1 /* 2 * Copyright (c) 2017 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /** 20 * DOC: Public APIs for crypto service 21 */ 22 #include <qdf_types.h> 23 #include <wlan_cmn.h> 24 #include <wlan_objmgr_cmn.h> 25 #include <wlan_objmgr_global_obj.h> 26 #include <wlan_objmgr_psoc_obj.h> 27 #include <wlan_objmgr_pdev_obj.h> 28 #include <wlan_objmgr_vdev_obj.h> 29 #include <wlan_objmgr_peer_obj.h> 30 31 #include "wlan_crypto_global_def.h" 32 #include "wlan_crypto_global_api.h" 33 #include "wlan_crypto_def_i.h" 34 #include "wlan_crypto_param_handling_i.h" 35 #include "wlan_crypto_obj_mgr_i.h" 36 37 #include <qdf_module.h> 38 39 40 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX]; 41 42 /** 43 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 44 * 45 * @vdev:vdev 46 * 47 * This function gets called by mlme to get crypto params 48 * 49 * Return: wlan_crypto_params or NULL in case of failure 50 */ 51 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params( 52 struct wlan_objmgr_vdev *vdev, 53 struct wlan_crypto_comp_priv **crypto_priv){ 54 *crypto_priv = (struct wlan_crypto_comp_priv *) 55 wlan_get_vdev_crypto_obj(vdev); 56 if (*crypto_priv == NULL) { 57 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 58 return NULL; 59 } 60 61 return &((*crypto_priv)->crypto_params); 62 } 63 64 /** 65 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 66 * 67 * @peer:peer 68 * 69 * This function gets called by mlme to get crypto params 70 * 71 * Return: wlan_crypto_params or NULL in case of failure 72 */ 73 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params( 74 struct wlan_objmgr_peer *peer, 75 struct wlan_crypto_comp_priv **crypto_priv){ 76 77 *crypto_priv = (struct wlan_crypto_comp_priv *) 78 wlan_get_peer_crypto_obj(peer); 79 if (*crypto_priv == NULL) { 80 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 81 return NULL; 82 } 83 84 return &((*crypto_priv)->crypto_params); 85 } 86 87 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key) 88 { 89 return QDF_STATUS_SUCCESS; 90 } 91 /** 92 * wlan_crypto_set_param - called by ucfg to set crypto param 93 * 94 * @vdev: vdev 95 * @param: param to be set. 96 * @value: value 97 * 98 * This function gets called from ucfg to set param 99 * 100 * Return: QDF_STATUS_SUCCESS - in case of success 101 */ 102 QDF_STATUS wlan_crypto_set_param(struct wlan_objmgr_vdev *vdev, 103 wlan_crypto_param_type param, 104 uint32_t value){ 105 QDF_STATUS status = QDF_STATUS_E_INVAL; 106 struct wlan_crypto_comp_priv *crypto_priv; 107 struct wlan_crypto_params *crypto_params; 108 109 crypto_priv = (struct wlan_crypto_comp_priv *) 110 wlan_get_vdev_crypto_obj(vdev); 111 112 if (crypto_priv == NULL) { 113 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 114 return QDF_STATUS_E_INVAL; 115 } 116 117 crypto_params = &(crypto_priv->crypto_params); 118 switch (param) { 119 case WLAN_CRYPTO_PARAM_AUTH_MODE: 120 status = wlan_crypto_set_authmode(crypto_params, value); 121 break; 122 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 123 status = wlan_crypto_set_ucastciphers(crypto_params, value); 124 break; 125 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 126 status = wlan_crypto_set_mcastcipher(crypto_params, value); 127 break; 128 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 129 status = wlan_crypto_set_mgmtcipher(crypto_params, value); 130 break; 131 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 132 status = wlan_crypto_set_cipher_cap(crypto_params, value); 133 break; 134 case WLAN_CRYPTO_PARAM_RSN_CAP: 135 status = wlan_crypto_set_rsn_cap(crypto_params, value); 136 break; 137 case WLAN_CRYPTO_PARAM_KEY_MGMT: 138 status = wlan_crypto_set_key_mgmt(crypto_params, value); 139 break; 140 default: 141 status = QDF_STATUS_E_INVAL; 142 } 143 144 return status; 145 } 146 147 /** 148 * wlan_crypto_get_param_value - called by crypto APIs to get value for param 149 * 150 * @param: Crypto param type 151 * @crypto_params: Crypto params struct 152 * 153 * This function gets called from in-within crypto layer 154 * 155 * Return: value or -1 for failure 156 */ 157 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param, 158 struct wlan_crypto_params *crypto_params) 159 { 160 int32_t value = -1; 161 162 switch (param) { 163 case WLAN_CRYPTO_PARAM_AUTH_MODE: 164 value = wlan_crypto_get_authmode(crypto_params); 165 break; 166 case WLAN_CRYPTO_PARAM_UCAST_CIPHER: 167 value = wlan_crypto_get_ucastciphers(crypto_params); 168 break; 169 case WLAN_CRYPTO_PARAM_MCAST_CIPHER: 170 value = wlan_crypto_get_mcastcipher(crypto_params); 171 break; 172 case WLAN_CRYPTO_PARAM_MGMT_CIPHER: 173 value = wlan_crypto_get_mgmtciphers(crypto_params); 174 break; 175 case WLAN_CRYPTO_PARAM_CIPHER_CAP: 176 value = wlan_crypto_get_cipher_cap(crypto_params); 177 break; 178 case WLAN_CRYPTO_PARAM_RSN_CAP: 179 value = wlan_crypto_get_rsn_cap(crypto_params); 180 break; 181 case WLAN_CRYPTO_PARAM_KEY_MGMT: 182 value = wlan_crypto_get_key_mgmt(crypto_params); 183 break; 184 default: 185 value = QDF_STATUS_E_INVAL; 186 } 187 188 return value; 189 } 190 191 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev, 192 wlan_crypto_param_type param) 193 { 194 int32_t value = -1; 195 struct wlan_crypto_comp_priv *crypto_priv; 196 struct wlan_crypto_params *crypto_params; 197 crypto_priv = (struct wlan_crypto_comp_priv *) 198 wlan_get_vdev_crypto_obj(vdev); 199 200 if (crypto_priv == NULL) { 201 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 202 return QDF_STATUS_E_INVAL; 203 } 204 205 crypto_params = &(crypto_priv->crypto_params); 206 value = wlan_crypto_get_param_value(param, crypto_params); 207 208 return value; 209 } 210 211 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer, 212 wlan_crypto_param_type param) 213 { 214 int32_t value = -1; 215 struct wlan_crypto_comp_priv *crypto_priv; 216 struct wlan_crypto_params *crypto_params; 217 218 crypto_params = wlan_crypto_peer_get_comp_params(peer, 219 &crypto_priv); 220 221 if (crypto_params == NULL) { 222 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 223 return QDF_STATUS_E_INVAL; 224 } 225 value = wlan_crypto_get_param_value(param, crypto_params); 226 227 return value; 228 } 229 230 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev, 231 struct wlan_objmgr_peer *peer) 232 { 233 int32_t ucast_cipher; 234 235 if (!(vdev || peer)) { 236 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 237 return 0; 238 } 239 240 if (vdev) 241 ucast_cipher = wlan_crypto_get_param(vdev, 242 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 243 else 244 ucast_cipher = wlan_crypto_get_peer_param(peer, 245 WLAN_CRYPTO_PARAM_UCAST_CIPHER); 246 247 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) || 248 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) && 249 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) && 250 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) && 251 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) && 252 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256))); 253 } 254 qdf_export_symbol(wlan_crypto_is_htallowed); 255 256 /** 257 * wlan_crypto_setkey - called by ucfg to setkey 258 * 259 * @vdev: vdev 260 * @req_key: req_key with cipher type, key macaddress 261 * 262 * This function gets called from ucfg to sey key 263 * 264 * Return: QDF_STATUS_SUCCESS - in case of success 265 */ 266 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev, 267 struct wlan_crypto_req_key *req_key){ 268 269 QDF_STATUS status = QDF_STATUS_E_INVAL; 270 struct wlan_crypto_comp_priv *crypto_priv; 271 struct wlan_crypto_params *crypto_params; 272 struct wlan_objmgr_psoc *psoc; 273 struct wlan_objmgr_peer *peer; 274 struct wlan_crypto_key *key = NULL; 275 const struct wlan_crypto_cipher *cipher; 276 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 277 bool isbcast; 278 enum QDF_OPMODE vdev_mode; 279 uint8_t igtk_idx = 0; 280 281 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) { 282 qdf_print("%s[%d] Invalid params vdev%pK, req_key%pK\n", 283 __func__, __LINE__, vdev, req_key); 284 return QDF_STATUS_E_INVAL; 285 } 286 287 isbcast = qdf_is_macaddr_broadcast( 288 (struct qdf_mac_addr *)req_key->macaddr); 289 if (req_key->keylen == 0) { 290 /* zero length keys, only set default key id if flags are set*/ 291 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) 292 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) 293 && (!IS_MGMT_CIPHER(req_key->type))) { 294 wlan_crypto_default_key(vdev, 295 req_key->macaddr, 296 req_key->keyix, 297 !isbcast); 298 return QDF_STATUS_SUCCESS; 299 } 300 qdf_print("%s[%d] req_key len zero\n", __func__, __LINE__); 301 return QDF_STATUS_E_INVAL; 302 } 303 304 cipher = wlan_crypto_cipher_ops[req_key->type]; 305 306 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) { 307 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 308 return QDF_STATUS_E_INVAL; 309 } 310 311 if (cipher && (!IS_MGMT_CIPHER(req_key->type)) 312 && ((req_key->keylen != (cipher->keylen/NBBY)) 313 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) { 314 qdf_print("%s[%d] cipher invalid\n", __func__, __LINE__); 315 return QDF_STATUS_E_INVAL; 316 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) && 317 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN) 318 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN) 319 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) { 320 qdf_print("%s[%d] wep key len invalid\n", __func__, __LINE__); 321 return QDF_STATUS_E_INVAL; 322 } 323 324 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) { 325 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT 326 | WLAN_CRYPTO_KEY_RECV)) { 327 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 328 | WLAN_CRYPTO_KEY_RECV); 329 } 330 } else { 331 if ((req_key->keyix > WLAN_CRYPTO_MAXKEYIDX) 332 && (!IS_MGMT_CIPHER(req_key->type))) { 333 return QDF_STATUS_E_INVAL; 334 } 335 336 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT 337 | WLAN_CRYPTO_KEY_RECV); 338 if (isbcast) 339 req_key->flags |= WLAN_CRYPTO_KEY_GROUP; 340 } 341 342 vdev_mode = wlan_vdev_mlme_get_opmode(vdev); 343 344 wlan_vdev_obj_lock(vdev); 345 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 346 psoc = wlan_vdev_get_psoc(vdev); 347 if (!psoc) { 348 wlan_vdev_obj_unlock(vdev); 349 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 350 return QDF_STATUS_E_INVAL; 351 } 352 wlan_vdev_obj_unlock(vdev); 353 354 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) { 355 if (wlan_crypto_vdev_has_auth_mode(vdev, 356 (1 << WLAN_CRYPTO_AUTH_8021X))) { 357 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 358 } 359 } 360 361 if (isbcast) { 362 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 363 &crypto_priv); 364 if (crypto_priv == NULL) { 365 qdf_print("%s[%d] crypto_priv NULL\n", 366 __func__, __LINE__); 367 return QDF_STATUS_E_INVAL; 368 } 369 370 if (IS_MGMT_CIPHER(req_key->type)) { 371 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 372 if (igtk_idx > WLAN_CRYPTO_MAXIGTKKEYIDX) { 373 qdf_print("%s[%d] igtk key invalid keyid %d \n", 374 __func__, __LINE__, igtk_idx); 375 return QDF_STATUS_E_INVAL; 376 } 377 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 378 if (key == NULL) { 379 qdf_print("%s[%d] igtk key alloc failed\n", 380 __func__, __LINE__); 381 return QDF_STATUS_E_NOMEM; 382 } 383 384 if (crypto_priv->igtk_key[igtk_idx]) 385 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 386 387 crypto_priv->igtk_key[igtk_idx] = key; 388 crypto_priv->igtk_key_type = req_key->type; 389 crypto_priv->def_igtk_tx_keyid = igtk_idx; 390 } else { 391 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type) 392 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) { 393 return QDF_STATUS_E_INVAL; 394 } 395 if (!crypto_priv->key[req_key->keyix]) { 396 crypto_priv->key[req_key->keyix] 397 = qdf_mem_malloc( 398 sizeof(struct wlan_crypto_key)); 399 if (!crypto_priv->key[req_key->keyix]) 400 return QDF_STATUS_E_NOMEM; 401 } 402 key = crypto_priv->key[req_key->keyix]; 403 } 404 if (vdev_mode == QDF_STA_MODE) { 405 peer = wlan_vdev_get_bsspeer(vdev); 406 if (!(peer && (QDF_STATUS_SUCCESS 407 == wlan_objmgr_peer_try_get_ref(peer, 408 WLAN_CRYPTO_ID)))) { 409 qdf_print("%s[%d] peer %pK failed\n", 410 __func__, __LINE__, peer); 411 if (IS_MGMT_CIPHER(req_key->type)) { 412 crypto_priv->igtk_key[igtk_idx] = NULL; 413 crypto_priv->igtk_key_type 414 = WLAN_CRYPTO_CIPHER_NONE; 415 } else 416 crypto_priv->key[req_key->keyix] = NULL; 417 if (key) 418 qdf_mem_free(key); 419 return QDF_STATUS_E_INVAL; 420 } 421 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer), 422 WLAN_ALEN); 423 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 424 } 425 } else { 426 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 427 psoc, 428 req_key->macaddr, 429 macaddr, 430 WLAN_CRYPTO_ID); 431 432 if (peer == NULL) { 433 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 434 return QDF_STATUS_E_INVAL; 435 } 436 437 qdf_mem_copy(macaddr, req_key->macaddr, WLAN_ALEN); 438 crypto_params = wlan_crypto_peer_get_comp_params(peer, 439 &crypto_priv); 440 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 441 442 if (crypto_priv == NULL) { 443 qdf_print("%s[%d] crypto_priv NULL\n", 444 __func__, __LINE__); 445 return QDF_STATUS_E_INVAL; 446 } 447 if (IS_MGMT_CIPHER(req_key->type)) { 448 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX; 449 if (igtk_idx > WLAN_CRYPTO_MAXIGTKKEYIDX) { 450 qdf_print("%s[%d] igtk key invalid keyid %d \n", 451 __func__, __LINE__, igtk_idx); 452 return QDF_STATUS_E_INVAL; 453 } 454 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key)); 455 if (key == NULL) { 456 qdf_print("%s[%d] igtk key alloc failed\n", 457 __func__, __LINE__); 458 return QDF_STATUS_E_NOMEM; 459 } 460 if (crypto_priv->igtk_key[igtk_idx]) 461 qdf_mem_free(crypto_priv->igtk_key[igtk_idx]); 462 463 crypto_priv->igtk_key[igtk_idx] = key; 464 crypto_priv->igtk_key_type = req_key->type; 465 crypto_priv->def_igtk_tx_keyid = igtk_idx; 466 } else { 467 uint16_t kid = req_key->keyix; 468 if (kid == WLAN_CRYPTO_KEYIX_NONE) 469 kid = 0; 470 if (!crypto_priv->key[kid]) { 471 crypto_priv->key[kid] 472 = qdf_mem_malloc( 473 sizeof(struct wlan_crypto_key)); 474 if (!crypto_priv->key[kid]) 475 return QDF_STATUS_E_NOMEM; 476 } 477 key = crypto_priv->key[kid]; 478 } 479 } 480 481 /* alloc key might not required as it is already there */ 482 key->cipher_table = (void *)cipher; 483 key->keylen = req_key->keylen; 484 key->flags = req_key->flags; 485 486 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 487 key->keyix = 0; 488 else 489 key->keyix = req_key->keyix; 490 491 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT 492 && (!IS_MGMT_CIPHER(req_key->type))) { 493 crypto_priv->def_tx_keyid = key->keyix; 494 key->flags |= WLAN_CRYPTO_KEY_DEFAULT; 495 } 496 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) 497 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) { 498 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36, 499 0x5c, 0x36, 0x5c, 0x36, 500 0x5c, 0x36, 0x5c, 0x36, 501 0x5c, 0x36, 0x5c, 0x37}; 502 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36, 503 0x5c, 0x36, 0x5c, 0x36, 504 0x5c, 0x36, 0x5c, 0x36, 505 0x5c, 0x36, 0x5c, 0x36}; 506 507 /* During Tx PN should be increment and 508 * send but as per our implementation we increment only after 509 * Tx complete. So First packet PN check will be failed. 510 * To compensate increment the PN here by 2 511 */ 512 if (vdev_mode == QDF_SAP_MODE) { 513 iv_AP[15] += 2; 514 qdf_mem_copy(key->recviv, iv_STA, 515 WLAN_CRYPTO_WAPI_IV_SIZE); 516 qdf_mem_copy(key->txiv, iv_AP, 517 WLAN_CRYPTO_WAPI_IV_SIZE); 518 } else { 519 iv_STA[15] += 2; 520 qdf_mem_copy(key->recviv, iv_AP, 521 WLAN_CRYPTO_WAPI_IV_SIZE); 522 qdf_mem_copy(key->txiv, iv_STA, 523 WLAN_CRYPTO_WAPI_IV_SIZE); 524 } 525 } else { 526 uint8_t i = 0; 527 qdf_mem_copy((uint8_t *)(&key->keytsc), 528 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc)); 529 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) { 530 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]), 531 (uint8_t *)(&req_key->keyrsc), 532 sizeof(key->keyrsc[0])); 533 } 534 } 535 536 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval)); 537 key->valid = 1; 538 if ((IS_MGMT_CIPHER(req_key->type))) { 539 if (HAS_CIPHER_CAP(crypto_params, 540 WLAN_CRYPTO_CAP_PMF_OFFLOAD)) { 541 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 542 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 543 key, macaddr, req_key->type); 544 } 545 } 546 status = wlan_crypto_set_igtk_key(key); 547 return status; 548 } else { 549 550 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 551 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, key, 552 macaddr, req_key->type); 553 } 554 } 555 status = cipher->setkey(key); 556 557 return status; 558 } 559 560 /** 561 * wlan_crypto_getkey - called by ucfg to get key 562 * 563 * @vdev: vdev 564 * @req_key: key value will be copied in this req_key 565 * @mac_address: mac address of the peer for unicast key 566 * or broadcast address if group key is requested. 567 * This function gets called from ucfg to get key 568 * 569 * Return: QDF_STATUS_SUCCESS - in case of success 570 */ 571 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev, 572 struct wlan_crypto_req_key *req_key, 573 uint8_t *mac_addr){ 574 struct wlan_crypto_comp_priv *crypto_priv; 575 struct wlan_crypto_params *crypto_params; 576 struct wlan_crypto_cipher *cipher_table; 577 struct wlan_crypto_key *key; 578 struct wlan_objmgr_psoc *psoc; 579 uint8_t macaddr[WLAN_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 580 581 if ((req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) && 582 (req_key->keyix >= WLAN_CRYPTO_MAXKEYIDX)) { 583 qdf_print("%s[%d] invalid keyix %d\n", __func__, __LINE__, 584 req_key->keyix); 585 return QDF_STATUS_E_INVAL; 586 } 587 588 wlan_vdev_obj_lock(vdev); 589 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 590 psoc = wlan_vdev_get_psoc(vdev); 591 if (!psoc) { 592 wlan_vdev_obj_unlock(vdev); 593 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 594 return QDF_STATUS_E_INVAL; 595 } 596 wlan_vdev_obj_unlock(vdev); 597 598 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 599 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 600 &crypto_priv); 601 if (crypto_priv == NULL) { 602 qdf_print("%s[%d] crypto_priv NULL\n", 603 __func__, __LINE__); 604 return QDF_STATUS_E_INVAL; 605 } 606 607 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 608 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 609 else 610 key = crypto_priv->key[req_key->keyix]; 611 if (!key) 612 return QDF_STATUS_E_INVAL; 613 } else { 614 struct wlan_objmgr_peer *peer; 615 616 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 617 psoc, 618 mac_addr, 619 macaddr, 620 WLAN_CRYPTO_ID); 621 if (peer == NULL) { 622 QDF_TRACE(QDF_MODULE_ID_CRYPTO, QDF_TRACE_LEVEL_ERROR, 623 "%s[%d] peer NULL\n", __func__, __LINE__); 624 return QDF_STATUS_E_NOENT; 625 } 626 crypto_params = wlan_crypto_peer_get_comp_params(peer, 627 &crypto_priv); 628 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 629 if (crypto_priv == NULL) { 630 qdf_print("%s[%d] crypto_priv NULL\n", 631 __func__, __LINE__); 632 return QDF_STATUS_E_INVAL; 633 } 634 635 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) 636 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 637 else 638 key = crypto_priv->key[req_key->keyix]; 639 if (!key) 640 return QDF_STATUS_E_INVAL; 641 } 642 643 if (key->valid) { 644 qdf_mem_copy(req_key->keydata, 645 key->keyval, key->keylen); 646 qdf_mem_copy((uint8_t *)(&req_key->keytsc), 647 (uint8_t *)(&key->keytsc), 648 sizeof(req_key->keytsc)); 649 qdf_mem_copy((uint8_t *)(&req_key->keyrsc), 650 (uint8_t *)(&key->keyrsc[0]), 651 sizeof(req_key->keyrsc)); 652 req_key->keylen = key->keylen; 653 req_key->flags = key->flags; 654 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 655 656 if (!cipher_table) 657 return QDF_STATUS_SUCCESS; 658 659 req_key->type = cipher_table->cipher; 660 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) { 661 qdf_mem_copy((uint8_t *)(&req_key->txiv), 662 (uint8_t *)(key->txiv), 663 sizeof(req_key->txiv)); 664 qdf_mem_copy((uint8_t *)(&req_key->recviv), 665 (uint8_t *)(key->recviv), 666 sizeof(req_key->recviv)); 667 } 668 } 669 670 return QDF_STATUS_SUCCESS; 671 } 672 673 /** 674 * wlan_crypto_delkey - called by ucfg to delete key 675 * 676 * @vdev: vdev 677 * @mac_address: mac address of the peer for unicast key 678 * or broadcast address if group key is deleted. 679 * @key_idx: key index to be deleted 680 * This function gets called from ucfg to delete key 681 * 682 * Return: QDF_STATUS_SUCCESS - in case of success 683 */ 684 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev, 685 uint8_t *macaddr, 686 uint8_t key_idx){ 687 struct wlan_crypto_comp_priv *crypto_priv; 688 struct wlan_crypto_params *crypto_params; 689 struct wlan_crypto_key *key; 690 struct wlan_crypto_cipher *cipher_table; 691 struct wlan_objmgr_psoc *psoc; 692 uint8_t bssid_mac[WLAN_ALEN]; 693 694 if (!vdev || !macaddr || 695 (key_idx > 696 (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))) { 697 qdf_print("%s[%d] Invalid params vdev %pK, macaddr %pK" 698 "keyidx %d\n", __func__, __LINE__, vdev, 699 macaddr, key_idx); 700 return QDF_STATUS_E_INVAL; 701 } 702 703 wlan_vdev_obj_lock(vdev); 704 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 705 psoc = wlan_vdev_get_psoc(vdev); 706 if (!psoc) { 707 wlan_vdev_obj_unlock(vdev); 708 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 709 return QDF_STATUS_E_INVAL; 710 } 711 wlan_vdev_obj_unlock(vdev); 712 713 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 714 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 715 &crypto_priv); 716 if (crypto_priv == NULL) { 717 qdf_print("%s[%d] crypto_priv NULL\n", 718 __func__, __LINE__); 719 return QDF_STATUS_E_INVAL; 720 } 721 } else { 722 struct wlan_objmgr_peer *peer; 723 724 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 725 psoc, macaddr, 726 bssid_mac, 727 WLAN_CRYPTO_ID); 728 if (peer == NULL) { 729 return QDF_STATUS_E_INVAL; 730 } 731 crypto_params = wlan_crypto_peer_get_comp_params(peer, 732 &crypto_priv); 733 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 734 if (crypto_priv == NULL) { 735 qdf_print("%s[%d] crypto_priv NULL\n", 736 __func__, __LINE__); 737 return QDF_STATUS_E_INVAL; 738 } 739 } 740 741 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) { 742 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX; 743 key = crypto_priv->igtk_key[igtk_idx]; 744 crypto_priv->igtk_key[igtk_idx] = NULL; 745 key->valid = 0; 746 } else { 747 key = crypto_priv->key[key_idx]; 748 crypto_priv->key[key_idx] = NULL; 749 } 750 751 if (!key) 752 return QDF_STATUS_E_INVAL; 753 754 if (key->valid) { 755 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 756 757 if (WLAN_CRYPTO_TX_OPS_DELKEY(psoc)) { 758 WLAN_CRYPTO_TX_OPS_DELKEY(psoc)(vdev, key, 759 macaddr, cipher_table->cipher); 760 } 761 } 762 qdf_mem_free(key); 763 764 return QDF_STATUS_SUCCESS; 765 } 766 767 /** 768 * wlan_crypto_default_key - called by ucfg to set default tx key 769 * 770 * @vdev: vdev 771 * @mac_address: mac address of the peer for unicast key 772 * or broadcast address if group key need to made default. 773 * @key_idx: key index to be made as default key 774 * @unicast: is key was unicast or group key. 775 * This function gets called from ucfg to set default key 776 * 777 * Return: QDF_STATUS_SUCCESS - in case of success 778 */ 779 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev, 780 uint8_t *macaddr, 781 uint8_t key_idx, 782 bool unicast){ 783 struct wlan_crypto_comp_priv *crypto_priv; 784 struct wlan_crypto_params *crypto_params; 785 struct wlan_crypto_key *key; 786 struct wlan_objmgr_psoc *psoc; 787 uint8_t bssid_mac[WLAN_ALEN]; 788 789 wlan_vdev_obj_lock(vdev); 790 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 791 psoc = wlan_vdev_get_psoc(vdev); 792 if (!psoc) { 793 wlan_vdev_obj_unlock(vdev); 794 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 795 return QDF_STATUS_E_INVAL; 796 } 797 wlan_vdev_obj_unlock(vdev); 798 799 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) { 800 qdf_print("%s[%d] Invalid params vdev %pK, macaddr %pK" 801 "keyidx %d\n", __func__, __LINE__, 802 vdev, macaddr, key_idx); 803 return QDF_STATUS_E_INVAL; 804 } 805 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) { 806 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 807 &crypto_priv); 808 if (crypto_priv == NULL) { 809 qdf_print("%s[%d] crypto_priv NULL\n", 810 __func__, __LINE__); 811 return QDF_STATUS_E_INVAL; 812 } 813 814 key = crypto_priv->key[key_idx]; 815 if (!key) 816 return QDF_STATUS_E_INVAL; 817 } else { 818 struct wlan_objmgr_peer *peer; 819 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 820 psoc, macaddr, 821 bssid_mac, 822 WLAN_CRYPTO_ID); 823 824 if (peer == NULL) { 825 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 826 return QDF_STATUS_E_INVAL; 827 } 828 crypto_params = wlan_crypto_peer_get_comp_params(peer, 829 &crypto_priv); 830 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 831 if (crypto_priv == NULL) { 832 qdf_print("%s[%d] crypto_priv NULL\n", 833 __func__, __LINE__); 834 return QDF_STATUS_E_INVAL; 835 } 836 837 key = crypto_priv->key[key_idx]; 838 if (!key) 839 return QDF_STATUS_E_INVAL; 840 } 841 if (!key->valid) 842 return QDF_STATUS_E_INVAL; 843 844 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)) { 845 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(psoc)(vdev, key_idx, 846 macaddr); 847 } 848 crypto_priv->def_tx_keyid = key_idx; 849 850 return QDF_STATUS_SUCCESS; 851 } 852 853 /** 854 * wlan_crypto_encap - called by mgmt for encap the frame based on cipher 855 * 856 * @vdev: vdev 857 * @wbuf: wbuf 858 * @macaddr: macaddr 859 * @encapdone: is encapdone already or not. 860 * This function gets called from mgmt txrx to encap frame. 861 * 862 * Return: QDF_STATUS_SUCCESS - in case of success 863 */ 864 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev, 865 qdf_nbuf_t wbuf, 866 uint8_t *mac_addr, 867 uint8_t encapdone){ 868 struct wlan_crypto_comp_priv *crypto_priv; 869 struct wlan_crypto_params *crypto_params; 870 struct wlan_crypto_key *key; 871 QDF_STATUS status; 872 struct wlan_crypto_cipher *cipher_table; 873 struct wlan_objmgr_psoc *psoc; 874 uint8_t bssid_mac[WLAN_ALEN]; 875 876 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf))) 877 return QDF_STATUS_E_INVAL; 878 879 wlan_vdev_obj_lock(vdev); 880 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 881 psoc = wlan_vdev_get_psoc(vdev); 882 if (!psoc) { 883 wlan_vdev_obj_unlock(vdev); 884 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 885 return QDF_STATUS_E_INVAL; 886 } 887 wlan_vdev_obj_unlock(vdev); 888 889 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 890 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 891 &crypto_priv); 892 if (crypto_priv == NULL) { 893 qdf_print("%s[%d] crypto_priv NULL\n", 894 __func__, __LINE__); 895 return QDF_STATUS_E_INVAL; 896 } 897 898 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 899 if (!key) 900 return QDF_STATUS_E_INVAL; 901 902 } else { 903 struct wlan_objmgr_peer *peer; 904 905 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 906 psoc, mac_addr, bssid_mac, WLAN_CRYPTO_ID); 907 908 if (peer == NULL) { 909 qdf_print("%s[%d] crypto_priv NULL\n", 910 __func__, __LINE__); 911 return QDF_STATUS_E_INVAL; 912 } 913 crypto_params = wlan_crypto_peer_get_comp_params(peer, 914 &crypto_priv); 915 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 916 917 if (crypto_priv == NULL) { 918 qdf_print("%s[%d] crypto_priv NULL\n", 919 __func__, __LINE__); 920 return QDF_STATUS_E_INVAL; 921 } 922 923 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 924 if (!key) 925 return QDF_STATUS_E_INVAL; 926 } 927 /* if tkip, is counter measures enabled, then drop the frame */ 928 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 929 status = cipher_table->encap(key, wbuf, encapdone, 930 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 931 932 return status; 933 } 934 EXPORT_SYMBOL(wlan_crypto_encap); 935 936 /** 937 * wlan_crypto_decap - called by mgmt for decap the frame based on cipher 938 * 939 * @vdev: vdev 940 * @wbuf: wbuf 941 * @macaddr: macaddr 942 * @tid: tid of the frame 943 * This function gets called from mgmt txrx to decap frame. 944 * 945 * Return: QDF_STATUS_SUCCESS - in case of success 946 */ 947 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev, 948 qdf_nbuf_t wbuf, 949 uint8_t *mac_addr, 950 uint8_t tid){ 951 struct wlan_crypto_comp_priv *crypto_priv; 952 struct wlan_crypto_params *crypto_params; 953 struct wlan_crypto_key *key; 954 QDF_STATUS status; 955 struct wlan_crypto_cipher *cipher_table; 956 struct wlan_objmgr_psoc *psoc; 957 uint8_t bssid_mac[WLAN_ALEN]; 958 959 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf))) 960 return QDF_STATUS_E_INVAL; 961 962 wlan_vdev_obj_lock(vdev); 963 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 964 psoc = wlan_vdev_get_psoc(vdev); 965 if (!psoc) { 966 wlan_vdev_obj_unlock(vdev); 967 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 968 return QDF_STATUS_E_INVAL; 969 } 970 wlan_vdev_obj_unlock(vdev); 971 972 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 973 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 974 &crypto_priv); 975 if (crypto_priv == NULL) { 976 qdf_print("%s[%d] crypto_priv NULL\n", 977 __func__, __LINE__); 978 return QDF_STATUS_E_INVAL; 979 } 980 981 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 982 if (!key) 983 return QDF_STATUS_E_INVAL; 984 985 } else { 986 struct wlan_objmgr_peer *peer; 987 988 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 989 psoc, mac_addr, bssid_mac, 990 WLAN_CRYPTO_ID); 991 if (peer == NULL) { 992 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 993 return QDF_STATUS_E_INVAL; 994 } 995 996 crypto_params = wlan_crypto_peer_get_comp_params(peer, 997 &crypto_priv); 998 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 999 1000 if (crypto_priv == NULL) { 1001 qdf_print("%s[%d] crypto_priv NULL\n", 1002 __func__, __LINE__); 1003 return QDF_STATUS_E_INVAL; 1004 } 1005 1006 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1007 if (!key) 1008 return QDF_STATUS_E_INVAL; 1009 } 1010 /* if tkip, is counter measures enabled, then drop the frame */ 1011 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1012 status = cipher_table->decap(key, wbuf, tid, 1013 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1014 1015 return status; 1016 } 1017 EXPORT_SYMBOL(wlan_crypto_decap); 1018 /** 1019 * wlan_crypto_enmic - called by mgmt for adding mic in frame based on cipher 1020 * 1021 * @vdev: vdev 1022 * @wbuf: wbuf 1023 * @macaddr: macaddr 1024 * @encapdone: is encapdone already or not. 1025 * This function gets called from mgmt txrx to adding mic to the frame. 1026 * 1027 * Return: QDF_STATUS_SUCCESS - in case of success 1028 */ 1029 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev, 1030 qdf_nbuf_t wbuf, 1031 uint8_t *mac_addr, 1032 uint8_t encapdone){ 1033 struct wlan_crypto_comp_priv *crypto_priv; 1034 struct wlan_crypto_params *crypto_params; 1035 struct wlan_crypto_key *key; 1036 QDF_STATUS status; 1037 struct wlan_crypto_cipher *cipher_table; 1038 struct wlan_objmgr_psoc *psoc; 1039 uint8_t bssid_mac[WLAN_ALEN]; 1040 1041 wlan_vdev_obj_lock(vdev); 1042 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1043 psoc = wlan_vdev_get_psoc(vdev); 1044 if (!psoc) { 1045 wlan_vdev_obj_unlock(vdev); 1046 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1047 return QDF_STATUS_E_INVAL; 1048 } 1049 wlan_vdev_obj_unlock(vdev); 1050 1051 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1052 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1053 &crypto_priv); 1054 if (crypto_priv == NULL) { 1055 qdf_print("%s[%d] crypto_priv NULL\n", 1056 __func__, __LINE__); 1057 return QDF_STATUS_E_INVAL; 1058 } 1059 1060 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1061 if (!key) 1062 return QDF_STATUS_E_INVAL; 1063 1064 } else { 1065 struct wlan_objmgr_peer *peer; 1066 1067 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1068 psoc, mac_addr, bssid_mac, 1069 WLAN_CRYPTO_ID); 1070 if (peer == NULL) { 1071 qdf_print("%s[%d] crypto_priv NULL\n", 1072 __func__, __LINE__); 1073 return QDF_STATUS_E_INVAL; 1074 } 1075 1076 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1077 &crypto_priv); 1078 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1079 1080 if (crypto_priv == NULL) { 1081 qdf_print("%s[%d] crypto_priv NULL\n", 1082 __func__, __LINE__); 1083 return QDF_STATUS_E_INVAL; 1084 } 1085 1086 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1087 if (!key) 1088 return QDF_STATUS_E_INVAL; 1089 } 1090 /* if tkip, is counter measures enabled, then drop the frame */ 1091 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1092 status = cipher_table->enmic(key, wbuf, encapdone, 1093 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1094 1095 return status; 1096 } 1097 1098 /** 1099 * wlan_crypto_demic - called by mgmt for remove and check mic for 1100 * the frame based on cipher 1101 * 1102 * @vdev: vdev 1103 * @wbuf: wbuf 1104 * @macaddr: macaddr 1105 * @tid: tid of the frame 1106 * This function gets called from mgmt txrx to decap frame. 1107 * 1108 * Return: QDF_STATUS_SUCCESS - in case of success 1109 */ 1110 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev, 1111 qdf_nbuf_t wbuf, 1112 uint8_t *mac_addr, 1113 uint8_t tid){ 1114 struct wlan_crypto_comp_priv *crypto_priv; 1115 struct wlan_crypto_params *crypto_params; 1116 struct wlan_crypto_key *key; 1117 QDF_STATUS status; 1118 struct wlan_crypto_cipher *cipher_table; 1119 struct wlan_objmgr_psoc *psoc; 1120 uint8_t bssid_mac[WLAN_ALEN]; 1121 1122 wlan_vdev_obj_lock(vdev); 1123 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 1124 psoc = wlan_vdev_get_psoc(vdev); 1125 if (!psoc) { 1126 wlan_vdev_obj_unlock(vdev); 1127 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 1128 return QDF_STATUS_E_INVAL; 1129 } 1130 wlan_vdev_obj_unlock(vdev); 1131 1132 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) { 1133 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1134 &crypto_priv); 1135 if (crypto_priv == NULL) { 1136 qdf_print("%s[%d] crypto_priv NULL\n", 1137 __func__, __LINE__); 1138 return QDF_STATUS_E_INVAL; 1139 } 1140 1141 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1142 if (!key) 1143 return QDF_STATUS_E_INVAL; 1144 1145 } else { 1146 struct wlan_objmgr_peer *peer; 1147 1148 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 1149 psoc, mac_addr, bssid_mac, 1150 WLAN_CRYPTO_ID); 1151 if (peer == NULL) { 1152 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 1153 return QDF_STATUS_E_INVAL; 1154 } 1155 1156 crypto_params = wlan_crypto_peer_get_comp_params(peer, 1157 &crypto_priv); 1158 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 1159 1160 if (crypto_priv == NULL) { 1161 qdf_print("%s[%d] crypto_priv NULL\n", 1162 __func__, __LINE__); 1163 return QDF_STATUS_E_INVAL; 1164 } 1165 1166 key = crypto_priv->key[crypto_priv->def_tx_keyid]; 1167 if (!key) 1168 return QDF_STATUS_E_INVAL; 1169 } 1170 /* if tkip, is counter measures enabled, then drop the frame */ 1171 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table; 1172 status = cipher_table->demic(key, wbuf, tid, 1173 ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf))); 1174 1175 return status; 1176 } 1177 1178 /** 1179 * wlan_crypto_vdev_is_pmf_enabled - called to check is pmf enabled in vdev 1180 * 1181 * @vdev: vdev 1182 * 1183 * This function gets called to check is pmf enabled or not in vdev. 1184 * 1185 * Return: true or false 1186 */ 1187 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev) 1188 { 1189 1190 struct wlan_crypto_comp_priv *crypto_priv; 1191 struct wlan_crypto_params *vdev_crypto_params; 1192 1193 if (!vdev) 1194 return false; 1195 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1196 &crypto_priv); 1197 if (crypto_priv == NULL) { 1198 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1199 return QDF_STATUS_E_INVAL; 1200 } 1201 1202 if ((vdev_crypto_params->rsn_caps & 1203 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) 1204 || (vdev_crypto_params->rsn_caps & 1205 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1206 return true; 1207 } 1208 1209 return false; 1210 } 1211 /** 1212 * wlan_crypto_is_pmf_enabled - called by mgmt txrx to check is pmf enabled 1213 * 1214 * @vdev: vdev 1215 * @peer: peer 1216 * 1217 * This function gets called by mgmt txrx to check is pmf enabled or not. 1218 * 1219 * Return: true or false 1220 */ 1221 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev, 1222 struct wlan_objmgr_peer *peer){ 1223 1224 struct wlan_crypto_comp_priv *crypto_priv; 1225 struct wlan_crypto_params *vdev_crypto_params; 1226 struct wlan_crypto_params *peer_crypto_params; 1227 1228 if (!vdev || !peer) 1229 return false; 1230 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1231 &crypto_priv); 1232 if (crypto_priv == NULL) { 1233 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1234 return QDF_STATUS_E_INVAL; 1235 } 1236 1237 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer, 1238 &crypto_priv); 1239 if (crypto_priv == NULL) { 1240 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1241 return QDF_STATUS_E_INVAL; 1242 } 1243 if (((vdev_crypto_params->rsn_caps & 1244 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) && 1245 (peer_crypto_params->rsn_caps & 1246 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) 1247 || (vdev_crypto_params->rsn_caps & 1248 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) { 1249 return true; 1250 } 1251 1252 return false; 1253 } 1254 /** 1255 * wlan_crypto_add_mmie - called by mgmt txrx to add mmie in frame 1256 * 1257 * @vdev: vdev 1258 * @bfrm: frame starting pointer 1259 * @len: length of the frame 1260 * 1261 * This function gets called by mgmt txrx to add mmie in frame 1262 * 1263 * Return: end of frame or NULL in case failure 1264 */ 1265 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev, 1266 uint8_t *bfrm, 1267 uint32_t len) { 1268 struct wlan_crypto_key *key; 1269 struct wlan_crypto_mmie *mmie; 1270 uint8_t *pn, *aad, *buf, *efrm, nounce[12]; 1271 struct ieee80211_hdr *hdr; 1272 uint32_t i, hdrlen, mic_len, aad_len; 1273 uint8_t mic[16]; 1274 struct wlan_crypto_comp_priv *crypto_priv; 1275 struct wlan_crypto_params *crypto_params; 1276 int32_t ret; 1277 1278 if (!bfrm) { 1279 qdf_print("%s[%d] frame is NULL\n", __func__, __LINE__); 1280 return NULL; 1281 } 1282 1283 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 1284 &crypto_priv); 1285 if (crypto_priv == NULL) { 1286 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1287 return NULL; 1288 } 1289 1290 if (crypto_priv->def_igtk_tx_keyid > WLAN_CRYPTO_MAXIGTKKEYIDX) { 1291 qdf_print("%s[%d] igtk key invalid keyid %d \n", 1292 __func__, __LINE__, crypto_priv->def_igtk_tx_keyid); 1293 return NULL; 1294 } 1295 1296 key = crypto_priv->igtk_key[crypto_priv->def_igtk_tx_keyid]; 1297 if (!key) { 1298 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1299 return NULL; 1300 } 1301 mic_len = (crypto_priv->igtk_key_type 1302 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1303 1304 efrm = bfrm + len; 1305 aad_len = 20; 1306 hdrlen = sizeof(struct ieee80211_hdr); 1307 len += sizeof(struct wlan_crypto_mmie); 1308 1309 mmie = (struct wlan_crypto_mmie *) efrm; 1310 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie)); 1311 mmie->element_id = WLAN_ELEMID_MMIE; 1312 mmie->length = sizeof(*mmie) - 2; 1313 mmie->key_id = qdf_cpu_to_le16(key->keyix); 1314 1315 mic_len = (crypto_priv->igtk_key_type 1316 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1317 if (mic_len == 8) { 1318 mmie->length -= 8; 1319 len -= 8; 1320 } 1321 /* PN = PN + 1 */ 1322 pn = (uint8_t *)&key->keytsc; 1323 1324 for (i = 0; i <= 5; i++) { 1325 pn[i]++; 1326 if (pn[i]) 1327 break; 1328 } 1329 1330 /* Copy IPN */ 1331 qdf_mem_copy(mmie->sequence_number, pn, 6); 1332 1333 hdr = (struct ieee80211_hdr *) bfrm; 1334 1335 buf = qdf_mem_malloc(len - hdrlen + 20); 1336 if (!buf) { 1337 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1338 return NULL; 1339 } 1340 qdf_mem_zero(buf, len - hdrlen + 20); 1341 aad = buf; 1342 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1343 1344 /* FC type/subtype */ 1345 aad[0] = hdr->frame_control & 0xff; 1346 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1347 aad[1] = (hdr->frame_control & ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT 1348 | WLAN_FC_MOREDATA)) >> 8; 1349 /* A1 || A2 || A3 */ 1350 qdf_mem_copy(aad + 2, hdr->addr1, WLAN_ALEN); 1351 qdf_mem_copy(aad + 8, hdr->addr2, WLAN_ALEN); 1352 qdf_mem_copy(aad + 14, hdr->addr3, WLAN_ALEN); 1353 qdf_mem_zero(mic, 16); 1354 1355 /* 1356 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1357 */ 1358 1359 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen); 1360 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1361 1362 ret = omac1_aes_128(key->keyval, buf, 1363 len + aad_len - hdrlen, mic); 1364 qdf_mem_copy(mmie->mic, mic, 8); 1365 1366 } else if (crypto_priv->igtk_key_type 1367 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1368 1369 ret = omac1_aes_256(key->keyval, buf, 1370 len + aad_len - hdrlen, mmie->mic); 1371 1372 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1373 || (crypto_priv->igtk_key_type 1374 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1375 1376 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1377 qdf_mem_copy(nounce + 6, pn, 6); 1378 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1379 sizeof(nounce), buf, 1380 len + aad_len - hdrlen, mmie->mic); 1381 1382 } 1383 qdf_mem_free(buf); 1384 if (ret < 0) { 1385 qdf_print("%s[%d] add mmie failed\n", __func__, __LINE__); 1386 return NULL; 1387 } 1388 1389 key->keytsc++; 1390 1391 return bfrm + len; 1392 } 1393 1394 /** 1395 * wlan_crypto_is_mmie_valid - called by mgmt txrx to check mmie of the frame 1396 * 1397 * @vdev: vdev 1398 * @frm: frame starting pointer 1399 * @efrm: end of frame pointer 1400 * 1401 * This function gets called by mgmt txrx to check mmie of the frame 1402 * 1403 * Return: true or false 1404 */ 1405 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev, 1406 uint8_t *frm, 1407 uint8_t *efrm){ 1408 struct wlan_crypto_mmie *mmie = NULL; 1409 uint8_t *ipn, *aad, *buf, mic[16], nounce[12]; 1410 struct wlan_crypto_key *key; 1411 struct ieee80211_hdr *hdr; 1412 uint16_t mic_len, hdrlen, len; 1413 struct wlan_crypto_comp_priv *crypto_priv; 1414 struct wlan_crypto_params *crypto_params; 1415 uint8_t aad_len = 20; 1416 int32_t ret; 1417 1418 /* check if frame is illegal length */ 1419 if (!frm || !efrm || (efrm < frm) 1420 || ((efrm - frm) < sizeof(struct ieee80211_hdr))) { 1421 qdf_print("%s[%d] Invalid params\n", __func__, __LINE__); 1422 return false; 1423 } 1424 len = efrm - frm; 1425 crypto_priv = (struct wlan_crypto_comp_priv *) 1426 wlan_get_vdev_crypto_obj(vdev); 1427 if (crypto_priv == NULL) { 1428 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 1429 return false; 1430 } 1431 1432 crypto_params = &(crypto_priv->crypto_params); 1433 1434 1435 mic_len = (crypto_priv->igtk_key_type 1436 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16; 1437 hdrlen = sizeof(struct ieee80211_hdr); 1438 1439 if (mic_len == 8) 1440 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8); 1441 else 1442 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie)); 1443 1444 1445 /* check Elem ID*/ 1446 if ((mmie == NULL) || (mmie->element_id != WLAN_ELEMID_MMIE)) { 1447 qdf_print("%s[%d] IE is not MMIE\n", __func__, __LINE__); 1448 return false; 1449 } 1450 1451 if (mmie->key_id > (WLAN_CRYPTO_MAXKEYIDX + 1452 WLAN_CRYPTO_MAXIGTKKEYIDX)) { 1453 qdf_print("%s[%d] keyid not valid\n", __func__, __LINE__); 1454 return false; 1455 } 1456 1457 key = crypto_priv->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX]; 1458 if (!key) { 1459 qdf_print("%s[%d] No igtk key present\n", __func__, __LINE__); 1460 return false; 1461 } 1462 1463 /* validate ipn */ 1464 ipn = mmie->sequence_number; 1465 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) { 1466 qdf_print("%s[%d] replay error\n", __func__, __LINE__); 1467 return false; 1468 } 1469 1470 buf = qdf_mem_malloc(len - hdrlen + 20); 1471 if (!buf) { 1472 qdf_print("%s[%d] malloc failed\n", __func__, __LINE__); 1473 return false; 1474 } 1475 aad = buf; 1476 1477 /* construct AAD */ 1478 hdr = (struct ieee80211_hdr *)frm; 1479 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */ 1480 1481 /* FC type/subtype */ 1482 aad[0] = hdr->frame_control & 0xff; 1483 /* Mask FC Retry, PwrMgt, MoreData flags to zero */ 1484 aad[1] = (hdr->frame_control & ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT 1485 | WLAN_FC_MOREDATA)) >> 8; 1486 /* A1 || A2 || A3 */ 1487 qdf_mem_copy(aad + 2, hdr->addr1, 3 * WLAN_ALEN); 1488 1489 /* 1490 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64) 1491 */ 1492 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen); 1493 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len); 1494 qdf_mem_zero(mic, 16); 1495 if (crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) { 1496 ret = omac1_aes_128(key->keyval, buf, 1497 len - hdrlen + aad_len, mic); 1498 } else if (crypto_priv->igtk_key_type 1499 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) { 1500 ret = omac1_aes_256(key->keyval, buf, 1501 len + aad_len - hdrlen, mic); 1502 } else if ((crypto_priv->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) 1503 || (crypto_priv->igtk_key_type 1504 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 1505 qdf_mem_copy(nounce, hdr->addr2, WLAN_ALEN); 1506 qdf_mem_copy(nounce + 6, ipn, 6); 1507 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nounce, 1508 sizeof(nounce), buf, 1509 len + aad_len - hdrlen, mic); 1510 } 1511 1512 qdf_mem_free(buf); 1513 1514 if (ret < 0) { 1515 qdf_print("%s[%d] genarate mmie failed\n", __func__, __LINE__); 1516 return false; 1517 } 1518 1519 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) { 1520 qdf_print("%s[%d] mmie mismatch\n", __func__, __LINE__); 1521 /* MMIE MIC mismatch */ 1522 return false; 1523 } 1524 1525 /* Update the receive sequence number */ 1526 qdf_mem_copy(key->keyrsc, ipn, 6); 1527 qdf_print("%s[%d] mmie matched\n", __func__, __LINE__); 1528 1529 return true; 1530 } 1531 1532 1533 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher) 1534 { 1535 int32_t status = -1; 1536 1537 switch (cipher) { 1538 case WLAN_CRYPTO_CIPHER_TKIP: 1539 return WPA_CIPHER_SUITE_TKIP; 1540 case WLAN_CRYPTO_CIPHER_AES_CCM: 1541 return WPA_CIPHER_SUITE_CCMP; 1542 case WLAN_CRYPTO_CIPHER_NONE: 1543 return WPA_CIPHER_SUITE_NONE; 1544 } 1545 1546 return status; 1547 } 1548 1549 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher) 1550 { 1551 int32_t status = -1; 1552 1553 switch (cipher) { 1554 case WLAN_CRYPTO_CIPHER_TKIP: 1555 return RSN_CIPHER_SUITE_TKIP; 1556 case WLAN_CRYPTO_CIPHER_AES_CCM: 1557 return RSN_CIPHER_SUITE_CCMP; 1558 case WLAN_CRYPTO_CIPHER_AES_CCM_256: 1559 return RSN_CIPHER_SUITE_CCMP_256; 1560 case WLAN_CRYPTO_CIPHER_AES_GCM: 1561 return RSN_CIPHER_SUITE_GCMP; 1562 case WLAN_CRYPTO_CIPHER_AES_GCM_256: 1563 return RSN_CIPHER_SUITE_GCMP_256; 1564 case WLAN_CRYPTO_CIPHER_AES_CMAC: 1565 return RSN_CIPHER_SUITE_AES_CMAC; 1566 case WLAN_CRYPTO_CIPHER_AES_CMAC_256: 1567 return RSN_CIPHER_SUITE_BIP_CMAC_256; 1568 case WLAN_CRYPTO_CIPHER_AES_GMAC: 1569 return RSN_CIPHER_SUITE_BIP_GMAC_128; 1570 case WLAN_CRYPTO_CIPHER_AES_GMAC_256: 1571 return RSN_CIPHER_SUITE_BIP_GMAC_256; 1572 case WLAN_CRYPTO_CIPHER_NONE: 1573 return RSN_CIPHER_SUITE_NONE; 1574 } 1575 1576 return status; 1577 } 1578 1579 /* 1580 * Convert an RSN key management/authentication algorithm 1581 * to an internal code. 1582 */ 1583 static int32_t 1584 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt) 1585 { 1586 int32_t status = -1; 1587 1588 switch (keymgmt) { 1589 case WLAN_CRYPTO_KEY_MGMT_NONE: 1590 return RSN_AUTH_KEY_MGMT_NONE; 1591 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1592 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; 1593 case WLAN_CRYPTO_KEY_MGMT_PSK: 1594 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1595 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X: 1596 return RSN_AUTH_KEY_MGMT_FT_802_1X; 1597 case WLAN_CRYPTO_KEY_MGMT_FT_PSK: 1598 return RSN_AUTH_KEY_MGMT_FT_PSK; 1599 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256: 1600 return RSN_AUTH_KEY_MGMT_802_1X_SHA256; 1601 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256: 1602 return RSN_AUTH_KEY_MGMT_PSK_SHA256; 1603 case WLAN_CRYPTO_KEY_MGMT_SAE: 1604 return RSN_AUTH_KEY_MGMT_SAE; 1605 case WLAN_CRYPTO_KEY_MGMT_FT_SAE: 1606 return RSN_AUTH_KEY_MGMT_FT_SAE; 1607 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B: 1608 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B; 1609 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192: 1610 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192; 1611 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1612 return RSN_AUTH_KEY_MGMT_CCKM; 1613 case WLAN_CRYPTO_KEY_MGMT_OSEN: 1614 return RSN_AUTH_KEY_MGMT_OSEN; 1615 } 1616 1617 return status; 1618 } 1619 1620 /* 1621 * Convert an RSN key management/authentication algorithm 1622 * to an internal code. 1623 */ 1624 static int32_t 1625 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt) 1626 { 1627 int32_t status = -1; 1628 1629 switch (keymgmt) { 1630 case WLAN_CRYPTO_KEY_MGMT_NONE: 1631 return WPA_AUTH_KEY_MGMT_NONE; 1632 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X: 1633 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; 1634 case WLAN_CRYPTO_KEY_MGMT_PSK: 1635 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; 1636 case WLAN_CRYPTO_KEY_MGMT_CCKM: 1637 return WPA_AUTH_KEY_MGMT_CCKM; 1638 } 1639 1640 return status; 1641 } 1642 /** 1643 * 1644 * Convert a WPA cipher selector OUI to an internal 1645 * cipher algorithm. Where appropriate we also 1646 * record any key length. 1647 */ 1648 static int32_t wlan_crypto_wpa_suite_to_cipher(uint8_t *sel) 1649 { 1650 uint32_t w = BE_READ_4(sel); 1651 int32_t status = -1; 1652 1653 switch (w) { 1654 case WPA_CIPHER_SUITE_TKIP: 1655 return WLAN_CRYPTO_CIPHER_TKIP; 1656 case WPA_CIPHER_SUITE_CCMP: 1657 return WLAN_CRYPTO_CIPHER_AES_CCM; 1658 case WPA_CIPHER_SUITE_NONE: 1659 return WLAN_CRYPTO_CIPHER_NONE; 1660 } 1661 1662 return status; 1663 } 1664 1665 /* 1666 * Convert a WPA key management/authentication algorithm 1667 * to an internal code. 1668 */ 1669 static int32_t wlan_crypto_wpa_suite_to_keymgmt(uint8_t *sel) 1670 { 1671 uint32_t w = BE_READ_4(sel); 1672 int32_t status = -1; 1673 1674 switch (w) { 1675 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X: 1676 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1677 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1678 return WLAN_CRYPTO_KEY_MGMT_PSK; 1679 case WPA_AUTH_KEY_MGMT_CCKM: 1680 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1681 case WPA_AUTH_KEY_MGMT_NONE: 1682 return WLAN_CRYPTO_KEY_MGMT_NONE; 1683 } 1684 return status; 1685 } 1686 1687 /* 1688 * Convert a RSN cipher selector OUI to an internal 1689 * cipher algorithm. Where appropriate we also 1690 * record any key length. 1691 */ 1692 static int32_t wlan_crypto_rsn_suite_to_cipher(uint8_t *sel) 1693 { 1694 uint32_t w = BE_READ_4(sel); 1695 int32_t status = -1; 1696 1697 switch (w) { 1698 case RSN_CIPHER_SUITE_TKIP: 1699 return WLAN_CRYPTO_CIPHER_TKIP; 1700 case RSN_CIPHER_SUITE_CCMP: 1701 return WLAN_CRYPTO_CIPHER_AES_CCM; 1702 case RSN_CIPHER_SUITE_CCMP_256: 1703 return WLAN_CRYPTO_CIPHER_AES_CCM_256; 1704 case RSN_CIPHER_SUITE_GCMP: 1705 return WLAN_CRYPTO_CIPHER_AES_GCM; 1706 case RSN_CIPHER_SUITE_GCMP_256: 1707 return WLAN_CRYPTO_CIPHER_AES_GCM_256; 1708 case RSN_CIPHER_SUITE_AES_CMAC: 1709 return WLAN_CRYPTO_CIPHER_AES_CMAC; 1710 case RSN_CIPHER_SUITE_BIP_CMAC_256: 1711 return WLAN_CRYPTO_CIPHER_AES_CMAC_256; 1712 case RSN_CIPHER_SUITE_BIP_GMAC_128: 1713 return WLAN_CRYPTO_CIPHER_AES_GMAC; 1714 case RSN_CIPHER_SUITE_BIP_GMAC_256: 1715 return WLAN_CRYPTO_CIPHER_AES_GMAC_256; 1716 case RSN_CIPHER_SUITE_NONE: 1717 return WLAN_CRYPTO_CIPHER_NONE; 1718 } 1719 1720 return status; 1721 } 1722 /* 1723 * Convert an RSN key management/authentication algorithm 1724 * to an internal code. 1725 */ 1726 static int32_t wlan_crypto_rsn_suite_to_keymgmt(uint8_t *sel) 1727 { 1728 uint32_t w = BE_READ_4(sel); 1729 int32_t status = -1; 1730 1731 switch (w) { 1732 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X: 1733 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X; 1734 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X: 1735 return WLAN_CRYPTO_KEY_MGMT_PSK; 1736 case RSN_AUTH_KEY_MGMT_FT_802_1X: 1737 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X; 1738 case RSN_AUTH_KEY_MGMT_FT_PSK: 1739 return WLAN_CRYPTO_KEY_MGMT_FT_PSK; 1740 case RSN_AUTH_KEY_MGMT_802_1X_SHA256: 1741 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256; 1742 case RSN_AUTH_KEY_MGMT_PSK_SHA256: 1743 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256; 1744 case RSN_AUTH_KEY_MGMT_SAE: 1745 return WLAN_CRYPTO_KEY_MGMT_SAE; 1746 case RSN_AUTH_KEY_MGMT_FT_SAE: 1747 return WLAN_CRYPTO_KEY_MGMT_FT_SAE; 1748 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B: 1749 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B; 1750 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192: 1751 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192; 1752 case RSN_AUTH_KEY_MGMT_CCKM: 1753 return WLAN_CRYPTO_KEY_MGMT_CCKM; 1754 case RSN_AUTH_KEY_MGMT_OSEN: 1755 return WLAN_CRYPTO_KEY_MGMT_OSEN; 1756 } 1757 1758 return status; 1759 } 1760 1761 /** 1762 * wlan_crypto_wpaie_check - called by mlme to check the wpaie 1763 * 1764 * 1765 * @crypto params: crypto params 1766 * @iebuf: ie buffer 1767 * 1768 * This function gets called by mlme to check the contents of wpa is 1769 * matching with given crypto params 1770 * 1771 * Return: QDF_STATUS_SUCCESS - in case of success 1772 */ 1773 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params, 1774 uint8_t *frm){ 1775 uint8_t len = frm[1]; 1776 int32_t w; 1777 int n; 1778 1779 /* 1780 * Check the length once for fixed parts: OUI, type, 1781 * version, mcast cipher, and 2 selector counts. 1782 * Other, variable-length data, must be checked separately. 1783 */ 1784 RESET_AUTHMODE(crypto_params); 1785 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA); 1786 1787 if (len < 14) 1788 return QDF_STATUS_E_INVAL; 1789 1790 frm += 6, len -= 4; 1791 1792 w = LE_READ_2(frm); 1793 if (w != WPA_VERSION) 1794 return QDF_STATUS_E_INVAL; 1795 1796 frm += 2, len -= 2; 1797 1798 /* multicast/group cipher */ 1799 RESET_MCAST_CIPHERS(crypto_params); 1800 w = wlan_crypto_wpa_suite_to_cipher(frm); 1801 if (w < 0) 1802 return QDF_STATUS_E_INVAL; 1803 SET_MCAST_CIPHER(crypto_params, w); 1804 frm += 4, len -= 4; 1805 1806 /* unicast ciphers */ 1807 n = LE_READ_2(frm); 1808 frm += 2, len -= 2; 1809 if (len < n*4+2) 1810 return QDF_STATUS_E_INVAL; 1811 1812 RESET_UCAST_CIPHERS(crypto_params); 1813 for (; n > 0; n--) { 1814 w = wlan_crypto_wpa_suite_to_cipher(frm); 1815 if (w < 0) 1816 return QDF_STATUS_E_INVAL; 1817 SET_UCAST_CIPHER(crypto_params, w); 1818 frm += 4, len -= 4; 1819 } 1820 1821 if (!crypto_params->ucastcipherset) 1822 return QDF_STATUS_E_INVAL; 1823 1824 /* key management algorithms */ 1825 n = LE_READ_2(frm); 1826 frm += 2, len -= 2; 1827 if (len < n*4) 1828 return QDF_STATUS_E_INVAL; 1829 1830 w = 0; 1831 RESET_KEY_MGMT(crypto_params); 1832 for (; n > 0; n--) { 1833 w = wlan_crypto_wpa_suite_to_keymgmt(frm); 1834 if (w < 0) 1835 return QDF_STATUS_E_INVAL; 1836 SET_KEY_MGMT(crypto_params, w); 1837 frm += 4, len -= 4; 1838 } 1839 1840 /* optional capabilities */ 1841 if (len >= 2) { 1842 crypto_params->rsn_caps = LE_READ_2(frm); 1843 frm += 2, len -= 2; 1844 } 1845 1846 return 0; 1847 } 1848 1849 /** 1850 * wlan_crypto_rsnie_check - called by mlme to check the rsnie 1851 * 1852 * 1853 * @crypto params: crypto params 1854 * @iebuf: ie buffer 1855 * 1856 * This function gets called by mlme to check the contents of wpa is 1857 * matching with given crypto params 1858 * 1859 * Return: QDF_STATUS_SUCCESS - in case of success 1860 */ 1861 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params, 1862 uint8_t *frm){ 1863 uint8_t len = frm[1]; 1864 int32_t w; 1865 int n; 1866 1867 /* 1868 * Check the length once for fixed parts: OUI, type, 1869 * version, mcast cipher, and 2 selector counts. 1870 * Other, variable-length data, must be checked separately. 1871 */ 1872 RESET_AUTHMODE(crypto_params); 1873 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA); 1874 1875 if (len < 14) 1876 return QDF_STATUS_E_INVAL; 1877 1878 frm += 2, len -= 2; 1879 /* NB: iswapoui already validated the OUI and type */ 1880 w = LE_READ_2(frm); 1881 if (w != RSN_VERSION) 1882 return QDF_STATUS_E_INVAL; 1883 1884 frm += 2, len -= 2; 1885 1886 /* multicast/group cipher */ 1887 RESET_MCAST_CIPHERS(crypto_params); 1888 w = wlan_crypto_rsn_suite_to_cipher(frm); 1889 if (w < 0) 1890 return QDF_STATUS_E_INVAL; 1891 SET_MCAST_CIPHER(crypto_params, w); 1892 frm += 4, len -= 4; 1893 1894 /* unicast ciphers */ 1895 n = LE_READ_2(frm); 1896 frm += 2, len -= 2; 1897 if (len < n*4+2) 1898 return QDF_STATUS_E_INVAL; 1899 1900 RESET_UCAST_CIPHERS(crypto_params); 1901 for (; n > 0; n--) { 1902 w = wlan_crypto_rsn_suite_to_cipher(frm); 1903 if (w < 0) 1904 return QDF_STATUS_E_INVAL; 1905 SET_UCAST_CIPHER(crypto_params, w); 1906 frm += 4, len -= 4; 1907 } 1908 1909 if (crypto_params->ucastcipherset == 0) 1910 return QDF_STATUS_E_INVAL; 1911 1912 /* key management algorithms */ 1913 n = LE_READ_2(frm); 1914 frm += 2, len -= 2; 1915 if (len < n*4) 1916 return QDF_STATUS_E_INVAL; 1917 w = 0; 1918 1919 RESET_KEY_MGMT(crypto_params); 1920 for (; n > 0; n--) { 1921 w = wlan_crypto_rsn_suite_to_keymgmt(frm); 1922 if (w < 0) 1923 return QDF_STATUS_E_INVAL; 1924 SET_KEY_MGMT(crypto_params, (1 << w)); 1925 frm += 4, len -= 4; 1926 } 1927 1928 /* optional capabilities */ 1929 if (len >= 2) { 1930 crypto_params->rsn_caps = LE_READ_2(frm); 1931 frm += 2, len -= 2; 1932 } 1933 1934 return QDF_STATUS_SUCCESS; 1935 } 1936 1937 /** 1938 * wlan_crypto_build_wpaie - called by mlme to build wpaie 1939 * 1940 * @crypto params: crypto params 1941 * @iebuf: ie buffer 1942 * 1943 * This function gets called by mlme to build wpaie from given crypto params 1944 * 1945 * Return: end of buffer 1946 */ 1947 uint8_t *wlan_crypto_build_wpaie(struct wlan_crypto_params *crypto_params, 1948 uint8_t *iebuf){ 1949 uint8_t *frm = iebuf; 1950 uint8_t *selcnt; 1951 uint32_t mcastcipher; 1952 1953 *frm++ = WLAN_ELEMID_VENDOR; 1954 *frm++ = 0; 1955 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI); 1956 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION); 1957 1958 1959 /* multicast cipher */ 1960 mcastcipher = wlan_crypto_get_mcastcipher(crypto_params); 1961 WLAN_CRYPTO_ADDSELECTOR(frm, 1962 wlan_crypto_wpa_cipher_to_suite(mcastcipher)); 1963 1964 /* unicast cipher list */ 1965 selcnt = frm; 1966 WLAN_CRYPTO_ADDSHORT(frm, 0); 1967 /* do not use CCMP unicast cipher in WPA mode */ 1968 if (UCIPHER_IS_TKIP(crypto_params)) { 1969 selcnt[0]++; 1970 WLAN_CRYPTO_ADDSELECTOR(frm, 1971 wlan_crypto_wpa_cipher_to_suite( 1972 WLAN_CRYPTO_CIPHER_TKIP)); 1973 } 1974 if (UCIPHER_IS_CCMP128(crypto_params)) { 1975 selcnt[0]++; 1976 WLAN_CRYPTO_ADDSELECTOR(frm, 1977 wlan_crypto_wpa_cipher_to_suite( 1978 WLAN_CRYPTO_CIPHER_AES_CCM)); 1979 } 1980 if (UCIPHER_IS_CLEAR(crypto_params)) { 1981 selcnt[0]++; 1982 WLAN_CRYPTO_ADDSELECTOR(frm, 1983 wlan_crypto_wpa_cipher_to_suite( 1984 WLAN_CRYPTO_CIPHER_AES_CCM)); 1985 } 1986 1987 /* authenticator selector list */ 1988 selcnt = frm; 1989 WLAN_CRYPTO_ADDSHORT(frm, 0); 1990 1991 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 1992 selcnt[0]++; 1993 WLAN_CRYPTO_ADDSELECTOR(frm, 1994 wlan_crypto_wpa_keymgmt_to_suite( 1995 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 1996 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 1997 selcnt[0]++; 1998 WLAN_CRYPTO_ADDSELECTOR(frm, 1999 wlan_crypto_wpa_keymgmt_to_suite( 2000 WLAN_CRYPTO_KEY_MGMT_PSK)); 2001 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2002 selcnt[0]++; 2003 WLAN_CRYPTO_ADDSELECTOR(frm, 2004 wlan_crypto_wpa_keymgmt_to_suite( 2005 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2006 } else { 2007 selcnt[0]++; 2008 WLAN_CRYPTO_ADDSELECTOR(frm, 2009 wlan_crypto_wpa_keymgmt_to_suite( 2010 WLAN_CRYPTO_KEY_MGMT_NONE)); 2011 } 2012 2013 /* calculate element length */ 2014 iebuf[1] = frm - iebuf - 2; 2015 2016 return frm; 2017 } 2018 2019 /** 2020 * wlan_crypto_build_rsnie - called by mlme to build rsnie 2021 * 2022 * @crypto params: crypto params 2023 * @iebuf: ie buffer 2024 * 2025 * This function gets called by mlme to build rsnie from given crypto params 2026 * 2027 * Return: end of buffer 2028 */ 2029 uint8_t *wlan_crypto_build_rsnie(struct wlan_crypto_params *crypto_params, 2030 uint8_t *iebuf){ 2031 uint8_t *frm = iebuf; 2032 uint8_t *selcnt; 2033 uint32_t mcastcipher; 2034 2035 *frm++ = WLAN_ELEMID_RSN; 2036 *frm++ = 0; 2037 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION); 2038 2039 2040 /* multicast cipher */ 2041 mcastcipher = wlan_crypto_get_mcastcipher(crypto_params); 2042 WLAN_CRYPTO_ADDSELECTOR(frm, 2043 wlan_crypto_rsn_cipher_to_suite(mcastcipher)); 2044 2045 /* unicast cipher list */ 2046 selcnt = frm; 2047 WLAN_CRYPTO_ADDSHORT(frm, 0); 2048 /* do not use CCMP unicast cipher in WPA mode */ 2049 if (UCIPHER_IS_TKIP(crypto_params)) { 2050 selcnt[0]++; 2051 WLAN_CRYPTO_ADDSELECTOR(frm, 2052 wlan_crypto_rsn_cipher_to_suite( 2053 WLAN_CRYPTO_CIPHER_TKIP)); 2054 } 2055 if (UCIPHER_IS_CCMP128(crypto_params)) { 2056 selcnt[0]++; 2057 WLAN_CRYPTO_ADDSELECTOR(frm, 2058 wlan_crypto_rsn_cipher_to_suite( 2059 WLAN_CRYPTO_CIPHER_AES_CCM)); 2060 } 2061 if (UCIPHER_IS_CCMP256(crypto_params)) { 2062 selcnt[0]++; 2063 WLAN_CRYPTO_ADDSELECTOR(frm, 2064 wlan_crypto_rsn_cipher_to_suite( 2065 WLAN_CRYPTO_CIPHER_AES_CCM_256)); 2066 } 2067 2068 if (UCIPHER_IS_GCMP128(crypto_params)) { 2069 selcnt[0]++; 2070 WLAN_CRYPTO_ADDSELECTOR(frm, 2071 wlan_crypto_rsn_cipher_to_suite( 2072 WLAN_CRYPTO_CIPHER_AES_GCM)); 2073 } 2074 if (UCIPHER_IS_GCMP256(crypto_params)) { 2075 selcnt[0]++; 2076 WLAN_CRYPTO_ADDSELECTOR(frm, 2077 wlan_crypto_rsn_cipher_to_suite( 2078 WLAN_CRYPTO_CIPHER_AES_GCM_256)); 2079 } 2080 if (UCIPHER_IS_CLEAR(crypto_params)) { 2081 selcnt[0]++; 2082 WLAN_CRYPTO_ADDSELECTOR(frm, 2083 wlan_crypto_rsn_cipher_to_suite( 2084 WLAN_CRYPTO_CIPHER_AES_CCM)); 2085 } 2086 2087 2088 /* authenticator selector list */ 2089 selcnt = frm; 2090 WLAN_CRYPTO_ADDSHORT(frm, 0); 2091 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) { 2092 selcnt[0]++; 2093 WLAN_CRYPTO_ADDSELECTOR(frm, 2094 wlan_crypto_rsn_keymgmt_to_suite( 2095 WLAN_CRYPTO_KEY_MGMT_CCKM)); 2096 } else { 2097 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) { 2098 selcnt[0]++; 2099 WLAN_CRYPTO_ADDSELECTOR(frm, 2100 wlan_crypto_rsn_keymgmt_to_suite( 2101 WLAN_CRYPTO_KEY_MGMT_PSK)); 2102 } 2103 if (HAS_KEY_MGMT(crypto_params, 2104 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) { 2105 selcnt[0]++; 2106 WLAN_CRYPTO_ADDSELECTOR(frm, 2107 wlan_crypto_rsn_keymgmt_to_suite( 2108 WLAN_CRYPTO_KEY_MGMT_IEEE8021X)); 2109 } 2110 if (HAS_KEY_MGMT(crypto_params, 2111 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) { 2112 selcnt[0]++; 2113 WLAN_CRYPTO_ADDSELECTOR(frm, 2114 wlan_crypto_rsn_keymgmt_to_suite( 2115 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)); 2116 } 2117 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) { 2118 selcnt[0]++; 2119 WLAN_CRYPTO_ADDSELECTOR(frm, 2120 wlan_crypto_rsn_keymgmt_to_suite( 2121 WLAN_CRYPTO_KEY_MGMT_FT_PSK)); 2122 } 2123 if (HAS_KEY_MGMT(crypto_params, 2124 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) { 2125 selcnt[0]++; 2126 WLAN_CRYPTO_ADDSELECTOR(frm, 2127 wlan_crypto_rsn_keymgmt_to_suite( 2128 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)); 2129 } 2130 if (HAS_KEY_MGMT(crypto_params, 2131 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) { 2132 selcnt[0]++; 2133 WLAN_CRYPTO_ADDSELECTOR(frm, 2134 wlan_crypto_rsn_keymgmt_to_suite( 2135 WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)); 2136 } 2137 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) { 2138 selcnt[0]++; 2139 WLAN_CRYPTO_ADDSELECTOR(frm, 2140 wlan_crypto_rsn_keymgmt_to_suite( 2141 WLAN_CRYPTO_KEY_MGMT_OSEN)); 2142 } 2143 } 2144 2145 /* optional capabilities */ 2146 if (crypto_params->rsn_caps != 0 && 2147 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH){ 2148 2149 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2150 2151 if (HAS_MGMT_CIPHER(crypto_params, 2152 WLAN_CRYPTO_CIPHER_AES_CMAC)) { 2153 selcnt[0]++; 2154 WLAN_CRYPTO_ADDSELECTOR(frm, 2155 wlan_crypto_rsn_cipher_to_suite( 2156 WLAN_CRYPTO_CIPHER_AES_CMAC)); 2157 } 2158 if (HAS_MGMT_CIPHER(crypto_params, 2159 WLAN_CRYPTO_CIPHER_AES_GMAC)) { 2160 selcnt[0]++; 2161 WLAN_CRYPTO_ADDSELECTOR(frm, 2162 wlan_crypto_rsn_cipher_to_suite( 2163 WLAN_CRYPTO_CIPHER_AES_GMAC)); 2164 } 2165 if (HAS_MGMT_CIPHER(crypto_params, 2166 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) { 2167 selcnt[0]++; 2168 WLAN_CRYPTO_ADDSELECTOR(frm, 2169 wlan_crypto_rsn_cipher_to_suite( 2170 WLAN_CRYPTO_CIPHER_AES_CMAC_256)); 2171 } 2172 2173 if (HAS_MGMT_CIPHER(crypto_params, 2174 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) { 2175 selcnt[0]++; 2176 WLAN_CRYPTO_ADDSELECTOR(frm, 2177 wlan_crypto_rsn_cipher_to_suite( 2178 WLAN_CRYPTO_CIPHER_AES_GMAC_256)); 2179 } 2180 } 2181 /* calculate element length */ 2182 iebuf[1] = frm - iebuf - 2; 2183 2184 return frm; 2185 } 2186 2187 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev, 2188 struct wlan_crypto_params *crypto_params){ 2189 struct wlan_crypto_params *my_crypto_params; 2190 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev); 2191 2192 /* 2193 * Check peer's pairwise ciphers. 2194 * At least one must match with our unicast cipher 2195 */ 2196 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2197 return false; 2198 /* 2199 * Check peer's group cipher is our enabled multicast cipher. 2200 */ 2201 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) 2202 return false; 2203 /* 2204 * Check peer's key management class set (PSK or UNSPEC) 2205 */ 2206 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) 2207 return false; 2208 2209 return true; 2210 } 2211 2212 /* 2213 * Convert an WAPI CIPHER suite to to an internal code. 2214 */ 2215 static int32_t wlan_crypto_wapi_suite_to_cipher(uint8_t *sel) 2216 { 2217 uint32_t w = LE_READ_4(sel); 2218 int32_t status = -1; 2219 2220 switch (w) { 2221 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)): 2222 return WLAN_CRYPTO_CIPHER_WAPI_SMS4; 2223 } 2224 2225 return status; 2226 } 2227 2228 /* 2229 * Convert an WAPI key management/authentication algorithm 2230 * to an internal code. 2231 */ 2232 static int32_t wlan_crypto_wapi_keymgmt(u_int8_t *sel) 2233 { 2234 uint32_t w = LE_READ_4(sel); 2235 int32_t status = -1; 2236 2237 switch (w) { 2238 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)): 2239 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK; 2240 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)): 2241 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT; 2242 } 2243 2244 return status; 2245 } 2246 /** 2247 * wlan_crypto_wapiie_check - called by mlme to check the wapiie 2248 * 2249 * 2250 * @crypto params: crypto params 2251 * @iebuf: ie buffer 2252 * 2253 * This function gets called by mlme to check the contents of wapi is 2254 * matching with given crypto params 2255 * 2256 * Return: QDF_STATUS_SUCCESS - in case of success 2257 */ 2258 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params, 2259 uint8_t *frm) 2260 { 2261 uint8_t len = frm[1]; 2262 int32_t w; 2263 int n; 2264 2265 /* 2266 * Check the length once for fixed parts: OUI, type, 2267 * version, mcast cipher, and 2 selector counts. 2268 * Other, variable-length data, must be checked separately. 2269 */ 2270 RESET_AUTHMODE(crypto_params); 2271 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI); 2272 2273 if (len < WLAN_CRYPTO_WAPI_IE_LEN) 2274 return QDF_STATUS_E_INVAL; 2275 2276 2277 frm += 2; 2278 2279 w = LE_READ_2(frm); 2280 frm += 2, len -= 2; 2281 if (w != WAPI_VERSION) 2282 return QDF_STATUS_E_INVAL; 2283 2284 n = LE_READ_2(frm); 2285 frm += 2, len -= 2; 2286 if (len < n*4+2) 2287 return QDF_STATUS_E_INVAL; 2288 2289 RESET_KEY_MGMT(crypto_params); 2290 for (; n > 0; n--) { 2291 w = wlan_crypto_wapi_keymgmt(frm); 2292 if (w < 0) 2293 return QDF_STATUS_E_INVAL; 2294 2295 SET_KEY_MGMT(crypto_params, w); 2296 frm += 4, len -= 4; 2297 } 2298 2299 /* unicast ciphers */ 2300 n = LE_READ_2(frm); 2301 frm += 2, len -= 2; 2302 if (len < n*4+2) 2303 return QDF_STATUS_E_INVAL; 2304 2305 RESET_UCAST_CIPHERS(crypto_params); 2306 for (; n > 0; n--) { 2307 w = wlan_crypto_wapi_suite_to_cipher(frm); 2308 if (w < 0) 2309 return QDF_STATUS_E_INVAL; 2310 SET_UCAST_CIPHER(crypto_params, w); 2311 frm += 4, len -= 4; 2312 } 2313 2314 if (!crypto_params->ucastcipherset) 2315 return QDF_STATUS_E_INVAL; 2316 2317 /* multicast/group cipher */ 2318 RESET_MCAST_CIPHERS(crypto_params); 2319 w = wlan_crypto_wapi_suite_to_cipher(frm); 2320 2321 if (w < 0) 2322 return QDF_STATUS_E_INVAL; 2323 2324 SET_MCAST_CIPHER(crypto_params, w); 2325 frm += 4, len -= 4; 2326 2327 return QDF_STATUS_SUCCESS; 2328 } 2329 2330 /** 2331 * wlan_crypto_build_wapiie - called by mlme to build wapi ie 2332 * 2333 * @vdev: vdev 2334 * @iebuf: ie buffer 2335 * 2336 * This function gets called by mlme to build wapi ie from given vdev 2337 * 2338 * Return: end of buffer 2339 */ 2340 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev, 2341 uint8_t *iebuf) 2342 { 2343 uint8_t *frm; 2344 uint8_t *selcnt; 2345 struct wlan_crypto_comp_priv *crypto_priv; 2346 struct wlan_crypto_params *crypto_params; 2347 2348 frm = iebuf; 2349 if (!frm) { 2350 qdf_print("%s[%d] ie buffer NULL\n", __func__, __LINE__); 2351 return NULL; 2352 } 2353 2354 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2355 2356 if (!crypto_params) { 2357 qdf_print("%s[%d] crypto_params NULL\n", __func__, __LINE__); 2358 return NULL; 2359 } 2360 2361 *frm++ = WLAN_ELEMID_WAPI; 2362 *frm++ = 0; 2363 2364 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION); 2365 2366 /* authenticator selector list */ 2367 selcnt = frm; 2368 WLAN_CRYPTO_ADDSHORT(frm, 0); 2369 2370 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) { 2371 selcnt[0]++; 2372 WLAN_CRYPTO_ADDSELECTOR(frm, 2373 WLAN_WAPI_SEL(WLAN_WAI_PSK)); 2374 } 2375 2376 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) { 2377 selcnt[0]++; 2378 WLAN_CRYPTO_ADDSELECTOR(frm, 2379 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)); 2380 } 2381 2382 /* unicast cipher list */ 2383 selcnt = frm; 2384 WLAN_CRYPTO_ADDSHORT(frm, 0); 2385 2386 if (UCIPHER_IS_SMS4(crypto_params)) { 2387 selcnt[0]++; 2388 WLAN_CRYPTO_ADDSELECTOR(frm, 2389 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2390 } 2391 2392 WLAN_CRYPTO_ADDSELECTOR(frm, 2393 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)); 2394 2395 /* optional capabilities */ 2396 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps); 2397 2398 /* calculate element length */ 2399 iebuf[1] = frm - iebuf - 2; 2400 2401 return frm; 2402 2403 } 2404 2405 /** 2406 * wlan_crypto_pn_check - called by data patch for PN check 2407 * 2408 * @vdev: vdev 2409 * @wbuf: wbuf 2410 * 2411 * This function gets called by data patch for PN check 2412 * 2413 * Return: QDF_STATUS 2414 */ 2415 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev, 2416 qdf_nbuf_t wbuf){ 2417 /* Need to check is there real requirement for this function 2418 * as PN check is already handled in decap function. 2419 */ 2420 return QDF_STATUS_SUCCESS; 2421 } 2422 2423 /** 2424 * wlan_crypto_vdev_get_crypto_params - called by mlme to get crypto params 2425 * 2426 * @vdev:vdev 2427 * 2428 * This function gets called by mlme to get crypto params 2429 * 2430 * Return: wlan_crypto_params or NULL in case of failure 2431 */ 2432 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params( 2433 struct wlan_objmgr_vdev *vdev){ 2434 struct wlan_crypto_comp_priv *crypto_priv; 2435 2436 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv); 2437 } 2438 2439 /** 2440 * wlan_crypto_peer_get_crypto_params - called by mlme to get crypto params 2441 * 2442 * @peer:peer 2443 * 2444 * This function gets called by mlme to get crypto params 2445 * 2446 * Return: wlan_crypto_params or NULL in case of failure 2447 */ 2448 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params( 2449 struct wlan_objmgr_peer *peer){ 2450 struct wlan_crypto_comp_priv *crypto_priv; 2451 2452 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv); 2453 } 2454 2455 2456 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev, 2457 uint8_t *mac_addr){ 2458 uint8_t keymac[WLAN_ALEN]; 2459 struct wlan_crypto_comp_priv *crypto_priv; 2460 struct wlan_crypto_comp_priv *sta_crypto_priv; 2461 struct wlan_crypto_params *crypto_params; 2462 struct wlan_crypto_key *key; 2463 struct wlan_crypto_key *sta_key; 2464 struct wlan_crypto_cipher *cipher_table; 2465 struct wlan_objmgr_psoc *psoc; 2466 struct wlan_objmgr_peer *peer; 2467 int i; 2468 enum QDF_OPMODE opmode; 2469 2470 if (!vdev) 2471 return QDF_STATUS_E_NULL_VALUE; 2472 opmode = wlan_vdev_mlme_get_opmode(vdev); 2473 psoc = wlan_vdev_get_psoc(vdev); 2474 2475 if (!psoc) { 2476 qdf_print("%s[%d] psoc NULL\n", __func__, __LINE__); 2477 return QDF_STATUS_E_NULL_VALUE; 2478 } 2479 2480 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, 2481 &crypto_priv); 2482 if (crypto_priv == NULL) { 2483 qdf_print("%s[%d] crypto_priv NULL\n", __func__, __LINE__); 2484 return QDF_STATUS_E_NULL_VALUE; 2485 } 2486 2487 /* push only valid static WEP keys from vap */ 2488 if (AUTH_IS_8021X(crypto_params)) 2489 return QDF_STATUS_E_INVAL; 2490 2491 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) 2492 return QDF_STATUS_E_INVAL; 2493 2494 if (opmode == QDF_STA_MODE) { 2495 peer = wlan_vdev_get_bsspeer(vdev); 2496 if (!(peer && (QDF_STATUS_SUCCESS 2497 == wlan_objmgr_peer_try_get_ref(peer, 2498 WLAN_CRYPTO_ID)))) { 2499 qdf_print("%s[%d] peer %pK ref failed\n", 2500 __func__, __LINE__, peer); 2501 return QDF_STATUS_E_INVAL; 2502 } 2503 } else { 2504 uint8_t bssid_mac[WLAN_ALEN]; 2505 2506 wlan_vdev_obj_lock(vdev); 2507 qdf_mem_copy(bssid_mac, 2508 wlan_vdev_mlme_get_macaddr(vdev), WLAN_ALEN); 2509 wlan_vdev_obj_unlock(vdev); 2510 2511 peer = wlan_objmgr_get_peer_by_mac_n_vdev( 2512 psoc, mac_addr, bssid_mac, WLAN_CRYPTO_ID); 2513 if (!peer) { 2514 qdf_print("%s[%d] peer NULL\n", __func__, __LINE__); 2515 return QDF_STATUS_E_INVAL; 2516 } 2517 } 2518 2519 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv); 2520 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID); 2521 if (sta_crypto_priv == NULL) { 2522 qdf_print("%s[%d] sta priv is null\n", __func__, __LINE__); 2523 return QDF_STATUS_E_INVAL; 2524 } 2525 2526 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) { 2527 if (crypto_priv->key[i]) { 2528 key = crypto_priv->key[i]; 2529 if (!key || !key->valid) 2530 continue; 2531 2532 cipher_table = (struct wlan_crypto_cipher *) 2533 key->cipher_table; 2534 2535 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) { 2536 sta_key = qdf_mem_malloc( 2537 sizeof(struct wlan_crypto_key)); 2538 if (!sta_key) { 2539 qdf_print("%s[%d] key alloc failed\n", 2540 __func__, __LINE__); 2541 return QDF_STATUS_E_NOMEM; 2542 } 2543 sta_crypto_priv->key[i] = sta_key; 2544 qdf_mem_copy(sta_key, key, 2545 sizeof(struct wlan_crypto_key)); 2546 qdf_copy_macaddr((struct qdf_mac_addr *)keymac, 2547 (struct qdf_mac_addr *)mac_addr); 2548 2549 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT; 2550 2551 if (crypto_priv->def_tx_keyid == i) { 2552 sta_key->flags 2553 |= WLAN_CRYPTO_KEY_DEFAULT; 2554 sta_crypto_priv->def_tx_keyid = 2555 crypto_priv->def_tx_keyid; 2556 } 2557 /* setting the broadcast/multicast key for sta*/ 2558 if (opmode == QDF_STA_MODE || 2559 opmode == QDF_IBSS_MODE){ 2560 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2561 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)( 2562 vdev, sta_key, mac_addr, 2563 cipher_table->cipher); 2564 } 2565 } 2566 2567 /* setting unicast key */ 2568 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP; 2569 if (WLAN_CRYPTO_TX_OPS_SETKEY(psoc)) { 2570 WLAN_CRYPTO_TX_OPS_SETKEY(psoc)(vdev, 2571 sta_key, mac_addr, 2572 cipher_table->cipher); 2573 } 2574 } 2575 } 2576 } 2577 2578 return QDF_STATUS_SUCCESS; 2579 } 2580 2581 /** 2582 * wlan_crypto_register_crypto_rx_ops - set crypto_rx_ops 2583 * 2584 * @crypto_rx_ops: crypto_rx_ops 2585 * 2586 * This function gets called by object manger to register crypto rx ops. 2587 * 2588 * Return: QDF_STATUS 2589 */ 2590 QDF_STATUS wlan_crypto_register_crypto_rx_ops( 2591 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops){ 2592 crypto_rx_ops->crypto_encap = wlan_crypto_encap; 2593 crypto_rx_ops->crypto_decap = wlan_crypto_decap; 2594 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic; 2595 crypto_rx_ops->crypto_demic = wlan_crypto_demic; 2596 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys; 2597 2598 return QDF_STATUS_SUCCESS; 2599 } 2600 2601 /** 2602 * wlan_crypto_get_crypto_rx_ops - get crypto_rx_ops from psoc 2603 * 2604 * @psoc: psoc 2605 * 2606 * This function gets called by umac to get the crypto_rx_ops 2607 * 2608 * Return: crypto_rx_ops 2609 */ 2610 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops( 2611 struct wlan_objmgr_psoc *psoc) 2612 { 2613 2614 return &(psoc->soc_cb.rx_ops.crypto_rx_ops); 2615 } 2616 EXPORT_SYMBOL(wlan_crypto_get_crypto_rx_ops); 2617 2618 /** 2619 * wlan_crypto_vdev_has_auth_mode - check authmode for vdev 2620 * 2621 * @vdev: vdev 2622 * @authvalue: authvalue to be checked 2623 * 2624 * This function check is authvalue passed is set in vdev or not 2625 * 2626 * Return: true or false 2627 */ 2628 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev, 2629 wlan_crypto_auth_mode authvalue) 2630 { 2631 return wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE) 2632 & authvalue; 2633 } 2634 2635 /** 2636 * wlan_crypto_peer_has_auth_mode - check authmode for peer 2637 * 2638 * @peer: peer 2639 * @authvalue: authvalue to be checked 2640 * 2641 * This function check is authvalue passed is set in peer or not 2642 * 2643 * Return: true or false 2644 */ 2645 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer, 2646 wlan_crypto_auth_mode authvalue) 2647 { 2648 return wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE) 2649 & authvalue; 2650 } 2651