qcacld-3.0: Add support of GCMP (128/256) support

Add support of GCMP (128/256) security ciper support.

Change-Id: I3c9cb3dc72cce0a2cae3e468d3c1f3c004e11adf
CRs-fixed: 2056168

core/hdd/src/wlan_hdd_assoc.c

@@ -109,6 +109,12 @@ uint8_t ccp_rsn_oui07[HDD_RSN_OUI_SIZE] = { 0x00, 0x0F, 0xAC, 0x06 };
 uint8_t ccp_rsn_oui08[HDD_RSN_OUI_SIZE] = { 0x00, 0x0F, 0xAC, 0x05 };
 #endif
 
+/* AES-GCMP-128 */
+uint8_t ccp_rsn_oui09[HDD_RSN_OUI_SIZE] = { 0x00, 0x0F, 0xAC, 0x08 };
+
+/* AES-GCMP-256 */
+uint8_t ccp_rsn_oui0a[HDD_RSN_OUI_SIZE] = { 0x00, 0x0F, 0xAC, 0x09 };
+
 /* Offset where the EID-Len-IE, start. */
 #define FT_ASSOC_RSP_IES_OFFSET 6  /* Capability(2) + AID(2) + Status Code(2) */
 #define FT_ASSOC_REQ_IES_OFFSET 4  /* Capability(2) + LI(2) */
@@ -2301,6 +2307,8 @@ static inline bool hdd_is_key_install_required_for_ibss(
 	if (eCSR_ENCRYPT_TYPE_WEP40_STATICKEY == encr_type ||
 	    eCSR_ENCRYPT_TYPE_WEP104_STATICKEY == encr_type ||
 	    eCSR_ENCRYPT_TYPE_TKIP == encr_type ||
+	    eCSR_ENCRYPT_TYPE_AES_GCMP == encr_type ||
+	    eCSR_ENCRYPT_TYPE_AES_GCMP_256 == encr_type ||
 	    eCSR_ENCRYPT_TYPE_AES == encr_type)
 		return true;
 	else
@@ -5331,6 +5339,10 @@ hdd_translate_rsn_to_csr_encryption_type(uint8_t cipher_suite[4])
 
 	if (memcmp(cipher_suite, ccp_rsn_oui04, 4) == 0)
 		cipher_type = eCSR_ENCRYPT_TYPE_AES;
+	else if (memcmp(cipher_suite, ccp_rsn_oui09, 4) == 0)
+		cipher_type = eCSR_ENCRYPT_TYPE_AES_GCMP;
+	else if (memcmp(cipher_suite, ccp_rsn_oui0a, 4) == 0)
+		cipher_type = eCSR_ENCRYPT_TYPE_AES_GCMP_256;
 	else if (memcmp(cipher_suite, ccp_rsn_oui02, 4) == 0)
 		cipher_type = eCSR_ENCRYPT_TYPE_TKIP;
 	else if (memcmp(cipher_suite, ccp_rsn_oui00, 4) == 0)
@@ -5573,6 +5585,8 @@ int hdd_set_genie_to_csr(hdd_adapter_t *pAdapter, eCsrAuthType *RSNAuthType)
 
 		if ((QDF_IBSS_MODE == pAdapter->device_mode) &&
 		    ((eCSR_ENCRYPT_TYPE_AES == mcRSNEncryptType) ||
+		     (eCSR_ENCRYPT_TYPE_AES_GCMP == mcRSNEncryptType) ||
+		     (eCSR_ENCRYPT_TYPE_AES_GCMP_256 == mcRSNEncryptType) ||
 		     (eCSR_ENCRYPT_TYPE_TKIP == mcRSNEncryptType))) {
 			/*
 			 * For wpa none supplicant sends the WPA IE with unicast

core/hdd/src/wlan_hdd_cfg80211.c

@@ -208,6 +208,12 @@
  * WLAN_REASON_DEAUTH_LEAVING DEAUTH is received from user-space.
  */
 #define WLAN_DEAUTH_DPTRACE_DUMP_COUNT 100
+#ifndef WLAN_CIPHER_SUITE_GCMP
+#define WLAN_CIPHER_SUITE_GCMP 0x000FAC08
+#endif
+#ifndef WLAN_CIPHER_SUITE_GCMP_256
+#define WLAN_CIPHER_SUITE_GCMP_256 0x000FAC09
+#endif
 
 static const u32 hdd_cipher_suites[] = {
 	WLAN_CIPHER_SUITE_WEP40,
@@ -228,6 +234,8 @@ static const u32 hdd_cipher_suites[] = {
 #ifdef WLAN_FEATURE_11W
 	WLAN_CIPHER_SUITE_AES_CMAC,
 #endif
+	WLAN_CIPHER_SUITE_GCMP,
+	WLAN_CIPHER_SUITE_GCMP_256,
 };
 
 static const struct ieee80211_channel hdd_channels_2_4_ghz[] = {
@@ -13059,6 +13067,12 @@ static int __wlan_hdd_cfg80211_add_key(struct wiphy *wiphy,
 		setKey.encType = eCSR_ENCRYPT_TYPE_AES_CMAC;
 		break;
 #endif
+	case WLAN_CIPHER_SUITE_GCMP:
+		setKey.encType = eCSR_ENCRYPT_TYPE_AES_GCMP;
+		break;
+	case WLAN_CIPHER_SUITE_GCMP_256:
+		setKey.encType = eCSR_ENCRYPT_TYPE_AES_GCMP_256;
+		break;
 
 	default:
 		hdd_err("Unsupported cipher type: %u", params->cipher);
@@ -13293,7 +13307,12 @@ static int __wlan_hdd_cfg80211_get_key(struct wiphy *wiphy,
 	case eCSR_ENCRYPT_TYPE_AES:
 		params.cipher = WLAN_CIPHER_SUITE_AES_CMAC;
 		break;
-
+	case eCSR_ENCRYPT_TYPE_AES_GCMP:
+		params.cipher = WLAN_CIPHER_SUITE_GCMP;
+		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
+		params.cipher = WLAN_CIPHER_SUITE_GCMP_256;
+		break;
 	default:
 		params.cipher = IW_AUTH_CIPHER_NONE;
 		break;
@@ -13440,6 +13459,10 @@ static int __wlan_hdd_cfg80211_set_default_key(struct wiphy *wiphy,
 		if ((eCSR_ENCRYPT_TYPE_TKIP !=
 		     pHddStaCtx->conn_info.ucEncryptionType) &&
 		    (eCSR_ENCRYPT_TYPE_AES !=
+		     pHddStaCtx->conn_info.ucEncryptionType) &&
+		    (eCSR_ENCRYPT_TYPE_AES_GCMP !=
+			pHddStaCtx->conn_info.ucEncryptionType) &&
+		    (eCSR_ENCRYPT_TYPE_AES_GCMP_256 !=
 		     pHddStaCtx->conn_info.ucEncryptionType)) {
 			/* If default key index is not same as previous one,
 			 * then update the default key index
@@ -13502,10 +13525,13 @@ static int __wlan_hdd_cfg80211_set_default_key(struct wiphy *wiphy,
 	} else if (QDF_SAP_MODE == pAdapter->device_mode) {
 		/* In SoftAp mode setting key direction for default mode */
 		if ((eCSR_ENCRYPT_TYPE_TKIP !=
-		     pWextState->roamProfile.EncryptionType.encryptionType[0])
-		    && (eCSR_ENCRYPT_TYPE_AES !=
-			pWextState->roamProfile.EncryptionType.
-			encryptionType[0])) {
+		    pWextState->roamProfile.EncryptionType.encryptionType[0]) &&
+		    (eCSR_ENCRYPT_TYPE_AES !=
+		    pWextState->roamProfile.EncryptionType.encryptionType[0]) &&
+		    (eCSR_ENCRYPT_TYPE_AES_GCMP !=
+		    pWextState->roamProfile.EncryptionType.encryptionType[0]) &&
+		    (eCSR_ENCRYPT_TYPE_AES_GCMP_256 !=
+		    pWextState->roamProfile.EncryptionType.encryptionType[0])) {
 			/* Saving key direction for default key index to TX default */
 			hdd_ap_ctx_t *pAPCtx =
 				WLAN_HDD_GET_AP_CTX_PTR(pAdapter);
@@ -14842,6 +14868,12 @@ static int wlan_hdd_cfg80211_set_cipher(hdd_adapter_t *pAdapter,
 			break;
 #endif
 #endif
+		case WLAN_CIPHER_SUITE_GCMP:
+			encryptionType = eCSR_ENCRYPT_TYPE_AES_GCMP;
+			break;
+		case WLAN_CIPHER_SUITE_GCMP_256:
+			encryptionType = eCSR_ENCRYPT_TYPE_AES_GCMP_256;
+			break;
 		default:
 			hdd_err("Unsupported cipher type: %d", cipher);
 			return -EOPNOTSUPP;

core/mac/inc/ani_system_defs.h

@@ -89,6 +89,9 @@ typedef enum eAniEdType {
 	   Thus while setting BIP encryption mode in corresponding DPU Desc
 	   eSIR_ED_AES_128_CMAC should be set to eSIR_ED_CCMP */
 	eSIR_ED_AES_128_CMAC,
+	/* Firmware uses key length to find GCMP 128 or 256 */
+	eSIR_ED_GCMP,
+	eSIR_ED_GCMP_256,
 	eSIR_ED_NOT_IMPLEMENTED = SIR_MAX_ENUM_SIZE
 } tAniEdType;
 

core/mac/src/pe/lim/lim_api.c

@@ -1409,6 +1409,8 @@ static bool lim_ibss_enc_type_matched(tpSchBeaconStruct pBeacon,
 	if (pBeacon->capabilityInfo.privacy == 1 && pBeacon->wpaPresent == 1
 	    && pBeacon->rsnPresent == 0
 	    && ((pSession->encryptType == eSIR_ED_CCMP) ||
+		(pSession->encryptType == eSIR_ED_GCMP) ||
+		(pSession->encryptType == eSIR_ED_GCMP_256) ||
 		(pSession->encryptType == eSIR_ED_TKIP)))
 		return true;
 
@@ -1533,6 +1535,8 @@ lim_enc_type_matched(tpAniSirGlobal mac_ctx,
 	    ((bcn->wpaPresent == 1) || (bcn->rsnPresent == 1)) &&
 	    ((session->encryptType == eSIR_ED_TKIP) ||
 		(session->encryptType == eSIR_ED_CCMP) ||
+		(session->encryptType == eSIR_ED_GCMP) ||
+		(session->encryptType == eSIR_ED_GCMP_256) ||
 		(session->encryptType == eSIR_ED_AES_128_CMAC)))
 		return true;
 

core/mac/src/pe/lim/lim_assoc_utils.c

@@ -308,6 +308,27 @@ uint8_t lim_check_mcs_set(tpAniSirGlobal pMac, uint8_t *supportedMCSSet)
 #define SECURITY_SUITE_TYPE_TKIP 0x2
 #define SECURITY_SUITE_TYPE_CCMP 0x4
 #define SECURITY_SUITE_TYPE_WEP104 0x4
+#define SECURITY_SUITE_TYPE_GCMP 0x8
+#define SECURITY_SUITE_TYPE_GCMP_256 0x9
+
+/**
+ * is_non_rsn_cipher()- API to check whether cipher suit is rsn or not
+ * @cipher_suite: cipher suit
+ *
+ * Return: True in case non ht cipher else false
+ */
+static inline bool is_non_rsn_cipher(uint8_t cipher_suite)
+{
+	uint8_t cipher_mask;
+
+	cipher_mask = cipher_suite & SECURITY_SUITE_TYPE_MASK;
+	if ((cipher_mask == SECURITY_SUITE_TYPE_CCMP) ||
+	    (cipher_mask == SECURITY_SUITE_TYPE_GCMP) ||
+	    (cipher_mask == SECURITY_SUITE_TYPE_GCMP_256))
+		return false;
+
+	return true;
+}
 
 /**
  * lim_check_rx_rsn_ie_match()- validate received rsn ie with supported cipher
@@ -366,20 +387,14 @@ lim_check_rx_rsn_ie_match(tpAniSirGlobal mac_ctx, tDot11fIERSN rx_rsn_ie,
 			}
 		}
 
-		if ((sta_is_ht)
+		if (sta_is_ht)
 #ifdef ANI_LITTLE_BYTE_ENDIAN
-			&&
-			((rx_rsn_ie.pwise_cipher_suites[i][3] &
-				 SECURITY_SUITE_TYPE_MASK) ==
-					SECURITY_SUITE_TYPE_CCMP))
+			only_non_ht_cipher = is_non_rsn_cipher(
+				rx_rsn_ie.pwise_cipher_suites[i][3]);
 #else
-			&&
-			((rx_rsn_ie.pwise_cipher_suites[i][0] &
-				 SECURITY_SUITE_TYPE_MASK) ==
-					SECURITY_SUITE_TYPE_CCMP))
+			only_non_ht_cipher = is_non_rsn_cipher(
+				rx_rsn_ie.pwise_cipher_suites[i][0]);
 #endif
-			only_non_ht_cipher = 0;
-
 	}
 
 	if ((!match) || ((sta_is_ht) && only_non_ht_cipher)) {

core/mac/src/pe/lim/lim_process_mlm_req_messages.c

@@ -1989,6 +1989,8 @@ lim_process_mlm_set_keys_req(tpAniSirGlobal mac_ctx, uint32_t *msg_buf)
 		 */
 		switch (mlm_set_keys_req->edType) {
 		case eSIR_ED_CCMP:
+		case eSIR_ED_GCMP:
+		case eSIR_ED_GCMP_256:
 #ifdef WLAN_FEATURE_11W
 		case eSIR_ED_AES_128_CMAC:
 #endif

core/mac/src/pe/lim/lim_security_utils.c

@@ -995,6 +995,8 @@ void lim_send_set_sta_key_req(tpAniSirGlobal pMac,
 		break;
 	case eSIR_ED_TKIP:
 	case eSIR_ED_CCMP:
+	case eSIR_ED_GCMP:
+	case eSIR_ED_GCMP_256:
 #ifdef FEATURE_WLAN_WAPI
 	case eSIR_ED_WPI:
 #endif

core/mac/src/pe/lim/lim_sme_req_utils.c

@@ -802,6 +802,10 @@ lim_is_sme_set_context_req_valid(tpAniSirGlobal pMac,
 		    ((pSetContextReq->keyMaterial.edType == eSIR_ED_WPI) &&
 		     (pKey->keyLength != 32)) ||
 #endif
+		    ((pSetContextReq->keyMaterial.edType == eSIR_ED_GCMP) &&
+		     (pKey->keyLength != 16)) ||
+		    ((pSetContextReq->keyMaterial.edType == eSIR_ED_GCMP_256) &&
+		     (pKey->keyLength != 32)) ||
 		    ((pSetContextReq->keyMaterial.edType == eSIR_ED_CCMP) &&
 		     (pKey->keyLength != 16))) {
 			/**

core/sme/inc/csr_api.h

@@ -78,7 +78,7 @@ typedef enum {
 	eCSR_ENCRYPT_TYPE_WEP40,
 	eCSR_ENCRYPT_TYPE_WEP104,
 	eCSR_ENCRYPT_TYPE_TKIP,
-	eCSR_ENCRYPT_TYPE_AES,
+	eCSR_ENCRYPT_TYPE_AES,/* CCMP */
 #ifdef FEATURE_WLAN_WAPI
 	/* WAPI */
 	eCSR_ENCRYPT_TYPE_WPI,
@@ -93,6 +93,8 @@ typedef enum {
 	/* 11w BIP */
 	eCSR_ENCRYPT_TYPE_AES_CMAC,
 #endif
+	eCSR_ENCRYPT_TYPE_AES_GCMP,
+	eCSR_ENCRYPT_TYPE_AES_GCMP_256,
 	eCSR_ENCRYPT_TYPE_ANY,
 	eCSR_NUM_OF_ENCRYPT_TYPE = eCSR_ENCRYPT_TYPE_ANY,
 
@@ -218,6 +220,8 @@ typedef enum {
 #define CSR_WEP104_KEY_LEN          13
 #define CSR_TKIP_KEY_LEN            32
 #define CSR_AES_KEY_LEN             16
+#define CSR_AES_GCMP_KEY_LEN        16
+#define CSR_AES_GCMP_256_KEY_LEN    32
 #define CSR_MAX_TX_POWER        (WNI_CFG_CURRENT_TX_POWER_LEVEL_STAMAX)
 #define CSR_MAX_RSC_LEN             16
 #ifdef FEATURE_WLAN_WAPI

core/sme/inc/csr_support.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011-2016 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2017 The Linux Foundation. All rights reserved.
  *
  * Previously licensed under the ISC license by Qualcomm Atheros, Inc.
  *
@@ -71,12 +71,19 @@
 
 #define CSR_DOT11_BASIC_RATE_MASK (0x80)
 
+/* NOTE these index are use as array index for csr_rsn_oui */
 #define CSR_OUI_USE_GROUP_CIPHER_INDEX 0x00
 #define CSR_OUI_WEP40_OR_1X_INDEX      0x01
 #define CSR_OUI_TKIP_OR_PSK_INDEX      0x02
 #define CSR_OUI_RESERVED_INDEX         0x03
 #define CSR_OUI_AES_INDEX              0x04
 #define CSR_OUI_WEP104_INDEX           0x05
+/* ENUM_FILS_SHA384 9 */
+/* ENUM_FILS_SHA384 10 */
+/* ENUM_FT_FILS_SHA256 11 */
+/* ENUM_FT_FILS_SHA384 12 */
+#define CSR_OUI_AES_GCMP_INDEX         0x0D
+#define CSR_OUI_AES_GCMP_256_INDEX     0x0E
 
 #ifdef FEATURE_WLAN_WAPI
 #define CSR_OUI_WAPI_RESERVED_INDEX    0x00

core/sme/src/csr/csr_api_roam.c

@@ -161,6 +161,12 @@ int diag_enc_type_from_csr_type(eCsrEncryptionType encType)
 	case eCSR_ENCRYPT_TYPE_AES:
 		n = ENC_MODE_AES;
 		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP:
+		n = ENC_MODE_AES_GCMP;
+		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
+		n = ENC_MODE_AES_GCMP_256;
+		break;
 #ifdef FEATURE_WLAN_WAPI
 	case eCSR_ENCRYPT_TYPE_WPI:
 		n = ENC_MODE_SMS4;
@@ -4589,6 +4595,8 @@ void csr_set_cfg_privacy(tpAniSirGlobal pMac, tCsrRoamProfile *pProfile,
 
 	case eCSR_ENCRYPT_TYPE_TKIP:
 	case eCSR_ENCRYPT_TYPE_AES:
+	case eCSR_ENCRYPT_TYPE_AES_GCMP:
+	case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
 #ifdef FEATURE_WLAN_WAPI
 	case eCSR_ENCRYPT_TYPE_WPI:
 #endif /* FEATURE_WLAN_WAPI */
@@ -10065,6 +10073,32 @@ csr_update_key_cmd(tpAniSirGlobal mac_ctx, tCsrRoamSession *session,
 			     CSR_AES_KEY_LEN);
 		*is_key_valid = true;
 		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP:
+		if (set_key->keyLength < CSR_AES_GCMP_KEY_LEN) {
+			sme_warn(
+				"Invalid AES_GCMP keylength [= %d]",
+				set_key->keyLength);
+			*is_key_valid = false;
+			return QDF_STATUS_E_INVAL;
+		}
+		set_key_cmd->keyLength = CSR_AES_GCMP_KEY_LEN;
+		qdf_mem_copy(set_key_cmd->Key, set_key->Key,
+			     CSR_AES_GCMP_KEY_LEN);
+		*is_key_valid = true;
+		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
+		if (set_key->keyLength < CSR_AES_GCMP_256_KEY_LEN) {
+			sme_warn(
+				"Invalid AES_GCMP_256 keylength [= %d]",
+				set_key->keyLength);
+			*is_key_valid = false;
+			return QDF_STATUS_E_INVAL;
+		}
+		set_key_cmd->keyLength = CSR_AES_GCMP_256_KEY_LEN;
+		qdf_mem_copy(set_key_cmd->Key, set_key->Key,
+			     CSR_AES_GCMP_256_KEY_LEN);
+		*is_key_valid = true;
+		break;
 #ifdef FEATURE_WLAN_WAPI
 	case eCSR_ENCRYPT_TYPE_WPI:
 		if (set_key->keyLength < CSR_WAPI_KEY_LEN) {

core/sme/src/csr/csr_api_scan.c

@@ -5410,6 +5410,10 @@ static enum wlan_enc_type csr_covert_enc_type_new(eCsrEncryptionType enc)
 		return WLAN_ENCRYPT_TYPE_BTK;
 	case eCSR_ENCRYPT_TYPE_AES_CMAC:
 		return WLAN_ENCRYPT_TYPE_AES_CMAC;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP:
+		return WLAN_ENCRYPT_TYPE_AES_GCMP;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
+		return WLAN_ENCRYPT_TYPE_AES_GCMP_256;
 	case eCSR_ENCRYPT_TYPE_ANY:
 	default:
 		return WLAN_ENCRYPT_TYPE_NONE;
@@ -5441,6 +5445,10 @@ static eCsrEncryptionType csr_covert_enc_type_old(enum wlan_enc_type enc)
 		return eCSR_ENCRYPT_TYPE_BTK;
 	case WLAN_ENCRYPT_TYPE_AES_CMAC:
 		return eCSR_ENCRYPT_TYPE_AES_CMAC;
+	case WLAN_ENCRYPT_TYPE_AES_GCMP:
+		return eCSR_ENCRYPT_TYPE_AES_GCMP;
+	case WLAN_ENCRYPT_TYPE_AES_GCMP_256:
+		return eCSR_ENCRYPT_TYPE_AES_GCMP_256;
 	case WLAN_ENCRYPT_TYPE_ANY:
 	default:
 		return eCSR_ENCRYPT_TYPE_NONE;

core/sme/src/csr/csr_inside_api.h

@@ -650,6 +650,8 @@ void csr_get_vdev_type_nss(tpAniSirGlobal mac_ctx,
 #define ENC_MODE_WEP104 2
 #define ENC_MODE_TKIP   3
 #define ENC_MODE_AES    4
+#define ENC_MODE_AES_GCMP    5
+#define ENC_MODE_AES_GCMP_256    6
 #ifdef FEATURE_WLAN_WAPI
 #define ENC_MODE_SMS4   5       /* WAPI */
 #endif /* FEATURE_WLAN_WAPI */

core/sme/src/csr/csr_util.c

@@ -62,6 +62,13 @@ uint8_t csr_wpa_oui[][CSR_WPA_OUI_SIZE] = {
 #endif /* FEATURE_WLAN_ESE */
 };
 
+/*
+ * PLEASE DO NOT ADD THE #IFDEF IN BELOW TABLE,
+ * IF STILL REQUIRE THEN PLEASE ADD NULL ENTRIES
+ * OTHERWISE IT WILL BREAK OTHER LOWER
+ * SECUIRTY MODES.
+ */
+
 uint8_t csr_rsn_oui[][CSR_RSN_OUI_SIZE] = {
 	{0x00, 0x0F, 0xAC, 0x00}
 	,                       /* group cipher */
@@ -82,7 +89,31 @@ uint8_t csr_rsn_oui[][CSR_RSN_OUI_SIZE] = {
 				 * RSN-PSK-SHA256 (authentication type)
 				 */
 	/* RSN-8021X-SHA256 (authentication type) */
-	{0x00, 0x0F, 0xAC, 0x05}
+	{0x00, 0x0F, 0xAC, 0x05},
+#ifdef WLAN_FEATURE_FILS_SK
+#define ENUM_FILS_SHA256 9
+	/* FILS SHA256 */
+	{0x00, 0x0F, 0xAC, 0x0E},
+#define ENUM_FILS_SHA384 10
+	/* FILS SHA384 */
+	{0x00, 0x0F, 0xAC, 0x0F},
+#define ENUM_FT_FILS_SHA256 11
+	/* FILS FT SHA256 */
+	{0x00, 0x0F, 0xAC, 0x10},
+#define ENUM_FT_FILS_SHA384 12
+	/* FILS FT SHA384 */
+	{0x00, 0x0F, 0xAC, 0x11},
+#else
+	{0x00, 0x00, 0x00, 0x00},
+	{0x00, 0x00, 0x00, 0x00},
+	{0x00, 0x00, 0x00, 0x00},
+	{0x00, 0x00, 0x00, 0x00},
+#endif
+	/* AES GCMP */
+	{0x00, 0x0F, 0xAC, 0x08},
+	/* AES GCMP-256 */
+	{0x00, 0x0F, 0xAC, 0x09},
+	/* define new oui here, update #define CSR_OUI_***_INDEX  */
 };
 
 #ifdef FEATURE_WLAN_WAPI
@@ -2388,6 +2419,8 @@ bool csr_is_profile_rsn(tCsrRoamProfile *pProfile)
 		case eCSR_ENCRYPT_TYPE_WEP104:
 		case eCSR_ENCRYPT_TYPE_TKIP:
 		case eCSR_ENCRYPT_TYPE_AES:
+		case eCSR_ENCRYPT_TYPE_AES_GCMP:
+		case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
 			fRSNProfile = true;
 			break;
 
@@ -3099,6 +3132,12 @@ static uint8_t csr_get_oui_index_from_cipher(eCsrEncryptionType enType)
 	case eCSR_ENCRYPT_TYPE_AES:
 		OUIIndex = CSR_OUI_AES_INDEX;
 		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP:
+		OUIIndex = CSR_OUI_AES_GCMP_INDEX;
+		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
+		OUIIndex = CSR_OUI_AES_GCMP_256_INDEX;
+		break;
 	case eCSR_ENCRYPT_TYPE_NONE:
 		OUIIndex = CSR_OUI_USE_GROUP_CIPHER_INDEX;
 		break;
@@ -4343,6 +4382,13 @@ tAniEdType csr_translate_encrypt_type_to_ed_type(eCsrEncryptionType EncryptType)
 	case eCSR_ENCRYPT_TYPE_AES_CMAC:
 		edType = eSIR_ED_AES_128_CMAC;
 		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP:
+		edType = eSIR_ED_GCMP;
+		break;
+	case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
+		edType = eSIR_ED_GCMP_256;
+		break;
+
 #endif
 	}
 
@@ -4557,7 +4603,19 @@ static bool csr_validate_any_default(tHalHandle hal, tCsrAuthList *auth_type,
 	tpAniSirGlobal mac_ctx = PMAC_STRUCT(hal);
 	/* It is allowed to match anything. Try the more secured ones first. */
 	if (ies_ptr) {
-		/* Check AES first */
+		/* Check GCMP-256 first */
+		*uc_cipher = eCSR_ENCRYPT_TYPE_AES_GCMP_256;
+		match_any = csr_is_rsn_match(hal, auth_type,
+				*uc_cipher, mc_enc_type, mfp_enabled,
+				mfp_required, mfp_capable, ies_ptr,
+				neg_auth_type, mc_cipher);
+		/* Check GCMP second */
+		*uc_cipher = eCSR_ENCRYPT_TYPE_AES_GCMP;
+		match_any = csr_is_rsn_match(hal, auth_type,
+				*uc_cipher, mc_enc_type, mfp_enabled,
+				mfp_required, mfp_capable, ies_ptr,
+				neg_auth_type, mc_cipher);
+		/* Check AES third */
 		*uc_cipher = eCSR_ENCRYPT_TYPE_AES;
 		match_any = csr_is_rsn_match(hal, auth_type,
 				*uc_cipher, mc_enc_type, mfp_enabled,
@@ -4686,6 +4744,8 @@ bool csr_is_security_match(tHalHandle hal, tCsrAuthList *auth_type,
 
 		case eCSR_ENCRYPT_TYPE_TKIP:
 		case eCSR_ENCRYPT_TYPE_AES:
+		case eCSR_ENCRYPT_TYPE_AES_GCMP:
+		case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
 			if (!ies_ptr) {
 				match = false;
 				break;

core/wma/src/wma_mgmt.c

@@ -1705,6 +1705,11 @@ static QDF_STATUS wma_setup_install_key_cmd(tp_wma_handle wma_handle,
 		params.key_cipher = WMI_CIPHER_AES_CMAC;
 		break;
 #endif /* WLAN_FEATURE_11W */
+	/* Firmware uses length to detect GCMP 128/256*/
+	case eSIR_ED_GCMP:
+	case eSIR_ED_GCMP_256:
+		params.key_cipher = WMI_CIPHER_AES_GCM;
+		break;
 	default:
 		/* TODO: MFP ? */
 		WMA_LOGE("%s:Invalid encryption type:%d", __func__,

core/wma/src/wma_scan_roam.c

@@ -1082,7 +1082,9 @@ A_UINT32 e_csr_auth_type_to_rsn_authmode(eCsrAuthType authtype,
 		    encr == eCSR_ENCRYPT_TYPE_WEP40 ||
 		    encr == eCSR_ENCRYPT_TYPE_WEP104 ||
 		    encr == eCSR_ENCRYPT_TYPE_TKIP ||
-		    encr == eCSR_ENCRYPT_TYPE_AES) {
+		    encr == eCSR_ENCRYPT_TYPE_AES ||
+		    encr == eCSR_ENCRYPT_TYPE_AES_GCMP ||
+		    encr == eCSR_ENCRYPT_TYPE_AES_GCMP_256) {
 			return WMI_AUTH_OPEN;
 		}
 		return WMI_AUTH_NONE;
@@ -1112,6 +1114,10 @@ A_UINT32 e_csr_encryption_type_to_rsn_cipherset(eCsrEncryptionType encr)
 		return WMI_CIPHER_TKIP;
 	case eCSR_ENCRYPT_TYPE_AES:
 		return WMI_CIPHER_AES_CCM;
+	/* FWR will use key length to distinguish GCMP 128 or 256 */
+	case eCSR_ENCRYPT_TYPE_AES_GCMP:
+	case eCSR_ENCRYPT_TYPE_AES_GCMP_256:
+		return WMI_CIPHER_AES_GCM;
 #ifdef FEATURE_WLAN_WAPI
 	case eCSR_ENCRYPT_TYPE_WPI:
 		return WMI_CIPHER_WAPI;