From: Peddolla Harshavardhan Reddy <peddolla.reddy@oss.qualcomm.com>
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org, kavita.kavita@oss.qualcomm.com,
peddolla.reddy@oss.qualcomm.com
Subject: [PATCH wireless-next v5 12/13] wifi: cfg80211: add LTF keyseed support for secure ranging
Date: Mon, 20 Apr 2026 14:38:55 +0530 [thread overview]
Message-ID: <20260420090856.2152905-13-peddolla.reddy@oss.qualcomm.com> (raw)
In-Reply-To: <20260420090856.2152905-1-peddolla.reddy@oss.qualcomm.com>
Currently there is no way to install an LTF key seed that can be
used in non-trigger-based (NTB) and trigger-based (TB) FTM ranging
to protect NDP frames. Without this, drivers cannot enable PHY-layer
security for peer measurement sessions, leaving ranging measurements
vulnerable to eavesdropping and manipulation.
Introduce NL80211_KEY_LTF_SEED attribute and the dedicated extended
feature flag NL80211_EXT_FEATURE_SET_KEY_LTF_SEED to allow drivers
to advertise and install LTF key seeds via nl80211. The key seed
must be configured beforehand to ensure the peer measurement session
is secure. The driver must advertise both NL80211_EXT_FEATURE_SECURE_LTF
and NL80211_EXT_FEATURE_SET_KEY_LTF_SEED for the key seed installation
to be permitted.
The LTF key seed is pairwise key material and must only be used with
pairwise key type. Reject attempts to use it with other key types.
Signed-off-by: Peddolla Harshavardhan Reddy <peddolla.reddy@oss.qualcomm.com>
---
include/linux/ieee80211.h | 1 +
include/net/cfg80211.h | 4 ++++
include/uapi/linux/nl80211.h | 18 ++++++++++++++++++
net/wireless/nl80211.c | 7 +++++++
net/wireless/util.c | 15 +++++++++++++++
5 files changed, 45 insertions(+)
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
index 23f9df9be837..11106589acc6 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
@@ -2236,6 +2236,7 @@ struct ieee80211_multiple_bssid_configuration {
#define WLAN_AKM_SUITE_WFA_DPP SUITE(WLAN_OUI_WFA, 2)
#define WLAN_MAX_KEY_LEN 32
+#define WLAN_MAX_SECURE_LTF_KEYSEED_LEN 48
#define WLAN_PMK_NAME_LEN 16
#define WLAN_PMKID_LEN 16
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 3efa8a124bba..1d5de82ad4c5 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -830,6 +830,8 @@ struct vif_params {
* @seq_len: length of @seq.
* @vlan_id: vlan_id for VLAN group key (if nonzero)
* @mode: key install mode (RX_TX, NO_TX or SET_TX)
+ * @ltf_keyseed: LTF key seed material
+ * @ltf_keyseed_len: length of LTF key seed material
*/
struct key_params {
const u8 *key;
@@ -839,6 +841,8 @@ struct key_params {
u16 vlan_id;
u32 cipher;
enum nl80211_key_mode mode;
+ const u8 *ltf_keyseed;
+ size_t ltf_keyseed_len;
};
/**
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index bbf1447162d8..190bae9efdd9 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -5803,6 +5803,18 @@ enum nl80211_key_default_types {
* @NL80211_KEY_MODE: the mode from enum nl80211_key_mode.
* Defaults to @NL80211_KEY_RX_TX.
* @NL80211_KEY_DEFAULT_BEACON: flag indicating default Beacon frame key
+ * @NL80211_KEY_LTF_SEED: LTF key seed is used by the driver to generate
+ * secure LTF keys used in case of peer measurement request with FTM
+ * request type as either %NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED
+ * or %NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED. Secure LTF key seeds
+ * will help enable PHY security in peer measurement session.
+ * The LTF key seed is installed along with the TK (Temporal Key) using
+ * %NL80211_CMD_NEW_KEY. The TK is configured using the
+ * %NL80211_ATTR_KEY_DATA attribute, while the LTF key seed is configured
+ * using this attribute. Both keys must be configured before initiation
+ * of peer measurement to ensure peer measurement session is secure.
+ * Only valid if %NL80211_EXT_FEATURE_SET_KEY_LTF_SEED is set. This
+ * attribute is restricted to pairwise keys (%NL80211_KEYTYPE_PAIRWISE).
*
* @__NL80211_KEY_AFTER_LAST: internal
* @NL80211_KEY_MAX: highest key attribute
@@ -5819,6 +5831,7 @@ enum nl80211_key_attributes {
NL80211_KEY_DEFAULT_TYPES,
NL80211_KEY_MODE,
NL80211_KEY_DEFAULT_BEACON,
+ NL80211_KEY_LTF_SEED,
/* keep last */
__NL80211_KEY_AFTER_LAST,
@@ -7048,6 +7061,10 @@ enum nl80211_feature_flags {
* forward frames with a matching MAC address to userspace during
* the off-channel period.
*
+ * @NL80211_EXT_FEATURE_SET_KEY_LTF_SEED: Driver supports installing the
+ * LTF key seed via %NL80211_KEY_LTF_SEED. The seed is used to generate
+ * secure LTF keys for secure LTF measurement sessions.
+ *
* @NUM_NL80211_EXT_FEATURES: number of extended features.
* @MAX_NL80211_EXT_FEATURES: highest extended feature index.
*/
@@ -7128,6 +7145,7 @@ enum nl80211_ext_feature_index {
NL80211_EXT_FEATURE_ASSOC_FRAME_ENCRYPTION,
NL80211_EXT_FEATURE_IEEE8021X_AUTH,
NL80211_EXT_FEATURE_ROC_ADDR_FILTER,
+ NL80211_EXT_FEATURE_SET_KEY_LTF_SEED,
/* add new features before the definition below */
NUM_NL80211_EXT_FEATURES,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index feb770fa6a87..9d6810cfb3d6 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -1103,6 +1103,8 @@ static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
+ [NL80211_KEY_LTF_SEED] = { .type = NLA_BINARY,
+ .len = WLAN_MAX_SECURE_LTF_KEYSEED_LEN },
};
/* policy for the key default flags */
@@ -1634,6 +1636,11 @@ static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
if (tb[NL80211_KEY_MODE])
k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
+ if (tb[NL80211_KEY_LTF_SEED]) {
+ k->p.ltf_keyseed = nla_data(tb[NL80211_KEY_LTF_SEED]);
+ k->p.ltf_keyseed_len = nla_len(tb[NL80211_KEY_LTF_SEED]);
+ }
+
return 0;
}
diff --git a/net/wireless/util.c b/net/wireless/util.c
index df407ce9db3d..f5a95405280d 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -424,6 +424,21 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher))
return -EINVAL;
+ if (params->ltf_keyseed) {
+ if (!wiphy_ext_feature_isset(&rdev->wiphy,
+ NL80211_EXT_FEATURE_SECURE_LTF) ||
+ !wiphy_ext_feature_isset(&rdev->wiphy,
+ NL80211_EXT_FEATURE_SET_KEY_LTF_SEED))
+ return -EOPNOTSUPP;
+
+ /*
+ * LTF key seed is pairwise key material and must only be
+ * used with a pairwise key
+ */
+ if (!pairwise)
+ return -EINVAL;
+ }
+
return 0;
}
--
2.34.1
next prev parent reply other threads:[~2026-04-20 9:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-20 9:08 [PATCH wireless-next v5 00/13] wifi: Ranging support enhancements Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 01/13] wifi: cfg80211: restrict LMR feedback check to TB and non-TB ranging Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 02/13] wifi: cfg80211: Add MAC address filter to remain_on_channel Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 03/13] wifi: cfg80211/mac80211: Add NL80211_IFTYPE_PD for PD PASN and PMSR operations Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 04/13] wifi: cfg80211: add start/stop proximity detection commands Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 05/13] wifi: cfg80211: add proximity detection capabilities to PMSR Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 06/13] wifi: cfg80211: add NTB continuous ranging and FTM request type support Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 07/13] wifi: cfg80211: extend PMSR FTM response for proximity ranging Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 08/13] wifi: cfg80211: add role-based peer limits to FTM capabilities Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 09/13] wifi: cfg80211: add ingress/egress distance thresholds for FTM Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 10/13] wifi: cfg80211: add PD-specific preamble and bandwidth capabilities Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` [PATCH wireless-next v5 11/13] wifi: cfg80211: allow suppressing FTM result reporting for PD requests Peddolla Harshavardhan Reddy
2026-04-20 9:08 ` Peddolla Harshavardhan Reddy [this message]
2026-04-20 9:08 ` [PATCH wireless-next v5 13/13] wifi: mac80211_hwsim: Add support for extended FTM ranging Peddolla Harshavardhan Reddy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260420090856.2152905-13-peddolla.reddy@oss.qualcomm.com \
--to=peddolla.reddy@oss.qualcomm.com \
--cc=johannes@sipsolutions.net \
--cc=kavita.kavita@oss.qualcomm.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox