qcacld-3.0: Parse FTIE with MIC length 24 for SHA384 AKMs

For SHA384 based 11r AKMs below:
FT-FILS-SHA384, FT-SUITEB-SHA384, the FT MIC length is 24. But
the host driver has MIC length hardcoded as 16, so only first
16 bytes of MIC is copied into MIC field and the rest 8 bytes are
copied into R1KH-ID. This results in R1KH-ID and R0KH-ID parse
failure. Due to this, the host driver sends R0KH-ID as 0 to the
firmware in the R0KH-ID. So the next roaming fails in the
firmware.

For SHA384 based AKMs, add changes to reparse the association/
reassociation response FT element. Introduce new FTIE structure
with MIC defined as array of 24 bytes. With this, the R0KH-ID
and R1KH-ID will be populated correctly in to the assoc response
structure and ultimately RSO command will carry the right R0KH-ID
to firmware.

Change-Id: I5aa50145fcd3ba91b1c92d4817b7f0e4fc216e3f
CRs-Fixed: 2430828

core/mac/inc/sir_api.h

@@ -898,6 +898,7 @@ struct join_req {
 	tAniEdType UCEncryptionType;
 
 	tAniEdType MCEncryptionType;
+	enum ani_akm_type akm;
 
 #ifdef WLAN_FEATURE_11W
 	tAniEdType MgmtEncryptionType;

core/mac/src/include/parser_api.h

@@ -360,6 +360,51 @@ typedef struct sSirAssocReq {
 	bool is_sae_authenticated;
 } tSirAssocReq, *tpSirAssocReq;
 
+#define FTIE_SUBELEM_R1KH_ID 1
+#define FTIE_SUBELEM_GTK     2
+#define FTIE_SUBELEM_R0KH_ID 3
+#define FTIE_SUBELEM_IGTK    4
+#define FTIE_SUBELEM_OCI     5
+
+#define FTIE_R1KH_LEN 6
+#define FTIE_R0KH_MAX_LEN 48
+
+/**
+ * struct wlan_sha384_ftinfo_subelem - subelements of FTIE
+ * @r1kh_id: FT R1 Key holder ID
+ * @gtk: Ft group temporal key
+ * @gtk_len: GTK length
+ * @r0kh_id: FT R0 Key Holder ID
+ * @igtk: FT IGTK used for 11w
+ * @igtk_len: IGTK length
+ */
+struct wlan_sha384_ftinfo_subelem {
+	tDot11fIER1KH_ID r1kh_id;
+	uint8_t *gtk;
+	uint8_t gtk_len;
+	tDot11fIER0KH_ID r0kh_id;
+	uint8_t *igtk;
+	uint8_t igtk_len;
+};
+
+#define MIC_CONTROL_BYTES 2
+#define MIC_SHA384_BYTES  24
+#define NONCE_BYTES       32
+
+/**
+ * struct wlan_sha384_ftinfo - FTE for sha384 based AKMs
+ * @mic_control: FTIE mic control field of 2 bytes
+ * @mic: MIC present in the FTIE assoc Response
+ * @anonce: Anonce sent by the AP
+ * @snonce: Snonce field in the FTIE
+ */
+struct wlan_sha384_ftinfo {
+	uint8_t mic_control[MIC_CONTROL_BYTES];
+	uint8_t mic[MIC_SHA384_BYTES];
+	uint8_t anonce[NONCE_BYTES];
+	uint8_t snonce[NONCE_BYTES];
+};
+
 /* / Association Response structure (one day to be replaced by */
 /* / tDot11fAssocRequest) */
 typedef struct sSirAssocRsp {
@@ -374,6 +419,8 @@ typedef struct sSirAssocRsp {
 	tDot11fIEHTCaps HTCaps;
 	tDot11fIEHTInfo HTInfo;
 	tDot11fIEFTInfo FTInfo;
+	struct wlan_sha384_ftinfo sha384_ft_info;
+	struct wlan_sha384_ftinfo_subelem sha384_ft_subelem;
 	uint8_t mdie[SIR_MDIE_SIZE];
 	uint8_t num_RICData;
 	tDot11fIERICDataDesc RICData[2];
@@ -585,8 +632,20 @@ sir_convert_probe_frame2_struct(struct mac_context *mac, uint8_t *frame,
 
 QDF_STATUS
 sir_convert_assoc_req_frame2_struct(struct mac_context *mac,
-				uint8_t *frame, uint32_t len,
-				tpSirAssocReq assoc);
+				    uint8_t *frame, uint32_t len,
+				    tpSirAssocReq assoc);
+/**
+ * wlan_parse_ftie_sha384() - Parse the FT IE if akm uses sha384 KDF
+ * @frame: Pointer to the association response frame
+ * @frame_len: Length of the assoc response frame
+ * @assoc_rsp: Destination assoc response structure in PE to which the FTIE
+ * needs to be parsed and copied
+ *
+ * Return: QDF_STATUS
+ */
+QDF_STATUS
+wlan_parse_ftie_sha384(uint8_t *frame, uint32_t frame_len,
+		       struct sSirAssocRsp *assoc_rsp);
 
 QDF_STATUS
 sir_convert_assoc_resp_frame2_struct(struct mac_context *mac,

core/mac/src/pe/include/lim_session.h

@@ -116,6 +116,7 @@ struct obss_detection_cfg {
  * @peSessionId: unique ID assigned to the entry
  * @vdev_id: ID of the vdev for which this entry is applicable
  * @vdev: the actual vdev for which this entry is applicable
+ * @connected_akm: AKM of current connection
  */
 struct pe_session {
 	/* To check session table is in use or free */
@@ -151,6 +152,8 @@ struct pe_session {
 	uint16_t channelChangeReasonCode;
 	uint8_t dot11mode;
 	uint8_t htCapability;
+	enum ani_akm_type connected_akm;
+
 	/* Supported Channel Width Set: 0-20MHz 1 - 40MHz */
 	uint8_t htSupportedChannelWidthSet;
 	/* Recommended Tx Width Set

core/mac/src/pe/lim/lim_ft.c

@@ -541,6 +541,7 @@ void lim_fill_ft_session(struct mac_context *mac,
 	ft_session->limWsmEnabled = pe_session->limWsmEnabled;
 	ft_session->lim11hEnable = pe_session->lim11hEnable;
 	ft_session->isOSENConnection = pe_session->isOSENConnection;
+	ft_session->connected_akm = pe_session->connected_akm;
 
 	/* Fields to be filled later */
 	ft_session->pLimJoinReq = NULL;

core/mac/src/pe/lim/lim_process_assoc_req_frame.c

@@ -276,7 +276,8 @@ static bool lim_chk_assoc_req_parse_error(struct mac_context *mac_ctx,
 
 	if (sub_type == LIM_ASSOC)
 		status = sir_convert_assoc_req_frame2_struct(mac_ctx, frm_body,
-							frame_len, assoc_req);
+							     frame_len,
+							     assoc_req);
 	else
 		status = sir_convert_reassoc_req_frame2_struct(mac_ctx,
 						frm_body, frame_len, assoc_req);

core/mac/src/pe/lim/lim_process_assoc_rsp_frame.c

@@ -646,7 +646,13 @@ lim_process_assoc_rsp_frame(struct mac_context *mac_ctx,
 #ifdef WLAN_FEATURE_ROAM_OFFLOAD
 	roam_session =
 		&mac_ctx->roam.roamSession[sme_sessionid];
-	if (assoc_rsp->FTInfo.R0KH_ID.present) {
+	if (assoc_rsp->sha384_ft_subelem.r0kh_id.present) {
+		roam_session->ftSmeContext.r0kh_id_len =
+			assoc_rsp->sha384_ft_subelem.r0kh_id.num_PMK_R0_ID;
+		qdf_mem_copy(roam_session->ftSmeContext.r0kh_id,
+			     assoc_rsp->sha384_ft_subelem.r0kh_id.PMK_R0_ID,
+			     roam_session->ftSmeContext.r0kh_id_len);
+	} else if (assoc_rsp->FTInfo.R0KH_ID.present) {
 		roam_session->ftSmeContext.r0kh_id_len =
 			assoc_rsp->FTInfo.R0KH_ID.num_PMK_R0_ID;
 		qdf_mem_copy(roam_session->ftSmeContext.r0kh_id,
@@ -655,7 +661,7 @@ lim_process_assoc_rsp_frame(struct mac_context *mac_ctx,
 	} else {
 		roam_session->ftSmeContext.r0kh_id_len = 0;
 		qdf_mem_zero(roam_session->ftSmeContext.r0kh_id,
-			SIR_ROAM_R0KH_ID_MAX_LEN);
+			     SIR_ROAM_R0KH_ID_MAX_LEN);
 	}
 #endif
 
@@ -1070,6 +1076,8 @@ assocReject:
 	}
 
 	qdf_mem_free(beacon);
+	qdf_mem_free(assoc_rsp->sha384_ft_subelem.gtk);
+	qdf_mem_free(assoc_rsp->sha384_ft_subelem.igtk);
 	qdf_mem_free(assoc_rsp);
 	return;
 }

core/mac/src/pe/lim/lim_process_sme_req_messages.c

@@ -1504,6 +1504,7 @@ __lim_process_sme_join_req(struct mac_context *mac_ctx, void *msg_buf)
 		 * to connect to, So input is coming from supplicant
 		 */
 		session->is11Rconnection = sme_join_req->is11Rconnection;
+		session->connected_akm = sme_join_req->akm;
 #ifdef FEATURE_WLAN_ESE
 		session->isESEconnection = sme_join_req->isESEconnection;
 #endif

core/mac/src/pe/lim/lim_utils.c

@@ -8387,3 +8387,16 @@ void lim_flush_bssid(struct mac_context *mac_ctx, uint8_t *bssid)
 	if (filter)
 		qdf_mem_free(filter);
 }
+
+bool lim_is_sha384_akm(enum ani_akm_type akm)
+{
+	switch (akm) {
+	case ANI_AKM_TYPE_FILS_SHA384:
+	case ANI_AKM_TYPE_FT_FILS_SHA384:
+	case ANI_AKM_TYPE_SUITEB_EAP_SHA384:
+	case ANI_AKM_TYPE_FT_SUITEB_EAP_SHA384:
+		return true;
+	default:
+		return false;
+	}
+}

core/mac/src/pe/lim/lim_utils.h

@@ -1747,4 +1747,14 @@ QDF_STATUS lim_get_capability_info(struct mac_context *mac, uint16_t *pCap,
  */
 void lim_flush_bssid(struct mac_context *mac_ctx, uint8_t *bssid);
 
+/**
+ * lim_is_sha384_akm() - Function to check if the negotiated AKM for the
+ * current session is based on sha384 key derivation function.
+ * @mac_ctx: pointer to mac data
+ * @akm: negotiated AKM for the current session
+ *
+ * Return: true if akm is sha384 based kdf or false
+ */
+bool lim_is_sha384_akm(enum ani_akm_type akm);
+
 #endif /* __LIM_UTILS_H */

core/mac/src/sys/legacy/src/utils/src/parser_api.c

@@ -2773,15 +2773,121 @@ static inline void fils_convert_assoc_rsp_frame2_struct(tDot11fAssocResponse
 { }
 #endif
 
+QDF_STATUS wlan_parse_ftie_sha384(uint8_t *frame, uint32_t frame_len,
+				  struct sSirAssocRsp *assoc_rsp)
+{
+	const uint8_t *ie, *ie_end, *pos;
+	uint8_t ie_len;
+	struct wlan_sha384_ftinfo_subelem *ft_subelem;
+
+	ie = wlan_get_ie_ptr_from_eid(DOT11F_EID_FTINFO, frame, frame_len);
+	if (!ie) {
+		pe_err("FT IE not present");
+		return QDF_STATUS_E_FAILURE;
+	}
+
+	if (!ie[1]) {
+		pe_err("FT IE length is zero");
+		return QDF_STATUS_E_FAILURE;
+	}
+
+	ie_len = ie[1];
+	if (ie_len < sizeof(struct wlan_sha384_ftinfo)) {
+		pe_err("Invalid FTIE len:%d", ie_len);
+		return QDF_STATUS_E_FAILURE;
+	}
+	pos = ie + 2;
+	qdf_mem_copy(&assoc_rsp->sha384_ft_info, pos,
+		     sizeof(struct wlan_sha384_ftinfo));
+	ie_end = ie + ie_len;
+	pos += sizeof(struct wlan_sha384_ftinfo);
+	ft_subelem = &assoc_rsp->sha384_ft_subelem;
+	qdf_mem_zero(ft_subelem, sizeof(*ft_subelem));
+	while (ie_end - pos >= 2) {
+		uint8_t id, len;
+
+		id = *pos++;
+		len = *pos++;
+		if (len < 1 ||
+		    (len > (ie_end - pos))) {
+			pe_err("Invalid FT subelem length %d", len);
+			return QDF_STATUS_E_FAILURE;
+		}
+
+		switch (id) {
+		case FTIE_SUBELEM_R1KH_ID:
+			if (len != FTIE_R1KH_LEN) {
+				pe_err("Invalid R1KH-ID length: %d",
+				       len);
+				return QDF_STATUS_E_FAILURE;
+			}
+			ft_subelem->r1kh_id.present = 1;
+			qdf_mem_copy(ft_subelem->r1kh_id.PMK_R1_ID,
+				     pos, FTIE_R1KH_LEN);
+			break;
+		case FTIE_SUBELEM_GTK:
+			if (ft_subelem->gtk) {
+				qdf_mem_zero(ft_subelem->gtk,
+					     ft_subelem->gtk_len);
+				ft_subelem->gtk_len = 0;
+				qdf_mem_free(ft_subelem->gtk);
+			}
+			ft_subelem->gtk = qdf_mem_malloc(len);
+			if (!ft_subelem->gtk)
+				return QDF_STATUS_E_NOMEM;
+
+			qdf_mem_copy(ft_subelem->gtk, pos, len);
+			ft_subelem->gtk_len = len;
+			break;
+		case FTIE_SUBELEM_R0KH_ID:
+			if (len < 1 || len > FTIE_R0KH_MAX_LEN) {
+				pe_err("Invalid R0KH-ID length: %d",
+				       len);
+				return QDF_STATUS_E_FAILURE;
+			}
+			ft_subelem->r0kh_id.present = 1;
+			ft_subelem->r0kh_id.num_PMK_R0_ID = len;
+			qdf_mem_copy(ft_subelem->r0kh_id.PMK_R0_ID,
+				     pos, len);
+			break;
+		case FTIE_SUBELEM_IGTK:
+			if (ft_subelem->igtk) {
+				qdf_mem_zero(ft_subelem->igtk,
+					     ft_subelem->igtk_len);
+				ft_subelem->igtk_len = 0;
+				qdf_mem_free(ft_subelem->igtk);
+			}
+			ft_subelem->igtk = qdf_mem_malloc(len);
+			if (!ft_subelem->igtk)
+				return QDF_STATUS_E_NOMEM;
+
+			qdf_mem_copy(ft_subelem->igtk, pos, len);
+			ft_subelem->igtk_len = len;
+
+			break;
+		default:
+			pe_debug("Unknown subelem id %d len:%d",
+				 id, len);
+			break;
+		}
+		pos += len;
+	}
+	return QDF_STATUS_SUCCESS;
+}
+
 QDF_STATUS
 sir_convert_assoc_resp_frame2_struct(struct mac_context *mac,
-		struct pe_session *session_entry,
-		uint8_t *pFrame, uint32_t nFrame,
-		tpSirAssocRsp pAssocRsp)
+				     struct pe_session *session_entry,
+				     uint8_t *frame, uint32_t frame_len,
+				     tpSirAssocRsp pAssocRsp)
 {
 	tDot11fAssocResponse *ar;
-	uint32_t status;
+	enum ani_akm_type auth_type;
+	uint32_t status, ie_len;
+	QDF_STATUS qdf_status;
 	uint8_t cnt = 0;
+	bool sha384_akm;
+	uint8_t *ie_ptr;
 
 	ar = qdf_mem_malloc(sizeof(*ar));
 	if (!ar)
@@ -2790,7 +2896,7 @@ sir_convert_assoc_resp_frame2_struct(struct mac_context *mac,
 	/* decrypt the cipher text using AEAD decryption */
 	if (lim_is_fils_connection(session_entry)) {
 		status = aead_decrypt_assoc_rsp(mac, session_entry,
-						ar, pFrame, &nFrame);
+						ar, frame, &frame_len);
 		if (!QDF_IS_STATUS_SUCCESS(status)) {
 			pe_err("FILS assoc rsp AEAD decrypt fails");
 			qdf_mem_free(ar);
@@ -2798,13 +2904,12 @@ sir_convert_assoc_resp_frame2_struct(struct mac_context *mac,
 		}
 	}
 
-	status = dot11f_parse_assoc_response(mac, pFrame, nFrame, ar, false);
+	status = dot11f_parse_assoc_response(mac, frame, frame_len, ar, false);
 	if (QDF_STATUS_SUCCESS != status) {
 		qdf_mem_free(ar);
 		return status;
 	}
 
-
 	/* Capabilities */
 	pAssocRsp->capabilityInfo.ess = ar->Capabilities.ess;
 	pAssocRsp->capabilityInfo.ibss = ar->Capabilities.ibss;
@@ -2889,13 +2994,39 @@ sir_convert_assoc_resp_frame2_struct(struct mac_context *mac,
 			(unsigned int)pAssocRsp->mdie[2]);
 	}
 
-	if (ar->FTInfo.present) {
-		pe_debug("FT Info present %d %d %d",
-			ar->FTInfo.R0KH_ID.num_PMK_R0_ID,
-			ar->FTInfo.R0KH_ID.present, ar->FTInfo.R1KH_ID.present);
+	/*
+	 * If the connection is based on SHA384 AKM suite,
+	 * then the length of MIC is 24 bytes, but frame parser
+	 * has FTIE MIC of 16 bytes only. This results in parsing FTIE
+	 * failure and R0KH and R1KH are not sent to firmware over RSO
+	 * command. Frame parser doesn't have
+	 * info on the connected AKM. So parse the FTIE again if
+	 * AKM is sha384 based and extract the R0KH and R1KH using the new
+	 * parsing logic.
+	 */
+	auth_type = session_entry->connected_akm;
+	sha384_akm = lim_is_sha384_akm(auth_type);
+	if (sha384_akm) {
+		ie_ptr = frame + FIXED_PARAM_OFFSET_ASSOC_RSP;
+		ie_len = frame_len - FIXED_PARAM_OFFSET_ASSOC_RSP;
+		qdf_status = wlan_parse_ftie_sha384(ie_ptr, ie_len, pAssocRsp);
+		if (QDF_IS_STATUS_ERROR(qdf_status)) {
+			pe_err("FT IE parsing failed status:%d", status);
+		} else {
+			pe_debug("FT: R0KH present:%d len:%d R1KH present%d",
+				 pAssocRsp->sha384_ft_subelem.r0kh_id.present,
+				 pAssocRsp->sha384_ft_subelem.r0kh_id.num_PMK_R0_ID,
+				 pAssocRsp->sha384_ft_subelem.r1kh_id.present);
+			ar->FTInfo.present = false;
+		}
+	} else if (ar->FTInfo.present) {
+		pe_debug("FT: R0KH present:%d, len:%d R1KH present:%d",
+			 ar->FTInfo.R0KH_ID.present,
+			 ar->FTInfo.R0KH_ID.num_PMK_R0_ID,
+			 ar->FTInfo.R1KH_ID.present);
 		pAssocRsp->ftinfoPresent = 1;
 		qdf_mem_copy(&pAssocRsp->FTInfo, &ar->FTInfo,
-				sizeof(tDot11fIEFTInfo));
+			     sizeof(tDot11fIEFTInfo));
 	}
 
 	if (ar->num_RICDataDesc && ar->num_RICDataDesc <= 2) {

core/sme/src/csr/csr_api_roam.c

@@ -10951,6 +10951,128 @@ static QDF_STATUS csr_send_reset_ap_caps_changed(struct mac_context *mac,
 	return status;
 }
 
+#ifdef FEATURE_WLAN_ESE
+/**
+ * csr_convert_ese_akm_to_ani() - Convert eCsrAuthType ESE akm value to
+ * equivalent enum ani_akm_type value
+ * @akm_type: value of type enum ani_akm_type
+ *
+ * Return: ani_akm_type value corresponding
+ */
+static enum ani_akm_type csr_convert_ese_akm_to_ani(eCsrAuthType akm_type)
+{
+	switch (akm_type) {
+	case eCSR_AUTH_TYPE_CCKM_RSN:
+		return ANI_AKM_TYPE_CCKM;
+	default:
+		return ANI_AKM_TYPE_UNKNOWN;
+	}
+}
+#else
+static inline enum
+ani_akm_type csr_convert_ese_akm_to_ani(eCsrAuthType akm_type)
+{
+	return ANI_AKM_TYPE_UNKNOWN;
+}
+#endif
+
+#ifdef WLAN_FEATURE_SAE
+/**
+ * csr_convert_sae_akm_to_ani() - Convert eCsrAuthType SAE akm value to
+ * equivalent enum ani_akm_type value
+ * @akm_type: value of type enum ani_akm_type
+ *
+ * Return: ani_akm_type value corresponding
+ */
+static enum ani_akm_type csr_convert_sae_akm_to_ani(eCsrAuthType akm_type)
+{
+	switch (akm_type) {
+	case eCSR_AUTH_TYPE_SAE:
+		return ANI_AKM_TYPE_SAE;
+	case eCSR_AUTH_TYPE_FT_SAE:
+		return ANI_AKM_TYPE_FT_SAE;
+	default:
+		return ANI_AKM_TYPE_UNKNOWN;
+	}
+}
+#else
+static inline
+enum ani_akm_type csr_convert_sae_akm_to_ani(eCsrAuthType akm_type)
+{
+	return ANI_AKM_TYPE_UNKNOWN;
+}
+#endif
+
+/**
+ * csr_convert_csr_to_ani_akm_type() - Convert eCsrAuthType value to equivalent
+ * enum ani_akm_type value
+ * @akm_type: value of type enum ani_akm_type
+ *
+ * Return: ani_akm_type value corresponding
+ */
+static enum ani_akm_type csr_convert_csr_to_ani_akm_type(eCsrAuthType akm_type)
+{
+	enum ani_akm_type ani_akm;
+
+	switch (akm_type) {
+	case eCSR_AUTH_TYPE_NONE:
+		return ANI_AKM_TYPE_NONE;
+	case eCSR_AUTH_TYPE_WPA:
+		return ANI_AKM_TYPE_WPA;
+	case eCSR_AUTH_TYPE_WPA_PSK:
+		return ANI_AKM_TYPE_WPA_PSK;
+	case eCSR_AUTH_TYPE_RSN:
+		return ANI_AKM_TYPE_RSN;
+	case eCSR_AUTH_TYPE_RSN_PSK:
+		return ANI_AKM_TYPE_RSN_PSK;
+	case eCSR_AUTH_TYPE_FT_RSN:
+		return ANI_AKM_TYPE_FT_RSN;
+	case eCSR_AUTH_TYPE_FT_RSN_PSK:
+		return ANI_AKM_TYPE_FT_RSN_PSK;
+	case eCSR_AUTH_TYPE_RSN_PSK_SHA256:
+		return ANI_AKM_TYPE_RSN_PSK_SHA256;
+	case eCSR_AUTH_TYPE_RSN_8021X_SHA256:
+		return ANI_AKM_TYPE_RSN_8021X_SHA256;
+	case eCSR_AUTH_TYPE_FILS_SHA256:
+		return ANI_AKM_TYPE_FILS_SHA256;
+	case eCSR_AUTH_TYPE_FILS_SHA384:
+		return ANI_AKM_TYPE_FILS_SHA384;
+	case eCSR_AUTH_TYPE_FT_FILS_SHA256:
+		return ANI_AKM_TYPE_FT_FILS_SHA256;
+	case eCSR_AUTH_TYPE_FT_FILS_SHA384:
+		return ANI_AKM_TYPE_FT_FILS_SHA384;
+	case eCSR_AUTH_TYPE_DPP_RSN:
+		return ANI_AKM_TYPE_DPP_RSN;
+	case eCSR_AUTH_TYPE_OWE:
+		return ANI_AKM_TYPE_OWE;
+	case eCSR_AUTH_TYPE_SUITEB_EAP_SHA256:
+		return ANI_AKM_TYPE_SUITEB_EAP_SHA256;
+	case eCSR_AUTH_TYPE_SUITEB_EAP_SHA384:
+		return ANI_AKM_TYPE_SUITEB_EAP_SHA384;
+	case eCSR_AUTH_TYPE_FT_SUITEB_EAP_SHA384:
+		return ANI_AKM_TYPE_FT_SUITEB_EAP_SHA384;
+	case eCSR_AUTH_TYPE_OSEN:
+		return ANI_AKM_TYPE_OSEN;
+	default:
+		ani_akm = ANI_AKM_TYPE_UNKNOWN;
+	}
+
+	if (ani_akm == ANI_AKM_TYPE_UNKNOWN)
+		ani_akm = csr_convert_sae_akm_to_ani(akm_type);
+
+	if (ani_akm == ANI_AKM_TYPE_UNKNOWN)
+		ani_akm = csr_convert_ese_akm_to_ani(akm_type);
+
+	return ani_akm;
+}
+
+/**
+ * csr_translate_akm_type() - Convert ani_akm_type value to equivalent
+ * eCsrAuthType
+ * @akm_type: value of type ani_akm_type
+ *
+ * Return: eCsrAuthType value
+ */
 static eCsrAuthType csr_translate_akm_type(enum ani_akm_type akm_type)
 {
 	eCsrAuthType csr_akm_type;
@@ -15048,6 +15170,7 @@ QDF_STATUS csr_send_join_req_msg(struct mac_context *mac, uint32_t sessionId,
 	struct action_oui_search_attr vendor_ap_search_attr;
 	tDot11fIEVHTCaps *vht_caps = NULL;
 	bool bvalue = 0;
+	eCsrAuthType akm;
 
 	if (!pSession) {
 		sme_err("session %d not found", sessionId);
@@ -15142,6 +15265,9 @@ QDF_STATUS csr_send_join_req_msg(struct mac_context *mac, uint32_t sessionId,
 			csr_translate_to_wni_cfg_dot11_mode(mac,
 							    pSession->bssParams.
 							    uCfgDot11Mode);
+		akm = pProfile->negotiatedAuthType;
+		csr_join_req->akm = csr_convert_csr_to_ani_akm_type(akm);
+
 		if (pBssDescription->channelId <= 14 &&
 		    !mac->mlme_cfg->vht_caps.vht_cap_info.b24ghz_band &&
 		    dot11mode == MLME_DOT11_MODE_11AC) {