1 /* 2 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved. 3 * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for 6 * any purpose with or without fee is hereby granted, provided that the 7 * above copyright notice and this permission notice appear in all 8 * copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /** 21 * DOC: Public APIs for crypto service 22 */ 23 24 #include <qdf_types.h> 25 #include <wlan_cmn.h> 26 #include <wlan_objmgr_cmn.h> 27 #include <wlan_objmgr_global_obj.h> 28 #include <wlan_objmgr_psoc_obj.h> 29 #include <wlan_objmgr_pdev_obj.h> 30 #include <wlan_objmgr_vdev_obj.h> 31 #include <wlan_objmgr_peer_obj.h> 32 #include <wlan_utility.h> 33 #include <wlan_cp_stats_utils_api.h> 34 35 #include "wlan_crypto_global_def.h" 36 #include "wlan_crypto_global_api.h" 37 #include "wlan_crypto_def_i.h" 38 #include "wlan_crypto_param_handling_i.h" 39 #include "wlan_crypto_obj_mgr_i.h" 40 #include "wlan_crypto_main.h" 41 #include <qdf_module.h> 42 43 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 44 45 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 46 WLAN_CRYPTO_ADDSELECTOR(frm,\ 47 wlan_crypto_wpa_cipher_to_suite(cipher)) 48 49 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 50 WLAN_CRYPTO_ADDSELECTOR(frm,\ 51 wlan_crypto_rsn_cipher_to_suite(cipher)) 52 53 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 54 WLAN_CRYPTO_ADDSELECTOR(frm,\ 55 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 56 57 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 58 WLAN_CRYPTO_ADDSELECTOR(frm,\ 59 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 60 61 bool is_valid_keyix(uint16_t keyix) 62 { 63 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 64 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 65 return 0; 66 else 67 return 1; 68 } 69 70 bool is_igtk(uint16_t keyix) 71 { 72 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 73 return 0; 74 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 75 return 0; 76 else 77 return 1; 78 } 79 80 bool is_bigtk(uint16_t keyix) 81 { 82 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 83 return 0; 84 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 85 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 86 return 0; 87 else 88 return 1; 89 } 90 91 bool is_gtk(uint16_t keyix) 92 { 93 if (keyix == 1 || keyix == 2) 94 return 1; 95 else 96 return 0; 97 } 98 99 /** 100 * wlan_crypto_vdev_get_comp_params() - called by mlme to get crypto params 101 * @vdev: vdev 102 * @crypto_priv: location to store pointer to the crypto private data 103 * 104 * This function gets called by mlme to get crypto params 105 * 106 * Return: wlan_crypto_params or NULL in case of failure 107 */ 108 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 109 struct wlan_objmgr_vdev *vdev, 110 struct wlan_crypto_comp_priv **crypto_priv) 111 { 112 *crypto_priv = (struct wlan_crypto_comp_priv *) 113 wlan_get_vdev_crypto_obj(vdev); 114 if (!(*crypto_priv)) { 115 crypto_err("crypto_priv NULL"); 116 return NULL; 117 } 118 119 return &((*crypto_priv)->crypto_params); 120 } 121 122 /** 123 * wlan_crypto_peer_get_comp_params() - called by mlme to get crypto params 124 * @peer: peer 125 * @crypto_priv: location to store pointer to the crypto private data 126 * 127 * This function gets called by mlme to get crypto params 128 * 129 * Return: wlan_crypto_params or NULL in case of failure 130 */ 131 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 132 struct wlan_objmgr_peer *peer, 133 struct wlan_crypto_comp_priv **crypto_priv) 134 { 135 136 *crypto_priv = (struct wlan_crypto_comp_priv *) 137 wlan_get_peer_crypto_obj(peer); 138 if (!*crypto_priv) { 139 crypto_err("crypto_priv NULL"); 140 return NULL; 141 } 142 143 return &((*crypto_priv)->crypto_params); 144 } 145 146 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 147 { 148 return QDF_STATUS_SUCCESS; 149 } 150 151 /** 152 * wlan_crypto_set_param() - called by ucfg to set crypto param 153 * @crypto_params: crypto_params 154 * @param: param to be set. 155 * @value: value 156 * 157 * This function gets called from ucfg to set param 158 * 159 * Return: QDF_STATUS_SUCCESS - in case of success 160 */ 161 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 162 wlan_crypto_param_type param, 163 uint32_t value) 164 { 165 QDF_STATUS status = QDF_STATUS_E_INVAL; 166 167 crypto_debug("param %d, value %d", param, value); 168 switch (param) { 169 case WLAN_CRYPTO_PARAM_AUTH_MODE: 170 status = wlan_crypto_set_authmode(crypto_params, value); 171 break; 172 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 173 status = wlan_crypto_set_ucastciphers(crypto_params, value); 174 break; 175 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 176 status = wlan_crypto_set_mcastcipher(crypto_params, value); 177 break; 178 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 179 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 180 break; 181 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 182 status = wlan_crypto_set_cipher_cap(crypto_params, value); 183 break; 184 case WLAN_CRYPTO_PARAM_RSN_CAP: 185 status = wlan_crypto_set_rsn_cap(crypto_params, value); 186 break; 187 case WLAN_CRYPTO_PARAM_RSNX_CAP: 188 status = wlan_crypto_set_rsnx_cap(crypto_params, value); 189 break; 190 case WLAN_CRYPTO_PARAM_KEY_MGMT: 191 status = wlan_crypto_set_key_mgmt(crypto_params, value); 192 break; 193 default: 194 status = QDF_STATUS_E_INVAL; 195 } 196 return status; 197 } 198 199 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 200 wlan_crypto_param_type param, 201 uint32_t value) 202 { 203 QDF_STATUS status = QDF_STATUS_E_INVAL; 204 struct wlan_crypto_comp_priv *crypto_priv; 205 struct wlan_crypto_params *crypto_params; 206 207 crypto_priv = (struct wlan_crypto_comp_priv *) 208 wlan_get_vdev_crypto_obj(vdev); 209 210 if (!crypto_priv) { 211 crypto_err("crypto_priv NULL"); 212 return QDF_STATUS_E_INVAL; 213 } 214 215 crypto_params = &(crypto_priv->crypto_params); 216 217 status = wlan_crypto_set_param(crypto_params, param, value); 218 219 return status; 220 } 221 222 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 223 wlan_crypto_param_type param, 224 uint32_t value) 225 { 226 QDF_STATUS status = QDF_STATUS_E_INVAL; 227 struct wlan_crypto_comp_priv *crypto_priv; 228 struct wlan_crypto_params *crypto_params; 229 230 crypto_params = wlan_crypto_peer_get_comp_params(peer, 231 &crypto_priv); 232 233 if (!crypto_priv) { 234 crypto_err("crypto_priv NULL"); 235 return QDF_STATUS_E_INVAL; 236 } 237 238 crypto_params = &(crypto_priv->crypto_params); 239 240 status = wlan_crypto_set_param(crypto_params, param, value); 241 242 return status; 243 } 244 245 /** 246 * wlan_crypto_get_param_value() - called by crypto APIs to get value for param 247 * @param: Crypto param type 248 * @crypto_params: Crypto params struct 249 * 250 * This function gets called from in-within crypto layer 251 * 252 * Return: value or -1 for failure 253 */ 254 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 255 struct wlan_crypto_params *crypto_params) 256 { 257 int32_t value; 258 259 switch (param) { 260 case WLAN_CRYPTO_PARAM_AUTH_MODE: 261 value = wlan_crypto_get_authmode(crypto_params); 262 break; 263 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 264 value = wlan_crypto_get_ucastciphers(crypto_params); 265 break; 266 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 267 value = wlan_crypto_get_mcastcipher(crypto_params); 268 break; 269 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 270 value = wlan_crypto_get_mgmtciphers(crypto_params); 271 break; 272 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 273 value = wlan_crypto_get_cipher_cap(crypto_params); 274 break; 275 case WLAN_CRYPTO_PARAM_RSN_CAP: 276 value = wlan_crypto_get_rsn_cap(crypto_params); 277 break; 278 case WLAN_CRYPTO_PARAM_KEY_MGMT: 279 value = wlan_crypto_get_key_mgmt(crypto_params); 280 break; 281 default: 282 value = -1; 283 } 284 285 return value; 286 } 287 288 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 289 wlan_crypto_param_type param) 290 { 291 int32_t value = -1; 292 struct wlan_crypto_comp_priv *crypto_priv; 293 struct wlan_crypto_params *crypto_params; 294 crypto_priv = (struct wlan_crypto_comp_priv *) 295 wlan_get_vdev_crypto_obj(vdev); 296 297 if (!crypto_priv) { 298 crypto_err("crypto_priv NULL"); 299 return value; 300 } 301 302 crypto_params = &(crypto_priv->crypto_params); 303 value = wlan_crypto_get_param_value(param, crypto_params); 304 305 return value; 306 } 307 308 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 309 wlan_crypto_param_type param) 310 { 311 int32_t value = -1; 312 struct wlan_crypto_comp_priv *crypto_priv; 313 struct wlan_crypto_params *crypto_params; 314 315 crypto_params = wlan_crypto_peer_get_comp_params(peer, 316 &crypto_priv); 317 318 if (!crypto_params) { 319 crypto_err("crypto_params NULL"); 320 return value; 321 } 322 value = wlan_crypto_get_param_value(param, crypto_params); 323 324 return value; 325 } 326 qdf_export_symbol(wlan_crypto_get_peer_param); 327 328 static 329 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 330 struct wlan_crypto_pmksa *pmksa); 331 332 static 333 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 334 struct wlan_crypto_pmksa *pmksa) 335 { 336 uint8_t i, first_available_slot = 0; 337 bool slot_found = false; 338 339 /* Delete the old entry and then Add new entry */ 340 wlan_crypto_del_pmksa(crypto_params, pmksa); 341 342 /* find the empty slot as duplicate is already deleted */ 343 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 344 if (!crypto_params->pmksa[i]) { 345 slot_found = true; 346 first_available_slot = i; 347 break; 348 } 349 } 350 351 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 352 crypto_err("no entry available for pmksa"); 353 return QDF_STATUS_E_INVAL; 354 } 355 crypto_params->pmksa[first_available_slot] = pmksa; 356 crypto_debug("PMKSA: Added the PMKSA entry at index=%d", 357 first_available_slot); 358 359 return QDF_STATUS_SUCCESS; 360 } 361 362 static 363 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 364 struct wlan_crypto_pmksa *pmksa) 365 { 366 uint8_t i, j, valid_entries_in_table = 0; 367 bool match_found = false; 368 u8 del_pmk[MAX_PMK_LEN] = {0}; 369 370 /* find slot with same bssid */ 371 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 372 if (!crypto_params->pmksa[i]) 373 continue; 374 375 valid_entries_in_table++; 376 377 if (!pmksa->ssid_len && 378 !qdf_is_macaddr_zero(&pmksa->bssid) && 379 qdf_is_macaddr_equal(&pmksa->bssid, 380 &crypto_params->pmksa[i]->bssid)) { 381 match_found = true; 382 } else if (pmksa->ssid_len && 383 !qdf_mem_cmp(pmksa->ssid, 384 crypto_params->pmksa[i]->ssid, 385 pmksa->ssid_len) && 386 !qdf_mem_cmp(pmksa->cache_id, 387 crypto_params->pmksa[i]->cache_id, 388 WLAN_CACHE_ID_LEN)) { 389 match_found = true; 390 } 391 392 if (match_found) { 393 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 394 crypto_params->pmksa[i]->pmk_len); 395 /* Free matching entry */ 396 qdf_mem_zero(crypto_params->pmksa[i], 397 sizeof(struct wlan_crypto_pmksa)); 398 qdf_mem_free(crypto_params->pmksa[i]); 399 crypto_params->pmksa[i] = NULL; 400 crypto_debug("PMKSA: Deleted PMKSA entry at index=%d", 401 i); 402 403 /* Find and remove the entries matching the pmk */ 404 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 405 if (!crypto_params->pmksa[j]) 406 continue; 407 if (crypto_params->pmksa[j]->pmk_len && 408 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 409 del_pmk, 410 crypto_params->pmksa[j]->pmk_len))) { 411 qdf_mem_zero(crypto_params->pmksa[j], 412 sizeof(struct wlan_crypto_pmksa)); 413 qdf_mem_free(crypto_params->pmksa[j]); 414 crypto_params->pmksa[j] = NULL; 415 crypto_debug("PMKSA: Deleted PMKSA at idx=%d", 416 j); 417 } 418 } 419 /* reset stored pmk */ 420 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 421 422 return QDF_STATUS_SUCCESS; 423 } 424 } 425 426 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 427 crypto_debug("No such pmksa entry exists: valid entries:%d", 428 valid_entries_in_table); 429 430 return QDF_STATUS_SUCCESS; 431 } 432 433 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 434 { 435 uint8_t i; 436 437 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 438 if (!crypto_params->pmksa[i]) 439 continue; 440 qdf_mem_zero(crypto_params->pmksa[i], 441 sizeof(struct wlan_crypto_pmksa)); 442 qdf_mem_free(crypto_params->pmksa[i]); 443 crypto_params->pmksa[i] = NULL; 444 } 445 446 crypto_debug("Flushed the pmksa table"); 447 448 return QDF_STATUS_SUCCESS; 449 } 450 451 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 452 struct wlan_crypto_pmksa *pmksa, 453 bool set) 454 { 455 QDF_STATUS status = QDF_STATUS_E_INVAL; 456 struct wlan_crypto_comp_priv *crypto_priv; 457 struct wlan_crypto_params *crypto_params; 458 struct wlan_crypto_pmksa *pmkid_cache = NULL; 459 enum QDF_OPMODE op_mode; 460 461 op_mode = wlan_vdev_mlme_get_opmode(vdev); 462 463 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 464 return QDF_STATUS_E_NOSUPPORT; 465 466 if (!pmksa && set) { 467 crypto_err("pmksa is NULL for set operation"); 468 return QDF_STATUS_E_INVAL; 469 } 470 crypto_priv = (struct wlan_crypto_comp_priv *) 471 wlan_get_vdev_crypto_obj(vdev); 472 473 if (!crypto_priv) { 474 crypto_err("crypto_priv NULL"); 475 return QDF_STATUS_E_INVAL; 476 } 477 478 crypto_params = &crypto_priv->crypto_params; 479 if (set) { 480 pmkid_cache = wlan_crypto_get_pmksa(vdev, &pmksa->bssid); 481 if (pmkid_cache && (pmksa->pmk_len && 482 pmksa->pmk_len == pmkid_cache->pmk_len && 483 !qdf_mem_cmp(pmkid_cache->pmk, pmksa->pmk, 484 pmksa->pmk_len))) { 485 crypto_debug("PMKSA entry found with same PMK"); 486 pmkid_cache = NULL; 487 return QDF_STATUS_E_EXISTS; 488 } 489 490 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 491 /* Set pmksa */ 492 } else { 493 /* del pmksa */ 494 if (!pmksa) 495 status = wlan_crypto_pmksa_flush(crypto_params); 496 else 497 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 498 } 499 500 return status; 501 } 502 503 QDF_STATUS wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev *vdev, 504 struct wlan_crypto_pmksa *pmksa) 505 { 506 QDF_STATUS status = QDF_STATUS_E_INVAL; 507 struct wlan_crypto_pmksa *cached_pmksa; 508 struct wlan_crypto_comp_priv *crypto_priv; 509 struct wlan_crypto_params *crypto_params; 510 uint8_t mdie_present, i; 511 uint16_t mobility_domain; 512 513 if (!pmksa) { 514 crypto_err("pmksa is NULL for set operation"); 515 return status; 516 } 517 518 crypto_priv = (struct wlan_crypto_comp_priv *) 519 wlan_get_vdev_crypto_obj(vdev); 520 if (!crypto_priv) { 521 crypto_err("crypto_priv NULL"); 522 return status; 523 } 524 525 crypto_params = &crypto_priv->crypto_params; 526 527 if (pmksa->mdid.mdie_present) { 528 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 529 if (!crypto_params->pmksa[i]) 530 continue; 531 cached_pmksa = crypto_params->pmksa[i]; 532 mdie_present = cached_pmksa->mdid.mdie_present; 533 mobility_domain = cached_pmksa->mdid.mobility_domain; 534 535 /* In FT connection when STA connects to AP1 then PMK1 536 * gets cached. And if STA disconnects from AP1 and 537 * connects to AP2 then PMK2 gets cached. This will 538 * result in having multiple PMK cache entries for the 539 * same MDID. So delete the old/stale PMK cache entries 540 * for the same mobility domain as of the newly added 541 * entry. And Update the MDID for the matching BSSID or 542 * SSID PMKSA entry. 543 */ 544 if (qdf_is_macaddr_equal 545 (&cached_pmksa->bssid, &pmksa->bssid)) { 546 cached_pmksa->mdid.mdie_present = 1; 547 cached_pmksa->mdid.mobility_domain = 548 pmksa->mdid.mobility_domain; 549 crypto_debug("Updated the MDID at index=%d", i); 550 status = QDF_STATUS_SUCCESS; 551 } else if (pmksa->ssid_len && 552 !qdf_mem_cmp(pmksa->ssid, 553 cached_pmksa->ssid, 554 pmksa->ssid_len) && 555 !qdf_mem_cmp(pmksa->cache_id, 556 cached_pmksa->cache_id, 557 WLAN_CACHE_ID_LEN)) { 558 cached_pmksa->mdid.mdie_present = 1; 559 cached_pmksa->mdid.mobility_domain = 560 pmksa->mdid.mobility_domain; 561 crypto_debug("Updated the MDID at index=%d", i); 562 status = QDF_STATUS_SUCCESS; 563 } else if (mdie_present && 564 (pmksa->mdid.mobility_domain == 565 mobility_domain)) { 566 qdf_mem_zero(crypto_params->pmksa[i], 567 sizeof(struct wlan_crypto_pmksa)); 568 qdf_mem_free(crypto_params->pmksa[i]); 569 crypto_params->pmksa[i] = NULL; 570 crypto_debug("Deleted PMKSA at index=%d", i); 571 status = QDF_STATUS_SUCCESS; 572 } 573 } 574 } 575 return status; 576 } 577 578 struct wlan_crypto_pmksa * 579 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 580 struct wlan_crypto_pmksa *pmksa) 581 { 582 struct wlan_crypto_comp_priv *crypto_priv; 583 struct wlan_crypto_params *crypto_params; 584 uint8_t i; 585 586 if (!pmksa) { 587 crypto_err("pmksa is NULL"); 588 return NULL; 589 } 590 crypto_priv = (struct wlan_crypto_comp_priv *) 591 wlan_get_vdev_crypto_obj(vdev); 592 593 if (!crypto_priv) { 594 crypto_err("crypto_priv NULL"); 595 return NULL; 596 } 597 598 crypto_params = &crypto_priv->crypto_params; 599 600 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 601 if (!crypto_params->pmksa[i]) 602 continue; 603 604 if (pmksa->ssid_len && 605 !qdf_mem_cmp(pmksa->ssid, 606 crypto_params->pmksa[i]->ssid, 607 pmksa->ssid_len) && 608 !qdf_mem_cmp(pmksa->cache_id, 609 crypto_params->pmksa[i]->cache_id, 610 WLAN_CACHE_ID_LEN)) { 611 return crypto_params->pmksa[i]; 612 } else if (!pmksa->ssid_len && 613 !qdf_is_macaddr_zero(&pmksa->bssid) && 614 qdf_is_macaddr_equal(&pmksa->bssid, 615 &crypto_params->pmksa[i]->bssid)) { 616 return crypto_params->pmksa[i]; 617 } 618 } 619 620 return NULL; 621 } 622 623 struct wlan_crypto_pmksa * 624 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 625 { 626 struct wlan_crypto_comp_priv *crypto_priv; 627 struct wlan_crypto_params *crypto_params; 628 uint8_t i; 629 630 if (!bssid) { 631 crypto_err("bssid is NULL"); 632 return NULL; 633 } 634 crypto_priv = (struct wlan_crypto_comp_priv *) 635 wlan_get_vdev_crypto_obj(vdev); 636 637 if (!crypto_priv) { 638 crypto_err("crypto_priv NULL"); 639 return NULL; 640 } 641 642 crypto_params = &crypto_priv->crypto_params; 643 644 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 645 if (!crypto_params->pmksa[i]) 646 continue; 647 if (qdf_is_macaddr_equal(bssid, 648 &crypto_params->pmksa[i]->bssid)) { 649 crypto_debug("PMKSA: Entry found at index %d", i); 650 return crypto_params->pmksa[i]; 651 } 652 } 653 654 return NULL; 655 } 656 657 struct wlan_crypto_pmksa * 658 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev, 659 uint8_t *cache_id, uint8_t *ssid, 660 uint8_t ssid_len) 661 { 662 struct wlan_crypto_comp_priv *crypto_priv; 663 struct wlan_crypto_params *crypto_params; 664 uint8_t i; 665 666 crypto_priv = (struct wlan_crypto_comp_priv *) 667 wlan_get_vdev_crypto_obj(vdev); 668 669 if (!crypto_priv) { 670 crypto_err("crypto_priv NULL"); 671 return NULL; 672 } 673 674 crypto_params = &crypto_priv->crypto_params; 675 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 676 if (!crypto_params->pmksa[i]) 677 continue; 678 679 if (!qdf_mem_cmp(cache_id, 680 crypto_params->pmksa[i]->cache_id, 681 WLAN_CACHE_ID_LEN) && 682 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid, 683 ssid_len) && 684 ssid_len == crypto_params->pmksa[i]->ssid_len) 685 return crypto_params->pmksa[i]; 686 } 687 688 return NULL; 689 } 690 691 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 692 struct wlan_objmgr_peer *peer) 693 { 694 int32_t ucast_cipher; 695 696 if (!(vdev || peer)) { 697 crypto_err("Invalid params"); 698 return 0; 699 } 700 701 if (vdev) 702 ucast_cipher = wlan_crypto_get_param(vdev, 703 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 704 else 705 ucast_cipher = wlan_crypto_get_peer_param(peer, 706 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 707 708 if (ucast_cipher == -1) { 709 crypto_err("Invalid params"); 710 return 0; 711 } 712 713 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 714 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 715 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 716 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 717 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 718 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 719 } 720 qdf_export_symbol(wlan_crypto_is_htallowed); 721 722 /** 723 * wlan_crypto_store_def_keyix - store default keyix 724 * @vdev: vdev 725 * @object: Peer object 726 * @arg: Argument passed by caller 727 * 728 * This function gets called from wlan_crypto_setkey 729 * 730 * Return: None 731 */ 732 static void wlan_crypto_store_def_keyix(struct wlan_objmgr_vdev *vdev, 733 void *object, void *arg) 734 { 735 struct wlan_objmgr_peer *peer = object; 736 struct wlan_crypto_comp_priv *crypto_priv; 737 struct wlan_crypto_params *crypto_params; 738 739 uint16_t kid = *(uint16_t *)arg; 740 741 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 742 if (!crypto_priv) { 743 crypto_err("crypto_priv NULL"); 744 return; 745 } 746 crypto_priv->crypto_key.def_tx_keyid = kid; 747 } 748 749 /** 750 * wlan_crypto_setkey - called by ucfg to setkey 751 * @vdev: vdev 752 * @req_key: req_key with cipher type, key macaddress 753 * 754 * This function gets called from ucfg to sey key 755 * 756 * Return: QDF_STATUS_SUCCESS - in case of success 757 */ 758 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 759 struct wlan_crypto_req_key *req_key) 760 { 761 QDF_STATUS status = QDF_STATUS_E_INVAL; 762 struct wlan_crypto_comp_priv *crypto_priv; 763 struct wlan_crypto_params *crypto_params; 764 struct wlan_objmgr_psoc *psoc; 765 struct wlan_objmgr_peer *peer = NULL; 766 struct wlan_crypto_key *key = NULL; 767 struct wlan_crypto_keys *priv_key = NULL; 768 const struct wlan_crypto_cipher *cipher; 769 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 770 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 771 bool isbcast; 772 enum QDF_OPMODE vdev_mode; 773 uint8_t igtk_idx = 0; 774 uint8_t bigtk_idx = 0; 775 struct wlan_lmac_if_tx_ops *tx_ops; 776 777 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 778 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 779 return QDF_STATUS_E_INVAL; 780 } 781 782 isbcast = qdf_is_macaddr_group( 783 (struct qdf_mac_addr *)req_key->macaddr); 784 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 785 /* zero length keys, only set default key id if flags are set*/ 786 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 787 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 788 && (!IS_MGMT_CIPHER(req_key->type))) { 789 wlan_crypto_default_key(vdev, 790 req_key->macaddr, 791 req_key->keyix, 792 !isbcast); 793 return QDF_STATUS_SUCCESS; 794 } 795 crypto_err("req_key len zero"); 796 return QDF_STATUS_CRYPTO_INVALID_KEYLEN; 797 } 798 799 cipher = wlan_crypto_cipher_ops[req_key->type]; 800 801 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 802 crypto_err("cipher invalid"); 803 return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE; 804 } 805 806 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 807 (!IS_MGMT_CIPHER(req_key->type)) && 808 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 809 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 810 crypto_err("cipher invalid"); 811 return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE; 812 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 813 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 814 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 815 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 816 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 817 return QDF_STATUS_CRYPTO_INVALID_KEYLEN; 818 } 819 820 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 821 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 822 | WLAN_CRYPTO_KEY_RECV)) { 823 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 824 | WLAN_CRYPTO_KEY_RECV); 825 } 826 } else { 827 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 828 && (!IS_MGMT_CIPHER(req_key->type))) { 829 return QDF_STATUS_CRYPTO_INVALID_KEYID; 830 } 831 832 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 833 | WLAN_CRYPTO_KEY_RECV); 834 if (isbcast) 835 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 836 } 837 838 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 839 840 wlan_vdev_obj_lock(vdev); 841 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 842 QDF_MAC_ADDR_SIZE); 843 psoc = wlan_vdev_get_psoc(vdev); 844 if (!psoc) { 845 wlan_vdev_obj_unlock(vdev); 846 crypto_err("psoc NULL"); 847 return QDF_STATUS_E_INVAL; 848 } 849 wlan_vdev_obj_unlock(vdev); 850 851 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 852 if (wlan_crypto_vdev_has_auth_mode(vdev, 853 (1 << WLAN_CRYPTO_AUTH_8021X))) { 854 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 855 } 856 } 857 858 if (isbcast) { 859 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 860 &crypto_priv); 861 if (!crypto_priv) { 862 crypto_err("crypto_priv NULL"); 863 return QDF_STATUS_E_INVAL; 864 } 865 866 priv_key = &crypto_priv->crypto_key; 867 868 if (IS_MGMT_CIPHER(req_key->type)) { 869 struct wlan_crypto_key *crypto_key = NULL; 870 871 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 872 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 873 if (!is_igtk(req_key->keyix) && 874 !(is_bigtk(req_key->keyix))) { 875 crypto_err("igtk/bigtk key invalid keyid %d", 876 req_key->keyix); 877 return QDF_STATUS_CRYPTO_INVALID_KEYID; 878 } 879 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 880 if (!key) 881 return QDF_STATUS_E_NOMEM; 882 883 884 if (is_igtk(req_key->keyix)) { 885 crypto_key = priv_key->igtk_key[igtk_idx]; 886 if (crypto_key) 887 qdf_mem_free(crypto_key); 888 889 priv_key->igtk_key[igtk_idx] = key; 890 priv_key->igtk_key_type = req_key->type; 891 priv_key->def_igtk_tx_keyid = igtk_idx; 892 bigtk_idx = 0; 893 } else { 894 crypto_key = priv_key->bigtk_key[bigtk_idx]; 895 if (crypto_key) 896 qdf_mem_free(crypto_key); 897 898 priv_key->bigtk_key[bigtk_idx] = key; 899 priv_key->def_bigtk_tx_keyid = bigtk_idx; 900 igtk_idx = 0; 901 } 902 } else { 903 if (IS_FILS_CIPHER(req_key->type)) { 904 crypto_err("FILS key is not for BroadCast pkt"); 905 return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE; 906 } 907 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 908 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 909 return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE; 910 } 911 if (!priv_key->key[req_key->keyix]) { 912 priv_key->key[req_key->keyix] 913 = qdf_mem_malloc( 914 sizeof(struct wlan_crypto_key)); 915 if (!priv_key->key[req_key->keyix]) 916 return QDF_STATUS_E_NOMEM; 917 } 918 key = priv_key->key[req_key->keyix]; 919 priv_key->def_tx_keyid = req_key->keyix; 920 } 921 if (vdev_mode == QDF_STA_MODE) { 922 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 923 WLAN_CRYPTO_ID); 924 if (!peer) { 925 crypto_err("peer NULL"); 926 if (IS_MGMT_CIPHER(req_key->type)) { 927 priv_key->igtk_key[igtk_idx] = NULL; 928 priv_key->bigtk_key[bigtk_idx] 929 = NULL; 930 priv_key->igtk_key_type 931 = WLAN_CRYPTO_CIPHER_NONE; 932 } else 933 priv_key->key[req_key->keyix] = NULL; 934 if (key) 935 qdf_mem_free(key); 936 return QDF_STATUS_E_INVAL; 937 } 938 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 939 QDF_MAC_ADDR_SIZE); 940 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 941 peer = NULL; 942 } 943 } else { 944 uint8_t pdev_id; 945 946 pdev_id = wlan_objmgr_pdev_get_pdev_id( 947 wlan_vdev_get_pdev(vdev)); 948 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 949 psoc, 950 pdev_id, 951 macaddr, 952 req_key->macaddr, 953 WLAN_CRYPTO_ID); 954 955 if (!peer) { 956 crypto_err("peer NULL"); 957 return QDF_STATUS_E_INVAL; 958 } 959 960 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 961 crypto_params = wlan_crypto_peer_get_comp_params(peer, 962 &crypto_priv); 963 964 if (!crypto_priv) { 965 crypto_err("crypto_priv NULL"); 966 status = QDF_STATUS_E_INVAL; 967 goto err; 968 } 969 970 priv_key = &crypto_priv->crypto_key; 971 972 if (IS_MGMT_CIPHER(req_key->type)) { 973 struct wlan_crypto_key *crypto_key = NULL; 974 975 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 976 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 977 978 if (!is_igtk(req_key->keyix) && 979 !(is_bigtk(req_key->keyix))) { 980 crypto_err("igtk/bigtk key invalid keyid %d", 981 req_key->keyix); 982 status = QDF_STATUS_CRYPTO_INVALID_KEYID; 983 goto err; 984 } 985 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 986 if (!key) { 987 status = QDF_STATUS_E_NOMEM; 988 goto err; 989 } 990 991 if (is_igtk(req_key->keyix)) { 992 crypto_key = priv_key->igtk_key[igtk_idx]; 993 if (crypto_key) 994 qdf_mem_free(crypto_key); 995 996 priv_key->igtk_key[igtk_idx] = key; 997 priv_key->igtk_key_type = req_key->type; 998 priv_key->def_igtk_tx_keyid = igtk_idx; 999 } else { 1000 crypto_key = priv_key->bigtk_key[bigtk_idx]; 1001 if (crypto_key) 1002 qdf_mem_free(crypto_key); 1003 1004 priv_key->bigtk_key[bigtk_idx] = key; 1005 priv_key->def_bigtk_tx_keyid = bigtk_idx; 1006 } 1007 } else { 1008 uint16_t kid = req_key->keyix; 1009 if (kid == WLAN_CRYPTO_KEYIX_NONE) 1010 kid = 0; 1011 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 1012 crypto_err("invalid keyid %d", kid); 1013 status = QDF_STATUS_CRYPTO_INVALID_KEYID; 1014 goto err; 1015 } 1016 if (!priv_key->key[kid]) { 1017 priv_key->key[kid] 1018 = qdf_mem_malloc( 1019 sizeof(struct wlan_crypto_key)); 1020 if (!priv_key->key[kid]) { 1021 status = QDF_STATUS_E_NOMEM; 1022 goto err; 1023 } 1024 } 1025 key = priv_key->key[kid]; 1026 } 1027 } 1028 1029 /* alloc key might not required as it is already there */ 1030 key->cipher_table = (void *)cipher; 1031 key->keylen = req_key->keylen; 1032 key->flags = req_key->flags; 1033 1034 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 1035 key->keyix = 0; 1036 else 1037 key->keyix = req_key->keyix; 1038 1039 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 1040 && (!IS_MGMT_CIPHER(req_key->type))) { 1041 crypto_priv->crypto_key.def_tx_keyid = key->keyix; 1042 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 1043 } 1044 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 1045 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 1046 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 1047 0x5c, 0x36, 0x5c, 0x36, 1048 0x5c, 0x36, 0x5c, 0x36, 1049 0x5c, 0x36, 0x5c, 0x37}; 1050 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 1051 0x5c, 0x36, 0x5c, 0x36, 1052 0x5c, 0x36, 0x5c, 0x36, 1053 0x5c, 0x36, 0x5c, 0x36}; 1054 1055 /* During Tx PN should be increment and 1056 * send but as per our implementation we increment only after 1057 * Tx complete. So First packet PN check will be failed. 1058 * To compensate increment the PN here by 2 1059 */ 1060 if (vdev_mode == QDF_SAP_MODE) { 1061 iv_AP[15] += 2; 1062 qdf_mem_copy(key->recviv, iv_STA, 1063 WLAN_CRYPTO_WAPI_IV_SIZE); 1064 qdf_mem_copy(key->txiv, iv_AP, 1065 WLAN_CRYPTO_WAPI_IV_SIZE); 1066 } else { 1067 iv_STA[15] += 2; 1068 qdf_mem_copy(key->recviv, iv_AP, 1069 WLAN_CRYPTO_WAPI_IV_SIZE); 1070 qdf_mem_copy(key->txiv, iv_STA, 1071 WLAN_CRYPTO_WAPI_IV_SIZE); 1072 } 1073 } else { 1074 uint8_t i = 0; 1075 qdf_mem_copy((uint8_t *)(&key->keytsc), 1076 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 1077 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 1078 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 1079 (uint8_t *)(&req_key->keyrsc), 1080 sizeof(key->keyrsc[0])); 1081 } 1082 } 1083 1084 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1085 if (!tx_ops) { 1086 crypto_err("tx_ops is NULL"); 1087 status = QDF_STATUS_E_INVAL; 1088 goto err; 1089 } 1090 1091 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 1092 key->valid = 1; 1093 if ((IS_MGMT_CIPHER(req_key->type))) { 1094 uint32_t mgmt_cipher = 0; 1095 1096 if (HAS_CIPHER_CAP(crypto_params, 1097 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 1098 is_bigtk(req_key->keyix)) { 1099 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1100 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 1101 key, macaddr, req_key->type); 1102 } 1103 } 1104 QDF_SET_PARAM(mgmt_cipher, req_key->type); 1105 wlan_crypto_set_mgmtcipher(crypto_params, mgmt_cipher); 1106 status = wlan_crypto_set_igtk_key(key); 1107 } else if (IS_FILS_CIPHER(req_key->type)) { 1108 /* Take request key object to FILS setkey */ 1109 key->private = req_key; 1110 } else { 1111 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1112 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, 1113 macaddr, 1114 req_key->type)) { 1115 status = QDF_STATUS_E_INVAL; 1116 goto err; 1117 } 1118 } 1119 } 1120 if (cipher) 1121 status = cipher->setkey(key); 1122 1123 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 1124 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 1125 (!IS_MGMT_CIPHER(req_key->type)) && isbcast) { 1126 /* default xmit key */ 1127 wlan_crypto_default_key(vdev, 1128 req_key->macaddr, 1129 req_key->keyix, 1130 !isbcast); 1131 /*Iterate through the peer list on this vdev 1132 *and store the keyix in the peer's crypto_priv 1133 */ 1134 wlan_objmgr_iterate_peerobj_list(vdev, 1135 wlan_crypto_store_def_keyix, 1136 (void *)&req_key->keyix, 1137 WLAN_CRYPTO_ID); 1138 1139 } 1140 err: 1141 if (peer) 1142 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1143 return status; 1144 } 1145 1146 /** 1147 * wlan_crypto_get_key_type - get keytype 1148 * @key: key 1149 * 1150 * This function gets keytype from key 1151 * 1152 * Return: keytype 1153 */ 1154 wlan_crypto_cipher_type wlan_crypto_get_key_type(struct wlan_crypto_key *key) 1155 { 1156 if (key && key->cipher_table) { 1157 return ((struct wlan_crypto_cipher *) 1158 (key->cipher_table))->cipher; 1159 } 1160 return WLAN_CRYPTO_CIPHER_NONE; 1161 } 1162 qdf_export_symbol(wlan_crypto_get_key_type); 1163 1164 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 1165 uint16_t keyix) 1166 { 1167 struct wlan_crypto_comp_priv *crypto_priv; 1168 struct wlan_crypto_params *crypto_params; 1169 struct wlan_crypto_key *key = NULL; 1170 struct wlan_crypto_keys *priv_key = NULL; 1171 1172 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1173 1174 if (!crypto_priv) { 1175 crypto_err("crypto_priv NULL"); 1176 return NULL; 1177 } 1178 1179 priv_key = &crypto_priv->crypto_key; 1180 1181 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1182 * we return the default key, for all other keyix we return the 1183 * key accordingly. 1184 */ 1185 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1186 !is_valid_keyix(keyix)) 1187 key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid]; 1188 else if (is_bigtk(keyix)) 1189 key = priv_key->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1190 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1191 else if (is_igtk(keyix)) 1192 key = priv_key->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1193 else 1194 key = priv_key->key[keyix]; 1195 1196 if (key && key->valid) 1197 return key; 1198 1199 return NULL; 1200 } 1201 qdf_export_symbol(wlan_crypto_vdev_getkey); 1202 1203 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1204 uint16_t keyix) 1205 { 1206 struct wlan_crypto_comp_priv *crypto_priv; 1207 struct wlan_crypto_params *crypto_params; 1208 struct wlan_crypto_key *key = NULL; 1209 struct wlan_crypto_keys *priv_key = NULL; 1210 1211 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1212 1213 if (!crypto_priv) { 1214 crypto_err("crypto_priv NULL"); 1215 return NULL; 1216 } 1217 1218 priv_key = &crypto_priv->crypto_key; 1219 1220 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1221 * we return the default key, for all other keyix we return the 1222 * key accordingly. 1223 */ 1224 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1225 !is_valid_keyix(keyix)) 1226 key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid]; 1227 else if (is_bigtk(keyix)) 1228 key = priv_key->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1229 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1230 else if (is_igtk(keyix)) 1231 key = priv_key->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1232 else 1233 key = priv_key->key[keyix]; 1234 1235 if (key && key->valid) 1236 return key; 1237 1238 return NULL; 1239 } 1240 qdf_export_symbol(wlan_crypto_peer_getkey); 1241 1242 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1243 struct wlan_crypto_req_key *req_key, 1244 uint8_t *mac_addr) 1245 { 1246 struct wlan_crypto_cipher *cipher_table; 1247 struct wlan_crypto_key *key; 1248 struct wlan_objmgr_psoc *psoc; 1249 struct wlan_lmac_if_tx_ops *tx_ops; 1250 struct wlan_lmac_if_rx_ops *rx_ops; 1251 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1252 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1253 QDF_STATUS status = QDF_STATUS_E_INVAL; 1254 struct wlan_objmgr_peer *peer = NULL; 1255 uint8_t pdev_id; 1256 uint16_t get_pn_enable; 1257 bool is_bcast; 1258 uint8_t *pn_mac_addr; 1259 1260 if (!req_key) { 1261 crypto_err("req_key NULL"); 1262 return QDF_STATUS_E_INVAL; 1263 } 1264 1265 get_pn_enable = req_key->flags & WLAN_CRYPTO_KEY_GET_PN; 1266 1267 wlan_vdev_obj_lock(vdev); 1268 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1269 QDF_MAC_ADDR_SIZE); 1270 psoc = wlan_vdev_get_psoc(vdev); 1271 if (!psoc) { 1272 wlan_vdev_obj_unlock(vdev); 1273 crypto_err("psoc NULL"); 1274 return QDF_STATUS_E_INVAL; 1275 } 1276 wlan_vdev_obj_unlock(vdev); 1277 1278 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1279 if (!tx_ops) { 1280 crypto_err("tx_ops is NULL"); 1281 return QDF_STATUS_E_INVAL; 1282 } 1283 1284 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 1285 if (!rx_ops) { 1286 crypto_err("rx_ops is NULL"); 1287 return QDF_STATUS_E_INVAL; 1288 } 1289 is_bcast = qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr); 1290 1291 if (is_bcast) { 1292 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1293 if (!key) 1294 return QDF_STATUS_E_INVAL; 1295 } else { 1296 1297 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1298 wlan_vdev_get_pdev(vdev)); 1299 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1300 psoc, 1301 pdev_id, 1302 macaddr, 1303 mac_addr, 1304 WLAN_CRYPTO_ID); 1305 if (!peer) { 1306 crypto_err("peer NULL"); 1307 return QDF_STATUS_E_NOENT; 1308 } 1309 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1310 1311 if (!key) { 1312 crypto_err("Key is NULL"); 1313 status = QDF_STATUS_E_INVAL; 1314 goto err; 1315 } 1316 } 1317 1318 if (key->valid) { 1319 qdf_mem_copy(req_key->keydata, 1320 key->keyval, key->keylen); 1321 req_key->keylen = key->keylen; 1322 req_key->keyix = key->keyix; 1323 req_key->flags = key->flags; 1324 1325 if (is_igtk(req_key->keyix) || is_bigtk(req_key->keyix)) { 1326 req_key->type = key->cipher_type; 1327 } else { 1328 cipher_table = key->cipher_table; 1329 1330 if (!cipher_table) { 1331 status = QDF_STATUS_SUCCESS; 1332 goto err; 1333 } 1334 1335 req_key->type = cipher_table->cipher; 1336 } 1337 1338 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1339 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1340 (uint8_t *)(key->txiv), 1341 sizeof(req_key->txiv)); 1342 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1343 (uint8_t *)(key->recviv), 1344 sizeof(req_key->recviv)); 1345 } 1346 1347 if (get_pn_enable) { 1348 pn_mac_addr = ((is_gtk(req_key->keyix) || 1349 is_bigtk(req_key->keyix)) && is_bcast) ? 1350 macaddr : mac_addr; 1351 1352 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)) 1353 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, 1354 pn_mac_addr, 1355 req_key->keyix, 1356 req_key->type); 1357 if (WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)) 1358 WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)( 1359 vdev, mac_addr, req_key->keyix); 1360 1361 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1362 (uint8_t *)(&key->keytsc), 1363 sizeof(req_key->keytsc)); 1364 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1365 (uint8_t *)(&key->keyrsc[0]), 1366 sizeof(req_key->keyrsc)); 1367 } 1368 1369 } 1370 status = QDF_STATUS_SUCCESS; 1371 1372 err: 1373 if (peer) 1374 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1375 1376 return status; 1377 } 1378 1379 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1380 uint8_t *macaddr, 1381 uint8_t key_idx) 1382 { 1383 struct wlan_crypto_comp_priv *crypto_priv; 1384 struct wlan_crypto_params *crypto_params; 1385 struct wlan_crypto_key *key; 1386 struct wlan_crypto_cipher *cipher_table; 1387 struct wlan_objmgr_psoc *psoc; 1388 struct wlan_lmac_if_tx_ops *tx_ops; 1389 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1390 struct wlan_objmgr_peer *peer = NULL; 1391 QDF_STATUS ret = QDF_STATUS_SUCCESS; 1392 1393 if (!vdev || !macaddr || 1394 !is_valid_keyix(key_idx)) { 1395 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1396 vdev, macaddr, key_idx); 1397 return QDF_STATUS_E_INVAL; 1398 } 1399 1400 wlan_vdev_obj_lock(vdev); 1401 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1402 QDF_MAC_ADDR_SIZE); 1403 psoc = wlan_vdev_get_psoc(vdev); 1404 if (!psoc) { 1405 wlan_vdev_obj_unlock(vdev); 1406 crypto_err("psoc NULL"); 1407 return QDF_STATUS_E_INVAL; 1408 } 1409 wlan_vdev_obj_unlock(vdev); 1410 1411 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1412 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1413 &crypto_priv); 1414 if (!crypto_priv) { 1415 crypto_err("crypto_priv NULL"); 1416 return QDF_STATUS_E_INVAL; 1417 } 1418 } else { 1419 uint8_t pdev_id; 1420 1421 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1422 wlan_vdev_get_pdev(vdev)); 1423 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1424 psoc, pdev_id, 1425 bssid_mac, 1426 macaddr, 1427 WLAN_CRYPTO_ID); 1428 if (!peer) { 1429 return QDF_STATUS_E_INVAL; 1430 } 1431 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1432 &crypto_priv); 1433 if (!crypto_priv) { 1434 crypto_err("crypto_priv NULL"); 1435 ret = QDF_STATUS_E_INVAL; 1436 goto ret_rel_ref; 1437 } 1438 } 1439 1440 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1441 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1442 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1443 1444 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1445 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1446 ret = QDF_STATUS_E_INVAL; 1447 goto ret_rel_ref; 1448 } 1449 if (is_igtk(key_idx)) { 1450 key = crypto_priv->crypto_key.igtk_key[igtk_idx]; 1451 crypto_priv->crypto_key.igtk_key[igtk_idx] = NULL; 1452 } else { 1453 key = crypto_priv->crypto_key.bigtk_key[bigtk_idx]; 1454 crypto_priv->crypto_key.bigtk_key[bigtk_idx] = NULL; 1455 } 1456 if (key) 1457 key->valid = 0; 1458 } else { 1459 key = crypto_priv->crypto_key.key[key_idx]; 1460 crypto_priv->crypto_key.key[key_idx] = NULL; 1461 } 1462 1463 if (!key) { 1464 ret = QDF_STATUS_E_INVAL; 1465 goto ret_rel_ref; 1466 } 1467 1468 if (key->valid) { 1469 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1470 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1471 1472 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1473 if (!tx_ops) { 1474 crypto_err("tx_ops is NULL"); 1475 ret = QDF_STATUS_E_INVAL; 1476 goto ret_rel_ref; 1477 } 1478 1479 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1480 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1481 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1482 cipher_table->cipher); 1483 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1484 if (key->private) 1485 qdf_mem_free(key->private); 1486 } 1487 } 1488 1489 /* Zero-out local key variables */ 1490 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1491 qdf_mem_free(key); 1492 key = NULL; 1493 1494 ret_rel_ref: 1495 if (peer) 1496 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1497 1498 return ret; 1499 } 1500 1501 #ifdef CRYPTO_SET_KEY_CONVERGED 1502 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1503 uint8_t key_idx, uint8_t *macaddr) 1504 { 1505 return QDF_STATUS_SUCCESS; 1506 } 1507 #else 1508 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1509 uint8_t key_idx, uint8_t *macaddr) 1510 { 1511 struct wlan_objmgr_psoc *psoc; 1512 struct wlan_lmac_if_tx_ops *tx_ops; 1513 1514 psoc = wlan_vdev_get_psoc(vdev); 1515 if (!psoc) { 1516 crypto_err("psoc is NULL"); 1517 return QDF_STATUS_E_INVAL; 1518 } 1519 1520 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1521 if (!tx_ops) { 1522 crypto_err("tx_ops is NULL"); 1523 return QDF_STATUS_E_INVAL; 1524 } 1525 1526 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1527 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1528 1529 return QDF_STATUS_SUCCESS; 1530 } 1531 #endif 1532 1533 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1534 uint8_t *macaddr, 1535 uint8_t key_idx, 1536 bool unicast) 1537 { 1538 struct wlan_crypto_comp_priv *crypto_priv; 1539 struct wlan_crypto_params *crypto_params; 1540 struct wlan_crypto_key *key; 1541 struct wlan_objmgr_psoc *psoc; 1542 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1543 1544 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1545 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1546 vdev, macaddr, key_idx); 1547 return QDF_STATUS_E_INVAL; 1548 } 1549 1550 wlan_vdev_obj_lock(vdev); 1551 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1552 QDF_MAC_ADDR_SIZE); 1553 psoc = wlan_vdev_get_psoc(vdev); 1554 if (!psoc) { 1555 wlan_vdev_obj_unlock(vdev); 1556 crypto_err("psoc NULL"); 1557 return QDF_STATUS_E_INVAL; 1558 } 1559 wlan_vdev_obj_unlock(vdev); 1560 1561 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1562 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1563 &crypto_priv); 1564 if (!crypto_priv) { 1565 crypto_err("crypto_priv NULL"); 1566 return QDF_STATUS_E_INVAL; 1567 } 1568 1569 key = crypto_priv->crypto_key.key[key_idx]; 1570 if (!key) 1571 return QDF_STATUS_E_INVAL; 1572 } else { 1573 struct wlan_objmgr_peer *peer; 1574 uint8_t pdev_id; 1575 1576 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1577 wlan_vdev_get_pdev(vdev)); 1578 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1579 psoc, pdev_id, 1580 bssid_mac, 1581 macaddr, 1582 WLAN_CRYPTO_ID); 1583 1584 if (!peer) { 1585 crypto_err("peer NULL"); 1586 return QDF_STATUS_E_INVAL; 1587 } 1588 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1589 &crypto_priv); 1590 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1591 if (!crypto_priv) { 1592 crypto_err("crypto_priv NULL"); 1593 return QDF_STATUS_E_INVAL; 1594 } 1595 1596 key = crypto_priv->crypto_key.key[key_idx]; 1597 if (!key) 1598 return QDF_STATUS_E_INVAL; 1599 } 1600 if (!key->valid) 1601 return QDF_STATUS_E_INVAL; 1602 1603 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1604 QDF_STATUS_SUCCESS) 1605 return QDF_STATUS_E_INVAL; 1606 crypto_priv->crypto_key.def_tx_keyid = key_idx; 1607 1608 return QDF_STATUS_SUCCESS; 1609 } 1610 1611 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1612 qdf_nbuf_t wbuf, 1613 uint8_t *mac_addr, 1614 uint8_t encapdone) 1615 { 1616 struct wlan_crypto_comp_priv *crypto_priv; 1617 struct wlan_crypto_params *crypto_params; 1618 struct wlan_crypto_key *key; 1619 struct wlan_crypto_keys *priv_key = NULL; 1620 QDF_STATUS status; 1621 struct wlan_crypto_cipher *cipher_table; 1622 struct wlan_objmgr_psoc *psoc; 1623 struct wlan_objmgr_peer *peer; 1624 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1625 uint8_t pdev_id; 1626 uint8_t hdrlen; 1627 enum QDF_OPMODE opmode; 1628 1629 opmode = wlan_vdev_mlme_get_opmode(vdev); 1630 wlan_vdev_obj_lock(vdev); 1631 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1632 QDF_MAC_ADDR_SIZE); 1633 psoc = wlan_vdev_get_psoc(vdev); 1634 if (!psoc) { 1635 wlan_vdev_obj_unlock(vdev); 1636 crypto_err("psoc NULL"); 1637 return QDF_STATUS_E_INVAL; 1638 } 1639 wlan_vdev_obj_unlock(vdev); 1640 1641 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1642 /* FILS Encap required only for (Re-)Assoc response */ 1643 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1644 1645 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1646 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1647 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1648 return QDF_STATUS_E_INVAL; 1649 } 1650 1651 if (peer) 1652 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1653 peer = NULL; 1654 1655 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1656 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1657 &crypto_priv); 1658 if (!crypto_priv) { 1659 crypto_err("crypto_priv NULL"); 1660 return QDF_STATUS_E_INVAL; 1661 } 1662 1663 priv_key = &crypto_priv->crypto_key; 1664 1665 key = priv_key->key[priv_key->def_tx_keyid]; 1666 if (!key) 1667 return QDF_STATUS_E_INVAL; 1668 1669 } else { 1670 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1671 bssid_mac, mac_addr, 1672 WLAN_CRYPTO_ID); 1673 if (!peer) { 1674 crypto_err("crypto_priv NULL"); 1675 return QDF_STATUS_E_INVAL; 1676 } 1677 1678 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1679 &crypto_priv); 1680 1681 if (!crypto_priv) { 1682 crypto_err("crypto_priv NULL"); 1683 status = QDF_STATUS_E_INVAL; 1684 goto err; 1685 } 1686 1687 priv_key = &crypto_priv->crypto_key; 1688 1689 key = priv_key->key[priv_key->def_tx_keyid]; 1690 if (!key) { 1691 crypto_err("Key is NULL"); 1692 status = QDF_STATUS_E_INVAL; 1693 goto err; 1694 } 1695 } 1696 if (opmode == QDF_MONITOR_MODE) 1697 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1698 else 1699 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1700 (uint8_t *)qdf_nbuf_data(wbuf)); 1701 1702 if (!key->valid || !key->cipher_table) { 1703 status = QDF_STATUS_E_INVAL; 1704 goto err; 1705 } 1706 1707 /* if tkip, is counter measures enabled, then drop the frame */ 1708 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1709 status = cipher_table->encap(key, wbuf, encapdone, 1710 hdrlen); 1711 1712 err: 1713 if (peer) 1714 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1715 1716 return status; 1717 } 1718 qdf_export_symbol(wlan_crypto_encap); 1719 1720 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1721 qdf_nbuf_t wbuf, 1722 uint8_t *mac_addr, 1723 uint8_t tid) 1724 { 1725 struct wlan_crypto_comp_priv *crypto_priv; 1726 struct wlan_crypto_params *crypto_params; 1727 struct wlan_crypto_key *key; 1728 QDF_STATUS status; 1729 struct wlan_crypto_cipher *cipher_table; 1730 struct wlan_objmgr_psoc *psoc; 1731 struct wlan_objmgr_peer *peer; 1732 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1733 uint8_t keyid; 1734 uint8_t pdev_id; 1735 uint8_t hdrlen; 1736 enum QDF_OPMODE opmode; 1737 1738 opmode = wlan_vdev_mlme_get_opmode(vdev); 1739 wlan_vdev_obj_lock(vdev); 1740 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1741 QDF_MAC_ADDR_SIZE); 1742 psoc = wlan_vdev_get_psoc(vdev); 1743 if (!psoc) { 1744 wlan_vdev_obj_unlock(vdev); 1745 crypto_err("psoc NULL"); 1746 return QDF_STATUS_E_INVAL; 1747 } 1748 wlan_vdev_obj_unlock(vdev); 1749 1750 if (opmode == QDF_MONITOR_MODE) 1751 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1752 else 1753 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1754 (uint8_t *)qdf_nbuf_data(wbuf)); 1755 1756 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1757 1758 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1759 return QDF_STATUS_E_INVAL; 1760 1761 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1762 /* FILS Decap required only for (Re-)Assoc request */ 1763 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1764 1765 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1766 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1767 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1768 return QDF_STATUS_E_INVAL; 1769 } 1770 1771 if (peer) 1772 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1773 peer = NULL; 1774 1775 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1776 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1777 &crypto_priv); 1778 if (!crypto_priv) { 1779 crypto_err("crypto_priv NULL"); 1780 return QDF_STATUS_E_INVAL; 1781 } 1782 1783 key = crypto_priv->crypto_key.key[keyid]; 1784 if (!key) 1785 return QDF_STATUS_E_INVAL; 1786 } else { 1787 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1788 psoc, pdev_id, bssid_mac, 1789 mac_addr, WLAN_CRYPTO_ID); 1790 if (!peer) { 1791 crypto_err("peer NULL"); 1792 return QDF_STATUS_E_INVAL; 1793 } 1794 1795 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1796 &crypto_priv); 1797 1798 if (!crypto_priv) { 1799 crypto_err("crypto_priv NULL"); 1800 status = QDF_STATUS_E_INVAL; 1801 goto err; 1802 } 1803 1804 key = crypto_priv->crypto_key.key[keyid]; 1805 if (!key) { 1806 crypto_err("Key is NULL"); 1807 status = QDF_STATUS_E_INVAL; 1808 goto err; 1809 } 1810 } 1811 1812 if (!key->valid || !key->cipher_table) { 1813 status = QDF_STATUS_E_INVAL; 1814 goto err; 1815 } 1816 1817 /* if tkip, is counter measures enabled, then drop the frame */ 1818 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1819 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1820 1821 err: 1822 if (peer) 1823 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1824 1825 return status; 1826 } 1827 qdf_export_symbol(wlan_crypto_decap); 1828 1829 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1830 qdf_nbuf_t wbuf, 1831 uint8_t *mac_addr, 1832 uint8_t encapdone) 1833 { 1834 struct wlan_crypto_comp_priv *crypto_priv; 1835 struct wlan_crypto_params *crypto_params; 1836 struct wlan_crypto_key *key; 1837 struct wlan_crypto_keys *priv_key = NULL; 1838 QDF_STATUS status; 1839 struct wlan_crypto_cipher *cipher_table; 1840 struct wlan_objmgr_psoc *psoc; 1841 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1842 uint8_t hdrlen; 1843 enum QDF_OPMODE opmode; 1844 1845 opmode = wlan_vdev_mlme_get_opmode(vdev); 1846 1847 1848 wlan_vdev_obj_lock(vdev); 1849 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1850 QDF_MAC_ADDR_SIZE); 1851 psoc = wlan_vdev_get_psoc(vdev); 1852 if (!psoc) { 1853 wlan_vdev_obj_unlock(vdev); 1854 crypto_err("psoc NULL"); 1855 return QDF_STATUS_E_INVAL; 1856 } 1857 wlan_vdev_obj_unlock(vdev); 1858 1859 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1860 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1861 &crypto_priv); 1862 if (!crypto_priv) { 1863 crypto_err("crypto_priv NULL"); 1864 return QDF_STATUS_E_INVAL; 1865 } 1866 1867 priv_key = &crypto_priv->crypto_key; 1868 1869 key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid]; 1870 if (!key) 1871 return QDF_STATUS_E_INVAL; 1872 1873 } else { 1874 struct wlan_objmgr_peer *peer; 1875 uint8_t pdev_id; 1876 1877 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1878 wlan_vdev_get_pdev(vdev)); 1879 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1880 psoc, pdev_id, bssid_mac, 1881 mac_addr, WLAN_CRYPTO_ID); 1882 if (!peer) { 1883 crypto_err("crypto_priv NULL"); 1884 return QDF_STATUS_E_INVAL; 1885 } 1886 1887 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1888 &crypto_priv); 1889 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1890 1891 if (!crypto_priv) { 1892 crypto_err("crypto_priv NULL"); 1893 return QDF_STATUS_E_INVAL; 1894 } 1895 1896 priv_key = &crypto_priv->crypto_key; 1897 1898 key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid]; 1899 if (!key) 1900 return QDF_STATUS_E_INVAL; 1901 } 1902 if (opmode == QDF_MONITOR_MODE) 1903 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1904 else 1905 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1906 (uint8_t *)qdf_nbuf_data(wbuf)); 1907 1908 /* if tkip, is counter measures enabled, then drop the frame */ 1909 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1910 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1911 1912 return status; 1913 } 1914 1915 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1916 qdf_nbuf_t wbuf, 1917 uint8_t *mac_addr, 1918 uint8_t tid, 1919 uint8_t keyid) 1920 { 1921 struct wlan_crypto_comp_priv *crypto_priv; 1922 struct wlan_crypto_params *crypto_params; 1923 struct wlan_crypto_key *key; 1924 QDF_STATUS status; 1925 struct wlan_crypto_cipher *cipher_table; 1926 struct wlan_objmgr_psoc *psoc; 1927 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1928 uint8_t hdrlen; 1929 enum QDF_OPMODE opmode; 1930 1931 opmode = wlan_vdev_mlme_get_opmode(vdev); 1932 1933 if (opmode == QDF_MONITOR_MODE) 1934 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1935 else 1936 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1937 (uint8_t *)qdf_nbuf_data(wbuf)); 1938 1939 wlan_vdev_obj_lock(vdev); 1940 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1941 QDF_MAC_ADDR_SIZE); 1942 psoc = wlan_vdev_get_psoc(vdev); 1943 if (!psoc) { 1944 wlan_vdev_obj_unlock(vdev); 1945 crypto_err("psoc NULL"); 1946 return QDF_STATUS_E_INVAL; 1947 } 1948 wlan_vdev_obj_unlock(vdev); 1949 1950 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1951 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1952 &crypto_priv); 1953 if (!crypto_priv) { 1954 crypto_err("crypto_priv NULL"); 1955 return QDF_STATUS_E_INVAL; 1956 } 1957 1958 key = crypto_priv->crypto_key.key[keyid]; 1959 if (!key) 1960 return QDF_STATUS_E_INVAL; 1961 1962 } else { 1963 struct wlan_objmgr_peer *peer; 1964 uint8_t pdev_id; 1965 1966 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1967 wlan_vdev_get_pdev(vdev)); 1968 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1969 psoc, pdev_id, bssid_mac, 1970 mac_addr, WLAN_CRYPTO_ID); 1971 if (!peer) { 1972 crypto_err("peer NULL"); 1973 return QDF_STATUS_E_INVAL; 1974 } 1975 1976 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1977 &crypto_priv); 1978 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1979 1980 if (!crypto_priv) { 1981 crypto_err("crypto_priv NULL"); 1982 return QDF_STATUS_E_INVAL; 1983 } 1984 1985 key = crypto_priv->crypto_key.key[keyid]; 1986 if (!key) 1987 return QDF_STATUS_E_INVAL; 1988 } 1989 /* if tkip, is counter measures enabled, then drop the frame */ 1990 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1991 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1992 1993 return status; 1994 } 1995 1996 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1997 { 1998 1999 struct wlan_crypto_comp_priv *crypto_priv; 2000 struct wlan_crypto_params *vdev_crypto_params; 2001 2002 if (!vdev) 2003 return false; 2004 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2005 &crypto_priv); 2006 if (!crypto_priv) { 2007 crypto_err("crypto_priv NULL"); 2008 return false; 2009 } 2010 2011 if ((vdev_crypto_params->rsn_caps & 2012 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 2013 || (vdev_crypto_params->rsn_caps & 2014 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2015 return true; 2016 } 2017 2018 return false; 2019 } 2020 2021 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 2022 { 2023 struct wlan_crypto_comp_priv *crypto_priv; 2024 struct wlan_crypto_params *vdev_crypto_params; 2025 2026 if (!vdev) 2027 return false; 2028 2029 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2030 &crypto_priv); 2031 if (!crypto_priv) { 2032 crypto_err("crypto_priv NULL"); 2033 return false; 2034 } 2035 2036 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 2037 return true; 2038 2039 return false; 2040 } 2041 2042 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 2043 struct wlan_objmgr_peer *peer) 2044 { 2045 struct wlan_crypto_comp_priv *crypto_priv; 2046 struct wlan_crypto_params *vdev_crypto_params; 2047 struct wlan_crypto_params *peer_crypto_params; 2048 2049 if (!vdev || !peer) 2050 return false; 2051 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2052 &crypto_priv); 2053 if (!crypto_priv) { 2054 crypto_err("crypto_priv NULL"); 2055 return false; 2056 } 2057 2058 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 2059 &crypto_priv); 2060 if (!crypto_priv) { 2061 crypto_err("crypto_priv NULL"); 2062 return false; 2063 } 2064 if (((vdev_crypto_params->rsn_caps & 2065 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 2066 (peer_crypto_params->rsn_caps & 2067 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 2068 || (vdev_crypto_params->rsn_caps & 2069 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2070 return true; 2071 } 2072 2073 return false; 2074 } 2075 2076 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 2077 struct wlan_objmgr_peer *peer, 2078 uint16_t keyidx) 2079 { 2080 struct wlan_crypto_key *key = NULL; 2081 2082 if (!vdev && !peer) 2083 return false; 2084 2085 if (peer) 2086 key = wlan_crypto_peer_getkey(peer, keyidx); 2087 else if (vdev) 2088 key = wlan_crypto_vdev_getkey(vdev, keyidx); 2089 2090 if ((key) && key->valid) 2091 return true; 2092 2093 return false; 2094 } 2095 2096 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 2097 { 2098 a[0] = b[5]; 2099 a[1] = b[4]; 2100 a[2] = b[3]; 2101 a[3] = b[2]; 2102 a[4] = b[1]; 2103 a[5] = b[0]; 2104 } 2105 2106 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 2107 uint8_t *bfrm, 2108 uint32_t len) 2109 { 2110 struct wlan_crypto_key *key; 2111 struct wlan_crypto_keys *priv_key = NULL; 2112 struct wlan_crypto_mmie *mmie; 2113 uint8_t *pn, *aad, *buf, *efrm, nonce[12]; 2114 struct wlan_frame_hdr *hdr; 2115 uint32_t i, hdrlen, mic_len, aad_len; 2116 uint8_t mic[16]; 2117 struct wlan_crypto_comp_priv *crypto_priv; 2118 struct wlan_crypto_params *crypto_params; 2119 int32_t ret = -1; 2120 2121 if (!bfrm) { 2122 crypto_err("frame is NULL"); 2123 return NULL; 2124 } 2125 2126 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2127 &crypto_priv); 2128 if (!crypto_priv) { 2129 crypto_err("crypto_priv NULL"); 2130 return NULL; 2131 } 2132 2133 priv_key = &crypto_priv->crypto_key; 2134 2135 if (priv_key->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 2136 crypto_err("igtk key invalid keyid %d", 2137 priv_key->def_igtk_tx_keyid); 2138 return NULL; 2139 } 2140 2141 key = priv_key->igtk_key[priv_key->def_igtk_tx_keyid]; 2142 if (!key) { 2143 crypto_err("No igtk key present"); 2144 return NULL; 2145 } 2146 mic_len = (priv_key->igtk_key_type 2147 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2148 2149 efrm = bfrm + len; 2150 aad_len = 20; 2151 hdrlen = sizeof(struct wlan_frame_hdr); 2152 len += sizeof(struct wlan_crypto_mmie); 2153 2154 mmie = (struct wlan_crypto_mmie *) efrm; 2155 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2156 mmie->element_id = WLAN_ELEMID_MMIE; 2157 mmie->length = sizeof(*mmie) - 2; 2158 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2159 2160 mic_len = (priv_key->igtk_key_type 2161 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2162 if (mic_len == 8) { 2163 mmie->length -= 8; 2164 len -= 8; 2165 } 2166 /* PN = PN + 1 */ 2167 pn = (uint8_t *)&key->keytsc; 2168 2169 for (i = 0; i <= 5; i++) { 2170 pn[i]++; 2171 if (pn[i]) 2172 break; 2173 } 2174 2175 /* Copy IPN */ 2176 qdf_mem_copy(mmie->sequence_number, pn, 6); 2177 2178 hdr = (struct wlan_frame_hdr *) bfrm; 2179 2180 buf = qdf_mem_malloc(len - hdrlen + 20); 2181 if (!buf) 2182 return NULL; 2183 2184 qdf_mem_zero(buf, len - hdrlen + 20); 2185 aad = buf; 2186 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2187 2188 /* FC type/subtype */ 2189 aad[0] = hdr->i_fc[0]; 2190 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2191 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2192 | WLAN_FC1_MOREDATA)); 2193 /* A1 || A2 || A3 */ 2194 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2195 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2196 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2197 qdf_mem_zero(mic, 16); 2198 2199 /* 2200 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2201 */ 2202 2203 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2204 if (priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2205 2206 ret = omac1_aes_128(key->keyval, buf, 2207 len + aad_len - hdrlen, mic); 2208 qdf_mem_copy(mmie->mic, mic, 8); 2209 2210 } else if (priv_key->igtk_key_type 2211 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2212 2213 ret = omac1_aes_256(key->keyval, buf, 2214 len + aad_len - hdrlen, mmie->mic); 2215 } else if ((priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) || 2216 (priv_key->igtk_key_type 2217 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2218 2219 qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2220 wlan_crypto_gmac_pn_swap(nonce + 6, pn); 2221 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce, 2222 sizeof(nonce), buf, 2223 len + aad_len - hdrlen, mmie->mic); 2224 } 2225 qdf_mem_free(buf); 2226 if (ret < 0) { 2227 crypto_err("add mmie failed"); 2228 return NULL; 2229 } 2230 2231 return bfrm + len; 2232 } 2233 2234 #define MAX_MIC_LEN 16 2235 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2236 uint8_t *frm, 2237 uint8_t *efrm) 2238 { 2239 struct wlan_crypto_mmie *mmie = NULL; 2240 uint8_t *ipn, *aad, *buf, *mic, nonce[12]; 2241 struct wlan_crypto_key *key; 2242 struct wlan_crypto_keys *priv_key = NULL; 2243 struct wlan_frame_hdr *hdr; 2244 uint16_t mic_len, hdrlen, len; 2245 struct wlan_crypto_comp_priv *crypto_priv; 2246 struct wlan_crypto_params *crypto_params; 2247 uint8_t aad_len = 20; 2248 int32_t ret = -1; 2249 2250 /* check if frame is illegal length */ 2251 if (!frm || !efrm || (efrm < frm) 2252 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2253 crypto_err("Invalid params"); 2254 return false; 2255 } 2256 len = efrm - frm; 2257 crypto_priv = (struct wlan_crypto_comp_priv *) 2258 wlan_get_vdev_crypto_obj(vdev); 2259 if (!crypto_priv) { 2260 crypto_err("crypto_priv NULL"); 2261 return false; 2262 } 2263 2264 priv_key = &crypto_priv->crypto_key; 2265 2266 crypto_params = &(crypto_priv->crypto_params); 2267 2268 2269 mic_len = (priv_key->igtk_key_type 2270 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2271 hdrlen = sizeof(struct wlan_frame_hdr); 2272 2273 if (mic_len == 8) 2274 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2275 else 2276 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2277 2278 2279 /* check Elem ID*/ 2280 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2281 crypto_err("IE is not MMIE"); 2282 return false; 2283 } 2284 2285 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2286 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2287 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2288 crypto_err("keyid not valid"); 2289 return false; 2290 } 2291 2292 key = priv_key->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2293 if (!key) { 2294 crypto_err("No igtk key present"); 2295 return false; 2296 } 2297 2298 /* validate ipn */ 2299 ipn = mmie->sequence_number; 2300 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2301 uint8_t *su = (uint8_t *)key->keyrsc; 2302 uint8_t *end = ipn + 6; 2303 struct wlan_objmgr_peer *peer = wlan_vdev_get_selfpeer(vdev); 2304 2305 crypto_err("replay error :"); 2306 while (ipn < end) { 2307 crypto_err("expected pn = %x received pn = %x", 2308 *ipn++, *su++); 2309 } 2310 wlan_cp_stats_vdev_mcast_rx_pnerr(vdev); 2311 wlan_cp_stats_peer_rx_pnerr(peer); 2312 return false; 2313 } 2314 2315 buf = qdf_mem_malloc(len - hdrlen + 20); 2316 if (!buf) 2317 return false; 2318 2319 aad = buf; 2320 2321 /* construct AAD */ 2322 hdr = (struct wlan_frame_hdr *)frm; 2323 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2324 2325 /* FC type/subtype */ 2326 aad[0] = hdr->i_fc[0]; 2327 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2328 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2329 | WLAN_FC1_MOREDATA)); 2330 /* A1 || A2 || A3 */ 2331 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2332 2333 /* 2334 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2335 */ 2336 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2337 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2338 mic = qdf_mem_malloc(MAX_MIC_LEN); 2339 if (!mic) { 2340 qdf_mem_free(buf); 2341 return false; 2342 } 2343 if (priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2344 ret = omac1_aes_128(key->keyval, buf, 2345 len - hdrlen + aad_len, mic); 2346 } else if (priv_key->igtk_key_type 2347 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2348 ret = omac1_aes_256(key->keyval, buf, 2349 len + aad_len - hdrlen, mic); 2350 } else if ((priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) || 2351 (priv_key->igtk_key_type 2352 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2353 qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2354 wlan_crypto_gmac_pn_swap(nonce + 6, ipn); 2355 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce, 2356 sizeof(nonce), buf, 2357 len + aad_len - hdrlen, mic); 2358 } 2359 2360 qdf_mem_free(buf); 2361 2362 if (ret < 0) { 2363 qdf_mem_free(mic); 2364 crypto_err("generate mmie failed"); 2365 return false; 2366 } 2367 2368 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2369 qdf_mem_free(mic); 2370 crypto_err("mmie mismatch"); 2371 /* MMIE MIC mismatch */ 2372 return false; 2373 } 2374 2375 qdf_mem_free(mic); 2376 /* Update the receive sequence number */ 2377 qdf_mem_copy(key->keyrsc, ipn, 6); 2378 crypto_debug("mmie matched"); 2379 2380 return true; 2381 } 2382 2383 2384 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2385 { 2386 int32_t status = -1; 2387 2388 switch (cipher) { 2389 case WLAN_CRYPTO_CIPHER_TKIP: 2390 return WPA_CIPHER_SUITE_TKIP; 2391 case WLAN_CRYPTO_CIPHER_AES_CCM: 2392 return WPA_CIPHER_SUITE_CCMP; 2393 case WLAN_CRYPTO_CIPHER_NONE: 2394 return WPA_CIPHER_SUITE_NONE; 2395 } 2396 2397 return status; 2398 } 2399 2400 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2401 { 2402 int32_t status = -1; 2403 2404 switch (cipher) { 2405 case WLAN_CRYPTO_CIPHER_TKIP: 2406 return RSN_CIPHER_SUITE_TKIP; 2407 case WLAN_CRYPTO_CIPHER_AES_CCM: 2408 return RSN_CIPHER_SUITE_CCMP; 2409 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2410 return RSN_CIPHER_SUITE_CCMP_256; 2411 case WLAN_CRYPTO_CIPHER_AES_GCM: 2412 return RSN_CIPHER_SUITE_GCMP; 2413 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2414 return RSN_CIPHER_SUITE_GCMP_256; 2415 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2416 return RSN_CIPHER_SUITE_AES_CMAC; 2417 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2418 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2419 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2420 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2421 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2422 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2423 case WLAN_CRYPTO_CIPHER_NONE: 2424 return RSN_CIPHER_SUITE_NONE; 2425 } 2426 2427 return status; 2428 } 2429 2430 /* 2431 * Convert an RSN key management/authentication algorithm 2432 * to an internal code. 2433 */ 2434 static int32_t 2435 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2436 { 2437 int32_t status = -1; 2438 2439 switch (keymgmt) { 2440 case WLAN_CRYPTO_KEY_MGMT_NONE: 2441 return RSN_AUTH_KEY_MGMT_NONE; 2442 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2443 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2444 case WLAN_CRYPTO_KEY_MGMT_PSK: 2445 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2446 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2447 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2448 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2449 return RSN_AUTH_KEY_MGMT_FT_PSK; 2450 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2451 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2452 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2453 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2454 case WLAN_CRYPTO_KEY_MGMT_SAE: 2455 return RSN_AUTH_KEY_MGMT_SAE; 2456 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2457 return RSN_AUTH_KEY_MGMT_FT_SAE; 2458 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2459 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2460 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2461 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2462 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2463 return RSN_AUTH_KEY_MGMT_CCKM; 2464 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2465 return RSN_AUTH_KEY_MGMT_OSEN; 2466 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2467 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2468 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2469 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2470 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2471 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2472 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2473 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2474 case WLAN_CRYPTO_KEY_MGMT_OWE: 2475 return RSN_AUTH_KEY_MGMT_OWE; 2476 case WLAN_CRYPTO_KEY_MGMT_DPP: 2477 return RSN_AUTH_KEY_MGMT_DPP; 2478 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384: 2479 return RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384; 2480 case WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY: 2481 return RSN_AUTH_KEY_MGMT_SAE_EXT_KEY; 2482 case WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY: 2483 return RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY; 2484 } 2485 2486 return status; 2487 } 2488 2489 /* 2490 * Convert an RSN key management/authentication algorithm 2491 * to an internal code. 2492 */ 2493 static int32_t 2494 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2495 { 2496 int32_t status = -1; 2497 2498 switch (keymgmt) { 2499 case WLAN_CRYPTO_KEY_MGMT_NONE: 2500 return WPA_AUTH_KEY_MGMT_NONE; 2501 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2502 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2503 case WLAN_CRYPTO_KEY_MGMT_PSK: 2504 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2505 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2506 return WPA_AUTH_KEY_MGMT_CCKM; 2507 } 2508 2509 return status; 2510 } 2511 2512 /* 2513 * Convert a WPA cipher selector OUI to an internal 2514 * cipher algorithm. Where appropriate we also 2515 * record any key length. 2516 */ 2517 static int32_t wlan_crypto_wpa_suite_to_cipher(const uint8_t *sel) 2518 { 2519 uint32_t w = LE_READ_4(sel); 2520 int32_t status = -1; 2521 2522 switch (w) { 2523 case WPA_CIPHER_SUITE_TKIP: 2524 return WLAN_CRYPTO_CIPHER_TKIP; 2525 case WPA_CIPHER_SUITE_CCMP: 2526 return WLAN_CRYPTO_CIPHER_AES_CCM; 2527 case WPA_CIPHER_SUITE_NONE: 2528 return WLAN_CRYPTO_CIPHER_NONE; 2529 } 2530 2531 return status; 2532 } 2533 2534 /* 2535 * Convert a WPA key management/authentication algorithm 2536 * to an internal code. 2537 */ 2538 static int32_t wlan_crypto_wpa_suite_to_keymgmt(const uint8_t *sel) 2539 { 2540 uint32_t w = LE_READ_4(sel); 2541 int32_t status = -1; 2542 2543 switch (w) { 2544 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2545 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2546 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2547 return WLAN_CRYPTO_KEY_MGMT_PSK; 2548 case WPA_AUTH_KEY_MGMT_CCKM: 2549 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2550 case WPA_AUTH_KEY_MGMT_NONE: 2551 return WLAN_CRYPTO_KEY_MGMT_NONE; 2552 } 2553 return status; 2554 } 2555 2556 /* 2557 * Convert a RSN cipher selector OUI to an internal 2558 * cipher algorithm. Where appropriate we also 2559 * record any key length. 2560 */ 2561 static int32_t wlan_crypto_rsn_suite_to_cipher(const uint8_t *sel) 2562 { 2563 uint32_t w = LE_READ_4(sel); 2564 int32_t status = -1; 2565 2566 switch (w) { 2567 case RSN_CIPHER_SUITE_TKIP: 2568 return WLAN_CRYPTO_CIPHER_TKIP; 2569 case RSN_CIPHER_SUITE_CCMP: 2570 return WLAN_CRYPTO_CIPHER_AES_CCM; 2571 case RSN_CIPHER_SUITE_CCMP_256: 2572 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2573 case RSN_CIPHER_SUITE_GCMP: 2574 return WLAN_CRYPTO_CIPHER_AES_GCM; 2575 case RSN_CIPHER_SUITE_GCMP_256: 2576 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2577 case RSN_CIPHER_SUITE_AES_CMAC: 2578 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2579 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2580 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2581 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2582 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2583 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2584 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2585 case RSN_CIPHER_SUITE_NONE: 2586 return WLAN_CRYPTO_CIPHER_NONE; 2587 } 2588 2589 return status; 2590 } 2591 /* 2592 * Convert an RSN key management/authentication algorithm 2593 * to an internal code. 2594 */ 2595 static int32_t wlan_crypto_rsn_suite_to_keymgmt(const uint8_t *sel) 2596 { 2597 uint32_t w = LE_READ_4(sel); 2598 int32_t status = -1; 2599 2600 switch (w) { 2601 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2602 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2603 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2604 return WLAN_CRYPTO_KEY_MGMT_PSK; 2605 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2606 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2607 case RSN_AUTH_KEY_MGMT_FT_PSK: 2608 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2609 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2610 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2611 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2612 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2613 case RSN_AUTH_KEY_MGMT_SAE: 2614 return WLAN_CRYPTO_KEY_MGMT_SAE; 2615 case RSN_AUTH_KEY_MGMT_FT_SAE: 2616 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2617 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2618 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2619 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2620 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2621 case RSN_AUTH_KEY_MGMT_CCKM: 2622 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2623 case RSN_AUTH_KEY_MGMT_OSEN: 2624 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2625 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2626 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2627 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2628 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2629 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2630 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2631 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2632 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2633 case RSN_AUTH_KEY_MGMT_OWE: 2634 return WLAN_CRYPTO_KEY_MGMT_OWE; 2635 case RSN_AUTH_KEY_MGMT_DPP: 2636 return WLAN_CRYPTO_KEY_MGMT_DPP; 2637 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2638 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2639 case RSN_AUTH_KEY_MGMT_FT_PSK_SHA384: 2640 return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384; 2641 case RSN_AUTH_KEY_MGMT_PSK_SHA384: 2642 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384; 2643 case RSN_AUTH_KEY_MGMT_SAE_EXT_KEY: 2644 return WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY; 2645 case RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY: 2646 return WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY; 2647 } 2648 2649 return status; 2650 } 2651 2652 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2653 const uint8_t *frm) 2654 { 2655 uint8_t len = frm[1]; 2656 int32_t w; 2657 int n; 2658 2659 /* 2660 * Check the length once for fixed parts: OUI, type, 2661 * version, mcast cipher, and 2 selector counts. 2662 * Other, variable-length data, must be checked separately. 2663 */ 2664 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2665 2666 if (len < 14) 2667 return QDF_STATUS_E_INVAL; 2668 2669 frm += 6, len -= 4; 2670 2671 w = LE_READ_2(frm); 2672 if (w != WPA_VERSION) 2673 return QDF_STATUS_E_INVAL; 2674 2675 frm += 2, len -= 2; 2676 2677 /* multicast/group cipher */ 2678 w = wlan_crypto_wpa_suite_to_cipher(frm); 2679 if (w < 0) 2680 return QDF_STATUS_E_INVAL; 2681 SET_MCAST_CIPHER(crypto_params, w); 2682 frm += 4, len -= 4; 2683 2684 /* unicast ciphers */ 2685 n = LE_READ_2(frm); 2686 frm += 2, len -= 2; 2687 if (len < n*4+2) 2688 return QDF_STATUS_E_INVAL; 2689 2690 for (; n > 0; n--) { 2691 w = wlan_crypto_wpa_suite_to_cipher(frm); 2692 if (w < 0) 2693 return QDF_STATUS_E_INVAL; 2694 SET_UCAST_CIPHER(crypto_params, w); 2695 frm += 4, len -= 4; 2696 } 2697 2698 if (!crypto_params->ucastcipherset) 2699 return QDF_STATUS_E_INVAL; 2700 2701 /* key management algorithms */ 2702 n = LE_READ_2(frm); 2703 frm += 2, len -= 2; 2704 if (len < n*4) 2705 return QDF_STATUS_E_INVAL; 2706 2707 w = 0; 2708 for (; n > 0; n--) { 2709 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2710 if (w < 0) 2711 return QDF_STATUS_E_INVAL; 2712 SET_KEY_MGMT(crypto_params, w); 2713 frm += 4, len -= 4; 2714 } 2715 2716 /* optional capabilities */ 2717 if (len >= 2) { 2718 crypto_params->rsn_caps = LE_READ_2(frm); 2719 frm += 2, len -= 2; 2720 } 2721 2722 return QDF_STATUS_SUCCESS; 2723 } 2724 2725 #ifdef WLAN_ADAPTIVE_11R 2726 /** 2727 * wlan_crypto_store_akm_list_in_order() - store AMK list in order 2728 * @crypto_params: crypto param structure 2729 * @key_mgmt: key management 2730 * @akm_index: place at which AMK present in RSN IE of Beacon/Probe response 2731 * 2732 * Return: none 2733 */ 2734 static void 2735 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params, 2736 int32_t key_mgmt, int akm_index) 2737 { 2738 if (akm_index >= WLAN_CRYPTO_KEY_MGMT_MAX) { 2739 crypto_debug("Invalid AKM Index"); 2740 return; 2741 } 2742 2743 crypto_params->akm_list[akm_index].key_mgmt = key_mgmt; 2744 } 2745 #else 2746 static inline void 2747 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params, 2748 int32_t key_mgmt, int akm_index) 2749 { 2750 } 2751 #endif 2752 2753 void wlan_crypto_rsnxie_check(struct wlan_crypto_params *crypto_params, 2754 const uint8_t *rsnxe) 2755 { 2756 uint8_t i = 0, len = rsnxe[1]; 2757 2758 for (; len > 0 ; len--) { 2759 ((uint8_t *)(&crypto_params->rsnx_caps))[i] = rsnxe[2 + i]; 2760 i++; 2761 } 2762 /*First 4bits of RSNX capabilitities field is the length of 2763 *the Extended RSN capabilities field -1 2764 *Hence Ignoring them 2765 */ 2766 ((uint8_t *)(&crypto_params->rsnx_caps))[0] &= 0xf0; 2767 } 2768 2769 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2770 const uint8_t *frm) 2771 { 2772 uint8_t len = frm[1]; 2773 int32_t w; 2774 int n, akm_index; 2775 2776 /* Check the length once for fixed parts: OUI, type & version */ 2777 if (len < 2) 2778 return QDF_STATUS_E_INVAL; 2779 2780 /* initialize crypto params */ 2781 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2782 2783 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2784 2785 frm += 2; 2786 /* NB: iswapoui already validated the OUI and type */ 2787 w = LE_READ_2(frm); 2788 if (w != RSN_VERSION) 2789 return QDF_STATUS_E_INVAL; 2790 2791 frm += 2, len -= 2; 2792 2793 if (!len) { 2794 /* set defaults */ 2795 /* default group cipher CCMP-128 */ 2796 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2797 /* default ucast cipher CCMP-128 */ 2798 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2799 /* default key mgmt 8021x */ 2800 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2801 return QDF_STATUS_SUCCESS; 2802 } else if (len < 4) { 2803 return QDF_STATUS_E_INVAL; 2804 } 2805 2806 /* multicast/group cipher */ 2807 w = wlan_crypto_rsn_suite_to_cipher(frm); 2808 if (w < 0) 2809 return QDF_STATUS_E_INVAL; 2810 else { 2811 SET_MCAST_CIPHER(crypto_params, w); 2812 frm += 4, len -= 4; 2813 } 2814 2815 if (crypto_params->mcastcipherset == 0) 2816 return QDF_STATUS_E_INVAL; 2817 2818 if (!len) { 2819 /* default ucast cipher CCMP-128 */ 2820 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2821 /* default key mgmt 8021x */ 2822 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2823 return QDF_STATUS_SUCCESS; 2824 } else if (len < 2) { 2825 return QDF_STATUS_E_INVAL; 2826 } 2827 2828 /* unicast ciphers */ 2829 n = LE_READ_2(frm); 2830 frm += 2, len -= 2; 2831 if (n) { 2832 if (len < n * 4) 2833 return QDF_STATUS_E_INVAL; 2834 2835 for (; n > 0; n--) { 2836 w = wlan_crypto_rsn_suite_to_cipher(frm); 2837 if (w >= 0) 2838 SET_UCAST_CIPHER(crypto_params, w); 2839 frm += 4, len -= 4; 2840 } 2841 } else { 2842 /* default ucast cipher CCMP-128 */ 2843 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2844 } 2845 2846 if (crypto_params->ucastcipherset == 0) 2847 return QDF_STATUS_E_INVAL; 2848 2849 if (!len) { 2850 /* default key mgmt 8021x */ 2851 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2852 return QDF_STATUS_SUCCESS; 2853 } else if (len < 2) { 2854 return QDF_STATUS_E_INVAL; 2855 } 2856 2857 /* key management algorithms */ 2858 n = LE_READ_2(frm); 2859 frm += 2, len -= 2; 2860 2861 if (n) { 2862 if (len < n * 4) 2863 return QDF_STATUS_E_INVAL; 2864 akm_index = 0; 2865 for (; n > 0; n--) { 2866 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2867 if (w >= 0) { 2868 SET_KEY_MGMT(crypto_params, w); 2869 wlan_crypto_store_akm_list_in_order( 2870 crypto_params, w, akm_index); 2871 akm_index++; 2872 } 2873 2874 frm += 4, len -= 4; 2875 } 2876 } else { 2877 /* default key mgmt 8021x */ 2878 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2879 } 2880 2881 if (crypto_params->key_mgmt == 0) 2882 return QDF_STATUS_E_INVAL; 2883 2884 /* optional capabilities */ 2885 if (len >= 2) { 2886 crypto_params->rsn_caps = LE_READ_2(frm); 2887 frm += 2, len -= 2; 2888 } else if (len && len < 2) { 2889 return QDF_STATUS_E_INVAL; 2890 } 2891 2892 2893 /* PMKID */ 2894 if (len >= 2) { 2895 n = LE_READ_2(frm); 2896 frm += 2, len -= 2; 2897 if (n && len) { 2898 if (len >= n * PMKID_LEN) 2899 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2900 else 2901 return QDF_STATUS_E_INVAL; 2902 } else if (n && !len) { 2903 return QDF_STATUS_E_INVAL; 2904 } 2905 /*TODO: Save pmkid in params for further reference */ 2906 } else if (len == 1) { 2907 crypto_err("PMKID is truncated"); 2908 return QDF_STATUS_E_INVAL; 2909 } 2910 2911 /* BIP */ 2912 if (!len) { 2913 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2914 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 2915 SET_MGMT_CIPHER(crypto_params, 2916 WLAN_CRYPTO_CIPHER_AES_CMAC); 2917 return QDF_STATUS_SUCCESS; 2918 } else if (len < 4) { 2919 crypto_err("Mgmt cipher is truncated"); 2920 return QDF_STATUS_E_INVAL; 2921 } 2922 w = wlan_crypto_rsn_suite_to_cipher(frm); 2923 frm += 4, len -= 4; 2924 SET_MGMT_CIPHER(crypto_params, w); 2925 2926 return QDF_STATUS_SUCCESS; 2927 } 2928 2929 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2930 uint8_t *iebuf) 2931 { 2932 uint8_t *frm = iebuf; 2933 uint8_t *selcnt; 2934 struct wlan_crypto_comp_priv *crypto_priv; 2935 struct wlan_crypto_params *crypto_params; 2936 2937 if (!frm) 2938 return NULL; 2939 2940 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2941 2942 if (!crypto_params) 2943 return NULL; 2944 2945 *frm++ = WLAN_ELEMID_VENDOR; 2946 *frm++ = 0; 2947 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2948 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2949 2950 2951 /* multicast cipher */ 2952 if (MCIPHER_IS_TKIP(crypto_params)) 2953 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2954 else if (MCIPHER_IS_CCMP128(crypto_params)) 2955 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2956 2957 /* unicast cipher list */ 2958 selcnt = frm; 2959 WLAN_CRYPTO_ADDSHORT(frm, 0); 2960 /* do not use CCMP unicast cipher in WPA mode */ 2961 if (UCIPHER_IS_CCMP128(crypto_params)) { 2962 selcnt[0]++; 2963 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2964 } 2965 if (UCIPHER_IS_TKIP(crypto_params)) { 2966 selcnt[0]++; 2967 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2968 } 2969 2970 /* authenticator selector list */ 2971 selcnt = frm; 2972 WLAN_CRYPTO_ADDSHORT(frm, 0); 2973 2974 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2975 selcnt[0]++; 2976 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2977 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2978 selcnt[0]++; 2979 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2980 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2981 selcnt[0]++; 2982 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2983 } else { 2984 selcnt[0]++; 2985 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2986 } 2987 2988 /* optional capabilities */ 2989 if (crypto_params->rsn_caps != 0 && 2990 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2991 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2992 } 2993 2994 /* calculate element length */ 2995 iebuf[1] = frm - iebuf - 2; 2996 2997 return frm; 2998 } 2999 3000 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 3001 uint8_t *iebuf, 3002 struct wlan_crypto_pmksa *pmksa) 3003 { 3004 uint8_t *frm = iebuf; 3005 uint8_t *selcnt; 3006 struct wlan_crypto_comp_priv *crypto_priv; 3007 struct wlan_crypto_params *crypto_params; 3008 3009 if (!frm) { 3010 return NULL; 3011 } 3012 3013 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3014 3015 if (!crypto_params) { 3016 return NULL; 3017 } 3018 3019 *frm++ = WLAN_ELEMID_RSN; 3020 *frm++ = 0; 3021 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 3022 3023 3024 /* multicast cipher */ 3025 if (MCIPHER_IS_TKIP(crypto_params)) 3026 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3027 else if (MCIPHER_IS_CCMP128(crypto_params)) 3028 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3029 else if (MCIPHER_IS_CCMP256(crypto_params)) 3030 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 3031 else if (MCIPHER_IS_GCMP128(crypto_params)) 3032 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 3033 else if (MCIPHER_IS_GCMP256(crypto_params)) 3034 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 3035 3036 /* unicast cipher list */ 3037 selcnt = frm; 3038 WLAN_CRYPTO_ADDSHORT(frm, 0); 3039 3040 if (UCIPHER_IS_CCMP256(crypto_params)) { 3041 selcnt[0]++; 3042 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 3043 } 3044 if (UCIPHER_IS_GCMP256(crypto_params)) { 3045 selcnt[0]++; 3046 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 3047 } 3048 if (UCIPHER_IS_CCMP128(crypto_params)) { 3049 selcnt[0]++; 3050 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3051 } 3052 if (UCIPHER_IS_GCMP128(crypto_params)) { 3053 selcnt[0]++; 3054 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 3055 } 3056 if (UCIPHER_IS_TKIP(crypto_params)) { 3057 selcnt[0]++; 3058 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3059 } 3060 3061 /* authenticator selector list */ 3062 selcnt = frm; 3063 WLAN_CRYPTO_ADDSHORT(frm, 0); 3064 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 3065 selcnt[0]++; 3066 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 3067 /* Other key mgmt should not be added after CCKM */ 3068 goto add_rsn_caps; 3069 } 3070 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 3071 selcnt[0]++; 3072 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 3073 } 3074 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 3075 selcnt[0]++; 3076 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 3077 } 3078 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 3079 selcnt[0]++; 3080 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3081 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 3082 } 3083 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 3084 selcnt[0]++; 3085 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 3086 } 3087 if (HAS_KEY_MGMT(crypto_params, 3088 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 3089 selcnt[0]++; 3090 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3091 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 3092 } 3093 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 3094 selcnt[0]++; 3095 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 3096 } 3097 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 3098 selcnt[0]++; 3099 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 3100 } 3101 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 3102 selcnt[0]++; 3103 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 3104 } 3105 if (HAS_KEY_MGMT(crypto_params, 3106 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 3107 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 3108 3109 selcnt[0]++; 3110 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3111 } 3112 if (HAS_KEY_MGMT(crypto_params, 3113 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 3114 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 3115 3116 selcnt[0]++; 3117 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3118 } 3119 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 3120 selcnt[0]++; 3121 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 3122 } 3123 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 3124 selcnt[0]++; 3125 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 3126 } 3127 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 3128 selcnt[0]++; 3129 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3130 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 3131 } 3132 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 3133 selcnt[0]++; 3134 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3135 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 3136 } 3137 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 3138 selcnt[0]++; 3139 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 3140 } 3141 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 3142 selcnt[0]++; 3143 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 3144 } 3145 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 3146 selcnt[0]++; 3147 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 3148 } 3149 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY)) { 3150 selcnt[0]++; 3151 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY); 3152 } 3153 if (HAS_KEY_MGMT(crypto_params, 3154 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) { 3155 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 3156 3157 selcnt[0]++; 3158 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3159 } 3160 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY)) { 3161 selcnt[0]++; 3162 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3163 WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY); 3164 } 3165 add_rsn_caps: 3166 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3167 /* optional capabilities */ 3168 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 3169 /* PMK list */ 3170 if (pmksa) { 3171 WLAN_CRYPTO_ADDSHORT(frm, 1); 3172 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3173 frm += PMKID_LEN; 3174 } else { 3175 WLAN_CRYPTO_ADDSHORT(frm, 0); 3176 } 3177 3178 if (HAS_MGMT_CIPHER(crypto_params, 3179 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 3180 RSN_ADD_CIPHER_TO_SUITE(frm, 3181 WLAN_CRYPTO_CIPHER_AES_CMAC); 3182 } 3183 if (HAS_MGMT_CIPHER(crypto_params, 3184 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 3185 RSN_ADD_CIPHER_TO_SUITE(frm, 3186 WLAN_CRYPTO_CIPHER_AES_GMAC); 3187 } 3188 if (HAS_MGMT_CIPHER(crypto_params, 3189 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 3190 RSN_ADD_CIPHER_TO_SUITE(frm, 3191 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3192 ); 3193 } 3194 3195 if (HAS_MGMT_CIPHER(crypto_params, 3196 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3197 RSN_ADD_CIPHER_TO_SUITE(frm, 3198 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3199 ); 3200 } 3201 } else { 3202 /* PMK list */ 3203 if (pmksa) { 3204 WLAN_CRYPTO_ADDSHORT(frm, 1); 3205 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3206 frm += PMKID_LEN; 3207 } 3208 } 3209 3210 /* calculate element length */ 3211 iebuf[1] = frm - iebuf - 2; 3212 3213 return frm; 3214 } 3215 3216 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3217 uint8_t *iebuf, 3218 struct qdf_mac_addr *bssid) 3219 { 3220 struct wlan_crypto_pmksa *pmksa = NULL; 3221 3222 if (bssid) 3223 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3224 3225 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3226 } 3227 3228 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3229 struct wlan_crypto_params *crypto_params) 3230 { 3231 struct wlan_crypto_params *my_crypto_params; 3232 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3233 3234 if (!my_crypto_params) { 3235 crypto_debug("vdev crypto params is NULL"); 3236 return false; 3237 } 3238 /* 3239 * Check peer's pairwise ciphers. 3240 * At least one must match with our unicast cipher 3241 */ 3242 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3243 crypto_debug("Unicast cipher match failed"); 3244 return false; 3245 } 3246 /* 3247 * Check peer's group cipher is our enabled multicast cipher. 3248 */ 3249 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3250 crypto_debug("Multicast cipher match failed"); 3251 return false; 3252 } 3253 /* 3254 * Check peer's key management class set (PSK or UNSPEC) 3255 */ 3256 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3257 crypto_debug("Key mgmt match failed"); 3258 return false; 3259 } 3260 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3261 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3262 crypto_debug("Peer is not PMF capable"); 3263 return false; 3264 } 3265 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3266 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3267 crypto_debug("Peer needs PMF, but vdev is not capable"); 3268 return false; 3269 } 3270 3271 return true; 3272 } 3273 3274 /* 3275 * Convert an WAPI CIPHER suite to to an internal code. 3276 */ 3277 static int32_t wlan_crypto_wapi_suite_to_cipher(const uint8_t *sel) 3278 { 3279 uint32_t w = LE_READ_4(sel); 3280 int32_t status = -1; 3281 3282 switch (w) { 3283 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3284 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3285 } 3286 3287 return status; 3288 } 3289 3290 /* 3291 * Convert an WAPI key management/authentication algorithm 3292 * to an internal code. 3293 */ 3294 static int32_t wlan_crypto_wapi_keymgmt(const u_int8_t *sel) 3295 { 3296 uint32_t w = LE_READ_4(sel); 3297 int32_t status = -1; 3298 3299 switch (w) { 3300 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3301 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3302 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3303 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3304 } 3305 3306 return status; 3307 } 3308 3309 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3310 const uint8_t *frm) 3311 { 3312 uint8_t len = frm[1]; 3313 int32_t w; 3314 int n; 3315 3316 /* 3317 * Check the length once for fixed parts: OUI, type, 3318 * version, mcast cipher, and 2 selector counts. 3319 * Other, variable-length data, must be checked separately. 3320 */ 3321 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3322 3323 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3324 return QDF_STATUS_E_INVAL; 3325 3326 3327 frm += 2; 3328 3329 w = LE_READ_2(frm); 3330 frm += 2, len -= 2; 3331 if (w != WAPI_VERSION) 3332 return QDF_STATUS_E_INVAL; 3333 3334 n = LE_READ_2(frm); 3335 frm += 2, len -= 2; 3336 if (len < n*4+2) 3337 return QDF_STATUS_E_INVAL; 3338 3339 for (; n > 0; n--) { 3340 w = wlan_crypto_wapi_keymgmt(frm); 3341 if (w < 0) 3342 return QDF_STATUS_E_INVAL; 3343 3344 SET_KEY_MGMT(crypto_params, w); 3345 frm += 4, len -= 4; 3346 } 3347 3348 /* unicast ciphers */ 3349 n = LE_READ_2(frm); 3350 frm += 2, len -= 2; 3351 if (len < n*4+2) 3352 return QDF_STATUS_E_INVAL; 3353 3354 for (; n > 0; n--) { 3355 w = wlan_crypto_wapi_suite_to_cipher(frm); 3356 if (w < 0) 3357 return QDF_STATUS_E_INVAL; 3358 SET_UCAST_CIPHER(crypto_params, w); 3359 frm += 4, len -= 4; 3360 } 3361 3362 if (!crypto_params->ucastcipherset) 3363 return QDF_STATUS_E_INVAL; 3364 3365 /* multicast/group cipher */ 3366 w = wlan_crypto_wapi_suite_to_cipher(frm); 3367 3368 if (w < 0) 3369 return QDF_STATUS_E_INVAL; 3370 3371 SET_MCAST_CIPHER(crypto_params, w); 3372 frm += 4, len -= 4; 3373 3374 return QDF_STATUS_SUCCESS; 3375 } 3376 3377 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3378 uint8_t *iebuf) 3379 { 3380 uint8_t *frm; 3381 uint8_t *selcnt; 3382 struct wlan_crypto_comp_priv *crypto_priv; 3383 struct wlan_crypto_params *crypto_params; 3384 3385 frm = iebuf; 3386 if (!frm) { 3387 crypto_err("ie buffer NULL"); 3388 return NULL; 3389 } 3390 3391 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3392 3393 if (!crypto_params) { 3394 crypto_err("crypto_params NULL"); 3395 return NULL; 3396 } 3397 3398 *frm++ = WLAN_ELEMID_WAPI; 3399 *frm++ = 0; 3400 3401 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3402 3403 /* authenticator selector list */ 3404 selcnt = frm; 3405 WLAN_CRYPTO_ADDSHORT(frm, 0); 3406 3407 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3408 selcnt[0]++; 3409 WLAN_CRYPTO_ADDSELECTOR(frm, 3410 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3411 } 3412 3413 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3414 selcnt[0]++; 3415 WLAN_CRYPTO_ADDSELECTOR(frm, 3416 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3417 } 3418 3419 /* unicast cipher list */ 3420 selcnt = frm; 3421 WLAN_CRYPTO_ADDSHORT(frm, 0); 3422 3423 if (UCIPHER_IS_SMS4(crypto_params)) { 3424 selcnt[0]++; 3425 WLAN_CRYPTO_ADDSELECTOR(frm, 3426 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3427 } 3428 3429 WLAN_CRYPTO_ADDSELECTOR(frm, 3430 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3431 3432 /* optional capabilities */ 3433 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3434 3435 /* bkid count */ 3436 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3437 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3438 WLAN_CRYPTO_ADDSHORT(frm, 0); 3439 3440 /* calculate element length */ 3441 iebuf[1] = frm - iebuf - 2; 3442 3443 return frm; 3444 3445 } 3446 3447 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3448 qdf_nbuf_t wbuf) 3449 { 3450 /* Need to check is there real requirement for this function 3451 * as PN check is already handled in decap function. 3452 */ 3453 return QDF_STATUS_SUCCESS; 3454 } 3455 3456 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3457 struct wlan_objmgr_vdev *vdev) 3458 { 3459 struct wlan_crypto_comp_priv *crypto_priv; 3460 3461 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3462 } 3463 3464 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3465 struct wlan_objmgr_peer *peer) 3466 { 3467 struct wlan_crypto_comp_priv *crypto_priv; 3468 3469 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3470 } 3471 3472 3473 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3474 struct wlan_objmgr_peer *peer) 3475 { 3476 struct wlan_crypto_comp_priv *crypto_priv; 3477 struct wlan_crypto_comp_priv *sta_crypto_priv; 3478 struct wlan_crypto_params *crypto_params; 3479 struct wlan_crypto_key *key; 3480 struct wlan_crypto_key *sta_key; 3481 struct wlan_crypto_keys *sta_priv = NULL; 3482 struct wlan_crypto_cipher *cipher_table; 3483 struct wlan_objmgr_psoc *psoc; 3484 struct wlan_lmac_if_tx_ops *tx_ops; 3485 uint8_t *mac_addr; 3486 int i; 3487 enum QDF_OPMODE opmode; 3488 QDF_STATUS status = QDF_STATUS_SUCCESS; 3489 3490 if (!vdev) 3491 return QDF_STATUS_E_NULL_VALUE; 3492 3493 if (!peer) { 3494 crypto_debug("peer NULL"); 3495 return QDF_STATUS_E_INVAL; 3496 } 3497 3498 opmode = wlan_vdev_mlme_get_opmode(vdev); 3499 psoc = wlan_vdev_get_psoc(vdev); 3500 3501 if (!psoc) { 3502 crypto_err("psoc NULL"); 3503 return QDF_STATUS_E_NULL_VALUE; 3504 } 3505 3506 wlan_peer_obj_lock(peer); 3507 mac_addr = wlan_peer_get_macaddr(peer); 3508 wlan_peer_obj_unlock(peer); 3509 3510 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3511 &crypto_priv); 3512 if (!crypto_priv) { 3513 crypto_err("crypto_priv NULL"); 3514 return QDF_STATUS_E_NULL_VALUE; 3515 } 3516 3517 /* push only valid static WEP keys from vap */ 3518 if (AUTH_IS_8021X(crypto_params)) 3519 return QDF_STATUS_E_INVAL; 3520 3521 if (opmode == QDF_STA_MODE) { 3522 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3523 if (!peer) { 3524 crypto_debug("peer NULL"); 3525 return QDF_STATUS_E_INVAL; 3526 } 3527 } 3528 3529 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3530 if (!sta_crypto_priv) { 3531 crypto_err("sta priv is null"); 3532 status = QDF_STATUS_E_INVAL; 3533 goto exit; 3534 } 3535 3536 sta_priv = &sta_crypto_priv->crypto_key; 3537 3538 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3539 if (crypto_priv->crypto_key.key[i]) { 3540 key = crypto_priv->crypto_key.key[i]; 3541 if (!key || !key->valid) 3542 continue; 3543 3544 cipher_table = (struct wlan_crypto_cipher *) 3545 key->cipher_table; 3546 3547 if (!cipher_table) 3548 continue; 3549 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3550 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3551 if (!tx_ops) { 3552 crypto_err("tx_ops is NULL"); 3553 return QDF_STATUS_E_INVAL; 3554 } 3555 3556 sta_key = qdf_mem_malloc( 3557 sizeof(struct wlan_crypto_key)); 3558 if (!sta_key) { 3559 status = QDF_STATUS_E_NOMEM; 3560 goto exit; 3561 } 3562 3563 sta_priv->key[i] = sta_key; 3564 qdf_mem_copy(sta_key, key, 3565 sizeof(struct wlan_crypto_key)); 3566 3567 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3568 3569 if (crypto_priv->crypto_key.def_tx_keyid == i) { 3570 sta_key->flags 3571 |= WLAN_CRYPTO_KEY_DEFAULT; 3572 sta_priv->def_tx_keyid = 3573 crypto_priv->crypto_key.def_tx_keyid; 3574 } 3575 /* setting the broadcast/multicast key for sta*/ 3576 if (opmode == QDF_STA_MODE || 3577 opmode == QDF_IBSS_MODE){ 3578 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3579 WLAN_CRYPTO_TX_OPS_SETKEY( 3580 tx_ops)(vdev, sta_key, 3581 mac_addr, 3582 cipher_table->cipher); 3583 } 3584 } 3585 3586 /* setting unicast key */ 3587 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3588 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3589 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3590 vdev, sta_key, 3591 mac_addr, 3592 cipher_table->cipher); 3593 } 3594 } 3595 } 3596 } 3597 3598 exit: 3599 if (opmode == QDF_STA_MODE) 3600 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3601 3602 return status; 3603 } 3604 3605 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3606 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops) 3607 { 3608 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3609 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3610 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3611 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3612 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3613 3614 return QDF_STATUS_SUCCESS; 3615 } 3616 3617 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3618 struct wlan_objmgr_psoc *psoc) 3619 { 3620 struct wlan_lmac_if_rx_ops *rx_ops; 3621 3622 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3623 3624 if (!rx_ops) { 3625 crypto_err("rx_ops is NULL"); 3626 return NULL; 3627 } 3628 3629 return &rx_ops->crypto_rx_ops; 3630 } 3631 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3632 3633 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3634 wlan_crypto_auth_mode authvalue) 3635 { 3636 int res; 3637 3638 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE); 3639 3640 if (res != -1) 3641 return (res & authvalue) ? true : false; 3642 return false; 3643 } 3644 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3645 3646 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3647 wlan_crypto_auth_mode authvalue) 3648 { 3649 int res; 3650 3651 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE); 3652 3653 if (res != -1) 3654 return (res & authvalue) ? true : false; 3655 3656 return false; 3657 } 3658 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3659 3660 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3661 wlan_crypto_cipher_type ucastcipher) 3662 { 3663 int res; 3664 3665 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3666 3667 if (res != -1) 3668 return (res & ucastcipher) ? true : false; 3669 3670 return false; 3671 } 3672 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3673 3674 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3675 wlan_crypto_cipher_type ucastcipher) 3676 { 3677 int res; 3678 3679 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3680 3681 if (res != -1) 3682 return (res & ucastcipher) ? true : false; 3683 3684 return false; 3685 } 3686 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3687 3688 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3689 wlan_crypto_cipher_type mcastcipher) 3690 { 3691 int res; 3692 3693 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3694 3695 if (res != -1) 3696 return (res & mcastcipher) ? true : false; 3697 3698 return false; 3699 } 3700 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3701 3702 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3703 wlan_crypto_cipher_type mcastcipher) 3704 { 3705 int res; 3706 3707 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3708 3709 if (res != -1) 3710 return (res & mcastcipher) ? true : false; 3711 3712 return false; 3713 } 3714 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3715 3716 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3717 uint32_t mgmtcipher) 3718 { 3719 int res; 3720 3721 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3722 3723 if (res != -1) 3724 return (res & mgmtcipher) ? true : false; 3725 3726 return false; 3727 } 3728 3729 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3730 3731 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3732 uint32_t mgmtcipher) 3733 { 3734 int res; 3735 3736 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3737 3738 if (res != -1) 3739 return (res & mgmtcipher) ? true : false; 3740 3741 return false; 3742 } 3743 3744 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3745 3746 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3747 { 3748 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3749 3750 if (!peer) { 3751 crypto_err("Invalid Input"); 3752 return 0; 3753 } 3754 3755 crypto_priv = wlan_get_peer_crypto_obj(peer); 3756 if (!crypto_priv) { 3757 crypto_err("crypto_priv NULL"); 3758 return 0; 3759 } 3760 3761 return crypto_priv->fils_aead_set; 3762 } 3763 3764 void 3765 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3766 { 3767 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3768 3769 if (!peer) { 3770 crypto_err("Invalid Input"); 3771 return; 3772 } 3773 3774 crypto_priv = wlan_get_peer_crypto_obj(peer); 3775 if (!crypto_priv) { 3776 crypto_err("crypto_priv NULL"); 3777 return; 3778 } 3779 3780 crypto_priv->fils_aead_set = value; 3781 } 3782 3783 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3784 { 3785 struct wlan_crypto_cipher *cipher_table; 3786 3787 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3788 if (cipher_table) 3789 return cipher_table->header; 3790 else 3791 return 0; 3792 } 3793 3794 qdf_export_symbol(wlan_crypto_get_key_header); 3795 3796 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3797 { 3798 struct wlan_crypto_cipher *cipher_table; 3799 3800 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3801 if (cipher_table) 3802 return cipher_table->trailer; 3803 else 3804 return 0; 3805 } 3806 3807 qdf_export_symbol(wlan_crypto_get_key_trailer); 3808 3809 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3810 { 3811 struct wlan_crypto_cipher *cipher_table; 3812 3813 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3814 if (cipher_table) 3815 return cipher_table->miclen; 3816 else 3817 return 0; 3818 } 3819 3820 qdf_export_symbol(wlan_crypto_get_key_miclen); 3821 3822 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3823 { 3824 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3825 uint8_t *iv; 3826 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3827 uint8_t type = WLAN_FC0_GET_TYPE(hdr->i_fc[0]); 3828 3829 /* 3830 * In FILS SK (Re)Association request/response frame has 3831 * to be decrypted 3832 */ 3833 if ((type == WLAN_FC0_TYPE_MGMT) && 3834 ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3835 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3836 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3837 (stype == WLAN_FC0_STYPE_REASSOC_RESP))) { 3838 return 0; 3839 } 3840 3841 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3842 iv = data + hdrlen; 3843 /* 3844 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3845 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3846 */ 3847 return ((iv[3] >> 6) & 0x3); 3848 } else { 3849 return WLAN_CRYPTO_KEYIX_NONE; 3850 } 3851 } 3852 3853 qdf_export_symbol(wlan_crypto_get_keyid); 3854 3855 /** 3856 * crypto_plumb_peer_keys() - called during radio reset 3857 * @vdev: vdev 3858 * @object: peer 3859 * @arg: psoc 3860 * 3861 * Restore unicast and persta hardware keys 3862 * 3863 * Return: void 3864 */ 3865 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3866 void *object, void *arg) 3867 { 3868 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3869 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3870 struct wlan_crypto_comp_priv *crypto_priv; 3871 struct wlan_crypto_params *crypto_params; 3872 struct wlan_crypto_key *key = NULL; 3873 struct wlan_lmac_if_tx_ops *tx_ops; 3874 int i; 3875 3876 if ((!peer) || (!vdev) || (!psoc)) { 3877 crypto_err("Peer or vdev or psoc objects are null!"); 3878 return; 3879 } 3880 3881 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3882 &crypto_priv); 3883 3884 if (!crypto_priv) { 3885 crypto_err("crypto_priv NULL"); 3886 return; 3887 } 3888 3889 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3890 key = crypto_priv->crypto_key.key[i]; 3891 if (key && key->valid) { 3892 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3893 3894 if (!tx_ops) { 3895 crypto_err("tx_ops is NULL"); 3896 return; 3897 } 3898 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3899 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3900 ( 3901 vdev, 3902 key, 3903 wlan_peer_get_macaddr(peer), 3904 wlan_crypto_get_key_type(key) 3905 ); 3906 } 3907 } 3908 } 3909 } 3910 3911 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3912 { 3913 int i; 3914 struct wlan_crypto_comp_priv *crypto_priv; 3915 struct wlan_crypto_params *crypto_params; 3916 struct wlan_crypto_key *key; 3917 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3918 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3919 struct wlan_objmgr_pdev *pdev = NULL; 3920 struct wlan_objmgr_psoc *psoc = NULL; 3921 struct wlan_lmac_if_tx_ops *tx_ops; 3922 3923 pdev = wlan_vdev_get_pdev(vdev); 3924 psoc = wlan_vdev_get_psoc(vdev); 3925 if (!pdev) { 3926 crypto_err("pdev is NULL"); 3927 return; 3928 } 3929 if (!psoc) { 3930 crypto_err("psoc is NULL"); 3931 return; 3932 } 3933 3934 /* TBD: QWRAP key restore*/ 3935 /* crypto is on */ 3936 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3937 /* restore static shared keys */ 3938 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3939 crypto_params = wlan_crypto_vdev_get_comp_params 3940 ( 3941 vdev, 3942 &crypto_priv 3943 ); 3944 if (!crypto_priv) { 3945 crypto_err("crypto_priv is NULL"); 3946 return; 3947 } 3948 key = crypto_priv->crypto_key.key[i]; 3949 if (key && key->valid) { 3950 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3951 if (!tx_ops) { 3952 crypto_err("tx_ops is NULL"); 3953 return; 3954 } 3955 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3956 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3957 ( 3958 vdev, 3959 key, 3960 macaddr, 3961 wlan_crypto_get_key_type(key) 3962 ); 3963 } 3964 } 3965 } 3966 3967 wlan_objmgr_iterate_peerobj_list(vdev, 3968 crypto_plumb_peer_keys, 3969 psoc, 3970 WLAN_CRYPTO_ID); 3971 } 3972 } 3973 3974 QDF_STATUS 3975 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 3976 const uint8_t *ie_ptr, uint16_t ie_len) 3977 { 3978 const uint8_t *rsn_ie = NULL; 3979 QDF_STATUS status; 3980 3981 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3982 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 3983 if (!rsn_ie) { 3984 crypto_debug("RSN IE not present"); 3985 return QDF_STATUS_E_INVAL; 3986 } 3987 3988 status = wlan_crypto_rsnie_check(crypto_params, rsn_ie); 3989 if (QDF_STATUS_SUCCESS != status) { 3990 crypto_err("RSN IE check failed"); 3991 return status; 3992 } 3993 3994 return QDF_STATUS_SUCCESS; 3995 } 3996 3997 QDF_STATUS 3998 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 3999 const uint8_t *ie_ptr, uint16_t ie_len) 4000 { 4001 const uint8_t *wpa_ie = NULL; 4002 uint32_t wpa_oui; 4003 QDF_STATUS status; 4004 4005 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4006 4007 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 4008 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 4009 WLAN_OUI_SIZE, ie_ptr, ie_len); 4010 if (!wpa_ie) { 4011 crypto_debug("WPA IE not present"); 4012 return QDF_STATUS_E_INVAL; 4013 } 4014 4015 status = wlan_crypto_wpaie_check(crypto_params, wpa_ie); 4016 if (QDF_STATUS_SUCCESS != status) { 4017 crypto_err("WPA IE check failed"); 4018 return status; 4019 } 4020 4021 return QDF_STATUS_SUCCESS; 4022 } 4023 4024 #ifdef FEATURE_WLAN_WAPI 4025 QDF_STATUS 4026 wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params *crypto_params, 4027 const uint8_t *ie_ptr, uint16_t ie_len) 4028 { 4029 const uint8_t *wapi_ie; 4030 QDF_STATUS status; 4031 4032 qdf_mem_zero(crypto_params, sizeof(*crypto_params)); 4033 wapi_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_WAPI, ie_ptr, ie_len); 4034 if (!wapi_ie) { 4035 crypto_debug("WAPI ie not present"); 4036 return QDF_STATUS_E_INVAL; 4037 } 4038 4039 status = wlan_crypto_wapiie_check(crypto_params, wapi_ie); 4040 if (QDF_IS_STATUS_ERROR(status)) { 4041 crypto_err("WAPI IE check failed"); 4042 return status; 4043 } 4044 4045 return QDF_STATUS_SUCCESS; 4046 } 4047 #endif 4048 4049 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 4050 uint8_t vdev_id, uint8_t *ie_ptr, 4051 uint16_t ie_len, struct wlan_crypto_params * 4052 peer_crypto_params) 4053 { 4054 struct wlan_objmgr_vdev *vdev; 4055 bool match = true; 4056 QDF_STATUS status; 4057 4058 if (!psoc) { 4059 crypto_err("PSOC is NULL"); 4060 return false; 4061 } 4062 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 4063 ie_ptr, ie_len); 4064 if (QDF_STATUS_SUCCESS != status) { 4065 crypto_err("get crypto prarams from RSN IE failed"); 4066 return false; 4067 } 4068 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4069 WLAN_CRYPTO_ID); 4070 if (!vdev) { 4071 crypto_err("vdev is NULL"); 4072 return false; 4073 } 4074 4075 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4076 4077 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4078 4079 return match; 4080 } 4081 4082 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 4083 uint8_t vdev_id, uint8_t *ie_ptr, 4084 uint16_t ie_len, struct wlan_crypto_params * 4085 peer_crypto_params) 4086 { 4087 struct wlan_objmgr_vdev *vdev; 4088 bool match = true; 4089 QDF_STATUS status; 4090 4091 if (!psoc) { 4092 crypto_err("PSOC is NULL"); 4093 return false; 4094 } 4095 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4096 WLAN_CRYPTO_ID); 4097 if (!vdev) { 4098 crypto_err("vdev is NULL"); 4099 return false; 4100 } 4101 4102 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 4103 ie_ptr, ie_len); 4104 if (QDF_STATUS_SUCCESS != status) { 4105 crypto_err("get crypto prarams from WPA IE failed"); 4106 match = false; 4107 goto send_res; 4108 } 4109 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4110 4111 send_res: 4112 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4113 4114 return match; 4115 } 4116 4117 4118 static void 4119 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4120 struct wlan_crypto_params *src_params) 4121 { 4122 dst_params->authmodeset |= src_params->authmodeset; 4123 dst_params->ucastcipherset |= src_params->ucastcipherset; 4124 dst_params->mcastcipherset |= src_params->mcastcipherset; 4125 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4126 dst_params->cipher_caps |= src_params->cipher_caps; 4127 dst_params->key_mgmt |= src_params->key_mgmt; 4128 dst_params->rsn_caps |= src_params->rsn_caps; 4129 } 4130 4131 static void 4132 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4133 { 4134 params->authmodeset = 0; 4135 params->ucastcipherset = 0; 4136 params->mcastcipherset = 0; 4137 params->mgmtcipherset = 0; 4138 params->key_mgmt = 0; 4139 params->rsn_caps = 0; 4140 } 4141 4142 const uint8_t * 4143 wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len) 4144 { 4145 uint8_t len; 4146 const uint8_t *ie; 4147 4148 if (!rsnxe_ie) 4149 return NULL; 4150 4151 ie = rsnxe_ie; 4152 len = ie[1]; 4153 ie += 2; 4154 4155 if (!len) 4156 return NULL; 4157 4158 *cap_len = ie[0] & 0xf; 4159 4160 return ie; 4161 } 4162 4163 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4164 uint8_t *ie_ptr, 4165 uint16_t ie_len) 4166 { 4167 struct wlan_crypto_params crypto_params; 4168 QDF_STATUS status; 4169 struct wlan_crypto_params *vdev_crypto_params; 4170 struct wlan_crypto_comp_priv *crypto_priv; 4171 bool send_fail = false; 4172 4173 if (!vdev) { 4174 crypto_err("VDEV is NULL"); 4175 return QDF_STATUS_E_FAILURE; 4176 } 4177 4178 if (!ie_ptr) { 4179 crypto_err("IE ptr is NULL"); 4180 return QDF_STATUS_E_FAILURE; 4181 } 4182 4183 crypto_priv = (struct wlan_crypto_comp_priv *) 4184 wlan_get_vdev_crypto_obj(vdev); 4185 4186 if (!crypto_priv) { 4187 crypto_err("crypto_priv NULL"); 4188 return QDF_STATUS_E_FAILURE; 4189 } 4190 4191 vdev_crypto_params = &crypto_priv->crypto_params; 4192 4193 wlan_crypto_reset_prarams(vdev_crypto_params); 4194 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4195 ie_ptr, ie_len); 4196 if (QDF_IS_STATUS_SUCCESS(status)) 4197 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4198 else 4199 send_fail = true; 4200 4201 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4202 ie_ptr, ie_len); 4203 if (QDF_IS_STATUS_SUCCESS(status)) { 4204 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4205 send_fail = false; 4206 } 4207 4208 status = wlan_get_crypto_params_from_wapi_ie(&crypto_params, 4209 ie_ptr, ie_len); 4210 if (QDF_IS_STATUS_SUCCESS(status)) { 4211 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4212 send_fail = false; 4213 } 4214 4215 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4216 } 4217 4218 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4219 { 4220 struct wlan_crypto_comp_priv *crypto_priv; 4221 4222 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4223 if (!crypto_priv) { 4224 crypto_err("crypto_priv NULL"); 4225 return QDF_STATUS_E_FAILURE; 4226 } 4227 4228 if (igtk) 4229 return crypto_priv->crypto_key.def_igtk_tx_keyid; 4230 else 4231 return crypto_priv->crypto_key.def_tx_keyid; 4232 } 4233 4234 enum wlan_crypto_cipher_type 4235 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4236 bool pairwise, uint8_t key_index) 4237 { 4238 struct wlan_crypto_key *crypto_key; 4239 4240 crypto_key = wlan_crypto_get_key(vdev, key_index); 4241 4242 if (crypto_key) 4243 return crypto_key->cipher_type; 4244 else 4245 return WLAN_CRYPTO_CIPHER_INVALID; 4246 } 4247 4248 wlan_crypto_key_mgmt wlan_crypto_get_secure_akm_available(uint32_t akm) 4249 { 4250 if (!akm) 4251 return WLAN_CRYPTO_KEY_MGMT_MAX; 4252 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) 4253 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 4254 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) 4255 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 4256 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) 4257 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 4258 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) 4259 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 4260 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) 4261 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 4262 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) 4263 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 4264 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) 4265 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 4266 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY)) 4267 return WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY; 4268 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY)) 4269 return WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY; 4270 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) 4271 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 4272 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE)) 4273 return WLAN_CRYPTO_KEY_MGMT_SAE; 4274 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OWE)) 4275 return WLAN_CRYPTO_KEY_MGMT_OWE; 4276 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_DPP)) 4277 return WLAN_CRYPTO_KEY_MGMT_DPP; 4278 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) 4279 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 4280 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) 4281 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 4282 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) 4283 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 4284 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384)) 4285 return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384; 4286 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA384)) 4287 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384; 4288 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) 4289 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 4290 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) 4291 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 4292 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK)) 4293 return WLAN_CRYPTO_KEY_MGMT_PSK; 4294 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) 4295 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 4296 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) 4297 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 4298 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_CCKM)) 4299 return WLAN_CRYPTO_KEY_MGMT_CCKM; 4300 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OSEN)) 4301 return WLAN_CRYPTO_KEY_MGMT_OSEN; 4302 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WPS)) 4303 return WLAN_CRYPTO_KEY_MGMT_WPS; 4304 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_NO_WPA)) 4305 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_NO_WPA; 4306 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WPA_NONE)) 4307 return WLAN_CRYPTO_KEY_MGMT_WPA_NONE; 4308 else /* Return MAX if no AKM matches */ 4309 return WLAN_CRYPTO_KEY_MGMT_MAX; 4310 } 4311 4312 #ifdef CRYPTO_SET_KEY_CONVERGED 4313 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4314 uint8_t key_index, uint8_t key_len, 4315 uint8_t seq_len) 4316 { 4317 if (!is_valid_keyix(key_index)) { 4318 crypto_err("Invalid Key index %d", key_index); 4319 return QDF_STATUS_E_INVAL; 4320 } 4321 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4322 crypto_err("Invalid Cipher %d", cipher); 4323 return QDF_STATUS_E_INVAL; 4324 } 4325 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4326 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4327 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4328 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4329 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4330 crypto_err("Invalid key index %d for cipher %d", 4331 key_index, cipher); 4332 return QDF_STATUS_E_INVAL; 4333 } 4334 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4335 crypto_err("Invalid key length %d", key_len); 4336 return QDF_STATUS_E_INVAL; 4337 } 4338 4339 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4340 crypto_err("Invalid seq length %d", seq_len); 4341 return QDF_STATUS_E_INVAL; 4342 } 4343 4344 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4345 key_index, key_len, seq_len); 4346 4347 return QDF_STATUS_SUCCESS; 4348 } 4349 4350 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE 4351 static bool is_mlo_adv_enable(void) 4352 { 4353 return true; 4354 } 4355 #else 4356 static bool is_mlo_adv_enable(void) 4357 { 4358 return false; 4359 } 4360 4361 #endif 4362 4363 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE 4364 QDF_STATUS wlan_crypto_save_ml_sta_key( 4365 struct wlan_objmgr_psoc *psoc, 4366 uint8_t key_index, 4367 struct wlan_crypto_key *crypto_key, 4368 struct qdf_mac_addr *link_addr, uint8_t link_id) 4369 { 4370 struct crypto_psoc_priv_obj *crypto_psoc_obj; 4371 int status = QDF_STATUS_SUCCESS; 4372 4373 crypto_debug("save crypto key index %d link_id %d link addr " 4374 QDF_MAC_ADDR_FMT, key_index, link_id, 4375 QDF_MAC_ADDR_REF(link_addr->bytes)); 4376 if (!is_valid_keyix(key_index)) { 4377 crypto_err("Invalid Key index %d", key_index); 4378 return QDF_STATUS_E_FAILURE; 4379 } 4380 4381 crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj( 4382 psoc, 4383 WLAN_UMAC_COMP_CRYPTO); 4384 if (!crypto_psoc_obj) { 4385 crypto_err("crypto_psoc_obj NULL"); 4386 return QDF_STATUS_E_FAILURE; 4387 } 4388 4389 crypto_key->valid = true; 4390 4391 status = crypto_add_entry(crypto_psoc_obj, 4392 link_id, (uint8_t *)link_addr, 4393 crypto_key, key_index); 4394 if (QDF_IS_STATUS_ERROR(status)) { 4395 crypto_err("failed to add crypto entry %d", status); 4396 return status; 4397 } 4398 crypto_key->valid = true; 4399 return QDF_STATUS_SUCCESS; 4400 } 4401 #else 4402 QDF_STATUS wlan_crypto_save_ml_sta_key( 4403 struct wlan_objmgr_psoc *psoc, 4404 uint8_t key_index, 4405 struct wlan_crypto_key *crypto_key, 4406 struct qdf_mac_addr *link_addr, uint8_t link_id) 4407 { 4408 return QDF_STATUS_SUCCESS; 4409 } 4410 #endif 4411 4412 /** 4413 * wlan_crypto_save_key_at_psoc() - Allocate memory for storing key in PSOC 4414 * @vdev: vdev object 4415 * @key_index: the index of the key that needs to be allocated 4416 * @crypto_key: Pointer to crypto key 4417 * 4418 * Return: QDF_STATUS 4419 */ 4420 static QDF_STATUS 4421 wlan_crypto_save_key_at_psoc(struct wlan_objmgr_vdev *vdev, uint8_t key_index, 4422 struct wlan_crypto_key *crypto_key) 4423 { 4424 struct wlan_objmgr_psoc *psoc; 4425 struct crypto_psoc_priv_obj *crypto_psoc_obj; 4426 struct qdf_mac_addr *link_addr; 4427 uint8_t link_id = CRYPTO_MAX_LINK_IDX; 4428 int status = QDF_STATUS_SUCCESS; 4429 4430 psoc = wlan_vdev_get_psoc(vdev); 4431 crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj( 4432 psoc, 4433 WLAN_UMAC_COMP_CRYPTO); 4434 if (!crypto_psoc_obj) { 4435 crypto_err("crypto_psoc_obj NULL"); 4436 return QDF_STATUS_E_FAILURE; 4437 } 4438 4439 if (wlan_vdev_mlme_is_mlo_vdev(vdev)) 4440 link_id = wlan_vdev_get_link_id(vdev); 4441 4442 link_addr = (struct qdf_mac_addr *)wlan_vdev_mlme_get_linkaddr(vdev); 4443 if (!link_addr) { 4444 crypto_err("link_addr NULL"); 4445 return QDF_STATUS_E_FAILURE; 4446 } 4447 4448 crypto_debug("save crypto key index %d link_id %d link addr " 4449 QDF_MAC_ADDR_FMT, key_index, link_id, 4450 QDF_MAC_ADDR_REF(link_addr->bytes)); 4451 status = crypto_add_entry(crypto_psoc_obj, 4452 link_id, (uint8_t *)link_addr, 4453 crypto_key, key_index); 4454 if (QDF_IS_STATUS_ERROR(status)) { 4455 crypto_err("failed to add crypto entry %d", status); 4456 return status; 4457 } 4458 4459 crypto_key->valid = true; 4460 return QDF_STATUS_SUCCESS; 4461 } 4462 4463 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4464 uint8_t key_index, 4465 struct wlan_crypto_key *crypto_key) 4466 { 4467 struct wlan_crypto_comp_priv *crypto_priv; 4468 struct wlan_crypto_keys *priv_key = NULL; 4469 4470 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4471 if (!crypto_priv) { 4472 crypto_err("crypto_priv NULL"); 4473 return QDF_STATUS_E_FAILURE; 4474 } 4475 4476 if (!is_valid_keyix(key_index)) { 4477 crypto_err("Invalid Key index %d", key_index); 4478 return QDF_STATUS_E_FAILURE; 4479 } 4480 if ((wlan_vdev_mlme_get_opmode(vdev) == QDF_STA_MODE || 4481 wlan_vdev_mlme_get_opmode(vdev) == QDF_SAP_MODE) && 4482 wlan_vdev_mlme_is_mlo_vdev(vdev) && 4483 is_mlo_adv_enable()) { 4484 wlan_crypto_save_key_at_psoc(vdev, key_index, crypto_key); 4485 } else { 4486 priv_key = &crypto_priv->crypto_key; 4487 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4488 priv_key->key[key_index] = crypto_key; 4489 } else if (is_igtk(key_index)) { 4490 priv_key->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4491 crypto_key; 4492 priv_key->def_igtk_tx_keyid = 4493 key_index - WLAN_CRYPTO_MAXKEYIDX; 4494 priv_key->igtk_key_type = crypto_key->cipher_type; 4495 } else { 4496 priv_key->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4497 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4498 priv_key->def_bigtk_tx_keyid = 4499 key_index - WLAN_CRYPTO_MAXKEYIDX 4500 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4501 } 4502 crypto_key->valid = true; 4503 } 4504 return QDF_STATUS_SUCCESS; 4505 } 4506 4507 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE 4508 struct wlan_crypto_key *wlan_crypto_get_ml_sta_link_key( 4509 struct wlan_objmgr_psoc *psoc, 4510 uint8_t key_index, 4511 struct qdf_mac_addr *link_addr, uint8_t link_id) 4512 { 4513 struct crypto_psoc_priv_obj *crypto_psoc_obj; 4514 struct wlan_crypto_key_entry *key_entry = NULL; 4515 4516 crypto_debug("crypto get key index %d link_id %d ", key_index, link_id); 4517 4518 if (!psoc) { 4519 crypto_err("psoc NULL"); 4520 return NULL; 4521 } 4522 4523 if (!link_addr) { 4524 crypto_err("link_addr NULL"); 4525 return NULL; 4526 } 4527 4528 crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj( 4529 psoc, 4530 WLAN_UMAC_COMP_CRYPTO); 4531 if (!crypto_psoc_obj) { 4532 crypto_err("crypto_psoc_obj NULL"); 4533 return NULL; 4534 } 4535 4536 key_entry = crypto_hash_find_by_linkid_and_macaddr( 4537 crypto_psoc_obj, 4538 link_id, 4539 (uint8_t *)link_addr); 4540 if (key_entry) { 4541 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4542 return key_entry->keys.key[key_index]; 4543 else if (is_igtk(key_index)) 4544 return key_entry->keys.igtk_key[key_index 4545 - WLAN_CRYPTO_MAXKEYIDX]; 4546 else 4547 return key_entry->keys.bigtk_key[key_index 4548 - WLAN_CRYPTO_MAXKEYIDX 4549 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4550 } 4551 return NULL; 4552 } 4553 #else 4554 struct wlan_crypto_key *wlan_crypto_get_ml_sta_link_key( 4555 struct wlan_objmgr_psoc *psoc, 4556 uint8_t key_index, 4557 struct qdf_mac_addr *link_addr, uint8_t link_id) 4558 { 4559 return NULL; 4560 } 4561 #endif 4562 4563 /** 4564 * wlan_crypto_get_ml_keys_from_index() - Get the stored key information from 4565 * key index 4566 * @vdev: vdev object 4567 * @key_index: the index of the key that needs to be retrieved 4568 * 4569 * Return: Key material 4570 */ 4571 static struct wlan_crypto_key * 4572 wlan_crypto_get_ml_keys_from_index(struct wlan_objmgr_vdev *vdev, 4573 uint8_t key_index) 4574 { 4575 struct wlan_objmgr_psoc *psoc; 4576 struct crypto_psoc_priv_obj *crypto_psoc_obj; 4577 struct qdf_mac_addr *link_addr; 4578 struct wlan_crypto_key_entry *key_entry = NULL; 4579 uint8_t link_id = CRYPTO_MAX_LINK_IDX; 4580 4581 crypto_debug("crypto get key index %d", key_index); 4582 psoc = wlan_vdev_get_psoc(vdev); 4583 if (!psoc) { 4584 crypto_err("psoc NULL"); 4585 return NULL; 4586 } 4587 4588 crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj( 4589 psoc, 4590 WLAN_UMAC_COMP_CRYPTO); 4591 if (!crypto_psoc_obj) { 4592 crypto_err("crypto_psoc_obj NULL"); 4593 return NULL; 4594 } 4595 4596 if (wlan_vdev_mlme_is_mlo_vdev(vdev)) 4597 link_id = wlan_vdev_get_link_id(vdev); 4598 4599 link_addr = 4600 (struct qdf_mac_addr *)wlan_vdev_mlme_get_linkaddr(vdev); 4601 if (!link_addr) { 4602 crypto_err("link_addr NULL"); 4603 return NULL; 4604 } 4605 4606 key_entry = crypto_hash_find_by_linkid_and_macaddr( 4607 crypto_psoc_obj, 4608 link_id, 4609 (uint8_t *)link_addr); 4610 if (key_entry) { 4611 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4612 return key_entry->keys.key[key_index]; 4613 else if (is_igtk(key_index)) 4614 return key_entry->keys.igtk_key[key_index 4615 - WLAN_CRYPTO_MAXKEYIDX]; 4616 else 4617 return key_entry->keys.bigtk_key[key_index 4618 - WLAN_CRYPTO_MAXKEYIDX 4619 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4620 } 4621 4622 return NULL; 4623 } 4624 4625 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4626 uint8_t key_index) 4627 { 4628 struct wlan_crypto_comp_priv *crypto_priv; 4629 struct wlan_crypto_keys *priv_key = NULL; 4630 4631 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4632 if (!crypto_priv) { 4633 crypto_err("crypto_priv NULL"); 4634 return NULL; 4635 } 4636 priv_key = &crypto_priv->crypto_key; 4637 4638 if (!is_valid_keyix(key_index)) { 4639 crypto_err("Invalid Key index %d", key_index); 4640 return NULL; 4641 } 4642 4643 if ((wlan_vdev_mlme_get_opmode(vdev) == QDF_STA_MODE || 4644 wlan_vdev_mlme_get_opmode(vdev) == QDF_SAP_MODE) && 4645 wlan_vdev_mlme_is_mlo_vdev(vdev) && 4646 is_mlo_adv_enable()) { 4647 return wlan_crypto_get_ml_keys_from_index(vdev, key_index); 4648 } else { 4649 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4650 return priv_key->key[key_index]; 4651 else if (is_igtk(key_index)) 4652 return priv_key->igtk_key[key_index 4653 - WLAN_CRYPTO_MAXKEYIDX]; 4654 else 4655 return priv_key->bigtk_key[key_index 4656 - WLAN_CRYPTO_MAXKEYIDX 4657 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4658 } 4659 return NULL; 4660 } 4661 4662 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4663 struct wlan_crypto_key *req, 4664 enum wlan_crypto_key_type key_type) 4665 { 4666 struct wlan_objmgr_psoc *psoc; 4667 struct wlan_lmac_if_tx_ops *tx_ops; 4668 QDF_STATUS status = QDF_STATUS_E_FAILURE; 4669 4670 psoc = wlan_vdev_get_psoc(vdev); 4671 4672 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4673 if (!tx_ops) { 4674 crypto_err("tx_ops is NULL"); 4675 return QDF_STATUS_E_FAILURE; 4676 } 4677 4678 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4679 status = WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, 4680 key_type); 4681 4682 return status; 4683 } 4684 4685 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4686 bool pairwise, uint8_t key_index, 4687 struct qdf_mac_addr *peer_mac) 4688 { 4689 struct wlan_crypto_key *crypto_key; 4690 4691 crypto_key = wlan_crypto_get_key(vdev, key_index); 4692 if (!crypto_key) { 4693 crypto_err("crypto_key not present for key_idx %d", key_index); 4694 return; 4695 } 4696 4697 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4698 } 4699 4700 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4701 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4702 struct wlan_objmgr_vdev *vdev, 4703 struct qdf_mac_addr *conn_bssid) 4704 { 4705 struct wlan_crypto_params *crypto_params; 4706 struct wlan_crypto_comp_priv *crypto_priv; 4707 int i; 4708 4709 crypto_priv = (struct wlan_crypto_comp_priv *) 4710 wlan_get_vdev_crypto_obj(vdev); 4711 4712 if (!crypto_priv) { 4713 crypto_err("crypto_priv NULL"); 4714 return; 4715 } 4716 4717 crypto_params = &crypto_priv->crypto_params; 4718 4719 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4720 if (!crypto_params->pmksa[i]) 4721 continue; 4722 4723 if (crypto_params->pmksa[i]->single_pmk_supported && 4724 !qdf_is_macaddr_equal(conn_bssid, 4725 &crypto_params->pmksa[i]->bssid)) { 4726 qdf_mem_zero(crypto_params->pmksa[i], 4727 sizeof(struct wlan_crypto_pmksa)); 4728 qdf_mem_free(crypto_params->pmksa[i]); 4729 crypto_params->pmksa[i] = NULL; 4730 } 4731 } 4732 } 4733 4734 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4735 struct qdf_mac_addr *bssid, 4736 bool single_pmk_capable_bss) 4737 { 4738 struct wlan_crypto_params *crypto_params; 4739 struct wlan_crypto_comp_priv *crypto_priv; 4740 int i; 4741 4742 crypto_priv = (struct wlan_crypto_comp_priv *) 4743 wlan_get_vdev_crypto_obj(vdev); 4744 4745 if (!crypto_priv) { 4746 crypto_err("crypto_priv NULL"); 4747 return; 4748 } 4749 4750 crypto_params = &crypto_priv->crypto_params; 4751 4752 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4753 if (!crypto_params->pmksa[i]) 4754 continue; 4755 4756 if (qdf_is_macaddr_equal(bssid, 4757 &crypto_params->pmksa[i]->bssid)) 4758 crypto_params->pmksa[i]->single_pmk_supported = 4759 single_pmk_capable_bss; 4760 } 4761 } 4762 4763 void 4764 wlan_crypto_set_sae_single_pmk_info(struct wlan_objmgr_vdev *vdev, 4765 struct wlan_crypto_pmksa *roam_sync_pmksa) 4766 { 4767 struct wlan_crypto_params *crypto_params; 4768 struct wlan_crypto_comp_priv *crypto_priv; 4769 int i; 4770 4771 crypto_priv = (struct wlan_crypto_comp_priv *) 4772 wlan_get_vdev_crypto_obj(vdev); 4773 4774 if (!crypto_priv) { 4775 crypto_err("crypto_priv NULL"); 4776 return; 4777 } 4778 4779 crypto_params = &crypto_priv->crypto_params; 4780 4781 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4782 if (!crypto_params->pmksa[i]) 4783 continue; 4784 if (qdf_is_macaddr_equal(&roam_sync_pmksa->bssid, 4785 &crypto_params->pmksa[i]->bssid) && 4786 roam_sync_pmksa->single_pmk_supported && 4787 roam_sync_pmksa->pmk_len) { 4788 crypto_params->pmksa[i]->single_pmk_supported = 4789 roam_sync_pmksa->single_pmk_supported; 4790 crypto_params->pmksa[i]->pmk_len = 4791 roam_sync_pmksa->pmk_len; 4792 qdf_mem_copy(crypto_params->pmksa[i]->pmk, 4793 roam_sync_pmksa->pmk, 4794 roam_sync_pmksa->pmk_len); 4795 } 4796 } 4797 } 4798 4799 #endif 4800 4801 void wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev *vdev) 4802 { 4803 struct wlan_crypto_comp_priv *crypto_priv; 4804 4805 crypto_debug("reset params for vdev %d", wlan_vdev_get_id(vdev)); 4806 crypto_priv = (struct wlan_crypto_comp_priv *) 4807 wlan_get_vdev_crypto_obj(vdev); 4808 4809 if (!crypto_priv) { 4810 crypto_err("crypto_priv NULL"); 4811 return; 4812 } 4813 4814 wlan_crypto_reset_prarams(&crypto_priv->crypto_params); 4815 } 4816 4817 QDF_STATUS wlan_crypto_psoc_enable(struct wlan_objmgr_psoc *psoc) 4818 { 4819 struct wlan_lmac_if_tx_ops *tx_ops; 4820 4821 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4822 if (!tx_ops) { 4823 crypto_err("tx_ops is NULL"); 4824 return QDF_STATUS_E_FAILURE; 4825 } 4826 4827 if (WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)) 4828 return WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)(psoc); 4829 4830 return QDF_STATUS_E_FAILURE; 4831 } 4832 4833 QDF_STATUS wlan_crypto_psoc_disable(struct wlan_objmgr_psoc *psoc) 4834 { 4835 struct wlan_lmac_if_tx_ops *tx_ops; 4836 4837 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4838 if (!tx_ops) { 4839 crypto_err("tx_ops is NULL"); 4840 return QDF_STATUS_E_FAILURE; 4841 } 4842 4843 if (WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)) 4844 return WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)(psoc); 4845 4846 return QDF_STATUS_E_FAILURE; 4847 } 4848 #endif 4849 4850 #ifdef WLAN_FEATURE_FILS_SK 4851 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len, 4852 uint8_t *rik, uint32_t *rik_len) 4853 { 4854 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN]; 4855 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL; 4856 QDF_STATUS status; 4857 4858 if (!rrk || !rik) { 4859 crypto_err("FILS rrk/rik NULL"); 4860 return QDF_STATUS_E_FAILURE; 4861 } 4862 4863 optional_data[0] = HMAC_SHA256_128; 4864 /* basic validation */ 4865 if (rrk_len <= 0) { 4866 crypto_err("invalid r_rk length %d", rrk_len); 4867 return QDF_STATUS_E_FAILURE; 4868 } 4869 4870 wlan_crypto_put_be16(&optional_data[1], rrk_len); 4871 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data, 4872 sizeof(optional_data), rik, 4873 rrk_len); 4874 if (QDF_IS_STATUS_ERROR(status)) { 4875 crypto_err("failed to create rik"); 4876 return status; 4877 } 4878 *rik_len = rrk_len; 4879 4880 return QDF_STATUS_SUCCESS; 4881 } 4882 #endif /* WLAN_FEATURE_FILS_SK */ 4883 4884 #if defined(WIFI_POS_CONVERGED) && defined(WLAN_FEATURE_RTT_11AZ_SUPPORT) 4885 QDF_STATUS 4886 wlan_crypto_set_ltf_keyseed(struct wlan_objmgr_psoc *psoc, 4887 struct wlan_crypto_ltf_keyseed_data *data) 4888 { 4889 QDF_STATUS status = QDF_STATUS_SUCCESS; 4890 struct wlan_lmac_if_tx_ops *tx_ops; 4891 4892 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4893 if (!tx_ops) { 4894 crypto_err("tx_ops is NULL"); 4895 return QDF_STATUS_E_INVAL; 4896 } 4897 4898 if (WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)) 4899 status = WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)(psoc, data); 4900 4901 return status; 4902 } 4903 #endif 4904 4905 QDF_STATUS 4906 wlan_crypto_vdev_set_param(struct wlan_objmgr_psoc *psoc, uint32_t vdev_id, 4907 uint32_t param_id, uint32_t param_value) 4908 { 4909 QDF_STATUS status = QDF_STATUS_SUCCESS; 4910 struct wlan_lmac_if_tx_ops *tx_ops; 4911 4912 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4913 if (!tx_ops) { 4914 crypto_err("tx_ops is NULL"); 4915 return QDF_STATUS_E_INVAL; 4916 } 4917 4918 if (WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops)) 4919 status = WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops) (psoc, 4920 vdev_id, 4921 param_id, 4922 param_value); 4923 4924 return status; 4925 } 4926