1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 #include <qdf_types.h> 23 #include <wlan_cmn.h> 24 #include <wlan_objmgr_cmn.h> 25 #include <wlan_objmgr_global_obj.h> 26 #include <wlan_objmgr_psoc_obj.h> 27 #include <wlan_objmgr_pdev_obj.h> 28 #include <wlan_objmgr_vdev_obj.h> 29 #include <wlan_objmgr_peer_obj.h> 30 31 #include "wlan_crypto_global_def.h" 32 #include "wlan_crypto_global_api.h" 33 #include "wlan_crypto_def_i.h" 34 #include "wlan_crypto_param_handling_i.h" 35 #include "wlan_crypto_obj_mgr_i.h" 36 37 #include <qdf_module.h> 38 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 /** 43 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 44 * @vdev:vdev 45 * 46 * This function gets called by mlme to get crypto params 47 * 48 * Return: wlan_crypto_params or NULL in case of failure 49 */ 50 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 51 struct wlan_objmgr_vdev *vdev, 52 struct wlan_crypto_comp_priv **crypto_priv){ 53 *crypto_priv = (struct wlan_crypto_comp_priv *) 54 wlan_get_vdev_crypto_obj(vdev); 55 if (*crypto_priv == NULL) { 56 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 57 return NULL; 58 } 59 60 return &((*crypto_priv)->crypto_params); 61 } 62 63 /** 64 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 65 * @peer:peer 66 * 67 * This function gets called by mlme to get crypto params 68 * 69 * Return: wlan_crypto_params or NULL in case of failure 70 */ 71 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 72 struct wlan_objmgr_peer *peer, 73 struct wlan_crypto_comp_priv **crypto_priv){ 74 75 *crypto_priv = (struct wlan_crypto_comp_priv *) 76 wlan_get_peer_crypto_obj(peer); 77 if (*crypto_priv == NULL) { 78 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 79 return NULL; 80 } 81 82 return &((*crypto_priv)->crypto_params); 83 } 84 85 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 86 { 87 return QDF_STATUS_SUCCESS; 88 } 89 90 /** 91 * wlan_crypto_set_param - called by ucfg to set crypto param 92 * @crypto_params: crypto_params 93 * @param: param to be set. 94 * @value: value 95 * 96 * This function gets called from ucfg to set param 97 * 98 * Return: QDF_STATUS_SUCCESS - in case of success 99 */ 100 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 101 wlan_crypto_param_type param, 102 uint32_t value){ 103 QDF_STATUS status = QDF_STATUS_E_INVAL; 104 105 switch (param) { 106 case WLAN_CRYPTO_PARAM_AUTH_MODE: 107 status = wlan_crypto_set_authmode(crypto_params, value); 108 break; 109 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 110 status = wlan_crypto_set_ucastciphers(crypto_params, value); 111 break; 112 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 113 status = wlan_crypto_set_mcastcipher(crypto_params, value); 114 break; 115 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 116 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 117 break; 118 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 119 status = wlan_crypto_set_cipher_cap(crypto_params, value); 120 break; 121 case WLAN_CRYPTO_PARAM_RSN_CAP: 122 status = wlan_crypto_set_rsn_cap(crypto_params, value); 123 break; 124 case WLAN_CRYPTO_PARAM_KEY_MGMT: 125 status = wlan_crypto_set_key_mgmt(crypto_params, value); 126 break; 127 default: 128 status = QDF_STATUS_E_INVAL; 129 } 130 return status; 131 } 132 133 /** 134 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 135 * @vdev: vdev 136 * @param: param to be set. 137 * @value: value 138 * 139 * This function gets called from ucfg to set param 140 * 141 * Return: QDF_STATUS_SUCCESS - in case of success 142 */ 143 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 144 wlan_crypto_param_type param, 145 uint32_t value){ 146 QDF_STATUS status = QDF_STATUS_E_INVAL; 147 struct wlan_crypto_comp_priv *crypto_priv; 148 struct wlan_crypto_params *crypto_params; 149 150 crypto_priv = (struct wlan_crypto_comp_priv *) 151 wlan_get_vdev_crypto_obj(vdev); 152 153 if (crypto_priv == NULL) { 154 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 155 return QDF_STATUS_E_INVAL; 156 } 157 158 crypto_params = &(crypto_priv->crypto_params); 159 160 status = wlan_crypto_set_param(crypto_params, param, value); 161 162 return status; 163 } 164 165 /** 166 * wlan_crypto_set_param - called by ucfg to set crypto param 167 * 168 * @peer: peer 169 * @param: param to be set. 170 * @value: value 171 * 172 * This function gets called from ucfg to set param 173 * 174 * Return: QDF_STATUS_SUCCESS - in case of success 175 */ 176 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 177 wlan_crypto_param_type param, 178 uint32_t value){ 179 QDF_STATUS status = QDF_STATUS_E_INVAL; 180 struct wlan_crypto_comp_priv *crypto_priv; 181 struct wlan_crypto_params *crypto_params; 182 183 crypto_params = wlan_crypto_peer_get_comp_params(peer, 184 &crypto_priv); 185 186 if (crypto_priv == NULL) { 187 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 188 return QDF_STATUS_E_INVAL; 189 } 190 191 crypto_params = &(crypto_priv->crypto_params); 192 193 status = wlan_crypto_set_param(crypto_params, param, value); 194 195 return status; 196 } 197 198 /** 199 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 200 * @param: Crypto param type 201 * @crypto_params: Crypto params struct 202 * 203 * This function gets called from in-within crypto layer 204 * 205 * Return: value or -1 for failure 206 */ 207 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 208 struct wlan_crypto_params *crypto_params) 209 { 210 int32_t value = -1; 211 212 switch (param) { 213 case WLAN_CRYPTO_PARAM_AUTH_MODE: 214 value = wlan_crypto_get_authmode(crypto_params); 215 break; 216 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 217 value = wlan_crypto_get_ucastciphers(crypto_params); 218 break; 219 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 220 value = wlan_crypto_get_mcastcipher(crypto_params); 221 break; 222 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 223 value = wlan_crypto_get_mgmtciphers(crypto_params); 224 break; 225 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 226 value = wlan_crypto_get_cipher_cap(crypto_params); 227 break; 228 case WLAN_CRYPTO_PARAM_RSN_CAP: 229 value = wlan_crypto_get_rsn_cap(crypto_params); 230 break; 231 case WLAN_CRYPTO_PARAM_KEY_MGMT: 232 value = wlan_crypto_get_key_mgmt(crypto_params); 233 break; 234 default: 235 value = QDF_STATUS_E_INVAL; 236 } 237 238 return value; 239 } 240 241 /** 242 * wlan_crypto_get_param - called to get value for param from vdev 243 * @vdev: vdev 244 * @param: Crypto param type 245 * 246 * This function gets called to get value for param from vdev 247 * 248 * Return: value or -1 for failure 249 */ 250 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 251 wlan_crypto_param_type param) 252 { 253 int32_t value = -1; 254 struct wlan_crypto_comp_priv *crypto_priv; 255 struct wlan_crypto_params *crypto_params; 256 crypto_priv = (struct wlan_crypto_comp_priv *) 257 wlan_get_vdev_crypto_obj(vdev); 258 259 if (crypto_priv == NULL) { 260 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 261 return QDF_STATUS_E_INVAL; 262 } 263 264 crypto_params = &(crypto_priv->crypto_params); 265 value = wlan_crypto_get_param_value(param, crypto_params); 266 267 return value; 268 } 269 /** 270 * wlan_crypto_get_peer_param - called to get value for param from peer 271 * @peer: peer 272 * @param: Crypto param type 273 * 274 * This function gets called to get value for param from peer 275 * 276 * Return: value or -1 for failure 277 */ 278 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 279 wlan_crypto_param_type param) 280 { 281 int32_t value = -1; 282 struct wlan_crypto_comp_priv *crypto_priv; 283 struct wlan_crypto_params *crypto_params; 284 285 crypto_params = wlan_crypto_peer_get_comp_params(peer, 286 &crypto_priv); 287 288 if (crypto_params == NULL) { 289 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 290 return QDF_STATUS_E_INVAL; 291 } 292 value = wlan_crypto_get_param_value(param, crypto_params); 293 294 return value; 295 } 296 qdf_export_symbol(wlan_crypto_get_peer_param); 297 /** 298 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 299 * @vdev: vdev 300 * @peer: peer 301 * 302 * This function gets called to check is HT allowed for cipher. 303 * HT is not allowed for wep and tkip. 304 * 305 * Return: 0 - not allowed or 1 - allowed 306 */ 307 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 308 struct wlan_objmgr_peer *peer) 309 { 310 int32_t ucast_cipher; 311 312 if (!(vdev || peer)) { 313 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 314 return 0; 315 } 316 317 if (vdev) 318 ucast_cipher = wlan_crypto_get_param(vdev, 319 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 320 else 321 ucast_cipher = wlan_crypto_get_peer_param(peer, 322 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 323 324 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 325 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 326 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 327 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 328 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 329 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 330 } 331 qdf_export_symbol(wlan_crypto_is_htallowed); 332 333 /** 334 * wlan_crypto_setkey - called by ucfg to setkey 335 * @vdev: vdev 336 * @req_key: req_key with cipher type, key macaddress 337 * 338 * This function gets called from ucfg to sey key 339 * 340 * Return: QDF_STATUS_SUCCESS - in case of success 341 */ 342 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 343 struct wlan_crypto_req_key *req_key){ 344 345 QDF_STATUS status = QDF_STATUS_E_INVAL; 346 struct wlan_crypto_comp_priv *crypto_priv; 347 struct wlan_crypto_params *crypto_params; 348 struct wlan_objmgr_psoc *psoc; 349 struct wlan_objmgr_peer *peer; 350 struct wlan_crypto_key *key = NULL; 351 const struct wlan_crypto_cipher *cipher; 352 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 353 bool isbcast; 354 enum QDF_OPMODE vdev_mode; 355 uint8_t igtk_idx = 0; 356 357 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 358 qdf_print("%s[%d] Invalid params vdev%pK, req_key%pK\n", 359 __func__, __LINE__, vdev, req_key); 360 return QDF_STATUS_E_INVAL; 361 } 362 363 isbcast = qdf_is_macaddr_group( 364 (struct qdf_mac_addr *)req_key->macaddr); 365 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 366 /* zero length keys, only set default key id if flags are set*/ 367 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 368 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 369 && (!IS_MGMT_CIPHER(req_key->type))) { 370 wlan_crypto_default_key(vdev, 371 req_key->macaddr, 372 req_key->keyix, 373 !isbcast); 374 return QDF_STATUS_SUCCESS; 375 } 376 qdf_print("%s[%d] req_key len zero\n", __func__, __LINE__); 377 return QDF_STATUS_E_INVAL; 378 } 379 380 cipher = wlan_crypto_cipher_ops[req_key->type]; 381 382 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 383 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 384 return QDF_STATUS_E_INVAL; 385 } 386 387 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 388 (!IS_MGMT_CIPHER(req_key->type)) && 389 ((req_key->keylen != (cipher->keylen / NBBY)) && 390 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 391 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 392 return QDF_STATUS_E_INVAL; 393 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 394 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 395 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 396 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 397 qdf_print("%s[%d] wep key len invalid\n", __func__, __LINE__); 398 return QDF_STATUS_E_INVAL; 399 } 400 401 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 402 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 403 | WLAN_CRYPTO_KEY_RECV)) { 404 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 405 | WLAN_CRYPTO_KEY_RECV); 406 } 407 } else { 408 if ((req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX) 409 && (!IS_MGMT_CIPHER(req_key->type))) { 410 return QDF_STATUS_E_INVAL; 411 } 412 413 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 414 | WLAN_CRYPTO_KEY_RECV); 415 if (isbcast) 416 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 417 } 418 419 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 420 421 wlan_vdev_obj_lock(vdev); 422 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 423 psoc = wlan_vdev_get_psoc(vdev); 424 if (!psoc) { 425 wlan_vdev_obj_unlock(vdev); 426 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 427 return QDF_STATUS_E_INVAL; 428 } 429 wlan_vdev_obj_unlock(vdev); 430 431 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 432 if (wlan_crypto_vdev_has_auth_mode(vdev, 433 (1 << WLAN_CRYPTO_AUTH_8021X))) { 434 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 435 } 436 } 437 438 if (isbcast) { 439 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 440 &crypto_priv); 441 if (crypto_priv == NULL) { 442 qdf_print("%s[%d] crypto_priv NULL\n", 443 __func__, __LINE__); 444 return QDF_STATUS_E_INVAL; 445 } 446 447 if (IS_MGMT_CIPHER(req_key->type)) { 448 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 449 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 450 qdf_print("%s[%d] igtk key invalid keyid %d \n", 451 __func__, __LINE__, igtk_idx); 452 return QDF_STATUS_E_INVAL; 453 } 454 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 455 if (key == NULL) { 456 qdf_print("%s[%d] igtk key alloc failed\n", 457 __func__, __LINE__); 458 return QDF_STATUS_E_NOMEM; 459 } 460 461 if (crypto_priv->igtk_key[igtk_idx]) 462 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 463 464 crypto_priv->igtk_key[igtk_idx] = key; 465 crypto_priv->igtk_key_type = req_key->type; 466 crypto_priv->def_igtk_tx_keyid = igtk_idx; 467 } else { 468 if (IS_FILS_CIPHER(req_key->type)) { 469 qdf_print(FL( 470 "FILS key is not for BroadCast packet\n")); 471 return QDF_STATUS_E_INVAL; 472 } 473 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 474 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 475 return QDF_STATUS_E_INVAL; 476 } 477 if (!crypto_priv->key[req_key->keyix]) { 478 crypto_priv->key[req_key->keyix] 479 = qdf_mem_malloc( 480 sizeof(struct wlan_crypto_key)); 481 if (!crypto_priv->key[req_key->keyix]) 482 return QDF_STATUS_E_NOMEM; 483 } 484 key = crypto_priv->key[req_key->keyix]; 485 } 486 if (vdev_mode == QDF_STA_MODE) { 487 peer = wlan_vdev_get_bsspeer(vdev); 488 if (!(peer && (QDF_STATUS_SUCCESS 489 == wlan_objmgr_peer_try_get_ref(peer, 490 WLAN_CRYPTO_ID)))) { 491 qdf_print("%s[%d] peer %pK failed\n", 492 __func__, __LINE__, peer); 493 if (IS_MGMT_CIPHER(req_key->type)) { 494 crypto_priv->igtk_key[igtk_idx] = NULL; 495 crypto_priv->igtk_key_type 496 = WLAN_CRYPTO_CIPHER_NONE; 497 } else 498 crypto_priv->key[req_key->keyix] = NULL; 499 if (key) 500 qdf_mem_free(key); 501 return QDF_STATUS_E_INVAL; 502 } 503 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 504 WLAN_ALEN); 505 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 506 } 507 } else { 508 uint8_t pdev_id; 509 510 pdev_id = wlan_objmgr_pdev_get_pdev_id( 511 wlan_vdev_get_pdev(vdev)); 512 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 513 psoc, 514 pdev_id, 515 macaddr, 516 req_key->macaddr, 517 WLAN_CRYPTO_ID); 518 519 if (peer == NULL) { 520 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 521 return QDF_STATUS_E_INVAL; 522 } 523 524 qdf_mem_copy(macaddr, req_key->macaddr, WLAN_ALEN); 525 crypto_params = wlan_crypto_peer_get_comp_params(peer, 526 &crypto_priv); 527 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 528 529 if (crypto_priv == NULL) { 530 qdf_print("%s[%d] crypto_priv NULL\n", 531 __func__, __LINE__); 532 return QDF_STATUS_E_INVAL; 533 } 534 if (IS_MGMT_CIPHER(req_key->type)) { 535 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 536 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 537 qdf_print("%s[%d] igtk key invalid keyid %d \n", 538 __func__, __LINE__, igtk_idx); 539 return QDF_STATUS_E_INVAL; 540 } 541 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 542 if (key == NULL) { 543 qdf_print("%s[%d] igtk key alloc failed\n", 544 __func__, __LINE__); 545 return QDF_STATUS_E_NOMEM; 546 } 547 if (crypto_priv->igtk_key[igtk_idx]) 548 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 549 550 crypto_priv->igtk_key[igtk_idx] = key; 551 crypto_priv->igtk_key_type = req_key->type; 552 crypto_priv->def_igtk_tx_keyid = igtk_idx; 553 } else { 554 uint16_t kid = req_key->keyix; 555 if (kid == WLAN_CRYPTO_KEYIX_NONE) 556 kid = 0; 557 if (kid >= WLAN_CRYPTO_MAXKEYIDX) { 558 qdf_print("%s[%d] invalid keyid %d \n", 559 __func__, __LINE__, kid); 560 return QDF_STATUS_E_INVAL; 561 } 562 if (!crypto_priv->key[kid]) { 563 crypto_priv->key[kid] 564 = qdf_mem_malloc( 565 sizeof(struct wlan_crypto_key)); 566 if (!crypto_priv->key[kid]) 567 return QDF_STATUS_E_NOMEM; 568 } 569 key = crypto_priv->key[kid]; 570 } 571 } 572 573 /* alloc key might not required as it is already there */ 574 key->cipher_table = (void *)cipher; 575 key->keylen = req_key->keylen; 576 key->flags = req_key->flags; 577 578 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 579 key->keyix = 0; 580 else 581 key->keyix = req_key->keyix; 582 583 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 584 && (!IS_MGMT_CIPHER(req_key->type))) { 585 crypto_priv->def_tx_keyid = key->keyix; 586 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 587 } 588 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 589 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 590 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 591 0x5c, 0x36, 0x5c, 0x36, 592 0x5c, 0x36, 0x5c, 0x36, 593 0x5c, 0x36, 0x5c, 0x37}; 594 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 595 0x5c, 0x36, 0x5c, 0x36, 596 0x5c, 0x36, 0x5c, 0x36, 597 0x5c, 0x36, 0x5c, 0x36}; 598 599 /* During Tx PN should be increment and 600 * send but as per our implementation we increment only after 601 * Tx complete. So First packet PN check will be failed. 602 * To compensate increment the PN here by 2 603 */ 604 if (vdev_mode == QDF_SAP_MODE) { 605 iv_AP[15] += 2; 606 qdf_mem_copy(key->recviv, iv_STA, 607 WLAN_CRYPTO_WAPI_IV_SIZE); 608 qdf_mem_copy(key->txiv, iv_AP, 609 WLAN_CRYPTO_WAPI_IV_SIZE); 610 } else { 611 iv_STA[15] += 2; 612 qdf_mem_copy(key->recviv, iv_AP, 613 WLAN_CRYPTO_WAPI_IV_SIZE); 614 qdf_mem_copy(key->txiv, iv_STA, 615 WLAN_CRYPTO_WAPI_IV_SIZE); 616 } 617 } else { 618 uint8_t i = 0; 619 qdf_mem_copy((uint8_t *)(&key->keytsc), 620 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 621 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 622 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 623 (uint8_t *)(&req_key->keyrsc), 624 sizeof(key->keyrsc[0])); 625 } 626 } 627 628 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 629 key->valid = 1; 630 if ((IS_MGMT_CIPHER(req_key->type))) { 631 if (HAS_CIPHER_CAP(crypto_params, 632 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 633 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 634 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 635 key, macaddr, req_key->type); 636 } 637 } 638 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 639 status = wlan_crypto_set_igtk_key(key); 640 return status; 641 } else if (IS_FILS_CIPHER(req_key->type)) { 642 /* Take request key object to FILS setkey */ 643 key->private = req_key; 644 } else { 645 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 646 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 647 macaddr, req_key->type); 648 } 649 } 650 status = cipher->setkey(key); 651 652 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 653 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 654 (!IS_MGMT_CIPHER(req_key->type))) { 655 /* default xmit key */ 656 wlan_crypto_default_key(vdev, 657 req_key->macaddr, 658 req_key->keyix, 659 !isbcast); 660 } 661 662 return status; 663 } 664 665 /** 666 * wlan_crypto_get_keytype - get keytype 667 * @key: key 668 * 669 * This function gets keytype from key 670 * 671 * Return: keytype 672 */ 673 wlan_crypto_cipher_type wlan_crypto_get_key_type( 674 struct wlan_crypto_key *key){ 675 if (key && key->cipher_table) { 676 return ((struct wlan_crypto_cipher *) 677 (key->cipher_table))->cipher; 678 } 679 return WLAN_CRYPTO_CIPHER_NONE; 680 } 681 qdf_export_symbol(wlan_crypto_get_key_type); 682 /** 683 * wlan_crypto_vdev_getkey - get key from vdev 684 * @vdev: vdev 685 * @keyix: keyix 686 * 687 * This function gets key from vdev 688 * 689 * Return: key or NULL 690 */ 691 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 692 uint16_t keyix){ 693 struct wlan_crypto_comp_priv *crypto_priv; 694 struct wlan_crypto_params *crypto_params; 695 struct wlan_crypto_key *key = NULL; 696 697 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 698 699 if (crypto_priv == NULL) { 700 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 701 return NULL; 702 } 703 704 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 705 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 706 else 707 key = crypto_priv->key[keyix]; 708 709 if (key && key->valid) 710 return key; 711 712 return NULL; 713 } 714 qdf_export_symbol(wlan_crypto_vdev_getkey); 715 716 /** 717 * wlan_crypto_peer_getkey - get key from peer 718 * @peer: peer 719 * @keyix: keyix 720 * 721 * This function gets key from peer 722 * 723 * Return: key or NULL 724 */ 725 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 726 uint16_t keyix){ 727 struct wlan_crypto_comp_priv *crypto_priv; 728 struct wlan_crypto_params *crypto_params; 729 struct wlan_crypto_key *key = NULL; 730 731 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 732 733 if (crypto_priv == NULL) { 734 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 735 return NULL; 736 } 737 738 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 739 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 740 else 741 key = crypto_priv->key[keyix]; 742 743 if (key && key->valid) 744 return key; 745 746 return NULL; 747 } 748 qdf_export_symbol(wlan_crypto_peer_getkey); 749 750 /** 751 * wlan_crypto_getkey - called by ucfg to get key 752 * @vdev: vdev 753 * @req_key: key value will be copied in this req_key 754 * @mac_address: mac address of the peer for unicast key 755 * or broadcast address if group key is requested. 756 * 757 * This function gets called from ucfg to get key 758 * 759 * Return: QDF_STATUS_SUCCESS - in case of success 760 */ 761 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 762 struct wlan_crypto_req_key *req_key, 763 uint8_t *mac_addr){ 764 struct wlan_crypto_cipher *cipher_table; 765 struct wlan_crypto_key *key; 766 struct wlan_objmgr_psoc *psoc; 767 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 768 769 if ((req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 770 (req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX)) { 771 qdf_print("%s[%d] invalid keyix %d\n", __func__, __LINE__, 772 req_key->keyix); 773 return QDF_STATUS_E_INVAL; 774 } 775 776 wlan_vdev_obj_lock(vdev); 777 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 778 psoc = wlan_vdev_get_psoc(vdev); 779 if (!psoc) { 780 wlan_vdev_obj_unlock(vdev); 781 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 782 return QDF_STATUS_E_INVAL; 783 } 784 wlan_vdev_obj_unlock(vdev); 785 786 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 787 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 788 if (!key) 789 return QDF_STATUS_E_INVAL; 790 } else { 791 struct wlan_objmgr_peer *peer; 792 uint8_t pdev_id; 793 794 pdev_id = wlan_objmgr_pdev_get_pdev_id( 795 wlan_vdev_get_pdev(vdev)); 796 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 797 psoc, 798 pdev_id, 799 macaddr, 800 mac_addr, 801 WLAN_CRYPTO_ID); 802 if (peer == NULL) { 803 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 804 "%s[%d] peer NULL\n", __func__, __LINE__); 805 return QDF_STATUS_E_NOENT; 806 } 807 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 808 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 809 if (!key) 810 return QDF_STATUS_E_INVAL; 811 } 812 813 if (key->valid) { 814 qdf_mem_copy(req_key->keydata, 815 key->keyval, key->keylen); 816 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 817 (uint8_t *)(&key->keytsc), 818 sizeof(req_key->keytsc)); 819 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 820 (uint8_t *)(&key->keyrsc[0]), 821 sizeof(req_key->keyrsc)); 822 req_key->keylen = key->keylen; 823 req_key->flags = key->flags; 824 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 825 826 if (!cipher_table) 827 return QDF_STATUS_SUCCESS; 828 829 req_key->type = cipher_table->cipher; 830 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 831 qdf_mem_copy((uint8_t *)(&req_key->txiv), 832 (uint8_t *)(key->txiv), 833 sizeof(req_key->txiv)); 834 qdf_mem_copy((uint8_t *)(&req_key->recviv), 835 (uint8_t *)(key->recviv), 836 sizeof(req_key->recviv)); 837 } 838 } 839 840 return QDF_STATUS_SUCCESS; 841 } 842 843 /** 844 * wlan_crypto_delkey - called by ucfg to delete key 845 * @vdev: vdev 846 * @mac_address: mac address of the peer for unicast key 847 * or broadcast address if group key is deleted. 848 * @key_idx: key index to be deleted 849 * 850 * This function gets called from ucfg to delete key 851 * 852 * Return: QDF_STATUS_SUCCESS - in case of success 853 */ 854 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 855 uint8_t *macaddr, 856 uint8_t key_idx){ 857 struct wlan_crypto_comp_priv *crypto_priv; 858 struct wlan_crypto_params *crypto_params; 859 struct wlan_crypto_key *key; 860 struct wlan_crypto_cipher *cipher_table; 861 struct wlan_objmgr_psoc *psoc; 862 uint8_t bssid_mac[WLAN_ALEN]; 863 864 if (!vdev || !macaddr || 865 (key_idx >= 866 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 867 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 868 "%s[%d] Invalid params vdev %pK, macaddr %pK" 869 "keyidx %d\n", __func__, __LINE__, vdev, 870 macaddr, key_idx); 871 return QDF_STATUS_E_INVAL; 872 } 873 874 wlan_vdev_obj_lock(vdev); 875 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 876 psoc = wlan_vdev_get_psoc(vdev); 877 if (!psoc) { 878 wlan_vdev_obj_unlock(vdev); 879 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 880 return QDF_STATUS_E_INVAL; 881 } 882 wlan_vdev_obj_unlock(vdev); 883 884 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 885 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 886 &crypto_priv); 887 if (crypto_priv == NULL) { 888 qdf_print("%s[%d] crypto_priv NULL\n", 889 __func__, __LINE__); 890 return QDF_STATUS_E_INVAL; 891 } 892 } else { 893 struct wlan_objmgr_peer *peer; 894 uint8_t pdev_id; 895 896 pdev_id = wlan_objmgr_pdev_get_pdev_id( 897 wlan_vdev_get_pdev(vdev)); 898 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 899 psoc, pdev_id, 900 bssid_mac, 901 macaddr, 902 WLAN_CRYPTO_ID); 903 if (peer == NULL) { 904 return QDF_STATUS_E_INVAL; 905 } 906 crypto_params = wlan_crypto_peer_get_comp_params(peer, 907 &crypto_priv); 908 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 909 if (crypto_priv == NULL) { 910 qdf_print("%s[%d] crypto_priv NULL\n", 911 __func__, __LINE__); 912 return QDF_STATUS_E_INVAL; 913 } 914 } 915 916 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 917 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 918 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 919 qdf_print("%s[%d] Igtk key invalid keyid %d\n", 920 __func__, __LINE__, igtk_idx); 921 return QDF_STATUS_E_INVAL; 922 } 923 key = crypto_priv->igtk_key[igtk_idx]; 924 crypto_priv->igtk_key[igtk_idx] = NULL; 925 if (key) 926 key->valid = 0; 927 } else { 928 key = crypto_priv->key[key_idx]; 929 crypto_priv->key[key_idx] = NULL; 930 } 931 932 if (!key) 933 return QDF_STATUS_E_INVAL; 934 935 if (key->valid) { 936 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 937 938 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 939 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 940 macaddr, cipher_table->cipher); 941 } 942 } 943 qdf_mem_free(key); 944 945 return QDF_STATUS_SUCCESS; 946 } 947 948 /** 949 * wlan_crypto_default_key - called by ucfg to set default tx key 950 * @vdev: vdev 951 * @mac_address: mac address of the peer for unicast key 952 * or broadcast address if group key need to made default. 953 * @key_idx: key index to be made as default key 954 * @unicast: is key was unicast or group key. 955 * 956 * This function gets called from ucfg to set default key 957 * 958 * Return: QDF_STATUS_SUCCESS - in case of success 959 */ 960 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 961 uint8_t *macaddr, 962 uint8_t key_idx, 963 bool unicast){ 964 struct wlan_crypto_comp_priv *crypto_priv; 965 struct wlan_crypto_params *crypto_params; 966 struct wlan_crypto_key *key; 967 struct wlan_objmgr_psoc *psoc; 968 uint8_t bssid_mac[WLAN_ALEN]; 969 970 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 971 qdf_print("%s[%d] Invalid params vdev %pK, macaddr %pK" 972 "keyidx %d\n", __func__, __LINE__, 973 vdev, macaddr, key_idx); 974 return QDF_STATUS_E_INVAL; 975 } 976 977 wlan_vdev_obj_lock(vdev); 978 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 979 psoc = wlan_vdev_get_psoc(vdev); 980 if (!psoc) { 981 wlan_vdev_obj_unlock(vdev); 982 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 983 return QDF_STATUS_E_INVAL; 984 } 985 wlan_vdev_obj_unlock(vdev); 986 987 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 988 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 989 &crypto_priv); 990 if (crypto_priv == NULL) { 991 qdf_print("%s[%d] crypto_priv NULL\n", 992 __func__, __LINE__); 993 return QDF_STATUS_E_INVAL; 994 } 995 996 key = crypto_priv->key[key_idx]; 997 if (!key) 998 return QDF_STATUS_E_INVAL; 999 } else { 1000 struct wlan_objmgr_peer *peer; 1001 uint8_t pdev_id; 1002 1003 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1004 wlan_vdev_get_pdev(vdev)); 1005 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1006 psoc, pdev_id, 1007 bssid_mac, 1008 macaddr, 1009 WLAN_CRYPTO_ID); 1010 1011 if (peer == NULL) { 1012 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1013 return QDF_STATUS_E_INVAL; 1014 } 1015 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1016 &crypto_priv); 1017 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1018 if (crypto_priv == NULL) { 1019 qdf_print("%s[%d] crypto_priv NULL\n", 1020 __func__, __LINE__); 1021 return QDF_STATUS_E_INVAL; 1022 } 1023 1024 key = crypto_priv->key[key_idx]; 1025 if (!key) 1026 return QDF_STATUS_E_INVAL; 1027 } 1028 if (!key->valid) 1029 return QDF_STATUS_E_INVAL; 1030 1031 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1032 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1033 macaddr); 1034 } 1035 crypto_priv->def_tx_keyid = key_idx; 1036 1037 return QDF_STATUS_SUCCESS; 1038 } 1039 1040 /** 1041 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1042 * @vdev: vdev 1043 * @wbuf: wbuf 1044 * @macaddr: macaddr 1045 * @encapdone: is encapdone already or not. 1046 * 1047 * This function gets called from mgmt txrx to encap frame. 1048 * 1049 * Return: QDF_STATUS_SUCCESS - in case of success 1050 */ 1051 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1052 qdf_nbuf_t wbuf, 1053 uint8_t *mac_addr, 1054 uint8_t encapdone){ 1055 struct wlan_crypto_comp_priv *crypto_priv; 1056 struct wlan_crypto_params *crypto_params; 1057 struct wlan_crypto_key *key; 1058 QDF_STATUS status; 1059 struct wlan_crypto_cipher *cipher_table; 1060 struct wlan_objmgr_psoc *psoc; 1061 struct wlan_objmgr_peer *peer; 1062 uint8_t bssid_mac[WLAN_ALEN]; 1063 uint8_t pdev_id; 1064 uint8_t hdrlen; 1065 enum QDF_OPMODE opmode; 1066 1067 opmode = wlan_vdev_mlme_get_opmode(vdev); 1068 wlan_vdev_obj_lock(vdev); 1069 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1070 psoc = wlan_vdev_get_psoc(vdev); 1071 if (!psoc) { 1072 wlan_vdev_obj_unlock(vdev); 1073 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1074 return QDF_STATUS_E_INVAL; 1075 } 1076 wlan_vdev_obj_unlock(vdev); 1077 1078 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1079 /* FILS Encap required only for (Re-)Assoc response */ 1080 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1081 1082 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1083 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1084 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1085 return QDF_STATUS_E_INVAL; 1086 } 1087 1088 if (peer) 1089 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1090 1091 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1092 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1093 &crypto_priv); 1094 if (crypto_priv == NULL) { 1095 qdf_print("%s[%d] crypto_priv NULL\n", 1096 __func__, __LINE__); 1097 return QDF_STATUS_E_INVAL; 1098 } 1099 1100 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1101 if (!key) 1102 return QDF_STATUS_E_INVAL; 1103 1104 } else { 1105 struct wlan_objmgr_peer *peer; 1106 uint8_t pdev_id; 1107 1108 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1109 wlan_vdev_get_pdev(vdev)); 1110 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1111 bssid_mac, mac_addr, 1112 WLAN_CRYPTO_ID); 1113 1114 if (peer == NULL) { 1115 qdf_print("%s[%d] crypto_priv NULL\n", 1116 __func__, __LINE__); 1117 return QDF_STATUS_E_INVAL; 1118 } 1119 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1120 &crypto_priv); 1121 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1122 1123 if (crypto_priv == NULL) { 1124 qdf_print("%s[%d] crypto_priv NULL\n", 1125 __func__, __LINE__); 1126 return QDF_STATUS_E_INVAL; 1127 } 1128 1129 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1130 if (!key) 1131 return QDF_STATUS_E_INVAL; 1132 } 1133 if (opmode == QDF_MONITOR_MODE) 1134 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1135 else 1136 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1137 (uint8_t *)qdf_nbuf_data(wbuf)); 1138 1139 /* if tkip, is counter measures enabled, then drop the frame */ 1140 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1141 status = cipher_table->encap(key, wbuf, encapdone, 1142 hdrlen); 1143 1144 return status; 1145 } 1146 qdf_export_symbol(wlan_crypto_encap); 1147 1148 /** 1149 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1150 * @vdev: vdev 1151 * @wbuf: wbuf 1152 * @macaddr: macaddr 1153 * @tid: tid of the frame 1154 * 1155 * This function gets called from mgmt txrx to decap frame. 1156 * 1157 * Return: QDF_STATUS_SUCCESS - in case of success 1158 */ 1159 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1160 qdf_nbuf_t wbuf, 1161 uint8_t *mac_addr, 1162 uint8_t tid){ 1163 struct wlan_crypto_comp_priv *crypto_priv; 1164 struct wlan_crypto_params *crypto_params; 1165 struct wlan_crypto_key *key; 1166 QDF_STATUS status; 1167 struct wlan_crypto_cipher *cipher_table; 1168 struct wlan_objmgr_psoc *psoc; 1169 struct wlan_objmgr_peer *peer; 1170 uint8_t bssid_mac[WLAN_ALEN]; 1171 uint8_t keyid; 1172 uint8_t pdev_id; 1173 uint8_t hdrlen; 1174 enum QDF_OPMODE opmode; 1175 1176 opmode = wlan_vdev_mlme_get_opmode(vdev); 1177 wlan_vdev_obj_lock(vdev); 1178 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1179 psoc = wlan_vdev_get_psoc(vdev); 1180 if (!psoc) { 1181 wlan_vdev_obj_unlock(vdev); 1182 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1183 return QDF_STATUS_E_INVAL; 1184 } 1185 wlan_vdev_obj_unlock(vdev); 1186 1187 if (opmode == QDF_MONITOR_MODE) 1188 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1189 else 1190 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1191 (uint8_t *)qdf_nbuf_data(wbuf)); 1192 1193 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1194 1195 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1196 return QDF_STATUS_E_INVAL; 1197 1198 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1199 /* FILS Decap required only for (Re-)Assoc request */ 1200 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1201 1202 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1203 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1204 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1205 return QDF_STATUS_E_INVAL; 1206 } 1207 1208 if (peer) 1209 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1210 1211 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1212 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1213 &crypto_priv); 1214 if (crypto_priv == NULL) { 1215 qdf_print("%s[%d] crypto_priv NULL\n", 1216 __func__, __LINE__); 1217 return QDF_STATUS_E_INVAL; 1218 } 1219 1220 key = crypto_priv->key[keyid]; 1221 if (!key) 1222 return QDF_STATUS_E_INVAL; 1223 1224 } else { 1225 struct wlan_objmgr_peer *peer; 1226 uint8_t pdev_id; 1227 1228 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1229 wlan_vdev_get_pdev(vdev)); 1230 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1231 psoc, pdev_id, bssid_mac, 1232 mac_addr, WLAN_CRYPTO_ID); 1233 if (peer == NULL) { 1234 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1235 return QDF_STATUS_E_INVAL; 1236 } 1237 1238 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1239 &crypto_priv); 1240 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1241 1242 if (crypto_priv == NULL) { 1243 qdf_print("%s[%d] crypto_priv NULL\n", 1244 __func__, __LINE__); 1245 return QDF_STATUS_E_INVAL; 1246 } 1247 1248 key = crypto_priv->key[keyid]; 1249 if (!key) 1250 return QDF_STATUS_E_INVAL; 1251 } 1252 /* if tkip, is counter measures enabled, then drop the frame */ 1253 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1254 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1255 1256 return status; 1257 } 1258 qdf_export_symbol(wlan_crypto_decap); 1259 /** 1260 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1261 * @vdev: vdev 1262 * @wbuf: wbuf 1263 * @macaddr: macaddr 1264 * @encapdone: is encapdone already or not. 1265 * 1266 * This function gets called from mgmt txrx to adding mic to the frame. 1267 * 1268 * Return: QDF_STATUS_SUCCESS - in case of success 1269 */ 1270 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1271 qdf_nbuf_t wbuf, 1272 uint8_t *mac_addr, 1273 uint8_t encapdone){ 1274 struct wlan_crypto_comp_priv *crypto_priv; 1275 struct wlan_crypto_params *crypto_params; 1276 struct wlan_crypto_key *key; 1277 QDF_STATUS status; 1278 struct wlan_crypto_cipher *cipher_table; 1279 struct wlan_objmgr_psoc *psoc; 1280 uint8_t bssid_mac[WLAN_ALEN]; 1281 uint8_t hdrlen; 1282 enum QDF_OPMODE opmode; 1283 1284 opmode = wlan_vdev_mlme_get_opmode(vdev); 1285 1286 1287 wlan_vdev_obj_lock(vdev); 1288 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1289 psoc = wlan_vdev_get_psoc(vdev); 1290 if (!psoc) { 1291 wlan_vdev_obj_unlock(vdev); 1292 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1293 return QDF_STATUS_E_INVAL; 1294 } 1295 wlan_vdev_obj_unlock(vdev); 1296 1297 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1298 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1299 &crypto_priv); 1300 if (crypto_priv == NULL) { 1301 qdf_print("%s[%d] crypto_priv NULL\n", 1302 __func__, __LINE__); 1303 return QDF_STATUS_E_INVAL; 1304 } 1305 1306 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1307 if (!key) 1308 return QDF_STATUS_E_INVAL; 1309 1310 } else { 1311 struct wlan_objmgr_peer *peer; 1312 uint8_t pdev_id; 1313 1314 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1315 wlan_vdev_get_pdev(vdev)); 1316 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1317 psoc, pdev_id, bssid_mac, 1318 mac_addr, WLAN_CRYPTO_ID); 1319 if (peer == NULL) { 1320 qdf_print("%s[%d] crypto_priv NULL\n", 1321 __func__, __LINE__); 1322 return QDF_STATUS_E_INVAL; 1323 } 1324 1325 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1326 &crypto_priv); 1327 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1328 1329 if (crypto_priv == NULL) { 1330 qdf_print("%s[%d] crypto_priv NULL\n", 1331 __func__, __LINE__); 1332 return QDF_STATUS_E_INVAL; 1333 } 1334 1335 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1336 if (!key) 1337 return QDF_STATUS_E_INVAL; 1338 } 1339 if (opmode == QDF_MONITOR_MODE) 1340 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1341 else 1342 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1343 (uint8_t *)qdf_nbuf_data(wbuf)); 1344 1345 /* if tkip, is counter measures enabled, then drop the frame */ 1346 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1347 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1348 1349 return status; 1350 } 1351 1352 /** 1353 * wlan_crypto_demic - called by mgmt for remove and check mic for 1354 * the frame based on cipher 1355 * @vdev: vdev 1356 * @wbuf: wbuf 1357 * @macaddr: macaddr 1358 * @tid: tid of the frame 1359 * @keyid: keyid in the received frame 1360 * This function gets called from mgmt txrx to decap frame. 1361 * 1362 * Return: QDF_STATUS_SUCCESS - in case of success 1363 */ 1364 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1365 qdf_nbuf_t wbuf, 1366 uint8_t *mac_addr, 1367 uint8_t tid, 1368 uint8_t keyid){ 1369 struct wlan_crypto_comp_priv *crypto_priv; 1370 struct wlan_crypto_params *crypto_params; 1371 struct wlan_crypto_key *key; 1372 QDF_STATUS status; 1373 struct wlan_crypto_cipher *cipher_table; 1374 struct wlan_objmgr_psoc *psoc; 1375 uint8_t bssid_mac[WLAN_ALEN]; 1376 uint8_t hdrlen; 1377 enum QDF_OPMODE opmode; 1378 1379 opmode = wlan_vdev_mlme_get_opmode(vdev); 1380 1381 if (opmode == QDF_MONITOR_MODE) 1382 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1383 else 1384 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1385 (uint8_t *)qdf_nbuf_data(wbuf)); 1386 1387 wlan_vdev_obj_lock(vdev); 1388 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1389 psoc = wlan_vdev_get_psoc(vdev); 1390 if (!psoc) { 1391 wlan_vdev_obj_unlock(vdev); 1392 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1393 return QDF_STATUS_E_INVAL; 1394 } 1395 wlan_vdev_obj_unlock(vdev); 1396 1397 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1398 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1399 &crypto_priv); 1400 if (crypto_priv == NULL) { 1401 qdf_print("%s[%d] crypto_priv NULL\n", 1402 __func__, __LINE__); 1403 return QDF_STATUS_E_INVAL; 1404 } 1405 1406 key = crypto_priv->key[keyid]; 1407 if (!key) 1408 return QDF_STATUS_E_INVAL; 1409 1410 } else { 1411 struct wlan_objmgr_peer *peer; 1412 uint8_t pdev_id; 1413 1414 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1415 wlan_vdev_get_pdev(vdev)); 1416 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1417 psoc, pdev_id, bssid_mac, 1418 mac_addr, WLAN_CRYPTO_ID); 1419 if (peer == NULL) { 1420 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1421 return QDF_STATUS_E_INVAL; 1422 } 1423 1424 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1425 &crypto_priv); 1426 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1427 1428 if (crypto_priv == NULL) { 1429 qdf_print("%s[%d] crypto_priv NULL\n", 1430 __func__, __LINE__); 1431 return QDF_STATUS_E_INVAL; 1432 } 1433 1434 key = crypto_priv->key[keyid]; 1435 if (!key) 1436 return QDF_STATUS_E_INVAL; 1437 } 1438 /* if tkip, is counter measures enabled, then drop the frame */ 1439 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1440 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1441 1442 return status; 1443 } 1444 1445 /** 1446 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1447 * @vdev: vdev 1448 * 1449 * This function gets called to check is pmf enabled or not in vdev. 1450 * 1451 * Return: true or false 1452 */ 1453 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1454 { 1455 1456 struct wlan_crypto_comp_priv *crypto_priv; 1457 struct wlan_crypto_params *vdev_crypto_params; 1458 1459 if (!vdev) 1460 return false; 1461 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1462 &crypto_priv); 1463 if (crypto_priv == NULL) { 1464 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1465 return QDF_STATUS_E_INVAL; 1466 } 1467 1468 if ((vdev_crypto_params->rsn_caps & 1469 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1470 || (vdev_crypto_params->rsn_caps & 1471 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1472 return true; 1473 } 1474 1475 return false; 1476 } 1477 /** 1478 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1479 * @vdev: vdev 1480 * @peer: peer 1481 * 1482 * This function gets called by mgmt txrx to check is pmf enabled or not. 1483 * 1484 * Return: true or false 1485 */ 1486 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1487 struct wlan_objmgr_peer *peer){ 1488 1489 struct wlan_crypto_comp_priv *crypto_priv; 1490 struct wlan_crypto_params *vdev_crypto_params; 1491 struct wlan_crypto_params *peer_crypto_params; 1492 1493 if (!vdev || !peer) 1494 return false; 1495 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1496 &crypto_priv); 1497 if (crypto_priv == NULL) { 1498 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1499 return QDF_STATUS_E_INVAL; 1500 } 1501 1502 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1503 &crypto_priv); 1504 if (crypto_priv == NULL) { 1505 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1506 return QDF_STATUS_E_INVAL; 1507 } 1508 if (((vdev_crypto_params->rsn_caps & 1509 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1510 (peer_crypto_params->rsn_caps & 1511 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1512 || (vdev_crypto_params->rsn_caps & 1513 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1514 return true; 1515 } 1516 1517 return false; 1518 } 1519 1520 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1521 { 1522 a[0] = b[5]; 1523 a[1] = b[4]; 1524 a[2] = b[3]; 1525 a[3] = b[2]; 1526 a[4] = b[1]; 1527 a[5] = b[0]; 1528 } 1529 1530 /** 1531 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1532 * @vdev: vdev 1533 * @bfrm: frame starting pointer 1534 * @len: length of the frame 1535 * 1536 * This function gets called by mgmt txrx to add mmie in frame 1537 * 1538 * Return: end of frame or NULL in case failure 1539 */ 1540 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1541 uint8_t *bfrm, 1542 uint32_t len) { 1543 struct wlan_crypto_key *key; 1544 struct wlan_crypto_mmie *mmie; 1545 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1546 struct ieee80211_hdr *hdr; 1547 uint32_t i, hdrlen, mic_len, aad_len; 1548 uint8_t mic[16]; 1549 struct wlan_crypto_comp_priv *crypto_priv; 1550 struct wlan_crypto_params *crypto_params; 1551 int32_t ret = -1; 1552 1553 if (!bfrm) { 1554 qdf_print("%s[%d] frame is NULL\n", __func__, __LINE__); 1555 return NULL; 1556 } 1557 1558 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1559 &crypto_priv); 1560 if (crypto_priv == NULL) { 1561 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1562 return NULL; 1563 } 1564 1565 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1566 qdf_print("%s[%d] igtk key invalid keyid %d \n", 1567 __func__, __LINE__, crypto_priv->def_igtk_tx_keyid); 1568 return NULL; 1569 } 1570 1571 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1572 if (!key) { 1573 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1574 return NULL; 1575 } 1576 mic_len = (crypto_priv->igtk_key_type 1577 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1578 1579 efrm = bfrm + len; 1580 aad_len = 20; 1581 hdrlen = sizeof(struct ieee80211_hdr); 1582 len += sizeof(struct wlan_crypto_mmie); 1583 1584 mmie = (struct wlan_crypto_mmie *) efrm; 1585 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1586 mmie->element_id = WLAN_ELEMID_MMIE; 1587 mmie->length = sizeof(*mmie) - 2; 1588 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1589 1590 mic_len = (crypto_priv->igtk_key_type 1591 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1592 if (mic_len == 8) { 1593 mmie->length -= 8; 1594 len -= 8; 1595 } 1596 /* PN = PN + 1 */ 1597 pn = (uint8_t *)&key->keytsc; 1598 1599 for (i = 0; i <= 5; i++) { 1600 pn[i]++; 1601 if (pn[i]) 1602 break; 1603 } 1604 1605 /* Copy IPN */ 1606 qdf_mem_copy(mmie->sequence_number, pn, 6); 1607 1608 hdr = (struct ieee80211_hdr *) bfrm; 1609 1610 buf = qdf_mem_malloc(len - hdrlen + 20); 1611 if (!buf) { 1612 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1613 return NULL; 1614 } 1615 qdf_mem_zero(buf, len - hdrlen + 20); 1616 aad = buf; 1617 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1618 1619 /* FC type/subtype */ 1620 aad[0] = hdr->frame_control[0]; 1621 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1622 aad[1] = (hdr->frame_control[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1623 | WLAN_FC1_MOREDATA)); 1624 /* A1 || A2 || A3 */ 1625 qdf_mem_copy(aad + 2, hdr->addr1, WLAN_ALEN); 1626 qdf_mem_copy(aad + 8, hdr->addr2, WLAN_ALEN); 1627 qdf_mem_copy(aad + 14, hdr->addr3, WLAN_ALEN); 1628 qdf_mem_zero(mic, 16); 1629 1630 /* 1631 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1632 */ 1633 1634 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1635 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1636 1637 ret = omac1_aes_128(key->keyval, buf, 1638 len + aad_len - hdrlen, mic); 1639 qdf_mem_copy(mmie->mic, mic, 8); 1640 1641 } else if (crypto_priv->igtk_key_type 1642 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1643 1644 ret = omac1_aes_256(key->keyval, buf, 1645 len + aad_len - hdrlen, mmie->mic); 1646 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1647 || (crypto_priv->igtk_key_type 1648 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1649 1650 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1651 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1652 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1653 sizeof(nounce), buf, 1654 len + aad_len - hdrlen, mmie->mic); 1655 } 1656 qdf_mem_free(buf); 1657 if (ret < 0) { 1658 qdf_print("%s[%d] add mmie failed\n", __func__, __LINE__); 1659 return NULL; 1660 } 1661 1662 return bfrm + len; 1663 } 1664 1665 /** 1666 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1667 * @vdev: vdev 1668 * @frm: frame starting pointer 1669 * @efrm: end of frame pointer 1670 * 1671 * This function gets called by mgmt txrx to check mmie of the frame 1672 * 1673 * Return: true or false 1674 */ 1675 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1676 uint8_t *frm, 1677 uint8_t *efrm){ 1678 struct wlan_crypto_mmie *mmie = NULL; 1679 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1680 struct wlan_crypto_key *key; 1681 struct ieee80211_hdr *hdr; 1682 uint16_t mic_len, hdrlen, len; 1683 struct wlan_crypto_comp_priv *crypto_priv; 1684 struct wlan_crypto_params *crypto_params; 1685 uint8_t aad_len = 20; 1686 int32_t ret = -1; 1687 1688 /* check if frame is illegal length */ 1689 if (!frm || !efrm || (efrm < frm) 1690 || ((efrm - frm) < sizeof(struct ieee80211_hdr))) { 1691 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 1692 return false; 1693 } 1694 len = efrm - frm; 1695 crypto_priv = (struct wlan_crypto_comp_priv *) 1696 wlan_get_vdev_crypto_obj(vdev); 1697 if (crypto_priv == NULL) { 1698 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1699 return false; 1700 } 1701 1702 crypto_params = &(crypto_priv->crypto_params); 1703 1704 1705 mic_len = (crypto_priv->igtk_key_type 1706 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1707 hdrlen = sizeof(struct ieee80211_hdr); 1708 1709 if (mic_len == 8) 1710 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1711 else 1712 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1713 1714 1715 /* check Elem ID*/ 1716 if ((mmie == NULL) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1717 qdf_print("%s[%d] IE is not MMIE\n", __func__, __LINE__); 1718 return false; 1719 } 1720 1721 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1722 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1723 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1724 qdf_print("%s[%d] keyid not valid\n", __func__, __LINE__); 1725 return false; 1726 } 1727 1728 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1729 if (!key) { 1730 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1731 return false; 1732 } 1733 1734 /* validate ipn */ 1735 ipn = mmie->sequence_number; 1736 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1737 qdf_print("%s[%d] replay error\n", __func__, __LINE__); 1738 return false; 1739 } 1740 1741 buf = qdf_mem_malloc(len - hdrlen + 20); 1742 if (!buf) { 1743 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1744 return false; 1745 } 1746 aad = buf; 1747 1748 /* construct AAD */ 1749 hdr = (struct ieee80211_hdr *)frm; 1750 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1751 1752 /* FC type/subtype */ 1753 aad[0] = hdr->frame_control[0]; 1754 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1755 aad[1] = (hdr->frame_control[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1756 | WLAN_FC1_MOREDATA)); 1757 /* A1 || A2 || A3 */ 1758 qdf_mem_copy(aad + 2, hdr->addr1, 3 * WLAN_ALEN); 1759 1760 /* 1761 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1762 */ 1763 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1764 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1765 qdf_mem_zero(mic, 16); 1766 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1767 ret = omac1_aes_128(key->keyval, buf, 1768 len - hdrlen + aad_len, mic); 1769 } else if (crypto_priv->igtk_key_type 1770 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1771 ret = omac1_aes_256(key->keyval, buf, 1772 len + aad_len - hdrlen, mic); 1773 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1774 || (crypto_priv->igtk_key_type 1775 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1776 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1777 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 1778 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1779 sizeof(nounce), buf, 1780 len + aad_len - hdrlen, mic); 1781 } 1782 1783 qdf_mem_free(buf); 1784 1785 if (ret < 0) { 1786 qdf_print("%s[%d] genarate mmie failed\n", __func__, __LINE__); 1787 return false; 1788 } 1789 1790 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 1791 qdf_print("%s[%d] mmie mismatch\n", __func__, __LINE__); 1792 /* MMIE MIC mismatch */ 1793 return false; 1794 } 1795 1796 /* Update the receive sequence number */ 1797 qdf_mem_copy(key->keyrsc, ipn, 6); 1798 qdf_print("%s[%d] mmie matched\n", __func__, __LINE__); 1799 1800 return true; 1801 } 1802 1803 1804 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 1805 { 1806 int32_t status = -1; 1807 1808 switch (cipher) { 1809 case WLAN_CRYPTO_CIPHER_TKIP: 1810 return WPA_CIPHER_SUITE_TKIP; 1811 case WLAN_CRYPTO_CIPHER_AES_CCM: 1812 return WPA_CIPHER_SUITE_CCMP; 1813 case WLAN_CRYPTO_CIPHER_NONE: 1814 return WPA_CIPHER_SUITE_NONE; 1815 } 1816 1817 return status; 1818 } 1819 1820 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 1821 { 1822 int32_t status = -1; 1823 1824 switch (cipher) { 1825 case WLAN_CRYPTO_CIPHER_TKIP: 1826 return RSN_CIPHER_SUITE_TKIP; 1827 case WLAN_CRYPTO_CIPHER_AES_CCM: 1828 return RSN_CIPHER_SUITE_CCMP; 1829 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 1830 return RSN_CIPHER_SUITE_CCMP_256; 1831 case WLAN_CRYPTO_CIPHER_AES_GCM: 1832 return RSN_CIPHER_SUITE_GCMP; 1833 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 1834 return RSN_CIPHER_SUITE_GCMP_256; 1835 case WLAN_CRYPTO_CIPHER_AES_CMAC: 1836 return RSN_CIPHER_SUITE_AES_CMAC; 1837 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 1838 return RSN_CIPHER_SUITE_BIP_CMAC_256; 1839 case WLAN_CRYPTO_CIPHER_AES_GMAC: 1840 return RSN_CIPHER_SUITE_BIP_GMAC_128; 1841 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 1842 return RSN_CIPHER_SUITE_BIP_GMAC_256; 1843 case WLAN_CRYPTO_CIPHER_NONE: 1844 return RSN_CIPHER_SUITE_NONE; 1845 } 1846 1847 return status; 1848 } 1849 1850 /* 1851 * Convert an RSN key management/authentication algorithm 1852 * to an internal code. 1853 */ 1854 static int32_t 1855 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 1856 { 1857 int32_t status = -1; 1858 1859 switch (keymgmt) { 1860 case WLAN_CRYPTO_KEY_MGMT_NONE: 1861 return RSN_AUTH_KEY_MGMT_NONE; 1862 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1863 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 1864 case WLAN_CRYPTO_KEY_MGMT_PSK: 1865 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1866 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 1867 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1868 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 1869 return RSN_AUTH_KEY_MGMT_FT_PSK; 1870 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 1871 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1872 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 1873 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1874 case WLAN_CRYPTO_KEY_MGMT_SAE: 1875 return RSN_AUTH_KEY_MGMT_SAE; 1876 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 1877 return RSN_AUTH_KEY_MGMT_FT_SAE; 1878 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 1879 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 1880 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 1881 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 1882 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1883 return RSN_AUTH_KEY_MGMT_CCKM; 1884 case WLAN_CRYPTO_KEY_MGMT_OSEN: 1885 return RSN_AUTH_KEY_MGMT_OSEN; 1886 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 1887 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 1888 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 1889 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 1890 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 1891 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 1892 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 1893 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 1894 case WLAN_CRYPTO_KEY_MGMT_OWE: 1895 return RSN_AUTH_KEY_MGMT_OWE; 1896 case WLAN_CRYPTO_KEY_MGMT_DPP: 1897 return RSN_AUTH_KEY_MGMT_DPP; 1898 } 1899 1900 return status; 1901 } 1902 1903 /* 1904 * Convert an RSN key management/authentication algorithm 1905 * to an internal code. 1906 */ 1907 static int32_t 1908 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 1909 { 1910 int32_t status = -1; 1911 1912 switch (keymgmt) { 1913 case WLAN_CRYPTO_KEY_MGMT_NONE: 1914 return WPA_AUTH_KEY_MGMT_NONE; 1915 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1916 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 1917 case WLAN_CRYPTO_KEY_MGMT_PSK: 1918 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1919 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1920 return WPA_AUTH_KEY_MGMT_CCKM; 1921 } 1922 1923 return status; 1924 } 1925 /** 1926 * Convert a WPA cipher selector OUI to an internal 1927 * cipher algorithm. Where appropriate we also 1928 * record any key length. 1929 */ 1930 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 1931 { 1932 uint32_t w = LE_READ_4(sel); 1933 int32_t status = -1; 1934 1935 switch (w) { 1936 case WPA_CIPHER_SUITE_TKIP: 1937 return WLAN_CRYPTO_CIPHER_TKIP; 1938 case WPA_CIPHER_SUITE_CCMP: 1939 return WLAN_CRYPTO_CIPHER_AES_CCM; 1940 case WPA_CIPHER_SUITE_NONE: 1941 return WLAN_CRYPTO_CIPHER_NONE; 1942 } 1943 1944 return status; 1945 } 1946 1947 /* 1948 * Convert a WPA key management/authentication algorithm 1949 * to an internal code. 1950 */ 1951 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 1952 { 1953 uint32_t w = LE_READ_4(sel); 1954 int32_t status = -1; 1955 1956 switch (w) { 1957 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 1958 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1959 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1960 return WLAN_CRYPTO_KEY_MGMT_PSK; 1961 case WPA_AUTH_KEY_MGMT_CCKM: 1962 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1963 case WPA_AUTH_KEY_MGMT_NONE: 1964 return WLAN_CRYPTO_KEY_MGMT_NONE; 1965 } 1966 return status; 1967 } 1968 1969 /* 1970 * Convert a RSN cipher selector OUI to an internal 1971 * cipher algorithm. Where appropriate we also 1972 * record any key length. 1973 */ 1974 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 1975 { 1976 uint32_t w = LE_READ_4(sel); 1977 int32_t status = -1; 1978 1979 switch (w) { 1980 case RSN_CIPHER_SUITE_TKIP: 1981 return WLAN_CRYPTO_CIPHER_TKIP; 1982 case RSN_CIPHER_SUITE_CCMP: 1983 return WLAN_CRYPTO_CIPHER_AES_CCM; 1984 case RSN_CIPHER_SUITE_CCMP_256: 1985 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 1986 case RSN_CIPHER_SUITE_GCMP: 1987 return WLAN_CRYPTO_CIPHER_AES_GCM; 1988 case RSN_CIPHER_SUITE_GCMP_256: 1989 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 1990 case RSN_CIPHER_SUITE_AES_CMAC: 1991 return WLAN_CRYPTO_CIPHER_AES_CMAC; 1992 case RSN_CIPHER_SUITE_BIP_CMAC_256: 1993 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 1994 case RSN_CIPHER_SUITE_BIP_GMAC_128: 1995 return WLAN_CRYPTO_CIPHER_AES_GMAC; 1996 case RSN_CIPHER_SUITE_BIP_GMAC_256: 1997 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 1998 case RSN_CIPHER_SUITE_NONE: 1999 return WLAN_CRYPTO_CIPHER_NONE; 2000 } 2001 2002 return status; 2003 } 2004 /* 2005 * Convert an RSN key management/authentication algorithm 2006 * to an internal code. 2007 */ 2008 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2009 { 2010 uint32_t w = LE_READ_4(sel); 2011 int32_t status = -1; 2012 2013 switch (w) { 2014 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2015 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2016 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2017 return WLAN_CRYPTO_KEY_MGMT_PSK; 2018 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2019 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2020 case RSN_AUTH_KEY_MGMT_FT_PSK: 2021 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2022 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2023 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2024 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2025 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2026 case RSN_AUTH_KEY_MGMT_SAE: 2027 return WLAN_CRYPTO_KEY_MGMT_SAE; 2028 case RSN_AUTH_KEY_MGMT_FT_SAE: 2029 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2030 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2031 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2032 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2033 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2034 case RSN_AUTH_KEY_MGMT_CCKM: 2035 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2036 case RSN_AUTH_KEY_MGMT_OSEN: 2037 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2038 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2039 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2040 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2041 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2042 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2043 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2044 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2045 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2046 case RSN_AUTH_KEY_MGMT_OWE: 2047 return WLAN_CRYPTO_KEY_MGMT_OWE; 2048 case RSN_AUTH_KEY_MGMT_DPP: 2049 return WLAN_CRYPTO_KEY_MGMT_DPP; 2050 } 2051 2052 return status; 2053 } 2054 2055 /** 2056 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2057 * @crypto params: crypto params 2058 * @iebuf: ie buffer 2059 * 2060 * This function gets called by mlme to check the contents of wpa is 2061 * matching with given crypto params 2062 * 2063 * Return: QDF_STATUS_SUCCESS - in case of success 2064 */ 2065 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2066 uint8_t *frm){ 2067 uint8_t len = frm[1]; 2068 int32_t w; 2069 int n; 2070 2071 /* 2072 * Check the length once for fixed parts: OUI, type, 2073 * version, mcast cipher, and 2 selector counts. 2074 * Other, variable-length data, must be checked separately. 2075 */ 2076 RESET_AUTHMODE(crypto_params); 2077 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2078 2079 if (len < 14) 2080 return QDF_STATUS_E_INVAL; 2081 2082 frm += 6, len -= 4; 2083 2084 w = LE_READ_2(frm); 2085 if (w != WPA_VERSION) 2086 return QDF_STATUS_E_INVAL; 2087 2088 frm += 2, len -= 2; 2089 2090 /* multicast/group cipher */ 2091 RESET_MCAST_CIPHERS(crypto_params); 2092 w = wlan_crypto_wpa_suite_to_cipher(frm); 2093 if (w < 0) 2094 return QDF_STATUS_E_INVAL; 2095 SET_MCAST_CIPHER(crypto_params, w); 2096 frm += 4, len -= 4; 2097 2098 /* unicast ciphers */ 2099 n = LE_READ_2(frm); 2100 frm += 2, len -= 2; 2101 if (len < n*4+2) 2102 return QDF_STATUS_E_INVAL; 2103 2104 RESET_UCAST_CIPHERS(crypto_params); 2105 for (; n > 0; n--) { 2106 w = wlan_crypto_wpa_suite_to_cipher(frm); 2107 if (w < 0) 2108 return QDF_STATUS_E_INVAL; 2109 SET_UCAST_CIPHER(crypto_params, w); 2110 frm += 4, len -= 4; 2111 } 2112 2113 if (!crypto_params->ucastcipherset) 2114 return QDF_STATUS_E_INVAL; 2115 2116 /* key management algorithms */ 2117 n = LE_READ_2(frm); 2118 frm += 2, len -= 2; 2119 if (len < n*4) 2120 return QDF_STATUS_E_INVAL; 2121 2122 w = 0; 2123 RESET_KEY_MGMT(crypto_params); 2124 for (; n > 0; n--) { 2125 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2126 if (w < 0) 2127 return QDF_STATUS_E_INVAL; 2128 SET_KEY_MGMT(crypto_params, w); 2129 frm += 4, len -= 4; 2130 } 2131 2132 /* optional capabilities */ 2133 if (len >= 2) { 2134 crypto_params->rsn_caps = LE_READ_2(frm); 2135 frm += 2, len -= 2; 2136 } 2137 2138 return 0; 2139 } 2140 2141 /** 2142 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2143 * @crypto params: crypto params 2144 * @iebuf: ie buffer 2145 * 2146 * This function gets called by mlme to check the contents of wpa is 2147 * matching with given crypto params 2148 * 2149 * Return: QDF_STATUS_SUCCESS - in case of success 2150 */ 2151 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2152 uint8_t *frm){ 2153 uint8_t len = frm[1]; 2154 int32_t w; 2155 int n; 2156 2157 /* Check the length once for fixed parts: OUI, type & version */ 2158 if (len < 2) 2159 return QDF_STATUS_E_INVAL; 2160 2161 /* initialize crypto params */ 2162 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2163 2164 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2165 2166 frm += 2; 2167 /* NB: iswapoui already validated the OUI and type */ 2168 w = LE_READ_2(frm); 2169 if (w != RSN_VERSION) 2170 return QDF_STATUS_E_INVAL; 2171 2172 frm += 2, len -= 2; 2173 2174 if (!len) { 2175 /* set defaults */ 2176 /* default group cipher CCMP-128 */ 2177 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2178 /* default ucast cipher CCMP-128 */ 2179 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2180 /* default key mgmt 8021x */ 2181 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2182 return QDF_STATUS_SUCCESS; 2183 } else if (len < 4) { 2184 return QDF_STATUS_E_INVAL; 2185 } 2186 2187 /* multicast/group cipher */ 2188 w = wlan_crypto_rsn_suite_to_cipher(frm); 2189 if (w < 0) 2190 return QDF_STATUS_E_INVAL; 2191 else { 2192 SET_MCAST_CIPHER(crypto_params, w); 2193 frm += 4, len -= 4; 2194 } 2195 2196 if (crypto_params->mcastcipherset == 0) 2197 return QDF_STATUS_E_INVAL; 2198 2199 if (!len) { 2200 /* default ucast cipher CCMP-128 */ 2201 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2202 /* default key mgmt 8021x */ 2203 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2204 return QDF_STATUS_SUCCESS; 2205 } else if (len < 2) { 2206 return QDF_STATUS_E_INVAL; 2207 } 2208 2209 /* unicast ciphers */ 2210 n = LE_READ_2(frm); 2211 frm += 2, len -= 2; 2212 if (n) { 2213 if (len < n * 4) 2214 return QDF_STATUS_E_INVAL; 2215 2216 for (; n > 0; n--) { 2217 w = wlan_crypto_rsn_suite_to_cipher(frm); 2218 if (w < 0) 2219 return QDF_STATUS_E_INVAL; 2220 SET_UCAST_CIPHER(crypto_params, w); 2221 frm += 4, len -= 4; 2222 } 2223 } else { 2224 /* default ucast cipher CCMP-128 */ 2225 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2226 } 2227 2228 if (crypto_params->ucastcipherset == 0) 2229 return QDF_STATUS_E_INVAL; 2230 2231 if (!len) { 2232 /* default key mgmt 8021x */ 2233 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2234 return QDF_STATUS_SUCCESS; 2235 } else if (len < 2) { 2236 return QDF_STATUS_E_INVAL; 2237 } 2238 2239 /* key management algorithms */ 2240 n = LE_READ_2(frm); 2241 frm += 2, len -= 2; 2242 2243 if (n) { 2244 if (len < n * 4) 2245 return QDF_STATUS_E_INVAL; 2246 2247 for (; n > 0; n--) { 2248 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2249 if (w < 0) 2250 return QDF_STATUS_E_INVAL; 2251 SET_KEY_MGMT(crypto_params, w); 2252 frm += 4, len -= 4; 2253 } 2254 } else { 2255 /* default key mgmt 8021x */ 2256 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2257 } 2258 2259 if (crypto_params->key_mgmt == 0) 2260 return QDF_STATUS_E_INVAL; 2261 2262 /* optional capabilities */ 2263 if (len >= 2) { 2264 crypto_params->rsn_caps = LE_READ_2(frm); 2265 frm += 2, len -= 2; 2266 } else if (len && len < 2) { 2267 return QDF_STATUS_E_INVAL; 2268 } 2269 2270 2271 /* PMKID */ 2272 if (len >= 2) { 2273 n = LE_READ_2(frm); 2274 frm += 2, len -= 2; 2275 if (n && len) { 2276 if (len >= n * PMKID_LEN) 2277 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2278 else 2279 return QDF_STATUS_E_INVAL; 2280 } else if (n && !len) { 2281 return QDF_STATUS_E_INVAL; 2282 } 2283 /*TODO: Save pmkid in params for further reference */ 2284 } 2285 2286 /* BIP */ 2287 if (!len && 2288 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2289 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2290 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2291 return QDF_STATUS_SUCCESS; 2292 } else if (len >= 4) { 2293 w = wlan_crypto_rsn_suite_to_cipher(frm); 2294 frm += 4, len -= 4; 2295 SET_MGMT_CIPHER(crypto_params, w); 2296 } 2297 2298 return QDF_STATUS_SUCCESS; 2299 } 2300 2301 /** 2302 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2303 * @vdev: vdev 2304 * @iebuf: ie buffer 2305 * 2306 * This function gets called by mlme to build wpaie from given vdev 2307 * 2308 * Return: end of buffer 2309 */ 2310 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2311 uint8_t *iebuf){ 2312 uint8_t *frm = iebuf; 2313 uint8_t *selcnt; 2314 struct wlan_crypto_comp_priv *crypto_priv; 2315 struct wlan_crypto_params *crypto_params; 2316 2317 if (!frm) 2318 return NULL; 2319 2320 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2321 2322 if (!crypto_params) 2323 return NULL; 2324 2325 *frm++ = WLAN_ELEMID_VENDOR; 2326 *frm++ = 0; 2327 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2328 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2329 2330 2331 /* multicast cipher */ 2332 if (MCIPHER_IS_TKIP(crypto_params)) { 2333 WLAN_CRYPTO_ADDSELECTOR(frm, 2334 wlan_crypto_wpa_cipher_to_suite( 2335 WLAN_CRYPTO_CIPHER_TKIP)); 2336 } else if (MCIPHER_IS_CCMP128(crypto_params)) { 2337 WLAN_CRYPTO_ADDSELECTOR(frm, 2338 wlan_crypto_wpa_cipher_to_suite( 2339 WLAN_CRYPTO_CIPHER_AES_CCM)); 2340 } 2341 /* unicast cipher list */ 2342 selcnt = frm; 2343 WLAN_CRYPTO_ADDSHORT(frm, 0); 2344 /* do not use CCMP unicast cipher in WPA mode */ 2345 if (UCIPHER_IS_TKIP(crypto_params)) { 2346 selcnt[0]++; 2347 WLAN_CRYPTO_ADDSELECTOR(frm, 2348 wlan_crypto_wpa_cipher_to_suite( 2349 WLAN_CRYPTO_CIPHER_TKIP)); 2350 } 2351 if (UCIPHER_IS_CCMP128(crypto_params)) { 2352 selcnt[0]++; 2353 WLAN_CRYPTO_ADDSELECTOR(frm, 2354 wlan_crypto_wpa_cipher_to_suite( 2355 WLAN_CRYPTO_CIPHER_AES_CCM)); 2356 } 2357 2358 /* authenticator selector list */ 2359 selcnt = frm; 2360 WLAN_CRYPTO_ADDSHORT(frm, 0); 2361 2362 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2363 selcnt[0]++; 2364 WLAN_CRYPTO_ADDSELECTOR(frm, 2365 wlan_crypto_wpa_keymgmt_to_suite( 2366 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2367 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2368 selcnt[0]++; 2369 WLAN_CRYPTO_ADDSELECTOR(frm, 2370 wlan_crypto_wpa_keymgmt_to_suite( 2371 WLAN_CRYPTO_KEY_MGMT_PSK)); 2372 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2373 selcnt[0]++; 2374 WLAN_CRYPTO_ADDSELECTOR(frm, 2375 wlan_crypto_wpa_keymgmt_to_suite( 2376 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2377 } else { 2378 selcnt[0]++; 2379 WLAN_CRYPTO_ADDSELECTOR(frm, 2380 wlan_crypto_wpa_keymgmt_to_suite( 2381 WLAN_CRYPTO_KEY_MGMT_NONE)); 2382 } 2383 /* calculate element length */ 2384 iebuf[1] = frm - iebuf - 2; 2385 2386 return frm; 2387 } 2388 2389 /** 2390 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2391 * @vdev: vdev 2392 * @iebuf: ie buffer 2393 * 2394 * This function gets called by mlme to build rsnie from given vdev 2395 * 2396 * Return: end of buffer 2397 */ 2398 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2399 uint8_t *iebuf){ 2400 uint8_t *frm = iebuf; 2401 uint8_t *selcnt; 2402 struct wlan_crypto_comp_priv *crypto_priv; 2403 struct wlan_crypto_params *crypto_params; 2404 2405 if (!frm) { 2406 return NULL; 2407 } 2408 2409 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2410 2411 if (!crypto_params) { 2412 return NULL; 2413 } 2414 2415 *frm++ = WLAN_ELEMID_RSN; 2416 *frm++ = 0; 2417 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2418 2419 2420 /* multicast cipher */ 2421 if (MCIPHER_IS_TKIP(crypto_params)) { 2422 WLAN_CRYPTO_ADDSELECTOR(frm, 2423 wlan_crypto_rsn_cipher_to_suite( 2424 WLAN_CRYPTO_CIPHER_TKIP)); 2425 } else if (MCIPHER_IS_CCMP128(crypto_params)) { 2426 WLAN_CRYPTO_ADDSELECTOR(frm, 2427 wlan_crypto_rsn_cipher_to_suite( 2428 WLAN_CRYPTO_CIPHER_AES_CCM)); 2429 } else if (MCIPHER_IS_CCMP256(crypto_params)) { 2430 WLAN_CRYPTO_ADDSELECTOR(frm, 2431 wlan_crypto_rsn_cipher_to_suite( 2432 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2433 } else if (MCIPHER_IS_GCMP128(crypto_params)) { 2434 WLAN_CRYPTO_ADDSELECTOR(frm, 2435 wlan_crypto_rsn_cipher_to_suite( 2436 WLAN_CRYPTO_CIPHER_AES_GCM)); 2437 } else if (MCIPHER_IS_GCMP256(crypto_params)) { 2438 WLAN_CRYPTO_ADDSELECTOR(frm, 2439 wlan_crypto_rsn_cipher_to_suite( 2440 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2441 } 2442 2443 /* unicast cipher list */ 2444 selcnt = frm; 2445 WLAN_CRYPTO_ADDSHORT(frm, 0); 2446 /* do not use CCMP unicast cipher in WPA mode */ 2447 if (UCIPHER_IS_TKIP(crypto_params)) { 2448 selcnt[0]++; 2449 WLAN_CRYPTO_ADDSELECTOR(frm, 2450 wlan_crypto_rsn_cipher_to_suite( 2451 WLAN_CRYPTO_CIPHER_TKIP)); 2452 } 2453 if (UCIPHER_IS_CCMP128(crypto_params)) { 2454 selcnt[0]++; 2455 WLAN_CRYPTO_ADDSELECTOR(frm, 2456 wlan_crypto_rsn_cipher_to_suite( 2457 WLAN_CRYPTO_CIPHER_AES_CCM)); 2458 } 2459 if (UCIPHER_IS_CCMP256(crypto_params)) { 2460 selcnt[0]++; 2461 WLAN_CRYPTO_ADDSELECTOR(frm, 2462 wlan_crypto_rsn_cipher_to_suite( 2463 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2464 } 2465 2466 if (UCIPHER_IS_GCMP128(crypto_params)) { 2467 selcnt[0]++; 2468 WLAN_CRYPTO_ADDSELECTOR(frm, 2469 wlan_crypto_rsn_cipher_to_suite( 2470 WLAN_CRYPTO_CIPHER_AES_GCM)); 2471 } 2472 if (UCIPHER_IS_GCMP256(crypto_params)) { 2473 selcnt[0]++; 2474 WLAN_CRYPTO_ADDSELECTOR(frm, 2475 wlan_crypto_rsn_cipher_to_suite( 2476 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2477 } 2478 2479 2480 /* authenticator selector list */ 2481 selcnt = frm; 2482 WLAN_CRYPTO_ADDSHORT(frm, 0); 2483 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2484 selcnt[0]++; 2485 WLAN_CRYPTO_ADDSELECTOR(frm, 2486 wlan_crypto_rsn_keymgmt_to_suite( 2487 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2488 } else { 2489 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2490 selcnt[0]++; 2491 WLAN_CRYPTO_ADDSELECTOR(frm, 2492 wlan_crypto_rsn_keymgmt_to_suite( 2493 WLAN_CRYPTO_KEY_MGMT_PSK)); 2494 } 2495 if (HAS_KEY_MGMT(crypto_params, 2496 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2497 selcnt[0]++; 2498 WLAN_CRYPTO_ADDSELECTOR(frm, 2499 wlan_crypto_rsn_keymgmt_to_suite( 2500 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2501 } 2502 if (HAS_KEY_MGMT(crypto_params, 2503 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2504 selcnt[0]++; 2505 WLAN_CRYPTO_ADDSELECTOR(frm, 2506 wlan_crypto_rsn_keymgmt_to_suite( 2507 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)); 2508 } 2509 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2510 selcnt[0]++; 2511 WLAN_CRYPTO_ADDSELECTOR(frm, 2512 wlan_crypto_rsn_keymgmt_to_suite( 2513 WLAN_CRYPTO_KEY_MGMT_FT_PSK)); 2514 } 2515 if (HAS_KEY_MGMT(crypto_params, 2516 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2517 selcnt[0]++; 2518 WLAN_CRYPTO_ADDSELECTOR(frm, 2519 wlan_crypto_rsn_keymgmt_to_suite( 2520 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)); 2521 } 2522 if (HAS_KEY_MGMT(crypto_params, 2523 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2524 selcnt[0]++; 2525 WLAN_CRYPTO_ADDSELECTOR(frm, 2526 wlan_crypto_rsn_keymgmt_to_suite( 2527 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)); 2528 } 2529 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2530 selcnt[0]++; 2531 WLAN_CRYPTO_ADDSELECTOR(frm, 2532 wlan_crypto_rsn_keymgmt_to_suite( 2533 WLAN_CRYPTO_KEY_MGMT_OSEN)); 2534 } 2535 } 2536 2537 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2538 /* optional capabilities */ 2539 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2540 /* PMK list */ 2541 WLAN_CRYPTO_ADDSHORT(frm, 0); 2542 if (HAS_MGMT_CIPHER(crypto_params, 2543 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2544 WLAN_CRYPTO_ADDSELECTOR(frm, 2545 wlan_crypto_rsn_cipher_to_suite( 2546 WLAN_CRYPTO_CIPHER_AES_CMAC)); 2547 } 2548 if (HAS_MGMT_CIPHER(crypto_params, 2549 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2550 WLAN_CRYPTO_ADDSELECTOR(frm, 2551 wlan_crypto_rsn_cipher_to_suite( 2552 WLAN_CRYPTO_CIPHER_AES_GMAC)); 2553 } 2554 if (HAS_MGMT_CIPHER(crypto_params, 2555 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2556 WLAN_CRYPTO_ADDSELECTOR(frm, 2557 wlan_crypto_rsn_cipher_to_suite( 2558 WLAN_CRYPTO_CIPHER_AES_CMAC_256)); 2559 } 2560 2561 if (HAS_MGMT_CIPHER(crypto_params, 2562 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2563 WLAN_CRYPTO_ADDSELECTOR(frm, 2564 wlan_crypto_rsn_cipher_to_suite( 2565 WLAN_CRYPTO_CIPHER_AES_GMAC_256)); 2566 } 2567 } 2568 2569 /* calculate element length */ 2570 iebuf[1] = frm - iebuf - 2; 2571 2572 return frm; 2573 } 2574 2575 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2576 struct wlan_crypto_params *crypto_params){ 2577 struct wlan_crypto_params *my_crypto_params; 2578 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2579 2580 if (!my_crypto_params) 2581 return false; 2582 /* 2583 * Check peer's pairwise ciphers. 2584 * At least one must match with our unicast cipher 2585 */ 2586 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2587 return false; 2588 /* 2589 * Check peer's group cipher is our enabled multicast cipher. 2590 */ 2591 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2592 return false; 2593 /* 2594 * Check peer's key management class set (PSK or UNSPEC) 2595 */ 2596 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) 2597 return false; 2598 2599 return true; 2600 } 2601 2602 /* 2603 * Convert an WAPI CIPHER suite to to an internal code. 2604 */ 2605 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2606 { 2607 uint32_t w = LE_READ_4(sel); 2608 int32_t status = -1; 2609 2610 switch (w) { 2611 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2612 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2613 } 2614 2615 return status; 2616 } 2617 2618 /* 2619 * Convert an WAPI key management/authentication algorithm 2620 * to an internal code. 2621 */ 2622 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2623 { 2624 uint32_t w = LE_READ_4(sel); 2625 int32_t status = -1; 2626 2627 switch (w) { 2628 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2629 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2630 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2631 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2632 } 2633 2634 return status; 2635 } 2636 /** 2637 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2638 * @crypto params: crypto params 2639 * @iebuf: ie buffer 2640 * 2641 * This function gets called by mlme to check the contents of wapi is 2642 * matching with given crypto params 2643 * 2644 * Return: QDF_STATUS_SUCCESS - in case of success 2645 */ 2646 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2647 uint8_t *frm) 2648 { 2649 uint8_t len = frm[1]; 2650 int32_t w; 2651 int n; 2652 2653 /* 2654 * Check the length once for fixed parts: OUI, type, 2655 * version, mcast cipher, and 2 selector counts. 2656 * Other, variable-length data, must be checked separately. 2657 */ 2658 RESET_AUTHMODE(crypto_params); 2659 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2660 2661 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2662 return QDF_STATUS_E_INVAL; 2663 2664 2665 frm += 2; 2666 2667 w = LE_READ_2(frm); 2668 frm += 2, len -= 2; 2669 if (w != WAPI_VERSION) 2670 return QDF_STATUS_E_INVAL; 2671 2672 n = LE_READ_2(frm); 2673 frm += 2, len -= 2; 2674 if (len < n*4+2) 2675 return QDF_STATUS_E_INVAL; 2676 2677 RESET_KEY_MGMT(crypto_params); 2678 for (; n > 0; n--) { 2679 w = wlan_crypto_wapi_keymgmt(frm); 2680 if (w < 0) 2681 return QDF_STATUS_E_INVAL; 2682 2683 SET_KEY_MGMT(crypto_params, w); 2684 frm += 4, len -= 4; 2685 } 2686 2687 /* unicast ciphers */ 2688 n = LE_READ_2(frm); 2689 frm += 2, len -= 2; 2690 if (len < n*4+2) 2691 return QDF_STATUS_E_INVAL; 2692 2693 RESET_UCAST_CIPHERS(crypto_params); 2694 for (; n > 0; n--) { 2695 w = wlan_crypto_wapi_suite_to_cipher(frm); 2696 if (w < 0) 2697 return QDF_STATUS_E_INVAL; 2698 SET_UCAST_CIPHER(crypto_params, w); 2699 frm += 4, len -= 4; 2700 } 2701 2702 if (!crypto_params->ucastcipherset) 2703 return QDF_STATUS_E_INVAL; 2704 2705 /* multicast/group cipher */ 2706 RESET_MCAST_CIPHERS(crypto_params); 2707 w = wlan_crypto_wapi_suite_to_cipher(frm); 2708 2709 if (w < 0) 2710 return QDF_STATUS_E_INVAL; 2711 2712 SET_MCAST_CIPHER(crypto_params, w); 2713 frm += 4, len -= 4; 2714 2715 return QDF_STATUS_SUCCESS; 2716 } 2717 2718 /** 2719 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2720 * @vdev: vdev 2721 * @iebuf: ie buffer 2722 * 2723 * This function gets called by mlme to build wapi ie from given vdev 2724 * 2725 * Return: end of buffer 2726 */ 2727 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2728 uint8_t *iebuf) 2729 { 2730 uint8_t *frm; 2731 uint8_t *selcnt; 2732 struct wlan_crypto_comp_priv *crypto_priv; 2733 struct wlan_crypto_params *crypto_params; 2734 2735 frm = iebuf; 2736 if (!frm) { 2737 qdf_print("%s[%d] ie buffer NULL\n", __func__, __LINE__); 2738 return NULL; 2739 } 2740 2741 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2742 2743 if (!crypto_params) { 2744 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 2745 return NULL; 2746 } 2747 2748 *frm++ = WLAN_ELEMID_WAPI; 2749 *frm++ = 0; 2750 2751 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 2752 2753 /* authenticator selector list */ 2754 selcnt = frm; 2755 WLAN_CRYPTO_ADDSHORT(frm, 0); 2756 2757 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 2758 selcnt[0]++; 2759 WLAN_CRYPTO_ADDSELECTOR(frm, 2760 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 2761 } 2762 2763 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 2764 selcnt[0]++; 2765 WLAN_CRYPTO_ADDSELECTOR(frm, 2766 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 2767 } 2768 2769 /* unicast cipher list */ 2770 selcnt = frm; 2771 WLAN_CRYPTO_ADDSHORT(frm, 0); 2772 2773 if (UCIPHER_IS_SMS4(crypto_params)) { 2774 selcnt[0]++; 2775 WLAN_CRYPTO_ADDSELECTOR(frm, 2776 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2777 } 2778 2779 WLAN_CRYPTO_ADDSELECTOR(frm, 2780 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2781 2782 /* optional capabilities */ 2783 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2784 2785 /* calculate element length */ 2786 iebuf[1] = frm - iebuf - 2; 2787 2788 return frm; 2789 2790 } 2791 2792 /** 2793 * wlan_crypto_pn_check - called by data patch for PN check 2794 * @vdev: vdev 2795 * @wbuf: wbuf 2796 * 2797 * This function gets called by data patch for PN check 2798 * 2799 * Return: QDF_STATUS 2800 */ 2801 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 2802 qdf_nbuf_t wbuf){ 2803 /* Need to check is there real requirement for this function 2804 * as PN check is already handled in decap function. 2805 */ 2806 return QDF_STATUS_SUCCESS; 2807 } 2808 2809 /** 2810 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 2811 * @vdev:vdev 2812 * 2813 * This function gets called by mlme to get crypto params 2814 * 2815 * Return: wlan_crypto_params or NULL in case of failure 2816 */ 2817 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 2818 struct wlan_objmgr_vdev *vdev){ 2819 struct wlan_crypto_comp_priv *crypto_priv; 2820 2821 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2822 } 2823 2824 /** 2825 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 2826 * @peer:peer 2827 * 2828 * This function gets called by mlme to get crypto params 2829 * 2830 * Return: wlan_crypto_params or NULL in case of failure 2831 */ 2832 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 2833 struct wlan_objmgr_peer *peer){ 2834 struct wlan_crypto_comp_priv *crypto_priv; 2835 2836 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 2837 } 2838 2839 2840 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 2841 struct wlan_objmgr_peer *peer) 2842 { 2843 struct wlan_crypto_comp_priv *crypto_priv; 2844 struct wlan_crypto_comp_priv *sta_crypto_priv; 2845 struct wlan_crypto_params *crypto_params; 2846 struct wlan_crypto_key *key; 2847 struct wlan_crypto_key *sta_key; 2848 struct wlan_crypto_cipher *cipher_table; 2849 struct wlan_objmgr_psoc *psoc; 2850 uint8_t *mac_addr; 2851 int i; 2852 enum QDF_OPMODE opmode; 2853 2854 if (!vdev) 2855 return QDF_STATUS_E_NULL_VALUE; 2856 2857 if (!peer) { 2858 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2859 return QDF_STATUS_E_INVAL; 2860 } 2861 2862 opmode = wlan_vdev_mlme_get_opmode(vdev); 2863 psoc = wlan_vdev_get_psoc(vdev); 2864 2865 if (!psoc) { 2866 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 2867 return QDF_STATUS_E_NULL_VALUE; 2868 } 2869 2870 wlan_peer_obj_lock(peer); 2871 mac_addr = wlan_peer_get_macaddr(peer); 2872 wlan_peer_obj_unlock(peer); 2873 2874 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2875 &crypto_priv); 2876 if (crypto_priv == NULL) { 2877 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 2878 return QDF_STATUS_E_NULL_VALUE; 2879 } 2880 2881 /* push only valid static WEP keys from vap */ 2882 if (AUTH_IS_8021X(crypto_params)) 2883 return QDF_STATUS_E_INVAL; 2884 2885 if (opmode == QDF_STA_MODE) { 2886 peer = wlan_vdev_get_bsspeer(vdev); 2887 if (!peer) { 2888 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2889 return QDF_STATUS_E_INVAL; 2890 } 2891 } 2892 2893 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 2894 if (sta_crypto_priv == NULL) { 2895 qdf_print("%s[%d] sta priv is null\n", __func__, __LINE__); 2896 return QDF_STATUS_E_INVAL; 2897 } 2898 2899 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 2900 if (crypto_priv->key[i]) { 2901 key = crypto_priv->key[i]; 2902 if (!key || !key->valid) 2903 continue; 2904 2905 cipher_table = (struct wlan_crypto_cipher *) 2906 key->cipher_table; 2907 2908 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 2909 sta_key = qdf_mem_malloc( 2910 sizeof(struct wlan_crypto_key)); 2911 if (!sta_key) { 2912 qdf_print("%s[%d] key alloc failed\n", 2913 __func__, __LINE__); 2914 return QDF_STATUS_E_NOMEM; 2915 } 2916 sta_crypto_priv->key[i] = sta_key; 2917 qdf_mem_copy(sta_key, key, 2918 sizeof(struct wlan_crypto_key)); 2919 2920 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 2921 2922 if (crypto_priv->def_tx_keyid == i) { 2923 sta_key->flags 2924 |= WLAN_CRYPTO_KEY_DEFAULT; 2925 sta_crypto_priv->def_tx_keyid = 2926 crypto_priv->def_tx_keyid; 2927 } 2928 /* setting the broadcast/multicast key for sta*/ 2929 if (opmode == QDF_STA_MODE || 2930 opmode == QDF_IBSS_MODE){ 2931 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2932 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 2933 vdev, sta_key, mac_addr, 2934 cipher_table->cipher); 2935 } 2936 } 2937 2938 /* setting unicast key */ 2939 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 2940 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2941 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 2942 sta_key, mac_addr, 2943 cipher_table->cipher); 2944 } 2945 } 2946 } 2947 } 2948 2949 return QDF_STATUS_SUCCESS; 2950 } 2951 2952 /** 2953 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 2954 * @crypto_rx_ops: crypto_rx_ops 2955 * 2956 * This function gets called by object manger to register crypto rx ops. 2957 * 2958 * Return: QDF_STATUS 2959 */ 2960 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 2961 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 2962 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 2963 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 2964 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 2965 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 2966 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 2967 2968 return QDF_STATUS_SUCCESS; 2969 } 2970 2971 /** 2972 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 2973 * @psoc: psoc 2974 * 2975 * This function gets called by umac to get the crypto_rx_ops 2976 * 2977 * Return: crypto_rx_ops 2978 */ 2979 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 2980 struct wlan_objmgr_psoc *psoc) 2981 { 2982 2983 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 2984 } 2985 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 2986 2987 /** 2988 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 2989 * @vdev: vdev 2990 * @authvalue: authvalue to be checked 2991 * 2992 * This function check is authvalue passed is set in vdev or not 2993 * 2994 * Return: true or false 2995 */ 2996 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 2997 wlan_crypto_auth_mode authvalue) 2998 { 2999 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 3000 & authvalue; 3001 } 3002 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3003 3004 /** 3005 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3006 * @peer: peer 3007 * @authvalue: authvalue to be checked 3008 * 3009 * This function check is authvalue passed is set in peer or not 3010 * 3011 * Return: true or false 3012 */ 3013 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3014 wlan_crypto_auth_mode authvalue) 3015 { 3016 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3017 & authvalue; 3018 } 3019 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3020 3021 /** 3022 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3023 * @vdev: vdev 3024 * @ucastcipher: ucastcipher to be checked 3025 * 3026 * This function check is ucastcipher passed is set in vdev or not 3027 * 3028 * Return: true or false 3029 */ 3030 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3031 wlan_crypto_cipher_type ucastcipher) 3032 { 3033 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3034 & ucastcipher; 3035 } 3036 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3037 3038 /** 3039 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3040 * @peer: peer 3041 * @ucastcipher: ucastcipher to be checked 3042 * 3043 * This function check is ucastcipher passed is set in peer or not 3044 * 3045 * Return: true or false 3046 */ 3047 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3048 wlan_crypto_cipher_type ucastcipher) 3049 { 3050 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3051 & ucastcipher; 3052 } 3053 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3054 3055 /** 3056 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3057 * @vdev: vdev 3058 * @mcastcipher: mcastcipher to be checked 3059 * 3060 * This function check is mcastcipher passed is set in vdev or not 3061 * 3062 * Return: true or false 3063 */ 3064 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3065 wlan_crypto_cipher_type mcastcipher) 3066 { 3067 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3068 & mcastcipher; 3069 } 3070 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3071 3072 /** 3073 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3074 * @peer: peer 3075 * @mcastcipher: mcastcipher to be checked 3076 * 3077 * This function check is mcastcipher passed is set in peer or not 3078 * 3079 * Return: true or false 3080 */ 3081 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3082 wlan_crypto_cipher_type mcastcipher) 3083 { 3084 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3085 & mcastcipher; 3086 } 3087 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3088 3089 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3090 { 3091 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3092 3093 if (!peer) { 3094 qdf_print(FL("Invalid Input\n")); 3095 return 0; 3096 } 3097 3098 crypto_priv = wlan_get_peer_crypto_obj(peer); 3099 if (!crypto_priv) { 3100 qdf_print(FL("crypto_priv NULL\n")); 3101 return 0; 3102 } 3103 3104 return crypto_priv->fils_aead_set; 3105 } 3106 3107 void 3108 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3109 { 3110 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3111 3112 if (!peer) { 3113 qdf_print(FL("Invalid Input\n")); 3114 return; 3115 } 3116 3117 crypto_priv = wlan_get_peer_crypto_obj(peer); 3118 if (!crypto_priv) { 3119 qdf_print(FL("crypto_priv NULL\n")); 3120 return; 3121 } 3122 3123 crypto_priv->fils_aead_set = value; 3124 } 3125 3126 /** 3127 * wlan_crypto_get_key_header - get header length 3128 * @key: key 3129 * 3130 * This function gets header length based on keytype 3131 * 3132 * Return: header length 3133 */ 3134 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3135 { 3136 struct wlan_crypto_cipher *cipher_table; 3137 3138 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3139 if (cipher_table) 3140 return cipher_table->header; 3141 else 3142 return 0; 3143 } 3144 3145 qdf_export_symbol(wlan_crypto_get_key_header); 3146 3147 /** 3148 * wlan_crypto_get_key_trailer - get cipher trailer length 3149 * @key: key 3150 * 3151 * This function gets cipher trailer length based on keytype 3152 * 3153 * Return: cipher trailer length 3154 */ 3155 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3156 { 3157 struct wlan_crypto_cipher *cipher_table; 3158 3159 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3160 if (cipher_table) 3161 return cipher_table->trailer; 3162 else 3163 return 0; 3164 } 3165 3166 qdf_export_symbol(wlan_crypto_get_key_trailer); 3167 3168 /** 3169 * wlan_crypto_get_key_miclen - get cipher miclen length 3170 * @key: key 3171 * 3172 * This function gets cipher miclen length based on keytype 3173 * 3174 * Return: cipher miclen length 3175 */ 3176 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3177 { 3178 struct wlan_crypto_cipher *cipher_table; 3179 3180 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3181 if (cipher_table) 3182 return cipher_table->miclen; 3183 else 3184 return 0; 3185 } 3186 3187 qdf_export_symbol(wlan_crypto_get_key_miclen); 3188 3189 /** 3190 * wlan_crypto_get_keyid - get keyid from frame 3191 * @data: frame 3192 * 3193 * This function parse frame and returns keyid 3194 * 3195 * Return: keyid 3196 */ 3197 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3198 { 3199 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)data; 3200 uint8_t *iv; 3201 3202 if (hdr->frame_control[1] & WLAN_FC1_ISWEP) { 3203 iv = data + hdrlen; 3204 /* 3205 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3206 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3207 */ 3208 return ((iv[3] >> 6) & 0x3); 3209 } else { 3210 return WLAN_CRYPTO_KEYIX_NONE; 3211 } 3212 } 3213 3214 qdf_export_symbol(wlan_crypto_get_keyid); 3215 3216 /** 3217 * crypto_plumb_peer_keys - called during radio reset 3218 * @vdev: vdev 3219 * @object: peer 3220 * @arg: psoc 3221 * 3222 * Restore unicast and persta hardware keys 3223 * 3224 * Return: void 3225 */ 3226 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3227 void *object, void *arg) { 3228 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3229 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3230 struct wlan_crypto_comp_priv *crypto_priv; 3231 struct wlan_crypto_params *crypto_params; 3232 struct wlan_crypto_key *key = NULL; 3233 int i; 3234 3235 if ((NULL == peer) || (NULL == vdev) || (NULL == psoc)) { 3236 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 3237 "%s[%d] Peer or vdev or psoc objects are null!\n", 3238 __func__, __LINE__); 3239 return; 3240 } 3241 3242 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3243 &crypto_priv); 3244 3245 if (!crypto_priv) { 3246 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 3247 "%s[%d] crypto_priv NULL\n", 3248 __func__, __LINE__); 3249 return; 3250 } 3251 3252 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3253 key = crypto_priv->key[i]; 3254 if (key && key->valid) { 3255 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3256 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3257 ( 3258 vdev, 3259 key, 3260 wlan_peer_get_macaddr(peer), 3261 wlan_crypto_get_key_type(key) 3262 ); 3263 } 3264 } 3265 } 3266 } 3267 3268 /** 3269 * wlan_crypto_restore_keys - called during radio reset 3270 * @vdev: vdev 3271 * 3272 * Clear and restore keycache, needed for some DA chipsets which put 3273 * random values in keycache when phy reset is triggered 3274 * 3275 * Return: void 3276 */ 3277 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3278 { 3279 int i; 3280 struct wlan_crypto_comp_priv *crypto_priv; 3281 struct wlan_crypto_params *crypto_params; 3282 struct wlan_crypto_key *key; 3283 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3284 struct wlan_objmgr_pdev *pdev = NULL; 3285 struct wlan_objmgr_psoc *psoc = NULL; 3286 3287 pdev = wlan_vdev_get_pdev(vdev); 3288 psoc = wlan_vdev_get_psoc(vdev); 3289 if (NULL == pdev) { 3290 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 3291 "%s[%d] pdev is NULL\n", 3292 __func__, __LINE__); 3293 return; 3294 } 3295 if (NULL == psoc) { 3296 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 3297 "%s[%d] psoc is NULL\n", 3298 __func__, __LINE__); 3299 return; 3300 } 3301 3302 /* TBD: QWRAP key restore*/ 3303 /* crypto is on */ 3304 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3305 /* restore static shared keys */ 3306 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3307 crypto_params = wlan_crypto_vdev_get_comp_params 3308 ( 3309 vdev, 3310 &crypto_priv 3311 ); 3312 if (!crypto_priv) { 3313 QDF_TRACE(QDF_MODULE_ID_CRYPTO, 3314 QDF_TRACE_LEVEL_ERROR, 3315 "%s[%d] crypto_priv is NULL\n", 3316 __func__, __LINE__); 3317 return; 3318 } 3319 key = crypto_priv->key[i]; 3320 if (key && key->valid) { 3321 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3322 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3323 ( 3324 vdev, 3325 key, 3326 macaddr, 3327 wlan_crypto_get_key_type(key) 3328 ); 3329 } 3330 } 3331 } 3332 3333 wlan_objmgr_iterate_peerobj_list(vdev, 3334 crypto_plumb_peer_keys, 3335 psoc, 3336 WLAN_CRYPTO_ID); 3337 } 3338 } 3339