1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 #include <qdf_types.h> 23 #include <wlan_cmn.h> 24 #include <wlan_objmgr_cmn.h> 25 #include <wlan_objmgr_global_obj.h> 26 #include <wlan_objmgr_psoc_obj.h> 27 #include <wlan_objmgr_pdev_obj.h> 28 #include <wlan_objmgr_vdev_obj.h> 29 #include <wlan_objmgr_peer_obj.h> 30 31 #include "wlan_crypto_global_def.h" 32 #include "wlan_crypto_global_api.h" 33 #include "wlan_crypto_def_i.h" 34 #include "wlan_crypto_param_handling_i.h" 35 #include "wlan_crypto_obj_mgr_i.h" 36 37 #include <qdf_module.h> 38 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 /** 43 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 44 * @vdev:vdev 45 * 46 * This function gets called by mlme to get crypto params 47 * 48 * Return: wlan_crypto_params or NULL in case of failure 49 */ 50 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 51 struct wlan_objmgr_vdev *vdev, 52 struct wlan_crypto_comp_priv **crypto_priv){ 53 *crypto_priv = (struct wlan_crypto_comp_priv *) 54 wlan_get_vdev_crypto_obj(vdev); 55 if (*crypto_priv == NULL) { 56 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 57 return NULL; 58 } 59 60 return &((*crypto_priv)->crypto_params); 61 } 62 63 /** 64 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 65 * @peer:peer 66 * 67 * This function gets called by mlme to get crypto params 68 * 69 * Return: wlan_crypto_params or NULL in case of failure 70 */ 71 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 72 struct wlan_objmgr_peer *peer, 73 struct wlan_crypto_comp_priv **crypto_priv){ 74 75 *crypto_priv = (struct wlan_crypto_comp_priv *) 76 wlan_get_peer_crypto_obj(peer); 77 if (*crypto_priv == NULL) { 78 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 79 return NULL; 80 } 81 82 return &((*crypto_priv)->crypto_params); 83 } 84 85 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 86 { 87 return QDF_STATUS_SUCCESS; 88 } 89 90 /** 91 * wlan_crypto_set_param - called by ucfg to set crypto param 92 * @crypto_params: crypto_params 93 * @param: param to be set. 94 * @value: value 95 * 96 * This function gets called from ucfg to set param 97 * 98 * Return: QDF_STATUS_SUCCESS - in case of success 99 */ 100 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 101 wlan_crypto_param_type param, 102 uint32_t value){ 103 QDF_STATUS status = QDF_STATUS_E_INVAL; 104 105 switch (param) { 106 case WLAN_CRYPTO_PARAM_AUTH_MODE: 107 status = wlan_crypto_set_authmode(crypto_params, value); 108 break; 109 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 110 status = wlan_crypto_set_ucastciphers(crypto_params, value); 111 break; 112 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 113 status = wlan_crypto_set_mcastcipher(crypto_params, value); 114 break; 115 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 116 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 117 break; 118 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 119 status = wlan_crypto_set_cipher_cap(crypto_params, value); 120 break; 121 case WLAN_CRYPTO_PARAM_RSN_CAP: 122 status = wlan_crypto_set_rsn_cap(crypto_params, value); 123 break; 124 case WLAN_CRYPTO_PARAM_KEY_MGMT: 125 status = wlan_crypto_set_key_mgmt(crypto_params, value); 126 break; 127 default: 128 status = QDF_STATUS_E_INVAL; 129 } 130 return status; 131 } 132 133 /** 134 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 135 * @vdev: vdev 136 * @param: param to be set. 137 * @value: value 138 * 139 * This function gets called from ucfg to set param 140 * 141 * Return: QDF_STATUS_SUCCESS - in case of success 142 */ 143 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 144 wlan_crypto_param_type param, 145 uint32_t value){ 146 QDF_STATUS status = QDF_STATUS_E_INVAL; 147 struct wlan_crypto_comp_priv *crypto_priv; 148 struct wlan_crypto_params *crypto_params; 149 150 crypto_priv = (struct wlan_crypto_comp_priv *) 151 wlan_get_vdev_crypto_obj(vdev); 152 153 if (crypto_priv == NULL) { 154 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 155 return QDF_STATUS_E_INVAL; 156 } 157 158 crypto_params = &(crypto_priv->crypto_params); 159 160 status = wlan_crypto_set_param(crypto_params, param, value); 161 162 return status; 163 } 164 165 /** 166 * wlan_crypto_set_param - called by ucfg to set crypto param 167 * 168 * @peer: peer 169 * @param: param to be set. 170 * @value: value 171 * 172 * This function gets called from ucfg to set param 173 * 174 * Return: QDF_STATUS_SUCCESS - in case of success 175 */ 176 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 177 wlan_crypto_param_type param, 178 uint32_t value){ 179 QDF_STATUS status = QDF_STATUS_E_INVAL; 180 struct wlan_crypto_comp_priv *crypto_priv; 181 struct wlan_crypto_params *crypto_params; 182 183 crypto_params = wlan_crypto_peer_get_comp_params(peer, 184 &crypto_priv); 185 186 if (crypto_priv == NULL) { 187 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 188 return QDF_STATUS_E_INVAL; 189 } 190 191 crypto_params = &(crypto_priv->crypto_params); 192 193 status = wlan_crypto_set_param(crypto_params, param, value); 194 195 return status; 196 } 197 198 /** 199 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 200 * @param: Crypto param type 201 * @crypto_params: Crypto params struct 202 * 203 * This function gets called from in-within crypto layer 204 * 205 * Return: value or -1 for failure 206 */ 207 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 208 struct wlan_crypto_params *crypto_params) 209 { 210 int32_t value = -1; 211 212 switch (param) { 213 case WLAN_CRYPTO_PARAM_AUTH_MODE: 214 value = wlan_crypto_get_authmode(crypto_params); 215 break; 216 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 217 value = wlan_crypto_get_ucastciphers(crypto_params); 218 break; 219 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 220 value = wlan_crypto_get_mcastcipher(crypto_params); 221 break; 222 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 223 value = wlan_crypto_get_mgmtciphers(crypto_params); 224 break; 225 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 226 value = wlan_crypto_get_cipher_cap(crypto_params); 227 break; 228 case WLAN_CRYPTO_PARAM_RSN_CAP: 229 value = wlan_crypto_get_rsn_cap(crypto_params); 230 break; 231 case WLAN_CRYPTO_PARAM_KEY_MGMT: 232 value = wlan_crypto_get_key_mgmt(crypto_params); 233 break; 234 default: 235 value = QDF_STATUS_E_INVAL; 236 } 237 238 return value; 239 } 240 241 /** 242 * wlan_crypto_get_param - called to get value for param from vdev 243 * @vdev: vdev 244 * @param: Crypto param type 245 * 246 * This function gets called to get value for param from vdev 247 * 248 * Return: value or -1 for failure 249 */ 250 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 251 wlan_crypto_param_type param) 252 { 253 int32_t value = -1; 254 struct wlan_crypto_comp_priv *crypto_priv; 255 struct wlan_crypto_params *crypto_params; 256 crypto_priv = (struct wlan_crypto_comp_priv *) 257 wlan_get_vdev_crypto_obj(vdev); 258 259 if (crypto_priv == NULL) { 260 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 261 return QDF_STATUS_E_INVAL; 262 } 263 264 crypto_params = &(crypto_priv->crypto_params); 265 value = wlan_crypto_get_param_value(param, crypto_params); 266 267 return value; 268 } 269 270 /** 271 * wlan_crypto_get_peer_param - called to get value for param from peer 272 * @peer: peer 273 * @param: Crypto param type 274 * 275 * This function gets called to get value for param from peer 276 * 277 * Return: value or -1 for failure 278 */ 279 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 280 wlan_crypto_param_type param) 281 { 282 int32_t value = -1; 283 struct wlan_crypto_comp_priv *crypto_priv; 284 struct wlan_crypto_params *crypto_params; 285 286 crypto_params = wlan_crypto_peer_get_comp_params(peer, 287 &crypto_priv); 288 289 if (crypto_params == NULL) { 290 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 291 return QDF_STATUS_E_INVAL; 292 } 293 value = wlan_crypto_get_param_value(param, crypto_params); 294 295 return value; 296 } 297 298 /** 299 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 300 * @vdev: vdev 301 * @peer: peer 302 * 303 * This function gets called to check is HT allowed for cipher. 304 * HT is not allowed for wep and tkip. 305 * 306 * Return: 0 - not allowed or 1 - allowed 307 */ 308 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 309 struct wlan_objmgr_peer *peer) 310 { 311 int32_t ucast_cipher; 312 313 if (!(vdev || peer)) { 314 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 315 return 0; 316 } 317 318 if (vdev) 319 ucast_cipher = wlan_crypto_get_param(vdev, 320 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 321 else 322 ucast_cipher = wlan_crypto_get_peer_param(peer, 323 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 324 325 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 326 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 327 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 328 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 329 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 330 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 331 } 332 qdf_export_symbol(wlan_crypto_is_htallowed); 333 334 /** 335 * wlan_crypto_setkey - called by ucfg to setkey 336 * @vdev: vdev 337 * @req_key: req_key with cipher type, key macaddress 338 * 339 * This function gets called from ucfg to sey key 340 * 341 * Return: QDF_STATUS_SUCCESS - in case of success 342 */ 343 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 344 struct wlan_crypto_req_key *req_key){ 345 346 QDF_STATUS status = QDF_STATUS_E_INVAL; 347 struct wlan_crypto_comp_priv *crypto_priv; 348 struct wlan_crypto_params *crypto_params; 349 struct wlan_objmgr_psoc *psoc; 350 struct wlan_objmgr_peer *peer; 351 struct wlan_crypto_key *key = NULL; 352 const struct wlan_crypto_cipher *cipher; 353 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 354 bool isbcast; 355 enum QDF_OPMODE vdev_mode; 356 uint8_t igtk_idx = 0; 357 358 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 359 qdf_print("%s[%d] Invalid params vdev%pK, req_key%pK\n", 360 __func__, __LINE__, vdev, req_key); 361 return QDF_STATUS_E_INVAL; 362 } 363 364 isbcast = qdf_is_macaddr_broadcast( 365 (struct qdf_mac_addr *)req_key->macaddr); 366 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 367 /* zero length keys, only set default key id if flags are set*/ 368 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 369 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 370 && (!IS_MGMT_CIPHER(req_key->type))) { 371 wlan_crypto_default_key(vdev, 372 req_key->macaddr, 373 req_key->keyix, 374 !isbcast); 375 return QDF_STATUS_SUCCESS; 376 } 377 qdf_print("%s[%d] req_key len zero\n", __func__, __LINE__); 378 return QDF_STATUS_E_INVAL; 379 } 380 381 cipher = wlan_crypto_cipher_ops[req_key->type]; 382 383 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 384 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 385 return QDF_STATUS_E_INVAL; 386 } 387 388 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 389 (!IS_MGMT_CIPHER(req_key->type)) && 390 ((req_key->keylen != (cipher->keylen / NBBY)) && 391 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 392 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 393 return QDF_STATUS_E_INVAL; 394 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 395 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 396 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 397 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 398 qdf_print("%s[%d] wep key len invalid\n", __func__, __LINE__); 399 return QDF_STATUS_E_INVAL; 400 } 401 402 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 403 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 404 | WLAN_CRYPTO_KEY_RECV)) { 405 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 406 | WLAN_CRYPTO_KEY_RECV); 407 } 408 } else { 409 if ((req_key->keyix > WLAN_CRYPTO_MAXKEYIDX) 410 && (!IS_MGMT_CIPHER(req_key->type))) { 411 return QDF_STATUS_E_INVAL; 412 } 413 414 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 415 | WLAN_CRYPTO_KEY_RECV); 416 if (isbcast) 417 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 418 } 419 420 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 421 422 wlan_vdev_obj_lock(vdev); 423 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 424 psoc = wlan_vdev_get_psoc(vdev); 425 if (!psoc) { 426 wlan_vdev_obj_unlock(vdev); 427 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 428 return QDF_STATUS_E_INVAL; 429 } 430 wlan_vdev_obj_unlock(vdev); 431 432 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 433 if (wlan_crypto_vdev_has_auth_mode(vdev, 434 (1 << WLAN_CRYPTO_AUTH_8021X))) { 435 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 436 } 437 } 438 439 if (isbcast) { 440 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 441 &crypto_priv); 442 if (crypto_priv == NULL) { 443 qdf_print("%s[%d] crypto_priv NULL\n", 444 __func__, __LINE__); 445 return QDF_STATUS_E_INVAL; 446 } 447 448 if (IS_MGMT_CIPHER(req_key->type)) { 449 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 450 if (igtk_idx > WLAN_CRYPTO_MAXIGTKKEYIDX) { 451 qdf_print("%s[%d] igtk key invalid keyid %d \n", 452 __func__, __LINE__, igtk_idx); 453 return QDF_STATUS_E_INVAL; 454 } 455 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 456 if (key == NULL) { 457 qdf_print("%s[%d] igtk key alloc failed\n", 458 __func__, __LINE__); 459 return QDF_STATUS_E_NOMEM; 460 } 461 462 if (crypto_priv->igtk_key[igtk_idx]) 463 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 464 465 crypto_priv->igtk_key[igtk_idx] = key; 466 crypto_priv->igtk_key_type = req_key->type; 467 crypto_priv->def_igtk_tx_keyid = igtk_idx; 468 } else { 469 if (IS_FILS_CIPHER(req_key->type)) { 470 qdf_print(FL( 471 "FILS key is not for BroadCast packet\n")); 472 return QDF_STATUS_E_INVAL; 473 } 474 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 475 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 476 return QDF_STATUS_E_INVAL; 477 } 478 if (!crypto_priv->key[req_key->keyix]) { 479 crypto_priv->key[req_key->keyix] 480 = qdf_mem_malloc( 481 sizeof(struct wlan_crypto_key)); 482 if (!crypto_priv->key[req_key->keyix]) 483 return QDF_STATUS_E_NOMEM; 484 } 485 key = crypto_priv->key[req_key->keyix]; 486 } 487 if (vdev_mode == QDF_STA_MODE) { 488 peer = wlan_vdev_get_bsspeer(vdev); 489 if (!(peer && (QDF_STATUS_SUCCESS 490 == wlan_objmgr_peer_try_get_ref(peer, 491 WLAN_CRYPTO_ID)))) { 492 qdf_print("%s[%d] peer %pK failed\n", 493 __func__, __LINE__, peer); 494 if (IS_MGMT_CIPHER(req_key->type)) { 495 crypto_priv->igtk_key[igtk_idx] = NULL; 496 crypto_priv->igtk_key_type 497 = WLAN_CRYPTO_CIPHER_NONE; 498 } else 499 crypto_priv->key[req_key->keyix] = NULL; 500 if (key) 501 qdf_mem_free(key); 502 return QDF_STATUS_E_INVAL; 503 } 504 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 505 WLAN_ALEN); 506 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 507 } 508 } else { 509 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 510 psoc, 511 req_key->macaddr, 512 macaddr, 513 WLAN_CRYPTO_ID); 514 515 if (peer == NULL) { 516 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 517 return QDF_STATUS_E_INVAL; 518 } 519 520 qdf_mem_copy(macaddr, req_key->macaddr, WLAN_ALEN); 521 crypto_params = wlan_crypto_peer_get_comp_params(peer, 522 &crypto_priv); 523 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 524 525 if (crypto_priv == NULL) { 526 qdf_print("%s[%d] crypto_priv NULL\n", 527 __func__, __LINE__); 528 return QDF_STATUS_E_INVAL; 529 } 530 if (IS_MGMT_CIPHER(req_key->type)) { 531 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 532 if (igtk_idx > WLAN_CRYPTO_MAXIGTKKEYIDX) { 533 qdf_print("%s[%d] igtk key invalid keyid %d \n", 534 __func__, __LINE__, igtk_idx); 535 return QDF_STATUS_E_INVAL; 536 } 537 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 538 if (key == NULL) { 539 qdf_print("%s[%d] igtk key alloc failed\n", 540 __func__, __LINE__); 541 return QDF_STATUS_E_NOMEM; 542 } 543 if (crypto_priv->igtk_key[igtk_idx]) 544 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 545 546 crypto_priv->igtk_key[igtk_idx] = key; 547 crypto_priv->igtk_key_type = req_key->type; 548 crypto_priv->def_igtk_tx_keyid = igtk_idx; 549 } else { 550 uint16_t kid = req_key->keyix; 551 if (kid == WLAN_CRYPTO_KEYIX_NONE) 552 kid = 0; 553 if (!crypto_priv->key[kid]) { 554 crypto_priv->key[kid] 555 = qdf_mem_malloc( 556 sizeof(struct wlan_crypto_key)); 557 if (!crypto_priv->key[kid]) 558 return QDF_STATUS_E_NOMEM; 559 } 560 key = crypto_priv->key[kid]; 561 } 562 } 563 564 /* alloc key might not required as it is already there */ 565 key->cipher_table = (void *)cipher; 566 key->keylen = req_key->keylen; 567 key->flags = req_key->flags; 568 569 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 570 key->keyix = 0; 571 else 572 key->keyix = req_key->keyix; 573 574 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 575 && (!IS_MGMT_CIPHER(req_key->type))) { 576 crypto_priv->def_tx_keyid = key->keyix; 577 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 578 } 579 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 580 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 581 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 582 0x5c, 0x36, 0x5c, 0x36, 583 0x5c, 0x36, 0x5c, 0x36, 584 0x5c, 0x36, 0x5c, 0x37}; 585 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 586 0x5c, 0x36, 0x5c, 0x36, 587 0x5c, 0x36, 0x5c, 0x36, 588 0x5c, 0x36, 0x5c, 0x36}; 589 590 /* During Tx PN should be increment and 591 * send but as per our implementation we increment only after 592 * Tx complete. So First packet PN check will be failed. 593 * To compensate increment the PN here by 2 594 */ 595 if (vdev_mode == QDF_SAP_MODE) { 596 iv_AP[15] += 2; 597 qdf_mem_copy(key->recviv, iv_STA, 598 WLAN_CRYPTO_WAPI_IV_SIZE); 599 qdf_mem_copy(key->txiv, iv_AP, 600 WLAN_CRYPTO_WAPI_IV_SIZE); 601 } else { 602 iv_STA[15] += 2; 603 qdf_mem_copy(key->recviv, iv_AP, 604 WLAN_CRYPTO_WAPI_IV_SIZE); 605 qdf_mem_copy(key->txiv, iv_STA, 606 WLAN_CRYPTO_WAPI_IV_SIZE); 607 } 608 } else { 609 uint8_t i = 0; 610 qdf_mem_copy((uint8_t *)(&key->keytsc), 611 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 612 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 613 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 614 (uint8_t *)(&req_key->keyrsc), 615 sizeof(key->keyrsc[0])); 616 } 617 } 618 619 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 620 key->valid = 1; 621 if ((IS_MGMT_CIPHER(req_key->type))) { 622 if (HAS_CIPHER_CAP(crypto_params, 623 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 624 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 625 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 626 key, macaddr, req_key->type); 627 } 628 } 629 status = wlan_crypto_set_igtk_key(key); 630 return status; 631 } else if (IS_FILS_CIPHER(req_key->type)) { 632 /* Take request key object to FILS setkey */ 633 key->private = req_key; 634 } else { 635 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 636 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 637 macaddr, req_key->type); 638 } 639 } 640 status = cipher->setkey(key); 641 642 return status; 643 } 644 645 /** 646 * wlan_crypto_getkey - called by ucfg to get key 647 * @vdev: vdev 648 * @req_key: key value will be copied in this req_key 649 * @mac_address: mac address of the peer for unicast key 650 * or broadcast address if group key is requested. 651 * 652 * This function gets called from ucfg to get key 653 * 654 * Return: QDF_STATUS_SUCCESS - in case of success 655 */ 656 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 657 struct wlan_crypto_req_key *req_key, 658 uint8_t *mac_addr){ 659 struct wlan_crypto_comp_priv *crypto_priv; 660 struct wlan_crypto_params *crypto_params; 661 struct wlan_crypto_cipher *cipher_table; 662 struct wlan_crypto_key *key; 663 struct wlan_objmgr_psoc *psoc; 664 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 665 666 if ((req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 667 (req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX)) { 668 qdf_print("%s[%d] invalid keyix %d\n", __func__, __LINE__, 669 req_key->keyix); 670 return QDF_STATUS_E_INVAL; 671 } 672 673 wlan_vdev_obj_lock(vdev); 674 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 675 psoc = wlan_vdev_get_psoc(vdev); 676 if (!psoc) { 677 wlan_vdev_obj_unlock(vdev); 678 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 679 return QDF_STATUS_E_INVAL; 680 } 681 wlan_vdev_obj_unlock(vdev); 682 683 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 684 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 685 &crypto_priv); 686 if (crypto_priv == NULL) { 687 qdf_print("%s[%d] crypto_priv NULL\n", 688 __func__, __LINE__); 689 return QDF_STATUS_E_INVAL; 690 } 691 692 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 693 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 694 else 695 key = crypto_priv->key[req_key->keyix]; 696 if (!key) 697 return QDF_STATUS_E_INVAL; 698 } else { 699 struct wlan_objmgr_peer *peer; 700 701 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 702 psoc, 703 mac_addr, 704 macaddr, 705 WLAN_CRYPTO_ID); 706 if (peer == NULL) { 707 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 708 "%s[%d] peer NULL\n", __func__, __LINE__); 709 return QDF_STATUS_E_NOENT; 710 } 711 crypto_params = wlan_crypto_peer_get_comp_params(peer, 712 &crypto_priv); 713 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 714 if (crypto_priv == NULL) { 715 qdf_print("%s[%d] crypto_priv NULL\n", 716 __func__, __LINE__); 717 return QDF_STATUS_E_INVAL; 718 } 719 720 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 721 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 722 else 723 key = crypto_priv->key[req_key->keyix]; 724 if (!key) 725 return QDF_STATUS_E_INVAL; 726 } 727 728 if (key->valid) { 729 qdf_mem_copy(req_key->keydata, 730 key->keyval, key->keylen); 731 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 732 (uint8_t *)(&key->keytsc), 733 sizeof(req_key->keytsc)); 734 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 735 (uint8_t *)(&key->keyrsc[0]), 736 sizeof(req_key->keyrsc)); 737 req_key->keylen = key->keylen; 738 req_key->flags = key->flags; 739 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 740 741 if (!cipher_table) 742 return QDF_STATUS_SUCCESS; 743 744 req_key->type = cipher_table->cipher; 745 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 746 qdf_mem_copy((uint8_t *)(&req_key->txiv), 747 (uint8_t *)(key->txiv), 748 sizeof(req_key->txiv)); 749 qdf_mem_copy((uint8_t *)(&req_key->recviv), 750 (uint8_t *)(key->recviv), 751 sizeof(req_key->recviv)); 752 } 753 } 754 755 return QDF_STATUS_SUCCESS; 756 } 757 758 /** 759 * wlan_crypto_delkey - called by ucfg to delete key 760 * @vdev: vdev 761 * @mac_address: mac address of the peer for unicast key 762 * or broadcast address if group key is deleted. 763 * @key_idx: key index to be deleted 764 * 765 * This function gets called from ucfg to delete key 766 * 767 * Return: QDF_STATUS_SUCCESS - in case of success 768 */ 769 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 770 uint8_t *macaddr, 771 uint8_t key_idx){ 772 struct wlan_crypto_comp_priv *crypto_priv; 773 struct wlan_crypto_params *crypto_params; 774 struct wlan_crypto_key *key; 775 struct wlan_crypto_cipher *cipher_table; 776 struct wlan_objmgr_psoc *psoc; 777 uint8_t bssid_mac[WLAN_ALEN]; 778 779 if (!vdev || !macaddr || 780 (key_idx > 781 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 782 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 783 "%s[%d] Invalid params vdev %pK, macaddr %pK" 784 "keyidx %d\n", __func__, __LINE__, vdev, 785 macaddr, key_idx); 786 return QDF_STATUS_E_INVAL; 787 } 788 789 wlan_vdev_obj_lock(vdev); 790 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 791 psoc = wlan_vdev_get_psoc(vdev); 792 if (!psoc) { 793 wlan_vdev_obj_unlock(vdev); 794 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 795 return QDF_STATUS_E_INVAL; 796 } 797 wlan_vdev_obj_unlock(vdev); 798 799 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 800 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 801 &crypto_priv); 802 if (crypto_priv == NULL) { 803 qdf_print("%s[%d] crypto_priv NULL\n", 804 __func__, __LINE__); 805 return QDF_STATUS_E_INVAL; 806 } 807 } else { 808 struct wlan_objmgr_peer *peer; 809 810 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 811 psoc, macaddr, 812 bssid_mac, 813 WLAN_CRYPTO_ID); 814 if (peer == NULL) { 815 return QDF_STATUS_E_INVAL; 816 } 817 crypto_params = wlan_crypto_peer_get_comp_params(peer, 818 &crypto_priv); 819 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 820 if (crypto_priv == NULL) { 821 qdf_print("%s[%d] crypto_priv NULL\n", 822 __func__, __LINE__); 823 return QDF_STATUS_E_INVAL; 824 } 825 } 826 827 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 828 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 829 key = crypto_priv->igtk_key[igtk_idx]; 830 crypto_priv->igtk_key[igtk_idx] = NULL; 831 if (key) 832 key->valid = 0; 833 } else { 834 key = crypto_priv->key[key_idx]; 835 crypto_priv->key[key_idx] = NULL; 836 } 837 838 if (!key) 839 return QDF_STATUS_E_INVAL; 840 841 if (key->valid) { 842 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 843 844 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 845 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 846 macaddr, cipher_table->cipher); 847 } 848 } 849 qdf_mem_free(key); 850 851 return QDF_STATUS_SUCCESS; 852 } 853 854 /** 855 * wlan_crypto_default_key - called by ucfg to set default tx key 856 * @vdev: vdev 857 * @mac_address: mac address of the peer for unicast key 858 * or broadcast address if group key need to made default. 859 * @key_idx: key index to be made as default key 860 * @unicast: is key was unicast or group key. 861 * 862 * This function gets called from ucfg to set default key 863 * 864 * Return: QDF_STATUS_SUCCESS - in case of success 865 */ 866 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 867 uint8_t *macaddr, 868 uint8_t key_idx, 869 bool unicast){ 870 struct wlan_crypto_comp_priv *crypto_priv; 871 struct wlan_crypto_params *crypto_params; 872 struct wlan_crypto_key *key; 873 struct wlan_objmgr_psoc *psoc; 874 uint8_t bssid_mac[WLAN_ALEN]; 875 876 wlan_vdev_obj_lock(vdev); 877 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 878 psoc = wlan_vdev_get_psoc(vdev); 879 if (!psoc) { 880 wlan_vdev_obj_unlock(vdev); 881 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 882 return QDF_STATUS_E_INVAL; 883 } 884 wlan_vdev_obj_unlock(vdev); 885 886 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 887 qdf_print("%s[%d] Invalid params vdev %pK, macaddr %pK" 888 "keyidx %d\n", __func__, __LINE__, 889 vdev, macaddr, key_idx); 890 return QDF_STATUS_E_INVAL; 891 } 892 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 893 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 894 &crypto_priv); 895 if (crypto_priv == NULL) { 896 qdf_print("%s[%d] crypto_priv NULL\n", 897 __func__, __LINE__); 898 return QDF_STATUS_E_INVAL; 899 } 900 901 key = crypto_priv->key[key_idx]; 902 if (!key) 903 return QDF_STATUS_E_INVAL; 904 } else { 905 struct wlan_objmgr_peer *peer; 906 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 907 psoc, macaddr, 908 bssid_mac, 909 WLAN_CRYPTO_ID); 910 911 if (peer == NULL) { 912 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 913 return QDF_STATUS_E_INVAL; 914 } 915 crypto_params = wlan_crypto_peer_get_comp_params(peer, 916 &crypto_priv); 917 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 918 if (crypto_priv == NULL) { 919 qdf_print("%s[%d] crypto_priv NULL\n", 920 __func__, __LINE__); 921 return QDF_STATUS_E_INVAL; 922 } 923 924 key = crypto_priv->key[key_idx]; 925 if (!key) 926 return QDF_STATUS_E_INVAL; 927 } 928 if (!key->valid) 929 return QDF_STATUS_E_INVAL; 930 931 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 932 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 933 macaddr); 934 } 935 crypto_priv->def_tx_keyid = key_idx; 936 937 return QDF_STATUS_SUCCESS; 938 } 939 940 /** 941 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 942 * @vdev: vdev 943 * @wbuf: wbuf 944 * @macaddr: macaddr 945 * @encapdone: is encapdone already or not. 946 * 947 * This function gets called from mgmt txrx to encap frame. 948 * 949 * Return: QDF_STATUS_SUCCESS - in case of success 950 */ 951 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 952 qdf_nbuf_t wbuf, 953 uint8_t *mac_addr, 954 uint8_t encapdone){ 955 struct wlan_crypto_comp_priv *crypto_priv; 956 struct wlan_crypto_params *crypto_params; 957 struct wlan_crypto_key *key; 958 QDF_STATUS status; 959 struct wlan_crypto_cipher *cipher_table; 960 struct wlan_objmgr_psoc *psoc; 961 struct wlan_objmgr_peer *peer; 962 uint8_t bssid_mac[WLAN_ALEN]; 963 964 wlan_vdev_obj_lock(vdev); 965 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 966 psoc = wlan_vdev_get_psoc(vdev); 967 if (!psoc) { 968 wlan_vdev_obj_unlock(vdev); 969 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 970 return QDF_STATUS_E_INVAL; 971 } 972 wlan_vdev_obj_unlock(vdev); 973 974 /* FILS Encap required only for (Re-)Assoc response */ 975 peer = wlan_objmgr_get_peer(psoc, mac_addr, WLAN_CRYPTO_ID); 976 977 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 978 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 979 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 980 return QDF_STATUS_E_INVAL; 981 } 982 983 if (peer) 984 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 985 986 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 987 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 988 &crypto_priv); 989 if (crypto_priv == NULL) { 990 qdf_print("%s[%d] crypto_priv NULL\n", 991 __func__, __LINE__); 992 return QDF_STATUS_E_INVAL; 993 } 994 995 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 996 if (!key) 997 return QDF_STATUS_E_INVAL; 998 999 } else { 1000 struct wlan_objmgr_peer *peer; 1001 1002 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1003 psoc, mac_addr, bssid_mac, WLAN_CRYPTO_ID); 1004 1005 if (peer == NULL) { 1006 qdf_print("%s[%d] crypto_priv NULL\n", 1007 __func__, __LINE__); 1008 return QDF_STATUS_E_INVAL; 1009 } 1010 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1011 &crypto_priv); 1012 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1013 1014 if (crypto_priv == NULL) { 1015 qdf_print("%s[%d] crypto_priv NULL\n", 1016 __func__, __LINE__); 1017 return QDF_STATUS_E_INVAL; 1018 } 1019 1020 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1021 if (!key) 1022 return QDF_STATUS_E_INVAL; 1023 } 1024 /* if tkip, is counter measures enabled, then drop the frame */ 1025 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1026 status = cipher_table->encap(key, wbuf, encapdone, 1027 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1028 1029 return status; 1030 } 1031 EXPORT_SYMBOL(wlan_crypto_encap); 1032 1033 /** 1034 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1035 * @vdev: vdev 1036 * @wbuf: wbuf 1037 * @macaddr: macaddr 1038 * @tid: tid of the frame 1039 * 1040 * This function gets called from mgmt txrx to decap frame. 1041 * 1042 * Return: QDF_STATUS_SUCCESS - in case of success 1043 */ 1044 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1045 qdf_nbuf_t wbuf, 1046 uint8_t *mac_addr, 1047 uint8_t tid){ 1048 struct wlan_crypto_comp_priv *crypto_priv; 1049 struct wlan_crypto_params *crypto_params; 1050 struct wlan_crypto_key *key; 1051 QDF_STATUS status; 1052 struct wlan_crypto_cipher *cipher_table; 1053 struct wlan_objmgr_psoc *psoc; 1054 struct wlan_objmgr_peer *peer; 1055 uint8_t bssid_mac[WLAN_ALEN]; 1056 1057 wlan_vdev_obj_lock(vdev); 1058 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1059 psoc = wlan_vdev_get_psoc(vdev); 1060 if (!psoc) { 1061 wlan_vdev_obj_unlock(vdev); 1062 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1063 return QDF_STATUS_E_INVAL; 1064 } 1065 wlan_vdev_obj_unlock(vdev); 1066 1067 /* FILS Decap required only for (Re-)Assoc request */ 1068 peer = wlan_objmgr_get_peer(psoc, mac_addr, WLAN_CRYPTO_ID); 1069 1070 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1071 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1072 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1073 return QDF_STATUS_E_INVAL; 1074 } 1075 1076 if (peer) 1077 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1078 1079 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1080 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1081 &crypto_priv); 1082 if (crypto_priv == NULL) { 1083 qdf_print("%s[%d] crypto_priv NULL\n", 1084 __func__, __LINE__); 1085 return QDF_STATUS_E_INVAL; 1086 } 1087 1088 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1089 if (!key) 1090 return QDF_STATUS_E_INVAL; 1091 1092 } else { 1093 struct wlan_objmgr_peer *peer; 1094 1095 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1096 psoc, mac_addr, bssid_mac, 1097 WLAN_CRYPTO_ID); 1098 if (peer == NULL) { 1099 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1100 return QDF_STATUS_E_INVAL; 1101 } 1102 1103 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1104 &crypto_priv); 1105 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1106 1107 if (crypto_priv == NULL) { 1108 qdf_print("%s[%d] crypto_priv NULL\n", 1109 __func__, __LINE__); 1110 return QDF_STATUS_E_INVAL; 1111 } 1112 1113 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1114 if (!key) 1115 return QDF_STATUS_E_INVAL; 1116 } 1117 /* if tkip, is counter measures enabled, then drop the frame */ 1118 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1119 status = cipher_table->decap(key, wbuf, tid, 1120 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1121 1122 return status; 1123 } 1124 EXPORT_SYMBOL(wlan_crypto_decap); 1125 /** 1126 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1127 * @vdev: vdev 1128 * @wbuf: wbuf 1129 * @macaddr: macaddr 1130 * @encapdone: is encapdone already or not. 1131 * 1132 * This function gets called from mgmt txrx to adding mic to the frame. 1133 * 1134 * Return: QDF_STATUS_SUCCESS - in case of success 1135 */ 1136 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1137 qdf_nbuf_t wbuf, 1138 uint8_t *mac_addr, 1139 uint8_t encapdone){ 1140 struct wlan_crypto_comp_priv *crypto_priv; 1141 struct wlan_crypto_params *crypto_params; 1142 struct wlan_crypto_key *key; 1143 QDF_STATUS status; 1144 struct wlan_crypto_cipher *cipher_table; 1145 struct wlan_objmgr_psoc *psoc; 1146 uint8_t bssid_mac[WLAN_ALEN]; 1147 1148 wlan_vdev_obj_lock(vdev); 1149 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1150 psoc = wlan_vdev_get_psoc(vdev); 1151 if (!psoc) { 1152 wlan_vdev_obj_unlock(vdev); 1153 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1154 return QDF_STATUS_E_INVAL; 1155 } 1156 wlan_vdev_obj_unlock(vdev); 1157 1158 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1159 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1160 &crypto_priv); 1161 if (crypto_priv == NULL) { 1162 qdf_print("%s[%d] crypto_priv NULL\n", 1163 __func__, __LINE__); 1164 return QDF_STATUS_E_INVAL; 1165 } 1166 1167 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1168 if (!key) 1169 return QDF_STATUS_E_INVAL; 1170 1171 } else { 1172 struct wlan_objmgr_peer *peer; 1173 1174 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1175 psoc, mac_addr, bssid_mac, 1176 WLAN_CRYPTO_ID); 1177 if (peer == NULL) { 1178 qdf_print("%s[%d] crypto_priv NULL\n", 1179 __func__, __LINE__); 1180 return QDF_STATUS_E_INVAL; 1181 } 1182 1183 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1184 &crypto_priv); 1185 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1186 1187 if (crypto_priv == NULL) { 1188 qdf_print("%s[%d] crypto_priv NULL\n", 1189 __func__, __LINE__); 1190 return QDF_STATUS_E_INVAL; 1191 } 1192 1193 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1194 if (!key) 1195 return QDF_STATUS_E_INVAL; 1196 } 1197 /* if tkip, is counter measures enabled, then drop the frame */ 1198 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1199 status = cipher_table->enmic(key, wbuf, encapdone, 1200 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1201 1202 return status; 1203 } 1204 1205 /** 1206 * wlan_crypto_demic - called by mgmt for remove and check mic for 1207 * the frame based on cipher 1208 * @vdev: vdev 1209 * @wbuf: wbuf 1210 * @macaddr: macaddr 1211 * @tid: tid of the frame 1212 * 1213 * This function gets called from mgmt txrx to decap frame. 1214 * 1215 * Return: QDF_STATUS_SUCCESS - in case of success 1216 */ 1217 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1218 qdf_nbuf_t wbuf, 1219 uint8_t *mac_addr, 1220 uint8_t tid){ 1221 struct wlan_crypto_comp_priv *crypto_priv; 1222 struct wlan_crypto_params *crypto_params; 1223 struct wlan_crypto_key *key; 1224 QDF_STATUS status; 1225 struct wlan_crypto_cipher *cipher_table; 1226 struct wlan_objmgr_psoc *psoc; 1227 uint8_t bssid_mac[WLAN_ALEN]; 1228 1229 wlan_vdev_obj_lock(vdev); 1230 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1231 psoc = wlan_vdev_get_psoc(vdev); 1232 if (!psoc) { 1233 wlan_vdev_obj_unlock(vdev); 1234 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1235 return QDF_STATUS_E_INVAL; 1236 } 1237 wlan_vdev_obj_unlock(vdev); 1238 1239 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1240 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1241 &crypto_priv); 1242 if (crypto_priv == NULL) { 1243 qdf_print("%s[%d] crypto_priv NULL\n", 1244 __func__, __LINE__); 1245 return QDF_STATUS_E_INVAL; 1246 } 1247 1248 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1249 if (!key) 1250 return QDF_STATUS_E_INVAL; 1251 1252 } else { 1253 struct wlan_objmgr_peer *peer; 1254 1255 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1256 psoc, mac_addr, bssid_mac, 1257 WLAN_CRYPTO_ID); 1258 if (peer == NULL) { 1259 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1260 return QDF_STATUS_E_INVAL; 1261 } 1262 1263 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1264 &crypto_priv); 1265 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1266 1267 if (crypto_priv == NULL) { 1268 qdf_print("%s[%d] crypto_priv NULL\n", 1269 __func__, __LINE__); 1270 return QDF_STATUS_E_INVAL; 1271 } 1272 1273 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1274 if (!key) 1275 return QDF_STATUS_E_INVAL; 1276 } 1277 /* if tkip, is counter measures enabled, then drop the frame */ 1278 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1279 status = cipher_table->demic(key, wbuf, tid, 1280 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1281 1282 return status; 1283 } 1284 1285 /** 1286 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1287 * @vdev: vdev 1288 * 1289 * This function gets called to check is pmf enabled or not in vdev. 1290 * 1291 * Return: true or false 1292 */ 1293 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1294 { 1295 1296 struct wlan_crypto_comp_priv *crypto_priv; 1297 struct wlan_crypto_params *vdev_crypto_params; 1298 1299 if (!vdev) 1300 return false; 1301 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1302 &crypto_priv); 1303 if (crypto_priv == NULL) { 1304 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1305 return QDF_STATUS_E_INVAL; 1306 } 1307 1308 if ((vdev_crypto_params->rsn_caps & 1309 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1310 || (vdev_crypto_params->rsn_caps & 1311 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1312 return true; 1313 } 1314 1315 return false; 1316 } 1317 /** 1318 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1319 * @vdev: vdev 1320 * @peer: peer 1321 * 1322 * This function gets called by mgmt txrx to check is pmf enabled or not. 1323 * 1324 * Return: true or false 1325 */ 1326 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1327 struct wlan_objmgr_peer *peer){ 1328 1329 struct wlan_crypto_comp_priv *crypto_priv; 1330 struct wlan_crypto_params *vdev_crypto_params; 1331 struct wlan_crypto_params *peer_crypto_params; 1332 1333 if (!vdev || !peer) 1334 return false; 1335 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1336 &crypto_priv); 1337 if (crypto_priv == NULL) { 1338 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1339 return QDF_STATUS_E_INVAL; 1340 } 1341 1342 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1343 &crypto_priv); 1344 if (crypto_priv == NULL) { 1345 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1346 return QDF_STATUS_E_INVAL; 1347 } 1348 if (((vdev_crypto_params->rsn_caps & 1349 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1350 (peer_crypto_params->rsn_caps & 1351 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1352 || (vdev_crypto_params->rsn_caps & 1353 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1354 return true; 1355 } 1356 1357 return false; 1358 } 1359 1360 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1361 { 1362 a[0] = b[5]; 1363 a[1] = b[4]; 1364 a[2] = b[3]; 1365 a[3] = b[2]; 1366 a[4] = b[1]; 1367 a[5] = b[0]; 1368 } 1369 1370 /** 1371 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1372 * @vdev: vdev 1373 * @bfrm: frame starting pointer 1374 * @len: length of the frame 1375 * 1376 * This function gets called by mgmt txrx to add mmie in frame 1377 * 1378 * Return: end of frame or NULL in case failure 1379 */ 1380 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1381 uint8_t *bfrm, 1382 uint32_t len) { 1383 struct wlan_crypto_key *key; 1384 struct wlan_crypto_mmie *mmie; 1385 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1386 struct ieee80211_hdr *hdr; 1387 uint32_t i, hdrlen, mic_len, aad_len; 1388 uint8_t mic[16]; 1389 struct wlan_crypto_comp_priv *crypto_priv; 1390 struct wlan_crypto_params *crypto_params; 1391 int32_t ret; 1392 1393 if (!bfrm) { 1394 qdf_print("%s[%d] frame is NULL\n", __func__, __LINE__); 1395 return NULL; 1396 } 1397 1398 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1399 &crypto_priv); 1400 if (crypto_priv == NULL) { 1401 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1402 return NULL; 1403 } 1404 1405 if (crypto_priv->def_igtk_tx_keyid > WLAN_CRYPTO_MAXIGTKKEYIDX) { 1406 qdf_print("%s[%d] igtk key invalid keyid %d \n", 1407 __func__, __LINE__, crypto_priv->def_igtk_tx_keyid); 1408 return NULL; 1409 } 1410 1411 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1412 if (!key) { 1413 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1414 return NULL; 1415 } 1416 mic_len = (crypto_priv->igtk_key_type 1417 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1418 1419 efrm = bfrm + len; 1420 aad_len = 20; 1421 hdrlen = sizeof(struct ieee80211_hdr); 1422 len += sizeof(struct wlan_crypto_mmie); 1423 1424 mmie = (struct wlan_crypto_mmie *) efrm; 1425 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1426 mmie->element_id = WLAN_ELEMID_MMIE; 1427 mmie->length = sizeof(*mmie) - 2; 1428 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1429 1430 mic_len = (crypto_priv->igtk_key_type 1431 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1432 if (mic_len == 8) { 1433 mmie->length -= 8; 1434 len -= 8; 1435 } 1436 /* PN = PN + 1 */ 1437 pn = (uint8_t *)&key->keytsc; 1438 1439 for (i = 0; i <= 5; i++) { 1440 pn[i]++; 1441 if (pn[i]) 1442 break; 1443 } 1444 1445 /* Copy IPN */ 1446 qdf_mem_copy(mmie->sequence_number, pn, 6); 1447 1448 hdr = (struct ieee80211_hdr *) bfrm; 1449 1450 buf = qdf_mem_malloc(len - hdrlen + 20); 1451 if (!buf) { 1452 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1453 return NULL; 1454 } 1455 qdf_mem_zero(buf, len - hdrlen + 20); 1456 aad = buf; 1457 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1458 1459 /* FC type/subtype */ 1460 aad[0] = hdr->frame_control & 0xff; 1461 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1462 aad[1] = (hdr->frame_control & ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT 1463 | WLAN_FC_MOREDATA)) >> 8; 1464 /* A1 || A2 || A3 */ 1465 qdf_mem_copy(aad + 2, hdr->addr1, WLAN_ALEN); 1466 qdf_mem_copy(aad + 8, hdr->addr2, WLAN_ALEN); 1467 qdf_mem_copy(aad + 14, hdr->addr3, WLAN_ALEN); 1468 qdf_mem_zero(mic, 16); 1469 1470 /* 1471 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1472 */ 1473 1474 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1475 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1476 1477 ret = omac1_aes_128(key->keyval, buf, 1478 len + aad_len - hdrlen, mic); 1479 qdf_mem_copy(mmie->mic, mic, 8); 1480 1481 } else if (crypto_priv->igtk_key_type 1482 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1483 1484 ret = omac1_aes_256(key->keyval, buf, 1485 len + aad_len - hdrlen, mmie->mic); 1486 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1487 || (crypto_priv->igtk_key_type 1488 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1489 1490 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1491 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1492 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1493 sizeof(nounce), buf, 1494 len + aad_len - hdrlen, mmie->mic); 1495 } 1496 qdf_mem_free(buf); 1497 if (ret < 0) { 1498 qdf_print("%s[%d] add mmie failed\n", __func__, __LINE__); 1499 return NULL; 1500 } 1501 1502 return bfrm + len; 1503 } 1504 1505 /** 1506 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1507 * @vdev: vdev 1508 * @frm: frame starting pointer 1509 * @efrm: end of frame pointer 1510 * 1511 * This function gets called by mgmt txrx to check mmie of the frame 1512 * 1513 * Return: true or false 1514 */ 1515 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1516 uint8_t *frm, 1517 uint8_t *efrm){ 1518 struct wlan_crypto_mmie *mmie = NULL; 1519 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1520 struct wlan_crypto_key *key; 1521 struct ieee80211_hdr *hdr; 1522 uint16_t mic_len, hdrlen, len; 1523 struct wlan_crypto_comp_priv *crypto_priv; 1524 struct wlan_crypto_params *crypto_params; 1525 uint8_t aad_len = 20; 1526 int32_t ret; 1527 1528 /* check if frame is illegal length */ 1529 if (!frm || !efrm || (efrm < frm) 1530 || ((efrm - frm) < sizeof(struct ieee80211_hdr))) { 1531 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 1532 return false; 1533 } 1534 len = efrm - frm; 1535 crypto_priv = (struct wlan_crypto_comp_priv *) 1536 wlan_get_vdev_crypto_obj(vdev); 1537 if (crypto_priv == NULL) { 1538 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1539 return false; 1540 } 1541 1542 crypto_params = &(crypto_priv->crypto_params); 1543 1544 1545 mic_len = (crypto_priv->igtk_key_type 1546 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1547 hdrlen = sizeof(struct ieee80211_hdr); 1548 1549 if (mic_len == 8) 1550 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1551 else 1552 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1553 1554 1555 /* check Elem ID*/ 1556 if ((mmie == NULL) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1557 qdf_print("%s[%d] IE is not MMIE\n", __func__, __LINE__); 1558 return false; 1559 } 1560 1561 if (mmie->key_id > (WLAN_CRYPTO_MAXKEYIDX + 1562 WLAN_CRYPTO_MAXIGTKKEYIDX)) { 1563 qdf_print("%s[%d] keyid not valid\n", __func__, __LINE__); 1564 return false; 1565 } 1566 1567 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1568 if (!key) { 1569 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1570 return false; 1571 } 1572 1573 /* validate ipn */ 1574 ipn = mmie->sequence_number; 1575 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1576 qdf_print("%s[%d] replay error\n", __func__, __LINE__); 1577 return false; 1578 } 1579 1580 buf = qdf_mem_malloc(len - hdrlen + 20); 1581 if (!buf) { 1582 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1583 return false; 1584 } 1585 aad = buf; 1586 1587 /* construct AAD */ 1588 hdr = (struct ieee80211_hdr *)frm; 1589 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1590 1591 /* FC type/subtype */ 1592 aad[0] = hdr->frame_control & 0xff; 1593 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1594 aad[1] = (hdr->frame_control & ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT 1595 | WLAN_FC_MOREDATA)) >> 8; 1596 /* A1 || A2 || A3 */ 1597 qdf_mem_copy(aad + 2, hdr->addr1, 3 * WLAN_ALEN); 1598 1599 /* 1600 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1601 */ 1602 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1603 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1604 qdf_mem_zero(mic, 16); 1605 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1606 ret = omac1_aes_128(key->keyval, buf, 1607 len - hdrlen + aad_len, mic); 1608 } else if (crypto_priv->igtk_key_type 1609 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1610 ret = omac1_aes_256(key->keyval, buf, 1611 len + aad_len - hdrlen, mic); 1612 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1613 || (crypto_priv->igtk_key_type 1614 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1615 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1616 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 1617 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1618 sizeof(nounce), buf, 1619 len + aad_len - hdrlen, mic); 1620 } 1621 1622 qdf_mem_free(buf); 1623 1624 if (ret < 0) { 1625 qdf_print("%s[%d] genarate mmie failed\n", __func__, __LINE__); 1626 return false; 1627 } 1628 1629 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 1630 qdf_print("%s[%d] mmie mismatch\n", __func__, __LINE__); 1631 /* MMIE MIC mismatch */ 1632 return false; 1633 } 1634 1635 /* Update the receive sequence number */ 1636 qdf_mem_copy(key->keyrsc, ipn, 6); 1637 qdf_print("%s[%d] mmie matched\n", __func__, __LINE__); 1638 1639 return true; 1640 } 1641 1642 1643 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 1644 { 1645 int32_t status = -1; 1646 1647 switch (cipher) { 1648 case WLAN_CRYPTO_CIPHER_TKIP: 1649 return WPA_CIPHER_SUITE_TKIP; 1650 case WLAN_CRYPTO_CIPHER_AES_CCM: 1651 return WPA_CIPHER_SUITE_CCMP; 1652 case WLAN_CRYPTO_CIPHER_NONE: 1653 return WPA_CIPHER_SUITE_NONE; 1654 } 1655 1656 return status; 1657 } 1658 1659 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 1660 { 1661 int32_t status = -1; 1662 1663 switch (cipher) { 1664 case WLAN_CRYPTO_CIPHER_TKIP: 1665 return RSN_CIPHER_SUITE_TKIP; 1666 case WLAN_CRYPTO_CIPHER_AES_CCM: 1667 return RSN_CIPHER_SUITE_CCMP; 1668 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 1669 return RSN_CIPHER_SUITE_CCMP_256; 1670 case WLAN_CRYPTO_CIPHER_AES_GCM: 1671 return RSN_CIPHER_SUITE_GCMP; 1672 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 1673 return RSN_CIPHER_SUITE_GCMP_256; 1674 case WLAN_CRYPTO_CIPHER_AES_CMAC: 1675 return RSN_CIPHER_SUITE_AES_CMAC; 1676 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 1677 return RSN_CIPHER_SUITE_BIP_CMAC_256; 1678 case WLAN_CRYPTO_CIPHER_AES_GMAC: 1679 return RSN_CIPHER_SUITE_BIP_GMAC_128; 1680 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 1681 return RSN_CIPHER_SUITE_BIP_GMAC_256; 1682 case WLAN_CRYPTO_CIPHER_NONE: 1683 return RSN_CIPHER_SUITE_NONE; 1684 } 1685 1686 return status; 1687 } 1688 1689 /* 1690 * Convert an RSN key management/authentication algorithm 1691 * to an internal code. 1692 */ 1693 static int32_t 1694 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 1695 { 1696 int32_t status = -1; 1697 1698 switch (keymgmt) { 1699 case WLAN_CRYPTO_KEY_MGMT_NONE: 1700 return RSN_AUTH_KEY_MGMT_NONE; 1701 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1702 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 1703 case WLAN_CRYPTO_KEY_MGMT_PSK: 1704 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1705 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 1706 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1707 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 1708 return RSN_AUTH_KEY_MGMT_FT_PSK; 1709 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 1710 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1711 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 1712 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1713 case WLAN_CRYPTO_KEY_MGMT_SAE: 1714 return RSN_AUTH_KEY_MGMT_SAE; 1715 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 1716 return RSN_AUTH_KEY_MGMT_FT_SAE; 1717 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 1718 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 1719 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 1720 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 1721 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1722 return RSN_AUTH_KEY_MGMT_CCKM; 1723 case WLAN_CRYPTO_KEY_MGMT_OSEN: 1724 return RSN_AUTH_KEY_MGMT_OSEN; 1725 } 1726 1727 return status; 1728 } 1729 1730 /* 1731 * Convert an RSN key management/authentication algorithm 1732 * to an internal code. 1733 */ 1734 static int32_t 1735 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 1736 { 1737 int32_t status = -1; 1738 1739 switch (keymgmt) { 1740 case WLAN_CRYPTO_KEY_MGMT_NONE: 1741 return WPA_AUTH_KEY_MGMT_NONE; 1742 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1743 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 1744 case WLAN_CRYPTO_KEY_MGMT_PSK: 1745 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1746 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1747 return WPA_AUTH_KEY_MGMT_CCKM; 1748 } 1749 1750 return status; 1751 } 1752 /** 1753 * Convert a WPA cipher selector OUI to an internal 1754 * cipher algorithm. Where appropriate we also 1755 * record any key length. 1756 */ 1757 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 1758 { 1759 uint32_t w = LE_READ_4(sel); 1760 int32_t status = -1; 1761 1762 switch (w) { 1763 case WPA_CIPHER_SUITE_TKIP: 1764 return WLAN_CRYPTO_CIPHER_TKIP; 1765 case WPA_CIPHER_SUITE_CCMP: 1766 return WLAN_CRYPTO_CIPHER_AES_CCM; 1767 case WPA_CIPHER_SUITE_NONE: 1768 return WLAN_CRYPTO_CIPHER_NONE; 1769 } 1770 1771 return status; 1772 } 1773 1774 /* 1775 * Convert a WPA key management/authentication algorithm 1776 * to an internal code. 1777 */ 1778 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 1779 { 1780 uint32_t w = LE_READ_4(sel); 1781 int32_t status = -1; 1782 1783 switch (w) { 1784 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 1785 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1786 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1787 return WLAN_CRYPTO_KEY_MGMT_PSK; 1788 case WPA_AUTH_KEY_MGMT_CCKM: 1789 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1790 case WPA_AUTH_KEY_MGMT_NONE: 1791 return WLAN_CRYPTO_KEY_MGMT_NONE; 1792 } 1793 return status; 1794 } 1795 1796 /* 1797 * Convert a RSN cipher selector OUI to an internal 1798 * cipher algorithm. Where appropriate we also 1799 * record any key length. 1800 */ 1801 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 1802 { 1803 uint32_t w = LE_READ_4(sel); 1804 int32_t status = -1; 1805 1806 switch (w) { 1807 case RSN_CIPHER_SUITE_TKIP: 1808 return WLAN_CRYPTO_CIPHER_TKIP; 1809 case RSN_CIPHER_SUITE_CCMP: 1810 return WLAN_CRYPTO_CIPHER_AES_CCM; 1811 case RSN_CIPHER_SUITE_CCMP_256: 1812 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 1813 case RSN_CIPHER_SUITE_GCMP: 1814 return WLAN_CRYPTO_CIPHER_AES_GCM; 1815 case RSN_CIPHER_SUITE_GCMP_256: 1816 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 1817 case RSN_CIPHER_SUITE_AES_CMAC: 1818 return WLAN_CRYPTO_CIPHER_AES_CMAC; 1819 case RSN_CIPHER_SUITE_BIP_CMAC_256: 1820 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 1821 case RSN_CIPHER_SUITE_BIP_GMAC_128: 1822 return WLAN_CRYPTO_CIPHER_AES_GMAC; 1823 case RSN_CIPHER_SUITE_BIP_GMAC_256: 1824 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 1825 case RSN_CIPHER_SUITE_NONE: 1826 return WLAN_CRYPTO_CIPHER_NONE; 1827 } 1828 1829 return status; 1830 } 1831 /* 1832 * Convert an RSN key management/authentication algorithm 1833 * to an internal code. 1834 */ 1835 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 1836 { 1837 uint32_t w = LE_READ_4(sel); 1838 int32_t status = -1; 1839 1840 switch (w) { 1841 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 1842 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1843 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1844 return WLAN_CRYPTO_KEY_MGMT_PSK; 1845 case RSN_AUTH_KEY_MGMT_FT_802_1X: 1846 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 1847 case RSN_AUTH_KEY_MGMT_FT_PSK: 1848 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 1849 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 1850 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 1851 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 1852 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 1853 case RSN_AUTH_KEY_MGMT_SAE: 1854 return WLAN_CRYPTO_KEY_MGMT_SAE; 1855 case RSN_AUTH_KEY_MGMT_FT_SAE: 1856 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 1857 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 1858 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 1859 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 1860 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 1861 case RSN_AUTH_KEY_MGMT_CCKM: 1862 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1863 case RSN_AUTH_KEY_MGMT_OSEN: 1864 return WLAN_CRYPTO_KEY_MGMT_OSEN; 1865 } 1866 1867 return status; 1868 } 1869 1870 /** 1871 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 1872 * @crypto params: crypto params 1873 * @iebuf: ie buffer 1874 * 1875 * This function gets called by mlme to check the contents of wpa is 1876 * matching with given crypto params 1877 * 1878 * Return: QDF_STATUS_SUCCESS - in case of success 1879 */ 1880 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 1881 uint8_t *frm){ 1882 uint8_t len = frm[1]; 1883 int32_t w; 1884 int n; 1885 1886 /* 1887 * Check the length once for fixed parts: OUI, type, 1888 * version, mcast cipher, and 2 selector counts. 1889 * Other, variable-length data, must be checked separately. 1890 */ 1891 RESET_AUTHMODE(crypto_params); 1892 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 1893 1894 if (len < 14) 1895 return QDF_STATUS_E_INVAL; 1896 1897 frm += 6, len -= 4; 1898 1899 w = LE_READ_2(frm); 1900 if (w != WPA_VERSION) 1901 return QDF_STATUS_E_INVAL; 1902 1903 frm += 2, len -= 2; 1904 1905 /* multicast/group cipher */ 1906 RESET_MCAST_CIPHERS(crypto_params); 1907 w = wlan_crypto_wpa_suite_to_cipher(frm); 1908 if (w < 0) 1909 return QDF_STATUS_E_INVAL; 1910 SET_MCAST_CIPHER(crypto_params, w); 1911 frm += 4, len -= 4; 1912 1913 /* unicast ciphers */ 1914 n = LE_READ_2(frm); 1915 frm += 2, len -= 2; 1916 if (len < n*4+2) 1917 return QDF_STATUS_E_INVAL; 1918 1919 RESET_UCAST_CIPHERS(crypto_params); 1920 for (; n > 0; n--) { 1921 w = wlan_crypto_wpa_suite_to_cipher(frm); 1922 if (w < 0) 1923 return QDF_STATUS_E_INVAL; 1924 SET_UCAST_CIPHER(crypto_params, w); 1925 frm += 4, len -= 4; 1926 } 1927 1928 if (!crypto_params->ucastcipherset) 1929 return QDF_STATUS_E_INVAL; 1930 1931 /* key management algorithms */ 1932 n = LE_READ_2(frm); 1933 frm += 2, len -= 2; 1934 if (len < n*4) 1935 return QDF_STATUS_E_INVAL; 1936 1937 w = 0; 1938 RESET_KEY_MGMT(crypto_params); 1939 for (; n > 0; n--) { 1940 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 1941 if (w < 0) 1942 return QDF_STATUS_E_INVAL; 1943 SET_KEY_MGMT(crypto_params, w); 1944 frm += 4, len -= 4; 1945 } 1946 1947 /* optional capabilities */ 1948 if (len >= 2) { 1949 crypto_params->rsn_caps = LE_READ_2(frm); 1950 frm += 2, len -= 2; 1951 } 1952 1953 return 0; 1954 } 1955 1956 /** 1957 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 1958 * @crypto params: crypto params 1959 * @iebuf: ie buffer 1960 * 1961 * This function gets called by mlme to check the contents of wpa is 1962 * matching with given crypto params 1963 * 1964 * Return: QDF_STATUS_SUCCESS - in case of success 1965 */ 1966 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 1967 uint8_t *frm){ 1968 uint8_t len = frm[1]; 1969 int32_t w; 1970 int n; 1971 1972 /* 1973 * Check the length once for fixed parts: OUI, type, 1974 * version, mcast cipher, and 2 selector counts. 1975 * Other, variable-length data, must be checked separately. 1976 */ 1977 RESET_AUTHMODE(crypto_params); 1978 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 1979 1980 if (len < 14) 1981 return QDF_STATUS_E_INVAL; 1982 1983 frm += 2; 1984 /* NB: iswapoui already validated the OUI and type */ 1985 w = LE_READ_2(frm); 1986 if (w != RSN_VERSION) 1987 return QDF_STATUS_E_INVAL; 1988 1989 frm += 2, len -= 2; 1990 1991 /* multicast/group cipher */ 1992 RESET_MCAST_CIPHERS(crypto_params); 1993 w = wlan_crypto_rsn_suite_to_cipher(frm); 1994 if (w < 0) 1995 return QDF_STATUS_E_INVAL; 1996 SET_MCAST_CIPHER(crypto_params, w); 1997 frm += 4, len -= 4; 1998 1999 /* unicast ciphers */ 2000 n = LE_READ_2(frm); 2001 frm += 2, len -= 2; 2002 if (len < n*4+2) 2003 return QDF_STATUS_E_INVAL; 2004 2005 RESET_UCAST_CIPHERS(crypto_params); 2006 for (; n > 0; n--) { 2007 w = wlan_crypto_rsn_suite_to_cipher(frm); 2008 if (w < 0) 2009 return QDF_STATUS_E_INVAL; 2010 SET_UCAST_CIPHER(crypto_params, w); 2011 frm += 4, len -= 4; 2012 } 2013 2014 if (crypto_params->ucastcipherset == 0) 2015 return QDF_STATUS_E_INVAL; 2016 2017 /* key management algorithms */ 2018 n = LE_READ_2(frm); 2019 frm += 2, len -= 2; 2020 if (len < n*4) 2021 return QDF_STATUS_E_INVAL; 2022 w = 0; 2023 2024 RESET_KEY_MGMT(crypto_params); 2025 for (; n > 0; n--) { 2026 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2027 if (w < 0) 2028 return QDF_STATUS_E_INVAL; 2029 SET_KEY_MGMT(crypto_params, (1 << w)); 2030 frm += 4, len -= 4; 2031 } 2032 2033 /* optional capabilities */ 2034 if (len >= 2) { 2035 crypto_params->rsn_caps = LE_READ_2(frm); 2036 frm += 2, len -= 2; 2037 } 2038 2039 return QDF_STATUS_SUCCESS; 2040 } 2041 2042 /** 2043 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2044 * @vdev: vdev 2045 * @iebuf: ie buffer 2046 * 2047 * This function gets called by mlme to build wpaie from given vdev 2048 * 2049 * Return: end of buffer 2050 */ 2051 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2052 uint8_t *iebuf){ 2053 uint8_t *frm = iebuf; 2054 uint8_t *selcnt; 2055 struct wlan_crypto_comp_priv *crypto_priv; 2056 struct wlan_crypto_params *crypto_params; 2057 2058 if (!frm) 2059 return NULL; 2060 2061 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2062 2063 if (!crypto_params) 2064 return NULL; 2065 2066 *frm++ = WLAN_ELEMID_VENDOR; 2067 *frm++ = 0; 2068 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2069 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2070 2071 2072 /* multicast cipher */ 2073 if (MCIPHER_IS_TKIP(crypto_params)) { 2074 WLAN_CRYPTO_ADDSELECTOR(frm, 2075 wlan_crypto_wpa_cipher_to_suite( 2076 WLAN_CRYPTO_CIPHER_TKIP)); 2077 } else if (MCIPHER_IS_CCMP128(crypto_params)) { 2078 WLAN_CRYPTO_ADDSELECTOR(frm, 2079 wlan_crypto_wpa_cipher_to_suite( 2080 WLAN_CRYPTO_CIPHER_AES_CCM)); 2081 } 2082 /* unicast cipher list */ 2083 selcnt = frm; 2084 WLAN_CRYPTO_ADDSHORT(frm, 0); 2085 /* do not use CCMP unicast cipher in WPA mode */ 2086 if (UCIPHER_IS_TKIP(crypto_params)) { 2087 selcnt[0]++; 2088 WLAN_CRYPTO_ADDSELECTOR(frm, 2089 wlan_crypto_wpa_cipher_to_suite( 2090 WLAN_CRYPTO_CIPHER_TKIP)); 2091 } 2092 if (UCIPHER_IS_CCMP128(crypto_params)) { 2093 selcnt[0]++; 2094 WLAN_CRYPTO_ADDSELECTOR(frm, 2095 wlan_crypto_wpa_cipher_to_suite( 2096 WLAN_CRYPTO_CIPHER_AES_CCM)); 2097 } 2098 2099 /* authenticator selector list */ 2100 selcnt = frm; 2101 WLAN_CRYPTO_ADDSHORT(frm, 0); 2102 2103 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2104 selcnt[0]++; 2105 WLAN_CRYPTO_ADDSELECTOR(frm, 2106 wlan_crypto_wpa_keymgmt_to_suite( 2107 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2108 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2109 selcnt[0]++; 2110 WLAN_CRYPTO_ADDSELECTOR(frm, 2111 wlan_crypto_wpa_keymgmt_to_suite( 2112 WLAN_CRYPTO_KEY_MGMT_PSK)); 2113 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2114 selcnt[0]++; 2115 WLAN_CRYPTO_ADDSELECTOR(frm, 2116 wlan_crypto_wpa_keymgmt_to_suite( 2117 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2118 } else { 2119 selcnt[0]++; 2120 WLAN_CRYPTO_ADDSELECTOR(frm, 2121 wlan_crypto_wpa_keymgmt_to_suite( 2122 WLAN_CRYPTO_KEY_MGMT_NONE)); 2123 } 2124 /* calculate element length */ 2125 iebuf[1] = frm - iebuf - 2; 2126 2127 return frm; 2128 } 2129 2130 /** 2131 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2132 * @vdev: vdev 2133 * @iebuf: ie buffer 2134 * 2135 * This function gets called by mlme to build rsnie from given vdev 2136 * 2137 * Return: end of buffer 2138 */ 2139 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2140 uint8_t *iebuf){ 2141 uint8_t *frm = iebuf; 2142 uint8_t *selcnt; 2143 struct wlan_crypto_comp_priv *crypto_priv; 2144 struct wlan_crypto_params *crypto_params; 2145 2146 if (!frm) { 2147 return NULL; 2148 } 2149 2150 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2151 2152 if (!crypto_params) { 2153 return NULL; 2154 } 2155 2156 *frm++ = WLAN_ELEMID_RSN; 2157 *frm++ = 0; 2158 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2159 2160 2161 /* multicast cipher */ 2162 if (MCIPHER_IS_TKIP(crypto_params)) { 2163 WLAN_CRYPTO_ADDSELECTOR(frm, 2164 wlan_crypto_rsn_cipher_to_suite( 2165 WLAN_CRYPTO_CIPHER_TKIP)); 2166 } else if (MCIPHER_IS_CCMP128(crypto_params)) { 2167 WLAN_CRYPTO_ADDSELECTOR(frm, 2168 wlan_crypto_rsn_cipher_to_suite( 2169 WLAN_CRYPTO_CIPHER_AES_CCM)); 2170 } else if (MCIPHER_IS_CCMP256(crypto_params)) { 2171 WLAN_CRYPTO_ADDSELECTOR(frm, 2172 wlan_crypto_rsn_cipher_to_suite( 2173 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2174 } else if (MCIPHER_IS_GCMP128(crypto_params)) { 2175 WLAN_CRYPTO_ADDSELECTOR(frm, 2176 wlan_crypto_rsn_cipher_to_suite( 2177 WLAN_CRYPTO_CIPHER_AES_GCM)); 2178 } else if (MCIPHER_IS_GCMP256(crypto_params)) { 2179 WLAN_CRYPTO_ADDSELECTOR(frm, 2180 wlan_crypto_rsn_cipher_to_suite( 2181 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2182 } 2183 2184 /* unicast cipher list */ 2185 selcnt = frm; 2186 WLAN_CRYPTO_ADDSHORT(frm, 0); 2187 /* do not use CCMP unicast cipher in WPA mode */ 2188 if (UCIPHER_IS_TKIP(crypto_params)) { 2189 selcnt[0]++; 2190 WLAN_CRYPTO_ADDSELECTOR(frm, 2191 wlan_crypto_rsn_cipher_to_suite( 2192 WLAN_CRYPTO_CIPHER_TKIP)); 2193 } 2194 if (UCIPHER_IS_CCMP128(crypto_params)) { 2195 selcnt[0]++; 2196 WLAN_CRYPTO_ADDSELECTOR(frm, 2197 wlan_crypto_rsn_cipher_to_suite( 2198 WLAN_CRYPTO_CIPHER_AES_CCM)); 2199 } 2200 if (UCIPHER_IS_CCMP256(crypto_params)) { 2201 selcnt[0]++; 2202 WLAN_CRYPTO_ADDSELECTOR(frm, 2203 wlan_crypto_rsn_cipher_to_suite( 2204 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2205 } 2206 2207 if (UCIPHER_IS_GCMP128(crypto_params)) { 2208 selcnt[0]++; 2209 WLAN_CRYPTO_ADDSELECTOR(frm, 2210 wlan_crypto_rsn_cipher_to_suite( 2211 WLAN_CRYPTO_CIPHER_AES_GCM)); 2212 } 2213 if (UCIPHER_IS_GCMP256(crypto_params)) { 2214 selcnt[0]++; 2215 WLAN_CRYPTO_ADDSELECTOR(frm, 2216 wlan_crypto_rsn_cipher_to_suite( 2217 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2218 } 2219 2220 2221 /* authenticator selector list */ 2222 selcnt = frm; 2223 WLAN_CRYPTO_ADDSHORT(frm, 0); 2224 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2225 selcnt[0]++; 2226 WLAN_CRYPTO_ADDSELECTOR(frm, 2227 wlan_crypto_rsn_keymgmt_to_suite( 2228 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2229 } else { 2230 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2231 selcnt[0]++; 2232 WLAN_CRYPTO_ADDSELECTOR(frm, 2233 wlan_crypto_rsn_keymgmt_to_suite( 2234 WLAN_CRYPTO_KEY_MGMT_PSK)); 2235 } 2236 if (HAS_KEY_MGMT(crypto_params, 2237 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2238 selcnt[0]++; 2239 WLAN_CRYPTO_ADDSELECTOR(frm, 2240 wlan_crypto_rsn_keymgmt_to_suite( 2241 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2242 } 2243 if (HAS_KEY_MGMT(crypto_params, 2244 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2245 selcnt[0]++; 2246 WLAN_CRYPTO_ADDSELECTOR(frm, 2247 wlan_crypto_rsn_keymgmt_to_suite( 2248 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)); 2249 } 2250 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2251 selcnt[0]++; 2252 WLAN_CRYPTO_ADDSELECTOR(frm, 2253 wlan_crypto_rsn_keymgmt_to_suite( 2254 WLAN_CRYPTO_KEY_MGMT_FT_PSK)); 2255 } 2256 if (HAS_KEY_MGMT(crypto_params, 2257 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2258 selcnt[0]++; 2259 WLAN_CRYPTO_ADDSELECTOR(frm, 2260 wlan_crypto_rsn_keymgmt_to_suite( 2261 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)); 2262 } 2263 if (HAS_KEY_MGMT(crypto_params, 2264 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2265 selcnt[0]++; 2266 WLAN_CRYPTO_ADDSELECTOR(frm, 2267 wlan_crypto_rsn_keymgmt_to_suite( 2268 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)); 2269 } 2270 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2271 selcnt[0]++; 2272 WLAN_CRYPTO_ADDSELECTOR(frm, 2273 wlan_crypto_rsn_keymgmt_to_suite( 2274 WLAN_CRYPTO_KEY_MGMT_OSEN)); 2275 } 2276 } 2277 2278 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2279 /* optional capabilities */ 2280 if (crypto_params->rsn_caps != 0 && 2281 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH){ 2282 2283 if (HAS_MGMT_CIPHER(crypto_params, 2284 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2285 selcnt[0]++; 2286 WLAN_CRYPTO_ADDSELECTOR(frm, 2287 wlan_crypto_rsn_cipher_to_suite( 2288 WLAN_CRYPTO_CIPHER_AES_CMAC)); 2289 } 2290 if (HAS_MGMT_CIPHER(crypto_params, 2291 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2292 selcnt[0]++; 2293 WLAN_CRYPTO_ADDSELECTOR(frm, 2294 wlan_crypto_rsn_cipher_to_suite( 2295 WLAN_CRYPTO_CIPHER_AES_GMAC)); 2296 } 2297 if (HAS_MGMT_CIPHER(crypto_params, 2298 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2299 selcnt[0]++; 2300 WLAN_CRYPTO_ADDSELECTOR(frm, 2301 wlan_crypto_rsn_cipher_to_suite( 2302 WLAN_CRYPTO_CIPHER_AES_CMAC_256)); 2303 } 2304 2305 if (HAS_MGMT_CIPHER(crypto_params, 2306 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2307 selcnt[0]++; 2308 WLAN_CRYPTO_ADDSELECTOR(frm, 2309 wlan_crypto_rsn_cipher_to_suite( 2310 WLAN_CRYPTO_CIPHER_AES_GMAC_256)); 2311 } 2312 } 2313 2314 /* calculate element length */ 2315 iebuf[1] = frm - iebuf - 2; 2316 2317 return frm; 2318 } 2319 2320 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2321 struct wlan_crypto_params *crypto_params){ 2322 struct wlan_crypto_params *my_crypto_params; 2323 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2324 2325 /* 2326 * Check peer's pairwise ciphers. 2327 * At least one must match with our unicast cipher 2328 */ 2329 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2330 return false; 2331 /* 2332 * Check peer's group cipher is our enabled multicast cipher. 2333 */ 2334 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2335 return false; 2336 /* 2337 * Check peer's key management class set (PSK or UNSPEC) 2338 */ 2339 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) 2340 return false; 2341 2342 return true; 2343 } 2344 2345 /* 2346 * Convert an WAPI CIPHER suite to to an internal code. 2347 */ 2348 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2349 { 2350 uint32_t w = LE_READ_4(sel); 2351 int32_t status = -1; 2352 2353 switch (w) { 2354 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2355 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2356 } 2357 2358 return status; 2359 } 2360 2361 /* 2362 * Convert an WAPI key management/authentication algorithm 2363 * to an internal code. 2364 */ 2365 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2366 { 2367 uint32_t w = LE_READ_4(sel); 2368 int32_t status = -1; 2369 2370 switch (w) { 2371 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2372 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2373 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2374 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2375 } 2376 2377 return status; 2378 } 2379 /** 2380 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2381 * @crypto params: crypto params 2382 * @iebuf: ie buffer 2383 * 2384 * This function gets called by mlme to check the contents of wapi is 2385 * matching with given crypto params 2386 * 2387 * Return: QDF_STATUS_SUCCESS - in case of success 2388 */ 2389 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2390 uint8_t *frm) 2391 { 2392 uint8_t len = frm[1]; 2393 int32_t w; 2394 int n; 2395 2396 /* 2397 * Check the length once for fixed parts: OUI, type, 2398 * version, mcast cipher, and 2 selector counts. 2399 * Other, variable-length data, must be checked separately. 2400 */ 2401 RESET_AUTHMODE(crypto_params); 2402 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2403 2404 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2405 return QDF_STATUS_E_INVAL; 2406 2407 2408 frm += 2; 2409 2410 w = LE_READ_2(frm); 2411 frm += 2, len -= 2; 2412 if (w != WAPI_VERSION) 2413 return QDF_STATUS_E_INVAL; 2414 2415 n = LE_READ_2(frm); 2416 frm += 2, len -= 2; 2417 if (len < n*4+2) 2418 return QDF_STATUS_E_INVAL; 2419 2420 RESET_KEY_MGMT(crypto_params); 2421 for (; n > 0; n--) { 2422 w = wlan_crypto_wapi_keymgmt(frm); 2423 if (w < 0) 2424 return QDF_STATUS_E_INVAL; 2425 2426 SET_KEY_MGMT(crypto_params, w); 2427 frm += 4, len -= 4; 2428 } 2429 2430 /* unicast ciphers */ 2431 n = LE_READ_2(frm); 2432 frm += 2, len -= 2; 2433 if (len < n*4+2) 2434 return QDF_STATUS_E_INVAL; 2435 2436 RESET_UCAST_CIPHERS(crypto_params); 2437 for (; n > 0; n--) { 2438 w = wlan_crypto_wapi_suite_to_cipher(frm); 2439 if (w < 0) 2440 return QDF_STATUS_E_INVAL; 2441 SET_UCAST_CIPHER(crypto_params, w); 2442 frm += 4, len -= 4; 2443 } 2444 2445 if (!crypto_params->ucastcipherset) 2446 return QDF_STATUS_E_INVAL; 2447 2448 /* multicast/group cipher */ 2449 RESET_MCAST_CIPHERS(crypto_params); 2450 w = wlan_crypto_wapi_suite_to_cipher(frm); 2451 2452 if (w < 0) 2453 return QDF_STATUS_E_INVAL; 2454 2455 SET_MCAST_CIPHER(crypto_params, w); 2456 frm += 4, len -= 4; 2457 2458 return QDF_STATUS_SUCCESS; 2459 } 2460 2461 /** 2462 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2463 * @vdev: vdev 2464 * @iebuf: ie buffer 2465 * 2466 * This function gets called by mlme to build wapi ie from given vdev 2467 * 2468 * Return: end of buffer 2469 */ 2470 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2471 uint8_t *iebuf) 2472 { 2473 uint8_t *frm; 2474 uint8_t *selcnt; 2475 struct wlan_crypto_comp_priv *crypto_priv; 2476 struct wlan_crypto_params *crypto_params; 2477 2478 frm = iebuf; 2479 if (!frm) { 2480 qdf_print("%s[%d] ie buffer NULL\n", __func__, __LINE__); 2481 return NULL; 2482 } 2483 2484 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2485 2486 if (!crypto_params) { 2487 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 2488 return NULL; 2489 } 2490 2491 *frm++ = WLAN_ELEMID_WAPI; 2492 *frm++ = 0; 2493 2494 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 2495 2496 /* authenticator selector list */ 2497 selcnt = frm; 2498 WLAN_CRYPTO_ADDSHORT(frm, 0); 2499 2500 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 2501 selcnt[0]++; 2502 WLAN_CRYPTO_ADDSELECTOR(frm, 2503 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 2504 } 2505 2506 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 2507 selcnt[0]++; 2508 WLAN_CRYPTO_ADDSELECTOR(frm, 2509 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 2510 } 2511 2512 /* unicast cipher list */ 2513 selcnt = frm; 2514 WLAN_CRYPTO_ADDSHORT(frm, 0); 2515 2516 if (UCIPHER_IS_SMS4(crypto_params)) { 2517 selcnt[0]++; 2518 WLAN_CRYPTO_ADDSELECTOR(frm, 2519 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2520 } 2521 2522 WLAN_CRYPTO_ADDSELECTOR(frm, 2523 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2524 2525 /* optional capabilities */ 2526 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2527 2528 /* calculate element length */ 2529 iebuf[1] = frm - iebuf - 2; 2530 2531 return frm; 2532 2533 } 2534 2535 /** 2536 * wlan_crypto_pn_check - called by data patch for PN check 2537 * @vdev: vdev 2538 * @wbuf: wbuf 2539 * 2540 * This function gets called by data patch for PN check 2541 * 2542 * Return: QDF_STATUS 2543 */ 2544 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 2545 qdf_nbuf_t wbuf){ 2546 /* Need to check is there real requirement for this function 2547 * as PN check is already handled in decap function. 2548 */ 2549 return QDF_STATUS_SUCCESS; 2550 } 2551 2552 /** 2553 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 2554 * @vdev:vdev 2555 * 2556 * This function gets called by mlme to get crypto params 2557 * 2558 * Return: wlan_crypto_params or NULL in case of failure 2559 */ 2560 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 2561 struct wlan_objmgr_vdev *vdev){ 2562 struct wlan_crypto_comp_priv *crypto_priv; 2563 2564 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2565 } 2566 2567 /** 2568 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 2569 * @peer:peer 2570 * 2571 * This function gets called by mlme to get crypto params 2572 * 2573 * Return: wlan_crypto_params or NULL in case of failure 2574 */ 2575 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 2576 struct wlan_objmgr_peer *peer){ 2577 struct wlan_crypto_comp_priv *crypto_priv; 2578 2579 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 2580 } 2581 2582 2583 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 2584 struct wlan_objmgr_peer *peer) 2585 { 2586 struct wlan_crypto_comp_priv *crypto_priv; 2587 struct wlan_crypto_comp_priv *sta_crypto_priv; 2588 struct wlan_crypto_params *crypto_params; 2589 struct wlan_crypto_key *key; 2590 struct wlan_crypto_key *sta_key; 2591 struct wlan_crypto_cipher *cipher_table; 2592 struct wlan_objmgr_psoc *psoc; 2593 uint8_t *mac_addr; 2594 int i; 2595 enum QDF_OPMODE opmode; 2596 2597 if (!vdev) 2598 return QDF_STATUS_E_NULL_VALUE; 2599 2600 if (!peer) { 2601 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2602 return QDF_STATUS_E_INVAL; 2603 } 2604 2605 opmode = wlan_vdev_mlme_get_opmode(vdev); 2606 psoc = wlan_vdev_get_psoc(vdev); 2607 2608 if (!psoc) { 2609 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 2610 return QDF_STATUS_E_NULL_VALUE; 2611 } 2612 2613 wlan_peer_obj_lock(peer); 2614 mac_addr = wlan_peer_get_macaddr(peer); 2615 wlan_peer_obj_unlock(peer); 2616 2617 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2618 &crypto_priv); 2619 if (crypto_priv == NULL) { 2620 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 2621 return QDF_STATUS_E_NULL_VALUE; 2622 } 2623 2624 /* push only valid static WEP keys from vap */ 2625 if (AUTH_IS_8021X(crypto_params)) 2626 return QDF_STATUS_E_INVAL; 2627 2628 if (opmode == QDF_STA_MODE) { 2629 peer = wlan_vdev_get_bsspeer(vdev); 2630 if (!peer) { 2631 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2632 return QDF_STATUS_E_INVAL; 2633 } 2634 } 2635 2636 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 2637 if (sta_crypto_priv == NULL) { 2638 qdf_print("%s[%d] sta priv is null\n", __func__, __LINE__); 2639 return QDF_STATUS_E_INVAL; 2640 } 2641 2642 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 2643 if (crypto_priv->key[i]) { 2644 key = crypto_priv->key[i]; 2645 if (!key || !key->valid) 2646 continue; 2647 2648 cipher_table = (struct wlan_crypto_cipher *) 2649 key->cipher_table; 2650 2651 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 2652 sta_key = qdf_mem_malloc( 2653 sizeof(struct wlan_crypto_key)); 2654 if (!sta_key) { 2655 qdf_print("%s[%d] key alloc failed\n", 2656 __func__, __LINE__); 2657 return QDF_STATUS_E_NOMEM; 2658 } 2659 sta_crypto_priv->key[i] = sta_key; 2660 qdf_mem_copy(sta_key, key, 2661 sizeof(struct wlan_crypto_key)); 2662 2663 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 2664 2665 if (crypto_priv->def_tx_keyid == i) { 2666 sta_key->flags 2667 |= WLAN_CRYPTO_KEY_DEFAULT; 2668 sta_crypto_priv->def_tx_keyid = 2669 crypto_priv->def_tx_keyid; 2670 } 2671 /* setting the broadcast/multicast key for sta*/ 2672 if (opmode == QDF_STA_MODE || 2673 opmode == QDF_IBSS_MODE){ 2674 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2675 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 2676 vdev, sta_key, mac_addr, 2677 cipher_table->cipher); 2678 } 2679 } 2680 2681 /* setting unicast key */ 2682 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 2683 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2684 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 2685 sta_key, mac_addr, 2686 cipher_table->cipher); 2687 } 2688 } 2689 } 2690 } 2691 2692 return QDF_STATUS_SUCCESS; 2693 } 2694 2695 /** 2696 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 2697 * @crypto_rx_ops: crypto_rx_ops 2698 * 2699 * This function gets called by object manger to register crypto rx ops. 2700 * 2701 * Return: QDF_STATUS 2702 */ 2703 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 2704 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 2705 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 2706 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 2707 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 2708 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 2709 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 2710 2711 return QDF_STATUS_SUCCESS; 2712 } 2713 2714 /** 2715 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 2716 * @psoc: psoc 2717 * 2718 * This function gets called by umac to get the crypto_rx_ops 2719 * 2720 * Return: crypto_rx_ops 2721 */ 2722 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 2723 struct wlan_objmgr_psoc *psoc) 2724 { 2725 2726 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 2727 } 2728 EXPORT_SYMBOL(wlan_crypto_get_crypto_rx_ops); 2729 2730 /** 2731 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 2732 * @vdev: vdev 2733 * @authvalue: authvalue to be checked 2734 * 2735 * This function check is authvalue passed is set in vdev or not 2736 * 2737 * Return: true or false 2738 */ 2739 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 2740 wlan_crypto_auth_mode authvalue) 2741 { 2742 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 2743 & authvalue; 2744 } 2745 2746 /** 2747 * wlan_crypto_peer_has_auth_mode - check authmode for peer 2748 * @peer: peer 2749 * @authvalue: authvalue to be checked 2750 * 2751 * This function check is authvalue passed is set in peer or not 2752 * 2753 * Return: true or false 2754 */ 2755 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 2756 wlan_crypto_auth_mode authvalue) 2757 { 2758 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 2759 & authvalue; 2760 } 2761 2762 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 2763 { 2764 struct wlan_crypto_comp_priv *crypto_priv = NULL; 2765 2766 if (!peer) { 2767 qdf_print(FL("Invalid Input\n")); 2768 return 0; 2769 } 2770 2771 crypto_priv = wlan_get_peer_crypto_obj(peer); 2772 if (!crypto_priv) { 2773 qdf_print(FL("crypto_priv NULL\n")); 2774 return 0; 2775 } 2776 2777 return crypto_priv->fils_aead_set; 2778 } 2779 2780 void 2781 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 2782 { 2783 struct wlan_crypto_comp_priv *crypto_priv = NULL; 2784 2785 if (!peer) { 2786 qdf_print(FL("Invalid Input\n")); 2787 return; 2788 } 2789 2790 crypto_priv = wlan_get_peer_crypto_obj(peer); 2791 if (!crypto_priv) { 2792 qdf_print(FL("crypto_priv NULL\n")); 2793 return; 2794 } 2795 2796 crypto_priv->fils_aead_set = value; 2797 } 2798