1 /* 2 * Copyright (c) 2017-2019 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 /* 19 * DOC: contains scan cache filter logic 20 */ 21 22 #include <wlan_scan_utils_api.h> 23 #include "wlan_scan_main.h" 24 #include "wlan_scan_cache_db_i.h" 25 26 /** 27 * scm_is_open_security() - Check if scan entry support open security 28 * @filter: scan filter 29 * @db_entry: db entry 30 * @security: matched security. 31 * 32 * Return: true if open security else false 33 */ 34 static bool scm_is_open_security(struct scan_filter *filter, 35 struct scan_cache_entry *db_entry, 36 struct security_info *security) 37 { 38 bool match = false; 39 int i; 40 41 if (db_entry->cap_info.wlan_caps.privacy) 42 return false; 43 44 /* Check MC cipher and Auth type requested. */ 45 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 46 if (WLAN_ENCRYPT_TYPE_NONE == 47 filter->mc_enc_type[i]) { 48 security->mc_enc = 49 filter->mc_enc_type[i]; 50 match = true; 51 break; 52 } 53 } 54 if (!match && filter->num_of_mc_enc_type) 55 return match; 56 57 match = false; 58 /* Check Auth list. It should contain AuthOpen. */ 59 for (i = 0; i < filter->num_of_auth; i++) { 60 if ((WLAN_AUTH_TYPE_OPEN_SYSTEM == 61 filter->auth_type[i]) || 62 (WLAN_AUTH_TYPE_AUTOSWITCH == 63 filter->auth_type[i])) { 64 security->auth_type = 65 WLAN_AUTH_TYPE_OPEN_SYSTEM; 66 match = true; 67 break; 68 } 69 } 70 71 return match; 72 } 73 74 /** 75 * scm_is_cipher_match() - Check if cipher match the cipher list 76 * @cipher_list: cipher list to match 77 * @num_cipher: number of cipher in cipher list 78 * @cipher_to_match: cipher to found in cipher list 79 * 80 * Return: true if open security else false 81 */ 82 static bool scm_is_cipher_match( 83 uint32_t *cipher_list, 84 uint16_t num_cipher, uint32_t cipher_to_match) 85 { 86 int i; 87 bool match = false; 88 89 for (i = 0; i < num_cipher ; i++) { 90 match = (cipher_list[i] == cipher_to_match); 91 if (match) 92 break; 93 } 94 95 return match; 96 } 97 98 /** 99 * scm_get_cipher_suite_type() - get cypher suite type from enc type 100 * @enc: enc type 101 * 102 * Return: cypher suite type 103 */ 104 static uint8_t scm_get_cipher_suite_type(enum wlan_enc_type enc) 105 { 106 uint8_t cipher_type; 107 108 switch (enc) { 109 case WLAN_ENCRYPT_TYPE_WEP40: 110 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 111 cipher_type = WLAN_CSE_WEP40; 112 break; 113 case WLAN_ENCRYPT_TYPE_WEP104: 114 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 115 cipher_type = WLAN_CSE_WEP104; 116 break; 117 case WLAN_ENCRYPT_TYPE_TKIP: 118 cipher_type = WLAN_CSE_TKIP; 119 break; 120 case WLAN_ENCRYPT_TYPE_AES: 121 cipher_type = WLAN_CSE_CCMP; 122 break; 123 case WLAN_ENCRYPT_TYPE_AES_GCMP: 124 cipher_type = WLAN_CSE_GCMP_128; 125 break; 126 case WLAN_ENCRYPT_TYPE_AES_GCMP_256: 127 cipher_type = WLAN_CSE_GCMP_256; 128 break; 129 case WLAN_ENCRYPT_TYPE_NONE: 130 cipher_type = WLAN_CSE_NONE; 131 break; 132 case WLAN_ENCRYPT_TYPE_WPI: 133 cipher_type = WLAN_WAI_CERT_OR_SMS4; 134 break; 135 default: 136 cipher_type = WLAN_CSE_RESERVED; 137 break; 138 } 139 140 return cipher_type; 141 } 142 143 /** 144 * scm_is_wep_security() - Check if scan entry support WEP security 145 * @filter: scan filter 146 * @db_entry: db entry 147 * @security: matched security. 148 * 149 * Return: true if WEP security else false 150 */ 151 static bool scm_is_wep_security(struct scan_filter *filter, 152 struct scan_cache_entry *db_entry, 153 struct security_info *security) 154 { 155 int i; 156 QDF_STATUS status; 157 bool match = false; 158 enum wlan_auth_type neg_auth = WLAN_AUTH_TYPE_OPEN_SYSTEM; 159 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 160 161 if (!security) 162 return false; 163 164 /* If privacy bit is not set, consider no match */ 165 if (!db_entry->cap_info.wlan_caps.privacy) 166 return false; 167 168 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 169 switch (filter->mc_enc_type[i]) { 170 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 171 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 172 case WLAN_ENCRYPT_TYPE_WEP40: 173 case WLAN_ENCRYPT_TYPE_WEP104: 174 /* 175 * Multicast list may contain WEP40/WEP104. 176 * Check whether it matches UC. 177 */ 178 if (security->uc_enc == 179 filter->mc_enc_type[i]) { 180 match = true; 181 neg_mccipher = 182 filter->mc_enc_type[i]; 183 } 184 break; 185 default: 186 match = false; 187 break; 188 } 189 if (match) 190 break; 191 } 192 193 if (!match) 194 return match; 195 196 for (i = 0; i < filter->num_of_auth; i++) { 197 switch (filter->auth_type[i]) { 198 case WLAN_AUTH_TYPE_OPEN_SYSTEM: 199 case WLAN_AUTH_TYPE_SHARED_KEY: 200 case WLAN_AUTH_TYPE_AUTOSWITCH: 201 match = true; 202 neg_auth = filter->auth_type[i]; 203 break; 204 default: 205 match = false; 206 } 207 if (match) 208 break; 209 } 210 211 if (!match) 212 return match; 213 214 /* 215 * In case of WPA / WPA2, check whether it supports WEP as well. 216 * Prepare the encryption type for WPA/WPA2 functions 217 */ 218 if (security->uc_enc == WLAN_ENCRYPT_TYPE_WEP40_STATICKEY) 219 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40; 220 else if (security->uc_enc == WLAN_ENCRYPT_TYPE_WEP104) 221 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104; 222 223 /* else we can use the encryption type directly */ 224 if (util_scan_entry_wpa(db_entry)) { 225 struct wlan_wpa_ie wpa = {0}; 226 uint8_t cipher_type; 227 228 cipher_type = 229 scm_get_cipher_suite_type(security->uc_enc); 230 status = wlan_parse_wpa_ie(util_scan_entry_wpa(db_entry), &wpa); 231 if (QDF_IS_STATUS_ERROR(status)) { 232 scm_err("failed to parse WPA IE, status %d", status); 233 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 234 util_scan_entry_wpa(db_entry), 235 util_scan_get_wpa_len(db_entry)); 236 return false; 237 } 238 239 match = scm_is_cipher_match(&wpa.mc_cipher, 240 1, WLAN_WPA_SEL(cipher_type)); 241 } 242 if (!match && util_scan_entry_rsn(db_entry)) { 243 struct wlan_rsn_ie rsn = {0}; 244 uint8_t cipher_type; 245 246 cipher_type = 247 scm_get_cipher_suite_type(security->uc_enc); 248 status = wlan_parse_rsn_ie(util_scan_entry_rsn(db_entry), &rsn); 249 if (QDF_IS_STATUS_ERROR(status)) { 250 scm_err("failed to parse RSN IE, status %d", status); 251 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 252 util_scan_entry_rsn(db_entry), 253 util_scan_get_rsn_len(db_entry)); 254 return false; 255 } 256 match = scm_is_cipher_match(&rsn.gp_cipher_suite, 257 1, WLAN_RSN_SEL(cipher_type)); 258 } 259 260 261 if (match) { 262 security->auth_type = neg_auth; 263 security->mc_enc = neg_mccipher; 264 } 265 266 return match; 267 } 268 269 /** 270 * scm_check_pmf_match() - Check PMF security of entry match filter 271 * @filter: scan filter 272 * @db_entry: ap entry 273 * @rsn: rsn IE of the scan entry 274 * 275 * Return: true if PMF security match else false 276 */ 277 static bool 278 scm_check_pmf_match(struct scan_filter *filter, 279 struct scan_cache_entry *db_entry, 280 struct wlan_rsn_ie *rsn) 281 { 282 enum wlan_pmf_cap ap_pmf_cap = WLAN_PMF_DISABLED; 283 bool match = true; 284 285 if (rsn->cap & RSN_CAP_MFP_CAPABLE) 286 ap_pmf_cap = WLAN_PMF_CAPABLE; 287 if (rsn->cap & RSN_CAP_MFP_REQUIRED) 288 ap_pmf_cap = WLAN_PMF_REQUIRED; 289 290 if ((filter->pmf_cap == WLAN_PMF_REQUIRED) && 291 (ap_pmf_cap == WLAN_PMF_DISABLED)) 292 match = false; 293 else if ((filter->pmf_cap == WLAN_PMF_DISABLED) && 294 (ap_pmf_cap == WLAN_PMF_REQUIRED)) 295 match = false; 296 297 if (!match) 298 scm_debug("%pM : PMF cap didn't match (filter %d AP %d)", 299 db_entry->bssid.bytes, filter->pmf_cap, 300 ap_pmf_cap); 301 302 return match; 303 } 304 305 /** 306 * scm_is_rsn_mcast_cipher_match() - match the rsn mcast cipher type with AP's 307 * mcast cipher 308 * @rsn: AP's RSNE 309 * @filter: scan filter 310 * @neg_mccipher: negotiated mc cipher if matched. 311 * 312 * Return: true if mc cipher is negotiated 313 */ 314 static bool 315 scm_is_rsn_mcast_cipher_match(struct wlan_rsn_ie *rsn, 316 struct scan_filter *filter, enum wlan_enc_type *neg_mccipher) 317 { 318 int i; 319 bool match; 320 uint8_t cipher_type; 321 322 if (!rsn || !neg_mccipher || !filter) 323 return false; 324 325 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 326 327 if (filter->mc_enc_type[i] == WLAN_ENCRYPT_TYPE_ANY) { 328 /* Try the more secured ones first. */ 329 /* Check GCMP_256 first */ 330 cipher_type = WLAN_CSE_GCMP_256; 331 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 332 WLAN_RSN_SEL(cipher_type)); 333 if (match) { 334 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES_GCMP_256; 335 return true; 336 } 337 /* Check GCMP */ 338 cipher_type = WLAN_CSE_GCMP_128; 339 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 340 WLAN_RSN_SEL(cipher_type)); 341 if (match) { 342 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES_GCMP; 343 return true; 344 } 345 /* Check AES */ 346 cipher_type = WLAN_CSE_CCMP; 347 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 348 WLAN_RSN_SEL(cipher_type)); 349 if (match) { 350 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES; 351 return true; 352 } 353 /* Check TKIP */ 354 cipher_type = WLAN_CSE_TKIP; 355 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 356 WLAN_RSN_SEL(cipher_type)); 357 if (match) { 358 *neg_mccipher = WLAN_ENCRYPT_TYPE_TKIP; 359 return true; 360 } 361 } else { 362 cipher_type = 363 scm_get_cipher_suite_type(filter->mc_enc_type[i]); 364 match = scm_is_cipher_match(&rsn->gp_cipher_suite, 1, 365 WLAN_RSN_SEL(cipher_type)); 366 if (match) { 367 *neg_mccipher = filter->mc_enc_type[i]; 368 return true; 369 } 370 } 371 } 372 373 return false; 374 } 375 376 /** 377 * scm_is_rsn_security() - Check if scan entry support RSN security 378 * @filter: scan filter 379 * @db_entry: db entry 380 * @security: matched security. 381 * 382 * Return: true if RSN security else false 383 */ 384 static bool scm_is_rsn_security(struct scan_filter *filter, 385 struct scan_cache_entry *db_entry, 386 struct security_info *security) 387 { 388 int i; 389 uint8_t cipher_type; 390 bool match_any_akm, match = false; 391 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 392 enum wlan_auth_type filter_akm; 393 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 394 struct wlan_rsn_ie rsn = {0}; 395 QDF_STATUS status; 396 bool is_adaptive_11r; 397 398 if (!security) 399 return false; 400 if (!util_scan_entry_rsn(db_entry)) { 401 scm_debug("%pM : doesn't have RSN IE", db_entry->bssid.bytes); 402 return false; 403 } 404 status = wlan_parse_rsn_ie(util_scan_entry_rsn(db_entry), &rsn); 405 if (QDF_IS_STATUS_ERROR(status)) { 406 scm_err("failed to parse RSN IE, status %d", status); 407 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 408 util_scan_entry_rsn(db_entry), 409 util_scan_get_rsn_len(db_entry)); 410 return false; 411 } 412 413 cipher_type = 414 scm_get_cipher_suite_type(security->uc_enc); 415 match = scm_is_cipher_match(rsn.pwise_cipher_suites, 416 rsn.pwise_cipher_count, WLAN_RSN_SEL(cipher_type)); 417 if (!match) { 418 scm_debug("%pM : pairwise cipher didn't match", 419 db_entry->bssid.bytes); 420 return false; 421 } 422 423 match = scm_is_rsn_mcast_cipher_match(&rsn, filter, &neg_mccipher); 424 if (!match) { 425 scm_debug("%pM : mcast cipher didn't match", 426 db_entry->bssid.bytes); 427 return false; 428 } 429 430 is_adaptive_11r = (db_entry->adaptive_11r_ap && 431 filter->enable_adaptive_11r); 432 433 /* Initializing with false as it has true value already */ 434 match = false; 435 for (i = 0; i < filter->num_of_auth; i++) { 436 437 filter_akm = filter->auth_type[i]; 438 if (filter_akm == WLAN_AUTH_TYPE_ANY) 439 match_any_akm = true; 440 else 441 match_any_akm = false; 442 /* 443 * Ciphers are supported, Match authentication algorithm and 444 * pick first matching authtype. 445 */ 446 if (scm_is_cipher_match(rsn.akm_suites, 447 rsn.akm_suite_count, 448 WLAN_RSN_SEL(WLAN_AKM_FILS_FT_SHA384))) { 449 if (match_any_akm || 450 (filter_akm == WLAN_AUTH_TYPE_FT_FILS_SHA384)) { 451 neg_auth = WLAN_AUTH_TYPE_FT_FILS_SHA384; 452 match = true; 453 break; 454 } 455 } 456 if (scm_is_cipher_match(rsn.akm_suites, 457 rsn.akm_suite_count, 458 WLAN_RSN_SEL(WLAN_AKM_FILS_FT_SHA256))) { 459 if (match_any_akm || 460 (filter_akm == WLAN_AUTH_TYPE_FT_FILS_SHA256)) { 461 neg_auth = WLAN_AUTH_TYPE_FT_FILS_SHA256; 462 match = true; 463 break; 464 } 465 } 466 if (scm_is_cipher_match(rsn.akm_suites, 467 rsn.akm_suite_count, 468 WLAN_RSN_SEL(WLAN_AKM_FILS_SHA384))) { 469 if (match_any_akm || 470 (filter_akm == WLAN_AUTH_TYPE_FILS_SHA384)) { 471 neg_auth = WLAN_AUTH_TYPE_FILS_SHA384; 472 match = true; 473 break; 474 } 475 } 476 if (scm_is_cipher_match(rsn.akm_suites, 477 rsn.akm_suite_count, 478 WLAN_RSN_SEL(WLAN_AKM_FILS_SHA256))) { 479 if (match_any_akm || 480 (filter_akm == WLAN_AUTH_TYPE_FILS_SHA256)) { 481 neg_auth = WLAN_AUTH_TYPE_FILS_SHA256; 482 match = true; 483 break; 484 } 485 } 486 487 if (scm_is_cipher_match(rsn.akm_suites, 488 rsn.akm_suite_count, 489 WLAN_RSN_SEL(WLAN_AKM_SAE))) { 490 if (match_any_akm || 491 (filter_akm == WLAN_AUTH_TYPE_SAE)) { 492 neg_auth = WLAN_AUTH_TYPE_SAE; 493 match = true; 494 break; 495 } 496 } 497 498 if (scm_is_cipher_match(rsn.akm_suites, 499 rsn.akm_suite_count, WLAN_RSN_DPP_AKM)) { 500 if (match_any_akm || 501 (filter_akm == WLAN_AUTH_TYPE_DPP_RSN)) { 502 neg_auth = WLAN_AUTH_TYPE_DPP_RSN; 503 match = true; 504 break; 505 } 506 } 507 if (scm_is_cipher_match(rsn.akm_suites, 508 rsn.akm_suite_count, 509 WLAN_RSN_OSEN_AKM)) { 510 if (match_any_akm || 511 (filter_akm == WLAN_AUTH_TYPE_OSEN)) { 512 neg_auth = WLAN_AUTH_TYPE_OSEN; 513 match = true; 514 break; 515 } 516 } 517 if (scm_is_cipher_match(rsn.akm_suites, 518 rsn.akm_suite_count, 519 WLAN_RSN_SEL(WLAN_AKM_OWE))) { 520 if (match_any_akm || 521 (filter_akm == WLAN_AUTH_TYPE_OWE)) { 522 neg_auth = WLAN_AUTH_TYPE_OWE; 523 match = true; 524 break; 525 } 526 } 527 if (scm_is_cipher_match(rsn.akm_suites, 528 rsn.akm_suite_count, 529 WLAN_RSN_SEL(WLAN_AKM_FT_IEEE8021X))) { 530 if (match_any_akm || 531 (filter_akm == WLAN_AUTH_TYPE_FT_RSN)) { 532 neg_auth = WLAN_AUTH_TYPE_FT_RSN; 533 match = true; 534 break; 535 } 536 } 537 538 if (scm_is_cipher_match(rsn.akm_suites, 539 rsn.akm_suite_count, 540 WLAN_RSN_SEL(WLAN_AKM_FT_PSK))) { 541 if (match_any_akm || 542 (filter_akm == WLAN_AUTH_TYPE_FT_RSN_PSK)) { 543 neg_auth = WLAN_AUTH_TYPE_FT_RSN_PSK; 544 match = true; 545 break; 546 } 547 } 548 /* ESE only supports 802.1X. No PSK. */ 549 if (scm_is_cipher_match(rsn.akm_suites, 550 rsn.akm_suite_count, 551 WLAN_RSN_CCKM_AKM)) { 552 if (match_any_akm || 553 (filter_akm == WLAN_AUTH_TYPE_CCKM_RSN)) { 554 neg_auth = WLAN_AUTH_TYPE_CCKM_RSN; 555 match = true; 556 break; 557 } 558 } 559 /* RSN */ 560 if (scm_is_cipher_match(rsn.akm_suites, 561 rsn.akm_suite_count, 562 WLAN_RSN_SEL(WLAN_AKM_IEEE8021X))) { 563 if (is_adaptive_11r && 564 (filter_akm == WLAN_AUTH_TYPE_FT_RSN)) { 565 neg_auth = WLAN_AUTH_TYPE_FT_RSN; 566 match = true; 567 break; 568 } 569 570 if (match_any_akm || 571 (WLAN_AUTH_TYPE_RSN == filter_akm)) { 572 neg_auth = WLAN_AUTH_TYPE_RSN; 573 match = true; 574 break; 575 } 576 } 577 /* TKIP */ 578 if (scm_is_cipher_match(rsn.akm_suites, 579 rsn.akm_suite_count, 580 WLAN_RSN_SEL(WLAN_AKM_PSK))) { 581 if (is_adaptive_11r && 582 (filter_akm == WLAN_AUTH_TYPE_FT_RSN_PSK)) { 583 neg_auth = WLAN_AUTH_TYPE_FT_RSN_PSK; 584 match = true; 585 break; 586 } 587 588 if (match_any_akm || 589 (filter_akm == WLAN_AUTH_TYPE_RSN_PSK)) { 590 neg_auth = WLAN_AUTH_TYPE_RSN_PSK; 591 match = true; 592 break; 593 } 594 } 595 /* SHA256 */ 596 if (scm_is_cipher_match(rsn.akm_suites, 597 rsn.akm_suite_count, 598 WLAN_RSN_SEL(WLAN_AKM_SHA256_PSK))) { 599 if (is_adaptive_11r && 600 (filter_akm == WLAN_AUTH_TYPE_FT_RSN_PSK)) { 601 neg_auth = WLAN_AUTH_TYPE_FT_RSN_PSK; 602 match = true; 603 break; 604 } 605 606 if (match_any_akm || 607 (filter_akm == WLAN_AUTH_TYPE_RSN_PSK_SHA256)) { 608 neg_auth = WLAN_AUTH_TYPE_RSN_PSK_SHA256; 609 match = true; 610 break; 611 } 612 } 613 /* 8021X SHA256 */ 614 if (scm_is_cipher_match(rsn.akm_suites, 615 rsn.akm_suite_count, 616 WLAN_RSN_SEL(WLAN_AKM_SHA256_IEEE8021X))) { 617 if (is_adaptive_11r && 618 (filter_akm == WLAN_AUTH_TYPE_FT_RSN)) { 619 neg_auth = WLAN_AUTH_TYPE_FT_RSN; 620 match = true; 621 break; 622 } 623 624 if (match_any_akm || 625 (filter_akm == WLAN_AUTH_TYPE_RSN_8021X_SHA256)) { 626 neg_auth = WLAN_AUTH_TYPE_RSN_8021X_SHA256; 627 match = true; 628 break; 629 } 630 } 631 if (scm_is_cipher_match(rsn.akm_suites, 632 rsn.akm_suite_count, 633 WLAN_RSN_SEL(WLAN_AKM_SUITEB_EAP_SHA256))) { 634 if (match_any_akm || 635 (filter_akm == WLAN_AUTH_TYPE_SUITEB_EAP_SHA256)) { 636 neg_auth = WLAN_AUTH_TYPE_SUITEB_EAP_SHA256; 637 match = true; 638 break; 639 } 640 } 641 if (scm_is_cipher_match(rsn.akm_suites, 642 rsn.akm_suite_count, 643 WLAN_RSN_SEL(WLAN_AKM_SUITEB_EAP_SHA384))) { 644 if (match_any_akm || 645 (filter_akm == WLAN_AUTH_TYPE_SUITEB_EAP_SHA384)) { 646 neg_auth = WLAN_AUTH_TYPE_SUITEB_EAP_SHA384; 647 match = true; 648 break; 649 } 650 } 651 652 if (scm_is_cipher_match(rsn.akm_suites, rsn.akm_suite_count, 653 WLAN_RSN_SEL(WLAN_AKM_FT_SAE))) { 654 if (match_any_akm || 655 (filter_akm == WLAN_AUTH_TYPE_FT_SAE)) { 656 neg_auth = WLAN_AUTH_TYPE_FT_SAE; 657 match = true; 658 break; 659 } 660 } 661 662 if (scm_is_cipher_match(rsn.akm_suites, rsn.akm_suite_count, 663 WLAN_RSN_SEL( 664 WLAN_AKM_FT_SUITEB_EAP_SHA384))) { 665 if (match_any_akm || 666 (filter_akm == 667 WLAN_AUTH_TYPE_FT_SUITEB_EAP_SHA384)) { 668 neg_auth = WLAN_AUTH_TYPE_FT_SUITEB_EAP_SHA384; 669 match = true; 670 break; 671 } 672 } 673 } 674 675 if (!match) { 676 scm_debug("%pM : akm suites didn't match", 677 db_entry->bssid.bytes); 678 return false; 679 } 680 681 if (!filter->ignore_pmf_cap) 682 match = scm_check_pmf_match(filter, db_entry, &rsn); 683 684 if (match) { 685 security->auth_type = neg_auth; 686 security->mc_enc = neg_mccipher; 687 } 688 689 return match; 690 } 691 692 /** 693 * scm_is_wpa_mcast_cipher_match() - match the wpa mcast cipher type with AP's 694 * mcast cipher 695 * @wpa: AP's WPA IE 696 * @filter: scan filter 697 * @neg_mccipher: negotiated mc cipher if matched. 698 * 699 * Return: true if mc cipher is negotiated 700 */ 701 static bool 702 scm_is_wpa_mcast_cipher_match(struct wlan_wpa_ie *wpa, 703 struct scan_filter *filter, enum wlan_enc_type *neg_mccipher) 704 { 705 int i; 706 bool match; 707 uint8_t cipher_type; 708 709 if (!wpa || !neg_mccipher || !filter) 710 return false; 711 712 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 713 714 if (filter->mc_enc_type[i] == WLAN_ENCRYPT_TYPE_ANY) { 715 /* Try the more secured ones first. */ 716 717 /* Check AES */ 718 cipher_type = WLAN_CSE_CCMP; 719 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 720 WLAN_WPA_SEL(cipher_type)); 721 if (match) { 722 *neg_mccipher = WLAN_ENCRYPT_TYPE_AES; 723 return true; 724 } 725 /* Check TKIP */ 726 cipher_type = WLAN_CSE_TKIP; 727 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 728 WLAN_WPA_SEL(cipher_type)); 729 if (match) { 730 *neg_mccipher = WLAN_ENCRYPT_TYPE_TKIP; 731 return true; 732 } 733 } else { 734 cipher_type = 735 scm_get_cipher_suite_type(filter->mc_enc_type[i]); 736 match = scm_is_cipher_match(&wpa->mc_cipher, 1, 737 WLAN_WPA_SEL(cipher_type)); 738 if (match) { 739 *neg_mccipher = filter->mc_enc_type[i]; 740 return true; 741 } 742 } 743 } 744 745 return false; 746 } 747 748 /** 749 * scm_is_wpa_security() - Check if scan entry support WPA security 750 * @filter: scan filter 751 * @db_entry: db entry 752 * @security: matched security. 753 * 754 * Return: true if WPA security else false 755 */ 756 static bool scm_is_wpa_security(struct scan_filter *filter, 757 struct scan_cache_entry *db_entry, 758 struct security_info *security) 759 { 760 int i; 761 QDF_STATUS status; 762 uint8_t cipher_type; 763 bool match_any_akm, match = false; 764 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 765 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 766 struct wlan_wpa_ie wpa = {0}; 767 768 if (!security) 769 return false; 770 if (!util_scan_entry_wpa(db_entry)) { 771 scm_debug("%pM : AP doesn't have WPA IE", 772 db_entry->bssid.bytes); 773 return false; 774 } 775 776 status = wlan_parse_wpa_ie(util_scan_entry_wpa(db_entry), &wpa); 777 if (QDF_IS_STATUS_ERROR(status)) { 778 scm_err("failed to parse WPA IE, status %d", status); 779 scm_hex_dump(QDF_TRACE_LEVEL_DEBUG, 780 util_scan_entry_wpa(db_entry), 781 util_scan_get_wpa_len(db_entry)); 782 return false; 783 } 784 785 cipher_type = 786 scm_get_cipher_suite_type(security->uc_enc); 787 match = scm_is_cipher_match(wpa.uc_ciphers, 788 wpa.uc_cipher_count, WLAN_WPA_SEL(cipher_type)); 789 if (!match) { 790 scm_debug("%pM : unicase cipher didn't match", 791 db_entry->bssid.bytes); 792 return false; 793 } 794 795 match = scm_is_wpa_mcast_cipher_match(&wpa, filter, &neg_mccipher); 796 if (!match) { 797 scm_debug("%pM : mcast cipher didn't match", 798 db_entry->bssid.bytes); 799 return false; 800 } 801 802 /* Initializing with false as it has true value already */ 803 match = false; 804 for (i = 0; i < filter->num_of_auth; i++) { 805 806 if (filter->auth_type[i] == WLAN_AUTH_TYPE_ANY) 807 match_any_akm = true; 808 else 809 match_any_akm = false; 810 /* 811 * Ciphers are supported, Match authentication algorithm and 812 * pick first matching authtype. 813 */ 814 /**/ 815 if (scm_is_cipher_match(wpa.auth_suites, 816 wpa.auth_suite_count, 817 WLAN_WPA_SEL(WLAN_AKM_IEEE8021X))) { 818 if (match_any_akm || (WLAN_AUTH_TYPE_WPA == 819 filter->auth_type[i])) { 820 neg_auth = WLAN_AUTH_TYPE_WPA; 821 match = true; 822 break; 823 } 824 } 825 if (scm_is_cipher_match(wpa.auth_suites, 826 wpa.auth_suite_count, 827 WLAN_WPA_SEL(WLAN_AKM_PSK))) { 828 if (match_any_akm || (WLAN_AUTH_TYPE_WPA_PSK == 829 filter->auth_type[i])) { 830 neg_auth = WLAN_AUTH_TYPE_WPA_PSK; 831 match = true; 832 break; 833 } 834 } 835 if (scm_is_cipher_match(wpa.auth_suites, 836 wpa.auth_suite_count, 837 WLAN_WPA_CCKM_AKM)) { 838 if (match_any_akm || (WLAN_AUTH_TYPE_CCKM_WPA == 839 filter->auth_type[i])) { 840 neg_auth = WLAN_AUTH_TYPE_CCKM_WPA; 841 match = true; 842 break; 843 } 844 } 845 } 846 847 if (!match) 848 scm_debug("%pM : akm didn't match", db_entry->bssid.bytes); 849 850 if (match) { 851 security->auth_type = neg_auth; 852 security->mc_enc = neg_mccipher; 853 } 854 855 return match; 856 } 857 858 /** 859 * scm_is_wapi_security() - Check if scan entry support WAPI security 860 * @filter: scan filter 861 * @db_entry: db entry 862 * @security: matched security. 863 * 864 * Return: true if WAPI security else false 865 */ 866 static bool scm_is_wapi_security(struct scan_filter *filter, 867 struct scan_cache_entry *db_entry, 868 struct security_info *security) 869 { 870 int i; 871 uint8_t cipher_type; 872 bool match = false; 873 enum wlan_auth_type neg_auth = WLAN_NUM_OF_SUPPORT_AUTH_TYPE; 874 enum wlan_enc_type neg_mccipher = WLAN_ENCRYPT_TYPE_NONE; 875 struct wlan_wapi_ie wapi = {0}; 876 877 if (!security) 878 return false; 879 if (!util_scan_entry_wapi(db_entry)) { 880 scm_debug("%pM : mcast cipher didn't match", 881 db_entry->bssid.bytes); 882 return false; 883 } 884 885 wlan_parse_wapi_ie( 886 util_scan_entry_wapi(db_entry), &wapi); 887 888 cipher_type = 889 scm_get_cipher_suite_type(security->uc_enc); 890 match = scm_is_cipher_match(wapi.uc_cipher_suites, 891 wapi.uc_cipher_count, WLAN_WAPI_SEL(cipher_type)); 892 if (!match) { 893 scm_debug("%pM : unicast cipher didn't match", 894 db_entry->bssid.bytes); 895 return false; 896 } 897 898 for (i = 0; i < filter->num_of_mc_enc_type; i++) { 899 cipher_type = 900 scm_get_cipher_suite_type( 901 filter->mc_enc_type[i]); 902 match = scm_is_cipher_match(&wapi.mc_cipher_suite, 903 1, WLAN_WAPI_SEL(cipher_type)); 904 if (match) 905 break; 906 } 907 if (!match) { 908 scm_debug("%pM : mcast cipher didn't match", 909 db_entry->bssid.bytes); 910 return false; 911 } 912 neg_mccipher = filter->mc_enc_type[i]; 913 914 if (scm_is_cipher_match(wapi.akm_suites, 915 wapi.akm_suite_count, 916 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4))) { 917 neg_auth = 918 WLAN_AUTH_TYPE_WAPI_WAI_CERTIFICATE; 919 } else if (scm_is_cipher_match(wapi.akm_suites, 920 wapi.akm_suite_count, WLAN_WAPI_SEL(WLAN_WAI_PSK))) { 921 neg_auth = WLAN_AUTH_TYPE_WAPI_WAI_PSK; 922 } else { 923 scm_debug("%pM : akm is not supported", 924 db_entry->bssid.bytes); 925 return false; 926 } 927 928 match = false; 929 for (i = 0; i < filter->num_of_auth; i++) { 930 if (filter->auth_type[i] == neg_auth) { 931 match = true; 932 break; 933 } 934 } 935 936 if (!match) 937 scm_debug("%pM : akm suite didn't match", 938 db_entry->bssid.bytes); 939 if (match) { 940 security->auth_type = neg_auth; 941 security->mc_enc = neg_mccipher; 942 } 943 944 return match; 945 } 946 947 /** 948 * scm_is_def_security() - Check if any security in filter match 949 * @filter: scan filter 950 * @db_entry: db entry 951 * @security: matched security. 952 * 953 * Return: true if any security else false 954 */ 955 static bool scm_is_def_security(struct scan_filter *filter, 956 struct scan_cache_entry *db_entry, 957 struct security_info *security) 958 { 959 960 /* It is allowed to match anything. Try the more secured ones first. */ 961 /* Check GCMP_256 first */ 962 security->uc_enc = WLAN_ENCRYPT_TYPE_AES_GCMP_256; 963 if (scm_is_rsn_security(filter, db_entry, security)) 964 return true; 965 966 /* Check GCMP */ 967 security->uc_enc = WLAN_ENCRYPT_TYPE_AES_GCMP; 968 if (scm_is_rsn_security(filter, db_entry, security)) 969 return true; 970 971 /* Check AES */ 972 security->uc_enc = WLAN_ENCRYPT_TYPE_AES; 973 if (scm_is_rsn_security(filter, db_entry, security)) 974 return true; 975 if (scm_is_wpa_security(filter, db_entry, security)) 976 return true; 977 978 /* Check TKIP */ 979 security->uc_enc = WLAN_ENCRYPT_TYPE_TKIP; 980 if (scm_is_rsn_security(filter, db_entry, security)) 981 return true; 982 if (scm_is_wpa_security(filter, db_entry, security)) 983 return true; 984 985 /* Check AES */ 986 security->uc_enc = WLAN_ENCRYPT_TYPE_AES; 987 if (scm_is_wpa_security(filter, db_entry, security)) 988 return true; 989 990 /* Check TKIP */ 991 security->uc_enc = WLAN_ENCRYPT_TYPE_TKIP; 992 if (scm_is_wpa_security(filter, db_entry, security)) 993 return true; 994 995 /* Check WAPI */ 996 security->uc_enc = WLAN_ENCRYPT_TYPE_WPI; 997 if (scm_is_wapi_security(filter, db_entry, security)) 998 return true; 999 1000 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104; 1001 if (scm_is_wep_security(filter, db_entry, security)) 1002 return true; 1003 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40; 1004 if (scm_is_wep_security(filter, db_entry, security)) 1005 return true; 1006 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP104_STATICKEY; 1007 if (scm_is_wep_security(filter, db_entry, security)) 1008 return true; 1009 security->uc_enc = WLAN_ENCRYPT_TYPE_WEP40_STATICKEY; 1010 if (scm_is_wep_security(filter, db_entry, security)) 1011 return true; 1012 1013 /* It must be open and no enc */ 1014 if (db_entry->cap_info.wlan_caps.privacy) 1015 return false; 1016 1017 security->auth_type = WLAN_AUTH_TYPE_OPEN_SYSTEM; 1018 security->mc_enc = WLAN_ENCRYPT_TYPE_NONE; 1019 security->uc_enc = WLAN_ENCRYPT_TYPE_NONE; 1020 1021 return true; 1022 } 1023 1024 /** 1025 * scm_is_fils_config_match() - Check if FILS config matches 1026 * @filter: scan filter 1027 * @db_entry: db entry 1028 * 1029 * Return: true if FILS config matches else false 1030 */ 1031 static bool scm_is_fils_config_match(struct scan_filter *filter, 1032 struct scan_cache_entry *db_entry) 1033 { 1034 int i; 1035 struct fils_indication_ie *indication_ie; 1036 uint8_t *data; 1037 1038 if (!filter->fils_scan_filter.realm_check) 1039 return true; 1040 1041 if (!db_entry->ie_list.fils_indication) 1042 return false; 1043 1044 1045 indication_ie = 1046 (struct fils_indication_ie *) db_entry->ie_list.fils_indication; 1047 1048 data = indication_ie->variable_data; 1049 if (indication_ie->is_cache_id_present) 1050 data += CACHE_IDENTIFIER_LEN; 1051 1052 if (indication_ie->is_hessid_present) 1053 data += HESSID_LEN; 1054 1055 for (i = 1; i <= indication_ie->realm_identifiers_cnt; i++) { 1056 if (!qdf_mem_cmp(filter->fils_scan_filter.fils_realm, 1057 data, REAM_HASH_LEN)) 1058 return true; 1059 /* Max realm count reached */ 1060 if (indication_ie->realm_identifiers_cnt == i) 1061 break; 1062 else 1063 data = data + REAM_HASH_LEN; 1064 } 1065 1066 return false; 1067 } 1068 1069 /** 1070 * scm_is_security_match() - Check if security in filter match 1071 * @filter: scan filter 1072 * @db_entry: db entry 1073 * @security: matched security. 1074 * 1075 * Return: true if security match else false 1076 */ 1077 static bool scm_is_security_match(struct scan_filter *filter, 1078 struct scan_cache_entry *db_entry, 1079 struct security_info *security) 1080 { 1081 int i; 1082 bool match = false; 1083 struct security_info local_security = {0}; 1084 1085 if (!filter->num_of_enc_type) 1086 return true; 1087 1088 for (i = 0; (i < filter->num_of_enc_type) && 1089 !match; i++) { 1090 1091 local_security.uc_enc = 1092 filter->enc_type[i]; 1093 1094 switch (filter->enc_type[i]) { 1095 case WLAN_ENCRYPT_TYPE_NONE: 1096 match = scm_is_open_security(filter, 1097 db_entry, &local_security); 1098 break; 1099 case WLAN_ENCRYPT_TYPE_WEP40_STATICKEY: 1100 case WLAN_ENCRYPT_TYPE_WEP104_STATICKEY: 1101 case WLAN_ENCRYPT_TYPE_WEP40: 1102 case WLAN_ENCRYPT_TYPE_WEP104: 1103 match = scm_is_wep_security(filter, 1104 db_entry, &local_security); 1105 break; 1106 case WLAN_ENCRYPT_TYPE_TKIP: 1107 case WLAN_ENCRYPT_TYPE_AES: 1108 case WLAN_ENCRYPT_TYPE_AES_GCMP: 1109 case WLAN_ENCRYPT_TYPE_AES_GCMP_256: 1110 /* First check if there is a RSN match */ 1111 match = scm_is_rsn_security(filter, db_entry, 1112 &local_security); 1113 /* If not RSN, then check WPA match */ 1114 if (!match) 1115 match = scm_is_wpa_security(filter, 1116 db_entry, &local_security); 1117 break; 1118 case WLAN_ENCRYPT_TYPE_WPI:/* WAPI */ 1119 match = scm_is_wapi_security(filter, 1120 db_entry, &local_security); 1121 break; 1122 case WLAN_ENCRYPT_TYPE_ANY: 1123 default: 1124 match = scm_is_def_security(filter, db_entry, 1125 &local_security); 1126 break; 1127 } 1128 } 1129 1130 if (match && security) 1131 qdf_mem_copy(security, &local_security, sizeof(*security)); 1132 1133 return match; 1134 } 1135 1136 bool scm_filter_match(struct wlan_objmgr_psoc *psoc, 1137 struct scan_cache_entry *db_entry, 1138 struct scan_filter *filter, 1139 struct security_info *security) 1140 { 1141 int i; 1142 bool match = false; 1143 struct roam_filter_params *roam_params; 1144 struct scan_default_params *def_param; 1145 struct wlan_country_ie *cc_ie; 1146 1147 def_param = wlan_scan_psoc_get_def_params(psoc); 1148 if (!def_param) 1149 return false; 1150 1151 roam_params = &def_param->roam_params; 1152 1153 if (filter->age_threshold && filter->age_threshold < 1154 util_scan_entry_age(db_entry)) 1155 return false; 1156 1157 if (filter->p2p_results && !db_entry->is_p2p) 1158 return false; 1159 1160 for (i = 0; i < roam_params->num_bssid_avoid_list; i++) { 1161 if (qdf_is_macaddr_equal(&roam_params->bssid_avoid_list[i], 1162 &db_entry->bssid)) { 1163 scm_debug("%pM : Ignore as its blacklisted", 1164 db_entry->bssid.bytes); 1165 return false; 1166 } 1167 } 1168 1169 match = false; 1170 if (db_entry->ssid.length) { 1171 for (i = 0; i < filter->num_of_ssid; i++) { 1172 if (util_is_ssid_match(&filter->ssid_list[i], 1173 &db_entry->ssid)) { 1174 match = true; 1175 break; 1176 } 1177 } 1178 } 1179 /* 1180 * In OWE transition mode, ssid is hidden. And supplicant does not issue 1181 * scan with specific ssid prior to connect as in other hidden ssid 1182 * cases. Add explicit check to allow OWE when ssid is hidden. 1183 */ 1184 if (!match && util_scan_entry_is_hidden_ap(db_entry)) { 1185 for (i = 0; i < filter->num_of_auth; i++) { 1186 if (filter->auth_type[i] == WLAN_AUTH_TYPE_OWE) { 1187 match = true; 1188 break; 1189 } 1190 } 1191 } 1192 if (!match && filter->num_of_ssid) 1193 return false; 1194 1195 match = false; 1196 /* TO do Fill p2p MAC*/ 1197 for (i = 0; i < filter->num_of_bssid; i++) { 1198 if (util_is_bssid_match(&filter->bssid_list[i], 1199 &db_entry->bssid)) { 1200 match = true; 1201 break; 1202 } 1203 /* TODO match p2p mac */ 1204 } 1205 if (!match && filter->num_of_bssid) 1206 return false; 1207 1208 match = false; 1209 for (i = 0; i < filter->num_of_channels; i++) { 1210 if (!filter->channel_list[i] || ( 1211 (filter->channel_list[i] == 1212 db_entry->channel.chan_idx))) { 1213 match = true; 1214 break; 1215 } 1216 } 1217 1218 if (!match && filter->num_of_channels) 1219 return false; 1220 1221 if (filter->rrm_measurement_filter) 1222 return true; 1223 1224 /* TODO match phyMode */ 1225 1226 if (!filter->ignore_auth_enc_type && 1227 !scm_is_security_match(filter, db_entry, security)) { 1228 scm_debug("%pM : Ignore as security profile didn't match", 1229 db_entry->bssid.bytes); 1230 return false; 1231 } 1232 1233 if (!util_is_bss_type_match(filter->bss_type, db_entry->cap_info)) { 1234 scm_debug("%pM : Ignore as bss type didn't match cap_info %x bss_type %d", 1235 db_entry->bssid.bytes, db_entry->cap_info.value, 1236 filter->bss_type); 1237 return false; 1238 } 1239 1240 /* TODO match rate set */ 1241 1242 if (filter->only_wmm_ap && 1243 !db_entry->ie_list.wmeinfo && 1244 !db_entry->ie_list.wmeparam) { 1245 scm_debug("%pM : Ignore as required wmeinfo and wme params not present", 1246 db_entry->bssid.bytes); 1247 return false; 1248 } 1249 1250 /* Match realm */ 1251 if (!scm_is_fils_config_match(filter, db_entry)) { 1252 scm_debug("%pM :Ignore as fils config didn't match", 1253 db_entry->bssid.bytes); 1254 return false; 1255 } 1256 1257 cc_ie = util_scan_entry_country(db_entry); 1258 if (!util_country_code_match(filter->country, cc_ie)) { 1259 scm_debug("%pM : Ignore as country %.*s didn't match", 1260 db_entry->bssid.bytes, 2, filter->country); 1261 return false; 1262 } 1263 1264 if (!util_mdie_match(filter->mobility_domain, 1265 (struct rsn_mdie *)db_entry->ie_list.mdie)) { 1266 scm_debug("%pM : Ignore as mdie didn't match", 1267 db_entry->bssid.bytes); 1268 return false; 1269 } 1270 1271 return true; 1272 } 1273