wifi: mac80211: set assoc_encrypted for EPP associations

Populate the assoc_encrypted field in cfg80211_rx_assoc_resp_data
for mac80211-based drivers to indicate that the entire (re)association
exchange was encrypted.

When epp_peer is set, mac80211 enforces that unprotected
(Re)Association Request/Response frames are dropped. This ensures that
by the time the (Re)Association Response is processed, the entire
exchange was transmitted encrypted over the air.

Add support to populate assoc_encrypted based on epp_peer flag.

Signed-off-by: Kavita Kavita <kavita.kavita@oss.qualcomm.com>
Link: https://patch.msgid.link/20260504123624.529218-3-kavita.kavita@oss.qualcomm.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 00b4beff0e436637f9b8eaabd887020e8ddd57bf..a1246af09dc591b389aa20463b1a9d6fd65bcc50 100644 (file)
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -6652,6 +6652,7 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
                .type = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_TYPE,
        };
        struct ieee802_11_elems *elems;
+       struct sta_info *sta;
        int ac;
        const u8 *elem_start;
        unsigned int elem_len;
@@ -6847,6 +6848,14 @@ static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
                resp.ap_mld_addr = ap_mld_addr;
        }
 
+       /*
+        * If epp_peer set, unprotected (Re)Association Request/Response frames
+        * are dropped, which ensures that the (re)association exchange is
+        * encrypted over the air.
+        */
+       sta = sta_info_get_bss(sdata, sdata->vif.cfg.ap_addr);
+       resp.assoc_encrypted = sta && sta->sta.epp_peer;
+
        ieee80211_destroy_assoc_data(sdata,
                                     status_code == WLAN_STATUS_SUCCESS ?
                                        ASSOC_SUCCESS :