1 /* 2 * Copyright (c) 2017-2019 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 /** 59 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 60 * @vdev:vdev 61 * 62 * This function gets called by mlme to get crypto params 63 * 64 * Return: wlan_crypto_params or NULL in case of failure 65 */ 66 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 67 struct wlan_objmgr_vdev *vdev, 68 struct wlan_crypto_comp_priv **crypto_priv){ 69 *crypto_priv = (struct wlan_crypto_comp_priv *) 70 wlan_get_vdev_crypto_obj(vdev); 71 if (*crypto_priv == NULL) { 72 crypto_err("crypto_priv NULL"); 73 return NULL; 74 } 75 76 return &((*crypto_priv)->crypto_params); 77 } 78 79 /** 80 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 81 * @peer:peer 82 * 83 * This function gets called by mlme to get crypto params 84 * 85 * Return: wlan_crypto_params or NULL in case of failure 86 */ 87 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 88 struct wlan_objmgr_peer *peer, 89 struct wlan_crypto_comp_priv **crypto_priv){ 90 91 *crypto_priv = (struct wlan_crypto_comp_priv *) 92 wlan_get_peer_crypto_obj(peer); 93 if (*crypto_priv == NULL) { 94 crypto_err("crypto_priv NULL"); 95 return NULL; 96 } 97 98 return &((*crypto_priv)->crypto_params); 99 } 100 101 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 102 { 103 return QDF_STATUS_SUCCESS; 104 } 105 106 /** 107 * wlan_crypto_set_param - called by ucfg to set crypto param 108 * @crypto_params: crypto_params 109 * @param: param to be set. 110 * @value: value 111 * 112 * This function gets called from ucfg to set param 113 * 114 * Return: QDF_STATUS_SUCCESS - in case of success 115 */ 116 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 117 wlan_crypto_param_type param, 118 uint32_t value){ 119 QDF_STATUS status = QDF_STATUS_E_INVAL; 120 121 crypto_debug("param %d, value %d", param, value); 122 switch (param) { 123 case WLAN_CRYPTO_PARAM_AUTH_MODE: 124 status = wlan_crypto_set_authmode(crypto_params, value); 125 break; 126 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 127 status = wlan_crypto_set_ucastciphers(crypto_params, value); 128 break; 129 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 130 status = wlan_crypto_set_mcastcipher(crypto_params, value); 131 break; 132 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 133 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 134 break; 135 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 136 status = wlan_crypto_set_cipher_cap(crypto_params, value); 137 break; 138 case WLAN_CRYPTO_PARAM_RSN_CAP: 139 status = wlan_crypto_set_rsn_cap(crypto_params, value); 140 break; 141 case WLAN_CRYPTO_PARAM_KEY_MGMT: 142 status = wlan_crypto_set_key_mgmt(crypto_params, value); 143 break; 144 default: 145 status = QDF_STATUS_E_INVAL; 146 } 147 return status; 148 } 149 150 /** 151 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 152 * @vdev: vdev 153 * @param: param to be set. 154 * @value: value 155 * 156 * This function gets called from ucfg to set param 157 * 158 * Return: QDF_STATUS_SUCCESS - in case of success 159 */ 160 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 161 wlan_crypto_param_type param, 162 uint32_t value){ 163 QDF_STATUS status = QDF_STATUS_E_INVAL; 164 struct wlan_crypto_comp_priv *crypto_priv; 165 struct wlan_crypto_params *crypto_params; 166 167 crypto_priv = (struct wlan_crypto_comp_priv *) 168 wlan_get_vdev_crypto_obj(vdev); 169 170 if (crypto_priv == NULL) { 171 crypto_err("crypto_priv NULL"); 172 return QDF_STATUS_E_INVAL; 173 } 174 175 crypto_params = &(crypto_priv->crypto_params); 176 177 status = wlan_crypto_set_param(crypto_params, param, value); 178 179 return status; 180 } 181 182 /** 183 * wlan_crypto_set_param - called by ucfg to set crypto param 184 * 185 * @peer: peer 186 * @param: param to be set. 187 * @value: value 188 * 189 * This function gets called from ucfg to set param 190 * 191 * Return: QDF_STATUS_SUCCESS - in case of success 192 */ 193 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 194 wlan_crypto_param_type param, 195 uint32_t value){ 196 QDF_STATUS status = QDF_STATUS_E_INVAL; 197 struct wlan_crypto_comp_priv *crypto_priv; 198 struct wlan_crypto_params *crypto_params; 199 200 crypto_params = wlan_crypto_peer_get_comp_params(peer, 201 &crypto_priv); 202 203 if (crypto_priv == NULL) { 204 crypto_err("crypto_priv NULL"); 205 return QDF_STATUS_E_INVAL; 206 } 207 208 crypto_params = &(crypto_priv->crypto_params); 209 210 status = wlan_crypto_set_param(crypto_params, param, value); 211 212 return status; 213 } 214 215 /** 216 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 217 * @param: Crypto param type 218 * @crypto_params: Crypto params struct 219 * 220 * This function gets called from in-within crypto layer 221 * 222 * Return: value or -1 for failure 223 */ 224 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 225 struct wlan_crypto_params *crypto_params) 226 { 227 int32_t value = -1; 228 229 switch (param) { 230 case WLAN_CRYPTO_PARAM_AUTH_MODE: 231 value = wlan_crypto_get_authmode(crypto_params); 232 break; 233 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 234 value = wlan_crypto_get_ucastciphers(crypto_params); 235 break; 236 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 237 value = wlan_crypto_get_mcastcipher(crypto_params); 238 break; 239 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 240 value = wlan_crypto_get_mgmtciphers(crypto_params); 241 break; 242 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 243 value = wlan_crypto_get_cipher_cap(crypto_params); 244 break; 245 case WLAN_CRYPTO_PARAM_RSN_CAP: 246 value = wlan_crypto_get_rsn_cap(crypto_params); 247 break; 248 case WLAN_CRYPTO_PARAM_KEY_MGMT: 249 value = wlan_crypto_get_key_mgmt(crypto_params); 250 break; 251 default: 252 value = QDF_STATUS_E_INVAL; 253 } 254 255 return value; 256 } 257 258 /** 259 * wlan_crypto_get_param - called to get value for param from vdev 260 * @vdev: vdev 261 * @param: Crypto param type 262 * 263 * This function gets called to get value for param from vdev 264 * 265 * Return: value or -1 for failure 266 */ 267 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 268 wlan_crypto_param_type param) 269 { 270 int32_t value = -1; 271 struct wlan_crypto_comp_priv *crypto_priv; 272 struct wlan_crypto_params *crypto_params; 273 crypto_priv = (struct wlan_crypto_comp_priv *) 274 wlan_get_vdev_crypto_obj(vdev); 275 276 if (crypto_priv == NULL) { 277 crypto_err("crypto_priv NULL"); 278 return QDF_STATUS_E_INVAL; 279 } 280 281 crypto_params = &(crypto_priv->crypto_params); 282 value = wlan_crypto_get_param_value(param, crypto_params); 283 284 return value; 285 } 286 /** 287 * wlan_crypto_get_peer_param - called to get value for param from peer 288 * @peer: peer 289 * @param: Crypto param type 290 * 291 * This function gets called to get value for param from peer 292 * 293 * Return: value or -1 for failure 294 */ 295 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 296 wlan_crypto_param_type param) 297 { 298 int32_t value = -1; 299 struct wlan_crypto_comp_priv *crypto_priv; 300 struct wlan_crypto_params *crypto_params; 301 302 crypto_params = wlan_crypto_peer_get_comp_params(peer, 303 &crypto_priv); 304 305 if (crypto_params == NULL) { 306 crypto_err("crypto_params NULL"); 307 return QDF_STATUS_E_INVAL; 308 } 309 value = wlan_crypto_get_param_value(param, crypto_params); 310 311 return value; 312 } 313 qdf_export_symbol(wlan_crypto_get_peer_param); 314 315 static 316 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 317 struct wlan_crypto_pmksa *pmksa) 318 { 319 uint8_t i, first_available_slot = 0; 320 uint8_t slot_found = 0; 321 322 /* find the empty slot or slot with same bssid */ 323 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 324 if (!crypto_params->pmksa[i]) { 325 if (!slot_found) { 326 slot_found = 1; 327 first_available_slot = i; 328 } 329 continue; 330 } 331 if (qdf_is_macaddr_equal(&pmksa->bssid, 332 &crypto_params->pmksa[i]->bssid)) { 333 /* free the current pmksa and use this slot */ 334 qdf_mem_free(crypto_params->pmksa[i]); 335 crypto_params->pmksa[i] = pmksa; 336 return QDF_STATUS_SUCCESS; 337 } 338 } 339 340 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 341 crypto_err("no entry available for pmksa"); 342 qdf_mem_free(pmksa); 343 return QDF_STATUS_E_INVAL; 344 } 345 crypto_params->pmksa[first_available_slot] = pmksa; 346 347 return QDF_STATUS_SUCCESS; 348 } 349 350 static 351 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 352 struct wlan_crypto_pmksa *pmksa) 353 { 354 uint8_t i; 355 356 /* find slot with same bssid */ 357 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 358 if (!crypto_params->pmksa[i]) 359 continue; 360 if (qdf_is_macaddr_equal(&pmksa->bssid, 361 &crypto_params->pmksa[i]->bssid)) { 362 qdf_mem_free(crypto_params->pmksa[i]); 363 crypto_params->pmksa[i] = NULL; 364 return QDF_STATUS_SUCCESS; 365 } 366 } 367 368 return QDF_STATUS_E_INVAL; 369 } 370 371 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 372 { 373 uint8_t i; 374 375 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 376 if (!crypto_params->pmksa[i]) 377 continue; 378 qdf_mem_free(crypto_params->pmksa[i]); 379 crypto_params->pmksa[i] = NULL; 380 } 381 382 return QDF_STATUS_SUCCESS; 383 } 384 385 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 386 struct wlan_crypto_pmksa *pmksa, 387 bool set) 388 { 389 QDF_STATUS status = QDF_STATUS_E_INVAL; 390 struct wlan_crypto_comp_priv *crypto_priv; 391 struct wlan_crypto_params *crypto_params; 392 393 if (wlan_vdev_mlme_get_opmode(vdev) != QDF_STA_MODE) 394 return QDF_STATUS_E_NOSUPPORT; 395 396 if (!pmksa && set) { 397 crypto_err("pmksa is NULL for set operation"); 398 return QDF_STATUS_E_INVAL; 399 } 400 crypto_priv = (struct wlan_crypto_comp_priv *) 401 wlan_get_vdev_crypto_obj(vdev); 402 403 if (!crypto_priv) { 404 crypto_err("crypto_priv NULL"); 405 return QDF_STATUS_E_INVAL; 406 } 407 408 crypto_params = &crypto_priv->crypto_params; 409 if (set) { 410 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 411 /* Set pmksa */ 412 } else { 413 /* del pmksa */ 414 if (!pmksa) 415 status = wlan_crypto_pmksa_flush(crypto_params); 416 else 417 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 418 } 419 420 return status; 421 } 422 423 /** 424 * wlan_crypto_get_pmksa - called to get pmksa of bssid passed. 425 * @vdev: vdev 426 * @bssid: bssid 427 * 428 * This function gets called from to get pmksa for the bssid. 429 * 430 * Return: wlan_crypto_pmksa when match found else NULL. 431 */ 432 static struct wlan_crypto_pmksa * 433 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 434 { 435 struct wlan_crypto_comp_priv *crypto_priv; 436 struct wlan_crypto_params *crypto_params; 437 uint8_t i; 438 439 if (!bssid) { 440 crypto_err("bssid is NULL"); 441 return NULL; 442 } 443 crypto_priv = (struct wlan_crypto_comp_priv *) 444 wlan_get_vdev_crypto_obj(vdev); 445 446 if (!crypto_priv) { 447 crypto_err("crypto_priv NULL"); 448 return NULL; 449 } 450 451 crypto_params = &crypto_priv->crypto_params; 452 453 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 454 if (!crypto_params->pmksa[i]) 455 continue; 456 if (qdf_is_macaddr_equal(bssid, 457 &crypto_params->pmksa[i]->bssid)) { 458 return crypto_params->pmksa[i]; 459 } 460 } 461 462 return NULL; 463 } 464 /** 465 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 466 * @vdev: vdev 467 * @peer: peer 468 * 469 * This function gets called to check is HT allowed for cipher. 470 * HT is not allowed for wep and tkip. 471 * 472 * Return: 0 - not allowed or 1 - allowed 473 */ 474 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 475 struct wlan_objmgr_peer *peer) 476 { 477 int32_t ucast_cipher; 478 479 if (!(vdev || peer)) { 480 crypto_err("Invalid params"); 481 return 0; 482 } 483 484 if (vdev) 485 ucast_cipher = wlan_crypto_get_param(vdev, 486 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 487 else 488 ucast_cipher = wlan_crypto_get_peer_param(peer, 489 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 490 491 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 492 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 493 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 494 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 495 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 496 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 497 } 498 qdf_export_symbol(wlan_crypto_is_htallowed); 499 500 /** 501 * wlan_crypto_setkey - called by ucfg to setkey 502 * @vdev: vdev 503 * @req_key: req_key with cipher type, key macaddress 504 * 505 * This function gets called from ucfg to sey key 506 * 507 * Return: QDF_STATUS_SUCCESS - in case of success 508 */ 509 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 510 struct wlan_crypto_req_key *req_key){ 511 512 QDF_STATUS status = QDF_STATUS_E_INVAL; 513 struct wlan_crypto_comp_priv *crypto_priv; 514 struct wlan_crypto_params *crypto_params; 515 struct wlan_objmgr_psoc *psoc; 516 struct wlan_objmgr_peer *peer; 517 struct wlan_crypto_key *key = NULL; 518 const struct wlan_crypto_cipher *cipher; 519 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 520 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 521 bool isbcast; 522 enum QDF_OPMODE vdev_mode; 523 uint8_t igtk_idx = 0; 524 525 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 526 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 527 return QDF_STATUS_E_INVAL; 528 } 529 530 isbcast = qdf_is_macaddr_group( 531 (struct qdf_mac_addr *)req_key->macaddr); 532 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 533 /* zero length keys, only set default key id if flags are set*/ 534 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 535 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 536 && (!IS_MGMT_CIPHER(req_key->type))) { 537 wlan_crypto_default_key(vdev, 538 req_key->macaddr, 539 req_key->keyix, 540 !isbcast); 541 return QDF_STATUS_SUCCESS; 542 } 543 crypto_err("req_key len zero"); 544 return QDF_STATUS_E_INVAL; 545 } 546 547 cipher = wlan_crypto_cipher_ops[req_key->type]; 548 549 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 550 crypto_err("cipher invalid"); 551 return QDF_STATUS_E_INVAL; 552 } 553 554 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 555 (!IS_MGMT_CIPHER(req_key->type)) && 556 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 557 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 558 crypto_err("cipher invalid"); 559 return QDF_STATUS_E_INVAL; 560 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 561 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 562 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 563 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 564 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 565 return QDF_STATUS_E_INVAL; 566 } 567 568 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 569 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 570 | WLAN_CRYPTO_KEY_RECV)) { 571 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 572 | WLAN_CRYPTO_KEY_RECV); 573 } 574 } else { 575 if ((req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX) 576 && (!IS_MGMT_CIPHER(req_key->type))) { 577 return QDF_STATUS_E_INVAL; 578 } 579 580 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 581 | WLAN_CRYPTO_KEY_RECV); 582 if (isbcast) 583 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 584 } 585 586 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 587 588 wlan_vdev_obj_lock(vdev); 589 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 590 QDF_MAC_ADDR_SIZE); 591 psoc = wlan_vdev_get_psoc(vdev); 592 if (!psoc) { 593 wlan_vdev_obj_unlock(vdev); 594 crypto_err("psoc NULL"); 595 return QDF_STATUS_E_INVAL; 596 } 597 wlan_vdev_obj_unlock(vdev); 598 599 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 600 if (wlan_crypto_vdev_has_auth_mode(vdev, 601 (1 << WLAN_CRYPTO_AUTH_8021X))) { 602 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 603 } 604 } 605 606 if (isbcast) { 607 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 608 &crypto_priv); 609 if (crypto_priv == NULL) { 610 crypto_err("crypto_priv NULL"); 611 return QDF_STATUS_E_INVAL; 612 } 613 614 if (IS_MGMT_CIPHER(req_key->type)) { 615 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 616 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 617 crypto_err("igtk key invalid keyid %d", 618 igtk_idx); 619 return QDF_STATUS_E_INVAL; 620 } 621 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 622 if (key == NULL) { 623 crypto_err("igtk key alloc failed"); 624 return QDF_STATUS_E_NOMEM; 625 } 626 627 if (crypto_priv->igtk_key[igtk_idx]) 628 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 629 630 crypto_priv->igtk_key[igtk_idx] = key; 631 crypto_priv->igtk_key_type = req_key->type; 632 crypto_priv->def_igtk_tx_keyid = igtk_idx; 633 } else { 634 if (IS_FILS_CIPHER(req_key->type)) { 635 crypto_err("FILS key is not for BroadCast pkt"); 636 return QDF_STATUS_E_INVAL; 637 } 638 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 639 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 640 return QDF_STATUS_E_INVAL; 641 } 642 if (!crypto_priv->key[req_key->keyix]) { 643 crypto_priv->key[req_key->keyix] 644 = qdf_mem_malloc( 645 sizeof(struct wlan_crypto_key)); 646 if (!crypto_priv->key[req_key->keyix]) 647 return QDF_STATUS_E_NOMEM; 648 } 649 key = crypto_priv->key[req_key->keyix]; 650 } 651 if (vdev_mode == QDF_STA_MODE) { 652 peer = wlan_vdev_get_bsspeer(vdev); 653 if (!(peer && (QDF_STATUS_SUCCESS 654 == wlan_objmgr_peer_try_get_ref(peer, 655 WLAN_CRYPTO_ID)))) { 656 crypto_err("peer %pK failed", peer); 657 if (IS_MGMT_CIPHER(req_key->type)) { 658 crypto_priv->igtk_key[igtk_idx] = NULL; 659 crypto_priv->igtk_key_type 660 = WLAN_CRYPTO_CIPHER_NONE; 661 } else 662 crypto_priv->key[req_key->keyix] = NULL; 663 if (key) 664 qdf_mem_free(key); 665 return QDF_STATUS_E_INVAL; 666 } 667 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 668 QDF_MAC_ADDR_SIZE); 669 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 670 } 671 } else { 672 uint8_t pdev_id; 673 674 pdev_id = wlan_objmgr_pdev_get_pdev_id( 675 wlan_vdev_get_pdev(vdev)); 676 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 677 psoc, 678 pdev_id, 679 macaddr, 680 req_key->macaddr, 681 WLAN_CRYPTO_ID); 682 683 if (peer == NULL) { 684 crypto_err("peer NULL"); 685 return QDF_STATUS_E_INVAL; 686 } 687 688 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 689 crypto_params = wlan_crypto_peer_get_comp_params(peer, 690 &crypto_priv); 691 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 692 693 if (crypto_priv == NULL) { 694 crypto_err("crypto_priv NULL"); 695 return QDF_STATUS_E_INVAL; 696 } 697 if (IS_MGMT_CIPHER(req_key->type)) { 698 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 699 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 700 crypto_err("igtk key invalid keyid %d", 701 igtk_idx); 702 return QDF_STATUS_E_INVAL; 703 } 704 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 705 if (key == NULL) { 706 crypto_err("igtk key alloc failed"); 707 return QDF_STATUS_E_NOMEM; 708 } 709 if (crypto_priv->igtk_key[igtk_idx]) 710 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 711 712 crypto_priv->igtk_key[igtk_idx] = key; 713 crypto_priv->igtk_key_type = req_key->type; 714 crypto_priv->def_igtk_tx_keyid = igtk_idx; 715 } else { 716 uint16_t kid = req_key->keyix; 717 if (kid == WLAN_CRYPTO_KEYIX_NONE) 718 kid = 0; 719 if (kid >= WLAN_CRYPTO_MAXKEYIDX) { 720 crypto_err("invalid keyid %d", kid); 721 return QDF_STATUS_E_INVAL; 722 } 723 if (!crypto_priv->key[kid]) { 724 crypto_priv->key[kid] 725 = qdf_mem_malloc( 726 sizeof(struct wlan_crypto_key)); 727 if (!crypto_priv->key[kid]) 728 return QDF_STATUS_E_NOMEM; 729 } 730 key = crypto_priv->key[kid]; 731 } 732 } 733 734 /* alloc key might not required as it is already there */ 735 key->cipher_table = (void *)cipher; 736 key->keylen = req_key->keylen; 737 key->flags = req_key->flags; 738 739 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 740 key->keyix = 0; 741 else 742 key->keyix = req_key->keyix; 743 744 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 745 && (!IS_MGMT_CIPHER(req_key->type))) { 746 crypto_priv->def_tx_keyid = key->keyix; 747 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 748 } 749 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 750 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 751 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 752 0x5c, 0x36, 0x5c, 0x36, 753 0x5c, 0x36, 0x5c, 0x36, 754 0x5c, 0x36, 0x5c, 0x37}; 755 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 756 0x5c, 0x36, 0x5c, 0x36, 757 0x5c, 0x36, 0x5c, 0x36, 758 0x5c, 0x36, 0x5c, 0x36}; 759 760 /* During Tx PN should be increment and 761 * send but as per our implementation we increment only after 762 * Tx complete. So First packet PN check will be failed. 763 * To compensate increment the PN here by 2 764 */ 765 if (vdev_mode == QDF_SAP_MODE) { 766 iv_AP[15] += 2; 767 qdf_mem_copy(key->recviv, iv_STA, 768 WLAN_CRYPTO_WAPI_IV_SIZE); 769 qdf_mem_copy(key->txiv, iv_AP, 770 WLAN_CRYPTO_WAPI_IV_SIZE); 771 } else { 772 iv_STA[15] += 2; 773 qdf_mem_copy(key->recviv, iv_AP, 774 WLAN_CRYPTO_WAPI_IV_SIZE); 775 qdf_mem_copy(key->txiv, iv_STA, 776 WLAN_CRYPTO_WAPI_IV_SIZE); 777 } 778 } else { 779 uint8_t i = 0; 780 qdf_mem_copy((uint8_t *)(&key->keytsc), 781 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 782 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 783 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 784 (uint8_t *)(&req_key->keyrsc), 785 sizeof(key->keyrsc[0])); 786 } 787 } 788 789 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 790 key->valid = 1; 791 if ((IS_MGMT_CIPHER(req_key->type))) { 792 if (HAS_CIPHER_CAP(crypto_params, 793 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 794 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 795 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 796 key, macaddr, req_key->type); 797 } 798 } 799 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 800 status = wlan_crypto_set_igtk_key(key); 801 return status; 802 } else if (IS_FILS_CIPHER(req_key->type)) { 803 /* Take request key object to FILS setkey */ 804 key->private = req_key; 805 } else { 806 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 807 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 808 macaddr, req_key->type); 809 } 810 } 811 status = cipher->setkey(key); 812 813 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 814 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 815 (!IS_MGMT_CIPHER(req_key->type))) { 816 /* default xmit key */ 817 wlan_crypto_default_key(vdev, 818 req_key->macaddr, 819 req_key->keyix, 820 !isbcast); 821 } 822 823 return status; 824 } 825 826 /** 827 * wlan_crypto_get_keytype - get keytype 828 * @key: key 829 * 830 * This function gets keytype from key 831 * 832 * Return: keytype 833 */ 834 wlan_crypto_cipher_type wlan_crypto_get_key_type( 835 struct wlan_crypto_key *key){ 836 if (key && key->cipher_table) { 837 return ((struct wlan_crypto_cipher *) 838 (key->cipher_table))->cipher; 839 } 840 return WLAN_CRYPTO_CIPHER_NONE; 841 } 842 qdf_export_symbol(wlan_crypto_get_key_type); 843 /** 844 * wlan_crypto_vdev_getkey - get key from vdev 845 * @vdev: vdev 846 * @keyix: keyix 847 * 848 * This function gets key from vdev 849 * 850 * Return: key or NULL 851 */ 852 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 853 uint16_t keyix){ 854 struct wlan_crypto_comp_priv *crypto_priv; 855 struct wlan_crypto_params *crypto_params; 856 struct wlan_crypto_key *key = NULL; 857 858 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 859 860 if (crypto_priv == NULL) { 861 crypto_err("crypto_priv NULL"); 862 return NULL; 863 } 864 865 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 866 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 867 else 868 key = crypto_priv->key[keyix]; 869 870 if (key && key->valid) 871 return key; 872 873 return NULL; 874 } 875 qdf_export_symbol(wlan_crypto_vdev_getkey); 876 877 /** 878 * wlan_crypto_peer_getkey - get key from peer 879 * @peer: peer 880 * @keyix: keyix 881 * 882 * This function gets key from peer 883 * 884 * Return: key or NULL 885 */ 886 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 887 uint16_t keyix){ 888 struct wlan_crypto_comp_priv *crypto_priv; 889 struct wlan_crypto_params *crypto_params; 890 struct wlan_crypto_key *key = NULL; 891 892 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 893 894 if (crypto_priv == NULL) { 895 crypto_err("crypto_priv NULL"); 896 return NULL; 897 } 898 899 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 900 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 901 else 902 key = crypto_priv->key[keyix]; 903 904 if (key && key->valid) 905 return key; 906 907 return NULL; 908 } 909 qdf_export_symbol(wlan_crypto_peer_getkey); 910 911 /** 912 * wlan_crypto_getkey - called by ucfg to get key 913 * @vdev: vdev 914 * @req_key: key value will be copied in this req_key 915 * @mac_address: mac address of the peer for unicast key 916 * or broadcast address if group key is requested. 917 * 918 * This function gets called from ucfg to get key 919 * 920 * Return: QDF_STATUS_SUCCESS - in case of success 921 */ 922 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 923 struct wlan_crypto_req_key *req_key, 924 uint8_t *mac_addr){ 925 struct wlan_crypto_cipher *cipher_table; 926 struct wlan_crypto_key *key; 927 struct wlan_objmgr_psoc *psoc; 928 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 929 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 930 931 if ((req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 932 (req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX)) { 933 crypto_err("invalid keyix %d", req_key->keyix); 934 return QDF_STATUS_E_INVAL; 935 } 936 937 wlan_vdev_obj_lock(vdev); 938 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 939 QDF_MAC_ADDR_SIZE); 940 psoc = wlan_vdev_get_psoc(vdev); 941 if (!psoc) { 942 wlan_vdev_obj_unlock(vdev); 943 crypto_err("psoc NULL"); 944 return QDF_STATUS_E_INVAL; 945 } 946 wlan_vdev_obj_unlock(vdev); 947 948 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 949 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 950 if (!key) 951 return QDF_STATUS_E_INVAL; 952 } else { 953 struct wlan_objmgr_peer *peer; 954 uint8_t pdev_id; 955 956 pdev_id = wlan_objmgr_pdev_get_pdev_id( 957 wlan_vdev_get_pdev(vdev)); 958 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 959 psoc, 960 pdev_id, 961 macaddr, 962 mac_addr, 963 WLAN_CRYPTO_ID); 964 if (peer == NULL) { 965 crypto_err("peer NULL"); 966 return QDF_STATUS_E_NOENT; 967 } 968 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 969 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 970 if (!key) 971 return QDF_STATUS_E_INVAL; 972 } 973 974 if (key->valid) { 975 qdf_mem_copy(req_key->keydata, 976 key->keyval, key->keylen); 977 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 978 (uint8_t *)(&key->keytsc), 979 sizeof(req_key->keytsc)); 980 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 981 (uint8_t *)(&key->keyrsc[0]), 982 sizeof(req_key->keyrsc)); 983 req_key->keylen = key->keylen; 984 req_key->flags = key->flags; 985 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 986 987 if (!cipher_table) 988 return QDF_STATUS_SUCCESS; 989 990 req_key->type = cipher_table->cipher; 991 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 992 qdf_mem_copy((uint8_t *)(&req_key->txiv), 993 (uint8_t *)(key->txiv), 994 sizeof(req_key->txiv)); 995 qdf_mem_copy((uint8_t *)(&req_key->recviv), 996 (uint8_t *)(key->recviv), 997 sizeof(req_key->recviv)); 998 } 999 } 1000 1001 return QDF_STATUS_SUCCESS; 1002 } 1003 1004 /** 1005 * wlan_crypto_delkey - called by ucfg to delete key 1006 * @vdev: vdev 1007 * @mac_address: mac address of the peer for unicast key 1008 * or broadcast address if group key is deleted. 1009 * @key_idx: key index to be deleted 1010 * 1011 * This function gets called from ucfg to delete key 1012 * 1013 * Return: QDF_STATUS_SUCCESS - in case of success 1014 */ 1015 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1016 uint8_t *macaddr, 1017 uint8_t key_idx){ 1018 struct wlan_crypto_comp_priv *crypto_priv; 1019 struct wlan_crypto_params *crypto_params; 1020 struct wlan_crypto_key *key; 1021 struct wlan_crypto_cipher *cipher_table; 1022 struct wlan_objmgr_psoc *psoc; 1023 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1024 1025 if (!vdev || !macaddr || 1026 (key_idx >= 1027 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 1028 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1029 vdev, macaddr, key_idx); 1030 return QDF_STATUS_E_INVAL; 1031 } 1032 1033 wlan_vdev_obj_lock(vdev); 1034 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1035 QDF_MAC_ADDR_SIZE); 1036 psoc = wlan_vdev_get_psoc(vdev); 1037 if (!psoc) { 1038 wlan_vdev_obj_unlock(vdev); 1039 crypto_err("psoc NULL"); 1040 return QDF_STATUS_E_INVAL; 1041 } 1042 wlan_vdev_obj_unlock(vdev); 1043 1044 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1045 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1046 &crypto_priv); 1047 if (crypto_priv == NULL) { 1048 crypto_err("crypto_priv NULL"); 1049 return QDF_STATUS_E_INVAL; 1050 } 1051 } else { 1052 struct wlan_objmgr_peer *peer; 1053 uint8_t pdev_id; 1054 1055 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1056 wlan_vdev_get_pdev(vdev)); 1057 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1058 psoc, pdev_id, 1059 bssid_mac, 1060 macaddr, 1061 WLAN_CRYPTO_ID); 1062 if (peer == NULL) { 1063 return QDF_STATUS_E_INVAL; 1064 } 1065 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1066 &crypto_priv); 1067 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1068 if (crypto_priv == NULL) { 1069 crypto_err("crypto_priv NULL"); 1070 return QDF_STATUS_E_INVAL; 1071 } 1072 } 1073 1074 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1075 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1076 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1077 crypto_err("Igtk key invalid keyid %d", igtk_idx); 1078 return QDF_STATUS_E_INVAL; 1079 } 1080 key = crypto_priv->igtk_key[igtk_idx]; 1081 crypto_priv->igtk_key[igtk_idx] = NULL; 1082 if (key) 1083 key->valid = 0; 1084 } else { 1085 key = crypto_priv->key[key_idx]; 1086 crypto_priv->key[key_idx] = NULL; 1087 } 1088 1089 if (!key) 1090 return QDF_STATUS_E_INVAL; 1091 1092 if (key->valid) { 1093 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1094 1095 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 1096 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 1097 macaddr, cipher_table->cipher); 1098 } 1099 } 1100 qdf_mem_free(key); 1101 1102 return QDF_STATUS_SUCCESS; 1103 } 1104 1105 #ifdef CRYPTO_SET_KEY_CONVERGED 1106 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1107 uint8_t key_idx, uint8_t *macaddr) 1108 { 1109 return QDF_STATUS_SUCCESS; 1110 } 1111 #else 1112 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1113 uint8_t key_idx, uint8_t *macaddr) 1114 { 1115 struct wlan_objmgr_psoc *psoc; 1116 1117 psoc = wlan_vdev_get_psoc(vdev); 1118 if (!psoc) { 1119 crypto_err("psoc is NULL"); 1120 return QDF_STATUS_E_INVAL; 1121 } 1122 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1123 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1124 macaddr); 1125 } 1126 1127 return QDF_STATUS_SUCCESS; 1128 } 1129 #endif 1130 1131 /** 1132 * wlan_crypto_default_key - called by ucfg to set default tx key 1133 * @vdev: vdev 1134 * @mac_address: mac address of the peer for unicast key 1135 * or broadcast address if group key need to made default. 1136 * @key_idx: key index to be made as default key 1137 * @unicast: is key was unicast or group key. 1138 * 1139 * This function gets called from ucfg to set default key 1140 * 1141 * Return: QDF_STATUS_SUCCESS - in case of success 1142 */ 1143 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1144 uint8_t *macaddr, 1145 uint8_t key_idx, 1146 bool unicast){ 1147 struct wlan_crypto_comp_priv *crypto_priv; 1148 struct wlan_crypto_params *crypto_params; 1149 struct wlan_crypto_key *key; 1150 struct wlan_objmgr_psoc *psoc; 1151 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1152 1153 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1154 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1155 vdev, macaddr, key_idx); 1156 return QDF_STATUS_E_INVAL; 1157 } 1158 1159 wlan_vdev_obj_lock(vdev); 1160 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1161 QDF_MAC_ADDR_SIZE); 1162 psoc = wlan_vdev_get_psoc(vdev); 1163 if (!psoc) { 1164 wlan_vdev_obj_unlock(vdev); 1165 crypto_err("psoc NULL"); 1166 return QDF_STATUS_E_INVAL; 1167 } 1168 wlan_vdev_obj_unlock(vdev); 1169 1170 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1171 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1172 &crypto_priv); 1173 if (crypto_priv == NULL) { 1174 crypto_err("crypto_priv NULL"); 1175 return QDF_STATUS_E_INVAL; 1176 } 1177 1178 key = crypto_priv->key[key_idx]; 1179 if (!key) 1180 return QDF_STATUS_E_INVAL; 1181 } else { 1182 struct wlan_objmgr_peer *peer; 1183 uint8_t pdev_id; 1184 1185 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1186 wlan_vdev_get_pdev(vdev)); 1187 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1188 psoc, pdev_id, 1189 bssid_mac, 1190 macaddr, 1191 WLAN_CRYPTO_ID); 1192 1193 if (peer == NULL) { 1194 crypto_err("peer NULL"); 1195 return QDF_STATUS_E_INVAL; 1196 } 1197 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1198 &crypto_priv); 1199 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1200 if (crypto_priv == NULL) { 1201 crypto_err("crypto_priv NULL"); 1202 return QDF_STATUS_E_INVAL; 1203 } 1204 1205 key = crypto_priv->key[key_idx]; 1206 if (!key) 1207 return QDF_STATUS_E_INVAL; 1208 } 1209 if (!key->valid) 1210 return QDF_STATUS_E_INVAL; 1211 1212 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1213 QDF_STATUS_SUCCESS) 1214 return QDF_STATUS_E_INVAL; 1215 crypto_priv->def_tx_keyid = key_idx; 1216 1217 return QDF_STATUS_SUCCESS; 1218 } 1219 1220 /** 1221 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1222 * @vdev: vdev 1223 * @wbuf: wbuf 1224 * @macaddr: macaddr 1225 * @encapdone: is encapdone already or not. 1226 * 1227 * This function gets called from mgmt txrx to encap frame. 1228 * 1229 * Return: QDF_STATUS_SUCCESS - in case of success 1230 */ 1231 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1232 qdf_nbuf_t wbuf, 1233 uint8_t *mac_addr, 1234 uint8_t encapdone){ 1235 struct wlan_crypto_comp_priv *crypto_priv; 1236 struct wlan_crypto_params *crypto_params; 1237 struct wlan_crypto_key *key; 1238 QDF_STATUS status; 1239 struct wlan_crypto_cipher *cipher_table; 1240 struct wlan_objmgr_psoc *psoc; 1241 struct wlan_objmgr_peer *peer; 1242 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1243 uint8_t pdev_id; 1244 uint8_t hdrlen; 1245 enum QDF_OPMODE opmode; 1246 1247 opmode = wlan_vdev_mlme_get_opmode(vdev); 1248 wlan_vdev_obj_lock(vdev); 1249 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1250 QDF_MAC_ADDR_SIZE); 1251 psoc = wlan_vdev_get_psoc(vdev); 1252 if (!psoc) { 1253 wlan_vdev_obj_unlock(vdev); 1254 crypto_err("psoc NULL"); 1255 return QDF_STATUS_E_INVAL; 1256 } 1257 wlan_vdev_obj_unlock(vdev); 1258 1259 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1260 /* FILS Encap required only for (Re-)Assoc response */ 1261 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1262 1263 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1264 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1265 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1266 return QDF_STATUS_E_INVAL; 1267 } 1268 1269 if (peer) 1270 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1271 1272 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1273 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1274 &crypto_priv); 1275 if (crypto_priv == NULL) { 1276 crypto_err("crypto_priv NULL"); 1277 return QDF_STATUS_E_INVAL; 1278 } 1279 1280 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1281 if (!key) 1282 return QDF_STATUS_E_INVAL; 1283 1284 } else { 1285 struct wlan_objmgr_peer *peer; 1286 uint8_t pdev_id; 1287 1288 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1289 wlan_vdev_get_pdev(vdev)); 1290 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1291 bssid_mac, mac_addr, 1292 WLAN_CRYPTO_ID); 1293 1294 if (peer == NULL) { 1295 crypto_err("crypto_priv NULL"); 1296 return QDF_STATUS_E_INVAL; 1297 } 1298 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1299 &crypto_priv); 1300 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1301 1302 if (crypto_priv == NULL) { 1303 crypto_err("crypto_priv NULL"); 1304 return QDF_STATUS_E_INVAL; 1305 } 1306 1307 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1308 if (!key) 1309 return QDF_STATUS_E_INVAL; 1310 } 1311 if (opmode == QDF_MONITOR_MODE) 1312 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1313 else 1314 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1315 (uint8_t *)qdf_nbuf_data(wbuf)); 1316 1317 /* if tkip, is counter measures enabled, then drop the frame */ 1318 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1319 status = cipher_table->encap(key, wbuf, encapdone, 1320 hdrlen); 1321 1322 return status; 1323 } 1324 qdf_export_symbol(wlan_crypto_encap); 1325 1326 /** 1327 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1328 * @vdev: vdev 1329 * @wbuf: wbuf 1330 * @macaddr: macaddr 1331 * @tid: tid of the frame 1332 * 1333 * This function gets called from mgmt txrx to decap frame. 1334 * 1335 * Return: QDF_STATUS_SUCCESS - in case of success 1336 */ 1337 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1338 qdf_nbuf_t wbuf, 1339 uint8_t *mac_addr, 1340 uint8_t tid){ 1341 struct wlan_crypto_comp_priv *crypto_priv; 1342 struct wlan_crypto_params *crypto_params; 1343 struct wlan_crypto_key *key; 1344 QDF_STATUS status; 1345 struct wlan_crypto_cipher *cipher_table; 1346 struct wlan_objmgr_psoc *psoc; 1347 struct wlan_objmgr_peer *peer; 1348 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1349 uint8_t keyid; 1350 uint8_t pdev_id; 1351 uint8_t hdrlen; 1352 enum QDF_OPMODE opmode; 1353 1354 opmode = wlan_vdev_mlme_get_opmode(vdev); 1355 wlan_vdev_obj_lock(vdev); 1356 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1357 QDF_MAC_ADDR_SIZE); 1358 psoc = wlan_vdev_get_psoc(vdev); 1359 if (!psoc) { 1360 wlan_vdev_obj_unlock(vdev); 1361 crypto_err("psoc NULL"); 1362 return QDF_STATUS_E_INVAL; 1363 } 1364 wlan_vdev_obj_unlock(vdev); 1365 1366 if (opmode == QDF_MONITOR_MODE) 1367 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1368 else 1369 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1370 (uint8_t *)qdf_nbuf_data(wbuf)); 1371 1372 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1373 1374 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1375 return QDF_STATUS_E_INVAL; 1376 1377 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1378 /* FILS Decap required only for (Re-)Assoc request */ 1379 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1380 1381 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1382 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1383 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1384 return QDF_STATUS_E_INVAL; 1385 } 1386 1387 if (peer) 1388 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1389 1390 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1391 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1392 &crypto_priv); 1393 if (crypto_priv == NULL) { 1394 crypto_err("crypto_priv NULL"); 1395 return QDF_STATUS_E_INVAL; 1396 } 1397 1398 key = crypto_priv->key[keyid]; 1399 if (!key) 1400 return QDF_STATUS_E_INVAL; 1401 1402 } else { 1403 struct wlan_objmgr_peer *peer; 1404 uint8_t pdev_id; 1405 1406 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1407 wlan_vdev_get_pdev(vdev)); 1408 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1409 psoc, pdev_id, bssid_mac, 1410 mac_addr, WLAN_CRYPTO_ID); 1411 if (peer == NULL) { 1412 crypto_err("peer NULL"); 1413 return QDF_STATUS_E_INVAL; 1414 } 1415 1416 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1417 &crypto_priv); 1418 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1419 1420 if (crypto_priv == NULL) { 1421 crypto_err("crypto_priv NULL"); 1422 return QDF_STATUS_E_INVAL; 1423 } 1424 1425 key = crypto_priv->key[keyid]; 1426 if (!key) 1427 return QDF_STATUS_E_INVAL; 1428 } 1429 /* if tkip, is counter measures enabled, then drop the frame */ 1430 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1431 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1432 1433 return status; 1434 } 1435 qdf_export_symbol(wlan_crypto_decap); 1436 /** 1437 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1438 * @vdev: vdev 1439 * @wbuf: wbuf 1440 * @macaddr: macaddr 1441 * @encapdone: is encapdone already or not. 1442 * 1443 * This function gets called from mgmt txrx to adding mic to the frame. 1444 * 1445 * Return: QDF_STATUS_SUCCESS - in case of success 1446 */ 1447 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1448 qdf_nbuf_t wbuf, 1449 uint8_t *mac_addr, 1450 uint8_t encapdone){ 1451 struct wlan_crypto_comp_priv *crypto_priv; 1452 struct wlan_crypto_params *crypto_params; 1453 struct wlan_crypto_key *key; 1454 QDF_STATUS status; 1455 struct wlan_crypto_cipher *cipher_table; 1456 struct wlan_objmgr_psoc *psoc; 1457 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1458 uint8_t hdrlen; 1459 enum QDF_OPMODE opmode; 1460 1461 opmode = wlan_vdev_mlme_get_opmode(vdev); 1462 1463 1464 wlan_vdev_obj_lock(vdev); 1465 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1466 QDF_MAC_ADDR_SIZE); 1467 psoc = wlan_vdev_get_psoc(vdev); 1468 if (!psoc) { 1469 wlan_vdev_obj_unlock(vdev); 1470 crypto_err("psoc NULL"); 1471 return QDF_STATUS_E_INVAL; 1472 } 1473 wlan_vdev_obj_unlock(vdev); 1474 1475 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1476 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1477 &crypto_priv); 1478 if (crypto_priv == NULL) { 1479 crypto_err("crypto_priv NULL"); 1480 return QDF_STATUS_E_INVAL; 1481 } 1482 1483 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1484 if (!key) 1485 return QDF_STATUS_E_INVAL; 1486 1487 } else { 1488 struct wlan_objmgr_peer *peer; 1489 uint8_t pdev_id; 1490 1491 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1492 wlan_vdev_get_pdev(vdev)); 1493 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1494 psoc, pdev_id, bssid_mac, 1495 mac_addr, WLAN_CRYPTO_ID); 1496 if (peer == NULL) { 1497 crypto_err("crypto_priv NULL"); 1498 return QDF_STATUS_E_INVAL; 1499 } 1500 1501 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1502 &crypto_priv); 1503 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1504 1505 if (crypto_priv == NULL) { 1506 crypto_err("crypto_priv NULL"); 1507 return QDF_STATUS_E_INVAL; 1508 } 1509 1510 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1511 if (!key) 1512 return QDF_STATUS_E_INVAL; 1513 } 1514 if (opmode == QDF_MONITOR_MODE) 1515 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1516 else 1517 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1518 (uint8_t *)qdf_nbuf_data(wbuf)); 1519 1520 /* if tkip, is counter measures enabled, then drop the frame */ 1521 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1522 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1523 1524 return status; 1525 } 1526 1527 /** 1528 * wlan_crypto_demic - called by mgmt for remove and check mic for 1529 * the frame based on cipher 1530 * @vdev: vdev 1531 * @wbuf: wbuf 1532 * @macaddr: macaddr 1533 * @tid: tid of the frame 1534 * @keyid: keyid in the received frame 1535 * This function gets called from mgmt txrx to decap frame. 1536 * 1537 * Return: QDF_STATUS_SUCCESS - in case of success 1538 */ 1539 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1540 qdf_nbuf_t wbuf, 1541 uint8_t *mac_addr, 1542 uint8_t tid, 1543 uint8_t keyid){ 1544 struct wlan_crypto_comp_priv *crypto_priv; 1545 struct wlan_crypto_params *crypto_params; 1546 struct wlan_crypto_key *key; 1547 QDF_STATUS status; 1548 struct wlan_crypto_cipher *cipher_table; 1549 struct wlan_objmgr_psoc *psoc; 1550 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1551 uint8_t hdrlen; 1552 enum QDF_OPMODE opmode; 1553 1554 opmode = wlan_vdev_mlme_get_opmode(vdev); 1555 1556 if (opmode == QDF_MONITOR_MODE) 1557 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1558 else 1559 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1560 (uint8_t *)qdf_nbuf_data(wbuf)); 1561 1562 wlan_vdev_obj_lock(vdev); 1563 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1564 QDF_MAC_ADDR_SIZE); 1565 psoc = wlan_vdev_get_psoc(vdev); 1566 if (!psoc) { 1567 wlan_vdev_obj_unlock(vdev); 1568 crypto_err("psoc NULL"); 1569 return QDF_STATUS_E_INVAL; 1570 } 1571 wlan_vdev_obj_unlock(vdev); 1572 1573 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1574 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1575 &crypto_priv); 1576 if (crypto_priv == NULL) { 1577 crypto_err("crypto_priv NULL"); 1578 return QDF_STATUS_E_INVAL; 1579 } 1580 1581 key = crypto_priv->key[keyid]; 1582 if (!key) 1583 return QDF_STATUS_E_INVAL; 1584 1585 } else { 1586 struct wlan_objmgr_peer *peer; 1587 uint8_t pdev_id; 1588 1589 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1590 wlan_vdev_get_pdev(vdev)); 1591 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1592 psoc, pdev_id, bssid_mac, 1593 mac_addr, WLAN_CRYPTO_ID); 1594 if (peer == NULL) { 1595 crypto_err("peer NULL"); 1596 return QDF_STATUS_E_INVAL; 1597 } 1598 1599 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1600 &crypto_priv); 1601 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1602 1603 if (crypto_priv == NULL) { 1604 crypto_err("crypto_priv NULL"); 1605 return QDF_STATUS_E_INVAL; 1606 } 1607 1608 key = crypto_priv->key[keyid]; 1609 if (!key) 1610 return QDF_STATUS_E_INVAL; 1611 } 1612 /* if tkip, is counter measures enabled, then drop the frame */ 1613 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1614 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1615 1616 return status; 1617 } 1618 1619 /** 1620 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1621 * @vdev: vdev 1622 * 1623 * This function gets called to check is pmf enabled or not in vdev. 1624 * 1625 * Return: true or false 1626 */ 1627 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1628 { 1629 1630 struct wlan_crypto_comp_priv *crypto_priv; 1631 struct wlan_crypto_params *vdev_crypto_params; 1632 1633 if (!vdev) 1634 return false; 1635 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1636 &crypto_priv); 1637 if (crypto_priv == NULL) { 1638 crypto_err("crypto_priv NULL"); 1639 return QDF_STATUS_E_INVAL; 1640 } 1641 1642 if ((vdev_crypto_params->rsn_caps & 1643 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1644 || (vdev_crypto_params->rsn_caps & 1645 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1646 return true; 1647 } 1648 1649 return false; 1650 } 1651 /** 1652 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1653 * @vdev: vdev 1654 * @peer: peer 1655 * 1656 * This function gets called by mgmt txrx to check is pmf enabled or not. 1657 * 1658 * Return: true or false 1659 */ 1660 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1661 struct wlan_objmgr_peer *peer){ 1662 1663 struct wlan_crypto_comp_priv *crypto_priv; 1664 struct wlan_crypto_params *vdev_crypto_params; 1665 struct wlan_crypto_params *peer_crypto_params; 1666 1667 if (!vdev || !peer) 1668 return false; 1669 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1670 &crypto_priv); 1671 if (crypto_priv == NULL) { 1672 crypto_err("crypto_priv NULL"); 1673 return QDF_STATUS_E_INVAL; 1674 } 1675 1676 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1677 &crypto_priv); 1678 if (crypto_priv == NULL) { 1679 crypto_err("crypto_priv NULL"); 1680 return QDF_STATUS_E_INVAL; 1681 } 1682 if (((vdev_crypto_params->rsn_caps & 1683 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1684 (peer_crypto_params->rsn_caps & 1685 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1686 || (vdev_crypto_params->rsn_caps & 1687 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1688 return true; 1689 } 1690 1691 return false; 1692 } 1693 1694 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1695 { 1696 a[0] = b[5]; 1697 a[1] = b[4]; 1698 a[2] = b[3]; 1699 a[3] = b[2]; 1700 a[4] = b[1]; 1701 a[5] = b[0]; 1702 } 1703 1704 /** 1705 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1706 * @vdev: vdev 1707 * @bfrm: frame starting pointer 1708 * @len: length of the frame 1709 * 1710 * This function gets called by mgmt txrx to add mmie in frame 1711 * 1712 * Return: end of frame or NULL in case failure 1713 */ 1714 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1715 uint8_t *bfrm, 1716 uint32_t len) { 1717 struct wlan_crypto_key *key; 1718 struct wlan_crypto_mmie *mmie; 1719 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1720 struct wlan_frame_hdr *hdr; 1721 uint32_t i, hdrlen, mic_len, aad_len; 1722 uint8_t mic[16]; 1723 struct wlan_crypto_comp_priv *crypto_priv; 1724 struct wlan_crypto_params *crypto_params; 1725 int32_t ret = -1; 1726 1727 if (!bfrm) { 1728 crypto_err("frame is NULL"); 1729 return NULL; 1730 } 1731 1732 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1733 &crypto_priv); 1734 if (crypto_priv == NULL) { 1735 crypto_err("crypto_priv NULL"); 1736 return NULL; 1737 } 1738 1739 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1740 crypto_err("igtk key invalid keyid %d", 1741 crypto_priv->def_igtk_tx_keyid); 1742 return NULL; 1743 } 1744 1745 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1746 if (!key) { 1747 crypto_err("No igtk key present"); 1748 return NULL; 1749 } 1750 mic_len = (crypto_priv->igtk_key_type 1751 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1752 1753 efrm = bfrm + len; 1754 aad_len = 20; 1755 hdrlen = sizeof(struct wlan_frame_hdr); 1756 len += sizeof(struct wlan_crypto_mmie); 1757 1758 mmie = (struct wlan_crypto_mmie *) efrm; 1759 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1760 mmie->element_id = WLAN_ELEMID_MMIE; 1761 mmie->length = sizeof(*mmie) - 2; 1762 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1763 1764 mic_len = (crypto_priv->igtk_key_type 1765 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1766 if (mic_len == 8) { 1767 mmie->length -= 8; 1768 len -= 8; 1769 } 1770 /* PN = PN + 1 */ 1771 pn = (uint8_t *)&key->keytsc; 1772 1773 for (i = 0; i <= 5; i++) { 1774 pn[i]++; 1775 if (pn[i]) 1776 break; 1777 } 1778 1779 /* Copy IPN */ 1780 qdf_mem_copy(mmie->sequence_number, pn, 6); 1781 1782 hdr = (struct wlan_frame_hdr *) bfrm; 1783 1784 buf = qdf_mem_malloc(len - hdrlen + 20); 1785 if (!buf) { 1786 crypto_err("malloc failed"); 1787 return NULL; 1788 } 1789 qdf_mem_zero(buf, len - hdrlen + 20); 1790 aad = buf; 1791 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1792 1793 /* FC type/subtype */ 1794 aad[0] = hdr->i_fc[0]; 1795 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1796 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1797 | WLAN_FC1_MOREDATA)); 1798 /* A1 || A2 || A3 */ 1799 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 1800 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1801 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 1802 qdf_mem_zero(mic, 16); 1803 1804 /* 1805 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1806 */ 1807 1808 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1809 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1810 1811 ret = omac1_aes_128(key->keyval, buf, 1812 len + aad_len - hdrlen, mic); 1813 qdf_mem_copy(mmie->mic, mic, 8); 1814 1815 } else if (crypto_priv->igtk_key_type 1816 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1817 1818 ret = omac1_aes_256(key->keyval, buf, 1819 len + aad_len - hdrlen, mmie->mic); 1820 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1821 || (crypto_priv->igtk_key_type 1822 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1823 1824 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1825 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1826 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1827 sizeof(nounce), buf, 1828 len + aad_len - hdrlen, mmie->mic); 1829 } 1830 qdf_mem_free(buf); 1831 if (ret < 0) { 1832 crypto_err("add mmie failed"); 1833 return NULL; 1834 } 1835 1836 return bfrm + len; 1837 } 1838 1839 /** 1840 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1841 * @vdev: vdev 1842 * @frm: frame starting pointer 1843 * @efrm: end of frame pointer 1844 * 1845 * This function gets called by mgmt txrx to check mmie of the frame 1846 * 1847 * Return: true or false 1848 */ 1849 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1850 uint8_t *frm, 1851 uint8_t *efrm){ 1852 struct wlan_crypto_mmie *mmie = NULL; 1853 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1854 struct wlan_crypto_key *key; 1855 struct wlan_frame_hdr *hdr; 1856 uint16_t mic_len, hdrlen, len; 1857 struct wlan_crypto_comp_priv *crypto_priv; 1858 struct wlan_crypto_params *crypto_params; 1859 uint8_t aad_len = 20; 1860 int32_t ret = -1; 1861 1862 /* check if frame is illegal length */ 1863 if (!frm || !efrm || (efrm < frm) 1864 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 1865 crypto_err("Invalid params"); 1866 return false; 1867 } 1868 len = efrm - frm; 1869 crypto_priv = (struct wlan_crypto_comp_priv *) 1870 wlan_get_vdev_crypto_obj(vdev); 1871 if (crypto_priv == NULL) { 1872 crypto_err("crypto_priv NULL"); 1873 return false; 1874 } 1875 1876 crypto_params = &(crypto_priv->crypto_params); 1877 1878 1879 mic_len = (crypto_priv->igtk_key_type 1880 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1881 hdrlen = sizeof(struct wlan_frame_hdr); 1882 1883 if (mic_len == 8) 1884 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1885 else 1886 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1887 1888 1889 /* check Elem ID*/ 1890 if ((mmie == NULL) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1891 crypto_err("IE is not MMIE"); 1892 return false; 1893 } 1894 1895 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1896 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1897 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1898 crypto_err("keyid not valid"); 1899 return false; 1900 } 1901 1902 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1903 if (!key) { 1904 crypto_err("No igtk key present"); 1905 return false; 1906 } 1907 1908 /* validate ipn */ 1909 ipn = mmie->sequence_number; 1910 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1911 uint8_t *su = (uint8_t *)key->keyrsc; 1912 uint8_t *end = ipn + 6; 1913 1914 crypto_err("replay error :"); 1915 while (ipn < end) { 1916 crypto_err("expected pn = %x received pn = %x", 1917 *ipn++, *su++); 1918 } 1919 return false; 1920 } 1921 1922 buf = qdf_mem_malloc(len - hdrlen + 20); 1923 if (!buf) { 1924 crypto_err("malloc failed"); 1925 return false; 1926 } 1927 aad = buf; 1928 1929 /* construct AAD */ 1930 hdr = (struct wlan_frame_hdr *)frm; 1931 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1932 1933 /* FC type/subtype */ 1934 aad[0] = hdr->i_fc[0]; 1935 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1936 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1937 | WLAN_FC1_MOREDATA)); 1938 /* A1 || A2 || A3 */ 1939 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 1940 1941 /* 1942 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1943 */ 1944 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1945 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1946 qdf_mem_zero(mic, 16); 1947 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1948 ret = omac1_aes_128(key->keyval, buf, 1949 len - hdrlen + aad_len, mic); 1950 } else if (crypto_priv->igtk_key_type 1951 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1952 ret = omac1_aes_256(key->keyval, buf, 1953 len + aad_len - hdrlen, mic); 1954 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1955 || (crypto_priv->igtk_key_type 1956 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1957 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1958 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 1959 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1960 sizeof(nounce), buf, 1961 len + aad_len - hdrlen, mic); 1962 } 1963 1964 qdf_mem_free(buf); 1965 1966 if (ret < 0) { 1967 crypto_err("genarate mmie failed"); 1968 return false; 1969 } 1970 1971 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 1972 crypto_err("mmie mismatch"); 1973 /* MMIE MIC mismatch */ 1974 return false; 1975 } 1976 1977 /* Update the receive sequence number */ 1978 qdf_mem_copy(key->keyrsc, ipn, 6); 1979 crypto_debug("mmie matched"); 1980 1981 return true; 1982 } 1983 1984 1985 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 1986 { 1987 int32_t status = -1; 1988 1989 switch (cipher) { 1990 case WLAN_CRYPTO_CIPHER_TKIP: 1991 return WPA_CIPHER_SUITE_TKIP; 1992 case WLAN_CRYPTO_CIPHER_AES_CCM: 1993 return WPA_CIPHER_SUITE_CCMP; 1994 case WLAN_CRYPTO_CIPHER_NONE: 1995 return WPA_CIPHER_SUITE_NONE; 1996 } 1997 1998 return status; 1999 } 2000 2001 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2002 { 2003 int32_t status = -1; 2004 2005 switch (cipher) { 2006 case WLAN_CRYPTO_CIPHER_TKIP: 2007 return RSN_CIPHER_SUITE_TKIP; 2008 case WLAN_CRYPTO_CIPHER_AES_CCM: 2009 return RSN_CIPHER_SUITE_CCMP; 2010 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2011 return RSN_CIPHER_SUITE_CCMP_256; 2012 case WLAN_CRYPTO_CIPHER_AES_GCM: 2013 return RSN_CIPHER_SUITE_GCMP; 2014 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2015 return RSN_CIPHER_SUITE_GCMP_256; 2016 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2017 return RSN_CIPHER_SUITE_AES_CMAC; 2018 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2019 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2020 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2021 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2022 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2023 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2024 case WLAN_CRYPTO_CIPHER_NONE: 2025 return RSN_CIPHER_SUITE_NONE; 2026 } 2027 2028 return status; 2029 } 2030 2031 /* 2032 * Convert an RSN key management/authentication algorithm 2033 * to an internal code. 2034 */ 2035 static int32_t 2036 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2037 { 2038 int32_t status = -1; 2039 2040 switch (keymgmt) { 2041 case WLAN_CRYPTO_KEY_MGMT_NONE: 2042 return RSN_AUTH_KEY_MGMT_NONE; 2043 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2044 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2045 case WLAN_CRYPTO_KEY_MGMT_PSK: 2046 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2047 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2048 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2049 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2050 return RSN_AUTH_KEY_MGMT_FT_PSK; 2051 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2052 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2053 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2054 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2055 case WLAN_CRYPTO_KEY_MGMT_SAE: 2056 return RSN_AUTH_KEY_MGMT_SAE; 2057 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2058 return RSN_AUTH_KEY_MGMT_FT_SAE; 2059 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2060 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2061 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2062 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2063 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2064 return RSN_AUTH_KEY_MGMT_CCKM; 2065 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2066 return RSN_AUTH_KEY_MGMT_OSEN; 2067 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2068 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2069 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2070 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2071 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2072 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2073 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2074 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2075 case WLAN_CRYPTO_KEY_MGMT_OWE: 2076 return RSN_AUTH_KEY_MGMT_OWE; 2077 case WLAN_CRYPTO_KEY_MGMT_DPP: 2078 return RSN_AUTH_KEY_MGMT_DPP; 2079 } 2080 2081 return status; 2082 } 2083 2084 /* 2085 * Convert an RSN key management/authentication algorithm 2086 * to an internal code. 2087 */ 2088 static int32_t 2089 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2090 { 2091 int32_t status = -1; 2092 2093 switch (keymgmt) { 2094 case WLAN_CRYPTO_KEY_MGMT_NONE: 2095 return WPA_AUTH_KEY_MGMT_NONE; 2096 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2097 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2098 case WLAN_CRYPTO_KEY_MGMT_PSK: 2099 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2100 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2101 return WPA_AUTH_KEY_MGMT_CCKM; 2102 } 2103 2104 return status; 2105 } 2106 /** 2107 * Convert a WPA cipher selector OUI to an internal 2108 * cipher algorithm. Where appropriate we also 2109 * record any key length. 2110 */ 2111 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 2112 { 2113 uint32_t w = LE_READ_4(sel); 2114 int32_t status = -1; 2115 2116 switch (w) { 2117 case WPA_CIPHER_SUITE_TKIP: 2118 return WLAN_CRYPTO_CIPHER_TKIP; 2119 case WPA_CIPHER_SUITE_CCMP: 2120 return WLAN_CRYPTO_CIPHER_AES_CCM; 2121 case WPA_CIPHER_SUITE_NONE: 2122 return WLAN_CRYPTO_CIPHER_NONE; 2123 } 2124 2125 return status; 2126 } 2127 2128 /* 2129 * Convert a WPA key management/authentication algorithm 2130 * to an internal code. 2131 */ 2132 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 2133 { 2134 uint32_t w = LE_READ_4(sel); 2135 int32_t status = -1; 2136 2137 switch (w) { 2138 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2139 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2140 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2141 return WLAN_CRYPTO_KEY_MGMT_PSK; 2142 case WPA_AUTH_KEY_MGMT_CCKM: 2143 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2144 case WPA_AUTH_KEY_MGMT_NONE: 2145 return WLAN_CRYPTO_KEY_MGMT_NONE; 2146 } 2147 return status; 2148 } 2149 2150 /* 2151 * Convert a RSN cipher selector OUI to an internal 2152 * cipher algorithm. Where appropriate we also 2153 * record any key length. 2154 */ 2155 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 2156 { 2157 uint32_t w = LE_READ_4(sel); 2158 int32_t status = -1; 2159 2160 switch (w) { 2161 case RSN_CIPHER_SUITE_TKIP: 2162 return WLAN_CRYPTO_CIPHER_TKIP; 2163 case RSN_CIPHER_SUITE_CCMP: 2164 return WLAN_CRYPTO_CIPHER_AES_CCM; 2165 case RSN_CIPHER_SUITE_CCMP_256: 2166 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2167 case RSN_CIPHER_SUITE_GCMP: 2168 return WLAN_CRYPTO_CIPHER_AES_GCM; 2169 case RSN_CIPHER_SUITE_GCMP_256: 2170 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2171 case RSN_CIPHER_SUITE_AES_CMAC: 2172 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2173 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2174 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2175 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2176 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2177 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2178 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2179 case RSN_CIPHER_SUITE_NONE: 2180 return WLAN_CRYPTO_CIPHER_NONE; 2181 } 2182 2183 return status; 2184 } 2185 /* 2186 * Convert an RSN key management/authentication algorithm 2187 * to an internal code. 2188 */ 2189 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2190 { 2191 uint32_t w = LE_READ_4(sel); 2192 int32_t status = -1; 2193 2194 switch (w) { 2195 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2196 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2197 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2198 return WLAN_CRYPTO_KEY_MGMT_PSK; 2199 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2200 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2201 case RSN_AUTH_KEY_MGMT_FT_PSK: 2202 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2203 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2204 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2205 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2206 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2207 case RSN_AUTH_KEY_MGMT_SAE: 2208 return WLAN_CRYPTO_KEY_MGMT_SAE; 2209 case RSN_AUTH_KEY_MGMT_FT_SAE: 2210 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2211 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2212 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2213 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2214 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2215 case RSN_AUTH_KEY_MGMT_CCKM: 2216 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2217 case RSN_AUTH_KEY_MGMT_OSEN: 2218 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2219 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2220 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2221 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2222 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2223 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2224 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2225 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2226 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2227 case RSN_AUTH_KEY_MGMT_OWE: 2228 return WLAN_CRYPTO_KEY_MGMT_OWE; 2229 case RSN_AUTH_KEY_MGMT_DPP: 2230 return WLAN_CRYPTO_KEY_MGMT_DPP; 2231 } 2232 2233 return status; 2234 } 2235 2236 /** 2237 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2238 * @crypto params: crypto params 2239 * @iebuf: ie buffer 2240 * 2241 * This function gets called by mlme to check the contents of wpa is 2242 * matching with given crypto params 2243 * 2244 * Return: QDF_STATUS_SUCCESS - in case of success 2245 */ 2246 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2247 uint8_t *frm){ 2248 uint8_t len = frm[1]; 2249 int32_t w; 2250 int n; 2251 2252 /* 2253 * Check the length once for fixed parts: OUI, type, 2254 * version, mcast cipher, and 2 selector counts. 2255 * Other, variable-length data, must be checked separately. 2256 */ 2257 RESET_AUTHMODE(crypto_params); 2258 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2259 2260 if (len < 14) 2261 return QDF_STATUS_E_INVAL; 2262 2263 frm += 6, len -= 4; 2264 2265 w = LE_READ_2(frm); 2266 if (w != WPA_VERSION) 2267 return QDF_STATUS_E_INVAL; 2268 2269 frm += 2, len -= 2; 2270 2271 /* multicast/group cipher */ 2272 RESET_MCAST_CIPHERS(crypto_params); 2273 w = wlan_crypto_wpa_suite_to_cipher(frm); 2274 if (w < 0) 2275 return QDF_STATUS_E_INVAL; 2276 SET_MCAST_CIPHER(crypto_params, w); 2277 frm += 4, len -= 4; 2278 2279 /* unicast ciphers */ 2280 n = LE_READ_2(frm); 2281 frm += 2, len -= 2; 2282 if (len < n*4+2) 2283 return QDF_STATUS_E_INVAL; 2284 2285 RESET_UCAST_CIPHERS(crypto_params); 2286 for (; n > 0; n--) { 2287 w = wlan_crypto_wpa_suite_to_cipher(frm); 2288 if (w < 0) 2289 return QDF_STATUS_E_INVAL; 2290 SET_UCAST_CIPHER(crypto_params, w); 2291 frm += 4, len -= 4; 2292 } 2293 2294 if (!crypto_params->ucastcipherset) 2295 return QDF_STATUS_E_INVAL; 2296 2297 /* key management algorithms */ 2298 n = LE_READ_2(frm); 2299 frm += 2, len -= 2; 2300 if (len < n*4) 2301 return QDF_STATUS_E_INVAL; 2302 2303 w = 0; 2304 RESET_KEY_MGMT(crypto_params); 2305 for (; n > 0; n--) { 2306 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2307 if (w < 0) 2308 return QDF_STATUS_E_INVAL; 2309 SET_KEY_MGMT(crypto_params, w); 2310 frm += 4, len -= 4; 2311 } 2312 2313 /* optional capabilities */ 2314 if (len >= 2) { 2315 crypto_params->rsn_caps = LE_READ_2(frm); 2316 frm += 2, len -= 2; 2317 } 2318 2319 return 0; 2320 } 2321 2322 /** 2323 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2324 * @crypto params: crypto params 2325 * @iebuf: ie buffer 2326 * 2327 * This function gets called by mlme to check the contents of wpa is 2328 * matching with given crypto params 2329 * 2330 * Return: QDF_STATUS_SUCCESS - in case of success 2331 */ 2332 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2333 uint8_t *frm){ 2334 uint8_t len = frm[1]; 2335 int32_t w; 2336 int n; 2337 2338 /* Check the length once for fixed parts: OUI, type & version */ 2339 if (len < 2) 2340 return QDF_STATUS_E_INVAL; 2341 2342 /* initialize crypto params */ 2343 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2344 2345 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2346 2347 frm += 2; 2348 /* NB: iswapoui already validated the OUI and type */ 2349 w = LE_READ_2(frm); 2350 if (w != RSN_VERSION) 2351 return QDF_STATUS_E_INVAL; 2352 2353 frm += 2, len -= 2; 2354 2355 if (!len) { 2356 /* set defaults */ 2357 /* default group cipher CCMP-128 */ 2358 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2359 /* default ucast cipher CCMP-128 */ 2360 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2361 /* default key mgmt 8021x */ 2362 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2363 return QDF_STATUS_SUCCESS; 2364 } else if (len < 4) { 2365 return QDF_STATUS_E_INVAL; 2366 } 2367 2368 /* multicast/group cipher */ 2369 w = wlan_crypto_rsn_suite_to_cipher(frm); 2370 if (w < 0) 2371 return QDF_STATUS_E_INVAL; 2372 else { 2373 SET_MCAST_CIPHER(crypto_params, w); 2374 frm += 4, len -= 4; 2375 } 2376 2377 if (crypto_params->mcastcipherset == 0) 2378 return QDF_STATUS_E_INVAL; 2379 2380 if (!len) { 2381 /* default ucast cipher CCMP-128 */ 2382 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2383 /* default key mgmt 8021x */ 2384 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2385 return QDF_STATUS_SUCCESS; 2386 } else if (len < 2) { 2387 return QDF_STATUS_E_INVAL; 2388 } 2389 2390 /* unicast ciphers */ 2391 n = LE_READ_2(frm); 2392 frm += 2, len -= 2; 2393 if (n) { 2394 if (len < n * 4) 2395 return QDF_STATUS_E_INVAL; 2396 2397 for (; n > 0; n--) { 2398 w = wlan_crypto_rsn_suite_to_cipher(frm); 2399 if (w < 0) 2400 return QDF_STATUS_E_INVAL; 2401 SET_UCAST_CIPHER(crypto_params, w); 2402 frm += 4, len -= 4; 2403 } 2404 } else { 2405 /* default ucast cipher CCMP-128 */ 2406 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2407 } 2408 2409 if (crypto_params->ucastcipherset == 0) 2410 return QDF_STATUS_E_INVAL; 2411 2412 if (!len) { 2413 /* default key mgmt 8021x */ 2414 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2415 return QDF_STATUS_SUCCESS; 2416 } else if (len < 2) { 2417 return QDF_STATUS_E_INVAL; 2418 } 2419 2420 /* key management algorithms */ 2421 n = LE_READ_2(frm); 2422 frm += 2, len -= 2; 2423 2424 if (n) { 2425 if (len < n * 4) 2426 return QDF_STATUS_E_INVAL; 2427 2428 for (; n > 0; n--) { 2429 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2430 if (w < 0) 2431 return QDF_STATUS_E_INVAL; 2432 SET_KEY_MGMT(crypto_params, w); 2433 frm += 4, len -= 4; 2434 } 2435 } else { 2436 /* default key mgmt 8021x */ 2437 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2438 } 2439 2440 if (crypto_params->key_mgmt == 0) 2441 return QDF_STATUS_E_INVAL; 2442 2443 /* optional capabilities */ 2444 if (len >= 2) { 2445 crypto_params->rsn_caps = LE_READ_2(frm); 2446 frm += 2, len -= 2; 2447 } else if (len && len < 2) { 2448 return QDF_STATUS_E_INVAL; 2449 } 2450 2451 2452 /* PMKID */ 2453 if (len >= 2) { 2454 n = LE_READ_2(frm); 2455 frm += 2, len -= 2; 2456 if (n && len) { 2457 if (len >= n * PMKID_LEN) 2458 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2459 else 2460 return QDF_STATUS_E_INVAL; 2461 } else if (n && !len) { 2462 return QDF_STATUS_E_INVAL; 2463 } 2464 /*TODO: Save pmkid in params for further reference */ 2465 } 2466 2467 /* BIP */ 2468 if (!len && 2469 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2470 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2471 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2472 return QDF_STATUS_SUCCESS; 2473 } else if (len >= 4) { 2474 w = wlan_crypto_rsn_suite_to_cipher(frm); 2475 frm += 4, len -= 4; 2476 SET_MGMT_CIPHER(crypto_params, w); 2477 } 2478 2479 return QDF_STATUS_SUCCESS; 2480 } 2481 2482 /** 2483 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2484 * @vdev: vdev 2485 * @iebuf: ie buffer 2486 * 2487 * This function gets called by mlme to build wpaie from given vdev 2488 * 2489 * Return: end of buffer 2490 */ 2491 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2492 uint8_t *iebuf){ 2493 uint8_t *frm = iebuf; 2494 uint8_t *selcnt; 2495 struct wlan_crypto_comp_priv *crypto_priv; 2496 struct wlan_crypto_params *crypto_params; 2497 2498 if (!frm) 2499 return NULL; 2500 2501 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2502 2503 if (!crypto_params) 2504 return NULL; 2505 2506 *frm++ = WLAN_ELEMID_VENDOR; 2507 *frm++ = 0; 2508 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2509 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2510 2511 2512 /* multicast cipher */ 2513 if (MCIPHER_IS_TKIP(crypto_params)) 2514 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2515 else if (MCIPHER_IS_CCMP128(crypto_params)) 2516 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2517 2518 /* unicast cipher list */ 2519 selcnt = frm; 2520 WLAN_CRYPTO_ADDSHORT(frm, 0); 2521 /* do not use CCMP unicast cipher in WPA mode */ 2522 if (UCIPHER_IS_CCMP128(crypto_params)) { 2523 selcnt[0]++; 2524 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2525 } 2526 if (UCIPHER_IS_TKIP(crypto_params)) { 2527 selcnt[0]++; 2528 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2529 } 2530 2531 /* authenticator selector list */ 2532 selcnt = frm; 2533 WLAN_CRYPTO_ADDSHORT(frm, 0); 2534 2535 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2536 selcnt[0]++; 2537 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2538 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2539 selcnt[0]++; 2540 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2541 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2542 selcnt[0]++; 2543 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2544 } else { 2545 selcnt[0]++; 2546 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2547 } 2548 2549 /* optional capabilities */ 2550 if (crypto_params->rsn_caps != 0 && 2551 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2552 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2553 } 2554 2555 /* calculate element length */ 2556 iebuf[1] = frm - iebuf - 2; 2557 2558 return frm; 2559 } 2560 2561 /** 2562 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2563 * @vdev: vdev 2564 * @iebuf: ie buffer 2565 * @bssid: bssid mac address to add pmkid in rsnie 2566 * 2567 * This function gets called by mlme to build rsnie from given vdev 2568 * 2569 * Return: end of buffer 2570 */ 2571 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2572 uint8_t *iebuf, 2573 struct qdf_mac_addr *bssid) 2574 { 2575 uint8_t *frm = iebuf; 2576 uint8_t *selcnt; 2577 struct wlan_crypto_comp_priv *crypto_priv; 2578 struct wlan_crypto_params *crypto_params; 2579 2580 if (!frm) { 2581 return NULL; 2582 } 2583 2584 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2585 2586 if (!crypto_params) { 2587 return NULL; 2588 } 2589 2590 *frm++ = WLAN_ELEMID_RSN; 2591 *frm++ = 0; 2592 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2593 2594 2595 /* multicast cipher */ 2596 if (MCIPHER_IS_TKIP(crypto_params)) 2597 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2598 else if (MCIPHER_IS_CCMP128(crypto_params)) 2599 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2600 else if (MCIPHER_IS_CCMP256(crypto_params)) 2601 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2602 else if (MCIPHER_IS_GCMP128(crypto_params)) 2603 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2604 else if (MCIPHER_IS_GCMP256(crypto_params)) 2605 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2606 2607 /* unicast cipher list */ 2608 selcnt = frm; 2609 WLAN_CRYPTO_ADDSHORT(frm, 0); 2610 2611 if (UCIPHER_IS_CCMP256(crypto_params)) { 2612 selcnt[0]++; 2613 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2614 } 2615 if (UCIPHER_IS_GCMP256(crypto_params)) { 2616 selcnt[0]++; 2617 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2618 } 2619 if (UCIPHER_IS_CCMP128(crypto_params)) { 2620 selcnt[0]++; 2621 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2622 } 2623 if (UCIPHER_IS_GCMP128(crypto_params)) { 2624 selcnt[0]++; 2625 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2626 } 2627 if (UCIPHER_IS_TKIP(crypto_params)) { 2628 selcnt[0]++; 2629 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2630 } 2631 2632 /* authenticator selector list */ 2633 selcnt = frm; 2634 WLAN_CRYPTO_ADDSHORT(frm, 0); 2635 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2636 selcnt[0]++; 2637 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2638 /* Other key mgmt should not be added after CCKM */ 2639 goto add_rsn_caps; 2640 } 2641 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2642 selcnt[0]++; 2643 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2644 } 2645 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2646 selcnt[0]++; 2647 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2648 } 2649 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2650 selcnt[0]++; 2651 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2652 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2653 } 2654 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2655 selcnt[0]++; 2656 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2657 } 2658 if (HAS_KEY_MGMT(crypto_params, 2659 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2660 selcnt[0]++; 2661 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2662 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2663 } 2664 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2665 selcnt[0]++; 2666 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2667 } 2668 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2669 selcnt[0]++; 2670 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2671 } 2672 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2673 selcnt[0]++; 2674 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2675 } 2676 if (HAS_KEY_MGMT(crypto_params, 2677 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2678 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2679 2680 selcnt[0]++; 2681 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2682 } 2683 if (HAS_KEY_MGMT(crypto_params, 2684 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2685 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2686 2687 selcnt[0]++; 2688 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2689 } 2690 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2691 selcnt[0]++; 2692 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2693 } 2694 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2695 selcnt[0]++; 2696 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2697 } 2698 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2699 selcnt[0]++; 2700 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2701 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2702 } 2703 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2704 selcnt[0]++; 2705 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2706 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2707 } 2708 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2709 selcnt[0]++; 2710 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2711 } 2712 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 2713 selcnt[0]++; 2714 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 2715 } 2716 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2717 selcnt[0]++; 2718 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 2719 } 2720 add_rsn_caps: 2721 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2722 /* optional capabilities */ 2723 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2724 /* PMK list */ 2725 if (bssid) { 2726 struct wlan_crypto_pmksa *pmksa; 2727 2728 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2729 2730 if (pmksa) { 2731 WLAN_CRYPTO_ADDSHORT(frm, 1); 2732 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2733 frm += PMKID_LEN; 2734 } else { 2735 WLAN_CRYPTO_ADDSHORT(frm, 0); 2736 } 2737 } else 2738 WLAN_CRYPTO_ADDSHORT(frm, 0); 2739 2740 if (HAS_MGMT_CIPHER(crypto_params, 2741 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2742 RSN_ADD_CIPHER_TO_SUITE(frm, 2743 WLAN_CRYPTO_CIPHER_AES_CMAC); 2744 } 2745 if (HAS_MGMT_CIPHER(crypto_params, 2746 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2747 RSN_ADD_CIPHER_TO_SUITE(frm, 2748 WLAN_CRYPTO_CIPHER_AES_GMAC); 2749 } 2750 if (HAS_MGMT_CIPHER(crypto_params, 2751 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2752 RSN_ADD_CIPHER_TO_SUITE(frm, 2753 WLAN_CRYPTO_CIPHER_AES_CMAC_256 2754 ); 2755 } 2756 2757 if (HAS_MGMT_CIPHER(crypto_params, 2758 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2759 RSN_ADD_CIPHER_TO_SUITE(frm, 2760 WLAN_CRYPTO_CIPHER_AES_GMAC_256 2761 ); 2762 } 2763 } else { 2764 /* PMK list */ 2765 if (bssid) { 2766 struct wlan_crypto_pmksa *pmksa; 2767 2768 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2769 if (pmksa) { 2770 WLAN_CRYPTO_ADDSHORT(frm, 1); 2771 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2772 frm += PMKID_LEN; 2773 } else { 2774 WLAN_CRYPTO_ADDSHORT(frm, 0); 2775 } 2776 } 2777 } 2778 2779 /* calculate element length */ 2780 iebuf[1] = frm - iebuf - 2; 2781 2782 return frm; 2783 } 2784 2785 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2786 struct wlan_crypto_params *crypto_params){ 2787 struct wlan_crypto_params *my_crypto_params; 2788 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2789 2790 if (!my_crypto_params) { 2791 crypto_debug("vdev crypto params is NULL"); 2792 return false; 2793 } 2794 /* 2795 * Check peer's pairwise ciphers. 2796 * At least one must match with our unicast cipher 2797 */ 2798 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2799 crypto_debug("Unicast cipher match failed"); 2800 return false; 2801 } 2802 /* 2803 * Check peer's group cipher is our enabled multicast cipher. 2804 */ 2805 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2806 crypto_debug("Multicast cipher match failed"); 2807 return false; 2808 } 2809 /* 2810 * Check peer's key management class set (PSK or UNSPEC) 2811 */ 2812 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 2813 crypto_debug("Key mgmt match failed"); 2814 return false; 2815 } 2816 if (wlan_crypto_vdev_is_pmf_enabled(vdev) && 2817 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2818 crypto_debug("Peer is not PMF capable"); 2819 return false; 2820 } 2821 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 2822 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2823 crypto_debug("Peer needs PMF, but vdev is not capable"); 2824 return false; 2825 } 2826 2827 return true; 2828 } 2829 2830 /* 2831 * Convert an WAPI CIPHER suite to to an internal code. 2832 */ 2833 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2834 { 2835 uint32_t w = LE_READ_4(sel); 2836 int32_t status = -1; 2837 2838 switch (w) { 2839 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2840 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2841 } 2842 2843 return status; 2844 } 2845 2846 /* 2847 * Convert an WAPI key management/authentication algorithm 2848 * to an internal code. 2849 */ 2850 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2851 { 2852 uint32_t w = LE_READ_4(sel); 2853 int32_t status = -1; 2854 2855 switch (w) { 2856 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2857 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2858 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2859 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2860 } 2861 2862 return status; 2863 } 2864 /** 2865 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2866 * @crypto params: crypto params 2867 * @iebuf: ie buffer 2868 * 2869 * This function gets called by mlme to check the contents of wapi is 2870 * matching with given crypto params 2871 * 2872 * Return: QDF_STATUS_SUCCESS - in case of success 2873 */ 2874 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2875 uint8_t *frm) 2876 { 2877 uint8_t len = frm[1]; 2878 int32_t w; 2879 int n; 2880 2881 /* 2882 * Check the length once for fixed parts: OUI, type, 2883 * version, mcast cipher, and 2 selector counts. 2884 * Other, variable-length data, must be checked separately. 2885 */ 2886 RESET_AUTHMODE(crypto_params); 2887 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2888 2889 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2890 return QDF_STATUS_E_INVAL; 2891 2892 2893 frm += 2; 2894 2895 w = LE_READ_2(frm); 2896 frm += 2, len -= 2; 2897 if (w != WAPI_VERSION) 2898 return QDF_STATUS_E_INVAL; 2899 2900 n = LE_READ_2(frm); 2901 frm += 2, len -= 2; 2902 if (len < n*4+2) 2903 return QDF_STATUS_E_INVAL; 2904 2905 RESET_KEY_MGMT(crypto_params); 2906 for (; n > 0; n--) { 2907 w = wlan_crypto_wapi_keymgmt(frm); 2908 if (w < 0) 2909 return QDF_STATUS_E_INVAL; 2910 2911 SET_KEY_MGMT(crypto_params, w); 2912 frm += 4, len -= 4; 2913 } 2914 2915 /* unicast ciphers */ 2916 n = LE_READ_2(frm); 2917 frm += 2, len -= 2; 2918 if (len < n*4+2) 2919 return QDF_STATUS_E_INVAL; 2920 2921 RESET_UCAST_CIPHERS(crypto_params); 2922 for (; n > 0; n--) { 2923 w = wlan_crypto_wapi_suite_to_cipher(frm); 2924 if (w < 0) 2925 return QDF_STATUS_E_INVAL; 2926 SET_UCAST_CIPHER(crypto_params, w); 2927 frm += 4, len -= 4; 2928 } 2929 2930 if (!crypto_params->ucastcipherset) 2931 return QDF_STATUS_E_INVAL; 2932 2933 /* multicast/group cipher */ 2934 RESET_MCAST_CIPHERS(crypto_params); 2935 w = wlan_crypto_wapi_suite_to_cipher(frm); 2936 2937 if (w < 0) 2938 return QDF_STATUS_E_INVAL; 2939 2940 SET_MCAST_CIPHER(crypto_params, w); 2941 frm += 4, len -= 4; 2942 2943 return QDF_STATUS_SUCCESS; 2944 } 2945 2946 /** 2947 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2948 * @vdev: vdev 2949 * @iebuf: ie buffer 2950 * 2951 * This function gets called by mlme to build wapi ie from given vdev 2952 * 2953 * Return: end of buffer 2954 */ 2955 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2956 uint8_t *iebuf) 2957 { 2958 uint8_t *frm; 2959 uint8_t *selcnt; 2960 struct wlan_crypto_comp_priv *crypto_priv; 2961 struct wlan_crypto_params *crypto_params; 2962 2963 frm = iebuf; 2964 if (!frm) { 2965 crypto_err("ie buffer NULL"); 2966 return NULL; 2967 } 2968 2969 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2970 2971 if (!crypto_params) { 2972 crypto_err("crypto_params NULL"); 2973 return NULL; 2974 } 2975 2976 *frm++ = WLAN_ELEMID_WAPI; 2977 *frm++ = 0; 2978 2979 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 2980 2981 /* authenticator selector list */ 2982 selcnt = frm; 2983 WLAN_CRYPTO_ADDSHORT(frm, 0); 2984 2985 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 2986 selcnt[0]++; 2987 WLAN_CRYPTO_ADDSELECTOR(frm, 2988 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 2989 } 2990 2991 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 2992 selcnt[0]++; 2993 WLAN_CRYPTO_ADDSELECTOR(frm, 2994 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 2995 } 2996 2997 /* unicast cipher list */ 2998 selcnt = frm; 2999 WLAN_CRYPTO_ADDSHORT(frm, 0); 3000 3001 if (UCIPHER_IS_SMS4(crypto_params)) { 3002 selcnt[0]++; 3003 WLAN_CRYPTO_ADDSELECTOR(frm, 3004 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3005 } 3006 3007 WLAN_CRYPTO_ADDSELECTOR(frm, 3008 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3009 3010 /* optional capabilities */ 3011 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3012 3013 /* bkid count */ 3014 WLAN_CRYPTO_ADDSHORT(frm, 0); 3015 3016 /* calculate element length */ 3017 iebuf[1] = frm - iebuf - 2; 3018 3019 return frm; 3020 3021 } 3022 3023 /** 3024 * wlan_crypto_pn_check - called by data patch for PN check 3025 * @vdev: vdev 3026 * @wbuf: wbuf 3027 * 3028 * This function gets called by data patch for PN check 3029 * 3030 * Return: QDF_STATUS 3031 */ 3032 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3033 qdf_nbuf_t wbuf){ 3034 /* Need to check is there real requirement for this function 3035 * as PN check is already handled in decap function. 3036 */ 3037 return QDF_STATUS_SUCCESS; 3038 } 3039 3040 /** 3041 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3042 * @vdev:vdev 3043 * 3044 * This function gets called by mlme to get crypto params 3045 * 3046 * Return: wlan_crypto_params or NULL in case of failure 3047 */ 3048 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3049 struct wlan_objmgr_vdev *vdev){ 3050 struct wlan_crypto_comp_priv *crypto_priv; 3051 3052 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3053 } 3054 3055 /** 3056 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3057 * @peer:peer 3058 * 3059 * This function gets called by mlme to get crypto params 3060 * 3061 * Return: wlan_crypto_params or NULL in case of failure 3062 */ 3063 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3064 struct wlan_objmgr_peer *peer){ 3065 struct wlan_crypto_comp_priv *crypto_priv; 3066 3067 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3068 } 3069 3070 3071 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3072 struct wlan_objmgr_peer *peer) 3073 { 3074 struct wlan_crypto_comp_priv *crypto_priv; 3075 struct wlan_crypto_comp_priv *sta_crypto_priv; 3076 struct wlan_crypto_params *crypto_params; 3077 struct wlan_crypto_key *key; 3078 struct wlan_crypto_key *sta_key; 3079 struct wlan_crypto_cipher *cipher_table; 3080 struct wlan_objmgr_psoc *psoc; 3081 uint8_t *mac_addr; 3082 int i; 3083 enum QDF_OPMODE opmode; 3084 3085 if (!vdev) 3086 return QDF_STATUS_E_NULL_VALUE; 3087 3088 if (!peer) { 3089 crypto_err("peer NULL"); 3090 return QDF_STATUS_E_INVAL; 3091 } 3092 3093 opmode = wlan_vdev_mlme_get_opmode(vdev); 3094 psoc = wlan_vdev_get_psoc(vdev); 3095 3096 if (!psoc) { 3097 crypto_err("psoc NULL"); 3098 return QDF_STATUS_E_NULL_VALUE; 3099 } 3100 3101 wlan_peer_obj_lock(peer); 3102 mac_addr = wlan_peer_get_macaddr(peer); 3103 wlan_peer_obj_unlock(peer); 3104 3105 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3106 &crypto_priv); 3107 if (crypto_priv == NULL) { 3108 crypto_err("crypto_priv NULL"); 3109 return QDF_STATUS_E_NULL_VALUE; 3110 } 3111 3112 /* push only valid static WEP keys from vap */ 3113 if (AUTH_IS_8021X(crypto_params)) 3114 return QDF_STATUS_E_INVAL; 3115 3116 if (opmode == QDF_STA_MODE) { 3117 peer = wlan_vdev_get_bsspeer(vdev); 3118 if (!peer) { 3119 crypto_err("peer NULL"); 3120 return QDF_STATUS_E_INVAL; 3121 } 3122 } 3123 3124 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3125 if (sta_crypto_priv == NULL) { 3126 crypto_err("sta priv is null"); 3127 return QDF_STATUS_E_INVAL; 3128 } 3129 3130 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3131 if (crypto_priv->key[i]) { 3132 key = crypto_priv->key[i]; 3133 if (!key || !key->valid) 3134 continue; 3135 3136 cipher_table = (struct wlan_crypto_cipher *) 3137 key->cipher_table; 3138 3139 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3140 sta_key = qdf_mem_malloc( 3141 sizeof(struct wlan_crypto_key)); 3142 if (!sta_key) { 3143 crypto_err("key alloc failed"); 3144 return QDF_STATUS_E_NOMEM; 3145 } 3146 sta_crypto_priv->key[i] = sta_key; 3147 qdf_mem_copy(sta_key, key, 3148 sizeof(struct wlan_crypto_key)); 3149 3150 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3151 3152 if (crypto_priv->def_tx_keyid == i) { 3153 sta_key->flags 3154 |= WLAN_CRYPTO_KEY_DEFAULT; 3155 sta_crypto_priv->def_tx_keyid = 3156 crypto_priv->def_tx_keyid; 3157 } 3158 /* setting the broadcast/multicast key for sta*/ 3159 if (opmode == QDF_STA_MODE || 3160 opmode == QDF_IBSS_MODE){ 3161 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3162 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 3163 vdev, sta_key, mac_addr, 3164 cipher_table->cipher); 3165 } 3166 } 3167 3168 /* setting unicast key */ 3169 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3170 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3171 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 3172 sta_key, mac_addr, 3173 cipher_table->cipher); 3174 } 3175 } 3176 } 3177 } 3178 3179 return QDF_STATUS_SUCCESS; 3180 } 3181 3182 /** 3183 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3184 * @crypto_rx_ops: crypto_rx_ops 3185 * 3186 * This function gets called by object manger to register crypto rx ops. 3187 * 3188 * Return: QDF_STATUS 3189 */ 3190 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3191 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3192 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3193 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3194 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3195 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3196 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3197 3198 return QDF_STATUS_SUCCESS; 3199 } 3200 3201 /** 3202 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3203 * @psoc: psoc 3204 * 3205 * This function gets called by umac to get the crypto_rx_ops 3206 * 3207 * Return: crypto_rx_ops 3208 */ 3209 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3210 struct wlan_objmgr_psoc *psoc) 3211 { 3212 3213 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 3214 } 3215 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3216 3217 /** 3218 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3219 * @vdev: vdev 3220 * @authvalue: authvalue to be checked 3221 * 3222 * This function check is authvalue passed is set in vdev or not 3223 * 3224 * Return: true or false 3225 */ 3226 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3227 wlan_crypto_auth_mode authvalue) 3228 { 3229 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 3230 & authvalue; 3231 } 3232 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3233 3234 /** 3235 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3236 * @peer: peer 3237 * @authvalue: authvalue to be checked 3238 * 3239 * This function check is authvalue passed is set in peer or not 3240 * 3241 * Return: true or false 3242 */ 3243 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3244 wlan_crypto_auth_mode authvalue) 3245 { 3246 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3247 & authvalue; 3248 } 3249 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3250 3251 /** 3252 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3253 * @vdev: vdev 3254 * @ucastcipher: ucastcipher to be checked 3255 * 3256 * This function check is ucastcipher passed is set in vdev or not 3257 * 3258 * Return: true or false 3259 */ 3260 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3261 wlan_crypto_cipher_type ucastcipher) 3262 { 3263 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3264 & ucastcipher; 3265 } 3266 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3267 3268 /** 3269 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3270 * @peer: peer 3271 * @ucastcipher: ucastcipher to be checked 3272 * 3273 * This function check is ucastcipher passed is set in peer or not 3274 * 3275 * Return: true or false 3276 */ 3277 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3278 wlan_crypto_cipher_type ucastcipher) 3279 { 3280 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3281 & ucastcipher; 3282 } 3283 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3284 3285 /** 3286 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3287 * @vdev: vdev 3288 * @mcastcipher: mcastcipher to be checked 3289 * 3290 * This function check is mcastcipher passed is set in vdev or not 3291 * 3292 * Return: true or false 3293 */ 3294 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3295 wlan_crypto_cipher_type mcastcipher) 3296 { 3297 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3298 & mcastcipher; 3299 } 3300 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3301 3302 /** 3303 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3304 * @peer: peer 3305 * @mcastcipher: mcastcipher to be checked 3306 * 3307 * This function check is mcastcipher passed is set in peer or not 3308 * 3309 * Return: true or false 3310 */ 3311 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3312 wlan_crypto_cipher_type mcastcipher) 3313 { 3314 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3315 & mcastcipher; 3316 } 3317 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3318 3319 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3320 { 3321 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3322 3323 if (!peer) { 3324 crypto_err("Invalid Input"); 3325 return 0; 3326 } 3327 3328 crypto_priv = wlan_get_peer_crypto_obj(peer); 3329 if (!crypto_priv) { 3330 crypto_err("crypto_priv NULL"); 3331 return 0; 3332 } 3333 3334 return crypto_priv->fils_aead_set; 3335 } 3336 3337 void 3338 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3339 { 3340 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3341 3342 if (!peer) { 3343 crypto_err("Invalid Input"); 3344 return; 3345 } 3346 3347 crypto_priv = wlan_get_peer_crypto_obj(peer); 3348 if (!crypto_priv) { 3349 crypto_err("crypto_priv NULL"); 3350 return; 3351 } 3352 3353 crypto_priv->fils_aead_set = value; 3354 } 3355 3356 /** 3357 * wlan_crypto_get_key_header - get header length 3358 * @key: key 3359 * 3360 * This function gets header length based on keytype 3361 * 3362 * Return: header length 3363 */ 3364 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3365 { 3366 struct wlan_crypto_cipher *cipher_table; 3367 3368 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3369 if (cipher_table) 3370 return cipher_table->header; 3371 else 3372 return 0; 3373 } 3374 3375 qdf_export_symbol(wlan_crypto_get_key_header); 3376 3377 /** 3378 * wlan_crypto_get_key_trailer - get cipher trailer length 3379 * @key: key 3380 * 3381 * This function gets cipher trailer length based on keytype 3382 * 3383 * Return: cipher trailer length 3384 */ 3385 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3386 { 3387 struct wlan_crypto_cipher *cipher_table; 3388 3389 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3390 if (cipher_table) 3391 return cipher_table->trailer; 3392 else 3393 return 0; 3394 } 3395 3396 qdf_export_symbol(wlan_crypto_get_key_trailer); 3397 3398 /** 3399 * wlan_crypto_get_key_miclen - get cipher miclen length 3400 * @key: key 3401 * 3402 * This function gets cipher miclen length based on keytype 3403 * 3404 * Return: cipher miclen length 3405 */ 3406 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3407 { 3408 struct wlan_crypto_cipher *cipher_table; 3409 3410 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3411 if (cipher_table) 3412 return cipher_table->miclen; 3413 else 3414 return 0; 3415 } 3416 3417 qdf_export_symbol(wlan_crypto_get_key_miclen); 3418 3419 /** 3420 * wlan_crypto_get_keyid - get keyid from frame 3421 * @data: frame 3422 * 3423 * This function parse frame and returns keyid 3424 * 3425 * Return: keyid 3426 */ 3427 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3428 { 3429 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3430 uint8_t *iv; 3431 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3432 3433 /* 3434 * In FILS SK (Re)Association request/response frame has 3435 * to be decrypted 3436 */ 3437 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3438 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3439 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3440 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3441 return 0; 3442 } 3443 3444 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3445 iv = data + hdrlen; 3446 /* 3447 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3448 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3449 */ 3450 return ((iv[3] >> 6) & 0x3); 3451 } else { 3452 return WLAN_CRYPTO_KEYIX_NONE; 3453 } 3454 } 3455 3456 qdf_export_symbol(wlan_crypto_get_keyid); 3457 3458 /** 3459 * crypto_plumb_peer_keys - called during radio reset 3460 * @vdev: vdev 3461 * @object: peer 3462 * @arg: psoc 3463 * 3464 * Restore unicast and persta hardware keys 3465 * 3466 * Return: void 3467 */ 3468 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3469 void *object, void *arg) { 3470 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3471 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3472 struct wlan_crypto_comp_priv *crypto_priv; 3473 struct wlan_crypto_params *crypto_params; 3474 struct wlan_crypto_key *key = NULL; 3475 int i; 3476 3477 if ((NULL == peer) || (NULL == vdev) || (NULL == psoc)) { 3478 crypto_err("Peer or vdev or psoc objects are null!"); 3479 return; 3480 } 3481 3482 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3483 &crypto_priv); 3484 3485 if (!crypto_priv) { 3486 crypto_err("crypto_priv NULL"); 3487 return; 3488 } 3489 3490 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3491 key = crypto_priv->key[i]; 3492 if (key && key->valid) { 3493 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3494 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3495 ( 3496 vdev, 3497 key, 3498 wlan_peer_get_macaddr(peer), 3499 wlan_crypto_get_key_type(key) 3500 ); 3501 } 3502 } 3503 } 3504 } 3505 3506 /** 3507 * wlan_crypto_restore_keys - called during radio reset 3508 * @vdev: vdev 3509 * 3510 * Clear and restore keycache, needed for some DA chipsets which put 3511 * random values in keycache when phy reset is triggered 3512 * 3513 * Return: void 3514 */ 3515 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3516 { 3517 int i; 3518 struct wlan_crypto_comp_priv *crypto_priv; 3519 struct wlan_crypto_params *crypto_params; 3520 struct wlan_crypto_key *key; 3521 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3522 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3523 struct wlan_objmgr_pdev *pdev = NULL; 3524 struct wlan_objmgr_psoc *psoc = NULL; 3525 3526 pdev = wlan_vdev_get_pdev(vdev); 3527 psoc = wlan_vdev_get_psoc(vdev); 3528 if (NULL == pdev) { 3529 crypto_err("pdev is NULL"); 3530 return; 3531 } 3532 if (NULL == psoc) { 3533 crypto_err("psoc is NULL"); 3534 return; 3535 } 3536 3537 /* TBD: QWRAP key restore*/ 3538 /* crypto is on */ 3539 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3540 /* restore static shared keys */ 3541 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3542 crypto_params = wlan_crypto_vdev_get_comp_params 3543 ( 3544 vdev, 3545 &crypto_priv 3546 ); 3547 if (!crypto_priv) { 3548 crypto_err("crypto_priv is NULL"); 3549 return; 3550 } 3551 key = crypto_priv->key[i]; 3552 if (key && key->valid) { 3553 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3554 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3555 ( 3556 vdev, 3557 key, 3558 macaddr, 3559 wlan_crypto_get_key_type(key) 3560 ); 3561 } 3562 } 3563 } 3564 3565 wlan_objmgr_iterate_peerobj_list(vdev, 3566 crypto_plumb_peer_keys, 3567 psoc, 3568 WLAN_CRYPTO_ID); 3569 } 3570 } 3571 3572 /** 3573 * wlan_crypto_check_open_none - called by ucfg to check for open security 3574 * @psoc: psoc pointer 3575 * @vdev_id: vdev id 3576 * 3577 * This function gets called from ucfg to check open security. 3578 * 3579 * Return: true or false 3580 */ 3581 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3582 { 3583 struct wlan_crypto_comp_priv *crypto_priv; 3584 struct wlan_crypto_params *crypto_params; 3585 struct wlan_objmgr_vdev *vdev; 3586 bool match = true; 3587 3588 if (!psoc) { 3589 crypto_err("PSOC is NULL"); 3590 return false; 3591 } 3592 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3593 WLAN_CRYPTO_ID); 3594 if (!vdev) { 3595 crypto_err("vdev is NULL"); 3596 return false; 3597 } 3598 3599 crypto_priv = (struct wlan_crypto_comp_priv *) 3600 wlan_get_vdev_crypto_obj(vdev); 3601 3602 if (!crypto_priv) { 3603 crypto_err("crypto_priv NULL"); 3604 match = false; 3605 goto send_res; 3606 } 3607 3608 crypto_params = &crypto_priv->crypto_params; 3609 3610 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 3611 match = false; 3612 goto send_res; 3613 } 3614 3615 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3616 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 3617 match = false; 3618 3619 send_res: 3620 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3621 3622 return match; 3623 } 3624 3625 /** 3626 * wlan_crypto_check_wep - called by ucfg to check for WEP security 3627 * @psoc: psoc pointer 3628 * @vdev_id: vdev id 3629 * 3630 * This function gets called from ucfg to check WEP security. 3631 * 3632 * Return: true or false 3633 */ 3634 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3635 { 3636 struct wlan_crypto_comp_priv *crypto_priv; 3637 struct wlan_crypto_params *crypto_params; 3638 struct wlan_objmgr_vdev *vdev; 3639 bool match = true; 3640 3641 if (!psoc) { 3642 crypto_err("PSOC is NULL"); 3643 return false; 3644 } 3645 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3646 WLAN_CRYPTO_ID); 3647 if (!vdev) { 3648 crypto_err("vdev is NULL"); 3649 return false; 3650 } 3651 3652 crypto_priv = (struct wlan_crypto_comp_priv *) 3653 wlan_get_vdev_crypto_obj(vdev); 3654 3655 if (!crypto_priv) { 3656 crypto_err("crypto_priv NULL"); 3657 match = false; 3658 goto send_res; 3659 } 3660 3661 crypto_params = &crypto_priv->crypto_params; 3662 3663 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3664 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3665 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3666 match = false; 3667 goto send_res; 3668 } 3669 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3670 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3671 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3672 match = false; 3673 goto send_res; 3674 } 3675 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 3676 match = false; 3677 goto send_res; 3678 } 3679 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3680 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 3681 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 3682 match = false; 3683 } 3684 send_res: 3685 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3686 3687 return match; 3688 } 3689 3690 static QDF_STATUS 3691 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 3692 uint8_t *ie_ptr, uint16_t ie_len) 3693 { 3694 const uint8_t *rsn_ie = NULL; 3695 QDF_STATUS status; 3696 3697 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3698 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 3699 if (!rsn_ie) { 3700 crypto_err("RSN IE NULL"); 3701 return QDF_STATUS_E_INVAL; 3702 } 3703 3704 status = wlan_crypto_rsnie_check(crypto_params, (uint8_t *)rsn_ie); 3705 if (QDF_STATUS_SUCCESS != status) { 3706 crypto_err("RSN IE check failed"); 3707 return status; 3708 } 3709 3710 return QDF_STATUS_SUCCESS; 3711 } 3712 3713 static QDF_STATUS 3714 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 3715 uint8_t *ie_ptr, uint16_t ie_len) 3716 { 3717 const uint8_t *wpa_ie = NULL; 3718 uint32_t wpa_oui; 3719 QDF_STATUS status; 3720 3721 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3722 3723 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 3724 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 3725 WLAN_OUI_SIZE, ie_ptr, ie_len); 3726 if (!wpa_ie) { 3727 crypto_err("WPA IE NULL"); 3728 return QDF_STATUS_E_INVAL; 3729 } 3730 3731 status = wlan_crypto_wpaie_check(crypto_params, (uint8_t *)wpa_ie); 3732 if (QDF_STATUS_SUCCESS != status) { 3733 crypto_err("WPA IE check failed"); 3734 return status; 3735 } 3736 3737 return QDF_STATUS_SUCCESS; 3738 } 3739 /** 3740 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 3741 * @psoc: psoc pointer 3742 * @vdev_id: vdev id 3743 * @ie_ptr: pointer to IEs 3744 * @ie_len: IE length 3745 * 3746 * This function gets called from ucfg to check RSN match. 3747 * 3748 * Return: true or false 3749 */ 3750 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 3751 uint8_t vdev_id, uint8_t *ie_ptr, 3752 uint16_t ie_len) 3753 { 3754 struct wlan_crypto_params peer_crypto_params; 3755 struct wlan_objmgr_vdev *vdev; 3756 bool match = true; 3757 QDF_STATUS status; 3758 3759 if (!psoc) { 3760 crypto_err("PSOC is NULL"); 3761 return false; 3762 } 3763 status = wlan_get_crypto_params_from_rsn_ie(&peer_crypto_params, 3764 ie_ptr, ie_len); 3765 if (QDF_STATUS_SUCCESS != status) { 3766 crypto_err("get crypto prarams from RSN IE failed"); 3767 return false; 3768 } 3769 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3770 WLAN_CRYPTO_ID); 3771 if (!vdev) { 3772 crypto_err("vdev is NULL"); 3773 return false; 3774 } 3775 3776 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3777 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3778 3779 return match; 3780 } 3781 3782 /** 3783 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 3784 * @psoc: psoc pointer 3785 * @vdev_id: vdev id 3786 * @ie_ptr: pointer to IEs 3787 * @ie_len: IE length 3788 * 3789 * This function gets called from ucfg to check WPA match. 3790 * 3791 * Return: true or false 3792 */ 3793 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 3794 uint8_t vdev_id, uint8_t *ie_ptr, 3795 uint16_t ie_len) 3796 { 3797 struct wlan_crypto_params peer_crypto_params; 3798 struct wlan_objmgr_vdev *vdev; 3799 bool match = true; 3800 QDF_STATUS status; 3801 3802 if (!psoc) { 3803 crypto_err("PSOC is NULL"); 3804 return false; 3805 } 3806 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3807 WLAN_CRYPTO_ID); 3808 if (!vdev) { 3809 crypto_err("vdev is NULL"); 3810 return false; 3811 } 3812 3813 status = wlan_get_crypto_params_from_wpa_ie(&peer_crypto_params, 3814 ie_ptr, ie_len); 3815 if (QDF_STATUS_SUCCESS != status) { 3816 crypto_err("get crypto prarams from WPA IE failed"); 3817 match = false; 3818 goto send_res; 3819 } 3820 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3821 send_res: 3822 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3823 3824 return match; 3825 } 3826 3827 3828 static void 3829 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 3830 struct wlan_crypto_params *src_params) 3831 { 3832 dst_params->authmodeset |= src_params->authmodeset; 3833 dst_params->ucastcipherset |= src_params->ucastcipherset; 3834 dst_params->mcastcipherset |= src_params->mcastcipherset; 3835 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 3836 dst_params->cipher_caps |= src_params->cipher_caps; 3837 dst_params->key_mgmt |= src_params->key_mgmt; 3838 dst_params->rsn_caps |= src_params->rsn_caps; 3839 } 3840 3841 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 3842 uint8_t *ie_ptr, 3843 uint16_t ie_len) 3844 { 3845 struct wlan_crypto_params crypto_params; 3846 QDF_STATUS status; 3847 struct wlan_crypto_params *vdev_crypto_params; 3848 struct wlan_crypto_comp_priv *crypto_priv; 3849 bool send_fail = false; 3850 3851 if (!vdev) { 3852 crypto_err("VDEV is NULL"); 3853 return QDF_STATUS_E_FAILURE; 3854 } 3855 3856 if (!ie_ptr) { 3857 crypto_err("IE ptr is NULL"); 3858 return QDF_STATUS_E_FAILURE; 3859 } 3860 3861 crypto_priv = (struct wlan_crypto_comp_priv *) 3862 wlan_get_vdev_crypto_obj(vdev); 3863 3864 if (!crypto_priv) { 3865 crypto_err("crypto_priv NULL"); 3866 return QDF_STATUS_E_FAILURE; 3867 } 3868 3869 vdev_crypto_params = &crypto_priv->crypto_params; 3870 3871 qdf_mem_zero(vdev_crypto_params, sizeof(struct wlan_crypto_params)); 3872 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 3873 ie_ptr, ie_len); 3874 if (QDF_STATUS_SUCCESS == status) { 3875 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 3876 } else { 3877 crypto_err("get crypto prarams from RSN IE failed"); 3878 send_fail = true; 3879 } 3880 3881 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 3882 ie_ptr, ie_len); 3883 if (QDF_STATUS_SUCCESS == status) { 3884 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 3885 send_fail = false; 3886 } else { 3887 crypto_err("get crypto prarams from WPA IE failed"); 3888 } 3889 3890 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 3891 } 3892 3893 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 3894 { 3895 struct wlan_crypto_comp_priv *crypto_priv; 3896 3897 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 3898 if (!crypto_priv) { 3899 crypto_err("crypto_priv NULL"); 3900 return QDF_STATUS_E_FAILURE; 3901 } 3902 3903 if (igtk) 3904 return crypto_priv->def_igtk_tx_keyid; 3905 else 3906 return crypto_priv->def_tx_keyid; 3907 } 3908 3909 enum wlan_crypto_cipher_type 3910 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 3911 bool pairwise, uint8_t key_index) 3912 { 3913 struct wlan_crypto_key *crypto_key; 3914 3915 crypto_key = wlan_crypto_get_key(vdev, key_index); 3916 3917 if (crypto_key) 3918 return crypto_key->cipher_type; 3919 else 3920 return WLAN_CRYPTO_CIPHER_INVALID; 3921 } 3922 3923 #ifdef CRYPTO_SET_KEY_CONVERGED 3924 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 3925 uint8_t key_index, uint8_t key_len, 3926 uint8_t seq_len) 3927 { 3928 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 3929 crypto_err("Invalid Key index %d", key_index); 3930 return QDF_STATUS_E_INVAL; 3931 } 3932 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 3933 crypto_err("Invalid Cipher %d", cipher); 3934 return QDF_STATUS_E_INVAL; 3935 } 3936 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 3937 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 3938 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 3939 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 3940 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 3941 crypto_err("Invalid key index %d for cipher %d", 3942 key_index, cipher); 3943 return QDF_STATUS_E_INVAL; 3944 } 3945 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 3946 crypto_err("Invalid key length %d", key_len); 3947 return QDF_STATUS_E_INVAL; 3948 } 3949 3950 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 3951 crypto_err("Invalid seq length %d", seq_len); 3952 return QDF_STATUS_E_INVAL; 3953 } 3954 3955 crypto_debug("key: idx:%d, len:%d, seq len:%d", 3956 key_index, key_len, seq_len); 3957 3958 return QDF_STATUS_SUCCESS; 3959 } 3960 3961 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 3962 uint8_t key_index, 3963 struct wlan_crypto_key *crypto_key) 3964 { 3965 struct wlan_crypto_comp_priv *crypto_priv; 3966 3967 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 3968 if (!crypto_priv) { 3969 crypto_err("crypto_priv NULL"); 3970 return QDF_STATUS_E_FAILURE; 3971 } 3972 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 3973 crypto_err("Invalid Key index %d", key_index); 3974 return QDF_STATUS_E_FAILURE; 3975 } 3976 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 3977 crypto_priv->key[key_index] = crypto_key; 3978 else 3979 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 3980 crypto_key; 3981 3982 return QDF_STATUS_SUCCESS; 3983 } 3984 3985 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 3986 uint8_t key_index) 3987 { 3988 struct wlan_crypto_comp_priv *crypto_priv; 3989 3990 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 3991 if (!crypto_priv) { 3992 crypto_err("crypto_priv NULL"); 3993 return NULL; 3994 } 3995 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 3996 crypto_err("Invalid Key index %d", key_index); 3997 return NULL; 3998 } 3999 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4000 return crypto_priv->key[key_index]; 4001 4002 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4003 } 4004 4005 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4006 struct wlan_crypto_key *req, 4007 bool pairwise) 4008 { 4009 struct wlan_objmgr_psoc *psoc; 4010 4011 psoc = wlan_vdev_get_psoc(vdev); 4012 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)) 4013 WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)(vdev, req, pairwise); 4014 else 4015 return QDF_STATUS_E_FAILURE; 4016 4017 return QDF_STATUS_SUCCESS; 4018 } 4019 4020 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4021 bool pairwise, uint8_t key_index, 4022 struct qdf_mac_addr *peer_mac) 4023 { 4024 struct wlan_crypto_key *crypto_key; 4025 4026 crypto_key = wlan_crypto_get_key(vdev, key_index); 4027 if (!crypto_key) { 4028 crypto_err("crypto_key not present for key_idx %d", key_index); 4029 return; 4030 } 4031 4032 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4033 } 4034 #endif 4035