1 /* 2 * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 /** 59 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 60 * @vdev:vdev 61 * 62 * This function gets called by mlme to get crypto params 63 * 64 * Return: wlan_crypto_params or NULL in case of failure 65 */ 66 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 67 struct wlan_objmgr_vdev *vdev, 68 struct wlan_crypto_comp_priv **crypto_priv){ 69 *crypto_priv = (struct wlan_crypto_comp_priv *) 70 wlan_get_vdev_crypto_obj(vdev); 71 if (!(*crypto_priv)) { 72 crypto_err("crypto_priv NULL"); 73 return NULL; 74 } 75 76 return &((*crypto_priv)->crypto_params); 77 } 78 79 /** 80 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 81 * @peer:peer 82 * 83 * This function gets called by mlme to get crypto params 84 * 85 * Return: wlan_crypto_params or NULL in case of failure 86 */ 87 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 88 struct wlan_objmgr_peer *peer, 89 struct wlan_crypto_comp_priv **crypto_priv){ 90 91 *crypto_priv = (struct wlan_crypto_comp_priv *) 92 wlan_get_peer_crypto_obj(peer); 93 if (!*crypto_priv) { 94 crypto_err("crypto_priv NULL"); 95 return NULL; 96 } 97 98 return &((*crypto_priv)->crypto_params); 99 } 100 101 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 102 { 103 return QDF_STATUS_SUCCESS; 104 } 105 106 /** 107 * wlan_crypto_set_param - called by ucfg to set crypto param 108 * @crypto_params: crypto_params 109 * @param: param to be set. 110 * @value: value 111 * 112 * This function gets called from ucfg to set param 113 * 114 * Return: QDF_STATUS_SUCCESS - in case of success 115 */ 116 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 117 wlan_crypto_param_type param, 118 uint32_t value){ 119 QDF_STATUS status = QDF_STATUS_E_INVAL; 120 121 crypto_debug("param %d, value %d", param, value); 122 switch (param) { 123 case WLAN_CRYPTO_PARAM_AUTH_MODE: 124 status = wlan_crypto_set_authmode(crypto_params, value); 125 break; 126 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 127 status = wlan_crypto_set_ucastciphers(crypto_params, value); 128 break; 129 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 130 status = wlan_crypto_set_mcastcipher(crypto_params, value); 131 break; 132 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 133 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 134 break; 135 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 136 status = wlan_crypto_set_cipher_cap(crypto_params, value); 137 break; 138 case WLAN_CRYPTO_PARAM_RSN_CAP: 139 status = wlan_crypto_set_rsn_cap(crypto_params, value); 140 break; 141 case WLAN_CRYPTO_PARAM_KEY_MGMT: 142 status = wlan_crypto_set_key_mgmt(crypto_params, value); 143 break; 144 default: 145 status = QDF_STATUS_E_INVAL; 146 } 147 return status; 148 } 149 150 /** 151 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 152 * @vdev: vdev 153 * @param: param to be set. 154 * @value: value 155 * 156 * This function gets called from ucfg to set param 157 * 158 * Return: QDF_STATUS_SUCCESS - in case of success 159 */ 160 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 161 wlan_crypto_param_type param, 162 uint32_t value){ 163 QDF_STATUS status = QDF_STATUS_E_INVAL; 164 struct wlan_crypto_comp_priv *crypto_priv; 165 struct wlan_crypto_params *crypto_params; 166 167 crypto_priv = (struct wlan_crypto_comp_priv *) 168 wlan_get_vdev_crypto_obj(vdev); 169 170 if (!crypto_priv) { 171 crypto_err("crypto_priv NULL"); 172 return QDF_STATUS_E_INVAL; 173 } 174 175 crypto_params = &(crypto_priv->crypto_params); 176 177 status = wlan_crypto_set_param(crypto_params, param, value); 178 179 return status; 180 } 181 182 /** 183 * wlan_crypto_set_param - called by ucfg to set crypto param 184 * 185 * @peer: peer 186 * @param: param to be set. 187 * @value: value 188 * 189 * This function gets called from ucfg to set param 190 * 191 * Return: QDF_STATUS_SUCCESS - in case of success 192 */ 193 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 194 wlan_crypto_param_type param, 195 uint32_t value){ 196 QDF_STATUS status = QDF_STATUS_E_INVAL; 197 struct wlan_crypto_comp_priv *crypto_priv; 198 struct wlan_crypto_params *crypto_params; 199 200 crypto_params = wlan_crypto_peer_get_comp_params(peer, 201 &crypto_priv); 202 203 if (!crypto_priv) { 204 crypto_err("crypto_priv NULL"); 205 return QDF_STATUS_E_INVAL; 206 } 207 208 crypto_params = &(crypto_priv->crypto_params); 209 210 status = wlan_crypto_set_param(crypto_params, param, value); 211 212 return status; 213 } 214 215 /** 216 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 217 * @param: Crypto param type 218 * @crypto_params: Crypto params struct 219 * 220 * This function gets called from in-within crypto layer 221 * 222 * Return: value or -1 for failure 223 */ 224 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 225 struct wlan_crypto_params *crypto_params) 226 { 227 int32_t value = -1; 228 229 switch (param) { 230 case WLAN_CRYPTO_PARAM_AUTH_MODE: 231 value = wlan_crypto_get_authmode(crypto_params); 232 break; 233 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 234 value = wlan_crypto_get_ucastciphers(crypto_params); 235 break; 236 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 237 value = wlan_crypto_get_mcastcipher(crypto_params); 238 break; 239 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 240 value = wlan_crypto_get_mgmtciphers(crypto_params); 241 break; 242 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 243 value = wlan_crypto_get_cipher_cap(crypto_params); 244 break; 245 case WLAN_CRYPTO_PARAM_RSN_CAP: 246 value = wlan_crypto_get_rsn_cap(crypto_params); 247 break; 248 case WLAN_CRYPTO_PARAM_KEY_MGMT: 249 value = wlan_crypto_get_key_mgmt(crypto_params); 250 break; 251 default: 252 value = QDF_STATUS_E_INVAL; 253 } 254 255 return value; 256 } 257 258 /** 259 * wlan_crypto_get_param - called to get value for param from vdev 260 * @vdev: vdev 261 * @param: Crypto param type 262 * 263 * This function gets called to get value for param from vdev 264 * 265 * Return: value or -1 for failure 266 */ 267 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 268 wlan_crypto_param_type param) 269 { 270 int32_t value = -1; 271 struct wlan_crypto_comp_priv *crypto_priv; 272 struct wlan_crypto_params *crypto_params; 273 crypto_priv = (struct wlan_crypto_comp_priv *) 274 wlan_get_vdev_crypto_obj(vdev); 275 276 if (!crypto_priv) { 277 crypto_err("crypto_priv NULL"); 278 return QDF_STATUS_E_INVAL; 279 } 280 281 crypto_params = &(crypto_priv->crypto_params); 282 value = wlan_crypto_get_param_value(param, crypto_params); 283 284 return value; 285 } 286 /** 287 * wlan_crypto_get_peer_param - called to get value for param from peer 288 * @peer: peer 289 * @param: Crypto param type 290 * 291 * This function gets called to get value for param from peer 292 * 293 * Return: value or -1 for failure 294 */ 295 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 296 wlan_crypto_param_type param) 297 { 298 int32_t value = -1; 299 struct wlan_crypto_comp_priv *crypto_priv; 300 struct wlan_crypto_params *crypto_params; 301 302 crypto_params = wlan_crypto_peer_get_comp_params(peer, 303 &crypto_priv); 304 305 if (!crypto_params) { 306 crypto_err("crypto_params NULL"); 307 return QDF_STATUS_E_INVAL; 308 } 309 value = wlan_crypto_get_param_value(param, crypto_params); 310 311 return value; 312 } 313 qdf_export_symbol(wlan_crypto_get_peer_param); 314 315 static 316 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 317 struct wlan_crypto_pmksa *pmksa) 318 { 319 uint8_t i, first_available_slot = 0; 320 bool slot_found = false; 321 322 /* find the empty slot or slot with same bssid */ 323 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 324 if (!crypto_params->pmksa[i]) { 325 if (!slot_found) { 326 slot_found = true; 327 first_available_slot = i; 328 } 329 continue; 330 } 331 if (qdf_is_macaddr_equal(&pmksa->bssid, 332 &crypto_params->pmksa[i]->bssid)) { 333 /* free the current pmksa and use this slot */ 334 qdf_mem_zero(crypto_params->pmksa[i], 335 sizeof(struct wlan_crypto_pmksa)); 336 qdf_mem_free(crypto_params->pmksa[i]); 337 crypto_params->pmksa[i] = pmksa; 338 return QDF_STATUS_SUCCESS; 339 } 340 } 341 342 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 343 crypto_err("no entry available for pmksa"); 344 return QDF_STATUS_E_INVAL; 345 } 346 crypto_params->pmksa[first_available_slot] = pmksa; 347 348 return QDF_STATUS_SUCCESS; 349 } 350 351 static 352 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 353 struct wlan_crypto_pmksa *pmksa) 354 { 355 uint8_t i; 356 357 /* find slot with same bssid */ 358 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 359 if (!crypto_params->pmksa[i]) 360 continue; 361 if (qdf_is_macaddr_equal(&pmksa->bssid, 362 &crypto_params->pmksa[i]->bssid)) { 363 qdf_mem_zero(crypto_params->pmksa[i], 364 sizeof(struct wlan_crypto_pmksa)); 365 qdf_mem_free(crypto_params->pmksa[i]); 366 crypto_params->pmksa[i] = NULL; 367 return QDF_STATUS_SUCCESS; 368 } 369 } 370 371 return QDF_STATUS_E_INVAL; 372 } 373 374 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 375 { 376 uint8_t i; 377 378 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 379 if (!crypto_params->pmksa[i]) 380 continue; 381 qdf_mem_zero(crypto_params->pmksa[i], 382 sizeof(struct wlan_crypto_pmksa)); 383 qdf_mem_free(crypto_params->pmksa[i]); 384 crypto_params->pmksa[i] = NULL; 385 } 386 387 return QDF_STATUS_SUCCESS; 388 } 389 390 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 391 struct wlan_crypto_pmksa *pmksa, 392 bool set) 393 { 394 QDF_STATUS status = QDF_STATUS_E_INVAL; 395 struct wlan_crypto_comp_priv *crypto_priv; 396 struct wlan_crypto_params *crypto_params; 397 enum QDF_OPMODE op_mode; 398 399 op_mode = wlan_vdev_mlme_get_opmode(vdev); 400 401 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 402 return QDF_STATUS_E_NOSUPPORT; 403 404 if (!pmksa && set) { 405 crypto_err("pmksa is NULL for set operation"); 406 return QDF_STATUS_E_INVAL; 407 } 408 crypto_priv = (struct wlan_crypto_comp_priv *) 409 wlan_get_vdev_crypto_obj(vdev); 410 411 if (!crypto_priv) { 412 crypto_err("crypto_priv NULL"); 413 return QDF_STATUS_E_INVAL; 414 } 415 416 crypto_params = &crypto_priv->crypto_params; 417 if (set) { 418 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 419 /* Set pmksa */ 420 } else { 421 /* del pmksa */ 422 if (!pmksa) 423 status = wlan_crypto_pmksa_flush(crypto_params); 424 else 425 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 426 } 427 428 return status; 429 } 430 431 struct wlan_crypto_pmksa * 432 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 433 { 434 struct wlan_crypto_comp_priv *crypto_priv; 435 struct wlan_crypto_params *crypto_params; 436 uint8_t i; 437 438 if (!bssid) { 439 crypto_err("bssid is NULL"); 440 return NULL; 441 } 442 crypto_priv = (struct wlan_crypto_comp_priv *) 443 wlan_get_vdev_crypto_obj(vdev); 444 445 if (!crypto_priv) { 446 crypto_err("crypto_priv NULL"); 447 return NULL; 448 } 449 450 crypto_params = &crypto_priv->crypto_params; 451 452 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 453 if (!crypto_params->pmksa[i]) 454 continue; 455 if (qdf_is_macaddr_equal(bssid, 456 &crypto_params->pmksa[i]->bssid)) { 457 return crypto_params->pmksa[i]; 458 } 459 } 460 461 return NULL; 462 } 463 /** 464 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 465 * @vdev: vdev 466 * @peer: peer 467 * 468 * This function gets called to check is HT allowed for cipher. 469 * HT is not allowed for wep and tkip. 470 * 471 * Return: 0 - not allowed or 1 - allowed 472 */ 473 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 474 struct wlan_objmgr_peer *peer) 475 { 476 int32_t ucast_cipher; 477 478 if (!(vdev || peer)) { 479 crypto_err("Invalid params"); 480 return 0; 481 } 482 483 if (vdev) 484 ucast_cipher = wlan_crypto_get_param(vdev, 485 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 486 else 487 ucast_cipher = wlan_crypto_get_peer_param(peer, 488 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 489 490 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 491 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 492 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 493 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 494 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 495 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 496 } 497 qdf_export_symbol(wlan_crypto_is_htallowed); 498 499 /** 500 * wlan_crypto_setkey - called by ucfg to setkey 501 * @vdev: vdev 502 * @req_key: req_key with cipher type, key macaddress 503 * 504 * This function gets called from ucfg to sey key 505 * 506 * Return: QDF_STATUS_SUCCESS - in case of success 507 */ 508 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 509 struct wlan_crypto_req_key *req_key){ 510 511 QDF_STATUS status = QDF_STATUS_E_INVAL; 512 struct wlan_crypto_comp_priv *crypto_priv; 513 struct wlan_crypto_params *crypto_params; 514 struct wlan_objmgr_psoc *psoc; 515 struct wlan_objmgr_peer *peer; 516 struct wlan_crypto_key *key = NULL; 517 const struct wlan_crypto_cipher *cipher; 518 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 519 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 520 bool isbcast; 521 enum QDF_OPMODE vdev_mode; 522 uint8_t igtk_idx = 0; 523 524 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 525 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 526 return QDF_STATUS_E_INVAL; 527 } 528 529 isbcast = qdf_is_macaddr_group( 530 (struct qdf_mac_addr *)req_key->macaddr); 531 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 532 /* zero length keys, only set default key id if flags are set*/ 533 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 534 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 535 && (!IS_MGMT_CIPHER(req_key->type))) { 536 wlan_crypto_default_key(vdev, 537 req_key->macaddr, 538 req_key->keyix, 539 !isbcast); 540 return QDF_STATUS_SUCCESS; 541 } 542 crypto_err("req_key len zero"); 543 return QDF_STATUS_E_INVAL; 544 } 545 546 cipher = wlan_crypto_cipher_ops[req_key->type]; 547 548 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 549 crypto_err("cipher invalid"); 550 return QDF_STATUS_E_INVAL; 551 } 552 553 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 554 (!IS_MGMT_CIPHER(req_key->type)) && 555 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 556 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 557 crypto_err("cipher invalid"); 558 return QDF_STATUS_E_INVAL; 559 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 560 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 561 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 562 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 563 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 564 return QDF_STATUS_E_INVAL; 565 } 566 567 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 568 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 569 | WLAN_CRYPTO_KEY_RECV)) { 570 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 571 | WLAN_CRYPTO_KEY_RECV); 572 } 573 } else { 574 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 575 && (!IS_MGMT_CIPHER(req_key->type))) { 576 return QDF_STATUS_E_INVAL; 577 } 578 579 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 580 | WLAN_CRYPTO_KEY_RECV); 581 if (isbcast) 582 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 583 } 584 585 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 586 587 wlan_vdev_obj_lock(vdev); 588 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 589 QDF_MAC_ADDR_SIZE); 590 psoc = wlan_vdev_get_psoc(vdev); 591 if (!psoc) { 592 wlan_vdev_obj_unlock(vdev); 593 crypto_err("psoc NULL"); 594 return QDF_STATUS_E_INVAL; 595 } 596 wlan_vdev_obj_unlock(vdev); 597 598 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 599 if (wlan_crypto_vdev_has_auth_mode(vdev, 600 (1 << WLAN_CRYPTO_AUTH_8021X))) { 601 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 602 } 603 } 604 605 if (isbcast) { 606 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 607 &crypto_priv); 608 if (!crypto_priv) { 609 crypto_err("crypto_priv NULL"); 610 return QDF_STATUS_E_INVAL; 611 } 612 613 if (IS_MGMT_CIPHER(req_key->type)) { 614 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 615 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 616 crypto_err("igtk key invalid keyid %d", 617 igtk_idx); 618 return QDF_STATUS_E_INVAL; 619 } 620 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 621 if (!key) 622 return QDF_STATUS_E_NOMEM; 623 624 if (crypto_priv->igtk_key[igtk_idx]) 625 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 626 627 crypto_priv->igtk_key[igtk_idx] = key; 628 crypto_priv->igtk_key_type = req_key->type; 629 crypto_priv->def_igtk_tx_keyid = igtk_idx; 630 } else { 631 if (IS_FILS_CIPHER(req_key->type)) { 632 crypto_err("FILS key is not for BroadCast pkt"); 633 return QDF_STATUS_E_INVAL; 634 } 635 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 636 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 637 return QDF_STATUS_E_INVAL; 638 } 639 if (!crypto_priv->key[req_key->keyix]) { 640 crypto_priv->key[req_key->keyix] 641 = qdf_mem_malloc( 642 sizeof(struct wlan_crypto_key)); 643 if (!crypto_priv->key[req_key->keyix]) 644 return QDF_STATUS_E_NOMEM; 645 } 646 key = crypto_priv->key[req_key->keyix]; 647 } 648 if (vdev_mode == QDF_STA_MODE) { 649 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 650 WLAN_CRYPTO_ID); 651 if (!peer) { 652 crypto_err("peer NULL"); 653 if (IS_MGMT_CIPHER(req_key->type)) { 654 crypto_priv->igtk_key[igtk_idx] = NULL; 655 crypto_priv->igtk_key_type 656 = WLAN_CRYPTO_CIPHER_NONE; 657 } else 658 crypto_priv->key[req_key->keyix] = NULL; 659 if (key) 660 qdf_mem_free(key); 661 return QDF_STATUS_E_INVAL; 662 } 663 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 664 QDF_MAC_ADDR_SIZE); 665 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 666 } 667 } else { 668 uint8_t pdev_id; 669 670 pdev_id = wlan_objmgr_pdev_get_pdev_id( 671 wlan_vdev_get_pdev(vdev)); 672 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 673 psoc, 674 pdev_id, 675 macaddr, 676 req_key->macaddr, 677 WLAN_CRYPTO_ID); 678 679 if (!peer) { 680 crypto_err("peer NULL"); 681 return QDF_STATUS_E_INVAL; 682 } 683 684 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 685 crypto_params = wlan_crypto_peer_get_comp_params(peer, 686 &crypto_priv); 687 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 688 689 if (!crypto_priv) { 690 crypto_err("crypto_priv NULL"); 691 return QDF_STATUS_E_INVAL; 692 } 693 if (IS_MGMT_CIPHER(req_key->type)) { 694 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 695 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 696 crypto_err("igtk key invalid keyid %d", 697 igtk_idx); 698 return QDF_STATUS_E_INVAL; 699 } 700 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 701 if (!key) 702 return QDF_STATUS_E_NOMEM; 703 704 if (crypto_priv->igtk_key[igtk_idx]) 705 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 706 707 crypto_priv->igtk_key[igtk_idx] = key; 708 crypto_priv->igtk_key_type = req_key->type; 709 crypto_priv->def_igtk_tx_keyid = igtk_idx; 710 } else { 711 uint16_t kid = req_key->keyix; 712 if (kid == WLAN_CRYPTO_KEYIX_NONE) 713 kid = 0; 714 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 715 crypto_err("invalid keyid %d", kid); 716 return QDF_STATUS_E_INVAL; 717 } 718 if (!crypto_priv->key[kid]) { 719 crypto_priv->key[kid] 720 = qdf_mem_malloc( 721 sizeof(struct wlan_crypto_key)); 722 if (!crypto_priv->key[kid]) 723 return QDF_STATUS_E_NOMEM; 724 } 725 key = crypto_priv->key[kid]; 726 } 727 } 728 729 /* alloc key might not required as it is already there */ 730 key->cipher_table = (void *)cipher; 731 key->keylen = req_key->keylen; 732 key->flags = req_key->flags; 733 734 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 735 key->keyix = 0; 736 else 737 key->keyix = req_key->keyix; 738 739 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 740 && (!IS_MGMT_CIPHER(req_key->type))) { 741 crypto_priv->def_tx_keyid = key->keyix; 742 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 743 } 744 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 745 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 746 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 747 0x5c, 0x36, 0x5c, 0x36, 748 0x5c, 0x36, 0x5c, 0x36, 749 0x5c, 0x36, 0x5c, 0x37}; 750 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 751 0x5c, 0x36, 0x5c, 0x36, 752 0x5c, 0x36, 0x5c, 0x36, 753 0x5c, 0x36, 0x5c, 0x36}; 754 755 /* During Tx PN should be increment and 756 * send but as per our implementation we increment only after 757 * Tx complete. So First packet PN check will be failed. 758 * To compensate increment the PN here by 2 759 */ 760 if (vdev_mode == QDF_SAP_MODE) { 761 iv_AP[15] += 2; 762 qdf_mem_copy(key->recviv, iv_STA, 763 WLAN_CRYPTO_WAPI_IV_SIZE); 764 qdf_mem_copy(key->txiv, iv_AP, 765 WLAN_CRYPTO_WAPI_IV_SIZE); 766 } else { 767 iv_STA[15] += 2; 768 qdf_mem_copy(key->recviv, iv_AP, 769 WLAN_CRYPTO_WAPI_IV_SIZE); 770 qdf_mem_copy(key->txiv, iv_STA, 771 WLAN_CRYPTO_WAPI_IV_SIZE); 772 } 773 } else { 774 uint8_t i = 0; 775 qdf_mem_copy((uint8_t *)(&key->keytsc), 776 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 777 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 778 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 779 (uint8_t *)(&req_key->keyrsc), 780 sizeof(key->keyrsc[0])); 781 } 782 } 783 784 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 785 key->valid = 1; 786 if ((IS_MGMT_CIPHER(req_key->type))) { 787 if (HAS_CIPHER_CAP(crypto_params, 788 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 789 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 790 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 791 key, macaddr, req_key->type); 792 } 793 } 794 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 795 status = wlan_crypto_set_igtk_key(key); 796 return status; 797 } else if (IS_FILS_CIPHER(req_key->type)) { 798 /* Take request key object to FILS setkey */ 799 key->private = req_key; 800 } else { 801 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 802 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 803 macaddr, req_key->type); 804 } 805 } 806 status = cipher->setkey(key); 807 808 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 809 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 810 (!IS_MGMT_CIPHER(req_key->type))) { 811 /* default xmit key */ 812 wlan_crypto_default_key(vdev, 813 req_key->macaddr, 814 req_key->keyix, 815 !isbcast); 816 } 817 818 return status; 819 } 820 821 /** 822 * wlan_crypto_get_keytype - get keytype 823 * @key: key 824 * 825 * This function gets keytype from key 826 * 827 * Return: keytype 828 */ 829 wlan_crypto_cipher_type wlan_crypto_get_key_type( 830 struct wlan_crypto_key *key){ 831 if (key && key->cipher_table) { 832 return ((struct wlan_crypto_cipher *) 833 (key->cipher_table))->cipher; 834 } 835 return WLAN_CRYPTO_CIPHER_NONE; 836 } 837 qdf_export_symbol(wlan_crypto_get_key_type); 838 /** 839 * wlan_crypto_vdev_getkey - get key from vdev 840 * @vdev: vdev 841 * @keyix: keyix 842 * 843 * This function gets key from vdev 844 * 845 * Return: key or NULL 846 */ 847 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 848 uint16_t keyix){ 849 struct wlan_crypto_comp_priv *crypto_priv; 850 struct wlan_crypto_params *crypto_params; 851 struct wlan_crypto_key *key = NULL; 852 853 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 854 855 if (!crypto_priv) { 856 crypto_err("crypto_priv NULL"); 857 return NULL; 858 } 859 /* for keyix 4,5 we return the igtk keys for keyix more than 5 860 * we return the default key, for all other keyix we return the 861 * key accordingly. 862 */ 863 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 864 keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 865 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 866 else if (keyix >= WLAN_CRYPTO_MAXKEYIDX) 867 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 868 else 869 key = crypto_priv->key[keyix]; 870 871 if (key && key->valid) 872 return key; 873 874 return NULL; 875 } 876 qdf_export_symbol(wlan_crypto_vdev_getkey); 877 878 /** 879 * wlan_crypto_peer_getkey - get key from peer 880 * @peer: peer 881 * @keyix: keyix 882 * 883 * This function gets key from peer 884 * 885 * Return: key or NULL 886 */ 887 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 888 uint16_t keyix){ 889 struct wlan_crypto_comp_priv *crypto_priv; 890 struct wlan_crypto_params *crypto_params; 891 struct wlan_crypto_key *key = NULL; 892 893 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 894 895 if (!crypto_priv) { 896 crypto_err("crypto_priv NULL"); 897 return NULL; 898 } 899 900 /* for keyix 4,5 we return the igtk keys for keyix more than 5 901 * we return the default key, for all other keyix we return the 902 * key accordingly. 903 */ 904 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 905 keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 906 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 907 else if (keyix >= WLAN_CRYPTO_MAXKEYIDX) 908 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 909 else 910 key = crypto_priv->key[keyix]; 911 912 if (key && key->valid) 913 return key; 914 915 return NULL; 916 } 917 qdf_export_symbol(wlan_crypto_peer_getkey); 918 919 /** 920 * wlan_crypto_getkey - called by ucfg to get key 921 * @vdev: vdev 922 * @req_key: key value will be copied in this req_key 923 * @mac_address: mac address of the peer for unicast key 924 * or broadcast address if group key is requested. 925 * 926 * This function gets called from ucfg to get key 927 * 928 * Return: QDF_STATUS_SUCCESS - in case of success 929 */ 930 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 931 struct wlan_crypto_req_key *req_key, 932 uint8_t *mac_addr){ 933 struct wlan_crypto_cipher *cipher_table; 934 struct wlan_crypto_key *key; 935 struct wlan_objmgr_psoc *psoc; 936 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 937 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 938 939 wlan_vdev_obj_lock(vdev); 940 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 941 QDF_MAC_ADDR_SIZE); 942 psoc = wlan_vdev_get_psoc(vdev); 943 if (!psoc) { 944 wlan_vdev_obj_unlock(vdev); 945 crypto_err("psoc NULL"); 946 return QDF_STATUS_E_INVAL; 947 } 948 wlan_vdev_obj_unlock(vdev); 949 950 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 951 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 952 if (!key) 953 return QDF_STATUS_E_INVAL; 954 } else { 955 struct wlan_objmgr_peer *peer; 956 uint8_t pdev_id; 957 958 pdev_id = wlan_objmgr_pdev_get_pdev_id( 959 wlan_vdev_get_pdev(vdev)); 960 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 961 psoc, 962 pdev_id, 963 macaddr, 964 mac_addr, 965 WLAN_CRYPTO_ID); 966 if (!peer) { 967 crypto_err("peer NULL"); 968 return QDF_STATUS_E_NOENT; 969 } 970 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 971 if (WLAN_CRYPTO_TX_OPS_GETPN(psoc) && 972 (req_key->flags & WLAN_CRYPTO_KEY_GET_PN)) 973 WLAN_CRYPTO_TX_OPS_GETPN(psoc)(vdev, mac_addr, 974 req_key->type); 975 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 976 if (!key) 977 return QDF_STATUS_E_INVAL; 978 } 979 980 if (key->valid) { 981 qdf_mem_copy(req_key->keydata, 982 key->keyval, key->keylen); 983 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 984 (uint8_t *)(&key->keytsc), 985 sizeof(req_key->keytsc)); 986 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 987 (uint8_t *)(&key->keyrsc[0]), 988 sizeof(req_key->keyrsc)); 989 req_key->keylen = key->keylen; 990 req_key->flags = key->flags; 991 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 992 993 if (!cipher_table) 994 return QDF_STATUS_SUCCESS; 995 996 req_key->type = cipher_table->cipher; 997 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 998 qdf_mem_copy((uint8_t *)(&req_key->txiv), 999 (uint8_t *)(key->txiv), 1000 sizeof(req_key->txiv)); 1001 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1002 (uint8_t *)(key->recviv), 1003 sizeof(req_key->recviv)); 1004 } 1005 } 1006 1007 return QDF_STATUS_SUCCESS; 1008 } 1009 1010 /** 1011 * wlan_crypto_delkey - called by ucfg to delete key 1012 * @vdev: vdev 1013 * @mac_address: mac address of the peer for unicast key 1014 * or broadcast address if group key is deleted. 1015 * @key_idx: key index to be deleted 1016 * 1017 * This function gets called from ucfg to delete key 1018 * 1019 * Return: QDF_STATUS_SUCCESS - in case of success 1020 */ 1021 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1022 uint8_t *macaddr, 1023 uint8_t key_idx){ 1024 struct wlan_crypto_comp_priv *crypto_priv; 1025 struct wlan_crypto_params *crypto_params; 1026 struct wlan_crypto_key *key; 1027 struct wlan_crypto_cipher *cipher_table; 1028 struct wlan_objmgr_psoc *psoc; 1029 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1030 1031 if (!vdev || !macaddr || 1032 (key_idx >= 1033 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 1034 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1035 vdev, macaddr, key_idx); 1036 return QDF_STATUS_E_INVAL; 1037 } 1038 1039 wlan_vdev_obj_lock(vdev); 1040 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1041 QDF_MAC_ADDR_SIZE); 1042 psoc = wlan_vdev_get_psoc(vdev); 1043 if (!psoc) { 1044 wlan_vdev_obj_unlock(vdev); 1045 crypto_err("psoc NULL"); 1046 return QDF_STATUS_E_INVAL; 1047 } 1048 wlan_vdev_obj_unlock(vdev); 1049 1050 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1051 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1052 &crypto_priv); 1053 if (!crypto_priv) { 1054 crypto_err("crypto_priv NULL"); 1055 return QDF_STATUS_E_INVAL; 1056 } 1057 } else { 1058 struct wlan_objmgr_peer *peer; 1059 uint8_t pdev_id; 1060 1061 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1062 wlan_vdev_get_pdev(vdev)); 1063 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1064 psoc, pdev_id, 1065 bssid_mac, 1066 macaddr, 1067 WLAN_CRYPTO_ID); 1068 if (!peer) { 1069 return QDF_STATUS_E_INVAL; 1070 } 1071 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1072 &crypto_priv); 1073 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1074 if (!crypto_priv) { 1075 crypto_err("crypto_priv NULL"); 1076 return QDF_STATUS_E_INVAL; 1077 } 1078 } 1079 1080 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1081 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1082 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1083 crypto_err("Igtk key invalid keyid %d", igtk_idx); 1084 return QDF_STATUS_E_INVAL; 1085 } 1086 key = crypto_priv->igtk_key[igtk_idx]; 1087 crypto_priv->igtk_key[igtk_idx] = NULL; 1088 if (key) 1089 key->valid = 0; 1090 } else { 1091 key = crypto_priv->key[key_idx]; 1092 crypto_priv->key[key_idx] = NULL; 1093 } 1094 1095 if (!key) 1096 return QDF_STATUS_E_INVAL; 1097 1098 if (key->valid) { 1099 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1100 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1101 1102 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1103 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 1104 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 1105 macaddr, cipher_table->cipher); 1106 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1107 if (key->private) 1108 qdf_mem_free(key->private); 1109 } 1110 } 1111 1112 /* Zero-out local key variables */ 1113 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1114 qdf_mem_free(key); 1115 1116 return QDF_STATUS_SUCCESS; 1117 } 1118 1119 #ifdef CRYPTO_SET_KEY_CONVERGED 1120 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1121 uint8_t key_idx, uint8_t *macaddr) 1122 { 1123 return QDF_STATUS_SUCCESS; 1124 } 1125 #else 1126 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1127 uint8_t key_idx, uint8_t *macaddr) 1128 { 1129 struct wlan_objmgr_psoc *psoc; 1130 1131 psoc = wlan_vdev_get_psoc(vdev); 1132 if (!psoc) { 1133 crypto_err("psoc is NULL"); 1134 return QDF_STATUS_E_INVAL; 1135 } 1136 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1137 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1138 macaddr); 1139 } 1140 1141 return QDF_STATUS_SUCCESS; 1142 } 1143 #endif 1144 1145 /** 1146 * wlan_crypto_default_key - called by ucfg to set default tx key 1147 * @vdev: vdev 1148 * @mac_address: mac address of the peer for unicast key 1149 * or broadcast address if group key need to made default. 1150 * @key_idx: key index to be made as default key 1151 * @unicast: is key was unicast or group key. 1152 * 1153 * This function gets called from ucfg to set default key 1154 * 1155 * Return: QDF_STATUS_SUCCESS - in case of success 1156 */ 1157 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1158 uint8_t *macaddr, 1159 uint8_t key_idx, 1160 bool unicast){ 1161 struct wlan_crypto_comp_priv *crypto_priv; 1162 struct wlan_crypto_params *crypto_params; 1163 struct wlan_crypto_key *key; 1164 struct wlan_objmgr_psoc *psoc; 1165 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1166 1167 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1168 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1169 vdev, macaddr, key_idx); 1170 return QDF_STATUS_E_INVAL; 1171 } 1172 1173 wlan_vdev_obj_lock(vdev); 1174 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1175 QDF_MAC_ADDR_SIZE); 1176 psoc = wlan_vdev_get_psoc(vdev); 1177 if (!psoc) { 1178 wlan_vdev_obj_unlock(vdev); 1179 crypto_err("psoc NULL"); 1180 return QDF_STATUS_E_INVAL; 1181 } 1182 wlan_vdev_obj_unlock(vdev); 1183 1184 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1185 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1186 &crypto_priv); 1187 if (!crypto_priv) { 1188 crypto_err("crypto_priv NULL"); 1189 return QDF_STATUS_E_INVAL; 1190 } 1191 1192 key = crypto_priv->key[key_idx]; 1193 if (!key) 1194 return QDF_STATUS_E_INVAL; 1195 } else { 1196 struct wlan_objmgr_peer *peer; 1197 uint8_t pdev_id; 1198 1199 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1200 wlan_vdev_get_pdev(vdev)); 1201 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1202 psoc, pdev_id, 1203 bssid_mac, 1204 macaddr, 1205 WLAN_CRYPTO_ID); 1206 1207 if (!peer) { 1208 crypto_err("peer NULL"); 1209 return QDF_STATUS_E_INVAL; 1210 } 1211 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1212 &crypto_priv); 1213 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1214 if (!crypto_priv) { 1215 crypto_err("crypto_priv NULL"); 1216 return QDF_STATUS_E_INVAL; 1217 } 1218 1219 key = crypto_priv->key[key_idx]; 1220 if (!key) 1221 return QDF_STATUS_E_INVAL; 1222 } 1223 if (!key->valid) 1224 return QDF_STATUS_E_INVAL; 1225 1226 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1227 QDF_STATUS_SUCCESS) 1228 return QDF_STATUS_E_INVAL; 1229 crypto_priv->def_tx_keyid = key_idx; 1230 1231 return QDF_STATUS_SUCCESS; 1232 } 1233 1234 /** 1235 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1236 * @vdev: vdev 1237 * @wbuf: wbuf 1238 * @macaddr: macaddr 1239 * @encapdone: is encapdone already or not. 1240 * 1241 * This function gets called from mgmt txrx to encap frame. 1242 * 1243 * Return: QDF_STATUS_SUCCESS - in case of success 1244 */ 1245 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1246 qdf_nbuf_t wbuf, 1247 uint8_t *mac_addr, 1248 uint8_t encapdone){ 1249 struct wlan_crypto_comp_priv *crypto_priv; 1250 struct wlan_crypto_params *crypto_params; 1251 struct wlan_crypto_key *key; 1252 QDF_STATUS status; 1253 struct wlan_crypto_cipher *cipher_table; 1254 struct wlan_objmgr_psoc *psoc; 1255 struct wlan_objmgr_peer *peer; 1256 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1257 uint8_t pdev_id; 1258 uint8_t hdrlen; 1259 enum QDF_OPMODE opmode; 1260 1261 opmode = wlan_vdev_mlme_get_opmode(vdev); 1262 wlan_vdev_obj_lock(vdev); 1263 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1264 QDF_MAC_ADDR_SIZE); 1265 psoc = wlan_vdev_get_psoc(vdev); 1266 if (!psoc) { 1267 wlan_vdev_obj_unlock(vdev); 1268 crypto_err("psoc NULL"); 1269 return QDF_STATUS_E_INVAL; 1270 } 1271 wlan_vdev_obj_unlock(vdev); 1272 1273 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1274 /* FILS Encap required only for (Re-)Assoc response */ 1275 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1276 1277 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1278 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1279 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1280 return QDF_STATUS_E_INVAL; 1281 } 1282 1283 if (peer) 1284 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1285 1286 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1287 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1288 &crypto_priv); 1289 if (!crypto_priv) { 1290 crypto_err("crypto_priv NULL"); 1291 return QDF_STATUS_E_INVAL; 1292 } 1293 1294 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1295 if (!key) 1296 return QDF_STATUS_E_INVAL; 1297 1298 } else { 1299 struct wlan_objmgr_peer *peer; 1300 uint8_t pdev_id; 1301 1302 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1303 wlan_vdev_get_pdev(vdev)); 1304 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1305 bssid_mac, mac_addr, 1306 WLAN_CRYPTO_ID); 1307 1308 if (!peer) { 1309 crypto_err("crypto_priv NULL"); 1310 return QDF_STATUS_E_INVAL; 1311 } 1312 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1313 &crypto_priv); 1314 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1315 1316 if (!crypto_priv) { 1317 crypto_err("crypto_priv NULL"); 1318 return QDF_STATUS_E_INVAL; 1319 } 1320 1321 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1322 if (!key) 1323 return QDF_STATUS_E_INVAL; 1324 } 1325 if (opmode == QDF_MONITOR_MODE) 1326 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1327 else 1328 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1329 (uint8_t *)qdf_nbuf_data(wbuf)); 1330 1331 /* if tkip, is counter measures enabled, then drop the frame */ 1332 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1333 status = cipher_table->encap(key, wbuf, encapdone, 1334 hdrlen); 1335 1336 return status; 1337 } 1338 qdf_export_symbol(wlan_crypto_encap); 1339 1340 /** 1341 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1342 * @vdev: vdev 1343 * @wbuf: wbuf 1344 * @macaddr: macaddr 1345 * @tid: tid of the frame 1346 * 1347 * This function gets called from mgmt txrx to decap frame. 1348 * 1349 * Return: QDF_STATUS_SUCCESS - in case of success 1350 */ 1351 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1352 qdf_nbuf_t wbuf, 1353 uint8_t *mac_addr, 1354 uint8_t tid){ 1355 struct wlan_crypto_comp_priv *crypto_priv; 1356 struct wlan_crypto_params *crypto_params; 1357 struct wlan_crypto_key *key; 1358 QDF_STATUS status; 1359 struct wlan_crypto_cipher *cipher_table; 1360 struct wlan_objmgr_psoc *psoc; 1361 struct wlan_objmgr_peer *peer; 1362 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1363 uint8_t keyid; 1364 uint8_t pdev_id; 1365 uint8_t hdrlen; 1366 enum QDF_OPMODE opmode; 1367 1368 opmode = wlan_vdev_mlme_get_opmode(vdev); 1369 wlan_vdev_obj_lock(vdev); 1370 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1371 QDF_MAC_ADDR_SIZE); 1372 psoc = wlan_vdev_get_psoc(vdev); 1373 if (!psoc) { 1374 wlan_vdev_obj_unlock(vdev); 1375 crypto_err("psoc NULL"); 1376 return QDF_STATUS_E_INVAL; 1377 } 1378 wlan_vdev_obj_unlock(vdev); 1379 1380 if (opmode == QDF_MONITOR_MODE) 1381 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1382 else 1383 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1384 (uint8_t *)qdf_nbuf_data(wbuf)); 1385 1386 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1387 1388 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1389 return QDF_STATUS_E_INVAL; 1390 1391 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1392 /* FILS Decap required only for (Re-)Assoc request */ 1393 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1394 1395 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1396 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1397 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1398 return QDF_STATUS_E_INVAL; 1399 } 1400 1401 if (peer) 1402 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1403 1404 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1405 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1406 &crypto_priv); 1407 if (!crypto_priv) { 1408 crypto_err("crypto_priv NULL"); 1409 return QDF_STATUS_E_INVAL; 1410 } 1411 1412 key = crypto_priv->key[keyid]; 1413 if (!key) 1414 return QDF_STATUS_E_INVAL; 1415 1416 } else { 1417 struct wlan_objmgr_peer *peer; 1418 uint8_t pdev_id; 1419 1420 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1421 wlan_vdev_get_pdev(vdev)); 1422 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1423 psoc, pdev_id, bssid_mac, 1424 mac_addr, WLAN_CRYPTO_ID); 1425 if (!peer) { 1426 crypto_err("peer NULL"); 1427 return QDF_STATUS_E_INVAL; 1428 } 1429 1430 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1431 &crypto_priv); 1432 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1433 1434 if (!crypto_priv) { 1435 crypto_err("crypto_priv NULL"); 1436 return QDF_STATUS_E_INVAL; 1437 } 1438 1439 key = crypto_priv->key[keyid]; 1440 if (!key) 1441 return QDF_STATUS_E_INVAL; 1442 } 1443 /* if tkip, is counter measures enabled, then drop the frame */ 1444 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1445 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1446 1447 return status; 1448 } 1449 qdf_export_symbol(wlan_crypto_decap); 1450 /** 1451 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1452 * @vdev: vdev 1453 * @wbuf: wbuf 1454 * @macaddr: macaddr 1455 * @encapdone: is encapdone already or not. 1456 * 1457 * This function gets called from mgmt txrx to adding mic to the frame. 1458 * 1459 * Return: QDF_STATUS_SUCCESS - in case of success 1460 */ 1461 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1462 qdf_nbuf_t wbuf, 1463 uint8_t *mac_addr, 1464 uint8_t encapdone){ 1465 struct wlan_crypto_comp_priv *crypto_priv; 1466 struct wlan_crypto_params *crypto_params; 1467 struct wlan_crypto_key *key; 1468 QDF_STATUS status; 1469 struct wlan_crypto_cipher *cipher_table; 1470 struct wlan_objmgr_psoc *psoc; 1471 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1472 uint8_t hdrlen; 1473 enum QDF_OPMODE opmode; 1474 1475 opmode = wlan_vdev_mlme_get_opmode(vdev); 1476 1477 1478 wlan_vdev_obj_lock(vdev); 1479 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1480 QDF_MAC_ADDR_SIZE); 1481 psoc = wlan_vdev_get_psoc(vdev); 1482 if (!psoc) { 1483 wlan_vdev_obj_unlock(vdev); 1484 crypto_err("psoc NULL"); 1485 return QDF_STATUS_E_INVAL; 1486 } 1487 wlan_vdev_obj_unlock(vdev); 1488 1489 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1490 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1491 &crypto_priv); 1492 if (!crypto_priv) { 1493 crypto_err("crypto_priv NULL"); 1494 return QDF_STATUS_E_INVAL; 1495 } 1496 1497 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1498 if (!key) 1499 return QDF_STATUS_E_INVAL; 1500 1501 } else { 1502 struct wlan_objmgr_peer *peer; 1503 uint8_t pdev_id; 1504 1505 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1506 wlan_vdev_get_pdev(vdev)); 1507 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1508 psoc, pdev_id, bssid_mac, 1509 mac_addr, WLAN_CRYPTO_ID); 1510 if (!peer) { 1511 crypto_err("crypto_priv NULL"); 1512 return QDF_STATUS_E_INVAL; 1513 } 1514 1515 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1516 &crypto_priv); 1517 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1518 1519 if (!crypto_priv) { 1520 crypto_err("crypto_priv NULL"); 1521 return QDF_STATUS_E_INVAL; 1522 } 1523 1524 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1525 if (!key) 1526 return QDF_STATUS_E_INVAL; 1527 } 1528 if (opmode == QDF_MONITOR_MODE) 1529 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1530 else 1531 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1532 (uint8_t *)qdf_nbuf_data(wbuf)); 1533 1534 /* if tkip, is counter measures enabled, then drop the frame */ 1535 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1536 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1537 1538 return status; 1539 } 1540 1541 /** 1542 * wlan_crypto_demic - called by mgmt for remove and check mic for 1543 * the frame based on cipher 1544 * @vdev: vdev 1545 * @wbuf: wbuf 1546 * @macaddr: macaddr 1547 * @tid: tid of the frame 1548 * @keyid: keyid in the received frame 1549 * This function gets called from mgmt txrx to decap frame. 1550 * 1551 * Return: QDF_STATUS_SUCCESS - in case of success 1552 */ 1553 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1554 qdf_nbuf_t wbuf, 1555 uint8_t *mac_addr, 1556 uint8_t tid, 1557 uint8_t keyid){ 1558 struct wlan_crypto_comp_priv *crypto_priv; 1559 struct wlan_crypto_params *crypto_params; 1560 struct wlan_crypto_key *key; 1561 QDF_STATUS status; 1562 struct wlan_crypto_cipher *cipher_table; 1563 struct wlan_objmgr_psoc *psoc; 1564 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1565 uint8_t hdrlen; 1566 enum QDF_OPMODE opmode; 1567 1568 opmode = wlan_vdev_mlme_get_opmode(vdev); 1569 1570 if (opmode == QDF_MONITOR_MODE) 1571 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1572 else 1573 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1574 (uint8_t *)qdf_nbuf_data(wbuf)); 1575 1576 wlan_vdev_obj_lock(vdev); 1577 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1578 QDF_MAC_ADDR_SIZE); 1579 psoc = wlan_vdev_get_psoc(vdev); 1580 if (!psoc) { 1581 wlan_vdev_obj_unlock(vdev); 1582 crypto_err("psoc NULL"); 1583 return QDF_STATUS_E_INVAL; 1584 } 1585 wlan_vdev_obj_unlock(vdev); 1586 1587 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1588 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1589 &crypto_priv); 1590 if (!crypto_priv) { 1591 crypto_err("crypto_priv NULL"); 1592 return QDF_STATUS_E_INVAL; 1593 } 1594 1595 key = crypto_priv->key[keyid]; 1596 if (!key) 1597 return QDF_STATUS_E_INVAL; 1598 1599 } else { 1600 struct wlan_objmgr_peer *peer; 1601 uint8_t pdev_id; 1602 1603 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1604 wlan_vdev_get_pdev(vdev)); 1605 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1606 psoc, pdev_id, bssid_mac, 1607 mac_addr, WLAN_CRYPTO_ID); 1608 if (!peer) { 1609 crypto_err("peer NULL"); 1610 return QDF_STATUS_E_INVAL; 1611 } 1612 1613 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1614 &crypto_priv); 1615 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1616 1617 if (!crypto_priv) { 1618 crypto_err("crypto_priv NULL"); 1619 return QDF_STATUS_E_INVAL; 1620 } 1621 1622 key = crypto_priv->key[keyid]; 1623 if (!key) 1624 return QDF_STATUS_E_INVAL; 1625 } 1626 /* if tkip, is counter measures enabled, then drop the frame */ 1627 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1628 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1629 1630 return status; 1631 } 1632 1633 /** 1634 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1635 * @vdev: vdev 1636 * 1637 * This function gets called to check is pmf enabled or not in vdev. 1638 * 1639 * Return: true or false 1640 */ 1641 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1642 { 1643 1644 struct wlan_crypto_comp_priv *crypto_priv; 1645 struct wlan_crypto_params *vdev_crypto_params; 1646 1647 if (!vdev) 1648 return false; 1649 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1650 &crypto_priv); 1651 if (!crypto_priv) { 1652 crypto_err("crypto_priv NULL"); 1653 return QDF_STATUS_E_INVAL; 1654 } 1655 1656 if ((vdev_crypto_params->rsn_caps & 1657 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1658 || (vdev_crypto_params->rsn_caps & 1659 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1660 return true; 1661 } 1662 1663 return false; 1664 } 1665 1666 /** 1667 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 1668 * @vdev: vdev 1669 * 1670 * This function gets called to check is pmf required or not in vdev. 1671 * 1672 * Return: true or false 1673 */ 1674 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 1675 { 1676 struct wlan_crypto_comp_priv *crypto_priv; 1677 struct wlan_crypto_params *vdev_crypto_params; 1678 1679 if (!vdev) 1680 return false; 1681 1682 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1683 &crypto_priv); 1684 if (!crypto_priv) { 1685 crypto_err("crypto_priv NULL"); 1686 return QDF_STATUS_E_INVAL; 1687 } 1688 1689 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 1690 return true; 1691 1692 return false; 1693 } 1694 1695 /** 1696 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1697 * @vdev: vdev 1698 * @peer: peer 1699 * 1700 * This function gets called by mgmt txrx to check is pmf enabled or not. 1701 * 1702 * Return: true or false 1703 */ 1704 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1705 struct wlan_objmgr_peer *peer){ 1706 1707 struct wlan_crypto_comp_priv *crypto_priv; 1708 struct wlan_crypto_params *vdev_crypto_params; 1709 struct wlan_crypto_params *peer_crypto_params; 1710 1711 if (!vdev || !peer) 1712 return false; 1713 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1714 &crypto_priv); 1715 if (!crypto_priv) { 1716 crypto_err("crypto_priv NULL"); 1717 return QDF_STATUS_E_INVAL; 1718 } 1719 1720 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1721 &crypto_priv); 1722 if (!crypto_priv) { 1723 crypto_err("crypto_priv NULL"); 1724 return QDF_STATUS_E_INVAL; 1725 } 1726 if (((vdev_crypto_params->rsn_caps & 1727 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1728 (peer_crypto_params->rsn_caps & 1729 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1730 || (vdev_crypto_params->rsn_caps & 1731 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1732 return true; 1733 } 1734 1735 return false; 1736 } 1737 1738 /** 1739 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 1740 * @vdev: vdev 1741 * @peer: peer 1742 * @keyidx : key index 1743 * 1744 * This function gets called by mgmt txrx to check if key is valid 1745 * 1746 * Return: true or false 1747 */ 1748 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 1749 struct wlan_objmgr_peer *peer, 1750 uint16_t keyidx) 1751 { 1752 struct wlan_crypto_key *key = NULL; 1753 1754 if (!vdev && !peer) 1755 return false; 1756 1757 if (peer) 1758 key = wlan_crypto_peer_getkey(peer, keyidx); 1759 else if (vdev) 1760 key = wlan_crypto_vdev_getkey(vdev, keyidx); 1761 1762 if ((key) && key->valid) 1763 return true; 1764 1765 return false; 1766 } 1767 1768 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1769 { 1770 a[0] = b[5]; 1771 a[1] = b[4]; 1772 a[2] = b[3]; 1773 a[3] = b[2]; 1774 a[4] = b[1]; 1775 a[5] = b[0]; 1776 } 1777 1778 /** 1779 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1780 * @vdev: vdev 1781 * @bfrm: frame starting pointer 1782 * @len: length of the frame 1783 * 1784 * This function gets called by mgmt txrx to add mmie in frame 1785 * 1786 * Return: end of frame or NULL in case failure 1787 */ 1788 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1789 uint8_t *bfrm, 1790 uint32_t len) { 1791 struct wlan_crypto_key *key; 1792 struct wlan_crypto_mmie *mmie; 1793 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1794 struct wlan_frame_hdr *hdr; 1795 uint32_t i, hdrlen, mic_len, aad_len; 1796 uint8_t mic[16]; 1797 struct wlan_crypto_comp_priv *crypto_priv; 1798 struct wlan_crypto_params *crypto_params; 1799 int32_t ret = -1; 1800 1801 if (!bfrm) { 1802 crypto_err("frame is NULL"); 1803 return NULL; 1804 } 1805 1806 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1807 &crypto_priv); 1808 if (!crypto_priv) { 1809 crypto_err("crypto_priv NULL"); 1810 return NULL; 1811 } 1812 1813 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1814 crypto_err("igtk key invalid keyid %d", 1815 crypto_priv->def_igtk_tx_keyid); 1816 return NULL; 1817 } 1818 1819 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1820 if (!key) { 1821 crypto_err("No igtk key present"); 1822 return NULL; 1823 } 1824 mic_len = (crypto_priv->igtk_key_type 1825 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1826 1827 efrm = bfrm + len; 1828 aad_len = 20; 1829 hdrlen = sizeof(struct wlan_frame_hdr); 1830 len += sizeof(struct wlan_crypto_mmie); 1831 1832 mmie = (struct wlan_crypto_mmie *) efrm; 1833 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1834 mmie->element_id = WLAN_ELEMID_MMIE; 1835 mmie->length = sizeof(*mmie) - 2; 1836 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1837 1838 mic_len = (crypto_priv->igtk_key_type 1839 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1840 if (mic_len == 8) { 1841 mmie->length -= 8; 1842 len -= 8; 1843 } 1844 /* PN = PN + 1 */ 1845 pn = (uint8_t *)&key->keytsc; 1846 1847 for (i = 0; i <= 5; i++) { 1848 pn[i]++; 1849 if (pn[i]) 1850 break; 1851 } 1852 1853 /* Copy IPN */ 1854 qdf_mem_copy(mmie->sequence_number, pn, 6); 1855 1856 hdr = (struct wlan_frame_hdr *) bfrm; 1857 1858 buf = qdf_mem_malloc(len - hdrlen + 20); 1859 if (!buf) 1860 return NULL; 1861 1862 qdf_mem_zero(buf, len - hdrlen + 20); 1863 aad = buf; 1864 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1865 1866 /* FC type/subtype */ 1867 aad[0] = hdr->i_fc[0]; 1868 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1869 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1870 | WLAN_FC1_MOREDATA)); 1871 /* A1 || A2 || A3 */ 1872 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 1873 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1874 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 1875 qdf_mem_zero(mic, 16); 1876 1877 /* 1878 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1879 */ 1880 1881 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1882 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1883 1884 ret = omac1_aes_128(key->keyval, buf, 1885 len + aad_len - hdrlen, mic); 1886 qdf_mem_copy(mmie->mic, mic, 8); 1887 1888 } else if (crypto_priv->igtk_key_type 1889 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1890 1891 ret = omac1_aes_256(key->keyval, buf, 1892 len + aad_len - hdrlen, mmie->mic); 1893 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1894 || (crypto_priv->igtk_key_type 1895 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1896 1897 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1898 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1899 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1900 sizeof(nounce), buf, 1901 len + aad_len - hdrlen, mmie->mic); 1902 } 1903 qdf_mem_free(buf); 1904 if (ret < 0) { 1905 crypto_err("add mmie failed"); 1906 return NULL; 1907 } 1908 1909 return bfrm + len; 1910 } 1911 1912 /** 1913 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1914 * @vdev: vdev 1915 * @frm: frame starting pointer 1916 * @efrm: end of frame pointer 1917 * 1918 * This function gets called by mgmt txrx to check mmie of the frame 1919 * 1920 * Return: true or false 1921 */ 1922 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1923 uint8_t *frm, 1924 uint8_t *efrm){ 1925 struct wlan_crypto_mmie *mmie = NULL; 1926 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1927 struct wlan_crypto_key *key; 1928 struct wlan_frame_hdr *hdr; 1929 uint16_t mic_len, hdrlen, len; 1930 struct wlan_crypto_comp_priv *crypto_priv; 1931 struct wlan_crypto_params *crypto_params; 1932 uint8_t aad_len = 20; 1933 int32_t ret = -1; 1934 1935 /* check if frame is illegal length */ 1936 if (!frm || !efrm || (efrm < frm) 1937 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 1938 crypto_err("Invalid params"); 1939 return false; 1940 } 1941 len = efrm - frm; 1942 crypto_priv = (struct wlan_crypto_comp_priv *) 1943 wlan_get_vdev_crypto_obj(vdev); 1944 if (!crypto_priv) { 1945 crypto_err("crypto_priv NULL"); 1946 return false; 1947 } 1948 1949 crypto_params = &(crypto_priv->crypto_params); 1950 1951 1952 mic_len = (crypto_priv->igtk_key_type 1953 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1954 hdrlen = sizeof(struct wlan_frame_hdr); 1955 1956 if (mic_len == 8) 1957 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1958 else 1959 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1960 1961 1962 /* check Elem ID*/ 1963 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1964 crypto_err("IE is not MMIE"); 1965 return false; 1966 } 1967 1968 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1969 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1970 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1971 crypto_err("keyid not valid"); 1972 return false; 1973 } 1974 1975 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1976 if (!key) { 1977 crypto_err("No igtk key present"); 1978 return false; 1979 } 1980 1981 /* validate ipn */ 1982 ipn = mmie->sequence_number; 1983 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1984 uint8_t *su = (uint8_t *)key->keyrsc; 1985 uint8_t *end = ipn + 6; 1986 1987 crypto_err("replay error :"); 1988 while (ipn < end) { 1989 crypto_err("expected pn = %x received pn = %x", 1990 *ipn++, *su++); 1991 } 1992 return false; 1993 } 1994 1995 buf = qdf_mem_malloc(len - hdrlen + 20); 1996 if (!buf) 1997 return false; 1998 1999 aad = buf; 2000 2001 /* construct AAD */ 2002 hdr = (struct wlan_frame_hdr *)frm; 2003 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2004 2005 /* FC type/subtype */ 2006 aad[0] = hdr->i_fc[0]; 2007 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2008 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2009 | WLAN_FC1_MOREDATA)); 2010 /* A1 || A2 || A3 */ 2011 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2012 2013 /* 2014 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2015 */ 2016 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2017 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2018 qdf_mem_zero(mic, 16); 2019 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2020 ret = omac1_aes_128(key->keyval, buf, 2021 len - hdrlen + aad_len, mic); 2022 } else if (crypto_priv->igtk_key_type 2023 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2024 ret = omac1_aes_256(key->keyval, buf, 2025 len + aad_len - hdrlen, mic); 2026 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2027 || (crypto_priv->igtk_key_type 2028 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2029 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2030 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 2031 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2032 sizeof(nounce), buf, 2033 len + aad_len - hdrlen, mic); 2034 } 2035 2036 qdf_mem_free(buf); 2037 2038 if (ret < 0) { 2039 crypto_err("genarate mmie failed"); 2040 return false; 2041 } 2042 2043 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2044 crypto_err("mmie mismatch"); 2045 /* MMIE MIC mismatch */ 2046 return false; 2047 } 2048 2049 /* Update the receive sequence number */ 2050 qdf_mem_copy(key->keyrsc, ipn, 6); 2051 crypto_debug("mmie matched"); 2052 2053 return true; 2054 } 2055 2056 2057 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2058 { 2059 int32_t status = -1; 2060 2061 switch (cipher) { 2062 case WLAN_CRYPTO_CIPHER_TKIP: 2063 return WPA_CIPHER_SUITE_TKIP; 2064 case WLAN_CRYPTO_CIPHER_AES_CCM: 2065 return WPA_CIPHER_SUITE_CCMP; 2066 case WLAN_CRYPTO_CIPHER_NONE: 2067 return WPA_CIPHER_SUITE_NONE; 2068 } 2069 2070 return status; 2071 } 2072 2073 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2074 { 2075 int32_t status = -1; 2076 2077 switch (cipher) { 2078 case WLAN_CRYPTO_CIPHER_TKIP: 2079 return RSN_CIPHER_SUITE_TKIP; 2080 case WLAN_CRYPTO_CIPHER_AES_CCM: 2081 return RSN_CIPHER_SUITE_CCMP; 2082 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2083 return RSN_CIPHER_SUITE_CCMP_256; 2084 case WLAN_CRYPTO_CIPHER_AES_GCM: 2085 return RSN_CIPHER_SUITE_GCMP; 2086 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2087 return RSN_CIPHER_SUITE_GCMP_256; 2088 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2089 return RSN_CIPHER_SUITE_AES_CMAC; 2090 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2091 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2092 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2093 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2094 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2095 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2096 case WLAN_CRYPTO_CIPHER_NONE: 2097 return RSN_CIPHER_SUITE_NONE; 2098 } 2099 2100 return status; 2101 } 2102 2103 /* 2104 * Convert an RSN key management/authentication algorithm 2105 * to an internal code. 2106 */ 2107 static int32_t 2108 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2109 { 2110 int32_t status = -1; 2111 2112 switch (keymgmt) { 2113 case WLAN_CRYPTO_KEY_MGMT_NONE: 2114 return RSN_AUTH_KEY_MGMT_NONE; 2115 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2116 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2117 case WLAN_CRYPTO_KEY_MGMT_PSK: 2118 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2119 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2120 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2121 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2122 return RSN_AUTH_KEY_MGMT_FT_PSK; 2123 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2124 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2125 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2126 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2127 case WLAN_CRYPTO_KEY_MGMT_SAE: 2128 return RSN_AUTH_KEY_MGMT_SAE; 2129 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2130 return RSN_AUTH_KEY_MGMT_FT_SAE; 2131 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2132 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2133 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2134 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2135 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2136 return RSN_AUTH_KEY_MGMT_CCKM; 2137 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2138 return RSN_AUTH_KEY_MGMT_OSEN; 2139 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2140 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2141 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2142 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2143 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2144 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2145 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2146 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2147 case WLAN_CRYPTO_KEY_MGMT_OWE: 2148 return RSN_AUTH_KEY_MGMT_OWE; 2149 case WLAN_CRYPTO_KEY_MGMT_DPP: 2150 return RSN_AUTH_KEY_MGMT_DPP; 2151 } 2152 2153 return status; 2154 } 2155 2156 /* 2157 * Convert an RSN key management/authentication algorithm 2158 * to an internal code. 2159 */ 2160 static int32_t 2161 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2162 { 2163 int32_t status = -1; 2164 2165 switch (keymgmt) { 2166 case WLAN_CRYPTO_KEY_MGMT_NONE: 2167 return WPA_AUTH_KEY_MGMT_NONE; 2168 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2169 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2170 case WLAN_CRYPTO_KEY_MGMT_PSK: 2171 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2172 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2173 return WPA_AUTH_KEY_MGMT_CCKM; 2174 } 2175 2176 return status; 2177 } 2178 /** 2179 * Convert a WPA cipher selector OUI to an internal 2180 * cipher algorithm. Where appropriate we also 2181 * record any key length. 2182 */ 2183 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 2184 { 2185 uint32_t w = LE_READ_4(sel); 2186 int32_t status = -1; 2187 2188 switch (w) { 2189 case WPA_CIPHER_SUITE_TKIP: 2190 return WLAN_CRYPTO_CIPHER_TKIP; 2191 case WPA_CIPHER_SUITE_CCMP: 2192 return WLAN_CRYPTO_CIPHER_AES_CCM; 2193 case WPA_CIPHER_SUITE_NONE: 2194 return WLAN_CRYPTO_CIPHER_NONE; 2195 } 2196 2197 return status; 2198 } 2199 2200 /* 2201 * Convert a WPA key management/authentication algorithm 2202 * to an internal code. 2203 */ 2204 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 2205 { 2206 uint32_t w = LE_READ_4(sel); 2207 int32_t status = -1; 2208 2209 switch (w) { 2210 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2211 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2212 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2213 return WLAN_CRYPTO_KEY_MGMT_PSK; 2214 case WPA_AUTH_KEY_MGMT_CCKM: 2215 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2216 case WPA_AUTH_KEY_MGMT_NONE: 2217 return WLAN_CRYPTO_KEY_MGMT_NONE; 2218 } 2219 return status; 2220 } 2221 2222 /* 2223 * Convert a RSN cipher selector OUI to an internal 2224 * cipher algorithm. Where appropriate we also 2225 * record any key length. 2226 */ 2227 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 2228 { 2229 uint32_t w = LE_READ_4(sel); 2230 int32_t status = -1; 2231 2232 switch (w) { 2233 case RSN_CIPHER_SUITE_TKIP: 2234 return WLAN_CRYPTO_CIPHER_TKIP; 2235 case RSN_CIPHER_SUITE_CCMP: 2236 return WLAN_CRYPTO_CIPHER_AES_CCM; 2237 case RSN_CIPHER_SUITE_CCMP_256: 2238 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2239 case RSN_CIPHER_SUITE_GCMP: 2240 return WLAN_CRYPTO_CIPHER_AES_GCM; 2241 case RSN_CIPHER_SUITE_GCMP_256: 2242 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2243 case RSN_CIPHER_SUITE_AES_CMAC: 2244 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2245 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2246 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2247 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2248 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2249 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2250 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2251 case RSN_CIPHER_SUITE_NONE: 2252 return WLAN_CRYPTO_CIPHER_NONE; 2253 } 2254 2255 return status; 2256 } 2257 /* 2258 * Convert an RSN key management/authentication algorithm 2259 * to an internal code. 2260 */ 2261 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2262 { 2263 uint32_t w = LE_READ_4(sel); 2264 int32_t status = -1; 2265 2266 switch (w) { 2267 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2268 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2269 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2270 return WLAN_CRYPTO_KEY_MGMT_PSK; 2271 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2272 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2273 case RSN_AUTH_KEY_MGMT_FT_PSK: 2274 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2275 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2276 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2277 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2278 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2279 case RSN_AUTH_KEY_MGMT_SAE: 2280 return WLAN_CRYPTO_KEY_MGMT_SAE; 2281 case RSN_AUTH_KEY_MGMT_FT_SAE: 2282 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2283 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2284 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2285 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2286 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2287 case RSN_AUTH_KEY_MGMT_CCKM: 2288 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2289 case RSN_AUTH_KEY_MGMT_OSEN: 2290 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2291 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2292 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2293 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2294 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2295 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2296 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2297 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2298 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2299 case RSN_AUTH_KEY_MGMT_OWE: 2300 return WLAN_CRYPTO_KEY_MGMT_OWE; 2301 case RSN_AUTH_KEY_MGMT_DPP: 2302 return WLAN_CRYPTO_KEY_MGMT_DPP; 2303 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2304 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2305 } 2306 2307 return status; 2308 } 2309 2310 /** 2311 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2312 * @crypto params: crypto params 2313 * @iebuf: ie buffer 2314 * 2315 * This function gets called by mlme to check the contents of wpa is 2316 * matching with given crypto params 2317 * 2318 * Return: QDF_STATUS_SUCCESS - in case of success 2319 */ 2320 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2321 uint8_t *frm){ 2322 uint8_t len = frm[1]; 2323 int32_t w; 2324 int n; 2325 2326 /* 2327 * Check the length once for fixed parts: OUI, type, 2328 * version, mcast cipher, and 2 selector counts. 2329 * Other, variable-length data, must be checked separately. 2330 */ 2331 RESET_AUTHMODE(crypto_params); 2332 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2333 2334 if (len < 14) 2335 return QDF_STATUS_E_INVAL; 2336 2337 frm += 6, len -= 4; 2338 2339 w = LE_READ_2(frm); 2340 if (w != WPA_VERSION) 2341 return QDF_STATUS_E_INVAL; 2342 2343 frm += 2, len -= 2; 2344 2345 /* multicast/group cipher */ 2346 RESET_MCAST_CIPHERS(crypto_params); 2347 w = wlan_crypto_wpa_suite_to_cipher(frm); 2348 if (w < 0) 2349 return QDF_STATUS_E_INVAL; 2350 SET_MCAST_CIPHER(crypto_params, w); 2351 frm += 4, len -= 4; 2352 2353 /* unicast ciphers */ 2354 n = LE_READ_2(frm); 2355 frm += 2, len -= 2; 2356 if (len < n*4+2) 2357 return QDF_STATUS_E_INVAL; 2358 2359 RESET_UCAST_CIPHERS(crypto_params); 2360 for (; n > 0; n--) { 2361 w = wlan_crypto_wpa_suite_to_cipher(frm); 2362 if (w < 0) 2363 return QDF_STATUS_E_INVAL; 2364 SET_UCAST_CIPHER(crypto_params, w); 2365 frm += 4, len -= 4; 2366 } 2367 2368 if (!crypto_params->ucastcipherset) 2369 return QDF_STATUS_E_INVAL; 2370 2371 /* key management algorithms */ 2372 n = LE_READ_2(frm); 2373 frm += 2, len -= 2; 2374 if (len < n*4) 2375 return QDF_STATUS_E_INVAL; 2376 2377 w = 0; 2378 RESET_KEY_MGMT(crypto_params); 2379 for (; n > 0; n--) { 2380 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2381 if (w < 0) 2382 return QDF_STATUS_E_INVAL; 2383 SET_KEY_MGMT(crypto_params, w); 2384 frm += 4, len -= 4; 2385 } 2386 2387 /* optional capabilities */ 2388 if (len >= 2) { 2389 crypto_params->rsn_caps = LE_READ_2(frm); 2390 frm += 2, len -= 2; 2391 } 2392 2393 return QDF_STATUS_SUCCESS; 2394 } 2395 2396 /** 2397 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2398 * @crypto params: crypto params 2399 * @iebuf: ie buffer 2400 * 2401 * This function gets called by mlme to check the contents of wpa is 2402 * matching with given crypto params 2403 * 2404 * Return: QDF_STATUS_SUCCESS - in case of success 2405 */ 2406 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2407 uint8_t *frm){ 2408 uint8_t len = frm[1]; 2409 int32_t w; 2410 int n; 2411 2412 /* Check the length once for fixed parts: OUI, type & version */ 2413 if (len < 2) 2414 return QDF_STATUS_E_INVAL; 2415 2416 /* initialize crypto params */ 2417 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2418 2419 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2420 2421 frm += 2; 2422 /* NB: iswapoui already validated the OUI and type */ 2423 w = LE_READ_2(frm); 2424 if (w != RSN_VERSION) 2425 return QDF_STATUS_E_INVAL; 2426 2427 frm += 2, len -= 2; 2428 2429 if (!len) { 2430 /* set defaults */ 2431 /* default group cipher CCMP-128 */ 2432 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2433 /* default ucast cipher CCMP-128 */ 2434 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2435 /* default key mgmt 8021x */ 2436 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2437 return QDF_STATUS_SUCCESS; 2438 } else if (len < 4) { 2439 return QDF_STATUS_E_INVAL; 2440 } 2441 2442 /* multicast/group cipher */ 2443 w = wlan_crypto_rsn_suite_to_cipher(frm); 2444 if (w < 0) 2445 return QDF_STATUS_E_INVAL; 2446 else { 2447 SET_MCAST_CIPHER(crypto_params, w); 2448 frm += 4, len -= 4; 2449 } 2450 2451 if (crypto_params->mcastcipherset == 0) 2452 return QDF_STATUS_E_INVAL; 2453 2454 if (!len) { 2455 /* default ucast cipher CCMP-128 */ 2456 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2457 /* default key mgmt 8021x */ 2458 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2459 return QDF_STATUS_SUCCESS; 2460 } else if (len < 2) { 2461 return QDF_STATUS_E_INVAL; 2462 } 2463 2464 /* unicast ciphers */ 2465 n = LE_READ_2(frm); 2466 frm += 2, len -= 2; 2467 if (n) { 2468 if (len < n * 4) 2469 return QDF_STATUS_E_INVAL; 2470 2471 for (; n > 0; n--) { 2472 w = wlan_crypto_rsn_suite_to_cipher(frm); 2473 if (w < 0) 2474 return QDF_STATUS_E_INVAL; 2475 SET_UCAST_CIPHER(crypto_params, w); 2476 frm += 4, len -= 4; 2477 } 2478 } else { 2479 /* default ucast cipher CCMP-128 */ 2480 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2481 } 2482 2483 if (crypto_params->ucastcipherset == 0) 2484 return QDF_STATUS_E_INVAL; 2485 2486 if (!len) { 2487 /* default key mgmt 8021x */ 2488 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2489 return QDF_STATUS_SUCCESS; 2490 } else if (len < 2) { 2491 return QDF_STATUS_E_INVAL; 2492 } 2493 2494 /* key management algorithms */ 2495 n = LE_READ_2(frm); 2496 frm += 2, len -= 2; 2497 2498 if (n) { 2499 if (len < n * 4) 2500 return QDF_STATUS_E_INVAL; 2501 2502 for (; n > 0; n--) { 2503 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2504 if (w < 0) 2505 return QDF_STATUS_E_INVAL; 2506 SET_KEY_MGMT(crypto_params, w); 2507 frm += 4, len -= 4; 2508 } 2509 } else { 2510 /* default key mgmt 8021x */ 2511 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2512 } 2513 2514 if (crypto_params->key_mgmt == 0) 2515 return QDF_STATUS_E_INVAL; 2516 2517 /* optional capabilities */ 2518 if (len >= 2) { 2519 crypto_params->rsn_caps = LE_READ_2(frm); 2520 frm += 2, len -= 2; 2521 } else if (len && len < 2) { 2522 return QDF_STATUS_E_INVAL; 2523 } 2524 2525 2526 /* PMKID */ 2527 if (len >= 2) { 2528 n = LE_READ_2(frm); 2529 frm += 2, len -= 2; 2530 if (n && len) { 2531 if (len >= n * PMKID_LEN) 2532 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2533 else 2534 return QDF_STATUS_E_INVAL; 2535 } else if (n && !len) { 2536 return QDF_STATUS_E_INVAL; 2537 } 2538 /*TODO: Save pmkid in params for further reference */ 2539 } 2540 2541 /* BIP */ 2542 if (!len && 2543 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2544 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2545 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2546 return QDF_STATUS_SUCCESS; 2547 } else if (len >= 4) { 2548 w = wlan_crypto_rsn_suite_to_cipher(frm); 2549 frm += 4, len -= 4; 2550 SET_MGMT_CIPHER(crypto_params, w); 2551 } 2552 2553 return QDF_STATUS_SUCCESS; 2554 } 2555 2556 /** 2557 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2558 * @vdev: vdev 2559 * @iebuf: ie buffer 2560 * 2561 * This function gets called by mlme to build wpaie from given vdev 2562 * 2563 * Return: end of buffer 2564 */ 2565 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2566 uint8_t *iebuf){ 2567 uint8_t *frm = iebuf; 2568 uint8_t *selcnt; 2569 struct wlan_crypto_comp_priv *crypto_priv; 2570 struct wlan_crypto_params *crypto_params; 2571 2572 if (!frm) 2573 return NULL; 2574 2575 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2576 2577 if (!crypto_params) 2578 return NULL; 2579 2580 *frm++ = WLAN_ELEMID_VENDOR; 2581 *frm++ = 0; 2582 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2583 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2584 2585 2586 /* multicast cipher */ 2587 if (MCIPHER_IS_TKIP(crypto_params)) 2588 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2589 else if (MCIPHER_IS_CCMP128(crypto_params)) 2590 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2591 2592 /* unicast cipher list */ 2593 selcnt = frm; 2594 WLAN_CRYPTO_ADDSHORT(frm, 0); 2595 /* do not use CCMP unicast cipher in WPA mode */ 2596 if (UCIPHER_IS_CCMP128(crypto_params)) { 2597 selcnt[0]++; 2598 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2599 } 2600 if (UCIPHER_IS_TKIP(crypto_params)) { 2601 selcnt[0]++; 2602 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2603 } 2604 2605 /* authenticator selector list */ 2606 selcnt = frm; 2607 WLAN_CRYPTO_ADDSHORT(frm, 0); 2608 2609 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2610 selcnt[0]++; 2611 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2612 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2613 selcnt[0]++; 2614 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2615 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2616 selcnt[0]++; 2617 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2618 } else { 2619 selcnt[0]++; 2620 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2621 } 2622 2623 /* optional capabilities */ 2624 if (crypto_params->rsn_caps != 0 && 2625 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2626 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2627 } 2628 2629 /* calculate element length */ 2630 iebuf[1] = frm - iebuf - 2; 2631 2632 return frm; 2633 } 2634 2635 /** 2636 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2637 * @vdev: vdev 2638 * @iebuf: ie buffer 2639 * @bssid: bssid mac address to add pmkid in rsnie 2640 * 2641 * This function gets called by mlme to build rsnie from given vdev 2642 * 2643 * Return: end of buffer 2644 */ 2645 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2646 uint8_t *iebuf, 2647 struct qdf_mac_addr *bssid) 2648 { 2649 uint8_t *frm = iebuf; 2650 uint8_t *selcnt; 2651 struct wlan_crypto_comp_priv *crypto_priv; 2652 struct wlan_crypto_params *crypto_params; 2653 2654 if (!frm) { 2655 return NULL; 2656 } 2657 2658 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2659 2660 if (!crypto_params) { 2661 return NULL; 2662 } 2663 2664 *frm++ = WLAN_ELEMID_RSN; 2665 *frm++ = 0; 2666 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2667 2668 2669 /* multicast cipher */ 2670 if (MCIPHER_IS_TKIP(crypto_params)) 2671 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2672 else if (MCIPHER_IS_CCMP128(crypto_params)) 2673 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2674 else if (MCIPHER_IS_CCMP256(crypto_params)) 2675 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2676 else if (MCIPHER_IS_GCMP128(crypto_params)) 2677 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2678 else if (MCIPHER_IS_GCMP256(crypto_params)) 2679 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2680 2681 /* unicast cipher list */ 2682 selcnt = frm; 2683 WLAN_CRYPTO_ADDSHORT(frm, 0); 2684 2685 if (UCIPHER_IS_CCMP256(crypto_params)) { 2686 selcnt[0]++; 2687 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2688 } 2689 if (UCIPHER_IS_GCMP256(crypto_params)) { 2690 selcnt[0]++; 2691 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2692 } 2693 if (UCIPHER_IS_CCMP128(crypto_params)) { 2694 selcnt[0]++; 2695 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2696 } 2697 if (UCIPHER_IS_GCMP128(crypto_params)) { 2698 selcnt[0]++; 2699 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2700 } 2701 if (UCIPHER_IS_TKIP(crypto_params)) { 2702 selcnt[0]++; 2703 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2704 } 2705 2706 /* authenticator selector list */ 2707 selcnt = frm; 2708 WLAN_CRYPTO_ADDSHORT(frm, 0); 2709 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2710 selcnt[0]++; 2711 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2712 /* Other key mgmt should not be added after CCKM */ 2713 goto add_rsn_caps; 2714 } 2715 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2716 selcnt[0]++; 2717 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2718 } 2719 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2720 selcnt[0]++; 2721 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2722 } 2723 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2724 selcnt[0]++; 2725 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2726 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2727 } 2728 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2729 selcnt[0]++; 2730 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2731 } 2732 if (HAS_KEY_MGMT(crypto_params, 2733 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2734 selcnt[0]++; 2735 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2736 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2737 } 2738 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2739 selcnt[0]++; 2740 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2741 } 2742 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2743 selcnt[0]++; 2744 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2745 } 2746 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2747 selcnt[0]++; 2748 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2749 } 2750 if (HAS_KEY_MGMT(crypto_params, 2751 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2752 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2753 2754 selcnt[0]++; 2755 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2756 } 2757 if (HAS_KEY_MGMT(crypto_params, 2758 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2759 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2760 2761 selcnt[0]++; 2762 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2763 } 2764 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2765 selcnt[0]++; 2766 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2767 } 2768 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2769 selcnt[0]++; 2770 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2771 } 2772 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2773 selcnt[0]++; 2774 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2775 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2776 } 2777 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2778 selcnt[0]++; 2779 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2780 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2781 } 2782 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2783 selcnt[0]++; 2784 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2785 } 2786 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 2787 selcnt[0]++; 2788 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 2789 } 2790 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2791 selcnt[0]++; 2792 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 2793 } 2794 add_rsn_caps: 2795 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2796 /* optional capabilities */ 2797 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2798 /* PMK list */ 2799 if (bssid) { 2800 struct wlan_crypto_pmksa *pmksa; 2801 2802 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2803 2804 if (pmksa) { 2805 WLAN_CRYPTO_ADDSHORT(frm, 1); 2806 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2807 frm += PMKID_LEN; 2808 } else { 2809 WLAN_CRYPTO_ADDSHORT(frm, 0); 2810 } 2811 } else 2812 WLAN_CRYPTO_ADDSHORT(frm, 0); 2813 2814 if (HAS_MGMT_CIPHER(crypto_params, 2815 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2816 RSN_ADD_CIPHER_TO_SUITE(frm, 2817 WLAN_CRYPTO_CIPHER_AES_CMAC); 2818 } 2819 if (HAS_MGMT_CIPHER(crypto_params, 2820 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2821 RSN_ADD_CIPHER_TO_SUITE(frm, 2822 WLAN_CRYPTO_CIPHER_AES_GMAC); 2823 } 2824 if (HAS_MGMT_CIPHER(crypto_params, 2825 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2826 RSN_ADD_CIPHER_TO_SUITE(frm, 2827 WLAN_CRYPTO_CIPHER_AES_CMAC_256 2828 ); 2829 } 2830 2831 if (HAS_MGMT_CIPHER(crypto_params, 2832 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2833 RSN_ADD_CIPHER_TO_SUITE(frm, 2834 WLAN_CRYPTO_CIPHER_AES_GMAC_256 2835 ); 2836 } 2837 } else { 2838 /* PMK list */ 2839 if (bssid) { 2840 struct wlan_crypto_pmksa *pmksa; 2841 2842 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2843 if (pmksa) { 2844 WLAN_CRYPTO_ADDSHORT(frm, 1); 2845 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2846 frm += PMKID_LEN; 2847 } else { 2848 WLAN_CRYPTO_ADDSHORT(frm, 0); 2849 } 2850 } 2851 } 2852 2853 /* calculate element length */ 2854 iebuf[1] = frm - iebuf - 2; 2855 2856 return frm; 2857 } 2858 2859 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2860 struct wlan_crypto_params *crypto_params){ 2861 struct wlan_crypto_params *my_crypto_params; 2862 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2863 2864 if (!my_crypto_params) { 2865 crypto_debug("vdev crypto params is NULL"); 2866 return false; 2867 } 2868 /* 2869 * Check peer's pairwise ciphers. 2870 * At least one must match with our unicast cipher 2871 */ 2872 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2873 crypto_debug("Unicast cipher match failed"); 2874 return false; 2875 } 2876 /* 2877 * Check peer's group cipher is our enabled multicast cipher. 2878 */ 2879 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2880 crypto_debug("Multicast cipher match failed"); 2881 return false; 2882 } 2883 /* 2884 * Check peer's key management class set (PSK or UNSPEC) 2885 */ 2886 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 2887 crypto_debug("Key mgmt match failed"); 2888 return false; 2889 } 2890 if (wlan_crypto_vdev_is_pmf_required(vdev) && 2891 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2892 crypto_debug("Peer is not PMF capable"); 2893 return false; 2894 } 2895 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 2896 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2897 crypto_debug("Peer needs PMF, but vdev is not capable"); 2898 return false; 2899 } 2900 2901 return true; 2902 } 2903 2904 /* 2905 * Convert an WAPI CIPHER suite to to an internal code. 2906 */ 2907 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2908 { 2909 uint32_t w = LE_READ_4(sel); 2910 int32_t status = -1; 2911 2912 switch (w) { 2913 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2914 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2915 } 2916 2917 return status; 2918 } 2919 2920 /* 2921 * Convert an WAPI key management/authentication algorithm 2922 * to an internal code. 2923 */ 2924 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2925 { 2926 uint32_t w = LE_READ_4(sel); 2927 int32_t status = -1; 2928 2929 switch (w) { 2930 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2931 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2932 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2933 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2934 } 2935 2936 return status; 2937 } 2938 /** 2939 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2940 * @crypto params: crypto params 2941 * @iebuf: ie buffer 2942 * 2943 * This function gets called by mlme to check the contents of wapi is 2944 * matching with given crypto params 2945 * 2946 * Return: QDF_STATUS_SUCCESS - in case of success 2947 */ 2948 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2949 uint8_t *frm) 2950 { 2951 uint8_t len = frm[1]; 2952 int32_t w; 2953 int n; 2954 2955 /* 2956 * Check the length once for fixed parts: OUI, type, 2957 * version, mcast cipher, and 2 selector counts. 2958 * Other, variable-length data, must be checked separately. 2959 */ 2960 RESET_AUTHMODE(crypto_params); 2961 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2962 2963 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2964 return QDF_STATUS_E_INVAL; 2965 2966 2967 frm += 2; 2968 2969 w = LE_READ_2(frm); 2970 frm += 2, len -= 2; 2971 if (w != WAPI_VERSION) 2972 return QDF_STATUS_E_INVAL; 2973 2974 n = LE_READ_2(frm); 2975 frm += 2, len -= 2; 2976 if (len < n*4+2) 2977 return QDF_STATUS_E_INVAL; 2978 2979 RESET_KEY_MGMT(crypto_params); 2980 for (; n > 0; n--) { 2981 w = wlan_crypto_wapi_keymgmt(frm); 2982 if (w < 0) 2983 return QDF_STATUS_E_INVAL; 2984 2985 SET_KEY_MGMT(crypto_params, w); 2986 frm += 4, len -= 4; 2987 } 2988 2989 /* unicast ciphers */ 2990 n = LE_READ_2(frm); 2991 frm += 2, len -= 2; 2992 if (len < n*4+2) 2993 return QDF_STATUS_E_INVAL; 2994 2995 RESET_UCAST_CIPHERS(crypto_params); 2996 for (; n > 0; n--) { 2997 w = wlan_crypto_wapi_suite_to_cipher(frm); 2998 if (w < 0) 2999 return QDF_STATUS_E_INVAL; 3000 SET_UCAST_CIPHER(crypto_params, w); 3001 frm += 4, len -= 4; 3002 } 3003 3004 if (!crypto_params->ucastcipherset) 3005 return QDF_STATUS_E_INVAL; 3006 3007 /* multicast/group cipher */ 3008 RESET_MCAST_CIPHERS(crypto_params); 3009 w = wlan_crypto_wapi_suite_to_cipher(frm); 3010 3011 if (w < 0) 3012 return QDF_STATUS_E_INVAL; 3013 3014 SET_MCAST_CIPHER(crypto_params, w); 3015 frm += 4, len -= 4; 3016 3017 return QDF_STATUS_SUCCESS; 3018 } 3019 3020 /** 3021 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3022 * @vdev: vdev 3023 * @iebuf: ie buffer 3024 * 3025 * This function gets called by mlme to build wapi ie from given vdev 3026 * 3027 * Return: end of buffer 3028 */ 3029 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3030 uint8_t *iebuf) 3031 { 3032 uint8_t *frm; 3033 uint8_t *selcnt; 3034 struct wlan_crypto_comp_priv *crypto_priv; 3035 struct wlan_crypto_params *crypto_params; 3036 3037 frm = iebuf; 3038 if (!frm) { 3039 crypto_err("ie buffer NULL"); 3040 return NULL; 3041 } 3042 3043 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3044 3045 if (!crypto_params) { 3046 crypto_err("crypto_params NULL"); 3047 return NULL; 3048 } 3049 3050 *frm++ = WLAN_ELEMID_WAPI; 3051 *frm++ = 0; 3052 3053 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3054 3055 /* authenticator selector list */ 3056 selcnt = frm; 3057 WLAN_CRYPTO_ADDSHORT(frm, 0); 3058 3059 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3060 selcnt[0]++; 3061 WLAN_CRYPTO_ADDSELECTOR(frm, 3062 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3063 } 3064 3065 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3066 selcnt[0]++; 3067 WLAN_CRYPTO_ADDSELECTOR(frm, 3068 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3069 } 3070 3071 /* unicast cipher list */ 3072 selcnt = frm; 3073 WLAN_CRYPTO_ADDSHORT(frm, 0); 3074 3075 if (UCIPHER_IS_SMS4(crypto_params)) { 3076 selcnt[0]++; 3077 WLAN_CRYPTO_ADDSELECTOR(frm, 3078 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3079 } 3080 3081 WLAN_CRYPTO_ADDSELECTOR(frm, 3082 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3083 3084 /* optional capabilities */ 3085 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3086 3087 /* bkid count */ 3088 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3089 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3090 WLAN_CRYPTO_ADDSHORT(frm, 0); 3091 3092 /* calculate element length */ 3093 iebuf[1] = frm - iebuf - 2; 3094 3095 return frm; 3096 3097 } 3098 3099 /** 3100 * wlan_crypto_pn_check - called by data patch for PN check 3101 * @vdev: vdev 3102 * @wbuf: wbuf 3103 * 3104 * This function gets called by data patch for PN check 3105 * 3106 * Return: QDF_STATUS 3107 */ 3108 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3109 qdf_nbuf_t wbuf){ 3110 /* Need to check is there real requirement for this function 3111 * as PN check is already handled in decap function. 3112 */ 3113 return QDF_STATUS_SUCCESS; 3114 } 3115 3116 /** 3117 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3118 * @vdev:vdev 3119 * 3120 * This function gets called by mlme to get crypto params 3121 * 3122 * Return: wlan_crypto_params or NULL in case of failure 3123 */ 3124 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3125 struct wlan_objmgr_vdev *vdev){ 3126 struct wlan_crypto_comp_priv *crypto_priv; 3127 3128 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3129 } 3130 3131 /** 3132 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3133 * @peer:peer 3134 * 3135 * This function gets called by mlme to get crypto params 3136 * 3137 * Return: wlan_crypto_params or NULL in case of failure 3138 */ 3139 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3140 struct wlan_objmgr_peer *peer){ 3141 struct wlan_crypto_comp_priv *crypto_priv; 3142 3143 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3144 } 3145 3146 3147 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3148 struct wlan_objmgr_peer *peer) 3149 { 3150 struct wlan_crypto_comp_priv *crypto_priv; 3151 struct wlan_crypto_comp_priv *sta_crypto_priv; 3152 struct wlan_crypto_params *crypto_params; 3153 struct wlan_crypto_key *key; 3154 struct wlan_crypto_key *sta_key; 3155 struct wlan_crypto_cipher *cipher_table; 3156 struct wlan_objmgr_psoc *psoc; 3157 uint8_t *mac_addr; 3158 int i; 3159 enum QDF_OPMODE opmode; 3160 QDF_STATUS status = QDF_STATUS_SUCCESS; 3161 3162 if (!vdev) 3163 return QDF_STATUS_E_NULL_VALUE; 3164 3165 if (!peer) { 3166 crypto_debug("peer NULL"); 3167 return QDF_STATUS_E_INVAL; 3168 } 3169 3170 opmode = wlan_vdev_mlme_get_opmode(vdev); 3171 psoc = wlan_vdev_get_psoc(vdev); 3172 3173 if (!psoc) { 3174 crypto_err("psoc NULL"); 3175 return QDF_STATUS_E_NULL_VALUE; 3176 } 3177 3178 wlan_peer_obj_lock(peer); 3179 mac_addr = wlan_peer_get_macaddr(peer); 3180 wlan_peer_obj_unlock(peer); 3181 3182 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3183 &crypto_priv); 3184 if (!crypto_priv) { 3185 crypto_err("crypto_priv NULL"); 3186 return QDF_STATUS_E_NULL_VALUE; 3187 } 3188 3189 /* push only valid static WEP keys from vap */ 3190 if (AUTH_IS_8021X(crypto_params)) 3191 return QDF_STATUS_E_INVAL; 3192 3193 if (opmode == QDF_STA_MODE) { 3194 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3195 if (!peer) { 3196 crypto_debug("peer NULL"); 3197 return QDF_STATUS_E_INVAL; 3198 } 3199 } 3200 3201 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3202 if (!sta_crypto_priv) { 3203 crypto_err("sta priv is null"); 3204 status = QDF_STATUS_E_INVAL; 3205 goto exit; 3206 } 3207 3208 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3209 if (crypto_priv->key[i]) { 3210 key = crypto_priv->key[i]; 3211 if (!key || !key->valid) 3212 continue; 3213 3214 cipher_table = (struct wlan_crypto_cipher *) 3215 key->cipher_table; 3216 3217 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3218 sta_key = qdf_mem_malloc( 3219 sizeof(struct wlan_crypto_key)); 3220 if (!sta_key) { 3221 status = QDF_STATUS_E_NOMEM; 3222 goto exit; 3223 } 3224 3225 sta_crypto_priv->key[i] = sta_key; 3226 qdf_mem_copy(sta_key, key, 3227 sizeof(struct wlan_crypto_key)); 3228 3229 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3230 3231 if (crypto_priv->def_tx_keyid == i) { 3232 sta_key->flags 3233 |= WLAN_CRYPTO_KEY_DEFAULT; 3234 sta_crypto_priv->def_tx_keyid = 3235 crypto_priv->def_tx_keyid; 3236 } 3237 /* setting the broadcast/multicast key for sta*/ 3238 if (opmode == QDF_STA_MODE || 3239 opmode == QDF_IBSS_MODE){ 3240 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3241 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 3242 vdev, sta_key, mac_addr, 3243 cipher_table->cipher); 3244 } 3245 } 3246 3247 /* setting unicast key */ 3248 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3249 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3250 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 3251 sta_key, mac_addr, 3252 cipher_table->cipher); 3253 } 3254 } 3255 } 3256 } 3257 3258 exit: 3259 if (opmode == QDF_STA_MODE) 3260 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3261 3262 return status; 3263 } 3264 3265 /** 3266 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3267 * @crypto_rx_ops: crypto_rx_ops 3268 * 3269 * This function gets called by object manger to register crypto rx ops. 3270 * 3271 * Return: QDF_STATUS 3272 */ 3273 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3274 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3275 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3276 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3277 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3278 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3279 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3280 3281 return QDF_STATUS_SUCCESS; 3282 } 3283 3284 /** 3285 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3286 * @psoc: psoc 3287 * 3288 * This function gets called by umac to get the crypto_rx_ops 3289 * 3290 * Return: crypto_rx_ops 3291 */ 3292 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3293 struct wlan_objmgr_psoc *psoc) 3294 { 3295 3296 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 3297 } 3298 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3299 3300 /** 3301 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3302 * @vdev: vdev 3303 * @authvalue: authvalue to be checked 3304 * 3305 * This function check is authvalue passed is set in vdev or not 3306 * 3307 * Return: true or false 3308 */ 3309 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3310 wlan_crypto_auth_mode authvalue) 3311 { 3312 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 3313 & authvalue; 3314 } 3315 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3316 3317 /** 3318 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3319 * @peer: peer 3320 * @authvalue: authvalue to be checked 3321 * 3322 * This function check is authvalue passed is set in peer or not 3323 * 3324 * Return: true or false 3325 */ 3326 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3327 wlan_crypto_auth_mode authvalue) 3328 { 3329 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3330 & authvalue; 3331 } 3332 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3333 3334 /** 3335 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3336 * @vdev: vdev 3337 * @ucastcipher: ucastcipher to be checked 3338 * 3339 * This function check is ucastcipher passed is set in vdev or not 3340 * 3341 * Return: true or false 3342 */ 3343 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3344 wlan_crypto_cipher_type ucastcipher) 3345 { 3346 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3347 & ucastcipher; 3348 } 3349 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3350 3351 /** 3352 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3353 * @peer: peer 3354 * @ucastcipher: ucastcipher to be checked 3355 * 3356 * This function check is ucastcipher passed is set in peer or not 3357 * 3358 * Return: true or false 3359 */ 3360 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3361 wlan_crypto_cipher_type ucastcipher) 3362 { 3363 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3364 & ucastcipher; 3365 } 3366 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3367 3368 /** 3369 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3370 * @vdev: vdev 3371 * @mcastcipher: mcastcipher to be checked 3372 * 3373 * This function check is mcastcipher passed is set in vdev or not 3374 * 3375 * Return: true or false 3376 */ 3377 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3378 wlan_crypto_cipher_type mcastcipher) 3379 { 3380 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3381 & mcastcipher; 3382 } 3383 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3384 3385 /** 3386 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3387 * @peer: peer 3388 * @mcastcipher: mcastcipher to be checked 3389 * 3390 * This function check is mcastcipher passed is set in peer or not 3391 * 3392 * Return: true or false 3393 */ 3394 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3395 wlan_crypto_cipher_type mcastcipher) 3396 { 3397 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3398 & mcastcipher; 3399 } 3400 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3401 3402 /** 3403 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3404 * @vdev: vdev 3405 * @mgmtcipher: mgmtcipher to be checked 3406 * 3407 * This function checks any one of mgmtciphers are supported by vdev or not. 3408 * 3409 * Return: true or false 3410 */ 3411 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3412 uint32_t mgmtcipher) 3413 { 3414 return (wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3415 & mgmtcipher) != 0; 3416 } 3417 3418 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3419 3420 /** 3421 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3422 * @peer: peer 3423 * @mgmtcipher: mgmtcipher to be checked 3424 * 3425 * This function checks any one of mgmtciphers are supported by peer or not 3426 * 3427 * Return: true or false 3428 */ 3429 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3430 uint32_t mgmtcipher) 3431 { 3432 return (wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3433 & mgmtcipher) != 0; 3434 } 3435 3436 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3437 3438 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3439 { 3440 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3441 3442 if (!peer) { 3443 crypto_err("Invalid Input"); 3444 return 0; 3445 } 3446 3447 crypto_priv = wlan_get_peer_crypto_obj(peer); 3448 if (!crypto_priv) { 3449 crypto_err("crypto_priv NULL"); 3450 return 0; 3451 } 3452 3453 return crypto_priv->fils_aead_set; 3454 } 3455 3456 void 3457 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3458 { 3459 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3460 3461 if (!peer) { 3462 crypto_err("Invalid Input"); 3463 return; 3464 } 3465 3466 crypto_priv = wlan_get_peer_crypto_obj(peer); 3467 if (!crypto_priv) { 3468 crypto_err("crypto_priv NULL"); 3469 return; 3470 } 3471 3472 crypto_priv->fils_aead_set = value; 3473 } 3474 3475 /** 3476 * wlan_crypto_get_key_header - get header length 3477 * @key: key 3478 * 3479 * This function gets header length based on keytype 3480 * 3481 * Return: header length 3482 */ 3483 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3484 { 3485 struct wlan_crypto_cipher *cipher_table; 3486 3487 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3488 if (cipher_table) 3489 return cipher_table->header; 3490 else 3491 return 0; 3492 } 3493 3494 qdf_export_symbol(wlan_crypto_get_key_header); 3495 3496 /** 3497 * wlan_crypto_get_key_trailer - get cipher trailer length 3498 * @key: key 3499 * 3500 * This function gets cipher trailer length based on keytype 3501 * 3502 * Return: cipher trailer length 3503 */ 3504 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3505 { 3506 struct wlan_crypto_cipher *cipher_table; 3507 3508 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3509 if (cipher_table) 3510 return cipher_table->trailer; 3511 else 3512 return 0; 3513 } 3514 3515 qdf_export_symbol(wlan_crypto_get_key_trailer); 3516 3517 /** 3518 * wlan_crypto_get_key_miclen - get cipher miclen length 3519 * @key: key 3520 * 3521 * This function gets cipher miclen length based on keytype 3522 * 3523 * Return: cipher miclen length 3524 */ 3525 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3526 { 3527 struct wlan_crypto_cipher *cipher_table; 3528 3529 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3530 if (cipher_table) 3531 return cipher_table->miclen; 3532 else 3533 return 0; 3534 } 3535 3536 qdf_export_symbol(wlan_crypto_get_key_miclen); 3537 3538 /** 3539 * wlan_crypto_get_keyid - get keyid from frame 3540 * @data: frame 3541 * 3542 * This function parse frame and returns keyid 3543 * 3544 * Return: keyid 3545 */ 3546 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3547 { 3548 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3549 uint8_t *iv; 3550 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3551 3552 /* 3553 * In FILS SK (Re)Association request/response frame has 3554 * to be decrypted 3555 */ 3556 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3557 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3558 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3559 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3560 return 0; 3561 } 3562 3563 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3564 iv = data + hdrlen; 3565 /* 3566 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3567 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3568 */ 3569 return ((iv[3] >> 6) & 0x3); 3570 } else { 3571 return WLAN_CRYPTO_KEYIX_NONE; 3572 } 3573 } 3574 3575 qdf_export_symbol(wlan_crypto_get_keyid); 3576 3577 /** 3578 * crypto_plumb_peer_keys - called during radio reset 3579 * @vdev: vdev 3580 * @object: peer 3581 * @arg: psoc 3582 * 3583 * Restore unicast and persta hardware keys 3584 * 3585 * Return: void 3586 */ 3587 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3588 void *object, void *arg) { 3589 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3590 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3591 struct wlan_crypto_comp_priv *crypto_priv; 3592 struct wlan_crypto_params *crypto_params; 3593 struct wlan_crypto_key *key = NULL; 3594 int i; 3595 3596 if ((!peer) || (!vdev) || (!psoc)) { 3597 crypto_err("Peer or vdev or psoc objects are null!"); 3598 return; 3599 } 3600 3601 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3602 &crypto_priv); 3603 3604 if (!crypto_priv) { 3605 crypto_err("crypto_priv NULL"); 3606 return; 3607 } 3608 3609 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3610 key = crypto_priv->key[i]; 3611 if (key && key->valid) { 3612 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3613 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3614 ( 3615 vdev, 3616 key, 3617 wlan_peer_get_macaddr(peer), 3618 wlan_crypto_get_key_type(key) 3619 ); 3620 } 3621 } 3622 } 3623 } 3624 3625 /** 3626 * wlan_crypto_restore_keys - called during radio reset 3627 * @vdev: vdev 3628 * 3629 * Clear and restore keycache, needed for some DA chipsets which put 3630 * random values in keycache when phy reset is triggered 3631 * 3632 * Return: void 3633 */ 3634 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3635 { 3636 int i; 3637 struct wlan_crypto_comp_priv *crypto_priv; 3638 struct wlan_crypto_params *crypto_params; 3639 struct wlan_crypto_key *key; 3640 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3641 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3642 struct wlan_objmgr_pdev *pdev = NULL; 3643 struct wlan_objmgr_psoc *psoc = NULL; 3644 3645 pdev = wlan_vdev_get_pdev(vdev); 3646 psoc = wlan_vdev_get_psoc(vdev); 3647 if (!pdev) { 3648 crypto_err("pdev is NULL"); 3649 return; 3650 } 3651 if (!psoc) { 3652 crypto_err("psoc is NULL"); 3653 return; 3654 } 3655 3656 /* TBD: QWRAP key restore*/ 3657 /* crypto is on */ 3658 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3659 /* restore static shared keys */ 3660 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3661 crypto_params = wlan_crypto_vdev_get_comp_params 3662 ( 3663 vdev, 3664 &crypto_priv 3665 ); 3666 if (!crypto_priv) { 3667 crypto_err("crypto_priv is NULL"); 3668 return; 3669 } 3670 key = crypto_priv->key[i]; 3671 if (key && key->valid) { 3672 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3673 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3674 ( 3675 vdev, 3676 key, 3677 macaddr, 3678 wlan_crypto_get_key_type(key) 3679 ); 3680 } 3681 } 3682 } 3683 3684 wlan_objmgr_iterate_peerobj_list(vdev, 3685 crypto_plumb_peer_keys, 3686 psoc, 3687 WLAN_CRYPTO_ID); 3688 } 3689 } 3690 3691 /** 3692 * wlan_crypto_check_open_none - called by ucfg to check for open security 3693 * @psoc: psoc pointer 3694 * @vdev_id: vdev id 3695 * 3696 * This function gets called from ucfg to check open security. 3697 * 3698 * Return: true or false 3699 */ 3700 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3701 { 3702 struct wlan_crypto_comp_priv *crypto_priv; 3703 struct wlan_crypto_params *crypto_params; 3704 struct wlan_objmgr_vdev *vdev; 3705 bool match = true; 3706 3707 if (!psoc) { 3708 crypto_err("PSOC is NULL"); 3709 return false; 3710 } 3711 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3712 WLAN_CRYPTO_ID); 3713 if (!vdev) { 3714 crypto_err("vdev is NULL"); 3715 return false; 3716 } 3717 3718 crypto_priv = (struct wlan_crypto_comp_priv *) 3719 wlan_get_vdev_crypto_obj(vdev); 3720 3721 if (!crypto_priv) { 3722 crypto_err("crypto_priv NULL"); 3723 match = false; 3724 goto send_res; 3725 } 3726 3727 crypto_params = &crypto_priv->crypto_params; 3728 3729 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 3730 match = false; 3731 goto send_res; 3732 } 3733 3734 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3735 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 3736 match = false; 3737 3738 send_res: 3739 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3740 3741 return match; 3742 } 3743 3744 /** 3745 * wlan_crypto_check_wep - called by ucfg to check for WEP security 3746 * @psoc: psoc pointer 3747 * @vdev_id: vdev id 3748 * 3749 * This function gets called from ucfg to check WEP security. 3750 * 3751 * Return: true or false 3752 */ 3753 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3754 { 3755 struct wlan_crypto_comp_priv *crypto_priv; 3756 struct wlan_crypto_params *crypto_params; 3757 struct wlan_objmgr_vdev *vdev; 3758 bool match = true; 3759 3760 if (!psoc) { 3761 crypto_err("PSOC is NULL"); 3762 return false; 3763 } 3764 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3765 WLAN_CRYPTO_ID); 3766 if (!vdev) { 3767 crypto_err("vdev is NULL"); 3768 return false; 3769 } 3770 3771 crypto_priv = (struct wlan_crypto_comp_priv *) 3772 wlan_get_vdev_crypto_obj(vdev); 3773 3774 if (!crypto_priv) { 3775 crypto_err("crypto_priv NULL"); 3776 match = false; 3777 goto send_res; 3778 } 3779 3780 crypto_params = &crypto_priv->crypto_params; 3781 3782 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3783 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3784 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3785 match = false; 3786 goto send_res; 3787 } 3788 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3789 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3790 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3791 match = false; 3792 goto send_res; 3793 } 3794 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 3795 match = false; 3796 goto send_res; 3797 } 3798 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3799 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 3800 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 3801 match = false; 3802 } 3803 send_res: 3804 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3805 3806 return match; 3807 } 3808 3809 static QDF_STATUS 3810 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 3811 uint8_t *ie_ptr, uint16_t ie_len) 3812 { 3813 const uint8_t *rsn_ie = NULL; 3814 QDF_STATUS status; 3815 3816 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3817 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 3818 if (!rsn_ie) { 3819 crypto_err("RSN IE NULL"); 3820 return QDF_STATUS_E_INVAL; 3821 } 3822 3823 status = wlan_crypto_rsnie_check(crypto_params, (uint8_t *)rsn_ie); 3824 if (QDF_STATUS_SUCCESS != status) { 3825 crypto_err("RSN IE check failed"); 3826 return status; 3827 } 3828 3829 return QDF_STATUS_SUCCESS; 3830 } 3831 3832 static QDF_STATUS 3833 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 3834 uint8_t *ie_ptr, uint16_t ie_len) 3835 { 3836 const uint8_t *wpa_ie = NULL; 3837 uint32_t wpa_oui; 3838 QDF_STATUS status; 3839 3840 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3841 3842 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 3843 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 3844 WLAN_OUI_SIZE, ie_ptr, ie_len); 3845 if (!wpa_ie) { 3846 crypto_err("WPA IE NULL"); 3847 return QDF_STATUS_E_INVAL; 3848 } 3849 3850 status = wlan_crypto_wpaie_check(crypto_params, (uint8_t *)wpa_ie); 3851 if (QDF_STATUS_SUCCESS != status) { 3852 crypto_err("WPA IE check failed"); 3853 return status; 3854 } 3855 3856 return QDF_STATUS_SUCCESS; 3857 } 3858 /** 3859 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 3860 * @psoc: psoc pointer 3861 * @vdev_id: vdev id 3862 * @ie_ptr: pointer to IEs 3863 * @ie_len: IE length 3864 * 3865 * This function gets called from ucfg to check RSN match. 3866 * 3867 * Return: true or false 3868 */ 3869 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 3870 uint8_t vdev_id, uint8_t *ie_ptr, 3871 uint16_t ie_len) 3872 { 3873 struct wlan_crypto_params peer_crypto_params; 3874 struct wlan_objmgr_vdev *vdev; 3875 bool match = true; 3876 QDF_STATUS status; 3877 3878 if (!psoc) { 3879 crypto_err("PSOC is NULL"); 3880 return false; 3881 } 3882 status = wlan_get_crypto_params_from_rsn_ie(&peer_crypto_params, 3883 ie_ptr, ie_len); 3884 if (QDF_STATUS_SUCCESS != status) { 3885 crypto_err("get crypto prarams from RSN IE failed"); 3886 return false; 3887 } 3888 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3889 WLAN_CRYPTO_ID); 3890 if (!vdev) { 3891 crypto_err("vdev is NULL"); 3892 return false; 3893 } 3894 3895 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3896 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3897 3898 return match; 3899 } 3900 3901 /** 3902 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 3903 * @psoc: psoc pointer 3904 * @vdev_id: vdev id 3905 * @ie_ptr: pointer to IEs 3906 * @ie_len: IE length 3907 * 3908 * This function gets called from ucfg to check WPA match. 3909 * 3910 * Return: true or false 3911 */ 3912 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 3913 uint8_t vdev_id, uint8_t *ie_ptr, 3914 uint16_t ie_len) 3915 { 3916 struct wlan_crypto_params peer_crypto_params; 3917 struct wlan_objmgr_vdev *vdev; 3918 bool match = true; 3919 QDF_STATUS status; 3920 3921 if (!psoc) { 3922 crypto_err("PSOC is NULL"); 3923 return false; 3924 } 3925 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3926 WLAN_CRYPTO_ID); 3927 if (!vdev) { 3928 crypto_err("vdev is NULL"); 3929 return false; 3930 } 3931 3932 status = wlan_get_crypto_params_from_wpa_ie(&peer_crypto_params, 3933 ie_ptr, ie_len); 3934 if (QDF_STATUS_SUCCESS != status) { 3935 crypto_err("get crypto prarams from WPA IE failed"); 3936 match = false; 3937 goto send_res; 3938 } 3939 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3940 send_res: 3941 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3942 3943 return match; 3944 } 3945 3946 3947 static void 3948 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 3949 struct wlan_crypto_params *src_params) 3950 { 3951 dst_params->authmodeset |= src_params->authmodeset; 3952 dst_params->ucastcipherset |= src_params->ucastcipherset; 3953 dst_params->mcastcipherset |= src_params->mcastcipherset; 3954 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 3955 dst_params->cipher_caps |= src_params->cipher_caps; 3956 dst_params->key_mgmt |= src_params->key_mgmt; 3957 dst_params->rsn_caps |= src_params->rsn_caps; 3958 } 3959 3960 static void 3961 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 3962 { 3963 params->authmodeset = 0; 3964 params->ucastcipherset = 0; 3965 params->mcastcipherset = 0; 3966 params->mgmtcipherset = 0; 3967 params->cipher_caps = 0; 3968 params->key_mgmt = 0; 3969 params->rsn_caps = 0; 3970 } 3971 3972 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 3973 uint8_t *ie_ptr, 3974 uint16_t ie_len) 3975 { 3976 struct wlan_crypto_params crypto_params; 3977 QDF_STATUS status; 3978 struct wlan_crypto_params *vdev_crypto_params; 3979 struct wlan_crypto_comp_priv *crypto_priv; 3980 bool send_fail = false; 3981 3982 if (!vdev) { 3983 crypto_err("VDEV is NULL"); 3984 return QDF_STATUS_E_FAILURE; 3985 } 3986 3987 if (!ie_ptr) { 3988 crypto_err("IE ptr is NULL"); 3989 return QDF_STATUS_E_FAILURE; 3990 } 3991 3992 crypto_priv = (struct wlan_crypto_comp_priv *) 3993 wlan_get_vdev_crypto_obj(vdev); 3994 3995 if (!crypto_priv) { 3996 crypto_err("crypto_priv NULL"); 3997 return QDF_STATUS_E_FAILURE; 3998 } 3999 4000 vdev_crypto_params = &crypto_priv->crypto_params; 4001 4002 wlan_crypto_reset_prarams(vdev_crypto_params); 4003 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4004 ie_ptr, ie_len); 4005 if (QDF_STATUS_SUCCESS == status) { 4006 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4007 } else { 4008 crypto_err("get crypto prarams from RSN IE failed"); 4009 send_fail = true; 4010 } 4011 4012 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4013 ie_ptr, ie_len); 4014 if (QDF_STATUS_SUCCESS == status) { 4015 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4016 send_fail = false; 4017 } else { 4018 crypto_debug("get crypto prarams from WPA IE failed"); 4019 } 4020 4021 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4022 } 4023 4024 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4025 { 4026 struct wlan_crypto_comp_priv *crypto_priv; 4027 4028 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4029 if (!crypto_priv) { 4030 crypto_err("crypto_priv NULL"); 4031 return QDF_STATUS_E_FAILURE; 4032 } 4033 4034 if (igtk) 4035 return crypto_priv->def_igtk_tx_keyid; 4036 else 4037 return crypto_priv->def_tx_keyid; 4038 } 4039 4040 enum wlan_crypto_cipher_type 4041 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4042 bool pairwise, uint8_t key_index) 4043 { 4044 struct wlan_crypto_key *crypto_key; 4045 4046 crypto_key = wlan_crypto_get_key(vdev, key_index); 4047 4048 if (crypto_key) 4049 return crypto_key->cipher_type; 4050 else 4051 return WLAN_CRYPTO_CIPHER_INVALID; 4052 } 4053 4054 #ifdef CRYPTO_SET_KEY_CONVERGED 4055 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4056 uint8_t key_index, uint8_t key_len, 4057 uint8_t seq_len) 4058 { 4059 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4060 crypto_err("Invalid Key index %d", key_index); 4061 return QDF_STATUS_E_INVAL; 4062 } 4063 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4064 crypto_err("Invalid Cipher %d", cipher); 4065 return QDF_STATUS_E_INVAL; 4066 } 4067 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4068 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4069 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4070 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4071 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4072 crypto_err("Invalid key index %d for cipher %d", 4073 key_index, cipher); 4074 return QDF_STATUS_E_INVAL; 4075 } 4076 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4077 crypto_err("Invalid key length %d", key_len); 4078 return QDF_STATUS_E_INVAL; 4079 } 4080 4081 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4082 crypto_err("Invalid seq length %d", seq_len); 4083 return QDF_STATUS_E_INVAL; 4084 } 4085 4086 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4087 key_index, key_len, seq_len); 4088 4089 return QDF_STATUS_SUCCESS; 4090 } 4091 4092 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4093 uint8_t key_index, 4094 struct wlan_crypto_key *crypto_key) 4095 { 4096 struct wlan_crypto_comp_priv *crypto_priv; 4097 4098 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4099 if (!crypto_priv) { 4100 crypto_err("crypto_priv NULL"); 4101 return QDF_STATUS_E_FAILURE; 4102 } 4103 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4104 crypto_err("Invalid Key index %d", key_index); 4105 return QDF_STATUS_E_FAILURE; 4106 } 4107 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4108 crypto_priv->key[key_index] = crypto_key; 4109 else 4110 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4111 crypto_key; 4112 4113 return QDF_STATUS_SUCCESS; 4114 } 4115 4116 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4117 uint8_t key_index) 4118 { 4119 struct wlan_crypto_comp_priv *crypto_priv; 4120 4121 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4122 if (!crypto_priv) { 4123 crypto_err("crypto_priv NULL"); 4124 return NULL; 4125 } 4126 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4127 crypto_err("Invalid Key index %d", key_index); 4128 return NULL; 4129 } 4130 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4131 return crypto_priv->key[key_index]; 4132 4133 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4134 } 4135 4136 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4137 struct wlan_crypto_key *req, 4138 enum wlan_crypto_key_type key_type) 4139 { 4140 struct wlan_objmgr_psoc *psoc; 4141 4142 psoc = wlan_vdev_get_psoc(vdev); 4143 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)) 4144 WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)(vdev, req, key_type); 4145 else 4146 return QDF_STATUS_E_FAILURE; 4147 4148 return QDF_STATUS_SUCCESS; 4149 } 4150 4151 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4152 bool pairwise, uint8_t key_index, 4153 struct qdf_mac_addr *peer_mac) 4154 { 4155 struct wlan_crypto_key *crypto_key; 4156 4157 crypto_key = wlan_crypto_get_key(vdev, key_index); 4158 if (!crypto_key) { 4159 crypto_err("crypto_key not present for key_idx %d", key_index); 4160 return; 4161 } 4162 4163 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4164 } 4165 #endif 4166