1 /* 2 * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 static int is_valid_keyix(uint16_t keyix) 59 { 60 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 61 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 62 return 0; 63 else 64 return 1; 65 } 66 67 static int is_igtk(uint16_t keyix) 68 { 69 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 70 return 0; 71 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 72 return 0; 73 else 74 return 1; 75 } 76 77 static int is_bigtk(uint16_t keyix) 78 { 79 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 80 return 0; 81 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 82 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 83 return 0; 84 else 85 return 1; 86 } 87 88 /** 89 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 90 * @vdev:vdev 91 * 92 * This function gets called by mlme to get crypto params 93 * 94 * Return: wlan_crypto_params or NULL in case of failure 95 */ 96 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 97 struct wlan_objmgr_vdev *vdev, 98 struct wlan_crypto_comp_priv **crypto_priv){ 99 *crypto_priv = (struct wlan_crypto_comp_priv *) 100 wlan_get_vdev_crypto_obj(vdev); 101 if (!(*crypto_priv)) { 102 crypto_err("crypto_priv NULL"); 103 return NULL; 104 } 105 106 return &((*crypto_priv)->crypto_params); 107 } 108 109 /** 110 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 111 * @peer:peer 112 * 113 * This function gets called by mlme to get crypto params 114 * 115 * Return: wlan_crypto_params or NULL in case of failure 116 */ 117 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 118 struct wlan_objmgr_peer *peer, 119 struct wlan_crypto_comp_priv **crypto_priv){ 120 121 *crypto_priv = (struct wlan_crypto_comp_priv *) 122 wlan_get_peer_crypto_obj(peer); 123 if (!*crypto_priv) { 124 crypto_err("crypto_priv NULL"); 125 return NULL; 126 } 127 128 return &((*crypto_priv)->crypto_params); 129 } 130 131 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 132 { 133 return QDF_STATUS_SUCCESS; 134 } 135 136 /** 137 * wlan_crypto_set_param - called by ucfg to set crypto param 138 * @crypto_params: crypto_params 139 * @param: param to be set. 140 * @value: value 141 * 142 * This function gets called from ucfg to set param 143 * 144 * Return: QDF_STATUS_SUCCESS - in case of success 145 */ 146 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 147 wlan_crypto_param_type param, 148 uint32_t value){ 149 QDF_STATUS status = QDF_STATUS_E_INVAL; 150 151 crypto_debug("param %d, value %d", param, value); 152 switch (param) { 153 case WLAN_CRYPTO_PARAM_AUTH_MODE: 154 status = wlan_crypto_set_authmode(crypto_params, value); 155 break; 156 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 157 status = wlan_crypto_set_ucastciphers(crypto_params, value); 158 break; 159 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 160 status = wlan_crypto_set_mcastcipher(crypto_params, value); 161 break; 162 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 163 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 164 break; 165 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 166 status = wlan_crypto_set_cipher_cap(crypto_params, value); 167 break; 168 case WLAN_CRYPTO_PARAM_RSN_CAP: 169 status = wlan_crypto_set_rsn_cap(crypto_params, value); 170 break; 171 case WLAN_CRYPTO_PARAM_KEY_MGMT: 172 status = wlan_crypto_set_key_mgmt(crypto_params, value); 173 break; 174 default: 175 status = QDF_STATUS_E_INVAL; 176 } 177 return status; 178 } 179 180 /** 181 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 182 * @vdev: vdev 183 * @param: param to be set. 184 * @value: value 185 * 186 * This function gets called from ucfg to set param 187 * 188 * Return: QDF_STATUS_SUCCESS - in case of success 189 */ 190 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 191 wlan_crypto_param_type param, 192 uint32_t value){ 193 QDF_STATUS status = QDF_STATUS_E_INVAL; 194 struct wlan_crypto_comp_priv *crypto_priv; 195 struct wlan_crypto_params *crypto_params; 196 197 crypto_priv = (struct wlan_crypto_comp_priv *) 198 wlan_get_vdev_crypto_obj(vdev); 199 200 if (!crypto_priv) { 201 crypto_err("crypto_priv NULL"); 202 return QDF_STATUS_E_INVAL; 203 } 204 205 crypto_params = &(crypto_priv->crypto_params); 206 207 status = wlan_crypto_set_param(crypto_params, param, value); 208 209 return status; 210 } 211 212 /** 213 * wlan_crypto_set_param - called by ucfg to set crypto param 214 * 215 * @peer: peer 216 * @param: param to be set. 217 * @value: value 218 * 219 * This function gets called from ucfg to set param 220 * 221 * Return: QDF_STATUS_SUCCESS - in case of success 222 */ 223 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 224 wlan_crypto_param_type param, 225 uint32_t value){ 226 QDF_STATUS status = QDF_STATUS_E_INVAL; 227 struct wlan_crypto_comp_priv *crypto_priv; 228 struct wlan_crypto_params *crypto_params; 229 230 crypto_params = wlan_crypto_peer_get_comp_params(peer, 231 &crypto_priv); 232 233 if (!crypto_priv) { 234 crypto_err("crypto_priv NULL"); 235 return QDF_STATUS_E_INVAL; 236 } 237 238 crypto_params = &(crypto_priv->crypto_params); 239 240 status = wlan_crypto_set_param(crypto_params, param, value); 241 242 return status; 243 } 244 245 /** 246 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 247 * @param: Crypto param type 248 * @crypto_params: Crypto params struct 249 * 250 * This function gets called from in-within crypto layer 251 * 252 * Return: value or -1 for failure 253 */ 254 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 255 struct wlan_crypto_params *crypto_params) 256 { 257 int32_t value = -1; 258 259 switch (param) { 260 case WLAN_CRYPTO_PARAM_AUTH_MODE: 261 value = wlan_crypto_get_authmode(crypto_params); 262 break; 263 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 264 value = wlan_crypto_get_ucastciphers(crypto_params); 265 break; 266 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 267 value = wlan_crypto_get_mcastcipher(crypto_params); 268 break; 269 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 270 value = wlan_crypto_get_mgmtciphers(crypto_params); 271 break; 272 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 273 value = wlan_crypto_get_cipher_cap(crypto_params); 274 break; 275 case WLAN_CRYPTO_PARAM_RSN_CAP: 276 value = wlan_crypto_get_rsn_cap(crypto_params); 277 break; 278 case WLAN_CRYPTO_PARAM_KEY_MGMT: 279 value = wlan_crypto_get_key_mgmt(crypto_params); 280 break; 281 default: 282 value = QDF_STATUS_E_INVAL; 283 } 284 285 return value; 286 } 287 288 /** 289 * wlan_crypto_get_param - called to get value for param from vdev 290 * @vdev: vdev 291 * @param: Crypto param type 292 * 293 * This function gets called to get value for param from vdev 294 * 295 * Return: value or -1 for failure 296 */ 297 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 298 wlan_crypto_param_type param) 299 { 300 int32_t value = -1; 301 struct wlan_crypto_comp_priv *crypto_priv; 302 struct wlan_crypto_params *crypto_params; 303 crypto_priv = (struct wlan_crypto_comp_priv *) 304 wlan_get_vdev_crypto_obj(vdev); 305 306 if (!crypto_priv) { 307 crypto_err("crypto_priv NULL"); 308 return QDF_STATUS_E_INVAL; 309 } 310 311 crypto_params = &(crypto_priv->crypto_params); 312 value = wlan_crypto_get_param_value(param, crypto_params); 313 314 return value; 315 } 316 /** 317 * wlan_crypto_get_peer_param - called to get value for param from peer 318 * @peer: peer 319 * @param: Crypto param type 320 * 321 * This function gets called to get value for param from peer 322 * 323 * Return: value or -1 for failure 324 */ 325 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 326 wlan_crypto_param_type param) 327 { 328 int32_t value = -1; 329 struct wlan_crypto_comp_priv *crypto_priv; 330 struct wlan_crypto_params *crypto_params; 331 332 crypto_params = wlan_crypto_peer_get_comp_params(peer, 333 &crypto_priv); 334 335 if (!crypto_params) { 336 crypto_err("crypto_params NULL"); 337 return QDF_STATUS_E_INVAL; 338 } 339 value = wlan_crypto_get_param_value(param, crypto_params); 340 341 return value; 342 } 343 qdf_export_symbol(wlan_crypto_get_peer_param); 344 345 static 346 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 347 struct wlan_crypto_pmksa *pmksa); 348 349 static 350 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 351 struct wlan_crypto_pmksa *pmksa) 352 { 353 uint8_t i, first_available_slot = 0; 354 bool slot_found = false; 355 356 /* Delete the old entry and then Add new entry */ 357 wlan_crypto_del_pmksa(crypto_params, pmksa); 358 359 /* find the empty slot as duplicate is already deleted */ 360 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 361 if (!crypto_params->pmksa[i]) { 362 slot_found = true; 363 first_available_slot = i; 364 break; 365 } 366 } 367 368 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 369 crypto_err("no entry available for pmksa"); 370 return QDF_STATUS_E_INVAL; 371 } 372 crypto_params->pmksa[first_available_slot] = pmksa; 373 374 return QDF_STATUS_SUCCESS; 375 } 376 377 static 378 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 379 struct wlan_crypto_pmksa *pmksa) 380 { 381 uint8_t i, j; 382 bool match_found = false; 383 u8 del_pmk[MAX_PMK_LEN] = {0}; 384 385 /* find slot with same bssid */ 386 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 387 if (!crypto_params->pmksa[i]) 388 continue; 389 if (qdf_is_macaddr_equal(&pmksa->bssid, 390 &crypto_params->pmksa[i]->bssid)) { 391 match_found = true; 392 } else if (pmksa->ssid_len && 393 !qdf_mem_cmp(pmksa->ssid, 394 crypto_params->pmksa[i]->ssid, 395 pmksa->ssid_len) && 396 !qdf_mem_cmp(pmksa->cache_id, 397 crypto_params->pmksa[i]->cache_id, 398 WLAN_CACHE_ID_LEN)) { 399 match_found = true; 400 } 401 402 if (match_found) { 403 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 404 crypto_params->pmksa[i]->pmk_len); 405 /* Free matching entry */ 406 qdf_mem_zero(crypto_params->pmksa[i], 407 sizeof(struct wlan_crypto_pmksa)); 408 qdf_mem_free(crypto_params->pmksa[i]); 409 crypto_params->pmksa[i] = NULL; 410 411 /* Find and remove the entries matching the pmk */ 412 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 413 if (!crypto_params->pmksa[j]) 414 continue; 415 if (crypto_params->pmksa[j]->pmk_len && 416 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 417 del_pmk, 418 crypto_params->pmksa[j]->pmk_len))) { 419 qdf_mem_zero(crypto_params->pmksa[j], 420 sizeof(struct wlan_crypto_pmksa)); 421 qdf_mem_free(crypto_params->pmksa[j]); 422 crypto_params->pmksa[j] = NULL; 423 } 424 } 425 /* reset stored pmk */ 426 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 427 428 return QDF_STATUS_SUCCESS; 429 } 430 } 431 432 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 433 crypto_debug("No such pmksa entry exists"); 434 435 return QDF_STATUS_SUCCESS; 436 } 437 438 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 439 { 440 uint8_t i; 441 442 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 443 if (!crypto_params->pmksa[i]) 444 continue; 445 qdf_mem_zero(crypto_params->pmksa[i], 446 sizeof(struct wlan_crypto_pmksa)); 447 qdf_mem_free(crypto_params->pmksa[i]); 448 crypto_params->pmksa[i] = NULL; 449 } 450 451 return QDF_STATUS_SUCCESS; 452 } 453 454 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 455 struct wlan_crypto_pmksa *pmksa, 456 bool set) 457 { 458 QDF_STATUS status = QDF_STATUS_E_INVAL; 459 struct wlan_crypto_comp_priv *crypto_priv; 460 struct wlan_crypto_params *crypto_params; 461 enum QDF_OPMODE op_mode; 462 463 op_mode = wlan_vdev_mlme_get_opmode(vdev); 464 465 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 466 return QDF_STATUS_E_NOSUPPORT; 467 468 if (!pmksa && set) { 469 crypto_err("pmksa is NULL for set operation"); 470 return QDF_STATUS_E_INVAL; 471 } 472 crypto_priv = (struct wlan_crypto_comp_priv *) 473 wlan_get_vdev_crypto_obj(vdev); 474 475 if (!crypto_priv) { 476 crypto_err("crypto_priv NULL"); 477 return QDF_STATUS_E_INVAL; 478 } 479 480 crypto_params = &crypto_priv->crypto_params; 481 if (set) { 482 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 483 /* Set pmksa */ 484 } else { 485 /* del pmksa */ 486 if (!pmksa) 487 status = wlan_crypto_pmksa_flush(crypto_params); 488 else 489 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 490 } 491 492 return status; 493 } 494 495 struct wlan_crypto_pmksa * 496 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 497 struct wlan_crypto_pmksa *pmksa) 498 { 499 struct wlan_crypto_comp_priv *crypto_priv; 500 struct wlan_crypto_params *crypto_params; 501 uint8_t i; 502 503 if (!pmksa) { 504 crypto_err("pmksa is NULL"); 505 return NULL; 506 } 507 crypto_priv = (struct wlan_crypto_comp_priv *) 508 wlan_get_vdev_crypto_obj(vdev); 509 510 if (!crypto_priv) { 511 crypto_err("crypto_priv NULL"); 512 return NULL; 513 } 514 515 crypto_params = &crypto_priv->crypto_params; 516 517 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 518 if (!crypto_params->pmksa[i]) 519 continue; 520 if (qdf_is_macaddr_equal(&pmksa->bssid, 521 &crypto_params->pmksa[i]->bssid)) { 522 return crypto_params->pmksa[i]; 523 } else if (pmksa->ssid_len && 524 !qdf_mem_cmp(pmksa->ssid, 525 crypto_params->pmksa[i]->ssid, 526 pmksa->ssid_len) && 527 !qdf_mem_cmp(pmksa->cache_id, 528 crypto_params->pmksa[i]->cache_id, 529 WLAN_CACHE_ID_LEN)){ 530 return crypto_params->pmksa[i]; 531 } 532 } 533 534 return NULL; 535 } 536 537 struct wlan_crypto_pmksa * 538 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 539 { 540 struct wlan_crypto_comp_priv *crypto_priv; 541 struct wlan_crypto_params *crypto_params; 542 uint8_t i; 543 544 if (!bssid) { 545 crypto_err("bssid is NULL"); 546 return NULL; 547 } 548 crypto_priv = (struct wlan_crypto_comp_priv *) 549 wlan_get_vdev_crypto_obj(vdev); 550 551 if (!crypto_priv) { 552 crypto_err("crypto_priv NULL"); 553 return NULL; 554 } 555 556 crypto_params = &crypto_priv->crypto_params; 557 558 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 559 if (!crypto_params->pmksa[i]) 560 continue; 561 if (qdf_is_macaddr_equal(bssid, 562 &crypto_params->pmksa[i]->bssid)) { 563 return crypto_params->pmksa[i]; 564 } 565 } 566 567 return NULL; 568 } 569 570 /** 571 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 572 * @vdev: vdev 573 * @peer: peer 574 * 575 * This function gets called to check is HT allowed for cipher. 576 * HT is not allowed for wep and tkip. 577 * 578 * Return: 0 - not allowed or 1 - allowed 579 */ 580 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 581 struct wlan_objmgr_peer *peer) 582 { 583 int32_t ucast_cipher; 584 585 if (!(vdev || peer)) { 586 crypto_err("Invalid params"); 587 return 0; 588 } 589 590 if (vdev) 591 ucast_cipher = wlan_crypto_get_param(vdev, 592 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 593 else 594 ucast_cipher = wlan_crypto_get_peer_param(peer, 595 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 596 597 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 598 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 599 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 600 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 601 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 602 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 603 } 604 qdf_export_symbol(wlan_crypto_is_htallowed); 605 606 /** 607 * wlan_crypto_setkey - called by ucfg to setkey 608 * @vdev: vdev 609 * @req_key: req_key with cipher type, key macaddress 610 * 611 * This function gets called from ucfg to sey key 612 * 613 * Return: QDF_STATUS_SUCCESS - in case of success 614 */ 615 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 616 struct wlan_crypto_req_key *req_key){ 617 618 QDF_STATUS status = QDF_STATUS_E_INVAL; 619 struct wlan_crypto_comp_priv *crypto_priv; 620 struct wlan_crypto_params *crypto_params; 621 struct wlan_objmgr_psoc *psoc; 622 struct wlan_objmgr_peer *peer; 623 struct wlan_crypto_key *key = NULL; 624 const struct wlan_crypto_cipher *cipher; 625 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 626 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 627 bool isbcast; 628 enum QDF_OPMODE vdev_mode; 629 uint8_t igtk_idx = 0; 630 uint8_t bigtk_idx = 0; 631 struct wlan_lmac_if_tx_ops *tx_ops; 632 633 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 634 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 635 return QDF_STATUS_E_INVAL; 636 } 637 638 isbcast = qdf_is_macaddr_group( 639 (struct qdf_mac_addr *)req_key->macaddr); 640 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 641 /* zero length keys, only set default key id if flags are set*/ 642 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 643 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 644 && (!IS_MGMT_CIPHER(req_key->type))) { 645 wlan_crypto_default_key(vdev, 646 req_key->macaddr, 647 req_key->keyix, 648 !isbcast); 649 return QDF_STATUS_SUCCESS; 650 } 651 crypto_err("req_key len zero"); 652 return QDF_STATUS_E_INVAL; 653 } 654 655 cipher = wlan_crypto_cipher_ops[req_key->type]; 656 657 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 658 crypto_err("cipher invalid"); 659 return QDF_STATUS_E_INVAL; 660 } 661 662 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 663 (!IS_MGMT_CIPHER(req_key->type)) && 664 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 665 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 666 crypto_err("cipher invalid"); 667 return QDF_STATUS_E_INVAL; 668 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 669 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 670 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 671 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 672 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 673 return QDF_STATUS_E_INVAL; 674 } 675 676 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 677 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 678 | WLAN_CRYPTO_KEY_RECV)) { 679 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 680 | WLAN_CRYPTO_KEY_RECV); 681 } 682 } else { 683 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 684 && (!IS_MGMT_CIPHER(req_key->type))) { 685 return QDF_STATUS_E_INVAL; 686 } 687 688 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 689 | WLAN_CRYPTO_KEY_RECV); 690 if (isbcast) 691 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 692 } 693 694 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 695 696 wlan_vdev_obj_lock(vdev); 697 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 698 QDF_MAC_ADDR_SIZE); 699 psoc = wlan_vdev_get_psoc(vdev); 700 if (!psoc) { 701 wlan_vdev_obj_unlock(vdev); 702 crypto_err("psoc NULL"); 703 return QDF_STATUS_E_INVAL; 704 } 705 wlan_vdev_obj_unlock(vdev); 706 707 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 708 if (wlan_crypto_vdev_has_auth_mode(vdev, 709 (1 << WLAN_CRYPTO_AUTH_8021X))) { 710 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 711 } 712 } 713 714 if (isbcast) { 715 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 716 &crypto_priv); 717 if (!crypto_priv) { 718 crypto_err("crypto_priv NULL"); 719 return QDF_STATUS_E_INVAL; 720 } 721 722 if (IS_MGMT_CIPHER(req_key->type)) { 723 struct wlan_crypto_key *crypto_key = NULL; 724 725 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 726 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 727 if (!is_igtk(req_key->keyix) && 728 !(is_bigtk(req_key->keyix))) { 729 crypto_err("igtk/bigtk key invalid keyid %d", 730 req_key->keyix); 731 return QDF_STATUS_E_INVAL; 732 } 733 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 734 if (!key) 735 return QDF_STATUS_E_NOMEM; 736 737 738 if (is_igtk(req_key->keyix)) { 739 crypto_key = crypto_priv->igtk_key[igtk_idx]; 740 if (crypto_key) 741 qdf_mem_free(crypto_key); 742 743 crypto_priv->igtk_key[igtk_idx] = key; 744 crypto_priv->igtk_key_type = req_key->type; 745 crypto_priv->def_igtk_tx_keyid = igtk_idx; 746 bigtk_idx = 0; 747 } else { 748 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 749 if (crypto_key) 750 qdf_mem_free(crypto_key); 751 752 crypto_priv->bigtk_key[bigtk_idx] = key; 753 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 754 igtk_idx = 0; 755 } 756 } else { 757 if (IS_FILS_CIPHER(req_key->type)) { 758 crypto_err("FILS key is not for BroadCast pkt"); 759 return QDF_STATUS_E_INVAL; 760 } 761 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 762 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 763 return QDF_STATUS_E_INVAL; 764 } 765 if (!crypto_priv->key[req_key->keyix]) { 766 crypto_priv->key[req_key->keyix] 767 = qdf_mem_malloc( 768 sizeof(struct wlan_crypto_key)); 769 if (!crypto_priv->key[req_key->keyix]) 770 return QDF_STATUS_E_NOMEM; 771 } 772 key = crypto_priv->key[req_key->keyix]; 773 } 774 if (vdev_mode == QDF_STA_MODE) { 775 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 776 WLAN_CRYPTO_ID); 777 if (!peer) { 778 crypto_err("peer NULL"); 779 if (IS_MGMT_CIPHER(req_key->type)) { 780 crypto_priv->igtk_key[igtk_idx] = NULL; 781 crypto_priv->bigtk_key[bigtk_idx] 782 = NULL; 783 crypto_priv->igtk_key_type 784 = WLAN_CRYPTO_CIPHER_NONE; 785 } else 786 crypto_priv->key[req_key->keyix] = NULL; 787 if (key) 788 qdf_mem_free(key); 789 return QDF_STATUS_E_INVAL; 790 } 791 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 792 QDF_MAC_ADDR_SIZE); 793 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 794 } 795 } else { 796 uint8_t pdev_id; 797 798 pdev_id = wlan_objmgr_pdev_get_pdev_id( 799 wlan_vdev_get_pdev(vdev)); 800 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 801 psoc, 802 pdev_id, 803 macaddr, 804 req_key->macaddr, 805 WLAN_CRYPTO_ID); 806 807 if (!peer) { 808 crypto_err("peer NULL"); 809 return QDF_STATUS_E_INVAL; 810 } 811 812 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 813 crypto_params = wlan_crypto_peer_get_comp_params(peer, 814 &crypto_priv); 815 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 816 817 if (!crypto_priv) { 818 crypto_err("crypto_priv NULL"); 819 return QDF_STATUS_E_INVAL; 820 } 821 if (IS_MGMT_CIPHER(req_key->type)) { 822 struct wlan_crypto_key *crypto_key = NULL; 823 824 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 825 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 826 if (!is_igtk(req_key->keyix) && 827 !(is_bigtk(req_key->keyix))) { 828 crypto_err("igtk/bigtk key invalid keyid %d", 829 req_key->keyix); 830 return QDF_STATUS_E_INVAL; 831 } 832 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 833 if (!key) 834 return QDF_STATUS_E_NOMEM; 835 836 if (is_igtk(req_key->keyix)) { 837 crypto_key = crypto_priv->igtk_key[igtk_idx]; 838 if (crypto_key) 839 qdf_mem_free(crypto_key); 840 841 crypto_priv->igtk_key[igtk_idx] = key; 842 crypto_priv->igtk_key_type = req_key->type; 843 crypto_priv->def_igtk_tx_keyid = igtk_idx; 844 } else { 845 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 846 if (crypto_key) 847 qdf_mem_free(crypto_key); 848 849 crypto_priv->bigtk_key[bigtk_idx] = key; 850 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 851 } 852 } else { 853 uint16_t kid = req_key->keyix; 854 if (kid == WLAN_CRYPTO_KEYIX_NONE) 855 kid = 0; 856 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 857 crypto_err("invalid keyid %d", kid); 858 return QDF_STATUS_E_INVAL; 859 } 860 if (!crypto_priv->key[kid]) { 861 crypto_priv->key[kid] 862 = qdf_mem_malloc( 863 sizeof(struct wlan_crypto_key)); 864 if (!crypto_priv->key[kid]) 865 return QDF_STATUS_E_NOMEM; 866 } 867 key = crypto_priv->key[kid]; 868 } 869 } 870 871 /* alloc key might not required as it is already there */ 872 key->cipher_table = (void *)cipher; 873 key->keylen = req_key->keylen; 874 key->flags = req_key->flags; 875 876 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 877 key->keyix = 0; 878 else 879 key->keyix = req_key->keyix; 880 881 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 882 && (!IS_MGMT_CIPHER(req_key->type))) { 883 crypto_priv->def_tx_keyid = key->keyix; 884 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 885 } 886 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 887 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 888 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 889 0x5c, 0x36, 0x5c, 0x36, 890 0x5c, 0x36, 0x5c, 0x36, 891 0x5c, 0x36, 0x5c, 0x37}; 892 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 893 0x5c, 0x36, 0x5c, 0x36, 894 0x5c, 0x36, 0x5c, 0x36, 895 0x5c, 0x36, 0x5c, 0x36}; 896 897 /* During Tx PN should be increment and 898 * send but as per our implementation we increment only after 899 * Tx complete. So First packet PN check will be failed. 900 * To compensate increment the PN here by 2 901 */ 902 if (vdev_mode == QDF_SAP_MODE) { 903 iv_AP[15] += 2; 904 qdf_mem_copy(key->recviv, iv_STA, 905 WLAN_CRYPTO_WAPI_IV_SIZE); 906 qdf_mem_copy(key->txiv, iv_AP, 907 WLAN_CRYPTO_WAPI_IV_SIZE); 908 } else { 909 iv_STA[15] += 2; 910 qdf_mem_copy(key->recviv, iv_AP, 911 WLAN_CRYPTO_WAPI_IV_SIZE); 912 qdf_mem_copy(key->txiv, iv_STA, 913 WLAN_CRYPTO_WAPI_IV_SIZE); 914 } 915 } else { 916 uint8_t i = 0; 917 qdf_mem_copy((uint8_t *)(&key->keytsc), 918 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 919 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 920 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 921 (uint8_t *)(&req_key->keyrsc), 922 sizeof(key->keyrsc[0])); 923 } 924 } 925 926 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 927 if (!tx_ops) { 928 crypto_err("tx_ops is NULL"); 929 return QDF_STATUS_E_INVAL; 930 } 931 932 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 933 key->valid = 1; 934 if ((IS_MGMT_CIPHER(req_key->type))) { 935 if (HAS_CIPHER_CAP(crypto_params, 936 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 937 is_bigtk(req_key->keyix)) { 938 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 939 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 940 key, macaddr, req_key->type); 941 } 942 } 943 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 944 status = wlan_crypto_set_igtk_key(key); 945 return status; 946 } else if (IS_FILS_CIPHER(req_key->type)) { 947 /* Take request key object to FILS setkey */ 948 key->private = req_key; 949 } else { 950 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 951 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, macaddr, 952 req_key->type); 953 } 954 } 955 status = cipher->setkey(key); 956 957 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 958 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 959 (!IS_MGMT_CIPHER(req_key->type))) { 960 /* default xmit key */ 961 wlan_crypto_default_key(vdev, 962 req_key->macaddr, 963 req_key->keyix, 964 !isbcast); 965 } 966 967 return status; 968 } 969 970 /** 971 * wlan_crypto_get_keytype - get keytype 972 * @key: key 973 * 974 * This function gets keytype from key 975 * 976 * Return: keytype 977 */ 978 wlan_crypto_cipher_type wlan_crypto_get_key_type( 979 struct wlan_crypto_key *key){ 980 if (key && key->cipher_table) { 981 return ((struct wlan_crypto_cipher *) 982 (key->cipher_table))->cipher; 983 } 984 return WLAN_CRYPTO_CIPHER_NONE; 985 } 986 qdf_export_symbol(wlan_crypto_get_key_type); 987 /** 988 * wlan_crypto_vdev_getkey - get key from vdev 989 * @vdev: vdev 990 * @keyix: keyix 991 * 992 * This function gets key from vdev 993 * 994 * Return: key or NULL 995 */ 996 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 997 uint16_t keyix){ 998 struct wlan_crypto_comp_priv *crypto_priv; 999 struct wlan_crypto_params *crypto_params; 1000 struct wlan_crypto_key *key = NULL; 1001 1002 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1003 1004 if (!crypto_priv) { 1005 crypto_err("crypto_priv NULL"); 1006 return NULL; 1007 } 1008 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1009 * we return the default key, for all other keyix we return the 1010 * key accordingly. 1011 */ 1012 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1013 !is_valid_keyix(keyix)) 1014 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1015 else if (is_bigtk(keyix)) 1016 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1017 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1018 else if (is_igtk(keyix)) 1019 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1020 else 1021 key = crypto_priv->key[keyix]; 1022 1023 if (key && key->valid) 1024 return key; 1025 1026 return NULL; 1027 } 1028 qdf_export_symbol(wlan_crypto_vdev_getkey); 1029 1030 /** 1031 * wlan_crypto_peer_getkey - get key from peer 1032 * @peer: peer 1033 * @keyix: keyix 1034 * 1035 * This function gets key from peer 1036 * 1037 * Return: key or NULL 1038 */ 1039 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1040 uint16_t keyix){ 1041 struct wlan_crypto_comp_priv *crypto_priv; 1042 struct wlan_crypto_params *crypto_params; 1043 struct wlan_crypto_key *key = NULL; 1044 1045 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1046 1047 if (!crypto_priv) { 1048 crypto_err("crypto_priv NULL"); 1049 return NULL; 1050 } 1051 1052 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1053 * we return the default key, for all other keyix we return the 1054 * key accordingly. 1055 */ 1056 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1057 !is_valid_keyix(keyix)) 1058 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1059 else if (is_bigtk(keyix)) 1060 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1061 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1062 else if (is_igtk(keyix)) 1063 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1064 else 1065 key = crypto_priv->key[keyix]; 1066 1067 if (key && key->valid) 1068 return key; 1069 1070 return NULL; 1071 } 1072 qdf_export_symbol(wlan_crypto_peer_getkey); 1073 1074 /** 1075 * wlan_crypto_getkey - called by ucfg to get key 1076 * @vdev: vdev 1077 * @req_key: key value will be copied in this req_key 1078 * @mac_address: mac address of the peer for unicast key 1079 * or broadcast address if group key is requested. 1080 * 1081 * This function gets called from ucfg to get key 1082 * 1083 * Return: QDF_STATUS_SUCCESS - in case of success 1084 */ 1085 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1086 struct wlan_crypto_req_key *req_key, 1087 uint8_t *mac_addr){ 1088 struct wlan_crypto_cipher *cipher_table; 1089 struct wlan_crypto_key *key; 1090 struct wlan_objmgr_psoc *psoc; 1091 struct wlan_lmac_if_tx_ops *tx_ops; 1092 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1093 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1094 1095 wlan_vdev_obj_lock(vdev); 1096 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1097 QDF_MAC_ADDR_SIZE); 1098 psoc = wlan_vdev_get_psoc(vdev); 1099 if (!psoc) { 1100 wlan_vdev_obj_unlock(vdev); 1101 crypto_err("psoc NULL"); 1102 return QDF_STATUS_E_INVAL; 1103 } 1104 wlan_vdev_obj_unlock(vdev); 1105 1106 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1107 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1108 if (!key) 1109 return QDF_STATUS_E_INVAL; 1110 } else { 1111 struct wlan_objmgr_peer *peer; 1112 uint8_t pdev_id; 1113 1114 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1115 wlan_vdev_get_pdev(vdev)); 1116 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1117 psoc, 1118 pdev_id, 1119 macaddr, 1120 mac_addr, 1121 WLAN_CRYPTO_ID); 1122 if (!peer) { 1123 crypto_err("peer NULL"); 1124 return QDF_STATUS_E_NOENT; 1125 } 1126 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1127 1128 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1129 if (!tx_ops) { 1130 crypto_err("tx_ops is NULL"); 1131 return QDF_STATUS_E_INVAL; 1132 } 1133 1134 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops) && 1135 (req_key->flags & WLAN_CRYPTO_KEY_GET_PN)) 1136 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, mac_addr, 1137 req_key->type); 1138 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1139 if (!key) 1140 return QDF_STATUS_E_INVAL; 1141 } 1142 1143 if (key->valid) { 1144 qdf_mem_copy(req_key->keydata, 1145 key->keyval, key->keylen); 1146 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1147 (uint8_t *)(&key->keytsc), 1148 sizeof(req_key->keytsc)); 1149 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1150 (uint8_t *)(&key->keyrsc[0]), 1151 sizeof(req_key->keyrsc)); 1152 req_key->keylen = key->keylen; 1153 req_key->flags = key->flags; 1154 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1155 1156 if (!cipher_table) 1157 return QDF_STATUS_SUCCESS; 1158 1159 req_key->type = cipher_table->cipher; 1160 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1161 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1162 (uint8_t *)(key->txiv), 1163 sizeof(req_key->txiv)); 1164 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1165 (uint8_t *)(key->recviv), 1166 sizeof(req_key->recviv)); 1167 } 1168 } 1169 1170 return QDF_STATUS_SUCCESS; 1171 } 1172 1173 /** 1174 * wlan_crypto_delkey - called by ucfg to delete key 1175 * @vdev: vdev 1176 * @mac_address: mac address of the peer for unicast key 1177 * or broadcast address if group key is deleted. 1178 * @key_idx: key index to be deleted 1179 * 1180 * This function gets called from ucfg to delete key 1181 * 1182 * Return: QDF_STATUS_SUCCESS - in case of success 1183 */ 1184 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1185 uint8_t *macaddr, 1186 uint8_t key_idx){ 1187 struct wlan_crypto_comp_priv *crypto_priv; 1188 struct wlan_crypto_params *crypto_params; 1189 struct wlan_crypto_key *key; 1190 struct wlan_crypto_cipher *cipher_table; 1191 struct wlan_objmgr_psoc *psoc; 1192 struct wlan_lmac_if_tx_ops *tx_ops; 1193 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1194 1195 if (!vdev || !macaddr || 1196 !is_valid_keyix(key_idx)) { 1197 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1198 vdev, macaddr, key_idx); 1199 return QDF_STATUS_E_INVAL; 1200 } 1201 1202 wlan_vdev_obj_lock(vdev); 1203 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1204 QDF_MAC_ADDR_SIZE); 1205 psoc = wlan_vdev_get_psoc(vdev); 1206 if (!psoc) { 1207 wlan_vdev_obj_unlock(vdev); 1208 crypto_err("psoc NULL"); 1209 return QDF_STATUS_E_INVAL; 1210 } 1211 wlan_vdev_obj_unlock(vdev); 1212 1213 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1214 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1215 &crypto_priv); 1216 if (!crypto_priv) { 1217 crypto_err("crypto_priv NULL"); 1218 return QDF_STATUS_E_INVAL; 1219 } 1220 } else { 1221 struct wlan_objmgr_peer *peer; 1222 uint8_t pdev_id; 1223 1224 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1225 wlan_vdev_get_pdev(vdev)); 1226 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1227 psoc, pdev_id, 1228 bssid_mac, 1229 macaddr, 1230 WLAN_CRYPTO_ID); 1231 if (!peer) { 1232 return QDF_STATUS_E_INVAL; 1233 } 1234 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1235 &crypto_priv); 1236 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1237 if (!crypto_priv) { 1238 crypto_err("crypto_priv NULL"); 1239 return QDF_STATUS_E_INVAL; 1240 } 1241 } 1242 1243 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1244 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1245 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1246 1247 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1248 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1249 return QDF_STATUS_E_INVAL; 1250 } 1251 if (is_igtk(key_idx)) { 1252 key = crypto_priv->igtk_key[igtk_idx]; 1253 crypto_priv->igtk_key[igtk_idx] = NULL; 1254 } else { 1255 key = crypto_priv->bigtk_key[bigtk_idx]; 1256 crypto_priv->bigtk_key[bigtk_idx] = NULL; 1257 } 1258 if (key) 1259 key->valid = 0; 1260 } else { 1261 key = crypto_priv->key[key_idx]; 1262 crypto_priv->key[key_idx] = NULL; 1263 } 1264 1265 if (!key) 1266 return QDF_STATUS_E_INVAL; 1267 1268 if (key->valid) { 1269 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1270 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1271 1272 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1273 if (!tx_ops) { 1274 crypto_err("tx_ops is NULL"); 1275 return QDF_STATUS_E_INVAL; 1276 } 1277 1278 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1279 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1280 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1281 cipher_table->cipher); 1282 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1283 if (key->private) 1284 qdf_mem_free(key->private); 1285 } 1286 } 1287 1288 /* Zero-out local key variables */ 1289 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1290 qdf_mem_free(key); 1291 1292 return QDF_STATUS_SUCCESS; 1293 } 1294 1295 #ifdef CRYPTO_SET_KEY_CONVERGED 1296 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1297 uint8_t key_idx, uint8_t *macaddr) 1298 { 1299 return QDF_STATUS_SUCCESS; 1300 } 1301 #else 1302 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1303 uint8_t key_idx, uint8_t *macaddr) 1304 { 1305 struct wlan_objmgr_psoc *psoc; 1306 struct wlan_lmac_if_tx_ops *tx_ops; 1307 1308 psoc = wlan_vdev_get_psoc(vdev); 1309 if (!psoc) { 1310 crypto_err("psoc is NULL"); 1311 return QDF_STATUS_E_INVAL; 1312 } 1313 1314 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1315 if (!tx_ops) { 1316 crypto_err("tx_ops is NULL"); 1317 return QDF_STATUS_E_INVAL; 1318 } 1319 1320 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1321 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1322 1323 return QDF_STATUS_SUCCESS; 1324 } 1325 #endif 1326 1327 /** 1328 * wlan_crypto_default_key - called by ucfg to set default tx key 1329 * @vdev: vdev 1330 * @mac_address: mac address of the peer for unicast key 1331 * or broadcast address if group key need to made default. 1332 * @key_idx: key index to be made as default key 1333 * @unicast: is key was unicast or group key. 1334 * 1335 * This function gets called from ucfg to set default key 1336 * 1337 * Return: QDF_STATUS_SUCCESS - in case of success 1338 */ 1339 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1340 uint8_t *macaddr, 1341 uint8_t key_idx, 1342 bool unicast){ 1343 struct wlan_crypto_comp_priv *crypto_priv; 1344 struct wlan_crypto_params *crypto_params; 1345 struct wlan_crypto_key *key; 1346 struct wlan_objmgr_psoc *psoc; 1347 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1348 1349 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1350 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1351 vdev, macaddr, key_idx); 1352 return QDF_STATUS_E_INVAL; 1353 } 1354 1355 wlan_vdev_obj_lock(vdev); 1356 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1357 QDF_MAC_ADDR_SIZE); 1358 psoc = wlan_vdev_get_psoc(vdev); 1359 if (!psoc) { 1360 wlan_vdev_obj_unlock(vdev); 1361 crypto_err("psoc NULL"); 1362 return QDF_STATUS_E_INVAL; 1363 } 1364 wlan_vdev_obj_unlock(vdev); 1365 1366 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1367 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1368 &crypto_priv); 1369 if (!crypto_priv) { 1370 crypto_err("crypto_priv NULL"); 1371 return QDF_STATUS_E_INVAL; 1372 } 1373 1374 key = crypto_priv->key[key_idx]; 1375 if (!key) 1376 return QDF_STATUS_E_INVAL; 1377 } else { 1378 struct wlan_objmgr_peer *peer; 1379 uint8_t pdev_id; 1380 1381 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1382 wlan_vdev_get_pdev(vdev)); 1383 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1384 psoc, pdev_id, 1385 bssid_mac, 1386 macaddr, 1387 WLAN_CRYPTO_ID); 1388 1389 if (!peer) { 1390 crypto_err("peer NULL"); 1391 return QDF_STATUS_E_INVAL; 1392 } 1393 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1394 &crypto_priv); 1395 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1396 if (!crypto_priv) { 1397 crypto_err("crypto_priv NULL"); 1398 return QDF_STATUS_E_INVAL; 1399 } 1400 1401 key = crypto_priv->key[key_idx]; 1402 if (!key) 1403 return QDF_STATUS_E_INVAL; 1404 } 1405 if (!key->valid) 1406 return QDF_STATUS_E_INVAL; 1407 1408 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1409 QDF_STATUS_SUCCESS) 1410 return QDF_STATUS_E_INVAL; 1411 crypto_priv->def_tx_keyid = key_idx; 1412 1413 return QDF_STATUS_SUCCESS; 1414 } 1415 1416 /** 1417 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1418 * @vdev: vdev 1419 * @wbuf: wbuf 1420 * @macaddr: macaddr 1421 * @encapdone: is encapdone already or not. 1422 * 1423 * This function gets called from mgmt txrx to encap frame. 1424 * 1425 * Return: QDF_STATUS_SUCCESS - in case of success 1426 */ 1427 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1428 qdf_nbuf_t wbuf, 1429 uint8_t *mac_addr, 1430 uint8_t encapdone){ 1431 struct wlan_crypto_comp_priv *crypto_priv; 1432 struct wlan_crypto_params *crypto_params; 1433 struct wlan_crypto_key *key; 1434 QDF_STATUS status; 1435 struct wlan_crypto_cipher *cipher_table; 1436 struct wlan_objmgr_psoc *psoc; 1437 struct wlan_objmgr_peer *peer; 1438 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1439 uint8_t pdev_id; 1440 uint8_t hdrlen; 1441 enum QDF_OPMODE opmode; 1442 1443 opmode = wlan_vdev_mlme_get_opmode(vdev); 1444 wlan_vdev_obj_lock(vdev); 1445 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1446 QDF_MAC_ADDR_SIZE); 1447 psoc = wlan_vdev_get_psoc(vdev); 1448 if (!psoc) { 1449 wlan_vdev_obj_unlock(vdev); 1450 crypto_err("psoc NULL"); 1451 return QDF_STATUS_E_INVAL; 1452 } 1453 wlan_vdev_obj_unlock(vdev); 1454 1455 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1456 /* FILS Encap required only for (Re-)Assoc response */ 1457 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1458 1459 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1460 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1461 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1462 return QDF_STATUS_E_INVAL; 1463 } 1464 1465 if (peer) 1466 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1467 1468 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1469 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1470 &crypto_priv); 1471 if (!crypto_priv) { 1472 crypto_err("crypto_priv NULL"); 1473 return QDF_STATUS_E_INVAL; 1474 } 1475 1476 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1477 if (!key) 1478 return QDF_STATUS_E_INVAL; 1479 1480 } else { 1481 struct wlan_objmgr_peer *peer; 1482 uint8_t pdev_id; 1483 1484 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1485 wlan_vdev_get_pdev(vdev)); 1486 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1487 bssid_mac, mac_addr, 1488 WLAN_CRYPTO_ID); 1489 1490 if (!peer) { 1491 crypto_err("crypto_priv NULL"); 1492 return QDF_STATUS_E_INVAL; 1493 } 1494 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1495 &crypto_priv); 1496 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1497 1498 if (!crypto_priv) { 1499 crypto_err("crypto_priv NULL"); 1500 return QDF_STATUS_E_INVAL; 1501 } 1502 1503 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1504 if (!key) 1505 return QDF_STATUS_E_INVAL; 1506 } 1507 if (opmode == QDF_MONITOR_MODE) 1508 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1509 else 1510 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1511 (uint8_t *)qdf_nbuf_data(wbuf)); 1512 1513 /* if tkip, is counter measures enabled, then drop the frame */ 1514 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1515 status = cipher_table->encap(key, wbuf, encapdone, 1516 hdrlen); 1517 1518 return status; 1519 } 1520 qdf_export_symbol(wlan_crypto_encap); 1521 1522 /** 1523 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1524 * @vdev: vdev 1525 * @wbuf: wbuf 1526 * @macaddr: macaddr 1527 * @tid: tid of the frame 1528 * 1529 * This function gets called from mgmt txrx to decap frame. 1530 * 1531 * Return: QDF_STATUS_SUCCESS - in case of success 1532 */ 1533 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1534 qdf_nbuf_t wbuf, 1535 uint8_t *mac_addr, 1536 uint8_t tid){ 1537 struct wlan_crypto_comp_priv *crypto_priv; 1538 struct wlan_crypto_params *crypto_params; 1539 struct wlan_crypto_key *key; 1540 QDF_STATUS status; 1541 struct wlan_crypto_cipher *cipher_table; 1542 struct wlan_objmgr_psoc *psoc; 1543 struct wlan_objmgr_peer *peer; 1544 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1545 uint8_t keyid; 1546 uint8_t pdev_id; 1547 uint8_t hdrlen; 1548 enum QDF_OPMODE opmode; 1549 1550 opmode = wlan_vdev_mlme_get_opmode(vdev); 1551 wlan_vdev_obj_lock(vdev); 1552 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1553 QDF_MAC_ADDR_SIZE); 1554 psoc = wlan_vdev_get_psoc(vdev); 1555 if (!psoc) { 1556 wlan_vdev_obj_unlock(vdev); 1557 crypto_err("psoc NULL"); 1558 return QDF_STATUS_E_INVAL; 1559 } 1560 wlan_vdev_obj_unlock(vdev); 1561 1562 if (opmode == QDF_MONITOR_MODE) 1563 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1564 else 1565 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1566 (uint8_t *)qdf_nbuf_data(wbuf)); 1567 1568 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1569 1570 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1571 return QDF_STATUS_E_INVAL; 1572 1573 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1574 /* FILS Decap required only for (Re-)Assoc request */ 1575 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1576 1577 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1578 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1579 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1580 return QDF_STATUS_E_INVAL; 1581 } 1582 1583 if (peer) 1584 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1585 1586 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1587 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1588 &crypto_priv); 1589 if (!crypto_priv) { 1590 crypto_err("crypto_priv NULL"); 1591 return QDF_STATUS_E_INVAL; 1592 } 1593 1594 key = crypto_priv->key[keyid]; 1595 if (!key) 1596 return QDF_STATUS_E_INVAL; 1597 1598 } else { 1599 struct wlan_objmgr_peer *peer; 1600 uint8_t pdev_id; 1601 1602 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1603 wlan_vdev_get_pdev(vdev)); 1604 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1605 psoc, pdev_id, bssid_mac, 1606 mac_addr, WLAN_CRYPTO_ID); 1607 if (!peer) { 1608 crypto_err("peer NULL"); 1609 return QDF_STATUS_E_INVAL; 1610 } 1611 1612 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1613 &crypto_priv); 1614 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1615 1616 if (!crypto_priv) { 1617 crypto_err("crypto_priv NULL"); 1618 return QDF_STATUS_E_INVAL; 1619 } 1620 1621 key = crypto_priv->key[keyid]; 1622 if (!key) 1623 return QDF_STATUS_E_INVAL; 1624 } 1625 /* if tkip, is counter measures enabled, then drop the frame */ 1626 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1627 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1628 1629 return status; 1630 } 1631 qdf_export_symbol(wlan_crypto_decap); 1632 /** 1633 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1634 * @vdev: vdev 1635 * @wbuf: wbuf 1636 * @macaddr: macaddr 1637 * @encapdone: is encapdone already or not. 1638 * 1639 * This function gets called from mgmt txrx to adding mic to the frame. 1640 * 1641 * Return: QDF_STATUS_SUCCESS - in case of success 1642 */ 1643 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1644 qdf_nbuf_t wbuf, 1645 uint8_t *mac_addr, 1646 uint8_t encapdone){ 1647 struct wlan_crypto_comp_priv *crypto_priv; 1648 struct wlan_crypto_params *crypto_params; 1649 struct wlan_crypto_key *key; 1650 QDF_STATUS status; 1651 struct wlan_crypto_cipher *cipher_table; 1652 struct wlan_objmgr_psoc *psoc; 1653 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1654 uint8_t hdrlen; 1655 enum QDF_OPMODE opmode; 1656 1657 opmode = wlan_vdev_mlme_get_opmode(vdev); 1658 1659 1660 wlan_vdev_obj_lock(vdev); 1661 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1662 QDF_MAC_ADDR_SIZE); 1663 psoc = wlan_vdev_get_psoc(vdev); 1664 if (!psoc) { 1665 wlan_vdev_obj_unlock(vdev); 1666 crypto_err("psoc NULL"); 1667 return QDF_STATUS_E_INVAL; 1668 } 1669 wlan_vdev_obj_unlock(vdev); 1670 1671 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1672 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1673 &crypto_priv); 1674 if (!crypto_priv) { 1675 crypto_err("crypto_priv NULL"); 1676 return QDF_STATUS_E_INVAL; 1677 } 1678 1679 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1680 if (!key) 1681 return QDF_STATUS_E_INVAL; 1682 1683 } else { 1684 struct wlan_objmgr_peer *peer; 1685 uint8_t pdev_id; 1686 1687 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1688 wlan_vdev_get_pdev(vdev)); 1689 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1690 psoc, pdev_id, bssid_mac, 1691 mac_addr, WLAN_CRYPTO_ID); 1692 if (!peer) { 1693 crypto_err("crypto_priv NULL"); 1694 return QDF_STATUS_E_INVAL; 1695 } 1696 1697 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1698 &crypto_priv); 1699 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1700 1701 if (!crypto_priv) { 1702 crypto_err("crypto_priv NULL"); 1703 return QDF_STATUS_E_INVAL; 1704 } 1705 1706 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1707 if (!key) 1708 return QDF_STATUS_E_INVAL; 1709 } 1710 if (opmode == QDF_MONITOR_MODE) 1711 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1712 else 1713 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1714 (uint8_t *)qdf_nbuf_data(wbuf)); 1715 1716 /* if tkip, is counter measures enabled, then drop the frame */ 1717 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1718 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1719 1720 return status; 1721 } 1722 1723 /** 1724 * wlan_crypto_demic - called by mgmt for remove and check mic for 1725 * the frame based on cipher 1726 * @vdev: vdev 1727 * @wbuf: wbuf 1728 * @macaddr: macaddr 1729 * @tid: tid of the frame 1730 * @keyid: keyid in the received frame 1731 * This function gets called from mgmt txrx to decap frame. 1732 * 1733 * Return: QDF_STATUS_SUCCESS - in case of success 1734 */ 1735 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1736 qdf_nbuf_t wbuf, 1737 uint8_t *mac_addr, 1738 uint8_t tid, 1739 uint8_t keyid){ 1740 struct wlan_crypto_comp_priv *crypto_priv; 1741 struct wlan_crypto_params *crypto_params; 1742 struct wlan_crypto_key *key; 1743 QDF_STATUS status; 1744 struct wlan_crypto_cipher *cipher_table; 1745 struct wlan_objmgr_psoc *psoc; 1746 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1747 uint8_t hdrlen; 1748 enum QDF_OPMODE opmode; 1749 1750 opmode = wlan_vdev_mlme_get_opmode(vdev); 1751 1752 if (opmode == QDF_MONITOR_MODE) 1753 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1754 else 1755 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1756 (uint8_t *)qdf_nbuf_data(wbuf)); 1757 1758 wlan_vdev_obj_lock(vdev); 1759 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1760 QDF_MAC_ADDR_SIZE); 1761 psoc = wlan_vdev_get_psoc(vdev); 1762 if (!psoc) { 1763 wlan_vdev_obj_unlock(vdev); 1764 crypto_err("psoc NULL"); 1765 return QDF_STATUS_E_INVAL; 1766 } 1767 wlan_vdev_obj_unlock(vdev); 1768 1769 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1770 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1771 &crypto_priv); 1772 if (!crypto_priv) { 1773 crypto_err("crypto_priv NULL"); 1774 return QDF_STATUS_E_INVAL; 1775 } 1776 1777 key = crypto_priv->key[keyid]; 1778 if (!key) 1779 return QDF_STATUS_E_INVAL; 1780 1781 } else { 1782 struct wlan_objmgr_peer *peer; 1783 uint8_t pdev_id; 1784 1785 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1786 wlan_vdev_get_pdev(vdev)); 1787 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1788 psoc, pdev_id, bssid_mac, 1789 mac_addr, WLAN_CRYPTO_ID); 1790 if (!peer) { 1791 crypto_err("peer NULL"); 1792 return QDF_STATUS_E_INVAL; 1793 } 1794 1795 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1796 &crypto_priv); 1797 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1798 1799 if (!crypto_priv) { 1800 crypto_err("crypto_priv NULL"); 1801 return QDF_STATUS_E_INVAL; 1802 } 1803 1804 key = crypto_priv->key[keyid]; 1805 if (!key) 1806 return QDF_STATUS_E_INVAL; 1807 } 1808 /* if tkip, is counter measures enabled, then drop the frame */ 1809 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1810 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1811 1812 return status; 1813 } 1814 1815 /** 1816 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1817 * @vdev: vdev 1818 * 1819 * This function gets called to check is pmf enabled or not in vdev. 1820 * 1821 * Return: true or false 1822 */ 1823 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1824 { 1825 1826 struct wlan_crypto_comp_priv *crypto_priv; 1827 struct wlan_crypto_params *vdev_crypto_params; 1828 1829 if (!vdev) 1830 return false; 1831 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1832 &crypto_priv); 1833 if (!crypto_priv) { 1834 crypto_err("crypto_priv NULL"); 1835 return QDF_STATUS_E_INVAL; 1836 } 1837 1838 if ((vdev_crypto_params->rsn_caps & 1839 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1840 || (vdev_crypto_params->rsn_caps & 1841 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1842 return true; 1843 } 1844 1845 return false; 1846 } 1847 1848 /** 1849 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 1850 * @vdev: vdev 1851 * 1852 * This function gets called to check is pmf required or not in vdev. 1853 * 1854 * Return: true or false 1855 */ 1856 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 1857 { 1858 struct wlan_crypto_comp_priv *crypto_priv; 1859 struct wlan_crypto_params *vdev_crypto_params; 1860 1861 if (!vdev) 1862 return false; 1863 1864 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1865 &crypto_priv); 1866 if (!crypto_priv) { 1867 crypto_err("crypto_priv NULL"); 1868 return QDF_STATUS_E_INVAL; 1869 } 1870 1871 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 1872 return true; 1873 1874 return false; 1875 } 1876 1877 /** 1878 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1879 * @vdev: vdev 1880 * @peer: peer 1881 * 1882 * This function gets called by mgmt txrx to check is pmf enabled or not. 1883 * 1884 * Return: true or false 1885 */ 1886 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1887 struct wlan_objmgr_peer *peer){ 1888 1889 struct wlan_crypto_comp_priv *crypto_priv; 1890 struct wlan_crypto_params *vdev_crypto_params; 1891 struct wlan_crypto_params *peer_crypto_params; 1892 1893 if (!vdev || !peer) 1894 return false; 1895 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1896 &crypto_priv); 1897 if (!crypto_priv) { 1898 crypto_err("crypto_priv NULL"); 1899 return QDF_STATUS_E_INVAL; 1900 } 1901 1902 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1903 &crypto_priv); 1904 if (!crypto_priv) { 1905 crypto_err("crypto_priv NULL"); 1906 return QDF_STATUS_E_INVAL; 1907 } 1908 if (((vdev_crypto_params->rsn_caps & 1909 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1910 (peer_crypto_params->rsn_caps & 1911 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1912 || (vdev_crypto_params->rsn_caps & 1913 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1914 return true; 1915 } 1916 1917 return false; 1918 } 1919 1920 /** 1921 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 1922 * @vdev: vdev 1923 * @peer: peer 1924 * @keyidx : key index 1925 * 1926 * This function gets called by mgmt txrx to check if key is valid 1927 * 1928 * Return: true or false 1929 */ 1930 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 1931 struct wlan_objmgr_peer *peer, 1932 uint16_t keyidx) 1933 { 1934 struct wlan_crypto_key *key = NULL; 1935 1936 if (!vdev && !peer) 1937 return false; 1938 1939 if (peer) 1940 key = wlan_crypto_peer_getkey(peer, keyidx); 1941 else if (vdev) 1942 key = wlan_crypto_vdev_getkey(vdev, keyidx); 1943 1944 if ((key) && key->valid) 1945 return true; 1946 1947 return false; 1948 } 1949 1950 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1951 { 1952 a[0] = b[5]; 1953 a[1] = b[4]; 1954 a[2] = b[3]; 1955 a[3] = b[2]; 1956 a[4] = b[1]; 1957 a[5] = b[0]; 1958 } 1959 1960 /** 1961 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1962 * @vdev: vdev 1963 * @bfrm: frame starting pointer 1964 * @len: length of the frame 1965 * 1966 * This function gets called by mgmt txrx to add mmie in frame 1967 * 1968 * Return: end of frame or NULL in case failure 1969 */ 1970 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1971 uint8_t *bfrm, 1972 uint32_t len) { 1973 struct wlan_crypto_key *key; 1974 struct wlan_crypto_mmie *mmie; 1975 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1976 struct wlan_frame_hdr *hdr; 1977 uint32_t i, hdrlen, mic_len, aad_len; 1978 uint8_t mic[16]; 1979 struct wlan_crypto_comp_priv *crypto_priv; 1980 struct wlan_crypto_params *crypto_params; 1981 int32_t ret = -1; 1982 1983 if (!bfrm) { 1984 crypto_err("frame is NULL"); 1985 return NULL; 1986 } 1987 1988 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1989 &crypto_priv); 1990 if (!crypto_priv) { 1991 crypto_err("crypto_priv NULL"); 1992 return NULL; 1993 } 1994 1995 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1996 crypto_err("igtk key invalid keyid %d", 1997 crypto_priv->def_igtk_tx_keyid); 1998 return NULL; 1999 } 2000 2001 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 2002 if (!key) { 2003 crypto_err("No igtk key present"); 2004 return NULL; 2005 } 2006 mic_len = (crypto_priv->igtk_key_type 2007 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2008 2009 efrm = bfrm + len; 2010 aad_len = 20; 2011 hdrlen = sizeof(struct wlan_frame_hdr); 2012 len += sizeof(struct wlan_crypto_mmie); 2013 2014 mmie = (struct wlan_crypto_mmie *) efrm; 2015 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2016 mmie->element_id = WLAN_ELEMID_MMIE; 2017 mmie->length = sizeof(*mmie) - 2; 2018 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2019 2020 mic_len = (crypto_priv->igtk_key_type 2021 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2022 if (mic_len == 8) { 2023 mmie->length -= 8; 2024 len -= 8; 2025 } 2026 /* PN = PN + 1 */ 2027 pn = (uint8_t *)&key->keytsc; 2028 2029 for (i = 0; i <= 5; i++) { 2030 pn[i]++; 2031 if (pn[i]) 2032 break; 2033 } 2034 2035 /* Copy IPN */ 2036 qdf_mem_copy(mmie->sequence_number, pn, 6); 2037 2038 hdr = (struct wlan_frame_hdr *) bfrm; 2039 2040 buf = qdf_mem_malloc(len - hdrlen + 20); 2041 if (!buf) 2042 return NULL; 2043 2044 qdf_mem_zero(buf, len - hdrlen + 20); 2045 aad = buf; 2046 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2047 2048 /* FC type/subtype */ 2049 aad[0] = hdr->i_fc[0]; 2050 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2051 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2052 | WLAN_FC1_MOREDATA)); 2053 /* A1 || A2 || A3 */ 2054 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2055 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2056 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2057 qdf_mem_zero(mic, 16); 2058 2059 /* 2060 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2061 */ 2062 2063 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2064 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2065 2066 ret = omac1_aes_128(key->keyval, buf, 2067 len + aad_len - hdrlen, mic); 2068 qdf_mem_copy(mmie->mic, mic, 8); 2069 2070 } else if (crypto_priv->igtk_key_type 2071 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2072 2073 ret = omac1_aes_256(key->keyval, buf, 2074 len + aad_len - hdrlen, mmie->mic); 2075 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2076 || (crypto_priv->igtk_key_type 2077 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2078 2079 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2080 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 2081 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2082 sizeof(nounce), buf, 2083 len + aad_len - hdrlen, mmie->mic); 2084 } 2085 qdf_mem_free(buf); 2086 if (ret < 0) { 2087 crypto_err("add mmie failed"); 2088 return NULL; 2089 } 2090 2091 return bfrm + len; 2092 } 2093 2094 /** 2095 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 2096 * @vdev: vdev 2097 * @frm: frame starting pointer 2098 * @efrm: end of frame pointer 2099 * 2100 * This function gets called by mgmt txrx to check mmie of the frame 2101 * 2102 * Return: true or false 2103 */ 2104 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2105 uint8_t *frm, 2106 uint8_t *efrm){ 2107 struct wlan_crypto_mmie *mmie = NULL; 2108 uint8_t *ipn, *aad, *buf, *mic, nounce[12]; 2109 struct wlan_crypto_key *key; 2110 struct wlan_frame_hdr *hdr; 2111 uint16_t mic_len, hdrlen, len; 2112 struct wlan_crypto_comp_priv *crypto_priv; 2113 struct wlan_crypto_params *crypto_params; 2114 uint8_t aad_len = 20; 2115 int32_t ret = -1; 2116 2117 /* check if frame is illegal length */ 2118 if (!frm || !efrm || (efrm < frm) 2119 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2120 crypto_err("Invalid params"); 2121 return false; 2122 } 2123 len = efrm - frm; 2124 crypto_priv = (struct wlan_crypto_comp_priv *) 2125 wlan_get_vdev_crypto_obj(vdev); 2126 if (!crypto_priv) { 2127 crypto_err("crypto_priv NULL"); 2128 return false; 2129 } 2130 2131 crypto_params = &(crypto_priv->crypto_params); 2132 2133 2134 mic_len = (crypto_priv->igtk_key_type 2135 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2136 hdrlen = sizeof(struct wlan_frame_hdr); 2137 2138 if (mic_len == 8) 2139 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2140 else 2141 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2142 2143 2144 /* check Elem ID*/ 2145 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2146 crypto_err("IE is not MMIE"); 2147 return false; 2148 } 2149 2150 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2151 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2152 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2153 crypto_err("keyid not valid"); 2154 return false; 2155 } 2156 2157 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2158 if (!key) { 2159 crypto_err("No igtk key present"); 2160 return false; 2161 } 2162 2163 /* validate ipn */ 2164 ipn = mmie->sequence_number; 2165 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2166 uint8_t *su = (uint8_t *)key->keyrsc; 2167 uint8_t *end = ipn + 6; 2168 2169 crypto_err("replay error :"); 2170 while (ipn < end) { 2171 crypto_err("expected pn = %x received pn = %x", 2172 *ipn++, *su++); 2173 } 2174 return false; 2175 } 2176 2177 buf = qdf_mem_malloc(len - hdrlen + 20); 2178 if (!buf) 2179 return false; 2180 2181 aad = buf; 2182 2183 /* construct AAD */ 2184 hdr = (struct wlan_frame_hdr *)frm; 2185 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2186 2187 /* FC type/subtype */ 2188 aad[0] = hdr->i_fc[0]; 2189 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2190 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2191 | WLAN_FC1_MOREDATA)); 2192 /* A1 || A2 || A3 */ 2193 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2194 2195 /* 2196 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2197 */ 2198 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2199 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2200 mic = qdf_mem_malloc(mic_len); 2201 if (!mic) { 2202 qdf_mem_free(buf); 2203 return false; 2204 } 2205 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2206 ret = omac1_aes_128(key->keyval, buf, 2207 len - hdrlen + aad_len, mic); 2208 } else if (crypto_priv->igtk_key_type 2209 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2210 ret = omac1_aes_256(key->keyval, buf, 2211 len + aad_len - hdrlen, mic); 2212 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2213 || (crypto_priv->igtk_key_type 2214 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2215 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2216 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 2217 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2218 sizeof(nounce), buf, 2219 len + aad_len - hdrlen, mic); 2220 } 2221 2222 qdf_mem_free(buf); 2223 2224 if (ret < 0) { 2225 qdf_mem_free(mic); 2226 crypto_err("genarate mmie failed"); 2227 return false; 2228 } 2229 2230 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2231 qdf_mem_free(mic); 2232 crypto_err("mmie mismatch"); 2233 /* MMIE MIC mismatch */ 2234 return false; 2235 } 2236 2237 qdf_mem_free(mic); 2238 /* Update the receive sequence number */ 2239 qdf_mem_copy(key->keyrsc, ipn, 6); 2240 crypto_debug("mmie matched"); 2241 2242 return true; 2243 } 2244 2245 2246 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2247 { 2248 int32_t status = -1; 2249 2250 switch (cipher) { 2251 case WLAN_CRYPTO_CIPHER_TKIP: 2252 return WPA_CIPHER_SUITE_TKIP; 2253 case WLAN_CRYPTO_CIPHER_AES_CCM: 2254 return WPA_CIPHER_SUITE_CCMP; 2255 case WLAN_CRYPTO_CIPHER_NONE: 2256 return WPA_CIPHER_SUITE_NONE; 2257 } 2258 2259 return status; 2260 } 2261 2262 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2263 { 2264 int32_t status = -1; 2265 2266 switch (cipher) { 2267 case WLAN_CRYPTO_CIPHER_TKIP: 2268 return RSN_CIPHER_SUITE_TKIP; 2269 case WLAN_CRYPTO_CIPHER_AES_CCM: 2270 return RSN_CIPHER_SUITE_CCMP; 2271 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2272 return RSN_CIPHER_SUITE_CCMP_256; 2273 case WLAN_CRYPTO_CIPHER_AES_GCM: 2274 return RSN_CIPHER_SUITE_GCMP; 2275 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2276 return RSN_CIPHER_SUITE_GCMP_256; 2277 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2278 return RSN_CIPHER_SUITE_AES_CMAC; 2279 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2280 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2281 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2282 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2283 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2284 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2285 case WLAN_CRYPTO_CIPHER_NONE: 2286 return RSN_CIPHER_SUITE_NONE; 2287 } 2288 2289 return status; 2290 } 2291 2292 /* 2293 * Convert an RSN key management/authentication algorithm 2294 * to an internal code. 2295 */ 2296 static int32_t 2297 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2298 { 2299 int32_t status = -1; 2300 2301 switch (keymgmt) { 2302 case WLAN_CRYPTO_KEY_MGMT_NONE: 2303 return RSN_AUTH_KEY_MGMT_NONE; 2304 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2305 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2306 case WLAN_CRYPTO_KEY_MGMT_PSK: 2307 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2308 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2309 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2310 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2311 return RSN_AUTH_KEY_MGMT_FT_PSK; 2312 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2313 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2314 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2315 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2316 case WLAN_CRYPTO_KEY_MGMT_SAE: 2317 return RSN_AUTH_KEY_MGMT_SAE; 2318 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2319 return RSN_AUTH_KEY_MGMT_FT_SAE; 2320 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2321 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2322 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2323 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2324 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2325 return RSN_AUTH_KEY_MGMT_CCKM; 2326 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2327 return RSN_AUTH_KEY_MGMT_OSEN; 2328 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2329 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2330 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2331 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2332 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2333 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2334 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2335 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2336 case WLAN_CRYPTO_KEY_MGMT_OWE: 2337 return RSN_AUTH_KEY_MGMT_OWE; 2338 case WLAN_CRYPTO_KEY_MGMT_DPP: 2339 return RSN_AUTH_KEY_MGMT_DPP; 2340 } 2341 2342 return status; 2343 } 2344 2345 /* 2346 * Convert an RSN key management/authentication algorithm 2347 * to an internal code. 2348 */ 2349 static int32_t 2350 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2351 { 2352 int32_t status = -1; 2353 2354 switch (keymgmt) { 2355 case WLAN_CRYPTO_KEY_MGMT_NONE: 2356 return WPA_AUTH_KEY_MGMT_NONE; 2357 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2358 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2359 case WLAN_CRYPTO_KEY_MGMT_PSK: 2360 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2361 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2362 return WPA_AUTH_KEY_MGMT_CCKM; 2363 } 2364 2365 return status; 2366 } 2367 /** 2368 * Convert a WPA cipher selector OUI to an internal 2369 * cipher algorithm. Where appropriate we also 2370 * record any key length. 2371 */ 2372 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 2373 { 2374 uint32_t w = LE_READ_4(sel); 2375 int32_t status = -1; 2376 2377 switch (w) { 2378 case WPA_CIPHER_SUITE_TKIP: 2379 return WLAN_CRYPTO_CIPHER_TKIP; 2380 case WPA_CIPHER_SUITE_CCMP: 2381 return WLAN_CRYPTO_CIPHER_AES_CCM; 2382 case WPA_CIPHER_SUITE_NONE: 2383 return WLAN_CRYPTO_CIPHER_NONE; 2384 } 2385 2386 return status; 2387 } 2388 2389 /* 2390 * Convert a WPA key management/authentication algorithm 2391 * to an internal code. 2392 */ 2393 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 2394 { 2395 uint32_t w = LE_READ_4(sel); 2396 int32_t status = -1; 2397 2398 switch (w) { 2399 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2400 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2401 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2402 return WLAN_CRYPTO_KEY_MGMT_PSK; 2403 case WPA_AUTH_KEY_MGMT_CCKM: 2404 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2405 case WPA_AUTH_KEY_MGMT_NONE: 2406 return WLAN_CRYPTO_KEY_MGMT_NONE; 2407 } 2408 return status; 2409 } 2410 2411 /* 2412 * Convert a RSN cipher selector OUI to an internal 2413 * cipher algorithm. Where appropriate we also 2414 * record any key length. 2415 */ 2416 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 2417 { 2418 uint32_t w = LE_READ_4(sel); 2419 int32_t status = -1; 2420 2421 switch (w) { 2422 case RSN_CIPHER_SUITE_TKIP: 2423 return WLAN_CRYPTO_CIPHER_TKIP; 2424 case RSN_CIPHER_SUITE_CCMP: 2425 return WLAN_CRYPTO_CIPHER_AES_CCM; 2426 case RSN_CIPHER_SUITE_CCMP_256: 2427 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2428 case RSN_CIPHER_SUITE_GCMP: 2429 return WLAN_CRYPTO_CIPHER_AES_GCM; 2430 case RSN_CIPHER_SUITE_GCMP_256: 2431 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2432 case RSN_CIPHER_SUITE_AES_CMAC: 2433 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2434 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2435 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2436 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2437 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2438 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2439 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2440 case RSN_CIPHER_SUITE_NONE: 2441 return WLAN_CRYPTO_CIPHER_NONE; 2442 } 2443 2444 return status; 2445 } 2446 /* 2447 * Convert an RSN key management/authentication algorithm 2448 * to an internal code. 2449 */ 2450 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2451 { 2452 uint32_t w = LE_READ_4(sel); 2453 int32_t status = -1; 2454 2455 switch (w) { 2456 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2457 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2458 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2459 return WLAN_CRYPTO_KEY_MGMT_PSK; 2460 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2461 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2462 case RSN_AUTH_KEY_MGMT_FT_PSK: 2463 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2464 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2465 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2466 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2467 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2468 case RSN_AUTH_KEY_MGMT_SAE: 2469 return WLAN_CRYPTO_KEY_MGMT_SAE; 2470 case RSN_AUTH_KEY_MGMT_FT_SAE: 2471 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2472 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2473 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2474 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2475 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2476 case RSN_AUTH_KEY_MGMT_CCKM: 2477 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2478 case RSN_AUTH_KEY_MGMT_OSEN: 2479 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2480 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2481 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2482 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2483 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2484 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2485 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2486 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2487 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2488 case RSN_AUTH_KEY_MGMT_OWE: 2489 return WLAN_CRYPTO_KEY_MGMT_OWE; 2490 case RSN_AUTH_KEY_MGMT_DPP: 2491 return WLAN_CRYPTO_KEY_MGMT_DPP; 2492 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2493 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2494 } 2495 2496 return status; 2497 } 2498 2499 /** 2500 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2501 * @crypto params: crypto params 2502 * @iebuf: ie buffer 2503 * 2504 * This function gets called by mlme to check the contents of wpa is 2505 * matching with given crypto params 2506 * 2507 * Return: QDF_STATUS_SUCCESS - in case of success 2508 */ 2509 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2510 uint8_t *frm){ 2511 uint8_t len = frm[1]; 2512 int32_t w; 2513 int n; 2514 2515 /* 2516 * Check the length once for fixed parts: OUI, type, 2517 * version, mcast cipher, and 2 selector counts. 2518 * Other, variable-length data, must be checked separately. 2519 */ 2520 RESET_AUTHMODE(crypto_params); 2521 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2522 2523 if (len < 14) 2524 return QDF_STATUS_E_INVAL; 2525 2526 frm += 6, len -= 4; 2527 2528 w = LE_READ_2(frm); 2529 if (w != WPA_VERSION) 2530 return QDF_STATUS_E_INVAL; 2531 2532 frm += 2, len -= 2; 2533 2534 /* multicast/group cipher */ 2535 RESET_MCAST_CIPHERS(crypto_params); 2536 w = wlan_crypto_wpa_suite_to_cipher(frm); 2537 if (w < 0) 2538 return QDF_STATUS_E_INVAL; 2539 SET_MCAST_CIPHER(crypto_params, w); 2540 frm += 4, len -= 4; 2541 2542 /* unicast ciphers */ 2543 n = LE_READ_2(frm); 2544 frm += 2, len -= 2; 2545 if (len < n*4+2) 2546 return QDF_STATUS_E_INVAL; 2547 2548 RESET_UCAST_CIPHERS(crypto_params); 2549 for (; n > 0; n--) { 2550 w = wlan_crypto_wpa_suite_to_cipher(frm); 2551 if (w < 0) 2552 return QDF_STATUS_E_INVAL; 2553 SET_UCAST_CIPHER(crypto_params, w); 2554 frm += 4, len -= 4; 2555 } 2556 2557 if (!crypto_params->ucastcipherset) 2558 return QDF_STATUS_E_INVAL; 2559 2560 /* key management algorithms */ 2561 n = LE_READ_2(frm); 2562 frm += 2, len -= 2; 2563 if (len < n*4) 2564 return QDF_STATUS_E_INVAL; 2565 2566 w = 0; 2567 RESET_KEY_MGMT(crypto_params); 2568 for (; n > 0; n--) { 2569 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2570 if (w < 0) 2571 return QDF_STATUS_E_INVAL; 2572 SET_KEY_MGMT(crypto_params, w); 2573 frm += 4, len -= 4; 2574 } 2575 2576 /* optional capabilities */ 2577 if (len >= 2) { 2578 crypto_params->rsn_caps = LE_READ_2(frm); 2579 frm += 2, len -= 2; 2580 } 2581 2582 return QDF_STATUS_SUCCESS; 2583 } 2584 2585 /** 2586 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2587 * @crypto params: crypto params 2588 * @iebuf: ie buffer 2589 * 2590 * This function gets called by mlme to check the contents of wpa is 2591 * matching with given crypto params 2592 * 2593 * Return: QDF_STATUS_SUCCESS - in case of success 2594 */ 2595 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2596 uint8_t *frm){ 2597 uint8_t len = frm[1]; 2598 int32_t w; 2599 int n; 2600 2601 /* Check the length once for fixed parts: OUI, type & version */ 2602 if (len < 2) 2603 return QDF_STATUS_E_INVAL; 2604 2605 /* initialize crypto params */ 2606 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2607 2608 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2609 2610 frm += 2; 2611 /* NB: iswapoui already validated the OUI and type */ 2612 w = LE_READ_2(frm); 2613 if (w != RSN_VERSION) 2614 return QDF_STATUS_E_INVAL; 2615 2616 frm += 2, len -= 2; 2617 2618 if (!len) { 2619 /* set defaults */ 2620 /* default group cipher CCMP-128 */ 2621 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2622 /* default ucast cipher CCMP-128 */ 2623 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2624 /* default key mgmt 8021x */ 2625 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2626 return QDF_STATUS_SUCCESS; 2627 } else if (len < 4) { 2628 return QDF_STATUS_E_INVAL; 2629 } 2630 2631 /* multicast/group cipher */ 2632 w = wlan_crypto_rsn_suite_to_cipher(frm); 2633 if (w < 0) 2634 return QDF_STATUS_E_INVAL; 2635 else { 2636 SET_MCAST_CIPHER(crypto_params, w); 2637 frm += 4, len -= 4; 2638 } 2639 2640 if (crypto_params->mcastcipherset == 0) 2641 return QDF_STATUS_E_INVAL; 2642 2643 if (!len) { 2644 /* default ucast cipher CCMP-128 */ 2645 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2646 /* default key mgmt 8021x */ 2647 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2648 return QDF_STATUS_SUCCESS; 2649 } else if (len < 2) { 2650 return QDF_STATUS_E_INVAL; 2651 } 2652 2653 /* unicast ciphers */ 2654 n = LE_READ_2(frm); 2655 frm += 2, len -= 2; 2656 if (n) { 2657 if (len < n * 4) 2658 return QDF_STATUS_E_INVAL; 2659 2660 for (; n > 0; n--) { 2661 w = wlan_crypto_rsn_suite_to_cipher(frm); 2662 if (w < 0) 2663 return QDF_STATUS_E_INVAL; 2664 SET_UCAST_CIPHER(crypto_params, w); 2665 frm += 4, len -= 4; 2666 } 2667 } else { 2668 /* default ucast cipher CCMP-128 */ 2669 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2670 } 2671 2672 if (crypto_params->ucastcipherset == 0) 2673 return QDF_STATUS_E_INVAL; 2674 2675 if (!len) { 2676 /* default key mgmt 8021x */ 2677 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2678 return QDF_STATUS_SUCCESS; 2679 } else if (len < 2) { 2680 return QDF_STATUS_E_INVAL; 2681 } 2682 2683 /* key management algorithms */ 2684 n = LE_READ_2(frm); 2685 frm += 2, len -= 2; 2686 2687 if (n) { 2688 if (len < n * 4) 2689 return QDF_STATUS_E_INVAL; 2690 2691 for (; n > 0; n--) { 2692 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2693 if (w < 0) 2694 return QDF_STATUS_E_INVAL; 2695 SET_KEY_MGMT(crypto_params, w); 2696 frm += 4, len -= 4; 2697 } 2698 } else { 2699 /* default key mgmt 8021x */ 2700 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2701 } 2702 2703 if (crypto_params->key_mgmt == 0) 2704 return QDF_STATUS_E_INVAL; 2705 2706 /* optional capabilities */ 2707 if (len >= 2) { 2708 crypto_params->rsn_caps = LE_READ_2(frm); 2709 frm += 2, len -= 2; 2710 } else if (len && len < 2) { 2711 return QDF_STATUS_E_INVAL; 2712 } 2713 2714 2715 /* PMKID */ 2716 if (len >= 2) { 2717 n = LE_READ_2(frm); 2718 frm += 2, len -= 2; 2719 if (n && len) { 2720 if (len >= n * PMKID_LEN) 2721 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2722 else 2723 return QDF_STATUS_E_INVAL; 2724 } else if (n && !len) { 2725 return QDF_STATUS_E_INVAL; 2726 } 2727 /*TODO: Save pmkid in params for further reference */ 2728 } 2729 2730 /* BIP */ 2731 if (!len && 2732 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2733 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2734 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2735 return QDF_STATUS_SUCCESS; 2736 } else if (len >= 4) { 2737 w = wlan_crypto_rsn_suite_to_cipher(frm); 2738 frm += 4, len -= 4; 2739 SET_MGMT_CIPHER(crypto_params, w); 2740 } 2741 2742 return QDF_STATUS_SUCCESS; 2743 } 2744 2745 /** 2746 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2747 * @vdev: vdev 2748 * @iebuf: ie buffer 2749 * 2750 * This function gets called by mlme to build wpaie from given vdev 2751 * 2752 * Return: end of buffer 2753 */ 2754 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2755 uint8_t *iebuf){ 2756 uint8_t *frm = iebuf; 2757 uint8_t *selcnt; 2758 struct wlan_crypto_comp_priv *crypto_priv; 2759 struct wlan_crypto_params *crypto_params; 2760 2761 if (!frm) 2762 return NULL; 2763 2764 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2765 2766 if (!crypto_params) 2767 return NULL; 2768 2769 *frm++ = WLAN_ELEMID_VENDOR; 2770 *frm++ = 0; 2771 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2772 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2773 2774 2775 /* multicast cipher */ 2776 if (MCIPHER_IS_TKIP(crypto_params)) 2777 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2778 else if (MCIPHER_IS_CCMP128(crypto_params)) 2779 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2780 2781 /* unicast cipher list */ 2782 selcnt = frm; 2783 WLAN_CRYPTO_ADDSHORT(frm, 0); 2784 /* do not use CCMP unicast cipher in WPA mode */ 2785 if (UCIPHER_IS_CCMP128(crypto_params)) { 2786 selcnt[0]++; 2787 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2788 } 2789 if (UCIPHER_IS_TKIP(crypto_params)) { 2790 selcnt[0]++; 2791 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2792 } 2793 2794 /* authenticator selector list */ 2795 selcnt = frm; 2796 WLAN_CRYPTO_ADDSHORT(frm, 0); 2797 2798 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2799 selcnt[0]++; 2800 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2801 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2802 selcnt[0]++; 2803 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2804 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2805 selcnt[0]++; 2806 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2807 } else { 2808 selcnt[0]++; 2809 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2810 } 2811 2812 /* optional capabilities */ 2813 if (crypto_params->rsn_caps != 0 && 2814 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2815 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2816 } 2817 2818 /* calculate element length */ 2819 iebuf[1] = frm - iebuf - 2; 2820 2821 return frm; 2822 } 2823 2824 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 2825 uint8_t *iebuf, 2826 struct wlan_crypto_pmksa *pmksa) 2827 { 2828 uint8_t *frm = iebuf; 2829 uint8_t *selcnt; 2830 struct wlan_crypto_comp_priv *crypto_priv; 2831 struct wlan_crypto_params *crypto_params; 2832 2833 if (!frm) { 2834 return NULL; 2835 } 2836 2837 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2838 2839 if (!crypto_params) { 2840 return NULL; 2841 } 2842 2843 *frm++ = WLAN_ELEMID_RSN; 2844 *frm++ = 0; 2845 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2846 2847 2848 /* multicast cipher */ 2849 if (MCIPHER_IS_TKIP(crypto_params)) 2850 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2851 else if (MCIPHER_IS_CCMP128(crypto_params)) 2852 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2853 else if (MCIPHER_IS_CCMP256(crypto_params)) 2854 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2855 else if (MCIPHER_IS_GCMP128(crypto_params)) 2856 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2857 else if (MCIPHER_IS_GCMP256(crypto_params)) 2858 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2859 2860 /* unicast cipher list */ 2861 selcnt = frm; 2862 WLAN_CRYPTO_ADDSHORT(frm, 0); 2863 2864 if (UCIPHER_IS_CCMP256(crypto_params)) { 2865 selcnt[0]++; 2866 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2867 } 2868 if (UCIPHER_IS_GCMP256(crypto_params)) { 2869 selcnt[0]++; 2870 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2871 } 2872 if (UCIPHER_IS_CCMP128(crypto_params)) { 2873 selcnt[0]++; 2874 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2875 } 2876 if (UCIPHER_IS_GCMP128(crypto_params)) { 2877 selcnt[0]++; 2878 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2879 } 2880 if (UCIPHER_IS_TKIP(crypto_params)) { 2881 selcnt[0]++; 2882 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2883 } 2884 2885 /* authenticator selector list */ 2886 selcnt = frm; 2887 WLAN_CRYPTO_ADDSHORT(frm, 0); 2888 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2889 selcnt[0]++; 2890 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2891 /* Other key mgmt should not be added after CCKM */ 2892 goto add_rsn_caps; 2893 } 2894 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2895 selcnt[0]++; 2896 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2897 } 2898 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2899 selcnt[0]++; 2900 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2901 } 2902 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2903 selcnt[0]++; 2904 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2905 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2906 } 2907 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2908 selcnt[0]++; 2909 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2910 } 2911 if (HAS_KEY_MGMT(crypto_params, 2912 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2913 selcnt[0]++; 2914 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2915 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2916 } 2917 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2918 selcnt[0]++; 2919 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2920 } 2921 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2922 selcnt[0]++; 2923 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2924 } 2925 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2926 selcnt[0]++; 2927 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2928 } 2929 if (HAS_KEY_MGMT(crypto_params, 2930 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2931 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2932 2933 selcnt[0]++; 2934 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2935 } 2936 if (HAS_KEY_MGMT(crypto_params, 2937 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2938 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2939 2940 selcnt[0]++; 2941 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2942 } 2943 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2944 selcnt[0]++; 2945 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2946 } 2947 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2948 selcnt[0]++; 2949 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2950 } 2951 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2952 selcnt[0]++; 2953 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2954 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2955 } 2956 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2957 selcnt[0]++; 2958 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2959 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2960 } 2961 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2962 selcnt[0]++; 2963 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2964 } 2965 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 2966 selcnt[0]++; 2967 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 2968 } 2969 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2970 selcnt[0]++; 2971 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 2972 } 2973 add_rsn_caps: 2974 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2975 /* optional capabilities */ 2976 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2977 /* PMK list */ 2978 if (pmksa) { 2979 WLAN_CRYPTO_ADDSHORT(frm, 1); 2980 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2981 frm += PMKID_LEN; 2982 } else { 2983 WLAN_CRYPTO_ADDSHORT(frm, 0); 2984 } 2985 2986 if (HAS_MGMT_CIPHER(crypto_params, 2987 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2988 RSN_ADD_CIPHER_TO_SUITE(frm, 2989 WLAN_CRYPTO_CIPHER_AES_CMAC); 2990 } 2991 if (HAS_MGMT_CIPHER(crypto_params, 2992 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2993 RSN_ADD_CIPHER_TO_SUITE(frm, 2994 WLAN_CRYPTO_CIPHER_AES_GMAC); 2995 } 2996 if (HAS_MGMT_CIPHER(crypto_params, 2997 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2998 RSN_ADD_CIPHER_TO_SUITE(frm, 2999 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3000 ); 3001 } 3002 3003 if (HAS_MGMT_CIPHER(crypto_params, 3004 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3005 RSN_ADD_CIPHER_TO_SUITE(frm, 3006 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3007 ); 3008 } 3009 } else { 3010 /* PMK list */ 3011 if (pmksa) { 3012 WLAN_CRYPTO_ADDSHORT(frm, 1); 3013 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3014 frm += PMKID_LEN; 3015 } else { 3016 WLAN_CRYPTO_ADDSHORT(frm, 0); 3017 } 3018 } 3019 3020 /* calculate element length */ 3021 iebuf[1] = frm - iebuf - 2; 3022 3023 return frm; 3024 } 3025 3026 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3027 uint8_t *iebuf, 3028 struct qdf_mac_addr *bssid) 3029 { 3030 struct wlan_crypto_pmksa *pmksa = NULL; 3031 3032 if (bssid) 3033 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3034 3035 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3036 } 3037 3038 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3039 struct wlan_crypto_params *crypto_params){ 3040 struct wlan_crypto_params *my_crypto_params; 3041 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3042 3043 if (!my_crypto_params) { 3044 crypto_debug("vdev crypto params is NULL"); 3045 return false; 3046 } 3047 /* 3048 * Check peer's pairwise ciphers. 3049 * At least one must match with our unicast cipher 3050 */ 3051 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3052 crypto_debug("Unicast cipher match failed"); 3053 return false; 3054 } 3055 /* 3056 * Check peer's group cipher is our enabled multicast cipher. 3057 */ 3058 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3059 crypto_debug("Multicast cipher match failed"); 3060 return false; 3061 } 3062 /* 3063 * Check peer's key management class set (PSK or UNSPEC) 3064 */ 3065 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3066 crypto_debug("Key mgmt match failed"); 3067 return false; 3068 } 3069 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3070 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3071 crypto_debug("Peer is not PMF capable"); 3072 return false; 3073 } 3074 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3075 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3076 crypto_debug("Peer needs PMF, but vdev is not capable"); 3077 return false; 3078 } 3079 3080 return true; 3081 } 3082 3083 /* 3084 * Convert an WAPI CIPHER suite to to an internal code. 3085 */ 3086 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 3087 { 3088 uint32_t w = LE_READ_4(sel); 3089 int32_t status = -1; 3090 3091 switch (w) { 3092 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3093 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3094 } 3095 3096 return status; 3097 } 3098 3099 /* 3100 * Convert an WAPI key management/authentication algorithm 3101 * to an internal code. 3102 */ 3103 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 3104 { 3105 uint32_t w = LE_READ_4(sel); 3106 int32_t status = -1; 3107 3108 switch (w) { 3109 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3110 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3111 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3112 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3113 } 3114 3115 return status; 3116 } 3117 /** 3118 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 3119 * @crypto params: crypto params 3120 * @iebuf: ie buffer 3121 * 3122 * This function gets called by mlme to check the contents of wapi is 3123 * matching with given crypto params 3124 * 3125 * Return: QDF_STATUS_SUCCESS - in case of success 3126 */ 3127 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3128 uint8_t *frm) 3129 { 3130 uint8_t len = frm[1]; 3131 int32_t w; 3132 int n; 3133 3134 /* 3135 * Check the length once for fixed parts: OUI, type, 3136 * version, mcast cipher, and 2 selector counts. 3137 * Other, variable-length data, must be checked separately. 3138 */ 3139 RESET_AUTHMODE(crypto_params); 3140 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3141 3142 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3143 return QDF_STATUS_E_INVAL; 3144 3145 3146 frm += 2; 3147 3148 w = LE_READ_2(frm); 3149 frm += 2, len -= 2; 3150 if (w != WAPI_VERSION) 3151 return QDF_STATUS_E_INVAL; 3152 3153 n = LE_READ_2(frm); 3154 frm += 2, len -= 2; 3155 if (len < n*4+2) 3156 return QDF_STATUS_E_INVAL; 3157 3158 RESET_KEY_MGMT(crypto_params); 3159 for (; n > 0; n--) { 3160 w = wlan_crypto_wapi_keymgmt(frm); 3161 if (w < 0) 3162 return QDF_STATUS_E_INVAL; 3163 3164 SET_KEY_MGMT(crypto_params, w); 3165 frm += 4, len -= 4; 3166 } 3167 3168 /* unicast ciphers */ 3169 n = LE_READ_2(frm); 3170 frm += 2, len -= 2; 3171 if (len < n*4+2) 3172 return QDF_STATUS_E_INVAL; 3173 3174 RESET_UCAST_CIPHERS(crypto_params); 3175 for (; n > 0; n--) { 3176 w = wlan_crypto_wapi_suite_to_cipher(frm); 3177 if (w < 0) 3178 return QDF_STATUS_E_INVAL; 3179 SET_UCAST_CIPHER(crypto_params, w); 3180 frm += 4, len -= 4; 3181 } 3182 3183 if (!crypto_params->ucastcipherset) 3184 return QDF_STATUS_E_INVAL; 3185 3186 /* multicast/group cipher */ 3187 RESET_MCAST_CIPHERS(crypto_params); 3188 w = wlan_crypto_wapi_suite_to_cipher(frm); 3189 3190 if (w < 0) 3191 return QDF_STATUS_E_INVAL; 3192 3193 SET_MCAST_CIPHER(crypto_params, w); 3194 frm += 4, len -= 4; 3195 3196 return QDF_STATUS_SUCCESS; 3197 } 3198 3199 /** 3200 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3201 * @vdev: vdev 3202 * @iebuf: ie buffer 3203 * 3204 * This function gets called by mlme to build wapi ie from given vdev 3205 * 3206 * Return: end of buffer 3207 */ 3208 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3209 uint8_t *iebuf) 3210 { 3211 uint8_t *frm; 3212 uint8_t *selcnt; 3213 struct wlan_crypto_comp_priv *crypto_priv; 3214 struct wlan_crypto_params *crypto_params; 3215 3216 frm = iebuf; 3217 if (!frm) { 3218 crypto_err("ie buffer NULL"); 3219 return NULL; 3220 } 3221 3222 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3223 3224 if (!crypto_params) { 3225 crypto_err("crypto_params NULL"); 3226 return NULL; 3227 } 3228 3229 *frm++ = WLAN_ELEMID_WAPI; 3230 *frm++ = 0; 3231 3232 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3233 3234 /* authenticator selector list */ 3235 selcnt = frm; 3236 WLAN_CRYPTO_ADDSHORT(frm, 0); 3237 3238 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3239 selcnt[0]++; 3240 WLAN_CRYPTO_ADDSELECTOR(frm, 3241 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3242 } 3243 3244 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3245 selcnt[0]++; 3246 WLAN_CRYPTO_ADDSELECTOR(frm, 3247 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3248 } 3249 3250 /* unicast cipher list */ 3251 selcnt = frm; 3252 WLAN_CRYPTO_ADDSHORT(frm, 0); 3253 3254 if (UCIPHER_IS_SMS4(crypto_params)) { 3255 selcnt[0]++; 3256 WLAN_CRYPTO_ADDSELECTOR(frm, 3257 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3258 } 3259 3260 WLAN_CRYPTO_ADDSELECTOR(frm, 3261 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3262 3263 /* optional capabilities */ 3264 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3265 3266 /* bkid count */ 3267 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3268 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3269 WLAN_CRYPTO_ADDSHORT(frm, 0); 3270 3271 /* calculate element length */ 3272 iebuf[1] = frm - iebuf - 2; 3273 3274 return frm; 3275 3276 } 3277 3278 /** 3279 * wlan_crypto_pn_check - called by data patch for PN check 3280 * @vdev: vdev 3281 * @wbuf: wbuf 3282 * 3283 * This function gets called by data patch for PN check 3284 * 3285 * Return: QDF_STATUS 3286 */ 3287 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3288 qdf_nbuf_t wbuf){ 3289 /* Need to check is there real requirement for this function 3290 * as PN check is already handled in decap function. 3291 */ 3292 return QDF_STATUS_SUCCESS; 3293 } 3294 3295 /** 3296 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3297 * @vdev:vdev 3298 * 3299 * This function gets called by mlme to get crypto params 3300 * 3301 * Return: wlan_crypto_params or NULL in case of failure 3302 */ 3303 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3304 struct wlan_objmgr_vdev *vdev){ 3305 struct wlan_crypto_comp_priv *crypto_priv; 3306 3307 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3308 } 3309 3310 /** 3311 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3312 * @peer:peer 3313 * 3314 * This function gets called by mlme to get crypto params 3315 * 3316 * Return: wlan_crypto_params or NULL in case of failure 3317 */ 3318 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3319 struct wlan_objmgr_peer *peer){ 3320 struct wlan_crypto_comp_priv *crypto_priv; 3321 3322 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3323 } 3324 3325 3326 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3327 struct wlan_objmgr_peer *peer) 3328 { 3329 struct wlan_crypto_comp_priv *crypto_priv; 3330 struct wlan_crypto_comp_priv *sta_crypto_priv; 3331 struct wlan_crypto_params *crypto_params; 3332 struct wlan_crypto_key *key; 3333 struct wlan_crypto_key *sta_key; 3334 struct wlan_crypto_cipher *cipher_table; 3335 struct wlan_objmgr_psoc *psoc; 3336 struct wlan_lmac_if_tx_ops *tx_ops; 3337 uint8_t *mac_addr; 3338 int i; 3339 enum QDF_OPMODE opmode; 3340 QDF_STATUS status = QDF_STATUS_SUCCESS; 3341 3342 if (!vdev) 3343 return QDF_STATUS_E_NULL_VALUE; 3344 3345 if (!peer) { 3346 crypto_debug("peer NULL"); 3347 return QDF_STATUS_E_INVAL; 3348 } 3349 3350 opmode = wlan_vdev_mlme_get_opmode(vdev); 3351 psoc = wlan_vdev_get_psoc(vdev); 3352 3353 if (!psoc) { 3354 crypto_err("psoc NULL"); 3355 return QDF_STATUS_E_NULL_VALUE; 3356 } 3357 3358 wlan_peer_obj_lock(peer); 3359 mac_addr = wlan_peer_get_macaddr(peer); 3360 wlan_peer_obj_unlock(peer); 3361 3362 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3363 &crypto_priv); 3364 if (!crypto_priv) { 3365 crypto_err("crypto_priv NULL"); 3366 return QDF_STATUS_E_NULL_VALUE; 3367 } 3368 3369 /* push only valid static WEP keys from vap */ 3370 if (AUTH_IS_8021X(crypto_params)) 3371 return QDF_STATUS_E_INVAL; 3372 3373 if (opmode == QDF_STA_MODE) { 3374 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3375 if (!peer) { 3376 crypto_debug("peer NULL"); 3377 return QDF_STATUS_E_INVAL; 3378 } 3379 } 3380 3381 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3382 if (!sta_crypto_priv) { 3383 crypto_err("sta priv is null"); 3384 status = QDF_STATUS_E_INVAL; 3385 goto exit; 3386 } 3387 3388 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3389 if (crypto_priv->key[i]) { 3390 key = crypto_priv->key[i]; 3391 if (!key || !key->valid) 3392 continue; 3393 3394 cipher_table = (struct wlan_crypto_cipher *) 3395 key->cipher_table; 3396 3397 if (!cipher_table) 3398 continue; 3399 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3400 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3401 if (!tx_ops) { 3402 crypto_err("tx_ops is NULL"); 3403 return QDF_STATUS_E_INVAL; 3404 } 3405 3406 sta_key = qdf_mem_malloc( 3407 sizeof(struct wlan_crypto_key)); 3408 if (!sta_key) { 3409 status = QDF_STATUS_E_NOMEM; 3410 goto exit; 3411 } 3412 3413 sta_crypto_priv->key[i] = sta_key; 3414 qdf_mem_copy(sta_key, key, 3415 sizeof(struct wlan_crypto_key)); 3416 3417 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3418 3419 if (crypto_priv->def_tx_keyid == i) { 3420 sta_key->flags 3421 |= WLAN_CRYPTO_KEY_DEFAULT; 3422 sta_crypto_priv->def_tx_keyid = 3423 crypto_priv->def_tx_keyid; 3424 } 3425 /* setting the broadcast/multicast key for sta*/ 3426 if (opmode == QDF_STA_MODE || 3427 opmode == QDF_IBSS_MODE){ 3428 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3429 WLAN_CRYPTO_TX_OPS_SETKEY( 3430 tx_ops)(vdev, sta_key, 3431 mac_addr, 3432 cipher_table->cipher); 3433 } 3434 } 3435 3436 /* setting unicast key */ 3437 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3438 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3439 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3440 vdev, sta_key, 3441 mac_addr, 3442 cipher_table->cipher); 3443 } 3444 } 3445 } 3446 } 3447 3448 exit: 3449 if (opmode == QDF_STA_MODE) 3450 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3451 3452 return status; 3453 } 3454 3455 /** 3456 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3457 * @crypto_rx_ops: crypto_rx_ops 3458 * 3459 * This function gets called by object manger to register crypto rx ops. 3460 * 3461 * Return: QDF_STATUS 3462 */ 3463 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3464 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3465 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3466 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3467 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3468 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3469 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3470 3471 return QDF_STATUS_SUCCESS; 3472 } 3473 3474 /** 3475 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3476 * @psoc: psoc 3477 * 3478 * This function gets called by umac to get the crypto_rx_ops 3479 * 3480 * Return: crypto_rx_ops 3481 */ 3482 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3483 struct wlan_objmgr_psoc *psoc) 3484 { 3485 struct wlan_lmac_if_rx_ops *rx_ops; 3486 3487 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3488 3489 if (!rx_ops) { 3490 crypto_err("rx_ops is NULL"); 3491 return NULL; 3492 } 3493 3494 return &rx_ops->crypto_rx_ops; 3495 } 3496 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3497 3498 /** 3499 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3500 * @vdev: vdev 3501 * @authvalue: authvalue to be checked 3502 * 3503 * This function check is authvalue passed is set in vdev or not 3504 * 3505 * Return: true or false 3506 */ 3507 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3508 wlan_crypto_auth_mode authvalue) 3509 { 3510 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 3511 & authvalue; 3512 } 3513 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3514 3515 /** 3516 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3517 * @peer: peer 3518 * @authvalue: authvalue to be checked 3519 * 3520 * This function check is authvalue passed is set in peer or not 3521 * 3522 * Return: true or false 3523 */ 3524 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3525 wlan_crypto_auth_mode authvalue) 3526 { 3527 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3528 & authvalue; 3529 } 3530 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3531 3532 /** 3533 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3534 * @vdev: vdev 3535 * @ucastcipher: ucastcipher to be checked 3536 * 3537 * This function check is ucastcipher passed is set in vdev or not 3538 * 3539 * Return: true or false 3540 */ 3541 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3542 wlan_crypto_cipher_type ucastcipher) 3543 { 3544 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3545 & ucastcipher; 3546 } 3547 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3548 3549 /** 3550 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3551 * @peer: peer 3552 * @ucastcipher: ucastcipher to be checked 3553 * 3554 * This function check is ucastcipher passed is set in peer or not 3555 * 3556 * Return: true or false 3557 */ 3558 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3559 wlan_crypto_cipher_type ucastcipher) 3560 { 3561 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3562 & ucastcipher; 3563 } 3564 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3565 3566 /** 3567 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3568 * @vdev: vdev 3569 * @mcastcipher: mcastcipher to be checked 3570 * 3571 * This function check is mcastcipher passed is set in vdev or not 3572 * 3573 * Return: true or false 3574 */ 3575 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3576 wlan_crypto_cipher_type mcastcipher) 3577 { 3578 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3579 & mcastcipher; 3580 } 3581 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3582 3583 /** 3584 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3585 * @peer: peer 3586 * @mcastcipher: mcastcipher to be checked 3587 * 3588 * This function check is mcastcipher passed is set in peer or not 3589 * 3590 * Return: true or false 3591 */ 3592 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3593 wlan_crypto_cipher_type mcastcipher) 3594 { 3595 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3596 & mcastcipher; 3597 } 3598 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3599 3600 /** 3601 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3602 * @vdev: vdev 3603 * @mgmtcipher: mgmtcipher to be checked 3604 * 3605 * This function checks any one of mgmtciphers are supported by vdev or not. 3606 * 3607 * Return: true or false 3608 */ 3609 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3610 uint32_t mgmtcipher) 3611 { 3612 return (wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3613 & mgmtcipher) != 0; 3614 } 3615 3616 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3617 3618 /** 3619 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3620 * @peer: peer 3621 * @mgmtcipher: mgmtcipher to be checked 3622 * 3623 * This function checks any one of mgmtciphers are supported by peer or not 3624 * 3625 * Return: true or false 3626 */ 3627 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3628 uint32_t mgmtcipher) 3629 { 3630 return (wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3631 & mgmtcipher) != 0; 3632 } 3633 3634 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3635 3636 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3637 { 3638 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3639 3640 if (!peer) { 3641 crypto_err("Invalid Input"); 3642 return 0; 3643 } 3644 3645 crypto_priv = wlan_get_peer_crypto_obj(peer); 3646 if (!crypto_priv) { 3647 crypto_err("crypto_priv NULL"); 3648 return 0; 3649 } 3650 3651 return crypto_priv->fils_aead_set; 3652 } 3653 3654 void 3655 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3656 { 3657 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3658 3659 if (!peer) { 3660 crypto_err("Invalid Input"); 3661 return; 3662 } 3663 3664 crypto_priv = wlan_get_peer_crypto_obj(peer); 3665 if (!crypto_priv) { 3666 crypto_err("crypto_priv NULL"); 3667 return; 3668 } 3669 3670 crypto_priv->fils_aead_set = value; 3671 } 3672 3673 /** 3674 * wlan_crypto_get_key_header - get header length 3675 * @key: key 3676 * 3677 * This function gets header length based on keytype 3678 * 3679 * Return: header length 3680 */ 3681 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3682 { 3683 struct wlan_crypto_cipher *cipher_table; 3684 3685 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3686 if (cipher_table) 3687 return cipher_table->header; 3688 else 3689 return 0; 3690 } 3691 3692 qdf_export_symbol(wlan_crypto_get_key_header); 3693 3694 /** 3695 * wlan_crypto_get_key_trailer - get cipher trailer length 3696 * @key: key 3697 * 3698 * This function gets cipher trailer length based on keytype 3699 * 3700 * Return: cipher trailer length 3701 */ 3702 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3703 { 3704 struct wlan_crypto_cipher *cipher_table; 3705 3706 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3707 if (cipher_table) 3708 return cipher_table->trailer; 3709 else 3710 return 0; 3711 } 3712 3713 qdf_export_symbol(wlan_crypto_get_key_trailer); 3714 3715 /** 3716 * wlan_crypto_get_key_miclen - get cipher miclen length 3717 * @key: key 3718 * 3719 * This function gets cipher miclen length based on keytype 3720 * 3721 * Return: cipher miclen length 3722 */ 3723 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3724 { 3725 struct wlan_crypto_cipher *cipher_table; 3726 3727 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3728 if (cipher_table) 3729 return cipher_table->miclen; 3730 else 3731 return 0; 3732 } 3733 3734 qdf_export_symbol(wlan_crypto_get_key_miclen); 3735 3736 /** 3737 * wlan_crypto_get_keyid - get keyid from frame 3738 * @data: frame 3739 * 3740 * This function parse frame and returns keyid 3741 * 3742 * Return: keyid 3743 */ 3744 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3745 { 3746 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3747 uint8_t *iv; 3748 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3749 3750 /* 3751 * In FILS SK (Re)Association request/response frame has 3752 * to be decrypted 3753 */ 3754 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3755 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3756 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3757 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3758 return 0; 3759 } 3760 3761 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3762 iv = data + hdrlen; 3763 /* 3764 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3765 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3766 */ 3767 return ((iv[3] >> 6) & 0x3); 3768 } else { 3769 return WLAN_CRYPTO_KEYIX_NONE; 3770 } 3771 } 3772 3773 qdf_export_symbol(wlan_crypto_get_keyid); 3774 3775 /** 3776 * crypto_plumb_peer_keys - called during radio reset 3777 * @vdev: vdev 3778 * @object: peer 3779 * @arg: psoc 3780 * 3781 * Restore unicast and persta hardware keys 3782 * 3783 * Return: void 3784 */ 3785 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3786 void *object, void *arg) { 3787 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3788 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3789 struct wlan_crypto_comp_priv *crypto_priv; 3790 struct wlan_crypto_params *crypto_params; 3791 struct wlan_crypto_key *key = NULL; 3792 struct wlan_lmac_if_tx_ops *tx_ops; 3793 int i; 3794 3795 if ((!peer) || (!vdev) || (!psoc)) { 3796 crypto_err("Peer or vdev or psoc objects are null!"); 3797 return; 3798 } 3799 3800 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3801 &crypto_priv); 3802 3803 if (!crypto_priv) { 3804 crypto_err("crypto_priv NULL"); 3805 return; 3806 } 3807 3808 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3809 key = crypto_priv->key[i]; 3810 if (key && key->valid) { 3811 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3812 3813 if (!tx_ops) { 3814 crypto_err("tx_ops is NULL"); 3815 return; 3816 } 3817 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3818 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3819 ( 3820 vdev, 3821 key, 3822 wlan_peer_get_macaddr(peer), 3823 wlan_crypto_get_key_type(key) 3824 ); 3825 } 3826 } 3827 } 3828 } 3829 3830 /** 3831 * wlan_crypto_restore_keys - called during radio reset 3832 * @vdev: vdev 3833 * 3834 * Clear and restore keycache, needed for some DA chipsets which put 3835 * random values in keycache when phy reset is triggered 3836 * 3837 * Return: void 3838 */ 3839 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3840 { 3841 int i; 3842 struct wlan_crypto_comp_priv *crypto_priv; 3843 struct wlan_crypto_params *crypto_params; 3844 struct wlan_crypto_key *key; 3845 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3846 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3847 struct wlan_objmgr_pdev *pdev = NULL; 3848 struct wlan_objmgr_psoc *psoc = NULL; 3849 struct wlan_lmac_if_tx_ops *tx_ops; 3850 3851 pdev = wlan_vdev_get_pdev(vdev); 3852 psoc = wlan_vdev_get_psoc(vdev); 3853 if (!pdev) { 3854 crypto_err("pdev is NULL"); 3855 return; 3856 } 3857 if (!psoc) { 3858 crypto_err("psoc is NULL"); 3859 return; 3860 } 3861 3862 /* TBD: QWRAP key restore*/ 3863 /* crypto is on */ 3864 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3865 /* restore static shared keys */ 3866 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3867 crypto_params = wlan_crypto_vdev_get_comp_params 3868 ( 3869 vdev, 3870 &crypto_priv 3871 ); 3872 if (!crypto_priv) { 3873 crypto_err("crypto_priv is NULL"); 3874 return; 3875 } 3876 key = crypto_priv->key[i]; 3877 if (key && key->valid) { 3878 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3879 if (!tx_ops) { 3880 crypto_err("tx_ops is NULL"); 3881 return; 3882 } 3883 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3884 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3885 ( 3886 vdev, 3887 key, 3888 macaddr, 3889 wlan_crypto_get_key_type(key) 3890 ); 3891 } 3892 } 3893 } 3894 3895 wlan_objmgr_iterate_peerobj_list(vdev, 3896 crypto_plumb_peer_keys, 3897 psoc, 3898 WLAN_CRYPTO_ID); 3899 } 3900 } 3901 3902 /** 3903 * wlan_crypto_check_open_none - called by ucfg to check for open security 3904 * @psoc: psoc pointer 3905 * @vdev_id: vdev id 3906 * 3907 * This function gets called from ucfg to check open security. 3908 * 3909 * Return: true or false 3910 */ 3911 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3912 { 3913 struct wlan_crypto_comp_priv *crypto_priv; 3914 struct wlan_crypto_params *crypto_params; 3915 struct wlan_objmgr_vdev *vdev; 3916 bool match = true; 3917 3918 if (!psoc) { 3919 crypto_err("PSOC is NULL"); 3920 return false; 3921 } 3922 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3923 WLAN_CRYPTO_ID); 3924 if (!vdev) { 3925 crypto_err("vdev is NULL"); 3926 return false; 3927 } 3928 3929 crypto_priv = (struct wlan_crypto_comp_priv *) 3930 wlan_get_vdev_crypto_obj(vdev); 3931 3932 if (!crypto_priv) { 3933 crypto_err("crypto_priv NULL"); 3934 match = false; 3935 goto send_res; 3936 } 3937 3938 crypto_params = &crypto_priv->crypto_params; 3939 3940 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 3941 match = false; 3942 goto send_res; 3943 } 3944 3945 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3946 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 3947 match = false; 3948 3949 send_res: 3950 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3951 3952 return match; 3953 } 3954 3955 /** 3956 * wlan_crypto_check_wep - called by ucfg to check for WEP security 3957 * @psoc: psoc pointer 3958 * @vdev_id: vdev id 3959 * 3960 * This function gets called from ucfg to check WEP security. 3961 * 3962 * Return: true or false 3963 */ 3964 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3965 { 3966 struct wlan_crypto_comp_priv *crypto_priv; 3967 struct wlan_crypto_params *crypto_params; 3968 struct wlan_objmgr_vdev *vdev; 3969 bool match = true; 3970 3971 if (!psoc) { 3972 crypto_err("PSOC is NULL"); 3973 return false; 3974 } 3975 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3976 WLAN_CRYPTO_ID); 3977 if (!vdev) { 3978 crypto_err("vdev is NULL"); 3979 return false; 3980 } 3981 3982 crypto_priv = (struct wlan_crypto_comp_priv *) 3983 wlan_get_vdev_crypto_obj(vdev); 3984 3985 if (!crypto_priv) { 3986 crypto_err("crypto_priv NULL"); 3987 match = false; 3988 goto send_res; 3989 } 3990 3991 crypto_params = &crypto_priv->crypto_params; 3992 3993 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3994 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3995 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3996 match = false; 3997 goto send_res; 3998 } 3999 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 4000 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 4001 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 4002 match = false; 4003 goto send_res; 4004 } 4005 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 4006 match = false; 4007 goto send_res; 4008 } 4009 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 4010 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 4011 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 4012 match = false; 4013 } 4014 send_res: 4015 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4016 4017 return match; 4018 } 4019 4020 static QDF_STATUS 4021 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 4022 uint8_t *ie_ptr, uint16_t ie_len) 4023 { 4024 const uint8_t *rsn_ie = NULL; 4025 QDF_STATUS status; 4026 4027 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4028 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 4029 if (!rsn_ie) { 4030 crypto_debug("RSN IE not present"); 4031 return QDF_STATUS_E_INVAL; 4032 } 4033 4034 status = wlan_crypto_rsnie_check(crypto_params, (uint8_t *)rsn_ie); 4035 if (QDF_STATUS_SUCCESS != status) { 4036 crypto_err("RSN IE check failed"); 4037 return status; 4038 } 4039 4040 return QDF_STATUS_SUCCESS; 4041 } 4042 4043 static QDF_STATUS 4044 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 4045 uint8_t *ie_ptr, uint16_t ie_len) 4046 { 4047 const uint8_t *wpa_ie = NULL; 4048 uint32_t wpa_oui; 4049 QDF_STATUS status; 4050 4051 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4052 4053 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 4054 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 4055 WLAN_OUI_SIZE, ie_ptr, ie_len); 4056 if (!wpa_ie) { 4057 crypto_debug("WPA IE not present"); 4058 return QDF_STATUS_E_INVAL; 4059 } 4060 4061 status = wlan_crypto_wpaie_check(crypto_params, (uint8_t *)wpa_ie); 4062 if (QDF_STATUS_SUCCESS != status) { 4063 crypto_err("WPA IE check failed"); 4064 return status; 4065 } 4066 4067 return QDF_STATUS_SUCCESS; 4068 } 4069 /** 4070 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 4071 * @psoc: psoc pointer 4072 * @vdev_id: vdev id 4073 * @ie_ptr: pointer to IEs 4074 * @ie_len: IE length 4075 * @peer_crypto_params: return peer crypto parameters 4076 * 4077 * This function gets called from ucfg to check RSN match. 4078 * 4079 * Return: true or false 4080 */ 4081 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 4082 uint8_t vdev_id, uint8_t *ie_ptr, 4083 uint16_t ie_len, struct wlan_crypto_params * 4084 peer_crypto_params) 4085 { 4086 struct wlan_objmgr_vdev *vdev; 4087 bool match = true; 4088 QDF_STATUS status; 4089 4090 if (!psoc) { 4091 crypto_err("PSOC is NULL"); 4092 return false; 4093 } 4094 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 4095 ie_ptr, ie_len); 4096 if (QDF_STATUS_SUCCESS != status) { 4097 crypto_err("get crypto prarams from RSN IE failed"); 4098 return false; 4099 } 4100 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4101 WLAN_CRYPTO_ID); 4102 if (!vdev) { 4103 crypto_err("vdev is NULL"); 4104 return false; 4105 } 4106 4107 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4108 4109 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4110 4111 return match; 4112 } 4113 4114 /** 4115 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 4116 * @psoc: psoc pointer 4117 * @vdev_id: vdev id 4118 * @ie_ptr: pointer to IEs 4119 * @ie_len: IE length 4120 * @peer_crypto_params: return peer crypto parameters 4121 * 4122 * This function gets called from ucfg to check WPA match. 4123 * 4124 * Return: true or false 4125 */ 4126 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 4127 uint8_t vdev_id, uint8_t *ie_ptr, 4128 uint16_t ie_len, struct wlan_crypto_params * 4129 peer_crypto_params) 4130 { 4131 struct wlan_objmgr_vdev *vdev; 4132 bool match = true; 4133 QDF_STATUS status; 4134 4135 if (!psoc) { 4136 crypto_err("PSOC is NULL"); 4137 return false; 4138 } 4139 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4140 WLAN_CRYPTO_ID); 4141 if (!vdev) { 4142 crypto_err("vdev is NULL"); 4143 return false; 4144 } 4145 4146 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 4147 ie_ptr, ie_len); 4148 if (QDF_STATUS_SUCCESS != status) { 4149 crypto_err("get crypto prarams from WPA IE failed"); 4150 match = false; 4151 goto send_res; 4152 } 4153 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4154 4155 send_res: 4156 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4157 4158 return match; 4159 } 4160 4161 4162 static void 4163 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4164 struct wlan_crypto_params *src_params) 4165 { 4166 dst_params->authmodeset |= src_params->authmodeset; 4167 dst_params->ucastcipherset |= src_params->ucastcipherset; 4168 dst_params->mcastcipherset |= src_params->mcastcipherset; 4169 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4170 dst_params->cipher_caps |= src_params->cipher_caps; 4171 dst_params->key_mgmt |= src_params->key_mgmt; 4172 dst_params->rsn_caps |= src_params->rsn_caps; 4173 } 4174 4175 static void 4176 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4177 { 4178 params->authmodeset = 0; 4179 params->ucastcipherset = 0; 4180 params->mcastcipherset = 0; 4181 params->mgmtcipherset = 0; 4182 params->key_mgmt = 0; 4183 params->rsn_caps = 0; 4184 } 4185 4186 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4187 uint8_t *ie_ptr, 4188 uint16_t ie_len) 4189 { 4190 struct wlan_crypto_params crypto_params; 4191 QDF_STATUS status; 4192 struct wlan_crypto_params *vdev_crypto_params; 4193 struct wlan_crypto_comp_priv *crypto_priv; 4194 bool send_fail = false; 4195 4196 if (!vdev) { 4197 crypto_err("VDEV is NULL"); 4198 return QDF_STATUS_E_FAILURE; 4199 } 4200 4201 if (!ie_ptr) { 4202 crypto_err("IE ptr is NULL"); 4203 return QDF_STATUS_E_FAILURE; 4204 } 4205 4206 crypto_priv = (struct wlan_crypto_comp_priv *) 4207 wlan_get_vdev_crypto_obj(vdev); 4208 4209 if (!crypto_priv) { 4210 crypto_err("crypto_priv NULL"); 4211 return QDF_STATUS_E_FAILURE; 4212 } 4213 4214 vdev_crypto_params = &crypto_priv->crypto_params; 4215 4216 wlan_crypto_reset_prarams(vdev_crypto_params); 4217 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4218 ie_ptr, ie_len); 4219 if (QDF_IS_STATUS_SUCCESS(status)) 4220 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4221 else 4222 send_fail = true; 4223 4224 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4225 ie_ptr, ie_len); 4226 if (QDF_IS_STATUS_SUCCESS(status)) { 4227 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4228 send_fail = false; 4229 } 4230 4231 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4232 } 4233 4234 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4235 { 4236 struct wlan_crypto_comp_priv *crypto_priv; 4237 4238 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4239 if (!crypto_priv) { 4240 crypto_err("crypto_priv NULL"); 4241 return QDF_STATUS_E_FAILURE; 4242 } 4243 4244 if (igtk) 4245 return crypto_priv->def_igtk_tx_keyid; 4246 else 4247 return crypto_priv->def_tx_keyid; 4248 } 4249 4250 enum wlan_crypto_cipher_type 4251 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4252 bool pairwise, uint8_t key_index) 4253 { 4254 struct wlan_crypto_key *crypto_key; 4255 4256 crypto_key = wlan_crypto_get_key(vdev, key_index); 4257 4258 if (crypto_key) 4259 return crypto_key->cipher_type; 4260 else 4261 return WLAN_CRYPTO_CIPHER_INVALID; 4262 } 4263 4264 #ifdef CRYPTO_SET_KEY_CONVERGED 4265 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4266 uint8_t key_index, uint8_t key_len, 4267 uint8_t seq_len) 4268 { 4269 if (!is_valid_keyix(key_index)) { 4270 crypto_err("Invalid Key index %d", key_index); 4271 return QDF_STATUS_E_INVAL; 4272 } 4273 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4274 crypto_err("Invalid Cipher %d", cipher); 4275 return QDF_STATUS_E_INVAL; 4276 } 4277 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4278 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4279 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4280 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4281 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4282 crypto_err("Invalid key index %d for cipher %d", 4283 key_index, cipher); 4284 return QDF_STATUS_E_INVAL; 4285 } 4286 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4287 crypto_err("Invalid key length %d", key_len); 4288 return QDF_STATUS_E_INVAL; 4289 } 4290 4291 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4292 crypto_err("Invalid seq length %d", seq_len); 4293 return QDF_STATUS_E_INVAL; 4294 } 4295 4296 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4297 key_index, key_len, seq_len); 4298 4299 return QDF_STATUS_SUCCESS; 4300 } 4301 4302 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4303 uint8_t key_index, 4304 struct wlan_crypto_key *crypto_key) 4305 { 4306 struct wlan_crypto_comp_priv *crypto_priv; 4307 4308 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4309 if (!crypto_priv) { 4310 crypto_err("crypto_priv NULL"); 4311 return QDF_STATUS_E_FAILURE; 4312 } 4313 if (!is_valid_keyix(key_index)) { 4314 crypto_err("Invalid Key index %d", key_index); 4315 return QDF_STATUS_E_FAILURE; 4316 } 4317 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4318 crypto_priv->key[key_index] = crypto_key; 4319 } else if (is_igtk(key_index)) { 4320 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4321 crypto_key; 4322 crypto_priv->def_igtk_tx_keyid = 4323 key_index - WLAN_CRYPTO_MAXKEYIDX; 4324 crypto_priv->igtk_key_type = crypto_key->cipher_type; 4325 } else { 4326 crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4327 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4328 crypto_priv->def_bigtk_tx_keyid = 4329 key_index - WLAN_CRYPTO_MAXKEYIDX 4330 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4331 } 4332 crypto_key->valid = true; 4333 4334 return QDF_STATUS_SUCCESS; 4335 } 4336 4337 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4338 uint8_t key_index) 4339 { 4340 struct wlan_crypto_comp_priv *crypto_priv; 4341 4342 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4343 if (!crypto_priv) { 4344 crypto_err("crypto_priv NULL"); 4345 return NULL; 4346 } 4347 if (!is_valid_keyix(key_index)) { 4348 crypto_err("Invalid Key index %d", key_index); 4349 return NULL; 4350 } 4351 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4352 return crypto_priv->key[key_index]; 4353 else if (is_igtk(key_index)) 4354 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4355 else 4356 return crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4357 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4358 4359 return NULL; 4360 } 4361 4362 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4363 struct wlan_crypto_key *req, 4364 enum wlan_crypto_key_type key_type) 4365 { 4366 struct wlan_objmgr_psoc *psoc; 4367 struct wlan_lmac_if_tx_ops *tx_ops; 4368 4369 psoc = wlan_vdev_get_psoc(vdev); 4370 4371 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4372 if (!tx_ops) { 4373 crypto_err("tx_ops is NULL"); 4374 return QDF_STATUS_E_FAILURE; 4375 } 4376 4377 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4378 WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, key_type); 4379 else 4380 return QDF_STATUS_E_FAILURE; 4381 4382 return QDF_STATUS_SUCCESS; 4383 } 4384 4385 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4386 bool pairwise, uint8_t key_index, 4387 struct qdf_mac_addr *peer_mac) 4388 { 4389 struct wlan_crypto_key *crypto_key; 4390 4391 crypto_key = wlan_crypto_get_key(vdev, key_index); 4392 if (!crypto_key) { 4393 crypto_err("crypto_key not present for key_idx %d", key_index); 4394 return; 4395 } 4396 4397 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4398 } 4399 4400 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4401 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4402 struct wlan_objmgr_vdev *vdev, 4403 struct qdf_mac_addr *conn_bssid) 4404 { 4405 struct wlan_crypto_params *crypto_params; 4406 struct wlan_crypto_comp_priv *crypto_priv; 4407 int i; 4408 4409 crypto_priv = (struct wlan_crypto_comp_priv *) 4410 wlan_get_vdev_crypto_obj(vdev); 4411 4412 if (!crypto_priv) { 4413 crypto_err("crypto_priv NULL"); 4414 return; 4415 } 4416 4417 crypto_params = &crypto_priv->crypto_params; 4418 4419 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4420 if (!crypto_params->pmksa[i]) 4421 continue; 4422 4423 if (crypto_params->pmksa[i]->single_pmk_supported && 4424 !qdf_is_macaddr_equal(conn_bssid, 4425 &crypto_params->pmksa[i]->bssid)) { 4426 qdf_mem_zero(crypto_params->pmksa[i], 4427 sizeof(struct wlan_crypto_pmksa)); 4428 qdf_mem_free(crypto_params->pmksa[i]); 4429 crypto_params->pmksa[i] = NULL; 4430 } 4431 } 4432 } 4433 4434 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4435 struct qdf_mac_addr *bssid, 4436 bool single_pmk_capable_bss) 4437 { 4438 struct wlan_crypto_params *crypto_params; 4439 struct wlan_crypto_comp_priv *crypto_priv; 4440 int i; 4441 4442 crypto_priv = (struct wlan_crypto_comp_priv *) 4443 wlan_get_vdev_crypto_obj(vdev); 4444 4445 if (!crypto_priv) { 4446 crypto_err("crypto_priv NULL"); 4447 return; 4448 } 4449 4450 crypto_params = &crypto_priv->crypto_params; 4451 4452 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4453 if (!crypto_params->pmksa[i]) 4454 continue; 4455 4456 if (qdf_is_macaddr_equal(bssid, 4457 &crypto_params->pmksa[i]->bssid)) 4458 crypto_params->pmksa[i]->single_pmk_supported = 4459 single_pmk_capable_bss; 4460 } 4461 } 4462 #endif 4463 4464 #endif 4465