1 /* 2 * Copyright (c) 2017-2019 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 /** 59 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 60 * @vdev:vdev 61 * 62 * This function gets called by mlme to get crypto params 63 * 64 * Return: wlan_crypto_params or NULL in case of failure 65 */ 66 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 67 struct wlan_objmgr_vdev *vdev, 68 struct wlan_crypto_comp_priv **crypto_priv){ 69 *crypto_priv = (struct wlan_crypto_comp_priv *) 70 wlan_get_vdev_crypto_obj(vdev); 71 if (!(*crypto_priv)) { 72 crypto_err("crypto_priv NULL"); 73 return NULL; 74 } 75 76 return &((*crypto_priv)->crypto_params); 77 } 78 79 /** 80 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 81 * @peer:peer 82 * 83 * This function gets called by mlme to get crypto params 84 * 85 * Return: wlan_crypto_params or NULL in case of failure 86 */ 87 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 88 struct wlan_objmgr_peer *peer, 89 struct wlan_crypto_comp_priv **crypto_priv){ 90 91 *crypto_priv = (struct wlan_crypto_comp_priv *) 92 wlan_get_peer_crypto_obj(peer); 93 if (!*crypto_priv) { 94 crypto_err("crypto_priv NULL"); 95 return NULL; 96 } 97 98 return &((*crypto_priv)->crypto_params); 99 } 100 101 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 102 { 103 return QDF_STATUS_SUCCESS; 104 } 105 106 /** 107 * wlan_crypto_set_param - called by ucfg to set crypto param 108 * @crypto_params: crypto_params 109 * @param: param to be set. 110 * @value: value 111 * 112 * This function gets called from ucfg to set param 113 * 114 * Return: QDF_STATUS_SUCCESS - in case of success 115 */ 116 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 117 wlan_crypto_param_type param, 118 uint32_t value){ 119 QDF_STATUS status = QDF_STATUS_E_INVAL; 120 121 crypto_debug("param %d, value %d", param, value); 122 switch (param) { 123 case WLAN_CRYPTO_PARAM_AUTH_MODE: 124 status = wlan_crypto_set_authmode(crypto_params, value); 125 break; 126 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 127 status = wlan_crypto_set_ucastciphers(crypto_params, value); 128 break; 129 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 130 status = wlan_crypto_set_mcastcipher(crypto_params, value); 131 break; 132 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 133 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 134 break; 135 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 136 status = wlan_crypto_set_cipher_cap(crypto_params, value); 137 break; 138 case WLAN_CRYPTO_PARAM_RSN_CAP: 139 status = wlan_crypto_set_rsn_cap(crypto_params, value); 140 break; 141 case WLAN_CRYPTO_PARAM_KEY_MGMT: 142 status = wlan_crypto_set_key_mgmt(crypto_params, value); 143 break; 144 default: 145 status = QDF_STATUS_E_INVAL; 146 } 147 return status; 148 } 149 150 /** 151 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 152 * @vdev: vdev 153 * @param: param to be set. 154 * @value: value 155 * 156 * This function gets called from ucfg to set param 157 * 158 * Return: QDF_STATUS_SUCCESS - in case of success 159 */ 160 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 161 wlan_crypto_param_type param, 162 uint32_t value){ 163 QDF_STATUS status = QDF_STATUS_E_INVAL; 164 struct wlan_crypto_comp_priv *crypto_priv; 165 struct wlan_crypto_params *crypto_params; 166 167 crypto_priv = (struct wlan_crypto_comp_priv *) 168 wlan_get_vdev_crypto_obj(vdev); 169 170 if (!crypto_priv) { 171 crypto_err("crypto_priv NULL"); 172 return QDF_STATUS_E_INVAL; 173 } 174 175 crypto_params = &(crypto_priv->crypto_params); 176 177 status = wlan_crypto_set_param(crypto_params, param, value); 178 179 return status; 180 } 181 182 /** 183 * wlan_crypto_set_param - called by ucfg to set crypto param 184 * 185 * @peer: peer 186 * @param: param to be set. 187 * @value: value 188 * 189 * This function gets called from ucfg to set param 190 * 191 * Return: QDF_STATUS_SUCCESS - in case of success 192 */ 193 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 194 wlan_crypto_param_type param, 195 uint32_t value){ 196 QDF_STATUS status = QDF_STATUS_E_INVAL; 197 struct wlan_crypto_comp_priv *crypto_priv; 198 struct wlan_crypto_params *crypto_params; 199 200 crypto_params = wlan_crypto_peer_get_comp_params(peer, 201 &crypto_priv); 202 203 if (!crypto_priv) { 204 crypto_err("crypto_priv NULL"); 205 return QDF_STATUS_E_INVAL; 206 } 207 208 crypto_params = &(crypto_priv->crypto_params); 209 210 status = wlan_crypto_set_param(crypto_params, param, value); 211 212 return status; 213 } 214 215 /** 216 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 217 * @param: Crypto param type 218 * @crypto_params: Crypto params struct 219 * 220 * This function gets called from in-within crypto layer 221 * 222 * Return: value or -1 for failure 223 */ 224 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 225 struct wlan_crypto_params *crypto_params) 226 { 227 int32_t value = -1; 228 229 switch (param) { 230 case WLAN_CRYPTO_PARAM_AUTH_MODE: 231 value = wlan_crypto_get_authmode(crypto_params); 232 break; 233 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 234 value = wlan_crypto_get_ucastciphers(crypto_params); 235 break; 236 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 237 value = wlan_crypto_get_mcastcipher(crypto_params); 238 break; 239 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 240 value = wlan_crypto_get_mgmtciphers(crypto_params); 241 break; 242 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 243 value = wlan_crypto_get_cipher_cap(crypto_params); 244 break; 245 case WLAN_CRYPTO_PARAM_RSN_CAP: 246 value = wlan_crypto_get_rsn_cap(crypto_params); 247 break; 248 case WLAN_CRYPTO_PARAM_KEY_MGMT: 249 value = wlan_crypto_get_key_mgmt(crypto_params); 250 break; 251 default: 252 value = QDF_STATUS_E_INVAL; 253 } 254 255 return value; 256 } 257 258 /** 259 * wlan_crypto_get_param - called to get value for param from vdev 260 * @vdev: vdev 261 * @param: Crypto param type 262 * 263 * This function gets called to get value for param from vdev 264 * 265 * Return: value or -1 for failure 266 */ 267 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 268 wlan_crypto_param_type param) 269 { 270 int32_t value = -1; 271 struct wlan_crypto_comp_priv *crypto_priv; 272 struct wlan_crypto_params *crypto_params; 273 crypto_priv = (struct wlan_crypto_comp_priv *) 274 wlan_get_vdev_crypto_obj(vdev); 275 276 if (!crypto_priv) { 277 crypto_err("crypto_priv NULL"); 278 return QDF_STATUS_E_INVAL; 279 } 280 281 crypto_params = &(crypto_priv->crypto_params); 282 value = wlan_crypto_get_param_value(param, crypto_params); 283 284 return value; 285 } 286 /** 287 * wlan_crypto_get_peer_param - called to get value for param from peer 288 * @peer: peer 289 * @param: Crypto param type 290 * 291 * This function gets called to get value for param from peer 292 * 293 * Return: value or -1 for failure 294 */ 295 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 296 wlan_crypto_param_type param) 297 { 298 int32_t value = -1; 299 struct wlan_crypto_comp_priv *crypto_priv; 300 struct wlan_crypto_params *crypto_params; 301 302 crypto_params = wlan_crypto_peer_get_comp_params(peer, 303 &crypto_priv); 304 305 if (!crypto_params) { 306 crypto_err("crypto_params NULL"); 307 return QDF_STATUS_E_INVAL; 308 } 309 value = wlan_crypto_get_param_value(param, crypto_params); 310 311 return value; 312 } 313 qdf_export_symbol(wlan_crypto_get_peer_param); 314 315 static 316 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 317 struct wlan_crypto_pmksa *pmksa) 318 { 319 uint8_t i, first_available_slot = 0; 320 bool slot_found = false; 321 322 /* find the empty slot or slot with same bssid */ 323 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 324 if (!crypto_params->pmksa[i]) { 325 if (!slot_found) { 326 slot_found = true; 327 first_available_slot = i; 328 } 329 continue; 330 } 331 if (qdf_is_macaddr_equal(&pmksa->bssid, 332 &crypto_params->pmksa[i]->bssid)) { 333 /* free the current pmksa and use this slot */ 334 qdf_mem_zero(crypto_params->pmksa[i], 335 sizeof(struct wlan_crypto_pmksa)); 336 qdf_mem_free(crypto_params->pmksa[i]); 337 crypto_params->pmksa[i] = pmksa; 338 return QDF_STATUS_SUCCESS; 339 } 340 } 341 342 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 343 crypto_err("no entry available for pmksa"); 344 return QDF_STATUS_E_INVAL; 345 } 346 crypto_params->pmksa[first_available_slot] = pmksa; 347 348 return QDF_STATUS_SUCCESS; 349 } 350 351 static 352 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 353 struct wlan_crypto_pmksa *pmksa) 354 { 355 uint8_t i; 356 357 /* find slot with same bssid */ 358 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 359 if (!crypto_params->pmksa[i]) 360 continue; 361 if (qdf_is_macaddr_equal(&pmksa->bssid, 362 &crypto_params->pmksa[i]->bssid)) { 363 qdf_mem_zero(crypto_params->pmksa[i], 364 sizeof(struct wlan_crypto_pmksa)); 365 qdf_mem_free(crypto_params->pmksa[i]); 366 crypto_params->pmksa[i] = NULL; 367 return QDF_STATUS_SUCCESS; 368 } 369 } 370 371 return QDF_STATUS_E_INVAL; 372 } 373 374 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 375 { 376 uint8_t i; 377 378 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 379 if (!crypto_params->pmksa[i]) 380 continue; 381 qdf_mem_zero(crypto_params->pmksa[i], 382 sizeof(struct wlan_crypto_pmksa)); 383 qdf_mem_free(crypto_params->pmksa[i]); 384 crypto_params->pmksa[i] = NULL; 385 } 386 387 return QDF_STATUS_SUCCESS; 388 } 389 390 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 391 struct wlan_crypto_pmksa *pmksa, 392 bool set) 393 { 394 QDF_STATUS status = QDF_STATUS_E_INVAL; 395 struct wlan_crypto_comp_priv *crypto_priv; 396 struct wlan_crypto_params *crypto_params; 397 enum QDF_OPMODE op_mode; 398 399 op_mode = wlan_vdev_mlme_get_opmode(vdev); 400 401 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 402 return QDF_STATUS_E_NOSUPPORT; 403 404 if (!pmksa && set) { 405 crypto_err("pmksa is NULL for set operation"); 406 return QDF_STATUS_E_INVAL; 407 } 408 crypto_priv = (struct wlan_crypto_comp_priv *) 409 wlan_get_vdev_crypto_obj(vdev); 410 411 if (!crypto_priv) { 412 crypto_err("crypto_priv NULL"); 413 return QDF_STATUS_E_INVAL; 414 } 415 416 crypto_params = &crypto_priv->crypto_params; 417 if (set) { 418 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 419 /* Set pmksa */ 420 } else { 421 /* del pmksa */ 422 if (!pmksa) 423 status = wlan_crypto_pmksa_flush(crypto_params); 424 else 425 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 426 } 427 428 return status; 429 } 430 431 struct wlan_crypto_pmksa * 432 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 433 { 434 struct wlan_crypto_comp_priv *crypto_priv; 435 struct wlan_crypto_params *crypto_params; 436 uint8_t i; 437 438 if (!bssid) { 439 crypto_err("bssid is NULL"); 440 return NULL; 441 } 442 crypto_priv = (struct wlan_crypto_comp_priv *) 443 wlan_get_vdev_crypto_obj(vdev); 444 445 if (!crypto_priv) { 446 crypto_err("crypto_priv NULL"); 447 return NULL; 448 } 449 450 crypto_params = &crypto_priv->crypto_params; 451 452 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 453 if (!crypto_params->pmksa[i]) 454 continue; 455 if (qdf_is_macaddr_equal(bssid, 456 &crypto_params->pmksa[i]->bssid)) { 457 return crypto_params->pmksa[i]; 458 } 459 } 460 461 return NULL; 462 } 463 /** 464 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 465 * @vdev: vdev 466 * @peer: peer 467 * 468 * This function gets called to check is HT allowed for cipher. 469 * HT is not allowed for wep and tkip. 470 * 471 * Return: 0 - not allowed or 1 - allowed 472 */ 473 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 474 struct wlan_objmgr_peer *peer) 475 { 476 int32_t ucast_cipher; 477 478 if (!(vdev || peer)) { 479 crypto_err("Invalid params"); 480 return 0; 481 } 482 483 if (vdev) 484 ucast_cipher = wlan_crypto_get_param(vdev, 485 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 486 else 487 ucast_cipher = wlan_crypto_get_peer_param(peer, 488 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 489 490 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 491 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 492 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 493 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 494 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 495 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 496 } 497 qdf_export_symbol(wlan_crypto_is_htallowed); 498 499 /** 500 * wlan_crypto_setkey - called by ucfg to setkey 501 * @vdev: vdev 502 * @req_key: req_key with cipher type, key macaddress 503 * 504 * This function gets called from ucfg to sey key 505 * 506 * Return: QDF_STATUS_SUCCESS - in case of success 507 */ 508 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 509 struct wlan_crypto_req_key *req_key){ 510 511 QDF_STATUS status = QDF_STATUS_E_INVAL; 512 struct wlan_crypto_comp_priv *crypto_priv; 513 struct wlan_crypto_params *crypto_params; 514 struct wlan_objmgr_psoc *psoc; 515 struct wlan_objmgr_peer *peer; 516 struct wlan_crypto_key *key = NULL; 517 const struct wlan_crypto_cipher *cipher; 518 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 519 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 520 bool isbcast; 521 enum QDF_OPMODE vdev_mode; 522 uint8_t igtk_idx = 0; 523 524 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 525 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 526 return QDF_STATUS_E_INVAL; 527 } 528 529 isbcast = qdf_is_macaddr_group( 530 (struct qdf_mac_addr *)req_key->macaddr); 531 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 532 /* zero length keys, only set default key id if flags are set*/ 533 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 534 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 535 && (!IS_MGMT_CIPHER(req_key->type))) { 536 wlan_crypto_default_key(vdev, 537 req_key->macaddr, 538 req_key->keyix, 539 !isbcast); 540 return QDF_STATUS_SUCCESS; 541 } 542 crypto_err("req_key len zero"); 543 return QDF_STATUS_E_INVAL; 544 } 545 546 cipher = wlan_crypto_cipher_ops[req_key->type]; 547 548 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 549 crypto_err("cipher invalid"); 550 return QDF_STATUS_E_INVAL; 551 } 552 553 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 554 (!IS_MGMT_CIPHER(req_key->type)) && 555 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 556 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 557 crypto_err("cipher invalid"); 558 return QDF_STATUS_E_INVAL; 559 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 560 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 561 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 562 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 563 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 564 return QDF_STATUS_E_INVAL; 565 } 566 567 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 568 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 569 | WLAN_CRYPTO_KEY_RECV)) { 570 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 571 | WLAN_CRYPTO_KEY_RECV); 572 } 573 } else { 574 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 575 && (!IS_MGMT_CIPHER(req_key->type))) { 576 return QDF_STATUS_E_INVAL; 577 } 578 579 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 580 | WLAN_CRYPTO_KEY_RECV); 581 if (isbcast) 582 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 583 } 584 585 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 586 587 wlan_vdev_obj_lock(vdev); 588 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 589 QDF_MAC_ADDR_SIZE); 590 psoc = wlan_vdev_get_psoc(vdev); 591 if (!psoc) { 592 wlan_vdev_obj_unlock(vdev); 593 crypto_err("psoc NULL"); 594 return QDF_STATUS_E_INVAL; 595 } 596 wlan_vdev_obj_unlock(vdev); 597 598 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 599 if (wlan_crypto_vdev_has_auth_mode(vdev, 600 (1 << WLAN_CRYPTO_AUTH_8021X))) { 601 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 602 } 603 } 604 605 if (isbcast) { 606 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 607 &crypto_priv); 608 if (!crypto_priv) { 609 crypto_err("crypto_priv NULL"); 610 return QDF_STATUS_E_INVAL; 611 } 612 613 if (IS_MGMT_CIPHER(req_key->type)) { 614 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 615 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 616 crypto_err("igtk key invalid keyid %d", 617 igtk_idx); 618 return QDF_STATUS_E_INVAL; 619 } 620 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 621 if (!key) 622 return QDF_STATUS_E_NOMEM; 623 624 if (crypto_priv->igtk_key[igtk_idx]) 625 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 626 627 crypto_priv->igtk_key[igtk_idx] = key; 628 crypto_priv->igtk_key_type = req_key->type; 629 crypto_priv->def_igtk_tx_keyid = igtk_idx; 630 } else { 631 if (IS_FILS_CIPHER(req_key->type)) { 632 crypto_err("FILS key is not for BroadCast pkt"); 633 return QDF_STATUS_E_INVAL; 634 } 635 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 636 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 637 return QDF_STATUS_E_INVAL; 638 } 639 if (!crypto_priv->key[req_key->keyix]) { 640 crypto_priv->key[req_key->keyix] 641 = qdf_mem_malloc( 642 sizeof(struct wlan_crypto_key)); 643 if (!crypto_priv->key[req_key->keyix]) 644 return QDF_STATUS_E_NOMEM; 645 } 646 key = crypto_priv->key[req_key->keyix]; 647 } 648 if (vdev_mode == QDF_STA_MODE) { 649 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 650 WLAN_CRYPTO_ID); 651 if (!peer) { 652 crypto_err("peer NULL"); 653 if (IS_MGMT_CIPHER(req_key->type)) { 654 crypto_priv->igtk_key[igtk_idx] = NULL; 655 crypto_priv->igtk_key_type 656 = WLAN_CRYPTO_CIPHER_NONE; 657 } else 658 crypto_priv->key[req_key->keyix] = NULL; 659 if (key) 660 qdf_mem_free(key); 661 return QDF_STATUS_E_INVAL; 662 } 663 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 664 QDF_MAC_ADDR_SIZE); 665 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 666 } 667 } else { 668 uint8_t pdev_id; 669 670 pdev_id = wlan_objmgr_pdev_get_pdev_id( 671 wlan_vdev_get_pdev(vdev)); 672 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 673 psoc, 674 pdev_id, 675 macaddr, 676 req_key->macaddr, 677 WLAN_CRYPTO_ID); 678 679 if (!peer) { 680 crypto_err("peer NULL"); 681 return QDF_STATUS_E_INVAL; 682 } 683 684 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 685 crypto_params = wlan_crypto_peer_get_comp_params(peer, 686 &crypto_priv); 687 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 688 689 if (!crypto_priv) { 690 crypto_err("crypto_priv NULL"); 691 return QDF_STATUS_E_INVAL; 692 } 693 if (IS_MGMT_CIPHER(req_key->type)) { 694 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 695 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 696 crypto_err("igtk key invalid keyid %d", 697 igtk_idx); 698 return QDF_STATUS_E_INVAL; 699 } 700 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 701 if (!key) 702 return QDF_STATUS_E_NOMEM; 703 704 if (crypto_priv->igtk_key[igtk_idx]) 705 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 706 707 crypto_priv->igtk_key[igtk_idx] = key; 708 crypto_priv->igtk_key_type = req_key->type; 709 crypto_priv->def_igtk_tx_keyid = igtk_idx; 710 } else { 711 uint16_t kid = req_key->keyix; 712 if (kid == WLAN_CRYPTO_KEYIX_NONE) 713 kid = 0; 714 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 715 crypto_err("invalid keyid %d", kid); 716 return QDF_STATUS_E_INVAL; 717 } 718 if (!crypto_priv->key[kid]) { 719 crypto_priv->key[kid] 720 = qdf_mem_malloc( 721 sizeof(struct wlan_crypto_key)); 722 if (!crypto_priv->key[kid]) 723 return QDF_STATUS_E_NOMEM; 724 } 725 key = crypto_priv->key[kid]; 726 } 727 } 728 729 /* alloc key might not required as it is already there */ 730 key->cipher_table = (void *)cipher; 731 key->keylen = req_key->keylen; 732 key->flags = req_key->flags; 733 734 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 735 key->keyix = 0; 736 else 737 key->keyix = req_key->keyix; 738 739 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 740 && (!IS_MGMT_CIPHER(req_key->type))) { 741 crypto_priv->def_tx_keyid = key->keyix; 742 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 743 } 744 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 745 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 746 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 747 0x5c, 0x36, 0x5c, 0x36, 748 0x5c, 0x36, 0x5c, 0x36, 749 0x5c, 0x36, 0x5c, 0x37}; 750 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 751 0x5c, 0x36, 0x5c, 0x36, 752 0x5c, 0x36, 0x5c, 0x36, 753 0x5c, 0x36, 0x5c, 0x36}; 754 755 /* During Tx PN should be increment and 756 * send but as per our implementation we increment only after 757 * Tx complete. So First packet PN check will be failed. 758 * To compensate increment the PN here by 2 759 */ 760 if (vdev_mode == QDF_SAP_MODE) { 761 iv_AP[15] += 2; 762 qdf_mem_copy(key->recviv, iv_STA, 763 WLAN_CRYPTO_WAPI_IV_SIZE); 764 qdf_mem_copy(key->txiv, iv_AP, 765 WLAN_CRYPTO_WAPI_IV_SIZE); 766 } else { 767 iv_STA[15] += 2; 768 qdf_mem_copy(key->recviv, iv_AP, 769 WLAN_CRYPTO_WAPI_IV_SIZE); 770 qdf_mem_copy(key->txiv, iv_STA, 771 WLAN_CRYPTO_WAPI_IV_SIZE); 772 } 773 } else { 774 uint8_t i = 0; 775 qdf_mem_copy((uint8_t *)(&key->keytsc), 776 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 777 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 778 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 779 (uint8_t *)(&req_key->keyrsc), 780 sizeof(key->keyrsc[0])); 781 } 782 } 783 784 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 785 key->valid = 1; 786 if ((IS_MGMT_CIPHER(req_key->type))) { 787 if (HAS_CIPHER_CAP(crypto_params, 788 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 789 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 790 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 791 key, macaddr, req_key->type); 792 } 793 } 794 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 795 status = wlan_crypto_set_igtk_key(key); 796 return status; 797 } else if (IS_FILS_CIPHER(req_key->type)) { 798 /* Take request key object to FILS setkey */ 799 key->private = req_key; 800 } else { 801 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 802 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 803 macaddr, req_key->type); 804 } 805 } 806 status = cipher->setkey(key); 807 808 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 809 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 810 (!IS_MGMT_CIPHER(req_key->type))) { 811 /* default xmit key */ 812 wlan_crypto_default_key(vdev, 813 req_key->macaddr, 814 req_key->keyix, 815 !isbcast); 816 } 817 818 return status; 819 } 820 821 /** 822 * wlan_crypto_get_keytype - get keytype 823 * @key: key 824 * 825 * This function gets keytype from key 826 * 827 * Return: keytype 828 */ 829 wlan_crypto_cipher_type wlan_crypto_get_key_type( 830 struct wlan_crypto_key *key){ 831 if (key && key->cipher_table) { 832 return ((struct wlan_crypto_cipher *) 833 (key->cipher_table))->cipher; 834 } 835 return WLAN_CRYPTO_CIPHER_NONE; 836 } 837 qdf_export_symbol(wlan_crypto_get_key_type); 838 /** 839 * wlan_crypto_vdev_getkey - get key from vdev 840 * @vdev: vdev 841 * @keyix: keyix 842 * 843 * This function gets key from vdev 844 * 845 * Return: key or NULL 846 */ 847 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 848 uint16_t keyix){ 849 struct wlan_crypto_comp_priv *crypto_priv; 850 struct wlan_crypto_params *crypto_params; 851 struct wlan_crypto_key *key = NULL; 852 853 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 854 855 if (!crypto_priv) { 856 crypto_err("crypto_priv NULL"); 857 return NULL; 858 } 859 /* for keyix 4,5 we return the igtk keys for keyix more than 5 860 * we return the default key, for all other keyix we return the 861 * key accordingly. 862 */ 863 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 864 keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 865 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 866 else if (keyix >= WLAN_CRYPTO_MAXKEYIDX) 867 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 868 else 869 key = crypto_priv->key[keyix]; 870 871 if (key && key->valid) 872 return key; 873 874 return NULL; 875 } 876 qdf_export_symbol(wlan_crypto_vdev_getkey); 877 878 /** 879 * wlan_crypto_peer_getkey - get key from peer 880 * @peer: peer 881 * @keyix: keyix 882 * 883 * This function gets key from peer 884 * 885 * Return: key or NULL 886 */ 887 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 888 uint16_t keyix){ 889 struct wlan_crypto_comp_priv *crypto_priv; 890 struct wlan_crypto_params *crypto_params; 891 struct wlan_crypto_key *key = NULL; 892 893 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 894 895 if (!crypto_priv) { 896 crypto_err("crypto_priv NULL"); 897 return NULL; 898 } 899 900 /* for keyix 4,5 we return the igtk keys for keyix more than 5 901 * we return the default key, for all other keyix we return the 902 * key accordingly. 903 */ 904 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 905 keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 906 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 907 else if (keyix >= WLAN_CRYPTO_MAXKEYIDX) 908 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 909 else 910 key = crypto_priv->key[keyix]; 911 912 if (key && key->valid) 913 return key; 914 915 return NULL; 916 } 917 qdf_export_symbol(wlan_crypto_peer_getkey); 918 919 /** 920 * wlan_crypto_getkey - called by ucfg to get key 921 * @vdev: vdev 922 * @req_key: key value will be copied in this req_key 923 * @mac_address: mac address of the peer for unicast key 924 * or broadcast address if group key is requested. 925 * 926 * This function gets called from ucfg to get key 927 * 928 * Return: QDF_STATUS_SUCCESS - in case of success 929 */ 930 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 931 struct wlan_crypto_req_key *req_key, 932 uint8_t *mac_addr){ 933 struct wlan_crypto_cipher *cipher_table; 934 struct wlan_crypto_key *key; 935 struct wlan_objmgr_psoc *psoc; 936 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 937 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 938 939 wlan_vdev_obj_lock(vdev); 940 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 941 QDF_MAC_ADDR_SIZE); 942 psoc = wlan_vdev_get_psoc(vdev); 943 if (!psoc) { 944 wlan_vdev_obj_unlock(vdev); 945 crypto_err("psoc NULL"); 946 return QDF_STATUS_E_INVAL; 947 } 948 wlan_vdev_obj_unlock(vdev); 949 950 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 951 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 952 if (!key) 953 return QDF_STATUS_E_INVAL; 954 } else { 955 struct wlan_objmgr_peer *peer; 956 uint8_t pdev_id; 957 958 pdev_id = wlan_objmgr_pdev_get_pdev_id( 959 wlan_vdev_get_pdev(vdev)); 960 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 961 psoc, 962 pdev_id, 963 macaddr, 964 mac_addr, 965 WLAN_CRYPTO_ID); 966 if (!peer) { 967 crypto_err("peer NULL"); 968 return QDF_STATUS_E_NOENT; 969 } 970 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 971 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 972 if (!key) 973 return QDF_STATUS_E_INVAL; 974 } 975 976 if (key->valid) { 977 qdf_mem_copy(req_key->keydata, 978 key->keyval, key->keylen); 979 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 980 (uint8_t *)(&key->keytsc), 981 sizeof(req_key->keytsc)); 982 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 983 (uint8_t *)(&key->keyrsc[0]), 984 sizeof(req_key->keyrsc)); 985 req_key->keylen = key->keylen; 986 req_key->flags = key->flags; 987 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 988 989 if (!cipher_table) 990 return QDF_STATUS_SUCCESS; 991 992 req_key->type = cipher_table->cipher; 993 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 994 qdf_mem_copy((uint8_t *)(&req_key->txiv), 995 (uint8_t *)(key->txiv), 996 sizeof(req_key->txiv)); 997 qdf_mem_copy((uint8_t *)(&req_key->recviv), 998 (uint8_t *)(key->recviv), 999 sizeof(req_key->recviv)); 1000 } 1001 } 1002 1003 return QDF_STATUS_SUCCESS; 1004 } 1005 1006 /** 1007 * wlan_crypto_delkey - called by ucfg to delete key 1008 * @vdev: vdev 1009 * @mac_address: mac address of the peer for unicast key 1010 * or broadcast address if group key is deleted. 1011 * @key_idx: key index to be deleted 1012 * 1013 * This function gets called from ucfg to delete key 1014 * 1015 * Return: QDF_STATUS_SUCCESS - in case of success 1016 */ 1017 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1018 uint8_t *macaddr, 1019 uint8_t key_idx){ 1020 struct wlan_crypto_comp_priv *crypto_priv; 1021 struct wlan_crypto_params *crypto_params; 1022 struct wlan_crypto_key *key; 1023 struct wlan_crypto_cipher *cipher_table; 1024 struct wlan_objmgr_psoc *psoc; 1025 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1026 1027 if (!vdev || !macaddr || 1028 (key_idx >= 1029 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 1030 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1031 vdev, macaddr, key_idx); 1032 return QDF_STATUS_E_INVAL; 1033 } 1034 1035 wlan_vdev_obj_lock(vdev); 1036 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1037 QDF_MAC_ADDR_SIZE); 1038 psoc = wlan_vdev_get_psoc(vdev); 1039 if (!psoc) { 1040 wlan_vdev_obj_unlock(vdev); 1041 crypto_err("psoc NULL"); 1042 return QDF_STATUS_E_INVAL; 1043 } 1044 wlan_vdev_obj_unlock(vdev); 1045 1046 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1047 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1048 &crypto_priv); 1049 if (!crypto_priv) { 1050 crypto_err("crypto_priv NULL"); 1051 return QDF_STATUS_E_INVAL; 1052 } 1053 } else { 1054 struct wlan_objmgr_peer *peer; 1055 uint8_t pdev_id; 1056 1057 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1058 wlan_vdev_get_pdev(vdev)); 1059 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1060 psoc, pdev_id, 1061 bssid_mac, 1062 macaddr, 1063 WLAN_CRYPTO_ID); 1064 if (!peer) { 1065 return QDF_STATUS_E_INVAL; 1066 } 1067 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1068 &crypto_priv); 1069 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1070 if (!crypto_priv) { 1071 crypto_err("crypto_priv NULL"); 1072 return QDF_STATUS_E_INVAL; 1073 } 1074 } 1075 1076 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1077 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1078 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1079 crypto_err("Igtk key invalid keyid %d", igtk_idx); 1080 return QDF_STATUS_E_INVAL; 1081 } 1082 key = crypto_priv->igtk_key[igtk_idx]; 1083 crypto_priv->igtk_key[igtk_idx] = NULL; 1084 if (key) 1085 key->valid = 0; 1086 } else { 1087 key = crypto_priv->key[key_idx]; 1088 crypto_priv->key[key_idx] = NULL; 1089 } 1090 1091 if (!key) 1092 return QDF_STATUS_E_INVAL; 1093 1094 if (key->valid) { 1095 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1096 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1097 1098 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1099 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 1100 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 1101 macaddr, cipher_table->cipher); 1102 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1103 if (key->private) 1104 qdf_mem_free(key->private); 1105 } 1106 } 1107 qdf_mem_free(key); 1108 1109 return QDF_STATUS_SUCCESS; 1110 } 1111 1112 #ifdef CRYPTO_SET_KEY_CONVERGED 1113 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1114 uint8_t key_idx, uint8_t *macaddr) 1115 { 1116 return QDF_STATUS_SUCCESS; 1117 } 1118 #else 1119 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1120 uint8_t key_idx, uint8_t *macaddr) 1121 { 1122 struct wlan_objmgr_psoc *psoc; 1123 1124 psoc = wlan_vdev_get_psoc(vdev); 1125 if (!psoc) { 1126 crypto_err("psoc is NULL"); 1127 return QDF_STATUS_E_INVAL; 1128 } 1129 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1130 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1131 macaddr); 1132 } 1133 1134 return QDF_STATUS_SUCCESS; 1135 } 1136 #endif 1137 1138 /** 1139 * wlan_crypto_default_key - called by ucfg to set default tx key 1140 * @vdev: vdev 1141 * @mac_address: mac address of the peer for unicast key 1142 * or broadcast address if group key need to made default. 1143 * @key_idx: key index to be made as default key 1144 * @unicast: is key was unicast or group key. 1145 * 1146 * This function gets called from ucfg to set default key 1147 * 1148 * Return: QDF_STATUS_SUCCESS - in case of success 1149 */ 1150 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1151 uint8_t *macaddr, 1152 uint8_t key_idx, 1153 bool unicast){ 1154 struct wlan_crypto_comp_priv *crypto_priv; 1155 struct wlan_crypto_params *crypto_params; 1156 struct wlan_crypto_key *key; 1157 struct wlan_objmgr_psoc *psoc; 1158 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1159 1160 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1161 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1162 vdev, macaddr, key_idx); 1163 return QDF_STATUS_E_INVAL; 1164 } 1165 1166 wlan_vdev_obj_lock(vdev); 1167 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1168 QDF_MAC_ADDR_SIZE); 1169 psoc = wlan_vdev_get_psoc(vdev); 1170 if (!psoc) { 1171 wlan_vdev_obj_unlock(vdev); 1172 crypto_err("psoc NULL"); 1173 return QDF_STATUS_E_INVAL; 1174 } 1175 wlan_vdev_obj_unlock(vdev); 1176 1177 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1178 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1179 &crypto_priv); 1180 if (!crypto_priv) { 1181 crypto_err("crypto_priv NULL"); 1182 return QDF_STATUS_E_INVAL; 1183 } 1184 1185 key = crypto_priv->key[key_idx]; 1186 if (!key) 1187 return QDF_STATUS_E_INVAL; 1188 } else { 1189 struct wlan_objmgr_peer *peer; 1190 uint8_t pdev_id; 1191 1192 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1193 wlan_vdev_get_pdev(vdev)); 1194 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1195 psoc, pdev_id, 1196 bssid_mac, 1197 macaddr, 1198 WLAN_CRYPTO_ID); 1199 1200 if (!peer) { 1201 crypto_err("peer NULL"); 1202 return QDF_STATUS_E_INVAL; 1203 } 1204 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1205 &crypto_priv); 1206 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1207 if (!crypto_priv) { 1208 crypto_err("crypto_priv NULL"); 1209 return QDF_STATUS_E_INVAL; 1210 } 1211 1212 key = crypto_priv->key[key_idx]; 1213 if (!key) 1214 return QDF_STATUS_E_INVAL; 1215 } 1216 if (!key->valid) 1217 return QDF_STATUS_E_INVAL; 1218 1219 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1220 QDF_STATUS_SUCCESS) 1221 return QDF_STATUS_E_INVAL; 1222 crypto_priv->def_tx_keyid = key_idx; 1223 1224 return QDF_STATUS_SUCCESS; 1225 } 1226 1227 /** 1228 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1229 * @vdev: vdev 1230 * @wbuf: wbuf 1231 * @macaddr: macaddr 1232 * @encapdone: is encapdone already or not. 1233 * 1234 * This function gets called from mgmt txrx to encap frame. 1235 * 1236 * Return: QDF_STATUS_SUCCESS - in case of success 1237 */ 1238 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1239 qdf_nbuf_t wbuf, 1240 uint8_t *mac_addr, 1241 uint8_t encapdone){ 1242 struct wlan_crypto_comp_priv *crypto_priv; 1243 struct wlan_crypto_params *crypto_params; 1244 struct wlan_crypto_key *key; 1245 QDF_STATUS status; 1246 struct wlan_crypto_cipher *cipher_table; 1247 struct wlan_objmgr_psoc *psoc; 1248 struct wlan_objmgr_peer *peer; 1249 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1250 uint8_t pdev_id; 1251 uint8_t hdrlen; 1252 enum QDF_OPMODE opmode; 1253 1254 opmode = wlan_vdev_mlme_get_opmode(vdev); 1255 wlan_vdev_obj_lock(vdev); 1256 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1257 QDF_MAC_ADDR_SIZE); 1258 psoc = wlan_vdev_get_psoc(vdev); 1259 if (!psoc) { 1260 wlan_vdev_obj_unlock(vdev); 1261 crypto_err("psoc NULL"); 1262 return QDF_STATUS_E_INVAL; 1263 } 1264 wlan_vdev_obj_unlock(vdev); 1265 1266 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1267 /* FILS Encap required only for (Re-)Assoc response */ 1268 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1269 1270 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1271 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1272 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1273 return QDF_STATUS_E_INVAL; 1274 } 1275 1276 if (peer) 1277 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1278 1279 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1280 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1281 &crypto_priv); 1282 if (!crypto_priv) { 1283 crypto_err("crypto_priv NULL"); 1284 return QDF_STATUS_E_INVAL; 1285 } 1286 1287 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1288 if (!key) 1289 return QDF_STATUS_E_INVAL; 1290 1291 } else { 1292 struct wlan_objmgr_peer *peer; 1293 uint8_t pdev_id; 1294 1295 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1296 wlan_vdev_get_pdev(vdev)); 1297 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1298 bssid_mac, mac_addr, 1299 WLAN_CRYPTO_ID); 1300 1301 if (!peer) { 1302 crypto_err("crypto_priv NULL"); 1303 return QDF_STATUS_E_INVAL; 1304 } 1305 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1306 &crypto_priv); 1307 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1308 1309 if (!crypto_priv) { 1310 crypto_err("crypto_priv NULL"); 1311 return QDF_STATUS_E_INVAL; 1312 } 1313 1314 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1315 if (!key) 1316 return QDF_STATUS_E_INVAL; 1317 } 1318 if (opmode == QDF_MONITOR_MODE) 1319 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1320 else 1321 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1322 (uint8_t *)qdf_nbuf_data(wbuf)); 1323 1324 /* if tkip, is counter measures enabled, then drop the frame */ 1325 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1326 status = cipher_table->encap(key, wbuf, encapdone, 1327 hdrlen); 1328 1329 return status; 1330 } 1331 qdf_export_symbol(wlan_crypto_encap); 1332 1333 /** 1334 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1335 * @vdev: vdev 1336 * @wbuf: wbuf 1337 * @macaddr: macaddr 1338 * @tid: tid of the frame 1339 * 1340 * This function gets called from mgmt txrx to decap frame. 1341 * 1342 * Return: QDF_STATUS_SUCCESS - in case of success 1343 */ 1344 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1345 qdf_nbuf_t wbuf, 1346 uint8_t *mac_addr, 1347 uint8_t tid){ 1348 struct wlan_crypto_comp_priv *crypto_priv; 1349 struct wlan_crypto_params *crypto_params; 1350 struct wlan_crypto_key *key; 1351 QDF_STATUS status; 1352 struct wlan_crypto_cipher *cipher_table; 1353 struct wlan_objmgr_psoc *psoc; 1354 struct wlan_objmgr_peer *peer; 1355 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1356 uint8_t keyid; 1357 uint8_t pdev_id; 1358 uint8_t hdrlen; 1359 enum QDF_OPMODE opmode; 1360 1361 opmode = wlan_vdev_mlme_get_opmode(vdev); 1362 wlan_vdev_obj_lock(vdev); 1363 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1364 QDF_MAC_ADDR_SIZE); 1365 psoc = wlan_vdev_get_psoc(vdev); 1366 if (!psoc) { 1367 wlan_vdev_obj_unlock(vdev); 1368 crypto_err("psoc NULL"); 1369 return QDF_STATUS_E_INVAL; 1370 } 1371 wlan_vdev_obj_unlock(vdev); 1372 1373 if (opmode == QDF_MONITOR_MODE) 1374 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1375 else 1376 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1377 (uint8_t *)qdf_nbuf_data(wbuf)); 1378 1379 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1380 1381 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1382 return QDF_STATUS_E_INVAL; 1383 1384 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1385 /* FILS Decap required only for (Re-)Assoc request */ 1386 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1387 1388 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1389 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1390 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1391 return QDF_STATUS_E_INVAL; 1392 } 1393 1394 if (peer) 1395 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1396 1397 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1398 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1399 &crypto_priv); 1400 if (!crypto_priv) { 1401 crypto_err("crypto_priv NULL"); 1402 return QDF_STATUS_E_INVAL; 1403 } 1404 1405 key = crypto_priv->key[keyid]; 1406 if (!key) 1407 return QDF_STATUS_E_INVAL; 1408 1409 } else { 1410 struct wlan_objmgr_peer *peer; 1411 uint8_t pdev_id; 1412 1413 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1414 wlan_vdev_get_pdev(vdev)); 1415 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1416 psoc, pdev_id, bssid_mac, 1417 mac_addr, WLAN_CRYPTO_ID); 1418 if (!peer) { 1419 crypto_err("peer NULL"); 1420 return QDF_STATUS_E_INVAL; 1421 } 1422 1423 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1424 &crypto_priv); 1425 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1426 1427 if (!crypto_priv) { 1428 crypto_err("crypto_priv NULL"); 1429 return QDF_STATUS_E_INVAL; 1430 } 1431 1432 key = crypto_priv->key[keyid]; 1433 if (!key) 1434 return QDF_STATUS_E_INVAL; 1435 } 1436 /* if tkip, is counter measures enabled, then drop the frame */ 1437 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1438 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1439 1440 return status; 1441 } 1442 qdf_export_symbol(wlan_crypto_decap); 1443 /** 1444 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1445 * @vdev: vdev 1446 * @wbuf: wbuf 1447 * @macaddr: macaddr 1448 * @encapdone: is encapdone already or not. 1449 * 1450 * This function gets called from mgmt txrx to adding mic to the frame. 1451 * 1452 * Return: QDF_STATUS_SUCCESS - in case of success 1453 */ 1454 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1455 qdf_nbuf_t wbuf, 1456 uint8_t *mac_addr, 1457 uint8_t encapdone){ 1458 struct wlan_crypto_comp_priv *crypto_priv; 1459 struct wlan_crypto_params *crypto_params; 1460 struct wlan_crypto_key *key; 1461 QDF_STATUS status; 1462 struct wlan_crypto_cipher *cipher_table; 1463 struct wlan_objmgr_psoc *psoc; 1464 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1465 uint8_t hdrlen; 1466 enum QDF_OPMODE opmode; 1467 1468 opmode = wlan_vdev_mlme_get_opmode(vdev); 1469 1470 1471 wlan_vdev_obj_lock(vdev); 1472 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1473 QDF_MAC_ADDR_SIZE); 1474 psoc = wlan_vdev_get_psoc(vdev); 1475 if (!psoc) { 1476 wlan_vdev_obj_unlock(vdev); 1477 crypto_err("psoc NULL"); 1478 return QDF_STATUS_E_INVAL; 1479 } 1480 wlan_vdev_obj_unlock(vdev); 1481 1482 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1483 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1484 &crypto_priv); 1485 if (!crypto_priv) { 1486 crypto_err("crypto_priv NULL"); 1487 return QDF_STATUS_E_INVAL; 1488 } 1489 1490 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1491 if (!key) 1492 return QDF_STATUS_E_INVAL; 1493 1494 } else { 1495 struct wlan_objmgr_peer *peer; 1496 uint8_t pdev_id; 1497 1498 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1499 wlan_vdev_get_pdev(vdev)); 1500 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1501 psoc, pdev_id, bssid_mac, 1502 mac_addr, WLAN_CRYPTO_ID); 1503 if (!peer) { 1504 crypto_err("crypto_priv NULL"); 1505 return QDF_STATUS_E_INVAL; 1506 } 1507 1508 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1509 &crypto_priv); 1510 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1511 1512 if (!crypto_priv) { 1513 crypto_err("crypto_priv NULL"); 1514 return QDF_STATUS_E_INVAL; 1515 } 1516 1517 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1518 if (!key) 1519 return QDF_STATUS_E_INVAL; 1520 } 1521 if (opmode == QDF_MONITOR_MODE) 1522 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1523 else 1524 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1525 (uint8_t *)qdf_nbuf_data(wbuf)); 1526 1527 /* if tkip, is counter measures enabled, then drop the frame */ 1528 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1529 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1530 1531 return status; 1532 } 1533 1534 /** 1535 * wlan_crypto_demic - called by mgmt for remove and check mic for 1536 * the frame based on cipher 1537 * @vdev: vdev 1538 * @wbuf: wbuf 1539 * @macaddr: macaddr 1540 * @tid: tid of the frame 1541 * @keyid: keyid in the received frame 1542 * This function gets called from mgmt txrx to decap frame. 1543 * 1544 * Return: QDF_STATUS_SUCCESS - in case of success 1545 */ 1546 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1547 qdf_nbuf_t wbuf, 1548 uint8_t *mac_addr, 1549 uint8_t tid, 1550 uint8_t keyid){ 1551 struct wlan_crypto_comp_priv *crypto_priv; 1552 struct wlan_crypto_params *crypto_params; 1553 struct wlan_crypto_key *key; 1554 QDF_STATUS status; 1555 struct wlan_crypto_cipher *cipher_table; 1556 struct wlan_objmgr_psoc *psoc; 1557 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1558 uint8_t hdrlen; 1559 enum QDF_OPMODE opmode; 1560 1561 opmode = wlan_vdev_mlme_get_opmode(vdev); 1562 1563 if (opmode == QDF_MONITOR_MODE) 1564 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1565 else 1566 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1567 (uint8_t *)qdf_nbuf_data(wbuf)); 1568 1569 wlan_vdev_obj_lock(vdev); 1570 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1571 QDF_MAC_ADDR_SIZE); 1572 psoc = wlan_vdev_get_psoc(vdev); 1573 if (!psoc) { 1574 wlan_vdev_obj_unlock(vdev); 1575 crypto_err("psoc NULL"); 1576 return QDF_STATUS_E_INVAL; 1577 } 1578 wlan_vdev_obj_unlock(vdev); 1579 1580 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1581 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1582 &crypto_priv); 1583 if (!crypto_priv) { 1584 crypto_err("crypto_priv NULL"); 1585 return QDF_STATUS_E_INVAL; 1586 } 1587 1588 key = crypto_priv->key[keyid]; 1589 if (!key) 1590 return QDF_STATUS_E_INVAL; 1591 1592 } else { 1593 struct wlan_objmgr_peer *peer; 1594 uint8_t pdev_id; 1595 1596 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1597 wlan_vdev_get_pdev(vdev)); 1598 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1599 psoc, pdev_id, bssid_mac, 1600 mac_addr, WLAN_CRYPTO_ID); 1601 if (!peer) { 1602 crypto_err("peer NULL"); 1603 return QDF_STATUS_E_INVAL; 1604 } 1605 1606 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1607 &crypto_priv); 1608 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1609 1610 if (!crypto_priv) { 1611 crypto_err("crypto_priv NULL"); 1612 return QDF_STATUS_E_INVAL; 1613 } 1614 1615 key = crypto_priv->key[keyid]; 1616 if (!key) 1617 return QDF_STATUS_E_INVAL; 1618 } 1619 /* if tkip, is counter measures enabled, then drop the frame */ 1620 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1621 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1622 1623 return status; 1624 } 1625 1626 /** 1627 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1628 * @vdev: vdev 1629 * 1630 * This function gets called to check is pmf enabled or not in vdev. 1631 * 1632 * Return: true or false 1633 */ 1634 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1635 { 1636 1637 struct wlan_crypto_comp_priv *crypto_priv; 1638 struct wlan_crypto_params *vdev_crypto_params; 1639 1640 if (!vdev) 1641 return false; 1642 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1643 &crypto_priv); 1644 if (!crypto_priv) { 1645 crypto_err("crypto_priv NULL"); 1646 return QDF_STATUS_E_INVAL; 1647 } 1648 1649 if ((vdev_crypto_params->rsn_caps & 1650 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1651 || (vdev_crypto_params->rsn_caps & 1652 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1653 return true; 1654 } 1655 1656 return false; 1657 } 1658 1659 /** 1660 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 1661 * @vdev: vdev 1662 * 1663 * This function gets called to check is pmf required or not in vdev. 1664 * 1665 * Return: true or false 1666 */ 1667 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 1668 { 1669 struct wlan_crypto_comp_priv *crypto_priv; 1670 struct wlan_crypto_params *vdev_crypto_params; 1671 1672 if (!vdev) 1673 return false; 1674 1675 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1676 &crypto_priv); 1677 if (!crypto_priv) { 1678 crypto_err("crypto_priv NULL"); 1679 return QDF_STATUS_E_INVAL; 1680 } 1681 1682 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 1683 return true; 1684 1685 return false; 1686 } 1687 1688 /** 1689 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1690 * @vdev: vdev 1691 * @peer: peer 1692 * 1693 * This function gets called by mgmt txrx to check is pmf enabled or not. 1694 * 1695 * Return: true or false 1696 */ 1697 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1698 struct wlan_objmgr_peer *peer){ 1699 1700 struct wlan_crypto_comp_priv *crypto_priv; 1701 struct wlan_crypto_params *vdev_crypto_params; 1702 struct wlan_crypto_params *peer_crypto_params; 1703 1704 if (!vdev || !peer) 1705 return false; 1706 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1707 &crypto_priv); 1708 if (!crypto_priv) { 1709 crypto_err("crypto_priv NULL"); 1710 return QDF_STATUS_E_INVAL; 1711 } 1712 1713 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1714 &crypto_priv); 1715 if (!crypto_priv) { 1716 crypto_err("crypto_priv NULL"); 1717 return QDF_STATUS_E_INVAL; 1718 } 1719 if (((vdev_crypto_params->rsn_caps & 1720 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1721 (peer_crypto_params->rsn_caps & 1722 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1723 || (vdev_crypto_params->rsn_caps & 1724 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1725 return true; 1726 } 1727 1728 return false; 1729 } 1730 1731 /** 1732 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 1733 * @vdev: vdev 1734 * @peer: peer 1735 * @keyidx : key index 1736 * 1737 * This function gets called by mgmt txrx to check if key is valid 1738 * 1739 * Return: true or false 1740 */ 1741 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 1742 struct wlan_objmgr_peer *peer, 1743 uint16_t keyidx) 1744 { 1745 struct wlan_crypto_key *key = NULL; 1746 1747 if (!vdev && !peer) 1748 return false; 1749 1750 if (peer) 1751 key = wlan_crypto_peer_getkey(peer, keyidx); 1752 else if (vdev) 1753 key = wlan_crypto_vdev_getkey(vdev, keyidx); 1754 1755 if ((key) && key->valid) 1756 return true; 1757 1758 return false; 1759 } 1760 1761 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1762 { 1763 a[0] = b[5]; 1764 a[1] = b[4]; 1765 a[2] = b[3]; 1766 a[3] = b[2]; 1767 a[4] = b[1]; 1768 a[5] = b[0]; 1769 } 1770 1771 /** 1772 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1773 * @vdev: vdev 1774 * @bfrm: frame starting pointer 1775 * @len: length of the frame 1776 * 1777 * This function gets called by mgmt txrx to add mmie in frame 1778 * 1779 * Return: end of frame or NULL in case failure 1780 */ 1781 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1782 uint8_t *bfrm, 1783 uint32_t len) { 1784 struct wlan_crypto_key *key; 1785 struct wlan_crypto_mmie *mmie; 1786 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1787 struct wlan_frame_hdr *hdr; 1788 uint32_t i, hdrlen, mic_len, aad_len; 1789 uint8_t mic[16]; 1790 struct wlan_crypto_comp_priv *crypto_priv; 1791 struct wlan_crypto_params *crypto_params; 1792 int32_t ret = -1; 1793 1794 if (!bfrm) { 1795 crypto_err("frame is NULL"); 1796 return NULL; 1797 } 1798 1799 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1800 &crypto_priv); 1801 if (!crypto_priv) { 1802 crypto_err("crypto_priv NULL"); 1803 return NULL; 1804 } 1805 1806 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1807 crypto_err("igtk key invalid keyid %d", 1808 crypto_priv->def_igtk_tx_keyid); 1809 return NULL; 1810 } 1811 1812 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1813 if (!key) { 1814 crypto_err("No igtk key present"); 1815 return NULL; 1816 } 1817 mic_len = (crypto_priv->igtk_key_type 1818 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1819 1820 efrm = bfrm + len; 1821 aad_len = 20; 1822 hdrlen = sizeof(struct wlan_frame_hdr); 1823 len += sizeof(struct wlan_crypto_mmie); 1824 1825 mmie = (struct wlan_crypto_mmie *) efrm; 1826 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1827 mmie->element_id = WLAN_ELEMID_MMIE; 1828 mmie->length = sizeof(*mmie) - 2; 1829 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1830 1831 mic_len = (crypto_priv->igtk_key_type 1832 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1833 if (mic_len == 8) { 1834 mmie->length -= 8; 1835 len -= 8; 1836 } 1837 /* PN = PN + 1 */ 1838 pn = (uint8_t *)&key->keytsc; 1839 1840 for (i = 0; i <= 5; i++) { 1841 pn[i]++; 1842 if (pn[i]) 1843 break; 1844 } 1845 1846 /* Copy IPN */ 1847 qdf_mem_copy(mmie->sequence_number, pn, 6); 1848 1849 hdr = (struct wlan_frame_hdr *) bfrm; 1850 1851 buf = qdf_mem_malloc(len - hdrlen + 20); 1852 if (!buf) 1853 return NULL; 1854 1855 qdf_mem_zero(buf, len - hdrlen + 20); 1856 aad = buf; 1857 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1858 1859 /* FC type/subtype */ 1860 aad[0] = hdr->i_fc[0]; 1861 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1862 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1863 | WLAN_FC1_MOREDATA)); 1864 /* A1 || A2 || A3 */ 1865 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 1866 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1867 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 1868 qdf_mem_zero(mic, 16); 1869 1870 /* 1871 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1872 */ 1873 1874 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1875 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1876 1877 ret = omac1_aes_128(key->keyval, buf, 1878 len + aad_len - hdrlen, mic); 1879 qdf_mem_copy(mmie->mic, mic, 8); 1880 1881 } else if (crypto_priv->igtk_key_type 1882 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1883 1884 ret = omac1_aes_256(key->keyval, buf, 1885 len + aad_len - hdrlen, mmie->mic); 1886 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1887 || (crypto_priv->igtk_key_type 1888 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1889 1890 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1891 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1892 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1893 sizeof(nounce), buf, 1894 len + aad_len - hdrlen, mmie->mic); 1895 } 1896 qdf_mem_free(buf); 1897 if (ret < 0) { 1898 crypto_err("add mmie failed"); 1899 return NULL; 1900 } 1901 1902 return bfrm + len; 1903 } 1904 1905 /** 1906 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1907 * @vdev: vdev 1908 * @frm: frame starting pointer 1909 * @efrm: end of frame pointer 1910 * 1911 * This function gets called by mgmt txrx to check mmie of the frame 1912 * 1913 * Return: true or false 1914 */ 1915 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1916 uint8_t *frm, 1917 uint8_t *efrm){ 1918 struct wlan_crypto_mmie *mmie = NULL; 1919 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1920 struct wlan_crypto_key *key; 1921 struct wlan_frame_hdr *hdr; 1922 uint16_t mic_len, hdrlen, len; 1923 struct wlan_crypto_comp_priv *crypto_priv; 1924 struct wlan_crypto_params *crypto_params; 1925 uint8_t aad_len = 20; 1926 int32_t ret = -1; 1927 1928 /* check if frame is illegal length */ 1929 if (!frm || !efrm || (efrm < frm) 1930 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 1931 crypto_err("Invalid params"); 1932 return false; 1933 } 1934 len = efrm - frm; 1935 crypto_priv = (struct wlan_crypto_comp_priv *) 1936 wlan_get_vdev_crypto_obj(vdev); 1937 if (!crypto_priv) { 1938 crypto_err("crypto_priv NULL"); 1939 return false; 1940 } 1941 1942 crypto_params = &(crypto_priv->crypto_params); 1943 1944 1945 mic_len = (crypto_priv->igtk_key_type 1946 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1947 hdrlen = sizeof(struct wlan_frame_hdr); 1948 1949 if (mic_len == 8) 1950 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1951 else 1952 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1953 1954 1955 /* check Elem ID*/ 1956 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1957 crypto_err("IE is not MMIE"); 1958 return false; 1959 } 1960 1961 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1962 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1963 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1964 crypto_err("keyid not valid"); 1965 return false; 1966 } 1967 1968 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1969 if (!key) { 1970 crypto_err("No igtk key present"); 1971 return false; 1972 } 1973 1974 /* validate ipn */ 1975 ipn = mmie->sequence_number; 1976 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1977 uint8_t *su = (uint8_t *)key->keyrsc; 1978 uint8_t *end = ipn + 6; 1979 1980 crypto_err("replay error :"); 1981 while (ipn < end) { 1982 crypto_err("expected pn = %x received pn = %x", 1983 *ipn++, *su++); 1984 } 1985 return false; 1986 } 1987 1988 buf = qdf_mem_malloc(len - hdrlen + 20); 1989 if (!buf) 1990 return false; 1991 1992 aad = buf; 1993 1994 /* construct AAD */ 1995 hdr = (struct wlan_frame_hdr *)frm; 1996 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1997 1998 /* FC type/subtype */ 1999 aad[0] = hdr->i_fc[0]; 2000 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2001 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2002 | WLAN_FC1_MOREDATA)); 2003 /* A1 || A2 || A3 */ 2004 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2005 2006 /* 2007 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2008 */ 2009 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2010 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2011 qdf_mem_zero(mic, 16); 2012 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2013 ret = omac1_aes_128(key->keyval, buf, 2014 len - hdrlen + aad_len, mic); 2015 } else if (crypto_priv->igtk_key_type 2016 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2017 ret = omac1_aes_256(key->keyval, buf, 2018 len + aad_len - hdrlen, mic); 2019 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2020 || (crypto_priv->igtk_key_type 2021 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2022 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2023 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 2024 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2025 sizeof(nounce), buf, 2026 len + aad_len - hdrlen, mic); 2027 } 2028 2029 qdf_mem_free(buf); 2030 2031 if (ret < 0) { 2032 crypto_err("genarate mmie failed"); 2033 return false; 2034 } 2035 2036 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2037 crypto_err("mmie mismatch"); 2038 /* MMIE MIC mismatch */ 2039 return false; 2040 } 2041 2042 /* Update the receive sequence number */ 2043 qdf_mem_copy(key->keyrsc, ipn, 6); 2044 crypto_debug("mmie matched"); 2045 2046 return true; 2047 } 2048 2049 2050 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2051 { 2052 int32_t status = -1; 2053 2054 switch (cipher) { 2055 case WLAN_CRYPTO_CIPHER_TKIP: 2056 return WPA_CIPHER_SUITE_TKIP; 2057 case WLAN_CRYPTO_CIPHER_AES_CCM: 2058 return WPA_CIPHER_SUITE_CCMP; 2059 case WLAN_CRYPTO_CIPHER_NONE: 2060 return WPA_CIPHER_SUITE_NONE; 2061 } 2062 2063 return status; 2064 } 2065 2066 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2067 { 2068 int32_t status = -1; 2069 2070 switch (cipher) { 2071 case WLAN_CRYPTO_CIPHER_TKIP: 2072 return RSN_CIPHER_SUITE_TKIP; 2073 case WLAN_CRYPTO_CIPHER_AES_CCM: 2074 return RSN_CIPHER_SUITE_CCMP; 2075 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2076 return RSN_CIPHER_SUITE_CCMP_256; 2077 case WLAN_CRYPTO_CIPHER_AES_GCM: 2078 return RSN_CIPHER_SUITE_GCMP; 2079 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2080 return RSN_CIPHER_SUITE_GCMP_256; 2081 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2082 return RSN_CIPHER_SUITE_AES_CMAC; 2083 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2084 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2085 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2086 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2087 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2088 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2089 case WLAN_CRYPTO_CIPHER_NONE: 2090 return RSN_CIPHER_SUITE_NONE; 2091 } 2092 2093 return status; 2094 } 2095 2096 /* 2097 * Convert an RSN key management/authentication algorithm 2098 * to an internal code. 2099 */ 2100 static int32_t 2101 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2102 { 2103 int32_t status = -1; 2104 2105 switch (keymgmt) { 2106 case WLAN_CRYPTO_KEY_MGMT_NONE: 2107 return RSN_AUTH_KEY_MGMT_NONE; 2108 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2109 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2110 case WLAN_CRYPTO_KEY_MGMT_PSK: 2111 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2112 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2113 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2114 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2115 return RSN_AUTH_KEY_MGMT_FT_PSK; 2116 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2117 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2118 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2119 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2120 case WLAN_CRYPTO_KEY_MGMT_SAE: 2121 return RSN_AUTH_KEY_MGMT_SAE; 2122 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2123 return RSN_AUTH_KEY_MGMT_FT_SAE; 2124 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2125 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2126 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2127 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2128 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2129 return RSN_AUTH_KEY_MGMT_CCKM; 2130 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2131 return RSN_AUTH_KEY_MGMT_OSEN; 2132 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2133 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2134 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2135 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2136 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2137 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2138 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2139 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2140 case WLAN_CRYPTO_KEY_MGMT_OWE: 2141 return RSN_AUTH_KEY_MGMT_OWE; 2142 case WLAN_CRYPTO_KEY_MGMT_DPP: 2143 return RSN_AUTH_KEY_MGMT_DPP; 2144 } 2145 2146 return status; 2147 } 2148 2149 /* 2150 * Convert an RSN key management/authentication algorithm 2151 * to an internal code. 2152 */ 2153 static int32_t 2154 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2155 { 2156 int32_t status = -1; 2157 2158 switch (keymgmt) { 2159 case WLAN_CRYPTO_KEY_MGMT_NONE: 2160 return WPA_AUTH_KEY_MGMT_NONE; 2161 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2162 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2163 case WLAN_CRYPTO_KEY_MGMT_PSK: 2164 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2165 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2166 return WPA_AUTH_KEY_MGMT_CCKM; 2167 } 2168 2169 return status; 2170 } 2171 /** 2172 * Convert a WPA cipher selector OUI to an internal 2173 * cipher algorithm. Where appropriate we also 2174 * record any key length. 2175 */ 2176 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 2177 { 2178 uint32_t w = LE_READ_4(sel); 2179 int32_t status = -1; 2180 2181 switch (w) { 2182 case WPA_CIPHER_SUITE_TKIP: 2183 return WLAN_CRYPTO_CIPHER_TKIP; 2184 case WPA_CIPHER_SUITE_CCMP: 2185 return WLAN_CRYPTO_CIPHER_AES_CCM; 2186 case WPA_CIPHER_SUITE_NONE: 2187 return WLAN_CRYPTO_CIPHER_NONE; 2188 } 2189 2190 return status; 2191 } 2192 2193 /* 2194 * Convert a WPA key management/authentication algorithm 2195 * to an internal code. 2196 */ 2197 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 2198 { 2199 uint32_t w = LE_READ_4(sel); 2200 int32_t status = -1; 2201 2202 switch (w) { 2203 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2204 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2205 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2206 return WLAN_CRYPTO_KEY_MGMT_PSK; 2207 case WPA_AUTH_KEY_MGMT_CCKM: 2208 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2209 case WPA_AUTH_KEY_MGMT_NONE: 2210 return WLAN_CRYPTO_KEY_MGMT_NONE; 2211 } 2212 return status; 2213 } 2214 2215 /* 2216 * Convert a RSN cipher selector OUI to an internal 2217 * cipher algorithm. Where appropriate we also 2218 * record any key length. 2219 */ 2220 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 2221 { 2222 uint32_t w = LE_READ_4(sel); 2223 int32_t status = -1; 2224 2225 switch (w) { 2226 case RSN_CIPHER_SUITE_TKIP: 2227 return WLAN_CRYPTO_CIPHER_TKIP; 2228 case RSN_CIPHER_SUITE_CCMP: 2229 return WLAN_CRYPTO_CIPHER_AES_CCM; 2230 case RSN_CIPHER_SUITE_CCMP_256: 2231 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2232 case RSN_CIPHER_SUITE_GCMP: 2233 return WLAN_CRYPTO_CIPHER_AES_GCM; 2234 case RSN_CIPHER_SUITE_GCMP_256: 2235 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2236 case RSN_CIPHER_SUITE_AES_CMAC: 2237 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2238 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2239 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2240 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2241 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2242 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2243 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2244 case RSN_CIPHER_SUITE_NONE: 2245 return WLAN_CRYPTO_CIPHER_NONE; 2246 } 2247 2248 return status; 2249 } 2250 /* 2251 * Convert an RSN key management/authentication algorithm 2252 * to an internal code. 2253 */ 2254 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2255 { 2256 uint32_t w = LE_READ_4(sel); 2257 int32_t status = -1; 2258 2259 switch (w) { 2260 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2261 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2262 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2263 return WLAN_CRYPTO_KEY_MGMT_PSK; 2264 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2265 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2266 case RSN_AUTH_KEY_MGMT_FT_PSK: 2267 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2268 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2269 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2270 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2271 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2272 case RSN_AUTH_KEY_MGMT_SAE: 2273 return WLAN_CRYPTO_KEY_MGMT_SAE; 2274 case RSN_AUTH_KEY_MGMT_FT_SAE: 2275 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2276 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2277 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2278 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2279 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2280 case RSN_AUTH_KEY_MGMT_CCKM: 2281 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2282 case RSN_AUTH_KEY_MGMT_OSEN: 2283 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2284 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2285 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2286 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2287 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2288 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2289 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2290 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2291 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2292 case RSN_AUTH_KEY_MGMT_OWE: 2293 return WLAN_CRYPTO_KEY_MGMT_OWE; 2294 case RSN_AUTH_KEY_MGMT_DPP: 2295 return WLAN_CRYPTO_KEY_MGMT_DPP; 2296 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2297 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2298 } 2299 2300 return status; 2301 } 2302 2303 /** 2304 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2305 * @crypto params: crypto params 2306 * @iebuf: ie buffer 2307 * 2308 * This function gets called by mlme to check the contents of wpa is 2309 * matching with given crypto params 2310 * 2311 * Return: QDF_STATUS_SUCCESS - in case of success 2312 */ 2313 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2314 uint8_t *frm){ 2315 uint8_t len = frm[1]; 2316 int32_t w; 2317 int n; 2318 2319 /* 2320 * Check the length once for fixed parts: OUI, type, 2321 * version, mcast cipher, and 2 selector counts. 2322 * Other, variable-length data, must be checked separately. 2323 */ 2324 RESET_AUTHMODE(crypto_params); 2325 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2326 2327 if (len < 14) 2328 return QDF_STATUS_E_INVAL; 2329 2330 frm += 6, len -= 4; 2331 2332 w = LE_READ_2(frm); 2333 if (w != WPA_VERSION) 2334 return QDF_STATUS_E_INVAL; 2335 2336 frm += 2, len -= 2; 2337 2338 /* multicast/group cipher */ 2339 RESET_MCAST_CIPHERS(crypto_params); 2340 w = wlan_crypto_wpa_suite_to_cipher(frm); 2341 if (w < 0) 2342 return QDF_STATUS_E_INVAL; 2343 SET_MCAST_CIPHER(crypto_params, w); 2344 frm += 4, len -= 4; 2345 2346 /* unicast ciphers */ 2347 n = LE_READ_2(frm); 2348 frm += 2, len -= 2; 2349 if (len < n*4+2) 2350 return QDF_STATUS_E_INVAL; 2351 2352 RESET_UCAST_CIPHERS(crypto_params); 2353 for (; n > 0; n--) { 2354 w = wlan_crypto_wpa_suite_to_cipher(frm); 2355 if (w < 0) 2356 return QDF_STATUS_E_INVAL; 2357 SET_UCAST_CIPHER(crypto_params, w); 2358 frm += 4, len -= 4; 2359 } 2360 2361 if (!crypto_params->ucastcipherset) 2362 return QDF_STATUS_E_INVAL; 2363 2364 /* key management algorithms */ 2365 n = LE_READ_2(frm); 2366 frm += 2, len -= 2; 2367 if (len < n*4) 2368 return QDF_STATUS_E_INVAL; 2369 2370 w = 0; 2371 RESET_KEY_MGMT(crypto_params); 2372 for (; n > 0; n--) { 2373 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2374 if (w < 0) 2375 return QDF_STATUS_E_INVAL; 2376 SET_KEY_MGMT(crypto_params, w); 2377 frm += 4, len -= 4; 2378 } 2379 2380 /* optional capabilities */ 2381 if (len >= 2) { 2382 crypto_params->rsn_caps = LE_READ_2(frm); 2383 frm += 2, len -= 2; 2384 } 2385 2386 return 0; 2387 } 2388 2389 /** 2390 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2391 * @crypto params: crypto params 2392 * @iebuf: ie buffer 2393 * 2394 * This function gets called by mlme to check the contents of wpa is 2395 * matching with given crypto params 2396 * 2397 * Return: QDF_STATUS_SUCCESS - in case of success 2398 */ 2399 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2400 uint8_t *frm){ 2401 uint8_t len = frm[1]; 2402 int32_t w; 2403 int n; 2404 2405 /* Check the length once for fixed parts: OUI, type & version */ 2406 if (len < 2) 2407 return QDF_STATUS_E_INVAL; 2408 2409 /* initialize crypto params */ 2410 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2411 2412 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2413 2414 frm += 2; 2415 /* NB: iswapoui already validated the OUI and type */ 2416 w = LE_READ_2(frm); 2417 if (w != RSN_VERSION) 2418 return QDF_STATUS_E_INVAL; 2419 2420 frm += 2, len -= 2; 2421 2422 if (!len) { 2423 /* set defaults */ 2424 /* default group cipher CCMP-128 */ 2425 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2426 /* default ucast cipher CCMP-128 */ 2427 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2428 /* default key mgmt 8021x */ 2429 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2430 return QDF_STATUS_SUCCESS; 2431 } else if (len < 4) { 2432 return QDF_STATUS_E_INVAL; 2433 } 2434 2435 /* multicast/group cipher */ 2436 w = wlan_crypto_rsn_suite_to_cipher(frm); 2437 if (w < 0) 2438 return QDF_STATUS_E_INVAL; 2439 else { 2440 SET_MCAST_CIPHER(crypto_params, w); 2441 frm += 4, len -= 4; 2442 } 2443 2444 if (crypto_params->mcastcipherset == 0) 2445 return QDF_STATUS_E_INVAL; 2446 2447 if (!len) { 2448 /* default ucast cipher CCMP-128 */ 2449 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2450 /* default key mgmt 8021x */ 2451 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2452 return QDF_STATUS_SUCCESS; 2453 } else if (len < 2) { 2454 return QDF_STATUS_E_INVAL; 2455 } 2456 2457 /* unicast ciphers */ 2458 n = LE_READ_2(frm); 2459 frm += 2, len -= 2; 2460 if (n) { 2461 if (len < n * 4) 2462 return QDF_STATUS_E_INVAL; 2463 2464 for (; n > 0; n--) { 2465 w = wlan_crypto_rsn_suite_to_cipher(frm); 2466 if (w < 0) 2467 return QDF_STATUS_E_INVAL; 2468 SET_UCAST_CIPHER(crypto_params, w); 2469 frm += 4, len -= 4; 2470 } 2471 } else { 2472 /* default ucast cipher CCMP-128 */ 2473 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2474 } 2475 2476 if (crypto_params->ucastcipherset == 0) 2477 return QDF_STATUS_E_INVAL; 2478 2479 if (!len) { 2480 /* default key mgmt 8021x */ 2481 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2482 return QDF_STATUS_SUCCESS; 2483 } else if (len < 2) { 2484 return QDF_STATUS_E_INVAL; 2485 } 2486 2487 /* key management algorithms */ 2488 n = LE_READ_2(frm); 2489 frm += 2, len -= 2; 2490 2491 if (n) { 2492 if (len < n * 4) 2493 return QDF_STATUS_E_INVAL; 2494 2495 for (; n > 0; n--) { 2496 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2497 if (w < 0) 2498 return QDF_STATUS_E_INVAL; 2499 SET_KEY_MGMT(crypto_params, w); 2500 frm += 4, len -= 4; 2501 } 2502 } else { 2503 /* default key mgmt 8021x */ 2504 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2505 } 2506 2507 if (crypto_params->key_mgmt == 0) 2508 return QDF_STATUS_E_INVAL; 2509 2510 /* optional capabilities */ 2511 if (len >= 2) { 2512 crypto_params->rsn_caps = LE_READ_2(frm); 2513 frm += 2, len -= 2; 2514 } else if (len && len < 2) { 2515 return QDF_STATUS_E_INVAL; 2516 } 2517 2518 2519 /* PMKID */ 2520 if (len >= 2) { 2521 n = LE_READ_2(frm); 2522 frm += 2, len -= 2; 2523 if (n && len) { 2524 if (len >= n * PMKID_LEN) 2525 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2526 else 2527 return QDF_STATUS_E_INVAL; 2528 } else if (n && !len) { 2529 return QDF_STATUS_E_INVAL; 2530 } 2531 /*TODO: Save pmkid in params for further reference */ 2532 } 2533 2534 /* BIP */ 2535 if (!len && 2536 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2537 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2538 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2539 return QDF_STATUS_SUCCESS; 2540 } else if (len >= 4) { 2541 w = wlan_crypto_rsn_suite_to_cipher(frm); 2542 frm += 4, len -= 4; 2543 SET_MGMT_CIPHER(crypto_params, w); 2544 } 2545 2546 return QDF_STATUS_SUCCESS; 2547 } 2548 2549 /** 2550 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2551 * @vdev: vdev 2552 * @iebuf: ie buffer 2553 * 2554 * This function gets called by mlme to build wpaie from given vdev 2555 * 2556 * Return: end of buffer 2557 */ 2558 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2559 uint8_t *iebuf){ 2560 uint8_t *frm = iebuf; 2561 uint8_t *selcnt; 2562 struct wlan_crypto_comp_priv *crypto_priv; 2563 struct wlan_crypto_params *crypto_params; 2564 2565 if (!frm) 2566 return NULL; 2567 2568 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2569 2570 if (!crypto_params) 2571 return NULL; 2572 2573 *frm++ = WLAN_ELEMID_VENDOR; 2574 *frm++ = 0; 2575 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2576 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2577 2578 2579 /* multicast cipher */ 2580 if (MCIPHER_IS_TKIP(crypto_params)) 2581 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2582 else if (MCIPHER_IS_CCMP128(crypto_params)) 2583 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2584 2585 /* unicast cipher list */ 2586 selcnt = frm; 2587 WLAN_CRYPTO_ADDSHORT(frm, 0); 2588 /* do not use CCMP unicast cipher in WPA mode */ 2589 if (UCIPHER_IS_CCMP128(crypto_params)) { 2590 selcnt[0]++; 2591 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2592 } 2593 if (UCIPHER_IS_TKIP(crypto_params)) { 2594 selcnt[0]++; 2595 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2596 } 2597 2598 /* authenticator selector list */ 2599 selcnt = frm; 2600 WLAN_CRYPTO_ADDSHORT(frm, 0); 2601 2602 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2603 selcnt[0]++; 2604 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2605 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2606 selcnt[0]++; 2607 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2608 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2609 selcnt[0]++; 2610 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2611 } else { 2612 selcnt[0]++; 2613 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2614 } 2615 2616 /* optional capabilities */ 2617 if (crypto_params->rsn_caps != 0 && 2618 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2619 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2620 } 2621 2622 /* calculate element length */ 2623 iebuf[1] = frm - iebuf - 2; 2624 2625 return frm; 2626 } 2627 2628 /** 2629 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2630 * @vdev: vdev 2631 * @iebuf: ie buffer 2632 * @bssid: bssid mac address to add pmkid in rsnie 2633 * 2634 * This function gets called by mlme to build rsnie from given vdev 2635 * 2636 * Return: end of buffer 2637 */ 2638 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2639 uint8_t *iebuf, 2640 struct qdf_mac_addr *bssid) 2641 { 2642 uint8_t *frm = iebuf; 2643 uint8_t *selcnt; 2644 struct wlan_crypto_comp_priv *crypto_priv; 2645 struct wlan_crypto_params *crypto_params; 2646 2647 if (!frm) { 2648 return NULL; 2649 } 2650 2651 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2652 2653 if (!crypto_params) { 2654 return NULL; 2655 } 2656 2657 *frm++ = WLAN_ELEMID_RSN; 2658 *frm++ = 0; 2659 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2660 2661 2662 /* multicast cipher */ 2663 if (MCIPHER_IS_TKIP(crypto_params)) 2664 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2665 else if (MCIPHER_IS_CCMP128(crypto_params)) 2666 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2667 else if (MCIPHER_IS_CCMP256(crypto_params)) 2668 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2669 else if (MCIPHER_IS_GCMP128(crypto_params)) 2670 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2671 else if (MCIPHER_IS_GCMP256(crypto_params)) 2672 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2673 2674 /* unicast cipher list */ 2675 selcnt = frm; 2676 WLAN_CRYPTO_ADDSHORT(frm, 0); 2677 2678 if (UCIPHER_IS_CCMP256(crypto_params)) { 2679 selcnt[0]++; 2680 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2681 } 2682 if (UCIPHER_IS_GCMP256(crypto_params)) { 2683 selcnt[0]++; 2684 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2685 } 2686 if (UCIPHER_IS_CCMP128(crypto_params)) { 2687 selcnt[0]++; 2688 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2689 } 2690 if (UCIPHER_IS_GCMP128(crypto_params)) { 2691 selcnt[0]++; 2692 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2693 } 2694 if (UCIPHER_IS_TKIP(crypto_params)) { 2695 selcnt[0]++; 2696 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2697 } 2698 2699 /* authenticator selector list */ 2700 selcnt = frm; 2701 WLAN_CRYPTO_ADDSHORT(frm, 0); 2702 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2703 selcnt[0]++; 2704 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2705 /* Other key mgmt should not be added after CCKM */ 2706 goto add_rsn_caps; 2707 } 2708 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2709 selcnt[0]++; 2710 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2711 } 2712 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2713 selcnt[0]++; 2714 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2715 } 2716 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2717 selcnt[0]++; 2718 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2719 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2720 } 2721 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2722 selcnt[0]++; 2723 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2724 } 2725 if (HAS_KEY_MGMT(crypto_params, 2726 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2727 selcnt[0]++; 2728 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2729 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2730 } 2731 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2732 selcnt[0]++; 2733 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2734 } 2735 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2736 selcnt[0]++; 2737 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2738 } 2739 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2740 selcnt[0]++; 2741 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2742 } 2743 if (HAS_KEY_MGMT(crypto_params, 2744 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2745 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2746 2747 selcnt[0]++; 2748 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2749 } 2750 if (HAS_KEY_MGMT(crypto_params, 2751 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2752 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2753 2754 selcnt[0]++; 2755 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2756 } 2757 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2758 selcnt[0]++; 2759 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2760 } 2761 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2762 selcnt[0]++; 2763 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2764 } 2765 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2766 selcnt[0]++; 2767 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2768 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2769 } 2770 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2771 selcnt[0]++; 2772 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2773 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2774 } 2775 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2776 selcnt[0]++; 2777 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2778 } 2779 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 2780 selcnt[0]++; 2781 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 2782 } 2783 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2784 selcnt[0]++; 2785 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 2786 } 2787 add_rsn_caps: 2788 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2789 /* optional capabilities */ 2790 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2791 /* PMK list */ 2792 if (bssid) { 2793 struct wlan_crypto_pmksa *pmksa; 2794 2795 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2796 2797 if (pmksa) { 2798 WLAN_CRYPTO_ADDSHORT(frm, 1); 2799 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2800 frm += PMKID_LEN; 2801 } else { 2802 WLAN_CRYPTO_ADDSHORT(frm, 0); 2803 } 2804 } else 2805 WLAN_CRYPTO_ADDSHORT(frm, 0); 2806 2807 if (HAS_MGMT_CIPHER(crypto_params, 2808 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2809 RSN_ADD_CIPHER_TO_SUITE(frm, 2810 WLAN_CRYPTO_CIPHER_AES_CMAC); 2811 } 2812 if (HAS_MGMT_CIPHER(crypto_params, 2813 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2814 RSN_ADD_CIPHER_TO_SUITE(frm, 2815 WLAN_CRYPTO_CIPHER_AES_GMAC); 2816 } 2817 if (HAS_MGMT_CIPHER(crypto_params, 2818 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2819 RSN_ADD_CIPHER_TO_SUITE(frm, 2820 WLAN_CRYPTO_CIPHER_AES_CMAC_256 2821 ); 2822 } 2823 2824 if (HAS_MGMT_CIPHER(crypto_params, 2825 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2826 RSN_ADD_CIPHER_TO_SUITE(frm, 2827 WLAN_CRYPTO_CIPHER_AES_GMAC_256 2828 ); 2829 } 2830 } else { 2831 /* PMK list */ 2832 if (bssid) { 2833 struct wlan_crypto_pmksa *pmksa; 2834 2835 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2836 if (pmksa) { 2837 WLAN_CRYPTO_ADDSHORT(frm, 1); 2838 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2839 frm += PMKID_LEN; 2840 } else { 2841 WLAN_CRYPTO_ADDSHORT(frm, 0); 2842 } 2843 } 2844 } 2845 2846 /* calculate element length */ 2847 iebuf[1] = frm - iebuf - 2; 2848 2849 return frm; 2850 } 2851 2852 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2853 struct wlan_crypto_params *crypto_params){ 2854 struct wlan_crypto_params *my_crypto_params; 2855 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2856 2857 if (!my_crypto_params) { 2858 crypto_debug("vdev crypto params is NULL"); 2859 return false; 2860 } 2861 /* 2862 * Check peer's pairwise ciphers. 2863 * At least one must match with our unicast cipher 2864 */ 2865 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2866 crypto_debug("Unicast cipher match failed"); 2867 return false; 2868 } 2869 /* 2870 * Check peer's group cipher is our enabled multicast cipher. 2871 */ 2872 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2873 crypto_debug("Multicast cipher match failed"); 2874 return false; 2875 } 2876 /* 2877 * Check peer's key management class set (PSK or UNSPEC) 2878 */ 2879 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 2880 crypto_debug("Key mgmt match failed"); 2881 return false; 2882 } 2883 if (wlan_crypto_vdev_is_pmf_required(vdev) && 2884 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2885 crypto_debug("Peer is not PMF capable"); 2886 return false; 2887 } 2888 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 2889 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2890 crypto_debug("Peer needs PMF, but vdev is not capable"); 2891 return false; 2892 } 2893 2894 return true; 2895 } 2896 2897 /* 2898 * Convert an WAPI CIPHER suite to to an internal code. 2899 */ 2900 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2901 { 2902 uint32_t w = LE_READ_4(sel); 2903 int32_t status = -1; 2904 2905 switch (w) { 2906 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2907 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2908 } 2909 2910 return status; 2911 } 2912 2913 /* 2914 * Convert an WAPI key management/authentication algorithm 2915 * to an internal code. 2916 */ 2917 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2918 { 2919 uint32_t w = LE_READ_4(sel); 2920 int32_t status = -1; 2921 2922 switch (w) { 2923 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2924 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2925 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2926 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2927 } 2928 2929 return status; 2930 } 2931 /** 2932 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2933 * @crypto params: crypto params 2934 * @iebuf: ie buffer 2935 * 2936 * This function gets called by mlme to check the contents of wapi is 2937 * matching with given crypto params 2938 * 2939 * Return: QDF_STATUS_SUCCESS - in case of success 2940 */ 2941 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2942 uint8_t *frm) 2943 { 2944 uint8_t len = frm[1]; 2945 int32_t w; 2946 int n; 2947 2948 /* 2949 * Check the length once for fixed parts: OUI, type, 2950 * version, mcast cipher, and 2 selector counts. 2951 * Other, variable-length data, must be checked separately. 2952 */ 2953 RESET_AUTHMODE(crypto_params); 2954 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2955 2956 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2957 return QDF_STATUS_E_INVAL; 2958 2959 2960 frm += 2; 2961 2962 w = LE_READ_2(frm); 2963 frm += 2, len -= 2; 2964 if (w != WAPI_VERSION) 2965 return QDF_STATUS_E_INVAL; 2966 2967 n = LE_READ_2(frm); 2968 frm += 2, len -= 2; 2969 if (len < n*4+2) 2970 return QDF_STATUS_E_INVAL; 2971 2972 RESET_KEY_MGMT(crypto_params); 2973 for (; n > 0; n--) { 2974 w = wlan_crypto_wapi_keymgmt(frm); 2975 if (w < 0) 2976 return QDF_STATUS_E_INVAL; 2977 2978 SET_KEY_MGMT(crypto_params, w); 2979 frm += 4, len -= 4; 2980 } 2981 2982 /* unicast ciphers */ 2983 n = LE_READ_2(frm); 2984 frm += 2, len -= 2; 2985 if (len < n*4+2) 2986 return QDF_STATUS_E_INVAL; 2987 2988 RESET_UCAST_CIPHERS(crypto_params); 2989 for (; n > 0; n--) { 2990 w = wlan_crypto_wapi_suite_to_cipher(frm); 2991 if (w < 0) 2992 return QDF_STATUS_E_INVAL; 2993 SET_UCAST_CIPHER(crypto_params, w); 2994 frm += 4, len -= 4; 2995 } 2996 2997 if (!crypto_params->ucastcipherset) 2998 return QDF_STATUS_E_INVAL; 2999 3000 /* multicast/group cipher */ 3001 RESET_MCAST_CIPHERS(crypto_params); 3002 w = wlan_crypto_wapi_suite_to_cipher(frm); 3003 3004 if (w < 0) 3005 return QDF_STATUS_E_INVAL; 3006 3007 SET_MCAST_CIPHER(crypto_params, w); 3008 frm += 4, len -= 4; 3009 3010 return QDF_STATUS_SUCCESS; 3011 } 3012 3013 /** 3014 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3015 * @vdev: vdev 3016 * @iebuf: ie buffer 3017 * 3018 * This function gets called by mlme to build wapi ie from given vdev 3019 * 3020 * Return: end of buffer 3021 */ 3022 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3023 uint8_t *iebuf) 3024 { 3025 uint8_t *frm; 3026 uint8_t *selcnt; 3027 struct wlan_crypto_comp_priv *crypto_priv; 3028 struct wlan_crypto_params *crypto_params; 3029 3030 frm = iebuf; 3031 if (!frm) { 3032 crypto_err("ie buffer NULL"); 3033 return NULL; 3034 } 3035 3036 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3037 3038 if (!crypto_params) { 3039 crypto_err("crypto_params NULL"); 3040 return NULL; 3041 } 3042 3043 *frm++ = WLAN_ELEMID_WAPI; 3044 *frm++ = 0; 3045 3046 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3047 3048 /* authenticator selector list */ 3049 selcnt = frm; 3050 WLAN_CRYPTO_ADDSHORT(frm, 0); 3051 3052 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3053 selcnt[0]++; 3054 WLAN_CRYPTO_ADDSELECTOR(frm, 3055 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3056 } 3057 3058 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3059 selcnt[0]++; 3060 WLAN_CRYPTO_ADDSELECTOR(frm, 3061 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3062 } 3063 3064 /* unicast cipher list */ 3065 selcnt = frm; 3066 WLAN_CRYPTO_ADDSHORT(frm, 0); 3067 3068 if (UCIPHER_IS_SMS4(crypto_params)) { 3069 selcnt[0]++; 3070 WLAN_CRYPTO_ADDSELECTOR(frm, 3071 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3072 } 3073 3074 WLAN_CRYPTO_ADDSELECTOR(frm, 3075 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3076 3077 /* optional capabilities */ 3078 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3079 3080 /* bkid count */ 3081 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3082 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3083 WLAN_CRYPTO_ADDSHORT(frm, 0); 3084 3085 /* calculate element length */ 3086 iebuf[1] = frm - iebuf - 2; 3087 3088 return frm; 3089 3090 } 3091 3092 /** 3093 * wlan_crypto_pn_check - called by data patch for PN check 3094 * @vdev: vdev 3095 * @wbuf: wbuf 3096 * 3097 * This function gets called by data patch for PN check 3098 * 3099 * Return: QDF_STATUS 3100 */ 3101 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3102 qdf_nbuf_t wbuf){ 3103 /* Need to check is there real requirement for this function 3104 * as PN check is already handled in decap function. 3105 */ 3106 return QDF_STATUS_SUCCESS; 3107 } 3108 3109 /** 3110 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3111 * @vdev:vdev 3112 * 3113 * This function gets called by mlme to get crypto params 3114 * 3115 * Return: wlan_crypto_params or NULL in case of failure 3116 */ 3117 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3118 struct wlan_objmgr_vdev *vdev){ 3119 struct wlan_crypto_comp_priv *crypto_priv; 3120 3121 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3122 } 3123 3124 /** 3125 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3126 * @peer:peer 3127 * 3128 * This function gets called by mlme to get crypto params 3129 * 3130 * Return: wlan_crypto_params or NULL in case of failure 3131 */ 3132 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3133 struct wlan_objmgr_peer *peer){ 3134 struct wlan_crypto_comp_priv *crypto_priv; 3135 3136 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3137 } 3138 3139 3140 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3141 struct wlan_objmgr_peer *peer) 3142 { 3143 struct wlan_crypto_comp_priv *crypto_priv; 3144 struct wlan_crypto_comp_priv *sta_crypto_priv; 3145 struct wlan_crypto_params *crypto_params; 3146 struct wlan_crypto_key *key; 3147 struct wlan_crypto_key *sta_key; 3148 struct wlan_crypto_cipher *cipher_table; 3149 struct wlan_objmgr_psoc *psoc; 3150 uint8_t *mac_addr; 3151 int i; 3152 enum QDF_OPMODE opmode; 3153 QDF_STATUS status = QDF_STATUS_SUCCESS; 3154 3155 if (!vdev) 3156 return QDF_STATUS_E_NULL_VALUE; 3157 3158 if (!peer) { 3159 crypto_debug("peer NULL"); 3160 return QDF_STATUS_E_INVAL; 3161 } 3162 3163 opmode = wlan_vdev_mlme_get_opmode(vdev); 3164 psoc = wlan_vdev_get_psoc(vdev); 3165 3166 if (!psoc) { 3167 crypto_err("psoc NULL"); 3168 return QDF_STATUS_E_NULL_VALUE; 3169 } 3170 3171 wlan_peer_obj_lock(peer); 3172 mac_addr = wlan_peer_get_macaddr(peer); 3173 wlan_peer_obj_unlock(peer); 3174 3175 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3176 &crypto_priv); 3177 if (!crypto_priv) { 3178 crypto_err("crypto_priv NULL"); 3179 return QDF_STATUS_E_NULL_VALUE; 3180 } 3181 3182 /* push only valid static WEP keys from vap */ 3183 if (AUTH_IS_8021X(crypto_params)) 3184 return QDF_STATUS_E_INVAL; 3185 3186 if (opmode == QDF_STA_MODE) { 3187 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3188 if (!peer) { 3189 crypto_err("peer NULL"); 3190 return QDF_STATUS_E_INVAL; 3191 } 3192 } 3193 3194 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3195 if (!sta_crypto_priv) { 3196 crypto_err("sta priv is null"); 3197 status = QDF_STATUS_E_INVAL; 3198 goto exit; 3199 } 3200 3201 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3202 if (crypto_priv->key[i]) { 3203 key = crypto_priv->key[i]; 3204 if (!key || !key->valid) 3205 continue; 3206 3207 cipher_table = (struct wlan_crypto_cipher *) 3208 key->cipher_table; 3209 3210 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3211 sta_key = qdf_mem_malloc( 3212 sizeof(struct wlan_crypto_key)); 3213 if (!sta_key) { 3214 status = QDF_STATUS_E_NOMEM; 3215 goto exit; 3216 } 3217 3218 sta_crypto_priv->key[i] = sta_key; 3219 qdf_mem_copy(sta_key, key, 3220 sizeof(struct wlan_crypto_key)); 3221 3222 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3223 3224 if (crypto_priv->def_tx_keyid == i) { 3225 sta_key->flags 3226 |= WLAN_CRYPTO_KEY_DEFAULT; 3227 sta_crypto_priv->def_tx_keyid = 3228 crypto_priv->def_tx_keyid; 3229 } 3230 /* setting the broadcast/multicast key for sta*/ 3231 if (opmode == QDF_STA_MODE || 3232 opmode == QDF_IBSS_MODE){ 3233 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3234 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 3235 vdev, sta_key, mac_addr, 3236 cipher_table->cipher); 3237 } 3238 } 3239 3240 /* setting unicast key */ 3241 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3242 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3243 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 3244 sta_key, mac_addr, 3245 cipher_table->cipher); 3246 } 3247 } 3248 } 3249 } 3250 3251 exit: 3252 if (opmode == QDF_STA_MODE) 3253 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3254 3255 return status; 3256 } 3257 3258 /** 3259 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3260 * @crypto_rx_ops: crypto_rx_ops 3261 * 3262 * This function gets called by object manger to register crypto rx ops. 3263 * 3264 * Return: QDF_STATUS 3265 */ 3266 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3267 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3268 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3269 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3270 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3271 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3272 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3273 3274 return QDF_STATUS_SUCCESS; 3275 } 3276 3277 /** 3278 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3279 * @psoc: psoc 3280 * 3281 * This function gets called by umac to get the crypto_rx_ops 3282 * 3283 * Return: crypto_rx_ops 3284 */ 3285 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3286 struct wlan_objmgr_psoc *psoc) 3287 { 3288 3289 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 3290 } 3291 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3292 3293 /** 3294 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3295 * @vdev: vdev 3296 * @authvalue: authvalue to be checked 3297 * 3298 * This function check is authvalue passed is set in vdev or not 3299 * 3300 * Return: true or false 3301 */ 3302 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3303 wlan_crypto_auth_mode authvalue) 3304 { 3305 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 3306 & authvalue; 3307 } 3308 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3309 3310 /** 3311 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3312 * @peer: peer 3313 * @authvalue: authvalue to be checked 3314 * 3315 * This function check is authvalue passed is set in peer or not 3316 * 3317 * Return: true or false 3318 */ 3319 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3320 wlan_crypto_auth_mode authvalue) 3321 { 3322 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3323 & authvalue; 3324 } 3325 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3326 3327 /** 3328 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3329 * @vdev: vdev 3330 * @ucastcipher: ucastcipher to be checked 3331 * 3332 * This function check is ucastcipher passed is set in vdev or not 3333 * 3334 * Return: true or false 3335 */ 3336 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3337 wlan_crypto_cipher_type ucastcipher) 3338 { 3339 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3340 & ucastcipher; 3341 } 3342 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3343 3344 /** 3345 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3346 * @peer: peer 3347 * @ucastcipher: ucastcipher to be checked 3348 * 3349 * This function check is ucastcipher passed is set in peer or not 3350 * 3351 * Return: true or false 3352 */ 3353 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3354 wlan_crypto_cipher_type ucastcipher) 3355 { 3356 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3357 & ucastcipher; 3358 } 3359 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3360 3361 /** 3362 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3363 * @vdev: vdev 3364 * @mcastcipher: mcastcipher to be checked 3365 * 3366 * This function check is mcastcipher passed is set in vdev or not 3367 * 3368 * Return: true or false 3369 */ 3370 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3371 wlan_crypto_cipher_type mcastcipher) 3372 { 3373 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3374 & mcastcipher; 3375 } 3376 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3377 3378 /** 3379 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3380 * @peer: peer 3381 * @mcastcipher: mcastcipher to be checked 3382 * 3383 * This function check is mcastcipher passed is set in peer or not 3384 * 3385 * Return: true or false 3386 */ 3387 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3388 wlan_crypto_cipher_type mcastcipher) 3389 { 3390 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3391 & mcastcipher; 3392 } 3393 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3394 3395 /** 3396 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3397 * @vdev: vdev 3398 * @mgmtcipher: mgmtcipher to be checked 3399 * 3400 * This function checks any one of mgmtciphers are supported by vdev or not. 3401 * 3402 * Return: true or false 3403 */ 3404 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3405 uint32_t mgmtcipher) 3406 { 3407 return (wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3408 & mgmtcipher) != 0; 3409 } 3410 3411 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3412 3413 /** 3414 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3415 * @peer: peer 3416 * @mgmtcipher: mgmtcipher to be checked 3417 * 3418 * This function checks any one of mgmtciphers are supported by peer or not 3419 * 3420 * Return: true or false 3421 */ 3422 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3423 uint32_t mgmtcipher) 3424 { 3425 return (wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3426 & mgmtcipher) != 0; 3427 } 3428 3429 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3430 3431 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3432 { 3433 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3434 3435 if (!peer) { 3436 crypto_err("Invalid Input"); 3437 return 0; 3438 } 3439 3440 crypto_priv = wlan_get_peer_crypto_obj(peer); 3441 if (!crypto_priv) { 3442 crypto_err("crypto_priv NULL"); 3443 return 0; 3444 } 3445 3446 return crypto_priv->fils_aead_set; 3447 } 3448 3449 void 3450 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3451 { 3452 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3453 3454 if (!peer) { 3455 crypto_err("Invalid Input"); 3456 return; 3457 } 3458 3459 crypto_priv = wlan_get_peer_crypto_obj(peer); 3460 if (!crypto_priv) { 3461 crypto_err("crypto_priv NULL"); 3462 return; 3463 } 3464 3465 crypto_priv->fils_aead_set = value; 3466 } 3467 3468 /** 3469 * wlan_crypto_get_key_header - get header length 3470 * @key: key 3471 * 3472 * This function gets header length based on keytype 3473 * 3474 * Return: header length 3475 */ 3476 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3477 { 3478 struct wlan_crypto_cipher *cipher_table; 3479 3480 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3481 if (cipher_table) 3482 return cipher_table->header; 3483 else 3484 return 0; 3485 } 3486 3487 qdf_export_symbol(wlan_crypto_get_key_header); 3488 3489 /** 3490 * wlan_crypto_get_key_trailer - get cipher trailer length 3491 * @key: key 3492 * 3493 * This function gets cipher trailer length based on keytype 3494 * 3495 * Return: cipher trailer length 3496 */ 3497 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3498 { 3499 struct wlan_crypto_cipher *cipher_table; 3500 3501 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3502 if (cipher_table) 3503 return cipher_table->trailer; 3504 else 3505 return 0; 3506 } 3507 3508 qdf_export_symbol(wlan_crypto_get_key_trailer); 3509 3510 /** 3511 * wlan_crypto_get_key_miclen - get cipher miclen length 3512 * @key: key 3513 * 3514 * This function gets cipher miclen length based on keytype 3515 * 3516 * Return: cipher miclen length 3517 */ 3518 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3519 { 3520 struct wlan_crypto_cipher *cipher_table; 3521 3522 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3523 if (cipher_table) 3524 return cipher_table->miclen; 3525 else 3526 return 0; 3527 } 3528 3529 qdf_export_symbol(wlan_crypto_get_key_miclen); 3530 3531 /** 3532 * wlan_crypto_get_keyid - get keyid from frame 3533 * @data: frame 3534 * 3535 * This function parse frame and returns keyid 3536 * 3537 * Return: keyid 3538 */ 3539 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3540 { 3541 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3542 uint8_t *iv; 3543 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3544 3545 /* 3546 * In FILS SK (Re)Association request/response frame has 3547 * to be decrypted 3548 */ 3549 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3550 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3551 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3552 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3553 return 0; 3554 } 3555 3556 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3557 iv = data + hdrlen; 3558 /* 3559 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3560 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3561 */ 3562 return ((iv[3] >> 6) & 0x3); 3563 } else { 3564 return WLAN_CRYPTO_KEYIX_NONE; 3565 } 3566 } 3567 3568 qdf_export_symbol(wlan_crypto_get_keyid); 3569 3570 /** 3571 * crypto_plumb_peer_keys - called during radio reset 3572 * @vdev: vdev 3573 * @object: peer 3574 * @arg: psoc 3575 * 3576 * Restore unicast and persta hardware keys 3577 * 3578 * Return: void 3579 */ 3580 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3581 void *object, void *arg) { 3582 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3583 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3584 struct wlan_crypto_comp_priv *crypto_priv; 3585 struct wlan_crypto_params *crypto_params; 3586 struct wlan_crypto_key *key = NULL; 3587 int i; 3588 3589 if ((!peer) || (!vdev) || (!psoc)) { 3590 crypto_err("Peer or vdev or psoc objects are null!"); 3591 return; 3592 } 3593 3594 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3595 &crypto_priv); 3596 3597 if (!crypto_priv) { 3598 crypto_err("crypto_priv NULL"); 3599 return; 3600 } 3601 3602 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3603 key = crypto_priv->key[i]; 3604 if (key && key->valid) { 3605 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3606 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3607 ( 3608 vdev, 3609 key, 3610 wlan_peer_get_macaddr(peer), 3611 wlan_crypto_get_key_type(key) 3612 ); 3613 } 3614 } 3615 } 3616 } 3617 3618 /** 3619 * wlan_crypto_restore_keys - called during radio reset 3620 * @vdev: vdev 3621 * 3622 * Clear and restore keycache, needed for some DA chipsets which put 3623 * random values in keycache when phy reset is triggered 3624 * 3625 * Return: void 3626 */ 3627 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3628 { 3629 int i; 3630 struct wlan_crypto_comp_priv *crypto_priv; 3631 struct wlan_crypto_params *crypto_params; 3632 struct wlan_crypto_key *key; 3633 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3634 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3635 struct wlan_objmgr_pdev *pdev = NULL; 3636 struct wlan_objmgr_psoc *psoc = NULL; 3637 3638 pdev = wlan_vdev_get_pdev(vdev); 3639 psoc = wlan_vdev_get_psoc(vdev); 3640 if (!pdev) { 3641 crypto_err("pdev is NULL"); 3642 return; 3643 } 3644 if (!psoc) { 3645 crypto_err("psoc is NULL"); 3646 return; 3647 } 3648 3649 /* TBD: QWRAP key restore*/ 3650 /* crypto is on */ 3651 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3652 /* restore static shared keys */ 3653 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3654 crypto_params = wlan_crypto_vdev_get_comp_params 3655 ( 3656 vdev, 3657 &crypto_priv 3658 ); 3659 if (!crypto_priv) { 3660 crypto_err("crypto_priv is NULL"); 3661 return; 3662 } 3663 key = crypto_priv->key[i]; 3664 if (key && key->valid) { 3665 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3666 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3667 ( 3668 vdev, 3669 key, 3670 macaddr, 3671 wlan_crypto_get_key_type(key) 3672 ); 3673 } 3674 } 3675 } 3676 3677 wlan_objmgr_iterate_peerobj_list(vdev, 3678 crypto_plumb_peer_keys, 3679 psoc, 3680 WLAN_CRYPTO_ID); 3681 } 3682 } 3683 3684 /** 3685 * wlan_crypto_check_open_none - called by ucfg to check for open security 3686 * @psoc: psoc pointer 3687 * @vdev_id: vdev id 3688 * 3689 * This function gets called from ucfg to check open security. 3690 * 3691 * Return: true or false 3692 */ 3693 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3694 { 3695 struct wlan_crypto_comp_priv *crypto_priv; 3696 struct wlan_crypto_params *crypto_params; 3697 struct wlan_objmgr_vdev *vdev; 3698 bool match = true; 3699 3700 if (!psoc) { 3701 crypto_err("PSOC is NULL"); 3702 return false; 3703 } 3704 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3705 WLAN_CRYPTO_ID); 3706 if (!vdev) { 3707 crypto_err("vdev is NULL"); 3708 return false; 3709 } 3710 3711 crypto_priv = (struct wlan_crypto_comp_priv *) 3712 wlan_get_vdev_crypto_obj(vdev); 3713 3714 if (!crypto_priv) { 3715 crypto_err("crypto_priv NULL"); 3716 match = false; 3717 goto send_res; 3718 } 3719 3720 crypto_params = &crypto_priv->crypto_params; 3721 3722 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 3723 match = false; 3724 goto send_res; 3725 } 3726 3727 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3728 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 3729 match = false; 3730 3731 send_res: 3732 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3733 3734 return match; 3735 } 3736 3737 /** 3738 * wlan_crypto_check_wep - called by ucfg to check for WEP security 3739 * @psoc: psoc pointer 3740 * @vdev_id: vdev id 3741 * 3742 * This function gets called from ucfg to check WEP security. 3743 * 3744 * Return: true or false 3745 */ 3746 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3747 { 3748 struct wlan_crypto_comp_priv *crypto_priv; 3749 struct wlan_crypto_params *crypto_params; 3750 struct wlan_objmgr_vdev *vdev; 3751 bool match = true; 3752 3753 if (!psoc) { 3754 crypto_err("PSOC is NULL"); 3755 return false; 3756 } 3757 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3758 WLAN_CRYPTO_ID); 3759 if (!vdev) { 3760 crypto_err("vdev is NULL"); 3761 return false; 3762 } 3763 3764 crypto_priv = (struct wlan_crypto_comp_priv *) 3765 wlan_get_vdev_crypto_obj(vdev); 3766 3767 if (!crypto_priv) { 3768 crypto_err("crypto_priv NULL"); 3769 match = false; 3770 goto send_res; 3771 } 3772 3773 crypto_params = &crypto_priv->crypto_params; 3774 3775 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3776 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3777 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3778 match = false; 3779 goto send_res; 3780 } 3781 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3782 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3783 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3784 match = false; 3785 goto send_res; 3786 } 3787 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 3788 match = false; 3789 goto send_res; 3790 } 3791 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3792 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 3793 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 3794 match = false; 3795 } 3796 send_res: 3797 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3798 3799 return match; 3800 } 3801 3802 static QDF_STATUS 3803 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 3804 uint8_t *ie_ptr, uint16_t ie_len) 3805 { 3806 const uint8_t *rsn_ie = NULL; 3807 QDF_STATUS status; 3808 3809 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3810 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 3811 if (!rsn_ie) { 3812 crypto_err("RSN IE NULL"); 3813 return QDF_STATUS_E_INVAL; 3814 } 3815 3816 status = wlan_crypto_rsnie_check(crypto_params, (uint8_t *)rsn_ie); 3817 if (QDF_STATUS_SUCCESS != status) { 3818 crypto_err("RSN IE check failed"); 3819 return status; 3820 } 3821 3822 return QDF_STATUS_SUCCESS; 3823 } 3824 3825 static QDF_STATUS 3826 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 3827 uint8_t *ie_ptr, uint16_t ie_len) 3828 { 3829 const uint8_t *wpa_ie = NULL; 3830 uint32_t wpa_oui; 3831 QDF_STATUS status; 3832 3833 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3834 3835 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 3836 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 3837 WLAN_OUI_SIZE, ie_ptr, ie_len); 3838 if (!wpa_ie) { 3839 crypto_err("WPA IE NULL"); 3840 return QDF_STATUS_E_INVAL; 3841 } 3842 3843 status = wlan_crypto_wpaie_check(crypto_params, (uint8_t *)wpa_ie); 3844 if (QDF_STATUS_SUCCESS != status) { 3845 crypto_err("WPA IE check failed"); 3846 return status; 3847 } 3848 3849 return QDF_STATUS_SUCCESS; 3850 } 3851 /** 3852 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 3853 * @psoc: psoc pointer 3854 * @vdev_id: vdev id 3855 * @ie_ptr: pointer to IEs 3856 * @ie_len: IE length 3857 * 3858 * This function gets called from ucfg to check RSN match. 3859 * 3860 * Return: true or false 3861 */ 3862 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 3863 uint8_t vdev_id, uint8_t *ie_ptr, 3864 uint16_t ie_len) 3865 { 3866 struct wlan_crypto_params peer_crypto_params; 3867 struct wlan_objmgr_vdev *vdev; 3868 bool match = true; 3869 QDF_STATUS status; 3870 3871 if (!psoc) { 3872 crypto_err("PSOC is NULL"); 3873 return false; 3874 } 3875 status = wlan_get_crypto_params_from_rsn_ie(&peer_crypto_params, 3876 ie_ptr, ie_len); 3877 if (QDF_STATUS_SUCCESS != status) { 3878 crypto_err("get crypto prarams from RSN IE failed"); 3879 return false; 3880 } 3881 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3882 WLAN_CRYPTO_ID); 3883 if (!vdev) { 3884 crypto_err("vdev is NULL"); 3885 return false; 3886 } 3887 3888 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3889 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3890 3891 return match; 3892 } 3893 3894 /** 3895 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 3896 * @psoc: psoc pointer 3897 * @vdev_id: vdev id 3898 * @ie_ptr: pointer to IEs 3899 * @ie_len: IE length 3900 * 3901 * This function gets called from ucfg to check WPA match. 3902 * 3903 * Return: true or false 3904 */ 3905 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 3906 uint8_t vdev_id, uint8_t *ie_ptr, 3907 uint16_t ie_len) 3908 { 3909 struct wlan_crypto_params peer_crypto_params; 3910 struct wlan_objmgr_vdev *vdev; 3911 bool match = true; 3912 QDF_STATUS status; 3913 3914 if (!psoc) { 3915 crypto_err("PSOC is NULL"); 3916 return false; 3917 } 3918 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3919 WLAN_CRYPTO_ID); 3920 if (!vdev) { 3921 crypto_err("vdev is NULL"); 3922 return false; 3923 } 3924 3925 status = wlan_get_crypto_params_from_wpa_ie(&peer_crypto_params, 3926 ie_ptr, ie_len); 3927 if (QDF_STATUS_SUCCESS != status) { 3928 crypto_err("get crypto prarams from WPA IE failed"); 3929 match = false; 3930 goto send_res; 3931 } 3932 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3933 send_res: 3934 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3935 3936 return match; 3937 } 3938 3939 3940 static void 3941 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 3942 struct wlan_crypto_params *src_params) 3943 { 3944 dst_params->authmodeset |= src_params->authmodeset; 3945 dst_params->ucastcipherset |= src_params->ucastcipherset; 3946 dst_params->mcastcipherset |= src_params->mcastcipherset; 3947 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 3948 dst_params->cipher_caps |= src_params->cipher_caps; 3949 dst_params->key_mgmt |= src_params->key_mgmt; 3950 dst_params->rsn_caps |= src_params->rsn_caps; 3951 } 3952 3953 static void 3954 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 3955 { 3956 params->authmodeset = 0; 3957 params->ucastcipherset = 0; 3958 params->mcastcipherset = 0; 3959 params->mgmtcipherset = 0; 3960 params->cipher_caps = 0; 3961 params->key_mgmt = 0; 3962 params->rsn_caps = 0; 3963 } 3964 3965 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 3966 uint8_t *ie_ptr, 3967 uint16_t ie_len) 3968 { 3969 struct wlan_crypto_params crypto_params; 3970 QDF_STATUS status; 3971 struct wlan_crypto_params *vdev_crypto_params; 3972 struct wlan_crypto_comp_priv *crypto_priv; 3973 bool send_fail = false; 3974 3975 if (!vdev) { 3976 crypto_err("VDEV is NULL"); 3977 return QDF_STATUS_E_FAILURE; 3978 } 3979 3980 if (!ie_ptr) { 3981 crypto_err("IE ptr is NULL"); 3982 return QDF_STATUS_E_FAILURE; 3983 } 3984 3985 crypto_priv = (struct wlan_crypto_comp_priv *) 3986 wlan_get_vdev_crypto_obj(vdev); 3987 3988 if (!crypto_priv) { 3989 crypto_err("crypto_priv NULL"); 3990 return QDF_STATUS_E_FAILURE; 3991 } 3992 3993 vdev_crypto_params = &crypto_priv->crypto_params; 3994 3995 wlan_crypto_reset_prarams(vdev_crypto_params); 3996 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 3997 ie_ptr, ie_len); 3998 if (QDF_STATUS_SUCCESS == status) { 3999 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4000 } else { 4001 crypto_err("get crypto prarams from RSN IE failed"); 4002 send_fail = true; 4003 } 4004 4005 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4006 ie_ptr, ie_len); 4007 if (QDF_STATUS_SUCCESS == status) { 4008 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4009 send_fail = false; 4010 } else { 4011 crypto_debug("get crypto prarams from WPA IE failed"); 4012 } 4013 4014 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4015 } 4016 4017 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4018 { 4019 struct wlan_crypto_comp_priv *crypto_priv; 4020 4021 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4022 if (!crypto_priv) { 4023 crypto_err("crypto_priv NULL"); 4024 return QDF_STATUS_E_FAILURE; 4025 } 4026 4027 if (igtk) 4028 return crypto_priv->def_igtk_tx_keyid; 4029 else 4030 return crypto_priv->def_tx_keyid; 4031 } 4032 4033 enum wlan_crypto_cipher_type 4034 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4035 bool pairwise, uint8_t key_index) 4036 { 4037 struct wlan_crypto_key *crypto_key; 4038 4039 crypto_key = wlan_crypto_get_key(vdev, key_index); 4040 4041 if (crypto_key) 4042 return crypto_key->cipher_type; 4043 else 4044 return WLAN_CRYPTO_CIPHER_INVALID; 4045 } 4046 4047 #ifdef CRYPTO_SET_KEY_CONVERGED 4048 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4049 uint8_t key_index, uint8_t key_len, 4050 uint8_t seq_len) 4051 { 4052 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4053 crypto_err("Invalid Key index %d", key_index); 4054 return QDF_STATUS_E_INVAL; 4055 } 4056 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4057 crypto_err("Invalid Cipher %d", cipher); 4058 return QDF_STATUS_E_INVAL; 4059 } 4060 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4061 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4062 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4063 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4064 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4065 crypto_err("Invalid key index %d for cipher %d", 4066 key_index, cipher); 4067 return QDF_STATUS_E_INVAL; 4068 } 4069 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4070 crypto_err("Invalid key length %d", key_len); 4071 return QDF_STATUS_E_INVAL; 4072 } 4073 4074 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4075 crypto_err("Invalid seq length %d", seq_len); 4076 return QDF_STATUS_E_INVAL; 4077 } 4078 4079 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4080 key_index, key_len, seq_len); 4081 4082 return QDF_STATUS_SUCCESS; 4083 } 4084 4085 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4086 uint8_t key_index, 4087 struct wlan_crypto_key *crypto_key) 4088 { 4089 struct wlan_crypto_comp_priv *crypto_priv; 4090 4091 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4092 if (!crypto_priv) { 4093 crypto_err("crypto_priv NULL"); 4094 return QDF_STATUS_E_FAILURE; 4095 } 4096 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4097 crypto_err("Invalid Key index %d", key_index); 4098 return QDF_STATUS_E_FAILURE; 4099 } 4100 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4101 crypto_priv->key[key_index] = crypto_key; 4102 else 4103 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4104 crypto_key; 4105 4106 return QDF_STATUS_SUCCESS; 4107 } 4108 4109 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4110 uint8_t key_index) 4111 { 4112 struct wlan_crypto_comp_priv *crypto_priv; 4113 4114 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4115 if (!crypto_priv) { 4116 crypto_err("crypto_priv NULL"); 4117 return NULL; 4118 } 4119 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4120 crypto_err("Invalid Key index %d", key_index); 4121 return NULL; 4122 } 4123 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4124 return crypto_priv->key[key_index]; 4125 4126 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4127 } 4128 4129 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4130 struct wlan_crypto_key *req, 4131 enum wlan_crypto_key_type key_type) 4132 { 4133 struct wlan_objmgr_psoc *psoc; 4134 4135 psoc = wlan_vdev_get_psoc(vdev); 4136 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)) 4137 WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)(vdev, req, key_type); 4138 else 4139 return QDF_STATUS_E_FAILURE; 4140 4141 return QDF_STATUS_SUCCESS; 4142 } 4143 4144 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4145 bool pairwise, uint8_t key_index, 4146 struct qdf_mac_addr *peer_mac) 4147 { 4148 struct wlan_crypto_key *crypto_key; 4149 4150 crypto_key = wlan_crypto_get_key(vdev, key_index); 4151 if (!crypto_key) { 4152 crypto_err("crypto_key not present for key_idx %d", key_index); 4153 return; 4154 } 4155 4156 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4157 } 4158 #endif 4159