From d03d10bcd10dd6efb1463dbcaa40195648938722 Mon Sep 17 00:00:00 2001 From: Yue Ma Date: Mon, 23 Dec 2019 15:09:53 -0800 Subject: [PATCH] qcacld-3.0: Cleanup WLAN_CONV_CRYPTO_IE_SUPPORT flag WLAN_CONV_CRYPTO_IE_SUPPORT is a temporary flag which is used for converged crypto component transition. The transition has already been done, so cleanup legacy code related to the flag. Change-Id: Ide9fa97a9eb0b5c197c762205f386651efc51e33 CRs-fixed: 2592096 --- Kbuild | 1 - core/hdd/src/wlan_hdd_cfg80211.c | 29 - core/mac/src/pe/lim/lim_assoc_utils.c | 254 --- core/mac/src/pe/lim/lim_assoc_utils.h | 8 +- .../src/pe/lim/lim_process_assoc_req_frame.c | 24 +- .../src/pe/lim/lim_process_sme_req_messages.c | 25 - core/sme/inc/sme_api.h | 6 +- core/sme/src/common/sme_api.c | 43 - core/sme/src/csr/csr_api_roam.c | 158 -- core/sme/src/csr/csr_inside_api.h | 19 +- core/sme/src/csr/csr_util.c | 1796 ----------------- 11 files changed, 4 insertions(+), 2359 deletions(-) diff --git a/Kbuild b/Kbuild index 960559a2e663d..04f07594c80b1 100644 --- a/Kbuild +++ b/Kbuild @@ -2579,7 +2579,6 @@ cppflags-$(CONFIG_WLAN_FEATURE_SARV1_TO_SARV2) += -DWLAN_FEATURE_SARV1_TO_SARV2 #CRYPTO Coverged Component cppflags-$(CONFIG_CRYPTO_COMPONENT) += -DWLAN_CONV_CRYPTO_SUPPORTED \ -DCRYPTO_SET_KEY_CONVERGED \ - -DWLAN_CONV_CRYPTO_IE_SUPPORT \ -DWLAN_CRYPTO_WEP_OS_DERIVATIVE \ -DWLAN_CRYPTO_TKIP_OS_DERIVATIVE \ -DWLAN_CRYPTO_CCMP_OS_DERIVATIVE \ diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c index fb69cf2a0c8e7..f15c829203811 100644 --- a/core/hdd/src/wlan_hdd_cfg80211.c +++ b/core/hdd/src/wlan_hdd_cfg80211.c @@ -21727,7 +21727,6 @@ static int wlan_hdd_cfg80211_add_station(struct wiphy *wiphy, return errno; } -#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT static QDF_STATUS wlan_hdd_set_pmksa_cache(struct hdd_adapter *adapter, tPmkidCacheInfo *pmk_cache) { @@ -21791,34 +21790,6 @@ QDF_STATUS wlan_hdd_flush_pmksa_cache(struct hdd_adapter *adapter) return result; } -#else -static QDF_STATUS wlan_hdd_set_pmksa_cache(struct hdd_adapter *adapter, - tPmkidCacheInfo *pmk_cache) -{ - struct hdd_context *hdd_ctx = WLAN_HDD_GET_CTX(adapter); - - return sme_roam_set_pmkid_cache( - hdd_ctx->mac_handle, adapter->vdev_id, pmk_cache, 1, false); -} - -static QDF_STATUS wlan_hdd_del_pmksa_cache(struct hdd_adapter *adapter, - tPmkidCacheInfo *pmk_cache) -{ - struct hdd_context *hdd_ctx = WLAN_HDD_GET_CTX(adapter); - - return sme_roam_del_pmkid_from_cache( - hdd_ctx->mac_handle, adapter->vdev_id, pmk_cache, - false); -} - -QDF_STATUS wlan_hdd_flush_pmksa_cache(struct hdd_adapter *adapter) -{ - struct hdd_context *hdd_ctx = WLAN_HDD_GET_CTX(adapter); - - return sme_roam_del_pmkid_from_cache( - hdd_ctx->mac_handle, adapter->vdev_id, NULL, true); -} -#endif #if defined(CFG80211_FILS_SK_OFFLOAD_SUPPORT) || \ (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)) diff --git a/core/mac/src/pe/lim/lim_assoc_utils.c b/core/mac/src/pe/lim/lim_assoc_utils.c index 95baf3ba94d2e..8fe7efaf66111 100644 --- a/core/mac/src/pe/lim/lim_assoc_utils.c +++ b/core/mac/src/pe/lim/lim_assoc_utils.c @@ -301,260 +301,6 @@ uint8_t lim_check_mcs_set(struct mac_context *mac, uint8_t *supportedMCSSet) #define SECURITY_SUITE_TYPE_GCMP 0x8 #define SECURITY_SUITE_TYPE_GCMP_256 0x9 -#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT -/** - * is_non_rsn_cipher()- API to check whether cipher suit is rsn or not - * @cipher_suite: cipher suit - * - * Return: True in case non ht cipher else false - */ -static inline bool is_non_rsn_cipher(uint8_t cipher_suite) -{ - uint8_t cipher_mask; - - cipher_mask = cipher_suite & SECURITY_SUITE_TYPE_MASK; - if ((cipher_mask == SECURITY_SUITE_TYPE_CCMP) || - (cipher_mask == SECURITY_SUITE_TYPE_GCMP) || - (cipher_mask == SECURITY_SUITE_TYPE_GCMP_256)) - return false; - - return true; -} - -/** - * lim_check_rx_rsn_ie_match()- validate received rsn ie with supported cipher - * suites. - * @mac_ctx: pointer to global mac structure - * @rx_rsn_ie: received rsn IE pointer - * @session_entry: pe session entry - * @sta_is_ht: peer station HT capability - * @pmf_connection: set to true if this is pmf connection - * - * This function is called during Association/Reassociation - * frame handling to determine whether received RSN in - * Assoc/Reassoc request frames include supported cipher suites or not. - * - * Return: QDF_STATUS_SUCCESS if ALL supported cipher suites are present in the - * received rsn IE else failure status. - */ - -uint8_t lim_check_rx_rsn_ie_match(struct mac_context *mac_ctx, - tDot11fIERSN * const rx_rsn_ie, - struct pe_session *session_entry, uint8_t sta_is_ht, - bool *pmf_connection) -{ - tDot11fIERSN *rsn_ie; - bool match = false; - uint8_t i, j, only_non_ht_cipher = 1; -#ifdef WLAN_FEATURE_11W - bool we_are_pmf_capable; - bool we_require_pmf; - bool they_are_pmf_capable; - bool they_require_pmf; -#endif - - /* RSN IE should be received from PE */ - rsn_ie = &session_entry->gStartBssRSNIe; - - if (!rx_rsn_ie) { - pe_debug("Rx RSN IE is NULL"); - return eSIR_MAC_UNSPEC_FAILURE_STATUS; - } - - /* We should have only one AKM in assoc/reassoc request */ - if (rx_rsn_ie->akm_suite_cnt != 1) { - pe_debug("Invalid RX akm_suite_cnt %d", - rx_rsn_ie->akm_suite_cnt); - return eSIR_MAC_INVALID_AKMP_STATUS; - } - /* Check if we support the received AKM */ - for (i = 0; i < rsn_ie->akm_suite_cnt; i++) - if (!qdf_mem_cmp(&rx_rsn_ie->akm_suite[0], - &rsn_ie->akm_suite[i], - sizeof(rsn_ie->akm_suite[i]))) { - match = true; - break; - } - if (!match) { - pe_debug("Invalid RX akm_suite"); - return eSIR_MAC_INVALID_AKMP_STATUS; - } - - /* Check groupwise cipher suite */ - for (i = 0; i < sizeof(rx_rsn_ie->gp_cipher_suite); i++) - if (rsn_ie->gp_cipher_suite[i] != - rx_rsn_ie->gp_cipher_suite[i]) { - pe_debug("Invalid groupwise cipher suite"); - return eSIR_MAC_INVALID_GROUP_CIPHER_STATUS; - } - - /* - * For each Pairwise cipher suite check whether we support - * received pairwise - */ - match = false; - for (i = 0; i < rx_rsn_ie->pwise_cipher_suite_count; i++) { - for (j = 0; j < rsn_ie->pwise_cipher_suite_count; j++) { - if (!qdf_mem_cmp(&rx_rsn_ie->pwise_cipher_suites[i], - &rsn_ie->pwise_cipher_suites[j], - sizeof(rsn_ie->pwise_cipher_suites[j]))) { - match = true; - break; - } - } - - if (sta_is_ht) -#ifdef ANI_LITTLE_BYTE_ENDIAN - only_non_ht_cipher = is_non_rsn_cipher( - rx_rsn_ie->pwise_cipher_suites[i][3]); -#else - only_non_ht_cipher = is_non_rsn_cipher( - rx_rsn_ie->pwise_cipher_suites[i][0]); -#endif - } - - if ((!match) || ((sta_is_ht) && only_non_ht_cipher)) { - pe_debug("Invalid pairwise cipher suite"); - return eSIR_MAC_INVALID_PAIRWISE_CIPHER_STATUS; - } - /* - * Check RSN capabilities - * Bit 0 of First Byte - PreAuthentication Capability - */ - if (((rx_rsn_ie->RSN_Cap[0] >> 0) & 0x1) == true) { - /* this is supported by AP only */ - pe_debug("Invalid RSN information element capabilities"); - return eSIR_MAC_INVALID_RSN_IE_CAPABILITIES_STATUS; - } - - *pmf_connection = false; - -#ifdef WLAN_FEATURE_11W - we_are_pmf_capable = session_entry->pLimStartBssReq->pmfCapable; - we_require_pmf = session_entry->pLimStartBssReq->pmfRequired; - they_are_pmf_capable = (rx_rsn_ie->RSN_Cap[0] >> 7) & 0x1; - they_require_pmf = (rx_rsn_ie->RSN_Cap[0] >> 6) & 0x1; - - if ((they_require_pmf && they_are_pmf_capable && !we_are_pmf_capable) || - (we_require_pmf && !they_are_pmf_capable)) { - pe_debug("Association fail, robust management frames policy" - " violation they_require_pmf =%d" - " theyArePMFCapable %d weArePMFCapable %d" - " weRequirePMF %d theyArePMFCapable %d", - they_require_pmf, they_are_pmf_capable, - we_are_pmf_capable, we_require_pmf, - they_are_pmf_capable); - return eSIR_MAC_ROBUST_MGMT_FRAMES_POLICY_VIOLATION; - } - - if (they_are_pmf_capable && we_are_pmf_capable) - *pmf_connection = true; - - pe_debug("weAreCapable %d, weRequire %d, theyAreCapable %d," - " theyRequire %d, PMFconnection %d", - we_are_pmf_capable, we_require_pmf, they_are_pmf_capable, - they_require_pmf, *pmf_connection); -#endif - - return eSIR_MAC_SUCCESS_STATUS; -} - -/** - * lim_check_rx_wpa_ie_match() - to check supported cipher suites - * - * @mac: pointer to global mac structure - * @rx_wpaie: Received WPA IE in (Re)Assco req - * @session_entry: pointer to PE session - * @sta_is_ht: peer station is HT - * - * This function is called during Association/Reassociation - * frame handling to determine whether received RSN in - * Assoc/Reassoc request frames include supported cipher suites or not. - * - * Return: Success if ALL supported cipher suites are present in the - * received wpa IE else failure status. - */ - -uint8_t -lim_check_rx_wpa_ie_match(struct mac_context *mac, tDot11fIEWPA *rx_wpaie, - struct pe_session *session_entry, uint8_t sta_is_ht) -{ - tDot11fIEWPA *wpa_ie; - bool match = false; - uint8_t i, j, only_non_ht_cipher = 1; - - /* WPA IE should be received from PE */ - wpa_ie = &session_entry->gStartBssWPAIe; - - /* We should have only one AKM in assoc/reassoc request */ - if (rx_wpaie->auth_suite_count != 1) { - pe_debug("Invalid RX auth_suite_count %d", - rx_wpaie->auth_suite_count); - return eSIR_MAC_INVALID_AKMP_STATUS; - } - /* Check if we support the received AKM */ - for (i = 0; i < wpa_ie->auth_suite_count; i++) - if (!qdf_mem_cmp(&rx_wpaie->auth_suites[0], - &wpa_ie->auth_suites[i], - sizeof(wpa_ie->auth_suites[i]))) { - match = true; - break; - } - if (!match) { - pe_debug("Invalid RX auth_suites"); - return eSIR_MAC_INVALID_AKMP_STATUS; - } - - /* Check groupwise cipher suite */ - for (i = 0; i < 4; i++) { - if (wpa_ie->multicast_cipher[i] != - rx_wpaie->multicast_cipher[i]) { - pe_debug("Invalid groupwise cipher suite"); - return eSIR_MAC_INVALID_GROUP_CIPHER_STATUS; - } - } - - /* - * For each Pairwise cipher suite check whether we support - * received pairwise - */ - match = false; - for (i = 0; i < rx_wpaie->unicast_cipher_count; i++) { - for (j = 0; j < wpa_ie->unicast_cipher_count; j++) { - if (!qdf_mem_cmp(rx_wpaie->unicast_ciphers[i], - wpa_ie->unicast_ciphers[j], 4)) { - match = true; - break; - } - } - - if ((sta_is_ht) -#ifdef ANI_LITTLE_BYTE_ENDIAN - && - ((rx_wpaie-> - unicast_ciphers[i][3] & SECURITY_SUITE_TYPE_MASK) == - SECURITY_SUITE_TYPE_CCMP)) -#else - && - ((rx_wpaie-> - unicast_ciphers[i][0] & SECURITY_SUITE_TYPE_MASK) == - SECURITY_SUITE_TYPE_CCMP)) -#endif - { - only_non_ht_cipher = 0; - } - - } - - if ((!match) || ((sta_is_ht) && only_non_ht_cipher)) { - pe_debug("Invalid pairwise cipher suite"); - return eSIR_MAC_CIPHER_SUITE_REJECTED_STATUS; - } - - return eSIR_MAC_SUCCESS_STATUS; -} -#endif - /** * lim_cleanup_rx_path() * diff --git a/core/mac/src/pe/lim/lim_assoc_utils.h b/core/mac/src/pe/lim/lim_assoc_utils.h index 5e4e9c6ab8f76..793d0d0371aa3 100644 --- a/core/mac/src/pe/lim/lim_assoc_utils.h +++ b/core/mac/src/pe/lim/lim_assoc_utils.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -43,12 +43,6 @@ uint8_t lim_compare_capabilities(struct mac_context *, tSirAssocReq *, tSirMacCapabilityInfo *, struct pe_session *); uint8_t lim_check_rx_basic_rates(struct mac_context *, tSirMacRateSet, struct pe_session *); -uint8_t lim_check_rx_rsn_ie_match(struct mac_context *mac_ctx, - tDot11fIERSN * const rx_rsn_ie, - struct pe_session *session_entry, uint8_t sta_is_ht, - bool *pmf_connection); -uint8_t lim_check_rx_wpa_ie_match(struct mac_context *, tDot11fIEWPA *, struct pe_session *, - uint8_t); uint8_t lim_check_mcs_set(struct mac_context *mac, uint8_t *supportedMCSSet); QDF_STATUS lim_cleanup_rx_path(struct mac_context *, tpDphHashNode, struct pe_session *); diff --git a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c index 11eb8680f2933..1225c377065bb 100644 --- a/core/mac/src/pe/lim/lim_process_assoc_req_frame.c +++ b/core/mac/src/pe/lim/lim_process_assoc_req_frame.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -829,7 +829,6 @@ static void lim_print_ht_cap(struct mac_context *mac_ctx, struct pe_session *ses } } -#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT static enum mac_status_code lim_check_rsn_ie(struct pe_session *session, struct mac_context *mac_ctx, @@ -895,27 +894,6 @@ static enum mac_status_code lim_check_wpa_ie(struct pe_session *session, return eSIR_MAC_INVALID_IE_STATUS; } -#else -static enum mac_status_code lim_check_rsn_ie(struct pe_session *session, - struct mac_context *mac_ctx, - tpSirAssocReq assoc_req, - tDot11fIERSN *rsn, - bool *pmf_connection) -{ - return lim_check_rx_rsn_ie_match(mac_ctx, rsn, session, - assoc_req->HTCaps.present, - pmf_connection); -} - -static enum mac_status_code lim_check_wpa_ie(struct pe_session *session, - struct mac_context *mac_ctx, - tpSirAssocReq assoc_req, - tDot11fIEWPA *wpa) -{ - return lim_check_rx_wpa_ie_match(mac_ctx, wpa, session, - assoc_req->HTCaps.present); -} -#endif /** * lim_check_sae_pmf_cap() - check pmf capability for SAE STA diff --git a/core/mac/src/pe/lim/lim_process_sme_req_messages.c b/core/mac/src/pe/lim/lim_process_sme_req_messages.c index 80d931c09bf56..4684456000db6 100644 --- a/core/mac/src/pe/lim/lim_process_sme_req_messages.c +++ b/core/mac/src/pe/lim/lim_process_sme_req_messages.c @@ -1165,7 +1165,6 @@ static QDF_STATUS lim_send_ft_reassoc_req(struct pe_session *session, } #ifdef WLAN_FEATURE_11W -#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT /** * lim_set_rmf_enabled() - set rmf enabled * @mac: mac context @@ -1206,30 +1205,6 @@ static void lim_set_rmf_enabled(struct mac_context *mac, rsn_caps); } #else -/** - * lim_set_rmf_enabled() - set rmf enabled - * @mac: mac context - * @session: pe session - * @csr_join_req: csr join req - * - * Return: void - */ -static void lim_set_rmf_enabled(struct mac_context *mac, - struct pe_session *session, - struct join_req *csr_join_req) -{ - if ((eSIR_ED_AES_128_CMAC == csr_join_req->MgmtEncryptionType) || - (eSIR_ED_AES_GMAC_128 == csr_join_req->MgmtEncryptionType) || - (eSIR_ED_AES_GMAC_256 == csr_join_req->MgmtEncryptionType)) - session->limRmfEnabled = 1; - else - session->limRmfEnabled = 0; - - pe_debug("mgmt encryption type %d limRmfEnabled %d", - csr_join_req->MgmtEncryptionType, session->limRmfEnabled); -} -#endif -#else /** * lim_set_rmf_enabled() - set rmf enabled * @mac: mac context diff --git a/core/sme/inc/sme_api.h b/core/sme/inc/sme_api.h index 63f58945d0ba7..4d6489c366380 100644 --- a/core/sme/inc/sme_api.h +++ b/core/sme/inc/sme_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2012-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -549,10 +549,6 @@ QDF_STATUS sme_roam_get_connect_profile(mac_handle_t mac_handle, uint8_t sessionId, tCsrRoamConnectedProfile *pProfile); void sme_roam_free_connect_profile(tCsrRoamConnectedProfile *profile); -QDF_STATUS sme_roam_set_pmkid_cache(mac_handle_t mac_handle, uint8_t sessionId, - tPmkidCacheInfo *pPMKIDCache, - uint32_t numItems, - bool update_entire_cache); #ifdef WLAN_FEATURE_ROAM_OFFLOAD /** diff --git a/core/sme/src/common/sme_api.c b/core/sme/src/common/sme_api.c index 9844b763e6018..af17a9eb739f0 100644 --- a/core/sme/src/common/sme_api.c +++ b/core/sme/src/common/sme_api.c @@ -3056,49 +3056,6 @@ void sme_roam_free_connect_profile(tCsrRoamConnectedProfile *profile) csr_roam_free_connect_profile(profile); } -/* - * sme_roam_set_pmkid_cache() - - * A wrapper function to request CSR to return the PMKID candidate list - * This is a synchronous call. - - * pPMKIDCache - caller allocated buffer point to an array of - * tPmkidCacheInfo - * numItems - a variable that has the number of tPmkidCacheInfo - * allocated when retruning, this is either the number needed - * or number of items put into pPMKIDCache - * update_entire_cache - this bool value specifies if the entire pmkid - * cache should be overwritten or should it be - * updated entry by entry. - * Return QDF_STATUS - when fail, it usually means the buffer allocated is not - * big enough and pNumItems has the number of - * tPmkidCacheInfo. - * \Note: pNumItems is a number of tPmkidCacheInfo, - * not sizeof(tPmkidCacheInfo) * something - */ -QDF_STATUS sme_roam_set_pmkid_cache(mac_handle_t mac_handle, uint8_t sessionId, - tPmkidCacheInfo *pPMKIDCache, - uint32_t numItems, bool update_entire_cache) -{ - QDF_STATUS status = QDF_STATUS_E_FAILURE; - struct mac_context *mac = MAC_CONTEXT(mac_handle); - - MTRACE(qdf_trace(QDF_MODULE_ID_SME, - TRACE_CODE_SME_RX_HDD_ROAM_SET_PMKIDCACHE, sessionId, - numItems)); - status = sme_acquire_global_lock(&mac->sme); - if (QDF_IS_STATUS_SUCCESS(status)) { - if (CSR_IS_SESSION_VALID(mac, sessionId)) - status = csr_roam_set_pmkid_cache(mac, sessionId, - pPMKIDCache, - numItems, update_entire_cache); - else - status = QDF_STATUS_E_INVAL; - sme_release_global_lock(&mac->sme); - } - - return status; -} - QDF_STATUS sme_roam_del_pmkid_from_cache(mac_handle_t mac_handle, uint8_t sessionId, tPmkidCacheInfo *pmksa, diff --git a/core/sme/src/csr/csr_api_roam.c b/core/sme/src/csr/csr_api_roam.c index 8d2a7e6e80b6c..7276f4553cf9b 100644 --- a/core/sme/src/csr/csr_api_roam.c +++ b/core/sme/src/csr/csr_api_roam.c @@ -14962,164 +14962,6 @@ QDF_STATUS csr_roam_set_psk_pmk(struct mac_context *mac, uint32_t sessionId, } #endif /* WLAN_FEATURE_ROAM_OFFLOAD */ -#ifdef FEATURE_WLAN_DIAG_SUPPORT_CSR -static void -csr_roam_diag_set_pmkid(struct csr_roam_session *pSession) -{ - WLAN_HOST_DIAG_EVENT_DEF(secEvent, - host_event_wlan_security_payload_type); - qdf_mem_zero(&secEvent, - sizeof(host_event_wlan_security_payload_type)); - secEvent.eventId = WLAN_SECURITY_EVENT_PMKID_UPDATE; - secEvent.encryptionModeMulticast = - (uint8_t) diag_enc_type_from_csr_type( - pSession->connectedProfile.mcEncryptionType); - secEvent.encryptionModeUnicast = - (uint8_t) diag_enc_type_from_csr_type( - pSession->connectedProfile.EncryptionType); - qdf_mem_copy(secEvent.bssid, - pSession->connectedProfile.bssid.bytes, - QDF_MAC_ADDR_SIZE); - secEvent.authMode = (uint8_t) diag_auth_type_from_csr_type( - pSession->connectedProfile.AuthType); - WLAN_HOST_DIAG_EVENT_REPORT(&secEvent, EVENT_WLAN_SECURITY); -} -#endif /* FEATURE_WLAN_DIAG_SUPPORT_CSR */ - -#ifdef WLAN_FEATURE_ROAM_OFFLOAD -/** - * csr_update_session_psk_pmk - API to update PMK in csr session - * @pSession: pointer to session - * @pmksa: pointer to PMKSA struct - * - * Return : None - */ -static void -csr_update_session_psk_pmk(struct csr_roam_session *session, - tPmkidCacheInfo *pmksa) -{ - /* For SAE authentication, pmk will be sent over the - * set PMKSA vendor command. The set PMKSA command is sent - * after SAE authentication is complete, before association - * completion itself. So csr_roam_session will not be having - * any parameters at this point. This pmk received is not - * updated to csr session and when RSO update command is sent, - * empty pmk will be sent, resulting in SAE roming failure. So - * copy the pmk into csr session so that correct pmk will be - * sent in RSO command. - */ - qdf_mem_copy(session->psk_pmk, pmksa->pmk, pmksa->pmk_len); - session->pmk_len = pmksa->pmk_len; -} -#else -static inline void -csr_update_session_psk_pmk(struct csr_roam_session *session, - tPmkidCacheInfo *pmksa) -{} -#endif - -/** - * csr_update_pmk_cache - API to update PMK cache - * @pSession: pointer to session - * @pmksa: pointer to PMKSA struct - * - * Return : None - */ -static void csr_update_pmk_cache(struct csr_roam_session *session, - tPmkidCacheInfo *pmksa) -{ - uint16_t cache_idx = session->curr_cache_idx; - - /* Add entry to the cache */ - if (!pmksa->ssid_len) { - qdf_copy_macaddr( - &session->PmkidCacheInfo[cache_idx].BSSID, - &pmksa->BSSID); - session->PmkidCacheInfo[cache_idx].ssid_len = 0; - } else { - qdf_mem_copy(session->PmkidCacheInfo[cache_idx].ssid, - pmksa->ssid, pmksa->ssid_len); - session->PmkidCacheInfo[cache_idx].ssid_len = - pmksa->ssid_len; - qdf_mem_copy(session->PmkidCacheInfo[cache_idx].cache_id, - pmksa->cache_id, CACHE_ID_LEN); - - } - qdf_mem_copy( - session->PmkidCacheInfo[cache_idx].PMKID, - pmksa->PMKID, PMKID_LEN); - - if (pmksa->pmk_len) { - qdf_mem_copy(session->PmkidCacheInfo[cache_idx].pmk, - pmksa->pmk, pmksa->pmk_len); - - csr_update_session_psk_pmk(session, pmksa); - } - - session->PmkidCacheInfo[cache_idx].pmk_len = pmksa->pmk_len; - - /* Increment the CSR local cache index */ - if (cache_idx < (CSR_MAX_PMKID_ALLOWED - 1)) - session->curr_cache_idx++; - else { - sme_debug("max value reached, setting current index as 0"); - session->curr_cache_idx = 0; - } - - session->NumPmkidCache++; - if (session->NumPmkidCache > CSR_MAX_PMKID_ALLOWED) { - sme_debug("setting num pmkid cache to %d", - CSR_MAX_PMKID_ALLOWED); - session->NumPmkidCache = CSR_MAX_PMKID_ALLOWED; - } -} - -QDF_STATUS -csr_roam_set_pmkid_cache(struct mac_context *mac, uint32_t sessionId, - tPmkidCacheInfo *pPMKIDCache, uint32_t numItems, - bool update_entire_cache) -{ - struct csr_roam_session *pSession = CSR_GET_SESSION(mac, sessionId); - uint32_t i = 0; - tPmkidCacheInfo *pmksa; - - if (!pSession) { - sme_err("session %d not found", sessionId); - return QDF_STATUS_E_FAILURE; - } - - sme_debug("numItems = %d", numItems); - - if (numItems > CSR_MAX_PMKID_ALLOWED) - return QDF_STATUS_E_INVAL; - -#ifdef FEATURE_WLAN_DIAG_SUPPORT_CSR - csr_roam_diag_set_pmkid(pSession); -#endif /* FEATURE_WLAN_DIAG_SUPPORT_CSR */ - - if (update_entire_cache) { - if (numItems && pPMKIDCache) { - pSession->NumPmkidCache = (uint16_t) numItems; - qdf_mem_copy(pSession->PmkidCacheInfo, pPMKIDCache, - sizeof(tPmkidCacheInfo) * numItems); - pSession->curr_cache_idx = (uint16_t)numItems; - } - return QDF_STATUS_SUCCESS; - } - - for (i = 0; i < numItems; i++) { - pmksa = &pPMKIDCache[i]; - - /* Delete the entry if present */ - csr_roam_del_pmkid_from_cache(mac, sessionId, - pmksa, false); - /* Update new entry */ - csr_update_pmk_cache(pSession, pmksa); - - } - return QDF_STATUS_SUCCESS; -} - #ifdef WLAN_FEATURE_ROAM_OFFLOAD static void csr_mem_zero_psk_pmk(struct csr_roam_session *session) { diff --git a/core/sme/src/csr/csr_inside_api.h b/core/sme/src/csr/csr_inside_api.h index b63ecc07d6056..cd529f96d5e49 100644 --- a/core/sme/src/csr/csr_inside_api.h +++ b/core/sme/src/csr/csr_inside_api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2019 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2020 The Linux Foundation. All rights reserved. * * Permission to use, copy, modify, and/or distribute this software for * any purpose with or without fee is hereby granted, provided that the @@ -729,23 +729,6 @@ QDF_STATUS csr_roam_reassoc(struct mac_context *mac, uint32_t sessionId, tCsrRoamModifyProfileFields modProfileFields, uint32_t *pRoamId); -/* - * csr_roam_set_pmkid_cache() - - * return the PMKID candidate list - * - * pPMKIDCache - caller allocated buffer point to an array of tPmkidCacheInfo - * numItems - a variable that has the number of tPmkidCacheInfo allocated - * when retruning, this is either the number needed or number of items put - * into pPMKIDCache - * Return QDF_STATUS - when fail, it usually means the buffer allocated is not - * big enough and pNumItems has the number of tPmkidCacheInfo. - * \Note: pNumItems is a number of tPmkidCacheInfo, not - * sizeof(tPmkidCacheInfo) * something - */ -QDF_STATUS csr_roam_set_pmkid_cache(struct mac_context *mac, uint32_t sessionId, - tPmkidCacheInfo *pPMKIDCache, - uint32_t numItems, bool update_entire_cache); - #ifdef WLAN_FEATURE_ROAM_OFFLOAD /* * csr_get_pmk_info(): store PMK in pmk_cache diff --git a/core/sme/src/csr/csr_util.c b/core/sme/src/csr/csr_util.c index f6b5b5a6268fa..a29483761b538 100644 --- a/core/sme/src/csr/csr_util.c +++ b/core/sme/src/csr/csr_util.c @@ -2714,7 +2714,6 @@ bool csr_is_pmkid_found_for_peer(struct mac_context *mac, return false; } -#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT bool csr_lookup_pmkid_using_bssid(struct mac_context *mac, struct csr_roam_session *session, tPmkidCacheInfo *pmk_cache, @@ -2848,1801 +2847,6 @@ uint8_t csr_construct_wapi_ie(struct mac_context *mac, uint32_t sessionId, } #endif -#else - -static bool csr_match_rsnoui_index(struct mac_context *mac, - uint8_t AllCyphers[][CSR_RSN_OUI_SIZE], - uint8_t cAllCyphers, uint8_t ouiIndex, - uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllCyphers, cAllCyphers, csr_rsn_oui[ouiIndex], Oui); - -} - -#ifdef FEATURE_WLAN_WAPI -static bool csr_is_wapi_oui_equal(struct mac_context *mac, uint8_t *Oui1, - uint8_t *Oui2) -{ - return !qdf_mem_cmp(Oui1, Oui2, CSR_WAPI_OUI_SIZE); -} - -static bool csr_is_wapi_oui_match(struct mac_context *mac, - uint8_t AllCyphers[][CSR_WAPI_OUI_SIZE], - uint8_t cAllCyphers, uint8_t Cypher[], - uint8_t Oui[]) -{ - bool fYes = false; - uint8_t idx; - - for (idx = 0; idx < cAllCyphers; idx++) { - if (csr_is_wapi_oui_equal(mac, AllCyphers[idx], Cypher)) { - fYes = true; - break; - } - } - - if (fYes && Oui) - qdf_mem_copy(Oui, AllCyphers[idx], CSR_WAPI_OUI_SIZE); - - return fYes; -} - -static bool csr_match_wapi_oui_index(struct mac_context *mac, - uint8_t AllCyphers[][CSR_WAPI_OUI_SIZE], - uint8_t cAllCyphers, uint8_t ouiIndex, - uint8_t Oui[]) -{ - return csr_is_wapi_oui_match - (mac, AllCyphers, cAllCyphers, csr_wapi_oui[ouiIndex], Oui); - -} -#endif /* FEATURE_WLAN_WAPI */ - -static bool csr_match_wpaoui_index(struct mac_context *mac, - uint8_t AllCyphers[][CSR_RSN_OUI_SIZE], - uint8_t cAllCyphers, uint8_t ouiIndex, - uint8_t Oui[]) -{ - if (ouiIndex < QDF_ARRAY_SIZE(csr_wpa_oui)) - return csr_is_oui_match - (mac, AllCyphers, cAllCyphers, - csr_wpa_oui[ouiIndex], Oui); - else - return false; -} - -#ifdef FEATURE_WLAN_WAPI -static bool csr_is_auth_wapi_cert(struct mac_context *mac, - uint8_t AllSuites[][CSR_WAPI_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_wapi_oui_match - (mac, AllSuites, cAllSuites, csr_wapi_oui[1], Oui); -} - -static bool csr_is_auth_wapi_psk(struct mac_context *mac, - uint8_t AllSuites[][CSR_WAPI_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_wapi_oui_match - (mac, AllSuites, cAllSuites, csr_wapi_oui[2], Oui); -} -#endif /* FEATURE_WLAN_WAPI */ - - -/* - * Function for 11R FT Authentication. We match the FT Authentication Cipher - * suite here. This matches for FT Auth with the 802.1X exchange. - */ -static bool csr_is_ft_auth_rsn(struct mac_context *mac, - uint8_t AllSuites[][CSR_RSN_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_rsn_oui[03], Oui); -} - -/* - * Function for 11R FT Authentication. We match the FT Authentication Cipher - * suite here. This matches for FT Auth with the PSK. - */ -static bool csr_is_ft_auth_rsn_psk(struct mac_context *mac, - uint8_t AllSuites[][CSR_RSN_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_rsn_oui[04], Oui); -} - - -#ifdef FEATURE_WLAN_ESE - -/* - * Function for ESE CCKM AKM Authentication. We match the CCKM AKM - * Authentication Key Management suite here. This matches for CCKM AKM Auth - * with the 802.1X exchange. - */ -static bool csr_is_ese_cckm_auth_rsn(struct mac_context *mac, - uint8_t AllSuites[][CSR_RSN_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_rsn_oui[06], Oui); -} - -static bool csr_is_ese_cckm_auth_wpa(struct mac_context *mac, - uint8_t AllSuites[][CSR_WPA_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_wpa_oui[06], Oui); -} -#endif - -static bool csr_is_auth_rsn(struct mac_context *mac, - uint8_t AllSuites[][CSR_RSN_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_rsn_oui[01], Oui); -} - -static bool csr_is_auth_rsn_psk(struct mac_context *mac, - uint8_t AllSuites[][CSR_RSN_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_rsn_oui[02], Oui); -} - -#ifdef WLAN_FEATURE_11W -static bool csr_is_auth_rsn_psk_sha256(struct mac_context *mac, - uint8_t AllSuites[][CSR_RSN_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_rsn_oui[07], Oui); -} -static bool csr_is_auth_rsn8021x_sha256(struct mac_context *mac, - uint8_t AllSuites[][CSR_RSN_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_rsn_oui[8], Oui); -} -#endif - -#ifdef WLAN_FEATURE_FILS_SK -/* - * csr_is_auth_fils_sha256() - check whether oui is fils sha256 - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is FILS SHA256, false otherwise - */ -static bool csr_is_auth_fils_sha256(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_FILS_SHA256], oui); -} - -/* - * csr_is_auth_fils_sha384() - check whether oui is fils sha384 - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is FILS SHA384, false otherwise - */ -static bool csr_is_auth_fils_sha384(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_FILS_SHA384], oui); -} - -/* - * csr_is_auth_fils_ft_sha256() - check whether oui is fils ft sha256 - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is FT FILS SHA256, false otherwise - */ -static bool csr_is_auth_fils_ft_sha256(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_FT_FILS_SHA256], oui); -} - -/* - * csr_is_auth_fils_ft_sha384() - check whether oui is fils ft sha384 - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is FT FILS SHA384, false otherwise - */ -static bool csr_is_auth_fils_ft_sha384(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_FT_FILS_SHA384], oui); -} -#endif - -/* - * csr_is_auth_dpp_rsn() - check whether oui is dpp rsn - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is dpp rsn, false otherwise - */ -static bool csr_is_auth_dpp_rsn(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_DPP_RSN], oui); -} - -/* - * csr_is_auth_wpa_owe() - check whether oui is OWE - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is OWE, false otherwise - */ -static bool csr_is_auth_wpa_owe(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match - (mac, all_suites, suite_count, csr_rsn_oui[ENUM_OWE], oui); -} - -/* - * csr_is_auth_suiteb_eap_256() - check whether oui is SuiteB EAP256 - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is SuiteB EAP256, false otherwise - */ -static bool csr_is_auth_suiteb_eap_256(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_SUITEB_EAP256], oui); -} - -/* - * csr_is_auth_suiteb_eap_384() - check whether oui is SuiteB EAP384 - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is SuiteB EAP384, false otherwise - */ -static bool csr_is_auth_suiteb_eap_384(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_SUITEB_EAP384], oui); -} - -/* - * csr_is_auth_ft_suiteb_eap_384() - check whether oui is SuiteB EAP384 - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is FT SuiteB EAP384, false otherwise - */ -static -bool csr_is_auth_ft_suiteb_eap_384(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_FT_SUITEB_SHA384], oui); -} - -#ifdef WLAN_FEATURE_SAE -/* - * csr_is_auth_wpa_sae() - check whether oui is SAE - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is SAE, false otherwise - */ -static bool csr_is_auth_wpa_sae(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - bool is_sae_auth; - - is_sae_auth = (csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_SAE], oui)); - return is_sae_auth; -} - -/* - * csr_is_auth_ft_sae() - check whether oui is SAE - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is FT-SAE, false otherwise - */ -static bool csr_is_auth_ft_sae(struct mac_context *mac, - uint8_t all_suites[][CSR_RSN_OUI_SIZE], - uint8_t suite_count, uint8_t oui[]) -{ - bool is_ft_sae_auth; - - is_ft_sae_auth = csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_FT_SAE], oui); - return is_ft_sae_auth; -} -#endif - -/* - * csr_is_auth_osen() - check whether oui is osen rsn - * @mac: Global MAC context - * @all_suites: pointer to all supported akm suites - * @suite_count: all supported akm suites count - * @oui: Oui needs to be matched - * - * Return: True if OUI is OSEN, false otherwise - */ -static bool csr_is_auth_osen(struct mac_context *mac, - u8 all_suites[][CSR_RSN_OUI_SIZE], - u8 suite_count, u8 oui[]) -{ - return csr_is_oui_match(mac, all_suites, suite_count, - csr_rsn_oui[ENUM_OSEN], oui); -} - -static bool csr_is_auth_wpa(struct mac_context *mac, - uint8_t AllSuites[][CSR_WPA_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_wpa_oui[01], Oui); -} - -static bool csr_is_auth_wpa_psk(struct mac_context *mac, - uint8_t AllSuites[][CSR_WPA_OUI_SIZE], - uint8_t cAllSuites, uint8_t Oui[]) -{ - return csr_is_oui_match - (mac, AllSuites, cAllSuites, csr_wpa_oui[02], Oui); -} - -static uint8_t csr_get_oui_index_from_cipher(eCsrEncryptionType enType) -{ - uint8_t OUIIndex; - - switch (enType) { - case eCSR_ENCRYPT_TYPE_WEP40: - case eCSR_ENCRYPT_TYPE_WEP40_STATICKEY: - OUIIndex = CSR_OUI_WEP40_OR_1X_INDEX; - break; - case eCSR_ENCRYPT_TYPE_WEP104: - case eCSR_ENCRYPT_TYPE_WEP104_STATICKEY: - OUIIndex = CSR_OUI_WEP104_INDEX; - break; - case eCSR_ENCRYPT_TYPE_TKIP: - OUIIndex = CSR_OUI_TKIP_OR_PSK_INDEX; - break; - case eCSR_ENCRYPT_TYPE_AES: - OUIIndex = CSR_OUI_AES_INDEX; - break; - case eCSR_ENCRYPT_TYPE_AES_GCMP: - OUIIndex = CSR_OUI_AES_GCMP_INDEX; - break; - case eCSR_ENCRYPT_TYPE_AES_GCMP_256: - OUIIndex = CSR_OUI_AES_GCMP_256_INDEX; - break; - case eCSR_ENCRYPT_TYPE_NONE: - OUIIndex = CSR_OUI_USE_GROUP_CIPHER_INDEX; - break; -#ifdef FEATURE_WLAN_WAPI - case eCSR_ENCRYPT_TYPE_WPI: - OUIIndex = CSR_OUI_WAPI_WAI_CERT_OR_SMS4_INDEX; - break; -#endif /* FEATURE_WLAN_WAPI */ - default: /* HOWTO handle this? */ - OUIIndex = CSR_OUI_RESERVED_INDEX; - break; - } /* switch */ - - return OUIIndex; -} - -#ifdef WLAN_FEATURE_FILS_SK -/** - * csr_is_fils_auth() - update negotiated auth if matches to FILS auth type - * @mac_ctx: pointer to mac context - * @authsuites: auth suites - * @c_auth_suites: auth suites count - * @authentication: authentication - * @auth_type: authentication type list - * @index: current counter - * @neg_authtype: pointer to negotiated auth - * - * Return: None - */ -static void csr_is_fils_auth(struct mac_context *mac_ctx, - uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites, - uint8_t authentication[], tCsrAuthList *auth_type, - uint8_t index, enum csr_akm_type *neg_authtype) -{ - /* - * TODO Always try with highest security - * move this down once sha384 is validated - */ - if (csr_is_auth_fils_sha256(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_FILS_SHA256 == - auth_type->authType[index]) - *neg_authtype = eCSR_AUTH_TYPE_FILS_SHA256; - } - if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_fils_sha384(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_FILS_SHA384 == - auth_type->authType[index]) - *neg_authtype = eCSR_AUTH_TYPE_FILS_SHA384; - } - if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_fils_ft_sha256(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_FT_FILS_SHA256 == - auth_type->authType[index]) - *neg_authtype = eCSR_AUTH_TYPE_FT_FILS_SHA256; - } - if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_fils_ft_sha384(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_FT_FILS_SHA384 == - auth_type->authType[index]) - *neg_authtype = eCSR_AUTH_TYPE_FT_FILS_SHA384; - } - sme_debug("negotiated auth type is %d", *neg_authtype); -} -#else -static void csr_is_fils_auth(struct mac_context *mac_ctx, - uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites, - uint8_t authentication[], tCsrAuthList *auth_type, - uint8_t index, enum csr_akm_type *neg_authtype) -{ -} -#endif - -#ifdef WLAN_FEATURE_SAE -/** - * csr_check_sae_auth() - update negotiated auth and oui if matches to SAE auth - * type - * @mac_ctx: pointer to mac context - * @authsuites: auth suites - * @c_auth_suites: auth suites count - * @authentication: authentication - * @auth_type: authentication type list - * @index: current counter - * @neg_authtype: pointer to negotiated auth - * - * Return: None - */ -static void -csr_check_sae_auth(struct mac_context *mac_ctx, - uint8_t authsuites[][CSR_RSN_OUI_SIZE], - uint8_t c_auth_suites, - uint8_t authentication[], tCsrAuthList *auth_type, - uint8_t index, enum csr_akm_type *neg_authtype) -{ - if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_ft_sae(mac_ctx, authsuites, c_auth_suites, - authentication)) { - if (eCSR_AUTH_TYPE_FT_SAE == auth_type->authType[index]) - *neg_authtype = eCSR_AUTH_TYPE_FT_SAE; - if (eCSR_AUTH_TYPE_OPEN_SYSTEM == auth_type->authType[index]) - *neg_authtype = eCSR_AUTH_TYPE_OPEN_SYSTEM; - } - - if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_wpa_sae(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_SAE == auth_type->authType[index]) - *neg_authtype = eCSR_AUTH_TYPE_SAE; - if (eCSR_AUTH_TYPE_OPEN_SYSTEM == auth_type->authType[index]) - *neg_authtype = eCSR_AUTH_TYPE_OPEN_SYSTEM; - } - sme_debug("negotiated auth type is %d", *neg_authtype); -} -#else -static void csr_check_sae_auth(struct mac_context *mac_ctx, - uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites, - uint8_t authentication[], tCsrAuthList *auth_type, - uint8_t index, enum csr_akm_type *neg_authtype) -{ -} -#endif - -/** - * csr_get_rsn_information() - to get RSN information - * @mac_ctx: pointer to global MAC context - * @auth_type: auth type - * @encr_type: encryption type - * @mc_encryption: multicast encryption type - * @rsn_ie: pointer to RSN IE - * @ucast_cipher: Unicast cipher - * @mcast_cipher: Multicast cipher - * @auth_suite: Authentication suite - * @capabilities: RSN capabilities - * @negotiated_authtype: Negotiated auth type - * @negotiated_mccipher: negotiated multicast cipher - * @gp_mgmt_cipher: group management cipher - * @mgmt_encryption_type: group management encryption type - * @adaptive_11r: is adaptive 11r connection - * - * This routine will get all RSN information - * - * Return: bool - */ -static bool csr_get_rsn_information(struct mac_context *mac_ctx, - tCsrAuthList *auth_type, - eCsrEncryptionType encr_type, - tCsrEncryptionList *mc_encryption, - tDot11fIERSN *rsn_ie, uint8_t *ucast_cipher, - uint8_t *mcast_cipher, uint8_t *auth_suite, - struct rsn_caps *capabilities, - enum csr_akm_type *negotiated_authtype, - eCsrEncryptionType *negotiated_mccipher, - uint8_t *gp_mgmt_cipher, - tAniEdType *mgmt_encryption_type, - bool adaptive_11r) -{ - bool acceptable_cipher = false; - bool group_mgmt_acceptable_cipher = false; - uint8_t c_ucast_cipher = 0; - uint8_t c_mcast_cipher = 0; - uint8_t c_group_mgmt_cipher = 0; - uint8_t c_auth_suites = 0, i; - uint8_t unicast[CSR_RSN_OUI_SIZE]; - uint8_t multicast[CSR_RSN_OUI_SIZE]; - uint8_t group_mgmt[CSR_RSN_OUI_SIZE]; - uint8_t authsuites[CSR_RSN_MAX_AUTH_SUITES][CSR_RSN_OUI_SIZE]; - uint8_t authentication[CSR_RSN_OUI_SIZE]; - uint8_t mccipher_arr[CSR_RSN_MAX_MULTICAST_CYPHERS][CSR_RSN_OUI_SIZE]; - uint8_t group_mgmt_arr[CSR_RSN_MAX_MULTICAST_CYPHERS][CSR_RSN_OUI_SIZE]; - enum csr_akm_type neg_authtype = eCSR_AUTH_TYPE_UNKNOWN; - - if (!rsn_ie->present) - goto end; - c_mcast_cipher++; - qdf_mem_copy(mccipher_arr, rsn_ie->gp_cipher_suite, - CSR_RSN_OUI_SIZE); - c_ucast_cipher = - (uint8_t) (rsn_ie->pwise_cipher_suite_count); - - c_auth_suites = (uint8_t) (rsn_ie->akm_suite_cnt); - for (i = 0; i < c_auth_suites && i < CSR_RSN_MAX_AUTH_SUITES; i++) { - qdf_mem_copy((void *)&authsuites[i], - (void *)&rsn_ie->akm_suite[i], CSR_RSN_OUI_SIZE); - } - - /* Check - Is requested unicast Cipher supported by the BSS. */ - acceptable_cipher = csr_match_rsnoui_index(mac_ctx, - rsn_ie->pwise_cipher_suites, c_ucast_cipher, - csr_get_oui_index_from_cipher(encr_type), - unicast); - - if (!acceptable_cipher) - goto end; - - /* unicast is supported. Pick the first matching Group cipher, if any */ - for (i = 0; i < mc_encryption->numEntries; i++) { - acceptable_cipher = csr_match_rsnoui_index(mac_ctx, - mccipher_arr, c_mcast_cipher, - csr_get_oui_index_from_cipher( - mc_encryption->encryptionType[i]), - multicast); - if (acceptable_cipher) - break; - } - if (!acceptable_cipher) - goto end; - - if (negotiated_mccipher) - *negotiated_mccipher = mc_encryption->encryptionType[i]; - - /* Group Management Cipher only for 11w */ - if (mgmt_encryption_type) { - c_group_mgmt_cipher++; - qdf_mem_copy(group_mgmt_arr, rsn_ie->gp_mgmt_cipher_suite, - CSR_RSN_OUI_SIZE); - if (csr_is_group_mgmt_gmac_128(mac_ctx, group_mgmt_arr, - c_group_mgmt_cipher, group_mgmt)) { - group_mgmt_acceptable_cipher = true; - *mgmt_encryption_type = eSIR_ED_AES_GMAC_128; - } else if (csr_is_group_mgmt_gmac_256(mac_ctx, group_mgmt_arr, - c_group_mgmt_cipher, group_mgmt)) { - group_mgmt_acceptable_cipher = true; - *mgmt_encryption_type = eSIR_ED_AES_GMAC_256; - } else { - /* Default is CMAC */ - group_mgmt_acceptable_cipher = true; - *mgmt_encryption_type = eSIR_ED_AES_128_CMAC; - qdf_mem_copy(group_mgmt, csr_group_mgmt_oui[ENUM_CMAC], - CSR_RSN_OUI_SIZE); - } - } - - /* Initializing with false as it has true value already */ - acceptable_cipher = false; - for (i = 0; i < auth_type->numEntries; i++) { - /* - * Ciphers are supported, Match authentication algorithm and - * pick first matching authtype. - */ - /* Set FILS as first preference */ - csr_is_fils_auth(mac_ctx, authsuites, c_auth_suites, - authentication, auth_type, i, &neg_authtype); - /* Changed the AKM suites according to order of preference */ - csr_check_sae_auth(mac_ctx, authsuites, c_auth_suites, - authentication, auth_type, i, &neg_authtype); - - if (neg_authtype == eCSR_AUTH_TYPE_UNKNOWN && - csr_is_auth_osen(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_OSEN == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_OSEN; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_dpp_rsn(mac_ctx, authsuites, - c_auth_suites, - authentication)) { - if (eCSR_AUTH_TYPE_DPP_RSN == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_DPP_RSN; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_ft_auth_rsn(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_FT_RSN == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_FT_RSN; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) - && csr_is_ft_auth_rsn_psk(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_FT_RSN_PSK == - auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_FT_RSN_PSK; - } -#ifdef FEATURE_WLAN_ESE - /* ESE only supports 802.1X. No PSK. */ - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_ese_cckm_auth_rsn(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_CCKM_RSN == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_CCKM_RSN; - } -#endif - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_rsn(mac_ctx, authsuites, - c_auth_suites, authentication)) { - /* - * For adaptive 11r connection send FT-802.1X akm in - * association request - */ - if (adaptive_11r && - eCSR_AUTH_TYPE_FT_RSN == auth_type->authType[i]) { - neg_authtype = eCSR_AUTH_TYPE_FT_RSN; - qdf_mem_copy(authentication, - csr_rsn_oui[FT_8021X_IDX], - CSR_WPA_OUI_SIZE); - } - - if (eCSR_AUTH_TYPE_RSN == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_RSN; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_rsn_psk(mac_ctx, authsuites, - c_auth_suites, authentication)) { - /* - * For adaptive 11r connection send FT-PSK akm in - * association request - */ - if (adaptive_11r && - eCSR_AUTH_TYPE_FT_RSN_PSK == auth_type->authType[i]) { - neg_authtype = eCSR_AUTH_TYPE_FT_RSN_PSK; - qdf_mem_copy(authentication, - csr_rsn_oui[FT_PSK_IDX], - CSR_WPA_OUI_SIZE); - } - - if (eCSR_AUTH_TYPE_RSN_PSK == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_RSN_PSK; - } -#ifdef WLAN_FEATURE_11W - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_rsn_psk_sha256(mac_ctx, authsuites, - c_auth_suites, authentication)) { - /* - * For adaptive 11r connection send AP advertises only - * PSK AKM. STA can choose FT-PSK akm in association - * request if FT capable. - */ - if (adaptive_11r && - eCSR_AUTH_TYPE_FT_RSN_PSK == auth_type->authType[i]) { - neg_authtype = eCSR_AUTH_TYPE_FT_RSN_PSK; - qdf_mem_copy(authentication, - csr_rsn_oui[FT_PSK_IDX], - CSR_WPA_OUI_SIZE); - } - - if (eCSR_AUTH_TYPE_RSN_PSK_SHA256 == - auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_RSN_PSK_SHA256; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_rsn8021x_sha256(mac_ctx, - authsuites, c_auth_suites, - authentication)) { - /* - * For adaptive 11r connection send FT-802.1x akm in - * association request - */ - if (adaptive_11r && - eCSR_AUTH_TYPE_FT_RSN == auth_type->authType[i]) { - neg_authtype = eCSR_AUTH_TYPE_FT_RSN; - qdf_mem_copy(authentication, - csr_rsn_oui[FT_8021X_IDX], - CSR_WPA_OUI_SIZE); - } - if (eCSR_AUTH_TYPE_RSN_8021X_SHA256 == - auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_RSN_8021X_SHA256; - } -#endif - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_wpa_owe(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_OWE == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_OWE; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_suiteb_eap_256(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_SUITEB_EAP_SHA256 == - auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_SUITEB_EAP_SHA256; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_suiteb_eap_384(mac_ctx, authsuites, - c_auth_suites, authentication)) { - if (eCSR_AUTH_TYPE_SUITEB_EAP_SHA384 == - auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_SUITEB_EAP_SHA384; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_ft_suiteb_eap_384(mac_ctx, authsuites, - c_auth_suites, - authentication)) { - if (eCSR_AUTH_TYPE_FT_SUITEB_EAP_SHA384 == - auth_type->authType[i]) - neg_authtype = - eCSR_AUTH_TYPE_FT_SUITEB_EAP_SHA384; - } - - /* - * The 1st auth type in the APs RSN IE, to match stations - * connecting profiles auth type will cause us to exit this - * loop. This is added as some APs advertise multiple akms in - * the RSN IE - */ - if (eCSR_AUTH_TYPE_UNKNOWN != neg_authtype) { - acceptable_cipher = true; - break; - } - } /* for */ -end: - if (acceptable_cipher) { - if (mcast_cipher) - qdf_mem_copy(mcast_cipher, multicast, - CSR_RSN_OUI_SIZE); - - if (ucast_cipher) - qdf_mem_copy(ucast_cipher, unicast, CSR_RSN_OUI_SIZE); - - if (gp_mgmt_cipher && group_mgmt_acceptable_cipher) - qdf_mem_copy(gp_mgmt_cipher, group_mgmt, - CSR_RSN_OUI_SIZE); - - if (auth_suite) - qdf_mem_copy(auth_suite, authentication, - CSR_RSN_OUI_SIZE); - - if (negotiated_authtype) - *negotiated_authtype = neg_authtype; - - if (capabilities) { - /* Bit 0 Preauthentication */ - capabilities->PreAuthSupported = - (rsn_ie->RSN_Cap[0] >> 0) & 0x1; - /* Bit 1 No Pairwise */ - capabilities->NoPairwise = - (rsn_ie->RSN_Cap[0] >> 1) & 0x1; - /* Bit 2, 3 PTKSA Replay Counter */ - capabilities->PTKSAReplayCounter = - (rsn_ie->RSN_Cap[0] >> 2) & 0x3; - /* Bit 4, 5 GTKSA Replay Counter */ - capabilities->GTKSAReplayCounter = - (rsn_ie->RSN_Cap[0] >> 4) & 0x3; -#ifdef WLAN_FEATURE_11W - /* Bit 6 MFPR */ - capabilities->MFPRequired = - (rsn_ie->RSN_Cap[0] >> 6) & 0x1; - /* Bit 7 MFPC */ - capabilities->MFPCapable = - (rsn_ie->RSN_Cap[0] >> 7) & 0x1; -#else - /* Bit 6 MFPR */ - capabilities->MFPRequired = 0; - /* Bit 7 MFPC */ - capabilities->MFPCapable = 0; -#endif - /* remaining reserved */ - capabilities->Reserved = rsn_ie->RSN_Cap[1] & 0xff; - } - } - return acceptable_cipher; -} - -/** - * csr_lookup_pmkid_using_ssid() - lookup pmkid using ssid and cache_id - * @mac: pointer to mac - * @session: sme session pointer - * @pmk_cache: pointer to pmk cache - * @index: index value needs to be seached - * - * Return: true if pmkid is found else false - */ -static bool csr_lookup_pmkid_using_ssid(struct mac_context *mac, - struct csr_roam_session *session, - tPmkidCacheInfo *pmk_cache, - uint32_t *index) -{ - uint32_t i; - tPmkidCacheInfo *session_pmk; - - for (i = 0; i < session->NumPmkidCache; i++) { - session_pmk = &session->PmkidCacheInfo[i]; - sme_debug("match PMKID ssid %*.*s cache id %x %x ssid_len %d to ssid %s cache_id %x %x", - pmk_cache->ssid_len, pmk_cache->ssid_len, - pmk_cache->ssid, pmk_cache->cache_id[0], - pmk_cache->cache_id[1], pmk_cache->ssid_len, - session_pmk->ssid, - session_pmk->cache_id[0], session_pmk->cache_id[1]); - - if ((!qdf_mem_cmp(pmk_cache->ssid, session_pmk->ssid, - pmk_cache->ssid_len)) && - (!qdf_mem_cmp(session_pmk->cache_id, - pmk_cache->cache_id, CACHE_ID_LEN))) { - /* match found */ - *index = i; - sme_debug("PMKID found at index %d", i); - return true; - } - } - - return false; -} - -bool csr_lookup_pmkid_using_bssid(struct mac_context *mac, - struct csr_roam_session *session, - tPmkidCacheInfo *pmk_cache, - uint32_t *index) -{ - uint32_t i; - tPmkidCacheInfo *session_pmk; - - for (i = 0; i < session->NumPmkidCache; i++) { - session_pmk = &session->PmkidCacheInfo[i]; - sme_debug("Matching BSSID: " QDF_MAC_ADDR_STR " to cached BSSID:" - QDF_MAC_ADDR_STR, QDF_MAC_ADDR_ARRAY(pmk_cache->BSSID.bytes), - QDF_MAC_ADDR_ARRAY(session_pmk->BSSID.bytes)); - if (qdf_is_macaddr_equal(&pmk_cache->BSSID, - &session_pmk->BSSID)) { - /* match found */ - *index = i; - sme_debug("PMKID found at index %d", i); - qdf_mem_copy(pmk_cache, session_pmk, - sizeof(tPmkidCacheInfo)); - return true; - } - } - - return false; -} - -/** - * csr_lookup_pmkid() - lookup pmkid using bssid or ssid + cache_id - * @mac: pointer to mac - * @session: sme session pointer - * @pmk_cache: pointer to pmk cache - * @index: index value needs to be seached - * - * Return: true if pmkid is found else false - */ -static bool csr_lookup_pmkid(struct mac_context *mac, uint32_t sessionId, - tPmkidCacheInfo *pmk_cache) -{ - bool fRC = false, fMatchFound = false; - uint32_t Index; - struct csr_roam_session *pSession = CSR_GET_SESSION(mac, sessionId); - - if (!pSession) { - sme_err("session %d not found", sessionId); - return false; - } - - if (pmk_cache->ssid_len) { - /* Try to find based on cache_id and ssid first */ - fMatchFound = csr_lookup_pmkid_using_ssid(mac, pSession, - pmk_cache, &Index); - } - - /* If not able to find using cache id or ssid_len is not present */ - if (!fMatchFound) - fMatchFound = csr_lookup_pmkid_using_bssid(mac, - pSession, pmk_cache, &Index); - - if (!fMatchFound) { - sme_debug("no pmkid match found NumPmkidCache = %d", - pSession->NumPmkidCache); - return false; - } - - qdf_mem_copy(pmk_cache->PMKID, - pSession->PmkidCacheInfo[Index].PMKID, - PMKID_LEN); - - qdf_mem_copy(pmk_cache->pmk, - pSession->PmkidCacheInfo[Index].pmk, - pSession->PmkidCacheInfo[Index].pmk_len); - pmk_cache->pmk_len = pSession->PmkidCacheInfo[Index].pmk_len; - - fRC = true; - sme_debug("match = %d NumPmkidCache = %d", - fRC, pSession->NumPmkidCache); - - return fRC; -} - -#ifdef WLAN_FEATURE_FILS_SK -/* - * csr_update_pmksa_for_cache_id: update tPmkidCacheInfo to lookup using - * ssid and cache id - * @bss_desc: bss description - * @profile: csr roam profile - * @pmkid_cache: pmksa cache - * - * Return: true if cache identifier present else false - */ -static bool csr_update_pmksa_for_cache_id(struct bss_description *bss_desc, - struct csr_roam_profile *profile, - tPmkidCacheInfo *pmkid_cache) -{ - if (!bss_desc->fils_info_element.is_cache_id_present) - return false; - - pmkid_cache->ssid_len = - profile->SSIDs.SSIDList[0].SSID.length; - qdf_mem_copy(pmkid_cache->ssid, - profile->SSIDs.SSIDList[0].SSID.ssId, - profile->SSIDs.SSIDList[0].SSID.length); - qdf_mem_copy(pmkid_cache->cache_id, - bss_desc->fils_info_element.cache_id, - CACHE_ID_LEN); - qdf_mem_copy(pmkid_cache->BSSID.bytes, - bss_desc->bssId, QDF_MAC_ADDR_SIZE); - - return true; - -} - -/* - * csr_update_pmksa_to_profile: update pmk and pmkid to profile which will be - * used in case of fils session - * @profile: profile - * @pmkid_cache: pmksa cache - * - * Return: None - */ -static inline void csr_update_pmksa_to_profile(struct csr_roam_profile *profile, - tPmkidCacheInfo *pmkid_cache) -{ - if (!profile->fils_con_info) - return; - - profile->fils_con_info->pmk_len = pmkid_cache->pmk_len; - qdf_mem_copy(profile->fils_con_info->pmk, - pmkid_cache->pmk, pmkid_cache->pmk_len); - qdf_mem_copy(profile->fils_con_info->pmkid, - pmkid_cache->PMKID, PMKID_LEN); - -} -#else -static inline -bool csr_update_pmksa_for_cache_id(struct bss_description *bss_desc, - struct csr_roam_profile *profile, - tPmkidCacheInfo *pmkid_cache) -{ - return false; -} - -static inline void csr_update_pmksa_to_profile(struct csr_roam_profile *profile, - tPmkidCacheInfo *pmkid_cache) -{ -} -#endif - -/** - * csr_update_session_pmk() - Update the pmk len and pmk in the roam session - * @session: pointer to the CSR Roam session - * @pmkid_cache: pointer to the pmkid cache - * - * Return: None - */ -#ifdef WLAN_FEATURE_ROAM_OFFLOAD -static void csr_update_session_pmk(struct csr_roam_session *session, - tPmkidCacheInfo *pmkid_cache) -{ - session->pmk_len = pmkid_cache->pmk_len; - qdf_mem_zero(session->psk_pmk, sizeof(session->psk_pmk)); - qdf_mem_copy(session->psk_pmk, pmkid_cache->pmk, session->pmk_len); -} -#else -static inline void csr_update_session_pmk(struct csr_roam_session *session, - tPmkidCacheInfo *pmkid_cache) -{ -} -#endif - -uint8_t csr_construct_rsn_ie(struct mac_context *mac, uint32_t sessionId, - struct csr_roam_profile *pProfile, - struct bss_description *pSirBssDesc, - tDot11fBeaconIEs *pIes, tCsrRSNIe *pRSNIe) -{ - uint32_t ret; - bool fRSNMatch; - uint8_t cbRSNIe = 0; - uint8_t UnicastCypher[CSR_RSN_OUI_SIZE]; - uint8_t MulticastCypher[CSR_RSN_OUI_SIZE]; - uint8_t gp_mgmt_cipher_suite[CSR_RSN_OUI_SIZE]; - uint8_t AuthSuite[CSR_RSN_OUI_SIZE]; - tCsrRSNAuthIe *pAuthSuite; - struct rsn_caps RSNCapabilities; - tCsrRSNPMKIe *pPMK; - tPmkidCacheInfo pmkid_cache; -#ifdef WLAN_FEATURE_11W - uint8_t *pGroupMgmtCipherSuite; -#endif - tDot11fBeaconIEs *pIesLocal = pIes; - enum csr_akm_type negAuthType = eCSR_AUTH_TYPE_UNKNOWN; - tDot11fIERSN rsn_ie = {0}; - struct csr_roam_session *session = CSR_GET_SESSION(mac, sessionId); - - if (!CSR_IS_SESSION_VALID(mac, sessionId) || !session) - return 0; - qdf_mem_zero(&pmkid_cache, sizeof(pmkid_cache)); - qdf_mem_zero(&rsn_ie, sizeof(rsn_ie)); - - do { - if (!csr_is_profile_rsn(pProfile)) - break; - - if (!pIesLocal - && - (!QDF_IS_STATUS_SUCCESS - (csr_get_parsed_bss_description_ies - (mac, pSirBssDesc, &pIesLocal)))) { - break; - } - - /* - * Use intersection of the RSN cap sent by user space and - * the AP, so that only common capability are enabled. - */ - if (pProfile->pRSNReqIE && pProfile->nRSNReqIELength) { - ret = dot11f_unpack_ie_rsn(mac, - pProfile->pRSNReqIE + 2, - pProfile->nRSNReqIELength -2, &rsn_ie, false); - if (!DOT11F_FAILED(ret)) { - pIesLocal->RSN.RSN_Cap[0] = - pIesLocal->RSN.RSN_Cap[0] & - rsn_ie.RSN_Cap[0]; - pIesLocal->RSN.RSN_Cap[1] = - pIesLocal->RSN.RSN_Cap[1] & - rsn_ie.RSN_Cap[1]; - } - } - /* See if the cyphers in the Bss description match with the - * settings in the profile. - */ - fRSNMatch = csr_get_rsn_information(mac, &pProfile->AuthType, - pProfile->negotiatedUCEncryptionType, - &pProfile->mcEncryptionType, - &pIesLocal->RSN, UnicastCypher, - MulticastCypher, AuthSuite, - &RSNCapabilities, &negAuthType, NULL, - gp_mgmt_cipher_suite, - &pProfile->mgmt_encryption_type, - session->is_adaptive_11r_connection); - if (!fRSNMatch) - break; - - pRSNIe->IeHeader.ElementID = WLAN_ELEMID_RSN; - - pRSNIe->Version = CSR_RSN_VERSION_SUPPORTED; - - qdf_mem_copy(pRSNIe->MulticastOui, MulticastCypher, - sizeof(MulticastCypher)); - - pRSNIe->cUnicastCyphers = 1; - - qdf_mem_copy(&pRSNIe->UnicastOui[0], UnicastCypher, - sizeof(UnicastCypher)); - - pAuthSuite = - (tCsrRSNAuthIe *) (&pRSNIe-> - UnicastOui[pRSNIe->cUnicastCyphers]); - - pAuthSuite->cAuthenticationSuites = 1; - qdf_mem_copy(&pAuthSuite->AuthOui[0], AuthSuite, - sizeof(AuthSuite)); - - /* PreAuthSupported is an AP only capability */ - RSNCapabilities.PreAuthSupported = 0; - /* - * Use the Management Frame Protection values given by the - * supplicant, if AP and STA both are MFP capable. - */ -#ifdef WLAN_FEATURE_11W - if (RSNCapabilities.MFPCapable && pProfile->MFPCapable) { - RSNCapabilities.MFPCapable = pProfile->MFPCapable; - RSNCapabilities.MFPRequired = pProfile->MFPRequired; - } else { - RSNCapabilities.MFPCapable = 0; - RSNCapabilities.MFPRequired = 0; - } -#endif - *(uint16_t *) (&pAuthSuite->AuthOui[1]) = - *((uint16_t *) (&RSNCapabilities)); - - pPMK = (tCsrRSNPMKIe *) (((uint8_t *) (&pAuthSuite->AuthOui[1])) - + sizeof(uint16_t)); - - if (!csr_update_pmksa_for_cache_id(pSirBssDesc, - pProfile, &pmkid_cache)) - qdf_mem_copy(pmkid_cache.BSSID.bytes, - pSirBssDesc->bssId, QDF_MAC_ADDR_SIZE); - /* Don't include the PMK SA IDs for CCKM associations. */ - if ( -#ifdef FEATURE_WLAN_ESE - (eCSR_AUTH_TYPE_CCKM_RSN != negAuthType) && -#endif - csr_lookup_pmkid(mac, sessionId, &pmkid_cache)) { - pPMK->cPMKIDs = 1; - - qdf_trace_hex_dump(QDF_MODULE_ID_PE, - QDF_TRACE_LEVEL_INFO, - pmkid_cache.pmk, pmkid_cache.pmk_len); - qdf_mem_copy(pPMK->PMKIDList[0].PMKID, - pmkid_cache.PMKID, - PMKID_LEN); - - /* - * If a PMK cache is found for the BSSID, then - * update the PMK in CSR session also as this - * will be sent to the FW during RSO. - */ - csr_update_session_pmk(session, &pmkid_cache); - - csr_update_pmksa_to_profile(pProfile, &pmkid_cache); - } else { - pPMK->cPMKIDs = 0; - } - session->rsn_caps = RSNCapabilities; - - qdf_mem_zero(&pmkid_cache, sizeof(pmkid_cache)); - -#ifdef WLAN_FEATURE_11W - /* Advertise BIP in group cipher key management only if PMF is - * enabled and AP is capable. - */ - if (pProfile->MFPEnabled && - (RSNCapabilities.MFPCapable && pProfile->MFPCapable)) { - pGroupMgmtCipherSuite = - (uint8_t *) pPMK + sizeof(uint16_t) + - (pPMK->cPMKIDs * PMKID_LEN); - qdf_mem_copy(pGroupMgmtCipherSuite, - gp_mgmt_cipher_suite, CSR_RSN_OUI_SIZE); - } -#endif - host_log_rsn_info(UnicastCypher, MulticastCypher, - AuthSuite, gp_mgmt_cipher_suite); - - /* Add in the fixed fields plus 1 Unicast cypher, less the - * IE Header length Add in the size of the Auth suite (count - * plus a single OUI) Add in the RSN caps field. - * Add PMKID count and PMKID (if any) - * Add group management cipher suite - */ - pRSNIe->IeHeader.Length = - (uint8_t) (sizeof(*pRSNIe) - sizeof(pRSNIe->IeHeader) + - sizeof(*pAuthSuite) + - sizeof(struct rsn_caps)); - if (pPMK->cPMKIDs) - pRSNIe->IeHeader.Length += (uint8_t) (sizeof(uint16_t) + - (pPMK->cPMKIDs * - PMKID_LEN)); -#ifdef WLAN_FEATURE_11W - if (pProfile->MFPEnabled && - (RSNCapabilities.MFPCapable && pProfile->MFPCapable)) { - if (0 == pPMK->cPMKIDs) - pRSNIe->IeHeader.Length += sizeof(uint16_t); - pRSNIe->IeHeader.Length += CSR_WPA_OUI_SIZE; - } -#endif - - /* return the size of the IE header (total) constructed... */ - cbRSNIe = pRSNIe->IeHeader.Length + sizeof(pRSNIe->IeHeader); - - } while (0); - - if (!pIes && pIesLocal) - /* locally allocated */ - qdf_mem_free(pIesLocal); - - return cbRSNIe; -} - -#ifdef FEATURE_WLAN_WAPI -/** - * csr_get_wapi_information() - to get WAPI information - * @mac_ctx: pointer to global MAC context - * @auth_type: auth type - * @encr_type: encryption type - * @mc_encryption: multicast encryption type - * @wapi_ie: pointer to WAPI IE - * @ucast_cipher: Unicast cipher - * @mcast_cipher: Multicast cipher - * @auth_suite: Authentication suite - * @negotiated_authtype: Negotiated auth type - * @negotiated_mccipher: negotiated multicast cipher - * - * This routine will get all WAPI information - * - * Return: bool - */ -static bool csr_get_wapi_information(struct mac_context *mac_ctx, - tCsrAuthList *auth_type, - eCsrEncryptionType encr_type, - tCsrEncryptionList *mc_encryption, - tDot11fIEWAPI *wapi_ie, - uint8_t *ucast_cipher, - uint8_t *mcast_cipher, uint8_t *auth_suite, - enum csr_akm_type *negotiated_authtype, - eCsrEncryptionType *negotiated_mccipher) -{ - bool acceptable_cipher = false; - uint8_t c_ucast_cipher = 0; - uint8_t c_mcast_cipher = 0; - uint8_t c_auth_suites = 0, i; - uint8_t unicast[CSR_WAPI_OUI_SIZE]; - uint8_t multicast[CSR_WAPI_OUI_SIZE]; - uint8_t authsuites[CSR_WAPI_MAX_AUTH_SUITES][CSR_WAPI_OUI_SIZE]; - uint8_t authentication[CSR_WAPI_OUI_SIZE]; - uint8_t mccipher_arr[CSR_WAPI_MAX_MULTICAST_CYPHERS][CSR_WAPI_OUI_SIZE]; - enum csr_akm_type neg_authtype = eCSR_AUTH_TYPE_UNKNOWN; - uint8_t wapioui_idx = 0; - - if (!wapi_ie->present) - goto end; - - c_mcast_cipher++; - qdf_mem_copy(mccipher_arr, wapi_ie->multicast_cipher_suite, - CSR_WAPI_OUI_SIZE); - c_ucast_cipher = (uint8_t) (wapi_ie->unicast_cipher_suite_count); - c_auth_suites = (uint8_t) (wapi_ie->akm_suite_count); - for (i = 0; i < c_auth_suites && i < CSR_WAPI_MAX_AUTH_SUITES; i++) - qdf_mem_copy((void *)&authsuites[i], - (void *)&wapi_ie->akm_suites[i], CSR_WAPI_OUI_SIZE); - - wapioui_idx = csr_get_oui_index_from_cipher(encr_type); - if (wapioui_idx >= CSR_OUI_WAPI_WAI_MAX_INDEX) { - sme_err("Wapi OUI index = %d out of limit", - wapioui_idx); - acceptable_cipher = false; - goto end; - } - /* Check - Is requested unicast Cipher supported by the BSS. */ - acceptable_cipher = csr_match_wapi_oui_index(mac_ctx, - wapi_ie->unicast_cipher_suites, - c_ucast_cipher, wapioui_idx, unicast); - if (!acceptable_cipher) - goto end; - - /* unicast is supported. Pick the first matching Group cipher, if any */ - for (i = 0; i < mc_encryption->numEntries; i++) { - wapioui_idx = csr_get_oui_index_from_cipher( - mc_encryption->encryptionType[i]); - if (wapioui_idx >= CSR_OUI_WAPI_WAI_MAX_INDEX) { - sme_err("Wapi OUI index = %d out of limit", - wapioui_idx); - acceptable_cipher = false; - break; - } - acceptable_cipher = csr_match_wapi_oui_index(mac_ctx, - mccipher_arr, c_mcast_cipher, - wapioui_idx, multicast); - if (acceptable_cipher) - break; - } - if (!acceptable_cipher) - goto end; - - if (negotiated_mccipher) - *negotiated_mccipher = - mc_encryption->encryptionType[i]; - - /* - * Ciphers are supported, Match authentication algorithm and - * pick first matching authtype - */ - if (csr_is_auth_wapi_cert - (mac_ctx, authsuites, c_auth_suites, authentication)) { - neg_authtype = - eCSR_AUTH_TYPE_WAPI_WAI_CERTIFICATE; - } else if (csr_is_auth_wapi_psk(mac_ctx, authsuites, - c_auth_suites, authentication)) { - neg_authtype = eCSR_AUTH_TYPE_WAPI_WAI_PSK; - } else { - acceptable_cipher = false; - neg_authtype = eCSR_AUTH_TYPE_UNKNOWN; - } - - /* Caller doesn't care about auth type, or BSS doesn't match */ - if ((0 == auth_type->numEntries) || (false == acceptable_cipher)) - goto end; - - acceptable_cipher = false; - for (i = 0; i < auth_type->numEntries; i++) { - if (auth_type->authType[i] == neg_authtype) { - acceptable_cipher = true; - break; - } - } - -end: - if (acceptable_cipher) { - if (mcast_cipher) - qdf_mem_copy(mcast_cipher, multicast, - CSR_WAPI_OUI_SIZE); - if (ucast_cipher) - qdf_mem_copy(ucast_cipher, unicast, CSR_WAPI_OUI_SIZE); - if (auth_suite) - qdf_mem_copy(auth_suite, authentication, - CSR_WAPI_OUI_SIZE); - if (negotiated_authtype) - *negotiated_authtype = neg_authtype; - } - return acceptable_cipher; -} - -static bool csr_lookup_bkid(struct mac_context *mac, uint32_t sessionId, - uint8_t *pBSSId, uint8_t *pBKId) -{ - bool fRC = false, fMatchFound = false; - uint32_t Index; - struct csr_roam_session *pSession = CSR_GET_SESSION(mac, sessionId); - - if (!pSession) { - sme_err("session %d not found", sessionId); - return false; - } - - do { - for (Index = 0; Index < pSession->NumBkidCache; Index++) { - sme_debug("match BKID " QDF_MAC_ADDR_STR " to ", - QDF_MAC_ADDR_ARRAY(pBSSId)); - if (!qdf_mem_cmp - (pBSSId, pSession->BkidCacheInfo[Index].BSSID.bytes, - sizeof(struct qdf_mac_addr))) { - /* match found */ - fMatchFound = true; - break; - } - } - - if (!fMatchFound) - break; - - qdf_mem_copy(pBKId, pSession->BkidCacheInfo[Index].BKID, - CSR_WAPI_BKID_SIZE); - - fRC = true; - } while (0); - sme_debug( - "return match = %d mac->roam.NumBkidCache = %d", - fRC, pSession->NumBkidCache); - - return fRC; -} - -uint8_t csr_construct_wapi_ie(struct mac_context *mac, uint32_t sessionId, - struct csr_roam_profile *pProfile, - struct bss_description *pSirBssDesc, - tDot11fBeaconIEs *pIes, tCsrWapiIe *pWapiIe) -{ - bool fWapiMatch = false; - uint8_t cbWapiIe = 0; - uint8_t UnicastCypher[CSR_WAPI_OUI_SIZE]; - uint8_t MulticastCypher[CSR_WAPI_OUI_SIZE]; - uint8_t AuthSuite[CSR_WAPI_OUI_SIZE]; - uint8_t BKId[CSR_WAPI_BKID_SIZE]; - uint8_t *pWapi = NULL; - bool fBKIDFound = false; - tDot11fBeaconIEs *pIesLocal = pIes; - - do { - if (!csr_is_profile_wapi(pProfile)) - break; - - if (!pIesLocal - && - (!QDF_IS_STATUS_SUCCESS - (csr_get_parsed_bss_description_ies - (mac, pSirBssDesc, &pIesLocal)))) { - break; - } - /* See if the cyphers in the Bss description match with the - * settings in the profile. - */ - fWapiMatch = - csr_get_wapi_information(mac, &pProfile->AuthType, - pProfile->negotiatedUCEncryptionType, - &pProfile->mcEncryptionType, - &pIesLocal->WAPI, UnicastCypher, - MulticastCypher, AuthSuite, NULL, - NULL); - if (!fWapiMatch) - break; - - qdf_mem_zero(pWapiIe, sizeof(tCsrWapiIe)); - - pWapiIe->IeHeader.ElementID = DOT11F_EID_WAPI; - - pWapiIe->Version = CSR_WAPI_VERSION_SUPPORTED; - - pWapiIe->cAuthenticationSuites = 1; - qdf_mem_copy(&pWapiIe->AuthOui[0], AuthSuite, - sizeof(AuthSuite)); - - pWapi = (uint8_t *) (&pWapiIe->AuthOui[1]); - - *pWapi = (uint16_t) 1; /* cUnicastCyphers */ - pWapi += 2; - qdf_mem_copy(pWapi, UnicastCypher, sizeof(UnicastCypher)); - pWapi += sizeof(UnicastCypher); - - qdf_mem_copy(pWapi, MulticastCypher, sizeof(MulticastCypher)); - pWapi += sizeof(MulticastCypher); - - /* WAPI capabilities follows the Auth Suite (two octects) - * we shouldn't EVER be sending out "pre-auth supported". - * It is an AP only capability & since we already did a memset - * pWapiIe to 0, skip these fields - */ - pWapi += 2; - - fBKIDFound = - csr_lookup_bkid(mac, sessionId, pSirBssDesc->bssId, - &(BKId[0])); - - if (fBKIDFound) { - /* Do we need to change the endianness here */ - *pWapi = (uint16_t) 1; /* cBKIDs */ - pWapi += 2; - qdf_mem_copy(pWapi, BKId, CSR_WAPI_BKID_SIZE); - } else { - *pWapi = 0; - pWapi += 1; - *pWapi = 0; - pWapi += 1; - } - - /* Add in the IE fields except the IE header */ - /* Add BKID count and BKID (if any) */ - pWapiIe->IeHeader.Length = - (uint8_t) (sizeof(*pWapiIe) - - sizeof(pWapiIe->IeHeader)); - - /*2 bytes for BKID Count field */ - pWapiIe->IeHeader.Length += sizeof(uint16_t); - - if (fBKIDFound) - pWapiIe->IeHeader.Length += CSR_WAPI_BKID_SIZE; - - /* return the size of the IE header (total) constructed... */ - cbWapiIe = pWapiIe->IeHeader.Length + sizeof(pWapiIe->IeHeader); - - } while (0); - - if (!pIes && pIesLocal) - /* locally allocated */ - qdf_mem_free(pIesLocal); - - return cbWapiIe; -} -#endif /* FEATURE_WLAN_WAPI */ -/** - * csr_get_wpa_cyphers() - to get WPA cipher info - * @mac_ctx: pointer to mac context - * @auth_type: auth type - * @encr_type: encryption type - * @mc_encryption: multicast encryption type - * @wpa_ie: pointer to WPA IE - * @ucast_cipher: Unicast cipher - * @mcast_cipher: Multicast cipher - * @auth_suite: Authentication suite - * @negotiated_authtype: Negotiated auth type - * @negotiated_mccipher: negotiated multicast cipher - * - * This routine will get all WPA information - * - * Return: bool - */ -static bool csr_get_wpa_cyphers(struct mac_context *mac_ctx, tCsrAuthList *auth_type, - eCsrEncryptionType encr_type, - tCsrEncryptionList *mc_encryption, - tDot11fIEWPA *wpa_ie, uint8_t *ucast_cipher, - uint8_t *mcast_cipher, uint8_t *auth_suite, - enum csr_akm_type *negotiated_authtype, - eCsrEncryptionType *negotiated_mccipher) -{ - bool acceptable_cipher = false; - uint8_t c_ucast_cipher = 0; - uint8_t c_mcast_cipher = 0; - uint8_t c_auth_suites = 0; - uint8_t unicast[CSR_WPA_OUI_SIZE]; - uint8_t multicast[CSR_WPA_OUI_SIZE]; - uint8_t authentication[CSR_WPA_OUI_SIZE]; - uint8_t mccipher_arr[1][CSR_WPA_OUI_SIZE]; - uint8_t i; - uint8_t index; - enum csr_akm_type neg_authtype = eCSR_AUTH_TYPE_UNKNOWN; - - if (!wpa_ie->present) - goto end; - c_mcast_cipher = 1; - qdf_mem_copy(mccipher_arr, wpa_ie->multicast_cipher, CSR_WPA_OUI_SIZE); - c_ucast_cipher = (uint8_t) (wpa_ie->unicast_cipher_count); - c_auth_suites = (uint8_t) (wpa_ie->auth_suite_count); - - /* - * csr_match_wpaoui_index will provide the index of the - * array csr_wpa_oui to be read and determine if it is - * accepatable cipher or not. Below check ensures that - * the index will not be out of range of the array size. - */ - index = csr_get_oui_index_from_cipher(encr_type); - if (!(index < (sizeof(csr_wpa_oui)/CSR_WPA_OUI_SIZE))) { - sme_debug("Unacceptable index: %d", index); - goto end; - } - - sme_debug("kw_dbg: index: %d", index); - /* Check - Is requested unicast Cipher supported by the BSS. */ - acceptable_cipher = csr_match_wpaoui_index(mac_ctx, - wpa_ie->unicast_ciphers, c_ucast_cipher, - index, unicast); - if (!acceptable_cipher) - goto end; - /* unicast is supported. Pick the first matching Group cipher, if any */ - for (i = 0; i < mc_encryption->numEntries; i++) { - index = csr_get_oui_index_from_cipher( - mc_encryption->encryptionType[i]); - sme_debug("kw_dbg: index: %d", index); - if (!(index < (sizeof(csr_wpa_oui)/CSR_WPA_OUI_SIZE))) { - sme_debug("Unacceptable MC index: %d", index); - acceptable_cipher = false; - continue; - } - acceptable_cipher = csr_match_wpaoui_index(mac_ctx, - mccipher_arr, c_mcast_cipher, - index, multicast); - if (acceptable_cipher) - break; - } - if (!acceptable_cipher) - goto end; - - if (negotiated_mccipher) - *negotiated_mccipher = mc_encryption->encryptionType[i]; - - /* Initializing with false as it has true value already */ - acceptable_cipher = false; - for (i = 0; i < auth_type->numEntries; i++) { - /* - * Ciphers are supported, Match authentication algorithm and - * pick first matching authtype - */ - if (csr_is_auth_wpa(mac_ctx, wpa_ie->auth_suites, c_auth_suites, - authentication)) { - if (eCSR_AUTH_TYPE_WPA == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_WPA; - } - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && - csr_is_auth_wpa_psk(mac_ctx, - wpa_ie->auth_suites, c_auth_suites, - authentication)) { - if (eCSR_AUTH_TYPE_WPA_PSK == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_WPA_PSK; - } -#ifdef FEATURE_WLAN_ESE - if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) - && csr_is_ese_cckm_auth_wpa(mac_ctx, - wpa_ie->auth_suites, c_auth_suites, - authentication)) { - if (eCSR_AUTH_TYPE_CCKM_WPA == auth_type->authType[i]) - neg_authtype = eCSR_AUTH_TYPE_CCKM_WPA; - } -#endif /* FEATURE_WLAN_ESE */ - - /* - * The 1st auth type in the APs WPA IE, to match stations - * connecting profiles auth type will cause us to exit this - * loop. This is added as some APs advertise multiple akms in - * the WPA IE - */ - if (eCSR_AUTH_TYPE_UNKNOWN != neg_authtype) { - acceptable_cipher = true; - break; - } - } - -end: - if (acceptable_cipher) { - if (mcast_cipher) - qdf_mem_copy((uint8_t **) mcast_cipher, multicast, - CSR_WPA_OUI_SIZE); - - if (ucast_cipher) - qdf_mem_copy((uint8_t **) ucast_cipher, unicast, - CSR_WPA_OUI_SIZE); - - if (auth_suite) - qdf_mem_copy((uint8_t **) auth_suite, authentication, - CSR_WPA_OUI_SIZE); - - if (negotiated_authtype) - *negotiated_authtype = neg_authtype; - } - - return acceptable_cipher; -} - -uint8_t csr_construct_wpa_ie(struct mac_context *mac, uint8_t session_id, - struct csr_roam_profile *pProfile, - struct bss_description *pSirBssDesc, - tDot11fBeaconIEs *pIes, tCsrWpaIe *pWpaIe) -{ - bool fWpaMatch; - uint8_t cbWpaIe = 0; - uint8_t UnicastCypher[CSR_WPA_OUI_SIZE]; - uint8_t MulticastCypher[CSR_WPA_OUI_SIZE]; - uint8_t AuthSuite[CSR_WPA_OUI_SIZE]; - tCsrWpaAuthIe *pAuthSuite; - tDot11fBeaconIEs *pIesLocal = pIes; - - do { - if (!csr_is_profile_wpa(pProfile)) - break; - - if (!pIesLocal - && - (!QDF_IS_STATUS_SUCCESS - (csr_get_parsed_bss_description_ies - (mac, pSirBssDesc, &pIesLocal)))) - break; - /* See if the cyphers in the Bss description match with the - * settings in the profile. - */ - fWpaMatch = - csr_get_wpa_cyphers(mac, &pProfile->AuthType, - pProfile->negotiatedUCEncryptionType, - &pProfile->mcEncryptionType, - &pIesLocal->WPA, UnicastCypher, - MulticastCypher, AuthSuite, NULL, NULL); - if (!fWpaMatch) - break; - - pWpaIe->IeHeader.ElementID = SIR_MAC_WPA_EID; - - qdf_mem_copy(pWpaIe->Oui, csr_wpa_oui[01], sizeof(pWpaIe->Oui)); - - pWpaIe->Version = CSR_WPA_VERSION_SUPPORTED; - - qdf_mem_copy(pWpaIe->MulticastOui, MulticastCypher, - sizeof(MulticastCypher)); - - pWpaIe->cUnicastCyphers = 1; - - qdf_mem_copy(&pWpaIe->UnicastOui[0], UnicastCypher, - sizeof(UnicastCypher)); - - pAuthSuite = - (tCsrWpaAuthIe *) (&pWpaIe-> - UnicastOui[pWpaIe->cUnicastCyphers]); - - pAuthSuite->cAuthenticationSuites = 1; - qdf_mem_copy(&pAuthSuite->AuthOui[0], AuthSuite, - sizeof(AuthSuite)); - - /* The WPA capabilities follows the Auth Suite (two octects)- - * this field is optional, and we always "send" zero, so just - * remove it. This is consistent with our assumptions in the - * frames compiler; c.f. bug 15234: - * http://gold.woodsidenet.com/bugzilla/show_bug.cgi?id=15234 - * Add in the fixed fields plus 1 Unicast cypher, less the IE - * Header length Add in the size of the Auth suite (count plus - * a single OUI) - */ - pWpaIe->IeHeader.Length = - sizeof(*pWpaIe) - sizeof(pWpaIe->IeHeader) + - sizeof(*pAuthSuite); - - /* return the size of the IE header (total) constructed... */ - cbWpaIe = pWpaIe->IeHeader.Length + sizeof(pWpaIe->IeHeader); - - } while (0); - - if (!pIes && pIesLocal) - /* locally allocated */ - qdf_mem_free(pIesLocal); - - return cbWpaIe; -} -#endif - /* If a WPAIE exists in the profile, just use it. Or else construct * one from the BSS Caller allocated memory for pWpaIe and guarrantee * it can contain a max length WPA IE