1 /* 2 * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 static int is_valid_keyix(uint16_t keyix) 59 { 60 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 61 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 62 return 0; 63 else 64 return 1; 65 } 66 67 static int is_igtk(uint16_t keyix) 68 { 69 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 70 return 0; 71 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 72 return 0; 73 else 74 return 1; 75 } 76 77 static int is_bigtk(uint16_t keyix) 78 { 79 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 80 return 0; 81 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 82 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 83 return 0; 84 else 85 return 1; 86 } 87 88 /** 89 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 90 * @vdev:vdev 91 * 92 * This function gets called by mlme to get crypto params 93 * 94 * Return: wlan_crypto_params or NULL in case of failure 95 */ 96 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 97 struct wlan_objmgr_vdev *vdev, 98 struct wlan_crypto_comp_priv **crypto_priv){ 99 *crypto_priv = (struct wlan_crypto_comp_priv *) 100 wlan_get_vdev_crypto_obj(vdev); 101 if (!(*crypto_priv)) { 102 crypto_err("crypto_priv NULL"); 103 return NULL; 104 } 105 106 return &((*crypto_priv)->crypto_params); 107 } 108 109 /** 110 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 111 * @peer:peer 112 * 113 * This function gets called by mlme to get crypto params 114 * 115 * Return: wlan_crypto_params or NULL in case of failure 116 */ 117 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 118 struct wlan_objmgr_peer *peer, 119 struct wlan_crypto_comp_priv **crypto_priv){ 120 121 *crypto_priv = (struct wlan_crypto_comp_priv *) 122 wlan_get_peer_crypto_obj(peer); 123 if (!*crypto_priv) { 124 crypto_err("crypto_priv NULL"); 125 return NULL; 126 } 127 128 return &((*crypto_priv)->crypto_params); 129 } 130 131 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 132 { 133 return QDF_STATUS_SUCCESS; 134 } 135 136 /** 137 * wlan_crypto_set_param - called by ucfg to set crypto param 138 * @crypto_params: crypto_params 139 * @param: param to be set. 140 * @value: value 141 * 142 * This function gets called from ucfg to set param 143 * 144 * Return: QDF_STATUS_SUCCESS - in case of success 145 */ 146 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 147 wlan_crypto_param_type param, 148 uint32_t value){ 149 QDF_STATUS status = QDF_STATUS_E_INVAL; 150 151 crypto_debug("param %d, value %d", param, value); 152 switch (param) { 153 case WLAN_CRYPTO_PARAM_AUTH_MODE: 154 status = wlan_crypto_set_authmode(crypto_params, value); 155 break; 156 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 157 status = wlan_crypto_set_ucastciphers(crypto_params, value); 158 break; 159 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 160 status = wlan_crypto_set_mcastcipher(crypto_params, value); 161 break; 162 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 163 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 164 break; 165 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 166 status = wlan_crypto_set_cipher_cap(crypto_params, value); 167 break; 168 case WLAN_CRYPTO_PARAM_RSN_CAP: 169 status = wlan_crypto_set_rsn_cap(crypto_params, value); 170 break; 171 case WLAN_CRYPTO_PARAM_KEY_MGMT: 172 status = wlan_crypto_set_key_mgmt(crypto_params, value); 173 break; 174 default: 175 status = QDF_STATUS_E_INVAL; 176 } 177 return status; 178 } 179 180 /** 181 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 182 * @vdev: vdev 183 * @param: param to be set. 184 * @value: value 185 * 186 * This function gets called from ucfg to set param 187 * 188 * Return: QDF_STATUS_SUCCESS - in case of success 189 */ 190 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 191 wlan_crypto_param_type param, 192 uint32_t value){ 193 QDF_STATUS status = QDF_STATUS_E_INVAL; 194 struct wlan_crypto_comp_priv *crypto_priv; 195 struct wlan_crypto_params *crypto_params; 196 197 crypto_priv = (struct wlan_crypto_comp_priv *) 198 wlan_get_vdev_crypto_obj(vdev); 199 200 if (!crypto_priv) { 201 crypto_err("crypto_priv NULL"); 202 return QDF_STATUS_E_INVAL; 203 } 204 205 crypto_params = &(crypto_priv->crypto_params); 206 207 status = wlan_crypto_set_param(crypto_params, param, value); 208 209 return status; 210 } 211 212 /** 213 * wlan_crypto_set_param - called by ucfg to set crypto param 214 * 215 * @peer: peer 216 * @param: param to be set. 217 * @value: value 218 * 219 * This function gets called from ucfg to set param 220 * 221 * Return: QDF_STATUS_SUCCESS - in case of success 222 */ 223 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 224 wlan_crypto_param_type param, 225 uint32_t value){ 226 QDF_STATUS status = QDF_STATUS_E_INVAL; 227 struct wlan_crypto_comp_priv *crypto_priv; 228 struct wlan_crypto_params *crypto_params; 229 230 crypto_params = wlan_crypto_peer_get_comp_params(peer, 231 &crypto_priv); 232 233 if (!crypto_priv) { 234 crypto_err("crypto_priv NULL"); 235 return QDF_STATUS_E_INVAL; 236 } 237 238 crypto_params = &(crypto_priv->crypto_params); 239 240 status = wlan_crypto_set_param(crypto_params, param, value); 241 242 return status; 243 } 244 245 /** 246 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 247 * @param: Crypto param type 248 * @crypto_params: Crypto params struct 249 * 250 * This function gets called from in-within crypto layer 251 * 252 * Return: value or -1 for failure 253 */ 254 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 255 struct wlan_crypto_params *crypto_params) 256 { 257 int32_t value = -1; 258 259 switch (param) { 260 case WLAN_CRYPTO_PARAM_AUTH_MODE: 261 value = wlan_crypto_get_authmode(crypto_params); 262 break; 263 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 264 value = wlan_crypto_get_ucastciphers(crypto_params); 265 break; 266 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 267 value = wlan_crypto_get_mcastcipher(crypto_params); 268 break; 269 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 270 value = wlan_crypto_get_mgmtciphers(crypto_params); 271 break; 272 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 273 value = wlan_crypto_get_cipher_cap(crypto_params); 274 break; 275 case WLAN_CRYPTO_PARAM_RSN_CAP: 276 value = wlan_crypto_get_rsn_cap(crypto_params); 277 break; 278 case WLAN_CRYPTO_PARAM_KEY_MGMT: 279 value = wlan_crypto_get_key_mgmt(crypto_params); 280 break; 281 default: 282 value = QDF_STATUS_E_INVAL; 283 } 284 285 return value; 286 } 287 288 /** 289 * wlan_crypto_get_param - called to get value for param from vdev 290 * @vdev: vdev 291 * @param: Crypto param type 292 * 293 * This function gets called to get value for param from vdev 294 * 295 * Return: value or -1 for failure 296 */ 297 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 298 wlan_crypto_param_type param) 299 { 300 int32_t value = -1; 301 struct wlan_crypto_comp_priv *crypto_priv; 302 struct wlan_crypto_params *crypto_params; 303 crypto_priv = (struct wlan_crypto_comp_priv *) 304 wlan_get_vdev_crypto_obj(vdev); 305 306 if (!crypto_priv) { 307 crypto_err("crypto_priv NULL"); 308 return QDF_STATUS_E_INVAL; 309 } 310 311 crypto_params = &(crypto_priv->crypto_params); 312 value = wlan_crypto_get_param_value(param, crypto_params); 313 314 return value; 315 } 316 /** 317 * wlan_crypto_get_peer_param - called to get value for param from peer 318 * @peer: peer 319 * @param: Crypto param type 320 * 321 * This function gets called to get value for param from peer 322 * 323 * Return: value or -1 for failure 324 */ 325 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 326 wlan_crypto_param_type param) 327 { 328 int32_t value = -1; 329 struct wlan_crypto_comp_priv *crypto_priv; 330 struct wlan_crypto_params *crypto_params; 331 332 crypto_params = wlan_crypto_peer_get_comp_params(peer, 333 &crypto_priv); 334 335 if (!crypto_params) { 336 crypto_err("crypto_params NULL"); 337 return QDF_STATUS_E_INVAL; 338 } 339 value = wlan_crypto_get_param_value(param, crypto_params); 340 341 return value; 342 } 343 qdf_export_symbol(wlan_crypto_get_peer_param); 344 345 static 346 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 347 struct wlan_crypto_pmksa *pmksa); 348 349 static 350 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 351 struct wlan_crypto_pmksa *pmksa) 352 { 353 uint8_t i, first_available_slot = 0; 354 bool slot_found = false; 355 356 /* Delete the old entry and then Add new entry */ 357 wlan_crypto_del_pmksa(crypto_params, pmksa); 358 359 /* find the empty slot as duplicate is already deleted */ 360 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 361 if (!crypto_params->pmksa[i]) { 362 slot_found = true; 363 first_available_slot = i; 364 break; 365 } 366 } 367 368 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 369 crypto_err("no entry available for pmksa"); 370 return QDF_STATUS_E_INVAL; 371 } 372 crypto_params->pmksa[first_available_slot] = pmksa; 373 374 return QDF_STATUS_SUCCESS; 375 } 376 377 static 378 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 379 struct wlan_crypto_pmksa *pmksa) 380 { 381 uint8_t i, j; 382 bool match_found = false; 383 u8 del_pmk[MAX_PMK_LEN] = {0}; 384 385 /* find slot with same bssid */ 386 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 387 if (!crypto_params->pmksa[i]) 388 continue; 389 if (qdf_is_macaddr_equal(&pmksa->bssid, 390 &crypto_params->pmksa[i]->bssid)) { 391 match_found = true; 392 } else if (pmksa->ssid_len && 393 !qdf_mem_cmp(pmksa->ssid, 394 crypto_params->pmksa[i]->ssid, 395 pmksa->ssid_len) && 396 !qdf_mem_cmp(pmksa->cache_id, 397 crypto_params->pmksa[i]->cache_id, 398 WLAN_CACHE_ID_LEN)) { 399 match_found = true; 400 } 401 402 if (match_found) { 403 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 404 crypto_params->pmksa[i]->pmk_len); 405 /* Free matching entry */ 406 qdf_mem_zero(crypto_params->pmksa[i], 407 sizeof(struct wlan_crypto_pmksa)); 408 qdf_mem_free(crypto_params->pmksa[i]); 409 crypto_params->pmksa[i] = NULL; 410 411 /* Find and remove the entries matching the pmk */ 412 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 413 if (!crypto_params->pmksa[j]) 414 continue; 415 if (crypto_params->pmksa[j]->pmk_len && 416 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 417 del_pmk, 418 crypto_params->pmksa[j]->pmk_len))) { 419 qdf_mem_zero(crypto_params->pmksa[j], 420 sizeof(struct wlan_crypto_pmksa)); 421 qdf_mem_free(crypto_params->pmksa[j]); 422 crypto_params->pmksa[j] = NULL; 423 } 424 } 425 /* reset stored pmk */ 426 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 427 428 return QDF_STATUS_SUCCESS; 429 } 430 } 431 432 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 433 crypto_debug("No such pmksa entry exists"); 434 435 return QDF_STATUS_SUCCESS; 436 } 437 438 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 439 { 440 uint8_t i; 441 442 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 443 if (!crypto_params->pmksa[i]) 444 continue; 445 qdf_mem_zero(crypto_params->pmksa[i], 446 sizeof(struct wlan_crypto_pmksa)); 447 qdf_mem_free(crypto_params->pmksa[i]); 448 crypto_params->pmksa[i] = NULL; 449 } 450 451 return QDF_STATUS_SUCCESS; 452 } 453 454 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 455 struct wlan_crypto_pmksa *pmksa, 456 bool set) 457 { 458 QDF_STATUS status = QDF_STATUS_E_INVAL; 459 struct wlan_crypto_comp_priv *crypto_priv; 460 struct wlan_crypto_params *crypto_params; 461 enum QDF_OPMODE op_mode; 462 463 op_mode = wlan_vdev_mlme_get_opmode(vdev); 464 465 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 466 return QDF_STATUS_E_NOSUPPORT; 467 468 if (!pmksa && set) { 469 crypto_err("pmksa is NULL for set operation"); 470 return QDF_STATUS_E_INVAL; 471 } 472 crypto_priv = (struct wlan_crypto_comp_priv *) 473 wlan_get_vdev_crypto_obj(vdev); 474 475 if (!crypto_priv) { 476 crypto_err("crypto_priv NULL"); 477 return QDF_STATUS_E_INVAL; 478 } 479 480 crypto_params = &crypto_priv->crypto_params; 481 if (set) { 482 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 483 /* Set pmksa */ 484 } else { 485 /* del pmksa */ 486 if (!pmksa) 487 status = wlan_crypto_pmksa_flush(crypto_params); 488 else 489 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 490 } 491 492 return status; 493 } 494 495 struct wlan_crypto_pmksa * 496 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 497 struct wlan_crypto_pmksa *pmksa) 498 { 499 struct wlan_crypto_comp_priv *crypto_priv; 500 struct wlan_crypto_params *crypto_params; 501 uint8_t i; 502 503 if (!pmksa) { 504 crypto_err("pmksa is NULL"); 505 return NULL; 506 } 507 crypto_priv = (struct wlan_crypto_comp_priv *) 508 wlan_get_vdev_crypto_obj(vdev); 509 510 if (!crypto_priv) { 511 crypto_err("crypto_priv NULL"); 512 return NULL; 513 } 514 515 crypto_params = &crypto_priv->crypto_params; 516 517 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 518 if (!crypto_params->pmksa[i]) 519 continue; 520 if (qdf_is_macaddr_equal(&pmksa->bssid, 521 &crypto_params->pmksa[i]->bssid)) { 522 return crypto_params->pmksa[i]; 523 } else if (pmksa->ssid_len && 524 !qdf_mem_cmp(pmksa->ssid, 525 crypto_params->pmksa[i]->ssid, 526 pmksa->ssid_len) && 527 !qdf_mem_cmp(pmksa->cache_id, 528 crypto_params->pmksa[i]->cache_id, 529 WLAN_CACHE_ID_LEN)){ 530 return crypto_params->pmksa[i]; 531 } 532 } 533 534 return NULL; 535 } 536 537 struct wlan_crypto_pmksa * 538 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 539 { 540 struct wlan_crypto_comp_priv *crypto_priv; 541 struct wlan_crypto_params *crypto_params; 542 uint8_t i; 543 544 if (!bssid) { 545 crypto_err("bssid is NULL"); 546 return NULL; 547 } 548 crypto_priv = (struct wlan_crypto_comp_priv *) 549 wlan_get_vdev_crypto_obj(vdev); 550 551 if (!crypto_priv) { 552 crypto_err("crypto_priv NULL"); 553 return NULL; 554 } 555 556 crypto_params = &crypto_priv->crypto_params; 557 558 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 559 if (!crypto_params->pmksa[i]) 560 continue; 561 if (qdf_is_macaddr_equal(bssid, 562 &crypto_params->pmksa[i]->bssid)) { 563 return crypto_params->pmksa[i]; 564 } 565 } 566 567 return NULL; 568 } 569 570 struct wlan_crypto_pmksa * 571 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev, 572 uint8_t *cache_id, uint8_t *ssid, 573 uint8_t ssid_len) 574 { 575 struct wlan_crypto_comp_priv *crypto_priv; 576 struct wlan_crypto_params *crypto_params; 577 uint8_t i; 578 579 crypto_priv = (struct wlan_crypto_comp_priv *) 580 wlan_get_vdev_crypto_obj(vdev); 581 582 if (!crypto_priv) { 583 crypto_err("crypto_priv NULL"); 584 return NULL; 585 } 586 587 crypto_params = &crypto_priv->crypto_params; 588 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 589 if (!crypto_params->pmksa[i]) 590 continue; 591 592 if (!qdf_mem_cmp(cache_id, 593 crypto_params->pmksa[i]->cache_id, 594 WLAN_CACHE_ID_LEN) && 595 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid, 596 ssid_len) && 597 ssid_len == crypto_params->pmksa[i]->ssid_len) 598 return crypto_params->pmksa[i]; 599 } 600 601 return NULL; 602 } 603 604 /** 605 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 606 * @vdev: vdev 607 * @peer: peer 608 * 609 * This function gets called to check is HT allowed for cipher. 610 * HT is not allowed for wep and tkip. 611 * 612 * Return: 0 - not allowed or 1 - allowed 613 */ 614 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 615 struct wlan_objmgr_peer *peer) 616 { 617 int32_t ucast_cipher; 618 619 if (!(vdev || peer)) { 620 crypto_err("Invalid params"); 621 return 0; 622 } 623 624 if (vdev) 625 ucast_cipher = wlan_crypto_get_param(vdev, 626 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 627 else 628 ucast_cipher = wlan_crypto_get_peer_param(peer, 629 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 630 631 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 632 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 633 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 634 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 635 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 636 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 637 } 638 qdf_export_symbol(wlan_crypto_is_htallowed); 639 640 /** 641 * wlan_crypto_setkey - called by ucfg to setkey 642 * @vdev: vdev 643 * @req_key: req_key with cipher type, key macaddress 644 * 645 * This function gets called from ucfg to sey key 646 * 647 * Return: QDF_STATUS_SUCCESS - in case of success 648 */ 649 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 650 struct wlan_crypto_req_key *req_key){ 651 652 QDF_STATUS status = QDF_STATUS_E_INVAL; 653 struct wlan_crypto_comp_priv *crypto_priv; 654 struct wlan_crypto_params *crypto_params; 655 struct wlan_objmgr_psoc *psoc; 656 struct wlan_objmgr_peer *peer; 657 struct wlan_crypto_key *key = NULL; 658 const struct wlan_crypto_cipher *cipher; 659 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 660 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 661 bool isbcast; 662 enum QDF_OPMODE vdev_mode; 663 uint8_t igtk_idx = 0; 664 uint8_t bigtk_idx = 0; 665 struct wlan_lmac_if_tx_ops *tx_ops; 666 667 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 668 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 669 return QDF_STATUS_E_INVAL; 670 } 671 672 isbcast = qdf_is_macaddr_group( 673 (struct qdf_mac_addr *)req_key->macaddr); 674 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 675 /* zero length keys, only set default key id if flags are set*/ 676 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 677 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 678 && (!IS_MGMT_CIPHER(req_key->type))) { 679 wlan_crypto_default_key(vdev, 680 req_key->macaddr, 681 req_key->keyix, 682 !isbcast); 683 return QDF_STATUS_SUCCESS; 684 } 685 crypto_err("req_key len zero"); 686 return QDF_STATUS_E_INVAL; 687 } 688 689 cipher = wlan_crypto_cipher_ops[req_key->type]; 690 691 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 692 crypto_err("cipher invalid"); 693 return QDF_STATUS_E_INVAL; 694 } 695 696 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 697 (!IS_MGMT_CIPHER(req_key->type)) && 698 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 699 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 700 crypto_err("cipher invalid"); 701 return QDF_STATUS_E_INVAL; 702 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 703 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 704 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 705 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 706 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 707 return QDF_STATUS_E_INVAL; 708 } 709 710 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 711 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 712 | WLAN_CRYPTO_KEY_RECV)) { 713 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 714 | WLAN_CRYPTO_KEY_RECV); 715 } 716 } else { 717 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 718 && (!IS_MGMT_CIPHER(req_key->type))) { 719 return QDF_STATUS_E_INVAL; 720 } 721 722 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 723 | WLAN_CRYPTO_KEY_RECV); 724 if (isbcast) 725 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 726 } 727 728 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 729 730 wlan_vdev_obj_lock(vdev); 731 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 732 QDF_MAC_ADDR_SIZE); 733 psoc = wlan_vdev_get_psoc(vdev); 734 if (!psoc) { 735 wlan_vdev_obj_unlock(vdev); 736 crypto_err("psoc NULL"); 737 return QDF_STATUS_E_INVAL; 738 } 739 wlan_vdev_obj_unlock(vdev); 740 741 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 742 if (wlan_crypto_vdev_has_auth_mode(vdev, 743 (1 << WLAN_CRYPTO_AUTH_8021X))) { 744 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 745 } 746 } 747 748 if (isbcast) { 749 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 750 &crypto_priv); 751 if (!crypto_priv) { 752 crypto_err("crypto_priv NULL"); 753 return QDF_STATUS_E_INVAL; 754 } 755 756 if (IS_MGMT_CIPHER(req_key->type)) { 757 struct wlan_crypto_key *crypto_key = NULL; 758 759 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 760 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 761 if (!is_igtk(req_key->keyix) && 762 !(is_bigtk(req_key->keyix))) { 763 crypto_err("igtk/bigtk key invalid keyid %d", 764 req_key->keyix); 765 return QDF_STATUS_E_INVAL; 766 } 767 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 768 if (!key) 769 return QDF_STATUS_E_NOMEM; 770 771 772 if (is_igtk(req_key->keyix)) { 773 crypto_key = crypto_priv->igtk_key[igtk_idx]; 774 if (crypto_key) 775 qdf_mem_free(crypto_key); 776 777 crypto_priv->igtk_key[igtk_idx] = key; 778 crypto_priv->igtk_key_type = req_key->type; 779 crypto_priv->def_igtk_tx_keyid = igtk_idx; 780 bigtk_idx = 0; 781 } else { 782 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 783 if (crypto_key) 784 qdf_mem_free(crypto_key); 785 786 crypto_priv->bigtk_key[bigtk_idx] = key; 787 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 788 igtk_idx = 0; 789 } 790 } else { 791 if (IS_FILS_CIPHER(req_key->type)) { 792 crypto_err("FILS key is not for BroadCast pkt"); 793 return QDF_STATUS_E_INVAL; 794 } 795 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 796 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 797 return QDF_STATUS_E_INVAL; 798 } 799 if (!crypto_priv->key[req_key->keyix]) { 800 crypto_priv->key[req_key->keyix] 801 = qdf_mem_malloc( 802 sizeof(struct wlan_crypto_key)); 803 if (!crypto_priv->key[req_key->keyix]) 804 return QDF_STATUS_E_NOMEM; 805 } 806 key = crypto_priv->key[req_key->keyix]; 807 } 808 if (vdev_mode == QDF_STA_MODE) { 809 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 810 WLAN_CRYPTO_ID); 811 if (!peer) { 812 crypto_err("peer NULL"); 813 if (IS_MGMT_CIPHER(req_key->type)) { 814 crypto_priv->igtk_key[igtk_idx] = NULL; 815 crypto_priv->bigtk_key[bigtk_idx] 816 = NULL; 817 crypto_priv->igtk_key_type 818 = WLAN_CRYPTO_CIPHER_NONE; 819 } else 820 crypto_priv->key[req_key->keyix] = NULL; 821 if (key) 822 qdf_mem_free(key); 823 return QDF_STATUS_E_INVAL; 824 } 825 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 826 QDF_MAC_ADDR_SIZE); 827 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 828 } 829 } else { 830 uint8_t pdev_id; 831 832 pdev_id = wlan_objmgr_pdev_get_pdev_id( 833 wlan_vdev_get_pdev(vdev)); 834 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 835 psoc, 836 pdev_id, 837 macaddr, 838 req_key->macaddr, 839 WLAN_CRYPTO_ID); 840 841 if (!peer) { 842 crypto_err("peer NULL"); 843 return QDF_STATUS_E_INVAL; 844 } 845 846 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 847 crypto_params = wlan_crypto_peer_get_comp_params(peer, 848 &crypto_priv); 849 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 850 851 if (!crypto_priv) { 852 crypto_err("crypto_priv NULL"); 853 return QDF_STATUS_E_INVAL; 854 } 855 if (IS_MGMT_CIPHER(req_key->type)) { 856 struct wlan_crypto_key *crypto_key = NULL; 857 858 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 859 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 860 if (!is_igtk(req_key->keyix) && 861 !(is_bigtk(req_key->keyix))) { 862 crypto_err("igtk/bigtk key invalid keyid %d", 863 req_key->keyix); 864 return QDF_STATUS_E_INVAL; 865 } 866 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 867 if (!key) 868 return QDF_STATUS_E_NOMEM; 869 870 if (is_igtk(req_key->keyix)) { 871 crypto_key = crypto_priv->igtk_key[igtk_idx]; 872 if (crypto_key) 873 qdf_mem_free(crypto_key); 874 875 crypto_priv->igtk_key[igtk_idx] = key; 876 crypto_priv->igtk_key_type = req_key->type; 877 crypto_priv->def_igtk_tx_keyid = igtk_idx; 878 } else { 879 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 880 if (crypto_key) 881 qdf_mem_free(crypto_key); 882 883 crypto_priv->bigtk_key[bigtk_idx] = key; 884 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 885 } 886 } else { 887 uint16_t kid = req_key->keyix; 888 if (kid == WLAN_CRYPTO_KEYIX_NONE) 889 kid = 0; 890 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 891 crypto_err("invalid keyid %d", kid); 892 return QDF_STATUS_E_INVAL; 893 } 894 if (!crypto_priv->key[kid]) { 895 crypto_priv->key[kid] 896 = qdf_mem_malloc( 897 sizeof(struct wlan_crypto_key)); 898 if (!crypto_priv->key[kid]) 899 return QDF_STATUS_E_NOMEM; 900 } 901 key = crypto_priv->key[kid]; 902 } 903 } 904 905 /* alloc key might not required as it is already there */ 906 key->cipher_table = (void *)cipher; 907 key->keylen = req_key->keylen; 908 key->flags = req_key->flags; 909 910 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 911 key->keyix = 0; 912 else 913 key->keyix = req_key->keyix; 914 915 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 916 && (!IS_MGMT_CIPHER(req_key->type))) { 917 crypto_priv->def_tx_keyid = key->keyix; 918 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 919 } 920 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 921 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 922 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 923 0x5c, 0x36, 0x5c, 0x36, 924 0x5c, 0x36, 0x5c, 0x36, 925 0x5c, 0x36, 0x5c, 0x37}; 926 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 927 0x5c, 0x36, 0x5c, 0x36, 928 0x5c, 0x36, 0x5c, 0x36, 929 0x5c, 0x36, 0x5c, 0x36}; 930 931 /* During Tx PN should be increment and 932 * send but as per our implementation we increment only after 933 * Tx complete. So First packet PN check will be failed. 934 * To compensate increment the PN here by 2 935 */ 936 if (vdev_mode == QDF_SAP_MODE) { 937 iv_AP[15] += 2; 938 qdf_mem_copy(key->recviv, iv_STA, 939 WLAN_CRYPTO_WAPI_IV_SIZE); 940 qdf_mem_copy(key->txiv, iv_AP, 941 WLAN_CRYPTO_WAPI_IV_SIZE); 942 } else { 943 iv_STA[15] += 2; 944 qdf_mem_copy(key->recviv, iv_AP, 945 WLAN_CRYPTO_WAPI_IV_SIZE); 946 qdf_mem_copy(key->txiv, iv_STA, 947 WLAN_CRYPTO_WAPI_IV_SIZE); 948 } 949 } else { 950 uint8_t i = 0; 951 qdf_mem_copy((uint8_t *)(&key->keytsc), 952 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 953 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 954 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 955 (uint8_t *)(&req_key->keyrsc), 956 sizeof(key->keyrsc[0])); 957 } 958 } 959 960 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 961 if (!tx_ops) { 962 crypto_err("tx_ops is NULL"); 963 return QDF_STATUS_E_INVAL; 964 } 965 966 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 967 key->valid = 1; 968 if ((IS_MGMT_CIPHER(req_key->type))) { 969 if (HAS_CIPHER_CAP(crypto_params, 970 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 971 is_bigtk(req_key->keyix)) { 972 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 973 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 974 key, macaddr, req_key->type); 975 } 976 } 977 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 978 status = wlan_crypto_set_igtk_key(key); 979 return status; 980 } else if (IS_FILS_CIPHER(req_key->type)) { 981 /* Take request key object to FILS setkey */ 982 key->private = req_key; 983 } else { 984 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 985 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, macaddr, 986 req_key->type); 987 } 988 } 989 status = cipher->setkey(key); 990 991 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 992 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 993 (!IS_MGMT_CIPHER(req_key->type))) { 994 /* default xmit key */ 995 wlan_crypto_default_key(vdev, 996 req_key->macaddr, 997 req_key->keyix, 998 !isbcast); 999 } 1000 1001 return status; 1002 } 1003 1004 /** 1005 * wlan_crypto_get_keytype - get keytype 1006 * @key: key 1007 * 1008 * This function gets keytype from key 1009 * 1010 * Return: keytype 1011 */ 1012 wlan_crypto_cipher_type wlan_crypto_get_key_type( 1013 struct wlan_crypto_key *key){ 1014 if (key && key->cipher_table) { 1015 return ((struct wlan_crypto_cipher *) 1016 (key->cipher_table))->cipher; 1017 } 1018 return WLAN_CRYPTO_CIPHER_NONE; 1019 } 1020 qdf_export_symbol(wlan_crypto_get_key_type); 1021 /** 1022 * wlan_crypto_vdev_getkey - get key from vdev 1023 * @vdev: vdev 1024 * @keyix: keyix 1025 * 1026 * This function gets key from vdev 1027 * 1028 * Return: key or NULL 1029 */ 1030 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 1031 uint16_t keyix){ 1032 struct wlan_crypto_comp_priv *crypto_priv; 1033 struct wlan_crypto_params *crypto_params; 1034 struct wlan_crypto_key *key = NULL; 1035 1036 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1037 1038 if (!crypto_priv) { 1039 crypto_err("crypto_priv NULL"); 1040 return NULL; 1041 } 1042 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1043 * we return the default key, for all other keyix we return the 1044 * key accordingly. 1045 */ 1046 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1047 !is_valid_keyix(keyix)) 1048 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1049 else if (is_bigtk(keyix)) 1050 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1051 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1052 else if (is_igtk(keyix)) 1053 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1054 else 1055 key = crypto_priv->key[keyix]; 1056 1057 if (key && key->valid) 1058 return key; 1059 1060 return NULL; 1061 } 1062 qdf_export_symbol(wlan_crypto_vdev_getkey); 1063 1064 /** 1065 * wlan_crypto_peer_getkey - get key from peer 1066 * @peer: peer 1067 * @keyix: keyix 1068 * 1069 * This function gets key from peer 1070 * 1071 * Return: key or NULL 1072 */ 1073 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1074 uint16_t keyix){ 1075 struct wlan_crypto_comp_priv *crypto_priv; 1076 struct wlan_crypto_params *crypto_params; 1077 struct wlan_crypto_key *key = NULL; 1078 1079 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1080 1081 if (!crypto_priv) { 1082 crypto_err("crypto_priv NULL"); 1083 return NULL; 1084 } 1085 1086 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1087 * we return the default key, for all other keyix we return the 1088 * key accordingly. 1089 */ 1090 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1091 !is_valid_keyix(keyix)) 1092 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1093 else if (is_bigtk(keyix)) 1094 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1095 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1096 else if (is_igtk(keyix)) 1097 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1098 else 1099 key = crypto_priv->key[keyix]; 1100 1101 if (key && key->valid) 1102 return key; 1103 1104 return NULL; 1105 } 1106 qdf_export_symbol(wlan_crypto_peer_getkey); 1107 1108 /** 1109 * wlan_crypto_getkey - called by ucfg to get key 1110 * @vdev: vdev 1111 * @req_key: key value will be copied in this req_key 1112 * @mac_address: mac address of the peer for unicast key 1113 * or broadcast address if group key is requested. 1114 * 1115 * This function gets called from ucfg to get key 1116 * 1117 * Return: QDF_STATUS_SUCCESS - in case of success 1118 */ 1119 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1120 struct wlan_crypto_req_key *req_key, 1121 uint8_t *mac_addr){ 1122 struct wlan_crypto_cipher *cipher_table; 1123 struct wlan_crypto_key *key; 1124 struct wlan_objmgr_psoc *psoc; 1125 struct wlan_lmac_if_tx_ops *tx_ops; 1126 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1127 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1128 1129 wlan_vdev_obj_lock(vdev); 1130 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1131 QDF_MAC_ADDR_SIZE); 1132 psoc = wlan_vdev_get_psoc(vdev); 1133 if (!psoc) { 1134 wlan_vdev_obj_unlock(vdev); 1135 crypto_err("psoc NULL"); 1136 return QDF_STATUS_E_INVAL; 1137 } 1138 wlan_vdev_obj_unlock(vdev); 1139 1140 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1141 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1142 if (!key) 1143 return QDF_STATUS_E_INVAL; 1144 } else { 1145 struct wlan_objmgr_peer *peer; 1146 uint8_t pdev_id; 1147 1148 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1149 wlan_vdev_get_pdev(vdev)); 1150 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1151 psoc, 1152 pdev_id, 1153 macaddr, 1154 mac_addr, 1155 WLAN_CRYPTO_ID); 1156 if (!peer) { 1157 crypto_err("peer NULL"); 1158 return QDF_STATUS_E_NOENT; 1159 } 1160 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1161 1162 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1163 if (!tx_ops) { 1164 crypto_err("tx_ops is NULL"); 1165 return QDF_STATUS_E_INVAL; 1166 } 1167 1168 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops) && 1169 (req_key->flags & WLAN_CRYPTO_KEY_GET_PN)) 1170 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, mac_addr, 1171 req_key->type); 1172 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1173 if (!key) 1174 return QDF_STATUS_E_INVAL; 1175 } 1176 1177 if (key->valid) { 1178 qdf_mem_copy(req_key->keydata, 1179 key->keyval, key->keylen); 1180 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1181 (uint8_t *)(&key->keytsc), 1182 sizeof(req_key->keytsc)); 1183 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1184 (uint8_t *)(&key->keyrsc[0]), 1185 sizeof(req_key->keyrsc)); 1186 req_key->keylen = key->keylen; 1187 req_key->flags = key->flags; 1188 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1189 1190 if (!cipher_table) 1191 return QDF_STATUS_SUCCESS; 1192 1193 req_key->type = cipher_table->cipher; 1194 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1195 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1196 (uint8_t *)(key->txiv), 1197 sizeof(req_key->txiv)); 1198 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1199 (uint8_t *)(key->recviv), 1200 sizeof(req_key->recviv)); 1201 } 1202 } 1203 1204 return QDF_STATUS_SUCCESS; 1205 } 1206 1207 /** 1208 * wlan_crypto_delkey - called by ucfg to delete key 1209 * @vdev: vdev 1210 * @mac_address: mac address of the peer for unicast key 1211 * or broadcast address if group key is deleted. 1212 * @key_idx: key index to be deleted 1213 * 1214 * This function gets called from ucfg to delete key 1215 * 1216 * Return: QDF_STATUS_SUCCESS - in case of success 1217 */ 1218 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1219 uint8_t *macaddr, 1220 uint8_t key_idx){ 1221 struct wlan_crypto_comp_priv *crypto_priv; 1222 struct wlan_crypto_params *crypto_params; 1223 struct wlan_crypto_key *key; 1224 struct wlan_crypto_cipher *cipher_table; 1225 struct wlan_objmgr_psoc *psoc; 1226 struct wlan_lmac_if_tx_ops *tx_ops; 1227 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1228 1229 if (!vdev || !macaddr || 1230 !is_valid_keyix(key_idx)) { 1231 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1232 vdev, macaddr, key_idx); 1233 return QDF_STATUS_E_INVAL; 1234 } 1235 1236 wlan_vdev_obj_lock(vdev); 1237 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1238 QDF_MAC_ADDR_SIZE); 1239 psoc = wlan_vdev_get_psoc(vdev); 1240 if (!psoc) { 1241 wlan_vdev_obj_unlock(vdev); 1242 crypto_err("psoc NULL"); 1243 return QDF_STATUS_E_INVAL; 1244 } 1245 wlan_vdev_obj_unlock(vdev); 1246 1247 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1248 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1249 &crypto_priv); 1250 if (!crypto_priv) { 1251 crypto_err("crypto_priv NULL"); 1252 return QDF_STATUS_E_INVAL; 1253 } 1254 } else { 1255 struct wlan_objmgr_peer *peer; 1256 uint8_t pdev_id; 1257 1258 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1259 wlan_vdev_get_pdev(vdev)); 1260 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1261 psoc, pdev_id, 1262 bssid_mac, 1263 macaddr, 1264 WLAN_CRYPTO_ID); 1265 if (!peer) { 1266 return QDF_STATUS_E_INVAL; 1267 } 1268 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1269 &crypto_priv); 1270 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1271 if (!crypto_priv) { 1272 crypto_err("crypto_priv NULL"); 1273 return QDF_STATUS_E_INVAL; 1274 } 1275 } 1276 1277 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1278 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1279 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1280 1281 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1282 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1283 return QDF_STATUS_E_INVAL; 1284 } 1285 if (is_igtk(key_idx)) { 1286 key = crypto_priv->igtk_key[igtk_idx]; 1287 crypto_priv->igtk_key[igtk_idx] = NULL; 1288 } else { 1289 key = crypto_priv->bigtk_key[bigtk_idx]; 1290 crypto_priv->bigtk_key[bigtk_idx] = NULL; 1291 } 1292 if (key) 1293 key->valid = 0; 1294 } else { 1295 key = crypto_priv->key[key_idx]; 1296 crypto_priv->key[key_idx] = NULL; 1297 } 1298 1299 if (!key) 1300 return QDF_STATUS_E_INVAL; 1301 1302 if (key->valid) { 1303 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1304 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1305 1306 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1307 if (!tx_ops) { 1308 crypto_err("tx_ops is NULL"); 1309 return QDF_STATUS_E_INVAL; 1310 } 1311 1312 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1313 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1314 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1315 cipher_table->cipher); 1316 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1317 if (key->private) 1318 qdf_mem_free(key->private); 1319 } 1320 } 1321 1322 /* Zero-out local key variables */ 1323 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1324 qdf_mem_free(key); 1325 1326 return QDF_STATUS_SUCCESS; 1327 } 1328 1329 #ifdef CRYPTO_SET_KEY_CONVERGED 1330 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1331 uint8_t key_idx, uint8_t *macaddr) 1332 { 1333 return QDF_STATUS_SUCCESS; 1334 } 1335 #else 1336 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1337 uint8_t key_idx, uint8_t *macaddr) 1338 { 1339 struct wlan_objmgr_psoc *psoc; 1340 struct wlan_lmac_if_tx_ops *tx_ops; 1341 1342 psoc = wlan_vdev_get_psoc(vdev); 1343 if (!psoc) { 1344 crypto_err("psoc is NULL"); 1345 return QDF_STATUS_E_INVAL; 1346 } 1347 1348 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1349 if (!tx_ops) { 1350 crypto_err("tx_ops is NULL"); 1351 return QDF_STATUS_E_INVAL; 1352 } 1353 1354 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1355 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1356 1357 return QDF_STATUS_SUCCESS; 1358 } 1359 #endif 1360 1361 /** 1362 * wlan_crypto_default_key - called by ucfg to set default tx key 1363 * @vdev: vdev 1364 * @mac_address: mac address of the peer for unicast key 1365 * or broadcast address if group key need to made default. 1366 * @key_idx: key index to be made as default key 1367 * @unicast: is key was unicast or group key. 1368 * 1369 * This function gets called from ucfg to set default key 1370 * 1371 * Return: QDF_STATUS_SUCCESS - in case of success 1372 */ 1373 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1374 uint8_t *macaddr, 1375 uint8_t key_idx, 1376 bool unicast){ 1377 struct wlan_crypto_comp_priv *crypto_priv; 1378 struct wlan_crypto_params *crypto_params; 1379 struct wlan_crypto_key *key; 1380 struct wlan_objmgr_psoc *psoc; 1381 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1382 1383 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1384 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1385 vdev, macaddr, key_idx); 1386 return QDF_STATUS_E_INVAL; 1387 } 1388 1389 wlan_vdev_obj_lock(vdev); 1390 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1391 QDF_MAC_ADDR_SIZE); 1392 psoc = wlan_vdev_get_psoc(vdev); 1393 if (!psoc) { 1394 wlan_vdev_obj_unlock(vdev); 1395 crypto_err("psoc NULL"); 1396 return QDF_STATUS_E_INVAL; 1397 } 1398 wlan_vdev_obj_unlock(vdev); 1399 1400 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1401 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1402 &crypto_priv); 1403 if (!crypto_priv) { 1404 crypto_err("crypto_priv NULL"); 1405 return QDF_STATUS_E_INVAL; 1406 } 1407 1408 key = crypto_priv->key[key_idx]; 1409 if (!key) 1410 return QDF_STATUS_E_INVAL; 1411 } else { 1412 struct wlan_objmgr_peer *peer; 1413 uint8_t pdev_id; 1414 1415 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1416 wlan_vdev_get_pdev(vdev)); 1417 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1418 psoc, pdev_id, 1419 bssid_mac, 1420 macaddr, 1421 WLAN_CRYPTO_ID); 1422 1423 if (!peer) { 1424 crypto_err("peer NULL"); 1425 return QDF_STATUS_E_INVAL; 1426 } 1427 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1428 &crypto_priv); 1429 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1430 if (!crypto_priv) { 1431 crypto_err("crypto_priv NULL"); 1432 return QDF_STATUS_E_INVAL; 1433 } 1434 1435 key = crypto_priv->key[key_idx]; 1436 if (!key) 1437 return QDF_STATUS_E_INVAL; 1438 } 1439 if (!key->valid) 1440 return QDF_STATUS_E_INVAL; 1441 1442 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1443 QDF_STATUS_SUCCESS) 1444 return QDF_STATUS_E_INVAL; 1445 crypto_priv->def_tx_keyid = key_idx; 1446 1447 return QDF_STATUS_SUCCESS; 1448 } 1449 1450 /** 1451 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1452 * @vdev: vdev 1453 * @wbuf: wbuf 1454 * @macaddr: macaddr 1455 * @encapdone: is encapdone already or not. 1456 * 1457 * This function gets called from mgmt txrx to encap frame. 1458 * 1459 * Return: QDF_STATUS_SUCCESS - in case of success 1460 */ 1461 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1462 qdf_nbuf_t wbuf, 1463 uint8_t *mac_addr, 1464 uint8_t encapdone){ 1465 struct wlan_crypto_comp_priv *crypto_priv; 1466 struct wlan_crypto_params *crypto_params; 1467 struct wlan_crypto_key *key; 1468 QDF_STATUS status; 1469 struct wlan_crypto_cipher *cipher_table; 1470 struct wlan_objmgr_psoc *psoc; 1471 struct wlan_objmgr_peer *peer; 1472 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1473 uint8_t pdev_id; 1474 uint8_t hdrlen; 1475 enum QDF_OPMODE opmode; 1476 1477 opmode = wlan_vdev_mlme_get_opmode(vdev); 1478 wlan_vdev_obj_lock(vdev); 1479 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1480 QDF_MAC_ADDR_SIZE); 1481 psoc = wlan_vdev_get_psoc(vdev); 1482 if (!psoc) { 1483 wlan_vdev_obj_unlock(vdev); 1484 crypto_err("psoc NULL"); 1485 return QDF_STATUS_E_INVAL; 1486 } 1487 wlan_vdev_obj_unlock(vdev); 1488 1489 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1490 /* FILS Encap required only for (Re-)Assoc response */ 1491 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1492 1493 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1494 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1495 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1496 return QDF_STATUS_E_INVAL; 1497 } 1498 1499 if (peer) 1500 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1501 1502 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1503 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1504 &crypto_priv); 1505 if (!crypto_priv) { 1506 crypto_err("crypto_priv NULL"); 1507 return QDF_STATUS_E_INVAL; 1508 } 1509 1510 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1511 if (!key) 1512 return QDF_STATUS_E_INVAL; 1513 1514 } else { 1515 struct wlan_objmgr_peer *peer; 1516 uint8_t pdev_id; 1517 1518 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1519 wlan_vdev_get_pdev(vdev)); 1520 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1521 bssid_mac, mac_addr, 1522 WLAN_CRYPTO_ID); 1523 1524 if (!peer) { 1525 crypto_err("crypto_priv NULL"); 1526 return QDF_STATUS_E_INVAL; 1527 } 1528 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1529 &crypto_priv); 1530 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1531 1532 if (!crypto_priv) { 1533 crypto_err("crypto_priv NULL"); 1534 return QDF_STATUS_E_INVAL; 1535 } 1536 1537 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1538 if (!key) 1539 return QDF_STATUS_E_INVAL; 1540 } 1541 if (opmode == QDF_MONITOR_MODE) 1542 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1543 else 1544 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1545 (uint8_t *)qdf_nbuf_data(wbuf)); 1546 1547 /* if tkip, is counter measures enabled, then drop the frame */ 1548 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1549 status = cipher_table->encap(key, wbuf, encapdone, 1550 hdrlen); 1551 1552 return status; 1553 } 1554 qdf_export_symbol(wlan_crypto_encap); 1555 1556 /** 1557 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1558 * @vdev: vdev 1559 * @wbuf: wbuf 1560 * @macaddr: macaddr 1561 * @tid: tid of the frame 1562 * 1563 * This function gets called from mgmt txrx to decap frame. 1564 * 1565 * Return: QDF_STATUS_SUCCESS - in case of success 1566 */ 1567 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1568 qdf_nbuf_t wbuf, 1569 uint8_t *mac_addr, 1570 uint8_t tid){ 1571 struct wlan_crypto_comp_priv *crypto_priv; 1572 struct wlan_crypto_params *crypto_params; 1573 struct wlan_crypto_key *key; 1574 QDF_STATUS status; 1575 struct wlan_crypto_cipher *cipher_table; 1576 struct wlan_objmgr_psoc *psoc; 1577 struct wlan_objmgr_peer *peer; 1578 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1579 uint8_t keyid; 1580 uint8_t pdev_id; 1581 uint8_t hdrlen; 1582 enum QDF_OPMODE opmode; 1583 1584 opmode = wlan_vdev_mlme_get_opmode(vdev); 1585 wlan_vdev_obj_lock(vdev); 1586 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1587 QDF_MAC_ADDR_SIZE); 1588 psoc = wlan_vdev_get_psoc(vdev); 1589 if (!psoc) { 1590 wlan_vdev_obj_unlock(vdev); 1591 crypto_err("psoc NULL"); 1592 return QDF_STATUS_E_INVAL; 1593 } 1594 wlan_vdev_obj_unlock(vdev); 1595 1596 if (opmode == QDF_MONITOR_MODE) 1597 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1598 else 1599 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1600 (uint8_t *)qdf_nbuf_data(wbuf)); 1601 1602 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1603 1604 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1605 return QDF_STATUS_E_INVAL; 1606 1607 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1608 /* FILS Decap required only for (Re-)Assoc request */ 1609 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1610 1611 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1612 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1613 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1614 return QDF_STATUS_E_INVAL; 1615 } 1616 1617 if (peer) 1618 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1619 1620 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1621 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1622 &crypto_priv); 1623 if (!crypto_priv) { 1624 crypto_err("crypto_priv NULL"); 1625 return QDF_STATUS_E_INVAL; 1626 } 1627 1628 key = crypto_priv->key[keyid]; 1629 if (!key) 1630 return QDF_STATUS_E_INVAL; 1631 1632 } else { 1633 struct wlan_objmgr_peer *peer; 1634 uint8_t pdev_id; 1635 1636 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1637 wlan_vdev_get_pdev(vdev)); 1638 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1639 psoc, pdev_id, bssid_mac, 1640 mac_addr, WLAN_CRYPTO_ID); 1641 if (!peer) { 1642 crypto_err("peer NULL"); 1643 return QDF_STATUS_E_INVAL; 1644 } 1645 1646 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1647 &crypto_priv); 1648 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1649 1650 if (!crypto_priv) { 1651 crypto_err("crypto_priv NULL"); 1652 return QDF_STATUS_E_INVAL; 1653 } 1654 1655 key = crypto_priv->key[keyid]; 1656 if (!key) 1657 return QDF_STATUS_E_INVAL; 1658 } 1659 /* if tkip, is counter measures enabled, then drop the frame */ 1660 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1661 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1662 1663 return status; 1664 } 1665 qdf_export_symbol(wlan_crypto_decap); 1666 /** 1667 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1668 * @vdev: vdev 1669 * @wbuf: wbuf 1670 * @macaddr: macaddr 1671 * @encapdone: is encapdone already or not. 1672 * 1673 * This function gets called from mgmt txrx to adding mic to the frame. 1674 * 1675 * Return: QDF_STATUS_SUCCESS - in case of success 1676 */ 1677 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1678 qdf_nbuf_t wbuf, 1679 uint8_t *mac_addr, 1680 uint8_t encapdone){ 1681 struct wlan_crypto_comp_priv *crypto_priv; 1682 struct wlan_crypto_params *crypto_params; 1683 struct wlan_crypto_key *key; 1684 QDF_STATUS status; 1685 struct wlan_crypto_cipher *cipher_table; 1686 struct wlan_objmgr_psoc *psoc; 1687 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1688 uint8_t hdrlen; 1689 enum QDF_OPMODE opmode; 1690 1691 opmode = wlan_vdev_mlme_get_opmode(vdev); 1692 1693 1694 wlan_vdev_obj_lock(vdev); 1695 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1696 QDF_MAC_ADDR_SIZE); 1697 psoc = wlan_vdev_get_psoc(vdev); 1698 if (!psoc) { 1699 wlan_vdev_obj_unlock(vdev); 1700 crypto_err("psoc NULL"); 1701 return QDF_STATUS_E_INVAL; 1702 } 1703 wlan_vdev_obj_unlock(vdev); 1704 1705 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1706 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1707 &crypto_priv); 1708 if (!crypto_priv) { 1709 crypto_err("crypto_priv NULL"); 1710 return QDF_STATUS_E_INVAL; 1711 } 1712 1713 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1714 if (!key) 1715 return QDF_STATUS_E_INVAL; 1716 1717 } else { 1718 struct wlan_objmgr_peer *peer; 1719 uint8_t pdev_id; 1720 1721 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1722 wlan_vdev_get_pdev(vdev)); 1723 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1724 psoc, pdev_id, bssid_mac, 1725 mac_addr, WLAN_CRYPTO_ID); 1726 if (!peer) { 1727 crypto_err("crypto_priv NULL"); 1728 return QDF_STATUS_E_INVAL; 1729 } 1730 1731 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1732 &crypto_priv); 1733 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1734 1735 if (!crypto_priv) { 1736 crypto_err("crypto_priv NULL"); 1737 return QDF_STATUS_E_INVAL; 1738 } 1739 1740 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1741 if (!key) 1742 return QDF_STATUS_E_INVAL; 1743 } 1744 if (opmode == QDF_MONITOR_MODE) 1745 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1746 else 1747 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1748 (uint8_t *)qdf_nbuf_data(wbuf)); 1749 1750 /* if tkip, is counter measures enabled, then drop the frame */ 1751 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1752 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1753 1754 return status; 1755 } 1756 1757 /** 1758 * wlan_crypto_demic - called by mgmt for remove and check mic for 1759 * the frame based on cipher 1760 * @vdev: vdev 1761 * @wbuf: wbuf 1762 * @macaddr: macaddr 1763 * @tid: tid of the frame 1764 * @keyid: keyid in the received frame 1765 * This function gets called from mgmt txrx to decap frame. 1766 * 1767 * Return: QDF_STATUS_SUCCESS - in case of success 1768 */ 1769 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1770 qdf_nbuf_t wbuf, 1771 uint8_t *mac_addr, 1772 uint8_t tid, 1773 uint8_t keyid){ 1774 struct wlan_crypto_comp_priv *crypto_priv; 1775 struct wlan_crypto_params *crypto_params; 1776 struct wlan_crypto_key *key; 1777 QDF_STATUS status; 1778 struct wlan_crypto_cipher *cipher_table; 1779 struct wlan_objmgr_psoc *psoc; 1780 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1781 uint8_t hdrlen; 1782 enum QDF_OPMODE opmode; 1783 1784 opmode = wlan_vdev_mlme_get_opmode(vdev); 1785 1786 if (opmode == QDF_MONITOR_MODE) 1787 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1788 else 1789 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1790 (uint8_t *)qdf_nbuf_data(wbuf)); 1791 1792 wlan_vdev_obj_lock(vdev); 1793 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1794 QDF_MAC_ADDR_SIZE); 1795 psoc = wlan_vdev_get_psoc(vdev); 1796 if (!psoc) { 1797 wlan_vdev_obj_unlock(vdev); 1798 crypto_err("psoc NULL"); 1799 return QDF_STATUS_E_INVAL; 1800 } 1801 wlan_vdev_obj_unlock(vdev); 1802 1803 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1804 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1805 &crypto_priv); 1806 if (!crypto_priv) { 1807 crypto_err("crypto_priv NULL"); 1808 return QDF_STATUS_E_INVAL; 1809 } 1810 1811 key = crypto_priv->key[keyid]; 1812 if (!key) 1813 return QDF_STATUS_E_INVAL; 1814 1815 } else { 1816 struct wlan_objmgr_peer *peer; 1817 uint8_t pdev_id; 1818 1819 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1820 wlan_vdev_get_pdev(vdev)); 1821 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1822 psoc, pdev_id, bssid_mac, 1823 mac_addr, WLAN_CRYPTO_ID); 1824 if (!peer) { 1825 crypto_err("peer NULL"); 1826 return QDF_STATUS_E_INVAL; 1827 } 1828 1829 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1830 &crypto_priv); 1831 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1832 1833 if (!crypto_priv) { 1834 crypto_err("crypto_priv NULL"); 1835 return QDF_STATUS_E_INVAL; 1836 } 1837 1838 key = crypto_priv->key[keyid]; 1839 if (!key) 1840 return QDF_STATUS_E_INVAL; 1841 } 1842 /* if tkip, is counter measures enabled, then drop the frame */ 1843 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1844 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1845 1846 return status; 1847 } 1848 1849 /** 1850 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1851 * @vdev: vdev 1852 * 1853 * This function gets called to check is pmf enabled or not in vdev. 1854 * 1855 * Return: true or false 1856 */ 1857 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1858 { 1859 1860 struct wlan_crypto_comp_priv *crypto_priv; 1861 struct wlan_crypto_params *vdev_crypto_params; 1862 1863 if (!vdev) 1864 return false; 1865 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1866 &crypto_priv); 1867 if (!crypto_priv) { 1868 crypto_err("crypto_priv NULL"); 1869 return QDF_STATUS_E_INVAL; 1870 } 1871 1872 if ((vdev_crypto_params->rsn_caps & 1873 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1874 || (vdev_crypto_params->rsn_caps & 1875 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1876 return true; 1877 } 1878 1879 return false; 1880 } 1881 1882 /** 1883 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 1884 * @vdev: vdev 1885 * 1886 * This function gets called to check is pmf required or not in vdev. 1887 * 1888 * Return: true or false 1889 */ 1890 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 1891 { 1892 struct wlan_crypto_comp_priv *crypto_priv; 1893 struct wlan_crypto_params *vdev_crypto_params; 1894 1895 if (!vdev) 1896 return false; 1897 1898 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1899 &crypto_priv); 1900 if (!crypto_priv) { 1901 crypto_err("crypto_priv NULL"); 1902 return QDF_STATUS_E_INVAL; 1903 } 1904 1905 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 1906 return true; 1907 1908 return false; 1909 } 1910 1911 /** 1912 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1913 * @vdev: vdev 1914 * @peer: peer 1915 * 1916 * This function gets called by mgmt txrx to check is pmf enabled or not. 1917 * 1918 * Return: true or false 1919 */ 1920 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1921 struct wlan_objmgr_peer *peer){ 1922 1923 struct wlan_crypto_comp_priv *crypto_priv; 1924 struct wlan_crypto_params *vdev_crypto_params; 1925 struct wlan_crypto_params *peer_crypto_params; 1926 1927 if (!vdev || !peer) 1928 return false; 1929 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1930 &crypto_priv); 1931 if (!crypto_priv) { 1932 crypto_err("crypto_priv NULL"); 1933 return QDF_STATUS_E_INVAL; 1934 } 1935 1936 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1937 &crypto_priv); 1938 if (!crypto_priv) { 1939 crypto_err("crypto_priv NULL"); 1940 return QDF_STATUS_E_INVAL; 1941 } 1942 if (((vdev_crypto_params->rsn_caps & 1943 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1944 (peer_crypto_params->rsn_caps & 1945 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1946 || (vdev_crypto_params->rsn_caps & 1947 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1948 return true; 1949 } 1950 1951 return false; 1952 } 1953 1954 /** 1955 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 1956 * @vdev: vdev 1957 * @peer: peer 1958 * @keyidx : key index 1959 * 1960 * This function gets called by mgmt txrx to check if key is valid 1961 * 1962 * Return: true or false 1963 */ 1964 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 1965 struct wlan_objmgr_peer *peer, 1966 uint16_t keyidx) 1967 { 1968 struct wlan_crypto_key *key = NULL; 1969 1970 if (!vdev && !peer) 1971 return false; 1972 1973 if (peer) 1974 key = wlan_crypto_peer_getkey(peer, keyidx); 1975 else if (vdev) 1976 key = wlan_crypto_vdev_getkey(vdev, keyidx); 1977 1978 if ((key) && key->valid) 1979 return true; 1980 1981 return false; 1982 } 1983 1984 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1985 { 1986 a[0] = b[5]; 1987 a[1] = b[4]; 1988 a[2] = b[3]; 1989 a[3] = b[2]; 1990 a[4] = b[1]; 1991 a[5] = b[0]; 1992 } 1993 1994 /** 1995 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1996 * @vdev: vdev 1997 * @bfrm: frame starting pointer 1998 * @len: length of the frame 1999 * 2000 * This function gets called by mgmt txrx to add mmie in frame 2001 * 2002 * Return: end of frame or NULL in case failure 2003 */ 2004 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 2005 uint8_t *bfrm, 2006 uint32_t len) { 2007 struct wlan_crypto_key *key; 2008 struct wlan_crypto_mmie *mmie; 2009 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 2010 struct wlan_frame_hdr *hdr; 2011 uint32_t i, hdrlen, mic_len, aad_len; 2012 uint8_t mic[16]; 2013 struct wlan_crypto_comp_priv *crypto_priv; 2014 struct wlan_crypto_params *crypto_params; 2015 int32_t ret = -1; 2016 2017 if (!bfrm) { 2018 crypto_err("frame is NULL"); 2019 return NULL; 2020 } 2021 2022 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2023 &crypto_priv); 2024 if (!crypto_priv) { 2025 crypto_err("crypto_priv NULL"); 2026 return NULL; 2027 } 2028 2029 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 2030 crypto_err("igtk key invalid keyid %d", 2031 crypto_priv->def_igtk_tx_keyid); 2032 return NULL; 2033 } 2034 2035 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 2036 if (!key) { 2037 crypto_err("No igtk key present"); 2038 return NULL; 2039 } 2040 mic_len = (crypto_priv->igtk_key_type 2041 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2042 2043 efrm = bfrm + len; 2044 aad_len = 20; 2045 hdrlen = sizeof(struct wlan_frame_hdr); 2046 len += sizeof(struct wlan_crypto_mmie); 2047 2048 mmie = (struct wlan_crypto_mmie *) efrm; 2049 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2050 mmie->element_id = WLAN_ELEMID_MMIE; 2051 mmie->length = sizeof(*mmie) - 2; 2052 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2053 2054 mic_len = (crypto_priv->igtk_key_type 2055 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2056 if (mic_len == 8) { 2057 mmie->length -= 8; 2058 len -= 8; 2059 } 2060 /* PN = PN + 1 */ 2061 pn = (uint8_t *)&key->keytsc; 2062 2063 for (i = 0; i <= 5; i++) { 2064 pn[i]++; 2065 if (pn[i]) 2066 break; 2067 } 2068 2069 /* Copy IPN */ 2070 qdf_mem_copy(mmie->sequence_number, pn, 6); 2071 2072 hdr = (struct wlan_frame_hdr *) bfrm; 2073 2074 buf = qdf_mem_malloc(len - hdrlen + 20); 2075 if (!buf) 2076 return NULL; 2077 2078 qdf_mem_zero(buf, len - hdrlen + 20); 2079 aad = buf; 2080 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2081 2082 /* FC type/subtype */ 2083 aad[0] = hdr->i_fc[0]; 2084 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2085 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2086 | WLAN_FC1_MOREDATA)); 2087 /* A1 || A2 || A3 */ 2088 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2089 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2090 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2091 qdf_mem_zero(mic, 16); 2092 2093 /* 2094 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2095 */ 2096 2097 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2098 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2099 2100 ret = omac1_aes_128(key->keyval, buf, 2101 len + aad_len - hdrlen, mic); 2102 qdf_mem_copy(mmie->mic, mic, 8); 2103 2104 } else if (crypto_priv->igtk_key_type 2105 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2106 2107 ret = omac1_aes_256(key->keyval, buf, 2108 len + aad_len - hdrlen, mmie->mic); 2109 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2110 || (crypto_priv->igtk_key_type 2111 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2112 2113 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2114 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 2115 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2116 sizeof(nounce), buf, 2117 len + aad_len - hdrlen, mmie->mic); 2118 } 2119 qdf_mem_free(buf); 2120 if (ret < 0) { 2121 crypto_err("add mmie failed"); 2122 return NULL; 2123 } 2124 2125 return bfrm + len; 2126 } 2127 2128 /** 2129 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 2130 * @vdev: vdev 2131 * @frm: frame starting pointer 2132 * @efrm: end of frame pointer 2133 * 2134 * This function gets called by mgmt txrx to check mmie of the frame 2135 * 2136 * Return: true or false 2137 */ 2138 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2139 uint8_t *frm, 2140 uint8_t *efrm){ 2141 struct wlan_crypto_mmie *mmie = NULL; 2142 uint8_t *ipn, *aad, *buf, *mic, nounce[12]; 2143 struct wlan_crypto_key *key; 2144 struct wlan_frame_hdr *hdr; 2145 uint16_t mic_len, hdrlen, len; 2146 struct wlan_crypto_comp_priv *crypto_priv; 2147 struct wlan_crypto_params *crypto_params; 2148 uint8_t aad_len = 20; 2149 int32_t ret = -1; 2150 2151 /* check if frame is illegal length */ 2152 if (!frm || !efrm || (efrm < frm) 2153 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2154 crypto_err("Invalid params"); 2155 return false; 2156 } 2157 len = efrm - frm; 2158 crypto_priv = (struct wlan_crypto_comp_priv *) 2159 wlan_get_vdev_crypto_obj(vdev); 2160 if (!crypto_priv) { 2161 crypto_err("crypto_priv NULL"); 2162 return false; 2163 } 2164 2165 crypto_params = &(crypto_priv->crypto_params); 2166 2167 2168 mic_len = (crypto_priv->igtk_key_type 2169 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2170 hdrlen = sizeof(struct wlan_frame_hdr); 2171 2172 if (mic_len == 8) 2173 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2174 else 2175 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2176 2177 2178 /* check Elem ID*/ 2179 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2180 crypto_err("IE is not MMIE"); 2181 return false; 2182 } 2183 2184 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2185 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2186 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2187 crypto_err("keyid not valid"); 2188 return false; 2189 } 2190 2191 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2192 if (!key) { 2193 crypto_err("No igtk key present"); 2194 return false; 2195 } 2196 2197 /* validate ipn */ 2198 ipn = mmie->sequence_number; 2199 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2200 uint8_t *su = (uint8_t *)key->keyrsc; 2201 uint8_t *end = ipn + 6; 2202 2203 crypto_err("replay error :"); 2204 while (ipn < end) { 2205 crypto_err("expected pn = %x received pn = %x", 2206 *ipn++, *su++); 2207 } 2208 return false; 2209 } 2210 2211 buf = qdf_mem_malloc(len - hdrlen + 20); 2212 if (!buf) 2213 return false; 2214 2215 aad = buf; 2216 2217 /* construct AAD */ 2218 hdr = (struct wlan_frame_hdr *)frm; 2219 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2220 2221 /* FC type/subtype */ 2222 aad[0] = hdr->i_fc[0]; 2223 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2224 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2225 | WLAN_FC1_MOREDATA)); 2226 /* A1 || A2 || A3 */ 2227 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2228 2229 /* 2230 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2231 */ 2232 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2233 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2234 mic = qdf_mem_malloc(mic_len); 2235 if (!mic) { 2236 qdf_mem_free(buf); 2237 return false; 2238 } 2239 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2240 ret = omac1_aes_128(key->keyval, buf, 2241 len - hdrlen + aad_len, mic); 2242 } else if (crypto_priv->igtk_key_type 2243 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2244 ret = omac1_aes_256(key->keyval, buf, 2245 len + aad_len - hdrlen, mic); 2246 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2247 || (crypto_priv->igtk_key_type 2248 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2249 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2250 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 2251 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2252 sizeof(nounce), buf, 2253 len + aad_len - hdrlen, mic); 2254 } 2255 2256 qdf_mem_free(buf); 2257 2258 if (ret < 0) { 2259 qdf_mem_free(mic); 2260 crypto_err("genarate mmie failed"); 2261 return false; 2262 } 2263 2264 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2265 qdf_mem_free(mic); 2266 crypto_err("mmie mismatch"); 2267 /* MMIE MIC mismatch */ 2268 return false; 2269 } 2270 2271 qdf_mem_free(mic); 2272 /* Update the receive sequence number */ 2273 qdf_mem_copy(key->keyrsc, ipn, 6); 2274 crypto_debug("mmie matched"); 2275 2276 return true; 2277 } 2278 2279 2280 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2281 { 2282 int32_t status = -1; 2283 2284 switch (cipher) { 2285 case WLAN_CRYPTO_CIPHER_TKIP: 2286 return WPA_CIPHER_SUITE_TKIP; 2287 case WLAN_CRYPTO_CIPHER_AES_CCM: 2288 return WPA_CIPHER_SUITE_CCMP; 2289 case WLAN_CRYPTO_CIPHER_NONE: 2290 return WPA_CIPHER_SUITE_NONE; 2291 } 2292 2293 return status; 2294 } 2295 2296 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2297 { 2298 int32_t status = -1; 2299 2300 switch (cipher) { 2301 case WLAN_CRYPTO_CIPHER_TKIP: 2302 return RSN_CIPHER_SUITE_TKIP; 2303 case WLAN_CRYPTO_CIPHER_AES_CCM: 2304 return RSN_CIPHER_SUITE_CCMP; 2305 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2306 return RSN_CIPHER_SUITE_CCMP_256; 2307 case WLAN_CRYPTO_CIPHER_AES_GCM: 2308 return RSN_CIPHER_SUITE_GCMP; 2309 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2310 return RSN_CIPHER_SUITE_GCMP_256; 2311 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2312 return RSN_CIPHER_SUITE_AES_CMAC; 2313 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2314 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2315 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2316 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2317 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2318 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2319 case WLAN_CRYPTO_CIPHER_NONE: 2320 return RSN_CIPHER_SUITE_NONE; 2321 } 2322 2323 return status; 2324 } 2325 2326 /* 2327 * Convert an RSN key management/authentication algorithm 2328 * to an internal code. 2329 */ 2330 static int32_t 2331 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2332 { 2333 int32_t status = -1; 2334 2335 switch (keymgmt) { 2336 case WLAN_CRYPTO_KEY_MGMT_NONE: 2337 return RSN_AUTH_KEY_MGMT_NONE; 2338 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2339 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2340 case WLAN_CRYPTO_KEY_MGMT_PSK: 2341 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2342 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2343 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2344 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2345 return RSN_AUTH_KEY_MGMT_FT_PSK; 2346 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2347 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2348 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2349 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2350 case WLAN_CRYPTO_KEY_MGMT_SAE: 2351 return RSN_AUTH_KEY_MGMT_SAE; 2352 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2353 return RSN_AUTH_KEY_MGMT_FT_SAE; 2354 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2355 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2356 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2357 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2358 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2359 return RSN_AUTH_KEY_MGMT_CCKM; 2360 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2361 return RSN_AUTH_KEY_MGMT_OSEN; 2362 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2363 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2364 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2365 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2366 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2367 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2368 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2369 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2370 case WLAN_CRYPTO_KEY_MGMT_OWE: 2371 return RSN_AUTH_KEY_MGMT_OWE; 2372 case WLAN_CRYPTO_KEY_MGMT_DPP: 2373 return RSN_AUTH_KEY_MGMT_DPP; 2374 } 2375 2376 return status; 2377 } 2378 2379 /* 2380 * Convert an RSN key management/authentication algorithm 2381 * to an internal code. 2382 */ 2383 static int32_t 2384 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2385 { 2386 int32_t status = -1; 2387 2388 switch (keymgmt) { 2389 case WLAN_CRYPTO_KEY_MGMT_NONE: 2390 return WPA_AUTH_KEY_MGMT_NONE; 2391 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2392 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2393 case WLAN_CRYPTO_KEY_MGMT_PSK: 2394 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2395 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2396 return WPA_AUTH_KEY_MGMT_CCKM; 2397 } 2398 2399 return status; 2400 } 2401 /** 2402 * Convert a WPA cipher selector OUI to an internal 2403 * cipher algorithm. Where appropriate we also 2404 * record any key length. 2405 */ 2406 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 2407 { 2408 uint32_t w = LE_READ_4(sel); 2409 int32_t status = -1; 2410 2411 switch (w) { 2412 case WPA_CIPHER_SUITE_TKIP: 2413 return WLAN_CRYPTO_CIPHER_TKIP; 2414 case WPA_CIPHER_SUITE_CCMP: 2415 return WLAN_CRYPTO_CIPHER_AES_CCM; 2416 case WPA_CIPHER_SUITE_NONE: 2417 return WLAN_CRYPTO_CIPHER_NONE; 2418 } 2419 2420 return status; 2421 } 2422 2423 /* 2424 * Convert a WPA key management/authentication algorithm 2425 * to an internal code. 2426 */ 2427 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 2428 { 2429 uint32_t w = LE_READ_4(sel); 2430 int32_t status = -1; 2431 2432 switch (w) { 2433 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2434 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2435 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2436 return WLAN_CRYPTO_KEY_MGMT_PSK; 2437 case WPA_AUTH_KEY_MGMT_CCKM: 2438 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2439 case WPA_AUTH_KEY_MGMT_NONE: 2440 return WLAN_CRYPTO_KEY_MGMT_NONE; 2441 } 2442 return status; 2443 } 2444 2445 /* 2446 * Convert a RSN cipher selector OUI to an internal 2447 * cipher algorithm. Where appropriate we also 2448 * record any key length. 2449 */ 2450 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 2451 { 2452 uint32_t w = LE_READ_4(sel); 2453 int32_t status = -1; 2454 2455 switch (w) { 2456 case RSN_CIPHER_SUITE_TKIP: 2457 return WLAN_CRYPTO_CIPHER_TKIP; 2458 case RSN_CIPHER_SUITE_CCMP: 2459 return WLAN_CRYPTO_CIPHER_AES_CCM; 2460 case RSN_CIPHER_SUITE_CCMP_256: 2461 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2462 case RSN_CIPHER_SUITE_GCMP: 2463 return WLAN_CRYPTO_CIPHER_AES_GCM; 2464 case RSN_CIPHER_SUITE_GCMP_256: 2465 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2466 case RSN_CIPHER_SUITE_AES_CMAC: 2467 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2468 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2469 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2470 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2471 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2472 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2473 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2474 case RSN_CIPHER_SUITE_NONE: 2475 return WLAN_CRYPTO_CIPHER_NONE; 2476 } 2477 2478 return status; 2479 } 2480 /* 2481 * Convert an RSN key management/authentication algorithm 2482 * to an internal code. 2483 */ 2484 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2485 { 2486 uint32_t w = LE_READ_4(sel); 2487 int32_t status = -1; 2488 2489 switch (w) { 2490 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2491 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2492 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2493 return WLAN_CRYPTO_KEY_MGMT_PSK; 2494 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2495 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2496 case RSN_AUTH_KEY_MGMT_FT_PSK: 2497 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2498 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2499 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2500 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2501 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2502 case RSN_AUTH_KEY_MGMT_SAE: 2503 return WLAN_CRYPTO_KEY_MGMT_SAE; 2504 case RSN_AUTH_KEY_MGMT_FT_SAE: 2505 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2506 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2507 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2508 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2509 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2510 case RSN_AUTH_KEY_MGMT_CCKM: 2511 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2512 case RSN_AUTH_KEY_MGMT_OSEN: 2513 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2514 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2515 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2516 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2517 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2518 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2519 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2520 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2521 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2522 case RSN_AUTH_KEY_MGMT_OWE: 2523 return WLAN_CRYPTO_KEY_MGMT_OWE; 2524 case RSN_AUTH_KEY_MGMT_DPP: 2525 return WLAN_CRYPTO_KEY_MGMT_DPP; 2526 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2527 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2528 } 2529 2530 return status; 2531 } 2532 2533 /** 2534 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2535 * @crypto params: crypto params 2536 * @iebuf: ie buffer 2537 * 2538 * This function gets called by mlme to check the contents of wpa is 2539 * matching with given crypto params 2540 * 2541 * Return: QDF_STATUS_SUCCESS - in case of success 2542 */ 2543 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2544 uint8_t *frm){ 2545 uint8_t len = frm[1]; 2546 int32_t w; 2547 int n; 2548 2549 /* 2550 * Check the length once for fixed parts: OUI, type, 2551 * version, mcast cipher, and 2 selector counts. 2552 * Other, variable-length data, must be checked separately. 2553 */ 2554 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2555 2556 if (len < 14) 2557 return QDF_STATUS_E_INVAL; 2558 2559 frm += 6, len -= 4; 2560 2561 w = LE_READ_2(frm); 2562 if (w != WPA_VERSION) 2563 return QDF_STATUS_E_INVAL; 2564 2565 frm += 2, len -= 2; 2566 2567 /* multicast/group cipher */ 2568 w = wlan_crypto_wpa_suite_to_cipher(frm); 2569 if (w < 0) 2570 return QDF_STATUS_E_INVAL; 2571 SET_MCAST_CIPHER(crypto_params, w); 2572 frm += 4, len -= 4; 2573 2574 /* unicast ciphers */ 2575 n = LE_READ_2(frm); 2576 frm += 2, len -= 2; 2577 if (len < n*4+2) 2578 return QDF_STATUS_E_INVAL; 2579 2580 for (; n > 0; n--) { 2581 w = wlan_crypto_wpa_suite_to_cipher(frm); 2582 if (w < 0) 2583 return QDF_STATUS_E_INVAL; 2584 SET_UCAST_CIPHER(crypto_params, w); 2585 frm += 4, len -= 4; 2586 } 2587 2588 if (!crypto_params->ucastcipherset) 2589 return QDF_STATUS_E_INVAL; 2590 2591 /* key management algorithms */ 2592 n = LE_READ_2(frm); 2593 frm += 2, len -= 2; 2594 if (len < n*4) 2595 return QDF_STATUS_E_INVAL; 2596 2597 w = 0; 2598 for (; n > 0; n--) { 2599 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2600 if (w < 0) 2601 return QDF_STATUS_E_INVAL; 2602 SET_KEY_MGMT(crypto_params, w); 2603 frm += 4, len -= 4; 2604 } 2605 2606 /* optional capabilities */ 2607 if (len >= 2) { 2608 crypto_params->rsn_caps = LE_READ_2(frm); 2609 frm += 2, len -= 2; 2610 } 2611 2612 return QDF_STATUS_SUCCESS; 2613 } 2614 2615 /** 2616 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2617 * @crypto params: crypto params 2618 * @iebuf: ie buffer 2619 * 2620 * This function gets called by mlme to check the contents of wpa is 2621 * matching with given crypto params 2622 * 2623 * Return: QDF_STATUS_SUCCESS - in case of success 2624 */ 2625 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2626 uint8_t *frm){ 2627 uint8_t len = frm[1]; 2628 int32_t w; 2629 int n; 2630 2631 /* Check the length once for fixed parts: OUI, type & version */ 2632 if (len < 2) 2633 return QDF_STATUS_E_INVAL; 2634 2635 /* initialize crypto params */ 2636 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2637 2638 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2639 2640 frm += 2; 2641 /* NB: iswapoui already validated the OUI and type */ 2642 w = LE_READ_2(frm); 2643 if (w != RSN_VERSION) 2644 return QDF_STATUS_E_INVAL; 2645 2646 frm += 2, len -= 2; 2647 2648 if (!len) { 2649 /* set defaults */ 2650 /* default group cipher CCMP-128 */ 2651 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2652 /* default ucast cipher CCMP-128 */ 2653 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2654 /* default key mgmt 8021x */ 2655 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2656 return QDF_STATUS_SUCCESS; 2657 } else if (len < 4) { 2658 return QDF_STATUS_E_INVAL; 2659 } 2660 2661 /* multicast/group cipher */ 2662 w = wlan_crypto_rsn_suite_to_cipher(frm); 2663 if (w < 0) 2664 return QDF_STATUS_E_INVAL; 2665 else { 2666 SET_MCAST_CIPHER(crypto_params, w); 2667 frm += 4, len -= 4; 2668 } 2669 2670 if (crypto_params->mcastcipherset == 0) 2671 return QDF_STATUS_E_INVAL; 2672 2673 if (!len) { 2674 /* default ucast cipher CCMP-128 */ 2675 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2676 /* default key mgmt 8021x */ 2677 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2678 return QDF_STATUS_SUCCESS; 2679 } else if (len < 2) { 2680 return QDF_STATUS_E_INVAL; 2681 } 2682 2683 /* unicast ciphers */ 2684 n = LE_READ_2(frm); 2685 frm += 2, len -= 2; 2686 if (n) { 2687 if (len < n * 4) 2688 return QDF_STATUS_E_INVAL; 2689 2690 for (; n > 0; n--) { 2691 w = wlan_crypto_rsn_suite_to_cipher(frm); 2692 if (w < 0) 2693 return QDF_STATUS_E_INVAL; 2694 SET_UCAST_CIPHER(crypto_params, w); 2695 frm += 4, len -= 4; 2696 } 2697 } else { 2698 /* default ucast cipher CCMP-128 */ 2699 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2700 } 2701 2702 if (crypto_params->ucastcipherset == 0) 2703 return QDF_STATUS_E_INVAL; 2704 2705 if (!len) { 2706 /* default key mgmt 8021x */ 2707 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2708 return QDF_STATUS_SUCCESS; 2709 } else if (len < 2) { 2710 return QDF_STATUS_E_INVAL; 2711 } 2712 2713 /* key management algorithms */ 2714 n = LE_READ_2(frm); 2715 frm += 2, len -= 2; 2716 2717 if (n) { 2718 if (len < n * 4) 2719 return QDF_STATUS_E_INVAL; 2720 2721 for (; n > 0; n--) { 2722 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2723 if (w < 0) 2724 return QDF_STATUS_E_INVAL; 2725 SET_KEY_MGMT(crypto_params, w); 2726 frm += 4, len -= 4; 2727 } 2728 } else { 2729 /* default key mgmt 8021x */ 2730 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2731 } 2732 2733 if (crypto_params->key_mgmt == 0) 2734 return QDF_STATUS_E_INVAL; 2735 2736 /* optional capabilities */ 2737 if (len >= 2) { 2738 crypto_params->rsn_caps = LE_READ_2(frm); 2739 frm += 2, len -= 2; 2740 } else if (len && len < 2) { 2741 return QDF_STATUS_E_INVAL; 2742 } 2743 2744 2745 /* PMKID */ 2746 if (len >= 2) { 2747 n = LE_READ_2(frm); 2748 frm += 2, len -= 2; 2749 if (n && len) { 2750 if (len >= n * PMKID_LEN) 2751 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2752 else 2753 return QDF_STATUS_E_INVAL; 2754 } else if (n && !len) { 2755 return QDF_STATUS_E_INVAL; 2756 } 2757 /*TODO: Save pmkid in params for further reference */ 2758 } 2759 2760 /* BIP */ 2761 if (!len && 2762 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2763 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2764 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2765 return QDF_STATUS_SUCCESS; 2766 } else if (len >= 4) { 2767 w = wlan_crypto_rsn_suite_to_cipher(frm); 2768 frm += 4, len -= 4; 2769 SET_MGMT_CIPHER(crypto_params, w); 2770 } 2771 2772 return QDF_STATUS_SUCCESS; 2773 } 2774 2775 /** 2776 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2777 * @vdev: vdev 2778 * @iebuf: ie buffer 2779 * 2780 * This function gets called by mlme to build wpaie from given vdev 2781 * 2782 * Return: end of buffer 2783 */ 2784 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2785 uint8_t *iebuf){ 2786 uint8_t *frm = iebuf; 2787 uint8_t *selcnt; 2788 struct wlan_crypto_comp_priv *crypto_priv; 2789 struct wlan_crypto_params *crypto_params; 2790 2791 if (!frm) 2792 return NULL; 2793 2794 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2795 2796 if (!crypto_params) 2797 return NULL; 2798 2799 *frm++ = WLAN_ELEMID_VENDOR; 2800 *frm++ = 0; 2801 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2802 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2803 2804 2805 /* multicast cipher */ 2806 if (MCIPHER_IS_TKIP(crypto_params)) 2807 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2808 else if (MCIPHER_IS_CCMP128(crypto_params)) 2809 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2810 2811 /* unicast cipher list */ 2812 selcnt = frm; 2813 WLAN_CRYPTO_ADDSHORT(frm, 0); 2814 /* do not use CCMP unicast cipher in WPA mode */ 2815 if (UCIPHER_IS_CCMP128(crypto_params)) { 2816 selcnt[0]++; 2817 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2818 } 2819 if (UCIPHER_IS_TKIP(crypto_params)) { 2820 selcnt[0]++; 2821 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2822 } 2823 2824 /* authenticator selector list */ 2825 selcnt = frm; 2826 WLAN_CRYPTO_ADDSHORT(frm, 0); 2827 2828 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2829 selcnt[0]++; 2830 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2831 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2832 selcnt[0]++; 2833 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2834 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2835 selcnt[0]++; 2836 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2837 } else { 2838 selcnt[0]++; 2839 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2840 } 2841 2842 /* optional capabilities */ 2843 if (crypto_params->rsn_caps != 0 && 2844 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2845 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2846 } 2847 2848 /* calculate element length */ 2849 iebuf[1] = frm - iebuf - 2; 2850 2851 return frm; 2852 } 2853 2854 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 2855 uint8_t *iebuf, 2856 struct wlan_crypto_pmksa *pmksa) 2857 { 2858 uint8_t *frm = iebuf; 2859 uint8_t *selcnt; 2860 struct wlan_crypto_comp_priv *crypto_priv; 2861 struct wlan_crypto_params *crypto_params; 2862 2863 if (!frm) { 2864 return NULL; 2865 } 2866 2867 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2868 2869 if (!crypto_params) { 2870 return NULL; 2871 } 2872 2873 *frm++ = WLAN_ELEMID_RSN; 2874 *frm++ = 0; 2875 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2876 2877 2878 /* multicast cipher */ 2879 if (MCIPHER_IS_TKIP(crypto_params)) 2880 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2881 else if (MCIPHER_IS_CCMP128(crypto_params)) 2882 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2883 else if (MCIPHER_IS_CCMP256(crypto_params)) 2884 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2885 else if (MCIPHER_IS_GCMP128(crypto_params)) 2886 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2887 else if (MCIPHER_IS_GCMP256(crypto_params)) 2888 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2889 2890 /* unicast cipher list */ 2891 selcnt = frm; 2892 WLAN_CRYPTO_ADDSHORT(frm, 0); 2893 2894 if (UCIPHER_IS_CCMP256(crypto_params)) { 2895 selcnt[0]++; 2896 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2897 } 2898 if (UCIPHER_IS_GCMP256(crypto_params)) { 2899 selcnt[0]++; 2900 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2901 } 2902 if (UCIPHER_IS_CCMP128(crypto_params)) { 2903 selcnt[0]++; 2904 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2905 } 2906 if (UCIPHER_IS_GCMP128(crypto_params)) { 2907 selcnt[0]++; 2908 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2909 } 2910 if (UCIPHER_IS_TKIP(crypto_params)) { 2911 selcnt[0]++; 2912 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2913 } 2914 2915 /* authenticator selector list */ 2916 selcnt = frm; 2917 WLAN_CRYPTO_ADDSHORT(frm, 0); 2918 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2919 selcnt[0]++; 2920 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2921 /* Other key mgmt should not be added after CCKM */ 2922 goto add_rsn_caps; 2923 } 2924 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2925 selcnt[0]++; 2926 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2927 } 2928 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2929 selcnt[0]++; 2930 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2931 } 2932 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2933 selcnt[0]++; 2934 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2935 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2936 } 2937 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2938 selcnt[0]++; 2939 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2940 } 2941 if (HAS_KEY_MGMT(crypto_params, 2942 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2943 selcnt[0]++; 2944 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2945 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2946 } 2947 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2948 selcnt[0]++; 2949 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2950 } 2951 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2952 selcnt[0]++; 2953 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2954 } 2955 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2956 selcnt[0]++; 2957 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2958 } 2959 if (HAS_KEY_MGMT(crypto_params, 2960 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2961 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2962 2963 selcnt[0]++; 2964 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2965 } 2966 if (HAS_KEY_MGMT(crypto_params, 2967 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2968 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2969 2970 selcnt[0]++; 2971 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2972 } 2973 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2974 selcnt[0]++; 2975 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2976 } 2977 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2978 selcnt[0]++; 2979 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2980 } 2981 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2982 selcnt[0]++; 2983 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2984 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2985 } 2986 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2987 selcnt[0]++; 2988 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2989 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2990 } 2991 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2992 selcnt[0]++; 2993 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2994 } 2995 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 2996 selcnt[0]++; 2997 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 2998 } 2999 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 3000 selcnt[0]++; 3001 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 3002 } 3003 add_rsn_caps: 3004 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3005 /* optional capabilities */ 3006 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 3007 /* PMK list */ 3008 if (pmksa) { 3009 WLAN_CRYPTO_ADDSHORT(frm, 1); 3010 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3011 frm += PMKID_LEN; 3012 } else { 3013 WLAN_CRYPTO_ADDSHORT(frm, 0); 3014 } 3015 3016 if (HAS_MGMT_CIPHER(crypto_params, 3017 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 3018 RSN_ADD_CIPHER_TO_SUITE(frm, 3019 WLAN_CRYPTO_CIPHER_AES_CMAC); 3020 } 3021 if (HAS_MGMT_CIPHER(crypto_params, 3022 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 3023 RSN_ADD_CIPHER_TO_SUITE(frm, 3024 WLAN_CRYPTO_CIPHER_AES_GMAC); 3025 } 3026 if (HAS_MGMT_CIPHER(crypto_params, 3027 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 3028 RSN_ADD_CIPHER_TO_SUITE(frm, 3029 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3030 ); 3031 } 3032 3033 if (HAS_MGMT_CIPHER(crypto_params, 3034 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3035 RSN_ADD_CIPHER_TO_SUITE(frm, 3036 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3037 ); 3038 } 3039 } else { 3040 /* PMK list */ 3041 if (pmksa) { 3042 WLAN_CRYPTO_ADDSHORT(frm, 1); 3043 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3044 frm += PMKID_LEN; 3045 } else { 3046 WLAN_CRYPTO_ADDSHORT(frm, 0); 3047 } 3048 } 3049 3050 /* calculate element length */ 3051 iebuf[1] = frm - iebuf - 2; 3052 3053 return frm; 3054 } 3055 3056 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3057 uint8_t *iebuf, 3058 struct qdf_mac_addr *bssid) 3059 { 3060 struct wlan_crypto_pmksa *pmksa = NULL; 3061 3062 if (bssid) 3063 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3064 3065 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3066 } 3067 3068 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3069 struct wlan_crypto_params *crypto_params){ 3070 struct wlan_crypto_params *my_crypto_params; 3071 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3072 3073 if (!my_crypto_params) { 3074 crypto_debug("vdev crypto params is NULL"); 3075 return false; 3076 } 3077 /* 3078 * Check peer's pairwise ciphers. 3079 * At least one must match with our unicast cipher 3080 */ 3081 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3082 crypto_debug("Unicast cipher match failed"); 3083 return false; 3084 } 3085 /* 3086 * Check peer's group cipher is our enabled multicast cipher. 3087 */ 3088 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3089 crypto_debug("Multicast cipher match failed"); 3090 return false; 3091 } 3092 /* 3093 * Check peer's key management class set (PSK or UNSPEC) 3094 */ 3095 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3096 crypto_debug("Key mgmt match failed"); 3097 return false; 3098 } 3099 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3100 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3101 crypto_debug("Peer is not PMF capable"); 3102 return false; 3103 } 3104 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3105 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3106 crypto_debug("Peer needs PMF, but vdev is not capable"); 3107 return false; 3108 } 3109 3110 return true; 3111 } 3112 3113 /* 3114 * Convert an WAPI CIPHER suite to to an internal code. 3115 */ 3116 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 3117 { 3118 uint32_t w = LE_READ_4(sel); 3119 int32_t status = -1; 3120 3121 switch (w) { 3122 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3123 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3124 } 3125 3126 return status; 3127 } 3128 3129 /* 3130 * Convert an WAPI key management/authentication algorithm 3131 * to an internal code. 3132 */ 3133 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 3134 { 3135 uint32_t w = LE_READ_4(sel); 3136 int32_t status = -1; 3137 3138 switch (w) { 3139 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3140 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3141 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3142 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3143 } 3144 3145 return status; 3146 } 3147 /** 3148 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 3149 * @crypto params: crypto params 3150 * @iebuf: ie buffer 3151 * 3152 * This function gets called by mlme to check the contents of wapi is 3153 * matching with given crypto params 3154 * 3155 * Return: QDF_STATUS_SUCCESS - in case of success 3156 */ 3157 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3158 uint8_t *frm) 3159 { 3160 uint8_t len = frm[1]; 3161 int32_t w; 3162 int n; 3163 3164 /* 3165 * Check the length once for fixed parts: OUI, type, 3166 * version, mcast cipher, and 2 selector counts. 3167 * Other, variable-length data, must be checked separately. 3168 */ 3169 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3170 3171 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3172 return QDF_STATUS_E_INVAL; 3173 3174 3175 frm += 2; 3176 3177 w = LE_READ_2(frm); 3178 frm += 2, len -= 2; 3179 if (w != WAPI_VERSION) 3180 return QDF_STATUS_E_INVAL; 3181 3182 n = LE_READ_2(frm); 3183 frm += 2, len -= 2; 3184 if (len < n*4+2) 3185 return QDF_STATUS_E_INVAL; 3186 3187 for (; n > 0; n--) { 3188 w = wlan_crypto_wapi_keymgmt(frm); 3189 if (w < 0) 3190 return QDF_STATUS_E_INVAL; 3191 3192 SET_KEY_MGMT(crypto_params, w); 3193 frm += 4, len -= 4; 3194 } 3195 3196 /* unicast ciphers */ 3197 n = LE_READ_2(frm); 3198 frm += 2, len -= 2; 3199 if (len < n*4+2) 3200 return QDF_STATUS_E_INVAL; 3201 3202 for (; n > 0; n--) { 3203 w = wlan_crypto_wapi_suite_to_cipher(frm); 3204 if (w < 0) 3205 return QDF_STATUS_E_INVAL; 3206 SET_UCAST_CIPHER(crypto_params, w); 3207 frm += 4, len -= 4; 3208 } 3209 3210 if (!crypto_params->ucastcipherset) 3211 return QDF_STATUS_E_INVAL; 3212 3213 /* multicast/group cipher */ 3214 w = wlan_crypto_wapi_suite_to_cipher(frm); 3215 3216 if (w < 0) 3217 return QDF_STATUS_E_INVAL; 3218 3219 SET_MCAST_CIPHER(crypto_params, w); 3220 frm += 4, len -= 4; 3221 3222 return QDF_STATUS_SUCCESS; 3223 } 3224 3225 /** 3226 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3227 * @vdev: vdev 3228 * @iebuf: ie buffer 3229 * 3230 * This function gets called by mlme to build wapi ie from given vdev 3231 * 3232 * Return: end of buffer 3233 */ 3234 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3235 uint8_t *iebuf) 3236 { 3237 uint8_t *frm; 3238 uint8_t *selcnt; 3239 struct wlan_crypto_comp_priv *crypto_priv; 3240 struct wlan_crypto_params *crypto_params; 3241 3242 frm = iebuf; 3243 if (!frm) { 3244 crypto_err("ie buffer NULL"); 3245 return NULL; 3246 } 3247 3248 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3249 3250 if (!crypto_params) { 3251 crypto_err("crypto_params NULL"); 3252 return NULL; 3253 } 3254 3255 *frm++ = WLAN_ELEMID_WAPI; 3256 *frm++ = 0; 3257 3258 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3259 3260 /* authenticator selector list */ 3261 selcnt = frm; 3262 WLAN_CRYPTO_ADDSHORT(frm, 0); 3263 3264 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3265 selcnt[0]++; 3266 WLAN_CRYPTO_ADDSELECTOR(frm, 3267 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3268 } 3269 3270 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3271 selcnt[0]++; 3272 WLAN_CRYPTO_ADDSELECTOR(frm, 3273 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3274 } 3275 3276 /* unicast cipher list */ 3277 selcnt = frm; 3278 WLAN_CRYPTO_ADDSHORT(frm, 0); 3279 3280 if (UCIPHER_IS_SMS4(crypto_params)) { 3281 selcnt[0]++; 3282 WLAN_CRYPTO_ADDSELECTOR(frm, 3283 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3284 } 3285 3286 WLAN_CRYPTO_ADDSELECTOR(frm, 3287 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3288 3289 /* optional capabilities */ 3290 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3291 3292 /* bkid count */ 3293 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3294 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3295 WLAN_CRYPTO_ADDSHORT(frm, 0); 3296 3297 /* calculate element length */ 3298 iebuf[1] = frm - iebuf - 2; 3299 3300 return frm; 3301 3302 } 3303 3304 /** 3305 * wlan_crypto_pn_check - called by data patch for PN check 3306 * @vdev: vdev 3307 * @wbuf: wbuf 3308 * 3309 * This function gets called by data patch for PN check 3310 * 3311 * Return: QDF_STATUS 3312 */ 3313 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3314 qdf_nbuf_t wbuf){ 3315 /* Need to check is there real requirement for this function 3316 * as PN check is already handled in decap function. 3317 */ 3318 return QDF_STATUS_SUCCESS; 3319 } 3320 3321 /** 3322 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3323 * @vdev:vdev 3324 * 3325 * This function gets called by mlme to get crypto params 3326 * 3327 * Return: wlan_crypto_params or NULL in case of failure 3328 */ 3329 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3330 struct wlan_objmgr_vdev *vdev){ 3331 struct wlan_crypto_comp_priv *crypto_priv; 3332 3333 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3334 } 3335 3336 /** 3337 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3338 * @peer:peer 3339 * 3340 * This function gets called by mlme to get crypto params 3341 * 3342 * Return: wlan_crypto_params or NULL in case of failure 3343 */ 3344 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3345 struct wlan_objmgr_peer *peer){ 3346 struct wlan_crypto_comp_priv *crypto_priv; 3347 3348 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3349 } 3350 3351 3352 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3353 struct wlan_objmgr_peer *peer) 3354 { 3355 struct wlan_crypto_comp_priv *crypto_priv; 3356 struct wlan_crypto_comp_priv *sta_crypto_priv; 3357 struct wlan_crypto_params *crypto_params; 3358 struct wlan_crypto_key *key; 3359 struct wlan_crypto_key *sta_key; 3360 struct wlan_crypto_cipher *cipher_table; 3361 struct wlan_objmgr_psoc *psoc; 3362 struct wlan_lmac_if_tx_ops *tx_ops; 3363 uint8_t *mac_addr; 3364 int i; 3365 enum QDF_OPMODE opmode; 3366 QDF_STATUS status = QDF_STATUS_SUCCESS; 3367 3368 if (!vdev) 3369 return QDF_STATUS_E_NULL_VALUE; 3370 3371 if (!peer) { 3372 crypto_debug("peer NULL"); 3373 return QDF_STATUS_E_INVAL; 3374 } 3375 3376 opmode = wlan_vdev_mlme_get_opmode(vdev); 3377 psoc = wlan_vdev_get_psoc(vdev); 3378 3379 if (!psoc) { 3380 crypto_err("psoc NULL"); 3381 return QDF_STATUS_E_NULL_VALUE; 3382 } 3383 3384 wlan_peer_obj_lock(peer); 3385 mac_addr = wlan_peer_get_macaddr(peer); 3386 wlan_peer_obj_unlock(peer); 3387 3388 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3389 &crypto_priv); 3390 if (!crypto_priv) { 3391 crypto_err("crypto_priv NULL"); 3392 return QDF_STATUS_E_NULL_VALUE; 3393 } 3394 3395 /* push only valid static WEP keys from vap */ 3396 if (AUTH_IS_8021X(crypto_params)) 3397 return QDF_STATUS_E_INVAL; 3398 3399 if (opmode == QDF_STA_MODE) { 3400 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3401 if (!peer) { 3402 crypto_debug("peer NULL"); 3403 return QDF_STATUS_E_INVAL; 3404 } 3405 } 3406 3407 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3408 if (!sta_crypto_priv) { 3409 crypto_err("sta priv is null"); 3410 status = QDF_STATUS_E_INVAL; 3411 goto exit; 3412 } 3413 3414 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3415 if (crypto_priv->key[i]) { 3416 key = crypto_priv->key[i]; 3417 if (!key || !key->valid) 3418 continue; 3419 3420 cipher_table = (struct wlan_crypto_cipher *) 3421 key->cipher_table; 3422 3423 if (!cipher_table) 3424 continue; 3425 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3426 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3427 if (!tx_ops) { 3428 crypto_err("tx_ops is NULL"); 3429 return QDF_STATUS_E_INVAL; 3430 } 3431 3432 sta_key = qdf_mem_malloc( 3433 sizeof(struct wlan_crypto_key)); 3434 if (!sta_key) { 3435 status = QDF_STATUS_E_NOMEM; 3436 goto exit; 3437 } 3438 3439 sta_crypto_priv->key[i] = sta_key; 3440 qdf_mem_copy(sta_key, key, 3441 sizeof(struct wlan_crypto_key)); 3442 3443 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3444 3445 if (crypto_priv->def_tx_keyid == i) { 3446 sta_key->flags 3447 |= WLAN_CRYPTO_KEY_DEFAULT; 3448 sta_crypto_priv->def_tx_keyid = 3449 crypto_priv->def_tx_keyid; 3450 } 3451 /* setting the broadcast/multicast key for sta*/ 3452 if (opmode == QDF_STA_MODE || 3453 opmode == QDF_IBSS_MODE){ 3454 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3455 WLAN_CRYPTO_TX_OPS_SETKEY( 3456 tx_ops)(vdev, sta_key, 3457 mac_addr, 3458 cipher_table->cipher); 3459 } 3460 } 3461 3462 /* setting unicast key */ 3463 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3464 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3465 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3466 vdev, sta_key, 3467 mac_addr, 3468 cipher_table->cipher); 3469 } 3470 } 3471 } 3472 } 3473 3474 exit: 3475 if (opmode == QDF_STA_MODE) 3476 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3477 3478 return status; 3479 } 3480 3481 /** 3482 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3483 * @crypto_rx_ops: crypto_rx_ops 3484 * 3485 * This function gets called by object manger to register crypto rx ops. 3486 * 3487 * Return: QDF_STATUS 3488 */ 3489 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3490 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3491 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3492 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3493 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3494 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3495 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3496 3497 return QDF_STATUS_SUCCESS; 3498 } 3499 3500 /** 3501 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3502 * @psoc: psoc 3503 * 3504 * This function gets called by umac to get the crypto_rx_ops 3505 * 3506 * Return: crypto_rx_ops 3507 */ 3508 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3509 struct wlan_objmgr_psoc *psoc) 3510 { 3511 struct wlan_lmac_if_rx_ops *rx_ops; 3512 3513 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3514 3515 if (!rx_ops) { 3516 crypto_err("rx_ops is NULL"); 3517 return NULL; 3518 } 3519 3520 return &rx_ops->crypto_rx_ops; 3521 } 3522 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3523 3524 /** 3525 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3526 * @vdev: vdev 3527 * @authvalue: authvalue to be checked 3528 * 3529 * This function check is authvalue passed is set in vdev or not 3530 * 3531 * Return: true or false 3532 */ 3533 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3534 wlan_crypto_auth_mode authvalue) 3535 { 3536 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 3537 & authvalue; 3538 } 3539 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3540 3541 /** 3542 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3543 * @peer: peer 3544 * @authvalue: authvalue to be checked 3545 * 3546 * This function check is authvalue passed is set in peer or not 3547 * 3548 * Return: true or false 3549 */ 3550 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3551 wlan_crypto_auth_mode authvalue) 3552 { 3553 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3554 & authvalue; 3555 } 3556 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3557 3558 /** 3559 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3560 * @vdev: vdev 3561 * @ucastcipher: ucastcipher to be checked 3562 * 3563 * This function check is ucastcipher passed is set in vdev or not 3564 * 3565 * Return: true or false 3566 */ 3567 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3568 wlan_crypto_cipher_type ucastcipher) 3569 { 3570 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3571 & ucastcipher; 3572 } 3573 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3574 3575 /** 3576 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3577 * @peer: peer 3578 * @ucastcipher: ucastcipher to be checked 3579 * 3580 * This function check is ucastcipher passed is set in peer or not 3581 * 3582 * Return: true or false 3583 */ 3584 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3585 wlan_crypto_cipher_type ucastcipher) 3586 { 3587 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3588 & ucastcipher; 3589 } 3590 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3591 3592 /** 3593 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3594 * @vdev: vdev 3595 * @mcastcipher: mcastcipher to be checked 3596 * 3597 * This function check is mcastcipher passed is set in vdev or not 3598 * 3599 * Return: true or false 3600 */ 3601 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3602 wlan_crypto_cipher_type mcastcipher) 3603 { 3604 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3605 & mcastcipher; 3606 } 3607 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3608 3609 /** 3610 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3611 * @peer: peer 3612 * @mcastcipher: mcastcipher to be checked 3613 * 3614 * This function check is mcastcipher passed is set in peer or not 3615 * 3616 * Return: true or false 3617 */ 3618 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3619 wlan_crypto_cipher_type mcastcipher) 3620 { 3621 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3622 & mcastcipher; 3623 } 3624 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3625 3626 /** 3627 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3628 * @vdev: vdev 3629 * @mgmtcipher: mgmtcipher to be checked 3630 * 3631 * This function checks any one of mgmtciphers are supported by vdev or not. 3632 * 3633 * Return: true or false 3634 */ 3635 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3636 uint32_t mgmtcipher) 3637 { 3638 return (wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3639 & mgmtcipher) != 0; 3640 } 3641 3642 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3643 3644 /** 3645 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3646 * @peer: peer 3647 * @mgmtcipher: mgmtcipher to be checked 3648 * 3649 * This function checks any one of mgmtciphers are supported by peer or not 3650 * 3651 * Return: true or false 3652 */ 3653 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3654 uint32_t mgmtcipher) 3655 { 3656 return (wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3657 & mgmtcipher) != 0; 3658 } 3659 3660 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3661 3662 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3663 { 3664 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3665 3666 if (!peer) { 3667 crypto_err("Invalid Input"); 3668 return 0; 3669 } 3670 3671 crypto_priv = wlan_get_peer_crypto_obj(peer); 3672 if (!crypto_priv) { 3673 crypto_err("crypto_priv NULL"); 3674 return 0; 3675 } 3676 3677 return crypto_priv->fils_aead_set; 3678 } 3679 3680 void 3681 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3682 { 3683 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3684 3685 if (!peer) { 3686 crypto_err("Invalid Input"); 3687 return; 3688 } 3689 3690 crypto_priv = wlan_get_peer_crypto_obj(peer); 3691 if (!crypto_priv) { 3692 crypto_err("crypto_priv NULL"); 3693 return; 3694 } 3695 3696 crypto_priv->fils_aead_set = value; 3697 } 3698 3699 /** 3700 * wlan_crypto_get_key_header - get header length 3701 * @key: key 3702 * 3703 * This function gets header length based on keytype 3704 * 3705 * Return: header length 3706 */ 3707 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3708 { 3709 struct wlan_crypto_cipher *cipher_table; 3710 3711 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3712 if (cipher_table) 3713 return cipher_table->header; 3714 else 3715 return 0; 3716 } 3717 3718 qdf_export_symbol(wlan_crypto_get_key_header); 3719 3720 /** 3721 * wlan_crypto_get_key_trailer - get cipher trailer length 3722 * @key: key 3723 * 3724 * This function gets cipher trailer length based on keytype 3725 * 3726 * Return: cipher trailer length 3727 */ 3728 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3729 { 3730 struct wlan_crypto_cipher *cipher_table; 3731 3732 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3733 if (cipher_table) 3734 return cipher_table->trailer; 3735 else 3736 return 0; 3737 } 3738 3739 qdf_export_symbol(wlan_crypto_get_key_trailer); 3740 3741 /** 3742 * wlan_crypto_get_key_miclen - get cipher miclen length 3743 * @key: key 3744 * 3745 * This function gets cipher miclen length based on keytype 3746 * 3747 * Return: cipher miclen length 3748 */ 3749 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3750 { 3751 struct wlan_crypto_cipher *cipher_table; 3752 3753 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3754 if (cipher_table) 3755 return cipher_table->miclen; 3756 else 3757 return 0; 3758 } 3759 3760 qdf_export_symbol(wlan_crypto_get_key_miclen); 3761 3762 /** 3763 * wlan_crypto_get_keyid - get keyid from frame 3764 * @data: frame 3765 * 3766 * This function parse frame and returns keyid 3767 * 3768 * Return: keyid 3769 */ 3770 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3771 { 3772 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3773 uint8_t *iv; 3774 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3775 3776 /* 3777 * In FILS SK (Re)Association request/response frame has 3778 * to be decrypted 3779 */ 3780 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3781 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3782 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3783 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3784 return 0; 3785 } 3786 3787 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3788 iv = data + hdrlen; 3789 /* 3790 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3791 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3792 */ 3793 return ((iv[3] >> 6) & 0x3); 3794 } else { 3795 return WLAN_CRYPTO_KEYIX_NONE; 3796 } 3797 } 3798 3799 qdf_export_symbol(wlan_crypto_get_keyid); 3800 3801 /** 3802 * crypto_plumb_peer_keys - called during radio reset 3803 * @vdev: vdev 3804 * @object: peer 3805 * @arg: psoc 3806 * 3807 * Restore unicast and persta hardware keys 3808 * 3809 * Return: void 3810 */ 3811 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3812 void *object, void *arg) { 3813 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3814 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3815 struct wlan_crypto_comp_priv *crypto_priv; 3816 struct wlan_crypto_params *crypto_params; 3817 struct wlan_crypto_key *key = NULL; 3818 struct wlan_lmac_if_tx_ops *tx_ops; 3819 int i; 3820 3821 if ((!peer) || (!vdev) || (!psoc)) { 3822 crypto_err("Peer or vdev or psoc objects are null!"); 3823 return; 3824 } 3825 3826 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3827 &crypto_priv); 3828 3829 if (!crypto_priv) { 3830 crypto_err("crypto_priv NULL"); 3831 return; 3832 } 3833 3834 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3835 key = crypto_priv->key[i]; 3836 if (key && key->valid) { 3837 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3838 3839 if (!tx_ops) { 3840 crypto_err("tx_ops is NULL"); 3841 return; 3842 } 3843 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3844 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3845 ( 3846 vdev, 3847 key, 3848 wlan_peer_get_macaddr(peer), 3849 wlan_crypto_get_key_type(key) 3850 ); 3851 } 3852 } 3853 } 3854 } 3855 3856 /** 3857 * wlan_crypto_restore_keys - called during radio reset 3858 * @vdev: vdev 3859 * 3860 * Clear and restore keycache, needed for some DA chipsets which put 3861 * random values in keycache when phy reset is triggered 3862 * 3863 * Return: void 3864 */ 3865 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3866 { 3867 int i; 3868 struct wlan_crypto_comp_priv *crypto_priv; 3869 struct wlan_crypto_params *crypto_params; 3870 struct wlan_crypto_key *key; 3871 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3872 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3873 struct wlan_objmgr_pdev *pdev = NULL; 3874 struct wlan_objmgr_psoc *psoc = NULL; 3875 struct wlan_lmac_if_tx_ops *tx_ops; 3876 3877 pdev = wlan_vdev_get_pdev(vdev); 3878 psoc = wlan_vdev_get_psoc(vdev); 3879 if (!pdev) { 3880 crypto_err("pdev is NULL"); 3881 return; 3882 } 3883 if (!psoc) { 3884 crypto_err("psoc is NULL"); 3885 return; 3886 } 3887 3888 /* TBD: QWRAP key restore*/ 3889 /* crypto is on */ 3890 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3891 /* restore static shared keys */ 3892 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3893 crypto_params = wlan_crypto_vdev_get_comp_params 3894 ( 3895 vdev, 3896 &crypto_priv 3897 ); 3898 if (!crypto_priv) { 3899 crypto_err("crypto_priv is NULL"); 3900 return; 3901 } 3902 key = crypto_priv->key[i]; 3903 if (key && key->valid) { 3904 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3905 if (!tx_ops) { 3906 crypto_err("tx_ops is NULL"); 3907 return; 3908 } 3909 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3910 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3911 ( 3912 vdev, 3913 key, 3914 macaddr, 3915 wlan_crypto_get_key_type(key) 3916 ); 3917 } 3918 } 3919 } 3920 3921 wlan_objmgr_iterate_peerobj_list(vdev, 3922 crypto_plumb_peer_keys, 3923 psoc, 3924 WLAN_CRYPTO_ID); 3925 } 3926 } 3927 3928 /** 3929 * wlan_crypto_check_open_none - called by ucfg to check for open security 3930 * @psoc: psoc pointer 3931 * @vdev_id: vdev id 3932 * 3933 * This function gets called from ucfg to check open security. 3934 * 3935 * Return: true or false 3936 */ 3937 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3938 { 3939 struct wlan_crypto_comp_priv *crypto_priv; 3940 struct wlan_crypto_params *crypto_params; 3941 struct wlan_objmgr_vdev *vdev; 3942 bool match = true; 3943 3944 if (!psoc) { 3945 crypto_err("PSOC is NULL"); 3946 return false; 3947 } 3948 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3949 WLAN_CRYPTO_ID); 3950 if (!vdev) { 3951 crypto_err("vdev is NULL"); 3952 return false; 3953 } 3954 3955 crypto_priv = (struct wlan_crypto_comp_priv *) 3956 wlan_get_vdev_crypto_obj(vdev); 3957 3958 if (!crypto_priv) { 3959 crypto_err("crypto_priv NULL"); 3960 match = false; 3961 goto send_res; 3962 } 3963 3964 crypto_params = &crypto_priv->crypto_params; 3965 3966 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 3967 match = false; 3968 goto send_res; 3969 } 3970 3971 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3972 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 3973 match = false; 3974 3975 send_res: 3976 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3977 3978 return match; 3979 } 3980 3981 /** 3982 * wlan_crypto_check_wep - called by ucfg to check for WEP security 3983 * @psoc: psoc pointer 3984 * @vdev_id: vdev id 3985 * 3986 * This function gets called from ucfg to check WEP security. 3987 * 3988 * Return: true or false 3989 */ 3990 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3991 { 3992 struct wlan_crypto_comp_priv *crypto_priv; 3993 struct wlan_crypto_params *crypto_params; 3994 struct wlan_objmgr_vdev *vdev; 3995 bool match = true; 3996 3997 if (!psoc) { 3998 crypto_err("PSOC is NULL"); 3999 return false; 4000 } 4001 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4002 WLAN_CRYPTO_ID); 4003 if (!vdev) { 4004 crypto_err("vdev is NULL"); 4005 return false; 4006 } 4007 4008 crypto_priv = (struct wlan_crypto_comp_priv *) 4009 wlan_get_vdev_crypto_obj(vdev); 4010 4011 if (!crypto_priv) { 4012 crypto_err("crypto_priv NULL"); 4013 match = false; 4014 goto send_res; 4015 } 4016 4017 crypto_params = &crypto_priv->crypto_params; 4018 4019 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 4020 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 4021 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 4022 match = false; 4023 goto send_res; 4024 } 4025 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 4026 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 4027 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 4028 match = false; 4029 goto send_res; 4030 } 4031 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 4032 match = false; 4033 goto send_res; 4034 } 4035 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 4036 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 4037 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 4038 match = false; 4039 } 4040 send_res: 4041 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4042 4043 return match; 4044 } 4045 4046 static QDF_STATUS 4047 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 4048 uint8_t *ie_ptr, uint16_t ie_len) 4049 { 4050 const uint8_t *rsn_ie = NULL; 4051 QDF_STATUS status; 4052 4053 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4054 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 4055 if (!rsn_ie) { 4056 crypto_debug("RSN IE not present"); 4057 return QDF_STATUS_E_INVAL; 4058 } 4059 4060 status = wlan_crypto_rsnie_check(crypto_params, (uint8_t *)rsn_ie); 4061 if (QDF_STATUS_SUCCESS != status) { 4062 crypto_err("RSN IE check failed"); 4063 return status; 4064 } 4065 4066 return QDF_STATUS_SUCCESS; 4067 } 4068 4069 static QDF_STATUS 4070 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 4071 uint8_t *ie_ptr, uint16_t ie_len) 4072 { 4073 const uint8_t *wpa_ie = NULL; 4074 uint32_t wpa_oui; 4075 QDF_STATUS status; 4076 4077 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4078 4079 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 4080 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 4081 WLAN_OUI_SIZE, ie_ptr, ie_len); 4082 if (!wpa_ie) { 4083 crypto_debug("WPA IE not present"); 4084 return QDF_STATUS_E_INVAL; 4085 } 4086 4087 status = wlan_crypto_wpaie_check(crypto_params, (uint8_t *)wpa_ie); 4088 if (QDF_STATUS_SUCCESS != status) { 4089 crypto_err("WPA IE check failed"); 4090 return status; 4091 } 4092 4093 return QDF_STATUS_SUCCESS; 4094 } 4095 /** 4096 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 4097 * @psoc: psoc pointer 4098 * @vdev_id: vdev id 4099 * @ie_ptr: pointer to IEs 4100 * @ie_len: IE length 4101 * @peer_crypto_params: return peer crypto parameters 4102 * 4103 * This function gets called from ucfg to check RSN match. 4104 * 4105 * Return: true or false 4106 */ 4107 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 4108 uint8_t vdev_id, uint8_t *ie_ptr, 4109 uint16_t ie_len, struct wlan_crypto_params * 4110 peer_crypto_params) 4111 { 4112 struct wlan_objmgr_vdev *vdev; 4113 bool match = true; 4114 QDF_STATUS status; 4115 4116 if (!psoc) { 4117 crypto_err("PSOC is NULL"); 4118 return false; 4119 } 4120 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 4121 ie_ptr, ie_len); 4122 if (QDF_STATUS_SUCCESS != status) { 4123 crypto_err("get crypto prarams from RSN IE failed"); 4124 return false; 4125 } 4126 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4127 WLAN_CRYPTO_ID); 4128 if (!vdev) { 4129 crypto_err("vdev is NULL"); 4130 return false; 4131 } 4132 4133 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4134 4135 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4136 4137 return match; 4138 } 4139 4140 /** 4141 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 4142 * @psoc: psoc pointer 4143 * @vdev_id: vdev id 4144 * @ie_ptr: pointer to IEs 4145 * @ie_len: IE length 4146 * @peer_crypto_params: return peer crypto parameters 4147 * 4148 * This function gets called from ucfg to check WPA match. 4149 * 4150 * Return: true or false 4151 */ 4152 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 4153 uint8_t vdev_id, uint8_t *ie_ptr, 4154 uint16_t ie_len, struct wlan_crypto_params * 4155 peer_crypto_params) 4156 { 4157 struct wlan_objmgr_vdev *vdev; 4158 bool match = true; 4159 QDF_STATUS status; 4160 4161 if (!psoc) { 4162 crypto_err("PSOC is NULL"); 4163 return false; 4164 } 4165 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4166 WLAN_CRYPTO_ID); 4167 if (!vdev) { 4168 crypto_err("vdev is NULL"); 4169 return false; 4170 } 4171 4172 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 4173 ie_ptr, ie_len); 4174 if (QDF_STATUS_SUCCESS != status) { 4175 crypto_err("get crypto prarams from WPA IE failed"); 4176 match = false; 4177 goto send_res; 4178 } 4179 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4180 4181 send_res: 4182 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4183 4184 return match; 4185 } 4186 4187 4188 static void 4189 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4190 struct wlan_crypto_params *src_params) 4191 { 4192 dst_params->authmodeset |= src_params->authmodeset; 4193 dst_params->ucastcipherset |= src_params->ucastcipherset; 4194 dst_params->mcastcipherset |= src_params->mcastcipherset; 4195 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4196 dst_params->cipher_caps |= src_params->cipher_caps; 4197 dst_params->key_mgmt |= src_params->key_mgmt; 4198 dst_params->rsn_caps |= src_params->rsn_caps; 4199 } 4200 4201 static void 4202 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4203 { 4204 params->authmodeset = 0; 4205 params->ucastcipherset = 0; 4206 params->mcastcipherset = 0; 4207 params->mgmtcipherset = 0; 4208 params->key_mgmt = 0; 4209 params->rsn_caps = 0; 4210 } 4211 4212 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4213 uint8_t *ie_ptr, 4214 uint16_t ie_len) 4215 { 4216 struct wlan_crypto_params crypto_params; 4217 QDF_STATUS status; 4218 struct wlan_crypto_params *vdev_crypto_params; 4219 struct wlan_crypto_comp_priv *crypto_priv; 4220 bool send_fail = false; 4221 4222 if (!vdev) { 4223 crypto_err("VDEV is NULL"); 4224 return QDF_STATUS_E_FAILURE; 4225 } 4226 4227 if (!ie_ptr) { 4228 crypto_err("IE ptr is NULL"); 4229 return QDF_STATUS_E_FAILURE; 4230 } 4231 4232 crypto_priv = (struct wlan_crypto_comp_priv *) 4233 wlan_get_vdev_crypto_obj(vdev); 4234 4235 if (!crypto_priv) { 4236 crypto_err("crypto_priv NULL"); 4237 return QDF_STATUS_E_FAILURE; 4238 } 4239 4240 vdev_crypto_params = &crypto_priv->crypto_params; 4241 4242 wlan_crypto_reset_prarams(vdev_crypto_params); 4243 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4244 ie_ptr, ie_len); 4245 if (QDF_IS_STATUS_SUCCESS(status)) 4246 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4247 else 4248 send_fail = true; 4249 4250 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4251 ie_ptr, ie_len); 4252 if (QDF_IS_STATUS_SUCCESS(status)) { 4253 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4254 send_fail = false; 4255 } 4256 4257 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4258 } 4259 4260 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4261 { 4262 struct wlan_crypto_comp_priv *crypto_priv; 4263 4264 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4265 if (!crypto_priv) { 4266 crypto_err("crypto_priv NULL"); 4267 return QDF_STATUS_E_FAILURE; 4268 } 4269 4270 if (igtk) 4271 return crypto_priv->def_igtk_tx_keyid; 4272 else 4273 return crypto_priv->def_tx_keyid; 4274 } 4275 4276 enum wlan_crypto_cipher_type 4277 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4278 bool pairwise, uint8_t key_index) 4279 { 4280 struct wlan_crypto_key *crypto_key; 4281 4282 crypto_key = wlan_crypto_get_key(vdev, key_index); 4283 4284 if (crypto_key) 4285 return crypto_key->cipher_type; 4286 else 4287 return WLAN_CRYPTO_CIPHER_INVALID; 4288 } 4289 4290 #ifdef CRYPTO_SET_KEY_CONVERGED 4291 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4292 uint8_t key_index, uint8_t key_len, 4293 uint8_t seq_len) 4294 { 4295 if (!is_valid_keyix(key_index)) { 4296 crypto_err("Invalid Key index %d", key_index); 4297 return QDF_STATUS_E_INVAL; 4298 } 4299 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4300 crypto_err("Invalid Cipher %d", cipher); 4301 return QDF_STATUS_E_INVAL; 4302 } 4303 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4304 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4305 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4306 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4307 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4308 crypto_err("Invalid key index %d for cipher %d", 4309 key_index, cipher); 4310 return QDF_STATUS_E_INVAL; 4311 } 4312 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4313 crypto_err("Invalid key length %d", key_len); 4314 return QDF_STATUS_E_INVAL; 4315 } 4316 4317 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4318 crypto_err("Invalid seq length %d", seq_len); 4319 return QDF_STATUS_E_INVAL; 4320 } 4321 4322 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4323 key_index, key_len, seq_len); 4324 4325 return QDF_STATUS_SUCCESS; 4326 } 4327 4328 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4329 uint8_t key_index, 4330 struct wlan_crypto_key *crypto_key) 4331 { 4332 struct wlan_crypto_comp_priv *crypto_priv; 4333 4334 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4335 if (!crypto_priv) { 4336 crypto_err("crypto_priv NULL"); 4337 return QDF_STATUS_E_FAILURE; 4338 } 4339 if (!is_valid_keyix(key_index)) { 4340 crypto_err("Invalid Key index %d", key_index); 4341 return QDF_STATUS_E_FAILURE; 4342 } 4343 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4344 crypto_priv->key[key_index] = crypto_key; 4345 } else if (is_igtk(key_index)) { 4346 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4347 crypto_key; 4348 crypto_priv->def_igtk_tx_keyid = 4349 key_index - WLAN_CRYPTO_MAXKEYIDX; 4350 crypto_priv->igtk_key_type = crypto_key->cipher_type; 4351 } else { 4352 crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4353 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4354 crypto_priv->def_bigtk_tx_keyid = 4355 key_index - WLAN_CRYPTO_MAXKEYIDX 4356 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4357 } 4358 crypto_key->valid = true; 4359 4360 return QDF_STATUS_SUCCESS; 4361 } 4362 4363 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4364 uint8_t key_index) 4365 { 4366 struct wlan_crypto_comp_priv *crypto_priv; 4367 4368 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4369 if (!crypto_priv) { 4370 crypto_err("crypto_priv NULL"); 4371 return NULL; 4372 } 4373 if (!is_valid_keyix(key_index)) { 4374 crypto_err("Invalid Key index %d", key_index); 4375 return NULL; 4376 } 4377 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4378 return crypto_priv->key[key_index]; 4379 else if (is_igtk(key_index)) 4380 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4381 else 4382 return crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4383 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4384 4385 return NULL; 4386 } 4387 4388 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4389 struct wlan_crypto_key *req, 4390 enum wlan_crypto_key_type key_type) 4391 { 4392 struct wlan_objmgr_psoc *psoc; 4393 struct wlan_lmac_if_tx_ops *tx_ops; 4394 4395 psoc = wlan_vdev_get_psoc(vdev); 4396 4397 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4398 if (!tx_ops) { 4399 crypto_err("tx_ops is NULL"); 4400 return QDF_STATUS_E_FAILURE; 4401 } 4402 4403 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4404 WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, key_type); 4405 else 4406 return QDF_STATUS_E_FAILURE; 4407 4408 return QDF_STATUS_SUCCESS; 4409 } 4410 4411 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4412 bool pairwise, uint8_t key_index, 4413 struct qdf_mac_addr *peer_mac) 4414 { 4415 struct wlan_crypto_key *crypto_key; 4416 4417 crypto_key = wlan_crypto_get_key(vdev, key_index); 4418 if (!crypto_key) { 4419 crypto_err("crypto_key not present for key_idx %d", key_index); 4420 return; 4421 } 4422 4423 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4424 } 4425 4426 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4427 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4428 struct wlan_objmgr_vdev *vdev, 4429 struct qdf_mac_addr *conn_bssid) 4430 { 4431 struct wlan_crypto_params *crypto_params; 4432 struct wlan_crypto_comp_priv *crypto_priv; 4433 int i; 4434 4435 crypto_priv = (struct wlan_crypto_comp_priv *) 4436 wlan_get_vdev_crypto_obj(vdev); 4437 4438 if (!crypto_priv) { 4439 crypto_err("crypto_priv NULL"); 4440 return; 4441 } 4442 4443 crypto_params = &crypto_priv->crypto_params; 4444 4445 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4446 if (!crypto_params->pmksa[i]) 4447 continue; 4448 4449 if (crypto_params->pmksa[i]->single_pmk_supported && 4450 !qdf_is_macaddr_equal(conn_bssid, 4451 &crypto_params->pmksa[i]->bssid)) { 4452 qdf_mem_zero(crypto_params->pmksa[i], 4453 sizeof(struct wlan_crypto_pmksa)); 4454 qdf_mem_free(crypto_params->pmksa[i]); 4455 crypto_params->pmksa[i] = NULL; 4456 } 4457 } 4458 } 4459 4460 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4461 struct qdf_mac_addr *bssid, 4462 bool single_pmk_capable_bss) 4463 { 4464 struct wlan_crypto_params *crypto_params; 4465 struct wlan_crypto_comp_priv *crypto_priv; 4466 int i; 4467 4468 crypto_priv = (struct wlan_crypto_comp_priv *) 4469 wlan_get_vdev_crypto_obj(vdev); 4470 4471 if (!crypto_priv) { 4472 crypto_err("crypto_priv NULL"); 4473 return; 4474 } 4475 4476 crypto_params = &crypto_priv->crypto_params; 4477 4478 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4479 if (!crypto_params->pmksa[i]) 4480 continue; 4481 4482 if (qdf_is_macaddr_equal(bssid, 4483 &crypto_params->pmksa[i]->bssid)) 4484 crypto_params->pmksa[i]->single_pmk_supported = 4485 single_pmk_capable_bss; 4486 } 4487 } 4488 #endif 4489 #endif 4490 4491 #ifdef WLAN_FEATURE_FILS_SK 4492 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len, 4493 uint8_t *rik, uint32_t *rik_len) 4494 { 4495 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN]; 4496 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL; 4497 QDF_STATUS status; 4498 4499 if (!rrk || !rik) { 4500 crypto_err("FILS rrk/rik NULL"); 4501 return QDF_STATUS_E_FAILURE; 4502 } 4503 4504 optional_data[0] = HMAC_SHA256_128; 4505 /* basic validation */ 4506 if (rrk_len <= 0) { 4507 crypto_err("invalid r_rk length %d", rrk_len); 4508 return QDF_STATUS_E_FAILURE; 4509 } 4510 4511 wlan_crypto_put_be16(&optional_data[1], rrk_len); 4512 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data, 4513 sizeof(optional_data), rik, 4514 rrk_len); 4515 if (QDF_IS_STATUS_ERROR(status)) { 4516 crypto_err("failed to create rik"); 4517 return status; 4518 } 4519 *rik_len = rrk_len; 4520 4521 return QDF_STATUS_SUCCESS; 4522 } 4523 #endif /* WLAN_FEATURE_FILS_SK */ 4524