1 /*
2 * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
3 * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for
6 * any purpose with or without fee is hereby granted, provided that the
7 * above copyright notice and this permission notice appear in all
8 * copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /**
21 * DOC: Public APIs for crypto service
22 */
23
24 #include <qdf_types.h>
25 #include <wlan_cmn.h>
26 #include <wlan_objmgr_cmn.h>
27 #include <wlan_objmgr_global_obj.h>
28 #include <wlan_objmgr_psoc_obj.h>
29 #include <wlan_objmgr_pdev_obj.h>
30 #include <wlan_objmgr_vdev_obj.h>
31 #include <wlan_objmgr_peer_obj.h>
32 #include <wlan_utility.h>
33 #include <wlan_cp_stats_utils_api.h>
34
35 #include "wlan_crypto_global_def.h"
36 #include "wlan_crypto_global_api.h"
37 #include "wlan_crypto_def_i.h"
38 #include "wlan_crypto_param_handling_i.h"
39 #include "wlan_crypto_obj_mgr_i.h"
40 #include "wlan_crypto_main.h"
41 #include <qdf_module.h>
42
43 const struct wlan_crypto_cipher *wlan_crypto_cipher_ops[WLAN_CRYPTO_CIPHER_MAX];
44
45 #define WPA_ADD_CIPHER_TO_SUITE(frm, cipher) \
46 WLAN_CRYPTO_ADDSELECTOR(frm,\
47 wlan_crypto_wpa_cipher_to_suite(cipher))
48
49 #define RSN_ADD_CIPHER_TO_SUITE(frm, cipher) \
50 WLAN_CRYPTO_ADDSELECTOR(frm,\
51 wlan_crypto_rsn_cipher_to_suite(cipher))
52
53 #define WPA_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\
54 WLAN_CRYPTO_ADDSELECTOR(frm,\
55 wlan_crypto_wpa_keymgmt_to_suite(keymgmt))
56
57 #define RSN_ADD_KEYMGMT_TO_SUITE(frm, keymgmt)\
58 WLAN_CRYPTO_ADDSELECTOR(frm,\
59 wlan_crypto_rsn_keymgmt_to_suite(keymgmt))
60
is_valid_keyix(uint16_t keyix)61 bool is_valid_keyix(uint16_t keyix)
62 {
63 if (keyix >= (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX
64 + WLAN_CRYPTO_MAXBIGTKKEYIDX))
65 return 0;
66 else
67 return 1;
68 }
69
is_igtk(uint16_t keyix)70 bool is_igtk(uint16_t keyix)
71 {
72 if (keyix < WLAN_CRYPTO_MAXKEYIDX)
73 return 0;
74 else if (keyix - WLAN_CRYPTO_MAXKEYIDX >= WLAN_CRYPTO_MAXIGTKKEYIDX)
75 return 0;
76 else
77 return 1;
78 }
79
is_bigtk(uint16_t keyix)80 bool is_bigtk(uint16_t keyix)
81 {
82 if (keyix < (WLAN_CRYPTO_MAXKEYIDX + WLAN_CRYPTO_MAXIGTKKEYIDX))
83 return 0;
84 if (keyix - WLAN_CRYPTO_MAXKEYIDX - WLAN_CRYPTO_MAXIGTKKEYIDX
85 >= WLAN_CRYPTO_MAXBIGTKKEYIDX)
86 return 0;
87 else
88 return 1;
89 }
90
is_gtk(uint16_t keyix)91 bool is_gtk(uint16_t keyix)
92 {
93 if (keyix == 1 || keyix == 2)
94 return 1;
95 else
96 return 0;
97 }
98
99 /**
100 * wlan_crypto_vdev_get_comp_params() - called by mlme to get crypto params
101 * @vdev: vdev
102 * @crypto_priv: location to store pointer to the crypto private data
103 *
104 * This function gets called by mlme to get crypto params
105 *
106 * Return: wlan_crypto_params or NULL in case of failure
107 */
wlan_crypto_vdev_get_comp_params(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_comp_priv ** crypto_priv)108 static struct wlan_crypto_params *wlan_crypto_vdev_get_comp_params(
109 struct wlan_objmgr_vdev *vdev,
110 struct wlan_crypto_comp_priv **crypto_priv)
111 {
112 *crypto_priv = (struct wlan_crypto_comp_priv *)
113 wlan_get_vdev_crypto_obj(vdev);
114 if (!(*crypto_priv)) {
115 crypto_err("crypto_priv NULL");
116 return NULL;
117 }
118
119 return &((*crypto_priv)->crypto_params);
120 }
121
122 /**
123 * wlan_crypto_peer_get_comp_params() - called by mlme to get crypto params
124 * @peer: peer
125 * @crypto_priv: location to store pointer to the crypto private data
126 *
127 * This function gets called by mlme to get crypto params
128 *
129 * Return: wlan_crypto_params or NULL in case of failure
130 */
wlan_crypto_peer_get_comp_params(struct wlan_objmgr_peer * peer,struct wlan_crypto_comp_priv ** crypto_priv)131 static struct wlan_crypto_params *wlan_crypto_peer_get_comp_params(
132 struct wlan_objmgr_peer *peer,
133 struct wlan_crypto_comp_priv **crypto_priv)
134 {
135
136 *crypto_priv = (struct wlan_crypto_comp_priv *)
137 wlan_get_peer_crypto_obj(peer);
138 if (!*crypto_priv) {
139 crypto_err("crypto_priv NULL");
140 return NULL;
141 }
142
143 return &((*crypto_priv)->crypto_params);
144 }
145
wlan_crypto_set_igtk_key(struct wlan_crypto_key * key)146 static QDF_STATUS wlan_crypto_set_igtk_key(struct wlan_crypto_key *key)
147 {
148 return QDF_STATUS_SUCCESS;
149 }
150
151 /**
152 * wlan_crypto_set_param() - called by ucfg to set crypto param
153 * @crypto_params: crypto_params
154 * @param: param to be set.
155 * @value: value
156 *
157 * This function gets called from ucfg to set param
158 *
159 * Return: QDF_STATUS_SUCCESS - in case of success
160 */
wlan_crypto_set_param(struct wlan_crypto_params * crypto_params,wlan_crypto_param_type param,uint32_t value)161 static QDF_STATUS wlan_crypto_set_param(struct wlan_crypto_params *crypto_params,
162 wlan_crypto_param_type param,
163 uint32_t value)
164 {
165 QDF_STATUS status = QDF_STATUS_E_INVAL;
166
167 crypto_debug("param %d, value %d", param, value);
168 switch (param) {
169 case WLAN_CRYPTO_PARAM_AUTH_MODE:
170 status = wlan_crypto_set_authmode(crypto_params, value);
171 break;
172 case WLAN_CRYPTO_PARAM_UCAST_CIPHER:
173 status = wlan_crypto_set_ucastciphers(crypto_params, value);
174 break;
175 case WLAN_CRYPTO_PARAM_MCAST_CIPHER:
176 status = wlan_crypto_set_mcastcipher(crypto_params, value);
177 break;
178 case WLAN_CRYPTO_PARAM_MGMT_CIPHER:
179 status = wlan_crypto_set_mgmtcipher(crypto_params, value);
180 break;
181 case WLAN_CRYPTO_PARAM_CIPHER_CAP:
182 status = wlan_crypto_set_cipher_cap(crypto_params, value);
183 break;
184 case WLAN_CRYPTO_PARAM_RSN_CAP:
185 status = wlan_crypto_set_rsn_cap(crypto_params, value);
186 break;
187 case WLAN_CRYPTO_PARAM_RSNX_CAP:
188 status = wlan_crypto_set_rsnx_cap(crypto_params, value);
189 break;
190 case WLAN_CRYPTO_PARAM_KEY_MGMT:
191 status = wlan_crypto_set_key_mgmt(crypto_params, value);
192 break;
193 default:
194 status = QDF_STATUS_E_INVAL;
195 }
196 return status;
197 }
198
wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev * vdev,wlan_crypto_param_type param,uint32_t value)199 QDF_STATUS wlan_crypto_set_vdev_param(struct wlan_objmgr_vdev *vdev,
200 wlan_crypto_param_type param,
201 uint32_t value)
202 {
203 QDF_STATUS status = QDF_STATUS_E_INVAL;
204 struct wlan_crypto_comp_priv *crypto_priv;
205 struct wlan_crypto_params *crypto_params;
206
207 crypto_priv = (struct wlan_crypto_comp_priv *)
208 wlan_get_vdev_crypto_obj(vdev);
209
210 if (!crypto_priv) {
211 crypto_err("crypto_priv NULL");
212 return QDF_STATUS_E_INVAL;
213 }
214
215 crypto_params = &(crypto_priv->crypto_params);
216
217 status = wlan_crypto_set_param(crypto_params, param, value);
218
219 return status;
220 }
221
wlan_crypto_set_peer_param(struct wlan_objmgr_peer * peer,wlan_crypto_param_type param,uint32_t value)222 QDF_STATUS wlan_crypto_set_peer_param(struct wlan_objmgr_peer *peer,
223 wlan_crypto_param_type param,
224 uint32_t value)
225 {
226 QDF_STATUS status = QDF_STATUS_E_INVAL;
227 struct wlan_crypto_comp_priv *crypto_priv;
228 struct wlan_crypto_params *crypto_params;
229
230 crypto_params = wlan_crypto_peer_get_comp_params(peer,
231 &crypto_priv);
232
233 if (!crypto_priv) {
234 crypto_err("crypto_priv NULL");
235 return QDF_STATUS_E_INVAL;
236 }
237
238 crypto_params = &(crypto_priv->crypto_params);
239
240 status = wlan_crypto_set_param(crypto_params, param, value);
241
242 return status;
243 }
244
245 /**
246 * wlan_crypto_get_param_value() - called by crypto APIs to get value for param
247 * @param: Crypto param type
248 * @crypto_params: Crypto params struct
249 *
250 * This function gets called from in-within crypto layer
251 *
252 * Return: value or -1 for failure
253 */
wlan_crypto_get_param_value(wlan_crypto_param_type param,struct wlan_crypto_params * crypto_params)254 static int32_t wlan_crypto_get_param_value(wlan_crypto_param_type param,
255 struct wlan_crypto_params *crypto_params)
256 {
257 int32_t value;
258
259 switch (param) {
260 case WLAN_CRYPTO_PARAM_AUTH_MODE:
261 value = wlan_crypto_get_authmode(crypto_params);
262 break;
263 case WLAN_CRYPTO_PARAM_UCAST_CIPHER:
264 value = wlan_crypto_get_ucastciphers(crypto_params);
265 break;
266 case WLAN_CRYPTO_PARAM_MCAST_CIPHER:
267 value = wlan_crypto_get_mcastcipher(crypto_params);
268 break;
269 case WLAN_CRYPTO_PARAM_MGMT_CIPHER:
270 value = wlan_crypto_get_mgmtciphers(crypto_params);
271 break;
272 case WLAN_CRYPTO_PARAM_CIPHER_CAP:
273 value = wlan_crypto_get_cipher_cap(crypto_params);
274 break;
275 case WLAN_CRYPTO_PARAM_RSN_CAP:
276 value = wlan_crypto_get_rsn_cap(crypto_params);
277 break;
278 case WLAN_CRYPTO_PARAM_KEY_MGMT:
279 value = wlan_crypto_get_key_mgmt(crypto_params);
280 break;
281 default:
282 value = -1;
283 }
284
285 return value;
286 }
287
wlan_crypto_get_param(struct wlan_objmgr_vdev * vdev,wlan_crypto_param_type param)288 int32_t wlan_crypto_get_param(struct wlan_objmgr_vdev *vdev,
289 wlan_crypto_param_type param)
290 {
291 int32_t value = -1;
292 struct wlan_crypto_comp_priv *crypto_priv;
293 struct wlan_crypto_params *crypto_params;
294 crypto_priv = (struct wlan_crypto_comp_priv *)
295 wlan_get_vdev_crypto_obj(vdev);
296
297 if (!crypto_priv) {
298 crypto_err("crypto_priv NULL");
299 return value;
300 }
301
302 crypto_params = &(crypto_priv->crypto_params);
303 value = wlan_crypto_get_param_value(param, crypto_params);
304
305 return value;
306 }
307
wlan_crypto_get_peer_param(struct wlan_objmgr_peer * peer,wlan_crypto_param_type param)308 int32_t wlan_crypto_get_peer_param(struct wlan_objmgr_peer *peer,
309 wlan_crypto_param_type param)
310 {
311 int32_t value = -1;
312 struct wlan_crypto_comp_priv *crypto_priv;
313 struct wlan_crypto_params *crypto_params;
314
315 crypto_params = wlan_crypto_peer_get_comp_params(peer,
316 &crypto_priv);
317
318 if (!crypto_params) {
319 crypto_err("crypto_params NULL");
320 return value;
321 }
322 value = wlan_crypto_get_param_value(param, crypto_params);
323
324 return value;
325 }
326 qdf_export_symbol(wlan_crypto_get_peer_param);
327
328 static
329 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params,
330 struct wlan_crypto_pmksa *pmksa);
331
332 static
wlan_crypto_set_pmksa(struct wlan_crypto_params * crypto_params,struct wlan_crypto_pmksa * pmksa)333 QDF_STATUS wlan_crypto_set_pmksa(struct wlan_crypto_params *crypto_params,
334 struct wlan_crypto_pmksa *pmksa)
335 {
336 uint8_t i, first_available_slot = 0;
337 bool slot_found = false;
338
339 /* Delete the old entry and then Add new entry */
340 wlan_crypto_del_pmksa(crypto_params, pmksa);
341
342 /* find the empty slot as duplicate is already deleted */
343 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
344 if (!crypto_params->pmksa[i]) {
345 slot_found = true;
346 first_available_slot = i;
347 break;
348 }
349 }
350
351 if (i == WLAN_CRYPTO_MAX_PMKID && !slot_found) {
352 crypto_err("no entry available for pmksa");
353 return QDF_STATUS_E_INVAL;
354 }
355 crypto_params->pmksa[first_available_slot] = pmksa;
356 crypto_debug("PMKSA: Added the PMKSA entry at index=%d",
357 first_available_slot);
358
359 return QDF_STATUS_SUCCESS;
360 }
361
362 static
wlan_crypto_del_pmksa(struct wlan_crypto_params * crypto_params,struct wlan_crypto_pmksa * pmksa)363 QDF_STATUS wlan_crypto_del_pmksa(struct wlan_crypto_params *crypto_params,
364 struct wlan_crypto_pmksa *pmksa)
365 {
366 uint8_t i, j, valid_entries_in_table = 0;
367 bool match_found = false;
368 u8 del_pmk[MAX_PMK_LEN] = {0};
369
370 /* find slot with same bssid */
371 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
372 if (!crypto_params->pmksa[i])
373 continue;
374
375 valid_entries_in_table++;
376
377 if (!pmksa->ssid_len &&
378 !qdf_is_macaddr_zero(&pmksa->bssid) &&
379 qdf_is_macaddr_equal(&pmksa->bssid,
380 &crypto_params->pmksa[i]->bssid)) {
381 match_found = true;
382 } else if (pmksa->ssid_len &&
383 !qdf_mem_cmp(pmksa->ssid,
384 crypto_params->pmksa[i]->ssid,
385 pmksa->ssid_len) &&
386 !qdf_mem_cmp(pmksa->cache_id,
387 crypto_params->pmksa[i]->cache_id,
388 WLAN_CACHE_ID_LEN)) {
389 match_found = true;
390 }
391
392 if (match_found) {
393 qdf_mem_copy(del_pmk, crypto_params->pmksa[i]->pmk,
394 crypto_params->pmksa[i]->pmk_len);
395 /* Free matching entry */
396 qdf_mem_zero(crypto_params->pmksa[i],
397 sizeof(struct wlan_crypto_pmksa));
398 qdf_mem_free(crypto_params->pmksa[i]);
399 crypto_params->pmksa[i] = NULL;
400 crypto_debug("PMKSA: Deleted PMKSA entry at index=%d",
401 i);
402
403 /* Find and remove the entries matching the pmk */
404 for (j = 0; j < WLAN_CRYPTO_MAX_PMKID; j++) {
405 if (!crypto_params->pmksa[j])
406 continue;
407 if (crypto_params->pmksa[j]->pmk_len &&
408 (!qdf_mem_cmp(crypto_params->pmksa[j]->pmk,
409 del_pmk,
410 crypto_params->pmksa[j]->pmk_len))) {
411 qdf_mem_zero(crypto_params->pmksa[j],
412 sizeof(struct wlan_crypto_pmksa));
413 qdf_mem_free(crypto_params->pmksa[j]);
414 crypto_params->pmksa[j] = NULL;
415 crypto_debug("PMKSA: Deleted PMKSA at idx=%d",
416 j);
417 }
418 }
419 /* reset stored pmk */
420 qdf_mem_zero(del_pmk, MAX_PMK_LEN);
421
422 return QDF_STATUS_SUCCESS;
423 }
424 }
425
426 if (i == WLAN_CRYPTO_MAX_PMKID && !match_found)
427 crypto_debug("No such pmksa entry exists: valid entries:%d",
428 valid_entries_in_table);
429
430 return QDF_STATUS_SUCCESS;
431 }
432
wlan_crypto_pmksa_flush(struct wlan_crypto_params * crypto_params)433 QDF_STATUS wlan_crypto_pmksa_flush(struct wlan_crypto_params *crypto_params)
434 {
435 uint8_t i;
436
437 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
438 if (!crypto_params->pmksa[i])
439 continue;
440 qdf_mem_zero(crypto_params->pmksa[i],
441 sizeof(struct wlan_crypto_pmksa));
442 qdf_mem_free(crypto_params->pmksa[i]);
443 crypto_params->pmksa[i] = NULL;
444 }
445
446 crypto_debug("Flushed the pmksa table");
447
448 return QDF_STATUS_SUCCESS;
449 }
450
wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_pmksa * pmksa,bool set)451 QDF_STATUS wlan_crypto_set_del_pmksa(struct wlan_objmgr_vdev *vdev,
452 struct wlan_crypto_pmksa *pmksa,
453 bool set)
454 {
455 QDF_STATUS status = QDF_STATUS_E_INVAL;
456 struct wlan_crypto_comp_priv *crypto_priv;
457 struct wlan_crypto_params *crypto_params;
458 struct wlan_crypto_pmksa *pmkid_cache = NULL;
459 enum QDF_OPMODE op_mode;
460
461 op_mode = wlan_vdev_mlme_get_opmode(vdev);
462
463 if (op_mode != QDF_STA_MODE && op_mode != QDF_SAP_MODE)
464 return QDF_STATUS_E_NOSUPPORT;
465
466 if (!pmksa && set) {
467 crypto_err("pmksa is NULL for set operation");
468 return QDF_STATUS_E_INVAL;
469 }
470 crypto_priv = (struct wlan_crypto_comp_priv *)
471 wlan_get_vdev_crypto_obj(vdev);
472
473 if (!crypto_priv) {
474 crypto_err("crypto_priv NULL");
475 return QDF_STATUS_E_INVAL;
476 }
477
478 crypto_params = &crypto_priv->crypto_params;
479 if (set) {
480 pmkid_cache = wlan_crypto_get_pmksa(vdev, &pmksa->bssid);
481 if (pmkid_cache && (pmksa->pmk_len &&
482 pmksa->pmk_len == pmkid_cache->pmk_len &&
483 !qdf_mem_cmp(pmkid_cache->pmk, pmksa->pmk,
484 pmksa->pmk_len))) {
485 crypto_debug("PMKSA entry found with same PMK");
486 pmkid_cache = NULL;
487 return QDF_STATUS_E_EXISTS;
488 }
489
490 status = wlan_crypto_set_pmksa(crypto_params, pmksa);
491 /* Set pmksa */
492 } else {
493 /* del pmksa */
494 if (!pmksa)
495 status = wlan_crypto_pmksa_flush(crypto_params);
496 else
497 status = wlan_crypto_del_pmksa(crypto_params, pmksa);
498 }
499
500 return status;
501 }
502
wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_pmksa * pmksa)503 QDF_STATUS wlan_crypto_update_pmk_cache_ft(struct wlan_objmgr_vdev *vdev,
504 struct wlan_crypto_pmksa *pmksa)
505 {
506 QDF_STATUS status = QDF_STATUS_E_INVAL;
507 struct wlan_crypto_pmksa *cached_pmksa;
508 struct wlan_crypto_comp_priv *crypto_priv;
509 struct wlan_crypto_params *crypto_params;
510 uint8_t mdie_present, i;
511 uint16_t mobility_domain;
512
513 if (!pmksa) {
514 crypto_err("pmksa is NULL for set operation");
515 return status;
516 }
517
518 crypto_priv = (struct wlan_crypto_comp_priv *)
519 wlan_get_vdev_crypto_obj(vdev);
520 if (!crypto_priv) {
521 crypto_err("crypto_priv NULL");
522 return status;
523 }
524
525 crypto_params = &crypto_priv->crypto_params;
526
527 if (pmksa->mdid.mdie_present) {
528 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
529 if (!crypto_params->pmksa[i])
530 continue;
531 cached_pmksa = crypto_params->pmksa[i];
532 mdie_present = cached_pmksa->mdid.mdie_present;
533 mobility_domain = cached_pmksa->mdid.mobility_domain;
534
535 /* In FT connection when STA connects to AP1 then PMK1
536 * gets cached. And if STA disconnects from AP1 and
537 * connects to AP2 then PMK2 gets cached. This will
538 * result in having multiple PMK cache entries for the
539 * same MDID. So delete the old/stale PMK cache entries
540 * for the same mobility domain as of the newly added
541 * entry. And Update the MDID for the matching BSSID or
542 * SSID PMKSA entry.
543 */
544 if (qdf_is_macaddr_equal
545 (&cached_pmksa->bssid, &pmksa->bssid)) {
546 cached_pmksa->mdid.mdie_present = 1;
547 cached_pmksa->mdid.mobility_domain =
548 pmksa->mdid.mobility_domain;
549 crypto_debug("Updated the MDID at index=%d", i);
550 status = QDF_STATUS_SUCCESS;
551 } else if (pmksa->ssid_len &&
552 !qdf_mem_cmp(pmksa->ssid,
553 cached_pmksa->ssid,
554 pmksa->ssid_len) &&
555 !qdf_mem_cmp(pmksa->cache_id,
556 cached_pmksa->cache_id,
557 WLAN_CACHE_ID_LEN)) {
558 cached_pmksa->mdid.mdie_present = 1;
559 cached_pmksa->mdid.mobility_domain =
560 pmksa->mdid.mobility_domain;
561 crypto_debug("Updated the MDID at index=%d", i);
562 status = QDF_STATUS_SUCCESS;
563 } else if (mdie_present &&
564 (pmksa->mdid.mobility_domain ==
565 mobility_domain)) {
566 qdf_mem_zero(crypto_params->pmksa[i],
567 sizeof(struct wlan_crypto_pmksa));
568 qdf_mem_free(crypto_params->pmksa[i]);
569 crypto_params->pmksa[i] = NULL;
570 crypto_debug("Deleted PMKSA at index=%d", i);
571 status = QDF_STATUS_SUCCESS;
572 }
573 }
574 }
575 return status;
576 }
577
578 struct wlan_crypto_pmksa *
wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_pmksa * pmksa)579 wlan_crypto_get_peer_pmksa(struct wlan_objmgr_vdev *vdev,
580 struct wlan_crypto_pmksa *pmksa)
581 {
582 struct wlan_crypto_comp_priv *crypto_priv;
583 struct wlan_crypto_params *crypto_params;
584 uint8_t i;
585
586 if (!pmksa) {
587 crypto_err("pmksa is NULL");
588 return NULL;
589 }
590 crypto_priv = (struct wlan_crypto_comp_priv *)
591 wlan_get_vdev_crypto_obj(vdev);
592
593 if (!crypto_priv) {
594 crypto_err("crypto_priv NULL");
595 return NULL;
596 }
597
598 crypto_params = &crypto_priv->crypto_params;
599
600 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
601 if (!crypto_params->pmksa[i])
602 continue;
603
604 if (pmksa->ssid_len &&
605 !qdf_mem_cmp(pmksa->ssid,
606 crypto_params->pmksa[i]->ssid,
607 pmksa->ssid_len) &&
608 !qdf_mem_cmp(pmksa->cache_id,
609 crypto_params->pmksa[i]->cache_id,
610 WLAN_CACHE_ID_LEN)) {
611 return crypto_params->pmksa[i];
612 } else if (!pmksa->ssid_len &&
613 !qdf_is_macaddr_zero(&pmksa->bssid) &&
614 qdf_is_macaddr_equal(&pmksa->bssid,
615 &crypto_params->pmksa[i]->bssid)) {
616 return crypto_params->pmksa[i];
617 }
618 }
619
620 return NULL;
621 }
622
623 struct wlan_crypto_pmksa *
wlan_crypto_get_pmksa(struct wlan_objmgr_vdev * vdev,struct qdf_mac_addr * bssid)624 wlan_crypto_get_pmksa(struct wlan_objmgr_vdev *vdev, struct qdf_mac_addr *bssid)
625 {
626 struct wlan_crypto_comp_priv *crypto_priv;
627 struct wlan_crypto_params *crypto_params;
628 uint8_t i;
629
630 if (!bssid) {
631 crypto_err("bssid is NULL");
632 return NULL;
633 }
634 crypto_priv = (struct wlan_crypto_comp_priv *)
635 wlan_get_vdev_crypto_obj(vdev);
636
637 if (!crypto_priv) {
638 crypto_err("crypto_priv NULL");
639 return NULL;
640 }
641
642 crypto_params = &crypto_priv->crypto_params;
643
644 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
645 if (!crypto_params->pmksa[i])
646 continue;
647 if (qdf_is_macaddr_equal(bssid,
648 &crypto_params->pmksa[i]->bssid)) {
649 crypto_debug("PMKSA: Entry found at index %d", i);
650 return crypto_params->pmksa[i];
651 }
652 }
653
654 return NULL;
655 }
656
657 struct wlan_crypto_pmksa *
wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev * vdev,uint8_t * cache_id,uint8_t * ssid,uint8_t ssid_len)658 wlan_crypto_get_fils_pmksa(struct wlan_objmgr_vdev *vdev,
659 uint8_t *cache_id, uint8_t *ssid,
660 uint8_t ssid_len)
661 {
662 struct wlan_crypto_comp_priv *crypto_priv;
663 struct wlan_crypto_params *crypto_params;
664 uint8_t i;
665
666 crypto_priv = (struct wlan_crypto_comp_priv *)
667 wlan_get_vdev_crypto_obj(vdev);
668
669 if (!crypto_priv) {
670 crypto_err("crypto_priv NULL");
671 return NULL;
672 }
673
674 crypto_params = &crypto_priv->crypto_params;
675 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
676 if (!crypto_params->pmksa[i])
677 continue;
678
679 if (!qdf_mem_cmp(cache_id,
680 crypto_params->pmksa[i]->cache_id,
681 WLAN_CACHE_ID_LEN) &&
682 !qdf_mem_cmp(ssid, crypto_params->pmksa[i]->ssid,
683 ssid_len) &&
684 ssid_len == crypto_params->pmksa[i]->ssid_len)
685 return crypto_params->pmksa[i];
686 }
687
688 return NULL;
689 }
690
wlan_crypto_is_htallowed(struct wlan_objmgr_vdev * vdev,struct wlan_objmgr_peer * peer)691 uint8_t wlan_crypto_is_htallowed(struct wlan_objmgr_vdev *vdev,
692 struct wlan_objmgr_peer *peer)
693 {
694 int32_t ucast_cipher;
695
696 if (!(vdev || peer)) {
697 crypto_err("Invalid params");
698 return 0;
699 }
700
701 if (vdev)
702 ucast_cipher = wlan_crypto_get_param(vdev,
703 WLAN_CRYPTO_PARAM_UCAST_CIPHER);
704 else
705 ucast_cipher = wlan_crypto_get_peer_param(peer,
706 WLAN_CRYPTO_PARAM_UCAST_CIPHER);
707
708 if (ucast_cipher == -1) {
709 crypto_err("Invalid params");
710 return 0;
711 }
712
713 return (ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_WEP)) ||
714 ((ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_TKIP)) &&
715 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM)) &&
716 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM)) &&
717 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_GCM_256)) &&
718 !(ucast_cipher & (1 << WLAN_CRYPTO_CIPHER_AES_CCM_256)));
719 }
720 qdf_export_symbol(wlan_crypto_is_htallowed);
721
722 /**
723 * wlan_crypto_store_def_keyix - store default keyix
724 * @vdev: vdev
725 * @object: Peer object
726 * @arg: Argument passed by caller
727 *
728 * This function gets called from wlan_crypto_setkey
729 *
730 * Return: None
731 */
wlan_crypto_store_def_keyix(struct wlan_objmgr_vdev * vdev,void * object,void * arg)732 static void wlan_crypto_store_def_keyix(struct wlan_objmgr_vdev *vdev,
733 void *object, void *arg)
734 {
735 struct wlan_objmgr_peer *peer = object;
736 struct wlan_crypto_comp_priv *crypto_priv;
737 struct wlan_crypto_params *crypto_params;
738
739 uint16_t kid = *(uint16_t *)arg;
740
741 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv);
742 if (!crypto_priv) {
743 crypto_err("crypto_priv NULL");
744 return;
745 }
746 crypto_priv->crypto_key.def_tx_keyid = kid;
747 }
748
749 /**
750 * wlan_crypto_setkey - called by ucfg to setkey
751 * @vdev: vdev
752 * @req_key: req_key with cipher type, key macaddress
753 *
754 * This function gets called from ucfg to sey key
755 *
756 * Return: QDF_STATUS_SUCCESS - in case of success
757 */
wlan_crypto_setkey(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_req_key * req_key)758 QDF_STATUS wlan_crypto_setkey(struct wlan_objmgr_vdev *vdev,
759 struct wlan_crypto_req_key *req_key)
760 {
761 QDF_STATUS status = QDF_STATUS_E_INVAL;
762 struct wlan_crypto_comp_priv *crypto_priv;
763 struct wlan_crypto_params *crypto_params;
764 struct wlan_objmgr_psoc *psoc;
765 struct wlan_objmgr_peer *peer = NULL;
766 struct wlan_crypto_key *key = NULL;
767 struct wlan_crypto_keys *priv_key = NULL;
768 const struct wlan_crypto_cipher *cipher;
769 uint8_t macaddr[QDF_MAC_ADDR_SIZE] =
770 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
771 bool isbcast;
772 enum QDF_OPMODE vdev_mode;
773 uint8_t igtk_idx = 0;
774 uint8_t bigtk_idx = 0;
775 struct wlan_lmac_if_tx_ops *tx_ops;
776
777 if (!vdev || !req_key || req_key->keylen > (sizeof(req_key->keydata))) {
778 crypto_err("Invalid params vdev%pK, req_key%pK", vdev, req_key);
779 return QDF_STATUS_E_INVAL;
780 }
781
782 isbcast = qdf_is_macaddr_group(
783 (struct qdf_mac_addr *)req_key->macaddr);
784 if ((req_key->keylen == 0) && !IS_FILS_CIPHER(req_key->type)) {
785 /* zero length keys, only set default key id if flags are set*/
786 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT)
787 && (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE)
788 && (!IS_MGMT_CIPHER(req_key->type))) {
789 wlan_crypto_default_key(vdev,
790 req_key->macaddr,
791 req_key->keyix,
792 !isbcast);
793 return QDF_STATUS_SUCCESS;
794 }
795 crypto_err("req_key len zero");
796 return QDF_STATUS_CRYPTO_INVALID_KEYLEN;
797 }
798
799 cipher = wlan_crypto_cipher_ops[req_key->type];
800
801 if (!cipher && !IS_MGMT_CIPHER(req_key->type)) {
802 crypto_err("cipher invalid");
803 return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE;
804 }
805
806 if (cipher && (!IS_FILS_CIPHER(req_key->type)) &&
807 (!IS_MGMT_CIPHER(req_key->type)) &&
808 ((req_key->keylen != (cipher->keylen / CRYPTO_NBBY)) &&
809 (req_key->type != WLAN_CRYPTO_CIPHER_WEP))) {
810 crypto_err("cipher invalid");
811 return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE;
812 } else if ((req_key->type == WLAN_CRYPTO_CIPHER_WEP) &&
813 !((req_key->keylen == WLAN_CRYPTO_KEY_WEP40_LEN)
814 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP104_LEN)
815 || (req_key->keylen == WLAN_CRYPTO_KEY_WEP128_LEN))) {
816 crypto_err("wep key len invalid. keylen: %d", req_key->keylen);
817 return QDF_STATUS_CRYPTO_INVALID_KEYLEN;
818 }
819
820 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE) {
821 if (req_key->flags != (WLAN_CRYPTO_KEY_XMIT
822 | WLAN_CRYPTO_KEY_RECV)) {
823 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT
824 | WLAN_CRYPTO_KEY_RECV);
825 }
826 } else {
827 if ((req_key->keyix >= WLAN_CRYPTO_MAX_VLANKEYIX)
828 && (!IS_MGMT_CIPHER(req_key->type))) {
829 return QDF_STATUS_CRYPTO_INVALID_KEYID;
830 }
831
832 req_key->flags |= (WLAN_CRYPTO_KEY_XMIT
833 | WLAN_CRYPTO_KEY_RECV);
834 if (isbcast)
835 req_key->flags |= WLAN_CRYPTO_KEY_GROUP;
836 }
837
838 vdev_mode = wlan_vdev_mlme_get_opmode(vdev);
839
840 wlan_vdev_obj_lock(vdev);
841 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev),
842 QDF_MAC_ADDR_SIZE);
843 psoc = wlan_vdev_get_psoc(vdev);
844 if (!psoc) {
845 wlan_vdev_obj_unlock(vdev);
846 crypto_err("psoc NULL");
847 return QDF_STATUS_E_INVAL;
848 }
849 wlan_vdev_obj_unlock(vdev);
850
851 if (req_key->type == WLAN_CRYPTO_CIPHER_WEP) {
852 if (wlan_crypto_vdev_has_auth_mode(vdev,
853 (1 << WLAN_CRYPTO_AUTH_8021X))) {
854 req_key->flags |= WLAN_CRYPTO_KEY_DEFAULT;
855 }
856 }
857
858 if (isbcast) {
859 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
860 &crypto_priv);
861 if (!crypto_priv) {
862 crypto_err("crypto_priv NULL");
863 return QDF_STATUS_E_INVAL;
864 }
865
866 priv_key = &crypto_priv->crypto_key;
867
868 if (IS_MGMT_CIPHER(req_key->type)) {
869 struct wlan_crypto_key *crypto_key = NULL;
870
871 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX;
872 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX;
873 if (!is_igtk(req_key->keyix) &&
874 !(is_bigtk(req_key->keyix))) {
875 crypto_err("igtk/bigtk key invalid keyid %d",
876 req_key->keyix);
877 return QDF_STATUS_CRYPTO_INVALID_KEYID;
878 }
879 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key));
880 if (!key)
881 return QDF_STATUS_E_NOMEM;
882
883
884 if (is_igtk(req_key->keyix)) {
885 crypto_key = priv_key->igtk_key[igtk_idx];
886 if (crypto_key)
887 qdf_mem_free(crypto_key);
888
889 priv_key->igtk_key[igtk_idx] = key;
890 priv_key->igtk_key_type = req_key->type;
891 priv_key->def_igtk_tx_keyid = igtk_idx;
892 bigtk_idx = 0;
893 } else {
894 crypto_key = priv_key->bigtk_key[bigtk_idx];
895 if (crypto_key)
896 qdf_mem_free(crypto_key);
897
898 priv_key->bigtk_key[bigtk_idx] = key;
899 priv_key->def_bigtk_tx_keyid = bigtk_idx;
900 igtk_idx = 0;
901 }
902 } else {
903 if (IS_FILS_CIPHER(req_key->type)) {
904 crypto_err("FILS key is not for BroadCast pkt");
905 return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE;
906 }
907 if (!HAS_MCAST_CIPHER(crypto_params, req_key->type)
908 && (req_key->type != WLAN_CRYPTO_CIPHER_WEP)) {
909 return QDF_STATUS_CRYPTO_INVALID_CIPHERTYPE;
910 }
911 if (!priv_key->key[req_key->keyix]) {
912 priv_key->key[req_key->keyix]
913 = qdf_mem_malloc(
914 sizeof(struct wlan_crypto_key));
915 if (!priv_key->key[req_key->keyix])
916 return QDF_STATUS_E_NOMEM;
917 }
918 key = priv_key->key[req_key->keyix];
919 priv_key->def_tx_keyid = req_key->keyix;
920 }
921 if (vdev_mode == QDF_STA_MODE) {
922 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev,
923 WLAN_CRYPTO_ID);
924 if (!peer) {
925 crypto_err("peer NULL");
926 if (IS_MGMT_CIPHER(req_key->type)) {
927 priv_key->igtk_key[igtk_idx] = NULL;
928 priv_key->bigtk_key[bigtk_idx]
929 = NULL;
930 priv_key->igtk_key_type
931 = WLAN_CRYPTO_CIPHER_NONE;
932 } else
933 priv_key->key[req_key->keyix] = NULL;
934 if (key)
935 qdf_mem_free(key);
936 return QDF_STATUS_E_INVAL;
937 }
938 qdf_mem_copy(macaddr, wlan_peer_get_macaddr(peer),
939 QDF_MAC_ADDR_SIZE);
940 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
941 peer = NULL;
942 }
943 } else {
944 uint8_t pdev_id;
945
946 pdev_id = wlan_objmgr_pdev_get_pdev_id(
947 wlan_vdev_get_pdev(vdev));
948 peer = wlan_objmgr_get_peer_by_mac_n_vdev(
949 psoc,
950 pdev_id,
951 macaddr,
952 req_key->macaddr,
953 WLAN_CRYPTO_ID);
954
955 if (!peer) {
956 crypto_err("peer NULL");
957 return QDF_STATUS_E_INVAL;
958 }
959
960 qdf_mem_copy(macaddr, req_key->macaddr, QDF_MAC_ADDR_SIZE);
961 crypto_params = wlan_crypto_peer_get_comp_params(peer,
962 &crypto_priv);
963
964 if (!crypto_priv) {
965 crypto_err("crypto_priv NULL");
966 status = QDF_STATUS_E_INVAL;
967 goto err;
968 }
969
970 priv_key = &crypto_priv->crypto_key;
971
972 if (IS_MGMT_CIPHER(req_key->type)) {
973 struct wlan_crypto_key *crypto_key = NULL;
974
975 igtk_idx = req_key->keyix - WLAN_CRYPTO_MAXKEYIDX;
976 bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX;
977
978 if (!is_igtk(req_key->keyix) &&
979 !(is_bigtk(req_key->keyix))) {
980 crypto_err("igtk/bigtk key invalid keyid %d",
981 req_key->keyix);
982 status = QDF_STATUS_CRYPTO_INVALID_KEYID;
983 goto err;
984 }
985 key = qdf_mem_malloc(sizeof(struct wlan_crypto_key));
986 if (!key) {
987 status = QDF_STATUS_E_NOMEM;
988 goto err;
989 }
990
991 if (is_igtk(req_key->keyix)) {
992 crypto_key = priv_key->igtk_key[igtk_idx];
993 if (crypto_key)
994 qdf_mem_free(crypto_key);
995
996 priv_key->igtk_key[igtk_idx] = key;
997 priv_key->igtk_key_type = req_key->type;
998 priv_key->def_igtk_tx_keyid = igtk_idx;
999 } else {
1000 crypto_key = priv_key->bigtk_key[bigtk_idx];
1001 if (crypto_key)
1002 qdf_mem_free(crypto_key);
1003
1004 priv_key->bigtk_key[bigtk_idx] = key;
1005 priv_key->def_bigtk_tx_keyid = bigtk_idx;
1006 }
1007 } else {
1008 uint16_t kid = req_key->keyix;
1009 if (kid == WLAN_CRYPTO_KEYIX_NONE)
1010 kid = 0;
1011 if (kid >= WLAN_CRYPTO_MAX_VLANKEYIX) {
1012 crypto_err("invalid keyid %d", kid);
1013 status = QDF_STATUS_CRYPTO_INVALID_KEYID;
1014 goto err;
1015 }
1016 if (!priv_key->key[kid]) {
1017 priv_key->key[kid]
1018 = qdf_mem_malloc(
1019 sizeof(struct wlan_crypto_key));
1020 if (!priv_key->key[kid]) {
1021 status = QDF_STATUS_E_NOMEM;
1022 goto err;
1023 }
1024 }
1025 key = priv_key->key[kid];
1026 }
1027 }
1028
1029 /* alloc key might not required as it is already there */
1030 key->cipher_table = (void *)cipher;
1031 key->keylen = req_key->keylen;
1032 key->flags = req_key->flags;
1033
1034 if (req_key->keyix == WLAN_CRYPTO_KEYIX_NONE)
1035 key->keyix = 0;
1036 else
1037 key->keyix = req_key->keyix;
1038
1039 if (req_key->flags & WLAN_CRYPTO_KEY_DEFAULT
1040 && (!IS_MGMT_CIPHER(req_key->type))) {
1041 crypto_priv->crypto_key.def_tx_keyid = key->keyix;
1042 key->flags |= WLAN_CRYPTO_KEY_DEFAULT;
1043 }
1044 if ((req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4)
1045 || (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_GCM4)) {
1046 uint8_t iv_AP[16] = { 0x5c, 0x36, 0x5c, 0x36,
1047 0x5c, 0x36, 0x5c, 0x36,
1048 0x5c, 0x36, 0x5c, 0x36,
1049 0x5c, 0x36, 0x5c, 0x37};
1050 uint8_t iv_STA[16] = { 0x5c, 0x36, 0x5c, 0x36,
1051 0x5c, 0x36, 0x5c, 0x36,
1052 0x5c, 0x36, 0x5c, 0x36,
1053 0x5c, 0x36, 0x5c, 0x36};
1054
1055 /* During Tx PN should be increment and
1056 * send but as per our implementation we increment only after
1057 * Tx complete. So First packet PN check will be failed.
1058 * To compensate increment the PN here by 2
1059 */
1060 if (vdev_mode == QDF_SAP_MODE) {
1061 iv_AP[15] += 2;
1062 qdf_mem_copy(key->recviv, iv_STA,
1063 WLAN_CRYPTO_WAPI_IV_SIZE);
1064 qdf_mem_copy(key->txiv, iv_AP,
1065 WLAN_CRYPTO_WAPI_IV_SIZE);
1066 } else {
1067 iv_STA[15] += 2;
1068 qdf_mem_copy(key->recviv, iv_AP,
1069 WLAN_CRYPTO_WAPI_IV_SIZE);
1070 qdf_mem_copy(key->txiv, iv_STA,
1071 WLAN_CRYPTO_WAPI_IV_SIZE);
1072 }
1073 } else {
1074 uint8_t i = 0;
1075 qdf_mem_copy((uint8_t *)(&key->keytsc),
1076 (uint8_t *)(&req_key->keytsc), sizeof(key->keytsc));
1077 for (i = 0; i < WLAN_CRYPTO_TID_SIZE; i++) {
1078 qdf_mem_copy((uint8_t *)(&key->keyrsc[i]),
1079 (uint8_t *)(&req_key->keyrsc),
1080 sizeof(key->keyrsc[0]));
1081 }
1082 }
1083
1084 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
1085 if (!tx_ops) {
1086 crypto_err("tx_ops is NULL");
1087 status = QDF_STATUS_E_INVAL;
1088 goto err;
1089 }
1090
1091 qdf_mem_copy(key->keyval, req_key->keydata, sizeof(key->keyval));
1092 key->valid = 1;
1093 if ((IS_MGMT_CIPHER(req_key->type))) {
1094 uint32_t mgmt_cipher = 0;
1095
1096 if (HAS_CIPHER_CAP(crypto_params,
1097 WLAN_CRYPTO_CAP_PMF_OFFLOAD) ||
1098 is_bigtk(req_key->keyix)) {
1099 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
1100 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev,
1101 key, macaddr, req_key->type);
1102 }
1103 }
1104 QDF_SET_PARAM(mgmt_cipher, req_key->type);
1105 wlan_crypto_set_mgmtcipher(crypto_params, mgmt_cipher);
1106 status = wlan_crypto_set_igtk_key(key);
1107 } else if (IS_FILS_CIPHER(req_key->type)) {
1108 /* Take request key object to FILS setkey */
1109 key->private = req_key;
1110 } else {
1111 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
1112 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(vdev, key,
1113 macaddr,
1114 req_key->type)) {
1115 status = QDF_STATUS_E_INVAL;
1116 goto err;
1117 }
1118 }
1119 }
1120 if (cipher)
1121 status = cipher->setkey(key);
1122
1123 if ((req_key->flags & WLAN_CRYPTO_KEY_DEFAULT) &&
1124 (req_key->keyix != WLAN_CRYPTO_KEYIX_NONE) &&
1125 (!IS_MGMT_CIPHER(req_key->type)) && isbcast) {
1126 /* default xmit key */
1127 wlan_crypto_default_key(vdev,
1128 req_key->macaddr,
1129 req_key->keyix,
1130 !isbcast);
1131 /*Iterate through the peer list on this vdev
1132 *and store the keyix in the peer's crypto_priv
1133 */
1134 wlan_objmgr_iterate_peerobj_list(vdev,
1135 wlan_crypto_store_def_keyix,
1136 (void *)&req_key->keyix,
1137 WLAN_CRYPTO_ID);
1138
1139 }
1140 err:
1141 if (peer)
1142 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1143 return status;
1144 }
1145
1146 /**
1147 * wlan_crypto_get_key_type - get keytype
1148 * @key: key
1149 *
1150 * This function gets keytype from key
1151 *
1152 * Return: keytype
1153 */
wlan_crypto_get_key_type(struct wlan_crypto_key * key)1154 wlan_crypto_cipher_type wlan_crypto_get_key_type(struct wlan_crypto_key *key)
1155 {
1156 if (key && key->cipher_table) {
1157 return ((struct wlan_crypto_cipher *)
1158 (key->cipher_table))->cipher;
1159 }
1160 return WLAN_CRYPTO_CIPHER_NONE;
1161 }
1162 qdf_export_symbol(wlan_crypto_get_key_type);
1163
wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev * vdev,uint16_t keyix)1164 struct wlan_crypto_key *wlan_crypto_vdev_getkey(struct wlan_objmgr_vdev *vdev,
1165 uint16_t keyix)
1166 {
1167 struct wlan_crypto_comp_priv *crypto_priv;
1168 struct wlan_crypto_params *crypto_params;
1169 struct wlan_crypto_key *key = NULL;
1170 struct wlan_crypto_keys *priv_key = NULL;
1171
1172 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
1173
1174 if (!crypto_priv) {
1175 crypto_err("crypto_priv NULL");
1176 return NULL;
1177 }
1178
1179 priv_key = &crypto_priv->crypto_key;
1180
1181 /* for keyix 4,5 we return the igtk keys for keyix more than 5
1182 * we return the default key, for all other keyix we return the
1183 * key accordingly.
1184 */
1185 if ((keyix == WLAN_CRYPTO_KEYIX_NONE) ||
1186 !is_valid_keyix(keyix))
1187 key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid];
1188 else if (is_bigtk(keyix))
1189 key = priv_key->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX
1190 - WLAN_CRYPTO_MAXIGTKKEYIDX];
1191 else if (is_igtk(keyix))
1192 key = priv_key->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX];
1193 else
1194 key = priv_key->key[keyix];
1195
1196 if (key && key->valid)
1197 return key;
1198
1199 return NULL;
1200 }
1201 qdf_export_symbol(wlan_crypto_vdev_getkey);
1202
wlan_crypto_peer_getkey(struct wlan_objmgr_peer * peer,uint16_t keyix)1203 struct wlan_crypto_key *wlan_crypto_peer_getkey(struct wlan_objmgr_peer *peer,
1204 uint16_t keyix)
1205 {
1206 struct wlan_crypto_comp_priv *crypto_priv;
1207 struct wlan_crypto_params *crypto_params;
1208 struct wlan_crypto_key *key = NULL;
1209 struct wlan_crypto_keys *priv_key = NULL;
1210
1211 crypto_params = wlan_crypto_peer_get_comp_params(peer, &crypto_priv);
1212
1213 if (!crypto_priv) {
1214 crypto_err("crypto_priv NULL");
1215 return NULL;
1216 }
1217
1218 priv_key = &crypto_priv->crypto_key;
1219
1220 /* for keyix 4,5 we return the igtk keys for keyix more than 5
1221 * we return the default key, for all other keyix we return the
1222 * key accordingly.
1223 */
1224 if (keyix == WLAN_CRYPTO_KEYIX_NONE ||
1225 !is_valid_keyix(keyix))
1226 key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid];
1227 else if (is_bigtk(keyix))
1228 key = priv_key->bigtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX
1229 - WLAN_CRYPTO_MAXIGTKKEYIDX];
1230 else if (is_igtk(keyix))
1231 key = priv_key->igtk_key[keyix - WLAN_CRYPTO_MAXKEYIDX];
1232 else
1233 key = priv_key->key[keyix];
1234
1235 if (key && key->valid)
1236 return key;
1237
1238 return NULL;
1239 }
1240 qdf_export_symbol(wlan_crypto_peer_getkey);
1241
wlan_crypto_getkey(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_req_key * req_key,uint8_t * mac_addr)1242 QDF_STATUS wlan_crypto_getkey(struct wlan_objmgr_vdev *vdev,
1243 struct wlan_crypto_req_key *req_key,
1244 uint8_t *mac_addr)
1245 {
1246 struct wlan_crypto_cipher *cipher_table;
1247 struct wlan_crypto_key *key;
1248 struct wlan_objmgr_psoc *psoc;
1249 struct wlan_lmac_if_tx_ops *tx_ops;
1250 struct wlan_lmac_if_rx_ops *rx_ops;
1251 uint8_t macaddr[QDF_MAC_ADDR_SIZE] =
1252 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1253 QDF_STATUS status = QDF_STATUS_E_INVAL;
1254 struct wlan_objmgr_peer *peer = NULL;
1255 uint8_t pdev_id;
1256 uint16_t get_pn_enable;
1257 bool is_bcast;
1258 uint8_t *pn_mac_addr;
1259
1260 if (!req_key) {
1261 crypto_err("req_key NULL");
1262 return QDF_STATUS_E_INVAL;
1263 }
1264
1265 get_pn_enable = req_key->flags & WLAN_CRYPTO_KEY_GET_PN;
1266
1267 wlan_vdev_obj_lock(vdev);
1268 qdf_mem_copy(macaddr, wlan_vdev_mlme_get_macaddr(vdev),
1269 QDF_MAC_ADDR_SIZE);
1270 psoc = wlan_vdev_get_psoc(vdev);
1271 if (!psoc) {
1272 wlan_vdev_obj_unlock(vdev);
1273 crypto_err("psoc NULL");
1274 return QDF_STATUS_E_INVAL;
1275 }
1276 wlan_vdev_obj_unlock(vdev);
1277
1278 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
1279 if (!tx_ops) {
1280 crypto_err("tx_ops is NULL");
1281 return QDF_STATUS_E_INVAL;
1282 }
1283
1284 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc);
1285 if (!rx_ops) {
1286 crypto_err("rx_ops is NULL");
1287 return QDF_STATUS_E_INVAL;
1288 }
1289 is_bcast = qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr);
1290
1291 if (is_bcast) {
1292 key = wlan_crypto_vdev_getkey(vdev, req_key->keyix);
1293 if (!key)
1294 return QDF_STATUS_E_INVAL;
1295 } else {
1296
1297 pdev_id = wlan_objmgr_pdev_get_pdev_id(
1298 wlan_vdev_get_pdev(vdev));
1299 peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1300 psoc,
1301 pdev_id,
1302 macaddr,
1303 mac_addr,
1304 WLAN_CRYPTO_ID);
1305 if (!peer) {
1306 crypto_err("peer NULL");
1307 return QDF_STATUS_E_NOENT;
1308 }
1309 key = wlan_crypto_peer_getkey(peer, req_key->keyix);
1310
1311 if (!key) {
1312 crypto_err("Key is NULL");
1313 status = QDF_STATUS_E_INVAL;
1314 goto err;
1315 }
1316 }
1317
1318 if (key->valid) {
1319 qdf_mem_copy(req_key->keydata,
1320 key->keyval, key->keylen);
1321 req_key->keylen = key->keylen;
1322 req_key->keyix = key->keyix;
1323 req_key->flags = key->flags;
1324
1325 if (is_igtk(req_key->keyix) || is_bigtk(req_key->keyix)) {
1326 req_key->type = key->cipher_type;
1327 } else {
1328 cipher_table = key->cipher_table;
1329
1330 if (!cipher_table) {
1331 status = QDF_STATUS_SUCCESS;
1332 goto err;
1333 }
1334
1335 req_key->type = cipher_table->cipher;
1336 }
1337
1338 if (req_key->type == WLAN_CRYPTO_CIPHER_WAPI_SMS4) {
1339 qdf_mem_copy((uint8_t *)(&req_key->txiv),
1340 (uint8_t *)(key->txiv),
1341 sizeof(req_key->txiv));
1342 qdf_mem_copy((uint8_t *)(&req_key->recviv),
1343 (uint8_t *)(key->recviv),
1344 sizeof(req_key->recviv));
1345 }
1346
1347 if (get_pn_enable) {
1348 pn_mac_addr = ((is_gtk(req_key->keyix) ||
1349 is_bigtk(req_key->keyix)) && is_bcast) ?
1350 macaddr : mac_addr;
1351
1352 if (WLAN_CRYPTO_TX_OPS_GETPN(tx_ops))
1353 WLAN_CRYPTO_TX_OPS_GETPN(tx_ops)(vdev,
1354 pn_mac_addr,
1355 req_key->keyix,
1356 req_key->type);
1357 if (WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops))
1358 WLAN_CRYPTO_RX_OPS_GET_RXPN(&rx_ops->crypto_rx_ops)(
1359 vdev, mac_addr, req_key->keyix);
1360
1361 qdf_mem_copy((uint8_t *)(&req_key->keytsc),
1362 (uint8_t *)(&key->keytsc),
1363 sizeof(req_key->keytsc));
1364 qdf_mem_copy((uint8_t *)(&req_key->keyrsc),
1365 (uint8_t *)(&key->keyrsc[0]),
1366 sizeof(req_key->keyrsc));
1367 }
1368
1369 }
1370 status = QDF_STATUS_SUCCESS;
1371
1372 err:
1373 if (peer)
1374 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1375
1376 return status;
1377 }
1378
wlan_crypto_delkey(struct wlan_objmgr_vdev * vdev,uint8_t * macaddr,uint8_t key_idx)1379 QDF_STATUS wlan_crypto_delkey(struct wlan_objmgr_vdev *vdev,
1380 uint8_t *macaddr,
1381 uint8_t key_idx)
1382 {
1383 struct wlan_crypto_comp_priv *crypto_priv;
1384 struct wlan_crypto_params *crypto_params;
1385 struct wlan_crypto_key *key;
1386 struct wlan_crypto_cipher *cipher_table;
1387 struct wlan_objmgr_psoc *psoc;
1388 struct wlan_lmac_if_tx_ops *tx_ops;
1389 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1390 struct wlan_objmgr_peer *peer = NULL;
1391 QDF_STATUS ret = QDF_STATUS_SUCCESS;
1392
1393 if (!vdev || !macaddr ||
1394 !is_valid_keyix(key_idx)) {
1395 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d",
1396 vdev, macaddr, key_idx);
1397 return QDF_STATUS_E_INVAL;
1398 }
1399
1400 wlan_vdev_obj_lock(vdev);
1401 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1402 QDF_MAC_ADDR_SIZE);
1403 psoc = wlan_vdev_get_psoc(vdev);
1404 if (!psoc) {
1405 wlan_vdev_obj_unlock(vdev);
1406 crypto_err("psoc NULL");
1407 return QDF_STATUS_E_INVAL;
1408 }
1409 wlan_vdev_obj_unlock(vdev);
1410
1411 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) {
1412 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1413 &crypto_priv);
1414 if (!crypto_priv) {
1415 crypto_err("crypto_priv NULL");
1416 return QDF_STATUS_E_INVAL;
1417 }
1418 } else {
1419 uint8_t pdev_id;
1420
1421 pdev_id = wlan_objmgr_pdev_get_pdev_id(
1422 wlan_vdev_get_pdev(vdev));
1423 peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1424 psoc, pdev_id,
1425 bssid_mac,
1426 macaddr,
1427 WLAN_CRYPTO_ID);
1428 if (!peer) {
1429 return QDF_STATUS_E_INVAL;
1430 }
1431 crypto_params = wlan_crypto_peer_get_comp_params(peer,
1432 &crypto_priv);
1433 if (!crypto_priv) {
1434 crypto_err("crypto_priv NULL");
1435 ret = QDF_STATUS_E_INVAL;
1436 goto ret_rel_ref;
1437 }
1438 }
1439
1440 if (key_idx >= WLAN_CRYPTO_MAXKEYIDX) {
1441 uint8_t igtk_idx = key_idx - WLAN_CRYPTO_MAXKEYIDX;
1442 uint8_t bigtk_idx = igtk_idx - WLAN_CRYPTO_MAXIGTKKEYIDX;
1443
1444 if (!is_igtk(key_idx) && !(is_bigtk(key_idx))) {
1445 crypto_err("igtk/bigtk key invalid keyid %d", key_idx);
1446 ret = QDF_STATUS_E_INVAL;
1447 goto ret_rel_ref;
1448 }
1449 if (is_igtk(key_idx)) {
1450 key = crypto_priv->crypto_key.igtk_key[igtk_idx];
1451 crypto_priv->crypto_key.igtk_key[igtk_idx] = NULL;
1452 } else {
1453 key = crypto_priv->crypto_key.bigtk_key[bigtk_idx];
1454 crypto_priv->crypto_key.bigtk_key[bigtk_idx] = NULL;
1455 }
1456 if (key)
1457 key->valid = 0;
1458 } else {
1459 key = crypto_priv->crypto_key.key[key_idx];
1460 crypto_priv->crypto_key.key[key_idx] = NULL;
1461 }
1462
1463 if (!key) {
1464 ret = QDF_STATUS_E_INVAL;
1465 goto ret_rel_ref;
1466 }
1467
1468 if (key->valid) {
1469 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1470 qdf_mem_zero(key->keyval, sizeof(key->keyval));
1471
1472 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
1473 if (!tx_ops) {
1474 crypto_err("tx_ops is NULL");
1475 ret = QDF_STATUS_E_INVAL;
1476 goto ret_rel_ref;
1477 }
1478
1479 if (!IS_FILS_CIPHER(cipher_table->cipher) &&
1480 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)) {
1481 WLAN_CRYPTO_TX_OPS_DELKEY(tx_ops)(vdev, key, macaddr,
1482 cipher_table->cipher);
1483 } else if (IS_FILS_CIPHER(cipher_table->cipher)) {
1484 if (key->private)
1485 qdf_mem_free(key->private);
1486 }
1487 }
1488
1489 /* Zero-out local key variables */
1490 qdf_mem_zero(key, sizeof(struct wlan_crypto_key));
1491 qdf_mem_free(key);
1492 key = NULL;
1493
1494 ret_rel_ref:
1495 if (peer)
1496 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1497
1498 return ret;
1499 }
1500
1501 #ifdef CRYPTO_SET_KEY_CONVERGED
wlan_crypto_set_default_key(struct wlan_objmgr_vdev * vdev,uint8_t key_idx,uint8_t * macaddr)1502 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev,
1503 uint8_t key_idx, uint8_t *macaddr)
1504 {
1505 return QDF_STATUS_SUCCESS;
1506 }
1507 #else
wlan_crypto_set_default_key(struct wlan_objmgr_vdev * vdev,uint8_t key_idx,uint8_t * macaddr)1508 static QDF_STATUS wlan_crypto_set_default_key(struct wlan_objmgr_vdev *vdev,
1509 uint8_t key_idx, uint8_t *macaddr)
1510 {
1511 struct wlan_objmgr_psoc *psoc;
1512 struct wlan_lmac_if_tx_ops *tx_ops;
1513
1514 psoc = wlan_vdev_get_psoc(vdev);
1515 if (!psoc) {
1516 crypto_err("psoc is NULL");
1517 return QDF_STATUS_E_INVAL;
1518 }
1519
1520 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
1521 if (!tx_ops) {
1522 crypto_err("tx_ops is NULL");
1523 return QDF_STATUS_E_INVAL;
1524 }
1525
1526 if (WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops))
1527 WLAN_CRYPTO_TX_OPS_DEFAULTKEY(tx_ops)(vdev, key_idx, macaddr);
1528
1529 return QDF_STATUS_SUCCESS;
1530 }
1531 #endif
1532
wlan_crypto_default_key(struct wlan_objmgr_vdev * vdev,uint8_t * macaddr,uint8_t key_idx,bool unicast)1533 QDF_STATUS wlan_crypto_default_key(struct wlan_objmgr_vdev *vdev,
1534 uint8_t *macaddr,
1535 uint8_t key_idx,
1536 bool unicast)
1537 {
1538 struct wlan_crypto_comp_priv *crypto_priv;
1539 struct wlan_crypto_params *crypto_params;
1540 struct wlan_crypto_key *key;
1541 struct wlan_objmgr_psoc *psoc;
1542 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1543
1544 if (!vdev || !macaddr || (key_idx >= WLAN_CRYPTO_MAXKEYIDX)) {
1545 crypto_err("Invalid param vdev %pK macaddr %pK keyidx %d",
1546 vdev, macaddr, key_idx);
1547 return QDF_STATUS_E_INVAL;
1548 }
1549
1550 wlan_vdev_obj_lock(vdev);
1551 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1552 QDF_MAC_ADDR_SIZE);
1553 psoc = wlan_vdev_get_psoc(vdev);
1554 if (!psoc) {
1555 wlan_vdev_obj_unlock(vdev);
1556 crypto_err("psoc NULL");
1557 return QDF_STATUS_E_INVAL;
1558 }
1559 wlan_vdev_obj_unlock(vdev);
1560
1561 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)macaddr)) {
1562 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1563 &crypto_priv);
1564 if (!crypto_priv) {
1565 crypto_err("crypto_priv NULL");
1566 return QDF_STATUS_E_INVAL;
1567 }
1568
1569 key = crypto_priv->crypto_key.key[key_idx];
1570 if (!key)
1571 return QDF_STATUS_E_INVAL;
1572 } else {
1573 struct wlan_objmgr_peer *peer;
1574 uint8_t pdev_id;
1575
1576 pdev_id = wlan_objmgr_pdev_get_pdev_id(
1577 wlan_vdev_get_pdev(vdev));
1578 peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1579 psoc, pdev_id,
1580 bssid_mac,
1581 macaddr,
1582 WLAN_CRYPTO_ID);
1583
1584 if (!peer) {
1585 crypto_err("peer NULL");
1586 return QDF_STATUS_E_INVAL;
1587 }
1588 crypto_params = wlan_crypto_peer_get_comp_params(peer,
1589 &crypto_priv);
1590 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1591 if (!crypto_priv) {
1592 crypto_err("crypto_priv NULL");
1593 return QDF_STATUS_E_INVAL;
1594 }
1595
1596 key = crypto_priv->crypto_key.key[key_idx];
1597 if (!key)
1598 return QDF_STATUS_E_INVAL;
1599 }
1600 if (!key->valid)
1601 return QDF_STATUS_E_INVAL;
1602
1603 if (wlan_crypto_set_default_key(vdev, key_idx, macaddr) !=
1604 QDF_STATUS_SUCCESS)
1605 return QDF_STATUS_E_INVAL;
1606 crypto_priv->crypto_key.def_tx_keyid = key_idx;
1607
1608 return QDF_STATUS_SUCCESS;
1609 }
1610
wlan_crypto_encap(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf,uint8_t * mac_addr,uint8_t encapdone)1611 QDF_STATUS wlan_crypto_encap(struct wlan_objmgr_vdev *vdev,
1612 qdf_nbuf_t wbuf,
1613 uint8_t *mac_addr,
1614 uint8_t encapdone)
1615 {
1616 struct wlan_crypto_comp_priv *crypto_priv;
1617 struct wlan_crypto_params *crypto_params;
1618 struct wlan_crypto_key *key;
1619 struct wlan_crypto_keys *priv_key = NULL;
1620 QDF_STATUS status;
1621 struct wlan_crypto_cipher *cipher_table;
1622 struct wlan_objmgr_psoc *psoc;
1623 struct wlan_objmgr_peer *peer;
1624 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1625 uint8_t pdev_id;
1626 uint8_t hdrlen;
1627 enum QDF_OPMODE opmode;
1628
1629 opmode = wlan_vdev_mlme_get_opmode(vdev);
1630 wlan_vdev_obj_lock(vdev);
1631 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1632 QDF_MAC_ADDR_SIZE);
1633 psoc = wlan_vdev_get_psoc(vdev);
1634 if (!psoc) {
1635 wlan_vdev_obj_unlock(vdev);
1636 crypto_err("psoc NULL");
1637 return QDF_STATUS_E_INVAL;
1638 }
1639 wlan_vdev_obj_unlock(vdev);
1640
1641 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev));
1642 /* FILS Encap required only for (Re-)Assoc response */
1643 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID);
1644
1645 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) &&
1646 peer && !wlan_crypto_get_peer_fils_aead(peer)) {
1647 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1648 return QDF_STATUS_E_INVAL;
1649 }
1650
1651 if (peer)
1652 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1653 peer = NULL;
1654
1655 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) {
1656 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1657 &crypto_priv);
1658 if (!crypto_priv) {
1659 crypto_err("crypto_priv NULL");
1660 return QDF_STATUS_E_INVAL;
1661 }
1662
1663 priv_key = &crypto_priv->crypto_key;
1664
1665 key = priv_key->key[priv_key->def_tx_keyid];
1666 if (!key)
1667 return QDF_STATUS_E_INVAL;
1668
1669 } else {
1670 peer = wlan_objmgr_get_peer_by_mac_n_vdev(psoc, pdev_id,
1671 bssid_mac, mac_addr,
1672 WLAN_CRYPTO_ID);
1673 if (!peer) {
1674 crypto_err("crypto_priv NULL");
1675 return QDF_STATUS_E_INVAL;
1676 }
1677
1678 crypto_params = wlan_crypto_peer_get_comp_params(peer,
1679 &crypto_priv);
1680
1681 if (!crypto_priv) {
1682 crypto_err("crypto_priv NULL");
1683 status = QDF_STATUS_E_INVAL;
1684 goto err;
1685 }
1686
1687 priv_key = &crypto_priv->crypto_key;
1688
1689 key = priv_key->key[priv_key->def_tx_keyid];
1690 if (!key) {
1691 crypto_err("Key is NULL");
1692 status = QDF_STATUS_E_INVAL;
1693 goto err;
1694 }
1695 }
1696 if (opmode == QDF_MONITOR_MODE)
1697 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf));
1698 else
1699 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev),
1700 (uint8_t *)qdf_nbuf_data(wbuf));
1701
1702 if (!key->valid || !key->cipher_table) {
1703 status = QDF_STATUS_E_INVAL;
1704 goto err;
1705 }
1706
1707 /* if tkip, is counter measures enabled, then drop the frame */
1708 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1709 status = cipher_table->encap(key, wbuf, encapdone,
1710 hdrlen);
1711
1712 err:
1713 if (peer)
1714 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1715
1716 return status;
1717 }
1718 qdf_export_symbol(wlan_crypto_encap);
1719
wlan_crypto_decap(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf,uint8_t * mac_addr,uint8_t tid)1720 QDF_STATUS wlan_crypto_decap(struct wlan_objmgr_vdev *vdev,
1721 qdf_nbuf_t wbuf,
1722 uint8_t *mac_addr,
1723 uint8_t tid)
1724 {
1725 struct wlan_crypto_comp_priv *crypto_priv;
1726 struct wlan_crypto_params *crypto_params;
1727 struct wlan_crypto_key *key;
1728 QDF_STATUS status;
1729 struct wlan_crypto_cipher *cipher_table;
1730 struct wlan_objmgr_psoc *psoc;
1731 struct wlan_objmgr_peer *peer;
1732 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1733 uint8_t keyid;
1734 uint8_t pdev_id;
1735 uint8_t hdrlen;
1736 enum QDF_OPMODE opmode;
1737
1738 opmode = wlan_vdev_mlme_get_opmode(vdev);
1739 wlan_vdev_obj_lock(vdev);
1740 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1741 QDF_MAC_ADDR_SIZE);
1742 psoc = wlan_vdev_get_psoc(vdev);
1743 if (!psoc) {
1744 wlan_vdev_obj_unlock(vdev);
1745 crypto_err("psoc NULL");
1746 return QDF_STATUS_E_INVAL;
1747 }
1748 wlan_vdev_obj_unlock(vdev);
1749
1750 if (opmode == QDF_MONITOR_MODE)
1751 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf));
1752 else
1753 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev),
1754 (uint8_t *)qdf_nbuf_data(wbuf));
1755
1756 keyid = wlan_crypto_get_keyid((uint8_t *)qdf_nbuf_data(wbuf), hdrlen);
1757
1758 if (keyid >= WLAN_CRYPTO_MAXKEYIDX)
1759 return QDF_STATUS_E_INVAL;
1760
1761 pdev_id = wlan_objmgr_pdev_get_pdev_id(wlan_vdev_get_pdev(vdev));
1762 /* FILS Decap required only for (Re-)Assoc request */
1763 peer = wlan_objmgr_get_peer(psoc, pdev_id, mac_addr, WLAN_CRYPTO_ID);
1764
1765 if (!wlan_crypto_is_data_protected((uint8_t *)qdf_nbuf_data(wbuf)) &&
1766 peer && !wlan_crypto_get_peer_fils_aead(peer)) {
1767 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1768 return QDF_STATUS_E_INVAL;
1769 }
1770
1771 if (peer)
1772 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1773 peer = NULL;
1774
1775 if (qdf_is_macaddr_group((struct qdf_mac_addr *)mac_addr)) {
1776 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1777 &crypto_priv);
1778 if (!crypto_priv) {
1779 crypto_err("crypto_priv NULL");
1780 return QDF_STATUS_E_INVAL;
1781 }
1782
1783 key = crypto_priv->crypto_key.key[keyid];
1784 if (!key)
1785 return QDF_STATUS_E_INVAL;
1786 } else {
1787 peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1788 psoc, pdev_id, bssid_mac,
1789 mac_addr, WLAN_CRYPTO_ID);
1790 if (!peer) {
1791 crypto_err("peer NULL");
1792 return QDF_STATUS_E_INVAL;
1793 }
1794
1795 crypto_params = wlan_crypto_peer_get_comp_params(peer,
1796 &crypto_priv);
1797
1798 if (!crypto_priv) {
1799 crypto_err("crypto_priv NULL");
1800 status = QDF_STATUS_E_INVAL;
1801 goto err;
1802 }
1803
1804 key = crypto_priv->crypto_key.key[keyid];
1805 if (!key) {
1806 crypto_err("Key is NULL");
1807 status = QDF_STATUS_E_INVAL;
1808 goto err;
1809 }
1810 }
1811
1812 if (!key->valid || !key->cipher_table) {
1813 status = QDF_STATUS_E_INVAL;
1814 goto err;
1815 }
1816
1817 /* if tkip, is counter measures enabled, then drop the frame */
1818 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1819 status = cipher_table->decap(key, wbuf, tid, hdrlen);
1820
1821 err:
1822 if (peer)
1823 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1824
1825 return status;
1826 }
1827 qdf_export_symbol(wlan_crypto_decap);
1828
wlan_crypto_enmic(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf,uint8_t * mac_addr,uint8_t encapdone)1829 QDF_STATUS wlan_crypto_enmic(struct wlan_objmgr_vdev *vdev,
1830 qdf_nbuf_t wbuf,
1831 uint8_t *mac_addr,
1832 uint8_t encapdone)
1833 {
1834 struct wlan_crypto_comp_priv *crypto_priv;
1835 struct wlan_crypto_params *crypto_params;
1836 struct wlan_crypto_key *key;
1837 struct wlan_crypto_keys *priv_key = NULL;
1838 QDF_STATUS status;
1839 struct wlan_crypto_cipher *cipher_table;
1840 struct wlan_objmgr_psoc *psoc;
1841 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1842 uint8_t hdrlen;
1843 enum QDF_OPMODE opmode;
1844
1845 opmode = wlan_vdev_mlme_get_opmode(vdev);
1846
1847
1848 wlan_vdev_obj_lock(vdev);
1849 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1850 QDF_MAC_ADDR_SIZE);
1851 psoc = wlan_vdev_get_psoc(vdev);
1852 if (!psoc) {
1853 wlan_vdev_obj_unlock(vdev);
1854 crypto_err("psoc NULL");
1855 return QDF_STATUS_E_INVAL;
1856 }
1857 wlan_vdev_obj_unlock(vdev);
1858
1859 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) {
1860 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1861 &crypto_priv);
1862 if (!crypto_priv) {
1863 crypto_err("crypto_priv NULL");
1864 return QDF_STATUS_E_INVAL;
1865 }
1866
1867 priv_key = &crypto_priv->crypto_key;
1868
1869 key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid];
1870 if (!key)
1871 return QDF_STATUS_E_INVAL;
1872
1873 } else {
1874 struct wlan_objmgr_peer *peer;
1875 uint8_t pdev_id;
1876
1877 pdev_id = wlan_objmgr_pdev_get_pdev_id(
1878 wlan_vdev_get_pdev(vdev));
1879 peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1880 psoc, pdev_id, bssid_mac,
1881 mac_addr, WLAN_CRYPTO_ID);
1882 if (!peer) {
1883 crypto_err("crypto_priv NULL");
1884 return QDF_STATUS_E_INVAL;
1885 }
1886
1887 crypto_params = wlan_crypto_peer_get_comp_params(peer,
1888 &crypto_priv);
1889 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1890
1891 if (!crypto_priv) {
1892 crypto_err("crypto_priv NULL");
1893 return QDF_STATUS_E_INVAL;
1894 }
1895
1896 priv_key = &crypto_priv->crypto_key;
1897
1898 key = priv_key->key[crypto_priv->crypto_key.def_tx_keyid];
1899 if (!key)
1900 return QDF_STATUS_E_INVAL;
1901 }
1902 if (opmode == QDF_MONITOR_MODE)
1903 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf));
1904 else
1905 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev),
1906 (uint8_t *)qdf_nbuf_data(wbuf));
1907
1908 /* if tkip, is counter measures enabled, then drop the frame */
1909 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1910 status = cipher_table->enmic(key, wbuf, encapdone, hdrlen);
1911
1912 return status;
1913 }
1914
wlan_crypto_demic(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf,uint8_t * mac_addr,uint8_t tid,uint8_t keyid)1915 QDF_STATUS wlan_crypto_demic(struct wlan_objmgr_vdev *vdev,
1916 qdf_nbuf_t wbuf,
1917 uint8_t *mac_addr,
1918 uint8_t tid,
1919 uint8_t keyid)
1920 {
1921 struct wlan_crypto_comp_priv *crypto_priv;
1922 struct wlan_crypto_params *crypto_params;
1923 struct wlan_crypto_key *key;
1924 QDF_STATUS status;
1925 struct wlan_crypto_cipher *cipher_table;
1926 struct wlan_objmgr_psoc *psoc;
1927 uint8_t bssid_mac[QDF_MAC_ADDR_SIZE];
1928 uint8_t hdrlen;
1929 enum QDF_OPMODE opmode;
1930
1931 opmode = wlan_vdev_mlme_get_opmode(vdev);
1932
1933 if (opmode == QDF_MONITOR_MODE)
1934 hdrlen = ieee80211_hdrsize((uint8_t *)qdf_nbuf_data(wbuf));
1935 else
1936 hdrlen = ieee80211_hdrspace(wlan_vdev_get_pdev(vdev),
1937 (uint8_t *)qdf_nbuf_data(wbuf));
1938
1939 wlan_vdev_obj_lock(vdev);
1940 qdf_mem_copy(bssid_mac, wlan_vdev_mlme_get_macaddr(vdev),
1941 QDF_MAC_ADDR_SIZE);
1942 psoc = wlan_vdev_get_psoc(vdev);
1943 if (!psoc) {
1944 wlan_vdev_obj_unlock(vdev);
1945 crypto_err("psoc NULL");
1946 return QDF_STATUS_E_INVAL;
1947 }
1948 wlan_vdev_obj_unlock(vdev);
1949
1950 if (qdf_is_macaddr_broadcast((struct qdf_mac_addr *)mac_addr)) {
1951 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
1952 &crypto_priv);
1953 if (!crypto_priv) {
1954 crypto_err("crypto_priv NULL");
1955 return QDF_STATUS_E_INVAL;
1956 }
1957
1958 key = crypto_priv->crypto_key.key[keyid];
1959 if (!key)
1960 return QDF_STATUS_E_INVAL;
1961
1962 } else {
1963 struct wlan_objmgr_peer *peer;
1964 uint8_t pdev_id;
1965
1966 pdev_id = wlan_objmgr_pdev_get_pdev_id(
1967 wlan_vdev_get_pdev(vdev));
1968 peer = wlan_objmgr_get_peer_by_mac_n_vdev(
1969 psoc, pdev_id, bssid_mac,
1970 mac_addr, WLAN_CRYPTO_ID);
1971 if (!peer) {
1972 crypto_err("peer NULL");
1973 return QDF_STATUS_E_INVAL;
1974 }
1975
1976 crypto_params = wlan_crypto_peer_get_comp_params(peer,
1977 &crypto_priv);
1978 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
1979
1980 if (!crypto_priv) {
1981 crypto_err("crypto_priv NULL");
1982 return QDF_STATUS_E_INVAL;
1983 }
1984
1985 key = crypto_priv->crypto_key.key[keyid];
1986 if (!key)
1987 return QDF_STATUS_E_INVAL;
1988 }
1989 /* if tkip, is counter measures enabled, then drop the frame */
1990 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
1991 status = cipher_table->demic(key, wbuf, tid, hdrlen);
1992
1993 return status;
1994 }
1995
wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev * vdev)1996 bool wlan_crypto_vdev_is_pmf_enabled(struct wlan_objmgr_vdev *vdev)
1997 {
1998
1999 struct wlan_crypto_comp_priv *crypto_priv;
2000 struct wlan_crypto_params *vdev_crypto_params;
2001
2002 if (!vdev)
2003 return false;
2004 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
2005 &crypto_priv);
2006 if (!crypto_priv) {
2007 crypto_err("crypto_priv NULL");
2008 return false;
2009 }
2010
2011 if ((vdev_crypto_params->rsn_caps &
2012 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)
2013 || (vdev_crypto_params->rsn_caps &
2014 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) {
2015 return true;
2016 }
2017
2018 return false;
2019 }
2020
wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev * vdev)2021 bool wlan_crypto_vdev_is_pmf_required(struct wlan_objmgr_vdev *vdev)
2022 {
2023 struct wlan_crypto_comp_priv *crypto_priv;
2024 struct wlan_crypto_params *vdev_crypto_params;
2025
2026 if (!vdev)
2027 return false;
2028
2029 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
2030 &crypto_priv);
2031 if (!crypto_priv) {
2032 crypto_err("crypto_priv NULL");
2033 return false;
2034 }
2035
2036 if (vdev_crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)
2037 return true;
2038
2039 return false;
2040 }
2041
wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev * vdev,struct wlan_objmgr_peer * peer)2042 bool wlan_crypto_is_pmf_enabled(struct wlan_objmgr_vdev *vdev,
2043 struct wlan_objmgr_peer *peer)
2044 {
2045 struct wlan_crypto_comp_priv *crypto_priv;
2046 struct wlan_crypto_params *vdev_crypto_params;
2047 struct wlan_crypto_params *peer_crypto_params;
2048
2049 if (!vdev || !peer)
2050 return false;
2051 vdev_crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
2052 &crypto_priv);
2053 if (!crypto_priv) {
2054 crypto_err("crypto_priv NULL");
2055 return false;
2056 }
2057
2058 peer_crypto_params = wlan_crypto_peer_get_comp_params(peer,
2059 &crypto_priv);
2060 if (!crypto_priv) {
2061 crypto_err("crypto_priv NULL");
2062 return false;
2063 }
2064 if (((vdev_crypto_params->rsn_caps &
2065 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) &&
2066 (peer_crypto_params->rsn_caps &
2067 WLAN_CRYPTO_RSN_CAP_MFP_ENABLED))
2068 || (vdev_crypto_params->rsn_caps &
2069 WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) {
2070 return true;
2071 }
2072
2073 return false;
2074 }
2075
wlan_crypto_is_key_valid(struct wlan_objmgr_vdev * vdev,struct wlan_objmgr_peer * peer,uint16_t keyidx)2076 bool wlan_crypto_is_key_valid(struct wlan_objmgr_vdev *vdev,
2077 struct wlan_objmgr_peer *peer,
2078 uint16_t keyidx)
2079 {
2080 struct wlan_crypto_key *key = NULL;
2081
2082 if (!vdev && !peer)
2083 return false;
2084
2085 if (peer)
2086 key = wlan_crypto_peer_getkey(peer, keyidx);
2087 else if (vdev)
2088 key = wlan_crypto_vdev_getkey(vdev, keyidx);
2089
2090 if ((key) && key->valid)
2091 return true;
2092
2093 return false;
2094 }
2095
wlan_crypto_gmac_pn_swap(uint8_t * a,uint8_t * b)2096 static void wlan_crypto_gmac_pn_swap(uint8_t *a, uint8_t *b)
2097 {
2098 a[0] = b[5];
2099 a[1] = b[4];
2100 a[2] = b[3];
2101 a[3] = b[2];
2102 a[4] = b[1];
2103 a[5] = b[0];
2104 }
2105
wlan_crypto_add_mmie(struct wlan_objmgr_vdev * vdev,uint8_t * bfrm,uint32_t len)2106 uint8_t *wlan_crypto_add_mmie(struct wlan_objmgr_vdev *vdev,
2107 uint8_t *bfrm,
2108 uint32_t len)
2109 {
2110 struct wlan_crypto_key *key;
2111 struct wlan_crypto_keys *priv_key = NULL;
2112 struct wlan_crypto_mmie *mmie;
2113 uint8_t *pn, *aad, *buf, *efrm, nonce[12];
2114 struct wlan_frame_hdr *hdr;
2115 uint32_t i, hdrlen, mic_len, aad_len;
2116 uint8_t mic[16];
2117 struct wlan_crypto_comp_priv *crypto_priv;
2118 struct wlan_crypto_params *crypto_params;
2119 int32_t ret = -1;
2120
2121 if (!bfrm) {
2122 crypto_err("frame is NULL");
2123 return NULL;
2124 }
2125
2126 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
2127 &crypto_priv);
2128 if (!crypto_priv) {
2129 crypto_err("crypto_priv NULL");
2130 return NULL;
2131 }
2132
2133 priv_key = &crypto_priv->crypto_key;
2134
2135 if (priv_key->def_igtk_tx_keyid >= WLAN_CRYPTO_MAXIGTKKEYIDX) {
2136 crypto_err("igtk key invalid keyid %d",
2137 priv_key->def_igtk_tx_keyid);
2138 return NULL;
2139 }
2140
2141 key = priv_key->igtk_key[priv_key->def_igtk_tx_keyid];
2142 if (!key) {
2143 crypto_err("No igtk key present");
2144 return NULL;
2145 }
2146 mic_len = (priv_key->igtk_key_type
2147 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16;
2148
2149 efrm = bfrm + len;
2150 aad_len = 20;
2151 hdrlen = sizeof(struct wlan_frame_hdr);
2152 len += sizeof(struct wlan_crypto_mmie);
2153
2154 mmie = (struct wlan_crypto_mmie *) efrm;
2155 qdf_mem_zero((unsigned char *)mmie, sizeof(*mmie));
2156 mmie->element_id = WLAN_ELEMID_MMIE;
2157 mmie->length = sizeof(*mmie) - 2;
2158 mmie->key_id = qdf_cpu_to_le16(key->keyix);
2159
2160 mic_len = (priv_key->igtk_key_type
2161 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16;
2162 if (mic_len == 8) {
2163 mmie->length -= 8;
2164 len -= 8;
2165 }
2166 /* PN = PN + 1 */
2167 pn = (uint8_t *)&key->keytsc;
2168
2169 for (i = 0; i <= 5; i++) {
2170 pn[i]++;
2171 if (pn[i])
2172 break;
2173 }
2174
2175 /* Copy IPN */
2176 qdf_mem_copy(mmie->sequence_number, pn, 6);
2177
2178 hdr = (struct wlan_frame_hdr *) bfrm;
2179
2180 buf = qdf_mem_malloc(len - hdrlen + 20);
2181 if (!buf)
2182 return NULL;
2183
2184 qdf_mem_zero(buf, len - hdrlen + 20);
2185 aad = buf;
2186 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */
2187
2188 /* FC type/subtype */
2189 aad[0] = hdr->i_fc[0];
2190 /* Mask FC Retry, PwrMgt, MoreData flags to zero */
2191 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT
2192 | WLAN_FC1_MOREDATA));
2193 /* A1 || A2 || A3 */
2194 qdf_mem_copy(aad + 2, hdr->i_addr1, QDF_MAC_ADDR_SIZE);
2195 qdf_mem_copy(aad + 8, hdr->i_addr2, QDF_MAC_ADDR_SIZE);
2196 qdf_mem_copy(aad + 14, hdr->i_addr3, QDF_MAC_ADDR_SIZE);
2197 qdf_mem_zero(mic, 16);
2198
2199 /*
2200 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
2201 */
2202
2203 qdf_mem_copy(buf + aad_len, bfrm + hdrlen, len - hdrlen);
2204 if (priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) {
2205
2206 ret = omac1_aes_128(key->keyval, buf,
2207 len + aad_len - hdrlen, mic);
2208 qdf_mem_copy(mmie->mic, mic, 8);
2209
2210 } else if (priv_key->igtk_key_type
2211 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) {
2212
2213 ret = omac1_aes_256(key->keyval, buf,
2214 len + aad_len - hdrlen, mmie->mic);
2215 } else if ((priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) ||
2216 (priv_key->igtk_key_type
2217 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) {
2218
2219 qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE);
2220 wlan_crypto_gmac_pn_swap(nonce + 6, pn);
2221 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce,
2222 sizeof(nonce), buf,
2223 len + aad_len - hdrlen, mmie->mic);
2224 }
2225 qdf_mem_free(buf);
2226 if (ret < 0) {
2227 crypto_err("add mmie failed");
2228 return NULL;
2229 }
2230
2231 return bfrm + len;
2232 }
2233
2234 #define MAX_MIC_LEN 16
wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev * vdev,uint8_t * frm,uint8_t * efrm)2235 bool wlan_crypto_is_mmie_valid(struct wlan_objmgr_vdev *vdev,
2236 uint8_t *frm,
2237 uint8_t *efrm)
2238 {
2239 struct wlan_crypto_mmie *mmie = NULL;
2240 uint8_t *ipn, *aad, *buf, *mic, nonce[12];
2241 struct wlan_crypto_key *key;
2242 struct wlan_crypto_keys *priv_key = NULL;
2243 struct wlan_frame_hdr *hdr;
2244 uint16_t mic_len, hdrlen, len;
2245 struct wlan_crypto_comp_priv *crypto_priv;
2246 struct wlan_crypto_params *crypto_params;
2247 uint8_t aad_len = 20;
2248 int32_t ret = -1;
2249
2250 /* check if frame is illegal length */
2251 if (!frm || !efrm || (efrm < frm)
2252 || ((efrm - frm) < sizeof(struct wlan_frame_hdr))) {
2253 crypto_err("Invalid params");
2254 return false;
2255 }
2256 len = efrm - frm;
2257 crypto_priv = (struct wlan_crypto_comp_priv *)
2258 wlan_get_vdev_crypto_obj(vdev);
2259 if (!crypto_priv) {
2260 crypto_err("crypto_priv NULL");
2261 return false;
2262 }
2263
2264 priv_key = &crypto_priv->crypto_key;
2265
2266 crypto_params = &(crypto_priv->crypto_params);
2267
2268
2269 mic_len = (priv_key->igtk_key_type
2270 == WLAN_CRYPTO_CIPHER_AES_CMAC) ? 8 : 16;
2271 hdrlen = sizeof(struct wlan_frame_hdr);
2272
2273 if (mic_len == 8)
2274 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie) + 8);
2275 else
2276 mmie = (struct wlan_crypto_mmie *)(efrm - sizeof(*mmie));
2277
2278
2279 /* check Elem ID*/
2280 if ((!mmie) || (mmie->element_id != WLAN_ELEMID_MMIE)) {
2281 crypto_err("IE is not MMIE");
2282 return false;
2283 }
2284
2285 if (mmie->key_id >= (WLAN_CRYPTO_MAXKEYIDX +
2286 WLAN_CRYPTO_MAXIGTKKEYIDX) ||
2287 (mmie->key_id < WLAN_CRYPTO_MAXKEYIDX)) {
2288 crypto_err("keyid not valid");
2289 return false;
2290 }
2291
2292 key = priv_key->igtk_key[mmie->key_id - WLAN_CRYPTO_MAXKEYIDX];
2293 if (!key) {
2294 crypto_err("No igtk key present");
2295 return false;
2296 }
2297
2298 /* validate ipn */
2299 ipn = mmie->sequence_number;
2300 if (qdf_mem_cmp(ipn, key->keyrsc, 6) <= 0) {
2301 uint8_t *su = (uint8_t *)key->keyrsc;
2302 uint8_t *end = ipn + 6;
2303 struct wlan_objmgr_peer *peer = wlan_vdev_get_selfpeer(vdev);
2304
2305 crypto_err("replay error :");
2306 while (ipn < end) {
2307 crypto_err("expected pn = %x received pn = %x",
2308 *ipn++, *su++);
2309 }
2310 wlan_cp_stats_vdev_mcast_rx_pnerr(vdev);
2311 wlan_cp_stats_peer_rx_pnerr(peer);
2312 return false;
2313 }
2314
2315 buf = qdf_mem_malloc(len - hdrlen + 20);
2316 if (!buf)
2317 return false;
2318
2319 aad = buf;
2320
2321 /* construct AAD */
2322 hdr = (struct wlan_frame_hdr *)frm;
2323 /* generate BIP AAD: FC(masked) || A1 || A2 || A3 */
2324
2325 /* FC type/subtype */
2326 aad[0] = hdr->i_fc[0];
2327 /* Mask FC Retry, PwrMgt, MoreData flags to zero */
2328 aad[1] = (hdr->i_fc[1] & ~(WLAN_FC1_RETRY | WLAN_FC1_PWRMGT
2329 | WLAN_FC1_MOREDATA));
2330 /* A1 || A2 || A3 */
2331 qdf_mem_copy(aad + 2, hdr->i_addr1, 3 * QDF_MAC_ADDR_SIZE);
2332
2333 /*
2334 * MIC = AES-128-CMAC(IGTK, AAD || Management Frame Body || MMIE, 64)
2335 */
2336 qdf_mem_copy(buf + 20, frm + hdrlen, len - hdrlen);
2337 qdf_mem_zero(buf + (len - hdrlen + 20 - mic_len), mic_len);
2338 mic = qdf_mem_malloc(MAX_MIC_LEN);
2339 if (!mic) {
2340 qdf_mem_free(buf);
2341 return false;
2342 }
2343 if (priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_CMAC) {
2344 ret = omac1_aes_128(key->keyval, buf,
2345 len - hdrlen + aad_len, mic);
2346 } else if (priv_key->igtk_key_type
2347 == WLAN_CRYPTO_CIPHER_AES_CMAC_256) {
2348 ret = omac1_aes_256(key->keyval, buf,
2349 len + aad_len - hdrlen, mic);
2350 } else if ((priv_key->igtk_key_type == WLAN_CRYPTO_CIPHER_AES_GMAC) ||
2351 (priv_key->igtk_key_type
2352 == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) {
2353 qdf_mem_copy(nonce, hdr->i_addr2, QDF_MAC_ADDR_SIZE);
2354 wlan_crypto_gmac_pn_swap(nonce + 6, ipn);
2355 ret = wlan_crypto_aes_gmac(key->keyval, key->keylen, nonce,
2356 sizeof(nonce), buf,
2357 len + aad_len - hdrlen, mic);
2358 }
2359
2360 qdf_mem_free(buf);
2361
2362 if (ret < 0) {
2363 qdf_mem_free(mic);
2364 crypto_err("generate mmie failed");
2365 return false;
2366 }
2367
2368 if (qdf_mem_cmp(mic, mmie->mic, mic_len) != 0) {
2369 qdf_mem_free(mic);
2370 crypto_err("mmie mismatch");
2371 /* MMIE MIC mismatch */
2372 return false;
2373 }
2374
2375 qdf_mem_free(mic);
2376 /* Update the receive sequence number */
2377 qdf_mem_copy(key->keyrsc, ipn, 6);
2378 crypto_debug("mmie matched");
2379
2380 return true;
2381 }
2382
2383
wlan_crypto_wpa_cipher_to_suite(uint32_t cipher)2384 static int32_t wlan_crypto_wpa_cipher_to_suite(uint32_t cipher)
2385 {
2386 int32_t status = -1;
2387
2388 switch (cipher) {
2389 case WLAN_CRYPTO_CIPHER_TKIP:
2390 return WPA_CIPHER_SUITE_TKIP;
2391 case WLAN_CRYPTO_CIPHER_AES_CCM:
2392 return WPA_CIPHER_SUITE_CCMP;
2393 case WLAN_CRYPTO_CIPHER_NONE:
2394 return WPA_CIPHER_SUITE_NONE;
2395 }
2396
2397 return status;
2398 }
2399
wlan_crypto_rsn_cipher_to_suite(uint32_t cipher)2400 static int32_t wlan_crypto_rsn_cipher_to_suite(uint32_t cipher)
2401 {
2402 int32_t status = -1;
2403
2404 switch (cipher) {
2405 case WLAN_CRYPTO_CIPHER_TKIP:
2406 return RSN_CIPHER_SUITE_TKIP;
2407 case WLAN_CRYPTO_CIPHER_AES_CCM:
2408 return RSN_CIPHER_SUITE_CCMP;
2409 case WLAN_CRYPTO_CIPHER_AES_CCM_256:
2410 return RSN_CIPHER_SUITE_CCMP_256;
2411 case WLAN_CRYPTO_CIPHER_AES_GCM:
2412 return RSN_CIPHER_SUITE_GCMP;
2413 case WLAN_CRYPTO_CIPHER_AES_GCM_256:
2414 return RSN_CIPHER_SUITE_GCMP_256;
2415 case WLAN_CRYPTO_CIPHER_AES_CMAC:
2416 return RSN_CIPHER_SUITE_AES_CMAC;
2417 case WLAN_CRYPTO_CIPHER_AES_CMAC_256:
2418 return RSN_CIPHER_SUITE_BIP_CMAC_256;
2419 case WLAN_CRYPTO_CIPHER_AES_GMAC:
2420 return RSN_CIPHER_SUITE_BIP_GMAC_128;
2421 case WLAN_CRYPTO_CIPHER_AES_GMAC_256:
2422 return RSN_CIPHER_SUITE_BIP_GMAC_256;
2423 case WLAN_CRYPTO_CIPHER_NONE:
2424 return RSN_CIPHER_SUITE_NONE;
2425 }
2426
2427 return status;
2428 }
2429
2430 /*
2431 * Convert an RSN key management/authentication algorithm
2432 * to an internal code.
2433 */
2434 static int32_t
wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt)2435 wlan_crypto_rsn_keymgmt_to_suite(uint32_t keymgmt)
2436 {
2437 int32_t status = -1;
2438
2439 switch (keymgmt) {
2440 case WLAN_CRYPTO_KEY_MGMT_NONE:
2441 return RSN_AUTH_KEY_MGMT_NONE;
2442 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X:
2443 return RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
2444 case WLAN_CRYPTO_KEY_MGMT_PSK:
2445 return RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
2446 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X:
2447 return RSN_AUTH_KEY_MGMT_FT_802_1X;
2448 case WLAN_CRYPTO_KEY_MGMT_FT_PSK:
2449 return RSN_AUTH_KEY_MGMT_FT_PSK;
2450 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256:
2451 return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
2452 case WLAN_CRYPTO_KEY_MGMT_PSK_SHA256:
2453 return RSN_AUTH_KEY_MGMT_PSK_SHA256;
2454 case WLAN_CRYPTO_KEY_MGMT_SAE:
2455 return RSN_AUTH_KEY_MGMT_SAE;
2456 case WLAN_CRYPTO_KEY_MGMT_FT_SAE:
2457 return RSN_AUTH_KEY_MGMT_FT_SAE;
2458 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B:
2459 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
2460 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192:
2461 return RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
2462 case WLAN_CRYPTO_KEY_MGMT_CCKM:
2463 return RSN_AUTH_KEY_MGMT_CCKM;
2464 case WLAN_CRYPTO_KEY_MGMT_OSEN:
2465 return RSN_AUTH_KEY_MGMT_OSEN;
2466 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA256:
2467 return RSN_AUTH_KEY_MGMT_FILS_SHA256;
2468 case WLAN_CRYPTO_KEY_MGMT_FILS_SHA384:
2469 return RSN_AUTH_KEY_MGMT_FILS_SHA384;
2470 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256:
2471 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
2472 case WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384:
2473 return RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
2474 case WLAN_CRYPTO_KEY_MGMT_OWE:
2475 return RSN_AUTH_KEY_MGMT_OWE;
2476 case WLAN_CRYPTO_KEY_MGMT_DPP:
2477 return RSN_AUTH_KEY_MGMT_DPP;
2478 case WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384:
2479 return RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384;
2480 case WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY:
2481 return RSN_AUTH_KEY_MGMT_SAE_EXT_KEY;
2482 case WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY:
2483 return RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY;
2484 }
2485
2486 return status;
2487 }
2488
2489 /*
2490 * Convert an RSN key management/authentication algorithm
2491 * to an internal code.
2492 */
2493 static int32_t
wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt)2494 wlan_crypto_wpa_keymgmt_to_suite(uint32_t keymgmt)
2495 {
2496 int32_t status = -1;
2497
2498 switch (keymgmt) {
2499 case WLAN_CRYPTO_KEY_MGMT_NONE:
2500 return WPA_AUTH_KEY_MGMT_NONE;
2501 case WLAN_CRYPTO_KEY_MGMT_IEEE8021X:
2502 return WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
2503 case WLAN_CRYPTO_KEY_MGMT_PSK:
2504 return WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
2505 case WLAN_CRYPTO_KEY_MGMT_CCKM:
2506 return WPA_AUTH_KEY_MGMT_CCKM;
2507 }
2508
2509 return status;
2510 }
2511
2512 /*
2513 * Convert a WPA cipher selector OUI to an internal
2514 * cipher algorithm. Where appropriate we also
2515 * record any key length.
2516 */
wlan_crypto_wpa_suite_to_cipher(const uint8_t * sel)2517 static int32_t wlan_crypto_wpa_suite_to_cipher(const uint8_t *sel)
2518 {
2519 uint32_t w = LE_READ_4(sel);
2520 int32_t status = -1;
2521
2522 switch (w) {
2523 case WPA_CIPHER_SUITE_TKIP:
2524 return WLAN_CRYPTO_CIPHER_TKIP;
2525 case WPA_CIPHER_SUITE_CCMP:
2526 return WLAN_CRYPTO_CIPHER_AES_CCM;
2527 case WPA_CIPHER_SUITE_NONE:
2528 return WLAN_CRYPTO_CIPHER_NONE;
2529 }
2530
2531 return status;
2532 }
2533
2534 /*
2535 * Convert a WPA key management/authentication algorithm
2536 * to an internal code.
2537 */
wlan_crypto_wpa_suite_to_keymgmt(const uint8_t * sel)2538 static int32_t wlan_crypto_wpa_suite_to_keymgmt(const uint8_t *sel)
2539 {
2540 uint32_t w = LE_READ_4(sel);
2541 int32_t status = -1;
2542
2543 switch (w) {
2544 case WPA_AUTH_KEY_MGMT_UNSPEC_802_1X:
2545 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X;
2546 case WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X:
2547 return WLAN_CRYPTO_KEY_MGMT_PSK;
2548 case WPA_AUTH_KEY_MGMT_CCKM:
2549 return WLAN_CRYPTO_KEY_MGMT_CCKM;
2550 case WPA_AUTH_KEY_MGMT_NONE:
2551 return WLAN_CRYPTO_KEY_MGMT_NONE;
2552 }
2553 return status;
2554 }
2555
2556 /*
2557 * Convert a RSN cipher selector OUI to an internal
2558 * cipher algorithm. Where appropriate we also
2559 * record any key length.
2560 */
wlan_crypto_rsn_suite_to_cipher(const uint8_t * sel)2561 static int32_t wlan_crypto_rsn_suite_to_cipher(const uint8_t *sel)
2562 {
2563 uint32_t w = LE_READ_4(sel);
2564 int32_t status = -1;
2565
2566 switch (w) {
2567 case RSN_CIPHER_SUITE_TKIP:
2568 return WLAN_CRYPTO_CIPHER_TKIP;
2569 case RSN_CIPHER_SUITE_CCMP:
2570 return WLAN_CRYPTO_CIPHER_AES_CCM;
2571 case RSN_CIPHER_SUITE_CCMP_256:
2572 return WLAN_CRYPTO_CIPHER_AES_CCM_256;
2573 case RSN_CIPHER_SUITE_GCMP:
2574 return WLAN_CRYPTO_CIPHER_AES_GCM;
2575 case RSN_CIPHER_SUITE_GCMP_256:
2576 return WLAN_CRYPTO_CIPHER_AES_GCM_256;
2577 case RSN_CIPHER_SUITE_AES_CMAC:
2578 return WLAN_CRYPTO_CIPHER_AES_CMAC;
2579 case RSN_CIPHER_SUITE_BIP_CMAC_256:
2580 return WLAN_CRYPTO_CIPHER_AES_CMAC_256;
2581 case RSN_CIPHER_SUITE_BIP_GMAC_128:
2582 return WLAN_CRYPTO_CIPHER_AES_GMAC;
2583 case RSN_CIPHER_SUITE_BIP_GMAC_256:
2584 return WLAN_CRYPTO_CIPHER_AES_GMAC_256;
2585 case RSN_CIPHER_SUITE_NONE:
2586 return WLAN_CRYPTO_CIPHER_NONE;
2587 }
2588
2589 return status;
2590 }
2591 /*
2592 * Convert an RSN key management/authentication algorithm
2593 * to an internal code.
2594 */
wlan_crypto_rsn_suite_to_keymgmt(const uint8_t * sel)2595 static int32_t wlan_crypto_rsn_suite_to_keymgmt(const uint8_t *sel)
2596 {
2597 uint32_t w = LE_READ_4(sel);
2598 int32_t status = -1;
2599
2600 switch (w) {
2601 case RSN_AUTH_KEY_MGMT_UNSPEC_802_1X:
2602 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X;
2603 case RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X:
2604 return WLAN_CRYPTO_KEY_MGMT_PSK;
2605 case RSN_AUTH_KEY_MGMT_FT_802_1X:
2606 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X;
2607 case RSN_AUTH_KEY_MGMT_FT_PSK:
2608 return WLAN_CRYPTO_KEY_MGMT_FT_PSK;
2609 case RSN_AUTH_KEY_MGMT_802_1X_SHA256:
2610 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256;
2611 case RSN_AUTH_KEY_MGMT_PSK_SHA256:
2612 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256;
2613 case RSN_AUTH_KEY_MGMT_SAE:
2614 return WLAN_CRYPTO_KEY_MGMT_SAE;
2615 case RSN_AUTH_KEY_MGMT_FT_SAE:
2616 return WLAN_CRYPTO_KEY_MGMT_FT_SAE;
2617 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B:
2618 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B;
2619 case RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192:
2620 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192;
2621 case RSN_AUTH_KEY_MGMT_CCKM:
2622 return WLAN_CRYPTO_KEY_MGMT_CCKM;
2623 case RSN_AUTH_KEY_MGMT_OSEN:
2624 return WLAN_CRYPTO_KEY_MGMT_OSEN;
2625 case RSN_AUTH_KEY_MGMT_FILS_SHA256:
2626 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256;
2627 case RSN_AUTH_KEY_MGMT_FILS_SHA384:
2628 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384;
2629 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA256:
2630 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256;
2631 case RSN_AUTH_KEY_MGMT_FT_FILS_SHA384:
2632 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384;
2633 case RSN_AUTH_KEY_MGMT_OWE:
2634 return WLAN_CRYPTO_KEY_MGMT_OWE;
2635 case RSN_AUTH_KEY_MGMT_DPP:
2636 return WLAN_CRYPTO_KEY_MGMT_DPP;
2637 case RSN_AUTH_KEY_MGMT_FT_802_1X_SUITE_B_384:
2638 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384;
2639 case RSN_AUTH_KEY_MGMT_FT_PSK_SHA384:
2640 return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384;
2641 case RSN_AUTH_KEY_MGMT_PSK_SHA384:
2642 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384;
2643 case RSN_AUTH_KEY_MGMT_SAE_EXT_KEY:
2644 return WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY;
2645 case RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY:
2646 return WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY;
2647 }
2648
2649 return status;
2650 }
2651
wlan_crypto_wpaie_check(struct wlan_crypto_params * crypto_params,const uint8_t * frm)2652 QDF_STATUS wlan_crypto_wpaie_check(struct wlan_crypto_params *crypto_params,
2653 const uint8_t *frm)
2654 {
2655 uint8_t len = frm[1];
2656 int32_t w;
2657 int n;
2658
2659 /*
2660 * Check the length once for fixed parts: OUI, type,
2661 * version, mcast cipher, and 2 selector counts.
2662 * Other, variable-length data, must be checked separately.
2663 */
2664 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WPA);
2665
2666 if (len < 14)
2667 return QDF_STATUS_E_INVAL;
2668
2669 frm += 6, len -= 4;
2670
2671 w = LE_READ_2(frm);
2672 if (w != WPA_VERSION)
2673 return QDF_STATUS_E_INVAL;
2674
2675 frm += 2, len -= 2;
2676
2677 /* multicast/group cipher */
2678 w = wlan_crypto_wpa_suite_to_cipher(frm);
2679 if (w < 0)
2680 return QDF_STATUS_E_INVAL;
2681 SET_MCAST_CIPHER(crypto_params, w);
2682 frm += 4, len -= 4;
2683
2684 /* unicast ciphers */
2685 n = LE_READ_2(frm);
2686 frm += 2, len -= 2;
2687 if (len < n*4+2)
2688 return QDF_STATUS_E_INVAL;
2689
2690 for (; n > 0; n--) {
2691 w = wlan_crypto_wpa_suite_to_cipher(frm);
2692 if (w < 0)
2693 return QDF_STATUS_E_INVAL;
2694 SET_UCAST_CIPHER(crypto_params, w);
2695 frm += 4, len -= 4;
2696 }
2697
2698 if (!crypto_params->ucastcipherset)
2699 return QDF_STATUS_E_INVAL;
2700
2701 /* key management algorithms */
2702 n = LE_READ_2(frm);
2703 frm += 2, len -= 2;
2704 if (len < n*4)
2705 return QDF_STATUS_E_INVAL;
2706
2707 w = 0;
2708 for (; n > 0; n--) {
2709 w = wlan_crypto_wpa_suite_to_keymgmt(frm);
2710 if (w < 0)
2711 return QDF_STATUS_E_INVAL;
2712 SET_KEY_MGMT(crypto_params, w);
2713 frm += 4, len -= 4;
2714 }
2715
2716 /* optional capabilities */
2717 if (len >= 2) {
2718 crypto_params->rsn_caps = LE_READ_2(frm);
2719 frm += 2, len -= 2;
2720 }
2721
2722 return QDF_STATUS_SUCCESS;
2723 }
2724
2725 #ifdef WLAN_ADAPTIVE_11R
2726 /**
2727 * wlan_crypto_store_akm_list_in_order() - store AMK list in order
2728 * @crypto_params: crypto param structure
2729 * @key_mgmt: key management
2730 * @akm_index: place at which AMK present in RSN IE of Beacon/Probe response
2731 *
2732 * Return: none
2733 */
2734 static void
wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params * crypto_params,int32_t key_mgmt,int akm_index)2735 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params,
2736 int32_t key_mgmt, int akm_index)
2737 {
2738 if (akm_index >= WLAN_CRYPTO_KEY_MGMT_MAX) {
2739 crypto_debug("Invalid AKM Index");
2740 return;
2741 }
2742
2743 crypto_params->akm_list[akm_index].key_mgmt = key_mgmt;
2744 }
2745 #else
2746 static inline void
wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params * crypto_params,int32_t key_mgmt,int akm_index)2747 wlan_crypto_store_akm_list_in_order(struct wlan_crypto_params *crypto_params,
2748 int32_t key_mgmt, int akm_index)
2749 {
2750 }
2751 #endif
2752
wlan_crypto_rsnxie_check(struct wlan_crypto_params * crypto_params,const uint8_t * rsnxe)2753 void wlan_crypto_rsnxie_check(struct wlan_crypto_params *crypto_params,
2754 const uint8_t *rsnxe)
2755 {
2756 uint8_t i = 0, len = rsnxe[1];
2757
2758 for (; len > 0 ; len--) {
2759 ((uint8_t *)(&crypto_params->rsnx_caps))[i] = rsnxe[2 + i];
2760 i++;
2761 }
2762 /*First 4bits of RSNX capabilitities field is the length of
2763 *the Extended RSN capabilities field -1
2764 *Hence Ignoring them
2765 */
2766 ((uint8_t *)(&crypto_params->rsnx_caps))[0] &= 0xf0;
2767 }
2768
wlan_crypto_rsnie_check(struct wlan_crypto_params * crypto_params,const uint8_t * frm)2769 QDF_STATUS wlan_crypto_rsnie_check(struct wlan_crypto_params *crypto_params,
2770 const uint8_t *frm)
2771 {
2772 uint8_t len = frm[1];
2773 int32_t w;
2774 int n, akm_index;
2775
2776 /* Check the length once for fixed parts: OUI, type & version */
2777 if (len < 2)
2778 return QDF_STATUS_E_INVAL;
2779
2780 /* initialize crypto params */
2781 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params));
2782
2783 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_RSNA);
2784
2785 frm += 2;
2786 /* NB: iswapoui already validated the OUI and type */
2787 w = LE_READ_2(frm);
2788 if (w != RSN_VERSION)
2789 return QDF_STATUS_E_INVAL;
2790
2791 frm += 2, len -= 2;
2792
2793 if (!len) {
2794 /* set defaults */
2795 /* default group cipher CCMP-128 */
2796 SET_MCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM);
2797 /* default ucast cipher CCMP-128 */
2798 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM);
2799 /* default key mgmt 8021x */
2800 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2801 return QDF_STATUS_SUCCESS;
2802 } else if (len < 4) {
2803 return QDF_STATUS_E_INVAL;
2804 }
2805
2806 /* multicast/group cipher */
2807 w = wlan_crypto_rsn_suite_to_cipher(frm);
2808 if (w < 0)
2809 return QDF_STATUS_E_INVAL;
2810 else {
2811 SET_MCAST_CIPHER(crypto_params, w);
2812 frm += 4, len -= 4;
2813 }
2814
2815 if (crypto_params->mcastcipherset == 0)
2816 return QDF_STATUS_E_INVAL;
2817
2818 if (!len) {
2819 /* default ucast cipher CCMP-128 */
2820 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM);
2821 /* default key mgmt 8021x */
2822 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2823 return QDF_STATUS_SUCCESS;
2824 } else if (len < 2) {
2825 return QDF_STATUS_E_INVAL;
2826 }
2827
2828 /* unicast ciphers */
2829 n = LE_READ_2(frm);
2830 frm += 2, len -= 2;
2831 if (n) {
2832 if (len < n * 4)
2833 return QDF_STATUS_E_INVAL;
2834
2835 for (; n > 0; n--) {
2836 w = wlan_crypto_rsn_suite_to_cipher(frm);
2837 if (w >= 0)
2838 SET_UCAST_CIPHER(crypto_params, w);
2839 frm += 4, len -= 4;
2840 }
2841 } else {
2842 /* default ucast cipher CCMP-128 */
2843 SET_UCAST_CIPHER(crypto_params, WLAN_CRYPTO_CIPHER_AES_CCM);
2844 }
2845
2846 if (crypto_params->ucastcipherset == 0)
2847 return QDF_STATUS_E_INVAL;
2848
2849 if (!len) {
2850 /* default key mgmt 8021x */
2851 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2852 return QDF_STATUS_SUCCESS;
2853 } else if (len < 2) {
2854 return QDF_STATUS_E_INVAL;
2855 }
2856
2857 /* key management algorithms */
2858 n = LE_READ_2(frm);
2859 frm += 2, len -= 2;
2860
2861 if (n) {
2862 if (len < n * 4)
2863 return QDF_STATUS_E_INVAL;
2864 akm_index = 0;
2865 for (; n > 0; n--) {
2866 w = wlan_crypto_rsn_suite_to_keymgmt(frm);
2867 if (w >= 0) {
2868 SET_KEY_MGMT(crypto_params, w);
2869 wlan_crypto_store_akm_list_in_order(
2870 crypto_params, w, akm_index);
2871 akm_index++;
2872 }
2873
2874 frm += 4, len -= 4;
2875 }
2876 } else {
2877 /* default key mgmt 8021x */
2878 SET_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2879 }
2880
2881 if (crypto_params->key_mgmt == 0)
2882 return QDF_STATUS_E_INVAL;
2883
2884 /* optional capabilities */
2885 if (len >= 2) {
2886 crypto_params->rsn_caps = LE_READ_2(frm);
2887 frm += 2, len -= 2;
2888 } else if (len && len < 2) {
2889 return QDF_STATUS_E_INVAL;
2890 }
2891
2892
2893 /* PMKID */
2894 if (len >= 2) {
2895 n = LE_READ_2(frm);
2896 frm += 2, len -= 2;
2897 if (n && len) {
2898 if (len >= n * PMKID_LEN)
2899 frm += (n * PMKID_LEN), len -= (n * PMKID_LEN);
2900 else
2901 return QDF_STATUS_E_INVAL;
2902 } else if (n && !len) {
2903 return QDF_STATUS_E_INVAL;
2904 }
2905 /*TODO: Save pmkid in params for further reference */
2906 } else if (len == 1) {
2907 crypto_err("PMKID is truncated");
2908 return QDF_STATUS_E_INVAL;
2909 }
2910
2911 /* BIP */
2912 if (!len) {
2913 /* when no BIP mentioned and MFP capable use CMAC as default*/
2914 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)
2915 SET_MGMT_CIPHER(crypto_params,
2916 WLAN_CRYPTO_CIPHER_AES_CMAC);
2917 return QDF_STATUS_SUCCESS;
2918 } else if (len < 4) {
2919 crypto_err("Mgmt cipher is truncated");
2920 return QDF_STATUS_E_INVAL;
2921 }
2922 w = wlan_crypto_rsn_suite_to_cipher(frm);
2923 frm += 4, len -= 4;
2924 SET_MGMT_CIPHER(crypto_params, w);
2925
2926 return QDF_STATUS_SUCCESS;
2927 }
2928
wlan_crypto_build_wpaie(struct wlan_objmgr_vdev * vdev,uint8_t * iebuf)2929 uint8_t *wlan_crypto_build_wpaie(struct wlan_objmgr_vdev *vdev,
2930 uint8_t *iebuf)
2931 {
2932 uint8_t *frm = iebuf;
2933 uint8_t *selcnt;
2934 struct wlan_crypto_comp_priv *crypto_priv;
2935 struct wlan_crypto_params *crypto_params;
2936
2937 if (!frm)
2938 return NULL;
2939
2940 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
2941
2942 if (!crypto_params)
2943 return NULL;
2944
2945 *frm++ = WLAN_ELEMID_VENDOR;
2946 *frm++ = 0;
2947 WLAN_CRYPTO_ADDSELECTOR(frm, WPA_TYPE_OUI);
2948 WLAN_CRYPTO_ADDSHORT(frm, WPA_VERSION);
2949
2950
2951 /* multicast cipher */
2952 if (MCIPHER_IS_TKIP(crypto_params))
2953 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP);
2954 else if (MCIPHER_IS_CCMP128(crypto_params))
2955 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM);
2956
2957 /* unicast cipher list */
2958 selcnt = frm;
2959 WLAN_CRYPTO_ADDSHORT(frm, 0);
2960 /* do not use CCMP unicast cipher in WPA mode */
2961 if (UCIPHER_IS_CCMP128(crypto_params)) {
2962 selcnt[0]++;
2963 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM);
2964 }
2965 if (UCIPHER_IS_TKIP(crypto_params)) {
2966 selcnt[0]++;
2967 WPA_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP);
2968 }
2969
2970 /* authenticator selector list */
2971 selcnt = frm;
2972 WLAN_CRYPTO_ADDSHORT(frm, 0);
2973
2974 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) {
2975 selcnt[0]++;
2976 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
2977 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) {
2978 selcnt[0]++;
2979 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK);
2980 } else if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) {
2981 selcnt[0]++;
2982 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM);
2983 } else {
2984 selcnt[0]++;
2985 WPA_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_NONE);
2986 }
2987
2988 /* optional capabilities */
2989 if (crypto_params->rsn_caps != 0 &&
2990 crypto_params->rsn_caps != WLAN_CRYPTO_RSN_CAP_PREAUTH) {
2991 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps);
2992 }
2993
2994 /* calculate element length */
2995 iebuf[1] = frm - iebuf - 2;
2996
2997 return frm;
2998 }
2999
wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev * vdev,uint8_t * iebuf,struct wlan_crypto_pmksa * pmksa)3000 uint8_t *wlan_crypto_build_rsnie_with_pmksa(struct wlan_objmgr_vdev *vdev,
3001 uint8_t *iebuf,
3002 struct wlan_crypto_pmksa *pmksa)
3003 {
3004 uint8_t *frm = iebuf;
3005 uint8_t *selcnt;
3006 struct wlan_crypto_comp_priv *crypto_priv;
3007 struct wlan_crypto_params *crypto_params;
3008
3009 if (!frm) {
3010 return NULL;
3011 }
3012
3013 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
3014
3015 if (!crypto_params) {
3016 return NULL;
3017 }
3018
3019 *frm++ = WLAN_ELEMID_RSN;
3020 *frm++ = 0;
3021 WLAN_CRYPTO_ADDSHORT(frm, RSN_VERSION);
3022
3023
3024 /* multicast cipher */
3025 if (MCIPHER_IS_TKIP(crypto_params))
3026 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP);
3027 else if (MCIPHER_IS_CCMP128(crypto_params))
3028 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM);
3029 else if (MCIPHER_IS_CCMP256(crypto_params))
3030 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256);
3031 else if (MCIPHER_IS_GCMP128(crypto_params))
3032 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM);
3033 else if (MCIPHER_IS_GCMP256(crypto_params))
3034 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256);
3035
3036 /* unicast cipher list */
3037 selcnt = frm;
3038 WLAN_CRYPTO_ADDSHORT(frm, 0);
3039
3040 if (UCIPHER_IS_CCMP256(crypto_params)) {
3041 selcnt[0]++;
3042 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM_256);
3043 }
3044 if (UCIPHER_IS_GCMP256(crypto_params)) {
3045 selcnt[0]++;
3046 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM_256);
3047 }
3048 if (UCIPHER_IS_CCMP128(crypto_params)) {
3049 selcnt[0]++;
3050 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_CCM);
3051 }
3052 if (UCIPHER_IS_GCMP128(crypto_params)) {
3053 selcnt[0]++;
3054 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_AES_GCM);
3055 }
3056 if (UCIPHER_IS_TKIP(crypto_params)) {
3057 selcnt[0]++;
3058 RSN_ADD_CIPHER_TO_SUITE(frm, WLAN_CRYPTO_CIPHER_TKIP);
3059 }
3060
3061 /* authenticator selector list */
3062 selcnt = frm;
3063 WLAN_CRYPTO_ADDSHORT(frm, 0);
3064 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_CCKM)) {
3065 selcnt[0]++;
3066 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_CCKM);
3067 /* Other key mgmt should not be added after CCKM */
3068 goto add_rsn_caps;
3069 }
3070 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_IEEE8021X)) {
3071 selcnt[0]++;
3072 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X);
3073 }
3074 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK)) {
3075 selcnt[0]++;
3076 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK);
3077 }
3078 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X)) {
3079 selcnt[0]++;
3080 RSN_ADD_KEYMGMT_TO_SUITE(frm,
3081 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X);
3082 }
3083 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_PSK)) {
3084 selcnt[0]++;
3085 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_PSK);
3086 }
3087 if (HAS_KEY_MGMT(crypto_params,
3088 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256)) {
3089 selcnt[0]++;
3090 RSN_ADD_KEYMGMT_TO_SUITE(frm,
3091 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256);
3092 }
3093 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256)) {
3094 selcnt[0]++;
3095 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256);
3096 }
3097 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE)) {
3098 selcnt[0]++;
3099 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE);
3100 }
3101 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE)) {
3102 selcnt[0]++;
3103 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FT_SAE);
3104 }
3105 if (HAS_KEY_MGMT(crypto_params,
3106 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B)) {
3107 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B;
3108
3109 selcnt[0]++;
3110 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt);
3111 }
3112 if (HAS_KEY_MGMT(crypto_params,
3113 WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192)) {
3114 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192;
3115
3116 selcnt[0]++;
3117 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt);
3118 }
3119 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256)) {
3120 selcnt[0]++;
3121 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256);
3122 }
3123 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384)) {
3124 selcnt[0]++;
3125 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384);
3126 }
3127 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256)) {
3128 selcnt[0]++;
3129 RSN_ADD_KEYMGMT_TO_SUITE(frm,
3130 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256);
3131 }
3132 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384)) {
3133 selcnt[0]++;
3134 RSN_ADD_KEYMGMT_TO_SUITE(frm,
3135 WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384);
3136 }
3137 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OWE)) {
3138 selcnt[0]++;
3139 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OWE);
3140 }
3141 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_DPP)) {
3142 selcnt[0]++;
3143 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_DPP);
3144 }
3145 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_OSEN)) {
3146 selcnt[0]++;
3147 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_OSEN);
3148 }
3149 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY)) {
3150 selcnt[0]++;
3151 RSN_ADD_KEYMGMT_TO_SUITE(frm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY);
3152 }
3153 if (HAS_KEY_MGMT(crypto_params,
3154 WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384)) {
3155 uint32_t kmgmt = WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384;
3156
3157 selcnt[0]++;
3158 RSN_ADD_KEYMGMT_TO_SUITE(frm, kmgmt);
3159 }
3160 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY)) {
3161 selcnt[0]++;
3162 RSN_ADD_KEYMGMT_TO_SUITE(frm,
3163 WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY);
3164 }
3165 add_rsn_caps:
3166 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps);
3167 /* optional capabilities */
3168 if (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED) {
3169 /* PMK list */
3170 if (pmksa) {
3171 WLAN_CRYPTO_ADDSHORT(frm, 1);
3172 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN);
3173 frm += PMKID_LEN;
3174 } else {
3175 WLAN_CRYPTO_ADDSHORT(frm, 0);
3176 }
3177
3178 if (HAS_MGMT_CIPHER(crypto_params,
3179 WLAN_CRYPTO_CIPHER_AES_CMAC)) {
3180 RSN_ADD_CIPHER_TO_SUITE(frm,
3181 WLAN_CRYPTO_CIPHER_AES_CMAC);
3182 }
3183 if (HAS_MGMT_CIPHER(crypto_params,
3184 WLAN_CRYPTO_CIPHER_AES_GMAC)) {
3185 RSN_ADD_CIPHER_TO_SUITE(frm,
3186 WLAN_CRYPTO_CIPHER_AES_GMAC);
3187 }
3188 if (HAS_MGMT_CIPHER(crypto_params,
3189 WLAN_CRYPTO_CIPHER_AES_CMAC_256)) {
3190 RSN_ADD_CIPHER_TO_SUITE(frm,
3191 WLAN_CRYPTO_CIPHER_AES_CMAC_256
3192 );
3193 }
3194
3195 if (HAS_MGMT_CIPHER(crypto_params,
3196 WLAN_CRYPTO_CIPHER_AES_GMAC_256)) {
3197 RSN_ADD_CIPHER_TO_SUITE(frm,
3198 WLAN_CRYPTO_CIPHER_AES_GMAC_256
3199 );
3200 }
3201 } else {
3202 /* PMK list */
3203 if (pmksa) {
3204 WLAN_CRYPTO_ADDSHORT(frm, 1);
3205 qdf_mem_copy(frm, pmksa->pmkid, PMKID_LEN);
3206 frm += PMKID_LEN;
3207 }
3208 }
3209
3210 /* calculate element length */
3211 iebuf[1] = frm - iebuf - 2;
3212
3213 return frm;
3214 }
3215
wlan_crypto_build_rsnie(struct wlan_objmgr_vdev * vdev,uint8_t * iebuf,struct qdf_mac_addr * bssid)3216 uint8_t *wlan_crypto_build_rsnie(struct wlan_objmgr_vdev *vdev,
3217 uint8_t *iebuf,
3218 struct qdf_mac_addr *bssid)
3219 {
3220 struct wlan_crypto_pmksa *pmksa = NULL;
3221
3222 if (bssid)
3223 pmksa = wlan_crypto_get_pmksa(vdev, bssid);
3224
3225 return wlan_crypto_build_rsnie_with_pmksa(vdev, iebuf, pmksa);
3226 }
3227
wlan_crypto_rsn_info(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_params * crypto_params)3228 bool wlan_crypto_rsn_info(struct wlan_objmgr_vdev *vdev,
3229 struct wlan_crypto_params *crypto_params)
3230 {
3231 struct wlan_crypto_params *my_crypto_params;
3232 my_crypto_params = wlan_crypto_vdev_get_crypto_params(vdev);
3233
3234 if (!my_crypto_params) {
3235 crypto_debug("vdev crypto params is NULL");
3236 return false;
3237 }
3238 /*
3239 * Check peer's pairwise ciphers.
3240 * At least one must match with our unicast cipher
3241 */
3242 if (!UCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) {
3243 crypto_debug("Unicast cipher match failed");
3244 return false;
3245 }
3246 /*
3247 * Check peer's group cipher is our enabled multicast cipher.
3248 */
3249 if (!MCAST_CIPHER_MATCH(crypto_params, my_crypto_params)) {
3250 crypto_debug("Multicast cipher match failed");
3251 return false;
3252 }
3253 /*
3254 * Check peer's key management class set (PSK or UNSPEC)
3255 */
3256 if (!KEY_MGMTSET_MATCH(crypto_params, my_crypto_params)) {
3257 crypto_debug("Key mgmt match failed");
3258 return false;
3259 }
3260 if (wlan_crypto_vdev_is_pmf_required(vdev) &&
3261 !(crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED)) {
3262 crypto_debug("Peer is not PMF capable");
3263 return false;
3264 }
3265 if (!wlan_crypto_vdev_is_pmf_enabled(vdev) &&
3266 (crypto_params->rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_REQUIRED)) {
3267 crypto_debug("Peer needs PMF, but vdev is not capable");
3268 return false;
3269 }
3270
3271 return true;
3272 }
3273
3274 /*
3275 * Convert an WAPI CIPHER suite to to an internal code.
3276 */
wlan_crypto_wapi_suite_to_cipher(const uint8_t * sel)3277 static int32_t wlan_crypto_wapi_suite_to_cipher(const uint8_t *sel)
3278 {
3279 uint32_t w = LE_READ_4(sel);
3280 int32_t status = -1;
3281
3282 switch (w) {
3283 case (WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER)):
3284 return WLAN_CRYPTO_CIPHER_WAPI_SMS4;
3285 }
3286
3287 return status;
3288 }
3289
3290 /*
3291 * Convert an WAPI key management/authentication algorithm
3292 * to an internal code.
3293 */
wlan_crypto_wapi_keymgmt(const u_int8_t * sel)3294 static int32_t wlan_crypto_wapi_keymgmt(const u_int8_t *sel)
3295 {
3296 uint32_t w = LE_READ_4(sel);
3297 int32_t status = -1;
3298
3299 switch (w) {
3300 case (WLAN_WAPI_SEL(WLAN_WAI_PSK)):
3301 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK;
3302 case (WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4)):
3303 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT;
3304 }
3305
3306 return status;
3307 }
3308
wlan_crypto_wapiie_check(struct wlan_crypto_params * crypto_params,const uint8_t * frm)3309 QDF_STATUS wlan_crypto_wapiie_check(struct wlan_crypto_params *crypto_params,
3310 const uint8_t *frm)
3311 {
3312 uint8_t len = frm[1];
3313 int32_t w;
3314 int n;
3315
3316 /*
3317 * Check the length once for fixed parts: OUI, type,
3318 * version, mcast cipher, and 2 selector counts.
3319 * Other, variable-length data, must be checked separately.
3320 */
3321 SET_AUTHMODE(crypto_params, WLAN_CRYPTO_AUTH_WAPI);
3322
3323 if (len < WLAN_CRYPTO_WAPI_IE_LEN)
3324 return QDF_STATUS_E_INVAL;
3325
3326
3327 frm += 2;
3328
3329 w = LE_READ_2(frm);
3330 frm += 2, len -= 2;
3331 if (w != WAPI_VERSION)
3332 return QDF_STATUS_E_INVAL;
3333
3334 n = LE_READ_2(frm);
3335 frm += 2, len -= 2;
3336 if (len < n*4+2)
3337 return QDF_STATUS_E_INVAL;
3338
3339 for (; n > 0; n--) {
3340 w = wlan_crypto_wapi_keymgmt(frm);
3341 if (w < 0)
3342 return QDF_STATUS_E_INVAL;
3343
3344 SET_KEY_MGMT(crypto_params, w);
3345 frm += 4, len -= 4;
3346 }
3347
3348 /* unicast ciphers */
3349 n = LE_READ_2(frm);
3350 frm += 2, len -= 2;
3351 if (len < n*4+2)
3352 return QDF_STATUS_E_INVAL;
3353
3354 for (; n > 0; n--) {
3355 w = wlan_crypto_wapi_suite_to_cipher(frm);
3356 if (w < 0)
3357 return QDF_STATUS_E_INVAL;
3358 SET_UCAST_CIPHER(crypto_params, w);
3359 frm += 4, len -= 4;
3360 }
3361
3362 if (!crypto_params->ucastcipherset)
3363 return QDF_STATUS_E_INVAL;
3364
3365 /* multicast/group cipher */
3366 w = wlan_crypto_wapi_suite_to_cipher(frm);
3367
3368 if (w < 0)
3369 return QDF_STATUS_E_INVAL;
3370
3371 SET_MCAST_CIPHER(crypto_params, w);
3372 frm += 4, len -= 4;
3373
3374 return QDF_STATUS_SUCCESS;
3375 }
3376
wlan_crypto_build_wapiie(struct wlan_objmgr_vdev * vdev,uint8_t * iebuf)3377 uint8_t *wlan_crypto_build_wapiie(struct wlan_objmgr_vdev *vdev,
3378 uint8_t *iebuf)
3379 {
3380 uint8_t *frm;
3381 uint8_t *selcnt;
3382 struct wlan_crypto_comp_priv *crypto_priv;
3383 struct wlan_crypto_params *crypto_params;
3384
3385 frm = iebuf;
3386 if (!frm) {
3387 crypto_err("ie buffer NULL");
3388 return NULL;
3389 }
3390
3391 crypto_params = wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
3392
3393 if (!crypto_params) {
3394 crypto_err("crypto_params NULL");
3395 return NULL;
3396 }
3397
3398 *frm++ = WLAN_ELEMID_WAPI;
3399 *frm++ = 0;
3400
3401 WLAN_CRYPTO_ADDSHORT(frm, WAPI_VERSION);
3402
3403 /* authenticator selector list */
3404 selcnt = frm;
3405 WLAN_CRYPTO_ADDSHORT(frm, 0);
3406
3407 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK)) {
3408 selcnt[0]++;
3409 WLAN_CRYPTO_ADDSELECTOR(frm,
3410 WLAN_WAPI_SEL(WLAN_WAI_PSK));
3411 }
3412
3413 if (HAS_KEY_MGMT(crypto_params, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT)) {
3414 selcnt[0]++;
3415 WLAN_CRYPTO_ADDSELECTOR(frm,
3416 WLAN_WAPI_SEL(WLAN_WAI_CERT_OR_SMS4));
3417 }
3418
3419 /* unicast cipher list */
3420 selcnt = frm;
3421 WLAN_CRYPTO_ADDSHORT(frm, 0);
3422
3423 if (UCIPHER_IS_SMS4(crypto_params)) {
3424 selcnt[0]++;
3425 WLAN_CRYPTO_ADDSELECTOR(frm,
3426 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER));
3427 }
3428
3429 WLAN_CRYPTO_ADDSELECTOR(frm,
3430 WLAN_WAPI_SEL(WLAN_CRYPTO_WAPI_SMS4_CIPHER));
3431
3432 /* optional capabilities */
3433 WLAN_CRYPTO_ADDSHORT(frm, crypto_params->rsn_caps);
3434
3435 /* bkid count */
3436 if (vdev->vdev_mlme.vdev_opmode == QDF_STA_MODE ||
3437 vdev->vdev_mlme.vdev_opmode == QDF_P2P_CLIENT_MODE)
3438 WLAN_CRYPTO_ADDSHORT(frm, 0);
3439
3440 /* calculate element length */
3441 iebuf[1] = frm - iebuf - 2;
3442
3443 return frm;
3444
3445 }
3446
wlan_crypto_pn_check(struct wlan_objmgr_vdev * vdev,qdf_nbuf_t wbuf)3447 QDF_STATUS wlan_crypto_pn_check(struct wlan_objmgr_vdev *vdev,
3448 qdf_nbuf_t wbuf)
3449 {
3450 /* Need to check is there real requirement for this function
3451 * as PN check is already handled in decap function.
3452 */
3453 return QDF_STATUS_SUCCESS;
3454 }
3455
wlan_crypto_vdev_get_crypto_params(struct wlan_objmgr_vdev * vdev)3456 struct wlan_crypto_params *wlan_crypto_vdev_get_crypto_params(
3457 struct wlan_objmgr_vdev *vdev)
3458 {
3459 struct wlan_crypto_comp_priv *crypto_priv;
3460
3461 return wlan_crypto_vdev_get_comp_params(vdev, &crypto_priv);
3462 }
3463
wlan_crypto_peer_get_crypto_params(struct wlan_objmgr_peer * peer)3464 struct wlan_crypto_params *wlan_crypto_peer_get_crypto_params(
3465 struct wlan_objmgr_peer *peer)
3466 {
3467 struct wlan_crypto_comp_priv *crypto_priv;
3468
3469 return wlan_crypto_peer_get_comp_params(peer, &crypto_priv);
3470 }
3471
3472
wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev * vdev,struct wlan_objmgr_peer * peer)3473 QDF_STATUS wlan_crypto_set_peer_wep_keys(struct wlan_objmgr_vdev *vdev,
3474 struct wlan_objmgr_peer *peer)
3475 {
3476 struct wlan_crypto_comp_priv *crypto_priv;
3477 struct wlan_crypto_comp_priv *sta_crypto_priv;
3478 struct wlan_crypto_params *crypto_params;
3479 struct wlan_crypto_key *key;
3480 struct wlan_crypto_key *sta_key;
3481 struct wlan_crypto_keys *sta_priv = NULL;
3482 struct wlan_crypto_cipher *cipher_table;
3483 struct wlan_objmgr_psoc *psoc;
3484 struct wlan_lmac_if_tx_ops *tx_ops;
3485 uint8_t *mac_addr;
3486 int i;
3487 enum QDF_OPMODE opmode;
3488 QDF_STATUS status = QDF_STATUS_SUCCESS;
3489
3490 if (!vdev)
3491 return QDF_STATUS_E_NULL_VALUE;
3492
3493 if (!peer) {
3494 crypto_debug("peer NULL");
3495 return QDF_STATUS_E_INVAL;
3496 }
3497
3498 opmode = wlan_vdev_mlme_get_opmode(vdev);
3499 psoc = wlan_vdev_get_psoc(vdev);
3500
3501 if (!psoc) {
3502 crypto_err("psoc NULL");
3503 return QDF_STATUS_E_NULL_VALUE;
3504 }
3505
3506 wlan_peer_obj_lock(peer);
3507 mac_addr = wlan_peer_get_macaddr(peer);
3508 wlan_peer_obj_unlock(peer);
3509
3510 crypto_params = wlan_crypto_vdev_get_comp_params(vdev,
3511 &crypto_priv);
3512 if (!crypto_priv) {
3513 crypto_err("crypto_priv NULL");
3514 return QDF_STATUS_E_NULL_VALUE;
3515 }
3516
3517 /* push only valid static WEP keys from vap */
3518 if (AUTH_IS_8021X(crypto_params))
3519 return QDF_STATUS_E_INVAL;
3520
3521 if (opmode == QDF_STA_MODE) {
3522 peer = wlan_objmgr_vdev_try_get_bsspeer(vdev, WLAN_CRYPTO_ID);
3523 if (!peer) {
3524 crypto_debug("peer NULL");
3525 return QDF_STATUS_E_INVAL;
3526 }
3527 }
3528
3529 wlan_crypto_peer_get_comp_params(peer, &sta_crypto_priv);
3530 if (!sta_crypto_priv) {
3531 crypto_err("sta priv is null");
3532 status = QDF_STATUS_E_INVAL;
3533 goto exit;
3534 }
3535
3536 sta_priv = &sta_crypto_priv->crypto_key;
3537
3538 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) {
3539 if (crypto_priv->crypto_key.key[i]) {
3540 key = crypto_priv->crypto_key.key[i];
3541 if (!key || !key->valid)
3542 continue;
3543
3544 cipher_table = (struct wlan_crypto_cipher *)
3545 key->cipher_table;
3546
3547 if (!cipher_table)
3548 continue;
3549 if (cipher_table->cipher == WLAN_CRYPTO_CIPHER_WEP) {
3550 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
3551 if (!tx_ops) {
3552 crypto_err("tx_ops is NULL");
3553 return QDF_STATUS_E_INVAL;
3554 }
3555
3556 sta_key = qdf_mem_malloc(
3557 sizeof(struct wlan_crypto_key));
3558 if (!sta_key) {
3559 status = QDF_STATUS_E_NOMEM;
3560 goto exit;
3561 }
3562
3563 sta_priv->key[i] = sta_key;
3564 qdf_mem_copy(sta_key, key,
3565 sizeof(struct wlan_crypto_key));
3566
3567 sta_key->flags &= ~WLAN_CRYPTO_KEY_DEFAULT;
3568
3569 if (crypto_priv->crypto_key.def_tx_keyid == i) {
3570 sta_key->flags
3571 |= WLAN_CRYPTO_KEY_DEFAULT;
3572 sta_priv->def_tx_keyid =
3573 crypto_priv->crypto_key.def_tx_keyid;
3574 }
3575 /* setting the broadcast/multicast key for sta*/
3576 if (opmode == QDF_STA_MODE ||
3577 opmode == QDF_IBSS_MODE){
3578 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
3579 WLAN_CRYPTO_TX_OPS_SETKEY(
3580 tx_ops)(vdev, sta_key,
3581 mac_addr,
3582 cipher_table->cipher);
3583 }
3584 }
3585
3586 /* setting unicast key */
3587 sta_key->flags &= ~WLAN_CRYPTO_KEY_GROUP;
3588 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
3589 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)(
3590 vdev, sta_key,
3591 mac_addr,
3592 cipher_table->cipher);
3593 }
3594 }
3595 }
3596 }
3597
3598 exit:
3599 if (opmode == QDF_STA_MODE)
3600 wlan_objmgr_peer_release_ref(peer, WLAN_CRYPTO_ID);
3601
3602 return status;
3603 }
3604
wlan_crypto_register_crypto_rx_ops(struct wlan_lmac_if_crypto_rx_ops * crypto_rx_ops)3605 QDF_STATUS wlan_crypto_register_crypto_rx_ops(
3606 struct wlan_lmac_if_crypto_rx_ops *crypto_rx_ops)
3607 {
3608 crypto_rx_ops->crypto_encap = wlan_crypto_encap;
3609 crypto_rx_ops->crypto_decap = wlan_crypto_decap;
3610 crypto_rx_ops->crypto_enmic = wlan_crypto_enmic;
3611 crypto_rx_ops->crypto_demic = wlan_crypto_demic;
3612 crypto_rx_ops->set_peer_wep_keys = wlan_crypto_set_peer_wep_keys;
3613
3614 return QDF_STATUS_SUCCESS;
3615 }
3616
wlan_crypto_get_crypto_rx_ops(struct wlan_objmgr_psoc * psoc)3617 struct wlan_lmac_if_crypto_rx_ops *wlan_crypto_get_crypto_rx_ops(
3618 struct wlan_objmgr_psoc *psoc)
3619 {
3620 struct wlan_lmac_if_rx_ops *rx_ops;
3621
3622 rx_ops = wlan_psoc_get_lmac_if_rxops(psoc);
3623
3624 if (!rx_ops) {
3625 crypto_err("rx_ops is NULL");
3626 return NULL;
3627 }
3628
3629 return &rx_ops->crypto_rx_ops;
3630 }
3631 qdf_export_symbol(wlan_crypto_get_crypto_rx_ops);
3632
wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev * vdev,wlan_crypto_auth_mode authvalue)3633 bool wlan_crypto_vdev_has_auth_mode(struct wlan_objmgr_vdev *vdev,
3634 wlan_crypto_auth_mode authvalue)
3635 {
3636 int res;
3637
3638 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_AUTH_MODE);
3639
3640 if (res != -1)
3641 return (res & authvalue) ? true : false;
3642 return false;
3643 }
3644 qdf_export_symbol(wlan_crypto_vdev_has_auth_mode);
3645
wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer * peer,wlan_crypto_auth_mode authvalue)3646 bool wlan_crypto_peer_has_auth_mode(struct wlan_objmgr_peer *peer,
3647 wlan_crypto_auth_mode authvalue)
3648 {
3649 int res;
3650
3651 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_AUTH_MODE);
3652
3653 if (res != -1)
3654 return (res & authvalue) ? true : false;
3655
3656 return false;
3657 }
3658 qdf_export_symbol(wlan_crypto_peer_has_auth_mode);
3659
wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev * vdev,wlan_crypto_cipher_type ucastcipher)3660 bool wlan_crypto_vdev_has_ucastcipher(struct wlan_objmgr_vdev *vdev,
3661 wlan_crypto_cipher_type ucastcipher)
3662 {
3663 int res;
3664
3665 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_UCAST_CIPHER);
3666
3667 if (res != -1)
3668 return (res & ucastcipher) ? true : false;
3669
3670 return false;
3671 }
3672 qdf_export_symbol(wlan_crypto_vdev_has_ucastcipher);
3673
wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer * peer,wlan_crypto_cipher_type ucastcipher)3674 bool wlan_crypto_peer_has_ucastcipher(struct wlan_objmgr_peer *peer,
3675 wlan_crypto_cipher_type ucastcipher)
3676 {
3677 int res;
3678
3679 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_UCAST_CIPHER);
3680
3681 if (res != -1)
3682 return (res & ucastcipher) ? true : false;
3683
3684 return false;
3685 }
3686 qdf_export_symbol(wlan_crypto_peer_has_ucastcipher);
3687
wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev * vdev,wlan_crypto_cipher_type mcastcipher)3688 bool wlan_crypto_vdev_has_mcastcipher(struct wlan_objmgr_vdev *vdev,
3689 wlan_crypto_cipher_type mcastcipher)
3690 {
3691 int res;
3692
3693 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MCAST_CIPHER);
3694
3695 if (res != -1)
3696 return (res & mcastcipher) ? true : false;
3697
3698 return false;
3699 }
3700 qdf_export_symbol(wlan_crypto_vdev_has_mcastcipher);
3701
wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer * peer,wlan_crypto_cipher_type mcastcipher)3702 bool wlan_crypto_peer_has_mcastcipher(struct wlan_objmgr_peer *peer,
3703 wlan_crypto_cipher_type mcastcipher)
3704 {
3705 int res;
3706
3707 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MCAST_CIPHER);
3708
3709 if (res != -1)
3710 return (res & mcastcipher) ? true : false;
3711
3712 return false;
3713 }
3714 qdf_export_symbol(wlan_crypto_peer_has_mcastcipher);
3715
wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev * vdev,uint32_t mgmtcipher)3716 bool wlan_crypto_vdev_has_mgmtcipher(struct wlan_objmgr_vdev *vdev,
3717 uint32_t mgmtcipher)
3718 {
3719 int res;
3720
3721 res = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_MGMT_CIPHER);
3722
3723 if (res != -1)
3724 return (res & mgmtcipher) ? true : false;
3725
3726 return false;
3727 }
3728
3729 qdf_export_symbol(wlan_crypto_vdev_has_mgmtcipher);
3730
wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer * peer,uint32_t mgmtcipher)3731 bool wlan_crypto_peer_has_mgmtcipher(struct wlan_objmgr_peer *peer,
3732 uint32_t mgmtcipher)
3733 {
3734 int res;
3735
3736 res = wlan_crypto_get_peer_param(peer, WLAN_CRYPTO_PARAM_MGMT_CIPHER);
3737
3738 if (res != -1)
3739 return (res & mgmtcipher) ? true : false;
3740
3741 return false;
3742 }
3743
3744 qdf_export_symbol(wlan_crypto_peer_has_mgmtcipher);
3745
wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer * peer)3746 uint8_t wlan_crypto_get_peer_fils_aead(struct wlan_objmgr_peer *peer)
3747 {
3748 struct wlan_crypto_comp_priv *crypto_priv = NULL;
3749
3750 if (!peer) {
3751 crypto_err("Invalid Input");
3752 return 0;
3753 }
3754
3755 crypto_priv = wlan_get_peer_crypto_obj(peer);
3756 if (!crypto_priv) {
3757 crypto_err("crypto_priv NULL");
3758 return 0;
3759 }
3760
3761 return crypto_priv->fils_aead_set;
3762 }
3763
3764 void
wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer * peer,uint8_t value)3765 wlan_crypto_set_peer_fils_aead(struct wlan_objmgr_peer *peer, uint8_t value)
3766 {
3767 struct wlan_crypto_comp_priv *crypto_priv = NULL;
3768
3769 if (!peer) {
3770 crypto_err("Invalid Input");
3771 return;
3772 }
3773
3774 crypto_priv = wlan_get_peer_crypto_obj(peer);
3775 if (!crypto_priv) {
3776 crypto_err("crypto_priv NULL");
3777 return;
3778 }
3779
3780 crypto_priv->fils_aead_set = value;
3781 }
3782
wlan_crypto_get_key_header(struct wlan_crypto_key * key)3783 uint8_t wlan_crypto_get_key_header(struct wlan_crypto_key *key)
3784 {
3785 struct wlan_crypto_cipher *cipher_table;
3786
3787 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
3788 if (cipher_table)
3789 return cipher_table->header;
3790 else
3791 return 0;
3792 }
3793
3794 qdf_export_symbol(wlan_crypto_get_key_header);
3795
wlan_crypto_get_key_trailer(struct wlan_crypto_key * key)3796 uint8_t wlan_crypto_get_key_trailer(struct wlan_crypto_key *key)
3797 {
3798 struct wlan_crypto_cipher *cipher_table;
3799
3800 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
3801 if (cipher_table)
3802 return cipher_table->trailer;
3803 else
3804 return 0;
3805 }
3806
3807 qdf_export_symbol(wlan_crypto_get_key_trailer);
3808
wlan_crypto_get_key_miclen(struct wlan_crypto_key * key)3809 uint8_t wlan_crypto_get_key_miclen(struct wlan_crypto_key *key)
3810 {
3811 struct wlan_crypto_cipher *cipher_table;
3812
3813 cipher_table = (struct wlan_crypto_cipher *)key->cipher_table;
3814 if (cipher_table)
3815 return cipher_table->miclen;
3816 else
3817 return 0;
3818 }
3819
3820 qdf_export_symbol(wlan_crypto_get_key_miclen);
3821
wlan_crypto_get_keyid(uint8_t * data,int hdrlen)3822 uint16_t wlan_crypto_get_keyid(uint8_t *data, int hdrlen)
3823 {
3824 struct wlan_frame_hdr *hdr = (struct wlan_frame_hdr *)data;
3825 uint8_t *iv;
3826 uint8_t stype = WLAN_FC0_GET_STYPE(hdr->i_fc[0]);
3827 uint8_t type = WLAN_FC0_GET_TYPE(hdr->i_fc[0]);
3828
3829 /*
3830 * In FILS SK (Re)Association request/response frame has
3831 * to be decrypted
3832 */
3833 if ((type == WLAN_FC0_TYPE_MGMT) &&
3834 ((stype == WLAN_FC0_STYPE_ASSOC_REQ) ||
3835 (stype == WLAN_FC0_STYPE_REASSOC_REQ) ||
3836 (stype == WLAN_FC0_STYPE_ASSOC_RESP) ||
3837 (stype == WLAN_FC0_STYPE_REASSOC_RESP))) {
3838 return 0;
3839 }
3840
3841 if (hdr->i_fc[1] & WLAN_FC1_ISWEP) {
3842 iv = data + hdrlen;
3843 /*
3844 * iv[3] is the Key ID octet in the CCMP/TKIP/WEP headers
3845 * Bits 6–7 of the Key ID octet are for the Key ID subfield
3846 */
3847 return ((iv[3] >> 6) & 0x3);
3848 } else {
3849 return WLAN_CRYPTO_KEYIX_NONE;
3850 }
3851 }
3852
3853 qdf_export_symbol(wlan_crypto_get_keyid);
3854
3855 /**
3856 * crypto_plumb_peer_keys() - called during radio reset
3857 * @vdev: vdev
3858 * @object: peer
3859 * @arg: psoc
3860 *
3861 * Restore unicast and persta hardware keys
3862 *
3863 * Return: void
3864 */
crypto_plumb_peer_keys(struct wlan_objmgr_vdev * vdev,void * object,void * arg)3865 static void crypto_plumb_peer_keys(struct wlan_objmgr_vdev *vdev,
3866 void *object, void *arg)
3867 {
3868 struct wlan_objmgr_peer *peer = (struct wlan_objmgr_peer *)object;
3869 struct wlan_objmgr_psoc *psoc = (struct wlan_objmgr_psoc *)arg;
3870 struct wlan_crypto_comp_priv *crypto_priv;
3871 struct wlan_crypto_params *crypto_params;
3872 struct wlan_crypto_key *key = NULL;
3873 struct wlan_lmac_if_tx_ops *tx_ops;
3874 int i;
3875
3876 if ((!peer) || (!vdev) || (!psoc)) {
3877 crypto_err("Peer or vdev or psoc objects are null!");
3878 return;
3879 }
3880
3881 crypto_params = wlan_crypto_peer_get_comp_params(peer,
3882 &crypto_priv);
3883
3884 if (!crypto_priv) {
3885 crypto_err("crypto_priv NULL");
3886 return;
3887 }
3888
3889 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) {
3890 key = crypto_priv->crypto_key.key[i];
3891 if (key && key->valid) {
3892 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
3893
3894 if (!tx_ops) {
3895 crypto_err("tx_ops is NULL");
3896 return;
3897 }
3898 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
3899 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)
3900 (
3901 vdev,
3902 key,
3903 wlan_peer_get_macaddr(peer),
3904 wlan_crypto_get_key_type(key)
3905 );
3906 }
3907 }
3908 }
3909 }
3910
wlan_crypto_restore_keys(struct wlan_objmgr_vdev * vdev)3911 void wlan_crypto_restore_keys(struct wlan_objmgr_vdev *vdev)
3912 {
3913 int i;
3914 struct wlan_crypto_comp_priv *crypto_priv;
3915 struct wlan_crypto_params *crypto_params;
3916 struct wlan_crypto_key *key;
3917 uint8_t macaddr[QDF_MAC_ADDR_SIZE] =
3918 {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
3919 struct wlan_objmgr_pdev *pdev = NULL;
3920 struct wlan_objmgr_psoc *psoc = NULL;
3921 struct wlan_lmac_if_tx_ops *tx_ops;
3922
3923 pdev = wlan_vdev_get_pdev(vdev);
3924 psoc = wlan_vdev_get_psoc(vdev);
3925 if (!pdev) {
3926 crypto_err("pdev is NULL");
3927 return;
3928 }
3929 if (!psoc) {
3930 crypto_err("psoc is NULL");
3931 return;
3932 }
3933
3934 /* TBD: QWRAP key restore*/
3935 /* crypto is on */
3936 if (wlan_vdev_mlme_feat_cap_get(vdev, WLAN_VDEV_F_PRIVACY)) {
3937 /* restore static shared keys */
3938 for (i = 0; i < WLAN_CRYPTO_MAXKEYIDX; i++) {
3939 crypto_params = wlan_crypto_vdev_get_comp_params
3940 (
3941 vdev,
3942 &crypto_priv
3943 );
3944 if (!crypto_priv) {
3945 crypto_err("crypto_priv is NULL");
3946 return;
3947 }
3948 key = crypto_priv->crypto_key.key[i];
3949 if (key && key->valid) {
3950 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
3951 if (!tx_ops) {
3952 crypto_err("tx_ops is NULL");
3953 return;
3954 }
3955 if (WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)) {
3956 WLAN_CRYPTO_TX_OPS_SETKEY(tx_ops)
3957 (
3958 vdev,
3959 key,
3960 macaddr,
3961 wlan_crypto_get_key_type(key)
3962 );
3963 }
3964 }
3965 }
3966
3967 wlan_objmgr_iterate_peerobj_list(vdev,
3968 crypto_plumb_peer_keys,
3969 psoc,
3970 WLAN_CRYPTO_ID);
3971 }
3972 }
3973
3974 QDF_STATUS
wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params * crypto_params,const uint8_t * ie_ptr,uint16_t ie_len)3975 wlan_get_crypto_params_from_rsn_ie(struct wlan_crypto_params *crypto_params,
3976 const uint8_t *ie_ptr, uint16_t ie_len)
3977 {
3978 const uint8_t *rsn_ie = NULL;
3979 QDF_STATUS status;
3980
3981 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params));
3982 rsn_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSN, ie_ptr, ie_len);
3983 if (!rsn_ie) {
3984 crypto_debug("RSN IE not present");
3985 return QDF_STATUS_E_INVAL;
3986 }
3987
3988 status = wlan_crypto_rsnie_check(crypto_params, rsn_ie);
3989 if (QDF_STATUS_SUCCESS != status) {
3990 crypto_err("RSN IE check failed");
3991 return status;
3992 }
3993
3994 return QDF_STATUS_SUCCESS;
3995 }
3996
3997 QDF_STATUS
wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params * crypto_params,const uint8_t * ie_ptr,uint16_t ie_len)3998 wlan_get_crypto_params_from_wpa_ie(struct wlan_crypto_params *crypto_params,
3999 const uint8_t *ie_ptr, uint16_t ie_len)
4000 {
4001 const uint8_t *wpa_ie = NULL;
4002 uint32_t wpa_oui;
4003 QDF_STATUS status;
4004
4005 qdf_mem_zero(crypto_params, sizeof(struct wlan_crypto_params));
4006
4007 wpa_oui = WLAN_WPA_SEL(WLAN_WPA_OUI_TYPE);
4008 wpa_ie = wlan_get_vendor_ie_ptr_from_oui((uint8_t *)&wpa_oui,
4009 WLAN_OUI_SIZE, ie_ptr, ie_len);
4010 if (!wpa_ie) {
4011 crypto_debug("WPA IE not present");
4012 return QDF_STATUS_E_INVAL;
4013 }
4014
4015 status = wlan_crypto_wpaie_check(crypto_params, wpa_ie);
4016 if (QDF_STATUS_SUCCESS != status) {
4017 crypto_err("WPA IE check failed");
4018 return status;
4019 }
4020
4021 return QDF_STATUS_SUCCESS;
4022 }
4023
4024 #ifdef FEATURE_WLAN_WAPI
4025 QDF_STATUS
wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params * crypto_params,const uint8_t * ie_ptr,uint16_t ie_len)4026 wlan_get_crypto_params_from_wapi_ie(struct wlan_crypto_params *crypto_params,
4027 const uint8_t *ie_ptr, uint16_t ie_len)
4028 {
4029 const uint8_t *wapi_ie;
4030 QDF_STATUS status;
4031
4032 qdf_mem_zero(crypto_params, sizeof(*crypto_params));
4033 wapi_ie = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_WAPI, ie_ptr, ie_len);
4034 if (!wapi_ie) {
4035 crypto_debug("WAPI ie not present");
4036 return QDF_STATUS_E_INVAL;
4037 }
4038
4039 status = wlan_crypto_wapiie_check(crypto_params, wapi_ie);
4040 if (QDF_IS_STATUS_ERROR(status)) {
4041 crypto_err("WAPI IE check failed");
4042 return status;
4043 }
4044
4045 return QDF_STATUS_SUCCESS;
4046 }
4047 #endif
4048
wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc * psoc,uint8_t vdev_id,uint8_t * ie_ptr,uint16_t ie_len,struct wlan_crypto_params * peer_crypto_params)4049 bool wlan_crypto_check_rsn_match(struct wlan_objmgr_psoc *psoc,
4050 uint8_t vdev_id, uint8_t *ie_ptr,
4051 uint16_t ie_len, struct wlan_crypto_params *
4052 peer_crypto_params)
4053 {
4054 struct wlan_objmgr_vdev *vdev;
4055 bool match = true;
4056 QDF_STATUS status;
4057
4058 if (!psoc) {
4059 crypto_err("PSOC is NULL");
4060 return false;
4061 }
4062 status = wlan_get_crypto_params_from_rsn_ie(peer_crypto_params,
4063 ie_ptr, ie_len);
4064 if (QDF_STATUS_SUCCESS != status) {
4065 crypto_err("get crypto prarams from RSN IE failed");
4066 return false;
4067 }
4068 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id,
4069 WLAN_CRYPTO_ID);
4070 if (!vdev) {
4071 crypto_err("vdev is NULL");
4072 return false;
4073 }
4074
4075 match = wlan_crypto_rsn_info(vdev, peer_crypto_params);
4076
4077 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID);
4078
4079 return match;
4080 }
4081
wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc * psoc,uint8_t vdev_id,uint8_t * ie_ptr,uint16_t ie_len,struct wlan_crypto_params * peer_crypto_params)4082 bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc,
4083 uint8_t vdev_id, uint8_t *ie_ptr,
4084 uint16_t ie_len, struct wlan_crypto_params *
4085 peer_crypto_params)
4086 {
4087 struct wlan_objmgr_vdev *vdev;
4088 bool match = true;
4089 QDF_STATUS status;
4090
4091 if (!psoc) {
4092 crypto_err("PSOC is NULL");
4093 return false;
4094 }
4095 vdev = wlan_objmgr_get_vdev_by_id_from_psoc(psoc, vdev_id,
4096 WLAN_CRYPTO_ID);
4097 if (!vdev) {
4098 crypto_err("vdev is NULL");
4099 return false;
4100 }
4101
4102 status = wlan_get_crypto_params_from_wpa_ie(peer_crypto_params,
4103 ie_ptr, ie_len);
4104 if (QDF_STATUS_SUCCESS != status) {
4105 crypto_err("get crypto prarams from WPA IE failed");
4106 match = false;
4107 goto send_res;
4108 }
4109 match = wlan_crypto_rsn_info(vdev, peer_crypto_params);
4110
4111 send_res:
4112 wlan_objmgr_vdev_release_ref(vdev, WLAN_CRYPTO_ID);
4113
4114 return match;
4115 }
4116
4117
4118 static void
wlan_crypto_merge_prarams(struct wlan_crypto_params * dst_params,struct wlan_crypto_params * src_params)4119 wlan_crypto_merge_prarams(struct wlan_crypto_params *dst_params,
4120 struct wlan_crypto_params *src_params)
4121 {
4122 dst_params->authmodeset |= src_params->authmodeset;
4123 dst_params->ucastcipherset |= src_params->ucastcipherset;
4124 dst_params->mcastcipherset |= src_params->mcastcipherset;
4125 dst_params->mgmtcipherset |= src_params->mgmtcipherset;
4126 dst_params->cipher_caps |= src_params->cipher_caps;
4127 dst_params->key_mgmt |= src_params->key_mgmt;
4128 dst_params->rsn_caps |= src_params->rsn_caps;
4129 }
4130
4131 static void
wlan_crypto_reset_prarams(struct wlan_crypto_params * params)4132 wlan_crypto_reset_prarams(struct wlan_crypto_params *params)
4133 {
4134 params->authmodeset = 0;
4135 params->ucastcipherset = 0;
4136 params->mcastcipherset = 0;
4137 params->mgmtcipherset = 0;
4138 params->key_mgmt = 0;
4139 params->rsn_caps = 0;
4140 }
4141
4142 const uint8_t *
wlan_crypto_parse_rsnxe_ie(const uint8_t * rsnxe_ie,uint8_t * cap_len)4143 wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len)
4144 {
4145 uint8_t len;
4146 const uint8_t *ie;
4147
4148 if (!rsnxe_ie)
4149 return NULL;
4150
4151 ie = rsnxe_ie;
4152 len = ie[1];
4153 ie += 2;
4154
4155 if (!len)
4156 return NULL;
4157
4158 *cap_len = ie[0] & 0xf;
4159
4160 return ie;
4161 }
4162
wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev * vdev,uint8_t * ie_ptr,uint16_t ie_len)4163 QDF_STATUS wlan_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev,
4164 uint8_t *ie_ptr,
4165 uint16_t ie_len)
4166 {
4167 struct wlan_crypto_params crypto_params;
4168 QDF_STATUS status;
4169 struct wlan_crypto_params *vdev_crypto_params;
4170 struct wlan_crypto_comp_priv *crypto_priv;
4171 bool send_fail = false;
4172
4173 if (!vdev) {
4174 crypto_err("VDEV is NULL");
4175 return QDF_STATUS_E_FAILURE;
4176 }
4177
4178 if (!ie_ptr) {
4179 crypto_err("IE ptr is NULL");
4180 return QDF_STATUS_E_FAILURE;
4181 }
4182
4183 crypto_priv = (struct wlan_crypto_comp_priv *)
4184 wlan_get_vdev_crypto_obj(vdev);
4185
4186 if (!crypto_priv) {
4187 crypto_err("crypto_priv NULL");
4188 return QDF_STATUS_E_FAILURE;
4189 }
4190
4191 vdev_crypto_params = &crypto_priv->crypto_params;
4192
4193 wlan_crypto_reset_prarams(vdev_crypto_params);
4194 status = wlan_get_crypto_params_from_rsn_ie(&crypto_params,
4195 ie_ptr, ie_len);
4196 if (QDF_IS_STATUS_SUCCESS(status))
4197 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params);
4198 else
4199 send_fail = true;
4200
4201 status = wlan_get_crypto_params_from_wpa_ie(&crypto_params,
4202 ie_ptr, ie_len);
4203 if (QDF_IS_STATUS_SUCCESS(status)) {
4204 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params);
4205 send_fail = false;
4206 }
4207
4208 status = wlan_get_crypto_params_from_wapi_ie(&crypto_params,
4209 ie_ptr, ie_len);
4210 if (QDF_IS_STATUS_SUCCESS(status)) {
4211 wlan_crypto_merge_prarams(vdev_crypto_params, &crypto_params);
4212 send_fail = false;
4213 }
4214
4215 return send_fail ? QDF_STATUS_E_FAILURE : QDF_STATUS_SUCCESS;
4216 }
4217
wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev * vdev,bool igtk)4218 int8_t wlan_crypto_get_default_key_idx(struct wlan_objmgr_vdev *vdev, bool igtk)
4219 {
4220 struct wlan_crypto_comp_priv *crypto_priv;
4221
4222 crypto_priv = wlan_get_vdev_crypto_obj(vdev);
4223 if (!crypto_priv) {
4224 crypto_err("crypto_priv NULL");
4225 return QDF_STATUS_E_FAILURE;
4226 }
4227
4228 if (igtk)
4229 return crypto_priv->crypto_key.def_igtk_tx_keyid;
4230 else
4231 return crypto_priv->crypto_key.def_tx_keyid;
4232 }
4233
4234 enum wlan_crypto_cipher_type
wlan_crypto_get_cipher(struct wlan_objmgr_vdev * vdev,bool pairwise,uint8_t key_index)4235 wlan_crypto_get_cipher(struct wlan_objmgr_vdev *vdev,
4236 bool pairwise, uint8_t key_index)
4237 {
4238 struct wlan_crypto_key *crypto_key;
4239
4240 crypto_key = wlan_crypto_get_key(vdev, key_index);
4241
4242 if (crypto_key)
4243 return crypto_key->cipher_type;
4244 else
4245 return WLAN_CRYPTO_CIPHER_INVALID;
4246 }
4247
wlan_crypto_get_secure_akm_available(uint32_t akm)4248 wlan_crypto_key_mgmt wlan_crypto_get_secure_akm_available(uint32_t akm)
4249 {
4250 if (!akm)
4251 return WLAN_CRYPTO_KEY_MGMT_MAX;
4252 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384))
4253 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384;
4254 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256))
4255 return WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256;
4256 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA384))
4257 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA384;
4258 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FILS_SHA256))
4259 return WLAN_CRYPTO_KEY_MGMT_FILS_SHA256;
4260 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384))
4261 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X_SHA384;
4262 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192))
4263 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192;
4264 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B))
4265 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B;
4266 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY))
4267 return WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY;
4268 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY))
4269 return WLAN_CRYPTO_KEY_MGMT_SAE_EXT_KEY;
4270 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_SAE))
4271 return WLAN_CRYPTO_KEY_MGMT_FT_SAE;
4272 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_SAE))
4273 return WLAN_CRYPTO_KEY_MGMT_SAE;
4274 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OWE))
4275 return WLAN_CRYPTO_KEY_MGMT_OWE;
4276 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_DPP))
4277 return WLAN_CRYPTO_KEY_MGMT_DPP;
4278 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256))
4279 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SHA256;
4280 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X))
4281 return WLAN_CRYPTO_KEY_MGMT_FT_IEEE8021X;
4282 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X))
4283 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X;
4284 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384))
4285 return WLAN_CRYPTO_KEY_MGMT_FT_PSK_SHA384;
4286 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA384))
4287 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA384;
4288 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK_SHA256))
4289 return WLAN_CRYPTO_KEY_MGMT_PSK_SHA256;
4290 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_FT_PSK))
4291 return WLAN_CRYPTO_KEY_MGMT_FT_PSK;
4292 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_PSK))
4293 return WLAN_CRYPTO_KEY_MGMT_PSK;
4294 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_PSK))
4295 return WLAN_CRYPTO_KEY_MGMT_WAPI_PSK;
4296 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WAPI_CERT))
4297 return WLAN_CRYPTO_KEY_MGMT_WAPI_CERT;
4298 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_CCKM))
4299 return WLAN_CRYPTO_KEY_MGMT_CCKM;
4300 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_OSEN))
4301 return WLAN_CRYPTO_KEY_MGMT_OSEN;
4302 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WPS))
4303 return WLAN_CRYPTO_KEY_MGMT_WPS;
4304 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_IEEE8021X_NO_WPA))
4305 return WLAN_CRYPTO_KEY_MGMT_IEEE8021X_NO_WPA;
4306 else if (QDF_HAS_PARAM(akm, WLAN_CRYPTO_KEY_MGMT_WPA_NONE))
4307 return WLAN_CRYPTO_KEY_MGMT_WPA_NONE;
4308 else /* Return MAX if no AKM matches */
4309 return WLAN_CRYPTO_KEY_MGMT_MAX;
4310 }
4311
4312 #ifdef CRYPTO_SET_KEY_CONVERGED
wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher,uint8_t key_index,uint8_t key_len,uint8_t seq_len)4313 QDF_STATUS wlan_crypto_validate_key_params(enum wlan_crypto_cipher_type cipher,
4314 uint8_t key_index, uint8_t key_len,
4315 uint8_t seq_len)
4316 {
4317 if (!is_valid_keyix(key_index)) {
4318 crypto_err("Invalid Key index %d", key_index);
4319 return QDF_STATUS_E_INVAL;
4320 }
4321 if (cipher == WLAN_CRYPTO_CIPHER_INVALID) {
4322 crypto_err("Invalid Cipher %d", cipher);
4323 return QDF_STATUS_E_INVAL;
4324 }
4325 if ((!(cipher == WLAN_CRYPTO_CIPHER_AES_CMAC ||
4326 cipher == WLAN_CRYPTO_CIPHER_AES_CMAC_256 ||
4327 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC ||
4328 cipher == WLAN_CRYPTO_CIPHER_AES_GMAC_256)) &&
4329 (key_index >= WLAN_CRYPTO_MAXKEYIDX)) {
4330 crypto_err("Invalid key index %d for cipher %d",
4331 key_index, cipher);
4332 return QDF_STATUS_E_INVAL;
4333 }
4334 if (key_len > (WLAN_CRYPTO_KEYBUF_SIZE + WLAN_CRYPTO_MICBUF_SIZE)) {
4335 crypto_err("Invalid key length %d", key_len);
4336 return QDF_STATUS_E_INVAL;
4337 }
4338
4339 if (seq_len > WLAN_CRYPTO_RSC_SIZE) {
4340 crypto_err("Invalid seq length %d", seq_len);
4341 return QDF_STATUS_E_INVAL;
4342 }
4343
4344 crypto_debug("key: idx:%d, len:%d, seq len:%d",
4345 key_index, key_len, seq_len);
4346
4347 return QDF_STATUS_SUCCESS;
4348 }
4349
4350 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE
is_mlo_adv_enable(void)4351 static bool is_mlo_adv_enable(void)
4352 {
4353 return true;
4354 }
4355 #else
is_mlo_adv_enable(void)4356 static bool is_mlo_adv_enable(void)
4357 {
4358 return false;
4359 }
4360
4361 #endif
4362
4363 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE
wlan_crypto_save_ml_sta_key(struct wlan_objmgr_psoc * psoc,uint8_t key_index,struct wlan_crypto_key * crypto_key,struct qdf_mac_addr * link_addr,uint8_t link_id)4364 QDF_STATUS wlan_crypto_save_ml_sta_key(
4365 struct wlan_objmgr_psoc *psoc,
4366 uint8_t key_index,
4367 struct wlan_crypto_key *crypto_key,
4368 struct qdf_mac_addr *link_addr, uint8_t link_id)
4369 {
4370 struct crypto_psoc_priv_obj *crypto_psoc_obj;
4371 int status = QDF_STATUS_SUCCESS;
4372
4373 crypto_debug("save crypto key index %d link_id %d link addr "
4374 QDF_MAC_ADDR_FMT, key_index, link_id,
4375 QDF_MAC_ADDR_REF(link_addr->bytes));
4376 if (!is_valid_keyix(key_index)) {
4377 crypto_err("Invalid Key index %d", key_index);
4378 return QDF_STATUS_E_FAILURE;
4379 }
4380
4381 crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj(
4382 psoc,
4383 WLAN_UMAC_COMP_CRYPTO);
4384 if (!crypto_psoc_obj) {
4385 crypto_err("crypto_psoc_obj NULL");
4386 return QDF_STATUS_E_FAILURE;
4387 }
4388
4389 crypto_key->valid = true;
4390
4391 status = crypto_add_entry(crypto_psoc_obj,
4392 link_id, (uint8_t *)link_addr,
4393 crypto_key, key_index);
4394 if (QDF_IS_STATUS_ERROR(status)) {
4395 crypto_err("failed to add crypto entry %d", status);
4396 return status;
4397 }
4398 crypto_key->valid = true;
4399 return QDF_STATUS_SUCCESS;
4400 }
4401 #else
wlan_crypto_save_ml_sta_key(struct wlan_objmgr_psoc * psoc,uint8_t key_index,struct wlan_crypto_key * crypto_key,struct qdf_mac_addr * link_addr,uint8_t link_id)4402 QDF_STATUS wlan_crypto_save_ml_sta_key(
4403 struct wlan_objmgr_psoc *psoc,
4404 uint8_t key_index,
4405 struct wlan_crypto_key *crypto_key,
4406 struct qdf_mac_addr *link_addr, uint8_t link_id)
4407 {
4408 return QDF_STATUS_SUCCESS;
4409 }
4410 #endif
4411
4412 /**
4413 * wlan_crypto_save_key_at_psoc() - Allocate memory for storing key in PSOC
4414 * @vdev: vdev object
4415 * @key_index: the index of the key that needs to be allocated
4416 * @crypto_key: Pointer to crypto key
4417 *
4418 * Return: QDF_STATUS
4419 */
4420 static QDF_STATUS
wlan_crypto_save_key_at_psoc(struct wlan_objmgr_vdev * vdev,uint8_t key_index,struct wlan_crypto_key * crypto_key)4421 wlan_crypto_save_key_at_psoc(struct wlan_objmgr_vdev *vdev, uint8_t key_index,
4422 struct wlan_crypto_key *crypto_key)
4423 {
4424 struct wlan_objmgr_psoc *psoc;
4425 struct crypto_psoc_priv_obj *crypto_psoc_obj;
4426 struct qdf_mac_addr *link_addr;
4427 uint8_t link_id = CRYPTO_MAX_LINK_IDX;
4428 int status = QDF_STATUS_SUCCESS;
4429
4430 psoc = wlan_vdev_get_psoc(vdev);
4431 crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj(
4432 psoc,
4433 WLAN_UMAC_COMP_CRYPTO);
4434 if (!crypto_psoc_obj) {
4435 crypto_err("crypto_psoc_obj NULL");
4436 return QDF_STATUS_E_FAILURE;
4437 }
4438
4439 if (wlan_vdev_mlme_is_mlo_vdev(vdev))
4440 link_id = wlan_vdev_get_link_id(vdev);
4441
4442 link_addr = (struct qdf_mac_addr *)wlan_vdev_mlme_get_linkaddr(vdev);
4443 if (!link_addr) {
4444 crypto_err("link_addr NULL");
4445 return QDF_STATUS_E_FAILURE;
4446 }
4447
4448 crypto_debug("save crypto key index %d link_id %d link addr "
4449 QDF_MAC_ADDR_FMT, key_index, link_id,
4450 QDF_MAC_ADDR_REF(link_addr->bytes));
4451 status = crypto_add_entry(crypto_psoc_obj,
4452 link_id, (uint8_t *)link_addr,
4453 crypto_key, key_index);
4454 if (QDF_IS_STATUS_ERROR(status)) {
4455 crypto_err("failed to add crypto entry %d", status);
4456 return status;
4457 }
4458
4459 crypto_key->valid = true;
4460 return QDF_STATUS_SUCCESS;
4461 }
4462
wlan_crypto_save_key(struct wlan_objmgr_vdev * vdev,uint8_t key_index,struct wlan_crypto_key * crypto_key)4463 QDF_STATUS wlan_crypto_save_key(struct wlan_objmgr_vdev *vdev,
4464 uint8_t key_index,
4465 struct wlan_crypto_key *crypto_key)
4466 {
4467 struct wlan_crypto_comp_priv *crypto_priv;
4468 struct wlan_crypto_keys *priv_key = NULL;
4469
4470 crypto_priv = wlan_get_vdev_crypto_obj(vdev);
4471 if (!crypto_priv) {
4472 crypto_err("crypto_priv NULL");
4473 return QDF_STATUS_E_FAILURE;
4474 }
4475
4476 if (!is_valid_keyix(key_index)) {
4477 crypto_err("Invalid Key index %d", key_index);
4478 return QDF_STATUS_E_FAILURE;
4479 }
4480 if ((wlan_vdev_mlme_get_opmode(vdev) == QDF_STA_MODE ||
4481 wlan_vdev_mlme_get_opmode(vdev) == QDF_SAP_MODE) &&
4482 wlan_vdev_mlme_is_mlo_vdev(vdev) &&
4483 is_mlo_adv_enable()) {
4484 wlan_crypto_save_key_at_psoc(vdev, key_index, crypto_key);
4485 } else {
4486 priv_key = &crypto_priv->crypto_key;
4487 if (key_index < WLAN_CRYPTO_MAXKEYIDX) {
4488 priv_key->key[key_index] = crypto_key;
4489 } else if (is_igtk(key_index)) {
4490 priv_key->igtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX] =
4491 crypto_key;
4492 priv_key->def_igtk_tx_keyid =
4493 key_index - WLAN_CRYPTO_MAXKEYIDX;
4494 priv_key->igtk_key_type = crypto_key->cipher_type;
4495 } else {
4496 priv_key->bigtk_key[key_index - WLAN_CRYPTO_MAXKEYIDX
4497 - WLAN_CRYPTO_MAXIGTKKEYIDX] = crypto_key;
4498 priv_key->def_bigtk_tx_keyid =
4499 key_index - WLAN_CRYPTO_MAXKEYIDX
4500 - WLAN_CRYPTO_MAXIGTKKEYIDX;
4501 }
4502 crypto_key->valid = true;
4503 }
4504 return QDF_STATUS_SUCCESS;
4505 }
4506
4507 #ifdef WLAN_FEATURE_11BE_MLO_ADV_FEATURE
wlan_crypto_get_ml_sta_link_key(struct wlan_objmgr_psoc * psoc,uint8_t key_index,struct qdf_mac_addr * link_addr,uint8_t link_id)4508 struct wlan_crypto_key *wlan_crypto_get_ml_sta_link_key(
4509 struct wlan_objmgr_psoc *psoc,
4510 uint8_t key_index,
4511 struct qdf_mac_addr *link_addr, uint8_t link_id)
4512 {
4513 struct crypto_psoc_priv_obj *crypto_psoc_obj;
4514 struct wlan_crypto_key_entry *key_entry = NULL;
4515
4516 crypto_debug("crypto get key index %d link_id %d ", key_index, link_id);
4517
4518 if (!psoc) {
4519 crypto_err("psoc NULL");
4520 return NULL;
4521 }
4522
4523 if (!link_addr) {
4524 crypto_err("link_addr NULL");
4525 return NULL;
4526 }
4527
4528 crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj(
4529 psoc,
4530 WLAN_UMAC_COMP_CRYPTO);
4531 if (!crypto_psoc_obj) {
4532 crypto_err("crypto_psoc_obj NULL");
4533 return NULL;
4534 }
4535
4536 key_entry = crypto_hash_find_by_linkid_and_macaddr(
4537 crypto_psoc_obj,
4538 link_id,
4539 (uint8_t *)link_addr);
4540 if (key_entry) {
4541 if (key_index < WLAN_CRYPTO_MAXKEYIDX)
4542 return key_entry->keys.key[key_index];
4543 else if (is_igtk(key_index))
4544 return key_entry->keys.igtk_key[key_index
4545 - WLAN_CRYPTO_MAXKEYIDX];
4546 else
4547 return key_entry->keys.bigtk_key[key_index
4548 - WLAN_CRYPTO_MAXKEYIDX
4549 - WLAN_CRYPTO_MAXIGTKKEYIDX];
4550 }
4551 return NULL;
4552 }
4553 #else
wlan_crypto_get_ml_sta_link_key(struct wlan_objmgr_psoc * psoc,uint8_t key_index,struct qdf_mac_addr * link_addr,uint8_t link_id)4554 struct wlan_crypto_key *wlan_crypto_get_ml_sta_link_key(
4555 struct wlan_objmgr_psoc *psoc,
4556 uint8_t key_index,
4557 struct qdf_mac_addr *link_addr, uint8_t link_id)
4558 {
4559 return NULL;
4560 }
4561 #endif
4562
4563 /**
4564 * wlan_crypto_get_ml_keys_from_index() - Get the stored key information from
4565 * key index
4566 * @vdev: vdev object
4567 * @key_index: the index of the key that needs to be retrieved
4568 *
4569 * Return: Key material
4570 */
4571 static struct wlan_crypto_key *
wlan_crypto_get_ml_keys_from_index(struct wlan_objmgr_vdev * vdev,uint8_t key_index)4572 wlan_crypto_get_ml_keys_from_index(struct wlan_objmgr_vdev *vdev,
4573 uint8_t key_index)
4574 {
4575 struct wlan_objmgr_psoc *psoc;
4576 struct crypto_psoc_priv_obj *crypto_psoc_obj;
4577 struct qdf_mac_addr *link_addr;
4578 struct wlan_crypto_key_entry *key_entry = NULL;
4579 uint8_t link_id = CRYPTO_MAX_LINK_IDX;
4580
4581 crypto_debug("crypto get key index %d", key_index);
4582 psoc = wlan_vdev_get_psoc(vdev);
4583 if (!psoc) {
4584 crypto_err("psoc NULL");
4585 return NULL;
4586 }
4587
4588 crypto_psoc_obj = wlan_objmgr_psoc_get_comp_private_obj(
4589 psoc,
4590 WLAN_UMAC_COMP_CRYPTO);
4591 if (!crypto_psoc_obj) {
4592 crypto_err("crypto_psoc_obj NULL");
4593 return NULL;
4594 }
4595
4596 if (wlan_vdev_mlme_is_mlo_vdev(vdev))
4597 link_id = wlan_vdev_get_link_id(vdev);
4598
4599 link_addr =
4600 (struct qdf_mac_addr *)wlan_vdev_mlme_get_linkaddr(vdev);
4601 if (!link_addr) {
4602 crypto_err("link_addr NULL");
4603 return NULL;
4604 }
4605
4606 key_entry = crypto_hash_find_by_linkid_and_macaddr(
4607 crypto_psoc_obj,
4608 link_id,
4609 (uint8_t *)link_addr);
4610 if (key_entry) {
4611 if (key_index < WLAN_CRYPTO_MAXKEYIDX)
4612 return key_entry->keys.key[key_index];
4613 else if (is_igtk(key_index))
4614 return key_entry->keys.igtk_key[key_index
4615 - WLAN_CRYPTO_MAXKEYIDX];
4616 else
4617 return key_entry->keys.bigtk_key[key_index
4618 - WLAN_CRYPTO_MAXKEYIDX
4619 - WLAN_CRYPTO_MAXIGTKKEYIDX];
4620 }
4621
4622 return NULL;
4623 }
4624
wlan_crypto_get_key(struct wlan_objmgr_vdev * vdev,uint8_t key_index)4625 struct wlan_crypto_key *wlan_crypto_get_key(struct wlan_objmgr_vdev *vdev,
4626 uint8_t key_index)
4627 {
4628 struct wlan_crypto_comp_priv *crypto_priv;
4629 struct wlan_crypto_keys *priv_key = NULL;
4630
4631 crypto_priv = wlan_get_vdev_crypto_obj(vdev);
4632 if (!crypto_priv) {
4633 crypto_err("crypto_priv NULL");
4634 return NULL;
4635 }
4636 priv_key = &crypto_priv->crypto_key;
4637
4638 if (!is_valid_keyix(key_index)) {
4639 crypto_err("Invalid Key index %d", key_index);
4640 return NULL;
4641 }
4642
4643 if ((wlan_vdev_mlme_get_opmode(vdev) == QDF_STA_MODE ||
4644 wlan_vdev_mlme_get_opmode(vdev) == QDF_SAP_MODE) &&
4645 wlan_vdev_mlme_is_mlo_vdev(vdev) &&
4646 is_mlo_adv_enable()) {
4647 return wlan_crypto_get_ml_keys_from_index(vdev, key_index);
4648 } else {
4649 if (key_index < WLAN_CRYPTO_MAXKEYIDX)
4650 return priv_key->key[key_index];
4651 else if (is_igtk(key_index))
4652 return priv_key->igtk_key[key_index
4653 - WLAN_CRYPTO_MAXKEYIDX];
4654 else
4655 return priv_key->bigtk_key[key_index
4656 - WLAN_CRYPTO_MAXKEYIDX
4657 - WLAN_CRYPTO_MAXIGTKKEYIDX];
4658 }
4659 return NULL;
4660 }
4661
wlan_crypto_set_key_req(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_key * req,enum wlan_crypto_key_type key_type)4662 QDF_STATUS wlan_crypto_set_key_req(struct wlan_objmgr_vdev *vdev,
4663 struct wlan_crypto_key *req,
4664 enum wlan_crypto_key_type key_type)
4665 {
4666 struct wlan_objmgr_psoc *psoc;
4667 struct wlan_lmac_if_tx_ops *tx_ops;
4668 QDF_STATUS status = QDF_STATUS_E_FAILURE;
4669
4670 psoc = wlan_vdev_get_psoc(vdev);
4671
4672 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4673 if (!tx_ops) {
4674 crypto_err("tx_ops is NULL");
4675 return QDF_STATUS_E_FAILURE;
4676 }
4677
4678 if (psoc && WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops))
4679 status = WLAN_CRYPTO_TX_OPS_SET_KEY(tx_ops)(vdev, req,
4680 key_type);
4681
4682 return status;
4683 }
4684
wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev * vdev,bool pairwise,uint8_t key_index,struct qdf_mac_addr * peer_mac)4685 void wlan_crypto_update_set_key_peer(struct wlan_objmgr_vdev *vdev,
4686 bool pairwise, uint8_t key_index,
4687 struct qdf_mac_addr *peer_mac)
4688 {
4689 struct wlan_crypto_key *crypto_key;
4690
4691 crypto_key = wlan_crypto_get_key(vdev, key_index);
4692 if (!crypto_key) {
4693 crypto_err("crypto_key not present for key_idx %d", key_index);
4694 return;
4695 }
4696
4697 qdf_mem_copy(crypto_key->macaddr, peer_mac, QDF_MAC_ADDR_SIZE);
4698 }
4699
4700 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD)
wlan_crypto_selective_clear_sae_single_pmk_entries(struct wlan_objmgr_vdev * vdev,struct qdf_mac_addr * conn_bssid)4701 void wlan_crypto_selective_clear_sae_single_pmk_entries(
4702 struct wlan_objmgr_vdev *vdev,
4703 struct qdf_mac_addr *conn_bssid)
4704 {
4705 struct wlan_crypto_params *crypto_params;
4706 struct wlan_crypto_comp_priv *crypto_priv;
4707 int i;
4708
4709 crypto_priv = (struct wlan_crypto_comp_priv *)
4710 wlan_get_vdev_crypto_obj(vdev);
4711
4712 if (!crypto_priv) {
4713 crypto_err("crypto_priv NULL");
4714 return;
4715 }
4716
4717 crypto_params = &crypto_priv->crypto_params;
4718
4719 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
4720 if (!crypto_params->pmksa[i])
4721 continue;
4722
4723 if (crypto_params->pmksa[i]->single_pmk_supported &&
4724 !qdf_is_macaddr_equal(conn_bssid,
4725 &crypto_params->pmksa[i]->bssid)) {
4726 qdf_mem_zero(crypto_params->pmksa[i],
4727 sizeof(struct wlan_crypto_pmksa));
4728 qdf_mem_free(crypto_params->pmksa[i]);
4729 crypto_params->pmksa[i] = NULL;
4730 }
4731 }
4732 }
4733
wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev * vdev,struct qdf_mac_addr * bssid,bool single_pmk_capable_bss)4734 void wlan_crypto_set_sae_single_pmk_bss_cap(struct wlan_objmgr_vdev *vdev,
4735 struct qdf_mac_addr *bssid,
4736 bool single_pmk_capable_bss)
4737 {
4738 struct wlan_crypto_params *crypto_params;
4739 struct wlan_crypto_comp_priv *crypto_priv;
4740 int i;
4741
4742 crypto_priv = (struct wlan_crypto_comp_priv *)
4743 wlan_get_vdev_crypto_obj(vdev);
4744
4745 if (!crypto_priv) {
4746 crypto_err("crypto_priv NULL");
4747 return;
4748 }
4749
4750 crypto_params = &crypto_priv->crypto_params;
4751
4752 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
4753 if (!crypto_params->pmksa[i])
4754 continue;
4755
4756 if (qdf_is_macaddr_equal(bssid,
4757 &crypto_params->pmksa[i]->bssid))
4758 crypto_params->pmksa[i]->single_pmk_supported =
4759 single_pmk_capable_bss;
4760 }
4761 }
4762
4763 void
wlan_crypto_set_sae_single_pmk_info(struct wlan_objmgr_vdev * vdev,struct wlan_crypto_pmksa * roam_sync_pmksa)4764 wlan_crypto_set_sae_single_pmk_info(struct wlan_objmgr_vdev *vdev,
4765 struct wlan_crypto_pmksa *roam_sync_pmksa)
4766 {
4767 struct wlan_crypto_params *crypto_params;
4768 struct wlan_crypto_comp_priv *crypto_priv;
4769 int i;
4770
4771 crypto_priv = (struct wlan_crypto_comp_priv *)
4772 wlan_get_vdev_crypto_obj(vdev);
4773
4774 if (!crypto_priv) {
4775 crypto_err("crypto_priv NULL");
4776 return;
4777 }
4778
4779 crypto_params = &crypto_priv->crypto_params;
4780
4781 for (i = 0; i < WLAN_CRYPTO_MAX_PMKID; i++) {
4782 if (!crypto_params->pmksa[i])
4783 continue;
4784 if (qdf_is_macaddr_equal(&roam_sync_pmksa->bssid,
4785 &crypto_params->pmksa[i]->bssid) &&
4786 roam_sync_pmksa->single_pmk_supported &&
4787 roam_sync_pmksa->pmk_len) {
4788 crypto_params->pmksa[i]->single_pmk_supported =
4789 roam_sync_pmksa->single_pmk_supported;
4790 crypto_params->pmksa[i]->pmk_len =
4791 roam_sync_pmksa->pmk_len;
4792 qdf_mem_copy(crypto_params->pmksa[i]->pmk,
4793 roam_sync_pmksa->pmk,
4794 roam_sync_pmksa->pmk_len);
4795 }
4796 }
4797 }
4798
4799 #endif
4800
wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev * vdev)4801 void wlan_crypto_reset_vdev_params(struct wlan_objmgr_vdev *vdev)
4802 {
4803 struct wlan_crypto_comp_priv *crypto_priv;
4804
4805 crypto_debug("reset params for vdev %d", wlan_vdev_get_id(vdev));
4806 crypto_priv = (struct wlan_crypto_comp_priv *)
4807 wlan_get_vdev_crypto_obj(vdev);
4808
4809 if (!crypto_priv) {
4810 crypto_err("crypto_priv NULL");
4811 return;
4812 }
4813
4814 wlan_crypto_reset_prarams(&crypto_priv->crypto_params);
4815 }
4816
wlan_crypto_psoc_enable(struct wlan_objmgr_psoc * psoc)4817 QDF_STATUS wlan_crypto_psoc_enable(struct wlan_objmgr_psoc *psoc)
4818 {
4819 struct wlan_lmac_if_tx_ops *tx_ops;
4820
4821 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4822 if (!tx_ops) {
4823 crypto_err("tx_ops is NULL");
4824 return QDF_STATUS_E_FAILURE;
4825 }
4826
4827 if (WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops))
4828 return WLAN_CRYPTO_TX_OPS_REGISTER_EVENTS(tx_ops)(psoc);
4829
4830 return QDF_STATUS_E_FAILURE;
4831 }
4832
wlan_crypto_psoc_disable(struct wlan_objmgr_psoc * psoc)4833 QDF_STATUS wlan_crypto_psoc_disable(struct wlan_objmgr_psoc *psoc)
4834 {
4835 struct wlan_lmac_if_tx_ops *tx_ops;
4836
4837 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4838 if (!tx_ops) {
4839 crypto_err("tx_ops is NULL");
4840 return QDF_STATUS_E_FAILURE;
4841 }
4842
4843 if (WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops))
4844 return WLAN_CRYPTO_TX_OPS_DEREGISTER_EVENTS(tx_ops)(psoc);
4845
4846 return QDF_STATUS_E_FAILURE;
4847 }
4848 #endif
4849
4850 #ifdef WLAN_FEATURE_FILS_SK
wlan_crypto_create_fils_rik(uint8_t * rrk,uint8_t rrk_len,uint8_t * rik,uint32_t * rik_len)4851 QDF_STATUS wlan_crypto_create_fils_rik(uint8_t *rrk, uint8_t rrk_len,
4852 uint8_t *rik, uint32_t *rik_len)
4853 {
4854 uint8_t optional_data[WLAN_CRYPTO_FILS_OPTIONAL_DATA_LEN];
4855 uint8_t label[] = WLAN_CRYPTO_FILS_RIK_LABEL;
4856 QDF_STATUS status;
4857
4858 if (!rrk || !rik) {
4859 crypto_err("FILS rrk/rik NULL");
4860 return QDF_STATUS_E_FAILURE;
4861 }
4862
4863 optional_data[0] = HMAC_SHA256_128;
4864 /* basic validation */
4865 if (rrk_len <= 0) {
4866 crypto_err("invalid r_rk length %d", rrk_len);
4867 return QDF_STATUS_E_FAILURE;
4868 }
4869
4870 wlan_crypto_put_be16(&optional_data[1], rrk_len);
4871 status = qdf_default_hmac_sha256_kdf(rrk, rrk_len, label, optional_data,
4872 sizeof(optional_data), rik,
4873 rrk_len);
4874 if (QDF_IS_STATUS_ERROR(status)) {
4875 crypto_err("failed to create rik");
4876 return status;
4877 }
4878 *rik_len = rrk_len;
4879
4880 return QDF_STATUS_SUCCESS;
4881 }
4882 #endif /* WLAN_FEATURE_FILS_SK */
4883
4884 #if defined(WIFI_POS_CONVERGED) && defined(WLAN_FEATURE_RTT_11AZ_SUPPORT)
4885 QDF_STATUS
wlan_crypto_set_ltf_keyseed(struct wlan_objmgr_psoc * psoc,struct wlan_crypto_ltf_keyseed_data * data)4886 wlan_crypto_set_ltf_keyseed(struct wlan_objmgr_psoc *psoc,
4887 struct wlan_crypto_ltf_keyseed_data *data)
4888 {
4889 QDF_STATUS status = QDF_STATUS_SUCCESS;
4890 struct wlan_lmac_if_tx_ops *tx_ops;
4891
4892 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4893 if (!tx_ops) {
4894 crypto_err("tx_ops is NULL");
4895 return QDF_STATUS_E_INVAL;
4896 }
4897
4898 if (WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops))
4899 status = WLAN_CRYPTO_TX_OPS_SET_LTF_KEYSEED(tx_ops)(psoc, data);
4900
4901 return status;
4902 }
4903 #endif
4904
4905 QDF_STATUS
wlan_crypto_vdev_set_param(struct wlan_objmgr_psoc * psoc,uint32_t vdev_id,uint32_t param_id,uint32_t param_value)4906 wlan_crypto_vdev_set_param(struct wlan_objmgr_psoc *psoc, uint32_t vdev_id,
4907 uint32_t param_id, uint32_t param_value)
4908 {
4909 QDF_STATUS status = QDF_STATUS_SUCCESS;
4910 struct wlan_lmac_if_tx_ops *tx_ops;
4911
4912 tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
4913 if (!tx_ops) {
4914 crypto_err("tx_ops is NULL");
4915 return QDF_STATUS_E_INVAL;
4916 }
4917
4918 if (WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops))
4919 status = WLAN_CRYPTO_TX_OPS_SET_VDEV_PARAM(tx_ops) (psoc,
4920 vdev_id,
4921 param_id,
4922 param_value);
4923
4924 return status;
4925 }
4926