[PATCH 01/20] common: Add IEEE 802.11bn Security Profile element definitions

Wed Jun 10 06:11:54 PDT 2026

From: Ilan Peer <ilan.peer at intel.com>

Define the Security Profile element ID extension and related field
constants from IEEE Draft P802.11bn/D1.4, 9.4.2.364, along with the
table of predefined security profiles in Table 9-bb14.

Also, add the WLAN_STATUS_REJECTED_INVALID_SECURITY_PROFILE status
code (159).

Signed-off-by: Ilan Peer <ilan.peer at intel.com>
---
 src/common/ieee802_11_defs.h | 59 ++++++++++++++++++++++++++++++
 src/common/wpa_common.c      | 69 ++++++++++++++++++++++++++++++++++++
 src/common/wpa_common.h      | 35 ++++++++++++++++++
 3 files changed, 163 insertions(+)

diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index 7c76b2dfc7..f36b498f5e 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -3375,6 +3375,65 @@ struct ieee80211_uhr_operation {
 #define UHR_OPER_PARAMS_NPCA_MOPLEN_NPCA		0x00400000
 #define UHR_OPER_PARAMS_NPCA_DIS_SUBCH_BITMAP_PRES	0x00800000
 
+/*
+ * The following definitions are based on IEEE Draft P802.11bn/D1.4,
+ * Section 9.4.2.364 (Security Profile element)
+ */
+
+/* See Figure 9-aa71 (Reduced RSN Capabilities field) */
+#define SECURITY_PROFILE_REDUCED_RSN_CAPAB_EXT_KEY_ID	BIT(0)
+#define SECURITY_PROFILE_REDUCED_RSN_CAPAB_OCVC			BIT(1)
+
+/* See Figure 9-aa72 (Security Profile Indication field) */
+#define SECURITY_PROFILE_IND_OCTETS_BITMAP_MASK		0x0F
+#define SECURITY_PROFILE_IND_OCTETS_BITMAP_SHIFT	0
+#define SECURITY_PROFILE_IND_VENDOR_SPECIFIC_MASK	0xF0
+#define SECURITY_PROFILE_IND_VENDOR_SPECIFIC_SHIFT	4
+
+/* See Table 9-bb14 (Security Profile Number Values) */
+enum security_profile_num {
+	SECURITY_PROFILE_EPPKE = 0,
+	SECURITY_PROFILE_EPPKE_SAE = 1,
+	SECURITY_PROFILE_EPPKE_FT_SAE = 2,
+	SECURITY_PROFILE_8021X_5_FRAME_PROT = 3,
+	SECURITY_PROFILE_8021X_FT_3_FRAME_PROT = 4,
+	SECURITY_PROFILE_8021X_23_FRAME_PROT = 5,
+	SECURITY_PROFILE_8021X_FT_22_FRAME_PROT = 6,
+	SECURITY_PROFILE_8021X_12_FRAME_PROT = 7,
+	SECURITY_PROFILE_NONE_18 = 8,
+	SECURITY_PROFILE_SAE_24 = 9,
+	SECURITY_PROFILE_FT_SAE_25 = 10,
+	SECURITY_PROFILE_8021X_5 = 11,
+	SECURITY_PROFILE_8021X_FT_3 = 12,
+	SECURITY_PROFILE_8021X_23 = 13,
+	SECURITY_PROFILE_8021X_FT_22 = 14,
+	SECURITY_PROFILE_8021X_12 = 15,
+	SECURITY_PROFILE_MAX = 15,
+};
+
+/* See Figure 9-aa73 (Vendor Specific Security Profile field) */
+#define SECURITY_PROFILE_VENDOR_SPECIFIC_LEN			4
+
+/* See Figure 9-aa70 (Security Profile element format) */
+struct ieee80211_security_profile_element {
+	u8 reduced_rsn_capab;
+	u8 security_profile_ind;
+
+	/*
+	 * Followed by variable length fields:
+	 * Security Profile Bitmap
+	 * Vendor Specific Security Profile List
+	 * Extended RSN Capabilities
+	 */
+	u8 variable[];
+} STRUCT_PACKED;
+
+/* See Figure 9-aa73 (Vendor Specific Security Profile field format) */
+struct ieee80211_vendor_specific_security_profile {
+	u8 oui[3];
+	u8 oui_type;
+} STRUCT_PACKED;
+
 #ifdef _MSC_VER
 #pragma pack(pop)
 #endif /* _MSC_VER */
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index e759ac4e52..506a78e1f7 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -4802,3 +4802,72 @@ void wpa_add_supported_groups(struct wpabuf *buf, const int *groups)
 	for (i = 0; i < count; i++)
 		wpabuf_put_le16(buf, groups[i]);
 }
+
+
+/*
+ * Global table of security profiles defined in Draft P802.11bn/D1.4,
+ * Table 9-bb14 (Security Profile Number Values).
+ */
+#define SEC_PROF(_num, _akm, _akm2, _cipher, _mfp, _dot1x, _enc_priv, _kek) \
+	[_num] = {							      \
+		.number = _num,						      \
+		.akm = _akm,						      \
+		.akm2 = _akm2,						      \
+		.pairwise_cipher = _cipher,				      \
+		.mfp = _mfp,						      \
+		.dot1x_in_auth_frame = _dot1x,				      \
+		.assoc_frame_enc_and_pmksa_privacy = _enc_priv,		      \
+		.kek_in_pasn = _kek,					      \
+	}
+
+const struct ieee80211_security_profile
+g_security_profiles[SECURITY_PROFILE_MAX + 1] = {
+	SEC_PROF(SECURITY_PROFILE_EPPKE,
+		 WPA_KEY_MGMT_EPPKE, 0, WPA_CIPHER_GCMP_256,
+		 true, false, true, true),
+	SEC_PROF(SECURITY_PROFILE_EPPKE_SAE,
+		 WPA_KEY_MGMT_EPPKE, WPA_KEY_MGMT_SAE_EXT_KEY,
+		 WPA_CIPHER_GCMP_256, true, false, true, true),
+	SEC_PROF(SECURITY_PROFILE_EPPKE_FT_SAE,
+		 WPA_KEY_MGMT_EPPKE, WPA_KEY_MGMT_FT_SAE_EXT_KEY,
+		 WPA_CIPHER_GCMP_256, true, false, true, true),
+	SEC_PROF(SECURITY_PROFILE_8021X_5_FRAME_PROT,
+		 WPA_KEY_MGMT_IEEE8021X_SHA256, 0, WPA_CIPHER_GCMP_256,
+		 true, true, true, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_FT_3_FRAME_PROT,
+		 WPA_KEY_MGMT_FT_IEEE8021X, 0, WPA_CIPHER_GCMP_256,
+		 true, true, true, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_23_FRAME_PROT,
+		 WPA_KEY_MGMT_IEEE8021X_SHA384, 0, WPA_CIPHER_GCMP_256,
+		 true, true, true, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_FT_22_FRAME_PROT,
+		 WPA_KEY_MGMT_FT_IEEE8021X_SHA384, 0, WPA_CIPHER_GCMP_256,
+		 true, true, true, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_12_FRAME_PROT,
+		 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192, 0, WPA_CIPHER_GCMP_256,
+		 true, true, true, false),
+	SEC_PROF(SECURITY_PROFILE_NONE_18,
+		 WPA_KEY_MGMT_OWE, 0, WPA_CIPHER_GCMP_256,
+		 true, false, false, false),
+	SEC_PROF(SECURITY_PROFILE_SAE_24,
+		 WPA_KEY_MGMT_SAE_EXT_KEY, 0, WPA_CIPHER_GCMP_256,
+		 true, false, false, false),
+	SEC_PROF(SECURITY_PROFILE_FT_SAE_25,
+		 WPA_KEY_MGMT_FT_SAE_EXT_KEY, 0, WPA_CIPHER_GCMP_256,
+		 true, false, false, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_5,
+		 WPA_KEY_MGMT_IEEE8021X_SHA256, 0, WPA_CIPHER_GCMP_256,
+		 true, false, false, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_FT_3,
+		 WPA_KEY_MGMT_FT_IEEE8021X, 0, WPA_CIPHER_GCMP_256,
+		 true, false, false, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_23,
+		 WPA_KEY_MGMT_IEEE8021X_SHA384, 0, WPA_CIPHER_GCMP_256,
+		 true, false, false, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_FT_22,
+		 WPA_KEY_MGMT_FT_IEEE8021X_SHA384, 0, WPA_CIPHER_GCMP_256,
+		 true, false, false, false),
+	SEC_PROF(SECURITY_PROFILE_8021X_12,
+		 WPA_KEY_MGMT_IEEE8021X_SUITE_B_192, 0, WPA_CIPHER_GCMP_256,
+		 true, false, false, false),
+};
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 98a1c7213a..268819db46 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -10,6 +10,7 @@
 #define WPA_COMMON_H
 
 #include "common/defs.h"
+#include "ieee802_11_defs.h"
 
 /* IEEE 802.11i */
 #define PMKID_LEN 16
@@ -854,4 +855,38 @@ int wpa_auth_802_1x_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const u8 *spa,
 			       size_t kdk_len);
 void wpa_add_supported_groups(struct wpabuf *buf, const int *groups);
 
+/**
+ * struct ieee80211_security_profile - IEEE 802.11bn Security Profile
+ *
+ * Represents a security profile as described in Table 9-bb14
+ * (Security Profile Number Values) in Draft P802.11bn/D1.4.
+ * Each profile specifies an atomic set of AKM, pairwise
+ * cipher and security capabilities supported by an AP (or AP MLD).
+ *
+ * @number: Security profile number (See SECURITY_PROFILE_*).
+ * @akm: Primary AKM (See WPA_KEY_MGMT_*).
+ * @akm2: Secondary AKM for combined profiles such as EPPKE+SAE
+ *	(See WPA_KEY_MGMT_* bit), or 0 if not applicable.
+ * @pairwise_cipher: Pairwise cipher (See WPA_CIPHER_*).
+ * @mfp: MFP (MFPR and MFPC) value in the RSN Capabilities field.
+ * @dot1x_in_auth_frame: IEEE 802.1X Authentication Utilizing Authentication
+ *	Frame Support.
+ * @assoc_frame_enc_and_pmksa_privacy: (Re)Association Frame Encryption Support
+ *	and PMKSA Caching Privacy Support.
+ * @kek_in_pasn: KEK In PASN.
+ */
+struct ieee80211_security_profile {
+	u8 number;
+	u32 akm;
+	u32 akm2;
+	u32 pairwise_cipher;
+	bool mfp;
+	bool dot1x_in_auth_frame;
+	bool assoc_frame_enc_and_pmksa_privacy;
+	bool kek_in_pasn;
+};
+
+extern const struct ieee80211_security_profile
+	g_security_profiles[SECURITY_PROFILE_MAX + 1];
+
 #endif /* WPA_COMMON_H */
-- 
2.53.0


