const char *ifname, unsigned int val)
{
if (hapd->driver == NULL || hapd->drv_priv == NULL ||
hapd->driver->br_set_net_param == NULL)
return -1;
- return hapd->driver->br_set_net_param(hapd->drv_priv, param, val);
+ return hapd->driver->br_set_net_param(hapd->drv_priv, param, ifname, val);
}
static inline int hostapd_drv_vendor_cmd(struct hostapd_data *hapd,
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -4209,7 +4209,7 @@ struct wpa_driver_ops {
* Returns: 0 on success, negative (<0) on failure
*/
int (*br_set_net_param)(void *priv, enum drv_br_net_param param,
- unsigned int val);
+ const char *ifname, unsigned int val);
/**
* get_wowlan - Get wake-on-wireless status
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -12168,7 +12168,7 @@ static const char * drv_br_net_param_str
static int wpa_driver_br_set_net_param(void *priv, enum drv_br_net_param param,
- unsigned int val)
+ const char *ifname, unsigned int val)
{
struct i802_bss *bss = priv;
char path[128];
@@ -12194,8 +12194,11 @@ static int wpa_driver_br_set_net_param(v
return -EINVAL;
}
+ if (!ifname)
+ ifname = bss->brname;
+
os_snprintf(path, sizeof(path), "/proc/sys/net/ipv%d/conf/%s/%s",
- ip_version, bss->brname, param_txt);
+ ip_version, ifname, param_txt);
set_val:
if (linux_write_system_file(path, val))

113
feeds/hostapd/hostapd/patches/750-wispr.patch
View File

@@ -1,113 +0,0 @@
Index: hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
===================================================================
--- hostapd-2021-02-20-59e9794c.orig/src/ap/ieee802_1x.c
+++ hostapd-2021-02-20-59e9794c/src/ap/ieee802_1x.c
@@ -1904,6 +1904,25 @@ static int ieee802_1x_update_vlan(struct
}
#endif /* CONFIG_NO_VLAN */
+static int ieee802_1x_update_wispr(struct hostapd_data *hapd,
+ struct sta_info *sta,
+ struct radius_msg *msg)
+{
+ memset(sta->bandwidth, 0, sizeof(sta->bandwidth));
+
+ if (radius_msg_get_wispr(msg, &sta->bandwidth))
+ return 0;
+
+ if (!sta->bandwidth[0] && !sta->bandwidth[1])
+ return 0;
+
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
+ HOSTAPD_LEVEL_INFO,
+ "received wispr bandwidth from RADIUS server %d/%d",
+ sta->bandwidth[0], sta->bandwidth[1]);
+
+ return 0;
+}
/**
* ieee802_1x_receive_auth - Process RADIUS frames from Authentication Server
@@ -2029,6 +2048,7 @@ ieee802_1x_receive_auth(struct radius_ms
ieee802_1x_check_hs20(hapd, sta, msg,
session_timeout_set ?
(int) session_timeout : -1);
+ ieee802_1x_update_wispr(hapd, sta, msg);
break;
case RADIUS_CODE_ACCESS_REJECT:
sm->eap_if->aaaFail = true;
Index: hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
===================================================================
--- hostapd-2021-02-20-59e9794c.orig/src/ap/sta_info.h
+++ hostapd-2021-02-20-59e9794c/src/ap/sta_info.h
@@ -117,6 +117,7 @@ struct sta_info {
u8 supported_rates[WLAN_SUPP_RATES_MAX];
int supported_rates_len;
u8 qosinfo; /* Valid when WLAN_STA_WMM is set */
+ u32 bandwidth[2];
#ifdef CONFIG_MESH
enum mesh_plink_state plink_state;
Index: hostapd-2021-02-20-59e9794c/src/radius/radius.c
===================================================================
--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.c
+++ hostapd-2021-02-20-59e9794c/src/radius/radius.c
@@ -1182,6 +1182,35 @@ radius_msg_get_cisco_keys(struct radius_
return keys;
}
+#define RADIUS_VENDOR_ID_WISPR 14122
+#define RADIUS_WISPR_AV_BW_UP 7
+#define RADIUS_WISPR_AV_BW_DOWN 8
+
+int
+radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth)
+{
+ int i;
+
+ if (msg == NULL || bandwidth == NULL)
+ return 1;
+
+ for (i = 0; i < 2; i++) {
+ size_t keylen;
+ u8 *key;
+
+ key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_WISPR,
+ RADIUS_WISPR_AV_BW_UP + i, &keylen);
+ if (!key)
+ continue;
+
+ if (keylen == 4)
+ bandwidth[i] = ntohl(*((u32 *)key));
+ os_free(key);
+ }
+
+ return 0;
+}
+
int radius_msg_add_mppe_keys(struct radius_msg *msg,
const u8 *req_authenticator,
Index: hostapd-2021-02-20-59e9794c/src/radius/radius.h
===================================================================
--- hostapd-2021-02-20-59e9794c.orig/src/radius/radius.h
+++ hostapd-2021-02-20-59e9794c/src/radius/radius.h
@@ -205,6 +205,10 @@ enum {
RADIUS_VENDOR_ATTR_WFA_HS20_T_C_URL = 10,
};
+#define RADIUS_VENDOR_ID_WISPR 14122
+#define RADIUS_WISPR_AV_BW_UP 7
+#define RADIUS_WISPR_AV_BW_DOWN 8
+
#ifdef _MSC_VER
#pragma pack(pop)
#endif /* _MSC_VER */
@@ -277,6 +281,7 @@ radius_msg_get_ms_keys(struct radius_msg
struct radius_ms_mppe_keys *
radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
const u8 *secret, size_t secret_len);
+int radius_msg_get_wispr(struct radius_msg *msg, u32 *bandwidth);
int radius_msg_add_mppe_keys(struct radius_msg *msg,
const u8 *req_authenticator,
const u8 *secret, size_t secret_len,

539
feeds/hostapd/hostapd/patches/751-wispr-ft.patch
View File

@@ -1,539 +0,0 @@
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -16,7 +16,11 @@
struct vlan_description;
struct mld_info;
-
+struct rate_description {
+ u32 rx;
+ u32 tx;
+};
+
#define MAX_OWN_IE_OVERRIDE 256
#ifdef _MSC_VER
@@ -88,6 +92,7 @@ struct ft_rrb_frame {
#define FT_RRB_IDENTITY 15
#define FT_RRB_RADIUS_CUI 16
#define FT_RRB_SESSION_TIMEOUT 17 /* le32 seconds */
+#define FT_RRB_RATE_LIMIT 18
struct ft_rrb_tlv {
le16 type;
@@ -368,6 +373,10 @@ struct wpa_auth_callbacks {
struct vlan_description *vlan);
int (*get_vlan)(void *ctx, const u8 *sta_addr,
struct vlan_description *vlan);
+ int (*set_rate_limit)(void *ctx, const u8 *sta_addr,
+ struct rate_description *rate);
+ int (*get_rate_limit)(void *ctx, const u8 *sta_addr,
+ struct rate_description *rate);
int (*set_identity)(void *ctx, const u8 *sta_addr,
const u8 *identity, size_t identity_len);
size_t (*get_identity)(void *ctx, const u8 *sta_addr, const u8 **buf);
@@ -536,7 +545,7 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
struct vlan_description *vlan,
const u8 **identity, size_t *identity_len,
const u8 **radius_cui, size_t *radius_cui_len,
- int *session_timeout);
+ int *session_timeout, struct rate_description *rate);
#endif /* CONFIG_IEEE80211R_AP */
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1200,6 +1200,40 @@ static int hostapd_wpa_auth_get_vlan(voi
}
+static int hostapd_wpa_auth_set_rate_limit(void *ctx, const u8 *sta_addr,
+ struct rate_description *rate)
+{
+ struct hostapd_data *hapd = ctx;
+ struct sta_info *sta;
+
+ sta = ap_get_sta(hapd, sta_addr);
+ if (!sta || !sta->wpa_sm)
+ return -1;
+
+ memcpy(sta->bandwidth, rate, sizeof(*rate));
+ hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
+ HOSTAPD_LEVEL_INFO, "rate-limit %d %d", sta->bandwidth[0], sta->bandwidth[1]);
+
+ return 0;
+}
+
+
+static int hostapd_wpa_auth_get_rate_limit(void *ctx, const u8 *sta_addr,
+ struct rate_description *rate)
+{
+ struct hostapd_data *hapd = ctx;
+ struct sta_info *sta;
+
+ sta = ap_get_sta(hapd, sta_addr);
+ if (!sta)
+ return -1;
+
+ memcpy(rate, sta->bandwidth, sizeof(*rate));
+
+ return 0;
+}
+
+
static int
hostapd_wpa_auth_set_identity(void *ctx, const u8 *sta_addr,
const u8 *identity, size_t identity_len)
@@ -1640,6 +1674,8 @@ int hostapd_setup_wpa(struct hostapd_dat
.add_tspec = hostapd_wpa_auth_add_tspec,
.set_vlan = hostapd_wpa_auth_set_vlan,
.get_vlan = hostapd_wpa_auth_get_vlan,
+ .set_rate_limit = hostapd_wpa_auth_set_rate_limit,
+ .get_rate_limit = hostapd_wpa_auth_get_rate_limit,
.set_identity = hostapd_wpa_auth_set_identity,
.get_identity = hostapd_wpa_auth_get_identity,
.set_radius_cui = hostapd_wpa_auth_set_radius_cui,
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -379,6 +379,14 @@ static size_t wpa_ft_vlan_len(const stru
return tlv_len;
}
+static size_t wpa_ft_rate_limit_len(const struct rate_description *rate)
+{
+ if (!rate || (!rate->rx && !rate->tx))
+ return 0;
+
+ return (sizeof(struct ft_rrb_tlv) + 8);
+}
+
static size_t wpa_ft_vlan_lin(const struct vlan_description *vlan,
u8 *start, u8 *endpos)
@@ -434,10 +442,48 @@ static size_t wpa_ft_vlan_lin(const stru
}
+static size_t wpa_ft_rate_limit_lin(const struct rate_description *rate,
+ u8 *start, u8 *endpos)
+{
+ size_t tlv_len;
+ int i, len;
+ struct ft_rrb_tlv *hdr;
+ u8 *pos = start;
+
+ if (!rate)
+ return 0;
+
+ tlv_len = 0;
+ if (rate->rx || rate->tx) {
+ tlv_len += sizeof(*hdr);
+ if (start + tlv_len > endpos)
+ return tlv_len;
+ hdr = (struct ft_rrb_tlv *) pos;
+ hdr->type = host_to_le16(FT_RRB_RATE_LIMIT);
+ hdr->len = host_to_le16(2 * sizeof(le32));
+ pos = start + tlv_len;
+
+ tlv_len += sizeof(u32);
+ if (start + tlv_len > endpos)
+ return tlv_len;
+ WPA_PUT_LE32(pos, rate->rx);
+ pos = start + tlv_len;
+ tlv_len += sizeof(u32);
+ if (start + tlv_len > endpos)
+ return tlv_len;
+ WPA_PUT_LE32(pos, rate->tx);
+ pos = start + tlv_len;
+ }
+
+ return tlv_len;
+}
+
+
static int wpa_ft_rrb_lin(const struct tlv_list *tlvs1,
const struct tlv_list *tlvs2,
const struct vlan_description *vlan,
- u8 **plain, size_t *plain_len)
+ u8 **plain, size_t *plain_len,
+ const struct rate_description *rate)
{
u8 *pos, *endpos;
size_t tlv_len;
@@ -445,6 +491,7 @@ static int wpa_ft_rrb_lin(const struct t
tlv_len = wpa_ft_tlv_len(tlvs1);
tlv_len += wpa_ft_tlv_len(tlvs2);
tlv_len += wpa_ft_vlan_len(vlan);
+ tlv_len += wpa_ft_rate_limit_len(rate);
*plain_len = tlv_len;
*plain = os_zalloc(tlv_len);
@@ -458,6 +505,7 @@ static int wpa_ft_rrb_lin(const struct t
pos += wpa_ft_tlv_lin(tlvs1, pos, endpos);
pos += wpa_ft_tlv_lin(tlvs2, pos, endpos);
pos += wpa_ft_vlan_lin(vlan, pos, endpos);
+ pos += wpa_ft_rate_limit_lin(rate, pos, endpos);
/* validity check */
if (pos != endpos) {
@@ -526,7 +574,8 @@ static int wpa_ft_rrb_build(const u8 *ke
const struct tlv_list *tlvs_auth,
const struct vlan_description *vlan,
const u8 *src_addr, u8 type,
- u8 **packet, size_t *packet_len)
+ u8 **packet, size_t *packet_len,
+ const struct rate_description *rate)
{
u8 *plain = NULL, *auth = NULL, *pos, *tmp;
size_t plain_len = 0, auth_len = 0;
@@ -534,10 +583,10 @@ static int wpa_ft_rrb_build(const u8 *ke
size_t pad_len = 0;
*packet = NULL;
- if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len) < 0)
+ if (wpa_ft_rrb_lin(tlvs_enc0, tlvs_enc1, vlan, &plain, &plain_len, rate) < 0)
goto out;
- if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len) < 0)
+ if (wpa_ft_rrb_lin(tlvs_auth, NULL, NULL, &auth, &auth_len, NULL) < 0)
goto out;
*packet_len = sizeof(u16) + auth_len + plain_len;
@@ -700,6 +749,24 @@ static int wpa_ft_get_vlan(struct wpa_au
}
+static int wpa_ft_get_rate_limit(struct wpa_authenticator *wpa_auth,
+ const u8 *sta_addr, struct rate_description *rate)
+{
+ if (!wpa_auth->cb->get_rate_limit)
+ return -1;
+ return wpa_auth->cb->get_rate_limit(wpa_auth->cb_ctx, sta_addr, rate);
+}
+
+
+static int wpa_ft_set_rate_limit(struct wpa_authenticator *wpa_auth,
+ const u8 *sta_addr, struct rate_description *rate)
+{
+ if (!wpa_auth->cb->set_rate_limit)
+ return -1;
+ return wpa_auth->cb->set_rate_limit(wpa_auth->cb_ctx, sta_addr, rate);
+}
+
+
static int
wpa_ft_set_identity(struct wpa_authenticator *wpa_auth, const u8 *sta_addr,
const u8 *identity, size_t identity_len)
@@ -1025,7 +1092,7 @@ wpa_ft_rrb_seq_req(struct wpa_authentica
if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_req_auth, NULL,
wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_REQ,
- &packet, &packet_len) < 0) {
+ &packet, &packet_len, NULL) < 0) {
item = NULL; /* some other seq resp might still accept this */
goto err;
}
@@ -1208,6 +1275,7 @@ struct wpa_ft_pmk_r0_sa {
u8 spa[ETH_ALEN];
int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
struct vlan_description *vlan;
+ struct rate_description *rate;
os_time_t expiration; /* 0 for no expiration */
u8 *identity;
size_t identity_len;
@@ -1226,6 +1294,7 @@ struct wpa_ft_pmk_r1_sa {
u8 spa[ETH_ALEN];
int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */
struct vlan_description *vlan;
+ struct rate_description *rate;
u8 *identity;
size_t identity_len;
u8 *radius_cui;
@@ -1254,6 +1323,7 @@ static void wpa_ft_free_pmk_r0(struct wp
os_memset(r0->pmk_r0, 0, PMK_LEN_MAX);
os_free(r0->vlan);
+ os_free(r0->rate);
os_free(r0->identity);
os_free(r0->radius_cui);
os_free(r0);
@@ -1307,6 +1377,7 @@ static void wpa_ft_free_pmk_r1(struct wp
eloop_cancel_timeout(wpa_ft_expire_pmk_r1, r1, NULL);
os_memset(r1->pmk_r1, 0, PMK_LEN_MAX);
+ os_free(r1->rate);
os_free(r1->vlan);
os_free(r1->identity);
os_free(r1->radius_cui);
@@ -1360,7 +1431,8 @@ static int wpa_ft_store_pmk_r0(struct wp
const struct vlan_description *vlan,
int expires_in, int session_timeout,
const u8 *identity, size_t identity_len,
- const u8 *radius_cui, size_t radius_cui_len)
+ const u8 *radius_cui, size_t radius_cui_len,
+ struct rate_description *rate)
{
struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
struct wpa_ft_pmk_r0_sa *r0;
@@ -1388,6 +1460,14 @@ static int wpa_ft_store_pmk_r0(struct wp
}
*r0->vlan = *vlan;
}
+ if (rate) {
+ r0->rate = os_zalloc(sizeof(*rate));
+ if (!r0->rate) {
+ bin_clear_free(r0, sizeof(*r0));
+ return -1;
+ }
+ *r0->rate = *rate;
+ }
if (identity) {
r0->identity = os_malloc(identity_len);
if (r0->identity) {
@@ -1447,7 +1527,8 @@ static int wpa_ft_store_pmk_r1(struct wp
const struct vlan_description *vlan,
int expires_in, int session_timeout,
const u8 *identity, size_t identity_len,
- const u8 *radius_cui, size_t radius_cui_len)
+ const u8 *radius_cui, size_t radius_cui_len,
+ struct rate_description *rate)
{
struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
int max_expires_in = wpa_auth->conf.r1_max_key_lifetime;
@@ -1477,6 +1558,14 @@ static int wpa_ft_store_pmk_r1(struct wp
}
*r1->vlan = *vlan;
}
+ if (rate) {
+ r1->rate = os_zalloc(sizeof(*rate));
+ if (!r1->rate) {
+ bin_clear_free(r1, sizeof(*r1));
+ return -1;
+ }
+ *r1->rate = *rate;
+ }
if (identity) {
r1->identity = os_malloc(identity_len);
if (r1->identity) {
@@ -1513,7 +1602,7 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
struct vlan_description *vlan,
const u8 **identity, size_t *identity_len,
const u8 **radius_cui, size_t *radius_cui_len,
- int *session_timeout)
+ int *session_timeout, struct rate_description *rate)
{
struct wpa_ft_pmk_cache *cache = wpa_auth->ft_pmk_cache;
struct wpa_ft_pmk_r1_sa *r1;
@@ -1533,6 +1622,12 @@ int wpa_ft_fetch_pmk_r1(struct wpa_authe
*vlan = *r1->vlan;
if (vlan && !r1->vlan)
os_memset(vlan, 0, sizeof(*vlan));
+ if (rate) {
+ if (r1->rate)
+ *rate = *r1->rate;
+ else
+ memset(rate, 0, sizeof(*rate));
+ }
if (identity && identity_len) {
*identity = r1->identity;
*identity_len = r1->identity_len;
@@ -2059,7 +2154,7 @@ static int wpa_ft_pull_pmk_r1(struct wpa
if (wpa_ft_rrb_build(key, key_len, req_enc, NULL, req_auth, NULL,
sm->wpa_auth->addr, FT_PACKET_R0KH_R1KH_PULL,
- &packet, &packet_len) < 0)
+ &packet, &packet_len, NULL) < 0)
return -1;
ft_pending_req_ies = wpabuf_alloc_copy(ies, ies_len);
@@ -2088,6 +2183,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
{
int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
struct vlan_description vlan;
+ struct rate_description rate;
const u8 *identity, *radius_cui;
size_t identity_len, radius_cui_len;
int session_timeout;
@@ -2099,6 +2195,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
MAC2STR(sm->addr));
return -1;
}
+ wpa_ft_get_rate_limit(sm->wpa_auth, sm->addr, &rate);
identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
@@ -2108,7 +2205,7 @@ int wpa_ft_store_pmk_fils(struct wpa_sta
return wpa_ft_store_pmk_r0(sm->wpa_auth, sm->addr, pmk_r0, pmk_r0_len,
pmk_r0_name, sm->pairwise, &vlan, expires_in,
session_timeout, identity, identity_len,
- radius_cui, radius_cui_len);
+ radius_cui, radius_cui_len, &rate);
}
@@ -2172,6 +2269,7 @@ void wpa_auth_ft_store_keys(struct wpa_s
int psk_local = sm->wpa_auth->conf.ft_psk_generate_local;
int expires_in = sm->wpa_auth->conf.r0_key_lifetime;
struct vlan_description vlan;
+ struct rate_description rate;
const u8 *identity, *radius_cui;
size_t identity_len, radius_cui_len;
int session_timeout;
@@ -2185,6 +2283,8 @@ void wpa_auth_ft_store_keys(struct wpa_s
return;
}
+ wpa_ft_get_rate_limit(sm->wpa_auth, sm->addr, &rate);
+
identity_len = wpa_ft_get_identity(sm->wpa_auth, sm->addr, &identity);
radius_cui_len = wpa_ft_get_radius_cui(sm->wpa_auth, sm->addr,
&radius_cui);
@@ -2195,11 +2295,12 @@ void wpa_auth_ft_store_keys(struct wpa_s
pmk_r0_name,
sm->pairwise, &vlan, expires_in,
session_timeout, identity, identity_len,
- radius_cui, radius_cui_len);
+ radius_cui, radius_cui_len, &rate);
wpa_ft_store_pmk_r1(sm->wpa_auth, sm->addr, pmk_r1, key_len,
sm->pmk_r1_name, sm->pairwise, &vlan,
expires_in, session_timeout, identity,
- identity_len, radius_cui, radius_cui_len);
+ identity_len, radius_cui, radius_cui_len,
+ &rate);
}
@@ -3100,7 +3201,8 @@ static int wpa_ft_local_derive_pmk_r1(st
const u8 **radius_cui,
size_t *radius_cui_len,
int *out_session_timeout,
- size_t *pmk_r1_len)
+ size_t *pmk_r1_len,
+ struct rate_description *rate)
{
struct wpa_auth_config *conf = &wpa_auth->conf;
const struct wpa_ft_pmk_r0_sa *r0;
@@ -3136,7 +3238,8 @@ static int wpa_ft_local_derive_pmk_r1(st
out_pmk_r1_name,
sm->pairwise, r0->vlan, expires_in, session_timeout,
r0->identity, r0->identity_len,
- r0->radius_cui, r0->radius_cui_len);
+ r0->radius_cui, r0->radius_cui_len,
+ r0->rate);
*out_pairwise = sm->pairwise;
if (vlan) {
@@ -3146,6 +3249,13 @@ static int wpa_ft_local_derive_pmk_r1(st
os_memset(vlan, 0, sizeof(*vlan));
}
+ if (rate) {
+ if (r0->rate)
+ *rate = *r0->rate;
+ else
+ os_memset(rate, 0, sizeof(*rate));
+ }
+
if (identity && identity_len) {
*identity = r0->identity;
*identity_len = r0->identity_len;
@@ -3178,6 +3288,7 @@ static int wpa_ft_process_auth_req(struc
u8 *pos, *end;
int pairwise, session_timeout = 0;
struct vlan_description vlan;
+ struct rate_description rate = {};
const u8 *identity, *radius_cui;
size_t identity_len = 0, radius_cui_len = 0;
size_t pmk_r1_len, kdk_len, len;
@@ -3274,7 +3385,7 @@ static int wpa_ft_process_auth_req(struc
pmk_r1, &pmk_r1_len, &pairwise, &vlan,
&identity, &identity_len, &radius_cui,
&radius_cui_len,
- &session_timeout) == 0) {
+ &session_timeout, &rate) == 0) {
wpa_printf(MSG_DEBUG,
"FT: Found PMKR1Name (using SHA%zu) from local cache",
pmk_r1_len * 8);
@@ -3290,7 +3401,7 @@ static int wpa_ft_process_auth_req(struc
pmk_r1_name, pmk_r1, &pairwise,
&vlan, &identity, &identity_len,
&radius_cui, &radius_cui_len,
- &session_timeout, &pmk_r1_len) == 0) {
+ &session_timeout, &pmk_r1_len, &rate) == 0) {
wpa_printf(MSG_DEBUG,
"FT: Generated PMK-R1 based on local PMK-R0");
goto pmk_r1_derived;
@@ -3392,6 +3503,7 @@ pmk_r1_derived:
wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN");
goto out;
}
+ wpa_ft_set_rate_limit(sm->wpa_auth, sm->addr, &rate);
if (wpa_ft_set_identity(sm->wpa_auth, sm->addr,
identity, identity_len) < 0 ||
wpa_ft_set_radius_cui(sm->wpa_auth, sm->addr,
@@ -3973,7 +4085,7 @@ static int wpa_ft_rrb_build_r0(const u8
ret = wpa_ft_rrb_build(key, key_len, tlvs, sess_tlv, tlv_auth,
pmk_r0->vlan, src_addr, type,
- packet, packet_len);
+ packet, packet_len, pmk_r0->rate);
forced_memzero(pmk_r1, sizeof(pmk_r1));
@@ -4113,7 +4225,7 @@ static int wpa_ft_rrb_rx_pull(struct wpa
ret = wpa_ft_rrb_build(key, key_len, resp, NULL, resp_auth,
NULL, wpa_auth->addr,
FT_PACKET_R0KH_R1KH_RESP,
- &packet, &packet_len);
+ &packet, &packet_len, NULL);
} else {
ret = wpa_ft_rrb_build_r0(key, key_len, resp, r0, f_r1kh_id,
f_s1kh_id, resp_auth, wpa_auth->addr,
@@ -4165,11 +4277,15 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
size_t f_expires_in_len;
size_t f_identity_len, f_radius_cui_len;
size_t f_session_timeout_len;
+ size_t f_rate_len;
+ const u8 *f_rate;
int pairwise;
int ret = -1;
int expires_in;
int session_timeout;
struct vlan_description vlan;
+ struct rate_description rate;
+ int has_rate = 0;
size_t pmk_r1_len;
RRB_GET_AUTH(FT_RRB_R0KH_ID, r0kh_id, msgtype, -1);
@@ -4279,6 +4395,13 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
wpa_printf(MSG_DEBUG, "FT: vlan %d%s",
le_to_host16(vlan.untagged), vlan.tagged[0] ? "+" : "");
+ RRB_GET_OPTIONAL(FT_RRB_RATE_LIMIT, rate, msgtype, 2 * sizeof(le32));
+ if (f_rate) {
+ memcpy(&rate, f_rate, sizeof(rate));
+ rate.rx = le_to_host32(rate.rx);
+ rate.tx = le_to_host32(rate.tx);
+ has_rate = 1;
+ };
RRB_GET_OPTIONAL(FT_RRB_IDENTITY, identity, msgtype, -1);
if (f_identity)
wpa_hexdump_ascii(MSG_DEBUG, "FT: Identity", f_identity,
@@ -4301,7 +4424,7 @@ static int wpa_ft_rrb_rx_r1(struct wpa_a
f_pmk_r1_name,
pairwise, &vlan, expires_in, session_timeout,
f_identity, f_identity_len, f_radius_cui,
- f_radius_cui_len) < 0)
+ f_radius_cui_len, has_rate ? &rate : 0) < 0)
goto out;
ret = 0;
@@ -4614,7 +4737,7 @@ static int wpa_ft_rrb_rx_seq_req(struct
if (wpa_ft_rrb_build(key, key_len, NULL, NULL, seq_resp_auth, NULL,
wpa_auth->addr, FT_PACKET_R0KH_R1KH_SEQ_RESP,
- &packet, &packet_len) < 0)
+ &packet, &packet_len, NULL) < 0)
goto out;
wpa_ft_rrb_oui_send(wpa_auth, src_addr,

298
feeds/hostapd/hostapd/patches/761-shared_das_port.patch
View File

@@ -1,298 +0,0 @@
--- a/src/radius/radius_das.h
+++ b/src/radius/radius_das.h
@@ -44,6 +44,7 @@ struct radius_das_attrs {
struct radius_das_conf {
int port;
const u8 *shared_secret;
+ const u8 *nas_identifier;
size_t shared_secret_len;
const struct hostapd_ip_addr *client_addr;
unsigned int time_window;
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1423,6 +1423,7 @@ int hostapd_setup_bss(struct hostapd_dat
os_memset(&das_conf, 0, sizeof(das_conf));
das_conf.port = conf->radius_das_port;
+ das_conf.nas_identifier = conf->nas_identifier;
das_conf.shared_secret = conf->radius_das_shared_secret;
das_conf.shared_secret_len =
conf->radius_das_shared_secret_len;
--- a/src/radius/radius_das.c
+++ b/src/radius/radius_das.c
@@ -12,13 +12,26 @@
#include "utils/common.h"
#include "utils/eloop.h"
#include "utils/ip_addr.h"
+#include "utils/list.h"
#include "radius.h"
#include "radius_das.h"
-struct radius_das_data {
+static struct dl_list das_ports = DL_LIST_HEAD_INIT(das_ports);
+
+struct radius_das_port {
+ struct dl_list list;
+ struct dl_list das_data;
+
+ int port;
int sock;
+};
+
+struct radius_das_data {
+ struct dl_list list;
+ struct radius_das_port *port;
u8 *shared_secret;
+ u8 *nas_identifier;
size_t shared_secret_len;
struct hostapd_ip_addr client_addr;
unsigned int time_window;
@@ -378,56 +391,17 @@ fail:
}
-static void radius_das_receive(int sock, void *eloop_ctx, void *sock_ctx)
+static void
+radius_das_receive_msg(struct radius_das_data *das, struct radius_msg *msg,
+ struct sockaddr *from, socklen_t fromlen,
+ char *abuf, int from_port)
{
- struct radius_das_data *das = eloop_ctx;
- u8 buf[1500];
- union {
- struct sockaddr_storage ss;
- struct sockaddr_in sin;
-#ifdef CONFIG_IPV6
- struct sockaddr_in6 sin6;
-#endif /* CONFIG_IPV6 */
- } from;
- char abuf[50];
- int from_port = 0;
- socklen_t fromlen;
- int len;
- struct radius_msg *msg, *reply = NULL;
+ struct radius_msg *reply = NULL;
struct radius_hdr *hdr;
struct wpabuf *rbuf;
+ struct os_time now;
u32 val;
int res;
- struct os_time now;
-
- fromlen = sizeof(from);
- len = recvfrom(sock, buf, sizeof(buf), 0,
- (struct sockaddr *) &from.ss, &fromlen);
- if (len < 0) {
- wpa_printf(MSG_ERROR, "DAS: recvfrom: %s", strerror(errno));
- return;
- }
-
- os_strlcpy(abuf, inet_ntoa(from.sin.sin_addr), sizeof(abuf));
- from_port = ntohs(from.sin.sin_port);
-
- wpa_printf(MSG_DEBUG, "DAS: Received %d bytes from %s:%d",
- len, abuf, from_port);
- if (das->client_addr.u.v4.s_addr &&
- das->client_addr.u.v4.s_addr != from.sin.sin_addr.s_addr) {
- wpa_printf(MSG_DEBUG, "DAS: Drop message from unknown client");
- return;
- }
-
- msg = radius_msg_parse(buf, len);
- if (msg == NULL) {
- wpa_printf(MSG_DEBUG, "DAS: Parsing incoming RADIUS packet "
- "from %s:%d failed", abuf, from_port);
- return;
- }
-
- if (wpa_debug_level <= MSG_MSGDUMP)
- radius_msg_dump(msg);
if (radius_msg_verify_das_req(msg, das->shared_secret,
das->shared_secret_len,
@@ -494,9 +468,8 @@ static void radius_das_receive(int sock,
radius_msg_dump(reply);
rbuf = radius_msg_get_buf(reply);
- res = sendto(das->sock, wpabuf_head(rbuf),
- wpabuf_len(rbuf), 0,
- (struct sockaddr *) &from.ss, fromlen);
+ res = sendto(das->port->sock, wpabuf_head(rbuf),
+ wpabuf_len(rbuf), 0, from, fromlen);
if (res < 0) {
wpa_printf(MSG_ERROR, "DAS: sendto(to %s:%d): %s",
abuf, from_port, strerror(errno));
@@ -508,6 +481,72 @@ fail:
radius_msg_free(reply);
}
+static void radius_das_receive(int sock, void *eloop_ctx, void *sock_ctx)
+{
+ struct radius_das_port *p = eloop_ctx;
+ struct radius_das_data *das;
+ u8 buf[1500];
+ union {
+ struct sockaddr_storage ss;
+ struct sockaddr_in sin;
+#ifdef CONFIG_IPV6
+ struct sockaddr_in6 sin6;
+#endif /* CONFIG_IPV6 */
+ } from;
+ struct radius_msg *msg;
+ size_t nasid_len = 0;
+ u8 *nasid_buf = NULL;
+ char abuf[50];
+ int from_port = 0;
+ socklen_t fromlen;
+ int found = 0;
+ int len;
+
+ fromlen = sizeof(from);
+ len = recvfrom(sock, buf, sizeof(buf), 0,
+ (struct sockaddr *) &from.ss, &fromlen);
+ if (len < 0) {
+ wpa_printf(MSG_ERROR, "DAS: recvfrom: %s", strerror(errno));
+ return;
+ }
+
+ os_strlcpy(abuf, inet_ntoa(from.sin.sin_addr), sizeof(abuf));
+ from_port = ntohs(from.sin.sin_port);
+
+ msg = radius_msg_parse(buf, len);
+ if (msg == NULL) {
+ wpa_printf(MSG_DEBUG, "DAS: Parsing incoming RADIUS packet "
+ "from %s:%d failed", abuf, from_port);
+ return;
+ }
+
+ wpa_printf(MSG_DEBUG, "DAS: Received %d bytes from %s:%d",
+ len, abuf, from_port);
+
+ if (wpa_debug_level <= MSG_MSGDUMP)
+ radius_msg_dump(msg);
+
+ radius_msg_get_attr_ptr(msg, RADIUS_ATTR_NAS_IDENTIFIER,
+ &nasid_buf, &nasid_len, NULL);
+ dl_list_for_each(das, &p->das_data, struct radius_das_data, list) {
+ if (das->client_addr.u.v4.s_addr &&
+ das->client_addr.u.v4.s_addr != from.sin.sin_addr.s_addr)
+ continue;
+
+ if (das->nas_identifier && nasid_buf &&
+ (nasid_len != os_strlen(das->nas_identifier) ||
+ os_memcmp(das->nas_identifier, nasid_buf, nasid_len) != 0))
+ continue;
+
+ found = 1;
+ radius_das_receive_msg(das, msg, (struct sockaddr *)&from.ss,
+ fromlen, abuf, from_port);
+ }
+
+ if (!found)
+ wpa_printf(MSG_DEBUG, "DAS: Drop message from unknown client");
+}
+
static int radius_das_open_socket(int port)
{
@@ -533,6 +572,49 @@ static int radius_das_open_socket(int po
}
+static struct radius_das_port *
+radius_das_open_port(int port)
+{
+ struct radius_das_port *p;
+
+ dl_list_for_each(p, &das_ports, struct radius_das_port, list) {
+ if (p->port == port)
+ return p;
+ }
+
+ p = os_zalloc(sizeof(*p));
+ if (p == NULL)
+ return NULL;
+
+ dl_list_init(&p->das_data);
+ p->port = port;
+ p->sock = radius_das_open_socket(port);
+ if (p->sock < 0)
+ goto free_port;
+
+ if (eloop_register_read_sock(p->sock, radius_das_receive, p, NULL))
+ goto close_port;
+
+ dl_list_add(&das_ports, &p->list);
+
+ return p;
+
+close_port:
+ close(p->sock);
+free_port:
+ os_free(p);
+
+ return NULL;
+}
+
+static void radius_das_close_port(struct radius_das_port *p)
+{
+ dl_list_del(&p->list);
+ eloop_unregister_read_sock(p->sock);
+ close(p->sock);
+ free(p);
+}
+
struct radius_das_data *
radius_das_init(struct radius_das_conf *conf)
{
@@ -553,6 +635,8 @@ radius_das_init(struct radius_das_conf *
das->ctx = conf->ctx;
das->disconnect = conf->disconnect;
das->coa = conf->coa;
+ if (conf->nas_identifier)
+ das->nas_identifier = os_strdup(conf->nas_identifier);
os_memcpy(&das->client_addr, conf->client_addr,
sizeof(das->client_addr));
@@ -565,19 +649,15 @@ radius_das_init(struct radius_das_conf *
}
das->shared_secret_len = conf->shared_secret_len;
- das->sock = radius_das_open_socket(conf->port);
- if (das->sock < 0) {
+ das->port = radius_das_open_port(conf->port);
+ if (!das->port) {
wpa_printf(MSG_ERROR, "Failed to open UDP socket for RADIUS "
"DAS");
radius_das_deinit(das);
return NULL;
}
- if (eloop_register_read_sock(das->sock, radius_das_receive, das, NULL))
- {
- radius_das_deinit(das);
- return NULL;
- }
+ dl_list_add(&das->port->das_data, &das->list);
return das;
}
@@ -588,11 +668,14 @@ void radius_das_deinit(struct radius_das
if (das == NULL)
return;
- if (das->sock >= 0) {
- eloop_unregister_read_sock(das->sock);
- close(das->sock);
+ if (das->port) {
+ dl_list_del(&das->list);
+
+ if (dl_list_empty(&das->port->das_data))
+ radius_das_close_port(das->port);
}
+ os_free(das->nas_identifier);
os_free(das->shared_secret);
os_free(das);
}

37
feeds/hostapd/hostapd/patches/901-cfg-section.patch
View File

@@ -1,37 +0,0 @@
Index: hostapd-2023-09-08-e5ccbfc6/hostapd/config_file.c
===================================================================
--- hostapd-2023-09-08-e5ccbfc6.orig/hostapd/config_file.c
+++ hostapd-2023-09-08-e5ccbfc6/hostapd/config_file.c
@@ -2345,6 +2345,8 @@ static int hostapd_config_fill(struct ho
return 1;
}
conf->driver = driver;
+ } else if (os_strcmp(buf, "uci_section") == 0) {
+ bss->uci_section = os_strdup(pos);
} else if (os_strcmp(buf, "driver_params") == 0) {
os_free(conf->driver_params);
conf->driver_params = os_strdup(pos);
Index: hostapd-2023-09-08-e5ccbfc6/src/ap/ap_config.h
===================================================================
--- hostapd-2023-09-08-e5ccbfc6.orig/src/ap/ap_config.h
+++ hostapd-2023-09-08-e5ccbfc6/src/ap/ap_config.h
@@ -287,6 +287,7 @@ struct hostapd_bss_config {
char snoop_iface[IFNAMSIZ + 1];
char vlan_bridge[IFNAMSIZ + 1];
char wds_bridge[IFNAMSIZ + 1];
+ char *uci_section;
int bridge_hairpin; /* hairpin_mode on bridge members */
enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
Index: hostapd-2023-09-08-e5ccbfc6/src/ap/ap_config.c
===================================================================
--- hostapd-2023-09-08-e5ccbfc6.orig/src/ap/ap_config.c
+++ hostapd-2023-09-08-e5ccbfc6/src/ap/ap_config.c
@@ -798,6 +798,7 @@ void hostapd_config_free_bss(struct host
os_free(conf->radius_req_attr_sqlite);
os_free(conf->rsn_preauth_interfaces);
os_free(conf->ctrl_interface);
+ os_free(conf->uci_section);
os_free(conf->config_id);
os_free(conf->ca_cert);
os_free(conf->server_cert);

63
feeds/hostapd/hostapd/patches/991-Fix-OpenWrt-13156.patch
View File

@@ -1,63 +0,0 @@
From 26cd9bafc1d25e602952ee86cd2a5b8c3a995490 Mon Sep 17 00:00:00 2001
From: Stijn Tintel <stijn@linux-ipv6.be>
Date: Fri, 28 Jul 2023 16:27:47 +0300
Subject: [PATCH] Revert "Do prune_association only after the STA is
authorized"
Commit e978072baaca ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.
Ref: https://github.com/openwrt/openwrt/issues/13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
---
src/ap/hostapd.c | 14 +++++++++++---
src/ap/sta_info.c | 3 ---
2 files changed, 11 insertions(+), 6 deletions(-)
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -3564,6 +3564,8 @@ int hostapd_remove_iface(struct hapd_int
void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
int reassoc)
{
+ int mld_assoc_link_id = -1;
+
if (hapd->tkip_countermeasures) {
hostapd_drv_sta_deauth(hapd, sta->addr,
WLAN_REASON_MICHAEL_MIC_FAILURE);
@@ -3571,10 +3573,16 @@ void hostapd_new_assoc_sta(struct hostap
}
#ifdef CONFIG_IEEE80211BE
- if (hapd->conf->mld_ap && sta->mld_info.mld_sta &&
- sta->mld_assoc_link_id != hapd->mld_link_id)
- return;
+ if (hapd->conf->mld_ap && sta->mld_info.mld_sta) {
+ if (sta->mld_assoc_link_id == hapd->mld_link_id) {
+ mld_assoc_link_id = sta->mld_assoc_link_id;
+ } else {
+ return;
+ }
+ }
#endif /* CONFIG_IEEE80211BE */
+ if (mld_assoc_link_id != -2)
+ hostapd_prune_associations(hapd, sta->addr, mld_assoc_link_id);
ap_sta_clear_disconnect_timeouts(hapd, sta);
sta->post_csa_sa_query = 0;
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -1318,9 +1318,6 @@ void ap_sta_set_authorized(struct hostap
mld_assoc_link_id = -2;
}
#endif /* CONFIG_IEEE80211BE */
- if (mld_assoc_link_id != -2)
- hostapd_prune_associations(hapd, sta->addr,
- mld_assoc_link_id);
sta->flags |= WLAN_STA_AUTHORIZED;
} else {
sta->flags &= ~WLAN_STA_AUTHORIZED;

10
feeds/hostapd/hostapd/patches/999-ft-anonce.patch
View File

@@ -1,10 +0,0 @@
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -54,6 +54,7 @@ struct wpa_state_machine {
bool MICVerified;
bool GUpdateStationKeys;
u8 ANonce[WPA_NONCE_LEN];
+ struct os_reltime ANonce_time;
u8 SNonce[WPA_NONCE_LEN];
u8 alt_SNonce[WPA_NONCE_LEN];
u8 alt_replay_counter[WPA_REPLAY_COUNTER_LEN];

49
feeds/hostapd/hostapd/patches/999-probe-request.patch
View File

@@ -1,49 +0,0 @@
Index: hostapd-2021-02-20-59e9794c/hostapd/config_file.c
===================================================================
--- hostapd-2021-02-20-59e9794c.orig/hostapd/config_file.c
+++ hostapd-2021-02-20-59e9794c/hostapd/config_file.c
@@ -3339,6 +3339,8 @@ static int hostapd_config_fill(struct ho
bss->ignore_broadcast_ssid = atoi(pos);
} else if (os_strcmp(buf, "no_probe_resp_if_max_sta") == 0) {
bss->no_probe_resp_if_max_sta = atoi(pos);
+ } else if (os_strcmp(buf, "dynamic_probe_resp") == 0) {
+ bss->dynamic_probe_resp = atoi(pos);
#ifdef CONFIG_WEP
} else if (os_strcmp(buf, "wep_default_key") == 0) {
bss->ssid.wep.idx = atoi(pos);
Index: hostapd-2021-02-20-59e9794c/src/ap/ap_config.h
===================================================================
--- hostapd-2021-02-20-59e9794c.orig/src/ap/ap_config.h
+++ hostapd-2021-02-20-59e9794c/src/ap/ap_config.h
@@ -460,6 +460,7 @@ struct hostapd_bss_config {
int ap_max_inactivity;
int ignore_broadcast_ssid;
int no_probe_resp_if_max_sta;
+ int dynamic_probe_resp;
int wmm_enabled;
int wmm_uapsd;
Index: hostapd-2021-02-20-59e9794c/src/ap/beacon.c
===================================================================
--- hostapd-2021-02-20-59e9794c.orig/src/ap/beacon.c
+++ hostapd-2021-02-20-59e9794c/src/ap/beacon.c
@@ -920,7 +920,8 @@ void handle_probe_req(struct hostapd_dat
}
#endif /* CONFIG_P2P */
- if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0 &&
+ if (!hapd->conf->dynamic_probe_resp &&
+ hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0 &&
elems.ssid_list_len == 0 && elems.short_ssid_list_len == 0) {
wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for "
"broadcast SSID ignored", MAC2STR(mgmt->sa));
@@ -967,7 +968,8 @@ void handle_probe_req(struct hostapd_dat
return;
}
- if (hapd->conf->ignore_broadcast_ssid && res == WILDCARD_SSID_MATCH) {
+ if (!hapd->conf->dynamic_probe_resp &&
+ hapd->conf->ignore_broadcast_ssid && res == WILDCARD_SSID_MATCH) {
wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for "
"broadcast SSID ignored", MAC2STR(mgmt->sa));
return;

147
feeds/hostapd/hostapd/patches/999-re-assoc-event.patch
View File

@@ -1,147 +0,0 @@
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -522,6 +522,7 @@ static void handle_auth_ft_finish(void *
hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
+ hostapd_ubus_notify(hapd, "ft-finish", sta->addr);
sta->flags |= WLAN_STA_AUTH;
mlme_authenticate_indication(hapd, sta);
}
@@ -5273,6 +5274,8 @@ static void handle_assoc(struct hostapd_
}
sta = ap_get_sta(hapd, mgmt->sa);
+ if (sta && reassoc)
+ memcpy(sta->origin_ap, mgmt->u.reassoc_req.current_ap, 6);
#ifdef CONFIG_IEEE80211R_AP
if (sta && sta->auth_alg == WLAN_AUTH_FT &&
(sta->flags & WLAN_STA_AUTH) == 0) {
@@ -5426,6 +5429,7 @@ static void handle_assoc(struct hostapd_
.type = HOSTAPD_UBUS_ASSOC_REQ,
.mgmt_frame = mgmt,
.ssi_signal = rssi,
+ .reassoc = reassoc,
};
/* followed by SSID and Supported rates; and HT capabilities if 802.11n
@@ -6496,7 +6500,7 @@ static void handle_assoc_cb(struct hosta
* Open, static WEP, FT protocol, or FILS; no separate
* authorization step.
*/
- ap_sta_set_authorized(hapd, sta, 1);
+ _ap_sta_set_authorized(hapd, sta, 1, reassoc);
}
if (reassoc)
--- a/src/ap/ubus.c
+++ b/src/ap/ubus.c
@@ -1870,6 +1870,8 @@ int hostapd_ubus_handle_event(struct hos
if (req->ssi_signal)
blobmsg_add_u32(&b, "signal", req->ssi_signal);
blobmsg_add_u32(&b, "freq", hapd->iface->freq);
+ if (req->reassoc && req->mgmt_frame)
+ blobmsg_add_macaddr(&b, "origin", req->mgmt_frame->u.reassoc_req.current_ap);
if (req->elems) {
if(req->elems->ht_capabilities)
@@ -1940,6 +1942,7 @@ void hostapd_ubus_notify(struct hostapd_
blob_buf_init(&b, 0);
blobmsg_add_macaddr(&b, "address", addr);
blobmsg_add_string(&b, "ifname", hapd->conf->iface);
+ blobmsg_printf(&b, "target", MACSTR, MAC2STR(hapd->conf->bssid));
ubus_notify(ctx, &hapd->ubus.obj, type, b.head, -1);
}
@@ -1958,7 +1961,7 @@ void hostapd_ubus_notify_csa(struct host
}
-void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta)
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, int reassoc)
{
if (!hapd->ubus.obj.has_subscribers)
return;
@@ -1975,6 +1978,9 @@ void hostapd_ubus_notify_authorized(stru
blobmsg_add_u32(&b, "", sta->bandwidth[1]);
blobmsg_close_array(&b, r);
}
+ if (reassoc)
+ blobmsg_add_macaddr(&b, "origin", sta->origin_ap);
+ blobmsg_printf(&b, "target", MACSTR, MAC2STR(hapd->conf->bssid));
ubus_notify(ctx, &hapd->ubus.obj, "sta-authorized", b.head, -1);
}
--- a/src/ap/ubus.h
+++ b/src/ap/ubus.h
@@ -22,6 +22,7 @@ struct hostapd_ubus_request {
const struct ieee802_11_elems *elems;
int ssi_signal; /* dBm */
const u8 *addr;
+ int reassoc;
};
struct hostapd_iface;
@@ -49,7 +50,7 @@ void hostapd_ubus_remove_vlan(struct hos
int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
-void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta);
+void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta, int reassoc);
void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
const u8 *addr, u8 token, u8 rep_mode,
struct rrm_measurement_beacon_report *rep,
--- a/src/ap/sta_info.c
+++ b/src/ap/sta_info.c
@@ -1297,8 +1297,8 @@ const u8 * ap_sta_wpa_get_dpp_pkhash(str
}
-void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
- int authorized)
+void _ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+ int authorized, int reassoc)
{
const u8 *dev_addr = NULL;
char buf[100];
@@ -1404,7 +1404,7 @@ void ap_sta_set_authorized(struct hostap
dpp_pkhash, SHA256_MAC_LEN);
}
- hostapd_ubus_notify_authorized(hapd, sta);
+ hostapd_ubus_notify_authorized(hapd, sta, reassoc);
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
@@ -1434,6 +1434,11 @@ void ap_sta_set_authorized(struct hostap
}
#endif /* CONFIG_FST */
}
+void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
+ int authorized)
+{
+ _ap_sta_set_authorized(hapd, sta, authorized, 0);
+}
void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
--- a/src/ap/sta_info.h
+++ b/src/ap/sta_info.h
@@ -102,6 +102,7 @@ struct sta_info {
struct sta_info *next; /* next entry in sta list */
struct sta_info *hnext; /* next entry in hash table list */
u8 addr[6];
+ u8 origin_ap[6];
be32 ipaddr;
struct dl_list ip6addr; /* list head for struct ip6addr */
u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
@@ -398,6 +399,9 @@ const u8 * ap_sta_wpa_get_dpp_pkhash(str
void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *addr, u16 reason);
+void _ap_sta_set_authorized(struct hostapd_data *hapd,
+ struct sta_info *sta, int authorized,
+ int reassoc);
void ap_sta_set_authorized(struct hostapd_data *hapd,
struct sta_info *sta, int authorized);
static inline int ap_sta_is_authorized(struct sta_info *sta)

22
feeds/hostapd/hostapd/patches/999-s8-u8.patch
View File

@@ -1,22 +0,0 @@
Index: hostapd-2023-06-22-599d00be/src/drivers/driver_nl80211.c
===================================================================
--- hostapd-2023-06-22-599d00be.orig/src/drivers/driver_nl80211.c
+++ hostapd-2023-06-22-599d00be/src/drivers/driver_nl80211.c
@@ -7686,7 +7686,7 @@ static int get_sta_handler(struct nl_msg
[NL80211_STA_INFO_BEACON_SIGNAL_AVG] = { .type = NLA_U8},
[NL80211_STA_INFO_RX_DURATION] = { .type = NLA_U64 },
[NL80211_STA_INFO_ACK_SIGNAL] = { .type = NLA_U8 },
- [NL80211_STA_INFO_ACK_SIGNAL_AVG] = { .type = NLA_S8 },
+ [NL80211_STA_INFO_ACK_SIGNAL_AVG] = { .type = NLA_U8 },
[NL80211_STA_INFO_RX_MPDUS] = { .type = NLA_U32 },
[NL80211_STA_INFO_FCS_ERROR_COUNT] = { .type = NLA_U32 },
[NL80211_STA_INFO_TX_DURATION] = { .type = NLA_U64 },
@@ -7792,7 +7792,7 @@ static int get_sta_handler(struct nl_msg
}
if (stats[NL80211_STA_INFO_ACK_SIGNAL_AVG])
data->avg_ack_signal =
- nla_get_s8(stats[NL80211_STA_INFO_ACK_SIGNAL_AVG]);
+ nla_get_u8(stats[NL80211_STA_INFO_ACK_SIGNAL_AVG]);
if (stats[NL80211_STA_INFO_RX_MPDUS])
data->rx_mpdus = nla_get_u32(stats[NL80211_STA_INFO_RX_MPDUS]);
if (stats[NL80211_STA_INFO_FCS_ERROR_COUNT])

81
feeds/hostapd/hostapd/patches/999-ssi_signal.patch
View File

@@ -1,81 +0,0 @@
Index: hostapd-2023-09-08-e5ccbfc6/src/ap/ieee802_11.c
===================================================================
--- hostapd-2023-09-08-e5ccbfc6.orig/src/ap/ieee802_11.c
+++ hostapd-2023-09-08-e5ccbfc6/src/ap/ieee802_11.c
@@ -59,6 +59,17 @@
#include "pasn/pasn_common.h"
+static int
+ewma(int new, int old)
+{
+ #define ALPHA 10
+ if (!old)
+ return new;
+ if (new >= 0)
+ return old;
+ return ((ALPHA * new) + ((100 - ALPHA) * old)) / 100;
+}
+
#ifdef CONFIG_FILS
static struct wpabuf *
prepare_auth_resp_fils(struct hostapd_data *hapd,
@@ -5856,7 +5867,7 @@ static int robust_action_frame(u8 catego
static int handle_action(struct hostapd_data *hapd,
const struct ieee80211_mgmt *mgmt, size_t len,
- unsigned int freq)
+ unsigned int freq, int ssi_signal)
{
struct sta_info *sta;
u8 *action __maybe_unused;
@@ -5913,6 +5924,7 @@ static int handle_action(struct hostapd_
sta->last_seq_ctrl = seq_ctrl;
sta->last_subtype = WLAN_FC_STYPE_ACTION;
+ sta->signal_mgmt = ewma(ssi_signal, sta->signal_mgmt);;
}
switch (mgmt->u.action.category) {
@@ -6089,6 +6101,8 @@ int ieee802_11_mgmt(struct hostapd_data
unsigned int freq;
int ssi_signal = fi ? fi->ssi_signal : 0;
+ hapd->signal_mgmt = ewma(ssi_signal, hapd->signal_mgmt);;
+
if (len < 24)
return 0;
@@ -6196,7 +6210,7 @@ int ieee802_11_mgmt(struct hostapd_data
break;
case WLAN_FC_STYPE_ACTION:
wpa_printf(MSG_DEBUG, "mgmt::action");
- ret = handle_action(hapd, mgmt, len, freq);
+ ret = handle_action(hapd, mgmt, len, freq, ssi_signal);
break;
default:
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
Index: hostapd-2023-09-08-e5ccbfc6/src/ap/sta_info.h
===================================================================
--- hostapd-2023-09-08-e5ccbfc6.orig/src/ap/sta_info.h
+++ hostapd-2023-09-08-e5ccbfc6/src/ap/sta_info.h
@@ -330,6 +330,7 @@ struct sta_info {
#ifdef CONFIG_PASN
struct pasn_data *pasn;
#endif /* CONFIG_PASN */
+ int signal_mgmt;
#ifdef CONFIG_IEEE80211BE
struct mld_info mld_info;
Index: hostapd-2023-09-08-e5ccbfc6/src/ap/hostapd.h
===================================================================
--- hostapd-2023-09-08-e5ccbfc6.orig/src/ap/hostapd.h
+++ hostapd-2023-09-08-e5ccbfc6/src/ap/hostapd.h
@@ -494,6 +494,7 @@ struct hostapd_data {
#ifdef CONFIG_CTRL_IFACE_UDP
unsigned char ctrl_iface_cookie[CTRL_IFACE_COOKIE_LEN];
#endif /* CONFIG_CTRL_IFACE_UDP */
+ int signal_mgmt;
};

86
feeds/hostapd/hostapd/patches/t00-010-ft_refresh.patch
View File

@@ -1,86 +0,0 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3152,6 +3152,8 @@ static int hostapd_config_fill(struct ho
bss->ft_over_ds = atoi(pos);
} else if (os_strcmp(buf, "ft_psk_generate_local") == 0) {
bss->ft_psk_generate_local = atoi(pos);
+ } else if (os_strcmp(buf, "ft_l2_refresh") == 0) {
+ bss->ft_l2_refresh = atoi(pos);
#endif /* CONFIG_IEEE80211R_AP */
#ifndef CONFIG_NO_CTRL_IFACE
} else if (os_strcmp(buf, "ctrl_interface") == 0) {
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -401,6 +401,7 @@ struct hostapd_bss_config {
int pmk_r1_push;
int ft_over_ds;
int ft_psk_generate_local;
+ int ft_l2_refresh;
int r1_max_key_lifetime;
#endif /* CONFIG_IEEE80211R_AP */
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1495,6 +1495,28 @@ static void hostapd_request_radius_psk(v
#endif /* CONFIG_NO_RADIUS */
+static void wpa_ft_refresh(void *eloop_data, void *user_data)
+{
+ struct hostapd_data *hapd = eloop_data;
+ struct ft_rrb_frame *frame;
+ struct l2_ethhdr *buf;
+ size_t len;
+
+ len = sizeof(*buf) + sizeof(*frame);
+ buf = os_zalloc(len);
+ frame = (struct ft_rrb_frame *)(buf + 1);
+ frame->frame_type = RSN_REMOTE_FRAME_TYPE_FT_RRB;
+ frame->packet_type = FT_PACKET_REQUEST;
+ memset(buf->h_dest, 0xff, ETH_ALEN);
+ os_memcpy(buf->h_source, hapd->own_addr, ETH_ALEN);
+ buf->h_proto = host_to_be16(ETH_P_RRB);
+ l2_packet_send(hapd->l2, buf->h_dest, ETH_P_RRB, (u8 *) buf, len);
+ os_free(buf);
+
+ eloop_register_timeout(hapd->conf->ft_l2_refresh, 0, wpa_ft_refresh,
+ hapd, NULL);
+}
+
int hostapd_setup_wpa(struct hostapd_data *hapd)
{
struct wpa_auth_config _conf;
@@ -1640,6 +1662,9 @@ int hostapd_setup_wpa(struct hostapd_dat
"Failed to open ETH_P_OUI interface");
return -1;
}
+
+ if (hapd->conf->ft_l2_refresh)
+ wpa_ft_refresh(hapd, NULL);
}
#endif /* CONFIG_IEEE80211R_AP */
@@ -1655,7 +1680,6 @@ void hostapd_reconfig_wpa(struct hostapd
wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
}
-
void hostapd_deinit_wpa(struct hostapd_data *hapd)
{
ieee80211_tkip_countermeasures_deinit(hapd);
@@ -1679,6 +1703,7 @@ void hostapd_deinit_wpa(struct hostapd_d
"information element from interface %s",
hapd->conf->iface);
}
+
}
ieee802_1x_deinit(hapd);
@@ -1687,6 +1712,7 @@ void hostapd_deinit_wpa(struct hostapd_d
hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */
eloop_cancel_timeout(hostapd_oui_deliver_later, hapd, ELOOP_ALL_CTX);
hostapd_oui_deliver_later(hapd, NULL); /* flush without delivering */
+ eloop_cancel_timeout(wpa_ft_refresh, hapd, ELOOP_ALL_CTX);
l2_packet_deinit(hapd->l2);
hapd->l2 = NULL;
hostapd_wpa_unregister_ft_oui(hapd);

27
feeds/hostapd/hostapd/patches/t00-011-owe_ssid_update.patch
View File

@@ -1,27 +0,0 @@
--- a/src/ap/hostapd.c
+++ b/src/ap/hostapd.c
@@ -1995,6 +1995,13 @@ static int hostapd_owe_iface_iter(struct
is_zero_ether_addr(bss->own_addr))
continue;
+ if (!os_memcmp(hapd->conf->owe_transition_bssid, bss->own_addr,
+ ETH_ALEN) &&
+ hapd->conf->owe_transition_ssid_len == bss->conf->ssid.ssid_len &&
+ !os_memcmp(hapd->conf->owe_transition_ssid, bss->conf->ssid.ssid,
+ bss->conf->ssid.ssid_len))
+ return 0;
+
os_memcpy(hapd->conf->owe_transition_bssid, bss->own_addr,
ETH_ALEN);
os_memcpy(hapd->conf->owe_transition_ssid,
@@ -2011,10 +2018,6 @@ static int hostapd_owe_iface_iter(struct
int hostapd_owe_trans_get_info(struct hostapd_data *hapd)
{
- if (hapd->conf->owe_transition_ssid_len > 0 &&
- !is_zero_ether_addr(hapd->conf->owe_transition_bssid))
- return 0;
-
/* Find transition mode SSID/BSSID information from a BSS operated by
* this hostapd instance. */
if (!hapd->iface->interfaces ||

53
feeds/hostapd/hostapd/patches/t00-012-hostapd-Fix-DVLAN-802.1x-issue.patch
View File

@@ -1,53 +0,0 @@
From 98b6503b87bb36bf2f5ae16e52e230e8870c867f Mon Sep 17 00:00:00 2001
From: Venkat Chimata <venkata@shasta.cloud>
Date: Fri, 28 Jun 2024 14:39:31 +0530
Subject: [PATCH] hostapd: Fix DVLAN + 802.1x issue
In case of swconfig switches, the basename of the interface should be based on the last dot.
Earlier it was done based on the first dot, which would result in incorrect basename.
For example if the interface name is eth0.4087 then the vlan->ifname would be eth0.4087. (A dot at the end) .
Before this patch, the basename was returned as eth0. It should be eth0.4087
Also fixed the return code by adding a default value of 0 and removed an unncessary check
for if_add before ubus add call.
Signed-off-by: Venkat Chimata <venkata@shasta.cloud>
---
src/ap/vlan_init.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/ap/vlan_init.c b/src/ap/vlan_init.c
index 3e27671..cfeb1e5 100644
--- a/src/ap/vlan_init.c
+++ b/src/ap/vlan_init.c
@@ -23,7 +23,8 @@ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
int existsok)
{
bool vlan_exists = iface_exists(vlan->ifname);
- int ret;
+ int ret = 0;
+
#ifdef CONFIG_WEP
int i;
@@ -38,7 +39,7 @@ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
#endif /* CONFIG_WEP */
if (!hapd->driver || !hapd->driver->if_add) {
- char *dot = strstr(vlan->ifname, ".");
+ char *dot = strrchr(vlan->ifname, '.');
if (dot)
*dot = '\0';
ret = 0;
@@ -59,7 +60,7 @@ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
if (hapd->wpa_auth)
ret = wpa_auth_ensure_group(hapd->wpa_auth, vlan->vlan_id);
- if (!ret && !vlan_exists && hapd->driver->if_add)
+ if (!ret && !vlan_exists)
hostapd_ubus_add_vlan(hapd, vlan);
if (ret == 0)
--
2.34.1

14
feeds/hostapd/hostapd/patches/zzz-ignore-probe-event.patch
View File

@@ -1,14 +0,0 @@
--- a/src/ap/beacon.c
+++ b/src/ap/beacon.c
@@ -934,8 +934,10 @@ void handle_probe_req(struct hostapd_dat
int ubus_response;
if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
- ssi_signal < hapd->iconf->rssi_ignore_probe_request)
+ ssi_signal < hapd->iconf->rssi_ignore_probe_request) {
+ hostapd_ubus_notify_rssi(hapd, "rssi-ignore-probe", mgmt->sa, ssi_signal);
return;
+ }
if (len < IEEE80211_HDRLEN)
return;

11
feeds/hostapd/hostapd/patches/zzz-radius-extended-avp.patch
View File

@@ -1,11 +0,0 @@
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -755,7 +755,7 @@ struct radius_attr_hdr * radius_msg_add_
ext->length = sizeof(*ext) + 1 + alen;
ext->ext_type = ext_type;
wpabuf_put_u8(msg->buf, data_len > alen ? 0x80 : 0);
- wpabuf_put_data(msg->buf, data, data_len);
+ wpabuf_put_data(msg->buf, data, alen);
data += alen;
data_len -= alen;
if (radius_msg_add_attr_to_array(

69
feeds/hostapd/hostapd/patches/zzz-roaming-key.patch
View File

@@ -1,69 +0,0 @@
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -3154,6 +3154,8 @@ static int hostapd_config_fill(struct ho
bss->ft_psk_generate_local = atoi(pos);
} else if (os_strcmp(buf, "ft_l2_refresh") == 0) {
bss->ft_l2_refresh = atoi(pos);
+ } else if (os_strcmp(buf, "ft_key") == 0) {
+ strncpy(bss->ft_key, pos, sizeof(bss->ft_key));
#endif /* CONFIG_IEEE80211R_AP */
#ifndef CONFIG_NO_CTRL_IFACE
} else if (os_strcmp(buf, "ctrl_interface") == 0) {
@@ -4996,8 +4998,22 @@ struct hostapd_config * hostapd_config_r
fclose(f);
- for (i = 0; i < conf->num_bss; i++)
+ for (i = 0; i < conf->num_bss; i++) {
+ if (*conf->bss[i]->ft_key) {
+ u8 buffer[128];
+ sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X%02X%02X%02X%02X%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+ add_r0kh(conf->bss[i], buffer);
+ sprintf(buffer, "%02X:%02X:%02X:%02X:%02X:%02X %02X:%02X:%02X:%02X:%02X:%02X %s", MAC2STR(conf->bss[i]->bssid), MAC2STR(conf->bss[i]->bssid), conf->bss[i]->ft_key);
+ add_r1kh(conf->bss[i], buffer);
+ sprintf(buffer, "ff:ff:ff:ff:ff:ff * %s", conf->bss[i]->ft_key);
+ add_r0kh(conf->bss[i], buffer);
+ sprintf(buffer, "00:00:00:00:00:00 00:00:00:00:00:00 %s", conf->bss[i]->ft_key);
+ add_r1kh(conf->bss[i], buffer);
+ hexstr2bin(conf->bss[i]->bssid, conf->bss[i]->r1_key_holder, FT_R1KH_ID_LEN);
+ conf->bss[i]->r0_key_holder_bssid = 1;
+ }
hostapd_set_security_params(conf->bss[i], 1);
+ }
if (hostapd_config_check(conf, 1))
errors++;
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -403,6 +403,7 @@ struct hostapd_bss_config {
int ft_psk_generate_local;
int ft_l2_refresh;
int r1_max_key_lifetime;
+ u8 ft_key[65];
#endif /* CONFIG_IEEE80211R_AP */
char *ctrl_interface; /* directory for UNIX domain sockets */
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -390,6 +390,7 @@ struct hostapd_bss_config {
/* IEEE 802.11r - Fast BSS Transition */
u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
u8 r1_key_holder[FT_R1KH_ID_LEN];
+ int r0_key_holder_bssid;
u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
int rkh_pos_timeout;
int rkh_neg_timeout;
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -80,7 +80,10 @@ static void hostapd_wpa_auth_conf(struct
os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
os_memcpy(wconf->mobility_domain, conf->mobility_domain,
MOBILITY_DOMAIN_ID_LEN);
- if (conf->nas_identifier &&
+ if (1 || conf->r0_key_holder_bssid) {
+ sprintf(wconf->r0_key_holder, "%02X%02X%02X%02X%02X%02X", MAC2STR(conf->bssid));
+ wconf->r0_key_holder_len = 12;
+ } else if (conf->nas_identifier &&
os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
os_memcpy(wconf->r0_key_holder, conf->nas_identifier,

46
feeds/hostapd/hostapd/patches/zzzz-001-fix-assoc-reject-during-roaming.patch
View File

@@ -1,46 +0,0 @@
Index: hostapd-2023-09-08-e5ccbfc6/src/ap/wpa_auth_ft.c
===================================================================
--- hostapd-2023-09-08-e5ccbfc6.orig/src/ap/wpa_auth_ft.c
+++ hostapd-2023-09-08-e5ccbfc6/src/ap/wpa_auth_ft.c
@@ -3293,6 +3297,8 @@ static int wpa_ft_process_auth_req(struc
size_t identity_len = 0, radius_cui_len = 0;
size_t pmk_r1_len, kdk_len, len;
int retval = WLAN_STATUS_UNSPECIFIED_FAILURE;
+ struct os_reltime now;
+ struct rsn_ftie *ftie;
*resp_ies = NULL;
*resp_ies_len = 0;
@@ -3324,6 +3330,9 @@ static int wpa_ft_process_auth_req(struc
goto out;
}
+ ftie = (struct rsn_ftie *) parse.ftie;
+ os_memcpy(sm->SNonce, ftie->snonce, WPA_NONCE_LEN);
+
if (parse.r0kh_id == NULL) {
wpa_printf(MSG_DEBUG, "FT: Invalid FTIE - no R0KH-ID");
retval = WLAN_STATUS_INVALID_FTIE;
@@ -3424,10 +3433,18 @@ pmk_r1_derived:
os_memcpy(sm->pmk_r1, pmk_r1, pmk_r1_len);
sm->pmk_r1_len = pmk_r1_len;
- if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
- wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
- "ANonce");
- goto out;
+ if (os_get_reltime(&now) < 0 ||
+ os_reltime_expired(&now, &sm->ANonce_time, 1)) {
+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to get random data for "
+ "ANonce");
+ return WLAN_STATUS_UNSPECIFIED_FAILURE;
+ }
+ sm->ANonce_time.sec = now.sec;
+ sm->ANonce_time.usec = now.usec;
+ wpa_printf(MSG_INFO, "FT: ANonce was randomized");
+ } else {
+ wpa_printf(MSG_INFO, "FT: ANonce has not expired");
}
/* Now that we know the correct PMK-R1 length and as such, the length

719
feeds/hostapd/hostapd/src/hostapd/radius.c
View File

@@ -1,719 +0,0 @@
#include "utils/includes.h"
#include "utils/common.h"
#include "utils/eloop.h"
#include "crypto/crypto.h"
#include "crypto/tls.h"
#include "ap/ap_config.h"
#include "eap_server/eap.h"
#include "radius/radius.h"
#include "radius/radius_server.h"
#include "eap_register.h"
#include <libubox/blobmsg_json.h>
#include <libubox/blobmsg.h>
#include <libubox/avl.h>
#include <libubox/avl-cmp.h>
#include <libubox/kvlist.h>
#include <sys/stat.h>
#include <fnmatch.h>
#define VENDOR_ID_WISPR 14122
#define VENDOR_ATTR_SIZE 6
struct radius_parse_attr_data {
unsigned int vendor;
u8 type;
int size;
char format;
const char *data;
};
struct radius_parse_attr_state {
struct hostapd_radius_attr *prev;
struct hostapd_radius_attr *attr;
struct wpabuf *buf;
void *attrdata;
};
struct radius_user_state {
struct avl_node node;
struct eap_user data;
};
struct radius_user_data {
struct kvlist users;
struct avl_tree user_state;
struct blob_attr *wildcard;
};
struct radius_state {
struct radius_server_data *radius;
struct eap_config eap;
struct radius_user_data phase1, phase2;
const char *user_file;
time_t user_file_ts;
int n_attrs;
struct hostapd_radius_attr *attrs;
};
struct radius_config {
struct tls_connection_params tls;
struct radius_server_conf radius;
};
enum {
USER_ATTR_PASSWORD,
USER_ATTR_HASH,
USER_ATTR_SALT,
USER_ATTR_METHODS,
USER_ATTR_RADIUS,
USER_ATTR_VLAN,
USER_ATTR_MAX_RATE_UP,
USER_ATTR_MAX_RATE_DOWN,
__USER_ATTR_MAX
};
static void radius_tls_event(void *ctx, enum tls_event ev,
union tls_event_data *data)
{
switch (ev) {
case TLS_CERT_CHAIN_SUCCESS:
wpa_printf(MSG_DEBUG, "radius: remote certificate verification success");
break;
case TLS_CERT_CHAIN_FAILURE:
wpa_printf(MSG_INFO, "radius: certificate chain failure: reason=%d depth=%d subject='%s' err='%s'",
data->cert_fail.reason,
data->cert_fail.depth,
data->cert_fail.subject,
data->cert_fail.reason_txt);
break;
case TLS_PEER_CERTIFICATE:
wpa_printf(MSG_DEBUG, "radius: peer certificate: depth=%d serial_num=%s subject=%s",
data->peer_cert.depth,
data->peer_cert.serial_num ? data->peer_cert.serial_num : "N/A",
data->peer_cert.subject);
break;
case TLS_ALERT:
if (data->alert.is_local)
wpa_printf(MSG_DEBUG, "radius: local TLS alert: %s",
data->alert.description);
else
wpa_printf(MSG_DEBUG, "radius: remote TLS alert: %s",
data->alert.description);
break;
case TLS_UNSAFE_RENEGOTIATION_DISABLED:
/* Not applicable to TLS server */
break;
}
}
static void radius_userdata_init(struct radius_user_data *u)
{
kvlist_init(&u->users, kvlist_blob_len);
avl_init(&u->user_state, avl_strcmp, false, NULL);
}
static void radius_userdata_free(struct radius_user_data *u)
{
struct radius_user_state *s, *tmp;
kvlist_free(&u->users);
free(u->wildcard);
u->wildcard = NULL;
avl_remove_all_elements(&u->user_state, s, node, tmp)
free(s);
}
static void
radius_userdata_load(struct radius_user_data *u, struct blob_attr *data)
{
enum {
USERSTATE_USERS,
USERSTATE_WILDCARD,
__USERSTATE_MAX,
};
static const struct blobmsg_policy policy[__USERSTATE_MAX] = {
[USERSTATE_USERS] = { "users", BLOBMSG_TYPE_TABLE },
[USERSTATE_WILDCARD] = { "wildcard", BLOBMSG_TYPE_ARRAY },
};
struct blob_attr *tb[__USERSTATE_MAX], *cur;
int rem;
if (!data)
return;
blobmsg_parse(policy, __USERSTATE_MAX, tb, blobmsg_data(data), blobmsg_len(data));
blobmsg_for_each_attr(cur, tb[USERSTATE_USERS], rem)
kvlist_set(&u->users, blobmsg_name(cur), cur);
if (tb[USERSTATE_WILDCARD])
u->wildcard = blob_memdup(tb[USERSTATE_WILDCARD]);
}
static void
load_userfile(struct radius_state *s)
{
enum {
USERDATA_PHASE1,
USERDATA_PHASE2,
__USERDATA_MAX
};
static const struct blobmsg_policy policy[__USERDATA_MAX] = {
[USERDATA_PHASE1] = { "phase1", BLOBMSG_TYPE_TABLE },
[USERDATA_PHASE2] = { "phase2", BLOBMSG_TYPE_TABLE },
};
struct blob_attr *tb[__USERDATA_MAX], *cur;
static struct blob_buf b;
struct stat st;
int rem;
if (stat(s->user_file, &st))
return;
if (s->user_file_ts == st.st_mtime)
return;
s->user_file_ts = st.st_mtime;
radius_userdata_free(&s->phase1);
radius_userdata_free(&s->phase2);
blob_buf_init(&b, 0);
blobmsg_add_json_from_file(&b, s->user_file);
blobmsg_parse(policy, __USERDATA_MAX, tb, blob_data(b.head), blob_len(b.head));
radius_userdata_load(&s->phase1, tb[USERDATA_PHASE1]);
radius_userdata_load(&s->phase2, tb[USERDATA_PHASE2]);
blob_buf_free(&b);
}
static struct blob_attr *
radius_user_get(struct radius_user_data *s, const char *name)
{
struct blob_attr *cur;
int rem;
cur = kvlist_get(&s->users, name);
if (cur)
return cur;
blobmsg_for_each_attr(cur, s->wildcard, rem) {
static const struct blobmsg_policy policy = {
"name", BLOBMSG_TYPE_STRING
};
struct blob_attr *pattern;
if (blobmsg_type(cur) != BLOBMSG_TYPE_TABLE)
continue;
blobmsg_parse(&policy, 1, &pattern, blobmsg_data(cur), blobmsg_len(cur));
if (!name)
continue;
if (!fnmatch(blobmsg_get_string(pattern), name, 0))
return cur;
}
return NULL;
}
static struct radius_parse_attr_data *
radius_parse_attr(struct blob_attr *attr)
{
static const struct blobmsg_policy policy[4] = {
{ .type = BLOBMSG_TYPE_INT32 },
{ .type = BLOBMSG_TYPE_INT32 },
{ .type = BLOBMSG_TYPE_STRING },
{ .type = BLOBMSG_TYPE_STRING },
};
static struct radius_parse_attr_data data;
struct blob_attr *tb[4];
const char *format;
blobmsg_parse_array(policy, ARRAY_SIZE(policy), tb, blobmsg_data(attr), blobmsg_len(attr));
if (!tb[0] || !tb[1] || !tb[2] || !tb[3])
return NULL;
format = blobmsg_get_string(tb[2]);
if (strlen(format) != 1)
return NULL;
data.vendor = blobmsg_get_u32(tb[0]);
data.type = blobmsg_get_u32(tb[1]);
data.format = format[0];
data.data = blobmsg_get_string(tb[3]);
data.size = strlen(data.data);
switch (data.format) {
case 's':
break;
case 'x':
if (data.size & 1)
return NULL;
data.size /= 2;
break;
case 'd':
data.size = 4;
break;
default:
return NULL;
}
return &data;
}
static void
radius_count_attrs(struct blob_attr **tb, int *n_attr, size_t *attr_size)
{
struct blob_attr *data = tb[USER_ATTR_RADIUS];
struct blob_attr *cur;
int rem;
blobmsg_for_each_attr(cur, data, rem) {
struct radius_parse_attr_data *data;
size_t prev = *attr_size;
data = radius_parse_attr(cur);
if (!data)
continue;
*attr_size += data->size;
if (data->vendor)
*attr_size += VENDOR_ATTR_SIZE;
(*n_attr)++;
}
*n_attr += !!tb[USER_ATTR_VLAN] * 3 +
!!tb[USER_ATTR_MAX_RATE_UP] +
!!tb[USER_ATTR_MAX_RATE_DOWN];
*attr_size += !!tb[USER_ATTR_VLAN] * (4 + 4 + 5) +
!!tb[USER_ATTR_MAX_RATE_UP] * (4 + VENDOR_ATTR_SIZE) +
!!tb[USER_ATTR_MAX_RATE_DOWN] * (4 + VENDOR_ATTR_SIZE);
}
static void *
radius_add_attr(struct radius_parse_attr_state *state,
u32 vendor, u8 type, u8 len)
{
struct hostapd_radius_attr *attr;
struct wpabuf *buf;
void *val;
val = state->attrdata;
buf = state->buf++;
buf->buf = val;
attr = state->attr++;
attr->val = buf;
attr->type = type;
if (state->prev)
state->prev->next = attr;
state->prev = attr;
if (vendor) {
u8 *vendor_hdr = val + 4;
WPA_PUT_BE32(val, vendor);
vendor_hdr[0] = type;
vendor_hdr[1] = len + 2;
len += VENDOR_ATTR_SIZE;
val += VENDOR_ATTR_SIZE;
attr->type = RADIUS_ATTR_VENDOR_SPECIFIC;
}
buf->size = buf->used = len;
state->attrdata += len;
return val;
}
static void
radius_parse_attrs(struct blob_attr **tb, struct radius_parse_attr_state *state)
{
struct blob_attr *data = tb[USER_ATTR_RADIUS];
struct hostapd_radius_attr *prev = NULL;
struct blob_attr *cur;
int len, rem;
void *val;
if ((cur = tb[USER_ATTR_VLAN]) != NULL && blobmsg_get_u32(cur) < 4096) {
char buf[5];
val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_TYPE, 4);
WPA_PUT_BE32(val, RADIUS_TUNNEL_TYPE_VLAN);
val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_MEDIUM_TYPE, 4);
WPA_PUT_BE32(val, RADIUS_TUNNEL_MEDIUM_TYPE_802);
len = snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(cur));
val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID, len);
memcpy(val, buf, len);
}
if ((cur = tb[USER_ATTR_MAX_RATE_UP]) != NULL) {
val = radius_add_attr(state, VENDOR_ID_WISPR, 7, 4);
WPA_PUT_BE32(val, blobmsg_get_u32(cur));
}
if ((cur = tb[USER_ATTR_MAX_RATE_DOWN]) != NULL) {
val = radius_add_attr(state, VENDOR_ID_WISPR, 8, 4);
WPA_PUT_BE32(val, blobmsg_get_u32(cur));
}
blobmsg_for_each_attr(cur, data, rem) {
struct radius_parse_attr_data *data;
void *val;
int size;
data = radius_parse_attr(cur);
if (!data)
continue;
val = radius_add_attr(state, data->vendor, data->type, data->size);
switch (data->format) {
case 's':
memcpy(val, data->data, data->size);
break;
case 'x':
hexstr2bin(data->data, val, data->size);
break;
case 'd':
WPA_PUT_BE32(val, atoi(data->data));
break;
}
}
}
static void
radius_user_parse_methods(struct eap_user *eap, struct blob_attr *data)
{
struct blob_attr *cur;
int rem, n = 0;
if (!data)
return;
blobmsg_for_each_attr(cur, data, rem) {
const char *method;
if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
continue;
if (n == EAP_MAX_METHODS)
break;
method = blobmsg_get_string(cur);
eap->methods[n].method = eap_server_get_type(method, &eap->methods[n].vendor);
if (eap->methods[n].vendor == EAP_VENDOR_IETF &&
eap->methods[n].method == EAP_TYPE_NONE) {
if (!strcmp(method, "TTLS-PAP")) {
eap->ttls_auth |= EAP_TTLS_AUTH_PAP;
continue;
}
if (!strcmp(method, "TTLS-CHAP")) {
eap->ttls_auth |= EAP_TTLS_AUTH_CHAP;
continue;
}
if (!strcmp(method, "TTLS-MSCHAP")) {
eap->ttls_auth |= EAP_TTLS_AUTH_MSCHAP;
continue;
}
if (!strcmp(method, "TTLS-MSCHAPV2")) {
eap->ttls_auth |= EAP_TTLS_AUTH_MSCHAPV2;
continue;
}
if (!strcmp(method, "MACACL")) {
eap->macacl = 1;
continue;
}
}
n++;
}
}
static struct eap_user *
radius_user_get_state(struct radius_user_data *u, struct blob_attr *data,
const char *id)
{
static const struct blobmsg_policy policy[__USER_ATTR_MAX] = {
[USER_ATTR_PASSWORD] = { "password", BLOBMSG_TYPE_STRING },
[USER_ATTR_HASH] = { "hash", BLOBMSG_TYPE_STRING },
[USER_ATTR_SALT] = { "salt", BLOBMSG_TYPE_STRING },
[USER_ATTR_METHODS] = { "methods", BLOBMSG_TYPE_ARRAY },
[USER_ATTR_RADIUS] = { "radius", BLOBMSG_TYPE_ARRAY },
[USER_ATTR_VLAN] = { "vlan-id", BLOBMSG_TYPE_INT32 },
[USER_ATTR_MAX_RATE_UP] = { "max-rate-up", BLOBMSG_TYPE_INT32 },
[USER_ATTR_MAX_RATE_DOWN] = { "max-rate-down", BLOBMSG_TYPE_INT32 },
};
struct blob_attr *tb[__USER_ATTR_MAX], *cur;
char *password_buf, *salt_buf, *name_buf;
struct radius_parse_attr_state astate = {};
struct hostapd_radius_attr *attr;
struct radius_user_state *state;
int pw_len = 0, salt_len = 0;
struct eap_user *eap;
struct wpabuf *val;
size_t attrsize = 0;
void *attrdata;
int n_attr = 0;
state = avl_find_element(&u->user_state, id, state, node);
if (state)
return &state->data;
blobmsg_parse(policy, __USER_ATTR_MAX, tb, blobmsg_data(data), blobmsg_len(data));
if ((cur = tb[USER_ATTR_SALT]) != NULL)
salt_len = strlen(blobmsg_get_string(cur)) / 2;
if ((cur = tb[USER_ATTR_HASH]) != NULL)
pw_len = strlen(blobmsg_get_string(cur)) / 2;
else if ((cur = tb[USER_ATTR_PASSWORD]) != NULL)
pw_len = blobmsg_len(cur) - 1;
radius_count_attrs(tb, &n_attr, &attrsize);
state = calloc_a(sizeof(*state), &name_buf, strlen(id) + 1,
&password_buf, pw_len,
&salt_buf, salt_len,
&astate.attr, n_attr * sizeof(*astate.attr),
&astate.buf, n_attr * sizeof(*astate.buf),
&astate.attrdata, attrsize);
eap = &state->data;
eap->salt = salt_len ? salt_buf : NULL;
eap->salt_len = salt_len;
eap->password = pw_len ? password_buf : NULL;
eap->password_len = pw_len;
eap->force_version = -1;
if ((cur = tb[USER_ATTR_SALT]) != NULL)
hexstr2bin(blobmsg_get_string(cur), salt_buf, salt_len);
if ((cur = tb[USER_ATTR_PASSWORD]) != NULL)
memcpy(password_buf, blobmsg_get_string(cur), pw_len);
else if ((cur = tb[USER_ATTR_HASH]) != NULL) {
hexstr2bin(blobmsg_get_string(cur), password_buf, pw_len);
eap->password_hash = 1;
}
radius_user_parse_methods(eap, tb[USER_ATTR_METHODS]);
if (n_attr > 0) {
cur = tb[USER_ATTR_RADIUS];
eap->accept_attr = astate.attr;
radius_parse_attrs(tb, &astate);
}
state->node.key = strcpy(name_buf, id);
avl_insert(&u->user_state, &state->node);
return &state->data;
free:
free(state);
return NULL;
}
static int radius_get_eap_user(void *ctx, const u8 *identity,
size_t identity_len, int phase2,
struct eap_user *user)
{
struct radius_state *s = ctx;
struct radius_user_data *u = phase2 ? &s->phase2 : &s->phase1;
struct blob_attr *entry;
struct eap_user *data;
char *id;
if (identity_len > 512)
return -1;
load_userfile(s);
id = alloca(identity_len + 1);
memcpy(id, identity, identity_len);
id[identity_len] = 0;
entry = radius_user_get(u, id);
if (!entry)
return -1;
if (!user)
return 0;
data = radius_user_get_state(u, entry, id);
if (!data)
return -1;
*user = *data;
if (user->password_len > 0)
user->password = os_memdup(user->password, user->password_len);
if (user->salt_len > 0)
user->salt = os_memdup(user->salt, user->salt_len);
user->phase2 = phase2;
return 0;
}
static int radius_setup(struct radius_state *s, struct radius_config *c)
{
struct eap_config *eap = &s->eap;
struct tls_config conf = {
.event_cb = radius_tls_event,
.tls_flags = TLS_CONN_DISABLE_TLSv1_3,
.cb_ctx = s,
};
eap->eap_server = 1;
eap->max_auth_rounds = 100;
eap->max_auth_rounds_short = 50;
eap->ssl_ctx = tls_init(&conf);
if (!eap->ssl_ctx) {
wpa_printf(MSG_INFO, "TLS init failed\n");
return 1;
}
if (tls_global_set_params(eap->ssl_ctx, &c->tls)) {
wpa_printf(MSG_INFO, "failed to set TLS parameters\n");
return 1;
}
c->radius.eap_cfg = eap;
c->radius.conf_ctx = s;
c->radius.get_eap_user = radius_get_eap_user;
s->radius = radius_server_init(&c->radius);
if (!s->radius) {
wpa_printf(MSG_INFO, "failed to initialize radius server\n");
return 1;
}
return 0;
}
static int radius_init(struct radius_state *s)
{
memset(s, 0, sizeof(*s));
radius_userdata_init(&s->phase1);
radius_userdata_init(&s->phase2);
}
static void radius_deinit(struct radius_state *s)
{
if (s->radius)
radius_server_deinit(s->radius);
if (s->eap.ssl_ctx)
tls_deinit(s->eap.ssl_ctx);
radius_userdata_free(&s->phase1);
radius_userdata_free(&s->phase2);
}
static int usage(const char *progname)
{
fprintf(stderr, "Usage: %s <options>\n",
progname);
}
int radius_main(int argc, char **argv)
{
static struct radius_state state = {};
static struct radius_config config = {};
const char *progname = argv[0];
int ret = 0;
int ch;
wpa_debug_setup_stdout();
wpa_debug_level = 0;
if (eloop_init()) {
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
return 1;
}
eap_server_register_methods();
radius_init(&state);
while ((ch = getopt(argc, argv, "6C:c:d:i:k:K:p:P:s:u:")) != -1) {
switch (ch) {
case '6':
config.radius.ipv6 = 1;
break;
case 'C':
config.tls.ca_cert = optarg;
break;
case 'c':
if (config.tls.client_cert2)
return usage(progname);
if (config.tls.client_cert)
config.tls.client_cert2 = optarg;
else
config.tls.client_cert = optarg;
break;
case 'd':
config.tls.dh_file = optarg;
break;
case 'i':
state.eap.server_id = optarg;
state.eap.server_id_len = strlen(optarg);
break;
case 'k':
if (config.tls.private_key2)
return usage(progname);
if (config.tls.private_key)
config.tls.private_key2 = optarg;
else
config.tls.private_key = optarg;
break;
case 'K':
if (config.tls.private_key_passwd2)
return usage(progname);
if (config.tls.private_key_passwd)
config.tls.private_key_passwd2 = optarg;
else
config.tls.private_key_passwd = optarg;
break;
case 'p':
config.radius.auth_port = atoi(optarg);
break;
case 'P':
config.radius.acct_port = atoi(optarg);
break;
case 's':
config.radius.client_file = optarg;
break;
case 'u':
state.user_file = optarg;
break;
default:
return usage(progname);
}
}
if (!config.tls.client_cert || !config.tls.private_key ||
!config.radius.client_file || !state.eap.server_id ||
!state.user_file) {
wpa_printf(MSG_INFO, "missing options\n");
goto out;
}
ret = radius_setup(&state, &config);
if (ret)
goto out;
load_userfile(&state);
eloop_run();
out:
radius_deinit(&state);
os_program_deinit();
return ret;
}

2124
feeds/hostapd/hostapd/src/src/ap/ubus.c
View File

File diff suppressed because it is too large Load Diff

144
feeds/hostapd/hostapd/src/src/ap/ubus.h
View File

@@ -1,144 +0,0 @@
/*
* hostapd / ubus support
* Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef __HOSTAPD_UBUS_H
#define __HOSTAPD_UBUS_H
enum hostapd_ubus_event_type {
HOSTAPD_UBUS_PROBE_REQ,
HOSTAPD_UBUS_AUTH_REQ,
HOSTAPD_UBUS_ASSOC_REQ,
HOSTAPD_UBUS_COA,
HOSTAPD_UBUS_TYPE_MAX
};
struct hostapd_ubus_request {
enum hostapd_ubus_event_type type;
const struct ieee80211_mgmt *mgmt_frame;
const struct ieee802_11_elems *elems;
int ssi_signal; /* dBm */
const u8 *addr;
};
struct hostapd_iface;
struct hostapd_data;
struct hapd_interfaces;
struct rrm_measurement_beacon_report;
#ifdef UBUS_SUPPORT
#include <libubox/avl.h>
#include <libubus.h>
struct hostapd_ubus_bss {
struct ubus_object obj;
struct avl_tree banned;
int notify_response;
};
void hostapd_ubus_add_iface(struct hostapd_iface *iface);
void hostapd_ubus_free_iface(struct hostapd_iface *iface);
void hostapd_ubus_add_bss(struct hostapd_data *hapd);
void hostapd_ubus_free_bss(struct hostapd_data *hapd);
void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan);
void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan);
int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta);
void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
const u8 *addr, u8 token, u8 rep_mode,
struct rrm_measurement_beacon_report *rep,
size_t len);
void hostapd_ubus_notify_radar_detected(struct hostapd_iface *iface, int frequency,
int chan_width, int cf1, int cf2);
void hostapd_ubus_notify_rssi(struct hostapd_data *hapd, const char *type, const u8 *addr, int rssi);
void hostapd_ubus_notify_bss_transition_response(
struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 status_code,
u8 bss_termination_delay, const u8 *target_bssid,
const u8 *candidate_list, u16 candidate_list_len);
void hostapd_ubus_add(struct hapd_interfaces *interfaces);
void hostapd_ubus_free(struct hapd_interfaces *interfaces);
int hostapd_ubus_notify_bss_transition_query(
struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
const u8 *candidate_list, u16 candidate_list_len);
void hostapd_ubus_notify_csa(struct hostapd_data *hapd, int freq);
#else
struct hostapd_ubus_bss {};
static inline void hostapd_ubus_add_iface(struct hostapd_iface *iface)
{
}
static inline void hostapd_ubus_free_iface(struct hostapd_iface *iface)
{
}
static inline void hostapd_ubus_add_bss(struct hostapd_data *hapd)
{
}
static inline void hostapd_ubus_free_bss(struct hostapd_data *hapd)
{
}
static inline void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
{
}
static inline void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
{
}
static inline int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req)
{
return 0;
}
static inline void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac)
{
}
static inline void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
const u8 *addr, u8 token,
u8 rep_mode,
struct rrm_measurement_beacon_report *rep,
size_t len)
{
}
static inline void hostapd_ubus_notify_radar_detected(struct hostapd_iface *iface, int frequency,
int chan_width, int cf1, int cf2)
{
}
static inline void hostapd_ubus_notify_bss_transition_response(
struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 status_code,
u8 bss_termination_delay, const u8 *target_bssid,
const u8 *candidate_list, u16 candidate_list_len)
{
}
static inline void hostapd_ubus_add(struct hapd_interfaces *interfaces)
{
}
static inline void hostapd_ubus_free(struct hapd_interfaces *interfaces)
{
}
static inline int hostapd_ubus_notify_bss_transition_query(
struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
const u8 *candidate_list, u16 candidate_list_len)
{
return 0;
}
#endif
#endif

952
feeds/hostapd/hostapd/src/src/ap/ucode.c
View File

@@ -1,952 +0,0 @@
#include <sys/un.h>
#include "utils/includes.h"
#include "utils/common.h"
#include "utils/ucode.h"
#include "hostapd.h"
#include "beacon.h"
#include "hw_features.h"
#include "ap_drv_ops.h"
#include "dfs.h"
#include "acs.h"
#include "ieee802_11_auth.h"
#include <libubox/uloop.h>
static uc_resource_type_t *global_type, *bss_type, *iface_type;
static struct hapd_interfaces *interfaces;
static uc_value_t *global, *bss_registry, *iface_registry;
static uc_vm_t *vm;
static uc_value_t *
hostapd_ucode_bss_get_uval(struct hostapd_data *hapd)
{
uc_value_t *val;
if (hapd->ucode.idx)
return wpa_ucode_registry_get(bss_registry, hapd->ucode.idx);
val = uc_resource_new(bss_type, hapd);
hapd->ucode.idx = wpa_ucode_registry_add(bss_registry, val);
return val;
}
static uc_value_t *
hostapd_ucode_iface_get_uval(struct hostapd_iface *hapd)
{
uc_value_t *val;
if (hapd->ucode.idx)
return wpa_ucode_registry_get(iface_registry, hapd->ucode.idx);
val = uc_resource_new(iface_type, hapd);
hapd->ucode.idx = wpa_ucode_registry_add(iface_registry, val);
return val;
}
static void
hostapd_ucode_update_bss_list(struct hostapd_iface *iface, uc_value_t *if_bss, uc_value_t *bss)
{
uc_value_t *list;
int i;
list = ucv_array_new(vm);
for (i = 0; iface->bss && i < iface->num_bss; i++) {
struct hostapd_data *hapd = iface->bss[i];
uc_value_t *val = hostapd_ucode_bss_get_uval(hapd);
ucv_array_set(list, i, ucv_get(ucv_string_new(hapd->conf->iface)));
ucv_object_add(bss, hapd->conf->iface, ucv_get(val));
}
ucv_object_add(if_bss, iface->phy, ucv_get(list));
}
static void
hostapd_ucode_update_interfaces(void)
{
uc_value_t *ifs = ucv_object_new(vm);
uc_value_t *if_bss = ucv_array_new(vm);
uc_value_t *bss = ucv_object_new(vm);
int i;
for (i = 0; i < interfaces->count; i++) {
struct hostapd_iface *iface = interfaces->iface[i];
ucv_object_add(ifs, iface->phy, ucv_get(hostapd_ucode_iface_get_uval(iface)));
hostapd_ucode_update_bss_list(iface, if_bss, bss);
}
ucv_object_add(ucv_prototype_get(global), "interfaces", ucv_get(ifs));
ucv_object_add(ucv_prototype_get(global), "interface_bss", ucv_get(if_bss));
ucv_object_add(ucv_prototype_get(global), "bss", ucv_get(bss));
ucv_gc(vm);
}
static uc_value_t *
uc_hostapd_add_iface(uc_vm_t *vm, size_t nargs)
{
uc_value_t *iface = uc_fn_arg(0);
int ret;
if (ucv_type(iface) != UC_STRING)
return ucv_int64_new(-1);
ret = hostapd_add_iface(interfaces, ucv_string_get(iface));
hostapd_ucode_update_interfaces();
return ucv_int64_new(ret);
}
static uc_value_t *
uc_hostapd_remove_iface(uc_vm_t *vm, size_t nargs)
{
uc_value_t *iface = uc_fn_arg(0);
if (ucv_type(iface) != UC_STRING)
return NULL;
hostapd_remove_iface(interfaces, ucv_string_get(iface));
hostapd_ucode_update_interfaces();
return NULL;
}
static struct hostapd_vlan *
bss_conf_find_vlan(struct hostapd_bss_config *bss, int id)
{
struct hostapd_vlan *vlan;
for (vlan = bss->vlan; vlan; vlan = vlan->next)
if (vlan->vlan_id == id)
return vlan;
return NULL;
}
static int
bss_conf_rename_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
const char *ifname)
{
if (!strcmp(ifname, vlan->ifname))
return 0;
hostapd_drv_if_rename(hapd, WPA_IF_AP_VLAN, vlan->ifname, ifname);
os_strlcpy(vlan->ifname, ifname, sizeof(vlan->ifname));
return 0;
}
static int
bss_reload_vlans(struct hostapd_data *hapd, struct hostapd_bss_config *bss)
{
struct hostapd_bss_config *old_bss = hapd->conf;
struct hostapd_vlan *vlan, *vlan_new, *wildcard;
char ifname[IFNAMSIZ + 1], vlan_ifname[IFNAMSIZ + 1], *pos;
int ret;
vlan = bss_conf_find_vlan(old_bss, VLAN_ID_WILDCARD);
wildcard = bss_conf_find_vlan(bss, VLAN_ID_WILDCARD);
if (!!vlan != !!wildcard)
return -1;
if (vlan && wildcard && strcmp(vlan->ifname, wildcard->ifname) != 0)
strcpy(vlan->ifname, wildcard->ifname);
else
wildcard = NULL;
for (vlan = bss->vlan; vlan; vlan = vlan->next) {
if (vlan->vlan_id == VLAN_ID_WILDCARD ||
vlan->dynamic_vlan > 0)
continue;
if (!bss_conf_find_vlan(old_bss, vlan->vlan_id))
return -1;
}
for (vlan = old_bss->vlan; vlan; vlan = vlan->next) {
if (vlan->vlan_id == VLAN_ID_WILDCARD)
continue;
if (vlan->dynamic_vlan == 0) {
vlan_new = bss_conf_find_vlan(bss, vlan->vlan_id);
if (!vlan_new)
return -1;
if (bss_conf_rename_vlan(hapd, vlan, vlan_new->ifname))
return -1;
continue;
}
if (!wildcard)
continue;
os_strlcpy(ifname, wildcard->ifname, sizeof(ifname));
pos = os_strchr(ifname, '#');
if (!pos)
return -1;
*pos++ = '\0';
ret = os_snprintf(vlan_ifname, sizeof(vlan_ifname), "%s%d%s",
ifname, vlan->vlan_id, pos);
if (os_snprintf_error(sizeof(vlan_ifname), ret))
return -1;
if (bss_conf_rename_vlan(hapd, vlan, vlan_ifname))
return -1;
}
return 0;
}
static uc_value_t *
uc_hostapd_bss_set_config(uc_vm_t *vm, size_t nargs)
{
struct hostapd_data *hapd = uc_fn_thisval("hostapd.bss");
struct hostapd_bss_config *old_bss;
struct hostapd_iface *iface;
struct hostapd_config *conf;
uc_value_t *file = uc_fn_arg(0);
uc_value_t *index = uc_fn_arg(1);
uc_value_t *files_only = uc_fn_arg(2);
unsigned int i, idx = 0;
int ret = -1;
if (!hapd || ucv_type(file) != UC_STRING)
goto out;
if (ucv_type(index) == UC_INTEGER)
idx = ucv_int64_get(index);
iface = hapd->iface;
conf = interfaces->config_read_cb(ucv_string_get(file));
if (!conf)
goto out;
if (idx > conf->num_bss || !conf->bss[idx])
goto free;
if (ucv_boolean_get(files_only)) {
struct hostapd_bss_config *bss = conf->bss[idx];
struct hostapd_bss_config *old_bss = hapd->conf;
#define swap_field(name) \
do { \
void *ptr = old_bss->name; \
old_bss->name = bss->name; \
bss->name = ptr; \
} while (0)
swap_field(ssid.wpa_psk_file);
ret = bss_reload_vlans(hapd, bss);
goto done;
}
hostapd_bss_deinit_no_free(hapd);
hostapd_drv_stop_ap(hapd);
hostapd_free_hapd_data(hapd);
old_bss = hapd->conf;
for (i = 0; i < iface->conf->num_bss; i++)
if (iface->conf->bss[i] == hapd->conf)
iface->conf->bss[i] = conf->bss[idx];
hapd->conf = conf->bss[idx];
conf->bss[idx] = old_bss;
hostapd_setup_bss(hapd, hapd == iface->bss[0], true);
hostapd_ucode_update_interfaces();
hostapd_owe_update_trans(iface);
done:
ret = 0;
free:
hostapd_config_free(conf);
out:
return ucv_int64_new(ret);
}
static void
hostapd_remove_iface_bss_conf(struct hostapd_config *iconf,
struct hostapd_bss_config *conf)
{
int i;
for (i = 0; i < iconf->num_bss; i++)
if (iconf->bss[i] == conf)
break;
if (i == iconf->num_bss)
return;
for (i++; i < iconf->num_bss; i++)
iconf->bss[i - 1] = iconf->bss[i];
iconf->num_bss--;
}
static uc_value_t *
uc_hostapd_bss_delete(uc_vm_t *vm, size_t nargs)
{
struct hostapd_data *hapd = uc_fn_thisval("hostapd.bss");
struct hostapd_iface *iface;
int i, idx;
if (!hapd)
return NULL;
iface = hapd->iface;
if (iface->num_bss == 1) {
wpa_printf(MSG_ERROR, "trying to delete last bss of an iface: %s\n", hapd->conf->iface);
return NULL;
}
for (idx = 0; idx < iface->num_bss; idx++)
if (iface->bss[idx] == hapd)
break;
if (idx == iface->num_bss)
return NULL;
for (i = idx + 1; i < iface->num_bss; i++)
iface->bss[i - 1] = iface->bss[i];
iface->num_bss--;
iface->bss[0]->interface_added = 0;
hostapd_drv_set_first_bss(iface->bss[0]);
hapd->interface_added = 1;
hostapd_drv_stop_ap(hapd);
hostapd_bss_deinit(hapd);
hostapd_remove_iface_bss_conf(iface->conf, hapd->conf);
hostapd_config_free_bss(hapd->conf);
os_free(hapd);
hostapd_ucode_update_interfaces();
ucv_gc(vm);
return NULL;
}
static uc_value_t *
uc_hostapd_iface_add_bss(uc_vm_t *vm, size_t nargs)
{
struct hostapd_iface *iface = uc_fn_thisval("hostapd.iface");
struct hostapd_bss_config *bss;
struct hostapd_config *conf;
struct hostapd_data *hapd;
uc_value_t *file = uc_fn_arg(0);
uc_value_t *index = uc_fn_arg(1);
unsigned int idx = 0;
uc_value_t *ret = NULL;
if (!iface || ucv_type(file) != UC_STRING)
goto out;
if (ucv_type(index) == UC_INTEGER)
idx = ucv_int64_get(index);
conf = interfaces->config_read_cb(ucv_string_get(file));
if (!conf || idx > conf->num_bss || !conf->bss[idx])
goto out;
bss = conf->bss[idx];
hapd = hostapd_alloc_bss_data(iface, iface->conf, bss);
if (!hapd)
goto out;
hapd->driver = iface->bss[0]->driver;
hapd->drv_priv = iface->bss[0]->drv_priv;
if (interfaces->ctrl_iface_init &&
interfaces->ctrl_iface_init(hapd) < 0)
goto free_hapd;
if (iface->state == HAPD_IFACE_ENABLED &&
hostapd_setup_bss(hapd, -1, true))
goto deinit_ctrl;
iface->bss = os_realloc_array(iface->bss, iface->num_bss + 1,
sizeof(*iface->bss));
iface->bss[iface->num_bss++] = hapd;
iface->conf->bss = os_realloc_array(iface->conf->bss,
iface->conf->num_bss + 1,
sizeof(*iface->conf->bss));
iface->conf->bss[iface->conf->num_bss] = bss;
conf->bss[idx] = NULL;
ret = hostapd_ucode_bss_get_uval(hapd);
hostapd_ucode_update_interfaces();
hostapd_owe_update_trans(iface);
goto out;
deinit_ctrl:
if (interfaces->ctrl_iface_deinit)
interfaces->ctrl_iface_deinit(hapd);
free_hapd:
hostapd_free_hapd_data(hapd);
os_free(hapd);
out:
hostapd_config_free(conf);
return ret;
}
static uc_value_t *
uc_hostapd_iface_set_bss_order(uc_vm_t *vm, size_t nargs)
{
struct hostapd_iface *iface = uc_fn_thisval("hostapd.iface");
uc_value_t *bss_list = uc_fn_arg(0);
struct hostapd_data **new_bss;
struct hostapd_bss_config **new_conf;
if (!iface)
return NULL;
if (ucv_type(bss_list) != UC_ARRAY ||
ucv_array_length(bss_list) != iface->num_bss)
return NULL;
new_bss = calloc(iface->num_bss, sizeof(*new_bss));
new_conf = calloc(iface->num_bss, sizeof(*new_conf));
for (size_t i = 0; i < iface->num_bss; i++) {
struct hostapd_data *bss;
bss = ucv_resource_data(ucv_array_get(bss_list, i), "hostapd.bss");
if (bss->iface != iface)
goto free;
for (size_t k = 0; k < i; k++)
if (new_bss[k] == bss)
goto free;
new_bss[i] = bss;
new_conf[i] = bss->conf;
}
new_bss[0]->interface_added = 0;
for (size_t i = 1; i < iface->num_bss; i++)
new_bss[i]->interface_added = 1;
free(iface->bss);
iface->bss = new_bss;
free(iface->conf->bss);
iface->conf->bss = new_conf;
iface->conf->num_bss = iface->num_bss;
hostapd_drv_set_first_bss(iface->bss[0]);
return ucv_boolean_new(true);
free:
free(new_bss);
free(new_conf);
return NULL;
}
static uc_value_t *
uc_hostapd_bss_ctrl(uc_vm_t *vm, size_t nargs)
{
struct hostapd_data *hapd = uc_fn_thisval("hostapd.bss");
uc_value_t *arg = uc_fn_arg(0);
struct sockaddr_storage from = {};
static char reply[4096];
int reply_len;
if (!hapd || !interfaces->ctrl_iface_recv ||
ucv_type(arg) != UC_STRING)
return NULL;
reply_len = interfaces->ctrl_iface_recv(hapd, ucv_string_get(arg),
reply, sizeof(reply),
&from, sizeof(from));
if (reply_len < 0)
return NULL;
if (reply_len && reply[reply_len - 1] == '\n')
reply_len--;
return ucv_string_new_length(reply, reply_len);
}
static void
uc_hostapd_disable_iface(struct hostapd_iface *iface)
{
switch (iface->state) {
case HAPD_IFACE_DISABLED:
break;
#ifdef CONFIG_ACS
case HAPD_IFACE_ACS:
acs_cleanup(iface);
iface->scan_cb = NULL;
/* fallthrough */
#endif
default:
hostapd_disable_iface(iface);
break;
}
}
static uc_value_t *
uc_hostapd_iface_stop(uc_vm_t *vm, size_t nargs)
{
struct hostapd_iface *iface = uc_fn_thisval("hostapd.iface");
int i;
if (!iface)
return NULL;
if (iface->state != HAPD_IFACE_ENABLED)
uc_hostapd_disable_iface(iface);
for (i = 0; i < iface->num_bss; i++) {
struct hostapd_data *hapd = iface->bss[i];
hostapd_drv_stop_ap(hapd);
hapd->beacon_set_done = 0;
}
return NULL;
}
static uc_value_t *
uc_hostapd_iface_start(uc_vm_t *vm, size_t nargs)
{
struct hostapd_iface *iface = uc_fn_thisval("hostapd.iface");
uc_value_t *info = uc_fn_arg(0);
struct hostapd_config *conf;
bool changed = false;
uint64_t intval;
int i;
if (!iface)
return NULL;
if (!info) {
iface->freq = 0;
goto out;
}
if (ucv_type(info) != UC_OBJECT)
return NULL;
#define UPDATE_VAL(field, name) \
if ((intval = ucv_int64_get(ucv_object_get(info, name, NULL))) && \
!errno && intval != conf->field) do { \
conf->field = intval; \
changed = true; \
} while(0)
conf = iface->conf;
UPDATE_VAL(op_class, "op_class");
UPDATE_VAL(hw_mode, "hw_mode");
UPDATE_VAL(channel, "channel");
UPDATE_VAL(secondary_channel, "sec_channel");
if (!changed &&
(iface->bss[0]->beacon_set_done ||
iface->state == HAPD_IFACE_DFS))
return ucv_boolean_new(true);
intval = ucv_int64_get(ucv_object_get(info, "center_seg0_idx", NULL));
if (!errno)
hostapd_set_oper_centr_freq_seg0_idx(conf, intval);
intval = ucv_int64_get(ucv_object_get(info, "center_seg1_idx", NULL));
if (!errno)
hostapd_set_oper_centr_freq_seg1_idx(conf, intval);
intval = ucv_int64_get(ucv_object_get(info, "oper_chwidth", NULL));
if (!errno)
hostapd_set_oper_chwidth(conf, intval);
intval = ucv_int64_get(ucv_object_get(info, "frequency", NULL));
if (!errno)
iface->freq = intval;
else
iface->freq = 0;
conf->acs = 0;
out:
switch (iface->state) {
case HAPD_IFACE_ENABLED:
if (!hostapd_is_dfs_required(iface) ||
hostapd_is_dfs_chan_available(iface))
break;
wpa_printf(MSG_INFO, "DFS CAC required on new channel, restart interface");
/* fallthrough */
default:
uc_hostapd_disable_iface(iface);
break;
}
if (conf->channel && !iface->freq)
iface->freq = hostapd_hw_get_freq(iface->bss[0], conf->channel);
if (iface->state != HAPD_IFACE_ENABLED) {
hostapd_enable_iface(iface);
return ucv_boolean_new(true);
}
for (i = 0; i < iface->num_bss; i++) {
struct hostapd_data *hapd = iface->bss[i];
int ret;
hapd->conf->start_disabled = 0;
hostapd_set_freq(hapd, conf->hw_mode, iface->freq,
conf->channel,
conf->enable_edmg,
conf->edmg_channel,
conf->ieee80211n,
conf->ieee80211ac,
conf->ieee80211ax,
conf->ieee80211be,
conf->secondary_channel,
hostapd_get_oper_chwidth(conf),
hostapd_get_oper_centr_freq_seg0_idx(conf),
hostapd_get_oper_centr_freq_seg1_idx(conf));
ieee802_11_set_beacon(hapd);
}
hostapd_owe_update_trans(iface);
return ucv_boolean_new(true);
}
static uc_value_t *
uc_hostapd_iface_switch_channel(uc_vm_t *vm, size_t nargs)
{
struct hostapd_iface *iface = uc_fn_thisval("hostapd.iface");
uc_value_t *info = uc_fn_arg(0);
struct hostapd_config *conf;
struct csa_settings csa = {};
uint64_t intval;
int i, ret = 0;
if (!iface || ucv_type(info) != UC_OBJECT)
return NULL;
conf = iface->conf;
if ((intval = ucv_int64_get(ucv_object_get(info, "csa_count", NULL))) && !errno)
csa.cs_count = intval;
if ((intval = ucv_int64_get(ucv_object_get(info, "sec_channel", NULL))) && !errno)
csa.freq_params.sec_channel_offset = intval;
csa.freq_params.ht_enabled = conf->ieee80211n;
csa.freq_params.vht_enabled = conf->ieee80211ac;
csa.freq_params.he_enabled = conf->ieee80211ax;
#ifdef CONFIG_IEEE80211BE
csa.freq_params.eht_enabled = conf->ieee80211be;
#endif
intval = ucv_int64_get(ucv_object_get(info, "oper_chwidth", NULL));
if (errno)
intval = hostapd_get_oper_chwidth(conf);
if (intval)
csa.freq_params.bandwidth = 40 << intval;
else
csa.freq_params.bandwidth = csa.freq_params.sec_channel_offset ? 40 : 20;
if ((intval = ucv_int64_get(ucv_object_get(info, "frequency", NULL))) && !errno)
csa.freq_params.freq = intval;
if ((intval = ucv_int64_get(ucv_object_get(info, "center_freq1", NULL))) && !errno)
csa.freq_params.center_freq1 = intval;
if ((intval = ucv_int64_get(ucv_object_get(info, "center_freq2", NULL))) && !errno)
csa.freq_params.center_freq2 = intval;
for (i = 0; i < iface->num_bss; i++)
ret = hostapd_switch_channel(iface->bss[i], &csa);
return ucv_boolean_new(!ret);
}
static uc_value_t *
uc_hostapd_bss_rename(uc_vm_t *vm, size_t nargs)
{
struct hostapd_data *hapd = uc_fn_thisval("hostapd.bss");
uc_value_t *ifname_arg = uc_fn_arg(0);
char prev_ifname[IFNAMSIZ + 1];
struct sta_info *sta;
const char *ifname;
int ret;
if (!hapd || ucv_type(ifname_arg) != UC_STRING)
return NULL;
os_strlcpy(prev_ifname, hapd->conf->iface, sizeof(prev_ifname));
ifname = ucv_string_get(ifname_arg);
hostapd_ubus_free_bss(hapd);
if (interfaces->ctrl_iface_deinit)
interfaces->ctrl_iface_deinit(hapd);
ret = hostapd_drv_if_rename(hapd, WPA_IF_AP_BSS, NULL, ifname);
if (ret)
goto out;
for (sta = hapd->sta_list; sta; sta = sta->next) {
char cur_name[IFNAMSIZ + 1], new_name[IFNAMSIZ + 1];
if (!(sta->flags & WLAN_STA_WDS) || sta->pending_wds_enable)
continue;
snprintf(cur_name, sizeof(cur_name), "%s.sta%d", prev_ifname, sta->aid);
snprintf(new_name, sizeof(new_name), "%s.sta%d", ifname, sta->aid);
hostapd_drv_if_rename(hapd, WPA_IF_AP_VLAN, cur_name, new_name);
}
if (!strncmp(hapd->conf->ssid.vlan, hapd->conf->iface, sizeof(hapd->conf->ssid.vlan)))
os_strlcpy(hapd->conf->ssid.vlan, ifname, sizeof(hapd->conf->ssid.vlan));
os_strlcpy(hapd->conf->iface, ifname, sizeof(hapd->conf->iface));
hostapd_ubus_add_bss(hapd);
hostapd_ucode_update_interfaces();
hostapd_owe_update_trans(hapd->iface);
out:
if (interfaces->ctrl_iface_init)
interfaces->ctrl_iface_init(hapd);
return ret ? NULL : ucv_boolean_new(true);
}
int hostapd_ucode_sta_auth(struct hostapd_data *hapd, struct sta_info *sta)
{
char addr[sizeof(MACSTR)];
uc_value_t *val, *cur;
int ret = 0;
if (wpa_ucode_call_prepare("sta_auth"))
return 0;
uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface)));
snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sta->addr));
val = ucv_string_new(addr);
uc_value_push(ucv_get(val));
val = wpa_ucode_call(2);
cur = ucv_object_get(val, "psk", NULL);
if (ucv_type(cur) == UC_ARRAY) {
struct hostapd_sta_wpa_psk_short *p, **next;
size_t len = ucv_array_length(cur);
next = &sta->psk;
hostapd_free_psk_list(*next);
*next = NULL;
for (size_t i = 0; i < len; i++) {
uc_value_t *cur_psk;
const char *str;
size_t str_len;
cur_psk = ucv_array_get(cur, i);
str = ucv_string_get(cur_psk);
str_len = strlen(str);
if (!str || str_len < 8 || str_len > 64)
continue;
p = os_zalloc(sizeof(*p));
if (len == 64) {
if (hexstr2bin(str, p->psk, PMK_LEN) < 0) {
free(p);
continue;
}
} else {
p->is_passphrase = 1;
memcpy(p->passphrase, str, str_len + 1);
}
*next = p;
next = &p->next;
}
}
cur = ucv_object_get(val, "force_psk", NULL);
sta->use_sta_psk = ucv_is_truish(cur);
cur = ucv_object_get(val, "status", NULL);
if (ucv_type(cur) == UC_INTEGER)
ret = ucv_int64_get(cur);
ucv_put(val);
ucv_gc(vm);
return ret;
}
void hostapd_ucode_sta_connected(struct hostapd_data *hapd, struct sta_info *sta)
{
struct hostapd_sta_wpa_psk_short *psk = sta->psk;
char addr[sizeof(MACSTR)];
uc_value_t *val, *cur;
int ret = 0;
if (wpa_ucode_call_prepare("sta_connected"))
return;
uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface)));
snprintf(addr, sizeof(addr), MACSTR, MAC2STR(sta->addr));
val = ucv_string_new(addr);
uc_value_push(ucv_get(val));
val = ucv_object_new(vm);
if (sta->psk_idx)
ucv_object_add(val, "psk_idx", ucv_int64_new(sta->psk_idx - 1));
if (sta->psk)
ucv_object_add(val, "psk", ucv_string_new(sta->psk->passphrase));
uc_value_push(ucv_get(val));
val = wpa_ucode_call(3);
if (ucv_type(val) != UC_OBJECT)
goto out;
cur = ucv_object_get(val, "vlan", NULL);
if (ucv_type(cur) == UC_INTEGER) {
struct vlan_description vdesc = {
.notempty = 1,
.untagged = ucv_int64_get(cur),
};
ap_sta_set_vlan(hapd, sta, &vdesc);
ap_sta_bind_vlan(hapd, sta);
}
out:
ucv_put(val);
}
int hostapd_ucode_init(struct hapd_interfaces *ifaces)
{
static const uc_function_list_t global_fns[] = {
{ "printf", uc_wpa_printf },
{ "getpid", uc_wpa_getpid },
{ "sha1", uc_wpa_sha1 },
{ "freq_info", uc_wpa_freq_info },
{ "add_iface", uc_hostapd_add_iface },
{ "remove_iface", uc_hostapd_remove_iface },
};
static const uc_function_list_t bss_fns[] = {
{ "ctrl", uc_hostapd_bss_ctrl },
{ "set_config", uc_hostapd_bss_set_config },
{ "rename", uc_hostapd_bss_rename },
{ "delete", uc_hostapd_bss_delete },
};
static const uc_function_list_t iface_fns[] = {
{ "set_bss_order", uc_hostapd_iface_set_bss_order },
{ "add_bss", uc_hostapd_iface_add_bss },
{ "stop", uc_hostapd_iface_stop },
{ "start", uc_hostapd_iface_start },
{ "switch_channel", uc_hostapd_iface_switch_channel },
};
uc_value_t *data, *proto;
interfaces = ifaces;
vm = wpa_ucode_create_vm();
global_type = uc_type_declare(vm, "hostapd.global", global_fns, NULL);
bss_type = uc_type_declare(vm, "hostapd.bss", bss_fns, NULL);
iface_type = uc_type_declare(vm, "hostapd.iface", iface_fns, NULL);
bss_registry = ucv_array_new(vm);
uc_vm_registry_set(vm, "hostap.bss_registry", bss_registry);
iface_registry = ucv_array_new(vm);
uc_vm_registry_set(vm, "hostap.iface_registry", iface_registry);
global = wpa_ucode_global_init("hostapd", global_type);
if (wpa_ucode_run(HOSTAPD_UC_PATH "hostapd.uc"))
goto free_vm;
ucv_gc(vm);
return 0;
free_vm:
wpa_ucode_free_vm();
return -1;
}
void hostapd_ucode_free(void)
{
if (wpa_ucode_call_prepare("shutdown") == 0)
ucv_put(wpa_ucode_call(0));
wpa_ucode_free_vm();
}
void hostapd_ucode_free_iface(struct hostapd_iface *iface)
{
wpa_ucode_registry_remove(iface_registry, iface->ucode.idx);
}
int hostapd_ucode_afc_request(struct hostapd_iface *iface, const char *request,
char *buf, size_t len)
{
uc_value_t *val;
size_t ret_len;
int ret = -1;
if (wpa_ucode_call_prepare("afc_request"))
return -1;
uc_value_push(ucv_get(ucv_string_new(iface->phy)));
uc_value_push(ucv_get(ucv_string_new(request)));
val = wpa_ucode_call(2);
if (ucv_type(val) != UC_STRING)
goto out;
ret_len = ucv_string_length(val);
if (ret_len >= len)
goto out;
memcpy(buf, ucv_string_get(val), ret_len + 1);
ret = (int)ret_len;
out:
ucv_put(val);
return ret;
}
void hostapd_ucode_add_bss(struct hostapd_data *hapd)
{
uc_value_t *val;
if (wpa_ucode_call_prepare("bss_add"))
return;
val = hostapd_ucode_bss_get_uval(hapd);
uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface)));
uc_value_push(ucv_get(val));
ucv_put(wpa_ucode_call(2));
ucv_gc(vm);
}
void hostapd_ucode_reload_bss(struct hostapd_data *hapd)
{
uc_value_t *val;
if (wpa_ucode_call_prepare("bss_reload"))
return;
val = hostapd_ucode_bss_get_uval(hapd);
uc_value_push(ucv_get(ucv_string_new(hapd->conf->iface)));
uc_value_push(ucv_get(val));
ucv_put(wpa_ucode_call(2));
ucv_gc(vm);
}
void hostapd_ucode_free_bss(struct hostapd_data *hapd)
{
uc_value_t *val;
val = wpa_ucode_registry_remove(bss_registry, hapd->ucode.idx);
if (!val)
return;
hapd->ucode.idx = 0;
if (wpa_ucode_call_prepare("bss_remove"))
return;
uc_value_push(ucv_string_new(hapd->conf->iface));
uc_value_push(ucv_get(val));
ucv_put(wpa_ucode_call(2));
ucv_gc(vm);
}

65
feeds/hostapd/hostapd/src/src/ap/ucode.h
View File

@@ -1,65 +0,0 @@
#ifndef __HOSTAPD_AP_UCODE_H
#define __HOSTAPD_AP_UCODE_H
#include "utils/ucode.h"
struct hostapd_data;
struct hostapd_ucode_bss {
#ifdef UCODE_SUPPORT
int idx;
#endif
};
struct hostapd_ucode_iface {
#ifdef UCODE_SUPPORT
int idx;
#endif
};
#ifdef UCODE_SUPPORT
int hostapd_ucode_init(struct hapd_interfaces *ifaces);
void hostapd_ucode_free(void);
void hostapd_ucode_free_iface(struct hostapd_iface *iface);
int hostapd_ucode_sta_auth(struct hostapd_data *hapd, struct sta_info *sta);
void hostapd_ucode_sta_connected(struct hostapd_data *hapd, struct sta_info *sta);
void hostapd_ucode_add_bss(struct hostapd_data *hapd);
void hostapd_ucode_free_bss(struct hostapd_data *hapd);
void hostapd_ucode_reload_bss(struct hostapd_data *hapd);
int hostapd_ucode_afc_request(struct hostapd_iface *iface, const char *request,
char *buf, size_t len);
#else
static inline int hostapd_ucode_init(struct hapd_interfaces *ifaces)
{
return -EINVAL;
}
static inline void hostapd_ucode_free(void)
{
}
static inline void hostapd_ucode_free_iface(struct hostapd_iface *iface)
{
}
static inline void hostapd_ucode_reload_bss(struct hostapd_data *hapd)
{
}
static inline int hostapd_ucode_sta_auth(struct hostapd_data *hapd, struct sta_info *sta)
{
return 0;
}
static inline void hostapd_ucode_sta_connected(struct hostapd_data *hapd, struct sta_info *sta)
{
}
static inline void hostapd_ucode_add_bss(struct hostapd_data *hapd)
{
}
static inline void hostapd_ucode_free_bss(struct hostapd_data *hapd)
{
}
#endif
#endif

6
feeds/ipq40xx/ipq40xx/Makefile
View File

@@ -14,12 +14,6 @@ DEVICE_TYPE:=qsdk
KERNELNAME:=zImage Image dtbs
GENERIC_BACKPORT_DIR := ${CURDIR}/backport-$(KERNEL_PATCHVER)
GENERIC_PATCH_DIR := ${CURDIR}/pending-$(KERNEL_PATCHVER)
GENERIC_HACK_DIR := ${CURDIR}/hack-$(KERNEL_PATCHVER)
GENERIC_FILES_DIR :=
GENERIC_LINUX_CONFIG:=${CURDIR}/config-$(KERNEL_PATCHVER)-ipq40xx
include $(INCLUDE_DIR)/target.mk
DEFAULT_PACKAGES += \
kmod-usb-dwc3-qcom \

30
feeds/ipq40xx/ipq40xx/backport-5.4/010-Kbuild-don-t-hardcode-path-to-awk-in-scripts-ld-vers.patch
View File

@@ -1,30 +0,0 @@
From 13b1ecc3401653a355798eb1dee10cc1608202f4 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Mon, 18 Jan 2016 12:27:49 +0100
Subject: [PATCH 33/34] Kbuild: don't hardcode path to awk in
scripts/ld-version.sh
On some systems /usr/bin/awk does not exist, or is broken. Find it via
$PATH instead.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
scripts/ld-version.sh | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/scripts/ld-version.sh
+++ b/scripts/ld-version.sh
@@ -1,6 +1,7 @@
-#!/usr/bin/awk -f
+#!/bin/sh
# SPDX-License-Identifier: GPL-2.0
# extract linker version number from stdin and turn into single number
+exec awk '
{
gsub(".*\\)", "");
gsub(".*version ", "");
@@ -9,3 +10,4 @@
print a[1]*100000000 + a[2]*1000000 + a[3]*10000;
exit
}
+'

21
feeds/ipq40xx/ipq40xx/backport-5.4/011-kbuild-export-SUBARCH.patch
View File

@@ -1,21 +0,0 @@
From 173019b66dcc9d68ad9333aa744dad1e369b5aa8 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Sun, 9 Jul 2017 00:26:53 +0200
Subject: [PATCH 34/34] kernel: add compile fix for linux 4.9 on x86
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -493,7 +493,7 @@ KBUILD_LDFLAGS :=
GCC_PLUGINS_CFLAGS :=
CLANG_FLAGS :=
-export ARCH SRCARCH CONFIG_SHELL BASH HOSTCC KBUILD_HOSTCFLAGS CROSS_COMPILE LD CC
+export ARCH SRCARCH SUBARCH CONFIG_SHELL BASH HOSTCC KBUILD_HOSTCFLAGS CROSS_COMPILE LD CC
export CPP AR NM STRIP OBJCOPY OBJDUMP OBJSIZE READELF PAHOLE LEX YACC AWK INSTALLKERNEL
export PERL PYTHON PYTHON3 CHECK CHECKFLAGS MAKE UTS_MACHINE HOSTCXX
export KGZIP KBZIP2 KLZOP LZMA LZ4 XZ

53
feeds/ipq40xx/ipq40xx/backport-5.4/030-modpost-add-a-helper-to-get-data-pointed-by-a-symbol.patch
View File

@@ -1,53 +0,0 @@
From afa0459daa7b08c7b2c879705b69d39b734a11d0 Mon Sep 17 00:00:00 2001
From: Masahiro Yamada <yamada.masahiro@socionext.com>
Date: Fri, 15 Nov 2019 02:42:21 +0900
Subject: [PATCH] modpost: add a helper to get data pointed by a symbol
When CONFIG_MODULE_REL_CRCS is enabled, the value of __crc_* is not
an absolute value, but the address to the CRC data embedded in the
.rodata section.
Getting the data pointed by the symbol value is somewhat complex.
Split it out into a new helper, sym_get_data().
I will reuse it to refactor namespace_from_kstrtabns() in the next
commit.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
---
scripts/mod/modpost.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -312,6 +312,18 @@ static const char *sec_name(struct elf_i
return sech_name(elf, &elf->sechdrs[secindex]);
}
+static void *sym_get_data(const struct elf_info *info, const Elf_Sym *sym)
+{
+ Elf_Shdr *sechdr = &info->sechdrs[sym->st_shndx];
+ unsigned long offset;
+
+ offset = sym->st_value;
+ if (info->hdr->e_type != ET_REL)
+ offset -= sechdr->sh_addr;
+
+ return (void *)info->hdr + sechdr->sh_offset + offset;
+}
+
#define strstarts(str, prefix) (strncmp(str, prefix, strlen(prefix)) == 0)
static enum export export_from_secname(struct elf_info *elf, unsigned int sec)
@@ -701,10 +713,7 @@ static void handle_modversions(struct mo
unsigned int *crcp;
/* symbol points to the CRC in the ELF object */
- crcp = (void *)info->hdr + sym->st_value +
- info->sechdrs[sym->st_shndx].sh_offset -
- (info->hdr->e_type != ET_REL ?
- info->sechdrs[sym->st_shndx].sh_addr : 0);
+ crcp = sym_get_data(info, sym);
crc = TO_NATIVE(*crcp);
}
sym_update_crc(symname + strlen("__crc_"), mod, crc,

62
feeds/ipq40xx/ipq40xx/backport-5.4/031-modpost-refactor-namespace_from_kstrtabns-to-not-har.patch
View File

@@ -1,62 +0,0 @@
From e84f9fbbece1585f45a03ccc11eeabe121cadc1b Mon Sep 17 00:00:00 2001
From: Masahiro Yamada <yamada.masahiro@socionext.com>
Date: Fri, 15 Nov 2019 02:42:22 +0900
Subject: [PATCH] modpost: refactor namespace_from_kstrtabns() to not hard-code
section name
Currently, namespace_from_kstrtabns() relies on the fact that
namespace strings are recorded in the __ksymtab_strings section.
Actually, it is coded in include/linux/export.h, but modpost does
not need to hard-code the section name.
Elf_Sym::st_shndx holds the index of the relevant section. Using it is
a more portable way to get the namespace string.
Make namespace_from_kstrtabns() simply call sym_get_data(), and delete
the info->ksymtab_strings .
While I was here, I added more 'const' qualifiers to pointers.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
---
scripts/mod/modpost.c | 10 +++-------
scripts/mod/modpost.h | 1 -
2 files changed, 3 insertions(+), 8 deletions(-)
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -360,10 +360,10 @@ static enum export export_from_sec(struc
return export_unknown;
}
-static const char *namespace_from_kstrtabns(struct elf_info *info,
- Elf_Sym *kstrtabns)
+static const char *namespace_from_kstrtabns(const struct elf_info *info,
+ const Elf_Sym *sym)
{
- char *value = info->ksymtab_strings + kstrtabns->st_value;
+ const char *value = sym_get_data(info, sym);
return value[0] ? value : NULL;
}
@@ -605,10 +605,6 @@ static int parse_elf(struct elf_info *in
info->export_unused_gpl_sec = i;
else if (strcmp(secname, "__ksymtab_gpl_future") == 0)
info->export_gpl_future_sec = i;
- else if (strcmp(secname, "__ksymtab_strings") == 0)
- info->ksymtab_strings = (void *)hdr +
- sechdrs[i].sh_offset -
- sechdrs[i].sh_addr;
if (sechdrs[i].sh_type == SHT_SYMTAB) {
unsigned int sh_link_idx;
--- a/scripts/mod/modpost.h
+++ b/scripts/mod/modpost.h
@@ -143,7 +143,6 @@ struct elf_info {
Elf_Section export_gpl_sec;
Elf_Section export_unused_gpl_sec;
Elf_Section export_gpl_future_sec;
- char *ksymtab_strings;
char *strtab;
char *modinfo;
unsigned int modinfo_len;

176
feeds/ipq40xx/ipq40xx/backport-5.4/041-v5.5-arm64-Implement-optimised-checksum-routine.patch
View File

@@ -1,176 +0,0 @@
From: Robin Murphy <robin.murphy@arm.com>
Date: Wed, 15 Jan 2020 16:42:39 +0000
Subject: [PATCH] arm64: Implement optimised checksum routine
Apparently there exist certain workloads which rely heavily on software
checksumming, for which the generic do_csum() implementation becomes a
significant bottleneck. Therefore let's give arm64 its own optimised
version - for ease of maintenance this foregoes assembly or intrisics,
and is thus not actually arm64-specific, but does rely heavily on C
idioms that translate well to the A64 ISA and the typical load/store
capabilities of most ARMv8 CPU cores.
The resulting increase in checksum throughput scales nicely with buffer
size, tending towards 4x for a small in-order core (Cortex-A53), and up
to 6x or more for an aggressive big core (Ampere eMAG).
Reported-by: Lingyan Huang <huanglingyan2@huawei.com>
Tested-by: Lingyan Huang <huanglingyan2@huawei.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
---
create mode 100644 arch/arm64/lib/csum.c
--- a/arch/arm64/include/asm/checksum.h
+++ b/arch/arm64/include/asm/checksum.h
@@ -36,6 +36,9 @@ static inline __sum16 ip_fast_csum(const
}
#define ip_fast_csum ip_fast_csum
+extern unsigned int do_csum(const unsigned char *buff, int len);
+#define do_csum do_csum
+
#include <asm-generic/checksum.h>
#endif /* __ASM_CHECKSUM_H */
--- a/arch/arm64/lib/Makefile
+++ b/arch/arm64/lib/Makefile
@@ -1,9 +1,9 @@
# SPDX-License-Identifier: GPL-2.0
lib-y := clear_user.o delay.o copy_from_user.o \
copy_to_user.o copy_in_user.o copy_page.o \
- clear_page.o memchr.o memcpy.o memmove.o memset.o \
- memcmp.o strcmp.o strncmp.o strlen.o strnlen.o \
- strchr.o strrchr.o tishift.o
+ clear_page.o csum.o memchr.o memcpy.o memmove.o \
+ memset.o memcmp.o strcmp.o strncmp.o strlen.o \
+ strnlen.o strchr.o strrchr.o tishift.o
ifeq ($(CONFIG_KERNEL_MODE_NEON), y)
obj-$(CONFIG_XOR_BLOCKS) += xor-neon.o
--- /dev/null
+++ b/arch/arm64/lib/csum.c
@@ -0,0 +1,123 @@
+// SPDX-License-Identifier: GPL-2.0-only
+// Copyright (C) 2019-2020 Arm Ltd.
+
+#include <linux/compiler.h>
+#include <linux/kasan-checks.h>
+#include <linux/kernel.h>
+
+#include <net/checksum.h>
+
+/* Looks dumb, but generates nice-ish code */
+static u64 accumulate(u64 sum, u64 data)
+{
+ __uint128_t tmp = (__uint128_t)sum + data;
+ return tmp + (tmp >> 64);
+}
+
+unsigned int do_csum(const unsigned char *buff, int len)
+{
+ unsigned int offset, shift, sum;
+ const u64 *ptr;
+ u64 data, sum64 = 0;
+
+ offset = (unsigned long)buff & 7;
+ /*
+ * This is to all intents and purposes safe, since rounding down cannot
+ * result in a different page or cache line being accessed, and @buff
+ * should absolutely not be pointing to anything read-sensitive. We do,
+ * however, have to be careful not to piss off KASAN, which means using
+ * unchecked reads to accommodate the head and tail, for which we'll
+ * compensate with an explicit check up-front.
+ */
+ kasan_check_read(buff, len);
+ ptr = (u64 *)(buff - offset);
+ len = len + offset - 8;
+
+ /*
+ * Head: zero out any excess leading bytes. Shifting back by the same
+ * amount should be at least as fast as any other way of handling the
+ * odd/even alignment, and means we can ignore it until the very end.
+ */
+ shift = offset * 8;
+ data = READ_ONCE_NOCHECK(*ptr++);
+#ifdef __LITTLE_ENDIAN
+ data = (data >> shift) << shift;
+#else
+ data = (data << shift) >> shift;
+#endif
+
+ /*
+ * Body: straightforward aligned loads from here on (the paired loads
+ * underlying the quadword type still only need dword alignment). The
+ * main loop strictly excludes the tail, so the second loop will always
+ * run at least once.
+ */
+ while (unlikely(len > 64)) {
+ __uint128_t tmp1, tmp2, tmp3, tmp4;
+
+ tmp1 = READ_ONCE_NOCHECK(*(__uint128_t *)ptr);
+ tmp2 = READ_ONCE_NOCHECK(*(__uint128_t *)(ptr + 2));
+ tmp3 = READ_ONCE_NOCHECK(*(__uint128_t *)(ptr + 4));
+ tmp4 = READ_ONCE_NOCHECK(*(__uint128_t *)(ptr + 6));
+
+ len -= 64;
+ ptr += 8;
+
+ /* This is the "don't dump the carry flag into a GPR" idiom */
+ tmp1 += (tmp1 >> 64) | (tmp1 << 64);
+ tmp2 += (tmp2 >> 64) | (tmp2 << 64);
+ tmp3 += (tmp3 >> 64) | (tmp3 << 64);
+ tmp4 += (tmp4 >> 64) | (tmp4 << 64);
+ tmp1 = ((tmp1 >> 64) << 64) | (tmp2 >> 64);
+ tmp1 += (tmp1 >> 64) | (tmp1 << 64);
+ tmp3 = ((tmp3 >> 64) << 64) | (tmp4 >> 64);
+ tmp3 += (tmp3 >> 64) | (tmp3 << 64);
+ tmp1 = ((tmp1 >> 64) << 64) | (tmp3 >> 64);
+ tmp1 += (tmp1 >> 64) | (tmp1 << 64);
+ tmp1 = ((tmp1 >> 64) << 64) | sum64;
+ tmp1 += (tmp1 >> 64) | (tmp1 << 64);
+ sum64 = tmp1 >> 64;
+ }
+ while (len > 8) {
+ __uint128_t tmp;
+
+ sum64 = accumulate(sum64, data);
+ tmp = READ_ONCE_NOCHECK(*(__uint128_t *)ptr);
+
+ len -= 16;
+ ptr += 2;
+
+#ifdef __LITTLE_ENDIAN
+ data = tmp >> 64;
+ sum64 = accumulate(sum64, tmp);
+#else
+ data = tmp;
+ sum64 = accumulate(sum64, tmp >> 64);
+#endif
+ }
+ if (len > 0) {
+ sum64 = accumulate(sum64, data);
+ data = READ_ONCE_NOCHECK(*ptr);
+ len -= 8;
+ }
+ /*
+ * Tail: zero any over-read bytes similarly to the head, again
+ * preserving odd/even alignment.
+ */
+ shift = len * -8;
+#ifdef __LITTLE_ENDIAN
+ data = (data << shift) >> shift;
+#else
+ data = (data >> shift) << shift;
+#endif
+ sum64 = accumulate(sum64, data);
+
+ /* Finally, folding */
+ sum64 += (sum64 >> 32) | (sum64 << 32);
+ sum = sum64 >> 32;
+ sum += (sum >> 16) | (sum << 16);
+ if (offset & 1)
+ return (u16)swab32(sum);
+
+ return sum >> 16;
+}

28
feeds/ipq40xx/ipq40xx/backport-5.4/042-v5.5-arm64-csum-Fix-pathological-zero-length-calls.patch
View File

@@ -1,28 +0,0 @@
From: Robin Murphy <robin.murphy@arm.com>
Date: Fri, 17 Jan 2020 15:48:39 +0000
Subject: [PATCH] arm64: csum: Fix pathological zero-length calls
In validating the checksumming results of the new routine, I sadly
neglected to test its not-checksumming results. Thus it slipped through
that the one case where @buff is already dword-aligned and @len = 0
manages to defeat the tail-masking logic and behave as if @len = 8.
For a zero length it doesn't make much sense to deference @buff anyway,
so just add an early return (which has essentially zero impact on
performance).
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
---
--- a/arch/arm64/lib/csum.c
+++ b/arch/arm64/lib/csum.c
@@ -20,6 +20,9 @@ unsigned int do_csum(const unsigned char
const u64 *ptr;
u64 data, sum64 = 0;
+ if (unlikely(len == 0))
+ return 0;
+
offset = (unsigned long)buff & 7;
/*
* This is to all intents and purposes safe, since rounding down cannot

112
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0001-crypto-lib-tidy-up-lib-crypto-Kconfig-and-Makefile.patch
View File

@@ -1,112 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:07 +0100
Subject: [PATCH] crypto: lib - tidy up lib/crypto Kconfig and Makefile
commit 746b2e024c67aa605ac12d135cd7085a49cf9dc4 upstream.
In preparation of introducing a set of crypto library interfaces, tidy
up the Makefile and split off the Kconfig symbols into a separate file.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
crypto/Kconfig | 13 +------------
lib/crypto/Kconfig | 15 +++++++++++++++
lib/crypto/Makefile | 16 ++++++++--------
3 files changed, 24 insertions(+), 20 deletions(-)
create mode 100644 lib/crypto/Kconfig
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -878,9 +878,6 @@ config CRYPTO_SHA1_PPC_SPE
SHA-1 secure hash standard (DFIPS 180-4) implemented
using powerpc SPE SIMD instruction set.
-config CRYPTO_LIB_SHA256
- tristate
-
config CRYPTO_SHA256
tristate "SHA224 and SHA256 digest algorithm"
select CRYPTO_HASH
@@ -1019,9 +1016,6 @@ config CRYPTO_GHASH_CLMUL_NI_INTEL
comment "Ciphers"
-config CRYPTO_LIB_AES
- tristate
-
config CRYPTO_AES
tristate "AES cipher algorithms"
select CRYPTO_ALGAPI
@@ -1150,9 +1144,6 @@ config CRYPTO_ANUBIS
<https://www.cosic.esat.kuleuven.be/nessie/reports/>
<http://www.larc.usp.br/~pbarreto/AnubisPage.html>
-config CRYPTO_LIB_ARC4
- tristate
-
config CRYPTO_ARC4
tristate "ARC4 cipher algorithm"
select CRYPTO_BLKCIPHER
@@ -1339,9 +1330,6 @@ config CRYPTO_CAST6_AVX_X86_64
This module provides the Cast6 cipher algorithm that processes
eight blocks parallel using the AVX instruction set.
-config CRYPTO_LIB_DES
- tristate
-
config CRYPTO_DES
tristate "DES and Triple DES EDE cipher algorithms"
select CRYPTO_ALGAPI
@@ -1845,6 +1833,7 @@ config CRYPTO_STATS
config CRYPTO_HASH_INFO
bool
+source "lib/crypto/Kconfig"
source "drivers/crypto/Kconfig"
source "crypto/asymmetric_keys/Kconfig"
source "certs/Kconfig"
--- /dev/null
+++ b/lib/crypto/Kconfig
@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: GPL-2.0
+
+comment "Crypto library routines"
+
+config CRYPTO_LIB_AES
+ tristate
+
+config CRYPTO_LIB_ARC4
+ tristate
+
+config CRYPTO_LIB_DES
+ tristate
+
+config CRYPTO_LIB_SHA256
+ tristate
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -1,13 +1,13 @@
# SPDX-License-Identifier: GPL-2.0
-obj-$(CONFIG_CRYPTO_LIB_AES) += libaes.o
-libaes-y := aes.o
+obj-$(CONFIG_CRYPTO_LIB_AES) += libaes.o
+libaes-y := aes.o
-obj-$(CONFIG_CRYPTO_LIB_ARC4) += libarc4.o
-libarc4-y := arc4.o
+obj-$(CONFIG_CRYPTO_LIB_ARC4) += libarc4.o
+libarc4-y := arc4.o
-obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o
-libdes-y := des.o
+obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o
+libdes-y := des.o
-obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o
-libsha256-y := sha256.o
+obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o
+libsha256-y := sha256.o

668
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0002-crypto-chacha-move-existing-library-code-into-lib-cr.patch
View File

@@ -1,668 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:08 +0100
Subject: [PATCH] crypto: chacha - move existing library code into lib/crypto
commit 5fb8ef25803ef33e2eb60b626435828b937bed75 upstream.
Currently, our generic ChaCha implementation consists of a permute
function in lib/chacha.c that operates on the 64-byte ChaCha state
directly [and which is always included into the core kernel since it
is used by the /dev/random driver], and the crypto API plumbing to
expose it as a skcipher.
In order to support in-kernel users that need the ChaCha streamcipher
but have no need [or tolerance] for going through the abstractions of
the crypto API, let's expose the streamcipher bits via a library API
as well, in a way that permits the implementation to be superseded by
an architecture specific one if provided.
So move the streamcipher code into a separate module in lib/crypto,
and expose the init() and crypt() routines to users of the library.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/arm/crypto/chacha-neon-glue.c | 2 +-
arch/arm64/crypto/chacha-neon-glue.c | 2 +-
arch/x86/crypto/chacha_glue.c | 2 +-
crypto/Kconfig | 1 +
crypto/chacha_generic.c | 60 ++--------------------
include/crypto/chacha.h | 77 ++++++++++++++++++++++------
include/crypto/internal/chacha.h | 53 +++++++++++++++++++
lib/Makefile | 3 +-
lib/crypto/Kconfig | 26 ++++++++++
lib/crypto/Makefile | 4 ++
lib/{ => crypto}/chacha.c | 20 ++++----
lib/crypto/libchacha.c | 35 +++++++++++++
12 files changed, 199 insertions(+), 86 deletions(-)
create mode 100644 include/crypto/internal/chacha.h
rename lib/{ => crypto}/chacha.c (88%)
create mode 100644 lib/crypto/libchacha.c
--- a/arch/arm/crypto/chacha-neon-glue.c
+++ b/arch/arm/crypto/chacha-neon-glue.c
@@ -20,7 +20,7 @@
*/
#include <crypto/algapi.h>
-#include <crypto/chacha.h>
+#include <crypto/internal/chacha.h>
#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
#include <linux/kernel.h>
--- a/arch/arm64/crypto/chacha-neon-glue.c
+++ b/arch/arm64/crypto/chacha-neon-glue.c
@@ -20,7 +20,7 @@
*/
#include <crypto/algapi.h>
-#include <crypto/chacha.h>
+#include <crypto/internal/chacha.h>
#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
#include <linux/kernel.h>
--- a/arch/x86/crypto/chacha_glue.c
+++ b/arch/x86/crypto/chacha_glue.c
@@ -7,7 +7,7 @@
*/
#include <crypto/algapi.h>
-#include <crypto/chacha.h>
+#include <crypto/internal/chacha.h>
#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
#include <linux/kernel.h>
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1393,6 +1393,7 @@ config CRYPTO_SALSA20
config CRYPTO_CHACHA20
tristate "ChaCha stream cipher algorithms"
+ select CRYPTO_LIB_CHACHA_GENERIC
select CRYPTO_BLKCIPHER
help
The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
--- a/crypto/chacha_generic.c
+++ b/crypto/chacha_generic.c
@@ -8,29 +8,10 @@
#include <asm/unaligned.h>
#include <crypto/algapi.h>
-#include <crypto/chacha.h>
+#include <crypto/internal/chacha.h>
#include <crypto/internal/skcipher.h>
#include <linux/module.h>
-static void chacha_docrypt(u32 *state, u8 *dst, const u8 *src,
- unsigned int bytes, int nrounds)
-{
- /* aligned to potentially speed up crypto_xor() */
- u8 stream[CHACHA_BLOCK_SIZE] __aligned(sizeof(long));
-
- while (bytes >= CHACHA_BLOCK_SIZE) {
- chacha_block(state, stream, nrounds);
- crypto_xor_cpy(dst, src, stream, CHACHA_BLOCK_SIZE);
- bytes -= CHACHA_BLOCK_SIZE;
- dst += CHACHA_BLOCK_SIZE;
- src += CHACHA_BLOCK_SIZE;
- }
- if (bytes) {
- chacha_block(state, stream, nrounds);
- crypto_xor_cpy(dst, src, stream, bytes);
- }
-}
-
static int chacha_stream_xor(struct skcipher_request *req,
const struct chacha_ctx *ctx, const u8 *iv)
{
@@ -48,8 +29,8 @@ static int chacha_stream_xor(struct skci
if (nbytes < walk.total)
nbytes = round_down(nbytes, CHACHA_BLOCK_SIZE);
- chacha_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr,
- nbytes, ctx->nrounds);
+ chacha_crypt_generic(state, walk.dst.virt.addr,
+ walk.src.virt.addr, nbytes, ctx->nrounds);
err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
}
@@ -58,41 +39,10 @@ static int chacha_stream_xor(struct skci
void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv)
{
- state[0] = 0x61707865; /* "expa" */
- state[1] = 0x3320646e; /* "nd 3" */
- state[2] = 0x79622d32; /* "2-by" */
- state[3] = 0x6b206574; /* "te k" */
- state[4] = ctx->key[0];
- state[5] = ctx->key[1];
- state[6] = ctx->key[2];
- state[7] = ctx->key[3];
- state[8] = ctx->key[4];
- state[9] = ctx->key[5];
- state[10] = ctx->key[6];
- state[11] = ctx->key[7];
- state[12] = get_unaligned_le32(iv + 0);
- state[13] = get_unaligned_le32(iv + 4);
- state[14] = get_unaligned_le32(iv + 8);
- state[15] = get_unaligned_le32(iv + 12);
+ chacha_init_generic(state, ctx->key, iv);
}
EXPORT_SYMBOL_GPL(crypto_chacha_init);
-static int chacha_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keysize, int nrounds)
-{
- struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
- int i;
-
- if (keysize != CHACHA_KEY_SIZE)
- return -EINVAL;
-
- for (i = 0; i < ARRAY_SIZE(ctx->key); i++)
- ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
-
- ctx->nrounds = nrounds;
- return 0;
-}
-
int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
unsigned int keysize)
{
@@ -126,7 +76,7 @@ int crypto_xchacha_crypt(struct skcipher
/* Compute the subkey given the original key and first 128 nonce bits */
crypto_chacha_init(state, ctx, req->iv);
- hchacha_block(state, subctx.key, ctx->nrounds);
+ hchacha_block_generic(state, subctx.key, ctx->nrounds);
subctx.nrounds = ctx->nrounds;
/* Build the real IV */
--- a/include/crypto/chacha.h
+++ b/include/crypto/chacha.h
@@ -15,9 +15,8 @@
#ifndef _CRYPTO_CHACHA_H
#define _CRYPTO_CHACHA_H
-#include <crypto/skcipher.h>
+#include <asm/unaligned.h>
#include <linux/types.h>
-#include <linux/crypto.h>
/* 32-bit stream position, then 96-bit nonce (RFC7539 convention) */
#define CHACHA_IV_SIZE 16
@@ -29,26 +28,70 @@
/* 192-bit nonce, then 64-bit stream position */
#define XCHACHA_IV_SIZE 32
-struct chacha_ctx {
- u32 key[8];
- int nrounds;
-};
-
-void chacha_block(u32 *state, u8 *stream, int nrounds);
+void chacha_block_generic(u32 *state, u8 *stream, int nrounds);
static inline void chacha20_block(u32 *state, u8 *stream)
{
- chacha_block(state, stream, 20);
+ chacha_block_generic(state, stream, 20);
}
-void hchacha_block(const u32 *in, u32 *out, int nrounds);
-void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv);
+void hchacha_block_arch(const u32 *state, u32 *out, int nrounds);
+void hchacha_block_generic(const u32 *state, u32 *out, int nrounds);
+
+static inline void hchacha_block(const u32 *state, u32 *out, int nrounds)
+{
+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA))
+ hchacha_block_arch(state, out, nrounds);
+ else
+ hchacha_block_generic(state, out, nrounds);
+}
-int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keysize);
-int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keysize);
+void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv);
+static inline void chacha_init_generic(u32 *state, const u32 *key, const u8 *iv)
+{
+ state[0] = 0x61707865; /* "expa" */
+ state[1] = 0x3320646e; /* "nd 3" */
+ state[2] = 0x79622d32; /* "2-by" */
+ state[3] = 0x6b206574; /* "te k" */
+ state[4] = key[0];
+ state[5] = key[1];
+ state[6] = key[2];
+ state[7] = key[3];
+ state[8] = key[4];
+ state[9] = key[5];
+ state[10] = key[6];
+ state[11] = key[7];
+ state[12] = get_unaligned_le32(iv + 0);
+ state[13] = get_unaligned_le32(iv + 4);
+ state[14] = get_unaligned_le32(iv + 8);
+ state[15] = get_unaligned_le32(iv + 12);
+}
-int crypto_chacha_crypt(struct skcipher_request *req);
-int crypto_xchacha_crypt(struct skcipher_request *req);
+static inline void chacha_init(u32 *state, const u32 *key, const u8 *iv)
+{
+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA))
+ chacha_init_arch(state, key, iv);
+ else
+ chacha_init_generic(state, key, iv);
+}
+
+void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src,
+ unsigned int bytes, int nrounds);
+void chacha_crypt_generic(u32 *state, u8 *dst, const u8 *src,
+ unsigned int bytes, int nrounds);
+
+static inline void chacha_crypt(u32 *state, u8 *dst, const u8 *src,
+ unsigned int bytes, int nrounds)
+{
+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA))
+ chacha_crypt_arch(state, dst, src, bytes, nrounds);
+ else
+ chacha_crypt_generic(state, dst, src, bytes, nrounds);
+}
+
+static inline void chacha20_crypt(u32 *state, u8 *dst, const u8 *src,
+ unsigned int bytes)
+{
+ chacha_crypt(state, dst, src, bytes, 20);
+}
#endif /* _CRYPTO_CHACHA_H */
--- /dev/null
+++ b/include/crypto/internal/chacha.h
@@ -0,0 +1,53 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#ifndef _CRYPTO_INTERNAL_CHACHA_H
+#define _CRYPTO_INTERNAL_CHACHA_H
+
+#include <crypto/chacha.h>
+#include <crypto/internal/skcipher.h>
+#include <linux/crypto.h>
+
+struct chacha_ctx {
+ u32 key[8];
+ int nrounds;
+};
+
+void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv);
+
+static inline int chacha_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize, int nrounds)
+{
+ struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
+ int i;
+
+ if (keysize != CHACHA_KEY_SIZE)
+ return -EINVAL;
+
+ for (i = 0; i < ARRAY_SIZE(ctx->key); i++)
+ ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
+
+ ctx->nrounds = nrounds;
+ return 0;
+}
+
+static inline int chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize)
+{
+ return chacha_setkey(tfm, key, keysize, 20);
+}
+
+static int inline chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize)
+{
+ return chacha_setkey(tfm, key, keysize, 12);
+}
+
+int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize);
+int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize);
+
+int crypto_chacha_crypt(struct skcipher_request *req);
+int crypto_xchacha_crypt(struct skcipher_request *req);
+
+#endif /* _CRYPTO_CHACHA_H */
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -26,8 +26,7 @@ endif
lib-y := ctype.o string.o vsprintf.o cmdline.o \
rbtree.o radix-tree.o timerqueue.o xarray.o \
- idr.o extable.o \
- sha1.o chacha.o irq_regs.o argv_split.o \
+ idr.o extable.o sha1.o irq_regs.o argv_split.o \
flex_proportions.o ratelimit.o show_mem.o \
is_single_threaded.o plist.o decompress.o kobject_uevent.o \
earlycpio.o seq_buf.o siphash.o dec_and_lock.o \
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -8,6 +8,32 @@ config CRYPTO_LIB_AES
config CRYPTO_LIB_ARC4
tristate
+config CRYPTO_ARCH_HAVE_LIB_CHACHA
+ tristate
+ help
+ Declares whether the architecture provides an arch-specific
+ accelerated implementation of the ChaCha library interface,
+ either builtin or as a module.
+
+config CRYPTO_LIB_CHACHA_GENERIC
+ tristate
+ select CRYPTO_ALGAPI
+ help
+ This symbol can be depended upon by arch implementations of the
+ ChaCha library interface that require the generic code as a
+ fallback, e.g., for SIMD implementations. If no arch specific
+ implementation is enabled, this implementation serves the users
+ of CRYPTO_LIB_CHACHA.
+
+config CRYPTO_LIB_CHACHA
+ tristate "ChaCha library interface"
+ depends on CRYPTO_ARCH_HAVE_LIB_CHACHA || !CRYPTO_ARCH_HAVE_LIB_CHACHA
+ select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n
+ help
+ Enable the ChaCha library interface. This interface may be fulfilled
+ by either the generic implementation or an arch-specific one, if one
+ is available and enabled.
+
config CRYPTO_LIB_DES
tristate
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -1,5 +1,9 @@
# SPDX-License-Identifier: GPL-2.0
+# chacha is used by the /dev/random driver which is always builtin
+obj-y += chacha.o
+obj-$(CONFIG_CRYPTO_LIB_CHACHA_GENERIC) += libchacha.o
+
obj-$(CONFIG_CRYPTO_LIB_AES) += libaes.o
libaes-y := aes.o
--- a/lib/chacha.c
+++ /dev/null
@@ -1,113 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * The "hash function" used as the core of the ChaCha stream cipher (RFC7539)
- *
- * Copyright (C) 2015 Martin Willi
- */
-
-#include <linux/kernel.h>
-#include <linux/export.h>
-#include <linux/bitops.h>
-#include <linux/cryptohash.h>
-#include <asm/unaligned.h>
-#include <crypto/chacha.h>
-
-static void chacha_permute(u32 *x, int nrounds)
-{
- int i;
-
- /* whitelist the allowed round counts */
- WARN_ON_ONCE(nrounds != 20 && nrounds != 12);
-
- for (i = 0; i < nrounds; i += 2) {
- x[0] += x[4]; x[12] = rol32(x[12] ^ x[0], 16);
- x[1] += x[5]; x[13] = rol32(x[13] ^ x[1], 16);
- x[2] += x[6]; x[14] = rol32(x[14] ^ x[2], 16);
- x[3] += x[7]; x[15] = rol32(x[15] ^ x[3], 16);
-
- x[8] += x[12]; x[4] = rol32(x[4] ^ x[8], 12);
- x[9] += x[13]; x[5] = rol32(x[5] ^ x[9], 12);
- x[10] += x[14]; x[6] = rol32(x[6] ^ x[10], 12);
- x[11] += x[15]; x[7] = rol32(x[7] ^ x[11], 12);
-
- x[0] += x[4]; x[12] = rol32(x[12] ^ x[0], 8);
- x[1] += x[5]; x[13] = rol32(x[13] ^ x[1], 8);
- x[2] += x[6]; x[14] = rol32(x[14] ^ x[2], 8);
- x[3] += x[7]; x[15] = rol32(x[15] ^ x[3], 8);
-
- x[8] += x[12]; x[4] = rol32(x[4] ^ x[8], 7);
- x[9] += x[13]; x[5] = rol32(x[5] ^ x[9], 7);
- x[10] += x[14]; x[6] = rol32(x[6] ^ x[10], 7);
- x[11] += x[15]; x[7] = rol32(x[7] ^ x[11], 7);
-
- x[0] += x[5]; x[15] = rol32(x[15] ^ x[0], 16);
- x[1] += x[6]; x[12] = rol32(x[12] ^ x[1], 16);
- x[2] += x[7]; x[13] = rol32(x[13] ^ x[2], 16);
- x[3] += x[4]; x[14] = rol32(x[14] ^ x[3], 16);
-
- x[10] += x[15]; x[5] = rol32(x[5] ^ x[10], 12);
- x[11] += x[12]; x[6] = rol32(x[6] ^ x[11], 12);
- x[8] += x[13]; x[7] = rol32(x[7] ^ x[8], 12);
- x[9] += x[14]; x[4] = rol32(x[4] ^ x[9], 12);
-
- x[0] += x[5]; x[15] = rol32(x[15] ^ x[0], 8);
- x[1] += x[6]; x[12] = rol32(x[12] ^ x[1], 8);
- x[2] += x[7]; x[13] = rol32(x[13] ^ x[2], 8);
- x[3] += x[4]; x[14] = rol32(x[14] ^ x[3], 8);
-
- x[10] += x[15]; x[5] = rol32(x[5] ^ x[10], 7);
- x[11] += x[12]; x[6] = rol32(x[6] ^ x[11], 7);
- x[8] += x[13]; x[7] = rol32(x[7] ^ x[8], 7);
- x[9] += x[14]; x[4] = rol32(x[4] ^ x[9], 7);
- }
-}
-
-/**
- * chacha_block - generate one keystream block and increment block counter
- * @state: input state matrix (16 32-bit words)
- * @stream: output keystream block (64 bytes)
- * @nrounds: number of rounds (20 or 12; 20 is recommended)
- *
- * This is the ChaCha core, a function from 64-byte strings to 64-byte strings.
- * The caller has already converted the endianness of the input. This function
- * also handles incrementing the block counter in the input matrix.
- */
-void chacha_block(u32 *state, u8 *stream, int nrounds)
-{
- u32 x[16];
- int i;
-
- memcpy(x, state, 64);
-
- chacha_permute(x, nrounds);
-
- for (i = 0; i < ARRAY_SIZE(x); i++)
- put_unaligned_le32(x[i] + state[i], &stream[i * sizeof(u32)]);
-
- state[12]++;
-}
-EXPORT_SYMBOL(chacha_block);
-
-/**
- * hchacha_block - abbreviated ChaCha core, for XChaCha
- * @in: input state matrix (16 32-bit words)
- * @out: output (8 32-bit words)
- * @nrounds: number of rounds (20 or 12; 20 is recommended)
- *
- * HChaCha is the ChaCha equivalent of HSalsa and is an intermediate step
- * towards XChaCha (see https://cr.yp.to/snuffle/xsalsa-20081128.pdf). HChaCha
- * skips the final addition of the initial state, and outputs only certain words
- * of the state. It should not be used for streaming directly.
- */
-void hchacha_block(const u32 *in, u32 *out, int nrounds)
-{
- u32 x[16];
-
- memcpy(x, in, 64);
-
- chacha_permute(x, nrounds);
-
- memcpy(&out[0], &x[0], 16);
- memcpy(&out[4], &x[12], 16);
-}
-EXPORT_SYMBOL(hchacha_block);
--- /dev/null
+++ b/lib/crypto/chacha.c
@@ -0,0 +1,115 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * The "hash function" used as the core of the ChaCha stream cipher (RFC7539)
+ *
+ * Copyright (C) 2015 Martin Willi
+ */
+
+#include <linux/bug.h>
+#include <linux/kernel.h>
+#include <linux/export.h>
+#include <linux/bitops.h>
+#include <linux/string.h>
+#include <linux/cryptohash.h>
+#include <asm/unaligned.h>
+#include <crypto/chacha.h>
+
+static void chacha_permute(u32 *x, int nrounds)
+{
+ int i;
+
+ /* whitelist the allowed round counts */
+ WARN_ON_ONCE(nrounds != 20 && nrounds != 12);
+
+ for (i = 0; i < nrounds; i += 2) {
+ x[0] += x[4]; x[12] = rol32(x[12] ^ x[0], 16);
+ x[1] += x[5]; x[13] = rol32(x[13] ^ x[1], 16);
+ x[2] += x[6]; x[14] = rol32(x[14] ^ x[2], 16);
+ x[3] += x[7]; x[15] = rol32(x[15] ^ x[3], 16);
+
+ x[8] += x[12]; x[4] = rol32(x[4] ^ x[8], 12);
+ x[9] += x[13]; x[5] = rol32(x[5] ^ x[9], 12);
+ x[10] += x[14]; x[6] = rol32(x[6] ^ x[10], 12);
+ x[11] += x[15]; x[7] = rol32(x[7] ^ x[11], 12);
+
+ x[0] += x[4]; x[12] = rol32(x[12] ^ x[0], 8);
+ x[1] += x[5]; x[13] = rol32(x[13] ^ x[1], 8);
+ x[2] += x[6]; x[14] = rol32(x[14] ^ x[2], 8);
+ x[3] += x[7]; x[15] = rol32(x[15] ^ x[3], 8);
+
+ x[8] += x[12]; x[4] = rol32(x[4] ^ x[8], 7);
+ x[9] += x[13]; x[5] = rol32(x[5] ^ x[9], 7);
+ x[10] += x[14]; x[6] = rol32(x[6] ^ x[10], 7);
+ x[11] += x[15]; x[7] = rol32(x[7] ^ x[11], 7);
+
+ x[0] += x[5]; x[15] = rol32(x[15] ^ x[0], 16);
+ x[1] += x[6]; x[12] = rol32(x[12] ^ x[1], 16);
+ x[2] += x[7]; x[13] = rol32(x[13] ^ x[2], 16);
+ x[3] += x[4]; x[14] = rol32(x[14] ^ x[3], 16);
+
+ x[10] += x[15]; x[5] = rol32(x[5] ^ x[10], 12);
+ x[11] += x[12]; x[6] = rol32(x[6] ^ x[11], 12);
+ x[8] += x[13]; x[7] = rol32(x[7] ^ x[8], 12);
+ x[9] += x[14]; x[4] = rol32(x[4] ^ x[9], 12);
+
+ x[0] += x[5]; x[15] = rol32(x[15] ^ x[0], 8);
+ x[1] += x[6]; x[12] = rol32(x[12] ^ x[1], 8);
+ x[2] += x[7]; x[13] = rol32(x[13] ^ x[2], 8);
+ x[3] += x[4]; x[14] = rol32(x[14] ^ x[3], 8);
+
+ x[10] += x[15]; x[5] = rol32(x[5] ^ x[10], 7);
+ x[11] += x[12]; x[6] = rol32(x[6] ^ x[11], 7);
+ x[8] += x[13]; x[7] = rol32(x[7] ^ x[8], 7);
+ x[9] += x[14]; x[4] = rol32(x[4] ^ x[9], 7);
+ }
+}
+
+/**
+ * chacha_block - generate one keystream block and increment block counter
+ * @state: input state matrix (16 32-bit words)
+ * @stream: output keystream block (64 bytes)
+ * @nrounds: number of rounds (20 or 12; 20 is recommended)
+ *
+ * This is the ChaCha core, a function from 64-byte strings to 64-byte strings.
+ * The caller has already converted the endianness of the input. This function
+ * also handles incrementing the block counter in the input matrix.
+ */
+void chacha_block_generic(u32 *state, u8 *stream, int nrounds)
+{
+ u32 x[16];
+ int i;
+
+ memcpy(x, state, 64);
+
+ chacha_permute(x, nrounds);
+
+ for (i = 0; i < ARRAY_SIZE(x); i++)
+ put_unaligned_le32(x[i] + state[i], &stream[i * sizeof(u32)]);
+
+ state[12]++;
+}
+EXPORT_SYMBOL(chacha_block_generic);
+
+/**
+ * hchacha_block_generic - abbreviated ChaCha core, for XChaCha
+ * @state: input state matrix (16 32-bit words)
+ * @out: output (8 32-bit words)
+ * @nrounds: number of rounds (20 or 12; 20 is recommended)
+ *
+ * HChaCha is the ChaCha equivalent of HSalsa and is an intermediate step
+ * towards XChaCha (see https://cr.yp.to/snuffle/xsalsa-20081128.pdf). HChaCha
+ * skips the final addition of the initial state, and outputs only certain words
+ * of the state. It should not be used for streaming directly.
+ */
+void hchacha_block_generic(const u32 *state, u32 *stream, int nrounds)
+{
+ u32 x[16];
+
+ memcpy(x, state, 64);
+
+ chacha_permute(x, nrounds);
+
+ memcpy(&stream[0], &x[0], 16);
+ memcpy(&stream[4], &x[12], 16);
+}
+EXPORT_SYMBOL(hchacha_block_generic);
--- /dev/null
+++ b/lib/crypto/libchacha.c
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * The ChaCha stream cipher (RFC7539)
+ *
+ * Copyright (C) 2015 Martin Willi
+ */
+
+#include <linux/kernel.h>
+#include <linux/export.h>
+#include <linux/module.h>
+
+#include <crypto/algapi.h> // for crypto_xor_cpy
+#include <crypto/chacha.h>
+
+void chacha_crypt_generic(u32 *state, u8 *dst, const u8 *src,
+ unsigned int bytes, int nrounds)
+{
+ /* aligned to potentially speed up crypto_xor() */
+ u8 stream[CHACHA_BLOCK_SIZE] __aligned(sizeof(long));
+
+ while (bytes >= CHACHA_BLOCK_SIZE) {
+ chacha_block_generic(state, stream, nrounds);
+ crypto_xor_cpy(dst, src, stream, CHACHA_BLOCK_SIZE);
+ bytes -= CHACHA_BLOCK_SIZE;
+ dst += CHACHA_BLOCK_SIZE;
+ src += CHACHA_BLOCK_SIZE;
+ }
+ if (bytes) {
+ chacha_block_generic(state, stream, nrounds);
+ crypto_xor_cpy(dst, src, stream, bytes);
+ }
+}
+EXPORT_SYMBOL(chacha_crypt_generic);
+
+MODULE_LICENSE("GPL");

192
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0003-crypto-x86-chacha-depend-on-generic-chacha-library-i.patch
View File

@@ -1,192 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:09 +0100
Subject: [PATCH] crypto: x86/chacha - depend on generic chacha library instead
of crypto driver
commit 28e8d89b1ce8d2e7badfb5f69971dd635acb8863 upstream.
In preparation of extending the x86 ChaCha driver to also expose the ChaCha
library interface, drop the dependency on the chacha_generic crypto driver
as a non-SIMD fallback, and depend on the generic ChaCha library directly.
This way, we only pull in the code we actually need, without registering
a set of ChaCha skciphers that we will never use.
Since turning the FPU on and off is cheap these days, simplify the SIMD
routine by dropping the per-page yield, which makes for a cleaner switch
to the library API as well. This also allows use to invoke the skcipher
walk routines in non-atomic mode.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/x86/crypto/chacha_glue.c | 90 ++++++++++++++---------------------
crypto/Kconfig | 2 +-
2 files changed, 36 insertions(+), 56 deletions(-)
--- a/arch/x86/crypto/chacha_glue.c
+++ b/arch/x86/crypto/chacha_glue.c
@@ -123,37 +123,38 @@ static void chacha_dosimd(u32 *state, u8
}
}
-static int chacha_simd_stream_xor(struct skcipher_walk *walk,
+static int chacha_simd_stream_xor(struct skcipher_request *req,
const struct chacha_ctx *ctx, const u8 *iv)
{
u32 *state, state_buf[16 + 2] __aligned(8);
- int next_yield = 4096; /* bytes until next FPU yield */
- int err = 0;
+ struct skcipher_walk walk;
+ int err;
+
+ err = skcipher_walk_virt(&walk, req, false);
BUILD_BUG_ON(CHACHA_STATE_ALIGN != 16);
state = PTR_ALIGN(state_buf + 0, CHACHA_STATE_ALIGN);
- crypto_chacha_init(state, ctx, iv);
+ chacha_init_generic(state, ctx->key, iv);
- while (walk->nbytes > 0) {
- unsigned int nbytes = walk->nbytes;
+ while (walk.nbytes > 0) {
+ unsigned int nbytes = walk.nbytes;
- if (nbytes < walk->total) {
- nbytes = round_down(nbytes, walk->stride);
- next_yield -= nbytes;
- }
-
- chacha_dosimd(state, walk->dst.virt.addr, walk->src.virt.addr,
- nbytes, ctx->nrounds);
+ if (nbytes < walk.total)
+ nbytes = round_down(nbytes, walk.stride);
- if (next_yield <= 0) {
- /* temporarily allow preemption */
- kernel_fpu_end();
+ if (!crypto_simd_usable()) {
+ chacha_crypt_generic(state, walk.dst.virt.addr,
+ walk.src.virt.addr, nbytes,
+ ctx->nrounds);
+ } else {
kernel_fpu_begin();
- next_yield = 4096;
+ chacha_dosimd(state, walk.dst.virt.addr,
+ walk.src.virt.addr, nbytes,
+ ctx->nrounds);
+ kernel_fpu_end();
}
-
- err = skcipher_walk_done(walk, walk->nbytes - nbytes);
+ err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
}
return err;
@@ -163,55 +164,34 @@ static int chacha_simd(struct skcipher_r
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct skcipher_walk walk;
- int err;
-
- if (req->cryptlen <= CHACHA_BLOCK_SIZE || !crypto_simd_usable())
- return crypto_chacha_crypt(req);
- err = skcipher_walk_virt(&walk, req, true);
- if (err)
- return err;
-
- kernel_fpu_begin();
- err = chacha_simd_stream_xor(&walk, ctx, req->iv);
- kernel_fpu_end();
- return err;
+ return chacha_simd_stream_xor(req, ctx, req->iv);
}
static int xchacha_simd(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct skcipher_walk walk;
- struct chacha_ctx subctx;
u32 *state, state_buf[16 + 2] __aligned(8);
+ struct chacha_ctx subctx;
u8 real_iv[16];
- int err;
-
- if (req->cryptlen <= CHACHA_BLOCK_SIZE || !crypto_simd_usable())
- return crypto_xchacha_crypt(req);
-
- err = skcipher_walk_virt(&walk, req, true);
- if (err)
- return err;
BUILD_BUG_ON(CHACHA_STATE_ALIGN != 16);
state = PTR_ALIGN(state_buf + 0, CHACHA_STATE_ALIGN);
- crypto_chacha_init(state, ctx, req->iv);
+ chacha_init_generic(state, ctx->key, req->iv);
- kernel_fpu_begin();
-
- hchacha_block_ssse3(state, subctx.key, ctx->nrounds);
+ if (req->cryptlen > CHACHA_BLOCK_SIZE && crypto_simd_usable()) {
+ kernel_fpu_begin();
+ hchacha_block_ssse3(state, subctx.key, ctx->nrounds);
+ kernel_fpu_end();
+ } else {
+ hchacha_block_generic(state, subctx.key, ctx->nrounds);
+ }
subctx.nrounds = ctx->nrounds;
memcpy(&real_iv[0], req->iv + 24, 8);
memcpy(&real_iv[8], req->iv + 16, 8);
- err = chacha_simd_stream_xor(&walk, &subctx, real_iv);
-
- kernel_fpu_end();
-
- return err;
+ return chacha_simd_stream_xor(req, &subctx, real_iv);
}
static struct skcipher_alg algs[] = {
@@ -227,7 +207,7 @@ static struct skcipher_alg algs[] = {
.max_keysize = CHACHA_KEY_SIZE,
.ivsize = CHACHA_IV_SIZE,
.chunksize = CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha20_setkey,
+ .setkey = chacha20_setkey,
.encrypt = chacha_simd,
.decrypt = chacha_simd,
}, {
@@ -242,7 +222,7 @@ static struct skcipher_alg algs[] = {
.max_keysize = CHACHA_KEY_SIZE,
.ivsize = XCHACHA_IV_SIZE,
.chunksize = CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha20_setkey,
+ .setkey = chacha20_setkey,
.encrypt = xchacha_simd,
.decrypt = xchacha_simd,
}, {
@@ -257,7 +237,7 @@ static struct skcipher_alg algs[] = {
.max_keysize = CHACHA_KEY_SIZE,
.ivsize = XCHACHA_IV_SIZE,
.chunksize = CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha12_setkey,
+ .setkey = chacha12_setkey,
.encrypt = xchacha_simd,
.decrypt = xchacha_simd,
},
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1417,7 +1417,7 @@ config CRYPTO_CHACHA20_X86_64
tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
depends on X86 && 64BIT
select CRYPTO_BLKCIPHER
- select CRYPTO_CHACHA20
+ select CRYPTO_LIB_CHACHA_GENERIC
help
SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
XChaCha20, and XChaCha12 stream ciphers.

205
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0004-crypto-x86-chacha-expose-SIMD-ChaCha-routine-as-libr.patch
View File

@@ -1,205 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:10 +0100
Subject: [PATCH] crypto: x86/chacha - expose SIMD ChaCha routine as library
function
commit 84e03fa39fbe95a5567d43bff458c6d3b3a23ad1 upstream.
Wire the existing x86 SIMD ChaCha code into the new ChaCha library
interface, so that users of the library interface will get the
accelerated version when available.
Given that calls into the library API will always go through the
routines in this module if it is enabled, switch to static keys
to select the optimal implementation available (which may be none
at all, in which case we defer to the generic implementation for
all invocations).
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/x86/crypto/chacha_glue.c | 91 +++++++++++++++++++++++++----------
crypto/Kconfig | 1 +
include/crypto/chacha.h | 6 +++
3 files changed, 73 insertions(+), 25 deletions(-)
--- a/arch/x86/crypto/chacha_glue.c
+++ b/arch/x86/crypto/chacha_glue.c
@@ -21,24 +21,24 @@ asmlinkage void chacha_block_xor_ssse3(u
asmlinkage void chacha_4block_xor_ssse3(u32 *state, u8 *dst, const u8 *src,
unsigned int len, int nrounds);
asmlinkage void hchacha_block_ssse3(const u32 *state, u32 *out, int nrounds);
-#ifdef CONFIG_AS_AVX2
+
asmlinkage void chacha_2block_xor_avx2(u32 *state, u8 *dst, const u8 *src,
unsigned int len, int nrounds);
asmlinkage void chacha_4block_xor_avx2(u32 *state, u8 *dst, const u8 *src,
unsigned int len, int nrounds);
asmlinkage void chacha_8block_xor_avx2(u32 *state, u8 *dst, const u8 *src,
unsigned int len, int nrounds);
-static bool chacha_use_avx2;
-#ifdef CONFIG_AS_AVX512
+
asmlinkage void chacha_2block_xor_avx512vl(u32 *state, u8 *dst, const u8 *src,
unsigned int len, int nrounds);
asmlinkage void chacha_4block_xor_avx512vl(u32 *state, u8 *dst, const u8 *src,
unsigned int len, int nrounds);
asmlinkage void chacha_8block_xor_avx512vl(u32 *state, u8 *dst, const u8 *src,
unsigned int len, int nrounds);
-static bool chacha_use_avx512vl;
-#endif
-#endif
+
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(chacha_use_simd);
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(chacha_use_avx2);
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(chacha_use_avx512vl);
static unsigned int chacha_advance(unsigned int len, unsigned int maxblocks)
{
@@ -49,9 +49,8 @@ static unsigned int chacha_advance(unsig
static void chacha_dosimd(u32 *state, u8 *dst, const u8 *src,
unsigned int bytes, int nrounds)
{
-#ifdef CONFIG_AS_AVX2
-#ifdef CONFIG_AS_AVX512
- if (chacha_use_avx512vl) {
+ if (IS_ENABLED(CONFIG_AS_AVX512) &&
+ static_branch_likely(&chacha_use_avx512vl)) {
while (bytes >= CHACHA_BLOCK_SIZE * 8) {
chacha_8block_xor_avx512vl(state, dst, src, bytes,
nrounds);
@@ -79,8 +78,9 @@ static void chacha_dosimd(u32 *state, u8
return;
}
}
-#endif
- if (chacha_use_avx2) {
+
+ if (IS_ENABLED(CONFIG_AS_AVX2) &&
+ static_branch_likely(&chacha_use_avx2)) {
while (bytes >= CHACHA_BLOCK_SIZE * 8) {
chacha_8block_xor_avx2(state, dst, src, bytes, nrounds);
bytes -= CHACHA_BLOCK_SIZE * 8;
@@ -104,7 +104,7 @@ static void chacha_dosimd(u32 *state, u8
return;
}
}
-#endif
+
while (bytes >= CHACHA_BLOCK_SIZE * 4) {
chacha_4block_xor_ssse3(state, dst, src, bytes, nrounds);
bytes -= CHACHA_BLOCK_SIZE * 4;
@@ -123,6 +123,43 @@ static void chacha_dosimd(u32 *state, u8
}
}
+void hchacha_block_arch(const u32 *state, u32 *stream, int nrounds)
+{
+ state = PTR_ALIGN(state, CHACHA_STATE_ALIGN);
+
+ if (!static_branch_likely(&chacha_use_simd) || !crypto_simd_usable()) {
+ hchacha_block_generic(state, stream, nrounds);
+ } else {
+ kernel_fpu_begin();
+ hchacha_block_ssse3(state, stream, nrounds);
+ kernel_fpu_end();
+ }
+}
+EXPORT_SYMBOL(hchacha_block_arch);
+
+void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv)
+{
+ state = PTR_ALIGN(state, CHACHA_STATE_ALIGN);
+
+ chacha_init_generic(state, key, iv);
+}
+EXPORT_SYMBOL(chacha_init_arch);
+
+void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src, unsigned int bytes,
+ int nrounds)
+{
+ state = PTR_ALIGN(state, CHACHA_STATE_ALIGN);
+
+ if (!static_branch_likely(&chacha_use_simd) || !crypto_simd_usable() ||
+ bytes <= CHACHA_BLOCK_SIZE)
+ return chacha_crypt_generic(state, dst, src, bytes, nrounds);
+
+ kernel_fpu_begin();
+ chacha_dosimd(state, dst, src, bytes, nrounds);
+ kernel_fpu_end();
+}
+EXPORT_SYMBOL(chacha_crypt_arch);
+
static int chacha_simd_stream_xor(struct skcipher_request *req,
const struct chacha_ctx *ctx, const u8 *iv)
{
@@ -143,7 +180,8 @@ static int chacha_simd_stream_xor(struct
if (nbytes < walk.total)
nbytes = round_down(nbytes, walk.stride);
- if (!crypto_simd_usable()) {
+ if (!static_branch_likely(&chacha_use_simd) ||
+ !crypto_simd_usable()) {
chacha_crypt_generic(state, walk.dst.virt.addr,
walk.src.virt.addr, nbytes,
ctx->nrounds);
@@ -246,18 +284,21 @@ static struct skcipher_alg algs[] = {
static int __init chacha_simd_mod_init(void)
{
if (!boot_cpu_has(X86_FEATURE_SSSE3))
- return -ENODEV;
+ return 0;
-#ifdef CONFIG_AS_AVX2
- chacha_use_avx2 = boot_cpu_has(X86_FEATURE_AVX) &&
- boot_cpu_has(X86_FEATURE_AVX2) &&
- cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL);
-#ifdef CONFIG_AS_AVX512
- chacha_use_avx512vl = chacha_use_avx2 &&
- boot_cpu_has(X86_FEATURE_AVX512VL) &&
- boot_cpu_has(X86_FEATURE_AVX512BW); /* kmovq */
-#endif
-#endif
+ static_branch_enable(&chacha_use_simd);
+
+ if (IS_ENABLED(CONFIG_AS_AVX2) &&
+ boot_cpu_has(X86_FEATURE_AVX) &&
+ boot_cpu_has(X86_FEATURE_AVX2) &&
+ cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL)) {
+ static_branch_enable(&chacha_use_avx2);
+
+ if (IS_ENABLED(CONFIG_AS_AVX512) &&
+ boot_cpu_has(X86_FEATURE_AVX512VL) &&
+ boot_cpu_has(X86_FEATURE_AVX512BW)) /* kmovq */
+ static_branch_enable(&chacha_use_avx512vl);
+ }
return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
}
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1418,6 +1418,7 @@ config CRYPTO_CHACHA20_X86_64
depends on X86 && 64BIT
select CRYPTO_BLKCIPHER
select CRYPTO_LIB_CHACHA_GENERIC
+ select CRYPTO_ARCH_HAVE_LIB_CHACHA
help
SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
XChaCha20, and XChaCha12 stream ciphers.
--- a/include/crypto/chacha.h
+++ b/include/crypto/chacha.h
@@ -25,6 +25,12 @@
#define CHACHA_BLOCK_SIZE 64
#define CHACHAPOLY_IV_SIZE 12
+#ifdef CONFIG_X86_64
+#define CHACHA_STATE_WORDS ((CHACHA_BLOCK_SIZE + 12) / sizeof(u32))
+#else
+#define CHACHA_STATE_WORDS (CHACHA_BLOCK_SIZE / sizeof(u32))
+#endif
+
/* 192-bit nonce, then 64-bit stream position */
#define XCHACHA_IV_SIZE 32

129
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0005-crypto-arm64-chacha-depend-on-generic-chacha-library.patch
View File

@@ -1,129 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:11 +0100
Subject: [PATCH] crypto: arm64/chacha - depend on generic chacha library
instead of crypto driver
commit c77da4867cbb7841177275dbb250f5c09679fae4 upstream.
Depend on the generic ChaCha library routines instead of pulling in the
generic ChaCha skcipher driver, which is more than we need, and makes
managing the dependencies between the generic library, generic driver,
accelerated library and driver more complicated.
While at it, drop the logic to prefer the scalar code on short inputs.
Turning the NEON on and off is cheap these days, and one major use case
for ChaCha20 is ChaCha20-Poly1305, which is guaranteed to hit the scalar
path upon every invocation (when doing the Poly1305 nonce generation)
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/arm64/crypto/Kconfig | 2 +-
arch/arm64/crypto/chacha-neon-glue.c | 40 +++++++++++++++-------------
2 files changed, 23 insertions(+), 19 deletions(-)
--- a/arch/arm64/crypto/Kconfig
+++ b/arch/arm64/crypto/Kconfig
@@ -103,7 +103,7 @@ config CRYPTO_CHACHA20_NEON
tristate "ChaCha20, XChaCha20, and XChaCha12 stream ciphers using NEON instructions"
depends on KERNEL_MODE_NEON
select CRYPTO_BLKCIPHER
- select CRYPTO_CHACHA20
+ select CRYPTO_LIB_CHACHA_GENERIC
config CRYPTO_NHPOLY1305_NEON
tristate "NHPoly1305 hash function using NEON instructions (for Adiantum)"
--- a/arch/arm64/crypto/chacha-neon-glue.c
+++ b/arch/arm64/crypto/chacha-neon-glue.c
@@ -68,7 +68,7 @@ static int chacha_neon_stream_xor(struct
err = skcipher_walk_virt(&walk, req, false);
- crypto_chacha_init(state, ctx, iv);
+ chacha_init_generic(state, ctx->key, iv);
while (walk.nbytes > 0) {
unsigned int nbytes = walk.nbytes;
@@ -76,10 +76,16 @@ static int chacha_neon_stream_xor(struct
if (nbytes < walk.total)
nbytes = rounddown(nbytes, walk.stride);
- kernel_neon_begin();
- chacha_doneon(state, walk.dst.virt.addr, walk.src.virt.addr,
- nbytes, ctx->nrounds);
- kernel_neon_end();
+ if (!crypto_simd_usable()) {
+ chacha_crypt_generic(state, walk.dst.virt.addr,
+ walk.src.virt.addr, nbytes,
+ ctx->nrounds);
+ } else {
+ kernel_neon_begin();
+ chacha_doneon(state, walk.dst.virt.addr,
+ walk.src.virt.addr, nbytes, ctx->nrounds);
+ kernel_neon_end();
+ }
err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
}
@@ -91,9 +97,6 @@ static int chacha_neon(struct skcipher_r
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
- if (req->cryptlen <= CHACHA_BLOCK_SIZE || !crypto_simd_usable())
- return crypto_chacha_crypt(req);
-
return chacha_neon_stream_xor(req, ctx, req->iv);
}
@@ -105,14 +108,15 @@ static int xchacha_neon(struct skcipher_
u32 state[16];
u8 real_iv[16];
- if (req->cryptlen <= CHACHA_BLOCK_SIZE || !crypto_simd_usable())
- return crypto_xchacha_crypt(req);
-
- crypto_chacha_init(state, ctx, req->iv);
+ chacha_init_generic(state, ctx->key, req->iv);
- kernel_neon_begin();
- hchacha_block_neon(state, subctx.key, ctx->nrounds);
- kernel_neon_end();
+ if (crypto_simd_usable()) {
+ kernel_neon_begin();
+ hchacha_block_neon(state, subctx.key, ctx->nrounds);
+ kernel_neon_end();
+ } else {
+ hchacha_block_generic(state, subctx.key, ctx->nrounds);
+ }
subctx.nrounds = ctx->nrounds;
memcpy(&real_iv[0], req->iv + 24, 8);
@@ -134,7 +138,7 @@ static struct skcipher_alg algs[] = {
.ivsize = CHACHA_IV_SIZE,
.chunksize = CHACHA_BLOCK_SIZE,
.walksize = 5 * CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha20_setkey,
+ .setkey = chacha20_setkey,
.encrypt = chacha_neon,
.decrypt = chacha_neon,
}, {
@@ -150,7 +154,7 @@ static struct skcipher_alg algs[] = {
.ivsize = XCHACHA_IV_SIZE,
.chunksize = CHACHA_BLOCK_SIZE,
.walksize = 5 * CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha20_setkey,
+ .setkey = chacha20_setkey,
.encrypt = xchacha_neon,
.decrypt = xchacha_neon,
}, {
@@ -166,7 +170,7 @@ static struct skcipher_alg algs[] = {
.ivsize = XCHACHA_IV_SIZE,
.chunksize = CHACHA_BLOCK_SIZE,
.walksize = 5 * CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha12_setkey,
+ .setkey = chacha12_setkey,
.encrypt = xchacha_neon,
.decrypt = xchacha_neon,
}

138
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0006-crypto-arm64-chacha-expose-arm64-ChaCha-routine-as-l.patch
View File

@@ -1,138 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:12 +0100
Subject: [PATCH] crypto: arm64/chacha - expose arm64 ChaCha routine as library
function
commit b3aad5bad26a01a4bd8c49a5c5f52aec665f3b7c upstream.
Expose the accelerated NEON ChaCha routine directly as a symbol
export so that users of the ChaCha library API can use it directly.
Given that calls into the library API will always go through the
routines in this module if it is enabled, switch to static keys
to select the optimal implementation available (which may be none
at all, in which case we defer to the generic implementation for
all invocations).
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/arm64/crypto/Kconfig | 1 +
arch/arm64/crypto/chacha-neon-glue.c | 53 ++++++++++++++++++++++------
2 files changed, 43 insertions(+), 11 deletions(-)
--- a/arch/arm64/crypto/Kconfig
+++ b/arch/arm64/crypto/Kconfig
@@ -104,6 +104,7 @@ config CRYPTO_CHACHA20_NEON
depends on KERNEL_MODE_NEON
select CRYPTO_BLKCIPHER
select CRYPTO_LIB_CHACHA_GENERIC
+ select CRYPTO_ARCH_HAVE_LIB_CHACHA
config CRYPTO_NHPOLY1305_NEON
tristate "NHPoly1305 hash function using NEON instructions (for Adiantum)"
--- a/arch/arm64/crypto/chacha-neon-glue.c
+++ b/arch/arm64/crypto/chacha-neon-glue.c
@@ -23,6 +23,7 @@
#include <crypto/internal/chacha.h>
#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
+#include <linux/jump_label.h>
#include <linux/kernel.h>
#include <linux/module.h>
@@ -36,6 +37,8 @@ asmlinkage void chacha_4block_xor_neon(u
int nrounds, int bytes);
asmlinkage void hchacha_block_neon(const u32 *state, u32 *out, int nrounds);
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_neon);
+
static void chacha_doneon(u32 *state, u8 *dst, const u8 *src,
int bytes, int nrounds)
{
@@ -59,6 +62,37 @@ static void chacha_doneon(u32 *state, u8
}
}
+void hchacha_block_arch(const u32 *state, u32 *stream, int nrounds)
+{
+ if (!static_branch_likely(&have_neon) || !crypto_simd_usable()) {
+ hchacha_block_generic(state, stream, nrounds);
+ } else {
+ kernel_neon_begin();
+ hchacha_block_neon(state, stream, nrounds);
+ kernel_neon_end();
+ }
+}
+EXPORT_SYMBOL(hchacha_block_arch);
+
+void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv)
+{
+ chacha_init_generic(state, key, iv);
+}
+EXPORT_SYMBOL(chacha_init_arch);
+
+void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src, unsigned int bytes,
+ int nrounds)
+{
+ if (!static_branch_likely(&have_neon) || bytes <= CHACHA_BLOCK_SIZE ||
+ !crypto_simd_usable())
+ return chacha_crypt_generic(state, dst, src, bytes, nrounds);
+
+ kernel_neon_begin();
+ chacha_doneon(state, dst, src, bytes, nrounds);
+ kernel_neon_end();
+}
+EXPORT_SYMBOL(chacha_crypt_arch);
+
static int chacha_neon_stream_xor(struct skcipher_request *req,
const struct chacha_ctx *ctx, const u8 *iv)
{
@@ -76,7 +110,8 @@ static int chacha_neon_stream_xor(struct
if (nbytes < walk.total)
nbytes = rounddown(nbytes, walk.stride);
- if (!crypto_simd_usable()) {
+ if (!static_branch_likely(&have_neon) ||
+ !crypto_simd_usable()) {
chacha_crypt_generic(state, walk.dst.virt.addr,
walk.src.virt.addr, nbytes,
ctx->nrounds);
@@ -109,14 +144,7 @@ static int xchacha_neon(struct skcipher_
u8 real_iv[16];
chacha_init_generic(state, ctx->key, req->iv);
-
- if (crypto_simd_usable()) {
- kernel_neon_begin();
- hchacha_block_neon(state, subctx.key, ctx->nrounds);
- kernel_neon_end();
- } else {
- hchacha_block_generic(state, subctx.key, ctx->nrounds);
- }
+ hchacha_block_arch(state, subctx.key, ctx->nrounds);
subctx.nrounds = ctx->nrounds;
memcpy(&real_iv[0], req->iv + 24, 8);
@@ -179,14 +207,17 @@ static struct skcipher_alg algs[] = {
static int __init chacha_simd_mod_init(void)
{
if (!cpu_have_named_feature(ASIMD))
- return -ENODEV;
+ return 0;
+
+ static_branch_enable(&have_neon);
return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
}
static void __exit chacha_simd_mod_fini(void)
{
- crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
+ if (cpu_have_named_feature(ASIMD))
+ crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
}
module_init(chacha_simd_mod_init);

480
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0007-crypto-arm-chacha-import-Eric-Biggers-s-scalar-accel.patch
View File

@@ -1,480 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:13 +0100
Subject: [PATCH] crypto: arm/chacha - import Eric Biggers's scalar accelerated
ChaCha code
commit 29621d099f9c642b22a69dc8e7e20c108473a392 upstream.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/arm/crypto/chacha-scalar-core.S | 461 +++++++++++++++++++++++++++
1 file changed, 461 insertions(+)
create mode 100644 arch/arm/crypto/chacha-scalar-core.S
--- /dev/null
+++ b/arch/arm/crypto/chacha-scalar-core.S
@@ -0,0 +1,461 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2018 Google, Inc.
+ */
+
+#include <linux/linkage.h>
+#include <asm/assembler.h>
+
+/*
+ * Design notes:
+ *
+ * 16 registers would be needed to hold the state matrix, but only 14 are
+ * available because 'sp' and 'pc' cannot be used. So we spill the elements
+ * (x8, x9) to the stack and swap them out with (x10, x11). This adds one
+ * 'ldrd' and one 'strd' instruction per round.
+ *
+ * All rotates are performed using the implicit rotate operand accepted by the
+ * 'add' and 'eor' instructions. This is faster than using explicit rotate
+ * instructions. To make this work, we allow the values in the second and last
+ * rows of the ChaCha state matrix (rows 'b' and 'd') to temporarily have the
+ * wrong rotation amount. The rotation amount is then fixed up just in time
+ * when the values are used. 'brot' is the number of bits the values in row 'b'
+ * need to be rotated right to arrive at the correct values, and 'drot'
+ * similarly for row 'd'. (brot, drot) start out as (0, 0) but we make it such
+ * that they end up as (25, 24) after every round.
+ */
+
+ // ChaCha state registers
+ X0 .req r0
+ X1 .req r1
+ X2 .req r2
+ X3 .req r3
+ X4 .req r4
+ X5 .req r5
+ X6 .req r6
+ X7 .req r7
+ X8_X10 .req r8 // shared by x8 and x10
+ X9_X11 .req r9 // shared by x9 and x11
+ X12 .req r10
+ X13 .req r11
+ X14 .req r12
+ X15 .req r14
+
+.Lexpand_32byte_k:
+ // "expand 32-byte k"
+ .word 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
+
+#ifdef __thumb2__
+# define adrl adr
+#endif
+
+.macro __rev out, in, t0, t1, t2
+.if __LINUX_ARM_ARCH__ >= 6
+ rev \out, \in
+.else
+ lsl \t0, \in, #24
+ and \t1, \in, #0xff00
+ and \t2, \in, #0xff0000
+ orr \out, \t0, \in, lsr #24
+ orr \out, \out, \t1, lsl #8
+ orr \out, \out, \t2, lsr #8
+.endif
+.endm
+
+.macro _le32_bswap x, t0, t1, t2
+#ifdef __ARMEB__
+ __rev \x, \x, \t0, \t1, \t2
+#endif
+.endm
+
+.macro _le32_bswap_4x a, b, c, d, t0, t1, t2
+ _le32_bswap \a, \t0, \t1, \t2
+ _le32_bswap \b, \t0, \t1, \t2
+ _le32_bswap \c, \t0, \t1, \t2
+ _le32_bswap \d, \t0, \t1, \t2
+.endm
+
+.macro __ldrd a, b, src, offset
+#if __LINUX_ARM_ARCH__ >= 6
+ ldrd \a, \b, [\src, #\offset]
+#else
+ ldr \a, [\src, #\offset]
+ ldr \b, [\src, #\offset + 4]
+#endif
+.endm
+
+.macro __strd a, b, dst, offset
+#if __LINUX_ARM_ARCH__ >= 6
+ strd \a, \b, [\dst, #\offset]
+#else
+ str \a, [\dst, #\offset]
+ str \b, [\dst, #\offset + 4]
+#endif
+.endm
+
+.macro _halfround a1, b1, c1, d1, a2, b2, c2, d2
+
+ // a += b; d ^= a; d = rol(d, 16);
+ add \a1, \a1, \b1, ror #brot
+ add \a2, \a2, \b2, ror #brot
+ eor \d1, \a1, \d1, ror #drot
+ eor \d2, \a2, \d2, ror #drot
+ // drot == 32 - 16 == 16
+
+ // c += d; b ^= c; b = rol(b, 12);
+ add \c1, \c1, \d1, ror #16
+ add \c2, \c2, \d2, ror #16
+ eor \b1, \c1, \b1, ror #brot
+ eor \b2, \c2, \b2, ror #brot
+ // brot == 32 - 12 == 20
+
+ // a += b; d ^= a; d = rol(d, 8);
+ add \a1, \a1, \b1, ror #20
+ add \a2, \a2, \b2, ror #20
+ eor \d1, \a1, \d1, ror #16
+ eor \d2, \a2, \d2, ror #16
+ // drot == 32 - 8 == 24
+
+ // c += d; b ^= c; b = rol(b, 7);
+ add \c1, \c1, \d1, ror #24
+ add \c2, \c2, \d2, ror #24
+ eor \b1, \c1, \b1, ror #20
+ eor \b2, \c2, \b2, ror #20
+ // brot == 32 - 7 == 25
+.endm
+
+.macro _doubleround
+
+ // column round
+
+ // quarterrounds: (x0, x4, x8, x12) and (x1, x5, x9, x13)
+ _halfround X0, X4, X8_X10, X12, X1, X5, X9_X11, X13
+
+ // save (x8, x9); restore (x10, x11)
+ __strd X8_X10, X9_X11, sp, 0
+ __ldrd X8_X10, X9_X11, sp, 8
+
+ // quarterrounds: (x2, x6, x10, x14) and (x3, x7, x11, x15)
+ _halfround X2, X6, X8_X10, X14, X3, X7, X9_X11, X15
+
+ .set brot, 25
+ .set drot, 24
+
+ // diagonal round
+
+ // quarterrounds: (x0, x5, x10, x15) and (x1, x6, x11, x12)
+ _halfround X0, X5, X8_X10, X15, X1, X6, X9_X11, X12
+
+ // save (x10, x11); restore (x8, x9)
+ __strd X8_X10, X9_X11, sp, 8
+ __ldrd X8_X10, X9_X11, sp, 0
+
+ // quarterrounds: (x2, x7, x8, x13) and (x3, x4, x9, x14)
+ _halfround X2, X7, X8_X10, X13, X3, X4, X9_X11, X14
+.endm
+
+.macro _chacha_permute nrounds
+ .set brot, 0
+ .set drot, 0
+ .rept \nrounds / 2
+ _doubleround
+ .endr
+.endm
+
+.macro _chacha nrounds
+
+.Lnext_block\@:
+ // Stack: unused0-unused1 x10-x11 x0-x15 OUT IN LEN
+ // Registers contain x0-x9,x12-x15.
+
+ // Do the core ChaCha permutation to update x0-x15.
+ _chacha_permute \nrounds
+
+ add sp, #8
+ // Stack: x10-x11 orig_x0-orig_x15 OUT IN LEN
+ // Registers contain x0-x9,x12-x15.
+ // x4-x7 are rotated by 'brot'; x12-x15 are rotated by 'drot'.
+
+ // Free up some registers (r8-r12,r14) by pushing (x8-x9,x12-x15).
+ push {X8_X10, X9_X11, X12, X13, X14, X15}
+
+ // Load (OUT, IN, LEN).
+ ldr r14, [sp, #96]
+ ldr r12, [sp, #100]
+ ldr r11, [sp, #104]
+
+ orr r10, r14, r12
+
+ // Use slow path if fewer than 64 bytes remain.
+ cmp r11, #64
+ blt .Lxor_slowpath\@
+
+ // Use slow path if IN and/or OUT isn't 4-byte aligned. Needed even on
+ // ARMv6+, since ldmia and stmia (used below) still require alignment.
+ tst r10, #3
+ bne .Lxor_slowpath\@
+
+ // Fast path: XOR 64 bytes of aligned data.
+
+ // Stack: x8-x9 x12-x15 x10-x11 orig_x0-orig_x15 OUT IN LEN
+ // Registers: r0-r7 are x0-x7; r8-r11 are free; r12 is IN; r14 is OUT.
+ // x4-x7 are rotated by 'brot'; x12-x15 are rotated by 'drot'.
+
+ // x0-x3
+ __ldrd r8, r9, sp, 32
+ __ldrd r10, r11, sp, 40
+ add X0, X0, r8
+ add X1, X1, r9
+ add X2, X2, r10
+ add X3, X3, r11
+ _le32_bswap_4x X0, X1, X2, X3, r8, r9, r10
+ ldmia r12!, {r8-r11}
+ eor X0, X0, r8
+ eor X1, X1, r9
+ eor X2, X2, r10
+ eor X3, X3, r11
+ stmia r14!, {X0-X3}
+
+ // x4-x7
+ __ldrd r8, r9, sp, 48
+ __ldrd r10, r11, sp, 56
+ add X4, r8, X4, ror #brot
+ add X5, r9, X5, ror #brot
+ ldmia r12!, {X0-X3}
+ add X6, r10, X6, ror #brot
+ add X7, r11, X7, ror #brot
+ _le32_bswap_4x X4, X5, X6, X7, r8, r9, r10
+ eor X4, X4, X0
+ eor X5, X5, X1
+ eor X6, X6, X2
+ eor X7, X7, X3
+ stmia r14!, {X4-X7}
+
+ // x8-x15
+ pop {r0-r7} // (x8-x9,x12-x15,x10-x11)
+ __ldrd r8, r9, sp, 32
+ __ldrd r10, r11, sp, 40
+ add r0, r0, r8 // x8
+ add r1, r1, r9 // x9
+ add r6, r6, r10 // x10
+ add r7, r7, r11 // x11
+ _le32_bswap_4x r0, r1, r6, r7, r8, r9, r10
+ ldmia r12!, {r8-r11}
+ eor r0, r0, r8 // x8
+ eor r1, r1, r9 // x9
+ eor r6, r6, r10 // x10
+ eor r7, r7, r11 // x11
+ stmia r14!, {r0,r1,r6,r7}
+ ldmia r12!, {r0,r1,r6,r7}
+ __ldrd r8, r9, sp, 48
+ __ldrd r10, r11, sp, 56
+ add r2, r8, r2, ror #drot // x12
+ add r3, r9, r3, ror #drot // x13
+ add r4, r10, r4, ror #drot // x14
+ add r5, r11, r5, ror #drot // x15
+ _le32_bswap_4x r2, r3, r4, r5, r9, r10, r11
+ ldr r9, [sp, #72] // load LEN
+ eor r2, r2, r0 // x12
+ eor r3, r3, r1 // x13
+ eor r4, r4, r6 // x14
+ eor r5, r5, r7 // x15
+ subs r9, #64 // decrement and check LEN
+ stmia r14!, {r2-r5}
+
+ beq .Ldone\@
+
+.Lprepare_for_next_block\@:
+
+ // Stack: x0-x15 OUT IN LEN
+
+ // Increment block counter (x12)
+ add r8, #1
+
+ // Store updated (OUT, IN, LEN)
+ str r14, [sp, #64]
+ str r12, [sp, #68]
+ str r9, [sp, #72]
+
+ mov r14, sp
+
+ // Store updated block counter (x12)
+ str r8, [sp, #48]
+
+ sub sp, #16
+
+ // Reload state and do next block
+ ldmia r14!, {r0-r11} // load x0-x11
+ __strd r10, r11, sp, 8 // store x10-x11 before state
+ ldmia r14, {r10-r12,r14} // load x12-x15
+ b .Lnext_block\@
+
+.Lxor_slowpath\@:
+ // Slow path: < 64 bytes remaining, or unaligned input or output buffer.
+ // We handle it by storing the 64 bytes of keystream to the stack, then
+ // XOR-ing the needed portion with the data.
+
+ // Allocate keystream buffer
+ sub sp, #64
+ mov r14, sp
+
+ // Stack: ks0-ks15 x8-x9 x12-x15 x10-x11 orig_x0-orig_x15 OUT IN LEN
+ // Registers: r0-r7 are x0-x7; r8-r11 are free; r12 is IN; r14 is &ks0.
+ // x4-x7 are rotated by 'brot'; x12-x15 are rotated by 'drot'.
+
+ // Save keystream for x0-x3
+ __ldrd r8, r9, sp, 96
+ __ldrd r10, r11, sp, 104
+ add X0, X0, r8
+ add X1, X1, r9
+ add X2, X2, r10
+ add X3, X3, r11
+ _le32_bswap_4x X0, X1, X2, X3, r8, r9, r10
+ stmia r14!, {X0-X3}
+
+ // Save keystream for x4-x7
+ __ldrd r8, r9, sp, 112
+ __ldrd r10, r11, sp, 120
+ add X4, r8, X4, ror #brot
+ add X5, r9, X5, ror #brot
+ add X6, r10, X6, ror #brot
+ add X7, r11, X7, ror #brot
+ _le32_bswap_4x X4, X5, X6, X7, r8, r9, r10
+ add r8, sp, #64
+ stmia r14!, {X4-X7}
+
+ // Save keystream for x8-x15
+ ldm r8, {r0-r7} // (x8-x9,x12-x15,x10-x11)
+ __ldrd r8, r9, sp, 128
+ __ldrd r10, r11, sp, 136
+ add r0, r0, r8 // x8
+ add r1, r1, r9 // x9
+ add r6, r6, r10 // x10
+ add r7, r7, r11 // x11
+ _le32_bswap_4x r0, r1, r6, r7, r8, r9, r10
+ stmia r14!, {r0,r1,r6,r7}
+ __ldrd r8, r9, sp, 144
+ __ldrd r10, r11, sp, 152
+ add r2, r8, r2, ror #drot // x12
+ add r3, r9, r3, ror #drot // x13
+ add r4, r10, r4, ror #drot // x14
+ add r5, r11, r5, ror #drot // x15
+ _le32_bswap_4x r2, r3, r4, r5, r9, r10, r11
+ stmia r14, {r2-r5}
+
+ // Stack: ks0-ks15 unused0-unused7 x0-x15 OUT IN LEN
+ // Registers: r8 is block counter, r12 is IN.
+
+ ldr r9, [sp, #168] // LEN
+ ldr r14, [sp, #160] // OUT
+ cmp r9, #64
+ mov r0, sp
+ movle r1, r9
+ movgt r1, #64
+ // r1 is number of bytes to XOR, in range [1, 64]
+
+.if __LINUX_ARM_ARCH__ < 6
+ orr r2, r12, r14
+ tst r2, #3 // IN or OUT misaligned?
+ bne .Lxor_next_byte\@
+.endif
+
+ // XOR a word at a time
+.rept 16
+ subs r1, #4
+ blt .Lxor_words_done\@
+ ldr r2, [r12], #4
+ ldr r3, [r0], #4
+ eor r2, r2, r3
+ str r2, [r14], #4
+.endr
+ b .Lxor_slowpath_done\@
+.Lxor_words_done\@:
+ ands r1, r1, #3
+ beq .Lxor_slowpath_done\@
+
+ // XOR a byte at a time
+.Lxor_next_byte\@:
+ ldrb r2, [r12], #1
+ ldrb r3, [r0], #1
+ eor r2, r2, r3
+ strb r2, [r14], #1
+ subs r1, #1
+ bne .Lxor_next_byte\@
+
+.Lxor_slowpath_done\@:
+ subs r9, #64
+ add sp, #96
+ bgt .Lprepare_for_next_block\@
+
+.Ldone\@:
+.endm // _chacha
+
+/*
+ * void chacha20_arm(u8 *out, const u8 *in, size_t len, const u32 key[8],
+ * const u32 iv[4]);
+ */
+ENTRY(chacha20_arm)
+ cmp r2, #0 // len == 0?
+ reteq lr
+
+ push {r0-r2,r4-r11,lr}
+
+ // Push state x0-x15 onto stack.
+ // Also store an extra copy of x10-x11 just before the state.
+
+ ldr r4, [sp, #48] // iv
+ mov r0, sp
+ sub sp, #80
+
+ // iv: x12-x15
+ ldm r4, {X12,X13,X14,X15}
+ stmdb r0!, {X12,X13,X14,X15}
+
+ // key: x4-x11
+ __ldrd X8_X10, X9_X11, r3, 24
+ __strd X8_X10, X9_X11, sp, 8
+ stmdb r0!, {X8_X10, X9_X11}
+ ldm r3, {X4-X9_X11}
+ stmdb r0!, {X4-X9_X11}
+
+ // constants: x0-x3
+ adrl X3, .Lexpand_32byte_k
+ ldm X3, {X0-X3}
+ __strd X0, X1, sp, 16
+ __strd X2, X3, sp, 24
+
+ _chacha 20
+
+ add sp, #76
+ pop {r4-r11, pc}
+ENDPROC(chacha20_arm)
+
+/*
+ * void hchacha20_arm(const u32 state[16], u32 out[8]);
+ */
+ENTRY(hchacha20_arm)
+ push {r1,r4-r11,lr}
+
+ mov r14, r0
+ ldmia r14!, {r0-r11} // load x0-x11
+ push {r10-r11} // store x10-x11 to stack
+ ldm r14, {r10-r12,r14} // load x12-x15
+ sub sp, #8
+
+ _chacha_permute 20
+
+ // Skip over (unused0-unused1, x10-x11)
+ add sp, #16
+
+ // Fix up rotations of x12-x15
+ ror X12, X12, #drot
+ ror X13, X13, #drot
+ pop {r4} // load 'out'
+ ror X14, X14, #drot
+ ror X15, X15, #drot
+
+ // Store (x0-x3,x12-x15) to 'out'
+ stm r4, {X0,X1,X2,X3,X12,X13,X14,X15}
+
+ pop {r4-r11,pc}
+ENDPROC(hchacha20_arm)

691
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0008-crypto-arm-chacha-remove-dependency-on-generic-ChaCh.patch
View File

@@ -1,691 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:14 +0100
Subject: [PATCH] crypto: arm/chacha - remove dependency on generic ChaCha
driver
commit b36d8c09e710c71f6a9690b6586fea2d1c9e1e27 upstream.
Instead of falling back to the generic ChaCha skcipher driver for
non-SIMD cases, use a fast scalar implementation for ARM authored
by Eric Biggers. This removes the module dependency on chacha-generic
altogether, which also simplifies things when we expose the ChaCha
library interface from this module.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/arm/crypto/Kconfig | 4 +-
arch/arm/crypto/Makefile | 3 +-
arch/arm/crypto/chacha-glue.c | 304 +++++++++++++++++++++++++++
arch/arm/crypto/chacha-neon-glue.c | 202 ------------------
arch/arm/crypto/chacha-scalar-core.S | 65 +++---
arch/arm64/crypto/chacha-neon-glue.c | 2 +-
6 files changed, 340 insertions(+), 240 deletions(-)
create mode 100644 arch/arm/crypto/chacha-glue.c
delete mode 100644 arch/arm/crypto/chacha-neon-glue.c
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -127,10 +127,8 @@ config CRYPTO_CRC32_ARM_CE
select CRYPTO_HASH
config CRYPTO_CHACHA20_NEON
- tristate "NEON accelerated ChaCha stream cipher algorithms"
- depends on KERNEL_MODE_NEON
+ tristate "NEON and scalar accelerated ChaCha stream cipher algorithms"
select CRYPTO_BLKCIPHER
- select CRYPTO_CHACHA20
config CRYPTO_NHPOLY1305_NEON
tristate "NEON accelerated NHPoly1305 hash function (for Adiantum)"
--- a/arch/arm/crypto/Makefile
+++ b/arch/arm/crypto/Makefile
@@ -53,7 +53,8 @@ aes-arm-ce-y := aes-ce-core.o aes-ce-glu
ghash-arm-ce-y := ghash-ce-core.o ghash-ce-glue.o
crct10dif-arm-ce-y := crct10dif-ce-core.o crct10dif-ce-glue.o
crc32-arm-ce-y:= crc32-ce-core.o crc32-ce-glue.o
-chacha-neon-y := chacha-neon-core.o chacha-neon-glue.o
+chacha-neon-y := chacha-scalar-core.o chacha-glue.o
+chacha-neon-$(CONFIG_KERNEL_MODE_NEON) += chacha-neon-core.o
nhpoly1305-neon-y := nh-neon-core.o nhpoly1305-neon-glue.o
ifdef REGENERATE_ARM_CRYPTO
--- /dev/null
+++ b/arch/arm/crypto/chacha-glue.c
@@ -0,0 +1,304 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * ARM NEON accelerated ChaCha and XChaCha stream ciphers,
+ * including ChaCha20 (RFC7539)
+ *
+ * Copyright (C) 2016-2019 Linaro, Ltd. <ard.biesheuvel@linaro.org>
+ * Copyright (C) 2015 Martin Willi
+ */
+
+#include <crypto/algapi.h>
+#include <crypto/internal/chacha.h>
+#include <crypto/internal/simd.h>
+#include <crypto/internal/skcipher.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+
+#include <asm/cputype.h>
+#include <asm/hwcap.h>
+#include <asm/neon.h>
+#include <asm/simd.h>
+
+asmlinkage void chacha_block_xor_neon(const u32 *state, u8 *dst, const u8 *src,
+ int nrounds);
+asmlinkage void chacha_4block_xor_neon(const u32 *state, u8 *dst, const u8 *src,
+ int nrounds);
+asmlinkage void hchacha_block_arm(const u32 *state, u32 *out, int nrounds);
+asmlinkage void hchacha_block_neon(const u32 *state, u32 *out, int nrounds);
+
+asmlinkage void chacha_doarm(u8 *dst, const u8 *src, unsigned int bytes,
+ const u32 *state, int nrounds);
+
+static inline bool neon_usable(void)
+{
+ return crypto_simd_usable();
+}
+
+static void chacha_doneon(u32 *state, u8 *dst, const u8 *src,
+ unsigned int bytes, int nrounds)
+{
+ u8 buf[CHACHA_BLOCK_SIZE];
+
+ while (bytes >= CHACHA_BLOCK_SIZE * 4) {
+ chacha_4block_xor_neon(state, dst, src, nrounds);
+ bytes -= CHACHA_BLOCK_SIZE * 4;
+ src += CHACHA_BLOCK_SIZE * 4;
+ dst += CHACHA_BLOCK_SIZE * 4;
+ state[12] += 4;
+ }
+ while (bytes >= CHACHA_BLOCK_SIZE) {
+ chacha_block_xor_neon(state, dst, src, nrounds);
+ bytes -= CHACHA_BLOCK_SIZE;
+ src += CHACHA_BLOCK_SIZE;
+ dst += CHACHA_BLOCK_SIZE;
+ state[12]++;
+ }
+ if (bytes) {
+ memcpy(buf, src, bytes);
+ chacha_block_xor_neon(state, buf, buf, nrounds);
+ memcpy(dst, buf, bytes);
+ }
+}
+
+static int chacha_stream_xor(struct skcipher_request *req,
+ const struct chacha_ctx *ctx, const u8 *iv,
+ bool neon)
+{
+ struct skcipher_walk walk;
+ u32 state[16];
+ int err;
+
+ err = skcipher_walk_virt(&walk, req, false);
+
+ chacha_init_generic(state, ctx->key, iv);
+
+ while (walk.nbytes > 0) {
+ unsigned int nbytes = walk.nbytes;
+
+ if (nbytes < walk.total)
+ nbytes = round_down(nbytes, walk.stride);
+
+ if (!neon) {
+ chacha_doarm(walk.dst.virt.addr, walk.src.virt.addr,
+ nbytes, state, ctx->nrounds);
+ state[12] += DIV_ROUND_UP(nbytes, CHACHA_BLOCK_SIZE);
+ } else {
+ kernel_neon_begin();
+ chacha_doneon(state, walk.dst.virt.addr,
+ walk.src.virt.addr, nbytes, ctx->nrounds);
+ kernel_neon_end();
+ }
+ err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+ }
+
+ return err;
+}
+
+static int do_chacha(struct skcipher_request *req, bool neon)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
+
+ return chacha_stream_xor(req, ctx, req->iv, neon);
+}
+
+static int chacha_arm(struct skcipher_request *req)
+{
+ return do_chacha(req, false);
+}
+
+static int chacha_neon(struct skcipher_request *req)
+{
+ return do_chacha(req, neon_usable());
+}
+
+static int do_xchacha(struct skcipher_request *req, bool neon)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
+ struct chacha_ctx subctx;
+ u32 state[16];
+ u8 real_iv[16];
+
+ chacha_init_generic(state, ctx->key, req->iv);
+
+ if (!neon) {
+ hchacha_block_arm(state, subctx.key, ctx->nrounds);
+ } else {
+ kernel_neon_begin();
+ hchacha_block_neon(state, subctx.key, ctx->nrounds);
+ kernel_neon_end();
+ }
+ subctx.nrounds = ctx->nrounds;
+
+ memcpy(&real_iv[0], req->iv + 24, 8);
+ memcpy(&real_iv[8], req->iv + 16, 8);
+ return chacha_stream_xor(req, &subctx, real_iv, neon);
+}
+
+static int xchacha_arm(struct skcipher_request *req)
+{
+ return do_xchacha(req, false);
+}
+
+static int xchacha_neon(struct skcipher_request *req)
+{
+ return do_xchacha(req, neon_usable());
+}
+
+static struct skcipher_alg arm_algs[] = {
+ {
+ .base.cra_name = "chacha20",
+ .base.cra_driver_name = "chacha20-arm",
+ .base.cra_priority = 200,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = CHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = chacha20_setkey,
+ .encrypt = chacha_arm,
+ .decrypt = chacha_arm,
+ }, {
+ .base.cra_name = "xchacha20",
+ .base.cra_driver_name = "xchacha20-arm",
+ .base.cra_priority = 200,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = chacha20_setkey,
+ .encrypt = xchacha_arm,
+ .decrypt = xchacha_arm,
+ }, {
+ .base.cra_name = "xchacha12",
+ .base.cra_driver_name = "xchacha12-arm",
+ .base.cra_priority = 200,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = chacha12_setkey,
+ .encrypt = xchacha_arm,
+ .decrypt = xchacha_arm,
+ },
+};
+
+static struct skcipher_alg neon_algs[] = {
+ {
+ .base.cra_name = "chacha20",
+ .base.cra_driver_name = "chacha20-neon",
+ .base.cra_priority = 300,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = CHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .walksize = 4 * CHACHA_BLOCK_SIZE,
+ .setkey = chacha20_setkey,
+ .encrypt = chacha_neon,
+ .decrypt = chacha_neon,
+ }, {
+ .base.cra_name = "xchacha20",
+ .base.cra_driver_name = "xchacha20-neon",
+ .base.cra_priority = 300,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .walksize = 4 * CHACHA_BLOCK_SIZE,
+ .setkey = chacha20_setkey,
+ .encrypt = xchacha_neon,
+ .decrypt = xchacha_neon,
+ }, {
+ .base.cra_name = "xchacha12",
+ .base.cra_driver_name = "xchacha12-neon",
+ .base.cra_priority = 300,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .walksize = 4 * CHACHA_BLOCK_SIZE,
+ .setkey = chacha12_setkey,
+ .encrypt = xchacha_neon,
+ .decrypt = xchacha_neon,
+ }
+};
+
+static int __init chacha_simd_mod_init(void)
+{
+ int err;
+
+ err = crypto_register_skciphers(arm_algs, ARRAY_SIZE(arm_algs));
+ if (err)
+ return err;
+
+ if (IS_ENABLED(CONFIG_KERNEL_MODE_NEON) && (elf_hwcap & HWCAP_NEON)) {
+ int i;
+
+ switch (read_cpuid_part()) {
+ case ARM_CPU_PART_CORTEX_A7:
+ case ARM_CPU_PART_CORTEX_A5:
+ /*
+ * The Cortex-A7 and Cortex-A5 do not perform well with
+ * the NEON implementation but do incredibly with the
+ * scalar one and use less power.
+ */
+ for (i = 0; i < ARRAY_SIZE(neon_algs); i++)
+ neon_algs[i].base.cra_priority = 0;
+ break;
+ }
+
+ err = crypto_register_skciphers(neon_algs, ARRAY_SIZE(neon_algs));
+ if (err)
+ crypto_unregister_skciphers(arm_algs, ARRAY_SIZE(arm_algs));
+ }
+ return err;
+}
+
+static void __exit chacha_simd_mod_fini(void)
+{
+ crypto_unregister_skciphers(arm_algs, ARRAY_SIZE(arm_algs));
+ if (IS_ENABLED(CONFIG_KERNEL_MODE_NEON) && (elf_hwcap & HWCAP_NEON))
+ crypto_unregister_skciphers(neon_algs, ARRAY_SIZE(neon_algs));
+}
+
+module_init(chacha_simd_mod_init);
+module_exit(chacha_simd_mod_fini);
+
+MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (scalar and NEON accelerated)");
+MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
+MODULE_LICENSE("GPL v2");
+MODULE_ALIAS_CRYPTO("chacha20");
+MODULE_ALIAS_CRYPTO("chacha20-arm");
+MODULE_ALIAS_CRYPTO("xchacha20");
+MODULE_ALIAS_CRYPTO("xchacha20-arm");
+MODULE_ALIAS_CRYPTO("xchacha12");
+MODULE_ALIAS_CRYPTO("xchacha12-arm");
+#ifdef CONFIG_KERNEL_MODE_NEON
+MODULE_ALIAS_CRYPTO("chacha20-neon");
+MODULE_ALIAS_CRYPTO("xchacha20-neon");
+MODULE_ALIAS_CRYPTO("xchacha12-neon");
+#endif
--- a/arch/arm/crypto/chacha-neon-glue.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * ARM NEON accelerated ChaCha and XChaCha stream ciphers,
- * including ChaCha20 (RFC7539)
- *
- * Copyright (C) 2016 Linaro, Ltd. <ard.biesheuvel@linaro.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Based on:
- * ChaCha20 256-bit cipher algorithm, RFC7539, SIMD glue code
- *
- * Copyright (C) 2015 Martin Willi
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-
-#include <crypto/algapi.h>
-#include <crypto/internal/chacha.h>
-#include <crypto/internal/simd.h>
-#include <crypto/internal/skcipher.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-
-#include <asm/hwcap.h>
-#include <asm/neon.h>
-#include <asm/simd.h>
-
-asmlinkage void chacha_block_xor_neon(const u32 *state, u8 *dst, const u8 *src,
- int nrounds);
-asmlinkage void chacha_4block_xor_neon(const u32 *state, u8 *dst, const u8 *src,
- int nrounds);
-asmlinkage void hchacha_block_neon(const u32 *state, u32 *out, int nrounds);
-
-static void chacha_doneon(u32 *state, u8 *dst, const u8 *src,
- unsigned int bytes, int nrounds)
-{
- u8 buf[CHACHA_BLOCK_SIZE];
-
- while (bytes >= CHACHA_BLOCK_SIZE * 4) {
- chacha_4block_xor_neon(state, dst, src, nrounds);
- bytes -= CHACHA_BLOCK_SIZE * 4;
- src += CHACHA_BLOCK_SIZE * 4;
- dst += CHACHA_BLOCK_SIZE * 4;
- state[12] += 4;
- }
- while (bytes >= CHACHA_BLOCK_SIZE) {
- chacha_block_xor_neon(state, dst, src, nrounds);
- bytes -= CHACHA_BLOCK_SIZE;
- src += CHACHA_BLOCK_SIZE;
- dst += CHACHA_BLOCK_SIZE;
- state[12]++;
- }
- if (bytes) {
- memcpy(buf, src, bytes);
- chacha_block_xor_neon(state, buf, buf, nrounds);
- memcpy(dst, buf, bytes);
- }
-}
-
-static int chacha_neon_stream_xor(struct skcipher_request *req,
- const struct chacha_ctx *ctx, const u8 *iv)
-{
- struct skcipher_walk walk;
- u32 state[16];
- int err;
-
- err = skcipher_walk_virt(&walk, req, false);
-
- crypto_chacha_init(state, ctx, iv);
-
- while (walk.nbytes > 0) {
- unsigned int nbytes = walk.nbytes;
-
- if (nbytes < walk.total)
- nbytes = round_down(nbytes, walk.stride);
-
- kernel_neon_begin();
- chacha_doneon(state, walk.dst.virt.addr, walk.src.virt.addr,
- nbytes, ctx->nrounds);
- kernel_neon_end();
- err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
- }
-
- return err;
-}
-
-static int chacha_neon(struct skcipher_request *req)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
-
- if (req->cryptlen <= CHACHA_BLOCK_SIZE || !crypto_simd_usable())
- return crypto_chacha_crypt(req);
-
- return chacha_neon_stream_xor(req, ctx, req->iv);
-}
-
-static int xchacha_neon(struct skcipher_request *req)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct chacha_ctx subctx;
- u32 state[16];
- u8 real_iv[16];
-
- if (req->cryptlen <= CHACHA_BLOCK_SIZE || !crypto_simd_usable())
- return crypto_xchacha_crypt(req);
-
- crypto_chacha_init(state, ctx, req->iv);
-
- kernel_neon_begin();
- hchacha_block_neon(state, subctx.key, ctx->nrounds);
- kernel_neon_end();
- subctx.nrounds = ctx->nrounds;
-
- memcpy(&real_iv[0], req->iv + 24, 8);
- memcpy(&real_iv[8], req->iv + 16, 8);
- return chacha_neon_stream_xor(req, &subctx, real_iv);
-}
-
-static struct skcipher_alg algs[] = {
- {
- .base.cra_name = "chacha20",
- .base.cra_driver_name = "chacha20-neon",
- .base.cra_priority = 300,
- .base.cra_blocksize = 1,
- .base.cra_ctxsize = sizeof(struct chacha_ctx),
- .base.cra_module = THIS_MODULE,
-
- .min_keysize = CHACHA_KEY_SIZE,
- .max_keysize = CHACHA_KEY_SIZE,
- .ivsize = CHACHA_IV_SIZE,
- .chunksize = CHACHA_BLOCK_SIZE,
- .walksize = 4 * CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha20_setkey,
- .encrypt = chacha_neon,
- .decrypt = chacha_neon,
- }, {
- .base.cra_name = "xchacha20",
- .base.cra_driver_name = "xchacha20-neon",
- .base.cra_priority = 300,
- .base.cra_blocksize = 1,
- .base.cra_ctxsize = sizeof(struct chacha_ctx),
- .base.cra_module = THIS_MODULE,
-
- .min_keysize = CHACHA_KEY_SIZE,
- .max_keysize = CHACHA_KEY_SIZE,
- .ivsize = XCHACHA_IV_SIZE,
- .chunksize = CHACHA_BLOCK_SIZE,
- .walksize = 4 * CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha20_setkey,
- .encrypt = xchacha_neon,
- .decrypt = xchacha_neon,
- }, {
- .base.cra_name = "xchacha12",
- .base.cra_driver_name = "xchacha12-neon",
- .base.cra_priority = 300,
- .base.cra_blocksize = 1,
- .base.cra_ctxsize = sizeof(struct chacha_ctx),
- .base.cra_module = THIS_MODULE,
-
- .min_keysize = CHACHA_KEY_SIZE,
- .max_keysize = CHACHA_KEY_SIZE,
- .ivsize = XCHACHA_IV_SIZE,
- .chunksize = CHACHA_BLOCK_SIZE,
- .walksize = 4 * CHACHA_BLOCK_SIZE,
- .setkey = crypto_chacha12_setkey,
- .encrypt = xchacha_neon,
- .decrypt = xchacha_neon,
- }
-};
-
-static int __init chacha_simd_mod_init(void)
-{
- if (!(elf_hwcap & HWCAP_NEON))
- return -ENODEV;
-
- return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
-}
-
-static void __exit chacha_simd_mod_fini(void)
-{
- crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
-}
-
-module_init(chacha_simd_mod_init);
-module_exit(chacha_simd_mod_fini);
-
-MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (NEON accelerated)");
-MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
-MODULE_LICENSE("GPL v2");
-MODULE_ALIAS_CRYPTO("chacha20");
-MODULE_ALIAS_CRYPTO("chacha20-neon");
-MODULE_ALIAS_CRYPTO("xchacha20");
-MODULE_ALIAS_CRYPTO("xchacha20-neon");
-MODULE_ALIAS_CRYPTO("xchacha12");
-MODULE_ALIAS_CRYPTO("xchacha12-neon");
--- a/arch/arm/crypto/chacha-scalar-core.S
+++ b/arch/arm/crypto/chacha-scalar-core.S
@@ -41,14 +41,6 @@
X14 .req r12
X15 .req r14
-.Lexpand_32byte_k:
- // "expand 32-byte k"
- .word 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
-
-#ifdef __thumb2__
-# define adrl adr
-#endif
-
.macro __rev out, in, t0, t1, t2
.if __LINUX_ARM_ARCH__ >= 6
rev \out, \in
@@ -391,61 +383,65 @@
.endm // _chacha
/*
- * void chacha20_arm(u8 *out, const u8 *in, size_t len, const u32 key[8],
- * const u32 iv[4]);
+ * void chacha_doarm(u8 *dst, const u8 *src, unsigned int bytes,
+ * const u32 *state, int nrounds);
*/
-ENTRY(chacha20_arm)
+ENTRY(chacha_doarm)
cmp r2, #0 // len == 0?
reteq lr
+ ldr ip, [sp]
+ cmp ip, #12
+
push {r0-r2,r4-r11,lr}
// Push state x0-x15 onto stack.
// Also store an extra copy of x10-x11 just before the state.
- ldr r4, [sp, #48] // iv
- mov r0, sp
- sub sp, #80
-
- // iv: x12-x15
- ldm r4, {X12,X13,X14,X15}
- stmdb r0!, {X12,X13,X14,X15}
+ add X12, r3, #48
+ ldm X12, {X12,X13,X14,X15}
+ push {X12,X13,X14,X15}
+ sub sp, sp, #64
- // key: x4-x11
- __ldrd X8_X10, X9_X11, r3, 24
+ __ldrd X8_X10, X9_X11, r3, 40
__strd X8_X10, X9_X11, sp, 8
- stmdb r0!, {X8_X10, X9_X11}
- ldm r3, {X4-X9_X11}
- stmdb r0!, {X4-X9_X11}
-
- // constants: x0-x3
- adrl X3, .Lexpand_32byte_k
- ldm X3, {X0-X3}
+ __strd X8_X10, X9_X11, sp, 56
+ ldm r3, {X0-X9_X11}
__strd X0, X1, sp, 16
__strd X2, X3, sp, 24
+ __strd X4, X5, sp, 32
+ __strd X6, X7, sp, 40
+ __strd X8_X10, X9_X11, sp, 48
+ beq 1f
_chacha 20
- add sp, #76
+0: add sp, #76
pop {r4-r11, pc}
-ENDPROC(chacha20_arm)
+
+1: _chacha 12
+ b 0b
+ENDPROC(chacha_doarm)
/*
- * void hchacha20_arm(const u32 state[16], u32 out[8]);
+ * void hchacha_block_arm(const u32 state[16], u32 out[8], int nrounds);
*/
-ENTRY(hchacha20_arm)
+ENTRY(hchacha_block_arm)
push {r1,r4-r11,lr}
+ cmp r2, #12 // ChaCha12 ?
+
mov r14, r0
ldmia r14!, {r0-r11} // load x0-x11
push {r10-r11} // store x10-x11 to stack
ldm r14, {r10-r12,r14} // load x12-x15
sub sp, #8
+ beq 1f
_chacha_permute 20
// Skip over (unused0-unused1, x10-x11)
- add sp, #16
+0: add sp, #16
// Fix up rotations of x12-x15
ror X12, X12, #drot
@@ -458,4 +454,7 @@ ENTRY(hchacha20_arm)
stm r4, {X0,X1,X2,X3,X12,X13,X14,X15}
pop {r4-r11,pc}
-ENDPROC(hchacha20_arm)
+
+1: _chacha_permute 12
+ b 0b
+ENDPROC(hchacha_block_arm)
--- a/arch/arm64/crypto/chacha-neon-glue.c
+++ b/arch/arm64/crypto/chacha-neon-glue.c
@@ -1,5 +1,5 @@
/*
- * ARM NEON accelerated ChaCha and XChaCha stream ciphers,
+ * ARM NEON and scalar accelerated ChaCha and XChaCha stream ciphers,
* including ChaCha20 (RFC7539)
*
* Copyright (C) 2016 - 2017 Linaro, Ltd. <ard.biesheuvel@linaro.org>

108
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0009-crypto-arm-chacha-expose-ARM-ChaCha-routine-as-libra.patch
View File

@@ -1,108 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:15 +0100
Subject: [PATCH] crypto: arm/chacha - expose ARM ChaCha routine as library
function
commit a44a3430d71bad4ee56788a59fff099b291ea54c upstream.
Expose the accelerated NEON ChaCha routine directly as a symbol
export so that users of the ChaCha library API can use it directly.
Given that calls into the library API will always go through the
routines in this module if it is enabled, switch to static keys
to select the optimal implementation available (which may be none
at all, in which case we defer to the generic implementation for
all invocations).
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/arm/crypto/Kconfig | 1 +
arch/arm/crypto/chacha-glue.c | 41 ++++++++++++++++++++++++++++++++++-
2 files changed, 41 insertions(+), 1 deletion(-)
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -129,6 +129,7 @@ config CRYPTO_CRC32_ARM_CE
config CRYPTO_CHACHA20_NEON
tristate "NEON and scalar accelerated ChaCha stream cipher algorithms"
select CRYPTO_BLKCIPHER
+ select CRYPTO_ARCH_HAVE_LIB_CHACHA
config CRYPTO_NHPOLY1305_NEON
tristate "NEON accelerated NHPoly1305 hash function (for Adiantum)"
--- a/arch/arm/crypto/chacha-glue.c
+++ b/arch/arm/crypto/chacha-glue.c
@@ -11,6 +11,7 @@
#include <crypto/internal/chacha.h>
#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
+#include <linux/jump_label.h>
#include <linux/kernel.h>
#include <linux/module.h>
@@ -29,9 +30,11 @@ asmlinkage void hchacha_block_neon(const
asmlinkage void chacha_doarm(u8 *dst, const u8 *src, unsigned int bytes,
const u32 *state, int nrounds);
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(use_neon);
+
static inline bool neon_usable(void)
{
- return crypto_simd_usable();
+ return static_branch_likely(&use_neon) && crypto_simd_usable();
}
static void chacha_doneon(u32 *state, u8 *dst, const u8 *src,
@@ -60,6 +63,40 @@ static void chacha_doneon(u32 *state, u8
}
}
+void hchacha_block_arch(const u32 *state, u32 *stream, int nrounds)
+{
+ if (!IS_ENABLED(CONFIG_KERNEL_MODE_NEON) || !neon_usable()) {
+ hchacha_block_arm(state, stream, nrounds);
+ } else {
+ kernel_neon_begin();
+ hchacha_block_neon(state, stream, nrounds);
+ kernel_neon_end();
+ }
+}
+EXPORT_SYMBOL(hchacha_block_arch);
+
+void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv)
+{
+ chacha_init_generic(state, key, iv);
+}
+EXPORT_SYMBOL(chacha_init_arch);
+
+void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src, unsigned int bytes,
+ int nrounds)
+{
+ if (!IS_ENABLED(CONFIG_KERNEL_MODE_NEON) || !neon_usable() ||
+ bytes <= CHACHA_BLOCK_SIZE) {
+ chacha_doarm(dst, src, bytes, state, nrounds);
+ state[12] += DIV_ROUND_UP(bytes, CHACHA_BLOCK_SIZE);
+ return;
+ }
+
+ kernel_neon_begin();
+ chacha_doneon(state, dst, src, bytes, nrounds);
+ kernel_neon_end();
+}
+EXPORT_SYMBOL(chacha_crypt_arch);
+
static int chacha_stream_xor(struct skcipher_request *req,
const struct chacha_ctx *ctx, const u8 *iv,
bool neon)
@@ -269,6 +306,8 @@ static int __init chacha_simd_mod_init(v
for (i = 0; i < ARRAY_SIZE(neon_algs); i++)
neon_algs[i].base.cra_priority = 0;
break;
+ default:
+ static_branch_enable(&use_neon);
}
err = crypto_register_skciphers(neon_algs, ARRAY_SIZE(neon_algs));

451
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0010-crypto-mips-chacha-import-32r2-ChaCha-code-from-Zinc.patch
View File

@@ -1,451 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 8 Nov 2019 13:22:16 +0100
Subject: [PATCH] crypto: mips/chacha - import 32r2 ChaCha code from Zinc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit 49aa7c00eddf8d8f462b0256bd82e81762d7b0c6 upstream.
This imports the accelerated MIPS 32r2 ChaCha20 implementation from the
Zinc patch set.
Co-developed-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/mips/crypto/chacha-core.S | 424 +++++++++++++++++++++++++++++++++
1 file changed, 424 insertions(+)
create mode 100644 arch/mips/crypto/chacha-core.S
--- /dev/null
+++ b/arch/mips/crypto/chacha-core.S
@@ -0,0 +1,424 @@
+/* SPDX-License-Identifier: GPL-2.0 OR MIT */
+/*
+ * Copyright (C) 2016-2018 René van Dorst <opensource@vdorst.com>. All Rights Reserved.
+ * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+#define MASK_U32 0x3c
+#define CHACHA20_BLOCK_SIZE 64
+#define STACK_SIZE 32
+
+#define X0 $t0
+#define X1 $t1
+#define X2 $t2
+#define X3 $t3
+#define X4 $t4
+#define X5 $t5
+#define X6 $t6
+#define X7 $t7
+#define X8 $t8
+#define X9 $t9
+#define X10 $v1
+#define X11 $s6
+#define X12 $s5
+#define X13 $s4
+#define X14 $s3
+#define X15 $s2
+/* Use regs which are overwritten on exit for Tx so we don't leak clear data. */
+#define T0 $s1
+#define T1 $s0
+#define T(n) T ## n
+#define X(n) X ## n
+
+/* Input arguments */
+#define STATE $a0
+#define OUT $a1
+#define IN $a2
+#define BYTES $a3
+
+/* Output argument */
+/* NONCE[0] is kept in a register and not in memory.
+ * We don't want to touch original value in memory.
+ * Must be incremented every loop iteration.
+ */
+#define NONCE_0 $v0
+
+/* SAVED_X and SAVED_CA are set in the jump table.
+ * Use regs which are overwritten on exit else we don't leak clear data.
+ * They are used to handling the last bytes which are not multiple of 4.
+ */
+#define SAVED_X X15
+#define SAVED_CA $s7
+
+#define IS_UNALIGNED $s7
+
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#define MSB 0
+#define LSB 3
+#define ROTx rotl
+#define ROTR(n) rotr n, 24
+#define CPU_TO_LE32(n) \
+ wsbh n; \
+ rotr n, 16;
+#else
+#define MSB 3
+#define LSB 0
+#define ROTx rotr
+#define CPU_TO_LE32(n)
+#define ROTR(n)
+#endif
+
+#define FOR_EACH_WORD(x) \
+ x( 0); \
+ x( 1); \
+ x( 2); \
+ x( 3); \
+ x( 4); \
+ x( 5); \
+ x( 6); \
+ x( 7); \
+ x( 8); \
+ x( 9); \
+ x(10); \
+ x(11); \
+ x(12); \
+ x(13); \
+ x(14); \
+ x(15);
+
+#define FOR_EACH_WORD_REV(x) \
+ x(15); \
+ x(14); \
+ x(13); \
+ x(12); \
+ x(11); \
+ x(10); \
+ x( 9); \
+ x( 8); \
+ x( 7); \
+ x( 6); \
+ x( 5); \
+ x( 4); \
+ x( 3); \
+ x( 2); \
+ x( 1); \
+ x( 0);
+
+#define PLUS_ONE_0 1
+#define PLUS_ONE_1 2
+#define PLUS_ONE_2 3
+#define PLUS_ONE_3 4
+#define PLUS_ONE_4 5
+#define PLUS_ONE_5 6
+#define PLUS_ONE_6 7
+#define PLUS_ONE_7 8
+#define PLUS_ONE_8 9
+#define PLUS_ONE_9 10
+#define PLUS_ONE_10 11
+#define PLUS_ONE_11 12
+#define PLUS_ONE_12 13
+#define PLUS_ONE_13 14
+#define PLUS_ONE_14 15
+#define PLUS_ONE_15 16
+#define PLUS_ONE(x) PLUS_ONE_ ## x
+#define _CONCAT3(a,b,c) a ## b ## c
+#define CONCAT3(a,b,c) _CONCAT3(a,b,c)
+
+#define STORE_UNALIGNED(x) \
+CONCAT3(.Lchacha20_mips_xor_unaligned_, PLUS_ONE(x), _b: ;) \
+ .if (x != 12); \
+ lw T0, (x*4)(STATE); \
+ .endif; \
+ lwl T1, (x*4)+MSB ## (IN); \
+ lwr T1, (x*4)+LSB ## (IN); \
+ .if (x == 12); \
+ addu X ## x, NONCE_0; \
+ .else; \
+ addu X ## x, T0; \
+ .endif; \
+ CPU_TO_LE32(X ## x); \
+ xor X ## x, T1; \
+ swl X ## x, (x*4)+MSB ## (OUT); \
+ swr X ## x, (x*4)+LSB ## (OUT);
+
+#define STORE_ALIGNED(x) \
+CONCAT3(.Lchacha20_mips_xor_aligned_, PLUS_ONE(x), _b: ;) \
+ .if (x != 12); \
+ lw T0, (x*4)(STATE); \
+ .endif; \
+ lw T1, (x*4) ## (IN); \
+ .if (x == 12); \
+ addu X ## x, NONCE_0; \
+ .else; \
+ addu X ## x, T0; \
+ .endif; \
+ CPU_TO_LE32(X ## x); \
+ xor X ## x, T1; \
+ sw X ## x, (x*4) ## (OUT);
+
+/* Jump table macro.
+ * Used for setup and handling the last bytes, which are not multiple of 4.
+ * X15 is free to store Xn
+ * Every jumptable entry must be equal in size.
+ */
+#define JMPTBL_ALIGNED(x) \
+.Lchacha20_mips_jmptbl_aligned_ ## x: ; \
+ .set noreorder; \
+ b .Lchacha20_mips_xor_aligned_ ## x ## _b; \
+ .if (x == 12); \
+ addu SAVED_X, X ## x, NONCE_0; \
+ .else; \
+ addu SAVED_X, X ## x, SAVED_CA; \
+ .endif; \
+ .set reorder
+
+#define JMPTBL_UNALIGNED(x) \
+.Lchacha20_mips_jmptbl_unaligned_ ## x: ; \
+ .set noreorder; \
+ b .Lchacha20_mips_xor_unaligned_ ## x ## _b; \
+ .if (x == 12); \
+ addu SAVED_X, X ## x, NONCE_0; \
+ .else; \
+ addu SAVED_X, X ## x, SAVED_CA; \
+ .endif; \
+ .set reorder
+
+#define AXR(A, B, C, D, K, L, M, N, V, W, Y, Z, S) \
+ addu X(A), X(K); \
+ addu X(B), X(L); \
+ addu X(C), X(M); \
+ addu X(D), X(N); \
+ xor X(V), X(A); \
+ xor X(W), X(B); \
+ xor X(Y), X(C); \
+ xor X(Z), X(D); \
+ rotl X(V), S; \
+ rotl X(W), S; \
+ rotl X(Y), S; \
+ rotl X(Z), S;
+
+.text
+.set reorder
+.set noat
+.globl chacha20_mips
+.ent chacha20_mips
+chacha20_mips:
+ .frame $sp, STACK_SIZE, $ra
+
+ addiu $sp, -STACK_SIZE
+
+ /* Return bytes = 0. */
+ beqz BYTES, .Lchacha20_mips_end
+
+ lw NONCE_0, 48(STATE)
+
+ /* Save s0-s7 */
+ sw $s0, 0($sp)
+ sw $s1, 4($sp)
+ sw $s2, 8($sp)
+ sw $s3, 12($sp)
+ sw $s4, 16($sp)
+ sw $s5, 20($sp)
+ sw $s6, 24($sp)
+ sw $s7, 28($sp)
+
+ /* Test IN or OUT is unaligned.
+ * IS_UNALIGNED = ( IN | OUT ) & 0x00000003
+ */
+ or IS_UNALIGNED, IN, OUT
+ andi IS_UNALIGNED, 0x3
+
+ /* Set number of rounds */
+ li $at, 20
+
+ b .Lchacha20_rounds_start
+
+.align 4
+.Loop_chacha20_rounds:
+ addiu IN, CHACHA20_BLOCK_SIZE
+ addiu OUT, CHACHA20_BLOCK_SIZE
+ addiu NONCE_0, 1
+
+.Lchacha20_rounds_start:
+ lw X0, 0(STATE)
+ lw X1, 4(STATE)
+ lw X2, 8(STATE)
+ lw X3, 12(STATE)
+
+ lw X4, 16(STATE)
+ lw X5, 20(STATE)
+ lw X6, 24(STATE)
+ lw X7, 28(STATE)
+ lw X8, 32(STATE)
+ lw X9, 36(STATE)
+ lw X10, 40(STATE)
+ lw X11, 44(STATE)
+
+ move X12, NONCE_0
+ lw X13, 52(STATE)
+ lw X14, 56(STATE)
+ lw X15, 60(STATE)
+
+.Loop_chacha20_xor_rounds:
+ addiu $at, -2
+ AXR( 0, 1, 2, 3, 4, 5, 6, 7, 12,13,14,15, 16);
+ AXR( 8, 9,10,11, 12,13,14,15, 4, 5, 6, 7, 12);
+ AXR( 0, 1, 2, 3, 4, 5, 6, 7, 12,13,14,15, 8);
+ AXR( 8, 9,10,11, 12,13,14,15, 4, 5, 6, 7, 7);
+ AXR( 0, 1, 2, 3, 5, 6, 7, 4, 15,12,13,14, 16);
+ AXR(10,11, 8, 9, 15,12,13,14, 5, 6, 7, 4, 12);
+ AXR( 0, 1, 2, 3, 5, 6, 7, 4, 15,12,13,14, 8);
+ AXR(10,11, 8, 9, 15,12,13,14, 5, 6, 7, 4, 7);
+ bnez $at, .Loop_chacha20_xor_rounds
+
+ addiu BYTES, -(CHACHA20_BLOCK_SIZE)
+
+ /* Is data src/dst unaligned? Jump */
+ bnez IS_UNALIGNED, .Loop_chacha20_unaligned
+
+ /* Set number rounds here to fill delayslot. */
+ li $at, 20
+
+ /* BYTES < 0, it has no full block. */
+ bltz BYTES, .Lchacha20_mips_no_full_block_aligned
+
+ FOR_EACH_WORD_REV(STORE_ALIGNED)
+
+ /* BYTES > 0? Loop again. */
+ bgtz BYTES, .Loop_chacha20_rounds
+
+ /* Place this here to fill delay slot */
+ addiu NONCE_0, 1
+
+ /* BYTES < 0? Handle last bytes */
+ bltz BYTES, .Lchacha20_mips_xor_bytes
+
+.Lchacha20_mips_xor_done:
+ /* Restore used registers */
+ lw $s0, 0($sp)
+ lw $s1, 4($sp)
+ lw $s2, 8($sp)
+ lw $s3, 12($sp)
+ lw $s4, 16($sp)
+ lw $s5, 20($sp)
+ lw $s6, 24($sp)
+ lw $s7, 28($sp)
+
+ /* Write NONCE_0 back to right location in state */
+ sw NONCE_0, 48(STATE)
+
+.Lchacha20_mips_end:
+ addiu $sp, STACK_SIZE
+ jr $ra
+
+.Lchacha20_mips_no_full_block_aligned:
+ /* Restore the offset on BYTES */
+ addiu BYTES, CHACHA20_BLOCK_SIZE
+
+ /* Get number of full WORDS */
+ andi $at, BYTES, MASK_U32
+
+ /* Load upper half of jump table addr */
+ lui T0, %hi(.Lchacha20_mips_jmptbl_aligned_0)
+
+ /* Calculate lower half jump table offset */
+ ins T0, $at, 1, 6
+
+ /* Add offset to STATE */
+ addu T1, STATE, $at
+
+ /* Add lower half jump table addr */
+ addiu T0, %lo(.Lchacha20_mips_jmptbl_aligned_0)
+
+ /* Read value from STATE */
+ lw SAVED_CA, 0(T1)
+
+ /* Store remaining bytecounter as negative value */
+ subu BYTES, $at, BYTES
+
+ jr T0
+
+ /* Jump table */
+ FOR_EACH_WORD(JMPTBL_ALIGNED)
+
+
+.Loop_chacha20_unaligned:
+ /* Set number rounds here to fill delayslot. */
+ li $at, 20
+
+ /* BYTES > 0, it has no full block. */
+ bltz BYTES, .Lchacha20_mips_no_full_block_unaligned
+
+ FOR_EACH_WORD_REV(STORE_UNALIGNED)
+
+ /* BYTES > 0? Loop again. */
+ bgtz BYTES, .Loop_chacha20_rounds
+
+ /* Write NONCE_0 back to right location in state */
+ sw NONCE_0, 48(STATE)
+
+ .set noreorder
+ /* Fall through to byte handling */
+ bgez BYTES, .Lchacha20_mips_xor_done
+.Lchacha20_mips_xor_unaligned_0_b:
+.Lchacha20_mips_xor_aligned_0_b:
+ /* Place this here to fill delay slot */
+ addiu NONCE_0, 1
+ .set reorder
+
+.Lchacha20_mips_xor_bytes:
+ addu IN, $at
+ addu OUT, $at
+ /* First byte */
+ lbu T1, 0(IN)
+ addiu $at, BYTES, 1
+ CPU_TO_LE32(SAVED_X)
+ ROTR(SAVED_X)
+ xor T1, SAVED_X
+ sb T1, 0(OUT)
+ beqz $at, .Lchacha20_mips_xor_done
+ /* Second byte */
+ lbu T1, 1(IN)
+ addiu $at, BYTES, 2
+ ROTx SAVED_X, 8
+ xor T1, SAVED_X
+ sb T1, 1(OUT)
+ beqz $at, .Lchacha20_mips_xor_done
+ /* Third byte */
+ lbu T1, 2(IN)
+ ROTx SAVED_X, 8
+ xor T1, SAVED_X
+ sb T1, 2(OUT)
+ b .Lchacha20_mips_xor_done
+
+.Lchacha20_mips_no_full_block_unaligned:
+ /* Restore the offset on BYTES */
+ addiu BYTES, CHACHA20_BLOCK_SIZE
+
+ /* Get number of full WORDS */
+ andi $at, BYTES, MASK_U32
+
+ /* Load upper half of jump table addr */
+ lui T0, %hi(.Lchacha20_mips_jmptbl_unaligned_0)
+
+ /* Calculate lower half jump table offset */
+ ins T0, $at, 1, 6
+
+ /* Add offset to STATE */
+ addu T1, STATE, $at
+
+ /* Add lower half jump table addr */
+ addiu T0, %lo(.Lchacha20_mips_jmptbl_unaligned_0)
+
+ /* Read value from STATE */
+ lw SAVED_CA, 0(T1)
+
+ /* Store remaining bytecounter as negative value */
+ subu BYTES, $at, BYTES
+
+ jr T0
+
+ /* Jump table */
+ FOR_EACH_WORD(JMPTBL_UNALIGNED)
+.end chacha20_mips
+.set at

559
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0011-crypto-mips-chacha-wire-up-accelerated-32r2-code-fro.patch
View File

@@ -1,559 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:17 +0100
Subject: [PATCH] crypto: mips/chacha - wire up accelerated 32r2 code from Zinc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit 3a2f58f3ba4f6f44e33d1a48240d5eadb882cb59 upstream.
This integrates the accelerated MIPS 32r2 implementation of ChaCha
into both the API and library interfaces of the kernel crypto stack.
The significance of this is that, in addition to becoming available
as an accelerated library implementation, it can also be used by
existing crypto API code such as Adiantum (for block encryption on
ultra low performance cores) or IPsec using chacha20poly1305. These
are use cases that have already opted into using the abstract crypto
API. In order to support Adiantum, the core assembler routine has
been adapted to take the round count as a function argument rather
than hardcoding it to 20.
Co-developed-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: René van Dorst <opensource@vdorst.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/mips/Makefile | 2 +-
arch/mips/crypto/Makefile | 4 +
arch/mips/crypto/chacha-core.S | 159 ++++++++++++++++++++++++---------
arch/mips/crypto/chacha-glue.c | 150 +++++++++++++++++++++++++++++++
crypto/Kconfig | 6 ++
5 files changed, 277 insertions(+), 44 deletions(-)
create mode 100644 arch/mips/crypto/chacha-glue.c
--- a/arch/mips/Makefile
+++ b/arch/mips/Makefile
@@ -334,7 +334,7 @@ libs-$(CONFIG_MIPS_FP_SUPPORT) += arch/m
# See arch/mips/Kbuild for content of core part of the kernel
core-y += arch/mips/
-drivers-$(CONFIG_MIPS_CRC_SUPPORT) += arch/mips/crypto/
+drivers-y += arch/mips/crypto/
drivers-$(CONFIG_OPROFILE) += arch/mips/oprofile/
# suspend and hibernation support
--- a/arch/mips/crypto/Makefile
+++ b/arch/mips/crypto/Makefile
@@ -4,3 +4,7 @@
#
obj-$(CONFIG_CRYPTO_CRC32_MIPS) += crc32-mips.o
+
+obj-$(CONFIG_CRYPTO_CHACHA_MIPS) += chacha-mips.o
+chacha-mips-y := chacha-core.o chacha-glue.o
+AFLAGS_chacha-core.o += -O2 # needed to fill branch delay slots
--- a/arch/mips/crypto/chacha-core.S
+++ b/arch/mips/crypto/chacha-core.S
@@ -125,7 +125,7 @@
#define CONCAT3(a,b,c) _CONCAT3(a,b,c)
#define STORE_UNALIGNED(x) \
-CONCAT3(.Lchacha20_mips_xor_unaligned_, PLUS_ONE(x), _b: ;) \
+CONCAT3(.Lchacha_mips_xor_unaligned_, PLUS_ONE(x), _b: ;) \
.if (x != 12); \
lw T0, (x*4)(STATE); \
.endif; \
@@ -142,7 +142,7 @@ CONCAT3(.Lchacha20_mips_xor_unaligned_,
swr X ## x, (x*4)+LSB ## (OUT);
#define STORE_ALIGNED(x) \
-CONCAT3(.Lchacha20_mips_xor_aligned_, PLUS_ONE(x), _b: ;) \
+CONCAT3(.Lchacha_mips_xor_aligned_, PLUS_ONE(x), _b: ;) \
.if (x != 12); \
lw T0, (x*4)(STATE); \
.endif; \
@@ -162,9 +162,9 @@ CONCAT3(.Lchacha20_mips_xor_aligned_, PL
* Every jumptable entry must be equal in size.
*/
#define JMPTBL_ALIGNED(x) \
-.Lchacha20_mips_jmptbl_aligned_ ## x: ; \
+.Lchacha_mips_jmptbl_aligned_ ## x: ; \
.set noreorder; \
- b .Lchacha20_mips_xor_aligned_ ## x ## _b; \
+ b .Lchacha_mips_xor_aligned_ ## x ## _b; \
.if (x == 12); \
addu SAVED_X, X ## x, NONCE_0; \
.else; \
@@ -173,9 +173,9 @@ CONCAT3(.Lchacha20_mips_xor_aligned_, PL
.set reorder
#define JMPTBL_UNALIGNED(x) \
-.Lchacha20_mips_jmptbl_unaligned_ ## x: ; \
+.Lchacha_mips_jmptbl_unaligned_ ## x: ; \
.set noreorder; \
- b .Lchacha20_mips_xor_unaligned_ ## x ## _b; \
+ b .Lchacha_mips_xor_unaligned_ ## x ## _b; \
.if (x == 12); \
addu SAVED_X, X ## x, NONCE_0; \
.else; \
@@ -200,15 +200,18 @@ CONCAT3(.Lchacha20_mips_xor_aligned_, PL
.text
.set reorder
.set noat
-.globl chacha20_mips
-.ent chacha20_mips
-chacha20_mips:
+.globl chacha_crypt_arch
+.ent chacha_crypt_arch
+chacha_crypt_arch:
.frame $sp, STACK_SIZE, $ra
+ /* Load number of rounds */
+ lw $at, 16($sp)
+
addiu $sp, -STACK_SIZE
/* Return bytes = 0. */
- beqz BYTES, .Lchacha20_mips_end
+ beqz BYTES, .Lchacha_mips_end
lw NONCE_0, 48(STATE)
@@ -228,18 +231,15 @@ chacha20_mips:
or IS_UNALIGNED, IN, OUT
andi IS_UNALIGNED, 0x3
- /* Set number of rounds */
- li $at, 20
-
- b .Lchacha20_rounds_start
+ b .Lchacha_rounds_start
.align 4
-.Loop_chacha20_rounds:
+.Loop_chacha_rounds:
addiu IN, CHACHA20_BLOCK_SIZE
addiu OUT, CHACHA20_BLOCK_SIZE
addiu NONCE_0, 1
-.Lchacha20_rounds_start:
+.Lchacha_rounds_start:
lw X0, 0(STATE)
lw X1, 4(STATE)
lw X2, 8(STATE)
@@ -259,7 +259,7 @@ chacha20_mips:
lw X14, 56(STATE)
lw X15, 60(STATE)
-.Loop_chacha20_xor_rounds:
+.Loop_chacha_xor_rounds:
addiu $at, -2
AXR( 0, 1, 2, 3, 4, 5, 6, 7, 12,13,14,15, 16);
AXR( 8, 9,10,11, 12,13,14,15, 4, 5, 6, 7, 12);
@@ -269,31 +269,31 @@ chacha20_mips:
AXR(10,11, 8, 9, 15,12,13,14, 5, 6, 7, 4, 12);
AXR( 0, 1, 2, 3, 5, 6, 7, 4, 15,12,13,14, 8);
AXR(10,11, 8, 9, 15,12,13,14, 5, 6, 7, 4, 7);
- bnez $at, .Loop_chacha20_xor_rounds
+ bnez $at, .Loop_chacha_xor_rounds
addiu BYTES, -(CHACHA20_BLOCK_SIZE)
/* Is data src/dst unaligned? Jump */
- bnez IS_UNALIGNED, .Loop_chacha20_unaligned
+ bnez IS_UNALIGNED, .Loop_chacha_unaligned
/* Set number rounds here to fill delayslot. */
- li $at, 20
+ lw $at, (STACK_SIZE+16)($sp)
/* BYTES < 0, it has no full block. */
- bltz BYTES, .Lchacha20_mips_no_full_block_aligned
+ bltz BYTES, .Lchacha_mips_no_full_block_aligned
FOR_EACH_WORD_REV(STORE_ALIGNED)
/* BYTES > 0? Loop again. */
- bgtz BYTES, .Loop_chacha20_rounds
+ bgtz BYTES, .Loop_chacha_rounds
/* Place this here to fill delay slot */
addiu NONCE_0, 1
/* BYTES < 0? Handle last bytes */
- bltz BYTES, .Lchacha20_mips_xor_bytes
+ bltz BYTES, .Lchacha_mips_xor_bytes
-.Lchacha20_mips_xor_done:
+.Lchacha_mips_xor_done:
/* Restore used registers */
lw $s0, 0($sp)
lw $s1, 4($sp)
@@ -307,11 +307,11 @@ chacha20_mips:
/* Write NONCE_0 back to right location in state */
sw NONCE_0, 48(STATE)
-.Lchacha20_mips_end:
+.Lchacha_mips_end:
addiu $sp, STACK_SIZE
jr $ra
-.Lchacha20_mips_no_full_block_aligned:
+.Lchacha_mips_no_full_block_aligned:
/* Restore the offset on BYTES */
addiu BYTES, CHACHA20_BLOCK_SIZE
@@ -319,7 +319,7 @@ chacha20_mips:
andi $at, BYTES, MASK_U32
/* Load upper half of jump table addr */
- lui T0, %hi(.Lchacha20_mips_jmptbl_aligned_0)
+ lui T0, %hi(.Lchacha_mips_jmptbl_aligned_0)
/* Calculate lower half jump table offset */
ins T0, $at, 1, 6
@@ -328,7 +328,7 @@ chacha20_mips:
addu T1, STATE, $at
/* Add lower half jump table addr */
- addiu T0, %lo(.Lchacha20_mips_jmptbl_aligned_0)
+ addiu T0, %lo(.Lchacha_mips_jmptbl_aligned_0)
/* Read value from STATE */
lw SAVED_CA, 0(T1)
@@ -342,31 +342,31 @@ chacha20_mips:
FOR_EACH_WORD(JMPTBL_ALIGNED)
-.Loop_chacha20_unaligned:
+.Loop_chacha_unaligned:
/* Set number rounds here to fill delayslot. */
- li $at, 20
+ lw $at, (STACK_SIZE+16)($sp)
/* BYTES > 0, it has no full block. */
- bltz BYTES, .Lchacha20_mips_no_full_block_unaligned
+ bltz BYTES, .Lchacha_mips_no_full_block_unaligned
FOR_EACH_WORD_REV(STORE_UNALIGNED)
/* BYTES > 0? Loop again. */
- bgtz BYTES, .Loop_chacha20_rounds
+ bgtz BYTES, .Loop_chacha_rounds
/* Write NONCE_0 back to right location in state */
sw NONCE_0, 48(STATE)
.set noreorder
/* Fall through to byte handling */
- bgez BYTES, .Lchacha20_mips_xor_done
-.Lchacha20_mips_xor_unaligned_0_b:
-.Lchacha20_mips_xor_aligned_0_b:
+ bgez BYTES, .Lchacha_mips_xor_done
+.Lchacha_mips_xor_unaligned_0_b:
+.Lchacha_mips_xor_aligned_0_b:
/* Place this here to fill delay slot */
addiu NONCE_0, 1
.set reorder
-.Lchacha20_mips_xor_bytes:
+.Lchacha_mips_xor_bytes:
addu IN, $at
addu OUT, $at
/* First byte */
@@ -376,22 +376,22 @@ chacha20_mips:
ROTR(SAVED_X)
xor T1, SAVED_X
sb T1, 0(OUT)
- beqz $at, .Lchacha20_mips_xor_done
+ beqz $at, .Lchacha_mips_xor_done
/* Second byte */
lbu T1, 1(IN)
addiu $at, BYTES, 2
ROTx SAVED_X, 8
xor T1, SAVED_X
sb T1, 1(OUT)
- beqz $at, .Lchacha20_mips_xor_done
+ beqz $at, .Lchacha_mips_xor_done
/* Third byte */
lbu T1, 2(IN)
ROTx SAVED_X, 8
xor T1, SAVED_X
sb T1, 2(OUT)
- b .Lchacha20_mips_xor_done
+ b .Lchacha_mips_xor_done
-.Lchacha20_mips_no_full_block_unaligned:
+.Lchacha_mips_no_full_block_unaligned:
/* Restore the offset on BYTES */
addiu BYTES, CHACHA20_BLOCK_SIZE
@@ -399,7 +399,7 @@ chacha20_mips:
andi $at, BYTES, MASK_U32
/* Load upper half of jump table addr */
- lui T0, %hi(.Lchacha20_mips_jmptbl_unaligned_0)
+ lui T0, %hi(.Lchacha_mips_jmptbl_unaligned_0)
/* Calculate lower half jump table offset */
ins T0, $at, 1, 6
@@ -408,7 +408,7 @@ chacha20_mips:
addu T1, STATE, $at
/* Add lower half jump table addr */
- addiu T0, %lo(.Lchacha20_mips_jmptbl_unaligned_0)
+ addiu T0, %lo(.Lchacha_mips_jmptbl_unaligned_0)
/* Read value from STATE */
lw SAVED_CA, 0(T1)
@@ -420,5 +420,78 @@ chacha20_mips:
/* Jump table */
FOR_EACH_WORD(JMPTBL_UNALIGNED)
-.end chacha20_mips
+.end chacha_crypt_arch
+.set at
+
+/* Input arguments
+ * STATE $a0
+ * OUT $a1
+ * NROUND $a2
+ */
+
+#undef X12
+#undef X13
+#undef X14
+#undef X15
+
+#define X12 $a3
+#define X13 $at
+#define X14 $v0
+#define X15 STATE
+
+.set noat
+.globl hchacha_block_arch
+.ent hchacha_block_arch
+hchacha_block_arch:
+ .frame $sp, STACK_SIZE, $ra
+
+ addiu $sp, -STACK_SIZE
+
+ /* Save X11(s6) */
+ sw X11, 0($sp)
+
+ lw X0, 0(STATE)
+ lw X1, 4(STATE)
+ lw X2, 8(STATE)
+ lw X3, 12(STATE)
+ lw X4, 16(STATE)
+ lw X5, 20(STATE)
+ lw X6, 24(STATE)
+ lw X7, 28(STATE)
+ lw X8, 32(STATE)
+ lw X9, 36(STATE)
+ lw X10, 40(STATE)
+ lw X11, 44(STATE)
+ lw X12, 48(STATE)
+ lw X13, 52(STATE)
+ lw X14, 56(STATE)
+ lw X15, 60(STATE)
+
+.Loop_hchacha_xor_rounds:
+ addiu $a2, -2
+ AXR( 0, 1, 2, 3, 4, 5, 6, 7, 12,13,14,15, 16);
+ AXR( 8, 9,10,11, 12,13,14,15, 4, 5, 6, 7, 12);
+ AXR( 0, 1, 2, 3, 4, 5, 6, 7, 12,13,14,15, 8);
+ AXR( 8, 9,10,11, 12,13,14,15, 4, 5, 6, 7, 7);
+ AXR( 0, 1, 2, 3, 5, 6, 7, 4, 15,12,13,14, 16);
+ AXR(10,11, 8, 9, 15,12,13,14, 5, 6, 7, 4, 12);
+ AXR( 0, 1, 2, 3, 5, 6, 7, 4, 15,12,13,14, 8);
+ AXR(10,11, 8, 9, 15,12,13,14, 5, 6, 7, 4, 7);
+ bnez $a2, .Loop_hchacha_xor_rounds
+
+ /* Restore used register */
+ lw X11, 0($sp)
+
+ sw X0, 0(OUT)
+ sw X1, 4(OUT)
+ sw X2, 8(OUT)
+ sw X3, 12(OUT)
+ sw X12, 16(OUT)
+ sw X13, 20(OUT)
+ sw X14, 24(OUT)
+ sw X15, 28(OUT)
+
+ addiu $sp, STACK_SIZE
+ jr $ra
+.end hchacha_block_arch
.set at
--- /dev/null
+++ b/arch/mips/crypto/chacha-glue.c
@@ -0,0 +1,150 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * MIPS accelerated ChaCha and XChaCha stream ciphers,
+ * including ChaCha20 (RFC7539)
+ *
+ * Copyright (C) 2019 Linaro, Ltd. <ard.biesheuvel@linaro.org>
+ */
+
+#include <asm/byteorder.h>
+#include <crypto/algapi.h>
+#include <crypto/internal/chacha.h>
+#include <crypto/internal/skcipher.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+
+asmlinkage void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src,
+ unsigned int bytes, int nrounds);
+EXPORT_SYMBOL(chacha_crypt_arch);
+
+asmlinkage void hchacha_block_arch(const u32 *state, u32 *stream, int nrounds);
+EXPORT_SYMBOL(hchacha_block_arch);
+
+void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv)
+{
+ chacha_init_generic(state, key, iv);
+}
+EXPORT_SYMBOL(chacha_init_arch);
+
+static int chacha_mips_stream_xor(struct skcipher_request *req,
+ const struct chacha_ctx *ctx, const u8 *iv)
+{
+ struct skcipher_walk walk;
+ u32 state[16];
+ int err;
+
+ err = skcipher_walk_virt(&walk, req, false);
+
+ chacha_init_generic(state, ctx->key, iv);
+
+ while (walk.nbytes > 0) {
+ unsigned int nbytes = walk.nbytes;
+
+ if (nbytes < walk.total)
+ nbytes = round_down(nbytes, walk.stride);
+
+ chacha_crypt(state, walk.dst.virt.addr, walk.src.virt.addr,
+ nbytes, ctx->nrounds);
+ err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+ }
+
+ return err;
+}
+
+static int chacha_mips(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
+
+ return chacha_mips_stream_xor(req, ctx, req->iv);
+}
+
+static int xchacha_mips(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
+ struct chacha_ctx subctx;
+ u32 state[16];
+ u8 real_iv[16];
+
+ chacha_init_generic(state, ctx->key, req->iv);
+
+ hchacha_block(state, subctx.key, ctx->nrounds);
+ subctx.nrounds = ctx->nrounds;
+
+ memcpy(&real_iv[0], req->iv + 24, 8);
+ memcpy(&real_iv[8], req->iv + 16, 8);
+ return chacha_mips_stream_xor(req, &subctx, real_iv);
+}
+
+static struct skcipher_alg algs[] = {
+ {
+ .base.cra_name = "chacha20",
+ .base.cra_driver_name = "chacha20-mips",
+ .base.cra_priority = 200,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = CHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = chacha20_setkey,
+ .encrypt = chacha_mips,
+ .decrypt = chacha_mips,
+ }, {
+ .base.cra_name = "xchacha20",
+ .base.cra_driver_name = "xchacha20-mips",
+ .base.cra_priority = 200,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = chacha20_setkey,
+ .encrypt = xchacha_mips,
+ .decrypt = xchacha_mips,
+ }, {
+ .base.cra_name = "xchacha12",
+ .base.cra_driver_name = "xchacha12-mips",
+ .base.cra_priority = 200,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = chacha12_setkey,
+ .encrypt = xchacha_mips,
+ .decrypt = xchacha_mips,
+ }
+};
+
+static int __init chacha_simd_mod_init(void)
+{
+ return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
+}
+
+static void __exit chacha_simd_mod_fini(void)
+{
+ crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
+}
+
+module_init(chacha_simd_mod_init);
+module_exit(chacha_simd_mod_fini);
+
+MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (MIPS accelerated)");
+MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
+MODULE_LICENSE("GPL v2");
+MODULE_ALIAS_CRYPTO("chacha20");
+MODULE_ALIAS_CRYPTO("chacha20-mips");
+MODULE_ALIAS_CRYPTO("xchacha20");
+MODULE_ALIAS_CRYPTO("xchacha20-mips");
+MODULE_ALIAS_CRYPTO("xchacha12");
+MODULE_ALIAS_CRYPTO("xchacha12-mips");
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1423,6 +1423,12 @@ config CRYPTO_CHACHA20_X86_64
SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
XChaCha20, and XChaCha12 stream ciphers.
+config CRYPTO_CHACHA_MIPS
+ tristate "ChaCha stream cipher algorithms (MIPS 32r2 optimized)"
+ depends on CPU_MIPS32_R2
+ select CRYPTO_BLKCIPHER
+ select CRYPTO_ARCH_HAVE_LIB_CHACHA
+
config CRYPTO_SEED
tristate "SEED cipher algorithm"
select CRYPTO_ALGAPI

115
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0012-crypto-chacha-unexport-chacha_generic-routines.patch
View File

@@ -1,115 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:18 +0100
Subject: [PATCH] crypto: chacha - unexport chacha_generic routines
commit 22cf705360707ced15f9fe5423938f313c7df536 upstream.
Now that all users of generic ChaCha code have moved to the core library,
there is no longer a need for the generic ChaCha skcpiher driver to
export parts of it implementation for reuse by other drivers. So drop
the exports, and make the symbols static.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
crypto/chacha_generic.c | 26 ++++++++------------------
include/crypto/internal/chacha.h | 10 ----------
2 files changed, 8 insertions(+), 28 deletions(-)
--- a/crypto/chacha_generic.c
+++ b/crypto/chacha_generic.c
@@ -21,7 +21,7 @@ static int chacha_stream_xor(struct skci
err = skcipher_walk_virt(&walk, req, false);
- crypto_chacha_init(state, ctx, iv);
+ chacha_init_generic(state, ctx->key, iv);
while (walk.nbytes > 0) {
unsigned int nbytes = walk.nbytes;
@@ -37,36 +37,27 @@ static int chacha_stream_xor(struct skci
return err;
}
-void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv)
-{
- chacha_init_generic(state, ctx->key, iv);
-}
-EXPORT_SYMBOL_GPL(crypto_chacha_init);
-
-int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keysize)
+static int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize)
{
return chacha_setkey(tfm, key, keysize, 20);
}
-EXPORT_SYMBOL_GPL(crypto_chacha20_setkey);
-int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keysize)
+static int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize)
{
return chacha_setkey(tfm, key, keysize, 12);
}
-EXPORT_SYMBOL_GPL(crypto_chacha12_setkey);
-int crypto_chacha_crypt(struct skcipher_request *req)
+static int crypto_chacha_crypt(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
return chacha_stream_xor(req, ctx, req->iv);
}
-EXPORT_SYMBOL_GPL(crypto_chacha_crypt);
-int crypto_xchacha_crypt(struct skcipher_request *req)
+static int crypto_xchacha_crypt(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
@@ -75,7 +66,7 @@ int crypto_xchacha_crypt(struct skcipher
u8 real_iv[16];
/* Compute the subkey given the original key and first 128 nonce bits */
- crypto_chacha_init(state, ctx, req->iv);
+ chacha_init_generic(state, ctx->key, req->iv);
hchacha_block_generic(state, subctx.key, ctx->nrounds);
subctx.nrounds = ctx->nrounds;
@@ -86,7 +77,6 @@ int crypto_xchacha_crypt(struct skcipher
/* Generate the stream and XOR it with the data */
return chacha_stream_xor(req, &subctx, real_iv);
}
-EXPORT_SYMBOL_GPL(crypto_xchacha_crypt);
static struct skcipher_alg algs[] = {
{
--- a/include/crypto/internal/chacha.h
+++ b/include/crypto/internal/chacha.h
@@ -12,8 +12,6 @@ struct chacha_ctx {
int nrounds;
};
-void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv);
-
static inline int chacha_setkey(struct crypto_skcipher *tfm, const u8 *key,
unsigned int keysize, int nrounds)
{
@@ -42,12 +40,4 @@ static int inline chacha12_setkey(struct
return chacha_setkey(tfm, key, keysize, 12);
}
-int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keysize);
-int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keysize);
-
-int crypto_chacha_crypt(struct skcipher_request *req);
-int crypto_xchacha_crypt(struct skcipher_request *req);
-
#endif /* _CRYPTO_CHACHA_H */

649
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0013-crypto-poly1305-move-core-routines-into-a-separate-l.patch
View File

@@ -1,649 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:19 +0100
Subject: [PATCH] crypto: poly1305 - move core routines into a separate library
commit 48ea8c6ebc96bc0990e12ee1c43d0832c23576bb upstream.
Move the core Poly1305 routines shared between the generic Poly1305
shash driver and the Adiantum and NHPoly1305 drivers into a separate
library so that using just this pieces does not pull in the crypto
API pieces of the generic Poly1305 routine.
In a subsequent patch, we will augment this generic library with
init/update/final routines so that Poyl1305 algorithm can be used
directly without the need for using the crypto API's shash abstraction.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/x86/crypto/poly1305_glue.c | 2 +-
crypto/Kconfig | 5 +-
crypto/adiantum.c | 5 +-
crypto/nhpoly1305.c | 3 +-
crypto/poly1305_generic.c | 195 ++---------------------------
include/crypto/internal/poly1305.h | 67 ++++++++++
include/crypto/poly1305.h | 23 ----
lib/crypto/Kconfig | 3 +
lib/crypto/Makefile | 3 +
lib/crypto/poly1305.c | 158 +++++++++++++++++++++++
10 files changed, 248 insertions(+), 216 deletions(-)
create mode 100644 include/crypto/internal/poly1305.h
create mode 100644 lib/crypto/poly1305.c
--- a/arch/x86/crypto/poly1305_glue.c
+++ b/arch/x86/crypto/poly1305_glue.c
@@ -7,8 +7,8 @@
#include <crypto/algapi.h>
#include <crypto/internal/hash.h>
+#include <crypto/internal/poly1305.h>
#include <crypto/internal/simd.h>
-#include <crypto/poly1305.h>
#include <linux/crypto.h>
#include <linux/kernel.h>
#include <linux/module.h>
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -446,7 +446,7 @@ config CRYPTO_KEYWRAP
config CRYPTO_NHPOLY1305
tristate
select CRYPTO_HASH
- select CRYPTO_POLY1305
+ select CRYPTO_LIB_POLY1305_GENERIC
config CRYPTO_NHPOLY1305_SSE2
tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
@@ -467,7 +467,7 @@ config CRYPTO_NHPOLY1305_AVX2
config CRYPTO_ADIANTUM
tristate "Adiantum support"
select CRYPTO_CHACHA20
- select CRYPTO_POLY1305
+ select CRYPTO_LIB_POLY1305_GENERIC
select CRYPTO_NHPOLY1305
select CRYPTO_MANAGER
help
@@ -686,6 +686,7 @@ config CRYPTO_GHASH
config CRYPTO_POLY1305
tristate "Poly1305 authenticator algorithm"
select CRYPTO_HASH
+ select CRYPTO_LIB_POLY1305_GENERIC
help
Poly1305 authenticator algorithm, RFC7539.
--- a/crypto/adiantum.c
+++ b/crypto/adiantum.c
@@ -33,6 +33,7 @@
#include <crypto/b128ops.h>
#include <crypto/chacha.h>
#include <crypto/internal/hash.h>
+#include <crypto/internal/poly1305.h>
#include <crypto/internal/skcipher.h>
#include <crypto/nhpoly1305.h>
#include <crypto/scatterwalk.h>
@@ -242,11 +243,11 @@ static void adiantum_hash_header(struct
BUILD_BUG_ON(sizeof(header) % POLY1305_BLOCK_SIZE != 0);
poly1305_core_blocks(&state, &tctx->header_hash_key,
- &header, sizeof(header) / POLY1305_BLOCK_SIZE);
+ &header, sizeof(header) / POLY1305_BLOCK_SIZE, 1);
BUILD_BUG_ON(TWEAK_SIZE % POLY1305_BLOCK_SIZE != 0);
poly1305_core_blocks(&state, &tctx->header_hash_key, req->iv,
- TWEAK_SIZE / POLY1305_BLOCK_SIZE);
+ TWEAK_SIZE / POLY1305_BLOCK_SIZE, 1);
poly1305_core_emit(&state, &rctx->header_hash);
}
--- a/crypto/nhpoly1305.c
+++ b/crypto/nhpoly1305.c
@@ -33,6 +33,7 @@
#include <asm/unaligned.h>
#include <crypto/algapi.h>
#include <crypto/internal/hash.h>
+#include <crypto/internal/poly1305.h>
#include <crypto/nhpoly1305.h>
#include <linux/crypto.h>
#include <linux/kernel.h>
@@ -78,7 +79,7 @@ static void process_nh_hash_value(struct
BUILD_BUG_ON(NH_HASH_BYTES % POLY1305_BLOCK_SIZE != 0);
poly1305_core_blocks(&state->poly_state, &key->poly_key, state->nh_hash,
- NH_HASH_BYTES / POLY1305_BLOCK_SIZE);
+ NH_HASH_BYTES / POLY1305_BLOCK_SIZE, 1);
}
/*
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -13,27 +13,12 @@
#include <crypto/algapi.h>
#include <crypto/internal/hash.h>
-#include <crypto/poly1305.h>
+#include <crypto/internal/poly1305.h>
#include <linux/crypto.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <asm/unaligned.h>
-static inline u64 mlt(u64 a, u64 b)
-{
- return a * b;
-}
-
-static inline u32 sr(u64 v, u_char n)
-{
- return v >> n;
-}
-
-static inline u32 and(u32 v, u32 mask)
-{
- return v & mask;
-}
-
int crypto_poly1305_init(struct shash_desc *desc)
{
struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
@@ -47,124 +32,8 @@ int crypto_poly1305_init(struct shash_de
}
EXPORT_SYMBOL_GPL(crypto_poly1305_init);
-void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key)
-{
- /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
- key->r[0] = (get_unaligned_le32(raw_key + 0) >> 0) & 0x3ffffff;
- key->r[1] = (get_unaligned_le32(raw_key + 3) >> 2) & 0x3ffff03;
- key->r[2] = (get_unaligned_le32(raw_key + 6) >> 4) & 0x3ffc0ff;
- key->r[3] = (get_unaligned_le32(raw_key + 9) >> 6) & 0x3f03fff;
- key->r[4] = (get_unaligned_le32(raw_key + 12) >> 8) & 0x00fffff;
-}
-EXPORT_SYMBOL_GPL(poly1305_core_setkey);
-
-/*
- * Poly1305 requires a unique key for each tag, which implies that we can't set
- * it on the tfm that gets accessed by multiple users simultaneously. Instead we
- * expect the key as the first 32 bytes in the update() call.
- */
-unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
- const u8 *src, unsigned int srclen)
-{
- if (!dctx->sset) {
- if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {
- poly1305_core_setkey(&dctx->r, src);
- src += POLY1305_BLOCK_SIZE;
- srclen -= POLY1305_BLOCK_SIZE;
- dctx->rset = true;
- }
- if (srclen >= POLY1305_BLOCK_SIZE) {
- dctx->s[0] = get_unaligned_le32(src + 0);
- dctx->s[1] = get_unaligned_le32(src + 4);
- dctx->s[2] = get_unaligned_le32(src + 8);
- dctx->s[3] = get_unaligned_le32(src + 12);
- src += POLY1305_BLOCK_SIZE;
- srclen -= POLY1305_BLOCK_SIZE;
- dctx->sset = true;
- }
- }
- return srclen;
-}
-EXPORT_SYMBOL_GPL(crypto_poly1305_setdesckey);
-
-static void poly1305_blocks_internal(struct poly1305_state *state,
- const struct poly1305_key *key,
- const void *src, unsigned int nblocks,
- u32 hibit)
-{
- u32 r0, r1, r2, r3, r4;
- u32 s1, s2, s3, s4;
- u32 h0, h1, h2, h3, h4;
- u64 d0, d1, d2, d3, d4;
-
- if (!nblocks)
- return;
-
- r0 = key->r[0];
- r1 = key->r[1];
- r2 = key->r[2];
- r3 = key->r[3];
- r4 = key->r[4];
-
- s1 = r1 * 5;
- s2 = r2 * 5;
- s3 = r3 * 5;
- s4 = r4 * 5;
-
- h0 = state->h[0];
- h1 = state->h[1];
- h2 = state->h[2];
- h3 = state->h[3];
- h4 = state->h[4];
-
- do {
- /* h += m[i] */
- h0 += (get_unaligned_le32(src + 0) >> 0) & 0x3ffffff;
- h1 += (get_unaligned_le32(src + 3) >> 2) & 0x3ffffff;
- h2 += (get_unaligned_le32(src + 6) >> 4) & 0x3ffffff;
- h3 += (get_unaligned_le32(src + 9) >> 6) & 0x3ffffff;
- h4 += (get_unaligned_le32(src + 12) >> 8) | hibit;
-
- /* h *= r */
- d0 = mlt(h0, r0) + mlt(h1, s4) + mlt(h2, s3) +
- mlt(h3, s2) + mlt(h4, s1);
- d1 = mlt(h0, r1) + mlt(h1, r0) + mlt(h2, s4) +
- mlt(h3, s3) + mlt(h4, s2);
- d2 = mlt(h0, r2) + mlt(h1, r1) + mlt(h2, r0) +
- mlt(h3, s4) + mlt(h4, s3);
- d3 = mlt(h0, r3) + mlt(h1, r2) + mlt(h2, r1) +
- mlt(h3, r0) + mlt(h4, s4);
- d4 = mlt(h0, r4) + mlt(h1, r3) + mlt(h2, r2) +
- mlt(h3, r1) + mlt(h4, r0);
-
- /* (partial) h %= p */
- d1 += sr(d0, 26); h0 = and(d0, 0x3ffffff);
- d2 += sr(d1, 26); h1 = and(d1, 0x3ffffff);
- d3 += sr(d2, 26); h2 = and(d2, 0x3ffffff);
- d4 += sr(d3, 26); h3 = and(d3, 0x3ffffff);
- h0 += sr(d4, 26) * 5; h4 = and(d4, 0x3ffffff);
- h1 += h0 >> 26; h0 = h0 & 0x3ffffff;
-
- src += POLY1305_BLOCK_SIZE;
- } while (--nblocks);
-
- state->h[0] = h0;
- state->h[1] = h1;
- state->h[2] = h2;
- state->h[3] = h3;
- state->h[4] = h4;
-}
-
-void poly1305_core_blocks(struct poly1305_state *state,
- const struct poly1305_key *key,
- const void *src, unsigned int nblocks)
-{
- poly1305_blocks_internal(state, key, src, nblocks, 1 << 24);
-}
-EXPORT_SYMBOL_GPL(poly1305_core_blocks);
-
-static void poly1305_blocks(struct poly1305_desc_ctx *dctx,
- const u8 *src, unsigned int srclen, u32 hibit)
+static void poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src,
+ unsigned int srclen)
{
unsigned int datalen;
@@ -174,8 +43,8 @@ static void poly1305_blocks(struct poly1
srclen = datalen;
}
- poly1305_blocks_internal(&dctx->h, &dctx->r,
- src, srclen / POLY1305_BLOCK_SIZE, hibit);
+ poly1305_core_blocks(&dctx->h, &dctx->r, src,
+ srclen / POLY1305_BLOCK_SIZE, 1);
}
int crypto_poly1305_update(struct shash_desc *desc,
@@ -193,13 +62,13 @@ int crypto_poly1305_update(struct shash_
if (dctx->buflen == POLY1305_BLOCK_SIZE) {
poly1305_blocks(dctx, dctx->buf,
- POLY1305_BLOCK_SIZE, 1 << 24);
+ POLY1305_BLOCK_SIZE);
dctx->buflen = 0;
}
}
if (likely(srclen >= POLY1305_BLOCK_SIZE)) {
- poly1305_blocks(dctx, src, srclen, 1 << 24);
+ poly1305_blocks(dctx, src, srclen);
src += srclen - (srclen % POLY1305_BLOCK_SIZE);
srclen %= POLY1305_BLOCK_SIZE;
}
@@ -213,54 +82,6 @@ int crypto_poly1305_update(struct shash_
}
EXPORT_SYMBOL_GPL(crypto_poly1305_update);
-void poly1305_core_emit(const struct poly1305_state *state, void *dst)
-{
- u32 h0, h1, h2, h3, h4;
- u32 g0, g1, g2, g3, g4;
- u32 mask;
-
- /* fully carry h */
- h0 = state->h[0];
- h1 = state->h[1];
- h2 = state->h[2];
- h3 = state->h[3];
- h4 = state->h[4];
-
- h2 += (h1 >> 26); h1 = h1 & 0x3ffffff;
- h3 += (h2 >> 26); h2 = h2 & 0x3ffffff;
- h4 += (h3 >> 26); h3 = h3 & 0x3ffffff;
- h0 += (h4 >> 26) * 5; h4 = h4 & 0x3ffffff;
- h1 += (h0 >> 26); h0 = h0 & 0x3ffffff;
-
- /* compute h + -p */
- g0 = h0 + 5;
- g1 = h1 + (g0 >> 26); g0 &= 0x3ffffff;
- g2 = h2 + (g1 >> 26); g1 &= 0x3ffffff;
- g3 = h3 + (g2 >> 26); g2 &= 0x3ffffff;
- g4 = h4 + (g3 >> 26) - (1 << 26); g3 &= 0x3ffffff;
-
- /* select h if h < p, or h + -p if h >= p */
- mask = (g4 >> ((sizeof(u32) * 8) - 1)) - 1;
- g0 &= mask;
- g1 &= mask;
- g2 &= mask;
- g3 &= mask;
- g4 &= mask;
- mask = ~mask;
- h0 = (h0 & mask) | g0;
- h1 = (h1 & mask) | g1;
- h2 = (h2 & mask) | g2;
- h3 = (h3 & mask) | g3;
- h4 = (h4 & mask) | g4;
-
- /* h = h % (2^128) */
- put_unaligned_le32((h0 >> 0) | (h1 << 26), dst + 0);
- put_unaligned_le32((h1 >> 6) | (h2 << 20), dst + 4);
- put_unaligned_le32((h2 >> 12) | (h3 << 14), dst + 8);
- put_unaligned_le32((h3 >> 18) | (h4 << 8), dst + 12);
-}
-EXPORT_SYMBOL_GPL(poly1305_core_emit);
-
int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
{
struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
@@ -274,7 +95,7 @@ int crypto_poly1305_final(struct shash_d
dctx->buf[dctx->buflen++] = 1;
memset(dctx->buf + dctx->buflen, 0,
POLY1305_BLOCK_SIZE - dctx->buflen);
- poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);
+ poly1305_core_blocks(&dctx->h, &dctx->r, dctx->buf, 1, 0);
}
poly1305_core_emit(&dctx->h, digest);
--- /dev/null
+++ b/include/crypto/internal/poly1305.h
@@ -0,0 +1,67 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Common values for the Poly1305 algorithm
+ */
+
+#ifndef _CRYPTO_INTERNAL_POLY1305_H
+#define _CRYPTO_INTERNAL_POLY1305_H
+
+#include <asm/unaligned.h>
+#include <linux/types.h>
+#include <crypto/poly1305.h>
+
+struct shash_desc;
+
+/*
+ * Poly1305 core functions. These implement the ε-almost-∆-universal hash
+ * function underlying the Poly1305 MAC, i.e. they don't add an encrypted nonce
+ * ("s key") at the end. They also only support block-aligned inputs.
+ */
+void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key);
+static inline void poly1305_core_init(struct poly1305_state *state)
+{
+ *state = (struct poly1305_state){};
+}
+
+void poly1305_core_blocks(struct poly1305_state *state,
+ const struct poly1305_key *key, const void *src,
+ unsigned int nblocks, u32 hibit);
+void poly1305_core_emit(const struct poly1305_state *state, void *dst);
+
+/* Crypto API helper functions for the Poly1305 MAC */
+int crypto_poly1305_init(struct shash_desc *desc);
+
+int crypto_poly1305_update(struct shash_desc *desc,
+ const u8 *src, unsigned int srclen);
+int crypto_poly1305_final(struct shash_desc *desc, u8 *dst);
+
+/*
+ * Poly1305 requires a unique key for each tag, which implies that we can't set
+ * it on the tfm that gets accessed by multiple users simultaneously. Instead we
+ * expect the key as the first 32 bytes in the update() call.
+ */
+static inline
+unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
+ const u8 *src, unsigned int srclen)
+{
+ if (!dctx->sset) {
+ if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {
+ poly1305_core_setkey(&dctx->r, src);
+ src += POLY1305_BLOCK_SIZE;
+ srclen -= POLY1305_BLOCK_SIZE;
+ dctx->rset = true;
+ }
+ if (srclen >= POLY1305_BLOCK_SIZE) {
+ dctx->s[0] = get_unaligned_le32(src + 0);
+ dctx->s[1] = get_unaligned_le32(src + 4);
+ dctx->s[2] = get_unaligned_le32(src + 8);
+ dctx->s[3] = get_unaligned_le32(src + 12);
+ src += POLY1305_BLOCK_SIZE;
+ srclen -= POLY1305_BLOCK_SIZE;
+ dctx->sset = true;
+ }
+ }
+ return srclen;
+}
+
+#endif
--- a/include/crypto/poly1305.h
+++ b/include/crypto/poly1305.h
@@ -38,27 +38,4 @@ struct poly1305_desc_ctx {
bool sset;
};
-/*
- * Poly1305 core functions. These implement the ε-almost-∆-universal hash
- * function underlying the Poly1305 MAC, i.e. they don't add an encrypted nonce
- * ("s key") at the end. They also only support block-aligned inputs.
- */
-void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key);
-static inline void poly1305_core_init(struct poly1305_state *state)
-{
- memset(state->h, 0, sizeof(state->h));
-}
-void poly1305_core_blocks(struct poly1305_state *state,
- const struct poly1305_key *key,
- const void *src, unsigned int nblocks);
-void poly1305_core_emit(const struct poly1305_state *state, void *dst);
-
-/* Crypto API helper functions for the Poly1305 MAC */
-int crypto_poly1305_init(struct shash_desc *desc);
-unsigned int crypto_poly1305_setdesckey(struct poly1305_desc_ctx *dctx,
- const u8 *src, unsigned int srclen);
-int crypto_poly1305_update(struct shash_desc *desc,
- const u8 *src, unsigned int srclen);
-int crypto_poly1305_final(struct shash_desc *desc, u8 *dst);
-
#endif
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -37,5 +37,8 @@ config CRYPTO_LIB_CHACHA
config CRYPTO_LIB_DES
tristate
+config CRYPTO_LIB_POLY1305_GENERIC
+ tristate
+
config CRYPTO_LIB_SHA256
tristate
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -13,5 +13,8 @@ libarc4-y := arc4.o
obj-$(CONFIG_CRYPTO_LIB_DES) += libdes.o
libdes-y := des.o
+obj-$(CONFIG_CRYPTO_LIB_POLY1305_GENERIC) += libpoly1305.o
+libpoly1305-y := poly1305.o
+
obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o
libsha256-y := sha256.o
--- /dev/null
+++ b/lib/crypto/poly1305.c
@@ -0,0 +1,158 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Poly1305 authenticator algorithm, RFC7539
+ *
+ * Copyright (C) 2015 Martin Willi
+ *
+ * Based on public domain code by Andrew Moon and Daniel J. Bernstein.
+ */
+
+#include <crypto/internal/poly1305.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <asm/unaligned.h>
+
+static inline u64 mlt(u64 a, u64 b)
+{
+ return a * b;
+}
+
+static inline u32 sr(u64 v, u_char n)
+{
+ return v >> n;
+}
+
+static inline u32 and(u32 v, u32 mask)
+{
+ return v & mask;
+}
+
+void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key)
+{
+ /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+ key->r[0] = (get_unaligned_le32(raw_key + 0) >> 0) & 0x3ffffff;
+ key->r[1] = (get_unaligned_le32(raw_key + 3) >> 2) & 0x3ffff03;
+ key->r[2] = (get_unaligned_le32(raw_key + 6) >> 4) & 0x3ffc0ff;
+ key->r[3] = (get_unaligned_le32(raw_key + 9) >> 6) & 0x3f03fff;
+ key->r[4] = (get_unaligned_le32(raw_key + 12) >> 8) & 0x00fffff;
+}
+EXPORT_SYMBOL_GPL(poly1305_core_setkey);
+
+void poly1305_core_blocks(struct poly1305_state *state,
+ const struct poly1305_key *key, const void *src,
+ unsigned int nblocks, u32 hibit)
+{
+ u32 r0, r1, r2, r3, r4;
+ u32 s1, s2, s3, s4;
+ u32 h0, h1, h2, h3, h4;
+ u64 d0, d1, d2, d3, d4;
+
+ if (!nblocks)
+ return;
+
+ r0 = key->r[0];
+ r1 = key->r[1];
+ r2 = key->r[2];
+ r3 = key->r[3];
+ r4 = key->r[4];
+
+ s1 = r1 * 5;
+ s2 = r2 * 5;
+ s3 = r3 * 5;
+ s4 = r4 * 5;
+
+ h0 = state->h[0];
+ h1 = state->h[1];
+ h2 = state->h[2];
+ h3 = state->h[3];
+ h4 = state->h[4];
+
+ do {
+ /* h += m[i] */
+ h0 += (get_unaligned_le32(src + 0) >> 0) & 0x3ffffff;
+ h1 += (get_unaligned_le32(src + 3) >> 2) & 0x3ffffff;
+ h2 += (get_unaligned_le32(src + 6) >> 4) & 0x3ffffff;
+ h3 += (get_unaligned_le32(src + 9) >> 6) & 0x3ffffff;
+ h4 += (get_unaligned_le32(src + 12) >> 8) | (hibit << 24);
+
+ /* h *= r */
+ d0 = mlt(h0, r0) + mlt(h1, s4) + mlt(h2, s3) +
+ mlt(h3, s2) + mlt(h4, s1);
+ d1 = mlt(h0, r1) + mlt(h1, r0) + mlt(h2, s4) +
+ mlt(h3, s3) + mlt(h4, s2);
+ d2 = mlt(h0, r2) + mlt(h1, r1) + mlt(h2, r0) +
+ mlt(h3, s4) + mlt(h4, s3);
+ d3 = mlt(h0, r3) + mlt(h1, r2) + mlt(h2, r1) +
+ mlt(h3, r0) + mlt(h4, s4);
+ d4 = mlt(h0, r4) + mlt(h1, r3) + mlt(h2, r2) +
+ mlt(h3, r1) + mlt(h4, r0);
+
+ /* (partial) h %= p */
+ d1 += sr(d0, 26); h0 = and(d0, 0x3ffffff);
+ d2 += sr(d1, 26); h1 = and(d1, 0x3ffffff);
+ d3 += sr(d2, 26); h2 = and(d2, 0x3ffffff);
+ d4 += sr(d3, 26); h3 = and(d3, 0x3ffffff);
+ h0 += sr(d4, 26) * 5; h4 = and(d4, 0x3ffffff);
+ h1 += h0 >> 26; h0 = h0 & 0x3ffffff;
+
+ src += POLY1305_BLOCK_SIZE;
+ } while (--nblocks);
+
+ state->h[0] = h0;
+ state->h[1] = h1;
+ state->h[2] = h2;
+ state->h[3] = h3;
+ state->h[4] = h4;
+}
+EXPORT_SYMBOL_GPL(poly1305_core_blocks);
+
+void poly1305_core_emit(const struct poly1305_state *state, void *dst)
+{
+ u32 h0, h1, h2, h3, h4;
+ u32 g0, g1, g2, g3, g4;
+ u32 mask;
+
+ /* fully carry h */
+ h0 = state->h[0];
+ h1 = state->h[1];
+ h2 = state->h[2];
+ h3 = state->h[3];
+ h4 = state->h[4];
+
+ h2 += (h1 >> 26); h1 = h1 & 0x3ffffff;
+ h3 += (h2 >> 26); h2 = h2 & 0x3ffffff;
+ h4 += (h3 >> 26); h3 = h3 & 0x3ffffff;
+ h0 += (h4 >> 26) * 5; h4 = h4 & 0x3ffffff;
+ h1 += (h0 >> 26); h0 = h0 & 0x3ffffff;
+
+ /* compute h + -p */
+ g0 = h0 + 5;
+ g1 = h1 + (g0 >> 26); g0 &= 0x3ffffff;
+ g2 = h2 + (g1 >> 26); g1 &= 0x3ffffff;
+ g3 = h3 + (g2 >> 26); g2 &= 0x3ffffff;
+ g4 = h4 + (g3 >> 26) - (1 << 26); g3 &= 0x3ffffff;
+
+ /* select h if h < p, or h + -p if h >= p */
+ mask = (g4 >> ((sizeof(u32) * 8) - 1)) - 1;
+ g0 &= mask;
+ g1 &= mask;
+ g2 &= mask;
+ g3 &= mask;
+ g4 &= mask;
+ mask = ~mask;
+ h0 = (h0 & mask) | g0;
+ h1 = (h1 & mask) | g1;
+ h2 = (h2 & mask) | g2;
+ h3 = (h3 & mask) | g3;
+ h4 = (h4 & mask) | g4;
+
+ /* h = h % (2^128) */
+ put_unaligned_le32((h0 >> 0) | (h1 << 26), dst + 0);
+ put_unaligned_le32((h1 >> 6) | (h2 << 20), dst + 4);
+ put_unaligned_le32((h2 >> 12) | (h3 << 14), dst + 8);
+ put_unaligned_le32((h3 >> 18) | (h4 << 8), dst + 12);
+}
+EXPORT_SYMBOL_GPL(poly1305_core_emit);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");

251
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0014-crypto-x86-poly1305-unify-Poly1305-state-struct-with.patch
View File

@@ -1,251 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:20 +0100
Subject: [PATCH] crypto: x86/poly1305 - unify Poly1305 state struct with
generic code
commit ad8f5b88383ea685f2b8df2a12ee3e08089a1287 upstream.
In preparation of exposing a Poly1305 library interface directly from
the accelerated x86 driver, align the state descriptor of the x86 code
with the one used by the generic driver. This is needed to make the
library interface unified between all implementations.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/x86/crypto/poly1305_glue.c | 88 ++++++++++--------------------
crypto/poly1305_generic.c | 6 +-
include/crypto/internal/poly1305.h | 4 +-
include/crypto/poly1305.h | 18 +++---
4 files changed, 43 insertions(+), 73 deletions(-)
--- a/arch/x86/crypto/poly1305_glue.c
+++ b/arch/x86/crypto/poly1305_glue.c
@@ -14,40 +14,14 @@
#include <linux/module.h>
#include <asm/simd.h>
-struct poly1305_simd_desc_ctx {
- struct poly1305_desc_ctx base;
- /* derived key u set? */
- bool uset;
-#ifdef CONFIG_AS_AVX2
- /* derived keys r^3, r^4 set? */
- bool wset;
-#endif
- /* derived Poly1305 key r^2 */
- u32 u[5];
- /* ... silently appended r^3 and r^4 when using AVX2 */
-};
-
asmlinkage void poly1305_block_sse2(u32 *h, const u8 *src,
const u32 *r, unsigned int blocks);
asmlinkage void poly1305_2block_sse2(u32 *h, const u8 *src, const u32 *r,
unsigned int blocks, const u32 *u);
-#ifdef CONFIG_AS_AVX2
asmlinkage void poly1305_4block_avx2(u32 *h, const u8 *src, const u32 *r,
unsigned int blocks, const u32 *u);
-static bool poly1305_use_avx2;
-#endif
-static int poly1305_simd_init(struct shash_desc *desc)
-{
- struct poly1305_simd_desc_ctx *sctx = shash_desc_ctx(desc);
-
- sctx->uset = false;
-#ifdef CONFIG_AS_AVX2
- sctx->wset = false;
-#endif
-
- return crypto_poly1305_init(desc);
-}
+static bool poly1305_use_avx2 __ro_after_init;
static void poly1305_simd_mult(u32 *a, const u32 *b)
{
@@ -63,53 +37,49 @@ static void poly1305_simd_mult(u32 *a, c
static unsigned int poly1305_simd_blocks(struct poly1305_desc_ctx *dctx,
const u8 *src, unsigned int srclen)
{
- struct poly1305_simd_desc_ctx *sctx;
unsigned int blocks, datalen;
- BUILD_BUG_ON(offsetof(struct poly1305_simd_desc_ctx, base));
- sctx = container_of(dctx, struct poly1305_simd_desc_ctx, base);
-
if (unlikely(!dctx->sset)) {
datalen = crypto_poly1305_setdesckey(dctx, src, srclen);
src += srclen - datalen;
srclen = datalen;
}
-#ifdef CONFIG_AS_AVX2
- if (poly1305_use_avx2 && srclen >= POLY1305_BLOCK_SIZE * 4) {
- if (unlikely(!sctx->wset)) {
- if (!sctx->uset) {
- memcpy(sctx->u, dctx->r.r, sizeof(sctx->u));
- poly1305_simd_mult(sctx->u, dctx->r.r);
- sctx->uset = true;
+ if (IS_ENABLED(CONFIG_AS_AVX2) &&
+ poly1305_use_avx2 &&
+ srclen >= POLY1305_BLOCK_SIZE * 4) {
+ if (unlikely(dctx->rset < 4)) {
+ if (dctx->rset < 2) {
+ dctx->r[1] = dctx->r[0];
+ poly1305_simd_mult(dctx->r[1].r, dctx->r[0].r);
}
- memcpy(sctx->u + 5, sctx->u, sizeof(sctx->u));
- poly1305_simd_mult(sctx->u + 5, dctx->r.r);
- memcpy(sctx->u + 10, sctx->u + 5, sizeof(sctx->u));
- poly1305_simd_mult(sctx->u + 10, dctx->r.r);
- sctx->wset = true;
+ dctx->r[2] = dctx->r[1];
+ poly1305_simd_mult(dctx->r[2].r, dctx->r[0].r);
+ dctx->r[3] = dctx->r[2];
+ poly1305_simd_mult(dctx->r[3].r, dctx->r[0].r);
+ dctx->rset = 4;
}
blocks = srclen / (POLY1305_BLOCK_SIZE * 4);
- poly1305_4block_avx2(dctx->h.h, src, dctx->r.r, blocks,
- sctx->u);
+ poly1305_4block_avx2(dctx->h.h, src, dctx->r[0].r, blocks,
+ dctx->r[1].r);
src += POLY1305_BLOCK_SIZE * 4 * blocks;
srclen -= POLY1305_BLOCK_SIZE * 4 * blocks;
}
-#endif
+
if (likely(srclen >= POLY1305_BLOCK_SIZE * 2)) {
- if (unlikely(!sctx->uset)) {
- memcpy(sctx->u, dctx->r.r, sizeof(sctx->u));
- poly1305_simd_mult(sctx->u, dctx->r.r);
- sctx->uset = true;
+ if (unlikely(dctx->rset < 2)) {
+ dctx->r[1] = dctx->r[0];
+ poly1305_simd_mult(dctx->r[1].r, dctx->r[0].r);
+ dctx->rset = 2;
}
blocks = srclen / (POLY1305_BLOCK_SIZE * 2);
- poly1305_2block_sse2(dctx->h.h, src, dctx->r.r, blocks,
- sctx->u);
+ poly1305_2block_sse2(dctx->h.h, src, dctx->r[0].r,
+ blocks, dctx->r[1].r);
src += POLY1305_BLOCK_SIZE * 2 * blocks;
srclen -= POLY1305_BLOCK_SIZE * 2 * blocks;
}
if (srclen >= POLY1305_BLOCK_SIZE) {
- poly1305_block_sse2(dctx->h.h, src, dctx->r.r, 1);
+ poly1305_block_sse2(dctx->h.h, src, dctx->r[0].r, 1);
srclen -= POLY1305_BLOCK_SIZE;
}
return srclen;
@@ -159,10 +129,10 @@ static int poly1305_simd_update(struct s
static struct shash_alg alg = {
.digestsize = POLY1305_DIGEST_SIZE,
- .init = poly1305_simd_init,
+ .init = crypto_poly1305_init,
.update = poly1305_simd_update,
.final = crypto_poly1305_final,
- .descsize = sizeof(struct poly1305_simd_desc_ctx),
+ .descsize = sizeof(struct poly1305_desc_ctx),
.base = {
.cra_name = "poly1305",
.cra_driver_name = "poly1305-simd",
@@ -177,14 +147,14 @@ static int __init poly1305_simd_mod_init
if (!boot_cpu_has(X86_FEATURE_XMM2))
return -ENODEV;
-#ifdef CONFIG_AS_AVX2
- poly1305_use_avx2 = boot_cpu_has(X86_FEATURE_AVX) &&
+ poly1305_use_avx2 = IS_ENABLED(CONFIG_AS_AVX2) &&
+ boot_cpu_has(X86_FEATURE_AVX) &&
boot_cpu_has(X86_FEATURE_AVX2) &&
cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL);
- alg.descsize = sizeof(struct poly1305_simd_desc_ctx);
+ alg.descsize = sizeof(struct poly1305_desc_ctx) + 5 * sizeof(u32);
if (poly1305_use_avx2)
alg.descsize += 10 * sizeof(u32);
-#endif
+
return crypto_register_shash(&alg);
}
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -25,7 +25,7 @@ int crypto_poly1305_init(struct shash_de
poly1305_core_init(&dctx->h);
dctx->buflen = 0;
- dctx->rset = false;
+ dctx->rset = 0;
dctx->sset = false;
return 0;
@@ -43,7 +43,7 @@ static void poly1305_blocks(struct poly1
srclen = datalen;
}
- poly1305_core_blocks(&dctx->h, &dctx->r, src,
+ poly1305_core_blocks(&dctx->h, dctx->r, src,
srclen / POLY1305_BLOCK_SIZE, 1);
}
@@ -95,7 +95,7 @@ int crypto_poly1305_final(struct shash_d
dctx->buf[dctx->buflen++] = 1;
memset(dctx->buf + dctx->buflen, 0,
POLY1305_BLOCK_SIZE - dctx->buflen);
- poly1305_core_blocks(&dctx->h, &dctx->r, dctx->buf, 1, 0);
+ poly1305_core_blocks(&dctx->h, dctx->r, dctx->buf, 1, 0);
}
poly1305_core_emit(&dctx->h, digest);
--- a/include/crypto/internal/poly1305.h
+++ b/include/crypto/internal/poly1305.h
@@ -46,10 +46,10 @@ unsigned int crypto_poly1305_setdesckey(
{
if (!dctx->sset) {
if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {
- poly1305_core_setkey(&dctx->r, src);
+ poly1305_core_setkey(dctx->r, src);
src += POLY1305_BLOCK_SIZE;
srclen -= POLY1305_BLOCK_SIZE;
- dctx->rset = true;
+ dctx->rset = 1;
}
if (srclen >= POLY1305_BLOCK_SIZE) {
dctx->s[0] = get_unaligned_le32(src + 0);
--- a/include/crypto/poly1305.h
+++ b/include/crypto/poly1305.h
@@ -22,20 +22,20 @@ struct poly1305_state {
};
struct poly1305_desc_ctx {
- /* key */
- struct poly1305_key r;
- /* finalize key */
- u32 s[4];
- /* accumulator */
- struct poly1305_state h;
/* partial buffer */
u8 buf[POLY1305_BLOCK_SIZE];
/* bytes used in partial buffer */
unsigned int buflen;
- /* r key has been set */
- bool rset;
- /* s key has been set */
+ /* how many keys have been set in r[] */
+ unsigned short rset;
+ /* whether s[] has been set */
bool sset;
+ /* finalize key */
+ u32 s[4];
+ /* accumulator */
+ struct poly1305_state h;
+ /* key */
+ struct poly1305_key r[1];
};
#endif

224
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0015-crypto-poly1305-expose-init-update-final-library-int.patch
View File

@@ -1,224 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:21 +0100
Subject: [PATCH] crypto: poly1305 - expose init/update/final library interface
commit a1d93064094cc5e24d64e35cf093e7191d0c9344 upstream.
Expose the existing generic Poly1305 code via a init/update/final
library interface so that callers are not required to go through
the crypto API's shash abstraction to access it. At the same time,
make some preparations so that the library implementation can be
superseded by an accelerated arch-specific version in the future.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
crypto/poly1305_generic.c | 22 +-----------
include/crypto/poly1305.h | 38 +++++++++++++++++++-
lib/crypto/Kconfig | 26 ++++++++++++++
lib/crypto/poly1305.c | 74 +++++++++++++++++++++++++++++++++++++++
4 files changed, 138 insertions(+), 22 deletions(-)
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -85,31 +85,11 @@ EXPORT_SYMBOL_GPL(crypto_poly1305_update
int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
{
struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
- __le32 digest[4];
- u64 f = 0;
if (unlikely(!dctx->sset))
return -ENOKEY;
- if (unlikely(dctx->buflen)) {
- dctx->buf[dctx->buflen++] = 1;
- memset(dctx->buf + dctx->buflen, 0,
- POLY1305_BLOCK_SIZE - dctx->buflen);
- poly1305_core_blocks(&dctx->h, dctx->r, dctx->buf, 1, 0);
- }
-
- poly1305_core_emit(&dctx->h, digest);
-
- /* mac = (h + s) % (2^128) */
- f = (f >> 32) + le32_to_cpu(digest[0]) + dctx->s[0];
- put_unaligned_le32(f, dst + 0);
- f = (f >> 32) + le32_to_cpu(digest[1]) + dctx->s[1];
- put_unaligned_le32(f, dst + 4);
- f = (f >> 32) + le32_to_cpu(digest[2]) + dctx->s[2];
- put_unaligned_le32(f, dst + 8);
- f = (f >> 32) + le32_to_cpu(digest[3]) + dctx->s[3];
- put_unaligned_le32(f, dst + 12);
-
+ poly1305_final_generic(dctx, dst);
return 0;
}
EXPORT_SYMBOL_GPL(crypto_poly1305_final);
--- a/include/crypto/poly1305.h
+++ b/include/crypto/poly1305.h
@@ -35,7 +35,43 @@ struct poly1305_desc_ctx {
/* accumulator */
struct poly1305_state h;
/* key */
- struct poly1305_key r[1];
+ struct poly1305_key r[CONFIG_CRYPTO_LIB_POLY1305_RSIZE];
};
+void poly1305_init_arch(struct poly1305_desc_ctx *desc, const u8 *key);
+void poly1305_init_generic(struct poly1305_desc_ctx *desc, const u8 *key);
+
+static inline void poly1305_init(struct poly1305_desc_ctx *desc, const u8 *key)
+{
+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305))
+ poly1305_init_arch(desc, key);
+ else
+ poly1305_init_generic(desc, key);
+}
+
+void poly1305_update_arch(struct poly1305_desc_ctx *desc, const u8 *src,
+ unsigned int nbytes);
+void poly1305_update_generic(struct poly1305_desc_ctx *desc, const u8 *src,
+ unsigned int nbytes);
+
+static inline void poly1305_update(struct poly1305_desc_ctx *desc,
+ const u8 *src, unsigned int nbytes)
+{
+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305))
+ poly1305_update_arch(desc, src, nbytes);
+ else
+ poly1305_update_generic(desc, src, nbytes);
+}
+
+void poly1305_final_arch(struct poly1305_desc_ctx *desc, u8 *digest);
+void poly1305_final_generic(struct poly1305_desc_ctx *desc, u8 *digest);
+
+static inline void poly1305_final(struct poly1305_desc_ctx *desc, u8 *digest)
+{
+ if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305))
+ poly1305_final_arch(desc, digest);
+ else
+ poly1305_final_generic(desc, digest);
+}
+
#endif
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -37,8 +37,34 @@ config CRYPTO_LIB_CHACHA
config CRYPTO_LIB_DES
tristate
+config CRYPTO_LIB_POLY1305_RSIZE
+ int
+ default 1
+
+config CRYPTO_ARCH_HAVE_LIB_POLY1305
+ tristate
+ help
+ Declares whether the architecture provides an arch-specific
+ accelerated implementation of the Poly1305 library interface,
+ either builtin or as a module.
+
config CRYPTO_LIB_POLY1305_GENERIC
tristate
+ help
+ This symbol can be depended upon by arch implementations of the
+ Poly1305 library interface that require the generic code as a
+ fallback, e.g., for SIMD implementations. If no arch specific
+ implementation is enabled, this implementation serves the users
+ of CRYPTO_LIB_POLY1305.
+
+config CRYPTO_LIB_POLY1305
+ tristate "Poly1305 library interface"
+ depends on CRYPTO_ARCH_HAVE_LIB_POLY1305 || !CRYPTO_ARCH_HAVE_LIB_POLY1305
+ select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n
+ help
+ Enable the Poly1305 library interface. This interface may be fulfilled
+ by either the generic implementation or an arch-specific one, if one
+ is available and enabled.
config CRYPTO_LIB_SHA256
tristate
--- a/lib/crypto/poly1305.c
+++ b/lib/crypto/poly1305.c
@@ -154,5 +154,79 @@ void poly1305_core_emit(const struct pol
}
EXPORT_SYMBOL_GPL(poly1305_core_emit);
+void poly1305_init_generic(struct poly1305_desc_ctx *desc, const u8 *key)
+{
+ poly1305_core_setkey(desc->r, key);
+ desc->s[0] = get_unaligned_le32(key + 16);
+ desc->s[1] = get_unaligned_le32(key + 20);
+ desc->s[2] = get_unaligned_le32(key + 24);
+ desc->s[3] = get_unaligned_le32(key + 28);
+ poly1305_core_init(&desc->h);
+ desc->buflen = 0;
+ desc->sset = true;
+ desc->rset = 1;
+}
+EXPORT_SYMBOL_GPL(poly1305_init_generic);
+
+void poly1305_update_generic(struct poly1305_desc_ctx *desc, const u8 *src,
+ unsigned int nbytes)
+{
+ unsigned int bytes;
+
+ if (unlikely(desc->buflen)) {
+ bytes = min(nbytes, POLY1305_BLOCK_SIZE - desc->buflen);
+ memcpy(desc->buf + desc->buflen, src, bytes);
+ src += bytes;
+ nbytes -= bytes;
+ desc->buflen += bytes;
+
+ if (desc->buflen == POLY1305_BLOCK_SIZE) {
+ poly1305_core_blocks(&desc->h, desc->r, desc->buf, 1, 1);
+ desc->buflen = 0;
+ }
+ }
+
+ if (likely(nbytes >= POLY1305_BLOCK_SIZE)) {
+ poly1305_core_blocks(&desc->h, desc->r, src,
+ nbytes / POLY1305_BLOCK_SIZE, 1);
+ src += nbytes - (nbytes % POLY1305_BLOCK_SIZE);
+ nbytes %= POLY1305_BLOCK_SIZE;
+ }
+
+ if (unlikely(nbytes)) {
+ desc->buflen = nbytes;
+ memcpy(desc->buf, src, nbytes);
+ }
+}
+EXPORT_SYMBOL_GPL(poly1305_update_generic);
+
+void poly1305_final_generic(struct poly1305_desc_ctx *desc, u8 *dst)
+{
+ __le32 digest[4];
+ u64 f = 0;
+
+ if (unlikely(desc->buflen)) {
+ desc->buf[desc->buflen++] = 1;
+ memset(desc->buf + desc->buflen, 0,
+ POLY1305_BLOCK_SIZE - desc->buflen);
+ poly1305_core_blocks(&desc->h, desc->r, desc->buf, 1, 0);
+ }
+
+ poly1305_core_emit(&desc->h, digest);
+
+ /* mac = (h + s) % (2^128) */
+ f = (f >> 32) + le32_to_cpu(digest[0]) + desc->s[0];
+ put_unaligned_le32(f, dst + 0);
+ f = (f >> 32) + le32_to_cpu(digest[1]) + desc->s[1];
+ put_unaligned_le32(f, dst + 4);
+ f = (f >> 32) + le32_to_cpu(digest[2]) + desc->s[2];
+ put_unaligned_le32(f, dst + 8);
+ f = (f >> 32) + le32_to_cpu(digest[3]) + desc->s[3];
+ put_unaligned_le32(f, dst + 12);
+
+ *desc = (struct poly1305_desc_ctx){};
+}
+EXPORT_SYMBOL_GPL(poly1305_final_generic);
+
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");

217
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0016-crypto-x86-poly1305-depend-on-generic-library-not-ge.patch
View File

@@ -1,217 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:22 +0100
Subject: [PATCH] crypto: x86/poly1305 - depend on generic library not generic
shash
commit 1b2c6a5120489d41c8ea3b8dacd0b4586289b158 upstream.
Remove the dependency on the generic Poly1305 driver. Instead, depend
on the generic library so that we only reuse code without pulling in
the generic skcipher implementation as well.
While at it, remove the logic that prefers the non-SIMD path for short
inputs - this is no longer necessary after recent FPU handling changes
on x86.
Since this removes the last remaining user of the routines exported
by the generic shash driver, unexport them and make them static.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/x86/crypto/poly1305_glue.c | 66 +++++++++++++++++++++++++-----
crypto/Kconfig | 2 +-
crypto/poly1305_generic.c | 11 ++---
include/crypto/internal/poly1305.h | 9 ----
4 files changed, 60 insertions(+), 28 deletions(-)
--- a/arch/x86/crypto/poly1305_glue.c
+++ b/arch/x86/crypto/poly1305_glue.c
@@ -34,6 +34,24 @@ static void poly1305_simd_mult(u32 *a, c
poly1305_block_sse2(a, m, b, 1);
}
+static unsigned int poly1305_scalar_blocks(struct poly1305_desc_ctx *dctx,
+ const u8 *src, unsigned int srclen)
+{
+ unsigned int datalen;
+
+ if (unlikely(!dctx->sset)) {
+ datalen = crypto_poly1305_setdesckey(dctx, src, srclen);
+ src += srclen - datalen;
+ srclen = datalen;
+ }
+ if (srclen >= POLY1305_BLOCK_SIZE) {
+ poly1305_core_blocks(&dctx->h, dctx->r, src,
+ srclen / POLY1305_BLOCK_SIZE, 1);
+ srclen %= POLY1305_BLOCK_SIZE;
+ }
+ return srclen;
+}
+
static unsigned int poly1305_simd_blocks(struct poly1305_desc_ctx *dctx,
const u8 *src, unsigned int srclen)
{
@@ -91,12 +109,6 @@ static int poly1305_simd_update(struct s
struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
unsigned int bytes;
- /* kernel_fpu_begin/end is costly, use fallback for small updates */
- if (srclen <= 288 || !crypto_simd_usable())
- return crypto_poly1305_update(desc, src, srclen);
-
- kernel_fpu_begin();
-
if (unlikely(dctx->buflen)) {
bytes = min(srclen, POLY1305_BLOCK_SIZE - dctx->buflen);
memcpy(dctx->buf + dctx->buflen, src, bytes);
@@ -105,25 +117,57 @@ static int poly1305_simd_update(struct s
dctx->buflen += bytes;
if (dctx->buflen == POLY1305_BLOCK_SIZE) {
- poly1305_simd_blocks(dctx, dctx->buf,
- POLY1305_BLOCK_SIZE);
+ if (likely(crypto_simd_usable())) {
+ kernel_fpu_begin();
+ poly1305_simd_blocks(dctx, dctx->buf,
+ POLY1305_BLOCK_SIZE);
+ kernel_fpu_end();
+ } else {
+ poly1305_scalar_blocks(dctx, dctx->buf,
+ POLY1305_BLOCK_SIZE);
+ }
dctx->buflen = 0;
}
}
if (likely(srclen >= POLY1305_BLOCK_SIZE)) {
- bytes = poly1305_simd_blocks(dctx, src, srclen);
+ if (likely(crypto_simd_usable())) {
+ kernel_fpu_begin();
+ bytes = poly1305_simd_blocks(dctx, src, srclen);
+ kernel_fpu_end();
+ } else {
+ bytes = poly1305_scalar_blocks(dctx, src, srclen);
+ }
src += srclen - bytes;
srclen = bytes;
}
- kernel_fpu_end();
-
if (unlikely(srclen)) {
dctx->buflen = srclen;
memcpy(dctx->buf, src, srclen);
}
+}
+
+static int crypto_poly1305_init(struct shash_desc *desc)
+{
+ struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ poly1305_core_init(&dctx->h);
+ dctx->buflen = 0;
+ dctx->rset = 0;
+ dctx->sset = false;
+
+ return 0;
+}
+
+static int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
+{
+ struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ if (unlikely(!dctx->sset))
+ return -ENOKEY;
+ poly1305_final_generic(dctx, dst);
return 0;
}
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -697,7 +697,7 @@ config CRYPTO_POLY1305
config CRYPTO_POLY1305_X86_64
tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
depends on X86 && 64BIT
- select CRYPTO_POLY1305
+ select CRYPTO_LIB_POLY1305_GENERIC
help
Poly1305 authenticator algorithm, RFC7539.
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -19,7 +19,7 @@
#include <linux/module.h>
#include <asm/unaligned.h>
-int crypto_poly1305_init(struct shash_desc *desc)
+static int crypto_poly1305_init(struct shash_desc *desc)
{
struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
@@ -30,7 +30,6 @@ int crypto_poly1305_init(struct shash_de
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_poly1305_init);
static void poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src,
unsigned int srclen)
@@ -47,8 +46,8 @@ static void poly1305_blocks(struct poly1
srclen / POLY1305_BLOCK_SIZE, 1);
}
-int crypto_poly1305_update(struct shash_desc *desc,
- const u8 *src, unsigned int srclen)
+static int crypto_poly1305_update(struct shash_desc *desc,
+ const u8 *src, unsigned int srclen)
{
struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
unsigned int bytes;
@@ -80,9 +79,8 @@ int crypto_poly1305_update(struct shash_
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_poly1305_update);
-int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
+static int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
{
struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
@@ -92,7 +90,6 @@ int crypto_poly1305_final(struct shash_d
poly1305_final_generic(dctx, dst);
return 0;
}
-EXPORT_SYMBOL_GPL(crypto_poly1305_final);
static struct shash_alg poly1305_alg = {
.digestsize = POLY1305_DIGEST_SIZE,
--- a/include/crypto/internal/poly1305.h
+++ b/include/crypto/internal/poly1305.h
@@ -10,8 +10,6 @@
#include <linux/types.h>
#include <crypto/poly1305.h>
-struct shash_desc;
-
/*
* Poly1305 core functions. These implement the ε-almost-∆-universal hash
* function underlying the Poly1305 MAC, i.e. they don't add an encrypted nonce
@@ -28,13 +26,6 @@ void poly1305_core_blocks(struct poly130
unsigned int nblocks, u32 hibit);
void poly1305_core_emit(const struct poly1305_state *state, void *dst);
-/* Crypto API helper functions for the Poly1305 MAC */
-int crypto_poly1305_init(struct shash_desc *desc);
-
-int crypto_poly1305_update(struct shash_desc *desc,
- const u8 *src, unsigned int srclen);
-int crypto_poly1305_final(struct shash_desc *desc, u8 *dst);
-
/*
* Poly1305 requires a unique key for each tag, which implies that we can't set
* it on the tfm that gets accessed by multiple users simultaneously. Instead we

163
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0017-crypto-x86-poly1305-expose-existing-driver-as-poly13.patch
View File

@@ -1,163 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:23 +0100
Subject: [PATCH] crypto: x86/poly1305 - expose existing driver as poly1305
library
commit f0e89bcfbb894e5844cd1bbf6b3cf7c63cb0f5ac upstream.
Implement the arch init/update/final Poly1305 library routines in the
accelerated SIMD driver for x86 so they are accessible to users of
the Poly1305 library interface as well.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/x86/crypto/poly1305_glue.c | 57 ++++++++++++++++++++++++---------
crypto/Kconfig | 1 +
lib/crypto/Kconfig | 1 +
3 files changed, 43 insertions(+), 16 deletions(-)
--- a/arch/x86/crypto/poly1305_glue.c
+++ b/arch/x86/crypto/poly1305_glue.c
@@ -10,6 +10,7 @@
#include <crypto/internal/poly1305.h>
#include <crypto/internal/simd.h>
#include <linux/crypto.h>
+#include <linux/jump_label.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <asm/simd.h>
@@ -21,7 +22,8 @@ asmlinkage void poly1305_2block_sse2(u32
asmlinkage void poly1305_4block_avx2(u32 *h, const u8 *src, const u32 *r,
unsigned int blocks, const u32 *u);
-static bool poly1305_use_avx2 __ro_after_init;
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(poly1305_use_simd);
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(poly1305_use_avx2);
static void poly1305_simd_mult(u32 *a, const u32 *b)
{
@@ -64,7 +66,7 @@ static unsigned int poly1305_simd_blocks
}
if (IS_ENABLED(CONFIG_AS_AVX2) &&
- poly1305_use_avx2 &&
+ static_branch_likely(&poly1305_use_avx2) &&
srclen >= POLY1305_BLOCK_SIZE * 4) {
if (unlikely(dctx->rset < 4)) {
if (dctx->rset < 2) {
@@ -103,10 +105,15 @@ static unsigned int poly1305_simd_blocks
return srclen;
}
-static int poly1305_simd_update(struct shash_desc *desc,
- const u8 *src, unsigned int srclen)
+void poly1305_init_arch(struct poly1305_desc_ctx *desc, const u8 *key)
+{
+ poly1305_init_generic(desc, key);
+}
+EXPORT_SYMBOL(poly1305_init_arch);
+
+void poly1305_update_arch(struct poly1305_desc_ctx *dctx, const u8 *src,
+ unsigned int srclen)
{
- struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
unsigned int bytes;
if (unlikely(dctx->buflen)) {
@@ -117,7 +124,8 @@ static int poly1305_simd_update(struct s
dctx->buflen += bytes;
if (dctx->buflen == POLY1305_BLOCK_SIZE) {
- if (likely(crypto_simd_usable())) {
+ if (static_branch_likely(&poly1305_use_simd) &&
+ likely(crypto_simd_usable())) {
kernel_fpu_begin();
poly1305_simd_blocks(dctx, dctx->buf,
POLY1305_BLOCK_SIZE);
@@ -131,7 +139,8 @@ static int poly1305_simd_update(struct s
}
if (likely(srclen >= POLY1305_BLOCK_SIZE)) {
- if (likely(crypto_simd_usable())) {
+ if (static_branch_likely(&poly1305_use_simd) &&
+ likely(crypto_simd_usable())) {
kernel_fpu_begin();
bytes = poly1305_simd_blocks(dctx, src, srclen);
kernel_fpu_end();
@@ -147,6 +156,13 @@ static int poly1305_simd_update(struct s
memcpy(dctx->buf, src, srclen);
}
}
+EXPORT_SYMBOL(poly1305_update_arch);
+
+void poly1305_final_arch(struct poly1305_desc_ctx *desc, u8 *digest)
+{
+ poly1305_final_generic(desc, digest);
+}
+EXPORT_SYMBOL(poly1305_final_arch);
static int crypto_poly1305_init(struct shash_desc *desc)
{
@@ -171,6 +187,15 @@ static int crypto_poly1305_final(struct
return 0;
}
+static int poly1305_simd_update(struct shash_desc *desc,
+ const u8 *src, unsigned int srclen)
+{
+ struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ poly1305_update_arch(dctx, src, srclen);
+ return 0;
+}
+
static struct shash_alg alg = {
.digestsize = POLY1305_DIGEST_SIZE,
.init = crypto_poly1305_init,
@@ -189,15 +214,15 @@ static struct shash_alg alg = {
static int __init poly1305_simd_mod_init(void)
{
if (!boot_cpu_has(X86_FEATURE_XMM2))
- return -ENODEV;
+ return 0;
- poly1305_use_avx2 = IS_ENABLED(CONFIG_AS_AVX2) &&
- boot_cpu_has(X86_FEATURE_AVX) &&
- boot_cpu_has(X86_FEATURE_AVX2) &&
- cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL);
- alg.descsize = sizeof(struct poly1305_desc_ctx) + 5 * sizeof(u32);
- if (poly1305_use_avx2)
- alg.descsize += 10 * sizeof(u32);
+ static_branch_enable(&poly1305_use_simd);
+
+ if (IS_ENABLED(CONFIG_AS_AVX2) &&
+ boot_cpu_has(X86_FEATURE_AVX) &&
+ boot_cpu_has(X86_FEATURE_AVX2) &&
+ cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL))
+ static_branch_enable(&poly1305_use_avx2);
return crypto_register_shash(&alg);
}
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -698,6 +698,7 @@ config CRYPTO_POLY1305_X86_64
tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)"
depends on X86 && 64BIT
select CRYPTO_LIB_POLY1305_GENERIC
+ select CRYPTO_ARCH_HAVE_LIB_POLY1305
help
Poly1305 authenticator algorithm, RFC7539.
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -39,6 +39,7 @@ config CRYPTO_LIB_DES
config CRYPTO_LIB_POLY1305_RSIZE
int
+ default 4 if X86_64
default 1
config CRYPTO_ARCH_HAVE_LIB_POLY1305

2083
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0018-crypto-arm64-poly1305-incorporate-OpenSSL-CRYPTOGAMS.patch
View File

File diff suppressed because it is too large Load Diff

2776
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0019-crypto-arm-poly1305-incorporate-OpenSSL-CRYPTOGAMS-N.patch
View File

File diff suppressed because it is too large Load Diff

1563
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0020-crypto-mips-poly1305-incorporate-OpenSSL-CRYPTOGAMS-.patch
View File

File diff suppressed because it is too large Load Diff

1097
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0021-crypto-blake2s-generic-C-library-implementation-and-.patch
View File

File diff suppressed because it is too large Load Diff

322
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0022-crypto-testmgr-add-test-cases-for-Blake2s.patch
View File

@@ -1,322 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:29 +0100
Subject: [PATCH] crypto: testmgr - add test cases for Blake2s
commit 17e1df67023a5c9ccaeb5de8bf5b88f63127ecf7 upstream.
As suggested by Eric for the Blake2b implementation contributed by
David, introduce a set of test vectors for Blake2s covering different
digest and key sizes.
blake2s-128 blake2s-160 blake2s-224 blake2s-256
---------------------------------------------------
len=0 | klen=0 klen=1 klen=16 klen=32
len=1 | klen=16 klen=32 klen=0 klen=1
len=7 | klen=32 klen=0 klen=1 klen=16
len=15 | klen=1 klen=16 klen=32 klen=0
len=64 | klen=0 klen=1 klen=16 klen=32
len=247 | klen=16 klen=32 klen=0 klen=1
len=256 | klen=32 klen=0 klen=1 klen=16
Cc: David Sterba <dsterba@suse.com>
Cc: Eric Biggers <ebiggers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
crypto/testmgr.c | 24 +++++
crypto/testmgr.h | 251 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 275 insertions(+)
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -4035,6 +4035,30 @@ static const struct alg_test_desc alg_te
.test = alg_test_null,
.fips_allowed = 1,
}, {
+ .alg = "blake2s-128",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(blakes2s_128_tv_template)
+ }
+ }, {
+ .alg = "blake2s-160",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(blakes2s_160_tv_template)
+ }
+ }, {
+ .alg = "blake2s-224",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(blakes2s_224_tv_template)
+ }
+ }, {
+ .alg = "blake2s-256",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(blakes2s_256_tv_template)
+ }
+ }, {
.alg = "cbc(aes)",
.test = alg_test_skcipher,
.fips_allowed = 1,
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -31567,4 +31567,255 @@ static const struct aead_testvec essiv_h
},
};
+static const char blake2_ordered_sequence[] =
+ "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23\x24\x25\x26\x27"
+ "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
+ "\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
+ "\x40\x41\x42\x43\x44\x45\x46\x47"
+ "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
+ "\x50\x51\x52\x53\x54\x55\x56\x57"
+ "\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
+ "\x60\x61\x62\x63\x64\x65\x66\x67"
+ "\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
+ "\x70\x71\x72\x73\x74\x75\x76\x77"
+ "\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
+ "\x80\x81\x82\x83\x84\x85\x86\x87"
+ "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
+ "\x90\x91\x92\x93\x94\x95\x96\x97"
+ "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
+ "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
+ "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
+ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
+ "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
+ "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
+ "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
+ "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
+ "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
+ "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
+ "\xe8\xe9\xea\xeb\xec\xed\xee\xef"
+ "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
+ "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff";
+
+static const struct hash_testvec blakes2s_128_tv_template[] = {{
+ .digest = (u8[]){ 0x64, 0x55, 0x0d, 0x6f, 0xfe, 0x2c, 0x0a, 0x01,
+ 0xa1, 0x4a, 0xba, 0x1e, 0xad, 0xe0, 0x20, 0x0c, },
+}, {
+ .plaintext = blake2_ordered_sequence,
+ .psize = 64,
+ .digest = (u8[]){ 0xdc, 0x66, 0xca, 0x8f, 0x03, 0x86, 0x58, 0x01,
+ 0xb0, 0xff, 0xe0, 0x6e, 0xd8, 0xa1, 0xa9, 0x0e, },
+}, {
+ .ksize = 16,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 1,
+ .digest = (u8[]){ 0x88, 0x1e, 0x42, 0xe7, 0xbb, 0x35, 0x80, 0x82,
+ 0x63, 0x7c, 0x0a, 0x0f, 0xd7, 0xec, 0x6c, 0x2f, },
+}, {
+ .ksize = 32,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 7,
+ .digest = (u8[]){ 0xcf, 0x9e, 0x07, 0x2a, 0xd5, 0x22, 0xf2, 0xcd,
+ 0xa2, 0xd8, 0x25, 0x21, 0x80, 0x86, 0x73, 0x1c, },
+}, {
+ .ksize = 1,
+ .key = "B",
+ .plaintext = blake2_ordered_sequence,
+ .psize = 15,
+ .digest = (u8[]){ 0xf6, 0x33, 0x5a, 0x2c, 0x22, 0xa0, 0x64, 0xb2,
+ 0xb6, 0x3f, 0xeb, 0xbc, 0xd1, 0xc3, 0xe5, 0xb2, },
+}, {
+ .ksize = 16,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 247,
+ .digest = (u8[]){ 0x72, 0x66, 0x49, 0x60, 0xf9, 0x4a, 0xea, 0xbe,
+ 0x1f, 0xf4, 0x60, 0xce, 0xb7, 0x81, 0xcb, 0x09, },
+}, {
+ .ksize = 32,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 256,
+ .digest = (u8[]){ 0xd5, 0xa4, 0x0e, 0xc3, 0x16, 0xc7, 0x51, 0xa6,
+ 0x3c, 0xd0, 0xd9, 0x11, 0x57, 0xfa, 0x1e, 0xbb, },
+}};
+
+static const struct hash_testvec blakes2s_160_tv_template[] = {{
+ .plaintext = blake2_ordered_sequence,
+ .psize = 7,
+ .digest = (u8[]){ 0xb4, 0xf2, 0x03, 0x49, 0x37, 0xed, 0xb1, 0x3e,
+ 0x5b, 0x2a, 0xca, 0x64, 0x82, 0x74, 0xf6, 0x62,
+ 0xe3, 0xf2, 0x84, 0xff, },
+}, {
+ .plaintext = blake2_ordered_sequence,
+ .psize = 256,
+ .digest = (u8[]){ 0xaa, 0x56, 0x9b, 0xdc, 0x98, 0x17, 0x75, 0xf2,
+ 0xb3, 0x68, 0x83, 0xb7, 0x9b, 0x8d, 0x48, 0xb1,
+ 0x9b, 0x2d, 0x35, 0x05, },
+}, {
+ .ksize = 1,
+ .key = "B",
+ .digest = (u8[]){ 0x50, 0x16, 0xe7, 0x0c, 0x01, 0xd0, 0xd3, 0xc3,
+ 0xf4, 0x3e, 0xb1, 0x6e, 0x97, 0xa9, 0x4e, 0xd1,
+ 0x79, 0x65, 0x32, 0x93, },
+}, {
+ .ksize = 32,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 1,
+ .digest = (u8[]){ 0x1c, 0x2b, 0xcd, 0x9a, 0x68, 0xca, 0x8c, 0x71,
+ 0x90, 0x29, 0x6c, 0x54, 0xfa, 0x56, 0x4a, 0xef,
+ 0xa2, 0x3a, 0x56, 0x9c, },
+}, {
+ .ksize = 16,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 15,
+ .digest = (u8[]){ 0x36, 0xc3, 0x5f, 0x9a, 0xdc, 0x7e, 0xbf, 0x19,
+ 0x68, 0xaa, 0xca, 0xd8, 0x81, 0xbf, 0x09, 0x34,
+ 0x83, 0x39, 0x0f, 0x30, },
+}, {
+ .ksize = 1,
+ .key = "B",
+ .plaintext = blake2_ordered_sequence,
+ .psize = 64,
+ .digest = (u8[]){ 0x86, 0x80, 0x78, 0xa4, 0x14, 0xec, 0x03, 0xe5,
+ 0xb6, 0x9a, 0x52, 0x0e, 0x42, 0xee, 0x39, 0x9d,
+ 0xac, 0xa6, 0x81, 0x63, },
+}, {
+ .ksize = 32,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 247,
+ .digest = (u8[]){ 0x2d, 0xd8, 0xd2, 0x53, 0x66, 0xfa, 0xa9, 0x01,
+ 0x1c, 0x9c, 0xaf, 0xa3, 0xe2, 0x9d, 0x9b, 0x10,
+ 0x0a, 0xf6, 0x73, 0xe8, },
+}};
+
+static const struct hash_testvec blakes2s_224_tv_template[] = {{
+ .plaintext = blake2_ordered_sequence,
+ .psize = 1,
+ .digest = (u8[]){ 0x61, 0xb9, 0x4e, 0xc9, 0x46, 0x22, 0xa3, 0x91,
+ 0xd2, 0xae, 0x42, 0xe6, 0x45, 0x6c, 0x90, 0x12,
+ 0xd5, 0x80, 0x07, 0x97, 0xb8, 0x86, 0x5a, 0xfc,
+ 0x48, 0x21, 0x97, 0xbb, },
+}, {
+ .plaintext = blake2_ordered_sequence,
+ .psize = 247,
+ .digest = (u8[]){ 0x9e, 0xda, 0xc7, 0x20, 0x2c, 0xd8, 0x48, 0x2e,
+ 0x31, 0x94, 0xab, 0x46, 0x6d, 0x94, 0xd8, 0xb4,
+ 0x69, 0xcd, 0xae, 0x19, 0x6d, 0x9e, 0x41, 0xcc,
+ 0x2b, 0xa4, 0xd5, 0xf6, },
+}, {
+ .ksize = 16,
+ .key = blake2_ordered_sequence,
+ .digest = (u8[]){ 0x32, 0xc0, 0xac, 0xf4, 0x3b, 0xd3, 0x07, 0x9f,
+ 0xbe, 0xfb, 0xfa, 0x4d, 0x6b, 0x4e, 0x56, 0xb3,
+ 0xaa, 0xd3, 0x27, 0xf6, 0x14, 0xbf, 0xb9, 0x32,
+ 0xa7, 0x19, 0xfc, 0xb8, },
+}, {
+ .ksize = 1,
+ .key = "B",
+ .plaintext = blake2_ordered_sequence,
+ .psize = 7,
+ .digest = (u8[]){ 0x73, 0xad, 0x5e, 0x6d, 0xb9, 0x02, 0x8e, 0x76,
+ 0xf2, 0x66, 0x42, 0x4b, 0x4c, 0xfa, 0x1f, 0xe6,
+ 0x2e, 0x56, 0x40, 0xe5, 0xa2, 0xb0, 0x3c, 0xe8,
+ 0x7b, 0x45, 0xfe, 0x05, },
+}, {
+ .ksize = 32,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 15,
+ .digest = (u8[]){ 0x16, 0x60, 0xfb, 0x92, 0x54, 0xb3, 0x6e, 0x36,
+ 0x81, 0xf4, 0x16, 0x41, 0xc3, 0x3d, 0xd3, 0x43,
+ 0x84, 0xed, 0x10, 0x6f, 0x65, 0x80, 0x7a, 0x3e,
+ 0x25, 0xab, 0xc5, 0x02, },
+}, {
+ .ksize = 16,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 64,
+ .digest = (u8[]){ 0xca, 0xaa, 0x39, 0x67, 0x9c, 0xf7, 0x6b, 0xc7,
+ 0xb6, 0x82, 0xca, 0x0e, 0x65, 0x36, 0x5b, 0x7c,
+ 0x24, 0x00, 0xfa, 0x5f, 0xda, 0x06, 0x91, 0x93,
+ 0x6a, 0x31, 0x83, 0xb5, },
+}, {
+ .ksize = 1,
+ .key = "B",
+ .plaintext = blake2_ordered_sequence,
+ .psize = 256,
+ .digest = (u8[]){ 0x90, 0x02, 0x26, 0xb5, 0x06, 0x9c, 0x36, 0x86,
+ 0x94, 0x91, 0x90, 0x1e, 0x7d, 0x2a, 0x71, 0xb2,
+ 0x48, 0xb5, 0xe8, 0x16, 0xfd, 0x64, 0x33, 0x45,
+ 0xb3, 0xd7, 0xec, 0xcc, },
+}};
+
+static const struct hash_testvec blakes2s_256_tv_template[] = {{
+ .plaintext = blake2_ordered_sequence,
+ .psize = 15,
+ .digest = (u8[]){ 0xd9, 0x7c, 0x82, 0x8d, 0x81, 0x82, 0xa7, 0x21,
+ 0x80, 0xa0, 0x6a, 0x78, 0x26, 0x83, 0x30, 0x67,
+ 0x3f, 0x7c, 0x4e, 0x06, 0x35, 0x94, 0x7c, 0x04,
+ 0xc0, 0x23, 0x23, 0xfd, 0x45, 0xc0, 0xa5, 0x2d, },
+}, {
+ .ksize = 32,
+ .key = blake2_ordered_sequence,
+ .digest = (u8[]){ 0x48, 0xa8, 0x99, 0x7d, 0xa4, 0x07, 0x87, 0x6b,
+ 0x3d, 0x79, 0xc0, 0xd9, 0x23, 0x25, 0xad, 0x3b,
+ 0x89, 0xcb, 0xb7, 0x54, 0xd8, 0x6a, 0xb7, 0x1a,
+ 0xee, 0x04, 0x7a, 0xd3, 0x45, 0xfd, 0x2c, 0x49, },
+}, {
+ .ksize = 1,
+ .key = "B",
+ .plaintext = blake2_ordered_sequence,
+ .psize = 1,
+ .digest = (u8[]){ 0x22, 0x27, 0xae, 0xaa, 0x6e, 0x81, 0x56, 0x03,
+ 0xa7, 0xe3, 0xa1, 0x18, 0xa5, 0x9a, 0x2c, 0x18,
+ 0xf4, 0x63, 0xbc, 0x16, 0x70, 0xf1, 0xe7, 0x4b,
+ 0x00, 0x6d, 0x66, 0x16, 0xae, 0x9e, 0x74, 0x4e, },
+}, {
+ .ksize = 16,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 7,
+ .digest = (u8[]){ 0x58, 0x5d, 0xa8, 0x60, 0x1c, 0xa4, 0xd8, 0x03,
+ 0x86, 0x86, 0x84, 0x64, 0xd7, 0xa0, 0x8e, 0x15,
+ 0x2f, 0x05, 0xa2, 0x1b, 0xbc, 0xef, 0x7a, 0x34,
+ 0xb3, 0xc5, 0xbc, 0x4b, 0xf0, 0x32, 0xeb, 0x12, },
+}, {
+ .ksize = 32,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 64,
+ .digest = (u8[]){ 0x89, 0x75, 0xb0, 0x57, 0x7f, 0xd3, 0x55, 0x66,
+ 0xd7, 0x50, 0xb3, 0x62, 0xb0, 0x89, 0x7a, 0x26,
+ 0xc3, 0x99, 0x13, 0x6d, 0xf0, 0x7b, 0xab, 0xab,
+ 0xbd, 0xe6, 0x20, 0x3f, 0xf2, 0x95, 0x4e, 0xd4, },
+}, {
+ .ksize = 1,
+ .key = "B",
+ .plaintext = blake2_ordered_sequence,
+ .psize = 247,
+ .digest = (u8[]){ 0x2e, 0x74, 0x1c, 0x1d, 0x03, 0xf4, 0x9d, 0x84,
+ 0x6f, 0xfc, 0x86, 0x32, 0x92, 0x49, 0x7e, 0x66,
+ 0xd7, 0xc3, 0x10, 0x88, 0xfe, 0x28, 0xb3, 0xe0,
+ 0xbf, 0x50, 0x75, 0xad, 0x8e, 0xa4, 0xe6, 0xb2, },
+}, {
+ .ksize = 16,
+ .key = blake2_ordered_sequence,
+ .plaintext = blake2_ordered_sequence,
+ .psize = 256,
+ .digest = (u8[]){ 0xb9, 0xd2, 0x81, 0x0e, 0x3a, 0xb1, 0x62, 0x9b,
+ 0xad, 0x44, 0x05, 0xf4, 0x92, 0x2e, 0x99, 0xc1,
+ 0x4a, 0x47, 0xbb, 0x5b, 0x6f, 0xb2, 0x96, 0xed,
+ 0xd5, 0x06, 0xb5, 0x3a, 0x7c, 0x7a, 0x65, 0x1d, },
+}};
+
#endif /* _CRYPTO_TESTMGR_H */

245
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0023-crypto-blake2s-implement-generic-shash-driver.patch
View File

@@ -1,245 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:30 +0100
Subject: [PATCH] crypto: blake2s - implement generic shash driver
commit 7f9b0880925f1f9d7d59504ea0892d2ae9cfc233 upstream.
Wire up our newly added Blake2s implementation via the shash API.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
crypto/Kconfig | 18 ++++
crypto/Makefile | 1 +
crypto/blake2s_generic.c | 171 ++++++++++++++++++++++++++++++
include/crypto/internal/blake2s.h | 5 +
4 files changed, 195 insertions(+)
create mode 100644 crypto/blake2s_generic.c
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -639,6 +639,24 @@ config CRYPTO_XXHASH
xxHash non-cryptographic hash algorithm. Extremely fast, working at
speeds close to RAM limits.
+config CRYPTO_BLAKE2S
+ tristate "BLAKE2s digest algorithm"
+ select CRYPTO_LIB_BLAKE2S_GENERIC
+ select CRYPTO_HASH
+ help
+ Implementation of cryptographic hash function BLAKE2s
+ optimized for 8-32bit platforms and can produce digests of any size
+ between 1 to 32. The keyed hash is also implemented.
+
+ This module provides the following algorithms:
+
+ - blake2s-128
+ - blake2s-160
+ - blake2s-224
+ - blake2s-256
+
+ See https://blake2.net for further information.
+
config CRYPTO_CRCT10DIF
tristate "CRCT10DIF algorithm"
select CRYPTO_HASH
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -74,6 +74,7 @@ obj-$(CONFIG_CRYPTO_STREEBOG) += streebo
obj-$(CONFIG_CRYPTO_WP512) += wp512.o
CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
+obj-$(CONFIG_CRYPTO_BLAKE2S) += blake2s_generic.o
obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
obj-$(CONFIG_CRYPTO_ECB) += ecb.o
obj-$(CONFIG_CRYPTO_CBC) += cbc.o
--- /dev/null
+++ b/crypto/blake2s_generic.c
@@ -0,0 +1,171 @@
+// SPDX-License-Identifier: GPL-2.0 OR MIT
+/*
+ * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+#include <crypto/internal/blake2s.h>
+#include <crypto/internal/simd.h>
+#include <crypto/internal/hash.h>
+
+#include <linux/types.h>
+#include <linux/jump_label.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+
+static int crypto_blake2s_setkey(struct crypto_shash *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(tfm);
+
+ if (keylen == 0 || keylen > BLAKE2S_KEY_SIZE) {
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+
+ memcpy(tctx->key, key, keylen);
+ tctx->keylen = keylen;
+
+ return 0;
+}
+
+static int crypto_blake2s_init(struct shash_desc *desc)
+{
+ struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm);
+ struct blake2s_state *state = shash_desc_ctx(desc);
+ const int outlen = crypto_shash_digestsize(desc->tfm);
+
+ if (tctx->keylen)
+ blake2s_init_key(state, outlen, tctx->key, tctx->keylen);
+ else
+ blake2s_init(state, outlen);
+
+ return 0;
+}
+
+static int crypto_blake2s_update(struct shash_desc *desc, const u8 *in,
+ unsigned int inlen)
+{
+ struct blake2s_state *state = shash_desc_ctx(desc);
+ const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen;
+
+ if (unlikely(!inlen))
+ return 0;
+ if (inlen > fill) {
+ memcpy(state->buf + state->buflen, in, fill);
+ blake2s_compress_generic(state, state->buf, 1, BLAKE2S_BLOCK_SIZE);
+ state->buflen = 0;
+ in += fill;
+ inlen -= fill;
+ }
+ if (inlen > BLAKE2S_BLOCK_SIZE) {
+ const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_SIZE);
+ /* Hash one less (full) block than strictly possible */
+ blake2s_compress_generic(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
+ in += BLAKE2S_BLOCK_SIZE * (nblocks - 1);
+ inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1);
+ }
+ memcpy(state->buf + state->buflen, in, inlen);
+ state->buflen += inlen;
+
+ return 0;
+}
+
+static int crypto_blake2s_final(struct shash_desc *desc, u8 *out)
+{
+ struct blake2s_state *state = shash_desc_ctx(desc);
+
+ blake2s_set_lastblock(state);
+ memset(state->buf + state->buflen, 0,
+ BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */
+ blake2s_compress_generic(state, state->buf, 1, state->buflen);
+ cpu_to_le32_array(state->h, ARRAY_SIZE(state->h));
+ memcpy(out, state->h, state->outlen);
+ memzero_explicit(state, sizeof(*state));
+
+ return 0;
+}
+
+static struct shash_alg blake2s_algs[] = {{
+ .base.cra_name = "blake2s-128",
+ .base.cra_driver_name = "blake2s-128-generic",
+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx),
+ .base.cra_priority = 200,
+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE,
+ .base.cra_module = THIS_MODULE,
+
+ .digestsize = BLAKE2S_128_HASH_SIZE,
+ .setkey = crypto_blake2s_setkey,
+ .init = crypto_blake2s_init,
+ .update = crypto_blake2s_update,
+ .final = crypto_blake2s_final,
+ .descsize = sizeof(struct blake2s_state),
+}, {
+ .base.cra_name = "blake2s-160",
+ .base.cra_driver_name = "blake2s-160-generic",
+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx),
+ .base.cra_priority = 200,
+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE,
+ .base.cra_module = THIS_MODULE,
+
+ .digestsize = BLAKE2S_160_HASH_SIZE,
+ .setkey = crypto_blake2s_setkey,
+ .init = crypto_blake2s_init,
+ .update = crypto_blake2s_update,
+ .final = crypto_blake2s_final,
+ .descsize = sizeof(struct blake2s_state),
+}, {
+ .base.cra_name = "blake2s-224",
+ .base.cra_driver_name = "blake2s-224-generic",
+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx),
+ .base.cra_priority = 200,
+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE,
+ .base.cra_module = THIS_MODULE,
+
+ .digestsize = BLAKE2S_224_HASH_SIZE,
+ .setkey = crypto_blake2s_setkey,
+ .init = crypto_blake2s_init,
+ .update = crypto_blake2s_update,
+ .final = crypto_blake2s_final,
+ .descsize = sizeof(struct blake2s_state),
+}, {
+ .base.cra_name = "blake2s-256",
+ .base.cra_driver_name = "blake2s-256-generic",
+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx),
+ .base.cra_priority = 200,
+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE,
+ .base.cra_module = THIS_MODULE,
+
+ .digestsize = BLAKE2S_256_HASH_SIZE,
+ .setkey = crypto_blake2s_setkey,
+ .init = crypto_blake2s_init,
+ .update = crypto_blake2s_update,
+ .final = crypto_blake2s_final,
+ .descsize = sizeof(struct blake2s_state),
+}};
+
+static int __init blake2s_mod_init(void)
+{
+ return crypto_register_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs));
+}
+
+static void __exit blake2s_mod_exit(void)
+{
+ crypto_unregister_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs));
+}
+
+subsys_initcall(blake2s_mod_init);
+module_exit(blake2s_mod_exit);
+
+MODULE_ALIAS_CRYPTO("blake2s-128");
+MODULE_ALIAS_CRYPTO("blake2s-128-generic");
+MODULE_ALIAS_CRYPTO("blake2s-160");
+MODULE_ALIAS_CRYPTO("blake2s-160-generic");
+MODULE_ALIAS_CRYPTO("blake2s-224");
+MODULE_ALIAS_CRYPTO("blake2s-224-generic");
+MODULE_ALIAS_CRYPTO("blake2s-256");
+MODULE_ALIAS_CRYPTO("blake2s-256-generic");
+MODULE_LICENSE("GPL v2");
--- a/include/crypto/internal/blake2s.h
+++ b/include/crypto/internal/blake2s.h
@@ -5,6 +5,11 @@
#include <crypto/blake2s.h>
+struct blake2s_tfm_ctx {
+ u8 key[BLAKE2S_KEY_SIZE];
+ unsigned int keylen;
+};
+
void blake2s_compress_generic(struct blake2s_state *state,const u8 *block,
size_t nblocks, const u32 inc);

557
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0024-crypto-blake2s-x86_64-SIMD-implementation.patch
View File

@@ -1,557 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Fri, 8 Nov 2019 13:22:31 +0100
Subject: [PATCH] crypto: blake2s - x86_64 SIMD implementation
commit ed0356eda153f6a95649e11feb7b07083caf9e20 upstream.
These implementations from Samuel Neves support AVX and AVX-512VL.
Originally this used AVX-512F, but Skylake thermal throttling made
AVX-512VL more attractive and possible to do with negligable difference.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Samuel Neves <sneves@dei.uc.pt>
Co-developed-by: Samuel Neves <sneves@dei.uc.pt>
[ardb: move to arch/x86/crypto, wire into lib/crypto framework]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
arch/x86/crypto/Makefile | 2 +
arch/x86/crypto/blake2s-core.S | 258 +++++++++++++++++++++++++++++++++
arch/x86/crypto/blake2s-glue.c | 233 +++++++++++++++++++++++++++++
crypto/Kconfig | 6 +
4 files changed, 499 insertions(+)
create mode 100644 arch/x86/crypto/blake2s-core.S
create mode 100644 arch/x86/crypto/blake2s-glue.c
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -48,6 +48,7 @@ ifeq ($(avx_supported),yes)
obj-$(CONFIG_CRYPTO_CAST6_AVX_X86_64) += cast6-avx-x86_64.o
obj-$(CONFIG_CRYPTO_TWOFISH_AVX_X86_64) += twofish-avx-x86_64.o
obj-$(CONFIG_CRYPTO_SERPENT_AVX_X86_64) += serpent-avx-x86_64.o
+ obj-$(CONFIG_CRYPTO_BLAKE2S_X86) += blake2s-x86_64.o
endif
# These modules require assembler to support AVX2.
@@ -70,6 +71,7 @@ serpent-sse2-x86_64-y := serpent-sse2-x8
aegis128-aesni-y := aegis128-aesni-asm.o aegis128-aesni-glue.o
nhpoly1305-sse2-y := nh-sse2-x86_64.o nhpoly1305-sse2-glue.o
+blake2s-x86_64-y := blake2s-core.o blake2s-glue.o
ifeq ($(avx_supported),yes)
camellia-aesni-avx-x86_64-y := camellia-aesni-avx-asm_64.o \
--- /dev/null
+++ b/arch/x86/crypto/blake2s-core.S
@@ -0,0 +1,258 @@
+/* SPDX-License-Identifier: GPL-2.0 OR MIT */
+/*
+ * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2017-2019 Samuel Neves <sneves@dei.uc.pt>. All Rights Reserved.
+ */
+
+#include <linux/linkage.h>
+
+.section .rodata.cst32.BLAKE2S_IV, "aM", @progbits, 32
+.align 32
+IV: .octa 0xA54FF53A3C6EF372BB67AE856A09E667
+ .octa 0x5BE0CD191F83D9AB9B05688C510E527F
+.section .rodata.cst16.ROT16, "aM", @progbits, 16
+.align 16
+ROT16: .octa 0x0D0C0F0E09080B0A0504070601000302
+.section .rodata.cst16.ROR328, "aM", @progbits, 16
+.align 16
+ROR328: .octa 0x0C0F0E0D080B0A090407060500030201
+.section .rodata.cst64.BLAKE2S_SIGMA, "aM", @progbits, 160
+.align 64
+SIGMA:
+.byte 0, 2, 4, 6, 1, 3, 5, 7, 14, 8, 10, 12, 15, 9, 11, 13
+.byte 14, 4, 9, 13, 10, 8, 15, 6, 5, 1, 0, 11, 3, 12, 2, 7
+.byte 11, 12, 5, 15, 8, 0, 2, 13, 9, 10, 3, 7, 4, 14, 6, 1
+.byte 7, 3, 13, 11, 9, 1, 12, 14, 15, 2, 5, 4, 8, 6, 10, 0
+.byte 9, 5, 2, 10, 0, 7, 4, 15, 3, 14, 11, 6, 13, 1, 12, 8
+.byte 2, 6, 0, 8, 12, 10, 11, 3, 1, 4, 7, 15, 9, 13, 5, 14
+.byte 12, 1, 14, 4, 5, 15, 13, 10, 8, 0, 6, 9, 11, 7, 3, 2
+.byte 13, 7, 12, 3, 11, 14, 1, 9, 2, 5, 15, 8, 10, 0, 4, 6
+.byte 6, 14, 11, 0, 15, 9, 3, 8, 10, 12, 13, 1, 5, 2, 7, 4
+.byte 10, 8, 7, 1, 2, 4, 6, 5, 13, 15, 9, 3, 0, 11, 14, 12
+#ifdef CONFIG_AS_AVX512
+.section .rodata.cst64.BLAKE2S_SIGMA2, "aM", @progbits, 640
+.align 64
+SIGMA2:
+.long 0, 2, 4, 6, 1, 3, 5, 7, 14, 8, 10, 12, 15, 9, 11, 13
+.long 8, 2, 13, 15, 10, 9, 12, 3, 6, 4, 0, 14, 5, 11, 1, 7
+.long 11, 13, 8, 6, 5, 10, 14, 3, 2, 4, 12, 15, 1, 0, 7, 9
+.long 11, 10, 7, 0, 8, 15, 1, 13, 3, 6, 2, 12, 4, 14, 9, 5
+.long 4, 10, 9, 14, 15, 0, 11, 8, 1, 7, 3, 13, 2, 5, 6, 12
+.long 2, 11, 4, 15, 14, 3, 10, 8, 13, 6, 5, 7, 0, 12, 1, 9
+.long 4, 8, 15, 9, 14, 11, 13, 5, 3, 2, 1, 12, 6, 10, 7, 0
+.long 6, 13, 0, 14, 12, 2, 1, 11, 15, 4, 5, 8, 7, 9, 3, 10
+.long 15, 5, 4, 13, 10, 7, 3, 11, 12, 2, 0, 6, 9, 8, 1, 14
+.long 8, 7, 14, 11, 13, 15, 0, 12, 10, 4, 5, 6, 3, 2, 1, 9
+#endif /* CONFIG_AS_AVX512 */
+
+.text
+#ifdef CONFIG_AS_SSSE3
+ENTRY(blake2s_compress_ssse3)
+ testq %rdx,%rdx
+ je .Lendofloop
+ movdqu (%rdi),%xmm0
+ movdqu 0x10(%rdi),%xmm1
+ movdqa ROT16(%rip),%xmm12
+ movdqa ROR328(%rip),%xmm13
+ movdqu 0x20(%rdi),%xmm14
+ movq %rcx,%xmm15
+ leaq SIGMA+0xa0(%rip),%r8
+ jmp .Lbeginofloop
+ .align 32
+.Lbeginofloop:
+ movdqa %xmm0,%xmm10
+ movdqa %xmm1,%xmm11
+ paddq %xmm15,%xmm14
+ movdqa IV(%rip),%xmm2
+ movdqa %xmm14,%xmm3
+ pxor IV+0x10(%rip),%xmm3
+ leaq SIGMA(%rip),%rcx
+.Lroundloop:
+ movzbl (%rcx),%eax
+ movd (%rsi,%rax,4),%xmm4
+ movzbl 0x1(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm5
+ movzbl 0x2(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm6
+ movzbl 0x3(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm7
+ punpckldq %xmm5,%xmm4
+ punpckldq %xmm7,%xmm6
+ punpcklqdq %xmm6,%xmm4
+ paddd %xmm4,%xmm0
+ paddd %xmm1,%xmm0
+ pxor %xmm0,%xmm3
+ pshufb %xmm12,%xmm3
+ paddd %xmm3,%xmm2
+ pxor %xmm2,%xmm1
+ movdqa %xmm1,%xmm8
+ psrld $0xc,%xmm1
+ pslld $0x14,%xmm8
+ por %xmm8,%xmm1
+ movzbl 0x4(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm5
+ movzbl 0x5(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm6
+ movzbl 0x6(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm7
+ movzbl 0x7(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm4
+ punpckldq %xmm6,%xmm5
+ punpckldq %xmm4,%xmm7
+ punpcklqdq %xmm7,%xmm5
+ paddd %xmm5,%xmm0
+ paddd %xmm1,%xmm0
+ pxor %xmm0,%xmm3
+ pshufb %xmm13,%xmm3
+ paddd %xmm3,%xmm2
+ pxor %xmm2,%xmm1
+ movdqa %xmm1,%xmm8
+ psrld $0x7,%xmm1
+ pslld $0x19,%xmm8
+ por %xmm8,%xmm1
+ pshufd $0x93,%xmm0,%xmm0
+ pshufd $0x4e,%xmm3,%xmm3
+ pshufd $0x39,%xmm2,%xmm2
+ movzbl 0x8(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm6
+ movzbl 0x9(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm7
+ movzbl 0xa(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm4
+ movzbl 0xb(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm5
+ punpckldq %xmm7,%xmm6
+ punpckldq %xmm5,%xmm4
+ punpcklqdq %xmm4,%xmm6
+ paddd %xmm6,%xmm0
+ paddd %xmm1,%xmm0
+ pxor %xmm0,%xmm3
+ pshufb %xmm12,%xmm3
+ paddd %xmm3,%xmm2
+ pxor %xmm2,%xmm1
+ movdqa %xmm1,%xmm8
+ psrld $0xc,%xmm1
+ pslld $0x14,%xmm8
+ por %xmm8,%xmm1
+ movzbl 0xc(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm7
+ movzbl 0xd(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm4
+ movzbl 0xe(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm5
+ movzbl 0xf(%rcx),%eax
+ movd (%rsi,%rax,4),%xmm6
+ punpckldq %xmm4,%xmm7
+ punpckldq %xmm6,%xmm5
+ punpcklqdq %xmm5,%xmm7
+ paddd %xmm7,%xmm0
+ paddd %xmm1,%xmm0
+ pxor %xmm0,%xmm3
+ pshufb %xmm13,%xmm3
+ paddd %xmm3,%xmm2
+ pxor %xmm2,%xmm1
+ movdqa %xmm1,%xmm8
+ psrld $0x7,%xmm1
+ pslld $0x19,%xmm8
+ por %xmm8,%xmm1
+ pshufd $0x39,%xmm0,%xmm0
+ pshufd $0x4e,%xmm3,%xmm3
+ pshufd $0x93,%xmm2,%xmm2
+ addq $0x10,%rcx
+ cmpq %r8,%rcx
+ jnz .Lroundloop
+ pxor %xmm2,%xmm0
+ pxor %xmm3,%xmm1
+ pxor %xmm10,%xmm0
+ pxor %xmm11,%xmm1
+ addq $0x40,%rsi
+ decq %rdx
+ jnz .Lbeginofloop
+ movdqu %xmm0,(%rdi)
+ movdqu %xmm1,0x10(%rdi)
+ movdqu %xmm14,0x20(%rdi)
+.Lendofloop:
+ ret
+ENDPROC(blake2s_compress_ssse3)
+#endif /* CONFIG_AS_SSSE3 */
+
+#ifdef CONFIG_AS_AVX512
+ENTRY(blake2s_compress_avx512)
+ vmovdqu (%rdi),%xmm0
+ vmovdqu 0x10(%rdi),%xmm1
+ vmovdqu 0x20(%rdi),%xmm4
+ vmovq %rcx,%xmm5
+ vmovdqa IV(%rip),%xmm14
+ vmovdqa IV+16(%rip),%xmm15
+ jmp .Lblake2s_compress_avx512_mainloop
+.align 32
+.Lblake2s_compress_avx512_mainloop:
+ vmovdqa %xmm0,%xmm10
+ vmovdqa %xmm1,%xmm11
+ vpaddq %xmm5,%xmm4,%xmm4
+ vmovdqa %xmm14,%xmm2
+ vpxor %xmm15,%xmm4,%xmm3
+ vmovdqu (%rsi),%ymm6
+ vmovdqu 0x20(%rsi),%ymm7
+ addq $0x40,%rsi
+ leaq SIGMA2(%rip),%rax
+ movb $0xa,%cl
+.Lblake2s_compress_avx512_roundloop:
+ addq $0x40,%rax
+ vmovdqa -0x40(%rax),%ymm8
+ vmovdqa -0x20(%rax),%ymm9
+ vpermi2d %ymm7,%ymm6,%ymm8
+ vpermi2d %ymm7,%ymm6,%ymm9
+ vmovdqa %ymm8,%ymm6
+ vmovdqa %ymm9,%ymm7
+ vpaddd %xmm8,%xmm0,%xmm0
+ vpaddd %xmm1,%xmm0,%xmm0
+ vpxor %xmm0,%xmm3,%xmm3
+ vprord $0x10,%xmm3,%xmm3
+ vpaddd %xmm3,%xmm2,%xmm2
+ vpxor %xmm2,%xmm1,%xmm1
+ vprord $0xc,%xmm1,%xmm1
+ vextracti128 $0x1,%ymm8,%xmm8
+ vpaddd %xmm8,%xmm0,%xmm0
+ vpaddd %xmm1,%xmm0,%xmm0
+ vpxor %xmm0,%xmm3,%xmm3
+ vprord $0x8,%xmm3,%xmm3
+ vpaddd %xmm3,%xmm2,%xmm2
+ vpxor %xmm2,%xmm1,%xmm1
+ vprord $0x7,%xmm1,%xmm1
+ vpshufd $0x93,%xmm0,%xmm0
+ vpshufd $0x4e,%xmm3,%xmm3
+ vpshufd $0x39,%xmm2,%xmm2
+ vpaddd %xmm9,%xmm0,%xmm0
+ vpaddd %xmm1,%xmm0,%xmm0
+ vpxor %xmm0,%xmm3,%xmm3
+ vprord $0x10,%xmm3,%xmm3
+ vpaddd %xmm3,%xmm2,%xmm2
+ vpxor %xmm2,%xmm1,%xmm1
+ vprord $0xc,%xmm1,%xmm1
+ vextracti128 $0x1,%ymm9,%xmm9
+ vpaddd %xmm9,%xmm0,%xmm0
+ vpaddd %xmm1,%xmm0,%xmm0
+ vpxor %xmm0,%xmm3,%xmm3
+ vprord $0x8,%xmm3,%xmm3
+ vpaddd %xmm3,%xmm2,%xmm2
+ vpxor %xmm2,%xmm1,%xmm1
+ vprord $0x7,%xmm1,%xmm1
+ vpshufd $0x39,%xmm0,%xmm0
+ vpshufd $0x4e,%xmm3,%xmm3
+ vpshufd $0x93,%xmm2,%xmm2
+ decb %cl
+ jne .Lblake2s_compress_avx512_roundloop
+ vpxor %xmm10,%xmm0,%xmm0
+ vpxor %xmm11,%xmm1,%xmm1
+ vpxor %xmm2,%xmm0,%xmm0
+ vpxor %xmm3,%xmm1,%xmm1
+ decq %rdx
+ jne .Lblake2s_compress_avx512_mainloop
+ vmovdqu %xmm0,(%rdi)
+ vmovdqu %xmm1,0x10(%rdi)
+ vmovdqu %xmm4,0x20(%rdi)
+ vzeroupper
+ retq
+ENDPROC(blake2s_compress_avx512)
+#endif /* CONFIG_AS_AVX512 */
--- /dev/null
+++ b/arch/x86/crypto/blake2s-glue.c
@@ -0,0 +1,233 @@
+// SPDX-License-Identifier: GPL-2.0 OR MIT
+/*
+ * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ */
+
+#include <crypto/internal/blake2s.h>
+#include <crypto/internal/simd.h>
+#include <crypto/internal/hash.h>
+
+#include <linux/types.h>
+#include <linux/jump_label.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+
+#include <asm/cpufeature.h>
+#include <asm/fpu/api.h>
+#include <asm/processor.h>
+#include <asm/simd.h>
+
+asmlinkage void blake2s_compress_ssse3(struct blake2s_state *state,
+ const u8 *block, const size_t nblocks,
+ const u32 inc);
+asmlinkage void blake2s_compress_avx512(struct blake2s_state *state,
+ const u8 *block, const size_t nblocks,
+ const u32 inc);
+
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(blake2s_use_ssse3);
+static __ro_after_init DEFINE_STATIC_KEY_FALSE(blake2s_use_avx512);
+
+void blake2s_compress_arch(struct blake2s_state *state,
+ const u8 *block, size_t nblocks,
+ const u32 inc)
+{
+ /* SIMD disables preemption, so relax after processing each page. */
+ BUILD_BUG_ON(PAGE_SIZE / BLAKE2S_BLOCK_SIZE < 8);
+
+ if (!static_branch_likely(&blake2s_use_ssse3) || !crypto_simd_usable()) {
+ blake2s_compress_generic(state, block, nblocks, inc);
+ return;
+ }
+
+ for (;;) {
+ const size_t blocks = min_t(size_t, nblocks,
+ PAGE_SIZE / BLAKE2S_BLOCK_SIZE);
+
+ kernel_fpu_begin();
+ if (IS_ENABLED(CONFIG_AS_AVX512) &&
+ static_branch_likely(&blake2s_use_avx512))
+ blake2s_compress_avx512(state, block, blocks, inc);
+ else
+ blake2s_compress_ssse3(state, block, blocks, inc);
+ kernel_fpu_end();
+
+ nblocks -= blocks;
+ if (!nblocks)
+ break;
+ block += blocks * BLAKE2S_BLOCK_SIZE;
+ }
+}
+EXPORT_SYMBOL(blake2s_compress_arch);
+
+static int crypto_blake2s_setkey(struct crypto_shash *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(tfm);
+
+ if (keylen == 0 || keylen > BLAKE2S_KEY_SIZE) {
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+
+ memcpy(tctx->key, key, keylen);
+ tctx->keylen = keylen;
+
+ return 0;
+}
+
+static int crypto_blake2s_init(struct shash_desc *desc)
+{
+ struct blake2s_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm);
+ struct blake2s_state *state = shash_desc_ctx(desc);
+ const int outlen = crypto_shash_digestsize(desc->tfm);
+
+ if (tctx->keylen)
+ blake2s_init_key(state, outlen, tctx->key, tctx->keylen);
+ else
+ blake2s_init(state, outlen);
+
+ return 0;
+}
+
+static int crypto_blake2s_update(struct shash_desc *desc, const u8 *in,
+ unsigned int inlen)
+{
+ struct blake2s_state *state = shash_desc_ctx(desc);
+ const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen;
+
+ if (unlikely(!inlen))
+ return 0;
+ if (inlen > fill) {
+ memcpy(state->buf + state->buflen, in, fill);
+ blake2s_compress_arch(state, state->buf, 1, BLAKE2S_BLOCK_SIZE);
+ state->buflen = 0;
+ in += fill;
+ inlen -= fill;
+ }
+ if (inlen > BLAKE2S_BLOCK_SIZE) {
+ const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_SIZE);
+ /* Hash one less (full) block than strictly possible */
+ blake2s_compress_arch(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
+ in += BLAKE2S_BLOCK_SIZE * (nblocks - 1);
+ inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1);
+ }
+ memcpy(state->buf + state->buflen, in, inlen);
+ state->buflen += inlen;
+
+ return 0;
+}
+
+static int crypto_blake2s_final(struct shash_desc *desc, u8 *out)
+{
+ struct blake2s_state *state = shash_desc_ctx(desc);
+
+ blake2s_set_lastblock(state);
+ memset(state->buf + state->buflen, 0,
+ BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */
+ blake2s_compress_arch(state, state->buf, 1, state->buflen);
+ cpu_to_le32_array(state->h, ARRAY_SIZE(state->h));
+ memcpy(out, state->h, state->outlen);
+ memzero_explicit(state, sizeof(*state));
+
+ return 0;
+}
+
+static struct shash_alg blake2s_algs[] = {{
+ .base.cra_name = "blake2s-128",
+ .base.cra_driver_name = "blake2s-128-x86",
+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx),
+ .base.cra_priority = 200,
+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE,
+ .base.cra_module = THIS_MODULE,
+
+ .digestsize = BLAKE2S_128_HASH_SIZE,
+ .setkey = crypto_blake2s_setkey,
+ .init = crypto_blake2s_init,
+ .update = crypto_blake2s_update,
+ .final = crypto_blake2s_final,
+ .descsize = sizeof(struct blake2s_state),
+}, {
+ .base.cra_name = "blake2s-160",
+ .base.cra_driver_name = "blake2s-160-x86",
+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx),
+ .base.cra_priority = 200,
+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE,
+ .base.cra_module = THIS_MODULE,
+
+ .digestsize = BLAKE2S_160_HASH_SIZE,
+ .setkey = crypto_blake2s_setkey,
+ .init = crypto_blake2s_init,
+ .update = crypto_blake2s_update,
+ .final = crypto_blake2s_final,
+ .descsize = sizeof(struct blake2s_state),
+}, {
+ .base.cra_name = "blake2s-224",
+ .base.cra_driver_name = "blake2s-224-x86",
+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx),
+ .base.cra_priority = 200,
+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE,
+ .base.cra_module = THIS_MODULE,
+
+ .digestsize = BLAKE2S_224_HASH_SIZE,
+ .setkey = crypto_blake2s_setkey,
+ .init = crypto_blake2s_init,
+ .update = crypto_blake2s_update,
+ .final = crypto_blake2s_final,
+ .descsize = sizeof(struct blake2s_state),
+}, {
+ .base.cra_name = "blake2s-256",
+ .base.cra_driver_name = "blake2s-256-x86",
+ .base.cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .base.cra_ctxsize = sizeof(struct blake2s_tfm_ctx),
+ .base.cra_priority = 200,
+ .base.cra_blocksize = BLAKE2S_BLOCK_SIZE,
+ .base.cra_module = THIS_MODULE,
+
+ .digestsize = BLAKE2S_256_HASH_SIZE,
+ .setkey = crypto_blake2s_setkey,
+ .init = crypto_blake2s_init,
+ .update = crypto_blake2s_update,
+ .final = crypto_blake2s_final,
+ .descsize = sizeof(struct blake2s_state),
+}};
+
+static int __init blake2s_mod_init(void)
+{
+ if (!boot_cpu_has(X86_FEATURE_SSSE3))
+ return 0;
+
+ static_branch_enable(&blake2s_use_ssse3);
+
+ if (IS_ENABLED(CONFIG_AS_AVX512) &&
+ boot_cpu_has(X86_FEATURE_AVX) &&
+ boot_cpu_has(X86_FEATURE_AVX2) &&
+ boot_cpu_has(X86_FEATURE_AVX512F) &&
+ boot_cpu_has(X86_FEATURE_AVX512VL) &&
+ cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM |
+ XFEATURE_MASK_AVX512, NULL))
+ static_branch_enable(&blake2s_use_avx512);
+
+ return crypto_register_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs));
+}
+
+static void __exit blake2s_mod_exit(void)
+{
+ if (boot_cpu_has(X86_FEATURE_SSSE3))
+ crypto_unregister_shashes(blake2s_algs, ARRAY_SIZE(blake2s_algs));
+}
+
+module_init(blake2s_mod_init);
+module_exit(blake2s_mod_exit);
+
+MODULE_ALIAS_CRYPTO("blake2s-128");
+MODULE_ALIAS_CRYPTO("blake2s-128-x86");
+MODULE_ALIAS_CRYPTO("blake2s-160");
+MODULE_ALIAS_CRYPTO("blake2s-160-x86");
+MODULE_ALIAS_CRYPTO("blake2s-224");
+MODULE_ALIAS_CRYPTO("blake2s-224-x86");
+MODULE_ALIAS_CRYPTO("blake2s-256");
+MODULE_ALIAS_CRYPTO("blake2s-256-x86");
+MODULE_LICENSE("GPL v2");
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -657,6 +657,12 @@ config CRYPTO_BLAKE2S
See https://blake2.net for further information.
+config CRYPTO_BLAKE2S_X86
+ tristate "BLAKE2s digest algorithm (x86 accelerated version)"
+ depends on X86 && 64BIT
+ select CRYPTO_LIB_BLAKE2S_GENERIC
+ select CRYPTO_ARCH_HAVE_LIB_BLAKE2S
+
config CRYPTO_CRCT10DIF
tristate "CRCT10DIF algorithm"
select CRYPTO_HASH

1849
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0025-crypto-curve25519-generic-C-library-implementations.patch
View File

File diff suppressed because it is too large Load Diff

1268
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0026-crypto-curve25519-add-kpp-selftest.patch
View File

File diff suppressed because it is too large Load Diff

136
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0027-crypto-curve25519-implement-generic-KPP-driver.patch
View File

@@ -1,136 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:34 +0100
Subject: [PATCH] crypto: curve25519 - implement generic KPP driver
commit ee772cb641135739c1530647391d5a04c39db192 upstream.
Expose the generic Curve25519 library via the crypto API KPP interface.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
crypto/Kconfig | 5 +++
crypto/Makefile | 1 +
crypto/curve25519-generic.c | 90 +++++++++++++++++++++++++++++++++++++
3 files changed, 96 insertions(+)
create mode 100644 crypto/curve25519-generic.c
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -264,6 +264,11 @@ config CRYPTO_ECRDSA
standard algorithms (called GOST algorithms). Only signature verification
is implemented.
+config CRYPTO_CURVE25519
+ tristate "Curve25519 algorithm"
+ select CRYPTO_KPP
+ select CRYPTO_LIB_CURVE25519_GENERIC
+
comment "Authenticated Encryption with Associated Data"
config CRYPTO_CCM
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -167,6 +167,7 @@ obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o
obj-$(CONFIG_CRYPTO_OFB) += ofb.o
obj-$(CONFIG_CRYPTO_ECC) += ecc.o
obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o
+obj-$(CONFIG_CRYPTO_CURVE25519) += curve25519-generic.o
ecdh_generic-y += ecdh.o
ecdh_generic-y += ecdh_helper.o
--- /dev/null
+++ b/crypto/curve25519-generic.c
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+#include <crypto/curve25519.h>
+#include <crypto/internal/kpp.h>
+#include <crypto/kpp.h>
+#include <linux/module.h>
+#include <linux/scatterlist.h>
+
+static int curve25519_set_secret(struct crypto_kpp *tfm, const void *buf,
+ unsigned int len)
+{
+ u8 *secret = kpp_tfm_ctx(tfm);
+
+ if (!len)
+ curve25519_generate_secret(secret);
+ else if (len == CURVE25519_KEY_SIZE &&
+ crypto_memneq(buf, curve25519_null_point, CURVE25519_KEY_SIZE))
+ memcpy(secret, buf, CURVE25519_KEY_SIZE);
+ else
+ return -EINVAL;
+ return 0;
+}
+
+static int curve25519_compute_value(struct kpp_request *req)
+{
+ struct crypto_kpp *tfm = crypto_kpp_reqtfm(req);
+ const u8 *secret = kpp_tfm_ctx(tfm);
+ u8 public_key[CURVE25519_KEY_SIZE];
+ u8 buf[CURVE25519_KEY_SIZE];
+ int copied, nbytes;
+ u8 const *bp;
+
+ if (req->src) {
+ copied = sg_copy_to_buffer(req->src,
+ sg_nents_for_len(req->src,
+ CURVE25519_KEY_SIZE),
+ public_key, CURVE25519_KEY_SIZE);
+ if (copied != CURVE25519_KEY_SIZE)
+ return -EINVAL;
+ bp = public_key;
+ } else {
+ bp = curve25519_base_point;
+ }
+
+ curve25519_generic(buf, secret, bp);
+
+ /* might want less than we've got */
+ nbytes = min_t(size_t, CURVE25519_KEY_SIZE, req->dst_len);
+ copied = sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst,
+ nbytes),
+ buf, nbytes);
+ if (copied != nbytes)
+ return -EINVAL;
+ return 0;
+}
+
+static unsigned int curve25519_max_size(struct crypto_kpp *tfm)
+{
+ return CURVE25519_KEY_SIZE;
+}
+
+static struct kpp_alg curve25519_alg = {
+ .base.cra_name = "curve25519",
+ .base.cra_driver_name = "curve25519-generic",
+ .base.cra_priority = 100,
+ .base.cra_module = THIS_MODULE,
+ .base.cra_ctxsize = CURVE25519_KEY_SIZE,
+
+ .set_secret = curve25519_set_secret,
+ .generate_public_key = curve25519_compute_value,
+ .compute_shared_secret = curve25519_compute_value,
+ .max_size = curve25519_max_size,
+};
+
+static int curve25519_init(void)
+{
+ return crypto_register_kpp(&curve25519_alg);
+}
+
+static void curve25519_exit(void)
+{
+ crypto_unregister_kpp(&curve25519_alg);
+}
+
+subsys_initcall(curve25519_init);
+module_exit(curve25519_exit);
+
+MODULE_ALIAS_CRYPTO("curve25519");
+MODULE_ALIAS_CRYPTO("curve25519-generic");
+MODULE_LICENSE("GPL");

75
feeds/ipq40xx/ipq40xx/backport-5.4/080-wireguard-0028-crypto-lib-curve25519-work-around-Clang-stack-spilli.patch
View File

@@ -1,75 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 8 Nov 2019 13:22:35 +0100
Subject: [PATCH] crypto: lib/curve25519 - work around Clang stack spilling
issue
commit 660bb8e1f833ea63185fe80fde847e3e42f18e3b upstream.
Arnd reports that the 32-bit generic library code for Curve25119 ends
up using an excessive amount of stack space when built with Clang:
lib/crypto/curve25519-fiat32.c:756:6: error: stack frame size
of 1384 bytes in function 'curve25519_generic'
[-Werror,-Wframe-larger-than=]
Let's give some hints to the compiler regarding which routines should
not be inlined, to prevent it from running out of registers and spilling
to the stack. The resulting code performs identically under both GCC
and Clang, and makes the warning go away.
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
lib/crypto/curve25519-fiat32.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/lib/crypto/curve25519-fiat32.c
+++ b/lib/crypto/curve25519-fiat32.c
@@ -223,7 +223,7 @@ static __always_inline void fe_1(fe *h)
h->v[0] = 1;
}
-static void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
+static noinline void fe_add_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
{
{ const u32 x20 = in1[9];
{ const u32 x21 = in1[8];
@@ -266,7 +266,7 @@ static __always_inline void fe_add(fe_lo
fe_add_impl(h->v, f->v, g->v);
}
-static void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
+static noinline void fe_sub_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
{
{ const u32 x20 = in1[9];
{ const u32 x21 = in1[8];
@@ -309,7 +309,7 @@ static __always_inline void fe_sub(fe_lo
fe_sub_impl(h->v, f->v, g->v);
}
-static void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
+static noinline void fe_mul_impl(u32 out[10], const u32 in1[10], const u32 in2[10])
{
{ const u32 x20 = in1[9];
{ const u32 x21 = in1[8];
@@ -441,7 +441,7 @@ fe_mul_tll(fe *h, const fe_loose *f, con
fe_mul_impl(h->v, f->v, g->v);
}
-static void fe_sqr_impl(u32 out[10], const u32 in1[10])
+static noinline void fe_sqr_impl(u32 out[10], const u32 in1[10])
{
{ const u32 x17 = in1[9];
{ const u32 x18 = in1[8];
@@ -619,7 +619,7 @@ static __always_inline void fe_invert(fe
*
* Preconditions: b in {0,1}
*/
-static __always_inline void fe_cswap(fe *f, fe *g, unsigned int b)
+static noinline void fe_cswap(fe *f, fe *g, unsigned int b)
{
unsigned i;
b = 0 - b;

Some files were not shown because too many files have changed in this diff Show More