wifi: cfg80211: add support for key configuration before association

Currently, cfg80211 does not allow key installation, removal, or modification prior to association in non-AP STA mode. However, Enhanced Privacy Protection Key Exchange (EPPKE) requires encryption keys to be managed before association. Add support to manage keys before association in non-AP STA mode when the NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION feature flag is set. If the flag is not set, reject the encryption keys. Signed-off-by: Kavita Kavita <kavita.kavita@oss.qualcomm.com> Link: https://patch.msgid.link/20260114111900.2196941-4-kavita.kavita@oss.qualcomm.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Kavita Kavita <kavita.kavita@oss.qualcomm.com> 2026-01-14 16:48:54 +0530
committer: Johannes Berg <johannes.berg@intel.com> 2026-01-14 14:34:16 +0100
commit: dc54de8db669793d54f1ec0629659309299eec8d (patch)
tree: efcff8e65e6399d4ec4462a8950c54857c9a81d0 /net/wireless
parent: 9d17a040c15d4b99484f13cf08dd45a9e308beeb (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 8f3a27b7d4fd..df159a5f1816 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1678,7 +1678,9 @@ static int nl80211_key_allowed(struct wireless_dev *wdev)
 		return -ENOLINK;
 	case NL80211_IFTYPE_STATION:
 	case NL80211_IFTYPE_P2P_CLIENT:
-		if (wdev->connected)
+		if (wdev->connected ||
+		    (wiphy_ext_feature_isset(wdev->wiphy,
+					     NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION)))
 			return 0;
 		return -ENOLINK;
 	case NL80211_IFTYPE_NAN:
author	Kavita Kavita <kavita.kavita@oss.qualcomm.com>	2026-01-14 16:48:54 +0530
committer	Johannes Berg <johannes.berg@intel.com>	2026-01-14 14:34:16 +0100
commit	dc54de8db669793d54f1ec0629659309299eec8d (patch)
tree	efcff8e65e6399d4ec4462a8950c54857c9a81d0 /net/wireless
parent	9d17a040c15d4b99484f13cf08dd45a9e308beeb (diff)