qcacld-3.0: Add support for RSNXE IE for SAE

SAE key derivation requires use of a secret element, PWE. This
element is deterministically discovered by repeatedly hashing
the password with some additional information until the
resulting hash is the abscissa of a point on the elliptic curve
(for ECC) or by exponentiating the hash digest to a constant to
produce an element (for FFC). This "hunting-and-pecking" loop
method is prone to side channel attacks.

To avoid this, a direct hashing to element technique in SAE is
introduced in IEEE P802.11-REVmd/D3.0. Support new RSNX IEEE
as part of the hash to element PWE derivation. The user space
sends the RSNX IE in the connect request.

Add support to save RSNXE from connect request and pack this IE
over SAE assoc request. Also send the IE in assoc IEs in RSO
commands.

Change-Id: I8eb756840400753794b1b80befe3a20f7d7c7705
CRs-Fixed: 2569596

core/hdd/src/wlan_hdd_cfg80211.c

@@ -19563,6 +19563,13 @@ static int wlan_hdd_cfg80211_set_ie(struct hdd_adapter *adapter,
 					return status;
 				break;
 			}
+		case WLAN_ELEMID_RSNXE:
+			hdd_debug("Set RSNXE(len %d)", eLen + 2);
+			status = wlan_hdd_add_assoc_ie(adapter, genie - 2,
+						       eLen + 2);
+			if (status)
+				return status;
+			break;
 		default:
 			hdd_err("Set UNKNOWN IE: %X", elementId);
 			/* when Unknown IE is received we break

core/mac/src/pe/lim/lim_send_management_frames.c

@@ -1791,7 +1791,7 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 	int ret;
 	tDot11fAssocRequest *frm;
 	uint16_t caps;
-	uint8_t *frame;
+	uint8_t *frame, *rsnx_ie = NULL;
 	QDF_STATUS sir_status;
 	tLimMlmAssocCnf assoc_cnf;
 	uint32_t bytes = 0, payload, status;
@@ -1816,7 +1816,7 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 	uint32_t aes_block_size_len = 0;
 	enum rateid min_rid = RATEID_DEFAULT;
 	uint8_t *mbo_ie = NULL, *adaptive_11r_ie = NULL, *vendor_ies = NULL;
-	uint8_t mbo_ie_len = 0, adaptive_11r_ie_len = 0;
+	uint8_t mbo_ie_len = 0, adaptive_11r_ie_len = 0, rsnx_ie_len = 0;
 	struct wlan_objmgr_peer *peer;
 
 	if (!pe_session) {
@@ -2135,6 +2135,25 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 		aes_block_size_len = AES_BLOCK_SIZE;
 	}
 
+	/* RSNX IE for SAE PWE derivation based on H2E */
+	if (wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSNXE, add_ie, add_ie_len)) {
+		rsnx_ie = qdf_mem_malloc(WLAN_MAX_IE_LEN + 2);
+		if (!rsnx_ie)
+			goto end;
+
+		qdf_status = lim_strip_ie(mac_ctx, add_ie, &add_ie_len,
+					  WLAN_ELEMID_RSNXE, ONE_BYTE,
+					  NULL, 0, rsnx_ie, WLAN_MAX_IE_LEN);
+		if (QDF_IS_STATUS_ERROR(qdf_status)) {
+			pe_err("Failed to strip Vendor IEs");
+			goto end;
+		}
+		rsnx_ie_len = rsnx_ie[1] + 2;
+		pe_debug("RSNX_IE added to association request");
+		QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG,
+				   rsnx_ie, rsnx_ie_len);
+	}
+
 	/*
 	 * MBO IE needs to be appendded at the end of the assoc request
 	 * frame and is not parsed and unpacked by the frame parser
@@ -2234,9 +2253,8 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 			status);
 	}
 
-	bytes = payload + sizeof(tSirMacMgmtHdr) +
-			aes_block_size_len + mbo_ie_len + adaptive_11r_ie_len +
-			vendor_ie_len;
+	bytes = payload + sizeof(tSirMacMgmtHdr) + aes_block_size_len +
+		rsnx_ie_len + mbo_ie_len + adaptive_11r_ie_len + vendor_ie_len;
 
 	qdf_status = cds_packet_alloc((uint16_t) bytes, (void **)&frame,
 				(void **)&packet);
@@ -2276,6 +2294,12 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 		pe_warn("Assoc request pack warning (0x%08x)", status);
 	}
 
+	if (rsnx_ie && rsnx_ie_len) {
+		qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) + payload,
+			     rsnx_ie, rsnx_ie_len);
+		payload = payload + rsnx_ie_len;
+	}
+
 	/* Copy the vendor IEs to the end of the frame */
 	qdf_mem_copy(frame + sizeof(tSirMacMgmtHdr) + payload,
 		     vendor_ies, vendor_ie_len);
@@ -2358,6 +2382,7 @@ lim_send_assoc_req_mgmt_frame(struct mac_context *mac_ctx,
 	}
 
 end:
+	qdf_mem_free(rsnx_ie);
 	qdf_mem_free(vendor_ies);
 	qdf_mem_free(mbo_ie);