qcacld-3.0: Use new crypto component apis for security checks

Use new converged crypto component servcie apis to check the
security match.

Change-Id: I6d54f22483cf0e37d6ab4b6a02f99ba9aa025fe3
CRs-Fixed: 2337074

core/hdd/src/wlan_hdd_cfg80211.c

@@ -16243,8 +16243,7 @@ static bool hdd_is_wpaie_present(const uint8_t *ie, uint8_t ie_len)
 	return false;
 }
 
-#ifdef CONFIG_CRYPTO_COMPONENT
-
+#ifdef WLAN_CONV_CRYPTO_SUPPORTED
 /**
  * hdd_populate_crypto_auth_type() - populate auth type for crypto
  * @vdev: pointed to vdev obmgr
@@ -16258,12 +16257,19 @@ static bool hdd_is_wpaie_present(const uint8_t *ie, uint8_t ie_len)
 static void hdd_populate_crypto_auth_type(struct wlan_objmgr_vdev *vdev,
 					  enum nl80211_auth_type auth_type)
 {
+	QDF_STATUS status;
+	uint32_t set_val = 0;
 	wlan_crypto_auth_mode crypto_auth_type =
 			osif_nl_to_crypto_auth_type(auth_type);
 
-	wlan_crypto_set_vdev_param(vdev,
-				   WLAN_CRYPTO_PARAM_AUTH_MODE,
-				   crypto_auth_type);
+	hdd_debug("set auth type %d to crypto component", crypto_auth_type);
+	HDD_SET_BIT(set_val, crypto_auth_type);
+	status = wlan_crypto_set_vdev_param(vdev,
+					    WLAN_CRYPTO_PARAM_AUTH_MODE,
+					    set_val);
+	if (QDF_IS_STATUS_ERROR(status))
+		hdd_err("Failed to set auth type %0X to crypto component",
+			set_val);
 }
 
 /**
@@ -16279,12 +16285,20 @@ static void hdd_populate_crypto_auth_type(struct wlan_objmgr_vdev *vdev,
 static void hdd_populate_crypto_akm_type(struct wlan_objmgr_vdev *vdev,
 					 u32 key_mgmt)
 {
+	QDF_STATUS status;
+	uint32_t set_val = 0;
 	wlan_crypto_key_mgmt crypto_akm_type =
 			osif_nl_to_crypto_akm_type(key_mgmt);
 
-	wlan_crypto_set_vdev_param(vdev,
-				   WLAN_CRYPTO_PARAM_KEY_MGMT,
-				   crypto_akm_type);
+	hdd_debug("set akm type %d to crypto component", crypto_akm_type);
+	HDD_SET_BIT(set_val, crypto_akm_type);
+
+	status = wlan_crypto_set_vdev_param(vdev,
+					    WLAN_CRYPTO_PARAM_KEY_MGMT,
+					    set_val);
+	if (QDF_IS_STATUS_ERROR(status))
+		hdd_err("Failed to set akm type %0x to crypto component",
+			set_val);
 }
 
 /**
@@ -16303,12 +16317,18 @@ static void hdd_populate_crypto_cipher_type(u32 cipher,
 					    wlan_crypto_param_type
 					    cipher_param_type)
 {
+	QDF_STATUS status;
+	uint32_t set_val = 0;
 	wlan_crypto_cipher_type crypto_cipher_type =
 			osif_nl_to_crypto_cipher_type(cipher);
 
-	wlan_crypto_set_vdev_param(vdev,
-				   cipher_param_type,
-				   crypto_cipher_type);
+	hdd_debug("set cipher params %d type %d to crypto",
+		  cipher_param_type, crypto_cipher_type);
+	HDD_SET_BIT(set_val, crypto_cipher_type);
+	status = wlan_crypto_set_vdev_param(vdev, cipher_param_type, set_val);
+	if (QDF_IS_STATUS_ERROR(status))
+		hdd_err("Failed to set cipher params %d type %0x to crypto",
+			cipher_param_type, set_val);
 }
 
 /**

core/hdd/src/wlan_hdd_cfg80211.h

@@ -125,6 +125,8 @@ struct hdd_context;
 
 #endif
 
+#define HDD_SET_BIT(__param, __val)    ((__param) |= (1 << (__val)))
+
 #define MAX_CHANNEL (NUM_24GHZ_CHANNELS + NUM_5GHZ_CHANNELS)
 #define MAX_SCAN_SSID 10
 

core/hdd/src/wlan_hdd_hostapd.c

@@ -84,6 +84,7 @@
 #include <wlan_cp_stats_mc_ucfg_api.h>
 #include "wlan_mlme_ucfg_api.h"
 #include "cfg_ucfg_api.h"
+#include "wlan_crypto_global_api.h"
 
 #define ACS_SCAN_EXPIRY_TIMEOUT_S 4
 
@@ -4555,6 +4556,30 @@ static void wlan_hdd_is_dhcp_enabled(struct hdd_context *hdd_ctx,
 }
 #endif
 
+#ifdef WLAN_CONV_CRYPTO_SUPPORTED
+/**
+ * hdd_set_vdev_crypto_prarams_from_ie - Sets vdev crypto params from IE info
+ * @vdev: vdev pointer
+ * @ie_ptr: pointer to IE
+ * @ie_len: IE length
+ *
+ * Return: QDF_STATUS_SUCCESS or error code
+ */
+static QDF_STATUS
+hdd_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev,
+				    uint8_t *ie_ptr, uint16_t ie_len)
+{
+	return wlan_set_vdev_crypto_prarams_from_ie(vdev, ie_ptr, ie_len);
+}
+#else
+static QDF_STATUS
+hdd_set_vdev_crypto_prarams_from_ie(struct wlan_objmgr_vdev *vdev,
+				    uint8_t *ie_ptr, uint16_t ie_len)
+{
+	return QDF_STATUS_SUCCESS;
+}
+#endif
+
 /**
  * wlan_hdd_cfg80211_start_bss() - start bss
  * @adapter: Pointer to hostapd adapter
@@ -4987,6 +5012,12 @@ int wlan_hdd_cfg80211_start_bss(struct hdd_adapter *adapter,
 		ret = -EINVAL;
 		goto error;
 	}
+	status = hdd_set_vdev_crypto_prarams_from_ie(adapter->vdev,
+						     pConfig->RSNWPAReqIE,
+						     pConfig->RSNWPAReqIELength
+						     );
+	if (QDF_IS_STATUS_ERROR(status))
+		hdd_err("Failed to set crypto params from IE");
 
 	pConfig->SSIDinfo.ssidHidden = false;
 

core/hdd/src/wlan_hdd_main.c

@@ -317,6 +317,7 @@ static const struct category_info cinfo[MAX_SUPPORTED_CATEGORY] = {
 	[QDF_MODULE_ID_CONFIG] = {QDF_TRACE_LEVEL_ALL},
 	[QDF_MODULE_ID_MLME] = {QDF_TRACE_LEVEL_ALL},
 	[QDF_MODULE_ID_TARGET] = {QDF_TRACE_LEVEL_ALL},
+	[QDF_MODULE_ID_CRYPTO] = {QDF_TRACE_LEVEL_ALL},
 	[QDF_MODULE_ID_FWOL] = {QDF_TRACE_LEVEL_ALL},
 	[QDF_MODULE_ID_SM_ENGINE] = {QDF_TRACE_LEVEL_ALL},
 	[QDF_MODULE_ID_CMN_MLME] = {QDF_TRACE_LEVEL_ALL},
@@ -9050,6 +9051,7 @@ static void hdd_set_trace_level_for_each(struct hdd_context *hdd_ctx)
 				hdd_ctx->config->qdf_trace_enable_cp_stats);
 	hdd_qdf_trace_enable(QDF_MODULE_ID_MLME, 0xffff);
 	hdd_qdf_trace_enable(QDF_MODULE_ID_FWOL, 0xffff);
+	hdd_qdf_trace_enable(QDF_MODULE_ID_CRYPTO, 0xffff);
 
 	hdd_set_mtrace_for_each(hdd_ctx);
 

core/mac/src/pe/lim/lim_assoc_utils.c

@@ -301,6 +301,7 @@ uint8_t lim_check_mcs_set(tpAniSirGlobal pMac, uint8_t *supportedMCSSet)
 #define SECURITY_SUITE_TYPE_GCMP 0x8
 #define SECURITY_SUITE_TYPE_GCMP_256 0x9
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 /**
  * is_non_rsn_cipher()- API to check whether cipher suit is rsn or not
  * @cipher_suite: cipher suit
@@ -356,7 +357,7 @@ uint8_t lim_check_rx_rsn_ie_match(tpAniSirGlobal mac_ctx,
 
 	if (!rx_rsn_ie) {
 		pe_debug("Rx RSN IE is NULL");
-		return QDF_STATUS_E_FAILURE;
+		return eSIR_MAC_UNSPEC_FAILURE_STATUS;
 	}
 
 	/* Check groupwise cipher suite */
@@ -435,7 +436,7 @@ uint8_t lim_check_rx_rsn_ie_match(tpAniSirGlobal mac_ctx,
 		they_require_pmf, *pmf_connection);
 #endif
 
-	return QDF_STATUS_SUCCESS;
+	return eSIR_MAC_SUCCESS_STATUS;
 }
 
 /**
@@ -455,7 +456,7 @@ uint8_t lim_check_rx_rsn_ie_match(tpAniSirGlobal mac_ctx,
  */
 
 uint8_t
-lim_check_rx_wpa_ie_match(tpAniSirGlobal mac, tDot11fIEWPA rx_wpaie,
+lim_check_rx_wpa_ie_match(tpAniSirGlobal mac, tDot11fIEWPA *rx_wpaie,
 			  tpPESession session_entry, uint8_t sta_is_ht)
 {
 	tDot11fIEWPA *wpa_ie;
@@ -466,7 +467,8 @@ lim_check_rx_wpa_ie_match(tpAniSirGlobal mac, tDot11fIEWPA rx_wpaie,
 
 	/* Check groupwise cipher suite */
 	for (i = 0; i < 4; i++) {
-		if (wpa_ie->multicast_cipher[i] != rx_wpaie.multicast_cipher[i]) {
+		if (wpa_ie->multicast_cipher[i] !=
+				rx_wpaie->multicast_cipher[i]) {
 			pe_debug("Invalid groupwise cipher suite");
 			return eSIR_MAC_INVALID_GROUP_CIPHER_STATUS;
 		}
@@ -477,9 +479,9 @@ lim_check_rx_wpa_ie_match(tpAniSirGlobal mac, tDot11fIEWPA rx_wpaie,
 	 * received pairwise
 	 */
 	match = 0;
-	for (i = 0; i < rx_wpaie.unicast_cipher_count; i++) {
+	for (i = 0; i < rx_wpaie->unicast_cipher_count; i++) {
 		for (j = 0; j < wpa_ie->unicast_cipher_count; j++) {
-			if (!qdf_mem_cmp(rx_wpaie.unicast_ciphers[i],
+			if (!qdf_mem_cmp(rx_wpaie->unicast_ciphers[i],
 					    wpa_ie->unicast_ciphers[j], 4)) {
 				match = 1;
 				break;
@@ -489,12 +491,12 @@ lim_check_rx_wpa_ie_match(tpAniSirGlobal mac, tDot11fIEWPA rx_wpaie,
 		if ((sta_is_ht)
 #ifdef ANI_LITTLE_BYTE_ENDIAN
 		    &&
-		    ((rx_wpaie.
+		    ((rx_wpaie->
 		      unicast_ciphers[i][3] & SECURITY_SUITE_TYPE_MASK) ==
 		     SECURITY_SUITE_TYPE_CCMP))
 #else
 		    &&
-		    ((rx_wpaie.
+		    ((rx_wpaie->
 		      unicast_ciphers[i][0] & SECURITY_SUITE_TYPE_MASK) ==
 		     SECURITY_SUITE_TYPE_CCMP))
 #endif
@@ -509,8 +511,9 @@ lim_check_rx_wpa_ie_match(tpAniSirGlobal mac, tDot11fIEWPA rx_wpaie,
 		return eSIR_MAC_CIPHER_SUITE_REJECTED_STATUS;
 	}
 
-	return QDF_STATUS_SUCCESS;
+	return eSIR_MAC_SUCCESS_STATUS;
 }
+#endif
 
 /**
  * lim_cleanup_rx_path()

core/mac/src/pe/lim/lim_assoc_utils.h

@@ -48,7 +48,7 @@ uint8_t lim_check_rx_rsn_ie_match(tpAniSirGlobal mac_ctx,
 				  tDot11fIERSN * const rx_rsn_ie,
 				  tpPESession session_entry, uint8_t sta_is_ht,
 				  bool *pmf_connection);
-uint8_t lim_check_rx_wpa_ie_match(tpAniSirGlobal, tDot11fIEWPA, tpPESession,
+uint8_t lim_check_rx_wpa_ie_match(tpAniSirGlobal, tDot11fIEWPA *, tpPESession,
 				  uint8_t);
 uint8_t lim_check_mcs_set(tpAniSirGlobal pMac, uint8_t *supportedMCSSet);
 void limPostDummyToTmRing(tpAniSirGlobal, tpDphHashNode);

core/mac/src/pe/lim/lim_process_assoc_req_frame.c

@@ -38,10 +38,12 @@
 #include "lim_admit_control.h"
 #include "cds_packet.h"
 #include "lim_session_utils.h"
+#include "utils_parser.h"
 
 #include "qdf_types.h"
 #include "cds_utils.h"
 #include "wlan_utility.h"
+#include "wlan_crypto_global_api.h"
 
 /**
  * lim_convert_supported_channels - Parses channel support IE
@@ -800,6 +802,92 @@ static void lim_print_ht_cap(tpAniSirGlobal mac_ctx, tpPESession session,
 	}
 }
 
+#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT
+static tSirMacStatusCodes lim_check_rsn_ie(tpPESession session,
+					   struct mac_context *mac_ctx,
+					   tpSirAssocReq assoc_req,
+					   tDot11fIERSN *rsn,
+					   bool *pmf_connection)
+{
+	struct wlan_objmgr_vdev *vdev;
+
+	uint8_t buffer[SIR_MAC_MAX_IE_LENGTH];
+	uint32_t dot11f_status, written = 0, nbuffer = SIR_MAC_MAX_IE_LENGTH;
+	tSirMacRsnInfo rsn_ie;
+
+	dot11f_status = dot11f_pack_ie_rsn(mac_ctx, rsn, buffer,
+					   nbuffer, &written);
+	if (DOT11F_FAILED(dot11f_status)) {
+		pe_err("Failed to re-pack the RSN IE (0x%0x8)", dot11f_status);
+		return eSIR_MAC_INVALID_IE_STATUS;
+	}
+
+	rsn_ie.length = (uint8_t) written;
+	qdf_mem_copy(&rsn_ie.info[0], buffer, rsn_ie.length);
+	if (wlan_crypto_check_rsn_match(mac_ctx->psoc, session->smeSessionId,
+					&rsn_ie.info[0], rsn_ie.length)) {
+		vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac_ctx->psoc,
+							session->smeSessionId,
+							WLAN_LEGACY_MAC_ID);
+		if (!vdev) {
+			pe_err("vdev is NULL");
+			return eSIR_MAC_UNSPEC_FAILURE_STATUS;
+		}
+
+		*pmf_connection = wlan_crypto_vdev_is_pmf_enabled(vdev);
+		wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_MAC_ID);
+	} else {
+		return eSIR_MAC_INVALID_IE_STATUS;
+	}
+
+	return eSIR_MAC_SUCCESS_STATUS;
+}
+
+static tSirMacStatusCodes lim_check_wpa_ie(tpPESession session,
+					   struct mac_context *mac_ctx,
+					   tpSirAssocReq assoc_req,
+					   tDot11fIEWPA *wpa)
+{
+	uint8_t buffer[SIR_MAC_MAX_IE_LENGTH];
+	uint32_t dot11f_status, written = 0, nbuffer = SIR_MAC_MAX_IE_LENGTH;
+	tSirMacRsnInfo wpa_ie = {0};
+
+	dot11f_status = dot11f_pack_ie_wpa(mac_ctx, wpa, buffer,
+					   nbuffer, &written);
+	if (DOT11F_FAILED(dot11f_status)) {
+		pe_err("Failed to re-pack the RSN IE (0x%0x8)", dot11f_status);
+		return eSIR_MAC_INVALID_IE_STATUS;
+	}
+
+	wpa_ie.length = (uint8_t) written;
+	qdf_mem_copy(&wpa_ie.info[0], buffer, wpa_ie.length);
+	if (wlan_crypto_check_wpa_match(mac_ctx->psoc, session->smeSessionId,
+					&wpa_ie.info[0], wpa_ie.length))
+		return eSIR_MAC_SUCCESS_STATUS;
+
+	return eSIR_MAC_INVALID_IE_STATUS;
+}
+#else
+static tSirMacStatusCodes lim_check_rsn_ie(tpPESession session,
+					   struct mac_context *mac_ctx,
+					   tpSirAssocReq assoc_req,
+					   tDot11fIERSN *rsn,
+					   bool *pmf_connection)
+{
+	return lim_check_rx_rsn_ie_match(mac_ctx, rsn, session,
+					 assoc_req->HTCaps.present,
+					 pmf_connection);
+}
+
+static tSirMacStatusCodes lim_check_wpa_ie(tpPESession session,
+					   struct mac_context *mac_ctx,
+					   tpSirAssocReq assoc_req,
+					   tDot11fIEWPA *wpa)
+{
+	return lim_check_rx_wpa_ie_match(mac_ctx, wpa, session,
+					 assoc_req->HTCaps.present);
+}
+#endif
 /**
   * lim_check_wpa_rsn_ie() - wpa and rsn ie related checks
   * @session: pointer to pe session entry
@@ -821,7 +909,7 @@ static bool lim_check_wpa_rsn_ie(tpPESession session, tpAniSirGlobal mac_ctx,
 	uint32_t ret;
 	tDot11fIEWPA dot11f_ie_wpa = {0};
 	tDot11fIERSN dot11f_ie_rsn = {0};
-	QDF_STATUS status = QDF_STATUS_SUCCESS;
+	tSirMacStatusCodes status = eSIR_MAC_SUCCESS_STATUS;
 
 	/*
 	 * Clear the buffers so that frame parser knows that there isn't a
@@ -863,11 +951,10 @@ static bool lim_check_wpa_rsn_ie(tpPESession session, tpAniSirGlobal mac_ctx,
 		/* Check if the RSN version is supported */
 		if (SIR_MAC_OUI_VERSION_1 == dot11f_ie_rsn.version) {
 			/* check the groupwise and pairwise cipher suites */
-			status = lim_check_rx_rsn_ie_match(mac_ctx,
-					   &dot11f_ie_rsn, session,
-					   assoc_req->HTCaps.present,
-					   pmf_connection);
-			if (QDF_STATUS_SUCCESS != status) {
+			status = lim_check_rsn_ie(session, mac_ctx, assoc_req,
+						  &dot11f_ie_rsn,
+						  pmf_connection);
+			if (eSIR_MAC_SUCCESS_STATUS != status) {
 				pe_warn("Re/Assoc rejected from: "
 					MAC_ADDRESS_STR,
 					MAC_ADDR_ARRAY(hdr->sa));
@@ -880,7 +967,6 @@ static bool lim_check_wpa_rsn_ie(tpPESession session, tpAniSirGlobal mac_ctx,
 		} else {
 			pe_warn("Re/Assoc rejected from: " MAC_ADDRESS_STR,
 				MAC_ADDR_ARRAY(hdr->sa));
-
 			/*
 			 * rcvd Assoc req frame with RSN IE but
 			 * IE version is wrong
@@ -916,13 +1002,12 @@ static bool lim_check_wpa_rsn_ie(tpPESession session, tpAniSirGlobal mac_ctx,
 		}
 
 		/* check the groupwise and pairwise cipher suites*/
-		status = lim_check_rx_wpa_ie_match(mac_ctx, dot11f_ie_wpa,
-					session, assoc_req->HTCaps.present);
-		if (QDF_STATUS_SUCCESS != status) {
+		status = lim_check_wpa_ie(session, mac_ctx, assoc_req,
+					  &dot11f_ie_wpa);
+		if (eSIR_MAC_SUCCESS_STATUS != status) {
 			pe_warn("Re/Assoc rejected from: "
 				MAC_ADDRESS_STR,
 				MAC_ADDR_ARRAY(hdr->sa));
-
 			/*
 			 * rcvd Assoc req frame with WPA IE
 			 * but there is mismatch
@@ -933,8 +1018,8 @@ static bool lim_check_wpa_rsn_ie(tpPESession session, tpAniSirGlobal mac_ctx,
 		}
 
 	}
-	return true;
 
+	return true;
 }
 
 /**

core/sme/inc/csr_support.h

@@ -236,7 +236,7 @@ uint8_t csr_construct_rsn_ie(tpAniSirGlobal pMac, uint32_t sessionId,
 			     tSirBssDescription *pSirBssDesc,
 			     tDot11fBeaconIEs *pIes, tCsrRSNIe *pRSNIe);
 
-uint8_t csr_construct_wpa_ie(tpAniSirGlobal pMac,
+uint8_t csr_construct_wpa_ie(tpAniSirGlobal pMac, uint8_t session_id,
 			     struct csr_roam_profile *pProfile,
 			     tSirBssDescription *pSirBssDesc,
 			     tDot11fBeaconIEs *pIes, tCsrWpaIe *pWpaIe);
@@ -249,7 +249,7 @@ bool csr_is_profile_wapi(struct csr_roam_profile *pProfile);
  * Or else construct one from the BSS Caller allocated memory for pWpaIe and
  * guarrantee it can contain a max length WPA IE
  */
-uint8_t csr_retrieve_wpa_ie(tpAniSirGlobal pMac,
+uint8_t csr_retrieve_wpa_ie(tpAniSirGlobal pMac, uint8_t session_id,
 			    struct csr_roam_profile *pProfile,
 			    tSirBssDescription *pSirBssDesc,
 			    tDot11fBeaconIEs *pIes, tCsrWpaIe *pWpaIe);
@@ -291,14 +291,12 @@ tAniEdType csr_translate_encrypt_type_to_ed_type(
  * pIes shall contain IEs from pSirBssDesc.
  * It shall be returned from function csr_get_parsed_bss_description_ies
  */
-bool csr_is_security_match(tpAniSirGlobal mac_ctx, tCsrAuthList *authType,
-		tCsrEncryptionList *pUCEncryptionType,
-		tCsrEncryptionList *pMCEncryptionType, bool *pMFPEnabled,
-		uint8_t *pMFPRequired, uint8_t *pMFPCapable,
-		tSirBssDescription *pSirBssDesc, tDot11fBeaconIEs *pIes,
-		eCsrAuthType *negotiatedAuthtype,
-		eCsrEncryptionType *negotiatedUCCipher,
-		eCsrEncryptionType *negotiatedMCCipher);
+bool csr_is_security_match(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
+			   tCsrEncryptionList *uc_enc_type,
+			   tCsrEncryptionList *mc_enc_type, bool *mfp_enabled,
+			   uint8_t *mfp_required, uint8_t *mfp_capable,
+			   tSirBssDescription *bss_desc,
+			   tDot11fBeaconIEs *ies_ptr, uint8_t session_id);
 bool csr_is_bss_type_match(eCsrRoamBssType bssType1, eCsrRoamBssType bssType2);
 bool csr_is_bss_type_ibss(eCsrRoamBssType bssType);
 bool csr_is_bssid_match(struct qdf_mac_addr *pProfBssid,

core/sme/inc/sme_api.h

@@ -99,6 +99,8 @@
 
 #define NUM_OF_BANDS 2
 
+#define SUPPORTED_CRYPTO_CAPS 0x1FFFF
+
 #define SME_ACTIVE_LIST_CMD_TIMEOUT_VALUE (30*1000)
 #define SME_CMD_TIMEOUT_VALUE (SME_ACTIVE_LIST_CMD_TIMEOUT_VALUE + 1000)
 

core/sme/src/common/sme_api.c

@@ -15972,6 +15972,7 @@ void sme_store_pdev(mac_handle_t mac_handle, struct wlan_objmgr_pdev *pdev)
 		return;
 	}
 	wma_store_pdev(wma_handle, pdev);
+	pdev->pdev_nif.pdev_fw_caps |= SUPPORTED_CRYPTO_CAPS;
 }
 
 QDF_STATUS sme_congestion_register_callback(mac_handle_t mac_handle,

core/sme/src/csr/csr_api_roam.c

@@ -15235,10 +15235,9 @@ QDF_STATUS csr_send_join_req_msg(tpAniSirGlobal pMac, uint32_t sessionId,
 		/* rsnIE */
 		if (csr_is_profile_wpa(pProfile)) {
 			/* Insert the Wpa IE into the join request */
-			ieLen =
-				csr_retrieve_wpa_ie(pMac, pProfile,
-						pBssDescription, pIes,
-						(tCsrWpaIe *) (wpaRsnIE));
+			ieLen = csr_retrieve_wpa_ie(pMac, sessionId, pProfile,
+						    pBssDescription, pIes,
+						    (tCsrWpaIe *) (wpaRsnIE));
 		} else if (csr_is_profile_rsn(pProfile)) {
 			/* Insert the RSN IE into the join request */
 			ieLen =

core/sme/src/csr/csr_neighbor_roam.c

@@ -643,6 +643,7 @@ QDF_STATUS csr_neighbor_roam_merge_channel_lists(tpAniSirGlobal pMac,
  * @pCurProfile: pointer to current roam profile
  * @pBssDesc: pointer to bss description
  * @pIes: pointer to local ies
+ * @session_id: Session ID
  *
  * This routine will be called to see if SSID and security parameters
  * are matching.
@@ -651,7 +652,8 @@ QDF_STATUS csr_neighbor_roam_merge_channel_lists(tpAniSirGlobal pMac,
  */
 static bool csr_neighbor_roam_is_ssid_and_security_match(tpAniSirGlobal pMac,
 		tCsrRoamConnectedProfile *pCurProfile,
-		tSirBssDescription *pBssDesc, tDot11fBeaconIEs *pIes)
+		tSirBssDescription *pBssDesc, tDot11fBeaconIEs *pIes,
+		uint8_t session_id)
 {
 	tCsrAuthList authType;
 	tCsrEncryptionList uCEncryptionType;
@@ -693,13 +695,13 @@ static bool csr_neighbor_roam_is_ssid_and_security_match(tpAniSirGlobal pMac,
 				&pCurProfile->MFPEnabled,
 				&pCurProfile->MFPRequired,
 				&pCurProfile->MFPCapable,
-				pBssDesc, pIes, NULL, NULL, NULL);
+				pBssDesc, pIes, session_id);
 #else
 		fMatch = csr_is_security_match(pMac, &authType,
 				&uCEncryptionType,
 				&mCEncryptionType, NULL,
 				NULL, NULL, pBssDesc,
-				pIes, NULL, NULL, NULL);
+				pIes, session_id);
 #endif
 		return fMatch;
 	} else {
@@ -735,7 +737,7 @@ bool csr_neighbor_roam_is_new_connected_profile(tpAniSirGlobal pMac,
 		if (QDF_IS_STATUS_SUCCESS(
 		    csr_get_parsed_bss_description_ies(pMac, pBssDesc, &pIes))
 		    && csr_neighbor_roam_is_ssid_and_security_match(pMac,
-					pCurrProfile, pBssDesc, pIes)) {
+				pCurrProfile, pBssDesc, pIes, sessionId)) {
 			fNew = false;
 		}
 		if (pIes)
@@ -765,7 +767,8 @@ bool csr_neighbor_roam_connected_profile_match(tpAniSirGlobal pMac,
 		return false;
 
 	return csr_neighbor_roam_is_ssid_and_security_match(pMac, pCurProfile,
-							    pBssDesc, pIes);
+							    pBssDesc, pIes,
+							    sessionId);
 }
 
 /**

core/sme/src/csr/csr_util.c

@@ -32,6 +32,7 @@
 #include "wlan_policy_mgr_api.h"
 #include "wlan_serialization_legacy_api.h"
 #include "wlan_reg_services_api.h"
+#include "wlan_crypto_global_api.h"
 
 
 uint8_t csr_wpa_oui[][CSR_WPA_OUI_SIZE] = {
@@ -2885,6 +2886,7 @@ static bool csr_match_wapi_oui_index(tpAniSirGlobal pMac,
 }
 #endif /* FEATURE_WLAN_WAPI */
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 static bool csr_match_wpaoui_index(tpAniSirGlobal pMac,
 				   uint8_t AllCyphers[][CSR_RSN_OUI_SIZE],
 				   uint8_t cAllCyphers, uint8_t ouiIndex,
@@ -2897,6 +2899,7 @@ static bool csr_match_wpaoui_index(tpAniSirGlobal pMac,
 	else
 		return false;
 }
+#endif
 
 #ifdef FEATURE_WLAN_WAPI
 static bool csr_is_auth_wapi_cert(tpAniSirGlobal pMac,
@@ -2957,6 +2960,7 @@ static bool csr_is_ese_cckm_auth_rsn(tpAniSirGlobal pMac,
 		(pMac, AllSuites, cAllSuites, csr_rsn_oui[06], Oui);
 }
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 static bool csr_is_ese_cckm_auth_wpa(tpAniSirGlobal pMac,
 				     uint8_t AllSuites[][CSR_WPA_OUI_SIZE],
 				     uint8_t cAllSuites, uint8_t Oui[])
@@ -2964,6 +2968,7 @@ static bool csr_is_ese_cckm_auth_wpa(tpAniSirGlobal pMac,
 	return csr_is_oui_match
 		(pMac, AllSuites, cAllSuites, csr_wpa_oui[06], Oui);
 }
+#endif
 
 #endif
 
@@ -3157,6 +3162,7 @@ static bool csr_is_auth_wpa_sae(tpAniSirGlobal mac,
 }
 #endif
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 static bool csr_is_auth_wpa(tpAniSirGlobal pMac,
 			    uint8_t AllSuites[][CSR_WPA_OUI_SIZE],
 			    uint8_t cAllSuites, uint8_t Oui[])
@@ -3172,6 +3178,7 @@ static bool csr_is_auth_wpa_psk(tpAniSirGlobal pMac,
 	return csr_is_oui_match
 		(pMac, AllSuites, cAllSuites, csr_wpa_oui[02], Oui);
 }
+#endif
 
 /*
  * csr_is_group_mgmt_gmac_128() - check whether oui is GMAC_128
@@ -3707,6 +3714,7 @@ static bool csr_is_rsn_match(tpAniSirGlobal mac_ctx, tCsrAuthList *pAuthType,
 	return fRSNMatch;
 }
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 /**
  * csr_lookup_pmkid_using_ssid() - lookup pmkid using ssid and cache_id
  * @mac: pointer to mac
@@ -3746,6 +3754,7 @@ static bool csr_lookup_pmkid_using_ssid(tpAniSirGlobal mac,
 
 	return false;
 }
+#endif
 
 bool csr_lookup_pmkid_using_bssid(tpAniSirGlobal mac,
 					struct csr_roam_session *session,
@@ -3772,6 +3781,7 @@ bool csr_lookup_pmkid_using_bssid(tpAniSirGlobal mac,
 	return false;
 }
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 /**
  * csr_lookup_pmkid() - lookup pmkid using bssid or ssid + cache_id
  * @mac: pointer to mac
@@ -3825,8 +3835,10 @@ static bool csr_lookup_pmkid(tpAniSirGlobal pMac, uint32_t sessionId,
 
 	return fRC;
 }
+#endif
 
 #ifdef WLAN_FEATURE_FILS_SK
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 /*
  * csr_update_pmksa_for_cache_id: update tPmkidCacheInfo to lookup using
  * ssid and cache id
@@ -3857,7 +3869,7 @@ static bool csr_update_pmksa_for_cache_id(tSirBssDescription *bss_desc,
 	return true;
 
 }
-
+#endif
 /*
  * csr_update_pmksa_to_profile: update pmk and pmkid to profile which will be
  * used in case of fils session
@@ -3893,6 +3905,32 @@ static inline void csr_update_pmksa_to_profile(struct csr_roam_profile *profile,
 }
 #endif
 
+#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT
+uint8_t csr_construct_rsn_ie(tpAniSirGlobal pMac, uint32_t sessionId,
+			     struct csr_roam_profile *pProfile,
+			     tSirBssDescription *pSirBssDesc,
+			     tDot11fBeaconIEs *pIes, tCsrRSNIe *pRSNIe)
+{
+	struct wlan_objmgr_vdev *vdev;
+	uint8_t *rsn_ie_end = NULL;
+	uint8_t *rsn_ie = (uint8_t *)pRSNIe;
+	uint8_t ie_len = 0;
+
+	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(pMac->psoc, sessionId,
+						    WLAN_LEGACY_SME_ID);
+	if (!vdev) {
+		sme_err("Invalid vdev");
+		return ie_len;
+	}
+	rsn_ie_end = wlan_crypto_build_rsnie(vdev, rsn_ie);
+	if (rsn_ie_end)
+		ie_len = rsn_ie_end - rsn_ie;
+
+	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+
+	return ie_len;
+}
+#else
 /**
  * csr_update_session_pmk() - Update the pmk len and pmk in the roam session
  * @session: pointer to the CSR Roam session
@@ -4110,6 +4148,7 @@ uint8_t csr_construct_rsn_ie(tpAniSirGlobal pMac, uint32_t sessionId,
 
 	return cbRSNIe;
 }
+#endif
 
 #ifdef FEATURE_WLAN_WAPI
 /**
@@ -4265,6 +4304,7 @@ static bool csr_is_wapi_match(tpAniSirGlobal mac_ctx, tCsrAuthList *pAuthType,
 	return fWapiMatch;
 }
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 static bool csr_lookup_bkid(tpAniSirGlobal pMac, uint32_t sessionId,
 			    uint8_t *pBSSId, uint8_t *pBKId)
 {
@@ -4304,7 +4344,34 @@ static bool csr_lookup_bkid(tpAniSirGlobal pMac, uint32_t sessionId,
 
 	return fRC;
 }
+#endif
+
+#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT
+uint8_t csr_construct_wapi_ie(tpAniSirGlobal pMac, uint32_t sessionId,
+			      struct csr_roam_profile *pProfile,
+			      tSirBssDescription *pSirBssDesc,
+			      tDot11fBeaconIEs *pIes, tCsrWapiIe *pWapiIe)
+{
+	struct wlan_objmgr_vdev *vdev;
+	uint8_t *wapi_ie_end = NULL;
+	uint8_t *wapi_ie = (uint8_t *)pWapiIe;
+	uint8_t ie_len = 0;
+
+	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(pMac->psoc, sessionId,
+						    WLAN_LEGACY_SME_ID);
+	if (!vdev) {
+		sme_err("Invalid vdev");
+		return ie_len;
+	}
+	wapi_ie_end = wlan_crypto_build_wapiie(vdev, wapi_ie);
+	if (wapi_ie_end)
+		ie_len = wapi_ie_end - wapi_ie;
+
+	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
 
+	return ie_len;
+}
+#else
 uint8_t csr_construct_wapi_ie(tpAniSirGlobal pMac, uint32_t sessionId,
 			      struct csr_roam_profile *pProfile,
 			      tSirBssDescription *pSirBssDesc,
@@ -4410,8 +4477,10 @@ uint8_t csr_construct_wapi_ie(tpAniSirGlobal pMac, uint32_t sessionId,
 
 	return cbWapiIe;
 }
+#endif
 #endif /* FEATURE_WLAN_WAPI */
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 /**
  * csr_get_wpa_cyphers() - to get WPA cipher info
  * @mac_ctx: pointer to mac context
@@ -4580,8 +4649,35 @@ static bool csr_is_wpa_encryption_match(tpAniSirGlobal pMac,
 
 	return fWpaMatch;
 }
+#endif
 
-uint8_t csr_construct_wpa_ie(tpAniSirGlobal pMac,
+#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT
+uint8_t csr_construct_wpa_ie(tpAniSirGlobal pMac, uint8_t session_id,
+			     struct csr_roam_profile *pProfile,
+			     tSirBssDescription *pSirBssDesc,
+			     tDot11fBeaconIEs *pIes, tCsrWpaIe *pWpaIe)
+{
+	struct wlan_objmgr_vdev *vdev;
+	uint8_t *wpa_ie_end = NULL;
+	uint8_t *wpa_ie = (uint8_t *)pWpaIe;
+	uint8_t ie_len = 0;
+
+	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(pMac->psoc, session_id,
+						    WLAN_LEGACY_SME_ID);
+	if (!vdev) {
+		sme_err("Invalid vdev");
+		return ie_len;
+	}
+	wpa_ie_end = wlan_crypto_build_wpaie(vdev, wpa_ie);
+	if (wpa_ie_end)
+		ie_len = wpa_ie_end - wpa_ie;
+
+	wlan_objmgr_vdev_release_ref(vdev, WLAN_LEGACY_SME_ID);
+
+	return ie_len;
+}
+#else
+uint8_t csr_construct_wpa_ie(tpAniSirGlobal pMac, uint8_t session_id,
 			     struct csr_roam_profile *pProfile,
 			     tSirBssDescription *pSirBssDesc,
 			     tDot11fBeaconIEs *pIes, tCsrWpaIe *pWpaIe)
@@ -4662,12 +4758,13 @@ uint8_t csr_construct_wpa_ie(tpAniSirGlobal pMac,
 
 	return cbWpaIe;
 }
+#endif
 
 /* If a WPAIE exists in the profile, just use it. Or else construct
  * one from the BSS Caller allocated memory for pWpaIe and guarrantee
  * it can contain a max length WPA IE
  */
-uint8_t csr_retrieve_wpa_ie(tpAniSirGlobal pMac,
+uint8_t csr_retrieve_wpa_ie(tpAniSirGlobal pMac, uint8_t session_id,
 			    struct csr_roam_profile *pProfile,
 			    tSirBssDescription *pSirBssDesc,
 			    tDot11fBeaconIEs *pIes, tCsrWpaIe *pWpaIe)
@@ -4683,12 +4780,14 @@ uint8_t csr_retrieve_wpa_ie(tpAniSirGlobal pMac,
 				cbWpaIe = (uint8_t) pProfile->nWPAReqIELength;
 				qdf_mem_copy(pWpaIe, pProfile->pWPAReqIE,
 					     cbWpaIe);
-			} else
-				sme_warn("Invalid WPA IE length: %d",
-					pProfile->nWPAReqIELength);
-		} else
-			cbWpaIe = csr_construct_wpa_ie(pMac, pProfile,
-						pSirBssDesc, pIes, pWpaIe);
+			} else {
+				sme_warn("Invalid WPA IE length %d",
+					 pProfile->nWPAReqIELength);
+			}
+			break;
+		}
+		cbWpaIe = csr_construct_wpa_ie(pMac, session_id, pProfile,
+					       pSirBssDesc, pIes, pWpaIe);
 	} while (0);
 
 	return cbWpaIe;
@@ -4719,11 +4818,10 @@ uint8_t csr_retrieve_rsn_ie(tpAniSirGlobal pMac, uint32_t sessionId,
 					     cbRsnIe);
 			} else {
 				sme_warn("Invalid RSN IE length: %d",
-					pProfile->nRSNReqIELength);
+					 pProfile->nRSNReqIELength);
 			}
 			break;
 		}
-
 		cbRsnIe = csr_construct_rsn_ie(pMac, sessionId, pProfile,
 					       pSirBssDesc, pIes, pRsnIe);
 	} while (0);
@@ -4752,13 +4850,15 @@ uint8_t csr_retrieve_wapi_ie(tpAniSirGlobal pMac, uint32_t sessionId,
 				cbWapiIe = (uint8_t) pProfile->nWAPIReqIELength;
 				qdf_mem_copy(pWapiIe, pProfile->pWAPIReqIE,
 					     cbWapiIe);
-			} else
-				sme_warn("Invalid WAPI IE length: %d",
-					pProfile->nWAPIReqIELength);
-		} else
-			cbWapiIe =
-				csr_construct_wapi_ie(pMac, sessionId, pProfile,
-						    pSirBssDesc, pIes, pWapiIe);
+			} else {
+				sme_warn("Invalid WAPI IE length %d",
+					 pProfile->nWAPIReqIELength);
+			}
+			break;
+		}
+		cbWapiIe = csr_construct_wapi_ie(pMac, sessionId,
+						 pProfile, pSirBssDesc,
+						 pIes, pWapiIe);
 	} while (0);
 
 	return cbWapiIe;
@@ -4885,20 +4985,16 @@ static bool csr_validate_wep(tpAniSirGlobal mac_ctx,
 			     eCsrEncryptionType uc_encry_type,
 			     tCsrAuthList *auth_list,
 			     tCsrEncryptionList *mc_encryption_list,
-			     eCsrAuthType *negotiated_authtype,
-			     eCsrEncryptionType *negotiated_mc_encry,
 			     tSirBssDescription *bss_descr,
 			     tDot11fBeaconIEs *ie_ptr)
 {
 	uint32_t idx;
 	bool match = false;
-	eCsrAuthType negotiated_auth = eCSR_AUTH_TYPE_OPEN_SYSTEM;
-	eCsrEncryptionType negotiated_mccipher = eCSR_ENCRYPT_TYPE_UNKNOWN;
 	uint8_t oui_index;
 
 	/* If privacy bit is not set, consider no match */
 	if (!csr_is_privacy(bss_descr))
-		goto end;
+		return match;
 
 	for (idx = 0; idx < mc_encryption_list->numEntries; idx++) {
 		switch (mc_encryption_list->encryptionType[idx]) {
@@ -4913,8 +5009,6 @@ static bool csr_validate_wep(tpAniSirGlobal mac_ctx,
 			if (uc_encry_type ==
 				mc_encryption_list->encryptionType[idx]) {
 				match = true;
-				negotiated_mccipher =
-					mc_encryption_list->encryptionType[idx];
 			}
 			break;
 		default:
@@ -4926,7 +5020,7 @@ static bool csr_validate_wep(tpAniSirGlobal mac_ctx,
 	}
 
 	if (!match)
-		goto end;
+		return match;
 
 	for (idx = 0; idx < auth_list->numEntries; idx++) {
 		switch (auth_list->authType[idx]) {
@@ -4934,7 +5028,6 @@ static bool csr_validate_wep(tpAniSirGlobal mac_ctx,
 		case eCSR_AUTH_TYPE_SHARED_KEY:
 		case eCSR_AUTH_TYPE_AUTOSWITCH:
 			match = true;
-			negotiated_auth = auth_list->authType[idx];
 			break;
 		default:
 			match = false;
@@ -4944,10 +5037,10 @@ static bool csr_validate_wep(tpAniSirGlobal mac_ctx,
 	}
 
 	if (!match)
-		goto end;
+		return match;
 
 	if (!ie_ptr)
-		goto end;
+		return match;
 
 	/*
 	 * In case of WPA / WPA2, check whether it supports WEP as well.
@@ -4966,7 +5059,7 @@ static bool csr_validate_wep(tpAniSirGlobal mac_ctx,
 					csr_wpa_oui[oui_index],
 					CSR_WPA_OUI_SIZE));
 		if (match)
-			goto end;
+			return match;
 	}
 	if (ie_ptr->RSN.present) {
 		match = (!qdf_mem_cmp(ie_ptr->RSN.gp_cipher_suite,
@@ -4975,17 +5068,10 @@ static bool csr_validate_wep(tpAniSirGlobal mac_ctx,
 				CSR_RSN_OUI_SIZE));
 	}
 
-
-end:
-	if (match) {
-		if (negotiated_authtype)
-			*negotiated_authtype = negotiated_auth;
-		if (negotiated_mc_encry)
-			*negotiated_mc_encry = negotiated_mccipher;
-	}
 	return match;
 }
 
+#ifndef WLAN_CONV_CRYPTO_IE_SUPPORT
 /**
  * csr_validate_open_none() - Check if the security is matching
  * @bss_desc:          BSS Descriptor on which the check is done
@@ -4997,8 +5083,8 @@ end:
  * Return: Boolean value to tell if matched or not.
  */
 static bool csr_validate_open_none(tSirBssDescription *bss_desc,
-	tCsrEncryptionList *mc_enc_type, eCsrEncryptionType *mc_cipher,
-	tCsrAuthList *auth_type, eCsrAuthType *neg_auth_type)
+				   tCsrEncryptionList *mc_enc_type,
+				   tCsrAuthList *auth_type)
 {
 	bool match;
 	uint8_t idx;
@@ -5019,7 +5105,6 @@ static bool csr_validate_open_none(tSirBssDescription *bss_desc,
 			if (eCSR_ENCRYPT_TYPE_NONE ==
 				mc_enc_type->encryptionType[idx]) {
 				match = true;
-				*mc_cipher = mc_enc_type->encryptionType[idx];
 				break;
 			}
 		}
@@ -5034,8 +5119,6 @@ static bool csr_validate_open_none(tSirBssDescription *bss_desc,
 				(eCSR_AUTH_TYPE_AUTOSWITCH ==
 				auth_type->authType[idx])) {
 				match = true;
-				*neg_auth_type =
-					eCSR_AUTH_TYPE_OPEN_SYSTEM;
 				break;
 			}
 		}
@@ -5045,7 +5128,7 @@ static bool csr_validate_open_none(tSirBssDescription *bss_desc,
 	}
 	return match;
 }
-
+#endif
 /**
  * csr_validate_any_default() - Check if the security is matching
  * @mac_ctx:           Global MAC context
@@ -5119,19 +5202,19 @@ static bool csr_validate_any_default(tpAniSirGlobal mac_ctx,
 		return match;
 	*uc_cipher = eCSR_ENCRYPT_TYPE_WEP104;
 	if (csr_validate_wep(mac_ctx, *uc_cipher, auth_type, mc_enc_type,
-			neg_auth_type, mc_cipher, bss_desc, ies_ptr))
+			bss_desc, ies_ptr))
 		return match;
 	*uc_cipher = eCSR_ENCRYPT_TYPE_WEP40;
 	if (csr_validate_wep(mac_ctx, *uc_cipher, auth_type, mc_enc_type,
-			neg_auth_type, mc_cipher, bss_desc, ies_ptr))
+			bss_desc, ies_ptr))
 		return match;
 	*uc_cipher = eCSR_ENCRYPT_TYPE_WEP104_STATICKEY;
 	if (csr_validate_wep(mac_ctx, *uc_cipher, auth_type, mc_enc_type,
-			neg_auth_type, mc_cipher, bss_desc, ies_ptr))
+			bss_desc, ies_ptr))
 		return match;
 	*uc_cipher = eCSR_ENCRYPT_TYPE_WEP40_STATICKEY;
 	if (csr_validate_wep(mac_ctx, *uc_cipher, auth_type, mc_enc_type,
-			neg_auth_type, mc_cipher, bss_desc, ies_ptr))
+			bss_desc, ies_ptr))
 		return match;
 	/* It must be open and no enc */
 	if (csr_is_privacy(bss_desc)) {
@@ -5157,26 +5240,24 @@ static bool csr_validate_any_default(tpAniSirGlobal mac_ctx,
  * @mfp_capable:       Device capable of MFP
  * @bss_desc:          BSS Descriptor
  * @ies_ptr:           Pointer to the IE fields
- * @neg_auth_type:     Negotiated Auth type with the AP
- * @neg_uc_cipher:     Negotiated unicast cipher suite
- * @neg_mc_cipher:     Negotiated multicast cipher
+ * @session_id:        Session Id
  *
  * Return: Boolean value to tell if matched or not.
  */
 bool csr_is_security_match(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
-	tCsrEncryptionList *uc_enc_type,
-	tCsrEncryptionList *mc_enc_type, bool *mfp_enabled,
-	uint8_t *mfp_required, uint8_t *mfp_capable,
-	tSirBssDescription *bss_desc, tDot11fBeaconIEs *ies_ptr,
-	eCsrAuthType *neg_auth_type,
-	eCsrEncryptionType *neg_uc_cipher,
-	eCsrEncryptionType *neg_mc_cipher)
+			   tCsrEncryptionList *uc_enc_type,
+			   tCsrEncryptionList *mc_enc_type, bool *mfp_enabled,
+			   uint8_t *mfp_required, uint8_t *mfp_capable,
+			   tSirBssDescription *bss_desc,
+			   tDot11fBeaconIEs *ies_ptr, uint8_t session_id)
 {
 	bool match = false;
 	uint8_t i;
-	eCsrEncryptionType mc_cipher = eCSR_ENCRYPT_TYPE_UNKNOWN;
 	eCsrEncryptionType uc_cipher = eCSR_ENCRYPT_TYPE_UNKNOWN;
-	eCsrAuthType local_neg_auth_type = eCSR_AUTH_TYPE_UNKNOWN;
+	uint16_t ie_len;
+
+	ie_len = (bss_desc->length + sizeof(bss_desc->length) -
+		  GET_FIELD_OFFSET(tSirBssDescription, ieFields));
 
 	for (i = 0; ((i < uc_enc_type->numEntries) && (!match)); i++) {
 		uc_cipher = uc_enc_type->encryptionType[i];
@@ -5188,13 +5269,22 @@ bool csr_is_security_match(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
 		 */
 		switch (uc_cipher) {
 		case eCSR_ENCRYPT_TYPE_NONE:
+#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT
+			if (csr_is_privacy(bss_desc))
+				return false;
+
+			match =	wlan_crypto_check_open_none(mac_ctx->psoc,
+							    session_id);
+#else
 			match = csr_validate_open_none(bss_desc, mc_enc_type,
-					&mc_cipher, auth_type,
-					&local_neg_auth_type);
+						       auth_type);
+#endif
 			break;
 
 		case eCSR_ENCRYPT_TYPE_WEP40_STATICKEY:
 		case eCSR_ENCRYPT_TYPE_WEP104_STATICKEY:
+		case eCSR_ENCRYPT_TYPE_WEP40:
+		case eCSR_ENCRYPT_TYPE_WEP104:
 			/*
 			 * !! might want to check for WEP keys set in the
 			 * Profile.... ? !! don't need to have the privacy bit
@@ -5204,19 +5294,19 @@ bool csr_is_security_match(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
 			 * encryption is not allowed without the Privacy bit
 			 * turned on.
 			 */
-			match = csr_validate_wep(mac_ctx, uc_cipher, auth_type,
-					mc_enc_type, &local_neg_auth_type,
-					&mc_cipher, bss_desc, ies_ptr);
+#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT
+			if (!csr_is_privacy(bss_desc))
+				return false;
 
-			break;
-		/* these are all of the WPA encryption types... */
-		case eCSR_ENCRYPT_TYPE_WEP40:
-		case eCSR_ENCRYPT_TYPE_WEP104:
+			match = wlan_crypto_check_wep(mac_ctx->psoc,
+						      session_id);
+#else
 			match = csr_validate_wep(mac_ctx, uc_cipher, auth_type,
-					mc_enc_type, &local_neg_auth_type,
-					&mc_cipher, bss_desc, ies_ptr);
-			break;
+						 mc_enc_type, bss_desc,
+						 ies_ptr);
+#endif
 
+			break;
 		case eCSR_ENCRYPT_TYPE_TKIP:
 		case eCSR_ENCRYPT_TYPE_AES:
 		case eCSR_ENCRYPT_TYPE_AES_GCMP:
@@ -5225,29 +5315,41 @@ bool csr_is_security_match(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
 				match = false;
 				break;
 			}
+#ifdef WLAN_CONV_CRYPTO_IE_SUPPORT
+			match = wlan_crypto_check_rsn_match(mac_ctx->psoc,
+							    session_id,
+							    (uint8_t *)
+							    &bss_desc->ieFields,
+							    ie_len);
+			if (match)
+				break;
+			match = wlan_crypto_check_wpa_match(mac_ctx->psoc,
+							    session_id,
+							    (uint8_t *)
+							    &bss_desc->ieFields,
+							    ie_len);
+#else
 			/* First check if there is a RSN match */
 			match = csr_is_rsn_match(mac_ctx, auth_type,
 					uc_cipher, mc_enc_type,
 					mfp_enabled, mfp_required,
 					mfp_capable, ies_ptr,
-					&local_neg_auth_type,
-					&mc_cipher);
+					NULL, NULL);
 			/* If not RSN, then check WPA match */
 			if (!match)
 				match = csr_is_wpa_encryption_match(
 						mac_ctx, auth_type,
 						uc_cipher, mc_enc_type,
 						ies_ptr,
-						&local_neg_auth_type,
-						&mc_cipher);
+						NULL, NULL);
+#endif
 			break;
 #ifdef FEATURE_WLAN_WAPI
 		case eCSR_ENCRYPT_TYPE_WPI:     /* WAPI */
 			if (ies_ptr)
 				match = csr_is_wapi_match(mac_ctx, auth_type,
 						uc_cipher, mc_enc_type, ies_ptr,
-						&local_neg_auth_type,
-						&mc_cipher);
+						NULL, NULL);
 			else
 				match = false;
 			break;
@@ -5257,21 +5359,13 @@ bool csr_is_security_match(tpAniSirGlobal mac_ctx, tCsrAuthList *auth_type,
 			match  = csr_validate_any_default(mac_ctx, auth_type,
 					mc_enc_type, mfp_enabled, mfp_required,
 					mfp_capable, ies_ptr,
-					&local_neg_auth_type, bss_desc,
-					&uc_cipher, &mc_cipher);
+					NULL, bss_desc,
+					&uc_cipher, NULL);
 			break;
 		}
 
 	}
 
-	if (match) {
-		if (neg_uc_cipher)
-			*neg_uc_cipher = uc_cipher;
-		if (neg_mc_cipher)
-			*neg_mc_cipher = mc_cipher;
-		if (neg_auth_type)
-			*neg_auth_type = local_neg_auth_type;
-	}
 	return match;
 }