1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 #include <qdf_types.h> 23 #include <wlan_cmn.h> 24 #include <wlan_objmgr_cmn.h> 25 #include <wlan_objmgr_global_obj.h> 26 #include <wlan_objmgr_psoc_obj.h> 27 #include <wlan_objmgr_pdev_obj.h> 28 #include <wlan_objmgr_vdev_obj.h> 29 #include <wlan_objmgr_peer_obj.h> 30 31 #include "wlan_crypto_global_def.h" 32 #include "wlan_crypto_global_api.h" 33 #include "wlan_crypto_def_i.h" 34 #include "wlan_crypto_param_handling_i.h" 35 #include "wlan_crypto_obj_mgr_i.h" 36 37 #include <qdf_module.h> 38 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 /** 43 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 44 * @vdev:vdev 45 * 46 * This function gets called by mlme to get crypto params 47 * 48 * Return: wlan_crypto_params or NULL in case of failure 49 */ 50 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 51 struct wlan_objmgr_vdev *vdev, 52 struct wlan_crypto_comp_priv **crypto_priv){ 53 *crypto_priv = (struct wlan_crypto_comp_priv *) 54 wlan_get_vdev_crypto_obj(vdev); 55 if (*crypto_priv == NULL) { 56 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 57 return NULL; 58 } 59 60 return &((*crypto_priv)->crypto_params); 61 } 62 63 /** 64 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 65 * @peer:peer 66 * 67 * This function gets called by mlme to get crypto params 68 * 69 * Return: wlan_crypto_params or NULL in case of failure 70 */ 71 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 72 struct wlan_objmgr_peer *peer, 73 struct wlan_crypto_comp_priv **crypto_priv){ 74 75 *crypto_priv = (struct wlan_crypto_comp_priv *) 76 wlan_get_peer_crypto_obj(peer); 77 if (*crypto_priv == NULL) { 78 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 79 return NULL; 80 } 81 82 return &((*crypto_priv)->crypto_params); 83 } 84 85 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 86 { 87 return QDF_STATUS_SUCCESS; 88 } 89 90 /** 91 * wlan_crypto_set_param - called by ucfg to set crypto param 92 * @crypto_params: crypto_params 93 * @param: param to be set. 94 * @value: value 95 * 96 * This function gets called from ucfg to set param 97 * 98 * Return: QDF_STATUS_SUCCESS - in case of success 99 */ 100 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 101 wlan_crypto_param_type param, 102 uint32_t value){ 103 QDF_STATUS status = QDF_STATUS_E_INVAL; 104 105 switch (param) { 106 case WLAN_CRYPTO_PARAM_AUTH_MODE: 107 status = wlan_crypto_set_authmode(crypto_params, value); 108 break; 109 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 110 status = wlan_crypto_set_ucastciphers(crypto_params, value); 111 break; 112 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 113 status = wlan_crypto_set_mcastcipher(crypto_params, value); 114 break; 115 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 116 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 117 break; 118 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 119 status = wlan_crypto_set_cipher_cap(crypto_params, value); 120 break; 121 case WLAN_CRYPTO_PARAM_RSN_CAP: 122 status = wlan_crypto_set_rsn_cap(crypto_params, value); 123 break; 124 case WLAN_CRYPTO_PARAM_KEY_MGMT: 125 status = wlan_crypto_set_key_mgmt(crypto_params, value); 126 break; 127 default: 128 status = QDF_STATUS_E_INVAL; 129 } 130 return status; 131 } 132 133 /** 134 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 135 * @vdev: vdev 136 * @param: param to be set. 137 * @value: value 138 * 139 * This function gets called from ucfg to set param 140 * 141 * Return: QDF_STATUS_SUCCESS - in case of success 142 */ 143 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 144 wlan_crypto_param_type param, 145 uint32_t value){ 146 QDF_STATUS status = QDF_STATUS_E_INVAL; 147 struct wlan_crypto_comp_priv *crypto_priv; 148 struct wlan_crypto_params *crypto_params; 149 150 crypto_priv = (struct wlan_crypto_comp_priv *) 151 wlan_get_vdev_crypto_obj(vdev); 152 153 if (crypto_priv == NULL) { 154 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 155 return QDF_STATUS_E_INVAL; 156 } 157 158 crypto_params = &(crypto_priv->crypto_params); 159 160 status = wlan_crypto_set_param(crypto_params, param, value); 161 162 return status; 163 } 164 165 /** 166 * wlan_crypto_set_param - called by ucfg to set crypto param 167 * 168 * @peer: peer 169 * @param: param to be set. 170 * @value: value 171 * 172 * This function gets called from ucfg to set param 173 * 174 * Return: QDF_STATUS_SUCCESS - in case of success 175 */ 176 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 177 wlan_crypto_param_type param, 178 uint32_t value){ 179 QDF_STATUS status = QDF_STATUS_E_INVAL; 180 struct wlan_crypto_comp_priv *crypto_priv; 181 struct wlan_crypto_params *crypto_params; 182 183 crypto_params = wlan_crypto_peer_get_comp_params(peer, 184 &crypto_priv); 185 186 if (crypto_priv == NULL) { 187 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 188 return QDF_STATUS_E_INVAL; 189 } 190 191 crypto_params = &(crypto_priv->crypto_params); 192 193 status = wlan_crypto_set_param(crypto_params, param, value); 194 195 return status; 196 } 197 198 /** 199 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 200 * @param: Crypto param type 201 * @crypto_params: Crypto params struct 202 * 203 * This function gets called from in-within crypto layer 204 * 205 * Return: value or -1 for failure 206 */ 207 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 208 struct wlan_crypto_params *crypto_params) 209 { 210 int32_t value = -1; 211 212 switch (param) { 213 case WLAN_CRYPTO_PARAM_AUTH_MODE: 214 value = wlan_crypto_get_authmode(crypto_params); 215 break; 216 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 217 value = wlan_crypto_get_ucastciphers(crypto_params); 218 break; 219 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 220 value = wlan_crypto_get_mcastcipher(crypto_params); 221 break; 222 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 223 value = wlan_crypto_get_mgmtciphers(crypto_params); 224 break; 225 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 226 value = wlan_crypto_get_cipher_cap(crypto_params); 227 break; 228 case WLAN_CRYPTO_PARAM_RSN_CAP: 229 value = wlan_crypto_get_rsn_cap(crypto_params); 230 break; 231 case WLAN_CRYPTO_PARAM_KEY_MGMT: 232 value = wlan_crypto_get_key_mgmt(crypto_params); 233 break; 234 default: 235 value = QDF_STATUS_E_INVAL; 236 } 237 238 return value; 239 } 240 241 /** 242 * wlan_crypto_get_param - called to get value for param from vdev 243 * @vdev: vdev 244 * @param: Crypto param type 245 * 246 * This function gets called to get value for param from vdev 247 * 248 * Return: value or -1 for failure 249 */ 250 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 251 wlan_crypto_param_type param) 252 { 253 int32_t value = -1; 254 struct wlan_crypto_comp_priv *crypto_priv; 255 struct wlan_crypto_params *crypto_params; 256 crypto_priv = (struct wlan_crypto_comp_priv *) 257 wlan_get_vdev_crypto_obj(vdev); 258 259 if (crypto_priv == NULL) { 260 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 261 return QDF_STATUS_E_INVAL; 262 } 263 264 crypto_params = &(crypto_priv->crypto_params); 265 value = wlan_crypto_get_param_value(param, crypto_params); 266 267 return value; 268 } 269 /** 270 * wlan_crypto_get_peer_param - called to get value for param from peer 271 * @peer: peer 272 * @param: Crypto param type 273 * 274 * This function gets called to get value for param from peer 275 * 276 * Return: value or -1 for failure 277 */ 278 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 279 wlan_crypto_param_type param) 280 { 281 int32_t value = -1; 282 struct wlan_crypto_comp_priv *crypto_priv; 283 struct wlan_crypto_params *crypto_params; 284 285 crypto_params = wlan_crypto_peer_get_comp_params(peer, 286 &crypto_priv); 287 288 if (crypto_params == NULL) { 289 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 290 return QDF_STATUS_E_INVAL; 291 } 292 value = wlan_crypto_get_param_value(param, crypto_params); 293 294 return value; 295 } 296 qdf_export_symbol(wlan_crypto_get_peer_param); 297 /** 298 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 299 * @vdev: vdev 300 * @peer: peer 301 * 302 * This function gets called to check is HT allowed for cipher. 303 * HT is not allowed for wep and tkip. 304 * 305 * Return: 0 - not allowed or 1 - allowed 306 */ 307 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 308 struct wlan_objmgr_peer *peer) 309 { 310 int32_t ucast_cipher; 311 312 if (!(vdev || peer)) { 313 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 314 return 0; 315 } 316 317 if (vdev) 318 ucast_cipher = wlan_crypto_get_param(vdev, 319 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 320 else 321 ucast_cipher = wlan_crypto_get_peer_param(peer, 322 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 323 324 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 325 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 326 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 327 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 328 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 329 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 330 } 331 qdf_export_symbol(wlan_crypto_is_htallowed); 332 333 /** 334 * wlan_crypto_setkey - called by ucfg to setkey 335 * @vdev: vdev 336 * @req_key: req_key with cipher type, key macaddress 337 * 338 * This function gets called from ucfg to sey key 339 * 340 * Return: QDF_STATUS_SUCCESS - in case of success 341 */ 342 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 343 struct wlan_crypto_req_key *req_key){ 344 345 QDF_STATUS status = QDF_STATUS_E_INVAL; 346 struct wlan_crypto_comp_priv *crypto_priv; 347 struct wlan_crypto_params *crypto_params; 348 struct wlan_objmgr_psoc *psoc; 349 struct wlan_objmgr_peer *peer; 350 struct wlan_crypto_key *key = NULL; 351 const struct wlan_crypto_cipher *cipher; 352 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 353 bool isbcast; 354 enum QDF_OPMODE vdev_mode; 355 uint8_t igtk_idx = 0; 356 357 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 358 qdf_print("%s[%d] Invalid params vdev%pK, req_key%pK\n", 359 __func__, __LINE__, vdev, req_key); 360 return QDF_STATUS_E_INVAL; 361 } 362 363 isbcast = qdf_is_macaddr_group( 364 (struct qdf_mac_addr *)req_key->macaddr); 365 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 366 /* zero length keys, only set default key id if flags are set*/ 367 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 368 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 369 && (!IS_MGMT_CIPHER(req_key->type))) { 370 wlan_crypto_default_key(vdev, 371 req_key->macaddr, 372 req_key->keyix, 373 !isbcast); 374 return QDF_STATUS_SUCCESS; 375 } 376 qdf_print("%s[%d] req_key len zero\n", __func__, __LINE__); 377 return QDF_STATUS_E_INVAL; 378 } 379 380 cipher = wlan_crypto_cipher_ops[req_key->type]; 381 382 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 383 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 384 return QDF_STATUS_E_INVAL; 385 } 386 387 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 388 (!IS_MGMT_CIPHER(req_key->type)) && 389 ((req_key->keylen != (cipher->keylen / NBBY)) && 390 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 391 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 392 return QDF_STATUS_E_INVAL; 393 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 394 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 395 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 396 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 397 qdf_print("%s[%d] wep key len invalid\n", __func__, __LINE__); 398 return QDF_STATUS_E_INVAL; 399 } 400 401 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 402 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 403 | WLAN_CRYPTO_KEY_RECV)) { 404 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 405 | WLAN_CRYPTO_KEY_RECV); 406 } 407 } else { 408 if ((req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX) 409 && (!IS_MGMT_CIPHER(req_key->type))) { 410 return QDF_STATUS_E_INVAL; 411 } 412 413 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 414 | WLAN_CRYPTO_KEY_RECV); 415 if (isbcast) 416 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 417 } 418 419 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 420 421 wlan_vdev_obj_lock(vdev); 422 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 423 psoc = wlan_vdev_get_psoc(vdev); 424 if (!psoc) { 425 wlan_vdev_obj_unlock(vdev); 426 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 427 return QDF_STATUS_E_INVAL; 428 } 429 wlan_vdev_obj_unlock(vdev); 430 431 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 432 if (wlan_crypto_vdev_has_auth_mode(vdev, 433 (1 << WLAN_CRYPTO_AUTH_8021X))) { 434 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 435 } 436 } 437 438 if (isbcast) { 439 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 440 &crypto_priv); 441 if (crypto_priv == NULL) { 442 qdf_print("%s[%d] crypto_priv NULL\n", 443 __func__, __LINE__); 444 return QDF_STATUS_E_INVAL; 445 } 446 447 if (IS_MGMT_CIPHER(req_key->type)) { 448 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 449 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 450 qdf_print("%s[%d] igtk key invalid keyid %d \n", 451 __func__, __LINE__, igtk_idx); 452 return QDF_STATUS_E_INVAL; 453 } 454 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 455 if (key == NULL) { 456 qdf_print("%s[%d] igtk key alloc failed\n", 457 __func__, __LINE__); 458 return QDF_STATUS_E_NOMEM; 459 } 460 461 if (crypto_priv->igtk_key[igtk_idx]) 462 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 463 464 crypto_priv->igtk_key[igtk_idx] = key; 465 crypto_priv->igtk_key_type = req_key->type; 466 crypto_priv->def_igtk_tx_keyid = igtk_idx; 467 } else { 468 if (IS_FILS_CIPHER(req_key->type)) { 469 qdf_print(FL( 470 "FILS key is not for BroadCast packet\n")); 471 return QDF_STATUS_E_INVAL; 472 } 473 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 474 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 475 return QDF_STATUS_E_INVAL; 476 } 477 if (!crypto_priv->key[req_key->keyix]) { 478 crypto_priv->key[req_key->keyix] 479 = qdf_mem_malloc( 480 sizeof(struct wlan_crypto_key)); 481 if (!crypto_priv->key[req_key->keyix]) 482 return QDF_STATUS_E_NOMEM; 483 } 484 key = crypto_priv->key[req_key->keyix]; 485 } 486 if (vdev_mode == QDF_STA_MODE) { 487 peer = wlan_vdev_get_bsspeer(vdev); 488 if (!(peer && (QDF_STATUS_SUCCESS 489 == wlan_objmgr_peer_try_get_ref(peer, 490 WLAN_CRYPTO_ID)))) { 491 qdf_print("%s[%d] peer %pK failed\n", 492 __func__, __LINE__, peer); 493 if (IS_MGMT_CIPHER(req_key->type)) { 494 crypto_priv->igtk_key[igtk_idx] = NULL; 495 crypto_priv->igtk_key_type 496 = WLAN_CRYPTO_CIPHER_NONE; 497 } else 498 crypto_priv->key[req_key->keyix] = NULL; 499 if (key) 500 qdf_mem_free(key); 501 return QDF_STATUS_E_INVAL; 502 } 503 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 504 WLAN_ALEN); 505 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 506 } 507 } else { 508 uint8_t pdev_id; 509 510 pdev_id = wlan_objmgr_pdev_get_pdev_id( 511 wlan_vdev_get_pdev(vdev)); 512 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 513 psoc, 514 pdev_id, 515 macaddr, 516 req_key->macaddr, 517 WLAN_CRYPTO_ID); 518 519 if (peer == NULL) { 520 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 521 return QDF_STATUS_E_INVAL; 522 } 523 524 qdf_mem_copy(macaddr, req_key->macaddr, WLAN_ALEN); 525 crypto_params = wlan_crypto_peer_get_comp_params(peer, 526 &crypto_priv); 527 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 528 529 if (crypto_priv == NULL) { 530 qdf_print("%s[%d] crypto_priv NULL\n", 531 __func__, __LINE__); 532 return QDF_STATUS_E_INVAL; 533 } 534 if (IS_MGMT_CIPHER(req_key->type)) { 535 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 536 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 537 qdf_print("%s[%d] igtk key invalid keyid %d \n", 538 __func__, __LINE__, igtk_idx); 539 return QDF_STATUS_E_INVAL; 540 } 541 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 542 if (key == NULL) { 543 qdf_print("%s[%d] igtk key alloc failed\n", 544 __func__, __LINE__); 545 return QDF_STATUS_E_NOMEM; 546 } 547 if (crypto_priv->igtk_key[igtk_idx]) 548 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 549 550 crypto_priv->igtk_key[igtk_idx] = key; 551 crypto_priv->igtk_key_type = req_key->type; 552 crypto_priv->def_igtk_tx_keyid = igtk_idx; 553 } else { 554 uint16_t kid = req_key->keyix; 555 if (kid == WLAN_CRYPTO_KEYIX_NONE) 556 kid = 0; 557 if (kid >= WLAN_CRYPTO_MAXKEYIDX) { 558 qdf_print("%s[%d] invalid keyid %d \n", 559 __func__, __LINE__, kid); 560 return QDF_STATUS_E_INVAL; 561 } 562 if (!crypto_priv->key[kid]) { 563 crypto_priv->key[kid] 564 = qdf_mem_malloc( 565 sizeof(struct wlan_crypto_key)); 566 if (!crypto_priv->key[kid]) 567 return QDF_STATUS_E_NOMEM; 568 } 569 key = crypto_priv->key[kid]; 570 } 571 } 572 573 /* alloc key might not required as it is already there */ 574 key->cipher_table = (void *)cipher; 575 key->keylen = req_key->keylen; 576 key->flags = req_key->flags; 577 578 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 579 key->keyix = 0; 580 else 581 key->keyix = req_key->keyix; 582 583 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 584 && (!IS_MGMT_CIPHER(req_key->type))) { 585 crypto_priv->def_tx_keyid = key->keyix; 586 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 587 } 588 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 589 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 590 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 591 0x5c, 0x36, 0x5c, 0x36, 592 0x5c, 0x36, 0x5c, 0x36, 593 0x5c, 0x36, 0x5c, 0x37}; 594 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 595 0x5c, 0x36, 0x5c, 0x36, 596 0x5c, 0x36, 0x5c, 0x36, 597 0x5c, 0x36, 0x5c, 0x36}; 598 599 /* During Tx PN should be increment and 600 * send but as per our implementation we increment only after 601 * Tx complete. So First packet PN check will be failed. 602 * To compensate increment the PN here by 2 603 */ 604 if (vdev_mode == QDF_SAP_MODE) { 605 iv_AP[15] += 2; 606 qdf_mem_copy(key->recviv, iv_STA, 607 WLAN_CRYPTO_WAPI_IV_SIZE); 608 qdf_mem_copy(key->txiv, iv_AP, 609 WLAN_CRYPTO_WAPI_IV_SIZE); 610 } else { 611 iv_STA[15] += 2; 612 qdf_mem_copy(key->recviv, iv_AP, 613 WLAN_CRYPTO_WAPI_IV_SIZE); 614 qdf_mem_copy(key->txiv, iv_STA, 615 WLAN_CRYPTO_WAPI_IV_SIZE); 616 } 617 } else { 618 uint8_t i = 0; 619 qdf_mem_copy((uint8_t *)(&key->keytsc), 620 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 621 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 622 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 623 (uint8_t *)(&req_key->keyrsc), 624 sizeof(key->keyrsc[0])); 625 } 626 } 627 628 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 629 key->valid = 1; 630 if ((IS_MGMT_CIPHER(req_key->type))) { 631 if (HAS_CIPHER_CAP(crypto_params, 632 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 633 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 634 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 635 key, macaddr, req_key->type); 636 } 637 } 638 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 639 status = wlan_crypto_set_igtk_key(key); 640 return status; 641 } else if (IS_FILS_CIPHER(req_key->type)) { 642 /* Take request key object to FILS setkey */ 643 key->private = req_key; 644 } else { 645 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 646 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 647 macaddr, req_key->type); 648 } 649 } 650 status = cipher->setkey(key); 651 652 return status; 653 } 654 655 /** 656 * wlan_crypto_get_keytype - get keytype 657 * @key: key 658 * 659 * This function gets keytype from key 660 * 661 * Return: keytype 662 */ 663 wlan_crypto_cipher_type wlan_crypto_get_key_type( 664 struct wlan_crypto_key *key){ 665 if (key && key->cipher_table) { 666 return ((struct wlan_crypto_cipher *) 667 (key->cipher_table))->cipher; 668 } 669 return WLAN_CRYPTO_CIPHER_NONE; 670 } 671 qdf_export_symbol(wlan_crypto_get_key_type); 672 /** 673 * wlan_crypto_vdev_getkey - get key from vdev 674 * @vdev: vdev 675 * @keyix: keyix 676 * 677 * This function gets key from vdev 678 * 679 * Return: key or NULL 680 */ 681 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 682 uint16_t keyix){ 683 struct wlan_crypto_comp_priv *crypto_priv; 684 struct wlan_crypto_params *crypto_params; 685 struct wlan_crypto_key *key = NULL; 686 687 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 688 689 if (crypto_priv == NULL) { 690 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 691 return NULL; 692 } 693 694 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 695 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 696 else 697 key = crypto_priv->key[keyix]; 698 699 if (key && key->valid) 700 return key; 701 702 return NULL; 703 } 704 qdf_export_symbol(wlan_crypto_vdev_getkey); 705 706 /** 707 * wlan_crypto_peer_getkey - get key from peer 708 * @peer: peer 709 * @keyix: keyix 710 * 711 * This function gets key from peer 712 * 713 * Return: key or NULL 714 */ 715 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 716 uint16_t keyix){ 717 struct wlan_crypto_comp_priv *crypto_priv; 718 struct wlan_crypto_params *crypto_params; 719 struct wlan_crypto_key *key = NULL; 720 721 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 722 723 if (crypto_priv == NULL) { 724 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 725 return NULL; 726 } 727 728 if (keyix == WLAN_CRYPTO_KEYIX_NONE || keyix >= WLAN_CRYPTO_MAXKEYIDX) 729 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 730 else 731 key = crypto_priv->key[keyix]; 732 733 if (key && key->valid) 734 return key; 735 736 return NULL; 737 } 738 qdf_export_symbol(wlan_crypto_peer_getkey); 739 740 /** 741 * wlan_crypto_getkey - called by ucfg to get key 742 * @vdev: vdev 743 * @req_key: key value will be copied in this req_key 744 * @mac_address: mac address of the peer for unicast key 745 * or broadcast address if group key is requested. 746 * 747 * This function gets called from ucfg to get key 748 * 749 * Return: QDF_STATUS_SUCCESS - in case of success 750 */ 751 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 752 struct wlan_crypto_req_key *req_key, 753 uint8_t *mac_addr){ 754 struct wlan_crypto_cipher *cipher_table; 755 struct wlan_crypto_key *key; 756 struct wlan_objmgr_psoc *psoc; 757 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 758 759 if ((req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 760 (req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX)) { 761 qdf_print("%s[%d] invalid keyix %d\n", __func__, __LINE__, 762 req_key->keyix); 763 return QDF_STATUS_E_INVAL; 764 } 765 766 wlan_vdev_obj_lock(vdev); 767 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 768 psoc = wlan_vdev_get_psoc(vdev); 769 if (!psoc) { 770 wlan_vdev_obj_unlock(vdev); 771 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 772 return QDF_STATUS_E_INVAL; 773 } 774 wlan_vdev_obj_unlock(vdev); 775 776 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 777 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 778 if (!key) 779 return QDF_STATUS_E_INVAL; 780 } else { 781 struct wlan_objmgr_peer *peer; 782 uint8_t pdev_id; 783 784 pdev_id = wlan_objmgr_pdev_get_pdev_id( 785 wlan_vdev_get_pdev(vdev)); 786 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 787 psoc, 788 pdev_id, 789 macaddr, 790 mac_addr, 791 WLAN_CRYPTO_ID); 792 if (peer == NULL) { 793 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 794 "%s[%d] peer NULL\n", __func__, __LINE__); 795 return QDF_STATUS_E_NOENT; 796 } 797 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 798 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 799 if (!key) 800 return QDF_STATUS_E_INVAL; 801 } 802 803 if (key->valid) { 804 qdf_mem_copy(req_key->keydata, 805 key->keyval, key->keylen); 806 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 807 (uint8_t *)(&key->keytsc), 808 sizeof(req_key->keytsc)); 809 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 810 (uint8_t *)(&key->keyrsc[0]), 811 sizeof(req_key->keyrsc)); 812 req_key->keylen = key->keylen; 813 req_key->flags = key->flags; 814 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 815 816 if (!cipher_table) 817 return QDF_STATUS_SUCCESS; 818 819 req_key->type = cipher_table->cipher; 820 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 821 qdf_mem_copy((uint8_t *)(&req_key->txiv), 822 (uint8_t *)(key->txiv), 823 sizeof(req_key->txiv)); 824 qdf_mem_copy((uint8_t *)(&req_key->recviv), 825 (uint8_t *)(key->recviv), 826 sizeof(req_key->recviv)); 827 } 828 } 829 830 return QDF_STATUS_SUCCESS; 831 } 832 833 /** 834 * wlan_crypto_delkey - called by ucfg to delete key 835 * @vdev: vdev 836 * @mac_address: mac address of the peer for unicast key 837 * or broadcast address if group key is deleted. 838 * @key_idx: key index to be deleted 839 * 840 * This function gets called from ucfg to delete key 841 * 842 * Return: QDF_STATUS_SUCCESS - in case of success 843 */ 844 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 845 uint8_t *macaddr, 846 uint8_t key_idx){ 847 struct wlan_crypto_comp_priv *crypto_priv; 848 struct wlan_crypto_params *crypto_params; 849 struct wlan_crypto_key *key; 850 struct wlan_crypto_cipher *cipher_table; 851 struct wlan_objmgr_psoc *psoc; 852 uint8_t bssid_mac[WLAN_ALEN]; 853 854 if (!vdev || !macaddr || 855 (key_idx >= 856 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 857 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 858 "%s[%d] Invalid params vdev %pK, macaddr %pK" 859 "keyidx %d\n", __func__, __LINE__, vdev, 860 macaddr, key_idx); 861 return QDF_STATUS_E_INVAL; 862 } 863 864 wlan_vdev_obj_lock(vdev); 865 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 866 psoc = wlan_vdev_get_psoc(vdev); 867 if (!psoc) { 868 wlan_vdev_obj_unlock(vdev); 869 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 870 return QDF_STATUS_E_INVAL; 871 } 872 wlan_vdev_obj_unlock(vdev); 873 874 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 875 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 876 &crypto_priv); 877 if (crypto_priv == NULL) { 878 qdf_print("%s[%d] crypto_priv NULL\n", 879 __func__, __LINE__); 880 return QDF_STATUS_E_INVAL; 881 } 882 } else { 883 struct wlan_objmgr_peer *peer; 884 uint8_t pdev_id; 885 886 pdev_id = wlan_objmgr_pdev_get_pdev_id( 887 wlan_vdev_get_pdev(vdev)); 888 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 889 psoc, pdev_id, 890 bssid_mac, 891 macaddr, 892 WLAN_CRYPTO_ID); 893 if (peer == NULL) { 894 return QDF_STATUS_E_INVAL; 895 } 896 crypto_params = wlan_crypto_peer_get_comp_params(peer, 897 &crypto_priv); 898 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 899 if (crypto_priv == NULL) { 900 qdf_print("%s[%d] crypto_priv NULL\n", 901 __func__, __LINE__); 902 return QDF_STATUS_E_INVAL; 903 } 904 } 905 906 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 907 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 908 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 909 qdf_print("%s[%d] Igtk key invalid keyid %d\n", 910 __func__, __LINE__, igtk_idx); 911 return QDF_STATUS_E_INVAL; 912 } 913 key = crypto_priv->igtk_key[igtk_idx]; 914 crypto_priv->igtk_key[igtk_idx] = NULL; 915 if (key) 916 key->valid = 0; 917 } else { 918 key = crypto_priv->key[key_idx]; 919 crypto_priv->key[key_idx] = NULL; 920 } 921 922 if (!key) 923 return QDF_STATUS_E_INVAL; 924 925 if (key->valid) { 926 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 927 928 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 929 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 930 macaddr, cipher_table->cipher); 931 } 932 } 933 qdf_mem_free(key); 934 935 return QDF_STATUS_SUCCESS; 936 } 937 938 /** 939 * wlan_crypto_default_key - called by ucfg to set default tx key 940 * @vdev: vdev 941 * @mac_address: mac address of the peer for unicast key 942 * or broadcast address if group key need to made default. 943 * @key_idx: key index to be made as default key 944 * @unicast: is key was unicast or group key. 945 * 946 * This function gets called from ucfg to set default key 947 * 948 * Return: QDF_STATUS_SUCCESS - in case of success 949 */ 950 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 951 uint8_t *macaddr, 952 uint8_t key_idx, 953 bool unicast){ 954 struct wlan_crypto_comp_priv *crypto_priv; 955 struct wlan_crypto_params *crypto_params; 956 struct wlan_crypto_key *key; 957 struct wlan_objmgr_psoc *psoc; 958 uint8_t bssid_mac[WLAN_ALEN]; 959 960 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 961 qdf_print("%s[%d] Invalid params vdev %pK, macaddr %pK" 962 "keyidx %d\n", __func__, __LINE__, 963 vdev, macaddr, key_idx); 964 return QDF_STATUS_E_INVAL; 965 } 966 967 wlan_vdev_obj_lock(vdev); 968 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 969 psoc = wlan_vdev_get_psoc(vdev); 970 if (!psoc) { 971 wlan_vdev_obj_unlock(vdev); 972 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 973 return QDF_STATUS_E_INVAL; 974 } 975 wlan_vdev_obj_unlock(vdev); 976 977 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 978 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 979 &crypto_priv); 980 if (crypto_priv == NULL) { 981 qdf_print("%s[%d] crypto_priv NULL\n", 982 __func__, __LINE__); 983 return QDF_STATUS_E_INVAL; 984 } 985 986 key = crypto_priv->key[key_idx]; 987 if (!key) 988 return QDF_STATUS_E_INVAL; 989 } else { 990 struct wlan_objmgr_peer *peer; 991 uint8_t pdev_id; 992 993 pdev_id = wlan_objmgr_pdev_get_pdev_id( 994 wlan_vdev_get_pdev(vdev)); 995 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 996 psoc, pdev_id, 997 bssid_mac, 998 macaddr, 999 WLAN_CRYPTO_ID); 1000 1001 if (peer == NULL) { 1002 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1003 return QDF_STATUS_E_INVAL; 1004 } 1005 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1006 &crypto_priv); 1007 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1008 if (crypto_priv == NULL) { 1009 qdf_print("%s[%d] crypto_priv NULL\n", 1010 __func__, __LINE__); 1011 return QDF_STATUS_E_INVAL; 1012 } 1013 1014 key = crypto_priv->key[key_idx]; 1015 if (!key) 1016 return QDF_STATUS_E_INVAL; 1017 } 1018 if (!key->valid) 1019 return QDF_STATUS_E_INVAL; 1020 1021 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1022 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1023 macaddr); 1024 } 1025 crypto_priv->def_tx_keyid = key_idx; 1026 1027 return QDF_STATUS_SUCCESS; 1028 } 1029 1030 /** 1031 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1032 * @vdev: vdev 1033 * @wbuf: wbuf 1034 * @macaddr: macaddr 1035 * @encapdone: is encapdone already or not. 1036 * 1037 * This function gets called from mgmt txrx to encap frame. 1038 * 1039 * Return: QDF_STATUS_SUCCESS - in case of success 1040 */ 1041 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1042 qdf_nbuf_t wbuf, 1043 uint8_t *mac_addr, 1044 uint8_t encapdone){ 1045 struct wlan_crypto_comp_priv *crypto_priv; 1046 struct wlan_crypto_params *crypto_params; 1047 struct wlan_crypto_key *key; 1048 QDF_STATUS status; 1049 struct wlan_crypto_cipher *cipher_table; 1050 struct wlan_objmgr_psoc *psoc; 1051 struct wlan_objmgr_peer *peer; 1052 uint8_t bssid_mac[WLAN_ALEN]; 1053 uint8_t pdev_id; 1054 1055 wlan_vdev_obj_lock(vdev); 1056 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1057 psoc = wlan_vdev_get_psoc(vdev); 1058 if (!psoc) { 1059 wlan_vdev_obj_unlock(vdev); 1060 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1061 return QDF_STATUS_E_INVAL; 1062 } 1063 wlan_vdev_obj_unlock(vdev); 1064 1065 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1066 /* FILS Encap required only for (Re-)Assoc response */ 1067 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1068 1069 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1070 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1071 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1072 return QDF_STATUS_E_INVAL; 1073 } 1074 1075 if (peer) 1076 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1077 1078 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1079 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1080 &crypto_priv); 1081 if (crypto_priv == NULL) { 1082 qdf_print("%s[%d] crypto_priv NULL\n", 1083 __func__, __LINE__); 1084 return QDF_STATUS_E_INVAL; 1085 } 1086 1087 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1088 if (!key) 1089 return QDF_STATUS_E_INVAL; 1090 1091 } else { 1092 struct wlan_objmgr_peer *peer; 1093 uint8_t pdev_id; 1094 1095 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1096 wlan_vdev_get_pdev(vdev)); 1097 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1098 bssid_mac, mac_addr, 1099 WLAN_CRYPTO_ID); 1100 1101 if (peer == NULL) { 1102 qdf_print("%s[%d] crypto_priv NULL\n", 1103 __func__, __LINE__); 1104 return QDF_STATUS_E_INVAL; 1105 } 1106 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1107 &crypto_priv); 1108 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1109 1110 if (crypto_priv == NULL) { 1111 qdf_print("%s[%d] crypto_priv NULL\n", 1112 __func__, __LINE__); 1113 return QDF_STATUS_E_INVAL; 1114 } 1115 1116 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1117 if (!key) 1118 return QDF_STATUS_E_INVAL; 1119 } 1120 /* if tkip, is counter measures enabled, then drop the frame */ 1121 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1122 status = cipher_table->encap(key, wbuf, encapdone, 1123 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1124 1125 return status; 1126 } 1127 qdf_export_symbol(wlan_crypto_encap); 1128 1129 /** 1130 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1131 * @vdev: vdev 1132 * @wbuf: wbuf 1133 * @macaddr: macaddr 1134 * @tid: tid of the frame 1135 * 1136 * This function gets called from mgmt txrx to decap frame. 1137 * 1138 * Return: QDF_STATUS_SUCCESS - in case of success 1139 */ 1140 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1141 qdf_nbuf_t wbuf, 1142 uint8_t *mac_addr, 1143 uint8_t tid){ 1144 struct wlan_crypto_comp_priv *crypto_priv; 1145 struct wlan_crypto_params *crypto_params; 1146 struct wlan_crypto_key *key; 1147 QDF_STATUS status; 1148 struct wlan_crypto_cipher *cipher_table; 1149 struct wlan_objmgr_psoc *psoc; 1150 struct wlan_objmgr_peer *peer; 1151 uint8_t bssid_mac[WLAN_ALEN]; 1152 uint8_t keyid; 1153 uint8_t pdev_id; 1154 1155 wlan_vdev_obj_lock(vdev); 1156 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1157 psoc = wlan_vdev_get_psoc(vdev); 1158 if (!psoc) { 1159 wlan_vdev_obj_unlock(vdev); 1160 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1161 return QDF_STATUS_E_INVAL; 1162 } 1163 wlan_vdev_obj_unlock(vdev); 1164 1165 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf)); 1166 1167 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1168 return QDF_STATUS_E_INVAL; 1169 1170 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1171 /* FILS Decap required only for (Re-)Assoc request */ 1172 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1173 1174 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1175 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1176 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1177 return QDF_STATUS_E_INVAL; 1178 } 1179 1180 if (peer) 1181 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1182 1183 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1184 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1185 &crypto_priv); 1186 if (crypto_priv == NULL) { 1187 qdf_print("%s[%d] crypto_priv NULL\n", 1188 __func__, __LINE__); 1189 return QDF_STATUS_E_INVAL; 1190 } 1191 1192 key = crypto_priv->key[keyid]; 1193 if (!key) 1194 return QDF_STATUS_E_INVAL; 1195 1196 } else { 1197 struct wlan_objmgr_peer *peer; 1198 uint8_t pdev_id; 1199 1200 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1201 wlan_vdev_get_pdev(vdev)); 1202 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1203 psoc, pdev_id, bssid_mac, 1204 mac_addr, WLAN_CRYPTO_ID); 1205 if (peer == NULL) { 1206 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1207 return QDF_STATUS_E_INVAL; 1208 } 1209 1210 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1211 &crypto_priv); 1212 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1213 1214 if (crypto_priv == NULL) { 1215 qdf_print("%s[%d] crypto_priv NULL\n", 1216 __func__, __LINE__); 1217 return QDF_STATUS_E_INVAL; 1218 } 1219 1220 key = crypto_priv->key[keyid]; 1221 if (!key) 1222 return QDF_STATUS_E_INVAL; 1223 } 1224 /* if tkip, is counter measures enabled, then drop the frame */ 1225 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1226 status = cipher_table->decap(key, wbuf, tid, 1227 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1228 1229 return status; 1230 } 1231 qdf_export_symbol(wlan_crypto_decap); 1232 /** 1233 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1234 * @vdev: vdev 1235 * @wbuf: wbuf 1236 * @macaddr: macaddr 1237 * @encapdone: is encapdone already or not. 1238 * 1239 * This function gets called from mgmt txrx to adding mic to the frame. 1240 * 1241 * Return: QDF_STATUS_SUCCESS - in case of success 1242 */ 1243 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1244 qdf_nbuf_t wbuf, 1245 uint8_t *mac_addr, 1246 uint8_t encapdone){ 1247 struct wlan_crypto_comp_priv *crypto_priv; 1248 struct wlan_crypto_params *crypto_params; 1249 struct wlan_crypto_key *key; 1250 QDF_STATUS status; 1251 struct wlan_crypto_cipher *cipher_table; 1252 struct wlan_objmgr_psoc *psoc; 1253 uint8_t bssid_mac[WLAN_ALEN]; 1254 1255 1256 wlan_vdev_obj_lock(vdev); 1257 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1258 psoc = wlan_vdev_get_psoc(vdev); 1259 if (!psoc) { 1260 wlan_vdev_obj_unlock(vdev); 1261 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1262 return QDF_STATUS_E_INVAL; 1263 } 1264 wlan_vdev_obj_unlock(vdev); 1265 1266 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1267 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1268 &crypto_priv); 1269 if (crypto_priv == NULL) { 1270 qdf_print("%s[%d] crypto_priv NULL\n", 1271 __func__, __LINE__); 1272 return QDF_STATUS_E_INVAL; 1273 } 1274 1275 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1276 if (!key) 1277 return QDF_STATUS_E_INVAL; 1278 1279 } else { 1280 struct wlan_objmgr_peer *peer; 1281 uint8_t pdev_id; 1282 1283 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1284 wlan_vdev_get_pdev(vdev)); 1285 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1286 psoc, pdev_id, bssid_mac, 1287 mac_addr, WLAN_CRYPTO_ID); 1288 if (peer == NULL) { 1289 qdf_print("%s[%d] crypto_priv NULL\n", 1290 __func__, __LINE__); 1291 return QDF_STATUS_E_INVAL; 1292 } 1293 1294 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1295 &crypto_priv); 1296 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1297 1298 if (crypto_priv == NULL) { 1299 qdf_print("%s[%d] crypto_priv NULL\n", 1300 __func__, __LINE__); 1301 return QDF_STATUS_E_INVAL; 1302 } 1303 1304 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1305 if (!key) 1306 return QDF_STATUS_E_INVAL; 1307 } 1308 /* if tkip, is counter measures enabled, then drop the frame */ 1309 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1310 status = cipher_table->enmic(key, wbuf, encapdone, 1311 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1312 1313 return status; 1314 } 1315 1316 /** 1317 * wlan_crypto_demic - called by mgmt for remove and check mic for 1318 * the frame based on cipher 1319 * @vdev: vdev 1320 * @wbuf: wbuf 1321 * @macaddr: macaddr 1322 * @tid: tid of the frame 1323 * 1324 * This function gets called from mgmt txrx to decap frame. 1325 * 1326 * Return: QDF_STATUS_SUCCESS - in case of success 1327 */ 1328 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1329 qdf_nbuf_t wbuf, 1330 uint8_t *mac_addr, 1331 uint8_t tid){ 1332 struct wlan_crypto_comp_priv *crypto_priv; 1333 struct wlan_crypto_params *crypto_params; 1334 struct wlan_crypto_key *key; 1335 QDF_STATUS status; 1336 struct wlan_crypto_cipher *cipher_table; 1337 struct wlan_objmgr_psoc *psoc; 1338 uint8_t bssid_mac[WLAN_ALEN]; 1339 1340 1341 wlan_vdev_obj_lock(vdev); 1342 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1343 psoc = wlan_vdev_get_psoc(vdev); 1344 if (!psoc) { 1345 wlan_vdev_obj_unlock(vdev); 1346 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1347 return QDF_STATUS_E_INVAL; 1348 } 1349 wlan_vdev_obj_unlock(vdev); 1350 1351 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1352 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1353 &crypto_priv); 1354 if (crypto_priv == NULL) { 1355 qdf_print("%s[%d] crypto_priv NULL\n", 1356 __func__, __LINE__); 1357 return QDF_STATUS_E_INVAL; 1358 } 1359 1360 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1361 if (!key) 1362 return QDF_STATUS_E_INVAL; 1363 1364 } else { 1365 struct wlan_objmgr_peer *peer; 1366 uint8_t pdev_id; 1367 1368 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1369 wlan_vdev_get_pdev(vdev)); 1370 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1371 psoc, pdev_id, bssid_mac, 1372 mac_addr, WLAN_CRYPTO_ID); 1373 if (peer == NULL) { 1374 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1375 return QDF_STATUS_E_INVAL; 1376 } 1377 1378 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1379 &crypto_priv); 1380 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1381 1382 if (crypto_priv == NULL) { 1383 qdf_print("%s[%d] crypto_priv NULL\n", 1384 __func__, __LINE__); 1385 return QDF_STATUS_E_INVAL; 1386 } 1387 1388 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1389 if (!key) 1390 return QDF_STATUS_E_INVAL; 1391 } 1392 /* if tkip, is counter measures enabled, then drop the frame */ 1393 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1394 status = cipher_table->demic(key, wbuf, tid, 1395 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1396 1397 return status; 1398 } 1399 1400 /** 1401 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1402 * @vdev: vdev 1403 * 1404 * This function gets called to check is pmf enabled or not in vdev. 1405 * 1406 * Return: true or false 1407 */ 1408 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1409 { 1410 1411 struct wlan_crypto_comp_priv *crypto_priv; 1412 struct wlan_crypto_params *vdev_crypto_params; 1413 1414 if (!vdev) 1415 return false; 1416 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1417 &crypto_priv); 1418 if (crypto_priv == NULL) { 1419 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1420 return QDF_STATUS_E_INVAL; 1421 } 1422 1423 if ((vdev_crypto_params->rsn_caps & 1424 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1425 || (vdev_crypto_params->rsn_caps & 1426 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1427 return true; 1428 } 1429 1430 return false; 1431 } 1432 /** 1433 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1434 * @vdev: vdev 1435 * @peer: peer 1436 * 1437 * This function gets called by mgmt txrx to check is pmf enabled or not. 1438 * 1439 * Return: true or false 1440 */ 1441 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1442 struct wlan_objmgr_peer *peer){ 1443 1444 struct wlan_crypto_comp_priv *crypto_priv; 1445 struct wlan_crypto_params *vdev_crypto_params; 1446 struct wlan_crypto_params *peer_crypto_params; 1447 1448 if (!vdev || !peer) 1449 return false; 1450 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1451 &crypto_priv); 1452 if (crypto_priv == NULL) { 1453 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1454 return QDF_STATUS_E_INVAL; 1455 } 1456 1457 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1458 &crypto_priv); 1459 if (crypto_priv == NULL) { 1460 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1461 return QDF_STATUS_E_INVAL; 1462 } 1463 if (((vdev_crypto_params->rsn_caps & 1464 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1465 (peer_crypto_params->rsn_caps & 1466 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1467 || (vdev_crypto_params->rsn_caps & 1468 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1469 return true; 1470 } 1471 1472 return false; 1473 } 1474 1475 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1476 { 1477 a[0] = b[5]; 1478 a[1] = b[4]; 1479 a[2] = b[3]; 1480 a[3] = b[2]; 1481 a[4] = b[1]; 1482 a[5] = b[0]; 1483 } 1484 1485 /** 1486 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1487 * @vdev: vdev 1488 * @bfrm: frame starting pointer 1489 * @len: length of the frame 1490 * 1491 * This function gets called by mgmt txrx to add mmie in frame 1492 * 1493 * Return: end of frame or NULL in case failure 1494 */ 1495 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1496 uint8_t *bfrm, 1497 uint32_t len) { 1498 struct wlan_crypto_key *key; 1499 struct wlan_crypto_mmie *mmie; 1500 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1501 struct ieee80211_hdr *hdr; 1502 uint32_t i, hdrlen, mic_len, aad_len; 1503 uint8_t mic[16]; 1504 struct wlan_crypto_comp_priv *crypto_priv; 1505 struct wlan_crypto_params *crypto_params; 1506 int32_t ret = -1; 1507 1508 if (!bfrm) { 1509 qdf_print("%s[%d] frame is NULL\n", __func__, __LINE__); 1510 return NULL; 1511 } 1512 1513 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1514 &crypto_priv); 1515 if (crypto_priv == NULL) { 1516 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1517 return NULL; 1518 } 1519 1520 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1521 qdf_print("%s[%d] igtk key invalid keyid %d \n", 1522 __func__, __LINE__, crypto_priv->def_igtk_tx_keyid); 1523 return NULL; 1524 } 1525 1526 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1527 if (!key) { 1528 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1529 return NULL; 1530 } 1531 mic_len = (crypto_priv->igtk_key_type 1532 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1533 1534 efrm = bfrm + len; 1535 aad_len = 20; 1536 hdrlen = sizeof(struct ieee80211_hdr); 1537 len += sizeof(struct wlan_crypto_mmie); 1538 1539 mmie = (struct wlan_crypto_mmie *) efrm; 1540 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1541 mmie->element_id = WLAN_ELEMID_MMIE; 1542 mmie->length = sizeof(*mmie) - 2; 1543 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1544 1545 mic_len = (crypto_priv->igtk_key_type 1546 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1547 if (mic_len == 8) { 1548 mmie->length -= 8; 1549 len -= 8; 1550 } 1551 /* PN = PN + 1 */ 1552 pn = (uint8_t *)&key->keytsc; 1553 1554 for (i = 0; i <= 5; i++) { 1555 pn[i]++; 1556 if (pn[i]) 1557 break; 1558 } 1559 1560 /* Copy IPN */ 1561 qdf_mem_copy(mmie->sequence_number, pn, 6); 1562 1563 hdr = (struct ieee80211_hdr *) bfrm; 1564 1565 buf = qdf_mem_malloc(len - hdrlen + 20); 1566 if (!buf) { 1567 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1568 return NULL; 1569 } 1570 qdf_mem_zero(buf, len - hdrlen + 20); 1571 aad = buf; 1572 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1573 1574 /* FC type/subtype */ 1575 aad[0] = hdr->frame_control & 0xff; 1576 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1577 aad[1] = (hdr->frame_control & ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT 1578 | WLAN_FC_MOREDATA)) >> 8; 1579 /* A1 || A2 || A3 */ 1580 qdf_mem_copy(aad + 2, hdr->addr1, WLAN_ALEN); 1581 qdf_mem_copy(aad + 8, hdr->addr2, WLAN_ALEN); 1582 qdf_mem_copy(aad + 14, hdr->addr3, WLAN_ALEN); 1583 qdf_mem_zero(mic, 16); 1584 1585 /* 1586 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1587 */ 1588 1589 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1590 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1591 1592 ret = omac1_aes_128(key->keyval, buf, 1593 len + aad_len - hdrlen, mic); 1594 qdf_mem_copy(mmie->mic, mic, 8); 1595 1596 } else if (crypto_priv->igtk_key_type 1597 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1598 1599 ret = omac1_aes_256(key->keyval, buf, 1600 len + aad_len - hdrlen, mmie->mic); 1601 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1602 || (crypto_priv->igtk_key_type 1603 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1604 1605 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1606 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1607 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1608 sizeof(nounce), buf, 1609 len + aad_len - hdrlen, mmie->mic); 1610 } 1611 qdf_mem_free(buf); 1612 if (ret < 0) { 1613 qdf_print("%s[%d] add mmie failed\n", __func__, __LINE__); 1614 return NULL; 1615 } 1616 1617 return bfrm + len; 1618 } 1619 1620 /** 1621 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1622 * @vdev: vdev 1623 * @frm: frame starting pointer 1624 * @efrm: end of frame pointer 1625 * 1626 * This function gets called by mgmt txrx to check mmie of the frame 1627 * 1628 * Return: true or false 1629 */ 1630 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1631 uint8_t *frm, 1632 uint8_t *efrm){ 1633 struct wlan_crypto_mmie *mmie = NULL; 1634 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1635 struct wlan_crypto_key *key; 1636 struct ieee80211_hdr *hdr; 1637 uint16_t mic_len, hdrlen, len; 1638 struct wlan_crypto_comp_priv *crypto_priv; 1639 struct wlan_crypto_params *crypto_params; 1640 uint8_t aad_len = 20; 1641 int32_t ret = -1; 1642 1643 /* check if frame is illegal length */ 1644 if (!frm || !efrm || (efrm < frm) 1645 || ((efrm - frm) < sizeof(struct ieee80211_hdr))) { 1646 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 1647 return false; 1648 } 1649 len = efrm - frm; 1650 crypto_priv = (struct wlan_crypto_comp_priv *) 1651 wlan_get_vdev_crypto_obj(vdev); 1652 if (crypto_priv == NULL) { 1653 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1654 return false; 1655 } 1656 1657 crypto_params = &(crypto_priv->crypto_params); 1658 1659 1660 mic_len = (crypto_priv->igtk_key_type 1661 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1662 hdrlen = sizeof(struct ieee80211_hdr); 1663 1664 if (mic_len == 8) 1665 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1666 else 1667 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1668 1669 1670 /* check Elem ID*/ 1671 if ((mmie == NULL) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1672 qdf_print("%s[%d] IE is not MMIE\n", __func__, __LINE__); 1673 return false; 1674 } 1675 1676 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1677 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1678 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1679 qdf_print("%s[%d] keyid not valid\n", __func__, __LINE__); 1680 return false; 1681 } 1682 1683 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1684 if (!key) { 1685 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1686 return false; 1687 } 1688 1689 /* validate ipn */ 1690 ipn = mmie->sequence_number; 1691 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1692 qdf_print("%s[%d] replay error\n", __func__, __LINE__); 1693 return false; 1694 } 1695 1696 buf = qdf_mem_malloc(len - hdrlen + 20); 1697 if (!buf) { 1698 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1699 return false; 1700 } 1701 aad = buf; 1702 1703 /* construct AAD */ 1704 hdr = (struct ieee80211_hdr *)frm; 1705 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1706 1707 /* FC type/subtype */ 1708 aad[0] = hdr->frame_control & 0xff; 1709 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1710 aad[1] = (hdr->frame_control & ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT 1711 | WLAN_FC_MOREDATA)) >> 8; 1712 /* A1 || A2 || A3 */ 1713 qdf_mem_copy(aad + 2, hdr->addr1, 3 * WLAN_ALEN); 1714 1715 /* 1716 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1717 */ 1718 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1719 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1720 qdf_mem_zero(mic, 16); 1721 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1722 ret = omac1_aes_128(key->keyval, buf, 1723 len - hdrlen + aad_len, mic); 1724 } else if (crypto_priv->igtk_key_type 1725 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1726 ret = omac1_aes_256(key->keyval, buf, 1727 len + aad_len - hdrlen, mic); 1728 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1729 || (crypto_priv->igtk_key_type 1730 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1731 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1732 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 1733 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1734 sizeof(nounce), buf, 1735 len + aad_len - hdrlen, mic); 1736 } 1737 1738 qdf_mem_free(buf); 1739 1740 if (ret < 0) { 1741 qdf_print("%s[%d] genarate mmie failed\n", __func__, __LINE__); 1742 return false; 1743 } 1744 1745 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 1746 qdf_print("%s[%d] mmie mismatch\n", __func__, __LINE__); 1747 /* MMIE MIC mismatch */ 1748 return false; 1749 } 1750 1751 /* Update the receive sequence number */ 1752 qdf_mem_copy(key->keyrsc, ipn, 6); 1753 qdf_print("%s[%d] mmie matched\n", __func__, __LINE__); 1754 1755 return true; 1756 } 1757 1758 1759 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 1760 { 1761 int32_t status = -1; 1762 1763 switch (cipher) { 1764 case WLAN_CRYPTO_CIPHER_TKIP: 1765 return WPA_CIPHER_SUITE_TKIP; 1766 case WLAN_CRYPTO_CIPHER_AES_CCM: 1767 return WPA_CIPHER_SUITE_CCMP; 1768 case WLAN_CRYPTO_CIPHER_NONE: 1769 return WPA_CIPHER_SUITE_NONE; 1770 } 1771 1772 return status; 1773 } 1774 1775 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 1776 { 1777 int32_t status = -1; 1778 1779 switch (cipher) { 1780 case WLAN_CRYPTO_CIPHER_TKIP: 1781 return RSN_CIPHER_SUITE_TKIP; 1782 case WLAN_CRYPTO_CIPHER_AES_CCM: 1783 return RSN_CIPHER_SUITE_CCMP; 1784 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 1785 return RSN_CIPHER_SUITE_CCMP_256; 1786 case WLAN_CRYPTO_CIPHER_AES_GCM: 1787 return RSN_CIPHER_SUITE_GCMP; 1788 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 1789 return RSN_CIPHER_SUITE_GCMP_256; 1790 case WLAN_CRYPTO_CIPHER_AES_CMAC: 1791 return RSN_CIPHER_SUITE_AES_CMAC; 1792 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 1793 return RSN_CIPHER_SUITE_BIP_CMAC_256; 1794 case WLAN_CRYPTO_CIPHER_AES_GMAC: 1795 return RSN_CIPHER_SUITE_BIP_GMAC_128; 1796 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 1797 return RSN_CIPHER_SUITE_BIP_GMAC_256; 1798 case WLAN_CRYPTO_CIPHER_NONE: 1799 return RSN_CIPHER_SUITE_NONE; 1800 } 1801 1802 return status; 1803 } 1804 1805 /* 1806 * Convert an RSN key management/authentication algorithm 1807 * to an internal code. 1808 */ 1809 static int32_t 1810 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 1811 { 1812 int32_t status = -1; 1813 1814 switch (keymgmt) { 1815 case WLAN_CRYPTO_KEY_MGMT_NONE: 1816 return RSN_AUTH_KEY_MGMT_NONE; 1817 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1818 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 1819 case WLAN_CRYPTO_KEY_MGMT_PSK: 1820 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1821 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 1822 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1823 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 1824 return RSN_AUTH_KEY_MGMT_FT_PSK; 1825 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 1826 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1827 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 1828 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1829 case WLAN_CRYPTO_KEY_MGMT_SAE: 1830 return RSN_AUTH_KEY_MGMT_SAE; 1831 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 1832 return RSN_AUTH_KEY_MGMT_FT_SAE; 1833 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 1834 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 1835 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 1836 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 1837 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1838 return RSN_AUTH_KEY_MGMT_CCKM; 1839 case WLAN_CRYPTO_KEY_MGMT_OSEN: 1840 return RSN_AUTH_KEY_MGMT_OSEN; 1841 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 1842 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 1843 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 1844 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 1845 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 1846 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 1847 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 1848 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 1849 case WLAN_CRYPTO_KEY_MGMT_OWE: 1850 return RSN_AUTH_KEY_MGMT_OWE; 1851 case WLAN_CRYPTO_KEY_MGMT_DPP: 1852 return RSN_AUTH_KEY_MGMT_DPP; 1853 } 1854 1855 return status; 1856 } 1857 1858 /* 1859 * Convert an RSN key management/authentication algorithm 1860 * to an internal code. 1861 */ 1862 static int32_t 1863 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 1864 { 1865 int32_t status = -1; 1866 1867 switch (keymgmt) { 1868 case WLAN_CRYPTO_KEY_MGMT_NONE: 1869 return WPA_AUTH_KEY_MGMT_NONE; 1870 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1871 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 1872 case WLAN_CRYPTO_KEY_MGMT_PSK: 1873 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1874 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1875 return WPA_AUTH_KEY_MGMT_CCKM; 1876 } 1877 1878 return status; 1879 } 1880 /** 1881 * Convert a WPA cipher selector OUI to an internal 1882 * cipher algorithm. Where appropriate we also 1883 * record any key length. 1884 */ 1885 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 1886 { 1887 uint32_t w = LE_READ_4(sel); 1888 int32_t status = -1; 1889 1890 switch (w) { 1891 case WPA_CIPHER_SUITE_TKIP: 1892 return WLAN_CRYPTO_CIPHER_TKIP; 1893 case WPA_CIPHER_SUITE_CCMP: 1894 return WLAN_CRYPTO_CIPHER_AES_CCM; 1895 case WPA_CIPHER_SUITE_NONE: 1896 return WLAN_CRYPTO_CIPHER_NONE; 1897 } 1898 1899 return status; 1900 } 1901 1902 /* 1903 * Convert a WPA key management/authentication algorithm 1904 * to an internal code. 1905 */ 1906 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 1907 { 1908 uint32_t w = LE_READ_4(sel); 1909 int32_t status = -1; 1910 1911 switch (w) { 1912 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 1913 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1914 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1915 return WLAN_CRYPTO_KEY_MGMT_PSK; 1916 case WPA_AUTH_KEY_MGMT_CCKM: 1917 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1918 case WPA_AUTH_KEY_MGMT_NONE: 1919 return WLAN_CRYPTO_KEY_MGMT_NONE; 1920 } 1921 return status; 1922 } 1923 1924 /* 1925 * Convert a RSN cipher selector OUI to an internal 1926 * cipher algorithm. Where appropriate we also 1927 * record any key length. 1928 */ 1929 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 1930 { 1931 uint32_t w = LE_READ_4(sel); 1932 int32_t status = -1; 1933 1934 switch (w) { 1935 case RSN_CIPHER_SUITE_TKIP: 1936 return WLAN_CRYPTO_CIPHER_TKIP; 1937 case RSN_CIPHER_SUITE_CCMP: 1938 return WLAN_CRYPTO_CIPHER_AES_CCM; 1939 case RSN_CIPHER_SUITE_CCMP_256: 1940 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 1941 case RSN_CIPHER_SUITE_GCMP: 1942 return WLAN_CRYPTO_CIPHER_AES_GCM; 1943 case RSN_CIPHER_SUITE_GCMP_256: 1944 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 1945 case RSN_CIPHER_SUITE_AES_CMAC: 1946 return WLAN_CRYPTO_CIPHER_AES_CMAC; 1947 case RSN_CIPHER_SUITE_BIP_CMAC_256: 1948 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 1949 case RSN_CIPHER_SUITE_BIP_GMAC_128: 1950 return WLAN_CRYPTO_CIPHER_AES_GMAC; 1951 case RSN_CIPHER_SUITE_BIP_GMAC_256: 1952 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 1953 case RSN_CIPHER_SUITE_NONE: 1954 return WLAN_CRYPTO_CIPHER_NONE; 1955 } 1956 1957 return status; 1958 } 1959 /* 1960 * Convert an RSN key management/authentication algorithm 1961 * to an internal code. 1962 */ 1963 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 1964 { 1965 uint32_t w = LE_READ_4(sel); 1966 int32_t status = -1; 1967 1968 switch (w) { 1969 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 1970 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1971 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1972 return WLAN_CRYPTO_KEY_MGMT_PSK; 1973 case RSN_AUTH_KEY_MGMT_FT_802_1X: 1974 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 1975 case RSN_AUTH_KEY_MGMT_FT_PSK: 1976 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 1977 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 1978 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 1979 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 1980 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 1981 case RSN_AUTH_KEY_MGMT_SAE: 1982 return WLAN_CRYPTO_KEY_MGMT_SAE; 1983 case RSN_AUTH_KEY_MGMT_FT_SAE: 1984 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 1985 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 1986 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 1987 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 1988 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 1989 case RSN_AUTH_KEY_MGMT_CCKM: 1990 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1991 case RSN_AUTH_KEY_MGMT_OSEN: 1992 return WLAN_CRYPTO_KEY_MGMT_OSEN; 1993 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 1994 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 1995 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 1996 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 1997 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 1998 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 1999 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2000 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2001 case RSN_AUTH_KEY_MGMT_OWE: 2002 return WLAN_CRYPTO_KEY_MGMT_OWE; 2003 case RSN_AUTH_KEY_MGMT_DPP: 2004 return WLAN_CRYPTO_KEY_MGMT_DPP; 2005 } 2006 2007 return status; 2008 } 2009 2010 /** 2011 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2012 * @crypto params: crypto params 2013 * @iebuf: ie buffer 2014 * 2015 * This function gets called by mlme to check the contents of wpa is 2016 * matching with given crypto params 2017 * 2018 * Return: QDF_STATUS_SUCCESS - in case of success 2019 */ 2020 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2021 uint8_t *frm){ 2022 uint8_t len = frm[1]; 2023 int32_t w; 2024 int n; 2025 2026 /* 2027 * Check the length once for fixed parts: OUI, type, 2028 * version, mcast cipher, and 2 selector counts. 2029 * Other, variable-length data, must be checked separately. 2030 */ 2031 RESET_AUTHMODE(crypto_params); 2032 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2033 2034 if (len < 14) 2035 return QDF_STATUS_E_INVAL; 2036 2037 frm += 6, len -= 4; 2038 2039 w = LE_READ_2(frm); 2040 if (w != WPA_VERSION) 2041 return QDF_STATUS_E_INVAL; 2042 2043 frm += 2, len -= 2; 2044 2045 /* multicast/group cipher */ 2046 RESET_MCAST_CIPHERS(crypto_params); 2047 w = wlan_crypto_wpa_suite_to_cipher(frm); 2048 if (w < 0) 2049 return QDF_STATUS_E_INVAL; 2050 SET_MCAST_CIPHER(crypto_params, w); 2051 frm += 4, len -= 4; 2052 2053 /* unicast ciphers */ 2054 n = LE_READ_2(frm); 2055 frm += 2, len -= 2; 2056 if (len < n*4+2) 2057 return QDF_STATUS_E_INVAL; 2058 2059 RESET_UCAST_CIPHERS(crypto_params); 2060 for (; n > 0; n--) { 2061 w = wlan_crypto_wpa_suite_to_cipher(frm); 2062 if (w < 0) 2063 return QDF_STATUS_E_INVAL; 2064 SET_UCAST_CIPHER(crypto_params, w); 2065 frm += 4, len -= 4; 2066 } 2067 2068 if (!crypto_params->ucastcipherset) 2069 return QDF_STATUS_E_INVAL; 2070 2071 /* key management algorithms */ 2072 n = LE_READ_2(frm); 2073 frm += 2, len -= 2; 2074 if (len < n*4) 2075 return QDF_STATUS_E_INVAL; 2076 2077 w = 0; 2078 RESET_KEY_MGMT(crypto_params); 2079 for (; n > 0; n--) { 2080 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2081 if (w < 0) 2082 return QDF_STATUS_E_INVAL; 2083 SET_KEY_MGMT(crypto_params, w); 2084 frm += 4, len -= 4; 2085 } 2086 2087 /* optional capabilities */ 2088 if (len >= 2) { 2089 crypto_params->rsn_caps = LE_READ_2(frm); 2090 frm += 2, len -= 2; 2091 } 2092 2093 return 0; 2094 } 2095 2096 /** 2097 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2098 * @crypto params: crypto params 2099 * @iebuf: ie buffer 2100 * 2101 * This function gets called by mlme to check the contents of wpa is 2102 * matching with given crypto params 2103 * 2104 * Return: QDF_STATUS_SUCCESS - in case of success 2105 */ 2106 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2107 uint8_t *frm){ 2108 uint8_t len = frm[1]; 2109 int32_t w; 2110 int n; 2111 2112 /* Check the length once for fixed parts: OUI, type & version */ 2113 if (len < 2) 2114 return QDF_STATUS_E_INVAL; 2115 2116 /* initialize crypto params */ 2117 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2118 2119 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2120 2121 frm += 2; 2122 /* NB: iswapoui already validated the OUI and type */ 2123 w = LE_READ_2(frm); 2124 if (w != RSN_VERSION) 2125 return QDF_STATUS_E_INVAL; 2126 2127 frm += 2, len -= 2; 2128 2129 if (!len) { 2130 /* set defaults */ 2131 /* default group cipher CCMP-128 */ 2132 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2133 /* default ucast cipher CCMP-128 */ 2134 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2135 /* default key mgmt 8021x */ 2136 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2137 return QDF_STATUS_SUCCESS; 2138 } else if (len < 4) { 2139 return QDF_STATUS_E_INVAL; 2140 } 2141 2142 /* multicast/group cipher */ 2143 w = wlan_crypto_rsn_suite_to_cipher(frm); 2144 if (w < 0) 2145 return QDF_STATUS_E_INVAL; 2146 else { 2147 SET_MCAST_CIPHER(crypto_params, w); 2148 frm += 4, len -= 4; 2149 } 2150 2151 if (crypto_params->mcastcipherset == 0) 2152 return QDF_STATUS_E_INVAL; 2153 2154 if (!len) { 2155 /* default ucast cipher CCMP-128 */ 2156 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2157 /* default key mgmt 8021x */ 2158 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2159 return QDF_STATUS_SUCCESS; 2160 } else if (len < 2) { 2161 return QDF_STATUS_E_INVAL; 2162 } 2163 2164 /* unicast ciphers */ 2165 n = LE_READ_2(frm); 2166 frm += 2, len -= 2; 2167 if (n) { 2168 if (len < n * 4) 2169 return QDF_STATUS_E_INVAL; 2170 2171 for (; n > 0; n--) { 2172 w = wlan_crypto_rsn_suite_to_cipher(frm); 2173 if (w < 0) 2174 return QDF_STATUS_E_INVAL; 2175 SET_UCAST_CIPHER(crypto_params, w); 2176 frm += 4, len -= 4; 2177 } 2178 } else { 2179 /* default ucast cipher CCMP-128 */ 2180 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2181 } 2182 2183 if (crypto_params->ucastcipherset == 0) 2184 return QDF_STATUS_E_INVAL; 2185 2186 if (!len) { 2187 /* default key mgmt 8021x */ 2188 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2189 return QDF_STATUS_SUCCESS; 2190 } else if (len < 2) { 2191 return QDF_STATUS_E_INVAL; 2192 } 2193 2194 /* key management algorithms */ 2195 n = LE_READ_2(frm); 2196 frm += 2, len -= 2; 2197 2198 if (n) { 2199 if (len < n * 4) 2200 return QDF_STATUS_E_INVAL; 2201 2202 for (; n > 0; n--) { 2203 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2204 if (w < 0) 2205 return QDF_STATUS_E_INVAL; 2206 SET_KEY_MGMT(crypto_params, w); 2207 frm += 4, len -= 4; 2208 } 2209 } else { 2210 /* default key mgmt 8021x */ 2211 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2212 } 2213 2214 if (crypto_params->key_mgmt == 0) 2215 return QDF_STATUS_E_INVAL; 2216 2217 /* optional capabilities */ 2218 if (len >= 2) { 2219 crypto_params->rsn_caps = LE_READ_2(frm); 2220 frm += 2, len -= 2; 2221 } else if (len && len < 2) { 2222 return QDF_STATUS_E_INVAL; 2223 } 2224 2225 2226 /* PMKID */ 2227 if (len >= 2) { 2228 n = LE_READ_2(frm); 2229 frm += 2, len -= 2; 2230 if (n && len) { 2231 if (len >= n * PMKID_LEN) 2232 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2233 else 2234 return QDF_STATUS_E_INVAL; 2235 } else if (n && !len) { 2236 return QDF_STATUS_E_INVAL; 2237 } 2238 /*TODO: Save pmkid in params for further reference */ 2239 } 2240 2241 /* BIP */ 2242 if (!len && 2243 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2244 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2245 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2246 return QDF_STATUS_SUCCESS; 2247 } else if (len >= 4) { 2248 w = wlan_crypto_rsn_suite_to_cipher(frm); 2249 frm += 4, len -= 4; 2250 SET_MGMT_CIPHER(crypto_params, w); 2251 } 2252 2253 return QDF_STATUS_SUCCESS; 2254 } 2255 2256 /** 2257 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2258 * @vdev: vdev 2259 * @iebuf: ie buffer 2260 * 2261 * This function gets called by mlme to build wpaie from given vdev 2262 * 2263 * Return: end of buffer 2264 */ 2265 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2266 uint8_t *iebuf){ 2267 uint8_t *frm = iebuf; 2268 uint8_t *selcnt; 2269 struct wlan_crypto_comp_priv *crypto_priv; 2270 struct wlan_crypto_params *crypto_params; 2271 2272 if (!frm) 2273 return NULL; 2274 2275 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2276 2277 if (!crypto_params) 2278 return NULL; 2279 2280 *frm++ = WLAN_ELEMID_VENDOR; 2281 *frm++ = 0; 2282 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2283 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2284 2285 2286 /* multicast cipher */ 2287 if (MCIPHER_IS_TKIP(crypto_params)) { 2288 WLAN_CRYPTO_ADDSELECTOR(frm, 2289 wlan_crypto_wpa_cipher_to_suite( 2290 WLAN_CRYPTO_CIPHER_TKIP)); 2291 } else if (MCIPHER_IS_CCMP128(crypto_params)) { 2292 WLAN_CRYPTO_ADDSELECTOR(frm, 2293 wlan_crypto_wpa_cipher_to_suite( 2294 WLAN_CRYPTO_CIPHER_AES_CCM)); 2295 } 2296 /* unicast cipher list */ 2297 selcnt = frm; 2298 WLAN_CRYPTO_ADDSHORT(frm, 0); 2299 /* do not use CCMP unicast cipher in WPA mode */ 2300 if (UCIPHER_IS_TKIP(crypto_params)) { 2301 selcnt[0]++; 2302 WLAN_CRYPTO_ADDSELECTOR(frm, 2303 wlan_crypto_wpa_cipher_to_suite( 2304 WLAN_CRYPTO_CIPHER_TKIP)); 2305 } 2306 if (UCIPHER_IS_CCMP128(crypto_params)) { 2307 selcnt[0]++; 2308 WLAN_CRYPTO_ADDSELECTOR(frm, 2309 wlan_crypto_wpa_cipher_to_suite( 2310 WLAN_CRYPTO_CIPHER_AES_CCM)); 2311 } 2312 2313 /* authenticator selector list */ 2314 selcnt = frm; 2315 WLAN_CRYPTO_ADDSHORT(frm, 0); 2316 2317 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2318 selcnt[0]++; 2319 WLAN_CRYPTO_ADDSELECTOR(frm, 2320 wlan_crypto_wpa_keymgmt_to_suite( 2321 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2322 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2323 selcnt[0]++; 2324 WLAN_CRYPTO_ADDSELECTOR(frm, 2325 wlan_crypto_wpa_keymgmt_to_suite( 2326 WLAN_CRYPTO_KEY_MGMT_PSK)); 2327 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2328 selcnt[0]++; 2329 WLAN_CRYPTO_ADDSELECTOR(frm, 2330 wlan_crypto_wpa_keymgmt_to_suite( 2331 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2332 } else { 2333 selcnt[0]++; 2334 WLAN_CRYPTO_ADDSELECTOR(frm, 2335 wlan_crypto_wpa_keymgmt_to_suite( 2336 WLAN_CRYPTO_KEY_MGMT_NONE)); 2337 } 2338 /* calculate element length */ 2339 iebuf[1] = frm - iebuf - 2; 2340 2341 return frm; 2342 } 2343 2344 /** 2345 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2346 * @vdev: vdev 2347 * @iebuf: ie buffer 2348 * 2349 * This function gets called by mlme to build rsnie from given vdev 2350 * 2351 * Return: end of buffer 2352 */ 2353 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2354 uint8_t *iebuf){ 2355 uint8_t *frm = iebuf; 2356 uint8_t *selcnt; 2357 struct wlan_crypto_comp_priv *crypto_priv; 2358 struct wlan_crypto_params *crypto_params; 2359 2360 if (!frm) { 2361 return NULL; 2362 } 2363 2364 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2365 2366 if (!crypto_params) { 2367 return NULL; 2368 } 2369 2370 *frm++ = WLAN_ELEMID_RSN; 2371 *frm++ = 0; 2372 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2373 2374 2375 /* multicast cipher */ 2376 if (MCIPHER_IS_TKIP(crypto_params)) { 2377 WLAN_CRYPTO_ADDSELECTOR(frm, 2378 wlan_crypto_rsn_cipher_to_suite( 2379 WLAN_CRYPTO_CIPHER_TKIP)); 2380 } else if (MCIPHER_IS_CCMP128(crypto_params)) { 2381 WLAN_CRYPTO_ADDSELECTOR(frm, 2382 wlan_crypto_rsn_cipher_to_suite( 2383 WLAN_CRYPTO_CIPHER_AES_CCM)); 2384 } else if (MCIPHER_IS_CCMP256(crypto_params)) { 2385 WLAN_CRYPTO_ADDSELECTOR(frm, 2386 wlan_crypto_rsn_cipher_to_suite( 2387 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2388 } else if (MCIPHER_IS_GCMP128(crypto_params)) { 2389 WLAN_CRYPTO_ADDSELECTOR(frm, 2390 wlan_crypto_rsn_cipher_to_suite( 2391 WLAN_CRYPTO_CIPHER_AES_GCM)); 2392 } else if (MCIPHER_IS_GCMP256(crypto_params)) { 2393 WLAN_CRYPTO_ADDSELECTOR(frm, 2394 wlan_crypto_rsn_cipher_to_suite( 2395 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2396 } 2397 2398 /* unicast cipher list */ 2399 selcnt = frm; 2400 WLAN_CRYPTO_ADDSHORT(frm, 0); 2401 /* do not use CCMP unicast cipher in WPA mode */ 2402 if (UCIPHER_IS_TKIP(crypto_params)) { 2403 selcnt[0]++; 2404 WLAN_CRYPTO_ADDSELECTOR(frm, 2405 wlan_crypto_rsn_cipher_to_suite( 2406 WLAN_CRYPTO_CIPHER_TKIP)); 2407 } 2408 if (UCIPHER_IS_CCMP128(crypto_params)) { 2409 selcnt[0]++; 2410 WLAN_CRYPTO_ADDSELECTOR(frm, 2411 wlan_crypto_rsn_cipher_to_suite( 2412 WLAN_CRYPTO_CIPHER_AES_CCM)); 2413 } 2414 if (UCIPHER_IS_CCMP256(crypto_params)) { 2415 selcnt[0]++; 2416 WLAN_CRYPTO_ADDSELECTOR(frm, 2417 wlan_crypto_rsn_cipher_to_suite( 2418 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2419 } 2420 2421 if (UCIPHER_IS_GCMP128(crypto_params)) { 2422 selcnt[0]++; 2423 WLAN_CRYPTO_ADDSELECTOR(frm, 2424 wlan_crypto_rsn_cipher_to_suite( 2425 WLAN_CRYPTO_CIPHER_AES_GCM)); 2426 } 2427 if (UCIPHER_IS_GCMP256(crypto_params)) { 2428 selcnt[0]++; 2429 WLAN_CRYPTO_ADDSELECTOR(frm, 2430 wlan_crypto_rsn_cipher_to_suite( 2431 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2432 } 2433 2434 2435 /* authenticator selector list */ 2436 selcnt = frm; 2437 WLAN_CRYPTO_ADDSHORT(frm, 0); 2438 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2439 selcnt[0]++; 2440 WLAN_CRYPTO_ADDSELECTOR(frm, 2441 wlan_crypto_rsn_keymgmt_to_suite( 2442 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2443 } else { 2444 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2445 selcnt[0]++; 2446 WLAN_CRYPTO_ADDSELECTOR(frm, 2447 wlan_crypto_rsn_keymgmt_to_suite( 2448 WLAN_CRYPTO_KEY_MGMT_PSK)); 2449 } 2450 if (HAS_KEY_MGMT(crypto_params, 2451 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2452 selcnt[0]++; 2453 WLAN_CRYPTO_ADDSELECTOR(frm, 2454 wlan_crypto_rsn_keymgmt_to_suite( 2455 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2456 } 2457 if (HAS_KEY_MGMT(crypto_params, 2458 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2459 selcnt[0]++; 2460 WLAN_CRYPTO_ADDSELECTOR(frm, 2461 wlan_crypto_rsn_keymgmt_to_suite( 2462 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)); 2463 } 2464 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2465 selcnt[0]++; 2466 WLAN_CRYPTO_ADDSELECTOR(frm, 2467 wlan_crypto_rsn_keymgmt_to_suite( 2468 WLAN_CRYPTO_KEY_MGMT_FT_PSK)); 2469 } 2470 if (HAS_KEY_MGMT(crypto_params, 2471 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2472 selcnt[0]++; 2473 WLAN_CRYPTO_ADDSELECTOR(frm, 2474 wlan_crypto_rsn_keymgmt_to_suite( 2475 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)); 2476 } 2477 if (HAS_KEY_MGMT(crypto_params, 2478 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2479 selcnt[0]++; 2480 WLAN_CRYPTO_ADDSELECTOR(frm, 2481 wlan_crypto_rsn_keymgmt_to_suite( 2482 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)); 2483 } 2484 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2485 selcnt[0]++; 2486 WLAN_CRYPTO_ADDSELECTOR(frm, 2487 wlan_crypto_rsn_keymgmt_to_suite( 2488 WLAN_CRYPTO_KEY_MGMT_OSEN)); 2489 } 2490 } 2491 2492 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2493 /* optional capabilities */ 2494 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2495 /* PMK list */ 2496 WLAN_CRYPTO_ADDSHORT(frm, 0); 2497 if (HAS_MGMT_CIPHER(crypto_params, 2498 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2499 WLAN_CRYPTO_ADDSELECTOR(frm, 2500 wlan_crypto_rsn_cipher_to_suite( 2501 WLAN_CRYPTO_CIPHER_AES_CMAC)); 2502 } 2503 if (HAS_MGMT_CIPHER(crypto_params, 2504 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2505 WLAN_CRYPTO_ADDSELECTOR(frm, 2506 wlan_crypto_rsn_cipher_to_suite( 2507 WLAN_CRYPTO_CIPHER_AES_GMAC)); 2508 } 2509 if (HAS_MGMT_CIPHER(crypto_params, 2510 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2511 WLAN_CRYPTO_ADDSELECTOR(frm, 2512 wlan_crypto_rsn_cipher_to_suite( 2513 WLAN_CRYPTO_CIPHER_AES_CMAC_256)); 2514 } 2515 2516 if (HAS_MGMT_CIPHER(crypto_params, 2517 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2518 WLAN_CRYPTO_ADDSELECTOR(frm, 2519 wlan_crypto_rsn_cipher_to_suite( 2520 WLAN_CRYPTO_CIPHER_AES_GMAC_256)); 2521 } 2522 } 2523 2524 /* calculate element length */ 2525 iebuf[1] = frm - iebuf - 2; 2526 2527 return frm; 2528 } 2529 2530 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2531 struct wlan_crypto_params *crypto_params){ 2532 struct wlan_crypto_params *my_crypto_params; 2533 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2534 2535 if (!my_crypto_params) 2536 return false; 2537 /* 2538 * Check peer's pairwise ciphers. 2539 * At least one must match with our unicast cipher 2540 */ 2541 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2542 return false; 2543 /* 2544 * Check peer's group cipher is our enabled multicast cipher. 2545 */ 2546 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2547 return false; 2548 /* 2549 * Check peer's key management class set (PSK or UNSPEC) 2550 */ 2551 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) 2552 return false; 2553 2554 return true; 2555 } 2556 2557 /* 2558 * Convert an WAPI CIPHER suite to to an internal code. 2559 */ 2560 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2561 { 2562 uint32_t w = LE_READ_4(sel); 2563 int32_t status = -1; 2564 2565 switch (w) { 2566 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2567 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2568 } 2569 2570 return status; 2571 } 2572 2573 /* 2574 * Convert an WAPI key management/authentication algorithm 2575 * to an internal code. 2576 */ 2577 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2578 { 2579 uint32_t w = LE_READ_4(sel); 2580 int32_t status = -1; 2581 2582 switch (w) { 2583 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2584 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2585 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2586 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2587 } 2588 2589 return status; 2590 } 2591 /** 2592 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2593 * @crypto params: crypto params 2594 * @iebuf: ie buffer 2595 * 2596 * This function gets called by mlme to check the contents of wapi is 2597 * matching with given crypto params 2598 * 2599 * Return: QDF_STATUS_SUCCESS - in case of success 2600 */ 2601 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2602 uint8_t *frm) 2603 { 2604 uint8_t len = frm[1]; 2605 int32_t w; 2606 int n; 2607 2608 /* 2609 * Check the length once for fixed parts: OUI, type, 2610 * version, mcast cipher, and 2 selector counts. 2611 * Other, variable-length data, must be checked separately. 2612 */ 2613 RESET_AUTHMODE(crypto_params); 2614 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2615 2616 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2617 return QDF_STATUS_E_INVAL; 2618 2619 2620 frm += 2; 2621 2622 w = LE_READ_2(frm); 2623 frm += 2, len -= 2; 2624 if (w != WAPI_VERSION) 2625 return QDF_STATUS_E_INVAL; 2626 2627 n = LE_READ_2(frm); 2628 frm += 2, len -= 2; 2629 if (len < n*4+2) 2630 return QDF_STATUS_E_INVAL; 2631 2632 RESET_KEY_MGMT(crypto_params); 2633 for (; n > 0; n--) { 2634 w = wlan_crypto_wapi_keymgmt(frm); 2635 if (w < 0) 2636 return QDF_STATUS_E_INVAL; 2637 2638 SET_KEY_MGMT(crypto_params, w); 2639 frm += 4, len -= 4; 2640 } 2641 2642 /* unicast ciphers */ 2643 n = LE_READ_2(frm); 2644 frm += 2, len -= 2; 2645 if (len < n*4+2) 2646 return QDF_STATUS_E_INVAL; 2647 2648 RESET_UCAST_CIPHERS(crypto_params); 2649 for (; n > 0; n--) { 2650 w = wlan_crypto_wapi_suite_to_cipher(frm); 2651 if (w < 0) 2652 return QDF_STATUS_E_INVAL; 2653 SET_UCAST_CIPHER(crypto_params, w); 2654 frm += 4, len -= 4; 2655 } 2656 2657 if (!crypto_params->ucastcipherset) 2658 return QDF_STATUS_E_INVAL; 2659 2660 /* multicast/group cipher */ 2661 RESET_MCAST_CIPHERS(crypto_params); 2662 w = wlan_crypto_wapi_suite_to_cipher(frm); 2663 2664 if (w < 0) 2665 return QDF_STATUS_E_INVAL; 2666 2667 SET_MCAST_CIPHER(crypto_params, w); 2668 frm += 4, len -= 4; 2669 2670 return QDF_STATUS_SUCCESS; 2671 } 2672 2673 /** 2674 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2675 * @vdev: vdev 2676 * @iebuf: ie buffer 2677 * 2678 * This function gets called by mlme to build wapi ie from given vdev 2679 * 2680 * Return: end of buffer 2681 */ 2682 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2683 uint8_t *iebuf) 2684 { 2685 uint8_t *frm; 2686 uint8_t *selcnt; 2687 struct wlan_crypto_comp_priv *crypto_priv; 2688 struct wlan_crypto_params *crypto_params; 2689 2690 frm = iebuf; 2691 if (!frm) { 2692 qdf_print("%s[%d] ie buffer NULL\n", __func__, __LINE__); 2693 return NULL; 2694 } 2695 2696 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2697 2698 if (!crypto_params) { 2699 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 2700 return NULL; 2701 } 2702 2703 *frm++ = WLAN_ELEMID_WAPI; 2704 *frm++ = 0; 2705 2706 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 2707 2708 /* authenticator selector list */ 2709 selcnt = frm; 2710 WLAN_CRYPTO_ADDSHORT(frm, 0); 2711 2712 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 2713 selcnt[0]++; 2714 WLAN_CRYPTO_ADDSELECTOR(frm, 2715 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 2716 } 2717 2718 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 2719 selcnt[0]++; 2720 WLAN_CRYPTO_ADDSELECTOR(frm, 2721 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 2722 } 2723 2724 /* unicast cipher list */ 2725 selcnt = frm; 2726 WLAN_CRYPTO_ADDSHORT(frm, 0); 2727 2728 if (UCIPHER_IS_SMS4(crypto_params)) { 2729 selcnt[0]++; 2730 WLAN_CRYPTO_ADDSELECTOR(frm, 2731 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2732 } 2733 2734 WLAN_CRYPTO_ADDSELECTOR(frm, 2735 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2736 2737 /* optional capabilities */ 2738 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2739 2740 /* calculate element length */ 2741 iebuf[1] = frm - iebuf - 2; 2742 2743 return frm; 2744 2745 } 2746 2747 /** 2748 * wlan_crypto_pn_check - called by data patch for PN check 2749 * @vdev: vdev 2750 * @wbuf: wbuf 2751 * 2752 * This function gets called by data patch for PN check 2753 * 2754 * Return: QDF_STATUS 2755 */ 2756 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 2757 qdf_nbuf_t wbuf){ 2758 /* Need to check is there real requirement for this function 2759 * as PN check is already handled in decap function. 2760 */ 2761 return QDF_STATUS_SUCCESS; 2762 } 2763 2764 /** 2765 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 2766 * @vdev:vdev 2767 * 2768 * This function gets called by mlme to get crypto params 2769 * 2770 * Return: wlan_crypto_params or NULL in case of failure 2771 */ 2772 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 2773 struct wlan_objmgr_vdev *vdev){ 2774 struct wlan_crypto_comp_priv *crypto_priv; 2775 2776 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2777 } 2778 2779 /** 2780 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 2781 * @peer:peer 2782 * 2783 * This function gets called by mlme to get crypto params 2784 * 2785 * Return: wlan_crypto_params or NULL in case of failure 2786 */ 2787 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 2788 struct wlan_objmgr_peer *peer){ 2789 struct wlan_crypto_comp_priv *crypto_priv; 2790 2791 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 2792 } 2793 2794 2795 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 2796 struct wlan_objmgr_peer *peer) 2797 { 2798 struct wlan_crypto_comp_priv *crypto_priv; 2799 struct wlan_crypto_comp_priv *sta_crypto_priv; 2800 struct wlan_crypto_params *crypto_params; 2801 struct wlan_crypto_key *key; 2802 struct wlan_crypto_key *sta_key; 2803 struct wlan_crypto_cipher *cipher_table; 2804 struct wlan_objmgr_psoc *psoc; 2805 uint8_t *mac_addr; 2806 int i; 2807 enum QDF_OPMODE opmode; 2808 2809 if (!vdev) 2810 return QDF_STATUS_E_NULL_VALUE; 2811 2812 if (!peer) { 2813 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2814 return QDF_STATUS_E_INVAL; 2815 } 2816 2817 opmode = wlan_vdev_mlme_get_opmode(vdev); 2818 psoc = wlan_vdev_get_psoc(vdev); 2819 2820 if (!psoc) { 2821 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 2822 return QDF_STATUS_E_NULL_VALUE; 2823 } 2824 2825 wlan_peer_obj_lock(peer); 2826 mac_addr = wlan_peer_get_macaddr(peer); 2827 wlan_peer_obj_unlock(peer); 2828 2829 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2830 &crypto_priv); 2831 if (crypto_priv == NULL) { 2832 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 2833 return QDF_STATUS_E_NULL_VALUE; 2834 } 2835 2836 /* push only valid static WEP keys from vap */ 2837 if (AUTH_IS_8021X(crypto_params)) 2838 return QDF_STATUS_E_INVAL; 2839 2840 if (opmode == QDF_STA_MODE) { 2841 peer = wlan_vdev_get_bsspeer(vdev); 2842 if (!peer) { 2843 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2844 return QDF_STATUS_E_INVAL; 2845 } 2846 } 2847 2848 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 2849 if (sta_crypto_priv == NULL) { 2850 qdf_print("%s[%d] sta priv is null\n", __func__, __LINE__); 2851 return QDF_STATUS_E_INVAL; 2852 } 2853 2854 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 2855 if (crypto_priv->key[i]) { 2856 key = crypto_priv->key[i]; 2857 if (!key || !key->valid) 2858 continue; 2859 2860 cipher_table = (struct wlan_crypto_cipher *) 2861 key->cipher_table; 2862 2863 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 2864 sta_key = qdf_mem_malloc( 2865 sizeof(struct wlan_crypto_key)); 2866 if (!sta_key) { 2867 qdf_print("%s[%d] key alloc failed\n", 2868 __func__, __LINE__); 2869 return QDF_STATUS_E_NOMEM; 2870 } 2871 sta_crypto_priv->key[i] = sta_key; 2872 qdf_mem_copy(sta_key, key, 2873 sizeof(struct wlan_crypto_key)); 2874 2875 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 2876 2877 if (crypto_priv->def_tx_keyid == i) { 2878 sta_key->flags 2879 |= WLAN_CRYPTO_KEY_DEFAULT; 2880 sta_crypto_priv->def_tx_keyid = 2881 crypto_priv->def_tx_keyid; 2882 } 2883 /* setting the broadcast/multicast key for sta*/ 2884 if (opmode == QDF_STA_MODE || 2885 opmode == QDF_IBSS_MODE){ 2886 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2887 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 2888 vdev, sta_key, mac_addr, 2889 cipher_table->cipher); 2890 } 2891 } 2892 2893 /* setting unicast key */ 2894 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 2895 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2896 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 2897 sta_key, mac_addr, 2898 cipher_table->cipher); 2899 } 2900 } 2901 } 2902 } 2903 2904 return QDF_STATUS_SUCCESS; 2905 } 2906 2907 /** 2908 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 2909 * @crypto_rx_ops: crypto_rx_ops 2910 * 2911 * This function gets called by object manger to register crypto rx ops. 2912 * 2913 * Return: QDF_STATUS 2914 */ 2915 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 2916 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 2917 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 2918 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 2919 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 2920 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 2921 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 2922 2923 return QDF_STATUS_SUCCESS; 2924 } 2925 2926 /** 2927 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 2928 * @psoc: psoc 2929 * 2930 * This function gets called by umac to get the crypto_rx_ops 2931 * 2932 * Return: crypto_rx_ops 2933 */ 2934 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 2935 struct wlan_objmgr_psoc *psoc) 2936 { 2937 2938 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 2939 } 2940 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 2941 2942 /** 2943 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 2944 * @vdev: vdev 2945 * @authvalue: authvalue to be checked 2946 * 2947 * This function check is authvalue passed is set in vdev or not 2948 * 2949 * Return: true or false 2950 */ 2951 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 2952 wlan_crypto_auth_mode authvalue) 2953 { 2954 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 2955 & authvalue; 2956 } 2957 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 2958 2959 /** 2960 * wlan_crypto_peer_has_auth_mode - check authmode for peer 2961 * @peer: peer 2962 * @authvalue: authvalue to be checked 2963 * 2964 * This function check is authvalue passed is set in peer or not 2965 * 2966 * Return: true or false 2967 */ 2968 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 2969 wlan_crypto_auth_mode authvalue) 2970 { 2971 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 2972 & authvalue; 2973 } 2974 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 2975 2976 /** 2977 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 2978 * @vdev: vdev 2979 * @ucastcipher: ucastcipher to be checked 2980 * 2981 * This function check is ucastcipher passed is set in vdev or not 2982 * 2983 * Return: true or false 2984 */ 2985 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 2986 wlan_crypto_cipher_type ucastcipher) 2987 { 2988 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 2989 & ucastcipher; 2990 } 2991 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 2992 2993 /** 2994 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 2995 * @peer: peer 2996 * @ucastcipher: ucastcipher to be checked 2997 * 2998 * This function check is ucastcipher passed is set in peer or not 2999 * 3000 * Return: true or false 3001 */ 3002 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3003 wlan_crypto_cipher_type ucastcipher) 3004 { 3005 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3006 & ucastcipher; 3007 } 3008 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3009 3010 /** 3011 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3012 * @vdev: vdev 3013 * @mcastcipher: mcastcipher to be checked 3014 * 3015 * This function check is mcastcipher passed is set in vdev or not 3016 * 3017 * Return: true or false 3018 */ 3019 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3020 wlan_crypto_cipher_type mcastcipher) 3021 { 3022 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3023 & mcastcipher; 3024 } 3025 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3026 3027 /** 3028 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3029 * @peer: peer 3030 * @mcastcipher: mcastcipher to be checked 3031 * 3032 * This function check is mcastcipher passed is set in peer or not 3033 * 3034 * Return: true or false 3035 */ 3036 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3037 wlan_crypto_cipher_type mcastcipher) 3038 { 3039 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3040 & mcastcipher; 3041 } 3042 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3043 3044 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3045 { 3046 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3047 3048 if (!peer) { 3049 qdf_print(FL("Invalid Input\n")); 3050 return 0; 3051 } 3052 3053 crypto_priv = wlan_get_peer_crypto_obj(peer); 3054 if (!crypto_priv) { 3055 qdf_print(FL("crypto_priv NULL\n")); 3056 return 0; 3057 } 3058 3059 return crypto_priv->fils_aead_set; 3060 } 3061 3062 void 3063 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3064 { 3065 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3066 3067 if (!peer) { 3068 qdf_print(FL("Invalid Input\n")); 3069 return; 3070 } 3071 3072 crypto_priv = wlan_get_peer_crypto_obj(peer); 3073 if (!crypto_priv) { 3074 qdf_print(FL("crypto_priv NULL\n")); 3075 return; 3076 } 3077 3078 crypto_priv->fils_aead_set = value; 3079 } 3080