1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 /* 19 * DOC: contains scan cache filter logic 20 */ 21 22 #include <wlan_scan_utils_api.h> 23 #include "wlan_scan_main.h" 24 #include "wlan_scan_cache_db_i.h" 25 26 /** 27 * scm_is_open_security() - Check if scan entry support open security 28 * @filter: scan filter 29 * @db_entry: db entry 30 * @security: matched security. 31 * 32 * Return: true if open security else false 33 */ 34 static bool scm_is_open_security(struct scan_filter *filter, 35 struct scan_cache_entry *db_entry, 36 struct security_info *security) 37 { 38 bool match = false; 39 int i; 40 41 if (db_entry->cap_info.wlan_caps.privacy) 42 return false; 43 44 /* Check MC cipher and Auth type requested. */ 45 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 46 if (WLAN_ENCRYPT_TYPE_NONE == 47 filter->mc_enc_type[i]) { 48 security->mc_enc = 49 filter->mc_enc_type[i]; 50 match = true; 51 break; 52 } 53 } 54 if (!match && filter->num_of_mc_enc_type) 55 return match; 56 57 match = false; 58 /* Check Auth list. It should contain AuthOpen. */ 59 for (i = 0; i < filter->num_of_auth; i++) { 60 if ((WLAN_AUTH_TYPE_OPEN_SYSTEM == 61 filter->auth_type[i]) || 62 (WLAN_AUTH_TYPE_AUTOSWITCH == 63 filter->auth_type[i])) { 64 security->auth_type = 65 WLAN_AUTH_TYPE_OPEN_SYSTEM; 66 match = true; 67 break; 68 } 69 } 70 71 return match; 72 } 73 74 /** 75 * scm_is_cipher_match() - Check if cipher match the cipher list 76 * @cipher_list: cipher list to match 77 * @num_cipher: number of cipher in cipher list 78 * @cipher_to_match: cipher to found in cipher list 79 * 80 * Return: true if open security else false 81 */ 82 static bool scm_is_cipher_match( 83 uint32_t *cipher_list, 84 uint16_t num_cipher, uint32_t cipher_to_match) 85 { 86 int i; 87 bool match = false; 88 89 for (i = 0; i < num_cipher ; i++) { 90 match = (cipher_list[i] == cipher_to_match); 91 if (match) 92 break; 93 } 94 95 return match; 96 } 97 98 /** 99 * scm_get_cipher_suite_type() - get cypher suite type from enc type 100 * @enc: enc type 101 * 102 * Return: cypher suite type 103 */ 104 static uint8_t scm_get_cipher_suite_type(enum wlan_enc_type enc) 105 { 106 uint8_t cipher_type; 107 108 switch (enc) { 109 case WLAN_ENCRYPT_TYPE_WEP40: 110 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 111 cipher_type = WLAN_CSE_WEP40; 112 break; 113 case WLAN_ENCRYPT_TYPE_WEP104: 114 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 115 cipher_type = WLAN_CSE_WEP104; 116 break; 117 case WLAN_ENCRYPT_TYPE_TKIP: 118 cipher_type = WLAN_CSE_TKIP; 119 break; 120 case WLAN_ENCRYPT_TYPE_AES: 121 cipher_type = WLAN_CSE_CCMP; 122 break; 123 case WLAN_ENCRYPT_TYPE_AES_GCMP: 124 cipher_type = WLAN_CSE_GCMP_128; 125 break; 126 case WLAN_ENCRYPT_TYPE_AES_GCMP_256: 127 cipher_type = WLAN_CSE_GCMP_256; 128 break; 129 case WLAN_ENCRYPT_TYPE_NONE: 130 cipher_type = WLAN_CSE_NONE; 131 break; 132 case WLAN_ENCRYPT_TYPE_WPI: 133 cipher_type = WLAN_WAI_CERT_OR_SMS4; 134 break; 135 default: 136 cipher_type = WLAN_CSE_RESERVED; 137 break; 138 } 139 140 return cipher_type; 141 } 142 143 /** 144 * scm_is_wep_security() - Check if scan entry support WEP security 145 * @filter: scan filter 146 * @db_entry: db entry 147 * @security: matched security. 148 * 149 * Return: true if WEP security else false 150 */ 151 static bool scm_is_wep_security(struct scan_filter *filter, 152 struct scan_cache_entry *db_entry, 153 struct security_info *security) 154 { 155 int i; 156 QDF_STATUS status; 157 bool match = false; 158 enum wlan_auth_type neg_auth = WLAN_AUTH_TYPE_OPEN_SYSTEM; 159 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 160 161 if (!security) 162 return false; 163 164 /* If privacy bit is not set, consider no match */ 165 if (!db_entry->cap_info.wlan_caps.privacy) 166 return false; 167 168 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 169 switch (filter->mc_enc_type[i]) { 170 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 171 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 172 case WLAN_ENCRYPT_TYPE_WEP40: 173 case WLAN_ENCRYPT_TYPE_WEP104: 174 /* 175 * Multicast list may contain WEP40/WEP104. 176 * Check whether it matches UC. 177 */ 178 if (security->uc_enc == 179 filter->mc_enc_type[i]) { 180 match = true; 181 neg_mccipher = 182 filter->mc_enc_type[i]; 183 } 184 break; 185 default: 186 match = false; 187 break; 188 } 189 if (match) 190 break; 191 } 192 193 if (!match) 194 return match; 195 196 for (i = 0; i < filter->num_of_auth; i++) { 197 switch (filter->auth_type[i]) { 198 case WLAN_AUTH_TYPE_OPEN_SYSTEM: 199 case WLAN_AUTH_TYPE_SHARED_KEY: 200 case WLAN_AUTH_TYPE_AUTOSWITCH: 201 match = true; 202 neg_auth = filter->auth_type[i]; 203 break; 204 default: 205 match = false; 206 } 207 if (match) 208 break; 209 } 210 211 if (!match) 212 return match; 213 214 /* 215 * In case of WPA / WPA2, check whether it supports WEP as well. 216 * Prepare the encryption type for WPA/WPA2 functions 217 */ 218 if (security->uc_enc == WLAN_ENCRYPT_TYPE_WEP40_STATICKEY) 219 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40; 220 else if (security->uc_enc == WLAN_ENCRYPT_TYPE_WEP104) 221 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104; 222 223 /* else we can use the encryption type directly */ 224 if (util_scan_entry_wpa(db_entry)) { 225 struct wlan_wpa_ie wpa = {0}; 226 uint8_t cipher_type; 227 228 cipher_type = 229 scm_get_cipher_suite_type(security->uc_enc); 230 status = wlan_parse_wpa_ie(util_scan_entry_wpa(db_entry), &wpa); 231 if (QDF_IS_STATUS_ERROR(status)) { 232 scm_err("failed to parse WPA IE, status %d", status); 233 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 234 util_scan_entry_wpa(db_entry), 235 util_scan_get_wpa_len(db_entry)); 236 return false; 237 } 238 239 match = scm_is_cipher_match(&wpa.mc_cipher, 240 1, WLAN_WPA_SEL(cipher_type)); 241 } 242 if (!match && util_scan_entry_rsn(db_entry)) { 243 struct wlan_rsn_ie rsn = {0}; 244 uint8_t cipher_type; 245 246 cipher_type = 247 scm_get_cipher_suite_type(security->uc_enc); 248 status = wlan_parse_rsn_ie(util_scan_entry_rsn(db_entry), &rsn); 249 if (QDF_IS_STATUS_ERROR(status)) { 250 scm_err("failed to parse RSN IE, status %d", status); 251 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 252 util_scan_entry_rsn(db_entry), 253 util_scan_get_rsn_len(db_entry)); 254 return false; 255 } 256 match = scm_is_cipher_match(&rsn.gp_cipher_suite, 257 1, WLAN_RSN_SEL(cipher_type)); 258 } 259 260 261 if (match) { 262 security->auth_type = neg_auth; 263 security->mc_enc = neg_mccipher; 264 } 265 266 return match; 267 } 268 269 /** 270 * scm_check_pmf_match() - Check PMF security of entry match filter 271 * @filter: scan filter 272 * @rsn: rsn IE of the scan entry 273 * 274 * Return: true if PMF security match else false 275 */ 276 static bool 277 scm_check_pmf_match(struct scan_filter *filter, 278 struct wlan_rsn_ie *rsn) 279 { 280 enum wlan_pmf_cap ap_pmf_cap = WLAN_PMF_DISABLED; 281 282 if (rsn->cap & RSN_CAP_MFP_CAPABLE) 283 ap_pmf_cap = WLAN_PMF_CAPABLE; 284 if (rsn->cap & RSN_CAP_MFP_REQUIRED) 285 ap_pmf_cap = WLAN_PMF_REQUIRED; 286 287 if ((filter->pmf_cap == WLAN_PMF_REQUIRED) && 288 (ap_pmf_cap == WLAN_PMF_DISABLED)) 289 return false; 290 else if ((filter->pmf_cap == WLAN_PMF_DISABLED) && 291 (ap_pmf_cap == WLAN_PMF_REQUIRED)) 292 return false; 293 294 return true; 295 } 296 297 /** 298 * scm_is_rsn_mcast_cipher_match() - match the rsn mcast cipher type with AP's 299 * mcast cipher 300 * @rsn: AP's RSNE 301 * @filter: scan filter 302 * @neg_mccipher: negotiated mc cipher if matched. 303 * 304 * Return: true if mc cipher is negotiated 305 */ 306 static bool 307 scm_is_rsn_mcast_cipher_match(struct wlan_rsn_ie *rsn, 308 struct scan_filter *filter, enum wlan_enc_type *neg_mccipher) 309 { 310 int i; 311 bool match; 312 uint8_t cipher_type; 313 314 if (!rsn || !neg_mccipher || !filter) 315 return false; 316 317 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 318 319 if (filter->mc_enc_type[i] == WLAN_ENCRYPT_TYPE_ANY) { 320 /* Try the more secured ones first. */ 321 /* Check GCMP_256 first */ 322 cipher_type = WLAN_CSE_GCMP_256; 323 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 324 WLAN_RSN_SEL(cipher_type)); 325 if (match) { 326 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES_GCMP_256; 327 return true; 328 } 329 /* Check GCMP */ 330 cipher_type = WLAN_CSE_GCMP_128; 331 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 332 WLAN_RSN_SEL(cipher_type)); 333 if (match) { 334 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES_GCMP; 335 return true; 336 } 337 /* Check AES */ 338 cipher_type = WLAN_CSE_CCMP; 339 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 340 WLAN_RSN_SEL(cipher_type)); 341 if (match) { 342 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES; 343 return true; 344 } 345 /* Check TKIP */ 346 cipher_type = WLAN_CSE_TKIP; 347 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 348 WLAN_RSN_SEL(cipher_type)); 349 if (match) { 350 *neg_mccipher = WLAN_ENCRYPT_TYPE_TKIP; 351 return true; 352 } 353 } else { 354 cipher_type = 355 scm_get_cipher_suite_type(filter->mc_enc_type[i]); 356 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 357 WLAN_RSN_SEL(cipher_type)); 358 if (match) { 359 *neg_mccipher = filter->mc_enc_type[i]; 360 return true; 361 } 362 } 363 } 364 365 return false; 366 } 367 368 /** 369 * scm_is_rsn_security() - Check if scan entry support RSN security 370 * @filter: scan filter 371 * @db_entry: db entry 372 * @security: matched security. 373 * 374 * Return: true if RSN security else false 375 */ 376 static bool scm_is_rsn_security(struct scan_filter *filter, 377 struct scan_cache_entry *db_entry, 378 struct security_info *security) 379 { 380 int i; 381 uint8_t cipher_type; 382 bool match_any_akm, match = false; 383 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 384 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 385 struct wlan_rsn_ie rsn = {0}; 386 QDF_STATUS status; 387 388 if (!security) 389 return false; 390 if (!util_scan_entry_rsn(db_entry)) 391 return false; 392 status = wlan_parse_rsn_ie(util_scan_entry_rsn(db_entry), &rsn); 393 if (QDF_IS_STATUS_ERROR(status)) { 394 scm_err("failed to parse RSN IE, status %d", status); 395 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 396 util_scan_entry_rsn(db_entry), 397 util_scan_get_rsn_len(db_entry)); 398 return false; 399 } 400 401 cipher_type = 402 scm_get_cipher_suite_type(security->uc_enc); 403 match = scm_is_cipher_match(rsn.pwise_cipher_suites, 404 rsn.pwise_cipher_count, WLAN_RSN_SEL(cipher_type)); 405 if (!match) 406 return false; 407 408 match = scm_is_rsn_mcast_cipher_match(&rsn, filter, &neg_mccipher); 409 if (!match) 410 return false; 411 412 /* Initializing with false as it has true value already */ 413 match = false; 414 for (i = 0; i < filter->num_of_auth; i++) { 415 416 if (filter->auth_type[i] == WLAN_AUTH_TYPE_ANY) 417 match_any_akm = true; 418 else 419 match_any_akm = false; 420 /* 421 * Ciphers are supported, Match authentication algorithm and 422 * pick first matching authtype. 423 */ 424 if (scm_is_cipher_match(rsn.akm_suites, 425 rsn.akm_suite_count, 426 WLAN_RSN_SEL(WLAN_AKM_FILS_FT_SHA384))) { 427 if (match_any_akm || (WLAN_AUTH_TYPE_FT_FILS_SHA384 == 428 filter->auth_type[i])) { 429 neg_auth = WLAN_AUTH_TYPE_FT_FILS_SHA384; 430 match = true; 431 break; 432 } 433 } 434 if (scm_is_cipher_match(rsn.akm_suites, 435 rsn.akm_suite_count, 436 WLAN_RSN_SEL(WLAN_AKM_FILS_FT_SHA256))) { 437 if (match_any_akm || (WLAN_AUTH_TYPE_FT_FILS_SHA256 == 438 filter->auth_type[i])) { 439 neg_auth = WLAN_AUTH_TYPE_FT_FILS_SHA256; 440 match = true; 441 break; 442 } 443 } 444 if (scm_is_cipher_match(rsn.akm_suites, 445 rsn.akm_suite_count, 446 WLAN_RSN_SEL(WLAN_AKM_FILS_SHA384))) { 447 if (match_any_akm || (WLAN_AUTH_TYPE_FILS_SHA384 == 448 filter->auth_type[i])) { 449 neg_auth = WLAN_AUTH_TYPE_FILS_SHA384; 450 match = true; 451 break; 452 } 453 } 454 if (scm_is_cipher_match(rsn.akm_suites, 455 rsn.akm_suite_count, 456 WLAN_RSN_SEL(WLAN_AKM_FILS_SHA256))) { 457 if (match_any_akm || (WLAN_AUTH_TYPE_FILS_SHA256 == 458 filter->auth_type[i])) { 459 neg_auth = WLAN_AUTH_TYPE_FILS_SHA256; 460 match = true; 461 break; 462 } 463 } 464 465 if (scm_is_cipher_match(rsn.akm_suites, 466 rsn.akm_suite_count, 467 WLAN_RSN_SEL(WLAN_AKM_SAE))) { 468 if (match_any_akm || (WLAN_AUTH_TYPE_SAE == 469 filter->auth_type[i])) { 470 neg_auth = WLAN_AUTH_TYPE_SAE; 471 match = true; 472 break; 473 } 474 } 475 476 if (scm_is_cipher_match(rsn.akm_suites, 477 rsn.akm_suite_count, WLAN_RSN_DPP_AKM)) { 478 if (match_any_akm || (WLAN_AUTH_TYPE_DPP_RSN == 479 filter->auth_type[i])) { 480 neg_auth = WLAN_AUTH_TYPE_DPP_RSN; 481 match = true; 482 break; 483 } 484 } 485 if (scm_is_cipher_match(rsn.akm_suites, 486 rsn.akm_suite_count, 487 WLAN_RSN_SEL(WLAN_AKM_OWE))) { 488 if (match_any_akm || (WLAN_AUTH_TYPE_OWE == 489 filter->auth_type[i])) { 490 neg_auth = WLAN_AUTH_TYPE_OWE; 491 match = true; 492 break; 493 } 494 } 495 if (scm_is_cipher_match(rsn.akm_suites, 496 rsn.akm_suite_count, 497 WLAN_RSN_SEL(WLAN_AKM_FT_IEEE8021X))) { 498 if (match_any_akm || (WLAN_AUTH_TYPE_FT_RSN == 499 filter->auth_type[i])) { 500 neg_auth = WLAN_AUTH_TYPE_FT_RSN; 501 match = true; 502 break; 503 } 504 } 505 506 if (scm_is_cipher_match(rsn.akm_suites, 507 rsn.akm_suite_count, 508 WLAN_RSN_SEL(WLAN_AKM_FT_PSK))) { 509 if (match_any_akm || (WLAN_AUTH_TYPE_FT_RSN_PSK == 510 filter->auth_type[i])) { 511 neg_auth = WLAN_AUTH_TYPE_FT_RSN_PSK; 512 match = true; 513 break; 514 } 515 } 516 /* ESE only supports 802.1X. No PSK. */ 517 if (scm_is_cipher_match(rsn.akm_suites, 518 rsn.akm_suite_count, 519 WLAN_RSN_CCKM_AKM)) { 520 if (match_any_akm || (WLAN_AUTH_TYPE_CCKM_RSN == 521 filter->auth_type[i])) { 522 neg_auth = WLAN_AUTH_TYPE_CCKM_RSN; 523 match = true; 524 break; 525 } 526 } 527 /* RSN */ 528 if (scm_is_cipher_match(rsn.akm_suites, 529 rsn.akm_suite_count, 530 WLAN_RSN_SEL(WLAN_AKM_IEEE8021X))) { 531 if (match_any_akm || (WLAN_AUTH_TYPE_RSN == 532 filter->auth_type[i])) { 533 neg_auth = WLAN_AUTH_TYPE_RSN; 534 match = true; 535 break; 536 } 537 } 538 /* TKIP */ 539 if (scm_is_cipher_match(rsn.akm_suites, 540 rsn.akm_suite_count, 541 WLAN_RSN_SEL(WLAN_AKM_PSK))) { 542 if (match_any_akm || (WLAN_AUTH_TYPE_RSN_PSK == 543 filter->auth_type[i])) { 544 neg_auth = WLAN_AUTH_TYPE_RSN_PSK; 545 match = true; 546 break; 547 } 548 } 549 /* SHA256 */ 550 if (scm_is_cipher_match(rsn.akm_suites, 551 rsn.akm_suite_count, 552 WLAN_RSN_SEL(WLAN_AKM_SHA256_PSK))) { 553 if (match_any_akm || (WLAN_AUTH_TYPE_RSN_PSK_SHA256 == 554 filter->auth_type[i])) { 555 neg_auth = 556 WLAN_AUTH_TYPE_RSN_PSK_SHA256; 557 match = true; 558 break; 559 } 560 } 561 /* 8021X SHA256 */ 562 if (scm_is_cipher_match(rsn.akm_suites, 563 rsn.akm_suite_count, 564 WLAN_RSN_SEL(WLAN_AKM_SHA256_IEEE8021X))) { 565 if (match_any_akm || (WLAN_AUTH_TYPE_RSN_8021X_SHA256 == 566 filter->auth_type[i])) { 567 neg_auth = 568 WLAN_AUTH_TYPE_RSN_8021X_SHA256; 569 match = true; 570 break; 571 } 572 } 573 if (scm_is_cipher_match(rsn.akm_suites, 574 rsn.akm_suite_count, 575 WLAN_RSN_SEL(WLAN_AKM_SUITEB_EAP_SHA256))) { 576 if (match_any_akm || 577 (WLAN_AUTH_TYPE_SUITEB_EAP_SHA256 == 578 filter->auth_type[i])) { 579 neg_auth = WLAN_AUTH_TYPE_SUITEB_EAP_SHA256; 580 match = true; 581 break; 582 } 583 } 584 if (scm_is_cipher_match(rsn.akm_suites, 585 rsn.akm_suite_count, 586 WLAN_RSN_SEL(WLAN_AKM_SUITEB_EAP_SHA384))) { 587 if (match_any_akm || 588 (WLAN_AUTH_TYPE_SUITEB_EAP_SHA384 == 589 filter->auth_type[i])) { 590 neg_auth = WLAN_AUTH_TYPE_SUITEB_EAP_SHA384; 591 match = true; 592 break; 593 } 594 } 595 } 596 597 if (!match) 598 return false; 599 600 if (!filter->ignore_pmf_cap) 601 match = scm_check_pmf_match(filter, &rsn); 602 603 if (match) { 604 security->auth_type = neg_auth; 605 security->mc_enc = neg_mccipher; 606 } 607 608 return match; 609 } 610 611 /** 612 * scm_is_wpa_mcast_cipher_match() - match the wpa mcast cipher type with AP's 613 * mcast cipher 614 * @wpa: AP's WPA IE 615 * @filter: scan filter 616 * @neg_mccipher: negotiated mc cipher if matched. 617 * 618 * Return: true if mc cipher is negotiated 619 */ 620 static bool 621 scm_is_wpa_mcast_cipher_match(struct wlan_wpa_ie *wpa, 622 struct scan_filter *filter, enum wlan_enc_type *neg_mccipher) 623 { 624 int i; 625 bool match; 626 uint8_t cipher_type; 627 628 if (!wpa || !neg_mccipher || !filter) 629 return false; 630 631 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 632 633 if (filter->mc_enc_type[i] == WLAN_ENCRYPT_TYPE_ANY) { 634 /* Try the more secured ones first. */ 635 636 /* Check AES */ 637 cipher_type = WLAN_CSE_CCMP; 638 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 639 WLAN_WPA_SEL(cipher_type)); 640 if (match) { 641 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES; 642 return true; 643 } 644 /* Check TKIP */ 645 cipher_type = WLAN_CSE_TKIP; 646 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 647 WLAN_WPA_SEL(cipher_type)); 648 if (match) { 649 *neg_mccipher = WLAN_ENCRYPT_TYPE_TKIP; 650 return true; 651 } 652 } else { 653 cipher_type = 654 scm_get_cipher_suite_type(filter->mc_enc_type[i]); 655 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 656 WLAN_WPA_SEL(cipher_type)); 657 if (match) { 658 *neg_mccipher = filter->mc_enc_type[i]; 659 return true; 660 } 661 } 662 } 663 664 return false; 665 } 666 667 /** 668 * scm_is_wpa_security() - Check if scan entry support WPA security 669 * @filter: scan filter 670 * @db_entry: db entry 671 * @security: matched security. 672 * 673 * Return: true if WPA security else false 674 */ 675 static bool scm_is_wpa_security(struct scan_filter *filter, 676 struct scan_cache_entry *db_entry, 677 struct security_info *security) 678 { 679 int i; 680 QDF_STATUS status; 681 uint8_t cipher_type; 682 bool match_any_akm, match = false; 683 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 684 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 685 struct wlan_wpa_ie wpa = {0}; 686 687 if (!security) 688 return false; 689 if (!util_scan_entry_wpa(db_entry)) 690 return false; 691 692 status = wlan_parse_wpa_ie(util_scan_entry_wpa(db_entry), &wpa); 693 if (QDF_IS_STATUS_ERROR(status)) { 694 scm_err("failed to parse WPA IE, status %d", status); 695 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 696 util_scan_entry_wpa(db_entry), 697 util_scan_get_wpa_len(db_entry)); 698 return false; 699 } 700 701 cipher_type = 702 scm_get_cipher_suite_type(security->uc_enc); 703 match = scm_is_cipher_match(wpa.uc_ciphers, 704 wpa.uc_cipher_count, WLAN_WPA_SEL(cipher_type)); 705 if (!match) 706 return false; 707 708 match = scm_is_wpa_mcast_cipher_match(&wpa, filter, &neg_mccipher); 709 if (!match) 710 return false; 711 712 /* Initializing with false as it has true value already */ 713 match = false; 714 for (i = 0; i < filter->num_of_auth; i++) { 715 716 if (filter->auth_type[i] == WLAN_AUTH_TYPE_ANY) 717 match_any_akm = true; 718 else 719 match_any_akm = false; 720 /* 721 * Ciphers are supported, Match authentication algorithm and 722 * pick first matching authtype. 723 */ 724 /**/ 725 if (scm_is_cipher_match(wpa.auth_suites, 726 wpa.auth_suite_count, 727 WLAN_WPA_SEL(WLAN_AKM_IEEE8021X))) { 728 if (match_any_akm || (WLAN_AUTH_TYPE_WPA == 729 filter->auth_type[i])) { 730 neg_auth = WLAN_AUTH_TYPE_WPA; 731 match = true; 732 break; 733 } 734 } 735 if (scm_is_cipher_match(wpa.auth_suites, 736 wpa.auth_suite_count, 737 WLAN_WPA_SEL(WLAN_AKM_PSK))) { 738 if (match_any_akm || (WLAN_AUTH_TYPE_WPA_PSK == 739 filter->auth_type[i])) { 740 neg_auth = WLAN_AUTH_TYPE_WPA_PSK; 741 match = true; 742 break; 743 } 744 } 745 if (scm_is_cipher_match(wpa.auth_suites, 746 wpa.auth_suite_count, 747 WLAN_WPA_CCKM_AKM)) { 748 if (match_any_akm || (WLAN_AUTH_TYPE_CCKM_WPA == 749 filter->auth_type[i])) { 750 neg_auth = WLAN_AUTH_TYPE_CCKM_WPA; 751 match = true; 752 break; 753 } 754 } 755 } 756 757 if (match) { 758 security->auth_type = neg_auth; 759 security->mc_enc = neg_mccipher; 760 } 761 762 return match; 763 } 764 765 /** 766 * scm_is_wapi_security() - Check if scan entry support WAPI security 767 * @filter: scan filter 768 * @db_entry: db entry 769 * @security: matched security. 770 * 771 * Return: true if WAPI security else false 772 */ 773 static bool scm_is_wapi_security(struct scan_filter *filter, 774 struct scan_cache_entry *db_entry, 775 struct security_info *security) 776 { 777 int i; 778 uint8_t cipher_type; 779 bool match = false; 780 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 781 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 782 struct wlan_wapi_ie wapi = {0}; 783 784 if (!security) 785 return false; 786 if (!util_scan_entry_wapi(db_entry)) 787 return false; 788 789 wlan_parse_wapi_ie( 790 util_scan_entry_wapi(db_entry), &wapi); 791 792 cipher_type = 793 scm_get_cipher_suite_type(security->uc_enc); 794 match = scm_is_cipher_match(wapi.uc_cipher_suites, 795 wapi.uc_cipher_count, WLAN_WAPI_SEL(cipher_type)); 796 if (!match) 797 return false; 798 799 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 800 cipher_type = 801 scm_get_cipher_suite_type( 802 filter->mc_enc_type[i]); 803 match = scm_is_cipher_match(&wapi.mc_cipher_suite, 804 1, WLAN_WAPI_SEL(cipher_type)); 805 if (match) 806 break; 807 } 808 if (!match) 809 return false; 810 neg_mccipher = filter->mc_enc_type[i]; 811 812 if (scm_is_cipher_match(wapi.akm_suites, 813 wapi.akm_suite_count, 814 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4))) 815 neg_auth = 816 WLAN_AUTH_TYPE_WAPI_WAI_CERTIFICATE; 817 else if (scm_is_cipher_match(wapi.akm_suites, 818 wapi.akm_suite_count, WLAN_WAPI_SEL(WLAN_WAI_PSK))) 819 neg_auth = WLAN_AUTH_TYPE_WAPI_WAI_PSK; 820 else 821 return false; 822 823 match = false; 824 for (i = 0; i < filter->num_of_auth; i++) { 825 if (filter->auth_type[i] == neg_auth) { 826 match = true; 827 break; 828 } 829 } 830 831 if (match) { 832 security->auth_type = neg_auth; 833 security->mc_enc = neg_mccipher; 834 } 835 836 return match; 837 } 838 839 /** 840 * scm_is_def_security() - Check if any security in filter match 841 * @filter: scan filter 842 * @db_entry: db entry 843 * @security: matched security. 844 * 845 * Return: true if any security else false 846 */ 847 static bool scm_is_def_security(struct scan_filter *filter, 848 struct scan_cache_entry *db_entry, 849 struct security_info *security) 850 { 851 852 /* It is allowed to match anything. Try the more secured ones first. */ 853 /* Check GCMP_256 first */ 854 security->uc_enc = WLAN_ENCRYPT_TYPE_AES_GCMP_256; 855 if (scm_is_rsn_security(filter, db_entry, security)) 856 return true; 857 858 /* Check GCMP */ 859 security->uc_enc = WLAN_ENCRYPT_TYPE_AES_GCMP; 860 if (scm_is_rsn_security(filter, db_entry, security)) 861 return true; 862 863 /* Check AES */ 864 security->uc_enc = WLAN_ENCRYPT_TYPE_AES; 865 if (scm_is_rsn_security(filter, db_entry, security)) 866 return true; 867 if (scm_is_wpa_security(filter, db_entry, security)) 868 return true; 869 870 /* Check TKIP */ 871 security->uc_enc = WLAN_ENCRYPT_TYPE_TKIP; 872 if (scm_is_rsn_security(filter, db_entry, security)) 873 return true; 874 if (scm_is_wpa_security(filter, db_entry, security)) 875 return true; 876 877 /* Check AES */ 878 security->uc_enc = WLAN_ENCRYPT_TYPE_AES; 879 if (scm_is_wpa_security(filter, db_entry, security)) 880 return true; 881 882 /* Check TKIP */ 883 security->uc_enc = WLAN_ENCRYPT_TYPE_TKIP; 884 if (scm_is_wpa_security(filter, db_entry, security)) 885 return true; 886 887 /* Check WAPI */ 888 security->uc_enc = WLAN_ENCRYPT_TYPE_WPI; 889 if (scm_is_wapi_security(filter, db_entry, security)) 890 return true; 891 892 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104; 893 if (scm_is_wep_security(filter, db_entry, security)) 894 return true; 895 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40; 896 if (scm_is_wep_security(filter, db_entry, security)) 897 return true; 898 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104_STATICKEY; 899 if (scm_is_wep_security(filter, db_entry, security)) 900 return true; 901 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40_STATICKEY; 902 if (scm_is_wep_security(filter, db_entry, security)) 903 return true; 904 905 /* It must be open and no enc */ 906 if (db_entry->cap_info.wlan_caps.privacy) 907 return false; 908 909 security->auth_type = WLAN_AUTH_TYPE_OPEN_SYSTEM; 910 security->mc_enc = WLAN_ENCRYPT_TYPE_NONE; 911 security->uc_enc = WLAN_ENCRYPT_TYPE_NONE; 912 913 return true; 914 } 915 916 /** 917 * scm_is_fils_config_match() - Check if FILS config matches 918 * @filter: scan filter 919 * @db_entry: db entry 920 * 921 * Return: true if FILS config matches else false 922 */ 923 static bool scm_is_fils_config_match(struct scan_filter *filter, 924 struct scan_cache_entry *db_entry) 925 { 926 int i; 927 struct fils_indication_ie *indication_ie; 928 uint8_t *data; 929 930 if (!filter->fils_scan_filter.realm_check) 931 return true; 932 933 if (!db_entry->ie_list.fils_indication) 934 return false; 935 936 937 indication_ie = 938 (struct fils_indication_ie *) db_entry->ie_list.fils_indication; 939 940 data = indication_ie->variable_data; 941 if (indication_ie->is_cache_id_present) 942 data += CACHE_IDENTIFIER_LEN; 943 944 if (indication_ie->is_hessid_present) 945 data += HESSID_LEN; 946 947 for (i = 1; i <= indication_ie->realm_identifiers_cnt; i++) { 948 if (!qdf_mem_cmp(filter->fils_scan_filter.fils_realm, 949 data, REAM_HASH_LEN)) 950 return true; 951 /* Max realm count reached */ 952 if (indication_ie->realm_identifiers_cnt == i) 953 break; 954 else 955 data = data + REAM_HASH_LEN; 956 } 957 958 return false; 959 } 960 961 /** 962 * scm_is_security_match() - Check if security in filter match 963 * @filter: scan filter 964 * @db_entry: db entry 965 * @security: matched security. 966 * 967 * Return: true if security match else false 968 */ 969 static bool scm_is_security_match(struct scan_filter *filter, 970 struct scan_cache_entry *db_entry, 971 struct security_info *security) 972 { 973 int i; 974 bool match = false; 975 struct security_info local_security = {0}; 976 977 if (!filter->num_of_enc_type) 978 return true; 979 980 for (i = 0; (i < filter->num_of_enc_type) && 981 !match; i++) { 982 983 local_security.uc_enc = 984 filter->enc_type[i]; 985 986 switch (filter->enc_type[i]) { 987 case WLAN_ENCRYPT_TYPE_NONE: 988 match = scm_is_open_security(filter, 989 db_entry, &local_security); 990 break; 991 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 992 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 993 case WLAN_ENCRYPT_TYPE_WEP40: 994 case WLAN_ENCRYPT_TYPE_WEP104: 995 match = scm_is_wep_security(filter, 996 db_entry, &local_security); 997 break; 998 case WLAN_ENCRYPT_TYPE_TKIP: 999 case WLAN_ENCRYPT_TYPE_AES: 1000 case WLAN_ENCRYPT_TYPE_AES_GCMP: 1001 case WLAN_ENCRYPT_TYPE_AES_GCMP_256: 1002 /* First check if there is a RSN match */ 1003 match = scm_is_rsn_security(filter, 1004 db_entry, &local_security); 1005 /* If not RSN, then check WPA match */ 1006 if (!match) 1007 match = scm_is_wpa_security(filter, 1008 db_entry, &local_security); 1009 break; 1010 case WLAN_ENCRYPT_TYPE_WPI:/* WAPI */ 1011 match = scm_is_wapi_security(filter, 1012 db_entry, &local_security); 1013 break; 1014 case WLAN_ENCRYPT_TYPE_ANY: 1015 default: 1016 match = scm_is_def_security(filter, 1017 db_entry, &local_security); 1018 break; 1019 } 1020 } 1021 1022 if (match && security) 1023 qdf_mem_copy(security, 1024 &local_security, sizeof(*security)); 1025 1026 return match; 1027 } 1028 1029 bool scm_filter_match(struct wlan_objmgr_psoc *psoc, 1030 struct scan_cache_entry *db_entry, 1031 struct scan_filter *filter, 1032 struct security_info *security) 1033 { 1034 int i; 1035 bool match = false; 1036 struct roam_filter_params *roam_params; 1037 struct scan_default_params *def_param; 1038 struct wlan_country_ie *cc_ie; 1039 1040 def_param = wlan_scan_psoc_get_def_params(psoc); 1041 if (!def_param) 1042 return false; 1043 1044 roam_params = &def_param->roam_params; 1045 1046 if (filter->p2p_results && !db_entry->is_p2p) 1047 return false; 1048 1049 for (i = 0; i < roam_params->num_bssid_avoid_list; i++) 1050 if (qdf_is_macaddr_equal(&roam_params->bssid_avoid_list[i], 1051 &db_entry->bssid)) 1052 return false; 1053 1054 match = false; 1055 if (db_entry->ssid.length) { 1056 for (i = 0; i < filter->num_of_ssid; i++) { 1057 if (util_is_ssid_match(&filter->ssid_list[i], 1058 &db_entry->ssid)) { 1059 match = true; 1060 break; 1061 } 1062 } 1063 } 1064 /* 1065 * In OWE transition mode, ssid is hidden. And supplicant does not issue 1066 * scan with specific ssid prior to connect as in other hidden ssid 1067 * cases. Add explicit check to allow OWE when ssid is hidden. 1068 */ 1069 if (!match && util_scan_entry_is_hidden_ap(db_entry)) { 1070 for (i = 0; i < filter->num_of_auth; i++) { 1071 if (filter->auth_type[i] == WLAN_AUTH_TYPE_OWE) { 1072 match = true; 1073 break; 1074 } 1075 } 1076 } 1077 if (!match && filter->num_of_ssid) 1078 return false; 1079 1080 match = false; 1081 /* TO do Fill p2p MAC*/ 1082 for (i = 0; i < filter->num_of_bssid; i++) { 1083 if (util_is_bssid_match(&filter->bssid_list[i], 1084 &db_entry->bssid)) { 1085 match = true; 1086 break; 1087 } 1088 /* TODO match p2p mac */ 1089 } 1090 if (!match && filter->num_of_bssid) 1091 return false; 1092 1093 match = false; 1094 for (i = 0; i < filter->num_of_channels; i++) { 1095 if (!filter->channel_list[i] || ( 1096 (filter->channel_list[i] == 1097 db_entry->channel.chan_idx))) { 1098 match = true; 1099 break; 1100 } 1101 } 1102 1103 if (!match && filter->num_of_channels) 1104 return false; 1105 1106 if (filter->rrm_measurement_filter) 1107 return true; 1108 1109 /* TODO match phyMode */ 1110 1111 if (!filter->ignore_auth_enc_type && 1112 !scm_is_security_match(filter, 1113 db_entry, security)) 1114 return false; 1115 1116 if (!util_is_bss_type_match(filter->bss_type, 1117 db_entry->cap_info)) 1118 return false; 1119 1120 /* TODO match rate set */ 1121 1122 if (filter->only_wmm_ap && 1123 !db_entry->ie_list.wmeinfo && 1124 !db_entry->ie_list.wmeparam) 1125 return false; 1126 1127 /* Match realm */ 1128 if (!scm_is_fils_config_match(filter, db_entry)) 1129 return false; 1130 1131 cc_ie = util_scan_entry_country(db_entry); 1132 if (!util_country_code_match(filter->country, cc_ie)) 1133 return false; 1134 1135 if (!util_mdie_match(filter->mobility_domain, 1136 (struct rsn_mdie *)db_entry->ie_list.mdie)) 1137 return false; 1138 1139 return true; 1140 } 1141