Currently in the driver, we hide 2nd, 3rd and 4th bytes of the
MAC address in GKI builds. Since 2nd and 3rd bytes are needed for
debugging, hide only 4th and 5th bytes of the MAC address.
Change-Id: Ia432bb0d40e0a09b56e581f192a810e727127d3a
CRs-Fixed: 3616774
In present scenario, if AP advertises multiple AKMs(wpa2 PSK + wpa3)
validation of security happens on wpa2 AKMs before validation
on wpa3 AKM and driver downgrades the connection to 11AX even
though the selected AKM is wpa3.
This is due to the negotiated security info in scan entry is updated
with intersected value only after peer create but this variable may
contain multiple AKMs before peer create.
Modify the checks to validate security for 11be connection.
Change-Id: If0c7886062fcf0c483145641e9c3cbf972f1ef13
CRs-Fixed: 3599053
Add support to handle WMI_ROAM_SYNCH_KEY_EVENTID.
WMI_ROAM_SYNCH_KEY_EVENTID is received after roaming to 3 Link
MLO AP when standby link is supported.
Add changes to register handler function pointers and parse
the event.
Change-Id: Iee17560f9f1f3242ef512a550764a9c64319b67f
CRs-Fixed: 3571673
STA is not able to connect to 11be non-WPA3 mode AP.
STA need to decide whether to connect in EHT or not at
the time of connection to AP based on security configuration.
Change-Id: I812f5c322d36ba44f63d4e27b5ec65a2846b3265
CRs-Fixed: 3404747
Change few static crypto API's to global.
Add support to add new crypto entry based on passing the entire
entry structure itself.
Change-Id: Id2e0a46bb8b44a834d17d2a04b0dc28fc881b4e3
CRs-Fixed: 3571796
Currently crypto module is using vdev to get
and delete the crypto key, However there is a need to get
and delete the crypto key based on psoc level.
The change is to use psoc handler for retrieving and deleting
the key.
Change-Id: I4fcf0fd5c7d9d5a579c092c43117594f7d9fc6a3
CRs-Fixed: 3561978
Currently in driver while using QDF_MAC_ADDR_FMT to print mac
address, the mac address reference provided to QDF_MAC_ADDR_REF is
incorrect in some cases and it can cause compilation failure.
So, fix all such instances.
Change-Id: I31aa5abddc3c207b2fd2eb823ac2000f5ed3f0a6
CRs-Fixed: 3563985
The current implementation of the crypto module utilizes
the vdev object for saving and retrieving crypto keys.
However, there is a need to store keys for individual
links in the n-link MLO. To address this requirement,
a proposal has been made to leverage the hashing
framework and store/retrieve keys from the PSoC level.
The change involves leveraging the hashing framework
to save and retrieve keys from the PSoC level.
Change-Id: I9c93545869b0c1d42b2c0e31bc672aa78573be2a
CRs-Fixed: 3549390
This change incorporates support for the hashing framework,
enabling key storage for individual links in the n-link MLO.
The implementation includes the addition of new APIs
specifically designed to accommodate the crypto hashing
framework.
Change-Id: I9305c4a71b8970a8a6037d6d80f11c6139a77bd8
CRs-Fixed: 3498849
At present, the crypto module utilizes the wlan_crypto_comp_priv
structure to store crypto keys. However, there is a need to store
keys for individual links in n-link MLO. To address this requirement
it is proposed to store the key from the vdev level to the psoc level.
This change will allow the reuse of a common structure.
Change-Id: Idc0d8bb11a80b66c7ded5c930ec0560566398890
CRs-Fixed: 3527400
Include WLAN_CRYPTO_KEY_MGMT_FT_SAE_EXT_KEY as an
WPA3 AKM in WLAN_CRYPTO_IS_WPA3()
Change-Id: I3a7fcaf95ad2e132d8c650c3ffce9ba4b9849705
CRs-Fixed: 3512592
Low throughput is seen with interop clients when
set key is issued before wmi_peer_assoc command,
hence avoide key install before wmi_peer_assoc.
We are check here to verify the key install success
or failure.
Change-Id: I553a5ed01165354afc19885b4f62c13632908808
CRs-Fixed: 3274020
Use vdev macaddr instead of bcast addr for GTK/BIGTK PN fetch.
Also, copy back TX PN back to hostapd.
Change-Id: I98fc7a78c194c84de6554a684d3ce14f66772040
CRs-Fixed: 3370635
The wlan_crypto_reset_vdev_params() stub function, used when the
CRYPTO_SET_KEY_CONVERGED feature is not enabled, is misnamed, so
correct the naming.
Change-Id: Iff7db65f61dbec15529832c9db4430f908442645
CRs-Fixed: 3421947
Fix improper naming convention for store_def_keyix_peer
Avoid qdf_export since the function is defined and called
from the same file
Change-Id: I488267eccf521071038958fe85e9c1be90df27b2
CRs-Fixed: 3384714
The kernel-doc script identified some documentation issues in the
umac/cmn_services/crypto folder, so fix them. In addition there are
multiple instances of both the interface and the implementation being
documented, so remove the duplicates, keeping just the interface
documentation.
Change-Id: Ied5bfcdff185d0b144f8c41affb5adcb3b8a5b88
CRs-Fixed: 3394398
RSNXE bits are modified in the recent draft. Rename
WLAN_RSNX_CAPAB_PROT_RANGE_NEG to WLAN_RSNX_CAPAB_URNM_MFPR
and the bit position is changed to 15 instead of 10.
Change-Id: Iebca652a952b338f0533023581ebe45bc0aae452
CRs-Fixed: 3387173
Per the coding style "functions [...] have the opening brace at the
beginning of the next line."
In umac/cmn_services/crypto there are two files that are not
consistently following this style, so fix them.
That will address the following error flagged by the Linux checkpatch
script:
ERROR:OPEN_BRACE: open brace '{' following function definitions go on
the next line
Change-Id: I774e027c594689b8ab4ff49bab5fc0b536d685f6
CRs-Fixed: 3384735
Rx PN error stats for broadcast management frames is being tracked
as a ucast stats. Fix it to be tracked as part of mcast stats.
Change-Id: If76c512107728b792ed6d92d56036325592f0fd1
CRs-Fixed: 3361840
Currently in function wlan_crypto_set_key_req(), as long as
WLAN_CRYPTO_TX_OPS_SET_KEY() isn't NULL, it always returns
QDF_STATUS_SUCCESS irrespective of the real processing result
of setting key request and causes FW assert in below test:
1. DUT work as SAP role
2. Peer STA repeatedly do connect/deauth with very short
time interval
3. When SAP just finish 4-way handshake and supplicant don't
add key to wlan host yet, peer STA send deauth again. Once
deauth is received, wlan host will free peer STA related info.
Just after this, supplicant key setting is arrived, and wlan
host return QDF_STATUS_SUCCESS and wait for completion event
of key setting, like below log:
target_if_crypto_set_key: key_type 0, mac: 7c:c2:c6:32:cb:90
target_if_crypto_set_key: Invalid peer
4. During the waiting time, peer STA trigger connection again,
due to previous key setting isn't still done, it will block
new key setting. And when completion event timeout happen, it
will still call wma_update_set_key() to notify successful key
setting. So when wlan host send WMI_PEER_SET_PARAM_CMDID to
update authenticate state, FW find key isn't still installed
and trigger assert.
Change-Id: Ice1c5dcfbbde394e1271b900ba783fea98493647
CRs-Fixed: 3364767
In order to support AKM24, the max length of KCK is modified to
24 bytes and KEK max length is modified to 32 bytes for
cmd WMI_GTK_OFFLOAD_CMDID.
Change-Id: Ia504a1ce92c80793fc1302fdf03b8d93471d9322
CRs-Fixed: 3305317
In wlan_crypto_global_api.c there are several functions which use a
misspelled term for "nonce" so replace them with the correct spelling.
Change-Id: Iedc65bbad173c5fc398e25730853bc7b36e86b31
CRs-Fixed: 3313801
For STA MLO connection, the AP can send M1 right after assoc
response on assoc link, which will trigger sending keys to FW
for mlo links, but it can happen that wmi_peer_assoc is not
sent for mlo link until this time.
Current code does not have handling for this case.
To solve this, store the link vdev keys and send them once
link vdev is connected.
Change-Id: I882da96280711ca9cfa4d6ba852fda4a8b6d7a77
CRs-Fixed: 3293692
During wlan_crypto_setkey, the mem_alloc for key is done and
all keyidx within WLAN_CRYPTO_MAX_VLANKEYIX are to freed in
crypto_free_key.
Change-Id: Ieae0f9f4eecabe1fb23812a9e436037bb4dad128
CRs-Fixed: 3296394
Use def_tx_keyid for Mcast wep key.
Also reset all the key index in wlan_crypto_free_key once igtk,
bigtk and Ucast/Mcast are freed, so that their values are not
carried to next connection.
Change-Id: I9a1e8715c54f47905889511f983b3127b9b5cfcd
CRs-Fixed: 3297270
Currently, RSNXE capability indexes are defined incorrect.
It seems BIT index is misinterpreted. Correct the same as defined
below in spec(IEEE Std 802.11-2020, 9.4.2.241, Table 9-780).
The Extended RSN Capabilities field, except its first 4 bits, is a
bit field indicating the extended RSN capabilities being advertised
by the STA transmitting the element. The length of the Extended
RSN Capabilities field is a variable n, in octets, as indicated by
the first 4 bits in the field.
Also, add a macro to check if the given akm
is WPA/WPA2 i.e. legacy than WPA3.
Change-Id: I3d8eee15f6734b2364628f699b7829a1edb246f0
CRs-Fixed: 3257715
Supplicant compares AKM(s) in RSN IE of Beacon/Probe response and
AKM on third EAPOL frame received by AP. In the case of multi AKM,
previously Host converts all adaptive 11r AKM(s), if any, present
in RSN IE of Beacon/Probe response to corresponding FT AKM but the
AP(s) which support adaptive 11r (ADAPTIVE_11R_OUI: 0x964000) only
converts first AKM to corresponding FT AKM and sends third EAPOL
frame to DUT. This results in failure in a 4-way handshake in
supplicant due to RSN IE miss-match between RSNIE sent by host
and RSNIE present in third EAPOL frame. Now like AP, the host is
converting only the first AKM to corresponding FT AKM to avoid
RSNIE mismatch in supplicant.
Change-Id: I522c6e313df50c1ef2952ec2e464a107ae739dad
CRs-Fixed: 3230622
Assume AP1 and AP2 are SPMK APs. For SPMK AP(s), Host
should add an entry of an AP in PMK cache table like below in
two cases only:
Case 1. When DUT successfully associated with SPMK supported AP
In this case host update “is_spmk_ap” flag in PMK
table by parsing beacon of associated AP after
successful connection.
Case 2. When DUT successfully roamed to SPMK supported AP
In this case host update “is_spmk_ap” flag in PMK
table by parsing roam sync indication event.
In case of connection with SPMK AP, Host selectively deletes PMK
entry for other SPMK supported AP(s) on basis of “is_spmk_ap”
flag and maintains only one entry for all SPMK AP(s). And host
sends the same single PMK in RSO for further roaming to SPMK AP.
Initially, DUT is connected with AP2. Then Disconnection happens with
AP2 due to NUD failure. After disconnection, the upper layer sends
flush PMK requests for AP1 and AP2. Host deletes old PMK entries for
both APs. Now upper layer sends a set PMK request for AP2. Host adds
AP2 entry in PMK cache table but host does not set "is_spmk_ap" flag
in PMK table for this entry as DUT is not connected to AP2. Now host
receives a connect request for AP1 from the upper layer. DUT
successfully associated with AP1 by performing full SAE authentication.
Host adds an entry for AP1 in the PMK cache table and sets "is_spmk_ap"
flag for AP1 but fails to delete the entry for other SPMK AP(s), here
AP2, from PMK cache table. This is because of "is_spmk_ap" flag is not
set for AP2. At this point of time below is the PMK cache table entry
for SPMK AP(s): The Host PMK cache table has two entries for two SPMK
APs.
BSSID PMK is_spmk_ap flag
AP2 PMK2 0
AP1 PMK1 1
Now FW roams to AP2 using PMK1. Host process roam sync indication for
AP2 and updates "is_spmk_ap" flag for AP2 in the PMK cache table. As
Host has a stale entry for AP2 in the PMK cache table, Host sends AP2’s
PMK (here PMK2) in RSO command which firmware will use for further
roaming but roaming fails due to invalid PMK, as target SPMK AP expects
PMK1 in reassociation request.
To handle these scenarios, FW should send PMK info of roamed AP and
host override stale entry for roamed AP (if any) with roamed AP's PMK
in PMK cache table.
Change-Id: I3c6a49be065e4744e438c2762c103eb3095a2253
CRs-Fixed: 3168078
For IGTK/BIGTK keyix, cipher table is not populated. Retrieve
cipher_type from key structure.
Change-Id: Ic61e66854f91317194ee90f64187fd2b787827b0
CRs-Fixed: 3163335
CLEAR_PARAM failed to clear bit at bit position of "val". This change
correct to ((__param) &= (~(1 << (__val)))).
Change-Id: I20a9203592c0f48c3d2999985edd8ff81f55eb9d
CRs-Fixed: 3137825
Add support to update key management with higher security
after BSS create response.
Also, Currenlty if there are multiple AKM and ucast cipher.
Host overwrites AKM and ucast cipher value with the new one.
Instead of overwrite, add support to do ORing to keep all values.
Change-Id: I679a86debef649efbce1a08b60512d127f7fbbee
CRs-Fixed: 3113222
When validating MMIE, if PN error is found, track it using relevant
statistics. Defined WMI_HOST_RXERR_PN to flag such PN errors.
Change-Id: Icb1fe9a653f67611539b5cb463adfceadedae38e
Issue: On receiving robust bcast mgmt frames, for mmie
mic validation, mic of length 8 could be allocated.
The encrypt function however, always writes mic of length
16 resulting in memory corruption issue.
Fix: Allocate mic of size 16 for wlan_crypto_is_mmie_valid().
This is also corresponding to mic buffer size of 16 in
wlan_crypto_add_mmie().
Change-Id: I870251c0ed4224a7a974dad86f2808af7148be95
CRs-Fixed: 3091165
Move basic IEEE 802.11 field definitions that are not specific to
cryptographic functionality, from a cryptography related header file
to a common header file for IEEE 802.11 definitions so that these can
be used by other 802.11 protocol processing modules. The crypto header
file already includes the common header file, so there is no effective
change in code visibility of the definitions for crypto code.
Change-Id: I439fe818a457cc7694fdb431f5d2c1a7552f2caa
CRs-Fixed: 3059572
For SAE SAP, after full SAE authentication, only pmkid
will be sent down to driver, PMK len is zero.
Driver should accept the set pmksa without PMK.
Add check pmk length checking and if pmk len is zero,
driver allow the set pmksa.
Change-Id: Ic05dee4cce31233dbe6dfced05df54fe8972dd1f
CRs-Fixed: 3042899
