From e8cc866db2d3d551a62c807356c8567bcc0ee6b1 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Wed, 10 Jun 2020 22:41:01 +0200 Subject: [PATCH 1/2] mac80211: rt2800: enable MFP support unconditionally This gives us WPA3 support out of the box without having to manually disable hardware crypto. The driver will fall back to software crypto if the connection requires management frame protection. THis allows us to use WPA3 features (Private-WiFi SAE & OWE) on ramips-mt7620. --- ...0-enable-MFP-support-unconditionally.patch | 62 +++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 patches/openwrt/0012-mac80211-rt2800-enable-MFP-support-unconditionally.patch diff --git a/patches/openwrt/0012-mac80211-rt2800-enable-MFP-support-unconditionally.patch b/patches/openwrt/0012-mac80211-rt2800-enable-MFP-support-unconditionally.patch new file mode 100644 index 00000000..0a8ca213 --- /dev/null +++ b/patches/openwrt/0012-mac80211-rt2800-enable-MFP-support-unconditionally.patch @@ -0,0 +1,62 @@ +From: Rui Salvaterra +Date: Mon, 25 May 2020 14:49:07 +0100 +Subject: mac80211: rt2800: enable MFP support unconditionally + +This gives us WPA3 support out of the box without having to manually disable +hardware crypto. The driver will fall back to software crypto if the connection +requires management frame protection. + +Signed-off-by: Daniel Golle +[apply to openwrt-1907] +Signed-off-by: David Bauer + +diff --git a/package/kernel/mac80211/patches/rt2x00/080-rt2800-enable-MFP-support-unconditionally.patch b/package/kernel/mac80211/patches/rt2x00/080-rt2800-enable-MFP-support-unconditionally.patch +new file mode 100644 +index 0000000000000000000000000000000000000000..1d55b2756c365a13b2315e874809e2397fb35855 +--- /dev/null ++++ b/package/kernel/mac80211/patches/rt2x00/080-rt2800-enable-MFP-support-unconditionally.patch +@@ -0,0 +1,44 @@ ++From b6b15e20421fefae9f78274f9fef80bc97bf5d5c Mon Sep 17 00:00:00 2001 ++From: Rui Salvaterra ++Date: Mon, 25 May 2020 14:49:07 +0100 ++Subject: [PATCH] rt2800: enable MFP support unconditionally ++ ++This gives us WPA3 support out of the box without having to manually disable ++hardware crypto. The driver will fall back to software crypto if the connection ++requires management frame protection. ++ ++Suggested-by: Stanislaw Gruszka ++Signed-off-by: Rui Salvaterra ++Acked-by: Stanislaw Gruszka ++Signed-off-by: Kalle Valo ++Link: https://lore.kernel.org/r/20200525134906.1672-1-rsalvaterra@gmail.com ++--- ++ drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 4 +--- ++ drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 3 ++- ++ 2 files changed, 3 insertions(+), 4 deletions(-) ++ ++--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c +++++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c ++@@ -9985,9 +9985,7 @@ static int rt2800_probe_hw_mode(struct r ++ if (!rt2x00_is_usb(rt2x00dev)) ++ ieee80211_hw_set(rt2x00dev->hw, HOST_BROADCAST_PS_BUFFERING); ++ ++- /* Set MFP if HW crypto is disabled. */ ++- if (rt2800_hwcrypt_disabled(rt2x00dev)) ++- ieee80211_hw_set(rt2x00dev->hw, MFP_CAPABLE); +++ ieee80211_hw_set(rt2x00dev->hw, MFP_CAPABLE); ++ ++ SET_IEEE80211_DEV(rt2x00dev->hw, rt2x00dev->dev); ++ SET_IEEE80211_PERM_ADDR(rt2x00dev->hw, ++--- a/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c +++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00mac.c ++@@ -459,7 +459,8 @@ int rt2x00mac_set_key(struct ieee80211_h ++ if (!test_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags)) ++ return 0; ++ ++- if (!rt2x00_has_cap_hw_crypto(rt2x00dev)) +++ /* The hardware can't do MFP */ +++ if (!rt2x00_has_cap_hw_crypto(rt2x00dev) || (sta && sta->mfp)) ++ return -EOPNOTSUPP; ++ ++ /* From 2611e86438be599f0b7fa74aadc5822525403f0d Mon Sep 17 00:00:00 2001 From: David Bauer Date: Wed, 10 Jun 2020 22:44:58 +0200 Subject: [PATCH 2/2] gluon-core: allow WPA3 features on ramips-mt7620 Backporting the MFP patch allows us to utilize WPA3 features on this target. Tested on TP-Link Archer C20i --- package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua index b4fc708b..213eb150 100644 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua +++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua @@ -66,7 +66,7 @@ end function M.device_supports_wpa3() -- rt2x00 crashes when enabling WPA3 personal / OWE VAP - if M.match('ramips', 'rt305x') or M.match('ramips', 'mt7620') then + if M.match('ramips', 'rt305x') then return false end