1 /*
2  * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
3  * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
4  *
5  * Permission to use, copy, modify, and/or distribute this software for
6  * any purpose with or without fee is hereby granted, provided that the
7  * above copyright notice and this permission notice appear in all
8  * copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
11  * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
12  * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
13  * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
14  * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
15  * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
16  * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17  * PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 /**
21  * DOC: Public APIs for crypto service
22  */
23 
24 #include <qdf_types.h>
25 #include <wlan_cmn.h>
26 #include <wlan_objmgr_cmn.h>
27 #include <wlan_objmgr_global_obj.h>
28 #include <wlan_objmgr_psoc_obj.h>
29 #include <wlan_objmgr_pdev_obj.h>
30 #include <wlan_objmgr_vdev_obj.h>
31 #include <wlan_objmgr_peer_obj.h>
32 #include <wlan_utility.h>
33 #include <wlan_cp_stats_utils_api.h>
34 
35 #include "wlan_crypto_global_def.h"
36 #include "wlan_crypto_global_api.h"
37 #include "wlan_crypto_def_i.h"
38 #include "wlan_crypto_param_handling_i.h"
39 #include "wlan_crypto_obj_mgr_i.h"
40 #include "wlan_crypto_main.h"
41 #include <qdf_module.h>
42 
43 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX];
44 
45 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \
46 	WLAN_CRYPTO_ADDSELECTOR(frm,\
47 				wlan_crypto_wpa_cipher_to_suite(cipher))
48 
49 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \
50 	WLAN_CRYPTO_ADDSELECTOR(frm,\
51 				wlan_crypto_rsn_cipher_to_suite(cipher))
52 
53 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\
54 	WLAN_CRYPTO_ADDSELECTOR(frm,\
55 				wlan_crypto_wpa_keymgmt_to_suite(keymgmt))
56 
57 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\
58 	WLAN_CRYPTO_ADDSELECTOR(frm,\
59 				wlan_crypto_rsn_keymgmt_to_suite(keymgmt))
60 
is_valid_keyix(uint16_t keyix)61 bool is_valid_keyix(uint16_t keyix)
62 {
63 	if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX
64 			+ WLAN_CRYPTO_MAXBIGTKKEYIDX))
65 		return 0;
66 	else
67 		return 1;
68 }
69 
is_igtk(uint16_t keyix)70 bool is_igtk(uint16_t keyix)
71 {
72 	if (keyix < WLAN_CRYPTO_MAXKEYIDX)
73 		return 0;
74 	else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX)
75 		return 0;
76 	else
77 		return 1;
78 }
79 
is_bigtk(uint16_t keyix)80 bool is_bigtk(uint16_t keyix)
81 {
82 	if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))
83 		return 0;
84 	if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX
85 						>= WLAN_CRYPTO_MAXBIGTKKEYIDX)
86 		return 0;
87 	else
88 		return 1;
89 }
90 
is_gtk(uint16_t keyix)91 bool is_gtk(uint16_t keyix)
92 {
93 	if (keyix == 1 || keyix == 2)
94 		return 1;
95 	else
96 		return 0;
97 }
98 
99 /**
100  * wlan_crypto_vdev_get_comp_params() - called by mlme to get crypto params
101  * @vdev: vdev
102  * @crypto_priv: location to store pointer to the crypto private data
103  *
104  * This function gets called by mlme to get crypto params
105  *
106  * Return: wlan_crypto_params or NULL in case of failure
107  */
wlan_crypto_vdev_get_comp_params(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_comp_priv ** crypto_priv)108 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params(
109 				struct wlan_objmgr_vdev *vdev,
110 				struct wlan_crypto_comp_priv **crypto_priv)
111 {
112 	*crypto_priv = (struct wlan_crypto_comp_priv *)
113 					wlan_get_vdev_crypto_obj(vdev);
114 	if (!(*crypto_priv)) {
115 		crypto_err("crypto_priv NULL");
116 		return NULL;
117 	}
118 
119 	return &((*crypto_priv)->crypto_params);
120 }
121 
122 /**
123  * wlan_crypto_peer_get_comp_params() - called by mlme to get crypto params
124  * @peer: peer
125  * @crypto_priv: location to store pointer to the crypto private data
126  *
127  * This function gets called by mlme to get crypto params
128  *
129  * Return: wlan_crypto_params or NULL in case of failure
130  */
wlan_crypto_peer_get_comp_params(struct wlan_objmgr_peer * peer,struct wlan_crypto_comp_priv ** crypto_priv)131 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params(
132 				struct wlan_objmgr_peer *peer,
133 				struct wlan_crypto_comp_priv **crypto_priv)
134 {
135 
136 	*crypto_priv = (struct wlan_crypto_comp_priv *)
137 					wlan_get_peer_crypto_obj(peer);
138 	if (!*crypto_priv) {
139 		crypto_err("crypto_priv NULL");
140 		return NULL;
141 	}
142 
143 	return &((*crypto_priv)->crypto_params);
144 }
145 
wlan_crypto_set_igtk_key(struct wlan_crypto_key * key)146 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key)
147 {
148 	return QDF_STATUS_SUCCESS;
149 }
150 
151 /**
152  * wlan_crypto_set_param() - called by ucfg to set crypto param
153  * @crypto_params: crypto_params
154  * @param: param to be set.
155  * @value: value
156  *
157  * This function gets called from ucfg to set param
158  *
159  * Return: QDF_STATUS_SUCCESS - in case of success
160  */
wlan_crypto_set_param(struct wlan_crypto_params * crypto_params,wlan_crypto_param_type param,uint32_t value)161 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params,
162 					wlan_crypto_param_type param,
163 					uint32_t value)
164 {
165 	QDF_STATUS status = QDF_STATUS_E_INVAL;
166 
167 	crypto_debug("param %d, value %d", param, value);
168 	switch (param) {
169 	case WLAN_CRYPTO_PARAM_AUTH_MODE:
170 		status = wlan_crypto_set_authmode(crypto_params, value);
171 		break;
172 	case WLAN_CRYPTO_PARAM_UCAST_CIPHER:
173 		status = wlan_crypto_set_ucastciphers(crypto_params, value);
174 		break;
175 	case WLAN_CRYPTO_PARAM_MCAST_CIPHER:
176 		status = wlan_crypto_set_mcastcipher(crypto_params, value);
177 		break;
178 	case WLAN_CRYPTO_PARAM_MGMT_CIPHER:
179 		status = wlan_crypto_set_mgmtcipher(crypto_params, value);
180 		break;
181 	case WLAN_CRYPTO_PARAM_CIPHER_CAP:
182 		status = wlan_crypto_set_cipher_cap(crypto_params, value);
183 		break;
184 	case WLAN_CRYPTO_PARAM_RSN_CAP:
185 		status = wlan_crypto_set_rsn_cap(crypto_params,	value);
186 		break;
187 	case WLAN_CRYPTO_PARAM_RSNX_CAP:
188 		status = wlan_crypto_set_rsnx_cap(crypto_params, value);
189 		break;
190 	case WLAN_CRYPTO_PARAM_KEY_MGMT:
191 		status = wlan_crypto_set_key_mgmt(crypto_params, value);
192 		break;
193 	default:
194 		status = QDF_STATUS_E_INVAL;
195 	}
196 	return status;
197 }
198 
wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev * vdev,wlan_crypto_param_type param,uint32_t value)199 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev,
200 					wlan_crypto_param_type param,
201 					uint32_t value)
202 {
203 	QDF_STATUS status = QDF_STATUS_E_INVAL;
204 	struct wlan_crypto_comp_priv *crypto_priv;
205 	struct wlan_crypto_params *crypto_params;
206 
207 	crypto_priv = (struct wlan_crypto_comp_priv *)
208 					wlan_get_vdev_crypto_obj(vdev);
209 
210 	if (!crypto_priv) {
211 		crypto_err("crypto_priv NULL");
212 		return QDF_STATUS_E_INVAL;
213 	}
214 
215 	crypto_params = &(crypto_priv->crypto_params);
216 
217 	status = wlan_crypto_set_param(crypto_params, param, value);
218 
219 	return status;
220 }
221 
wlan_crypto_set_peer_param(struct wlan_objmgr_peer * peer,wlan_crypto_param_type param,uint32_t value)222 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer,
223 				wlan_crypto_param_type param,
224 				uint32_t value)
225 {
226 	QDF_STATUS status = QDF_STATUS_E_INVAL;
227 	struct wlan_crypto_comp_priv *crypto_priv;
228 	struct wlan_crypto_params *crypto_params;
229 
230 	crypto_params = wlan_crypto_peer_get_comp_params(peer,
231 							&crypto_priv);
232 
233 	if (!crypto_priv) {
234 		crypto_err("crypto_priv NULL");
235 		return QDF_STATUS_E_INVAL;
236 	}
237 
238 	crypto_params = &(crypto_priv->crypto_params);
239 
240 	status = wlan_crypto_set_param(crypto_params, param, value);
241 
242 	return status;
243 }
244 
245 /**
246  * wlan_crypto_get_param_value() - called by crypto APIs to get value for param
247  * @param: Crypto param type
248  * @crypto_params: Crypto params struct
249  *
250  * This function gets called from in-within crypto layer
251  *
252  * Return: value or -1 for failure
253  */
wlan_crypto_get_param_value(wlan_crypto_param_type param,struct wlan_crypto_params * crypto_params)254 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param,
255 				struct wlan_crypto_params *crypto_params)
256 {
257 	int32_t value;
258 
259 	switch (param) {
260 	case WLAN_CRYPTO_PARAM_AUTH_MODE:
261 		value = wlan_crypto_get_authmode(crypto_params);
262 		break;
263 	case WLAN_CRYPTO_PARAM_UCAST_CIPHER:
264 		value = wlan_crypto_get_ucastciphers(crypto_params);
265 		break;
266 	case WLAN_CRYPTO_PARAM_MCAST_CIPHER:
267 		value = wlan_crypto_get_mcastcipher(crypto_params);
268 		break;
269 	case WLAN_CRYPTO_PARAM_MGMT_CIPHER:
270 		value = wlan_crypto_get_mgmtciphers(crypto_params);
271 		break;
272 	case WLAN_CRYPTO_PARAM_CIPHER_CAP:
273 		value = wlan_crypto_get_cipher_cap(crypto_params);
274 		break;
275 	case WLAN_CRYPTO_PARAM_RSN_CAP:
276 		value = wlan_crypto_get_rsn_cap(crypto_params);
277 		break;
278 	case WLAN_CRYPTO_PARAM_KEY_MGMT:
279 		value = wlan_crypto_get_key_mgmt(crypto_params);
280 		break;
281 	default:
282 		value = -1;
283 	}
284 
285 	return value;
286 }
287 
wlan_crypto_get_param(struct wlan_objmgr_vdev * vdev,wlan_crypto_param_type param)288 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev,
289 			      wlan_crypto_param_type param)
290 {
291 	int32_t value = -1;
292 	struct wlan_crypto_comp_priv *crypto_priv;
293 	struct wlan_crypto_params *crypto_params;
294 	crypto_priv = (struct wlan_crypto_comp_priv *)
295 				wlan_get_vdev_crypto_obj(vdev);
296 
297 	if (!crypto_priv) {
298 		crypto_err("crypto_priv NULL");
299 		return value;
300 	}
301 
302 	crypto_params = &(crypto_priv->crypto_params);
303 	value = wlan_crypto_get_param_value(param, crypto_params);
304 
305 	return value;
306 }
307 
wlan_crypto_get_peer_param(struct wlan_objmgr_peer * peer,wlan_crypto_param_type param)308 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer,
309 				   wlan_crypto_param_type param)
310 {
311 	int32_t value = -1;
312 	struct wlan_crypto_comp_priv *crypto_priv;
313 	struct wlan_crypto_params *crypto_params;
314 
315 	crypto_params = wlan_crypto_peer_get_comp_params(peer,
316 							&crypto_priv);
317 
318 	if (!crypto_params) {
319 		crypto_err("crypto_params NULL");
320 		return value;
321 	}
322 	value = wlan_crypto_get_param_value(param, crypto_params);
323 
324 	return value;
325 }
326 qdf_export_symbol(wlan_crypto_get_peer_param);
327 
328 static
329 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params,
330 				 struct wlan_crypto_pmksa *pmksa);
331 
332 static
wlan_crypto_set_pmksa(struct wlan_crypto_params * crypto_params,struct wlan_crypto_pmksa * pmksa)333 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params,
334 				 struct wlan_crypto_pmksa *pmksa)
335 {
336 	uint8_t i, first_available_slot = 0;
337 	bool slot_found = false;
338 
339 	/* Delete the old entry and then Add new entry */
340 	wlan_crypto_del_pmksa(crypto_params, pmksa);
341 
342 	/* find the empty slot as duplicate is already deleted */
343 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
344 		if (!crypto_params->pmksa[i]) {
345 			slot_found = true;
346 			first_available_slot = i;
347 			break;
348 		}
349 	}
350 
351 	if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) {
352 		crypto_err("no entry available for pmksa");
353 		return QDF_STATUS_E_INVAL;
354 	}
355 	crypto_params->pmksa[first_available_slot] = pmksa;
356 	crypto_debug("PMKSA: Added the PMKSA entry at index=%d",
357 		     first_available_slot);
358 
359 	return QDF_STATUS_SUCCESS;
360 }
361 
362 static
wlan_crypto_del_pmksa(struct wlan_crypto_params * crypto_params,struct wlan_crypto_pmksa * pmksa)363 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params,
364 				 struct wlan_crypto_pmksa *pmksa)
365 {
366 	uint8_t i, j, valid_entries_in_table = 0;
367 	bool match_found = false;
368 	u8 del_pmk[MAX_PMK_LEN] = {0};
369 
370 	/* find slot with same bssid */
371 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
372 		if (!crypto_params->pmksa[i])
373 			continue;
374 
375 		valid_entries_in_table++;
376 
377 		if (!pmksa->ssid_len &&
378 		    !qdf_is_macaddr_zero(&pmksa->bssid) &&
379 		    qdf_is_macaddr_equal(&pmksa->bssid,
380 					 &crypto_params->pmksa[i]->bssid)) {
381 			match_found = true;
382 		} else if (pmksa->ssid_len &&
383 			   !qdf_mem_cmp(pmksa->ssid,
384 					crypto_params->pmksa[i]->ssid,
385 					pmksa->ssid_len) &&
386 			   !qdf_mem_cmp(pmksa->cache_id,
387 					crypto_params->pmksa[i]->cache_id,
388 					WLAN_CACHE_ID_LEN)) {
389 			match_found = true;
390 		}
391 
392 		if (match_found) {
393 			qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk,
394 				     crypto_params->pmksa[i]->pmk_len);
395 			/* Free matching entry */
396 			qdf_mem_zero(crypto_params->pmksa[i],
397 				     sizeof(struct wlan_crypto_pmksa));
398 			qdf_mem_free(crypto_params->pmksa[i]);
399 			crypto_params->pmksa[i] = NULL;
400 			crypto_debug("PMKSA: Deleted PMKSA entry at index=%d",
401 				     i);
402 
403 			/* Find and remove the entries matching the pmk */
404 			for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) {
405 				if (!crypto_params->pmksa[j])
406 					continue;
407 				if (crypto_params->pmksa[j]->pmk_len &&
408 				    (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk,
409 				     del_pmk,
410 				     crypto_params->pmksa[j]->pmk_len))) {
411 					qdf_mem_zero(crypto_params->pmksa[j],
412 					sizeof(struct wlan_crypto_pmksa));
413 					qdf_mem_free(crypto_params->pmksa[j]);
414 					crypto_params->pmksa[j] = NULL;
415 					crypto_debug("PMKSA: Deleted PMKSA at idx=%d",
416 						     j);
417 				}
418 			}
419 			/* reset stored pmk */
420 			qdf_mem_zero(del_pmk, MAX_PMK_LEN);
421 
422 			return QDF_STATUS_SUCCESS;
423 		}
424 	}
425 
426 	if (i == WLAN_CRYPTO_MAX_PMKID && !match_found)
427 		crypto_debug("No such pmksa entry exists: valid entries:%d",
428 			     valid_entries_in_table);
429 
430 	return QDF_STATUS_SUCCESS;
431 }
432 
wlan_crypto_pmksa_flush(struct wlan_crypto_params * crypto_params)433 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params)
434 {
435 	uint8_t i;
436 
437 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
438 		if (!crypto_params->pmksa[i])
439 			continue;
440 		qdf_mem_zero(crypto_params->pmksa[i],
441 			     sizeof(struct wlan_crypto_pmksa));
442 		qdf_mem_free(crypto_params->pmksa[i]);
443 		crypto_params->pmksa[i] = NULL;
444 	}
445 
446 	crypto_debug("Flushed the pmksa table");
447 
448 	return QDF_STATUS_SUCCESS;
449 }
450 
wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_pmksa * pmksa,bool set)451 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev,
452 				     struct wlan_crypto_pmksa *pmksa,
453 				     bool set)
454 {
455 	QDF_STATUS status = QDF_STATUS_E_INVAL;
456 	struct wlan_crypto_comp_priv *crypto_priv;
457 	struct wlan_crypto_params *crypto_params;
458 	struct wlan_crypto_pmksa *pmkid_cache = NULL;
459 	enum QDF_OPMODE op_mode;
460 
461 	op_mode = wlan_vdev_mlme_get_opmode(vdev);
462 
463 	if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE)
464 		return QDF_STATUS_E_NOSUPPORT;
465 
466 	if (!pmksa && set) {
467 		crypto_err("pmksa is NULL for set operation");
468 		return QDF_STATUS_E_INVAL;
469 	}
470 	crypto_priv = (struct wlan_crypto_comp_priv *)
471 					wlan_get_vdev_crypto_obj(vdev);
472 
473 	if (!crypto_priv) {
474 		crypto_err("crypto_priv NULL");
475 		return QDF_STATUS_E_INVAL;
476 	}
477 
478 	crypto_params = &crypto_priv->crypto_params;
479 	if (set) {
480 		pmkid_cache = wlan_crypto_get_pmksa(vdev, &pmksa->bssid);
481 		if (pmkid_cache && (pmksa->pmk_len &&
482 				    pmksa->pmk_len == pmkid_cache->pmk_len &&
483 				    !qdf_mem_cmp(pmkid_cache->pmk, pmksa->pmk,
484 						 pmksa->pmk_len))) {
485 			crypto_debug("PMKSA entry found with same PMK");
486 			pmkid_cache = NULL;
487 			return QDF_STATUS_E_EXISTS;
488 		}
489 
490 		status = wlan_crypto_set_pmksa(crypto_params, pmksa);
491 		/* Set pmksa */
492 	} else {
493 		/* del pmksa */
494 		if (!pmksa)
495 			status = wlan_crypto_pmksa_flush(crypto_params);
496 		else
497 			status = wlan_crypto_del_pmksa(crypto_params, pmksa);
498 	}
499 
500 	return status;
501 }
502 
wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_pmksa * pmksa)503 QDF_STATUS wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev *vdev,
504 					   struct wlan_crypto_pmksa *pmksa)
505 {
506 	QDF_STATUS status = QDF_STATUS_E_INVAL;
507 	struct wlan_crypto_pmksa *cached_pmksa;
508 	struct wlan_crypto_comp_priv *crypto_priv;
509 	struct wlan_crypto_params *crypto_params;
510 	uint8_t mdie_present, i;
511 	uint16_t mobility_domain;
512 
513 	if (!pmksa) {
514 		crypto_err("pmksa is NULL for set operation");
515 		return status;
516 	}
517 
518 	crypto_priv = (struct wlan_crypto_comp_priv *)
519 					wlan_get_vdev_crypto_obj(vdev);
520 	if (!crypto_priv) {
521 		crypto_err("crypto_priv NULL");
522 		return status;
523 	}
524 
525 	crypto_params = &crypto_priv->crypto_params;
526 
527 	if (pmksa->mdid.mdie_present) {
528 		for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
529 			if (!crypto_params->pmksa[i])
530 				continue;
531 			cached_pmksa = crypto_params->pmksa[i];
532 			mdie_present = cached_pmksa->mdid.mdie_present;
533 			mobility_domain = cached_pmksa->mdid.mobility_domain;
534 
535 			/* In FT connection when STA connects to AP1 then PMK1
536 			 * gets cached. And if STA disconnects from AP1 and
537 			 * connects to AP2 then PMK2 gets cached. This will
538 			 * result in having multiple PMK cache entries for the
539 			 * same MDID. So delete the old/stale PMK cache entries
540 			 * for the same mobility domain as of the newly added
541 			 * entry. And Update the MDID for the matching BSSID or
542 			 * SSID PMKSA entry.
543 			 */
544 			if (qdf_is_macaddr_equal
545 				(&cached_pmksa->bssid, &pmksa->bssid)) {
546 				cached_pmksa->mdid.mdie_present = 1;
547 				cached_pmksa->mdid.mobility_domain =
548 						pmksa->mdid.mobility_domain;
549 				crypto_debug("Updated the MDID at index=%d", i);
550 				status = QDF_STATUS_SUCCESS;
551 			} else if (pmksa->ssid_len &&
552 				   !qdf_mem_cmp(pmksa->ssid,
553 						cached_pmksa->ssid,
554 						pmksa->ssid_len) &&
555 				   !qdf_mem_cmp(pmksa->cache_id,
556 						cached_pmksa->cache_id,
557 						WLAN_CACHE_ID_LEN)) {
558 				cached_pmksa->mdid.mdie_present = 1;
559 				cached_pmksa->mdid.mobility_domain =
560 						pmksa->mdid.mobility_domain;
561 				crypto_debug("Updated the MDID at index=%d", i);
562 				status = QDF_STATUS_SUCCESS;
563 			} else if (mdie_present &&
564 				   (pmksa->mdid.mobility_domain ==
565 				    mobility_domain)) {
566 				qdf_mem_zero(crypto_params->pmksa[i],
567 					     sizeof(struct wlan_crypto_pmksa));
568 				qdf_mem_free(crypto_params->pmksa[i]);
569 				crypto_params->pmksa[i] = NULL;
570 				crypto_debug("Deleted PMKSA at index=%d", i);
571 				status = QDF_STATUS_SUCCESS;
572 			}
573 		}
574 	}
575 	return status;
576 }
577 
578 struct wlan_crypto_pmksa *
wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_pmksa * pmksa)579 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev,
580 			   struct wlan_crypto_pmksa *pmksa)
581 {
582 	struct wlan_crypto_comp_priv *crypto_priv;
583 	struct wlan_crypto_params *crypto_params;
584 	uint8_t i;
585 
586 	if (!pmksa) {
587 		crypto_err("pmksa is NULL");
588 		return NULL;
589 	}
590 	crypto_priv = (struct wlan_crypto_comp_priv *)
591 					wlan_get_vdev_crypto_obj(vdev);
592 
593 	if (!crypto_priv) {
594 		crypto_err("crypto_priv NULL");
595 		return NULL;
596 	}
597 
598 	crypto_params = &crypto_priv->crypto_params;
599 
600 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
601 		if (!crypto_params->pmksa[i])
602 			continue;
603 
604 		if (pmksa->ssid_len &&
605 		    !qdf_mem_cmp(pmksa->ssid,
606 				 crypto_params->pmksa[i]->ssid,
607 				 pmksa->ssid_len) &&
608 		    !qdf_mem_cmp(pmksa->cache_id,
609 				 crypto_params->pmksa[i]->cache_id,
610 				 WLAN_CACHE_ID_LEN)) {
611 			return crypto_params->pmksa[i];
612 		} else if (!pmksa->ssid_len &&
613 			   !qdf_is_macaddr_zero(&pmksa->bssid) &&
614 			   qdf_is_macaddr_equal(&pmksa->bssid,
615 					 &crypto_params->pmksa[i]->bssid)) {
616 			return crypto_params->pmksa[i];
617 		}
618 	}
619 
620 	return NULL;
621 }
622 
623 struct wlan_crypto_pmksa *
wlan_crypto_get_pmksa(struct wlan_objmgr_vdev * vdev,struct qdf_mac_addr * bssid)624 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid)
625 {
626 	struct wlan_crypto_comp_priv *crypto_priv;
627 	struct wlan_crypto_params *crypto_params;
628 	uint8_t i;
629 
630 	if (!bssid) {
631 		crypto_err("bssid is NULL");
632 		return NULL;
633 	}
634 	crypto_priv = (struct wlan_crypto_comp_priv *)
635 					wlan_get_vdev_crypto_obj(vdev);
636 
637 	if (!crypto_priv) {
638 		crypto_err("crypto_priv NULL");
639 		return NULL;
640 	}
641 
642 	crypto_params = &crypto_priv->crypto_params;
643 
644 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
645 		if (!crypto_params->pmksa[i])
646 			continue;
647 		if (qdf_is_macaddr_equal(bssid,
648 					 &crypto_params->pmksa[i]->bssid)) {
649 			crypto_debug("PMKSA: Entry found at index %d", i);
650 			return crypto_params->pmksa[i];
651 		}
652 	}
653 
654 	return NULL;
655 }
656 
657 struct wlan_crypto_pmksa *
wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev * vdev,uint8_t * cache_id,uint8_t * ssid,uint8_t ssid_len)658 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev,
659 			   uint8_t *cache_id, uint8_t *ssid,
660 			   uint8_t ssid_len)
661 {
662 	struct wlan_crypto_comp_priv *crypto_priv;
663 	struct wlan_crypto_params *crypto_params;
664 	uint8_t i;
665 
666 	crypto_priv = (struct wlan_crypto_comp_priv *)
667 					wlan_get_vdev_crypto_obj(vdev);
668 
669 	if (!crypto_priv) {
670 		crypto_err("crypto_priv NULL");
671 		return NULL;
672 	}
673 
674 	crypto_params = &crypto_priv->crypto_params;
675 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
676 		if (!crypto_params->pmksa[i])
677 			continue;
678 
679 		if (!qdf_mem_cmp(cache_id,
680 				 crypto_params->pmksa[i]->cache_id,
681 				 WLAN_CACHE_ID_LEN) &&
682 		    !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid,
683 				 ssid_len) &&
684 		    ssid_len == crypto_params->pmksa[i]->ssid_len)
685 			return crypto_params->pmksa[i];
686 	}
687 
688 	return NULL;
689 }
690 
wlan_crypto_is_htallowed(struct wlan_objmgr_vdev * vdev,struct wlan_objmgr_peer * peer)691 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev,
692 				 struct wlan_objmgr_peer *peer)
693 {
694 	int32_t ucast_cipher;
695 
696 	if (!(vdev || peer)) {
697 		crypto_err("Invalid params");
698 		return 0;
699 	}
700 
701 	if (vdev)
702 		ucast_cipher = wlan_crypto_get_param(vdev,
703 				WLAN_CRYPTO_PARAM_UCAST_CIPHER);
704 	else
705 		ucast_cipher = wlan_crypto_get_peer_param(peer,
706 				WLAN_CRYPTO_PARAM_UCAST_CIPHER);
707 
708 	if (ucast_cipher == -1) {
709 		crypto_err("Invalid params");
710 		return 0;
711 	}
712 
713 	return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) ||
714 		((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) &&
715 		!(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) &&
716 		!(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) &&
717 		!(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) &&
718 		!(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256)));
719 }
720 qdf_export_symbol(wlan_crypto_is_htallowed);
721 
722 /**
723  * wlan_crypto_store_def_keyix - store default keyix
724  * @vdev: vdev
725  * @object: Peer object
726  * @arg: Argument passed by caller
727  *
728  * This function gets called from wlan_crypto_setkey
729  *
730  * Return: None
731  */
wlan_crypto_store_def_keyix(struct wlan_objmgr_vdev * vdev,void * object,void * arg)732 static void wlan_crypto_store_def_keyix(struct wlan_objmgr_vdev *vdev,
733 					void *object, void *arg)
734 {
735 	struct wlan_objmgr_peer *peer = object;
736 	struct wlan_crypto_comp_priv *crypto_priv;
737 	struct wlan_crypto_params *crypto_params;
738 
739 	uint16_t kid = *(uint16_t *)arg;
740 
741 	crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv);
742 	if (!crypto_priv) {
743 		crypto_err("crypto_priv NULL");
744 		return;
745 	}
746 	crypto_priv->crypto_key.def_tx_keyid = kid;
747 }
748 
749 /**
750  * wlan_crypto_setkey - called by ucfg to setkey
751  * @vdev: vdev
752  * @req_key: req_key with cipher type, key macaddress
753  *
754  * This function gets called from ucfg to sey key
755  *
756  * Return: QDF_STATUS_SUCCESS - in case of success
757  */
wlan_crypto_setkey(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_req_key * req_key)758 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev,
759 				struct wlan_crypto_req_key *req_key)
760 {
761 	QDF_STATUS status = QDF_STATUS_E_INVAL;
762 	struct wlan_crypto_comp_priv *crypto_priv;
763 	struct wlan_crypto_params *crypto_params;
764 	struct wlan_objmgr_psoc *psoc;
765 	struct wlan_objmgr_peer *peer = NULL;
766 	struct wlan_crypto_key *key = NULL;
767 	struct wlan_crypto_keys *priv_key = NULL;
768 	const struct wlan_crypto_cipher *cipher;
769 	uint8_t macaddr[QDF_MAC_ADDR_SIZE] =
770 			{0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
771 	bool isbcast;
772 	enum QDF_OPMODE vdev_mode;
773 	uint8_t igtk_idx = 0;
774 	uint8_t bigtk_idx = 0;
775 	struct wlan_lmac_if_tx_ops *tx_ops;
776 
777 	if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) {
778 		crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key);
779 		return QDF_STATUS_E_INVAL;
780 	}
781 
782 	isbcast = qdf_is_macaddr_group(
783 				(struct qdf_mac_addr *)req_key->macaddr);
784 	if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) {
785 		/* zero length keys, only set default key id if flags are set*/
786 		if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT)
787 			&& (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE)
788 			&& (!IS_MGMT_CIPHER(req_key->type))) {
789 			wlan_crypto_default_key(vdev,
790 				req_key->macaddr,
791 				req_key->keyix,
792 				!isbcast);
793 			return QDF_STATUS_SUCCESS;
794 		}
795 		crypto_err("req_key len zero");
796 		return QDF_STATUS_CRYPTO_INVALID_KEYLEN;
797 	}
798 
799 	cipher = wlan_crypto_cipher_ops[req_key->type];
800 
801 	if (!cipher && !IS_MGMT_CIPHER(req_key->type)) {
802 		crypto_err("cipher invalid");
803 		return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE;
804 	}
805 
806 	if (cipher && (!IS_FILS_CIPHER(req_key->type)) &&
807 	    (!IS_MGMT_CIPHER(req_key->type)) &&
808 	    ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) &&
809 	    (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) {
810 		crypto_err("cipher invalid");
811 		return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE;
812 	} else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) &&
813 		!((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN)
814 		|| (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN)
815 		|| (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) {
816 		crypto_err("wep key len invalid. keylen: %d", req_key->keylen);
817 		return QDF_STATUS_CRYPTO_INVALID_KEYLEN;
818 	}
819 
820 	if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) {
821 		if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT
822 						| WLAN_CRYPTO_KEY_RECV)) {
823 			req_key->flags |= (WLAN_CRYPTO_KEY_XMIT
824 						| WLAN_CRYPTO_KEY_RECV);
825 		}
826 	} else {
827 		if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX)
828 			&& (!IS_MGMT_CIPHER(req_key->type))) {
829 			return QDF_STATUS_CRYPTO_INVALID_KEYID;
830 		}
831 
832 		req_key->flags |= (WLAN_CRYPTO_KEY_XMIT
833 					| WLAN_CRYPTO_KEY_RECV);
834 		if (isbcast)
835 			req_key->flags |= WLAN_CRYPTO_KEY_GROUP;
836 	}
837 
838 	vdev_mode = wlan_vdev_mlme_get_opmode(vdev);
839 
840 	wlan_vdev_obj_lock(vdev);
841 	qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev),
842 		    QDF_MAC_ADDR_SIZE);
843 	psoc = wlan_vdev_get_psoc(vdev);
844 	if (!psoc) {
845 		wlan_vdev_obj_unlock(vdev);
846 		crypto_err("psoc NULL");
847 		return QDF_STATUS_E_INVAL;
848 	}
849 	wlan_vdev_obj_unlock(vdev);
850 
851 	if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) {
852 		if (wlan_crypto_vdev_has_auth_mode(vdev,
853 					(1 << WLAN_CRYPTO_AUTH_8021X))) {
854 			req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT;
855 		}
856 	}
857 
858 	if (isbcast) {
859 		crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
860 								&crypto_priv);
861 		if (!crypto_priv) {
862 			crypto_err("crypto_priv NULL");
863 			return QDF_STATUS_E_INVAL;
864 		}
865 
866 		priv_key = &crypto_priv->crypto_key;
867 
868 		if (IS_MGMT_CIPHER(req_key->type)) {
869 			struct wlan_crypto_key *crypto_key = NULL;
870 
871 			igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX;
872 			bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX;
873 			if (!is_igtk(req_key->keyix) &&
874 			    !(is_bigtk(req_key->keyix))) {
875 				crypto_err("igtk/bigtk key invalid keyid %d",
876 					   req_key->keyix);
877 				return QDF_STATUS_CRYPTO_INVALID_KEYID;
878 			}
879 			key = qdf_mem_malloc(sizeof(struct wlan_crypto_key));
880 			if (!key)
881 				return QDF_STATUS_E_NOMEM;
882 
883 
884 			if (is_igtk(req_key->keyix)) {
885 				crypto_key = priv_key->igtk_key[igtk_idx];
886 				if (crypto_key)
887 					qdf_mem_free(crypto_key);
888 
889 				priv_key->igtk_key[igtk_idx] = key;
890 				priv_key->igtk_key_type = req_key->type;
891 				priv_key->def_igtk_tx_keyid = igtk_idx;
892 				bigtk_idx = 0;
893 			} else {
894 				crypto_key = priv_key->bigtk_key[bigtk_idx];
895 				if (crypto_key)
896 					qdf_mem_free(crypto_key);
897 
898 				priv_key->bigtk_key[bigtk_idx] = key;
899 				priv_key->def_bigtk_tx_keyid = bigtk_idx;
900 				igtk_idx = 0;
901 			}
902 		} else {
903 			if (IS_FILS_CIPHER(req_key->type)) {
904 				crypto_err("FILS key is not for BroadCast pkt");
905 				return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE;
906 			}
907 			if (!HAS_MCAST_CIPHER(crypto_params, req_key->type)
908 				&& (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) {
909 				return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE;
910 			}
911 			if (!priv_key->key[req_key->keyix]) {
912 				priv_key->key[req_key->keyix]
913 					= qdf_mem_malloc(
914 						sizeof(struct wlan_crypto_key));
915 				if (!priv_key->key[req_key->keyix])
916 					return QDF_STATUS_E_NOMEM;
917 			}
918 			key = priv_key->key[req_key->keyix];
919 			priv_key->def_tx_keyid = req_key->keyix;
920 		}
921 		if (vdev_mode == QDF_STA_MODE) {
922 			peer = wlan_objmgr_vdev_try_get_bsspeer(vdev,
923 								WLAN_CRYPTO_ID);
924 			if (!peer) {
925 				crypto_err("peer NULL");
926 				if (IS_MGMT_CIPHER(req_key->type)) {
927 					priv_key->igtk_key[igtk_idx] = NULL;
928 					priv_key->bigtk_key[bigtk_idx]
929 						= NULL;
930 					priv_key->igtk_key_type
931 						= WLAN_CRYPTO_CIPHER_NONE;
932 				} else
933 					priv_key->key[req_key->keyix] = NULL;
934 				if (key)
935 					qdf_mem_free(key);
936 				return QDF_STATUS_E_INVAL;
937 			}
938 			qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer),
939 				    QDF_MAC_ADDR_SIZE);
940 			wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
941 			peer = NULL;
942 		}
943 	} else {
944 		uint8_t pdev_id;
945 
946 		pdev_id = wlan_objmgr_pdev_get_pdev_id(
947 				wlan_vdev_get_pdev(vdev));
948 		peer = wlan_objmgr_get_peer_by_mac_n_vdev(
949 					psoc,
950 					pdev_id,
951 					macaddr,
952 					req_key->macaddr,
953 					WLAN_CRYPTO_ID);
954 
955 		if (!peer) {
956 			crypto_err("peer NULL");
957 			return QDF_STATUS_E_INVAL;
958 		}
959 
960 		qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE);
961 		crypto_params = wlan_crypto_peer_get_comp_params(peer,
962 								&crypto_priv);
963 
964 		if (!crypto_priv) {
965 			crypto_err("crypto_priv NULL");
966 			status = QDF_STATUS_E_INVAL;
967 			goto err;
968 		}
969 
970 		priv_key = &crypto_priv->crypto_key;
971 
972 		if (IS_MGMT_CIPHER(req_key->type)) {
973 			struct wlan_crypto_key *crypto_key = NULL;
974 
975 			igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX;
976 			bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX;
977 
978 			if (!is_igtk(req_key->keyix) &&
979 			    !(is_bigtk(req_key->keyix))) {
980 				crypto_err("igtk/bigtk key invalid keyid %d",
981 					   req_key->keyix);
982 				status = QDF_STATUS_CRYPTO_INVALID_KEYID;
983 				goto err;
984 			}
985 			key = qdf_mem_malloc(sizeof(struct wlan_crypto_key));
986 			if (!key) {
987 				status = QDF_STATUS_E_NOMEM;
988 				goto err;
989 			}
990 
991 			if (is_igtk(req_key->keyix)) {
992 				crypto_key = priv_key->igtk_key[igtk_idx];
993 				if (crypto_key)
994 					qdf_mem_free(crypto_key);
995 
996 				priv_key->igtk_key[igtk_idx] = key;
997 				priv_key->igtk_key_type = req_key->type;
998 				priv_key->def_igtk_tx_keyid = igtk_idx;
999 			} else {
1000 				crypto_key = priv_key->bigtk_key[bigtk_idx];
1001 				if (crypto_key)
1002 					qdf_mem_free(crypto_key);
1003 
1004 				priv_key->bigtk_key[bigtk_idx] = key;
1005 				priv_key->def_bigtk_tx_keyid = bigtk_idx;
1006 			}
1007 		} else {
1008 			uint16_t kid = req_key->keyix;
1009 			if (kid == WLAN_CRYPTO_KEYIX_NONE)
1010 				kid = 0;
1011 			if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) {
1012 				crypto_err("invalid keyid %d", kid);
1013 				status = QDF_STATUS_CRYPTO_INVALID_KEYID;
1014 				goto err;
1015 			}
1016 			if (!priv_key->key[kid]) {
1017 				priv_key->key[kid]
1018 					= qdf_mem_malloc(
1019 						sizeof(struct wlan_crypto_key));
1020 				if (!priv_key->key[kid]) {
1021 					status = QDF_STATUS_E_NOMEM;
1022 					goto err;
1023 				}
1024 			}
1025 			key = priv_key->key[kid];
1026 		}
1027 	}
1028 
1029 	/* alloc key might not required as it is already there */
1030 	key->cipher_table = (void *)cipher;
1031 	key->keylen = req_key->keylen;
1032 	key->flags = req_key->flags;
1033 
1034 	if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE)
1035 		key->keyix = 0;
1036 	else
1037 		key->keyix = req_key->keyix;
1038 
1039 	if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT
1040 		&& (!IS_MGMT_CIPHER(req_key->type)))  {
1041 		crypto_priv->crypto_key.def_tx_keyid = key->keyix;
1042 		key->flags |= WLAN_CRYPTO_KEY_DEFAULT;
1043 	}
1044 	if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4)
1045 		|| (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) {
1046 		uint8_t iv_AP[16] = {	0x5c, 0x36, 0x5c, 0x36,
1047 					0x5c, 0x36, 0x5c, 0x36,
1048 					0x5c, 0x36, 0x5c, 0x36,
1049 					0x5c, 0x36, 0x5c, 0x37};
1050 		uint8_t iv_STA[16] = {	0x5c, 0x36, 0x5c, 0x36,
1051 					0x5c, 0x36, 0x5c, 0x36,
1052 					0x5c, 0x36, 0x5c, 0x36,
1053 					0x5c, 0x36, 0x5c, 0x36};
1054 
1055 		/* During Tx PN should be increment and
1056 		 * send but as per our implementation we increment only after
1057 		 * Tx complete. So First packet PN check will be failed.
1058 		 * To compensate increment the PN here by 2
1059 		 */
1060 		if (vdev_mode == QDF_SAP_MODE) {
1061 			iv_AP[15] += 2;
1062 			qdf_mem_copy(key->recviv, iv_STA,
1063 						WLAN_CRYPTO_WAPI_IV_SIZE);
1064 			qdf_mem_copy(key->txiv, iv_AP,
1065 						WLAN_CRYPTO_WAPI_IV_SIZE);
1066 		} else {
1067 			iv_STA[15] += 2;
1068 			qdf_mem_copy(key->recviv, iv_AP,
1069 						WLAN_CRYPTO_WAPI_IV_SIZE);
1070 			qdf_mem_copy(key->txiv, iv_STA,
1071 						WLAN_CRYPTO_WAPI_IV_SIZE);
1072 		}
1073 	} else {
1074 		uint8_t i = 0;
1075 		qdf_mem_copy((uint8_t *)(&key->keytsc),
1076 			(uint8_t *)(&req_key->keytsc), sizeof(key->keytsc));
1077 		for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) {
1078 			qdf_mem_copy((uint8_t *)(&key->keyrsc[i]),
1079 					(uint8_t *)(&req_key->keyrsc),
1080 					sizeof(key->keyrsc[0]));
1081 		}
1082 	}
1083 
1084 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
1085 	if (!tx_ops) {
1086 		crypto_err("tx_ops is NULL");
1087 		status = QDF_STATUS_E_INVAL;
1088 		goto err;
1089 	}
1090 
1091 	qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval));
1092 	key->valid = 1;
1093 	if ((IS_MGMT_CIPHER(req_key->type))) {
1094 		uint32_t mgmt_cipher = 0;
1095 
1096 		if (HAS_CIPHER_CAP(crypto_params,
1097 					WLAN_CRYPTO_CAP_PMF_OFFLOAD) ||
1098 					is_bigtk(req_key->keyix)) {
1099 			if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
1100 				WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev,
1101 						key, macaddr, req_key->type);
1102 			}
1103 		}
1104 		QDF_SET_PARAM(mgmt_cipher, req_key->type);
1105 		wlan_crypto_set_mgmtcipher(crypto_params, mgmt_cipher);
1106 		status = wlan_crypto_set_igtk_key(key);
1107 	} else if (IS_FILS_CIPHER(req_key->type)) {
1108 		/* Take request key object to FILS setkey */
1109 		key->private = req_key;
1110 	} else {
1111 		if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
1112 			if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key,
1113 							      macaddr,
1114 							      req_key->type)) {
1115 				status = QDF_STATUS_E_INVAL;
1116 				goto err;
1117 			}
1118 		}
1119 	}
1120 	if (cipher)
1121 		status = cipher->setkey(key);
1122 
1123 	if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) &&
1124 	    (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) &&
1125 	    (!IS_MGMT_CIPHER(req_key->type)) && isbcast) {
1126 		/* default xmit key */
1127 		wlan_crypto_default_key(vdev,
1128 					req_key->macaddr,
1129 					req_key->keyix,
1130 					!isbcast);
1131 		/*Iterate through the peer list on this vdev
1132 		 *and store the keyix in the peer's crypto_priv
1133 		 */
1134 		wlan_objmgr_iterate_peerobj_list(vdev,
1135 						 wlan_crypto_store_def_keyix,
1136 						 (void *)&req_key->keyix,
1137 						 WLAN_CRYPTO_ID);
1138 
1139 		}
1140 err:
1141 	if (peer)
1142 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1143 	return status;
1144 }
1145 
1146 /**
1147  * wlan_crypto_get_key_type - get keytype
1148  * @key: key
1149  *
1150  * This function gets keytype from key
1151  *
1152  * Return: keytype
1153  */
wlan_crypto_get_key_type(struct wlan_crypto_key * key)1154 wlan_crypto_cipher_type wlan_crypto_get_key_type(struct wlan_crypto_key *key)
1155 {
1156 	if (key && key->cipher_table) {
1157 		return ((struct wlan_crypto_cipher *)
1158 						(key->cipher_table))->cipher;
1159 	}
1160 	return WLAN_CRYPTO_CIPHER_NONE;
1161 }
1162 qdf_export_symbol(wlan_crypto_get_key_type);
1163 
wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev * vdev,uint16_t keyix)1164 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev,
1165 						uint16_t keyix)
1166 {
1167 	struct wlan_crypto_comp_priv *crypto_priv;
1168 	struct wlan_crypto_params *crypto_params;
1169 	struct wlan_crypto_key *key = NULL;
1170 	struct wlan_crypto_keys *priv_key = NULL;
1171 
1172 	crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
1173 
1174 	if (!crypto_priv) {
1175 		crypto_err("crypto_priv NULL");
1176 		return NULL;
1177 	}
1178 
1179 	priv_key = &crypto_priv->crypto_key;
1180 
1181 	/* for keyix 4,5 we return the igtk keys for keyix more than 5
1182 	 * we return the default key, for all other keyix we return the
1183 	 * key accordingly.
1184 	 */
1185 	if ((keyix == WLAN_CRYPTO_KEYIX_NONE) ||
1186 	    !is_valid_keyix(keyix))
1187 		key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid];
1188 	else if (is_bigtk(keyix))
1189 		key = priv_key->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX
1190 						- WLAN_CRYPTO_MAXIGTKKEYIDX];
1191 	else if (is_igtk(keyix))
1192 		key = priv_key->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX];
1193 	else
1194 		key = priv_key->key[keyix];
1195 
1196 	if (key && key->valid)
1197 		return key;
1198 
1199 	return NULL;
1200 }
1201 qdf_export_symbol(wlan_crypto_vdev_getkey);
1202 
wlan_crypto_peer_getkey(struct wlan_objmgr_peer * peer,uint16_t keyix)1203 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer,
1204 						uint16_t keyix)
1205 {
1206 	struct wlan_crypto_comp_priv *crypto_priv;
1207 	struct wlan_crypto_params *crypto_params;
1208 	struct wlan_crypto_key *key = NULL;
1209 	struct wlan_crypto_keys *priv_key = NULL;
1210 
1211 	crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv);
1212 
1213 	if (!crypto_priv) {
1214 		crypto_err("crypto_priv NULL");
1215 		return NULL;
1216 	}
1217 
1218 	priv_key = &crypto_priv->crypto_key;
1219 
1220 	/* for keyix 4,5 we return the igtk keys for keyix more than 5
1221 	 * we return the default key, for all other keyix we return the
1222 	 * key accordingly.
1223 	 */
1224 	if (keyix == WLAN_CRYPTO_KEYIX_NONE ||
1225 	    !is_valid_keyix(keyix))
1226 		key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid];
1227 	else if (is_bigtk(keyix))
1228 		key = priv_key->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX
1229 						- WLAN_CRYPTO_MAXIGTKKEYIDX];
1230 	else if (is_igtk(keyix))
1231 		key = priv_key->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX];
1232 	else
1233 		key = priv_key->key[keyix];
1234 
1235 	if (key && key->valid)
1236 		return key;
1237 
1238 	return NULL;
1239 }
1240 qdf_export_symbol(wlan_crypto_peer_getkey);
1241 
wlan_crypto_getkey(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_req_key * req_key,uint8_t * mac_addr)1242 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev,
1243 				struct wlan_crypto_req_key *req_key,
1244 				uint8_t *mac_addr)
1245 {
1246 	struct wlan_crypto_cipher *cipher_table;
1247 	struct wlan_crypto_key *key;
1248 	struct wlan_objmgr_psoc *psoc;
1249 	struct wlan_lmac_if_tx_ops *tx_ops;
1250 	struct wlan_lmac_if_rx_ops *rx_ops;
1251 	uint8_t macaddr[QDF_MAC_ADDR_SIZE] =
1252 			{0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1253 	QDF_STATUS status = QDF_STATUS_E_INVAL;
1254 	struct wlan_objmgr_peer *peer = NULL;
1255 	uint8_t pdev_id;
1256 	uint16_t get_pn_enable;
1257 	bool is_bcast;
1258 	uint8_t *pn_mac_addr;
1259 
1260 	if (!req_key) {
1261 		crypto_err("req_key NULL");
1262 		return QDF_STATUS_E_INVAL;
1263 	}
1264 
1265 	get_pn_enable = req_key->flags & WLAN_CRYPTO_KEY_GET_PN;
1266 
1267 	wlan_vdev_obj_lock(vdev);
1268 	qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev),
1269 		    QDF_MAC_ADDR_SIZE);
1270 	psoc = wlan_vdev_get_psoc(vdev);
1271 	if (!psoc) {
1272 		wlan_vdev_obj_unlock(vdev);
1273 		crypto_err("psoc NULL");
1274 		return QDF_STATUS_E_INVAL;
1275 	}
1276 	wlan_vdev_obj_unlock(vdev);
1277 
1278 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
1279 	if (!tx_ops) {
1280 		crypto_err("tx_ops is NULL");
1281 		return QDF_STATUS_E_INVAL;
1282 	}
1283 
1284 	rx_ops = wlan_psoc_get_lmac_if_rxops(psoc);
1285 	if (!rx_ops) {
1286 		crypto_err("rx_ops is NULL");
1287 		return QDF_STATUS_E_INVAL;
1288 	}
1289 	is_bcast = qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr);
1290 
1291 	if (is_bcast) {
1292 		key = wlan_crypto_vdev_getkey(vdev, req_key->keyix);
1293 		if (!key)
1294 			return QDF_STATUS_E_INVAL;
1295 	} else {
1296 
1297 		pdev_id = wlan_objmgr_pdev_get_pdev_id(
1298 				wlan_vdev_get_pdev(vdev));
1299 		peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1300 					psoc,
1301 					pdev_id,
1302 					macaddr,
1303 					mac_addr,
1304 					WLAN_CRYPTO_ID);
1305 		if (!peer) {
1306 			crypto_err("peer NULL");
1307 			return QDF_STATUS_E_NOENT;
1308 		}
1309 		key = wlan_crypto_peer_getkey(peer, req_key->keyix);
1310 
1311 		if (!key) {
1312 			crypto_err("Key is NULL");
1313 			status = QDF_STATUS_E_INVAL;
1314 			goto err;
1315 		}
1316 	}
1317 
1318 	if (key->valid) {
1319 		qdf_mem_copy(req_key->keydata,
1320 				key->keyval, key->keylen);
1321 		req_key->keylen = key->keylen;
1322 		req_key->keyix = key->keyix;
1323 		req_key->flags = key->flags;
1324 
1325 		if (is_igtk(req_key->keyix) || is_bigtk(req_key->keyix)) {
1326 			req_key->type = key->cipher_type;
1327 		} else {
1328 			cipher_table = key->cipher_table;
1329 
1330 			if (!cipher_table) {
1331 				status = QDF_STATUS_SUCCESS;
1332 				goto err;
1333 			}
1334 
1335 			req_key->type = cipher_table->cipher;
1336 		}
1337 
1338 		if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) {
1339 			qdf_mem_copy((uint8_t *)(&req_key->txiv),
1340 					(uint8_t *)(key->txiv),
1341 					sizeof(req_key->txiv));
1342 			qdf_mem_copy((uint8_t *)(&req_key->recviv),
1343 					(uint8_t *)(key->recviv),
1344 					sizeof(req_key->recviv));
1345 		}
1346 
1347 		if (get_pn_enable) {
1348 			pn_mac_addr = ((is_gtk(req_key->keyix) ||
1349 					is_bigtk(req_key->keyix)) && is_bcast) ?
1350 					macaddr : mac_addr;
1351 
1352 			if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops))
1353 				WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev,
1354 								 pn_mac_addr,
1355 								 req_key->keyix,
1356 								 req_key->type);
1357 			if (WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops))
1358 				WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)(
1359 						vdev, mac_addr, req_key->keyix);
1360 
1361 			qdf_mem_copy((uint8_t *)(&req_key->keytsc),
1362 				     (uint8_t *)(&key->keytsc),
1363 				     sizeof(req_key->keytsc));
1364 			qdf_mem_copy((uint8_t *)(&req_key->keyrsc),
1365 				     (uint8_t *)(&key->keyrsc[0]),
1366 				     sizeof(req_key->keyrsc));
1367 		}
1368 
1369 	}
1370 	status = QDF_STATUS_SUCCESS;
1371 
1372 err:
1373 	if (peer)
1374 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1375 
1376 	return status;
1377 }
1378 
wlan_crypto_delkey(struct wlan_objmgr_vdev * vdev,uint8_t * macaddr,uint8_t key_idx)1379 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev,
1380 				uint8_t *macaddr,
1381 				uint8_t key_idx)
1382 {
1383 	struct wlan_crypto_comp_priv *crypto_priv;
1384 	struct wlan_crypto_params *crypto_params;
1385 	struct wlan_crypto_key *key;
1386 	struct wlan_crypto_cipher *cipher_table;
1387 	struct wlan_objmgr_psoc *psoc;
1388 	struct wlan_lmac_if_tx_ops *tx_ops;
1389 	uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1390 	struct wlan_objmgr_peer *peer = NULL;
1391 	QDF_STATUS ret = QDF_STATUS_SUCCESS;
1392 
1393 	if (!vdev || !macaddr ||
1394 		!is_valid_keyix(key_idx)) {
1395 		crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d",
1396 			   vdev, macaddr, key_idx);
1397 		return QDF_STATUS_E_INVAL;
1398 	}
1399 
1400 	wlan_vdev_obj_lock(vdev);
1401 	qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1402 		    QDF_MAC_ADDR_SIZE);
1403 	psoc = wlan_vdev_get_psoc(vdev);
1404 	if (!psoc) {
1405 		wlan_vdev_obj_unlock(vdev);
1406 		crypto_err("psoc NULL");
1407 		return QDF_STATUS_E_INVAL;
1408 	}
1409 	wlan_vdev_obj_unlock(vdev);
1410 
1411 	if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) {
1412 		crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1413 								&crypto_priv);
1414 		if (!crypto_priv) {
1415 			crypto_err("crypto_priv NULL");
1416 			return QDF_STATUS_E_INVAL;
1417 		}
1418 	} else {
1419 		uint8_t pdev_id;
1420 
1421 		pdev_id = wlan_objmgr_pdev_get_pdev_id(
1422 				wlan_vdev_get_pdev(vdev));
1423 		peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1424 				psoc, pdev_id,
1425 				bssid_mac,
1426 				macaddr,
1427 				WLAN_CRYPTO_ID);
1428 		if (!peer) {
1429 			return QDF_STATUS_E_INVAL;
1430 		}
1431 		crypto_params = wlan_crypto_peer_get_comp_params(peer,
1432 								&crypto_priv);
1433 		if (!crypto_priv) {
1434 			crypto_err("crypto_priv NULL");
1435 			ret = QDF_STATUS_E_INVAL;
1436 			goto ret_rel_ref;
1437 		}
1438 	}
1439 
1440 	if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) {
1441 		uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX;
1442 		uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX;
1443 
1444 		if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) {
1445 			crypto_err("igtk/bigtk key invalid keyid %d", key_idx);
1446 			ret = QDF_STATUS_E_INVAL;
1447 			goto ret_rel_ref;
1448 		}
1449 		if (is_igtk(key_idx)) {
1450 			key = crypto_priv->crypto_key.igtk_key[igtk_idx];
1451 			crypto_priv->crypto_key.igtk_key[igtk_idx] = NULL;
1452 		} else {
1453 			key = crypto_priv->crypto_key.bigtk_key[bigtk_idx];
1454 			crypto_priv->crypto_key.bigtk_key[bigtk_idx] = NULL;
1455 		}
1456 		if (key)
1457 			key->valid = 0;
1458 	} else {
1459 		key = crypto_priv->crypto_key.key[key_idx];
1460 		crypto_priv->crypto_key.key[key_idx] = NULL;
1461 	}
1462 
1463 	if (!key) {
1464 		ret = QDF_STATUS_E_INVAL;
1465 		goto ret_rel_ref;
1466 	}
1467 
1468 	if (key->valid) {
1469 		cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1470 		qdf_mem_zero(key->keyval, sizeof(key->keyval));
1471 
1472 		tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
1473 		if (!tx_ops) {
1474 			crypto_err("tx_ops is NULL");
1475 			ret = QDF_STATUS_E_INVAL;
1476 			goto ret_rel_ref;
1477 		}
1478 
1479 		if (!IS_FILS_CIPHER(cipher_table->cipher) &&
1480 		    WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) {
1481 			WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr,
1482 							  cipher_table->cipher);
1483 		} else if (IS_FILS_CIPHER(cipher_table->cipher)) {
1484 			if (key->private)
1485 				qdf_mem_free(key->private);
1486 		}
1487 	}
1488 
1489 	/* Zero-out local key variables */
1490 	qdf_mem_zero(key, sizeof(struct wlan_crypto_key));
1491 	qdf_mem_free(key);
1492 	key = NULL;
1493 
1494 ret_rel_ref:
1495 	if (peer)
1496 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1497 
1498 	return ret;
1499 }
1500 
1501 #ifdef CRYPTO_SET_KEY_CONVERGED
wlan_crypto_set_default_key(struct wlan_objmgr_vdev * vdev,uint8_t key_idx,uint8_t * macaddr)1502 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev,
1503 					      uint8_t key_idx, uint8_t *macaddr)
1504 {
1505 	return QDF_STATUS_SUCCESS;
1506 }
1507 #else
wlan_crypto_set_default_key(struct wlan_objmgr_vdev * vdev,uint8_t key_idx,uint8_t * macaddr)1508 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev,
1509 					      uint8_t key_idx, uint8_t *macaddr)
1510 {
1511 	struct wlan_objmgr_psoc *psoc;
1512 	struct wlan_lmac_if_tx_ops *tx_ops;
1513 
1514 	psoc = wlan_vdev_get_psoc(vdev);
1515 	if (!psoc) {
1516 		crypto_err("psoc is NULL");
1517 		return QDF_STATUS_E_INVAL;
1518 	}
1519 
1520 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
1521 	if (!tx_ops) {
1522 		crypto_err("tx_ops is NULL");
1523 		return QDF_STATUS_E_INVAL;
1524 	}
1525 
1526 	if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops))
1527 		WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr);
1528 
1529 	return QDF_STATUS_SUCCESS;
1530 }
1531 #endif
1532 
wlan_crypto_default_key(struct wlan_objmgr_vdev * vdev,uint8_t * macaddr,uint8_t key_idx,bool unicast)1533 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev,
1534 					uint8_t *macaddr,
1535 					uint8_t key_idx,
1536 					bool unicast)
1537 {
1538 	struct wlan_crypto_comp_priv *crypto_priv;
1539 	struct wlan_crypto_params *crypto_params;
1540 	struct wlan_crypto_key *key;
1541 	struct wlan_objmgr_psoc *psoc;
1542 	uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1543 
1544 	if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) {
1545 		crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d",
1546 			   vdev, macaddr, key_idx);
1547 		return QDF_STATUS_E_INVAL;
1548 	}
1549 
1550 	wlan_vdev_obj_lock(vdev);
1551 	qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1552 		    QDF_MAC_ADDR_SIZE);
1553 	psoc = wlan_vdev_get_psoc(vdev);
1554 	if (!psoc) {
1555 		wlan_vdev_obj_unlock(vdev);
1556 		crypto_err("psoc NULL");
1557 		return QDF_STATUS_E_INVAL;
1558 	}
1559 	wlan_vdev_obj_unlock(vdev);
1560 
1561 	if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) {
1562 		crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1563 								&crypto_priv);
1564 		if (!crypto_priv) {
1565 			crypto_err("crypto_priv NULL");
1566 			return QDF_STATUS_E_INVAL;
1567 		}
1568 
1569 		key = crypto_priv->crypto_key.key[key_idx];
1570 		if (!key)
1571 			return QDF_STATUS_E_INVAL;
1572 	} else {
1573 		struct wlan_objmgr_peer *peer;
1574 		uint8_t pdev_id;
1575 
1576 		pdev_id = wlan_objmgr_pdev_get_pdev_id(
1577 				wlan_vdev_get_pdev(vdev));
1578 		peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1579 				psoc, pdev_id,
1580 				bssid_mac,
1581 				macaddr,
1582 				WLAN_CRYPTO_ID);
1583 
1584 		if (!peer) {
1585 			crypto_err("peer NULL");
1586 			return QDF_STATUS_E_INVAL;
1587 		}
1588 		crypto_params = wlan_crypto_peer_get_comp_params(peer,
1589 								&crypto_priv);
1590 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1591 		if (!crypto_priv) {
1592 			crypto_err("crypto_priv NULL");
1593 			return QDF_STATUS_E_INVAL;
1594 		}
1595 
1596 		key = crypto_priv->crypto_key.key[key_idx];
1597 		if (!key)
1598 			return QDF_STATUS_E_INVAL;
1599 	}
1600 	if (!key->valid)
1601 		return QDF_STATUS_E_INVAL;
1602 
1603 	if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) !=
1604 			QDF_STATUS_SUCCESS)
1605 		return QDF_STATUS_E_INVAL;
1606 	crypto_priv->crypto_key.def_tx_keyid = key_idx;
1607 
1608 	return QDF_STATUS_SUCCESS;
1609 }
1610 
wlan_crypto_encap(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf,uint8_t * mac_addr,uint8_t encapdone)1611 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev,
1612 				qdf_nbuf_t wbuf,
1613 				uint8_t *mac_addr,
1614 				uint8_t encapdone)
1615 {
1616 	struct wlan_crypto_comp_priv *crypto_priv;
1617 	struct wlan_crypto_params *crypto_params;
1618 	struct wlan_crypto_key *key;
1619 	struct wlan_crypto_keys *priv_key = NULL;
1620 	QDF_STATUS status;
1621 	struct wlan_crypto_cipher *cipher_table;
1622 	struct wlan_objmgr_psoc *psoc;
1623 	struct wlan_objmgr_peer *peer;
1624 	uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1625 	uint8_t pdev_id;
1626 	uint8_t hdrlen;
1627 	enum QDF_OPMODE opmode;
1628 
1629 	opmode = wlan_vdev_mlme_get_opmode(vdev);
1630 	wlan_vdev_obj_lock(vdev);
1631 	qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1632 		    QDF_MAC_ADDR_SIZE);
1633 	psoc = wlan_vdev_get_psoc(vdev);
1634 	if (!psoc) {
1635 		wlan_vdev_obj_unlock(vdev);
1636 		crypto_err("psoc NULL");
1637 		return QDF_STATUS_E_INVAL;
1638 	}
1639 	wlan_vdev_obj_unlock(vdev);
1640 
1641 	pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev));
1642 	/* FILS Encap required only for (Re-)Assoc response */
1643 	peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID);
1644 
1645 	if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) &&
1646 	    peer && !wlan_crypto_get_peer_fils_aead(peer)) {
1647 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1648 		return QDF_STATUS_E_INVAL;
1649 	}
1650 
1651 	if (peer)
1652 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1653 	peer = NULL;
1654 
1655 	if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) {
1656 		crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1657 								&crypto_priv);
1658 		if (!crypto_priv) {
1659 			crypto_err("crypto_priv NULL");
1660 			return QDF_STATUS_E_INVAL;
1661 		}
1662 
1663 		priv_key = &crypto_priv->crypto_key;
1664 
1665 		key = priv_key->key[priv_key->def_tx_keyid];
1666 		if (!key)
1667 			return QDF_STATUS_E_INVAL;
1668 
1669 	} else {
1670 		peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id,
1671 							  bssid_mac, mac_addr,
1672 							  WLAN_CRYPTO_ID);
1673 		if (!peer) {
1674 			crypto_err("crypto_priv NULL");
1675 			return QDF_STATUS_E_INVAL;
1676 		}
1677 
1678 		crypto_params = wlan_crypto_peer_get_comp_params(peer,
1679 								&crypto_priv);
1680 
1681 		if (!crypto_priv) {
1682 			crypto_err("crypto_priv NULL");
1683 			status = QDF_STATUS_E_INVAL;
1684 			goto err;
1685 		}
1686 
1687 		priv_key = &crypto_priv->crypto_key;
1688 
1689 		key = priv_key->key[priv_key->def_tx_keyid];
1690 		if (!key) {
1691 			crypto_err("Key is NULL");
1692 			status = QDF_STATUS_E_INVAL;
1693 			goto err;
1694 		}
1695 	}
1696 	if (opmode == QDF_MONITOR_MODE)
1697 		hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf));
1698 	else
1699 		hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev),
1700 					    (uint8_t *)qdf_nbuf_data(wbuf));
1701 
1702 	if (!key->valid || !key->cipher_table) {
1703 		status = QDF_STATUS_E_INVAL;
1704 		goto err;
1705 	}
1706 
1707 	/* if tkip, is counter measures enabled, then drop the frame */
1708 	cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1709 	status = cipher_table->encap(key, wbuf, encapdone,
1710 				     hdrlen);
1711 
1712 err:
1713 	if (peer)
1714 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1715 
1716 	return status;
1717 }
1718 qdf_export_symbol(wlan_crypto_encap);
1719 
wlan_crypto_decap(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf,uint8_t * mac_addr,uint8_t tid)1720 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev,
1721 				qdf_nbuf_t wbuf,
1722 				uint8_t *mac_addr,
1723 				uint8_t tid)
1724 {
1725 	struct wlan_crypto_comp_priv *crypto_priv;
1726 	struct wlan_crypto_params *crypto_params;
1727 	struct wlan_crypto_key *key;
1728 	QDF_STATUS status;
1729 	struct wlan_crypto_cipher *cipher_table;
1730 	struct wlan_objmgr_psoc *psoc;
1731 	struct wlan_objmgr_peer *peer;
1732 	uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1733 	uint8_t keyid;
1734 	uint8_t pdev_id;
1735 	uint8_t hdrlen;
1736 	enum QDF_OPMODE opmode;
1737 
1738 	opmode = wlan_vdev_mlme_get_opmode(vdev);
1739 	wlan_vdev_obj_lock(vdev);
1740 	qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1741 		    QDF_MAC_ADDR_SIZE);
1742 	psoc = wlan_vdev_get_psoc(vdev);
1743 	if (!psoc) {
1744 		wlan_vdev_obj_unlock(vdev);
1745 		crypto_err("psoc NULL");
1746 		return QDF_STATUS_E_INVAL;
1747 	}
1748 	wlan_vdev_obj_unlock(vdev);
1749 
1750 	if (opmode == QDF_MONITOR_MODE)
1751 		hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf));
1752 	else
1753 		hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev),
1754 					    (uint8_t *)qdf_nbuf_data(wbuf));
1755 
1756 	keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen);
1757 
1758 	if (keyid >= WLAN_CRYPTO_MAXKEYIDX)
1759 		return QDF_STATUS_E_INVAL;
1760 
1761 	pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev));
1762 	/* FILS Decap required only for (Re-)Assoc request */
1763 	peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID);
1764 
1765 	if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) &&
1766 	    peer && !wlan_crypto_get_peer_fils_aead(peer)) {
1767 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1768 		return QDF_STATUS_E_INVAL;
1769 	}
1770 
1771 	if (peer)
1772 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1773 	peer = NULL;
1774 
1775 	if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) {
1776 		crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1777 								&crypto_priv);
1778 		if (!crypto_priv) {
1779 			crypto_err("crypto_priv NULL");
1780 			return QDF_STATUS_E_INVAL;
1781 		}
1782 
1783 		key = crypto_priv->crypto_key.key[keyid];
1784 		if (!key)
1785 			return QDF_STATUS_E_INVAL;
1786 	} else {
1787 		peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1788 					psoc, pdev_id, bssid_mac,
1789 					mac_addr, WLAN_CRYPTO_ID);
1790 		if (!peer) {
1791 			crypto_err("peer NULL");
1792 			return QDF_STATUS_E_INVAL;
1793 		}
1794 
1795 		crypto_params = wlan_crypto_peer_get_comp_params(peer,
1796 								&crypto_priv);
1797 
1798 		if (!crypto_priv) {
1799 			crypto_err("crypto_priv NULL");
1800 			status = QDF_STATUS_E_INVAL;
1801 			goto err;
1802 		}
1803 
1804 		key = crypto_priv->crypto_key.key[keyid];
1805 		if (!key) {
1806 			crypto_err("Key is NULL");
1807 			status = QDF_STATUS_E_INVAL;
1808 			goto err;
1809 		}
1810 	}
1811 
1812 	if (!key->valid || !key->cipher_table) {
1813 		status = QDF_STATUS_E_INVAL;
1814 		goto err;
1815 	}
1816 
1817 	/* if tkip, is counter measures enabled, then drop the frame */
1818 	cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1819 	status = cipher_table->decap(key, wbuf, tid, hdrlen);
1820 
1821 err:
1822 	if (peer)
1823 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1824 
1825 	return status;
1826 }
1827 qdf_export_symbol(wlan_crypto_decap);
1828 
wlan_crypto_enmic(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf,uint8_t * mac_addr,uint8_t encapdone)1829 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev,
1830 				qdf_nbuf_t wbuf,
1831 				uint8_t *mac_addr,
1832 				uint8_t encapdone)
1833 {
1834 	struct wlan_crypto_comp_priv *crypto_priv;
1835 	struct wlan_crypto_params *crypto_params;
1836 	struct wlan_crypto_key *key;
1837 	struct wlan_crypto_keys *priv_key = NULL;
1838 	QDF_STATUS status;
1839 	struct wlan_crypto_cipher *cipher_table;
1840 	struct wlan_objmgr_psoc *psoc;
1841 	uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1842 	uint8_t hdrlen;
1843 	enum QDF_OPMODE opmode;
1844 
1845 	opmode = wlan_vdev_mlme_get_opmode(vdev);
1846 
1847 
1848 	wlan_vdev_obj_lock(vdev);
1849 	qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1850 		    QDF_MAC_ADDR_SIZE);
1851 	psoc = wlan_vdev_get_psoc(vdev);
1852 	if (!psoc) {
1853 		wlan_vdev_obj_unlock(vdev);
1854 		crypto_err("psoc NULL");
1855 		return QDF_STATUS_E_INVAL;
1856 	}
1857 	wlan_vdev_obj_unlock(vdev);
1858 
1859 	if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) {
1860 		crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1861 								&crypto_priv);
1862 		if (!crypto_priv) {
1863 			crypto_err("crypto_priv NULL");
1864 			return QDF_STATUS_E_INVAL;
1865 		}
1866 
1867 		priv_key = &crypto_priv->crypto_key;
1868 
1869 		key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid];
1870 		if (!key)
1871 			return QDF_STATUS_E_INVAL;
1872 
1873 	} else {
1874 		struct wlan_objmgr_peer *peer;
1875 		uint8_t pdev_id;
1876 
1877 		pdev_id = wlan_objmgr_pdev_get_pdev_id(
1878 				wlan_vdev_get_pdev(vdev));
1879 		peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1880 					psoc, pdev_id, bssid_mac,
1881 					mac_addr, WLAN_CRYPTO_ID);
1882 		if (!peer) {
1883 			crypto_err("crypto_priv NULL");
1884 			return QDF_STATUS_E_INVAL;
1885 		}
1886 
1887 		crypto_params = wlan_crypto_peer_get_comp_params(peer,
1888 								&crypto_priv);
1889 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1890 
1891 		if (!crypto_priv) {
1892 			crypto_err("crypto_priv NULL");
1893 			return QDF_STATUS_E_INVAL;
1894 		}
1895 
1896 		priv_key = &crypto_priv->crypto_key;
1897 
1898 		key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid];
1899 		if (!key)
1900 			return QDF_STATUS_E_INVAL;
1901 	}
1902 	if (opmode == QDF_MONITOR_MODE)
1903 		hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf));
1904 	else
1905 		hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev),
1906 					    (uint8_t *)qdf_nbuf_data(wbuf));
1907 
1908 	/* if tkip, is counter measures enabled, then drop the frame */
1909 	cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1910 	status = cipher_table->enmic(key, wbuf, encapdone, hdrlen);
1911 
1912 	return status;
1913 }
1914 
wlan_crypto_demic(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf,uint8_t * mac_addr,uint8_t tid,uint8_t keyid)1915 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev,
1916 			     qdf_nbuf_t wbuf,
1917 			     uint8_t *mac_addr,
1918 			     uint8_t tid,
1919 			     uint8_t keyid)
1920 {
1921 	struct wlan_crypto_comp_priv *crypto_priv;
1922 	struct wlan_crypto_params *crypto_params;
1923 	struct wlan_crypto_key *key;
1924 	QDF_STATUS status;
1925 	struct wlan_crypto_cipher *cipher_table;
1926 	struct wlan_objmgr_psoc *psoc;
1927 	uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1928 	uint8_t hdrlen;
1929 	enum QDF_OPMODE opmode;
1930 
1931 	opmode = wlan_vdev_mlme_get_opmode(vdev);
1932 
1933 	if (opmode == QDF_MONITOR_MODE)
1934 		hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf));
1935 	else
1936 		hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev),
1937 					    (uint8_t *)qdf_nbuf_data(wbuf));
1938 
1939 	wlan_vdev_obj_lock(vdev);
1940 	qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1941 		    QDF_MAC_ADDR_SIZE);
1942 	psoc = wlan_vdev_get_psoc(vdev);
1943 	if (!psoc) {
1944 		wlan_vdev_obj_unlock(vdev);
1945 		crypto_err("psoc NULL");
1946 		return QDF_STATUS_E_INVAL;
1947 	}
1948 	wlan_vdev_obj_unlock(vdev);
1949 
1950 	if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) {
1951 		crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1952 								&crypto_priv);
1953 		if (!crypto_priv) {
1954 			crypto_err("crypto_priv NULL");
1955 			return QDF_STATUS_E_INVAL;
1956 		}
1957 
1958 		key = crypto_priv->crypto_key.key[keyid];
1959 		if (!key)
1960 			return QDF_STATUS_E_INVAL;
1961 
1962 	} else {
1963 		struct wlan_objmgr_peer *peer;
1964 		uint8_t pdev_id;
1965 
1966 		pdev_id = wlan_objmgr_pdev_get_pdev_id(
1967 				wlan_vdev_get_pdev(vdev));
1968 		peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1969 					psoc, pdev_id, bssid_mac,
1970 					mac_addr, WLAN_CRYPTO_ID);
1971 		if (!peer) {
1972 			crypto_err("peer NULL");
1973 			return QDF_STATUS_E_INVAL;
1974 		}
1975 
1976 		crypto_params = wlan_crypto_peer_get_comp_params(peer,
1977 								&crypto_priv);
1978 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1979 
1980 		if (!crypto_priv) {
1981 			crypto_err("crypto_priv NULL");
1982 			return QDF_STATUS_E_INVAL;
1983 		}
1984 
1985 		key = crypto_priv->crypto_key.key[keyid];
1986 		if (!key)
1987 			return QDF_STATUS_E_INVAL;
1988 	}
1989 	/* if tkip, is counter measures enabled, then drop the frame */
1990 	cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1991 	status = cipher_table->demic(key, wbuf, tid, hdrlen);
1992 
1993 	return status;
1994 }
1995 
wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev * vdev)1996 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev)
1997 {
1998 
1999 	struct wlan_crypto_comp_priv *crypto_priv;
2000 	struct wlan_crypto_params *vdev_crypto_params;
2001 
2002 	if (!vdev)
2003 		return false;
2004 	vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
2005 							&crypto_priv);
2006 	if (!crypto_priv) {
2007 		crypto_err("crypto_priv NULL");
2008 		return false;
2009 	}
2010 
2011 	if ((vdev_crypto_params->rsn_caps &
2012 					WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)
2013 		|| (vdev_crypto_params->rsn_caps &
2014 					WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) {
2015 		return true;
2016 	}
2017 
2018 	return false;
2019 }
2020 
wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev * vdev)2021 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev)
2022 {
2023 	struct wlan_crypto_comp_priv *crypto_priv;
2024 	struct wlan_crypto_params *vdev_crypto_params;
2025 
2026 	if (!vdev)
2027 		return false;
2028 
2029 	vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
2030 							      &crypto_priv);
2031 	if (!crypto_priv) {
2032 		crypto_err("crypto_priv NULL");
2033 		return false;
2034 	}
2035 
2036 	if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)
2037 		return true;
2038 
2039 	return false;
2040 }
2041 
wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev * vdev,struct wlan_objmgr_peer * peer)2042 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev,
2043 				struct wlan_objmgr_peer *peer)
2044 {
2045 	struct wlan_crypto_comp_priv *crypto_priv;
2046 	struct wlan_crypto_params *vdev_crypto_params;
2047 	struct wlan_crypto_params *peer_crypto_params;
2048 
2049 	if (!vdev || !peer)
2050 		return false;
2051 	vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
2052 							&crypto_priv);
2053 	if (!crypto_priv) {
2054 		crypto_err("crypto_priv NULL");
2055 		return false;
2056 	}
2057 
2058 	peer_crypto_params = wlan_crypto_peer_get_comp_params(peer,
2059 							&crypto_priv);
2060 	if (!crypto_priv) {
2061 		crypto_err("crypto_priv NULL");
2062 		return false;
2063 	}
2064 	if (((vdev_crypto_params->rsn_caps &
2065 					WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) &&
2066 		(peer_crypto_params->rsn_caps &
2067 					WLAN_CRYPTO_RSN_CAP_MFP_ENABLED))
2068 		|| (vdev_crypto_params->rsn_caps &
2069 					WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) {
2070 		return true;
2071 	}
2072 
2073 	return false;
2074 }
2075 
wlan_crypto_is_key_valid(struct wlan_objmgr_vdev * vdev,struct wlan_objmgr_peer * peer,uint16_t keyidx)2076 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev,
2077 			      struct wlan_objmgr_peer *peer,
2078 			      uint16_t keyidx)
2079 {
2080 	struct wlan_crypto_key *key = NULL;
2081 
2082 	if (!vdev && !peer)
2083 		return false;
2084 
2085 	if (peer)
2086 		key = wlan_crypto_peer_getkey(peer, keyidx);
2087 	else if (vdev)
2088 		key = wlan_crypto_vdev_getkey(vdev, keyidx);
2089 
2090 	if ((key) && key->valid)
2091 		return true;
2092 
2093 	return false;
2094 }
2095 
wlan_crypto_gmac_pn_swap(uint8_t * a,uint8_t * b)2096 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b)
2097 {
2098 	a[0] = b[5];
2099 	a[1] = b[4];
2100 	a[2] = b[3];
2101 	a[3] = b[2];
2102 	a[4] = b[1];
2103 	a[5] = b[0];
2104 }
2105 
wlan_crypto_add_mmie(struct wlan_objmgr_vdev * vdev,uint8_t * bfrm,uint32_t len)2106 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev,
2107 				uint8_t *bfrm,
2108 				uint32_t len)
2109 {
2110 	struct wlan_crypto_key *key;
2111 	struct wlan_crypto_keys *priv_key = NULL;
2112 	struct wlan_crypto_mmie *mmie;
2113 	uint8_t *pn, *aad, *buf, *efrm, nonce[12];
2114 	struct wlan_frame_hdr *hdr;
2115 	uint32_t i, hdrlen, mic_len, aad_len;
2116 	uint8_t mic[16];
2117 	struct wlan_crypto_comp_priv *crypto_priv;
2118 	struct wlan_crypto_params *crypto_params;
2119 	int32_t ret = -1;
2120 
2121 	if (!bfrm) {
2122 		crypto_err("frame is NULL");
2123 		return NULL;
2124 	}
2125 
2126 	crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
2127 							&crypto_priv);
2128 	if (!crypto_priv) {
2129 		crypto_err("crypto_priv NULL");
2130 		return NULL;
2131 	}
2132 
2133 	priv_key = &crypto_priv->crypto_key;
2134 
2135 	if (priv_key->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) {
2136 		crypto_err("igtk key invalid keyid %d",
2137 			   priv_key->def_igtk_tx_keyid);
2138 		return NULL;
2139 	}
2140 
2141 	key = priv_key->igtk_key[priv_key->def_igtk_tx_keyid];
2142 	if (!key) {
2143 		crypto_err("No igtk key present");
2144 		return NULL;
2145 	}
2146 	mic_len = (priv_key->igtk_key_type
2147 			== WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16;
2148 
2149 	efrm = bfrm + len;
2150 	aad_len = 20;
2151 	hdrlen = sizeof(struct wlan_frame_hdr);
2152 	len += sizeof(struct wlan_crypto_mmie);
2153 
2154 	mmie = (struct wlan_crypto_mmie *) efrm;
2155 	qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie));
2156 	mmie->element_id = WLAN_ELEMID_MMIE;
2157 	mmie->length = sizeof(*mmie) - 2;
2158 	mmie->key_id = qdf_cpu_to_le16(key->keyix);
2159 
2160 	mic_len = (priv_key->igtk_key_type
2161 			== WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16;
2162 	if (mic_len == 8) {
2163 		mmie->length -= 8;
2164 		len -= 8;
2165 	}
2166 	/* PN = PN + 1 */
2167 	pn = (uint8_t *)&key->keytsc;
2168 
2169 	for (i = 0; i <= 5; i++) {
2170 		pn[i]++;
2171 		if (pn[i])
2172 			break;
2173 	}
2174 
2175 	/* Copy IPN */
2176 	qdf_mem_copy(mmie->sequence_number, pn, 6);
2177 
2178 	hdr = (struct wlan_frame_hdr *) bfrm;
2179 
2180 	buf = qdf_mem_malloc(len - hdrlen + 20);
2181 	if (!buf)
2182 		return NULL;
2183 
2184 	qdf_mem_zero(buf, len - hdrlen + 20);
2185 	aad = buf;
2186 	/* generate BIP AAD: FC(masked) || A1 || A2 || A3 */
2187 
2188 	/* FC type/subtype */
2189 	aad[0] = hdr->i_fc[0];
2190 	/* Mask FC Retry, PwrMgt, MoreData flags to zero */
2191 	aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT
2192 						| WLAN_FC1_MOREDATA));
2193 	/* A1 || A2 || A3 */
2194 	qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE);
2195 	qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE);
2196 	qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE);
2197 	qdf_mem_zero(mic, 16);
2198 
2199 	/*
2200 	 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
2201 	 */
2202 
2203 	qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen);
2204 	if (priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) {
2205 
2206 		ret = omac1_aes_128(key->keyval, buf,
2207 					len + aad_len - hdrlen, mic);
2208 		qdf_mem_copy(mmie->mic, mic, 8);
2209 
2210 	} else if (priv_key->igtk_key_type
2211 				== WLAN_CRYPTO_CIPHER_AES_CMAC_256) {
2212 
2213 		ret = omac1_aes_256(key->keyval, buf,
2214 					len + aad_len - hdrlen, mmie->mic);
2215 	} else if ((priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) ||
2216 			(priv_key->igtk_key_type
2217 					== WLAN_CRYPTO_CIPHER_AES_GMAC_256)) {
2218 
2219 		qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE);
2220 		wlan_crypto_gmac_pn_swap(nonce + 6, pn);
2221 		ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce,
2222 					sizeof(nonce), buf,
2223 					len + aad_len - hdrlen, mmie->mic);
2224 	}
2225 	qdf_mem_free(buf);
2226 	if (ret < 0) {
2227 		crypto_err("add mmie failed");
2228 		return NULL;
2229 	}
2230 
2231 	return bfrm + len;
2232 }
2233 
2234 #define MAX_MIC_LEN 16
wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev * vdev,uint8_t * frm,uint8_t * efrm)2235 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev,
2236 					uint8_t *frm,
2237 					uint8_t *efrm)
2238 {
2239 	struct wlan_crypto_mmie   *mmie = NULL;
2240 	uint8_t *ipn, *aad, *buf, *mic, nonce[12];
2241 	struct wlan_crypto_key *key;
2242 	struct wlan_crypto_keys *priv_key = NULL;
2243 	struct wlan_frame_hdr *hdr;
2244 	uint16_t mic_len, hdrlen, len;
2245 	struct wlan_crypto_comp_priv *crypto_priv;
2246 	struct wlan_crypto_params *crypto_params;
2247 	uint8_t aad_len = 20;
2248 	int32_t ret = -1;
2249 
2250 	/* check if frame is illegal length */
2251 	if (!frm || !efrm || (efrm < frm)
2252 			|| ((efrm - frm) < sizeof(struct wlan_frame_hdr))) {
2253 		crypto_err("Invalid params");
2254 		return false;
2255 	}
2256 	len = efrm - frm;
2257 	crypto_priv = (struct wlan_crypto_comp_priv *)
2258 				wlan_get_vdev_crypto_obj(vdev);
2259 	if (!crypto_priv) {
2260 		crypto_err("crypto_priv NULL");
2261 		return false;
2262 	}
2263 
2264 	priv_key = &crypto_priv->crypto_key;
2265 
2266 	crypto_params = &(crypto_priv->crypto_params);
2267 
2268 
2269 	mic_len = (priv_key->igtk_key_type
2270 			== WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16;
2271 	hdrlen = sizeof(struct wlan_frame_hdr);
2272 
2273 	if (mic_len == 8)
2274 		mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8);
2275 	else
2276 		mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie));
2277 
2278 
2279 	/* check Elem ID*/
2280 	if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) {
2281 		crypto_err("IE is not MMIE");
2282 		return false;
2283 	}
2284 
2285 	if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX +
2286 				WLAN_CRYPTO_MAXIGTKKEYIDX) ||
2287 				(mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) {
2288 		crypto_err("keyid not valid");
2289 		return false;
2290 	}
2291 
2292 	key = priv_key->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX];
2293 	if (!key) {
2294 		crypto_err("No igtk key present");
2295 		return false;
2296 	}
2297 
2298 	/* validate ipn */
2299 	ipn = mmie->sequence_number;
2300 	if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) {
2301 		uint8_t *su = (uint8_t *)key->keyrsc;
2302 		uint8_t *end = ipn + 6;
2303 		struct wlan_objmgr_peer *peer = wlan_vdev_get_selfpeer(vdev);
2304 
2305 		crypto_err("replay error :");
2306 		while (ipn < end) {
2307 			crypto_err("expected pn = %x received pn = %x",
2308 				   *ipn++, *su++);
2309 		}
2310 		wlan_cp_stats_vdev_mcast_rx_pnerr(vdev);
2311 		wlan_cp_stats_peer_rx_pnerr(peer);
2312 		return false;
2313 	}
2314 
2315 	buf = qdf_mem_malloc(len - hdrlen + 20);
2316 	if (!buf)
2317 		return false;
2318 
2319 	aad = buf;
2320 
2321 	/* construct AAD */
2322 	hdr = (struct wlan_frame_hdr *)frm;
2323 	/* generate BIP AAD: FC(masked) || A1 || A2 || A3 */
2324 
2325 	/* FC type/subtype */
2326 	aad[0] = hdr->i_fc[0];
2327 	/* Mask FC Retry, PwrMgt, MoreData flags to zero */
2328 	aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT
2329 						| WLAN_FC1_MOREDATA));
2330 	/* A1 || A2 || A3 */
2331 	qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE);
2332 
2333 	/*
2334 	 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
2335 	 */
2336 	qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen);
2337 	qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len);
2338 	mic = qdf_mem_malloc(MAX_MIC_LEN);
2339 	if (!mic) {
2340 		qdf_mem_free(buf);
2341 		return false;
2342 	}
2343 	if (priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) {
2344 		ret = omac1_aes_128(key->keyval, buf,
2345 					len - hdrlen + aad_len, mic);
2346 	} else if (priv_key->igtk_key_type
2347 				== WLAN_CRYPTO_CIPHER_AES_CMAC_256) {
2348 		ret = omac1_aes_256(key->keyval, buf,
2349 					len + aad_len - hdrlen, mic);
2350 	} else if ((priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) ||
2351 			(priv_key->igtk_key_type
2352 					== WLAN_CRYPTO_CIPHER_AES_GMAC_256)) {
2353 		qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE);
2354 		wlan_crypto_gmac_pn_swap(nonce + 6, ipn);
2355 		ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce,
2356 					sizeof(nonce), buf,
2357 					len + aad_len - hdrlen, mic);
2358 	}
2359 
2360 	qdf_mem_free(buf);
2361 
2362 	if (ret < 0) {
2363 		qdf_mem_free(mic);
2364 		crypto_err("generate mmie failed");
2365 		return false;
2366 	}
2367 
2368 	if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) {
2369 		qdf_mem_free(mic);
2370 		crypto_err("mmie mismatch");
2371 		/* MMIE MIC mismatch */
2372 		return false;
2373 	}
2374 
2375 	qdf_mem_free(mic);
2376 	/* Update the receive sequence number */
2377 	qdf_mem_copy(key->keyrsc, ipn, 6);
2378 	crypto_debug("mmie matched");
2379 
2380 	return true;
2381 }
2382 
2383 
wlan_crypto_wpa_cipher_to_suite(uint32_t cipher)2384 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher)
2385 {
2386 	int32_t status = -1;
2387 
2388 	switch (cipher) {
2389 	case WLAN_CRYPTO_CIPHER_TKIP:
2390 		return WPA_CIPHER_SUITE_TKIP;
2391 	case WLAN_CRYPTO_CIPHER_AES_CCM:
2392 		return WPA_CIPHER_SUITE_CCMP;
2393 	case WLAN_CRYPTO_CIPHER_NONE:
2394 		return WPA_CIPHER_SUITE_NONE;
2395 	}
2396 
2397 	return status;
2398 }
2399 
wlan_crypto_rsn_cipher_to_suite(uint32_t cipher)2400 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher)
2401 {
2402 	int32_t status = -1;
2403 
2404 	switch (cipher) {
2405 	case WLAN_CRYPTO_CIPHER_TKIP:
2406 		return RSN_CIPHER_SUITE_TKIP;
2407 	case WLAN_CRYPTO_CIPHER_AES_CCM:
2408 		return RSN_CIPHER_SUITE_CCMP;
2409 	case WLAN_CRYPTO_CIPHER_AES_CCM_256:
2410 		return RSN_CIPHER_SUITE_CCMP_256;
2411 	case WLAN_CRYPTO_CIPHER_AES_GCM:
2412 		return RSN_CIPHER_SUITE_GCMP;
2413 	case WLAN_CRYPTO_CIPHER_AES_GCM_256:
2414 		return RSN_CIPHER_SUITE_GCMP_256;
2415 	case WLAN_CRYPTO_CIPHER_AES_CMAC:
2416 		return RSN_CIPHER_SUITE_AES_CMAC;
2417 	case WLAN_CRYPTO_CIPHER_AES_CMAC_256:
2418 		return RSN_CIPHER_SUITE_BIP_CMAC_256;
2419 	case WLAN_CRYPTO_CIPHER_AES_GMAC:
2420 		return RSN_CIPHER_SUITE_BIP_GMAC_128;
2421 	case WLAN_CRYPTO_CIPHER_AES_GMAC_256:
2422 		return RSN_CIPHER_SUITE_BIP_GMAC_256;
2423 	case WLAN_CRYPTO_CIPHER_NONE:
2424 		return RSN_CIPHER_SUITE_NONE;
2425 	}
2426 
2427 	return status;
2428 }
2429 
2430 /*
2431  * Convert an RSN key management/authentication algorithm
2432  * to an internal code.
2433  */
2434 static int32_t
wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt)2435 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt)
2436 {
2437 	int32_t status = -1;
2438 
2439 	switch (keymgmt) {
2440 	case WLAN_CRYPTO_KEY_MGMT_NONE:
2441 		return RSN_AUTH_KEY_MGMT_NONE;
2442 	case WLAN_CRYPTO_KEY_MGMT_IEEE8021X:
2443 		return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
2444 	case WLAN_CRYPTO_KEY_MGMT_PSK:
2445 		return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
2446 	case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X:
2447 		return RSN_AUTH_KEY_MGMT_FT_802_1X;
2448 	case WLAN_CRYPTO_KEY_MGMT_FT_PSK:
2449 		return RSN_AUTH_KEY_MGMT_FT_PSK;
2450 	case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256:
2451 		return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
2452 	case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256:
2453 		return RSN_AUTH_KEY_MGMT_PSK_SHA256;
2454 	case WLAN_CRYPTO_KEY_MGMT_SAE:
2455 		return RSN_AUTH_KEY_MGMT_SAE;
2456 	case WLAN_CRYPTO_KEY_MGMT_FT_SAE:
2457 		return RSN_AUTH_KEY_MGMT_FT_SAE;
2458 	case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B:
2459 		return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
2460 	case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192:
2461 		return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
2462 	case WLAN_CRYPTO_KEY_MGMT_CCKM:
2463 		return RSN_AUTH_KEY_MGMT_CCKM;
2464 	case WLAN_CRYPTO_KEY_MGMT_OSEN:
2465 		return RSN_AUTH_KEY_MGMT_OSEN;
2466 	case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256:
2467 		return RSN_AUTH_KEY_MGMT_FILS_SHA256;
2468 	case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384:
2469 		return RSN_AUTH_KEY_MGMT_FILS_SHA384;
2470 	case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256:
2471 		return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
2472 	case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384:
2473 		return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
2474 	case WLAN_CRYPTO_KEY_MGMT_OWE:
2475 		return RSN_AUTH_KEY_MGMT_OWE;
2476 	case WLAN_CRYPTO_KEY_MGMT_DPP:
2477 		return RSN_AUTH_KEY_MGMT_DPP;
2478 	case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384:
2479 		return RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384;
2480 	case WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY:
2481 		return RSN_AUTH_KEY_MGMT_SAE_EXT_KEY;
2482 	case WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY:
2483 		return RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY;
2484 	}
2485 
2486 	return status;
2487 }
2488 
2489 /*
2490  * Convert an RSN key management/authentication algorithm
2491  * to an internal code.
2492  */
2493 static int32_t
wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt)2494 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt)
2495 {
2496 	int32_t status = -1;
2497 
2498 	switch (keymgmt) {
2499 	case WLAN_CRYPTO_KEY_MGMT_NONE:
2500 		return WPA_AUTH_KEY_MGMT_NONE;
2501 	case WLAN_CRYPTO_KEY_MGMT_IEEE8021X:
2502 		return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
2503 	case WLAN_CRYPTO_KEY_MGMT_PSK:
2504 		return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
2505 	case WLAN_CRYPTO_KEY_MGMT_CCKM:
2506 		return WPA_AUTH_KEY_MGMT_CCKM;
2507 	}
2508 
2509 	return status;
2510 }
2511 
2512 /*
2513  * Convert a WPA cipher selector OUI to an internal
2514  * cipher algorithm.  Where appropriate we also
2515  * record any key length.
2516  */
wlan_crypto_wpa_suite_to_cipher(const uint8_t * sel)2517 static int32_t wlan_crypto_wpa_suite_to_cipher(const uint8_t *sel)
2518 {
2519 	uint32_t w = LE_READ_4(sel);
2520 	int32_t status = -1;
2521 
2522 	switch (w) {
2523 	case WPA_CIPHER_SUITE_TKIP:
2524 		return WLAN_CRYPTO_CIPHER_TKIP;
2525 	case WPA_CIPHER_SUITE_CCMP:
2526 		return WLAN_CRYPTO_CIPHER_AES_CCM;
2527 	case WPA_CIPHER_SUITE_NONE:
2528 		return WLAN_CRYPTO_CIPHER_NONE;
2529 	}
2530 
2531 	return status;
2532 }
2533 
2534 /*
2535  * Convert a WPA key management/authentication algorithm
2536  * to an internal code.
2537  */
wlan_crypto_wpa_suite_to_keymgmt(const uint8_t * sel)2538 static int32_t wlan_crypto_wpa_suite_to_keymgmt(const uint8_t *sel)
2539 {
2540 	uint32_t w = LE_READ_4(sel);
2541 	int32_t status = -1;
2542 
2543 	switch (w) {
2544 	case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X:
2545 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X;
2546 	case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X:
2547 		return WLAN_CRYPTO_KEY_MGMT_PSK;
2548 	case WPA_AUTH_KEY_MGMT_CCKM:
2549 		return WLAN_CRYPTO_KEY_MGMT_CCKM;
2550 	case WPA_AUTH_KEY_MGMT_NONE:
2551 		return WLAN_CRYPTO_KEY_MGMT_NONE;
2552 	}
2553 	return status;
2554 }
2555 
2556 /*
2557  * Convert a RSN cipher selector OUI to an internal
2558  * cipher algorithm.  Where appropriate we also
2559  * record any key length.
2560  */
wlan_crypto_rsn_suite_to_cipher(const uint8_t * sel)2561 static int32_t wlan_crypto_rsn_suite_to_cipher(const uint8_t *sel)
2562 {
2563 	uint32_t w = LE_READ_4(sel);
2564 	int32_t status = -1;
2565 
2566 	switch (w) {
2567 	case RSN_CIPHER_SUITE_TKIP:
2568 		return WLAN_CRYPTO_CIPHER_TKIP;
2569 	case RSN_CIPHER_SUITE_CCMP:
2570 		return WLAN_CRYPTO_CIPHER_AES_CCM;
2571 	case RSN_CIPHER_SUITE_CCMP_256:
2572 		return WLAN_CRYPTO_CIPHER_AES_CCM_256;
2573 	case RSN_CIPHER_SUITE_GCMP:
2574 		return WLAN_CRYPTO_CIPHER_AES_GCM;
2575 	case RSN_CIPHER_SUITE_GCMP_256:
2576 		return WLAN_CRYPTO_CIPHER_AES_GCM_256;
2577 	case RSN_CIPHER_SUITE_AES_CMAC:
2578 		return WLAN_CRYPTO_CIPHER_AES_CMAC;
2579 	case RSN_CIPHER_SUITE_BIP_CMAC_256:
2580 		return WLAN_CRYPTO_CIPHER_AES_CMAC_256;
2581 	case RSN_CIPHER_SUITE_BIP_GMAC_128:
2582 		return WLAN_CRYPTO_CIPHER_AES_GMAC;
2583 	case RSN_CIPHER_SUITE_BIP_GMAC_256:
2584 		return WLAN_CRYPTO_CIPHER_AES_GMAC_256;
2585 	case RSN_CIPHER_SUITE_NONE:
2586 		return WLAN_CRYPTO_CIPHER_NONE;
2587 	}
2588 
2589 	return status;
2590 }
2591 /*
2592  * Convert an RSN key management/authentication algorithm
2593  * to an internal code.
2594  */
wlan_crypto_rsn_suite_to_keymgmt(const uint8_t * sel)2595 static int32_t wlan_crypto_rsn_suite_to_keymgmt(const uint8_t *sel)
2596 {
2597 	uint32_t w = LE_READ_4(sel);
2598 	int32_t status = -1;
2599 
2600 	switch (w) {
2601 	case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X:
2602 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X;
2603 	case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X:
2604 		return WLAN_CRYPTO_KEY_MGMT_PSK;
2605 	case RSN_AUTH_KEY_MGMT_FT_802_1X:
2606 		return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X;
2607 	case RSN_AUTH_KEY_MGMT_FT_PSK:
2608 		return WLAN_CRYPTO_KEY_MGMT_FT_PSK;
2609 	case RSN_AUTH_KEY_MGMT_802_1X_SHA256:
2610 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256;
2611 	case RSN_AUTH_KEY_MGMT_PSK_SHA256:
2612 		return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256;
2613 	case RSN_AUTH_KEY_MGMT_SAE:
2614 		return WLAN_CRYPTO_KEY_MGMT_SAE;
2615 	case RSN_AUTH_KEY_MGMT_FT_SAE:
2616 		return WLAN_CRYPTO_KEY_MGMT_FT_SAE;
2617 	case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B:
2618 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B;
2619 	case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192:
2620 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192;
2621 	case RSN_AUTH_KEY_MGMT_CCKM:
2622 		return WLAN_CRYPTO_KEY_MGMT_CCKM;
2623 	case RSN_AUTH_KEY_MGMT_OSEN:
2624 		return WLAN_CRYPTO_KEY_MGMT_OSEN;
2625 	case RSN_AUTH_KEY_MGMT_FILS_SHA256:
2626 		return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256;
2627 	case RSN_AUTH_KEY_MGMT_FILS_SHA384:
2628 		return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384;
2629 	case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256:
2630 		return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256;
2631 	case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384:
2632 		return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384;
2633 	case RSN_AUTH_KEY_MGMT_OWE:
2634 		return WLAN_CRYPTO_KEY_MGMT_OWE;
2635 	case RSN_AUTH_KEY_MGMT_DPP:
2636 		return WLAN_CRYPTO_KEY_MGMT_DPP;
2637 	case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384:
2638 		return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384;
2639 	case RSN_AUTH_KEY_MGMT_FT_PSK_SHA384:
2640 		return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384;
2641 	case RSN_AUTH_KEY_MGMT_PSK_SHA384:
2642 		return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384;
2643 	case RSN_AUTH_KEY_MGMT_SAE_EXT_KEY:
2644 		return WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY;
2645 	case RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY:
2646 		return WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY;
2647 	}
2648 
2649 	return status;
2650 }
2651 
wlan_crypto_wpaie_check(struct wlan_crypto_params * crypto_params,const uint8_t * frm)2652 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params,
2653 				   const uint8_t *frm)
2654 {
2655 	uint8_t len = frm[1];
2656 	int32_t w;
2657 	int n;
2658 
2659 	/*
2660 	 * Check the length once for fixed parts: OUI, type,
2661 	 * version, mcast cipher, and 2 selector counts.
2662 	 * Other, variable-length data, must be checked separately.
2663 	 */
2664 	SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA);
2665 
2666 	if (len < 14)
2667 		return QDF_STATUS_E_INVAL;
2668 
2669 	frm += 6, len -= 4;
2670 
2671 	w = LE_READ_2(frm);
2672 	if (w != WPA_VERSION)
2673 		return QDF_STATUS_E_INVAL;
2674 
2675 	frm += 2, len -= 2;
2676 
2677 	/* multicast/group cipher */
2678 	w = wlan_crypto_wpa_suite_to_cipher(frm);
2679 	if (w < 0)
2680 		return QDF_STATUS_E_INVAL;
2681 	SET_MCAST_CIPHER(crypto_params, w);
2682 	frm += 4, len -= 4;
2683 
2684 	/* unicast ciphers */
2685 	n = LE_READ_2(frm);
2686 	frm += 2, len -= 2;
2687 	if (len < n*4+2)
2688 		return QDF_STATUS_E_INVAL;
2689 
2690 	for (; n > 0; n--) {
2691 		w = wlan_crypto_wpa_suite_to_cipher(frm);
2692 		if (w < 0)
2693 			return QDF_STATUS_E_INVAL;
2694 		SET_UCAST_CIPHER(crypto_params, w);
2695 		frm += 4, len -= 4;
2696 	}
2697 
2698 	if (!crypto_params->ucastcipherset)
2699 		return QDF_STATUS_E_INVAL;
2700 
2701 	/* key management algorithms */
2702 	n = LE_READ_2(frm);
2703 	frm += 2, len -= 2;
2704 	if (len < n*4)
2705 		return QDF_STATUS_E_INVAL;
2706 
2707 	w = 0;
2708 	for (; n > 0; n--) {
2709 		w = wlan_crypto_wpa_suite_to_keymgmt(frm);
2710 		if (w < 0)
2711 			return QDF_STATUS_E_INVAL;
2712 		SET_KEY_MGMT(crypto_params, w);
2713 		frm += 4, len -= 4;
2714 	}
2715 
2716 	/* optional capabilities */
2717 	if (len >= 2) {
2718 		crypto_params->rsn_caps = LE_READ_2(frm);
2719 		frm += 2, len -= 2;
2720 	}
2721 
2722 	return QDF_STATUS_SUCCESS;
2723 }
2724 
2725 #ifdef WLAN_ADAPTIVE_11R
2726 /**
2727  * wlan_crypto_store_akm_list_in_order() - store AMK list in order
2728  * @crypto_params: crypto param structure
2729  * @key_mgmt: key management
2730  * @akm_index: place at which AMK present in RSN IE of Beacon/Probe response
2731  *
2732  * Return: none
2733  */
2734 static void
wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params * crypto_params,int32_t key_mgmt,int akm_index)2735 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params,
2736 				    int32_t key_mgmt, int akm_index)
2737 {
2738 	if (akm_index >= WLAN_CRYPTO_KEY_MGMT_MAX) {
2739 		crypto_debug("Invalid AKM Index");
2740 		return;
2741 	}
2742 
2743 	crypto_params->akm_list[akm_index].key_mgmt = key_mgmt;
2744 }
2745 #else
2746 static inline void
wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params * crypto_params,int32_t key_mgmt,int akm_index)2747 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params,
2748 				    int32_t key_mgmt, int akm_index)
2749 {
2750 }
2751 #endif
2752 
wlan_crypto_rsnxie_check(struct wlan_crypto_params * crypto_params,const uint8_t * rsnxe)2753 void wlan_crypto_rsnxie_check(struct wlan_crypto_params *crypto_params,
2754 			      const uint8_t *rsnxe)
2755 {
2756 	uint8_t i = 0, len = rsnxe[1];
2757 
2758 	for (; len > 0 ; len--) {
2759 		((uint8_t *)(&crypto_params->rsnx_caps))[i] = rsnxe[2 + i];
2760 		i++;
2761 	}
2762 	/*First 4bits of RSNX capabilitities field is the length of
2763 	 *the Extended RSN capabilities field -1
2764 	 *Hence Ignoring them
2765 	 */
2766 	((uint8_t *)(&crypto_params->rsnx_caps))[0] &= 0xf0;
2767 }
2768 
wlan_crypto_rsnie_check(struct wlan_crypto_params * crypto_params,const uint8_t * frm)2769 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params,
2770 				   const uint8_t *frm)
2771 {
2772 	uint8_t len = frm[1];
2773 	int32_t w;
2774 	int n, akm_index;
2775 
2776 	/* Check the length once for fixed parts: OUI, type & version */
2777 	if (len < 2)
2778 		return QDF_STATUS_E_INVAL;
2779 
2780 	/* initialize crypto params */
2781 	qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params));
2782 
2783 	SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA);
2784 
2785 	frm += 2;
2786 	/* NB: iswapoui already validated the OUI and type */
2787 	w = LE_READ_2(frm);
2788 	if (w != RSN_VERSION)
2789 		return QDF_STATUS_E_INVAL;
2790 
2791 	frm += 2, len -= 2;
2792 
2793 	if (!len) {
2794 		/* set defaults */
2795 		/* default group cipher CCMP-128 */
2796 		SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM);
2797 		/* default ucast cipher CCMP-128 */
2798 		SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM);
2799 		/* default key mgmt 8021x */
2800 		SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2801 		return QDF_STATUS_SUCCESS;
2802 	} else if (len < 4) {
2803 		return QDF_STATUS_E_INVAL;
2804 	}
2805 
2806 	/* multicast/group cipher */
2807 	w = wlan_crypto_rsn_suite_to_cipher(frm);
2808 	if (w < 0)
2809 		return QDF_STATUS_E_INVAL;
2810 	else {
2811 		SET_MCAST_CIPHER(crypto_params, w);
2812 		frm += 4, len -= 4;
2813 	}
2814 
2815 	if (crypto_params->mcastcipherset == 0)
2816 		return QDF_STATUS_E_INVAL;
2817 
2818 	if (!len) {
2819 		/* default ucast cipher CCMP-128 */
2820 		SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM);
2821 		/* default key mgmt 8021x */
2822 		SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2823 		return QDF_STATUS_SUCCESS;
2824 	} else if (len < 2) {
2825 		return QDF_STATUS_E_INVAL;
2826 	}
2827 
2828 	/* unicast ciphers */
2829 	n = LE_READ_2(frm);
2830 	frm += 2, len -= 2;
2831 	if (n) {
2832 		if (len < n * 4)
2833 			return QDF_STATUS_E_INVAL;
2834 
2835 		for (; n > 0; n--) {
2836 			w = wlan_crypto_rsn_suite_to_cipher(frm);
2837 			if (w >= 0)
2838 				SET_UCAST_CIPHER(crypto_params, w);
2839 			frm += 4, len -= 4;
2840 		}
2841 	} else {
2842 		/* default ucast cipher CCMP-128 */
2843 		SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM);
2844 	}
2845 
2846 	if (crypto_params->ucastcipherset == 0)
2847 		return QDF_STATUS_E_INVAL;
2848 
2849 	if (!len) {
2850 		/* default key mgmt 8021x */
2851 		SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2852 		return QDF_STATUS_SUCCESS;
2853 	} else if (len < 2) {
2854 		return QDF_STATUS_E_INVAL;
2855 	}
2856 
2857 	/* key management algorithms */
2858 	n = LE_READ_2(frm);
2859 	frm += 2, len -= 2;
2860 
2861 	if (n) {
2862 		if (len < n * 4)
2863 			return QDF_STATUS_E_INVAL;
2864 		akm_index = 0;
2865 		for (; n > 0; n--) {
2866 			w = wlan_crypto_rsn_suite_to_keymgmt(frm);
2867 			if (w >= 0) {
2868 				SET_KEY_MGMT(crypto_params, w);
2869 				wlan_crypto_store_akm_list_in_order(
2870 						crypto_params, w, akm_index);
2871 				akm_index++;
2872 			}
2873 
2874 			frm += 4, len -= 4;
2875 		}
2876 	} else {
2877 		/* default key mgmt 8021x */
2878 		SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2879 	}
2880 
2881 	if (crypto_params->key_mgmt == 0)
2882 		return QDF_STATUS_E_INVAL;
2883 
2884 	/* optional capabilities */
2885 	if (len >= 2) {
2886 		crypto_params->rsn_caps = LE_READ_2(frm);
2887 		frm += 2, len -= 2;
2888 	} else if (len && len < 2) {
2889 		return QDF_STATUS_E_INVAL;
2890 	}
2891 
2892 
2893 	/* PMKID */
2894 	if (len >= 2) {
2895 		n = LE_READ_2(frm);
2896 		frm += 2, len -= 2;
2897 		if (n && len) {
2898 			if (len >= n * PMKID_LEN)
2899 				frm += (n * PMKID_LEN), len -= (n * PMKID_LEN);
2900 			else
2901 				return QDF_STATUS_E_INVAL;
2902 		} else if (n && !len) {
2903 			return QDF_STATUS_E_INVAL;
2904 		}
2905 		/*TODO: Save pmkid in params for further reference */
2906 	} else if (len == 1) {
2907 		crypto_err("PMKID is truncated");
2908 		return QDF_STATUS_E_INVAL;
2909 	}
2910 
2911 	/* BIP */
2912 	if (!len) {
2913 		/* when no BIP mentioned and MFP capable use CMAC as default*/
2914 		if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)
2915 			SET_MGMT_CIPHER(crypto_params,
2916 					WLAN_CRYPTO_CIPHER_AES_CMAC);
2917 		return QDF_STATUS_SUCCESS;
2918 	} else if (len < 4) {
2919 		crypto_err("Mgmt cipher is truncated");
2920 		return QDF_STATUS_E_INVAL;
2921 	}
2922 	w = wlan_crypto_rsn_suite_to_cipher(frm);
2923 	frm += 4, len -= 4;
2924 	SET_MGMT_CIPHER(crypto_params, w);
2925 
2926 	return QDF_STATUS_SUCCESS;
2927 }
2928 
wlan_crypto_build_wpaie(struct wlan_objmgr_vdev * vdev,uint8_t * iebuf)2929 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev,
2930 					uint8_t *iebuf)
2931 {
2932 	uint8_t *frm = iebuf;
2933 	uint8_t *selcnt;
2934 	struct wlan_crypto_comp_priv *crypto_priv;
2935 	struct wlan_crypto_params *crypto_params;
2936 
2937 	if (!frm)
2938 		return NULL;
2939 
2940 	crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
2941 
2942 	if (!crypto_params)
2943 		return NULL;
2944 
2945 	*frm++ = WLAN_ELEMID_VENDOR;
2946 	*frm++ = 0;
2947 	WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI);
2948 	WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION);
2949 
2950 
2951 	/* multicast cipher */
2952 	if (MCIPHER_IS_TKIP(crypto_params))
2953 		WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP);
2954 	else if (MCIPHER_IS_CCMP128(crypto_params))
2955 		WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM);
2956 
2957 	/* unicast cipher list */
2958 	selcnt = frm;
2959 	WLAN_CRYPTO_ADDSHORT(frm, 0);
2960 	/* do not use CCMP unicast cipher in WPA mode */
2961 	if (UCIPHER_IS_CCMP128(crypto_params)) {
2962 		selcnt[0]++;
2963 		WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM);
2964 	}
2965 	if (UCIPHER_IS_TKIP(crypto_params)) {
2966 		selcnt[0]++;
2967 		WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP);
2968 	}
2969 
2970 	/* authenticator selector list */
2971 	selcnt = frm;
2972 	WLAN_CRYPTO_ADDSHORT(frm, 0);
2973 
2974 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) {
2975 		selcnt[0]++;
2976 		WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2977 	} else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) {
2978 		selcnt[0]++;
2979 		WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK);
2980 	} else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) {
2981 		selcnt[0]++;
2982 		WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM);
2983 	} else {
2984 		selcnt[0]++;
2985 		WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE);
2986 	}
2987 
2988 	/* optional capabilities */
2989 	if (crypto_params->rsn_caps != 0 &&
2990 	    crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) {
2991 		WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps);
2992 	}
2993 
2994 	/* calculate element length */
2995 	iebuf[1] = frm - iebuf - 2;
2996 
2997 	return frm;
2998 }
2999 
wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev * vdev,uint8_t * iebuf,struct wlan_crypto_pmksa * pmksa)3000 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev,
3001 					    uint8_t *iebuf,
3002 					    struct wlan_crypto_pmksa *pmksa)
3003 {
3004 	uint8_t *frm = iebuf;
3005 	uint8_t *selcnt;
3006 	struct wlan_crypto_comp_priv *crypto_priv;
3007 	struct wlan_crypto_params *crypto_params;
3008 
3009 	if (!frm) {
3010 		return NULL;
3011 	}
3012 
3013 	crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
3014 
3015 	if (!crypto_params) {
3016 		return NULL;
3017 	}
3018 
3019 	*frm++ = WLAN_ELEMID_RSN;
3020 	*frm++ = 0;
3021 	WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION);
3022 
3023 
3024 	/* multicast cipher */
3025 	if (MCIPHER_IS_TKIP(crypto_params))
3026 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP);
3027 	else if (MCIPHER_IS_CCMP128(crypto_params))
3028 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM);
3029 	else if (MCIPHER_IS_CCMP256(crypto_params))
3030 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256);
3031 	else if (MCIPHER_IS_GCMP128(crypto_params))
3032 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM);
3033 	else if (MCIPHER_IS_GCMP256(crypto_params))
3034 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256);
3035 
3036 	/* unicast cipher list */
3037 	selcnt = frm;
3038 	WLAN_CRYPTO_ADDSHORT(frm, 0);
3039 
3040 	if (UCIPHER_IS_CCMP256(crypto_params)) {
3041 		selcnt[0]++;
3042 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256);
3043 	}
3044 	if (UCIPHER_IS_GCMP256(crypto_params)) {
3045 		selcnt[0]++;
3046 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256);
3047 	}
3048 	if (UCIPHER_IS_CCMP128(crypto_params)) {
3049 		selcnt[0]++;
3050 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM);
3051 	}
3052 	if (UCIPHER_IS_GCMP128(crypto_params)) {
3053 		selcnt[0]++;
3054 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM);
3055 	}
3056 	if (UCIPHER_IS_TKIP(crypto_params)) {
3057 		selcnt[0]++;
3058 		RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP);
3059 	}
3060 
3061 	/* authenticator selector list */
3062 	selcnt = frm;
3063 	WLAN_CRYPTO_ADDSHORT(frm, 0);
3064 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) {
3065 		selcnt[0]++;
3066 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM);
3067 		/* Other key mgmt should not be added after CCKM */
3068 		goto add_rsn_caps;
3069 	}
3070 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) {
3071 		selcnt[0]++;
3072 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
3073 	}
3074 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) {
3075 		selcnt[0]++;
3076 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK);
3077 	}
3078 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) {
3079 		selcnt[0]++;
3080 		RSN_ADD_KEYMGMT_TO_SUITE(frm,
3081 					 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X);
3082 	}
3083 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) {
3084 		selcnt[0]++;
3085 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK);
3086 	}
3087 	if (HAS_KEY_MGMT(crypto_params,
3088 			 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) {
3089 		selcnt[0]++;
3090 		RSN_ADD_KEYMGMT_TO_SUITE(frm,
3091 					 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256);
3092 	}
3093 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) {
3094 		selcnt[0]++;
3095 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256);
3096 	}
3097 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) {
3098 		selcnt[0]++;
3099 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE);
3100 	}
3101 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) {
3102 		selcnt[0]++;
3103 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE);
3104 	}
3105 	if (HAS_KEY_MGMT(crypto_params,
3106 			 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) {
3107 		uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B;
3108 
3109 		selcnt[0]++;
3110 		RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt);
3111 	}
3112 	if (HAS_KEY_MGMT(crypto_params,
3113 			 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) {
3114 		uint32_t kmgmt =  WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192;
3115 
3116 		selcnt[0]++;
3117 		RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt);
3118 	}
3119 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) {
3120 		selcnt[0]++;
3121 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256);
3122 	}
3123 	if (HAS_KEY_MGMT(crypto_params,	WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) {
3124 		selcnt[0]++;
3125 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384);
3126 	}
3127 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) {
3128 		selcnt[0]++;
3129 		RSN_ADD_KEYMGMT_TO_SUITE(frm,
3130 					 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256);
3131 	}
3132 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) {
3133 		selcnt[0]++;
3134 		RSN_ADD_KEYMGMT_TO_SUITE(frm,
3135 					 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384);
3136 	}
3137 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) {
3138 		selcnt[0]++;
3139 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE);
3140 	}
3141 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) {
3142 		selcnt[0]++;
3143 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP);
3144 	}
3145 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) {
3146 		selcnt[0]++;
3147 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN);
3148 	}
3149 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY)) {
3150 		selcnt[0]++;
3151 		RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY);
3152 	}
3153 	if (HAS_KEY_MGMT(crypto_params,
3154 			 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) {
3155 		uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384;
3156 
3157 		selcnt[0]++;
3158 		RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt);
3159 	}
3160 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY)) {
3161 		selcnt[0]++;
3162 		RSN_ADD_KEYMGMT_TO_SUITE(frm,
3163 					 WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY);
3164 	}
3165 add_rsn_caps:
3166 	WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps);
3167 	/* optional capabilities */
3168 	if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) {
3169 		/* PMK list */
3170 		if (pmksa) {
3171 			WLAN_CRYPTO_ADDSHORT(frm, 1);
3172 			qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN);
3173 			frm += PMKID_LEN;
3174 		} else {
3175 			WLAN_CRYPTO_ADDSHORT(frm, 0);
3176 		}
3177 
3178 		if (HAS_MGMT_CIPHER(crypto_params,
3179 						WLAN_CRYPTO_CIPHER_AES_CMAC)) {
3180 			RSN_ADD_CIPHER_TO_SUITE(frm,
3181 						WLAN_CRYPTO_CIPHER_AES_CMAC);
3182 		}
3183 		if (HAS_MGMT_CIPHER(crypto_params,
3184 						WLAN_CRYPTO_CIPHER_AES_GMAC)) {
3185 			RSN_ADD_CIPHER_TO_SUITE(frm,
3186 						WLAN_CRYPTO_CIPHER_AES_GMAC);
3187 		}
3188 		if (HAS_MGMT_CIPHER(crypto_params,
3189 					 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) {
3190 			RSN_ADD_CIPHER_TO_SUITE(frm,
3191 						WLAN_CRYPTO_CIPHER_AES_CMAC_256
3192 						);
3193 		}
3194 
3195 		if (HAS_MGMT_CIPHER(crypto_params,
3196 					WLAN_CRYPTO_CIPHER_AES_GMAC_256)) {
3197 			RSN_ADD_CIPHER_TO_SUITE(frm,
3198 						WLAN_CRYPTO_CIPHER_AES_GMAC_256
3199 						);
3200 		}
3201 	} else {
3202 		/* PMK list */
3203 		if (pmksa) {
3204 			WLAN_CRYPTO_ADDSHORT(frm, 1);
3205 			qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN);
3206 			frm += PMKID_LEN;
3207 		}
3208 	}
3209 
3210 	/* calculate element length */
3211 	iebuf[1] = frm - iebuf - 2;
3212 
3213 	return frm;
3214 }
3215 
wlan_crypto_build_rsnie(struct wlan_objmgr_vdev * vdev,uint8_t * iebuf,struct qdf_mac_addr * bssid)3216 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev,
3217 				 uint8_t *iebuf,
3218 				 struct qdf_mac_addr *bssid)
3219 {
3220 	struct wlan_crypto_pmksa *pmksa = NULL;
3221 
3222 	if (bssid)
3223 		pmksa = wlan_crypto_get_pmksa(vdev, bssid);
3224 
3225 	return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa);
3226 }
3227 
wlan_crypto_rsn_info(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_params * crypto_params)3228 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev,
3229 				struct wlan_crypto_params *crypto_params)
3230 {
3231 	struct wlan_crypto_params *my_crypto_params;
3232 	my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev);
3233 
3234 	if (!my_crypto_params) {
3235 		crypto_debug("vdev crypto params is NULL");
3236 		return false;
3237 	}
3238 	/*
3239 	 * Check peer's pairwise ciphers.
3240 	 * At least one must match with our unicast cipher
3241 	 */
3242 	if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) {
3243 		crypto_debug("Unicast cipher match failed");
3244 		return false;
3245 	}
3246 	/*
3247 	 * Check peer's group cipher is our enabled multicast cipher.
3248 	 */
3249 	if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) {
3250 		crypto_debug("Multicast cipher match failed");
3251 		return false;
3252 	}
3253 	/*
3254 	 * Check peer's key management class set (PSK or UNSPEC)
3255 	 */
3256 	if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) {
3257 		crypto_debug("Key mgmt match failed");
3258 		return false;
3259 	}
3260 	if (wlan_crypto_vdev_is_pmf_required(vdev) &&
3261 	    !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) {
3262 		crypto_debug("Peer is not PMF capable");
3263 		return false;
3264 	}
3265 	if (!wlan_crypto_vdev_is_pmf_enabled(vdev) &&
3266 	    (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) {
3267 		crypto_debug("Peer needs PMF, but vdev is not capable");
3268 		return false;
3269 	}
3270 
3271 	return true;
3272 }
3273 
3274 /*
3275  * Convert an WAPI CIPHER suite to to an internal code.
3276  */
wlan_crypto_wapi_suite_to_cipher(const uint8_t * sel)3277 static int32_t wlan_crypto_wapi_suite_to_cipher(const uint8_t *sel)
3278 {
3279 	uint32_t w = LE_READ_4(sel);
3280 	int32_t status = -1;
3281 
3282 	switch (w) {
3283 	case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)):
3284 		return WLAN_CRYPTO_CIPHER_WAPI_SMS4;
3285 	}
3286 
3287 	return status;
3288 }
3289 
3290 /*
3291  * Convert an WAPI key management/authentication algorithm
3292  * to an internal code.
3293  */
wlan_crypto_wapi_keymgmt(const u_int8_t * sel)3294 static int32_t wlan_crypto_wapi_keymgmt(const u_int8_t *sel)
3295 {
3296 	uint32_t w = LE_READ_4(sel);
3297 	int32_t status = -1;
3298 
3299 	switch (w) {
3300 	case (WLAN_WAPI_SEL(WLAN_WAI_PSK)):
3301 		return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK;
3302 	case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)):
3303 		return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT;
3304 	}
3305 
3306 	return status;
3307 }
3308 
wlan_crypto_wapiie_check(struct wlan_crypto_params * crypto_params,const uint8_t * frm)3309 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params,
3310 				    const uint8_t *frm)
3311 {
3312 	uint8_t len = frm[1];
3313 	int32_t w;
3314 	int n;
3315 
3316 	/*
3317 	 * Check the length once for fixed parts: OUI, type,
3318 	 * version, mcast cipher, and 2 selector counts.
3319 	 * Other, variable-length data, must be checked separately.
3320 	 */
3321 	SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI);
3322 
3323 	if (len < WLAN_CRYPTO_WAPI_IE_LEN)
3324 		return QDF_STATUS_E_INVAL;
3325 
3326 
3327 	frm += 2;
3328 
3329 	w = LE_READ_2(frm);
3330 	frm += 2, len -= 2;
3331 	if (w != WAPI_VERSION)
3332 		return QDF_STATUS_E_INVAL;
3333 
3334 	n = LE_READ_2(frm);
3335 	frm += 2, len -= 2;
3336 	if (len < n*4+2)
3337 		return QDF_STATUS_E_INVAL;
3338 
3339 	for (; n > 0; n--) {
3340 		w = wlan_crypto_wapi_keymgmt(frm);
3341 		if (w < 0)
3342 			return QDF_STATUS_E_INVAL;
3343 
3344 		SET_KEY_MGMT(crypto_params, w);
3345 		frm += 4, len -= 4;
3346 	}
3347 
3348 	/* unicast ciphers */
3349 	n = LE_READ_2(frm);
3350 	frm += 2, len -= 2;
3351 	if (len < n*4+2)
3352 		return QDF_STATUS_E_INVAL;
3353 
3354 	for (; n > 0; n--) {
3355 		w = wlan_crypto_wapi_suite_to_cipher(frm);
3356 		if (w < 0)
3357 			return QDF_STATUS_E_INVAL;
3358 		SET_UCAST_CIPHER(crypto_params, w);
3359 		frm += 4, len -= 4;
3360 	}
3361 
3362 	if (!crypto_params->ucastcipherset)
3363 		return QDF_STATUS_E_INVAL;
3364 
3365 	/* multicast/group cipher */
3366 	w = wlan_crypto_wapi_suite_to_cipher(frm);
3367 
3368 	if (w < 0)
3369 		return QDF_STATUS_E_INVAL;
3370 
3371 	SET_MCAST_CIPHER(crypto_params, w);
3372 	frm += 4, len -= 4;
3373 
3374 	return QDF_STATUS_SUCCESS;
3375 }
3376 
wlan_crypto_build_wapiie(struct wlan_objmgr_vdev * vdev,uint8_t * iebuf)3377 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev,
3378 				uint8_t *iebuf)
3379 {
3380 	uint8_t *frm;
3381 	uint8_t *selcnt;
3382 	struct wlan_crypto_comp_priv *crypto_priv;
3383 	struct wlan_crypto_params *crypto_params;
3384 
3385 	frm = iebuf;
3386 	if (!frm) {
3387 		crypto_err("ie buffer NULL");
3388 		return NULL;
3389 	}
3390 
3391 	crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
3392 
3393 	if (!crypto_params) {
3394 		crypto_err("crypto_params NULL");
3395 		return NULL;
3396 	}
3397 
3398 	*frm++ = WLAN_ELEMID_WAPI;
3399 	*frm++ = 0;
3400 
3401 	WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION);
3402 
3403 	/* authenticator selector list */
3404 	selcnt = frm;
3405 	WLAN_CRYPTO_ADDSHORT(frm, 0);
3406 
3407 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) {
3408 		selcnt[0]++;
3409 		WLAN_CRYPTO_ADDSELECTOR(frm,
3410 				WLAN_WAPI_SEL(WLAN_WAI_PSK));
3411 	}
3412 
3413 	if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) {
3414 		selcnt[0]++;
3415 		WLAN_CRYPTO_ADDSELECTOR(frm,
3416 				WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4));
3417 	}
3418 
3419 	/* unicast cipher list */
3420 	selcnt = frm;
3421 	WLAN_CRYPTO_ADDSHORT(frm, 0);
3422 
3423 	if (UCIPHER_IS_SMS4(crypto_params)) {
3424 		selcnt[0]++;
3425 		WLAN_CRYPTO_ADDSELECTOR(frm,
3426 				WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER));
3427 	}
3428 
3429 	WLAN_CRYPTO_ADDSELECTOR(frm,
3430 				WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER));
3431 
3432 	/* optional capabilities */
3433 	WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps);
3434 
3435 	/* bkid count */
3436 	if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE ||
3437 	    vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE)
3438 		WLAN_CRYPTO_ADDSHORT(frm, 0);
3439 
3440 	/* calculate element length */
3441 	iebuf[1] = frm - iebuf - 2;
3442 
3443 	return frm;
3444 
3445 }
3446 
wlan_crypto_pn_check(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf)3447 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev,
3448 				qdf_nbuf_t wbuf)
3449 {
3450 	/* Need to check is there real requirement for this function
3451 	 * as PN check is already handled in decap function.
3452 	 */
3453 	return QDF_STATUS_SUCCESS;
3454 }
3455 
wlan_crypto_vdev_get_crypto_params(struct wlan_objmgr_vdev * vdev)3456 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params(
3457 						struct wlan_objmgr_vdev *vdev)
3458 {
3459 	struct wlan_crypto_comp_priv *crypto_priv;
3460 
3461 	return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
3462 }
3463 
wlan_crypto_peer_get_crypto_params(struct wlan_objmgr_peer * peer)3464 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params(
3465 						struct wlan_objmgr_peer *peer)
3466 {
3467 	struct wlan_crypto_comp_priv *crypto_priv;
3468 
3469 	return wlan_crypto_peer_get_comp_params(peer, &crypto_priv);
3470 }
3471 
3472 
wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev * vdev,struct wlan_objmgr_peer * peer)3473 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev,
3474 					struct wlan_objmgr_peer *peer)
3475 {
3476 	struct wlan_crypto_comp_priv *crypto_priv;
3477 	struct wlan_crypto_comp_priv *sta_crypto_priv;
3478 	struct wlan_crypto_params *crypto_params;
3479 	struct wlan_crypto_key *key;
3480 	struct wlan_crypto_key *sta_key;
3481 	struct wlan_crypto_keys *sta_priv = NULL;
3482 	struct wlan_crypto_cipher *cipher_table;
3483 	struct wlan_objmgr_psoc *psoc;
3484 	struct wlan_lmac_if_tx_ops *tx_ops;
3485 	uint8_t *mac_addr;
3486 	int i;
3487 	enum QDF_OPMODE opmode;
3488 	QDF_STATUS status = QDF_STATUS_SUCCESS;
3489 
3490 	if (!vdev)
3491 		return QDF_STATUS_E_NULL_VALUE;
3492 
3493 	if (!peer) {
3494 		crypto_debug("peer NULL");
3495 		return QDF_STATUS_E_INVAL;
3496 	}
3497 
3498 	opmode = wlan_vdev_mlme_get_opmode(vdev);
3499 	psoc = wlan_vdev_get_psoc(vdev);
3500 
3501 	if (!psoc) {
3502 		crypto_err("psoc NULL");
3503 		return QDF_STATUS_E_NULL_VALUE;
3504 	}
3505 
3506 	wlan_peer_obj_lock(peer);
3507 	mac_addr = wlan_peer_get_macaddr(peer);
3508 	wlan_peer_obj_unlock(peer);
3509 
3510 	crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
3511 							&crypto_priv);
3512 	if (!crypto_priv) {
3513 		crypto_err("crypto_priv NULL");
3514 		return QDF_STATUS_E_NULL_VALUE;
3515 	}
3516 
3517 	/* push only valid static WEP keys from vap */
3518 	if (AUTH_IS_8021X(crypto_params))
3519 		return QDF_STATUS_E_INVAL;
3520 
3521 	if (opmode == QDF_STA_MODE) {
3522 		peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID);
3523 		if (!peer) {
3524 			crypto_debug("peer NULL");
3525 			return QDF_STATUS_E_INVAL;
3526 		}
3527 	}
3528 
3529 	wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv);
3530 	if (!sta_crypto_priv) {
3531 		crypto_err("sta priv is null");
3532 		status = QDF_STATUS_E_INVAL;
3533 		goto exit;
3534 	}
3535 
3536 	sta_priv = &sta_crypto_priv->crypto_key;
3537 
3538 	for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) {
3539 		if (crypto_priv->crypto_key.key[i]) {
3540 			key = crypto_priv->crypto_key.key[i];
3541 			if (!key || !key->valid)
3542 				continue;
3543 
3544 			cipher_table = (struct wlan_crypto_cipher *)
3545 							key->cipher_table;
3546 
3547 			if (!cipher_table)
3548 				continue;
3549 			if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) {
3550 				tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
3551 				if (!tx_ops) {
3552 					crypto_err("tx_ops is NULL");
3553 					return QDF_STATUS_E_INVAL;
3554 				}
3555 
3556 				sta_key = qdf_mem_malloc(
3557 						sizeof(struct wlan_crypto_key));
3558 				if (!sta_key) {
3559 					status = QDF_STATUS_E_NOMEM;
3560 					goto exit;
3561 				}
3562 
3563 				sta_priv->key[i] = sta_key;
3564 				qdf_mem_copy(sta_key, key,
3565 						sizeof(struct wlan_crypto_key));
3566 
3567 				sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT;
3568 
3569 				if (crypto_priv->crypto_key.def_tx_keyid == i) {
3570 					sta_key->flags
3571 						|= WLAN_CRYPTO_KEY_DEFAULT;
3572 					sta_priv->def_tx_keyid =
3573 					crypto_priv->crypto_key.def_tx_keyid;
3574 				}
3575 				/* setting the broadcast/multicast key for sta*/
3576 				if (opmode == QDF_STA_MODE ||
3577 						opmode == QDF_IBSS_MODE){
3578 					if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
3579 						WLAN_CRYPTO_TX_OPS_SETKEY(
3580 							tx_ops)(vdev, sta_key,
3581 							mac_addr,
3582 							cipher_table->cipher);
3583 					}
3584 				}
3585 
3586 				/* setting unicast key */
3587 				sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP;
3588 				if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
3589 					WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(
3590 							vdev, sta_key,
3591 							mac_addr,
3592 							cipher_table->cipher);
3593 				}
3594 			}
3595 		}
3596 	}
3597 
3598 exit:
3599 	if (opmode == QDF_STA_MODE)
3600 		wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
3601 
3602 	return status;
3603 }
3604 
wlan_crypto_register_crypto_rx_ops(struct wlan_lmac_if_crypto_rx_ops * crypto_rx_ops)3605 QDF_STATUS wlan_crypto_register_crypto_rx_ops(
3606 			struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops)
3607 {
3608 	crypto_rx_ops->crypto_encap      = wlan_crypto_encap;
3609 	crypto_rx_ops->crypto_decap      = wlan_crypto_decap;
3610 	crypto_rx_ops->crypto_enmic      = wlan_crypto_enmic;
3611 	crypto_rx_ops->crypto_demic      = wlan_crypto_demic;
3612 	crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys;
3613 
3614 	return QDF_STATUS_SUCCESS;
3615 }
3616 
wlan_crypto_get_crypto_rx_ops(struct wlan_objmgr_psoc * psoc)3617 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops(
3618 					struct wlan_objmgr_psoc *psoc)
3619 {
3620 	struct wlan_lmac_if_rx_ops *rx_ops;
3621 
3622 	rx_ops = wlan_psoc_get_lmac_if_rxops(psoc);
3623 
3624 	if (!rx_ops) {
3625 		crypto_err("rx_ops is NULL");
3626 		return NULL;
3627 	}
3628 
3629 	return &rx_ops->crypto_rx_ops;
3630 }
3631 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops);
3632 
wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev * vdev,wlan_crypto_auth_mode authvalue)3633 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev,
3634 					wlan_crypto_auth_mode authvalue)
3635 {
3636 	int res;
3637 
3638 	res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE);
3639 
3640 	if (res != -1)
3641 		return (res & authvalue) ? true : false;
3642 	return false;
3643 }
3644 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode);
3645 
wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer * peer,wlan_crypto_auth_mode authvalue)3646 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer,
3647 					wlan_crypto_auth_mode authvalue)
3648 {
3649 	int res;
3650 
3651 	res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE);
3652 
3653 	if (res != -1)
3654 		return (res & authvalue) ? true : false;
3655 
3656 	return false;
3657 }
3658 qdf_export_symbol(wlan_crypto_peer_has_auth_mode);
3659 
wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev * vdev,wlan_crypto_cipher_type ucastcipher)3660 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev,
3661 					wlan_crypto_cipher_type ucastcipher)
3662 {
3663 	int res;
3664 
3665 	res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER);
3666 
3667 	if (res != -1)
3668 		return (res & ucastcipher) ? true : false;
3669 
3670 	return false;
3671 }
3672 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher);
3673 
wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer * peer,wlan_crypto_cipher_type ucastcipher)3674 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer,
3675 					wlan_crypto_cipher_type ucastcipher)
3676 {
3677 	int res;
3678 
3679 	res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER);
3680 
3681 	if (res != -1)
3682 		return (res & ucastcipher) ? true : false;
3683 
3684 	return false;
3685 }
3686 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher);
3687 
wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev * vdev,wlan_crypto_cipher_type mcastcipher)3688 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev,
3689 					wlan_crypto_cipher_type mcastcipher)
3690 {
3691 	int res;
3692 
3693 	res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER);
3694 
3695 	if (res != -1)
3696 		return (res & mcastcipher) ? true : false;
3697 
3698 	return false;
3699 }
3700 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher);
3701 
wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer * peer,wlan_crypto_cipher_type mcastcipher)3702 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer,
3703 					wlan_crypto_cipher_type mcastcipher)
3704 {
3705 	int res;
3706 
3707 	res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER);
3708 
3709 	if (res != -1)
3710 		return (res & mcastcipher) ? true : false;
3711 
3712 	return false;
3713 }
3714 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher);
3715 
wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev * vdev,uint32_t mgmtcipher)3716 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev,
3717 				     uint32_t mgmtcipher)
3718 {
3719 	int res;
3720 
3721 	res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER);
3722 
3723 	if (res != -1)
3724 		return (res & mgmtcipher) ? true : false;
3725 
3726 	return false;
3727 }
3728 
3729 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher);
3730 
wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer * peer,uint32_t mgmtcipher)3731 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer,
3732 				     uint32_t mgmtcipher)
3733 {
3734 	int res;
3735 
3736 	res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER);
3737 
3738 	if (res != -1)
3739 		return (res & mgmtcipher) ? true : false;
3740 
3741 	return false;
3742 }
3743 
3744 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher);
3745 
wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer * peer)3746 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer)
3747 {
3748 	struct wlan_crypto_comp_priv *crypto_priv = NULL;
3749 
3750 	if (!peer) {
3751 		crypto_err("Invalid Input");
3752 		return 0;
3753 	}
3754 
3755 	crypto_priv = wlan_get_peer_crypto_obj(peer);
3756 	if (!crypto_priv) {
3757 		crypto_err("crypto_priv NULL");
3758 		return 0;
3759 	}
3760 
3761 	return crypto_priv->fils_aead_set;
3762 }
3763 
3764 void
wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer * peer,uint8_t value)3765 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value)
3766 {
3767 	struct wlan_crypto_comp_priv *crypto_priv = NULL;
3768 
3769 	if (!peer) {
3770 		crypto_err("Invalid Input");
3771 		return;
3772 	}
3773 
3774 	crypto_priv = wlan_get_peer_crypto_obj(peer);
3775 	if (!crypto_priv) {
3776 		crypto_err("crypto_priv NULL");
3777 		return;
3778 	}
3779 
3780 	crypto_priv->fils_aead_set = value;
3781 }
3782 
wlan_crypto_get_key_header(struct wlan_crypto_key * key)3783 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key)
3784 {
3785 	struct wlan_crypto_cipher *cipher_table;
3786 
3787 	cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
3788 	if (cipher_table)
3789 		return cipher_table->header;
3790 	else
3791 		return 0;
3792 }
3793 
3794 qdf_export_symbol(wlan_crypto_get_key_header);
3795 
wlan_crypto_get_key_trailer(struct wlan_crypto_key * key)3796 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key)
3797 {
3798 	struct wlan_crypto_cipher *cipher_table;
3799 
3800 	cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
3801 	if (cipher_table)
3802 		return cipher_table->trailer;
3803 	else
3804 		return 0;
3805 }
3806 
3807 qdf_export_symbol(wlan_crypto_get_key_trailer);
3808 
wlan_crypto_get_key_miclen(struct wlan_crypto_key * key)3809 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key)
3810 {
3811 	struct wlan_crypto_cipher *cipher_table;
3812 
3813 	cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
3814 	if (cipher_table)
3815 		return cipher_table->miclen;
3816 	else
3817 		return 0;
3818 }
3819 
3820 qdf_export_symbol(wlan_crypto_get_key_miclen);
3821 
wlan_crypto_get_keyid(uint8_t * data,int hdrlen)3822 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen)
3823 {
3824 	struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data;
3825 	uint8_t *iv;
3826 	uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]);
3827 	uint8_t type = WLAN_FC0_GET_TYPE(hdr->i_fc[0]);
3828 
3829 	/*
3830 	 * In FILS SK (Re)Association request/response frame has
3831 	 * to be decrypted
3832 	 */
3833 	if ((type == WLAN_FC0_TYPE_MGMT) &&
3834 	    ((stype == WLAN_FC0_STYPE_ASSOC_REQ) ||
3835 	    (stype == WLAN_FC0_STYPE_REASSOC_REQ) ||
3836 	    (stype == WLAN_FC0_STYPE_ASSOC_RESP) ||
3837 	    (stype == WLAN_FC0_STYPE_REASSOC_RESP))) {
3838 		return 0;
3839 	}
3840 
3841 	if (hdr->i_fc[1] & WLAN_FC1_ISWEP) {
3842 		iv = data + hdrlen;
3843 		/*
3844 		 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers
3845 		 * Bits 6–7 of the Key ID octet are for the Key ID subfield
3846 		 */
3847 		return ((iv[3] >> 6) & 0x3);
3848 	} else {
3849 		return WLAN_CRYPTO_KEYIX_NONE;
3850 	}
3851 }
3852 
3853 qdf_export_symbol(wlan_crypto_get_keyid);
3854 
3855 /**
3856  * crypto_plumb_peer_keys() - called during radio reset
3857  * @vdev: vdev
3858  * @object: peer
3859  * @arg: psoc
3860  *
3861  * Restore unicast and persta hardware keys
3862  *
3863  * Return: void
3864  */
crypto_plumb_peer_keys(struct wlan_objmgr_vdev * vdev,void * object,void * arg)3865 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev,
3866 				   void *object, void *arg)
3867 {
3868 	struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object;
3869 	struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg;
3870 	struct wlan_crypto_comp_priv *crypto_priv;
3871 	struct wlan_crypto_params *crypto_params;
3872 	struct wlan_crypto_key *key = NULL;
3873 	struct wlan_lmac_if_tx_ops *tx_ops;
3874 	int i;
3875 
3876 	if ((!peer) || (!vdev) || (!psoc)) {
3877 		crypto_err("Peer or vdev or psoc objects are null!");
3878 		return;
3879 	}
3880 
3881 	crypto_params = wlan_crypto_peer_get_comp_params(peer,
3882 							 &crypto_priv);
3883 
3884 	if (!crypto_priv) {
3885 		crypto_err("crypto_priv NULL");
3886 		return;
3887 	}
3888 
3889 	for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) {
3890 		key = crypto_priv->crypto_key.key[i];
3891 		if (key && key->valid) {
3892 			tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
3893 
3894 			if (!tx_ops) {
3895 				crypto_err("tx_ops is NULL");
3896 				return;
3897 			}
3898 			if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
3899 				WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)
3900 					(
3901 					 vdev,
3902 					 key,
3903 					 wlan_peer_get_macaddr(peer),
3904 					 wlan_crypto_get_key_type(key)
3905 					);
3906 			}
3907 		}
3908 	}
3909 }
3910 
wlan_crypto_restore_keys(struct wlan_objmgr_vdev * vdev)3911 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev)
3912 {
3913 	int i;
3914 	struct wlan_crypto_comp_priv *crypto_priv;
3915 	struct wlan_crypto_params *crypto_params;
3916 	struct wlan_crypto_key *key;
3917 	uint8_t macaddr[QDF_MAC_ADDR_SIZE] =
3918 			{0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
3919 	struct wlan_objmgr_pdev *pdev = NULL;
3920 	struct wlan_objmgr_psoc *psoc = NULL;
3921 	struct wlan_lmac_if_tx_ops *tx_ops;
3922 
3923 	pdev = wlan_vdev_get_pdev(vdev);
3924 	psoc = wlan_vdev_get_psoc(vdev);
3925 	if (!pdev) {
3926 		crypto_err("pdev is NULL");
3927 		return;
3928 	}
3929 	if (!psoc) {
3930 		crypto_err("psoc is NULL");
3931 		return;
3932 	}
3933 
3934 	/* TBD: QWRAP key restore*/
3935 	/* crypto is on */
3936 	if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) {
3937 		/* restore static shared keys */
3938 		for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) {
3939 			crypto_params = wlan_crypto_vdev_get_comp_params
3940 				(
3941 				 vdev,
3942 				 &crypto_priv
3943 				);
3944 			if (!crypto_priv) {
3945 				crypto_err("crypto_priv is NULL");
3946 				return;
3947 			}
3948 			key = crypto_priv->crypto_key.key[i];
3949 			if (key && key->valid) {
3950 				tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
3951 				if (!tx_ops) {
3952 					crypto_err("tx_ops is NULL");
3953 					return;
3954 				}
3955 				if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
3956 					WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)
3957 						(
3958 						 vdev,
3959 						 key,
3960 						 macaddr,
3961 						 wlan_crypto_get_key_type(key)
3962 						 );
3963 				}
3964 			}
3965 		}
3966 
3967 		wlan_objmgr_iterate_peerobj_list(vdev,
3968 						 crypto_plumb_peer_keys,
3969 						 psoc,
3970 						 WLAN_CRYPTO_ID);
3971 	}
3972 }
3973 
3974 QDF_STATUS
wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params * crypto_params,const uint8_t * ie_ptr,uint16_t ie_len)3975 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params,
3976 				   const uint8_t *ie_ptr, uint16_t ie_len)
3977 {
3978 	const uint8_t *rsn_ie = NULL;
3979 	QDF_STATUS status;
3980 
3981 	qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params));
3982 	rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len);
3983 	if (!rsn_ie) {
3984 		crypto_debug("RSN IE not present");
3985 		return QDF_STATUS_E_INVAL;
3986 	}
3987 
3988 	status = wlan_crypto_rsnie_check(crypto_params, rsn_ie);
3989 	if (QDF_STATUS_SUCCESS != status) {
3990 		crypto_err("RSN IE check failed");
3991 		return status;
3992 	}
3993 
3994 	return QDF_STATUS_SUCCESS;
3995 }
3996 
3997 QDF_STATUS
wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params * crypto_params,const uint8_t * ie_ptr,uint16_t ie_len)3998 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params,
3999 				   const uint8_t *ie_ptr, uint16_t ie_len)
4000 {
4001 	const uint8_t *wpa_ie = NULL;
4002 	uint32_t wpa_oui;
4003 	QDF_STATUS status;
4004 
4005 	qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params));
4006 
4007 	wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE);
4008 	wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui,
4009 						 WLAN_OUI_SIZE, ie_ptr, ie_len);
4010 	if (!wpa_ie) {
4011 		crypto_debug("WPA IE not present");
4012 		return QDF_STATUS_E_INVAL;
4013 	}
4014 
4015 	status = wlan_crypto_wpaie_check(crypto_params, wpa_ie);
4016 	if (QDF_STATUS_SUCCESS != status) {
4017 		crypto_err("WPA IE check failed");
4018 		return status;
4019 	}
4020 
4021 	return QDF_STATUS_SUCCESS;
4022 }
4023 
4024 #ifdef FEATURE_WLAN_WAPI
4025 QDF_STATUS
wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params * crypto_params,const uint8_t * ie_ptr,uint16_t ie_len)4026 wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params *crypto_params,
4027 				    const uint8_t *ie_ptr, uint16_t ie_len)
4028 {
4029 	const uint8_t *wapi_ie;
4030 	QDF_STATUS status;
4031 
4032 	qdf_mem_zero(crypto_params, sizeof(*crypto_params));
4033 	wapi_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_WAPI, ie_ptr, ie_len);
4034 	if (!wapi_ie) {
4035 		crypto_debug("WAPI ie not present");
4036 		return QDF_STATUS_E_INVAL;
4037 	}
4038 
4039 	status = wlan_crypto_wapiie_check(crypto_params, wapi_ie);
4040 	if (QDF_IS_STATUS_ERROR(status)) {
4041 		crypto_err("WAPI IE check failed");
4042 		return status;
4043 	}
4044 
4045 	return QDF_STATUS_SUCCESS;
4046 }
4047 #endif
4048 
wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc * psoc,uint8_t vdev_id,uint8_t * ie_ptr,uint16_t ie_len,struct wlan_crypto_params * peer_crypto_params)4049 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc,
4050 				 uint8_t vdev_id, uint8_t *ie_ptr,
4051 				 uint16_t ie_len, struct wlan_crypto_params *
4052 				 peer_crypto_params)
4053 {
4054 	struct wlan_objmgr_vdev *vdev;
4055 	bool match = true;
4056 	QDF_STATUS status;
4057 
4058 	if (!psoc) {
4059 		crypto_err("PSOC is NULL");
4060 		return false;
4061 	}
4062 	status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params,
4063 						    ie_ptr, ie_len);
4064 	if (QDF_STATUS_SUCCESS != status) {
4065 		crypto_err("get crypto prarams from RSN IE failed");
4066 		return false;
4067 	}
4068 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id,
4069 						    WLAN_CRYPTO_ID);
4070 	if (!vdev) {
4071 		crypto_err("vdev is NULL");
4072 		return false;
4073 	}
4074 
4075 	match = wlan_crypto_rsn_info(vdev, peer_crypto_params);
4076 
4077 	wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID);
4078 
4079 	return match;
4080 }
4081 
wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc * psoc,uint8_t vdev_id,uint8_t * ie_ptr,uint16_t ie_len,struct wlan_crypto_params * peer_crypto_params)4082 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc,
4083 				 uint8_t vdev_id, uint8_t *ie_ptr,
4084 				 uint16_t ie_len, struct wlan_crypto_params *
4085 				 peer_crypto_params)
4086 {
4087 	struct wlan_objmgr_vdev *vdev;
4088 	bool match = true;
4089 	QDF_STATUS status;
4090 
4091 	if (!psoc) {
4092 		crypto_err("PSOC is NULL");
4093 		return false;
4094 	}
4095 	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id,
4096 						    WLAN_CRYPTO_ID);
4097 	if (!vdev) {
4098 		crypto_err("vdev is NULL");
4099 		return false;
4100 	}
4101 
4102 	status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params,
4103 						    ie_ptr, ie_len);
4104 	if (QDF_STATUS_SUCCESS != status) {
4105 		crypto_err("get crypto prarams from WPA IE failed");
4106 		match = false;
4107 		goto send_res;
4108 	}
4109 	match = wlan_crypto_rsn_info(vdev, peer_crypto_params);
4110 
4111 send_res:
4112 	wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID);
4113 
4114 	return match;
4115 }
4116 
4117 
4118 static void
wlan_crypto_merge_prarams(struct wlan_crypto_params * dst_params,struct wlan_crypto_params * src_params)4119 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params,
4120 			  struct wlan_crypto_params *src_params)
4121 {
4122 	dst_params->authmodeset |= src_params->authmodeset;
4123 	dst_params->ucastcipherset |= src_params->ucastcipherset;
4124 	dst_params->mcastcipherset |= src_params->mcastcipherset;
4125 	dst_params->mgmtcipherset |= src_params->mgmtcipherset;
4126 	dst_params->cipher_caps |= src_params->cipher_caps;
4127 	dst_params->key_mgmt |= src_params->key_mgmt;
4128 	dst_params->rsn_caps |= src_params->rsn_caps;
4129 }
4130 
4131 static void
wlan_crypto_reset_prarams(struct wlan_crypto_params * params)4132 wlan_crypto_reset_prarams(struct wlan_crypto_params *params)
4133 {
4134 	params->authmodeset = 0;
4135 	params->ucastcipherset = 0;
4136 	params->mcastcipherset = 0;
4137 	params->mgmtcipherset = 0;
4138 	params->key_mgmt = 0;
4139 	params->rsn_caps = 0;
4140 }
4141 
4142 const uint8_t *
wlan_crypto_parse_rsnxe_ie(const uint8_t * rsnxe_ie,uint8_t * cap_len)4143 wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len)
4144 {
4145 	uint8_t len;
4146 	const uint8_t *ie;
4147 
4148 	if (!rsnxe_ie)
4149 		return NULL;
4150 
4151 	ie = rsnxe_ie;
4152 	len = ie[1];
4153 	ie += 2;
4154 
4155 	if (!len)
4156 		return NULL;
4157 
4158 	*cap_len = ie[0] & 0xf;
4159 
4160 	return ie;
4161 }
4162 
wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev * vdev,uint8_t * ie_ptr,uint16_t ie_len)4163 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev,
4164 						uint8_t *ie_ptr,
4165 						uint16_t ie_len)
4166 {
4167 	struct wlan_crypto_params crypto_params;
4168 	QDF_STATUS status;
4169 	struct wlan_crypto_params *vdev_crypto_params;
4170 	struct wlan_crypto_comp_priv *crypto_priv;
4171 	bool send_fail = false;
4172 
4173 	if (!vdev) {
4174 		crypto_err("VDEV is NULL");
4175 		return QDF_STATUS_E_FAILURE;
4176 	}
4177 
4178 	if (!ie_ptr) {
4179 		crypto_err("IE ptr is NULL");
4180 		return QDF_STATUS_E_FAILURE;
4181 	}
4182 
4183 	crypto_priv = (struct wlan_crypto_comp_priv *)
4184 		       wlan_get_vdev_crypto_obj(vdev);
4185 
4186 	if (!crypto_priv) {
4187 		crypto_err("crypto_priv NULL");
4188 		return QDF_STATUS_E_FAILURE;
4189 	}
4190 
4191 	vdev_crypto_params = &crypto_priv->crypto_params;
4192 
4193 	wlan_crypto_reset_prarams(vdev_crypto_params);
4194 	status = wlan_get_crypto_params_from_rsn_ie(&crypto_params,
4195 						    ie_ptr, ie_len);
4196 	if (QDF_IS_STATUS_SUCCESS(status))
4197 		wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params);
4198 	else
4199 		send_fail = true;
4200 
4201 	status = wlan_get_crypto_params_from_wpa_ie(&crypto_params,
4202 						    ie_ptr, ie_len);
4203 	if (QDF_IS_STATUS_SUCCESS(status)) {
4204 		wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params);
4205 		send_fail = false;
4206 	}
4207 
4208 	status = wlan_get_crypto_params_from_wapi_ie(&crypto_params,
4209 						     ie_ptr, ie_len);
4210 	if (QDF_IS_STATUS_SUCCESS(status)) {
4211 		wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params);
4212 		send_fail = false;
4213 	}
4214 
4215 	return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS;
4216 }
4217 
wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev * vdev,bool igtk)4218 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk)
4219 {
4220 	struct wlan_crypto_comp_priv *crypto_priv;
4221 
4222 	crypto_priv = wlan_get_vdev_crypto_obj(vdev);
4223 	if (!crypto_priv) {
4224 		crypto_err("crypto_priv NULL");
4225 		return QDF_STATUS_E_FAILURE;
4226 	}
4227 
4228 	if (igtk)
4229 		return crypto_priv->crypto_key.def_igtk_tx_keyid;
4230 	else
4231 		return crypto_priv->crypto_key.def_tx_keyid;
4232 }
4233 
4234 enum wlan_crypto_cipher_type
wlan_crypto_get_cipher(struct wlan_objmgr_vdev * vdev,bool pairwise,uint8_t key_index)4235 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev,
4236 		       bool pairwise, uint8_t key_index)
4237 {
4238 	struct wlan_crypto_key *crypto_key;
4239 
4240 	crypto_key = wlan_crypto_get_key(vdev, key_index);
4241 
4242 	if (crypto_key)
4243 		return crypto_key->cipher_type;
4244 	else
4245 		return WLAN_CRYPTO_CIPHER_INVALID;
4246 }
4247 
wlan_crypto_get_secure_akm_available(uint32_t akm)4248 wlan_crypto_key_mgmt wlan_crypto_get_secure_akm_available(uint32_t akm)
4249 {
4250 	if (!akm)
4251 		return WLAN_CRYPTO_KEY_MGMT_MAX;
4252 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384))
4253 		return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384;
4254 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256))
4255 		return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256;
4256 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384))
4257 		return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384;
4258 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256))
4259 		return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256;
4260 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384))
4261 		return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384;
4262 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192))
4263 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192;
4264 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B))
4265 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B;
4266 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY))
4267 		return WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY;
4268 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY))
4269 		return WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY;
4270 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE))
4271 		return WLAN_CRYPTO_KEY_MGMT_FT_SAE;
4272 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE))
4273 		return WLAN_CRYPTO_KEY_MGMT_SAE;
4274 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OWE))
4275 		return WLAN_CRYPTO_KEY_MGMT_OWE;
4276 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_DPP))
4277 		return WLAN_CRYPTO_KEY_MGMT_DPP;
4278 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256))
4279 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256;
4280 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X))
4281 		return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X;
4282 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X))
4283 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X;
4284 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384))
4285 		return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384;
4286 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA384))
4287 		return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384;
4288 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256))
4289 		return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256;
4290 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK))
4291 		return WLAN_CRYPTO_KEY_MGMT_FT_PSK;
4292 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK))
4293 		return WLAN_CRYPTO_KEY_MGMT_PSK;
4294 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK))
4295 		return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK;
4296 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT))
4297 		return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT;
4298 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_CCKM))
4299 		return WLAN_CRYPTO_KEY_MGMT_CCKM;
4300 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OSEN))
4301 		return WLAN_CRYPTO_KEY_MGMT_OSEN;
4302 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WPS))
4303 		return WLAN_CRYPTO_KEY_MGMT_WPS;
4304 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_NO_WPA))
4305 		return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_NO_WPA;
4306 	else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WPA_NONE))
4307 		return WLAN_CRYPTO_KEY_MGMT_WPA_NONE;
4308 	else /* Return MAX if no AKM matches */
4309 		return WLAN_CRYPTO_KEY_MGMT_MAX;
4310 }
4311 
4312 #ifdef CRYPTO_SET_KEY_CONVERGED
wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher,uint8_t key_index,uint8_t key_len,uint8_t seq_len)4313 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher,
4314 					   uint8_t key_index, uint8_t key_len,
4315 					   uint8_t seq_len)
4316 {
4317 	if (!is_valid_keyix(key_index)) {
4318 		crypto_err("Invalid Key index %d", key_index);
4319 		return QDF_STATUS_E_INVAL;
4320 	}
4321 	if (cipher == WLAN_CRYPTO_CIPHER_INVALID) {
4322 		crypto_err("Invalid Cipher %d", cipher);
4323 		return QDF_STATUS_E_INVAL;
4324 	}
4325 	if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC ||
4326 	       cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 ||
4327 	       cipher == WLAN_CRYPTO_CIPHER_AES_GMAC ||
4328 	       cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) &&
4329 	    (key_index >= WLAN_CRYPTO_MAXKEYIDX)) {
4330 		crypto_err("Invalid key index %d for cipher %d",
4331 			   key_index, cipher);
4332 		return QDF_STATUS_E_INVAL;
4333 	}
4334 	if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) {
4335 		crypto_err("Invalid key length %d", key_len);
4336 		return QDF_STATUS_E_INVAL;
4337 	}
4338 
4339 	if (seq_len > WLAN_CRYPTO_RSC_SIZE) {
4340 		crypto_err("Invalid seq length %d", seq_len);
4341 		return QDF_STATUS_E_INVAL;
4342 	}
4343 
4344 	crypto_debug("key: idx:%d, len:%d, seq len:%d",
4345 		     key_index, key_len, seq_len);
4346 
4347 	return QDF_STATUS_SUCCESS;
4348 }
4349 
4350 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE
is_mlo_adv_enable(void)4351 static bool is_mlo_adv_enable(void)
4352 {
4353 	return true;
4354 }
4355 #else
is_mlo_adv_enable(void)4356 static bool is_mlo_adv_enable(void)
4357 {
4358 	return false;
4359 }
4360 
4361 #endif
4362 
4363 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE
wlan_crypto_save_ml_sta_key(struct wlan_objmgr_psoc * psoc,uint8_t key_index,struct wlan_crypto_key * crypto_key,struct qdf_mac_addr * link_addr,uint8_t link_id)4364 QDF_STATUS wlan_crypto_save_ml_sta_key(
4365 				struct wlan_objmgr_psoc *psoc,
4366 				uint8_t key_index,
4367 				struct wlan_crypto_key *crypto_key,
4368 				struct qdf_mac_addr *link_addr, uint8_t link_id)
4369 {
4370 	struct crypto_psoc_priv_obj *crypto_psoc_obj;
4371 	int status = QDF_STATUS_SUCCESS;
4372 
4373 	crypto_debug("save crypto key index %d link_id %d link addr "
4374 		     QDF_MAC_ADDR_FMT, key_index, link_id,
4375 		     QDF_MAC_ADDR_REF(link_addr->bytes));
4376 	if (!is_valid_keyix(key_index)) {
4377 		crypto_err("Invalid Key index %d", key_index);
4378 		return QDF_STATUS_E_FAILURE;
4379 	}
4380 
4381 	crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj(
4382 						psoc,
4383 						WLAN_UMAC_COMP_CRYPTO);
4384 	if (!crypto_psoc_obj) {
4385 		crypto_err("crypto_psoc_obj NULL");
4386 		return QDF_STATUS_E_FAILURE;
4387 	}
4388 
4389 	crypto_key->valid = true;
4390 
4391 	status = crypto_add_entry(crypto_psoc_obj,
4392 				  link_id, (uint8_t *)link_addr,
4393 				  crypto_key, key_index);
4394 	if (QDF_IS_STATUS_ERROR(status)) {
4395 		crypto_err("failed to add crypto entry %d", status);
4396 		return status;
4397 	}
4398 	crypto_key->valid = true;
4399 	return QDF_STATUS_SUCCESS;
4400 }
4401 #else
wlan_crypto_save_ml_sta_key(struct wlan_objmgr_psoc * psoc,uint8_t key_index,struct wlan_crypto_key * crypto_key,struct qdf_mac_addr * link_addr,uint8_t link_id)4402 QDF_STATUS wlan_crypto_save_ml_sta_key(
4403 			struct wlan_objmgr_psoc *psoc,
4404 			uint8_t key_index,
4405 			struct wlan_crypto_key *crypto_key,
4406 			struct qdf_mac_addr *link_addr, uint8_t link_id)
4407 {
4408 	return QDF_STATUS_SUCCESS;
4409 }
4410 #endif
4411 
4412 /**
4413  * wlan_crypto_save_key_at_psoc() - Allocate memory for storing key in PSOC
4414  * @vdev: vdev object
4415  * @key_index: the index of the key that needs to be allocated
4416  * @crypto_key: Pointer to crypto key
4417  *
4418  * Return: QDF_STATUS
4419  */
4420 static QDF_STATUS
wlan_crypto_save_key_at_psoc(struct wlan_objmgr_vdev * vdev,uint8_t key_index,struct wlan_crypto_key * crypto_key)4421 wlan_crypto_save_key_at_psoc(struct wlan_objmgr_vdev *vdev, uint8_t key_index,
4422 			     struct wlan_crypto_key *crypto_key)
4423 {
4424 	struct wlan_objmgr_psoc *psoc;
4425 	struct crypto_psoc_priv_obj *crypto_psoc_obj;
4426 	struct qdf_mac_addr *link_addr;
4427 	uint8_t link_id = CRYPTO_MAX_LINK_IDX;
4428 	int status = QDF_STATUS_SUCCESS;
4429 
4430 	psoc = wlan_vdev_get_psoc(vdev);
4431 	crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj(
4432 			psoc,
4433 			WLAN_UMAC_COMP_CRYPTO);
4434 	if (!crypto_psoc_obj) {
4435 		crypto_err("crypto_psoc_obj NULL");
4436 		return QDF_STATUS_E_FAILURE;
4437 	}
4438 
4439 	if (wlan_vdev_mlme_is_mlo_vdev(vdev))
4440 		link_id = wlan_vdev_get_link_id(vdev);
4441 
4442 	link_addr = (struct qdf_mac_addr *)wlan_vdev_mlme_get_linkaddr(vdev);
4443 	if (!link_addr) {
4444 		crypto_err("link_addr NULL");
4445 		return QDF_STATUS_E_FAILURE;
4446 	}
4447 
4448 	crypto_debug("save crypto key index %d link_id %d link addr "
4449 		     QDF_MAC_ADDR_FMT, key_index, link_id,
4450 		     QDF_MAC_ADDR_REF(link_addr->bytes));
4451 	status = crypto_add_entry(crypto_psoc_obj,
4452 				  link_id, (uint8_t *)link_addr,
4453 				  crypto_key, key_index);
4454 	if (QDF_IS_STATUS_ERROR(status)) {
4455 		crypto_err("failed to add crypto entry %d", status);
4456 		return status;
4457 	}
4458 
4459 	crypto_key->valid = true;
4460 	return QDF_STATUS_SUCCESS;
4461 }
4462 
wlan_crypto_save_key(struct wlan_objmgr_vdev * vdev,uint8_t key_index,struct wlan_crypto_key * crypto_key)4463 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev,
4464 				uint8_t key_index,
4465 				struct wlan_crypto_key *crypto_key)
4466 {
4467 	struct wlan_crypto_comp_priv *crypto_priv;
4468 	struct wlan_crypto_keys *priv_key = NULL;
4469 
4470 	crypto_priv = wlan_get_vdev_crypto_obj(vdev);
4471 	if (!crypto_priv) {
4472 		crypto_err("crypto_priv NULL");
4473 		return QDF_STATUS_E_FAILURE;
4474 	}
4475 
4476 	if (!is_valid_keyix(key_index)) {
4477 		crypto_err("Invalid Key index %d", key_index);
4478 		return QDF_STATUS_E_FAILURE;
4479 	}
4480 	if ((wlan_vdev_mlme_get_opmode(vdev) == QDF_STA_MODE ||
4481 	     wlan_vdev_mlme_get_opmode(vdev) == QDF_SAP_MODE) &&
4482 	    wlan_vdev_mlme_is_mlo_vdev(vdev) &&
4483 	    is_mlo_adv_enable()) {
4484 		wlan_crypto_save_key_at_psoc(vdev, key_index, crypto_key);
4485 	} else {
4486 		priv_key = &crypto_priv->crypto_key;
4487 		if (key_index < WLAN_CRYPTO_MAXKEYIDX) {
4488 			priv_key->key[key_index] = crypto_key;
4489 		} else if (is_igtk(key_index)) {
4490 			priv_key->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] =
4491 			crypto_key;
4492 			priv_key->def_igtk_tx_keyid =
4493 				key_index - WLAN_CRYPTO_MAXKEYIDX;
4494 			priv_key->igtk_key_type = crypto_key->cipher_type;
4495 		} else {
4496 			priv_key->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX
4497 				- WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key;
4498 			priv_key->def_bigtk_tx_keyid =
4499 				key_index - WLAN_CRYPTO_MAXKEYIDX
4500 				- WLAN_CRYPTO_MAXIGTKKEYIDX;
4501 		}
4502 		crypto_key->valid = true;
4503 	}
4504 	return QDF_STATUS_SUCCESS;
4505 }
4506 
4507 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE
wlan_crypto_get_ml_sta_link_key(struct wlan_objmgr_psoc * psoc,uint8_t key_index,struct qdf_mac_addr * link_addr,uint8_t link_id)4508 struct wlan_crypto_key *wlan_crypto_get_ml_sta_link_key(
4509 			struct wlan_objmgr_psoc *psoc,
4510 			uint8_t key_index,
4511 			struct qdf_mac_addr *link_addr, uint8_t link_id)
4512 {
4513 	struct crypto_psoc_priv_obj *crypto_psoc_obj;
4514 	struct wlan_crypto_key_entry *key_entry = NULL;
4515 
4516 	crypto_debug("crypto get key index %d link_id %d ", key_index, link_id);
4517 
4518 	if (!psoc) {
4519 		crypto_err("psoc NULL");
4520 		return NULL;
4521 	}
4522 
4523 	if (!link_addr) {
4524 		crypto_err("link_addr NULL");
4525 		return NULL;
4526 	}
4527 
4528 	crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj(
4529 							psoc,
4530 							WLAN_UMAC_COMP_CRYPTO);
4531 	if (!crypto_psoc_obj) {
4532 		crypto_err("crypto_psoc_obj NULL");
4533 		return NULL;
4534 	}
4535 
4536 	key_entry = crypto_hash_find_by_linkid_and_macaddr(
4537 							crypto_psoc_obj,
4538 							link_id,
4539 							(uint8_t *)link_addr);
4540 	if (key_entry) {
4541 		if (key_index < WLAN_CRYPTO_MAXKEYIDX)
4542 			return key_entry->keys.key[key_index];
4543 		else if (is_igtk(key_index))
4544 			return key_entry->keys.igtk_key[key_index
4545 						- WLAN_CRYPTO_MAXKEYIDX];
4546 		else
4547 			return key_entry->keys.bigtk_key[key_index
4548 						- WLAN_CRYPTO_MAXKEYIDX
4549 						- WLAN_CRYPTO_MAXIGTKKEYIDX];
4550 	}
4551 	return NULL;
4552 }
4553 #else
wlan_crypto_get_ml_sta_link_key(struct wlan_objmgr_psoc * psoc,uint8_t key_index,struct qdf_mac_addr * link_addr,uint8_t link_id)4554 struct wlan_crypto_key *wlan_crypto_get_ml_sta_link_key(
4555 			struct wlan_objmgr_psoc *psoc,
4556 			uint8_t key_index,
4557 			struct qdf_mac_addr *link_addr, uint8_t link_id)
4558 {
4559 	return NULL;
4560 }
4561 #endif
4562 
4563 /**
4564  * wlan_crypto_get_ml_keys_from_index() - Get the stored key information from
4565  * key index
4566  * @vdev: vdev object
4567  * @key_index: the index of the key that needs to be retrieved
4568  *
4569  * Return: Key material
4570  */
4571 static struct wlan_crypto_key *
wlan_crypto_get_ml_keys_from_index(struct wlan_objmgr_vdev * vdev,uint8_t key_index)4572 wlan_crypto_get_ml_keys_from_index(struct wlan_objmgr_vdev *vdev,
4573 				   uint8_t key_index)
4574 {
4575 	struct wlan_objmgr_psoc *psoc;
4576 	struct crypto_psoc_priv_obj *crypto_psoc_obj;
4577 	struct qdf_mac_addr *link_addr;
4578 	struct wlan_crypto_key_entry *key_entry = NULL;
4579 	uint8_t link_id = CRYPTO_MAX_LINK_IDX;
4580 
4581 	crypto_debug("crypto get key index %d", key_index);
4582 	psoc = wlan_vdev_get_psoc(vdev);
4583 	if (!psoc) {
4584 		crypto_err("psoc NULL");
4585 		return NULL;
4586 	}
4587 
4588 	crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj(
4589 							psoc,
4590 							WLAN_UMAC_COMP_CRYPTO);
4591 	if (!crypto_psoc_obj) {
4592 		crypto_err("crypto_psoc_obj NULL");
4593 		return NULL;
4594 	}
4595 
4596 	if (wlan_vdev_mlme_is_mlo_vdev(vdev))
4597 		link_id = wlan_vdev_get_link_id(vdev);
4598 
4599 	link_addr =
4600 		(struct qdf_mac_addr *)wlan_vdev_mlme_get_linkaddr(vdev);
4601 	if (!link_addr) {
4602 		crypto_err("link_addr NULL");
4603 		return NULL;
4604 	}
4605 
4606 	key_entry = crypto_hash_find_by_linkid_and_macaddr(
4607 						       crypto_psoc_obj,
4608 						       link_id,
4609 						       (uint8_t *)link_addr);
4610 	if (key_entry) {
4611 		if (key_index < WLAN_CRYPTO_MAXKEYIDX)
4612 			return key_entry->keys.key[key_index];
4613 		else if (is_igtk(key_index))
4614 			return key_entry->keys.igtk_key[key_index
4615 						- WLAN_CRYPTO_MAXKEYIDX];
4616 		else
4617 			return key_entry->keys.bigtk_key[key_index
4618 						- WLAN_CRYPTO_MAXKEYIDX
4619 						- WLAN_CRYPTO_MAXIGTKKEYIDX];
4620 	}
4621 
4622 	return NULL;
4623 }
4624 
wlan_crypto_get_key(struct wlan_objmgr_vdev * vdev,uint8_t key_index)4625 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev,
4626 					    uint8_t key_index)
4627 {
4628 	struct wlan_crypto_comp_priv *crypto_priv;
4629 	struct wlan_crypto_keys *priv_key = NULL;
4630 
4631 	crypto_priv = wlan_get_vdev_crypto_obj(vdev);
4632 	if (!crypto_priv) {
4633 		crypto_err("crypto_priv NULL");
4634 		return NULL;
4635 	}
4636 	priv_key = &crypto_priv->crypto_key;
4637 
4638 	if (!is_valid_keyix(key_index)) {
4639 		crypto_err("Invalid Key index %d", key_index);
4640 		return NULL;
4641 	}
4642 
4643 	if ((wlan_vdev_mlme_get_opmode(vdev) == QDF_STA_MODE ||
4644 	     wlan_vdev_mlme_get_opmode(vdev) == QDF_SAP_MODE) &&
4645 	    wlan_vdev_mlme_is_mlo_vdev(vdev) &&
4646 	    is_mlo_adv_enable()) {
4647 		return wlan_crypto_get_ml_keys_from_index(vdev, key_index);
4648 	} else {
4649 		if (key_index < WLAN_CRYPTO_MAXKEYIDX)
4650 			return priv_key->key[key_index];
4651 		else if (is_igtk(key_index))
4652 			return priv_key->igtk_key[key_index
4653 					- WLAN_CRYPTO_MAXKEYIDX];
4654 		else
4655 			return priv_key->bigtk_key[key_index
4656 					- WLAN_CRYPTO_MAXKEYIDX
4657 						- WLAN_CRYPTO_MAXIGTKKEYIDX];
4658 	}
4659 	return NULL;
4660 }
4661 
wlan_crypto_set_key_req(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_key * req,enum wlan_crypto_key_type key_type)4662 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev,
4663 				   struct wlan_crypto_key *req,
4664 				   enum wlan_crypto_key_type key_type)
4665 {
4666 	struct wlan_objmgr_psoc *psoc;
4667 	struct wlan_lmac_if_tx_ops *tx_ops;
4668 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
4669 
4670 	psoc = wlan_vdev_get_psoc(vdev);
4671 
4672 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4673 	if (!tx_ops) {
4674 		crypto_err("tx_ops is NULL");
4675 		return QDF_STATUS_E_FAILURE;
4676 	}
4677 
4678 	if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops))
4679 		status = WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req,
4680 							    key_type);
4681 
4682 	return status;
4683 }
4684 
wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev * vdev,bool pairwise,uint8_t key_index,struct qdf_mac_addr * peer_mac)4685 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev,
4686 				     bool pairwise, uint8_t key_index,
4687 				     struct qdf_mac_addr *peer_mac)
4688 {
4689 	struct wlan_crypto_key *crypto_key;
4690 
4691 	crypto_key = wlan_crypto_get_key(vdev, key_index);
4692 	if (!crypto_key) {
4693 		crypto_err("crypto_key not present for key_idx %d", key_index);
4694 		return;
4695 	}
4696 
4697 	qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE);
4698 }
4699 
4700 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD)
wlan_crypto_selective_clear_sae_single_pmk_entries(struct wlan_objmgr_vdev * vdev,struct qdf_mac_addr * conn_bssid)4701 void wlan_crypto_selective_clear_sae_single_pmk_entries(
4702 			struct wlan_objmgr_vdev *vdev,
4703 			struct qdf_mac_addr *conn_bssid)
4704 {
4705 	struct wlan_crypto_params *crypto_params;
4706 	struct wlan_crypto_comp_priv *crypto_priv;
4707 	int i;
4708 
4709 	crypto_priv = (struct wlan_crypto_comp_priv *)
4710 					wlan_get_vdev_crypto_obj(vdev);
4711 
4712 	if (!crypto_priv) {
4713 		crypto_err("crypto_priv NULL");
4714 		return;
4715 	}
4716 
4717 	crypto_params = &crypto_priv->crypto_params;
4718 
4719 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
4720 		if (!crypto_params->pmksa[i])
4721 			continue;
4722 
4723 		if (crypto_params->pmksa[i]->single_pmk_supported &&
4724 		    !qdf_is_macaddr_equal(conn_bssid,
4725 					  &crypto_params->pmksa[i]->bssid)) {
4726 			qdf_mem_zero(crypto_params->pmksa[i],
4727 				     sizeof(struct wlan_crypto_pmksa));
4728 			qdf_mem_free(crypto_params->pmksa[i]);
4729 			crypto_params->pmksa[i] = NULL;
4730 		}
4731 	}
4732 }
4733 
wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev * vdev,struct qdf_mac_addr * bssid,bool single_pmk_capable_bss)4734 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev,
4735 					    struct qdf_mac_addr *bssid,
4736 					    bool single_pmk_capable_bss)
4737 {
4738 	struct wlan_crypto_params *crypto_params;
4739 	struct wlan_crypto_comp_priv *crypto_priv;
4740 	int i;
4741 
4742 	crypto_priv = (struct wlan_crypto_comp_priv *)
4743 					wlan_get_vdev_crypto_obj(vdev);
4744 
4745 	if (!crypto_priv) {
4746 		crypto_err("crypto_priv NULL");
4747 		return;
4748 	}
4749 
4750 	crypto_params = &crypto_priv->crypto_params;
4751 
4752 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
4753 		if (!crypto_params->pmksa[i])
4754 			continue;
4755 
4756 		if (qdf_is_macaddr_equal(bssid,
4757 					 &crypto_params->pmksa[i]->bssid))
4758 			crypto_params->pmksa[i]->single_pmk_supported =
4759 					single_pmk_capable_bss;
4760 	}
4761 }
4762 
4763 void
wlan_crypto_set_sae_single_pmk_info(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_pmksa * roam_sync_pmksa)4764 wlan_crypto_set_sae_single_pmk_info(struct wlan_objmgr_vdev *vdev,
4765 				    struct wlan_crypto_pmksa *roam_sync_pmksa)
4766 {
4767 	struct wlan_crypto_params *crypto_params;
4768 	struct wlan_crypto_comp_priv *crypto_priv;
4769 	int i;
4770 
4771 	crypto_priv = (struct wlan_crypto_comp_priv *)
4772 					wlan_get_vdev_crypto_obj(vdev);
4773 
4774 	if (!crypto_priv) {
4775 		crypto_err("crypto_priv NULL");
4776 		return;
4777 	}
4778 
4779 	crypto_params = &crypto_priv->crypto_params;
4780 
4781 	for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
4782 		if (!crypto_params->pmksa[i])
4783 			continue;
4784 		if (qdf_is_macaddr_equal(&roam_sync_pmksa->bssid,
4785 					 &crypto_params->pmksa[i]->bssid) &&
4786 		    roam_sync_pmksa->single_pmk_supported &&
4787 		    roam_sync_pmksa->pmk_len) {
4788 			crypto_params->pmksa[i]->single_pmk_supported =
4789 					roam_sync_pmksa->single_pmk_supported;
4790 			crypto_params->pmksa[i]->pmk_len =
4791 						roam_sync_pmksa->pmk_len;
4792 			qdf_mem_copy(crypto_params->pmksa[i]->pmk,
4793 				     roam_sync_pmksa->pmk,
4794 				     roam_sync_pmksa->pmk_len);
4795 		}
4796 	}
4797 }
4798 
4799 #endif
4800 
wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev * vdev)4801 void wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev *vdev)
4802 {
4803 	struct wlan_crypto_comp_priv *crypto_priv;
4804 
4805 	crypto_debug("reset params for vdev %d", wlan_vdev_get_id(vdev));
4806 	crypto_priv = (struct wlan_crypto_comp_priv *)
4807 		       wlan_get_vdev_crypto_obj(vdev);
4808 
4809 	if (!crypto_priv) {
4810 		crypto_err("crypto_priv NULL");
4811 		return;
4812 	}
4813 
4814 	wlan_crypto_reset_prarams(&crypto_priv->crypto_params);
4815 }
4816 
wlan_crypto_psoc_enable(struct wlan_objmgr_psoc * psoc)4817 QDF_STATUS wlan_crypto_psoc_enable(struct wlan_objmgr_psoc *psoc)
4818 {
4819 	struct wlan_lmac_if_tx_ops *tx_ops;
4820 
4821 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4822 	if (!tx_ops) {
4823 		crypto_err("tx_ops is NULL");
4824 		return QDF_STATUS_E_FAILURE;
4825 	}
4826 
4827 	if (WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops))
4828 		return WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)(psoc);
4829 
4830 	return QDF_STATUS_E_FAILURE;
4831 }
4832 
wlan_crypto_psoc_disable(struct wlan_objmgr_psoc * psoc)4833 QDF_STATUS wlan_crypto_psoc_disable(struct wlan_objmgr_psoc *psoc)
4834 {
4835 	struct wlan_lmac_if_tx_ops *tx_ops;
4836 
4837 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4838 	if (!tx_ops) {
4839 		crypto_err("tx_ops is NULL");
4840 		return QDF_STATUS_E_FAILURE;
4841 	}
4842 
4843 	if (WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops))
4844 		return WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)(psoc);
4845 
4846 	return QDF_STATUS_E_FAILURE;
4847 }
4848 #endif
4849 
4850 #ifdef WLAN_FEATURE_FILS_SK
wlan_crypto_create_fils_rik(uint8_t * rrk,uint8_t rrk_len,uint8_t * rik,uint32_t * rik_len)4851 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len,
4852 				       uint8_t *rik, uint32_t *rik_len)
4853 {
4854 	uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN];
4855 	uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL;
4856 	QDF_STATUS status;
4857 
4858 	if (!rrk || !rik) {
4859 		crypto_err("FILS rrk/rik NULL");
4860 		return QDF_STATUS_E_FAILURE;
4861 	}
4862 
4863 	optional_data[0] = HMAC_SHA256_128;
4864 	/* basic validation */
4865 	if (rrk_len <= 0) {
4866 		crypto_err("invalid r_rk length %d", rrk_len);
4867 		return QDF_STATUS_E_FAILURE;
4868 	}
4869 
4870 	wlan_crypto_put_be16(&optional_data[1], rrk_len);
4871 	status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data,
4872 					     sizeof(optional_data), rik,
4873 					     rrk_len);
4874 	if (QDF_IS_STATUS_ERROR(status)) {
4875 		crypto_err("failed to create rik");
4876 		return status;
4877 	}
4878 	*rik_len = rrk_len;
4879 
4880 	return QDF_STATUS_SUCCESS;
4881 }
4882 #endif /* WLAN_FEATURE_FILS_SK */
4883 
4884 #if defined(WIFI_POS_CONVERGED) && defined(WLAN_FEATURE_RTT_11AZ_SUPPORT)
4885 QDF_STATUS
wlan_crypto_set_ltf_keyseed(struct wlan_objmgr_psoc * psoc,struct wlan_crypto_ltf_keyseed_data * data)4886 wlan_crypto_set_ltf_keyseed(struct wlan_objmgr_psoc *psoc,
4887 			    struct wlan_crypto_ltf_keyseed_data *data)
4888 {
4889 	QDF_STATUS status = QDF_STATUS_SUCCESS;
4890 	struct wlan_lmac_if_tx_ops *tx_ops;
4891 
4892 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4893 	if (!tx_ops) {
4894 		crypto_err("tx_ops is NULL");
4895 		return QDF_STATUS_E_INVAL;
4896 	}
4897 
4898 	if (WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops))
4899 		status = WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)(psoc, data);
4900 
4901 	return status;
4902 }
4903 #endif
4904 
4905 QDF_STATUS
wlan_crypto_vdev_set_param(struct wlan_objmgr_psoc * psoc,uint32_t vdev_id,uint32_t param_id,uint32_t param_value)4906 wlan_crypto_vdev_set_param(struct wlan_objmgr_psoc *psoc, uint32_t vdev_id,
4907 			   uint32_t param_id, uint32_t param_value)
4908 {
4909 	QDF_STATUS status = QDF_STATUS_SUCCESS;
4910 	struct wlan_lmac_if_tx_ops *tx_ops;
4911 
4912 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4913 	if (!tx_ops) {
4914 		crypto_err("tx_ops is NULL");
4915 		return QDF_STATUS_E_INVAL;
4916 	}
4917 
4918 	if (WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops))
4919 		status = WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops) (psoc,
4920 								    vdev_id,
4921 								    param_id,
4922 								    param_value);
4923 
4924 	return status;
4925 }
4926