diff options
| author | Rajasekaran Kalidoss <rkalidos@codeaurora.org> | 2017-06-08 21:14:41 +0530 |
|---|---|---|
| committer | snandini <snandini@codeaurora.org> | 2017-06-21 04:20:10 -0700 |
| commit | 777c4b2ae08696d4fdc265d0e7b608567014e160 (patch) | |
| tree | da45ccc37e50865f49cf6840dfe306f54dcf5676 | |
| parent | d4cc20b5f52e7a361fc7db088a6f914fc664a814 (diff) | |
qcacld-2.0: Changes to support FILS AKMs
Add changes to support and parse AKM required for FILS support.
CRs-Fixed: 2033938
Change-Id: I9f94c9dde420584657ee404f4e23864e3ef672fe
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_assoc.c | 87 | ||||
| -rw-r--r-- | CORE/HDD/src/wlan_hdd_cfg80211.c | 8 | ||||
| -rw-r--r-- | CORE/SME/inc/csrApi.h | 6 | ||||
| -rw-r--r-- | CORE/SME/src/csr/csrUtil.c | 168 |
4 files changed, 255 insertions, 14 deletions
diff --git a/CORE/HDD/src/wlan_hdd_assoc.c b/CORE/HDD/src/wlan_hdd_assoc.c index 68e0d7618ded..8a16b9b46575 100644 --- a/CORE/HDD/src/wlan_hdd_assoc.c +++ b/CORE/HDD/src/wlan_hdd_assoc.c @@ -106,6 +106,13 @@ v_U8_t ccpRSNOui07[ HDD_RSN_OUI_SIZE ] = { 0x00, 0x0F, 0xAC, 0x06 }; // RSN-PSK- v_U8_t ccpRSNOui08[ HDD_RSN_OUI_SIZE ] = { 0x00, 0x0F, 0xAC, 0x05 }; #endif +#ifdef WLAN_FEATURE_FILS_SK +uint8_t ccp_rsn_oui_0e[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x0E}; +uint8_t ccp_rsn_oui_0f[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x0F}; +uint8_t ccp_rsn_oui_10[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x10}; +uint8_t ccp_rsn_oui_11[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x11}; +#endif + #if defined(WLAN_FEATURE_VOWIFI_11R) // Offset where the EID-Len-IE, start. #define FT_ASSOC_RSP_IES_OFFSET 6 /* Capability(2) + AID(2) + Status Code(2)*/ @@ -4310,9 +4317,37 @@ hdd_smeRoamCallback(void *pContext, tCsrRoamInfo *pRoamInfo, tANI_U32 roamId, } return( halStatus ); } + +#ifdef WLAN_FEATURE_FILS_SK +/** + * hdd_translate_fils_rsn_to_csr_auth() - Translate FILS RSN to CSR auth type + * @auth_suite: auth suite + * @auth_type: pointer to eCsrAuthType + * + * Return: None + */ +static void hdd_translate_fils_rsn_to_csr_auth(u_int8_t auth_suite[4], + eCsrAuthType *auth_type) +{ + if (!memcmp(auth_suite, ccp_rsn_oui_0e, 4)) + *auth_type = eCSR_AUTH_TYPE_FILS_SHA256; + else if (!memcmp(auth_suite, ccp_rsn_oui_0f, 4)) + *auth_type = eCSR_AUTH_TYPE_FILS_SHA384; + else if (!memcmp(auth_suite, ccp_rsn_oui_10, 4)) + *auth_type = eCSR_AUTH_TYPE_FT_FILS_SHA256; + else if (!memcmp(auth_suite, ccp_rsn_oui_11, 4)) + *auth_type = eCSR_AUTH_TYPE_FT_FILS_SHA384; +} +#else +static inline void hdd_translate_fils_rsn_to_csr_auth(u_int8_t auth_suite[4], + eCsrAuthType *auth_type) +{ +} +#endif + eCsrAuthType hdd_TranslateRSNToCsrAuthType( u_int8_t auth_suite[4]) { - eCsrAuthType auth_type; + eCsrAuthType auth_type = eCSR_AUTH_TYPE_UNKNOWN; // is the auth type supported? if ( memcmp(auth_suite , ccpRSNOui01, 4) == 0) { @@ -4350,16 +4385,17 @@ eCsrAuthType hdd_TranslateRSNToCsrAuthType( u_int8_t auth_suite[4]) auth_type = eCSR_AUTH_TYPE_RSN_8021X_SHA256; } else #endif - { - auth_type = eCSR_AUTH_TYPE_UNKNOWN; - } + /* If auth suite is of fils, auth_type will be + * overwritten in hdd_translate_fils_rsn_to_csr_auth + */ + hdd_translate_fils_rsn_to_csr_auth(auth_suite, &auth_type); return auth_type; } eCsrAuthType hdd_TranslateWPAToCsrAuthType(u_int8_t auth_suite[4]) { - eCsrAuthType auth_type; + eCsrAuthType auth_type = eCSR_AUTH_TYPE_UNKNOWN; // is the auth type supported? if ( memcmp(auth_suite , ccpWpaOui01, 4) == 0) { @@ -4375,9 +4411,11 @@ hdd_TranslateWPAToCsrAuthType(u_int8_t auth_suite[4]) auth_type = eCSR_AUTH_TYPE_CCKM_WPA; } else #endif /* FEATURE_WLAN_ESE */ - { - auth_type = eCSR_AUTH_TYPE_UNKNOWN; - } + /* If auth suite is of fils, auth_type will be + * overwritten in hdd_translate_fils_rsn_to_csr_auth + */ + hdd_translate_fils_rsn_to_csr_auth(auth_suite, &auth_type); + hddLog(LOG1, FL("auth_type: %d"), auth_type); return auth_type; } @@ -4668,6 +4706,32 @@ int hdd_SetGENIEToCsr( hdd_adapter_t *pAdapter, eCsrAuthType *RSNAuthType) } return 0; } + +#ifdef WLAN_FEATURE_FILS_SK +/** + * hdd_check_fils_rsn_n_set_auth_type() - This API checks whether a give + * auth type is fils if yes, sets it in profile. + * @rsn_auth_type: auth type + * + * Return: true if FILS auth else false + */ +static bool hdd_check_fils_rsn_n_set_auth_type(tCsrRoamProfile *roam_profile, + eCsrAuthType rsn_auth_type) +{ + bool is_fils_rsn = false; + + if ((rsn_auth_type == eCSR_AUTH_TYPE_FILS_SHA256) || + (rsn_auth_type == eCSR_AUTH_TYPE_FILS_SHA384) || + (rsn_auth_type == eCSR_AUTH_TYPE_FT_FILS_SHA256) || + (rsn_auth_type == eCSR_AUTH_TYPE_FT_FILS_SHA384)) + is_fils_rsn = true; + if (is_fils_rsn) + roam_profile->fils_con_info->akm_type = rsn_auth_type; + + return is_fils_rsn; +} +#endif + int hdd_set_csr_auth_type ( hdd_adapter_t *pAdapter, eCsrAuthType RSNAuthType) { hdd_wext_state_t *pWextState = WLAN_HDD_GET_WEXT_STATE_PTR(pAdapter); @@ -4749,7 +4813,12 @@ int hdd_set_csr_auth_type ( hdd_adapter_t *pAdapter, eCsrAuthType RSNAuthType) eCSR_AUTH_TYPE_RSN_8021X_SHA256; } else #endif - +#ifdef WLAN_FEATURE_FILS_SK + if (hdd_check_fils_rsn_n_set_auth_type(pRoamProfile, RSNAuthType)) { + pRoamProfile->AuthType.authType[0] = RSNAuthType; + hddLog(LOG1, "updated profile authtype as %d", RSNAuthType); + } else +#endif if( (pWextState->authKeyMgmt & IW_AUTH_KEY_MGMT_802_1X) == IW_AUTH_KEY_MGMT_802_1X) { pRoamProfile->AuthType.authType[0] = eCSR_AUTH_TYPE_RSN; diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c index 62ffd424a8fe..b2fa465be3bb 100644 --- a/CORE/HDD/src/wlan_hdd_cfg80211.c +++ b/CORE/HDD/src/wlan_hdd_cfg80211.c @@ -22075,6 +22075,14 @@ static int wlan_hdd_set_akm_suite( hdd_adapter_t *pAdapter, __func__); pWextState->authKeyMgmt |= IW_AUTH_KEY_MGMT_802_1X; break; +#if defined(WLAN_FEATURE_FILS_SK) && defined(CFG80211_FILS_SK_OFFLOAD_SUPPORT) + case WLAN_AKM_SUITE_FILS_SHA256: + case WLAN_AKM_SUITE_FILS_SHA384: + case WLAN_AKM_SUITE_FT_FILS_SHA256: + case WLAN_AKM_SUITE_FT_FILS_SHA384: + pWextState->authKeyMgmt |= IW_AUTH_KEY_MGMT_802_1X; + break; +#endif default: hddLog(VOS_TRACE_LEVEL_ERROR, "%s: Unsupported key mgmt type %d", diff --git a/CORE/SME/inc/csrApi.h b/CORE/SME/inc/csrApi.h index 4c9f6a16ea7d..6c2a0728879a 100644 --- a/CORE/SME/inc/csrApi.h +++ b/CORE/SME/inc/csrApi.h @@ -70,6 +70,12 @@ typedef enum eCSR_AUTH_TYPE_RSN_PSK_SHA256, eCSR_AUTH_TYPE_RSN_8021X_SHA256, #endif +#ifdef WLAN_FEATURE_FILS_SK + eCSR_AUTH_TYPE_FILS_SHA256, + eCSR_AUTH_TYPE_FILS_SHA384, + eCSR_AUTH_TYPE_FT_FILS_SHA256, + eCSR_AUTH_TYPE_FT_FILS_SHA384, +#endif eCSR_NUM_OF_SUPPORT_AUTH_TYPE, eCSR_AUTH_TYPE_FAILED = 0xff, eCSR_AUTH_TYPE_UNKNOWN = eCSR_AUTH_TYPE_FAILED, diff --git a/CORE/SME/src/csr/csrUtil.c b/CORE/SME/src/csr/csrUtil.c index 75d51688a2cf..8c9fcc9aae00 100644 --- a/CORE/SME/src/csr/csrUtil.c +++ b/CORE/SME/src/csr/csrUtil.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011-2016 The Linux Foundation. All rights reserved. + * Copyright (c) 2011-2017 The Linux Foundation. All rights reserved. * * Previously licensed under the ISC license by Qualcomm Atheros, Inc. * @@ -71,7 +71,22 @@ tANI_U8 csrRSNOui[][ CSR_RSN_OUI_SIZE ] = { { 0x00, 0x40, 0x96, 0x00 }, // CCKM { 0x00, 0x0F, 0xAC, 0x06 }, // BIP (encryption type) or RSN-PSK-SHA256 (authentication type) /* RSN-8021X-SHA256 (authentication type) */ - { 0x00, 0x0F, 0xAC, 0x05 } + { 0x00, 0x0F, 0xAC, 0x05 }, +#ifdef WLAN_FEATURE_FILS_SK +#define ENUM_FILS_SHA256 9 + /* FILS SHA256 */ + {0x00, 0x0F, 0xAC, 0x0E}, +#define ENUM_FILS_SHA384 10 + /* FILS SHA384 */ + {0x00, 0x0F, 0xAC, 0x0F}, +#define ENUM_FT_FILS_SHA256 11 + /* FILS FT SHA256 */ + {0x00, 0x0F, 0xAC, 0x10}, +#define ENUM_FT_FILS_SHA384 12 + /* FILS FT SHA384 */ + {0x00, 0x0F, 0xAC, 0x11} +#endif + /* define new oui here */ }; #ifdef FEATURE_WLAN_WAPI @@ -2334,7 +2349,15 @@ tANI_BOOLEAN csrIsProfileRSN( tCsrRoamProfile *pProfile ) #endif fRSNProfile = TRUE; break; - +#ifdef WLAN_FEATURE_FILS_SK + /* fallthrough */ + case eCSR_AUTH_TYPE_FILS_SHA256: + case eCSR_AUTH_TYPE_FILS_SHA384: + case eCSR_AUTH_TYPE_FT_FILS_SHA256: + case eCSR_AUTH_TYPE_FT_FILS_SHA384: + fRSNProfile = true; + break; +#endif default: fRSNProfile = FALSE; break; @@ -3017,6 +3040,76 @@ static tANI_BOOLEAN csrIsAuthRSN8021xSha256(tpAniSirGlobal pMac, } #endif +#ifdef WLAN_FEATURE_FILS_SK +/* + * csr_is_auth_fils_sha256() - check whether oui is fils sha256 + * @mac: Global MAC context + * @all_suites: pointer to all supported akm suites + * @suite_count: all supported akm suites count + * @oui: Oui needs to be matched + * + * Return: True if OUI is FILS SHA256, false otherwise + */ +static bool csr_is_auth_fils_sha256(tpAniSirGlobal mac, + uint8_t all_suites[][CSR_RSN_OUI_SIZE], + uint8_t suite_count, uint8_t oui[]) +{ + return csrIsOuiMatch(mac, all_suites, suite_count, + csrRSNOui[ENUM_FILS_SHA256], oui); +} + +/* + * csr_is_auth_fils_sha384() - check whether oui is fils sha384 + * @mac: Global MAC context + * @all_suites: pointer to all supported akm suites + * @suite_count: all supported akm suites count + * @oui: Oui needs to be matched + * + * Return: True if OUI is FILS SHA384, false otherwise + */ +static bool csr_is_auth_fils_sha384(tpAniSirGlobal mac, + uint8_t all_suites[][CSR_RSN_OUI_SIZE], + uint8_t suite_count, uint8_t oui[]) +{ + return csrIsOuiMatch(mac, all_suites, suite_count, + csrRSNOui[ENUM_FILS_SHA384], oui); +} + +/* + * csr_is_auth_fils_ft_sha256() - check whether oui is fils ft sha256 + * @mac: Global MAC context + * @all_suites: pointer to all supported akm suites + * @suite_count: all supported akm suites count + * @oui: Oui needs to be matched + * + * Return: True if OUI is FT FILS SHA256, false otherwise + */ +static bool csr_is_auth_fils_ft_sha256(tpAniSirGlobal mac, + uint8_t all_suites[][CSR_RSN_OUI_SIZE], + uint8_t suite_count, uint8_t oui[]) +{ + return csrIsOuiMatch(mac, all_suites, suite_count, + csrRSNOui[ENUM_FT_FILS_SHA256], oui); +} + +/* + * csr_is_auth_fils_ft_sha384() - check whether oui is fils ft sha384 + * @mac: Global MAC context + * @all_suites: pointer to all supported akm suites + * @suite_count: all supported akm suites count + * @oui: Oui needs to be matched + * + * Return: True if OUI is FT FILS SHA384, false otherwise + */ +static bool csr_is_auth_fils_ft_sha384(tpAniSirGlobal mac, + uint8_t all_suites[][CSR_RSN_OUI_SIZE], + uint8_t suite_count, uint8_t oui[]) +{ + return csrIsOuiMatch(mac, all_suites, suite_count, + csrRSNOui[ENUM_FT_FILS_SHA384], oui); +} +#endif + static tANI_BOOLEAN csrIsAuthWpa( tpAniSirGlobal pMac, tANI_U8 AllSuites[][CSR_WPA_OUI_SIZE], tANI_U8 cAllSuites, tANI_U8 Oui[] ) @@ -3067,6 +3160,67 @@ tANI_U8 csrGetOUIIndexFromCipher( eCsrEncryptionType enType ) return OUIIndex; } +#ifdef WLAN_FEATURE_FILS_SK +/** + * csr_is_fils_auth() - update negotiated auth if matches to FILS auth type + * @mac_ctx: pointer to mac context + * @authsuites: auth suites + * @c_auth_suites: auth suites count + * @authentication: authentication + * @auth_type: authentication type list + * @index: current counter + * @neg_authtype: pointer to negotiated auth + * + * Return: None + */ +static void csr_is_fils_auth(tpAniSirGlobal mac_ctx, + uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites, + uint8_t authentication[], tCsrAuthList *auth_type, + uint8_t index, eCsrAuthType *neg_authtype) +{ + /* + * TODO Always try with highest security + * move this down once sha384 is validated + */ + if (csr_is_auth_fils_sha256(mac_ctx, authsuites, + c_auth_suites, authentication)) { + if (eCSR_AUTH_TYPE_FILS_SHA256 == + auth_type->authType[index]) + *neg_authtype = eCSR_AUTH_TYPE_FILS_SHA256; + } + if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && + csr_is_auth_fils_sha384(mac_ctx, authsuites, + c_auth_suites, authentication)) { + if (eCSR_AUTH_TYPE_FILS_SHA384 == + auth_type->authType[index]) + *neg_authtype = eCSR_AUTH_TYPE_FILS_SHA384; + } + if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && + csr_is_auth_fils_ft_sha256(mac_ctx, authsuites, + c_auth_suites, authentication)) { + if (eCSR_AUTH_TYPE_FT_FILS_SHA256 == + auth_type->authType[index]) + *neg_authtype = eCSR_AUTH_TYPE_FT_FILS_SHA256; + } + if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) && + csr_is_auth_fils_ft_sha384(mac_ctx, authsuites, + c_auth_suites, authentication)) { + if (eCSR_AUTH_TYPE_FT_FILS_SHA384 == + auth_type->authType[index]) + *neg_authtype = eCSR_AUTH_TYPE_FT_FILS_SHA384; + } + VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR, + FL("negotiated auth type is %d"), *neg_authtype); +} +#else +static void csr_is_fils_auth(tpAniSirGlobal mac_ctx, + uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites, + uint8_t authentication[], tCsrAuthList *auth_type, + uint8_t index, eCsrAuthType *neg_authtype) +{ +} +#endif + tANI_BOOLEAN csrGetRSNInformation( tHalHandle hHal, tCsrAuthList *pAuthType, eCsrEncryptionType enType, tCsrEncryptionList *pMCEncryption, tDot11fIERSN *pRSNIe, tANI_U8 *UnicastCypher, @@ -3129,9 +3283,13 @@ tANI_BOOLEAN csrGetRSNInformation( tHalHandle hHal, tCsrAuthList *pAuthType, eCs for (i = 0 ; i < pAuthType->numEntries; i++) { //Ciphers are supported, Match authentication algorithm and pick first matching authtype. - #ifdef WLAN_FEATURE_VOWIFI_11R + + /* Set FILS as first preference */ + csr_is_fils_auth(pMac, AuthSuites, cAuthSuites, + Authentication, pAuthType, i, &negAuthType); +#ifdef WLAN_FEATURE_VOWIFI_11R /* Changed the AKM suites according to order of preference */ - if ( csrIsFTAuthRSN( pMac, AuthSuites, cAuthSuites, Authentication ) ) + if ( (negAuthType == eCSR_AUTH_TYPE_UNKNOWN) && csrIsFTAuthRSN( pMac, AuthSuites, cAuthSuites, Authentication ) ) { if (eCSR_AUTH_TYPE_FT_RSN == pAuthType->authType[i]) negAuthType = eCSR_AUTH_TYPE_FT_RSN; |