1 /* 2 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include "wlan_crypto_main.h" 39 #include <qdf_module.h> 40 41 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 42 43 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 44 WLAN_CRYPTO_ADDSELECTOR(frm,\ 45 wlan_crypto_wpa_cipher_to_suite(cipher)) 46 47 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 48 WLAN_CRYPTO_ADDSELECTOR(frm,\ 49 wlan_crypto_rsn_cipher_to_suite(cipher)) 50 51 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 52 WLAN_CRYPTO_ADDSELECTOR(frm,\ 53 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 54 55 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 56 WLAN_CRYPTO_ADDSELECTOR(frm,\ 57 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 58 59 static int is_valid_keyix(uint16_t keyix) 60 { 61 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 62 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 63 return 0; 64 else 65 return 1; 66 } 67 68 static int is_igtk(uint16_t keyix) 69 { 70 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 71 return 0; 72 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 73 return 0; 74 else 75 return 1; 76 } 77 78 static int is_bigtk(uint16_t keyix) 79 { 80 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 81 return 0; 82 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 83 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 84 return 0; 85 else 86 return 1; 87 } 88 89 /** 90 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 91 * @vdev:vdev 92 * 93 * This function gets called by mlme to get crypto params 94 * 95 * Return: wlan_crypto_params or NULL in case of failure 96 */ 97 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 98 struct wlan_objmgr_vdev *vdev, 99 struct wlan_crypto_comp_priv **crypto_priv){ 100 *crypto_priv = (struct wlan_crypto_comp_priv *) 101 wlan_get_vdev_crypto_obj(vdev); 102 if (!(*crypto_priv)) { 103 crypto_err("crypto_priv NULL"); 104 return NULL; 105 } 106 107 return &((*crypto_priv)->crypto_params); 108 } 109 110 /** 111 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 112 * @peer:peer 113 * 114 * This function gets called by mlme to get crypto params 115 * 116 * Return: wlan_crypto_params or NULL in case of failure 117 */ 118 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 119 struct wlan_objmgr_peer *peer, 120 struct wlan_crypto_comp_priv **crypto_priv){ 121 122 *crypto_priv = (struct wlan_crypto_comp_priv *) 123 wlan_get_peer_crypto_obj(peer); 124 if (!*crypto_priv) { 125 crypto_err("crypto_priv NULL"); 126 return NULL; 127 } 128 129 return &((*crypto_priv)->crypto_params); 130 } 131 132 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 133 { 134 return QDF_STATUS_SUCCESS; 135 } 136 137 /** 138 * wlan_crypto_set_param - called by ucfg to set crypto param 139 * @crypto_params: crypto_params 140 * @param: param to be set. 141 * @value: value 142 * 143 * This function gets called from ucfg to set param 144 * 145 * Return: QDF_STATUS_SUCCESS - in case of success 146 */ 147 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 148 wlan_crypto_param_type param, 149 uint32_t value){ 150 QDF_STATUS status = QDF_STATUS_E_INVAL; 151 152 crypto_debug("param %d, value %d", param, value); 153 switch (param) { 154 case WLAN_CRYPTO_PARAM_AUTH_MODE: 155 status = wlan_crypto_set_authmode(crypto_params, value); 156 break; 157 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 158 status = wlan_crypto_set_ucastciphers(crypto_params, value); 159 break; 160 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 161 status = wlan_crypto_set_mcastcipher(crypto_params, value); 162 break; 163 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 164 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 165 break; 166 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 167 status = wlan_crypto_set_cipher_cap(crypto_params, value); 168 break; 169 case WLAN_CRYPTO_PARAM_RSN_CAP: 170 status = wlan_crypto_set_rsn_cap(crypto_params, value); 171 break; 172 case WLAN_CRYPTO_PARAM_KEY_MGMT: 173 status = wlan_crypto_set_key_mgmt(crypto_params, value); 174 break; 175 default: 176 status = QDF_STATUS_E_INVAL; 177 } 178 return status; 179 } 180 181 /** 182 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 183 * @vdev: vdev 184 * @param: param to be set. 185 * @value: value 186 * 187 * This function gets called from ucfg to set param 188 * 189 * Return: QDF_STATUS_SUCCESS - in case of success 190 */ 191 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 192 wlan_crypto_param_type param, 193 uint32_t value){ 194 QDF_STATUS status = QDF_STATUS_E_INVAL; 195 struct wlan_crypto_comp_priv *crypto_priv; 196 struct wlan_crypto_params *crypto_params; 197 198 crypto_priv = (struct wlan_crypto_comp_priv *) 199 wlan_get_vdev_crypto_obj(vdev); 200 201 if (!crypto_priv) { 202 crypto_err("crypto_priv NULL"); 203 return QDF_STATUS_E_INVAL; 204 } 205 206 crypto_params = &(crypto_priv->crypto_params); 207 208 status = wlan_crypto_set_param(crypto_params, param, value); 209 210 return status; 211 } 212 213 /** 214 * wlan_crypto_set_param - called by ucfg to set crypto param 215 * 216 * @peer: peer 217 * @param: param to be set. 218 * @value: value 219 * 220 * This function gets called from ucfg to set param 221 * 222 * Return: QDF_STATUS_SUCCESS - in case of success 223 */ 224 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 225 wlan_crypto_param_type param, 226 uint32_t value){ 227 QDF_STATUS status = QDF_STATUS_E_INVAL; 228 struct wlan_crypto_comp_priv *crypto_priv; 229 struct wlan_crypto_params *crypto_params; 230 231 crypto_params = wlan_crypto_peer_get_comp_params(peer, 232 &crypto_priv); 233 234 if (!crypto_priv) { 235 crypto_err("crypto_priv NULL"); 236 return QDF_STATUS_E_INVAL; 237 } 238 239 crypto_params = &(crypto_priv->crypto_params); 240 241 status = wlan_crypto_set_param(crypto_params, param, value); 242 243 return status; 244 } 245 246 /** 247 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 248 * @param: Crypto param type 249 * @crypto_params: Crypto params struct 250 * 251 * This function gets called from in-within crypto layer 252 * 253 * Return: value or -1 for failure 254 */ 255 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 256 struct wlan_crypto_params *crypto_params) 257 { 258 int32_t value; 259 260 switch (param) { 261 case WLAN_CRYPTO_PARAM_AUTH_MODE: 262 value = wlan_crypto_get_authmode(crypto_params); 263 break; 264 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 265 value = wlan_crypto_get_ucastciphers(crypto_params); 266 break; 267 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 268 value = wlan_crypto_get_mcastcipher(crypto_params); 269 break; 270 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 271 value = wlan_crypto_get_mgmtciphers(crypto_params); 272 break; 273 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 274 value = wlan_crypto_get_cipher_cap(crypto_params); 275 break; 276 case WLAN_CRYPTO_PARAM_RSN_CAP: 277 value = wlan_crypto_get_rsn_cap(crypto_params); 278 break; 279 case WLAN_CRYPTO_PARAM_KEY_MGMT: 280 value = wlan_crypto_get_key_mgmt(crypto_params); 281 break; 282 default: 283 value = -1; 284 } 285 286 return value; 287 } 288 289 /** 290 * wlan_crypto_get_param - called to get value for param from vdev 291 * @vdev: vdev 292 * @param: Crypto param type 293 * 294 * This function gets called to get value for param from vdev 295 * 296 * Return: value or -1 for failure 297 */ 298 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 299 wlan_crypto_param_type param) 300 { 301 int32_t value = -1; 302 struct wlan_crypto_comp_priv *crypto_priv; 303 struct wlan_crypto_params *crypto_params; 304 crypto_priv = (struct wlan_crypto_comp_priv *) 305 wlan_get_vdev_crypto_obj(vdev); 306 307 if (!crypto_priv) { 308 crypto_err("crypto_priv NULL"); 309 return value; 310 } 311 312 crypto_params = &(crypto_priv->crypto_params); 313 value = wlan_crypto_get_param_value(param, crypto_params); 314 315 return value; 316 } 317 /** 318 * wlan_crypto_get_peer_param - called to get value for param from peer 319 * @peer: peer 320 * @param: Crypto param type 321 * 322 * This function gets called to get value for param from peer 323 * 324 * Return: value or -1 for failure 325 */ 326 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 327 wlan_crypto_param_type param) 328 { 329 int32_t value = -1; 330 struct wlan_crypto_comp_priv *crypto_priv; 331 struct wlan_crypto_params *crypto_params; 332 333 crypto_params = wlan_crypto_peer_get_comp_params(peer, 334 &crypto_priv); 335 336 if (!crypto_params) { 337 crypto_err("crypto_params NULL"); 338 return value; 339 } 340 value = wlan_crypto_get_param_value(param, crypto_params); 341 342 return value; 343 } 344 qdf_export_symbol(wlan_crypto_get_peer_param); 345 346 static 347 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 348 struct wlan_crypto_pmksa *pmksa); 349 350 static 351 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 352 struct wlan_crypto_pmksa *pmksa) 353 { 354 uint8_t i, first_available_slot = 0; 355 bool slot_found = false; 356 357 /* Delete the old entry and then Add new entry */ 358 wlan_crypto_del_pmksa(crypto_params, pmksa); 359 360 /* find the empty slot as duplicate is already deleted */ 361 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 362 if (!crypto_params->pmksa[i]) { 363 slot_found = true; 364 first_available_slot = i; 365 break; 366 } 367 } 368 369 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 370 crypto_err("no entry available for pmksa"); 371 return QDF_STATUS_E_INVAL; 372 } 373 crypto_params->pmksa[first_available_slot] = pmksa; 374 crypto_debug("PMKSA: Added the PMKSA entry at index=%d", i); 375 376 return QDF_STATUS_SUCCESS; 377 } 378 379 static 380 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 381 struct wlan_crypto_pmksa *pmksa) 382 { 383 uint8_t i, j; 384 bool match_found = false; 385 u8 del_pmk[MAX_PMK_LEN] = {0}; 386 387 /* find slot with same bssid */ 388 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 389 if (!crypto_params->pmksa[i]) 390 continue; 391 if (qdf_is_macaddr_equal(&pmksa->bssid, 392 &crypto_params->pmksa[i]->bssid)) { 393 match_found = true; 394 } else if (pmksa->ssid_len && 395 !qdf_mem_cmp(pmksa->ssid, 396 crypto_params->pmksa[i]->ssid, 397 pmksa->ssid_len) && 398 !qdf_mem_cmp(pmksa->cache_id, 399 crypto_params->pmksa[i]->cache_id, 400 WLAN_CACHE_ID_LEN)) { 401 match_found = true; 402 } 403 404 if (match_found) { 405 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 406 crypto_params->pmksa[i]->pmk_len); 407 /* Free matching entry */ 408 qdf_mem_zero(crypto_params->pmksa[i], 409 sizeof(struct wlan_crypto_pmksa)); 410 qdf_mem_free(crypto_params->pmksa[i]); 411 crypto_params->pmksa[i] = NULL; 412 crypto_debug("PMKSA: Deleted PMKSA entry at index=%d", 413 i); 414 415 /* Find and remove the entries matching the pmk */ 416 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 417 if (!crypto_params->pmksa[j]) 418 continue; 419 if (crypto_params->pmksa[j]->pmk_len && 420 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 421 del_pmk, 422 crypto_params->pmksa[j]->pmk_len))) { 423 qdf_mem_zero(crypto_params->pmksa[j], 424 sizeof(struct wlan_crypto_pmksa)); 425 qdf_mem_free(crypto_params->pmksa[j]); 426 crypto_params->pmksa[j] = NULL; 427 crypto_debug("PMKSA: Deleted PMKSA at idx=%d", 428 j); 429 } 430 } 431 /* reset stored pmk */ 432 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 433 434 return QDF_STATUS_SUCCESS; 435 } 436 } 437 438 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 439 crypto_debug("No such pmksa entry exists"); 440 441 return QDF_STATUS_SUCCESS; 442 } 443 444 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 445 { 446 uint8_t i; 447 448 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 449 if (!crypto_params->pmksa[i]) 450 continue; 451 qdf_mem_zero(crypto_params->pmksa[i], 452 sizeof(struct wlan_crypto_pmksa)); 453 qdf_mem_free(crypto_params->pmksa[i]); 454 crypto_params->pmksa[i] = NULL; 455 } 456 457 return QDF_STATUS_SUCCESS; 458 } 459 460 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 461 struct wlan_crypto_pmksa *pmksa, 462 bool set) 463 { 464 QDF_STATUS status = QDF_STATUS_E_INVAL; 465 struct wlan_crypto_comp_priv *crypto_priv; 466 struct wlan_crypto_params *crypto_params; 467 struct wlan_crypto_pmksa *pmkid_cache = NULL; 468 enum QDF_OPMODE op_mode; 469 470 op_mode = wlan_vdev_mlme_get_opmode(vdev); 471 472 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 473 return QDF_STATUS_E_NOSUPPORT; 474 475 if (!pmksa && set) { 476 crypto_err("pmksa is NULL for set operation"); 477 return QDF_STATUS_E_INVAL; 478 } 479 crypto_priv = (struct wlan_crypto_comp_priv *) 480 wlan_get_vdev_crypto_obj(vdev); 481 482 if (!crypto_priv) { 483 crypto_err("crypto_priv NULL"); 484 return QDF_STATUS_E_INVAL; 485 } 486 487 crypto_params = &crypto_priv->crypto_params; 488 if (set) { 489 pmkid_cache = wlan_crypto_get_pmksa(vdev, &pmksa->bssid); 490 if (pmkid_cache && ((pmksa->pmk_len == pmkid_cache->pmk_len) && 491 !qdf_mem_cmp(pmkid_cache->pmk, pmksa->pmk, 492 pmksa->pmk_len))) { 493 crypto_debug("PMKSA entry found with same PMK"); 494 pmkid_cache = NULL; 495 return QDF_STATUS_E_EXISTS; 496 } 497 498 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 499 /* Set pmksa */ 500 } else { 501 /* del pmksa */ 502 if (!pmksa) 503 status = wlan_crypto_pmksa_flush(crypto_params); 504 else 505 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 506 } 507 508 return status; 509 } 510 511 QDF_STATUS wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev *vdev, 512 struct wlan_crypto_pmksa *pmksa) 513 { 514 QDF_STATUS status = QDF_STATUS_E_INVAL; 515 struct wlan_crypto_pmksa *cached_pmksa; 516 struct wlan_crypto_comp_priv *crypto_priv; 517 struct wlan_crypto_params *crypto_params; 518 uint8_t mdie_present, i; 519 uint16_t mobility_domain; 520 521 if (!pmksa) { 522 crypto_err("pmksa is NULL for set operation"); 523 return status; 524 } 525 526 crypto_priv = (struct wlan_crypto_comp_priv *) 527 wlan_get_vdev_crypto_obj(vdev); 528 if (!crypto_priv) { 529 crypto_err("crypto_priv NULL"); 530 return status; 531 } 532 533 crypto_params = &crypto_priv->crypto_params; 534 535 if (pmksa->mdid.mdie_present) { 536 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 537 if (!crypto_params->pmksa[i]) 538 continue; 539 cached_pmksa = crypto_params->pmksa[i]; 540 mdie_present = cached_pmksa->mdid.mdie_present; 541 mobility_domain = cached_pmksa->mdid.mobility_domain; 542 543 /* In FT connection when STA connects to AP1 then PMK1 544 * gets cached. And if STA disconnects from AP1 and 545 * connects to AP2 then PMK2 gets cached. This will 546 * result in having multiple PMK cache entries for the 547 * same MDID. So delete the old/stale PMK cache entries 548 * for the same mobility domain as of the newly added 549 * entry. And Update the MDID for the matching BSSID or 550 * SSID PMKSA entry. 551 */ 552 if (qdf_is_macaddr_equal 553 (&cached_pmksa->bssid, &pmksa->bssid)) { 554 cached_pmksa->mdid.mdie_present = 1; 555 cached_pmksa->mdid.mobility_domain = 556 pmksa->mdid.mobility_domain; 557 crypto_debug("Updated the MDID at index=%d", i); 558 status = QDF_STATUS_SUCCESS; 559 } else if (pmksa->ssid_len && 560 !qdf_mem_cmp(pmksa->ssid, 561 cached_pmksa->ssid, 562 pmksa->ssid_len) && 563 !qdf_mem_cmp(pmksa->cache_id, 564 cached_pmksa->cache_id, 565 WLAN_CACHE_ID_LEN)) { 566 cached_pmksa->mdid.mdie_present = 1; 567 cached_pmksa->mdid.mobility_domain = 568 pmksa->mdid.mobility_domain; 569 crypto_debug("Updated the MDID at index=%d", i); 570 status = QDF_STATUS_SUCCESS; 571 } else if (mdie_present && 572 (pmksa->mdid.mobility_domain == 573 mobility_domain)) { 574 qdf_mem_zero(crypto_params->pmksa[i], 575 sizeof(struct wlan_crypto_pmksa)); 576 qdf_mem_free(crypto_params->pmksa[i]); 577 crypto_params->pmksa[i] = NULL; 578 crypto_debug("Deleted PMKSA at index=%d", i); 579 status = QDF_STATUS_SUCCESS; 580 } 581 } 582 } 583 return status; 584 } 585 586 struct wlan_crypto_pmksa * 587 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 588 struct wlan_crypto_pmksa *pmksa) 589 { 590 struct wlan_crypto_comp_priv *crypto_priv; 591 struct wlan_crypto_params *crypto_params; 592 uint8_t i; 593 594 if (!pmksa) { 595 crypto_err("pmksa is NULL"); 596 return NULL; 597 } 598 crypto_priv = (struct wlan_crypto_comp_priv *) 599 wlan_get_vdev_crypto_obj(vdev); 600 601 if (!crypto_priv) { 602 crypto_err("crypto_priv NULL"); 603 return NULL; 604 } 605 606 crypto_params = &crypto_priv->crypto_params; 607 608 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 609 if (!crypto_params->pmksa[i]) 610 continue; 611 if (qdf_is_macaddr_equal(&pmksa->bssid, 612 &crypto_params->pmksa[i]->bssid)) { 613 return crypto_params->pmksa[i]; 614 } else if (pmksa->ssid_len && 615 !qdf_mem_cmp(pmksa->ssid, 616 crypto_params->pmksa[i]->ssid, 617 pmksa->ssid_len) && 618 !qdf_mem_cmp(pmksa->cache_id, 619 crypto_params->pmksa[i]->cache_id, 620 WLAN_CACHE_ID_LEN)){ 621 return crypto_params->pmksa[i]; 622 } 623 } 624 625 return NULL; 626 } 627 628 struct wlan_crypto_pmksa * 629 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 630 { 631 struct wlan_crypto_comp_priv *crypto_priv; 632 struct wlan_crypto_params *crypto_params; 633 uint8_t i; 634 635 if (!bssid) { 636 crypto_err("bssid is NULL"); 637 return NULL; 638 } 639 crypto_priv = (struct wlan_crypto_comp_priv *) 640 wlan_get_vdev_crypto_obj(vdev); 641 642 if (!crypto_priv) { 643 crypto_err("crypto_priv NULL"); 644 return NULL; 645 } 646 647 crypto_params = &crypto_priv->crypto_params; 648 649 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 650 if (!crypto_params->pmksa[i]) 651 continue; 652 if (qdf_is_macaddr_equal(bssid, 653 &crypto_params->pmksa[i]->bssid)) { 654 crypto_debug("PMKSA: Entry found at index %d", i); 655 return crypto_params->pmksa[i]; 656 } 657 } 658 659 return NULL; 660 } 661 662 struct wlan_crypto_pmksa * 663 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev, 664 uint8_t *cache_id, uint8_t *ssid, 665 uint8_t ssid_len) 666 { 667 struct wlan_crypto_comp_priv *crypto_priv; 668 struct wlan_crypto_params *crypto_params; 669 uint8_t i; 670 671 crypto_priv = (struct wlan_crypto_comp_priv *) 672 wlan_get_vdev_crypto_obj(vdev); 673 674 if (!crypto_priv) { 675 crypto_err("crypto_priv NULL"); 676 return NULL; 677 } 678 679 crypto_params = &crypto_priv->crypto_params; 680 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 681 if (!crypto_params->pmksa[i]) 682 continue; 683 684 if (!qdf_mem_cmp(cache_id, 685 crypto_params->pmksa[i]->cache_id, 686 WLAN_CACHE_ID_LEN) && 687 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid, 688 ssid_len) && 689 ssid_len == crypto_params->pmksa[i]->ssid_len) 690 return crypto_params->pmksa[i]; 691 } 692 693 return NULL; 694 } 695 696 /** 697 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 698 * @vdev: vdev 699 * @peer: peer 700 * 701 * This function gets called to check is HT allowed for cipher. 702 * HT is not allowed for wep and tkip. 703 * 704 * Return: 0 - not allowed or 1 - allowed 705 */ 706 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 707 struct wlan_objmgr_peer *peer) 708 { 709 int32_t ucast_cipher; 710 711 if (!(vdev || peer)) { 712 crypto_err("Invalid params"); 713 return 0; 714 } 715 716 if (vdev) 717 ucast_cipher = wlan_crypto_get_param(vdev, 718 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 719 else 720 ucast_cipher = wlan_crypto_get_peer_param(peer, 721 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 722 723 if (ucast_cipher == -1) { 724 crypto_err("Invalid params"); 725 return 0; 726 } 727 728 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 729 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 730 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 731 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 732 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 733 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 734 } 735 qdf_export_symbol(wlan_crypto_is_htallowed); 736 737 /** 738 * wlan_crypto_setkey - called by ucfg to setkey 739 * @vdev: vdev 740 * @req_key: req_key with cipher type, key macaddress 741 * 742 * This function gets called from ucfg to sey key 743 * 744 * Return: QDF_STATUS_SUCCESS - in case of success 745 */ 746 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 747 struct wlan_crypto_req_key *req_key){ 748 749 QDF_STATUS status = QDF_STATUS_E_INVAL; 750 struct wlan_crypto_comp_priv *crypto_priv; 751 struct wlan_crypto_params *crypto_params; 752 struct wlan_objmgr_psoc *psoc; 753 struct wlan_objmgr_peer *peer; 754 struct wlan_crypto_key *key = NULL; 755 const struct wlan_crypto_cipher *cipher; 756 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 757 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 758 bool isbcast; 759 enum QDF_OPMODE vdev_mode; 760 uint8_t igtk_idx = 0; 761 uint8_t bigtk_idx = 0; 762 struct wlan_lmac_if_tx_ops *tx_ops; 763 764 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 765 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 766 return QDF_STATUS_E_INVAL; 767 } 768 769 isbcast = qdf_is_macaddr_group( 770 (struct qdf_mac_addr *)req_key->macaddr); 771 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 772 /* zero length keys, only set default key id if flags are set*/ 773 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 774 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 775 && (!IS_MGMT_CIPHER(req_key->type))) { 776 wlan_crypto_default_key(vdev, 777 req_key->macaddr, 778 req_key->keyix, 779 !isbcast); 780 return QDF_STATUS_SUCCESS; 781 } 782 crypto_err("req_key len zero"); 783 return QDF_STATUS_E_INVAL; 784 } 785 786 cipher = wlan_crypto_cipher_ops[req_key->type]; 787 788 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 789 crypto_err("cipher invalid"); 790 return QDF_STATUS_E_INVAL; 791 } 792 793 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 794 (!IS_MGMT_CIPHER(req_key->type)) && 795 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 796 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 797 crypto_err("cipher invalid"); 798 return QDF_STATUS_E_INVAL; 799 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 800 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 801 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 802 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 803 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 804 return QDF_STATUS_E_INVAL; 805 } 806 807 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 808 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 809 | WLAN_CRYPTO_KEY_RECV)) { 810 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 811 | WLAN_CRYPTO_KEY_RECV); 812 } 813 } else { 814 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 815 && (!IS_MGMT_CIPHER(req_key->type))) { 816 return QDF_STATUS_E_INVAL; 817 } 818 819 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 820 | WLAN_CRYPTO_KEY_RECV); 821 if (isbcast) 822 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 823 } 824 825 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 826 827 wlan_vdev_obj_lock(vdev); 828 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 829 QDF_MAC_ADDR_SIZE); 830 psoc = wlan_vdev_get_psoc(vdev); 831 if (!psoc) { 832 wlan_vdev_obj_unlock(vdev); 833 crypto_err("psoc NULL"); 834 return QDF_STATUS_E_INVAL; 835 } 836 wlan_vdev_obj_unlock(vdev); 837 838 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 839 if (wlan_crypto_vdev_has_auth_mode(vdev, 840 (1 << WLAN_CRYPTO_AUTH_8021X))) { 841 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 842 } 843 } 844 845 if (isbcast) { 846 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 847 &crypto_priv); 848 if (!crypto_priv) { 849 crypto_err("crypto_priv NULL"); 850 return QDF_STATUS_E_INVAL; 851 } 852 853 if (IS_MGMT_CIPHER(req_key->type)) { 854 struct wlan_crypto_key *crypto_key = NULL; 855 856 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 857 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 858 if (!is_igtk(req_key->keyix) && 859 !(is_bigtk(req_key->keyix))) { 860 crypto_err("igtk/bigtk key invalid keyid %d", 861 req_key->keyix); 862 return QDF_STATUS_E_INVAL; 863 } 864 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 865 if (!key) 866 return QDF_STATUS_E_NOMEM; 867 868 869 if (is_igtk(req_key->keyix)) { 870 crypto_key = crypto_priv->igtk_key[igtk_idx]; 871 if (crypto_key) 872 qdf_mem_free(crypto_key); 873 874 crypto_priv->igtk_key[igtk_idx] = key; 875 crypto_priv->igtk_key_type = req_key->type; 876 crypto_priv->def_igtk_tx_keyid = igtk_idx; 877 bigtk_idx = 0; 878 } else { 879 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 880 if (crypto_key) 881 qdf_mem_free(crypto_key); 882 883 crypto_priv->bigtk_key[bigtk_idx] = key; 884 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 885 igtk_idx = 0; 886 } 887 } else { 888 if (IS_FILS_CIPHER(req_key->type)) { 889 crypto_err("FILS key is not for BroadCast pkt"); 890 return QDF_STATUS_E_INVAL; 891 } 892 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 893 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 894 return QDF_STATUS_E_INVAL; 895 } 896 if (!crypto_priv->key[req_key->keyix]) { 897 crypto_priv->key[req_key->keyix] 898 = qdf_mem_malloc( 899 sizeof(struct wlan_crypto_key)); 900 if (!crypto_priv->key[req_key->keyix]) 901 return QDF_STATUS_E_NOMEM; 902 } 903 key = crypto_priv->key[req_key->keyix]; 904 } 905 if (vdev_mode == QDF_STA_MODE) { 906 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 907 WLAN_CRYPTO_ID); 908 if (!peer) { 909 crypto_err("peer NULL"); 910 if (IS_MGMT_CIPHER(req_key->type)) { 911 crypto_priv->igtk_key[igtk_idx] = NULL; 912 crypto_priv->bigtk_key[bigtk_idx] 913 = NULL; 914 crypto_priv->igtk_key_type 915 = WLAN_CRYPTO_CIPHER_NONE; 916 } else 917 crypto_priv->key[req_key->keyix] = NULL; 918 if (key) 919 qdf_mem_free(key); 920 return QDF_STATUS_E_INVAL; 921 } 922 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 923 QDF_MAC_ADDR_SIZE); 924 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 925 } 926 } else { 927 uint8_t pdev_id; 928 929 pdev_id = wlan_objmgr_pdev_get_pdev_id( 930 wlan_vdev_get_pdev(vdev)); 931 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 932 psoc, 933 pdev_id, 934 macaddr, 935 req_key->macaddr, 936 WLAN_CRYPTO_ID); 937 938 if (!peer) { 939 crypto_err("peer NULL"); 940 return QDF_STATUS_E_INVAL; 941 } 942 943 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 944 crypto_params = wlan_crypto_peer_get_comp_params(peer, 945 &crypto_priv); 946 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 947 948 if (!crypto_priv) { 949 crypto_err("crypto_priv NULL"); 950 return QDF_STATUS_E_INVAL; 951 } 952 if (IS_MGMT_CIPHER(req_key->type)) { 953 struct wlan_crypto_key *crypto_key = NULL; 954 955 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 956 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 957 if (!is_igtk(req_key->keyix) && 958 !(is_bigtk(req_key->keyix))) { 959 crypto_err("igtk/bigtk key invalid keyid %d", 960 req_key->keyix); 961 return QDF_STATUS_E_INVAL; 962 } 963 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 964 if (!key) 965 return QDF_STATUS_E_NOMEM; 966 967 if (is_igtk(req_key->keyix)) { 968 crypto_key = crypto_priv->igtk_key[igtk_idx]; 969 if (crypto_key) 970 qdf_mem_free(crypto_key); 971 972 crypto_priv->igtk_key[igtk_idx] = key; 973 crypto_priv->igtk_key_type = req_key->type; 974 crypto_priv->def_igtk_tx_keyid = igtk_idx; 975 } else { 976 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 977 if (crypto_key) 978 qdf_mem_free(crypto_key); 979 980 crypto_priv->bigtk_key[bigtk_idx] = key; 981 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 982 } 983 } else { 984 uint16_t kid = req_key->keyix; 985 if (kid == WLAN_CRYPTO_KEYIX_NONE) 986 kid = 0; 987 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 988 crypto_err("invalid keyid %d", kid); 989 return QDF_STATUS_E_INVAL; 990 } 991 if (!crypto_priv->key[kid]) { 992 crypto_priv->key[kid] 993 = qdf_mem_malloc( 994 sizeof(struct wlan_crypto_key)); 995 if (!crypto_priv->key[kid]) 996 return QDF_STATUS_E_NOMEM; 997 } 998 key = crypto_priv->key[kid]; 999 } 1000 } 1001 1002 /* alloc key might not required as it is already there */ 1003 key->cipher_table = (void *)cipher; 1004 key->keylen = req_key->keylen; 1005 key->flags = req_key->flags; 1006 1007 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 1008 key->keyix = 0; 1009 else 1010 key->keyix = req_key->keyix; 1011 1012 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 1013 && (!IS_MGMT_CIPHER(req_key->type))) { 1014 crypto_priv->def_tx_keyid = key->keyix; 1015 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 1016 } 1017 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 1018 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 1019 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 1020 0x5c, 0x36, 0x5c, 0x36, 1021 0x5c, 0x36, 0x5c, 0x36, 1022 0x5c, 0x36, 0x5c, 0x37}; 1023 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 1024 0x5c, 0x36, 0x5c, 0x36, 1025 0x5c, 0x36, 0x5c, 0x36, 1026 0x5c, 0x36, 0x5c, 0x36}; 1027 1028 /* During Tx PN should be increment and 1029 * send but as per our implementation we increment only after 1030 * Tx complete. So First packet PN check will be failed. 1031 * To compensate increment the PN here by 2 1032 */ 1033 if (vdev_mode == QDF_SAP_MODE) { 1034 iv_AP[15] += 2; 1035 qdf_mem_copy(key->recviv, iv_STA, 1036 WLAN_CRYPTO_WAPI_IV_SIZE); 1037 qdf_mem_copy(key->txiv, iv_AP, 1038 WLAN_CRYPTO_WAPI_IV_SIZE); 1039 } else { 1040 iv_STA[15] += 2; 1041 qdf_mem_copy(key->recviv, iv_AP, 1042 WLAN_CRYPTO_WAPI_IV_SIZE); 1043 qdf_mem_copy(key->txiv, iv_STA, 1044 WLAN_CRYPTO_WAPI_IV_SIZE); 1045 } 1046 } else { 1047 uint8_t i = 0; 1048 qdf_mem_copy((uint8_t *)(&key->keytsc), 1049 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 1050 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 1051 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 1052 (uint8_t *)(&req_key->keyrsc), 1053 sizeof(key->keyrsc[0])); 1054 } 1055 } 1056 1057 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1058 if (!tx_ops) { 1059 crypto_err("tx_ops is NULL"); 1060 return QDF_STATUS_E_INVAL; 1061 } 1062 1063 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 1064 key->valid = 1; 1065 if ((IS_MGMT_CIPHER(req_key->type))) { 1066 uint32_t mgmt_cipher = 0; 1067 1068 if (HAS_CIPHER_CAP(crypto_params, 1069 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 1070 is_bigtk(req_key->keyix)) { 1071 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1072 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 1073 key, macaddr, req_key->type); 1074 } 1075 } 1076 QDF_SET_PARAM(mgmt_cipher, req_key->type); 1077 wlan_crypto_set_mgmtcipher(crypto_params, mgmt_cipher); 1078 status = wlan_crypto_set_igtk_key(key); 1079 return status; 1080 } else if (IS_FILS_CIPHER(req_key->type)) { 1081 /* Take request key object to FILS setkey */ 1082 key->private = req_key; 1083 } else { 1084 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1085 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, macaddr, 1086 req_key->type); 1087 } 1088 } 1089 status = cipher->setkey(key); 1090 1091 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 1092 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 1093 (!IS_MGMT_CIPHER(req_key->type))) { 1094 /* default xmit key */ 1095 wlan_crypto_default_key(vdev, 1096 req_key->macaddr, 1097 req_key->keyix, 1098 !isbcast); 1099 } 1100 1101 return status; 1102 } 1103 1104 /** 1105 * wlan_crypto_get_keytype - get keytype 1106 * @key: key 1107 * 1108 * This function gets keytype from key 1109 * 1110 * Return: keytype 1111 */ 1112 wlan_crypto_cipher_type wlan_crypto_get_key_type( 1113 struct wlan_crypto_key *key){ 1114 if (key && key->cipher_table) { 1115 return ((struct wlan_crypto_cipher *) 1116 (key->cipher_table))->cipher; 1117 } 1118 return WLAN_CRYPTO_CIPHER_NONE; 1119 } 1120 qdf_export_symbol(wlan_crypto_get_key_type); 1121 /** 1122 * wlan_crypto_vdev_getkey - get key from vdev 1123 * @vdev: vdev 1124 * @keyix: keyix 1125 * 1126 * This function gets key from vdev 1127 * 1128 * Return: key or NULL 1129 */ 1130 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 1131 uint16_t keyix){ 1132 struct wlan_crypto_comp_priv *crypto_priv; 1133 struct wlan_crypto_params *crypto_params; 1134 struct wlan_crypto_key *key = NULL; 1135 1136 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1137 1138 if (!crypto_priv) { 1139 crypto_err("crypto_priv NULL"); 1140 return NULL; 1141 } 1142 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1143 * we return the default key, for all other keyix we return the 1144 * key accordingly. 1145 */ 1146 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1147 !is_valid_keyix(keyix)) 1148 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1149 else if (is_bigtk(keyix)) 1150 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1151 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1152 else if (is_igtk(keyix)) 1153 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1154 else 1155 key = crypto_priv->key[keyix]; 1156 1157 if (key && key->valid) 1158 return key; 1159 1160 return NULL; 1161 } 1162 qdf_export_symbol(wlan_crypto_vdev_getkey); 1163 1164 /** 1165 * wlan_crypto_peer_getkey - get key from peer 1166 * @peer: peer 1167 * @keyix: keyix 1168 * 1169 * This function gets key from peer 1170 * 1171 * Return: key or NULL 1172 */ 1173 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1174 uint16_t keyix){ 1175 struct wlan_crypto_comp_priv *crypto_priv; 1176 struct wlan_crypto_params *crypto_params; 1177 struct wlan_crypto_key *key = NULL; 1178 1179 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1180 1181 if (!crypto_priv) { 1182 crypto_err("crypto_priv NULL"); 1183 return NULL; 1184 } 1185 1186 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1187 * we return the default key, for all other keyix we return the 1188 * key accordingly. 1189 */ 1190 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1191 !is_valid_keyix(keyix)) 1192 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1193 else if (is_bigtk(keyix)) 1194 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1195 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1196 else if (is_igtk(keyix)) 1197 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1198 else 1199 key = crypto_priv->key[keyix]; 1200 1201 if (key && key->valid) 1202 return key; 1203 1204 return NULL; 1205 } 1206 qdf_export_symbol(wlan_crypto_peer_getkey); 1207 1208 /** 1209 * wlan_crypto_getkey - called by ucfg to get key 1210 * @vdev: vdev 1211 * @req_key: key value will be copied in this req_key 1212 * @mac_address: mac address of the peer for unicast key 1213 * or broadcast address if group key is requested. 1214 * 1215 * This function gets called from ucfg to get key 1216 * 1217 * Return: QDF_STATUS_SUCCESS - in case of success 1218 */ 1219 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1220 struct wlan_crypto_req_key *req_key, 1221 uint8_t *mac_addr){ 1222 struct wlan_crypto_cipher *cipher_table; 1223 struct wlan_crypto_key *key; 1224 struct wlan_objmgr_psoc *psoc; 1225 struct wlan_lmac_if_tx_ops *tx_ops; 1226 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1227 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1228 1229 wlan_vdev_obj_lock(vdev); 1230 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1231 QDF_MAC_ADDR_SIZE); 1232 psoc = wlan_vdev_get_psoc(vdev); 1233 if (!psoc) { 1234 wlan_vdev_obj_unlock(vdev); 1235 crypto_err("psoc NULL"); 1236 return QDF_STATUS_E_INVAL; 1237 } 1238 wlan_vdev_obj_unlock(vdev); 1239 1240 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1241 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1242 if (!key) 1243 return QDF_STATUS_E_INVAL; 1244 } else { 1245 struct wlan_objmgr_peer *peer; 1246 uint8_t pdev_id; 1247 1248 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1249 wlan_vdev_get_pdev(vdev)); 1250 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1251 psoc, 1252 pdev_id, 1253 macaddr, 1254 mac_addr, 1255 WLAN_CRYPTO_ID); 1256 if (!peer) { 1257 crypto_err("peer NULL"); 1258 return QDF_STATUS_E_NOENT; 1259 } 1260 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1261 1262 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1263 if (!key) 1264 return QDF_STATUS_E_INVAL; 1265 } 1266 1267 if (key->valid) { 1268 qdf_mem_copy(req_key->keydata, 1269 key->keyval, key->keylen); 1270 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1271 (uint8_t *)(&key->keytsc), 1272 sizeof(req_key->keytsc)); 1273 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1274 (uint8_t *)(&key->keyrsc[0]), 1275 sizeof(req_key->keyrsc)); 1276 req_key->keylen = key->keylen; 1277 req_key->flags = key->flags; 1278 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1279 1280 if (!cipher_table) 1281 return QDF_STATUS_SUCCESS; 1282 1283 req_key->type = cipher_table->cipher; 1284 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1285 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1286 (uint8_t *)(key->txiv), 1287 sizeof(req_key->txiv)); 1288 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1289 (uint8_t *)(key->recviv), 1290 sizeof(req_key->recviv)); 1291 } 1292 1293 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1294 if (!tx_ops) { 1295 crypto_err("tx_ops is NULL"); 1296 return QDF_STATUS_E_INVAL; 1297 } 1298 1299 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops) && 1300 (req_key->flags & WLAN_CRYPTO_KEY_GET_PN)) 1301 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, mac_addr, 1302 req_key->type); 1303 } 1304 1305 return QDF_STATUS_SUCCESS; 1306 } 1307 1308 /** 1309 * wlan_crypto_delkey - called by ucfg to delete key 1310 * @vdev: vdev 1311 * @mac_address: mac address of the peer for unicast key 1312 * or broadcast address if group key is deleted. 1313 * @key_idx: key index to be deleted 1314 * 1315 * This function gets called from ucfg to delete key 1316 * 1317 * Return: QDF_STATUS_SUCCESS - in case of success 1318 */ 1319 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1320 uint8_t *macaddr, 1321 uint8_t key_idx){ 1322 struct wlan_crypto_comp_priv *crypto_priv; 1323 struct wlan_crypto_params *crypto_params; 1324 struct wlan_crypto_key *key; 1325 struct wlan_crypto_cipher *cipher_table; 1326 struct wlan_objmgr_psoc *psoc; 1327 struct wlan_lmac_if_tx_ops *tx_ops; 1328 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1329 struct wlan_objmgr_peer *peer = NULL; 1330 QDF_STATUS ret = QDF_STATUS_SUCCESS; 1331 1332 if (!vdev || !macaddr || 1333 !is_valid_keyix(key_idx)) { 1334 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1335 vdev, macaddr, key_idx); 1336 return QDF_STATUS_E_INVAL; 1337 } 1338 1339 wlan_vdev_obj_lock(vdev); 1340 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1341 QDF_MAC_ADDR_SIZE); 1342 psoc = wlan_vdev_get_psoc(vdev); 1343 if (!psoc) { 1344 wlan_vdev_obj_unlock(vdev); 1345 crypto_err("psoc NULL"); 1346 return QDF_STATUS_E_INVAL; 1347 } 1348 wlan_vdev_obj_unlock(vdev); 1349 1350 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1351 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1352 &crypto_priv); 1353 if (!crypto_priv) { 1354 crypto_err("crypto_priv NULL"); 1355 return QDF_STATUS_E_INVAL; 1356 } 1357 } else { 1358 uint8_t pdev_id; 1359 1360 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1361 wlan_vdev_get_pdev(vdev)); 1362 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1363 psoc, pdev_id, 1364 bssid_mac, 1365 macaddr, 1366 WLAN_CRYPTO_ID); 1367 if (!peer) { 1368 return QDF_STATUS_E_INVAL; 1369 } 1370 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1371 &crypto_priv); 1372 if (!crypto_priv) { 1373 crypto_err("crypto_priv NULL"); 1374 ret = QDF_STATUS_E_INVAL; 1375 goto ret_rel_ref; 1376 } 1377 } 1378 1379 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1380 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1381 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1382 1383 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1384 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1385 ret = QDF_STATUS_E_INVAL; 1386 goto ret_rel_ref; 1387 } 1388 if (is_igtk(key_idx)) { 1389 key = crypto_priv->igtk_key[igtk_idx]; 1390 crypto_priv->igtk_key[igtk_idx] = NULL; 1391 } else { 1392 key = crypto_priv->bigtk_key[bigtk_idx]; 1393 crypto_priv->bigtk_key[bigtk_idx] = NULL; 1394 } 1395 if (key) 1396 key->valid = 0; 1397 } else { 1398 key = crypto_priv->key[key_idx]; 1399 crypto_priv->key[key_idx] = NULL; 1400 } 1401 1402 if (!key) { 1403 ret = QDF_STATUS_E_INVAL; 1404 goto ret_rel_ref; 1405 } 1406 1407 if (key->valid) { 1408 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1409 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1410 1411 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1412 if (!tx_ops) { 1413 crypto_err("tx_ops is NULL"); 1414 ret = QDF_STATUS_E_INVAL; 1415 goto ret_rel_ref; 1416 } 1417 1418 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1419 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1420 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1421 cipher_table->cipher); 1422 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1423 if (key->private) 1424 qdf_mem_free(key->private); 1425 } 1426 } 1427 1428 /* Zero-out local key variables */ 1429 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1430 qdf_mem_free(key); 1431 key = NULL; 1432 1433 ret_rel_ref: 1434 if (peer) 1435 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1436 1437 return ret; 1438 } 1439 1440 #ifdef CRYPTO_SET_KEY_CONVERGED 1441 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1442 uint8_t key_idx, uint8_t *macaddr) 1443 { 1444 return QDF_STATUS_SUCCESS; 1445 } 1446 #else 1447 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1448 uint8_t key_idx, uint8_t *macaddr) 1449 { 1450 struct wlan_objmgr_psoc *psoc; 1451 struct wlan_lmac_if_tx_ops *tx_ops; 1452 1453 psoc = wlan_vdev_get_psoc(vdev); 1454 if (!psoc) { 1455 crypto_err("psoc is NULL"); 1456 return QDF_STATUS_E_INVAL; 1457 } 1458 1459 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1460 if (!tx_ops) { 1461 crypto_err("tx_ops is NULL"); 1462 return QDF_STATUS_E_INVAL; 1463 } 1464 1465 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1466 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1467 1468 return QDF_STATUS_SUCCESS; 1469 } 1470 #endif 1471 1472 /** 1473 * wlan_crypto_default_key - called by ucfg to set default tx key 1474 * @vdev: vdev 1475 * @mac_address: mac address of the peer for unicast key 1476 * or broadcast address if group key need to made default. 1477 * @key_idx: key index to be made as default key 1478 * @unicast: is key was unicast or group key. 1479 * 1480 * This function gets called from ucfg to set default key 1481 * 1482 * Return: QDF_STATUS_SUCCESS - in case of success 1483 */ 1484 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1485 uint8_t *macaddr, 1486 uint8_t key_idx, 1487 bool unicast){ 1488 struct wlan_crypto_comp_priv *crypto_priv; 1489 struct wlan_crypto_params *crypto_params; 1490 struct wlan_crypto_key *key; 1491 struct wlan_objmgr_psoc *psoc; 1492 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1493 1494 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1495 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1496 vdev, macaddr, key_idx); 1497 return QDF_STATUS_E_INVAL; 1498 } 1499 1500 wlan_vdev_obj_lock(vdev); 1501 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1502 QDF_MAC_ADDR_SIZE); 1503 psoc = wlan_vdev_get_psoc(vdev); 1504 if (!psoc) { 1505 wlan_vdev_obj_unlock(vdev); 1506 crypto_err("psoc NULL"); 1507 return QDF_STATUS_E_INVAL; 1508 } 1509 wlan_vdev_obj_unlock(vdev); 1510 1511 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1512 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1513 &crypto_priv); 1514 if (!crypto_priv) { 1515 crypto_err("crypto_priv NULL"); 1516 return QDF_STATUS_E_INVAL; 1517 } 1518 1519 key = crypto_priv->key[key_idx]; 1520 if (!key) 1521 return QDF_STATUS_E_INVAL; 1522 } else { 1523 struct wlan_objmgr_peer *peer; 1524 uint8_t pdev_id; 1525 1526 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1527 wlan_vdev_get_pdev(vdev)); 1528 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1529 psoc, pdev_id, 1530 bssid_mac, 1531 macaddr, 1532 WLAN_CRYPTO_ID); 1533 1534 if (!peer) { 1535 crypto_err("peer NULL"); 1536 return QDF_STATUS_E_INVAL; 1537 } 1538 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1539 &crypto_priv); 1540 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1541 if (!crypto_priv) { 1542 crypto_err("crypto_priv NULL"); 1543 return QDF_STATUS_E_INVAL; 1544 } 1545 1546 key = crypto_priv->key[key_idx]; 1547 if (!key) 1548 return QDF_STATUS_E_INVAL; 1549 } 1550 if (!key->valid) 1551 return QDF_STATUS_E_INVAL; 1552 1553 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1554 QDF_STATUS_SUCCESS) 1555 return QDF_STATUS_E_INVAL; 1556 crypto_priv->def_tx_keyid = key_idx; 1557 1558 return QDF_STATUS_SUCCESS; 1559 } 1560 1561 /** 1562 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1563 * @vdev: vdev 1564 * @wbuf: wbuf 1565 * @macaddr: macaddr 1566 * @encapdone: is encapdone already or not. 1567 * 1568 * This function gets called from mgmt txrx to encap frame. 1569 * 1570 * Return: QDF_STATUS_SUCCESS - in case of success 1571 */ 1572 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1573 qdf_nbuf_t wbuf, 1574 uint8_t *mac_addr, 1575 uint8_t encapdone){ 1576 struct wlan_crypto_comp_priv *crypto_priv; 1577 struct wlan_crypto_params *crypto_params; 1578 struct wlan_crypto_key *key; 1579 QDF_STATUS status; 1580 struct wlan_crypto_cipher *cipher_table; 1581 struct wlan_objmgr_psoc *psoc; 1582 struct wlan_objmgr_peer *peer; 1583 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1584 uint8_t pdev_id; 1585 uint8_t hdrlen; 1586 enum QDF_OPMODE opmode; 1587 1588 opmode = wlan_vdev_mlme_get_opmode(vdev); 1589 wlan_vdev_obj_lock(vdev); 1590 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1591 QDF_MAC_ADDR_SIZE); 1592 psoc = wlan_vdev_get_psoc(vdev); 1593 if (!psoc) { 1594 wlan_vdev_obj_unlock(vdev); 1595 crypto_err("psoc NULL"); 1596 return QDF_STATUS_E_INVAL; 1597 } 1598 wlan_vdev_obj_unlock(vdev); 1599 1600 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1601 /* FILS Encap required only for (Re-)Assoc response */ 1602 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1603 1604 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1605 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1606 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1607 return QDF_STATUS_E_INVAL; 1608 } 1609 1610 if (peer) 1611 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1612 peer = NULL; 1613 1614 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1615 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1616 &crypto_priv); 1617 if (!crypto_priv) { 1618 crypto_err("crypto_priv NULL"); 1619 return QDF_STATUS_E_INVAL; 1620 } 1621 1622 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1623 if (!key) 1624 return QDF_STATUS_E_INVAL; 1625 1626 } else { 1627 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1628 bssid_mac, mac_addr, 1629 WLAN_CRYPTO_ID); 1630 if (!peer) { 1631 crypto_err("crypto_priv NULL"); 1632 return QDF_STATUS_E_INVAL; 1633 } 1634 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1635 &crypto_priv); 1636 1637 if (!crypto_priv) { 1638 crypto_err("crypto_priv NULL"); 1639 status = QDF_STATUS_E_INVAL; 1640 goto err; 1641 } 1642 1643 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1644 if (!key) { 1645 crypto_err("Key is NULL"); 1646 status = QDF_STATUS_E_INVAL; 1647 goto err; 1648 } 1649 } 1650 if (opmode == QDF_MONITOR_MODE) 1651 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1652 else 1653 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1654 (uint8_t *)qdf_nbuf_data(wbuf)); 1655 1656 /* if tkip, is counter measures enabled, then drop the frame */ 1657 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1658 status = cipher_table->encap(key, wbuf, encapdone, 1659 hdrlen); 1660 1661 err: 1662 if (peer) 1663 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1664 1665 return status; 1666 } 1667 qdf_export_symbol(wlan_crypto_encap); 1668 1669 /** 1670 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1671 * @vdev: vdev 1672 * @wbuf: wbuf 1673 * @macaddr: macaddr 1674 * @tid: tid of the frame 1675 * 1676 * This function gets called from mgmt txrx to decap frame. 1677 * 1678 * Return: QDF_STATUS_SUCCESS - in case of success 1679 */ 1680 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1681 qdf_nbuf_t wbuf, 1682 uint8_t *mac_addr, 1683 uint8_t tid){ 1684 struct wlan_crypto_comp_priv *crypto_priv; 1685 struct wlan_crypto_params *crypto_params; 1686 struct wlan_crypto_key *key; 1687 QDF_STATUS status; 1688 struct wlan_crypto_cipher *cipher_table; 1689 struct wlan_objmgr_psoc *psoc; 1690 struct wlan_objmgr_peer *peer; 1691 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1692 uint8_t keyid; 1693 uint8_t pdev_id; 1694 uint8_t hdrlen; 1695 enum QDF_OPMODE opmode; 1696 1697 opmode = wlan_vdev_mlme_get_opmode(vdev); 1698 wlan_vdev_obj_lock(vdev); 1699 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1700 QDF_MAC_ADDR_SIZE); 1701 psoc = wlan_vdev_get_psoc(vdev); 1702 if (!psoc) { 1703 wlan_vdev_obj_unlock(vdev); 1704 crypto_err("psoc NULL"); 1705 return QDF_STATUS_E_INVAL; 1706 } 1707 wlan_vdev_obj_unlock(vdev); 1708 1709 if (opmode == QDF_MONITOR_MODE) 1710 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1711 else 1712 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1713 (uint8_t *)qdf_nbuf_data(wbuf)); 1714 1715 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1716 1717 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1718 return QDF_STATUS_E_INVAL; 1719 1720 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1721 /* FILS Decap required only for (Re-)Assoc request */ 1722 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1723 1724 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1725 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1726 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1727 return QDF_STATUS_E_INVAL; 1728 } 1729 1730 if (peer) 1731 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1732 peer = NULL; 1733 1734 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1735 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1736 &crypto_priv); 1737 if (!crypto_priv) { 1738 crypto_err("crypto_priv NULL"); 1739 return QDF_STATUS_E_INVAL; 1740 } 1741 1742 key = crypto_priv->key[keyid]; 1743 if (!key) 1744 return QDF_STATUS_E_INVAL; 1745 } else { 1746 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1747 psoc, pdev_id, bssid_mac, 1748 mac_addr, WLAN_CRYPTO_ID); 1749 if (!peer) { 1750 crypto_err("peer NULL"); 1751 return QDF_STATUS_E_INVAL; 1752 } 1753 1754 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1755 &crypto_priv); 1756 1757 if (!crypto_priv) { 1758 crypto_err("crypto_priv NULL"); 1759 status = QDF_STATUS_E_INVAL; 1760 goto err; 1761 } 1762 1763 key = crypto_priv->key[keyid]; 1764 if (!key) { 1765 crypto_err("Key is NULL"); 1766 status = QDF_STATUS_E_INVAL; 1767 goto err; 1768 } 1769 } 1770 1771 if (!key->valid || !key->cipher_table) { 1772 status = QDF_STATUS_E_INVAL; 1773 goto err; 1774 } 1775 1776 /* if tkip, is counter measures enabled, then drop the frame */ 1777 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1778 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1779 1780 err: 1781 if (peer) 1782 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1783 1784 return status; 1785 } 1786 qdf_export_symbol(wlan_crypto_decap); 1787 /** 1788 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1789 * @vdev: vdev 1790 * @wbuf: wbuf 1791 * @macaddr: macaddr 1792 * @encapdone: is encapdone already or not. 1793 * 1794 * This function gets called from mgmt txrx to adding mic to the frame. 1795 * 1796 * Return: QDF_STATUS_SUCCESS - in case of success 1797 */ 1798 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1799 qdf_nbuf_t wbuf, 1800 uint8_t *mac_addr, 1801 uint8_t encapdone){ 1802 struct wlan_crypto_comp_priv *crypto_priv; 1803 struct wlan_crypto_params *crypto_params; 1804 struct wlan_crypto_key *key; 1805 QDF_STATUS status; 1806 struct wlan_crypto_cipher *cipher_table; 1807 struct wlan_objmgr_psoc *psoc; 1808 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1809 uint8_t hdrlen; 1810 enum QDF_OPMODE opmode; 1811 1812 opmode = wlan_vdev_mlme_get_opmode(vdev); 1813 1814 1815 wlan_vdev_obj_lock(vdev); 1816 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1817 QDF_MAC_ADDR_SIZE); 1818 psoc = wlan_vdev_get_psoc(vdev); 1819 if (!psoc) { 1820 wlan_vdev_obj_unlock(vdev); 1821 crypto_err("psoc NULL"); 1822 return QDF_STATUS_E_INVAL; 1823 } 1824 wlan_vdev_obj_unlock(vdev); 1825 1826 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1827 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1828 &crypto_priv); 1829 if (!crypto_priv) { 1830 crypto_err("crypto_priv NULL"); 1831 return QDF_STATUS_E_INVAL; 1832 } 1833 1834 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1835 if (!key) 1836 return QDF_STATUS_E_INVAL; 1837 1838 } else { 1839 struct wlan_objmgr_peer *peer; 1840 uint8_t pdev_id; 1841 1842 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1843 wlan_vdev_get_pdev(vdev)); 1844 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1845 psoc, pdev_id, bssid_mac, 1846 mac_addr, WLAN_CRYPTO_ID); 1847 if (!peer) { 1848 crypto_err("crypto_priv NULL"); 1849 return QDF_STATUS_E_INVAL; 1850 } 1851 1852 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1853 &crypto_priv); 1854 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1855 1856 if (!crypto_priv) { 1857 crypto_err("crypto_priv NULL"); 1858 return QDF_STATUS_E_INVAL; 1859 } 1860 1861 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1862 if (!key) 1863 return QDF_STATUS_E_INVAL; 1864 } 1865 if (opmode == QDF_MONITOR_MODE) 1866 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1867 else 1868 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1869 (uint8_t *)qdf_nbuf_data(wbuf)); 1870 1871 /* if tkip, is counter measures enabled, then drop the frame */ 1872 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1873 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1874 1875 return status; 1876 } 1877 1878 /** 1879 * wlan_crypto_demic - called by mgmt for remove and check mic for 1880 * the frame based on cipher 1881 * @vdev: vdev 1882 * @wbuf: wbuf 1883 * @macaddr: macaddr 1884 * @tid: tid of the frame 1885 * @keyid: keyid in the received frame 1886 * This function gets called from mgmt txrx to decap frame. 1887 * 1888 * Return: QDF_STATUS_SUCCESS - in case of success 1889 */ 1890 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1891 qdf_nbuf_t wbuf, 1892 uint8_t *mac_addr, 1893 uint8_t tid, 1894 uint8_t keyid){ 1895 struct wlan_crypto_comp_priv *crypto_priv; 1896 struct wlan_crypto_params *crypto_params; 1897 struct wlan_crypto_key *key; 1898 QDF_STATUS status; 1899 struct wlan_crypto_cipher *cipher_table; 1900 struct wlan_objmgr_psoc *psoc; 1901 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1902 uint8_t hdrlen; 1903 enum QDF_OPMODE opmode; 1904 1905 opmode = wlan_vdev_mlme_get_opmode(vdev); 1906 1907 if (opmode == QDF_MONITOR_MODE) 1908 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1909 else 1910 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1911 (uint8_t *)qdf_nbuf_data(wbuf)); 1912 1913 wlan_vdev_obj_lock(vdev); 1914 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1915 QDF_MAC_ADDR_SIZE); 1916 psoc = wlan_vdev_get_psoc(vdev); 1917 if (!psoc) { 1918 wlan_vdev_obj_unlock(vdev); 1919 crypto_err("psoc NULL"); 1920 return QDF_STATUS_E_INVAL; 1921 } 1922 wlan_vdev_obj_unlock(vdev); 1923 1924 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1925 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1926 &crypto_priv); 1927 if (!crypto_priv) { 1928 crypto_err("crypto_priv NULL"); 1929 return QDF_STATUS_E_INVAL; 1930 } 1931 1932 key = crypto_priv->key[keyid]; 1933 if (!key) 1934 return QDF_STATUS_E_INVAL; 1935 1936 } else { 1937 struct wlan_objmgr_peer *peer; 1938 uint8_t pdev_id; 1939 1940 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1941 wlan_vdev_get_pdev(vdev)); 1942 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1943 psoc, pdev_id, bssid_mac, 1944 mac_addr, WLAN_CRYPTO_ID); 1945 if (!peer) { 1946 crypto_err("peer NULL"); 1947 return QDF_STATUS_E_INVAL; 1948 } 1949 1950 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1951 &crypto_priv); 1952 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1953 1954 if (!crypto_priv) { 1955 crypto_err("crypto_priv NULL"); 1956 return QDF_STATUS_E_INVAL; 1957 } 1958 1959 key = crypto_priv->key[keyid]; 1960 if (!key) 1961 return QDF_STATUS_E_INVAL; 1962 } 1963 /* if tkip, is counter measures enabled, then drop the frame */ 1964 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1965 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1966 1967 return status; 1968 } 1969 1970 /** 1971 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1972 * @vdev: vdev 1973 * 1974 * This function gets called to check is pmf enabled or not in vdev. 1975 * 1976 * Return: true or false 1977 */ 1978 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1979 { 1980 1981 struct wlan_crypto_comp_priv *crypto_priv; 1982 struct wlan_crypto_params *vdev_crypto_params; 1983 1984 if (!vdev) 1985 return false; 1986 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1987 &crypto_priv); 1988 if (!crypto_priv) { 1989 crypto_err("crypto_priv NULL"); 1990 return false; 1991 } 1992 1993 if ((vdev_crypto_params->rsn_caps & 1994 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1995 || (vdev_crypto_params->rsn_caps & 1996 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1997 return true; 1998 } 1999 2000 return false; 2001 } 2002 2003 /** 2004 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 2005 * @vdev: vdev 2006 * 2007 * This function gets called to check is pmf required or not in vdev. 2008 * 2009 * Return: true or false 2010 */ 2011 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 2012 { 2013 struct wlan_crypto_comp_priv *crypto_priv; 2014 struct wlan_crypto_params *vdev_crypto_params; 2015 2016 if (!vdev) 2017 return false; 2018 2019 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2020 &crypto_priv); 2021 if (!crypto_priv) { 2022 crypto_err("crypto_priv NULL"); 2023 return false; 2024 } 2025 2026 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 2027 return true; 2028 2029 return false; 2030 } 2031 2032 /** 2033 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 2034 * @vdev: vdev 2035 * @peer: peer 2036 * 2037 * This function gets called by mgmt txrx to check is pmf enabled or not. 2038 * 2039 * Return: true or false 2040 */ 2041 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 2042 struct wlan_objmgr_peer *peer){ 2043 2044 struct wlan_crypto_comp_priv *crypto_priv; 2045 struct wlan_crypto_params *vdev_crypto_params; 2046 struct wlan_crypto_params *peer_crypto_params; 2047 2048 if (!vdev || !peer) 2049 return false; 2050 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2051 &crypto_priv); 2052 if (!crypto_priv) { 2053 crypto_err("crypto_priv NULL"); 2054 return false; 2055 } 2056 2057 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 2058 &crypto_priv); 2059 if (!crypto_priv) { 2060 crypto_err("crypto_priv NULL"); 2061 return false; 2062 } 2063 if (((vdev_crypto_params->rsn_caps & 2064 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 2065 (peer_crypto_params->rsn_caps & 2066 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 2067 || (vdev_crypto_params->rsn_caps & 2068 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2069 return true; 2070 } 2071 2072 return false; 2073 } 2074 2075 /** 2076 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 2077 * @vdev: vdev 2078 * @peer: peer 2079 * @keyidx : key index 2080 * 2081 * This function gets called by mgmt txrx to check if key is valid 2082 * 2083 * Return: true or false 2084 */ 2085 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 2086 struct wlan_objmgr_peer *peer, 2087 uint16_t keyidx) 2088 { 2089 struct wlan_crypto_key *key = NULL; 2090 2091 if (!vdev && !peer) 2092 return false; 2093 2094 if (peer) 2095 key = wlan_crypto_peer_getkey(peer, keyidx); 2096 else if (vdev) 2097 key = wlan_crypto_vdev_getkey(vdev, keyidx); 2098 2099 if ((key) && key->valid) 2100 return true; 2101 2102 return false; 2103 } 2104 2105 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 2106 { 2107 a[0] = b[5]; 2108 a[1] = b[4]; 2109 a[2] = b[3]; 2110 a[3] = b[2]; 2111 a[4] = b[1]; 2112 a[5] = b[0]; 2113 } 2114 2115 /** 2116 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 2117 * @vdev: vdev 2118 * @bfrm: frame starting pointer 2119 * @len: length of the frame 2120 * 2121 * This function gets called by mgmt txrx to add mmie in frame 2122 * 2123 * Return: end of frame or NULL in case failure 2124 */ 2125 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 2126 uint8_t *bfrm, 2127 uint32_t len) { 2128 struct wlan_crypto_key *key; 2129 struct wlan_crypto_mmie *mmie; 2130 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 2131 struct wlan_frame_hdr *hdr; 2132 uint32_t i, hdrlen, mic_len, aad_len; 2133 uint8_t mic[16]; 2134 struct wlan_crypto_comp_priv *crypto_priv; 2135 struct wlan_crypto_params *crypto_params; 2136 int32_t ret = -1; 2137 2138 if (!bfrm) { 2139 crypto_err("frame is NULL"); 2140 return NULL; 2141 } 2142 2143 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2144 &crypto_priv); 2145 if (!crypto_priv) { 2146 crypto_err("crypto_priv NULL"); 2147 return NULL; 2148 } 2149 2150 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 2151 crypto_err("igtk key invalid keyid %d", 2152 crypto_priv->def_igtk_tx_keyid); 2153 return NULL; 2154 } 2155 2156 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 2157 if (!key) { 2158 crypto_err("No igtk key present"); 2159 return NULL; 2160 } 2161 mic_len = (crypto_priv->igtk_key_type 2162 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2163 2164 efrm = bfrm + len; 2165 aad_len = 20; 2166 hdrlen = sizeof(struct wlan_frame_hdr); 2167 len += sizeof(struct wlan_crypto_mmie); 2168 2169 mmie = (struct wlan_crypto_mmie *) efrm; 2170 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2171 mmie->element_id = WLAN_ELEMID_MMIE; 2172 mmie->length = sizeof(*mmie) - 2; 2173 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2174 2175 mic_len = (crypto_priv->igtk_key_type 2176 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2177 if (mic_len == 8) { 2178 mmie->length -= 8; 2179 len -= 8; 2180 } 2181 /* PN = PN + 1 */ 2182 pn = (uint8_t *)&key->keytsc; 2183 2184 for (i = 0; i <= 5; i++) { 2185 pn[i]++; 2186 if (pn[i]) 2187 break; 2188 } 2189 2190 /* Copy IPN */ 2191 qdf_mem_copy(mmie->sequence_number, pn, 6); 2192 2193 hdr = (struct wlan_frame_hdr *) bfrm; 2194 2195 buf = qdf_mem_malloc(len - hdrlen + 20); 2196 if (!buf) 2197 return NULL; 2198 2199 qdf_mem_zero(buf, len - hdrlen + 20); 2200 aad = buf; 2201 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2202 2203 /* FC type/subtype */ 2204 aad[0] = hdr->i_fc[0]; 2205 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2206 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2207 | WLAN_FC1_MOREDATA)); 2208 /* A1 || A2 || A3 */ 2209 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2210 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2211 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2212 qdf_mem_zero(mic, 16); 2213 2214 /* 2215 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2216 */ 2217 2218 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2219 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2220 2221 ret = omac1_aes_128(key->keyval, buf, 2222 len + aad_len - hdrlen, mic); 2223 qdf_mem_copy(mmie->mic, mic, 8); 2224 2225 } else if (crypto_priv->igtk_key_type 2226 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2227 2228 ret = omac1_aes_256(key->keyval, buf, 2229 len + aad_len - hdrlen, mmie->mic); 2230 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2231 || (crypto_priv->igtk_key_type 2232 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2233 2234 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2235 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 2236 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2237 sizeof(nounce), buf, 2238 len + aad_len - hdrlen, mmie->mic); 2239 } 2240 qdf_mem_free(buf); 2241 if (ret < 0) { 2242 crypto_err("add mmie failed"); 2243 return NULL; 2244 } 2245 2246 return bfrm + len; 2247 } 2248 2249 /** 2250 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 2251 * @vdev: vdev 2252 * @frm: frame starting pointer 2253 * @efrm: end of frame pointer 2254 * 2255 * This function gets called by mgmt txrx to check mmie of the frame 2256 * 2257 * Return: true or false 2258 */ 2259 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2260 uint8_t *frm, 2261 uint8_t *efrm){ 2262 struct wlan_crypto_mmie *mmie = NULL; 2263 uint8_t *ipn, *aad, *buf, *mic, nounce[12]; 2264 struct wlan_crypto_key *key; 2265 struct wlan_frame_hdr *hdr; 2266 uint16_t mic_len, hdrlen, len; 2267 struct wlan_crypto_comp_priv *crypto_priv; 2268 struct wlan_crypto_params *crypto_params; 2269 uint8_t aad_len = 20; 2270 int32_t ret = -1; 2271 2272 /* check if frame is illegal length */ 2273 if (!frm || !efrm || (efrm < frm) 2274 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2275 crypto_err("Invalid params"); 2276 return false; 2277 } 2278 len = efrm - frm; 2279 crypto_priv = (struct wlan_crypto_comp_priv *) 2280 wlan_get_vdev_crypto_obj(vdev); 2281 if (!crypto_priv) { 2282 crypto_err("crypto_priv NULL"); 2283 return false; 2284 } 2285 2286 crypto_params = &(crypto_priv->crypto_params); 2287 2288 2289 mic_len = (crypto_priv->igtk_key_type 2290 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2291 hdrlen = sizeof(struct wlan_frame_hdr); 2292 2293 if (mic_len == 8) 2294 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2295 else 2296 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2297 2298 2299 /* check Elem ID*/ 2300 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2301 crypto_err("IE is not MMIE"); 2302 return false; 2303 } 2304 2305 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2306 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2307 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2308 crypto_err("keyid not valid"); 2309 return false; 2310 } 2311 2312 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2313 if (!key) { 2314 crypto_err("No igtk key present"); 2315 return false; 2316 } 2317 2318 /* validate ipn */ 2319 ipn = mmie->sequence_number; 2320 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2321 uint8_t *su = (uint8_t *)key->keyrsc; 2322 uint8_t *end = ipn + 6; 2323 2324 crypto_err("replay error :"); 2325 while (ipn < end) { 2326 crypto_err("expected pn = %x received pn = %x", 2327 *ipn++, *su++); 2328 } 2329 return false; 2330 } 2331 2332 buf = qdf_mem_malloc(len - hdrlen + 20); 2333 if (!buf) 2334 return false; 2335 2336 aad = buf; 2337 2338 /* construct AAD */ 2339 hdr = (struct wlan_frame_hdr *)frm; 2340 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2341 2342 /* FC type/subtype */ 2343 aad[0] = hdr->i_fc[0]; 2344 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2345 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2346 | WLAN_FC1_MOREDATA)); 2347 /* A1 || A2 || A3 */ 2348 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2349 2350 /* 2351 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2352 */ 2353 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2354 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2355 mic = qdf_mem_malloc(mic_len); 2356 if (!mic) { 2357 qdf_mem_free(buf); 2358 return false; 2359 } 2360 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2361 ret = omac1_aes_128(key->keyval, buf, 2362 len - hdrlen + aad_len, mic); 2363 } else if (crypto_priv->igtk_key_type 2364 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2365 ret = omac1_aes_256(key->keyval, buf, 2366 len + aad_len - hdrlen, mic); 2367 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2368 || (crypto_priv->igtk_key_type 2369 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2370 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2371 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 2372 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2373 sizeof(nounce), buf, 2374 len + aad_len - hdrlen, mic); 2375 } 2376 2377 qdf_mem_free(buf); 2378 2379 if (ret < 0) { 2380 qdf_mem_free(mic); 2381 crypto_err("genarate mmie failed"); 2382 return false; 2383 } 2384 2385 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2386 qdf_mem_free(mic); 2387 crypto_err("mmie mismatch"); 2388 /* MMIE MIC mismatch */ 2389 return false; 2390 } 2391 2392 qdf_mem_free(mic); 2393 /* Update the receive sequence number */ 2394 qdf_mem_copy(key->keyrsc, ipn, 6); 2395 crypto_debug("mmie matched"); 2396 2397 return true; 2398 } 2399 2400 2401 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2402 { 2403 int32_t status = -1; 2404 2405 switch (cipher) { 2406 case WLAN_CRYPTO_CIPHER_TKIP: 2407 return WPA_CIPHER_SUITE_TKIP; 2408 case WLAN_CRYPTO_CIPHER_AES_CCM: 2409 return WPA_CIPHER_SUITE_CCMP; 2410 case WLAN_CRYPTO_CIPHER_NONE: 2411 return WPA_CIPHER_SUITE_NONE; 2412 } 2413 2414 return status; 2415 } 2416 2417 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2418 { 2419 int32_t status = -1; 2420 2421 switch (cipher) { 2422 case WLAN_CRYPTO_CIPHER_TKIP: 2423 return RSN_CIPHER_SUITE_TKIP; 2424 case WLAN_CRYPTO_CIPHER_AES_CCM: 2425 return RSN_CIPHER_SUITE_CCMP; 2426 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2427 return RSN_CIPHER_SUITE_CCMP_256; 2428 case WLAN_CRYPTO_CIPHER_AES_GCM: 2429 return RSN_CIPHER_SUITE_GCMP; 2430 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2431 return RSN_CIPHER_SUITE_GCMP_256; 2432 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2433 return RSN_CIPHER_SUITE_AES_CMAC; 2434 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2435 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2436 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2437 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2438 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2439 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2440 case WLAN_CRYPTO_CIPHER_NONE: 2441 return RSN_CIPHER_SUITE_NONE; 2442 } 2443 2444 return status; 2445 } 2446 2447 /* 2448 * Convert an RSN key management/authentication algorithm 2449 * to an internal code. 2450 */ 2451 static int32_t 2452 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2453 { 2454 int32_t status = -1; 2455 2456 switch (keymgmt) { 2457 case WLAN_CRYPTO_KEY_MGMT_NONE: 2458 return RSN_AUTH_KEY_MGMT_NONE; 2459 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2460 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2461 case WLAN_CRYPTO_KEY_MGMT_PSK: 2462 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2463 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2464 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2465 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2466 return RSN_AUTH_KEY_MGMT_FT_PSK; 2467 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2468 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2469 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2470 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2471 case WLAN_CRYPTO_KEY_MGMT_SAE: 2472 return RSN_AUTH_KEY_MGMT_SAE; 2473 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2474 return RSN_AUTH_KEY_MGMT_FT_SAE; 2475 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2476 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2477 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2478 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2479 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2480 return RSN_AUTH_KEY_MGMT_CCKM; 2481 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2482 return RSN_AUTH_KEY_MGMT_OSEN; 2483 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2484 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2485 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2486 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2487 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2488 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2489 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2490 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2491 case WLAN_CRYPTO_KEY_MGMT_OWE: 2492 return RSN_AUTH_KEY_MGMT_OWE; 2493 case WLAN_CRYPTO_KEY_MGMT_DPP: 2494 return RSN_AUTH_KEY_MGMT_DPP; 2495 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384: 2496 return RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384; 2497 } 2498 2499 return status; 2500 } 2501 2502 /* 2503 * Convert an RSN key management/authentication algorithm 2504 * to an internal code. 2505 */ 2506 static int32_t 2507 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2508 { 2509 int32_t status = -1; 2510 2511 switch (keymgmt) { 2512 case WLAN_CRYPTO_KEY_MGMT_NONE: 2513 return WPA_AUTH_KEY_MGMT_NONE; 2514 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2515 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2516 case WLAN_CRYPTO_KEY_MGMT_PSK: 2517 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2518 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2519 return WPA_AUTH_KEY_MGMT_CCKM; 2520 } 2521 2522 return status; 2523 } 2524 /** 2525 * Convert a WPA cipher selector OUI to an internal 2526 * cipher algorithm. Where appropriate we also 2527 * record any key length. 2528 */ 2529 static int32_t wlan_crypto_wpa_suite_to_cipher(const uint8_t *sel) 2530 { 2531 uint32_t w = LE_READ_4(sel); 2532 int32_t status = -1; 2533 2534 switch (w) { 2535 case WPA_CIPHER_SUITE_TKIP: 2536 return WLAN_CRYPTO_CIPHER_TKIP; 2537 case WPA_CIPHER_SUITE_CCMP: 2538 return WLAN_CRYPTO_CIPHER_AES_CCM; 2539 case WPA_CIPHER_SUITE_NONE: 2540 return WLAN_CRYPTO_CIPHER_NONE; 2541 } 2542 2543 return status; 2544 } 2545 2546 /* 2547 * Convert a WPA key management/authentication algorithm 2548 * to an internal code. 2549 */ 2550 static int32_t wlan_crypto_wpa_suite_to_keymgmt(const uint8_t *sel) 2551 { 2552 uint32_t w = LE_READ_4(sel); 2553 int32_t status = -1; 2554 2555 switch (w) { 2556 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2557 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2558 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2559 return WLAN_CRYPTO_KEY_MGMT_PSK; 2560 case WPA_AUTH_KEY_MGMT_CCKM: 2561 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2562 case WPA_AUTH_KEY_MGMT_NONE: 2563 return WLAN_CRYPTO_KEY_MGMT_NONE; 2564 } 2565 return status; 2566 } 2567 2568 /* 2569 * Convert a RSN cipher selector OUI to an internal 2570 * cipher algorithm. Where appropriate we also 2571 * record any key length. 2572 */ 2573 static int32_t wlan_crypto_rsn_suite_to_cipher(const uint8_t *sel) 2574 { 2575 uint32_t w = LE_READ_4(sel); 2576 int32_t status = -1; 2577 2578 switch (w) { 2579 case RSN_CIPHER_SUITE_TKIP: 2580 return WLAN_CRYPTO_CIPHER_TKIP; 2581 case RSN_CIPHER_SUITE_CCMP: 2582 return WLAN_CRYPTO_CIPHER_AES_CCM; 2583 case RSN_CIPHER_SUITE_CCMP_256: 2584 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2585 case RSN_CIPHER_SUITE_GCMP: 2586 return WLAN_CRYPTO_CIPHER_AES_GCM; 2587 case RSN_CIPHER_SUITE_GCMP_256: 2588 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2589 case RSN_CIPHER_SUITE_AES_CMAC: 2590 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2591 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2592 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2593 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2594 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2595 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2596 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2597 case RSN_CIPHER_SUITE_NONE: 2598 return WLAN_CRYPTO_CIPHER_NONE; 2599 } 2600 2601 return status; 2602 } 2603 /* 2604 * Convert an RSN key management/authentication algorithm 2605 * to an internal code. 2606 */ 2607 static int32_t wlan_crypto_rsn_suite_to_keymgmt(const uint8_t *sel) 2608 { 2609 uint32_t w = LE_READ_4(sel); 2610 int32_t status = -1; 2611 2612 switch (w) { 2613 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2614 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2615 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2616 return WLAN_CRYPTO_KEY_MGMT_PSK; 2617 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2618 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2619 case RSN_AUTH_KEY_MGMT_FT_PSK: 2620 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2621 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2622 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2623 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2624 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2625 case RSN_AUTH_KEY_MGMT_SAE: 2626 return WLAN_CRYPTO_KEY_MGMT_SAE; 2627 case RSN_AUTH_KEY_MGMT_FT_SAE: 2628 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2629 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2630 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2631 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2632 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2633 case RSN_AUTH_KEY_MGMT_CCKM: 2634 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2635 case RSN_AUTH_KEY_MGMT_OSEN: 2636 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2637 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2638 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2639 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2640 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2641 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2642 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2643 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2644 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2645 case RSN_AUTH_KEY_MGMT_OWE: 2646 return WLAN_CRYPTO_KEY_MGMT_OWE; 2647 case RSN_AUTH_KEY_MGMT_DPP: 2648 return WLAN_CRYPTO_KEY_MGMT_DPP; 2649 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2650 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2651 case RSN_AUTH_KEY_MGMT_FT_PSK_SHA384: 2652 return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384; 2653 case RSN_AUTH_KEY_MGMT_PSK_SHA384: 2654 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384; 2655 } 2656 2657 return status; 2658 } 2659 2660 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2661 const uint8_t *frm) 2662 { 2663 uint8_t len = frm[1]; 2664 int32_t w; 2665 int n; 2666 2667 /* 2668 * Check the length once for fixed parts: OUI, type, 2669 * version, mcast cipher, and 2 selector counts. 2670 * Other, variable-length data, must be checked separately. 2671 */ 2672 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2673 2674 if (len < 14) 2675 return QDF_STATUS_E_INVAL; 2676 2677 frm += 6, len -= 4; 2678 2679 w = LE_READ_2(frm); 2680 if (w != WPA_VERSION) 2681 return QDF_STATUS_E_INVAL; 2682 2683 frm += 2, len -= 2; 2684 2685 /* multicast/group cipher */ 2686 w = wlan_crypto_wpa_suite_to_cipher(frm); 2687 if (w < 0) 2688 return QDF_STATUS_E_INVAL; 2689 SET_MCAST_CIPHER(crypto_params, w); 2690 frm += 4, len -= 4; 2691 2692 /* unicast ciphers */ 2693 n = LE_READ_2(frm); 2694 frm += 2, len -= 2; 2695 if (len < n*4+2) 2696 return QDF_STATUS_E_INVAL; 2697 2698 for (; n > 0; n--) { 2699 w = wlan_crypto_wpa_suite_to_cipher(frm); 2700 if (w < 0) 2701 return QDF_STATUS_E_INVAL; 2702 SET_UCAST_CIPHER(crypto_params, w); 2703 frm += 4, len -= 4; 2704 } 2705 2706 if (!crypto_params->ucastcipherset) 2707 return QDF_STATUS_E_INVAL; 2708 2709 /* key management algorithms */ 2710 n = LE_READ_2(frm); 2711 frm += 2, len -= 2; 2712 if (len < n*4) 2713 return QDF_STATUS_E_INVAL; 2714 2715 w = 0; 2716 for (; n > 0; n--) { 2717 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2718 if (w < 0) 2719 return QDF_STATUS_E_INVAL; 2720 SET_KEY_MGMT(crypto_params, w); 2721 frm += 4, len -= 4; 2722 } 2723 2724 /* optional capabilities */ 2725 if (len >= 2) { 2726 crypto_params->rsn_caps = LE_READ_2(frm); 2727 frm += 2, len -= 2; 2728 } 2729 2730 return QDF_STATUS_SUCCESS; 2731 } 2732 2733 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2734 const uint8_t *frm) 2735 { 2736 uint8_t len = frm[1]; 2737 int32_t w; 2738 int n; 2739 2740 /* Check the length once for fixed parts: OUI, type & version */ 2741 if (len < 2) 2742 return QDF_STATUS_E_INVAL; 2743 2744 /* initialize crypto params */ 2745 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2746 2747 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2748 2749 frm += 2; 2750 /* NB: iswapoui already validated the OUI and type */ 2751 w = LE_READ_2(frm); 2752 if (w != RSN_VERSION) 2753 return QDF_STATUS_E_INVAL; 2754 2755 frm += 2, len -= 2; 2756 2757 if (!len) { 2758 /* set defaults */ 2759 /* default group cipher CCMP-128 */ 2760 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2761 /* default ucast cipher CCMP-128 */ 2762 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2763 /* default key mgmt 8021x */ 2764 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2765 return QDF_STATUS_SUCCESS; 2766 } else if (len < 4) { 2767 return QDF_STATUS_E_INVAL; 2768 } 2769 2770 /* multicast/group cipher */ 2771 w = wlan_crypto_rsn_suite_to_cipher(frm); 2772 if (w < 0) 2773 return QDF_STATUS_E_INVAL; 2774 else { 2775 SET_MCAST_CIPHER(crypto_params, w); 2776 frm += 4, len -= 4; 2777 } 2778 2779 if (crypto_params->mcastcipherset == 0) 2780 return QDF_STATUS_E_INVAL; 2781 2782 if (!len) { 2783 /* default ucast cipher CCMP-128 */ 2784 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2785 /* default key mgmt 8021x */ 2786 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2787 return QDF_STATUS_SUCCESS; 2788 } else if (len < 2) { 2789 return QDF_STATUS_E_INVAL; 2790 } 2791 2792 /* unicast ciphers */ 2793 n = LE_READ_2(frm); 2794 frm += 2, len -= 2; 2795 if (n) { 2796 if (len < n * 4) 2797 return QDF_STATUS_E_INVAL; 2798 2799 for (; n > 0; n--) { 2800 w = wlan_crypto_rsn_suite_to_cipher(frm); 2801 if (w >= 0) 2802 SET_UCAST_CIPHER(crypto_params, w); 2803 frm += 4, len -= 4; 2804 } 2805 } else { 2806 /* default ucast cipher CCMP-128 */ 2807 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2808 } 2809 2810 if (crypto_params->ucastcipherset == 0) 2811 return QDF_STATUS_E_INVAL; 2812 2813 if (!len) { 2814 /* default key mgmt 8021x */ 2815 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2816 return QDF_STATUS_SUCCESS; 2817 } else if (len < 2) { 2818 return QDF_STATUS_E_INVAL; 2819 } 2820 2821 /* key management algorithms */ 2822 n = LE_READ_2(frm); 2823 frm += 2, len -= 2; 2824 2825 if (n) { 2826 if (len < n * 4) 2827 return QDF_STATUS_E_INVAL; 2828 2829 for (; n > 0; n--) { 2830 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2831 if (w >= 0) 2832 SET_KEY_MGMT(crypto_params, w); 2833 frm += 4, len -= 4; 2834 } 2835 } else { 2836 /* default key mgmt 8021x */ 2837 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2838 } 2839 2840 if (crypto_params->key_mgmt == 0) 2841 return QDF_STATUS_E_INVAL; 2842 2843 /* optional capabilities */ 2844 if (len >= 2) { 2845 crypto_params->rsn_caps = LE_READ_2(frm); 2846 frm += 2, len -= 2; 2847 } else if (len && len < 2) { 2848 return QDF_STATUS_E_INVAL; 2849 } 2850 2851 2852 /* PMKID */ 2853 if (len >= 2) { 2854 n = LE_READ_2(frm); 2855 frm += 2, len -= 2; 2856 if (n && len) { 2857 if (len >= n * PMKID_LEN) 2858 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2859 else 2860 return QDF_STATUS_E_INVAL; 2861 } else if (n && !len) { 2862 return QDF_STATUS_E_INVAL; 2863 } 2864 /*TODO: Save pmkid in params for further reference */ 2865 } else if (len == 1) { 2866 crypto_err("PMKID is truncated"); 2867 return QDF_STATUS_E_INVAL; 2868 } 2869 2870 /* BIP */ 2871 if (!len) { 2872 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2873 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 2874 SET_MGMT_CIPHER(crypto_params, 2875 WLAN_CRYPTO_CIPHER_AES_CMAC); 2876 return QDF_STATUS_SUCCESS; 2877 } else if (len < 4) { 2878 crypto_err("Mgmt cipher is truncated"); 2879 return QDF_STATUS_E_INVAL; 2880 } 2881 w = wlan_crypto_rsn_suite_to_cipher(frm); 2882 frm += 4, len -= 4; 2883 SET_MGMT_CIPHER(crypto_params, w); 2884 2885 return QDF_STATUS_SUCCESS; 2886 } 2887 2888 /** 2889 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2890 * @vdev: vdev 2891 * @iebuf: ie buffer 2892 * 2893 * This function gets called by mlme to build wpaie from given vdev 2894 * 2895 * Return: end of buffer 2896 */ 2897 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2898 uint8_t *iebuf){ 2899 uint8_t *frm = iebuf; 2900 uint8_t *selcnt; 2901 struct wlan_crypto_comp_priv *crypto_priv; 2902 struct wlan_crypto_params *crypto_params; 2903 2904 if (!frm) 2905 return NULL; 2906 2907 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2908 2909 if (!crypto_params) 2910 return NULL; 2911 2912 *frm++ = WLAN_ELEMID_VENDOR; 2913 *frm++ = 0; 2914 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2915 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2916 2917 2918 /* multicast cipher */ 2919 if (MCIPHER_IS_TKIP(crypto_params)) 2920 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2921 else if (MCIPHER_IS_CCMP128(crypto_params)) 2922 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2923 2924 /* unicast cipher list */ 2925 selcnt = frm; 2926 WLAN_CRYPTO_ADDSHORT(frm, 0); 2927 /* do not use CCMP unicast cipher in WPA mode */ 2928 if (UCIPHER_IS_CCMP128(crypto_params)) { 2929 selcnt[0]++; 2930 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2931 } 2932 if (UCIPHER_IS_TKIP(crypto_params)) { 2933 selcnt[0]++; 2934 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2935 } 2936 2937 /* authenticator selector list */ 2938 selcnt = frm; 2939 WLAN_CRYPTO_ADDSHORT(frm, 0); 2940 2941 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2942 selcnt[0]++; 2943 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2944 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2945 selcnt[0]++; 2946 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2947 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2948 selcnt[0]++; 2949 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2950 } else { 2951 selcnt[0]++; 2952 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2953 } 2954 2955 /* optional capabilities */ 2956 if (crypto_params->rsn_caps != 0 && 2957 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2958 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2959 } 2960 2961 /* calculate element length */ 2962 iebuf[1] = frm - iebuf - 2; 2963 2964 return frm; 2965 } 2966 2967 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 2968 uint8_t *iebuf, 2969 struct wlan_crypto_pmksa *pmksa) 2970 { 2971 uint8_t *frm = iebuf; 2972 uint8_t *selcnt; 2973 struct wlan_crypto_comp_priv *crypto_priv; 2974 struct wlan_crypto_params *crypto_params; 2975 2976 if (!frm) { 2977 return NULL; 2978 } 2979 2980 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2981 2982 if (!crypto_params) { 2983 return NULL; 2984 } 2985 2986 *frm++ = WLAN_ELEMID_RSN; 2987 *frm++ = 0; 2988 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2989 2990 2991 /* multicast cipher */ 2992 if (MCIPHER_IS_TKIP(crypto_params)) 2993 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2994 else if (MCIPHER_IS_CCMP128(crypto_params)) 2995 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2996 else if (MCIPHER_IS_CCMP256(crypto_params)) 2997 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2998 else if (MCIPHER_IS_GCMP128(crypto_params)) 2999 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 3000 else if (MCIPHER_IS_GCMP256(crypto_params)) 3001 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 3002 3003 /* unicast cipher list */ 3004 selcnt = frm; 3005 WLAN_CRYPTO_ADDSHORT(frm, 0); 3006 3007 if (UCIPHER_IS_CCMP256(crypto_params)) { 3008 selcnt[0]++; 3009 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 3010 } 3011 if (UCIPHER_IS_GCMP256(crypto_params)) { 3012 selcnt[0]++; 3013 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 3014 } 3015 if (UCIPHER_IS_CCMP128(crypto_params)) { 3016 selcnt[0]++; 3017 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3018 } 3019 if (UCIPHER_IS_GCMP128(crypto_params)) { 3020 selcnt[0]++; 3021 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 3022 } 3023 if (UCIPHER_IS_TKIP(crypto_params)) { 3024 selcnt[0]++; 3025 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3026 } 3027 3028 /* authenticator selector list */ 3029 selcnt = frm; 3030 WLAN_CRYPTO_ADDSHORT(frm, 0); 3031 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 3032 selcnt[0]++; 3033 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 3034 /* Other key mgmt should not be added after CCKM */ 3035 goto add_rsn_caps; 3036 } 3037 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 3038 selcnt[0]++; 3039 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 3040 } 3041 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 3042 selcnt[0]++; 3043 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 3044 } 3045 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 3046 selcnt[0]++; 3047 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3048 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 3049 } 3050 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 3051 selcnt[0]++; 3052 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 3053 } 3054 if (HAS_KEY_MGMT(crypto_params, 3055 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 3056 selcnt[0]++; 3057 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3058 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 3059 } 3060 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 3061 selcnt[0]++; 3062 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 3063 } 3064 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 3065 selcnt[0]++; 3066 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 3067 } 3068 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 3069 selcnt[0]++; 3070 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 3071 } 3072 if (HAS_KEY_MGMT(crypto_params, 3073 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 3074 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 3075 3076 selcnt[0]++; 3077 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3078 } 3079 if (HAS_KEY_MGMT(crypto_params, 3080 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 3081 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 3082 3083 selcnt[0]++; 3084 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3085 } 3086 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 3087 selcnt[0]++; 3088 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 3089 } 3090 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 3091 selcnt[0]++; 3092 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 3093 } 3094 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 3095 selcnt[0]++; 3096 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3097 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 3098 } 3099 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 3100 selcnt[0]++; 3101 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3102 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 3103 } 3104 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 3105 selcnt[0]++; 3106 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 3107 } 3108 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 3109 selcnt[0]++; 3110 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 3111 } 3112 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 3113 selcnt[0]++; 3114 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 3115 } 3116 if (HAS_KEY_MGMT(crypto_params, 3117 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) { 3118 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 3119 3120 selcnt[0]++; 3121 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3122 } 3123 add_rsn_caps: 3124 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3125 /* optional capabilities */ 3126 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 3127 /* PMK list */ 3128 if (pmksa) { 3129 WLAN_CRYPTO_ADDSHORT(frm, 1); 3130 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3131 frm += PMKID_LEN; 3132 } else { 3133 WLAN_CRYPTO_ADDSHORT(frm, 0); 3134 } 3135 3136 if (HAS_MGMT_CIPHER(crypto_params, 3137 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 3138 RSN_ADD_CIPHER_TO_SUITE(frm, 3139 WLAN_CRYPTO_CIPHER_AES_CMAC); 3140 } 3141 if (HAS_MGMT_CIPHER(crypto_params, 3142 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 3143 RSN_ADD_CIPHER_TO_SUITE(frm, 3144 WLAN_CRYPTO_CIPHER_AES_GMAC); 3145 } 3146 if (HAS_MGMT_CIPHER(crypto_params, 3147 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 3148 RSN_ADD_CIPHER_TO_SUITE(frm, 3149 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3150 ); 3151 } 3152 3153 if (HAS_MGMT_CIPHER(crypto_params, 3154 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3155 RSN_ADD_CIPHER_TO_SUITE(frm, 3156 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3157 ); 3158 } 3159 } else { 3160 /* PMK list */ 3161 if (pmksa) { 3162 WLAN_CRYPTO_ADDSHORT(frm, 1); 3163 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3164 frm += PMKID_LEN; 3165 } 3166 } 3167 3168 /* calculate element length */ 3169 iebuf[1] = frm - iebuf - 2; 3170 3171 return frm; 3172 } 3173 3174 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3175 uint8_t *iebuf, 3176 struct qdf_mac_addr *bssid) 3177 { 3178 struct wlan_crypto_pmksa *pmksa = NULL; 3179 3180 if (bssid) 3181 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3182 3183 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3184 } 3185 3186 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3187 struct wlan_crypto_params *crypto_params){ 3188 struct wlan_crypto_params *my_crypto_params; 3189 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3190 3191 if (!my_crypto_params) { 3192 crypto_debug("vdev crypto params is NULL"); 3193 return false; 3194 } 3195 /* 3196 * Check peer's pairwise ciphers. 3197 * At least one must match with our unicast cipher 3198 */ 3199 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3200 crypto_debug("Unicast cipher match failed"); 3201 return false; 3202 } 3203 /* 3204 * Check peer's group cipher is our enabled multicast cipher. 3205 */ 3206 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3207 crypto_debug("Multicast cipher match failed"); 3208 return false; 3209 } 3210 /* 3211 * Check peer's key management class set (PSK or UNSPEC) 3212 */ 3213 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3214 crypto_debug("Key mgmt match failed"); 3215 return false; 3216 } 3217 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3218 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3219 crypto_debug("Peer is not PMF capable"); 3220 return false; 3221 } 3222 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3223 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3224 crypto_debug("Peer needs PMF, but vdev is not capable"); 3225 return false; 3226 } 3227 3228 return true; 3229 } 3230 3231 /* 3232 * Convert an WAPI CIPHER suite to to an internal code. 3233 */ 3234 static int32_t wlan_crypto_wapi_suite_to_cipher(const uint8_t *sel) 3235 { 3236 uint32_t w = LE_READ_4(sel); 3237 int32_t status = -1; 3238 3239 switch (w) { 3240 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3241 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3242 } 3243 3244 return status; 3245 } 3246 3247 /* 3248 * Convert an WAPI key management/authentication algorithm 3249 * to an internal code. 3250 */ 3251 static int32_t wlan_crypto_wapi_keymgmt(const u_int8_t *sel) 3252 { 3253 uint32_t w = LE_READ_4(sel); 3254 int32_t status = -1; 3255 3256 switch (w) { 3257 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3258 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3259 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3260 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3261 } 3262 3263 return status; 3264 } 3265 3266 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3267 const uint8_t *frm) 3268 { 3269 uint8_t len = frm[1]; 3270 int32_t w; 3271 int n; 3272 3273 /* 3274 * Check the length once for fixed parts: OUI, type, 3275 * version, mcast cipher, and 2 selector counts. 3276 * Other, variable-length data, must be checked separately. 3277 */ 3278 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3279 3280 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3281 return QDF_STATUS_E_INVAL; 3282 3283 3284 frm += 2; 3285 3286 w = LE_READ_2(frm); 3287 frm += 2, len -= 2; 3288 if (w != WAPI_VERSION) 3289 return QDF_STATUS_E_INVAL; 3290 3291 n = LE_READ_2(frm); 3292 frm += 2, len -= 2; 3293 if (len < n*4+2) 3294 return QDF_STATUS_E_INVAL; 3295 3296 for (; n > 0; n--) { 3297 w = wlan_crypto_wapi_keymgmt(frm); 3298 if (w < 0) 3299 return QDF_STATUS_E_INVAL; 3300 3301 SET_KEY_MGMT(crypto_params, w); 3302 frm += 4, len -= 4; 3303 } 3304 3305 /* unicast ciphers */ 3306 n = LE_READ_2(frm); 3307 frm += 2, len -= 2; 3308 if (len < n*4+2) 3309 return QDF_STATUS_E_INVAL; 3310 3311 for (; n > 0; n--) { 3312 w = wlan_crypto_wapi_suite_to_cipher(frm); 3313 if (w < 0) 3314 return QDF_STATUS_E_INVAL; 3315 SET_UCAST_CIPHER(crypto_params, w); 3316 frm += 4, len -= 4; 3317 } 3318 3319 if (!crypto_params->ucastcipherset) 3320 return QDF_STATUS_E_INVAL; 3321 3322 /* multicast/group cipher */ 3323 w = wlan_crypto_wapi_suite_to_cipher(frm); 3324 3325 if (w < 0) 3326 return QDF_STATUS_E_INVAL; 3327 3328 SET_MCAST_CIPHER(crypto_params, w); 3329 frm += 4, len -= 4; 3330 3331 return QDF_STATUS_SUCCESS; 3332 } 3333 3334 /** 3335 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3336 * @vdev: vdev 3337 * @iebuf: ie buffer 3338 * 3339 * This function gets called by mlme to build wapi ie from given vdev 3340 * 3341 * Return: end of buffer 3342 */ 3343 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3344 uint8_t *iebuf) 3345 { 3346 uint8_t *frm; 3347 uint8_t *selcnt; 3348 struct wlan_crypto_comp_priv *crypto_priv; 3349 struct wlan_crypto_params *crypto_params; 3350 3351 frm = iebuf; 3352 if (!frm) { 3353 crypto_err("ie buffer NULL"); 3354 return NULL; 3355 } 3356 3357 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3358 3359 if (!crypto_params) { 3360 crypto_err("crypto_params NULL"); 3361 return NULL; 3362 } 3363 3364 *frm++ = WLAN_ELEMID_WAPI; 3365 *frm++ = 0; 3366 3367 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3368 3369 /* authenticator selector list */ 3370 selcnt = frm; 3371 WLAN_CRYPTO_ADDSHORT(frm, 0); 3372 3373 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3374 selcnt[0]++; 3375 WLAN_CRYPTO_ADDSELECTOR(frm, 3376 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3377 } 3378 3379 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3380 selcnt[0]++; 3381 WLAN_CRYPTO_ADDSELECTOR(frm, 3382 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3383 } 3384 3385 /* unicast cipher list */ 3386 selcnt = frm; 3387 WLAN_CRYPTO_ADDSHORT(frm, 0); 3388 3389 if (UCIPHER_IS_SMS4(crypto_params)) { 3390 selcnt[0]++; 3391 WLAN_CRYPTO_ADDSELECTOR(frm, 3392 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3393 } 3394 3395 WLAN_CRYPTO_ADDSELECTOR(frm, 3396 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3397 3398 /* optional capabilities */ 3399 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3400 3401 /* bkid count */ 3402 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3403 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3404 WLAN_CRYPTO_ADDSHORT(frm, 0); 3405 3406 /* calculate element length */ 3407 iebuf[1] = frm - iebuf - 2; 3408 3409 return frm; 3410 3411 } 3412 3413 /** 3414 * wlan_crypto_pn_check - called by data patch for PN check 3415 * @vdev: vdev 3416 * @wbuf: wbuf 3417 * 3418 * This function gets called by data patch for PN check 3419 * 3420 * Return: QDF_STATUS 3421 */ 3422 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3423 qdf_nbuf_t wbuf){ 3424 /* Need to check is there real requirement for this function 3425 * as PN check is already handled in decap function. 3426 */ 3427 return QDF_STATUS_SUCCESS; 3428 } 3429 3430 /** 3431 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3432 * @vdev:vdev 3433 * 3434 * This function gets called by mlme to get crypto params 3435 * 3436 * Return: wlan_crypto_params or NULL in case of failure 3437 */ 3438 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3439 struct wlan_objmgr_vdev *vdev){ 3440 struct wlan_crypto_comp_priv *crypto_priv; 3441 3442 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3443 } 3444 3445 /** 3446 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3447 * @peer:peer 3448 * 3449 * This function gets called by mlme to get crypto params 3450 * 3451 * Return: wlan_crypto_params or NULL in case of failure 3452 */ 3453 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3454 struct wlan_objmgr_peer *peer){ 3455 struct wlan_crypto_comp_priv *crypto_priv; 3456 3457 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3458 } 3459 3460 3461 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3462 struct wlan_objmgr_peer *peer) 3463 { 3464 struct wlan_crypto_comp_priv *crypto_priv; 3465 struct wlan_crypto_comp_priv *sta_crypto_priv; 3466 struct wlan_crypto_params *crypto_params; 3467 struct wlan_crypto_key *key; 3468 struct wlan_crypto_key *sta_key; 3469 struct wlan_crypto_cipher *cipher_table; 3470 struct wlan_objmgr_psoc *psoc; 3471 struct wlan_lmac_if_tx_ops *tx_ops; 3472 uint8_t *mac_addr; 3473 int i; 3474 enum QDF_OPMODE opmode; 3475 QDF_STATUS status = QDF_STATUS_SUCCESS; 3476 3477 if (!vdev) 3478 return QDF_STATUS_E_NULL_VALUE; 3479 3480 if (!peer) { 3481 crypto_debug("peer NULL"); 3482 return QDF_STATUS_E_INVAL; 3483 } 3484 3485 opmode = wlan_vdev_mlme_get_opmode(vdev); 3486 psoc = wlan_vdev_get_psoc(vdev); 3487 3488 if (!psoc) { 3489 crypto_err("psoc NULL"); 3490 return QDF_STATUS_E_NULL_VALUE; 3491 } 3492 3493 wlan_peer_obj_lock(peer); 3494 mac_addr = wlan_peer_get_macaddr(peer); 3495 wlan_peer_obj_unlock(peer); 3496 3497 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3498 &crypto_priv); 3499 if (!crypto_priv) { 3500 crypto_err("crypto_priv NULL"); 3501 return QDF_STATUS_E_NULL_VALUE; 3502 } 3503 3504 /* push only valid static WEP keys from vap */ 3505 if (AUTH_IS_8021X(crypto_params)) 3506 return QDF_STATUS_E_INVAL; 3507 3508 if (opmode == QDF_STA_MODE) { 3509 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3510 if (!peer) { 3511 crypto_debug("peer NULL"); 3512 return QDF_STATUS_E_INVAL; 3513 } 3514 } 3515 3516 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3517 if (!sta_crypto_priv) { 3518 crypto_err("sta priv is null"); 3519 status = QDF_STATUS_E_INVAL; 3520 goto exit; 3521 } 3522 3523 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3524 if (crypto_priv->key[i]) { 3525 key = crypto_priv->key[i]; 3526 if (!key || !key->valid) 3527 continue; 3528 3529 cipher_table = (struct wlan_crypto_cipher *) 3530 key->cipher_table; 3531 3532 if (!cipher_table) 3533 continue; 3534 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3535 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3536 if (!tx_ops) { 3537 crypto_err("tx_ops is NULL"); 3538 return QDF_STATUS_E_INVAL; 3539 } 3540 3541 sta_key = qdf_mem_malloc( 3542 sizeof(struct wlan_crypto_key)); 3543 if (!sta_key) { 3544 status = QDF_STATUS_E_NOMEM; 3545 goto exit; 3546 } 3547 3548 sta_crypto_priv->key[i] = sta_key; 3549 qdf_mem_copy(sta_key, key, 3550 sizeof(struct wlan_crypto_key)); 3551 3552 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3553 3554 if (crypto_priv->def_tx_keyid == i) { 3555 sta_key->flags 3556 |= WLAN_CRYPTO_KEY_DEFAULT; 3557 sta_crypto_priv->def_tx_keyid = 3558 crypto_priv->def_tx_keyid; 3559 } 3560 /* setting the broadcast/multicast key for sta*/ 3561 if (opmode == QDF_STA_MODE || 3562 opmode == QDF_IBSS_MODE){ 3563 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3564 WLAN_CRYPTO_TX_OPS_SETKEY( 3565 tx_ops)(vdev, sta_key, 3566 mac_addr, 3567 cipher_table->cipher); 3568 } 3569 } 3570 3571 /* setting unicast key */ 3572 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3573 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3574 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3575 vdev, sta_key, 3576 mac_addr, 3577 cipher_table->cipher); 3578 } 3579 } 3580 } 3581 } 3582 3583 exit: 3584 if (opmode == QDF_STA_MODE) 3585 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3586 3587 return status; 3588 } 3589 3590 /** 3591 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3592 * @crypto_rx_ops: crypto_rx_ops 3593 * 3594 * This function gets called by object manger to register crypto rx ops. 3595 * 3596 * Return: QDF_STATUS 3597 */ 3598 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3599 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3600 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3601 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3602 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3603 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3604 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3605 3606 return QDF_STATUS_SUCCESS; 3607 } 3608 3609 /** 3610 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3611 * @psoc: psoc 3612 * 3613 * This function gets called by umac to get the crypto_rx_ops 3614 * 3615 * Return: crypto_rx_ops 3616 */ 3617 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3618 struct wlan_objmgr_psoc *psoc) 3619 { 3620 struct wlan_lmac_if_rx_ops *rx_ops; 3621 3622 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3623 3624 if (!rx_ops) { 3625 crypto_err("rx_ops is NULL"); 3626 return NULL; 3627 } 3628 3629 return &rx_ops->crypto_rx_ops; 3630 } 3631 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3632 3633 /** 3634 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3635 * @vdev: vdev 3636 * @authvalue: authvalue to be checked 3637 * 3638 * This function check is authvalue passed is set in vdev or not 3639 * 3640 * Return: true or false 3641 */ 3642 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3643 wlan_crypto_auth_mode authvalue) 3644 { 3645 int res; 3646 3647 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE); 3648 3649 if (res != -1) 3650 return (res & authvalue) ? true : false; 3651 return false; 3652 } 3653 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3654 3655 /** 3656 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3657 * @peer: peer 3658 * @authvalue: authvalue to be checked 3659 * 3660 * This function check is authvalue passed is set in peer or not 3661 * 3662 * Return: true or false 3663 */ 3664 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3665 wlan_crypto_auth_mode authvalue) 3666 { 3667 int res; 3668 3669 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE); 3670 3671 if (res != -1) 3672 return (res & authvalue) ? true : false; 3673 3674 return false; 3675 } 3676 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3677 3678 /** 3679 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3680 * @vdev: vdev 3681 * @ucastcipher: ucastcipher to be checked 3682 * 3683 * This function check is ucastcipher passed is set in vdev or not 3684 * 3685 * Return: true or false 3686 */ 3687 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3688 wlan_crypto_cipher_type ucastcipher) 3689 { 3690 int res; 3691 3692 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3693 3694 if (res != -1) 3695 return (res & ucastcipher) ? true : false; 3696 3697 return false; 3698 } 3699 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3700 3701 /** 3702 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3703 * @peer: peer 3704 * @ucastcipher: ucastcipher to be checked 3705 * 3706 * This function check is ucastcipher passed is set in peer or not 3707 * 3708 * Return: true or false 3709 */ 3710 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3711 wlan_crypto_cipher_type ucastcipher) 3712 { 3713 int res; 3714 3715 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3716 3717 if (res != -1) 3718 return (res & ucastcipher) ? true : false; 3719 3720 return false; 3721 } 3722 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3723 3724 /** 3725 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3726 * @vdev: vdev 3727 * @mcastcipher: mcastcipher to be checked 3728 * 3729 * This function check is mcastcipher passed is set in vdev or not 3730 * 3731 * Return: true or false 3732 */ 3733 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3734 wlan_crypto_cipher_type mcastcipher) 3735 { 3736 int res; 3737 3738 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3739 3740 if (res != -1) 3741 return (res & mcastcipher) ? true : false; 3742 3743 return false; 3744 } 3745 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3746 3747 /** 3748 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3749 * @peer: peer 3750 * @mcastcipher: mcastcipher to be checked 3751 * 3752 * This function check is mcastcipher passed is set in peer or not 3753 * 3754 * Return: true or false 3755 */ 3756 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3757 wlan_crypto_cipher_type mcastcipher) 3758 { 3759 int res; 3760 3761 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3762 3763 if (res != -1) 3764 return (res & mcastcipher) ? true : false; 3765 3766 return false; 3767 } 3768 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3769 3770 /** 3771 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3772 * @vdev: vdev 3773 * @mgmtcipher: mgmtcipher to be checked 3774 * 3775 * This function checks any one of mgmtciphers are supported by vdev or not. 3776 * 3777 * Return: true or false 3778 */ 3779 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3780 uint32_t mgmtcipher) 3781 { 3782 int res; 3783 3784 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3785 3786 if (res != -1) 3787 return (res & mgmtcipher) ? true : false; 3788 3789 return false; 3790 } 3791 3792 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3793 3794 /** 3795 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3796 * @peer: peer 3797 * @mgmtcipher: mgmtcipher to be checked 3798 * 3799 * This function checks any one of mgmtciphers are supported by peer or not 3800 * 3801 * Return: true or false 3802 */ 3803 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3804 uint32_t mgmtcipher) 3805 { 3806 int res; 3807 3808 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3809 3810 if (res != -1) 3811 return (res & mgmtcipher) ? true : false; 3812 3813 return false; 3814 } 3815 3816 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3817 3818 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3819 { 3820 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3821 3822 if (!peer) { 3823 crypto_err("Invalid Input"); 3824 return 0; 3825 } 3826 3827 crypto_priv = wlan_get_peer_crypto_obj(peer); 3828 if (!crypto_priv) { 3829 crypto_err("crypto_priv NULL"); 3830 return 0; 3831 } 3832 3833 return crypto_priv->fils_aead_set; 3834 } 3835 3836 void 3837 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3838 { 3839 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3840 3841 if (!peer) { 3842 crypto_err("Invalid Input"); 3843 return; 3844 } 3845 3846 crypto_priv = wlan_get_peer_crypto_obj(peer); 3847 if (!crypto_priv) { 3848 crypto_err("crypto_priv NULL"); 3849 return; 3850 } 3851 3852 crypto_priv->fils_aead_set = value; 3853 } 3854 3855 /** 3856 * wlan_crypto_get_key_header - get header length 3857 * @key: key 3858 * 3859 * This function gets header length based on keytype 3860 * 3861 * Return: header length 3862 */ 3863 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3864 { 3865 struct wlan_crypto_cipher *cipher_table; 3866 3867 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3868 if (cipher_table) 3869 return cipher_table->header; 3870 else 3871 return 0; 3872 } 3873 3874 qdf_export_symbol(wlan_crypto_get_key_header); 3875 3876 /** 3877 * wlan_crypto_get_key_trailer - get cipher trailer length 3878 * @key: key 3879 * 3880 * This function gets cipher trailer length based on keytype 3881 * 3882 * Return: cipher trailer length 3883 */ 3884 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3885 { 3886 struct wlan_crypto_cipher *cipher_table; 3887 3888 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3889 if (cipher_table) 3890 return cipher_table->trailer; 3891 else 3892 return 0; 3893 } 3894 3895 qdf_export_symbol(wlan_crypto_get_key_trailer); 3896 3897 /** 3898 * wlan_crypto_get_key_miclen - get cipher miclen length 3899 * @key: key 3900 * 3901 * This function gets cipher miclen length based on keytype 3902 * 3903 * Return: cipher miclen length 3904 */ 3905 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3906 { 3907 struct wlan_crypto_cipher *cipher_table; 3908 3909 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3910 if (cipher_table) 3911 return cipher_table->miclen; 3912 else 3913 return 0; 3914 } 3915 3916 qdf_export_symbol(wlan_crypto_get_key_miclen); 3917 3918 /** 3919 * wlan_crypto_get_keyid - get keyid from frame 3920 * @data: frame 3921 * 3922 * This function parse frame and returns keyid 3923 * 3924 * Return: keyid 3925 */ 3926 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3927 { 3928 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3929 uint8_t *iv; 3930 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3931 3932 /* 3933 * In FILS SK (Re)Association request/response frame has 3934 * to be decrypted 3935 */ 3936 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3937 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3938 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3939 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3940 return 0; 3941 } 3942 3943 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3944 iv = data + hdrlen; 3945 /* 3946 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3947 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3948 */ 3949 return ((iv[3] >> 6) & 0x3); 3950 } else { 3951 return WLAN_CRYPTO_KEYIX_NONE; 3952 } 3953 } 3954 3955 qdf_export_symbol(wlan_crypto_get_keyid); 3956 3957 /** 3958 * crypto_plumb_peer_keys - called during radio reset 3959 * @vdev: vdev 3960 * @object: peer 3961 * @arg: psoc 3962 * 3963 * Restore unicast and persta hardware keys 3964 * 3965 * Return: void 3966 */ 3967 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3968 void *object, void *arg) { 3969 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3970 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3971 struct wlan_crypto_comp_priv *crypto_priv; 3972 struct wlan_crypto_params *crypto_params; 3973 struct wlan_crypto_key *key = NULL; 3974 struct wlan_lmac_if_tx_ops *tx_ops; 3975 int i; 3976 3977 if ((!peer) || (!vdev) || (!psoc)) { 3978 crypto_err("Peer or vdev or psoc objects are null!"); 3979 return; 3980 } 3981 3982 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3983 &crypto_priv); 3984 3985 if (!crypto_priv) { 3986 crypto_err("crypto_priv NULL"); 3987 return; 3988 } 3989 3990 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3991 key = crypto_priv->key[i]; 3992 if (key && key->valid) { 3993 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3994 3995 if (!tx_ops) { 3996 crypto_err("tx_ops is NULL"); 3997 return; 3998 } 3999 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 4000 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 4001 ( 4002 vdev, 4003 key, 4004 wlan_peer_get_macaddr(peer), 4005 wlan_crypto_get_key_type(key) 4006 ); 4007 } 4008 } 4009 } 4010 } 4011 4012 /** 4013 * wlan_crypto_restore_keys - called during radio reset 4014 * @vdev: vdev 4015 * 4016 * Clear and restore keycache, needed for some DA chipsets which put 4017 * random values in keycache when phy reset is triggered 4018 * 4019 * Return: void 4020 */ 4021 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 4022 { 4023 int i; 4024 struct wlan_crypto_comp_priv *crypto_priv; 4025 struct wlan_crypto_params *crypto_params; 4026 struct wlan_crypto_key *key; 4027 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 4028 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 4029 struct wlan_objmgr_pdev *pdev = NULL; 4030 struct wlan_objmgr_psoc *psoc = NULL; 4031 struct wlan_lmac_if_tx_ops *tx_ops; 4032 4033 pdev = wlan_vdev_get_pdev(vdev); 4034 psoc = wlan_vdev_get_psoc(vdev); 4035 if (!pdev) { 4036 crypto_err("pdev is NULL"); 4037 return; 4038 } 4039 if (!psoc) { 4040 crypto_err("psoc is NULL"); 4041 return; 4042 } 4043 4044 /* TBD: QWRAP key restore*/ 4045 /* crypto is on */ 4046 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 4047 /* restore static shared keys */ 4048 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 4049 crypto_params = wlan_crypto_vdev_get_comp_params 4050 ( 4051 vdev, 4052 &crypto_priv 4053 ); 4054 if (!crypto_priv) { 4055 crypto_err("crypto_priv is NULL"); 4056 return; 4057 } 4058 key = crypto_priv->key[i]; 4059 if (key && key->valid) { 4060 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4061 if (!tx_ops) { 4062 crypto_err("tx_ops is NULL"); 4063 return; 4064 } 4065 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 4066 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 4067 ( 4068 vdev, 4069 key, 4070 macaddr, 4071 wlan_crypto_get_key_type(key) 4072 ); 4073 } 4074 } 4075 } 4076 4077 wlan_objmgr_iterate_peerobj_list(vdev, 4078 crypto_plumb_peer_keys, 4079 psoc, 4080 WLAN_CRYPTO_ID); 4081 } 4082 } 4083 4084 QDF_STATUS 4085 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 4086 const uint8_t *ie_ptr, uint16_t ie_len) 4087 { 4088 const uint8_t *rsn_ie = NULL; 4089 QDF_STATUS status; 4090 4091 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4092 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 4093 if (!rsn_ie) { 4094 crypto_debug("RSN IE not present"); 4095 return QDF_STATUS_E_INVAL; 4096 } 4097 4098 status = wlan_crypto_rsnie_check(crypto_params, rsn_ie); 4099 if (QDF_STATUS_SUCCESS != status) { 4100 crypto_err("RSN IE check failed"); 4101 return status; 4102 } 4103 4104 return QDF_STATUS_SUCCESS; 4105 } 4106 4107 QDF_STATUS 4108 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 4109 const uint8_t *ie_ptr, uint16_t ie_len) 4110 { 4111 const uint8_t *wpa_ie = NULL; 4112 uint32_t wpa_oui; 4113 QDF_STATUS status; 4114 4115 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4116 4117 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 4118 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 4119 WLAN_OUI_SIZE, ie_ptr, ie_len); 4120 if (!wpa_ie) { 4121 crypto_debug("WPA IE not present"); 4122 return QDF_STATUS_E_INVAL; 4123 } 4124 4125 status = wlan_crypto_wpaie_check(crypto_params, wpa_ie); 4126 if (QDF_STATUS_SUCCESS != status) { 4127 crypto_err("WPA IE check failed"); 4128 return status; 4129 } 4130 4131 return QDF_STATUS_SUCCESS; 4132 } 4133 4134 #ifdef FEATURE_WLAN_WAPI 4135 QDF_STATUS 4136 wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params *crypto_params, 4137 const uint8_t *ie_ptr, uint16_t ie_len) 4138 { 4139 const uint8_t *wapi_ie; 4140 QDF_STATUS status; 4141 4142 qdf_mem_zero(crypto_params, sizeof(*crypto_params)); 4143 wapi_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_WAPI, ie_ptr, ie_len); 4144 if (!wapi_ie) { 4145 crypto_debug("WAPI ie not present"); 4146 return QDF_STATUS_E_INVAL; 4147 } 4148 4149 status = wlan_crypto_wapiie_check(crypto_params, wapi_ie); 4150 if (QDF_IS_STATUS_ERROR(status)) { 4151 crypto_err("WAPI IE check failed"); 4152 return status; 4153 } 4154 4155 return QDF_STATUS_SUCCESS; 4156 } 4157 #endif 4158 4159 /** 4160 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 4161 * @psoc: psoc pointer 4162 * @vdev_id: vdev id 4163 * @ie_ptr: pointer to IEs 4164 * @ie_len: IE length 4165 * @peer_crypto_params: return peer crypto parameters 4166 * 4167 * This function gets called from ucfg to check RSN match. 4168 * 4169 * Return: true or false 4170 */ 4171 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 4172 uint8_t vdev_id, uint8_t *ie_ptr, 4173 uint16_t ie_len, struct wlan_crypto_params * 4174 peer_crypto_params) 4175 { 4176 struct wlan_objmgr_vdev *vdev; 4177 bool match = true; 4178 QDF_STATUS status; 4179 4180 if (!psoc) { 4181 crypto_err("PSOC is NULL"); 4182 return false; 4183 } 4184 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 4185 ie_ptr, ie_len); 4186 if (QDF_STATUS_SUCCESS != status) { 4187 crypto_err("get crypto prarams from RSN IE failed"); 4188 return false; 4189 } 4190 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4191 WLAN_CRYPTO_ID); 4192 if (!vdev) { 4193 crypto_err("vdev is NULL"); 4194 return false; 4195 } 4196 4197 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4198 4199 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4200 4201 return match; 4202 } 4203 4204 /** 4205 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 4206 * @psoc: psoc pointer 4207 * @vdev_id: vdev id 4208 * @ie_ptr: pointer to IEs 4209 * @ie_len: IE length 4210 * @peer_crypto_params: return peer crypto parameters 4211 * 4212 * This function gets called from ucfg to check WPA match. 4213 * 4214 * Return: true or false 4215 */ 4216 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 4217 uint8_t vdev_id, uint8_t *ie_ptr, 4218 uint16_t ie_len, struct wlan_crypto_params * 4219 peer_crypto_params) 4220 { 4221 struct wlan_objmgr_vdev *vdev; 4222 bool match = true; 4223 QDF_STATUS status; 4224 4225 if (!psoc) { 4226 crypto_err("PSOC is NULL"); 4227 return false; 4228 } 4229 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4230 WLAN_CRYPTO_ID); 4231 if (!vdev) { 4232 crypto_err("vdev is NULL"); 4233 return false; 4234 } 4235 4236 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 4237 ie_ptr, ie_len); 4238 if (QDF_STATUS_SUCCESS != status) { 4239 crypto_err("get crypto prarams from WPA IE failed"); 4240 match = false; 4241 goto send_res; 4242 } 4243 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4244 4245 send_res: 4246 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4247 4248 return match; 4249 } 4250 4251 4252 static void 4253 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4254 struct wlan_crypto_params *src_params) 4255 { 4256 dst_params->authmodeset |= src_params->authmodeset; 4257 dst_params->ucastcipherset |= src_params->ucastcipherset; 4258 dst_params->mcastcipherset |= src_params->mcastcipherset; 4259 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4260 dst_params->cipher_caps |= src_params->cipher_caps; 4261 dst_params->key_mgmt |= src_params->key_mgmt; 4262 dst_params->rsn_caps |= src_params->rsn_caps; 4263 } 4264 4265 static void 4266 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4267 { 4268 params->authmodeset = 0; 4269 params->ucastcipherset = 0; 4270 params->mcastcipherset = 0; 4271 params->mgmtcipherset = 0; 4272 params->key_mgmt = 0; 4273 params->rsn_caps = 0; 4274 } 4275 4276 const uint8_t * 4277 wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len) 4278 { 4279 uint8_t len; 4280 const uint8_t *ie; 4281 4282 if (!rsnxe_ie) 4283 return NULL; 4284 4285 ie = rsnxe_ie; 4286 len = ie[1]; 4287 ie += 2; 4288 4289 if (!len) 4290 return NULL; 4291 4292 *cap_len = ie[0] & 0xf; 4293 4294 return ie; 4295 } 4296 4297 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4298 uint8_t *ie_ptr, 4299 uint16_t ie_len) 4300 { 4301 struct wlan_crypto_params crypto_params; 4302 QDF_STATUS status; 4303 struct wlan_crypto_params *vdev_crypto_params; 4304 struct wlan_crypto_comp_priv *crypto_priv; 4305 bool send_fail = false; 4306 4307 if (!vdev) { 4308 crypto_err("VDEV is NULL"); 4309 return QDF_STATUS_E_FAILURE; 4310 } 4311 4312 if (!ie_ptr) { 4313 crypto_err("IE ptr is NULL"); 4314 return QDF_STATUS_E_FAILURE; 4315 } 4316 4317 crypto_priv = (struct wlan_crypto_comp_priv *) 4318 wlan_get_vdev_crypto_obj(vdev); 4319 4320 if (!crypto_priv) { 4321 crypto_err("crypto_priv NULL"); 4322 return QDF_STATUS_E_FAILURE; 4323 } 4324 4325 vdev_crypto_params = &crypto_priv->crypto_params; 4326 4327 wlan_crypto_reset_prarams(vdev_crypto_params); 4328 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4329 ie_ptr, ie_len); 4330 if (QDF_IS_STATUS_SUCCESS(status)) 4331 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4332 else 4333 send_fail = true; 4334 4335 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4336 ie_ptr, ie_len); 4337 if (QDF_IS_STATUS_SUCCESS(status)) { 4338 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4339 send_fail = false; 4340 } 4341 4342 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4343 } 4344 4345 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4346 { 4347 struct wlan_crypto_comp_priv *crypto_priv; 4348 4349 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4350 if (!crypto_priv) { 4351 crypto_err("crypto_priv NULL"); 4352 return QDF_STATUS_E_FAILURE; 4353 } 4354 4355 if (igtk) 4356 return crypto_priv->def_igtk_tx_keyid; 4357 else 4358 return crypto_priv->def_tx_keyid; 4359 } 4360 4361 enum wlan_crypto_cipher_type 4362 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4363 bool pairwise, uint8_t key_index) 4364 { 4365 struct wlan_crypto_key *crypto_key; 4366 4367 crypto_key = wlan_crypto_get_key(vdev, key_index); 4368 4369 if (crypto_key) 4370 return crypto_key->cipher_type; 4371 else 4372 return WLAN_CRYPTO_CIPHER_INVALID; 4373 } 4374 4375 #ifdef CRYPTO_SET_KEY_CONVERGED 4376 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4377 uint8_t key_index, uint8_t key_len, 4378 uint8_t seq_len) 4379 { 4380 if (!is_valid_keyix(key_index)) { 4381 crypto_err("Invalid Key index %d", key_index); 4382 return QDF_STATUS_E_INVAL; 4383 } 4384 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4385 crypto_err("Invalid Cipher %d", cipher); 4386 return QDF_STATUS_E_INVAL; 4387 } 4388 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4389 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4390 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4391 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4392 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4393 crypto_err("Invalid key index %d for cipher %d", 4394 key_index, cipher); 4395 return QDF_STATUS_E_INVAL; 4396 } 4397 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4398 crypto_err("Invalid key length %d", key_len); 4399 return QDF_STATUS_E_INVAL; 4400 } 4401 4402 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4403 crypto_err("Invalid seq length %d", seq_len); 4404 return QDF_STATUS_E_INVAL; 4405 } 4406 4407 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4408 key_index, key_len, seq_len); 4409 4410 return QDF_STATUS_SUCCESS; 4411 } 4412 4413 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4414 uint8_t key_index, 4415 struct wlan_crypto_key *crypto_key) 4416 { 4417 struct wlan_crypto_comp_priv *crypto_priv; 4418 4419 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4420 if (!crypto_priv) { 4421 crypto_err("crypto_priv NULL"); 4422 return QDF_STATUS_E_FAILURE; 4423 } 4424 if (!is_valid_keyix(key_index)) { 4425 crypto_err("Invalid Key index %d", key_index); 4426 return QDF_STATUS_E_FAILURE; 4427 } 4428 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4429 crypto_priv->key[key_index] = crypto_key; 4430 } else if (is_igtk(key_index)) { 4431 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4432 crypto_key; 4433 crypto_priv->def_igtk_tx_keyid = 4434 key_index - WLAN_CRYPTO_MAXKEYIDX; 4435 crypto_priv->igtk_key_type = crypto_key->cipher_type; 4436 } else { 4437 crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4438 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4439 crypto_priv->def_bigtk_tx_keyid = 4440 key_index - WLAN_CRYPTO_MAXKEYIDX 4441 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4442 } 4443 crypto_key->valid = true; 4444 4445 return QDF_STATUS_SUCCESS; 4446 } 4447 4448 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4449 uint8_t key_index) 4450 { 4451 struct wlan_crypto_comp_priv *crypto_priv; 4452 4453 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4454 if (!crypto_priv) { 4455 crypto_err("crypto_priv NULL"); 4456 return NULL; 4457 } 4458 if (!is_valid_keyix(key_index)) { 4459 crypto_err("Invalid Key index %d", key_index); 4460 return NULL; 4461 } 4462 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4463 return crypto_priv->key[key_index]; 4464 else if (is_igtk(key_index)) 4465 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4466 else 4467 return crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4468 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4469 4470 return NULL; 4471 } 4472 4473 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4474 struct wlan_crypto_key *req, 4475 enum wlan_crypto_key_type key_type) 4476 { 4477 struct wlan_objmgr_psoc *psoc; 4478 struct wlan_lmac_if_tx_ops *tx_ops; 4479 4480 psoc = wlan_vdev_get_psoc(vdev); 4481 4482 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4483 if (!tx_ops) { 4484 crypto_err("tx_ops is NULL"); 4485 return QDF_STATUS_E_FAILURE; 4486 } 4487 4488 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4489 WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, key_type); 4490 else 4491 return QDF_STATUS_E_FAILURE; 4492 4493 return QDF_STATUS_SUCCESS; 4494 } 4495 4496 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4497 bool pairwise, uint8_t key_index, 4498 struct qdf_mac_addr *peer_mac) 4499 { 4500 struct wlan_crypto_key *crypto_key; 4501 4502 crypto_key = wlan_crypto_get_key(vdev, key_index); 4503 if (!crypto_key) { 4504 crypto_err("crypto_key not present for key_idx %d", key_index); 4505 return; 4506 } 4507 4508 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4509 } 4510 4511 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4512 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4513 struct wlan_objmgr_vdev *vdev, 4514 struct qdf_mac_addr *conn_bssid) 4515 { 4516 struct wlan_crypto_params *crypto_params; 4517 struct wlan_crypto_comp_priv *crypto_priv; 4518 int i; 4519 4520 crypto_priv = (struct wlan_crypto_comp_priv *) 4521 wlan_get_vdev_crypto_obj(vdev); 4522 4523 if (!crypto_priv) { 4524 crypto_err("crypto_priv NULL"); 4525 return; 4526 } 4527 4528 crypto_params = &crypto_priv->crypto_params; 4529 4530 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4531 if (!crypto_params->pmksa[i]) 4532 continue; 4533 4534 if (crypto_params->pmksa[i]->single_pmk_supported && 4535 !qdf_is_macaddr_equal(conn_bssid, 4536 &crypto_params->pmksa[i]->bssid)) { 4537 qdf_mem_zero(crypto_params->pmksa[i], 4538 sizeof(struct wlan_crypto_pmksa)); 4539 qdf_mem_free(crypto_params->pmksa[i]); 4540 crypto_params->pmksa[i] = NULL; 4541 } 4542 } 4543 } 4544 4545 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4546 struct qdf_mac_addr *bssid, 4547 bool single_pmk_capable_bss) 4548 { 4549 struct wlan_crypto_params *crypto_params; 4550 struct wlan_crypto_comp_priv *crypto_priv; 4551 int i; 4552 4553 crypto_priv = (struct wlan_crypto_comp_priv *) 4554 wlan_get_vdev_crypto_obj(vdev); 4555 4556 if (!crypto_priv) { 4557 crypto_err("crypto_priv NULL"); 4558 return; 4559 } 4560 4561 crypto_params = &crypto_priv->crypto_params; 4562 4563 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4564 if (!crypto_params->pmksa[i]) 4565 continue; 4566 4567 if (qdf_is_macaddr_equal(bssid, 4568 &crypto_params->pmksa[i]->bssid)) 4569 crypto_params->pmksa[i]->single_pmk_supported = 4570 single_pmk_capable_bss; 4571 } 4572 } 4573 #endif 4574 4575 void wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev *vdev) 4576 { 4577 struct wlan_crypto_comp_priv *crypto_priv; 4578 4579 crypto_debug("reset params for vdev %d", wlan_vdev_get_id(vdev)); 4580 crypto_priv = (struct wlan_crypto_comp_priv *) 4581 wlan_get_vdev_crypto_obj(vdev); 4582 4583 if (!crypto_priv) { 4584 crypto_err("crypto_priv NULL"); 4585 return; 4586 } 4587 4588 wlan_crypto_reset_prarams(&crypto_priv->crypto_params); 4589 } 4590 4591 QDF_STATUS wlan_crypto_psoc_enable(struct wlan_objmgr_psoc *psoc) 4592 { 4593 struct wlan_lmac_if_tx_ops *tx_ops; 4594 4595 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4596 if (!tx_ops) { 4597 crypto_err("tx_ops is NULL"); 4598 return QDF_STATUS_E_FAILURE; 4599 } 4600 4601 if (WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)) 4602 return WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)(psoc); 4603 4604 return QDF_STATUS_E_FAILURE; 4605 } 4606 4607 QDF_STATUS wlan_crypto_psoc_disable(struct wlan_objmgr_psoc *psoc) 4608 { 4609 struct wlan_lmac_if_tx_ops *tx_ops; 4610 4611 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4612 if (!tx_ops) { 4613 crypto_err("tx_ops is NULL"); 4614 return QDF_STATUS_E_FAILURE; 4615 } 4616 4617 if (WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)) 4618 return WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)(psoc); 4619 4620 return QDF_STATUS_E_FAILURE; 4621 } 4622 #endif 4623 4624 #ifdef WLAN_FEATURE_FILS_SK 4625 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len, 4626 uint8_t *rik, uint32_t *rik_len) 4627 { 4628 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN]; 4629 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL; 4630 QDF_STATUS status; 4631 4632 if (!rrk || !rik) { 4633 crypto_err("FILS rrk/rik NULL"); 4634 return QDF_STATUS_E_FAILURE; 4635 } 4636 4637 optional_data[0] = HMAC_SHA256_128; 4638 /* basic validation */ 4639 if (rrk_len <= 0) { 4640 crypto_err("invalid r_rk length %d", rrk_len); 4641 return QDF_STATUS_E_FAILURE; 4642 } 4643 4644 wlan_crypto_put_be16(&optional_data[1], rrk_len); 4645 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data, 4646 sizeof(optional_data), rik, 4647 rrk_len); 4648 if (QDF_IS_STATUS_ERROR(status)) { 4649 crypto_err("failed to create rik"); 4650 return status; 4651 } 4652 *rik_len = rrk_len; 4653 4654 return QDF_STATUS_SUCCESS; 4655 } 4656 #endif /* WLAN_FEATURE_FILS_SK */ 4657