qcacld-3.0: Add support for SAE AKM suites
Add support for SAE AKM suites in CSR and also add support for
SAE in HDD. Also, add CONFIG_WLAN_FEATURE_SAE flag to enable/disable
SAE in Kbuild. When this is enabled, WLAN_FEATURE_SAE is used as a
feature flag for SAE.
Change-Id: I6254991afa0fd048d4f0b6f435ff630f1db04077
CRs-Fixed: 2029357
diff --git a/Kbuild b/Kbuild
index b772681..eeba559 100644
--- a/Kbuild
+++ b/Kbuild
@@ -182,6 +182,9 @@
#Flag to enable FIPS
CONFIG_WLAN_FEATURE_FIPS := y
+ #Flag to enable SAE
+ CONFIG_WLAN_FEATURE_SAE := y
+
#Flag to enable Fast Path feature
CONFIG_WLAN_FASTPATH := y
@@ -1906,6 +1909,10 @@
# Enable object manager reference count debug infrastructure
CDEFINES += -DWLAN_OBJMGR_DEBUG
+ifeq ($(CONFIG_WLAN_FEATURE_SAE),y)
+CDEFINES += -DWLAN_FEATURE_SAE
+endif
+
ifeq ($(BUILD_DIAG_VERSION),1)
CDEFINES += -DFEATURE_WLAN_DIAG_SUPPORT
CDEFINES += -DFEATURE_WLAN_DIAG_SUPPORT_CSR
diff --git a/core/hdd/src/wlan_hdd_assoc.c b/core/hdd/src/wlan_hdd_assoc.c
index 95214ea..ae69b2f 100644
--- a/core/hdd/src/wlan_hdd_assoc.c
+++ b/core/hdd/src/wlan_hdd_assoc.c
@@ -129,6 +129,11 @@
/* OWE https://tools.ietf.org/html/rfc8110 */
uint8_t ccp_rsn_oui_18[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x12};
+#ifdef WLAN_FEATURE_SAE
+uint8_t ccp_rsn_oui_80[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x08};
+uint8_t ccp_rsn_oui_90[HDD_RSN_OUI_SIZE] = {0x00, 0x0F, 0xAC, 0x09};
+#endif
+
/* Offset where the EID-Len-IE, start. */
#define FT_ASSOC_RSP_IES_OFFSET 6 /* Capability(2) + AID(2) + Status Code(2) */
#define FT_ASSOC_REQ_IES_OFFSET 4 /* Capability(2) + LI(2) */
@@ -4787,6 +4792,27 @@
}
#endif
+#ifdef WLAN_FEATURE_SAE
+/**
+ * hdd_translate_sae_rsn_to_csr_auth() - Translate SAE RSN to CSR auth type
+ * @auth_suite: auth suite
+ * @auth_type: pointer to eCsrAuthType
+ *
+ * Return: None
+ */
+static void hdd_translate_sae_rsn_to_csr_auth(int8_t auth_suite[4],
+ eCsrAuthType *auth_type)
+{
+ if (qdf_mem_cmp(auth_suite, ccp_rsn_oui_80, 4) == 0)
+ *auth_type = eCSR_AUTH_TYPE_SAE;
+}
+#else
+static inline void hdd_translate_sae_rsn_to_csr_auth(int8_t auth_suite[4],
+ eCsrAuthType *auth_type)
+{
+}
+#endif
+
/**
* hdd_translate_rsn_to_csr_auth_type() - Translate RSN to CSR auth type
* @auth_suite: auth suite
@@ -4833,6 +4859,7 @@
} else
{
hdd_translate_fils_rsn_to_csr_auth(auth_suite, &auth_type);
+ hdd_translate_sae_rsn_to_csr_auth(auth_suite, &auth_type);
}
hdd_debug("auth_type: %d", auth_type);
return auth_type;
@@ -5391,6 +5418,11 @@
roam_profile->AuthType.authType[0] = eCSR_AUTH_TYPE_SHARED_KEY;
break;
+
+ case eCSR_AUTH_TYPE_SAE:
+ roam_profile->AuthType.authType[0] = eCSR_AUTH_TYPE_SAE;
+ break;
+
default:
#ifdef FEATURE_WLAN_ESE
diff --git a/core/hdd/src/wlan_hdd_cfg80211.c b/core/hdd/src/wlan_hdd_cfg80211.c
index b67de63..7b685ea 100644
--- a/core/hdd/src/wlan_hdd_cfg80211.c
+++ b/core/hdd/src/wlan_hdd_cfg80211.c
@@ -16871,6 +16871,10 @@
sta_ctx->conn_info.authType = eCSR_AUTH_TYPE_OPEN_SYSTEM;
break;
#endif
+ case NL80211_AUTHTYPE_SAE:
+ hdd_debug("set authentication type to SAE");
+ sta_ctx->conn_info.authType = eCSR_AUTH_TYPE_SAE;
+ break;
default:
hdd_err("Unsupported authentication type: %d", auth_type);
sta_ctx->conn_info.authType = eCSR_AUTH_TYPE_UNKNOWN;
@@ -17209,6 +17213,11 @@
pWextState->authKeyMgmt |= IW_AUTH_KEY_MGMT_802_1X;
break;
+ case WLAN_AKM_SUITE_SAE:
+ hdd_debug("setting key mgmt type to SAE");
+ pWextState->authKeyMgmt |= IW_AUTH_KEY_MGMT_802_1X;
+ break;
+
default:
hdd_err("Unsupported key mgmt type: %d", key_mgmt);
return -EINVAL;
diff --git a/core/hdd/src/wlan_hdd_cfg80211.h b/core/hdd/src/wlan_hdd_cfg80211.h
index 90e0fb4..fbbf908 100644
--- a/core/hdd/src/wlan_hdd_cfg80211.h
+++ b/core/hdd/src/wlan_hdd_cfg80211.h
@@ -119,6 +119,10 @@
#define WLAN_AKM_SUITE_EAP_SHA384 0x000FAC0C
+#ifndef WLAN_AKM_SUITE_SAE
+#define WLAN_AKM_SUITE_SAE 0x000FAC08
+#endif
+
#ifdef FEATURE_WLAN_TDLS
#define WLAN_IS_TDLS_SETUP_ACTION(action) \
((SIR_MAC_TDLS_SETUP_REQ <= action) && \
diff --git a/core/mac/inc/ani_system_defs.h b/core/mac/inc/ani_system_defs.h
index 3d0ca61..127e990 100644
--- a/core/mac/inc/ani_system_defs.h
+++ b/core/mac/inc/ani_system_defs.h
@@ -68,14 +68,15 @@
eSIR_OPEN_SYSTEM,
eSIR_SHARED_KEY,
eSIR_FT_AUTH,
+ eSIR_AUTH_TYPE_SAE = 3,
#if defined FEATURE_WLAN_ESE
eSIR_LEAP_AUTH = 0x80,
#endif
- eSIR_AUTO_SWITCH,
SIR_FILS_SK_WITHOUT_PFS = 4,
SIR_FILS_SK_WITH_PFS = 5,
SIR_FILS_PK_AUTH = 6,
eSIR_AUTH_TYPE_OWE,
+ eSIR_AUTO_SWITCH,
eSIR_DONOT_USE_AUTH_TYPE = SIR_MAX_ENUM_SIZE
} tAniAuthType;
diff --git a/core/sme/inc/csr_api.h b/core/sme/inc/csr_api.h
index ffb667b..be136ee 100644
--- a/core/sme/inc/csr_api.h
+++ b/core/sme/inc/csr_api.h
@@ -47,6 +47,7 @@
/* MAC layer authentication types */
eCSR_AUTH_TYPE_OPEN_SYSTEM,
eCSR_AUTH_TYPE_SHARED_KEY,
+ eCSR_AUTH_TYPE_SAE,
eCSR_AUTH_TYPE_AUTOSWITCH,
/* Upper layer authentication types */
diff --git a/core/sme/src/csr/csr_api_roam.c b/core/sme/src/csr/csr_api_roam.c
index 4704a36..70b68a1 100644
--- a/core/sme/src/csr/csr_api_roam.c
+++ b/core/sme/src/csr/csr_api_roam.c
@@ -4387,6 +4387,9 @@
case eCSR_AUTH_TYPE_AUTOSWITCH:
pBssConfig->authType = eSIR_AUTO_SWITCH;
break;
+ case eCSR_AUTH_TYPE_SAE:
+ pBssConfig->authType = eSIR_AUTH_TYPE_SAE;
+ break;
}
/* short slot time */
if (eCSR_CFG_DOT11_MODE_11B != cfgDot11Mode)
@@ -4528,6 +4531,9 @@
case eCSR_AUTH_TYPE_AUTOSWITCH:
pBssConfig->authType = eSIR_AUTO_SWITCH;
break;
+ case eCSR_AUTH_TYPE_SAE:
+ pBssConfig->authType = eSIR_AUTH_TYPE_SAE;
+ break;
}
/* short slot time */
if (WNI_CFG_PHY_MODE_11B != pBssConfig->uCfgDot11Mode) {
@@ -5484,6 +5490,11 @@
pCommand->u.roamCmd.roamProfile.negotiatedAuthType =
eCSR_AUTH_TYPE_AUTOSWITCH;
break;
+
+ case eCSR_AUTH_TYPE_SAE:
+ pCommand->u.roamCmd.roamProfile.negotiatedAuthType =
+ eCSR_AUTH_TYPE_SAE;
+ break;
}
pCommand->u.roamCmd.roamProfile.negotiatedUCEncryptionType =
pCommand->u.roamCmd.roamProfile.EncryptionType.
@@ -6477,7 +6488,7 @@
|| (eCSR_AUTH_TYPE_RSN_PSK_SHA256 == authType) ||
(eCSR_AUTH_TYPE_RSN_8021X_SHA256 == authType)
#endif /* FEATURE_WLAN_WAPI */
- ) {
+ || (eCSR_AUTH_TYPE_SAE == authType)) {
if (!pIesLocal && !QDF_IS_STATUS_SUCCESS
(csr_get_parsed_bss_description_ies(pMac,
pSirBssDesc, &pIesLocal)))
diff --git a/core/sme/src/csr/csr_api_scan.c b/core/sme/src/csr/csr_api_scan.c
index fcfa399..c9d2c3b 100644
--- a/core/sme/src/csr/csr_api_scan.c
+++ b/core/sme/src/csr/csr_api_scan.c
@@ -5113,6 +5113,8 @@
return WLAN_AUTH_TYPE_SUITEB_EAP_SHA256;
case eCSR_AUTH_TYPE_SUITEB_EAP_SHA384:
return WLAN_AUTH_TYPE_SUITEB_EAP_SHA384;
+ case eCSR_AUTH_TYPE_SAE:
+ return WLAN_AUTH_TYPE_SAE;
case eCSR_NUM_OF_SUPPORT_AUTH_TYPE:
default:
return WLAN_AUTH_TYPE_OPEN_SYSTEM;
@@ -5170,6 +5172,8 @@
return eCSR_AUTH_TYPE_SUITEB_EAP_SHA256;
case WLAN_AUTH_TYPE_SUITEB_EAP_SHA384:
return eCSR_AUTH_TYPE_SUITEB_EAP_SHA384;
+ case WLAN_AUTH_TYPE_SAE:
+ return eCSR_AUTH_TYPE_SAE;
case WLAN_NUM_OF_SUPPORT_AUTH_TYPE:
default:
return eCSR_AUTH_TYPE_OPEN_SYSTEM;
diff --git a/core/sme/src/csr/csr_util.c b/core/sme/src/csr/csr_util.c
index ee1a655..e389d4a 100644
--- a/core/sme/src/csr/csr_util.c
+++ b/core/sme/src/csr/csr_util.c
@@ -124,6 +124,18 @@
#define ENUM_SUITEB_EAP384 18
{0x00, 0x0F, 0xAC, 0x0C},
+#ifdef WLAN_FEATURE_SAE
+#define ENUM_SAE 19
+ /* SAE */
+ {0x00, 0x0F, 0xAC, 0x08},
+#define ENUM_FT_SAE 20
+ /* FT SAE */
+ {0x00, 0x0F, 0xAC, 0x09},
+#else
+ {0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00},
+#endif
+
/* define new oui here, update #define CSR_OUI_***_INDEX */
};
@@ -2465,6 +2477,9 @@
case eCSR_AUTH_TYPE_SUITEB_EAP_SHA384:
fRSNProfile = true;
break;
+ case eCSR_AUTH_TYPE_SAE:
+ fRSNProfile = true;
+ break;
default:
fRSNProfile = false;
@@ -3294,6 +3309,24 @@
csr_rsn_oui[ENUM_SUITEB_EAP384], oui);
}
+#ifdef WLAN_FEATURE_SAE
+/*
+ * csr_is_auth_wpa_sae() - check whether oui is SAE
+ * @mac: Global MAC context
+ * @all_suites: pointer to all supported akm suites
+ * @suite_count: all supported akm suites count
+ * @oui: Oui needs to be matched
+ *
+ * Return: True if OUI is SAE, false otherwise
+ */
+static bool csr_is_auth_wpa_sae(tpAniSirGlobal mac,
+ uint8_t all_suites[][CSR_RSN_OUI_SIZE],
+ uint8_t suite_count, uint8_t oui[])
+{
+ return csr_is_oui_match
+ (mac, all_suites, suite_count, csr_rsn_oui[ENUM_SAE], oui);
+}
+#endif
static bool csr_is_auth_wpa(tpAniSirGlobal pMac,
uint8_t AllSuites[][CSR_WPA_OUI_SIZE],
@@ -3445,6 +3478,42 @@
{
}
#endif
+
+#ifdef WLAN_FEATURE_SAE
+/**
+ * csr_check_sae_auth() - update negotiated auth if matches to SAE auth type
+ * @mac_ctx: pointer to mac context
+ * @authsuites: auth suites
+ * @c_auth_suites: auth suites count
+ * @authentication: authentication
+ * @auth_type: authentication type list
+ * @index: current counter
+ * @neg_authtype: pointer to negotiated auth
+ *
+ * Return: None
+ */
+static void csr_check_sae_auth(tpAniSirGlobal mac_ctx,
+ uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites,
+ uint8_t authentication[], tCsrAuthList *auth_type,
+ uint8_t index, eCsrAuthType *neg_authtype)
+{
+ if ((*neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) &&
+ csr_is_auth_wpa_sae(mac_ctx, authsuites,
+ c_auth_suites, authentication)) {
+ if (eCSR_AUTH_TYPE_SAE == auth_type->authType[index])
+ *neg_authtype = eCSR_AUTH_TYPE_SAE;
+ }
+ sme_debug("negotiated auth type is %d", *neg_authtype);
+}
+#else
+static void csr_check_sae_auth(tpAniSirGlobal mac_ctx,
+ uint8_t authsuites[][CSR_RSN_OUI_SIZE], uint8_t c_auth_suites,
+ uint8_t authentication[], tCsrAuthList *auth_type,
+ uint8_t index, eCsrAuthType *neg_authtype)
+{
+}
+#endif
+
/**
* csr_get_rsn_information() - to get RSN infomation
* @hal: pointer to HAL
@@ -3564,6 +3633,9 @@
csr_is_fils_auth(mac_ctx, authsuites, c_auth_suites,
authentication, auth_type, i, &neg_authtype);
/* Changed the AKM suites according to order of preference */
+ csr_check_sae_auth(mac_ctx, authsuites, c_auth_suites,
+ authentication, auth_type, i, &neg_authtype);
+
if ((neg_authtype == eCSR_AUTH_TYPE_UNKNOWN) &&
csr_is_auth_dpp_rsn(mac_ctx, authsuites,
c_auth_suites, authentication)) {