wifi: cfg80211: add support for key configuration before association

Currently, cfg80211 does not allow key installation, removal, or
modification prior to association in non-AP STA mode. However,
Enhanced Privacy Protection Key Exchange (EPPKE) requires encryption
keys to be managed before association.

Add support to manage keys before association in non-AP STA mode when
the NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION feature flag is set.
If the flag is not set, reject the encryption keys.

Signed-off-by: Kavita Kavita <kavita.kavita@oss.qualcomm.com>
Link: https://patch.msgid.link/20260114111900.2196941-4-kavita.kavita@oss.qualcomm.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 8f3a27b7d4fdd20e779778f3916eca8301cb9b39..df159a5f1816a4692fec6c17e820b77ad55b30ed 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1678,7 +1678,9 @@ static int nl80211_key_allowed(struct wireless_dev *wdev)
                return -ENOLINK;
        case NL80211_IFTYPE_STATION:
        case NL80211_IFTYPE_P2P_CLIENT:
-               if (wdev->connected)
+               if (wdev->connected ||
+                   (wiphy_ext_feature_isset(wdev->wiphy,
+                                            NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION)))
                        return 0;
                return -ENOLINK;
        case NL80211_IFTYPE_NAN: