1 /* 2 * Copyright (c) 2017-2020 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 static int is_valid_keyix(uint16_t keyix) 59 { 60 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 61 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 62 return 0; 63 else 64 return 1; 65 } 66 67 static int is_igtk(uint16_t keyix) 68 { 69 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 70 return 0; 71 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 72 return 0; 73 else 74 return 1; 75 } 76 77 static int is_bigtk(uint16_t keyix) 78 { 79 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 80 return 0; 81 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 82 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 83 return 0; 84 else 85 return 1; 86 } 87 88 /** 89 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 90 * @vdev:vdev 91 * 92 * This function gets called by mlme to get crypto params 93 * 94 * Return: wlan_crypto_params or NULL in case of failure 95 */ 96 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 97 struct wlan_objmgr_vdev *vdev, 98 struct wlan_crypto_comp_priv **crypto_priv){ 99 *crypto_priv = (struct wlan_crypto_comp_priv *) 100 wlan_get_vdev_crypto_obj(vdev); 101 if (!(*crypto_priv)) { 102 crypto_err("crypto_priv NULL"); 103 return NULL; 104 } 105 106 return &((*crypto_priv)->crypto_params); 107 } 108 109 /** 110 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 111 * @peer:peer 112 * 113 * This function gets called by mlme to get crypto params 114 * 115 * Return: wlan_crypto_params or NULL in case of failure 116 */ 117 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 118 struct wlan_objmgr_peer *peer, 119 struct wlan_crypto_comp_priv **crypto_priv){ 120 121 *crypto_priv = (struct wlan_crypto_comp_priv *) 122 wlan_get_peer_crypto_obj(peer); 123 if (!*crypto_priv) { 124 crypto_err("crypto_priv NULL"); 125 return NULL; 126 } 127 128 return &((*crypto_priv)->crypto_params); 129 } 130 131 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 132 { 133 return QDF_STATUS_SUCCESS; 134 } 135 136 /** 137 * wlan_crypto_set_param - called by ucfg to set crypto param 138 * @crypto_params: crypto_params 139 * @param: param to be set. 140 * @value: value 141 * 142 * This function gets called from ucfg to set param 143 * 144 * Return: QDF_STATUS_SUCCESS - in case of success 145 */ 146 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 147 wlan_crypto_param_type param, 148 uint32_t value){ 149 QDF_STATUS status = QDF_STATUS_E_INVAL; 150 151 crypto_debug("param %d, value %d", param, value); 152 switch (param) { 153 case WLAN_CRYPTO_PARAM_AUTH_MODE: 154 status = wlan_crypto_set_authmode(crypto_params, value); 155 break; 156 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 157 status = wlan_crypto_set_ucastciphers(crypto_params, value); 158 break; 159 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 160 status = wlan_crypto_set_mcastcipher(crypto_params, value); 161 break; 162 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 163 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 164 break; 165 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 166 status = wlan_crypto_set_cipher_cap(crypto_params, value); 167 break; 168 case WLAN_CRYPTO_PARAM_RSN_CAP: 169 status = wlan_crypto_set_rsn_cap(crypto_params, value); 170 break; 171 case WLAN_CRYPTO_PARAM_KEY_MGMT: 172 status = wlan_crypto_set_key_mgmt(crypto_params, value); 173 break; 174 default: 175 status = QDF_STATUS_E_INVAL; 176 } 177 return status; 178 } 179 180 /** 181 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 182 * @vdev: vdev 183 * @param: param to be set. 184 * @value: value 185 * 186 * This function gets called from ucfg to set param 187 * 188 * Return: QDF_STATUS_SUCCESS - in case of success 189 */ 190 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 191 wlan_crypto_param_type param, 192 uint32_t value){ 193 QDF_STATUS status = QDF_STATUS_E_INVAL; 194 struct wlan_crypto_comp_priv *crypto_priv; 195 struct wlan_crypto_params *crypto_params; 196 197 crypto_priv = (struct wlan_crypto_comp_priv *) 198 wlan_get_vdev_crypto_obj(vdev); 199 200 if (!crypto_priv) { 201 crypto_err("crypto_priv NULL"); 202 return QDF_STATUS_E_INVAL; 203 } 204 205 crypto_params = &(crypto_priv->crypto_params); 206 207 status = wlan_crypto_set_param(crypto_params, param, value); 208 209 return status; 210 } 211 212 /** 213 * wlan_crypto_set_param - called by ucfg to set crypto param 214 * 215 * @peer: peer 216 * @param: param to be set. 217 * @value: value 218 * 219 * This function gets called from ucfg to set param 220 * 221 * Return: QDF_STATUS_SUCCESS - in case of success 222 */ 223 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 224 wlan_crypto_param_type param, 225 uint32_t value){ 226 QDF_STATUS status = QDF_STATUS_E_INVAL; 227 struct wlan_crypto_comp_priv *crypto_priv; 228 struct wlan_crypto_params *crypto_params; 229 230 crypto_params = wlan_crypto_peer_get_comp_params(peer, 231 &crypto_priv); 232 233 if (!crypto_priv) { 234 crypto_err("crypto_priv NULL"); 235 return QDF_STATUS_E_INVAL; 236 } 237 238 crypto_params = &(crypto_priv->crypto_params); 239 240 status = wlan_crypto_set_param(crypto_params, param, value); 241 242 return status; 243 } 244 245 /** 246 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 247 * @param: Crypto param type 248 * @crypto_params: Crypto params struct 249 * 250 * This function gets called from in-within crypto layer 251 * 252 * Return: value or -1 for failure 253 */ 254 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 255 struct wlan_crypto_params *crypto_params) 256 { 257 int32_t value; 258 259 switch (param) { 260 case WLAN_CRYPTO_PARAM_AUTH_MODE: 261 value = wlan_crypto_get_authmode(crypto_params); 262 break; 263 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 264 value = wlan_crypto_get_ucastciphers(crypto_params); 265 break; 266 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 267 value = wlan_crypto_get_mcastcipher(crypto_params); 268 break; 269 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 270 value = wlan_crypto_get_mgmtciphers(crypto_params); 271 break; 272 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 273 value = wlan_crypto_get_cipher_cap(crypto_params); 274 break; 275 case WLAN_CRYPTO_PARAM_RSN_CAP: 276 value = wlan_crypto_get_rsn_cap(crypto_params); 277 break; 278 case WLAN_CRYPTO_PARAM_KEY_MGMT: 279 value = wlan_crypto_get_key_mgmt(crypto_params); 280 break; 281 default: 282 value = -1; 283 } 284 285 return value; 286 } 287 288 /** 289 * wlan_crypto_get_param - called to get value for param from vdev 290 * @vdev: vdev 291 * @param: Crypto param type 292 * 293 * This function gets called to get value for param from vdev 294 * 295 * Return: value or -1 for failure 296 */ 297 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 298 wlan_crypto_param_type param) 299 { 300 int32_t value = -1; 301 struct wlan_crypto_comp_priv *crypto_priv; 302 struct wlan_crypto_params *crypto_params; 303 crypto_priv = (struct wlan_crypto_comp_priv *) 304 wlan_get_vdev_crypto_obj(vdev); 305 306 if (!crypto_priv) { 307 crypto_err("crypto_priv NULL"); 308 return value; 309 } 310 311 crypto_params = &(crypto_priv->crypto_params); 312 value = wlan_crypto_get_param_value(param, crypto_params); 313 314 return value; 315 } 316 /** 317 * wlan_crypto_get_peer_param - called to get value for param from peer 318 * @peer: peer 319 * @param: Crypto param type 320 * 321 * This function gets called to get value for param from peer 322 * 323 * Return: value or -1 for failure 324 */ 325 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 326 wlan_crypto_param_type param) 327 { 328 int32_t value = -1; 329 struct wlan_crypto_comp_priv *crypto_priv; 330 struct wlan_crypto_params *crypto_params; 331 332 crypto_params = wlan_crypto_peer_get_comp_params(peer, 333 &crypto_priv); 334 335 if (!crypto_params) { 336 crypto_err("crypto_params NULL"); 337 return value; 338 } 339 value = wlan_crypto_get_param_value(param, crypto_params); 340 341 return value; 342 } 343 qdf_export_symbol(wlan_crypto_get_peer_param); 344 345 static 346 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 347 struct wlan_crypto_pmksa *pmksa); 348 349 static 350 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 351 struct wlan_crypto_pmksa *pmksa) 352 { 353 uint8_t i, first_available_slot = 0; 354 bool slot_found = false; 355 356 /* Delete the old entry and then Add new entry */ 357 wlan_crypto_del_pmksa(crypto_params, pmksa); 358 359 /* find the empty slot as duplicate is already deleted */ 360 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 361 if (!crypto_params->pmksa[i]) { 362 slot_found = true; 363 first_available_slot = i; 364 break; 365 } 366 } 367 368 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 369 crypto_err("no entry available for pmksa"); 370 return QDF_STATUS_E_INVAL; 371 } 372 crypto_params->pmksa[first_available_slot] = pmksa; 373 crypto_debug("PMKSA: Added the PMKSA entry at index=%d", i); 374 375 return QDF_STATUS_SUCCESS; 376 } 377 378 static 379 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 380 struct wlan_crypto_pmksa *pmksa) 381 { 382 uint8_t i, j; 383 bool match_found = false; 384 u8 del_pmk[MAX_PMK_LEN] = {0}; 385 386 /* find slot with same bssid */ 387 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 388 if (!crypto_params->pmksa[i]) 389 continue; 390 if (qdf_is_macaddr_equal(&pmksa->bssid, 391 &crypto_params->pmksa[i]->bssid)) { 392 match_found = true; 393 } else if (pmksa->ssid_len && 394 !qdf_mem_cmp(pmksa->ssid, 395 crypto_params->pmksa[i]->ssid, 396 pmksa->ssid_len) && 397 !qdf_mem_cmp(pmksa->cache_id, 398 crypto_params->pmksa[i]->cache_id, 399 WLAN_CACHE_ID_LEN)) { 400 match_found = true; 401 } 402 403 if (match_found) { 404 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 405 crypto_params->pmksa[i]->pmk_len); 406 /* Free matching entry */ 407 qdf_mem_zero(crypto_params->pmksa[i], 408 sizeof(struct wlan_crypto_pmksa)); 409 qdf_mem_free(crypto_params->pmksa[i]); 410 crypto_params->pmksa[i] = NULL; 411 crypto_debug("PMKSA: Deleted PMKSA entry at index=%d", 412 i); 413 414 /* Find and remove the entries matching the pmk */ 415 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 416 if (!crypto_params->pmksa[j]) 417 continue; 418 if (crypto_params->pmksa[j]->pmk_len && 419 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 420 del_pmk, 421 crypto_params->pmksa[j]->pmk_len))) { 422 qdf_mem_zero(crypto_params->pmksa[j], 423 sizeof(struct wlan_crypto_pmksa)); 424 qdf_mem_free(crypto_params->pmksa[j]); 425 crypto_params->pmksa[j] = NULL; 426 crypto_debug("PMKSA: Deleted PMKSA at idx=%d", 427 j); 428 } 429 } 430 /* reset stored pmk */ 431 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 432 433 return QDF_STATUS_SUCCESS; 434 } 435 } 436 437 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 438 crypto_debug("No such pmksa entry exists"); 439 440 return QDF_STATUS_SUCCESS; 441 } 442 443 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 444 { 445 uint8_t i; 446 447 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 448 if (!crypto_params->pmksa[i]) 449 continue; 450 qdf_mem_zero(crypto_params->pmksa[i], 451 sizeof(struct wlan_crypto_pmksa)); 452 qdf_mem_free(crypto_params->pmksa[i]); 453 crypto_params->pmksa[i] = NULL; 454 } 455 456 return QDF_STATUS_SUCCESS; 457 } 458 459 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 460 struct wlan_crypto_pmksa *pmksa, 461 bool set) 462 { 463 QDF_STATUS status = QDF_STATUS_E_INVAL; 464 struct wlan_crypto_comp_priv *crypto_priv; 465 struct wlan_crypto_params *crypto_params; 466 enum QDF_OPMODE op_mode; 467 468 op_mode = wlan_vdev_mlme_get_opmode(vdev); 469 470 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 471 return QDF_STATUS_E_NOSUPPORT; 472 473 if (!pmksa && set) { 474 crypto_err("pmksa is NULL for set operation"); 475 return QDF_STATUS_E_INVAL; 476 } 477 crypto_priv = (struct wlan_crypto_comp_priv *) 478 wlan_get_vdev_crypto_obj(vdev); 479 480 if (!crypto_priv) { 481 crypto_err("crypto_priv NULL"); 482 return QDF_STATUS_E_INVAL; 483 } 484 485 crypto_params = &crypto_priv->crypto_params; 486 if (set) { 487 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 488 /* Set pmksa */ 489 } else { 490 /* del pmksa */ 491 if (!pmksa) 492 status = wlan_crypto_pmksa_flush(crypto_params); 493 else 494 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 495 } 496 497 return status; 498 } 499 500 QDF_STATUS wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev *vdev, 501 struct wlan_crypto_pmksa *pmksa) 502 { 503 QDF_STATUS status = QDF_STATUS_E_INVAL; 504 struct wlan_crypto_pmksa *cached_pmksa; 505 struct wlan_crypto_comp_priv *crypto_priv; 506 struct wlan_crypto_params *crypto_params; 507 uint8_t mdie_present, i; 508 uint16_t mobility_domain; 509 510 if (!pmksa) { 511 crypto_err("pmksa is NULL for set operation"); 512 return status; 513 } 514 515 crypto_priv = (struct wlan_crypto_comp_priv *) 516 wlan_get_vdev_crypto_obj(vdev); 517 if (!crypto_priv) { 518 crypto_err("crypto_priv NULL"); 519 return status; 520 } 521 522 crypto_params = &crypto_priv->crypto_params; 523 524 if (pmksa->mdid.mdie_present) { 525 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 526 if (!crypto_params->pmksa[i]) 527 continue; 528 cached_pmksa = crypto_params->pmksa[i]; 529 mdie_present = cached_pmksa->mdid.mdie_present; 530 mobility_domain = cached_pmksa->mdid.mobility_domain; 531 532 /* In FT connection when STA connects to AP1 then PMK1 533 * gets cached. And if STA disconnects from AP1 and 534 * connects to AP2 then PMK2 gets cached. This will 535 * result in having multiple PMK cache entries for the 536 * same MDID. So delete the old/stale PMK cache entries 537 * for the same mobility domain as of the newly added 538 * entry. And Update the MDID for the matching BSSID or 539 * SSID PMKSA entry. 540 */ 541 if (qdf_is_macaddr_equal 542 (&cached_pmksa->bssid, &pmksa->bssid)) { 543 cached_pmksa->mdid.mdie_present = 1; 544 cached_pmksa->mdid.mobility_domain = 545 pmksa->mdid.mobility_domain; 546 crypto_debug("Updated the MDID at index=%d", i); 547 status = QDF_STATUS_SUCCESS; 548 } else if (pmksa->ssid_len && 549 !qdf_mem_cmp(pmksa->ssid, 550 cached_pmksa->ssid, 551 pmksa->ssid_len) && 552 !qdf_mem_cmp(pmksa->cache_id, 553 cached_pmksa->cache_id, 554 WLAN_CACHE_ID_LEN)) { 555 cached_pmksa->mdid.mdie_present = 1; 556 cached_pmksa->mdid.mobility_domain = 557 pmksa->mdid.mobility_domain; 558 crypto_debug("Updated the MDID at index=%d", i); 559 status = QDF_STATUS_SUCCESS; 560 } else if (mdie_present && 561 (pmksa->mdid.mobility_domain == 562 mobility_domain)) { 563 qdf_mem_zero(crypto_params->pmksa[i], 564 sizeof(struct wlan_crypto_pmksa)); 565 qdf_mem_free(crypto_params->pmksa[i]); 566 crypto_params->pmksa[i] = NULL; 567 crypto_debug("Deleted PMKSA at index=%d", i); 568 status = QDF_STATUS_SUCCESS; 569 } 570 } 571 } 572 return status; 573 } 574 575 struct wlan_crypto_pmksa * 576 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 577 struct wlan_crypto_pmksa *pmksa) 578 { 579 struct wlan_crypto_comp_priv *crypto_priv; 580 struct wlan_crypto_params *crypto_params; 581 uint8_t i; 582 583 if (!pmksa) { 584 crypto_err("pmksa is NULL"); 585 return NULL; 586 } 587 crypto_priv = (struct wlan_crypto_comp_priv *) 588 wlan_get_vdev_crypto_obj(vdev); 589 590 if (!crypto_priv) { 591 crypto_err("crypto_priv NULL"); 592 return NULL; 593 } 594 595 crypto_params = &crypto_priv->crypto_params; 596 597 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 598 if (!crypto_params->pmksa[i]) 599 continue; 600 if (qdf_is_macaddr_equal(&pmksa->bssid, 601 &crypto_params->pmksa[i]->bssid)) { 602 return crypto_params->pmksa[i]; 603 } else if (pmksa->ssid_len && 604 !qdf_mem_cmp(pmksa->ssid, 605 crypto_params->pmksa[i]->ssid, 606 pmksa->ssid_len) && 607 !qdf_mem_cmp(pmksa->cache_id, 608 crypto_params->pmksa[i]->cache_id, 609 WLAN_CACHE_ID_LEN)){ 610 return crypto_params->pmksa[i]; 611 } 612 } 613 614 return NULL; 615 } 616 617 struct wlan_crypto_pmksa * 618 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 619 { 620 struct wlan_crypto_comp_priv *crypto_priv; 621 struct wlan_crypto_params *crypto_params; 622 uint8_t i; 623 624 if (!bssid) { 625 crypto_err("bssid is NULL"); 626 return NULL; 627 } 628 crypto_priv = (struct wlan_crypto_comp_priv *) 629 wlan_get_vdev_crypto_obj(vdev); 630 631 if (!crypto_priv) { 632 crypto_err("crypto_priv NULL"); 633 return NULL; 634 } 635 636 crypto_params = &crypto_priv->crypto_params; 637 638 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 639 if (!crypto_params->pmksa[i]) 640 continue; 641 if (qdf_is_macaddr_equal(bssid, 642 &crypto_params->pmksa[i]->bssid)) { 643 return crypto_params->pmksa[i]; 644 } 645 } 646 647 return NULL; 648 } 649 650 struct wlan_crypto_pmksa * 651 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev, 652 uint8_t *cache_id, uint8_t *ssid, 653 uint8_t ssid_len) 654 { 655 struct wlan_crypto_comp_priv *crypto_priv; 656 struct wlan_crypto_params *crypto_params; 657 uint8_t i; 658 659 crypto_priv = (struct wlan_crypto_comp_priv *) 660 wlan_get_vdev_crypto_obj(vdev); 661 662 if (!crypto_priv) { 663 crypto_err("crypto_priv NULL"); 664 return NULL; 665 } 666 667 crypto_params = &crypto_priv->crypto_params; 668 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 669 if (!crypto_params->pmksa[i]) 670 continue; 671 672 if (!qdf_mem_cmp(cache_id, 673 crypto_params->pmksa[i]->cache_id, 674 WLAN_CACHE_ID_LEN) && 675 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid, 676 ssid_len) && 677 ssid_len == crypto_params->pmksa[i]->ssid_len) 678 return crypto_params->pmksa[i]; 679 } 680 681 return NULL; 682 } 683 684 /** 685 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 686 * @vdev: vdev 687 * @peer: peer 688 * 689 * This function gets called to check is HT allowed for cipher. 690 * HT is not allowed for wep and tkip. 691 * 692 * Return: 0 - not allowed or 1 - allowed 693 */ 694 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 695 struct wlan_objmgr_peer *peer) 696 { 697 int32_t ucast_cipher; 698 699 if (!(vdev || peer)) { 700 crypto_err("Invalid params"); 701 return 0; 702 } 703 704 if (vdev) 705 ucast_cipher = wlan_crypto_get_param(vdev, 706 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 707 else 708 ucast_cipher = wlan_crypto_get_peer_param(peer, 709 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 710 711 if (ucast_cipher == -1) { 712 crypto_err("Invalid params"); 713 return 0; 714 } 715 716 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 717 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 718 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 719 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 720 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 721 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 722 } 723 qdf_export_symbol(wlan_crypto_is_htallowed); 724 725 /** 726 * wlan_crypto_setkey - called by ucfg to setkey 727 * @vdev: vdev 728 * @req_key: req_key with cipher type, key macaddress 729 * 730 * This function gets called from ucfg to sey key 731 * 732 * Return: QDF_STATUS_SUCCESS - in case of success 733 */ 734 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 735 struct wlan_crypto_req_key *req_key){ 736 737 QDF_STATUS status = QDF_STATUS_E_INVAL; 738 struct wlan_crypto_comp_priv *crypto_priv; 739 struct wlan_crypto_params *crypto_params; 740 struct wlan_objmgr_psoc *psoc; 741 struct wlan_objmgr_peer *peer; 742 struct wlan_crypto_key *key = NULL; 743 const struct wlan_crypto_cipher *cipher; 744 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 745 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 746 bool isbcast; 747 enum QDF_OPMODE vdev_mode; 748 uint8_t igtk_idx = 0; 749 uint8_t bigtk_idx = 0; 750 struct wlan_lmac_if_tx_ops *tx_ops; 751 752 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 753 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 754 return QDF_STATUS_E_INVAL; 755 } 756 757 isbcast = qdf_is_macaddr_group( 758 (struct qdf_mac_addr *)req_key->macaddr); 759 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 760 /* zero length keys, only set default key id if flags are set*/ 761 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 762 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 763 && (!IS_MGMT_CIPHER(req_key->type))) { 764 wlan_crypto_default_key(vdev, 765 req_key->macaddr, 766 req_key->keyix, 767 !isbcast); 768 return QDF_STATUS_SUCCESS; 769 } 770 crypto_err("req_key len zero"); 771 return QDF_STATUS_E_INVAL; 772 } 773 774 cipher = wlan_crypto_cipher_ops[req_key->type]; 775 776 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 777 crypto_err("cipher invalid"); 778 return QDF_STATUS_E_INVAL; 779 } 780 781 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 782 (!IS_MGMT_CIPHER(req_key->type)) && 783 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 784 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 785 crypto_err("cipher invalid"); 786 return QDF_STATUS_E_INVAL; 787 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 788 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 789 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 790 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 791 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 792 return QDF_STATUS_E_INVAL; 793 } 794 795 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 796 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 797 | WLAN_CRYPTO_KEY_RECV)) { 798 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 799 | WLAN_CRYPTO_KEY_RECV); 800 } 801 } else { 802 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 803 && (!IS_MGMT_CIPHER(req_key->type))) { 804 return QDF_STATUS_E_INVAL; 805 } 806 807 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 808 | WLAN_CRYPTO_KEY_RECV); 809 if (isbcast) 810 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 811 } 812 813 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 814 815 wlan_vdev_obj_lock(vdev); 816 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 817 QDF_MAC_ADDR_SIZE); 818 psoc = wlan_vdev_get_psoc(vdev); 819 if (!psoc) { 820 wlan_vdev_obj_unlock(vdev); 821 crypto_err("psoc NULL"); 822 return QDF_STATUS_E_INVAL; 823 } 824 wlan_vdev_obj_unlock(vdev); 825 826 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 827 if (wlan_crypto_vdev_has_auth_mode(vdev, 828 (1 << WLAN_CRYPTO_AUTH_8021X))) { 829 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 830 } 831 } 832 833 if (isbcast) { 834 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 835 &crypto_priv); 836 if (!crypto_priv) { 837 crypto_err("crypto_priv NULL"); 838 return QDF_STATUS_E_INVAL; 839 } 840 841 if (IS_MGMT_CIPHER(req_key->type)) { 842 struct wlan_crypto_key *crypto_key = NULL; 843 844 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 845 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 846 if (!is_igtk(req_key->keyix) && 847 !(is_bigtk(req_key->keyix))) { 848 crypto_err("igtk/bigtk key invalid keyid %d", 849 req_key->keyix); 850 return QDF_STATUS_E_INVAL; 851 } 852 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 853 if (!key) 854 return QDF_STATUS_E_NOMEM; 855 856 857 if (is_igtk(req_key->keyix)) { 858 crypto_key = crypto_priv->igtk_key[igtk_idx]; 859 if (crypto_key) 860 qdf_mem_free(crypto_key); 861 862 crypto_priv->igtk_key[igtk_idx] = key; 863 crypto_priv->igtk_key_type = req_key->type; 864 crypto_priv->def_igtk_tx_keyid = igtk_idx; 865 bigtk_idx = 0; 866 } else { 867 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 868 if (crypto_key) 869 qdf_mem_free(crypto_key); 870 871 crypto_priv->bigtk_key[bigtk_idx] = key; 872 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 873 igtk_idx = 0; 874 } 875 } else { 876 if (IS_FILS_CIPHER(req_key->type)) { 877 crypto_err("FILS key is not for BroadCast pkt"); 878 return QDF_STATUS_E_INVAL; 879 } 880 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 881 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 882 return QDF_STATUS_E_INVAL; 883 } 884 if (!crypto_priv->key[req_key->keyix]) { 885 crypto_priv->key[req_key->keyix] 886 = qdf_mem_malloc( 887 sizeof(struct wlan_crypto_key)); 888 if (!crypto_priv->key[req_key->keyix]) 889 return QDF_STATUS_E_NOMEM; 890 } 891 key = crypto_priv->key[req_key->keyix]; 892 } 893 if (vdev_mode == QDF_STA_MODE) { 894 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 895 WLAN_CRYPTO_ID); 896 if (!peer) { 897 crypto_err("peer NULL"); 898 if (IS_MGMT_CIPHER(req_key->type)) { 899 crypto_priv->igtk_key[igtk_idx] = NULL; 900 crypto_priv->bigtk_key[bigtk_idx] 901 = NULL; 902 crypto_priv->igtk_key_type 903 = WLAN_CRYPTO_CIPHER_NONE; 904 } else 905 crypto_priv->key[req_key->keyix] = NULL; 906 if (key) 907 qdf_mem_free(key); 908 return QDF_STATUS_E_INVAL; 909 } 910 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 911 QDF_MAC_ADDR_SIZE); 912 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 913 } 914 } else { 915 uint8_t pdev_id; 916 917 pdev_id = wlan_objmgr_pdev_get_pdev_id( 918 wlan_vdev_get_pdev(vdev)); 919 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 920 psoc, 921 pdev_id, 922 macaddr, 923 req_key->macaddr, 924 WLAN_CRYPTO_ID); 925 926 if (!peer) { 927 crypto_err("peer NULL"); 928 return QDF_STATUS_E_INVAL; 929 } 930 931 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 932 crypto_params = wlan_crypto_peer_get_comp_params(peer, 933 &crypto_priv); 934 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 935 936 if (!crypto_priv) { 937 crypto_err("crypto_priv NULL"); 938 return QDF_STATUS_E_INVAL; 939 } 940 if (IS_MGMT_CIPHER(req_key->type)) { 941 struct wlan_crypto_key *crypto_key = NULL; 942 943 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 944 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 945 if (!is_igtk(req_key->keyix) && 946 !(is_bigtk(req_key->keyix))) { 947 crypto_err("igtk/bigtk key invalid keyid %d", 948 req_key->keyix); 949 return QDF_STATUS_E_INVAL; 950 } 951 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 952 if (!key) 953 return QDF_STATUS_E_NOMEM; 954 955 if (is_igtk(req_key->keyix)) { 956 crypto_key = crypto_priv->igtk_key[igtk_idx]; 957 if (crypto_key) 958 qdf_mem_free(crypto_key); 959 960 crypto_priv->igtk_key[igtk_idx] = key; 961 crypto_priv->igtk_key_type = req_key->type; 962 crypto_priv->def_igtk_tx_keyid = igtk_idx; 963 } else { 964 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 965 if (crypto_key) 966 qdf_mem_free(crypto_key); 967 968 crypto_priv->bigtk_key[bigtk_idx] = key; 969 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 970 } 971 } else { 972 uint16_t kid = req_key->keyix; 973 if (kid == WLAN_CRYPTO_KEYIX_NONE) 974 kid = 0; 975 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 976 crypto_err("invalid keyid %d", kid); 977 return QDF_STATUS_E_INVAL; 978 } 979 if (!crypto_priv->key[kid]) { 980 crypto_priv->key[kid] 981 = qdf_mem_malloc( 982 sizeof(struct wlan_crypto_key)); 983 if (!crypto_priv->key[kid]) 984 return QDF_STATUS_E_NOMEM; 985 } 986 key = crypto_priv->key[kid]; 987 } 988 } 989 990 /* alloc key might not required as it is already there */ 991 key->cipher_table = (void *)cipher; 992 key->keylen = req_key->keylen; 993 key->flags = req_key->flags; 994 995 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 996 key->keyix = 0; 997 else 998 key->keyix = req_key->keyix; 999 1000 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 1001 && (!IS_MGMT_CIPHER(req_key->type))) { 1002 crypto_priv->def_tx_keyid = key->keyix; 1003 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 1004 } 1005 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 1006 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 1007 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 1008 0x5c, 0x36, 0x5c, 0x36, 1009 0x5c, 0x36, 0x5c, 0x36, 1010 0x5c, 0x36, 0x5c, 0x37}; 1011 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 1012 0x5c, 0x36, 0x5c, 0x36, 1013 0x5c, 0x36, 0x5c, 0x36, 1014 0x5c, 0x36, 0x5c, 0x36}; 1015 1016 /* During Tx PN should be increment and 1017 * send but as per our implementation we increment only after 1018 * Tx complete. So First packet PN check will be failed. 1019 * To compensate increment the PN here by 2 1020 */ 1021 if (vdev_mode == QDF_SAP_MODE) { 1022 iv_AP[15] += 2; 1023 qdf_mem_copy(key->recviv, iv_STA, 1024 WLAN_CRYPTO_WAPI_IV_SIZE); 1025 qdf_mem_copy(key->txiv, iv_AP, 1026 WLAN_CRYPTO_WAPI_IV_SIZE); 1027 } else { 1028 iv_STA[15] += 2; 1029 qdf_mem_copy(key->recviv, iv_AP, 1030 WLAN_CRYPTO_WAPI_IV_SIZE); 1031 qdf_mem_copy(key->txiv, iv_STA, 1032 WLAN_CRYPTO_WAPI_IV_SIZE); 1033 } 1034 } else { 1035 uint8_t i = 0; 1036 qdf_mem_copy((uint8_t *)(&key->keytsc), 1037 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 1038 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 1039 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 1040 (uint8_t *)(&req_key->keyrsc), 1041 sizeof(key->keyrsc[0])); 1042 } 1043 } 1044 1045 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1046 if (!tx_ops) { 1047 crypto_err("tx_ops is NULL"); 1048 return QDF_STATUS_E_INVAL; 1049 } 1050 1051 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 1052 key->valid = 1; 1053 if ((IS_MGMT_CIPHER(req_key->type))) { 1054 if (HAS_CIPHER_CAP(crypto_params, 1055 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 1056 is_bigtk(req_key->keyix)) { 1057 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1058 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 1059 key, macaddr, req_key->type); 1060 } 1061 } 1062 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 1063 status = wlan_crypto_set_igtk_key(key); 1064 return status; 1065 } else if (IS_FILS_CIPHER(req_key->type)) { 1066 /* Take request key object to FILS setkey */ 1067 key->private = req_key; 1068 } else { 1069 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1070 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, macaddr, 1071 req_key->type); 1072 } 1073 } 1074 status = cipher->setkey(key); 1075 1076 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 1077 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 1078 (!IS_MGMT_CIPHER(req_key->type))) { 1079 /* default xmit key */ 1080 wlan_crypto_default_key(vdev, 1081 req_key->macaddr, 1082 req_key->keyix, 1083 !isbcast); 1084 } 1085 1086 return status; 1087 } 1088 1089 /** 1090 * wlan_crypto_get_keytype - get keytype 1091 * @key: key 1092 * 1093 * This function gets keytype from key 1094 * 1095 * Return: keytype 1096 */ 1097 wlan_crypto_cipher_type wlan_crypto_get_key_type( 1098 struct wlan_crypto_key *key){ 1099 if (key && key->cipher_table) { 1100 return ((struct wlan_crypto_cipher *) 1101 (key->cipher_table))->cipher; 1102 } 1103 return WLAN_CRYPTO_CIPHER_NONE; 1104 } 1105 qdf_export_symbol(wlan_crypto_get_key_type); 1106 /** 1107 * wlan_crypto_vdev_getkey - get key from vdev 1108 * @vdev: vdev 1109 * @keyix: keyix 1110 * 1111 * This function gets key from vdev 1112 * 1113 * Return: key or NULL 1114 */ 1115 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 1116 uint16_t keyix){ 1117 struct wlan_crypto_comp_priv *crypto_priv; 1118 struct wlan_crypto_params *crypto_params; 1119 struct wlan_crypto_key *key = NULL; 1120 1121 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1122 1123 if (!crypto_priv) { 1124 crypto_err("crypto_priv NULL"); 1125 return NULL; 1126 } 1127 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1128 * we return the default key, for all other keyix we return the 1129 * key accordingly. 1130 */ 1131 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1132 !is_valid_keyix(keyix)) 1133 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1134 else if (is_bigtk(keyix)) 1135 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1136 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1137 else if (is_igtk(keyix)) 1138 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1139 else 1140 key = crypto_priv->key[keyix]; 1141 1142 if (key && key->valid) 1143 return key; 1144 1145 return NULL; 1146 } 1147 qdf_export_symbol(wlan_crypto_vdev_getkey); 1148 1149 /** 1150 * wlan_crypto_peer_getkey - get key from peer 1151 * @peer: peer 1152 * @keyix: keyix 1153 * 1154 * This function gets key from peer 1155 * 1156 * Return: key or NULL 1157 */ 1158 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1159 uint16_t keyix){ 1160 struct wlan_crypto_comp_priv *crypto_priv; 1161 struct wlan_crypto_params *crypto_params; 1162 struct wlan_crypto_key *key = NULL; 1163 1164 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1165 1166 if (!crypto_priv) { 1167 crypto_err("crypto_priv NULL"); 1168 return NULL; 1169 } 1170 1171 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1172 * we return the default key, for all other keyix we return the 1173 * key accordingly. 1174 */ 1175 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1176 !is_valid_keyix(keyix)) 1177 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1178 else if (is_bigtk(keyix)) 1179 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1180 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1181 else if (is_igtk(keyix)) 1182 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1183 else 1184 key = crypto_priv->key[keyix]; 1185 1186 if (key && key->valid) 1187 return key; 1188 1189 return NULL; 1190 } 1191 qdf_export_symbol(wlan_crypto_peer_getkey); 1192 1193 /** 1194 * wlan_crypto_getkey - called by ucfg to get key 1195 * @vdev: vdev 1196 * @req_key: key value will be copied in this req_key 1197 * @mac_address: mac address of the peer for unicast key 1198 * or broadcast address if group key is requested. 1199 * 1200 * This function gets called from ucfg to get key 1201 * 1202 * Return: QDF_STATUS_SUCCESS - in case of success 1203 */ 1204 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1205 struct wlan_crypto_req_key *req_key, 1206 uint8_t *mac_addr){ 1207 struct wlan_crypto_cipher *cipher_table; 1208 struct wlan_crypto_key *key; 1209 struct wlan_objmgr_psoc *psoc; 1210 struct wlan_lmac_if_tx_ops *tx_ops; 1211 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1212 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1213 1214 wlan_vdev_obj_lock(vdev); 1215 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1216 QDF_MAC_ADDR_SIZE); 1217 psoc = wlan_vdev_get_psoc(vdev); 1218 if (!psoc) { 1219 wlan_vdev_obj_unlock(vdev); 1220 crypto_err("psoc NULL"); 1221 return QDF_STATUS_E_INVAL; 1222 } 1223 wlan_vdev_obj_unlock(vdev); 1224 1225 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1226 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1227 if (!key) 1228 return QDF_STATUS_E_INVAL; 1229 } else { 1230 struct wlan_objmgr_peer *peer; 1231 uint8_t pdev_id; 1232 1233 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1234 wlan_vdev_get_pdev(vdev)); 1235 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1236 psoc, 1237 pdev_id, 1238 macaddr, 1239 mac_addr, 1240 WLAN_CRYPTO_ID); 1241 if (!peer) { 1242 crypto_err("peer NULL"); 1243 return QDF_STATUS_E_NOENT; 1244 } 1245 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1246 1247 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1248 if (!tx_ops) { 1249 crypto_err("tx_ops is NULL"); 1250 return QDF_STATUS_E_INVAL; 1251 } 1252 1253 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops) && 1254 (req_key->flags & WLAN_CRYPTO_KEY_GET_PN)) 1255 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, mac_addr, 1256 req_key->type); 1257 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1258 if (!key) 1259 return QDF_STATUS_E_INVAL; 1260 } 1261 1262 if (key->valid) { 1263 qdf_mem_copy(req_key->keydata, 1264 key->keyval, key->keylen); 1265 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1266 (uint8_t *)(&key->keytsc), 1267 sizeof(req_key->keytsc)); 1268 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1269 (uint8_t *)(&key->keyrsc[0]), 1270 sizeof(req_key->keyrsc)); 1271 req_key->keylen = key->keylen; 1272 req_key->flags = key->flags; 1273 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1274 1275 if (!cipher_table) 1276 return QDF_STATUS_SUCCESS; 1277 1278 req_key->type = cipher_table->cipher; 1279 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1280 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1281 (uint8_t *)(key->txiv), 1282 sizeof(req_key->txiv)); 1283 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1284 (uint8_t *)(key->recviv), 1285 sizeof(req_key->recviv)); 1286 } 1287 } 1288 1289 return QDF_STATUS_SUCCESS; 1290 } 1291 1292 /** 1293 * wlan_crypto_delkey - called by ucfg to delete key 1294 * @vdev: vdev 1295 * @mac_address: mac address of the peer for unicast key 1296 * or broadcast address if group key is deleted. 1297 * @key_idx: key index to be deleted 1298 * 1299 * This function gets called from ucfg to delete key 1300 * 1301 * Return: QDF_STATUS_SUCCESS - in case of success 1302 */ 1303 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1304 uint8_t *macaddr, 1305 uint8_t key_idx){ 1306 struct wlan_crypto_comp_priv *crypto_priv; 1307 struct wlan_crypto_params *crypto_params; 1308 struct wlan_crypto_key *key; 1309 struct wlan_crypto_cipher *cipher_table; 1310 struct wlan_objmgr_psoc *psoc; 1311 struct wlan_lmac_if_tx_ops *tx_ops; 1312 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1313 1314 if (!vdev || !macaddr || 1315 !is_valid_keyix(key_idx)) { 1316 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1317 vdev, macaddr, key_idx); 1318 return QDF_STATUS_E_INVAL; 1319 } 1320 1321 wlan_vdev_obj_lock(vdev); 1322 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1323 QDF_MAC_ADDR_SIZE); 1324 psoc = wlan_vdev_get_psoc(vdev); 1325 if (!psoc) { 1326 wlan_vdev_obj_unlock(vdev); 1327 crypto_err("psoc NULL"); 1328 return QDF_STATUS_E_INVAL; 1329 } 1330 wlan_vdev_obj_unlock(vdev); 1331 1332 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1333 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1334 &crypto_priv); 1335 if (!crypto_priv) { 1336 crypto_err("crypto_priv NULL"); 1337 return QDF_STATUS_E_INVAL; 1338 } 1339 } else { 1340 struct wlan_objmgr_peer *peer; 1341 uint8_t pdev_id; 1342 1343 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1344 wlan_vdev_get_pdev(vdev)); 1345 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1346 psoc, pdev_id, 1347 bssid_mac, 1348 macaddr, 1349 WLAN_CRYPTO_ID); 1350 if (!peer) { 1351 return QDF_STATUS_E_INVAL; 1352 } 1353 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1354 &crypto_priv); 1355 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1356 if (!crypto_priv) { 1357 crypto_err("crypto_priv NULL"); 1358 return QDF_STATUS_E_INVAL; 1359 } 1360 } 1361 1362 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1363 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1364 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1365 1366 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1367 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1368 return QDF_STATUS_E_INVAL; 1369 } 1370 if (is_igtk(key_idx)) { 1371 key = crypto_priv->igtk_key[igtk_idx]; 1372 crypto_priv->igtk_key[igtk_idx] = NULL; 1373 } else { 1374 key = crypto_priv->bigtk_key[bigtk_idx]; 1375 crypto_priv->bigtk_key[bigtk_idx] = NULL; 1376 } 1377 if (key) 1378 key->valid = 0; 1379 } else { 1380 key = crypto_priv->key[key_idx]; 1381 crypto_priv->key[key_idx] = NULL; 1382 } 1383 1384 if (!key) 1385 return QDF_STATUS_E_INVAL; 1386 1387 if (key->valid) { 1388 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1389 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1390 1391 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1392 if (!tx_ops) { 1393 crypto_err("tx_ops is NULL"); 1394 return QDF_STATUS_E_INVAL; 1395 } 1396 1397 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1398 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1399 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1400 cipher_table->cipher); 1401 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1402 if (key->private) 1403 qdf_mem_free(key->private); 1404 } 1405 } 1406 1407 /* Zero-out local key variables */ 1408 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1409 qdf_mem_free(key); 1410 1411 return QDF_STATUS_SUCCESS; 1412 } 1413 1414 #ifdef CRYPTO_SET_KEY_CONVERGED 1415 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1416 uint8_t key_idx, uint8_t *macaddr) 1417 { 1418 return QDF_STATUS_SUCCESS; 1419 } 1420 #else 1421 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1422 uint8_t key_idx, uint8_t *macaddr) 1423 { 1424 struct wlan_objmgr_psoc *psoc; 1425 struct wlan_lmac_if_tx_ops *tx_ops; 1426 1427 psoc = wlan_vdev_get_psoc(vdev); 1428 if (!psoc) { 1429 crypto_err("psoc is NULL"); 1430 return QDF_STATUS_E_INVAL; 1431 } 1432 1433 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1434 if (!tx_ops) { 1435 crypto_err("tx_ops is NULL"); 1436 return QDF_STATUS_E_INVAL; 1437 } 1438 1439 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1440 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1441 1442 return QDF_STATUS_SUCCESS; 1443 } 1444 #endif 1445 1446 /** 1447 * wlan_crypto_default_key - called by ucfg to set default tx key 1448 * @vdev: vdev 1449 * @mac_address: mac address of the peer for unicast key 1450 * or broadcast address if group key need to made default. 1451 * @key_idx: key index to be made as default key 1452 * @unicast: is key was unicast or group key. 1453 * 1454 * This function gets called from ucfg to set default key 1455 * 1456 * Return: QDF_STATUS_SUCCESS - in case of success 1457 */ 1458 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1459 uint8_t *macaddr, 1460 uint8_t key_idx, 1461 bool unicast){ 1462 struct wlan_crypto_comp_priv *crypto_priv; 1463 struct wlan_crypto_params *crypto_params; 1464 struct wlan_crypto_key *key; 1465 struct wlan_objmgr_psoc *psoc; 1466 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1467 1468 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1469 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1470 vdev, macaddr, key_idx); 1471 return QDF_STATUS_E_INVAL; 1472 } 1473 1474 wlan_vdev_obj_lock(vdev); 1475 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1476 QDF_MAC_ADDR_SIZE); 1477 psoc = wlan_vdev_get_psoc(vdev); 1478 if (!psoc) { 1479 wlan_vdev_obj_unlock(vdev); 1480 crypto_err("psoc NULL"); 1481 return QDF_STATUS_E_INVAL; 1482 } 1483 wlan_vdev_obj_unlock(vdev); 1484 1485 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1486 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1487 &crypto_priv); 1488 if (!crypto_priv) { 1489 crypto_err("crypto_priv NULL"); 1490 return QDF_STATUS_E_INVAL; 1491 } 1492 1493 key = crypto_priv->key[key_idx]; 1494 if (!key) 1495 return QDF_STATUS_E_INVAL; 1496 } else { 1497 struct wlan_objmgr_peer *peer; 1498 uint8_t pdev_id; 1499 1500 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1501 wlan_vdev_get_pdev(vdev)); 1502 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1503 psoc, pdev_id, 1504 bssid_mac, 1505 macaddr, 1506 WLAN_CRYPTO_ID); 1507 1508 if (!peer) { 1509 crypto_err("peer NULL"); 1510 return QDF_STATUS_E_INVAL; 1511 } 1512 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1513 &crypto_priv); 1514 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1515 if (!crypto_priv) { 1516 crypto_err("crypto_priv NULL"); 1517 return QDF_STATUS_E_INVAL; 1518 } 1519 1520 key = crypto_priv->key[key_idx]; 1521 if (!key) 1522 return QDF_STATUS_E_INVAL; 1523 } 1524 if (!key->valid) 1525 return QDF_STATUS_E_INVAL; 1526 1527 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1528 QDF_STATUS_SUCCESS) 1529 return QDF_STATUS_E_INVAL; 1530 crypto_priv->def_tx_keyid = key_idx; 1531 1532 return QDF_STATUS_SUCCESS; 1533 } 1534 1535 /** 1536 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1537 * @vdev: vdev 1538 * @wbuf: wbuf 1539 * @macaddr: macaddr 1540 * @encapdone: is encapdone already or not. 1541 * 1542 * This function gets called from mgmt txrx to encap frame. 1543 * 1544 * Return: QDF_STATUS_SUCCESS - in case of success 1545 */ 1546 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1547 qdf_nbuf_t wbuf, 1548 uint8_t *mac_addr, 1549 uint8_t encapdone){ 1550 struct wlan_crypto_comp_priv *crypto_priv; 1551 struct wlan_crypto_params *crypto_params; 1552 struct wlan_crypto_key *key; 1553 QDF_STATUS status; 1554 struct wlan_crypto_cipher *cipher_table; 1555 struct wlan_objmgr_psoc *psoc; 1556 struct wlan_objmgr_peer *peer; 1557 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1558 uint8_t pdev_id; 1559 uint8_t hdrlen; 1560 enum QDF_OPMODE opmode; 1561 1562 opmode = wlan_vdev_mlme_get_opmode(vdev); 1563 wlan_vdev_obj_lock(vdev); 1564 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1565 QDF_MAC_ADDR_SIZE); 1566 psoc = wlan_vdev_get_psoc(vdev); 1567 if (!psoc) { 1568 wlan_vdev_obj_unlock(vdev); 1569 crypto_err("psoc NULL"); 1570 return QDF_STATUS_E_INVAL; 1571 } 1572 wlan_vdev_obj_unlock(vdev); 1573 1574 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1575 /* FILS Encap required only for (Re-)Assoc response */ 1576 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1577 1578 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1579 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1580 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1581 return QDF_STATUS_E_INVAL; 1582 } 1583 1584 if (peer) 1585 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1586 1587 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1588 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1589 &crypto_priv); 1590 if (!crypto_priv) { 1591 crypto_err("crypto_priv NULL"); 1592 return QDF_STATUS_E_INVAL; 1593 } 1594 1595 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1596 if (!key) 1597 return QDF_STATUS_E_INVAL; 1598 1599 } else { 1600 struct wlan_objmgr_peer *peer; 1601 uint8_t pdev_id; 1602 1603 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1604 wlan_vdev_get_pdev(vdev)); 1605 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1606 bssid_mac, mac_addr, 1607 WLAN_CRYPTO_ID); 1608 1609 if (!peer) { 1610 crypto_err("crypto_priv NULL"); 1611 return QDF_STATUS_E_INVAL; 1612 } 1613 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1614 &crypto_priv); 1615 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1616 1617 if (!crypto_priv) { 1618 crypto_err("crypto_priv NULL"); 1619 return QDF_STATUS_E_INVAL; 1620 } 1621 1622 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1623 if (!key) 1624 return QDF_STATUS_E_INVAL; 1625 } 1626 if (opmode == QDF_MONITOR_MODE) 1627 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1628 else 1629 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1630 (uint8_t *)qdf_nbuf_data(wbuf)); 1631 1632 /* if tkip, is counter measures enabled, then drop the frame */ 1633 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1634 status = cipher_table->encap(key, wbuf, encapdone, 1635 hdrlen); 1636 1637 return status; 1638 } 1639 qdf_export_symbol(wlan_crypto_encap); 1640 1641 /** 1642 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1643 * @vdev: vdev 1644 * @wbuf: wbuf 1645 * @macaddr: macaddr 1646 * @tid: tid of the frame 1647 * 1648 * This function gets called from mgmt txrx to decap frame. 1649 * 1650 * Return: QDF_STATUS_SUCCESS - in case of success 1651 */ 1652 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1653 qdf_nbuf_t wbuf, 1654 uint8_t *mac_addr, 1655 uint8_t tid){ 1656 struct wlan_crypto_comp_priv *crypto_priv; 1657 struct wlan_crypto_params *crypto_params; 1658 struct wlan_crypto_key *key; 1659 QDF_STATUS status; 1660 struct wlan_crypto_cipher *cipher_table; 1661 struct wlan_objmgr_psoc *psoc; 1662 struct wlan_objmgr_peer *peer; 1663 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1664 uint8_t keyid; 1665 uint8_t pdev_id; 1666 uint8_t hdrlen; 1667 enum QDF_OPMODE opmode; 1668 1669 opmode = wlan_vdev_mlme_get_opmode(vdev); 1670 wlan_vdev_obj_lock(vdev); 1671 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1672 QDF_MAC_ADDR_SIZE); 1673 psoc = wlan_vdev_get_psoc(vdev); 1674 if (!psoc) { 1675 wlan_vdev_obj_unlock(vdev); 1676 crypto_err("psoc NULL"); 1677 return QDF_STATUS_E_INVAL; 1678 } 1679 wlan_vdev_obj_unlock(vdev); 1680 1681 if (opmode == QDF_MONITOR_MODE) 1682 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1683 else 1684 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1685 (uint8_t *)qdf_nbuf_data(wbuf)); 1686 1687 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1688 1689 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1690 return QDF_STATUS_E_INVAL; 1691 1692 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1693 /* FILS Decap required only for (Re-)Assoc request */ 1694 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1695 1696 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1697 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1698 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1699 return QDF_STATUS_E_INVAL; 1700 } 1701 1702 if (peer) 1703 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1704 1705 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1706 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1707 &crypto_priv); 1708 if (!crypto_priv) { 1709 crypto_err("crypto_priv NULL"); 1710 return QDF_STATUS_E_INVAL; 1711 } 1712 1713 key = crypto_priv->key[keyid]; 1714 if (!key) 1715 return QDF_STATUS_E_INVAL; 1716 1717 } else { 1718 struct wlan_objmgr_peer *peer; 1719 uint8_t pdev_id; 1720 1721 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1722 wlan_vdev_get_pdev(vdev)); 1723 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1724 psoc, pdev_id, bssid_mac, 1725 mac_addr, WLAN_CRYPTO_ID); 1726 if (!peer) { 1727 crypto_err("peer NULL"); 1728 return QDF_STATUS_E_INVAL; 1729 } 1730 1731 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1732 &crypto_priv); 1733 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1734 1735 if (!crypto_priv) { 1736 crypto_err("crypto_priv NULL"); 1737 return QDF_STATUS_E_INVAL; 1738 } 1739 1740 key = crypto_priv->key[keyid]; 1741 if (!key) 1742 return QDF_STATUS_E_INVAL; 1743 } 1744 /* if tkip, is counter measures enabled, then drop the frame */ 1745 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1746 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1747 1748 return status; 1749 } 1750 qdf_export_symbol(wlan_crypto_decap); 1751 /** 1752 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1753 * @vdev: vdev 1754 * @wbuf: wbuf 1755 * @macaddr: macaddr 1756 * @encapdone: is encapdone already or not. 1757 * 1758 * This function gets called from mgmt txrx to adding mic to the frame. 1759 * 1760 * Return: QDF_STATUS_SUCCESS - in case of success 1761 */ 1762 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1763 qdf_nbuf_t wbuf, 1764 uint8_t *mac_addr, 1765 uint8_t encapdone){ 1766 struct wlan_crypto_comp_priv *crypto_priv; 1767 struct wlan_crypto_params *crypto_params; 1768 struct wlan_crypto_key *key; 1769 QDF_STATUS status; 1770 struct wlan_crypto_cipher *cipher_table; 1771 struct wlan_objmgr_psoc *psoc; 1772 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1773 uint8_t hdrlen; 1774 enum QDF_OPMODE opmode; 1775 1776 opmode = wlan_vdev_mlme_get_opmode(vdev); 1777 1778 1779 wlan_vdev_obj_lock(vdev); 1780 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1781 QDF_MAC_ADDR_SIZE); 1782 psoc = wlan_vdev_get_psoc(vdev); 1783 if (!psoc) { 1784 wlan_vdev_obj_unlock(vdev); 1785 crypto_err("psoc NULL"); 1786 return QDF_STATUS_E_INVAL; 1787 } 1788 wlan_vdev_obj_unlock(vdev); 1789 1790 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1791 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1792 &crypto_priv); 1793 if (!crypto_priv) { 1794 crypto_err("crypto_priv NULL"); 1795 return QDF_STATUS_E_INVAL; 1796 } 1797 1798 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1799 if (!key) 1800 return QDF_STATUS_E_INVAL; 1801 1802 } else { 1803 struct wlan_objmgr_peer *peer; 1804 uint8_t pdev_id; 1805 1806 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1807 wlan_vdev_get_pdev(vdev)); 1808 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1809 psoc, pdev_id, bssid_mac, 1810 mac_addr, WLAN_CRYPTO_ID); 1811 if (!peer) { 1812 crypto_err("crypto_priv NULL"); 1813 return QDF_STATUS_E_INVAL; 1814 } 1815 1816 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1817 &crypto_priv); 1818 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1819 1820 if (!crypto_priv) { 1821 crypto_err("crypto_priv NULL"); 1822 return QDF_STATUS_E_INVAL; 1823 } 1824 1825 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1826 if (!key) 1827 return QDF_STATUS_E_INVAL; 1828 } 1829 if (opmode == QDF_MONITOR_MODE) 1830 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1831 else 1832 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1833 (uint8_t *)qdf_nbuf_data(wbuf)); 1834 1835 /* if tkip, is counter measures enabled, then drop the frame */ 1836 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1837 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1838 1839 return status; 1840 } 1841 1842 /** 1843 * wlan_crypto_demic - called by mgmt for remove and check mic for 1844 * the frame based on cipher 1845 * @vdev: vdev 1846 * @wbuf: wbuf 1847 * @macaddr: macaddr 1848 * @tid: tid of the frame 1849 * @keyid: keyid in the received frame 1850 * This function gets called from mgmt txrx to decap frame. 1851 * 1852 * Return: QDF_STATUS_SUCCESS - in case of success 1853 */ 1854 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1855 qdf_nbuf_t wbuf, 1856 uint8_t *mac_addr, 1857 uint8_t tid, 1858 uint8_t keyid){ 1859 struct wlan_crypto_comp_priv *crypto_priv; 1860 struct wlan_crypto_params *crypto_params; 1861 struct wlan_crypto_key *key; 1862 QDF_STATUS status; 1863 struct wlan_crypto_cipher *cipher_table; 1864 struct wlan_objmgr_psoc *psoc; 1865 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1866 uint8_t hdrlen; 1867 enum QDF_OPMODE opmode; 1868 1869 opmode = wlan_vdev_mlme_get_opmode(vdev); 1870 1871 if (opmode == QDF_MONITOR_MODE) 1872 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1873 else 1874 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1875 (uint8_t *)qdf_nbuf_data(wbuf)); 1876 1877 wlan_vdev_obj_lock(vdev); 1878 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1879 QDF_MAC_ADDR_SIZE); 1880 psoc = wlan_vdev_get_psoc(vdev); 1881 if (!psoc) { 1882 wlan_vdev_obj_unlock(vdev); 1883 crypto_err("psoc NULL"); 1884 return QDF_STATUS_E_INVAL; 1885 } 1886 wlan_vdev_obj_unlock(vdev); 1887 1888 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1889 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1890 &crypto_priv); 1891 if (!crypto_priv) { 1892 crypto_err("crypto_priv NULL"); 1893 return QDF_STATUS_E_INVAL; 1894 } 1895 1896 key = crypto_priv->key[keyid]; 1897 if (!key) 1898 return QDF_STATUS_E_INVAL; 1899 1900 } else { 1901 struct wlan_objmgr_peer *peer; 1902 uint8_t pdev_id; 1903 1904 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1905 wlan_vdev_get_pdev(vdev)); 1906 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1907 psoc, pdev_id, bssid_mac, 1908 mac_addr, WLAN_CRYPTO_ID); 1909 if (!peer) { 1910 crypto_err("peer NULL"); 1911 return QDF_STATUS_E_INVAL; 1912 } 1913 1914 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1915 &crypto_priv); 1916 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1917 1918 if (!crypto_priv) { 1919 crypto_err("crypto_priv NULL"); 1920 return QDF_STATUS_E_INVAL; 1921 } 1922 1923 key = crypto_priv->key[keyid]; 1924 if (!key) 1925 return QDF_STATUS_E_INVAL; 1926 } 1927 /* if tkip, is counter measures enabled, then drop the frame */ 1928 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1929 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1930 1931 return status; 1932 } 1933 1934 /** 1935 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1936 * @vdev: vdev 1937 * 1938 * This function gets called to check is pmf enabled or not in vdev. 1939 * 1940 * Return: true or false 1941 */ 1942 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1943 { 1944 1945 struct wlan_crypto_comp_priv *crypto_priv; 1946 struct wlan_crypto_params *vdev_crypto_params; 1947 1948 if (!vdev) 1949 return false; 1950 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1951 &crypto_priv); 1952 if (!crypto_priv) { 1953 crypto_err("crypto_priv NULL"); 1954 return false; 1955 } 1956 1957 if ((vdev_crypto_params->rsn_caps & 1958 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1959 || (vdev_crypto_params->rsn_caps & 1960 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1961 return true; 1962 } 1963 1964 return false; 1965 } 1966 1967 /** 1968 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 1969 * @vdev: vdev 1970 * 1971 * This function gets called to check is pmf required or not in vdev. 1972 * 1973 * Return: true or false 1974 */ 1975 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 1976 { 1977 struct wlan_crypto_comp_priv *crypto_priv; 1978 struct wlan_crypto_params *vdev_crypto_params; 1979 1980 if (!vdev) 1981 return false; 1982 1983 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1984 &crypto_priv); 1985 if (!crypto_priv) { 1986 crypto_err("crypto_priv NULL"); 1987 return false; 1988 } 1989 1990 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 1991 return true; 1992 1993 return false; 1994 } 1995 1996 /** 1997 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1998 * @vdev: vdev 1999 * @peer: peer 2000 * 2001 * This function gets called by mgmt txrx to check is pmf enabled or not. 2002 * 2003 * Return: true or false 2004 */ 2005 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 2006 struct wlan_objmgr_peer *peer){ 2007 2008 struct wlan_crypto_comp_priv *crypto_priv; 2009 struct wlan_crypto_params *vdev_crypto_params; 2010 struct wlan_crypto_params *peer_crypto_params; 2011 2012 if (!vdev || !peer) 2013 return false; 2014 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2015 &crypto_priv); 2016 if (!crypto_priv) { 2017 crypto_err("crypto_priv NULL"); 2018 return false; 2019 } 2020 2021 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 2022 &crypto_priv); 2023 if (!crypto_priv) { 2024 crypto_err("crypto_priv NULL"); 2025 return false; 2026 } 2027 if (((vdev_crypto_params->rsn_caps & 2028 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 2029 (peer_crypto_params->rsn_caps & 2030 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 2031 || (vdev_crypto_params->rsn_caps & 2032 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2033 return true; 2034 } 2035 2036 return false; 2037 } 2038 2039 /** 2040 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 2041 * @vdev: vdev 2042 * @peer: peer 2043 * @keyidx : key index 2044 * 2045 * This function gets called by mgmt txrx to check if key is valid 2046 * 2047 * Return: true or false 2048 */ 2049 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 2050 struct wlan_objmgr_peer *peer, 2051 uint16_t keyidx) 2052 { 2053 struct wlan_crypto_key *key = NULL; 2054 2055 if (!vdev && !peer) 2056 return false; 2057 2058 if (peer) 2059 key = wlan_crypto_peer_getkey(peer, keyidx); 2060 else if (vdev) 2061 key = wlan_crypto_vdev_getkey(vdev, keyidx); 2062 2063 if ((key) && key->valid) 2064 return true; 2065 2066 return false; 2067 } 2068 2069 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 2070 { 2071 a[0] = b[5]; 2072 a[1] = b[4]; 2073 a[2] = b[3]; 2074 a[3] = b[2]; 2075 a[4] = b[1]; 2076 a[5] = b[0]; 2077 } 2078 2079 /** 2080 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 2081 * @vdev: vdev 2082 * @bfrm: frame starting pointer 2083 * @len: length of the frame 2084 * 2085 * This function gets called by mgmt txrx to add mmie in frame 2086 * 2087 * Return: end of frame or NULL in case failure 2088 */ 2089 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 2090 uint8_t *bfrm, 2091 uint32_t len) { 2092 struct wlan_crypto_key *key; 2093 struct wlan_crypto_mmie *mmie; 2094 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 2095 struct wlan_frame_hdr *hdr; 2096 uint32_t i, hdrlen, mic_len, aad_len; 2097 uint8_t mic[16]; 2098 struct wlan_crypto_comp_priv *crypto_priv; 2099 struct wlan_crypto_params *crypto_params; 2100 int32_t ret = -1; 2101 2102 if (!bfrm) { 2103 crypto_err("frame is NULL"); 2104 return NULL; 2105 } 2106 2107 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2108 &crypto_priv); 2109 if (!crypto_priv) { 2110 crypto_err("crypto_priv NULL"); 2111 return NULL; 2112 } 2113 2114 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 2115 crypto_err("igtk key invalid keyid %d", 2116 crypto_priv->def_igtk_tx_keyid); 2117 return NULL; 2118 } 2119 2120 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 2121 if (!key) { 2122 crypto_err("No igtk key present"); 2123 return NULL; 2124 } 2125 mic_len = (crypto_priv->igtk_key_type 2126 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2127 2128 efrm = bfrm + len; 2129 aad_len = 20; 2130 hdrlen = sizeof(struct wlan_frame_hdr); 2131 len += sizeof(struct wlan_crypto_mmie); 2132 2133 mmie = (struct wlan_crypto_mmie *) efrm; 2134 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2135 mmie->element_id = WLAN_ELEMID_MMIE; 2136 mmie->length = sizeof(*mmie) - 2; 2137 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2138 2139 mic_len = (crypto_priv->igtk_key_type 2140 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2141 if (mic_len == 8) { 2142 mmie->length -= 8; 2143 len -= 8; 2144 } 2145 /* PN = PN + 1 */ 2146 pn = (uint8_t *)&key->keytsc; 2147 2148 for (i = 0; i <= 5; i++) { 2149 pn[i]++; 2150 if (pn[i]) 2151 break; 2152 } 2153 2154 /* Copy IPN */ 2155 qdf_mem_copy(mmie->sequence_number, pn, 6); 2156 2157 hdr = (struct wlan_frame_hdr *) bfrm; 2158 2159 buf = qdf_mem_malloc(len - hdrlen + 20); 2160 if (!buf) 2161 return NULL; 2162 2163 qdf_mem_zero(buf, len - hdrlen + 20); 2164 aad = buf; 2165 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2166 2167 /* FC type/subtype */ 2168 aad[0] = hdr->i_fc[0]; 2169 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2170 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2171 | WLAN_FC1_MOREDATA)); 2172 /* A1 || A2 || A3 */ 2173 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2174 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2175 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2176 qdf_mem_zero(mic, 16); 2177 2178 /* 2179 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2180 */ 2181 2182 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2183 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2184 2185 ret = omac1_aes_128(key->keyval, buf, 2186 len + aad_len - hdrlen, mic); 2187 qdf_mem_copy(mmie->mic, mic, 8); 2188 2189 } else if (crypto_priv->igtk_key_type 2190 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2191 2192 ret = omac1_aes_256(key->keyval, buf, 2193 len + aad_len - hdrlen, mmie->mic); 2194 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2195 || (crypto_priv->igtk_key_type 2196 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2197 2198 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2199 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 2200 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2201 sizeof(nounce), buf, 2202 len + aad_len - hdrlen, mmie->mic); 2203 } 2204 qdf_mem_free(buf); 2205 if (ret < 0) { 2206 crypto_err("add mmie failed"); 2207 return NULL; 2208 } 2209 2210 return bfrm + len; 2211 } 2212 2213 /** 2214 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 2215 * @vdev: vdev 2216 * @frm: frame starting pointer 2217 * @efrm: end of frame pointer 2218 * 2219 * This function gets called by mgmt txrx to check mmie of the frame 2220 * 2221 * Return: true or false 2222 */ 2223 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2224 uint8_t *frm, 2225 uint8_t *efrm){ 2226 struct wlan_crypto_mmie *mmie = NULL; 2227 uint8_t *ipn, *aad, *buf, *mic, nounce[12]; 2228 struct wlan_crypto_key *key; 2229 struct wlan_frame_hdr *hdr; 2230 uint16_t mic_len, hdrlen, len; 2231 struct wlan_crypto_comp_priv *crypto_priv; 2232 struct wlan_crypto_params *crypto_params; 2233 uint8_t aad_len = 20; 2234 int32_t ret = -1; 2235 2236 /* check if frame is illegal length */ 2237 if (!frm || !efrm || (efrm < frm) 2238 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2239 crypto_err("Invalid params"); 2240 return false; 2241 } 2242 len = efrm - frm; 2243 crypto_priv = (struct wlan_crypto_comp_priv *) 2244 wlan_get_vdev_crypto_obj(vdev); 2245 if (!crypto_priv) { 2246 crypto_err("crypto_priv NULL"); 2247 return false; 2248 } 2249 2250 crypto_params = &(crypto_priv->crypto_params); 2251 2252 2253 mic_len = (crypto_priv->igtk_key_type 2254 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2255 hdrlen = sizeof(struct wlan_frame_hdr); 2256 2257 if (mic_len == 8) 2258 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2259 else 2260 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2261 2262 2263 /* check Elem ID*/ 2264 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2265 crypto_err("IE is not MMIE"); 2266 return false; 2267 } 2268 2269 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2270 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2271 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2272 crypto_err("keyid not valid"); 2273 return false; 2274 } 2275 2276 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2277 if (!key) { 2278 crypto_err("No igtk key present"); 2279 return false; 2280 } 2281 2282 /* validate ipn */ 2283 ipn = mmie->sequence_number; 2284 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2285 uint8_t *su = (uint8_t *)key->keyrsc; 2286 uint8_t *end = ipn + 6; 2287 2288 crypto_err("replay error :"); 2289 while (ipn < end) { 2290 crypto_err("expected pn = %x received pn = %x", 2291 *ipn++, *su++); 2292 } 2293 return false; 2294 } 2295 2296 buf = qdf_mem_malloc(len - hdrlen + 20); 2297 if (!buf) 2298 return false; 2299 2300 aad = buf; 2301 2302 /* construct AAD */ 2303 hdr = (struct wlan_frame_hdr *)frm; 2304 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2305 2306 /* FC type/subtype */ 2307 aad[0] = hdr->i_fc[0]; 2308 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2309 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2310 | WLAN_FC1_MOREDATA)); 2311 /* A1 || A2 || A3 */ 2312 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2313 2314 /* 2315 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2316 */ 2317 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2318 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2319 mic = qdf_mem_malloc(mic_len); 2320 if (!mic) { 2321 qdf_mem_free(buf); 2322 return false; 2323 } 2324 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2325 ret = omac1_aes_128(key->keyval, buf, 2326 len - hdrlen + aad_len, mic); 2327 } else if (crypto_priv->igtk_key_type 2328 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2329 ret = omac1_aes_256(key->keyval, buf, 2330 len + aad_len - hdrlen, mic); 2331 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2332 || (crypto_priv->igtk_key_type 2333 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2334 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2335 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 2336 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2337 sizeof(nounce), buf, 2338 len + aad_len - hdrlen, mic); 2339 } 2340 2341 qdf_mem_free(buf); 2342 2343 if (ret < 0) { 2344 qdf_mem_free(mic); 2345 crypto_err("genarate mmie failed"); 2346 return false; 2347 } 2348 2349 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2350 qdf_mem_free(mic); 2351 crypto_err("mmie mismatch"); 2352 /* MMIE MIC mismatch */ 2353 return false; 2354 } 2355 2356 qdf_mem_free(mic); 2357 /* Update the receive sequence number */ 2358 qdf_mem_copy(key->keyrsc, ipn, 6); 2359 crypto_debug("mmie matched"); 2360 2361 return true; 2362 } 2363 2364 2365 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2366 { 2367 int32_t status = -1; 2368 2369 switch (cipher) { 2370 case WLAN_CRYPTO_CIPHER_TKIP: 2371 return WPA_CIPHER_SUITE_TKIP; 2372 case WLAN_CRYPTO_CIPHER_AES_CCM: 2373 return WPA_CIPHER_SUITE_CCMP; 2374 case WLAN_CRYPTO_CIPHER_NONE: 2375 return WPA_CIPHER_SUITE_NONE; 2376 } 2377 2378 return status; 2379 } 2380 2381 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2382 { 2383 int32_t status = -1; 2384 2385 switch (cipher) { 2386 case WLAN_CRYPTO_CIPHER_TKIP: 2387 return RSN_CIPHER_SUITE_TKIP; 2388 case WLAN_CRYPTO_CIPHER_AES_CCM: 2389 return RSN_CIPHER_SUITE_CCMP; 2390 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2391 return RSN_CIPHER_SUITE_CCMP_256; 2392 case WLAN_CRYPTO_CIPHER_AES_GCM: 2393 return RSN_CIPHER_SUITE_GCMP; 2394 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2395 return RSN_CIPHER_SUITE_GCMP_256; 2396 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2397 return RSN_CIPHER_SUITE_AES_CMAC; 2398 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2399 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2400 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2401 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2402 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2403 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2404 case WLAN_CRYPTO_CIPHER_NONE: 2405 return RSN_CIPHER_SUITE_NONE; 2406 } 2407 2408 return status; 2409 } 2410 2411 /* 2412 * Convert an RSN key management/authentication algorithm 2413 * to an internal code. 2414 */ 2415 static int32_t 2416 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2417 { 2418 int32_t status = -1; 2419 2420 switch (keymgmt) { 2421 case WLAN_CRYPTO_KEY_MGMT_NONE: 2422 return RSN_AUTH_KEY_MGMT_NONE; 2423 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2424 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2425 case WLAN_CRYPTO_KEY_MGMT_PSK: 2426 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2427 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2428 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2429 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2430 return RSN_AUTH_KEY_MGMT_FT_PSK; 2431 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2432 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2433 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2434 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2435 case WLAN_CRYPTO_KEY_MGMT_SAE: 2436 return RSN_AUTH_KEY_MGMT_SAE; 2437 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2438 return RSN_AUTH_KEY_MGMT_FT_SAE; 2439 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2440 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2441 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2442 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2443 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2444 return RSN_AUTH_KEY_MGMT_CCKM; 2445 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2446 return RSN_AUTH_KEY_MGMT_OSEN; 2447 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2448 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2449 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2450 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2451 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2452 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2453 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2454 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2455 case WLAN_CRYPTO_KEY_MGMT_OWE: 2456 return RSN_AUTH_KEY_MGMT_OWE; 2457 case WLAN_CRYPTO_KEY_MGMT_DPP: 2458 return RSN_AUTH_KEY_MGMT_DPP; 2459 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384: 2460 return RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384; 2461 } 2462 2463 return status; 2464 } 2465 2466 /* 2467 * Convert an RSN key management/authentication algorithm 2468 * to an internal code. 2469 */ 2470 static int32_t 2471 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2472 { 2473 int32_t status = -1; 2474 2475 switch (keymgmt) { 2476 case WLAN_CRYPTO_KEY_MGMT_NONE: 2477 return WPA_AUTH_KEY_MGMT_NONE; 2478 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2479 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2480 case WLAN_CRYPTO_KEY_MGMT_PSK: 2481 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2482 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2483 return WPA_AUTH_KEY_MGMT_CCKM; 2484 } 2485 2486 return status; 2487 } 2488 /** 2489 * Convert a WPA cipher selector OUI to an internal 2490 * cipher algorithm. Where appropriate we also 2491 * record any key length. 2492 */ 2493 static int32_t wlan_crypto_wpa_suite_to_cipher(const uint8_t *sel) 2494 { 2495 uint32_t w = LE_READ_4(sel); 2496 int32_t status = -1; 2497 2498 switch (w) { 2499 case WPA_CIPHER_SUITE_TKIP: 2500 return WLAN_CRYPTO_CIPHER_TKIP; 2501 case WPA_CIPHER_SUITE_CCMP: 2502 return WLAN_CRYPTO_CIPHER_AES_CCM; 2503 case WPA_CIPHER_SUITE_NONE: 2504 return WLAN_CRYPTO_CIPHER_NONE; 2505 } 2506 2507 return status; 2508 } 2509 2510 /* 2511 * Convert a WPA key management/authentication algorithm 2512 * to an internal code. 2513 */ 2514 static int32_t wlan_crypto_wpa_suite_to_keymgmt(const uint8_t *sel) 2515 { 2516 uint32_t w = LE_READ_4(sel); 2517 int32_t status = -1; 2518 2519 switch (w) { 2520 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2521 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2522 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2523 return WLAN_CRYPTO_KEY_MGMT_PSK; 2524 case WPA_AUTH_KEY_MGMT_CCKM: 2525 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2526 case WPA_AUTH_KEY_MGMT_NONE: 2527 return WLAN_CRYPTO_KEY_MGMT_NONE; 2528 } 2529 return status; 2530 } 2531 2532 /* 2533 * Convert a RSN cipher selector OUI to an internal 2534 * cipher algorithm. Where appropriate we also 2535 * record any key length. 2536 */ 2537 static int32_t wlan_crypto_rsn_suite_to_cipher(const uint8_t *sel) 2538 { 2539 uint32_t w = LE_READ_4(sel); 2540 int32_t status = -1; 2541 2542 switch (w) { 2543 case RSN_CIPHER_SUITE_TKIP: 2544 return WLAN_CRYPTO_CIPHER_TKIP; 2545 case RSN_CIPHER_SUITE_CCMP: 2546 return WLAN_CRYPTO_CIPHER_AES_CCM; 2547 case RSN_CIPHER_SUITE_CCMP_256: 2548 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2549 case RSN_CIPHER_SUITE_GCMP: 2550 return WLAN_CRYPTO_CIPHER_AES_GCM; 2551 case RSN_CIPHER_SUITE_GCMP_256: 2552 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2553 case RSN_CIPHER_SUITE_AES_CMAC: 2554 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2555 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2556 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2557 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2558 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2559 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2560 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2561 case RSN_CIPHER_SUITE_NONE: 2562 return WLAN_CRYPTO_CIPHER_NONE; 2563 } 2564 2565 return status; 2566 } 2567 /* 2568 * Convert an RSN key management/authentication algorithm 2569 * to an internal code. 2570 */ 2571 static int32_t wlan_crypto_rsn_suite_to_keymgmt(const uint8_t *sel) 2572 { 2573 uint32_t w = LE_READ_4(sel); 2574 int32_t status = -1; 2575 2576 switch (w) { 2577 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2578 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2579 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2580 return WLAN_CRYPTO_KEY_MGMT_PSK; 2581 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2582 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2583 case RSN_AUTH_KEY_MGMT_FT_PSK: 2584 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2585 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2586 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2587 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2588 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2589 case RSN_AUTH_KEY_MGMT_SAE: 2590 return WLAN_CRYPTO_KEY_MGMT_SAE; 2591 case RSN_AUTH_KEY_MGMT_FT_SAE: 2592 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2593 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2594 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2595 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2596 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2597 case RSN_AUTH_KEY_MGMT_CCKM: 2598 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2599 case RSN_AUTH_KEY_MGMT_OSEN: 2600 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2601 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2602 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2603 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2604 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2605 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2606 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2607 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2608 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2609 case RSN_AUTH_KEY_MGMT_OWE: 2610 return WLAN_CRYPTO_KEY_MGMT_OWE; 2611 case RSN_AUTH_KEY_MGMT_DPP: 2612 return WLAN_CRYPTO_KEY_MGMT_DPP; 2613 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2614 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2615 } 2616 2617 return status; 2618 } 2619 2620 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2621 const uint8_t *frm) 2622 { 2623 uint8_t len = frm[1]; 2624 int32_t w; 2625 int n; 2626 2627 /* 2628 * Check the length once for fixed parts: OUI, type, 2629 * version, mcast cipher, and 2 selector counts. 2630 * Other, variable-length data, must be checked separately. 2631 */ 2632 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2633 2634 if (len < 14) 2635 return QDF_STATUS_E_INVAL; 2636 2637 frm += 6, len -= 4; 2638 2639 w = LE_READ_2(frm); 2640 if (w != WPA_VERSION) 2641 return QDF_STATUS_E_INVAL; 2642 2643 frm += 2, len -= 2; 2644 2645 /* multicast/group cipher */ 2646 w = wlan_crypto_wpa_suite_to_cipher(frm); 2647 if (w < 0) 2648 return QDF_STATUS_E_INVAL; 2649 SET_MCAST_CIPHER(crypto_params, w); 2650 frm += 4, len -= 4; 2651 2652 /* unicast ciphers */ 2653 n = LE_READ_2(frm); 2654 frm += 2, len -= 2; 2655 if (len < n*4+2) 2656 return QDF_STATUS_E_INVAL; 2657 2658 for (; n > 0; n--) { 2659 w = wlan_crypto_wpa_suite_to_cipher(frm); 2660 if (w < 0) 2661 return QDF_STATUS_E_INVAL; 2662 SET_UCAST_CIPHER(crypto_params, w); 2663 frm += 4, len -= 4; 2664 } 2665 2666 if (!crypto_params->ucastcipherset) 2667 return QDF_STATUS_E_INVAL; 2668 2669 /* key management algorithms */ 2670 n = LE_READ_2(frm); 2671 frm += 2, len -= 2; 2672 if (len < n*4) 2673 return QDF_STATUS_E_INVAL; 2674 2675 w = 0; 2676 for (; n > 0; n--) { 2677 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2678 if (w < 0) 2679 return QDF_STATUS_E_INVAL; 2680 SET_KEY_MGMT(crypto_params, w); 2681 frm += 4, len -= 4; 2682 } 2683 2684 /* optional capabilities */ 2685 if (len >= 2) { 2686 crypto_params->rsn_caps = LE_READ_2(frm); 2687 frm += 2, len -= 2; 2688 } 2689 2690 return QDF_STATUS_SUCCESS; 2691 } 2692 2693 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2694 const uint8_t *frm) 2695 { 2696 uint8_t len = frm[1]; 2697 int32_t w; 2698 int n; 2699 2700 /* Check the length once for fixed parts: OUI, type & version */ 2701 if (len < 2) 2702 return QDF_STATUS_E_INVAL; 2703 2704 /* initialize crypto params */ 2705 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2706 2707 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2708 2709 frm += 2; 2710 /* NB: iswapoui already validated the OUI and type */ 2711 w = LE_READ_2(frm); 2712 if (w != RSN_VERSION) 2713 return QDF_STATUS_E_INVAL; 2714 2715 frm += 2, len -= 2; 2716 2717 if (!len) { 2718 /* set defaults */ 2719 /* default group cipher CCMP-128 */ 2720 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2721 /* default ucast cipher CCMP-128 */ 2722 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2723 /* default key mgmt 8021x */ 2724 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2725 return QDF_STATUS_SUCCESS; 2726 } else if (len < 4) { 2727 return QDF_STATUS_E_INVAL; 2728 } 2729 2730 /* multicast/group cipher */ 2731 w = wlan_crypto_rsn_suite_to_cipher(frm); 2732 if (w < 0) 2733 return QDF_STATUS_E_INVAL; 2734 else { 2735 SET_MCAST_CIPHER(crypto_params, w); 2736 frm += 4, len -= 4; 2737 } 2738 2739 if (crypto_params->mcastcipherset == 0) 2740 return QDF_STATUS_E_INVAL; 2741 2742 if (!len) { 2743 /* default ucast cipher CCMP-128 */ 2744 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2745 /* default key mgmt 8021x */ 2746 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2747 return QDF_STATUS_SUCCESS; 2748 } else if (len < 2) { 2749 return QDF_STATUS_E_INVAL; 2750 } 2751 2752 /* unicast ciphers */ 2753 n = LE_READ_2(frm); 2754 frm += 2, len -= 2; 2755 if (n) { 2756 if (len < n * 4) 2757 return QDF_STATUS_E_INVAL; 2758 2759 for (; n > 0; n--) { 2760 w = wlan_crypto_rsn_suite_to_cipher(frm); 2761 if (w < 0) 2762 return QDF_STATUS_E_INVAL; 2763 SET_UCAST_CIPHER(crypto_params, w); 2764 frm += 4, len -= 4; 2765 } 2766 } else { 2767 /* default ucast cipher CCMP-128 */ 2768 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2769 } 2770 2771 if (crypto_params->ucastcipherset == 0) 2772 return QDF_STATUS_E_INVAL; 2773 2774 if (!len) { 2775 /* default key mgmt 8021x */ 2776 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2777 return QDF_STATUS_SUCCESS; 2778 } else if (len < 2) { 2779 return QDF_STATUS_E_INVAL; 2780 } 2781 2782 /* key management algorithms */ 2783 n = LE_READ_2(frm); 2784 frm += 2, len -= 2; 2785 2786 if (n) { 2787 if (len < n * 4) 2788 return QDF_STATUS_E_INVAL; 2789 2790 for (; n > 0; n--) { 2791 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2792 if (w < 0) 2793 return QDF_STATUS_E_INVAL; 2794 SET_KEY_MGMT(crypto_params, w); 2795 frm += 4, len -= 4; 2796 } 2797 } else { 2798 /* default key mgmt 8021x */ 2799 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2800 } 2801 2802 if (crypto_params->key_mgmt == 0) 2803 return QDF_STATUS_E_INVAL; 2804 2805 /* optional capabilities */ 2806 if (len >= 2) { 2807 crypto_params->rsn_caps = LE_READ_2(frm); 2808 frm += 2, len -= 2; 2809 } else if (len && len < 2) { 2810 return QDF_STATUS_E_INVAL; 2811 } 2812 2813 2814 /* PMKID */ 2815 if (len >= 2) { 2816 n = LE_READ_2(frm); 2817 frm += 2, len -= 2; 2818 if (n && len) { 2819 if (len >= n * PMKID_LEN) 2820 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2821 else 2822 return QDF_STATUS_E_INVAL; 2823 } else if (n && !len) { 2824 return QDF_STATUS_E_INVAL; 2825 } 2826 /*TODO: Save pmkid in params for further reference */ 2827 } else if (len == 1) { 2828 crypto_err("PMKID is truncated"); 2829 return QDF_STATUS_E_INVAL; 2830 } 2831 2832 /* BIP */ 2833 if (!len) { 2834 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2835 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 2836 SET_MGMT_CIPHER(crypto_params, 2837 WLAN_CRYPTO_CIPHER_AES_CMAC); 2838 return QDF_STATUS_SUCCESS; 2839 } else if (len < 4) { 2840 crypto_err("Mgmt cipher is truncated"); 2841 return QDF_STATUS_E_INVAL; 2842 } 2843 w = wlan_crypto_rsn_suite_to_cipher(frm); 2844 frm += 4, len -= 4; 2845 SET_MGMT_CIPHER(crypto_params, w); 2846 2847 return QDF_STATUS_SUCCESS; 2848 } 2849 2850 /** 2851 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2852 * @vdev: vdev 2853 * @iebuf: ie buffer 2854 * 2855 * This function gets called by mlme to build wpaie from given vdev 2856 * 2857 * Return: end of buffer 2858 */ 2859 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2860 uint8_t *iebuf){ 2861 uint8_t *frm = iebuf; 2862 uint8_t *selcnt; 2863 struct wlan_crypto_comp_priv *crypto_priv; 2864 struct wlan_crypto_params *crypto_params; 2865 2866 if (!frm) 2867 return NULL; 2868 2869 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2870 2871 if (!crypto_params) 2872 return NULL; 2873 2874 *frm++ = WLAN_ELEMID_VENDOR; 2875 *frm++ = 0; 2876 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2877 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2878 2879 2880 /* multicast cipher */ 2881 if (MCIPHER_IS_TKIP(crypto_params)) 2882 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2883 else if (MCIPHER_IS_CCMP128(crypto_params)) 2884 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2885 2886 /* unicast cipher list */ 2887 selcnt = frm; 2888 WLAN_CRYPTO_ADDSHORT(frm, 0); 2889 /* do not use CCMP unicast cipher in WPA mode */ 2890 if (UCIPHER_IS_CCMP128(crypto_params)) { 2891 selcnt[0]++; 2892 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2893 } 2894 if (UCIPHER_IS_TKIP(crypto_params)) { 2895 selcnt[0]++; 2896 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2897 } 2898 2899 /* authenticator selector list */ 2900 selcnt = frm; 2901 WLAN_CRYPTO_ADDSHORT(frm, 0); 2902 2903 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2904 selcnt[0]++; 2905 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2906 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2907 selcnt[0]++; 2908 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2909 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2910 selcnt[0]++; 2911 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2912 } else { 2913 selcnt[0]++; 2914 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2915 } 2916 2917 /* optional capabilities */ 2918 if (crypto_params->rsn_caps != 0 && 2919 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2920 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2921 } 2922 2923 /* calculate element length */ 2924 iebuf[1] = frm - iebuf - 2; 2925 2926 return frm; 2927 } 2928 2929 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 2930 uint8_t *iebuf, 2931 struct wlan_crypto_pmksa *pmksa) 2932 { 2933 uint8_t *frm = iebuf; 2934 uint8_t *selcnt; 2935 struct wlan_crypto_comp_priv *crypto_priv; 2936 struct wlan_crypto_params *crypto_params; 2937 2938 if (!frm) { 2939 return NULL; 2940 } 2941 2942 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2943 2944 if (!crypto_params) { 2945 return NULL; 2946 } 2947 2948 *frm++ = WLAN_ELEMID_RSN; 2949 *frm++ = 0; 2950 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2951 2952 2953 /* multicast cipher */ 2954 if (MCIPHER_IS_TKIP(crypto_params)) 2955 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2956 else if (MCIPHER_IS_CCMP128(crypto_params)) 2957 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2958 else if (MCIPHER_IS_CCMP256(crypto_params)) 2959 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2960 else if (MCIPHER_IS_GCMP128(crypto_params)) 2961 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2962 else if (MCIPHER_IS_GCMP256(crypto_params)) 2963 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2964 2965 /* unicast cipher list */ 2966 selcnt = frm; 2967 WLAN_CRYPTO_ADDSHORT(frm, 0); 2968 2969 if (UCIPHER_IS_CCMP256(crypto_params)) { 2970 selcnt[0]++; 2971 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2972 } 2973 if (UCIPHER_IS_GCMP256(crypto_params)) { 2974 selcnt[0]++; 2975 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2976 } 2977 if (UCIPHER_IS_CCMP128(crypto_params)) { 2978 selcnt[0]++; 2979 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2980 } 2981 if (UCIPHER_IS_GCMP128(crypto_params)) { 2982 selcnt[0]++; 2983 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2984 } 2985 if (UCIPHER_IS_TKIP(crypto_params)) { 2986 selcnt[0]++; 2987 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2988 } 2989 2990 /* authenticator selector list */ 2991 selcnt = frm; 2992 WLAN_CRYPTO_ADDSHORT(frm, 0); 2993 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2994 selcnt[0]++; 2995 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2996 /* Other key mgmt should not be added after CCKM */ 2997 goto add_rsn_caps; 2998 } 2999 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 3000 selcnt[0]++; 3001 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 3002 } 3003 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 3004 selcnt[0]++; 3005 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 3006 } 3007 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 3008 selcnt[0]++; 3009 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3010 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 3011 } 3012 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 3013 selcnt[0]++; 3014 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 3015 } 3016 if (HAS_KEY_MGMT(crypto_params, 3017 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 3018 selcnt[0]++; 3019 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3020 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 3021 } 3022 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 3023 selcnt[0]++; 3024 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 3025 } 3026 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 3027 selcnt[0]++; 3028 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 3029 } 3030 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 3031 selcnt[0]++; 3032 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 3033 } 3034 if (HAS_KEY_MGMT(crypto_params, 3035 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 3036 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 3037 3038 selcnt[0]++; 3039 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3040 } 3041 if (HAS_KEY_MGMT(crypto_params, 3042 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 3043 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 3044 3045 selcnt[0]++; 3046 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3047 } 3048 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 3049 selcnt[0]++; 3050 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 3051 } 3052 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 3053 selcnt[0]++; 3054 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 3055 } 3056 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 3057 selcnt[0]++; 3058 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3059 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 3060 } 3061 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 3062 selcnt[0]++; 3063 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3064 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 3065 } 3066 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 3067 selcnt[0]++; 3068 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 3069 } 3070 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 3071 selcnt[0]++; 3072 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 3073 } 3074 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 3075 selcnt[0]++; 3076 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 3077 } 3078 if (HAS_KEY_MGMT(crypto_params, 3079 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) { 3080 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 3081 3082 selcnt[0]++; 3083 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3084 } 3085 add_rsn_caps: 3086 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3087 /* optional capabilities */ 3088 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 3089 /* PMK list */ 3090 if (pmksa) { 3091 WLAN_CRYPTO_ADDSHORT(frm, 1); 3092 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3093 frm += PMKID_LEN; 3094 } else { 3095 WLAN_CRYPTO_ADDSHORT(frm, 0); 3096 } 3097 3098 if (HAS_MGMT_CIPHER(crypto_params, 3099 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 3100 RSN_ADD_CIPHER_TO_SUITE(frm, 3101 WLAN_CRYPTO_CIPHER_AES_CMAC); 3102 } 3103 if (HAS_MGMT_CIPHER(crypto_params, 3104 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 3105 RSN_ADD_CIPHER_TO_SUITE(frm, 3106 WLAN_CRYPTO_CIPHER_AES_GMAC); 3107 } 3108 if (HAS_MGMT_CIPHER(crypto_params, 3109 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 3110 RSN_ADD_CIPHER_TO_SUITE(frm, 3111 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3112 ); 3113 } 3114 3115 if (HAS_MGMT_CIPHER(crypto_params, 3116 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3117 RSN_ADD_CIPHER_TO_SUITE(frm, 3118 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3119 ); 3120 } 3121 } else { 3122 /* PMK list */ 3123 if (pmksa) { 3124 WLAN_CRYPTO_ADDSHORT(frm, 1); 3125 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3126 frm += PMKID_LEN; 3127 } 3128 } 3129 3130 /* calculate element length */ 3131 iebuf[1] = frm - iebuf - 2; 3132 3133 return frm; 3134 } 3135 3136 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3137 uint8_t *iebuf, 3138 struct qdf_mac_addr *bssid) 3139 { 3140 struct wlan_crypto_pmksa *pmksa = NULL; 3141 3142 if (bssid) 3143 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3144 3145 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3146 } 3147 3148 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3149 struct wlan_crypto_params *crypto_params){ 3150 struct wlan_crypto_params *my_crypto_params; 3151 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3152 3153 if (!my_crypto_params) { 3154 crypto_debug("vdev crypto params is NULL"); 3155 return false; 3156 } 3157 /* 3158 * Check peer's pairwise ciphers. 3159 * At least one must match with our unicast cipher 3160 */ 3161 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3162 crypto_debug("Unicast cipher match failed"); 3163 return false; 3164 } 3165 /* 3166 * Check peer's group cipher is our enabled multicast cipher. 3167 */ 3168 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3169 crypto_debug("Multicast cipher match failed"); 3170 return false; 3171 } 3172 /* 3173 * Check peer's key management class set (PSK or UNSPEC) 3174 */ 3175 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3176 crypto_debug("Key mgmt match failed"); 3177 return false; 3178 } 3179 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3180 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3181 crypto_debug("Peer is not PMF capable"); 3182 return false; 3183 } 3184 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3185 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3186 crypto_debug("Peer needs PMF, but vdev is not capable"); 3187 return false; 3188 } 3189 3190 return true; 3191 } 3192 3193 /* 3194 * Convert an WAPI CIPHER suite to to an internal code. 3195 */ 3196 static int32_t wlan_crypto_wapi_suite_to_cipher(const uint8_t *sel) 3197 { 3198 uint32_t w = LE_READ_4(sel); 3199 int32_t status = -1; 3200 3201 switch (w) { 3202 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3203 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3204 } 3205 3206 return status; 3207 } 3208 3209 /* 3210 * Convert an WAPI key management/authentication algorithm 3211 * to an internal code. 3212 */ 3213 static int32_t wlan_crypto_wapi_keymgmt(const u_int8_t *sel) 3214 { 3215 uint32_t w = LE_READ_4(sel); 3216 int32_t status = -1; 3217 3218 switch (w) { 3219 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3220 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3221 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3222 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3223 } 3224 3225 return status; 3226 } 3227 3228 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3229 const uint8_t *frm) 3230 { 3231 uint8_t len = frm[1]; 3232 int32_t w; 3233 int n; 3234 3235 /* 3236 * Check the length once for fixed parts: OUI, type, 3237 * version, mcast cipher, and 2 selector counts. 3238 * Other, variable-length data, must be checked separately. 3239 */ 3240 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3241 3242 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3243 return QDF_STATUS_E_INVAL; 3244 3245 3246 frm += 2; 3247 3248 w = LE_READ_2(frm); 3249 frm += 2, len -= 2; 3250 if (w != WAPI_VERSION) 3251 return QDF_STATUS_E_INVAL; 3252 3253 n = LE_READ_2(frm); 3254 frm += 2, len -= 2; 3255 if (len < n*4+2) 3256 return QDF_STATUS_E_INVAL; 3257 3258 for (; n > 0; n--) { 3259 w = wlan_crypto_wapi_keymgmt(frm); 3260 if (w < 0) 3261 return QDF_STATUS_E_INVAL; 3262 3263 SET_KEY_MGMT(crypto_params, w); 3264 frm += 4, len -= 4; 3265 } 3266 3267 /* unicast ciphers */ 3268 n = LE_READ_2(frm); 3269 frm += 2, len -= 2; 3270 if (len < n*4+2) 3271 return QDF_STATUS_E_INVAL; 3272 3273 for (; n > 0; n--) { 3274 w = wlan_crypto_wapi_suite_to_cipher(frm); 3275 if (w < 0) 3276 return QDF_STATUS_E_INVAL; 3277 SET_UCAST_CIPHER(crypto_params, w); 3278 frm += 4, len -= 4; 3279 } 3280 3281 if (!crypto_params->ucastcipherset) 3282 return QDF_STATUS_E_INVAL; 3283 3284 /* multicast/group cipher */ 3285 w = wlan_crypto_wapi_suite_to_cipher(frm); 3286 3287 if (w < 0) 3288 return QDF_STATUS_E_INVAL; 3289 3290 SET_MCAST_CIPHER(crypto_params, w); 3291 frm += 4, len -= 4; 3292 3293 return QDF_STATUS_SUCCESS; 3294 } 3295 3296 /** 3297 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3298 * @vdev: vdev 3299 * @iebuf: ie buffer 3300 * 3301 * This function gets called by mlme to build wapi ie from given vdev 3302 * 3303 * Return: end of buffer 3304 */ 3305 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3306 uint8_t *iebuf) 3307 { 3308 uint8_t *frm; 3309 uint8_t *selcnt; 3310 struct wlan_crypto_comp_priv *crypto_priv; 3311 struct wlan_crypto_params *crypto_params; 3312 3313 frm = iebuf; 3314 if (!frm) { 3315 crypto_err("ie buffer NULL"); 3316 return NULL; 3317 } 3318 3319 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3320 3321 if (!crypto_params) { 3322 crypto_err("crypto_params NULL"); 3323 return NULL; 3324 } 3325 3326 *frm++ = WLAN_ELEMID_WAPI; 3327 *frm++ = 0; 3328 3329 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3330 3331 /* authenticator selector list */ 3332 selcnt = frm; 3333 WLAN_CRYPTO_ADDSHORT(frm, 0); 3334 3335 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3336 selcnt[0]++; 3337 WLAN_CRYPTO_ADDSELECTOR(frm, 3338 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3339 } 3340 3341 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3342 selcnt[0]++; 3343 WLAN_CRYPTO_ADDSELECTOR(frm, 3344 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3345 } 3346 3347 /* unicast cipher list */ 3348 selcnt = frm; 3349 WLAN_CRYPTO_ADDSHORT(frm, 0); 3350 3351 if (UCIPHER_IS_SMS4(crypto_params)) { 3352 selcnt[0]++; 3353 WLAN_CRYPTO_ADDSELECTOR(frm, 3354 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3355 } 3356 3357 WLAN_CRYPTO_ADDSELECTOR(frm, 3358 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3359 3360 /* optional capabilities */ 3361 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3362 3363 /* bkid count */ 3364 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3365 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3366 WLAN_CRYPTO_ADDSHORT(frm, 0); 3367 3368 /* calculate element length */ 3369 iebuf[1] = frm - iebuf - 2; 3370 3371 return frm; 3372 3373 } 3374 3375 /** 3376 * wlan_crypto_pn_check - called by data patch for PN check 3377 * @vdev: vdev 3378 * @wbuf: wbuf 3379 * 3380 * This function gets called by data patch for PN check 3381 * 3382 * Return: QDF_STATUS 3383 */ 3384 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3385 qdf_nbuf_t wbuf){ 3386 /* Need to check is there real requirement for this function 3387 * as PN check is already handled in decap function. 3388 */ 3389 return QDF_STATUS_SUCCESS; 3390 } 3391 3392 /** 3393 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3394 * @vdev:vdev 3395 * 3396 * This function gets called by mlme to get crypto params 3397 * 3398 * Return: wlan_crypto_params or NULL in case of failure 3399 */ 3400 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3401 struct wlan_objmgr_vdev *vdev){ 3402 struct wlan_crypto_comp_priv *crypto_priv; 3403 3404 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3405 } 3406 3407 /** 3408 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3409 * @peer:peer 3410 * 3411 * This function gets called by mlme to get crypto params 3412 * 3413 * Return: wlan_crypto_params or NULL in case of failure 3414 */ 3415 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3416 struct wlan_objmgr_peer *peer){ 3417 struct wlan_crypto_comp_priv *crypto_priv; 3418 3419 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3420 } 3421 3422 3423 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3424 struct wlan_objmgr_peer *peer) 3425 { 3426 struct wlan_crypto_comp_priv *crypto_priv; 3427 struct wlan_crypto_comp_priv *sta_crypto_priv; 3428 struct wlan_crypto_params *crypto_params; 3429 struct wlan_crypto_key *key; 3430 struct wlan_crypto_key *sta_key; 3431 struct wlan_crypto_cipher *cipher_table; 3432 struct wlan_objmgr_psoc *psoc; 3433 struct wlan_lmac_if_tx_ops *tx_ops; 3434 uint8_t *mac_addr; 3435 int i; 3436 enum QDF_OPMODE opmode; 3437 QDF_STATUS status = QDF_STATUS_SUCCESS; 3438 3439 if (!vdev) 3440 return QDF_STATUS_E_NULL_VALUE; 3441 3442 if (!peer) { 3443 crypto_debug("peer NULL"); 3444 return QDF_STATUS_E_INVAL; 3445 } 3446 3447 opmode = wlan_vdev_mlme_get_opmode(vdev); 3448 psoc = wlan_vdev_get_psoc(vdev); 3449 3450 if (!psoc) { 3451 crypto_err("psoc NULL"); 3452 return QDF_STATUS_E_NULL_VALUE; 3453 } 3454 3455 wlan_peer_obj_lock(peer); 3456 mac_addr = wlan_peer_get_macaddr(peer); 3457 wlan_peer_obj_unlock(peer); 3458 3459 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3460 &crypto_priv); 3461 if (!crypto_priv) { 3462 crypto_err("crypto_priv NULL"); 3463 return QDF_STATUS_E_NULL_VALUE; 3464 } 3465 3466 /* push only valid static WEP keys from vap */ 3467 if (AUTH_IS_8021X(crypto_params)) 3468 return QDF_STATUS_E_INVAL; 3469 3470 if (opmode == QDF_STA_MODE) { 3471 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3472 if (!peer) { 3473 crypto_debug("peer NULL"); 3474 return QDF_STATUS_E_INVAL; 3475 } 3476 } 3477 3478 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3479 if (!sta_crypto_priv) { 3480 crypto_err("sta priv is null"); 3481 status = QDF_STATUS_E_INVAL; 3482 goto exit; 3483 } 3484 3485 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3486 if (crypto_priv->key[i]) { 3487 key = crypto_priv->key[i]; 3488 if (!key || !key->valid) 3489 continue; 3490 3491 cipher_table = (struct wlan_crypto_cipher *) 3492 key->cipher_table; 3493 3494 if (!cipher_table) 3495 continue; 3496 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3497 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3498 if (!tx_ops) { 3499 crypto_err("tx_ops is NULL"); 3500 return QDF_STATUS_E_INVAL; 3501 } 3502 3503 sta_key = qdf_mem_malloc( 3504 sizeof(struct wlan_crypto_key)); 3505 if (!sta_key) { 3506 status = QDF_STATUS_E_NOMEM; 3507 goto exit; 3508 } 3509 3510 sta_crypto_priv->key[i] = sta_key; 3511 qdf_mem_copy(sta_key, key, 3512 sizeof(struct wlan_crypto_key)); 3513 3514 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3515 3516 if (crypto_priv->def_tx_keyid == i) { 3517 sta_key->flags 3518 |= WLAN_CRYPTO_KEY_DEFAULT; 3519 sta_crypto_priv->def_tx_keyid = 3520 crypto_priv->def_tx_keyid; 3521 } 3522 /* setting the broadcast/multicast key for sta*/ 3523 if (opmode == QDF_STA_MODE || 3524 opmode == QDF_IBSS_MODE){ 3525 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3526 WLAN_CRYPTO_TX_OPS_SETKEY( 3527 tx_ops)(vdev, sta_key, 3528 mac_addr, 3529 cipher_table->cipher); 3530 } 3531 } 3532 3533 /* setting unicast key */ 3534 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3535 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3536 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3537 vdev, sta_key, 3538 mac_addr, 3539 cipher_table->cipher); 3540 } 3541 } 3542 } 3543 } 3544 3545 exit: 3546 if (opmode == QDF_STA_MODE) 3547 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3548 3549 return status; 3550 } 3551 3552 /** 3553 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3554 * @crypto_rx_ops: crypto_rx_ops 3555 * 3556 * This function gets called by object manger to register crypto rx ops. 3557 * 3558 * Return: QDF_STATUS 3559 */ 3560 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3561 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3562 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3563 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3564 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3565 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3566 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3567 3568 return QDF_STATUS_SUCCESS; 3569 } 3570 3571 /** 3572 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3573 * @psoc: psoc 3574 * 3575 * This function gets called by umac to get the crypto_rx_ops 3576 * 3577 * Return: crypto_rx_ops 3578 */ 3579 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3580 struct wlan_objmgr_psoc *psoc) 3581 { 3582 struct wlan_lmac_if_rx_ops *rx_ops; 3583 3584 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3585 3586 if (!rx_ops) { 3587 crypto_err("rx_ops is NULL"); 3588 return NULL; 3589 } 3590 3591 return &rx_ops->crypto_rx_ops; 3592 } 3593 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3594 3595 /** 3596 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3597 * @vdev: vdev 3598 * @authvalue: authvalue to be checked 3599 * 3600 * This function check is authvalue passed is set in vdev or not 3601 * 3602 * Return: true or false 3603 */ 3604 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3605 wlan_crypto_auth_mode authvalue) 3606 { 3607 int res; 3608 3609 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE); 3610 3611 if (res != -1) 3612 return (res & authvalue) ? true : false; 3613 return false; 3614 } 3615 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3616 3617 /** 3618 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3619 * @peer: peer 3620 * @authvalue: authvalue to be checked 3621 * 3622 * This function check is authvalue passed is set in peer or not 3623 * 3624 * Return: true or false 3625 */ 3626 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3627 wlan_crypto_auth_mode authvalue) 3628 { 3629 int res; 3630 3631 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE); 3632 3633 if (res != -1) 3634 return (res & authvalue) ? true : false; 3635 3636 return false; 3637 } 3638 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3639 3640 /** 3641 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3642 * @vdev: vdev 3643 * @ucastcipher: ucastcipher to be checked 3644 * 3645 * This function check is ucastcipher passed is set in vdev or not 3646 * 3647 * Return: true or false 3648 */ 3649 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3650 wlan_crypto_cipher_type ucastcipher) 3651 { 3652 int res; 3653 3654 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3655 3656 if (res != -1) 3657 return (res & ucastcipher) ? true : false; 3658 3659 return false; 3660 } 3661 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3662 3663 /** 3664 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3665 * @peer: peer 3666 * @ucastcipher: ucastcipher to be checked 3667 * 3668 * This function check is ucastcipher passed is set in peer or not 3669 * 3670 * Return: true or false 3671 */ 3672 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3673 wlan_crypto_cipher_type ucastcipher) 3674 { 3675 int res; 3676 3677 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3678 3679 if (res != -1) 3680 return (res & ucastcipher) ? true : false; 3681 3682 return false; 3683 } 3684 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3685 3686 /** 3687 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3688 * @vdev: vdev 3689 * @mcastcipher: mcastcipher to be checked 3690 * 3691 * This function check is mcastcipher passed is set in vdev or not 3692 * 3693 * Return: true or false 3694 */ 3695 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3696 wlan_crypto_cipher_type mcastcipher) 3697 { 3698 int res; 3699 3700 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3701 3702 if (res != -1) 3703 return (res & mcastcipher) ? true : false; 3704 3705 return false; 3706 } 3707 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3708 3709 /** 3710 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3711 * @peer: peer 3712 * @mcastcipher: mcastcipher to be checked 3713 * 3714 * This function check is mcastcipher passed is set in peer or not 3715 * 3716 * Return: true or false 3717 */ 3718 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3719 wlan_crypto_cipher_type mcastcipher) 3720 { 3721 int res; 3722 3723 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3724 3725 if (res != -1) 3726 return (res & mcastcipher) ? true : false; 3727 3728 return false; 3729 } 3730 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3731 3732 /** 3733 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3734 * @vdev: vdev 3735 * @mgmtcipher: mgmtcipher to be checked 3736 * 3737 * This function checks any one of mgmtciphers are supported by vdev or not. 3738 * 3739 * Return: true or false 3740 */ 3741 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3742 uint32_t mgmtcipher) 3743 { 3744 int res; 3745 3746 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3747 3748 if (res != -1) 3749 return (res & mgmtcipher) ? true : false; 3750 3751 return false; 3752 } 3753 3754 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3755 3756 /** 3757 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3758 * @peer: peer 3759 * @mgmtcipher: mgmtcipher to be checked 3760 * 3761 * This function checks any one of mgmtciphers are supported by peer or not 3762 * 3763 * Return: true or false 3764 */ 3765 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3766 uint32_t mgmtcipher) 3767 { 3768 int res; 3769 3770 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3771 3772 if (res != -1) 3773 return (res & mgmtcipher) ? true : false; 3774 3775 return false; 3776 } 3777 3778 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3779 3780 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3781 { 3782 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3783 3784 if (!peer) { 3785 crypto_err("Invalid Input"); 3786 return 0; 3787 } 3788 3789 crypto_priv = wlan_get_peer_crypto_obj(peer); 3790 if (!crypto_priv) { 3791 crypto_err("crypto_priv NULL"); 3792 return 0; 3793 } 3794 3795 return crypto_priv->fils_aead_set; 3796 } 3797 3798 void 3799 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3800 { 3801 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3802 3803 if (!peer) { 3804 crypto_err("Invalid Input"); 3805 return; 3806 } 3807 3808 crypto_priv = wlan_get_peer_crypto_obj(peer); 3809 if (!crypto_priv) { 3810 crypto_err("crypto_priv NULL"); 3811 return; 3812 } 3813 3814 crypto_priv->fils_aead_set = value; 3815 } 3816 3817 /** 3818 * wlan_crypto_get_key_header - get header length 3819 * @key: key 3820 * 3821 * This function gets header length based on keytype 3822 * 3823 * Return: header length 3824 */ 3825 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3826 { 3827 struct wlan_crypto_cipher *cipher_table; 3828 3829 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3830 if (cipher_table) 3831 return cipher_table->header; 3832 else 3833 return 0; 3834 } 3835 3836 qdf_export_symbol(wlan_crypto_get_key_header); 3837 3838 /** 3839 * wlan_crypto_get_key_trailer - get cipher trailer length 3840 * @key: key 3841 * 3842 * This function gets cipher trailer length based on keytype 3843 * 3844 * Return: cipher trailer length 3845 */ 3846 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3847 { 3848 struct wlan_crypto_cipher *cipher_table; 3849 3850 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3851 if (cipher_table) 3852 return cipher_table->trailer; 3853 else 3854 return 0; 3855 } 3856 3857 qdf_export_symbol(wlan_crypto_get_key_trailer); 3858 3859 /** 3860 * wlan_crypto_get_key_miclen - get cipher miclen length 3861 * @key: key 3862 * 3863 * This function gets cipher miclen length based on keytype 3864 * 3865 * Return: cipher miclen length 3866 */ 3867 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3868 { 3869 struct wlan_crypto_cipher *cipher_table; 3870 3871 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3872 if (cipher_table) 3873 return cipher_table->miclen; 3874 else 3875 return 0; 3876 } 3877 3878 qdf_export_symbol(wlan_crypto_get_key_miclen); 3879 3880 /** 3881 * wlan_crypto_get_keyid - get keyid from frame 3882 * @data: frame 3883 * 3884 * This function parse frame and returns keyid 3885 * 3886 * Return: keyid 3887 */ 3888 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3889 { 3890 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3891 uint8_t *iv; 3892 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3893 3894 /* 3895 * In FILS SK (Re)Association request/response frame has 3896 * to be decrypted 3897 */ 3898 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3899 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3900 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3901 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3902 return 0; 3903 } 3904 3905 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3906 iv = data + hdrlen; 3907 /* 3908 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3909 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3910 */ 3911 return ((iv[3] >> 6) & 0x3); 3912 } else { 3913 return WLAN_CRYPTO_KEYIX_NONE; 3914 } 3915 } 3916 3917 qdf_export_symbol(wlan_crypto_get_keyid); 3918 3919 /** 3920 * crypto_plumb_peer_keys - called during radio reset 3921 * @vdev: vdev 3922 * @object: peer 3923 * @arg: psoc 3924 * 3925 * Restore unicast and persta hardware keys 3926 * 3927 * Return: void 3928 */ 3929 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3930 void *object, void *arg) { 3931 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3932 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3933 struct wlan_crypto_comp_priv *crypto_priv; 3934 struct wlan_crypto_params *crypto_params; 3935 struct wlan_crypto_key *key = NULL; 3936 struct wlan_lmac_if_tx_ops *tx_ops; 3937 int i; 3938 3939 if ((!peer) || (!vdev) || (!psoc)) { 3940 crypto_err("Peer or vdev or psoc objects are null!"); 3941 return; 3942 } 3943 3944 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3945 &crypto_priv); 3946 3947 if (!crypto_priv) { 3948 crypto_err("crypto_priv NULL"); 3949 return; 3950 } 3951 3952 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3953 key = crypto_priv->key[i]; 3954 if (key && key->valid) { 3955 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3956 3957 if (!tx_ops) { 3958 crypto_err("tx_ops is NULL"); 3959 return; 3960 } 3961 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3962 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 3963 ( 3964 vdev, 3965 key, 3966 wlan_peer_get_macaddr(peer), 3967 wlan_crypto_get_key_type(key) 3968 ); 3969 } 3970 } 3971 } 3972 } 3973 3974 /** 3975 * wlan_crypto_restore_keys - called during radio reset 3976 * @vdev: vdev 3977 * 3978 * Clear and restore keycache, needed for some DA chipsets which put 3979 * random values in keycache when phy reset is triggered 3980 * 3981 * Return: void 3982 */ 3983 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3984 { 3985 int i; 3986 struct wlan_crypto_comp_priv *crypto_priv; 3987 struct wlan_crypto_params *crypto_params; 3988 struct wlan_crypto_key *key; 3989 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3990 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3991 struct wlan_objmgr_pdev *pdev = NULL; 3992 struct wlan_objmgr_psoc *psoc = NULL; 3993 struct wlan_lmac_if_tx_ops *tx_ops; 3994 3995 pdev = wlan_vdev_get_pdev(vdev); 3996 psoc = wlan_vdev_get_psoc(vdev); 3997 if (!pdev) { 3998 crypto_err("pdev is NULL"); 3999 return; 4000 } 4001 if (!psoc) { 4002 crypto_err("psoc is NULL"); 4003 return; 4004 } 4005 4006 /* TBD: QWRAP key restore*/ 4007 /* crypto is on */ 4008 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 4009 /* restore static shared keys */ 4010 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 4011 crypto_params = wlan_crypto_vdev_get_comp_params 4012 ( 4013 vdev, 4014 &crypto_priv 4015 ); 4016 if (!crypto_priv) { 4017 crypto_err("crypto_priv is NULL"); 4018 return; 4019 } 4020 key = crypto_priv->key[i]; 4021 if (key && key->valid) { 4022 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4023 if (!tx_ops) { 4024 crypto_err("tx_ops is NULL"); 4025 return; 4026 } 4027 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 4028 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 4029 ( 4030 vdev, 4031 key, 4032 macaddr, 4033 wlan_crypto_get_key_type(key) 4034 ); 4035 } 4036 } 4037 } 4038 4039 wlan_objmgr_iterate_peerobj_list(vdev, 4040 crypto_plumb_peer_keys, 4041 psoc, 4042 WLAN_CRYPTO_ID); 4043 } 4044 } 4045 4046 /** 4047 * wlan_crypto_check_open_none - called by ucfg to check for open security 4048 * @psoc: psoc pointer 4049 * @vdev_id: vdev id 4050 * 4051 * This function gets called from ucfg to check open security. 4052 * 4053 * Return: true or false 4054 */ 4055 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 4056 { 4057 struct wlan_crypto_comp_priv *crypto_priv; 4058 struct wlan_crypto_params *crypto_params; 4059 struct wlan_objmgr_vdev *vdev; 4060 bool match = true; 4061 4062 if (!psoc) { 4063 crypto_err("PSOC is NULL"); 4064 return false; 4065 } 4066 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4067 WLAN_CRYPTO_ID); 4068 if (!vdev) { 4069 crypto_err("vdev is NULL"); 4070 return false; 4071 } 4072 4073 crypto_priv = (struct wlan_crypto_comp_priv *) 4074 wlan_get_vdev_crypto_obj(vdev); 4075 4076 if (!crypto_priv) { 4077 crypto_err("crypto_priv NULL"); 4078 match = false; 4079 goto send_res; 4080 } 4081 4082 crypto_params = &crypto_priv->crypto_params; 4083 4084 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 4085 match = false; 4086 goto send_res; 4087 } 4088 4089 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 4090 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 4091 match = false; 4092 4093 send_res: 4094 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4095 4096 return match; 4097 } 4098 4099 /** 4100 * wlan_crypto_check_wep - called by ucfg to check for WEP security 4101 * @psoc: psoc pointer 4102 * @vdev_id: vdev id 4103 * 4104 * This function gets called from ucfg to check WEP security. 4105 * 4106 * Return: true or false 4107 */ 4108 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 4109 { 4110 struct wlan_crypto_comp_priv *crypto_priv; 4111 struct wlan_crypto_params *crypto_params; 4112 struct wlan_objmgr_vdev *vdev; 4113 bool match = true; 4114 4115 if (!psoc) { 4116 crypto_err("PSOC is NULL"); 4117 return false; 4118 } 4119 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4120 WLAN_CRYPTO_ID); 4121 if (!vdev) { 4122 crypto_err("vdev is NULL"); 4123 return false; 4124 } 4125 4126 crypto_priv = (struct wlan_crypto_comp_priv *) 4127 wlan_get_vdev_crypto_obj(vdev); 4128 4129 if (!crypto_priv) { 4130 crypto_err("crypto_priv NULL"); 4131 match = false; 4132 goto send_res; 4133 } 4134 4135 crypto_params = &crypto_priv->crypto_params; 4136 4137 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 4138 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 4139 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 4140 match = false; 4141 goto send_res; 4142 } 4143 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 4144 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 4145 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 4146 match = false; 4147 goto send_res; 4148 } 4149 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 4150 match = false; 4151 goto send_res; 4152 } 4153 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 4154 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 4155 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 4156 match = false; 4157 } 4158 send_res: 4159 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4160 4161 return match; 4162 } 4163 4164 QDF_STATUS 4165 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 4166 const uint8_t *ie_ptr, uint16_t ie_len) 4167 { 4168 const uint8_t *rsn_ie = NULL; 4169 QDF_STATUS status; 4170 4171 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4172 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 4173 if (!rsn_ie) { 4174 crypto_debug("RSN IE not present"); 4175 return QDF_STATUS_E_INVAL; 4176 } 4177 4178 status = wlan_crypto_rsnie_check(crypto_params, rsn_ie); 4179 if (QDF_STATUS_SUCCESS != status) { 4180 crypto_err("RSN IE check failed"); 4181 return status; 4182 } 4183 4184 return QDF_STATUS_SUCCESS; 4185 } 4186 4187 QDF_STATUS 4188 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 4189 const uint8_t *ie_ptr, uint16_t ie_len) 4190 { 4191 const uint8_t *wpa_ie = NULL; 4192 uint32_t wpa_oui; 4193 QDF_STATUS status; 4194 4195 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4196 4197 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 4198 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 4199 WLAN_OUI_SIZE, ie_ptr, ie_len); 4200 if (!wpa_ie) { 4201 crypto_debug("WPA IE not present"); 4202 return QDF_STATUS_E_INVAL; 4203 } 4204 4205 status = wlan_crypto_wpaie_check(crypto_params, wpa_ie); 4206 if (QDF_STATUS_SUCCESS != status) { 4207 crypto_err("WPA IE check failed"); 4208 return status; 4209 } 4210 4211 return QDF_STATUS_SUCCESS; 4212 } 4213 4214 #ifdef FEATURE_WLAN_WAPI 4215 QDF_STATUS 4216 wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params *crypto_params, 4217 const uint8_t *ie_ptr, uint16_t ie_len) 4218 { 4219 const uint8_t *wapi_ie; 4220 QDF_STATUS status; 4221 4222 qdf_mem_zero(crypto_params, sizeof(*crypto_params)); 4223 wapi_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_WAPI, ie_ptr, ie_len); 4224 if (!wapi_ie) { 4225 crypto_debug("WAPI ie not present"); 4226 return QDF_STATUS_E_INVAL; 4227 } 4228 4229 status = wlan_crypto_wapiie_check(crypto_params, wapi_ie); 4230 if (QDF_IS_STATUS_ERROR(status)) { 4231 crypto_err("WAPI IE check failed"); 4232 return status; 4233 } 4234 4235 return QDF_STATUS_SUCCESS; 4236 } 4237 #endif 4238 4239 /** 4240 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 4241 * @psoc: psoc pointer 4242 * @vdev_id: vdev id 4243 * @ie_ptr: pointer to IEs 4244 * @ie_len: IE length 4245 * @peer_crypto_params: return peer crypto parameters 4246 * 4247 * This function gets called from ucfg to check RSN match. 4248 * 4249 * Return: true or false 4250 */ 4251 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 4252 uint8_t vdev_id, uint8_t *ie_ptr, 4253 uint16_t ie_len, struct wlan_crypto_params * 4254 peer_crypto_params) 4255 { 4256 struct wlan_objmgr_vdev *vdev; 4257 bool match = true; 4258 QDF_STATUS status; 4259 4260 if (!psoc) { 4261 crypto_err("PSOC is NULL"); 4262 return false; 4263 } 4264 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 4265 ie_ptr, ie_len); 4266 if (QDF_STATUS_SUCCESS != status) { 4267 crypto_err("get crypto prarams from RSN IE failed"); 4268 return false; 4269 } 4270 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4271 WLAN_CRYPTO_ID); 4272 if (!vdev) { 4273 crypto_err("vdev is NULL"); 4274 return false; 4275 } 4276 4277 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4278 4279 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4280 4281 return match; 4282 } 4283 4284 /** 4285 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 4286 * @psoc: psoc pointer 4287 * @vdev_id: vdev id 4288 * @ie_ptr: pointer to IEs 4289 * @ie_len: IE length 4290 * @peer_crypto_params: return peer crypto parameters 4291 * 4292 * This function gets called from ucfg to check WPA match. 4293 * 4294 * Return: true or false 4295 */ 4296 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 4297 uint8_t vdev_id, uint8_t *ie_ptr, 4298 uint16_t ie_len, struct wlan_crypto_params * 4299 peer_crypto_params) 4300 { 4301 struct wlan_objmgr_vdev *vdev; 4302 bool match = true; 4303 QDF_STATUS status; 4304 4305 if (!psoc) { 4306 crypto_err("PSOC is NULL"); 4307 return false; 4308 } 4309 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4310 WLAN_CRYPTO_ID); 4311 if (!vdev) { 4312 crypto_err("vdev is NULL"); 4313 return false; 4314 } 4315 4316 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 4317 ie_ptr, ie_len); 4318 if (QDF_STATUS_SUCCESS != status) { 4319 crypto_err("get crypto prarams from WPA IE failed"); 4320 match = false; 4321 goto send_res; 4322 } 4323 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4324 4325 send_res: 4326 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4327 4328 return match; 4329 } 4330 4331 4332 static void 4333 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4334 struct wlan_crypto_params *src_params) 4335 { 4336 dst_params->authmodeset |= src_params->authmodeset; 4337 dst_params->ucastcipherset |= src_params->ucastcipherset; 4338 dst_params->mcastcipherset |= src_params->mcastcipherset; 4339 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4340 dst_params->cipher_caps |= src_params->cipher_caps; 4341 dst_params->key_mgmt |= src_params->key_mgmt; 4342 dst_params->rsn_caps |= src_params->rsn_caps; 4343 } 4344 4345 static void 4346 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4347 { 4348 params->authmodeset = 0; 4349 params->ucastcipherset = 0; 4350 params->mcastcipherset = 0; 4351 params->mgmtcipherset = 0; 4352 params->key_mgmt = 0; 4353 params->rsn_caps = 0; 4354 } 4355 4356 const uint8_t * 4357 wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len) 4358 { 4359 uint8_t len; 4360 const uint8_t *ie; 4361 4362 if (!rsnxe_ie) 4363 return NULL; 4364 4365 ie = rsnxe_ie; 4366 len = ie[1]; 4367 ie += 2; 4368 4369 if (!len) 4370 return NULL; 4371 4372 *cap_len = ie[0] & 0xf; 4373 4374 return ie; 4375 } 4376 4377 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4378 uint8_t *ie_ptr, 4379 uint16_t ie_len) 4380 { 4381 struct wlan_crypto_params crypto_params; 4382 QDF_STATUS status; 4383 struct wlan_crypto_params *vdev_crypto_params; 4384 struct wlan_crypto_comp_priv *crypto_priv; 4385 bool send_fail = false; 4386 4387 if (!vdev) { 4388 crypto_err("VDEV is NULL"); 4389 return QDF_STATUS_E_FAILURE; 4390 } 4391 4392 if (!ie_ptr) { 4393 crypto_err("IE ptr is NULL"); 4394 return QDF_STATUS_E_FAILURE; 4395 } 4396 4397 crypto_priv = (struct wlan_crypto_comp_priv *) 4398 wlan_get_vdev_crypto_obj(vdev); 4399 4400 if (!crypto_priv) { 4401 crypto_err("crypto_priv NULL"); 4402 return QDF_STATUS_E_FAILURE; 4403 } 4404 4405 vdev_crypto_params = &crypto_priv->crypto_params; 4406 4407 wlan_crypto_reset_prarams(vdev_crypto_params); 4408 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4409 ie_ptr, ie_len); 4410 if (QDF_IS_STATUS_SUCCESS(status)) 4411 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4412 else 4413 send_fail = true; 4414 4415 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4416 ie_ptr, ie_len); 4417 if (QDF_IS_STATUS_SUCCESS(status)) { 4418 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4419 send_fail = false; 4420 } 4421 4422 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4423 } 4424 4425 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4426 { 4427 struct wlan_crypto_comp_priv *crypto_priv; 4428 4429 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4430 if (!crypto_priv) { 4431 crypto_err("crypto_priv NULL"); 4432 return QDF_STATUS_E_FAILURE; 4433 } 4434 4435 if (igtk) 4436 return crypto_priv->def_igtk_tx_keyid; 4437 else 4438 return crypto_priv->def_tx_keyid; 4439 } 4440 4441 enum wlan_crypto_cipher_type 4442 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4443 bool pairwise, uint8_t key_index) 4444 { 4445 struct wlan_crypto_key *crypto_key; 4446 4447 crypto_key = wlan_crypto_get_key(vdev, key_index); 4448 4449 if (crypto_key) 4450 return crypto_key->cipher_type; 4451 else 4452 return WLAN_CRYPTO_CIPHER_INVALID; 4453 } 4454 4455 #ifdef CRYPTO_SET_KEY_CONVERGED 4456 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4457 uint8_t key_index, uint8_t key_len, 4458 uint8_t seq_len) 4459 { 4460 if (!is_valid_keyix(key_index)) { 4461 crypto_err("Invalid Key index %d", key_index); 4462 return QDF_STATUS_E_INVAL; 4463 } 4464 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4465 crypto_err("Invalid Cipher %d", cipher); 4466 return QDF_STATUS_E_INVAL; 4467 } 4468 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4469 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4470 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4471 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4472 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4473 crypto_err("Invalid key index %d for cipher %d", 4474 key_index, cipher); 4475 return QDF_STATUS_E_INVAL; 4476 } 4477 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4478 crypto_err("Invalid key length %d", key_len); 4479 return QDF_STATUS_E_INVAL; 4480 } 4481 4482 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4483 crypto_err("Invalid seq length %d", seq_len); 4484 return QDF_STATUS_E_INVAL; 4485 } 4486 4487 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4488 key_index, key_len, seq_len); 4489 4490 return QDF_STATUS_SUCCESS; 4491 } 4492 4493 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4494 uint8_t key_index, 4495 struct wlan_crypto_key *crypto_key) 4496 { 4497 struct wlan_crypto_comp_priv *crypto_priv; 4498 4499 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4500 if (!crypto_priv) { 4501 crypto_err("crypto_priv NULL"); 4502 return QDF_STATUS_E_FAILURE; 4503 } 4504 if (!is_valid_keyix(key_index)) { 4505 crypto_err("Invalid Key index %d", key_index); 4506 return QDF_STATUS_E_FAILURE; 4507 } 4508 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4509 crypto_priv->key[key_index] = crypto_key; 4510 } else if (is_igtk(key_index)) { 4511 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4512 crypto_key; 4513 crypto_priv->def_igtk_tx_keyid = 4514 key_index - WLAN_CRYPTO_MAXKEYIDX; 4515 crypto_priv->igtk_key_type = crypto_key->cipher_type; 4516 } else { 4517 crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4518 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4519 crypto_priv->def_bigtk_tx_keyid = 4520 key_index - WLAN_CRYPTO_MAXKEYIDX 4521 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4522 } 4523 crypto_key->valid = true; 4524 4525 return QDF_STATUS_SUCCESS; 4526 } 4527 4528 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4529 uint8_t key_index) 4530 { 4531 struct wlan_crypto_comp_priv *crypto_priv; 4532 4533 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4534 if (!crypto_priv) { 4535 crypto_err("crypto_priv NULL"); 4536 return NULL; 4537 } 4538 if (!is_valid_keyix(key_index)) { 4539 crypto_err("Invalid Key index %d", key_index); 4540 return NULL; 4541 } 4542 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4543 return crypto_priv->key[key_index]; 4544 else if (is_igtk(key_index)) 4545 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4546 else 4547 return crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4548 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4549 4550 return NULL; 4551 } 4552 4553 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4554 struct wlan_crypto_key *req, 4555 enum wlan_crypto_key_type key_type) 4556 { 4557 struct wlan_objmgr_psoc *psoc; 4558 struct wlan_lmac_if_tx_ops *tx_ops; 4559 4560 psoc = wlan_vdev_get_psoc(vdev); 4561 4562 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4563 if (!tx_ops) { 4564 crypto_err("tx_ops is NULL"); 4565 return QDF_STATUS_E_FAILURE; 4566 } 4567 4568 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4569 WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, key_type); 4570 else 4571 return QDF_STATUS_E_FAILURE; 4572 4573 return QDF_STATUS_SUCCESS; 4574 } 4575 4576 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4577 bool pairwise, uint8_t key_index, 4578 struct qdf_mac_addr *peer_mac) 4579 { 4580 struct wlan_crypto_key *crypto_key; 4581 4582 crypto_key = wlan_crypto_get_key(vdev, key_index); 4583 if (!crypto_key) { 4584 crypto_err("crypto_key not present for key_idx %d", key_index); 4585 return; 4586 } 4587 4588 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4589 } 4590 4591 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4592 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4593 struct wlan_objmgr_vdev *vdev, 4594 struct qdf_mac_addr *conn_bssid) 4595 { 4596 struct wlan_crypto_params *crypto_params; 4597 struct wlan_crypto_comp_priv *crypto_priv; 4598 int i; 4599 4600 crypto_priv = (struct wlan_crypto_comp_priv *) 4601 wlan_get_vdev_crypto_obj(vdev); 4602 4603 if (!crypto_priv) { 4604 crypto_err("crypto_priv NULL"); 4605 return; 4606 } 4607 4608 crypto_params = &crypto_priv->crypto_params; 4609 4610 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4611 if (!crypto_params->pmksa[i]) 4612 continue; 4613 4614 if (crypto_params->pmksa[i]->single_pmk_supported && 4615 !qdf_is_macaddr_equal(conn_bssid, 4616 &crypto_params->pmksa[i]->bssid)) { 4617 qdf_mem_zero(crypto_params->pmksa[i], 4618 sizeof(struct wlan_crypto_pmksa)); 4619 qdf_mem_free(crypto_params->pmksa[i]); 4620 crypto_params->pmksa[i] = NULL; 4621 } 4622 } 4623 } 4624 4625 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4626 struct qdf_mac_addr *bssid, 4627 bool single_pmk_capable_bss) 4628 { 4629 struct wlan_crypto_params *crypto_params; 4630 struct wlan_crypto_comp_priv *crypto_priv; 4631 int i; 4632 4633 crypto_priv = (struct wlan_crypto_comp_priv *) 4634 wlan_get_vdev_crypto_obj(vdev); 4635 4636 if (!crypto_priv) { 4637 crypto_err("crypto_priv NULL"); 4638 return; 4639 } 4640 4641 crypto_params = &crypto_priv->crypto_params; 4642 4643 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4644 if (!crypto_params->pmksa[i]) 4645 continue; 4646 4647 if (qdf_is_macaddr_equal(bssid, 4648 &crypto_params->pmksa[i]->bssid)) 4649 crypto_params->pmksa[i]->single_pmk_supported = 4650 single_pmk_capable_bss; 4651 } 4652 } 4653 #endif 4654 4655 void wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev *vdev) 4656 { 4657 struct wlan_crypto_comp_priv *crypto_priv; 4658 4659 crypto_debug("reset params for vdev %d", wlan_vdev_get_id(vdev)); 4660 crypto_priv = (struct wlan_crypto_comp_priv *) 4661 wlan_get_vdev_crypto_obj(vdev); 4662 4663 if (!crypto_priv) { 4664 crypto_err("crypto_priv NULL"); 4665 return; 4666 } 4667 4668 wlan_crypto_reset_prarams(&crypto_priv->crypto_params); 4669 } 4670 #endif 4671 4672 #ifdef WLAN_FEATURE_FILS_SK 4673 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len, 4674 uint8_t *rik, uint32_t *rik_len) 4675 { 4676 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN]; 4677 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL; 4678 QDF_STATUS status; 4679 4680 if (!rrk || !rik) { 4681 crypto_err("FILS rrk/rik NULL"); 4682 return QDF_STATUS_E_FAILURE; 4683 } 4684 4685 optional_data[0] = HMAC_SHA256_128; 4686 /* basic validation */ 4687 if (rrk_len <= 0) { 4688 crypto_err("invalid r_rk length %d", rrk_len); 4689 return QDF_STATUS_E_FAILURE; 4690 } 4691 4692 wlan_crypto_put_be16(&optional_data[1], rrk_len); 4693 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data, 4694 sizeof(optional_data), rik, 4695 rrk_len); 4696 if (QDF_IS_STATUS_ERROR(status)) { 4697 crypto_err("failed to create rik"); 4698 return status; 4699 } 4700 *rik_len = rrk_len; 4701 4702 return QDF_STATUS_SUCCESS; 4703 } 4704 #endif /* WLAN_FEATURE_FILS_SK */ 4705