1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 #include <qdf_types.h> 23 #include <wlan_cmn.h> 24 #include <wlan_objmgr_cmn.h> 25 #include <wlan_objmgr_global_obj.h> 26 #include <wlan_objmgr_psoc_obj.h> 27 #include <wlan_objmgr_pdev_obj.h> 28 #include <wlan_objmgr_vdev_obj.h> 29 #include <wlan_objmgr_peer_obj.h> 30 31 #include "wlan_crypto_global_def.h" 32 #include "wlan_crypto_global_api.h" 33 #include "wlan_crypto_def_i.h" 34 #include "wlan_crypto_param_handling_i.h" 35 #include "wlan_crypto_obj_mgr_i.h" 36 37 #include <qdf_module.h> 38 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 /** 43 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 44 * @vdev:vdev 45 * 46 * This function gets called by mlme to get crypto params 47 * 48 * Return: wlan_crypto_params or NULL in case of failure 49 */ 50 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 51 struct wlan_objmgr_vdev *vdev, 52 struct wlan_crypto_comp_priv **crypto_priv){ 53 *crypto_priv = (struct wlan_crypto_comp_priv *) 54 wlan_get_vdev_crypto_obj(vdev); 55 if (*crypto_priv == NULL) { 56 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 57 return NULL; 58 } 59 60 return &((*crypto_priv)->crypto_params); 61 } 62 63 /** 64 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 65 * @peer:peer 66 * 67 * This function gets called by mlme to get crypto params 68 * 69 * Return: wlan_crypto_params or NULL in case of failure 70 */ 71 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 72 struct wlan_objmgr_peer *peer, 73 struct wlan_crypto_comp_priv **crypto_priv){ 74 75 *crypto_priv = (struct wlan_crypto_comp_priv *) 76 wlan_get_peer_crypto_obj(peer); 77 if (*crypto_priv == NULL) { 78 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 79 return NULL; 80 } 81 82 return &((*crypto_priv)->crypto_params); 83 } 84 85 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 86 { 87 return QDF_STATUS_SUCCESS; 88 } 89 90 /** 91 * wlan_crypto_set_param - called by ucfg to set crypto param 92 * @crypto_params: crypto_params 93 * @param: param to be set. 94 * @value: value 95 * 96 * This function gets called from ucfg to set param 97 * 98 * Return: QDF_STATUS_SUCCESS - in case of success 99 */ 100 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 101 wlan_crypto_param_type param, 102 uint32_t value){ 103 QDF_STATUS status = QDF_STATUS_E_INVAL; 104 105 switch (param) { 106 case WLAN_CRYPTO_PARAM_AUTH_MODE: 107 status = wlan_crypto_set_authmode(crypto_params, value); 108 break; 109 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 110 status = wlan_crypto_set_ucastciphers(crypto_params, value); 111 break; 112 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 113 status = wlan_crypto_set_mcastcipher(crypto_params, value); 114 break; 115 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 116 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 117 break; 118 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 119 status = wlan_crypto_set_cipher_cap(crypto_params, value); 120 break; 121 case WLAN_CRYPTO_PARAM_RSN_CAP: 122 status = wlan_crypto_set_rsn_cap(crypto_params, value); 123 break; 124 case WLAN_CRYPTO_PARAM_KEY_MGMT: 125 status = wlan_crypto_set_key_mgmt(crypto_params, value); 126 break; 127 default: 128 status = QDF_STATUS_E_INVAL; 129 } 130 return status; 131 } 132 133 /** 134 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 135 * @vdev: vdev 136 * @param: param to be set. 137 * @value: value 138 * 139 * This function gets called from ucfg to set param 140 * 141 * Return: QDF_STATUS_SUCCESS - in case of success 142 */ 143 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 144 wlan_crypto_param_type param, 145 uint32_t value){ 146 QDF_STATUS status = QDF_STATUS_E_INVAL; 147 struct wlan_crypto_comp_priv *crypto_priv; 148 struct wlan_crypto_params *crypto_params; 149 150 crypto_priv = (struct wlan_crypto_comp_priv *) 151 wlan_get_vdev_crypto_obj(vdev); 152 153 if (crypto_priv == NULL) { 154 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 155 return QDF_STATUS_E_INVAL; 156 } 157 158 crypto_params = &(crypto_priv->crypto_params); 159 160 status = wlan_crypto_set_param(crypto_params, param, value); 161 162 return status; 163 } 164 165 /** 166 * wlan_crypto_set_param - called by ucfg to set crypto param 167 * 168 * @peer: peer 169 * @param: param to be set. 170 * @value: value 171 * 172 * This function gets called from ucfg to set param 173 * 174 * Return: QDF_STATUS_SUCCESS - in case of success 175 */ 176 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 177 wlan_crypto_param_type param, 178 uint32_t value){ 179 QDF_STATUS status = QDF_STATUS_E_INVAL; 180 struct wlan_crypto_comp_priv *crypto_priv; 181 struct wlan_crypto_params *crypto_params; 182 183 crypto_params = wlan_crypto_peer_get_comp_params(peer, 184 &crypto_priv); 185 186 if (crypto_priv == NULL) { 187 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 188 return QDF_STATUS_E_INVAL; 189 } 190 191 crypto_params = &(crypto_priv->crypto_params); 192 193 status = wlan_crypto_set_param(crypto_params, param, value); 194 195 return status; 196 } 197 198 /** 199 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 200 * @param: Crypto param type 201 * @crypto_params: Crypto params struct 202 * 203 * This function gets called from in-within crypto layer 204 * 205 * Return: value or -1 for failure 206 */ 207 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 208 struct wlan_crypto_params *crypto_params) 209 { 210 int32_t value = -1; 211 212 switch (param) { 213 case WLAN_CRYPTO_PARAM_AUTH_MODE: 214 value = wlan_crypto_get_authmode(crypto_params); 215 break; 216 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 217 value = wlan_crypto_get_ucastciphers(crypto_params); 218 break; 219 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 220 value = wlan_crypto_get_mcastcipher(crypto_params); 221 break; 222 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 223 value = wlan_crypto_get_mgmtciphers(crypto_params); 224 break; 225 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 226 value = wlan_crypto_get_cipher_cap(crypto_params); 227 break; 228 case WLAN_CRYPTO_PARAM_RSN_CAP: 229 value = wlan_crypto_get_rsn_cap(crypto_params); 230 break; 231 case WLAN_CRYPTO_PARAM_KEY_MGMT: 232 value = wlan_crypto_get_key_mgmt(crypto_params); 233 break; 234 default: 235 value = QDF_STATUS_E_INVAL; 236 } 237 238 return value; 239 } 240 241 /** 242 * wlan_crypto_get_param - called to get value for param from vdev 243 * @vdev: vdev 244 * @param: Crypto param type 245 * 246 * This function gets called to get value for param from vdev 247 * 248 * Return: value or -1 for failure 249 */ 250 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 251 wlan_crypto_param_type param) 252 { 253 int32_t value = -1; 254 struct wlan_crypto_comp_priv *crypto_priv; 255 struct wlan_crypto_params *crypto_params; 256 crypto_priv = (struct wlan_crypto_comp_priv *) 257 wlan_get_vdev_crypto_obj(vdev); 258 259 if (crypto_priv == NULL) { 260 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 261 return QDF_STATUS_E_INVAL; 262 } 263 264 crypto_params = &(crypto_priv->crypto_params); 265 value = wlan_crypto_get_param_value(param, crypto_params); 266 267 return value; 268 } 269 /** 270 * wlan_crypto_get_peer_param - called to get value for param from peer 271 * @peer: peer 272 * @param: Crypto param type 273 * 274 * This function gets called to get value for param from peer 275 * 276 * Return: value or -1 for failure 277 */ 278 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 279 wlan_crypto_param_type param) 280 { 281 int32_t value = -1; 282 struct wlan_crypto_comp_priv *crypto_priv; 283 struct wlan_crypto_params *crypto_params; 284 285 crypto_params = wlan_crypto_peer_get_comp_params(peer, 286 &crypto_priv); 287 288 if (crypto_params == NULL) { 289 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 290 return QDF_STATUS_E_INVAL; 291 } 292 value = wlan_crypto_get_param_value(param, crypto_params); 293 294 return value; 295 } 296 qdf_export_symbol(wlan_crypto_get_peer_param); 297 /** 298 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 299 * @vdev: vdev 300 * @peer: peer 301 * 302 * This function gets called to check is HT allowed for cipher. 303 * HT is not allowed for wep and tkip. 304 * 305 * Return: 0 - not allowed or 1 - allowed 306 */ 307 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 308 struct wlan_objmgr_peer *peer) 309 { 310 int32_t ucast_cipher; 311 312 if (!(vdev || peer)) { 313 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 314 return 0; 315 } 316 317 if (vdev) 318 ucast_cipher = wlan_crypto_get_param(vdev, 319 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 320 else 321 ucast_cipher = wlan_crypto_get_peer_param(peer, 322 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 323 324 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 325 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 326 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 327 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 328 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 329 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 330 } 331 qdf_export_symbol(wlan_crypto_is_htallowed); 332 333 /** 334 * wlan_crypto_setkey - called by ucfg to setkey 335 * @vdev: vdev 336 * @req_key: req_key with cipher type, key macaddress 337 * 338 * This function gets called from ucfg to sey key 339 * 340 * Return: QDF_STATUS_SUCCESS - in case of success 341 */ 342 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 343 struct wlan_crypto_req_key *req_key){ 344 345 QDF_STATUS status = QDF_STATUS_E_INVAL; 346 struct wlan_crypto_comp_priv *crypto_priv; 347 struct wlan_crypto_params *crypto_params; 348 struct wlan_objmgr_psoc *psoc; 349 struct wlan_objmgr_peer *peer; 350 struct wlan_crypto_key *key = NULL; 351 const struct wlan_crypto_cipher *cipher; 352 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 353 bool isbcast; 354 enum QDF_OPMODE vdev_mode; 355 uint8_t igtk_idx = 0; 356 357 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 358 qdf_print("%s[%d] Invalid params vdev%pK, req_key%pK\n", 359 __func__, __LINE__, vdev, req_key); 360 return QDF_STATUS_E_INVAL; 361 } 362 363 isbcast = qdf_is_macaddr_group( 364 (struct qdf_mac_addr *)req_key->macaddr); 365 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 366 /* zero length keys, only set default key id if flags are set*/ 367 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 368 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 369 && (!IS_MGMT_CIPHER(req_key->type))) { 370 wlan_crypto_default_key(vdev, 371 req_key->macaddr, 372 req_key->keyix, 373 !isbcast); 374 return QDF_STATUS_SUCCESS; 375 } 376 qdf_print("%s[%d] req_key len zero\n", __func__, __LINE__); 377 return QDF_STATUS_E_INVAL; 378 } 379 380 cipher = wlan_crypto_cipher_ops[req_key->type]; 381 382 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 383 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 384 return QDF_STATUS_E_INVAL; 385 } 386 387 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 388 (!IS_MGMT_CIPHER(req_key->type)) && 389 ((req_key->keylen != (cipher->keylen / NBBY)) && 390 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 391 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 392 return QDF_STATUS_E_INVAL; 393 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 394 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 395 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 396 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 397 qdf_print("%s[%d] wep key len invalid\n", __func__, __LINE__); 398 return QDF_STATUS_E_INVAL; 399 } 400 401 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 402 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 403 | WLAN_CRYPTO_KEY_RECV)) { 404 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 405 | WLAN_CRYPTO_KEY_RECV); 406 } 407 } else { 408 if ((req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX) 409 && (!IS_MGMT_CIPHER(req_key->type))) { 410 return QDF_STATUS_E_INVAL; 411 } 412 413 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 414 | WLAN_CRYPTO_KEY_RECV); 415 if (isbcast) 416 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 417 } 418 419 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 420 421 wlan_vdev_obj_lock(vdev); 422 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 423 psoc = wlan_vdev_get_psoc(vdev); 424 if (!psoc) { 425 wlan_vdev_obj_unlock(vdev); 426 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 427 return QDF_STATUS_E_INVAL; 428 } 429 wlan_vdev_obj_unlock(vdev); 430 431 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 432 if (wlan_crypto_vdev_has_auth_mode(vdev, 433 (1 << WLAN_CRYPTO_AUTH_8021X))) { 434 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 435 } 436 } 437 438 if (isbcast) { 439 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 440 &crypto_priv); 441 if (crypto_priv == NULL) { 442 qdf_print("%s[%d] crypto_priv NULL\n", 443 __func__, __LINE__); 444 return QDF_STATUS_E_INVAL; 445 } 446 447 if (IS_MGMT_CIPHER(req_key->type)) { 448 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 449 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 450 qdf_print("%s[%d] igtk key invalid keyid %d \n", 451 __func__, __LINE__, igtk_idx); 452 return QDF_STATUS_E_INVAL; 453 } 454 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 455 if (key == NULL) { 456 qdf_print("%s[%d] igtk key alloc failed\n", 457 __func__, __LINE__); 458 return QDF_STATUS_E_NOMEM; 459 } 460 461 if (crypto_priv->igtk_key[igtk_idx]) 462 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 463 464 crypto_priv->igtk_key[igtk_idx] = key; 465 crypto_priv->igtk_key_type = req_key->type; 466 crypto_priv->def_igtk_tx_keyid = igtk_idx; 467 } else { 468 if (IS_FILS_CIPHER(req_key->type)) { 469 qdf_print(FL( 470 "FILS key is not for BroadCast packet\n")); 471 return QDF_STATUS_E_INVAL; 472 } 473 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 474 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 475 return QDF_STATUS_E_INVAL; 476 } 477 if (!crypto_priv->key[req_key->keyix]) { 478 crypto_priv->key[req_key->keyix] 479 = qdf_mem_malloc( 480 sizeof(struct wlan_crypto_key)); 481 if (!crypto_priv->key[req_key->keyix]) 482 return QDF_STATUS_E_NOMEM; 483 } 484 key = crypto_priv->key[req_key->keyix]; 485 } 486 if (vdev_mode == QDF_STA_MODE) { 487 peer = wlan_vdev_get_bsspeer(vdev); 488 if (!(peer && (QDF_STATUS_SUCCESS 489 == wlan_objmgr_peer_try_get_ref(peer, 490 WLAN_CRYPTO_ID)))) { 491 qdf_print("%s[%d] peer %pK failed\n", 492 __func__, __LINE__, peer); 493 if (IS_MGMT_CIPHER(req_key->type)) { 494 crypto_priv->igtk_key[igtk_idx] = NULL; 495 crypto_priv->igtk_key_type 496 = WLAN_CRYPTO_CIPHER_NONE; 497 } else 498 crypto_priv->key[req_key->keyix] = NULL; 499 if (key) 500 qdf_mem_free(key); 501 return QDF_STATUS_E_INVAL; 502 } 503 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 504 WLAN_ALEN); 505 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 506 } 507 } else { 508 uint8_t pdev_id; 509 510 pdev_id = wlan_objmgr_pdev_get_pdev_id( 511 wlan_vdev_get_pdev(vdev)); 512 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 513 psoc, 514 pdev_id, 515 macaddr, 516 req_key->macaddr, 517 WLAN_CRYPTO_ID); 518 519 if (peer == NULL) { 520 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 521 return QDF_STATUS_E_INVAL; 522 } 523 524 qdf_mem_copy(macaddr, req_key->macaddr, WLAN_ALEN); 525 crypto_params = wlan_crypto_peer_get_comp_params(peer, 526 &crypto_priv); 527 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 528 529 if (crypto_priv == NULL) { 530 qdf_print("%s[%d] crypto_priv NULL\n", 531 __func__, __LINE__); 532 return QDF_STATUS_E_INVAL; 533 } 534 if (IS_MGMT_CIPHER(req_key->type)) { 535 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 536 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 537 qdf_print("%s[%d] igtk key invalid keyid %d \n", 538 __func__, __LINE__, igtk_idx); 539 return QDF_STATUS_E_INVAL; 540 } 541 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 542 if (key == NULL) { 543 qdf_print("%s[%d] igtk key alloc failed\n", 544 __func__, __LINE__); 545 return QDF_STATUS_E_NOMEM; 546 } 547 if (crypto_priv->igtk_key[igtk_idx]) 548 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 549 550 crypto_priv->igtk_key[igtk_idx] = key; 551 crypto_priv->igtk_key_type = req_key->type; 552 crypto_priv->def_igtk_tx_keyid = igtk_idx; 553 } else { 554 uint16_t kid = req_key->keyix; 555 if (kid == WLAN_CRYPTO_KEYIX_NONE) 556 kid = 0; 557 if (kid >= WLAN_CRYPTO_MAXKEYIDX) { 558 qdf_print("%s[%d] invalid keyid %d \n", 559 __func__, __LINE__, kid); 560 return QDF_STATUS_E_INVAL; 561 } 562 if (!crypto_priv->key[kid]) { 563 crypto_priv->key[kid] 564 = qdf_mem_malloc( 565 sizeof(struct wlan_crypto_key)); 566 if (!crypto_priv->key[kid]) 567 return QDF_STATUS_E_NOMEM; 568 } 569 key = crypto_priv->key[kid]; 570 } 571 } 572 573 /* alloc key might not required as it is already there */ 574 key->cipher_table = (void *)cipher; 575 key->keylen = req_key->keylen; 576 key->flags = req_key->flags; 577 578 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 579 key->keyix = 0; 580 else 581 key->keyix = req_key->keyix; 582 583 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 584 && (!IS_MGMT_CIPHER(req_key->type))) { 585 crypto_priv->def_tx_keyid = key->keyix; 586 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 587 } 588 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 589 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 590 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 591 0x5c, 0x36, 0x5c, 0x36, 592 0x5c, 0x36, 0x5c, 0x36, 593 0x5c, 0x36, 0x5c, 0x37}; 594 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 595 0x5c, 0x36, 0x5c, 0x36, 596 0x5c, 0x36, 0x5c, 0x36, 597 0x5c, 0x36, 0x5c, 0x36}; 598 599 /* During Tx PN should be increment and 600 * send but as per our implementation we increment only after 601 * Tx complete. So First packet PN check will be failed. 602 * To compensate increment the PN here by 2 603 */ 604 if (vdev_mode == QDF_SAP_MODE) { 605 iv_AP[15] += 2; 606 qdf_mem_copy(key->recviv, iv_STA, 607 WLAN_CRYPTO_WAPI_IV_SIZE); 608 qdf_mem_copy(key->txiv, iv_AP, 609 WLAN_CRYPTO_WAPI_IV_SIZE); 610 } else { 611 iv_STA[15] += 2; 612 qdf_mem_copy(key->recviv, iv_AP, 613 WLAN_CRYPTO_WAPI_IV_SIZE); 614 qdf_mem_copy(key->txiv, iv_STA, 615 WLAN_CRYPTO_WAPI_IV_SIZE); 616 } 617 } else { 618 uint8_t i = 0; 619 qdf_mem_copy((uint8_t *)(&key->keytsc), 620 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 621 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 622 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 623 (uint8_t *)(&req_key->keyrsc), 624 sizeof(key->keyrsc[0])); 625 } 626 } 627 628 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 629 key->valid = 1; 630 if ((IS_MGMT_CIPHER(req_key->type))) { 631 if (HAS_CIPHER_CAP(crypto_params, 632 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 633 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 634 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 635 key, macaddr, req_key->type); 636 } 637 } 638 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 639 status = wlan_crypto_set_igtk_key(key); 640 return status; 641 } else if (IS_FILS_CIPHER(req_key->type)) { 642 /* Take request key object to FILS setkey */ 643 key->private = req_key; 644 } else { 645 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 646 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 647 macaddr, req_key->type); 648 } 649 } 650 status = cipher->setkey(key); 651 652 return status; 653 } 654 655 /** 656 * wlan_crypto_get_keytype - get keytype 657 * @key: key 658 * 659 * This function gets keytype from key 660 * 661 * Return: keytype 662 */ 663 wlan_crypto_cipher_type wlan_crypto_get_key_type( 664 struct wlan_crypto_key *key){ 665 if (key && key->cipher_table) { 666 return ((struct wlan_crypto_cipher *) 667 (key->cipher_table))->cipher; 668 } 669 return WLAN_CRYPTO_CIPHER_NONE; 670 } 671 qdf_export_symbol(wlan_crypto_get_key_type); 672 /** 673 * wlan_crypto_vdev_getkey - get key from vdev 674 * @vdev: vdev 675 * @keyix: keyix 676 * 677 * This function gets key from vdev 678 * 679 * Return: key or NULL 680 */ 681 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 682 uint16_t keyix){ 683 struct wlan_crypto_comp_priv *crypto_priv; 684 struct wlan_crypto_params *crypto_params; 685 struct wlan_crypto_key *key = NULL; 686 687 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 688 689 if (crypto_priv == NULL) { 690 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 691 return NULL; 692 } 693 694 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 695 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 696 else 697 key = crypto_priv->key[keyix]; 698 699 if (key && key->valid) 700 return key; 701 702 return NULL; 703 } 704 qdf_export_symbol(wlan_crypto_vdev_getkey); 705 706 /** 707 * wlan_crypto_peer_getkey - get key from peer 708 * @peer: peer 709 * @keyix: keyix 710 * 711 * This function gets key from peer 712 * 713 * Return: key or NULL 714 */ 715 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 716 uint16_t keyix){ 717 struct wlan_crypto_comp_priv *crypto_priv; 718 struct wlan_crypto_params *crypto_params; 719 struct wlan_crypto_key *key = NULL; 720 721 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 722 723 if (crypto_priv == NULL) { 724 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 725 return NULL; 726 } 727 728 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 729 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 730 else 731 key = crypto_priv->key[keyix]; 732 733 if (key && key->valid) 734 return key; 735 736 return NULL; 737 } 738 qdf_export_symbol(wlan_crypto_peer_getkey); 739 740 /** 741 * wlan_crypto_getkey - called by ucfg to get key 742 * @vdev: vdev 743 * @req_key: key value will be copied in this req_key 744 * @mac_address: mac address of the peer for unicast key 745 * or broadcast address if group key is requested. 746 * 747 * This function gets called from ucfg to get key 748 * 749 * Return: QDF_STATUS_SUCCESS - in case of success 750 */ 751 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 752 struct wlan_crypto_req_key *req_key, 753 uint8_t *mac_addr){ 754 struct wlan_crypto_cipher *cipher_table; 755 struct wlan_crypto_key *key; 756 struct wlan_objmgr_psoc *psoc; 757 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 758 759 if ((req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 760 (req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX)) { 761 qdf_print("%s[%d] invalid keyix %d\n", __func__, __LINE__, 762 req_key->keyix); 763 return QDF_STATUS_E_INVAL; 764 } 765 766 wlan_vdev_obj_lock(vdev); 767 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 768 psoc = wlan_vdev_get_psoc(vdev); 769 if (!psoc) { 770 wlan_vdev_obj_unlock(vdev); 771 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 772 return QDF_STATUS_E_INVAL; 773 } 774 wlan_vdev_obj_unlock(vdev); 775 776 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 777 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 778 if (!key) 779 return QDF_STATUS_E_INVAL; 780 } else { 781 struct wlan_objmgr_peer *peer; 782 uint8_t pdev_id; 783 784 pdev_id = wlan_objmgr_pdev_get_pdev_id( 785 wlan_vdev_get_pdev(vdev)); 786 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 787 psoc, 788 pdev_id, 789 macaddr, 790 mac_addr, 791 WLAN_CRYPTO_ID); 792 if (peer == NULL) { 793 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 794 "%s[%d] peer NULL\n", __func__, __LINE__); 795 return QDF_STATUS_E_NOENT; 796 } 797 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 798 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 799 if (!key) 800 return QDF_STATUS_E_INVAL; 801 } 802 803 if (key->valid) { 804 qdf_mem_copy(req_key->keydata, 805 key->keyval, key->keylen); 806 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 807 (uint8_t *)(&key->keytsc), 808 sizeof(req_key->keytsc)); 809 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 810 (uint8_t *)(&key->keyrsc[0]), 811 sizeof(req_key->keyrsc)); 812 req_key->keylen = key->keylen; 813 req_key->flags = key->flags; 814 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 815 816 if (!cipher_table) 817 return QDF_STATUS_SUCCESS; 818 819 req_key->type = cipher_table->cipher; 820 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 821 qdf_mem_copy((uint8_t *)(&req_key->txiv), 822 (uint8_t *)(key->txiv), 823 sizeof(req_key->txiv)); 824 qdf_mem_copy((uint8_t *)(&req_key->recviv), 825 (uint8_t *)(key->recviv), 826 sizeof(req_key->recviv)); 827 } 828 } 829 830 return QDF_STATUS_SUCCESS; 831 } 832 833 /** 834 * wlan_crypto_delkey - called by ucfg to delete key 835 * @vdev: vdev 836 * @mac_address: mac address of the peer for unicast key 837 * or broadcast address if group key is deleted. 838 * @key_idx: key index to be deleted 839 * 840 * This function gets called from ucfg to delete key 841 * 842 * Return: QDF_STATUS_SUCCESS - in case of success 843 */ 844 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 845 uint8_t *macaddr, 846 uint8_t key_idx){ 847 struct wlan_crypto_comp_priv *crypto_priv; 848 struct wlan_crypto_params *crypto_params; 849 struct wlan_crypto_key *key; 850 struct wlan_crypto_cipher *cipher_table; 851 struct wlan_objmgr_psoc *psoc; 852 uint8_t bssid_mac[WLAN_ALEN]; 853 854 if (!vdev || !macaddr || 855 (key_idx >= 856 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 857 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 858 "%s[%d] Invalid params vdev %pK, macaddr %pK" 859 "keyidx %d\n", __func__, __LINE__, vdev, 860 macaddr, key_idx); 861 return QDF_STATUS_E_INVAL; 862 } 863 864 wlan_vdev_obj_lock(vdev); 865 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 866 psoc = wlan_vdev_get_psoc(vdev); 867 if (!psoc) { 868 wlan_vdev_obj_unlock(vdev); 869 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 870 return QDF_STATUS_E_INVAL; 871 } 872 wlan_vdev_obj_unlock(vdev); 873 874 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 875 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 876 &crypto_priv); 877 if (crypto_priv == NULL) { 878 qdf_print("%s[%d] crypto_priv NULL\n", 879 __func__, __LINE__); 880 return QDF_STATUS_E_INVAL; 881 } 882 } else { 883 struct wlan_objmgr_peer *peer; 884 uint8_t pdev_id; 885 886 pdev_id = wlan_objmgr_pdev_get_pdev_id( 887 wlan_vdev_get_pdev(vdev)); 888 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 889 psoc, pdev_id, 890 bssid_mac, 891 macaddr, 892 WLAN_CRYPTO_ID); 893 if (peer == NULL) { 894 return QDF_STATUS_E_INVAL; 895 } 896 crypto_params = wlan_crypto_peer_get_comp_params(peer, 897 &crypto_priv); 898 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 899 if (crypto_priv == NULL) { 900 qdf_print("%s[%d] crypto_priv NULL\n", 901 __func__, __LINE__); 902 return QDF_STATUS_E_INVAL; 903 } 904 } 905 906 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 907 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 908 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 909 qdf_print("%s[%d] Igtk key invalid keyid %d\n", 910 __func__, __LINE__, igtk_idx); 911 return QDF_STATUS_E_INVAL; 912 } 913 key = crypto_priv->igtk_key[igtk_idx]; 914 crypto_priv->igtk_key[igtk_idx] = NULL; 915 if (key) 916 key->valid = 0; 917 } else { 918 key = crypto_priv->key[key_idx]; 919 crypto_priv->key[key_idx] = NULL; 920 } 921 922 if (!key) 923 return QDF_STATUS_E_INVAL; 924 925 if (key->valid) { 926 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 927 928 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 929 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 930 macaddr, cipher_table->cipher); 931 } 932 } 933 qdf_mem_free(key); 934 935 return QDF_STATUS_SUCCESS; 936 } 937 938 /** 939 * wlan_crypto_default_key - called by ucfg to set default tx key 940 * @vdev: vdev 941 * @mac_address: mac address of the peer for unicast key 942 * or broadcast address if group key need to made default. 943 * @key_idx: key index to be made as default key 944 * @unicast: is key was unicast or group key. 945 * 946 * This function gets called from ucfg to set default key 947 * 948 * Return: QDF_STATUS_SUCCESS - in case of success 949 */ 950 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 951 uint8_t *macaddr, 952 uint8_t key_idx, 953 bool unicast){ 954 struct wlan_crypto_comp_priv *crypto_priv; 955 struct wlan_crypto_params *crypto_params; 956 struct wlan_crypto_key *key; 957 struct wlan_objmgr_psoc *psoc; 958 uint8_t bssid_mac[WLAN_ALEN]; 959 960 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 961 qdf_print("%s[%d] Invalid params vdev %pK, macaddr %pK" 962 "keyidx %d\n", __func__, __LINE__, 963 vdev, macaddr, key_idx); 964 return QDF_STATUS_E_INVAL; 965 } 966 967 wlan_vdev_obj_lock(vdev); 968 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 969 psoc = wlan_vdev_get_psoc(vdev); 970 if (!psoc) { 971 wlan_vdev_obj_unlock(vdev); 972 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 973 return QDF_STATUS_E_INVAL; 974 } 975 wlan_vdev_obj_unlock(vdev); 976 977 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 978 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 979 &crypto_priv); 980 if (crypto_priv == NULL) { 981 qdf_print("%s[%d] crypto_priv NULL\n", 982 __func__, __LINE__); 983 return QDF_STATUS_E_INVAL; 984 } 985 986 key = crypto_priv->key[key_idx]; 987 if (!key) 988 return QDF_STATUS_E_INVAL; 989 } else { 990 struct wlan_objmgr_peer *peer; 991 uint8_t pdev_id; 992 993 pdev_id = wlan_objmgr_pdev_get_pdev_id( 994 wlan_vdev_get_pdev(vdev)); 995 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 996 psoc, pdev_id, 997 bssid_mac, 998 macaddr, 999 WLAN_CRYPTO_ID); 1000 1001 if (peer == NULL) { 1002 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1003 return QDF_STATUS_E_INVAL; 1004 } 1005 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1006 &crypto_priv); 1007 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1008 if (crypto_priv == NULL) { 1009 qdf_print("%s[%d] crypto_priv NULL\n", 1010 __func__, __LINE__); 1011 return QDF_STATUS_E_INVAL; 1012 } 1013 1014 key = crypto_priv->key[key_idx]; 1015 if (!key) 1016 return QDF_STATUS_E_INVAL; 1017 } 1018 if (!key->valid) 1019 return QDF_STATUS_E_INVAL; 1020 1021 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1022 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1023 macaddr); 1024 } 1025 crypto_priv->def_tx_keyid = key_idx; 1026 1027 return QDF_STATUS_SUCCESS; 1028 } 1029 1030 /** 1031 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1032 * @vdev: vdev 1033 * @wbuf: wbuf 1034 * @macaddr: macaddr 1035 * @encapdone: is encapdone already or not. 1036 * 1037 * This function gets called from mgmt txrx to encap frame. 1038 * 1039 * Return: QDF_STATUS_SUCCESS - in case of success 1040 */ 1041 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1042 qdf_nbuf_t wbuf, 1043 uint8_t *mac_addr, 1044 uint8_t encapdone){ 1045 struct wlan_crypto_comp_priv *crypto_priv; 1046 struct wlan_crypto_params *crypto_params; 1047 struct wlan_crypto_key *key; 1048 QDF_STATUS status; 1049 struct wlan_crypto_cipher *cipher_table; 1050 struct wlan_objmgr_psoc *psoc; 1051 struct wlan_objmgr_peer *peer; 1052 uint8_t bssid_mac[WLAN_ALEN]; 1053 uint8_t pdev_id; 1054 1055 wlan_vdev_obj_lock(vdev); 1056 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1057 psoc = wlan_vdev_get_psoc(vdev); 1058 if (!psoc) { 1059 wlan_vdev_obj_unlock(vdev); 1060 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1061 return QDF_STATUS_E_INVAL; 1062 } 1063 wlan_vdev_obj_unlock(vdev); 1064 1065 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1066 /* FILS Encap required only for (Re-)Assoc response */ 1067 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1068 1069 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1070 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1071 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1072 return QDF_STATUS_E_INVAL; 1073 } 1074 1075 if (peer) 1076 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1077 1078 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1079 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1080 &crypto_priv); 1081 if (crypto_priv == NULL) { 1082 qdf_print("%s[%d] crypto_priv NULL\n", 1083 __func__, __LINE__); 1084 return QDF_STATUS_E_INVAL; 1085 } 1086 1087 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1088 if (!key) 1089 return QDF_STATUS_E_INVAL; 1090 1091 } else { 1092 struct wlan_objmgr_peer *peer; 1093 uint8_t pdev_id; 1094 1095 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1096 wlan_vdev_get_pdev(vdev)); 1097 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1098 bssid_mac, mac_addr, 1099 WLAN_CRYPTO_ID); 1100 1101 if (peer == NULL) { 1102 qdf_print("%s[%d] crypto_priv NULL\n", 1103 __func__, __LINE__); 1104 return QDF_STATUS_E_INVAL; 1105 } 1106 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1107 &crypto_priv); 1108 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1109 1110 if (crypto_priv == NULL) { 1111 qdf_print("%s[%d] crypto_priv NULL\n", 1112 __func__, __LINE__); 1113 return QDF_STATUS_E_INVAL; 1114 } 1115 1116 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1117 if (!key) 1118 return QDF_STATUS_E_INVAL; 1119 } 1120 /* if tkip, is counter measures enabled, then drop the frame */ 1121 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1122 status = cipher_table->encap(key, wbuf, encapdone, 1123 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1124 1125 return status; 1126 } 1127 qdf_export_symbol(wlan_crypto_encap); 1128 1129 /** 1130 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1131 * @vdev: vdev 1132 * @wbuf: wbuf 1133 * @macaddr: macaddr 1134 * @tid: tid of the frame 1135 * 1136 * This function gets called from mgmt txrx to decap frame. 1137 * 1138 * Return: QDF_STATUS_SUCCESS - in case of success 1139 */ 1140 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1141 qdf_nbuf_t wbuf, 1142 uint8_t *mac_addr, 1143 uint8_t tid){ 1144 struct wlan_crypto_comp_priv *crypto_priv; 1145 struct wlan_crypto_params *crypto_params; 1146 struct wlan_crypto_key *key; 1147 QDF_STATUS status; 1148 struct wlan_crypto_cipher *cipher_table; 1149 struct wlan_objmgr_psoc *psoc; 1150 struct wlan_objmgr_peer *peer; 1151 uint8_t bssid_mac[WLAN_ALEN]; 1152 uint8_t keyid; 1153 uint8_t pdev_id; 1154 1155 wlan_vdev_obj_lock(vdev); 1156 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1157 psoc = wlan_vdev_get_psoc(vdev); 1158 if (!psoc) { 1159 wlan_vdev_obj_unlock(vdev); 1160 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1161 return QDF_STATUS_E_INVAL; 1162 } 1163 wlan_vdev_obj_unlock(vdev); 1164 1165 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf)); 1166 1167 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1168 return QDF_STATUS_E_INVAL; 1169 1170 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1171 /* FILS Decap required only for (Re-)Assoc request */ 1172 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1173 1174 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1175 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1176 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1177 return QDF_STATUS_E_INVAL; 1178 } 1179 1180 if (peer) 1181 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1182 1183 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1184 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1185 &crypto_priv); 1186 if (crypto_priv == NULL) { 1187 qdf_print("%s[%d] crypto_priv NULL\n", 1188 __func__, __LINE__); 1189 return QDF_STATUS_E_INVAL; 1190 } 1191 1192 key = crypto_priv->key[keyid]; 1193 if (!key) 1194 return QDF_STATUS_E_INVAL; 1195 1196 } else { 1197 struct wlan_objmgr_peer *peer; 1198 uint8_t pdev_id; 1199 1200 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1201 wlan_vdev_get_pdev(vdev)); 1202 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1203 psoc, pdev_id, bssid_mac, 1204 mac_addr, WLAN_CRYPTO_ID); 1205 if (peer == NULL) { 1206 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1207 return QDF_STATUS_E_INVAL; 1208 } 1209 1210 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1211 &crypto_priv); 1212 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1213 1214 if (crypto_priv == NULL) { 1215 qdf_print("%s[%d] crypto_priv NULL\n", 1216 __func__, __LINE__); 1217 return QDF_STATUS_E_INVAL; 1218 } 1219 1220 key = crypto_priv->key[keyid]; 1221 if (!key) 1222 return QDF_STATUS_E_INVAL; 1223 } 1224 /* if tkip, is counter measures enabled, then drop the frame */ 1225 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1226 status = cipher_table->decap(key, wbuf, tid, 1227 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1228 1229 return status; 1230 } 1231 qdf_export_symbol(wlan_crypto_decap); 1232 /** 1233 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1234 * @vdev: vdev 1235 * @wbuf: wbuf 1236 * @macaddr: macaddr 1237 * @encapdone: is encapdone already or not. 1238 * 1239 * This function gets called from mgmt txrx to adding mic to the frame. 1240 * 1241 * Return: QDF_STATUS_SUCCESS - in case of success 1242 */ 1243 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1244 qdf_nbuf_t wbuf, 1245 uint8_t *mac_addr, 1246 uint8_t encapdone){ 1247 struct wlan_crypto_comp_priv *crypto_priv; 1248 struct wlan_crypto_params *crypto_params; 1249 struct wlan_crypto_key *key; 1250 QDF_STATUS status; 1251 struct wlan_crypto_cipher *cipher_table; 1252 struct wlan_objmgr_psoc *psoc; 1253 uint8_t bssid_mac[WLAN_ALEN]; 1254 1255 1256 wlan_vdev_obj_lock(vdev); 1257 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1258 psoc = wlan_vdev_get_psoc(vdev); 1259 if (!psoc) { 1260 wlan_vdev_obj_unlock(vdev); 1261 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1262 return QDF_STATUS_E_INVAL; 1263 } 1264 wlan_vdev_obj_unlock(vdev); 1265 1266 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1267 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1268 &crypto_priv); 1269 if (crypto_priv == NULL) { 1270 qdf_print("%s[%d] crypto_priv NULL\n", 1271 __func__, __LINE__); 1272 return QDF_STATUS_E_INVAL; 1273 } 1274 1275 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1276 if (!key) 1277 return QDF_STATUS_E_INVAL; 1278 1279 } else { 1280 struct wlan_objmgr_peer *peer; 1281 uint8_t pdev_id; 1282 1283 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1284 wlan_vdev_get_pdev(vdev)); 1285 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1286 psoc, pdev_id, bssid_mac, 1287 mac_addr, WLAN_CRYPTO_ID); 1288 if (peer == NULL) { 1289 qdf_print("%s[%d] crypto_priv NULL\n", 1290 __func__, __LINE__); 1291 return QDF_STATUS_E_INVAL; 1292 } 1293 1294 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1295 &crypto_priv); 1296 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1297 1298 if (crypto_priv == NULL) { 1299 qdf_print("%s[%d] crypto_priv NULL\n", 1300 __func__, __LINE__); 1301 return QDF_STATUS_E_INVAL; 1302 } 1303 1304 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1305 if (!key) 1306 return QDF_STATUS_E_INVAL; 1307 } 1308 /* if tkip, is counter measures enabled, then drop the frame */ 1309 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1310 status = cipher_table->enmic(key, wbuf, encapdone, 1311 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1312 1313 return status; 1314 } 1315 1316 /** 1317 * wlan_crypto_demic - called by mgmt for remove and check mic for 1318 * the frame based on cipher 1319 * @vdev: vdev 1320 * @wbuf: wbuf 1321 * @macaddr: macaddr 1322 * @tid: tid of the frame 1323 * 1324 * This function gets called from mgmt txrx to decap frame. 1325 * 1326 * Return: QDF_STATUS_SUCCESS - in case of success 1327 */ 1328 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1329 qdf_nbuf_t wbuf, 1330 uint8_t *mac_addr, 1331 uint8_t tid){ 1332 struct wlan_crypto_comp_priv *crypto_priv; 1333 struct wlan_crypto_params *crypto_params; 1334 struct wlan_crypto_key *key; 1335 QDF_STATUS status; 1336 struct wlan_crypto_cipher *cipher_table; 1337 struct wlan_objmgr_psoc *psoc; 1338 uint8_t bssid_mac[WLAN_ALEN]; 1339 1340 1341 wlan_vdev_obj_lock(vdev); 1342 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1343 psoc = wlan_vdev_get_psoc(vdev); 1344 if (!psoc) { 1345 wlan_vdev_obj_unlock(vdev); 1346 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1347 return QDF_STATUS_E_INVAL; 1348 } 1349 wlan_vdev_obj_unlock(vdev); 1350 1351 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1352 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1353 &crypto_priv); 1354 if (crypto_priv == NULL) { 1355 qdf_print("%s[%d] crypto_priv NULL\n", 1356 __func__, __LINE__); 1357 return QDF_STATUS_E_INVAL; 1358 } 1359 1360 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1361 if (!key) 1362 return QDF_STATUS_E_INVAL; 1363 1364 } else { 1365 struct wlan_objmgr_peer *peer; 1366 uint8_t pdev_id; 1367 1368 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1369 wlan_vdev_get_pdev(vdev)); 1370 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1371 psoc, pdev_id, bssid_mac, 1372 mac_addr, WLAN_CRYPTO_ID); 1373 if (peer == NULL) { 1374 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1375 return QDF_STATUS_E_INVAL; 1376 } 1377 1378 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1379 &crypto_priv); 1380 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1381 1382 if (crypto_priv == NULL) { 1383 qdf_print("%s[%d] crypto_priv NULL\n", 1384 __func__, __LINE__); 1385 return QDF_STATUS_E_INVAL; 1386 } 1387 1388 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1389 if (!key) 1390 return QDF_STATUS_E_INVAL; 1391 } 1392 /* if tkip, is counter measures enabled, then drop the frame */ 1393 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1394 status = cipher_table->demic(key, wbuf, tid, 1395 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1396 1397 return status; 1398 } 1399 1400 /** 1401 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1402 * @vdev: vdev 1403 * 1404 * This function gets called to check is pmf enabled or not in vdev. 1405 * 1406 * Return: true or false 1407 */ 1408 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1409 { 1410 1411 struct wlan_crypto_comp_priv *crypto_priv; 1412 struct wlan_crypto_params *vdev_crypto_params; 1413 1414 if (!vdev) 1415 return false; 1416 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1417 &crypto_priv); 1418 if (crypto_priv == NULL) { 1419 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1420 return QDF_STATUS_E_INVAL; 1421 } 1422 1423 if ((vdev_crypto_params->rsn_caps & 1424 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1425 || (vdev_crypto_params->rsn_caps & 1426 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1427 return true; 1428 } 1429 1430 return false; 1431 } 1432 /** 1433 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1434 * @vdev: vdev 1435 * @peer: peer 1436 * 1437 * This function gets called by mgmt txrx to check is pmf enabled or not. 1438 * 1439 * Return: true or false 1440 */ 1441 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1442 struct wlan_objmgr_peer *peer){ 1443 1444 struct wlan_crypto_comp_priv *crypto_priv; 1445 struct wlan_crypto_params *vdev_crypto_params; 1446 struct wlan_crypto_params *peer_crypto_params; 1447 1448 if (!vdev || !peer) 1449 return false; 1450 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1451 &crypto_priv); 1452 if (crypto_priv == NULL) { 1453 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1454 return QDF_STATUS_E_INVAL; 1455 } 1456 1457 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1458 &crypto_priv); 1459 if (crypto_priv == NULL) { 1460 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1461 return QDF_STATUS_E_INVAL; 1462 } 1463 if (((vdev_crypto_params->rsn_caps & 1464 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1465 (peer_crypto_params->rsn_caps & 1466 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1467 || (vdev_crypto_params->rsn_caps & 1468 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1469 return true; 1470 } 1471 1472 return false; 1473 } 1474 1475 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1476 { 1477 a[0] = b[5]; 1478 a[1] = b[4]; 1479 a[2] = b[3]; 1480 a[3] = b[2]; 1481 a[4] = b[1]; 1482 a[5] = b[0]; 1483 } 1484 1485 /** 1486 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1487 * @vdev: vdev 1488 * @bfrm: frame starting pointer 1489 * @len: length of the frame 1490 * 1491 * This function gets called by mgmt txrx to add mmie in frame 1492 * 1493 * Return: end of frame or NULL in case failure 1494 */ 1495 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1496 uint8_t *bfrm, 1497 uint32_t len) { 1498 struct wlan_crypto_key *key; 1499 struct wlan_crypto_mmie *mmie; 1500 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1501 struct ieee80211_hdr *hdr; 1502 uint32_t i, hdrlen, mic_len, aad_len; 1503 uint8_t mic[16]; 1504 struct wlan_crypto_comp_priv *crypto_priv; 1505 struct wlan_crypto_params *crypto_params; 1506 int32_t ret = -1; 1507 1508 if (!bfrm) { 1509 qdf_print("%s[%d] frame is NULL\n", __func__, __LINE__); 1510 return NULL; 1511 } 1512 1513 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1514 &crypto_priv); 1515 if (crypto_priv == NULL) { 1516 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1517 return NULL; 1518 } 1519 1520 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1521 qdf_print("%s[%d] igtk key invalid keyid %d \n", 1522 __func__, __LINE__, crypto_priv->def_igtk_tx_keyid); 1523 return NULL; 1524 } 1525 1526 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1527 if (!key) { 1528 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1529 return NULL; 1530 } 1531 mic_len = (crypto_priv->igtk_key_type 1532 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1533 1534 efrm = bfrm + len; 1535 aad_len = 20; 1536 hdrlen = sizeof(struct ieee80211_hdr); 1537 len += sizeof(struct wlan_crypto_mmie); 1538 1539 mmie = (struct wlan_crypto_mmie *) efrm; 1540 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1541 mmie->element_id = WLAN_ELEMID_MMIE; 1542 mmie->length = sizeof(*mmie) - 2; 1543 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1544 1545 mic_len = (crypto_priv->igtk_key_type 1546 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1547 if (mic_len == 8) { 1548 mmie->length -= 8; 1549 len -= 8; 1550 } 1551 /* PN = PN + 1 */ 1552 pn = (uint8_t *)&key->keytsc; 1553 1554 for (i = 0; i <= 5; i++) { 1555 pn[i]++; 1556 if (pn[i]) 1557 break; 1558 } 1559 1560 /* Copy IPN */ 1561 qdf_mem_copy(mmie->sequence_number, pn, 6); 1562 1563 hdr = (struct ieee80211_hdr *) bfrm; 1564 1565 buf = qdf_mem_malloc(len - hdrlen + 20); 1566 if (!buf) { 1567 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1568 return NULL; 1569 } 1570 qdf_mem_zero(buf, len - hdrlen + 20); 1571 aad = buf; 1572 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1573 1574 /* FC type/subtype */ 1575 aad[0] = hdr->frame_control & 0xff; 1576 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1577 aad[1] = (hdr->frame_control & ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT 1578 | WLAN_FC_MOREDATA)) >> 8; 1579 /* A1 || A2 || A3 */ 1580 qdf_mem_copy(aad + 2, hdr->addr1, WLAN_ALEN); 1581 qdf_mem_copy(aad + 8, hdr->addr2, WLAN_ALEN); 1582 qdf_mem_copy(aad + 14, hdr->addr3, WLAN_ALEN); 1583 qdf_mem_zero(mic, 16); 1584 1585 /* 1586 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1587 */ 1588 1589 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1590 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1591 1592 ret = omac1_aes_128(key->keyval, buf, 1593 len + aad_len - hdrlen, mic); 1594 qdf_mem_copy(mmie->mic, mic, 8); 1595 1596 } else if (crypto_priv->igtk_key_type 1597 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1598 1599 ret = omac1_aes_256(key->keyval, buf, 1600 len + aad_len - hdrlen, mmie->mic); 1601 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1602 || (crypto_priv->igtk_key_type 1603 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1604 1605 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1606 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1607 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1608 sizeof(nounce), buf, 1609 len + aad_len - hdrlen, mmie->mic); 1610 } 1611 qdf_mem_free(buf); 1612 if (ret < 0) { 1613 qdf_print("%s[%d] add mmie failed\n", __func__, __LINE__); 1614 return NULL; 1615 } 1616 1617 return bfrm + len; 1618 } 1619 1620 /** 1621 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1622 * @vdev: vdev 1623 * @frm: frame starting pointer 1624 * @efrm: end of frame pointer 1625 * 1626 * This function gets called by mgmt txrx to check mmie of the frame 1627 * 1628 * Return: true or false 1629 */ 1630 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1631 uint8_t *frm, 1632 uint8_t *efrm){ 1633 struct wlan_crypto_mmie *mmie = NULL; 1634 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1635 struct wlan_crypto_key *key; 1636 struct ieee80211_hdr *hdr; 1637 uint16_t mic_len, hdrlen, len; 1638 struct wlan_crypto_comp_priv *crypto_priv; 1639 struct wlan_crypto_params *crypto_params; 1640 uint8_t aad_len = 20; 1641 int32_t ret = -1; 1642 1643 /* check if frame is illegal length */ 1644 if (!frm || !efrm || (efrm < frm) 1645 || ((efrm - frm) < sizeof(struct ieee80211_hdr))) { 1646 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 1647 return false; 1648 } 1649 len = efrm - frm; 1650 crypto_priv = (struct wlan_crypto_comp_priv *) 1651 wlan_get_vdev_crypto_obj(vdev); 1652 if (crypto_priv == NULL) { 1653 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1654 return false; 1655 } 1656 1657 crypto_params = &(crypto_priv->crypto_params); 1658 1659 1660 mic_len = (crypto_priv->igtk_key_type 1661 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1662 hdrlen = sizeof(struct ieee80211_hdr); 1663 1664 if (mic_len == 8) 1665 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1666 else 1667 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1668 1669 1670 /* check Elem ID*/ 1671 if ((mmie == NULL) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1672 qdf_print("%s[%d] IE is not MMIE\n", __func__, __LINE__); 1673 return false; 1674 } 1675 1676 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1677 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1678 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1679 qdf_print("%s[%d] keyid not valid\n", __func__, __LINE__); 1680 return false; 1681 } 1682 1683 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1684 if (!key) { 1685 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1686 return false; 1687 } 1688 1689 /* validate ipn */ 1690 ipn = mmie->sequence_number; 1691 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1692 qdf_print("%s[%d] replay error\n", __func__, __LINE__); 1693 return false; 1694 } 1695 1696 buf = qdf_mem_malloc(len - hdrlen + 20); 1697 if (!buf) { 1698 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1699 return false; 1700 } 1701 aad = buf; 1702 1703 /* construct AAD */ 1704 hdr = (struct ieee80211_hdr *)frm; 1705 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1706 1707 /* FC type/subtype */ 1708 aad[0] = hdr->frame_control & 0xff; 1709 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1710 aad[1] = (hdr->frame_control & ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT 1711 | WLAN_FC_MOREDATA)) >> 8; 1712 /* A1 || A2 || A3 */ 1713 qdf_mem_copy(aad + 2, hdr->addr1, 3 * WLAN_ALEN); 1714 1715 /* 1716 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1717 */ 1718 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1719 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1720 qdf_mem_zero(mic, 16); 1721 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1722 ret = omac1_aes_128(key->keyval, buf, 1723 len - hdrlen + aad_len, mic); 1724 } else if (crypto_priv->igtk_key_type 1725 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1726 ret = omac1_aes_256(key->keyval, buf, 1727 len + aad_len - hdrlen, mic); 1728 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1729 || (crypto_priv->igtk_key_type 1730 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1731 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1732 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 1733 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1734 sizeof(nounce), buf, 1735 len + aad_len - hdrlen, mic); 1736 } 1737 1738 qdf_mem_free(buf); 1739 1740 if (ret < 0) { 1741 qdf_print("%s[%d] genarate mmie failed\n", __func__, __LINE__); 1742 return false; 1743 } 1744 1745 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 1746 qdf_print("%s[%d] mmie mismatch\n", __func__, __LINE__); 1747 /* MMIE MIC mismatch */ 1748 return false; 1749 } 1750 1751 /* Update the receive sequence number */ 1752 qdf_mem_copy(key->keyrsc, ipn, 6); 1753 qdf_print("%s[%d] mmie matched\n", __func__, __LINE__); 1754 1755 return true; 1756 } 1757 1758 1759 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 1760 { 1761 int32_t status = -1; 1762 1763 switch (cipher) { 1764 case WLAN_CRYPTO_CIPHER_TKIP: 1765 return WPA_CIPHER_SUITE_TKIP; 1766 case WLAN_CRYPTO_CIPHER_AES_CCM: 1767 return WPA_CIPHER_SUITE_CCMP; 1768 case WLAN_CRYPTO_CIPHER_NONE: 1769 return WPA_CIPHER_SUITE_NONE; 1770 } 1771 1772 return status; 1773 } 1774 1775 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 1776 { 1777 int32_t status = -1; 1778 1779 switch (cipher) { 1780 case WLAN_CRYPTO_CIPHER_TKIP: 1781 return RSN_CIPHER_SUITE_TKIP; 1782 case WLAN_CRYPTO_CIPHER_AES_CCM: 1783 return RSN_CIPHER_SUITE_CCMP; 1784 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 1785 return RSN_CIPHER_SUITE_CCMP_256; 1786 case WLAN_CRYPTO_CIPHER_AES_GCM: 1787 return RSN_CIPHER_SUITE_GCMP; 1788 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 1789 return RSN_CIPHER_SUITE_GCMP_256; 1790 case WLAN_CRYPTO_CIPHER_AES_CMAC: 1791 return RSN_CIPHER_SUITE_AES_CMAC; 1792 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 1793 return RSN_CIPHER_SUITE_BIP_CMAC_256; 1794 case WLAN_CRYPTO_CIPHER_AES_GMAC: 1795 return RSN_CIPHER_SUITE_BIP_GMAC_128; 1796 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 1797 return RSN_CIPHER_SUITE_BIP_GMAC_256; 1798 case WLAN_CRYPTO_CIPHER_NONE: 1799 return RSN_CIPHER_SUITE_NONE; 1800 } 1801 1802 return status; 1803 } 1804 1805 /* 1806 * Convert an RSN key management/authentication algorithm 1807 * to an internal code. 1808 */ 1809 static int32_t 1810 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 1811 { 1812 int32_t status = -1; 1813 1814 switch (keymgmt) { 1815 case WLAN_CRYPTO_KEY_MGMT_NONE: 1816 return RSN_AUTH_KEY_MGMT_NONE; 1817 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1818 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 1819 case WLAN_CRYPTO_KEY_MGMT_PSK: 1820 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1821 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 1822 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1823 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 1824 return RSN_AUTH_KEY_MGMT_FT_PSK; 1825 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 1826 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1827 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 1828 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1829 case WLAN_CRYPTO_KEY_MGMT_SAE: 1830 return RSN_AUTH_KEY_MGMT_SAE; 1831 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 1832 return RSN_AUTH_KEY_MGMT_FT_SAE; 1833 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 1834 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 1835 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 1836 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 1837 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1838 return RSN_AUTH_KEY_MGMT_CCKM; 1839 case WLAN_CRYPTO_KEY_MGMT_OSEN: 1840 return RSN_AUTH_KEY_MGMT_OSEN; 1841 } 1842 1843 return status; 1844 } 1845 1846 /* 1847 * Convert an RSN key management/authentication algorithm 1848 * to an internal code. 1849 */ 1850 static int32_t 1851 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 1852 { 1853 int32_t status = -1; 1854 1855 switch (keymgmt) { 1856 case WLAN_CRYPTO_KEY_MGMT_NONE: 1857 return WPA_AUTH_KEY_MGMT_NONE; 1858 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1859 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 1860 case WLAN_CRYPTO_KEY_MGMT_PSK: 1861 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1862 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1863 return WPA_AUTH_KEY_MGMT_CCKM; 1864 } 1865 1866 return status; 1867 } 1868 /** 1869 * Convert a WPA cipher selector OUI to an internal 1870 * cipher algorithm. Where appropriate we also 1871 * record any key length. 1872 */ 1873 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 1874 { 1875 uint32_t w = LE_READ_4(sel); 1876 int32_t status = -1; 1877 1878 switch (w) { 1879 case WPA_CIPHER_SUITE_TKIP: 1880 return WLAN_CRYPTO_CIPHER_TKIP; 1881 case WPA_CIPHER_SUITE_CCMP: 1882 return WLAN_CRYPTO_CIPHER_AES_CCM; 1883 case WPA_CIPHER_SUITE_NONE: 1884 return WLAN_CRYPTO_CIPHER_NONE; 1885 } 1886 1887 return status; 1888 } 1889 1890 /* 1891 * Convert a WPA key management/authentication algorithm 1892 * to an internal code. 1893 */ 1894 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 1895 { 1896 uint32_t w = LE_READ_4(sel); 1897 int32_t status = -1; 1898 1899 switch (w) { 1900 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 1901 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1902 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1903 return WLAN_CRYPTO_KEY_MGMT_PSK; 1904 case WPA_AUTH_KEY_MGMT_CCKM: 1905 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1906 case WPA_AUTH_KEY_MGMT_NONE: 1907 return WLAN_CRYPTO_KEY_MGMT_NONE; 1908 } 1909 return status; 1910 } 1911 1912 /* 1913 * Convert a RSN cipher selector OUI to an internal 1914 * cipher algorithm. Where appropriate we also 1915 * record any key length. 1916 */ 1917 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 1918 { 1919 uint32_t w = LE_READ_4(sel); 1920 int32_t status = -1; 1921 1922 switch (w) { 1923 case RSN_CIPHER_SUITE_TKIP: 1924 return WLAN_CRYPTO_CIPHER_TKIP; 1925 case RSN_CIPHER_SUITE_CCMP: 1926 return WLAN_CRYPTO_CIPHER_AES_CCM; 1927 case RSN_CIPHER_SUITE_CCMP_256: 1928 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 1929 case RSN_CIPHER_SUITE_GCMP: 1930 return WLAN_CRYPTO_CIPHER_AES_GCM; 1931 case RSN_CIPHER_SUITE_GCMP_256: 1932 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 1933 case RSN_CIPHER_SUITE_AES_CMAC: 1934 return WLAN_CRYPTO_CIPHER_AES_CMAC; 1935 case RSN_CIPHER_SUITE_BIP_CMAC_256: 1936 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 1937 case RSN_CIPHER_SUITE_BIP_GMAC_128: 1938 return WLAN_CRYPTO_CIPHER_AES_GMAC; 1939 case RSN_CIPHER_SUITE_BIP_GMAC_256: 1940 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 1941 case RSN_CIPHER_SUITE_NONE: 1942 return WLAN_CRYPTO_CIPHER_NONE; 1943 } 1944 1945 return status; 1946 } 1947 /* 1948 * Convert an RSN key management/authentication algorithm 1949 * to an internal code. 1950 */ 1951 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 1952 { 1953 uint32_t w = LE_READ_4(sel); 1954 int32_t status = -1; 1955 1956 switch (w) { 1957 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 1958 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1959 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1960 return WLAN_CRYPTO_KEY_MGMT_PSK; 1961 case RSN_AUTH_KEY_MGMT_FT_802_1X: 1962 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 1963 case RSN_AUTH_KEY_MGMT_FT_PSK: 1964 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 1965 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 1966 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 1967 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 1968 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 1969 case RSN_AUTH_KEY_MGMT_SAE: 1970 return WLAN_CRYPTO_KEY_MGMT_SAE; 1971 case RSN_AUTH_KEY_MGMT_FT_SAE: 1972 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 1973 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 1974 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 1975 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 1976 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 1977 case RSN_AUTH_KEY_MGMT_CCKM: 1978 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1979 case RSN_AUTH_KEY_MGMT_OSEN: 1980 return WLAN_CRYPTO_KEY_MGMT_OSEN; 1981 } 1982 1983 return status; 1984 } 1985 1986 /** 1987 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 1988 * @crypto params: crypto params 1989 * @iebuf: ie buffer 1990 * 1991 * This function gets called by mlme to check the contents of wpa is 1992 * matching with given crypto params 1993 * 1994 * Return: QDF_STATUS_SUCCESS - in case of success 1995 */ 1996 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 1997 uint8_t *frm){ 1998 uint8_t len = frm[1]; 1999 int32_t w; 2000 int n; 2001 2002 /* 2003 * Check the length once for fixed parts: OUI, type, 2004 * version, mcast cipher, and 2 selector counts. 2005 * Other, variable-length data, must be checked separately. 2006 */ 2007 RESET_AUTHMODE(crypto_params); 2008 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2009 2010 if (len < 14) 2011 return QDF_STATUS_E_INVAL; 2012 2013 frm += 6, len -= 4; 2014 2015 w = LE_READ_2(frm); 2016 if (w != WPA_VERSION) 2017 return QDF_STATUS_E_INVAL; 2018 2019 frm += 2, len -= 2; 2020 2021 /* multicast/group cipher */ 2022 RESET_MCAST_CIPHERS(crypto_params); 2023 w = wlan_crypto_wpa_suite_to_cipher(frm); 2024 if (w < 0) 2025 return QDF_STATUS_E_INVAL; 2026 SET_MCAST_CIPHER(crypto_params, w); 2027 frm += 4, len -= 4; 2028 2029 /* unicast ciphers */ 2030 n = LE_READ_2(frm); 2031 frm += 2, len -= 2; 2032 if (len < n*4+2) 2033 return QDF_STATUS_E_INVAL; 2034 2035 RESET_UCAST_CIPHERS(crypto_params); 2036 for (; n > 0; n--) { 2037 w = wlan_crypto_wpa_suite_to_cipher(frm); 2038 if (w < 0) 2039 return QDF_STATUS_E_INVAL; 2040 SET_UCAST_CIPHER(crypto_params, w); 2041 frm += 4, len -= 4; 2042 } 2043 2044 if (!crypto_params->ucastcipherset) 2045 return QDF_STATUS_E_INVAL; 2046 2047 /* key management algorithms */ 2048 n = LE_READ_2(frm); 2049 frm += 2, len -= 2; 2050 if (len < n*4) 2051 return QDF_STATUS_E_INVAL; 2052 2053 w = 0; 2054 RESET_KEY_MGMT(crypto_params); 2055 for (; n > 0; n--) { 2056 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2057 if (w < 0) 2058 return QDF_STATUS_E_INVAL; 2059 SET_KEY_MGMT(crypto_params, w); 2060 frm += 4, len -= 4; 2061 } 2062 2063 /* optional capabilities */ 2064 if (len >= 2) { 2065 crypto_params->rsn_caps = LE_READ_2(frm); 2066 frm += 2, len -= 2; 2067 } 2068 2069 return 0; 2070 } 2071 2072 /** 2073 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2074 * @crypto params: crypto params 2075 * @iebuf: ie buffer 2076 * 2077 * This function gets called by mlme to check the contents of wpa is 2078 * matching with given crypto params 2079 * 2080 * Return: QDF_STATUS_SUCCESS - in case of success 2081 */ 2082 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2083 uint8_t *frm){ 2084 uint8_t len = frm[1]; 2085 int32_t w; 2086 int n; 2087 2088 /* 2089 * Check the length once for fixed parts: OUI, type, 2090 * version, mcast cipher, and 2 selector counts. 2091 * Other, variable-length data, must be checked separately. 2092 */ 2093 RESET_AUTHMODE(crypto_params); 2094 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2095 2096 if (len < 14) 2097 return QDF_STATUS_E_INVAL; 2098 2099 frm += 2; 2100 /* NB: iswapoui already validated the OUI and type */ 2101 w = LE_READ_2(frm); 2102 if (w != RSN_VERSION) 2103 return QDF_STATUS_E_INVAL; 2104 2105 frm += 2, len -= 2; 2106 2107 /* multicast/group cipher */ 2108 RESET_MCAST_CIPHERS(crypto_params); 2109 w = wlan_crypto_rsn_suite_to_cipher(frm); 2110 if (w < 0) 2111 return QDF_STATUS_E_INVAL; 2112 SET_MCAST_CIPHER(crypto_params, w); 2113 frm += 4, len -= 4; 2114 2115 /* unicast ciphers */ 2116 n = LE_READ_2(frm); 2117 frm += 2, len -= 2; 2118 if (len < n*4+2) 2119 return QDF_STATUS_E_INVAL; 2120 2121 RESET_UCAST_CIPHERS(crypto_params); 2122 for (; n > 0; n--) { 2123 w = wlan_crypto_rsn_suite_to_cipher(frm); 2124 if (w < 0) 2125 return QDF_STATUS_E_INVAL; 2126 SET_UCAST_CIPHER(crypto_params, w); 2127 frm += 4, len -= 4; 2128 } 2129 2130 if (crypto_params->ucastcipherset == 0) 2131 return QDF_STATUS_E_INVAL; 2132 2133 /* key management algorithms */ 2134 n = LE_READ_2(frm); 2135 frm += 2, len -= 2; 2136 if (len < n*4) 2137 return QDF_STATUS_E_INVAL; 2138 w = 0; 2139 2140 RESET_KEY_MGMT(crypto_params); 2141 for (; n > 0; n--) { 2142 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2143 if (w < 0) 2144 return QDF_STATUS_E_INVAL; 2145 SET_KEY_MGMT(crypto_params, (1 << w)); 2146 frm += 4, len -= 4; 2147 } 2148 2149 /* optional capabilities */ 2150 if (len >= 2) { 2151 crypto_params->rsn_caps = LE_READ_2(frm); 2152 frm += 2, len -= 2; 2153 } 2154 2155 return QDF_STATUS_SUCCESS; 2156 } 2157 2158 /** 2159 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2160 * @vdev: vdev 2161 * @iebuf: ie buffer 2162 * 2163 * This function gets called by mlme to build wpaie from given vdev 2164 * 2165 * Return: end of buffer 2166 */ 2167 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2168 uint8_t *iebuf){ 2169 uint8_t *frm = iebuf; 2170 uint8_t *selcnt; 2171 struct wlan_crypto_comp_priv *crypto_priv; 2172 struct wlan_crypto_params *crypto_params; 2173 2174 if (!frm) 2175 return NULL; 2176 2177 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2178 2179 if (!crypto_params) 2180 return NULL; 2181 2182 *frm++ = WLAN_ELEMID_VENDOR; 2183 *frm++ = 0; 2184 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2185 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2186 2187 2188 /* multicast cipher */ 2189 if (MCIPHER_IS_TKIP(crypto_params)) { 2190 WLAN_CRYPTO_ADDSELECTOR(frm, 2191 wlan_crypto_wpa_cipher_to_suite( 2192 WLAN_CRYPTO_CIPHER_TKIP)); 2193 } else if (MCIPHER_IS_CCMP128(crypto_params)) { 2194 WLAN_CRYPTO_ADDSELECTOR(frm, 2195 wlan_crypto_wpa_cipher_to_suite( 2196 WLAN_CRYPTO_CIPHER_AES_CCM)); 2197 } 2198 /* unicast cipher list */ 2199 selcnt = frm; 2200 WLAN_CRYPTO_ADDSHORT(frm, 0); 2201 /* do not use CCMP unicast cipher in WPA mode */ 2202 if (UCIPHER_IS_TKIP(crypto_params)) { 2203 selcnt[0]++; 2204 WLAN_CRYPTO_ADDSELECTOR(frm, 2205 wlan_crypto_wpa_cipher_to_suite( 2206 WLAN_CRYPTO_CIPHER_TKIP)); 2207 } 2208 if (UCIPHER_IS_CCMP128(crypto_params)) { 2209 selcnt[0]++; 2210 WLAN_CRYPTO_ADDSELECTOR(frm, 2211 wlan_crypto_wpa_cipher_to_suite( 2212 WLAN_CRYPTO_CIPHER_AES_CCM)); 2213 } 2214 2215 /* authenticator selector list */ 2216 selcnt = frm; 2217 WLAN_CRYPTO_ADDSHORT(frm, 0); 2218 2219 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2220 selcnt[0]++; 2221 WLAN_CRYPTO_ADDSELECTOR(frm, 2222 wlan_crypto_wpa_keymgmt_to_suite( 2223 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2224 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2225 selcnt[0]++; 2226 WLAN_CRYPTO_ADDSELECTOR(frm, 2227 wlan_crypto_wpa_keymgmt_to_suite( 2228 WLAN_CRYPTO_KEY_MGMT_PSK)); 2229 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2230 selcnt[0]++; 2231 WLAN_CRYPTO_ADDSELECTOR(frm, 2232 wlan_crypto_wpa_keymgmt_to_suite( 2233 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2234 } else { 2235 selcnt[0]++; 2236 WLAN_CRYPTO_ADDSELECTOR(frm, 2237 wlan_crypto_wpa_keymgmt_to_suite( 2238 WLAN_CRYPTO_KEY_MGMT_NONE)); 2239 } 2240 /* calculate element length */ 2241 iebuf[1] = frm - iebuf - 2; 2242 2243 return frm; 2244 } 2245 2246 /** 2247 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2248 * @vdev: vdev 2249 * @iebuf: ie buffer 2250 * 2251 * This function gets called by mlme to build rsnie from given vdev 2252 * 2253 * Return: end of buffer 2254 */ 2255 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2256 uint8_t *iebuf){ 2257 uint8_t *frm = iebuf; 2258 uint8_t *selcnt; 2259 struct wlan_crypto_comp_priv *crypto_priv; 2260 struct wlan_crypto_params *crypto_params; 2261 2262 if (!frm) { 2263 return NULL; 2264 } 2265 2266 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2267 2268 if (!crypto_params) { 2269 return NULL; 2270 } 2271 2272 *frm++ = WLAN_ELEMID_RSN; 2273 *frm++ = 0; 2274 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2275 2276 2277 /* multicast cipher */ 2278 if (MCIPHER_IS_TKIP(crypto_params)) { 2279 WLAN_CRYPTO_ADDSELECTOR(frm, 2280 wlan_crypto_rsn_cipher_to_suite( 2281 WLAN_CRYPTO_CIPHER_TKIP)); 2282 } else if (MCIPHER_IS_CCMP128(crypto_params)) { 2283 WLAN_CRYPTO_ADDSELECTOR(frm, 2284 wlan_crypto_rsn_cipher_to_suite( 2285 WLAN_CRYPTO_CIPHER_AES_CCM)); 2286 } else if (MCIPHER_IS_CCMP256(crypto_params)) { 2287 WLAN_CRYPTO_ADDSELECTOR(frm, 2288 wlan_crypto_rsn_cipher_to_suite( 2289 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2290 } else if (MCIPHER_IS_GCMP128(crypto_params)) { 2291 WLAN_CRYPTO_ADDSELECTOR(frm, 2292 wlan_crypto_rsn_cipher_to_suite( 2293 WLAN_CRYPTO_CIPHER_AES_GCM)); 2294 } else if (MCIPHER_IS_GCMP256(crypto_params)) { 2295 WLAN_CRYPTO_ADDSELECTOR(frm, 2296 wlan_crypto_rsn_cipher_to_suite( 2297 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2298 } 2299 2300 /* unicast cipher list */ 2301 selcnt = frm; 2302 WLAN_CRYPTO_ADDSHORT(frm, 0); 2303 /* do not use CCMP unicast cipher in WPA mode */ 2304 if (UCIPHER_IS_TKIP(crypto_params)) { 2305 selcnt[0]++; 2306 WLAN_CRYPTO_ADDSELECTOR(frm, 2307 wlan_crypto_rsn_cipher_to_suite( 2308 WLAN_CRYPTO_CIPHER_TKIP)); 2309 } 2310 if (UCIPHER_IS_CCMP128(crypto_params)) { 2311 selcnt[0]++; 2312 WLAN_CRYPTO_ADDSELECTOR(frm, 2313 wlan_crypto_rsn_cipher_to_suite( 2314 WLAN_CRYPTO_CIPHER_AES_CCM)); 2315 } 2316 if (UCIPHER_IS_CCMP256(crypto_params)) { 2317 selcnt[0]++; 2318 WLAN_CRYPTO_ADDSELECTOR(frm, 2319 wlan_crypto_rsn_cipher_to_suite( 2320 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2321 } 2322 2323 if (UCIPHER_IS_GCMP128(crypto_params)) { 2324 selcnt[0]++; 2325 WLAN_CRYPTO_ADDSELECTOR(frm, 2326 wlan_crypto_rsn_cipher_to_suite( 2327 WLAN_CRYPTO_CIPHER_AES_GCM)); 2328 } 2329 if (UCIPHER_IS_GCMP256(crypto_params)) { 2330 selcnt[0]++; 2331 WLAN_CRYPTO_ADDSELECTOR(frm, 2332 wlan_crypto_rsn_cipher_to_suite( 2333 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2334 } 2335 2336 2337 /* authenticator selector list */ 2338 selcnt = frm; 2339 WLAN_CRYPTO_ADDSHORT(frm, 0); 2340 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2341 selcnt[0]++; 2342 WLAN_CRYPTO_ADDSELECTOR(frm, 2343 wlan_crypto_rsn_keymgmt_to_suite( 2344 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2345 } else { 2346 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2347 selcnt[0]++; 2348 WLAN_CRYPTO_ADDSELECTOR(frm, 2349 wlan_crypto_rsn_keymgmt_to_suite( 2350 WLAN_CRYPTO_KEY_MGMT_PSK)); 2351 } 2352 if (HAS_KEY_MGMT(crypto_params, 2353 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2354 selcnt[0]++; 2355 WLAN_CRYPTO_ADDSELECTOR(frm, 2356 wlan_crypto_rsn_keymgmt_to_suite( 2357 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2358 } 2359 if (HAS_KEY_MGMT(crypto_params, 2360 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2361 selcnt[0]++; 2362 WLAN_CRYPTO_ADDSELECTOR(frm, 2363 wlan_crypto_rsn_keymgmt_to_suite( 2364 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)); 2365 } 2366 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2367 selcnt[0]++; 2368 WLAN_CRYPTO_ADDSELECTOR(frm, 2369 wlan_crypto_rsn_keymgmt_to_suite( 2370 WLAN_CRYPTO_KEY_MGMT_FT_PSK)); 2371 } 2372 if (HAS_KEY_MGMT(crypto_params, 2373 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2374 selcnt[0]++; 2375 WLAN_CRYPTO_ADDSELECTOR(frm, 2376 wlan_crypto_rsn_keymgmt_to_suite( 2377 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)); 2378 } 2379 if (HAS_KEY_MGMT(crypto_params, 2380 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2381 selcnt[0]++; 2382 WLAN_CRYPTO_ADDSELECTOR(frm, 2383 wlan_crypto_rsn_keymgmt_to_suite( 2384 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)); 2385 } 2386 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2387 selcnt[0]++; 2388 WLAN_CRYPTO_ADDSELECTOR(frm, 2389 wlan_crypto_rsn_keymgmt_to_suite( 2390 WLAN_CRYPTO_KEY_MGMT_OSEN)); 2391 } 2392 } 2393 2394 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2395 /* optional capabilities */ 2396 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2397 /* PMK list */ 2398 WLAN_CRYPTO_ADDSHORT(frm, 0); 2399 if (HAS_MGMT_CIPHER(crypto_params, 2400 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2401 WLAN_CRYPTO_ADDSELECTOR(frm, 2402 wlan_crypto_rsn_cipher_to_suite( 2403 WLAN_CRYPTO_CIPHER_AES_CMAC)); 2404 } 2405 if (HAS_MGMT_CIPHER(crypto_params, 2406 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2407 WLAN_CRYPTO_ADDSELECTOR(frm, 2408 wlan_crypto_rsn_cipher_to_suite( 2409 WLAN_CRYPTO_CIPHER_AES_GMAC)); 2410 } 2411 if (HAS_MGMT_CIPHER(crypto_params, 2412 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2413 WLAN_CRYPTO_ADDSELECTOR(frm, 2414 wlan_crypto_rsn_cipher_to_suite( 2415 WLAN_CRYPTO_CIPHER_AES_CMAC_256)); 2416 } 2417 2418 if (HAS_MGMT_CIPHER(crypto_params, 2419 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2420 WLAN_CRYPTO_ADDSELECTOR(frm, 2421 wlan_crypto_rsn_cipher_to_suite( 2422 WLAN_CRYPTO_CIPHER_AES_GMAC_256)); 2423 } 2424 } 2425 2426 /* calculate element length */ 2427 iebuf[1] = frm - iebuf - 2; 2428 2429 return frm; 2430 } 2431 2432 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2433 struct wlan_crypto_params *crypto_params){ 2434 struct wlan_crypto_params *my_crypto_params; 2435 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2436 2437 if (!my_crypto_params) 2438 return false; 2439 /* 2440 * Check peer's pairwise ciphers. 2441 * At least one must match with our unicast cipher 2442 */ 2443 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2444 return false; 2445 /* 2446 * Check peer's group cipher is our enabled multicast cipher. 2447 */ 2448 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2449 return false; 2450 /* 2451 * Check peer's key management class set (PSK or UNSPEC) 2452 */ 2453 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) 2454 return false; 2455 2456 return true; 2457 } 2458 2459 /* 2460 * Convert an WAPI CIPHER suite to to an internal code. 2461 */ 2462 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2463 { 2464 uint32_t w = LE_READ_4(sel); 2465 int32_t status = -1; 2466 2467 switch (w) { 2468 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2469 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2470 } 2471 2472 return status; 2473 } 2474 2475 /* 2476 * Convert an WAPI key management/authentication algorithm 2477 * to an internal code. 2478 */ 2479 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2480 { 2481 uint32_t w = LE_READ_4(sel); 2482 int32_t status = -1; 2483 2484 switch (w) { 2485 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2486 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2487 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2488 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2489 } 2490 2491 return status; 2492 } 2493 /** 2494 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2495 * @crypto params: crypto params 2496 * @iebuf: ie buffer 2497 * 2498 * This function gets called by mlme to check the contents of wapi is 2499 * matching with given crypto params 2500 * 2501 * Return: QDF_STATUS_SUCCESS - in case of success 2502 */ 2503 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2504 uint8_t *frm) 2505 { 2506 uint8_t len = frm[1]; 2507 int32_t w; 2508 int n; 2509 2510 /* 2511 * Check the length once for fixed parts: OUI, type, 2512 * version, mcast cipher, and 2 selector counts. 2513 * Other, variable-length data, must be checked separately. 2514 */ 2515 RESET_AUTHMODE(crypto_params); 2516 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2517 2518 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2519 return QDF_STATUS_E_INVAL; 2520 2521 2522 frm += 2; 2523 2524 w = LE_READ_2(frm); 2525 frm += 2, len -= 2; 2526 if (w != WAPI_VERSION) 2527 return QDF_STATUS_E_INVAL; 2528 2529 n = LE_READ_2(frm); 2530 frm += 2, len -= 2; 2531 if (len < n*4+2) 2532 return QDF_STATUS_E_INVAL; 2533 2534 RESET_KEY_MGMT(crypto_params); 2535 for (; n > 0; n--) { 2536 w = wlan_crypto_wapi_keymgmt(frm); 2537 if (w < 0) 2538 return QDF_STATUS_E_INVAL; 2539 2540 SET_KEY_MGMT(crypto_params, w); 2541 frm += 4, len -= 4; 2542 } 2543 2544 /* unicast ciphers */ 2545 n = LE_READ_2(frm); 2546 frm += 2, len -= 2; 2547 if (len < n*4+2) 2548 return QDF_STATUS_E_INVAL; 2549 2550 RESET_UCAST_CIPHERS(crypto_params); 2551 for (; n > 0; n--) { 2552 w = wlan_crypto_wapi_suite_to_cipher(frm); 2553 if (w < 0) 2554 return QDF_STATUS_E_INVAL; 2555 SET_UCAST_CIPHER(crypto_params, w); 2556 frm += 4, len -= 4; 2557 } 2558 2559 if (!crypto_params->ucastcipherset) 2560 return QDF_STATUS_E_INVAL; 2561 2562 /* multicast/group cipher */ 2563 RESET_MCAST_CIPHERS(crypto_params); 2564 w = wlan_crypto_wapi_suite_to_cipher(frm); 2565 2566 if (w < 0) 2567 return QDF_STATUS_E_INVAL; 2568 2569 SET_MCAST_CIPHER(crypto_params, w); 2570 frm += 4, len -= 4; 2571 2572 return QDF_STATUS_SUCCESS; 2573 } 2574 2575 /** 2576 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2577 * @vdev: vdev 2578 * @iebuf: ie buffer 2579 * 2580 * This function gets called by mlme to build wapi ie from given vdev 2581 * 2582 * Return: end of buffer 2583 */ 2584 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2585 uint8_t *iebuf) 2586 { 2587 uint8_t *frm; 2588 uint8_t *selcnt; 2589 struct wlan_crypto_comp_priv *crypto_priv; 2590 struct wlan_crypto_params *crypto_params; 2591 2592 frm = iebuf; 2593 if (!frm) { 2594 qdf_print("%s[%d] ie buffer NULL\n", __func__, __LINE__); 2595 return NULL; 2596 } 2597 2598 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2599 2600 if (!crypto_params) { 2601 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 2602 return NULL; 2603 } 2604 2605 *frm++ = WLAN_ELEMID_WAPI; 2606 *frm++ = 0; 2607 2608 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 2609 2610 /* authenticator selector list */ 2611 selcnt = frm; 2612 WLAN_CRYPTO_ADDSHORT(frm, 0); 2613 2614 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 2615 selcnt[0]++; 2616 WLAN_CRYPTO_ADDSELECTOR(frm, 2617 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 2618 } 2619 2620 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 2621 selcnt[0]++; 2622 WLAN_CRYPTO_ADDSELECTOR(frm, 2623 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 2624 } 2625 2626 /* unicast cipher list */ 2627 selcnt = frm; 2628 WLAN_CRYPTO_ADDSHORT(frm, 0); 2629 2630 if (UCIPHER_IS_SMS4(crypto_params)) { 2631 selcnt[0]++; 2632 WLAN_CRYPTO_ADDSELECTOR(frm, 2633 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2634 } 2635 2636 WLAN_CRYPTO_ADDSELECTOR(frm, 2637 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2638 2639 /* optional capabilities */ 2640 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2641 2642 /* calculate element length */ 2643 iebuf[1] = frm - iebuf - 2; 2644 2645 return frm; 2646 2647 } 2648 2649 /** 2650 * wlan_crypto_pn_check - called by data patch for PN check 2651 * @vdev: vdev 2652 * @wbuf: wbuf 2653 * 2654 * This function gets called by data patch for PN check 2655 * 2656 * Return: QDF_STATUS 2657 */ 2658 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 2659 qdf_nbuf_t wbuf){ 2660 /* Need to check is there real requirement for this function 2661 * as PN check is already handled in decap function. 2662 */ 2663 return QDF_STATUS_SUCCESS; 2664 } 2665 2666 /** 2667 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 2668 * @vdev:vdev 2669 * 2670 * This function gets called by mlme to get crypto params 2671 * 2672 * Return: wlan_crypto_params or NULL in case of failure 2673 */ 2674 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 2675 struct wlan_objmgr_vdev *vdev){ 2676 struct wlan_crypto_comp_priv *crypto_priv; 2677 2678 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2679 } 2680 2681 /** 2682 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 2683 * @peer:peer 2684 * 2685 * This function gets called by mlme to get crypto params 2686 * 2687 * Return: wlan_crypto_params or NULL in case of failure 2688 */ 2689 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 2690 struct wlan_objmgr_peer *peer){ 2691 struct wlan_crypto_comp_priv *crypto_priv; 2692 2693 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 2694 } 2695 2696 2697 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 2698 struct wlan_objmgr_peer *peer) 2699 { 2700 struct wlan_crypto_comp_priv *crypto_priv; 2701 struct wlan_crypto_comp_priv *sta_crypto_priv; 2702 struct wlan_crypto_params *crypto_params; 2703 struct wlan_crypto_key *key; 2704 struct wlan_crypto_key *sta_key; 2705 struct wlan_crypto_cipher *cipher_table; 2706 struct wlan_objmgr_psoc *psoc; 2707 uint8_t *mac_addr; 2708 int i; 2709 enum QDF_OPMODE opmode; 2710 2711 if (!vdev) 2712 return QDF_STATUS_E_NULL_VALUE; 2713 2714 if (!peer) { 2715 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2716 return QDF_STATUS_E_INVAL; 2717 } 2718 2719 opmode = wlan_vdev_mlme_get_opmode(vdev); 2720 psoc = wlan_vdev_get_psoc(vdev); 2721 2722 if (!psoc) { 2723 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 2724 return QDF_STATUS_E_NULL_VALUE; 2725 } 2726 2727 wlan_peer_obj_lock(peer); 2728 mac_addr = wlan_peer_get_macaddr(peer); 2729 wlan_peer_obj_unlock(peer); 2730 2731 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2732 &crypto_priv); 2733 if (crypto_priv == NULL) { 2734 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 2735 return QDF_STATUS_E_NULL_VALUE; 2736 } 2737 2738 /* push only valid static WEP keys from vap */ 2739 if (AUTH_IS_8021X(crypto_params)) 2740 return QDF_STATUS_E_INVAL; 2741 2742 if (opmode == QDF_STA_MODE) { 2743 peer = wlan_vdev_get_bsspeer(vdev); 2744 if (!peer) { 2745 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2746 return QDF_STATUS_E_INVAL; 2747 } 2748 } 2749 2750 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 2751 if (sta_crypto_priv == NULL) { 2752 qdf_print("%s[%d] sta priv is null\n", __func__, __LINE__); 2753 return QDF_STATUS_E_INVAL; 2754 } 2755 2756 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 2757 if (crypto_priv->key[i]) { 2758 key = crypto_priv->key[i]; 2759 if (!key || !key->valid) 2760 continue; 2761 2762 cipher_table = (struct wlan_crypto_cipher *) 2763 key->cipher_table; 2764 2765 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 2766 sta_key = qdf_mem_malloc( 2767 sizeof(struct wlan_crypto_key)); 2768 if (!sta_key) { 2769 qdf_print("%s[%d] key alloc failed\n", 2770 __func__, __LINE__); 2771 return QDF_STATUS_E_NOMEM; 2772 } 2773 sta_crypto_priv->key[i] = sta_key; 2774 qdf_mem_copy(sta_key, key, 2775 sizeof(struct wlan_crypto_key)); 2776 2777 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 2778 2779 if (crypto_priv->def_tx_keyid == i) { 2780 sta_key->flags 2781 |= WLAN_CRYPTO_KEY_DEFAULT; 2782 sta_crypto_priv->def_tx_keyid = 2783 crypto_priv->def_tx_keyid; 2784 } 2785 /* setting the broadcast/multicast key for sta*/ 2786 if (opmode == QDF_STA_MODE || 2787 opmode == QDF_IBSS_MODE){ 2788 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2789 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 2790 vdev, sta_key, mac_addr, 2791 cipher_table->cipher); 2792 } 2793 } 2794 2795 /* setting unicast key */ 2796 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 2797 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2798 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 2799 sta_key, mac_addr, 2800 cipher_table->cipher); 2801 } 2802 } 2803 } 2804 } 2805 2806 return QDF_STATUS_SUCCESS; 2807 } 2808 2809 /** 2810 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 2811 * @crypto_rx_ops: crypto_rx_ops 2812 * 2813 * This function gets called by object manger to register crypto rx ops. 2814 * 2815 * Return: QDF_STATUS 2816 */ 2817 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 2818 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 2819 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 2820 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 2821 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 2822 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 2823 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 2824 2825 return QDF_STATUS_SUCCESS; 2826 } 2827 2828 /** 2829 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 2830 * @psoc: psoc 2831 * 2832 * This function gets called by umac to get the crypto_rx_ops 2833 * 2834 * Return: crypto_rx_ops 2835 */ 2836 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 2837 struct wlan_objmgr_psoc *psoc) 2838 { 2839 2840 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 2841 } 2842 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 2843 2844 /** 2845 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 2846 * @vdev: vdev 2847 * @authvalue: authvalue to be checked 2848 * 2849 * This function check is authvalue passed is set in vdev or not 2850 * 2851 * Return: true or false 2852 */ 2853 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 2854 wlan_crypto_auth_mode authvalue) 2855 { 2856 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 2857 & authvalue; 2858 } 2859 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 2860 2861 /** 2862 * wlan_crypto_peer_has_auth_mode - check authmode for peer 2863 * @peer: peer 2864 * @authvalue: authvalue to be checked 2865 * 2866 * This function check is authvalue passed is set in peer or not 2867 * 2868 * Return: true or false 2869 */ 2870 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 2871 wlan_crypto_auth_mode authvalue) 2872 { 2873 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 2874 & authvalue; 2875 } 2876 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 2877 2878 /** 2879 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 2880 * @vdev: vdev 2881 * @ucastcipher: ucastcipher to be checked 2882 * 2883 * This function check is ucastcipher passed is set in vdev or not 2884 * 2885 * Return: true or false 2886 */ 2887 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 2888 wlan_crypto_cipher_type ucastcipher) 2889 { 2890 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 2891 & ucastcipher; 2892 } 2893 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 2894 2895 /** 2896 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 2897 * @peer: peer 2898 * @ucastcipher: ucastcipher to be checked 2899 * 2900 * This function check is ucastcipher passed is set in peer or not 2901 * 2902 * Return: true or false 2903 */ 2904 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 2905 wlan_crypto_cipher_type ucastcipher) 2906 { 2907 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 2908 & ucastcipher; 2909 } 2910 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 2911 2912 /** 2913 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 2914 * @vdev: vdev 2915 * @mcastcipher: mcastcipher to be checked 2916 * 2917 * This function check is mcastcipher passed is set in vdev or not 2918 * 2919 * Return: true or false 2920 */ 2921 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 2922 wlan_crypto_cipher_type mcastcipher) 2923 { 2924 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 2925 & mcastcipher; 2926 } 2927 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 2928 2929 /** 2930 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 2931 * @peer: peer 2932 * @mcastcipher: mcastcipher to be checked 2933 * 2934 * This function check is mcastcipher passed is set in peer or not 2935 * 2936 * Return: true or false 2937 */ 2938 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 2939 wlan_crypto_cipher_type mcastcipher) 2940 { 2941 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 2942 & mcastcipher; 2943 } 2944 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 2945 2946 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 2947 { 2948 struct wlan_crypto_comp_priv *crypto_priv = NULL; 2949 2950 if (!peer) { 2951 qdf_print(FL("Invalid Input\n")); 2952 return 0; 2953 } 2954 2955 crypto_priv = wlan_get_peer_crypto_obj(peer); 2956 if (!crypto_priv) { 2957 qdf_print(FL("crypto_priv NULL\n")); 2958 return 0; 2959 } 2960 2961 return crypto_priv->fils_aead_set; 2962 } 2963 2964 void 2965 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 2966 { 2967 struct wlan_crypto_comp_priv *crypto_priv = NULL; 2968 2969 if (!peer) { 2970 qdf_print(FL("Invalid Input\n")); 2971 return; 2972 } 2973 2974 crypto_priv = wlan_get_peer_crypto_obj(peer); 2975 if (!crypto_priv) { 2976 qdf_print(FL("crypto_priv NULL\n")); 2977 return; 2978 } 2979 2980 crypto_priv->fils_aead_set = value; 2981 } 2982