1 /* 2 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved. 3 * Copyright (c) 2021-2022 Qualcomm Innovation Center, Inc. All rights reserved. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for 6 * any purpose with or without fee is hereby granted, provided that the 7 * above copyright notice and this permission notice appear in all 8 * copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /** 21 * DOC: Public APIs for crypto service 22 */ 23 24 #include <qdf_types.h> 25 #include <wlan_cmn.h> 26 #include <wlan_objmgr_cmn.h> 27 #include <wlan_objmgr_global_obj.h> 28 #include <wlan_objmgr_psoc_obj.h> 29 #include <wlan_objmgr_pdev_obj.h> 30 #include <wlan_objmgr_vdev_obj.h> 31 #include <wlan_objmgr_peer_obj.h> 32 #include <wlan_utility.h> 33 #include <wlan_cp_stats_utils_api.h> 34 35 #include "wlan_crypto_global_def.h" 36 #include "wlan_crypto_global_api.h" 37 #include "wlan_crypto_def_i.h" 38 #include "wlan_crypto_param_handling_i.h" 39 #include "wlan_crypto_obj_mgr_i.h" 40 #include "wlan_crypto_main.h" 41 #include <qdf_module.h> 42 43 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 44 45 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 46 WLAN_CRYPTO_ADDSELECTOR(frm,\ 47 wlan_crypto_wpa_cipher_to_suite(cipher)) 48 49 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 50 WLAN_CRYPTO_ADDSELECTOR(frm,\ 51 wlan_crypto_rsn_cipher_to_suite(cipher)) 52 53 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 54 WLAN_CRYPTO_ADDSELECTOR(frm,\ 55 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 56 57 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 58 WLAN_CRYPTO_ADDSELECTOR(frm,\ 59 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 60 61 static int is_valid_keyix(uint16_t keyix) 62 { 63 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX 64 + WLAN_CRYPTO_MAXBIGTKKEYIDX)) 65 return 0; 66 else 67 return 1; 68 } 69 70 static int is_igtk(uint16_t keyix) 71 { 72 if (keyix < WLAN_CRYPTO_MAXKEYIDX) 73 return 0; 74 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX) 75 return 0; 76 else 77 return 1; 78 } 79 80 static int is_bigtk(uint16_t keyix) 81 { 82 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 83 return 0; 84 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX 85 >= WLAN_CRYPTO_MAXBIGTKKEYIDX) 86 return 0; 87 else 88 return 1; 89 } 90 91 /** 92 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 93 * @vdev:vdev 94 * 95 * This function gets called by mlme to get crypto params 96 * 97 * Return: wlan_crypto_params or NULL in case of failure 98 */ 99 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 100 struct wlan_objmgr_vdev *vdev, 101 struct wlan_crypto_comp_priv **crypto_priv){ 102 *crypto_priv = (struct wlan_crypto_comp_priv *) 103 wlan_get_vdev_crypto_obj(vdev); 104 if (!(*crypto_priv)) { 105 crypto_err("crypto_priv NULL"); 106 return NULL; 107 } 108 109 return &((*crypto_priv)->crypto_params); 110 } 111 112 /** 113 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 114 * @peer:peer 115 * 116 * This function gets called by mlme to get crypto params 117 * 118 * Return: wlan_crypto_params or NULL in case of failure 119 */ 120 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 121 struct wlan_objmgr_peer *peer, 122 struct wlan_crypto_comp_priv **crypto_priv){ 123 124 *crypto_priv = (struct wlan_crypto_comp_priv *) 125 wlan_get_peer_crypto_obj(peer); 126 if (!*crypto_priv) { 127 crypto_err("crypto_priv NULL"); 128 return NULL; 129 } 130 131 return &((*crypto_priv)->crypto_params); 132 } 133 134 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 135 { 136 return QDF_STATUS_SUCCESS; 137 } 138 139 /** 140 * wlan_crypto_set_param - called by ucfg to set crypto param 141 * @crypto_params: crypto_params 142 * @param: param to be set. 143 * @value: value 144 * 145 * This function gets called from ucfg to set param 146 * 147 * Return: QDF_STATUS_SUCCESS - in case of success 148 */ 149 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 150 wlan_crypto_param_type param, 151 uint32_t value){ 152 QDF_STATUS status = QDF_STATUS_E_INVAL; 153 154 crypto_debug("param %d, value %d", param, value); 155 switch (param) { 156 case WLAN_CRYPTO_PARAM_AUTH_MODE: 157 status = wlan_crypto_set_authmode(crypto_params, value); 158 break; 159 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 160 status = wlan_crypto_set_ucastciphers(crypto_params, value); 161 break; 162 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 163 status = wlan_crypto_set_mcastcipher(crypto_params, value); 164 break; 165 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 166 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 167 break; 168 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 169 status = wlan_crypto_set_cipher_cap(crypto_params, value); 170 break; 171 case WLAN_CRYPTO_PARAM_RSN_CAP: 172 status = wlan_crypto_set_rsn_cap(crypto_params, value); 173 break; 174 case WLAN_CRYPTO_PARAM_KEY_MGMT: 175 status = wlan_crypto_set_key_mgmt(crypto_params, value); 176 break; 177 default: 178 status = QDF_STATUS_E_INVAL; 179 } 180 return status; 181 } 182 183 /** 184 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 185 * @vdev: vdev 186 * @param: param to be set. 187 * @value: value 188 * 189 * This function gets called from ucfg to set param 190 * 191 * Return: QDF_STATUS_SUCCESS - in case of success 192 */ 193 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 194 wlan_crypto_param_type param, 195 uint32_t value){ 196 QDF_STATUS status = QDF_STATUS_E_INVAL; 197 struct wlan_crypto_comp_priv *crypto_priv; 198 struct wlan_crypto_params *crypto_params; 199 200 crypto_priv = (struct wlan_crypto_comp_priv *) 201 wlan_get_vdev_crypto_obj(vdev); 202 203 if (!crypto_priv) { 204 crypto_err("crypto_priv NULL"); 205 return QDF_STATUS_E_INVAL; 206 } 207 208 crypto_params = &(crypto_priv->crypto_params); 209 210 status = wlan_crypto_set_param(crypto_params, param, value); 211 212 return status; 213 } 214 215 /** 216 * wlan_crypto_set_param - called by ucfg to set crypto param 217 * 218 * @peer: peer 219 * @param: param to be set. 220 * @value: value 221 * 222 * This function gets called from ucfg to set param 223 * 224 * Return: QDF_STATUS_SUCCESS - in case of success 225 */ 226 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 227 wlan_crypto_param_type param, 228 uint32_t value){ 229 QDF_STATUS status = QDF_STATUS_E_INVAL; 230 struct wlan_crypto_comp_priv *crypto_priv; 231 struct wlan_crypto_params *crypto_params; 232 233 crypto_params = wlan_crypto_peer_get_comp_params(peer, 234 &crypto_priv); 235 236 if (!crypto_priv) { 237 crypto_err("crypto_priv NULL"); 238 return QDF_STATUS_E_INVAL; 239 } 240 241 crypto_params = &(crypto_priv->crypto_params); 242 243 status = wlan_crypto_set_param(crypto_params, param, value); 244 245 return status; 246 } 247 248 /** 249 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 250 * @param: Crypto param type 251 * @crypto_params: Crypto params struct 252 * 253 * This function gets called from in-within crypto layer 254 * 255 * Return: value or -1 for failure 256 */ 257 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 258 struct wlan_crypto_params *crypto_params) 259 { 260 int32_t value; 261 262 switch (param) { 263 case WLAN_CRYPTO_PARAM_AUTH_MODE: 264 value = wlan_crypto_get_authmode(crypto_params); 265 break; 266 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 267 value = wlan_crypto_get_ucastciphers(crypto_params); 268 break; 269 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 270 value = wlan_crypto_get_mcastcipher(crypto_params); 271 break; 272 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 273 value = wlan_crypto_get_mgmtciphers(crypto_params); 274 break; 275 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 276 value = wlan_crypto_get_cipher_cap(crypto_params); 277 break; 278 case WLAN_CRYPTO_PARAM_RSN_CAP: 279 value = wlan_crypto_get_rsn_cap(crypto_params); 280 break; 281 case WLAN_CRYPTO_PARAM_KEY_MGMT: 282 value = wlan_crypto_get_key_mgmt(crypto_params); 283 break; 284 default: 285 value = -1; 286 } 287 288 return value; 289 } 290 291 /** 292 * wlan_crypto_get_param - called to get value for param from vdev 293 * @vdev: vdev 294 * @param: Crypto param type 295 * 296 * This function gets called to get value for param from vdev 297 * 298 * Return: value or -1 for failure 299 */ 300 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 301 wlan_crypto_param_type param) 302 { 303 int32_t value = -1; 304 struct wlan_crypto_comp_priv *crypto_priv; 305 struct wlan_crypto_params *crypto_params; 306 crypto_priv = (struct wlan_crypto_comp_priv *) 307 wlan_get_vdev_crypto_obj(vdev); 308 309 if (!crypto_priv) { 310 crypto_err("crypto_priv NULL"); 311 return value; 312 } 313 314 crypto_params = &(crypto_priv->crypto_params); 315 value = wlan_crypto_get_param_value(param, crypto_params); 316 317 return value; 318 } 319 /** 320 * wlan_crypto_get_peer_param - called to get value for param from peer 321 * @peer: peer 322 * @param: Crypto param type 323 * 324 * This function gets called to get value for param from peer 325 * 326 * Return: value or -1 for failure 327 */ 328 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 329 wlan_crypto_param_type param) 330 { 331 int32_t value = -1; 332 struct wlan_crypto_comp_priv *crypto_priv; 333 struct wlan_crypto_params *crypto_params; 334 335 crypto_params = wlan_crypto_peer_get_comp_params(peer, 336 &crypto_priv); 337 338 if (!crypto_params) { 339 crypto_err("crypto_params NULL"); 340 return value; 341 } 342 value = wlan_crypto_get_param_value(param, crypto_params); 343 344 return value; 345 } 346 qdf_export_symbol(wlan_crypto_get_peer_param); 347 348 static 349 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 350 struct wlan_crypto_pmksa *pmksa); 351 352 static 353 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 354 struct wlan_crypto_pmksa *pmksa) 355 { 356 uint8_t i, first_available_slot = 0; 357 bool slot_found = false; 358 359 /* Delete the old entry and then Add new entry */ 360 wlan_crypto_del_pmksa(crypto_params, pmksa); 361 362 /* find the empty slot as duplicate is already deleted */ 363 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 364 if (!crypto_params->pmksa[i]) { 365 slot_found = true; 366 first_available_slot = i; 367 break; 368 } 369 } 370 371 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 372 crypto_err("no entry available for pmksa"); 373 return QDF_STATUS_E_INVAL; 374 } 375 crypto_params->pmksa[first_available_slot] = pmksa; 376 crypto_debug("PMKSA: Added the PMKSA entry at index=%d", 377 first_available_slot); 378 379 return QDF_STATUS_SUCCESS; 380 } 381 382 static 383 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 384 struct wlan_crypto_pmksa *pmksa) 385 { 386 uint8_t i, j, valid_entries_in_table = 0; 387 bool match_found = false; 388 u8 del_pmk[MAX_PMK_LEN] = {0}; 389 390 /* find slot with same bssid */ 391 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 392 if (!crypto_params->pmksa[i]) 393 continue; 394 395 valid_entries_in_table++; 396 397 if (!pmksa->ssid_len && 398 !qdf_is_macaddr_zero(&pmksa->bssid) && 399 qdf_is_macaddr_equal(&pmksa->bssid, 400 &crypto_params->pmksa[i]->bssid)) { 401 match_found = true; 402 } else if (pmksa->ssid_len && 403 !qdf_mem_cmp(pmksa->ssid, 404 crypto_params->pmksa[i]->ssid, 405 pmksa->ssid_len) && 406 !qdf_mem_cmp(pmksa->cache_id, 407 crypto_params->pmksa[i]->cache_id, 408 WLAN_CACHE_ID_LEN)) { 409 match_found = true; 410 } 411 412 if (match_found) { 413 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk, 414 crypto_params->pmksa[i]->pmk_len); 415 /* Free matching entry */ 416 qdf_mem_zero(crypto_params->pmksa[i], 417 sizeof(struct wlan_crypto_pmksa)); 418 qdf_mem_free(crypto_params->pmksa[i]); 419 crypto_params->pmksa[i] = NULL; 420 crypto_debug("PMKSA: Deleted PMKSA entry at index=%d", 421 i); 422 423 /* Find and remove the entries matching the pmk */ 424 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) { 425 if (!crypto_params->pmksa[j]) 426 continue; 427 if (crypto_params->pmksa[j]->pmk_len && 428 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk, 429 del_pmk, 430 crypto_params->pmksa[j]->pmk_len))) { 431 qdf_mem_zero(crypto_params->pmksa[j], 432 sizeof(struct wlan_crypto_pmksa)); 433 qdf_mem_free(crypto_params->pmksa[j]); 434 crypto_params->pmksa[j] = NULL; 435 crypto_debug("PMKSA: Deleted PMKSA at idx=%d", 436 j); 437 } 438 } 439 /* reset stored pmk */ 440 qdf_mem_zero(del_pmk, MAX_PMK_LEN); 441 442 return QDF_STATUS_SUCCESS; 443 } 444 } 445 446 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found) 447 crypto_debug("No such pmksa entry exists: valid entries:%d", 448 valid_entries_in_table); 449 450 return QDF_STATUS_SUCCESS; 451 } 452 453 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 454 { 455 uint8_t i; 456 457 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 458 if (!crypto_params->pmksa[i]) 459 continue; 460 qdf_mem_zero(crypto_params->pmksa[i], 461 sizeof(struct wlan_crypto_pmksa)); 462 qdf_mem_free(crypto_params->pmksa[i]); 463 crypto_params->pmksa[i] = NULL; 464 } 465 466 crypto_debug("Flushed the pmksa table"); 467 468 return QDF_STATUS_SUCCESS; 469 } 470 471 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 472 struct wlan_crypto_pmksa *pmksa, 473 bool set) 474 { 475 QDF_STATUS status = QDF_STATUS_E_INVAL; 476 struct wlan_crypto_comp_priv *crypto_priv; 477 struct wlan_crypto_params *crypto_params; 478 struct wlan_crypto_pmksa *pmkid_cache = NULL; 479 enum QDF_OPMODE op_mode; 480 481 op_mode = wlan_vdev_mlme_get_opmode(vdev); 482 483 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 484 return QDF_STATUS_E_NOSUPPORT; 485 486 if (!pmksa && set) { 487 crypto_err("pmksa is NULL for set operation"); 488 return QDF_STATUS_E_INVAL; 489 } 490 crypto_priv = (struct wlan_crypto_comp_priv *) 491 wlan_get_vdev_crypto_obj(vdev); 492 493 if (!crypto_priv) { 494 crypto_err("crypto_priv NULL"); 495 return QDF_STATUS_E_INVAL; 496 } 497 498 crypto_params = &crypto_priv->crypto_params; 499 if (set) { 500 pmkid_cache = wlan_crypto_get_pmksa(vdev, &pmksa->bssid); 501 if (pmkid_cache && (pmksa->pmk_len && 502 pmksa->pmk_len == pmkid_cache->pmk_len && 503 !qdf_mem_cmp(pmkid_cache->pmk, pmksa->pmk, 504 pmksa->pmk_len))) { 505 crypto_debug("PMKSA entry found with same PMK"); 506 pmkid_cache = NULL; 507 return QDF_STATUS_E_EXISTS; 508 } 509 510 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 511 /* Set pmksa */ 512 } else { 513 /* del pmksa */ 514 if (!pmksa) 515 status = wlan_crypto_pmksa_flush(crypto_params); 516 else 517 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 518 } 519 520 return status; 521 } 522 523 QDF_STATUS wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev *vdev, 524 struct wlan_crypto_pmksa *pmksa) 525 { 526 QDF_STATUS status = QDF_STATUS_E_INVAL; 527 struct wlan_crypto_pmksa *cached_pmksa; 528 struct wlan_crypto_comp_priv *crypto_priv; 529 struct wlan_crypto_params *crypto_params; 530 uint8_t mdie_present, i; 531 uint16_t mobility_domain; 532 533 if (!pmksa) { 534 crypto_err("pmksa is NULL for set operation"); 535 return status; 536 } 537 538 crypto_priv = (struct wlan_crypto_comp_priv *) 539 wlan_get_vdev_crypto_obj(vdev); 540 if (!crypto_priv) { 541 crypto_err("crypto_priv NULL"); 542 return status; 543 } 544 545 crypto_params = &crypto_priv->crypto_params; 546 547 if (pmksa->mdid.mdie_present) { 548 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 549 if (!crypto_params->pmksa[i]) 550 continue; 551 cached_pmksa = crypto_params->pmksa[i]; 552 mdie_present = cached_pmksa->mdid.mdie_present; 553 mobility_domain = cached_pmksa->mdid.mobility_domain; 554 555 /* In FT connection when STA connects to AP1 then PMK1 556 * gets cached. And if STA disconnects from AP1 and 557 * connects to AP2 then PMK2 gets cached. This will 558 * result in having multiple PMK cache entries for the 559 * same MDID. So delete the old/stale PMK cache entries 560 * for the same mobility domain as of the newly added 561 * entry. And Update the MDID for the matching BSSID or 562 * SSID PMKSA entry. 563 */ 564 if (qdf_is_macaddr_equal 565 (&cached_pmksa->bssid, &pmksa->bssid)) { 566 cached_pmksa->mdid.mdie_present = 1; 567 cached_pmksa->mdid.mobility_domain = 568 pmksa->mdid.mobility_domain; 569 crypto_debug("Updated the MDID at index=%d", i); 570 status = QDF_STATUS_SUCCESS; 571 } else if (pmksa->ssid_len && 572 !qdf_mem_cmp(pmksa->ssid, 573 cached_pmksa->ssid, 574 pmksa->ssid_len) && 575 !qdf_mem_cmp(pmksa->cache_id, 576 cached_pmksa->cache_id, 577 WLAN_CACHE_ID_LEN)) { 578 cached_pmksa->mdid.mdie_present = 1; 579 cached_pmksa->mdid.mobility_domain = 580 pmksa->mdid.mobility_domain; 581 crypto_debug("Updated the MDID at index=%d", i); 582 status = QDF_STATUS_SUCCESS; 583 } else if (mdie_present && 584 (pmksa->mdid.mobility_domain == 585 mobility_domain)) { 586 qdf_mem_zero(crypto_params->pmksa[i], 587 sizeof(struct wlan_crypto_pmksa)); 588 qdf_mem_free(crypto_params->pmksa[i]); 589 crypto_params->pmksa[i] = NULL; 590 crypto_debug("Deleted PMKSA at index=%d", i); 591 status = QDF_STATUS_SUCCESS; 592 } 593 } 594 } 595 return status; 596 } 597 598 struct wlan_crypto_pmksa * 599 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev, 600 struct wlan_crypto_pmksa *pmksa) 601 { 602 struct wlan_crypto_comp_priv *crypto_priv; 603 struct wlan_crypto_params *crypto_params; 604 uint8_t i; 605 606 if (!pmksa) { 607 crypto_err("pmksa is NULL"); 608 return NULL; 609 } 610 crypto_priv = (struct wlan_crypto_comp_priv *) 611 wlan_get_vdev_crypto_obj(vdev); 612 613 if (!crypto_priv) { 614 crypto_err("crypto_priv NULL"); 615 return NULL; 616 } 617 618 crypto_params = &crypto_priv->crypto_params; 619 620 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 621 if (!crypto_params->pmksa[i]) 622 continue; 623 624 if (pmksa->ssid_len && 625 !qdf_mem_cmp(pmksa->ssid, 626 crypto_params->pmksa[i]->ssid, 627 pmksa->ssid_len) && 628 !qdf_mem_cmp(pmksa->cache_id, 629 crypto_params->pmksa[i]->cache_id, 630 WLAN_CACHE_ID_LEN)) { 631 return crypto_params->pmksa[i]; 632 } else if (!pmksa->ssid_len && 633 !qdf_is_macaddr_zero(&pmksa->bssid) && 634 qdf_is_macaddr_equal(&pmksa->bssid, 635 &crypto_params->pmksa[i]->bssid)) { 636 return crypto_params->pmksa[i]; 637 } 638 } 639 640 return NULL; 641 } 642 643 struct wlan_crypto_pmksa * 644 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 645 { 646 struct wlan_crypto_comp_priv *crypto_priv; 647 struct wlan_crypto_params *crypto_params; 648 uint8_t i; 649 650 if (!bssid) { 651 crypto_err("bssid is NULL"); 652 return NULL; 653 } 654 crypto_priv = (struct wlan_crypto_comp_priv *) 655 wlan_get_vdev_crypto_obj(vdev); 656 657 if (!crypto_priv) { 658 crypto_err("crypto_priv NULL"); 659 return NULL; 660 } 661 662 crypto_params = &crypto_priv->crypto_params; 663 664 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 665 if (!crypto_params->pmksa[i]) 666 continue; 667 if (qdf_is_macaddr_equal(bssid, 668 &crypto_params->pmksa[i]->bssid)) { 669 crypto_debug("PMKSA: Entry found at index %d", i); 670 return crypto_params->pmksa[i]; 671 } 672 } 673 674 return NULL; 675 } 676 677 struct wlan_crypto_pmksa * 678 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev, 679 uint8_t *cache_id, uint8_t *ssid, 680 uint8_t ssid_len) 681 { 682 struct wlan_crypto_comp_priv *crypto_priv; 683 struct wlan_crypto_params *crypto_params; 684 uint8_t i; 685 686 crypto_priv = (struct wlan_crypto_comp_priv *) 687 wlan_get_vdev_crypto_obj(vdev); 688 689 if (!crypto_priv) { 690 crypto_err("crypto_priv NULL"); 691 return NULL; 692 } 693 694 crypto_params = &crypto_priv->crypto_params; 695 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 696 if (!crypto_params->pmksa[i]) 697 continue; 698 699 if (!qdf_mem_cmp(cache_id, 700 crypto_params->pmksa[i]->cache_id, 701 WLAN_CACHE_ID_LEN) && 702 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid, 703 ssid_len) && 704 ssid_len == crypto_params->pmksa[i]->ssid_len) 705 return crypto_params->pmksa[i]; 706 } 707 708 return NULL; 709 } 710 711 /** 712 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 713 * @vdev: vdev 714 * @peer: peer 715 * 716 * This function gets called to check is HT allowed for cipher. 717 * HT is not allowed for wep and tkip. 718 * 719 * Return: 0 - not allowed or 1 - allowed 720 */ 721 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 722 struct wlan_objmgr_peer *peer) 723 { 724 int32_t ucast_cipher; 725 726 if (!(vdev || peer)) { 727 crypto_err("Invalid params"); 728 return 0; 729 } 730 731 if (vdev) 732 ucast_cipher = wlan_crypto_get_param(vdev, 733 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 734 else 735 ucast_cipher = wlan_crypto_get_peer_param(peer, 736 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 737 738 if (ucast_cipher == -1) { 739 crypto_err("Invalid params"); 740 return 0; 741 } 742 743 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 744 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 745 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 746 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 747 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 748 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 749 } 750 qdf_export_symbol(wlan_crypto_is_htallowed); 751 752 /** 753 * wlan_crypto_setkey - called by ucfg to setkey 754 * @vdev: vdev 755 * @req_key: req_key with cipher type, key macaddress 756 * 757 * This function gets called from ucfg to sey key 758 * 759 * Return: QDF_STATUS_SUCCESS - in case of success 760 */ 761 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 762 struct wlan_crypto_req_key *req_key){ 763 764 QDF_STATUS status = QDF_STATUS_E_INVAL; 765 struct wlan_crypto_comp_priv *crypto_priv; 766 struct wlan_crypto_params *crypto_params; 767 struct wlan_objmgr_psoc *psoc; 768 struct wlan_objmgr_peer *peer = NULL; 769 struct wlan_crypto_key *key = NULL; 770 const struct wlan_crypto_cipher *cipher; 771 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 772 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 773 bool isbcast; 774 enum QDF_OPMODE vdev_mode; 775 uint8_t igtk_idx = 0; 776 uint8_t bigtk_idx = 0; 777 struct wlan_lmac_if_tx_ops *tx_ops; 778 779 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 780 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 781 return QDF_STATUS_E_INVAL; 782 } 783 784 isbcast = qdf_is_macaddr_group( 785 (struct qdf_mac_addr *)req_key->macaddr); 786 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 787 /* zero length keys, only set default key id if flags are set*/ 788 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 789 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 790 && (!IS_MGMT_CIPHER(req_key->type))) { 791 wlan_crypto_default_key(vdev, 792 req_key->macaddr, 793 req_key->keyix, 794 !isbcast); 795 return QDF_STATUS_SUCCESS; 796 } 797 crypto_err("req_key len zero"); 798 return QDF_STATUS_E_INVAL; 799 } 800 801 cipher = wlan_crypto_cipher_ops[req_key->type]; 802 803 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 804 crypto_err("cipher invalid"); 805 return QDF_STATUS_E_INVAL; 806 } 807 808 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 809 (!IS_MGMT_CIPHER(req_key->type)) && 810 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 811 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 812 crypto_err("cipher invalid"); 813 return QDF_STATUS_E_INVAL; 814 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 815 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 816 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 817 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 818 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 819 return QDF_STATUS_E_INVAL; 820 } 821 822 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 823 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 824 | WLAN_CRYPTO_KEY_RECV)) { 825 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 826 | WLAN_CRYPTO_KEY_RECV); 827 } 828 } else { 829 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX) 830 && (!IS_MGMT_CIPHER(req_key->type))) { 831 return QDF_STATUS_E_INVAL; 832 } 833 834 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 835 | WLAN_CRYPTO_KEY_RECV); 836 if (isbcast) 837 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 838 } 839 840 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 841 842 wlan_vdev_obj_lock(vdev); 843 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 844 QDF_MAC_ADDR_SIZE); 845 psoc = wlan_vdev_get_psoc(vdev); 846 if (!psoc) { 847 wlan_vdev_obj_unlock(vdev); 848 crypto_err("psoc NULL"); 849 return QDF_STATUS_E_INVAL; 850 } 851 wlan_vdev_obj_unlock(vdev); 852 853 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 854 if (wlan_crypto_vdev_has_auth_mode(vdev, 855 (1 << WLAN_CRYPTO_AUTH_8021X))) { 856 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 857 } 858 } 859 860 if (isbcast) { 861 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 862 &crypto_priv); 863 if (!crypto_priv) { 864 crypto_err("crypto_priv NULL"); 865 return QDF_STATUS_E_INVAL; 866 } 867 868 if (IS_MGMT_CIPHER(req_key->type)) { 869 struct wlan_crypto_key *crypto_key = NULL; 870 871 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 872 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 873 if (!is_igtk(req_key->keyix) && 874 !(is_bigtk(req_key->keyix))) { 875 crypto_err("igtk/bigtk key invalid keyid %d", 876 req_key->keyix); 877 return QDF_STATUS_E_INVAL; 878 } 879 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 880 if (!key) 881 return QDF_STATUS_E_NOMEM; 882 883 884 if (is_igtk(req_key->keyix)) { 885 crypto_key = crypto_priv->igtk_key[igtk_idx]; 886 if (crypto_key) 887 qdf_mem_free(crypto_key); 888 889 crypto_priv->igtk_key[igtk_idx] = key; 890 crypto_priv->igtk_key_type = req_key->type; 891 crypto_priv->def_igtk_tx_keyid = igtk_idx; 892 bigtk_idx = 0; 893 } else { 894 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 895 if (crypto_key) 896 qdf_mem_free(crypto_key); 897 898 crypto_priv->bigtk_key[bigtk_idx] = key; 899 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 900 igtk_idx = 0; 901 } 902 } else { 903 if (IS_FILS_CIPHER(req_key->type)) { 904 crypto_err("FILS key is not for BroadCast pkt"); 905 return QDF_STATUS_E_INVAL; 906 } 907 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 908 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 909 return QDF_STATUS_E_INVAL; 910 } 911 if (!crypto_priv->key[req_key->keyix]) { 912 crypto_priv->key[req_key->keyix] 913 = qdf_mem_malloc( 914 sizeof(struct wlan_crypto_key)); 915 if (!crypto_priv->key[req_key->keyix]) 916 return QDF_STATUS_E_NOMEM; 917 } 918 key = crypto_priv->key[req_key->keyix]; 919 crypto_priv->def_tx_keyid = req_key->keyix; 920 } 921 if (vdev_mode == QDF_STA_MODE) { 922 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 923 WLAN_CRYPTO_ID); 924 if (!peer) { 925 crypto_err("peer NULL"); 926 if (IS_MGMT_CIPHER(req_key->type)) { 927 crypto_priv->igtk_key[igtk_idx] = NULL; 928 crypto_priv->bigtk_key[bigtk_idx] 929 = NULL; 930 crypto_priv->igtk_key_type 931 = WLAN_CRYPTO_CIPHER_NONE; 932 } else 933 crypto_priv->key[req_key->keyix] = NULL; 934 if (key) 935 qdf_mem_free(key); 936 return QDF_STATUS_E_INVAL; 937 } 938 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 939 QDF_MAC_ADDR_SIZE); 940 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 941 peer = NULL; 942 } 943 } else { 944 uint8_t pdev_id; 945 946 pdev_id = wlan_objmgr_pdev_get_pdev_id( 947 wlan_vdev_get_pdev(vdev)); 948 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 949 psoc, 950 pdev_id, 951 macaddr, 952 req_key->macaddr, 953 WLAN_CRYPTO_ID); 954 955 if (!peer) { 956 crypto_err("peer NULL"); 957 return QDF_STATUS_E_INVAL; 958 } 959 960 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 961 crypto_params = wlan_crypto_peer_get_comp_params(peer, 962 &crypto_priv); 963 964 if (!crypto_priv) { 965 crypto_err("crypto_priv NULL"); 966 status = QDF_STATUS_E_INVAL; 967 goto err; 968 } 969 if (IS_MGMT_CIPHER(req_key->type)) { 970 struct wlan_crypto_key *crypto_key = NULL; 971 972 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 973 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 974 if (!is_igtk(req_key->keyix) && 975 !(is_bigtk(req_key->keyix))) { 976 crypto_err("igtk/bigtk key invalid keyid %d", 977 req_key->keyix); 978 status = QDF_STATUS_E_INVAL; 979 goto err; 980 } 981 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 982 if (!key) { 983 status = QDF_STATUS_E_NOMEM; 984 goto err; 985 } 986 987 if (is_igtk(req_key->keyix)) { 988 crypto_key = crypto_priv->igtk_key[igtk_idx]; 989 if (crypto_key) 990 qdf_mem_free(crypto_key); 991 992 crypto_priv->igtk_key[igtk_idx] = key; 993 crypto_priv->igtk_key_type = req_key->type; 994 crypto_priv->def_igtk_tx_keyid = igtk_idx; 995 } else { 996 crypto_key = crypto_priv->bigtk_key[bigtk_idx]; 997 if (crypto_key) 998 qdf_mem_free(crypto_key); 999 1000 crypto_priv->bigtk_key[bigtk_idx] = key; 1001 crypto_priv->def_bigtk_tx_keyid = bigtk_idx; 1002 } 1003 } else { 1004 uint16_t kid = req_key->keyix; 1005 if (kid == WLAN_CRYPTO_KEYIX_NONE) 1006 kid = 0; 1007 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) { 1008 crypto_err("invalid keyid %d", kid); 1009 status = QDF_STATUS_E_INVAL; 1010 goto err; 1011 } 1012 if (!crypto_priv->key[kid]) { 1013 crypto_priv->key[kid] 1014 = qdf_mem_malloc( 1015 sizeof(struct wlan_crypto_key)); 1016 if (!crypto_priv->key[kid]) { 1017 status = QDF_STATUS_E_NOMEM; 1018 goto err; 1019 } 1020 } 1021 key = crypto_priv->key[kid]; 1022 } 1023 } 1024 1025 /* alloc key might not required as it is already there */ 1026 key->cipher_table = (void *)cipher; 1027 key->keylen = req_key->keylen; 1028 key->flags = req_key->flags; 1029 1030 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 1031 key->keyix = 0; 1032 else 1033 key->keyix = req_key->keyix; 1034 1035 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 1036 && (!IS_MGMT_CIPHER(req_key->type))) { 1037 crypto_priv->def_tx_keyid = key->keyix; 1038 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 1039 } 1040 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 1041 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 1042 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 1043 0x5c, 0x36, 0x5c, 0x36, 1044 0x5c, 0x36, 0x5c, 0x36, 1045 0x5c, 0x36, 0x5c, 0x37}; 1046 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 1047 0x5c, 0x36, 0x5c, 0x36, 1048 0x5c, 0x36, 0x5c, 0x36, 1049 0x5c, 0x36, 0x5c, 0x36}; 1050 1051 /* During Tx PN should be increment and 1052 * send but as per our implementation we increment only after 1053 * Tx complete. So First packet PN check will be failed. 1054 * To compensate increment the PN here by 2 1055 */ 1056 if (vdev_mode == QDF_SAP_MODE) { 1057 iv_AP[15] += 2; 1058 qdf_mem_copy(key->recviv, iv_STA, 1059 WLAN_CRYPTO_WAPI_IV_SIZE); 1060 qdf_mem_copy(key->txiv, iv_AP, 1061 WLAN_CRYPTO_WAPI_IV_SIZE); 1062 } else { 1063 iv_STA[15] += 2; 1064 qdf_mem_copy(key->recviv, iv_AP, 1065 WLAN_CRYPTO_WAPI_IV_SIZE); 1066 qdf_mem_copy(key->txiv, iv_STA, 1067 WLAN_CRYPTO_WAPI_IV_SIZE); 1068 } 1069 } else { 1070 uint8_t i = 0; 1071 qdf_mem_copy((uint8_t *)(&key->keytsc), 1072 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 1073 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 1074 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 1075 (uint8_t *)(&req_key->keyrsc), 1076 sizeof(key->keyrsc[0])); 1077 } 1078 } 1079 1080 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1081 if (!tx_ops) { 1082 crypto_err("tx_ops is NULL"); 1083 status = QDF_STATUS_E_INVAL; 1084 goto err; 1085 } 1086 1087 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 1088 key->valid = 1; 1089 if ((IS_MGMT_CIPHER(req_key->type))) { 1090 uint32_t mgmt_cipher = 0; 1091 1092 if (HAS_CIPHER_CAP(crypto_params, 1093 WLAN_CRYPTO_CAP_PMF_OFFLOAD) || 1094 is_bigtk(req_key->keyix)) { 1095 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1096 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, 1097 key, macaddr, req_key->type); 1098 } 1099 } 1100 QDF_SET_PARAM(mgmt_cipher, req_key->type); 1101 wlan_crypto_set_mgmtcipher(crypto_params, mgmt_cipher); 1102 status = wlan_crypto_set_igtk_key(key); 1103 } else if (IS_FILS_CIPHER(req_key->type)) { 1104 /* Take request key object to FILS setkey */ 1105 key->private = req_key; 1106 } else { 1107 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 1108 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key, macaddr, 1109 req_key->type); 1110 } 1111 } 1112 if (cipher) 1113 status = cipher->setkey(key); 1114 1115 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 1116 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 1117 (!IS_MGMT_CIPHER(req_key->type)) && isbcast) { 1118 /* default xmit key */ 1119 wlan_crypto_default_key(vdev, 1120 req_key->macaddr, 1121 req_key->keyix, 1122 !isbcast); 1123 /*Iterate through the peer list on this vdev 1124 *and store the keyix in the peer's crypto_priv 1125 */ 1126 wlan_objmgr_iterate_peerobj_list(vdev, store_def_keyix_peer, 1127 (void *)&req_key->keyix, 1128 WLAN_CRYPTO_ID); 1129 1130 } 1131 err: 1132 if (peer) 1133 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1134 return status; 1135 } 1136 1137 /** 1138 * store_def_keyix_peer - store default keyix 1139 * @vdev: vdev 1140 * @object: Peer object 1141 * @arg: Argument passed by caller 1142 * 1143 * This function gets called from wlan_crypto_setkey 1144 * 1145 * Return: None 1146 */ 1147 void store_def_keyix_peer(struct wlan_objmgr_vdev *vdev, void *object, 1148 void *arg) 1149 { 1150 struct wlan_objmgr_peer *peer = NULL; 1151 struct wlan_crypto_comp_priv *crypto_priv; 1152 struct wlan_crypto_params *crypto_params; 1153 1154 uint16_t kid = *(uint16_t *)arg; 1155 1156 peer = (struct wlan_objmgr_peer *)object; 1157 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1158 if (!crypto_priv) { 1159 crypto_err("crypto_priv NULL"); 1160 return; 1161 } 1162 crypto_priv->def_tx_keyid = kid; 1163 } 1164 1165 qdf_export_symbol(store_def_keyix_peer); 1166 1167 /** 1168 * wlan_crypto_get_keytype - get keytype 1169 * @key: key 1170 * 1171 * This function gets keytype from key 1172 * 1173 * Return: keytype 1174 */ 1175 wlan_crypto_cipher_type wlan_crypto_get_key_type( 1176 struct wlan_crypto_key *key){ 1177 if (key && key->cipher_table) { 1178 return ((struct wlan_crypto_cipher *) 1179 (key->cipher_table))->cipher; 1180 } 1181 return WLAN_CRYPTO_CIPHER_NONE; 1182 } 1183 qdf_export_symbol(wlan_crypto_get_key_type); 1184 /** 1185 * wlan_crypto_vdev_getkey - get key from vdev 1186 * @vdev: vdev 1187 * @keyix: keyix 1188 * 1189 * This function gets key from vdev 1190 * 1191 * Return: key or NULL 1192 */ 1193 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 1194 uint16_t keyix){ 1195 struct wlan_crypto_comp_priv *crypto_priv; 1196 struct wlan_crypto_params *crypto_params; 1197 struct wlan_crypto_key *key = NULL; 1198 1199 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 1200 1201 if (!crypto_priv) { 1202 crypto_err("crypto_priv NULL"); 1203 return NULL; 1204 } 1205 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1206 * we return the default key, for all other keyix we return the 1207 * key accordingly. 1208 */ 1209 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) || 1210 !is_valid_keyix(keyix)) 1211 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1212 else if (is_bigtk(keyix)) 1213 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1214 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1215 else if (is_igtk(keyix)) 1216 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1217 else 1218 key = crypto_priv->key[keyix]; 1219 1220 if (key && key->valid) 1221 return key; 1222 1223 return NULL; 1224 } 1225 qdf_export_symbol(wlan_crypto_vdev_getkey); 1226 1227 /** 1228 * wlan_crypto_peer_getkey - get key from peer 1229 * @peer: peer 1230 * @keyix: keyix 1231 * 1232 * This function gets key from peer 1233 * 1234 * Return: key or NULL 1235 */ 1236 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 1237 uint16_t keyix){ 1238 struct wlan_crypto_comp_priv *crypto_priv; 1239 struct wlan_crypto_params *crypto_params; 1240 struct wlan_crypto_key *key = NULL; 1241 1242 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 1243 1244 if (!crypto_priv) { 1245 crypto_err("crypto_priv NULL"); 1246 return NULL; 1247 } 1248 1249 /* for keyix 4,5 we return the igtk keys for keyix more than 5 1250 * we return the default key, for all other keyix we return the 1251 * key accordingly. 1252 */ 1253 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 1254 !is_valid_keyix(keyix)) 1255 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1256 else if (is_bigtk(keyix)) 1257 key = crypto_priv->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX 1258 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 1259 else if (is_igtk(keyix)) 1260 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 1261 else 1262 key = crypto_priv->key[keyix]; 1263 1264 if (key && key->valid) 1265 return key; 1266 1267 return NULL; 1268 } 1269 qdf_export_symbol(wlan_crypto_peer_getkey); 1270 1271 /** 1272 * wlan_crypto_getkey - called by ucfg to get key 1273 * @vdev: vdev 1274 * @req_key: key value will be copied in this req_key 1275 * @mac_address: mac address of the peer for unicast key 1276 * or broadcast address if group key is requested. 1277 * 1278 * This function gets called from ucfg to get key 1279 * 1280 * Return: QDF_STATUS_SUCCESS - in case of success 1281 */ 1282 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 1283 struct wlan_crypto_req_key *req_key, 1284 uint8_t *mac_addr){ 1285 struct wlan_crypto_cipher *cipher_table; 1286 struct wlan_crypto_key *key; 1287 struct wlan_objmgr_psoc *psoc; 1288 struct wlan_lmac_if_tx_ops *tx_ops; 1289 struct wlan_lmac_if_rx_ops *rx_ops; 1290 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 1291 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 1292 QDF_STATUS status = QDF_STATUS_E_INVAL; 1293 struct wlan_objmgr_peer *peer = NULL; 1294 uint8_t pdev_id; 1295 uint16_t get_pn_enable; 1296 1297 if (!req_key) { 1298 crypto_err("req_key NULL"); 1299 return QDF_STATUS_E_INVAL; 1300 } 1301 1302 get_pn_enable = req_key->flags & WLAN_CRYPTO_KEY_GET_PN; 1303 1304 wlan_vdev_obj_lock(vdev); 1305 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 1306 QDF_MAC_ADDR_SIZE); 1307 psoc = wlan_vdev_get_psoc(vdev); 1308 if (!psoc) { 1309 wlan_vdev_obj_unlock(vdev); 1310 crypto_err("psoc NULL"); 1311 return QDF_STATUS_E_INVAL; 1312 } 1313 wlan_vdev_obj_unlock(vdev); 1314 1315 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1316 if (!tx_ops) { 1317 crypto_err("tx_ops is NULL"); 1318 return QDF_STATUS_E_INVAL; 1319 } 1320 1321 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 1322 if (!rx_ops) { 1323 crypto_err("rx_ops is NULL"); 1324 return QDF_STATUS_E_INVAL; 1325 } 1326 1327 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1328 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 1329 if (!key) 1330 return QDF_STATUS_E_INVAL; 1331 } else { 1332 1333 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1334 wlan_vdev_get_pdev(vdev)); 1335 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1336 psoc, 1337 pdev_id, 1338 macaddr, 1339 mac_addr, 1340 WLAN_CRYPTO_ID); 1341 if (!peer) { 1342 crypto_err("peer NULL"); 1343 return QDF_STATUS_E_NOENT; 1344 } 1345 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 1346 1347 if (!key) { 1348 crypto_err("Key is NULL"); 1349 status = QDF_STATUS_E_INVAL; 1350 goto err; 1351 } 1352 } 1353 1354 if (key->valid) { 1355 qdf_mem_copy(req_key->keydata, 1356 key->keyval, key->keylen); 1357 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 1358 (uint8_t *)(&key->keytsc), 1359 sizeof(req_key->keytsc)); 1360 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 1361 (uint8_t *)(&key->keyrsc[0]), 1362 sizeof(req_key->keyrsc)); 1363 req_key->keylen = key->keylen; 1364 req_key->keyix = key->keyix; 1365 req_key->flags = key->flags; 1366 1367 if (is_igtk(req_key->keyix) || is_bigtk(req_key->keyix)) { 1368 req_key->type = key->cipher_type; 1369 } else { 1370 cipher_table = key->cipher_table; 1371 1372 if (!cipher_table) { 1373 status = QDF_STATUS_SUCCESS; 1374 goto err; 1375 } 1376 1377 req_key->type = cipher_table->cipher; 1378 } 1379 1380 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 1381 qdf_mem_copy((uint8_t *)(&req_key->txiv), 1382 (uint8_t *)(key->txiv), 1383 sizeof(req_key->txiv)); 1384 qdf_mem_copy((uint8_t *)(&req_key->recviv), 1385 (uint8_t *)(key->recviv), 1386 sizeof(req_key->recviv)); 1387 } 1388 1389 if (get_pn_enable) { 1390 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)) 1391 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev, mac_addr, 1392 req_key->type); 1393 if (WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)) 1394 WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)( 1395 vdev, mac_addr, req_key->keyix); 1396 } 1397 } 1398 status = QDF_STATUS_SUCCESS; 1399 1400 err: 1401 if (peer) 1402 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1403 1404 return status; 1405 } 1406 1407 /** 1408 * wlan_crypto_delkey - called by ucfg to delete key 1409 * @vdev: vdev 1410 * @mac_address: mac address of the peer for unicast key 1411 * or broadcast address if group key is deleted. 1412 * @key_idx: key index to be deleted 1413 * 1414 * This function gets called from ucfg to delete key 1415 * 1416 * Return: QDF_STATUS_SUCCESS - in case of success 1417 */ 1418 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1419 uint8_t *macaddr, 1420 uint8_t key_idx){ 1421 struct wlan_crypto_comp_priv *crypto_priv; 1422 struct wlan_crypto_params *crypto_params; 1423 struct wlan_crypto_key *key; 1424 struct wlan_crypto_cipher *cipher_table; 1425 struct wlan_objmgr_psoc *psoc; 1426 struct wlan_lmac_if_tx_ops *tx_ops; 1427 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1428 struct wlan_objmgr_peer *peer = NULL; 1429 QDF_STATUS ret = QDF_STATUS_SUCCESS; 1430 1431 if (!vdev || !macaddr || 1432 !is_valid_keyix(key_idx)) { 1433 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1434 vdev, macaddr, key_idx); 1435 return QDF_STATUS_E_INVAL; 1436 } 1437 1438 wlan_vdev_obj_lock(vdev); 1439 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1440 QDF_MAC_ADDR_SIZE); 1441 psoc = wlan_vdev_get_psoc(vdev); 1442 if (!psoc) { 1443 wlan_vdev_obj_unlock(vdev); 1444 crypto_err("psoc NULL"); 1445 return QDF_STATUS_E_INVAL; 1446 } 1447 wlan_vdev_obj_unlock(vdev); 1448 1449 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1450 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1451 &crypto_priv); 1452 if (!crypto_priv) { 1453 crypto_err("crypto_priv NULL"); 1454 return QDF_STATUS_E_INVAL; 1455 } 1456 } else { 1457 uint8_t pdev_id; 1458 1459 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1460 wlan_vdev_get_pdev(vdev)); 1461 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1462 psoc, pdev_id, 1463 bssid_mac, 1464 macaddr, 1465 WLAN_CRYPTO_ID); 1466 if (!peer) { 1467 return QDF_STATUS_E_INVAL; 1468 } 1469 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1470 &crypto_priv); 1471 if (!crypto_priv) { 1472 crypto_err("crypto_priv NULL"); 1473 ret = QDF_STATUS_E_INVAL; 1474 goto ret_rel_ref; 1475 } 1476 } 1477 1478 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1479 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1480 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX; 1481 1482 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) { 1483 crypto_err("igtk/bigtk key invalid keyid %d", key_idx); 1484 ret = QDF_STATUS_E_INVAL; 1485 goto ret_rel_ref; 1486 } 1487 if (is_igtk(key_idx)) { 1488 key = crypto_priv->igtk_key[igtk_idx]; 1489 crypto_priv->igtk_key[igtk_idx] = NULL; 1490 } else { 1491 key = crypto_priv->bigtk_key[bigtk_idx]; 1492 crypto_priv->bigtk_key[bigtk_idx] = NULL; 1493 } 1494 if (key) 1495 key->valid = 0; 1496 } else { 1497 key = crypto_priv->key[key_idx]; 1498 crypto_priv->key[key_idx] = NULL; 1499 } 1500 1501 if (!key) { 1502 ret = QDF_STATUS_E_INVAL; 1503 goto ret_rel_ref; 1504 } 1505 1506 if (key->valid) { 1507 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1508 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1509 1510 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1511 if (!tx_ops) { 1512 crypto_err("tx_ops is NULL"); 1513 ret = QDF_STATUS_E_INVAL; 1514 goto ret_rel_ref; 1515 } 1516 1517 if (!IS_FILS_CIPHER(cipher_table->cipher) && 1518 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) { 1519 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr, 1520 cipher_table->cipher); 1521 } else if (IS_FILS_CIPHER(cipher_table->cipher)) { 1522 if (key->private) 1523 qdf_mem_free(key->private); 1524 } 1525 } 1526 1527 /* Zero-out local key variables */ 1528 qdf_mem_zero(key, sizeof(struct wlan_crypto_key)); 1529 qdf_mem_free(key); 1530 key = NULL; 1531 1532 ret_rel_ref: 1533 if (peer) 1534 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1535 1536 return ret; 1537 } 1538 1539 #ifdef CRYPTO_SET_KEY_CONVERGED 1540 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1541 uint8_t key_idx, uint8_t *macaddr) 1542 { 1543 return QDF_STATUS_SUCCESS; 1544 } 1545 #else 1546 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1547 uint8_t key_idx, uint8_t *macaddr) 1548 { 1549 struct wlan_objmgr_psoc *psoc; 1550 struct wlan_lmac_if_tx_ops *tx_ops; 1551 1552 psoc = wlan_vdev_get_psoc(vdev); 1553 if (!psoc) { 1554 crypto_err("psoc is NULL"); 1555 return QDF_STATUS_E_INVAL; 1556 } 1557 1558 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 1559 if (!tx_ops) { 1560 crypto_err("tx_ops is NULL"); 1561 return QDF_STATUS_E_INVAL; 1562 } 1563 1564 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)) 1565 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr); 1566 1567 return QDF_STATUS_SUCCESS; 1568 } 1569 #endif 1570 1571 /** 1572 * wlan_crypto_default_key - called by ucfg to set default tx key 1573 * @vdev: vdev 1574 * @mac_address: mac address of the peer for unicast key 1575 * or broadcast address if group key need to made default. 1576 * @key_idx: key index to be made as default key 1577 * @unicast: is key was unicast or group key. 1578 * 1579 * This function gets called from ucfg to set default key 1580 * 1581 * Return: QDF_STATUS_SUCCESS - in case of success 1582 */ 1583 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1584 uint8_t *macaddr, 1585 uint8_t key_idx, 1586 bool unicast){ 1587 struct wlan_crypto_comp_priv *crypto_priv; 1588 struct wlan_crypto_params *crypto_params; 1589 struct wlan_crypto_key *key; 1590 struct wlan_objmgr_psoc *psoc; 1591 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1592 1593 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1594 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1595 vdev, macaddr, key_idx); 1596 return QDF_STATUS_E_INVAL; 1597 } 1598 1599 wlan_vdev_obj_lock(vdev); 1600 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1601 QDF_MAC_ADDR_SIZE); 1602 psoc = wlan_vdev_get_psoc(vdev); 1603 if (!psoc) { 1604 wlan_vdev_obj_unlock(vdev); 1605 crypto_err("psoc NULL"); 1606 return QDF_STATUS_E_INVAL; 1607 } 1608 wlan_vdev_obj_unlock(vdev); 1609 1610 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1611 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1612 &crypto_priv); 1613 if (!crypto_priv) { 1614 crypto_err("crypto_priv NULL"); 1615 return QDF_STATUS_E_INVAL; 1616 } 1617 1618 key = crypto_priv->key[key_idx]; 1619 if (!key) 1620 return QDF_STATUS_E_INVAL; 1621 } else { 1622 struct wlan_objmgr_peer *peer; 1623 uint8_t pdev_id; 1624 1625 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1626 wlan_vdev_get_pdev(vdev)); 1627 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1628 psoc, pdev_id, 1629 bssid_mac, 1630 macaddr, 1631 WLAN_CRYPTO_ID); 1632 1633 if (!peer) { 1634 crypto_err("peer NULL"); 1635 return QDF_STATUS_E_INVAL; 1636 } 1637 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1638 &crypto_priv); 1639 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1640 if (!crypto_priv) { 1641 crypto_err("crypto_priv NULL"); 1642 return QDF_STATUS_E_INVAL; 1643 } 1644 1645 key = crypto_priv->key[key_idx]; 1646 if (!key) 1647 return QDF_STATUS_E_INVAL; 1648 } 1649 if (!key->valid) 1650 return QDF_STATUS_E_INVAL; 1651 1652 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1653 QDF_STATUS_SUCCESS) 1654 return QDF_STATUS_E_INVAL; 1655 crypto_priv->def_tx_keyid = key_idx; 1656 1657 return QDF_STATUS_SUCCESS; 1658 } 1659 1660 /** 1661 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1662 * @vdev: vdev 1663 * @wbuf: wbuf 1664 * @macaddr: macaddr 1665 * @encapdone: is encapdone already or not. 1666 * 1667 * This function gets called from mgmt txrx to encap frame. 1668 * 1669 * Return: QDF_STATUS_SUCCESS - in case of success 1670 */ 1671 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1672 qdf_nbuf_t wbuf, 1673 uint8_t *mac_addr, 1674 uint8_t encapdone){ 1675 struct wlan_crypto_comp_priv *crypto_priv; 1676 struct wlan_crypto_params *crypto_params; 1677 struct wlan_crypto_key *key; 1678 QDF_STATUS status; 1679 struct wlan_crypto_cipher *cipher_table; 1680 struct wlan_objmgr_psoc *psoc; 1681 struct wlan_objmgr_peer *peer; 1682 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1683 uint8_t pdev_id; 1684 uint8_t hdrlen; 1685 enum QDF_OPMODE opmode; 1686 1687 opmode = wlan_vdev_mlme_get_opmode(vdev); 1688 wlan_vdev_obj_lock(vdev); 1689 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1690 QDF_MAC_ADDR_SIZE); 1691 psoc = wlan_vdev_get_psoc(vdev); 1692 if (!psoc) { 1693 wlan_vdev_obj_unlock(vdev); 1694 crypto_err("psoc NULL"); 1695 return QDF_STATUS_E_INVAL; 1696 } 1697 wlan_vdev_obj_unlock(vdev); 1698 1699 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1700 /* FILS Encap required only for (Re-)Assoc response */ 1701 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1702 1703 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1704 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1705 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1706 return QDF_STATUS_E_INVAL; 1707 } 1708 1709 if (peer) 1710 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1711 peer = NULL; 1712 1713 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1714 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1715 &crypto_priv); 1716 if (!crypto_priv) { 1717 crypto_err("crypto_priv NULL"); 1718 return QDF_STATUS_E_INVAL; 1719 } 1720 1721 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1722 if (!key) 1723 return QDF_STATUS_E_INVAL; 1724 1725 } else { 1726 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1727 bssid_mac, mac_addr, 1728 WLAN_CRYPTO_ID); 1729 if (!peer) { 1730 crypto_err("crypto_priv NULL"); 1731 return QDF_STATUS_E_INVAL; 1732 } 1733 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1734 &crypto_priv); 1735 1736 if (!crypto_priv) { 1737 crypto_err("crypto_priv NULL"); 1738 status = QDF_STATUS_E_INVAL; 1739 goto err; 1740 } 1741 1742 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1743 if (!key) { 1744 crypto_err("Key is NULL"); 1745 status = QDF_STATUS_E_INVAL; 1746 goto err; 1747 } 1748 } 1749 if (opmode == QDF_MONITOR_MODE) 1750 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1751 else 1752 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1753 (uint8_t *)qdf_nbuf_data(wbuf)); 1754 1755 /* if tkip, is counter measures enabled, then drop the frame */ 1756 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1757 status = cipher_table->encap(key, wbuf, encapdone, 1758 hdrlen); 1759 1760 err: 1761 if (peer) 1762 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1763 1764 return status; 1765 } 1766 qdf_export_symbol(wlan_crypto_encap); 1767 1768 /** 1769 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1770 * @vdev: vdev 1771 * @wbuf: wbuf 1772 * @macaddr: macaddr 1773 * @tid: tid of the frame 1774 * 1775 * This function gets called from mgmt txrx to decap frame. 1776 * 1777 * Return: QDF_STATUS_SUCCESS - in case of success 1778 */ 1779 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1780 qdf_nbuf_t wbuf, 1781 uint8_t *mac_addr, 1782 uint8_t tid){ 1783 struct wlan_crypto_comp_priv *crypto_priv; 1784 struct wlan_crypto_params *crypto_params; 1785 struct wlan_crypto_key *key; 1786 QDF_STATUS status; 1787 struct wlan_crypto_cipher *cipher_table; 1788 struct wlan_objmgr_psoc *psoc; 1789 struct wlan_objmgr_peer *peer; 1790 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1791 uint8_t keyid; 1792 uint8_t pdev_id; 1793 uint8_t hdrlen; 1794 enum QDF_OPMODE opmode; 1795 1796 opmode = wlan_vdev_mlme_get_opmode(vdev); 1797 wlan_vdev_obj_lock(vdev); 1798 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1799 QDF_MAC_ADDR_SIZE); 1800 psoc = wlan_vdev_get_psoc(vdev); 1801 if (!psoc) { 1802 wlan_vdev_obj_unlock(vdev); 1803 crypto_err("psoc NULL"); 1804 return QDF_STATUS_E_INVAL; 1805 } 1806 wlan_vdev_obj_unlock(vdev); 1807 1808 if (opmode == QDF_MONITOR_MODE) 1809 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1810 else 1811 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1812 (uint8_t *)qdf_nbuf_data(wbuf)); 1813 1814 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1815 1816 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1817 return QDF_STATUS_E_INVAL; 1818 1819 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1820 /* FILS Decap required only for (Re-)Assoc request */ 1821 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1822 1823 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1824 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1825 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1826 return QDF_STATUS_E_INVAL; 1827 } 1828 1829 if (peer) 1830 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1831 peer = NULL; 1832 1833 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1834 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1835 &crypto_priv); 1836 if (!crypto_priv) { 1837 crypto_err("crypto_priv NULL"); 1838 return QDF_STATUS_E_INVAL; 1839 } 1840 1841 key = crypto_priv->key[keyid]; 1842 if (!key) 1843 return QDF_STATUS_E_INVAL; 1844 } else { 1845 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1846 psoc, pdev_id, bssid_mac, 1847 mac_addr, WLAN_CRYPTO_ID); 1848 if (!peer) { 1849 crypto_err("peer NULL"); 1850 return QDF_STATUS_E_INVAL; 1851 } 1852 1853 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1854 &crypto_priv); 1855 1856 if (!crypto_priv) { 1857 crypto_err("crypto_priv NULL"); 1858 status = QDF_STATUS_E_INVAL; 1859 goto err; 1860 } 1861 1862 key = crypto_priv->key[keyid]; 1863 if (!key) { 1864 crypto_err("Key is NULL"); 1865 status = QDF_STATUS_E_INVAL; 1866 goto err; 1867 } 1868 } 1869 1870 if (!key->valid || !key->cipher_table) { 1871 status = QDF_STATUS_E_INVAL; 1872 goto err; 1873 } 1874 1875 /* if tkip, is counter measures enabled, then drop the frame */ 1876 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1877 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1878 1879 err: 1880 if (peer) 1881 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1882 1883 return status; 1884 } 1885 qdf_export_symbol(wlan_crypto_decap); 1886 /** 1887 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1888 * @vdev: vdev 1889 * @wbuf: wbuf 1890 * @macaddr: macaddr 1891 * @encapdone: is encapdone already or not. 1892 * 1893 * This function gets called from mgmt txrx to adding mic to the frame. 1894 * 1895 * Return: QDF_STATUS_SUCCESS - in case of success 1896 */ 1897 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1898 qdf_nbuf_t wbuf, 1899 uint8_t *mac_addr, 1900 uint8_t encapdone){ 1901 struct wlan_crypto_comp_priv *crypto_priv; 1902 struct wlan_crypto_params *crypto_params; 1903 struct wlan_crypto_key *key; 1904 QDF_STATUS status; 1905 struct wlan_crypto_cipher *cipher_table; 1906 struct wlan_objmgr_psoc *psoc; 1907 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1908 uint8_t hdrlen; 1909 enum QDF_OPMODE opmode; 1910 1911 opmode = wlan_vdev_mlme_get_opmode(vdev); 1912 1913 1914 wlan_vdev_obj_lock(vdev); 1915 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1916 QDF_MAC_ADDR_SIZE); 1917 psoc = wlan_vdev_get_psoc(vdev); 1918 if (!psoc) { 1919 wlan_vdev_obj_unlock(vdev); 1920 crypto_err("psoc NULL"); 1921 return QDF_STATUS_E_INVAL; 1922 } 1923 wlan_vdev_obj_unlock(vdev); 1924 1925 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1926 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1927 &crypto_priv); 1928 if (!crypto_priv) { 1929 crypto_err("crypto_priv NULL"); 1930 return QDF_STATUS_E_INVAL; 1931 } 1932 1933 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1934 if (!key) 1935 return QDF_STATUS_E_INVAL; 1936 1937 } else { 1938 struct wlan_objmgr_peer *peer; 1939 uint8_t pdev_id; 1940 1941 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1942 wlan_vdev_get_pdev(vdev)); 1943 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1944 psoc, pdev_id, bssid_mac, 1945 mac_addr, WLAN_CRYPTO_ID); 1946 if (!peer) { 1947 crypto_err("crypto_priv NULL"); 1948 return QDF_STATUS_E_INVAL; 1949 } 1950 1951 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1952 &crypto_priv); 1953 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1954 1955 if (!crypto_priv) { 1956 crypto_err("crypto_priv NULL"); 1957 return QDF_STATUS_E_INVAL; 1958 } 1959 1960 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1961 if (!key) 1962 return QDF_STATUS_E_INVAL; 1963 } 1964 if (opmode == QDF_MONITOR_MODE) 1965 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1966 else 1967 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1968 (uint8_t *)qdf_nbuf_data(wbuf)); 1969 1970 /* if tkip, is counter measures enabled, then drop the frame */ 1971 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1972 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1973 1974 return status; 1975 } 1976 1977 /** 1978 * wlan_crypto_demic - called by mgmt for remove and check mic for 1979 * the frame based on cipher 1980 * @vdev: vdev 1981 * @wbuf: wbuf 1982 * @macaddr: macaddr 1983 * @tid: tid of the frame 1984 * @keyid: keyid in the received frame 1985 * This function gets called from mgmt txrx to decap frame. 1986 * 1987 * Return: QDF_STATUS_SUCCESS - in case of success 1988 */ 1989 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1990 qdf_nbuf_t wbuf, 1991 uint8_t *mac_addr, 1992 uint8_t tid, 1993 uint8_t keyid){ 1994 struct wlan_crypto_comp_priv *crypto_priv; 1995 struct wlan_crypto_params *crypto_params; 1996 struct wlan_crypto_key *key; 1997 QDF_STATUS status; 1998 struct wlan_crypto_cipher *cipher_table; 1999 struct wlan_objmgr_psoc *psoc; 2000 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 2001 uint8_t hdrlen; 2002 enum QDF_OPMODE opmode; 2003 2004 opmode = wlan_vdev_mlme_get_opmode(vdev); 2005 2006 if (opmode == QDF_MONITOR_MODE) 2007 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 2008 else 2009 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 2010 (uint8_t *)qdf_nbuf_data(wbuf)); 2011 2012 wlan_vdev_obj_lock(vdev); 2013 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 2014 QDF_MAC_ADDR_SIZE); 2015 psoc = wlan_vdev_get_psoc(vdev); 2016 if (!psoc) { 2017 wlan_vdev_obj_unlock(vdev); 2018 crypto_err("psoc NULL"); 2019 return QDF_STATUS_E_INVAL; 2020 } 2021 wlan_vdev_obj_unlock(vdev); 2022 2023 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 2024 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2025 &crypto_priv); 2026 if (!crypto_priv) { 2027 crypto_err("crypto_priv NULL"); 2028 return QDF_STATUS_E_INVAL; 2029 } 2030 2031 key = crypto_priv->key[keyid]; 2032 if (!key) 2033 return QDF_STATUS_E_INVAL; 2034 2035 } else { 2036 struct wlan_objmgr_peer *peer; 2037 uint8_t pdev_id; 2038 2039 pdev_id = wlan_objmgr_pdev_get_pdev_id( 2040 wlan_vdev_get_pdev(vdev)); 2041 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 2042 psoc, pdev_id, bssid_mac, 2043 mac_addr, WLAN_CRYPTO_ID); 2044 if (!peer) { 2045 crypto_err("peer NULL"); 2046 return QDF_STATUS_E_INVAL; 2047 } 2048 2049 crypto_params = wlan_crypto_peer_get_comp_params(peer, 2050 &crypto_priv); 2051 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 2052 2053 if (!crypto_priv) { 2054 crypto_err("crypto_priv NULL"); 2055 return QDF_STATUS_E_INVAL; 2056 } 2057 2058 key = crypto_priv->key[keyid]; 2059 if (!key) 2060 return QDF_STATUS_E_INVAL; 2061 } 2062 /* if tkip, is counter measures enabled, then drop the frame */ 2063 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 2064 status = cipher_table->demic(key, wbuf, tid, hdrlen); 2065 2066 return status; 2067 } 2068 2069 /** 2070 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 2071 * @vdev: vdev 2072 * 2073 * This function gets called to check is pmf enabled or not in vdev. 2074 * 2075 * Return: true or false 2076 */ 2077 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 2078 { 2079 2080 struct wlan_crypto_comp_priv *crypto_priv; 2081 struct wlan_crypto_params *vdev_crypto_params; 2082 2083 if (!vdev) 2084 return false; 2085 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2086 &crypto_priv); 2087 if (!crypto_priv) { 2088 crypto_err("crypto_priv NULL"); 2089 return false; 2090 } 2091 2092 if ((vdev_crypto_params->rsn_caps & 2093 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 2094 || (vdev_crypto_params->rsn_caps & 2095 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2096 return true; 2097 } 2098 2099 return false; 2100 } 2101 2102 /** 2103 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 2104 * @vdev: vdev 2105 * 2106 * This function gets called to check is pmf required or not in vdev. 2107 * 2108 * Return: true or false 2109 */ 2110 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 2111 { 2112 struct wlan_crypto_comp_priv *crypto_priv; 2113 struct wlan_crypto_params *vdev_crypto_params; 2114 2115 if (!vdev) 2116 return false; 2117 2118 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2119 &crypto_priv); 2120 if (!crypto_priv) { 2121 crypto_err("crypto_priv NULL"); 2122 return false; 2123 } 2124 2125 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 2126 return true; 2127 2128 return false; 2129 } 2130 2131 /** 2132 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 2133 * @vdev: vdev 2134 * @peer: peer 2135 * 2136 * This function gets called by mgmt txrx to check is pmf enabled or not. 2137 * 2138 * Return: true or false 2139 */ 2140 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 2141 struct wlan_objmgr_peer *peer){ 2142 2143 struct wlan_crypto_comp_priv *crypto_priv; 2144 struct wlan_crypto_params *vdev_crypto_params; 2145 struct wlan_crypto_params *peer_crypto_params; 2146 2147 if (!vdev || !peer) 2148 return false; 2149 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2150 &crypto_priv); 2151 if (!crypto_priv) { 2152 crypto_err("crypto_priv NULL"); 2153 return false; 2154 } 2155 2156 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 2157 &crypto_priv); 2158 if (!crypto_priv) { 2159 crypto_err("crypto_priv NULL"); 2160 return false; 2161 } 2162 if (((vdev_crypto_params->rsn_caps & 2163 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 2164 (peer_crypto_params->rsn_caps & 2165 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 2166 || (vdev_crypto_params->rsn_caps & 2167 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2168 return true; 2169 } 2170 2171 return false; 2172 } 2173 2174 /** 2175 * wlan_crypto_is_key_valid - called by mgmt txrx to check if key is valid 2176 * @vdev: vdev 2177 * @peer: peer 2178 * @keyidx : key index 2179 * 2180 * This function gets called by mgmt txrx to check if key is valid 2181 * 2182 * Return: true or false 2183 */ 2184 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev, 2185 struct wlan_objmgr_peer *peer, 2186 uint16_t keyidx) 2187 { 2188 struct wlan_crypto_key *key = NULL; 2189 2190 if (!vdev && !peer) 2191 return false; 2192 2193 if (peer) 2194 key = wlan_crypto_peer_getkey(peer, keyidx); 2195 else if (vdev) 2196 key = wlan_crypto_vdev_getkey(vdev, keyidx); 2197 2198 if ((key) && key->valid) 2199 return true; 2200 2201 return false; 2202 } 2203 2204 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 2205 { 2206 a[0] = b[5]; 2207 a[1] = b[4]; 2208 a[2] = b[3]; 2209 a[3] = b[2]; 2210 a[4] = b[1]; 2211 a[5] = b[0]; 2212 } 2213 2214 /** 2215 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 2216 * @vdev: vdev 2217 * @bfrm: frame starting pointer 2218 * @len: length of the frame 2219 * 2220 * This function gets called by mgmt txrx to add mmie in frame 2221 * 2222 * Return: end of frame or NULL in case failure 2223 */ 2224 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 2225 uint8_t *bfrm, 2226 uint32_t len) { 2227 struct wlan_crypto_key *key; 2228 struct wlan_crypto_mmie *mmie; 2229 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 2230 struct wlan_frame_hdr *hdr; 2231 uint32_t i, hdrlen, mic_len, aad_len; 2232 uint8_t mic[16]; 2233 struct wlan_crypto_comp_priv *crypto_priv; 2234 struct wlan_crypto_params *crypto_params; 2235 int32_t ret = -1; 2236 2237 if (!bfrm) { 2238 crypto_err("frame is NULL"); 2239 return NULL; 2240 } 2241 2242 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2243 &crypto_priv); 2244 if (!crypto_priv) { 2245 crypto_err("crypto_priv NULL"); 2246 return NULL; 2247 } 2248 2249 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 2250 crypto_err("igtk key invalid keyid %d", 2251 crypto_priv->def_igtk_tx_keyid); 2252 return NULL; 2253 } 2254 2255 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 2256 if (!key) { 2257 crypto_err("No igtk key present"); 2258 return NULL; 2259 } 2260 mic_len = (crypto_priv->igtk_key_type 2261 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2262 2263 efrm = bfrm + len; 2264 aad_len = 20; 2265 hdrlen = sizeof(struct wlan_frame_hdr); 2266 len += sizeof(struct wlan_crypto_mmie); 2267 2268 mmie = (struct wlan_crypto_mmie *) efrm; 2269 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 2270 mmie->element_id = WLAN_ELEMID_MMIE; 2271 mmie->length = sizeof(*mmie) - 2; 2272 mmie->key_id = qdf_cpu_to_le16(key->keyix); 2273 2274 mic_len = (crypto_priv->igtk_key_type 2275 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2276 if (mic_len == 8) { 2277 mmie->length -= 8; 2278 len -= 8; 2279 } 2280 /* PN = PN + 1 */ 2281 pn = (uint8_t *)&key->keytsc; 2282 2283 for (i = 0; i <= 5; i++) { 2284 pn[i]++; 2285 if (pn[i]) 2286 break; 2287 } 2288 2289 /* Copy IPN */ 2290 qdf_mem_copy(mmie->sequence_number, pn, 6); 2291 2292 hdr = (struct wlan_frame_hdr *) bfrm; 2293 2294 buf = qdf_mem_malloc(len - hdrlen + 20); 2295 if (!buf) 2296 return NULL; 2297 2298 qdf_mem_zero(buf, len - hdrlen + 20); 2299 aad = buf; 2300 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2301 2302 /* FC type/subtype */ 2303 aad[0] = hdr->i_fc[0]; 2304 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2305 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2306 | WLAN_FC1_MOREDATA)); 2307 /* A1 || A2 || A3 */ 2308 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 2309 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2310 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 2311 qdf_mem_zero(mic, 16); 2312 2313 /* 2314 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2315 */ 2316 2317 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 2318 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2319 2320 ret = omac1_aes_128(key->keyval, buf, 2321 len + aad_len - hdrlen, mic); 2322 qdf_mem_copy(mmie->mic, mic, 8); 2323 2324 } else if (crypto_priv->igtk_key_type 2325 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2326 2327 ret = omac1_aes_256(key->keyval, buf, 2328 len + aad_len - hdrlen, mmie->mic); 2329 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2330 || (crypto_priv->igtk_key_type 2331 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2332 2333 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2334 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 2335 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2336 sizeof(nounce), buf, 2337 len + aad_len - hdrlen, mmie->mic); 2338 } 2339 qdf_mem_free(buf); 2340 if (ret < 0) { 2341 crypto_err("add mmie failed"); 2342 return NULL; 2343 } 2344 2345 return bfrm + len; 2346 } 2347 2348 #define MAX_MIC_LEN 16 2349 /** 2350 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 2351 * @vdev: vdev 2352 * @frm: frame starting pointer 2353 * @efrm: end of frame pointer 2354 * 2355 * This function gets called by mgmt txrx to check mmie of the frame 2356 * 2357 * Return: true or false 2358 */ 2359 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 2360 uint8_t *frm, 2361 uint8_t *efrm){ 2362 struct wlan_crypto_mmie *mmie = NULL; 2363 uint8_t *ipn, *aad, *buf, *mic, nounce[12]; 2364 struct wlan_crypto_key *key; 2365 struct wlan_frame_hdr *hdr; 2366 uint16_t mic_len, hdrlen, len; 2367 struct wlan_crypto_comp_priv *crypto_priv; 2368 struct wlan_crypto_params *crypto_params; 2369 uint8_t aad_len = 20; 2370 int32_t ret = -1; 2371 2372 /* check if frame is illegal length */ 2373 if (!frm || !efrm || (efrm < frm) 2374 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 2375 crypto_err("Invalid params"); 2376 return false; 2377 } 2378 len = efrm - frm; 2379 crypto_priv = (struct wlan_crypto_comp_priv *) 2380 wlan_get_vdev_crypto_obj(vdev); 2381 if (!crypto_priv) { 2382 crypto_err("crypto_priv NULL"); 2383 return false; 2384 } 2385 2386 crypto_params = &(crypto_priv->crypto_params); 2387 2388 2389 mic_len = (crypto_priv->igtk_key_type 2390 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 2391 hdrlen = sizeof(struct wlan_frame_hdr); 2392 2393 if (mic_len == 8) 2394 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 2395 else 2396 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 2397 2398 2399 /* check Elem ID*/ 2400 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 2401 crypto_err("IE is not MMIE"); 2402 return false; 2403 } 2404 2405 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 2406 WLAN_CRYPTO_MAXIGTKKEYIDX) || 2407 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 2408 crypto_err("keyid not valid"); 2409 return false; 2410 } 2411 2412 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 2413 if (!key) { 2414 crypto_err("No igtk key present"); 2415 return false; 2416 } 2417 2418 /* validate ipn */ 2419 ipn = mmie->sequence_number; 2420 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 2421 uint8_t *su = (uint8_t *)key->keyrsc; 2422 uint8_t *end = ipn + 6; 2423 struct wlan_objmgr_peer *peer = wlan_vdev_get_selfpeer(vdev); 2424 2425 crypto_err("replay error :"); 2426 while (ipn < end) { 2427 crypto_err("expected pn = %x received pn = %x", 2428 *ipn++, *su++); 2429 } 2430 wlan_cp_stats_vdev_ucast_rx_pnerr(vdev); 2431 wlan_cp_stats_peer_rx_pnerr(peer); 2432 return false; 2433 } 2434 2435 buf = qdf_mem_malloc(len - hdrlen + 20); 2436 if (!buf) 2437 return false; 2438 2439 aad = buf; 2440 2441 /* construct AAD */ 2442 hdr = (struct wlan_frame_hdr *)frm; 2443 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 2444 2445 /* FC type/subtype */ 2446 aad[0] = hdr->i_fc[0]; 2447 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 2448 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 2449 | WLAN_FC1_MOREDATA)); 2450 /* A1 || A2 || A3 */ 2451 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 2452 2453 /* 2454 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 2455 */ 2456 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 2457 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 2458 mic = qdf_mem_malloc(MAX_MIC_LEN); 2459 if (!mic) { 2460 qdf_mem_free(buf); 2461 return false; 2462 } 2463 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 2464 ret = omac1_aes_128(key->keyval, buf, 2465 len - hdrlen + aad_len, mic); 2466 } else if (crypto_priv->igtk_key_type 2467 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 2468 ret = omac1_aes_256(key->keyval, buf, 2469 len + aad_len - hdrlen, mic); 2470 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 2471 || (crypto_priv->igtk_key_type 2472 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2473 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 2474 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 2475 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 2476 sizeof(nounce), buf, 2477 len + aad_len - hdrlen, mic); 2478 } 2479 2480 qdf_mem_free(buf); 2481 2482 if (ret < 0) { 2483 qdf_mem_free(mic); 2484 crypto_err("genarate mmie failed"); 2485 return false; 2486 } 2487 2488 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2489 qdf_mem_free(mic); 2490 crypto_err("mmie mismatch"); 2491 /* MMIE MIC mismatch */ 2492 return false; 2493 } 2494 2495 qdf_mem_free(mic); 2496 /* Update the receive sequence number */ 2497 qdf_mem_copy(key->keyrsc, ipn, 6); 2498 crypto_debug("mmie matched"); 2499 2500 return true; 2501 } 2502 2503 2504 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2505 { 2506 int32_t status = -1; 2507 2508 switch (cipher) { 2509 case WLAN_CRYPTO_CIPHER_TKIP: 2510 return WPA_CIPHER_SUITE_TKIP; 2511 case WLAN_CRYPTO_CIPHER_AES_CCM: 2512 return WPA_CIPHER_SUITE_CCMP; 2513 case WLAN_CRYPTO_CIPHER_NONE: 2514 return WPA_CIPHER_SUITE_NONE; 2515 } 2516 2517 return status; 2518 } 2519 2520 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2521 { 2522 int32_t status = -1; 2523 2524 switch (cipher) { 2525 case WLAN_CRYPTO_CIPHER_TKIP: 2526 return RSN_CIPHER_SUITE_TKIP; 2527 case WLAN_CRYPTO_CIPHER_AES_CCM: 2528 return RSN_CIPHER_SUITE_CCMP; 2529 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2530 return RSN_CIPHER_SUITE_CCMP_256; 2531 case WLAN_CRYPTO_CIPHER_AES_GCM: 2532 return RSN_CIPHER_SUITE_GCMP; 2533 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2534 return RSN_CIPHER_SUITE_GCMP_256; 2535 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2536 return RSN_CIPHER_SUITE_AES_CMAC; 2537 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2538 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2539 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2540 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2541 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2542 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2543 case WLAN_CRYPTO_CIPHER_NONE: 2544 return RSN_CIPHER_SUITE_NONE; 2545 } 2546 2547 return status; 2548 } 2549 2550 /* 2551 * Convert an RSN key management/authentication algorithm 2552 * to an internal code. 2553 */ 2554 static int32_t 2555 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2556 { 2557 int32_t status = -1; 2558 2559 switch (keymgmt) { 2560 case WLAN_CRYPTO_KEY_MGMT_NONE: 2561 return RSN_AUTH_KEY_MGMT_NONE; 2562 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2563 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2564 case WLAN_CRYPTO_KEY_MGMT_PSK: 2565 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2566 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2567 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2568 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2569 return RSN_AUTH_KEY_MGMT_FT_PSK; 2570 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2571 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2572 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2573 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2574 case WLAN_CRYPTO_KEY_MGMT_SAE: 2575 return RSN_AUTH_KEY_MGMT_SAE; 2576 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2577 return RSN_AUTH_KEY_MGMT_FT_SAE; 2578 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2579 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2580 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2581 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2582 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2583 return RSN_AUTH_KEY_MGMT_CCKM; 2584 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2585 return RSN_AUTH_KEY_MGMT_OSEN; 2586 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2587 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2588 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2589 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2590 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2591 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2592 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2593 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2594 case WLAN_CRYPTO_KEY_MGMT_OWE: 2595 return RSN_AUTH_KEY_MGMT_OWE; 2596 case WLAN_CRYPTO_KEY_MGMT_DPP: 2597 return RSN_AUTH_KEY_MGMT_DPP; 2598 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384: 2599 return RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384; 2600 } 2601 2602 return status; 2603 } 2604 2605 /* 2606 * Convert an RSN key management/authentication algorithm 2607 * to an internal code. 2608 */ 2609 static int32_t 2610 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2611 { 2612 int32_t status = -1; 2613 2614 switch (keymgmt) { 2615 case WLAN_CRYPTO_KEY_MGMT_NONE: 2616 return WPA_AUTH_KEY_MGMT_NONE; 2617 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2618 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2619 case WLAN_CRYPTO_KEY_MGMT_PSK: 2620 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2621 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2622 return WPA_AUTH_KEY_MGMT_CCKM; 2623 } 2624 2625 return status; 2626 } 2627 /** 2628 * Convert a WPA cipher selector OUI to an internal 2629 * cipher algorithm. Where appropriate we also 2630 * record any key length. 2631 */ 2632 static int32_t wlan_crypto_wpa_suite_to_cipher(const uint8_t *sel) 2633 { 2634 uint32_t w = LE_READ_4(sel); 2635 int32_t status = -1; 2636 2637 switch (w) { 2638 case WPA_CIPHER_SUITE_TKIP: 2639 return WLAN_CRYPTO_CIPHER_TKIP; 2640 case WPA_CIPHER_SUITE_CCMP: 2641 return WLAN_CRYPTO_CIPHER_AES_CCM; 2642 case WPA_CIPHER_SUITE_NONE: 2643 return WLAN_CRYPTO_CIPHER_NONE; 2644 } 2645 2646 return status; 2647 } 2648 2649 /* 2650 * Convert a WPA key management/authentication algorithm 2651 * to an internal code. 2652 */ 2653 static int32_t wlan_crypto_wpa_suite_to_keymgmt(const uint8_t *sel) 2654 { 2655 uint32_t w = LE_READ_4(sel); 2656 int32_t status = -1; 2657 2658 switch (w) { 2659 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2660 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2661 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2662 return WLAN_CRYPTO_KEY_MGMT_PSK; 2663 case WPA_AUTH_KEY_MGMT_CCKM: 2664 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2665 case WPA_AUTH_KEY_MGMT_NONE: 2666 return WLAN_CRYPTO_KEY_MGMT_NONE; 2667 } 2668 return status; 2669 } 2670 2671 /* 2672 * Convert a RSN cipher selector OUI to an internal 2673 * cipher algorithm. Where appropriate we also 2674 * record any key length. 2675 */ 2676 static int32_t wlan_crypto_rsn_suite_to_cipher(const uint8_t *sel) 2677 { 2678 uint32_t w = LE_READ_4(sel); 2679 int32_t status = -1; 2680 2681 switch (w) { 2682 case RSN_CIPHER_SUITE_TKIP: 2683 return WLAN_CRYPTO_CIPHER_TKIP; 2684 case RSN_CIPHER_SUITE_CCMP: 2685 return WLAN_CRYPTO_CIPHER_AES_CCM; 2686 case RSN_CIPHER_SUITE_CCMP_256: 2687 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2688 case RSN_CIPHER_SUITE_GCMP: 2689 return WLAN_CRYPTO_CIPHER_AES_GCM; 2690 case RSN_CIPHER_SUITE_GCMP_256: 2691 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2692 case RSN_CIPHER_SUITE_AES_CMAC: 2693 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2694 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2695 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2696 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2697 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2698 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2699 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2700 case RSN_CIPHER_SUITE_NONE: 2701 return WLAN_CRYPTO_CIPHER_NONE; 2702 } 2703 2704 return status; 2705 } 2706 /* 2707 * Convert an RSN key management/authentication algorithm 2708 * to an internal code. 2709 */ 2710 static int32_t wlan_crypto_rsn_suite_to_keymgmt(const uint8_t *sel) 2711 { 2712 uint32_t w = LE_READ_4(sel); 2713 int32_t status = -1; 2714 2715 switch (w) { 2716 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2717 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2718 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2719 return WLAN_CRYPTO_KEY_MGMT_PSK; 2720 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2721 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2722 case RSN_AUTH_KEY_MGMT_FT_PSK: 2723 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2724 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2725 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2726 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2727 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2728 case RSN_AUTH_KEY_MGMT_SAE: 2729 return WLAN_CRYPTO_KEY_MGMT_SAE; 2730 case RSN_AUTH_KEY_MGMT_FT_SAE: 2731 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2732 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2733 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2734 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2735 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2736 case RSN_AUTH_KEY_MGMT_CCKM: 2737 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2738 case RSN_AUTH_KEY_MGMT_OSEN: 2739 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2740 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2741 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2742 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2743 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2744 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2745 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2746 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2747 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2748 case RSN_AUTH_KEY_MGMT_OWE: 2749 return WLAN_CRYPTO_KEY_MGMT_OWE; 2750 case RSN_AUTH_KEY_MGMT_DPP: 2751 return WLAN_CRYPTO_KEY_MGMT_DPP; 2752 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384: 2753 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 2754 case RSN_AUTH_KEY_MGMT_FT_PSK_SHA384: 2755 return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384; 2756 case RSN_AUTH_KEY_MGMT_PSK_SHA384: 2757 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384; 2758 } 2759 2760 return status; 2761 } 2762 2763 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2764 const uint8_t *frm) 2765 { 2766 uint8_t len = frm[1]; 2767 int32_t w; 2768 int n; 2769 2770 /* 2771 * Check the length once for fixed parts: OUI, type, 2772 * version, mcast cipher, and 2 selector counts. 2773 * Other, variable-length data, must be checked separately. 2774 */ 2775 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2776 2777 if (len < 14) 2778 return QDF_STATUS_E_INVAL; 2779 2780 frm += 6, len -= 4; 2781 2782 w = LE_READ_2(frm); 2783 if (w != WPA_VERSION) 2784 return QDF_STATUS_E_INVAL; 2785 2786 frm += 2, len -= 2; 2787 2788 /* multicast/group cipher */ 2789 w = wlan_crypto_wpa_suite_to_cipher(frm); 2790 if (w < 0) 2791 return QDF_STATUS_E_INVAL; 2792 SET_MCAST_CIPHER(crypto_params, w); 2793 frm += 4, len -= 4; 2794 2795 /* unicast ciphers */ 2796 n = LE_READ_2(frm); 2797 frm += 2, len -= 2; 2798 if (len < n*4+2) 2799 return QDF_STATUS_E_INVAL; 2800 2801 for (; n > 0; n--) { 2802 w = wlan_crypto_wpa_suite_to_cipher(frm); 2803 if (w < 0) 2804 return QDF_STATUS_E_INVAL; 2805 SET_UCAST_CIPHER(crypto_params, w); 2806 frm += 4, len -= 4; 2807 } 2808 2809 if (!crypto_params->ucastcipherset) 2810 return QDF_STATUS_E_INVAL; 2811 2812 /* key management algorithms */ 2813 n = LE_READ_2(frm); 2814 frm += 2, len -= 2; 2815 if (len < n*4) 2816 return QDF_STATUS_E_INVAL; 2817 2818 w = 0; 2819 for (; n > 0; n--) { 2820 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2821 if (w < 0) 2822 return QDF_STATUS_E_INVAL; 2823 SET_KEY_MGMT(crypto_params, w); 2824 frm += 4, len -= 4; 2825 } 2826 2827 /* optional capabilities */ 2828 if (len >= 2) { 2829 crypto_params->rsn_caps = LE_READ_2(frm); 2830 frm += 2, len -= 2; 2831 } 2832 2833 return QDF_STATUS_SUCCESS; 2834 } 2835 2836 #ifdef WLAN_ADAPTIVE_11R 2837 /** 2838 * wlan_crypto_akm_list_in_order - store AMK list in order 2839 * @crypto_params: crypto param structure 2840 * @key_mgmt: key management 2841 * @akm_index: place at which AMK present in RSN IE of Beacon/Probe response 2842 * 2843 * Return: none 2844 */ 2845 static void 2846 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params, 2847 int32_t key_mgmt, int akm_index) 2848 { 2849 if (akm_index >= WLAN_CRYPTO_KEY_MGMT_MAX) { 2850 crypto_debug("Invalid AKM Index"); 2851 return; 2852 } 2853 2854 crypto_params->akm_list[akm_index].key_mgmt = key_mgmt; 2855 } 2856 #else 2857 static inline void 2858 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params, 2859 int32_t key_mgmt, int akm_index) 2860 { 2861 } 2862 #endif 2863 2864 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2865 const uint8_t *frm) 2866 { 2867 uint8_t len = frm[1]; 2868 int32_t w; 2869 int n, akm_index; 2870 2871 /* Check the length once for fixed parts: OUI, type & version */ 2872 if (len < 2) 2873 return QDF_STATUS_E_INVAL; 2874 2875 /* initialize crypto params */ 2876 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2877 2878 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2879 2880 frm += 2; 2881 /* NB: iswapoui already validated the OUI and type */ 2882 w = LE_READ_2(frm); 2883 if (w != RSN_VERSION) 2884 return QDF_STATUS_E_INVAL; 2885 2886 frm += 2, len -= 2; 2887 2888 if (!len) { 2889 /* set defaults */ 2890 /* default group cipher CCMP-128 */ 2891 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2892 /* default ucast cipher CCMP-128 */ 2893 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2894 /* default key mgmt 8021x */ 2895 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2896 return QDF_STATUS_SUCCESS; 2897 } else if (len < 4) { 2898 return QDF_STATUS_E_INVAL; 2899 } 2900 2901 /* multicast/group cipher */ 2902 w = wlan_crypto_rsn_suite_to_cipher(frm); 2903 if (w < 0) 2904 return QDF_STATUS_E_INVAL; 2905 else { 2906 SET_MCAST_CIPHER(crypto_params, w); 2907 frm += 4, len -= 4; 2908 } 2909 2910 if (crypto_params->mcastcipherset == 0) 2911 return QDF_STATUS_E_INVAL; 2912 2913 if (!len) { 2914 /* default ucast cipher CCMP-128 */ 2915 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2916 /* default key mgmt 8021x */ 2917 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2918 return QDF_STATUS_SUCCESS; 2919 } else if (len < 2) { 2920 return QDF_STATUS_E_INVAL; 2921 } 2922 2923 /* unicast ciphers */ 2924 n = LE_READ_2(frm); 2925 frm += 2, len -= 2; 2926 if (n) { 2927 if (len < n * 4) 2928 return QDF_STATUS_E_INVAL; 2929 2930 for (; n > 0; n--) { 2931 w = wlan_crypto_rsn_suite_to_cipher(frm); 2932 if (w >= 0) 2933 SET_UCAST_CIPHER(crypto_params, w); 2934 frm += 4, len -= 4; 2935 } 2936 } else { 2937 /* default ucast cipher CCMP-128 */ 2938 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2939 } 2940 2941 if (crypto_params->ucastcipherset == 0) 2942 return QDF_STATUS_E_INVAL; 2943 2944 if (!len) { 2945 /* default key mgmt 8021x */ 2946 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2947 return QDF_STATUS_SUCCESS; 2948 } else if (len < 2) { 2949 return QDF_STATUS_E_INVAL; 2950 } 2951 2952 /* key management algorithms */ 2953 n = LE_READ_2(frm); 2954 frm += 2, len -= 2; 2955 2956 if (n) { 2957 if (len < n * 4) 2958 return QDF_STATUS_E_INVAL; 2959 akm_index = 0; 2960 for (; n > 0; n--) { 2961 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2962 if (w >= 0) { 2963 SET_KEY_MGMT(crypto_params, w); 2964 wlan_crypto_store_akm_list_in_order( 2965 crypto_params, w, akm_index); 2966 akm_index++; 2967 } 2968 2969 frm += 4, len -= 4; 2970 } 2971 } else { 2972 /* default key mgmt 8021x */ 2973 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2974 } 2975 2976 if (crypto_params->key_mgmt == 0) 2977 return QDF_STATUS_E_INVAL; 2978 2979 /* optional capabilities */ 2980 if (len >= 2) { 2981 crypto_params->rsn_caps = LE_READ_2(frm); 2982 frm += 2, len -= 2; 2983 } else if (len && len < 2) { 2984 return QDF_STATUS_E_INVAL; 2985 } 2986 2987 2988 /* PMKID */ 2989 if (len >= 2) { 2990 n = LE_READ_2(frm); 2991 frm += 2, len -= 2; 2992 if (n && len) { 2993 if (len >= n * PMKID_LEN) 2994 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2995 else 2996 return QDF_STATUS_E_INVAL; 2997 } else if (n && !len) { 2998 return QDF_STATUS_E_INVAL; 2999 } 3000 /*TODO: Save pmkid in params for further reference */ 3001 } else if (len == 1) { 3002 crypto_err("PMKID is truncated"); 3003 return QDF_STATUS_E_INVAL; 3004 } 3005 3006 /* BIP */ 3007 if (!len) { 3008 /* when no BIP mentioned and MFP capable use CMAC as default*/ 3009 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 3010 SET_MGMT_CIPHER(crypto_params, 3011 WLAN_CRYPTO_CIPHER_AES_CMAC); 3012 return QDF_STATUS_SUCCESS; 3013 } else if (len < 4) { 3014 crypto_err("Mgmt cipher is truncated"); 3015 return QDF_STATUS_E_INVAL; 3016 } 3017 w = wlan_crypto_rsn_suite_to_cipher(frm); 3018 frm += 4, len -= 4; 3019 SET_MGMT_CIPHER(crypto_params, w); 3020 3021 return QDF_STATUS_SUCCESS; 3022 } 3023 3024 /** 3025 * wlan_crypto_build_wpaie - called by mlme to build wpaie 3026 * @vdev: vdev 3027 * @iebuf: ie buffer 3028 * 3029 * This function gets called by mlme to build wpaie from given vdev 3030 * 3031 * Return: end of buffer 3032 */ 3033 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 3034 uint8_t *iebuf){ 3035 uint8_t *frm = iebuf; 3036 uint8_t *selcnt; 3037 struct wlan_crypto_comp_priv *crypto_priv; 3038 struct wlan_crypto_params *crypto_params; 3039 3040 if (!frm) 3041 return NULL; 3042 3043 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3044 3045 if (!crypto_params) 3046 return NULL; 3047 3048 *frm++ = WLAN_ELEMID_VENDOR; 3049 *frm++ = 0; 3050 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 3051 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 3052 3053 3054 /* multicast cipher */ 3055 if (MCIPHER_IS_TKIP(crypto_params)) 3056 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3057 else if (MCIPHER_IS_CCMP128(crypto_params)) 3058 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3059 3060 /* unicast cipher list */ 3061 selcnt = frm; 3062 WLAN_CRYPTO_ADDSHORT(frm, 0); 3063 /* do not use CCMP unicast cipher in WPA mode */ 3064 if (UCIPHER_IS_CCMP128(crypto_params)) { 3065 selcnt[0]++; 3066 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3067 } 3068 if (UCIPHER_IS_TKIP(crypto_params)) { 3069 selcnt[0]++; 3070 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3071 } 3072 3073 /* authenticator selector list */ 3074 selcnt = frm; 3075 WLAN_CRYPTO_ADDSHORT(frm, 0); 3076 3077 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 3078 selcnt[0]++; 3079 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 3080 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 3081 selcnt[0]++; 3082 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 3083 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 3084 selcnt[0]++; 3085 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 3086 } else { 3087 selcnt[0]++; 3088 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 3089 } 3090 3091 /* optional capabilities */ 3092 if (crypto_params->rsn_caps != 0 && 3093 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 3094 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3095 } 3096 3097 /* calculate element length */ 3098 iebuf[1] = frm - iebuf - 2; 3099 3100 return frm; 3101 } 3102 3103 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev, 3104 uint8_t *iebuf, 3105 struct wlan_crypto_pmksa *pmksa) 3106 { 3107 uint8_t *frm = iebuf; 3108 uint8_t *selcnt; 3109 struct wlan_crypto_comp_priv *crypto_priv; 3110 struct wlan_crypto_params *crypto_params; 3111 3112 if (!frm) { 3113 return NULL; 3114 } 3115 3116 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3117 3118 if (!crypto_params) { 3119 return NULL; 3120 } 3121 3122 *frm++ = WLAN_ELEMID_RSN; 3123 *frm++ = 0; 3124 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 3125 3126 3127 /* multicast cipher */ 3128 if (MCIPHER_IS_TKIP(crypto_params)) 3129 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3130 else if (MCIPHER_IS_CCMP128(crypto_params)) 3131 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3132 else if (MCIPHER_IS_CCMP256(crypto_params)) 3133 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 3134 else if (MCIPHER_IS_GCMP128(crypto_params)) 3135 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 3136 else if (MCIPHER_IS_GCMP256(crypto_params)) 3137 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 3138 3139 /* unicast cipher list */ 3140 selcnt = frm; 3141 WLAN_CRYPTO_ADDSHORT(frm, 0); 3142 3143 if (UCIPHER_IS_CCMP256(crypto_params)) { 3144 selcnt[0]++; 3145 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 3146 } 3147 if (UCIPHER_IS_GCMP256(crypto_params)) { 3148 selcnt[0]++; 3149 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 3150 } 3151 if (UCIPHER_IS_CCMP128(crypto_params)) { 3152 selcnt[0]++; 3153 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 3154 } 3155 if (UCIPHER_IS_GCMP128(crypto_params)) { 3156 selcnt[0]++; 3157 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 3158 } 3159 if (UCIPHER_IS_TKIP(crypto_params)) { 3160 selcnt[0]++; 3161 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 3162 } 3163 3164 /* authenticator selector list */ 3165 selcnt = frm; 3166 WLAN_CRYPTO_ADDSHORT(frm, 0); 3167 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 3168 selcnt[0]++; 3169 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 3170 /* Other key mgmt should not be added after CCKM */ 3171 goto add_rsn_caps; 3172 } 3173 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 3174 selcnt[0]++; 3175 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 3176 } 3177 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 3178 selcnt[0]++; 3179 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 3180 } 3181 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 3182 selcnt[0]++; 3183 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3184 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 3185 } 3186 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 3187 selcnt[0]++; 3188 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 3189 } 3190 if (HAS_KEY_MGMT(crypto_params, 3191 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 3192 selcnt[0]++; 3193 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3194 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 3195 } 3196 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 3197 selcnt[0]++; 3198 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 3199 } 3200 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 3201 selcnt[0]++; 3202 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 3203 } 3204 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 3205 selcnt[0]++; 3206 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 3207 } 3208 if (HAS_KEY_MGMT(crypto_params, 3209 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 3210 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 3211 3212 selcnt[0]++; 3213 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3214 } 3215 if (HAS_KEY_MGMT(crypto_params, 3216 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 3217 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 3218 3219 selcnt[0]++; 3220 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3221 } 3222 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 3223 selcnt[0]++; 3224 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 3225 } 3226 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 3227 selcnt[0]++; 3228 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 3229 } 3230 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 3231 selcnt[0]++; 3232 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3233 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 3234 } 3235 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 3236 selcnt[0]++; 3237 RSN_ADD_KEYMGMT_TO_SUITE(frm, 3238 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 3239 } 3240 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 3241 selcnt[0]++; 3242 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 3243 } 3244 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 3245 selcnt[0]++; 3246 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 3247 } 3248 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 3249 selcnt[0]++; 3250 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 3251 } 3252 if (HAS_KEY_MGMT(crypto_params, 3253 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) { 3254 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384; 3255 3256 selcnt[0]++; 3257 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 3258 } 3259 add_rsn_caps: 3260 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3261 /* optional capabilities */ 3262 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 3263 /* PMK list */ 3264 if (pmksa) { 3265 WLAN_CRYPTO_ADDSHORT(frm, 1); 3266 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3267 frm += PMKID_LEN; 3268 } else { 3269 WLAN_CRYPTO_ADDSHORT(frm, 0); 3270 } 3271 3272 if (HAS_MGMT_CIPHER(crypto_params, 3273 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 3274 RSN_ADD_CIPHER_TO_SUITE(frm, 3275 WLAN_CRYPTO_CIPHER_AES_CMAC); 3276 } 3277 if (HAS_MGMT_CIPHER(crypto_params, 3278 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 3279 RSN_ADD_CIPHER_TO_SUITE(frm, 3280 WLAN_CRYPTO_CIPHER_AES_GMAC); 3281 } 3282 if (HAS_MGMT_CIPHER(crypto_params, 3283 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 3284 RSN_ADD_CIPHER_TO_SUITE(frm, 3285 WLAN_CRYPTO_CIPHER_AES_CMAC_256 3286 ); 3287 } 3288 3289 if (HAS_MGMT_CIPHER(crypto_params, 3290 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 3291 RSN_ADD_CIPHER_TO_SUITE(frm, 3292 WLAN_CRYPTO_CIPHER_AES_GMAC_256 3293 ); 3294 } 3295 } else { 3296 /* PMK list */ 3297 if (pmksa) { 3298 WLAN_CRYPTO_ADDSHORT(frm, 1); 3299 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 3300 frm += PMKID_LEN; 3301 } 3302 } 3303 3304 /* calculate element length */ 3305 iebuf[1] = frm - iebuf - 2; 3306 3307 return frm; 3308 } 3309 3310 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 3311 uint8_t *iebuf, 3312 struct qdf_mac_addr *bssid) 3313 { 3314 struct wlan_crypto_pmksa *pmksa = NULL; 3315 3316 if (bssid) 3317 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 3318 3319 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa); 3320 } 3321 3322 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 3323 struct wlan_crypto_params *crypto_params){ 3324 struct wlan_crypto_params *my_crypto_params; 3325 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 3326 3327 if (!my_crypto_params) { 3328 crypto_debug("vdev crypto params is NULL"); 3329 return false; 3330 } 3331 /* 3332 * Check peer's pairwise ciphers. 3333 * At least one must match with our unicast cipher 3334 */ 3335 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3336 crypto_debug("Unicast cipher match failed"); 3337 return false; 3338 } 3339 /* 3340 * Check peer's group cipher is our enabled multicast cipher. 3341 */ 3342 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 3343 crypto_debug("Multicast cipher match failed"); 3344 return false; 3345 } 3346 /* 3347 * Check peer's key management class set (PSK or UNSPEC) 3348 */ 3349 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 3350 crypto_debug("Key mgmt match failed"); 3351 return false; 3352 } 3353 if (wlan_crypto_vdev_is_pmf_required(vdev) && 3354 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 3355 crypto_debug("Peer is not PMF capable"); 3356 return false; 3357 } 3358 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 3359 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 3360 crypto_debug("Peer needs PMF, but vdev is not capable"); 3361 return false; 3362 } 3363 3364 return true; 3365 } 3366 3367 /* 3368 * Convert an WAPI CIPHER suite to to an internal code. 3369 */ 3370 static int32_t wlan_crypto_wapi_suite_to_cipher(const uint8_t *sel) 3371 { 3372 uint32_t w = LE_READ_4(sel); 3373 int32_t status = -1; 3374 3375 switch (w) { 3376 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 3377 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 3378 } 3379 3380 return status; 3381 } 3382 3383 /* 3384 * Convert an WAPI key management/authentication algorithm 3385 * to an internal code. 3386 */ 3387 static int32_t wlan_crypto_wapi_keymgmt(const u_int8_t *sel) 3388 { 3389 uint32_t w = LE_READ_4(sel); 3390 int32_t status = -1; 3391 3392 switch (w) { 3393 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 3394 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 3395 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 3396 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 3397 } 3398 3399 return status; 3400 } 3401 3402 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 3403 const uint8_t *frm) 3404 { 3405 uint8_t len = frm[1]; 3406 int32_t w; 3407 int n; 3408 3409 /* 3410 * Check the length once for fixed parts: OUI, type, 3411 * version, mcast cipher, and 2 selector counts. 3412 * Other, variable-length data, must be checked separately. 3413 */ 3414 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 3415 3416 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 3417 return QDF_STATUS_E_INVAL; 3418 3419 3420 frm += 2; 3421 3422 w = LE_READ_2(frm); 3423 frm += 2, len -= 2; 3424 if (w != WAPI_VERSION) 3425 return QDF_STATUS_E_INVAL; 3426 3427 n = LE_READ_2(frm); 3428 frm += 2, len -= 2; 3429 if (len < n*4+2) 3430 return QDF_STATUS_E_INVAL; 3431 3432 for (; n > 0; n--) { 3433 w = wlan_crypto_wapi_keymgmt(frm); 3434 if (w < 0) 3435 return QDF_STATUS_E_INVAL; 3436 3437 SET_KEY_MGMT(crypto_params, w); 3438 frm += 4, len -= 4; 3439 } 3440 3441 /* unicast ciphers */ 3442 n = LE_READ_2(frm); 3443 frm += 2, len -= 2; 3444 if (len < n*4+2) 3445 return QDF_STATUS_E_INVAL; 3446 3447 for (; n > 0; n--) { 3448 w = wlan_crypto_wapi_suite_to_cipher(frm); 3449 if (w < 0) 3450 return QDF_STATUS_E_INVAL; 3451 SET_UCAST_CIPHER(crypto_params, w); 3452 frm += 4, len -= 4; 3453 } 3454 3455 if (!crypto_params->ucastcipherset) 3456 return QDF_STATUS_E_INVAL; 3457 3458 /* multicast/group cipher */ 3459 w = wlan_crypto_wapi_suite_to_cipher(frm); 3460 3461 if (w < 0) 3462 return QDF_STATUS_E_INVAL; 3463 3464 SET_MCAST_CIPHER(crypto_params, w); 3465 frm += 4, len -= 4; 3466 3467 return QDF_STATUS_SUCCESS; 3468 } 3469 3470 /** 3471 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 3472 * @vdev: vdev 3473 * @iebuf: ie buffer 3474 * 3475 * This function gets called by mlme to build wapi ie from given vdev 3476 * 3477 * Return: end of buffer 3478 */ 3479 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 3480 uint8_t *iebuf) 3481 { 3482 uint8_t *frm; 3483 uint8_t *selcnt; 3484 struct wlan_crypto_comp_priv *crypto_priv; 3485 struct wlan_crypto_params *crypto_params; 3486 3487 frm = iebuf; 3488 if (!frm) { 3489 crypto_err("ie buffer NULL"); 3490 return NULL; 3491 } 3492 3493 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3494 3495 if (!crypto_params) { 3496 crypto_err("crypto_params NULL"); 3497 return NULL; 3498 } 3499 3500 *frm++ = WLAN_ELEMID_WAPI; 3501 *frm++ = 0; 3502 3503 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3504 3505 /* authenticator selector list */ 3506 selcnt = frm; 3507 WLAN_CRYPTO_ADDSHORT(frm, 0); 3508 3509 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3510 selcnt[0]++; 3511 WLAN_CRYPTO_ADDSELECTOR(frm, 3512 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3513 } 3514 3515 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3516 selcnt[0]++; 3517 WLAN_CRYPTO_ADDSELECTOR(frm, 3518 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3519 } 3520 3521 /* unicast cipher list */ 3522 selcnt = frm; 3523 WLAN_CRYPTO_ADDSHORT(frm, 0); 3524 3525 if (UCIPHER_IS_SMS4(crypto_params)) { 3526 selcnt[0]++; 3527 WLAN_CRYPTO_ADDSELECTOR(frm, 3528 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3529 } 3530 3531 WLAN_CRYPTO_ADDSELECTOR(frm, 3532 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3533 3534 /* optional capabilities */ 3535 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3536 3537 /* bkid count */ 3538 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3539 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3540 WLAN_CRYPTO_ADDSHORT(frm, 0); 3541 3542 /* calculate element length */ 3543 iebuf[1] = frm - iebuf - 2; 3544 3545 return frm; 3546 3547 } 3548 3549 /** 3550 * wlan_crypto_pn_check - called by data patch for PN check 3551 * @vdev: vdev 3552 * @wbuf: wbuf 3553 * 3554 * This function gets called by data patch for PN check 3555 * 3556 * Return: QDF_STATUS 3557 */ 3558 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3559 qdf_nbuf_t wbuf){ 3560 /* Need to check is there real requirement for this function 3561 * as PN check is already handled in decap function. 3562 */ 3563 return QDF_STATUS_SUCCESS; 3564 } 3565 3566 /** 3567 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3568 * @vdev:vdev 3569 * 3570 * This function gets called by mlme to get crypto params 3571 * 3572 * Return: wlan_crypto_params or NULL in case of failure 3573 */ 3574 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3575 struct wlan_objmgr_vdev *vdev){ 3576 struct wlan_crypto_comp_priv *crypto_priv; 3577 3578 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3579 } 3580 3581 /** 3582 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3583 * @peer:peer 3584 * 3585 * This function gets called by mlme to get crypto params 3586 * 3587 * Return: wlan_crypto_params or NULL in case of failure 3588 */ 3589 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3590 struct wlan_objmgr_peer *peer){ 3591 struct wlan_crypto_comp_priv *crypto_priv; 3592 3593 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3594 } 3595 3596 3597 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3598 struct wlan_objmgr_peer *peer) 3599 { 3600 struct wlan_crypto_comp_priv *crypto_priv; 3601 struct wlan_crypto_comp_priv *sta_crypto_priv; 3602 struct wlan_crypto_params *crypto_params; 3603 struct wlan_crypto_key *key; 3604 struct wlan_crypto_key *sta_key; 3605 struct wlan_crypto_cipher *cipher_table; 3606 struct wlan_objmgr_psoc *psoc; 3607 struct wlan_lmac_if_tx_ops *tx_ops; 3608 uint8_t *mac_addr; 3609 int i; 3610 enum QDF_OPMODE opmode; 3611 QDF_STATUS status = QDF_STATUS_SUCCESS; 3612 3613 if (!vdev) 3614 return QDF_STATUS_E_NULL_VALUE; 3615 3616 if (!peer) { 3617 crypto_debug("peer NULL"); 3618 return QDF_STATUS_E_INVAL; 3619 } 3620 3621 opmode = wlan_vdev_mlme_get_opmode(vdev); 3622 psoc = wlan_vdev_get_psoc(vdev); 3623 3624 if (!psoc) { 3625 crypto_err("psoc NULL"); 3626 return QDF_STATUS_E_NULL_VALUE; 3627 } 3628 3629 wlan_peer_obj_lock(peer); 3630 mac_addr = wlan_peer_get_macaddr(peer); 3631 wlan_peer_obj_unlock(peer); 3632 3633 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3634 &crypto_priv); 3635 if (!crypto_priv) { 3636 crypto_err("crypto_priv NULL"); 3637 return QDF_STATUS_E_NULL_VALUE; 3638 } 3639 3640 /* push only valid static WEP keys from vap */ 3641 if (AUTH_IS_8021X(crypto_params)) 3642 return QDF_STATUS_E_INVAL; 3643 3644 if (opmode == QDF_STA_MODE) { 3645 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3646 if (!peer) { 3647 crypto_debug("peer NULL"); 3648 return QDF_STATUS_E_INVAL; 3649 } 3650 } 3651 3652 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3653 if (!sta_crypto_priv) { 3654 crypto_err("sta priv is null"); 3655 status = QDF_STATUS_E_INVAL; 3656 goto exit; 3657 } 3658 3659 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3660 if (crypto_priv->key[i]) { 3661 key = crypto_priv->key[i]; 3662 if (!key || !key->valid) 3663 continue; 3664 3665 cipher_table = (struct wlan_crypto_cipher *) 3666 key->cipher_table; 3667 3668 if (!cipher_table) 3669 continue; 3670 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3671 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 3672 if (!tx_ops) { 3673 crypto_err("tx_ops is NULL"); 3674 return QDF_STATUS_E_INVAL; 3675 } 3676 3677 sta_key = qdf_mem_malloc( 3678 sizeof(struct wlan_crypto_key)); 3679 if (!sta_key) { 3680 status = QDF_STATUS_E_NOMEM; 3681 goto exit; 3682 } 3683 3684 sta_crypto_priv->key[i] = sta_key; 3685 qdf_mem_copy(sta_key, key, 3686 sizeof(struct wlan_crypto_key)); 3687 3688 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3689 3690 if (crypto_priv->def_tx_keyid == i) { 3691 sta_key->flags 3692 |= WLAN_CRYPTO_KEY_DEFAULT; 3693 sta_crypto_priv->def_tx_keyid = 3694 crypto_priv->def_tx_keyid; 3695 } 3696 /* setting the broadcast/multicast key for sta*/ 3697 if (opmode == QDF_STA_MODE || 3698 opmode == QDF_IBSS_MODE){ 3699 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3700 WLAN_CRYPTO_TX_OPS_SETKEY( 3701 tx_ops)(vdev, sta_key, 3702 mac_addr, 3703 cipher_table->cipher); 3704 } 3705 } 3706 3707 /* setting unicast key */ 3708 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3709 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 3710 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)( 3711 vdev, sta_key, 3712 mac_addr, 3713 cipher_table->cipher); 3714 } 3715 } 3716 } 3717 } 3718 3719 exit: 3720 if (opmode == QDF_STA_MODE) 3721 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3722 3723 return status; 3724 } 3725 3726 /** 3727 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3728 * @crypto_rx_ops: crypto_rx_ops 3729 * 3730 * This function gets called by object manger to register crypto rx ops. 3731 * 3732 * Return: QDF_STATUS 3733 */ 3734 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3735 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops) { 3736 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3737 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3738 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3739 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3740 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3741 3742 return QDF_STATUS_SUCCESS; 3743 } 3744 3745 /** 3746 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3747 * @psoc: psoc 3748 * 3749 * This function gets called by umac to get the crypto_rx_ops 3750 * 3751 * Return: crypto_rx_ops 3752 */ 3753 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3754 struct wlan_objmgr_psoc *psoc) 3755 { 3756 struct wlan_lmac_if_rx_ops *rx_ops; 3757 3758 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc); 3759 3760 if (!rx_ops) { 3761 crypto_err("rx_ops is NULL"); 3762 return NULL; 3763 } 3764 3765 return &rx_ops->crypto_rx_ops; 3766 } 3767 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3768 3769 /** 3770 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3771 * @vdev: vdev 3772 * @authvalue: authvalue to be checked 3773 * 3774 * This function check is authvalue passed is set in vdev or not 3775 * 3776 * Return: true or false 3777 */ 3778 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3779 wlan_crypto_auth_mode authvalue) 3780 { 3781 int res; 3782 3783 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE); 3784 3785 if (res != -1) 3786 return (res & authvalue) ? true : false; 3787 return false; 3788 } 3789 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3790 3791 /** 3792 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3793 * @peer: peer 3794 * @authvalue: authvalue to be checked 3795 * 3796 * This function check is authvalue passed is set in peer or not 3797 * 3798 * Return: true or false 3799 */ 3800 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3801 wlan_crypto_auth_mode authvalue) 3802 { 3803 int res; 3804 3805 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE); 3806 3807 if (res != -1) 3808 return (res & authvalue) ? true : false; 3809 3810 return false; 3811 } 3812 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3813 3814 /** 3815 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3816 * @vdev: vdev 3817 * @ucastcipher: ucastcipher to be checked 3818 * 3819 * This function check is ucastcipher passed is set in vdev or not 3820 * 3821 * Return: true or false 3822 */ 3823 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3824 wlan_crypto_cipher_type ucastcipher) 3825 { 3826 int res; 3827 3828 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3829 3830 if (res != -1) 3831 return (res & ucastcipher) ? true : false; 3832 3833 return false; 3834 } 3835 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3836 3837 /** 3838 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3839 * @peer: peer 3840 * @ucastcipher: ucastcipher to be checked 3841 * 3842 * This function check is ucastcipher passed is set in peer or not 3843 * 3844 * Return: true or false 3845 */ 3846 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3847 wlan_crypto_cipher_type ucastcipher) 3848 { 3849 int res; 3850 3851 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER); 3852 3853 if (res != -1) 3854 return (res & ucastcipher) ? true : false; 3855 3856 return false; 3857 } 3858 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3859 3860 /** 3861 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3862 * @vdev: vdev 3863 * @mcastcipher: mcastcipher to be checked 3864 * 3865 * This function check is mcastcipher passed is set in vdev or not 3866 * 3867 * Return: true or false 3868 */ 3869 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3870 wlan_crypto_cipher_type mcastcipher) 3871 { 3872 int res; 3873 3874 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3875 3876 if (res != -1) 3877 return (res & mcastcipher) ? true : false; 3878 3879 return false; 3880 } 3881 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3882 3883 /** 3884 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3885 * @peer: peer 3886 * @mcastcipher: mcastcipher to be checked 3887 * 3888 * This function check is mcastcipher passed is set in peer or not 3889 * 3890 * Return: true or false 3891 */ 3892 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3893 wlan_crypto_cipher_type mcastcipher) 3894 { 3895 int res; 3896 3897 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER); 3898 3899 if (res != -1) 3900 return (res & mcastcipher) ? true : false; 3901 3902 return false; 3903 } 3904 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3905 3906 /** 3907 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3908 * @vdev: vdev 3909 * @mgmtcipher: mgmtcipher to be checked 3910 * 3911 * This function checks any one of mgmtciphers are supported by vdev or not. 3912 * 3913 * Return: true or false 3914 */ 3915 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3916 uint32_t mgmtcipher) 3917 { 3918 int res; 3919 3920 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3921 3922 if (res != -1) 3923 return (res & mgmtcipher) ? true : false; 3924 3925 return false; 3926 } 3927 3928 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3929 3930 /** 3931 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3932 * @peer: peer 3933 * @mgmtcipher: mgmtcipher to be checked 3934 * 3935 * This function checks any one of mgmtciphers are supported by peer or not 3936 * 3937 * Return: true or false 3938 */ 3939 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3940 uint32_t mgmtcipher) 3941 { 3942 int res; 3943 3944 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER); 3945 3946 if (res != -1) 3947 return (res & mgmtcipher) ? true : false; 3948 3949 return false; 3950 } 3951 3952 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3953 3954 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3955 { 3956 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3957 3958 if (!peer) { 3959 crypto_err("Invalid Input"); 3960 return 0; 3961 } 3962 3963 crypto_priv = wlan_get_peer_crypto_obj(peer); 3964 if (!crypto_priv) { 3965 crypto_err("crypto_priv NULL"); 3966 return 0; 3967 } 3968 3969 return crypto_priv->fils_aead_set; 3970 } 3971 3972 void 3973 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3974 { 3975 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3976 3977 if (!peer) { 3978 crypto_err("Invalid Input"); 3979 return; 3980 } 3981 3982 crypto_priv = wlan_get_peer_crypto_obj(peer); 3983 if (!crypto_priv) { 3984 crypto_err("crypto_priv NULL"); 3985 return; 3986 } 3987 3988 crypto_priv->fils_aead_set = value; 3989 } 3990 3991 /** 3992 * wlan_crypto_get_key_header - get header length 3993 * @key: key 3994 * 3995 * This function gets header length based on keytype 3996 * 3997 * Return: header length 3998 */ 3999 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 4000 { 4001 struct wlan_crypto_cipher *cipher_table; 4002 4003 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 4004 if (cipher_table) 4005 return cipher_table->header; 4006 else 4007 return 0; 4008 } 4009 4010 qdf_export_symbol(wlan_crypto_get_key_header); 4011 4012 /** 4013 * wlan_crypto_get_key_trailer - get cipher trailer length 4014 * @key: key 4015 * 4016 * This function gets cipher trailer length based on keytype 4017 * 4018 * Return: cipher trailer length 4019 */ 4020 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 4021 { 4022 struct wlan_crypto_cipher *cipher_table; 4023 4024 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 4025 if (cipher_table) 4026 return cipher_table->trailer; 4027 else 4028 return 0; 4029 } 4030 4031 qdf_export_symbol(wlan_crypto_get_key_trailer); 4032 4033 /** 4034 * wlan_crypto_get_key_miclen - get cipher miclen length 4035 * @key: key 4036 * 4037 * This function gets cipher miclen length based on keytype 4038 * 4039 * Return: cipher miclen length 4040 */ 4041 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 4042 { 4043 struct wlan_crypto_cipher *cipher_table; 4044 4045 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 4046 if (cipher_table) 4047 return cipher_table->miclen; 4048 else 4049 return 0; 4050 } 4051 4052 qdf_export_symbol(wlan_crypto_get_key_miclen); 4053 4054 /** 4055 * wlan_crypto_get_keyid - get keyid from frame 4056 * @data: frame 4057 * 4058 * This function parse frame and returns keyid 4059 * 4060 * Return: keyid 4061 */ 4062 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 4063 { 4064 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 4065 uint8_t *iv; 4066 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 4067 uint8_t type = WLAN_FC0_GET_TYPE(hdr->i_fc[0]); 4068 4069 /* 4070 * In FILS SK (Re)Association request/response frame has 4071 * to be decrypted 4072 */ 4073 if ((type == WLAN_FC0_TYPE_MGMT) && 4074 ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 4075 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 4076 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 4077 (stype == WLAN_FC0_STYPE_REASSOC_RESP))) { 4078 return 0; 4079 } 4080 4081 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 4082 iv = data + hdrlen; 4083 /* 4084 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 4085 * Bits 6–7 of the Key ID octet are for the Key ID subfield 4086 */ 4087 return ((iv[3] >> 6) & 0x3); 4088 } else { 4089 return WLAN_CRYPTO_KEYIX_NONE; 4090 } 4091 } 4092 4093 qdf_export_symbol(wlan_crypto_get_keyid); 4094 4095 /** 4096 * crypto_plumb_peer_keys - called during radio reset 4097 * @vdev: vdev 4098 * @object: peer 4099 * @arg: psoc 4100 * 4101 * Restore unicast and persta hardware keys 4102 * 4103 * Return: void 4104 */ 4105 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 4106 void *object, void *arg) { 4107 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 4108 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 4109 struct wlan_crypto_comp_priv *crypto_priv; 4110 struct wlan_crypto_params *crypto_params; 4111 struct wlan_crypto_key *key = NULL; 4112 struct wlan_lmac_if_tx_ops *tx_ops; 4113 int i; 4114 4115 if ((!peer) || (!vdev) || (!psoc)) { 4116 crypto_err("Peer or vdev or psoc objects are null!"); 4117 return; 4118 } 4119 4120 crypto_params = wlan_crypto_peer_get_comp_params(peer, 4121 &crypto_priv); 4122 4123 if (!crypto_priv) { 4124 crypto_err("crypto_priv NULL"); 4125 return; 4126 } 4127 4128 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 4129 key = crypto_priv->key[i]; 4130 if (key && key->valid) { 4131 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4132 4133 if (!tx_ops) { 4134 crypto_err("tx_ops is NULL"); 4135 return; 4136 } 4137 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 4138 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 4139 ( 4140 vdev, 4141 key, 4142 wlan_peer_get_macaddr(peer), 4143 wlan_crypto_get_key_type(key) 4144 ); 4145 } 4146 } 4147 } 4148 } 4149 4150 /** 4151 * wlan_crypto_restore_keys - called during radio reset 4152 * @vdev: vdev 4153 * 4154 * Clear and restore keycache, needed for some DA chipsets which put 4155 * random values in keycache when phy reset is triggered 4156 * 4157 * Return: void 4158 */ 4159 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 4160 { 4161 int i; 4162 struct wlan_crypto_comp_priv *crypto_priv; 4163 struct wlan_crypto_params *crypto_params; 4164 struct wlan_crypto_key *key; 4165 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 4166 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 4167 struct wlan_objmgr_pdev *pdev = NULL; 4168 struct wlan_objmgr_psoc *psoc = NULL; 4169 struct wlan_lmac_if_tx_ops *tx_ops; 4170 4171 pdev = wlan_vdev_get_pdev(vdev); 4172 psoc = wlan_vdev_get_psoc(vdev); 4173 if (!pdev) { 4174 crypto_err("pdev is NULL"); 4175 return; 4176 } 4177 if (!psoc) { 4178 crypto_err("psoc is NULL"); 4179 return; 4180 } 4181 4182 /* TBD: QWRAP key restore*/ 4183 /* crypto is on */ 4184 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 4185 /* restore static shared keys */ 4186 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 4187 crypto_params = wlan_crypto_vdev_get_comp_params 4188 ( 4189 vdev, 4190 &crypto_priv 4191 ); 4192 if (!crypto_priv) { 4193 crypto_err("crypto_priv is NULL"); 4194 return; 4195 } 4196 key = crypto_priv->key[i]; 4197 if (key && key->valid) { 4198 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4199 if (!tx_ops) { 4200 crypto_err("tx_ops is NULL"); 4201 return; 4202 } 4203 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) { 4204 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops) 4205 ( 4206 vdev, 4207 key, 4208 macaddr, 4209 wlan_crypto_get_key_type(key) 4210 ); 4211 } 4212 } 4213 } 4214 4215 wlan_objmgr_iterate_peerobj_list(vdev, 4216 crypto_plumb_peer_keys, 4217 psoc, 4218 WLAN_CRYPTO_ID); 4219 } 4220 } 4221 4222 QDF_STATUS 4223 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 4224 const uint8_t *ie_ptr, uint16_t ie_len) 4225 { 4226 const uint8_t *rsn_ie = NULL; 4227 QDF_STATUS status; 4228 4229 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4230 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 4231 if (!rsn_ie) { 4232 crypto_debug("RSN IE not present"); 4233 return QDF_STATUS_E_INVAL; 4234 } 4235 4236 status = wlan_crypto_rsnie_check(crypto_params, rsn_ie); 4237 if (QDF_STATUS_SUCCESS != status) { 4238 crypto_err("RSN IE check failed"); 4239 return status; 4240 } 4241 4242 return QDF_STATUS_SUCCESS; 4243 } 4244 4245 QDF_STATUS 4246 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 4247 const uint8_t *ie_ptr, uint16_t ie_len) 4248 { 4249 const uint8_t *wpa_ie = NULL; 4250 uint32_t wpa_oui; 4251 QDF_STATUS status; 4252 4253 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 4254 4255 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 4256 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 4257 WLAN_OUI_SIZE, ie_ptr, ie_len); 4258 if (!wpa_ie) { 4259 crypto_debug("WPA IE not present"); 4260 return QDF_STATUS_E_INVAL; 4261 } 4262 4263 status = wlan_crypto_wpaie_check(crypto_params, wpa_ie); 4264 if (QDF_STATUS_SUCCESS != status) { 4265 crypto_err("WPA IE check failed"); 4266 return status; 4267 } 4268 4269 return QDF_STATUS_SUCCESS; 4270 } 4271 4272 #ifdef FEATURE_WLAN_WAPI 4273 QDF_STATUS 4274 wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params *crypto_params, 4275 const uint8_t *ie_ptr, uint16_t ie_len) 4276 { 4277 const uint8_t *wapi_ie; 4278 QDF_STATUS status; 4279 4280 qdf_mem_zero(crypto_params, sizeof(*crypto_params)); 4281 wapi_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_WAPI, ie_ptr, ie_len); 4282 if (!wapi_ie) { 4283 crypto_debug("WAPI ie not present"); 4284 return QDF_STATUS_E_INVAL; 4285 } 4286 4287 status = wlan_crypto_wapiie_check(crypto_params, wapi_ie); 4288 if (QDF_IS_STATUS_ERROR(status)) { 4289 crypto_err("WAPI IE check failed"); 4290 return status; 4291 } 4292 4293 return QDF_STATUS_SUCCESS; 4294 } 4295 #endif 4296 4297 /** 4298 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 4299 * @psoc: psoc pointer 4300 * @vdev_id: vdev id 4301 * @ie_ptr: pointer to IEs 4302 * @ie_len: IE length 4303 * @peer_crypto_params: return peer crypto parameters 4304 * 4305 * This function gets called from ucfg to check RSN match. 4306 * 4307 * Return: true or false 4308 */ 4309 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 4310 uint8_t vdev_id, uint8_t *ie_ptr, 4311 uint16_t ie_len, struct wlan_crypto_params * 4312 peer_crypto_params) 4313 { 4314 struct wlan_objmgr_vdev *vdev; 4315 bool match = true; 4316 QDF_STATUS status; 4317 4318 if (!psoc) { 4319 crypto_err("PSOC is NULL"); 4320 return false; 4321 } 4322 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params, 4323 ie_ptr, ie_len); 4324 if (QDF_STATUS_SUCCESS != status) { 4325 crypto_err("get crypto prarams from RSN IE failed"); 4326 return false; 4327 } 4328 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4329 WLAN_CRYPTO_ID); 4330 if (!vdev) { 4331 crypto_err("vdev is NULL"); 4332 return false; 4333 } 4334 4335 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4336 4337 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4338 4339 return match; 4340 } 4341 4342 /** 4343 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 4344 * @psoc: psoc pointer 4345 * @vdev_id: vdev id 4346 * @ie_ptr: pointer to IEs 4347 * @ie_len: IE length 4348 * @peer_crypto_params: return peer crypto parameters 4349 * 4350 * This function gets called from ucfg to check WPA match. 4351 * 4352 * Return: true or false 4353 */ 4354 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 4355 uint8_t vdev_id, uint8_t *ie_ptr, 4356 uint16_t ie_len, struct wlan_crypto_params * 4357 peer_crypto_params) 4358 { 4359 struct wlan_objmgr_vdev *vdev; 4360 bool match = true; 4361 QDF_STATUS status; 4362 4363 if (!psoc) { 4364 crypto_err("PSOC is NULL"); 4365 return false; 4366 } 4367 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 4368 WLAN_CRYPTO_ID); 4369 if (!vdev) { 4370 crypto_err("vdev is NULL"); 4371 return false; 4372 } 4373 4374 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params, 4375 ie_ptr, ie_len); 4376 if (QDF_STATUS_SUCCESS != status) { 4377 crypto_err("get crypto prarams from WPA IE failed"); 4378 match = false; 4379 goto send_res; 4380 } 4381 match = wlan_crypto_rsn_info(vdev, peer_crypto_params); 4382 4383 send_res: 4384 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 4385 4386 return match; 4387 } 4388 4389 4390 static void 4391 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 4392 struct wlan_crypto_params *src_params) 4393 { 4394 dst_params->authmodeset |= src_params->authmodeset; 4395 dst_params->ucastcipherset |= src_params->ucastcipherset; 4396 dst_params->mcastcipherset |= src_params->mcastcipherset; 4397 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 4398 dst_params->cipher_caps |= src_params->cipher_caps; 4399 dst_params->key_mgmt |= src_params->key_mgmt; 4400 dst_params->rsn_caps |= src_params->rsn_caps; 4401 } 4402 4403 static void 4404 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 4405 { 4406 params->authmodeset = 0; 4407 params->ucastcipherset = 0; 4408 params->mcastcipherset = 0; 4409 params->mgmtcipherset = 0; 4410 params->key_mgmt = 0; 4411 params->rsn_caps = 0; 4412 } 4413 4414 const uint8_t * 4415 wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len) 4416 { 4417 uint8_t len; 4418 const uint8_t *ie; 4419 4420 if (!rsnxe_ie) 4421 return NULL; 4422 4423 ie = rsnxe_ie; 4424 len = ie[1]; 4425 ie += 2; 4426 4427 if (!len) 4428 return NULL; 4429 4430 *cap_len = ie[0] & 0xf; 4431 4432 return ie; 4433 } 4434 4435 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 4436 uint8_t *ie_ptr, 4437 uint16_t ie_len) 4438 { 4439 struct wlan_crypto_params crypto_params; 4440 QDF_STATUS status; 4441 struct wlan_crypto_params *vdev_crypto_params; 4442 struct wlan_crypto_comp_priv *crypto_priv; 4443 bool send_fail = false; 4444 4445 if (!vdev) { 4446 crypto_err("VDEV is NULL"); 4447 return QDF_STATUS_E_FAILURE; 4448 } 4449 4450 if (!ie_ptr) { 4451 crypto_err("IE ptr is NULL"); 4452 return QDF_STATUS_E_FAILURE; 4453 } 4454 4455 crypto_priv = (struct wlan_crypto_comp_priv *) 4456 wlan_get_vdev_crypto_obj(vdev); 4457 4458 if (!crypto_priv) { 4459 crypto_err("crypto_priv NULL"); 4460 return QDF_STATUS_E_FAILURE; 4461 } 4462 4463 vdev_crypto_params = &crypto_priv->crypto_params; 4464 4465 wlan_crypto_reset_prarams(vdev_crypto_params); 4466 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 4467 ie_ptr, ie_len); 4468 if (QDF_IS_STATUS_SUCCESS(status)) 4469 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4470 else 4471 send_fail = true; 4472 4473 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 4474 ie_ptr, ie_len); 4475 if (QDF_IS_STATUS_SUCCESS(status)) { 4476 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4477 send_fail = false; 4478 } 4479 4480 status = wlan_get_crypto_params_from_wapi_ie(&crypto_params, 4481 ie_ptr, ie_len); 4482 if (QDF_IS_STATUS_SUCCESS(status)) { 4483 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 4484 send_fail = false; 4485 } 4486 4487 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 4488 } 4489 4490 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 4491 { 4492 struct wlan_crypto_comp_priv *crypto_priv; 4493 4494 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4495 if (!crypto_priv) { 4496 crypto_err("crypto_priv NULL"); 4497 return QDF_STATUS_E_FAILURE; 4498 } 4499 4500 if (igtk) 4501 return crypto_priv->def_igtk_tx_keyid; 4502 else 4503 return crypto_priv->def_tx_keyid; 4504 } 4505 4506 enum wlan_crypto_cipher_type 4507 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 4508 bool pairwise, uint8_t key_index) 4509 { 4510 struct wlan_crypto_key *crypto_key; 4511 4512 crypto_key = wlan_crypto_get_key(vdev, key_index); 4513 4514 if (crypto_key) 4515 return crypto_key->cipher_type; 4516 else 4517 return WLAN_CRYPTO_CIPHER_INVALID; 4518 } 4519 4520 #ifdef CRYPTO_SET_KEY_CONVERGED 4521 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4522 uint8_t key_index, uint8_t key_len, 4523 uint8_t seq_len) 4524 { 4525 if (!is_valid_keyix(key_index)) { 4526 crypto_err("Invalid Key index %d", key_index); 4527 return QDF_STATUS_E_INVAL; 4528 } 4529 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4530 crypto_err("Invalid Cipher %d", cipher); 4531 return QDF_STATUS_E_INVAL; 4532 } 4533 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4534 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4535 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4536 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4537 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4538 crypto_err("Invalid key index %d for cipher %d", 4539 key_index, cipher); 4540 return QDF_STATUS_E_INVAL; 4541 } 4542 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4543 crypto_err("Invalid key length %d", key_len); 4544 return QDF_STATUS_E_INVAL; 4545 } 4546 4547 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4548 crypto_err("Invalid seq length %d", seq_len); 4549 return QDF_STATUS_E_INVAL; 4550 } 4551 4552 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4553 key_index, key_len, seq_len); 4554 4555 return QDF_STATUS_SUCCESS; 4556 } 4557 4558 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4559 uint8_t key_index, 4560 struct wlan_crypto_key *crypto_key) 4561 { 4562 struct wlan_crypto_comp_priv *crypto_priv; 4563 4564 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4565 if (!crypto_priv) { 4566 crypto_err("crypto_priv NULL"); 4567 return QDF_STATUS_E_FAILURE; 4568 } 4569 if (!is_valid_keyix(key_index)) { 4570 crypto_err("Invalid Key index %d", key_index); 4571 return QDF_STATUS_E_FAILURE; 4572 } 4573 if (key_index < WLAN_CRYPTO_MAXKEYIDX) { 4574 crypto_priv->key[key_index] = crypto_key; 4575 } else if (is_igtk(key_index)) { 4576 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4577 crypto_key; 4578 crypto_priv->def_igtk_tx_keyid = 4579 key_index - WLAN_CRYPTO_MAXKEYIDX; 4580 crypto_priv->igtk_key_type = crypto_key->cipher_type; 4581 } else { 4582 crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4583 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key; 4584 crypto_priv->def_bigtk_tx_keyid = 4585 key_index - WLAN_CRYPTO_MAXKEYIDX 4586 - WLAN_CRYPTO_MAXIGTKKEYIDX; 4587 } 4588 crypto_key->valid = true; 4589 4590 return QDF_STATUS_SUCCESS; 4591 } 4592 4593 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4594 uint8_t key_index) 4595 { 4596 struct wlan_crypto_comp_priv *crypto_priv; 4597 4598 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4599 if (!crypto_priv) { 4600 crypto_err("crypto_priv NULL"); 4601 return NULL; 4602 } 4603 if (!is_valid_keyix(key_index)) { 4604 crypto_err("Invalid Key index %d", key_index); 4605 return NULL; 4606 } 4607 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4608 return crypto_priv->key[key_index]; 4609 else if (is_igtk(key_index)) 4610 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4611 else 4612 return crypto_priv->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX 4613 - WLAN_CRYPTO_MAXIGTKKEYIDX]; 4614 4615 return NULL; 4616 } 4617 4618 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4619 struct wlan_crypto_key *req, 4620 enum wlan_crypto_key_type key_type) 4621 { 4622 struct wlan_objmgr_psoc *psoc; 4623 struct wlan_lmac_if_tx_ops *tx_ops; 4624 4625 psoc = wlan_vdev_get_psoc(vdev); 4626 4627 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4628 if (!tx_ops) { 4629 crypto_err("tx_ops is NULL"); 4630 return QDF_STATUS_E_FAILURE; 4631 } 4632 4633 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)) 4634 WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req, key_type); 4635 else 4636 return QDF_STATUS_E_FAILURE; 4637 4638 return QDF_STATUS_SUCCESS; 4639 } 4640 4641 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4642 bool pairwise, uint8_t key_index, 4643 struct qdf_mac_addr *peer_mac) 4644 { 4645 struct wlan_crypto_key *crypto_key; 4646 4647 crypto_key = wlan_crypto_get_key(vdev, key_index); 4648 if (!crypto_key) { 4649 crypto_err("crypto_key not present for key_idx %d", key_index); 4650 return; 4651 } 4652 4653 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4654 } 4655 4656 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD) 4657 void wlan_crypto_selective_clear_sae_single_pmk_entries( 4658 struct wlan_objmgr_vdev *vdev, 4659 struct qdf_mac_addr *conn_bssid) 4660 { 4661 struct wlan_crypto_params *crypto_params; 4662 struct wlan_crypto_comp_priv *crypto_priv; 4663 int i; 4664 4665 crypto_priv = (struct wlan_crypto_comp_priv *) 4666 wlan_get_vdev_crypto_obj(vdev); 4667 4668 if (!crypto_priv) { 4669 crypto_err("crypto_priv NULL"); 4670 return; 4671 } 4672 4673 crypto_params = &crypto_priv->crypto_params; 4674 4675 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4676 if (!crypto_params->pmksa[i]) 4677 continue; 4678 4679 if (crypto_params->pmksa[i]->single_pmk_supported && 4680 !qdf_is_macaddr_equal(conn_bssid, 4681 &crypto_params->pmksa[i]->bssid)) { 4682 qdf_mem_zero(crypto_params->pmksa[i], 4683 sizeof(struct wlan_crypto_pmksa)); 4684 qdf_mem_free(crypto_params->pmksa[i]); 4685 crypto_params->pmksa[i] = NULL; 4686 } 4687 } 4688 } 4689 4690 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev, 4691 struct qdf_mac_addr *bssid, 4692 bool single_pmk_capable_bss) 4693 { 4694 struct wlan_crypto_params *crypto_params; 4695 struct wlan_crypto_comp_priv *crypto_priv; 4696 int i; 4697 4698 crypto_priv = (struct wlan_crypto_comp_priv *) 4699 wlan_get_vdev_crypto_obj(vdev); 4700 4701 if (!crypto_priv) { 4702 crypto_err("crypto_priv NULL"); 4703 return; 4704 } 4705 4706 crypto_params = &crypto_priv->crypto_params; 4707 4708 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4709 if (!crypto_params->pmksa[i]) 4710 continue; 4711 4712 if (qdf_is_macaddr_equal(bssid, 4713 &crypto_params->pmksa[i]->bssid)) 4714 crypto_params->pmksa[i]->single_pmk_supported = 4715 single_pmk_capable_bss; 4716 } 4717 } 4718 4719 void 4720 wlan_crypto_set_sae_single_pmk_info(struct wlan_objmgr_vdev *vdev, 4721 struct wlan_crypto_pmksa *roam_sync_pmksa) 4722 { 4723 struct wlan_crypto_params *crypto_params; 4724 struct wlan_crypto_comp_priv *crypto_priv; 4725 int i; 4726 4727 crypto_priv = (struct wlan_crypto_comp_priv *) 4728 wlan_get_vdev_crypto_obj(vdev); 4729 4730 if (!crypto_priv) { 4731 crypto_err("crypto_priv NULL"); 4732 return; 4733 } 4734 4735 crypto_params = &crypto_priv->crypto_params; 4736 4737 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 4738 if (!crypto_params->pmksa[i]) 4739 continue; 4740 if (qdf_is_macaddr_equal(&roam_sync_pmksa->bssid, 4741 &crypto_params->pmksa[i]->bssid) && 4742 roam_sync_pmksa->single_pmk_supported && 4743 roam_sync_pmksa->pmk_len) { 4744 crypto_params->pmksa[i]->single_pmk_supported = 4745 roam_sync_pmksa->single_pmk_supported; 4746 crypto_params->pmksa[i]->pmk_len = 4747 roam_sync_pmksa->pmk_len; 4748 qdf_mem_copy(crypto_params->pmksa[i]->pmk, 4749 roam_sync_pmksa->pmk, 4750 roam_sync_pmksa->pmk_len); 4751 } 4752 } 4753 } 4754 4755 #endif 4756 4757 void wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev *vdev) 4758 { 4759 struct wlan_crypto_comp_priv *crypto_priv; 4760 4761 crypto_debug("reset params for vdev %d", wlan_vdev_get_id(vdev)); 4762 crypto_priv = (struct wlan_crypto_comp_priv *) 4763 wlan_get_vdev_crypto_obj(vdev); 4764 4765 if (!crypto_priv) { 4766 crypto_err("crypto_priv NULL"); 4767 return; 4768 } 4769 4770 wlan_crypto_reset_prarams(&crypto_priv->crypto_params); 4771 } 4772 4773 QDF_STATUS wlan_crypto_psoc_enable(struct wlan_objmgr_psoc *psoc) 4774 { 4775 struct wlan_lmac_if_tx_ops *tx_ops; 4776 4777 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4778 if (!tx_ops) { 4779 crypto_err("tx_ops is NULL"); 4780 return QDF_STATUS_E_FAILURE; 4781 } 4782 4783 if (WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)) 4784 return WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)(psoc); 4785 4786 return QDF_STATUS_E_FAILURE; 4787 } 4788 4789 QDF_STATUS wlan_crypto_psoc_disable(struct wlan_objmgr_psoc *psoc) 4790 { 4791 struct wlan_lmac_if_tx_ops *tx_ops; 4792 4793 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4794 if (!tx_ops) { 4795 crypto_err("tx_ops is NULL"); 4796 return QDF_STATUS_E_FAILURE; 4797 } 4798 4799 if (WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)) 4800 return WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)(psoc); 4801 4802 return QDF_STATUS_E_FAILURE; 4803 } 4804 #endif 4805 4806 #ifdef WLAN_FEATURE_FILS_SK 4807 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len, 4808 uint8_t *rik, uint32_t *rik_len) 4809 { 4810 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN]; 4811 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL; 4812 QDF_STATUS status; 4813 4814 if (!rrk || !rik) { 4815 crypto_err("FILS rrk/rik NULL"); 4816 return QDF_STATUS_E_FAILURE; 4817 } 4818 4819 optional_data[0] = HMAC_SHA256_128; 4820 /* basic validation */ 4821 if (rrk_len <= 0) { 4822 crypto_err("invalid r_rk length %d", rrk_len); 4823 return QDF_STATUS_E_FAILURE; 4824 } 4825 4826 wlan_crypto_put_be16(&optional_data[1], rrk_len); 4827 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data, 4828 sizeof(optional_data), rik, 4829 rrk_len); 4830 if (QDF_IS_STATUS_ERROR(status)) { 4831 crypto_err("failed to create rik"); 4832 return status; 4833 } 4834 *rik_len = rrk_len; 4835 4836 return QDF_STATUS_SUCCESS; 4837 } 4838 #endif /* WLAN_FEATURE_FILS_SK */ 4839 4840 #if defined(WIFI_POS_CONVERGED) && defined(WLAN_FEATURE_RTT_11AZ_SUPPORT) 4841 QDF_STATUS 4842 wlan_crypto_set_ltf_keyseed(struct wlan_objmgr_psoc *psoc, 4843 struct wlan_crypto_ltf_keyseed_data *data) 4844 { 4845 QDF_STATUS status = QDF_STATUS_SUCCESS; 4846 struct wlan_lmac_if_tx_ops *tx_ops; 4847 4848 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4849 if (!tx_ops) { 4850 crypto_err("tx_ops is NULL"); 4851 return QDF_STATUS_E_INVAL; 4852 } 4853 4854 if (WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)) 4855 status = WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)(psoc, data); 4856 4857 return status; 4858 } 4859 #endif 4860 4861 QDF_STATUS 4862 wlan_crypto_vdev_set_param(struct wlan_objmgr_psoc *psoc, uint32_t vdev_id, 4863 uint32_t param_id, uint32_t param_value) 4864 { 4865 QDF_STATUS status = QDF_STATUS_SUCCESS; 4866 struct wlan_lmac_if_tx_ops *tx_ops; 4867 4868 tx_ops = wlan_psoc_get_lmac_if_txops(psoc); 4869 if (!tx_ops) { 4870 crypto_err("tx_ops is NULL"); 4871 return QDF_STATUS_E_INVAL; 4872 } 4873 4874 if (WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops)) 4875 status = WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops) (psoc, 4876 vdev_id, 4877 param_id, 4878 param_value); 4879 4880 return status; 4881 } 4882