Home Esplora Aiuto
Accedi
samsung-sm8650
/
android_kernel_samsung_sm8650-modules
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

qcacld-3.0: Add mandatory security checks for 6GHz connection

Check the required security types allowed for 6GHz connection and
do not allow the connection if the secutiry check fails.

Change-Id: Ic680c4600b3f17151e42f8708ff8810e5d16e52e
CRs-Fixed: 2715086
Kiran Kumar Lokere 4 anni fa
parent
5356e7c203
commit
be109fb59c
4 ha cambiato i file con 84 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 0
      components/mlme/core/src/wlan_mlme_main.c
  2. 1 0
      components/mlme/dispatcher/inc/wlan_mlme_public_struct.h
  3. 80 1
      core/mac/src/pe/lim/lim_process_sme_req_messages.c
  4. 2 0
      core/sme/src/common/sme_api.c

+ 1 - 0
components/mlme/core/src/wlan_mlme_main.c
Vedi File 

@@ -1110,6 +1110,7 @@ static void mlme_init_he_cap_in_cfg(struct wlan_objmgr_psoc *psoc,
 
 	qdf_mem_zero(he_caps->he_ppet_5g, MLME_HE_PPET_LEN);
 
 	mlme_cfg->he_caps.he_mcs_12_13_supp_2g = 0;
 
 	mlme_cfg->he_caps.he_mcs_12_13_supp_5g = 0;
 
+	mlme_cfg->he_caps.enable_6g_sec_check = false;
 
 }
 
 #else
 
 static void mlme_init_he_cap_in_cfg(struct wlan_objmgr_psoc *psoc,

+ 1 - 0
components/mlme/dispatcher/inc/wlan_mlme_public_struct.h
Vedi File 

@@ -891,6 +891,7 @@ struct wlan_mlme_he_caps {
 
 	uint32_t he_sta_obsspd;
 
 	uint16_t he_mcs_12_13_supp_2g;
 
 	uint16_t he_mcs_12_13_supp_5g;
 
+	bool enable_6g_sec_check;
 
 };
 
 #endif

+ 80 - 1
core/mac/src/pe/lim/lim_process_sme_req_messages.c
Vedi File 

@@ -479,11 +479,80 @@ void lim_strip_he_ies_from_add_ies(struct mac_context *mac_ctx,
 
 	if (status != QDF_STATUS_SUCCESS)
 
 		pe_debug("Failed to strip HE op IE status: %d", status);
 
 }
 
+
 
+static bool lim_is_6g_allowed_sec(struct mac_context *mac,
 
+				  struct pe_session *session)
 
+{
 
+	struct wlan_objmgr_vdev *vdev;
 
+	uint32_t keymgmt;
 
+	uint16_t ie_len;
 
+	bool status = false;
 
+
 
+	if (!mac->mlme_cfg->he_caps.enable_6g_sec_check)
 
+		return true;
 
+
 
+	vdev = wlan_objmgr_get_vdev_by_id_from_psoc(mac->psoc,
 
+						    session->vdev_id,
 
+						    WLAN_LEGACY_SME_ID);
 
+	if (!vdev) {
 
+		pe_err("Invalid vdev");
 
+		return false;
 
+	}
 
+	if (wlan_crypto_check_open_none(mac->psoc, session->vdev_id)) {
 
+		pe_err("open mode sec not allowed for 6G conn");
 
+		return false;
 
+	}
 
+	keymgmt = wlan_crypto_get_param(vdev, WLAN_CRYPTO_PARAM_KEY_MGMT);
 
+	if (!keymgmt ||
 
+	    (keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_NONE |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_SAE |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_FT_SAE |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_FILS_SHA256 |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_FILS_SHA384 |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA256 |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_FT_FILS_SHA384 |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_IEEE8021X_SUITE_B_192 |
 
+			1 << WLAN_CRYPTO_KEY_MGMT_OWE)))
 
+		status = true;
 
+	else
 
+		pe_err("Invalid key_mgmt %0X for 6G connection, vdev %d",
 
+		       keymgmt, session->vdev_id);
 
+
 
+	if (!(keymgmt & (1 << WLAN_CRYPTO_KEY_MGMT_SAE |
 
+			 1 << WLAN_CRYPTO_KEY_MGMT_FT_SAE)))
 
+		return status;
 
+
 
+	ie_len = lim_get_ielen_from_bss_description(
 
+			&session->lim_join_req->bssDescription);
 
+	if (!wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSNXE,
 
+		(uint8_t *)session->lim_join_req->bssDescription.ieFields,
 
+		ie_len)) {
 
+		pe_err("RSNXE IE not present in beacon for 6G conn");
 
+		return false;
 
+	}
 
+
 
+	if (!wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSNXE,
 
+				session->lim_join_req->addIEAssoc.addIEdata,
 
+				session->lim_join_req->addIEAssoc.length)) {
 
+		pe_err("RSNXE IE not present in assoc add IE data for 6G conn");
 
+		return false;
 
+	}
 
+
 
+	return status;
 
+}
 
+
 
 #else
 
 void lim_strip_he_ies_from_add_ies(struct mac_context *mac_ctx,
 
 				   struct pe_session *session)
 
 {
 
 }
 
+
 
+static inline bool lim_is_6g_allowed_sec(struct mac_context *mac,
 
+					 struct pe_session *session)
 
+{
 
+	return false;
 
+}
 
 #endif
 
 
 /**
 
@@ -1381,6 +1450,17 @@ __lim_process_sme_join_req(struct mac_context *mac_ctx, void *msg_buf)
 
 			goto end;
 
 		}
 
 
+		session->encryptType = sme_join_req->UCEncryptionType;
 
+		if (wlan_reg_is_6ghz_chan_freq(session->curr_op_freq)) {
 
+			if (!session->limRmfEnabled ||
 
+			    !lim_is_session_he_capable(session) ||
 
+			    !lim_is_6g_allowed_sec(mac_ctx, session)) {
 
+				pe_err("JOIN_REQ with invalid 6G security");
 
+				ret_code = eSIR_SME_INVALID_PARAMETERS;
 
+				goto end;
 
+			}
 
+
 
+		}
 
 		if (sme_join_req->addIEScan.length)
 
 			qdf_mem_copy(&session->lim_join_req->addIEScan,
 
 				     &sme_join_req->addIEScan,
 
@@ -1417,7 +1497,6 @@ __lim_process_sme_join_req(struct mac_context *mac_ctx, void *msg_buf)
 
 			(void *)&session->rateSet,
 
 			sizeof(tSirMacRateSet));
 
 
-		session->encryptType = sme_join_req->UCEncryptionType;
 
 
 		session->supported_nss_1x1 = sme_join_req->supported_nss_1x1;
 
 		session->vdev_nss = sme_join_req->vdev_nss;

+ 2 - 0
core/sme/src/common/sme_api.c
Vedi File 

@@ -15192,6 +15192,7 @@ void sme_set_he_testbed_def(mac_handle_t mac_handle, uint8_t vdev_id)
 
 	mac_ctx->mlme_cfg->he_caps.dot11_he_cap.dl_mu_mimo_part_bw = 0;
 
 	csr_update_session_he_cap(mac_ctx, session);
 
 
+	mac_ctx->mlme_cfg->he_caps.enable_6g_sec_check = true;
 
 	status = ucfg_mlme_set_enable_bcast_probe_rsp(mac_ctx->psoc, false);
 
 	if (QDF_IS_STATUS_ERROR(status))
 
 		sme_err("Failed not set enable bcast probe resp info, %d",
 
@@ -15222,6 +15223,7 @@ void sme_reset_he_caps(mac_handle_t mac_handle, uint8_t vdev_id)
 
 		mac_ctx->mlme_cfg->he_caps.he_cap_orig;
 
 	csr_update_session_he_cap(mac_ctx, session);
 
 
+	mac_ctx->mlme_cfg->he_caps.enable_6g_sec_check = true;
 
 	status = ucfg_mlme_set_enable_bcast_probe_rsp(mac_ctx->psoc, true);
 
 	if (QDF_IS_STATUS_ERROR(status))
 
 		sme_err("Failed not set enable bcast probe resp info, %d",