1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 #include <qdf_types.h> 23 #include <wlan_cmn.h> 24 #include <wlan_objmgr_cmn.h> 25 #include <wlan_objmgr_global_obj.h> 26 #include <wlan_objmgr_psoc_obj.h> 27 #include <wlan_objmgr_pdev_obj.h> 28 #include <wlan_objmgr_vdev_obj.h> 29 #include <wlan_objmgr_peer_obj.h> 30 31 #include "wlan_crypto_global_def.h" 32 #include "wlan_crypto_global_api.h" 33 #include "wlan_crypto_def_i.h" 34 #include "wlan_crypto_param_handling_i.h" 35 #include "wlan_crypto_obj_mgr_i.h" 36 37 #include <qdf_module.h> 38 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 /** 59 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 60 * @vdev:vdev 61 * 62 * This function gets called by mlme to get crypto params 63 * 64 * Return: wlan_crypto_params or NULL in case of failure 65 */ 66 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 67 struct wlan_objmgr_vdev *vdev, 68 struct wlan_crypto_comp_priv **crypto_priv){ 69 *crypto_priv = (struct wlan_crypto_comp_priv *) 70 wlan_get_vdev_crypto_obj(vdev); 71 if (*crypto_priv == NULL) { 72 crypto_err("crypto_priv NULL"); 73 return NULL; 74 } 75 76 return &((*crypto_priv)->crypto_params); 77 } 78 79 /** 80 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 81 * @peer:peer 82 * 83 * This function gets called by mlme to get crypto params 84 * 85 * Return: wlan_crypto_params or NULL in case of failure 86 */ 87 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 88 struct wlan_objmgr_peer *peer, 89 struct wlan_crypto_comp_priv **crypto_priv){ 90 91 *crypto_priv = (struct wlan_crypto_comp_priv *) 92 wlan_get_peer_crypto_obj(peer); 93 if (*crypto_priv == NULL) { 94 crypto_err("crypto_priv NULL"); 95 return NULL; 96 } 97 98 return &((*crypto_priv)->crypto_params); 99 } 100 101 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 102 { 103 return QDF_STATUS_SUCCESS; 104 } 105 106 /** 107 * wlan_crypto_set_param - called by ucfg to set crypto param 108 * @crypto_params: crypto_params 109 * @param: param to be set. 110 * @value: value 111 * 112 * This function gets called from ucfg to set param 113 * 114 * Return: QDF_STATUS_SUCCESS - in case of success 115 */ 116 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 117 wlan_crypto_param_type param, 118 uint32_t value){ 119 QDF_STATUS status = QDF_STATUS_E_INVAL; 120 121 switch (param) { 122 case WLAN_CRYPTO_PARAM_AUTH_MODE: 123 status = wlan_crypto_set_authmode(crypto_params, value); 124 break; 125 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 126 status = wlan_crypto_set_ucastciphers(crypto_params, value); 127 break; 128 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 129 status = wlan_crypto_set_mcastcipher(crypto_params, value); 130 break; 131 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 132 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 133 break; 134 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 135 status = wlan_crypto_set_cipher_cap(crypto_params, value); 136 break; 137 case WLAN_CRYPTO_PARAM_RSN_CAP: 138 status = wlan_crypto_set_rsn_cap(crypto_params, value); 139 break; 140 case WLAN_CRYPTO_PARAM_KEY_MGMT: 141 status = wlan_crypto_set_key_mgmt(crypto_params, value); 142 break; 143 default: 144 status = QDF_STATUS_E_INVAL; 145 } 146 return status; 147 } 148 149 /** 150 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 151 * @vdev: vdev 152 * @param: param to be set. 153 * @value: value 154 * 155 * This function gets called from ucfg to set param 156 * 157 * Return: QDF_STATUS_SUCCESS - in case of success 158 */ 159 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 160 wlan_crypto_param_type param, 161 uint32_t value){ 162 QDF_STATUS status = QDF_STATUS_E_INVAL; 163 struct wlan_crypto_comp_priv *crypto_priv; 164 struct wlan_crypto_params *crypto_params; 165 166 crypto_priv = (struct wlan_crypto_comp_priv *) 167 wlan_get_vdev_crypto_obj(vdev); 168 169 if (crypto_priv == NULL) { 170 crypto_err("crypto_priv NULL"); 171 return QDF_STATUS_E_INVAL; 172 } 173 174 crypto_params = &(crypto_priv->crypto_params); 175 176 status = wlan_crypto_set_param(crypto_params, param, value); 177 178 return status; 179 } 180 181 /** 182 * wlan_crypto_set_param - called by ucfg to set crypto param 183 * 184 * @peer: peer 185 * @param: param to be set. 186 * @value: value 187 * 188 * This function gets called from ucfg to set param 189 * 190 * Return: QDF_STATUS_SUCCESS - in case of success 191 */ 192 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 193 wlan_crypto_param_type param, 194 uint32_t value){ 195 QDF_STATUS status = QDF_STATUS_E_INVAL; 196 struct wlan_crypto_comp_priv *crypto_priv; 197 struct wlan_crypto_params *crypto_params; 198 199 crypto_params = wlan_crypto_peer_get_comp_params(peer, 200 &crypto_priv); 201 202 if (crypto_priv == NULL) { 203 crypto_err("crypto_priv NULL"); 204 return QDF_STATUS_E_INVAL; 205 } 206 207 crypto_params = &(crypto_priv->crypto_params); 208 209 status = wlan_crypto_set_param(crypto_params, param, value); 210 211 return status; 212 } 213 214 /** 215 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 216 * @param: Crypto param type 217 * @crypto_params: Crypto params struct 218 * 219 * This function gets called from in-within crypto layer 220 * 221 * Return: value or -1 for failure 222 */ 223 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 224 struct wlan_crypto_params *crypto_params) 225 { 226 int32_t value = -1; 227 228 switch (param) { 229 case WLAN_CRYPTO_PARAM_AUTH_MODE: 230 value = wlan_crypto_get_authmode(crypto_params); 231 break; 232 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 233 value = wlan_crypto_get_ucastciphers(crypto_params); 234 break; 235 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 236 value = wlan_crypto_get_mcastcipher(crypto_params); 237 break; 238 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 239 value = wlan_crypto_get_mgmtciphers(crypto_params); 240 break; 241 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 242 value = wlan_crypto_get_cipher_cap(crypto_params); 243 break; 244 case WLAN_CRYPTO_PARAM_RSN_CAP: 245 value = wlan_crypto_get_rsn_cap(crypto_params); 246 break; 247 case WLAN_CRYPTO_PARAM_KEY_MGMT: 248 value = wlan_crypto_get_key_mgmt(crypto_params); 249 break; 250 default: 251 value = QDF_STATUS_E_INVAL; 252 } 253 254 return value; 255 } 256 257 /** 258 * wlan_crypto_get_param - called to get value for param from vdev 259 * @vdev: vdev 260 * @param: Crypto param type 261 * 262 * This function gets called to get value for param from vdev 263 * 264 * Return: value or -1 for failure 265 */ 266 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 267 wlan_crypto_param_type param) 268 { 269 int32_t value = -1; 270 struct wlan_crypto_comp_priv *crypto_priv; 271 struct wlan_crypto_params *crypto_params; 272 crypto_priv = (struct wlan_crypto_comp_priv *) 273 wlan_get_vdev_crypto_obj(vdev); 274 275 if (crypto_priv == NULL) { 276 crypto_err("crypto_priv NULL"); 277 return QDF_STATUS_E_INVAL; 278 } 279 280 crypto_params = &(crypto_priv->crypto_params); 281 value = wlan_crypto_get_param_value(param, crypto_params); 282 283 return value; 284 } 285 /** 286 * wlan_crypto_get_peer_param - called to get value for param from peer 287 * @peer: peer 288 * @param: Crypto param type 289 * 290 * This function gets called to get value for param from peer 291 * 292 * Return: value or -1 for failure 293 */ 294 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 295 wlan_crypto_param_type param) 296 { 297 int32_t value = -1; 298 struct wlan_crypto_comp_priv *crypto_priv; 299 struct wlan_crypto_params *crypto_params; 300 301 crypto_params = wlan_crypto_peer_get_comp_params(peer, 302 &crypto_priv); 303 304 if (crypto_params == NULL) { 305 crypto_err("crypto_params NULL"); 306 return QDF_STATUS_E_INVAL; 307 } 308 value = wlan_crypto_get_param_value(param, crypto_params); 309 310 return value; 311 } 312 qdf_export_symbol(wlan_crypto_get_peer_param); 313 /** 314 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 315 * @vdev: vdev 316 * @peer: peer 317 * 318 * This function gets called to check is HT allowed for cipher. 319 * HT is not allowed for wep and tkip. 320 * 321 * Return: 0 - not allowed or 1 - allowed 322 */ 323 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 324 struct wlan_objmgr_peer *peer) 325 { 326 int32_t ucast_cipher; 327 328 if (!(vdev || peer)) { 329 crypto_err("Invalid params"); 330 return 0; 331 } 332 333 if (vdev) 334 ucast_cipher = wlan_crypto_get_param(vdev, 335 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 336 else 337 ucast_cipher = wlan_crypto_get_peer_param(peer, 338 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 339 340 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 341 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 342 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 343 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 344 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 345 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 346 } 347 qdf_export_symbol(wlan_crypto_is_htallowed); 348 349 /** 350 * wlan_crypto_setkey - called by ucfg to setkey 351 * @vdev: vdev 352 * @req_key: req_key with cipher type, key macaddress 353 * 354 * This function gets called from ucfg to sey key 355 * 356 * Return: QDF_STATUS_SUCCESS - in case of success 357 */ 358 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 359 struct wlan_crypto_req_key *req_key){ 360 361 QDF_STATUS status = QDF_STATUS_E_INVAL; 362 struct wlan_crypto_comp_priv *crypto_priv; 363 struct wlan_crypto_params *crypto_params; 364 struct wlan_objmgr_psoc *psoc; 365 struct wlan_objmgr_peer *peer; 366 struct wlan_crypto_key *key = NULL; 367 const struct wlan_crypto_cipher *cipher; 368 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 369 bool isbcast; 370 enum QDF_OPMODE vdev_mode; 371 uint8_t igtk_idx = 0; 372 373 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 374 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 375 return QDF_STATUS_E_INVAL; 376 } 377 378 isbcast = qdf_is_macaddr_group( 379 (struct qdf_mac_addr *)req_key->macaddr); 380 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 381 /* zero length keys, only set default key id if flags are set*/ 382 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 383 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 384 && (!IS_MGMT_CIPHER(req_key->type))) { 385 wlan_crypto_default_key(vdev, 386 req_key->macaddr, 387 req_key->keyix, 388 !isbcast); 389 return QDF_STATUS_SUCCESS; 390 } 391 crypto_err("req_key len zero"); 392 return QDF_STATUS_E_INVAL; 393 } 394 395 cipher = wlan_crypto_cipher_ops[req_key->type]; 396 397 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 398 crypto_err("cipher invalid"); 399 return QDF_STATUS_E_INVAL; 400 } 401 402 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 403 (!IS_MGMT_CIPHER(req_key->type)) && 404 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 405 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 406 crypto_err("cipher invalid"); 407 return QDF_STATUS_E_INVAL; 408 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 409 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 410 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 411 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 412 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 413 return QDF_STATUS_E_INVAL; 414 } 415 416 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 417 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 418 | WLAN_CRYPTO_KEY_RECV)) { 419 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 420 | WLAN_CRYPTO_KEY_RECV); 421 } 422 } else { 423 if ((req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX) 424 && (!IS_MGMT_CIPHER(req_key->type))) { 425 return QDF_STATUS_E_INVAL; 426 } 427 428 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 429 | WLAN_CRYPTO_KEY_RECV); 430 if (isbcast) 431 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 432 } 433 434 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 435 436 wlan_vdev_obj_lock(vdev); 437 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 438 psoc = wlan_vdev_get_psoc(vdev); 439 if (!psoc) { 440 wlan_vdev_obj_unlock(vdev); 441 crypto_err("psoc NULL"); 442 return QDF_STATUS_E_INVAL; 443 } 444 wlan_vdev_obj_unlock(vdev); 445 446 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 447 if (wlan_crypto_vdev_has_auth_mode(vdev, 448 (1 << WLAN_CRYPTO_AUTH_8021X))) { 449 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 450 } 451 } 452 453 if (isbcast) { 454 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 455 &crypto_priv); 456 if (crypto_priv == NULL) { 457 crypto_err("crypto_priv NULL"); 458 return QDF_STATUS_E_INVAL; 459 } 460 461 if (IS_MGMT_CIPHER(req_key->type)) { 462 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 463 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 464 crypto_err("igtk key invalid keyid %d", 465 igtk_idx); 466 return QDF_STATUS_E_INVAL; 467 } 468 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 469 if (key == NULL) { 470 crypto_err("igtk key alloc failed"); 471 return QDF_STATUS_E_NOMEM; 472 } 473 474 if (crypto_priv->igtk_key[igtk_idx]) 475 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 476 477 crypto_priv->igtk_key[igtk_idx] = key; 478 crypto_priv->igtk_key_type = req_key->type; 479 crypto_priv->def_igtk_tx_keyid = igtk_idx; 480 } else { 481 if (IS_FILS_CIPHER(req_key->type)) { 482 crypto_err("FILS key is not for BroadCast pkt"); 483 return QDF_STATUS_E_INVAL; 484 } 485 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 486 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 487 return QDF_STATUS_E_INVAL; 488 } 489 if (!crypto_priv->key[req_key->keyix]) { 490 crypto_priv->key[req_key->keyix] 491 = qdf_mem_malloc( 492 sizeof(struct wlan_crypto_key)); 493 if (!crypto_priv->key[req_key->keyix]) 494 return QDF_STATUS_E_NOMEM; 495 } 496 key = crypto_priv->key[req_key->keyix]; 497 } 498 if (vdev_mode == QDF_STA_MODE) { 499 peer = wlan_vdev_get_bsspeer(vdev); 500 if (!(peer && (QDF_STATUS_SUCCESS 501 == wlan_objmgr_peer_try_get_ref(peer, 502 WLAN_CRYPTO_ID)))) { 503 crypto_err("peer %pK failed", peer); 504 if (IS_MGMT_CIPHER(req_key->type)) { 505 crypto_priv->igtk_key[igtk_idx] = NULL; 506 crypto_priv->igtk_key_type 507 = WLAN_CRYPTO_CIPHER_NONE; 508 } else 509 crypto_priv->key[req_key->keyix] = NULL; 510 if (key) 511 qdf_mem_free(key); 512 return QDF_STATUS_E_INVAL; 513 } 514 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 515 WLAN_ALEN); 516 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 517 } 518 } else { 519 uint8_t pdev_id; 520 521 pdev_id = wlan_objmgr_pdev_get_pdev_id( 522 wlan_vdev_get_pdev(vdev)); 523 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 524 psoc, 525 pdev_id, 526 macaddr, 527 req_key->macaddr, 528 WLAN_CRYPTO_ID); 529 530 if (peer == NULL) { 531 crypto_err("peer NULL"); 532 return QDF_STATUS_E_INVAL; 533 } 534 535 qdf_mem_copy(macaddr, req_key->macaddr, WLAN_ALEN); 536 crypto_params = wlan_crypto_peer_get_comp_params(peer, 537 &crypto_priv); 538 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 539 540 if (crypto_priv == NULL) { 541 crypto_err("crypto_priv NULL"); 542 return QDF_STATUS_E_INVAL; 543 } 544 if (IS_MGMT_CIPHER(req_key->type)) { 545 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 546 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 547 crypto_err("igtk key invalid keyid %d", 548 igtk_idx); 549 return QDF_STATUS_E_INVAL; 550 } 551 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 552 if (key == NULL) { 553 crypto_err("igtk key alloc failed"); 554 return QDF_STATUS_E_NOMEM; 555 } 556 if (crypto_priv->igtk_key[igtk_idx]) 557 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 558 559 crypto_priv->igtk_key[igtk_idx] = key; 560 crypto_priv->igtk_key_type = req_key->type; 561 crypto_priv->def_igtk_tx_keyid = igtk_idx; 562 } else { 563 uint16_t kid = req_key->keyix; 564 if (kid == WLAN_CRYPTO_KEYIX_NONE) 565 kid = 0; 566 if (kid >= WLAN_CRYPTO_MAXKEYIDX) { 567 crypto_err("invalid keyid %d", kid); 568 return QDF_STATUS_E_INVAL; 569 } 570 if (!crypto_priv->key[kid]) { 571 crypto_priv->key[kid] 572 = qdf_mem_malloc( 573 sizeof(struct wlan_crypto_key)); 574 if (!crypto_priv->key[kid]) 575 return QDF_STATUS_E_NOMEM; 576 } 577 key = crypto_priv->key[kid]; 578 } 579 } 580 581 /* alloc key might not required as it is already there */ 582 key->cipher_table = (void *)cipher; 583 key->keylen = req_key->keylen; 584 key->flags = req_key->flags; 585 586 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 587 key->keyix = 0; 588 else 589 key->keyix = req_key->keyix; 590 591 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 592 && (!IS_MGMT_CIPHER(req_key->type))) { 593 crypto_priv->def_tx_keyid = key->keyix; 594 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 595 } 596 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 597 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 598 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 599 0x5c, 0x36, 0x5c, 0x36, 600 0x5c, 0x36, 0x5c, 0x36, 601 0x5c, 0x36, 0x5c, 0x37}; 602 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 603 0x5c, 0x36, 0x5c, 0x36, 604 0x5c, 0x36, 0x5c, 0x36, 605 0x5c, 0x36, 0x5c, 0x36}; 606 607 /* During Tx PN should be increment and 608 * send but as per our implementation we increment only after 609 * Tx complete. So First packet PN check will be failed. 610 * To compensate increment the PN here by 2 611 */ 612 if (vdev_mode == QDF_SAP_MODE) { 613 iv_AP[15] += 2; 614 qdf_mem_copy(key->recviv, iv_STA, 615 WLAN_CRYPTO_WAPI_IV_SIZE); 616 qdf_mem_copy(key->txiv, iv_AP, 617 WLAN_CRYPTO_WAPI_IV_SIZE); 618 } else { 619 iv_STA[15] += 2; 620 qdf_mem_copy(key->recviv, iv_AP, 621 WLAN_CRYPTO_WAPI_IV_SIZE); 622 qdf_mem_copy(key->txiv, iv_STA, 623 WLAN_CRYPTO_WAPI_IV_SIZE); 624 } 625 } else { 626 uint8_t i = 0; 627 qdf_mem_copy((uint8_t *)(&key->keytsc), 628 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 629 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 630 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 631 (uint8_t *)(&req_key->keyrsc), 632 sizeof(key->keyrsc[0])); 633 } 634 } 635 636 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 637 key->valid = 1; 638 if ((IS_MGMT_CIPHER(req_key->type))) { 639 if (HAS_CIPHER_CAP(crypto_params, 640 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 641 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 642 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 643 key, macaddr, req_key->type); 644 } 645 } 646 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 647 status = wlan_crypto_set_igtk_key(key); 648 return status; 649 } else if (IS_FILS_CIPHER(req_key->type)) { 650 /* Take request key object to FILS setkey */ 651 key->private = req_key; 652 } else { 653 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 654 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 655 macaddr, req_key->type); 656 } 657 } 658 status = cipher->setkey(key); 659 660 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 661 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 662 (!IS_MGMT_CIPHER(req_key->type))) { 663 /* default xmit key */ 664 wlan_crypto_default_key(vdev, 665 req_key->macaddr, 666 req_key->keyix, 667 !isbcast); 668 } 669 670 return status; 671 } 672 673 /** 674 * wlan_crypto_get_keytype - get keytype 675 * @key: key 676 * 677 * This function gets keytype from key 678 * 679 * Return: keytype 680 */ 681 wlan_crypto_cipher_type wlan_crypto_get_key_type( 682 struct wlan_crypto_key *key){ 683 if (key && key->cipher_table) { 684 return ((struct wlan_crypto_cipher *) 685 (key->cipher_table))->cipher; 686 } 687 return WLAN_CRYPTO_CIPHER_NONE; 688 } 689 qdf_export_symbol(wlan_crypto_get_key_type); 690 /** 691 * wlan_crypto_vdev_getkey - get key from vdev 692 * @vdev: vdev 693 * @keyix: keyix 694 * 695 * This function gets key from vdev 696 * 697 * Return: key or NULL 698 */ 699 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 700 uint16_t keyix){ 701 struct wlan_crypto_comp_priv *crypto_priv; 702 struct wlan_crypto_params *crypto_params; 703 struct wlan_crypto_key *key = NULL; 704 705 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 706 707 if (crypto_priv == NULL) { 708 crypto_err("crypto_priv NULL"); 709 return NULL; 710 } 711 712 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 713 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 714 else 715 key = crypto_priv->key[keyix]; 716 717 if (key && key->valid) 718 return key; 719 720 return NULL; 721 } 722 qdf_export_symbol(wlan_crypto_vdev_getkey); 723 724 /** 725 * wlan_crypto_peer_getkey - get key from peer 726 * @peer: peer 727 * @keyix: keyix 728 * 729 * This function gets key from peer 730 * 731 * Return: key or NULL 732 */ 733 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 734 uint16_t keyix){ 735 struct wlan_crypto_comp_priv *crypto_priv; 736 struct wlan_crypto_params *crypto_params; 737 struct wlan_crypto_key *key = NULL; 738 739 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 740 741 if (crypto_priv == NULL) { 742 crypto_err("crypto_priv NULL"); 743 return NULL; 744 } 745 746 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 747 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 748 else 749 key = crypto_priv->key[keyix]; 750 751 if (key && key->valid) 752 return key; 753 754 return NULL; 755 } 756 qdf_export_symbol(wlan_crypto_peer_getkey); 757 758 /** 759 * wlan_crypto_getkey - called by ucfg to get key 760 * @vdev: vdev 761 * @req_key: key value will be copied in this req_key 762 * @mac_address: mac address of the peer for unicast key 763 * or broadcast address if group key is requested. 764 * 765 * This function gets called from ucfg to get key 766 * 767 * Return: QDF_STATUS_SUCCESS - in case of success 768 */ 769 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 770 struct wlan_crypto_req_key *req_key, 771 uint8_t *mac_addr){ 772 struct wlan_crypto_cipher *cipher_table; 773 struct wlan_crypto_key *key; 774 struct wlan_objmgr_psoc *psoc; 775 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 776 777 if ((req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 778 (req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX)) { 779 crypto_err("invalid keyix %d", req_key->keyix); 780 return QDF_STATUS_E_INVAL; 781 } 782 783 wlan_vdev_obj_lock(vdev); 784 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 785 psoc = wlan_vdev_get_psoc(vdev); 786 if (!psoc) { 787 wlan_vdev_obj_unlock(vdev); 788 crypto_err("psoc NULL"); 789 return QDF_STATUS_E_INVAL; 790 } 791 wlan_vdev_obj_unlock(vdev); 792 793 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 794 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 795 if (!key) 796 return QDF_STATUS_E_INVAL; 797 } else { 798 struct wlan_objmgr_peer *peer; 799 uint8_t pdev_id; 800 801 pdev_id = wlan_objmgr_pdev_get_pdev_id( 802 wlan_vdev_get_pdev(vdev)); 803 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 804 psoc, 805 pdev_id, 806 macaddr, 807 mac_addr, 808 WLAN_CRYPTO_ID); 809 if (peer == NULL) { 810 crypto_err("peer NULL"); 811 return QDF_STATUS_E_NOENT; 812 } 813 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 814 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 815 if (!key) 816 return QDF_STATUS_E_INVAL; 817 } 818 819 if (key->valid) { 820 qdf_mem_copy(req_key->keydata, 821 key->keyval, key->keylen); 822 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 823 (uint8_t *)(&key->keytsc), 824 sizeof(req_key->keytsc)); 825 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 826 (uint8_t *)(&key->keyrsc[0]), 827 sizeof(req_key->keyrsc)); 828 req_key->keylen = key->keylen; 829 req_key->flags = key->flags; 830 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 831 832 if (!cipher_table) 833 return QDF_STATUS_SUCCESS; 834 835 req_key->type = cipher_table->cipher; 836 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 837 qdf_mem_copy((uint8_t *)(&req_key->txiv), 838 (uint8_t *)(key->txiv), 839 sizeof(req_key->txiv)); 840 qdf_mem_copy((uint8_t *)(&req_key->recviv), 841 (uint8_t *)(key->recviv), 842 sizeof(req_key->recviv)); 843 } 844 } 845 846 return QDF_STATUS_SUCCESS; 847 } 848 849 /** 850 * wlan_crypto_delkey - called by ucfg to delete key 851 * @vdev: vdev 852 * @mac_address: mac address of the peer for unicast key 853 * or broadcast address if group key is deleted. 854 * @key_idx: key index to be deleted 855 * 856 * This function gets called from ucfg to delete key 857 * 858 * Return: QDF_STATUS_SUCCESS - in case of success 859 */ 860 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 861 uint8_t *macaddr, 862 uint8_t key_idx){ 863 struct wlan_crypto_comp_priv *crypto_priv; 864 struct wlan_crypto_params *crypto_params; 865 struct wlan_crypto_key *key; 866 struct wlan_crypto_cipher *cipher_table; 867 struct wlan_objmgr_psoc *psoc; 868 uint8_t bssid_mac[WLAN_ALEN]; 869 870 if (!vdev || !macaddr || 871 (key_idx >= 872 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 873 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 874 vdev, macaddr, key_idx); 875 return QDF_STATUS_E_INVAL; 876 } 877 878 wlan_vdev_obj_lock(vdev); 879 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 880 psoc = wlan_vdev_get_psoc(vdev); 881 if (!psoc) { 882 wlan_vdev_obj_unlock(vdev); 883 crypto_err("psoc NULL"); 884 return QDF_STATUS_E_INVAL; 885 } 886 wlan_vdev_obj_unlock(vdev); 887 888 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 889 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 890 &crypto_priv); 891 if (crypto_priv == NULL) { 892 crypto_err("crypto_priv NULL"); 893 return QDF_STATUS_E_INVAL; 894 } 895 } else { 896 struct wlan_objmgr_peer *peer; 897 uint8_t pdev_id; 898 899 pdev_id = wlan_objmgr_pdev_get_pdev_id( 900 wlan_vdev_get_pdev(vdev)); 901 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 902 psoc, pdev_id, 903 bssid_mac, 904 macaddr, 905 WLAN_CRYPTO_ID); 906 if (peer == NULL) { 907 return QDF_STATUS_E_INVAL; 908 } 909 crypto_params = wlan_crypto_peer_get_comp_params(peer, 910 &crypto_priv); 911 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 912 if (crypto_priv == NULL) { 913 crypto_err("crypto_priv NULL"); 914 return QDF_STATUS_E_INVAL; 915 } 916 } 917 918 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 919 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 920 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 921 crypto_err("Igtk key invalid keyid %d", igtk_idx); 922 return QDF_STATUS_E_INVAL; 923 } 924 key = crypto_priv->igtk_key[igtk_idx]; 925 crypto_priv->igtk_key[igtk_idx] = NULL; 926 if (key) 927 key->valid = 0; 928 } else { 929 key = crypto_priv->key[key_idx]; 930 crypto_priv->key[key_idx] = NULL; 931 } 932 933 if (!key) 934 return QDF_STATUS_E_INVAL; 935 936 if (key->valid) { 937 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 938 939 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 940 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 941 macaddr, cipher_table->cipher); 942 } 943 } 944 qdf_mem_free(key); 945 946 return QDF_STATUS_SUCCESS; 947 } 948 949 /** 950 * wlan_crypto_default_key - called by ucfg to set default tx key 951 * @vdev: vdev 952 * @mac_address: mac address of the peer for unicast key 953 * or broadcast address if group key need to made default. 954 * @key_idx: key index to be made as default key 955 * @unicast: is key was unicast or group key. 956 * 957 * This function gets called from ucfg to set default key 958 * 959 * Return: QDF_STATUS_SUCCESS - in case of success 960 */ 961 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 962 uint8_t *macaddr, 963 uint8_t key_idx, 964 bool unicast){ 965 struct wlan_crypto_comp_priv *crypto_priv; 966 struct wlan_crypto_params *crypto_params; 967 struct wlan_crypto_key *key; 968 struct wlan_objmgr_psoc *psoc; 969 uint8_t bssid_mac[WLAN_ALEN]; 970 971 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 972 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 973 vdev, macaddr, key_idx); 974 return QDF_STATUS_E_INVAL; 975 } 976 977 wlan_vdev_obj_lock(vdev); 978 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 979 psoc = wlan_vdev_get_psoc(vdev); 980 if (!psoc) { 981 wlan_vdev_obj_unlock(vdev); 982 crypto_err("psoc NULL"); 983 return QDF_STATUS_E_INVAL; 984 } 985 wlan_vdev_obj_unlock(vdev); 986 987 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 988 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 989 &crypto_priv); 990 if (crypto_priv == NULL) { 991 crypto_err("crypto_priv NULL"); 992 return QDF_STATUS_E_INVAL; 993 } 994 995 key = crypto_priv->key[key_idx]; 996 if (!key) 997 return QDF_STATUS_E_INVAL; 998 } else { 999 struct wlan_objmgr_peer *peer; 1000 uint8_t pdev_id; 1001 1002 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1003 wlan_vdev_get_pdev(vdev)); 1004 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1005 psoc, pdev_id, 1006 bssid_mac, 1007 macaddr, 1008 WLAN_CRYPTO_ID); 1009 1010 if (peer == NULL) { 1011 crypto_err("peer NULL"); 1012 return QDF_STATUS_E_INVAL; 1013 } 1014 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1015 &crypto_priv); 1016 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1017 if (crypto_priv == NULL) { 1018 crypto_err("crypto_priv NULL"); 1019 return QDF_STATUS_E_INVAL; 1020 } 1021 1022 key = crypto_priv->key[key_idx]; 1023 if (!key) 1024 return QDF_STATUS_E_INVAL; 1025 } 1026 if (!key->valid) 1027 return QDF_STATUS_E_INVAL; 1028 1029 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1030 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1031 macaddr); 1032 } 1033 crypto_priv->def_tx_keyid = key_idx; 1034 1035 return QDF_STATUS_SUCCESS; 1036 } 1037 1038 /** 1039 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1040 * @vdev: vdev 1041 * @wbuf: wbuf 1042 * @macaddr: macaddr 1043 * @encapdone: is encapdone already or not. 1044 * 1045 * This function gets called from mgmt txrx to encap frame. 1046 * 1047 * Return: QDF_STATUS_SUCCESS - in case of success 1048 */ 1049 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1050 qdf_nbuf_t wbuf, 1051 uint8_t *mac_addr, 1052 uint8_t encapdone){ 1053 struct wlan_crypto_comp_priv *crypto_priv; 1054 struct wlan_crypto_params *crypto_params; 1055 struct wlan_crypto_key *key; 1056 QDF_STATUS status; 1057 struct wlan_crypto_cipher *cipher_table; 1058 struct wlan_objmgr_psoc *psoc; 1059 struct wlan_objmgr_peer *peer; 1060 uint8_t bssid_mac[WLAN_ALEN]; 1061 uint8_t pdev_id; 1062 uint8_t hdrlen; 1063 enum QDF_OPMODE opmode; 1064 1065 opmode = wlan_vdev_mlme_get_opmode(vdev); 1066 wlan_vdev_obj_lock(vdev); 1067 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1068 psoc = wlan_vdev_get_psoc(vdev); 1069 if (!psoc) { 1070 wlan_vdev_obj_unlock(vdev); 1071 crypto_err("psoc NULL"); 1072 return QDF_STATUS_E_INVAL; 1073 } 1074 wlan_vdev_obj_unlock(vdev); 1075 1076 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1077 /* FILS Encap required only for (Re-)Assoc response */ 1078 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1079 1080 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1081 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1082 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1083 return QDF_STATUS_E_INVAL; 1084 } 1085 1086 if (peer) 1087 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1088 1089 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1090 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1091 &crypto_priv); 1092 if (crypto_priv == NULL) { 1093 crypto_err("crypto_priv NULL"); 1094 return QDF_STATUS_E_INVAL; 1095 } 1096 1097 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1098 if (!key) 1099 return QDF_STATUS_E_INVAL; 1100 1101 } else { 1102 struct wlan_objmgr_peer *peer; 1103 uint8_t pdev_id; 1104 1105 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1106 wlan_vdev_get_pdev(vdev)); 1107 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1108 bssid_mac, mac_addr, 1109 WLAN_CRYPTO_ID); 1110 1111 if (peer == NULL) { 1112 crypto_err("crypto_priv NULL"); 1113 return QDF_STATUS_E_INVAL; 1114 } 1115 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1116 &crypto_priv); 1117 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1118 1119 if (crypto_priv == NULL) { 1120 crypto_err("crypto_priv NULL"); 1121 return QDF_STATUS_E_INVAL; 1122 } 1123 1124 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1125 if (!key) 1126 return QDF_STATUS_E_INVAL; 1127 } 1128 if (opmode == QDF_MONITOR_MODE) 1129 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1130 else 1131 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1132 (uint8_t *)qdf_nbuf_data(wbuf)); 1133 1134 /* if tkip, is counter measures enabled, then drop the frame */ 1135 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1136 status = cipher_table->encap(key, wbuf, encapdone, 1137 hdrlen); 1138 1139 return status; 1140 } 1141 qdf_export_symbol(wlan_crypto_encap); 1142 1143 /** 1144 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1145 * @vdev: vdev 1146 * @wbuf: wbuf 1147 * @macaddr: macaddr 1148 * @tid: tid of the frame 1149 * 1150 * This function gets called from mgmt txrx to decap frame. 1151 * 1152 * Return: QDF_STATUS_SUCCESS - in case of success 1153 */ 1154 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1155 qdf_nbuf_t wbuf, 1156 uint8_t *mac_addr, 1157 uint8_t tid){ 1158 struct wlan_crypto_comp_priv *crypto_priv; 1159 struct wlan_crypto_params *crypto_params; 1160 struct wlan_crypto_key *key; 1161 QDF_STATUS status; 1162 struct wlan_crypto_cipher *cipher_table; 1163 struct wlan_objmgr_psoc *psoc; 1164 struct wlan_objmgr_peer *peer; 1165 uint8_t bssid_mac[WLAN_ALEN]; 1166 uint8_t keyid; 1167 uint8_t pdev_id; 1168 uint8_t hdrlen; 1169 enum QDF_OPMODE opmode; 1170 1171 opmode = wlan_vdev_mlme_get_opmode(vdev); 1172 wlan_vdev_obj_lock(vdev); 1173 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1174 psoc = wlan_vdev_get_psoc(vdev); 1175 if (!psoc) { 1176 wlan_vdev_obj_unlock(vdev); 1177 crypto_err("psoc NULL"); 1178 return QDF_STATUS_E_INVAL; 1179 } 1180 wlan_vdev_obj_unlock(vdev); 1181 1182 if (opmode == QDF_MONITOR_MODE) 1183 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1184 else 1185 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1186 (uint8_t *)qdf_nbuf_data(wbuf)); 1187 1188 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1189 1190 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1191 return QDF_STATUS_E_INVAL; 1192 1193 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1194 /* FILS Decap required only for (Re-)Assoc request */ 1195 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1196 1197 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1198 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1199 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1200 return QDF_STATUS_E_INVAL; 1201 } 1202 1203 if (peer) 1204 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1205 1206 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1207 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1208 &crypto_priv); 1209 if (crypto_priv == NULL) { 1210 crypto_err("crypto_priv NULL"); 1211 return QDF_STATUS_E_INVAL; 1212 } 1213 1214 key = crypto_priv->key[keyid]; 1215 if (!key) 1216 return QDF_STATUS_E_INVAL; 1217 1218 } else { 1219 struct wlan_objmgr_peer *peer; 1220 uint8_t pdev_id; 1221 1222 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1223 wlan_vdev_get_pdev(vdev)); 1224 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1225 psoc, pdev_id, bssid_mac, 1226 mac_addr, WLAN_CRYPTO_ID); 1227 if (peer == NULL) { 1228 crypto_err("peer NULL"); 1229 return QDF_STATUS_E_INVAL; 1230 } 1231 1232 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1233 &crypto_priv); 1234 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1235 1236 if (crypto_priv == NULL) { 1237 crypto_err("crypto_priv NULL"); 1238 return QDF_STATUS_E_INVAL; 1239 } 1240 1241 key = crypto_priv->key[keyid]; 1242 if (!key) 1243 return QDF_STATUS_E_INVAL; 1244 } 1245 /* if tkip, is counter measures enabled, then drop the frame */ 1246 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1247 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1248 1249 return status; 1250 } 1251 qdf_export_symbol(wlan_crypto_decap); 1252 /** 1253 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1254 * @vdev: vdev 1255 * @wbuf: wbuf 1256 * @macaddr: macaddr 1257 * @encapdone: is encapdone already or not. 1258 * 1259 * This function gets called from mgmt txrx to adding mic to the frame. 1260 * 1261 * Return: QDF_STATUS_SUCCESS - in case of success 1262 */ 1263 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1264 qdf_nbuf_t wbuf, 1265 uint8_t *mac_addr, 1266 uint8_t encapdone){ 1267 struct wlan_crypto_comp_priv *crypto_priv; 1268 struct wlan_crypto_params *crypto_params; 1269 struct wlan_crypto_key *key; 1270 QDF_STATUS status; 1271 struct wlan_crypto_cipher *cipher_table; 1272 struct wlan_objmgr_psoc *psoc; 1273 uint8_t bssid_mac[WLAN_ALEN]; 1274 uint8_t hdrlen; 1275 enum QDF_OPMODE opmode; 1276 1277 opmode = wlan_vdev_mlme_get_opmode(vdev); 1278 1279 1280 wlan_vdev_obj_lock(vdev); 1281 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1282 psoc = wlan_vdev_get_psoc(vdev); 1283 if (!psoc) { 1284 wlan_vdev_obj_unlock(vdev); 1285 crypto_err("psoc NULL"); 1286 return QDF_STATUS_E_INVAL; 1287 } 1288 wlan_vdev_obj_unlock(vdev); 1289 1290 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1291 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1292 &crypto_priv); 1293 if (crypto_priv == NULL) { 1294 crypto_err("crypto_priv NULL"); 1295 return QDF_STATUS_E_INVAL; 1296 } 1297 1298 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1299 if (!key) 1300 return QDF_STATUS_E_INVAL; 1301 1302 } else { 1303 struct wlan_objmgr_peer *peer; 1304 uint8_t pdev_id; 1305 1306 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1307 wlan_vdev_get_pdev(vdev)); 1308 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1309 psoc, pdev_id, bssid_mac, 1310 mac_addr, WLAN_CRYPTO_ID); 1311 if (peer == NULL) { 1312 crypto_err("crypto_priv NULL"); 1313 return QDF_STATUS_E_INVAL; 1314 } 1315 1316 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1317 &crypto_priv); 1318 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1319 1320 if (crypto_priv == NULL) { 1321 crypto_err("crypto_priv NULL"); 1322 return QDF_STATUS_E_INVAL; 1323 } 1324 1325 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1326 if (!key) 1327 return QDF_STATUS_E_INVAL; 1328 } 1329 if (opmode == QDF_MONITOR_MODE) 1330 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1331 else 1332 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1333 (uint8_t *)qdf_nbuf_data(wbuf)); 1334 1335 /* if tkip, is counter measures enabled, then drop the frame */ 1336 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1337 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1338 1339 return status; 1340 } 1341 1342 /** 1343 * wlan_crypto_demic - called by mgmt for remove and check mic for 1344 * the frame based on cipher 1345 * @vdev: vdev 1346 * @wbuf: wbuf 1347 * @macaddr: macaddr 1348 * @tid: tid of the frame 1349 * @keyid: keyid in the received frame 1350 * This function gets called from mgmt txrx to decap frame. 1351 * 1352 * Return: QDF_STATUS_SUCCESS - in case of success 1353 */ 1354 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1355 qdf_nbuf_t wbuf, 1356 uint8_t *mac_addr, 1357 uint8_t tid, 1358 uint8_t keyid){ 1359 struct wlan_crypto_comp_priv *crypto_priv; 1360 struct wlan_crypto_params *crypto_params; 1361 struct wlan_crypto_key *key; 1362 QDF_STATUS status; 1363 struct wlan_crypto_cipher *cipher_table; 1364 struct wlan_objmgr_psoc *psoc; 1365 uint8_t bssid_mac[WLAN_ALEN]; 1366 uint8_t hdrlen; 1367 enum QDF_OPMODE opmode; 1368 1369 opmode = wlan_vdev_mlme_get_opmode(vdev); 1370 1371 if (opmode == QDF_MONITOR_MODE) 1372 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1373 else 1374 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1375 (uint8_t *)qdf_nbuf_data(wbuf)); 1376 1377 wlan_vdev_obj_lock(vdev); 1378 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1379 psoc = wlan_vdev_get_psoc(vdev); 1380 if (!psoc) { 1381 wlan_vdev_obj_unlock(vdev); 1382 crypto_err("psoc NULL"); 1383 return QDF_STATUS_E_INVAL; 1384 } 1385 wlan_vdev_obj_unlock(vdev); 1386 1387 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1388 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1389 &crypto_priv); 1390 if (crypto_priv == NULL) { 1391 crypto_err("crypto_priv NULL"); 1392 return QDF_STATUS_E_INVAL; 1393 } 1394 1395 key = crypto_priv->key[keyid]; 1396 if (!key) 1397 return QDF_STATUS_E_INVAL; 1398 1399 } else { 1400 struct wlan_objmgr_peer *peer; 1401 uint8_t pdev_id; 1402 1403 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1404 wlan_vdev_get_pdev(vdev)); 1405 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1406 psoc, pdev_id, bssid_mac, 1407 mac_addr, WLAN_CRYPTO_ID); 1408 if (peer == NULL) { 1409 crypto_err("peer NULL"); 1410 return QDF_STATUS_E_INVAL; 1411 } 1412 1413 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1414 &crypto_priv); 1415 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1416 1417 if (crypto_priv == NULL) { 1418 crypto_err("crypto_priv NULL"); 1419 return QDF_STATUS_E_INVAL; 1420 } 1421 1422 key = crypto_priv->key[keyid]; 1423 if (!key) 1424 return QDF_STATUS_E_INVAL; 1425 } 1426 /* if tkip, is counter measures enabled, then drop the frame */ 1427 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1428 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1429 1430 return status; 1431 } 1432 1433 /** 1434 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1435 * @vdev: vdev 1436 * 1437 * This function gets called to check is pmf enabled or not in vdev. 1438 * 1439 * Return: true or false 1440 */ 1441 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1442 { 1443 1444 struct wlan_crypto_comp_priv *crypto_priv; 1445 struct wlan_crypto_params *vdev_crypto_params; 1446 1447 if (!vdev) 1448 return false; 1449 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1450 &crypto_priv); 1451 if (crypto_priv == NULL) { 1452 crypto_err("crypto_priv NULL"); 1453 return QDF_STATUS_E_INVAL; 1454 } 1455 1456 if ((vdev_crypto_params->rsn_caps & 1457 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1458 || (vdev_crypto_params->rsn_caps & 1459 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1460 return true; 1461 } 1462 1463 return false; 1464 } 1465 /** 1466 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1467 * @vdev: vdev 1468 * @peer: peer 1469 * 1470 * This function gets called by mgmt txrx to check is pmf enabled or not. 1471 * 1472 * Return: true or false 1473 */ 1474 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1475 struct wlan_objmgr_peer *peer){ 1476 1477 struct wlan_crypto_comp_priv *crypto_priv; 1478 struct wlan_crypto_params *vdev_crypto_params; 1479 struct wlan_crypto_params *peer_crypto_params; 1480 1481 if (!vdev || !peer) 1482 return false; 1483 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1484 &crypto_priv); 1485 if (crypto_priv == NULL) { 1486 crypto_err("crypto_priv NULL"); 1487 return QDF_STATUS_E_INVAL; 1488 } 1489 1490 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1491 &crypto_priv); 1492 if (crypto_priv == NULL) { 1493 crypto_err("crypto_priv NULL"); 1494 return QDF_STATUS_E_INVAL; 1495 } 1496 if (((vdev_crypto_params->rsn_caps & 1497 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1498 (peer_crypto_params->rsn_caps & 1499 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1500 || (vdev_crypto_params->rsn_caps & 1501 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1502 return true; 1503 } 1504 1505 return false; 1506 } 1507 1508 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1509 { 1510 a[0] = b[5]; 1511 a[1] = b[4]; 1512 a[2] = b[3]; 1513 a[3] = b[2]; 1514 a[4] = b[1]; 1515 a[5] = b[0]; 1516 } 1517 1518 /** 1519 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1520 * @vdev: vdev 1521 * @bfrm: frame starting pointer 1522 * @len: length of the frame 1523 * 1524 * This function gets called by mgmt txrx to add mmie in frame 1525 * 1526 * Return: end of frame or NULL in case failure 1527 */ 1528 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1529 uint8_t *bfrm, 1530 uint32_t len) { 1531 struct wlan_crypto_key *key; 1532 struct wlan_crypto_mmie *mmie; 1533 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1534 struct ieee80211_hdr *hdr; 1535 uint32_t i, hdrlen, mic_len, aad_len; 1536 uint8_t mic[16]; 1537 struct wlan_crypto_comp_priv *crypto_priv; 1538 struct wlan_crypto_params *crypto_params; 1539 int32_t ret = -1; 1540 1541 if (!bfrm) { 1542 crypto_err("frame is NULL"); 1543 return NULL; 1544 } 1545 1546 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1547 &crypto_priv); 1548 if (crypto_priv == NULL) { 1549 crypto_err("crypto_priv NULL"); 1550 return NULL; 1551 } 1552 1553 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1554 crypto_err("igtk key invalid keyid %d", 1555 crypto_priv->def_igtk_tx_keyid); 1556 return NULL; 1557 } 1558 1559 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1560 if (!key) { 1561 crypto_err("No igtk key present"); 1562 return NULL; 1563 } 1564 mic_len = (crypto_priv->igtk_key_type 1565 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1566 1567 efrm = bfrm + len; 1568 aad_len = 20; 1569 hdrlen = sizeof(struct ieee80211_hdr); 1570 len += sizeof(struct wlan_crypto_mmie); 1571 1572 mmie = (struct wlan_crypto_mmie *) efrm; 1573 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1574 mmie->element_id = WLAN_ELEMID_MMIE; 1575 mmie->length = sizeof(*mmie) - 2; 1576 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1577 1578 mic_len = (crypto_priv->igtk_key_type 1579 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1580 if (mic_len == 8) { 1581 mmie->length -= 8; 1582 len -= 8; 1583 } 1584 /* PN = PN + 1 */ 1585 pn = (uint8_t *)&key->keytsc; 1586 1587 for (i = 0; i <= 5; i++) { 1588 pn[i]++; 1589 if (pn[i]) 1590 break; 1591 } 1592 1593 /* Copy IPN */ 1594 qdf_mem_copy(mmie->sequence_number, pn, 6); 1595 1596 hdr = (struct ieee80211_hdr *) bfrm; 1597 1598 buf = qdf_mem_malloc(len - hdrlen + 20); 1599 if (!buf) { 1600 crypto_err("malloc failed"); 1601 return NULL; 1602 } 1603 qdf_mem_zero(buf, len - hdrlen + 20); 1604 aad = buf; 1605 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1606 1607 /* FC type/subtype */ 1608 aad[0] = hdr->frame_control[0]; 1609 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1610 aad[1] = (hdr->frame_control[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1611 | WLAN_FC1_MOREDATA)); 1612 /* A1 || A2 || A3 */ 1613 qdf_mem_copy(aad + 2, hdr->addr1, WLAN_ALEN); 1614 qdf_mem_copy(aad + 8, hdr->addr2, WLAN_ALEN); 1615 qdf_mem_copy(aad + 14, hdr->addr3, WLAN_ALEN); 1616 qdf_mem_zero(mic, 16); 1617 1618 /* 1619 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1620 */ 1621 1622 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1623 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1624 1625 ret = omac1_aes_128(key->keyval, buf, 1626 len + aad_len - hdrlen, mic); 1627 qdf_mem_copy(mmie->mic, mic, 8); 1628 1629 } else if (crypto_priv->igtk_key_type 1630 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1631 1632 ret = omac1_aes_256(key->keyval, buf, 1633 len + aad_len - hdrlen, mmie->mic); 1634 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1635 || (crypto_priv->igtk_key_type 1636 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1637 1638 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1639 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1640 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1641 sizeof(nounce), buf, 1642 len + aad_len - hdrlen, mmie->mic); 1643 } 1644 qdf_mem_free(buf); 1645 if (ret < 0) { 1646 crypto_err("add mmie failed"); 1647 return NULL; 1648 } 1649 1650 return bfrm + len; 1651 } 1652 1653 /** 1654 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1655 * @vdev: vdev 1656 * @frm: frame starting pointer 1657 * @efrm: end of frame pointer 1658 * 1659 * This function gets called by mgmt txrx to check mmie of the frame 1660 * 1661 * Return: true or false 1662 */ 1663 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1664 uint8_t *frm, 1665 uint8_t *efrm){ 1666 struct wlan_crypto_mmie *mmie = NULL; 1667 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1668 struct wlan_crypto_key *key; 1669 struct ieee80211_hdr *hdr; 1670 uint16_t mic_len, hdrlen, len; 1671 struct wlan_crypto_comp_priv *crypto_priv; 1672 struct wlan_crypto_params *crypto_params; 1673 uint8_t aad_len = 20; 1674 int32_t ret = -1; 1675 1676 /* check if frame is illegal length */ 1677 if (!frm || !efrm || (efrm < frm) 1678 || ((efrm - frm) < sizeof(struct ieee80211_hdr))) { 1679 crypto_err("Invalid params"); 1680 return false; 1681 } 1682 len = efrm - frm; 1683 crypto_priv = (struct wlan_crypto_comp_priv *) 1684 wlan_get_vdev_crypto_obj(vdev); 1685 if (crypto_priv == NULL) { 1686 crypto_err("crypto_priv NULL"); 1687 return false; 1688 } 1689 1690 crypto_params = &(crypto_priv->crypto_params); 1691 1692 1693 mic_len = (crypto_priv->igtk_key_type 1694 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1695 hdrlen = sizeof(struct ieee80211_hdr); 1696 1697 if (mic_len == 8) 1698 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1699 else 1700 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1701 1702 1703 /* check Elem ID*/ 1704 if ((mmie == NULL) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1705 crypto_err("IE is not MMIE"); 1706 return false; 1707 } 1708 1709 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1710 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1711 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1712 crypto_err("keyid not valid"); 1713 return false; 1714 } 1715 1716 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1717 if (!key) { 1718 crypto_err("No igtk key present"); 1719 return false; 1720 } 1721 1722 /* validate ipn */ 1723 ipn = mmie->sequence_number; 1724 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1725 uint8_t *su = (uint8_t *)key->keyrsc; 1726 uint8_t *end = ipn + 6; 1727 1728 crypto_err("replay error :"); 1729 while (ipn < end) { 1730 crypto_err("expected pn = %x received pn = %x", 1731 *ipn++, *su++); 1732 } 1733 return false; 1734 } 1735 1736 buf = qdf_mem_malloc(len - hdrlen + 20); 1737 if (!buf) { 1738 crypto_err("malloc failed"); 1739 return false; 1740 } 1741 aad = buf; 1742 1743 /* construct AAD */ 1744 hdr = (struct ieee80211_hdr *)frm; 1745 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1746 1747 /* FC type/subtype */ 1748 aad[0] = hdr->frame_control[0]; 1749 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1750 aad[1] = (hdr->frame_control[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1751 | WLAN_FC1_MOREDATA)); 1752 /* A1 || A2 || A3 */ 1753 qdf_mem_copy(aad + 2, hdr->addr1, 3 * WLAN_ALEN); 1754 1755 /* 1756 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1757 */ 1758 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1759 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1760 qdf_mem_zero(mic, 16); 1761 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1762 ret = omac1_aes_128(key->keyval, buf, 1763 len - hdrlen + aad_len, mic); 1764 } else if (crypto_priv->igtk_key_type 1765 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1766 ret = omac1_aes_256(key->keyval, buf, 1767 len + aad_len - hdrlen, mic); 1768 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1769 || (crypto_priv->igtk_key_type 1770 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1771 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1772 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 1773 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1774 sizeof(nounce), buf, 1775 len + aad_len - hdrlen, mic); 1776 } 1777 1778 qdf_mem_free(buf); 1779 1780 if (ret < 0) { 1781 crypto_err("genarate mmie failed"); 1782 return false; 1783 } 1784 1785 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 1786 crypto_err("mmie mismatch"); 1787 /* MMIE MIC mismatch */ 1788 return false; 1789 } 1790 1791 /* Update the receive sequence number */ 1792 qdf_mem_copy(key->keyrsc, ipn, 6); 1793 crypto_debug("mmie matched"); 1794 1795 return true; 1796 } 1797 1798 1799 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 1800 { 1801 int32_t status = -1; 1802 1803 switch (cipher) { 1804 case WLAN_CRYPTO_CIPHER_TKIP: 1805 return WPA_CIPHER_SUITE_TKIP; 1806 case WLAN_CRYPTO_CIPHER_AES_CCM: 1807 return WPA_CIPHER_SUITE_CCMP; 1808 case WLAN_CRYPTO_CIPHER_NONE: 1809 return WPA_CIPHER_SUITE_NONE; 1810 } 1811 1812 return status; 1813 } 1814 1815 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 1816 { 1817 int32_t status = -1; 1818 1819 switch (cipher) { 1820 case WLAN_CRYPTO_CIPHER_TKIP: 1821 return RSN_CIPHER_SUITE_TKIP; 1822 case WLAN_CRYPTO_CIPHER_AES_CCM: 1823 return RSN_CIPHER_SUITE_CCMP; 1824 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 1825 return RSN_CIPHER_SUITE_CCMP_256; 1826 case WLAN_CRYPTO_CIPHER_AES_GCM: 1827 return RSN_CIPHER_SUITE_GCMP; 1828 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 1829 return RSN_CIPHER_SUITE_GCMP_256; 1830 case WLAN_CRYPTO_CIPHER_AES_CMAC: 1831 return RSN_CIPHER_SUITE_AES_CMAC; 1832 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 1833 return RSN_CIPHER_SUITE_BIP_CMAC_256; 1834 case WLAN_CRYPTO_CIPHER_AES_GMAC: 1835 return RSN_CIPHER_SUITE_BIP_GMAC_128; 1836 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 1837 return RSN_CIPHER_SUITE_BIP_GMAC_256; 1838 case WLAN_CRYPTO_CIPHER_NONE: 1839 return RSN_CIPHER_SUITE_NONE; 1840 } 1841 1842 return status; 1843 } 1844 1845 /* 1846 * Convert an RSN key management/authentication algorithm 1847 * to an internal code. 1848 */ 1849 static int32_t 1850 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 1851 { 1852 int32_t status = -1; 1853 1854 switch (keymgmt) { 1855 case WLAN_CRYPTO_KEY_MGMT_NONE: 1856 return RSN_AUTH_KEY_MGMT_NONE; 1857 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1858 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 1859 case WLAN_CRYPTO_KEY_MGMT_PSK: 1860 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1861 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 1862 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1863 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 1864 return RSN_AUTH_KEY_MGMT_FT_PSK; 1865 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 1866 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1867 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 1868 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1869 case WLAN_CRYPTO_KEY_MGMT_SAE: 1870 return RSN_AUTH_KEY_MGMT_SAE; 1871 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 1872 return RSN_AUTH_KEY_MGMT_FT_SAE; 1873 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 1874 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 1875 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 1876 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 1877 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1878 return RSN_AUTH_KEY_MGMT_CCKM; 1879 case WLAN_CRYPTO_KEY_MGMT_OSEN: 1880 return RSN_AUTH_KEY_MGMT_OSEN; 1881 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 1882 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 1883 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 1884 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 1885 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 1886 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 1887 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 1888 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 1889 case WLAN_CRYPTO_KEY_MGMT_OWE: 1890 return RSN_AUTH_KEY_MGMT_OWE; 1891 case WLAN_CRYPTO_KEY_MGMT_DPP: 1892 return RSN_AUTH_KEY_MGMT_DPP; 1893 } 1894 1895 return status; 1896 } 1897 1898 /* 1899 * Convert an RSN key management/authentication algorithm 1900 * to an internal code. 1901 */ 1902 static int32_t 1903 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 1904 { 1905 int32_t status = -1; 1906 1907 switch (keymgmt) { 1908 case WLAN_CRYPTO_KEY_MGMT_NONE: 1909 return WPA_AUTH_KEY_MGMT_NONE; 1910 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1911 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 1912 case WLAN_CRYPTO_KEY_MGMT_PSK: 1913 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1914 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1915 return WPA_AUTH_KEY_MGMT_CCKM; 1916 } 1917 1918 return status; 1919 } 1920 /** 1921 * Convert a WPA cipher selector OUI to an internal 1922 * cipher algorithm. Where appropriate we also 1923 * record any key length. 1924 */ 1925 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 1926 { 1927 uint32_t w = LE_READ_4(sel); 1928 int32_t status = -1; 1929 1930 switch (w) { 1931 case WPA_CIPHER_SUITE_TKIP: 1932 return WLAN_CRYPTO_CIPHER_TKIP; 1933 case WPA_CIPHER_SUITE_CCMP: 1934 return WLAN_CRYPTO_CIPHER_AES_CCM; 1935 case WPA_CIPHER_SUITE_NONE: 1936 return WLAN_CRYPTO_CIPHER_NONE; 1937 } 1938 1939 return status; 1940 } 1941 1942 /* 1943 * Convert a WPA key management/authentication algorithm 1944 * to an internal code. 1945 */ 1946 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 1947 { 1948 uint32_t w = LE_READ_4(sel); 1949 int32_t status = -1; 1950 1951 switch (w) { 1952 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 1953 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1954 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1955 return WLAN_CRYPTO_KEY_MGMT_PSK; 1956 case WPA_AUTH_KEY_MGMT_CCKM: 1957 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1958 case WPA_AUTH_KEY_MGMT_NONE: 1959 return WLAN_CRYPTO_KEY_MGMT_NONE; 1960 } 1961 return status; 1962 } 1963 1964 /* 1965 * Convert a RSN cipher selector OUI to an internal 1966 * cipher algorithm. Where appropriate we also 1967 * record any key length. 1968 */ 1969 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 1970 { 1971 uint32_t w = LE_READ_4(sel); 1972 int32_t status = -1; 1973 1974 switch (w) { 1975 case RSN_CIPHER_SUITE_TKIP: 1976 return WLAN_CRYPTO_CIPHER_TKIP; 1977 case RSN_CIPHER_SUITE_CCMP: 1978 return WLAN_CRYPTO_CIPHER_AES_CCM; 1979 case RSN_CIPHER_SUITE_CCMP_256: 1980 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 1981 case RSN_CIPHER_SUITE_GCMP: 1982 return WLAN_CRYPTO_CIPHER_AES_GCM; 1983 case RSN_CIPHER_SUITE_GCMP_256: 1984 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 1985 case RSN_CIPHER_SUITE_AES_CMAC: 1986 return WLAN_CRYPTO_CIPHER_AES_CMAC; 1987 case RSN_CIPHER_SUITE_BIP_CMAC_256: 1988 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 1989 case RSN_CIPHER_SUITE_BIP_GMAC_128: 1990 return WLAN_CRYPTO_CIPHER_AES_GMAC; 1991 case RSN_CIPHER_SUITE_BIP_GMAC_256: 1992 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 1993 case RSN_CIPHER_SUITE_NONE: 1994 return WLAN_CRYPTO_CIPHER_NONE; 1995 } 1996 1997 return status; 1998 } 1999 /* 2000 * Convert an RSN key management/authentication algorithm 2001 * to an internal code. 2002 */ 2003 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2004 { 2005 uint32_t w = LE_READ_4(sel); 2006 int32_t status = -1; 2007 2008 switch (w) { 2009 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2010 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2011 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2012 return WLAN_CRYPTO_KEY_MGMT_PSK; 2013 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2014 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2015 case RSN_AUTH_KEY_MGMT_FT_PSK: 2016 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2017 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2018 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2019 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2020 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2021 case RSN_AUTH_KEY_MGMT_SAE: 2022 return WLAN_CRYPTO_KEY_MGMT_SAE; 2023 case RSN_AUTH_KEY_MGMT_FT_SAE: 2024 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2025 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2026 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2027 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2028 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2029 case RSN_AUTH_KEY_MGMT_CCKM: 2030 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2031 case RSN_AUTH_KEY_MGMT_OSEN: 2032 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2033 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2034 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2035 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2036 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2037 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2038 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2039 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2040 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2041 case RSN_AUTH_KEY_MGMT_OWE: 2042 return WLAN_CRYPTO_KEY_MGMT_OWE; 2043 case RSN_AUTH_KEY_MGMT_DPP: 2044 return WLAN_CRYPTO_KEY_MGMT_DPP; 2045 } 2046 2047 return status; 2048 } 2049 2050 /** 2051 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2052 * @crypto params: crypto params 2053 * @iebuf: ie buffer 2054 * 2055 * This function gets called by mlme to check the contents of wpa is 2056 * matching with given crypto params 2057 * 2058 * Return: QDF_STATUS_SUCCESS - in case of success 2059 */ 2060 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2061 uint8_t *frm){ 2062 uint8_t len = frm[1]; 2063 int32_t w; 2064 int n; 2065 2066 /* 2067 * Check the length once for fixed parts: OUI, type, 2068 * version, mcast cipher, and 2 selector counts. 2069 * Other, variable-length data, must be checked separately. 2070 */ 2071 RESET_AUTHMODE(crypto_params); 2072 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2073 2074 if (len < 14) 2075 return QDF_STATUS_E_INVAL; 2076 2077 frm += 6, len -= 4; 2078 2079 w = LE_READ_2(frm); 2080 if (w != WPA_VERSION) 2081 return QDF_STATUS_E_INVAL; 2082 2083 frm += 2, len -= 2; 2084 2085 /* multicast/group cipher */ 2086 RESET_MCAST_CIPHERS(crypto_params); 2087 w = wlan_crypto_wpa_suite_to_cipher(frm); 2088 if (w < 0) 2089 return QDF_STATUS_E_INVAL; 2090 SET_MCAST_CIPHER(crypto_params, w); 2091 frm += 4, len -= 4; 2092 2093 /* unicast ciphers */ 2094 n = LE_READ_2(frm); 2095 frm += 2, len -= 2; 2096 if (len < n*4+2) 2097 return QDF_STATUS_E_INVAL; 2098 2099 RESET_UCAST_CIPHERS(crypto_params); 2100 for (; n > 0; n--) { 2101 w = wlan_crypto_wpa_suite_to_cipher(frm); 2102 if (w < 0) 2103 return QDF_STATUS_E_INVAL; 2104 SET_UCAST_CIPHER(crypto_params, w); 2105 frm += 4, len -= 4; 2106 } 2107 2108 if (!crypto_params->ucastcipherset) 2109 return QDF_STATUS_E_INVAL; 2110 2111 /* key management algorithms */ 2112 n = LE_READ_2(frm); 2113 frm += 2, len -= 2; 2114 if (len < n*4) 2115 return QDF_STATUS_E_INVAL; 2116 2117 w = 0; 2118 RESET_KEY_MGMT(crypto_params); 2119 for (; n > 0; n--) { 2120 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2121 if (w < 0) 2122 return QDF_STATUS_E_INVAL; 2123 SET_KEY_MGMT(crypto_params, w); 2124 frm += 4, len -= 4; 2125 } 2126 2127 /* optional capabilities */ 2128 if (len >= 2) { 2129 crypto_params->rsn_caps = LE_READ_2(frm); 2130 frm += 2, len -= 2; 2131 } 2132 2133 return 0; 2134 } 2135 2136 /** 2137 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2138 * @crypto params: crypto params 2139 * @iebuf: ie buffer 2140 * 2141 * This function gets called by mlme to check the contents of wpa is 2142 * matching with given crypto params 2143 * 2144 * Return: QDF_STATUS_SUCCESS - in case of success 2145 */ 2146 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2147 uint8_t *frm){ 2148 uint8_t len = frm[1]; 2149 int32_t w; 2150 int n; 2151 2152 /* Check the length once for fixed parts: OUI, type & version */ 2153 if (len < 2) 2154 return QDF_STATUS_E_INVAL; 2155 2156 /* initialize crypto params */ 2157 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2158 2159 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2160 2161 frm += 2; 2162 /* NB: iswapoui already validated the OUI and type */ 2163 w = LE_READ_2(frm); 2164 if (w != RSN_VERSION) 2165 return QDF_STATUS_E_INVAL; 2166 2167 frm += 2, len -= 2; 2168 2169 if (!len) { 2170 /* set defaults */ 2171 /* default group cipher CCMP-128 */ 2172 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2173 /* default ucast cipher CCMP-128 */ 2174 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2175 /* default key mgmt 8021x */ 2176 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2177 return QDF_STATUS_SUCCESS; 2178 } else if (len < 4) { 2179 return QDF_STATUS_E_INVAL; 2180 } 2181 2182 /* multicast/group cipher */ 2183 w = wlan_crypto_rsn_suite_to_cipher(frm); 2184 if (w < 0) 2185 return QDF_STATUS_E_INVAL; 2186 else { 2187 SET_MCAST_CIPHER(crypto_params, w); 2188 frm += 4, len -= 4; 2189 } 2190 2191 if (crypto_params->mcastcipherset == 0) 2192 return QDF_STATUS_E_INVAL; 2193 2194 if (!len) { 2195 /* default ucast cipher CCMP-128 */ 2196 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2197 /* default key mgmt 8021x */ 2198 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2199 return QDF_STATUS_SUCCESS; 2200 } else if (len < 2) { 2201 return QDF_STATUS_E_INVAL; 2202 } 2203 2204 /* unicast ciphers */ 2205 n = LE_READ_2(frm); 2206 frm += 2, len -= 2; 2207 if (n) { 2208 if (len < n * 4) 2209 return QDF_STATUS_E_INVAL; 2210 2211 for (; n > 0; n--) { 2212 w = wlan_crypto_rsn_suite_to_cipher(frm); 2213 if (w < 0) 2214 return QDF_STATUS_E_INVAL; 2215 SET_UCAST_CIPHER(crypto_params, w); 2216 frm += 4, len -= 4; 2217 } 2218 } else { 2219 /* default ucast cipher CCMP-128 */ 2220 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2221 } 2222 2223 if (crypto_params->ucastcipherset == 0) 2224 return QDF_STATUS_E_INVAL; 2225 2226 if (!len) { 2227 /* default key mgmt 8021x */ 2228 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2229 return QDF_STATUS_SUCCESS; 2230 } else if (len < 2) { 2231 return QDF_STATUS_E_INVAL; 2232 } 2233 2234 /* key management algorithms */ 2235 n = LE_READ_2(frm); 2236 frm += 2, len -= 2; 2237 2238 if (n) { 2239 if (len < n * 4) 2240 return QDF_STATUS_E_INVAL; 2241 2242 for (; n > 0; n--) { 2243 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2244 if (w < 0) 2245 return QDF_STATUS_E_INVAL; 2246 SET_KEY_MGMT(crypto_params, w); 2247 frm += 4, len -= 4; 2248 } 2249 } else { 2250 /* default key mgmt 8021x */ 2251 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2252 } 2253 2254 if (crypto_params->key_mgmt == 0) 2255 return QDF_STATUS_E_INVAL; 2256 2257 /* optional capabilities */ 2258 if (len >= 2) { 2259 crypto_params->rsn_caps = LE_READ_2(frm); 2260 frm += 2, len -= 2; 2261 } else if (len && len < 2) { 2262 return QDF_STATUS_E_INVAL; 2263 } 2264 2265 2266 /* PMKID */ 2267 if (len >= 2) { 2268 n = LE_READ_2(frm); 2269 frm += 2, len -= 2; 2270 if (n && len) { 2271 if (len >= n * PMKID_LEN) 2272 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2273 else 2274 return QDF_STATUS_E_INVAL; 2275 } else if (n && !len) { 2276 return QDF_STATUS_E_INVAL; 2277 } 2278 /*TODO: Save pmkid in params for further reference */ 2279 } 2280 2281 /* BIP */ 2282 if (!len && 2283 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2284 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2285 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2286 return QDF_STATUS_SUCCESS; 2287 } else if (len >= 4) { 2288 w = wlan_crypto_rsn_suite_to_cipher(frm); 2289 frm += 4, len -= 4; 2290 SET_MGMT_CIPHER(crypto_params, w); 2291 } 2292 2293 return QDF_STATUS_SUCCESS; 2294 } 2295 2296 /** 2297 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2298 * @vdev: vdev 2299 * @iebuf: ie buffer 2300 * 2301 * This function gets called by mlme to build wpaie from given vdev 2302 * 2303 * Return: end of buffer 2304 */ 2305 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2306 uint8_t *iebuf){ 2307 uint8_t *frm = iebuf; 2308 uint8_t *selcnt; 2309 struct wlan_crypto_comp_priv *crypto_priv; 2310 struct wlan_crypto_params *crypto_params; 2311 2312 if (!frm) 2313 return NULL; 2314 2315 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2316 2317 if (!crypto_params) 2318 return NULL; 2319 2320 *frm++ = WLAN_ELEMID_VENDOR; 2321 *frm++ = 0; 2322 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2323 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2324 2325 2326 /* multicast cipher */ 2327 if (MCIPHER_IS_TKIP(crypto_params)) 2328 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2329 else if (MCIPHER_IS_CCMP128(crypto_params)) 2330 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2331 2332 /* unicast cipher list */ 2333 selcnt = frm; 2334 WLAN_CRYPTO_ADDSHORT(frm, 0); 2335 /* do not use CCMP unicast cipher in WPA mode */ 2336 if (UCIPHER_IS_CCMP128(crypto_params)) { 2337 selcnt[0]++; 2338 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2339 } 2340 if (UCIPHER_IS_TKIP(crypto_params)) { 2341 selcnt[0]++; 2342 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2343 } 2344 2345 /* authenticator selector list */ 2346 selcnt = frm; 2347 WLAN_CRYPTO_ADDSHORT(frm, 0); 2348 2349 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2350 selcnt[0]++; 2351 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2352 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2353 selcnt[0]++; 2354 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2355 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2356 selcnt[0]++; 2357 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2358 } else { 2359 selcnt[0]++; 2360 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2361 } 2362 2363 /* optional capabilities */ 2364 if (crypto_params->rsn_caps != 0 && 2365 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2366 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2367 } 2368 2369 /* calculate element length */ 2370 iebuf[1] = frm - iebuf - 2; 2371 2372 return frm; 2373 } 2374 2375 /** 2376 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2377 * @vdev: vdev 2378 * @iebuf: ie buffer 2379 * 2380 * This function gets called by mlme to build rsnie from given vdev 2381 * 2382 * Return: end of buffer 2383 */ 2384 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2385 uint8_t *iebuf){ 2386 uint8_t *frm = iebuf; 2387 uint8_t *selcnt; 2388 struct wlan_crypto_comp_priv *crypto_priv; 2389 struct wlan_crypto_params *crypto_params; 2390 2391 if (!frm) { 2392 return NULL; 2393 } 2394 2395 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2396 2397 if (!crypto_params) { 2398 return NULL; 2399 } 2400 2401 *frm++ = WLAN_ELEMID_RSN; 2402 *frm++ = 0; 2403 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2404 2405 2406 /* multicast cipher */ 2407 if (MCIPHER_IS_TKIP(crypto_params)) 2408 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2409 else if (MCIPHER_IS_CCMP128(crypto_params)) 2410 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2411 else if (MCIPHER_IS_CCMP256(crypto_params)) 2412 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2413 else if (MCIPHER_IS_GCMP128(crypto_params)) 2414 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2415 else if (MCIPHER_IS_GCMP256(crypto_params)) 2416 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2417 2418 /* unicast cipher list */ 2419 selcnt = frm; 2420 WLAN_CRYPTO_ADDSHORT(frm, 0); 2421 2422 if (UCIPHER_IS_CCMP256(crypto_params)) { 2423 selcnt[0]++; 2424 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2425 } 2426 if (UCIPHER_IS_GCMP256(crypto_params)) { 2427 selcnt[0]++; 2428 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2429 } 2430 if (UCIPHER_IS_CCMP128(crypto_params)) { 2431 selcnt[0]++; 2432 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2433 } 2434 if (UCIPHER_IS_GCMP128(crypto_params)) { 2435 selcnt[0]++; 2436 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2437 } 2438 if (UCIPHER_IS_TKIP(crypto_params)) { 2439 selcnt[0]++; 2440 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2441 } 2442 2443 /* authenticator selector list */ 2444 selcnt = frm; 2445 WLAN_CRYPTO_ADDSHORT(frm, 0); 2446 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2447 selcnt[0]++; 2448 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2449 /* Other key mgmt should not be added after CCKM */ 2450 goto add_rsn_caps; 2451 } 2452 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2453 selcnt[0]++; 2454 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2455 } 2456 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2457 selcnt[0]++; 2458 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2459 } 2460 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2461 selcnt[0]++; 2462 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2463 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2464 } 2465 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2466 selcnt[0]++; 2467 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2468 } 2469 if (HAS_KEY_MGMT(crypto_params, 2470 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2471 selcnt[0]++; 2472 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2473 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2474 } 2475 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2476 selcnt[0]++; 2477 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2478 } 2479 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2480 selcnt[0]++; 2481 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2482 } 2483 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2484 selcnt[0]++; 2485 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2486 } 2487 if (HAS_KEY_MGMT(crypto_params, 2488 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2489 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2490 2491 selcnt[0]++; 2492 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2493 } 2494 if (HAS_KEY_MGMT(crypto_params, 2495 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2496 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2497 2498 selcnt[0]++; 2499 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2500 } 2501 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2502 selcnt[0]++; 2503 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2504 } 2505 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2506 selcnt[0]++; 2507 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2508 } 2509 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2510 selcnt[0]++; 2511 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2512 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2513 } 2514 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2515 selcnt[0]++; 2516 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2517 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2518 } 2519 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2520 selcnt[0]++; 2521 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2522 } 2523 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 2524 selcnt[0]++; 2525 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 2526 } 2527 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2528 selcnt[0]++; 2529 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 2530 } 2531 add_rsn_caps: 2532 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2533 /* optional capabilities */ 2534 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2535 /* PMK list */ 2536 WLAN_CRYPTO_ADDSHORT(frm, 0); 2537 if (HAS_MGMT_CIPHER(crypto_params, 2538 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2539 RSN_ADD_CIPHER_TO_SUITE(frm, 2540 WLAN_CRYPTO_CIPHER_AES_CMAC); 2541 } 2542 if (HAS_MGMT_CIPHER(crypto_params, 2543 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2544 RSN_ADD_CIPHER_TO_SUITE(frm, 2545 WLAN_CRYPTO_CIPHER_AES_GMAC); 2546 } 2547 if (HAS_MGMT_CIPHER(crypto_params, 2548 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2549 RSN_ADD_CIPHER_TO_SUITE(frm, 2550 WLAN_CRYPTO_CIPHER_AES_CMAC_256 2551 ); 2552 } 2553 2554 if (HAS_MGMT_CIPHER(crypto_params, 2555 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2556 RSN_ADD_CIPHER_TO_SUITE(frm, 2557 WLAN_CRYPTO_CIPHER_AES_GMAC_256 2558 ); 2559 } 2560 } 2561 2562 /* calculate element length */ 2563 iebuf[1] = frm - iebuf - 2; 2564 2565 return frm; 2566 } 2567 2568 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2569 struct wlan_crypto_params *crypto_params){ 2570 struct wlan_crypto_params *my_crypto_params; 2571 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2572 2573 if (!my_crypto_params) 2574 return false; 2575 /* 2576 * Check peer's pairwise ciphers. 2577 * At least one must match with our unicast cipher 2578 */ 2579 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2580 return false; 2581 /* 2582 * Check peer's group cipher is our enabled multicast cipher. 2583 */ 2584 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2585 return false; 2586 /* 2587 * Check peer's key management class set (PSK or UNSPEC) 2588 */ 2589 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) 2590 return false; 2591 2592 return true; 2593 } 2594 2595 /* 2596 * Convert an WAPI CIPHER suite to to an internal code. 2597 */ 2598 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2599 { 2600 uint32_t w = LE_READ_4(sel); 2601 int32_t status = -1; 2602 2603 switch (w) { 2604 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2605 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2606 } 2607 2608 return status; 2609 } 2610 2611 /* 2612 * Convert an WAPI key management/authentication algorithm 2613 * to an internal code. 2614 */ 2615 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2616 { 2617 uint32_t w = LE_READ_4(sel); 2618 int32_t status = -1; 2619 2620 switch (w) { 2621 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2622 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2623 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2624 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2625 } 2626 2627 return status; 2628 } 2629 /** 2630 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2631 * @crypto params: crypto params 2632 * @iebuf: ie buffer 2633 * 2634 * This function gets called by mlme to check the contents of wapi is 2635 * matching with given crypto params 2636 * 2637 * Return: QDF_STATUS_SUCCESS - in case of success 2638 */ 2639 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2640 uint8_t *frm) 2641 { 2642 uint8_t len = frm[1]; 2643 int32_t w; 2644 int n; 2645 2646 /* 2647 * Check the length once for fixed parts: OUI, type, 2648 * version, mcast cipher, and 2 selector counts. 2649 * Other, variable-length data, must be checked separately. 2650 */ 2651 RESET_AUTHMODE(crypto_params); 2652 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2653 2654 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2655 return QDF_STATUS_E_INVAL; 2656 2657 2658 frm += 2; 2659 2660 w = LE_READ_2(frm); 2661 frm += 2, len -= 2; 2662 if (w != WAPI_VERSION) 2663 return QDF_STATUS_E_INVAL; 2664 2665 n = LE_READ_2(frm); 2666 frm += 2, len -= 2; 2667 if (len < n*4+2) 2668 return QDF_STATUS_E_INVAL; 2669 2670 RESET_KEY_MGMT(crypto_params); 2671 for (; n > 0; n--) { 2672 w = wlan_crypto_wapi_keymgmt(frm); 2673 if (w < 0) 2674 return QDF_STATUS_E_INVAL; 2675 2676 SET_KEY_MGMT(crypto_params, w); 2677 frm += 4, len -= 4; 2678 } 2679 2680 /* unicast ciphers */ 2681 n = LE_READ_2(frm); 2682 frm += 2, len -= 2; 2683 if (len < n*4+2) 2684 return QDF_STATUS_E_INVAL; 2685 2686 RESET_UCAST_CIPHERS(crypto_params); 2687 for (; n > 0; n--) { 2688 w = wlan_crypto_wapi_suite_to_cipher(frm); 2689 if (w < 0) 2690 return QDF_STATUS_E_INVAL; 2691 SET_UCAST_CIPHER(crypto_params, w); 2692 frm += 4, len -= 4; 2693 } 2694 2695 if (!crypto_params->ucastcipherset) 2696 return QDF_STATUS_E_INVAL; 2697 2698 /* multicast/group cipher */ 2699 RESET_MCAST_CIPHERS(crypto_params); 2700 w = wlan_crypto_wapi_suite_to_cipher(frm); 2701 2702 if (w < 0) 2703 return QDF_STATUS_E_INVAL; 2704 2705 SET_MCAST_CIPHER(crypto_params, w); 2706 frm += 4, len -= 4; 2707 2708 return QDF_STATUS_SUCCESS; 2709 } 2710 2711 /** 2712 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2713 * @vdev: vdev 2714 * @iebuf: ie buffer 2715 * 2716 * This function gets called by mlme to build wapi ie from given vdev 2717 * 2718 * Return: end of buffer 2719 */ 2720 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2721 uint8_t *iebuf) 2722 { 2723 uint8_t *frm; 2724 uint8_t *selcnt; 2725 struct wlan_crypto_comp_priv *crypto_priv; 2726 struct wlan_crypto_params *crypto_params; 2727 2728 frm = iebuf; 2729 if (!frm) { 2730 crypto_err("ie buffer NULL"); 2731 return NULL; 2732 } 2733 2734 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2735 2736 if (!crypto_params) { 2737 crypto_err("crypto_params NULL"); 2738 return NULL; 2739 } 2740 2741 *frm++ = WLAN_ELEMID_WAPI; 2742 *frm++ = 0; 2743 2744 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 2745 2746 /* authenticator selector list */ 2747 selcnt = frm; 2748 WLAN_CRYPTO_ADDSHORT(frm, 0); 2749 2750 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 2751 selcnt[0]++; 2752 WLAN_CRYPTO_ADDSELECTOR(frm, 2753 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 2754 } 2755 2756 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 2757 selcnt[0]++; 2758 WLAN_CRYPTO_ADDSELECTOR(frm, 2759 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 2760 } 2761 2762 /* unicast cipher list */ 2763 selcnt = frm; 2764 WLAN_CRYPTO_ADDSHORT(frm, 0); 2765 2766 if (UCIPHER_IS_SMS4(crypto_params)) { 2767 selcnt[0]++; 2768 WLAN_CRYPTO_ADDSELECTOR(frm, 2769 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2770 } 2771 2772 WLAN_CRYPTO_ADDSELECTOR(frm, 2773 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2774 2775 /* optional capabilities */ 2776 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2777 2778 /* calculate element length */ 2779 iebuf[1] = frm - iebuf - 2; 2780 2781 return frm; 2782 2783 } 2784 2785 /** 2786 * wlan_crypto_pn_check - called by data patch for PN check 2787 * @vdev: vdev 2788 * @wbuf: wbuf 2789 * 2790 * This function gets called by data patch for PN check 2791 * 2792 * Return: QDF_STATUS 2793 */ 2794 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 2795 qdf_nbuf_t wbuf){ 2796 /* Need to check is there real requirement for this function 2797 * as PN check is already handled in decap function. 2798 */ 2799 return QDF_STATUS_SUCCESS; 2800 } 2801 2802 /** 2803 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 2804 * @vdev:vdev 2805 * 2806 * This function gets called by mlme to get crypto params 2807 * 2808 * Return: wlan_crypto_params or NULL in case of failure 2809 */ 2810 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 2811 struct wlan_objmgr_vdev *vdev){ 2812 struct wlan_crypto_comp_priv *crypto_priv; 2813 2814 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2815 } 2816 2817 /** 2818 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 2819 * @peer:peer 2820 * 2821 * This function gets called by mlme to get crypto params 2822 * 2823 * Return: wlan_crypto_params or NULL in case of failure 2824 */ 2825 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 2826 struct wlan_objmgr_peer *peer){ 2827 struct wlan_crypto_comp_priv *crypto_priv; 2828 2829 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 2830 } 2831 2832 2833 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 2834 struct wlan_objmgr_peer *peer) 2835 { 2836 struct wlan_crypto_comp_priv *crypto_priv; 2837 struct wlan_crypto_comp_priv *sta_crypto_priv; 2838 struct wlan_crypto_params *crypto_params; 2839 struct wlan_crypto_key *key; 2840 struct wlan_crypto_key *sta_key; 2841 struct wlan_crypto_cipher *cipher_table; 2842 struct wlan_objmgr_psoc *psoc; 2843 uint8_t *mac_addr; 2844 int i; 2845 enum QDF_OPMODE opmode; 2846 2847 if (!vdev) 2848 return QDF_STATUS_E_NULL_VALUE; 2849 2850 if (!peer) { 2851 crypto_err("peer NULL"); 2852 return QDF_STATUS_E_INVAL; 2853 } 2854 2855 opmode = wlan_vdev_mlme_get_opmode(vdev); 2856 psoc = wlan_vdev_get_psoc(vdev); 2857 2858 if (!psoc) { 2859 crypto_err("psoc NULL"); 2860 return QDF_STATUS_E_NULL_VALUE; 2861 } 2862 2863 wlan_peer_obj_lock(peer); 2864 mac_addr = wlan_peer_get_macaddr(peer); 2865 wlan_peer_obj_unlock(peer); 2866 2867 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2868 &crypto_priv); 2869 if (crypto_priv == NULL) { 2870 crypto_err("crypto_priv NULL"); 2871 return QDF_STATUS_E_NULL_VALUE; 2872 } 2873 2874 /* push only valid static WEP keys from vap */ 2875 if (AUTH_IS_8021X(crypto_params)) 2876 return QDF_STATUS_E_INVAL; 2877 2878 if (opmode == QDF_STA_MODE) { 2879 peer = wlan_vdev_get_bsspeer(vdev); 2880 if (!peer) { 2881 crypto_err("peer NULL"); 2882 return QDF_STATUS_E_INVAL; 2883 } 2884 } 2885 2886 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 2887 if (sta_crypto_priv == NULL) { 2888 crypto_err("sta priv is null"); 2889 return QDF_STATUS_E_INVAL; 2890 } 2891 2892 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 2893 if (crypto_priv->key[i]) { 2894 key = crypto_priv->key[i]; 2895 if (!key || !key->valid) 2896 continue; 2897 2898 cipher_table = (struct wlan_crypto_cipher *) 2899 key->cipher_table; 2900 2901 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 2902 sta_key = qdf_mem_malloc( 2903 sizeof(struct wlan_crypto_key)); 2904 if (!sta_key) { 2905 crypto_err("key alloc failed"); 2906 return QDF_STATUS_E_NOMEM; 2907 } 2908 sta_crypto_priv->key[i] = sta_key; 2909 qdf_mem_copy(sta_key, key, 2910 sizeof(struct wlan_crypto_key)); 2911 2912 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 2913 2914 if (crypto_priv->def_tx_keyid == i) { 2915 sta_key->flags 2916 |= WLAN_CRYPTO_KEY_DEFAULT; 2917 sta_crypto_priv->def_tx_keyid = 2918 crypto_priv->def_tx_keyid; 2919 } 2920 /* setting the broadcast/multicast key for sta*/ 2921 if (opmode == QDF_STA_MODE || 2922 opmode == QDF_IBSS_MODE){ 2923 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2924 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 2925 vdev, sta_key, mac_addr, 2926 cipher_table->cipher); 2927 } 2928 } 2929 2930 /* setting unicast key */ 2931 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 2932 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2933 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 2934 sta_key, mac_addr, 2935 cipher_table->cipher); 2936 } 2937 } 2938 } 2939 } 2940 2941 return QDF_STATUS_SUCCESS; 2942 } 2943 2944 /** 2945 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 2946 * @crypto_rx_ops: crypto_rx_ops 2947 * 2948 * This function gets called by object manger to register crypto rx ops. 2949 * 2950 * Return: QDF_STATUS 2951 */ 2952 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 2953 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 2954 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 2955 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 2956 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 2957 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 2958 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 2959 2960 return QDF_STATUS_SUCCESS; 2961 } 2962 2963 /** 2964 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 2965 * @psoc: psoc 2966 * 2967 * This function gets called by umac to get the crypto_rx_ops 2968 * 2969 * Return: crypto_rx_ops 2970 */ 2971 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 2972 struct wlan_objmgr_psoc *psoc) 2973 { 2974 2975 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 2976 } 2977 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 2978 2979 /** 2980 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 2981 * @vdev: vdev 2982 * @authvalue: authvalue to be checked 2983 * 2984 * This function check is authvalue passed is set in vdev or not 2985 * 2986 * Return: true or false 2987 */ 2988 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 2989 wlan_crypto_auth_mode authvalue) 2990 { 2991 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 2992 & authvalue; 2993 } 2994 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 2995 2996 /** 2997 * wlan_crypto_peer_has_auth_mode - check authmode for peer 2998 * @peer: peer 2999 * @authvalue: authvalue to be checked 3000 * 3001 * This function check is authvalue passed is set in peer or not 3002 * 3003 * Return: true or false 3004 */ 3005 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3006 wlan_crypto_auth_mode authvalue) 3007 { 3008 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3009 & authvalue; 3010 } 3011 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3012 3013 /** 3014 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3015 * @vdev: vdev 3016 * @ucastcipher: ucastcipher to be checked 3017 * 3018 * This function check is ucastcipher passed is set in vdev or not 3019 * 3020 * Return: true or false 3021 */ 3022 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3023 wlan_crypto_cipher_type ucastcipher) 3024 { 3025 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3026 & ucastcipher; 3027 } 3028 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3029 3030 /** 3031 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3032 * @peer: peer 3033 * @ucastcipher: ucastcipher to be checked 3034 * 3035 * This function check is ucastcipher passed is set in peer or not 3036 * 3037 * Return: true or false 3038 */ 3039 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3040 wlan_crypto_cipher_type ucastcipher) 3041 { 3042 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3043 & ucastcipher; 3044 } 3045 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3046 3047 /** 3048 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3049 * @vdev: vdev 3050 * @mcastcipher: mcastcipher to be checked 3051 * 3052 * This function check is mcastcipher passed is set in vdev or not 3053 * 3054 * Return: true or false 3055 */ 3056 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3057 wlan_crypto_cipher_type mcastcipher) 3058 { 3059 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3060 & mcastcipher; 3061 } 3062 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3063 3064 /** 3065 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3066 * @peer: peer 3067 * @mcastcipher: mcastcipher to be checked 3068 * 3069 * This function check is mcastcipher passed is set in peer or not 3070 * 3071 * Return: true or false 3072 */ 3073 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3074 wlan_crypto_cipher_type mcastcipher) 3075 { 3076 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3077 & mcastcipher; 3078 } 3079 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3080 3081 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3082 { 3083 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3084 3085 if (!peer) { 3086 crypto_err("Invalid Input"); 3087 return 0; 3088 } 3089 3090 crypto_priv = wlan_get_peer_crypto_obj(peer); 3091 if (!crypto_priv) { 3092 crypto_err("crypto_priv NULL"); 3093 return 0; 3094 } 3095 3096 return crypto_priv->fils_aead_set; 3097 } 3098 3099 void 3100 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3101 { 3102 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3103 3104 if (!peer) { 3105 crypto_err("Invalid Input"); 3106 return; 3107 } 3108 3109 crypto_priv = wlan_get_peer_crypto_obj(peer); 3110 if (!crypto_priv) { 3111 crypto_err("crypto_priv NULL"); 3112 return; 3113 } 3114 3115 crypto_priv->fils_aead_set = value; 3116 } 3117 3118 /** 3119 * wlan_crypto_get_key_header - get header length 3120 * @key: key 3121 * 3122 * This function gets header length based on keytype 3123 * 3124 * Return: header length 3125 */ 3126 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3127 { 3128 struct wlan_crypto_cipher *cipher_table; 3129 3130 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3131 if (cipher_table) 3132 return cipher_table->header; 3133 else 3134 return 0; 3135 } 3136 3137 qdf_export_symbol(wlan_crypto_get_key_header); 3138 3139 /** 3140 * wlan_crypto_get_key_trailer - get cipher trailer length 3141 * @key: key 3142 * 3143 * This function gets cipher trailer length based on keytype 3144 * 3145 * Return: cipher trailer length 3146 */ 3147 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3148 { 3149 struct wlan_crypto_cipher *cipher_table; 3150 3151 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3152 if (cipher_table) 3153 return cipher_table->trailer; 3154 else 3155 return 0; 3156 } 3157 3158 qdf_export_symbol(wlan_crypto_get_key_trailer); 3159 3160 /** 3161 * wlan_crypto_get_key_miclen - get cipher miclen length 3162 * @key: key 3163 * 3164 * This function gets cipher miclen length based on keytype 3165 * 3166 * Return: cipher miclen length 3167 */ 3168 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3169 { 3170 struct wlan_crypto_cipher *cipher_table; 3171 3172 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3173 if (cipher_table) 3174 return cipher_table->miclen; 3175 else 3176 return 0; 3177 } 3178 3179 qdf_export_symbol(wlan_crypto_get_key_miclen); 3180 3181 /** 3182 * wlan_crypto_get_keyid - get keyid from frame 3183 * @data: frame 3184 * 3185 * This function parse frame and returns keyid 3186 * 3187 * Return: keyid 3188 */ 3189 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3190 { 3191 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)data; 3192 uint8_t *iv; 3193 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->frame_control[0]); 3194 3195 /* 3196 * In FILS SK (Re)Association request/response frame has 3197 * to be decrypted 3198 */ 3199 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3200 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3201 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3202 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3203 return 0; 3204 } 3205 3206 if (hdr->frame_control[1] & WLAN_FC1_ISWEP) { 3207 iv = data + hdrlen; 3208 /* 3209 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3210 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3211 */ 3212 return ((iv[3] >> 6) & 0x3); 3213 } else { 3214 return WLAN_CRYPTO_KEYIX_NONE; 3215 } 3216 } 3217 3218 qdf_export_symbol(wlan_crypto_get_keyid); 3219 3220 /** 3221 * crypto_plumb_peer_keys - called during radio reset 3222 * @vdev: vdev 3223 * @object: peer 3224 * @arg: psoc 3225 * 3226 * Restore unicast and persta hardware keys 3227 * 3228 * Return: void 3229 */ 3230 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3231 void *object, void *arg) { 3232 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3233 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3234 struct wlan_crypto_comp_priv *crypto_priv; 3235 struct wlan_crypto_params *crypto_params; 3236 struct wlan_crypto_key *key = NULL; 3237 int i; 3238 3239 if ((NULL == peer) || (NULL == vdev) || (NULL == psoc)) { 3240 crypto_err("Peer or vdev or psoc objects are null!"); 3241 return; 3242 } 3243 3244 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3245 &crypto_priv); 3246 3247 if (!crypto_priv) { 3248 crypto_err("crypto_priv NULL"); 3249 return; 3250 } 3251 3252 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3253 key = crypto_priv->key[i]; 3254 if (key && key->valid) { 3255 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3256 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3257 ( 3258 vdev, 3259 key, 3260 wlan_peer_get_macaddr(peer), 3261 wlan_crypto_get_key_type(key) 3262 ); 3263 } 3264 } 3265 } 3266 } 3267 3268 /** 3269 * wlan_crypto_restore_keys - called during radio reset 3270 * @vdev: vdev 3271 * 3272 * Clear and restore keycache, needed for some DA chipsets which put 3273 * random values in keycache when phy reset is triggered 3274 * 3275 * Return: void 3276 */ 3277 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3278 { 3279 int i; 3280 struct wlan_crypto_comp_priv *crypto_priv; 3281 struct wlan_crypto_params *crypto_params; 3282 struct wlan_crypto_key *key; 3283 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3284 struct wlan_objmgr_pdev *pdev = NULL; 3285 struct wlan_objmgr_psoc *psoc = NULL; 3286 3287 pdev = wlan_vdev_get_pdev(vdev); 3288 psoc = wlan_vdev_get_psoc(vdev); 3289 if (NULL == pdev) { 3290 crypto_err("pdev is NULL"); 3291 return; 3292 } 3293 if (NULL == psoc) { 3294 crypto_err("psoc is NULL"); 3295 return; 3296 } 3297 3298 /* TBD: QWRAP key restore*/ 3299 /* crypto is on */ 3300 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3301 /* restore static shared keys */ 3302 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3303 crypto_params = wlan_crypto_vdev_get_comp_params 3304 ( 3305 vdev, 3306 &crypto_priv 3307 ); 3308 if (!crypto_priv) { 3309 crypto_err("crypto_priv is NULL"); 3310 return; 3311 } 3312 key = crypto_priv->key[i]; 3313 if (key && key->valid) { 3314 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3315 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3316 ( 3317 vdev, 3318 key, 3319 macaddr, 3320 wlan_crypto_get_key_type(key) 3321 ); 3322 } 3323 } 3324 } 3325 3326 wlan_objmgr_iterate_peerobj_list(vdev, 3327 crypto_plumb_peer_keys, 3328 psoc, 3329 WLAN_CRYPTO_ID); 3330 } 3331 } 3332