1 /* 2 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved. 3 * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for 6 * any purpose with or without fee is hereby granted, provided that the 7 * above copyright notice and this permission notice appear in all 8 * copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /** 21 * DOC: Public APIs for crypto service 22 */ 23 24 #include <qdf_types.h> 25 #include <wlan_cmn.h> 26 #include <wlan_objmgr_cmn.h> 27 #include <wlan_objmgr_global_obj.h> 28 #include <wlan_objmgr_psoc_obj.h> 29 #include <wlan_objmgr_pdev_obj.h> 30 #include <wlan_objmgr_vdev_obj.h> 31 #include <wlan_objmgr_peer_obj.h> 32 #include <wlan_utility.h> 33 #include <wlan_cp_stats_utils_api.h> 34 35 #include "wlan_crypto_global_def.h" 36 #include "wlan_crypto_global_api.h" 37 #include "wlan_crypto_def_i.h" 38 #include "wlan_crypto_param_handling_i.h" 39 #include "wlan_crypto_obj_mgr_i.h" 40 #include "wlan_crypto_main.h" 41 #include <qdf_module.h> 42 43 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 44 45 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 46 WLAN_CRYPTO_ADDSELECTOR(frm,\ 47 wlan_crypto_wpa_cipher_to_suite(cipher)) 48 49 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 50 WLAN_CRYPTO_ADDSELECTOR(frm,\ 51 wlan_crypto_rsn_cipher_to_suite(cipher)) 52 53 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 54 WLAN_CRYPTO_ADDSELECTOR(frm,\ 55 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 56 57 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 58 WLAN_CRYPTO_ADDSELECTOR(frm,\ 59 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 60 61 static int is_valid_keyix(uint16_t keyix) 62 { 63 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 64 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 65 return 0; 66 else 67 return 1; 68 } 69 70 static int is_igtk(uint16_t keyix) 71 { 72 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 73 return 0; 74 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 75 return 0; 76 else 77 return 1; 78 } 79 80 static int is_bigtk(uint16_t keyix) 81 { 82 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 83 return 0; 84 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 85 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 86 return 0; 87 else 88 return 1; 89 } 90 91 /** 92 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 93 * @vdev:vdev 94 * 95 * This function gets called by mlme to get crypto params 96 * 97 * Return: wlan_crypto_params or NULL in case of failure 98 */ 99 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 100 struct wlan_objmgr_vdev *vdev, 101 struct wlan_crypto_comp_priv **crypto_priv) 102 { 103 *crypto_priv = (struct wlan_crypto_comp_priv *) 104 wlan_get_vdev_crypto_obj(vdev); 105 if (!(*crypto_priv)) { 106 crypto_err("crypto_priv NULL"); 107 return NULL; 108 } 109 110 return &((*crypto_priv)->crypto_params); 111 } 112 113 /** 114 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 115 * @peer:peer 116 * 117 * This function gets called by mlme to get crypto params 118 * 119 * Return: wlan_crypto_params or NULL in case of failure 120 */ 121 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 122 struct wlan_objmgr_peer *peer, 123 struct wlan_crypto_comp_priv **crypto_priv) 124 { 125 126 *crypto_priv = (struct wlan_crypto_comp_priv *) 127 wlan_get_peer_crypto_obj(peer); 128 if (!*crypto_priv) { 129 crypto_err("crypto_priv NULL"); 130 return NULL; 131 } 132 133 return &((*crypto_priv)->crypto_params); 134 } 135 136 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 137 { 138 return QDF_STATUS_SUCCESS; 139 } 140 141 /** 142 * wlan_crypto_set_param - called by ucfg to set crypto param 143 * @crypto_params: crypto_params 144 * @param: param to be set. 145 * @value: value 146 * 147 * This function gets called from ucfg to set param 148 * 149 * Return: QDF_STATUS_SUCCESS - in case of success 150 */ 151 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 152 wlan_crypto_param_type param, 153 uint32_t value) 154 { 155 QDF_STATUS status = QDF_STATUS_E_INVAL; 156 157 crypto_debug("param %d, value %d", param, value); 158 switch (param) { 159 case WLAN_CRYPTO_PARAM_AUTH_MODE: 160 status = wlan_crypto_set_authmode(crypto_params, value); 161 break; 162 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 163 status = wlan_crypto_set_ucastciphers(crypto_params, value); 164 break; 165 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 166 status = wlan_crypto_set_mcastcipher(crypto_params, value); 167 break; 168 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 169 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 170 break; 171 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 172 status = wlan_crypto_set_cipher_cap(crypto_params, value); 173 break; 174 case WLAN_CRYPTO_PARAM_RSN_CAP: 175 status = wlan_crypto_set_rsn_cap(crypto_params, value); 176 break; 177 case WLAN_CRYPTO_PARAM_KEY_MGMT: 178 status = wlan_crypto_set_key_mgmt(crypto_params, value); 179 break; 180 default: 181 status = QDF_STATUS_E_INVAL; 182 } 183 return status; 184 } 185 186 /** 187 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 188 * @vdev: vdev 189 * @param: param to be set. 190 * @value: value 191 * 192 * This function gets called from ucfg to set param 193 * 194 * Return: QDF_STATUS_SUCCESS - in case of success 195 */ 196 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 197 wlan_crypto_param_type param, 198 uint32_t value) 199 { 200 QDF_STATUS status = QDF_STATUS_E_INVAL; 201 struct wlan_crypto_comp_priv *crypto_priv; 202 struct wlan_crypto_params *crypto_params; 203 204 crypto_priv = (struct wlan_crypto_comp_priv *) 205 wlan_get_vdev_crypto_obj(vdev); 206 207 if (!crypto_priv) { 208 crypto_err("crypto_priv NULL"); 209 return QDF_STATUS_E_INVAL; 210 } 211 212 crypto_params = &(crypto_priv->crypto_params); 213 214 status = wlan_crypto_set_param(crypto_params, param, value); 215 216 return status; 217 } 218 219 /** 220 * wlan_crypto_set_param - called by ucfg to set crypto param 221 * 222 * @peer: peer 223 * @param: param to be set. 224 * @value: value 225 * 226 * This function gets called from ucfg to set param 227 * 228 * Return: QDF_STATUS_SUCCESS - in case of success 229 */ 230 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 231 wlan_crypto_param_type param, 232 uint32_t value) 233 { 234 QDF_STATUS status = QDF_STATUS_E_INVAL; 235 struct wlan_crypto_comp_priv *crypto_priv; 236 struct wlan_crypto_params *crypto_params; 237 238 crypto_params = wlan_crypto_peer_get_comp_params(peer, 239 &crypto_priv); 240 241 if (!crypto_priv) { 242 crypto_err("crypto_priv NULL"); 243 return QDF_STATUS_E_INVAL; 244 } 245 246 crypto_params = &(crypto_priv->crypto_params); 247 248 status = wlan_crypto_set_param(crypto_params, param, value); 249 250 return status; 251 } 252 253 /** 254 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 255 * @param: Crypto param type 256 * @crypto_params: Crypto params struct 257 * 258 * This function gets called from in-within crypto layer 259 * 260 * Return: value or -1 for failure 261 */ 262 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 263 struct wlan_crypto_params *crypto_params) 264 { 265 int32_t value; 266 267 switch (param) { 268 case WLAN_CRYPTO_PARAM_AUTH_MODE: 269 value = wlan_crypto_get_authmode(crypto_params); 270 break; 271 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 272 value = wlan_crypto_get_ucastciphers(crypto_params); 273 break; 274 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 275 value = wlan_crypto_get_mcastcipher(crypto_params); 276 break; 277 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 278 value = wlan_crypto_get_mgmtciphers(crypto_params); 279 break; 280 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 281 value = wlan_crypto_get_cipher_cap(crypto_params); 282 break; 283 case WLAN_CRYPTO_PARAM_RSN_CAP: 284 value = wlan_crypto_get_rsn_cap(crypto_params); 285 break; 286 case WLAN_CRYPTO_PARAM_KEY_MGMT: 287 value = wlan_crypto_get_key_mgmt(crypto_params); 288 break; 289 default: 290 value = -1; 291 } 292 293 return value; 294 } 295 296 /** 297 * wlan_crypto_get_param - called to get value for param from vdev 298 * @vdev: vdev 299 * @param: Crypto param type 300 * 301 * This function gets called to get value for param from vdev 302 * 303 * Return: value or -1 for failure 304 */ 305 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 306 wlan_crypto_param_type param) 307 { 308 int32_t value = -1; 309 struct wlan_crypto_comp_priv *crypto_priv; 310 struct wlan_crypto_params *crypto_params; 311 crypto_priv = (struct wlan_crypto_comp_priv *) 312 wlan_get_vdev_crypto_obj(vdev); 313 314 if (!crypto_priv) { 315 crypto_err("crypto_priv NULL"); 316 return value; 317 } 318 319 crypto_params = &(crypto_priv->crypto_params); 320 value = wlan_crypto_get_param_value(param, crypto_params); 321 322 return value; 323 } 324 /** 325 * wlan_crypto_get_peer_param - called to get value for param from peer 326 * @peer: peer 327 * @param: Crypto param type 328 * 329 * This function gets called to get value for param from peer 330 * 331 * Return: value or -1 for failure 332 */ 333 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 334 wlan_crypto_param_type param) 335 { 336 int32_t value = -1; 337 struct wlan_crypto_comp_priv *crypto_priv; 338 struct wlan_crypto_params *crypto_params; 339 340 crypto_params = wlan_crypto_peer_get_comp_params(peer, 341 &crypto_priv); 342 343 if (!crypto_params) { 344 crypto_err("crypto_params NULL"); 345 return value; 346 } 347 value = wlan_crypto_get_param_value(param, crypto_params); 348 349 return value; 350 } 351 qdf_export_symbol(wlan_crypto_get_peer_param); 352 353 static 354 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 355 struct wlan_crypto_pmksa *pmksa); 356 357 static 358 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 359 struct wlan_crypto_pmksa *pmksa) 360 { 361 uint8_t i, first_available_slot = 0; 362 bool slot_found = false; 363 364 /* Delete the old entry and then Add new entry */ 365 wlan_crypto_del_pmksa(crypto_params, pmksa); 366 367 /* find the empty slot as duplicate is already deleted */ 368 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 369 if (!crypto_params->pmksa[i]) { 370 slot_found = true; 371 first_available_slot = i; 372 break; 373 } 374 } 375 376 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 377 crypto_err("no entry available for pmksa"); 378 return QDF_STATUS_E_INVAL; 379 } 380 crypto_params->pmksa[first_available_slot] = pmksa; 381 crypto_debug("PMKSA: Added the PMKSA entry at index=%d", 382 first_available_slot); 383 384 return QDF_STATUS_SUCCESS; 385 } 386 387 static 388 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 389 struct wlan_crypto_pmksa *pmksa) 390 { 391 uint8_t i, j, valid_entries_in_table = 0; 392 bool match_found = false; 393 u8 del_pmk[MAX_PMK_LEN] = {0}; 394 395 /* find slot with same bssid */ 396 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 397 if (!crypto_params->pmksa[i]) 398 continue; 399 400 valid_entries_in_table++; 401 402 if (!pmksa->ssid_len && 403 !qdf_is_macaddr_zero(&pmksa->bssid) && 404 qdf_is_macaddr_equal(&pmksa->bssid, 405 &crypto_params->pmksa[i]->bssid)) { 406 match_found = true; 407 } else if (pmksa->ssid_len && 408 !qdf_mem_cmp(pmksa->ssid, 409 crypto_params->pmksa[i]->ssid, 410 pmksa->ssid_len) && 411 !qdf_mem_cmp(pmksa->cache_id, 412 crypto_params->pmksa[i]->cache_id, 413 WLAN_CACHE_ID_LEN)) { 414 match_found = true; 415 } 416 417 if (match_found) { 418 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 419 crypto_params->pmksa[i]->pmk_len); 420 /* Free matching entry */ 421 qdf_mem_zero(crypto_params->pmksa[i], 422 sizeof(struct wlan_crypto_pmksa)); 423 qdf_mem_free(crypto_params->pmksa[i]); 424 crypto_params->pmksa[i] = NULL; 425 crypto_debug("PMKSA: Deleted PMKSA entry at index=%d", 426 i); 427 428 /* Find and remove the entries matching the pmk */ 429 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 430 if (!crypto_params->pmksa[j]) 431 continue; 432 if (crypto_params->pmksa[j]->pmk_len && 433 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 434 del_pmk, 435 crypto_params->pmksa[j]->pmk_len))) { 436 qdf_mem_zero(crypto_params->pmksa[j], 437 sizeof(struct wlan_crypto_pmksa)); 438 qdf_mem_free(crypto_params->pmksa[j]); 439 crypto_params->pmksa[j] = NULL; 440 crypto_debug("PMKSA: Deleted PMKSA at idx=%d", 441 j); 442 } 443 } 444 /* reset stored pmk */ 445 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 446 447 return QDF_STATUS_SUCCESS; 448 } 449 } 450 451 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 452 crypto_debug("No such pmksa entry exists: valid entries:%d", 453 valid_entries_in_table); 454 455 return QDF_STATUS_SUCCESS; 456 } 457 458 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 459 { 460 uint8_t i; 461 462 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 463 if (!crypto_params->pmksa[i]) 464 continue; 465 qdf_mem_zero(crypto_params->pmksa[i], 466 sizeof(struct wlan_crypto_pmksa)); 467 qdf_mem_free(crypto_params->pmksa[i]); 468 crypto_params->pmksa[i] = NULL; 469 } 470 471 crypto_debug("Flushed the pmksa table"); 472 473 return QDF_STATUS_SUCCESS; 474 } 475 476 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 477 struct wlan_crypto_pmksa *pmksa, 478 bool set) 479 { 480 QDF_STATUS status = QDF_STATUS_E_INVAL; 481 struct wlan_crypto_comp_priv *crypto_priv; 482 struct wlan_crypto_params *crypto_params; 483 struct wlan_crypto_pmksa *pmkid_cache = NULL; 484 enum QDF_OPMODE op_mode; 485 486 op_mode = wlan_vdev_mlme_get_opmode(vdev); 487 488 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 489 return QDF_STATUS_E_NOSUPPORT; 490 491 if (!pmksa && set) { 492 crypto_err("pmksa is NULL for set operation"); 493 return QDF_STATUS_E_INVAL; 494 } 495 crypto_priv = (struct wlan_crypto_comp_priv *) 496 wlan_get_vdev_crypto_obj(vdev); 497 498 if (!crypto_priv) { 499 crypto_err("crypto_priv NULL"); 500 return QDF_STATUS_E_INVAL; 501 } 502 503 crypto_params = &crypto_priv->crypto_params; 504 if (set) { 505 pmkid_cache = wlan_crypto_get_pmksa(vdev, &pmksa->bssid); 506 if (pmkid_cache && (pmksa->pmk_len && 507 pmksa->pmk_len == pmkid_cache->pmk_len && 508 !qdf_mem_cmp(pmkid_cache->pmk, pmksa->pmk, 509 pmksa->pmk_len))) { 510 crypto_debug("PMKSA entry found with same PMK"); 511 pmkid_cache = NULL; 512 return QDF_STATUS_E_EXISTS; 513 } 514 515 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 516 /* Set pmksa */ 517 } else { 518 /* del pmksa */ 519 if (!pmksa) 520 status = wlan_crypto_pmksa_flush(crypto_params); 521 else 522 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 523 } 524 525 return status; 526 } 527 528 QDF_STATUS wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev *vdev, 529 struct wlan_crypto_pmksa *pmksa) 530 { 531 QDF_STATUS status = QDF_STATUS_E_INVAL; 532 struct wlan_crypto_pmksa *cached_pmksa; 533 struct wlan_crypto_comp_priv *crypto_priv; 534 struct wlan_crypto_params *crypto_params; 535 uint8_t mdie_present, i; 536 uint16_t mobility_domain; 537 538 if (!pmksa) { 539 crypto_err("pmksa is NULL for set operation"); 540 return status; 541 } 542 543 crypto_priv = (struct wlan_crypto_comp_priv *) 544 wlan_get_vdev_crypto_obj(vdev); 545 if (!crypto_priv) { 546 crypto_err("crypto_priv NULL"); 547 return status; 548 } 549 550 crypto_params = &crypto_priv->crypto_params; 551 552 if (pmksa->mdid.mdie_present) { 553 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 554 if (!crypto_params->pmksa[i]) 555 continue; 556 cached_pmksa = crypto_params->pmksa[i]; 557 mdie_present = cached_pmksa->mdid.mdie_present; 558 mobility_domain = cached_pmksa->mdid.mobility_domain; 559 560 /* In FT connection when STA connects to AP1 then PMK1 561 * gets cached. And if STA disconnects from AP1 and 562 * connects to AP2 then PMK2 gets cached. This will 563 * result in having multiple PMK cache entries for the 564 * same MDID. So delete the old/stale PMK cache entries 565 * for the same mobility domain as of the newly added 566 * entry. And Update the MDID for the matching BSSID or 567 * SSID PMKSA entry. 568 */ 569 if (qdf_is_macaddr_equal 570 (&cached_pmksa->bssid, &pmksa->bssid)) { 571 cached_pmksa->mdid.mdie_present = 1; 572 cached_pmksa->mdid.mobility_domain = 573 pmksa->mdid.mobility_domain; 574 crypto_debug("Updated the MDID at index=%d", i); 575 status = QDF_STATUS_SUCCESS; 576 } else if (pmksa->ssid_len && 577 !qdf_mem_cmp(pmksa->ssid, 578 cached_pmksa->ssid, 579 pmksa->ssid_len) && 580 !qdf_mem_cmp(pmksa->cache_id, 581 cached_pmksa->cache_id, 582 WLAN_CACHE_ID_LEN)) { 583 cached_pmksa->mdid.mdie_present = 1; 584 cached_pmksa->mdid.mobility_domain = 585 pmksa->mdid.mobility_domain; 586 crypto_debug("Updated the MDID at index=%d", i); 587 status = QDF_STATUS_SUCCESS; 588 } else if (mdie_present && 589 (pmksa->mdid.mobility_domain == 590 mobility_domain)) { 591 qdf_mem_zero(crypto_params->pmksa[i], 592 sizeof(struct wlan_crypto_pmksa)); 593 qdf_mem_free(crypto_params->pmksa[i]); 594 crypto_params->pmksa[i] = NULL; 595 crypto_debug("Deleted PMKSA at index=%d", i); 596 status = QDF_STATUS_SUCCESS; 597 } 598 } 599 } 600 return status; 601 } 602 603 struct wlan_crypto_pmksa * 604 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 605 struct wlan_crypto_pmksa *pmksa) 606 { 607 struct wlan_crypto_comp_priv *crypto_priv; 608 struct wlan_crypto_params *crypto_params; 609 uint8_t i; 610 611 if (!pmksa) { 612 crypto_err("pmksa is NULL"); 613 return NULL; 614 } 615 crypto_priv = (struct wlan_crypto_comp_priv *) 616 wlan_get_vdev_crypto_obj(vdev); 617 618 if (!crypto_priv) { 619 crypto_err("crypto_priv NULL"); 620 return NULL; 621 } 622 623 crypto_params = &crypto_priv->crypto_params; 624 625 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 626 if (!crypto_params->pmksa[i]) 627 continue; 628 629 if (pmksa->ssid_len && 630 !qdf_mem_cmp(pmksa->ssid, 631 crypto_params->pmksa[i]->ssid, 632 pmksa->ssid_len) && 633 !qdf_mem_cmp(pmksa->cache_id, 634 crypto_params->pmksa[i]->cache_id, 635 WLAN_CACHE_ID_LEN)) { 636 return crypto_params->pmksa[i]; 637 } else if (!pmksa->ssid_len && 638 !qdf_is_macaddr_zero(&pmksa->bssid) && 639 qdf_is_macaddr_equal(&pmksa->bssid, 640 &crypto_params->pmksa[i]->bssid)) { 641 return crypto_params->pmksa[i]; 642 } 643 } 644 645 return NULL; 646 } 647 648 struct wlan_crypto_pmksa * 649 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 650 { 651 struct wlan_crypto_comp_priv *crypto_priv; 652 struct wlan_crypto_params *crypto_params; 653 uint8_t i; 654 655 if (!bssid) { 656 crypto_err("bssid is NULL"); 657 return NULL; 658 } 659 crypto_priv = (struct wlan_crypto_comp_priv *) 660 wlan_get_vdev_crypto_obj(vdev); 661 662 if (!crypto_priv) { 663 crypto_err("crypto_priv NULL"); 664 return NULL; 665 } 666 667 crypto_params = &crypto_priv->crypto_params; 668 669 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 670 if (!crypto_params->pmksa[i]) 671 continue; 672 if (qdf_is_macaddr_equal(bssid, 673 &crypto_params->pmksa[i]->bssid)) { 674 crypto_debug("PMKSA: Entry found at index %d", i); 675 return crypto_params->pmksa[i]; 676 } 677 } 678 679 return NULL; 680 } 681 682 struct wlan_crypto_pmksa * 683 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev, 684 uint8_t *cache_id, uint8_t *ssid, 685 uint8_t ssid_len) 686 { 687 struct wlan_crypto_comp_priv *crypto_priv; 688 struct wlan_crypto_params *crypto_params; 689 uint8_t i; 690 691 crypto_priv = (struct wlan_crypto_comp_priv *) 692 wlan_get_vdev_crypto_obj(vdev); 693 694 if (!crypto_priv) { 695 crypto_err("crypto_priv NULL"); 696 return NULL; 697 } 698 699 crypto_params = &crypto_priv->crypto_params; 700 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 701 if (!crypto_params->pmksa[i]) 702 continue; 703 704 if (!qdf_mem_cmp(cache_id, 705 crypto_params->pmksa[i]->cache_id, 706 WLAN_CACHE_ID_LEN) && 707 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid, 708 ssid_len) && 709 ssid_len == crypto_params->pmksa[i]->ssid_len) 710 return crypto_params->pmksa[i]; 711 } 712 713 return NULL; 714 } 715 716 /** 717 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 718 * @vdev: vdev 719 * @peer: peer 720 * 721 * This function gets called to check is HT allowed for cipher. 722 * HT is not allowed for wep and tkip. 723 * 724 * Return: 0 - not allowed or 1 - allowed 725 */ 726 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 727 struct wlan_objmgr_peer *peer) 728 { 729 int32_t ucast_cipher; 730 731 if (!(vdev || peer)) { 732 crypto_err("Invalid params"); 733 return 0; 734 } 735 736 if (vdev) 737 ucast_cipher = wlan_crypto_get_param(vdev, 738 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 739 else 740 ucast_cipher = wlan_crypto_get_peer_param(peer, 741 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 742 743 if (ucast_cipher == -1) { 744 crypto_err("Invalid params"); 745 return 0; 746 } 747 748 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 749 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 750 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 751 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 752 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 753 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 754 } 755 qdf_export_symbol(wlan_crypto_is_htallowed); 756 757 /** 758 * wlan_crypto_setkey - called by ucfg to setkey 759 * @vdev: vdev 760 * @req_key: req_key with cipher type, key macaddress 761 * 762 * This function gets called from ucfg to sey key 763 * 764 * Return: QDF_STATUS_SUCCESS - in case of success 765 */ 766 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 767 struct wlan_crypto_req_key *req_key) 768 { 769 QDF_STATUS status = QDF_STATUS_E_INVAL; 770 struct wlan_crypto_comp_priv *crypto_priv; 771 struct wlan_crypto_params *crypto_params; 772 struct wlan_objmgr_psoc *psoc; 773 struct wlan_objmgr_peer *peer = NULL; 774 struct wlan_crypto_key *key = NULL; 775 const struct wlan_crypto_cipher *cipher; 776 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 777 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 778 bool isbcast; 779 enum QDF_OPMODE vdev_mode; 780 uint8_t igtk_idx = 0; 781 uint8_t bigtk_idx = 0; 782 struct wlan_lmac_if_tx_ops *tx_ops; 783 784 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 785 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 786 return QDF_STATUS_E_INVAL; 787 } 788 789 isbcast = qdf_is_macaddr_group( 790 (struct qdf_mac_addr *)req_key->macaddr); 791 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 792 /* zero length keys, only set default key id if flags are set*/ 793 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 794 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 795 && (!IS_MGMT_CIPHER(req_key->type))) { 796 wlan_crypto_default_key(vdev, 797 req_key->macaddr, 798 req_key->keyix, 799 !isbcast); 800 return QDF_STATUS_SUCCESS; 801 } 802 crypto_err("req_key len zero"); 803 return QDF_STATUS_E_INVAL; 804 } 805 806 cipher = wlan_crypto_cipher_ops[req_key->type]; 807 808 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 809 crypto_err("cipher invalid"); 810 return QDF_STATUS_E_INVAL; 811 } 812 813 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 814 (!IS_MGMT_CIPHER(req_key->type)) && 815 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 816 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 817 crypto_err("cipher invalid"); 818 return QDF_STATUS_E_INVAL; 819 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 820 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 821 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 822 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 823 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 824 return QDF_STATUS_E_INVAL; 825 } 826 827 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 828 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 829 | WLAN_CRYPTO_KEY_RECV)) { 830 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 831 | WLAN_CRYPTO_KEY_RECV); 832 } 833 } else { 834 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 835 && (!IS_MGMT_CIPHER(req_key->type))) { 836 return QDF_STATUS_E_INVAL; 837 } 838 839 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 840 | WLAN_CRYPTO_KEY_RECV); 841 if (isbcast) 842 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 843 } 844 845 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 846 847 wlan_vdev_obj_lock(vdev); 848 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 849 QDF_MAC_ADDR_SIZE); 850 psoc = wlan_vdev_get_psoc(vdev); 851 if (!psoc) { 852 wlan_vdev_obj_unlock(vdev); 853 crypto_err("psoc NULL"); 854 return QDF_STATUS_E_INVAL; 855 } 856 wlan_vdev_obj_unlock(vdev); 857 858 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 859 if (wlan_crypto_vdev_has_auth_mode(vdev, 860 (1 << WLAN_CRYPTO_AUTH_8021X))) { 861 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 862 } 863 } 864 865 if (isbcast) { 866 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 867 &crypto_priv); 868 if (!crypto_priv) { 869 crypto_err("crypto_priv NULL"); 870 return QDF_STATUS_E_INVAL; 871 } 872 873 if (IS_MGMT_CIPHER(req_key->type)) { 874 struct wlan_crypto_key *crypto_key = NULL; 875 876 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 877 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 878 if (!is_igtk(req_key->keyix) && 879 !(is_bigtk(req_key->keyix))) { 880 crypto_err("igtk/bigtk key invalid keyid %d", 881 req_key->keyix); 882 return QDF_STATUS_E_INVAL; 883 } 884 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 885 if (!key) 886 return QDF_STATUS_E_NOMEM; 887 888 889 if (is_igtk(req_key->keyix)) { 890 crypto_key = crypto_priv->igtk_key[igtk_idx]; 891 if (crypto_key) 892 qdf_mem_free(crypto_key); 893 894 crypto_priv->igtk_key[igtk_idx] = key; 895 crypto_priv->igtk_key_type = req_key->type; 896 crypto_priv->def_igtk_tx_keyid = igtk_idx; 897 bigtk_idx = 0; 898 } else { 899 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 900 if (crypto_key) 901 qdf_mem_free(crypto_key); 902 903 crypto_priv->bigtk_key[bigtk_idx] = key; 904 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 905 igtk_idx = 0; 906 } 907 } else { 908 if (IS_FILS_CIPHER(req_key->type)) { 909 crypto_err("FILS key is not for BroadCast pkt"); 910 return QDF_STATUS_E_INVAL; 911 } 912 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 913 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 914 return QDF_STATUS_E_INVAL; 915 } 916 if (!crypto_priv->key[req_key->keyix]) { 917 crypto_priv->key[req_key->keyix] 918 = qdf_mem_malloc( 919 sizeof(struct wlan_crypto_key)); 920 if (!crypto_priv->key[req_key->keyix]) 921 return QDF_STATUS_E_NOMEM; 922 } 923 key = crypto_priv->key[req_key->keyix]; 924 crypto_priv->def_tx_keyid = req_key->keyix; 925 } 926 if (vdev_mode == QDF_STA_MODE) { 927 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 928 WLAN_CRYPTO_ID); 929 if (!peer) { 930 crypto_err("peer NULL"); 931 if (IS_MGMT_CIPHER(req_key->type)) { 932 crypto_priv->igtk_key[igtk_idx] = NULL; 933 crypto_priv->bigtk_key[bigtk_idx] 934 = NULL; 935 crypto_priv->igtk_key_type 936 = WLAN_CRYPTO_CIPHER_NONE; 937 } else 938 crypto_priv->key[req_key->keyix] = NULL; 939 if (key) 940 qdf_mem_free(key); 941 return QDF_STATUS_E_INVAL; 942 } 943 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 944 QDF_MAC_ADDR_SIZE); 945 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 946 peer = NULL; 947 } 948 } else { 949 uint8_t pdev_id; 950 951 pdev_id = wlan_objmgr_pdev_get_pdev_id( 952 wlan_vdev_get_pdev(vdev)); 953 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 954 psoc, 955 pdev_id, 956 macaddr, 957 req_key->macaddr, 958 WLAN_CRYPTO_ID); 959 960 if (!peer) { 961 crypto_err("peer NULL"); 962 return QDF_STATUS_E_INVAL; 963 } 964 965 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 966 crypto_params = wlan_crypto_peer_get_comp_params(peer, 967 &crypto_priv); 968 969 if (!crypto_priv) { 970 crypto_err("crypto_priv NULL"); 971 status = QDF_STATUS_E_INVAL; 972 goto err; 973 } 974 if (IS_MGMT_CIPHER(req_key->type)) { 975 struct wlan_crypto_key *crypto_key = NULL; 976 977 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 978 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 979 if (!is_igtk(req_key->keyix) && 980 !(is_bigtk(req_key->keyix))) { 981 crypto_err("igtk/bigtk key invalid keyid %d", 982 req_key->keyix); 983 status = QDF_STATUS_E_INVAL; 984 goto err; 985 } 986 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 987 if (!key) { 988 status = QDF_STATUS_E_NOMEM; 989 goto err; 990 } 991 992 if (is_igtk(req_key->keyix)) { 993 crypto_key = crypto_priv->igtk_key[igtk_idx]; 994 if (crypto_key) 995 qdf_mem_free(crypto_key); 996 997 crypto_priv->igtk_key[igtk_idx] = key; 998 crypto_priv->igtk_key_type = req_key->type; 999 crypto_priv->def_igtk_tx_keyid = igtk_idx; 1000 } else { 1001 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 1002 if (crypto_key) 1003 qdf_mem_free(crypto_key); 1004 1005 crypto_priv->bigtk_key[bigtk_idx] = key; 1006 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 1007 } 1008 } else { 1009 uint16_t kid = req_key->keyix; 1010 if (kid == WLAN_CRYPTO_KEYIX_NONE) 1011 kid = 0; 1012 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 1013 crypto_err("invalid keyid %d", kid); 1014 status = QDF_STATUS_E_INVAL; 1015 goto err; 1016 } 1017 if (!crypto_priv->key[kid]) { 1018 crypto_priv->key[kid] 1019 = qdf_mem_malloc( 1020 sizeof(struct wlan_crypto_key)); 1021 if (!crypto_priv->key[kid]) { 1022 status = QDF_STATUS_E_NOMEM; 1023 goto err; 1024 } 1025 } 1026 key = crypto_priv->key[kid]; 1027 } 1028 } 1029 1030 /* alloc key might not required as it is already there */ 1031 key->cipher_table = (void *)cipher; 1032 key->keylen = req_key->keylen; 1033 key->flags = req_key->flags; 1034 1035 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 1036 key->keyix = 0; 1037 else 1038 key->keyix = req_key->keyix; 1039 1040 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 1041 && (!IS_MGMT_CIPHER(req_key->type))) { 1042 crypto_priv->def_tx_keyid = key->keyix; 1043 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 1044 } 1045 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 1046 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 1047 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 1048 0x5c, 0x36, 0x5c, 0x36, 1049 0x5c, 0x36, 0x5c, 0x36, 1050 0x5c, 0x36, 0x5c, 0x37}; 1051 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 1052 0x5c, 0x36, 0x5c, 0x36, 1053 0x5c, 0x36, 0x5c, 0x36, 1054 0x5c, 0x36, 0x5c, 0x36}; 1055 1056 /* During Tx PN should be increment and 1057 * send but as per our implementation we increment only after 1058 * Tx complete. So First packet PN check will be failed. 1059 * To compensate increment the PN here by 2 1060 */ 1061 if (vdev_mode == QDF_SAP_MODE) { 1062 iv_AP[15] += 2; 1063 qdf_mem_copy(key->recviv, iv_STA, 1064 WLAN_CRYPTO_WAPI_IV_SIZE); 1065 qdf_mem_copy(key->txiv, iv_AP, 1066 WLAN_CRYPTO_WAPI_IV_SIZE); 1067 } else { 1068 iv_STA[15] += 2; 1069 qdf_mem_copy(key->recviv, iv_AP, 1070 WLAN_CRYPTO_WAPI_IV_SIZE); 1071 qdf_mem_copy(key->txiv, iv_STA, 1072 WLAN_CRYPTO_WAPI_IV_SIZE); 1073 } 1074 } else { 1075 uint8_t i = 0; 1076 qdf_mem_copy((uint8_t *)(&key->keytsc), 1077 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 1078 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 1079 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 1080 (uint8_t *)(&req_key->keyrsc), 1081 sizeof(key->keyrsc[0])); 1082 } 1083 } 1084 1085 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1086 if (!tx_ops) { 1087 crypto_err("tx_ops is NULL"); 1088 status = QDF_STATUS_E_INVAL; 1089 goto err; 1090 } 1091 1092 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 1093 key->valid = 1; 1094 if ((IS_MGMT_CIPHER(req_key->type))) { 1095 uint32_t mgmt_cipher = 0; 1096 1097 if (HAS_CIPHER_CAP(crypto_params, 1098 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 1099 is_bigtk(req_key->keyix)) { 1100 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1101 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 1102 key, macaddr, req_key->type); 1103 } 1104 } 1105 QDF_SET_PARAM(mgmt_cipher, req_key->type); 1106 wlan_crypto_set_mgmtcipher(crypto_params, mgmt_cipher); 1107 status = wlan_crypto_set_igtk_key(key); 1108 } else if (IS_FILS_CIPHER(req_key->type)) { 1109 /* Take request key object to FILS setkey */ 1110 key->private = req_key; 1111 } else { 1112 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1113 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, macaddr, 1114 req_key->type); 1115 } 1116 } 1117 if (cipher) 1118 status = cipher->setkey(key); 1119 1120 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 1121 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 1122 (!IS_MGMT_CIPHER(req_key->type)) && isbcast) { 1123 /* default xmit key */ 1124 wlan_crypto_default_key(vdev, 1125 req_key->macaddr, 1126 req_key->keyix, 1127 !isbcast); 1128 /*Iterate through the peer list on this vdev 1129 *and store the keyix in the peer's crypto_priv 1130 */ 1131 wlan_objmgr_iterate_peerobj_list(vdev, store_def_keyix_peer, 1132 (void *)&req_key->keyix, 1133 WLAN_CRYPTO_ID); 1134 1135 } 1136 err: 1137 if (peer) 1138 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1139 return status; 1140 } 1141 1142 /** 1143 * store_def_keyix_peer - store default keyix 1144 * @vdev: vdev 1145 * @object: Peer object 1146 * @arg: Argument passed by caller 1147 * 1148 * This function gets called from wlan_crypto_setkey 1149 * 1150 * Return: None 1151 */ 1152 void store_def_keyix_peer(struct wlan_objmgr_vdev *vdev, void *object, 1153 void *arg) 1154 { 1155 struct wlan_objmgr_peer *peer = NULL; 1156 struct wlan_crypto_comp_priv *crypto_priv; 1157 struct wlan_crypto_params *crypto_params; 1158 1159 uint16_t kid = *(uint16_t *)arg; 1160 1161 peer = (struct wlan_objmgr_peer *)object; 1162 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1163 if (!crypto_priv) { 1164 crypto_err("crypto_priv NULL"); 1165 return; 1166 } 1167 crypto_priv->def_tx_keyid = kid; 1168 } 1169 1170 qdf_export_symbol(store_def_keyix_peer); 1171 1172 /** 1173 * wlan_crypto_get_keytype - get keytype 1174 * @key: key 1175 * 1176 * This function gets keytype from key 1177 * 1178 * Return: keytype 1179 */ 1180 wlan_crypto_cipher_type wlan_crypto_get_key_type(struct wlan_crypto_key *key) 1181 { 1182 if (key && key->cipher_table) { 1183 return ((struct wlan_crypto_cipher *) 1184 (key->cipher_table))->cipher; 1185 } 1186 return WLAN_CRYPTO_CIPHER_NONE; 1187 } 1188 qdf_export_symbol(wlan_crypto_get_key_type); 1189 /** 1190 * wlan_crypto_vdev_getkey - get key from vdev 1191 * @vdev: vdev 1192 * @keyix: keyix 1193 * 1194 * This function gets key from vdev 1195 * 1196 * Return: key or NULL 1197 */ 1198 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 1199 uint16_t keyix) 1200 { 1201 struct wlan_crypto_comp_priv *crypto_priv; 1202 struct wlan_crypto_params *crypto_params; 1203 struct wlan_crypto_key *key = NULL; 1204 1205 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1206 1207 if (!crypto_priv) { 1208 crypto_err("crypto_priv NULL"); 1209 return NULL; 1210 } 1211 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1212 * we return the default key, for all other keyix we return the 1213 * key accordingly. 1214 */ 1215 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1216 !is_valid_keyix(keyix)) 1217 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1218 else if (is_bigtk(keyix)) 1219 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1220 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1221 else if (is_igtk(keyix)) 1222 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1223 else 1224 key = crypto_priv->key[keyix]; 1225 1226 if (key && key->valid) 1227 return key; 1228 1229 return NULL; 1230 } 1231 qdf_export_symbol(wlan_crypto_vdev_getkey); 1232 1233 /** 1234 * wlan_crypto_peer_getkey - get key from peer 1235 * @peer: peer 1236 * @keyix: keyix 1237 * 1238 * This function gets key from peer 1239 * 1240 * Return: key or NULL 1241 */ 1242 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1243 uint16_t keyix) 1244 { 1245 struct wlan_crypto_comp_priv *crypto_priv; 1246 struct wlan_crypto_params *crypto_params; 1247 struct wlan_crypto_key *key = NULL; 1248 1249 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1250 1251 if (!crypto_priv) { 1252 crypto_err("crypto_priv NULL"); 1253 return NULL; 1254 } 1255 1256 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1257 * we return the default key, for all other keyix we return the 1258 * key accordingly. 1259 */ 1260 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1261 !is_valid_keyix(keyix)) 1262 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1263 else if (is_bigtk(keyix)) 1264 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1265 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1266 else if (is_igtk(keyix)) 1267 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1268 else 1269 key = crypto_priv->key[keyix]; 1270 1271 if (key && key->valid) 1272 return key; 1273 1274 return NULL; 1275 } 1276 qdf_export_symbol(wlan_crypto_peer_getkey); 1277 1278 /** 1279 * wlan_crypto_getkey - called by ucfg to get key 1280 * @vdev: vdev 1281 * @req_key: key value will be copied in this req_key 1282 * @mac_address: mac address of the peer for unicast key 1283 * or broadcast address if group key is requested. 1284 * 1285 * This function gets called from ucfg to get key 1286 * 1287 * Return: QDF_STATUS_SUCCESS - in case of success 1288 */ 1289 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1290 struct wlan_crypto_req_key *req_key, 1291 uint8_t *mac_addr) 1292 { 1293 struct wlan_crypto_cipher *cipher_table; 1294 struct wlan_crypto_key *key; 1295 struct wlan_objmgr_psoc *psoc; 1296 struct wlan_lmac_if_tx_ops *tx_ops; 1297 struct wlan_lmac_if_rx_ops *rx_ops; 1298 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1299 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1300 QDF_STATUS status = QDF_STATUS_E_INVAL; 1301 struct wlan_objmgr_peer *peer = NULL; 1302 uint8_t pdev_id; 1303 uint16_t get_pn_enable; 1304 1305 if (!req_key) { 1306 crypto_err("req_key NULL"); 1307 return QDF_STATUS_E_INVAL; 1308 } 1309 1310 get_pn_enable = req_key->flags & WLAN_CRYPTO_KEY_GET_PN; 1311 1312 wlan_vdev_obj_lock(vdev); 1313 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1314 QDF_MAC_ADDR_SIZE); 1315 psoc = wlan_vdev_get_psoc(vdev); 1316 if (!psoc) { 1317 wlan_vdev_obj_unlock(vdev); 1318 crypto_err("psoc NULL"); 1319 return QDF_STATUS_E_INVAL; 1320 } 1321 wlan_vdev_obj_unlock(vdev); 1322 1323 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1324 if (!tx_ops) { 1325 crypto_err("tx_ops is NULL"); 1326 return QDF_STATUS_E_INVAL; 1327 } 1328 1329 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 1330 if (!rx_ops) { 1331 crypto_err("rx_ops is NULL"); 1332 return QDF_STATUS_E_INVAL; 1333 } 1334 1335 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1336 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1337 if (!key) 1338 return QDF_STATUS_E_INVAL; 1339 } else { 1340 1341 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1342 wlan_vdev_get_pdev(vdev)); 1343 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1344 psoc, 1345 pdev_id, 1346 macaddr, 1347 mac_addr, 1348 WLAN_CRYPTO_ID); 1349 if (!peer) { 1350 crypto_err("peer NULL"); 1351 return QDF_STATUS_E_NOENT; 1352 } 1353 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1354 1355 if (!key) { 1356 crypto_err("Key is NULL"); 1357 status = QDF_STATUS_E_INVAL; 1358 goto err; 1359 } 1360 } 1361 1362 if (key->valid) { 1363 qdf_mem_copy(req_key->keydata, 1364 key->keyval, key->keylen); 1365 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1366 (uint8_t *)(&key->keytsc), 1367 sizeof(req_key->keytsc)); 1368 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1369 (uint8_t *)(&key->keyrsc[0]), 1370 sizeof(req_key->keyrsc)); 1371 req_key->keylen = key->keylen; 1372 req_key->keyix = key->keyix; 1373 req_key->flags = key->flags; 1374 1375 if (is_igtk(req_key->keyix) || is_bigtk(req_key->keyix)) { 1376 req_key->type = key->cipher_type; 1377 } else { 1378 cipher_table = key->cipher_table; 1379 1380 if (!cipher_table) { 1381 status = QDF_STATUS_SUCCESS; 1382 goto err; 1383 } 1384 1385 req_key->type = cipher_table->cipher; 1386 } 1387 1388 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1389 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1390 (uint8_t *)(key->txiv), 1391 sizeof(req_key->txiv)); 1392 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1393 (uint8_t *)(key->recviv), 1394 sizeof(req_key->recviv)); 1395 } 1396 1397 if (get_pn_enable) { 1398 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)) 1399 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, mac_addr, 1400 req_key->keyix, 1401 req_key->type); 1402 if (WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)) 1403 WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)( 1404 vdev, mac_addr, req_key->keyix); 1405 } 1406 } 1407 status = QDF_STATUS_SUCCESS; 1408 1409 err: 1410 if (peer) 1411 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1412 1413 return status; 1414 } 1415 1416 /** 1417 * wlan_crypto_delkey - called by ucfg to delete key 1418 * @vdev: vdev 1419 * @mac_address: mac address of the peer for unicast key 1420 * or broadcast address if group key is deleted. 1421 * @key_idx: key index to be deleted 1422 * 1423 * This function gets called from ucfg to delete key 1424 * 1425 * Return: QDF_STATUS_SUCCESS - in case of success 1426 */ 1427 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1428 uint8_t *macaddr, 1429 uint8_t key_idx) 1430 { 1431 struct wlan_crypto_comp_priv *crypto_priv; 1432 struct wlan_crypto_params *crypto_params; 1433 struct wlan_crypto_key *key; 1434 struct wlan_crypto_cipher *cipher_table; 1435 struct wlan_objmgr_psoc *psoc; 1436 struct wlan_lmac_if_tx_ops *tx_ops; 1437 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1438 struct wlan_objmgr_peer *peer = NULL; 1439 QDF_STATUS ret = QDF_STATUS_SUCCESS; 1440 1441 if (!vdev || !macaddr || 1442 !is_valid_keyix(key_idx)) { 1443 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1444 vdev, macaddr, key_idx); 1445 return QDF_STATUS_E_INVAL; 1446 } 1447 1448 wlan_vdev_obj_lock(vdev); 1449 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1450 QDF_MAC_ADDR_SIZE); 1451 psoc = wlan_vdev_get_psoc(vdev); 1452 if (!psoc) { 1453 wlan_vdev_obj_unlock(vdev); 1454 crypto_err("psoc NULL"); 1455 return QDF_STATUS_E_INVAL; 1456 } 1457 wlan_vdev_obj_unlock(vdev); 1458 1459 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1460 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1461 &crypto_priv); 1462 if (!crypto_priv) { 1463 crypto_err("crypto_priv NULL"); 1464 return QDF_STATUS_E_INVAL; 1465 } 1466 } else { 1467 uint8_t pdev_id; 1468 1469 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1470 wlan_vdev_get_pdev(vdev)); 1471 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1472 psoc, pdev_id, 1473 bssid_mac, 1474 macaddr, 1475 WLAN_CRYPTO_ID); 1476 if (!peer) { 1477 return QDF_STATUS_E_INVAL; 1478 } 1479 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1480 &crypto_priv); 1481 if (!crypto_priv) { 1482 crypto_err("crypto_priv NULL"); 1483 ret = QDF_STATUS_E_INVAL; 1484 goto ret_rel_ref; 1485 } 1486 } 1487 1488 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1489 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1490 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1491 1492 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1493 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1494 ret = QDF_STATUS_E_INVAL; 1495 goto ret_rel_ref; 1496 } 1497 if (is_igtk(key_idx)) { 1498 key = crypto_priv->igtk_key[igtk_idx]; 1499 crypto_priv->igtk_key[igtk_idx] = NULL; 1500 } else { 1501 key = crypto_priv->bigtk_key[bigtk_idx]; 1502 crypto_priv->bigtk_key[bigtk_idx] = NULL; 1503 } 1504 if (key) 1505 key->valid = 0; 1506 } else { 1507 key = crypto_priv->key[key_idx]; 1508 crypto_priv->key[key_idx] = NULL; 1509 } 1510 1511 if (!key) { 1512 ret = QDF_STATUS_E_INVAL; 1513 goto ret_rel_ref; 1514 } 1515 1516 if (key->valid) { 1517 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1518 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1519 1520 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1521 if (!tx_ops) { 1522 crypto_err("tx_ops is NULL"); 1523 ret = QDF_STATUS_E_INVAL; 1524 goto ret_rel_ref; 1525 } 1526 1527 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1528 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1529 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1530 cipher_table->cipher); 1531 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1532 if (key->private) 1533 qdf_mem_free(key->private); 1534 } 1535 } 1536 1537 /* Zero-out local key variables */ 1538 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1539 qdf_mem_free(key); 1540 key = NULL; 1541 1542 ret_rel_ref: 1543 if (peer) 1544 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1545 1546 return ret; 1547 } 1548 1549 #ifdef CRYPTO_SET_KEY_CONVERGED 1550 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1551 uint8_t key_idx, uint8_t *macaddr) 1552 { 1553 return QDF_STATUS_SUCCESS; 1554 } 1555 #else 1556 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1557 uint8_t key_idx, uint8_t *macaddr) 1558 { 1559 struct wlan_objmgr_psoc *psoc; 1560 struct wlan_lmac_if_tx_ops *tx_ops; 1561 1562 psoc = wlan_vdev_get_psoc(vdev); 1563 if (!psoc) { 1564 crypto_err("psoc is NULL"); 1565 return QDF_STATUS_E_INVAL; 1566 } 1567 1568 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1569 if (!tx_ops) { 1570 crypto_err("tx_ops is NULL"); 1571 return QDF_STATUS_E_INVAL; 1572 } 1573 1574 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1575 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1576 1577 return QDF_STATUS_SUCCESS; 1578 } 1579 #endif 1580 1581 /** 1582 * wlan_crypto_default_key - called by ucfg to set default tx key 1583 * @vdev: vdev 1584 * @mac_address: mac address of the peer for unicast key 1585 * or broadcast address if group key need to made default. 1586 * @key_idx: key index to be made as default key 1587 * @unicast: is key was unicast or group key. 1588 * 1589 * This function gets called from ucfg to set default key 1590 * 1591 * Return: QDF_STATUS_SUCCESS - in case of success 1592 */ 1593 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1594 uint8_t *macaddr, 1595 uint8_t key_idx, 1596 bool unicast) 1597 { 1598 struct wlan_crypto_comp_priv *crypto_priv; 1599 struct wlan_crypto_params *crypto_params; 1600 struct wlan_crypto_key *key; 1601 struct wlan_objmgr_psoc *psoc; 1602 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1603 1604 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1605 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1606 vdev, macaddr, key_idx); 1607 return QDF_STATUS_E_INVAL; 1608 } 1609 1610 wlan_vdev_obj_lock(vdev); 1611 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1612 QDF_MAC_ADDR_SIZE); 1613 psoc = wlan_vdev_get_psoc(vdev); 1614 if (!psoc) { 1615 wlan_vdev_obj_unlock(vdev); 1616 crypto_err("psoc NULL"); 1617 return QDF_STATUS_E_INVAL; 1618 } 1619 wlan_vdev_obj_unlock(vdev); 1620 1621 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1622 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1623 &crypto_priv); 1624 if (!crypto_priv) { 1625 crypto_err("crypto_priv NULL"); 1626 return QDF_STATUS_E_INVAL; 1627 } 1628 1629 key = crypto_priv->key[key_idx]; 1630 if (!key) 1631 return QDF_STATUS_E_INVAL; 1632 } else { 1633 struct wlan_objmgr_peer *peer; 1634 uint8_t pdev_id; 1635 1636 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1637 wlan_vdev_get_pdev(vdev)); 1638 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1639 psoc, pdev_id, 1640 bssid_mac, 1641 macaddr, 1642 WLAN_CRYPTO_ID); 1643 1644 if (!peer) { 1645 crypto_err("peer NULL"); 1646 return QDF_STATUS_E_INVAL; 1647 } 1648 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1649 &crypto_priv); 1650 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1651 if (!crypto_priv) { 1652 crypto_err("crypto_priv NULL"); 1653 return QDF_STATUS_E_INVAL; 1654 } 1655 1656 key = crypto_priv->key[key_idx]; 1657 if (!key) 1658 return QDF_STATUS_E_INVAL; 1659 } 1660 if (!key->valid) 1661 return QDF_STATUS_E_INVAL; 1662 1663 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1664 QDF_STATUS_SUCCESS) 1665 return QDF_STATUS_E_INVAL; 1666 crypto_priv->def_tx_keyid = key_idx; 1667 1668 return QDF_STATUS_SUCCESS; 1669 } 1670 1671 /** 1672 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1673 * @vdev: vdev 1674 * @wbuf: wbuf 1675 * @macaddr: macaddr 1676 * @encapdone: is encapdone already or not. 1677 * 1678 * This function gets called from mgmt txrx to encap frame. 1679 * 1680 * Return: QDF_STATUS_SUCCESS - in case of success 1681 */ 1682 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1683 qdf_nbuf_t wbuf, 1684 uint8_t *mac_addr, 1685 uint8_t encapdone) 1686 { 1687 struct wlan_crypto_comp_priv *crypto_priv; 1688 struct wlan_crypto_params *crypto_params; 1689 struct wlan_crypto_key *key; 1690 QDF_STATUS status; 1691 struct wlan_crypto_cipher *cipher_table; 1692 struct wlan_objmgr_psoc *psoc; 1693 struct wlan_objmgr_peer *peer; 1694 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1695 uint8_t pdev_id; 1696 uint8_t hdrlen; 1697 enum QDF_OPMODE opmode; 1698 1699 opmode = wlan_vdev_mlme_get_opmode(vdev); 1700 wlan_vdev_obj_lock(vdev); 1701 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1702 QDF_MAC_ADDR_SIZE); 1703 psoc = wlan_vdev_get_psoc(vdev); 1704 if (!psoc) { 1705 wlan_vdev_obj_unlock(vdev); 1706 crypto_err("psoc NULL"); 1707 return QDF_STATUS_E_INVAL; 1708 } 1709 wlan_vdev_obj_unlock(vdev); 1710 1711 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1712 /* FILS Encap required only for (Re-)Assoc response */ 1713 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1714 1715 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1716 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1717 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1718 return QDF_STATUS_E_INVAL; 1719 } 1720 1721 if (peer) 1722 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1723 peer = NULL; 1724 1725 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1726 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1727 &crypto_priv); 1728 if (!crypto_priv) { 1729 crypto_err("crypto_priv NULL"); 1730 return QDF_STATUS_E_INVAL; 1731 } 1732 1733 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1734 if (!key) 1735 return QDF_STATUS_E_INVAL; 1736 1737 } else { 1738 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1739 bssid_mac, mac_addr, 1740 WLAN_CRYPTO_ID); 1741 if (!peer) { 1742 crypto_err("crypto_priv NULL"); 1743 return QDF_STATUS_E_INVAL; 1744 } 1745 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1746 &crypto_priv); 1747 1748 if (!crypto_priv) { 1749 crypto_err("crypto_priv NULL"); 1750 status = QDF_STATUS_E_INVAL; 1751 goto err; 1752 } 1753 1754 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1755 if (!key) { 1756 crypto_err("Key is NULL"); 1757 status = QDF_STATUS_E_INVAL; 1758 goto err; 1759 } 1760 } 1761 if (opmode == QDF_MONITOR_MODE) 1762 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1763 else 1764 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1765 (uint8_t *)qdf_nbuf_data(wbuf)); 1766 1767 /* if tkip, is counter measures enabled, then drop the frame */ 1768 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1769 status = cipher_table->encap(key, wbuf, encapdone, 1770 hdrlen); 1771 1772 err: 1773 if (peer) 1774 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1775 1776 return status; 1777 } 1778 qdf_export_symbol(wlan_crypto_encap); 1779 1780 /** 1781 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1782 * @vdev: vdev 1783 * @wbuf: wbuf 1784 * @macaddr: macaddr 1785 * @tid: tid of the frame 1786 * 1787 * This function gets called from mgmt txrx to decap frame. 1788 * 1789 * Return: QDF_STATUS_SUCCESS - in case of success 1790 */ 1791 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1792 qdf_nbuf_t wbuf, 1793 uint8_t *mac_addr, 1794 uint8_t tid) 1795 { 1796 struct wlan_crypto_comp_priv *crypto_priv; 1797 struct wlan_crypto_params *crypto_params; 1798 struct wlan_crypto_key *key; 1799 QDF_STATUS status; 1800 struct wlan_crypto_cipher *cipher_table; 1801 struct wlan_objmgr_psoc *psoc; 1802 struct wlan_objmgr_peer *peer; 1803 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1804 uint8_t keyid; 1805 uint8_t pdev_id; 1806 uint8_t hdrlen; 1807 enum QDF_OPMODE opmode; 1808 1809 opmode = wlan_vdev_mlme_get_opmode(vdev); 1810 wlan_vdev_obj_lock(vdev); 1811 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1812 QDF_MAC_ADDR_SIZE); 1813 psoc = wlan_vdev_get_psoc(vdev); 1814 if (!psoc) { 1815 wlan_vdev_obj_unlock(vdev); 1816 crypto_err("psoc NULL"); 1817 return QDF_STATUS_E_INVAL; 1818 } 1819 wlan_vdev_obj_unlock(vdev); 1820 1821 if (opmode == QDF_MONITOR_MODE) 1822 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1823 else 1824 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1825 (uint8_t *)qdf_nbuf_data(wbuf)); 1826 1827 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1828 1829 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1830 return QDF_STATUS_E_INVAL; 1831 1832 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1833 /* FILS Decap required only for (Re-)Assoc request */ 1834 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1835 1836 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1837 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1838 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1839 return QDF_STATUS_E_INVAL; 1840 } 1841 1842 if (peer) 1843 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1844 peer = NULL; 1845 1846 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1847 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1848 &crypto_priv); 1849 if (!crypto_priv) { 1850 crypto_err("crypto_priv NULL"); 1851 return QDF_STATUS_E_INVAL; 1852 } 1853 1854 key = crypto_priv->key[keyid]; 1855 if (!key) 1856 return QDF_STATUS_E_INVAL; 1857 } else { 1858 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1859 psoc, pdev_id, bssid_mac, 1860 mac_addr, WLAN_CRYPTO_ID); 1861 if (!peer) { 1862 crypto_err("peer NULL"); 1863 return QDF_STATUS_E_INVAL; 1864 } 1865 1866 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1867 &crypto_priv); 1868 1869 if (!crypto_priv) { 1870 crypto_err("crypto_priv NULL"); 1871 status = QDF_STATUS_E_INVAL; 1872 goto err; 1873 } 1874 1875 key = crypto_priv->key[keyid]; 1876 if (!key) { 1877 crypto_err("Key is NULL"); 1878 status = QDF_STATUS_E_INVAL; 1879 goto err; 1880 } 1881 } 1882 1883 if (!key->valid || !key->cipher_table) { 1884 status = QDF_STATUS_E_INVAL; 1885 goto err; 1886 } 1887 1888 /* if tkip, is counter measures enabled, then drop the frame */ 1889 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1890 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1891 1892 err: 1893 if (peer) 1894 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1895 1896 return status; 1897 } 1898 qdf_export_symbol(wlan_crypto_decap); 1899 /** 1900 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1901 * @vdev: vdev 1902 * @wbuf: wbuf 1903 * @macaddr: macaddr 1904 * @encapdone: is encapdone already or not. 1905 * 1906 * This function gets called from mgmt txrx to adding mic to the frame. 1907 * 1908 * Return: QDF_STATUS_SUCCESS - in case of success 1909 */ 1910 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1911 qdf_nbuf_t wbuf, 1912 uint8_t *mac_addr, 1913 uint8_t encapdone) 1914 { 1915 struct wlan_crypto_comp_priv *crypto_priv; 1916 struct wlan_crypto_params *crypto_params; 1917 struct wlan_crypto_key *key; 1918 QDF_STATUS status; 1919 struct wlan_crypto_cipher *cipher_table; 1920 struct wlan_objmgr_psoc *psoc; 1921 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1922 uint8_t hdrlen; 1923 enum QDF_OPMODE opmode; 1924 1925 opmode = wlan_vdev_mlme_get_opmode(vdev); 1926 1927 1928 wlan_vdev_obj_lock(vdev); 1929 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1930 QDF_MAC_ADDR_SIZE); 1931 psoc = wlan_vdev_get_psoc(vdev); 1932 if (!psoc) { 1933 wlan_vdev_obj_unlock(vdev); 1934 crypto_err("psoc NULL"); 1935 return QDF_STATUS_E_INVAL; 1936 } 1937 wlan_vdev_obj_unlock(vdev); 1938 1939 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1940 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1941 &crypto_priv); 1942 if (!crypto_priv) { 1943 crypto_err("crypto_priv NULL"); 1944 return QDF_STATUS_E_INVAL; 1945 } 1946 1947 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1948 if (!key) 1949 return QDF_STATUS_E_INVAL; 1950 1951 } else { 1952 struct wlan_objmgr_peer *peer; 1953 uint8_t pdev_id; 1954 1955 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1956 wlan_vdev_get_pdev(vdev)); 1957 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1958 psoc, pdev_id, bssid_mac, 1959 mac_addr, WLAN_CRYPTO_ID); 1960 if (!peer) { 1961 crypto_err("crypto_priv NULL"); 1962 return QDF_STATUS_E_INVAL; 1963 } 1964 1965 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1966 &crypto_priv); 1967 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1968 1969 if (!crypto_priv) { 1970 crypto_err("crypto_priv NULL"); 1971 return QDF_STATUS_E_INVAL; 1972 } 1973 1974 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1975 if (!key) 1976 return QDF_STATUS_E_INVAL; 1977 } 1978 if (opmode == QDF_MONITOR_MODE) 1979 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1980 else 1981 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1982 (uint8_t *)qdf_nbuf_data(wbuf)); 1983 1984 /* if tkip, is counter measures enabled, then drop the frame */ 1985 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1986 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1987 1988 return status; 1989 } 1990 1991 /** 1992 * wlan_crypto_demic - called by mgmt for remove and check mic for 1993 * the frame based on cipher 1994 * @vdev: vdev 1995 * @wbuf: wbuf 1996 * @macaddr: macaddr 1997 * @tid: tid of the frame 1998 * @keyid: keyid in the received frame 1999 * This function gets called from mgmt txrx to decap frame. 2000 * 2001 * Return: QDF_STATUS_SUCCESS - in case of success 2002 */ 2003 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 2004 qdf_nbuf_t wbuf, 2005 uint8_t *mac_addr, 2006 uint8_t tid, 2007 uint8_t keyid) 2008 { 2009 struct wlan_crypto_comp_priv *crypto_priv; 2010 struct wlan_crypto_params *crypto_params; 2011 struct wlan_crypto_key *key; 2012 QDF_STATUS status; 2013 struct wlan_crypto_cipher *cipher_table; 2014 struct wlan_objmgr_psoc *psoc; 2015 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 2016 uint8_t hdrlen; 2017 enum QDF_OPMODE opmode; 2018 2019 opmode = wlan_vdev_mlme_get_opmode(vdev); 2020 2021 if (opmode == QDF_MONITOR_MODE) 2022 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 2023 else 2024 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 2025 (uint8_t *)qdf_nbuf_data(wbuf)); 2026 2027 wlan_vdev_obj_lock(vdev); 2028 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 2029 QDF_MAC_ADDR_SIZE); 2030 psoc = wlan_vdev_get_psoc(vdev); 2031 if (!psoc) { 2032 wlan_vdev_obj_unlock(vdev); 2033 crypto_err("psoc NULL"); 2034 return QDF_STATUS_E_INVAL; 2035 } 2036 wlan_vdev_obj_unlock(vdev); 2037 2038 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 2039 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2040 &crypto_priv); 2041 if (!crypto_priv) { 2042 crypto_err("crypto_priv NULL"); 2043 return QDF_STATUS_E_INVAL; 2044 } 2045 2046 key = crypto_priv->key[keyid]; 2047 if (!key) 2048 return QDF_STATUS_E_INVAL; 2049 2050 } else { 2051 struct wlan_objmgr_peer *peer; 2052 uint8_t pdev_id; 2053 2054 pdev_id = wlan_objmgr_pdev_get_pdev_id( 2055 wlan_vdev_get_pdev(vdev)); 2056 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 2057 psoc, pdev_id, bssid_mac, 2058 mac_addr, WLAN_CRYPTO_ID); 2059 if (!peer) { 2060 crypto_err("peer NULL"); 2061 return QDF_STATUS_E_INVAL; 2062 } 2063 2064 crypto_params = wlan_crypto_peer_get_comp_params(peer, 2065 &crypto_priv); 2066 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 2067 2068 if (!crypto_priv) { 2069 crypto_err("crypto_priv NULL"); 2070 return QDF_STATUS_E_INVAL; 2071 } 2072 2073 key = crypto_priv->key[keyid]; 2074 if (!key) 2075 return QDF_STATUS_E_INVAL; 2076 } 2077 /* if tkip, is counter measures enabled, then drop the frame */ 2078 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 2079 status = cipher_table->demic(key, wbuf, tid, hdrlen); 2080 2081 return status; 2082 } 2083 2084 /** 2085 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 2086 * @vdev: vdev 2087 * 2088 * This function gets called to check is pmf enabled or not in vdev. 2089 * 2090 * Return: true or false 2091 */ 2092 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 2093 { 2094 2095 struct wlan_crypto_comp_priv *crypto_priv; 2096 struct wlan_crypto_params *vdev_crypto_params; 2097 2098 if (!vdev) 2099 return false; 2100 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2101 &crypto_priv); 2102 if (!crypto_priv) { 2103 crypto_err("crypto_priv NULL"); 2104 return false; 2105 } 2106 2107 if ((vdev_crypto_params->rsn_caps & 2108 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 2109 || (vdev_crypto_params->rsn_caps & 2110 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2111 return true; 2112 } 2113 2114 return false; 2115 } 2116 2117 /** 2118 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 2119 * @vdev: vdev 2120 * 2121 * This function gets called to check is pmf required or not in vdev. 2122 * 2123 * Return: true or false 2124 */ 2125 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 2126 { 2127 struct wlan_crypto_comp_priv *crypto_priv; 2128 struct wlan_crypto_params *vdev_crypto_params; 2129 2130 if (!vdev) 2131 return false; 2132 2133 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2134 &crypto_priv); 2135 if (!crypto_priv) { 2136 crypto_err("crypto_priv NULL"); 2137 return false; 2138 } 2139 2140 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 2141 return true; 2142 2143 return false; 2144 } 2145 2146 /** 2147 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 2148 * @vdev: vdev 2149 * @peer: peer 2150 * 2151 * This function gets called by mgmt txrx to check is pmf enabled or not. 2152 * 2153 * Return: true or false 2154 */ 2155 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 2156 struct wlan_objmgr_peer *peer) 2157 { 2158 struct wlan_crypto_comp_priv *crypto_priv; 2159 struct wlan_crypto_params *vdev_crypto_params; 2160 struct wlan_crypto_params *peer_crypto_params; 2161 2162 if (!vdev || !peer) 2163 return false; 2164 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2165 &crypto_priv); 2166 if (!crypto_priv) { 2167 crypto_err("crypto_priv NULL"); 2168 return false; 2169 } 2170 2171 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 2172 &crypto_priv); 2173 if (!crypto_priv) { 2174 crypto_err("crypto_priv NULL"); 2175 return false; 2176 } 2177 if (((vdev_crypto_params->rsn_caps & 2178 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 2179 (peer_crypto_params->rsn_caps & 2180 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 2181 || (vdev_crypto_params->rsn_caps & 2182 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2183 return true; 2184 } 2185 2186 return false; 2187 } 2188 2189 /** 2190 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 2191 * @vdev: vdev 2192 * @peer: peer 2193 * @keyidx : key index 2194 * 2195 * This function gets called by mgmt txrx to check if key is valid 2196 * 2197 * Return: true or false 2198 */ 2199 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 2200 struct wlan_objmgr_peer *peer, 2201 uint16_t keyidx) 2202 { 2203 struct wlan_crypto_key *key = NULL; 2204 2205 if (!vdev && !peer) 2206 return false; 2207 2208 if (peer) 2209 key = wlan_crypto_peer_getkey(peer, keyidx); 2210 else if (vdev) 2211 key = wlan_crypto_vdev_getkey(vdev, keyidx); 2212 2213 if ((key) && key->valid) 2214 return true; 2215 2216 return false; 2217 } 2218 2219 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 2220 { 2221 a[0] = b[5]; 2222 a[1] = b[4]; 2223 a[2] = b[3]; 2224 a[3] = b[2]; 2225 a[4] = b[1]; 2226 a[5] = b[0]; 2227 } 2228 2229 /** 2230 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 2231 * @vdev: vdev 2232 * @bfrm: frame starting pointer 2233 * @len: length of the frame 2234 * 2235 * This function gets called by mgmt txrx to add mmie in frame 2236 * 2237 * Return: end of frame or NULL in case failure 2238 */ 2239 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 2240 uint8_t *bfrm, 2241 uint32_t len) 2242 { 2243 struct wlan_crypto_key *key; 2244 struct wlan_crypto_mmie *mmie; 2245 uint8_t *pn, *aad, *buf, *efrm, nonce[12]; 2246 struct wlan_frame_hdr *hdr; 2247 uint32_t i, hdrlen, mic_len, aad_len; 2248 uint8_t mic[16]; 2249 struct wlan_crypto_comp_priv *crypto_priv; 2250 struct wlan_crypto_params *crypto_params; 2251 int32_t ret = -1; 2252 2253 if (!bfrm) { 2254 crypto_err("frame is NULL"); 2255 return NULL; 2256 } 2257 2258 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2259 &crypto_priv); 2260 if (!crypto_priv) { 2261 crypto_err("crypto_priv NULL"); 2262 return NULL; 2263 } 2264 2265 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 2266 crypto_err("igtk key invalid keyid %d", 2267 crypto_priv->def_igtk_tx_keyid); 2268 return NULL; 2269 } 2270 2271 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 2272 if (!key) { 2273 crypto_err("No igtk key present"); 2274 return NULL; 2275 } 2276 mic_len = (crypto_priv->igtk_key_type 2277 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2278 2279 efrm = bfrm + len; 2280 aad_len = 20; 2281 hdrlen = sizeof(struct wlan_frame_hdr); 2282 len += sizeof(struct wlan_crypto_mmie); 2283 2284 mmie = (struct wlan_crypto_mmie *) efrm; 2285 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2286 mmie->element_id = WLAN_ELEMID_MMIE; 2287 mmie->length = sizeof(*mmie) - 2; 2288 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2289 2290 mic_len = (crypto_priv->igtk_key_type 2291 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2292 if (mic_len == 8) { 2293 mmie->length -= 8; 2294 len -= 8; 2295 } 2296 /* PN = PN + 1 */ 2297 pn = (uint8_t *)&key->keytsc; 2298 2299 for (i = 0; i <= 5; i++) { 2300 pn[i]++; 2301 if (pn[i]) 2302 break; 2303 } 2304 2305 /* Copy IPN */ 2306 qdf_mem_copy(mmie->sequence_number, pn, 6); 2307 2308 hdr = (struct wlan_frame_hdr *) bfrm; 2309 2310 buf = qdf_mem_malloc(len - hdrlen + 20); 2311 if (!buf) 2312 return NULL; 2313 2314 qdf_mem_zero(buf, len - hdrlen + 20); 2315 aad = buf; 2316 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2317 2318 /* FC type/subtype */ 2319 aad[0] = hdr->i_fc[0]; 2320 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2321 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2322 | WLAN_FC1_MOREDATA)); 2323 /* A1 || A2 || A3 */ 2324 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2325 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2326 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2327 qdf_mem_zero(mic, 16); 2328 2329 /* 2330 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2331 */ 2332 2333 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2334 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2335 2336 ret = omac1_aes_128(key->keyval, buf, 2337 len + aad_len - hdrlen, mic); 2338 qdf_mem_copy(mmie->mic, mic, 8); 2339 2340 } else if (crypto_priv->igtk_key_type 2341 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2342 2343 ret = omac1_aes_256(key->keyval, buf, 2344 len + aad_len - hdrlen, mmie->mic); 2345 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2346 || (crypto_priv->igtk_key_type 2347 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2348 2349 qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2350 wlan_crypto_gmac_pn_swap(nonce + 6, pn); 2351 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce, 2352 sizeof(nonce), buf, 2353 len + aad_len - hdrlen, mmie->mic); 2354 } 2355 qdf_mem_free(buf); 2356 if (ret < 0) { 2357 crypto_err("add mmie failed"); 2358 return NULL; 2359 } 2360 2361 return bfrm + len; 2362 } 2363 2364 #define MAX_MIC_LEN 16 2365 /** 2366 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 2367 * @vdev: vdev 2368 * @frm: frame starting pointer 2369 * @efrm: end of frame pointer 2370 * 2371 * This function gets called by mgmt txrx to check mmie of the frame 2372 * 2373 * Return: true or false 2374 */ 2375 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2376 uint8_t *frm, 2377 uint8_t *efrm) 2378 { 2379 struct wlan_crypto_mmie *mmie = NULL; 2380 uint8_t *ipn, *aad, *buf, *mic, nonce[12]; 2381 struct wlan_crypto_key *key; 2382 struct wlan_frame_hdr *hdr; 2383 uint16_t mic_len, hdrlen, len; 2384 struct wlan_crypto_comp_priv *crypto_priv; 2385 struct wlan_crypto_params *crypto_params; 2386 uint8_t aad_len = 20; 2387 int32_t ret = -1; 2388 2389 /* check if frame is illegal length */ 2390 if (!frm || !efrm || (efrm < frm) 2391 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2392 crypto_err("Invalid params"); 2393 return false; 2394 } 2395 len = efrm - frm; 2396 crypto_priv = (struct wlan_crypto_comp_priv *) 2397 wlan_get_vdev_crypto_obj(vdev); 2398 if (!crypto_priv) { 2399 crypto_err("crypto_priv NULL"); 2400 return false; 2401 } 2402 2403 crypto_params = &(crypto_priv->crypto_params); 2404 2405 2406 mic_len = (crypto_priv->igtk_key_type 2407 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2408 hdrlen = sizeof(struct wlan_frame_hdr); 2409 2410 if (mic_len == 8) 2411 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2412 else 2413 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2414 2415 2416 /* check Elem ID*/ 2417 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2418 crypto_err("IE is not MMIE"); 2419 return false; 2420 } 2421 2422 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2423 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2424 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2425 crypto_err("keyid not valid"); 2426 return false; 2427 } 2428 2429 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2430 if (!key) { 2431 crypto_err("No igtk key present"); 2432 return false; 2433 } 2434 2435 /* validate ipn */ 2436 ipn = mmie->sequence_number; 2437 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2438 uint8_t *su = (uint8_t *)key->keyrsc; 2439 uint8_t *end = ipn + 6; 2440 struct wlan_objmgr_peer *peer = wlan_vdev_get_selfpeer(vdev); 2441 2442 crypto_err("replay error :"); 2443 while (ipn < end) { 2444 crypto_err("expected pn = %x received pn = %x", 2445 *ipn++, *su++); 2446 } 2447 wlan_cp_stats_vdev_mcast_rx_pnerr(vdev); 2448 wlan_cp_stats_peer_rx_pnerr(peer); 2449 return false; 2450 } 2451 2452 buf = qdf_mem_malloc(len - hdrlen + 20); 2453 if (!buf) 2454 return false; 2455 2456 aad = buf; 2457 2458 /* construct AAD */ 2459 hdr = (struct wlan_frame_hdr *)frm; 2460 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2461 2462 /* FC type/subtype */ 2463 aad[0] = hdr->i_fc[0]; 2464 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2465 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2466 | WLAN_FC1_MOREDATA)); 2467 /* A1 || A2 || A3 */ 2468 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2469 2470 /* 2471 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2472 */ 2473 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2474 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2475 mic = qdf_mem_malloc(MAX_MIC_LEN); 2476 if (!mic) { 2477 qdf_mem_free(buf); 2478 return false; 2479 } 2480 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2481 ret = omac1_aes_128(key->keyval, buf, 2482 len - hdrlen + aad_len, mic); 2483 } else if (crypto_priv->igtk_key_type 2484 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2485 ret = omac1_aes_256(key->keyval, buf, 2486 len + aad_len - hdrlen, mic); 2487 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2488 || (crypto_priv->igtk_key_type 2489 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2490 qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2491 wlan_crypto_gmac_pn_swap(nonce + 6, ipn); 2492 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce, 2493 sizeof(nonce), buf, 2494 len + aad_len - hdrlen, mic); 2495 } 2496 2497 qdf_mem_free(buf); 2498 2499 if (ret < 0) { 2500 qdf_mem_free(mic); 2501 crypto_err("generate mmie failed"); 2502 return false; 2503 } 2504 2505 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2506 qdf_mem_free(mic); 2507 crypto_err("mmie mismatch"); 2508 /* MMIE MIC mismatch */ 2509 return false; 2510 } 2511 2512 qdf_mem_free(mic); 2513 /* Update the receive sequence number */ 2514 qdf_mem_copy(key->keyrsc, ipn, 6); 2515 crypto_debug("mmie matched"); 2516 2517 return true; 2518 } 2519 2520 2521 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2522 { 2523 int32_t status = -1; 2524 2525 switch (cipher) { 2526 case WLAN_CRYPTO_CIPHER_TKIP: 2527 return WPA_CIPHER_SUITE_TKIP; 2528 case WLAN_CRYPTO_CIPHER_AES_CCM: 2529 return WPA_CIPHER_SUITE_CCMP; 2530 case WLAN_CRYPTO_CIPHER_NONE: 2531 return WPA_CIPHER_SUITE_NONE; 2532 } 2533 2534 return status; 2535 } 2536 2537 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2538 { 2539 int32_t status = -1; 2540 2541 switch (cipher) { 2542 case WLAN_CRYPTO_CIPHER_TKIP: 2543 return RSN_CIPHER_SUITE_TKIP; 2544 case WLAN_CRYPTO_CIPHER_AES_CCM: 2545 return RSN_CIPHER_SUITE_CCMP; 2546 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2547 return RSN_CIPHER_SUITE_CCMP_256; 2548 case WLAN_CRYPTO_CIPHER_AES_GCM: 2549 return RSN_CIPHER_SUITE_GCMP; 2550 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2551 return RSN_CIPHER_SUITE_GCMP_256; 2552 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2553 return RSN_CIPHER_SUITE_AES_CMAC; 2554 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2555 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2556 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2557 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2558 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2559 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2560 case WLAN_CRYPTO_CIPHER_NONE: 2561 return RSN_CIPHER_SUITE_NONE; 2562 } 2563 2564 return status; 2565 } 2566 2567 /* 2568 * Convert an RSN key management/authentication algorithm 2569 * to an internal code. 2570 */ 2571 static int32_t 2572 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2573 { 2574 int32_t status = -1; 2575 2576 switch (keymgmt) { 2577 case WLAN_CRYPTO_KEY_MGMT_NONE: 2578 return RSN_AUTH_KEY_MGMT_NONE; 2579 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2580 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2581 case WLAN_CRYPTO_KEY_MGMT_PSK: 2582 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2583 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2584 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2585 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2586 return RSN_AUTH_KEY_MGMT_FT_PSK; 2587 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2588 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2589 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2590 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2591 case WLAN_CRYPTO_KEY_MGMT_SAE: 2592 return RSN_AUTH_KEY_MGMT_SAE; 2593 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2594 return RSN_AUTH_KEY_MGMT_FT_SAE; 2595 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2596 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2597 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2598 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2599 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2600 return RSN_AUTH_KEY_MGMT_CCKM; 2601 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2602 return RSN_AUTH_KEY_MGMT_OSEN; 2603 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2604 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2605 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2606 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2607 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2608 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2609 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2610 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2611 case WLAN_CRYPTO_KEY_MGMT_OWE: 2612 return RSN_AUTH_KEY_MGMT_OWE; 2613 case WLAN_CRYPTO_KEY_MGMT_DPP: 2614 return RSN_AUTH_KEY_MGMT_DPP; 2615 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384: 2616 return RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384; 2617 case WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY: 2618 return RSN_AUTH_KEY_MGMT_SAE_EXT_KEY; 2619 } 2620 2621 return status; 2622 } 2623 2624 /* 2625 * Convert an RSN key management/authentication algorithm 2626 * to an internal code. 2627 */ 2628 static int32_t 2629 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2630 { 2631 int32_t status = -1; 2632 2633 switch (keymgmt) { 2634 case WLAN_CRYPTO_KEY_MGMT_NONE: 2635 return WPA_AUTH_KEY_MGMT_NONE; 2636 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2637 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2638 case WLAN_CRYPTO_KEY_MGMT_PSK: 2639 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2640 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2641 return WPA_AUTH_KEY_MGMT_CCKM; 2642 } 2643 2644 return status; 2645 } 2646 /** 2647 * Convert a WPA cipher selector OUI to an internal 2648 * cipher algorithm. Where appropriate we also 2649 * record any key length. 2650 */ 2651 static int32_t wlan_crypto_wpa_suite_to_cipher(const uint8_t *sel) 2652 { 2653 uint32_t w = LE_READ_4(sel); 2654 int32_t status = -1; 2655 2656 switch (w) { 2657 case WPA_CIPHER_SUITE_TKIP: 2658 return WLAN_CRYPTO_CIPHER_TKIP; 2659 case WPA_CIPHER_SUITE_CCMP: 2660 return WLAN_CRYPTO_CIPHER_AES_CCM; 2661 case WPA_CIPHER_SUITE_NONE: 2662 return WLAN_CRYPTO_CIPHER_NONE; 2663 } 2664 2665 return status; 2666 } 2667 2668 /* 2669 * Convert a WPA key management/authentication algorithm 2670 * to an internal code. 2671 */ 2672 static int32_t wlan_crypto_wpa_suite_to_keymgmt(const uint8_t *sel) 2673 { 2674 uint32_t w = LE_READ_4(sel); 2675 int32_t status = -1; 2676 2677 switch (w) { 2678 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2679 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2680 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2681 return WLAN_CRYPTO_KEY_MGMT_PSK; 2682 case WPA_AUTH_KEY_MGMT_CCKM: 2683 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2684 case WPA_AUTH_KEY_MGMT_NONE: 2685 return WLAN_CRYPTO_KEY_MGMT_NONE; 2686 } 2687 return status; 2688 } 2689 2690 /* 2691 * Convert a RSN cipher selector OUI to an internal 2692 * cipher algorithm. Where appropriate we also 2693 * record any key length. 2694 */ 2695 static int32_t wlan_crypto_rsn_suite_to_cipher(const uint8_t *sel) 2696 { 2697 uint32_t w = LE_READ_4(sel); 2698 int32_t status = -1; 2699 2700 switch (w) { 2701 case RSN_CIPHER_SUITE_TKIP: 2702 return WLAN_CRYPTO_CIPHER_TKIP; 2703 case RSN_CIPHER_SUITE_CCMP: 2704 return WLAN_CRYPTO_CIPHER_AES_CCM; 2705 case RSN_CIPHER_SUITE_CCMP_256: 2706 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2707 case RSN_CIPHER_SUITE_GCMP: 2708 return WLAN_CRYPTO_CIPHER_AES_GCM; 2709 case RSN_CIPHER_SUITE_GCMP_256: 2710 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2711 case RSN_CIPHER_SUITE_AES_CMAC: 2712 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2713 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2714 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2715 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2716 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2717 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2718 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2719 case RSN_CIPHER_SUITE_NONE: 2720 return WLAN_CRYPTO_CIPHER_NONE; 2721 } 2722 2723 return status; 2724 } 2725 /* 2726 * Convert an RSN key management/authentication algorithm 2727 * to an internal code. 2728 */ 2729 static int32_t wlan_crypto_rsn_suite_to_keymgmt(const uint8_t *sel) 2730 { 2731 uint32_t w = LE_READ_4(sel); 2732 int32_t status = -1; 2733 2734 switch (w) { 2735 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2736 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2737 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2738 return WLAN_CRYPTO_KEY_MGMT_PSK; 2739 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2740 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2741 case RSN_AUTH_KEY_MGMT_FT_PSK: 2742 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2743 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2744 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2745 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2746 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2747 case RSN_AUTH_KEY_MGMT_SAE: 2748 return WLAN_CRYPTO_KEY_MGMT_SAE; 2749 case RSN_AUTH_KEY_MGMT_FT_SAE: 2750 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2751 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2752 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2753 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2754 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2755 case RSN_AUTH_KEY_MGMT_CCKM: 2756 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2757 case RSN_AUTH_KEY_MGMT_OSEN: 2758 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2759 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2760 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2761 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2762 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2763 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2764 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2765 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2766 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2767 case RSN_AUTH_KEY_MGMT_OWE: 2768 return WLAN_CRYPTO_KEY_MGMT_OWE; 2769 case RSN_AUTH_KEY_MGMT_DPP: 2770 return WLAN_CRYPTO_KEY_MGMT_DPP; 2771 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2772 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2773 case RSN_AUTH_KEY_MGMT_FT_PSK_SHA384: 2774 return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384; 2775 case RSN_AUTH_KEY_MGMT_PSK_SHA384: 2776 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384; 2777 case RSN_AUTH_KEY_MGMT_SAE_EXT_KEY: 2778 return WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY; 2779 } 2780 2781 return status; 2782 } 2783 2784 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2785 const uint8_t *frm) 2786 { 2787 uint8_t len = frm[1]; 2788 int32_t w; 2789 int n; 2790 2791 /* 2792 * Check the length once for fixed parts: OUI, type, 2793 * version, mcast cipher, and 2 selector counts. 2794 * Other, variable-length data, must be checked separately. 2795 */ 2796 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2797 2798 if (len < 14) 2799 return QDF_STATUS_E_INVAL; 2800 2801 frm += 6, len -= 4; 2802 2803 w = LE_READ_2(frm); 2804 if (w != WPA_VERSION) 2805 return QDF_STATUS_E_INVAL; 2806 2807 frm += 2, len -= 2; 2808 2809 /* multicast/group cipher */ 2810 w = wlan_crypto_wpa_suite_to_cipher(frm); 2811 if (w < 0) 2812 return QDF_STATUS_E_INVAL; 2813 SET_MCAST_CIPHER(crypto_params, w); 2814 frm += 4, len -= 4; 2815 2816 /* unicast ciphers */ 2817 n = LE_READ_2(frm); 2818 frm += 2, len -= 2; 2819 if (len < n*4+2) 2820 return QDF_STATUS_E_INVAL; 2821 2822 for (; n > 0; n--) { 2823 w = wlan_crypto_wpa_suite_to_cipher(frm); 2824 if (w < 0) 2825 return QDF_STATUS_E_INVAL; 2826 SET_UCAST_CIPHER(crypto_params, w); 2827 frm += 4, len -= 4; 2828 } 2829 2830 if (!crypto_params->ucastcipherset) 2831 return QDF_STATUS_E_INVAL; 2832 2833 /* key management algorithms */ 2834 n = LE_READ_2(frm); 2835 frm += 2, len -= 2; 2836 if (len < n*4) 2837 return QDF_STATUS_E_INVAL; 2838 2839 w = 0; 2840 for (; n > 0; n--) { 2841 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2842 if (w < 0) 2843 return QDF_STATUS_E_INVAL; 2844 SET_KEY_MGMT(crypto_params, w); 2845 frm += 4, len -= 4; 2846 } 2847 2848 /* optional capabilities */ 2849 if (len >= 2) { 2850 crypto_params->rsn_caps = LE_READ_2(frm); 2851 frm += 2, len -= 2; 2852 } 2853 2854 return QDF_STATUS_SUCCESS; 2855 } 2856 2857 #ifdef WLAN_ADAPTIVE_11R 2858 /** 2859 * wlan_crypto_akm_list_in_order - store AMK list in order 2860 * @crypto_params: crypto param structure 2861 * @key_mgmt: key management 2862 * @akm_index: place at which AMK present in RSN IE of Beacon/Probe response 2863 * 2864 * Return: none 2865 */ 2866 static void 2867 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params, 2868 int32_t key_mgmt, int akm_index) 2869 { 2870 if (akm_index >= WLAN_CRYPTO_KEY_MGMT_MAX) { 2871 crypto_debug("Invalid AKM Index"); 2872 return; 2873 } 2874 2875 crypto_params->akm_list[akm_index].key_mgmt = key_mgmt; 2876 } 2877 #else 2878 static inline void 2879 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params, 2880 int32_t key_mgmt, int akm_index) 2881 { 2882 } 2883 #endif 2884 2885 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2886 const uint8_t *frm) 2887 { 2888 uint8_t len = frm[1]; 2889 int32_t w; 2890 int n, akm_index; 2891 2892 /* Check the length once for fixed parts: OUI, type & version */ 2893 if (len < 2) 2894 return QDF_STATUS_E_INVAL; 2895 2896 /* initialize crypto params */ 2897 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2898 2899 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2900 2901 frm += 2; 2902 /* NB: iswapoui already validated the OUI and type */ 2903 w = LE_READ_2(frm); 2904 if (w != RSN_VERSION) 2905 return QDF_STATUS_E_INVAL; 2906 2907 frm += 2, len -= 2; 2908 2909 if (!len) { 2910 /* set defaults */ 2911 /* default group cipher CCMP-128 */ 2912 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2913 /* default ucast cipher CCMP-128 */ 2914 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2915 /* default key mgmt 8021x */ 2916 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2917 return QDF_STATUS_SUCCESS; 2918 } else if (len < 4) { 2919 return QDF_STATUS_E_INVAL; 2920 } 2921 2922 /* multicast/group cipher */ 2923 w = wlan_crypto_rsn_suite_to_cipher(frm); 2924 if (w < 0) 2925 return QDF_STATUS_E_INVAL; 2926 else { 2927 SET_MCAST_CIPHER(crypto_params, w); 2928 frm += 4, len -= 4; 2929 } 2930 2931 if (crypto_params->mcastcipherset == 0) 2932 return QDF_STATUS_E_INVAL; 2933 2934 if (!len) { 2935 /* default ucast cipher CCMP-128 */ 2936 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2937 /* default key mgmt 8021x */ 2938 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2939 return QDF_STATUS_SUCCESS; 2940 } else if (len < 2) { 2941 return QDF_STATUS_E_INVAL; 2942 } 2943 2944 /* unicast ciphers */ 2945 n = LE_READ_2(frm); 2946 frm += 2, len -= 2; 2947 if (n) { 2948 if (len < n * 4) 2949 return QDF_STATUS_E_INVAL; 2950 2951 for (; n > 0; n--) { 2952 w = wlan_crypto_rsn_suite_to_cipher(frm); 2953 if (w >= 0) 2954 SET_UCAST_CIPHER(crypto_params, w); 2955 frm += 4, len -= 4; 2956 } 2957 } else { 2958 /* default ucast cipher CCMP-128 */ 2959 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2960 } 2961 2962 if (crypto_params->ucastcipherset == 0) 2963 return QDF_STATUS_E_INVAL; 2964 2965 if (!len) { 2966 /* default key mgmt 8021x */ 2967 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2968 return QDF_STATUS_SUCCESS; 2969 } else if (len < 2) { 2970 return QDF_STATUS_E_INVAL; 2971 } 2972 2973 /* key management algorithms */ 2974 n = LE_READ_2(frm); 2975 frm += 2, len -= 2; 2976 2977 if (n) { 2978 if (len < n * 4) 2979 return QDF_STATUS_E_INVAL; 2980 akm_index = 0; 2981 for (; n > 0; n--) { 2982 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2983 if (w >= 0) { 2984 SET_KEY_MGMT(crypto_params, w); 2985 wlan_crypto_store_akm_list_in_order( 2986 crypto_params, w, akm_index); 2987 akm_index++; 2988 } 2989 2990 frm += 4, len -= 4; 2991 } 2992 } else { 2993 /* default key mgmt 8021x */ 2994 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2995 } 2996 2997 if (crypto_params->key_mgmt == 0) 2998 return QDF_STATUS_E_INVAL; 2999 3000 /* optional capabilities */ 3001 if (len >= 2) { 3002 crypto_params->rsn_caps = LE_READ_2(frm); 3003 frm += 2, len -= 2; 3004 } else if (len && len < 2) { 3005 return QDF_STATUS_E_INVAL; 3006 } 3007 3008 3009 /* PMKID */ 3010 if (len >= 2) { 3011 n = LE_READ_2(frm); 3012 frm += 2, len -= 2; 3013 if (n && len) { 3014 if (len >= n * PMKID_LEN) 3015 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 3016 else 3017 return QDF_STATUS_E_INVAL; 3018 } else if (n && !len) { 3019 return QDF_STATUS_E_INVAL; 3020 } 3021 /*TODO: Save pmkid in params for further reference */ 3022 } else if (len == 1) { 3023 crypto_err("PMKID is truncated"); 3024 return QDF_STATUS_E_INVAL; 3025 } 3026 3027 /* BIP */ 3028 if (!len) { 3029 /* when no BIP mentioned and MFP capable use CMAC as default*/ 3030 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 3031 SET_MGMT_CIPHER(crypto_params, 3032 WLAN_CRYPTO_CIPHER_AES_CMAC); 3033 return QDF_STATUS_SUCCESS; 3034 } else if (len < 4) { 3035 crypto_err("Mgmt cipher is truncated"); 3036 return QDF_STATUS_E_INVAL; 3037 } 3038 w = wlan_crypto_rsn_suite_to_cipher(frm); 3039 frm += 4, len -= 4; 3040 SET_MGMT_CIPHER(crypto_params, w); 3041 3042 return QDF_STATUS_SUCCESS; 3043 } 3044 3045 /** 3046 * wlan_crypto_build_wpaie - called by mlme to build wpaie 3047 * @vdev: vdev 3048 * @iebuf: ie buffer 3049 * 3050 * This function gets called by mlme to build wpaie from given vdev 3051 * 3052 * Return: end of buffer 3053 */ 3054 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 3055 uint8_t *iebuf) 3056 { 3057 uint8_t *frm = iebuf; 3058 uint8_t *selcnt; 3059 struct wlan_crypto_comp_priv *crypto_priv; 3060 struct wlan_crypto_params *crypto_params; 3061 3062 if (!frm) 3063 return NULL; 3064 3065 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3066 3067 if (!crypto_params) 3068 return NULL; 3069 3070 *frm++ = WLAN_ELEMID_VENDOR; 3071 *frm++ = 0; 3072 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 3073 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 3074 3075 3076 /* multicast cipher */ 3077 if (MCIPHER_IS_TKIP(crypto_params)) 3078 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3079 else if (MCIPHER_IS_CCMP128(crypto_params)) 3080 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3081 3082 /* unicast cipher list */ 3083 selcnt = frm; 3084 WLAN_CRYPTO_ADDSHORT(frm, 0); 3085 /* do not use CCMP unicast cipher in WPA mode */ 3086 if (UCIPHER_IS_CCMP128(crypto_params)) { 3087 selcnt[0]++; 3088 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3089 } 3090 if (UCIPHER_IS_TKIP(crypto_params)) { 3091 selcnt[0]++; 3092 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3093 } 3094 3095 /* authenticator selector list */ 3096 selcnt = frm; 3097 WLAN_CRYPTO_ADDSHORT(frm, 0); 3098 3099 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 3100 selcnt[0]++; 3101 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 3102 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 3103 selcnt[0]++; 3104 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 3105 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 3106 selcnt[0]++; 3107 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 3108 } else { 3109 selcnt[0]++; 3110 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 3111 } 3112 3113 /* optional capabilities */ 3114 if (crypto_params->rsn_caps != 0 && 3115 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 3116 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3117 } 3118 3119 /* calculate element length */ 3120 iebuf[1] = frm - iebuf - 2; 3121 3122 return frm; 3123 } 3124 3125 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 3126 uint8_t *iebuf, 3127 struct wlan_crypto_pmksa *pmksa) 3128 { 3129 uint8_t *frm = iebuf; 3130 uint8_t *selcnt; 3131 struct wlan_crypto_comp_priv *crypto_priv; 3132 struct wlan_crypto_params *crypto_params; 3133 3134 if (!frm) { 3135 return NULL; 3136 } 3137 3138 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3139 3140 if (!crypto_params) { 3141 return NULL; 3142 } 3143 3144 *frm++ = WLAN_ELEMID_RSN; 3145 *frm++ = 0; 3146 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 3147 3148 3149 /* multicast cipher */ 3150 if (MCIPHER_IS_TKIP(crypto_params)) 3151 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3152 else if (MCIPHER_IS_CCMP128(crypto_params)) 3153 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3154 else if (MCIPHER_IS_CCMP256(crypto_params)) 3155 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 3156 else if (MCIPHER_IS_GCMP128(crypto_params)) 3157 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 3158 else if (MCIPHER_IS_GCMP256(crypto_params)) 3159 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 3160 3161 /* unicast cipher list */ 3162 selcnt = frm; 3163 WLAN_CRYPTO_ADDSHORT(frm, 0); 3164 3165 if (UCIPHER_IS_CCMP256(crypto_params)) { 3166 selcnt[0]++; 3167 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 3168 } 3169 if (UCIPHER_IS_GCMP256(crypto_params)) { 3170 selcnt[0]++; 3171 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 3172 } 3173 if (UCIPHER_IS_CCMP128(crypto_params)) { 3174 selcnt[0]++; 3175 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3176 } 3177 if (UCIPHER_IS_GCMP128(crypto_params)) { 3178 selcnt[0]++; 3179 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 3180 } 3181 if (UCIPHER_IS_TKIP(crypto_params)) { 3182 selcnt[0]++; 3183 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3184 } 3185 3186 /* authenticator selector list */ 3187 selcnt = frm; 3188 WLAN_CRYPTO_ADDSHORT(frm, 0); 3189 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 3190 selcnt[0]++; 3191 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 3192 /* Other key mgmt should not be added after CCKM */ 3193 goto add_rsn_caps; 3194 } 3195 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 3196 selcnt[0]++; 3197 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 3198 } 3199 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 3200 selcnt[0]++; 3201 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 3202 } 3203 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 3204 selcnt[0]++; 3205 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3206 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 3207 } 3208 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 3209 selcnt[0]++; 3210 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 3211 } 3212 if (HAS_KEY_MGMT(crypto_params, 3213 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 3214 selcnt[0]++; 3215 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3216 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 3217 } 3218 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 3219 selcnt[0]++; 3220 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 3221 } 3222 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 3223 selcnt[0]++; 3224 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 3225 } 3226 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 3227 selcnt[0]++; 3228 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 3229 } 3230 if (HAS_KEY_MGMT(crypto_params, 3231 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 3232 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 3233 3234 selcnt[0]++; 3235 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3236 } 3237 if (HAS_KEY_MGMT(crypto_params, 3238 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 3239 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 3240 3241 selcnt[0]++; 3242 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3243 } 3244 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 3245 selcnt[0]++; 3246 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 3247 } 3248 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 3249 selcnt[0]++; 3250 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 3251 } 3252 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 3253 selcnt[0]++; 3254 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3255 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 3256 } 3257 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 3258 selcnt[0]++; 3259 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3260 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 3261 } 3262 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 3263 selcnt[0]++; 3264 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 3265 } 3266 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 3267 selcnt[0]++; 3268 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 3269 } 3270 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 3271 selcnt[0]++; 3272 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 3273 } 3274 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY)) { 3275 selcnt[0]++; 3276 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY); 3277 } 3278 if (HAS_KEY_MGMT(crypto_params, 3279 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) { 3280 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 3281 3282 selcnt[0]++; 3283 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3284 } 3285 add_rsn_caps: 3286 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3287 /* optional capabilities */ 3288 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 3289 /* PMK list */ 3290 if (pmksa) { 3291 WLAN_CRYPTO_ADDSHORT(frm, 1); 3292 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3293 frm += PMKID_LEN; 3294 } else { 3295 WLAN_CRYPTO_ADDSHORT(frm, 0); 3296 } 3297 3298 if (HAS_MGMT_CIPHER(crypto_params, 3299 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 3300 RSN_ADD_CIPHER_TO_SUITE(frm, 3301 WLAN_CRYPTO_CIPHER_AES_CMAC); 3302 } 3303 if (HAS_MGMT_CIPHER(crypto_params, 3304 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 3305 RSN_ADD_CIPHER_TO_SUITE(frm, 3306 WLAN_CRYPTO_CIPHER_AES_GMAC); 3307 } 3308 if (HAS_MGMT_CIPHER(crypto_params, 3309 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 3310 RSN_ADD_CIPHER_TO_SUITE(frm, 3311 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3312 ); 3313 } 3314 3315 if (HAS_MGMT_CIPHER(crypto_params, 3316 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3317 RSN_ADD_CIPHER_TO_SUITE(frm, 3318 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3319 ); 3320 } 3321 } else { 3322 /* PMK list */ 3323 if (pmksa) { 3324 WLAN_CRYPTO_ADDSHORT(frm, 1); 3325 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3326 frm += PMKID_LEN; 3327 } 3328 } 3329 3330 /* calculate element length */ 3331 iebuf[1] = frm - iebuf - 2; 3332 3333 return frm; 3334 } 3335 3336 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3337 uint8_t *iebuf, 3338 struct qdf_mac_addr *bssid) 3339 { 3340 struct wlan_crypto_pmksa *pmksa = NULL; 3341 3342 if (bssid) 3343 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3344 3345 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3346 } 3347 3348 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3349 struct wlan_crypto_params *crypto_params) 3350 { 3351 struct wlan_crypto_params *my_crypto_params; 3352 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3353 3354 if (!my_crypto_params) { 3355 crypto_debug("vdev crypto params is NULL"); 3356 return false; 3357 } 3358 /* 3359 * Check peer's pairwise ciphers. 3360 * At least one must match with our unicast cipher 3361 */ 3362 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3363 crypto_debug("Unicast cipher match failed"); 3364 return false; 3365 } 3366 /* 3367 * Check peer's group cipher is our enabled multicast cipher. 3368 */ 3369 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3370 crypto_debug("Multicast cipher match failed"); 3371 return false; 3372 } 3373 /* 3374 * Check peer's key management class set (PSK or UNSPEC) 3375 */ 3376 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3377 crypto_debug("Key mgmt match failed"); 3378 return false; 3379 } 3380 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3381 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3382 crypto_debug("Peer is not PMF capable"); 3383 return false; 3384 } 3385 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3386 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3387 crypto_debug("Peer needs PMF, but vdev is not capable"); 3388 return false; 3389 } 3390 3391 return true; 3392 } 3393 3394 /* 3395 * Convert an WAPI CIPHER suite to to an internal code. 3396 */ 3397 static int32_t wlan_crypto_wapi_suite_to_cipher(const uint8_t *sel) 3398 { 3399 uint32_t w = LE_READ_4(sel); 3400 int32_t status = -1; 3401 3402 switch (w) { 3403 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3404 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3405 } 3406 3407 return status; 3408 } 3409 3410 /* 3411 * Convert an WAPI key management/authentication algorithm 3412 * to an internal code. 3413 */ 3414 static int32_t wlan_crypto_wapi_keymgmt(const u_int8_t *sel) 3415 { 3416 uint32_t w = LE_READ_4(sel); 3417 int32_t status = -1; 3418 3419 switch (w) { 3420 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3421 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3422 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3423 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3424 } 3425 3426 return status; 3427 } 3428 3429 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3430 const uint8_t *frm) 3431 { 3432 uint8_t len = frm[1]; 3433 int32_t w; 3434 int n; 3435 3436 /* 3437 * Check the length once for fixed parts: OUI, type, 3438 * version, mcast cipher, and 2 selector counts. 3439 * Other, variable-length data, must be checked separately. 3440 */ 3441 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3442 3443 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3444 return QDF_STATUS_E_INVAL; 3445 3446 3447 frm += 2; 3448 3449 w = LE_READ_2(frm); 3450 frm += 2, len -= 2; 3451 if (w != WAPI_VERSION) 3452 return QDF_STATUS_E_INVAL; 3453 3454 n = LE_READ_2(frm); 3455 frm += 2, len -= 2; 3456 if (len < n*4+2) 3457 return QDF_STATUS_E_INVAL; 3458 3459 for (; n > 0; n--) { 3460 w = wlan_crypto_wapi_keymgmt(frm); 3461 if (w < 0) 3462 return QDF_STATUS_E_INVAL; 3463 3464 SET_KEY_MGMT(crypto_params, w); 3465 frm += 4, len -= 4; 3466 } 3467 3468 /* unicast ciphers */ 3469 n = LE_READ_2(frm); 3470 frm += 2, len -= 2; 3471 if (len < n*4+2) 3472 return QDF_STATUS_E_INVAL; 3473 3474 for (; n > 0; n--) { 3475 w = wlan_crypto_wapi_suite_to_cipher(frm); 3476 if (w < 0) 3477 return QDF_STATUS_E_INVAL; 3478 SET_UCAST_CIPHER(crypto_params, w); 3479 frm += 4, len -= 4; 3480 } 3481 3482 if (!crypto_params->ucastcipherset) 3483 return QDF_STATUS_E_INVAL; 3484 3485 /* multicast/group cipher */ 3486 w = wlan_crypto_wapi_suite_to_cipher(frm); 3487 3488 if (w < 0) 3489 return QDF_STATUS_E_INVAL; 3490 3491 SET_MCAST_CIPHER(crypto_params, w); 3492 frm += 4, len -= 4; 3493 3494 return QDF_STATUS_SUCCESS; 3495 } 3496 3497 /** 3498 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3499 * @vdev: vdev 3500 * @iebuf: ie buffer 3501 * 3502 * This function gets called by mlme to build wapi ie from given vdev 3503 * 3504 * Return: end of buffer 3505 */ 3506 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3507 uint8_t *iebuf) 3508 { 3509 uint8_t *frm; 3510 uint8_t *selcnt; 3511 struct wlan_crypto_comp_priv *crypto_priv; 3512 struct wlan_crypto_params *crypto_params; 3513 3514 frm = iebuf; 3515 if (!frm) { 3516 crypto_err("ie buffer NULL"); 3517 return NULL; 3518 } 3519 3520 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3521 3522 if (!crypto_params) { 3523 crypto_err("crypto_params NULL"); 3524 return NULL; 3525 } 3526 3527 *frm++ = WLAN_ELEMID_WAPI; 3528 *frm++ = 0; 3529 3530 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3531 3532 /* authenticator selector list */ 3533 selcnt = frm; 3534 WLAN_CRYPTO_ADDSHORT(frm, 0); 3535 3536 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3537 selcnt[0]++; 3538 WLAN_CRYPTO_ADDSELECTOR(frm, 3539 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3540 } 3541 3542 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3543 selcnt[0]++; 3544 WLAN_CRYPTO_ADDSELECTOR(frm, 3545 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3546 } 3547 3548 /* unicast cipher list */ 3549 selcnt = frm; 3550 WLAN_CRYPTO_ADDSHORT(frm, 0); 3551 3552 if (UCIPHER_IS_SMS4(crypto_params)) { 3553 selcnt[0]++; 3554 WLAN_CRYPTO_ADDSELECTOR(frm, 3555 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3556 } 3557 3558 WLAN_CRYPTO_ADDSELECTOR(frm, 3559 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3560 3561 /* optional capabilities */ 3562 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3563 3564 /* bkid count */ 3565 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3566 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3567 WLAN_CRYPTO_ADDSHORT(frm, 0); 3568 3569 /* calculate element length */ 3570 iebuf[1] = frm - iebuf - 2; 3571 3572 return frm; 3573 3574 } 3575 3576 /** 3577 * wlan_crypto_pn_check - called by data patch for PN check 3578 * @vdev: vdev 3579 * @wbuf: wbuf 3580 * 3581 * This function gets called by data patch for PN check 3582 * 3583 * Return: QDF_STATUS 3584 */ 3585 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3586 qdf_nbuf_t wbuf) 3587 { 3588 /* Need to check is there real requirement for this function 3589 * as PN check is already handled in decap function. 3590 */ 3591 return QDF_STATUS_SUCCESS; 3592 } 3593 3594 /** 3595 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3596 * @vdev:vdev 3597 * 3598 * This function gets called by mlme to get crypto params 3599 * 3600 * Return: wlan_crypto_params or NULL in case of failure 3601 */ 3602 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3603 struct wlan_objmgr_vdev *vdev) 3604 { 3605 struct wlan_crypto_comp_priv *crypto_priv; 3606 3607 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3608 } 3609 3610 /** 3611 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3612 * @peer:peer 3613 * 3614 * This function gets called by mlme to get crypto params 3615 * 3616 * Return: wlan_crypto_params or NULL in case of failure 3617 */ 3618 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3619 struct wlan_objmgr_peer *peer) 3620 { 3621 struct wlan_crypto_comp_priv *crypto_priv; 3622 3623 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3624 } 3625 3626 3627 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3628 struct wlan_objmgr_peer *peer) 3629 { 3630 struct wlan_crypto_comp_priv *crypto_priv; 3631 struct wlan_crypto_comp_priv *sta_crypto_priv; 3632 struct wlan_crypto_params *crypto_params; 3633 struct wlan_crypto_key *key; 3634 struct wlan_crypto_key *sta_key; 3635 struct wlan_crypto_cipher *cipher_table; 3636 struct wlan_objmgr_psoc *psoc; 3637 struct wlan_lmac_if_tx_ops *tx_ops; 3638 uint8_t *mac_addr; 3639 int i; 3640 enum QDF_OPMODE opmode; 3641 QDF_STATUS status = QDF_STATUS_SUCCESS; 3642 3643 if (!vdev) 3644 return QDF_STATUS_E_NULL_VALUE; 3645 3646 if (!peer) { 3647 crypto_debug("peer NULL"); 3648 return QDF_STATUS_E_INVAL; 3649 } 3650 3651 opmode = wlan_vdev_mlme_get_opmode(vdev); 3652 psoc = wlan_vdev_get_psoc(vdev); 3653 3654 if (!psoc) { 3655 crypto_err("psoc NULL"); 3656 return QDF_STATUS_E_NULL_VALUE; 3657 } 3658 3659 wlan_peer_obj_lock(peer); 3660 mac_addr = wlan_peer_get_macaddr(peer); 3661 wlan_peer_obj_unlock(peer); 3662 3663 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3664 &crypto_priv); 3665 if (!crypto_priv) { 3666 crypto_err("crypto_priv NULL"); 3667 return QDF_STATUS_E_NULL_VALUE; 3668 } 3669 3670 /* push only valid static WEP keys from vap */ 3671 if (AUTH_IS_8021X(crypto_params)) 3672 return QDF_STATUS_E_INVAL; 3673 3674 if (opmode == QDF_STA_MODE) { 3675 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3676 if (!peer) { 3677 crypto_debug("peer NULL"); 3678 return QDF_STATUS_E_INVAL; 3679 } 3680 } 3681 3682 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3683 if (!sta_crypto_priv) { 3684 crypto_err("sta priv is null"); 3685 status = QDF_STATUS_E_INVAL; 3686 goto exit; 3687 } 3688 3689 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3690 if (crypto_priv->key[i]) { 3691 key = crypto_priv->key[i]; 3692 if (!key || !key->valid) 3693 continue; 3694 3695 cipher_table = (struct wlan_crypto_cipher *) 3696 key->cipher_table; 3697 3698 if (!cipher_table) 3699 continue; 3700 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3701 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3702 if (!tx_ops) { 3703 crypto_err("tx_ops is NULL"); 3704 return QDF_STATUS_E_INVAL; 3705 } 3706 3707 sta_key = qdf_mem_malloc( 3708 sizeof(struct wlan_crypto_key)); 3709 if (!sta_key) { 3710 status = QDF_STATUS_E_NOMEM; 3711 goto exit; 3712 } 3713 3714 sta_crypto_priv->key[i] = sta_key; 3715 qdf_mem_copy(sta_key, key, 3716 sizeof(struct wlan_crypto_key)); 3717 3718 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3719 3720 if (crypto_priv->def_tx_keyid == i) { 3721 sta_key->flags 3722 |= WLAN_CRYPTO_KEY_DEFAULT; 3723 sta_crypto_priv->def_tx_keyid = 3724 crypto_priv->def_tx_keyid; 3725 } 3726 /* setting the broadcast/multicast key for sta*/ 3727 if (opmode == QDF_STA_MODE || 3728 opmode == QDF_IBSS_MODE){ 3729 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3730 WLAN_CRYPTO_TX_OPS_SETKEY( 3731 tx_ops)(vdev, sta_key, 3732 mac_addr, 3733 cipher_table->cipher); 3734 } 3735 } 3736 3737 /* setting unicast key */ 3738 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3739 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3740 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3741 vdev, sta_key, 3742 mac_addr, 3743 cipher_table->cipher); 3744 } 3745 } 3746 } 3747 } 3748 3749 exit: 3750 if (opmode == QDF_STA_MODE) 3751 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3752 3753 return status; 3754 } 3755 3756 /** 3757 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3758 * @crypto_rx_ops: crypto_rx_ops 3759 * 3760 * This function gets called by object manager to register crypto rx ops. 3761 * 3762 * Return: QDF_STATUS 3763 */ 3764 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3765 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops) 3766 { 3767 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3768 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3769 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3770 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3771 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3772 3773 return QDF_STATUS_SUCCESS; 3774 } 3775 3776 /** 3777 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3778 * @psoc: psoc 3779 * 3780 * This function gets called by umac to get the crypto_rx_ops 3781 * 3782 * Return: crypto_rx_ops 3783 */ 3784 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3785 struct wlan_objmgr_psoc *psoc) 3786 { 3787 struct wlan_lmac_if_rx_ops *rx_ops; 3788 3789 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3790 3791 if (!rx_ops) { 3792 crypto_err("rx_ops is NULL"); 3793 return NULL; 3794 } 3795 3796 return &rx_ops->crypto_rx_ops; 3797 } 3798 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3799 3800 /** 3801 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3802 * @vdev: vdev 3803 * @authvalue: authvalue to be checked 3804 * 3805 * This function check is authvalue passed is set in vdev or not 3806 * 3807 * Return: true or false 3808 */ 3809 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3810 wlan_crypto_auth_mode authvalue) 3811 { 3812 int res; 3813 3814 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE); 3815 3816 if (res != -1) 3817 return (res & authvalue) ? true : false; 3818 return false; 3819 } 3820 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3821 3822 /** 3823 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3824 * @peer: peer 3825 * @authvalue: authvalue to be checked 3826 * 3827 * This function check is authvalue passed is set in peer or not 3828 * 3829 * Return: true or false 3830 */ 3831 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3832 wlan_crypto_auth_mode authvalue) 3833 { 3834 int res; 3835 3836 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE); 3837 3838 if (res != -1) 3839 return (res & authvalue) ? true : false; 3840 3841 return false; 3842 } 3843 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3844 3845 /** 3846 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3847 * @vdev: vdev 3848 * @ucastcipher: ucastcipher to be checked 3849 * 3850 * This function check is ucastcipher passed is set in vdev or not 3851 * 3852 * Return: true or false 3853 */ 3854 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3855 wlan_crypto_cipher_type ucastcipher) 3856 { 3857 int res; 3858 3859 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3860 3861 if (res != -1) 3862 return (res & ucastcipher) ? true : false; 3863 3864 return false; 3865 } 3866 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3867 3868 /** 3869 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3870 * @peer: peer 3871 * @ucastcipher: ucastcipher to be checked 3872 * 3873 * This function check is ucastcipher passed is set in peer or not 3874 * 3875 * Return: true or false 3876 */ 3877 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3878 wlan_crypto_cipher_type ucastcipher) 3879 { 3880 int res; 3881 3882 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3883 3884 if (res != -1) 3885 return (res & ucastcipher) ? true : false; 3886 3887 return false; 3888 } 3889 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3890 3891 /** 3892 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3893 * @vdev: vdev 3894 * @mcastcipher: mcastcipher to be checked 3895 * 3896 * This function check is mcastcipher passed is set in vdev or not 3897 * 3898 * Return: true or false 3899 */ 3900 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3901 wlan_crypto_cipher_type mcastcipher) 3902 { 3903 int res; 3904 3905 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3906 3907 if (res != -1) 3908 return (res & mcastcipher) ? true : false; 3909 3910 return false; 3911 } 3912 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3913 3914 /** 3915 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3916 * @peer: peer 3917 * @mcastcipher: mcastcipher to be checked 3918 * 3919 * This function check is mcastcipher passed is set in peer or not 3920 * 3921 * Return: true or false 3922 */ 3923 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3924 wlan_crypto_cipher_type mcastcipher) 3925 { 3926 int res; 3927 3928 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3929 3930 if (res != -1) 3931 return (res & mcastcipher) ? true : false; 3932 3933 return false; 3934 } 3935 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3936 3937 /** 3938 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3939 * @vdev: vdev 3940 * @mgmtcipher: mgmtcipher to be checked 3941 * 3942 * This function checks any one of mgmtciphers are supported by vdev or not. 3943 * 3944 * Return: true or false 3945 */ 3946 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3947 uint32_t mgmtcipher) 3948 { 3949 int res; 3950 3951 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3952 3953 if (res != -1) 3954 return (res & mgmtcipher) ? true : false; 3955 3956 return false; 3957 } 3958 3959 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3960 3961 /** 3962 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3963 * @peer: peer 3964 * @mgmtcipher: mgmtcipher to be checked 3965 * 3966 * This function checks any one of mgmtciphers are supported by peer or not 3967 * 3968 * Return: true or false 3969 */ 3970 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3971 uint32_t mgmtcipher) 3972 { 3973 int res; 3974 3975 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3976 3977 if (res != -1) 3978 return (res & mgmtcipher) ? true : false; 3979 3980 return false; 3981 } 3982 3983 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3984 3985 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3986 { 3987 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3988 3989 if (!peer) { 3990 crypto_err("Invalid Input"); 3991 return 0; 3992 } 3993 3994 crypto_priv = wlan_get_peer_crypto_obj(peer); 3995 if (!crypto_priv) { 3996 crypto_err("crypto_priv NULL"); 3997 return 0; 3998 } 3999 4000 return crypto_priv->fils_aead_set; 4001 } 4002 4003 void 4004 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 4005 { 4006 struct wlan_crypto_comp_priv *crypto_priv = NULL; 4007 4008 if (!peer) { 4009 crypto_err("Invalid Input"); 4010 return; 4011 } 4012 4013 crypto_priv = wlan_get_peer_crypto_obj(peer); 4014 if (!crypto_priv) { 4015 crypto_err("crypto_priv NULL"); 4016 return; 4017 } 4018 4019 crypto_priv->fils_aead_set = value; 4020 } 4021 4022 /** 4023 * wlan_crypto_get_key_header - get header length 4024 * @key: key 4025 * 4026 * This function gets header length based on keytype 4027 * 4028 * Return: header length 4029 */ 4030 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 4031 { 4032 struct wlan_crypto_cipher *cipher_table; 4033 4034 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 4035 if (cipher_table) 4036 return cipher_table->header; 4037 else 4038 return 0; 4039 } 4040 4041 qdf_export_symbol(wlan_crypto_get_key_header); 4042 4043 /** 4044 * wlan_crypto_get_key_trailer - get cipher trailer length 4045 * @key: key 4046 * 4047 * This function gets cipher trailer length based on keytype 4048 * 4049 * Return: cipher trailer length 4050 */ 4051 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 4052 { 4053 struct wlan_crypto_cipher *cipher_table; 4054 4055 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 4056 if (cipher_table) 4057 return cipher_table->trailer; 4058 else 4059 return 0; 4060 } 4061 4062 qdf_export_symbol(wlan_crypto_get_key_trailer); 4063 4064 /** 4065 * wlan_crypto_get_key_miclen - get cipher miclen length 4066 * @key: key 4067 * 4068 * This function gets cipher miclen length based on keytype 4069 * 4070 * Return: cipher miclen length 4071 */ 4072 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 4073 { 4074 struct wlan_crypto_cipher *cipher_table; 4075 4076 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 4077 if (cipher_table) 4078 return cipher_table->miclen; 4079 else 4080 return 0; 4081 } 4082 4083 qdf_export_symbol(wlan_crypto_get_key_miclen); 4084 4085 /** 4086 * wlan_crypto_get_keyid - get keyid from frame 4087 * @data: frame 4088 * 4089 * This function parse frame and returns keyid 4090 * 4091 * Return: keyid 4092 */ 4093 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 4094 { 4095 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 4096 uint8_t *iv; 4097 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 4098 uint8_t type = WLAN_FC0_GET_TYPE(hdr->i_fc[0]); 4099 4100 /* 4101 * In FILS SK (Re)Association request/response frame has 4102 * to be decrypted 4103 */ 4104 if ((type == WLAN_FC0_TYPE_MGMT) && 4105 ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 4106 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 4107 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 4108 (stype == WLAN_FC0_STYPE_REASSOC_RESP))) { 4109 return 0; 4110 } 4111 4112 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 4113 iv = data + hdrlen; 4114 /* 4115 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 4116 * Bits 6–7 of the Key ID octet are for the Key ID subfield 4117 */ 4118 return ((iv[3] >> 6) & 0x3); 4119 } else { 4120 return WLAN_CRYPTO_KEYIX_NONE; 4121 } 4122 } 4123 4124 qdf_export_symbol(wlan_crypto_get_keyid); 4125 4126 /** 4127 * crypto_plumb_peer_keys - called during radio reset 4128 * @vdev: vdev 4129 * @object: peer 4130 * @arg: psoc 4131 * 4132 * Restore unicast and persta hardware keys 4133 * 4134 * Return: void 4135 */ 4136 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 4137 void *object, void *arg) 4138 { 4139 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 4140 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 4141 struct wlan_crypto_comp_priv *crypto_priv; 4142 struct wlan_crypto_params *crypto_params; 4143 struct wlan_crypto_key *key = NULL; 4144 struct wlan_lmac_if_tx_ops *tx_ops; 4145 int i; 4146 4147 if ((!peer) || (!vdev) || (!psoc)) { 4148 crypto_err("Peer or vdev or psoc objects are null!"); 4149 return; 4150 } 4151 4152 crypto_params = wlan_crypto_peer_get_comp_params(peer, 4153 &crypto_priv); 4154 4155 if (!crypto_priv) { 4156 crypto_err("crypto_priv NULL"); 4157 return; 4158 } 4159 4160 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 4161 key = crypto_priv->key[i]; 4162 if (key && key->valid) { 4163 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4164 4165 if (!tx_ops) { 4166 crypto_err("tx_ops is NULL"); 4167 return; 4168 } 4169 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 4170 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 4171 ( 4172 vdev, 4173 key, 4174 wlan_peer_get_macaddr(peer), 4175 wlan_crypto_get_key_type(key) 4176 ); 4177 } 4178 } 4179 } 4180 } 4181 4182 /** 4183 * wlan_crypto_restore_keys - called during radio reset 4184 * @vdev: vdev 4185 * 4186 * Clear and restore keycache, needed for some DA chipsets which put 4187 * random values in keycache when phy reset is triggered 4188 * 4189 * Return: void 4190 */ 4191 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 4192 { 4193 int i; 4194 struct wlan_crypto_comp_priv *crypto_priv; 4195 struct wlan_crypto_params *crypto_params; 4196 struct wlan_crypto_key *key; 4197 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 4198 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 4199 struct wlan_objmgr_pdev *pdev = NULL; 4200 struct wlan_objmgr_psoc *psoc = NULL; 4201 struct wlan_lmac_if_tx_ops *tx_ops; 4202 4203 pdev = wlan_vdev_get_pdev(vdev); 4204 psoc = wlan_vdev_get_psoc(vdev); 4205 if (!pdev) { 4206 crypto_err("pdev is NULL"); 4207 return; 4208 } 4209 if (!psoc) { 4210 crypto_err("psoc is NULL"); 4211 return; 4212 } 4213 4214 /* TBD: QWRAP key restore*/ 4215 /* crypto is on */ 4216 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 4217 /* restore static shared keys */ 4218 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 4219 crypto_params = wlan_crypto_vdev_get_comp_params 4220 ( 4221 vdev, 4222 &crypto_priv 4223 ); 4224 if (!crypto_priv) { 4225 crypto_err("crypto_priv is NULL"); 4226 return; 4227 } 4228 key = crypto_priv->key[i]; 4229 if (key && key->valid) { 4230 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4231 if (!tx_ops) { 4232 crypto_err("tx_ops is NULL"); 4233 return; 4234 } 4235 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 4236 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 4237 ( 4238 vdev, 4239 key, 4240 macaddr, 4241 wlan_crypto_get_key_type(key) 4242 ); 4243 } 4244 } 4245 } 4246 4247 wlan_objmgr_iterate_peerobj_list(vdev, 4248 crypto_plumb_peer_keys, 4249 psoc, 4250 WLAN_CRYPTO_ID); 4251 } 4252 } 4253 4254 QDF_STATUS 4255 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 4256 const uint8_t *ie_ptr, uint16_t ie_len) 4257 { 4258 const uint8_t *rsn_ie = NULL; 4259 QDF_STATUS status; 4260 4261 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4262 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 4263 if (!rsn_ie) { 4264 crypto_debug("RSN IE not present"); 4265 return QDF_STATUS_E_INVAL; 4266 } 4267 4268 status = wlan_crypto_rsnie_check(crypto_params, rsn_ie); 4269 if (QDF_STATUS_SUCCESS != status) { 4270 crypto_err("RSN IE check failed"); 4271 return status; 4272 } 4273 4274 return QDF_STATUS_SUCCESS; 4275 } 4276 4277 QDF_STATUS 4278 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 4279 const uint8_t *ie_ptr, uint16_t ie_len) 4280 { 4281 const uint8_t *wpa_ie = NULL; 4282 uint32_t wpa_oui; 4283 QDF_STATUS status; 4284 4285 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4286 4287 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 4288 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 4289 WLAN_OUI_SIZE, ie_ptr, ie_len); 4290 if (!wpa_ie) { 4291 crypto_debug("WPA IE not present"); 4292 return QDF_STATUS_E_INVAL; 4293 } 4294 4295 status = wlan_crypto_wpaie_check(crypto_params, wpa_ie); 4296 if (QDF_STATUS_SUCCESS != status) { 4297 crypto_err("WPA IE check failed"); 4298 return status; 4299 } 4300 4301 return QDF_STATUS_SUCCESS; 4302 } 4303 4304 #ifdef FEATURE_WLAN_WAPI 4305 QDF_STATUS 4306 wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params *crypto_params, 4307 const uint8_t *ie_ptr, uint16_t ie_len) 4308 { 4309 const uint8_t *wapi_ie; 4310 QDF_STATUS status; 4311 4312 qdf_mem_zero(crypto_params, sizeof(*crypto_params)); 4313 wapi_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_WAPI, ie_ptr, ie_len); 4314 if (!wapi_ie) { 4315 crypto_debug("WAPI ie not present"); 4316 return QDF_STATUS_E_INVAL; 4317 } 4318 4319 status = wlan_crypto_wapiie_check(crypto_params, wapi_ie); 4320 if (QDF_IS_STATUS_ERROR(status)) { 4321 crypto_err("WAPI IE check failed"); 4322 return status; 4323 } 4324 4325 return QDF_STATUS_SUCCESS; 4326 } 4327 #endif 4328 4329 /** 4330 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 4331 * @psoc: psoc pointer 4332 * @vdev_id: vdev id 4333 * @ie_ptr: pointer to IEs 4334 * @ie_len: IE length 4335 * @peer_crypto_params: return peer crypto parameters 4336 * 4337 * This function gets called from ucfg to check RSN match. 4338 * 4339 * Return: true or false 4340 */ 4341 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 4342 uint8_t vdev_id, uint8_t *ie_ptr, 4343 uint16_t ie_len, struct wlan_crypto_params * 4344 peer_crypto_params) 4345 { 4346 struct wlan_objmgr_vdev *vdev; 4347 bool match = true; 4348 QDF_STATUS status; 4349 4350 if (!psoc) { 4351 crypto_err("PSOC is NULL"); 4352 return false; 4353 } 4354 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 4355 ie_ptr, ie_len); 4356 if (QDF_STATUS_SUCCESS != status) { 4357 crypto_err("get crypto prarams from RSN IE failed"); 4358 return false; 4359 } 4360 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4361 WLAN_CRYPTO_ID); 4362 if (!vdev) { 4363 crypto_err("vdev is NULL"); 4364 return false; 4365 } 4366 4367 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4368 4369 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4370 4371 return match; 4372 } 4373 4374 /** 4375 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 4376 * @psoc: psoc pointer 4377 * @vdev_id: vdev id 4378 * @ie_ptr: pointer to IEs 4379 * @ie_len: IE length 4380 * @peer_crypto_params: return peer crypto parameters 4381 * 4382 * This function gets called from ucfg to check WPA match. 4383 * 4384 * Return: true or false 4385 */ 4386 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 4387 uint8_t vdev_id, uint8_t *ie_ptr, 4388 uint16_t ie_len, struct wlan_crypto_params * 4389 peer_crypto_params) 4390 { 4391 struct wlan_objmgr_vdev *vdev; 4392 bool match = true; 4393 QDF_STATUS status; 4394 4395 if (!psoc) { 4396 crypto_err("PSOC is NULL"); 4397 return false; 4398 } 4399 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4400 WLAN_CRYPTO_ID); 4401 if (!vdev) { 4402 crypto_err("vdev is NULL"); 4403 return false; 4404 } 4405 4406 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 4407 ie_ptr, ie_len); 4408 if (QDF_STATUS_SUCCESS != status) { 4409 crypto_err("get crypto prarams from WPA IE failed"); 4410 match = false; 4411 goto send_res; 4412 } 4413 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4414 4415 send_res: 4416 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4417 4418 return match; 4419 } 4420 4421 4422 static void 4423 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4424 struct wlan_crypto_params *src_params) 4425 { 4426 dst_params->authmodeset |= src_params->authmodeset; 4427 dst_params->ucastcipherset |= src_params->ucastcipherset; 4428 dst_params->mcastcipherset |= src_params->mcastcipherset; 4429 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4430 dst_params->cipher_caps |= src_params->cipher_caps; 4431 dst_params->key_mgmt |= src_params->key_mgmt; 4432 dst_params->rsn_caps |= src_params->rsn_caps; 4433 } 4434 4435 static void 4436 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4437 { 4438 params->authmodeset = 0; 4439 params->ucastcipherset = 0; 4440 params->mcastcipherset = 0; 4441 params->mgmtcipherset = 0; 4442 params->key_mgmt = 0; 4443 params->rsn_caps = 0; 4444 } 4445 4446 const uint8_t * 4447 wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len) 4448 { 4449 uint8_t len; 4450 const uint8_t *ie; 4451 4452 if (!rsnxe_ie) 4453 return NULL; 4454 4455 ie = rsnxe_ie; 4456 len = ie[1]; 4457 ie += 2; 4458 4459 if (!len) 4460 return NULL; 4461 4462 *cap_len = ie[0] & 0xf; 4463 4464 return ie; 4465 } 4466 4467 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4468 uint8_t *ie_ptr, 4469 uint16_t ie_len) 4470 { 4471 struct wlan_crypto_params crypto_params; 4472 QDF_STATUS status; 4473 struct wlan_crypto_params *vdev_crypto_params; 4474 struct wlan_crypto_comp_priv *crypto_priv; 4475 bool send_fail = false; 4476 4477 if (!vdev) { 4478 crypto_err("VDEV is NULL"); 4479 return QDF_STATUS_E_FAILURE; 4480 } 4481 4482 if (!ie_ptr) { 4483 crypto_err("IE ptr is NULL"); 4484 return QDF_STATUS_E_FAILURE; 4485 } 4486 4487 crypto_priv = (struct wlan_crypto_comp_priv *) 4488 wlan_get_vdev_crypto_obj(vdev); 4489 4490 if (!crypto_priv) { 4491 crypto_err("crypto_priv NULL"); 4492 return QDF_STATUS_E_FAILURE; 4493 } 4494 4495 vdev_crypto_params = &crypto_priv->crypto_params; 4496 4497 wlan_crypto_reset_prarams(vdev_crypto_params); 4498 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4499 ie_ptr, ie_len); 4500 if (QDF_IS_STATUS_SUCCESS(status)) 4501 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4502 else 4503 send_fail = true; 4504 4505 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4506 ie_ptr, ie_len); 4507 if (QDF_IS_STATUS_SUCCESS(status)) { 4508 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4509 send_fail = false; 4510 } 4511 4512 status = wlan_get_crypto_params_from_wapi_ie(&crypto_params, 4513 ie_ptr, ie_len); 4514 if (QDF_IS_STATUS_SUCCESS(status)) { 4515 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4516 send_fail = false; 4517 } 4518 4519 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4520 } 4521 4522 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4523 { 4524 struct wlan_crypto_comp_priv *crypto_priv; 4525 4526 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4527 if (!crypto_priv) { 4528 crypto_err("crypto_priv NULL"); 4529 return QDF_STATUS_E_FAILURE; 4530 } 4531 4532 if (igtk) 4533 return crypto_priv->def_igtk_tx_keyid; 4534 else 4535 return crypto_priv->def_tx_keyid; 4536 } 4537 4538 enum wlan_crypto_cipher_type 4539 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4540 bool pairwise, uint8_t key_index) 4541 { 4542 struct wlan_crypto_key *crypto_key; 4543 4544 crypto_key = wlan_crypto_get_key(vdev, key_index); 4545 4546 if (crypto_key) 4547 return crypto_key->cipher_type; 4548 else 4549 return WLAN_CRYPTO_CIPHER_INVALID; 4550 } 4551 4552 #ifdef CRYPTO_SET_KEY_CONVERGED 4553 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4554 uint8_t key_index, uint8_t key_len, 4555 uint8_t seq_len) 4556 { 4557 if (!is_valid_keyix(key_index)) { 4558 crypto_err("Invalid Key index %d", key_index); 4559 return QDF_STATUS_E_INVAL; 4560 } 4561 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4562 crypto_err("Invalid Cipher %d", cipher); 4563 return QDF_STATUS_E_INVAL; 4564 } 4565 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4566 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4567 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4568 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4569 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4570 crypto_err("Invalid key index %d for cipher %d", 4571 key_index, cipher); 4572 return QDF_STATUS_E_INVAL; 4573 } 4574 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4575 crypto_err("Invalid key length %d", key_len); 4576 return QDF_STATUS_E_INVAL; 4577 } 4578 4579 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4580 crypto_err("Invalid seq length %d", seq_len); 4581 return QDF_STATUS_E_INVAL; 4582 } 4583 4584 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4585 key_index, key_len, seq_len); 4586 4587 return QDF_STATUS_SUCCESS; 4588 } 4589 4590 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4591 uint8_t key_index, 4592 struct wlan_crypto_key *crypto_key) 4593 { 4594 struct wlan_crypto_comp_priv *crypto_priv; 4595 4596 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4597 if (!crypto_priv) { 4598 crypto_err("crypto_priv NULL"); 4599 return QDF_STATUS_E_FAILURE; 4600 } 4601 if (!is_valid_keyix(key_index)) { 4602 crypto_err("Invalid Key index %d", key_index); 4603 return QDF_STATUS_E_FAILURE; 4604 } 4605 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4606 crypto_priv->key[key_index] = crypto_key; 4607 } else if (is_igtk(key_index)) { 4608 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4609 crypto_key; 4610 crypto_priv->def_igtk_tx_keyid = 4611 key_index - WLAN_CRYPTO_MAXKEYIDX; 4612 crypto_priv->igtk_key_type = crypto_key->cipher_type; 4613 } else { 4614 crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4615 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4616 crypto_priv->def_bigtk_tx_keyid = 4617 key_index - WLAN_CRYPTO_MAXKEYIDX 4618 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4619 } 4620 crypto_key->valid = true; 4621 4622 return QDF_STATUS_SUCCESS; 4623 } 4624 4625 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4626 uint8_t key_index) 4627 { 4628 struct wlan_crypto_comp_priv *crypto_priv; 4629 4630 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4631 if (!crypto_priv) { 4632 crypto_err("crypto_priv NULL"); 4633 return NULL; 4634 } 4635 if (!is_valid_keyix(key_index)) { 4636 crypto_err("Invalid Key index %d", key_index); 4637 return NULL; 4638 } 4639 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4640 return crypto_priv->key[key_index]; 4641 else if (is_igtk(key_index)) 4642 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4643 else 4644 return crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4645 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4646 4647 return NULL; 4648 } 4649 4650 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4651 struct wlan_crypto_key *req, 4652 enum wlan_crypto_key_type key_type) 4653 { 4654 struct wlan_objmgr_psoc *psoc; 4655 struct wlan_lmac_if_tx_ops *tx_ops; 4656 QDF_STATUS status = QDF_STATUS_E_FAILURE; 4657 4658 psoc = wlan_vdev_get_psoc(vdev); 4659 4660 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4661 if (!tx_ops) { 4662 crypto_err("tx_ops is NULL"); 4663 return QDF_STATUS_E_FAILURE; 4664 } 4665 4666 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4667 status = WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, 4668 key_type); 4669 4670 return status; 4671 } 4672 4673 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4674 bool pairwise, uint8_t key_index, 4675 struct qdf_mac_addr *peer_mac) 4676 { 4677 struct wlan_crypto_key *crypto_key; 4678 4679 crypto_key = wlan_crypto_get_key(vdev, key_index); 4680 if (!crypto_key) { 4681 crypto_err("crypto_key not present for key_idx %d", key_index); 4682 return; 4683 } 4684 4685 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4686 } 4687 4688 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4689 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4690 struct wlan_objmgr_vdev *vdev, 4691 struct qdf_mac_addr *conn_bssid) 4692 { 4693 struct wlan_crypto_params *crypto_params; 4694 struct wlan_crypto_comp_priv *crypto_priv; 4695 int i; 4696 4697 crypto_priv = (struct wlan_crypto_comp_priv *) 4698 wlan_get_vdev_crypto_obj(vdev); 4699 4700 if (!crypto_priv) { 4701 crypto_err("crypto_priv NULL"); 4702 return; 4703 } 4704 4705 crypto_params = &crypto_priv->crypto_params; 4706 4707 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4708 if (!crypto_params->pmksa[i]) 4709 continue; 4710 4711 if (crypto_params->pmksa[i]->single_pmk_supported && 4712 !qdf_is_macaddr_equal(conn_bssid, 4713 &crypto_params->pmksa[i]->bssid)) { 4714 qdf_mem_zero(crypto_params->pmksa[i], 4715 sizeof(struct wlan_crypto_pmksa)); 4716 qdf_mem_free(crypto_params->pmksa[i]); 4717 crypto_params->pmksa[i] = NULL; 4718 } 4719 } 4720 } 4721 4722 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4723 struct qdf_mac_addr *bssid, 4724 bool single_pmk_capable_bss) 4725 { 4726 struct wlan_crypto_params *crypto_params; 4727 struct wlan_crypto_comp_priv *crypto_priv; 4728 int i; 4729 4730 crypto_priv = (struct wlan_crypto_comp_priv *) 4731 wlan_get_vdev_crypto_obj(vdev); 4732 4733 if (!crypto_priv) { 4734 crypto_err("crypto_priv NULL"); 4735 return; 4736 } 4737 4738 crypto_params = &crypto_priv->crypto_params; 4739 4740 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4741 if (!crypto_params->pmksa[i]) 4742 continue; 4743 4744 if (qdf_is_macaddr_equal(bssid, 4745 &crypto_params->pmksa[i]->bssid)) 4746 crypto_params->pmksa[i]->single_pmk_supported = 4747 single_pmk_capable_bss; 4748 } 4749 } 4750 4751 void 4752 wlan_crypto_set_sae_single_pmk_info(struct wlan_objmgr_vdev *vdev, 4753 struct wlan_crypto_pmksa *roam_sync_pmksa) 4754 { 4755 struct wlan_crypto_params *crypto_params; 4756 struct wlan_crypto_comp_priv *crypto_priv; 4757 int i; 4758 4759 crypto_priv = (struct wlan_crypto_comp_priv *) 4760 wlan_get_vdev_crypto_obj(vdev); 4761 4762 if (!crypto_priv) { 4763 crypto_err("crypto_priv NULL"); 4764 return; 4765 } 4766 4767 crypto_params = &crypto_priv->crypto_params; 4768 4769 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4770 if (!crypto_params->pmksa[i]) 4771 continue; 4772 if (qdf_is_macaddr_equal(&roam_sync_pmksa->bssid, 4773 &crypto_params->pmksa[i]->bssid) && 4774 roam_sync_pmksa->single_pmk_supported && 4775 roam_sync_pmksa->pmk_len) { 4776 crypto_params->pmksa[i]->single_pmk_supported = 4777 roam_sync_pmksa->single_pmk_supported; 4778 crypto_params->pmksa[i]->pmk_len = 4779 roam_sync_pmksa->pmk_len; 4780 qdf_mem_copy(crypto_params->pmksa[i]->pmk, 4781 roam_sync_pmksa->pmk, 4782 roam_sync_pmksa->pmk_len); 4783 } 4784 } 4785 } 4786 4787 #endif 4788 4789 void wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev *vdev) 4790 { 4791 struct wlan_crypto_comp_priv *crypto_priv; 4792 4793 crypto_debug("reset params for vdev %d", wlan_vdev_get_id(vdev)); 4794 crypto_priv = (struct wlan_crypto_comp_priv *) 4795 wlan_get_vdev_crypto_obj(vdev); 4796 4797 if (!crypto_priv) { 4798 crypto_err("crypto_priv NULL"); 4799 return; 4800 } 4801 4802 wlan_crypto_reset_prarams(&crypto_priv->crypto_params); 4803 } 4804 4805 QDF_STATUS wlan_crypto_psoc_enable(struct wlan_objmgr_psoc *psoc) 4806 { 4807 struct wlan_lmac_if_tx_ops *tx_ops; 4808 4809 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4810 if (!tx_ops) { 4811 crypto_err("tx_ops is NULL"); 4812 return QDF_STATUS_E_FAILURE; 4813 } 4814 4815 if (WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)) 4816 return WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)(psoc); 4817 4818 return QDF_STATUS_E_FAILURE; 4819 } 4820 4821 QDF_STATUS wlan_crypto_psoc_disable(struct wlan_objmgr_psoc *psoc) 4822 { 4823 struct wlan_lmac_if_tx_ops *tx_ops; 4824 4825 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4826 if (!tx_ops) { 4827 crypto_err("tx_ops is NULL"); 4828 return QDF_STATUS_E_FAILURE; 4829 } 4830 4831 if (WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)) 4832 return WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)(psoc); 4833 4834 return QDF_STATUS_E_FAILURE; 4835 } 4836 #endif 4837 4838 #ifdef WLAN_FEATURE_FILS_SK 4839 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len, 4840 uint8_t *rik, uint32_t *rik_len) 4841 { 4842 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN]; 4843 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL; 4844 QDF_STATUS status; 4845 4846 if (!rrk || !rik) { 4847 crypto_err("FILS rrk/rik NULL"); 4848 return QDF_STATUS_E_FAILURE; 4849 } 4850 4851 optional_data[0] = HMAC_SHA256_128; 4852 /* basic validation */ 4853 if (rrk_len <= 0) { 4854 crypto_err("invalid r_rk length %d", rrk_len); 4855 return QDF_STATUS_E_FAILURE; 4856 } 4857 4858 wlan_crypto_put_be16(&optional_data[1], rrk_len); 4859 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data, 4860 sizeof(optional_data), rik, 4861 rrk_len); 4862 if (QDF_IS_STATUS_ERROR(status)) { 4863 crypto_err("failed to create rik"); 4864 return status; 4865 } 4866 *rik_len = rrk_len; 4867 4868 return QDF_STATUS_SUCCESS; 4869 } 4870 #endif /* WLAN_FEATURE_FILS_SK */ 4871 4872 #if defined(WIFI_POS_CONVERGED) && defined(WLAN_FEATURE_RTT_11AZ_SUPPORT) 4873 QDF_STATUS 4874 wlan_crypto_set_ltf_keyseed(struct wlan_objmgr_psoc *psoc, 4875 struct wlan_crypto_ltf_keyseed_data *data) 4876 { 4877 QDF_STATUS status = QDF_STATUS_SUCCESS; 4878 struct wlan_lmac_if_tx_ops *tx_ops; 4879 4880 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4881 if (!tx_ops) { 4882 crypto_err("tx_ops is NULL"); 4883 return QDF_STATUS_E_INVAL; 4884 } 4885 4886 if (WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)) 4887 status = WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)(psoc, data); 4888 4889 return status; 4890 } 4891 #endif 4892 4893 QDF_STATUS 4894 wlan_crypto_vdev_set_param(struct wlan_objmgr_psoc *psoc, uint32_t vdev_id, 4895 uint32_t param_id, uint32_t param_value) 4896 { 4897 QDF_STATUS status = QDF_STATUS_SUCCESS; 4898 struct wlan_lmac_if_tx_ops *tx_ops; 4899 4900 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4901 if (!tx_ops) { 4902 crypto_err("tx_ops is NULL"); 4903 return QDF_STATUS_E_INVAL; 4904 } 4905 4906 if (WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops)) 4907 status = WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops) (psoc, 4908 vdev_id, 4909 param_id, 4910 param_value); 4911 4912 return status; 4913 } 4914