1 /* 2 * Copyright (c) 2017-2019 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 /* 19 * DOC: contains scan cache filter logic 20 */ 21 22 #include <wlan_scan_utils_api.h> 23 #include "wlan_scan_main.h" 24 #include "wlan_scan_cache_db_i.h" 25 26 /** 27 * scm_is_open_security() - Check if scan entry support open security 28 * @filter: scan filter 29 * @db_entry: db entry 30 * @security: matched security. 31 * 32 * Return: true if open security else false 33 */ 34 static bool scm_is_open_security(struct scan_filter *filter, 35 struct scan_cache_entry *db_entry, 36 struct security_info *security) 37 { 38 bool match = false; 39 int i; 40 41 if (db_entry->cap_info.wlan_caps.privacy) 42 return false; 43 44 /* Check MC cipher and Auth type requested. */ 45 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 46 if (WLAN_ENCRYPT_TYPE_NONE == 47 filter->mc_enc_type[i]) { 48 security->mc_enc = 49 filter->mc_enc_type[i]; 50 match = true; 51 break; 52 } 53 } 54 if (!match && filter->num_of_mc_enc_type) 55 return match; 56 57 match = false; 58 /* Check Auth list. It should contain AuthOpen. */ 59 for (i = 0; i < filter->num_of_auth; i++) { 60 if ((WLAN_AUTH_TYPE_OPEN_SYSTEM == 61 filter->auth_type[i]) || 62 (WLAN_AUTH_TYPE_AUTOSWITCH == 63 filter->auth_type[i])) { 64 security->auth_type = 65 WLAN_AUTH_TYPE_OPEN_SYSTEM; 66 match = true; 67 break; 68 } 69 } 70 71 return match; 72 } 73 74 /** 75 * scm_is_cipher_match() - Check if cipher match the cipher list 76 * @cipher_list: cipher list to match 77 * @num_cipher: number of cipher in cipher list 78 * @cipher_to_match: cipher to found in cipher list 79 * 80 * Return: true if open security else false 81 */ 82 static bool scm_is_cipher_match( 83 uint32_t *cipher_list, 84 uint16_t num_cipher, uint32_t cipher_to_match) 85 { 86 int i; 87 bool match = false; 88 89 for (i = 0; i < num_cipher ; i++) { 90 match = (cipher_list[i] == cipher_to_match); 91 if (match) 92 break; 93 } 94 95 return match; 96 } 97 98 /** 99 * scm_get_cipher_suite_type() - get cypher suite type from enc type 100 * @enc: enc type 101 * 102 * Return: cypher suite type 103 */ 104 static uint8_t scm_get_cipher_suite_type(enum wlan_enc_type enc) 105 { 106 uint8_t cipher_type; 107 108 switch (enc) { 109 case WLAN_ENCRYPT_TYPE_WEP40: 110 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 111 cipher_type = WLAN_CSE_WEP40; 112 break; 113 case WLAN_ENCRYPT_TYPE_WEP104: 114 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 115 cipher_type = WLAN_CSE_WEP104; 116 break; 117 case WLAN_ENCRYPT_TYPE_TKIP: 118 cipher_type = WLAN_CSE_TKIP; 119 break; 120 case WLAN_ENCRYPT_TYPE_AES: 121 cipher_type = WLAN_CSE_CCMP; 122 break; 123 case WLAN_ENCRYPT_TYPE_AES_GCMP: 124 cipher_type = WLAN_CSE_GCMP_128; 125 break; 126 case WLAN_ENCRYPT_TYPE_AES_GCMP_256: 127 cipher_type = WLAN_CSE_GCMP_256; 128 break; 129 case WLAN_ENCRYPT_TYPE_NONE: 130 cipher_type = WLAN_CSE_NONE; 131 break; 132 case WLAN_ENCRYPT_TYPE_WPI: 133 cipher_type = WLAN_WAI_CERT_OR_SMS4; 134 break; 135 default: 136 cipher_type = WLAN_CSE_RESERVED; 137 break; 138 } 139 140 return cipher_type; 141 } 142 143 /** 144 * scm_is_wep_security() - Check if scan entry support WEP security 145 * @filter: scan filter 146 * @db_entry: db entry 147 * @security: matched security. 148 * 149 * Return: true if WEP security else false 150 */ 151 static bool scm_is_wep_security(struct scan_filter *filter, 152 struct scan_cache_entry *db_entry, 153 struct security_info *security) 154 { 155 int i; 156 QDF_STATUS status; 157 bool match = false; 158 enum wlan_auth_type neg_auth = WLAN_AUTH_TYPE_OPEN_SYSTEM; 159 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 160 161 if (!security) 162 return false; 163 164 /* If privacy bit is not set, consider no match */ 165 if (!db_entry->cap_info.wlan_caps.privacy) 166 return false; 167 168 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 169 switch (filter->mc_enc_type[i]) { 170 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 171 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 172 case WLAN_ENCRYPT_TYPE_WEP40: 173 case WLAN_ENCRYPT_TYPE_WEP104: 174 /* 175 * Multicast list may contain WEP40/WEP104. 176 * Check whether it matches UC. 177 */ 178 if (security->uc_enc == 179 filter->mc_enc_type[i]) { 180 match = true; 181 neg_mccipher = 182 filter->mc_enc_type[i]; 183 } 184 break; 185 default: 186 match = false; 187 break; 188 } 189 if (match) 190 break; 191 } 192 193 if (!match) 194 return match; 195 196 for (i = 0; i < filter->num_of_auth; i++) { 197 switch (filter->auth_type[i]) { 198 case WLAN_AUTH_TYPE_OPEN_SYSTEM: 199 case WLAN_AUTH_TYPE_SHARED_KEY: 200 case WLAN_AUTH_TYPE_AUTOSWITCH: 201 match = true; 202 neg_auth = filter->auth_type[i]; 203 break; 204 default: 205 match = false; 206 } 207 if (match) 208 break; 209 } 210 211 if (!match) 212 return match; 213 214 /* 215 * In case of WPA / WPA2, check whether it supports WEP as well. 216 * Prepare the encryption type for WPA/WPA2 functions 217 */ 218 if (security->uc_enc == WLAN_ENCRYPT_TYPE_WEP40_STATICKEY) 219 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40; 220 else if (security->uc_enc == WLAN_ENCRYPT_TYPE_WEP104) 221 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104; 222 223 /* else we can use the encryption type directly */ 224 if (util_scan_entry_wpa(db_entry)) { 225 struct wlan_wpa_ie wpa = {0}; 226 uint8_t cipher_type; 227 228 cipher_type = 229 scm_get_cipher_suite_type(security->uc_enc); 230 status = wlan_parse_wpa_ie(util_scan_entry_wpa(db_entry), &wpa); 231 if (QDF_IS_STATUS_ERROR(status)) { 232 scm_err("failed to parse WPA IE, status %d", status); 233 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 234 util_scan_entry_wpa(db_entry), 235 util_scan_get_wpa_len(db_entry)); 236 return false; 237 } 238 239 match = scm_is_cipher_match(&wpa.mc_cipher, 240 1, WLAN_WPA_SEL(cipher_type)); 241 } 242 if (!match && util_scan_entry_rsn(db_entry)) { 243 struct wlan_rsn_ie rsn = {0}; 244 uint8_t cipher_type; 245 246 cipher_type = 247 scm_get_cipher_suite_type(security->uc_enc); 248 status = wlan_parse_rsn_ie(util_scan_entry_rsn(db_entry), &rsn); 249 if (QDF_IS_STATUS_ERROR(status)) { 250 scm_err("failed to parse RSN IE, status %d", status); 251 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 252 util_scan_entry_rsn(db_entry), 253 util_scan_get_rsn_len(db_entry)); 254 return false; 255 } 256 match = scm_is_cipher_match(&rsn.gp_cipher_suite, 257 1, WLAN_RSN_SEL(cipher_type)); 258 } 259 260 261 if (match) { 262 security->auth_type = neg_auth; 263 security->mc_enc = neg_mccipher; 264 } 265 266 return match; 267 } 268 269 /** 270 * scm_check_pmf_match() - Check PMF security of entry match filter 271 * @filter: scan filter 272 * @db_entry: ap entry 273 * @rsn: rsn IE of the scan entry 274 * 275 * Return: true if PMF security match else false 276 */ 277 static bool 278 scm_check_pmf_match(struct scan_filter *filter, 279 struct scan_cache_entry *db_entry, 280 struct wlan_rsn_ie *rsn) 281 { 282 enum wlan_pmf_cap ap_pmf_cap = WLAN_PMF_DISABLED; 283 bool match = true; 284 285 if (rsn->cap & RSN_CAP_MFP_CAPABLE) 286 ap_pmf_cap = WLAN_PMF_CAPABLE; 287 if (rsn->cap & RSN_CAP_MFP_REQUIRED) 288 ap_pmf_cap = WLAN_PMF_REQUIRED; 289 290 if ((filter->pmf_cap == WLAN_PMF_REQUIRED) && 291 (ap_pmf_cap == WLAN_PMF_DISABLED)) 292 match = false; 293 else if ((filter->pmf_cap == WLAN_PMF_DISABLED) && 294 (ap_pmf_cap == WLAN_PMF_REQUIRED)) 295 match = false; 296 297 if (!match) 298 scm_debug("%pM : PMF cap didn't match (filter %d AP %d)", 299 db_entry->bssid.bytes, filter->pmf_cap, 300 ap_pmf_cap); 301 302 return match; 303 } 304 305 /** 306 * scm_is_rsn_mcast_cipher_match() - match the rsn mcast cipher type with AP's 307 * mcast cipher 308 * @rsn: AP's RSNE 309 * @filter: scan filter 310 * @neg_mccipher: negotiated mc cipher if matched. 311 * 312 * Return: true if mc cipher is negotiated 313 */ 314 static bool 315 scm_is_rsn_mcast_cipher_match(struct wlan_rsn_ie *rsn, 316 struct scan_filter *filter, enum wlan_enc_type *neg_mccipher) 317 { 318 int i; 319 bool match; 320 uint8_t cipher_type; 321 322 if (!rsn || !neg_mccipher || !filter) 323 return false; 324 325 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 326 327 if (filter->mc_enc_type[i] == WLAN_ENCRYPT_TYPE_ANY) { 328 /* Try the more secured ones first. */ 329 /* Check GCMP_256 first */ 330 cipher_type = WLAN_CSE_GCMP_256; 331 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 332 WLAN_RSN_SEL(cipher_type)); 333 if (match) { 334 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES_GCMP_256; 335 return true; 336 } 337 /* Check GCMP */ 338 cipher_type = WLAN_CSE_GCMP_128; 339 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 340 WLAN_RSN_SEL(cipher_type)); 341 if (match) { 342 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES_GCMP; 343 return true; 344 } 345 /* Check AES */ 346 cipher_type = WLAN_CSE_CCMP; 347 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 348 WLAN_RSN_SEL(cipher_type)); 349 if (match) { 350 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES; 351 return true; 352 } 353 /* Check TKIP */ 354 cipher_type = WLAN_CSE_TKIP; 355 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 356 WLAN_RSN_SEL(cipher_type)); 357 if (match) { 358 *neg_mccipher = WLAN_ENCRYPT_TYPE_TKIP; 359 return true; 360 } 361 } else { 362 cipher_type = 363 scm_get_cipher_suite_type(filter->mc_enc_type[i]); 364 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 365 WLAN_RSN_SEL(cipher_type)); 366 if (match) { 367 *neg_mccipher = filter->mc_enc_type[i]; 368 return true; 369 } 370 } 371 } 372 373 return false; 374 } 375 376 /** 377 * scm_is_rsn_security() - Check if scan entry support RSN security 378 * @filter: scan filter 379 * @db_entry: db entry 380 * @security: matched security. 381 * 382 * Return: true if RSN security else false 383 */ 384 static bool scm_is_rsn_security(struct scan_filter *filter, 385 struct scan_cache_entry *db_entry, 386 struct security_info *security) 387 { 388 int i; 389 uint8_t cipher_type; 390 bool match_any_akm, match = false; 391 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 392 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 393 struct wlan_rsn_ie rsn = {0}; 394 QDF_STATUS status; 395 396 if (!security) 397 return false; 398 if (!util_scan_entry_rsn(db_entry)) { 399 scm_debug("%pM : doesn't have RSN IE", db_entry->bssid.bytes); 400 return false; 401 } 402 status = wlan_parse_rsn_ie(util_scan_entry_rsn(db_entry), &rsn); 403 if (QDF_IS_STATUS_ERROR(status)) { 404 scm_err("failed to parse RSN IE, status %d", status); 405 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 406 util_scan_entry_rsn(db_entry), 407 util_scan_get_rsn_len(db_entry)); 408 return false; 409 } 410 411 cipher_type = 412 scm_get_cipher_suite_type(security->uc_enc); 413 match = scm_is_cipher_match(rsn.pwise_cipher_suites, 414 rsn.pwise_cipher_count, WLAN_RSN_SEL(cipher_type)); 415 if (!match) { 416 scm_debug("%pM : pairwise cipher didn't match", 417 db_entry->bssid.bytes); 418 return false; 419 } 420 421 match = scm_is_rsn_mcast_cipher_match(&rsn, filter, &neg_mccipher); 422 if (!match) { 423 scm_debug("%pM : mcast cipher didn't match", 424 db_entry->bssid.bytes); 425 return false; 426 } 427 428 /* Initializing with false as it has true value already */ 429 match = false; 430 for (i = 0; i < filter->num_of_auth; i++) { 431 432 if (filter->auth_type[i] == WLAN_AUTH_TYPE_ANY) 433 match_any_akm = true; 434 else 435 match_any_akm = false; 436 /* 437 * Ciphers are supported, Match authentication algorithm and 438 * pick first matching authtype. 439 */ 440 if (scm_is_cipher_match(rsn.akm_suites, 441 rsn.akm_suite_count, 442 WLAN_RSN_SEL(WLAN_AKM_FILS_FT_SHA384))) { 443 if (match_any_akm || (WLAN_AUTH_TYPE_FT_FILS_SHA384 == 444 filter->auth_type[i])) { 445 neg_auth = WLAN_AUTH_TYPE_FT_FILS_SHA384; 446 match = true; 447 break; 448 } 449 } 450 if (scm_is_cipher_match(rsn.akm_suites, 451 rsn.akm_suite_count, 452 WLAN_RSN_SEL(WLAN_AKM_FILS_FT_SHA256))) { 453 if (match_any_akm || (WLAN_AUTH_TYPE_FT_FILS_SHA256 == 454 filter->auth_type[i])) { 455 neg_auth = WLAN_AUTH_TYPE_FT_FILS_SHA256; 456 match = true; 457 break; 458 } 459 } 460 if (scm_is_cipher_match(rsn.akm_suites, 461 rsn.akm_suite_count, 462 WLAN_RSN_SEL(WLAN_AKM_FILS_SHA384))) { 463 if (match_any_akm || (WLAN_AUTH_TYPE_FILS_SHA384 == 464 filter->auth_type[i])) { 465 neg_auth = WLAN_AUTH_TYPE_FILS_SHA384; 466 match = true; 467 break; 468 } 469 } 470 if (scm_is_cipher_match(rsn.akm_suites, 471 rsn.akm_suite_count, 472 WLAN_RSN_SEL(WLAN_AKM_FILS_SHA256))) { 473 if (match_any_akm || (WLAN_AUTH_TYPE_FILS_SHA256 == 474 filter->auth_type[i])) { 475 neg_auth = WLAN_AUTH_TYPE_FILS_SHA256; 476 match = true; 477 break; 478 } 479 } 480 481 if (scm_is_cipher_match(rsn.akm_suites, 482 rsn.akm_suite_count, 483 WLAN_RSN_SEL(WLAN_AKM_SAE))) { 484 if (match_any_akm || (WLAN_AUTH_TYPE_SAE == 485 filter->auth_type[i])) { 486 neg_auth = WLAN_AUTH_TYPE_SAE; 487 match = true; 488 break; 489 } 490 } 491 492 if (scm_is_cipher_match(rsn.akm_suites, 493 rsn.akm_suite_count, WLAN_RSN_DPP_AKM)) { 494 if (match_any_akm || (WLAN_AUTH_TYPE_DPP_RSN == 495 filter->auth_type[i])) { 496 neg_auth = WLAN_AUTH_TYPE_DPP_RSN; 497 match = true; 498 break; 499 } 500 } 501 if (scm_is_cipher_match(rsn.akm_suites, 502 rsn.akm_suite_count, 503 WLAN_RSN_OSEN_AKM)) { 504 if (match_any_akm || 505 WLAN_AUTH_TYPE_OSEN == filter->auth_type[i]) { 506 neg_auth = WLAN_AUTH_TYPE_OSEN; 507 match = true; 508 break; 509 } 510 } 511 if (scm_is_cipher_match(rsn.akm_suites, 512 rsn.akm_suite_count, 513 WLAN_RSN_SEL(WLAN_AKM_OWE))) { 514 if (match_any_akm || (WLAN_AUTH_TYPE_OWE == 515 filter->auth_type[i])) { 516 neg_auth = WLAN_AUTH_TYPE_OWE; 517 match = true; 518 break; 519 } 520 } 521 if (scm_is_cipher_match(rsn.akm_suites, 522 rsn.akm_suite_count, 523 WLAN_RSN_SEL(WLAN_AKM_FT_IEEE8021X))) { 524 if (match_any_akm || (WLAN_AUTH_TYPE_FT_RSN == 525 filter->auth_type[i])) { 526 neg_auth = WLAN_AUTH_TYPE_FT_RSN; 527 match = true; 528 break; 529 } 530 } 531 532 if (scm_is_cipher_match(rsn.akm_suites, 533 rsn.akm_suite_count, 534 WLAN_RSN_SEL(WLAN_AKM_FT_PSK))) { 535 if (match_any_akm || (WLAN_AUTH_TYPE_FT_RSN_PSK == 536 filter->auth_type[i])) { 537 neg_auth = WLAN_AUTH_TYPE_FT_RSN_PSK; 538 match = true; 539 break; 540 } 541 } 542 /* ESE only supports 802.1X. No PSK. */ 543 if (scm_is_cipher_match(rsn.akm_suites, 544 rsn.akm_suite_count, 545 WLAN_RSN_CCKM_AKM)) { 546 if (match_any_akm || (WLAN_AUTH_TYPE_CCKM_RSN == 547 filter->auth_type[i])) { 548 neg_auth = WLAN_AUTH_TYPE_CCKM_RSN; 549 match = true; 550 break; 551 } 552 } 553 /* RSN */ 554 if (scm_is_cipher_match(rsn.akm_suites, 555 rsn.akm_suite_count, 556 WLAN_RSN_SEL(WLAN_AKM_IEEE8021X))) { 557 if (match_any_akm || (WLAN_AUTH_TYPE_RSN == 558 filter->auth_type[i])) { 559 neg_auth = WLAN_AUTH_TYPE_RSN; 560 match = true; 561 break; 562 } 563 } 564 /* TKIP */ 565 if (scm_is_cipher_match(rsn.akm_suites, 566 rsn.akm_suite_count, 567 WLAN_RSN_SEL(WLAN_AKM_PSK))) { 568 if (match_any_akm || (WLAN_AUTH_TYPE_RSN_PSK == 569 filter->auth_type[i])) { 570 neg_auth = WLAN_AUTH_TYPE_RSN_PSK; 571 match = true; 572 break; 573 } 574 } 575 /* SHA256 */ 576 if (scm_is_cipher_match(rsn.akm_suites, 577 rsn.akm_suite_count, 578 WLAN_RSN_SEL(WLAN_AKM_SHA256_PSK))) { 579 if (match_any_akm || (WLAN_AUTH_TYPE_RSN_PSK_SHA256 == 580 filter->auth_type[i])) { 581 neg_auth = 582 WLAN_AUTH_TYPE_RSN_PSK_SHA256; 583 match = true; 584 break; 585 } 586 } 587 /* 8021X SHA256 */ 588 if (scm_is_cipher_match(rsn.akm_suites, 589 rsn.akm_suite_count, 590 WLAN_RSN_SEL(WLAN_AKM_SHA256_IEEE8021X))) { 591 if (match_any_akm || (WLAN_AUTH_TYPE_RSN_8021X_SHA256 == 592 filter->auth_type[i])) { 593 neg_auth = 594 WLAN_AUTH_TYPE_RSN_8021X_SHA256; 595 match = true; 596 break; 597 } 598 } 599 if (scm_is_cipher_match(rsn.akm_suites, 600 rsn.akm_suite_count, 601 WLAN_RSN_SEL(WLAN_AKM_SUITEB_EAP_SHA256))) { 602 if (match_any_akm || 603 (WLAN_AUTH_TYPE_SUITEB_EAP_SHA256 == 604 filter->auth_type[i])) { 605 neg_auth = WLAN_AUTH_TYPE_SUITEB_EAP_SHA256; 606 match = true; 607 break; 608 } 609 } 610 if (scm_is_cipher_match(rsn.akm_suites, 611 rsn.akm_suite_count, 612 WLAN_RSN_SEL(WLAN_AKM_SUITEB_EAP_SHA384))) { 613 if (match_any_akm || 614 (WLAN_AUTH_TYPE_SUITEB_EAP_SHA384 == 615 filter->auth_type[i])) { 616 neg_auth = WLAN_AUTH_TYPE_SUITEB_EAP_SHA384; 617 match = true; 618 break; 619 } 620 } 621 622 if (scm_is_cipher_match(rsn.akm_suites, rsn.akm_suite_count, 623 WLAN_RSN_SEL(WLAN_AKM_FT_SAE))) { 624 if (match_any_akm || (WLAN_AUTH_TYPE_FT_SAE == 625 filter->auth_type[i])) { 626 neg_auth = WLAN_AUTH_TYPE_FT_SAE; 627 match = true; 628 break; 629 } 630 } 631 632 if (scm_is_cipher_match(rsn.akm_suites, rsn.akm_suite_count, 633 WLAN_RSN_SEL( 634 WLAN_AKM_FT_SUITEB_EAP_SHA384))) { 635 if (match_any_akm || 636 (WLAN_AUTH_TYPE_FT_SUITEB_EAP_SHA384 == 637 filter->auth_type[i])) { 638 neg_auth = WLAN_AUTH_TYPE_FT_SUITEB_EAP_SHA384; 639 match = true; 640 break; 641 } 642 } 643 } 644 645 if (!match) { 646 scm_debug("%pM : akm suites didn't match", 647 db_entry->bssid.bytes); 648 return false; 649 } 650 651 if (!filter->ignore_pmf_cap) 652 match = scm_check_pmf_match(filter, db_entry, &rsn); 653 654 if (match) { 655 security->auth_type = neg_auth; 656 security->mc_enc = neg_mccipher; 657 } 658 659 return match; 660 } 661 662 /** 663 * scm_is_wpa_mcast_cipher_match() - match the wpa mcast cipher type with AP's 664 * mcast cipher 665 * @wpa: AP's WPA IE 666 * @filter: scan filter 667 * @neg_mccipher: negotiated mc cipher if matched. 668 * 669 * Return: true if mc cipher is negotiated 670 */ 671 static bool 672 scm_is_wpa_mcast_cipher_match(struct wlan_wpa_ie *wpa, 673 struct scan_filter *filter, enum wlan_enc_type *neg_mccipher) 674 { 675 int i; 676 bool match; 677 uint8_t cipher_type; 678 679 if (!wpa || !neg_mccipher || !filter) 680 return false; 681 682 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 683 684 if (filter->mc_enc_type[i] == WLAN_ENCRYPT_TYPE_ANY) { 685 /* Try the more secured ones first. */ 686 687 /* Check AES */ 688 cipher_type = WLAN_CSE_CCMP; 689 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 690 WLAN_WPA_SEL(cipher_type)); 691 if (match) { 692 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES; 693 return true; 694 } 695 /* Check TKIP */ 696 cipher_type = WLAN_CSE_TKIP; 697 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 698 WLAN_WPA_SEL(cipher_type)); 699 if (match) { 700 *neg_mccipher = WLAN_ENCRYPT_TYPE_TKIP; 701 return true; 702 } 703 } else { 704 cipher_type = 705 scm_get_cipher_suite_type(filter->mc_enc_type[i]); 706 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 707 WLAN_WPA_SEL(cipher_type)); 708 if (match) { 709 *neg_mccipher = filter->mc_enc_type[i]; 710 return true; 711 } 712 } 713 } 714 715 return false; 716 } 717 718 /** 719 * scm_is_wpa_security() - Check if scan entry support WPA security 720 * @filter: scan filter 721 * @db_entry: db entry 722 * @security: matched security. 723 * 724 * Return: true if WPA security else false 725 */ 726 static bool scm_is_wpa_security(struct scan_filter *filter, 727 struct scan_cache_entry *db_entry, 728 struct security_info *security) 729 { 730 int i; 731 QDF_STATUS status; 732 uint8_t cipher_type; 733 bool match_any_akm, match = false; 734 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 735 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 736 struct wlan_wpa_ie wpa = {0}; 737 738 if (!security) 739 return false; 740 if (!util_scan_entry_wpa(db_entry)) { 741 scm_debug("%pM : AP doesn't have WPA IE", 742 db_entry->bssid.bytes); 743 return false; 744 } 745 746 status = wlan_parse_wpa_ie(util_scan_entry_wpa(db_entry), &wpa); 747 if (QDF_IS_STATUS_ERROR(status)) { 748 scm_err("failed to parse WPA IE, status %d", status); 749 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 750 util_scan_entry_wpa(db_entry), 751 util_scan_get_wpa_len(db_entry)); 752 return false; 753 } 754 755 cipher_type = 756 scm_get_cipher_suite_type(security->uc_enc); 757 match = scm_is_cipher_match(wpa.uc_ciphers, 758 wpa.uc_cipher_count, WLAN_WPA_SEL(cipher_type)); 759 if (!match) { 760 scm_debug("%pM : unicase cipher didn't match", 761 db_entry->bssid.bytes); 762 return false; 763 } 764 765 match = scm_is_wpa_mcast_cipher_match(&wpa, filter, &neg_mccipher); 766 if (!match) { 767 scm_debug("%pM : mcast cipher didn't match", 768 db_entry->bssid.bytes); 769 return false; 770 } 771 772 /* Initializing with false as it has true value already */ 773 match = false; 774 for (i = 0; i < filter->num_of_auth; i++) { 775 776 if (filter->auth_type[i] == WLAN_AUTH_TYPE_ANY) 777 match_any_akm = true; 778 else 779 match_any_akm = false; 780 /* 781 * Ciphers are supported, Match authentication algorithm and 782 * pick first matching authtype. 783 */ 784 /**/ 785 if (scm_is_cipher_match(wpa.auth_suites, 786 wpa.auth_suite_count, 787 WLAN_WPA_SEL(WLAN_AKM_IEEE8021X))) { 788 if (match_any_akm || (WLAN_AUTH_TYPE_WPA == 789 filter->auth_type[i])) { 790 neg_auth = WLAN_AUTH_TYPE_WPA; 791 match = true; 792 break; 793 } 794 } 795 if (scm_is_cipher_match(wpa.auth_suites, 796 wpa.auth_suite_count, 797 WLAN_WPA_SEL(WLAN_AKM_PSK))) { 798 if (match_any_akm || (WLAN_AUTH_TYPE_WPA_PSK == 799 filter->auth_type[i])) { 800 neg_auth = WLAN_AUTH_TYPE_WPA_PSK; 801 match = true; 802 break; 803 } 804 } 805 if (scm_is_cipher_match(wpa.auth_suites, 806 wpa.auth_suite_count, 807 WLAN_WPA_CCKM_AKM)) { 808 if (match_any_akm || (WLAN_AUTH_TYPE_CCKM_WPA == 809 filter->auth_type[i])) { 810 neg_auth = WLAN_AUTH_TYPE_CCKM_WPA; 811 match = true; 812 break; 813 } 814 } 815 } 816 817 if (!match) 818 scm_debug("%pM : akm didn't match", db_entry->bssid.bytes); 819 820 if (match) { 821 security->auth_type = neg_auth; 822 security->mc_enc = neg_mccipher; 823 } 824 825 return match; 826 } 827 828 /** 829 * scm_is_wapi_security() - Check if scan entry support WAPI security 830 * @filter: scan filter 831 * @db_entry: db entry 832 * @security: matched security. 833 * 834 * Return: true if WAPI security else false 835 */ 836 static bool scm_is_wapi_security(struct scan_filter *filter, 837 struct scan_cache_entry *db_entry, 838 struct security_info *security) 839 { 840 int i; 841 uint8_t cipher_type; 842 bool match = false; 843 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 844 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 845 struct wlan_wapi_ie wapi = {0}; 846 847 if (!security) 848 return false; 849 if (!util_scan_entry_wapi(db_entry)) { 850 scm_debug("%pM : mcast cipher didn't match", 851 db_entry->bssid.bytes); 852 return false; 853 } 854 855 wlan_parse_wapi_ie( 856 util_scan_entry_wapi(db_entry), &wapi); 857 858 cipher_type = 859 scm_get_cipher_suite_type(security->uc_enc); 860 match = scm_is_cipher_match(wapi.uc_cipher_suites, 861 wapi.uc_cipher_count, WLAN_WAPI_SEL(cipher_type)); 862 if (!match) { 863 scm_debug("%pM : unicast cipher didn't match", 864 db_entry->bssid.bytes); 865 return false; 866 } 867 868 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 869 cipher_type = 870 scm_get_cipher_suite_type( 871 filter->mc_enc_type[i]); 872 match = scm_is_cipher_match(&wapi.mc_cipher_suite, 873 1, WLAN_WAPI_SEL(cipher_type)); 874 if (match) 875 break; 876 } 877 if (!match) { 878 scm_debug("%pM : mcast cipher didn't match", 879 db_entry->bssid.bytes); 880 return false; 881 } 882 neg_mccipher = filter->mc_enc_type[i]; 883 884 if (scm_is_cipher_match(wapi.akm_suites, 885 wapi.akm_suite_count, 886 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4))) { 887 neg_auth = 888 WLAN_AUTH_TYPE_WAPI_WAI_CERTIFICATE; 889 } else if (scm_is_cipher_match(wapi.akm_suites, 890 wapi.akm_suite_count, WLAN_WAPI_SEL(WLAN_WAI_PSK))) { 891 neg_auth = WLAN_AUTH_TYPE_WAPI_WAI_PSK; 892 } else { 893 scm_debug("%pM : akm is not supported", 894 db_entry->bssid.bytes); 895 return false; 896 } 897 898 match = false; 899 for (i = 0; i < filter->num_of_auth; i++) { 900 if (filter->auth_type[i] == neg_auth) { 901 match = true; 902 break; 903 } 904 } 905 906 if (!match) 907 scm_debug("%pM : akm suite didn't match", 908 db_entry->bssid.bytes); 909 if (match) { 910 security->auth_type = neg_auth; 911 security->mc_enc = neg_mccipher; 912 } 913 914 return match; 915 } 916 917 /** 918 * scm_is_def_security() - Check if any security in filter match 919 * @filter: scan filter 920 * @db_entry: db entry 921 * @security: matched security. 922 * 923 * Return: true if any security else false 924 */ 925 static bool scm_is_def_security(struct scan_filter *filter, 926 struct scan_cache_entry *db_entry, 927 struct security_info *security) 928 { 929 930 /* It is allowed to match anything. Try the more secured ones first. */ 931 /* Check GCMP_256 first */ 932 security->uc_enc = WLAN_ENCRYPT_TYPE_AES_GCMP_256; 933 if (scm_is_rsn_security(filter, db_entry, security)) 934 return true; 935 936 /* Check GCMP */ 937 security->uc_enc = WLAN_ENCRYPT_TYPE_AES_GCMP; 938 if (scm_is_rsn_security(filter, db_entry, security)) 939 return true; 940 941 /* Check AES */ 942 security->uc_enc = WLAN_ENCRYPT_TYPE_AES; 943 if (scm_is_rsn_security(filter, db_entry, security)) 944 return true; 945 if (scm_is_wpa_security(filter, db_entry, security)) 946 return true; 947 948 /* Check TKIP */ 949 security->uc_enc = WLAN_ENCRYPT_TYPE_TKIP; 950 if (scm_is_rsn_security(filter, db_entry, security)) 951 return true; 952 if (scm_is_wpa_security(filter, db_entry, security)) 953 return true; 954 955 /* Check AES */ 956 security->uc_enc = WLAN_ENCRYPT_TYPE_AES; 957 if (scm_is_wpa_security(filter, db_entry, security)) 958 return true; 959 960 /* Check TKIP */ 961 security->uc_enc = WLAN_ENCRYPT_TYPE_TKIP; 962 if (scm_is_wpa_security(filter, db_entry, security)) 963 return true; 964 965 /* Check WAPI */ 966 security->uc_enc = WLAN_ENCRYPT_TYPE_WPI; 967 if (scm_is_wapi_security(filter, db_entry, security)) 968 return true; 969 970 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104; 971 if (scm_is_wep_security(filter, db_entry, security)) 972 return true; 973 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40; 974 if (scm_is_wep_security(filter, db_entry, security)) 975 return true; 976 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104_STATICKEY; 977 if (scm_is_wep_security(filter, db_entry, security)) 978 return true; 979 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40_STATICKEY; 980 if (scm_is_wep_security(filter, db_entry, security)) 981 return true; 982 983 /* It must be open and no enc */ 984 if (db_entry->cap_info.wlan_caps.privacy) 985 return false; 986 987 security->auth_type = WLAN_AUTH_TYPE_OPEN_SYSTEM; 988 security->mc_enc = WLAN_ENCRYPT_TYPE_NONE; 989 security->uc_enc = WLAN_ENCRYPT_TYPE_NONE; 990 991 return true; 992 } 993 994 /** 995 * scm_is_fils_config_match() - Check if FILS config matches 996 * @filter: scan filter 997 * @db_entry: db entry 998 * 999 * Return: true if FILS config matches else false 1000 */ 1001 static bool scm_is_fils_config_match(struct scan_filter *filter, 1002 struct scan_cache_entry *db_entry) 1003 { 1004 int i; 1005 struct fils_indication_ie *indication_ie; 1006 uint8_t *data; 1007 1008 if (!filter->fils_scan_filter.realm_check) 1009 return true; 1010 1011 if (!db_entry->ie_list.fils_indication) 1012 return false; 1013 1014 1015 indication_ie = 1016 (struct fils_indication_ie *) db_entry->ie_list.fils_indication; 1017 1018 data = indication_ie->variable_data; 1019 if (indication_ie->is_cache_id_present) 1020 data += CACHE_IDENTIFIER_LEN; 1021 1022 if (indication_ie->is_hessid_present) 1023 data += HESSID_LEN; 1024 1025 for (i = 1; i <= indication_ie->realm_identifiers_cnt; i++) { 1026 if (!qdf_mem_cmp(filter->fils_scan_filter.fils_realm, 1027 data, REAM_HASH_LEN)) 1028 return true; 1029 /* Max realm count reached */ 1030 if (indication_ie->realm_identifiers_cnt == i) 1031 break; 1032 else 1033 data = data + REAM_HASH_LEN; 1034 } 1035 1036 return false; 1037 } 1038 1039 /** 1040 * scm_is_security_match() - Check if security in filter match 1041 * @filter: scan filter 1042 * @db_entry: db entry 1043 * @security: matched security. 1044 * 1045 * Return: true if security match else false 1046 */ 1047 static bool scm_is_security_match(struct scan_filter *filter, 1048 struct scan_cache_entry *db_entry, 1049 struct security_info *security) 1050 { 1051 int i; 1052 bool match = false; 1053 struct security_info local_security = {0}; 1054 1055 if (!filter->num_of_enc_type) 1056 return true; 1057 1058 for (i = 0; (i < filter->num_of_enc_type) && 1059 !match; i++) { 1060 1061 local_security.uc_enc = 1062 filter->enc_type[i]; 1063 1064 switch (filter->enc_type[i]) { 1065 case WLAN_ENCRYPT_TYPE_NONE: 1066 match = scm_is_open_security(filter, 1067 db_entry, &local_security); 1068 break; 1069 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 1070 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 1071 case WLAN_ENCRYPT_TYPE_WEP40: 1072 case WLAN_ENCRYPT_TYPE_WEP104: 1073 match = scm_is_wep_security(filter, 1074 db_entry, &local_security); 1075 break; 1076 case WLAN_ENCRYPT_TYPE_TKIP: 1077 case WLAN_ENCRYPT_TYPE_AES: 1078 case WLAN_ENCRYPT_TYPE_AES_GCMP: 1079 case WLAN_ENCRYPT_TYPE_AES_GCMP_256: 1080 /* First check if there is a RSN match */ 1081 match = scm_is_rsn_security(filter, 1082 db_entry, &local_security); 1083 /* If not RSN, then check WPA match */ 1084 if (!match) 1085 match = scm_is_wpa_security(filter, 1086 db_entry, &local_security); 1087 break; 1088 case WLAN_ENCRYPT_TYPE_WPI:/* WAPI */ 1089 match = scm_is_wapi_security(filter, 1090 db_entry, &local_security); 1091 break; 1092 case WLAN_ENCRYPT_TYPE_ANY: 1093 default: 1094 match = scm_is_def_security(filter, 1095 db_entry, &local_security); 1096 break; 1097 } 1098 } 1099 1100 if (match && security) 1101 qdf_mem_copy(security, 1102 &local_security, sizeof(*security)); 1103 1104 return match; 1105 } 1106 1107 bool scm_filter_match(struct wlan_objmgr_psoc *psoc, 1108 struct scan_cache_entry *db_entry, 1109 struct scan_filter *filter, 1110 struct security_info *security) 1111 { 1112 int i; 1113 bool match = false; 1114 struct roam_filter_params *roam_params; 1115 struct scan_default_params *def_param; 1116 struct wlan_country_ie *cc_ie; 1117 1118 def_param = wlan_scan_psoc_get_def_params(psoc); 1119 if (!def_param) 1120 return false; 1121 1122 roam_params = &def_param->roam_params; 1123 1124 if (filter->p2p_results && !db_entry->is_p2p) 1125 return false; 1126 1127 for (i = 0; i < roam_params->num_bssid_avoid_list; i++) { 1128 if (qdf_is_macaddr_equal(&roam_params->bssid_avoid_list[i], 1129 &db_entry->bssid)) { 1130 scm_debug("%pM : Ignore as its blacklisted", 1131 db_entry->bssid.bytes); 1132 return false; 1133 } 1134 } 1135 1136 match = false; 1137 if (db_entry->ssid.length) { 1138 for (i = 0; i < filter->num_of_ssid; i++) { 1139 if (util_is_ssid_match(&filter->ssid_list[i], 1140 &db_entry->ssid)) { 1141 match = true; 1142 break; 1143 } 1144 } 1145 } 1146 /* 1147 * In OWE transition mode, ssid is hidden. And supplicant does not issue 1148 * scan with specific ssid prior to connect as in other hidden ssid 1149 * cases. Add explicit check to allow OWE when ssid is hidden. 1150 */ 1151 if (!match && util_scan_entry_is_hidden_ap(db_entry)) { 1152 for (i = 0; i < filter->num_of_auth; i++) { 1153 if (filter->auth_type[i] == WLAN_AUTH_TYPE_OWE) { 1154 match = true; 1155 break; 1156 } 1157 } 1158 } 1159 if (!match && filter->num_of_ssid) 1160 return false; 1161 1162 match = false; 1163 /* TO do Fill p2p MAC*/ 1164 for (i = 0; i < filter->num_of_bssid; i++) { 1165 if (util_is_bssid_match(&filter->bssid_list[i], 1166 &db_entry->bssid)) { 1167 match = true; 1168 break; 1169 } 1170 /* TODO match p2p mac */ 1171 } 1172 if (!match && filter->num_of_bssid) 1173 return false; 1174 1175 match = false; 1176 for (i = 0; i < filter->num_of_channels; i++) { 1177 if (!filter->channel_list[i] || ( 1178 (filter->channel_list[i] == 1179 db_entry->channel.chan_idx))) { 1180 match = true; 1181 break; 1182 } 1183 } 1184 1185 if (!match && filter->num_of_channels) 1186 return false; 1187 1188 if (filter->rrm_measurement_filter) 1189 return true; 1190 1191 /* TODO match phyMode */ 1192 1193 if (!filter->ignore_auth_enc_type && 1194 !scm_is_security_match(filter, 1195 db_entry, security)) { 1196 scm_debug("%pM : Ignore as security profile didn't match", 1197 db_entry->bssid.bytes); 1198 return false; 1199 } 1200 1201 if (!util_is_bss_type_match(filter->bss_type, 1202 db_entry->cap_info)) { 1203 scm_debug("%pM : Ignore as bss type didn't match cap_info %x bss_type %d", 1204 db_entry->bssid.bytes, db_entry->cap_info.value, 1205 filter->bss_type); 1206 return false; 1207 } 1208 1209 /* TODO match rate set */ 1210 1211 if (filter->only_wmm_ap && 1212 !db_entry->ie_list.wmeinfo && 1213 !db_entry->ie_list.wmeparam) { 1214 scm_debug("%pM : Ignore as required wmeinfo and wme params not present", 1215 db_entry->bssid.bytes); 1216 return false; 1217 } 1218 1219 /* Match realm */ 1220 if (!scm_is_fils_config_match(filter, db_entry)) { 1221 scm_debug("%pM :Ignore as fils config didn't match", 1222 db_entry->bssid.bytes); 1223 return false; 1224 } 1225 1226 cc_ie = util_scan_entry_country(db_entry); 1227 if (!util_country_code_match(filter->country, cc_ie)) { 1228 scm_debug("%pM : Ignore as country %.*s didn't match", 1229 db_entry->bssid.bytes, 2, filter->country); 1230 return false; 1231 } 1232 1233 if (!util_mdie_match(filter->mobility_domain, 1234 (struct rsn_mdie *)db_entry->ie_list.mdie)) { 1235 scm_debug("%pM : Ignore as mdie didn't match", 1236 db_entry->bssid.bytes); 1237 return false; 1238 } 1239 1240 return true; 1241 } 1242