qcacld-3.0: Add support for SAE AKM suites

Add support for SAE AKM suites in CSR and also add support for
SAE in HDD. Also, add CONFIG_WLAN_FEATURE_SAE flag to enable/disable
SAE in Kbuild. When this is enabled, WLAN_FEATURE_SAE is used as a
feature flag for SAE.

Change-Id: I6254991afa0fd048d4f0b6f435ff630f1db04077
CRs-Fixed: 2029357

Kbuild

@@ -182,6 +182,9 @@ ifneq ($(CONFIG_ROME_IF),sdio)
 	#Flag to enable FIPS
 	CONFIG_WLAN_FEATURE_FIPS := y
 
+	#Flag to enable SAE
+	CONFIG_WLAN_FEATURE_SAE := y
+
 	#Flag to enable Fast Path feature
 	CONFIG_WLAN_FASTPATH := y
 
@@ -1906,6 +1909,10 @@ endif
 # Enable object manager reference count debug infrastructure
 CDEFINES += -DWLAN_OBJMGR_DEBUG
 
+ifeq ($(CONFIG_WLAN_FEATURE_SAE),y)
+CDEFINES += -DWLAN_FEATURE_SAE
+endif
+
 ifeq ($(BUILD_DIAG_VERSION),1)
 CDEFINES += -DFEATURE_WLAN_DIAG_SUPPORT
 CDEFINES += -DFEATURE_WLAN_DIAG_SUPPORT_CSR

core/hdd/src/wlan_hdd_assoc.c

@@ -129,6 +129,11 @@ uint8_t ccp_rsn_oui_0c[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x0C};
 /* OWE https://tools.ietf.org/html/rfc8110 */
 uint8_t ccp_rsn_oui_18[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x12};
 
+#ifdef WLAN_FEATURE_SAE
+uint8_t ccp_rsn_oui_80[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x08};
+uint8_t ccp_rsn_oui_90[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x09};
+#endif
+
 /* Offset where the EID-Len-IE, start. */
 #define FT_ASSOC_RSP_IES_OFFSET 6  /* Capability(2) + AID(2) + Status Code(2) */
 #define FT_ASSOC_REQ_IES_OFFSET 4  /* Capability(2) + LI(2) */
@@ -4787,6 +4792,27 @@ static inline void hdd_translate_fils_rsn_to_csr_auth(int8_t auth_suite[4],
 }
 #endif
 
+#ifdef WLAN_FEATURE_SAE
+/**
+ * hdd_translate_sae_rsn_to_csr_auth() - Translate SAE RSN to CSR auth type
+ * @auth_suite: auth suite
+ * @auth_type: pointer to eCsrAuthType
+ *
+ * Return: None
+ */
+static void hdd_translate_sae_rsn_to_csr_auth(int8_t auth_suite[4],
+					eCsrAuthType *auth_type)
+{
+	if (qdf_mem_cmp(auth_suite, ccp_rsn_oui_80, 4) == 0)
+		*auth_type = eCSR_AUTH_TYPE_SAE;
+}
+#else
+static inline void hdd_translate_sae_rsn_to_csr_auth(int8_t auth_suite[4],
+					eCsrAuthType *auth_type)
+{
+}
+#endif
+
 /**
  * hdd_translate_rsn_to_csr_auth_type() - Translate RSN to CSR auth type
  * @auth_suite: auth suite
@@ -4833,6 +4859,7 @@ eCsrAuthType hdd_translate_rsn_to_csr_auth_type(uint8_t auth_suite[4])
 	} else
 	{
 		hdd_translate_fils_rsn_to_csr_auth(auth_suite, &auth_type);
+		hdd_translate_sae_rsn_to_csr_auth(auth_suite, &auth_type);
 	}
 	hdd_debug("auth_type: %d", auth_type);
 	return auth_type;
@@ -5391,6 +5418,11 @@ int hdd_set_csr_auth_type(struct hdd_adapter *adapter,
 
 		roam_profile->AuthType.authType[0] = eCSR_AUTH_TYPE_SHARED_KEY;
 		break;
+
+	case eCSR_AUTH_TYPE_SAE:
+		roam_profile->AuthType.authType[0] = eCSR_AUTH_TYPE_SAE;
+		break;
+
 	default:
 
 #ifdef FEATURE_WLAN_ESE

core/hdd/src/wlan_hdd_cfg80211.c

@@ -16871,6 +16871,10 @@ static int wlan_hdd_cfg80211_set_auth_type(struct hdd_adapter *adapter,
 		sta_ctx->conn_info.authType = eCSR_AUTH_TYPE_OPEN_SYSTEM;
 		break;
 #endif
+	case NL80211_AUTHTYPE_SAE:
+		hdd_debug("set authentication type to SAE");
+		sta_ctx->conn_info.authType = eCSR_AUTH_TYPE_SAE;
+		break;
 	default:
 		hdd_err("Unsupported authentication type: %d", auth_type);
 		sta_ctx->conn_info.authType = eCSR_AUTH_TYPE_UNKNOWN;
@@ -17209,6 +17213,11 @@ static int wlan_hdd_set_akm_suite(struct hdd_adapter *adapter, u32 key_mgmt)
 		pWextState->authKeyMgmt |= IW_AUTH_KEY_MGMT_802_1X;
 		break;
 
+	case WLAN_AKM_SUITE_SAE:
+		hdd_debug("setting key mgmt type to SAE");
+		pWextState->authKeyMgmt |= IW_AUTH_KEY_MGMT_802_1X;
+		break;
+
 	default:
 		hdd_err("Unsupported key mgmt type: %d", key_mgmt);
 		return -EINVAL;

core/hdd/src/wlan_hdd_cfg80211.h

@@ -119,6 +119,10 @@ struct hdd_context;
 #define WLAN_AKM_SUITE_EAP_SHA384 0x000FAC0C
 
 
+#ifndef WLAN_AKM_SUITE_SAE
+#define WLAN_AKM_SUITE_SAE 0x000FAC08
+#endif
+
 #ifdef FEATURE_WLAN_TDLS
 #define WLAN_IS_TDLS_SETUP_ACTION(action) \
 	((SIR_MAC_TDLS_SETUP_REQ <= action) && \

core/mac/inc/ani_system_defs.h

@@ -68,14 +68,15 @@ typedef enum eAniAuthType {
 	eSIR_OPEN_SYSTEM,
 	eSIR_SHARED_KEY,
 	eSIR_FT_AUTH,
+	eSIR_AUTH_TYPE_SAE = 3,
 #if defined FEATURE_WLAN_ESE
 	eSIR_LEAP_AUTH = 0x80,
 #endif
-	eSIR_AUTO_SWITCH,
 	SIR_FILS_SK_WITHOUT_PFS = 4,
 	SIR_FILS_SK_WITH_PFS = 5,
 	SIR_FILS_PK_AUTH = 6,
 	eSIR_AUTH_TYPE_OWE,
+	eSIR_AUTO_SWITCH,
 	eSIR_DONOT_USE_AUTH_TYPE = SIR_MAX_ENUM_SIZE
 } tAniAuthType;
 

core/sme/inc/csr_api.h

@@ -47,6 +47,7 @@ typedef enum {
 	/* MAC layer authentication types */
 	eCSR_AUTH_TYPE_OPEN_SYSTEM,
 	eCSR_AUTH_TYPE_SHARED_KEY,
+	eCSR_AUTH_TYPE_SAE,
 	eCSR_AUTH_TYPE_AUTOSWITCH,
 
 	/* Upper layer authentication types */

core/sme/src/csr/csr_api_roam.c

@@ -4387,6 +4387,9 @@ QDF_STATUS csr_roam_prepare_bss_config(tpAniSirGlobal pMac,
 	case eCSR_AUTH_TYPE_AUTOSWITCH:
 		pBssConfig->authType = eSIR_AUTO_SWITCH;
 		break;
+	case eCSR_AUTH_TYPE_SAE:
+		pBssConfig->authType = eSIR_AUTH_TYPE_SAE;
+		break;
 	}
 	/* short slot time */
 	if (eCSR_CFG_DOT11_MODE_11B != cfgDot11Mode)
@@ -4528,6 +4531,9 @@ QDF_STATUS csr_roam_prepare_bss_config_from_profile(
 	case eCSR_AUTH_TYPE_AUTOSWITCH:
 		pBssConfig->authType = eSIR_AUTO_SWITCH;
 		break;
+	case eCSR_AUTH_TYPE_SAE:
+		pBssConfig->authType = eSIR_AUTH_TYPE_SAE;
+		break;
 	}
 	/* short slot time */
 	if (WNI_CFG_PHY_MODE_11B != pBssConfig->uCfgDot11Mode) {
@@ -5484,6 +5490,11 @@ static void csr_roam_assign_default_param(tpAniSirGlobal pMac,
 		pCommand->u.roamCmd.roamProfile.negotiatedAuthType =
 			eCSR_AUTH_TYPE_AUTOSWITCH;
 		break;
+
+	case eCSR_AUTH_TYPE_SAE:
+		pCommand->u.roamCmd.roamProfile.negotiatedAuthType =
+			eCSR_AUTH_TYPE_SAE;
+		break;
 	}
 	pCommand->u.roamCmd.roamProfile.negotiatedUCEncryptionType =
 		pCommand->u.roamCmd.roamProfile.EncryptionType.
@@ -6477,7 +6488,7 @@ static QDF_STATUS csr_roam_save_security_rsp_ie(tpAniSirGlobal pMac,
 		|| (eCSR_AUTH_TYPE_RSN_PSK_SHA256 == authType) ||
 		(eCSR_AUTH_TYPE_RSN_8021X_SHA256 == authType)
 #endif /* FEATURE_WLAN_WAPI */
-	) {
+		|| (eCSR_AUTH_TYPE_SAE == authType)) {
 		if (!pIesLocal && !QDF_IS_STATUS_SUCCESS
 				(csr_get_parsed_bss_description_ies(pMac,
 				pSirBssDesc, &pIesLocal)))

core/sme/src/csr/csr_api_scan.c

@@ -5113,6 +5113,8 @@ static enum wlan_auth_type csr_covert_auth_type_new(eCsrAuthType auth)
 		return WLAN_AUTH_TYPE_SUITEB_EAP_SHA256;
 	case eCSR_AUTH_TYPE_SUITEB_EAP_SHA384:
 		return WLAN_AUTH_TYPE_SUITEB_EAP_SHA384;
+	case eCSR_AUTH_TYPE_SAE:
+		return WLAN_AUTH_TYPE_SAE;
 	case eCSR_NUM_OF_SUPPORT_AUTH_TYPE:
 	default:
 		return WLAN_AUTH_TYPE_OPEN_SYSTEM;
@@ -5170,6 +5172,8 @@ static eCsrAuthType csr_covert_auth_type_old(enum wlan_auth_type auth)
 		return eCSR_AUTH_TYPE_SUITEB_EAP_SHA256;
 	case WLAN_AUTH_TYPE_SUITEB_EAP_SHA384:
 		return eCSR_AUTH_TYPE_SUITEB_EAP_SHA384;
+	case WLAN_AUTH_TYPE_SAE:
+		return eCSR_AUTH_TYPE_SAE;
 	case WLAN_NUM_OF_SUPPORT_AUTH_TYPE:
 	default:
 		return eCSR_AUTH_TYPE_OPEN_SYSTEM;

core/sme/src/csr/csr_util.c

@@ -124,6 +124,18 @@ uint8_t csr_rsn_oui[][CSR_RSN_OUI_SIZE] = {
 #define ENUM_SUITEB_EAP384 18
 	{0x00, 0x0F, 0xAC, 0x0C},
 
+#ifdef WLAN_FEATURE_SAE
+#define ENUM_SAE 19
+	/* SAE */
+	{0x00, 0x0F, 0xAC, 0x08},
+#define ENUM_FT_SAE 20
+	/* FT SAE */
+	{0x00, 0x0F, 0xAC, 0x09},
+#else
+	{0x00, 0x00, 0x00, 0x00},
+	{0x00, 0x00, 0x00, 0x00},
+#endif
+
 	/* define new oui here, update #define CSR_OUI_***_INDEX  */
 };
 
@@ -2465,6 +2477,9 @@ bool csr_is_profile_rsn(tCsrRoamProfile *pProfile)
 	case eCSR_AUTH_TYPE_SUITEB_EAP_SHA384:
 		fRSNProfile = true;
 		break;
+	case eCSR_AUTH_TYPE_SAE:
+		fRSNProfile = true;
+		break;
 
 	default:
 		fRSNProfile = false;
@@ -3294,6 +3309,24 @@ static bool csr_is_auth_suiteb_eap_384(tpAniSirGlobal mac,
 				csr_rsn_oui[ENUM_SUITEB_EAP384], oui);
 }
 
+#ifdef WLAN_FEATURE_SAE
+/*
+ * csr_is_auth_wpa_sae() - check whether oui is SAE
+ * @mac: Global MAC context
+ * @all_suites: pointer to all supported akm suites
+ * @suite_count: all supported akm suites count
+ * @oui: Oui needs to be matched
+ *
+ * Return: True if OUI is SAE, false otherwise
+ */
+static bool csr_is_auth_wpa_sae(tpAniSirGlobal mac,
+			       uint8_t all_suites[][CSR_RSN_OUI_SIZE],
+			       uint8_t suite_count, uint8_t oui[])
+{
+	return csr_is_oui_match
+		(mac, all_suites, suite_count, csr_rsn_oui[ENUM_SAE], oui);
+}
+#endif
 
 static bool csr_is_auth_wpa(tpAniSirGlobal pMac,
 			    uint8_t AllSuites[][CSR_WPA_OUI_SIZE],
@@ -3445,6 +3478,42 @@ static void csr_is_fils_auth(tpAniSirGlobal mac_ctx,
 {
 }
 #endif
+
+#ifdef WLAN_FEATURE_SAE
+/**
+ * csr_check_sae_auth() - update negotiated auth if matches to SAE auth type
+ * @mac_ctx: pointer to mac context
+ * @authsuites: auth suites
+ * @c_auth_suites: auth suites count
+ * @authentication: authentication
+ * @auth_type: authentication type list
+ * @index: current counter
+ * @neg_authtype: pointer to negotiated auth
+ *
+ * Return: None
+ */
+static void csr_check_sae_auth(tpAniSirGlobal mac_ctx,
+	uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites,
+	uint8_t authentication[], tCsrAuthList *auth_type,
+	uint8_t index, eCsrAuthType *neg_authtype)
+{
+	if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) &&
+	   csr_is_auth_wpa_sae(mac_ctx, authsuites,
+	   c_auth_suites, authentication)) {
+		if (eCSR_AUTH_TYPE_SAE == auth_type->authType[index])
+			*neg_authtype = eCSR_AUTH_TYPE_SAE;
+	}
+	sme_debug("negotiated auth type is %d", *neg_authtype);
+}
+#else
+static void csr_check_sae_auth(tpAniSirGlobal mac_ctx,
+	uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites,
+	uint8_t authentication[], tCsrAuthList *auth_type,
+	uint8_t index, eCsrAuthType *neg_authtype)
+{
+}
+#endif
+
 /**
  * csr_get_rsn_information() - to get RSN infomation
  * @hal: pointer to HAL
@@ -3564,6 +3633,9 @@ static bool csr_get_rsn_information(tHalHandle hal, tCsrAuthList *auth_type,
 		csr_is_fils_auth(mac_ctx, authsuites, c_auth_suites,
 			authentication, auth_type, i, &neg_authtype);
 		/* Changed the AKM suites according to order of preference */
+		csr_check_sae_auth(mac_ctx, authsuites, c_auth_suites,
+			authentication, auth_type, i, &neg_authtype);
+
 		if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) &&
 				csr_is_auth_dpp_rsn(mac_ctx, authsuites,
 					c_auth_suites, authentication)) {