1 /* 2 * Copyright (c) 2017-2019 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 /** 59 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 60 * @vdev:vdev 61 * 62 * This function gets called by mlme to get crypto params 63 * 64 * Return: wlan_crypto_params or NULL in case of failure 65 */ 66 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 67 struct wlan_objmgr_vdev *vdev, 68 struct wlan_crypto_comp_priv **crypto_priv){ 69 *crypto_priv = (struct wlan_crypto_comp_priv *) 70 wlan_get_vdev_crypto_obj(vdev); 71 if (*crypto_priv == NULL) { 72 crypto_err("crypto_priv NULL"); 73 return NULL; 74 } 75 76 return &((*crypto_priv)->crypto_params); 77 } 78 79 /** 80 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 81 * @peer:peer 82 * 83 * This function gets called by mlme to get crypto params 84 * 85 * Return: wlan_crypto_params or NULL in case of failure 86 */ 87 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 88 struct wlan_objmgr_peer *peer, 89 struct wlan_crypto_comp_priv **crypto_priv){ 90 91 *crypto_priv = (struct wlan_crypto_comp_priv *) 92 wlan_get_peer_crypto_obj(peer); 93 if (*crypto_priv == NULL) { 94 crypto_err("crypto_priv NULL"); 95 return NULL; 96 } 97 98 return &((*crypto_priv)->crypto_params); 99 } 100 101 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 102 { 103 return QDF_STATUS_SUCCESS; 104 } 105 106 /** 107 * wlan_crypto_set_param - called by ucfg to set crypto param 108 * @crypto_params: crypto_params 109 * @param: param to be set. 110 * @value: value 111 * 112 * This function gets called from ucfg to set param 113 * 114 * Return: QDF_STATUS_SUCCESS - in case of success 115 */ 116 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 117 wlan_crypto_param_type param, 118 uint32_t value){ 119 QDF_STATUS status = QDF_STATUS_E_INVAL; 120 121 crypto_debug("param %d, value %d", param, value); 122 switch (param) { 123 case WLAN_CRYPTO_PARAM_AUTH_MODE: 124 status = wlan_crypto_set_authmode(crypto_params, value); 125 break; 126 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 127 status = wlan_crypto_set_ucastciphers(crypto_params, value); 128 break; 129 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 130 status = wlan_crypto_set_mcastcipher(crypto_params, value); 131 break; 132 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 133 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 134 break; 135 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 136 status = wlan_crypto_set_cipher_cap(crypto_params, value); 137 break; 138 case WLAN_CRYPTO_PARAM_RSN_CAP: 139 status = wlan_crypto_set_rsn_cap(crypto_params, value); 140 break; 141 case WLAN_CRYPTO_PARAM_KEY_MGMT: 142 status = wlan_crypto_set_key_mgmt(crypto_params, value); 143 break; 144 default: 145 status = QDF_STATUS_E_INVAL; 146 } 147 return status; 148 } 149 150 /** 151 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 152 * @vdev: vdev 153 * @param: param to be set. 154 * @value: value 155 * 156 * This function gets called from ucfg to set param 157 * 158 * Return: QDF_STATUS_SUCCESS - in case of success 159 */ 160 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 161 wlan_crypto_param_type param, 162 uint32_t value){ 163 QDF_STATUS status = QDF_STATUS_E_INVAL; 164 struct wlan_crypto_comp_priv *crypto_priv; 165 struct wlan_crypto_params *crypto_params; 166 167 crypto_priv = (struct wlan_crypto_comp_priv *) 168 wlan_get_vdev_crypto_obj(vdev); 169 170 if (crypto_priv == NULL) { 171 crypto_err("crypto_priv NULL"); 172 return QDF_STATUS_E_INVAL; 173 } 174 175 crypto_params = &(crypto_priv->crypto_params); 176 177 status = wlan_crypto_set_param(crypto_params, param, value); 178 179 return status; 180 } 181 182 /** 183 * wlan_crypto_set_param - called by ucfg to set crypto param 184 * 185 * @peer: peer 186 * @param: param to be set. 187 * @value: value 188 * 189 * This function gets called from ucfg to set param 190 * 191 * Return: QDF_STATUS_SUCCESS - in case of success 192 */ 193 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 194 wlan_crypto_param_type param, 195 uint32_t value){ 196 QDF_STATUS status = QDF_STATUS_E_INVAL; 197 struct wlan_crypto_comp_priv *crypto_priv; 198 struct wlan_crypto_params *crypto_params; 199 200 crypto_params = wlan_crypto_peer_get_comp_params(peer, 201 &crypto_priv); 202 203 if (crypto_priv == NULL) { 204 crypto_err("crypto_priv NULL"); 205 return QDF_STATUS_E_INVAL; 206 } 207 208 crypto_params = &(crypto_priv->crypto_params); 209 210 status = wlan_crypto_set_param(crypto_params, param, value); 211 212 return status; 213 } 214 215 /** 216 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 217 * @param: Crypto param type 218 * @crypto_params: Crypto params struct 219 * 220 * This function gets called from in-within crypto layer 221 * 222 * Return: value or -1 for failure 223 */ 224 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 225 struct wlan_crypto_params *crypto_params) 226 { 227 int32_t value = -1; 228 229 switch (param) { 230 case WLAN_CRYPTO_PARAM_AUTH_MODE: 231 value = wlan_crypto_get_authmode(crypto_params); 232 break; 233 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 234 value = wlan_crypto_get_ucastciphers(crypto_params); 235 break; 236 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 237 value = wlan_crypto_get_mcastcipher(crypto_params); 238 break; 239 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 240 value = wlan_crypto_get_mgmtciphers(crypto_params); 241 break; 242 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 243 value = wlan_crypto_get_cipher_cap(crypto_params); 244 break; 245 case WLAN_CRYPTO_PARAM_RSN_CAP: 246 value = wlan_crypto_get_rsn_cap(crypto_params); 247 break; 248 case WLAN_CRYPTO_PARAM_KEY_MGMT: 249 value = wlan_crypto_get_key_mgmt(crypto_params); 250 break; 251 default: 252 value = QDF_STATUS_E_INVAL; 253 } 254 255 return value; 256 } 257 258 /** 259 * wlan_crypto_get_param - called to get value for param from vdev 260 * @vdev: vdev 261 * @param: Crypto param type 262 * 263 * This function gets called to get value for param from vdev 264 * 265 * Return: value or -1 for failure 266 */ 267 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 268 wlan_crypto_param_type param) 269 { 270 int32_t value = -1; 271 struct wlan_crypto_comp_priv *crypto_priv; 272 struct wlan_crypto_params *crypto_params; 273 crypto_priv = (struct wlan_crypto_comp_priv *) 274 wlan_get_vdev_crypto_obj(vdev); 275 276 if (crypto_priv == NULL) { 277 crypto_err("crypto_priv NULL"); 278 return QDF_STATUS_E_INVAL; 279 } 280 281 crypto_params = &(crypto_priv->crypto_params); 282 value = wlan_crypto_get_param_value(param, crypto_params); 283 284 return value; 285 } 286 /** 287 * wlan_crypto_get_peer_param - called to get value for param from peer 288 * @peer: peer 289 * @param: Crypto param type 290 * 291 * This function gets called to get value for param from peer 292 * 293 * Return: value or -1 for failure 294 */ 295 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 296 wlan_crypto_param_type param) 297 { 298 int32_t value = -1; 299 struct wlan_crypto_comp_priv *crypto_priv; 300 struct wlan_crypto_params *crypto_params; 301 302 crypto_params = wlan_crypto_peer_get_comp_params(peer, 303 &crypto_priv); 304 305 if (crypto_params == NULL) { 306 crypto_err("crypto_params NULL"); 307 return QDF_STATUS_E_INVAL; 308 } 309 value = wlan_crypto_get_param_value(param, crypto_params); 310 311 return value; 312 } 313 qdf_export_symbol(wlan_crypto_get_peer_param); 314 315 static 316 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 317 struct wlan_crypto_pmksa *pmksa) 318 { 319 uint8_t i, first_available_slot = 0; 320 bool slot_found = false; 321 322 /* find the empty slot or slot with same bssid */ 323 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 324 if (!crypto_params->pmksa[i]) { 325 if (!slot_found) { 326 slot_found = true; 327 first_available_slot = i; 328 } 329 continue; 330 } 331 if (qdf_is_macaddr_equal(&pmksa->bssid, 332 &crypto_params->pmksa[i]->bssid)) { 333 /* free the current pmksa and use this slot */ 334 qdf_mem_free(crypto_params->pmksa[i]); 335 crypto_params->pmksa[i] = pmksa; 336 return QDF_STATUS_SUCCESS; 337 } 338 } 339 340 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 341 crypto_err("no entry available for pmksa"); 342 qdf_mem_free(pmksa); 343 return QDF_STATUS_E_INVAL; 344 } 345 crypto_params->pmksa[first_available_slot] = pmksa; 346 347 return QDF_STATUS_SUCCESS; 348 } 349 350 static 351 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 352 struct wlan_crypto_pmksa *pmksa) 353 { 354 uint8_t i; 355 356 /* find slot with same bssid */ 357 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 358 if (!crypto_params->pmksa[i]) 359 continue; 360 if (qdf_is_macaddr_equal(&pmksa->bssid, 361 &crypto_params->pmksa[i]->bssid)) { 362 qdf_mem_free(crypto_params->pmksa[i]); 363 crypto_params->pmksa[i] = NULL; 364 return QDF_STATUS_SUCCESS; 365 } 366 } 367 368 return QDF_STATUS_E_INVAL; 369 } 370 371 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 372 { 373 uint8_t i; 374 375 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 376 if (!crypto_params->pmksa[i]) 377 continue; 378 qdf_mem_free(crypto_params->pmksa[i]); 379 crypto_params->pmksa[i] = NULL; 380 } 381 382 return QDF_STATUS_SUCCESS; 383 } 384 385 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 386 struct wlan_crypto_pmksa *pmksa, 387 bool set) 388 { 389 QDF_STATUS status = QDF_STATUS_E_INVAL; 390 struct wlan_crypto_comp_priv *crypto_priv; 391 struct wlan_crypto_params *crypto_params; 392 393 if (wlan_vdev_mlme_get_opmode(vdev) != QDF_STA_MODE) 394 return QDF_STATUS_E_NOSUPPORT; 395 396 if (!pmksa && set) { 397 crypto_err("pmksa is NULL for set operation"); 398 return QDF_STATUS_E_INVAL; 399 } 400 crypto_priv = (struct wlan_crypto_comp_priv *) 401 wlan_get_vdev_crypto_obj(vdev); 402 403 if (!crypto_priv) { 404 crypto_err("crypto_priv NULL"); 405 return QDF_STATUS_E_INVAL; 406 } 407 408 crypto_params = &crypto_priv->crypto_params; 409 if (set) { 410 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 411 /* Set pmksa */ 412 } else { 413 /* del pmksa */ 414 if (!pmksa) 415 status = wlan_crypto_pmksa_flush(crypto_params); 416 else 417 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 418 } 419 420 return status; 421 } 422 423 /** 424 * wlan_crypto_get_pmksa - called to get pmksa of bssid passed. 425 * @vdev: vdev 426 * @bssid: bssid 427 * 428 * This function gets called from to get pmksa for the bssid. 429 * 430 * Return: wlan_crypto_pmksa when match found else NULL. 431 */ 432 static struct wlan_crypto_pmksa * 433 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 434 { 435 struct wlan_crypto_comp_priv *crypto_priv; 436 struct wlan_crypto_params *crypto_params; 437 uint8_t i; 438 439 if (!bssid) { 440 crypto_err("bssid is NULL"); 441 return NULL; 442 } 443 crypto_priv = (struct wlan_crypto_comp_priv *) 444 wlan_get_vdev_crypto_obj(vdev); 445 446 if (!crypto_priv) { 447 crypto_err("crypto_priv NULL"); 448 return NULL; 449 } 450 451 crypto_params = &crypto_priv->crypto_params; 452 453 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 454 if (!crypto_params->pmksa[i]) 455 continue; 456 if (qdf_is_macaddr_equal(bssid, 457 &crypto_params->pmksa[i]->bssid)) { 458 return crypto_params->pmksa[i]; 459 } 460 } 461 462 return NULL; 463 } 464 /** 465 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 466 * @vdev: vdev 467 * @peer: peer 468 * 469 * This function gets called to check is HT allowed for cipher. 470 * HT is not allowed for wep and tkip. 471 * 472 * Return: 0 - not allowed or 1 - allowed 473 */ 474 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 475 struct wlan_objmgr_peer *peer) 476 { 477 int32_t ucast_cipher; 478 479 if (!(vdev || peer)) { 480 crypto_err("Invalid params"); 481 return 0; 482 } 483 484 if (vdev) 485 ucast_cipher = wlan_crypto_get_param(vdev, 486 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 487 else 488 ucast_cipher = wlan_crypto_get_peer_param(peer, 489 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 490 491 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 492 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 493 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 494 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 495 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 496 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 497 } 498 qdf_export_symbol(wlan_crypto_is_htallowed); 499 500 /** 501 * wlan_crypto_setkey - called by ucfg to setkey 502 * @vdev: vdev 503 * @req_key: req_key with cipher type, key macaddress 504 * 505 * This function gets called from ucfg to sey key 506 * 507 * Return: QDF_STATUS_SUCCESS - in case of success 508 */ 509 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 510 struct wlan_crypto_req_key *req_key){ 511 512 QDF_STATUS status = QDF_STATUS_E_INVAL; 513 struct wlan_crypto_comp_priv *crypto_priv; 514 struct wlan_crypto_params *crypto_params; 515 struct wlan_objmgr_psoc *psoc; 516 struct wlan_objmgr_peer *peer; 517 struct wlan_crypto_key *key = NULL; 518 const struct wlan_crypto_cipher *cipher; 519 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 520 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 521 bool isbcast; 522 enum QDF_OPMODE vdev_mode; 523 uint8_t igtk_idx = 0; 524 525 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 526 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 527 return QDF_STATUS_E_INVAL; 528 } 529 530 isbcast = qdf_is_macaddr_group( 531 (struct qdf_mac_addr *)req_key->macaddr); 532 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 533 /* zero length keys, only set default key id if flags are set*/ 534 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 535 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 536 && (!IS_MGMT_CIPHER(req_key->type))) { 537 wlan_crypto_default_key(vdev, 538 req_key->macaddr, 539 req_key->keyix, 540 !isbcast); 541 return QDF_STATUS_SUCCESS; 542 } 543 crypto_err("req_key len zero"); 544 return QDF_STATUS_E_INVAL; 545 } 546 547 cipher = wlan_crypto_cipher_ops[req_key->type]; 548 549 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 550 crypto_err("cipher invalid"); 551 return QDF_STATUS_E_INVAL; 552 } 553 554 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 555 (!IS_MGMT_CIPHER(req_key->type)) && 556 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 557 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 558 crypto_err("cipher invalid"); 559 return QDF_STATUS_E_INVAL; 560 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 561 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 562 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 563 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 564 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 565 return QDF_STATUS_E_INVAL; 566 } 567 568 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 569 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 570 | WLAN_CRYPTO_KEY_RECV)) { 571 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 572 | WLAN_CRYPTO_KEY_RECV); 573 } 574 } else { 575 if ((req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX) 576 && (!IS_MGMT_CIPHER(req_key->type))) { 577 return QDF_STATUS_E_INVAL; 578 } 579 580 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 581 | WLAN_CRYPTO_KEY_RECV); 582 if (isbcast) 583 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 584 } 585 586 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 587 588 wlan_vdev_obj_lock(vdev); 589 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 590 QDF_MAC_ADDR_SIZE); 591 psoc = wlan_vdev_get_psoc(vdev); 592 if (!psoc) { 593 wlan_vdev_obj_unlock(vdev); 594 crypto_err("psoc NULL"); 595 return QDF_STATUS_E_INVAL; 596 } 597 wlan_vdev_obj_unlock(vdev); 598 599 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 600 if (wlan_crypto_vdev_has_auth_mode(vdev, 601 (1 << WLAN_CRYPTO_AUTH_8021X))) { 602 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 603 } 604 } 605 606 if (isbcast) { 607 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 608 &crypto_priv); 609 if (crypto_priv == NULL) { 610 crypto_err("crypto_priv NULL"); 611 return QDF_STATUS_E_INVAL; 612 } 613 614 if (IS_MGMT_CIPHER(req_key->type)) { 615 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 616 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 617 crypto_err("igtk key invalid keyid %d", 618 igtk_idx); 619 return QDF_STATUS_E_INVAL; 620 } 621 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 622 if (key == NULL) { 623 crypto_err("igtk key alloc failed"); 624 return QDF_STATUS_E_NOMEM; 625 } 626 627 if (crypto_priv->igtk_key[igtk_idx]) 628 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 629 630 crypto_priv->igtk_key[igtk_idx] = key; 631 crypto_priv->igtk_key_type = req_key->type; 632 crypto_priv->def_igtk_tx_keyid = igtk_idx; 633 } else { 634 if (IS_FILS_CIPHER(req_key->type)) { 635 crypto_err("FILS key is not for BroadCast pkt"); 636 return QDF_STATUS_E_INVAL; 637 } 638 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 639 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 640 return QDF_STATUS_E_INVAL; 641 } 642 if (!crypto_priv->key[req_key->keyix]) { 643 crypto_priv->key[req_key->keyix] 644 = qdf_mem_malloc( 645 sizeof(struct wlan_crypto_key)); 646 if (!crypto_priv->key[req_key->keyix]) 647 return QDF_STATUS_E_NOMEM; 648 } 649 key = crypto_priv->key[req_key->keyix]; 650 } 651 if (vdev_mode == QDF_STA_MODE) { 652 peer = wlan_vdev_get_bsspeer(vdev); 653 if (!(peer && (QDF_STATUS_SUCCESS 654 == wlan_objmgr_peer_try_get_ref(peer, 655 WLAN_CRYPTO_ID)))) { 656 crypto_err("peer %pK failed", peer); 657 if (IS_MGMT_CIPHER(req_key->type)) { 658 crypto_priv->igtk_key[igtk_idx] = NULL; 659 crypto_priv->igtk_key_type 660 = WLAN_CRYPTO_CIPHER_NONE; 661 } else 662 crypto_priv->key[req_key->keyix] = NULL; 663 if (key) 664 qdf_mem_free(key); 665 return QDF_STATUS_E_INVAL; 666 } 667 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 668 QDF_MAC_ADDR_SIZE); 669 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 670 } 671 } else { 672 uint8_t pdev_id; 673 674 pdev_id = wlan_objmgr_pdev_get_pdev_id( 675 wlan_vdev_get_pdev(vdev)); 676 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 677 psoc, 678 pdev_id, 679 macaddr, 680 req_key->macaddr, 681 WLAN_CRYPTO_ID); 682 683 if (peer == NULL) { 684 crypto_err("peer NULL"); 685 return QDF_STATUS_E_INVAL; 686 } 687 688 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 689 crypto_params = wlan_crypto_peer_get_comp_params(peer, 690 &crypto_priv); 691 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 692 693 if (crypto_priv == NULL) { 694 crypto_err("crypto_priv NULL"); 695 return QDF_STATUS_E_INVAL; 696 } 697 if (IS_MGMT_CIPHER(req_key->type)) { 698 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 699 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 700 crypto_err("igtk key invalid keyid %d", 701 igtk_idx); 702 return QDF_STATUS_E_INVAL; 703 } 704 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 705 if (key == NULL) { 706 crypto_err("igtk key alloc failed"); 707 return QDF_STATUS_E_NOMEM; 708 } 709 if (crypto_priv->igtk_key[igtk_idx]) 710 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 711 712 crypto_priv->igtk_key[igtk_idx] = key; 713 crypto_priv->igtk_key_type = req_key->type; 714 crypto_priv->def_igtk_tx_keyid = igtk_idx; 715 } else { 716 uint16_t kid = req_key->keyix; 717 if (kid == WLAN_CRYPTO_KEYIX_NONE) 718 kid = 0; 719 if (kid >= WLAN_CRYPTO_MAXKEYIDX) { 720 crypto_err("invalid keyid %d", kid); 721 return QDF_STATUS_E_INVAL; 722 } 723 if (!crypto_priv->key[kid]) { 724 crypto_priv->key[kid] 725 = qdf_mem_malloc( 726 sizeof(struct wlan_crypto_key)); 727 if (!crypto_priv->key[kid]) 728 return QDF_STATUS_E_NOMEM; 729 } 730 key = crypto_priv->key[kid]; 731 } 732 } 733 734 /* alloc key might not required as it is already there */ 735 key->cipher_table = (void *)cipher; 736 key->keylen = req_key->keylen; 737 key->flags = req_key->flags; 738 739 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 740 key->keyix = 0; 741 else 742 key->keyix = req_key->keyix; 743 744 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 745 && (!IS_MGMT_CIPHER(req_key->type))) { 746 crypto_priv->def_tx_keyid = key->keyix; 747 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 748 } 749 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 750 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 751 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 752 0x5c, 0x36, 0x5c, 0x36, 753 0x5c, 0x36, 0x5c, 0x36, 754 0x5c, 0x36, 0x5c, 0x37}; 755 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 756 0x5c, 0x36, 0x5c, 0x36, 757 0x5c, 0x36, 0x5c, 0x36, 758 0x5c, 0x36, 0x5c, 0x36}; 759 760 /* During Tx PN should be increment and 761 * send but as per our implementation we increment only after 762 * Tx complete. So First packet PN check will be failed. 763 * To compensate increment the PN here by 2 764 */ 765 if (vdev_mode == QDF_SAP_MODE) { 766 iv_AP[15] += 2; 767 qdf_mem_copy(key->recviv, iv_STA, 768 WLAN_CRYPTO_WAPI_IV_SIZE); 769 qdf_mem_copy(key->txiv, iv_AP, 770 WLAN_CRYPTO_WAPI_IV_SIZE); 771 } else { 772 iv_STA[15] += 2; 773 qdf_mem_copy(key->recviv, iv_AP, 774 WLAN_CRYPTO_WAPI_IV_SIZE); 775 qdf_mem_copy(key->txiv, iv_STA, 776 WLAN_CRYPTO_WAPI_IV_SIZE); 777 } 778 } else { 779 uint8_t i = 0; 780 qdf_mem_copy((uint8_t *)(&key->keytsc), 781 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 782 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 783 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 784 (uint8_t *)(&req_key->keyrsc), 785 sizeof(key->keyrsc[0])); 786 } 787 } 788 789 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 790 key->valid = 1; 791 if ((IS_MGMT_CIPHER(req_key->type))) { 792 if (HAS_CIPHER_CAP(crypto_params, 793 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 794 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 795 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 796 key, macaddr, req_key->type); 797 } 798 } 799 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 800 status = wlan_crypto_set_igtk_key(key); 801 return status; 802 } else if (IS_FILS_CIPHER(req_key->type)) { 803 /* Take request key object to FILS setkey */ 804 key->private = req_key; 805 } else { 806 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 807 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 808 macaddr, req_key->type); 809 } 810 } 811 status = cipher->setkey(key); 812 813 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 814 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 815 (!IS_MGMT_CIPHER(req_key->type))) { 816 /* default xmit key */ 817 wlan_crypto_default_key(vdev, 818 req_key->macaddr, 819 req_key->keyix, 820 !isbcast); 821 } 822 823 return status; 824 } 825 826 /** 827 * wlan_crypto_get_keytype - get keytype 828 * @key: key 829 * 830 * This function gets keytype from key 831 * 832 * Return: keytype 833 */ 834 wlan_crypto_cipher_type wlan_crypto_get_key_type( 835 struct wlan_crypto_key *key){ 836 if (key && key->cipher_table) { 837 return ((struct wlan_crypto_cipher *) 838 (key->cipher_table))->cipher; 839 } 840 return WLAN_CRYPTO_CIPHER_NONE; 841 } 842 qdf_export_symbol(wlan_crypto_get_key_type); 843 /** 844 * wlan_crypto_vdev_getkey - get key from vdev 845 * @vdev: vdev 846 * @keyix: keyix 847 * 848 * This function gets key from vdev 849 * 850 * Return: key or NULL 851 */ 852 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 853 uint16_t keyix){ 854 struct wlan_crypto_comp_priv *crypto_priv; 855 struct wlan_crypto_params *crypto_params; 856 struct wlan_crypto_key *key = NULL; 857 858 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 859 860 if (crypto_priv == NULL) { 861 crypto_err("crypto_priv NULL"); 862 return NULL; 863 } 864 865 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 866 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 867 else 868 key = crypto_priv->key[keyix]; 869 870 if (key && key->valid) 871 return key; 872 873 return NULL; 874 } 875 qdf_export_symbol(wlan_crypto_vdev_getkey); 876 877 /** 878 * wlan_crypto_peer_getkey - get key from peer 879 * @peer: peer 880 * @keyix: keyix 881 * 882 * This function gets key from peer 883 * 884 * Return: key or NULL 885 */ 886 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 887 uint16_t keyix){ 888 struct wlan_crypto_comp_priv *crypto_priv; 889 struct wlan_crypto_params *crypto_params; 890 struct wlan_crypto_key *key = NULL; 891 892 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 893 894 if (crypto_priv == NULL) { 895 crypto_err("crypto_priv NULL"); 896 return NULL; 897 } 898 899 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 900 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 901 else 902 key = crypto_priv->key[keyix]; 903 904 if (key && key->valid) 905 return key; 906 907 return NULL; 908 } 909 qdf_export_symbol(wlan_crypto_peer_getkey); 910 911 /** 912 * wlan_crypto_getkey - called by ucfg to get key 913 * @vdev: vdev 914 * @req_key: key value will be copied in this req_key 915 * @mac_address: mac address of the peer for unicast key 916 * or broadcast address if group key is requested. 917 * 918 * This function gets called from ucfg to get key 919 * 920 * Return: QDF_STATUS_SUCCESS - in case of success 921 */ 922 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 923 struct wlan_crypto_req_key *req_key, 924 uint8_t *mac_addr){ 925 struct wlan_crypto_cipher *cipher_table; 926 struct wlan_crypto_key *key; 927 struct wlan_objmgr_psoc *psoc; 928 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 929 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 930 931 if ((req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 932 (req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX)) { 933 crypto_err("invalid keyix %d", req_key->keyix); 934 return QDF_STATUS_E_INVAL; 935 } 936 937 wlan_vdev_obj_lock(vdev); 938 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 939 QDF_MAC_ADDR_SIZE); 940 psoc = wlan_vdev_get_psoc(vdev); 941 if (!psoc) { 942 wlan_vdev_obj_unlock(vdev); 943 crypto_err("psoc NULL"); 944 return QDF_STATUS_E_INVAL; 945 } 946 wlan_vdev_obj_unlock(vdev); 947 948 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 949 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 950 if (!key) 951 return QDF_STATUS_E_INVAL; 952 } else { 953 struct wlan_objmgr_peer *peer; 954 uint8_t pdev_id; 955 956 pdev_id = wlan_objmgr_pdev_get_pdev_id( 957 wlan_vdev_get_pdev(vdev)); 958 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 959 psoc, 960 pdev_id, 961 macaddr, 962 mac_addr, 963 WLAN_CRYPTO_ID); 964 if (peer == NULL) { 965 crypto_err("peer NULL"); 966 return QDF_STATUS_E_NOENT; 967 } 968 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 969 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 970 if (!key) 971 return QDF_STATUS_E_INVAL; 972 } 973 974 if (key->valid) { 975 qdf_mem_copy(req_key->keydata, 976 key->keyval, key->keylen); 977 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 978 (uint8_t *)(&key->keytsc), 979 sizeof(req_key->keytsc)); 980 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 981 (uint8_t *)(&key->keyrsc[0]), 982 sizeof(req_key->keyrsc)); 983 req_key->keylen = key->keylen; 984 req_key->flags = key->flags; 985 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 986 987 if (!cipher_table) 988 return QDF_STATUS_SUCCESS; 989 990 req_key->type = cipher_table->cipher; 991 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 992 qdf_mem_copy((uint8_t *)(&req_key->txiv), 993 (uint8_t *)(key->txiv), 994 sizeof(req_key->txiv)); 995 qdf_mem_copy((uint8_t *)(&req_key->recviv), 996 (uint8_t *)(key->recviv), 997 sizeof(req_key->recviv)); 998 } 999 } 1000 1001 return QDF_STATUS_SUCCESS; 1002 } 1003 1004 /** 1005 * wlan_crypto_delkey - called by ucfg to delete key 1006 * @vdev: vdev 1007 * @mac_address: mac address of the peer for unicast key 1008 * or broadcast address if group key is deleted. 1009 * @key_idx: key index to be deleted 1010 * 1011 * This function gets called from ucfg to delete key 1012 * 1013 * Return: QDF_STATUS_SUCCESS - in case of success 1014 */ 1015 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1016 uint8_t *macaddr, 1017 uint8_t key_idx){ 1018 struct wlan_crypto_comp_priv *crypto_priv; 1019 struct wlan_crypto_params *crypto_params; 1020 struct wlan_crypto_key *key; 1021 struct wlan_crypto_cipher *cipher_table; 1022 struct wlan_objmgr_psoc *psoc; 1023 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1024 1025 if (!vdev || !macaddr || 1026 (key_idx >= 1027 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 1028 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1029 vdev, macaddr, key_idx); 1030 return QDF_STATUS_E_INVAL; 1031 } 1032 1033 wlan_vdev_obj_lock(vdev); 1034 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1035 QDF_MAC_ADDR_SIZE); 1036 psoc = wlan_vdev_get_psoc(vdev); 1037 if (!psoc) { 1038 wlan_vdev_obj_unlock(vdev); 1039 crypto_err("psoc NULL"); 1040 return QDF_STATUS_E_INVAL; 1041 } 1042 wlan_vdev_obj_unlock(vdev); 1043 1044 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1045 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1046 &crypto_priv); 1047 if (crypto_priv == NULL) { 1048 crypto_err("crypto_priv NULL"); 1049 return QDF_STATUS_E_INVAL; 1050 } 1051 } else { 1052 struct wlan_objmgr_peer *peer; 1053 uint8_t pdev_id; 1054 1055 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1056 wlan_vdev_get_pdev(vdev)); 1057 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1058 psoc, pdev_id, 1059 bssid_mac, 1060 macaddr, 1061 WLAN_CRYPTO_ID); 1062 if (peer == NULL) { 1063 return QDF_STATUS_E_INVAL; 1064 } 1065 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1066 &crypto_priv); 1067 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1068 if (crypto_priv == NULL) { 1069 crypto_err("crypto_priv NULL"); 1070 return QDF_STATUS_E_INVAL; 1071 } 1072 } 1073 1074 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1075 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1076 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1077 crypto_err("Igtk key invalid keyid %d", igtk_idx); 1078 return QDF_STATUS_E_INVAL; 1079 } 1080 key = crypto_priv->igtk_key[igtk_idx]; 1081 crypto_priv->igtk_key[igtk_idx] = NULL; 1082 if (key) 1083 key->valid = 0; 1084 } else { 1085 key = crypto_priv->key[key_idx]; 1086 crypto_priv->key[key_idx] = NULL; 1087 } 1088 1089 if (!key) 1090 return QDF_STATUS_E_INVAL; 1091 1092 if (key->valid) { 1093 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1094 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1095 1096 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 1097 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 1098 macaddr, cipher_table->cipher); 1099 } 1100 } 1101 qdf_mem_free(key); 1102 1103 return QDF_STATUS_SUCCESS; 1104 } 1105 1106 #ifdef CRYPTO_SET_KEY_CONVERGED 1107 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1108 uint8_t key_idx, uint8_t *macaddr) 1109 { 1110 return QDF_STATUS_SUCCESS; 1111 } 1112 #else 1113 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1114 uint8_t key_idx, uint8_t *macaddr) 1115 { 1116 struct wlan_objmgr_psoc *psoc; 1117 1118 psoc = wlan_vdev_get_psoc(vdev); 1119 if (!psoc) { 1120 crypto_err("psoc is NULL"); 1121 return QDF_STATUS_E_INVAL; 1122 } 1123 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1124 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1125 macaddr); 1126 } 1127 1128 return QDF_STATUS_SUCCESS; 1129 } 1130 #endif 1131 1132 /** 1133 * wlan_crypto_default_key - called by ucfg to set default tx key 1134 * @vdev: vdev 1135 * @mac_address: mac address of the peer for unicast key 1136 * or broadcast address if group key need to made default. 1137 * @key_idx: key index to be made as default key 1138 * @unicast: is key was unicast or group key. 1139 * 1140 * This function gets called from ucfg to set default key 1141 * 1142 * Return: QDF_STATUS_SUCCESS - in case of success 1143 */ 1144 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1145 uint8_t *macaddr, 1146 uint8_t key_idx, 1147 bool unicast){ 1148 struct wlan_crypto_comp_priv *crypto_priv; 1149 struct wlan_crypto_params *crypto_params; 1150 struct wlan_crypto_key *key; 1151 struct wlan_objmgr_psoc *psoc; 1152 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1153 1154 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1155 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1156 vdev, macaddr, key_idx); 1157 return QDF_STATUS_E_INVAL; 1158 } 1159 1160 wlan_vdev_obj_lock(vdev); 1161 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1162 QDF_MAC_ADDR_SIZE); 1163 psoc = wlan_vdev_get_psoc(vdev); 1164 if (!psoc) { 1165 wlan_vdev_obj_unlock(vdev); 1166 crypto_err("psoc NULL"); 1167 return QDF_STATUS_E_INVAL; 1168 } 1169 wlan_vdev_obj_unlock(vdev); 1170 1171 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1172 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1173 &crypto_priv); 1174 if (crypto_priv == NULL) { 1175 crypto_err("crypto_priv NULL"); 1176 return QDF_STATUS_E_INVAL; 1177 } 1178 1179 key = crypto_priv->key[key_idx]; 1180 if (!key) 1181 return QDF_STATUS_E_INVAL; 1182 } else { 1183 struct wlan_objmgr_peer *peer; 1184 uint8_t pdev_id; 1185 1186 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1187 wlan_vdev_get_pdev(vdev)); 1188 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1189 psoc, pdev_id, 1190 bssid_mac, 1191 macaddr, 1192 WLAN_CRYPTO_ID); 1193 1194 if (peer == NULL) { 1195 crypto_err("peer NULL"); 1196 return QDF_STATUS_E_INVAL; 1197 } 1198 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1199 &crypto_priv); 1200 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1201 if (crypto_priv == NULL) { 1202 crypto_err("crypto_priv NULL"); 1203 return QDF_STATUS_E_INVAL; 1204 } 1205 1206 key = crypto_priv->key[key_idx]; 1207 if (!key) 1208 return QDF_STATUS_E_INVAL; 1209 } 1210 if (!key->valid) 1211 return QDF_STATUS_E_INVAL; 1212 1213 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1214 QDF_STATUS_SUCCESS) 1215 return QDF_STATUS_E_INVAL; 1216 crypto_priv->def_tx_keyid = key_idx; 1217 1218 return QDF_STATUS_SUCCESS; 1219 } 1220 1221 /** 1222 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1223 * @vdev: vdev 1224 * @wbuf: wbuf 1225 * @macaddr: macaddr 1226 * @encapdone: is encapdone already or not. 1227 * 1228 * This function gets called from mgmt txrx to encap frame. 1229 * 1230 * Return: QDF_STATUS_SUCCESS - in case of success 1231 */ 1232 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1233 qdf_nbuf_t wbuf, 1234 uint8_t *mac_addr, 1235 uint8_t encapdone){ 1236 struct wlan_crypto_comp_priv *crypto_priv; 1237 struct wlan_crypto_params *crypto_params; 1238 struct wlan_crypto_key *key; 1239 QDF_STATUS status; 1240 struct wlan_crypto_cipher *cipher_table; 1241 struct wlan_objmgr_psoc *psoc; 1242 struct wlan_objmgr_peer *peer; 1243 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1244 uint8_t pdev_id; 1245 uint8_t hdrlen; 1246 enum QDF_OPMODE opmode; 1247 1248 opmode = wlan_vdev_mlme_get_opmode(vdev); 1249 wlan_vdev_obj_lock(vdev); 1250 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1251 QDF_MAC_ADDR_SIZE); 1252 psoc = wlan_vdev_get_psoc(vdev); 1253 if (!psoc) { 1254 wlan_vdev_obj_unlock(vdev); 1255 crypto_err("psoc NULL"); 1256 return QDF_STATUS_E_INVAL; 1257 } 1258 wlan_vdev_obj_unlock(vdev); 1259 1260 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1261 /* FILS Encap required only for (Re-)Assoc response */ 1262 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1263 1264 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1265 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1266 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1267 return QDF_STATUS_E_INVAL; 1268 } 1269 1270 if (peer) 1271 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1272 1273 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1274 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1275 &crypto_priv); 1276 if (crypto_priv == NULL) { 1277 crypto_err("crypto_priv NULL"); 1278 return QDF_STATUS_E_INVAL; 1279 } 1280 1281 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1282 if (!key) 1283 return QDF_STATUS_E_INVAL; 1284 1285 } else { 1286 struct wlan_objmgr_peer *peer; 1287 uint8_t pdev_id; 1288 1289 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1290 wlan_vdev_get_pdev(vdev)); 1291 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1292 bssid_mac, mac_addr, 1293 WLAN_CRYPTO_ID); 1294 1295 if (peer == NULL) { 1296 crypto_err("crypto_priv NULL"); 1297 return QDF_STATUS_E_INVAL; 1298 } 1299 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1300 &crypto_priv); 1301 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1302 1303 if (crypto_priv == NULL) { 1304 crypto_err("crypto_priv NULL"); 1305 return QDF_STATUS_E_INVAL; 1306 } 1307 1308 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1309 if (!key) 1310 return QDF_STATUS_E_INVAL; 1311 } 1312 if (opmode == QDF_MONITOR_MODE) 1313 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1314 else 1315 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1316 (uint8_t *)qdf_nbuf_data(wbuf)); 1317 1318 /* if tkip, is counter measures enabled, then drop the frame */ 1319 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1320 status = cipher_table->encap(key, wbuf, encapdone, 1321 hdrlen); 1322 1323 return status; 1324 } 1325 qdf_export_symbol(wlan_crypto_encap); 1326 1327 /** 1328 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1329 * @vdev: vdev 1330 * @wbuf: wbuf 1331 * @macaddr: macaddr 1332 * @tid: tid of the frame 1333 * 1334 * This function gets called from mgmt txrx to decap frame. 1335 * 1336 * Return: QDF_STATUS_SUCCESS - in case of success 1337 */ 1338 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1339 qdf_nbuf_t wbuf, 1340 uint8_t *mac_addr, 1341 uint8_t tid){ 1342 struct wlan_crypto_comp_priv *crypto_priv; 1343 struct wlan_crypto_params *crypto_params; 1344 struct wlan_crypto_key *key; 1345 QDF_STATUS status; 1346 struct wlan_crypto_cipher *cipher_table; 1347 struct wlan_objmgr_psoc *psoc; 1348 struct wlan_objmgr_peer *peer; 1349 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1350 uint8_t keyid; 1351 uint8_t pdev_id; 1352 uint8_t hdrlen; 1353 enum QDF_OPMODE opmode; 1354 1355 opmode = wlan_vdev_mlme_get_opmode(vdev); 1356 wlan_vdev_obj_lock(vdev); 1357 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1358 QDF_MAC_ADDR_SIZE); 1359 psoc = wlan_vdev_get_psoc(vdev); 1360 if (!psoc) { 1361 wlan_vdev_obj_unlock(vdev); 1362 crypto_err("psoc NULL"); 1363 return QDF_STATUS_E_INVAL; 1364 } 1365 wlan_vdev_obj_unlock(vdev); 1366 1367 if (opmode == QDF_MONITOR_MODE) 1368 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1369 else 1370 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1371 (uint8_t *)qdf_nbuf_data(wbuf)); 1372 1373 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1374 1375 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1376 return QDF_STATUS_E_INVAL; 1377 1378 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1379 /* FILS Decap required only for (Re-)Assoc request */ 1380 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1381 1382 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1383 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1384 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1385 return QDF_STATUS_E_INVAL; 1386 } 1387 1388 if (peer) 1389 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1390 1391 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1392 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1393 &crypto_priv); 1394 if (crypto_priv == NULL) { 1395 crypto_err("crypto_priv NULL"); 1396 return QDF_STATUS_E_INVAL; 1397 } 1398 1399 key = crypto_priv->key[keyid]; 1400 if (!key) 1401 return QDF_STATUS_E_INVAL; 1402 1403 } else { 1404 struct wlan_objmgr_peer *peer; 1405 uint8_t pdev_id; 1406 1407 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1408 wlan_vdev_get_pdev(vdev)); 1409 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1410 psoc, pdev_id, bssid_mac, 1411 mac_addr, WLAN_CRYPTO_ID); 1412 if (peer == NULL) { 1413 crypto_err("peer NULL"); 1414 return QDF_STATUS_E_INVAL; 1415 } 1416 1417 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1418 &crypto_priv); 1419 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1420 1421 if (crypto_priv == NULL) { 1422 crypto_err("crypto_priv NULL"); 1423 return QDF_STATUS_E_INVAL; 1424 } 1425 1426 key = crypto_priv->key[keyid]; 1427 if (!key) 1428 return QDF_STATUS_E_INVAL; 1429 } 1430 /* if tkip, is counter measures enabled, then drop the frame */ 1431 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1432 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1433 1434 return status; 1435 } 1436 qdf_export_symbol(wlan_crypto_decap); 1437 /** 1438 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1439 * @vdev: vdev 1440 * @wbuf: wbuf 1441 * @macaddr: macaddr 1442 * @encapdone: is encapdone already or not. 1443 * 1444 * This function gets called from mgmt txrx to adding mic to the frame. 1445 * 1446 * Return: QDF_STATUS_SUCCESS - in case of success 1447 */ 1448 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1449 qdf_nbuf_t wbuf, 1450 uint8_t *mac_addr, 1451 uint8_t encapdone){ 1452 struct wlan_crypto_comp_priv *crypto_priv; 1453 struct wlan_crypto_params *crypto_params; 1454 struct wlan_crypto_key *key; 1455 QDF_STATUS status; 1456 struct wlan_crypto_cipher *cipher_table; 1457 struct wlan_objmgr_psoc *psoc; 1458 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1459 uint8_t hdrlen; 1460 enum QDF_OPMODE opmode; 1461 1462 opmode = wlan_vdev_mlme_get_opmode(vdev); 1463 1464 1465 wlan_vdev_obj_lock(vdev); 1466 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1467 QDF_MAC_ADDR_SIZE); 1468 psoc = wlan_vdev_get_psoc(vdev); 1469 if (!psoc) { 1470 wlan_vdev_obj_unlock(vdev); 1471 crypto_err("psoc NULL"); 1472 return QDF_STATUS_E_INVAL; 1473 } 1474 wlan_vdev_obj_unlock(vdev); 1475 1476 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1477 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1478 &crypto_priv); 1479 if (crypto_priv == NULL) { 1480 crypto_err("crypto_priv NULL"); 1481 return QDF_STATUS_E_INVAL; 1482 } 1483 1484 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1485 if (!key) 1486 return QDF_STATUS_E_INVAL; 1487 1488 } else { 1489 struct wlan_objmgr_peer *peer; 1490 uint8_t pdev_id; 1491 1492 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1493 wlan_vdev_get_pdev(vdev)); 1494 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1495 psoc, pdev_id, bssid_mac, 1496 mac_addr, WLAN_CRYPTO_ID); 1497 if (peer == NULL) { 1498 crypto_err("crypto_priv NULL"); 1499 return QDF_STATUS_E_INVAL; 1500 } 1501 1502 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1503 &crypto_priv); 1504 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1505 1506 if (crypto_priv == NULL) { 1507 crypto_err("crypto_priv NULL"); 1508 return QDF_STATUS_E_INVAL; 1509 } 1510 1511 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1512 if (!key) 1513 return QDF_STATUS_E_INVAL; 1514 } 1515 if (opmode == QDF_MONITOR_MODE) 1516 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1517 else 1518 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1519 (uint8_t *)qdf_nbuf_data(wbuf)); 1520 1521 /* if tkip, is counter measures enabled, then drop the frame */ 1522 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1523 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1524 1525 return status; 1526 } 1527 1528 /** 1529 * wlan_crypto_demic - called by mgmt for remove and check mic for 1530 * the frame based on cipher 1531 * @vdev: vdev 1532 * @wbuf: wbuf 1533 * @macaddr: macaddr 1534 * @tid: tid of the frame 1535 * @keyid: keyid in the received frame 1536 * This function gets called from mgmt txrx to decap frame. 1537 * 1538 * Return: QDF_STATUS_SUCCESS - in case of success 1539 */ 1540 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1541 qdf_nbuf_t wbuf, 1542 uint8_t *mac_addr, 1543 uint8_t tid, 1544 uint8_t keyid){ 1545 struct wlan_crypto_comp_priv *crypto_priv; 1546 struct wlan_crypto_params *crypto_params; 1547 struct wlan_crypto_key *key; 1548 QDF_STATUS status; 1549 struct wlan_crypto_cipher *cipher_table; 1550 struct wlan_objmgr_psoc *psoc; 1551 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1552 uint8_t hdrlen; 1553 enum QDF_OPMODE opmode; 1554 1555 opmode = wlan_vdev_mlme_get_opmode(vdev); 1556 1557 if (opmode == QDF_MONITOR_MODE) 1558 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1559 else 1560 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1561 (uint8_t *)qdf_nbuf_data(wbuf)); 1562 1563 wlan_vdev_obj_lock(vdev); 1564 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1565 QDF_MAC_ADDR_SIZE); 1566 psoc = wlan_vdev_get_psoc(vdev); 1567 if (!psoc) { 1568 wlan_vdev_obj_unlock(vdev); 1569 crypto_err("psoc NULL"); 1570 return QDF_STATUS_E_INVAL; 1571 } 1572 wlan_vdev_obj_unlock(vdev); 1573 1574 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1575 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1576 &crypto_priv); 1577 if (crypto_priv == NULL) { 1578 crypto_err("crypto_priv NULL"); 1579 return QDF_STATUS_E_INVAL; 1580 } 1581 1582 key = crypto_priv->key[keyid]; 1583 if (!key) 1584 return QDF_STATUS_E_INVAL; 1585 1586 } else { 1587 struct wlan_objmgr_peer *peer; 1588 uint8_t pdev_id; 1589 1590 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1591 wlan_vdev_get_pdev(vdev)); 1592 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1593 psoc, pdev_id, bssid_mac, 1594 mac_addr, WLAN_CRYPTO_ID); 1595 if (peer == NULL) { 1596 crypto_err("peer NULL"); 1597 return QDF_STATUS_E_INVAL; 1598 } 1599 1600 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1601 &crypto_priv); 1602 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1603 1604 if (crypto_priv == NULL) { 1605 crypto_err("crypto_priv NULL"); 1606 return QDF_STATUS_E_INVAL; 1607 } 1608 1609 key = crypto_priv->key[keyid]; 1610 if (!key) 1611 return QDF_STATUS_E_INVAL; 1612 } 1613 /* if tkip, is counter measures enabled, then drop the frame */ 1614 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1615 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1616 1617 return status; 1618 } 1619 1620 /** 1621 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1622 * @vdev: vdev 1623 * 1624 * This function gets called to check is pmf enabled or not in vdev. 1625 * 1626 * Return: true or false 1627 */ 1628 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1629 { 1630 1631 struct wlan_crypto_comp_priv *crypto_priv; 1632 struct wlan_crypto_params *vdev_crypto_params; 1633 1634 if (!vdev) 1635 return false; 1636 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1637 &crypto_priv); 1638 if (crypto_priv == NULL) { 1639 crypto_err("crypto_priv NULL"); 1640 return QDF_STATUS_E_INVAL; 1641 } 1642 1643 if ((vdev_crypto_params->rsn_caps & 1644 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1645 || (vdev_crypto_params->rsn_caps & 1646 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1647 return true; 1648 } 1649 1650 return false; 1651 } 1652 /** 1653 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1654 * @vdev: vdev 1655 * @peer: peer 1656 * 1657 * This function gets called by mgmt txrx to check is pmf enabled or not. 1658 * 1659 * Return: true or false 1660 */ 1661 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1662 struct wlan_objmgr_peer *peer){ 1663 1664 struct wlan_crypto_comp_priv *crypto_priv; 1665 struct wlan_crypto_params *vdev_crypto_params; 1666 struct wlan_crypto_params *peer_crypto_params; 1667 1668 if (!vdev || !peer) 1669 return false; 1670 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1671 &crypto_priv); 1672 if (crypto_priv == NULL) { 1673 crypto_err("crypto_priv NULL"); 1674 return QDF_STATUS_E_INVAL; 1675 } 1676 1677 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1678 &crypto_priv); 1679 if (crypto_priv == NULL) { 1680 crypto_err("crypto_priv NULL"); 1681 return QDF_STATUS_E_INVAL; 1682 } 1683 if (((vdev_crypto_params->rsn_caps & 1684 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1685 (peer_crypto_params->rsn_caps & 1686 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1687 || (vdev_crypto_params->rsn_caps & 1688 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1689 return true; 1690 } 1691 1692 return false; 1693 } 1694 1695 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1696 { 1697 a[0] = b[5]; 1698 a[1] = b[4]; 1699 a[2] = b[3]; 1700 a[3] = b[2]; 1701 a[4] = b[1]; 1702 a[5] = b[0]; 1703 } 1704 1705 /** 1706 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1707 * @vdev: vdev 1708 * @bfrm: frame starting pointer 1709 * @len: length of the frame 1710 * 1711 * This function gets called by mgmt txrx to add mmie in frame 1712 * 1713 * Return: end of frame or NULL in case failure 1714 */ 1715 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1716 uint8_t *bfrm, 1717 uint32_t len) { 1718 struct wlan_crypto_key *key; 1719 struct wlan_crypto_mmie *mmie; 1720 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1721 struct wlan_frame_hdr *hdr; 1722 uint32_t i, hdrlen, mic_len, aad_len; 1723 uint8_t mic[16]; 1724 struct wlan_crypto_comp_priv *crypto_priv; 1725 struct wlan_crypto_params *crypto_params; 1726 int32_t ret = -1; 1727 1728 if (!bfrm) { 1729 crypto_err("frame is NULL"); 1730 return NULL; 1731 } 1732 1733 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1734 &crypto_priv); 1735 if (crypto_priv == NULL) { 1736 crypto_err("crypto_priv NULL"); 1737 return NULL; 1738 } 1739 1740 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1741 crypto_err("igtk key invalid keyid %d", 1742 crypto_priv->def_igtk_tx_keyid); 1743 return NULL; 1744 } 1745 1746 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1747 if (!key) { 1748 crypto_err("No igtk key present"); 1749 return NULL; 1750 } 1751 mic_len = (crypto_priv->igtk_key_type 1752 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1753 1754 efrm = bfrm + len; 1755 aad_len = 20; 1756 hdrlen = sizeof(struct wlan_frame_hdr); 1757 len += sizeof(struct wlan_crypto_mmie); 1758 1759 mmie = (struct wlan_crypto_mmie *) efrm; 1760 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1761 mmie->element_id = WLAN_ELEMID_MMIE; 1762 mmie->length = sizeof(*mmie) - 2; 1763 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1764 1765 mic_len = (crypto_priv->igtk_key_type 1766 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1767 if (mic_len == 8) { 1768 mmie->length -= 8; 1769 len -= 8; 1770 } 1771 /* PN = PN + 1 */ 1772 pn = (uint8_t *)&key->keytsc; 1773 1774 for (i = 0; i <= 5; i++) { 1775 pn[i]++; 1776 if (pn[i]) 1777 break; 1778 } 1779 1780 /* Copy IPN */ 1781 qdf_mem_copy(mmie->sequence_number, pn, 6); 1782 1783 hdr = (struct wlan_frame_hdr *) bfrm; 1784 1785 buf = qdf_mem_malloc(len - hdrlen + 20); 1786 if (!buf) { 1787 crypto_err("malloc failed"); 1788 return NULL; 1789 } 1790 qdf_mem_zero(buf, len - hdrlen + 20); 1791 aad = buf; 1792 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1793 1794 /* FC type/subtype */ 1795 aad[0] = hdr->i_fc[0]; 1796 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1797 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1798 | WLAN_FC1_MOREDATA)); 1799 /* A1 || A2 || A3 */ 1800 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 1801 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1802 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 1803 qdf_mem_zero(mic, 16); 1804 1805 /* 1806 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1807 */ 1808 1809 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1810 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1811 1812 ret = omac1_aes_128(key->keyval, buf, 1813 len + aad_len - hdrlen, mic); 1814 qdf_mem_copy(mmie->mic, mic, 8); 1815 1816 } else if (crypto_priv->igtk_key_type 1817 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1818 1819 ret = omac1_aes_256(key->keyval, buf, 1820 len + aad_len - hdrlen, mmie->mic); 1821 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1822 || (crypto_priv->igtk_key_type 1823 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1824 1825 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1826 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1827 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1828 sizeof(nounce), buf, 1829 len + aad_len - hdrlen, mmie->mic); 1830 } 1831 qdf_mem_free(buf); 1832 if (ret < 0) { 1833 crypto_err("add mmie failed"); 1834 return NULL; 1835 } 1836 1837 return bfrm + len; 1838 } 1839 1840 /** 1841 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1842 * @vdev: vdev 1843 * @frm: frame starting pointer 1844 * @efrm: end of frame pointer 1845 * 1846 * This function gets called by mgmt txrx to check mmie of the frame 1847 * 1848 * Return: true or false 1849 */ 1850 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1851 uint8_t *frm, 1852 uint8_t *efrm){ 1853 struct wlan_crypto_mmie *mmie = NULL; 1854 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1855 struct wlan_crypto_key *key; 1856 struct wlan_frame_hdr *hdr; 1857 uint16_t mic_len, hdrlen, len; 1858 struct wlan_crypto_comp_priv *crypto_priv; 1859 struct wlan_crypto_params *crypto_params; 1860 uint8_t aad_len = 20; 1861 int32_t ret = -1; 1862 1863 /* check if frame is illegal length */ 1864 if (!frm || !efrm || (efrm < frm) 1865 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 1866 crypto_err("Invalid params"); 1867 return false; 1868 } 1869 len = efrm - frm; 1870 crypto_priv = (struct wlan_crypto_comp_priv *) 1871 wlan_get_vdev_crypto_obj(vdev); 1872 if (crypto_priv == NULL) { 1873 crypto_err("crypto_priv NULL"); 1874 return false; 1875 } 1876 1877 crypto_params = &(crypto_priv->crypto_params); 1878 1879 1880 mic_len = (crypto_priv->igtk_key_type 1881 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1882 hdrlen = sizeof(struct wlan_frame_hdr); 1883 1884 if (mic_len == 8) 1885 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1886 else 1887 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1888 1889 1890 /* check Elem ID*/ 1891 if ((mmie == NULL) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1892 crypto_err("IE is not MMIE"); 1893 return false; 1894 } 1895 1896 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1897 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1898 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1899 crypto_err("keyid not valid"); 1900 return false; 1901 } 1902 1903 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1904 if (!key) { 1905 crypto_err("No igtk key present"); 1906 return false; 1907 } 1908 1909 /* validate ipn */ 1910 ipn = mmie->sequence_number; 1911 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1912 uint8_t *su = (uint8_t *)key->keyrsc; 1913 uint8_t *end = ipn + 6; 1914 1915 crypto_err("replay error :"); 1916 while (ipn < end) { 1917 crypto_err("expected pn = %x received pn = %x", 1918 *ipn++, *su++); 1919 } 1920 return false; 1921 } 1922 1923 buf = qdf_mem_malloc(len - hdrlen + 20); 1924 if (!buf) { 1925 crypto_err("malloc failed"); 1926 return false; 1927 } 1928 aad = buf; 1929 1930 /* construct AAD */ 1931 hdr = (struct wlan_frame_hdr *)frm; 1932 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1933 1934 /* FC type/subtype */ 1935 aad[0] = hdr->i_fc[0]; 1936 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1937 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1938 | WLAN_FC1_MOREDATA)); 1939 /* A1 || A2 || A3 */ 1940 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 1941 1942 /* 1943 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1944 */ 1945 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1946 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1947 qdf_mem_zero(mic, 16); 1948 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1949 ret = omac1_aes_128(key->keyval, buf, 1950 len - hdrlen + aad_len, mic); 1951 } else if (crypto_priv->igtk_key_type 1952 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1953 ret = omac1_aes_256(key->keyval, buf, 1954 len + aad_len - hdrlen, mic); 1955 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1956 || (crypto_priv->igtk_key_type 1957 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1958 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1959 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 1960 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1961 sizeof(nounce), buf, 1962 len + aad_len - hdrlen, mic); 1963 } 1964 1965 qdf_mem_free(buf); 1966 1967 if (ret < 0) { 1968 crypto_err("genarate mmie failed"); 1969 return false; 1970 } 1971 1972 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 1973 crypto_err("mmie mismatch"); 1974 /* MMIE MIC mismatch */ 1975 return false; 1976 } 1977 1978 /* Update the receive sequence number */ 1979 qdf_mem_copy(key->keyrsc, ipn, 6); 1980 crypto_debug("mmie matched"); 1981 1982 return true; 1983 } 1984 1985 1986 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 1987 { 1988 int32_t status = -1; 1989 1990 switch (cipher) { 1991 case WLAN_CRYPTO_CIPHER_TKIP: 1992 return WPA_CIPHER_SUITE_TKIP; 1993 case WLAN_CRYPTO_CIPHER_AES_CCM: 1994 return WPA_CIPHER_SUITE_CCMP; 1995 case WLAN_CRYPTO_CIPHER_NONE: 1996 return WPA_CIPHER_SUITE_NONE; 1997 } 1998 1999 return status; 2000 } 2001 2002 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2003 { 2004 int32_t status = -1; 2005 2006 switch (cipher) { 2007 case WLAN_CRYPTO_CIPHER_TKIP: 2008 return RSN_CIPHER_SUITE_TKIP; 2009 case WLAN_CRYPTO_CIPHER_AES_CCM: 2010 return RSN_CIPHER_SUITE_CCMP; 2011 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2012 return RSN_CIPHER_SUITE_CCMP_256; 2013 case WLAN_CRYPTO_CIPHER_AES_GCM: 2014 return RSN_CIPHER_SUITE_GCMP; 2015 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2016 return RSN_CIPHER_SUITE_GCMP_256; 2017 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2018 return RSN_CIPHER_SUITE_AES_CMAC; 2019 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2020 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2021 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2022 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2023 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2024 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2025 case WLAN_CRYPTO_CIPHER_NONE: 2026 return RSN_CIPHER_SUITE_NONE; 2027 } 2028 2029 return status; 2030 } 2031 2032 /* 2033 * Convert an RSN key management/authentication algorithm 2034 * to an internal code. 2035 */ 2036 static int32_t 2037 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2038 { 2039 int32_t status = -1; 2040 2041 switch (keymgmt) { 2042 case WLAN_CRYPTO_KEY_MGMT_NONE: 2043 return RSN_AUTH_KEY_MGMT_NONE; 2044 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2045 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2046 case WLAN_CRYPTO_KEY_MGMT_PSK: 2047 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2048 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2049 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2050 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2051 return RSN_AUTH_KEY_MGMT_FT_PSK; 2052 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2053 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2054 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2055 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2056 case WLAN_CRYPTO_KEY_MGMT_SAE: 2057 return RSN_AUTH_KEY_MGMT_SAE; 2058 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2059 return RSN_AUTH_KEY_MGMT_FT_SAE; 2060 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2061 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2062 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2063 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2064 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2065 return RSN_AUTH_KEY_MGMT_CCKM; 2066 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2067 return RSN_AUTH_KEY_MGMT_OSEN; 2068 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2069 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2070 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2071 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2072 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2073 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2074 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2075 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2076 case WLAN_CRYPTO_KEY_MGMT_OWE: 2077 return RSN_AUTH_KEY_MGMT_OWE; 2078 case WLAN_CRYPTO_KEY_MGMT_DPP: 2079 return RSN_AUTH_KEY_MGMT_DPP; 2080 } 2081 2082 return status; 2083 } 2084 2085 /* 2086 * Convert an RSN key management/authentication algorithm 2087 * to an internal code. 2088 */ 2089 static int32_t 2090 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2091 { 2092 int32_t status = -1; 2093 2094 switch (keymgmt) { 2095 case WLAN_CRYPTO_KEY_MGMT_NONE: 2096 return WPA_AUTH_KEY_MGMT_NONE; 2097 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2098 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2099 case WLAN_CRYPTO_KEY_MGMT_PSK: 2100 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2101 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2102 return WPA_AUTH_KEY_MGMT_CCKM; 2103 } 2104 2105 return status; 2106 } 2107 /** 2108 * Convert a WPA cipher selector OUI to an internal 2109 * cipher algorithm. Where appropriate we also 2110 * record any key length. 2111 */ 2112 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 2113 { 2114 uint32_t w = LE_READ_4(sel); 2115 int32_t status = -1; 2116 2117 switch (w) { 2118 case WPA_CIPHER_SUITE_TKIP: 2119 return WLAN_CRYPTO_CIPHER_TKIP; 2120 case WPA_CIPHER_SUITE_CCMP: 2121 return WLAN_CRYPTO_CIPHER_AES_CCM; 2122 case WPA_CIPHER_SUITE_NONE: 2123 return WLAN_CRYPTO_CIPHER_NONE; 2124 } 2125 2126 return status; 2127 } 2128 2129 /* 2130 * Convert a WPA key management/authentication algorithm 2131 * to an internal code. 2132 */ 2133 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 2134 { 2135 uint32_t w = LE_READ_4(sel); 2136 int32_t status = -1; 2137 2138 switch (w) { 2139 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2140 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2141 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2142 return WLAN_CRYPTO_KEY_MGMT_PSK; 2143 case WPA_AUTH_KEY_MGMT_CCKM: 2144 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2145 case WPA_AUTH_KEY_MGMT_NONE: 2146 return WLAN_CRYPTO_KEY_MGMT_NONE; 2147 } 2148 return status; 2149 } 2150 2151 /* 2152 * Convert a RSN cipher selector OUI to an internal 2153 * cipher algorithm. Where appropriate we also 2154 * record any key length. 2155 */ 2156 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 2157 { 2158 uint32_t w = LE_READ_4(sel); 2159 int32_t status = -1; 2160 2161 switch (w) { 2162 case RSN_CIPHER_SUITE_TKIP: 2163 return WLAN_CRYPTO_CIPHER_TKIP; 2164 case RSN_CIPHER_SUITE_CCMP: 2165 return WLAN_CRYPTO_CIPHER_AES_CCM; 2166 case RSN_CIPHER_SUITE_CCMP_256: 2167 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2168 case RSN_CIPHER_SUITE_GCMP: 2169 return WLAN_CRYPTO_CIPHER_AES_GCM; 2170 case RSN_CIPHER_SUITE_GCMP_256: 2171 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2172 case RSN_CIPHER_SUITE_AES_CMAC: 2173 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2174 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2175 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2176 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2177 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2178 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2179 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2180 case RSN_CIPHER_SUITE_NONE: 2181 return WLAN_CRYPTO_CIPHER_NONE; 2182 } 2183 2184 return status; 2185 } 2186 /* 2187 * Convert an RSN key management/authentication algorithm 2188 * to an internal code. 2189 */ 2190 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2191 { 2192 uint32_t w = LE_READ_4(sel); 2193 int32_t status = -1; 2194 2195 switch (w) { 2196 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2197 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2198 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2199 return WLAN_CRYPTO_KEY_MGMT_PSK; 2200 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2201 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2202 case RSN_AUTH_KEY_MGMT_FT_PSK: 2203 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2204 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2205 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2206 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2207 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2208 case RSN_AUTH_KEY_MGMT_SAE: 2209 return WLAN_CRYPTO_KEY_MGMT_SAE; 2210 case RSN_AUTH_KEY_MGMT_FT_SAE: 2211 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2212 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2213 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2214 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2215 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2216 case RSN_AUTH_KEY_MGMT_CCKM: 2217 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2218 case RSN_AUTH_KEY_MGMT_OSEN: 2219 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2220 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2221 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2222 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2223 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2224 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2225 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2226 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2227 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2228 case RSN_AUTH_KEY_MGMT_OWE: 2229 return WLAN_CRYPTO_KEY_MGMT_OWE; 2230 case RSN_AUTH_KEY_MGMT_DPP: 2231 return WLAN_CRYPTO_KEY_MGMT_DPP; 2232 } 2233 2234 return status; 2235 } 2236 2237 /** 2238 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2239 * @crypto params: crypto params 2240 * @iebuf: ie buffer 2241 * 2242 * This function gets called by mlme to check the contents of wpa is 2243 * matching with given crypto params 2244 * 2245 * Return: QDF_STATUS_SUCCESS - in case of success 2246 */ 2247 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2248 uint8_t *frm){ 2249 uint8_t len = frm[1]; 2250 int32_t w; 2251 int n; 2252 2253 /* 2254 * Check the length once for fixed parts: OUI, type, 2255 * version, mcast cipher, and 2 selector counts. 2256 * Other, variable-length data, must be checked separately. 2257 */ 2258 RESET_AUTHMODE(crypto_params); 2259 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2260 2261 if (len < 14) 2262 return QDF_STATUS_E_INVAL; 2263 2264 frm += 6, len -= 4; 2265 2266 w = LE_READ_2(frm); 2267 if (w != WPA_VERSION) 2268 return QDF_STATUS_E_INVAL; 2269 2270 frm += 2, len -= 2; 2271 2272 /* multicast/group cipher */ 2273 RESET_MCAST_CIPHERS(crypto_params); 2274 w = wlan_crypto_wpa_suite_to_cipher(frm); 2275 if (w < 0) 2276 return QDF_STATUS_E_INVAL; 2277 SET_MCAST_CIPHER(crypto_params, w); 2278 frm += 4, len -= 4; 2279 2280 /* unicast ciphers */ 2281 n = LE_READ_2(frm); 2282 frm += 2, len -= 2; 2283 if (len < n*4+2) 2284 return QDF_STATUS_E_INVAL; 2285 2286 RESET_UCAST_CIPHERS(crypto_params); 2287 for (; n > 0; n--) { 2288 w = wlan_crypto_wpa_suite_to_cipher(frm); 2289 if (w < 0) 2290 return QDF_STATUS_E_INVAL; 2291 SET_UCAST_CIPHER(crypto_params, w); 2292 frm += 4, len -= 4; 2293 } 2294 2295 if (!crypto_params->ucastcipherset) 2296 return QDF_STATUS_E_INVAL; 2297 2298 /* key management algorithms */ 2299 n = LE_READ_2(frm); 2300 frm += 2, len -= 2; 2301 if (len < n*4) 2302 return QDF_STATUS_E_INVAL; 2303 2304 w = 0; 2305 RESET_KEY_MGMT(crypto_params); 2306 for (; n > 0; n--) { 2307 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2308 if (w < 0) 2309 return QDF_STATUS_E_INVAL; 2310 SET_KEY_MGMT(crypto_params, w); 2311 frm += 4, len -= 4; 2312 } 2313 2314 /* optional capabilities */ 2315 if (len >= 2) { 2316 crypto_params->rsn_caps = LE_READ_2(frm); 2317 frm += 2, len -= 2; 2318 } 2319 2320 return 0; 2321 } 2322 2323 /** 2324 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2325 * @crypto params: crypto params 2326 * @iebuf: ie buffer 2327 * 2328 * This function gets called by mlme to check the contents of wpa is 2329 * matching with given crypto params 2330 * 2331 * Return: QDF_STATUS_SUCCESS - in case of success 2332 */ 2333 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2334 uint8_t *frm){ 2335 uint8_t len = frm[1]; 2336 int32_t w; 2337 int n; 2338 2339 /* Check the length once for fixed parts: OUI, type & version */ 2340 if (len < 2) 2341 return QDF_STATUS_E_INVAL; 2342 2343 /* initialize crypto params */ 2344 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2345 2346 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2347 2348 frm += 2; 2349 /* NB: iswapoui already validated the OUI and type */ 2350 w = LE_READ_2(frm); 2351 if (w != RSN_VERSION) 2352 return QDF_STATUS_E_INVAL; 2353 2354 frm += 2, len -= 2; 2355 2356 if (!len) { 2357 /* set defaults */ 2358 /* default group cipher CCMP-128 */ 2359 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2360 /* default ucast cipher CCMP-128 */ 2361 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2362 /* default key mgmt 8021x */ 2363 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2364 return QDF_STATUS_SUCCESS; 2365 } else if (len < 4) { 2366 return QDF_STATUS_E_INVAL; 2367 } 2368 2369 /* multicast/group cipher */ 2370 w = wlan_crypto_rsn_suite_to_cipher(frm); 2371 if (w < 0) 2372 return QDF_STATUS_E_INVAL; 2373 else { 2374 SET_MCAST_CIPHER(crypto_params, w); 2375 frm += 4, len -= 4; 2376 } 2377 2378 if (crypto_params->mcastcipherset == 0) 2379 return QDF_STATUS_E_INVAL; 2380 2381 if (!len) { 2382 /* default ucast cipher CCMP-128 */ 2383 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2384 /* default key mgmt 8021x */ 2385 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2386 return QDF_STATUS_SUCCESS; 2387 } else if (len < 2) { 2388 return QDF_STATUS_E_INVAL; 2389 } 2390 2391 /* unicast ciphers */ 2392 n = LE_READ_2(frm); 2393 frm += 2, len -= 2; 2394 if (n) { 2395 if (len < n * 4) 2396 return QDF_STATUS_E_INVAL; 2397 2398 for (; n > 0; n--) { 2399 w = wlan_crypto_rsn_suite_to_cipher(frm); 2400 if (w < 0) 2401 return QDF_STATUS_E_INVAL; 2402 SET_UCAST_CIPHER(crypto_params, w); 2403 frm += 4, len -= 4; 2404 } 2405 } else { 2406 /* default ucast cipher CCMP-128 */ 2407 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2408 } 2409 2410 if (crypto_params->ucastcipherset == 0) 2411 return QDF_STATUS_E_INVAL; 2412 2413 if (!len) { 2414 /* default key mgmt 8021x */ 2415 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2416 return QDF_STATUS_SUCCESS; 2417 } else if (len < 2) { 2418 return QDF_STATUS_E_INVAL; 2419 } 2420 2421 /* key management algorithms */ 2422 n = LE_READ_2(frm); 2423 frm += 2, len -= 2; 2424 2425 if (n) { 2426 if (len < n * 4) 2427 return QDF_STATUS_E_INVAL; 2428 2429 for (; n > 0; n--) { 2430 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2431 if (w < 0) 2432 return QDF_STATUS_E_INVAL; 2433 SET_KEY_MGMT(crypto_params, w); 2434 frm += 4, len -= 4; 2435 } 2436 } else { 2437 /* default key mgmt 8021x */ 2438 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2439 } 2440 2441 if (crypto_params->key_mgmt == 0) 2442 return QDF_STATUS_E_INVAL; 2443 2444 /* optional capabilities */ 2445 if (len >= 2) { 2446 crypto_params->rsn_caps = LE_READ_2(frm); 2447 frm += 2, len -= 2; 2448 } else if (len && len < 2) { 2449 return QDF_STATUS_E_INVAL; 2450 } 2451 2452 2453 /* PMKID */ 2454 if (len >= 2) { 2455 n = LE_READ_2(frm); 2456 frm += 2, len -= 2; 2457 if (n && len) { 2458 if (len >= n * PMKID_LEN) 2459 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2460 else 2461 return QDF_STATUS_E_INVAL; 2462 } else if (n && !len) { 2463 return QDF_STATUS_E_INVAL; 2464 } 2465 /*TODO: Save pmkid in params for further reference */ 2466 } 2467 2468 /* BIP */ 2469 if (!len && 2470 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2471 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2472 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2473 return QDF_STATUS_SUCCESS; 2474 } else if (len >= 4) { 2475 w = wlan_crypto_rsn_suite_to_cipher(frm); 2476 frm += 4, len -= 4; 2477 SET_MGMT_CIPHER(crypto_params, w); 2478 } 2479 2480 return QDF_STATUS_SUCCESS; 2481 } 2482 2483 /** 2484 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2485 * @vdev: vdev 2486 * @iebuf: ie buffer 2487 * 2488 * This function gets called by mlme to build wpaie from given vdev 2489 * 2490 * Return: end of buffer 2491 */ 2492 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2493 uint8_t *iebuf){ 2494 uint8_t *frm = iebuf; 2495 uint8_t *selcnt; 2496 struct wlan_crypto_comp_priv *crypto_priv; 2497 struct wlan_crypto_params *crypto_params; 2498 2499 if (!frm) 2500 return NULL; 2501 2502 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2503 2504 if (!crypto_params) 2505 return NULL; 2506 2507 *frm++ = WLAN_ELEMID_VENDOR; 2508 *frm++ = 0; 2509 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2510 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2511 2512 2513 /* multicast cipher */ 2514 if (MCIPHER_IS_TKIP(crypto_params)) 2515 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2516 else if (MCIPHER_IS_CCMP128(crypto_params)) 2517 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2518 2519 /* unicast cipher list */ 2520 selcnt = frm; 2521 WLAN_CRYPTO_ADDSHORT(frm, 0); 2522 /* do not use CCMP unicast cipher in WPA mode */ 2523 if (UCIPHER_IS_CCMP128(crypto_params)) { 2524 selcnt[0]++; 2525 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2526 } 2527 if (UCIPHER_IS_TKIP(crypto_params)) { 2528 selcnt[0]++; 2529 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2530 } 2531 2532 /* authenticator selector list */ 2533 selcnt = frm; 2534 WLAN_CRYPTO_ADDSHORT(frm, 0); 2535 2536 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2537 selcnt[0]++; 2538 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2539 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2540 selcnt[0]++; 2541 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2542 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2543 selcnt[0]++; 2544 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2545 } else { 2546 selcnt[0]++; 2547 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2548 } 2549 2550 /* optional capabilities */ 2551 if (crypto_params->rsn_caps != 0 && 2552 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2553 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2554 } 2555 2556 /* calculate element length */ 2557 iebuf[1] = frm - iebuf - 2; 2558 2559 return frm; 2560 } 2561 2562 /** 2563 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2564 * @vdev: vdev 2565 * @iebuf: ie buffer 2566 * @bssid: bssid mac address to add pmkid in rsnie 2567 * 2568 * This function gets called by mlme to build rsnie from given vdev 2569 * 2570 * Return: end of buffer 2571 */ 2572 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2573 uint8_t *iebuf, 2574 struct qdf_mac_addr *bssid) 2575 { 2576 uint8_t *frm = iebuf; 2577 uint8_t *selcnt; 2578 struct wlan_crypto_comp_priv *crypto_priv; 2579 struct wlan_crypto_params *crypto_params; 2580 2581 if (!frm) { 2582 return NULL; 2583 } 2584 2585 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2586 2587 if (!crypto_params) { 2588 return NULL; 2589 } 2590 2591 *frm++ = WLAN_ELEMID_RSN; 2592 *frm++ = 0; 2593 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2594 2595 2596 /* multicast cipher */ 2597 if (MCIPHER_IS_TKIP(crypto_params)) 2598 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2599 else if (MCIPHER_IS_CCMP128(crypto_params)) 2600 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2601 else if (MCIPHER_IS_CCMP256(crypto_params)) 2602 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2603 else if (MCIPHER_IS_GCMP128(crypto_params)) 2604 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2605 else if (MCIPHER_IS_GCMP256(crypto_params)) 2606 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2607 2608 /* unicast cipher list */ 2609 selcnt = frm; 2610 WLAN_CRYPTO_ADDSHORT(frm, 0); 2611 2612 if (UCIPHER_IS_CCMP256(crypto_params)) { 2613 selcnt[0]++; 2614 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2615 } 2616 if (UCIPHER_IS_GCMP256(crypto_params)) { 2617 selcnt[0]++; 2618 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2619 } 2620 if (UCIPHER_IS_CCMP128(crypto_params)) { 2621 selcnt[0]++; 2622 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2623 } 2624 if (UCIPHER_IS_GCMP128(crypto_params)) { 2625 selcnt[0]++; 2626 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2627 } 2628 if (UCIPHER_IS_TKIP(crypto_params)) { 2629 selcnt[0]++; 2630 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2631 } 2632 2633 /* authenticator selector list */ 2634 selcnt = frm; 2635 WLAN_CRYPTO_ADDSHORT(frm, 0); 2636 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2637 selcnt[0]++; 2638 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2639 /* Other key mgmt should not be added after CCKM */ 2640 goto add_rsn_caps; 2641 } 2642 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2643 selcnt[0]++; 2644 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2645 } 2646 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2647 selcnt[0]++; 2648 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2649 } 2650 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2651 selcnt[0]++; 2652 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2653 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2654 } 2655 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2656 selcnt[0]++; 2657 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2658 } 2659 if (HAS_KEY_MGMT(crypto_params, 2660 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2661 selcnt[0]++; 2662 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2663 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2664 } 2665 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2666 selcnt[0]++; 2667 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2668 } 2669 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2670 selcnt[0]++; 2671 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2672 } 2673 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2674 selcnt[0]++; 2675 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2676 } 2677 if (HAS_KEY_MGMT(crypto_params, 2678 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2679 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2680 2681 selcnt[0]++; 2682 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2683 } 2684 if (HAS_KEY_MGMT(crypto_params, 2685 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2686 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2687 2688 selcnt[0]++; 2689 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2690 } 2691 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2692 selcnt[0]++; 2693 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2694 } 2695 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2696 selcnt[0]++; 2697 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2698 } 2699 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2700 selcnt[0]++; 2701 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2702 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2703 } 2704 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2705 selcnt[0]++; 2706 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2707 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2708 } 2709 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2710 selcnt[0]++; 2711 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2712 } 2713 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 2714 selcnt[0]++; 2715 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 2716 } 2717 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2718 selcnt[0]++; 2719 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 2720 } 2721 add_rsn_caps: 2722 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2723 /* optional capabilities */ 2724 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2725 /* PMK list */ 2726 if (bssid) { 2727 struct wlan_crypto_pmksa *pmksa; 2728 2729 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2730 2731 if (pmksa) { 2732 WLAN_CRYPTO_ADDSHORT(frm, 1); 2733 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2734 frm += PMKID_LEN; 2735 } else { 2736 WLAN_CRYPTO_ADDSHORT(frm, 0); 2737 } 2738 } else 2739 WLAN_CRYPTO_ADDSHORT(frm, 0); 2740 2741 if (HAS_MGMT_CIPHER(crypto_params, 2742 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2743 RSN_ADD_CIPHER_TO_SUITE(frm, 2744 WLAN_CRYPTO_CIPHER_AES_CMAC); 2745 } 2746 if (HAS_MGMT_CIPHER(crypto_params, 2747 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2748 RSN_ADD_CIPHER_TO_SUITE(frm, 2749 WLAN_CRYPTO_CIPHER_AES_GMAC); 2750 } 2751 if (HAS_MGMT_CIPHER(crypto_params, 2752 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2753 RSN_ADD_CIPHER_TO_SUITE(frm, 2754 WLAN_CRYPTO_CIPHER_AES_CMAC_256 2755 ); 2756 } 2757 2758 if (HAS_MGMT_CIPHER(crypto_params, 2759 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2760 RSN_ADD_CIPHER_TO_SUITE(frm, 2761 WLAN_CRYPTO_CIPHER_AES_GMAC_256 2762 ); 2763 } 2764 } else { 2765 /* PMK list */ 2766 if (bssid) { 2767 struct wlan_crypto_pmksa *pmksa; 2768 2769 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2770 if (pmksa) { 2771 WLAN_CRYPTO_ADDSHORT(frm, 1); 2772 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2773 frm += PMKID_LEN; 2774 } else { 2775 WLAN_CRYPTO_ADDSHORT(frm, 0); 2776 } 2777 } 2778 } 2779 2780 /* calculate element length */ 2781 iebuf[1] = frm - iebuf - 2; 2782 2783 return frm; 2784 } 2785 2786 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2787 struct wlan_crypto_params *crypto_params){ 2788 struct wlan_crypto_params *my_crypto_params; 2789 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2790 2791 if (!my_crypto_params) { 2792 crypto_debug("vdev crypto params is NULL"); 2793 return false; 2794 } 2795 /* 2796 * Check peer's pairwise ciphers. 2797 * At least one must match with our unicast cipher 2798 */ 2799 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2800 crypto_debug("Unicast cipher match failed"); 2801 return false; 2802 } 2803 /* 2804 * Check peer's group cipher is our enabled multicast cipher. 2805 */ 2806 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2807 crypto_debug("Multicast cipher match failed"); 2808 return false; 2809 } 2810 /* 2811 * Check peer's key management class set (PSK or UNSPEC) 2812 */ 2813 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 2814 crypto_debug("Key mgmt match failed"); 2815 return false; 2816 } 2817 if (wlan_crypto_vdev_is_pmf_enabled(vdev) && 2818 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2819 crypto_debug("Peer is not PMF capable"); 2820 return false; 2821 } 2822 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 2823 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2824 crypto_debug("Peer needs PMF, but vdev is not capable"); 2825 return false; 2826 } 2827 2828 return true; 2829 } 2830 2831 /* 2832 * Convert an WAPI CIPHER suite to to an internal code. 2833 */ 2834 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2835 { 2836 uint32_t w = LE_READ_4(sel); 2837 int32_t status = -1; 2838 2839 switch (w) { 2840 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2841 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2842 } 2843 2844 return status; 2845 } 2846 2847 /* 2848 * Convert an WAPI key management/authentication algorithm 2849 * to an internal code. 2850 */ 2851 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2852 { 2853 uint32_t w = LE_READ_4(sel); 2854 int32_t status = -1; 2855 2856 switch (w) { 2857 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2858 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2859 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2860 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2861 } 2862 2863 return status; 2864 } 2865 /** 2866 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2867 * @crypto params: crypto params 2868 * @iebuf: ie buffer 2869 * 2870 * This function gets called by mlme to check the contents of wapi is 2871 * matching with given crypto params 2872 * 2873 * Return: QDF_STATUS_SUCCESS - in case of success 2874 */ 2875 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2876 uint8_t *frm) 2877 { 2878 uint8_t len = frm[1]; 2879 int32_t w; 2880 int n; 2881 2882 /* 2883 * Check the length once for fixed parts: OUI, type, 2884 * version, mcast cipher, and 2 selector counts. 2885 * Other, variable-length data, must be checked separately. 2886 */ 2887 RESET_AUTHMODE(crypto_params); 2888 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2889 2890 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2891 return QDF_STATUS_E_INVAL; 2892 2893 2894 frm += 2; 2895 2896 w = LE_READ_2(frm); 2897 frm += 2, len -= 2; 2898 if (w != WAPI_VERSION) 2899 return QDF_STATUS_E_INVAL; 2900 2901 n = LE_READ_2(frm); 2902 frm += 2, len -= 2; 2903 if (len < n*4+2) 2904 return QDF_STATUS_E_INVAL; 2905 2906 RESET_KEY_MGMT(crypto_params); 2907 for (; n > 0; n--) { 2908 w = wlan_crypto_wapi_keymgmt(frm); 2909 if (w < 0) 2910 return QDF_STATUS_E_INVAL; 2911 2912 SET_KEY_MGMT(crypto_params, w); 2913 frm += 4, len -= 4; 2914 } 2915 2916 /* unicast ciphers */ 2917 n = LE_READ_2(frm); 2918 frm += 2, len -= 2; 2919 if (len < n*4+2) 2920 return QDF_STATUS_E_INVAL; 2921 2922 RESET_UCAST_CIPHERS(crypto_params); 2923 for (; n > 0; n--) { 2924 w = wlan_crypto_wapi_suite_to_cipher(frm); 2925 if (w < 0) 2926 return QDF_STATUS_E_INVAL; 2927 SET_UCAST_CIPHER(crypto_params, w); 2928 frm += 4, len -= 4; 2929 } 2930 2931 if (!crypto_params->ucastcipherset) 2932 return QDF_STATUS_E_INVAL; 2933 2934 /* multicast/group cipher */ 2935 RESET_MCAST_CIPHERS(crypto_params); 2936 w = wlan_crypto_wapi_suite_to_cipher(frm); 2937 2938 if (w < 0) 2939 return QDF_STATUS_E_INVAL; 2940 2941 SET_MCAST_CIPHER(crypto_params, w); 2942 frm += 4, len -= 4; 2943 2944 return QDF_STATUS_SUCCESS; 2945 } 2946 2947 /** 2948 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2949 * @vdev: vdev 2950 * @iebuf: ie buffer 2951 * 2952 * This function gets called by mlme to build wapi ie from given vdev 2953 * 2954 * Return: end of buffer 2955 */ 2956 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2957 uint8_t *iebuf) 2958 { 2959 uint8_t *frm; 2960 uint8_t *selcnt; 2961 struct wlan_crypto_comp_priv *crypto_priv; 2962 struct wlan_crypto_params *crypto_params; 2963 2964 frm = iebuf; 2965 if (!frm) { 2966 crypto_err("ie buffer NULL"); 2967 return NULL; 2968 } 2969 2970 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2971 2972 if (!crypto_params) { 2973 crypto_err("crypto_params NULL"); 2974 return NULL; 2975 } 2976 2977 *frm++ = WLAN_ELEMID_WAPI; 2978 *frm++ = 0; 2979 2980 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 2981 2982 /* authenticator selector list */ 2983 selcnt = frm; 2984 WLAN_CRYPTO_ADDSHORT(frm, 0); 2985 2986 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 2987 selcnt[0]++; 2988 WLAN_CRYPTO_ADDSELECTOR(frm, 2989 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 2990 } 2991 2992 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 2993 selcnt[0]++; 2994 WLAN_CRYPTO_ADDSELECTOR(frm, 2995 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 2996 } 2997 2998 /* unicast cipher list */ 2999 selcnt = frm; 3000 WLAN_CRYPTO_ADDSHORT(frm, 0); 3001 3002 if (UCIPHER_IS_SMS4(crypto_params)) { 3003 selcnt[0]++; 3004 WLAN_CRYPTO_ADDSELECTOR(frm, 3005 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3006 } 3007 3008 WLAN_CRYPTO_ADDSELECTOR(frm, 3009 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3010 3011 /* optional capabilities */ 3012 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3013 3014 /* bkid count */ 3015 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3016 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3017 WLAN_CRYPTO_ADDSHORT(frm, 0); 3018 3019 /* calculate element length */ 3020 iebuf[1] = frm - iebuf - 2; 3021 3022 return frm; 3023 3024 } 3025 3026 /** 3027 * wlan_crypto_pn_check - called by data patch for PN check 3028 * @vdev: vdev 3029 * @wbuf: wbuf 3030 * 3031 * This function gets called by data patch for PN check 3032 * 3033 * Return: QDF_STATUS 3034 */ 3035 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3036 qdf_nbuf_t wbuf){ 3037 /* Need to check is there real requirement for this function 3038 * as PN check is already handled in decap function. 3039 */ 3040 return QDF_STATUS_SUCCESS; 3041 } 3042 3043 /** 3044 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3045 * @vdev:vdev 3046 * 3047 * This function gets called by mlme to get crypto params 3048 * 3049 * Return: wlan_crypto_params or NULL in case of failure 3050 */ 3051 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3052 struct wlan_objmgr_vdev *vdev){ 3053 struct wlan_crypto_comp_priv *crypto_priv; 3054 3055 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3056 } 3057 3058 /** 3059 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3060 * @peer:peer 3061 * 3062 * This function gets called by mlme to get crypto params 3063 * 3064 * Return: wlan_crypto_params or NULL in case of failure 3065 */ 3066 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3067 struct wlan_objmgr_peer *peer){ 3068 struct wlan_crypto_comp_priv *crypto_priv; 3069 3070 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3071 } 3072 3073 3074 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3075 struct wlan_objmgr_peer *peer) 3076 { 3077 struct wlan_crypto_comp_priv *crypto_priv; 3078 struct wlan_crypto_comp_priv *sta_crypto_priv; 3079 struct wlan_crypto_params *crypto_params; 3080 struct wlan_crypto_key *key; 3081 struct wlan_crypto_key *sta_key; 3082 struct wlan_crypto_cipher *cipher_table; 3083 struct wlan_objmgr_psoc *psoc; 3084 uint8_t *mac_addr; 3085 int i; 3086 enum QDF_OPMODE opmode; 3087 3088 if (!vdev) 3089 return QDF_STATUS_E_NULL_VALUE; 3090 3091 if (!peer) { 3092 crypto_err("peer NULL"); 3093 return QDF_STATUS_E_INVAL; 3094 } 3095 3096 opmode = wlan_vdev_mlme_get_opmode(vdev); 3097 psoc = wlan_vdev_get_psoc(vdev); 3098 3099 if (!psoc) { 3100 crypto_err("psoc NULL"); 3101 return QDF_STATUS_E_NULL_VALUE; 3102 } 3103 3104 wlan_peer_obj_lock(peer); 3105 mac_addr = wlan_peer_get_macaddr(peer); 3106 wlan_peer_obj_unlock(peer); 3107 3108 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3109 &crypto_priv); 3110 if (crypto_priv == NULL) { 3111 crypto_err("crypto_priv NULL"); 3112 return QDF_STATUS_E_NULL_VALUE; 3113 } 3114 3115 /* push only valid static WEP keys from vap */ 3116 if (AUTH_IS_8021X(crypto_params)) 3117 return QDF_STATUS_E_INVAL; 3118 3119 if (opmode == QDF_STA_MODE) { 3120 peer = wlan_vdev_get_bsspeer(vdev); 3121 if (!peer) { 3122 crypto_err("peer NULL"); 3123 return QDF_STATUS_E_INVAL; 3124 } 3125 } 3126 3127 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3128 if (sta_crypto_priv == NULL) { 3129 crypto_err("sta priv is null"); 3130 return QDF_STATUS_E_INVAL; 3131 } 3132 3133 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3134 if (crypto_priv->key[i]) { 3135 key = crypto_priv->key[i]; 3136 if (!key || !key->valid) 3137 continue; 3138 3139 cipher_table = (struct wlan_crypto_cipher *) 3140 key->cipher_table; 3141 3142 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3143 sta_key = qdf_mem_malloc( 3144 sizeof(struct wlan_crypto_key)); 3145 if (!sta_key) { 3146 crypto_err("key alloc failed"); 3147 return QDF_STATUS_E_NOMEM; 3148 } 3149 sta_crypto_priv->key[i] = sta_key; 3150 qdf_mem_copy(sta_key, key, 3151 sizeof(struct wlan_crypto_key)); 3152 3153 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3154 3155 if (crypto_priv->def_tx_keyid == i) { 3156 sta_key->flags 3157 |= WLAN_CRYPTO_KEY_DEFAULT; 3158 sta_crypto_priv->def_tx_keyid = 3159 crypto_priv->def_tx_keyid; 3160 } 3161 /* setting the broadcast/multicast key for sta*/ 3162 if (opmode == QDF_STA_MODE || 3163 opmode == QDF_IBSS_MODE){ 3164 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3165 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 3166 vdev, sta_key, mac_addr, 3167 cipher_table->cipher); 3168 } 3169 } 3170 3171 /* setting unicast key */ 3172 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3173 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3174 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 3175 sta_key, mac_addr, 3176 cipher_table->cipher); 3177 } 3178 } 3179 } 3180 } 3181 3182 return QDF_STATUS_SUCCESS; 3183 } 3184 3185 /** 3186 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3187 * @crypto_rx_ops: crypto_rx_ops 3188 * 3189 * This function gets called by object manger to register crypto rx ops. 3190 * 3191 * Return: QDF_STATUS 3192 */ 3193 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3194 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3195 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3196 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3197 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3198 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3199 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3200 3201 return QDF_STATUS_SUCCESS; 3202 } 3203 3204 /** 3205 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3206 * @psoc: psoc 3207 * 3208 * This function gets called by umac to get the crypto_rx_ops 3209 * 3210 * Return: crypto_rx_ops 3211 */ 3212 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3213 struct wlan_objmgr_psoc *psoc) 3214 { 3215 3216 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 3217 } 3218 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3219 3220 /** 3221 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3222 * @vdev: vdev 3223 * @authvalue: authvalue to be checked 3224 * 3225 * This function check is authvalue passed is set in vdev or not 3226 * 3227 * Return: true or false 3228 */ 3229 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3230 wlan_crypto_auth_mode authvalue) 3231 { 3232 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 3233 & authvalue; 3234 } 3235 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3236 3237 /** 3238 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3239 * @peer: peer 3240 * @authvalue: authvalue to be checked 3241 * 3242 * This function check is authvalue passed is set in peer or not 3243 * 3244 * Return: true or false 3245 */ 3246 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3247 wlan_crypto_auth_mode authvalue) 3248 { 3249 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3250 & authvalue; 3251 } 3252 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3253 3254 /** 3255 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3256 * @vdev: vdev 3257 * @ucastcipher: ucastcipher to be checked 3258 * 3259 * This function check is ucastcipher passed is set in vdev or not 3260 * 3261 * Return: true or false 3262 */ 3263 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3264 wlan_crypto_cipher_type ucastcipher) 3265 { 3266 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3267 & ucastcipher; 3268 } 3269 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3270 3271 /** 3272 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3273 * @peer: peer 3274 * @ucastcipher: ucastcipher to be checked 3275 * 3276 * This function check is ucastcipher passed is set in peer or not 3277 * 3278 * Return: true or false 3279 */ 3280 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3281 wlan_crypto_cipher_type ucastcipher) 3282 { 3283 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3284 & ucastcipher; 3285 } 3286 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3287 3288 /** 3289 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3290 * @vdev: vdev 3291 * @mcastcipher: mcastcipher to be checked 3292 * 3293 * This function check is mcastcipher passed is set in vdev or not 3294 * 3295 * Return: true or false 3296 */ 3297 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3298 wlan_crypto_cipher_type mcastcipher) 3299 { 3300 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3301 & mcastcipher; 3302 } 3303 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3304 3305 /** 3306 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3307 * @peer: peer 3308 * @mcastcipher: mcastcipher to be checked 3309 * 3310 * This function check is mcastcipher passed is set in peer or not 3311 * 3312 * Return: true or false 3313 */ 3314 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3315 wlan_crypto_cipher_type mcastcipher) 3316 { 3317 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3318 & mcastcipher; 3319 } 3320 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3321 3322 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3323 { 3324 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3325 3326 if (!peer) { 3327 crypto_err("Invalid Input"); 3328 return 0; 3329 } 3330 3331 crypto_priv = wlan_get_peer_crypto_obj(peer); 3332 if (!crypto_priv) { 3333 crypto_err("crypto_priv NULL"); 3334 return 0; 3335 } 3336 3337 return crypto_priv->fils_aead_set; 3338 } 3339 3340 void 3341 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3342 { 3343 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3344 3345 if (!peer) { 3346 crypto_err("Invalid Input"); 3347 return; 3348 } 3349 3350 crypto_priv = wlan_get_peer_crypto_obj(peer); 3351 if (!crypto_priv) { 3352 crypto_err("crypto_priv NULL"); 3353 return; 3354 } 3355 3356 crypto_priv->fils_aead_set = value; 3357 } 3358 3359 /** 3360 * wlan_crypto_get_key_header - get header length 3361 * @key: key 3362 * 3363 * This function gets header length based on keytype 3364 * 3365 * Return: header length 3366 */ 3367 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3368 { 3369 struct wlan_crypto_cipher *cipher_table; 3370 3371 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3372 if (cipher_table) 3373 return cipher_table->header; 3374 else 3375 return 0; 3376 } 3377 3378 qdf_export_symbol(wlan_crypto_get_key_header); 3379 3380 /** 3381 * wlan_crypto_get_key_trailer - get cipher trailer length 3382 * @key: key 3383 * 3384 * This function gets cipher trailer length based on keytype 3385 * 3386 * Return: cipher trailer length 3387 */ 3388 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3389 { 3390 struct wlan_crypto_cipher *cipher_table; 3391 3392 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3393 if (cipher_table) 3394 return cipher_table->trailer; 3395 else 3396 return 0; 3397 } 3398 3399 qdf_export_symbol(wlan_crypto_get_key_trailer); 3400 3401 /** 3402 * wlan_crypto_get_key_miclen - get cipher miclen length 3403 * @key: key 3404 * 3405 * This function gets cipher miclen length based on keytype 3406 * 3407 * Return: cipher miclen length 3408 */ 3409 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3410 { 3411 struct wlan_crypto_cipher *cipher_table; 3412 3413 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3414 if (cipher_table) 3415 return cipher_table->miclen; 3416 else 3417 return 0; 3418 } 3419 3420 qdf_export_symbol(wlan_crypto_get_key_miclen); 3421 3422 /** 3423 * wlan_crypto_get_keyid - get keyid from frame 3424 * @data: frame 3425 * 3426 * This function parse frame and returns keyid 3427 * 3428 * Return: keyid 3429 */ 3430 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3431 { 3432 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3433 uint8_t *iv; 3434 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3435 3436 /* 3437 * In FILS SK (Re)Association request/response frame has 3438 * to be decrypted 3439 */ 3440 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3441 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3442 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3443 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3444 return 0; 3445 } 3446 3447 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3448 iv = data + hdrlen; 3449 /* 3450 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3451 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3452 */ 3453 return ((iv[3] >> 6) & 0x3); 3454 } else { 3455 return WLAN_CRYPTO_KEYIX_NONE; 3456 } 3457 } 3458 3459 qdf_export_symbol(wlan_crypto_get_keyid); 3460 3461 /** 3462 * crypto_plumb_peer_keys - called during radio reset 3463 * @vdev: vdev 3464 * @object: peer 3465 * @arg: psoc 3466 * 3467 * Restore unicast and persta hardware keys 3468 * 3469 * Return: void 3470 */ 3471 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3472 void *object, void *arg) { 3473 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3474 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3475 struct wlan_crypto_comp_priv *crypto_priv; 3476 struct wlan_crypto_params *crypto_params; 3477 struct wlan_crypto_key *key = NULL; 3478 int i; 3479 3480 if ((NULL == peer) || (NULL == vdev) || (NULL == psoc)) { 3481 crypto_err("Peer or vdev or psoc objects are null!"); 3482 return; 3483 } 3484 3485 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3486 &crypto_priv); 3487 3488 if (!crypto_priv) { 3489 crypto_err("crypto_priv NULL"); 3490 return; 3491 } 3492 3493 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3494 key = crypto_priv->key[i]; 3495 if (key && key->valid) { 3496 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3497 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3498 ( 3499 vdev, 3500 key, 3501 wlan_peer_get_macaddr(peer), 3502 wlan_crypto_get_key_type(key) 3503 ); 3504 } 3505 } 3506 } 3507 } 3508 3509 /** 3510 * wlan_crypto_restore_keys - called during radio reset 3511 * @vdev: vdev 3512 * 3513 * Clear and restore keycache, needed for some DA chipsets which put 3514 * random values in keycache when phy reset is triggered 3515 * 3516 * Return: void 3517 */ 3518 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3519 { 3520 int i; 3521 struct wlan_crypto_comp_priv *crypto_priv; 3522 struct wlan_crypto_params *crypto_params; 3523 struct wlan_crypto_key *key; 3524 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3525 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3526 struct wlan_objmgr_pdev *pdev = NULL; 3527 struct wlan_objmgr_psoc *psoc = NULL; 3528 3529 pdev = wlan_vdev_get_pdev(vdev); 3530 psoc = wlan_vdev_get_psoc(vdev); 3531 if (NULL == pdev) { 3532 crypto_err("pdev is NULL"); 3533 return; 3534 } 3535 if (NULL == psoc) { 3536 crypto_err("psoc is NULL"); 3537 return; 3538 } 3539 3540 /* TBD: QWRAP key restore*/ 3541 /* crypto is on */ 3542 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3543 /* restore static shared keys */ 3544 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3545 crypto_params = wlan_crypto_vdev_get_comp_params 3546 ( 3547 vdev, 3548 &crypto_priv 3549 ); 3550 if (!crypto_priv) { 3551 crypto_err("crypto_priv is NULL"); 3552 return; 3553 } 3554 key = crypto_priv->key[i]; 3555 if (key && key->valid) { 3556 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3557 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3558 ( 3559 vdev, 3560 key, 3561 macaddr, 3562 wlan_crypto_get_key_type(key) 3563 ); 3564 } 3565 } 3566 } 3567 3568 wlan_objmgr_iterate_peerobj_list(vdev, 3569 crypto_plumb_peer_keys, 3570 psoc, 3571 WLAN_CRYPTO_ID); 3572 } 3573 } 3574 3575 /** 3576 * wlan_crypto_check_open_none - called by ucfg to check for open security 3577 * @psoc: psoc pointer 3578 * @vdev_id: vdev id 3579 * 3580 * This function gets called from ucfg to check open security. 3581 * 3582 * Return: true or false 3583 */ 3584 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3585 { 3586 struct wlan_crypto_comp_priv *crypto_priv; 3587 struct wlan_crypto_params *crypto_params; 3588 struct wlan_objmgr_vdev *vdev; 3589 bool match = true; 3590 3591 if (!psoc) { 3592 crypto_err("PSOC is NULL"); 3593 return false; 3594 } 3595 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3596 WLAN_CRYPTO_ID); 3597 if (!vdev) { 3598 crypto_err("vdev is NULL"); 3599 return false; 3600 } 3601 3602 crypto_priv = (struct wlan_crypto_comp_priv *) 3603 wlan_get_vdev_crypto_obj(vdev); 3604 3605 if (!crypto_priv) { 3606 crypto_err("crypto_priv NULL"); 3607 match = false; 3608 goto send_res; 3609 } 3610 3611 crypto_params = &crypto_priv->crypto_params; 3612 3613 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 3614 match = false; 3615 goto send_res; 3616 } 3617 3618 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3619 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 3620 match = false; 3621 3622 send_res: 3623 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3624 3625 return match; 3626 } 3627 3628 /** 3629 * wlan_crypto_check_wep - called by ucfg to check for WEP security 3630 * @psoc: psoc pointer 3631 * @vdev_id: vdev id 3632 * 3633 * This function gets called from ucfg to check WEP security. 3634 * 3635 * Return: true or false 3636 */ 3637 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3638 { 3639 struct wlan_crypto_comp_priv *crypto_priv; 3640 struct wlan_crypto_params *crypto_params; 3641 struct wlan_objmgr_vdev *vdev; 3642 bool match = true; 3643 3644 if (!psoc) { 3645 crypto_err("PSOC is NULL"); 3646 return false; 3647 } 3648 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3649 WLAN_CRYPTO_ID); 3650 if (!vdev) { 3651 crypto_err("vdev is NULL"); 3652 return false; 3653 } 3654 3655 crypto_priv = (struct wlan_crypto_comp_priv *) 3656 wlan_get_vdev_crypto_obj(vdev); 3657 3658 if (!crypto_priv) { 3659 crypto_err("crypto_priv NULL"); 3660 match = false; 3661 goto send_res; 3662 } 3663 3664 crypto_params = &crypto_priv->crypto_params; 3665 3666 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3667 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3668 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3669 match = false; 3670 goto send_res; 3671 } 3672 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3673 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3674 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3675 match = false; 3676 goto send_res; 3677 } 3678 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 3679 match = false; 3680 goto send_res; 3681 } 3682 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3683 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 3684 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 3685 match = false; 3686 } 3687 send_res: 3688 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3689 3690 return match; 3691 } 3692 3693 static QDF_STATUS 3694 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 3695 uint8_t *ie_ptr, uint16_t ie_len) 3696 { 3697 const uint8_t *rsn_ie = NULL; 3698 QDF_STATUS status; 3699 3700 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3701 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 3702 if (!rsn_ie) { 3703 crypto_err("RSN IE NULL"); 3704 return QDF_STATUS_E_INVAL; 3705 } 3706 3707 status = wlan_crypto_rsnie_check(crypto_params, (uint8_t *)rsn_ie); 3708 if (QDF_STATUS_SUCCESS != status) { 3709 crypto_err("RSN IE check failed"); 3710 return status; 3711 } 3712 3713 return QDF_STATUS_SUCCESS; 3714 } 3715 3716 static QDF_STATUS 3717 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 3718 uint8_t *ie_ptr, uint16_t ie_len) 3719 { 3720 const uint8_t *wpa_ie = NULL; 3721 uint32_t wpa_oui; 3722 QDF_STATUS status; 3723 3724 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3725 3726 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 3727 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 3728 WLAN_OUI_SIZE, ie_ptr, ie_len); 3729 if (!wpa_ie) { 3730 crypto_err("WPA IE NULL"); 3731 return QDF_STATUS_E_INVAL; 3732 } 3733 3734 status = wlan_crypto_wpaie_check(crypto_params, (uint8_t *)wpa_ie); 3735 if (QDF_STATUS_SUCCESS != status) { 3736 crypto_err("WPA IE check failed"); 3737 return status; 3738 } 3739 3740 return QDF_STATUS_SUCCESS; 3741 } 3742 /** 3743 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 3744 * @psoc: psoc pointer 3745 * @vdev_id: vdev id 3746 * @ie_ptr: pointer to IEs 3747 * @ie_len: IE length 3748 * 3749 * This function gets called from ucfg to check RSN match. 3750 * 3751 * Return: true or false 3752 */ 3753 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 3754 uint8_t vdev_id, uint8_t *ie_ptr, 3755 uint16_t ie_len) 3756 { 3757 struct wlan_crypto_params peer_crypto_params; 3758 struct wlan_objmgr_vdev *vdev; 3759 bool match = true; 3760 QDF_STATUS status; 3761 3762 if (!psoc) { 3763 crypto_err("PSOC is NULL"); 3764 return false; 3765 } 3766 status = wlan_get_crypto_params_from_rsn_ie(&peer_crypto_params, 3767 ie_ptr, ie_len); 3768 if (QDF_STATUS_SUCCESS != status) { 3769 crypto_err("get crypto prarams from RSN IE failed"); 3770 return false; 3771 } 3772 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3773 WLAN_CRYPTO_ID); 3774 if (!vdev) { 3775 crypto_err("vdev is NULL"); 3776 return false; 3777 } 3778 3779 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3780 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3781 3782 return match; 3783 } 3784 3785 /** 3786 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 3787 * @psoc: psoc pointer 3788 * @vdev_id: vdev id 3789 * @ie_ptr: pointer to IEs 3790 * @ie_len: IE length 3791 * 3792 * This function gets called from ucfg to check WPA match. 3793 * 3794 * Return: true or false 3795 */ 3796 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 3797 uint8_t vdev_id, uint8_t *ie_ptr, 3798 uint16_t ie_len) 3799 { 3800 struct wlan_crypto_params peer_crypto_params; 3801 struct wlan_objmgr_vdev *vdev; 3802 bool match = true; 3803 QDF_STATUS status; 3804 3805 if (!psoc) { 3806 crypto_err("PSOC is NULL"); 3807 return false; 3808 } 3809 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3810 WLAN_CRYPTO_ID); 3811 if (!vdev) { 3812 crypto_err("vdev is NULL"); 3813 return false; 3814 } 3815 3816 status = wlan_get_crypto_params_from_wpa_ie(&peer_crypto_params, 3817 ie_ptr, ie_len); 3818 if (QDF_STATUS_SUCCESS != status) { 3819 crypto_err("get crypto prarams from WPA IE failed"); 3820 match = false; 3821 goto send_res; 3822 } 3823 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3824 send_res: 3825 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3826 3827 return match; 3828 } 3829 3830 3831 static void 3832 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 3833 struct wlan_crypto_params *src_params) 3834 { 3835 dst_params->authmodeset |= src_params->authmodeset; 3836 dst_params->ucastcipherset |= src_params->ucastcipherset; 3837 dst_params->mcastcipherset |= src_params->mcastcipherset; 3838 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 3839 dst_params->cipher_caps |= src_params->cipher_caps; 3840 dst_params->key_mgmt |= src_params->key_mgmt; 3841 dst_params->rsn_caps |= src_params->rsn_caps; 3842 } 3843 3844 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 3845 uint8_t *ie_ptr, 3846 uint16_t ie_len) 3847 { 3848 struct wlan_crypto_params crypto_params; 3849 QDF_STATUS status; 3850 struct wlan_crypto_params *vdev_crypto_params; 3851 struct wlan_crypto_comp_priv *crypto_priv; 3852 bool send_fail = false; 3853 3854 if (!vdev) { 3855 crypto_err("VDEV is NULL"); 3856 return QDF_STATUS_E_FAILURE; 3857 } 3858 3859 if (!ie_ptr) { 3860 crypto_err("IE ptr is NULL"); 3861 return QDF_STATUS_E_FAILURE; 3862 } 3863 3864 crypto_priv = (struct wlan_crypto_comp_priv *) 3865 wlan_get_vdev_crypto_obj(vdev); 3866 3867 if (!crypto_priv) { 3868 crypto_err("crypto_priv NULL"); 3869 return QDF_STATUS_E_FAILURE; 3870 } 3871 3872 vdev_crypto_params = &crypto_priv->crypto_params; 3873 3874 qdf_mem_zero(vdev_crypto_params, sizeof(struct wlan_crypto_params)); 3875 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 3876 ie_ptr, ie_len); 3877 if (QDF_STATUS_SUCCESS == status) { 3878 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 3879 } else { 3880 crypto_err("get crypto prarams from RSN IE failed"); 3881 send_fail = true; 3882 } 3883 3884 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 3885 ie_ptr, ie_len); 3886 if (QDF_STATUS_SUCCESS == status) { 3887 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 3888 send_fail = false; 3889 } else { 3890 crypto_err("get crypto prarams from WPA IE failed"); 3891 } 3892 3893 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 3894 } 3895 3896 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 3897 { 3898 struct wlan_crypto_comp_priv *crypto_priv; 3899 3900 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 3901 if (!crypto_priv) { 3902 crypto_err("crypto_priv NULL"); 3903 return QDF_STATUS_E_FAILURE; 3904 } 3905 3906 if (igtk) 3907 return crypto_priv->def_igtk_tx_keyid; 3908 else 3909 return crypto_priv->def_tx_keyid; 3910 } 3911 3912 enum wlan_crypto_cipher_type 3913 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 3914 bool pairwise, uint8_t key_index) 3915 { 3916 struct wlan_crypto_key *crypto_key; 3917 3918 crypto_key = wlan_crypto_get_key(vdev, key_index); 3919 3920 if (crypto_key) 3921 return crypto_key->cipher_type; 3922 else 3923 return WLAN_CRYPTO_CIPHER_INVALID; 3924 } 3925 3926 #ifdef CRYPTO_SET_KEY_CONVERGED 3927 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 3928 uint8_t key_index, uint8_t key_len, 3929 uint8_t seq_len) 3930 { 3931 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 3932 crypto_err("Invalid Key index %d", key_index); 3933 return QDF_STATUS_E_INVAL; 3934 } 3935 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 3936 crypto_err("Invalid Cipher %d", cipher); 3937 return QDF_STATUS_E_INVAL; 3938 } 3939 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 3940 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 3941 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 3942 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 3943 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 3944 crypto_err("Invalid key index %d for cipher %d", 3945 key_index, cipher); 3946 return QDF_STATUS_E_INVAL; 3947 } 3948 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 3949 crypto_err("Invalid key length %d", key_len); 3950 return QDF_STATUS_E_INVAL; 3951 } 3952 3953 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 3954 crypto_err("Invalid seq length %d", seq_len); 3955 return QDF_STATUS_E_INVAL; 3956 } 3957 3958 crypto_debug("key: idx:%d, len:%d, seq len:%d", 3959 key_index, key_len, seq_len); 3960 3961 return QDF_STATUS_SUCCESS; 3962 } 3963 3964 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 3965 uint8_t key_index, 3966 struct wlan_crypto_key *crypto_key) 3967 { 3968 struct wlan_crypto_comp_priv *crypto_priv; 3969 3970 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 3971 if (!crypto_priv) { 3972 crypto_err("crypto_priv NULL"); 3973 return QDF_STATUS_E_FAILURE; 3974 } 3975 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 3976 crypto_err("Invalid Key index %d", key_index); 3977 return QDF_STATUS_E_FAILURE; 3978 } 3979 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 3980 crypto_priv->key[key_index] = crypto_key; 3981 else 3982 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 3983 crypto_key; 3984 3985 return QDF_STATUS_SUCCESS; 3986 } 3987 3988 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 3989 uint8_t key_index) 3990 { 3991 struct wlan_crypto_comp_priv *crypto_priv; 3992 3993 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 3994 if (!crypto_priv) { 3995 crypto_err("crypto_priv NULL"); 3996 return NULL; 3997 } 3998 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 3999 crypto_err("Invalid Key index %d", key_index); 4000 return NULL; 4001 } 4002 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4003 return crypto_priv->key[key_index]; 4004 4005 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4006 } 4007 4008 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4009 struct wlan_crypto_key *req, 4010 enum wlan_crypto_key_type key_type) 4011 { 4012 struct wlan_objmgr_psoc *psoc; 4013 4014 psoc = wlan_vdev_get_psoc(vdev); 4015 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)) 4016 WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)(vdev, req, key_type); 4017 else 4018 return QDF_STATUS_E_FAILURE; 4019 4020 return QDF_STATUS_SUCCESS; 4021 } 4022 4023 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4024 bool pairwise, uint8_t key_index, 4025 struct qdf_mac_addr *peer_mac) 4026 { 4027 struct wlan_crypto_key *crypto_key; 4028 4029 crypto_key = wlan_crypto_get_key(vdev, key_index); 4030 if (!crypto_key) { 4031 crypto_err("crypto_key not present for key_idx %d", key_index); 4032 return; 4033 } 4034 4035 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4036 } 4037 #endif 4038