1 /* 2 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved. 3 * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for 6 * any purpose with or without fee is hereby granted, provided that the 7 * above copyright notice and this permission notice appear in all 8 * copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /** 21 * DOC: Public APIs for crypto service 22 */ 23 24 #include <qdf_types.h> 25 #include <wlan_cmn.h> 26 #include <wlan_objmgr_cmn.h> 27 #include <wlan_objmgr_global_obj.h> 28 #include <wlan_objmgr_psoc_obj.h> 29 #include <wlan_objmgr_pdev_obj.h> 30 #include <wlan_objmgr_vdev_obj.h> 31 #include <wlan_objmgr_peer_obj.h> 32 #include <wlan_utility.h> 33 #include <wlan_cp_stats_utils_api.h> 34 35 #include "wlan_crypto_global_def.h" 36 #include "wlan_crypto_global_api.h" 37 #include "wlan_crypto_def_i.h" 38 #include "wlan_crypto_param_handling_i.h" 39 #include "wlan_crypto_obj_mgr_i.h" 40 #include "wlan_crypto_main.h" 41 #include <qdf_module.h> 42 43 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 44 45 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 46 WLAN_CRYPTO_ADDSELECTOR(frm,\ 47 wlan_crypto_wpa_cipher_to_suite(cipher)) 48 49 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 50 WLAN_CRYPTO_ADDSELECTOR(frm,\ 51 wlan_crypto_rsn_cipher_to_suite(cipher)) 52 53 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 54 WLAN_CRYPTO_ADDSELECTOR(frm,\ 55 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 56 57 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 58 WLAN_CRYPTO_ADDSELECTOR(frm,\ 59 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 60 61 static int is_valid_keyix(uint16_t keyix) 62 { 63 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 64 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 65 return 0; 66 else 67 return 1; 68 } 69 70 static int is_igtk(uint16_t keyix) 71 { 72 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 73 return 0; 74 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 75 return 0; 76 else 77 return 1; 78 } 79 80 static int is_bigtk(uint16_t keyix) 81 { 82 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 83 return 0; 84 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 85 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 86 return 0; 87 else 88 return 1; 89 } 90 91 /** 92 * wlan_crypto_vdev_get_comp_params() - called by mlme to get crypto params 93 * @vdev: vdev 94 * @crypto_priv: location to store pointer to the crypto private data 95 * 96 * This function gets called by mlme to get crypto params 97 * 98 * Return: wlan_crypto_params or NULL in case of failure 99 */ 100 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 101 struct wlan_objmgr_vdev *vdev, 102 struct wlan_crypto_comp_priv **crypto_priv) 103 { 104 *crypto_priv = (struct wlan_crypto_comp_priv *) 105 wlan_get_vdev_crypto_obj(vdev); 106 if (!(*crypto_priv)) { 107 crypto_err("crypto_priv NULL"); 108 return NULL; 109 } 110 111 return &((*crypto_priv)->crypto_params); 112 } 113 114 /** 115 * wlan_crypto_peer_get_comp_params() - called by mlme to get crypto params 116 * @peer: peer 117 * @crypto_priv: location to store pointer to the crypto private data 118 * 119 * This function gets called by mlme to get crypto params 120 * 121 * Return: wlan_crypto_params or NULL in case of failure 122 */ 123 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 124 struct wlan_objmgr_peer *peer, 125 struct wlan_crypto_comp_priv **crypto_priv) 126 { 127 128 *crypto_priv = (struct wlan_crypto_comp_priv *) 129 wlan_get_peer_crypto_obj(peer); 130 if (!*crypto_priv) { 131 crypto_err("crypto_priv NULL"); 132 return NULL; 133 } 134 135 return &((*crypto_priv)->crypto_params); 136 } 137 138 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 139 { 140 return QDF_STATUS_SUCCESS; 141 } 142 143 /** 144 * wlan_crypto_set_param() - called by ucfg to set crypto param 145 * @crypto_params: crypto_params 146 * @param: param to be set. 147 * @value: value 148 * 149 * This function gets called from ucfg to set param 150 * 151 * Return: QDF_STATUS_SUCCESS - in case of success 152 */ 153 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 154 wlan_crypto_param_type param, 155 uint32_t value) 156 { 157 QDF_STATUS status = QDF_STATUS_E_INVAL; 158 159 crypto_debug("param %d, value %d", param, value); 160 switch (param) { 161 case WLAN_CRYPTO_PARAM_AUTH_MODE: 162 status = wlan_crypto_set_authmode(crypto_params, value); 163 break; 164 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 165 status = wlan_crypto_set_ucastciphers(crypto_params, value); 166 break; 167 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 168 status = wlan_crypto_set_mcastcipher(crypto_params, value); 169 break; 170 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 171 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 172 break; 173 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 174 status = wlan_crypto_set_cipher_cap(crypto_params, value); 175 break; 176 case WLAN_CRYPTO_PARAM_RSN_CAP: 177 status = wlan_crypto_set_rsn_cap(crypto_params, value); 178 break; 179 case WLAN_CRYPTO_PARAM_KEY_MGMT: 180 status = wlan_crypto_set_key_mgmt(crypto_params, value); 181 break; 182 default: 183 status = QDF_STATUS_E_INVAL; 184 } 185 return status; 186 } 187 188 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 189 wlan_crypto_param_type param, 190 uint32_t value) 191 { 192 QDF_STATUS status = QDF_STATUS_E_INVAL; 193 struct wlan_crypto_comp_priv *crypto_priv; 194 struct wlan_crypto_params *crypto_params; 195 196 crypto_priv = (struct wlan_crypto_comp_priv *) 197 wlan_get_vdev_crypto_obj(vdev); 198 199 if (!crypto_priv) { 200 crypto_err("crypto_priv NULL"); 201 return QDF_STATUS_E_INVAL; 202 } 203 204 crypto_params = &(crypto_priv->crypto_params); 205 206 status = wlan_crypto_set_param(crypto_params, param, value); 207 208 return status; 209 } 210 211 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 212 wlan_crypto_param_type param, 213 uint32_t value) 214 { 215 QDF_STATUS status = QDF_STATUS_E_INVAL; 216 struct wlan_crypto_comp_priv *crypto_priv; 217 struct wlan_crypto_params *crypto_params; 218 219 crypto_params = wlan_crypto_peer_get_comp_params(peer, 220 &crypto_priv); 221 222 if (!crypto_priv) { 223 crypto_err("crypto_priv NULL"); 224 return QDF_STATUS_E_INVAL; 225 } 226 227 crypto_params = &(crypto_priv->crypto_params); 228 229 status = wlan_crypto_set_param(crypto_params, param, value); 230 231 return status; 232 } 233 234 /** 235 * wlan_crypto_get_param_value() - called by crypto APIs to get value for param 236 * @param: Crypto param type 237 * @crypto_params: Crypto params struct 238 * 239 * This function gets called from in-within crypto layer 240 * 241 * Return: value or -1 for failure 242 */ 243 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 244 struct wlan_crypto_params *crypto_params) 245 { 246 int32_t value; 247 248 switch (param) { 249 case WLAN_CRYPTO_PARAM_AUTH_MODE: 250 value = wlan_crypto_get_authmode(crypto_params); 251 break; 252 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 253 value = wlan_crypto_get_ucastciphers(crypto_params); 254 break; 255 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 256 value = wlan_crypto_get_mcastcipher(crypto_params); 257 break; 258 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 259 value = wlan_crypto_get_mgmtciphers(crypto_params); 260 break; 261 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 262 value = wlan_crypto_get_cipher_cap(crypto_params); 263 break; 264 case WLAN_CRYPTO_PARAM_RSN_CAP: 265 value = wlan_crypto_get_rsn_cap(crypto_params); 266 break; 267 case WLAN_CRYPTO_PARAM_KEY_MGMT: 268 value = wlan_crypto_get_key_mgmt(crypto_params); 269 break; 270 default: 271 value = -1; 272 } 273 274 return value; 275 } 276 277 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 278 wlan_crypto_param_type param) 279 { 280 int32_t value = -1; 281 struct wlan_crypto_comp_priv *crypto_priv; 282 struct wlan_crypto_params *crypto_params; 283 crypto_priv = (struct wlan_crypto_comp_priv *) 284 wlan_get_vdev_crypto_obj(vdev); 285 286 if (!crypto_priv) { 287 crypto_err("crypto_priv NULL"); 288 return value; 289 } 290 291 crypto_params = &(crypto_priv->crypto_params); 292 value = wlan_crypto_get_param_value(param, crypto_params); 293 294 return value; 295 } 296 297 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 298 wlan_crypto_param_type param) 299 { 300 int32_t value = -1; 301 struct wlan_crypto_comp_priv *crypto_priv; 302 struct wlan_crypto_params *crypto_params; 303 304 crypto_params = wlan_crypto_peer_get_comp_params(peer, 305 &crypto_priv); 306 307 if (!crypto_params) { 308 crypto_err("crypto_params NULL"); 309 return value; 310 } 311 value = wlan_crypto_get_param_value(param, crypto_params); 312 313 return value; 314 } 315 qdf_export_symbol(wlan_crypto_get_peer_param); 316 317 static 318 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 319 struct wlan_crypto_pmksa *pmksa); 320 321 static 322 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 323 struct wlan_crypto_pmksa *pmksa) 324 { 325 uint8_t i, first_available_slot = 0; 326 bool slot_found = false; 327 328 /* Delete the old entry and then Add new entry */ 329 wlan_crypto_del_pmksa(crypto_params, pmksa); 330 331 /* find the empty slot as duplicate is already deleted */ 332 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 333 if (!crypto_params->pmksa[i]) { 334 slot_found = true; 335 first_available_slot = i; 336 break; 337 } 338 } 339 340 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 341 crypto_err("no entry available for pmksa"); 342 return QDF_STATUS_E_INVAL; 343 } 344 crypto_params->pmksa[first_available_slot] = pmksa; 345 crypto_debug("PMKSA: Added the PMKSA entry at index=%d", 346 first_available_slot); 347 348 return QDF_STATUS_SUCCESS; 349 } 350 351 static 352 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 353 struct wlan_crypto_pmksa *pmksa) 354 { 355 uint8_t i, j, valid_entries_in_table = 0; 356 bool match_found = false; 357 u8 del_pmk[MAX_PMK_LEN] = {0}; 358 359 /* find slot with same bssid */ 360 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 361 if (!crypto_params->pmksa[i]) 362 continue; 363 364 valid_entries_in_table++; 365 366 if (!pmksa->ssid_len && 367 !qdf_is_macaddr_zero(&pmksa->bssid) && 368 qdf_is_macaddr_equal(&pmksa->bssid, 369 &crypto_params->pmksa[i]->bssid)) { 370 match_found = true; 371 } else if (pmksa->ssid_len && 372 !qdf_mem_cmp(pmksa->ssid, 373 crypto_params->pmksa[i]->ssid, 374 pmksa->ssid_len) && 375 !qdf_mem_cmp(pmksa->cache_id, 376 crypto_params->pmksa[i]->cache_id, 377 WLAN_CACHE_ID_LEN)) { 378 match_found = true; 379 } 380 381 if (match_found) { 382 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 383 crypto_params->pmksa[i]->pmk_len); 384 /* Free matching entry */ 385 qdf_mem_zero(crypto_params->pmksa[i], 386 sizeof(struct wlan_crypto_pmksa)); 387 qdf_mem_free(crypto_params->pmksa[i]); 388 crypto_params->pmksa[i] = NULL; 389 crypto_debug("PMKSA: Deleted PMKSA entry at index=%d", 390 i); 391 392 /* Find and remove the entries matching the pmk */ 393 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 394 if (!crypto_params->pmksa[j]) 395 continue; 396 if (crypto_params->pmksa[j]->pmk_len && 397 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 398 del_pmk, 399 crypto_params->pmksa[j]->pmk_len))) { 400 qdf_mem_zero(crypto_params->pmksa[j], 401 sizeof(struct wlan_crypto_pmksa)); 402 qdf_mem_free(crypto_params->pmksa[j]); 403 crypto_params->pmksa[j] = NULL; 404 crypto_debug("PMKSA: Deleted PMKSA at idx=%d", 405 j); 406 } 407 } 408 /* reset stored pmk */ 409 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 410 411 return QDF_STATUS_SUCCESS; 412 } 413 } 414 415 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 416 crypto_debug("No such pmksa entry exists: valid entries:%d", 417 valid_entries_in_table); 418 419 return QDF_STATUS_SUCCESS; 420 } 421 422 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 423 { 424 uint8_t i; 425 426 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 427 if (!crypto_params->pmksa[i]) 428 continue; 429 qdf_mem_zero(crypto_params->pmksa[i], 430 sizeof(struct wlan_crypto_pmksa)); 431 qdf_mem_free(crypto_params->pmksa[i]); 432 crypto_params->pmksa[i] = NULL; 433 } 434 435 crypto_debug("Flushed the pmksa table"); 436 437 return QDF_STATUS_SUCCESS; 438 } 439 440 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 441 struct wlan_crypto_pmksa *pmksa, 442 bool set) 443 { 444 QDF_STATUS status = QDF_STATUS_E_INVAL; 445 struct wlan_crypto_comp_priv *crypto_priv; 446 struct wlan_crypto_params *crypto_params; 447 struct wlan_crypto_pmksa *pmkid_cache = NULL; 448 enum QDF_OPMODE op_mode; 449 450 op_mode = wlan_vdev_mlme_get_opmode(vdev); 451 452 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 453 return QDF_STATUS_E_NOSUPPORT; 454 455 if (!pmksa && set) { 456 crypto_err("pmksa is NULL for set operation"); 457 return QDF_STATUS_E_INVAL; 458 } 459 crypto_priv = (struct wlan_crypto_comp_priv *) 460 wlan_get_vdev_crypto_obj(vdev); 461 462 if (!crypto_priv) { 463 crypto_err("crypto_priv NULL"); 464 return QDF_STATUS_E_INVAL; 465 } 466 467 crypto_params = &crypto_priv->crypto_params; 468 if (set) { 469 pmkid_cache = wlan_crypto_get_pmksa(vdev, &pmksa->bssid); 470 if (pmkid_cache && (pmksa->pmk_len && 471 pmksa->pmk_len == pmkid_cache->pmk_len && 472 !qdf_mem_cmp(pmkid_cache->pmk, pmksa->pmk, 473 pmksa->pmk_len))) { 474 crypto_debug("PMKSA entry found with same PMK"); 475 pmkid_cache = NULL; 476 return QDF_STATUS_E_EXISTS; 477 } 478 479 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 480 /* Set pmksa */ 481 } else { 482 /* del pmksa */ 483 if (!pmksa) 484 status = wlan_crypto_pmksa_flush(crypto_params); 485 else 486 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 487 } 488 489 return status; 490 } 491 492 QDF_STATUS wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev *vdev, 493 struct wlan_crypto_pmksa *pmksa) 494 { 495 QDF_STATUS status = QDF_STATUS_E_INVAL; 496 struct wlan_crypto_pmksa *cached_pmksa; 497 struct wlan_crypto_comp_priv *crypto_priv; 498 struct wlan_crypto_params *crypto_params; 499 uint8_t mdie_present, i; 500 uint16_t mobility_domain; 501 502 if (!pmksa) { 503 crypto_err("pmksa is NULL for set operation"); 504 return status; 505 } 506 507 crypto_priv = (struct wlan_crypto_comp_priv *) 508 wlan_get_vdev_crypto_obj(vdev); 509 if (!crypto_priv) { 510 crypto_err("crypto_priv NULL"); 511 return status; 512 } 513 514 crypto_params = &crypto_priv->crypto_params; 515 516 if (pmksa->mdid.mdie_present) { 517 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 518 if (!crypto_params->pmksa[i]) 519 continue; 520 cached_pmksa = crypto_params->pmksa[i]; 521 mdie_present = cached_pmksa->mdid.mdie_present; 522 mobility_domain = cached_pmksa->mdid.mobility_domain; 523 524 /* In FT connection when STA connects to AP1 then PMK1 525 * gets cached. And if STA disconnects from AP1 and 526 * connects to AP2 then PMK2 gets cached. This will 527 * result in having multiple PMK cache entries for the 528 * same MDID. So delete the old/stale PMK cache entries 529 * for the same mobility domain as of the newly added 530 * entry. And Update the MDID for the matching BSSID or 531 * SSID PMKSA entry. 532 */ 533 if (qdf_is_macaddr_equal 534 (&cached_pmksa->bssid, &pmksa->bssid)) { 535 cached_pmksa->mdid.mdie_present = 1; 536 cached_pmksa->mdid.mobility_domain = 537 pmksa->mdid.mobility_domain; 538 crypto_debug("Updated the MDID at index=%d", i); 539 status = QDF_STATUS_SUCCESS; 540 } else if (pmksa->ssid_len && 541 !qdf_mem_cmp(pmksa->ssid, 542 cached_pmksa->ssid, 543 pmksa->ssid_len) && 544 !qdf_mem_cmp(pmksa->cache_id, 545 cached_pmksa->cache_id, 546 WLAN_CACHE_ID_LEN)) { 547 cached_pmksa->mdid.mdie_present = 1; 548 cached_pmksa->mdid.mobility_domain = 549 pmksa->mdid.mobility_domain; 550 crypto_debug("Updated the MDID at index=%d", i); 551 status = QDF_STATUS_SUCCESS; 552 } else if (mdie_present && 553 (pmksa->mdid.mobility_domain == 554 mobility_domain)) { 555 qdf_mem_zero(crypto_params->pmksa[i], 556 sizeof(struct wlan_crypto_pmksa)); 557 qdf_mem_free(crypto_params->pmksa[i]); 558 crypto_params->pmksa[i] = NULL; 559 crypto_debug("Deleted PMKSA at index=%d", i); 560 status = QDF_STATUS_SUCCESS; 561 } 562 } 563 } 564 return status; 565 } 566 567 struct wlan_crypto_pmksa * 568 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 569 struct wlan_crypto_pmksa *pmksa) 570 { 571 struct wlan_crypto_comp_priv *crypto_priv; 572 struct wlan_crypto_params *crypto_params; 573 uint8_t i; 574 575 if (!pmksa) { 576 crypto_err("pmksa is NULL"); 577 return NULL; 578 } 579 crypto_priv = (struct wlan_crypto_comp_priv *) 580 wlan_get_vdev_crypto_obj(vdev); 581 582 if (!crypto_priv) { 583 crypto_err("crypto_priv NULL"); 584 return NULL; 585 } 586 587 crypto_params = &crypto_priv->crypto_params; 588 589 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 590 if (!crypto_params->pmksa[i]) 591 continue; 592 593 if (pmksa->ssid_len && 594 !qdf_mem_cmp(pmksa->ssid, 595 crypto_params->pmksa[i]->ssid, 596 pmksa->ssid_len) && 597 !qdf_mem_cmp(pmksa->cache_id, 598 crypto_params->pmksa[i]->cache_id, 599 WLAN_CACHE_ID_LEN)) { 600 return crypto_params->pmksa[i]; 601 } else if (!pmksa->ssid_len && 602 !qdf_is_macaddr_zero(&pmksa->bssid) && 603 qdf_is_macaddr_equal(&pmksa->bssid, 604 &crypto_params->pmksa[i]->bssid)) { 605 return crypto_params->pmksa[i]; 606 } 607 } 608 609 return NULL; 610 } 611 612 struct wlan_crypto_pmksa * 613 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 614 { 615 struct wlan_crypto_comp_priv *crypto_priv; 616 struct wlan_crypto_params *crypto_params; 617 uint8_t i; 618 619 if (!bssid) { 620 crypto_err("bssid is NULL"); 621 return NULL; 622 } 623 crypto_priv = (struct wlan_crypto_comp_priv *) 624 wlan_get_vdev_crypto_obj(vdev); 625 626 if (!crypto_priv) { 627 crypto_err("crypto_priv NULL"); 628 return NULL; 629 } 630 631 crypto_params = &crypto_priv->crypto_params; 632 633 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 634 if (!crypto_params->pmksa[i]) 635 continue; 636 if (qdf_is_macaddr_equal(bssid, 637 &crypto_params->pmksa[i]->bssid)) { 638 crypto_debug("PMKSA: Entry found at index %d", i); 639 return crypto_params->pmksa[i]; 640 } 641 } 642 643 return NULL; 644 } 645 646 struct wlan_crypto_pmksa * 647 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev, 648 uint8_t *cache_id, uint8_t *ssid, 649 uint8_t ssid_len) 650 { 651 struct wlan_crypto_comp_priv *crypto_priv; 652 struct wlan_crypto_params *crypto_params; 653 uint8_t i; 654 655 crypto_priv = (struct wlan_crypto_comp_priv *) 656 wlan_get_vdev_crypto_obj(vdev); 657 658 if (!crypto_priv) { 659 crypto_err("crypto_priv NULL"); 660 return NULL; 661 } 662 663 crypto_params = &crypto_priv->crypto_params; 664 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 665 if (!crypto_params->pmksa[i]) 666 continue; 667 668 if (!qdf_mem_cmp(cache_id, 669 crypto_params->pmksa[i]->cache_id, 670 WLAN_CACHE_ID_LEN) && 671 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid, 672 ssid_len) && 673 ssid_len == crypto_params->pmksa[i]->ssid_len) 674 return crypto_params->pmksa[i]; 675 } 676 677 return NULL; 678 } 679 680 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 681 struct wlan_objmgr_peer *peer) 682 { 683 int32_t ucast_cipher; 684 685 if (!(vdev || peer)) { 686 crypto_err("Invalid params"); 687 return 0; 688 } 689 690 if (vdev) 691 ucast_cipher = wlan_crypto_get_param(vdev, 692 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 693 else 694 ucast_cipher = wlan_crypto_get_peer_param(peer, 695 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 696 697 if (ucast_cipher == -1) { 698 crypto_err("Invalid params"); 699 return 0; 700 } 701 702 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 703 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 704 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 705 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 706 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 707 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 708 } 709 qdf_export_symbol(wlan_crypto_is_htallowed); 710 711 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 712 struct wlan_crypto_req_key *req_key) 713 { 714 QDF_STATUS status = QDF_STATUS_E_INVAL; 715 struct wlan_crypto_comp_priv *crypto_priv; 716 struct wlan_crypto_params *crypto_params; 717 struct wlan_objmgr_psoc *psoc; 718 struct wlan_objmgr_peer *peer = NULL; 719 struct wlan_crypto_key *key = NULL; 720 const struct wlan_crypto_cipher *cipher; 721 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 722 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 723 bool isbcast; 724 enum QDF_OPMODE vdev_mode; 725 uint8_t igtk_idx = 0; 726 uint8_t bigtk_idx = 0; 727 struct wlan_lmac_if_tx_ops *tx_ops; 728 729 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 730 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 731 return QDF_STATUS_E_INVAL; 732 } 733 734 isbcast = qdf_is_macaddr_group( 735 (struct qdf_mac_addr *)req_key->macaddr); 736 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 737 /* zero length keys, only set default key id if flags are set*/ 738 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 739 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 740 && (!IS_MGMT_CIPHER(req_key->type))) { 741 wlan_crypto_default_key(vdev, 742 req_key->macaddr, 743 req_key->keyix, 744 !isbcast); 745 return QDF_STATUS_SUCCESS; 746 } 747 crypto_err("req_key len zero"); 748 return QDF_STATUS_E_INVAL; 749 } 750 751 cipher = wlan_crypto_cipher_ops[req_key->type]; 752 753 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 754 crypto_err("cipher invalid"); 755 return QDF_STATUS_E_INVAL; 756 } 757 758 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 759 (!IS_MGMT_CIPHER(req_key->type)) && 760 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 761 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 762 crypto_err("cipher invalid"); 763 return QDF_STATUS_E_INVAL; 764 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 765 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 766 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 767 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 768 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 769 return QDF_STATUS_E_INVAL; 770 } 771 772 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 773 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 774 | WLAN_CRYPTO_KEY_RECV)) { 775 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 776 | WLAN_CRYPTO_KEY_RECV); 777 } 778 } else { 779 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 780 && (!IS_MGMT_CIPHER(req_key->type))) { 781 return QDF_STATUS_E_INVAL; 782 } 783 784 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 785 | WLAN_CRYPTO_KEY_RECV); 786 if (isbcast) 787 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 788 } 789 790 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 791 792 wlan_vdev_obj_lock(vdev); 793 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 794 QDF_MAC_ADDR_SIZE); 795 psoc = wlan_vdev_get_psoc(vdev); 796 if (!psoc) { 797 wlan_vdev_obj_unlock(vdev); 798 crypto_err("psoc NULL"); 799 return QDF_STATUS_E_INVAL; 800 } 801 wlan_vdev_obj_unlock(vdev); 802 803 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 804 if (wlan_crypto_vdev_has_auth_mode(vdev, 805 (1 << WLAN_CRYPTO_AUTH_8021X))) { 806 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 807 } 808 } 809 810 if (isbcast) { 811 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 812 &crypto_priv); 813 if (!crypto_priv) { 814 crypto_err("crypto_priv NULL"); 815 return QDF_STATUS_E_INVAL; 816 } 817 818 if (IS_MGMT_CIPHER(req_key->type)) { 819 struct wlan_crypto_key *crypto_key = NULL; 820 821 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 822 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 823 if (!is_igtk(req_key->keyix) && 824 !(is_bigtk(req_key->keyix))) { 825 crypto_err("igtk/bigtk key invalid keyid %d", 826 req_key->keyix); 827 return QDF_STATUS_E_INVAL; 828 } 829 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 830 if (!key) 831 return QDF_STATUS_E_NOMEM; 832 833 834 if (is_igtk(req_key->keyix)) { 835 crypto_key = crypto_priv->igtk_key[igtk_idx]; 836 if (crypto_key) 837 qdf_mem_free(crypto_key); 838 839 crypto_priv->igtk_key[igtk_idx] = key; 840 crypto_priv->igtk_key_type = req_key->type; 841 crypto_priv->def_igtk_tx_keyid = igtk_idx; 842 bigtk_idx = 0; 843 } else { 844 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 845 if (crypto_key) 846 qdf_mem_free(crypto_key); 847 848 crypto_priv->bigtk_key[bigtk_idx] = key; 849 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 850 igtk_idx = 0; 851 } 852 } else { 853 if (IS_FILS_CIPHER(req_key->type)) { 854 crypto_err("FILS key is not for BroadCast pkt"); 855 return QDF_STATUS_E_INVAL; 856 } 857 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 858 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 859 return QDF_STATUS_E_INVAL; 860 } 861 if (!crypto_priv->key[req_key->keyix]) { 862 crypto_priv->key[req_key->keyix] 863 = qdf_mem_malloc( 864 sizeof(struct wlan_crypto_key)); 865 if (!crypto_priv->key[req_key->keyix]) 866 return QDF_STATUS_E_NOMEM; 867 } 868 key = crypto_priv->key[req_key->keyix]; 869 crypto_priv->def_tx_keyid = req_key->keyix; 870 } 871 if (vdev_mode == QDF_STA_MODE) { 872 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 873 WLAN_CRYPTO_ID); 874 if (!peer) { 875 crypto_err("peer NULL"); 876 if (IS_MGMT_CIPHER(req_key->type)) { 877 crypto_priv->igtk_key[igtk_idx] = NULL; 878 crypto_priv->bigtk_key[bigtk_idx] 879 = NULL; 880 crypto_priv->igtk_key_type 881 = WLAN_CRYPTO_CIPHER_NONE; 882 } else 883 crypto_priv->key[req_key->keyix] = NULL; 884 if (key) 885 qdf_mem_free(key); 886 return QDF_STATUS_E_INVAL; 887 } 888 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 889 QDF_MAC_ADDR_SIZE); 890 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 891 peer = NULL; 892 } 893 } else { 894 uint8_t pdev_id; 895 896 pdev_id = wlan_objmgr_pdev_get_pdev_id( 897 wlan_vdev_get_pdev(vdev)); 898 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 899 psoc, 900 pdev_id, 901 macaddr, 902 req_key->macaddr, 903 WLAN_CRYPTO_ID); 904 905 if (!peer) { 906 crypto_err("peer NULL"); 907 return QDF_STATUS_E_INVAL; 908 } 909 910 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 911 crypto_params = wlan_crypto_peer_get_comp_params(peer, 912 &crypto_priv); 913 914 if (!crypto_priv) { 915 crypto_err("crypto_priv NULL"); 916 status = QDF_STATUS_E_INVAL; 917 goto err; 918 } 919 if (IS_MGMT_CIPHER(req_key->type)) { 920 struct wlan_crypto_key *crypto_key = NULL; 921 922 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 923 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 924 if (!is_igtk(req_key->keyix) && 925 !(is_bigtk(req_key->keyix))) { 926 crypto_err("igtk/bigtk key invalid keyid %d", 927 req_key->keyix); 928 status = QDF_STATUS_E_INVAL; 929 goto err; 930 } 931 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 932 if (!key) { 933 status = QDF_STATUS_E_NOMEM; 934 goto err; 935 } 936 937 if (is_igtk(req_key->keyix)) { 938 crypto_key = crypto_priv->igtk_key[igtk_idx]; 939 if (crypto_key) 940 qdf_mem_free(crypto_key); 941 942 crypto_priv->igtk_key[igtk_idx] = key; 943 crypto_priv->igtk_key_type = req_key->type; 944 crypto_priv->def_igtk_tx_keyid = igtk_idx; 945 } else { 946 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 947 if (crypto_key) 948 qdf_mem_free(crypto_key); 949 950 crypto_priv->bigtk_key[bigtk_idx] = key; 951 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 952 } 953 } else { 954 uint16_t kid = req_key->keyix; 955 if (kid == WLAN_CRYPTO_KEYIX_NONE) 956 kid = 0; 957 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 958 crypto_err("invalid keyid %d", kid); 959 status = QDF_STATUS_E_INVAL; 960 goto err; 961 } 962 if (!crypto_priv->key[kid]) { 963 crypto_priv->key[kid] 964 = qdf_mem_malloc( 965 sizeof(struct wlan_crypto_key)); 966 if (!crypto_priv->key[kid]) { 967 status = QDF_STATUS_E_NOMEM; 968 goto err; 969 } 970 } 971 key = crypto_priv->key[kid]; 972 } 973 } 974 975 /* alloc key might not required as it is already there */ 976 key->cipher_table = (void *)cipher; 977 key->keylen = req_key->keylen; 978 key->flags = req_key->flags; 979 980 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 981 key->keyix = 0; 982 else 983 key->keyix = req_key->keyix; 984 985 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 986 && (!IS_MGMT_CIPHER(req_key->type))) { 987 crypto_priv->def_tx_keyid = key->keyix; 988 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 989 } 990 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 991 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 992 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 993 0x5c, 0x36, 0x5c, 0x36, 994 0x5c, 0x36, 0x5c, 0x36, 995 0x5c, 0x36, 0x5c, 0x37}; 996 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 997 0x5c, 0x36, 0x5c, 0x36, 998 0x5c, 0x36, 0x5c, 0x36, 999 0x5c, 0x36, 0x5c, 0x36}; 1000 1001 /* During Tx PN should be increment and 1002 * send but as per our implementation we increment only after 1003 * Tx complete. So First packet PN check will be failed. 1004 * To compensate increment the PN here by 2 1005 */ 1006 if (vdev_mode == QDF_SAP_MODE) { 1007 iv_AP[15] += 2; 1008 qdf_mem_copy(key->recviv, iv_STA, 1009 WLAN_CRYPTO_WAPI_IV_SIZE); 1010 qdf_mem_copy(key->txiv, iv_AP, 1011 WLAN_CRYPTO_WAPI_IV_SIZE); 1012 } else { 1013 iv_STA[15] += 2; 1014 qdf_mem_copy(key->recviv, iv_AP, 1015 WLAN_CRYPTO_WAPI_IV_SIZE); 1016 qdf_mem_copy(key->txiv, iv_STA, 1017 WLAN_CRYPTO_WAPI_IV_SIZE); 1018 } 1019 } else { 1020 uint8_t i = 0; 1021 qdf_mem_copy((uint8_t *)(&key->keytsc), 1022 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 1023 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 1024 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 1025 (uint8_t *)(&req_key->keyrsc), 1026 sizeof(key->keyrsc[0])); 1027 } 1028 } 1029 1030 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1031 if (!tx_ops) { 1032 crypto_err("tx_ops is NULL"); 1033 status = QDF_STATUS_E_INVAL; 1034 goto err; 1035 } 1036 1037 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 1038 key->valid = 1; 1039 if ((IS_MGMT_CIPHER(req_key->type))) { 1040 uint32_t mgmt_cipher = 0; 1041 1042 if (HAS_CIPHER_CAP(crypto_params, 1043 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 1044 is_bigtk(req_key->keyix)) { 1045 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1046 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 1047 key, macaddr, req_key->type); 1048 } 1049 } 1050 QDF_SET_PARAM(mgmt_cipher, req_key->type); 1051 wlan_crypto_set_mgmtcipher(crypto_params, mgmt_cipher); 1052 status = wlan_crypto_set_igtk_key(key); 1053 } else if (IS_FILS_CIPHER(req_key->type)) { 1054 /* Take request key object to FILS setkey */ 1055 key->private = req_key; 1056 } else { 1057 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1058 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, macaddr, 1059 req_key->type); 1060 } 1061 } 1062 if (cipher) 1063 status = cipher->setkey(key); 1064 1065 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 1066 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 1067 (!IS_MGMT_CIPHER(req_key->type)) && isbcast) { 1068 /* default xmit key */ 1069 wlan_crypto_default_key(vdev, 1070 req_key->macaddr, 1071 req_key->keyix, 1072 !isbcast); 1073 /*Iterate through the peer list on this vdev 1074 *and store the keyix in the peer's crypto_priv 1075 */ 1076 wlan_objmgr_iterate_peerobj_list(vdev, store_def_keyix_peer, 1077 (void *)&req_key->keyix, 1078 WLAN_CRYPTO_ID); 1079 1080 } 1081 err: 1082 if (peer) 1083 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1084 return status; 1085 } 1086 1087 void store_def_keyix_peer(struct wlan_objmgr_vdev *vdev, void *object, 1088 void *arg) 1089 { 1090 struct wlan_objmgr_peer *peer = NULL; 1091 struct wlan_crypto_comp_priv *crypto_priv; 1092 struct wlan_crypto_params *crypto_params; 1093 1094 uint16_t kid = *(uint16_t *)arg; 1095 1096 peer = (struct wlan_objmgr_peer *)object; 1097 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1098 if (!crypto_priv) { 1099 crypto_err("crypto_priv NULL"); 1100 return; 1101 } 1102 crypto_priv->def_tx_keyid = kid; 1103 } 1104 1105 qdf_export_symbol(store_def_keyix_peer); 1106 1107 wlan_crypto_cipher_type wlan_crypto_get_key_type(struct wlan_crypto_key *key) 1108 { 1109 if (key && key->cipher_table) { 1110 return ((struct wlan_crypto_cipher *) 1111 (key->cipher_table))->cipher; 1112 } 1113 return WLAN_CRYPTO_CIPHER_NONE; 1114 } 1115 qdf_export_symbol(wlan_crypto_get_key_type); 1116 1117 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 1118 uint16_t keyix) 1119 { 1120 struct wlan_crypto_comp_priv *crypto_priv; 1121 struct wlan_crypto_params *crypto_params; 1122 struct wlan_crypto_key *key = NULL; 1123 1124 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1125 1126 if (!crypto_priv) { 1127 crypto_err("crypto_priv NULL"); 1128 return NULL; 1129 } 1130 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1131 * we return the default key, for all other keyix we return the 1132 * key accordingly. 1133 */ 1134 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1135 !is_valid_keyix(keyix)) 1136 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1137 else if (is_bigtk(keyix)) 1138 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1139 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1140 else if (is_igtk(keyix)) 1141 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1142 else 1143 key = crypto_priv->key[keyix]; 1144 1145 if (key && key->valid) 1146 return key; 1147 1148 return NULL; 1149 } 1150 qdf_export_symbol(wlan_crypto_vdev_getkey); 1151 1152 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1153 uint16_t keyix) 1154 { 1155 struct wlan_crypto_comp_priv *crypto_priv; 1156 struct wlan_crypto_params *crypto_params; 1157 struct wlan_crypto_key *key = NULL; 1158 1159 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1160 1161 if (!crypto_priv) { 1162 crypto_err("crypto_priv NULL"); 1163 return NULL; 1164 } 1165 1166 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1167 * we return the default key, for all other keyix we return the 1168 * key accordingly. 1169 */ 1170 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1171 !is_valid_keyix(keyix)) 1172 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1173 else if (is_bigtk(keyix)) 1174 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1175 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1176 else if (is_igtk(keyix)) 1177 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1178 else 1179 key = crypto_priv->key[keyix]; 1180 1181 if (key && key->valid) 1182 return key; 1183 1184 return NULL; 1185 } 1186 qdf_export_symbol(wlan_crypto_peer_getkey); 1187 1188 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1189 struct wlan_crypto_req_key *req_key, 1190 uint8_t *mac_addr) 1191 { 1192 struct wlan_crypto_cipher *cipher_table; 1193 struct wlan_crypto_key *key; 1194 struct wlan_objmgr_psoc *psoc; 1195 struct wlan_lmac_if_tx_ops *tx_ops; 1196 struct wlan_lmac_if_rx_ops *rx_ops; 1197 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1198 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1199 QDF_STATUS status = QDF_STATUS_E_INVAL; 1200 struct wlan_objmgr_peer *peer = NULL; 1201 uint8_t pdev_id; 1202 uint16_t get_pn_enable; 1203 1204 if (!req_key) { 1205 crypto_err("req_key NULL"); 1206 return QDF_STATUS_E_INVAL; 1207 } 1208 1209 get_pn_enable = req_key->flags & WLAN_CRYPTO_KEY_GET_PN; 1210 1211 wlan_vdev_obj_lock(vdev); 1212 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1213 QDF_MAC_ADDR_SIZE); 1214 psoc = wlan_vdev_get_psoc(vdev); 1215 if (!psoc) { 1216 wlan_vdev_obj_unlock(vdev); 1217 crypto_err("psoc NULL"); 1218 return QDF_STATUS_E_INVAL; 1219 } 1220 wlan_vdev_obj_unlock(vdev); 1221 1222 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1223 if (!tx_ops) { 1224 crypto_err("tx_ops is NULL"); 1225 return QDF_STATUS_E_INVAL; 1226 } 1227 1228 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 1229 if (!rx_ops) { 1230 crypto_err("rx_ops is NULL"); 1231 return QDF_STATUS_E_INVAL; 1232 } 1233 1234 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1235 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1236 if (!key) 1237 return QDF_STATUS_E_INVAL; 1238 } else { 1239 1240 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1241 wlan_vdev_get_pdev(vdev)); 1242 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1243 psoc, 1244 pdev_id, 1245 macaddr, 1246 mac_addr, 1247 WLAN_CRYPTO_ID); 1248 if (!peer) { 1249 crypto_err("peer NULL"); 1250 return QDF_STATUS_E_NOENT; 1251 } 1252 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1253 1254 if (!key) { 1255 crypto_err("Key is NULL"); 1256 status = QDF_STATUS_E_INVAL; 1257 goto err; 1258 } 1259 } 1260 1261 if (key->valid) { 1262 qdf_mem_copy(req_key->keydata, 1263 key->keyval, key->keylen); 1264 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1265 (uint8_t *)(&key->keytsc), 1266 sizeof(req_key->keytsc)); 1267 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1268 (uint8_t *)(&key->keyrsc[0]), 1269 sizeof(req_key->keyrsc)); 1270 req_key->keylen = key->keylen; 1271 req_key->keyix = key->keyix; 1272 req_key->flags = key->flags; 1273 1274 if (is_igtk(req_key->keyix) || is_bigtk(req_key->keyix)) { 1275 req_key->type = key->cipher_type; 1276 } else { 1277 cipher_table = key->cipher_table; 1278 1279 if (!cipher_table) { 1280 status = QDF_STATUS_SUCCESS; 1281 goto err; 1282 } 1283 1284 req_key->type = cipher_table->cipher; 1285 } 1286 1287 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1288 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1289 (uint8_t *)(key->txiv), 1290 sizeof(req_key->txiv)); 1291 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1292 (uint8_t *)(key->recviv), 1293 sizeof(req_key->recviv)); 1294 } 1295 1296 if (get_pn_enable) { 1297 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)) 1298 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, mac_addr, 1299 req_key->keyix, 1300 req_key->type); 1301 if (WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)) 1302 WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)( 1303 vdev, mac_addr, req_key->keyix); 1304 } 1305 } 1306 status = QDF_STATUS_SUCCESS; 1307 1308 err: 1309 if (peer) 1310 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1311 1312 return status; 1313 } 1314 1315 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1316 uint8_t *macaddr, 1317 uint8_t key_idx) 1318 { 1319 struct wlan_crypto_comp_priv *crypto_priv; 1320 struct wlan_crypto_params *crypto_params; 1321 struct wlan_crypto_key *key; 1322 struct wlan_crypto_cipher *cipher_table; 1323 struct wlan_objmgr_psoc *psoc; 1324 struct wlan_lmac_if_tx_ops *tx_ops; 1325 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1326 struct wlan_objmgr_peer *peer = NULL; 1327 QDF_STATUS ret = QDF_STATUS_SUCCESS; 1328 1329 if (!vdev || !macaddr || 1330 !is_valid_keyix(key_idx)) { 1331 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1332 vdev, macaddr, key_idx); 1333 return QDF_STATUS_E_INVAL; 1334 } 1335 1336 wlan_vdev_obj_lock(vdev); 1337 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1338 QDF_MAC_ADDR_SIZE); 1339 psoc = wlan_vdev_get_psoc(vdev); 1340 if (!psoc) { 1341 wlan_vdev_obj_unlock(vdev); 1342 crypto_err("psoc NULL"); 1343 return QDF_STATUS_E_INVAL; 1344 } 1345 wlan_vdev_obj_unlock(vdev); 1346 1347 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1348 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1349 &crypto_priv); 1350 if (!crypto_priv) { 1351 crypto_err("crypto_priv NULL"); 1352 return QDF_STATUS_E_INVAL; 1353 } 1354 } else { 1355 uint8_t pdev_id; 1356 1357 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1358 wlan_vdev_get_pdev(vdev)); 1359 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1360 psoc, pdev_id, 1361 bssid_mac, 1362 macaddr, 1363 WLAN_CRYPTO_ID); 1364 if (!peer) { 1365 return QDF_STATUS_E_INVAL; 1366 } 1367 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1368 &crypto_priv); 1369 if (!crypto_priv) { 1370 crypto_err("crypto_priv NULL"); 1371 ret = QDF_STATUS_E_INVAL; 1372 goto ret_rel_ref; 1373 } 1374 } 1375 1376 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1377 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1378 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1379 1380 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1381 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1382 ret = QDF_STATUS_E_INVAL; 1383 goto ret_rel_ref; 1384 } 1385 if (is_igtk(key_idx)) { 1386 key = crypto_priv->igtk_key[igtk_idx]; 1387 crypto_priv->igtk_key[igtk_idx] = NULL; 1388 } else { 1389 key = crypto_priv->bigtk_key[bigtk_idx]; 1390 crypto_priv->bigtk_key[bigtk_idx] = NULL; 1391 } 1392 if (key) 1393 key->valid = 0; 1394 } else { 1395 key = crypto_priv->key[key_idx]; 1396 crypto_priv->key[key_idx] = NULL; 1397 } 1398 1399 if (!key) { 1400 ret = QDF_STATUS_E_INVAL; 1401 goto ret_rel_ref; 1402 } 1403 1404 if (key->valid) { 1405 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1406 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1407 1408 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1409 if (!tx_ops) { 1410 crypto_err("tx_ops is NULL"); 1411 ret = QDF_STATUS_E_INVAL; 1412 goto ret_rel_ref; 1413 } 1414 1415 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1416 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1417 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1418 cipher_table->cipher); 1419 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1420 if (key->private) 1421 qdf_mem_free(key->private); 1422 } 1423 } 1424 1425 /* Zero-out local key variables */ 1426 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1427 qdf_mem_free(key); 1428 key = NULL; 1429 1430 ret_rel_ref: 1431 if (peer) 1432 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1433 1434 return ret; 1435 } 1436 1437 #ifdef CRYPTO_SET_KEY_CONVERGED 1438 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1439 uint8_t key_idx, uint8_t *macaddr) 1440 { 1441 return QDF_STATUS_SUCCESS; 1442 } 1443 #else 1444 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1445 uint8_t key_idx, uint8_t *macaddr) 1446 { 1447 struct wlan_objmgr_psoc *psoc; 1448 struct wlan_lmac_if_tx_ops *tx_ops; 1449 1450 psoc = wlan_vdev_get_psoc(vdev); 1451 if (!psoc) { 1452 crypto_err("psoc is NULL"); 1453 return QDF_STATUS_E_INVAL; 1454 } 1455 1456 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1457 if (!tx_ops) { 1458 crypto_err("tx_ops is NULL"); 1459 return QDF_STATUS_E_INVAL; 1460 } 1461 1462 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1463 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1464 1465 return QDF_STATUS_SUCCESS; 1466 } 1467 #endif 1468 1469 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1470 uint8_t *macaddr, 1471 uint8_t key_idx, 1472 bool unicast) 1473 { 1474 struct wlan_crypto_comp_priv *crypto_priv; 1475 struct wlan_crypto_params *crypto_params; 1476 struct wlan_crypto_key *key; 1477 struct wlan_objmgr_psoc *psoc; 1478 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1479 1480 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1481 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1482 vdev, macaddr, key_idx); 1483 return QDF_STATUS_E_INVAL; 1484 } 1485 1486 wlan_vdev_obj_lock(vdev); 1487 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1488 QDF_MAC_ADDR_SIZE); 1489 psoc = wlan_vdev_get_psoc(vdev); 1490 if (!psoc) { 1491 wlan_vdev_obj_unlock(vdev); 1492 crypto_err("psoc NULL"); 1493 return QDF_STATUS_E_INVAL; 1494 } 1495 wlan_vdev_obj_unlock(vdev); 1496 1497 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1498 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1499 &crypto_priv); 1500 if (!crypto_priv) { 1501 crypto_err("crypto_priv NULL"); 1502 return QDF_STATUS_E_INVAL; 1503 } 1504 1505 key = crypto_priv->key[key_idx]; 1506 if (!key) 1507 return QDF_STATUS_E_INVAL; 1508 } else { 1509 struct wlan_objmgr_peer *peer; 1510 uint8_t pdev_id; 1511 1512 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1513 wlan_vdev_get_pdev(vdev)); 1514 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1515 psoc, pdev_id, 1516 bssid_mac, 1517 macaddr, 1518 WLAN_CRYPTO_ID); 1519 1520 if (!peer) { 1521 crypto_err("peer NULL"); 1522 return QDF_STATUS_E_INVAL; 1523 } 1524 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1525 &crypto_priv); 1526 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1527 if (!crypto_priv) { 1528 crypto_err("crypto_priv NULL"); 1529 return QDF_STATUS_E_INVAL; 1530 } 1531 1532 key = crypto_priv->key[key_idx]; 1533 if (!key) 1534 return QDF_STATUS_E_INVAL; 1535 } 1536 if (!key->valid) 1537 return QDF_STATUS_E_INVAL; 1538 1539 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1540 QDF_STATUS_SUCCESS) 1541 return QDF_STATUS_E_INVAL; 1542 crypto_priv->def_tx_keyid = key_idx; 1543 1544 return QDF_STATUS_SUCCESS; 1545 } 1546 1547 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1548 qdf_nbuf_t wbuf, 1549 uint8_t *mac_addr, 1550 uint8_t encapdone) 1551 { 1552 struct wlan_crypto_comp_priv *crypto_priv; 1553 struct wlan_crypto_params *crypto_params; 1554 struct wlan_crypto_key *key; 1555 QDF_STATUS status; 1556 struct wlan_crypto_cipher *cipher_table; 1557 struct wlan_objmgr_psoc *psoc; 1558 struct wlan_objmgr_peer *peer; 1559 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1560 uint8_t pdev_id; 1561 uint8_t hdrlen; 1562 enum QDF_OPMODE opmode; 1563 1564 opmode = wlan_vdev_mlme_get_opmode(vdev); 1565 wlan_vdev_obj_lock(vdev); 1566 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1567 QDF_MAC_ADDR_SIZE); 1568 psoc = wlan_vdev_get_psoc(vdev); 1569 if (!psoc) { 1570 wlan_vdev_obj_unlock(vdev); 1571 crypto_err("psoc NULL"); 1572 return QDF_STATUS_E_INVAL; 1573 } 1574 wlan_vdev_obj_unlock(vdev); 1575 1576 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1577 /* FILS Encap required only for (Re-)Assoc response */ 1578 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1579 1580 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1581 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1582 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1583 return QDF_STATUS_E_INVAL; 1584 } 1585 1586 if (peer) 1587 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1588 peer = NULL; 1589 1590 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1591 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1592 &crypto_priv); 1593 if (!crypto_priv) { 1594 crypto_err("crypto_priv NULL"); 1595 return QDF_STATUS_E_INVAL; 1596 } 1597 1598 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1599 if (!key) 1600 return QDF_STATUS_E_INVAL; 1601 1602 } else { 1603 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1604 bssid_mac, mac_addr, 1605 WLAN_CRYPTO_ID); 1606 if (!peer) { 1607 crypto_err("crypto_priv NULL"); 1608 return QDF_STATUS_E_INVAL; 1609 } 1610 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1611 &crypto_priv); 1612 1613 if (!crypto_priv) { 1614 crypto_err("crypto_priv NULL"); 1615 status = QDF_STATUS_E_INVAL; 1616 goto err; 1617 } 1618 1619 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1620 if (!key) { 1621 crypto_err("Key is NULL"); 1622 status = QDF_STATUS_E_INVAL; 1623 goto err; 1624 } 1625 } 1626 if (opmode == QDF_MONITOR_MODE) 1627 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1628 else 1629 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1630 (uint8_t *)qdf_nbuf_data(wbuf)); 1631 1632 /* if tkip, is counter measures enabled, then drop the frame */ 1633 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1634 status = cipher_table->encap(key, wbuf, encapdone, 1635 hdrlen); 1636 1637 err: 1638 if (peer) 1639 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1640 1641 return status; 1642 } 1643 qdf_export_symbol(wlan_crypto_encap); 1644 1645 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1646 qdf_nbuf_t wbuf, 1647 uint8_t *mac_addr, 1648 uint8_t tid) 1649 { 1650 struct wlan_crypto_comp_priv *crypto_priv; 1651 struct wlan_crypto_params *crypto_params; 1652 struct wlan_crypto_key *key; 1653 QDF_STATUS status; 1654 struct wlan_crypto_cipher *cipher_table; 1655 struct wlan_objmgr_psoc *psoc; 1656 struct wlan_objmgr_peer *peer; 1657 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1658 uint8_t keyid; 1659 uint8_t pdev_id; 1660 uint8_t hdrlen; 1661 enum QDF_OPMODE opmode; 1662 1663 opmode = wlan_vdev_mlme_get_opmode(vdev); 1664 wlan_vdev_obj_lock(vdev); 1665 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1666 QDF_MAC_ADDR_SIZE); 1667 psoc = wlan_vdev_get_psoc(vdev); 1668 if (!psoc) { 1669 wlan_vdev_obj_unlock(vdev); 1670 crypto_err("psoc NULL"); 1671 return QDF_STATUS_E_INVAL; 1672 } 1673 wlan_vdev_obj_unlock(vdev); 1674 1675 if (opmode == QDF_MONITOR_MODE) 1676 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1677 else 1678 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1679 (uint8_t *)qdf_nbuf_data(wbuf)); 1680 1681 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1682 1683 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1684 return QDF_STATUS_E_INVAL; 1685 1686 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1687 /* FILS Decap required only for (Re-)Assoc request */ 1688 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1689 1690 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1691 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1692 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1693 return QDF_STATUS_E_INVAL; 1694 } 1695 1696 if (peer) 1697 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1698 peer = NULL; 1699 1700 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1701 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1702 &crypto_priv); 1703 if (!crypto_priv) { 1704 crypto_err("crypto_priv NULL"); 1705 return QDF_STATUS_E_INVAL; 1706 } 1707 1708 key = crypto_priv->key[keyid]; 1709 if (!key) 1710 return QDF_STATUS_E_INVAL; 1711 } else { 1712 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1713 psoc, pdev_id, bssid_mac, 1714 mac_addr, WLAN_CRYPTO_ID); 1715 if (!peer) { 1716 crypto_err("peer NULL"); 1717 return QDF_STATUS_E_INVAL; 1718 } 1719 1720 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1721 &crypto_priv); 1722 1723 if (!crypto_priv) { 1724 crypto_err("crypto_priv NULL"); 1725 status = QDF_STATUS_E_INVAL; 1726 goto err; 1727 } 1728 1729 key = crypto_priv->key[keyid]; 1730 if (!key) { 1731 crypto_err("Key is NULL"); 1732 status = QDF_STATUS_E_INVAL; 1733 goto err; 1734 } 1735 } 1736 1737 if (!key->valid || !key->cipher_table) { 1738 status = QDF_STATUS_E_INVAL; 1739 goto err; 1740 } 1741 1742 /* if tkip, is counter measures enabled, then drop the frame */ 1743 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1744 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1745 1746 err: 1747 if (peer) 1748 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1749 1750 return status; 1751 } 1752 qdf_export_symbol(wlan_crypto_decap); 1753 1754 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1755 qdf_nbuf_t wbuf, 1756 uint8_t *mac_addr, 1757 uint8_t encapdone) 1758 { 1759 struct wlan_crypto_comp_priv *crypto_priv; 1760 struct wlan_crypto_params *crypto_params; 1761 struct wlan_crypto_key *key; 1762 QDF_STATUS status; 1763 struct wlan_crypto_cipher *cipher_table; 1764 struct wlan_objmgr_psoc *psoc; 1765 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1766 uint8_t hdrlen; 1767 enum QDF_OPMODE opmode; 1768 1769 opmode = wlan_vdev_mlme_get_opmode(vdev); 1770 1771 1772 wlan_vdev_obj_lock(vdev); 1773 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1774 QDF_MAC_ADDR_SIZE); 1775 psoc = wlan_vdev_get_psoc(vdev); 1776 if (!psoc) { 1777 wlan_vdev_obj_unlock(vdev); 1778 crypto_err("psoc NULL"); 1779 return QDF_STATUS_E_INVAL; 1780 } 1781 wlan_vdev_obj_unlock(vdev); 1782 1783 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1784 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1785 &crypto_priv); 1786 if (!crypto_priv) { 1787 crypto_err("crypto_priv NULL"); 1788 return QDF_STATUS_E_INVAL; 1789 } 1790 1791 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1792 if (!key) 1793 return QDF_STATUS_E_INVAL; 1794 1795 } else { 1796 struct wlan_objmgr_peer *peer; 1797 uint8_t pdev_id; 1798 1799 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1800 wlan_vdev_get_pdev(vdev)); 1801 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1802 psoc, pdev_id, bssid_mac, 1803 mac_addr, WLAN_CRYPTO_ID); 1804 if (!peer) { 1805 crypto_err("crypto_priv NULL"); 1806 return QDF_STATUS_E_INVAL; 1807 } 1808 1809 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1810 &crypto_priv); 1811 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1812 1813 if (!crypto_priv) { 1814 crypto_err("crypto_priv NULL"); 1815 return QDF_STATUS_E_INVAL; 1816 } 1817 1818 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1819 if (!key) 1820 return QDF_STATUS_E_INVAL; 1821 } 1822 if (opmode == QDF_MONITOR_MODE) 1823 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1824 else 1825 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1826 (uint8_t *)qdf_nbuf_data(wbuf)); 1827 1828 /* if tkip, is counter measures enabled, then drop the frame */ 1829 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1830 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1831 1832 return status; 1833 } 1834 1835 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1836 qdf_nbuf_t wbuf, 1837 uint8_t *mac_addr, 1838 uint8_t tid, 1839 uint8_t keyid) 1840 { 1841 struct wlan_crypto_comp_priv *crypto_priv; 1842 struct wlan_crypto_params *crypto_params; 1843 struct wlan_crypto_key *key; 1844 QDF_STATUS status; 1845 struct wlan_crypto_cipher *cipher_table; 1846 struct wlan_objmgr_psoc *psoc; 1847 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1848 uint8_t hdrlen; 1849 enum QDF_OPMODE opmode; 1850 1851 opmode = wlan_vdev_mlme_get_opmode(vdev); 1852 1853 if (opmode == QDF_MONITOR_MODE) 1854 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1855 else 1856 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1857 (uint8_t *)qdf_nbuf_data(wbuf)); 1858 1859 wlan_vdev_obj_lock(vdev); 1860 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1861 QDF_MAC_ADDR_SIZE); 1862 psoc = wlan_vdev_get_psoc(vdev); 1863 if (!psoc) { 1864 wlan_vdev_obj_unlock(vdev); 1865 crypto_err("psoc NULL"); 1866 return QDF_STATUS_E_INVAL; 1867 } 1868 wlan_vdev_obj_unlock(vdev); 1869 1870 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1871 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1872 &crypto_priv); 1873 if (!crypto_priv) { 1874 crypto_err("crypto_priv NULL"); 1875 return QDF_STATUS_E_INVAL; 1876 } 1877 1878 key = crypto_priv->key[keyid]; 1879 if (!key) 1880 return QDF_STATUS_E_INVAL; 1881 1882 } else { 1883 struct wlan_objmgr_peer *peer; 1884 uint8_t pdev_id; 1885 1886 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1887 wlan_vdev_get_pdev(vdev)); 1888 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1889 psoc, pdev_id, bssid_mac, 1890 mac_addr, WLAN_CRYPTO_ID); 1891 if (!peer) { 1892 crypto_err("peer NULL"); 1893 return QDF_STATUS_E_INVAL; 1894 } 1895 1896 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1897 &crypto_priv); 1898 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1899 1900 if (!crypto_priv) { 1901 crypto_err("crypto_priv NULL"); 1902 return QDF_STATUS_E_INVAL; 1903 } 1904 1905 key = crypto_priv->key[keyid]; 1906 if (!key) 1907 return QDF_STATUS_E_INVAL; 1908 } 1909 /* if tkip, is counter measures enabled, then drop the frame */ 1910 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1911 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1912 1913 return status; 1914 } 1915 1916 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1917 { 1918 1919 struct wlan_crypto_comp_priv *crypto_priv; 1920 struct wlan_crypto_params *vdev_crypto_params; 1921 1922 if (!vdev) 1923 return false; 1924 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1925 &crypto_priv); 1926 if (!crypto_priv) { 1927 crypto_err("crypto_priv NULL"); 1928 return false; 1929 } 1930 1931 if ((vdev_crypto_params->rsn_caps & 1932 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1933 || (vdev_crypto_params->rsn_caps & 1934 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1935 return true; 1936 } 1937 1938 return false; 1939 } 1940 1941 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 1942 { 1943 struct wlan_crypto_comp_priv *crypto_priv; 1944 struct wlan_crypto_params *vdev_crypto_params; 1945 1946 if (!vdev) 1947 return false; 1948 1949 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1950 &crypto_priv); 1951 if (!crypto_priv) { 1952 crypto_err("crypto_priv NULL"); 1953 return false; 1954 } 1955 1956 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 1957 return true; 1958 1959 return false; 1960 } 1961 1962 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1963 struct wlan_objmgr_peer *peer) 1964 { 1965 struct wlan_crypto_comp_priv *crypto_priv; 1966 struct wlan_crypto_params *vdev_crypto_params; 1967 struct wlan_crypto_params *peer_crypto_params; 1968 1969 if (!vdev || !peer) 1970 return false; 1971 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1972 &crypto_priv); 1973 if (!crypto_priv) { 1974 crypto_err("crypto_priv NULL"); 1975 return false; 1976 } 1977 1978 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1979 &crypto_priv); 1980 if (!crypto_priv) { 1981 crypto_err("crypto_priv NULL"); 1982 return false; 1983 } 1984 if (((vdev_crypto_params->rsn_caps & 1985 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1986 (peer_crypto_params->rsn_caps & 1987 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1988 || (vdev_crypto_params->rsn_caps & 1989 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1990 return true; 1991 } 1992 1993 return false; 1994 } 1995 1996 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 1997 struct wlan_objmgr_peer *peer, 1998 uint16_t keyidx) 1999 { 2000 struct wlan_crypto_key *key = NULL; 2001 2002 if (!vdev && !peer) 2003 return false; 2004 2005 if (peer) 2006 key = wlan_crypto_peer_getkey(peer, keyidx); 2007 else if (vdev) 2008 key = wlan_crypto_vdev_getkey(vdev, keyidx); 2009 2010 if ((key) && key->valid) 2011 return true; 2012 2013 return false; 2014 } 2015 2016 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 2017 { 2018 a[0] = b[5]; 2019 a[1] = b[4]; 2020 a[2] = b[3]; 2021 a[3] = b[2]; 2022 a[4] = b[1]; 2023 a[5] = b[0]; 2024 } 2025 2026 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 2027 uint8_t *bfrm, 2028 uint32_t len) 2029 { 2030 struct wlan_crypto_key *key; 2031 struct wlan_crypto_mmie *mmie; 2032 uint8_t *pn, *aad, *buf, *efrm, nonce[12]; 2033 struct wlan_frame_hdr *hdr; 2034 uint32_t i, hdrlen, mic_len, aad_len; 2035 uint8_t mic[16]; 2036 struct wlan_crypto_comp_priv *crypto_priv; 2037 struct wlan_crypto_params *crypto_params; 2038 int32_t ret = -1; 2039 2040 if (!bfrm) { 2041 crypto_err("frame is NULL"); 2042 return NULL; 2043 } 2044 2045 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2046 &crypto_priv); 2047 if (!crypto_priv) { 2048 crypto_err("crypto_priv NULL"); 2049 return NULL; 2050 } 2051 2052 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 2053 crypto_err("igtk key invalid keyid %d", 2054 crypto_priv->def_igtk_tx_keyid); 2055 return NULL; 2056 } 2057 2058 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 2059 if (!key) { 2060 crypto_err("No igtk key present"); 2061 return NULL; 2062 } 2063 mic_len = (crypto_priv->igtk_key_type 2064 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2065 2066 efrm = bfrm + len; 2067 aad_len = 20; 2068 hdrlen = sizeof(struct wlan_frame_hdr); 2069 len += sizeof(struct wlan_crypto_mmie); 2070 2071 mmie = (struct wlan_crypto_mmie *) efrm; 2072 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2073 mmie->element_id = WLAN_ELEMID_MMIE; 2074 mmie->length = sizeof(*mmie) - 2; 2075 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2076 2077 mic_len = (crypto_priv->igtk_key_type 2078 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2079 if (mic_len == 8) { 2080 mmie->length -= 8; 2081 len -= 8; 2082 } 2083 /* PN = PN + 1 */ 2084 pn = (uint8_t *)&key->keytsc; 2085 2086 for (i = 0; i <= 5; i++) { 2087 pn[i]++; 2088 if (pn[i]) 2089 break; 2090 } 2091 2092 /* Copy IPN */ 2093 qdf_mem_copy(mmie->sequence_number, pn, 6); 2094 2095 hdr = (struct wlan_frame_hdr *) bfrm; 2096 2097 buf = qdf_mem_malloc(len - hdrlen + 20); 2098 if (!buf) 2099 return NULL; 2100 2101 qdf_mem_zero(buf, len - hdrlen + 20); 2102 aad = buf; 2103 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2104 2105 /* FC type/subtype */ 2106 aad[0] = hdr->i_fc[0]; 2107 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2108 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2109 | WLAN_FC1_MOREDATA)); 2110 /* A1 || A2 || A3 */ 2111 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2112 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2113 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2114 qdf_mem_zero(mic, 16); 2115 2116 /* 2117 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2118 */ 2119 2120 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2121 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2122 2123 ret = omac1_aes_128(key->keyval, buf, 2124 len + aad_len - hdrlen, mic); 2125 qdf_mem_copy(mmie->mic, mic, 8); 2126 2127 } else if (crypto_priv->igtk_key_type 2128 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2129 2130 ret = omac1_aes_256(key->keyval, buf, 2131 len + aad_len - hdrlen, mmie->mic); 2132 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2133 || (crypto_priv->igtk_key_type 2134 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2135 2136 qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2137 wlan_crypto_gmac_pn_swap(nonce + 6, pn); 2138 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce, 2139 sizeof(nonce), buf, 2140 len + aad_len - hdrlen, mmie->mic); 2141 } 2142 qdf_mem_free(buf); 2143 if (ret < 0) { 2144 crypto_err("add mmie failed"); 2145 return NULL; 2146 } 2147 2148 return bfrm + len; 2149 } 2150 2151 #define MAX_MIC_LEN 16 2152 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2153 uint8_t *frm, 2154 uint8_t *efrm) 2155 { 2156 struct wlan_crypto_mmie *mmie = NULL; 2157 uint8_t *ipn, *aad, *buf, *mic, nonce[12]; 2158 struct wlan_crypto_key *key; 2159 struct wlan_frame_hdr *hdr; 2160 uint16_t mic_len, hdrlen, len; 2161 struct wlan_crypto_comp_priv *crypto_priv; 2162 struct wlan_crypto_params *crypto_params; 2163 uint8_t aad_len = 20; 2164 int32_t ret = -1; 2165 2166 /* check if frame is illegal length */ 2167 if (!frm || !efrm || (efrm < frm) 2168 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2169 crypto_err("Invalid params"); 2170 return false; 2171 } 2172 len = efrm - frm; 2173 crypto_priv = (struct wlan_crypto_comp_priv *) 2174 wlan_get_vdev_crypto_obj(vdev); 2175 if (!crypto_priv) { 2176 crypto_err("crypto_priv NULL"); 2177 return false; 2178 } 2179 2180 crypto_params = &(crypto_priv->crypto_params); 2181 2182 2183 mic_len = (crypto_priv->igtk_key_type 2184 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2185 hdrlen = sizeof(struct wlan_frame_hdr); 2186 2187 if (mic_len == 8) 2188 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2189 else 2190 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2191 2192 2193 /* check Elem ID*/ 2194 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2195 crypto_err("IE is not MMIE"); 2196 return false; 2197 } 2198 2199 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2200 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2201 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2202 crypto_err("keyid not valid"); 2203 return false; 2204 } 2205 2206 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2207 if (!key) { 2208 crypto_err("No igtk key present"); 2209 return false; 2210 } 2211 2212 /* validate ipn */ 2213 ipn = mmie->sequence_number; 2214 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2215 uint8_t *su = (uint8_t *)key->keyrsc; 2216 uint8_t *end = ipn + 6; 2217 struct wlan_objmgr_peer *peer = wlan_vdev_get_selfpeer(vdev); 2218 2219 crypto_err("replay error :"); 2220 while (ipn < end) { 2221 crypto_err("expected pn = %x received pn = %x", 2222 *ipn++, *su++); 2223 } 2224 wlan_cp_stats_vdev_mcast_rx_pnerr(vdev); 2225 wlan_cp_stats_peer_rx_pnerr(peer); 2226 return false; 2227 } 2228 2229 buf = qdf_mem_malloc(len - hdrlen + 20); 2230 if (!buf) 2231 return false; 2232 2233 aad = buf; 2234 2235 /* construct AAD */ 2236 hdr = (struct wlan_frame_hdr *)frm; 2237 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2238 2239 /* FC type/subtype */ 2240 aad[0] = hdr->i_fc[0]; 2241 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2242 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2243 | WLAN_FC1_MOREDATA)); 2244 /* A1 || A2 || A3 */ 2245 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2246 2247 /* 2248 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2249 */ 2250 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2251 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2252 mic = qdf_mem_malloc(MAX_MIC_LEN); 2253 if (!mic) { 2254 qdf_mem_free(buf); 2255 return false; 2256 } 2257 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2258 ret = omac1_aes_128(key->keyval, buf, 2259 len - hdrlen + aad_len, mic); 2260 } else if (crypto_priv->igtk_key_type 2261 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2262 ret = omac1_aes_256(key->keyval, buf, 2263 len + aad_len - hdrlen, mic); 2264 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2265 || (crypto_priv->igtk_key_type 2266 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2267 qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2268 wlan_crypto_gmac_pn_swap(nonce + 6, ipn); 2269 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce, 2270 sizeof(nonce), buf, 2271 len + aad_len - hdrlen, mic); 2272 } 2273 2274 qdf_mem_free(buf); 2275 2276 if (ret < 0) { 2277 qdf_mem_free(mic); 2278 crypto_err("generate mmie failed"); 2279 return false; 2280 } 2281 2282 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2283 qdf_mem_free(mic); 2284 crypto_err("mmie mismatch"); 2285 /* MMIE MIC mismatch */ 2286 return false; 2287 } 2288 2289 qdf_mem_free(mic); 2290 /* Update the receive sequence number */ 2291 qdf_mem_copy(key->keyrsc, ipn, 6); 2292 crypto_debug("mmie matched"); 2293 2294 return true; 2295 } 2296 2297 2298 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2299 { 2300 int32_t status = -1; 2301 2302 switch (cipher) { 2303 case WLAN_CRYPTO_CIPHER_TKIP: 2304 return WPA_CIPHER_SUITE_TKIP; 2305 case WLAN_CRYPTO_CIPHER_AES_CCM: 2306 return WPA_CIPHER_SUITE_CCMP; 2307 case WLAN_CRYPTO_CIPHER_NONE: 2308 return WPA_CIPHER_SUITE_NONE; 2309 } 2310 2311 return status; 2312 } 2313 2314 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2315 { 2316 int32_t status = -1; 2317 2318 switch (cipher) { 2319 case WLAN_CRYPTO_CIPHER_TKIP: 2320 return RSN_CIPHER_SUITE_TKIP; 2321 case WLAN_CRYPTO_CIPHER_AES_CCM: 2322 return RSN_CIPHER_SUITE_CCMP; 2323 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2324 return RSN_CIPHER_SUITE_CCMP_256; 2325 case WLAN_CRYPTO_CIPHER_AES_GCM: 2326 return RSN_CIPHER_SUITE_GCMP; 2327 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2328 return RSN_CIPHER_SUITE_GCMP_256; 2329 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2330 return RSN_CIPHER_SUITE_AES_CMAC; 2331 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2332 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2333 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2334 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2335 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2336 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2337 case WLAN_CRYPTO_CIPHER_NONE: 2338 return RSN_CIPHER_SUITE_NONE; 2339 } 2340 2341 return status; 2342 } 2343 2344 /* 2345 * Convert an RSN key management/authentication algorithm 2346 * to an internal code. 2347 */ 2348 static int32_t 2349 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2350 { 2351 int32_t status = -1; 2352 2353 switch (keymgmt) { 2354 case WLAN_CRYPTO_KEY_MGMT_NONE: 2355 return RSN_AUTH_KEY_MGMT_NONE; 2356 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2357 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2358 case WLAN_CRYPTO_KEY_MGMT_PSK: 2359 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2360 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2361 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2362 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2363 return RSN_AUTH_KEY_MGMT_FT_PSK; 2364 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2365 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2366 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2367 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2368 case WLAN_CRYPTO_KEY_MGMT_SAE: 2369 return RSN_AUTH_KEY_MGMT_SAE; 2370 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2371 return RSN_AUTH_KEY_MGMT_FT_SAE; 2372 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2373 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2374 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2375 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2376 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2377 return RSN_AUTH_KEY_MGMT_CCKM; 2378 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2379 return RSN_AUTH_KEY_MGMT_OSEN; 2380 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2381 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2382 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2383 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2384 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2385 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2386 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2387 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2388 case WLAN_CRYPTO_KEY_MGMT_OWE: 2389 return RSN_AUTH_KEY_MGMT_OWE; 2390 case WLAN_CRYPTO_KEY_MGMT_DPP: 2391 return RSN_AUTH_KEY_MGMT_DPP; 2392 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384: 2393 return RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384; 2394 case WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY: 2395 return RSN_AUTH_KEY_MGMT_SAE_EXT_KEY; 2396 } 2397 2398 return status; 2399 } 2400 2401 /* 2402 * Convert an RSN key management/authentication algorithm 2403 * to an internal code. 2404 */ 2405 static int32_t 2406 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2407 { 2408 int32_t status = -1; 2409 2410 switch (keymgmt) { 2411 case WLAN_CRYPTO_KEY_MGMT_NONE: 2412 return WPA_AUTH_KEY_MGMT_NONE; 2413 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2414 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2415 case WLAN_CRYPTO_KEY_MGMT_PSK: 2416 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2417 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2418 return WPA_AUTH_KEY_MGMT_CCKM; 2419 } 2420 2421 return status; 2422 } 2423 2424 /* 2425 * Convert a WPA cipher selector OUI to an internal 2426 * cipher algorithm. Where appropriate we also 2427 * record any key length. 2428 */ 2429 static int32_t wlan_crypto_wpa_suite_to_cipher(const uint8_t *sel) 2430 { 2431 uint32_t w = LE_READ_4(sel); 2432 int32_t status = -1; 2433 2434 switch (w) { 2435 case WPA_CIPHER_SUITE_TKIP: 2436 return WLAN_CRYPTO_CIPHER_TKIP; 2437 case WPA_CIPHER_SUITE_CCMP: 2438 return WLAN_CRYPTO_CIPHER_AES_CCM; 2439 case WPA_CIPHER_SUITE_NONE: 2440 return WLAN_CRYPTO_CIPHER_NONE; 2441 } 2442 2443 return status; 2444 } 2445 2446 /* 2447 * Convert a WPA key management/authentication algorithm 2448 * to an internal code. 2449 */ 2450 static int32_t wlan_crypto_wpa_suite_to_keymgmt(const uint8_t *sel) 2451 { 2452 uint32_t w = LE_READ_4(sel); 2453 int32_t status = -1; 2454 2455 switch (w) { 2456 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2457 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2458 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2459 return WLAN_CRYPTO_KEY_MGMT_PSK; 2460 case WPA_AUTH_KEY_MGMT_CCKM: 2461 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2462 case WPA_AUTH_KEY_MGMT_NONE: 2463 return WLAN_CRYPTO_KEY_MGMT_NONE; 2464 } 2465 return status; 2466 } 2467 2468 /* 2469 * Convert a RSN cipher selector OUI to an internal 2470 * cipher algorithm. Where appropriate we also 2471 * record any key length. 2472 */ 2473 static int32_t wlan_crypto_rsn_suite_to_cipher(const uint8_t *sel) 2474 { 2475 uint32_t w = LE_READ_4(sel); 2476 int32_t status = -1; 2477 2478 switch (w) { 2479 case RSN_CIPHER_SUITE_TKIP: 2480 return WLAN_CRYPTO_CIPHER_TKIP; 2481 case RSN_CIPHER_SUITE_CCMP: 2482 return WLAN_CRYPTO_CIPHER_AES_CCM; 2483 case RSN_CIPHER_SUITE_CCMP_256: 2484 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2485 case RSN_CIPHER_SUITE_GCMP: 2486 return WLAN_CRYPTO_CIPHER_AES_GCM; 2487 case RSN_CIPHER_SUITE_GCMP_256: 2488 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2489 case RSN_CIPHER_SUITE_AES_CMAC: 2490 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2491 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2492 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2493 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2494 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2495 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2496 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2497 case RSN_CIPHER_SUITE_NONE: 2498 return WLAN_CRYPTO_CIPHER_NONE; 2499 } 2500 2501 return status; 2502 } 2503 /* 2504 * Convert an RSN key management/authentication algorithm 2505 * to an internal code. 2506 */ 2507 static int32_t wlan_crypto_rsn_suite_to_keymgmt(const uint8_t *sel) 2508 { 2509 uint32_t w = LE_READ_4(sel); 2510 int32_t status = -1; 2511 2512 switch (w) { 2513 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2514 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2515 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2516 return WLAN_CRYPTO_KEY_MGMT_PSK; 2517 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2518 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2519 case RSN_AUTH_KEY_MGMT_FT_PSK: 2520 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2521 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2522 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2523 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2524 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2525 case RSN_AUTH_KEY_MGMT_SAE: 2526 return WLAN_CRYPTO_KEY_MGMT_SAE; 2527 case RSN_AUTH_KEY_MGMT_FT_SAE: 2528 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2529 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2530 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2531 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2532 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2533 case RSN_AUTH_KEY_MGMT_CCKM: 2534 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2535 case RSN_AUTH_KEY_MGMT_OSEN: 2536 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2537 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2538 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2539 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2540 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2541 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2542 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2543 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2544 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2545 case RSN_AUTH_KEY_MGMT_OWE: 2546 return WLAN_CRYPTO_KEY_MGMT_OWE; 2547 case RSN_AUTH_KEY_MGMT_DPP: 2548 return WLAN_CRYPTO_KEY_MGMT_DPP; 2549 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2550 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2551 case RSN_AUTH_KEY_MGMT_FT_PSK_SHA384: 2552 return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384; 2553 case RSN_AUTH_KEY_MGMT_PSK_SHA384: 2554 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384; 2555 case RSN_AUTH_KEY_MGMT_SAE_EXT_KEY: 2556 return WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY; 2557 } 2558 2559 return status; 2560 } 2561 2562 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2563 const uint8_t *frm) 2564 { 2565 uint8_t len = frm[1]; 2566 int32_t w; 2567 int n; 2568 2569 /* 2570 * Check the length once for fixed parts: OUI, type, 2571 * version, mcast cipher, and 2 selector counts. 2572 * Other, variable-length data, must be checked separately. 2573 */ 2574 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2575 2576 if (len < 14) 2577 return QDF_STATUS_E_INVAL; 2578 2579 frm += 6, len -= 4; 2580 2581 w = LE_READ_2(frm); 2582 if (w != WPA_VERSION) 2583 return QDF_STATUS_E_INVAL; 2584 2585 frm += 2, len -= 2; 2586 2587 /* multicast/group cipher */ 2588 w = wlan_crypto_wpa_suite_to_cipher(frm); 2589 if (w < 0) 2590 return QDF_STATUS_E_INVAL; 2591 SET_MCAST_CIPHER(crypto_params, w); 2592 frm += 4, len -= 4; 2593 2594 /* unicast ciphers */ 2595 n = LE_READ_2(frm); 2596 frm += 2, len -= 2; 2597 if (len < n*4+2) 2598 return QDF_STATUS_E_INVAL; 2599 2600 for (; n > 0; n--) { 2601 w = wlan_crypto_wpa_suite_to_cipher(frm); 2602 if (w < 0) 2603 return QDF_STATUS_E_INVAL; 2604 SET_UCAST_CIPHER(crypto_params, w); 2605 frm += 4, len -= 4; 2606 } 2607 2608 if (!crypto_params->ucastcipherset) 2609 return QDF_STATUS_E_INVAL; 2610 2611 /* key management algorithms */ 2612 n = LE_READ_2(frm); 2613 frm += 2, len -= 2; 2614 if (len < n*4) 2615 return QDF_STATUS_E_INVAL; 2616 2617 w = 0; 2618 for (; n > 0; n--) { 2619 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2620 if (w < 0) 2621 return QDF_STATUS_E_INVAL; 2622 SET_KEY_MGMT(crypto_params, w); 2623 frm += 4, len -= 4; 2624 } 2625 2626 /* optional capabilities */ 2627 if (len >= 2) { 2628 crypto_params->rsn_caps = LE_READ_2(frm); 2629 frm += 2, len -= 2; 2630 } 2631 2632 return QDF_STATUS_SUCCESS; 2633 } 2634 2635 #ifdef WLAN_ADAPTIVE_11R 2636 /** 2637 * wlan_crypto_store_akm_list_in_order() - store AMK list in order 2638 * @crypto_params: crypto param structure 2639 * @key_mgmt: key management 2640 * @akm_index: place at which AMK present in RSN IE of Beacon/Probe response 2641 * 2642 * Return: none 2643 */ 2644 static void 2645 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params, 2646 int32_t key_mgmt, int akm_index) 2647 { 2648 if (akm_index >= WLAN_CRYPTO_KEY_MGMT_MAX) { 2649 crypto_debug("Invalid AKM Index"); 2650 return; 2651 } 2652 2653 crypto_params->akm_list[akm_index].key_mgmt = key_mgmt; 2654 } 2655 #else 2656 static inline void 2657 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params, 2658 int32_t key_mgmt, int akm_index) 2659 { 2660 } 2661 #endif 2662 2663 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2664 const uint8_t *frm) 2665 { 2666 uint8_t len = frm[1]; 2667 int32_t w; 2668 int n, akm_index; 2669 2670 /* Check the length once for fixed parts: OUI, type & version */ 2671 if (len < 2) 2672 return QDF_STATUS_E_INVAL; 2673 2674 /* initialize crypto params */ 2675 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2676 2677 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2678 2679 frm += 2; 2680 /* NB: iswapoui already validated the OUI and type */ 2681 w = LE_READ_2(frm); 2682 if (w != RSN_VERSION) 2683 return QDF_STATUS_E_INVAL; 2684 2685 frm += 2, len -= 2; 2686 2687 if (!len) { 2688 /* set defaults */ 2689 /* default group cipher CCMP-128 */ 2690 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2691 /* default ucast cipher CCMP-128 */ 2692 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2693 /* default key mgmt 8021x */ 2694 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2695 return QDF_STATUS_SUCCESS; 2696 } else if (len < 4) { 2697 return QDF_STATUS_E_INVAL; 2698 } 2699 2700 /* multicast/group cipher */ 2701 w = wlan_crypto_rsn_suite_to_cipher(frm); 2702 if (w < 0) 2703 return QDF_STATUS_E_INVAL; 2704 else { 2705 SET_MCAST_CIPHER(crypto_params, w); 2706 frm += 4, len -= 4; 2707 } 2708 2709 if (crypto_params->mcastcipherset == 0) 2710 return QDF_STATUS_E_INVAL; 2711 2712 if (!len) { 2713 /* default ucast cipher CCMP-128 */ 2714 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2715 /* default key mgmt 8021x */ 2716 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2717 return QDF_STATUS_SUCCESS; 2718 } else if (len < 2) { 2719 return QDF_STATUS_E_INVAL; 2720 } 2721 2722 /* unicast ciphers */ 2723 n = LE_READ_2(frm); 2724 frm += 2, len -= 2; 2725 if (n) { 2726 if (len < n * 4) 2727 return QDF_STATUS_E_INVAL; 2728 2729 for (; n > 0; n--) { 2730 w = wlan_crypto_rsn_suite_to_cipher(frm); 2731 if (w >= 0) 2732 SET_UCAST_CIPHER(crypto_params, w); 2733 frm += 4, len -= 4; 2734 } 2735 } else { 2736 /* default ucast cipher CCMP-128 */ 2737 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2738 } 2739 2740 if (crypto_params->ucastcipherset == 0) 2741 return QDF_STATUS_E_INVAL; 2742 2743 if (!len) { 2744 /* default key mgmt 8021x */ 2745 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2746 return QDF_STATUS_SUCCESS; 2747 } else if (len < 2) { 2748 return QDF_STATUS_E_INVAL; 2749 } 2750 2751 /* key management algorithms */ 2752 n = LE_READ_2(frm); 2753 frm += 2, len -= 2; 2754 2755 if (n) { 2756 if (len < n * 4) 2757 return QDF_STATUS_E_INVAL; 2758 akm_index = 0; 2759 for (; n > 0; n--) { 2760 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2761 if (w >= 0) { 2762 SET_KEY_MGMT(crypto_params, w); 2763 wlan_crypto_store_akm_list_in_order( 2764 crypto_params, w, akm_index); 2765 akm_index++; 2766 } 2767 2768 frm += 4, len -= 4; 2769 } 2770 } else { 2771 /* default key mgmt 8021x */ 2772 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2773 } 2774 2775 if (crypto_params->key_mgmt == 0) 2776 return QDF_STATUS_E_INVAL; 2777 2778 /* optional capabilities */ 2779 if (len >= 2) { 2780 crypto_params->rsn_caps = LE_READ_2(frm); 2781 frm += 2, len -= 2; 2782 } else if (len && len < 2) { 2783 return QDF_STATUS_E_INVAL; 2784 } 2785 2786 2787 /* PMKID */ 2788 if (len >= 2) { 2789 n = LE_READ_2(frm); 2790 frm += 2, len -= 2; 2791 if (n && len) { 2792 if (len >= n * PMKID_LEN) 2793 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2794 else 2795 return QDF_STATUS_E_INVAL; 2796 } else if (n && !len) { 2797 return QDF_STATUS_E_INVAL; 2798 } 2799 /*TODO: Save pmkid in params for further reference */ 2800 } else if (len == 1) { 2801 crypto_err("PMKID is truncated"); 2802 return QDF_STATUS_E_INVAL; 2803 } 2804 2805 /* BIP */ 2806 if (!len) { 2807 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2808 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 2809 SET_MGMT_CIPHER(crypto_params, 2810 WLAN_CRYPTO_CIPHER_AES_CMAC); 2811 return QDF_STATUS_SUCCESS; 2812 } else if (len < 4) { 2813 crypto_err("Mgmt cipher is truncated"); 2814 return QDF_STATUS_E_INVAL; 2815 } 2816 w = wlan_crypto_rsn_suite_to_cipher(frm); 2817 frm += 4, len -= 4; 2818 SET_MGMT_CIPHER(crypto_params, w); 2819 2820 return QDF_STATUS_SUCCESS; 2821 } 2822 2823 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2824 uint8_t *iebuf) 2825 { 2826 uint8_t *frm = iebuf; 2827 uint8_t *selcnt; 2828 struct wlan_crypto_comp_priv *crypto_priv; 2829 struct wlan_crypto_params *crypto_params; 2830 2831 if (!frm) 2832 return NULL; 2833 2834 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2835 2836 if (!crypto_params) 2837 return NULL; 2838 2839 *frm++ = WLAN_ELEMID_VENDOR; 2840 *frm++ = 0; 2841 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2842 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2843 2844 2845 /* multicast cipher */ 2846 if (MCIPHER_IS_TKIP(crypto_params)) 2847 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2848 else if (MCIPHER_IS_CCMP128(crypto_params)) 2849 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2850 2851 /* unicast cipher list */ 2852 selcnt = frm; 2853 WLAN_CRYPTO_ADDSHORT(frm, 0); 2854 /* do not use CCMP unicast cipher in WPA mode */ 2855 if (UCIPHER_IS_CCMP128(crypto_params)) { 2856 selcnt[0]++; 2857 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2858 } 2859 if (UCIPHER_IS_TKIP(crypto_params)) { 2860 selcnt[0]++; 2861 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2862 } 2863 2864 /* authenticator selector list */ 2865 selcnt = frm; 2866 WLAN_CRYPTO_ADDSHORT(frm, 0); 2867 2868 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2869 selcnt[0]++; 2870 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2871 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2872 selcnt[0]++; 2873 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2874 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2875 selcnt[0]++; 2876 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2877 } else { 2878 selcnt[0]++; 2879 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2880 } 2881 2882 /* optional capabilities */ 2883 if (crypto_params->rsn_caps != 0 && 2884 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2885 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2886 } 2887 2888 /* calculate element length */ 2889 iebuf[1] = frm - iebuf - 2; 2890 2891 return frm; 2892 } 2893 2894 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 2895 uint8_t *iebuf, 2896 struct wlan_crypto_pmksa *pmksa) 2897 { 2898 uint8_t *frm = iebuf; 2899 uint8_t *selcnt; 2900 struct wlan_crypto_comp_priv *crypto_priv; 2901 struct wlan_crypto_params *crypto_params; 2902 2903 if (!frm) { 2904 return NULL; 2905 } 2906 2907 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2908 2909 if (!crypto_params) { 2910 return NULL; 2911 } 2912 2913 *frm++ = WLAN_ELEMID_RSN; 2914 *frm++ = 0; 2915 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2916 2917 2918 /* multicast cipher */ 2919 if (MCIPHER_IS_TKIP(crypto_params)) 2920 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2921 else if (MCIPHER_IS_CCMP128(crypto_params)) 2922 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2923 else if (MCIPHER_IS_CCMP256(crypto_params)) 2924 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2925 else if (MCIPHER_IS_GCMP128(crypto_params)) 2926 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2927 else if (MCIPHER_IS_GCMP256(crypto_params)) 2928 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2929 2930 /* unicast cipher list */ 2931 selcnt = frm; 2932 WLAN_CRYPTO_ADDSHORT(frm, 0); 2933 2934 if (UCIPHER_IS_CCMP256(crypto_params)) { 2935 selcnt[0]++; 2936 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2937 } 2938 if (UCIPHER_IS_GCMP256(crypto_params)) { 2939 selcnt[0]++; 2940 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2941 } 2942 if (UCIPHER_IS_CCMP128(crypto_params)) { 2943 selcnt[0]++; 2944 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2945 } 2946 if (UCIPHER_IS_GCMP128(crypto_params)) { 2947 selcnt[0]++; 2948 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2949 } 2950 if (UCIPHER_IS_TKIP(crypto_params)) { 2951 selcnt[0]++; 2952 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2953 } 2954 2955 /* authenticator selector list */ 2956 selcnt = frm; 2957 WLAN_CRYPTO_ADDSHORT(frm, 0); 2958 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2959 selcnt[0]++; 2960 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2961 /* Other key mgmt should not be added after CCKM */ 2962 goto add_rsn_caps; 2963 } 2964 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2965 selcnt[0]++; 2966 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2967 } 2968 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2969 selcnt[0]++; 2970 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2971 } 2972 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2973 selcnt[0]++; 2974 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2975 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2976 } 2977 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2978 selcnt[0]++; 2979 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2980 } 2981 if (HAS_KEY_MGMT(crypto_params, 2982 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2983 selcnt[0]++; 2984 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2985 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2986 } 2987 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2988 selcnt[0]++; 2989 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2990 } 2991 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2992 selcnt[0]++; 2993 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2994 } 2995 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2996 selcnt[0]++; 2997 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2998 } 2999 if (HAS_KEY_MGMT(crypto_params, 3000 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 3001 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 3002 3003 selcnt[0]++; 3004 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3005 } 3006 if (HAS_KEY_MGMT(crypto_params, 3007 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 3008 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 3009 3010 selcnt[0]++; 3011 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3012 } 3013 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 3014 selcnt[0]++; 3015 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 3016 } 3017 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 3018 selcnt[0]++; 3019 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 3020 } 3021 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 3022 selcnt[0]++; 3023 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3024 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 3025 } 3026 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 3027 selcnt[0]++; 3028 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3029 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 3030 } 3031 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 3032 selcnt[0]++; 3033 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 3034 } 3035 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 3036 selcnt[0]++; 3037 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 3038 } 3039 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 3040 selcnt[0]++; 3041 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 3042 } 3043 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY)) { 3044 selcnt[0]++; 3045 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY); 3046 } 3047 if (HAS_KEY_MGMT(crypto_params, 3048 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) { 3049 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 3050 3051 selcnt[0]++; 3052 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3053 } 3054 add_rsn_caps: 3055 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3056 /* optional capabilities */ 3057 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 3058 /* PMK list */ 3059 if (pmksa) { 3060 WLAN_CRYPTO_ADDSHORT(frm, 1); 3061 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3062 frm += PMKID_LEN; 3063 } else { 3064 WLAN_CRYPTO_ADDSHORT(frm, 0); 3065 } 3066 3067 if (HAS_MGMT_CIPHER(crypto_params, 3068 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 3069 RSN_ADD_CIPHER_TO_SUITE(frm, 3070 WLAN_CRYPTO_CIPHER_AES_CMAC); 3071 } 3072 if (HAS_MGMT_CIPHER(crypto_params, 3073 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 3074 RSN_ADD_CIPHER_TO_SUITE(frm, 3075 WLAN_CRYPTO_CIPHER_AES_GMAC); 3076 } 3077 if (HAS_MGMT_CIPHER(crypto_params, 3078 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 3079 RSN_ADD_CIPHER_TO_SUITE(frm, 3080 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3081 ); 3082 } 3083 3084 if (HAS_MGMT_CIPHER(crypto_params, 3085 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3086 RSN_ADD_CIPHER_TO_SUITE(frm, 3087 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3088 ); 3089 } 3090 } else { 3091 /* PMK list */ 3092 if (pmksa) { 3093 WLAN_CRYPTO_ADDSHORT(frm, 1); 3094 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3095 frm += PMKID_LEN; 3096 } 3097 } 3098 3099 /* calculate element length */ 3100 iebuf[1] = frm - iebuf - 2; 3101 3102 return frm; 3103 } 3104 3105 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3106 uint8_t *iebuf, 3107 struct qdf_mac_addr *bssid) 3108 { 3109 struct wlan_crypto_pmksa *pmksa = NULL; 3110 3111 if (bssid) 3112 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3113 3114 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3115 } 3116 3117 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3118 struct wlan_crypto_params *crypto_params) 3119 { 3120 struct wlan_crypto_params *my_crypto_params; 3121 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3122 3123 if (!my_crypto_params) { 3124 crypto_debug("vdev crypto params is NULL"); 3125 return false; 3126 } 3127 /* 3128 * Check peer's pairwise ciphers. 3129 * At least one must match with our unicast cipher 3130 */ 3131 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3132 crypto_debug("Unicast cipher match failed"); 3133 return false; 3134 } 3135 /* 3136 * Check peer's group cipher is our enabled multicast cipher. 3137 */ 3138 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3139 crypto_debug("Multicast cipher match failed"); 3140 return false; 3141 } 3142 /* 3143 * Check peer's key management class set (PSK or UNSPEC) 3144 */ 3145 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3146 crypto_debug("Key mgmt match failed"); 3147 return false; 3148 } 3149 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3150 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3151 crypto_debug("Peer is not PMF capable"); 3152 return false; 3153 } 3154 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3155 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3156 crypto_debug("Peer needs PMF, but vdev is not capable"); 3157 return false; 3158 } 3159 3160 return true; 3161 } 3162 3163 /* 3164 * Convert an WAPI CIPHER suite to to an internal code. 3165 */ 3166 static int32_t wlan_crypto_wapi_suite_to_cipher(const uint8_t *sel) 3167 { 3168 uint32_t w = LE_READ_4(sel); 3169 int32_t status = -1; 3170 3171 switch (w) { 3172 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3173 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3174 } 3175 3176 return status; 3177 } 3178 3179 /* 3180 * Convert an WAPI key management/authentication algorithm 3181 * to an internal code. 3182 */ 3183 static int32_t wlan_crypto_wapi_keymgmt(const u_int8_t *sel) 3184 { 3185 uint32_t w = LE_READ_4(sel); 3186 int32_t status = -1; 3187 3188 switch (w) { 3189 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3190 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3191 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3192 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3193 } 3194 3195 return status; 3196 } 3197 3198 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3199 const uint8_t *frm) 3200 { 3201 uint8_t len = frm[1]; 3202 int32_t w; 3203 int n; 3204 3205 /* 3206 * Check the length once for fixed parts: OUI, type, 3207 * version, mcast cipher, and 2 selector counts. 3208 * Other, variable-length data, must be checked separately. 3209 */ 3210 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3211 3212 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3213 return QDF_STATUS_E_INVAL; 3214 3215 3216 frm += 2; 3217 3218 w = LE_READ_2(frm); 3219 frm += 2, len -= 2; 3220 if (w != WAPI_VERSION) 3221 return QDF_STATUS_E_INVAL; 3222 3223 n = LE_READ_2(frm); 3224 frm += 2, len -= 2; 3225 if (len < n*4+2) 3226 return QDF_STATUS_E_INVAL; 3227 3228 for (; n > 0; n--) { 3229 w = wlan_crypto_wapi_keymgmt(frm); 3230 if (w < 0) 3231 return QDF_STATUS_E_INVAL; 3232 3233 SET_KEY_MGMT(crypto_params, w); 3234 frm += 4, len -= 4; 3235 } 3236 3237 /* unicast ciphers */ 3238 n = LE_READ_2(frm); 3239 frm += 2, len -= 2; 3240 if (len < n*4+2) 3241 return QDF_STATUS_E_INVAL; 3242 3243 for (; n > 0; n--) { 3244 w = wlan_crypto_wapi_suite_to_cipher(frm); 3245 if (w < 0) 3246 return QDF_STATUS_E_INVAL; 3247 SET_UCAST_CIPHER(crypto_params, w); 3248 frm += 4, len -= 4; 3249 } 3250 3251 if (!crypto_params->ucastcipherset) 3252 return QDF_STATUS_E_INVAL; 3253 3254 /* multicast/group cipher */ 3255 w = wlan_crypto_wapi_suite_to_cipher(frm); 3256 3257 if (w < 0) 3258 return QDF_STATUS_E_INVAL; 3259 3260 SET_MCAST_CIPHER(crypto_params, w); 3261 frm += 4, len -= 4; 3262 3263 return QDF_STATUS_SUCCESS; 3264 } 3265 3266 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3267 uint8_t *iebuf) 3268 { 3269 uint8_t *frm; 3270 uint8_t *selcnt; 3271 struct wlan_crypto_comp_priv *crypto_priv; 3272 struct wlan_crypto_params *crypto_params; 3273 3274 frm = iebuf; 3275 if (!frm) { 3276 crypto_err("ie buffer NULL"); 3277 return NULL; 3278 } 3279 3280 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3281 3282 if (!crypto_params) { 3283 crypto_err("crypto_params NULL"); 3284 return NULL; 3285 } 3286 3287 *frm++ = WLAN_ELEMID_WAPI; 3288 *frm++ = 0; 3289 3290 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3291 3292 /* authenticator selector list */ 3293 selcnt = frm; 3294 WLAN_CRYPTO_ADDSHORT(frm, 0); 3295 3296 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3297 selcnt[0]++; 3298 WLAN_CRYPTO_ADDSELECTOR(frm, 3299 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3300 } 3301 3302 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3303 selcnt[0]++; 3304 WLAN_CRYPTO_ADDSELECTOR(frm, 3305 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3306 } 3307 3308 /* unicast cipher list */ 3309 selcnt = frm; 3310 WLAN_CRYPTO_ADDSHORT(frm, 0); 3311 3312 if (UCIPHER_IS_SMS4(crypto_params)) { 3313 selcnt[0]++; 3314 WLAN_CRYPTO_ADDSELECTOR(frm, 3315 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3316 } 3317 3318 WLAN_CRYPTO_ADDSELECTOR(frm, 3319 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3320 3321 /* optional capabilities */ 3322 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3323 3324 /* bkid count */ 3325 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3326 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3327 WLAN_CRYPTO_ADDSHORT(frm, 0); 3328 3329 /* calculate element length */ 3330 iebuf[1] = frm - iebuf - 2; 3331 3332 return frm; 3333 3334 } 3335 3336 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3337 qdf_nbuf_t wbuf) 3338 { 3339 /* Need to check is there real requirement for this function 3340 * as PN check is already handled in decap function. 3341 */ 3342 return QDF_STATUS_SUCCESS; 3343 } 3344 3345 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3346 struct wlan_objmgr_vdev *vdev) 3347 { 3348 struct wlan_crypto_comp_priv *crypto_priv; 3349 3350 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3351 } 3352 3353 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3354 struct wlan_objmgr_peer *peer) 3355 { 3356 struct wlan_crypto_comp_priv *crypto_priv; 3357 3358 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3359 } 3360 3361 3362 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3363 struct wlan_objmgr_peer *peer) 3364 { 3365 struct wlan_crypto_comp_priv *crypto_priv; 3366 struct wlan_crypto_comp_priv *sta_crypto_priv; 3367 struct wlan_crypto_params *crypto_params; 3368 struct wlan_crypto_key *key; 3369 struct wlan_crypto_key *sta_key; 3370 struct wlan_crypto_cipher *cipher_table; 3371 struct wlan_objmgr_psoc *psoc; 3372 struct wlan_lmac_if_tx_ops *tx_ops; 3373 uint8_t *mac_addr; 3374 int i; 3375 enum QDF_OPMODE opmode; 3376 QDF_STATUS status = QDF_STATUS_SUCCESS; 3377 3378 if (!vdev) 3379 return QDF_STATUS_E_NULL_VALUE; 3380 3381 if (!peer) { 3382 crypto_debug("peer NULL"); 3383 return QDF_STATUS_E_INVAL; 3384 } 3385 3386 opmode = wlan_vdev_mlme_get_opmode(vdev); 3387 psoc = wlan_vdev_get_psoc(vdev); 3388 3389 if (!psoc) { 3390 crypto_err("psoc NULL"); 3391 return QDF_STATUS_E_NULL_VALUE; 3392 } 3393 3394 wlan_peer_obj_lock(peer); 3395 mac_addr = wlan_peer_get_macaddr(peer); 3396 wlan_peer_obj_unlock(peer); 3397 3398 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3399 &crypto_priv); 3400 if (!crypto_priv) { 3401 crypto_err("crypto_priv NULL"); 3402 return QDF_STATUS_E_NULL_VALUE; 3403 } 3404 3405 /* push only valid static WEP keys from vap */ 3406 if (AUTH_IS_8021X(crypto_params)) 3407 return QDF_STATUS_E_INVAL; 3408 3409 if (opmode == QDF_STA_MODE) { 3410 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3411 if (!peer) { 3412 crypto_debug("peer NULL"); 3413 return QDF_STATUS_E_INVAL; 3414 } 3415 } 3416 3417 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3418 if (!sta_crypto_priv) { 3419 crypto_err("sta priv is null"); 3420 status = QDF_STATUS_E_INVAL; 3421 goto exit; 3422 } 3423 3424 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3425 if (crypto_priv->key[i]) { 3426 key = crypto_priv->key[i]; 3427 if (!key || !key->valid) 3428 continue; 3429 3430 cipher_table = (struct wlan_crypto_cipher *) 3431 key->cipher_table; 3432 3433 if (!cipher_table) 3434 continue; 3435 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3436 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3437 if (!tx_ops) { 3438 crypto_err("tx_ops is NULL"); 3439 return QDF_STATUS_E_INVAL; 3440 } 3441 3442 sta_key = qdf_mem_malloc( 3443 sizeof(struct wlan_crypto_key)); 3444 if (!sta_key) { 3445 status = QDF_STATUS_E_NOMEM; 3446 goto exit; 3447 } 3448 3449 sta_crypto_priv->key[i] = sta_key; 3450 qdf_mem_copy(sta_key, key, 3451 sizeof(struct wlan_crypto_key)); 3452 3453 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3454 3455 if (crypto_priv->def_tx_keyid == i) { 3456 sta_key->flags 3457 |= WLAN_CRYPTO_KEY_DEFAULT; 3458 sta_crypto_priv->def_tx_keyid = 3459 crypto_priv->def_tx_keyid; 3460 } 3461 /* setting the broadcast/multicast key for sta*/ 3462 if (opmode == QDF_STA_MODE || 3463 opmode == QDF_IBSS_MODE){ 3464 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3465 WLAN_CRYPTO_TX_OPS_SETKEY( 3466 tx_ops)(vdev, sta_key, 3467 mac_addr, 3468 cipher_table->cipher); 3469 } 3470 } 3471 3472 /* setting unicast key */ 3473 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3474 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3475 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3476 vdev, sta_key, 3477 mac_addr, 3478 cipher_table->cipher); 3479 } 3480 } 3481 } 3482 } 3483 3484 exit: 3485 if (opmode == QDF_STA_MODE) 3486 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3487 3488 return status; 3489 } 3490 3491 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3492 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops) 3493 { 3494 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3495 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3496 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3497 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3498 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3499 3500 return QDF_STATUS_SUCCESS; 3501 } 3502 3503 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3504 struct wlan_objmgr_psoc *psoc) 3505 { 3506 struct wlan_lmac_if_rx_ops *rx_ops; 3507 3508 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3509 3510 if (!rx_ops) { 3511 crypto_err("rx_ops is NULL"); 3512 return NULL; 3513 } 3514 3515 return &rx_ops->crypto_rx_ops; 3516 } 3517 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3518 3519 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3520 wlan_crypto_auth_mode authvalue) 3521 { 3522 int res; 3523 3524 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE); 3525 3526 if (res != -1) 3527 return (res & authvalue) ? true : false; 3528 return false; 3529 } 3530 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3531 3532 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3533 wlan_crypto_auth_mode authvalue) 3534 { 3535 int res; 3536 3537 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE); 3538 3539 if (res != -1) 3540 return (res & authvalue) ? true : false; 3541 3542 return false; 3543 } 3544 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3545 3546 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3547 wlan_crypto_cipher_type ucastcipher) 3548 { 3549 int res; 3550 3551 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3552 3553 if (res != -1) 3554 return (res & ucastcipher) ? true : false; 3555 3556 return false; 3557 } 3558 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3559 3560 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3561 wlan_crypto_cipher_type ucastcipher) 3562 { 3563 int res; 3564 3565 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3566 3567 if (res != -1) 3568 return (res & ucastcipher) ? true : false; 3569 3570 return false; 3571 } 3572 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3573 3574 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3575 wlan_crypto_cipher_type mcastcipher) 3576 { 3577 int res; 3578 3579 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3580 3581 if (res != -1) 3582 return (res & mcastcipher) ? true : false; 3583 3584 return false; 3585 } 3586 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3587 3588 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3589 wlan_crypto_cipher_type mcastcipher) 3590 { 3591 int res; 3592 3593 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3594 3595 if (res != -1) 3596 return (res & mcastcipher) ? true : false; 3597 3598 return false; 3599 } 3600 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3601 3602 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3603 uint32_t mgmtcipher) 3604 { 3605 int res; 3606 3607 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3608 3609 if (res != -1) 3610 return (res & mgmtcipher) ? true : false; 3611 3612 return false; 3613 } 3614 3615 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3616 3617 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3618 uint32_t mgmtcipher) 3619 { 3620 int res; 3621 3622 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3623 3624 if (res != -1) 3625 return (res & mgmtcipher) ? true : false; 3626 3627 return false; 3628 } 3629 3630 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3631 3632 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3633 { 3634 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3635 3636 if (!peer) { 3637 crypto_err("Invalid Input"); 3638 return 0; 3639 } 3640 3641 crypto_priv = wlan_get_peer_crypto_obj(peer); 3642 if (!crypto_priv) { 3643 crypto_err("crypto_priv NULL"); 3644 return 0; 3645 } 3646 3647 return crypto_priv->fils_aead_set; 3648 } 3649 3650 void 3651 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3652 { 3653 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3654 3655 if (!peer) { 3656 crypto_err("Invalid Input"); 3657 return; 3658 } 3659 3660 crypto_priv = wlan_get_peer_crypto_obj(peer); 3661 if (!crypto_priv) { 3662 crypto_err("crypto_priv NULL"); 3663 return; 3664 } 3665 3666 crypto_priv->fils_aead_set = value; 3667 } 3668 3669 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3670 { 3671 struct wlan_crypto_cipher *cipher_table; 3672 3673 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3674 if (cipher_table) 3675 return cipher_table->header; 3676 else 3677 return 0; 3678 } 3679 3680 qdf_export_symbol(wlan_crypto_get_key_header); 3681 3682 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3683 { 3684 struct wlan_crypto_cipher *cipher_table; 3685 3686 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3687 if (cipher_table) 3688 return cipher_table->trailer; 3689 else 3690 return 0; 3691 } 3692 3693 qdf_export_symbol(wlan_crypto_get_key_trailer); 3694 3695 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3696 { 3697 struct wlan_crypto_cipher *cipher_table; 3698 3699 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3700 if (cipher_table) 3701 return cipher_table->miclen; 3702 else 3703 return 0; 3704 } 3705 3706 qdf_export_symbol(wlan_crypto_get_key_miclen); 3707 3708 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3709 { 3710 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3711 uint8_t *iv; 3712 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3713 uint8_t type = WLAN_FC0_GET_TYPE(hdr->i_fc[0]); 3714 3715 /* 3716 * In FILS SK (Re)Association request/response frame has 3717 * to be decrypted 3718 */ 3719 if ((type == WLAN_FC0_TYPE_MGMT) && 3720 ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3721 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3722 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3723 (stype == WLAN_FC0_STYPE_REASSOC_RESP))) { 3724 return 0; 3725 } 3726 3727 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3728 iv = data + hdrlen; 3729 /* 3730 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3731 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3732 */ 3733 return ((iv[3] >> 6) & 0x3); 3734 } else { 3735 return WLAN_CRYPTO_KEYIX_NONE; 3736 } 3737 } 3738 3739 qdf_export_symbol(wlan_crypto_get_keyid); 3740 3741 /** 3742 * crypto_plumb_peer_keys() - called during radio reset 3743 * @vdev: vdev 3744 * @object: peer 3745 * @arg: psoc 3746 * 3747 * Restore unicast and persta hardware keys 3748 * 3749 * Return: void 3750 */ 3751 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3752 void *object, void *arg) 3753 { 3754 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3755 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3756 struct wlan_crypto_comp_priv *crypto_priv; 3757 struct wlan_crypto_params *crypto_params; 3758 struct wlan_crypto_key *key = NULL; 3759 struct wlan_lmac_if_tx_ops *tx_ops; 3760 int i; 3761 3762 if ((!peer) || (!vdev) || (!psoc)) { 3763 crypto_err("Peer or vdev or psoc objects are null!"); 3764 return; 3765 } 3766 3767 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3768 &crypto_priv); 3769 3770 if (!crypto_priv) { 3771 crypto_err("crypto_priv NULL"); 3772 return; 3773 } 3774 3775 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3776 key = crypto_priv->key[i]; 3777 if (key && key->valid) { 3778 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3779 3780 if (!tx_ops) { 3781 crypto_err("tx_ops is NULL"); 3782 return; 3783 } 3784 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3785 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3786 ( 3787 vdev, 3788 key, 3789 wlan_peer_get_macaddr(peer), 3790 wlan_crypto_get_key_type(key) 3791 ); 3792 } 3793 } 3794 } 3795 } 3796 3797 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3798 { 3799 int i; 3800 struct wlan_crypto_comp_priv *crypto_priv; 3801 struct wlan_crypto_params *crypto_params; 3802 struct wlan_crypto_key *key; 3803 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3804 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3805 struct wlan_objmgr_pdev *pdev = NULL; 3806 struct wlan_objmgr_psoc *psoc = NULL; 3807 struct wlan_lmac_if_tx_ops *tx_ops; 3808 3809 pdev = wlan_vdev_get_pdev(vdev); 3810 psoc = wlan_vdev_get_psoc(vdev); 3811 if (!pdev) { 3812 crypto_err("pdev is NULL"); 3813 return; 3814 } 3815 if (!psoc) { 3816 crypto_err("psoc is NULL"); 3817 return; 3818 } 3819 3820 /* TBD: QWRAP key restore*/ 3821 /* crypto is on */ 3822 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3823 /* restore static shared keys */ 3824 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3825 crypto_params = wlan_crypto_vdev_get_comp_params 3826 ( 3827 vdev, 3828 &crypto_priv 3829 ); 3830 if (!crypto_priv) { 3831 crypto_err("crypto_priv is NULL"); 3832 return; 3833 } 3834 key = crypto_priv->key[i]; 3835 if (key && key->valid) { 3836 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3837 if (!tx_ops) { 3838 crypto_err("tx_ops is NULL"); 3839 return; 3840 } 3841 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3842 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3843 ( 3844 vdev, 3845 key, 3846 macaddr, 3847 wlan_crypto_get_key_type(key) 3848 ); 3849 } 3850 } 3851 } 3852 3853 wlan_objmgr_iterate_peerobj_list(vdev, 3854 crypto_plumb_peer_keys, 3855 psoc, 3856 WLAN_CRYPTO_ID); 3857 } 3858 } 3859 3860 QDF_STATUS 3861 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 3862 const uint8_t *ie_ptr, uint16_t ie_len) 3863 { 3864 const uint8_t *rsn_ie = NULL; 3865 QDF_STATUS status; 3866 3867 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3868 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 3869 if (!rsn_ie) { 3870 crypto_debug("RSN IE not present"); 3871 return QDF_STATUS_E_INVAL; 3872 } 3873 3874 status = wlan_crypto_rsnie_check(crypto_params, rsn_ie); 3875 if (QDF_STATUS_SUCCESS != status) { 3876 crypto_err("RSN IE check failed"); 3877 return status; 3878 } 3879 3880 return QDF_STATUS_SUCCESS; 3881 } 3882 3883 QDF_STATUS 3884 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 3885 const uint8_t *ie_ptr, uint16_t ie_len) 3886 { 3887 const uint8_t *wpa_ie = NULL; 3888 uint32_t wpa_oui; 3889 QDF_STATUS status; 3890 3891 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3892 3893 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 3894 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 3895 WLAN_OUI_SIZE, ie_ptr, ie_len); 3896 if (!wpa_ie) { 3897 crypto_debug("WPA IE not present"); 3898 return QDF_STATUS_E_INVAL; 3899 } 3900 3901 status = wlan_crypto_wpaie_check(crypto_params, wpa_ie); 3902 if (QDF_STATUS_SUCCESS != status) { 3903 crypto_err("WPA IE check failed"); 3904 return status; 3905 } 3906 3907 return QDF_STATUS_SUCCESS; 3908 } 3909 3910 #ifdef FEATURE_WLAN_WAPI 3911 QDF_STATUS 3912 wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params *crypto_params, 3913 const uint8_t *ie_ptr, uint16_t ie_len) 3914 { 3915 const uint8_t *wapi_ie; 3916 QDF_STATUS status; 3917 3918 qdf_mem_zero(crypto_params, sizeof(*crypto_params)); 3919 wapi_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_WAPI, ie_ptr, ie_len); 3920 if (!wapi_ie) { 3921 crypto_debug("WAPI ie not present"); 3922 return QDF_STATUS_E_INVAL; 3923 } 3924 3925 status = wlan_crypto_wapiie_check(crypto_params, wapi_ie); 3926 if (QDF_IS_STATUS_ERROR(status)) { 3927 crypto_err("WAPI IE check failed"); 3928 return status; 3929 } 3930 3931 return QDF_STATUS_SUCCESS; 3932 } 3933 #endif 3934 3935 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 3936 uint8_t vdev_id, uint8_t *ie_ptr, 3937 uint16_t ie_len, struct wlan_crypto_params * 3938 peer_crypto_params) 3939 { 3940 struct wlan_objmgr_vdev *vdev; 3941 bool match = true; 3942 QDF_STATUS status; 3943 3944 if (!psoc) { 3945 crypto_err("PSOC is NULL"); 3946 return false; 3947 } 3948 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 3949 ie_ptr, ie_len); 3950 if (QDF_STATUS_SUCCESS != status) { 3951 crypto_err("get crypto prarams from RSN IE failed"); 3952 return false; 3953 } 3954 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3955 WLAN_CRYPTO_ID); 3956 if (!vdev) { 3957 crypto_err("vdev is NULL"); 3958 return false; 3959 } 3960 3961 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 3962 3963 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3964 3965 return match; 3966 } 3967 3968 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 3969 uint8_t vdev_id, uint8_t *ie_ptr, 3970 uint16_t ie_len, struct wlan_crypto_params * 3971 peer_crypto_params) 3972 { 3973 struct wlan_objmgr_vdev *vdev; 3974 bool match = true; 3975 QDF_STATUS status; 3976 3977 if (!psoc) { 3978 crypto_err("PSOC is NULL"); 3979 return false; 3980 } 3981 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3982 WLAN_CRYPTO_ID); 3983 if (!vdev) { 3984 crypto_err("vdev is NULL"); 3985 return false; 3986 } 3987 3988 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 3989 ie_ptr, ie_len); 3990 if (QDF_STATUS_SUCCESS != status) { 3991 crypto_err("get crypto prarams from WPA IE failed"); 3992 match = false; 3993 goto send_res; 3994 } 3995 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 3996 3997 send_res: 3998 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3999 4000 return match; 4001 } 4002 4003 4004 static void 4005 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4006 struct wlan_crypto_params *src_params) 4007 { 4008 dst_params->authmodeset |= src_params->authmodeset; 4009 dst_params->ucastcipherset |= src_params->ucastcipherset; 4010 dst_params->mcastcipherset |= src_params->mcastcipherset; 4011 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4012 dst_params->cipher_caps |= src_params->cipher_caps; 4013 dst_params->key_mgmt |= src_params->key_mgmt; 4014 dst_params->rsn_caps |= src_params->rsn_caps; 4015 } 4016 4017 static void 4018 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4019 { 4020 params->authmodeset = 0; 4021 params->ucastcipherset = 0; 4022 params->mcastcipherset = 0; 4023 params->mgmtcipherset = 0; 4024 params->key_mgmt = 0; 4025 params->rsn_caps = 0; 4026 } 4027 4028 const uint8_t * 4029 wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len) 4030 { 4031 uint8_t len; 4032 const uint8_t *ie; 4033 4034 if (!rsnxe_ie) 4035 return NULL; 4036 4037 ie = rsnxe_ie; 4038 len = ie[1]; 4039 ie += 2; 4040 4041 if (!len) 4042 return NULL; 4043 4044 *cap_len = ie[0] & 0xf; 4045 4046 return ie; 4047 } 4048 4049 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4050 uint8_t *ie_ptr, 4051 uint16_t ie_len) 4052 { 4053 struct wlan_crypto_params crypto_params; 4054 QDF_STATUS status; 4055 struct wlan_crypto_params *vdev_crypto_params; 4056 struct wlan_crypto_comp_priv *crypto_priv; 4057 bool send_fail = false; 4058 4059 if (!vdev) { 4060 crypto_err("VDEV is NULL"); 4061 return QDF_STATUS_E_FAILURE; 4062 } 4063 4064 if (!ie_ptr) { 4065 crypto_err("IE ptr is NULL"); 4066 return QDF_STATUS_E_FAILURE; 4067 } 4068 4069 crypto_priv = (struct wlan_crypto_comp_priv *) 4070 wlan_get_vdev_crypto_obj(vdev); 4071 4072 if (!crypto_priv) { 4073 crypto_err("crypto_priv NULL"); 4074 return QDF_STATUS_E_FAILURE; 4075 } 4076 4077 vdev_crypto_params = &crypto_priv->crypto_params; 4078 4079 wlan_crypto_reset_prarams(vdev_crypto_params); 4080 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4081 ie_ptr, ie_len); 4082 if (QDF_IS_STATUS_SUCCESS(status)) 4083 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4084 else 4085 send_fail = true; 4086 4087 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4088 ie_ptr, ie_len); 4089 if (QDF_IS_STATUS_SUCCESS(status)) { 4090 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4091 send_fail = false; 4092 } 4093 4094 status = wlan_get_crypto_params_from_wapi_ie(&crypto_params, 4095 ie_ptr, ie_len); 4096 if (QDF_IS_STATUS_SUCCESS(status)) { 4097 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4098 send_fail = false; 4099 } 4100 4101 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4102 } 4103 4104 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4105 { 4106 struct wlan_crypto_comp_priv *crypto_priv; 4107 4108 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4109 if (!crypto_priv) { 4110 crypto_err("crypto_priv NULL"); 4111 return QDF_STATUS_E_FAILURE; 4112 } 4113 4114 if (igtk) 4115 return crypto_priv->def_igtk_tx_keyid; 4116 else 4117 return crypto_priv->def_tx_keyid; 4118 } 4119 4120 enum wlan_crypto_cipher_type 4121 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4122 bool pairwise, uint8_t key_index) 4123 { 4124 struct wlan_crypto_key *crypto_key; 4125 4126 crypto_key = wlan_crypto_get_key(vdev, key_index); 4127 4128 if (crypto_key) 4129 return crypto_key->cipher_type; 4130 else 4131 return WLAN_CRYPTO_CIPHER_INVALID; 4132 } 4133 4134 #ifdef CRYPTO_SET_KEY_CONVERGED 4135 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4136 uint8_t key_index, uint8_t key_len, 4137 uint8_t seq_len) 4138 { 4139 if (!is_valid_keyix(key_index)) { 4140 crypto_err("Invalid Key index %d", key_index); 4141 return QDF_STATUS_E_INVAL; 4142 } 4143 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4144 crypto_err("Invalid Cipher %d", cipher); 4145 return QDF_STATUS_E_INVAL; 4146 } 4147 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4148 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4149 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4150 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4151 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4152 crypto_err("Invalid key index %d for cipher %d", 4153 key_index, cipher); 4154 return QDF_STATUS_E_INVAL; 4155 } 4156 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4157 crypto_err("Invalid key length %d", key_len); 4158 return QDF_STATUS_E_INVAL; 4159 } 4160 4161 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4162 crypto_err("Invalid seq length %d", seq_len); 4163 return QDF_STATUS_E_INVAL; 4164 } 4165 4166 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4167 key_index, key_len, seq_len); 4168 4169 return QDF_STATUS_SUCCESS; 4170 } 4171 4172 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4173 uint8_t key_index, 4174 struct wlan_crypto_key *crypto_key) 4175 { 4176 struct wlan_crypto_comp_priv *crypto_priv; 4177 4178 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4179 if (!crypto_priv) { 4180 crypto_err("crypto_priv NULL"); 4181 return QDF_STATUS_E_FAILURE; 4182 } 4183 if (!is_valid_keyix(key_index)) { 4184 crypto_err("Invalid Key index %d", key_index); 4185 return QDF_STATUS_E_FAILURE; 4186 } 4187 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4188 crypto_priv->key[key_index] = crypto_key; 4189 } else if (is_igtk(key_index)) { 4190 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4191 crypto_key; 4192 crypto_priv->def_igtk_tx_keyid = 4193 key_index - WLAN_CRYPTO_MAXKEYIDX; 4194 crypto_priv->igtk_key_type = crypto_key->cipher_type; 4195 } else { 4196 crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4197 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4198 crypto_priv->def_bigtk_tx_keyid = 4199 key_index - WLAN_CRYPTO_MAXKEYIDX 4200 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4201 } 4202 crypto_key->valid = true; 4203 4204 return QDF_STATUS_SUCCESS; 4205 } 4206 4207 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4208 uint8_t key_index) 4209 { 4210 struct wlan_crypto_comp_priv *crypto_priv; 4211 4212 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4213 if (!crypto_priv) { 4214 crypto_err("crypto_priv NULL"); 4215 return NULL; 4216 } 4217 if (!is_valid_keyix(key_index)) { 4218 crypto_err("Invalid Key index %d", key_index); 4219 return NULL; 4220 } 4221 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4222 return crypto_priv->key[key_index]; 4223 else if (is_igtk(key_index)) 4224 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4225 else 4226 return crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4227 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4228 4229 return NULL; 4230 } 4231 4232 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4233 struct wlan_crypto_key *req, 4234 enum wlan_crypto_key_type key_type) 4235 { 4236 struct wlan_objmgr_psoc *psoc; 4237 struct wlan_lmac_if_tx_ops *tx_ops; 4238 QDF_STATUS status = QDF_STATUS_E_FAILURE; 4239 4240 psoc = wlan_vdev_get_psoc(vdev); 4241 4242 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4243 if (!tx_ops) { 4244 crypto_err("tx_ops is NULL"); 4245 return QDF_STATUS_E_FAILURE; 4246 } 4247 4248 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4249 status = WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, 4250 key_type); 4251 4252 return status; 4253 } 4254 4255 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4256 bool pairwise, uint8_t key_index, 4257 struct qdf_mac_addr *peer_mac) 4258 { 4259 struct wlan_crypto_key *crypto_key; 4260 4261 crypto_key = wlan_crypto_get_key(vdev, key_index); 4262 if (!crypto_key) { 4263 crypto_err("crypto_key not present for key_idx %d", key_index); 4264 return; 4265 } 4266 4267 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4268 } 4269 4270 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4271 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4272 struct wlan_objmgr_vdev *vdev, 4273 struct qdf_mac_addr *conn_bssid) 4274 { 4275 struct wlan_crypto_params *crypto_params; 4276 struct wlan_crypto_comp_priv *crypto_priv; 4277 int i; 4278 4279 crypto_priv = (struct wlan_crypto_comp_priv *) 4280 wlan_get_vdev_crypto_obj(vdev); 4281 4282 if (!crypto_priv) { 4283 crypto_err("crypto_priv NULL"); 4284 return; 4285 } 4286 4287 crypto_params = &crypto_priv->crypto_params; 4288 4289 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4290 if (!crypto_params->pmksa[i]) 4291 continue; 4292 4293 if (crypto_params->pmksa[i]->single_pmk_supported && 4294 !qdf_is_macaddr_equal(conn_bssid, 4295 &crypto_params->pmksa[i]->bssid)) { 4296 qdf_mem_zero(crypto_params->pmksa[i], 4297 sizeof(struct wlan_crypto_pmksa)); 4298 qdf_mem_free(crypto_params->pmksa[i]); 4299 crypto_params->pmksa[i] = NULL; 4300 } 4301 } 4302 } 4303 4304 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4305 struct qdf_mac_addr *bssid, 4306 bool single_pmk_capable_bss) 4307 { 4308 struct wlan_crypto_params *crypto_params; 4309 struct wlan_crypto_comp_priv *crypto_priv; 4310 int i; 4311 4312 crypto_priv = (struct wlan_crypto_comp_priv *) 4313 wlan_get_vdev_crypto_obj(vdev); 4314 4315 if (!crypto_priv) { 4316 crypto_err("crypto_priv NULL"); 4317 return; 4318 } 4319 4320 crypto_params = &crypto_priv->crypto_params; 4321 4322 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4323 if (!crypto_params->pmksa[i]) 4324 continue; 4325 4326 if (qdf_is_macaddr_equal(bssid, 4327 &crypto_params->pmksa[i]->bssid)) 4328 crypto_params->pmksa[i]->single_pmk_supported = 4329 single_pmk_capable_bss; 4330 } 4331 } 4332 4333 void 4334 wlan_crypto_set_sae_single_pmk_info(struct wlan_objmgr_vdev *vdev, 4335 struct wlan_crypto_pmksa *roam_sync_pmksa) 4336 { 4337 struct wlan_crypto_params *crypto_params; 4338 struct wlan_crypto_comp_priv *crypto_priv; 4339 int i; 4340 4341 crypto_priv = (struct wlan_crypto_comp_priv *) 4342 wlan_get_vdev_crypto_obj(vdev); 4343 4344 if (!crypto_priv) { 4345 crypto_err("crypto_priv NULL"); 4346 return; 4347 } 4348 4349 crypto_params = &crypto_priv->crypto_params; 4350 4351 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4352 if (!crypto_params->pmksa[i]) 4353 continue; 4354 if (qdf_is_macaddr_equal(&roam_sync_pmksa->bssid, 4355 &crypto_params->pmksa[i]->bssid) && 4356 roam_sync_pmksa->single_pmk_supported && 4357 roam_sync_pmksa->pmk_len) { 4358 crypto_params->pmksa[i]->single_pmk_supported = 4359 roam_sync_pmksa->single_pmk_supported; 4360 crypto_params->pmksa[i]->pmk_len = 4361 roam_sync_pmksa->pmk_len; 4362 qdf_mem_copy(crypto_params->pmksa[i]->pmk, 4363 roam_sync_pmksa->pmk, 4364 roam_sync_pmksa->pmk_len); 4365 } 4366 } 4367 } 4368 4369 #endif 4370 4371 void wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev *vdev) 4372 { 4373 struct wlan_crypto_comp_priv *crypto_priv; 4374 4375 crypto_debug("reset params for vdev %d", wlan_vdev_get_id(vdev)); 4376 crypto_priv = (struct wlan_crypto_comp_priv *) 4377 wlan_get_vdev_crypto_obj(vdev); 4378 4379 if (!crypto_priv) { 4380 crypto_err("crypto_priv NULL"); 4381 return; 4382 } 4383 4384 wlan_crypto_reset_prarams(&crypto_priv->crypto_params); 4385 } 4386 4387 QDF_STATUS wlan_crypto_psoc_enable(struct wlan_objmgr_psoc *psoc) 4388 { 4389 struct wlan_lmac_if_tx_ops *tx_ops; 4390 4391 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4392 if (!tx_ops) { 4393 crypto_err("tx_ops is NULL"); 4394 return QDF_STATUS_E_FAILURE; 4395 } 4396 4397 if (WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)) 4398 return WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)(psoc); 4399 4400 return QDF_STATUS_E_FAILURE; 4401 } 4402 4403 QDF_STATUS wlan_crypto_psoc_disable(struct wlan_objmgr_psoc *psoc) 4404 { 4405 struct wlan_lmac_if_tx_ops *tx_ops; 4406 4407 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4408 if (!tx_ops) { 4409 crypto_err("tx_ops is NULL"); 4410 return QDF_STATUS_E_FAILURE; 4411 } 4412 4413 if (WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)) 4414 return WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)(psoc); 4415 4416 return QDF_STATUS_E_FAILURE; 4417 } 4418 #endif 4419 4420 #ifdef WLAN_FEATURE_FILS_SK 4421 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len, 4422 uint8_t *rik, uint32_t *rik_len) 4423 { 4424 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN]; 4425 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL; 4426 QDF_STATUS status; 4427 4428 if (!rrk || !rik) { 4429 crypto_err("FILS rrk/rik NULL"); 4430 return QDF_STATUS_E_FAILURE; 4431 } 4432 4433 optional_data[0] = HMAC_SHA256_128; 4434 /* basic validation */ 4435 if (rrk_len <= 0) { 4436 crypto_err("invalid r_rk length %d", rrk_len); 4437 return QDF_STATUS_E_FAILURE; 4438 } 4439 4440 wlan_crypto_put_be16(&optional_data[1], rrk_len); 4441 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data, 4442 sizeof(optional_data), rik, 4443 rrk_len); 4444 if (QDF_IS_STATUS_ERROR(status)) { 4445 crypto_err("failed to create rik"); 4446 return status; 4447 } 4448 *rik_len = rrk_len; 4449 4450 return QDF_STATUS_SUCCESS; 4451 } 4452 #endif /* WLAN_FEATURE_FILS_SK */ 4453 4454 #if defined(WIFI_POS_CONVERGED) && defined(WLAN_FEATURE_RTT_11AZ_SUPPORT) 4455 QDF_STATUS 4456 wlan_crypto_set_ltf_keyseed(struct wlan_objmgr_psoc *psoc, 4457 struct wlan_crypto_ltf_keyseed_data *data) 4458 { 4459 QDF_STATUS status = QDF_STATUS_SUCCESS; 4460 struct wlan_lmac_if_tx_ops *tx_ops; 4461 4462 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4463 if (!tx_ops) { 4464 crypto_err("tx_ops is NULL"); 4465 return QDF_STATUS_E_INVAL; 4466 } 4467 4468 if (WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)) 4469 status = WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)(psoc, data); 4470 4471 return status; 4472 } 4473 #endif 4474 4475 QDF_STATUS 4476 wlan_crypto_vdev_set_param(struct wlan_objmgr_psoc *psoc, uint32_t vdev_id, 4477 uint32_t param_id, uint32_t param_value) 4478 { 4479 QDF_STATUS status = QDF_STATUS_SUCCESS; 4480 struct wlan_lmac_if_tx_ops *tx_ops; 4481 4482 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4483 if (!tx_ops) { 4484 crypto_err("tx_ops is NULL"); 4485 return QDF_STATUS_E_INVAL; 4486 } 4487 4488 if (WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops)) 4489 status = WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops) (psoc, 4490 vdev_id, 4491 param_id, 4492 param_value); 4493 4494 return status; 4495 } 4496