1 /* 2 * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 static int is_valid_keyix(uint16_t keyix) 59 { 60 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 61 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 62 return 0; 63 else 64 return 1; 65 } 66 67 static int is_igtk(uint16_t keyix) 68 { 69 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 70 return 0; 71 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 72 return 0; 73 else 74 return 1; 75 } 76 77 static int is_bigtk(uint16_t keyix) 78 { 79 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 80 return 0; 81 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 82 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 83 return 0; 84 else 85 return 1; 86 } 87 88 /** 89 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 90 * @vdev:vdev 91 * 92 * This function gets called by mlme to get crypto params 93 * 94 * Return: wlan_crypto_params or NULL in case of failure 95 */ 96 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 97 struct wlan_objmgr_vdev *vdev, 98 struct wlan_crypto_comp_priv **crypto_priv){ 99 *crypto_priv = (struct wlan_crypto_comp_priv *) 100 wlan_get_vdev_crypto_obj(vdev); 101 if (!(*crypto_priv)) { 102 crypto_err("crypto_priv NULL"); 103 return NULL; 104 } 105 106 return &((*crypto_priv)->crypto_params); 107 } 108 109 /** 110 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 111 * @peer:peer 112 * 113 * This function gets called by mlme to get crypto params 114 * 115 * Return: wlan_crypto_params or NULL in case of failure 116 */ 117 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 118 struct wlan_objmgr_peer *peer, 119 struct wlan_crypto_comp_priv **crypto_priv){ 120 121 *crypto_priv = (struct wlan_crypto_comp_priv *) 122 wlan_get_peer_crypto_obj(peer); 123 if (!*crypto_priv) { 124 crypto_err("crypto_priv NULL"); 125 return NULL; 126 } 127 128 return &((*crypto_priv)->crypto_params); 129 } 130 131 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 132 { 133 return QDF_STATUS_SUCCESS; 134 } 135 136 /** 137 * wlan_crypto_set_param - called by ucfg to set crypto param 138 * @crypto_params: crypto_params 139 * @param: param to be set. 140 * @value: value 141 * 142 * This function gets called from ucfg to set param 143 * 144 * Return: QDF_STATUS_SUCCESS - in case of success 145 */ 146 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 147 wlan_crypto_param_type param, 148 uint32_t value){ 149 QDF_STATUS status = QDF_STATUS_E_INVAL; 150 151 crypto_debug("param %d, value %d", param, value); 152 switch (param) { 153 case WLAN_CRYPTO_PARAM_AUTH_MODE: 154 status = wlan_crypto_set_authmode(crypto_params, value); 155 break; 156 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 157 status = wlan_crypto_set_ucastciphers(crypto_params, value); 158 break; 159 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 160 status = wlan_crypto_set_mcastcipher(crypto_params, value); 161 break; 162 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 163 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 164 break; 165 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 166 status = wlan_crypto_set_cipher_cap(crypto_params, value); 167 break; 168 case WLAN_CRYPTO_PARAM_RSN_CAP: 169 status = wlan_crypto_set_rsn_cap(crypto_params, value); 170 break; 171 case WLAN_CRYPTO_PARAM_KEY_MGMT: 172 status = wlan_crypto_set_key_mgmt(crypto_params, value); 173 break; 174 default: 175 status = QDF_STATUS_E_INVAL; 176 } 177 return status; 178 } 179 180 /** 181 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 182 * @vdev: vdev 183 * @param: param to be set. 184 * @value: value 185 * 186 * This function gets called from ucfg to set param 187 * 188 * Return: QDF_STATUS_SUCCESS - in case of success 189 */ 190 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 191 wlan_crypto_param_type param, 192 uint32_t value){ 193 QDF_STATUS status = QDF_STATUS_E_INVAL; 194 struct wlan_crypto_comp_priv *crypto_priv; 195 struct wlan_crypto_params *crypto_params; 196 197 crypto_priv = (struct wlan_crypto_comp_priv *) 198 wlan_get_vdev_crypto_obj(vdev); 199 200 if (!crypto_priv) { 201 crypto_err("crypto_priv NULL"); 202 return QDF_STATUS_E_INVAL; 203 } 204 205 crypto_params = &(crypto_priv->crypto_params); 206 207 status = wlan_crypto_set_param(crypto_params, param, value); 208 209 return status; 210 } 211 212 /** 213 * wlan_crypto_set_param - called by ucfg to set crypto param 214 * 215 * @peer: peer 216 * @param: param to be set. 217 * @value: value 218 * 219 * This function gets called from ucfg to set param 220 * 221 * Return: QDF_STATUS_SUCCESS - in case of success 222 */ 223 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 224 wlan_crypto_param_type param, 225 uint32_t value){ 226 QDF_STATUS status = QDF_STATUS_E_INVAL; 227 struct wlan_crypto_comp_priv *crypto_priv; 228 struct wlan_crypto_params *crypto_params; 229 230 crypto_params = wlan_crypto_peer_get_comp_params(peer, 231 &crypto_priv); 232 233 if (!crypto_priv) { 234 crypto_err("crypto_priv NULL"); 235 return QDF_STATUS_E_INVAL; 236 } 237 238 crypto_params = &(crypto_priv->crypto_params); 239 240 status = wlan_crypto_set_param(crypto_params, param, value); 241 242 return status; 243 } 244 245 /** 246 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 247 * @param: Crypto param type 248 * @crypto_params: Crypto params struct 249 * 250 * This function gets called from in-within crypto layer 251 * 252 * Return: value or -1 for failure 253 */ 254 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 255 struct wlan_crypto_params *crypto_params) 256 { 257 int32_t value; 258 259 switch (param) { 260 case WLAN_CRYPTO_PARAM_AUTH_MODE: 261 value = wlan_crypto_get_authmode(crypto_params); 262 break; 263 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 264 value = wlan_crypto_get_ucastciphers(crypto_params); 265 break; 266 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 267 value = wlan_crypto_get_mcastcipher(crypto_params); 268 break; 269 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 270 value = wlan_crypto_get_mgmtciphers(crypto_params); 271 break; 272 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 273 value = wlan_crypto_get_cipher_cap(crypto_params); 274 break; 275 case WLAN_CRYPTO_PARAM_RSN_CAP: 276 value = wlan_crypto_get_rsn_cap(crypto_params); 277 break; 278 case WLAN_CRYPTO_PARAM_KEY_MGMT: 279 value = wlan_crypto_get_key_mgmt(crypto_params); 280 break; 281 default: 282 value = -1; 283 } 284 285 return value; 286 } 287 288 /** 289 * wlan_crypto_get_param - called to get value for param from vdev 290 * @vdev: vdev 291 * @param: Crypto param type 292 * 293 * This function gets called to get value for param from vdev 294 * 295 * Return: value or -1 for failure 296 */ 297 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 298 wlan_crypto_param_type param) 299 { 300 int32_t value = -1; 301 struct wlan_crypto_comp_priv *crypto_priv; 302 struct wlan_crypto_params *crypto_params; 303 crypto_priv = (struct wlan_crypto_comp_priv *) 304 wlan_get_vdev_crypto_obj(vdev); 305 306 if (!crypto_priv) { 307 crypto_err("crypto_priv NULL"); 308 return value; 309 } 310 311 crypto_params = &(crypto_priv->crypto_params); 312 value = wlan_crypto_get_param_value(param, crypto_params); 313 314 return value; 315 } 316 /** 317 * wlan_crypto_get_peer_param - called to get value for param from peer 318 * @peer: peer 319 * @param: Crypto param type 320 * 321 * This function gets called to get value for param from peer 322 * 323 * Return: value or -1 for failure 324 */ 325 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 326 wlan_crypto_param_type param) 327 { 328 int32_t value = -1; 329 struct wlan_crypto_comp_priv *crypto_priv; 330 struct wlan_crypto_params *crypto_params; 331 332 crypto_params = wlan_crypto_peer_get_comp_params(peer, 333 &crypto_priv); 334 335 if (!crypto_params) { 336 crypto_err("crypto_params NULL"); 337 return value; 338 } 339 value = wlan_crypto_get_param_value(param, crypto_params); 340 341 return value; 342 } 343 qdf_export_symbol(wlan_crypto_get_peer_param); 344 345 static 346 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 347 struct wlan_crypto_pmksa *pmksa); 348 349 static 350 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 351 struct wlan_crypto_pmksa *pmksa) 352 { 353 uint8_t i, first_available_slot = 0; 354 bool slot_found = false; 355 356 /* Delete the old entry and then Add new entry */ 357 wlan_crypto_del_pmksa(crypto_params, pmksa); 358 359 /* find the empty slot as duplicate is already deleted */ 360 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 361 if (!crypto_params->pmksa[i]) { 362 slot_found = true; 363 first_available_slot = i; 364 break; 365 } 366 } 367 368 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 369 crypto_err("no entry available for pmksa"); 370 return QDF_STATUS_E_INVAL; 371 } 372 crypto_params->pmksa[first_available_slot] = pmksa; 373 374 return QDF_STATUS_SUCCESS; 375 } 376 377 static 378 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 379 struct wlan_crypto_pmksa *pmksa) 380 { 381 uint8_t i, j; 382 bool match_found = false; 383 u8 del_pmk[MAX_PMK_LEN] = {0}; 384 385 /* find slot with same bssid */ 386 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 387 if (!crypto_params->pmksa[i]) 388 continue; 389 if (qdf_is_macaddr_equal(&pmksa->bssid, 390 &crypto_params->pmksa[i]->bssid)) { 391 match_found = true; 392 } else if (pmksa->ssid_len && 393 !qdf_mem_cmp(pmksa->ssid, 394 crypto_params->pmksa[i]->ssid, 395 pmksa->ssid_len) && 396 !qdf_mem_cmp(pmksa->cache_id, 397 crypto_params->pmksa[i]->cache_id, 398 WLAN_CACHE_ID_LEN)) { 399 match_found = true; 400 } 401 402 if (match_found) { 403 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 404 crypto_params->pmksa[i]->pmk_len); 405 /* Free matching entry */ 406 qdf_mem_zero(crypto_params->pmksa[i], 407 sizeof(struct wlan_crypto_pmksa)); 408 qdf_mem_free(crypto_params->pmksa[i]); 409 crypto_params->pmksa[i] = NULL; 410 411 /* Find and remove the entries matching the pmk */ 412 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 413 if (!crypto_params->pmksa[j]) 414 continue; 415 if (crypto_params->pmksa[j]->pmk_len && 416 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 417 del_pmk, 418 crypto_params->pmksa[j]->pmk_len))) { 419 qdf_mem_zero(crypto_params->pmksa[j], 420 sizeof(struct wlan_crypto_pmksa)); 421 qdf_mem_free(crypto_params->pmksa[j]); 422 crypto_params->pmksa[j] = NULL; 423 } 424 } 425 /* reset stored pmk */ 426 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 427 428 return QDF_STATUS_SUCCESS; 429 } 430 } 431 432 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 433 crypto_debug("No such pmksa entry exists"); 434 435 return QDF_STATUS_SUCCESS; 436 } 437 438 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 439 { 440 uint8_t i; 441 442 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 443 if (!crypto_params->pmksa[i]) 444 continue; 445 qdf_mem_zero(crypto_params->pmksa[i], 446 sizeof(struct wlan_crypto_pmksa)); 447 qdf_mem_free(crypto_params->pmksa[i]); 448 crypto_params->pmksa[i] = NULL; 449 } 450 451 return QDF_STATUS_SUCCESS; 452 } 453 454 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 455 struct wlan_crypto_pmksa *pmksa, 456 bool set) 457 { 458 QDF_STATUS status = QDF_STATUS_E_INVAL; 459 struct wlan_crypto_comp_priv *crypto_priv; 460 struct wlan_crypto_params *crypto_params; 461 enum QDF_OPMODE op_mode; 462 463 op_mode = wlan_vdev_mlme_get_opmode(vdev); 464 465 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 466 return QDF_STATUS_E_NOSUPPORT; 467 468 if (!pmksa && set) { 469 crypto_err("pmksa is NULL for set operation"); 470 return QDF_STATUS_E_INVAL; 471 } 472 crypto_priv = (struct wlan_crypto_comp_priv *) 473 wlan_get_vdev_crypto_obj(vdev); 474 475 if (!crypto_priv) { 476 crypto_err("crypto_priv NULL"); 477 return QDF_STATUS_E_INVAL; 478 } 479 480 crypto_params = &crypto_priv->crypto_params; 481 if (set) { 482 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 483 /* Set pmksa */ 484 } else { 485 /* del pmksa */ 486 if (!pmksa) 487 status = wlan_crypto_pmksa_flush(crypto_params); 488 else 489 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 490 } 491 492 return status; 493 } 494 495 struct wlan_crypto_pmksa * 496 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 497 struct wlan_crypto_pmksa *pmksa) 498 { 499 struct wlan_crypto_comp_priv *crypto_priv; 500 struct wlan_crypto_params *crypto_params; 501 uint8_t i; 502 503 if (!pmksa) { 504 crypto_err("pmksa is NULL"); 505 return NULL; 506 } 507 crypto_priv = (struct wlan_crypto_comp_priv *) 508 wlan_get_vdev_crypto_obj(vdev); 509 510 if (!crypto_priv) { 511 crypto_err("crypto_priv NULL"); 512 return NULL; 513 } 514 515 crypto_params = &crypto_priv->crypto_params; 516 517 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 518 if (!crypto_params->pmksa[i]) 519 continue; 520 if (qdf_is_macaddr_equal(&pmksa->bssid, 521 &crypto_params->pmksa[i]->bssid)) { 522 return crypto_params->pmksa[i]; 523 } else if (pmksa->ssid_len && 524 !qdf_mem_cmp(pmksa->ssid, 525 crypto_params->pmksa[i]->ssid, 526 pmksa->ssid_len) && 527 !qdf_mem_cmp(pmksa->cache_id, 528 crypto_params->pmksa[i]->cache_id, 529 WLAN_CACHE_ID_LEN)){ 530 return crypto_params->pmksa[i]; 531 } 532 } 533 534 return NULL; 535 } 536 537 struct wlan_crypto_pmksa * 538 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 539 { 540 struct wlan_crypto_comp_priv *crypto_priv; 541 struct wlan_crypto_params *crypto_params; 542 uint8_t i; 543 544 if (!bssid) { 545 crypto_err("bssid is NULL"); 546 return NULL; 547 } 548 crypto_priv = (struct wlan_crypto_comp_priv *) 549 wlan_get_vdev_crypto_obj(vdev); 550 551 if (!crypto_priv) { 552 crypto_err("crypto_priv NULL"); 553 return NULL; 554 } 555 556 crypto_params = &crypto_priv->crypto_params; 557 558 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 559 if (!crypto_params->pmksa[i]) 560 continue; 561 if (qdf_is_macaddr_equal(bssid, 562 &crypto_params->pmksa[i]->bssid)) { 563 return crypto_params->pmksa[i]; 564 } 565 } 566 567 return NULL; 568 } 569 570 struct wlan_crypto_pmksa * 571 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev, 572 uint8_t *cache_id, uint8_t *ssid, 573 uint8_t ssid_len) 574 { 575 struct wlan_crypto_comp_priv *crypto_priv; 576 struct wlan_crypto_params *crypto_params; 577 uint8_t i; 578 579 crypto_priv = (struct wlan_crypto_comp_priv *) 580 wlan_get_vdev_crypto_obj(vdev); 581 582 if (!crypto_priv) { 583 crypto_err("crypto_priv NULL"); 584 return NULL; 585 } 586 587 crypto_params = &crypto_priv->crypto_params; 588 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 589 if (!crypto_params->pmksa[i]) 590 continue; 591 592 if (!qdf_mem_cmp(cache_id, 593 crypto_params->pmksa[i]->cache_id, 594 WLAN_CACHE_ID_LEN) && 595 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid, 596 ssid_len) && 597 ssid_len == crypto_params->pmksa[i]->ssid_len) 598 return crypto_params->pmksa[i]; 599 } 600 601 return NULL; 602 } 603 604 /** 605 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 606 * @vdev: vdev 607 * @peer: peer 608 * 609 * This function gets called to check is HT allowed for cipher. 610 * HT is not allowed for wep and tkip. 611 * 612 * Return: 0 - not allowed or 1 - allowed 613 */ 614 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 615 struct wlan_objmgr_peer *peer) 616 { 617 int32_t ucast_cipher; 618 619 if (!(vdev || peer)) { 620 crypto_err("Invalid params"); 621 return 0; 622 } 623 624 if (vdev) 625 ucast_cipher = wlan_crypto_get_param(vdev, 626 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 627 else 628 ucast_cipher = wlan_crypto_get_peer_param(peer, 629 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 630 631 if (ucast_cipher == -1) { 632 crypto_err("Invalid params"); 633 return 0; 634 } 635 636 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 637 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 638 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 639 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 640 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 641 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 642 } 643 qdf_export_symbol(wlan_crypto_is_htallowed); 644 645 /** 646 * wlan_crypto_setkey - called by ucfg to setkey 647 * @vdev: vdev 648 * @req_key: req_key with cipher type, key macaddress 649 * 650 * This function gets called from ucfg to sey key 651 * 652 * Return: QDF_STATUS_SUCCESS - in case of success 653 */ 654 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 655 struct wlan_crypto_req_key *req_key){ 656 657 QDF_STATUS status = QDF_STATUS_E_INVAL; 658 struct wlan_crypto_comp_priv *crypto_priv; 659 struct wlan_crypto_params *crypto_params; 660 struct wlan_objmgr_psoc *psoc; 661 struct wlan_objmgr_peer *peer; 662 struct wlan_crypto_key *key = NULL; 663 const struct wlan_crypto_cipher *cipher; 664 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 665 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 666 bool isbcast; 667 enum QDF_OPMODE vdev_mode; 668 uint8_t igtk_idx = 0; 669 uint8_t bigtk_idx = 0; 670 struct wlan_lmac_if_tx_ops *tx_ops; 671 672 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 673 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 674 return QDF_STATUS_E_INVAL; 675 } 676 677 isbcast = qdf_is_macaddr_group( 678 (struct qdf_mac_addr *)req_key->macaddr); 679 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 680 /* zero length keys, only set default key id if flags are set*/ 681 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 682 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 683 && (!IS_MGMT_CIPHER(req_key->type))) { 684 wlan_crypto_default_key(vdev, 685 req_key->macaddr, 686 req_key->keyix, 687 !isbcast); 688 return QDF_STATUS_SUCCESS; 689 } 690 crypto_err("req_key len zero"); 691 return QDF_STATUS_E_INVAL; 692 } 693 694 cipher = wlan_crypto_cipher_ops[req_key->type]; 695 696 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 697 crypto_err("cipher invalid"); 698 return QDF_STATUS_E_INVAL; 699 } 700 701 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 702 (!IS_MGMT_CIPHER(req_key->type)) && 703 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 704 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 705 crypto_err("cipher invalid"); 706 return QDF_STATUS_E_INVAL; 707 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 708 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 709 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 710 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 711 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 712 return QDF_STATUS_E_INVAL; 713 } 714 715 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 716 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 717 | WLAN_CRYPTO_KEY_RECV)) { 718 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 719 | WLAN_CRYPTO_KEY_RECV); 720 } 721 } else { 722 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 723 && (!IS_MGMT_CIPHER(req_key->type))) { 724 return QDF_STATUS_E_INVAL; 725 } 726 727 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 728 | WLAN_CRYPTO_KEY_RECV); 729 if (isbcast) 730 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 731 } 732 733 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 734 735 wlan_vdev_obj_lock(vdev); 736 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 737 QDF_MAC_ADDR_SIZE); 738 psoc = wlan_vdev_get_psoc(vdev); 739 if (!psoc) { 740 wlan_vdev_obj_unlock(vdev); 741 crypto_err("psoc NULL"); 742 return QDF_STATUS_E_INVAL; 743 } 744 wlan_vdev_obj_unlock(vdev); 745 746 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 747 if (wlan_crypto_vdev_has_auth_mode(vdev, 748 (1 << WLAN_CRYPTO_AUTH_8021X))) { 749 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 750 } 751 } 752 753 if (isbcast) { 754 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 755 &crypto_priv); 756 if (!crypto_priv) { 757 crypto_err("crypto_priv NULL"); 758 return QDF_STATUS_E_INVAL; 759 } 760 761 if (IS_MGMT_CIPHER(req_key->type)) { 762 struct wlan_crypto_key *crypto_key = NULL; 763 764 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 765 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 766 if (!is_igtk(req_key->keyix) && 767 !(is_bigtk(req_key->keyix))) { 768 crypto_err("igtk/bigtk key invalid keyid %d", 769 req_key->keyix); 770 return QDF_STATUS_E_INVAL; 771 } 772 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 773 if (!key) 774 return QDF_STATUS_E_NOMEM; 775 776 777 if (is_igtk(req_key->keyix)) { 778 crypto_key = crypto_priv->igtk_key[igtk_idx]; 779 if (crypto_key) 780 qdf_mem_free(crypto_key); 781 782 crypto_priv->igtk_key[igtk_idx] = key; 783 crypto_priv->igtk_key_type = req_key->type; 784 crypto_priv->def_igtk_tx_keyid = igtk_idx; 785 bigtk_idx = 0; 786 } else { 787 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 788 if (crypto_key) 789 qdf_mem_free(crypto_key); 790 791 crypto_priv->bigtk_key[bigtk_idx] = key; 792 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 793 igtk_idx = 0; 794 } 795 } else { 796 if (IS_FILS_CIPHER(req_key->type)) { 797 crypto_err("FILS key is not for BroadCast pkt"); 798 return QDF_STATUS_E_INVAL; 799 } 800 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 801 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 802 return QDF_STATUS_E_INVAL; 803 } 804 if (!crypto_priv->key[req_key->keyix]) { 805 crypto_priv->key[req_key->keyix] 806 = qdf_mem_malloc( 807 sizeof(struct wlan_crypto_key)); 808 if (!crypto_priv->key[req_key->keyix]) 809 return QDF_STATUS_E_NOMEM; 810 } 811 key = crypto_priv->key[req_key->keyix]; 812 } 813 if (vdev_mode == QDF_STA_MODE) { 814 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 815 WLAN_CRYPTO_ID); 816 if (!peer) { 817 crypto_err("peer NULL"); 818 if (IS_MGMT_CIPHER(req_key->type)) { 819 crypto_priv->igtk_key[igtk_idx] = NULL; 820 crypto_priv->bigtk_key[bigtk_idx] 821 = NULL; 822 crypto_priv->igtk_key_type 823 = WLAN_CRYPTO_CIPHER_NONE; 824 } else 825 crypto_priv->key[req_key->keyix] = NULL; 826 if (key) 827 qdf_mem_free(key); 828 return QDF_STATUS_E_INVAL; 829 } 830 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 831 QDF_MAC_ADDR_SIZE); 832 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 833 } 834 } else { 835 uint8_t pdev_id; 836 837 pdev_id = wlan_objmgr_pdev_get_pdev_id( 838 wlan_vdev_get_pdev(vdev)); 839 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 840 psoc, 841 pdev_id, 842 macaddr, 843 req_key->macaddr, 844 WLAN_CRYPTO_ID); 845 846 if (!peer) { 847 crypto_err("peer NULL"); 848 return QDF_STATUS_E_INVAL; 849 } 850 851 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 852 crypto_params = wlan_crypto_peer_get_comp_params(peer, 853 &crypto_priv); 854 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 855 856 if (!crypto_priv) { 857 crypto_err("crypto_priv NULL"); 858 return QDF_STATUS_E_INVAL; 859 } 860 if (IS_MGMT_CIPHER(req_key->type)) { 861 struct wlan_crypto_key *crypto_key = NULL; 862 863 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 864 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 865 if (!is_igtk(req_key->keyix) && 866 !(is_bigtk(req_key->keyix))) { 867 crypto_err("igtk/bigtk key invalid keyid %d", 868 req_key->keyix); 869 return QDF_STATUS_E_INVAL; 870 } 871 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 872 if (!key) 873 return QDF_STATUS_E_NOMEM; 874 875 if (is_igtk(req_key->keyix)) { 876 crypto_key = crypto_priv->igtk_key[igtk_idx]; 877 if (crypto_key) 878 qdf_mem_free(crypto_key); 879 880 crypto_priv->igtk_key[igtk_idx] = key; 881 crypto_priv->igtk_key_type = req_key->type; 882 crypto_priv->def_igtk_tx_keyid = igtk_idx; 883 } else { 884 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 885 if (crypto_key) 886 qdf_mem_free(crypto_key); 887 888 crypto_priv->bigtk_key[bigtk_idx] = key; 889 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 890 } 891 } else { 892 uint16_t kid = req_key->keyix; 893 if (kid == WLAN_CRYPTO_KEYIX_NONE) 894 kid = 0; 895 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 896 crypto_err("invalid keyid %d", kid); 897 return QDF_STATUS_E_INVAL; 898 } 899 if (!crypto_priv->key[kid]) { 900 crypto_priv->key[kid] 901 = qdf_mem_malloc( 902 sizeof(struct wlan_crypto_key)); 903 if (!crypto_priv->key[kid]) 904 return QDF_STATUS_E_NOMEM; 905 } 906 key = crypto_priv->key[kid]; 907 } 908 } 909 910 /* alloc key might not required as it is already there */ 911 key->cipher_table = (void *)cipher; 912 key->keylen = req_key->keylen; 913 key->flags = req_key->flags; 914 915 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 916 key->keyix = 0; 917 else 918 key->keyix = req_key->keyix; 919 920 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 921 && (!IS_MGMT_CIPHER(req_key->type))) { 922 crypto_priv->def_tx_keyid = key->keyix; 923 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 924 } 925 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 926 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 927 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 928 0x5c, 0x36, 0x5c, 0x36, 929 0x5c, 0x36, 0x5c, 0x36, 930 0x5c, 0x36, 0x5c, 0x37}; 931 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 932 0x5c, 0x36, 0x5c, 0x36, 933 0x5c, 0x36, 0x5c, 0x36, 934 0x5c, 0x36, 0x5c, 0x36}; 935 936 /* During Tx PN should be increment and 937 * send but as per our implementation we increment only after 938 * Tx complete. So First packet PN check will be failed. 939 * To compensate increment the PN here by 2 940 */ 941 if (vdev_mode == QDF_SAP_MODE) { 942 iv_AP[15] += 2; 943 qdf_mem_copy(key->recviv, iv_STA, 944 WLAN_CRYPTO_WAPI_IV_SIZE); 945 qdf_mem_copy(key->txiv, iv_AP, 946 WLAN_CRYPTO_WAPI_IV_SIZE); 947 } else { 948 iv_STA[15] += 2; 949 qdf_mem_copy(key->recviv, iv_AP, 950 WLAN_CRYPTO_WAPI_IV_SIZE); 951 qdf_mem_copy(key->txiv, iv_STA, 952 WLAN_CRYPTO_WAPI_IV_SIZE); 953 } 954 } else { 955 uint8_t i = 0; 956 qdf_mem_copy((uint8_t *)(&key->keytsc), 957 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 958 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 959 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 960 (uint8_t *)(&req_key->keyrsc), 961 sizeof(key->keyrsc[0])); 962 } 963 } 964 965 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 966 if (!tx_ops) { 967 crypto_err("tx_ops is NULL"); 968 return QDF_STATUS_E_INVAL; 969 } 970 971 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 972 key->valid = 1; 973 if ((IS_MGMT_CIPHER(req_key->type))) { 974 if (HAS_CIPHER_CAP(crypto_params, 975 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 976 is_bigtk(req_key->keyix)) { 977 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 978 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 979 key, macaddr, req_key->type); 980 } 981 } 982 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 983 status = wlan_crypto_set_igtk_key(key); 984 return status; 985 } else if (IS_FILS_CIPHER(req_key->type)) { 986 /* Take request key object to FILS setkey */ 987 key->private = req_key; 988 } else { 989 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 990 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, macaddr, 991 req_key->type); 992 } 993 } 994 status = cipher->setkey(key); 995 996 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 997 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 998 (!IS_MGMT_CIPHER(req_key->type))) { 999 /* default xmit key */ 1000 wlan_crypto_default_key(vdev, 1001 req_key->macaddr, 1002 req_key->keyix, 1003 !isbcast); 1004 } 1005 1006 return status; 1007 } 1008 1009 /** 1010 * wlan_crypto_get_keytype - get keytype 1011 * @key: key 1012 * 1013 * This function gets keytype from key 1014 * 1015 * Return: keytype 1016 */ 1017 wlan_crypto_cipher_type wlan_crypto_get_key_type( 1018 struct wlan_crypto_key *key){ 1019 if (key && key->cipher_table) { 1020 return ((struct wlan_crypto_cipher *) 1021 (key->cipher_table))->cipher; 1022 } 1023 return WLAN_CRYPTO_CIPHER_NONE; 1024 } 1025 qdf_export_symbol(wlan_crypto_get_key_type); 1026 /** 1027 * wlan_crypto_vdev_getkey - get key from vdev 1028 * @vdev: vdev 1029 * @keyix: keyix 1030 * 1031 * This function gets key from vdev 1032 * 1033 * Return: key or NULL 1034 */ 1035 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 1036 uint16_t keyix){ 1037 struct wlan_crypto_comp_priv *crypto_priv; 1038 struct wlan_crypto_params *crypto_params; 1039 struct wlan_crypto_key *key = NULL; 1040 1041 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1042 1043 if (!crypto_priv) { 1044 crypto_err("crypto_priv NULL"); 1045 return NULL; 1046 } 1047 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1048 * we return the default key, for all other keyix we return the 1049 * key accordingly. 1050 */ 1051 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1052 !is_valid_keyix(keyix)) 1053 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1054 else if (is_bigtk(keyix)) 1055 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1056 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1057 else if (is_igtk(keyix)) 1058 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1059 else 1060 key = crypto_priv->key[keyix]; 1061 1062 if (key && key->valid) 1063 return key; 1064 1065 return NULL; 1066 } 1067 qdf_export_symbol(wlan_crypto_vdev_getkey); 1068 1069 /** 1070 * wlan_crypto_peer_getkey - get key from peer 1071 * @peer: peer 1072 * @keyix: keyix 1073 * 1074 * This function gets key from peer 1075 * 1076 * Return: key or NULL 1077 */ 1078 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1079 uint16_t keyix){ 1080 struct wlan_crypto_comp_priv *crypto_priv; 1081 struct wlan_crypto_params *crypto_params; 1082 struct wlan_crypto_key *key = NULL; 1083 1084 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1085 1086 if (!crypto_priv) { 1087 crypto_err("crypto_priv NULL"); 1088 return NULL; 1089 } 1090 1091 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1092 * we return the default key, for all other keyix we return the 1093 * key accordingly. 1094 */ 1095 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1096 !is_valid_keyix(keyix)) 1097 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1098 else if (is_bigtk(keyix)) 1099 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1100 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1101 else if (is_igtk(keyix)) 1102 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1103 else 1104 key = crypto_priv->key[keyix]; 1105 1106 if (key && key->valid) 1107 return key; 1108 1109 return NULL; 1110 } 1111 qdf_export_symbol(wlan_crypto_peer_getkey); 1112 1113 /** 1114 * wlan_crypto_getkey - called by ucfg to get key 1115 * @vdev: vdev 1116 * @req_key: key value will be copied in this req_key 1117 * @mac_address: mac address of the peer for unicast key 1118 * or broadcast address if group key is requested. 1119 * 1120 * This function gets called from ucfg to get key 1121 * 1122 * Return: QDF_STATUS_SUCCESS - in case of success 1123 */ 1124 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1125 struct wlan_crypto_req_key *req_key, 1126 uint8_t *mac_addr){ 1127 struct wlan_crypto_cipher *cipher_table; 1128 struct wlan_crypto_key *key; 1129 struct wlan_objmgr_psoc *psoc; 1130 struct wlan_lmac_if_tx_ops *tx_ops; 1131 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1132 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1133 1134 wlan_vdev_obj_lock(vdev); 1135 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1136 QDF_MAC_ADDR_SIZE); 1137 psoc = wlan_vdev_get_psoc(vdev); 1138 if (!psoc) { 1139 wlan_vdev_obj_unlock(vdev); 1140 crypto_err("psoc NULL"); 1141 return QDF_STATUS_E_INVAL; 1142 } 1143 wlan_vdev_obj_unlock(vdev); 1144 1145 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1146 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1147 if (!key) 1148 return QDF_STATUS_E_INVAL; 1149 } else { 1150 struct wlan_objmgr_peer *peer; 1151 uint8_t pdev_id; 1152 1153 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1154 wlan_vdev_get_pdev(vdev)); 1155 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1156 psoc, 1157 pdev_id, 1158 macaddr, 1159 mac_addr, 1160 WLAN_CRYPTO_ID); 1161 if (!peer) { 1162 crypto_err("peer NULL"); 1163 return QDF_STATUS_E_NOENT; 1164 } 1165 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1166 1167 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1168 if (!tx_ops) { 1169 crypto_err("tx_ops is NULL"); 1170 return QDF_STATUS_E_INVAL; 1171 } 1172 1173 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops) && 1174 (req_key->flags & WLAN_CRYPTO_KEY_GET_PN)) 1175 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, mac_addr, 1176 req_key->type); 1177 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1178 if (!key) 1179 return QDF_STATUS_E_INVAL; 1180 } 1181 1182 if (key->valid) { 1183 qdf_mem_copy(req_key->keydata, 1184 key->keyval, key->keylen); 1185 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1186 (uint8_t *)(&key->keytsc), 1187 sizeof(req_key->keytsc)); 1188 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1189 (uint8_t *)(&key->keyrsc[0]), 1190 sizeof(req_key->keyrsc)); 1191 req_key->keylen = key->keylen; 1192 req_key->flags = key->flags; 1193 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1194 1195 if (!cipher_table) 1196 return QDF_STATUS_SUCCESS; 1197 1198 req_key->type = cipher_table->cipher; 1199 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1200 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1201 (uint8_t *)(key->txiv), 1202 sizeof(req_key->txiv)); 1203 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1204 (uint8_t *)(key->recviv), 1205 sizeof(req_key->recviv)); 1206 } 1207 } 1208 1209 return QDF_STATUS_SUCCESS; 1210 } 1211 1212 /** 1213 * wlan_crypto_delkey - called by ucfg to delete key 1214 * @vdev: vdev 1215 * @mac_address: mac address of the peer for unicast key 1216 * or broadcast address if group key is deleted. 1217 * @key_idx: key index to be deleted 1218 * 1219 * This function gets called from ucfg to delete key 1220 * 1221 * Return: QDF_STATUS_SUCCESS - in case of success 1222 */ 1223 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1224 uint8_t *macaddr, 1225 uint8_t key_idx){ 1226 struct wlan_crypto_comp_priv *crypto_priv; 1227 struct wlan_crypto_params *crypto_params; 1228 struct wlan_crypto_key *key; 1229 struct wlan_crypto_cipher *cipher_table; 1230 struct wlan_objmgr_psoc *psoc; 1231 struct wlan_lmac_if_tx_ops *tx_ops; 1232 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1233 1234 if (!vdev || !macaddr || 1235 !is_valid_keyix(key_idx)) { 1236 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1237 vdev, macaddr, key_idx); 1238 return QDF_STATUS_E_INVAL; 1239 } 1240 1241 wlan_vdev_obj_lock(vdev); 1242 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1243 QDF_MAC_ADDR_SIZE); 1244 psoc = wlan_vdev_get_psoc(vdev); 1245 if (!psoc) { 1246 wlan_vdev_obj_unlock(vdev); 1247 crypto_err("psoc NULL"); 1248 return QDF_STATUS_E_INVAL; 1249 } 1250 wlan_vdev_obj_unlock(vdev); 1251 1252 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1253 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1254 &crypto_priv); 1255 if (!crypto_priv) { 1256 crypto_err("crypto_priv NULL"); 1257 return QDF_STATUS_E_INVAL; 1258 } 1259 } else { 1260 struct wlan_objmgr_peer *peer; 1261 uint8_t pdev_id; 1262 1263 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1264 wlan_vdev_get_pdev(vdev)); 1265 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1266 psoc, pdev_id, 1267 bssid_mac, 1268 macaddr, 1269 WLAN_CRYPTO_ID); 1270 if (!peer) { 1271 return QDF_STATUS_E_INVAL; 1272 } 1273 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1274 &crypto_priv); 1275 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1276 if (!crypto_priv) { 1277 crypto_err("crypto_priv NULL"); 1278 return QDF_STATUS_E_INVAL; 1279 } 1280 } 1281 1282 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1283 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1284 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1285 1286 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1287 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1288 return QDF_STATUS_E_INVAL; 1289 } 1290 if (is_igtk(key_idx)) { 1291 key = crypto_priv->igtk_key[igtk_idx]; 1292 crypto_priv->igtk_key[igtk_idx] = NULL; 1293 } else { 1294 key = crypto_priv->bigtk_key[bigtk_idx]; 1295 crypto_priv->bigtk_key[bigtk_idx] = NULL; 1296 } 1297 if (key) 1298 key->valid = 0; 1299 } else { 1300 key = crypto_priv->key[key_idx]; 1301 crypto_priv->key[key_idx] = NULL; 1302 } 1303 1304 if (!key) 1305 return QDF_STATUS_E_INVAL; 1306 1307 if (key->valid) { 1308 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1309 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1310 1311 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1312 if (!tx_ops) { 1313 crypto_err("tx_ops is NULL"); 1314 return QDF_STATUS_E_INVAL; 1315 } 1316 1317 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1318 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1319 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1320 cipher_table->cipher); 1321 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1322 if (key->private) 1323 qdf_mem_free(key->private); 1324 } 1325 } 1326 1327 /* Zero-out local key variables */ 1328 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1329 qdf_mem_free(key); 1330 1331 return QDF_STATUS_SUCCESS; 1332 } 1333 1334 #ifdef CRYPTO_SET_KEY_CONVERGED 1335 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1336 uint8_t key_idx, uint8_t *macaddr) 1337 { 1338 return QDF_STATUS_SUCCESS; 1339 } 1340 #else 1341 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1342 uint8_t key_idx, uint8_t *macaddr) 1343 { 1344 struct wlan_objmgr_psoc *psoc; 1345 struct wlan_lmac_if_tx_ops *tx_ops; 1346 1347 psoc = wlan_vdev_get_psoc(vdev); 1348 if (!psoc) { 1349 crypto_err("psoc is NULL"); 1350 return QDF_STATUS_E_INVAL; 1351 } 1352 1353 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1354 if (!tx_ops) { 1355 crypto_err("tx_ops is NULL"); 1356 return QDF_STATUS_E_INVAL; 1357 } 1358 1359 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1360 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1361 1362 return QDF_STATUS_SUCCESS; 1363 } 1364 #endif 1365 1366 /** 1367 * wlan_crypto_default_key - called by ucfg to set default tx key 1368 * @vdev: vdev 1369 * @mac_address: mac address of the peer for unicast key 1370 * or broadcast address if group key need to made default. 1371 * @key_idx: key index to be made as default key 1372 * @unicast: is key was unicast or group key. 1373 * 1374 * This function gets called from ucfg to set default key 1375 * 1376 * Return: QDF_STATUS_SUCCESS - in case of success 1377 */ 1378 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1379 uint8_t *macaddr, 1380 uint8_t key_idx, 1381 bool unicast){ 1382 struct wlan_crypto_comp_priv *crypto_priv; 1383 struct wlan_crypto_params *crypto_params; 1384 struct wlan_crypto_key *key; 1385 struct wlan_objmgr_psoc *psoc; 1386 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1387 1388 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1389 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1390 vdev, macaddr, key_idx); 1391 return QDF_STATUS_E_INVAL; 1392 } 1393 1394 wlan_vdev_obj_lock(vdev); 1395 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1396 QDF_MAC_ADDR_SIZE); 1397 psoc = wlan_vdev_get_psoc(vdev); 1398 if (!psoc) { 1399 wlan_vdev_obj_unlock(vdev); 1400 crypto_err("psoc NULL"); 1401 return QDF_STATUS_E_INVAL; 1402 } 1403 wlan_vdev_obj_unlock(vdev); 1404 1405 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1406 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1407 &crypto_priv); 1408 if (!crypto_priv) { 1409 crypto_err("crypto_priv NULL"); 1410 return QDF_STATUS_E_INVAL; 1411 } 1412 1413 key = crypto_priv->key[key_idx]; 1414 if (!key) 1415 return QDF_STATUS_E_INVAL; 1416 } else { 1417 struct wlan_objmgr_peer *peer; 1418 uint8_t pdev_id; 1419 1420 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1421 wlan_vdev_get_pdev(vdev)); 1422 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1423 psoc, pdev_id, 1424 bssid_mac, 1425 macaddr, 1426 WLAN_CRYPTO_ID); 1427 1428 if (!peer) { 1429 crypto_err("peer NULL"); 1430 return QDF_STATUS_E_INVAL; 1431 } 1432 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1433 &crypto_priv); 1434 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1435 if (!crypto_priv) { 1436 crypto_err("crypto_priv NULL"); 1437 return QDF_STATUS_E_INVAL; 1438 } 1439 1440 key = crypto_priv->key[key_idx]; 1441 if (!key) 1442 return QDF_STATUS_E_INVAL; 1443 } 1444 if (!key->valid) 1445 return QDF_STATUS_E_INVAL; 1446 1447 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1448 QDF_STATUS_SUCCESS) 1449 return QDF_STATUS_E_INVAL; 1450 crypto_priv->def_tx_keyid = key_idx; 1451 1452 return QDF_STATUS_SUCCESS; 1453 } 1454 1455 /** 1456 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1457 * @vdev: vdev 1458 * @wbuf: wbuf 1459 * @macaddr: macaddr 1460 * @encapdone: is encapdone already or not. 1461 * 1462 * This function gets called from mgmt txrx to encap frame. 1463 * 1464 * Return: QDF_STATUS_SUCCESS - in case of success 1465 */ 1466 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1467 qdf_nbuf_t wbuf, 1468 uint8_t *mac_addr, 1469 uint8_t encapdone){ 1470 struct wlan_crypto_comp_priv *crypto_priv; 1471 struct wlan_crypto_params *crypto_params; 1472 struct wlan_crypto_key *key; 1473 QDF_STATUS status; 1474 struct wlan_crypto_cipher *cipher_table; 1475 struct wlan_objmgr_psoc *psoc; 1476 struct wlan_objmgr_peer *peer; 1477 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1478 uint8_t pdev_id; 1479 uint8_t hdrlen; 1480 enum QDF_OPMODE opmode; 1481 1482 opmode = wlan_vdev_mlme_get_opmode(vdev); 1483 wlan_vdev_obj_lock(vdev); 1484 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1485 QDF_MAC_ADDR_SIZE); 1486 psoc = wlan_vdev_get_psoc(vdev); 1487 if (!psoc) { 1488 wlan_vdev_obj_unlock(vdev); 1489 crypto_err("psoc NULL"); 1490 return QDF_STATUS_E_INVAL; 1491 } 1492 wlan_vdev_obj_unlock(vdev); 1493 1494 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1495 /* FILS Encap required only for (Re-)Assoc response */ 1496 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1497 1498 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1499 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1500 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1501 return QDF_STATUS_E_INVAL; 1502 } 1503 1504 if (peer) 1505 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1506 1507 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1508 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1509 &crypto_priv); 1510 if (!crypto_priv) { 1511 crypto_err("crypto_priv NULL"); 1512 return QDF_STATUS_E_INVAL; 1513 } 1514 1515 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1516 if (!key) 1517 return QDF_STATUS_E_INVAL; 1518 1519 } else { 1520 struct wlan_objmgr_peer *peer; 1521 uint8_t pdev_id; 1522 1523 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1524 wlan_vdev_get_pdev(vdev)); 1525 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1526 bssid_mac, mac_addr, 1527 WLAN_CRYPTO_ID); 1528 1529 if (!peer) { 1530 crypto_err("crypto_priv NULL"); 1531 return QDF_STATUS_E_INVAL; 1532 } 1533 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1534 &crypto_priv); 1535 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1536 1537 if (!crypto_priv) { 1538 crypto_err("crypto_priv NULL"); 1539 return QDF_STATUS_E_INVAL; 1540 } 1541 1542 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1543 if (!key) 1544 return QDF_STATUS_E_INVAL; 1545 } 1546 if (opmode == QDF_MONITOR_MODE) 1547 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1548 else 1549 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1550 (uint8_t *)qdf_nbuf_data(wbuf)); 1551 1552 /* if tkip, is counter measures enabled, then drop the frame */ 1553 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1554 status = cipher_table->encap(key, wbuf, encapdone, 1555 hdrlen); 1556 1557 return status; 1558 } 1559 qdf_export_symbol(wlan_crypto_encap); 1560 1561 /** 1562 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1563 * @vdev: vdev 1564 * @wbuf: wbuf 1565 * @macaddr: macaddr 1566 * @tid: tid of the frame 1567 * 1568 * This function gets called from mgmt txrx to decap frame. 1569 * 1570 * Return: QDF_STATUS_SUCCESS - in case of success 1571 */ 1572 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1573 qdf_nbuf_t wbuf, 1574 uint8_t *mac_addr, 1575 uint8_t tid){ 1576 struct wlan_crypto_comp_priv *crypto_priv; 1577 struct wlan_crypto_params *crypto_params; 1578 struct wlan_crypto_key *key; 1579 QDF_STATUS status; 1580 struct wlan_crypto_cipher *cipher_table; 1581 struct wlan_objmgr_psoc *psoc; 1582 struct wlan_objmgr_peer *peer; 1583 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1584 uint8_t keyid; 1585 uint8_t pdev_id; 1586 uint8_t hdrlen; 1587 enum QDF_OPMODE opmode; 1588 1589 opmode = wlan_vdev_mlme_get_opmode(vdev); 1590 wlan_vdev_obj_lock(vdev); 1591 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1592 QDF_MAC_ADDR_SIZE); 1593 psoc = wlan_vdev_get_psoc(vdev); 1594 if (!psoc) { 1595 wlan_vdev_obj_unlock(vdev); 1596 crypto_err("psoc NULL"); 1597 return QDF_STATUS_E_INVAL; 1598 } 1599 wlan_vdev_obj_unlock(vdev); 1600 1601 if (opmode == QDF_MONITOR_MODE) 1602 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1603 else 1604 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1605 (uint8_t *)qdf_nbuf_data(wbuf)); 1606 1607 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1608 1609 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1610 return QDF_STATUS_E_INVAL; 1611 1612 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1613 /* FILS Decap required only for (Re-)Assoc request */ 1614 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1615 1616 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1617 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1618 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1619 return QDF_STATUS_E_INVAL; 1620 } 1621 1622 if (peer) 1623 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1624 1625 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1626 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1627 &crypto_priv); 1628 if (!crypto_priv) { 1629 crypto_err("crypto_priv NULL"); 1630 return QDF_STATUS_E_INVAL; 1631 } 1632 1633 key = crypto_priv->key[keyid]; 1634 if (!key) 1635 return QDF_STATUS_E_INVAL; 1636 1637 } else { 1638 struct wlan_objmgr_peer *peer; 1639 uint8_t pdev_id; 1640 1641 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1642 wlan_vdev_get_pdev(vdev)); 1643 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1644 psoc, pdev_id, bssid_mac, 1645 mac_addr, WLAN_CRYPTO_ID); 1646 if (!peer) { 1647 crypto_err("peer NULL"); 1648 return QDF_STATUS_E_INVAL; 1649 } 1650 1651 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1652 &crypto_priv); 1653 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1654 1655 if (!crypto_priv) { 1656 crypto_err("crypto_priv NULL"); 1657 return QDF_STATUS_E_INVAL; 1658 } 1659 1660 key = crypto_priv->key[keyid]; 1661 if (!key) 1662 return QDF_STATUS_E_INVAL; 1663 } 1664 /* if tkip, is counter measures enabled, then drop the frame */ 1665 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1666 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1667 1668 return status; 1669 } 1670 qdf_export_symbol(wlan_crypto_decap); 1671 /** 1672 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1673 * @vdev: vdev 1674 * @wbuf: wbuf 1675 * @macaddr: macaddr 1676 * @encapdone: is encapdone already or not. 1677 * 1678 * This function gets called from mgmt txrx to adding mic to the frame. 1679 * 1680 * Return: QDF_STATUS_SUCCESS - in case of success 1681 */ 1682 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1683 qdf_nbuf_t wbuf, 1684 uint8_t *mac_addr, 1685 uint8_t encapdone){ 1686 struct wlan_crypto_comp_priv *crypto_priv; 1687 struct wlan_crypto_params *crypto_params; 1688 struct wlan_crypto_key *key; 1689 QDF_STATUS status; 1690 struct wlan_crypto_cipher *cipher_table; 1691 struct wlan_objmgr_psoc *psoc; 1692 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1693 uint8_t hdrlen; 1694 enum QDF_OPMODE opmode; 1695 1696 opmode = wlan_vdev_mlme_get_opmode(vdev); 1697 1698 1699 wlan_vdev_obj_lock(vdev); 1700 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1701 QDF_MAC_ADDR_SIZE); 1702 psoc = wlan_vdev_get_psoc(vdev); 1703 if (!psoc) { 1704 wlan_vdev_obj_unlock(vdev); 1705 crypto_err("psoc NULL"); 1706 return QDF_STATUS_E_INVAL; 1707 } 1708 wlan_vdev_obj_unlock(vdev); 1709 1710 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1711 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1712 &crypto_priv); 1713 if (!crypto_priv) { 1714 crypto_err("crypto_priv NULL"); 1715 return QDF_STATUS_E_INVAL; 1716 } 1717 1718 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1719 if (!key) 1720 return QDF_STATUS_E_INVAL; 1721 1722 } else { 1723 struct wlan_objmgr_peer *peer; 1724 uint8_t pdev_id; 1725 1726 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1727 wlan_vdev_get_pdev(vdev)); 1728 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1729 psoc, pdev_id, bssid_mac, 1730 mac_addr, WLAN_CRYPTO_ID); 1731 if (!peer) { 1732 crypto_err("crypto_priv NULL"); 1733 return QDF_STATUS_E_INVAL; 1734 } 1735 1736 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1737 &crypto_priv); 1738 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1739 1740 if (!crypto_priv) { 1741 crypto_err("crypto_priv NULL"); 1742 return QDF_STATUS_E_INVAL; 1743 } 1744 1745 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1746 if (!key) 1747 return QDF_STATUS_E_INVAL; 1748 } 1749 if (opmode == QDF_MONITOR_MODE) 1750 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1751 else 1752 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1753 (uint8_t *)qdf_nbuf_data(wbuf)); 1754 1755 /* if tkip, is counter measures enabled, then drop the frame */ 1756 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1757 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1758 1759 return status; 1760 } 1761 1762 /** 1763 * wlan_crypto_demic - called by mgmt for remove and check mic for 1764 * the frame based on cipher 1765 * @vdev: vdev 1766 * @wbuf: wbuf 1767 * @macaddr: macaddr 1768 * @tid: tid of the frame 1769 * @keyid: keyid in the received frame 1770 * This function gets called from mgmt txrx to decap frame. 1771 * 1772 * Return: QDF_STATUS_SUCCESS - in case of success 1773 */ 1774 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1775 qdf_nbuf_t wbuf, 1776 uint8_t *mac_addr, 1777 uint8_t tid, 1778 uint8_t keyid){ 1779 struct wlan_crypto_comp_priv *crypto_priv; 1780 struct wlan_crypto_params *crypto_params; 1781 struct wlan_crypto_key *key; 1782 QDF_STATUS status; 1783 struct wlan_crypto_cipher *cipher_table; 1784 struct wlan_objmgr_psoc *psoc; 1785 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1786 uint8_t hdrlen; 1787 enum QDF_OPMODE opmode; 1788 1789 opmode = wlan_vdev_mlme_get_opmode(vdev); 1790 1791 if (opmode == QDF_MONITOR_MODE) 1792 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1793 else 1794 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1795 (uint8_t *)qdf_nbuf_data(wbuf)); 1796 1797 wlan_vdev_obj_lock(vdev); 1798 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1799 QDF_MAC_ADDR_SIZE); 1800 psoc = wlan_vdev_get_psoc(vdev); 1801 if (!psoc) { 1802 wlan_vdev_obj_unlock(vdev); 1803 crypto_err("psoc NULL"); 1804 return QDF_STATUS_E_INVAL; 1805 } 1806 wlan_vdev_obj_unlock(vdev); 1807 1808 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1809 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1810 &crypto_priv); 1811 if (!crypto_priv) { 1812 crypto_err("crypto_priv NULL"); 1813 return QDF_STATUS_E_INVAL; 1814 } 1815 1816 key = crypto_priv->key[keyid]; 1817 if (!key) 1818 return QDF_STATUS_E_INVAL; 1819 1820 } else { 1821 struct wlan_objmgr_peer *peer; 1822 uint8_t pdev_id; 1823 1824 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1825 wlan_vdev_get_pdev(vdev)); 1826 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1827 psoc, pdev_id, bssid_mac, 1828 mac_addr, WLAN_CRYPTO_ID); 1829 if (!peer) { 1830 crypto_err("peer NULL"); 1831 return QDF_STATUS_E_INVAL; 1832 } 1833 1834 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1835 &crypto_priv); 1836 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1837 1838 if (!crypto_priv) { 1839 crypto_err("crypto_priv NULL"); 1840 return QDF_STATUS_E_INVAL; 1841 } 1842 1843 key = crypto_priv->key[keyid]; 1844 if (!key) 1845 return QDF_STATUS_E_INVAL; 1846 } 1847 /* if tkip, is counter measures enabled, then drop the frame */ 1848 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1849 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1850 1851 return status; 1852 } 1853 1854 /** 1855 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1856 * @vdev: vdev 1857 * 1858 * This function gets called to check is pmf enabled or not in vdev. 1859 * 1860 * Return: true or false 1861 */ 1862 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1863 { 1864 1865 struct wlan_crypto_comp_priv *crypto_priv; 1866 struct wlan_crypto_params *vdev_crypto_params; 1867 1868 if (!vdev) 1869 return false; 1870 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1871 &crypto_priv); 1872 if (!crypto_priv) { 1873 crypto_err("crypto_priv NULL"); 1874 return false; 1875 } 1876 1877 if ((vdev_crypto_params->rsn_caps & 1878 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1879 || (vdev_crypto_params->rsn_caps & 1880 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1881 return true; 1882 } 1883 1884 return false; 1885 } 1886 1887 /** 1888 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 1889 * @vdev: vdev 1890 * 1891 * This function gets called to check is pmf required or not in vdev. 1892 * 1893 * Return: true or false 1894 */ 1895 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 1896 { 1897 struct wlan_crypto_comp_priv *crypto_priv; 1898 struct wlan_crypto_params *vdev_crypto_params; 1899 1900 if (!vdev) 1901 return false; 1902 1903 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1904 &crypto_priv); 1905 if (!crypto_priv) { 1906 crypto_err("crypto_priv NULL"); 1907 return false; 1908 } 1909 1910 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 1911 return true; 1912 1913 return false; 1914 } 1915 1916 /** 1917 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1918 * @vdev: vdev 1919 * @peer: peer 1920 * 1921 * This function gets called by mgmt txrx to check is pmf enabled or not. 1922 * 1923 * Return: true or false 1924 */ 1925 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1926 struct wlan_objmgr_peer *peer){ 1927 1928 struct wlan_crypto_comp_priv *crypto_priv; 1929 struct wlan_crypto_params *vdev_crypto_params; 1930 struct wlan_crypto_params *peer_crypto_params; 1931 1932 if (!vdev || !peer) 1933 return false; 1934 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1935 &crypto_priv); 1936 if (!crypto_priv) { 1937 crypto_err("crypto_priv NULL"); 1938 return false; 1939 } 1940 1941 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1942 &crypto_priv); 1943 if (!crypto_priv) { 1944 crypto_err("crypto_priv NULL"); 1945 return false; 1946 } 1947 if (((vdev_crypto_params->rsn_caps & 1948 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1949 (peer_crypto_params->rsn_caps & 1950 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1951 || (vdev_crypto_params->rsn_caps & 1952 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1953 return true; 1954 } 1955 1956 return false; 1957 } 1958 1959 /** 1960 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 1961 * @vdev: vdev 1962 * @peer: peer 1963 * @keyidx : key index 1964 * 1965 * This function gets called by mgmt txrx to check if key is valid 1966 * 1967 * Return: true or false 1968 */ 1969 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 1970 struct wlan_objmgr_peer *peer, 1971 uint16_t keyidx) 1972 { 1973 struct wlan_crypto_key *key = NULL; 1974 1975 if (!vdev && !peer) 1976 return false; 1977 1978 if (peer) 1979 key = wlan_crypto_peer_getkey(peer, keyidx); 1980 else if (vdev) 1981 key = wlan_crypto_vdev_getkey(vdev, keyidx); 1982 1983 if ((key) && key->valid) 1984 return true; 1985 1986 return false; 1987 } 1988 1989 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1990 { 1991 a[0] = b[5]; 1992 a[1] = b[4]; 1993 a[2] = b[3]; 1994 a[3] = b[2]; 1995 a[4] = b[1]; 1996 a[5] = b[0]; 1997 } 1998 1999 /** 2000 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 2001 * @vdev: vdev 2002 * @bfrm: frame starting pointer 2003 * @len: length of the frame 2004 * 2005 * This function gets called by mgmt txrx to add mmie in frame 2006 * 2007 * Return: end of frame or NULL in case failure 2008 */ 2009 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 2010 uint8_t *bfrm, 2011 uint32_t len) { 2012 struct wlan_crypto_key *key; 2013 struct wlan_crypto_mmie *mmie; 2014 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 2015 struct wlan_frame_hdr *hdr; 2016 uint32_t i, hdrlen, mic_len, aad_len; 2017 uint8_t mic[16]; 2018 struct wlan_crypto_comp_priv *crypto_priv; 2019 struct wlan_crypto_params *crypto_params; 2020 int32_t ret = -1; 2021 2022 if (!bfrm) { 2023 crypto_err("frame is NULL"); 2024 return NULL; 2025 } 2026 2027 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2028 &crypto_priv); 2029 if (!crypto_priv) { 2030 crypto_err("crypto_priv NULL"); 2031 return NULL; 2032 } 2033 2034 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 2035 crypto_err("igtk key invalid keyid %d", 2036 crypto_priv->def_igtk_tx_keyid); 2037 return NULL; 2038 } 2039 2040 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 2041 if (!key) { 2042 crypto_err("No igtk key present"); 2043 return NULL; 2044 } 2045 mic_len = (crypto_priv->igtk_key_type 2046 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2047 2048 efrm = bfrm + len; 2049 aad_len = 20; 2050 hdrlen = sizeof(struct wlan_frame_hdr); 2051 len += sizeof(struct wlan_crypto_mmie); 2052 2053 mmie = (struct wlan_crypto_mmie *) efrm; 2054 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2055 mmie->element_id = WLAN_ELEMID_MMIE; 2056 mmie->length = sizeof(*mmie) - 2; 2057 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2058 2059 mic_len = (crypto_priv->igtk_key_type 2060 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2061 if (mic_len == 8) { 2062 mmie->length -= 8; 2063 len -= 8; 2064 } 2065 /* PN = PN + 1 */ 2066 pn = (uint8_t *)&key->keytsc; 2067 2068 for (i = 0; i <= 5; i++) { 2069 pn[i]++; 2070 if (pn[i]) 2071 break; 2072 } 2073 2074 /* Copy IPN */ 2075 qdf_mem_copy(mmie->sequence_number, pn, 6); 2076 2077 hdr = (struct wlan_frame_hdr *) bfrm; 2078 2079 buf = qdf_mem_malloc(len - hdrlen + 20); 2080 if (!buf) 2081 return NULL; 2082 2083 qdf_mem_zero(buf, len - hdrlen + 20); 2084 aad = buf; 2085 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2086 2087 /* FC type/subtype */ 2088 aad[0] = hdr->i_fc[0]; 2089 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2090 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2091 | WLAN_FC1_MOREDATA)); 2092 /* A1 || A2 || A3 */ 2093 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2094 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2095 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2096 qdf_mem_zero(mic, 16); 2097 2098 /* 2099 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2100 */ 2101 2102 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2103 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2104 2105 ret = omac1_aes_128(key->keyval, buf, 2106 len + aad_len - hdrlen, mic); 2107 qdf_mem_copy(mmie->mic, mic, 8); 2108 2109 } else if (crypto_priv->igtk_key_type 2110 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2111 2112 ret = omac1_aes_256(key->keyval, buf, 2113 len + aad_len - hdrlen, mmie->mic); 2114 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2115 || (crypto_priv->igtk_key_type 2116 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2117 2118 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2119 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 2120 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2121 sizeof(nounce), buf, 2122 len + aad_len - hdrlen, mmie->mic); 2123 } 2124 qdf_mem_free(buf); 2125 if (ret < 0) { 2126 crypto_err("add mmie failed"); 2127 return NULL; 2128 } 2129 2130 return bfrm + len; 2131 } 2132 2133 /** 2134 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 2135 * @vdev: vdev 2136 * @frm: frame starting pointer 2137 * @efrm: end of frame pointer 2138 * 2139 * This function gets called by mgmt txrx to check mmie of the frame 2140 * 2141 * Return: true or false 2142 */ 2143 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2144 uint8_t *frm, 2145 uint8_t *efrm){ 2146 struct wlan_crypto_mmie *mmie = NULL; 2147 uint8_t *ipn, *aad, *buf, *mic, nounce[12]; 2148 struct wlan_crypto_key *key; 2149 struct wlan_frame_hdr *hdr; 2150 uint16_t mic_len, hdrlen, len; 2151 struct wlan_crypto_comp_priv *crypto_priv; 2152 struct wlan_crypto_params *crypto_params; 2153 uint8_t aad_len = 20; 2154 int32_t ret = -1; 2155 2156 /* check if frame is illegal length */ 2157 if (!frm || !efrm || (efrm < frm) 2158 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2159 crypto_err("Invalid params"); 2160 return false; 2161 } 2162 len = efrm - frm; 2163 crypto_priv = (struct wlan_crypto_comp_priv *) 2164 wlan_get_vdev_crypto_obj(vdev); 2165 if (!crypto_priv) { 2166 crypto_err("crypto_priv NULL"); 2167 return false; 2168 } 2169 2170 crypto_params = &(crypto_priv->crypto_params); 2171 2172 2173 mic_len = (crypto_priv->igtk_key_type 2174 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2175 hdrlen = sizeof(struct wlan_frame_hdr); 2176 2177 if (mic_len == 8) 2178 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2179 else 2180 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2181 2182 2183 /* check Elem ID*/ 2184 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2185 crypto_err("IE is not MMIE"); 2186 return false; 2187 } 2188 2189 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2190 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2191 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2192 crypto_err("keyid not valid"); 2193 return false; 2194 } 2195 2196 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2197 if (!key) { 2198 crypto_err("No igtk key present"); 2199 return false; 2200 } 2201 2202 /* validate ipn */ 2203 ipn = mmie->sequence_number; 2204 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2205 uint8_t *su = (uint8_t *)key->keyrsc; 2206 uint8_t *end = ipn + 6; 2207 2208 crypto_err("replay error :"); 2209 while (ipn < end) { 2210 crypto_err("expected pn = %x received pn = %x", 2211 *ipn++, *su++); 2212 } 2213 return false; 2214 } 2215 2216 buf = qdf_mem_malloc(len - hdrlen + 20); 2217 if (!buf) 2218 return false; 2219 2220 aad = buf; 2221 2222 /* construct AAD */ 2223 hdr = (struct wlan_frame_hdr *)frm; 2224 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2225 2226 /* FC type/subtype */ 2227 aad[0] = hdr->i_fc[0]; 2228 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2229 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2230 | WLAN_FC1_MOREDATA)); 2231 /* A1 || A2 || A3 */ 2232 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2233 2234 /* 2235 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2236 */ 2237 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2238 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2239 mic = qdf_mem_malloc(mic_len); 2240 if (!mic) { 2241 qdf_mem_free(buf); 2242 return false; 2243 } 2244 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2245 ret = omac1_aes_128(key->keyval, buf, 2246 len - hdrlen + aad_len, mic); 2247 } else if (crypto_priv->igtk_key_type 2248 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2249 ret = omac1_aes_256(key->keyval, buf, 2250 len + aad_len - hdrlen, mic); 2251 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2252 || (crypto_priv->igtk_key_type 2253 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2254 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2255 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 2256 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2257 sizeof(nounce), buf, 2258 len + aad_len - hdrlen, mic); 2259 } 2260 2261 qdf_mem_free(buf); 2262 2263 if (ret < 0) { 2264 qdf_mem_free(mic); 2265 crypto_err("genarate mmie failed"); 2266 return false; 2267 } 2268 2269 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2270 qdf_mem_free(mic); 2271 crypto_err("mmie mismatch"); 2272 /* MMIE MIC mismatch */ 2273 return false; 2274 } 2275 2276 qdf_mem_free(mic); 2277 /* Update the receive sequence number */ 2278 qdf_mem_copy(key->keyrsc, ipn, 6); 2279 crypto_debug("mmie matched"); 2280 2281 return true; 2282 } 2283 2284 2285 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2286 { 2287 int32_t status = -1; 2288 2289 switch (cipher) { 2290 case WLAN_CRYPTO_CIPHER_TKIP: 2291 return WPA_CIPHER_SUITE_TKIP; 2292 case WLAN_CRYPTO_CIPHER_AES_CCM: 2293 return WPA_CIPHER_SUITE_CCMP; 2294 case WLAN_CRYPTO_CIPHER_NONE: 2295 return WPA_CIPHER_SUITE_NONE; 2296 } 2297 2298 return status; 2299 } 2300 2301 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2302 { 2303 int32_t status = -1; 2304 2305 switch (cipher) { 2306 case WLAN_CRYPTO_CIPHER_TKIP: 2307 return RSN_CIPHER_SUITE_TKIP; 2308 case WLAN_CRYPTO_CIPHER_AES_CCM: 2309 return RSN_CIPHER_SUITE_CCMP; 2310 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2311 return RSN_CIPHER_SUITE_CCMP_256; 2312 case WLAN_CRYPTO_CIPHER_AES_GCM: 2313 return RSN_CIPHER_SUITE_GCMP; 2314 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2315 return RSN_CIPHER_SUITE_GCMP_256; 2316 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2317 return RSN_CIPHER_SUITE_AES_CMAC; 2318 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2319 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2320 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2321 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2322 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2323 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2324 case WLAN_CRYPTO_CIPHER_NONE: 2325 return RSN_CIPHER_SUITE_NONE; 2326 } 2327 2328 return status; 2329 } 2330 2331 /* 2332 * Convert an RSN key management/authentication algorithm 2333 * to an internal code. 2334 */ 2335 static int32_t 2336 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2337 { 2338 int32_t status = -1; 2339 2340 switch (keymgmt) { 2341 case WLAN_CRYPTO_KEY_MGMT_NONE: 2342 return RSN_AUTH_KEY_MGMT_NONE; 2343 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2344 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2345 case WLAN_CRYPTO_KEY_MGMT_PSK: 2346 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2347 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2348 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2349 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2350 return RSN_AUTH_KEY_MGMT_FT_PSK; 2351 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2352 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2353 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2354 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2355 case WLAN_CRYPTO_KEY_MGMT_SAE: 2356 return RSN_AUTH_KEY_MGMT_SAE; 2357 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2358 return RSN_AUTH_KEY_MGMT_FT_SAE; 2359 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2360 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2361 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2362 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2363 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2364 return RSN_AUTH_KEY_MGMT_CCKM; 2365 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2366 return RSN_AUTH_KEY_MGMT_OSEN; 2367 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2368 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2369 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2370 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2371 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2372 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2373 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2374 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2375 case WLAN_CRYPTO_KEY_MGMT_OWE: 2376 return RSN_AUTH_KEY_MGMT_OWE; 2377 case WLAN_CRYPTO_KEY_MGMT_DPP: 2378 return RSN_AUTH_KEY_MGMT_DPP; 2379 } 2380 2381 return status; 2382 } 2383 2384 /* 2385 * Convert an RSN key management/authentication algorithm 2386 * to an internal code. 2387 */ 2388 static int32_t 2389 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2390 { 2391 int32_t status = -1; 2392 2393 switch (keymgmt) { 2394 case WLAN_CRYPTO_KEY_MGMT_NONE: 2395 return WPA_AUTH_KEY_MGMT_NONE; 2396 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2397 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2398 case WLAN_CRYPTO_KEY_MGMT_PSK: 2399 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2400 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2401 return WPA_AUTH_KEY_MGMT_CCKM; 2402 } 2403 2404 return status; 2405 } 2406 /** 2407 * Convert a WPA cipher selector OUI to an internal 2408 * cipher algorithm. Where appropriate we also 2409 * record any key length. 2410 */ 2411 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 2412 { 2413 uint32_t w = LE_READ_4(sel); 2414 int32_t status = -1; 2415 2416 switch (w) { 2417 case WPA_CIPHER_SUITE_TKIP: 2418 return WLAN_CRYPTO_CIPHER_TKIP; 2419 case WPA_CIPHER_SUITE_CCMP: 2420 return WLAN_CRYPTO_CIPHER_AES_CCM; 2421 case WPA_CIPHER_SUITE_NONE: 2422 return WLAN_CRYPTO_CIPHER_NONE; 2423 } 2424 2425 return status; 2426 } 2427 2428 /* 2429 * Convert a WPA key management/authentication algorithm 2430 * to an internal code. 2431 */ 2432 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 2433 { 2434 uint32_t w = LE_READ_4(sel); 2435 int32_t status = -1; 2436 2437 switch (w) { 2438 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2439 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2440 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2441 return WLAN_CRYPTO_KEY_MGMT_PSK; 2442 case WPA_AUTH_KEY_MGMT_CCKM: 2443 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2444 case WPA_AUTH_KEY_MGMT_NONE: 2445 return WLAN_CRYPTO_KEY_MGMT_NONE; 2446 } 2447 return status; 2448 } 2449 2450 /* 2451 * Convert a RSN cipher selector OUI to an internal 2452 * cipher algorithm. Where appropriate we also 2453 * record any key length. 2454 */ 2455 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 2456 { 2457 uint32_t w = LE_READ_4(sel); 2458 int32_t status = -1; 2459 2460 switch (w) { 2461 case RSN_CIPHER_SUITE_TKIP: 2462 return WLAN_CRYPTO_CIPHER_TKIP; 2463 case RSN_CIPHER_SUITE_CCMP: 2464 return WLAN_CRYPTO_CIPHER_AES_CCM; 2465 case RSN_CIPHER_SUITE_CCMP_256: 2466 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2467 case RSN_CIPHER_SUITE_GCMP: 2468 return WLAN_CRYPTO_CIPHER_AES_GCM; 2469 case RSN_CIPHER_SUITE_GCMP_256: 2470 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2471 case RSN_CIPHER_SUITE_AES_CMAC: 2472 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2473 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2474 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2475 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2476 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2477 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2478 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2479 case RSN_CIPHER_SUITE_NONE: 2480 return WLAN_CRYPTO_CIPHER_NONE; 2481 } 2482 2483 return status; 2484 } 2485 /* 2486 * Convert an RSN key management/authentication algorithm 2487 * to an internal code. 2488 */ 2489 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2490 { 2491 uint32_t w = LE_READ_4(sel); 2492 int32_t status = -1; 2493 2494 switch (w) { 2495 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2496 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2497 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2498 return WLAN_CRYPTO_KEY_MGMT_PSK; 2499 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2500 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2501 case RSN_AUTH_KEY_MGMT_FT_PSK: 2502 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2503 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2504 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2505 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2506 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2507 case RSN_AUTH_KEY_MGMT_SAE: 2508 return WLAN_CRYPTO_KEY_MGMT_SAE; 2509 case RSN_AUTH_KEY_MGMT_FT_SAE: 2510 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2511 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2512 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2513 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2514 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2515 case RSN_AUTH_KEY_MGMT_CCKM: 2516 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2517 case RSN_AUTH_KEY_MGMT_OSEN: 2518 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2519 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2520 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2521 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2522 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2523 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2524 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2525 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2526 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2527 case RSN_AUTH_KEY_MGMT_OWE: 2528 return WLAN_CRYPTO_KEY_MGMT_OWE; 2529 case RSN_AUTH_KEY_MGMT_DPP: 2530 return WLAN_CRYPTO_KEY_MGMT_DPP; 2531 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2532 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2533 } 2534 2535 return status; 2536 } 2537 2538 /** 2539 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2540 * @crypto params: crypto params 2541 * @iebuf: ie buffer 2542 * 2543 * This function gets called by mlme to check the contents of wpa is 2544 * matching with given crypto params 2545 * 2546 * Return: QDF_STATUS_SUCCESS - in case of success 2547 */ 2548 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2549 uint8_t *frm){ 2550 uint8_t len = frm[1]; 2551 int32_t w; 2552 int n; 2553 2554 /* 2555 * Check the length once for fixed parts: OUI, type, 2556 * version, mcast cipher, and 2 selector counts. 2557 * Other, variable-length data, must be checked separately. 2558 */ 2559 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2560 2561 if (len < 14) 2562 return QDF_STATUS_E_INVAL; 2563 2564 frm += 6, len -= 4; 2565 2566 w = LE_READ_2(frm); 2567 if (w != WPA_VERSION) 2568 return QDF_STATUS_E_INVAL; 2569 2570 frm += 2, len -= 2; 2571 2572 /* multicast/group cipher */ 2573 w = wlan_crypto_wpa_suite_to_cipher(frm); 2574 if (w < 0) 2575 return QDF_STATUS_E_INVAL; 2576 SET_MCAST_CIPHER(crypto_params, w); 2577 frm += 4, len -= 4; 2578 2579 /* unicast ciphers */ 2580 n = LE_READ_2(frm); 2581 frm += 2, len -= 2; 2582 if (len < n*4+2) 2583 return QDF_STATUS_E_INVAL; 2584 2585 for (; n > 0; n--) { 2586 w = wlan_crypto_wpa_suite_to_cipher(frm); 2587 if (w < 0) 2588 return QDF_STATUS_E_INVAL; 2589 SET_UCAST_CIPHER(crypto_params, w); 2590 frm += 4, len -= 4; 2591 } 2592 2593 if (!crypto_params->ucastcipherset) 2594 return QDF_STATUS_E_INVAL; 2595 2596 /* key management algorithms */ 2597 n = LE_READ_2(frm); 2598 frm += 2, len -= 2; 2599 if (len < n*4) 2600 return QDF_STATUS_E_INVAL; 2601 2602 w = 0; 2603 for (; n > 0; n--) { 2604 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2605 if (w < 0) 2606 return QDF_STATUS_E_INVAL; 2607 SET_KEY_MGMT(crypto_params, w); 2608 frm += 4, len -= 4; 2609 } 2610 2611 /* optional capabilities */ 2612 if (len >= 2) { 2613 crypto_params->rsn_caps = LE_READ_2(frm); 2614 frm += 2, len -= 2; 2615 } 2616 2617 return QDF_STATUS_SUCCESS; 2618 } 2619 2620 /** 2621 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2622 * @crypto params: crypto params 2623 * @iebuf: ie buffer 2624 * 2625 * This function gets called by mlme to check the contents of wpa is 2626 * matching with given crypto params 2627 * 2628 * Return: QDF_STATUS_SUCCESS - in case of success 2629 */ 2630 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2631 uint8_t *frm){ 2632 uint8_t len = frm[1]; 2633 int32_t w; 2634 int n; 2635 2636 /* Check the length once for fixed parts: OUI, type & version */ 2637 if (len < 2) 2638 return QDF_STATUS_E_INVAL; 2639 2640 /* initialize crypto params */ 2641 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2642 2643 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2644 2645 frm += 2; 2646 /* NB: iswapoui already validated the OUI and type */ 2647 w = LE_READ_2(frm); 2648 if (w != RSN_VERSION) 2649 return QDF_STATUS_E_INVAL; 2650 2651 frm += 2, len -= 2; 2652 2653 if (!len) { 2654 /* set defaults */ 2655 /* default group cipher CCMP-128 */ 2656 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2657 /* default ucast cipher CCMP-128 */ 2658 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2659 /* default key mgmt 8021x */ 2660 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2661 return QDF_STATUS_SUCCESS; 2662 } else if (len < 4) { 2663 return QDF_STATUS_E_INVAL; 2664 } 2665 2666 /* multicast/group cipher */ 2667 w = wlan_crypto_rsn_suite_to_cipher(frm); 2668 if (w < 0) 2669 return QDF_STATUS_E_INVAL; 2670 else { 2671 SET_MCAST_CIPHER(crypto_params, w); 2672 frm += 4, len -= 4; 2673 } 2674 2675 if (crypto_params->mcastcipherset == 0) 2676 return QDF_STATUS_E_INVAL; 2677 2678 if (!len) { 2679 /* default ucast cipher CCMP-128 */ 2680 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2681 /* default key mgmt 8021x */ 2682 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2683 return QDF_STATUS_SUCCESS; 2684 } else if (len < 2) { 2685 return QDF_STATUS_E_INVAL; 2686 } 2687 2688 /* unicast ciphers */ 2689 n = LE_READ_2(frm); 2690 frm += 2, len -= 2; 2691 if (n) { 2692 if (len < n * 4) 2693 return QDF_STATUS_E_INVAL; 2694 2695 for (; n > 0; n--) { 2696 w = wlan_crypto_rsn_suite_to_cipher(frm); 2697 if (w < 0) 2698 return QDF_STATUS_E_INVAL; 2699 SET_UCAST_CIPHER(crypto_params, w); 2700 frm += 4, len -= 4; 2701 } 2702 } else { 2703 /* default ucast cipher CCMP-128 */ 2704 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2705 } 2706 2707 if (crypto_params->ucastcipherset == 0) 2708 return QDF_STATUS_E_INVAL; 2709 2710 if (!len) { 2711 /* default key mgmt 8021x */ 2712 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2713 return QDF_STATUS_SUCCESS; 2714 } else if (len < 2) { 2715 return QDF_STATUS_E_INVAL; 2716 } 2717 2718 /* key management algorithms */ 2719 n = LE_READ_2(frm); 2720 frm += 2, len -= 2; 2721 2722 if (n) { 2723 if (len < n * 4) 2724 return QDF_STATUS_E_INVAL; 2725 2726 for (; n > 0; n--) { 2727 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2728 if (w < 0) 2729 return QDF_STATUS_E_INVAL; 2730 SET_KEY_MGMT(crypto_params, w); 2731 frm += 4, len -= 4; 2732 } 2733 } else { 2734 /* default key mgmt 8021x */ 2735 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2736 } 2737 2738 if (crypto_params->key_mgmt == 0) 2739 return QDF_STATUS_E_INVAL; 2740 2741 /* optional capabilities */ 2742 if (len >= 2) { 2743 crypto_params->rsn_caps = LE_READ_2(frm); 2744 frm += 2, len -= 2; 2745 } else if (len && len < 2) { 2746 return QDF_STATUS_E_INVAL; 2747 } 2748 2749 2750 /* PMKID */ 2751 if (len >= 2) { 2752 n = LE_READ_2(frm); 2753 frm += 2, len -= 2; 2754 if (n && len) { 2755 if (len >= n * PMKID_LEN) 2756 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2757 else 2758 return QDF_STATUS_E_INVAL; 2759 } else if (n && !len) { 2760 return QDF_STATUS_E_INVAL; 2761 } 2762 /*TODO: Save pmkid in params for further reference */ 2763 } 2764 2765 /* BIP */ 2766 if (!len && 2767 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2768 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2769 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2770 return QDF_STATUS_SUCCESS; 2771 } else if (len >= 4) { 2772 w = wlan_crypto_rsn_suite_to_cipher(frm); 2773 frm += 4, len -= 4; 2774 SET_MGMT_CIPHER(crypto_params, w); 2775 } 2776 2777 return QDF_STATUS_SUCCESS; 2778 } 2779 2780 /** 2781 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2782 * @vdev: vdev 2783 * @iebuf: ie buffer 2784 * 2785 * This function gets called by mlme to build wpaie from given vdev 2786 * 2787 * Return: end of buffer 2788 */ 2789 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2790 uint8_t *iebuf){ 2791 uint8_t *frm = iebuf; 2792 uint8_t *selcnt; 2793 struct wlan_crypto_comp_priv *crypto_priv; 2794 struct wlan_crypto_params *crypto_params; 2795 2796 if (!frm) 2797 return NULL; 2798 2799 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2800 2801 if (!crypto_params) 2802 return NULL; 2803 2804 *frm++ = WLAN_ELEMID_VENDOR; 2805 *frm++ = 0; 2806 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2807 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2808 2809 2810 /* multicast cipher */ 2811 if (MCIPHER_IS_TKIP(crypto_params)) 2812 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2813 else if (MCIPHER_IS_CCMP128(crypto_params)) 2814 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2815 2816 /* unicast cipher list */ 2817 selcnt = frm; 2818 WLAN_CRYPTO_ADDSHORT(frm, 0); 2819 /* do not use CCMP unicast cipher in WPA mode */ 2820 if (UCIPHER_IS_CCMP128(crypto_params)) { 2821 selcnt[0]++; 2822 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2823 } 2824 if (UCIPHER_IS_TKIP(crypto_params)) { 2825 selcnt[0]++; 2826 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2827 } 2828 2829 /* authenticator selector list */ 2830 selcnt = frm; 2831 WLAN_CRYPTO_ADDSHORT(frm, 0); 2832 2833 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2834 selcnt[0]++; 2835 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2836 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2837 selcnt[0]++; 2838 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2839 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2840 selcnt[0]++; 2841 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2842 } else { 2843 selcnt[0]++; 2844 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2845 } 2846 2847 /* optional capabilities */ 2848 if (crypto_params->rsn_caps != 0 && 2849 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2850 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2851 } 2852 2853 /* calculate element length */ 2854 iebuf[1] = frm - iebuf - 2; 2855 2856 return frm; 2857 } 2858 2859 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 2860 uint8_t *iebuf, 2861 struct wlan_crypto_pmksa *pmksa) 2862 { 2863 uint8_t *frm = iebuf; 2864 uint8_t *selcnt; 2865 struct wlan_crypto_comp_priv *crypto_priv; 2866 struct wlan_crypto_params *crypto_params; 2867 2868 if (!frm) { 2869 return NULL; 2870 } 2871 2872 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2873 2874 if (!crypto_params) { 2875 return NULL; 2876 } 2877 2878 *frm++ = WLAN_ELEMID_RSN; 2879 *frm++ = 0; 2880 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2881 2882 2883 /* multicast cipher */ 2884 if (MCIPHER_IS_TKIP(crypto_params)) 2885 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2886 else if (MCIPHER_IS_CCMP128(crypto_params)) 2887 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2888 else if (MCIPHER_IS_CCMP256(crypto_params)) 2889 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2890 else if (MCIPHER_IS_GCMP128(crypto_params)) 2891 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2892 else if (MCIPHER_IS_GCMP256(crypto_params)) 2893 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2894 2895 /* unicast cipher list */ 2896 selcnt = frm; 2897 WLAN_CRYPTO_ADDSHORT(frm, 0); 2898 2899 if (UCIPHER_IS_CCMP256(crypto_params)) { 2900 selcnt[0]++; 2901 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2902 } 2903 if (UCIPHER_IS_GCMP256(crypto_params)) { 2904 selcnt[0]++; 2905 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2906 } 2907 if (UCIPHER_IS_CCMP128(crypto_params)) { 2908 selcnt[0]++; 2909 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2910 } 2911 if (UCIPHER_IS_GCMP128(crypto_params)) { 2912 selcnt[0]++; 2913 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2914 } 2915 if (UCIPHER_IS_TKIP(crypto_params)) { 2916 selcnt[0]++; 2917 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2918 } 2919 2920 /* authenticator selector list */ 2921 selcnt = frm; 2922 WLAN_CRYPTO_ADDSHORT(frm, 0); 2923 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2924 selcnt[0]++; 2925 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2926 /* Other key mgmt should not be added after CCKM */ 2927 goto add_rsn_caps; 2928 } 2929 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2930 selcnt[0]++; 2931 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2932 } 2933 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2934 selcnt[0]++; 2935 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2936 } 2937 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2938 selcnt[0]++; 2939 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2940 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2941 } 2942 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2943 selcnt[0]++; 2944 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2945 } 2946 if (HAS_KEY_MGMT(crypto_params, 2947 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2948 selcnt[0]++; 2949 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2950 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2951 } 2952 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2953 selcnt[0]++; 2954 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2955 } 2956 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2957 selcnt[0]++; 2958 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2959 } 2960 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2961 selcnt[0]++; 2962 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2963 } 2964 if (HAS_KEY_MGMT(crypto_params, 2965 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2966 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2967 2968 selcnt[0]++; 2969 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2970 } 2971 if (HAS_KEY_MGMT(crypto_params, 2972 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2973 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2974 2975 selcnt[0]++; 2976 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2977 } 2978 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2979 selcnt[0]++; 2980 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2981 } 2982 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2983 selcnt[0]++; 2984 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2985 } 2986 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2987 selcnt[0]++; 2988 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2989 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2990 } 2991 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2992 selcnt[0]++; 2993 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2994 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2995 } 2996 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2997 selcnt[0]++; 2998 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2999 } 3000 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 3001 selcnt[0]++; 3002 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 3003 } 3004 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 3005 selcnt[0]++; 3006 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 3007 } 3008 add_rsn_caps: 3009 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3010 /* optional capabilities */ 3011 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 3012 /* PMK list */ 3013 if (pmksa) { 3014 WLAN_CRYPTO_ADDSHORT(frm, 1); 3015 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3016 frm += PMKID_LEN; 3017 } else { 3018 WLAN_CRYPTO_ADDSHORT(frm, 0); 3019 } 3020 3021 if (HAS_MGMT_CIPHER(crypto_params, 3022 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 3023 RSN_ADD_CIPHER_TO_SUITE(frm, 3024 WLAN_CRYPTO_CIPHER_AES_CMAC); 3025 } 3026 if (HAS_MGMT_CIPHER(crypto_params, 3027 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 3028 RSN_ADD_CIPHER_TO_SUITE(frm, 3029 WLAN_CRYPTO_CIPHER_AES_GMAC); 3030 } 3031 if (HAS_MGMT_CIPHER(crypto_params, 3032 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 3033 RSN_ADD_CIPHER_TO_SUITE(frm, 3034 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3035 ); 3036 } 3037 3038 if (HAS_MGMT_CIPHER(crypto_params, 3039 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3040 RSN_ADD_CIPHER_TO_SUITE(frm, 3041 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3042 ); 3043 } 3044 } else { 3045 /* PMK list */ 3046 if (pmksa) { 3047 WLAN_CRYPTO_ADDSHORT(frm, 1); 3048 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3049 frm += PMKID_LEN; 3050 } else { 3051 WLAN_CRYPTO_ADDSHORT(frm, 0); 3052 } 3053 } 3054 3055 /* calculate element length */ 3056 iebuf[1] = frm - iebuf - 2; 3057 3058 return frm; 3059 } 3060 3061 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3062 uint8_t *iebuf, 3063 struct qdf_mac_addr *bssid) 3064 { 3065 struct wlan_crypto_pmksa *pmksa = NULL; 3066 3067 if (bssid) 3068 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3069 3070 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3071 } 3072 3073 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3074 struct wlan_crypto_params *crypto_params){ 3075 struct wlan_crypto_params *my_crypto_params; 3076 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3077 3078 if (!my_crypto_params) { 3079 crypto_debug("vdev crypto params is NULL"); 3080 return false; 3081 } 3082 /* 3083 * Check peer's pairwise ciphers. 3084 * At least one must match with our unicast cipher 3085 */ 3086 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3087 crypto_debug("Unicast cipher match failed"); 3088 return false; 3089 } 3090 /* 3091 * Check peer's group cipher is our enabled multicast cipher. 3092 */ 3093 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3094 crypto_debug("Multicast cipher match failed"); 3095 return false; 3096 } 3097 /* 3098 * Check peer's key management class set (PSK or UNSPEC) 3099 */ 3100 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3101 crypto_debug("Key mgmt match failed"); 3102 return false; 3103 } 3104 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3105 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3106 crypto_debug("Peer is not PMF capable"); 3107 return false; 3108 } 3109 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3110 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3111 crypto_debug("Peer needs PMF, but vdev is not capable"); 3112 return false; 3113 } 3114 3115 return true; 3116 } 3117 3118 /* 3119 * Convert an WAPI CIPHER suite to to an internal code. 3120 */ 3121 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 3122 { 3123 uint32_t w = LE_READ_4(sel); 3124 int32_t status = -1; 3125 3126 switch (w) { 3127 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3128 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3129 } 3130 3131 return status; 3132 } 3133 3134 /* 3135 * Convert an WAPI key management/authentication algorithm 3136 * to an internal code. 3137 */ 3138 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 3139 { 3140 uint32_t w = LE_READ_4(sel); 3141 int32_t status = -1; 3142 3143 switch (w) { 3144 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3145 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3146 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3147 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3148 } 3149 3150 return status; 3151 } 3152 /** 3153 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 3154 * @crypto params: crypto params 3155 * @iebuf: ie buffer 3156 * 3157 * This function gets called by mlme to check the contents of wapi is 3158 * matching with given crypto params 3159 * 3160 * Return: QDF_STATUS_SUCCESS - in case of success 3161 */ 3162 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3163 uint8_t *frm) 3164 { 3165 uint8_t len = frm[1]; 3166 int32_t w; 3167 int n; 3168 3169 /* 3170 * Check the length once for fixed parts: OUI, type, 3171 * version, mcast cipher, and 2 selector counts. 3172 * Other, variable-length data, must be checked separately. 3173 */ 3174 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3175 3176 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3177 return QDF_STATUS_E_INVAL; 3178 3179 3180 frm += 2; 3181 3182 w = LE_READ_2(frm); 3183 frm += 2, len -= 2; 3184 if (w != WAPI_VERSION) 3185 return QDF_STATUS_E_INVAL; 3186 3187 n = LE_READ_2(frm); 3188 frm += 2, len -= 2; 3189 if (len < n*4+2) 3190 return QDF_STATUS_E_INVAL; 3191 3192 for (; n > 0; n--) { 3193 w = wlan_crypto_wapi_keymgmt(frm); 3194 if (w < 0) 3195 return QDF_STATUS_E_INVAL; 3196 3197 SET_KEY_MGMT(crypto_params, w); 3198 frm += 4, len -= 4; 3199 } 3200 3201 /* unicast ciphers */ 3202 n = LE_READ_2(frm); 3203 frm += 2, len -= 2; 3204 if (len < n*4+2) 3205 return QDF_STATUS_E_INVAL; 3206 3207 for (; n > 0; n--) { 3208 w = wlan_crypto_wapi_suite_to_cipher(frm); 3209 if (w < 0) 3210 return QDF_STATUS_E_INVAL; 3211 SET_UCAST_CIPHER(crypto_params, w); 3212 frm += 4, len -= 4; 3213 } 3214 3215 if (!crypto_params->ucastcipherset) 3216 return QDF_STATUS_E_INVAL; 3217 3218 /* multicast/group cipher */ 3219 w = wlan_crypto_wapi_suite_to_cipher(frm); 3220 3221 if (w < 0) 3222 return QDF_STATUS_E_INVAL; 3223 3224 SET_MCAST_CIPHER(crypto_params, w); 3225 frm += 4, len -= 4; 3226 3227 return QDF_STATUS_SUCCESS; 3228 } 3229 3230 /** 3231 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3232 * @vdev: vdev 3233 * @iebuf: ie buffer 3234 * 3235 * This function gets called by mlme to build wapi ie from given vdev 3236 * 3237 * Return: end of buffer 3238 */ 3239 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3240 uint8_t *iebuf) 3241 { 3242 uint8_t *frm; 3243 uint8_t *selcnt; 3244 struct wlan_crypto_comp_priv *crypto_priv; 3245 struct wlan_crypto_params *crypto_params; 3246 3247 frm = iebuf; 3248 if (!frm) { 3249 crypto_err("ie buffer NULL"); 3250 return NULL; 3251 } 3252 3253 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3254 3255 if (!crypto_params) { 3256 crypto_err("crypto_params NULL"); 3257 return NULL; 3258 } 3259 3260 *frm++ = WLAN_ELEMID_WAPI; 3261 *frm++ = 0; 3262 3263 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3264 3265 /* authenticator selector list */ 3266 selcnt = frm; 3267 WLAN_CRYPTO_ADDSHORT(frm, 0); 3268 3269 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3270 selcnt[0]++; 3271 WLAN_CRYPTO_ADDSELECTOR(frm, 3272 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3273 } 3274 3275 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3276 selcnt[0]++; 3277 WLAN_CRYPTO_ADDSELECTOR(frm, 3278 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3279 } 3280 3281 /* unicast cipher list */ 3282 selcnt = frm; 3283 WLAN_CRYPTO_ADDSHORT(frm, 0); 3284 3285 if (UCIPHER_IS_SMS4(crypto_params)) { 3286 selcnt[0]++; 3287 WLAN_CRYPTO_ADDSELECTOR(frm, 3288 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3289 } 3290 3291 WLAN_CRYPTO_ADDSELECTOR(frm, 3292 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3293 3294 /* optional capabilities */ 3295 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3296 3297 /* bkid count */ 3298 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3299 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3300 WLAN_CRYPTO_ADDSHORT(frm, 0); 3301 3302 /* calculate element length */ 3303 iebuf[1] = frm - iebuf - 2; 3304 3305 return frm; 3306 3307 } 3308 3309 /** 3310 * wlan_crypto_pn_check - called by data patch for PN check 3311 * @vdev: vdev 3312 * @wbuf: wbuf 3313 * 3314 * This function gets called by data patch for PN check 3315 * 3316 * Return: QDF_STATUS 3317 */ 3318 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3319 qdf_nbuf_t wbuf){ 3320 /* Need to check is there real requirement for this function 3321 * as PN check is already handled in decap function. 3322 */ 3323 return QDF_STATUS_SUCCESS; 3324 } 3325 3326 /** 3327 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3328 * @vdev:vdev 3329 * 3330 * This function gets called by mlme to get crypto params 3331 * 3332 * Return: wlan_crypto_params or NULL in case of failure 3333 */ 3334 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3335 struct wlan_objmgr_vdev *vdev){ 3336 struct wlan_crypto_comp_priv *crypto_priv; 3337 3338 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3339 } 3340 3341 /** 3342 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3343 * @peer:peer 3344 * 3345 * This function gets called by mlme to get crypto params 3346 * 3347 * Return: wlan_crypto_params or NULL in case of failure 3348 */ 3349 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3350 struct wlan_objmgr_peer *peer){ 3351 struct wlan_crypto_comp_priv *crypto_priv; 3352 3353 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3354 } 3355 3356 3357 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3358 struct wlan_objmgr_peer *peer) 3359 { 3360 struct wlan_crypto_comp_priv *crypto_priv; 3361 struct wlan_crypto_comp_priv *sta_crypto_priv; 3362 struct wlan_crypto_params *crypto_params; 3363 struct wlan_crypto_key *key; 3364 struct wlan_crypto_key *sta_key; 3365 struct wlan_crypto_cipher *cipher_table; 3366 struct wlan_objmgr_psoc *psoc; 3367 struct wlan_lmac_if_tx_ops *tx_ops; 3368 uint8_t *mac_addr; 3369 int i; 3370 enum QDF_OPMODE opmode; 3371 QDF_STATUS status = QDF_STATUS_SUCCESS; 3372 3373 if (!vdev) 3374 return QDF_STATUS_E_NULL_VALUE; 3375 3376 if (!peer) { 3377 crypto_debug("peer NULL"); 3378 return QDF_STATUS_E_INVAL; 3379 } 3380 3381 opmode = wlan_vdev_mlme_get_opmode(vdev); 3382 psoc = wlan_vdev_get_psoc(vdev); 3383 3384 if (!psoc) { 3385 crypto_err("psoc NULL"); 3386 return QDF_STATUS_E_NULL_VALUE; 3387 } 3388 3389 wlan_peer_obj_lock(peer); 3390 mac_addr = wlan_peer_get_macaddr(peer); 3391 wlan_peer_obj_unlock(peer); 3392 3393 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3394 &crypto_priv); 3395 if (!crypto_priv) { 3396 crypto_err("crypto_priv NULL"); 3397 return QDF_STATUS_E_NULL_VALUE; 3398 } 3399 3400 /* push only valid static WEP keys from vap */ 3401 if (AUTH_IS_8021X(crypto_params)) 3402 return QDF_STATUS_E_INVAL; 3403 3404 if (opmode == QDF_STA_MODE) { 3405 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3406 if (!peer) { 3407 crypto_debug("peer NULL"); 3408 return QDF_STATUS_E_INVAL; 3409 } 3410 } 3411 3412 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3413 if (!sta_crypto_priv) { 3414 crypto_err("sta priv is null"); 3415 status = QDF_STATUS_E_INVAL; 3416 goto exit; 3417 } 3418 3419 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3420 if (crypto_priv->key[i]) { 3421 key = crypto_priv->key[i]; 3422 if (!key || !key->valid) 3423 continue; 3424 3425 cipher_table = (struct wlan_crypto_cipher *) 3426 key->cipher_table; 3427 3428 if (!cipher_table) 3429 continue; 3430 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3431 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3432 if (!tx_ops) { 3433 crypto_err("tx_ops is NULL"); 3434 return QDF_STATUS_E_INVAL; 3435 } 3436 3437 sta_key = qdf_mem_malloc( 3438 sizeof(struct wlan_crypto_key)); 3439 if (!sta_key) { 3440 status = QDF_STATUS_E_NOMEM; 3441 goto exit; 3442 } 3443 3444 sta_crypto_priv->key[i] = sta_key; 3445 qdf_mem_copy(sta_key, key, 3446 sizeof(struct wlan_crypto_key)); 3447 3448 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3449 3450 if (crypto_priv->def_tx_keyid == i) { 3451 sta_key->flags 3452 |= WLAN_CRYPTO_KEY_DEFAULT; 3453 sta_crypto_priv->def_tx_keyid = 3454 crypto_priv->def_tx_keyid; 3455 } 3456 /* setting the broadcast/multicast key for sta*/ 3457 if (opmode == QDF_STA_MODE || 3458 opmode == QDF_IBSS_MODE){ 3459 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3460 WLAN_CRYPTO_TX_OPS_SETKEY( 3461 tx_ops)(vdev, sta_key, 3462 mac_addr, 3463 cipher_table->cipher); 3464 } 3465 } 3466 3467 /* setting unicast key */ 3468 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3469 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3470 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3471 vdev, sta_key, 3472 mac_addr, 3473 cipher_table->cipher); 3474 } 3475 } 3476 } 3477 } 3478 3479 exit: 3480 if (opmode == QDF_STA_MODE) 3481 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3482 3483 return status; 3484 } 3485 3486 /** 3487 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3488 * @crypto_rx_ops: crypto_rx_ops 3489 * 3490 * This function gets called by object manger to register crypto rx ops. 3491 * 3492 * Return: QDF_STATUS 3493 */ 3494 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3495 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3496 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3497 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3498 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3499 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3500 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3501 3502 return QDF_STATUS_SUCCESS; 3503 } 3504 3505 /** 3506 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3507 * @psoc: psoc 3508 * 3509 * This function gets called by umac to get the crypto_rx_ops 3510 * 3511 * Return: crypto_rx_ops 3512 */ 3513 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3514 struct wlan_objmgr_psoc *psoc) 3515 { 3516 struct wlan_lmac_if_rx_ops *rx_ops; 3517 3518 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3519 3520 if (!rx_ops) { 3521 crypto_err("rx_ops is NULL"); 3522 return NULL; 3523 } 3524 3525 return &rx_ops->crypto_rx_ops; 3526 } 3527 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3528 3529 /** 3530 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3531 * @vdev: vdev 3532 * @authvalue: authvalue to be checked 3533 * 3534 * This function check is authvalue passed is set in vdev or not 3535 * 3536 * Return: true or false 3537 */ 3538 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3539 wlan_crypto_auth_mode authvalue) 3540 { 3541 int res; 3542 3543 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE); 3544 3545 if (res != -1) 3546 return (res & authvalue) ? true : false; 3547 return false; 3548 } 3549 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3550 3551 /** 3552 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3553 * @peer: peer 3554 * @authvalue: authvalue to be checked 3555 * 3556 * This function check is authvalue passed is set in peer or not 3557 * 3558 * Return: true or false 3559 */ 3560 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3561 wlan_crypto_auth_mode authvalue) 3562 { 3563 int res; 3564 3565 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE); 3566 3567 if (res != -1) 3568 return (res & authvalue) ? true : false; 3569 3570 return false; 3571 } 3572 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3573 3574 /** 3575 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3576 * @vdev: vdev 3577 * @ucastcipher: ucastcipher to be checked 3578 * 3579 * This function check is ucastcipher passed is set in vdev or not 3580 * 3581 * Return: true or false 3582 */ 3583 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3584 wlan_crypto_cipher_type ucastcipher) 3585 { 3586 int res; 3587 3588 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3589 3590 if (res != -1) 3591 return (res & ucastcipher) ? true : false; 3592 3593 return false; 3594 } 3595 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3596 3597 /** 3598 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3599 * @peer: peer 3600 * @ucastcipher: ucastcipher to be checked 3601 * 3602 * This function check is ucastcipher passed is set in peer or not 3603 * 3604 * Return: true or false 3605 */ 3606 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3607 wlan_crypto_cipher_type ucastcipher) 3608 { 3609 int res; 3610 3611 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3612 3613 if (res != -1) 3614 return (res & ucastcipher) ? true : false; 3615 3616 return false; 3617 } 3618 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3619 3620 /** 3621 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3622 * @vdev: vdev 3623 * @mcastcipher: mcastcipher to be checked 3624 * 3625 * This function check is mcastcipher passed is set in vdev or not 3626 * 3627 * Return: true or false 3628 */ 3629 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3630 wlan_crypto_cipher_type mcastcipher) 3631 { 3632 int res; 3633 3634 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3635 3636 if (res != -1) 3637 return (res & mcastcipher) ? true : false; 3638 3639 return false; 3640 } 3641 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3642 3643 /** 3644 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3645 * @peer: peer 3646 * @mcastcipher: mcastcipher to be checked 3647 * 3648 * This function check is mcastcipher passed is set in peer or not 3649 * 3650 * Return: true or false 3651 */ 3652 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3653 wlan_crypto_cipher_type mcastcipher) 3654 { 3655 int res; 3656 3657 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3658 3659 if (res != -1) 3660 return (res & mcastcipher) ? true : false; 3661 3662 return false; 3663 } 3664 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3665 3666 /** 3667 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3668 * @vdev: vdev 3669 * @mgmtcipher: mgmtcipher to be checked 3670 * 3671 * This function checks any one of mgmtciphers are supported by vdev or not. 3672 * 3673 * Return: true or false 3674 */ 3675 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3676 uint32_t mgmtcipher) 3677 { 3678 int res; 3679 3680 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3681 3682 if (res != -1) 3683 return (res & mgmtcipher) ? true : false; 3684 3685 return false; 3686 } 3687 3688 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3689 3690 /** 3691 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3692 * @peer: peer 3693 * @mgmtcipher: mgmtcipher to be checked 3694 * 3695 * This function checks any one of mgmtciphers are supported by peer or not 3696 * 3697 * Return: true or false 3698 */ 3699 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3700 uint32_t mgmtcipher) 3701 { 3702 int res; 3703 3704 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3705 3706 if (res != -1) 3707 return (res & mgmtcipher) ? true : false; 3708 3709 return false; 3710 } 3711 3712 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3713 3714 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3715 { 3716 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3717 3718 if (!peer) { 3719 crypto_err("Invalid Input"); 3720 return 0; 3721 } 3722 3723 crypto_priv = wlan_get_peer_crypto_obj(peer); 3724 if (!crypto_priv) { 3725 crypto_err("crypto_priv NULL"); 3726 return 0; 3727 } 3728 3729 return crypto_priv->fils_aead_set; 3730 } 3731 3732 void 3733 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3734 { 3735 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3736 3737 if (!peer) { 3738 crypto_err("Invalid Input"); 3739 return; 3740 } 3741 3742 crypto_priv = wlan_get_peer_crypto_obj(peer); 3743 if (!crypto_priv) { 3744 crypto_err("crypto_priv NULL"); 3745 return; 3746 } 3747 3748 crypto_priv->fils_aead_set = value; 3749 } 3750 3751 /** 3752 * wlan_crypto_get_key_header - get header length 3753 * @key: key 3754 * 3755 * This function gets header length based on keytype 3756 * 3757 * Return: header length 3758 */ 3759 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3760 { 3761 struct wlan_crypto_cipher *cipher_table; 3762 3763 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3764 if (cipher_table) 3765 return cipher_table->header; 3766 else 3767 return 0; 3768 } 3769 3770 qdf_export_symbol(wlan_crypto_get_key_header); 3771 3772 /** 3773 * wlan_crypto_get_key_trailer - get cipher trailer length 3774 * @key: key 3775 * 3776 * This function gets cipher trailer length based on keytype 3777 * 3778 * Return: cipher trailer length 3779 */ 3780 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3781 { 3782 struct wlan_crypto_cipher *cipher_table; 3783 3784 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3785 if (cipher_table) 3786 return cipher_table->trailer; 3787 else 3788 return 0; 3789 } 3790 3791 qdf_export_symbol(wlan_crypto_get_key_trailer); 3792 3793 /** 3794 * wlan_crypto_get_key_miclen - get cipher miclen length 3795 * @key: key 3796 * 3797 * This function gets cipher miclen length based on keytype 3798 * 3799 * Return: cipher miclen length 3800 */ 3801 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3802 { 3803 struct wlan_crypto_cipher *cipher_table; 3804 3805 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3806 if (cipher_table) 3807 return cipher_table->miclen; 3808 else 3809 return 0; 3810 } 3811 3812 qdf_export_symbol(wlan_crypto_get_key_miclen); 3813 3814 /** 3815 * wlan_crypto_get_keyid - get keyid from frame 3816 * @data: frame 3817 * 3818 * This function parse frame and returns keyid 3819 * 3820 * Return: keyid 3821 */ 3822 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3823 { 3824 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3825 uint8_t *iv; 3826 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3827 3828 /* 3829 * In FILS SK (Re)Association request/response frame has 3830 * to be decrypted 3831 */ 3832 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3833 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3834 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3835 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3836 return 0; 3837 } 3838 3839 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3840 iv = data + hdrlen; 3841 /* 3842 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3843 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3844 */ 3845 return ((iv[3] >> 6) & 0x3); 3846 } else { 3847 return WLAN_CRYPTO_KEYIX_NONE; 3848 } 3849 } 3850 3851 qdf_export_symbol(wlan_crypto_get_keyid); 3852 3853 /** 3854 * crypto_plumb_peer_keys - called during radio reset 3855 * @vdev: vdev 3856 * @object: peer 3857 * @arg: psoc 3858 * 3859 * Restore unicast and persta hardware keys 3860 * 3861 * Return: void 3862 */ 3863 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3864 void *object, void *arg) { 3865 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3866 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3867 struct wlan_crypto_comp_priv *crypto_priv; 3868 struct wlan_crypto_params *crypto_params; 3869 struct wlan_crypto_key *key = NULL; 3870 struct wlan_lmac_if_tx_ops *tx_ops; 3871 int i; 3872 3873 if ((!peer) || (!vdev) || (!psoc)) { 3874 crypto_err("Peer or vdev or psoc objects are null!"); 3875 return; 3876 } 3877 3878 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3879 &crypto_priv); 3880 3881 if (!crypto_priv) { 3882 crypto_err("crypto_priv NULL"); 3883 return; 3884 } 3885 3886 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3887 key = crypto_priv->key[i]; 3888 if (key && key->valid) { 3889 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3890 3891 if (!tx_ops) { 3892 crypto_err("tx_ops is NULL"); 3893 return; 3894 } 3895 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3896 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3897 ( 3898 vdev, 3899 key, 3900 wlan_peer_get_macaddr(peer), 3901 wlan_crypto_get_key_type(key) 3902 ); 3903 } 3904 } 3905 } 3906 } 3907 3908 /** 3909 * wlan_crypto_restore_keys - called during radio reset 3910 * @vdev: vdev 3911 * 3912 * Clear and restore keycache, needed for some DA chipsets which put 3913 * random values in keycache when phy reset is triggered 3914 * 3915 * Return: void 3916 */ 3917 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3918 { 3919 int i; 3920 struct wlan_crypto_comp_priv *crypto_priv; 3921 struct wlan_crypto_params *crypto_params; 3922 struct wlan_crypto_key *key; 3923 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3924 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3925 struct wlan_objmgr_pdev *pdev = NULL; 3926 struct wlan_objmgr_psoc *psoc = NULL; 3927 struct wlan_lmac_if_tx_ops *tx_ops; 3928 3929 pdev = wlan_vdev_get_pdev(vdev); 3930 psoc = wlan_vdev_get_psoc(vdev); 3931 if (!pdev) { 3932 crypto_err("pdev is NULL"); 3933 return; 3934 } 3935 if (!psoc) { 3936 crypto_err("psoc is NULL"); 3937 return; 3938 } 3939 3940 /* TBD: QWRAP key restore*/ 3941 /* crypto is on */ 3942 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3943 /* restore static shared keys */ 3944 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3945 crypto_params = wlan_crypto_vdev_get_comp_params 3946 ( 3947 vdev, 3948 &crypto_priv 3949 ); 3950 if (!crypto_priv) { 3951 crypto_err("crypto_priv is NULL"); 3952 return; 3953 } 3954 key = crypto_priv->key[i]; 3955 if (key && key->valid) { 3956 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3957 if (!tx_ops) { 3958 crypto_err("tx_ops is NULL"); 3959 return; 3960 } 3961 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3962 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3963 ( 3964 vdev, 3965 key, 3966 macaddr, 3967 wlan_crypto_get_key_type(key) 3968 ); 3969 } 3970 } 3971 } 3972 3973 wlan_objmgr_iterate_peerobj_list(vdev, 3974 crypto_plumb_peer_keys, 3975 psoc, 3976 WLAN_CRYPTO_ID); 3977 } 3978 } 3979 3980 /** 3981 * wlan_crypto_check_open_none - called by ucfg to check for open security 3982 * @psoc: psoc pointer 3983 * @vdev_id: vdev id 3984 * 3985 * This function gets called from ucfg to check open security. 3986 * 3987 * Return: true or false 3988 */ 3989 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3990 { 3991 struct wlan_crypto_comp_priv *crypto_priv; 3992 struct wlan_crypto_params *crypto_params; 3993 struct wlan_objmgr_vdev *vdev; 3994 bool match = true; 3995 3996 if (!psoc) { 3997 crypto_err("PSOC is NULL"); 3998 return false; 3999 } 4000 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4001 WLAN_CRYPTO_ID); 4002 if (!vdev) { 4003 crypto_err("vdev is NULL"); 4004 return false; 4005 } 4006 4007 crypto_priv = (struct wlan_crypto_comp_priv *) 4008 wlan_get_vdev_crypto_obj(vdev); 4009 4010 if (!crypto_priv) { 4011 crypto_err("crypto_priv NULL"); 4012 match = false; 4013 goto send_res; 4014 } 4015 4016 crypto_params = &crypto_priv->crypto_params; 4017 4018 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 4019 match = false; 4020 goto send_res; 4021 } 4022 4023 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 4024 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 4025 match = false; 4026 4027 send_res: 4028 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4029 4030 return match; 4031 } 4032 4033 /** 4034 * wlan_crypto_check_wep - called by ucfg to check for WEP security 4035 * @psoc: psoc pointer 4036 * @vdev_id: vdev id 4037 * 4038 * This function gets called from ucfg to check WEP security. 4039 * 4040 * Return: true or false 4041 */ 4042 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 4043 { 4044 struct wlan_crypto_comp_priv *crypto_priv; 4045 struct wlan_crypto_params *crypto_params; 4046 struct wlan_objmgr_vdev *vdev; 4047 bool match = true; 4048 4049 if (!psoc) { 4050 crypto_err("PSOC is NULL"); 4051 return false; 4052 } 4053 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4054 WLAN_CRYPTO_ID); 4055 if (!vdev) { 4056 crypto_err("vdev is NULL"); 4057 return false; 4058 } 4059 4060 crypto_priv = (struct wlan_crypto_comp_priv *) 4061 wlan_get_vdev_crypto_obj(vdev); 4062 4063 if (!crypto_priv) { 4064 crypto_err("crypto_priv NULL"); 4065 match = false; 4066 goto send_res; 4067 } 4068 4069 crypto_params = &crypto_priv->crypto_params; 4070 4071 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 4072 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 4073 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 4074 match = false; 4075 goto send_res; 4076 } 4077 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 4078 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 4079 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 4080 match = false; 4081 goto send_res; 4082 } 4083 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 4084 match = false; 4085 goto send_res; 4086 } 4087 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 4088 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 4089 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 4090 match = false; 4091 } 4092 send_res: 4093 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4094 4095 return match; 4096 } 4097 4098 static QDF_STATUS 4099 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 4100 uint8_t *ie_ptr, uint16_t ie_len) 4101 { 4102 const uint8_t *rsn_ie = NULL; 4103 QDF_STATUS status; 4104 4105 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4106 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 4107 if (!rsn_ie) { 4108 crypto_debug("RSN IE not present"); 4109 return QDF_STATUS_E_INVAL; 4110 } 4111 4112 status = wlan_crypto_rsnie_check(crypto_params, (uint8_t *)rsn_ie); 4113 if (QDF_STATUS_SUCCESS != status) { 4114 crypto_err("RSN IE check failed"); 4115 return status; 4116 } 4117 4118 return QDF_STATUS_SUCCESS; 4119 } 4120 4121 static QDF_STATUS 4122 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 4123 uint8_t *ie_ptr, uint16_t ie_len) 4124 { 4125 const uint8_t *wpa_ie = NULL; 4126 uint32_t wpa_oui; 4127 QDF_STATUS status; 4128 4129 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4130 4131 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 4132 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 4133 WLAN_OUI_SIZE, ie_ptr, ie_len); 4134 if (!wpa_ie) { 4135 crypto_debug("WPA IE not present"); 4136 return QDF_STATUS_E_INVAL; 4137 } 4138 4139 status = wlan_crypto_wpaie_check(crypto_params, (uint8_t *)wpa_ie); 4140 if (QDF_STATUS_SUCCESS != status) { 4141 crypto_err("WPA IE check failed"); 4142 return status; 4143 } 4144 4145 return QDF_STATUS_SUCCESS; 4146 } 4147 /** 4148 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 4149 * @psoc: psoc pointer 4150 * @vdev_id: vdev id 4151 * @ie_ptr: pointer to IEs 4152 * @ie_len: IE length 4153 * @peer_crypto_params: return peer crypto parameters 4154 * 4155 * This function gets called from ucfg to check RSN match. 4156 * 4157 * Return: true or false 4158 */ 4159 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 4160 uint8_t vdev_id, uint8_t *ie_ptr, 4161 uint16_t ie_len, struct wlan_crypto_params * 4162 peer_crypto_params) 4163 { 4164 struct wlan_objmgr_vdev *vdev; 4165 bool match = true; 4166 QDF_STATUS status; 4167 4168 if (!psoc) { 4169 crypto_err("PSOC is NULL"); 4170 return false; 4171 } 4172 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 4173 ie_ptr, ie_len); 4174 if (QDF_STATUS_SUCCESS != status) { 4175 crypto_err("get crypto prarams from RSN IE failed"); 4176 return false; 4177 } 4178 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4179 WLAN_CRYPTO_ID); 4180 if (!vdev) { 4181 crypto_err("vdev is NULL"); 4182 return false; 4183 } 4184 4185 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4186 4187 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4188 4189 return match; 4190 } 4191 4192 /** 4193 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 4194 * @psoc: psoc pointer 4195 * @vdev_id: vdev id 4196 * @ie_ptr: pointer to IEs 4197 * @ie_len: IE length 4198 * @peer_crypto_params: return peer crypto parameters 4199 * 4200 * This function gets called from ucfg to check WPA match. 4201 * 4202 * Return: true or false 4203 */ 4204 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 4205 uint8_t vdev_id, uint8_t *ie_ptr, 4206 uint16_t ie_len, struct wlan_crypto_params * 4207 peer_crypto_params) 4208 { 4209 struct wlan_objmgr_vdev *vdev; 4210 bool match = true; 4211 QDF_STATUS status; 4212 4213 if (!psoc) { 4214 crypto_err("PSOC is NULL"); 4215 return false; 4216 } 4217 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4218 WLAN_CRYPTO_ID); 4219 if (!vdev) { 4220 crypto_err("vdev is NULL"); 4221 return false; 4222 } 4223 4224 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 4225 ie_ptr, ie_len); 4226 if (QDF_STATUS_SUCCESS != status) { 4227 crypto_err("get crypto prarams from WPA IE failed"); 4228 match = false; 4229 goto send_res; 4230 } 4231 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4232 4233 send_res: 4234 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4235 4236 return match; 4237 } 4238 4239 4240 static void 4241 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4242 struct wlan_crypto_params *src_params) 4243 { 4244 dst_params->authmodeset |= src_params->authmodeset; 4245 dst_params->ucastcipherset |= src_params->ucastcipherset; 4246 dst_params->mcastcipherset |= src_params->mcastcipherset; 4247 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4248 dst_params->cipher_caps |= src_params->cipher_caps; 4249 dst_params->key_mgmt |= src_params->key_mgmt; 4250 dst_params->rsn_caps |= src_params->rsn_caps; 4251 } 4252 4253 static void 4254 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4255 { 4256 params->authmodeset = 0; 4257 params->ucastcipherset = 0; 4258 params->mcastcipherset = 0; 4259 params->mgmtcipherset = 0; 4260 params->key_mgmt = 0; 4261 params->rsn_caps = 0; 4262 } 4263 4264 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4265 uint8_t *ie_ptr, 4266 uint16_t ie_len) 4267 { 4268 struct wlan_crypto_params crypto_params; 4269 QDF_STATUS status; 4270 struct wlan_crypto_params *vdev_crypto_params; 4271 struct wlan_crypto_comp_priv *crypto_priv; 4272 bool send_fail = false; 4273 4274 if (!vdev) { 4275 crypto_err("VDEV is NULL"); 4276 return QDF_STATUS_E_FAILURE; 4277 } 4278 4279 if (!ie_ptr) { 4280 crypto_err("IE ptr is NULL"); 4281 return QDF_STATUS_E_FAILURE; 4282 } 4283 4284 crypto_priv = (struct wlan_crypto_comp_priv *) 4285 wlan_get_vdev_crypto_obj(vdev); 4286 4287 if (!crypto_priv) { 4288 crypto_err("crypto_priv NULL"); 4289 return QDF_STATUS_E_FAILURE; 4290 } 4291 4292 vdev_crypto_params = &crypto_priv->crypto_params; 4293 4294 wlan_crypto_reset_prarams(vdev_crypto_params); 4295 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4296 ie_ptr, ie_len); 4297 if (QDF_IS_STATUS_SUCCESS(status)) 4298 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4299 else 4300 send_fail = true; 4301 4302 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4303 ie_ptr, ie_len); 4304 if (QDF_IS_STATUS_SUCCESS(status)) { 4305 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4306 send_fail = false; 4307 } 4308 4309 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4310 } 4311 4312 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4313 { 4314 struct wlan_crypto_comp_priv *crypto_priv; 4315 4316 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4317 if (!crypto_priv) { 4318 crypto_err("crypto_priv NULL"); 4319 return QDF_STATUS_E_FAILURE; 4320 } 4321 4322 if (igtk) 4323 return crypto_priv->def_igtk_tx_keyid; 4324 else 4325 return crypto_priv->def_tx_keyid; 4326 } 4327 4328 enum wlan_crypto_cipher_type 4329 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4330 bool pairwise, uint8_t key_index) 4331 { 4332 struct wlan_crypto_key *crypto_key; 4333 4334 crypto_key = wlan_crypto_get_key(vdev, key_index); 4335 4336 if (crypto_key) 4337 return crypto_key->cipher_type; 4338 else 4339 return WLAN_CRYPTO_CIPHER_INVALID; 4340 } 4341 4342 #ifdef CRYPTO_SET_KEY_CONVERGED 4343 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4344 uint8_t key_index, uint8_t key_len, 4345 uint8_t seq_len) 4346 { 4347 if (!is_valid_keyix(key_index)) { 4348 crypto_err("Invalid Key index %d", key_index); 4349 return QDF_STATUS_E_INVAL; 4350 } 4351 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4352 crypto_err("Invalid Cipher %d", cipher); 4353 return QDF_STATUS_E_INVAL; 4354 } 4355 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4356 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4357 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4358 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4359 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4360 crypto_err("Invalid key index %d for cipher %d", 4361 key_index, cipher); 4362 return QDF_STATUS_E_INVAL; 4363 } 4364 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4365 crypto_err("Invalid key length %d", key_len); 4366 return QDF_STATUS_E_INVAL; 4367 } 4368 4369 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4370 crypto_err("Invalid seq length %d", seq_len); 4371 return QDF_STATUS_E_INVAL; 4372 } 4373 4374 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4375 key_index, key_len, seq_len); 4376 4377 return QDF_STATUS_SUCCESS; 4378 } 4379 4380 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4381 uint8_t key_index, 4382 struct wlan_crypto_key *crypto_key) 4383 { 4384 struct wlan_crypto_comp_priv *crypto_priv; 4385 4386 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4387 if (!crypto_priv) { 4388 crypto_err("crypto_priv NULL"); 4389 return QDF_STATUS_E_FAILURE; 4390 } 4391 if (!is_valid_keyix(key_index)) { 4392 crypto_err("Invalid Key index %d", key_index); 4393 return QDF_STATUS_E_FAILURE; 4394 } 4395 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4396 crypto_priv->key[key_index] = crypto_key; 4397 } else if (is_igtk(key_index)) { 4398 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4399 crypto_key; 4400 crypto_priv->def_igtk_tx_keyid = 4401 key_index - WLAN_CRYPTO_MAXKEYIDX; 4402 crypto_priv->igtk_key_type = crypto_key->cipher_type; 4403 } else { 4404 crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4405 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4406 crypto_priv->def_bigtk_tx_keyid = 4407 key_index - WLAN_CRYPTO_MAXKEYIDX 4408 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4409 } 4410 crypto_key->valid = true; 4411 4412 return QDF_STATUS_SUCCESS; 4413 } 4414 4415 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4416 uint8_t key_index) 4417 { 4418 struct wlan_crypto_comp_priv *crypto_priv; 4419 4420 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4421 if (!crypto_priv) { 4422 crypto_err("crypto_priv NULL"); 4423 return NULL; 4424 } 4425 if (!is_valid_keyix(key_index)) { 4426 crypto_err("Invalid Key index %d", key_index); 4427 return NULL; 4428 } 4429 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4430 return crypto_priv->key[key_index]; 4431 else if (is_igtk(key_index)) 4432 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4433 else 4434 return crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4435 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4436 4437 return NULL; 4438 } 4439 4440 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4441 struct wlan_crypto_key *req, 4442 enum wlan_crypto_key_type key_type) 4443 { 4444 struct wlan_objmgr_psoc *psoc; 4445 struct wlan_lmac_if_tx_ops *tx_ops; 4446 4447 psoc = wlan_vdev_get_psoc(vdev); 4448 4449 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4450 if (!tx_ops) { 4451 crypto_err("tx_ops is NULL"); 4452 return QDF_STATUS_E_FAILURE; 4453 } 4454 4455 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4456 WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, key_type); 4457 else 4458 return QDF_STATUS_E_FAILURE; 4459 4460 return QDF_STATUS_SUCCESS; 4461 } 4462 4463 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4464 bool pairwise, uint8_t key_index, 4465 struct qdf_mac_addr *peer_mac) 4466 { 4467 struct wlan_crypto_key *crypto_key; 4468 4469 crypto_key = wlan_crypto_get_key(vdev, key_index); 4470 if (!crypto_key) { 4471 crypto_err("crypto_key not present for key_idx %d", key_index); 4472 return; 4473 } 4474 4475 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4476 } 4477 4478 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4479 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4480 struct wlan_objmgr_vdev *vdev, 4481 struct qdf_mac_addr *conn_bssid) 4482 { 4483 struct wlan_crypto_params *crypto_params; 4484 struct wlan_crypto_comp_priv *crypto_priv; 4485 int i; 4486 4487 crypto_priv = (struct wlan_crypto_comp_priv *) 4488 wlan_get_vdev_crypto_obj(vdev); 4489 4490 if (!crypto_priv) { 4491 crypto_err("crypto_priv NULL"); 4492 return; 4493 } 4494 4495 crypto_params = &crypto_priv->crypto_params; 4496 4497 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4498 if (!crypto_params->pmksa[i]) 4499 continue; 4500 4501 if (crypto_params->pmksa[i]->single_pmk_supported && 4502 !qdf_is_macaddr_equal(conn_bssid, 4503 &crypto_params->pmksa[i]->bssid)) { 4504 qdf_mem_zero(crypto_params->pmksa[i], 4505 sizeof(struct wlan_crypto_pmksa)); 4506 qdf_mem_free(crypto_params->pmksa[i]); 4507 crypto_params->pmksa[i] = NULL; 4508 } 4509 } 4510 } 4511 4512 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4513 struct qdf_mac_addr *bssid, 4514 bool single_pmk_capable_bss) 4515 { 4516 struct wlan_crypto_params *crypto_params; 4517 struct wlan_crypto_comp_priv *crypto_priv; 4518 int i; 4519 4520 crypto_priv = (struct wlan_crypto_comp_priv *) 4521 wlan_get_vdev_crypto_obj(vdev); 4522 4523 if (!crypto_priv) { 4524 crypto_err("crypto_priv NULL"); 4525 return; 4526 } 4527 4528 crypto_params = &crypto_priv->crypto_params; 4529 4530 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4531 if (!crypto_params->pmksa[i]) 4532 continue; 4533 4534 if (qdf_is_macaddr_equal(bssid, 4535 &crypto_params->pmksa[i]->bssid)) 4536 crypto_params->pmksa[i]->single_pmk_supported = 4537 single_pmk_capable_bss; 4538 } 4539 } 4540 #endif 4541 #endif 4542 4543 #ifdef WLAN_FEATURE_FILS_SK 4544 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len, 4545 uint8_t *rik, uint32_t *rik_len) 4546 { 4547 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN]; 4548 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL; 4549 QDF_STATUS status; 4550 4551 if (!rrk || !rik) { 4552 crypto_err("FILS rrk/rik NULL"); 4553 return QDF_STATUS_E_FAILURE; 4554 } 4555 4556 optional_data[0] = HMAC_SHA256_128; 4557 /* basic validation */ 4558 if (rrk_len <= 0) { 4559 crypto_err("invalid r_rk length %d", rrk_len); 4560 return QDF_STATUS_E_FAILURE; 4561 } 4562 4563 wlan_crypto_put_be16(&optional_data[1], rrk_len); 4564 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data, 4565 sizeof(optional_data), rik, 4566 rrk_len); 4567 if (QDF_IS_STATUS_ERROR(status)) { 4568 crypto_err("failed to create rik"); 4569 return status; 4570 } 4571 *rik_len = rrk_len; 4572 4573 return QDF_STATUS_SUCCESS; 4574 } 4575 #endif /* WLAN_FEATURE_FILS_SK */ 4576