WLAN_CRYPTO_RSN_CAP_OCV_SUPPORTED i.e. 0x4000 bit in RSN capability
is set to 1 to indicate that the STA supports operating channel
validation by including Operating Channel Information (OCI) in RSNA
exchanges and validates the information when received from another
STA that indicated this capability.
Change-Id: I8cbe640772c95573461ef2ef54c9e86778fe970f
CRs-Fixed: 2765802
Add support to handle the case where the peer transmits a frame
with HT/VHT/HE control field included.
Change-Id: I2b0d04ffa12a983a6c22e0a0bcbdfffa8fd48dcb
CRs-fixed: 2754234
Replace the lim_default_hmac_sha256_kdf() & lim_create_fils_rik()
API with crypto API since both these API are primarily for
cryptographic derivation of re-authentication integrity key(rIK)
Use the new crypto APIs qdf_default_hmac_sha256_kdf(),
wlan_crypto_create_fils_rik() for this.
Change-Id: I1c8f38ee0124b8b3eb527d4b01d39add134e181b
CRs-Fixed: 2752635
Currently api osif_nl_to_crypto_auth_type is trying to convert
the nl specific auth types to driver specific auth types but
it does not return the correct value, this api always returns
auth type as none as it never updates the return value after
the initialization.
While parsing WPA and WAPI, open authmode and cipher and akm are
set as none by default.
Thus return converted value of the auth type. Also fix the
return type of the akm conversion. Also avoid setting
open authmode and cipher and akm as none while parsing WPA
and WAPI ie.
Change-Id: I260e58a28ddbf6b20a290488e205586a624c9b46
CRs-Fixed: 2725323
Remove cipher_caps from wlan_crypto_reset_prarams as it
is FW capability and should only be set once when vdev
is created.
Change-Id: I8beab7ead2217ead532bfaacc0eea133d90cdd0e
CRs-Fixed: 2716728
For wep mode, when key is received from cfg80211, wlan_crypto_save_key
is called to save the key, then wlan_crypto_default_key is called to
save default key id.
key should be valid when save default key id.
set key as valid after wlan_crypto_save_key
Change-Id: Ic13e311593154911ee21db5172188c7037f429a3
CRs-Fixed: 2654882
Due to commit : I83e8d4c0c8b3ad503aa5894ffdc4a14bc3aeec7a,
while processing set_del_pmk command driver checks pmk_len
to delete pmk. In case if new PMK gets added with 0 lengths,
pmk entry with pmk_len = 0 will never be deleted. It is only
overwritten without freeing due to incorrect logic set_del
pmk logic.
Fix is to modify set and del pmk logic to avoid mem leak.
Change-Id: Idff573d020940dd926d07e1ec4f146eaa1215686
CRs-Fixed: 2696207
Currently only atmost 3 PMK Cache entries are allowed in Host,
which is not equivalent to that of Firmware, as upto 16 max PMK
cache entries are allowed in Firmware.
This change is to support upto 16 PMKID entries in driver as well
Change-Id: I383ca79e284de4913197ca4afec317e8669edd86
CRs-Fixed: 2689482
Currently when supplicant sends set_pmkid_cache (Either after
initial connection or after session timeout with AP) to host to
set the new pmkid derived after the EAP is done. Host deletes
PMK entry only if bssid/ssid matches.
For OKC, the PMK derived from the initially associated AP will
be used for deriving PMKID for all APs. In case of connection with OKC
supported APs, If STA receive session timeout from AP, HOST should
delete older PMK of all APs which have the same PMK. Else While
roaming HOST could send older PMK to OKC supported AP and this
results PMK flush in FW and leads to full EAP.
Change-Id: I83e8d4c0c8b3ad503aa5894ffdc4a14bc3aeec7a
CRs-Fixed: 2679749
For WLAN_CRYPTO_OMAC1_OS_DERIVATIVE and
WLAN_CRYPTO_GCM_OS_DERIVATIVE set use QDF API to calculate MIC
Change-Id: I5971eb39414a292534981753805df6d9beb54be0
CRs-Fixed: 2664275
Add new crypto API to set the single PMK AP flag in
crypto pmksa entry and to clear the BSSID entries in the
crypto pmk cache with the SAE single pmk flag set.
Clear the entries with Sae single pmk flag on connection
and roaming success case. Mark the BSS as Sae pmk capable
after initial connection and roaming if the AP advertises
the VSIE
Change-Id: I42ca0c3a70945f974eec1065661ac0b781096126
CRs-Fixed: 2652936
In wlan_crypto_save_key store igtk def index, bigtk def index and
igtk key type in crypto priv.
Change-Id: I96161a6dd376e7e80f88da00c891d15a5645cfa7
CRs-Fixed: 2661197
Changes to support Beacon protection. Additional key ix 6 and 7
support BIGTK. Update beacon template for Beacon protection support.
CRs-Fixed: 2632290
Change-Id: Ic37d17f5076bb28d2e1f2430da039cc8b9f759b6
As softap, send assoc failure if HT supported client try to associate
as WEP/TKIP pairwise key.
Change-Id: Ie33e5d83ec18e10aae51a4cc3515f754bd24774e
CRs-Fixed: 2623660
For FILS pmksa cache, the pmksa add/del/query is based on SSID
and cache id. The current crypto pmksa cache API dosn't support
SSID and cache ID.
1. Add SSID/Cache ID support to pmksa API
2. Add RSN IE pmkid field based on SSID/cache ID
Change-Id: I1577c6293b75d6f8e6210f314dd83462e06d8190
CRs-Fixed: 2621860
The printk buffer is protected by a global raw spinlock for readers
and writers. This restricts the contexts that are allowed to
access the buffer. So large latencies exists when printing to
kmsg done with QDF trace levels WARN, INFO, ERROR. This results
in roaming KPI for maximum transition time exceeding the expected
100ms.
So change info/err prints to debug prints in roaming path
to reduce delays in roaming time.
Change-Id: I9cdf043da6e88d735ab39812e74ed24784ceede3
CRs-Fixed: 2594867
On rekey, the STA resets it’s PN to 0 but, the
AP sends out pending traffic with old PN values
before it resets the PN as well.
This causes traffic to stall and hence, TSC (transmit
sequence counter) should not be set to zero during rekey.
Instead, obtain last PN number for a non-bss peer while
configuring new key and pass the values to hostap.
Change-Id: I4a604f23944c941c6ade2f57ab03781bc78f7b40
In functions that use key values, reset the local variables (key) to
zero after use to avoid security vulnerability.
Change-Id: I105b1abf7c707102ef99bbe4fa213708039d933e
CRs-fixed: 2581402
Prevent delkey to call crypto_ops for FILS cipher
type, as this keys are not present in FW.
Change-Id: Ica13a62b6822ee3cee40acffa98b7cc1cb122120
CRs-Fixed: 2520517
Reduce the log level from err or info to debug so that logs
are not printed on console.
Change-Id: I0d33c2a8f5b4bb4974656ac0d1eb6713a74cb5f4
CRs-Fixed: 2516287
VLAN group keyix is greater than WLAN_CRYPTO_MAXKEYIDX
Each VLAN will have separate group key in single VAP.
CRs-Fixed: 2490599
Change-Id: I585b2deaa13da337c5df7b55ec8e4672221e4edb
wlan_vdev_get_bsspeer() return bss peer without taking the ref count
of the peer and thus if peer is deleted after wlan_vdev_get_bsspeer()
returns a valid peer, the caller will have stale entry of the peer.
Stale entry of peer can lead to Assert.
Use wlan_objmgr_vdev_try_get_bsspeer API for stats to get the BSS
peer which increment the refcount if peer is valid. With this the
peer won't be deleted till the caller release the ref count of the
peer.
Change-Id: I3690f1309cbc7643ed55d8e903814b06f9d8755f
CRs-Fixed: 2454080
wlan_vdev_get_bsspeer() return bss peer without taking the ref count
of the peer and thus if peer is deleted after wlan_vdev_get_bsspeer()
returns a valid peer, the caller will have stale entry of the peer.
Stale entry of peer can lead to Assert.
Use wlan_objmgr_vdev_try_get_bsspeer API for crypto to get the BSS
peer which increment the refcount if peer is valid. With this the
peer won't be deleted till the caller release the ref count of the
peer.
Change-Id: I5472c80d267a6639acaff2d47dbc09e37963bc93
CRs-Fixed: 2447249
Hostapd requests igtk keys with keyix 4,5.
Adding support to wlan_crypto_getkey to send the igtk keys
for keyix 4,5. In absence of the patch, hostapd getkey
call for igtk keys will fail.
Change-Id: I32cd6b417aae92cf3b3ac17bb72e19b581d21bd6
In wlan_crypto_rsn_info, only need to reject STA with PMF disabled
when PMF is required.
Change-Id: I7a7d4b2d1a2d44a95d08eb6bfac14540940f0be3
CRs-Fixed: 2424932
Currently only STA mode is supported in wlan_crypto_set_del_pmksa.
For SAE SAP, need to add AP mode support in this API.
Change-Id: If45a516713e302b3516d163516263bbcbafeaed2
CRs-Fixed: 2424893
MCL code will need to find the supported mgmt cipher
type from crypto component. Add two api for vdev and
peer for it.
Change-Id: Ic33d4f18a04b48ce4699617569585fd1c2ae6f61
CRs-Fixed: 2421463
In roaming offload, PMK will be sent to firmware.
So,save the PMK to pmkcache when supplicant provide
from os interface.
Change-Id: Ibfd3d354b9150b40755ba2ab1dd90c2e3c6ddbc3
CRs-Fixed: 2420359
Per the Linux Kernel coding style, as enforced by the kernel
checkpatch script, pointers should not be explicitly compared to
NULL. Therefore within umac crypto replace any such comparisons with
logical operations performed on the pointer itself.
Change-Id: Id6edc4aa8bf0fef455c1359dacabd74fc7163e44
CRs-Fixed: 2418253
BKID is part of only assosciation and reassociation
request frames, So include it only for sta mode.
Change-Id: Ic43e20b46154a957a7290cdcc70615247949cba7
CRs-Fixed: 2398256
Added support for pmksa handling in crypto to
support add_pmksa, del_pmksa and
flush_pmksa function calls from cfg80211.
Added support for adding pmkid in rsnie.
Change-Id: Ic8add9635c2e7fd73da21b1305467e6500f6d73c
CRs-Fixed: 2363632
Define WLAN_AKM_SUITE_FT_8021X and WLAN_AKM_SUITE_FT_PSK for kernel version
less then 4.14.
Change-Id: Id5518511bc4f639fff6d1e20bcf0aad973d9ab46
CRs-Fixed: 2362888
