qcacmn: FILS changes for scan path

Add changes to match FILS realm info present in FILS indication IE
with the connection info.

Change-Id: I1ed6081f3320ecee8f86f7d87597b343230923b3
CRs-Fixed: 2093637

umac/cmn_services/cmn_defs/inc/wlan_cmn_ieee80211.h

@@ -369,6 +369,10 @@ enum extn_element_ie {
 #define WLAN_AKM_FT_PSK           0x04
 #define WLAN_AKM_SHA256_IEEE8021X 0x05
 #define WLAN_AKM_SHA256_PSK       0x06
+#define WLAN_AKM_FILS_SHA256      0x0E
+#define WLAN_AKM_FILS_SHA384      0x0F
+#define WLAN_AKM_FILS_FT_SHA256   0x10
+#define WLAN_AKM_FILS_FT_SHA384   0x11
 
 #define WLAN_ASE_NONE                    0x00
 #define WLAN_ASE_8021X_UNSPEC            0x01
@@ -610,6 +614,35 @@ struct htcap_ie {
 	struct htcap_cmn_ie ie;
 } qdf_packed;
 
+/**
+ * struct fils_indication_ie: FILS indication IE element
+ * @id: id
+ * @len: len
+ * @public_key_identifiers_cnt: public key identifiers count
+ * @realm_identifiers_cnt: realm identifiers count
+ * @is_ip_config_supported: whether ip config is supported in AP
+ * @is_cache_id_present: whether cache identifier is present
+ * @is_hessid_present: whether hessid is present
+ * @is_fils_sk_auth_supported: FILS shared key authentication is supported
+ * @is_fils_sk_auth_pfs_supported: FILS shared key auth with PFS is supported
+ * @is_pk_auth_supported: FILS public key authentication is supported
+ * @reserved: reserved
+ * @variable_data: pointer to data depends on initial variables
+ */
+struct fils_indication_ie {
+	uint8_t id;
+	uint8_t len;
+	uint16_t public_key_identifiers_cnt:3;
+	uint16_t realm_identifiers_cnt:3;
+	uint16_t is_ip_config_supported:1;
+	uint16_t is_cache_id_present:1;
+	uint16_t is_hessid_present:1;
+	uint16_t is_fils_sk_auth_supported:1;
+	uint16_t is_fils_sk_auth_pfs_supported:1;
+	uint16_t is_pk_auth_supported:1;
+	uint16_t reserved:4;
+	uint8_t variable_data[255];
+} qdf_packed;
 
 /**
  * struct wlan_vendor_ie_htcap: vendor private HT Capability IE

umac/cmn_services/inc/wlan_cmn.h

@@ -282,6 +282,10 @@ enum wlan_pmf_cap {
  * @WLAN_AUTH_TYPE_CCKM_RSN: CCKM RSN
  * @WLAN_AUTH_TYPE_RSN_PSK_SHA256: SHA256 PSK
  * @WLAN_AUTH_TYPE_RSN_8021X_SHA256: SHA256 Enterprise
+ * @WLAN_AUTH_TYPE_FILS_SHA256: FILS SHA256
+ * @WLAN_AUTH_TYPE_FILS_SHA384: FILS SHA384
+ * @WLAN_AUTH_TYPE_FT_FILS_SHA256: FILS SHA256 for 11r
+ * @WLAN_AUTH_TYPE_FT_FILS_SHA384: FILS SHA384 for 11r
  * @WLAN_NUM_OF_SUPPORT_AUTH_TYPE: Max no of Auth type
  */
 enum wlan_auth_type {
@@ -301,6 +305,11 @@ enum wlan_auth_type {
 	WLAN_AUTH_TYPE_CCKM_RSN,
 	WLAN_AUTH_TYPE_RSN_PSK_SHA256,
 	WLAN_AUTH_TYPE_RSN_8021X_SHA256,
+	WLAN_AUTH_TYPE_FILS_SHA256,
+	WLAN_AUTH_TYPE_FILS_SHA384,
+	WLAN_AUTH_TYPE_FT_FILS_SHA256,
+	WLAN_AUTH_TYPE_FT_FILS_SHA384,
+
 	WLAN_NUM_OF_SUPPORT_AUTH_TYPE,
 };
 

umac/scan/core/src/wlan_scan_cache_db_ops.c

@@ -598,6 +598,46 @@ static bool scm_is_rsn_security(struct scan_filter *filter,
 		 * Ciphers are supported, Match authentication algorithm and
 		 * pick first matching authtype.
 		 */
+		if (scm_is_cipher_match(rsn.akm_suites,
+		   rsn.akm_suite_count,
+		   WLAN_RSN_SEL(WLAN_AKM_FILS_FT_SHA384))) {
+			if (WLAN_AUTH_TYPE_FT_FILS_SHA384 ==
+			   filter->auth_type[i]) {
+				neg_auth = WLAN_AUTH_TYPE_FT_FILS_SHA384;
+				match = true;
+				break;
+			}
+		}
+		if (scm_is_cipher_match(rsn.akm_suites,
+		   rsn.akm_suite_count,
+		   WLAN_RSN_SEL(WLAN_AKM_FILS_FT_SHA256))) {
+			if (WLAN_AUTH_TYPE_FT_FILS_SHA256 ==
+			   filter->auth_type[i]) {
+				neg_auth = WLAN_AUTH_TYPE_FT_FILS_SHA256;
+				match = true;
+				break;
+			}
+		}
+		if (scm_is_cipher_match(rsn.akm_suites,
+		   rsn.akm_suite_count,
+		   WLAN_RSN_SEL(WLAN_AKM_FILS_SHA384))) {
+			if (WLAN_AUTH_TYPE_FILS_SHA384 ==
+			   filter->auth_type[i]) {
+				neg_auth = WLAN_AUTH_TYPE_FILS_SHA384;
+				match = true;
+				break;
+			}
+		}
+		if (scm_is_cipher_match(rsn.akm_suites,
+		   rsn.akm_suite_count,
+		   WLAN_RSN_SEL(WLAN_AKM_FILS_SHA256))) {
+			if (WLAN_AUTH_TYPE_FILS_SHA256 ==
+			   filter->auth_type[i]) {
+				neg_auth = WLAN_AUTH_TYPE_FILS_SHA256;
+				match = true;
+				break;
+			}
+		}
 		if (scm_is_cipher_match(rsn.akm_suites,
 		   rsn.akm_suite_count,
 		   WLAN_RSN_SEL(WLAN_AKM_FT_IEEE8021X))) {
@@ -919,6 +959,51 @@ static bool scm_is_def_security(struct scan_filter *filter,
 	return match;
 }
 
+/**
+ * scm_is_fils_config_match() - Check if FILS config matches
+ * @filter: scan filter
+ * @db_entry: db entry
+ *
+ * Return: true if FILS config matches else false
+ */
+static bool scm_is_fils_config_match(struct scan_filter *filter,
+	struct scan_cache_entry *db_entry)
+{
+	int i;
+	struct fils_indication_ie *indication_ie;
+	uint8_t *data;
+
+	if (!filter->fils_scan_filter.realm_check)
+		return true;
+
+	if (!db_entry->ie_list.fils_indication)
+		return false;
+
+
+	indication_ie =
+		(struct fils_indication_ie *) db_entry->ie_list.fils_indication;
+
+	data = indication_ie->variable_data;
+	if (indication_ie->is_cache_id_present)
+		data += CACHE_IDENTIFIER_LEN;
+
+	if (indication_ie->is_hessid_present)
+		data += HESSID_LEN;
+
+	for (i = 1; i <= indication_ie->realm_identifiers_cnt; i++) {
+		if (!qdf_mem_cmp(filter->fils_scan_filter.fils_realm,
+				 data, REAM_HASH_LEN))
+			return true;
+		/* Max realm count reached */
+		if (indication_ie->realm_identifiers_cnt == i)
+			break;
+		else
+			data = data + REAM_HASH_LEN;
+	}
+
+	return false;
+}
+
 /**
  * scm_is_security_match() - Check if security in filter match
  * @filter: scan filter
@@ -1068,6 +1153,10 @@ bool scm_filter_match(struct wlan_objmgr_psoc *psoc,
 	   !db_entry->ie_list.wmeparam)
 		return false;
 
+	/* Match realm */
+	if (!scm_is_fils_config_match(filter, db_entry))
+		return false;
+
 	if (!util_country_code_match(filter->country,
 	   db_entry->ie_list.country))
 		return false;

umac/scan/dispatcher/inc/wlan_scan_public_structs.h

@@ -337,6 +337,22 @@ struct roam_filter_params {
 #define WLAN_SCAN_FILTER_NUM_SSID 5
 #define WLAN_SCAN_FILTER_NUM_BSSID 5
 
+#define REAM_HASH_LEN 2
+#define CACHE_IDENTIFIER_LEN 2
+#define HESSID_LEN 6
+
+/**
+ * struct fils_filter_info: FILS info present in scan filter
+ * @realm_check: whether realm check is required
+ * @fils_realm: realm hash value
+ * @security_type: type of security supported
+ */
+struct fils_filter_info {
+	bool realm_check;
+	uint8_t fils_realm[REAM_HASH_LEN];
+	uint8_t security_type;
+};
+
 /**
  * @age_threshold: If set return entry which are newer than the age_threshold
  * @p2p_results: If only p2p entries is required
@@ -368,6 +384,7 @@ struct roam_filter_params {
  * @enc_type: unicast enc type list
  * @mc_enc_type: multicast cast enc type list
  * @pcl_channel_list: PCL channel list
+ * @fils_scan_filter: FILS info
  */
 struct scan_filter {
 	uint32_t age_threshold;
@@ -397,6 +414,7 @@ struct scan_filter {
 	enum wlan_enc_type enc_type[WLAN_NUM_OF_ENCRYPT_TYPE];
 	enum wlan_enc_type mc_enc_type[WLAN_NUM_OF_ENCRYPT_TYPE];
 	uint8_t pcl_channel_list[QDF_MAX_NUM_CHAN];
+	struct fils_filter_info fils_scan_filter;
 };