1 /* 2 * Copyright (c) 2017-2019 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 23 #include <qdf_types.h> 24 #include <wlan_cmn.h> 25 #include <wlan_objmgr_cmn.h> 26 #include <wlan_objmgr_global_obj.h> 27 #include <wlan_objmgr_psoc_obj.h> 28 #include <wlan_objmgr_pdev_obj.h> 29 #include <wlan_objmgr_vdev_obj.h> 30 #include <wlan_objmgr_peer_obj.h> 31 #include <wlan_utility.h> 32 33 #include "wlan_crypto_global_def.h" 34 #include "wlan_crypto_global_api.h" 35 #include "wlan_crypto_def_i.h" 36 #include "wlan_crypto_param_handling_i.h" 37 #include "wlan_crypto_obj_mgr_i.h" 38 #include <qdf_module.h> 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \ 43 WLAN_CRYPTO_ADDSELECTOR(frm,\ 44 wlan_crypto_wpa_cipher_to_suite(cipher)) 45 46 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \ 47 WLAN_CRYPTO_ADDSELECTOR(frm,\ 48 wlan_crypto_rsn_cipher_to_suite(cipher)) 49 50 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 51 WLAN_CRYPTO_ADDSELECTOR(frm,\ 52 wlan_crypto_wpa_keymgmt_to_suite(keymgmt)) 53 54 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\ 55 WLAN_CRYPTO_ADDSELECTOR(frm,\ 56 wlan_crypto_rsn_keymgmt_to_suite(keymgmt)) 57 58 /** 59 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 60 * @vdev:vdev 61 * 62 * This function gets called by mlme to get crypto params 63 * 64 * Return: wlan_crypto_params or NULL in case of failure 65 */ 66 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 67 struct wlan_objmgr_vdev *vdev, 68 struct wlan_crypto_comp_priv **crypto_priv){ 69 *crypto_priv = (struct wlan_crypto_comp_priv *) 70 wlan_get_vdev_crypto_obj(vdev); 71 if (!(*crypto_priv)) { 72 crypto_err("crypto_priv NULL"); 73 return NULL; 74 } 75 76 return &((*crypto_priv)->crypto_params); 77 } 78 79 /** 80 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 81 * @peer:peer 82 * 83 * This function gets called by mlme to get crypto params 84 * 85 * Return: wlan_crypto_params or NULL in case of failure 86 */ 87 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 88 struct wlan_objmgr_peer *peer, 89 struct wlan_crypto_comp_priv **crypto_priv){ 90 91 *crypto_priv = (struct wlan_crypto_comp_priv *) 92 wlan_get_peer_crypto_obj(peer); 93 if (!*crypto_priv) { 94 crypto_err("crypto_priv NULL"); 95 return NULL; 96 } 97 98 return &((*crypto_priv)->crypto_params); 99 } 100 101 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 102 { 103 return QDF_STATUS_SUCCESS; 104 } 105 106 /** 107 * wlan_crypto_set_param - called by ucfg to set crypto param 108 * @crypto_params: crypto_params 109 * @param: param to be set. 110 * @value: value 111 * 112 * This function gets called from ucfg to set param 113 * 114 * Return: QDF_STATUS_SUCCESS - in case of success 115 */ 116 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params, 117 wlan_crypto_param_type param, 118 uint32_t value){ 119 QDF_STATUS status = QDF_STATUS_E_INVAL; 120 121 crypto_debug("param %d, value %d", param, value); 122 switch (param) { 123 case WLAN_CRYPTO_PARAM_AUTH_MODE: 124 status = wlan_crypto_set_authmode(crypto_params, value); 125 break; 126 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 127 status = wlan_crypto_set_ucastciphers(crypto_params, value); 128 break; 129 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 130 status = wlan_crypto_set_mcastcipher(crypto_params, value); 131 break; 132 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 133 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 134 break; 135 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 136 status = wlan_crypto_set_cipher_cap(crypto_params, value); 137 break; 138 case WLAN_CRYPTO_PARAM_RSN_CAP: 139 status = wlan_crypto_set_rsn_cap(crypto_params, value); 140 break; 141 case WLAN_CRYPTO_PARAM_KEY_MGMT: 142 status = wlan_crypto_set_key_mgmt(crypto_params, value); 143 break; 144 default: 145 status = QDF_STATUS_E_INVAL; 146 } 147 return status; 148 } 149 150 /** 151 * wlan_crypto_set_vdev_param - called by ucfg to set crypto param 152 * @vdev: vdev 153 * @param: param to be set. 154 * @value: value 155 * 156 * This function gets called from ucfg to set param 157 * 158 * Return: QDF_STATUS_SUCCESS - in case of success 159 */ 160 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev, 161 wlan_crypto_param_type param, 162 uint32_t value){ 163 QDF_STATUS status = QDF_STATUS_E_INVAL; 164 struct wlan_crypto_comp_priv *crypto_priv; 165 struct wlan_crypto_params *crypto_params; 166 167 crypto_priv = (struct wlan_crypto_comp_priv *) 168 wlan_get_vdev_crypto_obj(vdev); 169 170 if (!crypto_priv) { 171 crypto_err("crypto_priv NULL"); 172 return QDF_STATUS_E_INVAL; 173 } 174 175 crypto_params = &(crypto_priv->crypto_params); 176 177 status = wlan_crypto_set_param(crypto_params, param, value); 178 179 return status; 180 } 181 182 /** 183 * wlan_crypto_set_param - called by ucfg to set crypto param 184 * 185 * @peer: peer 186 * @param: param to be set. 187 * @value: value 188 * 189 * This function gets called from ucfg to set param 190 * 191 * Return: QDF_STATUS_SUCCESS - in case of success 192 */ 193 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer, 194 wlan_crypto_param_type param, 195 uint32_t value){ 196 QDF_STATUS status = QDF_STATUS_E_INVAL; 197 struct wlan_crypto_comp_priv *crypto_priv; 198 struct wlan_crypto_params *crypto_params; 199 200 crypto_params = wlan_crypto_peer_get_comp_params(peer, 201 &crypto_priv); 202 203 if (!crypto_priv) { 204 crypto_err("crypto_priv NULL"); 205 return QDF_STATUS_E_INVAL; 206 } 207 208 crypto_params = &(crypto_priv->crypto_params); 209 210 status = wlan_crypto_set_param(crypto_params, param, value); 211 212 return status; 213 } 214 215 /** 216 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 217 * @param: Crypto param type 218 * @crypto_params: Crypto params struct 219 * 220 * This function gets called from in-within crypto layer 221 * 222 * Return: value or -1 for failure 223 */ 224 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 225 struct wlan_crypto_params *crypto_params) 226 { 227 int32_t value = -1; 228 229 switch (param) { 230 case WLAN_CRYPTO_PARAM_AUTH_MODE: 231 value = wlan_crypto_get_authmode(crypto_params); 232 break; 233 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 234 value = wlan_crypto_get_ucastciphers(crypto_params); 235 break; 236 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 237 value = wlan_crypto_get_mcastcipher(crypto_params); 238 break; 239 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 240 value = wlan_crypto_get_mgmtciphers(crypto_params); 241 break; 242 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 243 value = wlan_crypto_get_cipher_cap(crypto_params); 244 break; 245 case WLAN_CRYPTO_PARAM_RSN_CAP: 246 value = wlan_crypto_get_rsn_cap(crypto_params); 247 break; 248 case WLAN_CRYPTO_PARAM_KEY_MGMT: 249 value = wlan_crypto_get_key_mgmt(crypto_params); 250 break; 251 default: 252 value = QDF_STATUS_E_INVAL; 253 } 254 255 return value; 256 } 257 258 /** 259 * wlan_crypto_get_param - called to get value for param from vdev 260 * @vdev: vdev 261 * @param: Crypto param type 262 * 263 * This function gets called to get value for param from vdev 264 * 265 * Return: value or -1 for failure 266 */ 267 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 268 wlan_crypto_param_type param) 269 { 270 int32_t value = -1; 271 struct wlan_crypto_comp_priv *crypto_priv; 272 struct wlan_crypto_params *crypto_params; 273 crypto_priv = (struct wlan_crypto_comp_priv *) 274 wlan_get_vdev_crypto_obj(vdev); 275 276 if (!crypto_priv) { 277 crypto_err("crypto_priv NULL"); 278 return QDF_STATUS_E_INVAL; 279 } 280 281 crypto_params = &(crypto_priv->crypto_params); 282 value = wlan_crypto_get_param_value(param, crypto_params); 283 284 return value; 285 } 286 /** 287 * wlan_crypto_get_peer_param - called to get value for param from peer 288 * @peer: peer 289 * @param: Crypto param type 290 * 291 * This function gets called to get value for param from peer 292 * 293 * Return: value or -1 for failure 294 */ 295 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 296 wlan_crypto_param_type param) 297 { 298 int32_t value = -1; 299 struct wlan_crypto_comp_priv *crypto_priv; 300 struct wlan_crypto_params *crypto_params; 301 302 crypto_params = wlan_crypto_peer_get_comp_params(peer, 303 &crypto_priv); 304 305 if (!crypto_params) { 306 crypto_err("crypto_params NULL"); 307 return QDF_STATUS_E_INVAL; 308 } 309 value = wlan_crypto_get_param_value(param, crypto_params); 310 311 return value; 312 } 313 qdf_export_symbol(wlan_crypto_get_peer_param); 314 315 static 316 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params, 317 struct wlan_crypto_pmksa *pmksa) 318 { 319 uint8_t i, first_available_slot = 0; 320 bool slot_found = false; 321 322 /* find the empty slot or slot with same bssid */ 323 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 324 if (!crypto_params->pmksa[i]) { 325 if (!slot_found) { 326 slot_found = true; 327 first_available_slot = i; 328 } 329 continue; 330 } 331 if (qdf_is_macaddr_equal(&pmksa->bssid, 332 &crypto_params->pmksa[i]->bssid)) { 333 /* free the current pmksa and use this slot */ 334 qdf_mem_zero(crypto_params->pmksa[i], 335 sizeof(struct wlan_crypto_pmksa)); 336 qdf_mem_free(crypto_params->pmksa[i]); 337 crypto_params->pmksa[i] = pmksa; 338 return QDF_STATUS_SUCCESS; 339 } 340 } 341 342 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) { 343 crypto_err("no entry available for pmksa"); 344 return QDF_STATUS_E_INVAL; 345 } 346 crypto_params->pmksa[first_available_slot] = pmksa; 347 348 return QDF_STATUS_SUCCESS; 349 } 350 351 static 352 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params, 353 struct wlan_crypto_pmksa *pmksa) 354 { 355 uint8_t i; 356 357 /* find slot with same bssid */ 358 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 359 if (!crypto_params->pmksa[i]) 360 continue; 361 if (qdf_is_macaddr_equal(&pmksa->bssid, 362 &crypto_params->pmksa[i]->bssid)) { 363 qdf_mem_zero(crypto_params->pmksa[i], 364 sizeof(struct wlan_crypto_pmksa)); 365 qdf_mem_free(crypto_params->pmksa[i]); 366 crypto_params->pmksa[i] = NULL; 367 return QDF_STATUS_SUCCESS; 368 } 369 } 370 371 return QDF_STATUS_E_INVAL; 372 } 373 374 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params) 375 { 376 uint8_t i; 377 378 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 379 if (!crypto_params->pmksa[i]) 380 continue; 381 qdf_mem_zero(crypto_params->pmksa[i], 382 sizeof(struct wlan_crypto_pmksa)); 383 qdf_mem_free(crypto_params->pmksa[i]); 384 crypto_params->pmksa[i] = NULL; 385 } 386 387 return QDF_STATUS_SUCCESS; 388 } 389 390 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev, 391 struct wlan_crypto_pmksa *pmksa, 392 bool set) 393 { 394 QDF_STATUS status = QDF_STATUS_E_INVAL; 395 struct wlan_crypto_comp_priv *crypto_priv; 396 struct wlan_crypto_params *crypto_params; 397 enum QDF_OPMODE op_mode; 398 399 op_mode = wlan_vdev_mlme_get_opmode(vdev); 400 401 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE) 402 return QDF_STATUS_E_NOSUPPORT; 403 404 if (!pmksa && set) { 405 crypto_err("pmksa is NULL for set operation"); 406 return QDF_STATUS_E_INVAL; 407 } 408 crypto_priv = (struct wlan_crypto_comp_priv *) 409 wlan_get_vdev_crypto_obj(vdev); 410 411 if (!crypto_priv) { 412 crypto_err("crypto_priv NULL"); 413 return QDF_STATUS_E_INVAL; 414 } 415 416 crypto_params = &crypto_priv->crypto_params; 417 if (set) { 418 status = wlan_crypto_set_pmksa(crypto_params, pmksa); 419 /* Set pmksa */ 420 } else { 421 /* del pmksa */ 422 if (!pmksa) 423 status = wlan_crypto_pmksa_flush(crypto_params); 424 else 425 status = wlan_crypto_del_pmksa(crypto_params, pmksa); 426 } 427 428 return status; 429 } 430 431 struct wlan_crypto_pmksa * 432 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid) 433 { 434 struct wlan_crypto_comp_priv *crypto_priv; 435 struct wlan_crypto_params *crypto_params; 436 uint8_t i; 437 438 if (!bssid) { 439 crypto_err("bssid is NULL"); 440 return NULL; 441 } 442 crypto_priv = (struct wlan_crypto_comp_priv *) 443 wlan_get_vdev_crypto_obj(vdev); 444 445 if (!crypto_priv) { 446 crypto_err("crypto_priv NULL"); 447 return NULL; 448 } 449 450 crypto_params = &crypto_priv->crypto_params; 451 452 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) { 453 if (!crypto_params->pmksa[i]) 454 continue; 455 if (qdf_is_macaddr_equal(bssid, 456 &crypto_params->pmksa[i]->bssid)) { 457 return crypto_params->pmksa[i]; 458 } 459 } 460 461 return NULL; 462 } 463 /** 464 * wlan_crypto_is_htallowed - called to check is HT allowed for cipher 465 * @vdev: vdev 466 * @peer: peer 467 * 468 * This function gets called to check is HT allowed for cipher. 469 * HT is not allowed for wep and tkip. 470 * 471 * Return: 0 - not allowed or 1 - allowed 472 */ 473 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 474 struct wlan_objmgr_peer *peer) 475 { 476 int32_t ucast_cipher; 477 478 if (!(vdev || peer)) { 479 crypto_err("Invalid params"); 480 return 0; 481 } 482 483 if (vdev) 484 ucast_cipher = wlan_crypto_get_param(vdev, 485 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 486 else 487 ucast_cipher = wlan_crypto_get_peer_param(peer, 488 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 489 490 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 491 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 492 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 493 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 494 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 495 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 496 } 497 qdf_export_symbol(wlan_crypto_is_htallowed); 498 499 /** 500 * wlan_crypto_setkey - called by ucfg to setkey 501 * @vdev: vdev 502 * @req_key: req_key with cipher type, key macaddress 503 * 504 * This function gets called from ucfg to sey key 505 * 506 * Return: QDF_STATUS_SUCCESS - in case of success 507 */ 508 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 509 struct wlan_crypto_req_key *req_key){ 510 511 QDF_STATUS status = QDF_STATUS_E_INVAL; 512 struct wlan_crypto_comp_priv *crypto_priv; 513 struct wlan_crypto_params *crypto_params; 514 struct wlan_objmgr_psoc *psoc; 515 struct wlan_objmgr_peer *peer; 516 struct wlan_crypto_key *key = NULL; 517 const struct wlan_crypto_cipher *cipher; 518 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 519 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 520 bool isbcast; 521 enum QDF_OPMODE vdev_mode; 522 uint8_t igtk_idx = 0; 523 524 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 525 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key); 526 return QDF_STATUS_E_INVAL; 527 } 528 529 isbcast = qdf_is_macaddr_group( 530 (struct qdf_mac_addr *)req_key->macaddr); 531 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) { 532 /* zero length keys, only set default key id if flags are set*/ 533 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 534 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 535 && (!IS_MGMT_CIPHER(req_key->type))) { 536 wlan_crypto_default_key(vdev, 537 req_key->macaddr, 538 req_key->keyix, 539 !isbcast); 540 return QDF_STATUS_SUCCESS; 541 } 542 crypto_err("req_key len zero"); 543 return QDF_STATUS_E_INVAL; 544 } 545 546 cipher = wlan_crypto_cipher_ops[req_key->type]; 547 548 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 549 crypto_err("cipher invalid"); 550 return QDF_STATUS_E_INVAL; 551 } 552 553 if (cipher && (!IS_FILS_CIPHER(req_key->type)) && 554 (!IS_MGMT_CIPHER(req_key->type)) && 555 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) && 556 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 557 crypto_err("cipher invalid"); 558 return QDF_STATUS_E_INVAL; 559 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 560 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 561 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 562 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 563 crypto_err("wep key len invalid. keylen: %d", req_key->keylen); 564 return QDF_STATUS_E_INVAL; 565 } 566 567 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 568 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 569 | WLAN_CRYPTO_KEY_RECV)) { 570 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 571 | WLAN_CRYPTO_KEY_RECV); 572 } 573 } else { 574 if ((req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX) 575 && (!IS_MGMT_CIPHER(req_key->type))) { 576 return QDF_STATUS_E_INVAL; 577 } 578 579 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 580 | WLAN_CRYPTO_KEY_RECV); 581 if (isbcast) 582 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 583 } 584 585 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 586 587 wlan_vdev_obj_lock(vdev); 588 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 589 QDF_MAC_ADDR_SIZE); 590 psoc = wlan_vdev_get_psoc(vdev); 591 if (!psoc) { 592 wlan_vdev_obj_unlock(vdev); 593 crypto_err("psoc NULL"); 594 return QDF_STATUS_E_INVAL; 595 } 596 wlan_vdev_obj_unlock(vdev); 597 598 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 599 if (wlan_crypto_vdev_has_auth_mode(vdev, 600 (1 << WLAN_CRYPTO_AUTH_8021X))) { 601 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 602 } 603 } 604 605 if (isbcast) { 606 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 607 &crypto_priv); 608 if (!crypto_priv) { 609 crypto_err("crypto_priv NULL"); 610 return QDF_STATUS_E_INVAL; 611 } 612 613 if (IS_MGMT_CIPHER(req_key->type)) { 614 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 615 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 616 crypto_err("igtk key invalid keyid %d", 617 igtk_idx); 618 return QDF_STATUS_E_INVAL; 619 } 620 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 621 if (!key) 622 return QDF_STATUS_E_NOMEM; 623 624 if (crypto_priv->igtk_key[igtk_idx]) 625 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 626 627 crypto_priv->igtk_key[igtk_idx] = key; 628 crypto_priv->igtk_key_type = req_key->type; 629 crypto_priv->def_igtk_tx_keyid = igtk_idx; 630 } else { 631 if (IS_FILS_CIPHER(req_key->type)) { 632 crypto_err("FILS key is not for BroadCast pkt"); 633 return QDF_STATUS_E_INVAL; 634 } 635 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 636 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 637 return QDF_STATUS_E_INVAL; 638 } 639 if (!crypto_priv->key[req_key->keyix]) { 640 crypto_priv->key[req_key->keyix] 641 = qdf_mem_malloc( 642 sizeof(struct wlan_crypto_key)); 643 if (!crypto_priv->key[req_key->keyix]) 644 return QDF_STATUS_E_NOMEM; 645 } 646 key = crypto_priv->key[req_key->keyix]; 647 } 648 if (vdev_mode == QDF_STA_MODE) { 649 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, 650 WLAN_CRYPTO_ID); 651 if (!peer) { 652 crypto_err("peer NULL"); 653 if (IS_MGMT_CIPHER(req_key->type)) { 654 crypto_priv->igtk_key[igtk_idx] = NULL; 655 crypto_priv->igtk_key_type 656 = WLAN_CRYPTO_CIPHER_NONE; 657 } else 658 crypto_priv->key[req_key->keyix] = NULL; 659 if (key) 660 qdf_mem_free(key); 661 return QDF_STATUS_E_INVAL; 662 } 663 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 664 QDF_MAC_ADDR_SIZE); 665 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 666 } 667 } else { 668 uint8_t pdev_id; 669 670 pdev_id = wlan_objmgr_pdev_get_pdev_id( 671 wlan_vdev_get_pdev(vdev)); 672 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 673 psoc, 674 pdev_id, 675 macaddr, 676 req_key->macaddr, 677 WLAN_CRYPTO_ID); 678 679 if (!peer) { 680 crypto_err("peer NULL"); 681 return QDF_STATUS_E_INVAL; 682 } 683 684 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE); 685 crypto_params = wlan_crypto_peer_get_comp_params(peer, 686 &crypto_priv); 687 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 688 689 if (!crypto_priv) { 690 crypto_err("crypto_priv NULL"); 691 return QDF_STATUS_E_INVAL; 692 } 693 if (IS_MGMT_CIPHER(req_key->type)) { 694 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 695 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 696 crypto_err("igtk key invalid keyid %d", 697 igtk_idx); 698 return QDF_STATUS_E_INVAL; 699 } 700 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 701 if (!key) 702 return QDF_STATUS_E_NOMEM; 703 704 if (crypto_priv->igtk_key[igtk_idx]) 705 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 706 707 crypto_priv->igtk_key[igtk_idx] = key; 708 crypto_priv->igtk_key_type = req_key->type; 709 crypto_priv->def_igtk_tx_keyid = igtk_idx; 710 } else { 711 uint16_t kid = req_key->keyix; 712 if (kid == WLAN_CRYPTO_KEYIX_NONE) 713 kid = 0; 714 if (kid >= WLAN_CRYPTO_MAXKEYIDX) { 715 crypto_err("invalid keyid %d", kid); 716 return QDF_STATUS_E_INVAL; 717 } 718 if (!crypto_priv->key[kid]) { 719 crypto_priv->key[kid] 720 = qdf_mem_malloc( 721 sizeof(struct wlan_crypto_key)); 722 if (!crypto_priv->key[kid]) 723 return QDF_STATUS_E_NOMEM; 724 } 725 key = crypto_priv->key[kid]; 726 } 727 } 728 729 /* alloc key might not required as it is already there */ 730 key->cipher_table = (void *)cipher; 731 key->keylen = req_key->keylen; 732 key->flags = req_key->flags; 733 734 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 735 key->keyix = 0; 736 else 737 key->keyix = req_key->keyix; 738 739 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 740 && (!IS_MGMT_CIPHER(req_key->type))) { 741 crypto_priv->def_tx_keyid = key->keyix; 742 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 743 } 744 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 745 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 746 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 747 0x5c, 0x36, 0x5c, 0x36, 748 0x5c, 0x36, 0x5c, 0x36, 749 0x5c, 0x36, 0x5c, 0x37}; 750 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 751 0x5c, 0x36, 0x5c, 0x36, 752 0x5c, 0x36, 0x5c, 0x36, 753 0x5c, 0x36, 0x5c, 0x36}; 754 755 /* During Tx PN should be increment and 756 * send but as per our implementation we increment only after 757 * Tx complete. So First packet PN check will be failed. 758 * To compensate increment the PN here by 2 759 */ 760 if (vdev_mode == QDF_SAP_MODE) { 761 iv_AP[15] += 2; 762 qdf_mem_copy(key->recviv, iv_STA, 763 WLAN_CRYPTO_WAPI_IV_SIZE); 764 qdf_mem_copy(key->txiv, iv_AP, 765 WLAN_CRYPTO_WAPI_IV_SIZE); 766 } else { 767 iv_STA[15] += 2; 768 qdf_mem_copy(key->recviv, iv_AP, 769 WLAN_CRYPTO_WAPI_IV_SIZE); 770 qdf_mem_copy(key->txiv, iv_STA, 771 WLAN_CRYPTO_WAPI_IV_SIZE); 772 } 773 } else { 774 uint8_t i = 0; 775 qdf_mem_copy((uint8_t *)(&key->keytsc), 776 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 777 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 778 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 779 (uint8_t *)(&req_key->keyrsc), 780 sizeof(key->keyrsc[0])); 781 } 782 } 783 784 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 785 key->valid = 1; 786 if ((IS_MGMT_CIPHER(req_key->type))) { 787 if (HAS_CIPHER_CAP(crypto_params, 788 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 789 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 790 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 791 key, macaddr, req_key->type); 792 } 793 } 794 wlan_crypto_set_mgmtcipher(crypto_params, req_key->type); 795 status = wlan_crypto_set_igtk_key(key); 796 return status; 797 } else if (IS_FILS_CIPHER(req_key->type)) { 798 /* Take request key object to FILS setkey */ 799 key->private = req_key; 800 } else { 801 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 802 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 803 macaddr, req_key->type); 804 } 805 } 806 status = cipher->setkey(key); 807 808 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) && 809 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 810 (!IS_MGMT_CIPHER(req_key->type))) { 811 /* default xmit key */ 812 wlan_crypto_default_key(vdev, 813 req_key->macaddr, 814 req_key->keyix, 815 !isbcast); 816 } 817 818 return status; 819 } 820 821 /** 822 * wlan_crypto_get_keytype - get keytype 823 * @key: key 824 * 825 * This function gets keytype from key 826 * 827 * Return: keytype 828 */ 829 wlan_crypto_cipher_type wlan_crypto_get_key_type( 830 struct wlan_crypto_key *key){ 831 if (key && key->cipher_table) { 832 return ((struct wlan_crypto_cipher *) 833 (key->cipher_table))->cipher; 834 } 835 return WLAN_CRYPTO_CIPHER_NONE; 836 } 837 qdf_export_symbol(wlan_crypto_get_key_type); 838 /** 839 * wlan_crypto_vdev_getkey - get key from vdev 840 * @vdev: vdev 841 * @keyix: keyix 842 * 843 * This function gets key from vdev 844 * 845 * Return: key or NULL 846 */ 847 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev, 848 uint16_t keyix){ 849 struct wlan_crypto_comp_priv *crypto_priv; 850 struct wlan_crypto_params *crypto_params; 851 struct wlan_crypto_key *key = NULL; 852 853 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 854 855 if (!crypto_priv) { 856 crypto_err("crypto_priv NULL"); 857 return NULL; 858 } 859 /* for keyix 4,5 we return the igtk keys for keyix more than 5 860 * we return the default key, for all other keyix we return the 861 * key accordingly. 862 */ 863 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 864 keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 865 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 866 else if (keyix >= WLAN_CRYPTO_MAXKEYIDX) 867 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 868 else 869 key = crypto_priv->key[keyix]; 870 871 if (key && key->valid) 872 return key; 873 874 return NULL; 875 } 876 qdf_export_symbol(wlan_crypto_vdev_getkey); 877 878 /** 879 * wlan_crypto_peer_getkey - get key from peer 880 * @peer: peer 881 * @keyix: keyix 882 * 883 * This function gets key from peer 884 * 885 * Return: key or NULL 886 */ 887 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer, 888 uint16_t keyix){ 889 struct wlan_crypto_comp_priv *crypto_priv; 890 struct wlan_crypto_params *crypto_params; 891 struct wlan_crypto_key *key = NULL; 892 893 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 894 895 if (!crypto_priv) { 896 crypto_err("crypto_priv NULL"); 897 return NULL; 898 } 899 900 /* for keyix 4,5 we return the igtk keys for keyix more than 5 901 * we return the default key, for all other keyix we return the 902 * key accordingly. 903 */ 904 if (keyix == WLAN_CRYPTO_KEYIX_NONE || 905 keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) 906 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 907 else if (keyix >= WLAN_CRYPTO_MAXKEYIDX) 908 key = crypto_priv->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX]; 909 else 910 key = crypto_priv->key[keyix]; 911 912 if (key && key->valid) 913 return key; 914 915 return NULL; 916 } 917 qdf_export_symbol(wlan_crypto_peer_getkey); 918 919 /** 920 * wlan_crypto_getkey - called by ucfg to get key 921 * @vdev: vdev 922 * @req_key: key value will be copied in this req_key 923 * @mac_address: mac address of the peer for unicast key 924 * or broadcast address if group key is requested. 925 * 926 * This function gets called from ucfg to get key 927 * 928 * Return: QDF_STATUS_SUCCESS - in case of success 929 */ 930 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 931 struct wlan_crypto_req_key *req_key, 932 uint8_t *mac_addr){ 933 struct wlan_crypto_cipher *cipher_table; 934 struct wlan_crypto_key *key; 935 struct wlan_objmgr_psoc *psoc; 936 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 937 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 938 939 wlan_vdev_obj_lock(vdev); 940 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), 941 QDF_MAC_ADDR_SIZE); 942 psoc = wlan_vdev_get_psoc(vdev); 943 if (!psoc) { 944 wlan_vdev_obj_unlock(vdev); 945 crypto_err("psoc NULL"); 946 return QDF_STATUS_E_INVAL; 947 } 948 wlan_vdev_obj_unlock(vdev); 949 950 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 951 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix); 952 if (!key) 953 return QDF_STATUS_E_INVAL; 954 } else { 955 struct wlan_objmgr_peer *peer; 956 uint8_t pdev_id; 957 958 pdev_id = wlan_objmgr_pdev_get_pdev_id( 959 wlan_vdev_get_pdev(vdev)); 960 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 961 psoc, 962 pdev_id, 963 macaddr, 964 mac_addr, 965 WLAN_CRYPTO_ID); 966 if (!peer) { 967 crypto_err("peer NULL"); 968 return QDF_STATUS_E_NOENT; 969 } 970 key = wlan_crypto_peer_getkey(peer, req_key->keyix); 971 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 972 if (!key) 973 return QDF_STATUS_E_INVAL; 974 } 975 976 if (key->valid) { 977 qdf_mem_copy(req_key->keydata, 978 key->keyval, key->keylen); 979 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 980 (uint8_t *)(&key->keytsc), 981 sizeof(req_key->keytsc)); 982 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 983 (uint8_t *)(&key->keyrsc[0]), 984 sizeof(req_key->keyrsc)); 985 req_key->keylen = key->keylen; 986 req_key->flags = key->flags; 987 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 988 989 if (!cipher_table) 990 return QDF_STATUS_SUCCESS; 991 992 req_key->type = cipher_table->cipher; 993 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 994 qdf_mem_copy((uint8_t *)(&req_key->txiv), 995 (uint8_t *)(key->txiv), 996 sizeof(req_key->txiv)); 997 qdf_mem_copy((uint8_t *)(&req_key->recviv), 998 (uint8_t *)(key->recviv), 999 sizeof(req_key->recviv)); 1000 } 1001 } 1002 1003 return QDF_STATUS_SUCCESS; 1004 } 1005 1006 /** 1007 * wlan_crypto_delkey - called by ucfg to delete key 1008 * @vdev: vdev 1009 * @mac_address: mac address of the peer for unicast key 1010 * or broadcast address if group key is deleted. 1011 * @key_idx: key index to be deleted 1012 * 1013 * This function gets called from ucfg to delete key 1014 * 1015 * Return: QDF_STATUS_SUCCESS - in case of success 1016 */ 1017 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 1018 uint8_t *macaddr, 1019 uint8_t key_idx){ 1020 struct wlan_crypto_comp_priv *crypto_priv; 1021 struct wlan_crypto_params *crypto_params; 1022 struct wlan_crypto_key *key; 1023 struct wlan_crypto_cipher *cipher_table; 1024 struct wlan_objmgr_psoc *psoc; 1025 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1026 1027 if (!vdev || !macaddr || 1028 (key_idx >= 1029 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 1030 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1031 vdev, macaddr, key_idx); 1032 return QDF_STATUS_E_INVAL; 1033 } 1034 1035 wlan_vdev_obj_lock(vdev); 1036 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1037 QDF_MAC_ADDR_SIZE); 1038 psoc = wlan_vdev_get_psoc(vdev); 1039 if (!psoc) { 1040 wlan_vdev_obj_unlock(vdev); 1041 crypto_err("psoc NULL"); 1042 return QDF_STATUS_E_INVAL; 1043 } 1044 wlan_vdev_obj_unlock(vdev); 1045 1046 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1047 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1048 &crypto_priv); 1049 if (!crypto_priv) { 1050 crypto_err("crypto_priv NULL"); 1051 return QDF_STATUS_E_INVAL; 1052 } 1053 } else { 1054 struct wlan_objmgr_peer *peer; 1055 uint8_t pdev_id; 1056 1057 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1058 wlan_vdev_get_pdev(vdev)); 1059 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1060 psoc, pdev_id, 1061 bssid_mac, 1062 macaddr, 1063 WLAN_CRYPTO_ID); 1064 if (!peer) { 1065 return QDF_STATUS_E_INVAL; 1066 } 1067 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1068 &crypto_priv); 1069 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1070 if (!crypto_priv) { 1071 crypto_err("crypto_priv NULL"); 1072 return QDF_STATUS_E_INVAL; 1073 } 1074 } 1075 1076 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 1077 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 1078 if (igtk_idx >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1079 crypto_err("Igtk key invalid keyid %d", igtk_idx); 1080 return QDF_STATUS_E_INVAL; 1081 } 1082 key = crypto_priv->igtk_key[igtk_idx]; 1083 crypto_priv->igtk_key[igtk_idx] = NULL; 1084 if (key) 1085 key->valid = 0; 1086 } else { 1087 key = crypto_priv->key[key_idx]; 1088 crypto_priv->key[key_idx] = NULL; 1089 } 1090 1091 if (!key) 1092 return QDF_STATUS_E_INVAL; 1093 1094 if (key->valid) { 1095 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1096 qdf_mem_zero(key->keyval, sizeof(key->keyval)); 1097 1098 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 1099 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 1100 macaddr, cipher_table->cipher); 1101 } 1102 } 1103 qdf_mem_free(key); 1104 1105 return QDF_STATUS_SUCCESS; 1106 } 1107 1108 #ifdef CRYPTO_SET_KEY_CONVERGED 1109 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1110 uint8_t key_idx, uint8_t *macaddr) 1111 { 1112 return QDF_STATUS_SUCCESS; 1113 } 1114 #else 1115 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev, 1116 uint8_t key_idx, uint8_t *macaddr) 1117 { 1118 struct wlan_objmgr_psoc *psoc; 1119 1120 psoc = wlan_vdev_get_psoc(vdev); 1121 if (!psoc) { 1122 crypto_err("psoc is NULL"); 1123 return QDF_STATUS_E_INVAL; 1124 } 1125 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 1126 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 1127 macaddr); 1128 } 1129 1130 return QDF_STATUS_SUCCESS; 1131 } 1132 #endif 1133 1134 /** 1135 * wlan_crypto_default_key - called by ucfg to set default tx key 1136 * @vdev: vdev 1137 * @mac_address: mac address of the peer for unicast key 1138 * or broadcast address if group key need to made default. 1139 * @key_idx: key index to be made as default key 1140 * @unicast: is key was unicast or group key. 1141 * 1142 * This function gets called from ucfg to set default key 1143 * 1144 * Return: QDF_STATUS_SUCCESS - in case of success 1145 */ 1146 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 1147 uint8_t *macaddr, 1148 uint8_t key_idx, 1149 bool unicast){ 1150 struct wlan_crypto_comp_priv *crypto_priv; 1151 struct wlan_crypto_params *crypto_params; 1152 struct wlan_crypto_key *key; 1153 struct wlan_objmgr_psoc *psoc; 1154 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1155 1156 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 1157 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d", 1158 vdev, macaddr, key_idx); 1159 return QDF_STATUS_E_INVAL; 1160 } 1161 1162 wlan_vdev_obj_lock(vdev); 1163 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1164 QDF_MAC_ADDR_SIZE); 1165 psoc = wlan_vdev_get_psoc(vdev); 1166 if (!psoc) { 1167 wlan_vdev_obj_unlock(vdev); 1168 crypto_err("psoc NULL"); 1169 return QDF_STATUS_E_INVAL; 1170 } 1171 wlan_vdev_obj_unlock(vdev); 1172 1173 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 1174 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1175 &crypto_priv); 1176 if (!crypto_priv) { 1177 crypto_err("crypto_priv NULL"); 1178 return QDF_STATUS_E_INVAL; 1179 } 1180 1181 key = crypto_priv->key[key_idx]; 1182 if (!key) 1183 return QDF_STATUS_E_INVAL; 1184 } else { 1185 struct wlan_objmgr_peer *peer; 1186 uint8_t pdev_id; 1187 1188 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1189 wlan_vdev_get_pdev(vdev)); 1190 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1191 psoc, pdev_id, 1192 bssid_mac, 1193 macaddr, 1194 WLAN_CRYPTO_ID); 1195 1196 if (!peer) { 1197 crypto_err("peer NULL"); 1198 return QDF_STATUS_E_INVAL; 1199 } 1200 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1201 &crypto_priv); 1202 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1203 if (!crypto_priv) { 1204 crypto_err("crypto_priv NULL"); 1205 return QDF_STATUS_E_INVAL; 1206 } 1207 1208 key = crypto_priv->key[key_idx]; 1209 if (!key) 1210 return QDF_STATUS_E_INVAL; 1211 } 1212 if (!key->valid) 1213 return QDF_STATUS_E_INVAL; 1214 1215 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) != 1216 QDF_STATUS_SUCCESS) 1217 return QDF_STATUS_E_INVAL; 1218 crypto_priv->def_tx_keyid = key_idx; 1219 1220 return QDF_STATUS_SUCCESS; 1221 } 1222 1223 /** 1224 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 1225 * @vdev: vdev 1226 * @wbuf: wbuf 1227 * @macaddr: macaddr 1228 * @encapdone: is encapdone already or not. 1229 * 1230 * This function gets called from mgmt txrx to encap frame. 1231 * 1232 * Return: QDF_STATUS_SUCCESS - in case of success 1233 */ 1234 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 1235 qdf_nbuf_t wbuf, 1236 uint8_t *mac_addr, 1237 uint8_t encapdone){ 1238 struct wlan_crypto_comp_priv *crypto_priv; 1239 struct wlan_crypto_params *crypto_params; 1240 struct wlan_crypto_key *key; 1241 QDF_STATUS status; 1242 struct wlan_crypto_cipher *cipher_table; 1243 struct wlan_objmgr_psoc *psoc; 1244 struct wlan_objmgr_peer *peer; 1245 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1246 uint8_t pdev_id; 1247 uint8_t hdrlen; 1248 enum QDF_OPMODE opmode; 1249 1250 opmode = wlan_vdev_mlme_get_opmode(vdev); 1251 wlan_vdev_obj_lock(vdev); 1252 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1253 QDF_MAC_ADDR_SIZE); 1254 psoc = wlan_vdev_get_psoc(vdev); 1255 if (!psoc) { 1256 wlan_vdev_obj_unlock(vdev); 1257 crypto_err("psoc NULL"); 1258 return QDF_STATUS_E_INVAL; 1259 } 1260 wlan_vdev_obj_unlock(vdev); 1261 1262 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1263 /* FILS Encap required only for (Re-)Assoc response */ 1264 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1265 1266 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1267 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1268 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1269 return QDF_STATUS_E_INVAL; 1270 } 1271 1272 if (peer) 1273 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1274 1275 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1276 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1277 &crypto_priv); 1278 if (!crypto_priv) { 1279 crypto_err("crypto_priv NULL"); 1280 return QDF_STATUS_E_INVAL; 1281 } 1282 1283 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1284 if (!key) 1285 return QDF_STATUS_E_INVAL; 1286 1287 } else { 1288 struct wlan_objmgr_peer *peer; 1289 uint8_t pdev_id; 1290 1291 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1292 wlan_vdev_get_pdev(vdev)); 1293 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id, 1294 bssid_mac, mac_addr, 1295 WLAN_CRYPTO_ID); 1296 1297 if (!peer) { 1298 crypto_err("crypto_priv NULL"); 1299 return QDF_STATUS_E_INVAL; 1300 } 1301 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1302 &crypto_priv); 1303 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1304 1305 if (!crypto_priv) { 1306 crypto_err("crypto_priv NULL"); 1307 return QDF_STATUS_E_INVAL; 1308 } 1309 1310 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1311 if (!key) 1312 return QDF_STATUS_E_INVAL; 1313 } 1314 if (opmode == QDF_MONITOR_MODE) 1315 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1316 else 1317 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1318 (uint8_t *)qdf_nbuf_data(wbuf)); 1319 1320 /* if tkip, is counter measures enabled, then drop the frame */ 1321 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1322 status = cipher_table->encap(key, wbuf, encapdone, 1323 hdrlen); 1324 1325 return status; 1326 } 1327 qdf_export_symbol(wlan_crypto_encap); 1328 1329 /** 1330 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 1331 * @vdev: vdev 1332 * @wbuf: wbuf 1333 * @macaddr: macaddr 1334 * @tid: tid of the frame 1335 * 1336 * This function gets called from mgmt txrx to decap frame. 1337 * 1338 * Return: QDF_STATUS_SUCCESS - in case of success 1339 */ 1340 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 1341 qdf_nbuf_t wbuf, 1342 uint8_t *mac_addr, 1343 uint8_t tid){ 1344 struct wlan_crypto_comp_priv *crypto_priv; 1345 struct wlan_crypto_params *crypto_params; 1346 struct wlan_crypto_key *key; 1347 QDF_STATUS status; 1348 struct wlan_crypto_cipher *cipher_table; 1349 struct wlan_objmgr_psoc *psoc; 1350 struct wlan_objmgr_peer *peer; 1351 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1352 uint8_t keyid; 1353 uint8_t pdev_id; 1354 uint8_t hdrlen; 1355 enum QDF_OPMODE opmode; 1356 1357 opmode = wlan_vdev_mlme_get_opmode(vdev); 1358 wlan_vdev_obj_lock(vdev); 1359 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1360 QDF_MAC_ADDR_SIZE); 1361 psoc = wlan_vdev_get_psoc(vdev); 1362 if (!psoc) { 1363 wlan_vdev_obj_unlock(vdev); 1364 crypto_err("psoc NULL"); 1365 return QDF_STATUS_E_INVAL; 1366 } 1367 wlan_vdev_obj_unlock(vdev); 1368 1369 if (opmode == QDF_MONITOR_MODE) 1370 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1371 else 1372 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1373 (uint8_t *)qdf_nbuf_data(wbuf)); 1374 1375 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen); 1376 1377 if (keyid >= WLAN_CRYPTO_MAXKEYIDX) 1378 return QDF_STATUS_E_INVAL; 1379 1380 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev)); 1381 /* FILS Decap required only for (Re-)Assoc request */ 1382 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID); 1383 1384 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) && 1385 peer && !wlan_crypto_get_peer_fils_aead(peer)) { 1386 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1387 return QDF_STATUS_E_INVAL; 1388 } 1389 1390 if (peer) 1391 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1392 1393 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) { 1394 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1395 &crypto_priv); 1396 if (!crypto_priv) { 1397 crypto_err("crypto_priv NULL"); 1398 return QDF_STATUS_E_INVAL; 1399 } 1400 1401 key = crypto_priv->key[keyid]; 1402 if (!key) 1403 return QDF_STATUS_E_INVAL; 1404 1405 } else { 1406 struct wlan_objmgr_peer *peer; 1407 uint8_t pdev_id; 1408 1409 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1410 wlan_vdev_get_pdev(vdev)); 1411 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1412 psoc, pdev_id, bssid_mac, 1413 mac_addr, WLAN_CRYPTO_ID); 1414 if (!peer) { 1415 crypto_err("peer NULL"); 1416 return QDF_STATUS_E_INVAL; 1417 } 1418 1419 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1420 &crypto_priv); 1421 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1422 1423 if (!crypto_priv) { 1424 crypto_err("crypto_priv NULL"); 1425 return QDF_STATUS_E_INVAL; 1426 } 1427 1428 key = crypto_priv->key[keyid]; 1429 if (!key) 1430 return QDF_STATUS_E_INVAL; 1431 } 1432 /* if tkip, is counter measures enabled, then drop the frame */ 1433 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1434 status = cipher_table->decap(key, wbuf, tid, hdrlen); 1435 1436 return status; 1437 } 1438 qdf_export_symbol(wlan_crypto_decap); 1439 /** 1440 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1441 * @vdev: vdev 1442 * @wbuf: wbuf 1443 * @macaddr: macaddr 1444 * @encapdone: is encapdone already or not. 1445 * 1446 * This function gets called from mgmt txrx to adding mic to the frame. 1447 * 1448 * Return: QDF_STATUS_SUCCESS - in case of success 1449 */ 1450 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1451 qdf_nbuf_t wbuf, 1452 uint8_t *mac_addr, 1453 uint8_t encapdone){ 1454 struct wlan_crypto_comp_priv *crypto_priv; 1455 struct wlan_crypto_params *crypto_params; 1456 struct wlan_crypto_key *key; 1457 QDF_STATUS status; 1458 struct wlan_crypto_cipher *cipher_table; 1459 struct wlan_objmgr_psoc *psoc; 1460 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1461 uint8_t hdrlen; 1462 enum QDF_OPMODE opmode; 1463 1464 opmode = wlan_vdev_mlme_get_opmode(vdev); 1465 1466 1467 wlan_vdev_obj_lock(vdev); 1468 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1469 QDF_MAC_ADDR_SIZE); 1470 psoc = wlan_vdev_get_psoc(vdev); 1471 if (!psoc) { 1472 wlan_vdev_obj_unlock(vdev); 1473 crypto_err("psoc NULL"); 1474 return QDF_STATUS_E_INVAL; 1475 } 1476 wlan_vdev_obj_unlock(vdev); 1477 1478 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1479 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1480 &crypto_priv); 1481 if (!crypto_priv) { 1482 crypto_err("crypto_priv NULL"); 1483 return QDF_STATUS_E_INVAL; 1484 } 1485 1486 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1487 if (!key) 1488 return QDF_STATUS_E_INVAL; 1489 1490 } else { 1491 struct wlan_objmgr_peer *peer; 1492 uint8_t pdev_id; 1493 1494 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1495 wlan_vdev_get_pdev(vdev)); 1496 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1497 psoc, pdev_id, bssid_mac, 1498 mac_addr, WLAN_CRYPTO_ID); 1499 if (!peer) { 1500 crypto_err("crypto_priv NULL"); 1501 return QDF_STATUS_E_INVAL; 1502 } 1503 1504 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1505 &crypto_priv); 1506 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1507 1508 if (!crypto_priv) { 1509 crypto_err("crypto_priv NULL"); 1510 return QDF_STATUS_E_INVAL; 1511 } 1512 1513 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1514 if (!key) 1515 return QDF_STATUS_E_INVAL; 1516 } 1517 if (opmode == QDF_MONITOR_MODE) 1518 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1519 else 1520 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1521 (uint8_t *)qdf_nbuf_data(wbuf)); 1522 1523 /* if tkip, is counter measures enabled, then drop the frame */ 1524 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1525 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen); 1526 1527 return status; 1528 } 1529 1530 /** 1531 * wlan_crypto_demic - called by mgmt for remove and check mic for 1532 * the frame based on cipher 1533 * @vdev: vdev 1534 * @wbuf: wbuf 1535 * @macaddr: macaddr 1536 * @tid: tid of the frame 1537 * @keyid: keyid in the received frame 1538 * This function gets called from mgmt txrx to decap frame. 1539 * 1540 * Return: QDF_STATUS_SUCCESS - in case of success 1541 */ 1542 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1543 qdf_nbuf_t wbuf, 1544 uint8_t *mac_addr, 1545 uint8_t tid, 1546 uint8_t keyid){ 1547 struct wlan_crypto_comp_priv *crypto_priv; 1548 struct wlan_crypto_params *crypto_params; 1549 struct wlan_crypto_key *key; 1550 QDF_STATUS status; 1551 struct wlan_crypto_cipher *cipher_table; 1552 struct wlan_objmgr_psoc *psoc; 1553 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE]; 1554 uint8_t hdrlen; 1555 enum QDF_OPMODE opmode; 1556 1557 opmode = wlan_vdev_mlme_get_opmode(vdev); 1558 1559 if (opmode == QDF_MONITOR_MODE) 1560 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf)); 1561 else 1562 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev), 1563 (uint8_t *)qdf_nbuf_data(wbuf)); 1564 1565 wlan_vdev_obj_lock(vdev); 1566 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), 1567 QDF_MAC_ADDR_SIZE); 1568 psoc = wlan_vdev_get_psoc(vdev); 1569 if (!psoc) { 1570 wlan_vdev_obj_unlock(vdev); 1571 crypto_err("psoc NULL"); 1572 return QDF_STATUS_E_INVAL; 1573 } 1574 wlan_vdev_obj_unlock(vdev); 1575 1576 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1577 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1578 &crypto_priv); 1579 if (!crypto_priv) { 1580 crypto_err("crypto_priv NULL"); 1581 return QDF_STATUS_E_INVAL; 1582 } 1583 1584 key = crypto_priv->key[keyid]; 1585 if (!key) 1586 return QDF_STATUS_E_INVAL; 1587 1588 } else { 1589 struct wlan_objmgr_peer *peer; 1590 uint8_t pdev_id; 1591 1592 pdev_id = wlan_objmgr_pdev_get_pdev_id( 1593 wlan_vdev_get_pdev(vdev)); 1594 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1595 psoc, pdev_id, bssid_mac, 1596 mac_addr, WLAN_CRYPTO_ID); 1597 if (!peer) { 1598 crypto_err("peer NULL"); 1599 return QDF_STATUS_E_INVAL; 1600 } 1601 1602 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1603 &crypto_priv); 1604 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1605 1606 if (!crypto_priv) { 1607 crypto_err("crypto_priv NULL"); 1608 return QDF_STATUS_E_INVAL; 1609 } 1610 1611 key = crypto_priv->key[keyid]; 1612 if (!key) 1613 return QDF_STATUS_E_INVAL; 1614 } 1615 /* if tkip, is counter measures enabled, then drop the frame */ 1616 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1617 status = cipher_table->demic(key, wbuf, tid, hdrlen); 1618 1619 return status; 1620 } 1621 1622 /** 1623 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1624 * @vdev: vdev 1625 * 1626 * This function gets called to check is pmf enabled or not in vdev. 1627 * 1628 * Return: true or false 1629 */ 1630 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1631 { 1632 1633 struct wlan_crypto_comp_priv *crypto_priv; 1634 struct wlan_crypto_params *vdev_crypto_params; 1635 1636 if (!vdev) 1637 return false; 1638 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1639 &crypto_priv); 1640 if (!crypto_priv) { 1641 crypto_err("crypto_priv NULL"); 1642 return QDF_STATUS_E_INVAL; 1643 } 1644 1645 if ((vdev_crypto_params->rsn_caps & 1646 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1647 || (vdev_crypto_params->rsn_caps & 1648 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1649 return true; 1650 } 1651 1652 return false; 1653 } 1654 1655 /** 1656 * wlan_crypto_vdev_is_pmf_required - called to check is pmf required in vdev 1657 * @vdev: vdev 1658 * 1659 * This function gets called to check is pmf required or not in vdev. 1660 * 1661 * Return: true or false 1662 */ 1663 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev) 1664 { 1665 struct wlan_crypto_comp_priv *crypto_priv; 1666 struct wlan_crypto_params *vdev_crypto_params; 1667 1668 if (!vdev) 1669 return false; 1670 1671 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1672 &crypto_priv); 1673 if (!crypto_priv) { 1674 crypto_err("crypto_priv NULL"); 1675 return QDF_STATUS_E_INVAL; 1676 } 1677 1678 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED) 1679 return true; 1680 1681 return false; 1682 } 1683 1684 /** 1685 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1686 * @vdev: vdev 1687 * @peer: peer 1688 * 1689 * This function gets called by mgmt txrx to check is pmf enabled or not. 1690 * 1691 * Return: true or false 1692 */ 1693 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1694 struct wlan_objmgr_peer *peer){ 1695 1696 struct wlan_crypto_comp_priv *crypto_priv; 1697 struct wlan_crypto_params *vdev_crypto_params; 1698 struct wlan_crypto_params *peer_crypto_params; 1699 1700 if (!vdev || !peer) 1701 return false; 1702 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1703 &crypto_priv); 1704 if (!crypto_priv) { 1705 crypto_err("crypto_priv NULL"); 1706 return QDF_STATUS_E_INVAL; 1707 } 1708 1709 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1710 &crypto_priv); 1711 if (!crypto_priv) { 1712 crypto_err("crypto_priv NULL"); 1713 return QDF_STATUS_E_INVAL; 1714 } 1715 if (((vdev_crypto_params->rsn_caps & 1716 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1717 (peer_crypto_params->rsn_caps & 1718 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1719 || (vdev_crypto_params->rsn_caps & 1720 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1721 return true; 1722 } 1723 1724 return false; 1725 } 1726 1727 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b) 1728 { 1729 a[0] = b[5]; 1730 a[1] = b[4]; 1731 a[2] = b[3]; 1732 a[3] = b[2]; 1733 a[4] = b[1]; 1734 a[5] = b[0]; 1735 } 1736 1737 /** 1738 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1739 * @vdev: vdev 1740 * @bfrm: frame starting pointer 1741 * @len: length of the frame 1742 * 1743 * This function gets called by mgmt txrx to add mmie in frame 1744 * 1745 * Return: end of frame or NULL in case failure 1746 */ 1747 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1748 uint8_t *bfrm, 1749 uint32_t len) { 1750 struct wlan_crypto_key *key; 1751 struct wlan_crypto_mmie *mmie; 1752 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1753 struct wlan_frame_hdr *hdr; 1754 uint32_t i, hdrlen, mic_len, aad_len; 1755 uint8_t mic[16]; 1756 struct wlan_crypto_comp_priv *crypto_priv; 1757 struct wlan_crypto_params *crypto_params; 1758 int32_t ret = -1; 1759 1760 if (!bfrm) { 1761 crypto_err("frame is NULL"); 1762 return NULL; 1763 } 1764 1765 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1766 &crypto_priv); 1767 if (!crypto_priv) { 1768 crypto_err("crypto_priv NULL"); 1769 return NULL; 1770 } 1771 1772 if (crypto_priv->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) { 1773 crypto_err("igtk key invalid keyid %d", 1774 crypto_priv->def_igtk_tx_keyid); 1775 return NULL; 1776 } 1777 1778 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1779 if (!key) { 1780 crypto_err("No igtk key present"); 1781 return NULL; 1782 } 1783 mic_len = (crypto_priv->igtk_key_type 1784 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1785 1786 efrm = bfrm + len; 1787 aad_len = 20; 1788 hdrlen = sizeof(struct wlan_frame_hdr); 1789 len += sizeof(struct wlan_crypto_mmie); 1790 1791 mmie = (struct wlan_crypto_mmie *) efrm; 1792 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1793 mmie->element_id = WLAN_ELEMID_MMIE; 1794 mmie->length = sizeof(*mmie) - 2; 1795 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1796 1797 mic_len = (crypto_priv->igtk_key_type 1798 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1799 if (mic_len == 8) { 1800 mmie->length -= 8; 1801 len -= 8; 1802 } 1803 /* PN = PN + 1 */ 1804 pn = (uint8_t *)&key->keytsc; 1805 1806 for (i = 0; i <= 5; i++) { 1807 pn[i]++; 1808 if (pn[i]) 1809 break; 1810 } 1811 1812 /* Copy IPN */ 1813 qdf_mem_copy(mmie->sequence_number, pn, 6); 1814 1815 hdr = (struct wlan_frame_hdr *) bfrm; 1816 1817 buf = qdf_mem_malloc(len - hdrlen + 20); 1818 if (!buf) 1819 return NULL; 1820 1821 qdf_mem_zero(buf, len - hdrlen + 20); 1822 aad = buf; 1823 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1824 1825 /* FC type/subtype */ 1826 aad[0] = hdr->i_fc[0]; 1827 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1828 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1829 | WLAN_FC1_MOREDATA)); 1830 /* A1 || A2 || A3 */ 1831 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE); 1832 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1833 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 1834 qdf_mem_zero(mic, 16); 1835 1836 /* 1837 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1838 */ 1839 1840 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1841 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1842 1843 ret = omac1_aes_128(key->keyval, buf, 1844 len + aad_len - hdrlen, mic); 1845 qdf_mem_copy(mmie->mic, mic, 8); 1846 1847 } else if (crypto_priv->igtk_key_type 1848 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1849 1850 ret = omac1_aes_256(key->keyval, buf, 1851 len + aad_len - hdrlen, mmie->mic); 1852 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1853 || (crypto_priv->igtk_key_type 1854 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1855 1856 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1857 wlan_crypto_gmac_pn_swap(nounce + 6, pn); 1858 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1859 sizeof(nounce), buf, 1860 len + aad_len - hdrlen, mmie->mic); 1861 } 1862 qdf_mem_free(buf); 1863 if (ret < 0) { 1864 crypto_err("add mmie failed"); 1865 return NULL; 1866 } 1867 1868 return bfrm + len; 1869 } 1870 1871 /** 1872 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1873 * @vdev: vdev 1874 * @frm: frame starting pointer 1875 * @efrm: end of frame pointer 1876 * 1877 * This function gets called by mgmt txrx to check mmie of the frame 1878 * 1879 * Return: true or false 1880 */ 1881 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1882 uint8_t *frm, 1883 uint8_t *efrm){ 1884 struct wlan_crypto_mmie *mmie = NULL; 1885 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1886 struct wlan_crypto_key *key; 1887 struct wlan_frame_hdr *hdr; 1888 uint16_t mic_len, hdrlen, len; 1889 struct wlan_crypto_comp_priv *crypto_priv; 1890 struct wlan_crypto_params *crypto_params; 1891 uint8_t aad_len = 20; 1892 int32_t ret = -1; 1893 1894 /* check if frame is illegal length */ 1895 if (!frm || !efrm || (efrm < frm) 1896 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) { 1897 crypto_err("Invalid params"); 1898 return false; 1899 } 1900 len = efrm - frm; 1901 crypto_priv = (struct wlan_crypto_comp_priv *) 1902 wlan_get_vdev_crypto_obj(vdev); 1903 if (!crypto_priv) { 1904 crypto_err("crypto_priv NULL"); 1905 return false; 1906 } 1907 1908 crypto_params = &(crypto_priv->crypto_params); 1909 1910 1911 mic_len = (crypto_priv->igtk_key_type 1912 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1913 hdrlen = sizeof(struct wlan_frame_hdr); 1914 1915 if (mic_len == 8) 1916 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1917 else 1918 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1919 1920 1921 /* check Elem ID*/ 1922 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1923 crypto_err("IE is not MMIE"); 1924 return false; 1925 } 1926 1927 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX + 1928 WLAN_CRYPTO_MAXIGTKKEYIDX) || 1929 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) { 1930 crypto_err("keyid not valid"); 1931 return false; 1932 } 1933 1934 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1935 if (!key) { 1936 crypto_err("No igtk key present"); 1937 return false; 1938 } 1939 1940 /* validate ipn */ 1941 ipn = mmie->sequence_number; 1942 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1943 uint8_t *su = (uint8_t *)key->keyrsc; 1944 uint8_t *end = ipn + 6; 1945 1946 crypto_err("replay error :"); 1947 while (ipn < end) { 1948 crypto_err("expected pn = %x received pn = %x", 1949 *ipn++, *su++); 1950 } 1951 return false; 1952 } 1953 1954 buf = qdf_mem_malloc(len - hdrlen + 20); 1955 if (!buf) 1956 return false; 1957 1958 aad = buf; 1959 1960 /* construct AAD */ 1961 hdr = (struct wlan_frame_hdr *)frm; 1962 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1963 1964 /* FC type/subtype */ 1965 aad[0] = hdr->i_fc[0]; 1966 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1967 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT 1968 | WLAN_FC1_MOREDATA)); 1969 /* A1 || A2 || A3 */ 1970 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE); 1971 1972 /* 1973 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1974 */ 1975 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1976 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1977 qdf_mem_zero(mic, 16); 1978 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1979 ret = omac1_aes_128(key->keyval, buf, 1980 len - hdrlen + aad_len, mic); 1981 } else if (crypto_priv->igtk_key_type 1982 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1983 ret = omac1_aes_256(key->keyval, buf, 1984 len + aad_len - hdrlen, mic); 1985 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1986 || (crypto_priv->igtk_key_type 1987 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1988 qdf_mem_copy(nounce, hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1989 wlan_crypto_gmac_pn_swap(nounce + 6, ipn); 1990 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1991 sizeof(nounce), buf, 1992 len + aad_len - hdrlen, mic); 1993 } 1994 1995 qdf_mem_free(buf); 1996 1997 if (ret < 0) { 1998 crypto_err("genarate mmie failed"); 1999 return false; 2000 } 2001 2002 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 2003 crypto_err("mmie mismatch"); 2004 /* MMIE MIC mismatch */ 2005 return false; 2006 } 2007 2008 /* Update the receive sequence number */ 2009 qdf_mem_copy(key->keyrsc, ipn, 6); 2010 crypto_debug("mmie matched"); 2011 2012 return true; 2013 } 2014 2015 2016 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 2017 { 2018 int32_t status = -1; 2019 2020 switch (cipher) { 2021 case WLAN_CRYPTO_CIPHER_TKIP: 2022 return WPA_CIPHER_SUITE_TKIP; 2023 case WLAN_CRYPTO_CIPHER_AES_CCM: 2024 return WPA_CIPHER_SUITE_CCMP; 2025 case WLAN_CRYPTO_CIPHER_NONE: 2026 return WPA_CIPHER_SUITE_NONE; 2027 } 2028 2029 return status; 2030 } 2031 2032 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 2033 { 2034 int32_t status = -1; 2035 2036 switch (cipher) { 2037 case WLAN_CRYPTO_CIPHER_TKIP: 2038 return RSN_CIPHER_SUITE_TKIP; 2039 case WLAN_CRYPTO_CIPHER_AES_CCM: 2040 return RSN_CIPHER_SUITE_CCMP; 2041 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 2042 return RSN_CIPHER_SUITE_CCMP_256; 2043 case WLAN_CRYPTO_CIPHER_AES_GCM: 2044 return RSN_CIPHER_SUITE_GCMP; 2045 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 2046 return RSN_CIPHER_SUITE_GCMP_256; 2047 case WLAN_CRYPTO_CIPHER_AES_CMAC: 2048 return RSN_CIPHER_SUITE_AES_CMAC; 2049 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 2050 return RSN_CIPHER_SUITE_BIP_CMAC_256; 2051 case WLAN_CRYPTO_CIPHER_AES_GMAC: 2052 return RSN_CIPHER_SUITE_BIP_GMAC_128; 2053 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 2054 return RSN_CIPHER_SUITE_BIP_GMAC_256; 2055 case WLAN_CRYPTO_CIPHER_NONE: 2056 return RSN_CIPHER_SUITE_NONE; 2057 } 2058 2059 return status; 2060 } 2061 2062 /* 2063 * Convert an RSN key management/authentication algorithm 2064 * to an internal code. 2065 */ 2066 static int32_t 2067 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 2068 { 2069 int32_t status = -1; 2070 2071 switch (keymgmt) { 2072 case WLAN_CRYPTO_KEY_MGMT_NONE: 2073 return RSN_AUTH_KEY_MGMT_NONE; 2074 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2075 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 2076 case WLAN_CRYPTO_KEY_MGMT_PSK: 2077 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2078 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 2079 return RSN_AUTH_KEY_MGMT_FT_802_1X; 2080 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 2081 return RSN_AUTH_KEY_MGMT_FT_PSK; 2082 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 2083 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 2084 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 2085 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 2086 case WLAN_CRYPTO_KEY_MGMT_SAE: 2087 return RSN_AUTH_KEY_MGMT_SAE; 2088 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 2089 return RSN_AUTH_KEY_MGMT_FT_SAE; 2090 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 2091 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 2092 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 2093 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 2094 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2095 return RSN_AUTH_KEY_MGMT_CCKM; 2096 case WLAN_CRYPTO_KEY_MGMT_OSEN: 2097 return RSN_AUTH_KEY_MGMT_OSEN; 2098 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256: 2099 return RSN_AUTH_KEY_MGMT_FILS_SHA256; 2100 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384: 2101 return RSN_AUTH_KEY_MGMT_FILS_SHA384; 2102 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256: 2103 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256; 2104 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384: 2105 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384; 2106 case WLAN_CRYPTO_KEY_MGMT_OWE: 2107 return RSN_AUTH_KEY_MGMT_OWE; 2108 case WLAN_CRYPTO_KEY_MGMT_DPP: 2109 return RSN_AUTH_KEY_MGMT_DPP; 2110 } 2111 2112 return status; 2113 } 2114 2115 /* 2116 * Convert an RSN key management/authentication algorithm 2117 * to an internal code. 2118 */ 2119 static int32_t 2120 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 2121 { 2122 int32_t status = -1; 2123 2124 switch (keymgmt) { 2125 case WLAN_CRYPTO_KEY_MGMT_NONE: 2126 return WPA_AUTH_KEY_MGMT_NONE; 2127 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 2128 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 2129 case WLAN_CRYPTO_KEY_MGMT_PSK: 2130 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 2131 case WLAN_CRYPTO_KEY_MGMT_CCKM: 2132 return WPA_AUTH_KEY_MGMT_CCKM; 2133 } 2134 2135 return status; 2136 } 2137 /** 2138 * Convert a WPA cipher selector OUI to an internal 2139 * cipher algorithm. Where appropriate we also 2140 * record any key length. 2141 */ 2142 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 2143 { 2144 uint32_t w = LE_READ_4(sel); 2145 int32_t status = -1; 2146 2147 switch (w) { 2148 case WPA_CIPHER_SUITE_TKIP: 2149 return WLAN_CRYPTO_CIPHER_TKIP; 2150 case WPA_CIPHER_SUITE_CCMP: 2151 return WLAN_CRYPTO_CIPHER_AES_CCM; 2152 case WPA_CIPHER_SUITE_NONE: 2153 return WLAN_CRYPTO_CIPHER_NONE; 2154 } 2155 2156 return status; 2157 } 2158 2159 /* 2160 * Convert a WPA key management/authentication algorithm 2161 * to an internal code. 2162 */ 2163 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 2164 { 2165 uint32_t w = LE_READ_4(sel); 2166 int32_t status = -1; 2167 2168 switch (w) { 2169 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 2170 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2171 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2172 return WLAN_CRYPTO_KEY_MGMT_PSK; 2173 case WPA_AUTH_KEY_MGMT_CCKM: 2174 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2175 case WPA_AUTH_KEY_MGMT_NONE: 2176 return WLAN_CRYPTO_KEY_MGMT_NONE; 2177 } 2178 return status; 2179 } 2180 2181 /* 2182 * Convert a RSN cipher selector OUI to an internal 2183 * cipher algorithm. Where appropriate we also 2184 * record any key length. 2185 */ 2186 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 2187 { 2188 uint32_t w = LE_READ_4(sel); 2189 int32_t status = -1; 2190 2191 switch (w) { 2192 case RSN_CIPHER_SUITE_TKIP: 2193 return WLAN_CRYPTO_CIPHER_TKIP; 2194 case RSN_CIPHER_SUITE_CCMP: 2195 return WLAN_CRYPTO_CIPHER_AES_CCM; 2196 case RSN_CIPHER_SUITE_CCMP_256: 2197 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 2198 case RSN_CIPHER_SUITE_GCMP: 2199 return WLAN_CRYPTO_CIPHER_AES_GCM; 2200 case RSN_CIPHER_SUITE_GCMP_256: 2201 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 2202 case RSN_CIPHER_SUITE_AES_CMAC: 2203 return WLAN_CRYPTO_CIPHER_AES_CMAC; 2204 case RSN_CIPHER_SUITE_BIP_CMAC_256: 2205 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 2206 case RSN_CIPHER_SUITE_BIP_GMAC_128: 2207 return WLAN_CRYPTO_CIPHER_AES_GMAC; 2208 case RSN_CIPHER_SUITE_BIP_GMAC_256: 2209 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 2210 case RSN_CIPHER_SUITE_NONE: 2211 return WLAN_CRYPTO_CIPHER_NONE; 2212 } 2213 2214 return status; 2215 } 2216 /* 2217 * Convert an RSN key management/authentication algorithm 2218 * to an internal code. 2219 */ 2220 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 2221 { 2222 uint32_t w = LE_READ_4(sel); 2223 int32_t status = -1; 2224 2225 switch (w) { 2226 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 2227 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 2228 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 2229 return WLAN_CRYPTO_KEY_MGMT_PSK; 2230 case RSN_AUTH_KEY_MGMT_FT_802_1X: 2231 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 2232 case RSN_AUTH_KEY_MGMT_FT_PSK: 2233 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 2234 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 2235 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 2236 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 2237 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 2238 case RSN_AUTH_KEY_MGMT_SAE: 2239 return WLAN_CRYPTO_KEY_MGMT_SAE; 2240 case RSN_AUTH_KEY_MGMT_FT_SAE: 2241 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 2242 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 2243 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2244 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 2245 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2246 case RSN_AUTH_KEY_MGMT_CCKM: 2247 return WLAN_CRYPTO_KEY_MGMT_CCKM; 2248 case RSN_AUTH_KEY_MGMT_OSEN: 2249 return WLAN_CRYPTO_KEY_MGMT_OSEN; 2250 case RSN_AUTH_KEY_MGMT_FILS_SHA256: 2251 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256; 2252 case RSN_AUTH_KEY_MGMT_FILS_SHA384: 2253 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384; 2254 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256: 2255 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256; 2256 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384: 2257 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384; 2258 case RSN_AUTH_KEY_MGMT_OWE: 2259 return WLAN_CRYPTO_KEY_MGMT_OWE; 2260 case RSN_AUTH_KEY_MGMT_DPP: 2261 return WLAN_CRYPTO_KEY_MGMT_DPP; 2262 } 2263 2264 return status; 2265 } 2266 2267 /** 2268 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 2269 * @crypto params: crypto params 2270 * @iebuf: ie buffer 2271 * 2272 * This function gets called by mlme to check the contents of wpa is 2273 * matching with given crypto params 2274 * 2275 * Return: QDF_STATUS_SUCCESS - in case of success 2276 */ 2277 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 2278 uint8_t *frm){ 2279 uint8_t len = frm[1]; 2280 int32_t w; 2281 int n; 2282 2283 /* 2284 * Check the length once for fixed parts: OUI, type, 2285 * version, mcast cipher, and 2 selector counts. 2286 * Other, variable-length data, must be checked separately. 2287 */ 2288 RESET_AUTHMODE(crypto_params); 2289 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 2290 2291 if (len < 14) 2292 return QDF_STATUS_E_INVAL; 2293 2294 frm += 6, len -= 4; 2295 2296 w = LE_READ_2(frm); 2297 if (w != WPA_VERSION) 2298 return QDF_STATUS_E_INVAL; 2299 2300 frm += 2, len -= 2; 2301 2302 /* multicast/group cipher */ 2303 RESET_MCAST_CIPHERS(crypto_params); 2304 w = wlan_crypto_wpa_suite_to_cipher(frm); 2305 if (w < 0) 2306 return QDF_STATUS_E_INVAL; 2307 SET_MCAST_CIPHER(crypto_params, w); 2308 frm += 4, len -= 4; 2309 2310 /* unicast ciphers */ 2311 n = LE_READ_2(frm); 2312 frm += 2, len -= 2; 2313 if (len < n*4+2) 2314 return QDF_STATUS_E_INVAL; 2315 2316 RESET_UCAST_CIPHERS(crypto_params); 2317 for (; n > 0; n--) { 2318 w = wlan_crypto_wpa_suite_to_cipher(frm); 2319 if (w < 0) 2320 return QDF_STATUS_E_INVAL; 2321 SET_UCAST_CIPHER(crypto_params, w); 2322 frm += 4, len -= 4; 2323 } 2324 2325 if (!crypto_params->ucastcipherset) 2326 return QDF_STATUS_E_INVAL; 2327 2328 /* key management algorithms */ 2329 n = LE_READ_2(frm); 2330 frm += 2, len -= 2; 2331 if (len < n*4) 2332 return QDF_STATUS_E_INVAL; 2333 2334 w = 0; 2335 RESET_KEY_MGMT(crypto_params); 2336 for (; n > 0; n--) { 2337 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 2338 if (w < 0) 2339 return QDF_STATUS_E_INVAL; 2340 SET_KEY_MGMT(crypto_params, w); 2341 frm += 4, len -= 4; 2342 } 2343 2344 /* optional capabilities */ 2345 if (len >= 2) { 2346 crypto_params->rsn_caps = LE_READ_2(frm); 2347 frm += 2, len -= 2; 2348 } 2349 2350 return 0; 2351 } 2352 2353 /** 2354 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 2355 * @crypto params: crypto params 2356 * @iebuf: ie buffer 2357 * 2358 * This function gets called by mlme to check the contents of wpa is 2359 * matching with given crypto params 2360 * 2361 * Return: QDF_STATUS_SUCCESS - in case of success 2362 */ 2363 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 2364 uint8_t *frm){ 2365 uint8_t len = frm[1]; 2366 int32_t w; 2367 int n; 2368 2369 /* Check the length once for fixed parts: OUI, type & version */ 2370 if (len < 2) 2371 return QDF_STATUS_E_INVAL; 2372 2373 /* initialize crypto params */ 2374 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 2375 2376 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 2377 2378 frm += 2; 2379 /* NB: iswapoui already validated the OUI and type */ 2380 w = LE_READ_2(frm); 2381 if (w != RSN_VERSION) 2382 return QDF_STATUS_E_INVAL; 2383 2384 frm += 2, len -= 2; 2385 2386 if (!len) { 2387 /* set defaults */ 2388 /* default group cipher CCMP-128 */ 2389 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2390 /* default ucast cipher CCMP-128 */ 2391 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2392 /* default key mgmt 8021x */ 2393 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2394 return QDF_STATUS_SUCCESS; 2395 } else if (len < 4) { 2396 return QDF_STATUS_E_INVAL; 2397 } 2398 2399 /* multicast/group cipher */ 2400 w = wlan_crypto_rsn_suite_to_cipher(frm); 2401 if (w < 0) 2402 return QDF_STATUS_E_INVAL; 2403 else { 2404 SET_MCAST_CIPHER(crypto_params, w); 2405 frm += 4, len -= 4; 2406 } 2407 2408 if (crypto_params->mcastcipherset == 0) 2409 return QDF_STATUS_E_INVAL; 2410 2411 if (!len) { 2412 /* default ucast cipher CCMP-128 */ 2413 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2414 /* default key mgmt 8021x */ 2415 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2416 return QDF_STATUS_SUCCESS; 2417 } else if (len < 2) { 2418 return QDF_STATUS_E_INVAL; 2419 } 2420 2421 /* unicast ciphers */ 2422 n = LE_READ_2(frm); 2423 frm += 2, len -= 2; 2424 if (n) { 2425 if (len < n * 4) 2426 return QDF_STATUS_E_INVAL; 2427 2428 for (; n > 0; n--) { 2429 w = wlan_crypto_rsn_suite_to_cipher(frm); 2430 if (w < 0) 2431 return QDF_STATUS_E_INVAL; 2432 SET_UCAST_CIPHER(crypto_params, w); 2433 frm += 4, len -= 4; 2434 } 2435 } else { 2436 /* default ucast cipher CCMP-128 */ 2437 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM); 2438 } 2439 2440 if (crypto_params->ucastcipherset == 0) 2441 return QDF_STATUS_E_INVAL; 2442 2443 if (!len) { 2444 /* default key mgmt 8021x */ 2445 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2446 return QDF_STATUS_SUCCESS; 2447 } else if (len < 2) { 2448 return QDF_STATUS_E_INVAL; 2449 } 2450 2451 /* key management algorithms */ 2452 n = LE_READ_2(frm); 2453 frm += 2, len -= 2; 2454 2455 if (n) { 2456 if (len < n * 4) 2457 return QDF_STATUS_E_INVAL; 2458 2459 for (; n > 0; n--) { 2460 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 2461 if (w < 0) 2462 return QDF_STATUS_E_INVAL; 2463 SET_KEY_MGMT(crypto_params, w); 2464 frm += 4, len -= 4; 2465 } 2466 } else { 2467 /* default key mgmt 8021x */ 2468 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2469 } 2470 2471 if (crypto_params->key_mgmt == 0) 2472 return QDF_STATUS_E_INVAL; 2473 2474 /* optional capabilities */ 2475 if (len >= 2) { 2476 crypto_params->rsn_caps = LE_READ_2(frm); 2477 frm += 2, len -= 2; 2478 } else if (len && len < 2) { 2479 return QDF_STATUS_E_INVAL; 2480 } 2481 2482 2483 /* PMKID */ 2484 if (len >= 2) { 2485 n = LE_READ_2(frm); 2486 frm += 2, len -= 2; 2487 if (n && len) { 2488 if (len >= n * PMKID_LEN) 2489 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN); 2490 else 2491 return QDF_STATUS_E_INVAL; 2492 } else if (n && !len) { 2493 return QDF_STATUS_E_INVAL; 2494 } 2495 /*TODO: Save pmkid in params for further reference */ 2496 } 2497 2498 /* BIP */ 2499 if (!len && 2500 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2501 /* when no BIP mentioned and MFP capable use CMAC as default*/ 2502 SET_MGMT_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CMAC); 2503 return QDF_STATUS_SUCCESS; 2504 } else if (len >= 4) { 2505 w = wlan_crypto_rsn_suite_to_cipher(frm); 2506 frm += 4, len -= 4; 2507 SET_MGMT_CIPHER(crypto_params, w); 2508 } 2509 2510 return QDF_STATUS_SUCCESS; 2511 } 2512 2513 /** 2514 * wlan_crypto_build_wpaie - called by mlme to build wpaie 2515 * @vdev: vdev 2516 * @iebuf: ie buffer 2517 * 2518 * This function gets called by mlme to build wpaie from given vdev 2519 * 2520 * Return: end of buffer 2521 */ 2522 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev, 2523 uint8_t *iebuf){ 2524 uint8_t *frm = iebuf; 2525 uint8_t *selcnt; 2526 struct wlan_crypto_comp_priv *crypto_priv; 2527 struct wlan_crypto_params *crypto_params; 2528 2529 if (!frm) 2530 return NULL; 2531 2532 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2533 2534 if (!crypto_params) 2535 return NULL; 2536 2537 *frm++ = WLAN_ELEMID_VENDOR; 2538 *frm++ = 0; 2539 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 2540 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 2541 2542 2543 /* multicast cipher */ 2544 if (MCIPHER_IS_TKIP(crypto_params)) 2545 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2546 else if (MCIPHER_IS_CCMP128(crypto_params)) 2547 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2548 2549 /* unicast cipher list */ 2550 selcnt = frm; 2551 WLAN_CRYPTO_ADDSHORT(frm, 0); 2552 /* do not use CCMP unicast cipher in WPA mode */ 2553 if (UCIPHER_IS_CCMP128(crypto_params)) { 2554 selcnt[0]++; 2555 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2556 } 2557 if (UCIPHER_IS_TKIP(crypto_params)) { 2558 selcnt[0]++; 2559 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2560 } 2561 2562 /* authenticator selector list */ 2563 selcnt = frm; 2564 WLAN_CRYPTO_ADDSHORT(frm, 0); 2565 2566 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2567 selcnt[0]++; 2568 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2569 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2570 selcnt[0]++; 2571 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2572 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2573 selcnt[0]++; 2574 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2575 } else { 2576 selcnt[0]++; 2577 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE); 2578 } 2579 2580 /* optional capabilities */ 2581 if (crypto_params->rsn_caps != 0 && 2582 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) { 2583 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2584 } 2585 2586 /* calculate element length */ 2587 iebuf[1] = frm - iebuf - 2; 2588 2589 return frm; 2590 } 2591 2592 /** 2593 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2594 * @vdev: vdev 2595 * @iebuf: ie buffer 2596 * @bssid: bssid mac address to add pmkid in rsnie 2597 * 2598 * This function gets called by mlme to build rsnie from given vdev 2599 * 2600 * Return: end of buffer 2601 */ 2602 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev, 2603 uint8_t *iebuf, 2604 struct qdf_mac_addr *bssid) 2605 { 2606 uint8_t *frm = iebuf; 2607 uint8_t *selcnt; 2608 struct wlan_crypto_comp_priv *crypto_priv; 2609 struct wlan_crypto_params *crypto_params; 2610 2611 if (!frm) { 2612 return NULL; 2613 } 2614 2615 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2616 2617 if (!crypto_params) { 2618 return NULL; 2619 } 2620 2621 *frm++ = WLAN_ELEMID_RSN; 2622 *frm++ = 0; 2623 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2624 2625 2626 /* multicast cipher */ 2627 if (MCIPHER_IS_TKIP(crypto_params)) 2628 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2629 else if (MCIPHER_IS_CCMP128(crypto_params)) 2630 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2631 else if (MCIPHER_IS_CCMP256(crypto_params)) 2632 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2633 else if (MCIPHER_IS_GCMP128(crypto_params)) 2634 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2635 else if (MCIPHER_IS_GCMP256(crypto_params)) 2636 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2637 2638 /* unicast cipher list */ 2639 selcnt = frm; 2640 WLAN_CRYPTO_ADDSHORT(frm, 0); 2641 2642 if (UCIPHER_IS_CCMP256(crypto_params)) { 2643 selcnt[0]++; 2644 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256); 2645 } 2646 if (UCIPHER_IS_GCMP256(crypto_params)) { 2647 selcnt[0]++; 2648 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256); 2649 } 2650 if (UCIPHER_IS_CCMP128(crypto_params)) { 2651 selcnt[0]++; 2652 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM); 2653 } 2654 if (UCIPHER_IS_GCMP128(crypto_params)) { 2655 selcnt[0]++; 2656 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM); 2657 } 2658 if (UCIPHER_IS_TKIP(crypto_params)) { 2659 selcnt[0]++; 2660 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP); 2661 } 2662 2663 /* authenticator selector list */ 2664 selcnt = frm; 2665 WLAN_CRYPTO_ADDSHORT(frm, 0); 2666 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2667 selcnt[0]++; 2668 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM); 2669 /* Other key mgmt should not be added after CCKM */ 2670 goto add_rsn_caps; 2671 } 2672 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2673 selcnt[0]++; 2674 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X); 2675 } 2676 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2677 selcnt[0]++; 2678 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK); 2679 } 2680 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2681 selcnt[0]++; 2682 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2683 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X); 2684 } 2685 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2686 selcnt[0]++; 2687 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK); 2688 } 2689 if (HAS_KEY_MGMT(crypto_params, 2690 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2691 selcnt[0]++; 2692 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2693 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256); 2694 } 2695 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2696 selcnt[0]++; 2697 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256); 2698 } 2699 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) { 2700 selcnt[0]++; 2701 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE); 2702 } 2703 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) { 2704 selcnt[0]++; 2705 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE); 2706 } 2707 if (HAS_KEY_MGMT(crypto_params, 2708 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) { 2709 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 2710 2711 selcnt[0]++; 2712 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2713 } 2714 if (HAS_KEY_MGMT(crypto_params, 2715 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) { 2716 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 2717 2718 selcnt[0]++; 2719 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt); 2720 } 2721 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) { 2722 selcnt[0]++; 2723 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256); 2724 } 2725 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) { 2726 selcnt[0]++; 2727 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384); 2728 } 2729 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) { 2730 selcnt[0]++; 2731 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2732 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256); 2733 } 2734 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) { 2735 selcnt[0]++; 2736 RSN_ADD_KEYMGMT_TO_SUITE(frm, 2737 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384); 2738 } 2739 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) { 2740 selcnt[0]++; 2741 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE); 2742 } 2743 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) { 2744 selcnt[0]++; 2745 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP); 2746 } 2747 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2748 selcnt[0]++; 2749 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN); 2750 } 2751 add_rsn_caps: 2752 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2753 /* optional capabilities */ 2754 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) { 2755 /* PMK list */ 2756 if (bssid) { 2757 struct wlan_crypto_pmksa *pmksa; 2758 2759 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2760 2761 if (pmksa) { 2762 WLAN_CRYPTO_ADDSHORT(frm, 1); 2763 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2764 frm += PMKID_LEN; 2765 } else { 2766 WLAN_CRYPTO_ADDSHORT(frm, 0); 2767 } 2768 } else 2769 WLAN_CRYPTO_ADDSHORT(frm, 0); 2770 2771 if (HAS_MGMT_CIPHER(crypto_params, 2772 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2773 RSN_ADD_CIPHER_TO_SUITE(frm, 2774 WLAN_CRYPTO_CIPHER_AES_CMAC); 2775 } 2776 if (HAS_MGMT_CIPHER(crypto_params, 2777 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2778 RSN_ADD_CIPHER_TO_SUITE(frm, 2779 WLAN_CRYPTO_CIPHER_AES_GMAC); 2780 } 2781 if (HAS_MGMT_CIPHER(crypto_params, 2782 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2783 RSN_ADD_CIPHER_TO_SUITE(frm, 2784 WLAN_CRYPTO_CIPHER_AES_CMAC_256 2785 ); 2786 } 2787 2788 if (HAS_MGMT_CIPHER(crypto_params, 2789 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2790 RSN_ADD_CIPHER_TO_SUITE(frm, 2791 WLAN_CRYPTO_CIPHER_AES_GMAC_256 2792 ); 2793 } 2794 } else { 2795 /* PMK list */ 2796 if (bssid) { 2797 struct wlan_crypto_pmksa *pmksa; 2798 2799 pmksa = wlan_crypto_get_pmksa(vdev, bssid); 2800 if (pmksa) { 2801 WLAN_CRYPTO_ADDSHORT(frm, 1); 2802 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN); 2803 frm += PMKID_LEN; 2804 } else { 2805 WLAN_CRYPTO_ADDSHORT(frm, 0); 2806 } 2807 } 2808 } 2809 2810 /* calculate element length */ 2811 iebuf[1] = frm - iebuf - 2; 2812 2813 return frm; 2814 } 2815 2816 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2817 struct wlan_crypto_params *crypto_params){ 2818 struct wlan_crypto_params *my_crypto_params; 2819 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2820 2821 if (!my_crypto_params) { 2822 crypto_debug("vdev crypto params is NULL"); 2823 return false; 2824 } 2825 /* 2826 * Check peer's pairwise ciphers. 2827 * At least one must match with our unicast cipher 2828 */ 2829 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2830 crypto_debug("Unicast cipher match failed"); 2831 return false; 2832 } 2833 /* 2834 * Check peer's group cipher is our enabled multicast cipher. 2835 */ 2836 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) { 2837 crypto_debug("Multicast cipher match failed"); 2838 return false; 2839 } 2840 /* 2841 * Check peer's key management class set (PSK or UNSPEC) 2842 */ 2843 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) { 2844 crypto_debug("Key mgmt match failed"); 2845 return false; 2846 } 2847 if (wlan_crypto_vdev_is_pmf_required(vdev) && 2848 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) { 2849 crypto_debug("Peer is not PMF capable"); 2850 return false; 2851 } 2852 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) && 2853 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 2854 crypto_debug("Peer needs PMF, but vdev is not capable"); 2855 return false; 2856 } 2857 2858 return true; 2859 } 2860 2861 /* 2862 * Convert an WAPI CIPHER suite to to an internal code. 2863 */ 2864 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2865 { 2866 uint32_t w = LE_READ_4(sel); 2867 int32_t status = -1; 2868 2869 switch (w) { 2870 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2871 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2872 } 2873 2874 return status; 2875 } 2876 2877 /* 2878 * Convert an WAPI key management/authentication algorithm 2879 * to an internal code. 2880 */ 2881 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2882 { 2883 uint32_t w = LE_READ_4(sel); 2884 int32_t status = -1; 2885 2886 switch (w) { 2887 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2888 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2889 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2890 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2891 } 2892 2893 return status; 2894 } 2895 /** 2896 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2897 * @crypto params: crypto params 2898 * @iebuf: ie buffer 2899 * 2900 * This function gets called by mlme to check the contents of wapi is 2901 * matching with given crypto params 2902 * 2903 * Return: QDF_STATUS_SUCCESS - in case of success 2904 */ 2905 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2906 uint8_t *frm) 2907 { 2908 uint8_t len = frm[1]; 2909 int32_t w; 2910 int n; 2911 2912 /* 2913 * Check the length once for fixed parts: OUI, type, 2914 * version, mcast cipher, and 2 selector counts. 2915 * Other, variable-length data, must be checked separately. 2916 */ 2917 RESET_AUTHMODE(crypto_params); 2918 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2919 2920 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2921 return QDF_STATUS_E_INVAL; 2922 2923 2924 frm += 2; 2925 2926 w = LE_READ_2(frm); 2927 frm += 2, len -= 2; 2928 if (w != WAPI_VERSION) 2929 return QDF_STATUS_E_INVAL; 2930 2931 n = LE_READ_2(frm); 2932 frm += 2, len -= 2; 2933 if (len < n*4+2) 2934 return QDF_STATUS_E_INVAL; 2935 2936 RESET_KEY_MGMT(crypto_params); 2937 for (; n > 0; n--) { 2938 w = wlan_crypto_wapi_keymgmt(frm); 2939 if (w < 0) 2940 return QDF_STATUS_E_INVAL; 2941 2942 SET_KEY_MGMT(crypto_params, w); 2943 frm += 4, len -= 4; 2944 } 2945 2946 /* unicast ciphers */ 2947 n = LE_READ_2(frm); 2948 frm += 2, len -= 2; 2949 if (len < n*4+2) 2950 return QDF_STATUS_E_INVAL; 2951 2952 RESET_UCAST_CIPHERS(crypto_params); 2953 for (; n > 0; n--) { 2954 w = wlan_crypto_wapi_suite_to_cipher(frm); 2955 if (w < 0) 2956 return QDF_STATUS_E_INVAL; 2957 SET_UCAST_CIPHER(crypto_params, w); 2958 frm += 4, len -= 4; 2959 } 2960 2961 if (!crypto_params->ucastcipherset) 2962 return QDF_STATUS_E_INVAL; 2963 2964 /* multicast/group cipher */ 2965 RESET_MCAST_CIPHERS(crypto_params); 2966 w = wlan_crypto_wapi_suite_to_cipher(frm); 2967 2968 if (w < 0) 2969 return QDF_STATUS_E_INVAL; 2970 2971 SET_MCAST_CIPHER(crypto_params, w); 2972 frm += 4, len -= 4; 2973 2974 return QDF_STATUS_SUCCESS; 2975 } 2976 2977 /** 2978 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2979 * @vdev: vdev 2980 * @iebuf: ie buffer 2981 * 2982 * This function gets called by mlme to build wapi ie from given vdev 2983 * 2984 * Return: end of buffer 2985 */ 2986 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2987 uint8_t *iebuf) 2988 { 2989 uint8_t *frm; 2990 uint8_t *selcnt; 2991 struct wlan_crypto_comp_priv *crypto_priv; 2992 struct wlan_crypto_params *crypto_params; 2993 2994 frm = iebuf; 2995 if (!frm) { 2996 crypto_err("ie buffer NULL"); 2997 return NULL; 2998 } 2999 3000 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3001 3002 if (!crypto_params) { 3003 crypto_err("crypto_params NULL"); 3004 return NULL; 3005 } 3006 3007 *frm++ = WLAN_ELEMID_WAPI; 3008 *frm++ = 0; 3009 3010 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 3011 3012 /* authenticator selector list */ 3013 selcnt = frm; 3014 WLAN_CRYPTO_ADDSHORT(frm, 0); 3015 3016 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 3017 selcnt[0]++; 3018 WLAN_CRYPTO_ADDSELECTOR(frm, 3019 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 3020 } 3021 3022 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 3023 selcnt[0]++; 3024 WLAN_CRYPTO_ADDSELECTOR(frm, 3025 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 3026 } 3027 3028 /* unicast cipher list */ 3029 selcnt = frm; 3030 WLAN_CRYPTO_ADDSHORT(frm, 0); 3031 3032 if (UCIPHER_IS_SMS4(crypto_params)) { 3033 selcnt[0]++; 3034 WLAN_CRYPTO_ADDSELECTOR(frm, 3035 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3036 } 3037 3038 WLAN_CRYPTO_ADDSELECTOR(frm, 3039 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 3040 3041 /* optional capabilities */ 3042 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 3043 3044 /* bkid count */ 3045 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE || 3046 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE) 3047 WLAN_CRYPTO_ADDSHORT(frm, 0); 3048 3049 /* calculate element length */ 3050 iebuf[1] = frm - iebuf - 2; 3051 3052 return frm; 3053 3054 } 3055 3056 /** 3057 * wlan_crypto_pn_check - called by data patch for PN check 3058 * @vdev: vdev 3059 * @wbuf: wbuf 3060 * 3061 * This function gets called by data patch for PN check 3062 * 3063 * Return: QDF_STATUS 3064 */ 3065 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 3066 qdf_nbuf_t wbuf){ 3067 /* Need to check is there real requirement for this function 3068 * as PN check is already handled in decap function. 3069 */ 3070 return QDF_STATUS_SUCCESS; 3071 } 3072 3073 /** 3074 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 3075 * @vdev:vdev 3076 * 3077 * This function gets called by mlme to get crypto params 3078 * 3079 * Return: wlan_crypto_params or NULL in case of failure 3080 */ 3081 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 3082 struct wlan_objmgr_vdev *vdev){ 3083 struct wlan_crypto_comp_priv *crypto_priv; 3084 3085 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 3086 } 3087 3088 /** 3089 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 3090 * @peer:peer 3091 * 3092 * This function gets called by mlme to get crypto params 3093 * 3094 * Return: wlan_crypto_params or NULL in case of failure 3095 */ 3096 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 3097 struct wlan_objmgr_peer *peer){ 3098 struct wlan_crypto_comp_priv *crypto_priv; 3099 3100 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 3101 } 3102 3103 3104 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 3105 struct wlan_objmgr_peer *peer) 3106 { 3107 struct wlan_crypto_comp_priv *crypto_priv; 3108 struct wlan_crypto_comp_priv *sta_crypto_priv; 3109 struct wlan_crypto_params *crypto_params; 3110 struct wlan_crypto_key *key; 3111 struct wlan_crypto_key *sta_key; 3112 struct wlan_crypto_cipher *cipher_table; 3113 struct wlan_objmgr_psoc *psoc; 3114 uint8_t *mac_addr; 3115 int i; 3116 enum QDF_OPMODE opmode; 3117 QDF_STATUS status = QDF_STATUS_SUCCESS; 3118 3119 if (!vdev) 3120 return QDF_STATUS_E_NULL_VALUE; 3121 3122 if (!peer) { 3123 crypto_err("peer NULL"); 3124 return QDF_STATUS_E_INVAL; 3125 } 3126 3127 opmode = wlan_vdev_mlme_get_opmode(vdev); 3128 psoc = wlan_vdev_get_psoc(vdev); 3129 3130 if (!psoc) { 3131 crypto_err("psoc NULL"); 3132 return QDF_STATUS_E_NULL_VALUE; 3133 } 3134 3135 wlan_peer_obj_lock(peer); 3136 mac_addr = wlan_peer_get_macaddr(peer); 3137 wlan_peer_obj_unlock(peer); 3138 3139 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 3140 &crypto_priv); 3141 if (!crypto_priv) { 3142 crypto_err("crypto_priv NULL"); 3143 return QDF_STATUS_E_NULL_VALUE; 3144 } 3145 3146 /* push only valid static WEP keys from vap */ 3147 if (AUTH_IS_8021X(crypto_params)) 3148 return QDF_STATUS_E_INVAL; 3149 3150 if (opmode == QDF_STA_MODE) { 3151 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID); 3152 if (!peer) { 3153 crypto_err("peer NULL"); 3154 return QDF_STATUS_E_INVAL; 3155 } 3156 } 3157 3158 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 3159 if (!sta_crypto_priv) { 3160 crypto_err("sta priv is null"); 3161 status = QDF_STATUS_E_INVAL; 3162 goto exit; 3163 } 3164 3165 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3166 if (crypto_priv->key[i]) { 3167 key = crypto_priv->key[i]; 3168 if (!key || !key->valid) 3169 continue; 3170 3171 cipher_table = (struct wlan_crypto_cipher *) 3172 key->cipher_table; 3173 3174 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 3175 sta_key = qdf_mem_malloc( 3176 sizeof(struct wlan_crypto_key)); 3177 if (!sta_key) { 3178 status = QDF_STATUS_E_NOMEM; 3179 goto exit; 3180 } 3181 3182 sta_crypto_priv->key[i] = sta_key; 3183 qdf_mem_copy(sta_key, key, 3184 sizeof(struct wlan_crypto_key)); 3185 3186 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 3187 3188 if (crypto_priv->def_tx_keyid == i) { 3189 sta_key->flags 3190 |= WLAN_CRYPTO_KEY_DEFAULT; 3191 sta_crypto_priv->def_tx_keyid = 3192 crypto_priv->def_tx_keyid; 3193 } 3194 /* setting the broadcast/multicast key for sta*/ 3195 if (opmode == QDF_STA_MODE || 3196 opmode == QDF_IBSS_MODE){ 3197 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3198 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 3199 vdev, sta_key, mac_addr, 3200 cipher_table->cipher); 3201 } 3202 } 3203 3204 /* setting unicast key */ 3205 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 3206 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3207 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 3208 sta_key, mac_addr, 3209 cipher_table->cipher); 3210 } 3211 } 3212 } 3213 } 3214 3215 exit: 3216 if (opmode == QDF_STA_MODE) 3217 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 3218 3219 return status; 3220 } 3221 3222 /** 3223 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 3224 * @crypto_rx_ops: crypto_rx_ops 3225 * 3226 * This function gets called by object manger to register crypto rx ops. 3227 * 3228 * Return: QDF_STATUS 3229 */ 3230 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 3231 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 3232 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 3233 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 3234 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 3235 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 3236 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 3237 3238 return QDF_STATUS_SUCCESS; 3239 } 3240 3241 /** 3242 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 3243 * @psoc: psoc 3244 * 3245 * This function gets called by umac to get the crypto_rx_ops 3246 * 3247 * Return: crypto_rx_ops 3248 */ 3249 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 3250 struct wlan_objmgr_psoc *psoc) 3251 { 3252 3253 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 3254 } 3255 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops); 3256 3257 /** 3258 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 3259 * @vdev: vdev 3260 * @authvalue: authvalue to be checked 3261 * 3262 * This function check is authvalue passed is set in vdev or not 3263 * 3264 * Return: true or false 3265 */ 3266 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 3267 wlan_crypto_auth_mode authvalue) 3268 { 3269 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 3270 & authvalue; 3271 } 3272 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode); 3273 3274 /** 3275 * wlan_crypto_peer_has_auth_mode - check authmode for peer 3276 * @peer: peer 3277 * @authvalue: authvalue to be checked 3278 * 3279 * This function check is authvalue passed is set in peer or not 3280 * 3281 * Return: true or false 3282 */ 3283 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 3284 wlan_crypto_auth_mode authvalue) 3285 { 3286 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 3287 & authvalue; 3288 } 3289 qdf_export_symbol(wlan_crypto_peer_has_auth_mode); 3290 3291 /** 3292 * wlan_crypto_vdev_has_ucastcipher - check ucastcipher for vdev 3293 * @vdev: vdev 3294 * @ucastcipher: ucastcipher to be checked 3295 * 3296 * This function check is ucastcipher passed is set in vdev or not 3297 * 3298 * Return: true or false 3299 */ 3300 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev, 3301 wlan_crypto_cipher_type ucastcipher) 3302 { 3303 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3304 & ucastcipher; 3305 } 3306 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher); 3307 3308 /** 3309 * wlan_crypto_peer_has_ucastcipher - check ucastcipher for peer 3310 * @peer: peer 3311 * @ucastcipher: ucastcipher to be checked 3312 * 3313 * This function check is ucastcipher passed is set in peer or not 3314 * 3315 * Return: true or false 3316 */ 3317 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer, 3318 wlan_crypto_cipher_type ucastcipher) 3319 { 3320 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER) 3321 & ucastcipher; 3322 } 3323 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher); 3324 3325 /** 3326 * wlan_crypto_vdev_has_mcastcipher - check mcastcipher for vdev 3327 * @vdev: vdev 3328 * @mcastcipher: mcastcipher to be checked 3329 * 3330 * This function check is mcastcipher passed is set in vdev or not 3331 * 3332 * Return: true or false 3333 */ 3334 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev, 3335 wlan_crypto_cipher_type mcastcipher) 3336 { 3337 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3338 & mcastcipher; 3339 } 3340 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher); 3341 3342 /** 3343 * wlan_crypto_peer_has_mcastcipher - check mcastcipher for peer 3344 * @peer: peer 3345 * @mcastcipher: mcastcipher to be checked 3346 * 3347 * This function check is mcastcipher passed is set in peer or not 3348 * 3349 * Return: true or false 3350 */ 3351 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer, 3352 wlan_crypto_cipher_type mcastcipher) 3353 { 3354 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER) 3355 & mcastcipher; 3356 } 3357 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher); 3358 3359 /** 3360 * wlan_crypto_vdev_has_mgmtcipher - check mgmtcipher for vdev 3361 * @vdev: vdev 3362 * @mgmtcipher: mgmtcipher to be checked 3363 * 3364 * This function checks any one of mgmtciphers are supported by vdev or not. 3365 * 3366 * Return: true or false 3367 */ 3368 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev, 3369 uint32_t mgmtcipher) 3370 { 3371 return (wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3372 & mgmtcipher) != 0; 3373 } 3374 3375 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher); 3376 3377 /** 3378 * wlan_crypto_peer_has_mgmtcipher - check mgmtcipher for peer 3379 * @peer: peer 3380 * @mgmtcipher: mgmtcipher to be checked 3381 * 3382 * This function checks any one of mgmtciphers are supported by peer or not 3383 * 3384 * Return: true or false 3385 */ 3386 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer, 3387 uint32_t mgmtcipher) 3388 { 3389 return (wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER) 3390 & mgmtcipher) != 0; 3391 } 3392 3393 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher); 3394 3395 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer) 3396 { 3397 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3398 3399 if (!peer) { 3400 crypto_err("Invalid Input"); 3401 return 0; 3402 } 3403 3404 crypto_priv = wlan_get_peer_crypto_obj(peer); 3405 if (!crypto_priv) { 3406 crypto_err("crypto_priv NULL"); 3407 return 0; 3408 } 3409 3410 return crypto_priv->fils_aead_set; 3411 } 3412 3413 void 3414 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value) 3415 { 3416 struct wlan_crypto_comp_priv *crypto_priv = NULL; 3417 3418 if (!peer) { 3419 crypto_err("Invalid Input"); 3420 return; 3421 } 3422 3423 crypto_priv = wlan_get_peer_crypto_obj(peer); 3424 if (!crypto_priv) { 3425 crypto_err("crypto_priv NULL"); 3426 return; 3427 } 3428 3429 crypto_priv->fils_aead_set = value; 3430 } 3431 3432 /** 3433 * wlan_crypto_get_key_header - get header length 3434 * @key: key 3435 * 3436 * This function gets header length based on keytype 3437 * 3438 * Return: header length 3439 */ 3440 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key) 3441 { 3442 struct wlan_crypto_cipher *cipher_table; 3443 3444 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3445 if (cipher_table) 3446 return cipher_table->header; 3447 else 3448 return 0; 3449 } 3450 3451 qdf_export_symbol(wlan_crypto_get_key_header); 3452 3453 /** 3454 * wlan_crypto_get_key_trailer - get cipher trailer length 3455 * @key: key 3456 * 3457 * This function gets cipher trailer length based on keytype 3458 * 3459 * Return: cipher trailer length 3460 */ 3461 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key) 3462 { 3463 struct wlan_crypto_cipher *cipher_table; 3464 3465 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3466 if (cipher_table) 3467 return cipher_table->trailer; 3468 else 3469 return 0; 3470 } 3471 3472 qdf_export_symbol(wlan_crypto_get_key_trailer); 3473 3474 /** 3475 * wlan_crypto_get_key_miclen - get cipher miclen length 3476 * @key: key 3477 * 3478 * This function gets cipher miclen length based on keytype 3479 * 3480 * Return: cipher miclen length 3481 */ 3482 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key) 3483 { 3484 struct wlan_crypto_cipher *cipher_table; 3485 3486 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 3487 if (cipher_table) 3488 return cipher_table->miclen; 3489 else 3490 return 0; 3491 } 3492 3493 qdf_export_symbol(wlan_crypto_get_key_miclen); 3494 3495 /** 3496 * wlan_crypto_get_keyid - get keyid from frame 3497 * @data: frame 3498 * 3499 * This function parse frame and returns keyid 3500 * 3501 * Return: keyid 3502 */ 3503 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen) 3504 { 3505 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data; 3506 uint8_t *iv; 3507 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]); 3508 3509 /* 3510 * In FILS SK (Re)Association request/response frame has 3511 * to be decrypted 3512 */ 3513 if ((stype == WLAN_FC0_STYPE_ASSOC_REQ) || 3514 (stype == WLAN_FC0_STYPE_REASSOC_REQ) || 3515 (stype == WLAN_FC0_STYPE_ASSOC_RESP) || 3516 (stype == WLAN_FC0_STYPE_REASSOC_RESP)) { 3517 return 0; 3518 } 3519 3520 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) { 3521 iv = data + hdrlen; 3522 /* 3523 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers 3524 * Bits 6–7 of the Key ID octet are for the Key ID subfield 3525 */ 3526 return ((iv[3] >> 6) & 0x3); 3527 } else { 3528 return WLAN_CRYPTO_KEYIX_NONE; 3529 } 3530 } 3531 3532 qdf_export_symbol(wlan_crypto_get_keyid); 3533 3534 /** 3535 * crypto_plumb_peer_keys - called during radio reset 3536 * @vdev: vdev 3537 * @object: peer 3538 * @arg: psoc 3539 * 3540 * Restore unicast and persta hardware keys 3541 * 3542 * Return: void 3543 */ 3544 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev, 3545 void *object, void *arg) { 3546 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object; 3547 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg; 3548 struct wlan_crypto_comp_priv *crypto_priv; 3549 struct wlan_crypto_params *crypto_params; 3550 struct wlan_crypto_key *key = NULL; 3551 int i; 3552 3553 if ((!peer) || (!vdev) || (!psoc)) { 3554 crypto_err("Peer or vdev or psoc objects are null!"); 3555 return; 3556 } 3557 3558 crypto_params = wlan_crypto_peer_get_comp_params(peer, 3559 &crypto_priv); 3560 3561 if (!crypto_priv) { 3562 crypto_err("crypto_priv NULL"); 3563 return; 3564 } 3565 3566 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3567 key = crypto_priv->key[i]; 3568 if (key && key->valid) { 3569 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3570 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3571 ( 3572 vdev, 3573 key, 3574 wlan_peer_get_macaddr(peer), 3575 wlan_crypto_get_key_type(key) 3576 ); 3577 } 3578 } 3579 } 3580 } 3581 3582 /** 3583 * wlan_crypto_restore_keys - called during radio reset 3584 * @vdev: vdev 3585 * 3586 * Clear and restore keycache, needed for some DA chipsets which put 3587 * random values in keycache when phy reset is triggered 3588 * 3589 * Return: void 3590 */ 3591 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev) 3592 { 3593 int i; 3594 struct wlan_crypto_comp_priv *crypto_priv; 3595 struct wlan_crypto_params *crypto_params; 3596 struct wlan_crypto_key *key; 3597 uint8_t macaddr[QDF_MAC_ADDR_SIZE] = 3598 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 3599 struct wlan_objmgr_pdev *pdev = NULL; 3600 struct wlan_objmgr_psoc *psoc = NULL; 3601 3602 pdev = wlan_vdev_get_pdev(vdev); 3603 psoc = wlan_vdev_get_psoc(vdev); 3604 if (!pdev) { 3605 crypto_err("pdev is NULL"); 3606 return; 3607 } 3608 if (!psoc) { 3609 crypto_err("psoc is NULL"); 3610 return; 3611 } 3612 3613 /* TBD: QWRAP key restore*/ 3614 /* crypto is on */ 3615 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) { 3616 /* restore static shared keys */ 3617 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 3618 crypto_params = wlan_crypto_vdev_get_comp_params 3619 ( 3620 vdev, 3621 &crypto_priv 3622 ); 3623 if (!crypto_priv) { 3624 crypto_err("crypto_priv is NULL"); 3625 return; 3626 } 3627 key = crypto_priv->key[i]; 3628 if (key && key->valid) { 3629 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 3630 WLAN_CRYPTO_TX_OPS_SETKEY(psoc) 3631 ( 3632 vdev, 3633 key, 3634 macaddr, 3635 wlan_crypto_get_key_type(key) 3636 ); 3637 } 3638 } 3639 } 3640 3641 wlan_objmgr_iterate_peerobj_list(vdev, 3642 crypto_plumb_peer_keys, 3643 psoc, 3644 WLAN_CRYPTO_ID); 3645 } 3646 } 3647 3648 /** 3649 * wlan_crypto_check_open_none - called by ucfg to check for open security 3650 * @psoc: psoc pointer 3651 * @vdev_id: vdev id 3652 * 3653 * This function gets called from ucfg to check open security. 3654 * 3655 * Return: true or false 3656 */ 3657 bool wlan_crypto_check_open_none(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3658 { 3659 struct wlan_crypto_comp_priv *crypto_priv; 3660 struct wlan_crypto_params *crypto_params; 3661 struct wlan_objmgr_vdev *vdev; 3662 bool match = true; 3663 3664 if (!psoc) { 3665 crypto_err("PSOC is NULL"); 3666 return false; 3667 } 3668 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3669 WLAN_CRYPTO_ID); 3670 if (!vdev) { 3671 crypto_err("vdev is NULL"); 3672 return false; 3673 } 3674 3675 crypto_priv = (struct wlan_crypto_comp_priv *) 3676 wlan_get_vdev_crypto_obj(vdev); 3677 3678 if (!crypto_priv) { 3679 crypto_err("crypto_priv NULL"); 3680 match = false; 3681 goto send_res; 3682 } 3683 3684 crypto_params = &crypto_priv->crypto_params; 3685 3686 if (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_NONE) { 3687 match = false; 3688 goto send_res; 3689 } 3690 3691 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3692 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_NONE)) 3693 match = false; 3694 3695 send_res: 3696 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3697 3698 return match; 3699 } 3700 3701 /** 3702 * wlan_crypto_check_wep - called by ucfg to check for WEP security 3703 * @psoc: psoc pointer 3704 * @vdev_id: vdev id 3705 * 3706 * This function gets called from ucfg to check WEP security. 3707 * 3708 * Return: true or false 3709 */ 3710 bool wlan_crypto_check_wep(struct wlan_objmgr_psoc *psoc, uint8_t vdev_id) 3711 { 3712 struct wlan_crypto_comp_priv *crypto_priv; 3713 struct wlan_crypto_params *crypto_params; 3714 struct wlan_objmgr_vdev *vdev; 3715 bool match = true; 3716 3717 if (!psoc) { 3718 crypto_err("PSOC is NULL"); 3719 return false; 3720 } 3721 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3722 WLAN_CRYPTO_ID); 3723 if (!vdev) { 3724 crypto_err("vdev is NULL"); 3725 return false; 3726 } 3727 3728 crypto_priv = (struct wlan_crypto_comp_priv *) 3729 wlan_get_vdev_crypto_obj(vdev); 3730 3731 if (!crypto_priv) { 3732 crypto_err("crypto_priv NULL"); 3733 match = false; 3734 goto send_res; 3735 } 3736 3737 crypto_params = &crypto_priv->crypto_params; 3738 3739 if ((crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3740 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3741 (crypto_params->ucastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3742 match = false; 3743 goto send_res; 3744 } 3745 if ((crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP) && 3746 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_40) && 3747 (crypto_params->mcastcipherset != WLAN_CRYPTO_CIPHER_WEP_104)) { 3748 match = false; 3749 goto send_res; 3750 } 3751 if (crypto_params->ucastcipherset != crypto_params->mcastcipherset) { 3752 match = false; 3753 goto send_res; 3754 } 3755 if ((crypto_params->authmodeset != WLAN_CRYPTO_AUTH_AUTO) && 3756 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_OPEN) && 3757 (crypto_params->authmodeset != WLAN_CRYPTO_AUTH_SHARED)) { 3758 match = false; 3759 } 3760 send_res: 3761 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3762 3763 return match; 3764 } 3765 3766 static QDF_STATUS 3767 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params, 3768 uint8_t *ie_ptr, uint16_t ie_len) 3769 { 3770 const uint8_t *rsn_ie = NULL; 3771 QDF_STATUS status; 3772 3773 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3774 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len); 3775 if (!rsn_ie) { 3776 crypto_err("RSN IE NULL"); 3777 return QDF_STATUS_E_INVAL; 3778 } 3779 3780 status = wlan_crypto_rsnie_check(crypto_params, (uint8_t *)rsn_ie); 3781 if (QDF_STATUS_SUCCESS != status) { 3782 crypto_err("RSN IE check failed"); 3783 return status; 3784 } 3785 3786 return QDF_STATUS_SUCCESS; 3787 } 3788 3789 static QDF_STATUS 3790 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params, 3791 uint8_t *ie_ptr, uint16_t ie_len) 3792 { 3793 const uint8_t *wpa_ie = NULL; 3794 uint32_t wpa_oui; 3795 QDF_STATUS status; 3796 3797 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params)); 3798 3799 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE); 3800 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui, 3801 WLAN_OUI_SIZE, ie_ptr, ie_len); 3802 if (!wpa_ie) { 3803 crypto_err("WPA IE NULL"); 3804 return QDF_STATUS_E_INVAL; 3805 } 3806 3807 status = wlan_crypto_wpaie_check(crypto_params, (uint8_t *)wpa_ie); 3808 if (QDF_STATUS_SUCCESS != status) { 3809 crypto_err("WPA IE check failed"); 3810 return status; 3811 } 3812 3813 return QDF_STATUS_SUCCESS; 3814 } 3815 /** 3816 * wlan_crypto_check_rsn_match - called by ucfg to check for RSN match 3817 * @psoc: psoc pointer 3818 * @vdev_id: vdev id 3819 * @ie_ptr: pointer to IEs 3820 * @ie_len: IE length 3821 * 3822 * This function gets called from ucfg to check RSN match. 3823 * 3824 * Return: true or false 3825 */ 3826 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc, 3827 uint8_t vdev_id, uint8_t *ie_ptr, 3828 uint16_t ie_len) 3829 { 3830 struct wlan_crypto_params peer_crypto_params; 3831 struct wlan_objmgr_vdev *vdev; 3832 bool match = true; 3833 QDF_STATUS status; 3834 3835 if (!psoc) { 3836 crypto_err("PSOC is NULL"); 3837 return false; 3838 } 3839 status = wlan_get_crypto_params_from_rsn_ie(&peer_crypto_params, 3840 ie_ptr, ie_len); 3841 if (QDF_STATUS_SUCCESS != status) { 3842 crypto_err("get crypto prarams from RSN IE failed"); 3843 return false; 3844 } 3845 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3846 WLAN_CRYPTO_ID); 3847 if (!vdev) { 3848 crypto_err("vdev is NULL"); 3849 return false; 3850 } 3851 3852 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3853 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3854 3855 return match; 3856 } 3857 3858 /** 3859 * wlan_crypto_check_wpa_match - called by ucfg to check for WPA match 3860 * @psoc: psoc pointer 3861 * @vdev_id: vdev id 3862 * @ie_ptr: pointer to IEs 3863 * @ie_len: IE length 3864 * 3865 * This function gets called from ucfg to check WPA match. 3866 * 3867 * Return: true or false 3868 */ 3869 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc, 3870 uint8_t vdev_id, uint8_t *ie_ptr, 3871 uint16_t ie_len) 3872 { 3873 struct wlan_crypto_params peer_crypto_params; 3874 struct wlan_objmgr_vdev *vdev; 3875 bool match = true; 3876 QDF_STATUS status; 3877 3878 if (!psoc) { 3879 crypto_err("PSOC is NULL"); 3880 return false; 3881 } 3882 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id, 3883 WLAN_CRYPTO_ID); 3884 if (!vdev) { 3885 crypto_err("vdev is NULL"); 3886 return false; 3887 } 3888 3889 status = wlan_get_crypto_params_from_wpa_ie(&peer_crypto_params, 3890 ie_ptr, ie_len); 3891 if (QDF_STATUS_SUCCESS != status) { 3892 crypto_err("get crypto prarams from WPA IE failed"); 3893 match = false; 3894 goto send_res; 3895 } 3896 match = wlan_crypto_rsn_info(vdev, &peer_crypto_params); 3897 send_res: 3898 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID); 3899 3900 return match; 3901 } 3902 3903 3904 static void 3905 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params, 3906 struct wlan_crypto_params *src_params) 3907 { 3908 dst_params->authmodeset |= src_params->authmodeset; 3909 dst_params->ucastcipherset |= src_params->ucastcipherset; 3910 dst_params->mcastcipherset |= src_params->mcastcipherset; 3911 dst_params->mgmtcipherset |= src_params->mgmtcipherset; 3912 dst_params->cipher_caps |= src_params->cipher_caps; 3913 dst_params->key_mgmt |= src_params->key_mgmt; 3914 dst_params->rsn_caps |= src_params->rsn_caps; 3915 } 3916 3917 static void 3918 wlan_crypto_reset_prarams(struct wlan_crypto_params *params) 3919 { 3920 params->authmodeset = 0; 3921 params->ucastcipherset = 0; 3922 params->mcastcipherset = 0; 3923 params->mgmtcipherset = 0; 3924 params->cipher_caps = 0; 3925 params->key_mgmt = 0; 3926 params->rsn_caps = 0; 3927 } 3928 3929 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev, 3930 uint8_t *ie_ptr, 3931 uint16_t ie_len) 3932 { 3933 struct wlan_crypto_params crypto_params; 3934 QDF_STATUS status; 3935 struct wlan_crypto_params *vdev_crypto_params; 3936 struct wlan_crypto_comp_priv *crypto_priv; 3937 bool send_fail = false; 3938 3939 if (!vdev) { 3940 crypto_err("VDEV is NULL"); 3941 return QDF_STATUS_E_FAILURE; 3942 } 3943 3944 if (!ie_ptr) { 3945 crypto_err("IE ptr is NULL"); 3946 return QDF_STATUS_E_FAILURE; 3947 } 3948 3949 crypto_priv = (struct wlan_crypto_comp_priv *) 3950 wlan_get_vdev_crypto_obj(vdev); 3951 3952 if (!crypto_priv) { 3953 crypto_err("crypto_priv NULL"); 3954 return QDF_STATUS_E_FAILURE; 3955 } 3956 3957 vdev_crypto_params = &crypto_priv->crypto_params; 3958 3959 wlan_crypto_reset_prarams(vdev_crypto_params); 3960 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params, 3961 ie_ptr, ie_len); 3962 if (QDF_STATUS_SUCCESS == status) { 3963 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 3964 } else { 3965 crypto_err("get crypto prarams from RSN IE failed"); 3966 send_fail = true; 3967 } 3968 3969 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params, 3970 ie_ptr, ie_len); 3971 if (QDF_STATUS_SUCCESS == status) { 3972 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params); 3973 send_fail = false; 3974 } else { 3975 crypto_err("get crypto prarams from WPA IE failed"); 3976 } 3977 3978 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS; 3979 } 3980 3981 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk) 3982 { 3983 struct wlan_crypto_comp_priv *crypto_priv; 3984 3985 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 3986 if (!crypto_priv) { 3987 crypto_err("crypto_priv NULL"); 3988 return QDF_STATUS_E_FAILURE; 3989 } 3990 3991 if (igtk) 3992 return crypto_priv->def_igtk_tx_keyid; 3993 else 3994 return crypto_priv->def_tx_keyid; 3995 } 3996 3997 enum wlan_crypto_cipher_type 3998 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev, 3999 bool pairwise, uint8_t key_index) 4000 { 4001 struct wlan_crypto_key *crypto_key; 4002 4003 crypto_key = wlan_crypto_get_key(vdev, key_index); 4004 4005 if (crypto_key) 4006 return crypto_key->cipher_type; 4007 else 4008 return WLAN_CRYPTO_CIPHER_INVALID; 4009 } 4010 4011 #ifdef CRYPTO_SET_KEY_CONVERGED 4012 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher, 4013 uint8_t key_index, uint8_t key_len, 4014 uint8_t seq_len) 4015 { 4016 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4017 crypto_err("Invalid Key index %d", key_index); 4018 return QDF_STATUS_E_INVAL; 4019 } 4020 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) { 4021 crypto_err("Invalid Cipher %d", cipher); 4022 return QDF_STATUS_E_INVAL; 4023 } 4024 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC || 4025 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 || 4026 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC || 4027 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) && 4028 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) { 4029 crypto_err("Invalid key index %d for cipher %d", 4030 key_index, cipher); 4031 return QDF_STATUS_E_INVAL; 4032 } 4033 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) { 4034 crypto_err("Invalid key length %d", key_len); 4035 return QDF_STATUS_E_INVAL; 4036 } 4037 4038 if (seq_len > WLAN_CRYPTO_RSC_SIZE) { 4039 crypto_err("Invalid seq length %d", seq_len); 4040 return QDF_STATUS_E_INVAL; 4041 } 4042 4043 crypto_debug("key: idx:%d, len:%d, seq len:%d", 4044 key_index, key_len, seq_len); 4045 4046 return QDF_STATUS_SUCCESS; 4047 } 4048 4049 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev, 4050 uint8_t key_index, 4051 struct wlan_crypto_key *crypto_key) 4052 { 4053 struct wlan_crypto_comp_priv *crypto_priv; 4054 4055 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4056 if (!crypto_priv) { 4057 crypto_err("crypto_priv NULL"); 4058 return QDF_STATUS_E_FAILURE; 4059 } 4060 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4061 crypto_err("Invalid Key index %d", key_index); 4062 return QDF_STATUS_E_FAILURE; 4063 } 4064 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4065 crypto_priv->key[key_index] = crypto_key; 4066 else 4067 crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] = 4068 crypto_key; 4069 4070 return QDF_STATUS_SUCCESS; 4071 } 4072 4073 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev, 4074 uint8_t key_index) 4075 { 4076 struct wlan_crypto_comp_priv *crypto_priv; 4077 4078 crypto_priv = wlan_get_vdev_crypto_obj(vdev); 4079 if (!crypto_priv) { 4080 crypto_err("crypto_priv NULL"); 4081 return NULL; 4082 } 4083 if (key_index >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX)) { 4084 crypto_err("Invalid Key index %d", key_index); 4085 return NULL; 4086 } 4087 if (key_index < WLAN_CRYPTO_MAXKEYIDX) 4088 return crypto_priv->key[key_index]; 4089 4090 return crypto_priv->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX]; 4091 } 4092 4093 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev, 4094 struct wlan_crypto_key *req, 4095 enum wlan_crypto_key_type key_type) 4096 { 4097 struct wlan_objmgr_psoc *psoc; 4098 4099 psoc = wlan_vdev_get_psoc(vdev); 4100 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)) 4101 WLAN_CRYPTO_TX_OPS_SET_KEY(psoc)(vdev, req, key_type); 4102 else 4103 return QDF_STATUS_E_FAILURE; 4104 4105 return QDF_STATUS_SUCCESS; 4106 } 4107 4108 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev, 4109 bool pairwise, uint8_t key_index, 4110 struct qdf_mac_addr *peer_mac) 4111 { 4112 struct wlan_crypto_key *crypto_key; 4113 4114 crypto_key = wlan_crypto_get_key(vdev, key_index); 4115 if (!crypto_key) { 4116 crypto_err("crypto_key not present for key_idx %d", key_index); 4117 return; 4118 } 4119 4120 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE); 4121 } 4122 #endif 4123