wlan: Add support for SAE AKM suites
propagation from qcacld-3.0 to prima
Add support for SAE AKM suites in CSR and also add support for
SAE in HDD. Also, add CONFIG_WLAN_FEATURE_SAE flag to enable/disable
SAE in Kbuild. When this is enabled, WLAN_FEATURE_SAE is used as a
feature flag for SAE.
Change-Id: I6254991afa0fd048d4f0b6f435ff630f1db04077
CRs-Fixed: 2530368
diff --git a/CORE/HDD/inc/wlan_hdd_cfg80211.h b/CORE/HDD/inc/wlan_hdd_cfg80211.h
index 9ef5a8c..92650f7 100644
--- a/CORE/HDD/inc/wlan_hdd_cfg80211.h
+++ b/CORE/HDD/inc/wlan_hdd_cfg80211.h
@@ -143,6 +143,10 @@
}__attribute__((packed)) qcom_ie_age ;
#endif
+#ifndef WLAN_AKM_SUITE_SAE
+#define WLAN_AKM_SUITE_SAE 0x000FAC08
+#endif
+
enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0,
QCA_NL80211_VENDOR_SUBCMD_TEST = 1,
diff --git a/CORE/HDD/src/wlan_hdd_assoc.c b/CORE/HDD/src/wlan_hdd_assoc.c
index 766e227..b47942a 100644
--- a/CORE/HDD/src/wlan_hdd_assoc.c
+++ b/CORE/HDD/src/wlan_hdd_assoc.c
@@ -152,6 +152,11 @@
v_U8_t ccpRSNOui08[ HDD_RSN_OUI_SIZE ] = { 0x00, 0x0F, 0xAC, 0x05 };
#endif
+#ifdef WLAN_FEATURE_SAE
+v_U8_t ccp_rsn_oui_80[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x08};
+v_U8_t ccp_rsn_oui_90[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x09};
+#endif
+
#if defined(WLAN_FEATURE_VOWIFI_11R)
// Offset where the EID-Len-IE, start.
#define FT_ASSOC_RSP_IES_OFFSET 6 /* Capability(2) + AID(2) + Status Code(2)*/
@@ -4374,9 +4379,32 @@
}
return( halStatus );
}
+
+#ifdef WLAN_FEATURE_SAE
+/**
+ * hdd_translate_sae_rsn_to_csr_auth() - Translate SAE RSN to CSR auth type
+ * @auth_suite: auth suite
+ * @auth_type: pointer to eCsrAuthType
+ *
+ * Return: None
+ */
+static void hdd_translate_sae_rsn_to_csr_auth(int8_t auth_suite[4],
+ eCsrAuthType *auth_type)
+{
+ if (!memcmp(auth_suite, ccp_rsn_oui_80, 4))
+ *auth_type = eCSR_AUTH_TYPE_SAE;
+}
+#else
+static inline
+void hdd_translate_sae_rsn_to_csr_auth(int8_t auth_suite[4],
+ eCsrAuthType *auth_type)
+{
+}
+#endif
+
eCsrAuthType hdd_TranslateRSNToCsrAuthType( u_int8_t auth_suite[4])
{
- eCsrAuthType auth_type;
+ eCsrAuthType auth_type = eCSR_AUTH_TYPE_UNKNOWN;
// is the auth type supported?
if ( memcmp(auth_suite , ccpRSNOui01, 4) == 0)
{
@@ -4415,8 +4443,12 @@
} else
#endif
{
- auth_type = eCSR_AUTH_TYPE_UNKNOWN;
- }
+ /* If auth suite is of SAE, auth_type will be
+ * overwritten in hdd_translate_sae_rsn_to_csr_auth
+ */
+ hdd_translate_sae_rsn_to_csr_auth(auth_suite, &auth_type);
+ }
+
return auth_type;
}
@@ -4913,6 +4945,10 @@
pRoamProfile->AuthType.authType[0] = eCSR_AUTH_TYPE_SHARED_KEY;
break;
+ case eCSR_AUTH_TYPE_SAE:
+ pRoamProfile->AuthType.authType[0] = eCSR_AUTH_TYPE_SAE;
+ break;
+
default:
#ifdef FEATURE_WLAN_ESE
diff --git a/CORE/HDD/src/wlan_hdd_cfg80211.c b/CORE/HDD/src/wlan_hdd_cfg80211.c
index efe8cff..62a810f 100644
--- a/CORE/HDD/src/wlan_hdd_cfg80211.c
+++ b/CORE/HDD/src/wlan_hdd_cfg80211.c
@@ -16297,7 +16297,10 @@
pHddStaCtx->conn_info.authType = eCSR_AUTH_TYPE_CCKM_WPA;//eCSR_AUTH_TYPE_CCKM_RSN needs to be handled as well if required.
break;
#endif
-
+ case NL80211_AUTHTYPE_SAE:
+ hddLog(LOG1, "set authentication type to SAE");
+ pHddStaCtx->conn_info.authType = eCSR_AUTH_TYPE_SAE;
+ break;
default:
hddLog(VOS_TRACE_LEVEL_ERROR,
@@ -16369,6 +16372,10 @@
pWextState->authKeyMgmt |= IW_AUTH_KEY_MGMT_802_1X;
break;
#endif
+ case WLAN_AKM_SUITE_SAE:
+ hddLog(LOG1, "setting key mgmt type to SAE");
+ pWextState->authKeyMgmt |= IW_AUTH_KEY_MGMT_802_1X;
+ break;
default:
hddLog(VOS_TRACE_LEVEL_ERROR, "%s: Unsupported key mgmt type %d",
diff --git a/CORE/MAC/inc/aniSystemDefs.h b/CORE/MAC/inc/aniSystemDefs.h
index 0eb1cce..1a91aed 100644
--- a/CORE/MAC/inc/aniSystemDefs.h
+++ b/CORE/MAC/inc/aniSystemDefs.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2014 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2014, 2019 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -84,6 +84,7 @@
#if defined WLAN_FEATURE_VOWIFI_11R
eSIR_FT_AUTH,
#endif
+ eSIR_AUTH_TYPE_SAE = 3,
#if defined FEATURE_WLAN_ESE
eSIR_LEAP_AUTH = 0x80,
#endif
diff --git a/CORE/SME/inc/csrApi.h b/CORE/SME/inc/csrApi.h
index 59eb8eb..3bb42d4 100644
--- a/CORE/SME/inc/csrApi.h
+++ b/CORE/SME/inc/csrApi.h
@@ -46,6 +46,7 @@
// MAC layer authentication types
eCSR_AUTH_TYPE_OPEN_SYSTEM,
eCSR_AUTH_TYPE_SHARED_KEY,
+ eCSR_AUTH_TYPE_SAE,
eCSR_AUTH_TYPE_AUTOSWITCH,
// Upper layer authentication types
diff --git a/CORE/SME/src/csr/csrApiRoam.c b/CORE/SME/src/csr/csrApiRoam.c
index 058915b..f53ba36 100644
--- a/CORE/SME/src/csr/csrApiRoam.c
+++ b/CORE/SME/src/csr/csrApiRoam.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012-2018 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2012-2019 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -3360,6 +3360,10 @@
case eCSR_AUTH_TYPE_AUTOSWITCH:
pBssConfig->authType = eSIR_AUTO_SWITCH;
break;
+ case eCSR_AUTH_TYPE_SAE:
+ pBssConfig->authType = eSIR_AUTH_TYPE_SAE;
+ break;
+
}
//short slot time
if( eCSR_CFG_DOT11_MODE_11B != cfgDot11Mode )
@@ -3502,6 +3506,10 @@
case eCSR_AUTH_TYPE_AUTOSWITCH:
pBssConfig->authType = eSIR_AUTO_SWITCH;
break;
+ case eCSR_AUTH_TYPE_SAE:
+ pBssConfig->authType = eSIR_AUTH_TYPE_SAE;
+ break;
+
}
//short slot time
if( WNI_CFG_PHY_MODE_11B != pBssConfig->uCfgDot11Mode )
@@ -4554,6 +4562,11 @@
case eCSR_AUTH_TYPE_AUTOSWITCH:
pCommand->u.roamCmd.roamProfile.negotiatedAuthType = eCSR_AUTH_TYPE_AUTOSWITCH;
break;
+ case eCSR_AUTH_TYPE_SAE:
+ pCommand->u.roamCmd.roamProfile.negotiatedAuthType =
+ eCSR_AUTH_TYPE_SAE;
+ break;
+
}
pCommand->u.roamCmd.roamProfile.negotiatedUCEncryptionType =
pCommand->u.roamCmd.roamProfile.EncryptionType.encryptionType[0];
@@ -5291,7 +5304,7 @@
(eCSR_AUTH_TYPE_RSN_PSK_SHA256 == authType) ||
(eCSR_AUTH_TYPE_RSN_8021X_SHA256 == authType)
#endif /* FEATURE_WLAN_WAPI */
- )
+ || (eCSR_AUTH_TYPE_SAE == authType))
{
if( !pIesLocal && (!HAL_STATUS_SUCCESS(csrGetParsedBssDescriptionIEs(pMac, pSirBssDesc, &pIesLocal))) )
{
diff --git a/CORE/SME/src/csr/csrUtil.c b/CORE/SME/src/csr/csrUtil.c
index 3d23fa5..d0647dd 100644
--- a/CORE/SME/src/csr/csrUtil.c
+++ b/CORE/SME/src/csr/csrUtil.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011-2017 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2011-2017, 2019 The Linux Foundation. All rights reserved.
*
* Previously licensed under the ISC license by Qualcomm Atheros, Inc.
*
@@ -70,7 +70,19 @@
{ 0x00, 0x40, 0x96, 0x00 }, // CCKM
{ 0x00, 0x0F, 0xAC, 0x06 }, // BIP (encryption type) or RSN-PSK-SHA256 (authentication type)
/* RSN-8021X-SHA256 (authentication type) */
- { 0x00, 0x0F, 0xAC, 0x05 }
+ { 0x00, 0x0F, 0xAC, 0x05 },
+#ifdef WLAN_FEATURE_SAE
+#define ENUM_SAE 9
+ /* SAE */
+ {0x00, 0x0F, 0xAC, 0x08},
+#define ENUM_FT_SAE 10
+ /* FT SAE */
+ {0x00, 0x0F, 0xAC, 0x09},
+#else
+ {0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00},
+ #endif
+ /* define new oui here */
};
#ifdef FEATURE_WLAN_WAPI
@@ -2847,6 +2859,9 @@
#endif
fRSNProfile = TRUE;
break;
+ case eCSR_AUTH_TYPE_SAE:
+ fRSNProfile = true;
+ break;
default:
fRSNProfile = FALSE;
@@ -3591,6 +3606,24 @@
}
#endif
+#ifdef WLAN_FEATURE_SAE
+/**
+ * csr_is_auth_wpa_sae() - check whether oui is SAE
+ * @mac: Global MAC context
+ * @all_suites: pointer to all supported akm suites
+ * @suite_count: all supported akm suites count
+ * @oui: Oui needs to be matched
+ *
+ * Return: True if OUI is SAE, false otherwise
+ */
+static bool csr_is_auth_wpa_sae(tpAniSirGlobal mac,
+ uint8_t all_suites[][CSR_RSN_OUI_SIZE],
+ uint8_t suite_count, uint8_t oui[])
+{
+ return csrIsOuiMatch(mac, all_suites, suite_count, csrRSNOui[ENUM_SAE],
+ oui);
+}
+#endif
static tANI_BOOLEAN csrIsAuthWpa( tpAniSirGlobal pMac, tANI_U8 AllSuites[][CSR_WPA_OUI_SIZE],
tANI_U8 cAllSuites,
tANI_U8 Oui[] )
@@ -3708,6 +3741,46 @@
return OUIIndex;
}
+#ifdef WLAN_FEATURE_SAE
+/**
+ * csr_check_sae_auth() - update negotiated auth if matches to SAE auth type
+ * @mac_ctx: pointer to mac context
+ * @authsuites: auth suites
+ * @c_auth_suites: auth suites count
+ * @authentication: authentication
+ * @auth_type: authentication type list
+ * @index: current counter
+ * @neg_authtype: pointer to negotiated auth
+ *
+ * Return: None
+ */
+static void csr_check_sae_auth(tpAniSirGlobal mac_ctx,
+ uint8_t authsuites[][CSR_RSN_OUI_SIZE],
+ uint8_t c_auth_suites,
+ uint8_t authentication[],
+ tCsrAuthList *auth_type,
+ uint8_t index, eCsrAuthType *neg_authtype)
+{
+ if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) &&
+ csr_is_auth_wpa_sae(mac_ctx, authsuites, c_auth_suites,
+ authentication)) {
+ if (eCSR_AUTH_TYPE_SAE == auth_type->authType[index])
+ *neg_authtype = eCSR_AUTH_TYPE_SAE;
+ }
+ VOS_TRACE(VOS_MODULE_ID_SME, VOS_TRACE_LEVEL_ERROR,
+ FL("negotiated auth type is %d"), *neg_authtype);
+}
+#else
+static void csr_check_sae_auth(tpAniSirGlobal mac_ctx,
+ uint8_t authsuites[][CSR_RSN_OUI_SIZE],
+ uint8_t c_auth_suites,
+ uint8_t authentication[],
+ tCsrAuthList *auth_type,
+ uint8_t index, eCsrAuthType *neg_authtype)
+{
+}
+#endif
+
tANI_BOOLEAN csrGetRSNInformation( tHalHandle hHal, tCsrAuthList *pAuthType, eCsrEncryptionType enType, tCsrEncryptionList *pMCEncryption,
tDot11fIERSN *pRSNIe,
tANI_U8 *UnicastCypher,
@@ -3770,6 +3843,11 @@
for (i = 0 ; i < pAuthType->numEntries; i++)
{
//Ciphers are supported, Match authentication algorithm and pick first matching authtype.
+
+ /* Set SAE as first preference */
+ csr_check_sae_auth(pMac, AuthSuites, cAuthSuites,
+ Authentication, pAuthType, i, &negAuthType);
+
#ifdef WLAN_FEATURE_VOWIFI_11R
/* Changed the AKM suites according to order of preference */
if ( csrIsFTAuthRSN( pMac, AuthSuites, cAuthSuites, Authentication ) )
diff --git a/Kbuild b/Kbuild
index d822f0f..aed086a 100644
--- a/Kbuild
+++ b/Kbuild
@@ -23,6 +23,9 @@
#Flag to enable Legacy Fast Roaming(LFR)
CONFIG_PRIMA_WLAN_LFR := y
+#Flag to enable SAE
+ CONFIG_WLAN_FEATURE_SAE := y
+
#Flag to enable Legacy Fast Roaming(LFR) Make Before Break
CONFIG_PRIMA_WLAN_LFR_MBB := y
@@ -677,6 +680,10 @@
CDEFINES += -DFEATURE_WLAN_LFR
endif
+ifeq ($(CONFIG_WLAN_FEATURE_SAE),y)
+CDEFINES += -DWLAN_FEATURE_SAE
+endif
+
ifeq ($(CONFIG_PRIMA_WLAN_LFR_MBB),y)
CDEFINES += -DWLAN_FEATURE_LFR_MBB
endif