Add support to handle WMI_ROAM_SYNCH_KEY_EVENTID.
WMI_ROAM_SYNCH_KEY_EVENTID is received after roaming to 3 Link
MLO AP when standby link is supported.
Add changes to register handler function pointers and parse
the event.
Change-Id: Iee17560f9f1f3242ef512a550764a9c64319b67f
CRs-Fixed: 3571673
Change few static crypto API's to global.
Add support to add new crypto entry based on passing the entire
entry structure itself.
Change-Id: Id2e0a46bb8b44a834d17d2a04b0dc28fc881b4e3
CRs-Fixed: 3571796
Currently crypto module is using vdev to get
and delete the crypto key, However there is a need to get
and delete the crypto key based on psoc level.
The change is to use psoc handler for retrieving and deleting
the key.
Change-Id: I4fcf0fd5c7d9d5a579c092c43117594f7d9fc6a3
CRs-Fixed: 3561978
Currently in driver while using QDF_MAC_ADDR_FMT to print mac
address, the mac address reference provided to QDF_MAC_ADDR_REF is
incorrect in some cases and it can cause compilation failure.
So, fix all such instances.
Change-Id: I31aa5abddc3c207b2fd2eb823ac2000f5ed3f0a6
CRs-Fixed: 3563985
The current implementation of the crypto module utilizes
the vdev object for saving and retrieving crypto keys.
However, there is a need to store keys for individual
links in the n-link MLO. To address this requirement,
a proposal has been made to leverage the hashing
framework and store/retrieve keys from the PSoC level.
The change involves leveraging the hashing framework
to save and retrieve keys from the PSoC level.
Change-Id: I9c93545869b0c1d42b2c0e31bc672aa78573be2a
CRs-Fixed: 3549390
This change incorporates support for the hashing framework,
enabling key storage for individual links in the n-link MLO.
The implementation includes the addition of new APIs
specifically designed to accommodate the crypto hashing
framework.
Change-Id: I9305c4a71b8970a8a6037d6d80f11c6139a77bd8
CRs-Fixed: 3498849
At present, the crypto module utilizes the wlan_crypto_comp_priv
structure to store crypto keys. However, there is a need to store
keys for individual links in n-link MLO. To address this requirement
it is proposed to store the key from the vdev level to the psoc level.
This change will allow the reuse of a common structure.
Change-Id: Idc0d8bb11a80b66c7ded5c930ec0560566398890
CRs-Fixed: 3527400
Low throughput is seen with interop clients when
set key is issued before wmi_peer_assoc command,
hence avoide key install before wmi_peer_assoc.
We are check here to verify the key install success
or failure.
Change-Id: I553a5ed01165354afc19885b4f62c13632908808
CRs-Fixed: 3274020
Use vdev macaddr instead of bcast addr for GTK/BIGTK PN fetch.
Also, copy back TX PN back to hostapd.
Change-Id: I98fc7a78c194c84de6554a684d3ce14f66772040
CRs-Fixed: 3370635
Fix improper naming convention for store_def_keyix_peer
Avoid qdf_export since the function is defined and called
from the same file
Change-Id: I488267eccf521071038958fe85e9c1be90df27b2
CRs-Fixed: 3384714
The kernel-doc script identified some documentation issues in the
umac/cmn_services/crypto folder, so fix them. In addition there are
multiple instances of both the interface and the implementation being
documented, so remove the duplicates, keeping just the interface
documentation.
Change-Id: Ied5bfcdff185d0b144f8c41affb5adcb3b8a5b88
CRs-Fixed: 3394398
Per the coding style "functions [...] have the opening brace at the
beginning of the next line."
In umac/cmn_services/crypto there are two files that are not
consistently following this style, so fix them.
That will address the following error flagged by the Linux checkpatch
script:
ERROR:OPEN_BRACE: open brace '{' following function definitions go on
the next line
Change-Id: I774e027c594689b8ab4ff49bab5fc0b536d685f6
CRs-Fixed: 3384735
Rx PN error stats for broadcast management frames is being tracked
as a ucast stats. Fix it to be tracked as part of mcast stats.
Change-Id: If76c512107728b792ed6d92d56036325592f0fd1
CRs-Fixed: 3361840
Currently in function wlan_crypto_set_key_req(), as long as
WLAN_CRYPTO_TX_OPS_SET_KEY() isn't NULL, it always returns
QDF_STATUS_SUCCESS irrespective of the real processing result
of setting key request and causes FW assert in below test:
1. DUT work as SAP role
2. Peer STA repeatedly do connect/deauth with very short
time interval
3. When SAP just finish 4-way handshake and supplicant don't
add key to wlan host yet, peer STA send deauth again. Once
deauth is received, wlan host will free peer STA related info.
Just after this, supplicant key setting is arrived, and wlan
host return QDF_STATUS_SUCCESS and wait for completion event
of key setting, like below log:
target_if_crypto_set_key: key_type 0, mac: 7c:c2:c6:32:cb:90
target_if_crypto_set_key: Invalid peer
4. During the waiting time, peer STA trigger connection again,
due to previous key setting isn't still done, it will block
new key setting. And when completion event timeout happen, it
will still call wma_update_set_key() to notify successful key
setting. So when wlan host send WMI_PEER_SET_PARAM_CMDID to
update authenticate state, FW find key isn't still installed
and trigger assert.
Change-Id: Ice1c5dcfbbde394e1271b900ba783fea98493647
CRs-Fixed: 3364767
In order to support AKM24, the max length of KCK is modified to
24 bytes and KEK max length is modified to 32 bytes for
cmd WMI_GTK_OFFLOAD_CMDID.
Change-Id: Ia504a1ce92c80793fc1302fdf03b8d93471d9322
CRs-Fixed: 3305317
In wlan_crypto_global_api.c there are several functions which use a
misspelled term for "nonce" so replace them with the correct spelling.
Change-Id: Iedc65bbad173c5fc398e25730853bc7b36e86b31
CRs-Fixed: 3313801
During wlan_crypto_setkey, the mem_alloc for key is done and
all keyidx within WLAN_CRYPTO_MAX_VLANKEYIX are to freed in
crypto_free_key.
Change-Id: Ieae0f9f4eecabe1fb23812a9e436037bb4dad128
CRs-Fixed: 3296394
Use def_tx_keyid for Mcast wep key.
Also reset all the key index in wlan_crypto_free_key once igtk,
bigtk and Ucast/Mcast are freed, so that their values are not
carried to next connection.
Change-Id: I9a1e8715c54f47905889511f983b3127b9b5cfcd
CRs-Fixed: 3297270
Supplicant compares AKM(s) in RSN IE of Beacon/Probe response and
AKM on third EAPOL frame received by AP. In the case of multi AKM,
previously Host converts all adaptive 11r AKM(s), if any, present
in RSN IE of Beacon/Probe response to corresponding FT AKM but the
AP(s) which support adaptive 11r (ADAPTIVE_11R_OUI: 0x964000) only
converts first AKM to corresponding FT AKM and sends third EAPOL
frame to DUT. This results in failure in a 4-way handshake in
supplicant due to RSN IE miss-match between RSNIE sent by host
and RSNIE present in third EAPOL frame. Now like AP, the host is
converting only the first AKM to corresponding FT AKM to avoid
RSNIE mismatch in supplicant.
Change-Id: I522c6e313df50c1ef2952ec2e464a107ae739dad
CRs-Fixed: 3230622
Assume AP1 and AP2 are SPMK APs. For SPMK AP(s), Host
should add an entry of an AP in PMK cache table like below in
two cases only:
Case 1. When DUT successfully associated with SPMK supported AP
In this case host update “is_spmk_ap” flag in PMK
table by parsing beacon of associated AP after
successful connection.
Case 2. When DUT successfully roamed to SPMK supported AP
In this case host update “is_spmk_ap” flag in PMK
table by parsing roam sync indication event.
In case of connection with SPMK AP, Host selectively deletes PMK
entry for other SPMK supported AP(s) on basis of “is_spmk_ap”
flag and maintains only one entry for all SPMK AP(s). And host
sends the same single PMK in RSO for further roaming to SPMK AP.
Initially, DUT is connected with AP2. Then Disconnection happens with
AP2 due to NUD failure. After disconnection, the upper layer sends
flush PMK requests for AP1 and AP2. Host deletes old PMK entries for
both APs. Now upper layer sends a set PMK request for AP2. Host adds
AP2 entry in PMK cache table but host does not set "is_spmk_ap" flag
in PMK table for this entry as DUT is not connected to AP2. Now host
receives a connect request for AP1 from the upper layer. DUT
successfully associated with AP1 by performing full SAE authentication.
Host adds an entry for AP1 in the PMK cache table and sets "is_spmk_ap"
flag for AP1 but fails to delete the entry for other SPMK AP(s), here
AP2, from PMK cache table. This is because of "is_spmk_ap" flag is not
set for AP2. At this point of time below is the PMK cache table entry
for SPMK AP(s): The Host PMK cache table has two entries for two SPMK
APs.
BSSID PMK is_spmk_ap flag
AP2 PMK2 0
AP1 PMK1 1
Now FW roams to AP2 using PMK1. Host process roam sync indication for
AP2 and updates "is_spmk_ap" flag for AP2 in the PMK cache table. As
Host has a stale entry for AP2 in the PMK cache table, Host sends AP2’s
PMK (here PMK2) in RSO command which firmware will use for further
roaming but roaming fails due to invalid PMK, as target SPMK AP expects
PMK1 in reassociation request.
To handle these scenarios, FW should send PMK info of roamed AP and
host override stale entry for roamed AP (if any) with roamed AP's PMK
in PMK cache table.
Change-Id: I3c6a49be065e4744e438c2762c103eb3095a2253
CRs-Fixed: 3168078
For IGTK/BIGTK keyix, cipher table is not populated. Retrieve
cipher_type from key structure.
Change-Id: Ic61e66854f91317194ee90f64187fd2b787827b0
CRs-Fixed: 3163335
CLEAR_PARAM failed to clear bit at bit position of "val". This change
correct to ((__param) &= (~(1 << (__val)))).
Change-Id: I20a9203592c0f48c3d2999985edd8ff81f55eb9d
CRs-Fixed: 3137825
When validating MMIE, if PN error is found, track it using relevant
statistics. Defined WMI_HOST_RXERR_PN to flag such PN errors.
Change-Id: Icb1fe9a653f67611539b5cb463adfceadedae38e
Issue: On receiving robust bcast mgmt frames, for mmie
mic validation, mic of length 8 could be allocated.
The encrypt function however, always writes mic of length
16 resulting in memory corruption issue.
Fix: Allocate mic of size 16 for wlan_crypto_is_mmie_valid().
This is also corresponding to mic buffer size of 16 in
wlan_crypto_add_mmie().
Change-Id: I870251c0ed4224a7a974dad86f2808af7148be95
CRs-Fixed: 3091165
Move basic IEEE 802.11 field definitions that are not specific to
cryptographic functionality, from a cryptography related header file
to a common header file for IEEE 802.11 definitions so that these can
be used by other 802.11 protocol processing modules. The crypto header
file already includes the common header file, so there is no effective
change in code visibility of the definitions for crypto code.
Change-Id: I439fe818a457cc7694fdb431f5d2c1a7552f2caa
CRs-Fixed: 3059572
For SAE SAP, after full SAE authentication, only pmkid
will be sent down to driver, PMK len is zero.
Driver should accept the set pmksa without PMK.
Add check pmk length checking and if pmk len is zero,
driver allow the set pmksa.
Change-Id: Ic05dee4cce31233dbe6dfced05df54fe8972dd1f
CRs-Fixed: 3042899
Validate the SSID & cache ID if SSID length is present in the
pmksa entry, as in FILS case only SSID and cache id are filled
and BSSID is not filled.
So validate the BSSID only if the SSID is not present.
Change-Id: Ia0a31f953869f00495fad597bb564ec706425312
CRs-Fixed: 3051530
The 11r roaming is not happening when PMF disabled STA is trying to
roam from PMF disabled AP to PMF optinally configured(ieee80211w=1)
AP which is due to candidate_list is not found because of mgmt
ciphers mismatch (the PMF disabled mgmt cipher is None(1<<17) and PMF
optional AP's mgmt cipher is CMAC(1<<6)) happening while comparing
security params and is due to mgmt cipher value is reset to None(17)
after STA connected to AP.
So, Added changes to reset the mgmt cipher value to zero. Also, added
changes to reset the keymgmt to 0 instead of None since this is
missing in earlier implementation.
Change-Id: I9f24a215011b4984937e98225bcb3975bc3f685f
Ideally, the validation of keys have to be done before
ol_getpn() is called to make sure the correct keys are
fetched and to avoid default key values being set.
Earlier, the key validation was done after ol_getpn()
function was called. This change reorders the ol_getpn()
to be called after the key validation.
Change-Id: I5be95b66b19228e2e9d1bca808b294a6b9b01935
Add parameter 'bool sync' for wlan_cfg80211_crypto_add_key()
to indicate whether or not to add key synchronously.
If it's set to true, wait until install key complete event
is received.
Change-Id: I9a69d486665fb3f65a5720ccfbfb638c09329418
CRs-Fixed: 2865832
In SAP case, external authentication(offloaded SAE authentication
to userspace) status event carries only PMKID to allow/disallow
peers to do PMKID+open auth based connection once the peers are
already SAE authenticated.
A check is added on the PMK length with the below change,
change: Ic41c2044e70f8d375130ef9e0af9fe4b83027c26. It rejects the
PMKID update to the pmk cache if the PMK length is 0. It's not
allowing to cache PMKID derived as part of SAE authentication.
There is no need to cache the PMK in SAE case as it won't be
used internally by driver or won't even be sent to firmware.
So, don't add any check and allow PMKID only entries also to
facilitate PMK caching mechanism in SAE SAP.
Change-Id: Ibd72975e91d93af9665c392b4e7a708a5f9c336a
CRs-Fixed: 2967752
Removed unused API for open and WEP check, as the logic, to check
open and WEP mode is not valid. If required proper API can
be added later.
Change-Id: Ia57bc28d40a70c8bd3b908400126c9741080a5fd
CRs-Fixed: 2949965
The value of req->crypto.mgmt_ciphers is bit mask
of wlan_crypto_cipher_type, but the API
wlan_crypto_set_mgmtcipher expects the enum value of
wlan_crypto_cipher_type at present.
Fix by change wlan_crypto_set_mgmtcipher to use bit
mask of mgmt cipher type.
Change-Id: I2d262bbe3f47e41635097ef8ce5722a2baa38001
CRs-Fixed: 2946164
AP sets multiple AKM suites in RSN information of beacon
or unicast probe response. In case if the invalid or
unsupported AKM/unicast cipher suite present in the AKM
suite list, the driver detects it as wrong RSN IE and
drops it. This results Device driver doesn't send
authentication to initiate a connection to that AP even
one or more than one valid AKM suites present in RSN IE.
Ideally, the driver should able to initiate connection if
at least one AKM/unicast cipher is valid and supported in
AKM suite list.
Change-Id: I8ed525e3945e4e437d15b496c80b1ad2aef4cb65
CRs-Fixed: 2948248
Access wlan_crypto_cipher structure if the key and cipher_table's
are valid. Also, added changes to avoid dangling pointer accessing
after deleting key.
Change-Id: Ia9a5942c9597f03eb1707d149797f33760eeac21
