xref: /linux/drivers/net/wireless/realtek/rtw89/cam.c (revision 6e7fd890f1d6ac83805409e9c346240de2705584)
1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /* Copyright(c) 2019-2020  Realtek Corporation
3  */
4 
5 #include "cam.h"
6 #include "debug.h"
7 #include "fw.h"
8 #include "mac.h"
9 
10 static struct sk_buff *
11 rtw89_cam_get_sec_key_cmd(struct rtw89_dev *rtwdev,
12 			  struct rtw89_sec_cam_entry *sec_cam,
13 			  bool ext_key)
14 {
15 	struct sk_buff *skb;
16 	u32 cmd_len = H2C_SEC_CAM_LEN;
17 	u32 key32[4];
18 	u8 *cmd;
19 	int i, j;
20 
21 	skb = rtw89_fw_h2c_alloc_skb_with_hdr(rtwdev, cmd_len);
22 	if (!skb)
23 		return NULL;
24 
25 	skb_put_zero(skb, cmd_len);
26 
27 	for (i = 0; i < 4; i++) {
28 		j = i * 4;
29 		j += ext_key ? 16 : 0;
30 		key32[i] = FIELD_PREP(GENMASK(7, 0), sec_cam->key[j + 0]) |
31 			   FIELD_PREP(GENMASK(15, 8), sec_cam->key[j + 1]) |
32 			   FIELD_PREP(GENMASK(23, 16), sec_cam->key[j + 2]) |
33 			   FIELD_PREP(GENMASK(31, 24), sec_cam->key[j + 3]);
34 	}
35 
36 	cmd = skb->data;
37 	RTW89_SET_FWCMD_SEC_IDX(cmd, sec_cam->sec_cam_idx + (ext_key ? 1 : 0));
38 	RTW89_SET_FWCMD_SEC_OFFSET(cmd, sec_cam->offset);
39 	RTW89_SET_FWCMD_SEC_LEN(cmd, sec_cam->len);
40 	RTW89_SET_FWCMD_SEC_TYPE(cmd, sec_cam->type);
41 	RTW89_SET_FWCMD_SEC_EXT_KEY(cmd, ext_key);
42 	RTW89_SET_FWCMD_SEC_SPP_MODE(cmd, sec_cam->spp_mode);
43 	RTW89_SET_FWCMD_SEC_KEY0(cmd, key32[0]);
44 	RTW89_SET_FWCMD_SEC_KEY1(cmd, key32[1]);
45 	RTW89_SET_FWCMD_SEC_KEY2(cmd, key32[2]);
46 	RTW89_SET_FWCMD_SEC_KEY3(cmd, key32[3]);
47 
48 	return skb;
49 }
50 
51 static int rtw89_cam_send_sec_key_cmd(struct rtw89_dev *rtwdev,
52 				      struct rtw89_sec_cam_entry *sec_cam)
53 {
54 	struct sk_buff *skb, *ext_skb;
55 	int ret;
56 
57 	skb = rtw89_cam_get_sec_key_cmd(rtwdev, sec_cam, false);
58 	if (!skb) {
59 		rtw89_err(rtwdev, "failed to get sec key command\n");
60 		return -ENOMEM;
61 	}
62 
63 	rtw89_h2c_pkt_set_hdr(rtwdev, skb,
64 			      FWCMD_TYPE_H2C,
65 			      H2C_CAT_MAC,
66 			      H2C_CL_MAC_SEC_CAM,
67 			      H2C_FUNC_MAC_SEC_UPD, 1, 0,
68 			      H2C_SEC_CAM_LEN);
69 	ret = rtw89_h2c_tx(rtwdev, skb, false);
70 	if (ret) {
71 		rtw89_err(rtwdev, "failed to send sec key h2c: %d\n", ret);
72 		dev_kfree_skb(skb);
73 		return ret;
74 	}
75 
76 	if (!sec_cam->ext_key)
77 		return 0;
78 
79 	ext_skb = rtw89_cam_get_sec_key_cmd(rtwdev, sec_cam, true);
80 	if (!ext_skb) {
81 		rtw89_err(rtwdev, "failed to get ext sec key command\n");
82 		return -ENOMEM;
83 	}
84 
85 	rtw89_h2c_pkt_set_hdr(rtwdev, ext_skb,
86 			      FWCMD_TYPE_H2C,
87 			      H2C_CAT_MAC,
88 			      H2C_CL_MAC_SEC_CAM,
89 			      H2C_FUNC_MAC_SEC_UPD,
90 			      1, 0, H2C_SEC_CAM_LEN);
91 	ret = rtw89_h2c_tx(rtwdev, ext_skb, false);
92 	if (ret) {
93 		rtw89_err(rtwdev, "failed to send ext sec key h2c: %d\n", ret);
94 		dev_kfree_skb(ext_skb);
95 		return ret;
96 	}
97 
98 	return 0;
99 }
100 
101 static int rtw89_cam_get_avail_sec_cam(struct rtw89_dev *rtwdev,
102 				       u8 *sec_cam_idx, bool ext_key)
103 {
104 	const struct rtw89_chip_info *chip = rtwdev->chip;
105 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
106 	u8 sec_cam_num = chip->scam_num;
107 	u8 idx = 0;
108 
109 	if (!ext_key) {
110 		idx = find_first_zero_bit(cam_info->sec_cam_map, sec_cam_num);
111 		if (idx >= sec_cam_num)
112 			return -EBUSY;
113 
114 		set_bit(idx, cam_info->sec_cam_map);
115 		*sec_cam_idx = idx;
116 
117 		return 0;
118 	}
119 
120 again:
121 	idx = find_next_zero_bit(cam_info->sec_cam_map, sec_cam_num, idx);
122 	if (idx >= sec_cam_num - 1)
123 		return -EBUSY;
124 	/* ext keys need two cam entries for 256-bit key */
125 	if (test_bit(idx + 1, cam_info->sec_cam_map)) {
126 		idx++;
127 		goto again;
128 	}
129 
130 	set_bit(idx, cam_info->sec_cam_map);
131 	set_bit(idx + 1, cam_info->sec_cam_map);
132 	*sec_cam_idx = idx;
133 
134 	return 0;
135 }
136 
137 static int rtw89_cam_get_addr_cam_key_idx(struct rtw89_addr_cam_entry *addr_cam,
138 					  struct rtw89_sec_cam_entry *sec_cam,
139 					  struct ieee80211_key_conf *key,
140 					  u8 *key_idx)
141 {
142 	u8 idx;
143 
144 	/* RTW89_ADDR_CAM_SEC_NONE	: not enabled
145 	 * RTW89_ADDR_CAM_SEC_ALL_UNI	: 0 - 6 unicast
146 	 * RTW89_ADDR_CAM_SEC_NORMAL	: 0 - 1 unicast, 2 - 4 group, 5 - 6 BIP
147 	 * RTW89_ADDR_CAM_SEC_4GROUP	: 0 - 1 unicast, 2 - 5 group, 6 BIP
148 	 */
149 	switch (addr_cam->sec_ent_mode) {
150 	case RTW89_ADDR_CAM_SEC_NONE:
151 		return -EINVAL;
152 	case RTW89_ADDR_CAM_SEC_ALL_UNI:
153 		idx = find_first_zero_bit(addr_cam->sec_cam_map,
154 					  RTW89_SEC_CAM_IN_ADDR_CAM);
155 		if (idx >= RTW89_SEC_CAM_IN_ADDR_CAM)
156 			return -EBUSY;
157 		*key_idx = idx;
158 		break;
159 	case RTW89_ADDR_CAM_SEC_NORMAL:
160 		if (sec_cam->type == RTW89_SEC_KEY_TYPE_BIP_CCMP128) {
161 			idx = find_next_zero_bit(addr_cam->sec_cam_map,
162 						 RTW89_SEC_CAM_IN_ADDR_CAM, 5);
163 			if (idx > 6)
164 				return -EBUSY;
165 			*key_idx = idx;
166 			break;
167 		}
168 
169 		if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
170 			idx = find_next_zero_bit(addr_cam->sec_cam_map,
171 						 RTW89_SEC_CAM_IN_ADDR_CAM, 0);
172 			if (idx > 1)
173 				return -EBUSY;
174 			*key_idx = idx;
175 			break;
176 		}
177 
178 		/* Group keys */
179 		idx = find_next_zero_bit(addr_cam->sec_cam_map,
180 					 RTW89_SEC_CAM_IN_ADDR_CAM, 2);
181 		if (idx > 4)
182 			return -EBUSY;
183 		*key_idx = idx;
184 		break;
185 	case RTW89_ADDR_CAM_SEC_4GROUP:
186 		if (sec_cam->type == RTW89_SEC_KEY_TYPE_BIP_CCMP128) {
187 			if (test_bit(6, addr_cam->sec_cam_map))
188 				return -EINVAL;
189 			*key_idx = 6;
190 			break;
191 		}
192 
193 		if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
194 			idx = find_next_zero_bit(addr_cam->sec_cam_map,
195 						 RTW89_SEC_CAM_IN_ADDR_CAM, 0);
196 			if (idx > 1)
197 				return -EBUSY;
198 			*key_idx = idx;
199 			break;
200 		}
201 
202 		/* Group keys */
203 		idx = find_next_zero_bit(addr_cam->sec_cam_map,
204 					 RTW89_SEC_CAM_IN_ADDR_CAM, 2);
205 		if (idx > 5)
206 			return -EBUSY;
207 		*key_idx = idx;
208 		break;
209 	}
210 
211 	return 0;
212 }
213 
214 static int rtw89_cam_detach_sec_cam(struct rtw89_dev *rtwdev,
215 				    struct ieee80211_vif *vif,
216 				    struct ieee80211_sta *sta,
217 				    const struct rtw89_sec_cam_entry *sec_cam,
218 				    bool inform_fw)
219 {
220 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
221 	struct rtw89_vif *rtwvif;
222 	struct rtw89_addr_cam_entry *addr_cam;
223 	unsigned int i;
224 	int ret = 0;
225 
226 	if (!vif) {
227 		rtw89_err(rtwdev, "No iface for deleting sec cam\n");
228 		return -EINVAL;
229 	}
230 
231 	rtwvif = (struct rtw89_vif *)vif->drv_priv;
232 	addr_cam = rtw89_get_addr_cam_of(rtwvif, rtwsta);
233 
234 	for_each_set_bit(i, addr_cam->sec_cam_map, RTW89_SEC_CAM_IN_ADDR_CAM) {
235 		if (addr_cam->sec_ent[i] != sec_cam->sec_cam_idx)
236 			continue;
237 
238 		clear_bit(i, addr_cam->sec_cam_map);
239 	}
240 
241 	if (inform_fw) {
242 		ret = rtw89_chip_h2c_dctl_sec_cam(rtwdev, rtwvif, rtwsta);
243 		if (ret)
244 			rtw89_err(rtwdev,
245 				  "failed to update dctl cam del key: %d\n", ret);
246 		ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL);
247 		if (ret)
248 			rtw89_err(rtwdev, "failed to update cam del key: %d\n", ret);
249 	}
250 
251 	return ret;
252 }
253 
254 static int rtw89_cam_attach_sec_cam(struct rtw89_dev *rtwdev,
255 				    struct ieee80211_vif *vif,
256 				    struct ieee80211_sta *sta,
257 				    struct ieee80211_key_conf *key,
258 				    struct rtw89_sec_cam_entry *sec_cam)
259 {
260 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
261 	struct rtw89_vif *rtwvif;
262 	struct rtw89_addr_cam_entry *addr_cam;
263 	u8 key_idx = 0;
264 	int ret;
265 
266 	if (!vif) {
267 		rtw89_err(rtwdev, "No iface for adding sec cam\n");
268 		return -EINVAL;
269 	}
270 
271 	rtwvif = (struct rtw89_vif *)vif->drv_priv;
272 	addr_cam = rtw89_get_addr_cam_of(rtwvif, rtwsta);
273 
274 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
275 	    key->cipher == WLAN_CIPHER_SUITE_WEP104)
276 		addr_cam->sec_ent_mode = RTW89_ADDR_CAM_SEC_ALL_UNI;
277 
278 	ret = rtw89_cam_get_addr_cam_key_idx(addr_cam, sec_cam, key, &key_idx);
279 	if (ret) {
280 		rtw89_err(rtwdev, "failed to get addr cam key idx %d, %d\n",
281 			  addr_cam->sec_ent_mode, sec_cam->type);
282 		return ret;
283 	}
284 
285 	addr_cam->sec_ent_keyid[key_idx] = key->keyidx;
286 	addr_cam->sec_ent[key_idx] = sec_cam->sec_cam_idx;
287 	set_bit(key_idx, addr_cam->sec_cam_map);
288 	ret = rtw89_chip_h2c_dctl_sec_cam(rtwdev, rtwvif, rtwsta);
289 	if (ret) {
290 		rtw89_err(rtwdev, "failed to update dctl cam sec entry: %d\n",
291 			  ret);
292 		return ret;
293 	}
294 	ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL);
295 	if (ret) {
296 		rtw89_err(rtwdev, "failed to update addr cam sec entry: %d\n",
297 			  ret);
298 		clear_bit(key_idx, addr_cam->sec_cam_map);
299 		return ret;
300 	}
301 
302 	return 0;
303 }
304 
305 static int rtw89_cam_sec_key_install(struct rtw89_dev *rtwdev,
306 				     struct ieee80211_vif *vif,
307 				     struct ieee80211_sta *sta,
308 				     struct ieee80211_key_conf *key,
309 				     u8 hw_key_type, bool ext_key)
310 {
311 	struct rtw89_sec_cam_entry *sec_cam = NULL;
312 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
313 	u8 sec_cam_idx;
314 	int ret;
315 
316 	/* maximum key length 256-bit */
317 	if (key->keylen > 32) {
318 		rtw89_err(rtwdev, "invalid sec key length %d\n", key->keylen);
319 		return -EINVAL;
320 	}
321 
322 	ret = rtw89_cam_get_avail_sec_cam(rtwdev, &sec_cam_idx, ext_key);
323 	if (ret) {
324 		rtw89_warn(rtwdev, "no available sec cam: %d ext: %d\n",
325 			   ret, ext_key);
326 		return ret;
327 	}
328 
329 	sec_cam = kzalloc(sizeof(*sec_cam), GFP_KERNEL);
330 	if (!sec_cam) {
331 		ret = -ENOMEM;
332 		goto err_release_cam;
333 	}
334 
335 	key->hw_key_idx = sec_cam_idx;
336 	cam_info->sec_entries[sec_cam_idx] = sec_cam;
337 
338 	sec_cam->sec_cam_idx = sec_cam_idx;
339 	sec_cam->type = hw_key_type;
340 	sec_cam->len = RTW89_SEC_CAM_LEN;
341 	sec_cam->ext_key = ext_key;
342 	memcpy(sec_cam->key, key->key, key->keylen);
343 	ret = rtw89_cam_send_sec_key_cmd(rtwdev, sec_cam);
344 	if (ret) {
345 		rtw89_err(rtwdev, "failed to send sec key cmd: %d\n", ret);
346 		goto err_release_cam;
347 	}
348 
349 	/* associate with addr cam */
350 	ret = rtw89_cam_attach_sec_cam(rtwdev, vif, sta, key, sec_cam);
351 	if (ret) {
352 		rtw89_err(rtwdev, "failed to attach sec cam: %d\n", ret);
353 		goto err_release_cam;
354 	}
355 
356 	return 0;
357 
358 err_release_cam:
359 	cam_info->sec_entries[sec_cam_idx] = NULL;
360 	kfree(sec_cam);
361 	clear_bit(sec_cam_idx, cam_info->sec_cam_map);
362 	if (ext_key)
363 		clear_bit(sec_cam_idx + 1, cam_info->sec_cam_map);
364 
365 	return ret;
366 }
367 
368 int rtw89_cam_sec_key_add(struct rtw89_dev *rtwdev,
369 			  struct ieee80211_vif *vif,
370 			  struct ieee80211_sta *sta,
371 			  struct ieee80211_key_conf *key)
372 {
373 	const struct rtw89_chip_info *chip = rtwdev->chip;
374 	u8 hw_key_type;
375 	bool ext_key = false;
376 	int ret;
377 
378 	switch (key->cipher) {
379 	case WLAN_CIPHER_SUITE_WEP40:
380 		hw_key_type = RTW89_SEC_KEY_TYPE_WEP40;
381 		break;
382 	case WLAN_CIPHER_SUITE_WEP104:
383 		hw_key_type = RTW89_SEC_KEY_TYPE_WEP104;
384 		break;
385 	case WLAN_CIPHER_SUITE_CCMP:
386 		hw_key_type = RTW89_SEC_KEY_TYPE_CCMP128;
387 		key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX;
388 		break;
389 	case WLAN_CIPHER_SUITE_CCMP_256:
390 		hw_key_type = RTW89_SEC_KEY_TYPE_CCMP256;
391 		key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX;
392 		ext_key = true;
393 		break;
394 	case WLAN_CIPHER_SUITE_GCMP:
395 		hw_key_type = RTW89_SEC_KEY_TYPE_GCMP128;
396 		key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX;
397 		break;
398 	case WLAN_CIPHER_SUITE_GCMP_256:
399 		hw_key_type = RTW89_SEC_KEY_TYPE_GCMP256;
400 		key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX;
401 		ext_key = true;
402 		break;
403 	case WLAN_CIPHER_SUITE_AES_CMAC:
404 		hw_key_type = RTW89_SEC_KEY_TYPE_BIP_CCMP128;
405 		break;
406 	default:
407 		return -EOPNOTSUPP;
408 	}
409 
410 	if (!chip->hw_sec_hdr)
411 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
412 
413 	ret = rtw89_cam_sec_key_install(rtwdev, vif, sta, key, hw_key_type,
414 					ext_key);
415 	if (ret) {
416 		rtw89_err(rtwdev, "failed to install key type %d ext %d: %d\n",
417 			  hw_key_type, ext_key, ret);
418 		return ret;
419 	}
420 
421 	return 0;
422 }
423 
424 int rtw89_cam_sec_key_del(struct rtw89_dev *rtwdev,
425 			  struct ieee80211_vif *vif,
426 			  struct ieee80211_sta *sta,
427 			  struct ieee80211_key_conf *key,
428 			  bool inform_fw)
429 {
430 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
431 	const struct rtw89_sec_cam_entry *sec_cam;
432 	u8 sec_cam_idx;
433 	int ret;
434 
435 	sec_cam_idx = key->hw_key_idx;
436 	sec_cam = cam_info->sec_entries[sec_cam_idx];
437 	if (!sec_cam)
438 		return -EINVAL;
439 
440 	ret = rtw89_cam_detach_sec_cam(rtwdev, vif, sta, sec_cam, inform_fw);
441 
442 	/* clear valid bit in addr cam will disable sec cam,
443 	 * so we don't need to send H2C command again
444 	 */
445 	cam_info->sec_entries[sec_cam_idx] = NULL;
446 	clear_bit(sec_cam_idx, cam_info->sec_cam_map);
447 	if (sec_cam->ext_key)
448 		clear_bit(sec_cam_idx + 1, cam_info->sec_cam_map);
449 
450 	kfree(sec_cam);
451 
452 	return ret;
453 }
454 
455 static void rtw89_cam_reset_key_iter(struct ieee80211_hw *hw,
456 				     struct ieee80211_vif *vif,
457 				     struct ieee80211_sta *sta,
458 				     struct ieee80211_key_conf *key,
459 				     void *data)
460 {
461 	struct rtw89_dev *rtwdev = (struct rtw89_dev *)data;
462 
463 	rtw89_cam_sec_key_del(rtwdev, vif, sta, key, false);
464 }
465 
466 void rtw89_cam_deinit_addr_cam(struct rtw89_dev *rtwdev,
467 			       struct rtw89_addr_cam_entry *addr_cam)
468 {
469 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
470 
471 	addr_cam->valid = false;
472 	clear_bit(addr_cam->addr_cam_idx, cam_info->addr_cam_map);
473 }
474 
475 void rtw89_cam_deinit_bssid_cam(struct rtw89_dev *rtwdev,
476 				struct rtw89_bssid_cam_entry *bssid_cam)
477 {
478 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
479 
480 	bssid_cam->valid = false;
481 	clear_bit(bssid_cam->bssid_cam_idx, cam_info->bssid_cam_map);
482 }
483 
484 void rtw89_cam_deinit(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
485 {
486 	struct rtw89_addr_cam_entry *addr_cam = &rtwvif->addr_cam;
487 	struct rtw89_bssid_cam_entry *bssid_cam = &rtwvif->bssid_cam;
488 
489 	rtw89_cam_deinit_addr_cam(rtwdev, addr_cam);
490 	rtw89_cam_deinit_bssid_cam(rtwdev, bssid_cam);
491 }
492 
493 void rtw89_cam_reset_keys(struct rtw89_dev *rtwdev)
494 {
495 	rcu_read_lock();
496 	ieee80211_iter_keys_rcu(rtwdev->hw, NULL, rtw89_cam_reset_key_iter, rtwdev);
497 	rcu_read_unlock();
498 }
499 
500 static int rtw89_cam_get_avail_addr_cam(struct rtw89_dev *rtwdev,
501 					u8 *addr_cam_idx)
502 {
503 	const struct rtw89_chip_info *chip = rtwdev->chip;
504 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
505 	u8 addr_cam_num = chip->acam_num;
506 	u8 idx;
507 
508 	idx = find_first_zero_bit(cam_info->addr_cam_map, addr_cam_num);
509 	if (idx >= addr_cam_num)
510 		return -EBUSY;
511 
512 	set_bit(idx, cam_info->addr_cam_map);
513 	*addr_cam_idx = idx;
514 
515 	return 0;
516 }
517 
518 static u8 rtw89_get_addr_cam_entry_size(struct rtw89_dev *rtwdev)
519 {
520 	const struct rtw89_chip_info *chip = rtwdev->chip;
521 
522 	switch (chip->chip_id) {
523 	case RTL8852A:
524 	case RTL8852B:
525 	case RTL8851B:
526 	case RTL8852BT:
527 		return ADDR_CAM_ENT_SIZE;
528 	default:
529 		return ADDR_CAM_ENT_SHORT_SIZE;
530 	}
531 }
532 
533 int rtw89_cam_init_addr_cam(struct rtw89_dev *rtwdev,
534 			    struct rtw89_addr_cam_entry *addr_cam,
535 			    const struct rtw89_bssid_cam_entry *bssid_cam)
536 {
537 	u8 addr_cam_idx;
538 	int i;
539 	int ret;
540 
541 	if (unlikely(addr_cam->valid)) {
542 		rtw89_debug(rtwdev, RTW89_DBG_FW,
543 			    "addr cam is already valid; skip init\n");
544 		return 0;
545 	}
546 
547 	ret = rtw89_cam_get_avail_addr_cam(rtwdev, &addr_cam_idx);
548 	if (ret) {
549 		rtw89_err(rtwdev, "failed to get available addr cam\n");
550 		return ret;
551 	}
552 
553 	addr_cam->addr_cam_idx = addr_cam_idx;
554 	addr_cam->len = rtw89_get_addr_cam_entry_size(rtwdev);
555 	addr_cam->offset = 0;
556 	addr_cam->valid = true;
557 	addr_cam->addr_mask = 0;
558 	addr_cam->mask_sel = RTW89_NO_MSK;
559 	addr_cam->sec_ent_mode = RTW89_ADDR_CAM_SEC_NORMAL;
560 	bitmap_zero(addr_cam->sec_cam_map, RTW89_SEC_CAM_IN_ADDR_CAM);
561 
562 	for (i = 0; i < RTW89_SEC_CAM_IN_ADDR_CAM; i++) {
563 		addr_cam->sec_ent_keyid[i] = 0;
564 		addr_cam->sec_ent[i] = 0;
565 	}
566 
567 	/* associate addr cam with bssid cam */
568 	addr_cam->bssid_cam_idx = bssid_cam->bssid_cam_idx;
569 
570 	return 0;
571 }
572 
573 static int rtw89_cam_get_avail_bssid_cam(struct rtw89_dev *rtwdev,
574 					 u8 *bssid_cam_idx)
575 {
576 	const struct rtw89_chip_info *chip = rtwdev->chip;
577 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
578 	u8 bssid_cam_num = chip->bcam_num;
579 	u8 idx;
580 
581 	idx = find_first_zero_bit(cam_info->bssid_cam_map, bssid_cam_num);
582 	if (idx >= bssid_cam_num)
583 		return -EBUSY;
584 
585 	set_bit(idx, cam_info->bssid_cam_map);
586 	*bssid_cam_idx = idx;
587 
588 	return 0;
589 }
590 
591 int rtw89_cam_init_bssid_cam(struct rtw89_dev *rtwdev,
592 			     struct rtw89_vif *rtwvif,
593 			     struct rtw89_bssid_cam_entry *bssid_cam,
594 			     const u8 *bssid)
595 {
596 	u8 bssid_cam_idx;
597 	int ret;
598 
599 	if (unlikely(bssid_cam->valid)) {
600 		rtw89_debug(rtwdev, RTW89_DBG_FW,
601 			    "bssid cam is already valid; skip init\n");
602 		return 0;
603 	}
604 
605 	ret = rtw89_cam_get_avail_bssid_cam(rtwdev, &bssid_cam_idx);
606 	if (ret) {
607 		rtw89_err(rtwdev, "failed to get available bssid cam\n");
608 		return ret;
609 	}
610 
611 	bssid_cam->bssid_cam_idx = bssid_cam_idx;
612 	bssid_cam->phy_idx = rtwvif->phy_idx;
613 	bssid_cam->len = BSSID_CAM_ENT_SIZE;
614 	bssid_cam->offset = 0;
615 	bssid_cam->valid = true;
616 	ether_addr_copy(bssid_cam->bssid, bssid);
617 
618 	return 0;
619 }
620 
621 void rtw89_cam_bssid_changed(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
622 {
623 	struct rtw89_bssid_cam_entry *bssid_cam = &rtwvif->bssid_cam;
624 
625 	ether_addr_copy(bssid_cam->bssid, rtwvif->bssid);
626 }
627 
628 int rtw89_cam_init(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
629 {
630 	struct rtw89_addr_cam_entry *addr_cam = &rtwvif->addr_cam;
631 	struct rtw89_bssid_cam_entry *bssid_cam = &rtwvif->bssid_cam;
632 	int ret;
633 
634 	ret = rtw89_cam_init_bssid_cam(rtwdev, rtwvif, bssid_cam, rtwvif->bssid);
635 	if (ret) {
636 		rtw89_err(rtwdev, "failed to init bssid cam\n");
637 		return ret;
638 	}
639 
640 	ret = rtw89_cam_init_addr_cam(rtwdev, addr_cam, bssid_cam);
641 	if (ret) {
642 		rtw89_err(rtwdev, "failed to init addr cam\n");
643 		return ret;
644 	}
645 
646 	return 0;
647 }
648 
649 int rtw89_cam_fill_bssid_cam_info(struct rtw89_dev *rtwdev,
650 				  struct rtw89_vif *rtwvif,
651 				  struct rtw89_sta *rtwsta, u8 *cmd)
652 {
653 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
654 	struct rtw89_bssid_cam_entry *bssid_cam = rtw89_get_bssid_cam_of(rtwvif, rtwsta);
655 	u8 bss_color = vif->bss_conf.he_bss_color.color;
656 	u8 bss_mask;
657 
658 	if (vif->bss_conf.nontransmitted)
659 		bss_mask = RTW89_BSSID_MATCH_5_BYTES;
660 	else
661 		bss_mask = RTW89_BSSID_MATCH_ALL;
662 
663 	FWCMD_SET_ADDR_BSSID_IDX(cmd, bssid_cam->bssid_cam_idx);
664 	FWCMD_SET_ADDR_BSSID_OFFSET(cmd, bssid_cam->offset);
665 	FWCMD_SET_ADDR_BSSID_LEN(cmd, bssid_cam->len);
666 	FWCMD_SET_ADDR_BSSID_VALID(cmd, bssid_cam->valid);
667 	FWCMD_SET_ADDR_BSSID_MASK(cmd, bss_mask);
668 	FWCMD_SET_ADDR_BSSID_BB_SEL(cmd, bssid_cam->phy_idx);
669 	FWCMD_SET_ADDR_BSSID_BSS_COLOR(cmd, bss_color);
670 
671 	FWCMD_SET_ADDR_BSSID_BSSID0(cmd, bssid_cam->bssid[0]);
672 	FWCMD_SET_ADDR_BSSID_BSSID1(cmd, bssid_cam->bssid[1]);
673 	FWCMD_SET_ADDR_BSSID_BSSID2(cmd, bssid_cam->bssid[2]);
674 	FWCMD_SET_ADDR_BSSID_BSSID3(cmd, bssid_cam->bssid[3]);
675 	FWCMD_SET_ADDR_BSSID_BSSID4(cmd, bssid_cam->bssid[4]);
676 	FWCMD_SET_ADDR_BSSID_BSSID5(cmd, bssid_cam->bssid[5]);
677 
678 	return 0;
679 }
680 
681 static u8 rtw89_cam_addr_hash(u8 start, const u8 *addr)
682 {
683 	u8 hash = 0;
684 	u8 i;
685 
686 	for (i = start; i < ETH_ALEN; i++)
687 		hash ^= addr[i];
688 
689 	return hash;
690 }
691 
692 void rtw89_cam_fill_addr_cam_info(struct rtw89_dev *rtwdev,
693 				  struct rtw89_vif *rtwvif,
694 				  struct rtw89_sta *rtwsta,
695 				  const u8 *scan_mac_addr,
696 				  u8 *cmd)
697 {
698 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
699 	struct rtw89_addr_cam_entry *addr_cam = rtw89_get_addr_cam_of(rtwvif, rtwsta);
700 	struct ieee80211_sta *sta = rtwsta_to_sta_safe(rtwsta);
701 	const u8 *sma = scan_mac_addr ? scan_mac_addr : rtwvif->mac_addr;
702 	u8 sma_hash, tma_hash, addr_msk_start;
703 	u8 sma_start = 0;
704 	u8 tma_start = 0;
705 	u8 *tma = sta ? sta->addr : rtwvif->bssid;
706 
707 	if (addr_cam->addr_mask != 0) {
708 		addr_msk_start = __ffs(addr_cam->addr_mask);
709 		if (addr_cam->mask_sel == RTW89_SMA)
710 			sma_start = addr_msk_start;
711 		else if (addr_cam->mask_sel == RTW89_TMA)
712 			tma_start = addr_msk_start;
713 	}
714 	sma_hash = rtw89_cam_addr_hash(sma_start, sma);
715 	tma_hash = rtw89_cam_addr_hash(tma_start, tma);
716 
717 	FWCMD_SET_ADDR_IDX(cmd, addr_cam->addr_cam_idx);
718 	FWCMD_SET_ADDR_OFFSET(cmd, addr_cam->offset);
719 	FWCMD_SET_ADDR_LEN(cmd, addr_cam->len);
720 
721 	FWCMD_SET_ADDR_VALID(cmd, addr_cam->valid);
722 	FWCMD_SET_ADDR_NET_TYPE(cmd, rtwvif->net_type);
723 	FWCMD_SET_ADDR_BCN_HIT_COND(cmd, rtwvif->bcn_hit_cond);
724 	FWCMD_SET_ADDR_HIT_RULE(cmd, rtwvif->hit_rule);
725 	FWCMD_SET_ADDR_BB_SEL(cmd, rtwvif->phy_idx);
726 	FWCMD_SET_ADDR_ADDR_MASK(cmd, addr_cam->addr_mask);
727 	FWCMD_SET_ADDR_MASK_SEL(cmd, addr_cam->mask_sel);
728 	FWCMD_SET_ADDR_SMA_HASH(cmd, sma_hash);
729 	FWCMD_SET_ADDR_TMA_HASH(cmd, tma_hash);
730 
731 	FWCMD_SET_ADDR_BSSID_CAM_IDX(cmd, addr_cam->bssid_cam_idx);
732 
733 	FWCMD_SET_ADDR_SMA0(cmd, sma[0]);
734 	FWCMD_SET_ADDR_SMA1(cmd, sma[1]);
735 	FWCMD_SET_ADDR_SMA2(cmd, sma[2]);
736 	FWCMD_SET_ADDR_SMA3(cmd, sma[3]);
737 	FWCMD_SET_ADDR_SMA4(cmd, sma[4]);
738 	FWCMD_SET_ADDR_SMA5(cmd, sma[5]);
739 
740 	FWCMD_SET_ADDR_TMA0(cmd, tma[0]);
741 	FWCMD_SET_ADDR_TMA1(cmd, tma[1]);
742 	FWCMD_SET_ADDR_TMA2(cmd, tma[2]);
743 	FWCMD_SET_ADDR_TMA3(cmd, tma[3]);
744 	FWCMD_SET_ADDR_TMA4(cmd, tma[4]);
745 	FWCMD_SET_ADDR_TMA5(cmd, tma[5]);
746 
747 	FWCMD_SET_ADDR_PORT_INT(cmd, rtwvif->port);
748 	FWCMD_SET_ADDR_TSF_SYNC(cmd, rtwvif->port);
749 	FWCMD_SET_ADDR_TF_TRS(cmd, rtwvif->trigger);
750 	FWCMD_SET_ADDR_LSIG_TXOP(cmd, rtwvif->lsig_txop);
751 	FWCMD_SET_ADDR_TGT_IND(cmd, rtwvif->tgt_ind);
752 	FWCMD_SET_ADDR_FRM_TGT_IND(cmd, rtwvif->frm_tgt_ind);
753 	FWCMD_SET_ADDR_MACID(cmd, rtwsta ? rtwsta->mac_id : rtwvif->mac_id);
754 	if (rtwvif->net_type == RTW89_NET_TYPE_INFRA)
755 		FWCMD_SET_ADDR_AID12(cmd, vif->cfg.aid & 0xfff);
756 	else if (rtwvif->net_type == RTW89_NET_TYPE_AP_MODE)
757 		FWCMD_SET_ADDR_AID12(cmd, sta ? sta->aid & 0xfff : 0);
758 	FWCMD_SET_ADDR_WOL_PATTERN(cmd, rtwvif->wowlan_pattern);
759 	FWCMD_SET_ADDR_WOL_UC(cmd, rtwvif->wowlan_uc);
760 	FWCMD_SET_ADDR_WOL_MAGIC(cmd, rtwvif->wowlan_magic);
761 	FWCMD_SET_ADDR_WAPI(cmd, addr_cam->wapi);
762 	FWCMD_SET_ADDR_SEC_ENT_MODE(cmd, addr_cam->sec_ent_mode);
763 	FWCMD_SET_ADDR_SEC_ENT0_KEYID(cmd, addr_cam->sec_ent_keyid[0]);
764 	FWCMD_SET_ADDR_SEC_ENT1_KEYID(cmd, addr_cam->sec_ent_keyid[1]);
765 	FWCMD_SET_ADDR_SEC_ENT2_KEYID(cmd, addr_cam->sec_ent_keyid[2]);
766 	FWCMD_SET_ADDR_SEC_ENT3_KEYID(cmd, addr_cam->sec_ent_keyid[3]);
767 	FWCMD_SET_ADDR_SEC_ENT4_KEYID(cmd, addr_cam->sec_ent_keyid[4]);
768 	FWCMD_SET_ADDR_SEC_ENT5_KEYID(cmd, addr_cam->sec_ent_keyid[5]);
769 	FWCMD_SET_ADDR_SEC_ENT6_KEYID(cmd, addr_cam->sec_ent_keyid[6]);
770 
771 	FWCMD_SET_ADDR_SEC_ENT_VALID(cmd, addr_cam->sec_cam_map[0] & 0xff);
772 	FWCMD_SET_ADDR_SEC_ENT0(cmd, addr_cam->sec_ent[0]);
773 	FWCMD_SET_ADDR_SEC_ENT1(cmd, addr_cam->sec_ent[1]);
774 	FWCMD_SET_ADDR_SEC_ENT2(cmd, addr_cam->sec_ent[2]);
775 	FWCMD_SET_ADDR_SEC_ENT3(cmd, addr_cam->sec_ent[3]);
776 	FWCMD_SET_ADDR_SEC_ENT4(cmd, addr_cam->sec_ent[4]);
777 	FWCMD_SET_ADDR_SEC_ENT5(cmd, addr_cam->sec_ent[5]);
778 	FWCMD_SET_ADDR_SEC_ENT6(cmd, addr_cam->sec_ent[6]);
779 }
780 
781 void rtw89_cam_fill_dctl_sec_cam_info_v1(struct rtw89_dev *rtwdev,
782 					 struct rtw89_vif *rtwvif,
783 					 struct rtw89_sta *rtwsta,
784 					 struct rtw89_h2c_dctlinfo_ud_v1 *h2c)
785 {
786 	struct rtw89_addr_cam_entry *addr_cam = rtw89_get_addr_cam_of(rtwvif, rtwsta);
787 	struct rtw89_wow_param *rtw_wow = &rtwdev->wow;
788 	u8 *ptk_tx_iv = rtw_wow->key_info.ptk_tx_iv;
789 
790 	h2c->c0 = le32_encode_bits(rtwsta ? rtwsta->mac_id : rtwvif->mac_id,
791 				   DCTLINFO_V1_C0_MACID) |
792 		  le32_encode_bits(1, DCTLINFO_V1_C0_OP);
793 
794 	h2c->w4 = le32_encode_bits(addr_cam->sec_ent_keyid[0],
795 				   DCTLINFO_V1_W4_SEC_ENT0_KEYID) |
796 		  le32_encode_bits(addr_cam->sec_ent_keyid[1],
797 				   DCTLINFO_V1_W4_SEC_ENT1_KEYID) |
798 		  le32_encode_bits(addr_cam->sec_ent_keyid[2],
799 				   DCTLINFO_V1_W4_SEC_ENT2_KEYID) |
800 		  le32_encode_bits(addr_cam->sec_ent_keyid[3],
801 				   DCTLINFO_V1_W4_SEC_ENT3_KEYID) |
802 		  le32_encode_bits(addr_cam->sec_ent_keyid[4],
803 				   DCTLINFO_V1_W4_SEC_ENT4_KEYID) |
804 		  le32_encode_bits(addr_cam->sec_ent_keyid[5],
805 				   DCTLINFO_V1_W4_SEC_ENT5_KEYID) |
806 		  le32_encode_bits(addr_cam->sec_ent_keyid[6],
807 				   DCTLINFO_V1_W4_SEC_ENT6_KEYID);
808 	h2c->m4 = cpu_to_le32(DCTLINFO_V1_W4_SEC_ENT0_KEYID |
809 			      DCTLINFO_V1_W4_SEC_ENT1_KEYID |
810 			      DCTLINFO_V1_W4_SEC_ENT2_KEYID |
811 			      DCTLINFO_V1_W4_SEC_ENT3_KEYID |
812 			      DCTLINFO_V1_W4_SEC_ENT4_KEYID |
813 			      DCTLINFO_V1_W4_SEC_ENT5_KEYID |
814 			      DCTLINFO_V1_W4_SEC_ENT6_KEYID);
815 
816 	h2c->w5 = le32_encode_bits(addr_cam->sec_cam_map[0] & 0xff,
817 				   DCTLINFO_V1_W5_SEC_ENT_VALID) |
818 		  le32_encode_bits(addr_cam->sec_ent[0],
819 				   DCTLINFO_V1_W5_SEC_ENT0) |
820 		  le32_encode_bits(addr_cam->sec_ent[1],
821 				   DCTLINFO_V1_W5_SEC_ENT1) |
822 		  le32_encode_bits(addr_cam->sec_ent[2],
823 				   DCTLINFO_V1_W5_SEC_ENT2);
824 	h2c->m5 = cpu_to_le32(DCTLINFO_V1_W5_SEC_ENT_VALID |
825 			      DCTLINFO_V1_W5_SEC_ENT0      |
826 			      DCTLINFO_V1_W5_SEC_ENT1      |
827 			      DCTLINFO_V1_W5_SEC_ENT2);
828 
829 	h2c->w6 = le32_encode_bits(addr_cam->sec_ent[3],
830 				   DCTLINFO_V1_W6_SEC_ENT3) |
831 		  le32_encode_bits(addr_cam->sec_ent[4],
832 				   DCTLINFO_V1_W6_SEC_ENT4) |
833 		  le32_encode_bits(addr_cam->sec_ent[5],
834 				   DCTLINFO_V1_W6_SEC_ENT5) |
835 		  le32_encode_bits(addr_cam->sec_ent[6],
836 				   DCTLINFO_V1_W6_SEC_ENT6);
837 	h2c->m6 = cpu_to_le32(DCTLINFO_V1_W6_SEC_ENT3 |
838 			      DCTLINFO_V1_W6_SEC_ENT4 |
839 			      DCTLINFO_V1_W6_SEC_ENT5 |
840 			      DCTLINFO_V1_W6_SEC_ENT6);
841 
842 	if (rtw_wow->ptk_alg) {
843 		h2c->w0 = le32_encode_bits(ptk_tx_iv[0] | ptk_tx_iv[1] << 8,
844 					   DCTLINFO_V1_W0_AES_IV_L);
845 		h2c->m0 = cpu_to_le32(DCTLINFO_V1_W0_AES_IV_L);
846 
847 		h2c->w1 = le32_encode_bits(ptk_tx_iv[4]       |
848 					   ptk_tx_iv[5] << 8  |
849 					   ptk_tx_iv[6] << 16 |
850 					   ptk_tx_iv[7] << 24,
851 					   DCTLINFO_V1_W1_AES_IV_H);
852 		h2c->m1 = cpu_to_le32(DCTLINFO_V1_W1_AES_IV_H);
853 
854 		h2c->w4 |= le32_encode_bits(rtw_wow->ptk_keyidx,
855 					    DCTLINFO_V1_W4_SEC_KEY_ID);
856 		h2c->m4 |= cpu_to_le32(DCTLINFO_V1_W4_SEC_KEY_ID);
857 	}
858 }
859 
860 void rtw89_cam_fill_dctl_sec_cam_info_v2(struct rtw89_dev *rtwdev,
861 					 struct rtw89_vif *rtwvif,
862 					 struct rtw89_sta *rtwsta,
863 					 struct rtw89_h2c_dctlinfo_ud_v2 *h2c)
864 {
865 	struct rtw89_addr_cam_entry *addr_cam = rtw89_get_addr_cam_of(rtwvif, rtwsta);
866 	struct rtw89_wow_param *rtw_wow = &rtwdev->wow;
867 	u8 *ptk_tx_iv = rtw_wow->key_info.ptk_tx_iv;
868 
869 	h2c->c0 = le32_encode_bits(rtwsta ? rtwsta->mac_id : rtwvif->mac_id,
870 				   DCTLINFO_V2_C0_MACID) |
871 		  le32_encode_bits(1, DCTLINFO_V2_C0_OP);
872 
873 	h2c->w4 = le32_encode_bits(addr_cam->sec_ent_keyid[0],
874 				   DCTLINFO_V2_W4_SEC_ENT0_KEYID) |
875 		  le32_encode_bits(addr_cam->sec_ent_keyid[1],
876 				   DCTLINFO_V2_W4_SEC_ENT1_KEYID) |
877 		  le32_encode_bits(addr_cam->sec_ent_keyid[2],
878 				   DCTLINFO_V2_W4_SEC_ENT2_KEYID) |
879 		  le32_encode_bits(addr_cam->sec_ent_keyid[3],
880 				   DCTLINFO_V2_W4_SEC_ENT3_KEYID) |
881 		  le32_encode_bits(addr_cam->sec_ent_keyid[4],
882 				   DCTLINFO_V2_W4_SEC_ENT4_KEYID) |
883 		  le32_encode_bits(addr_cam->sec_ent_keyid[5],
884 				   DCTLINFO_V2_W4_SEC_ENT5_KEYID) |
885 		  le32_encode_bits(addr_cam->sec_ent_keyid[6],
886 				   DCTLINFO_V2_W4_SEC_ENT6_KEYID);
887 	h2c->m4 = cpu_to_le32(DCTLINFO_V2_W4_SEC_ENT0_KEYID |
888 			      DCTLINFO_V2_W4_SEC_ENT1_KEYID |
889 			      DCTLINFO_V2_W4_SEC_ENT2_KEYID |
890 			      DCTLINFO_V2_W4_SEC_ENT3_KEYID |
891 			      DCTLINFO_V2_W4_SEC_ENT4_KEYID |
892 			      DCTLINFO_V2_W4_SEC_ENT5_KEYID |
893 			      DCTLINFO_V2_W4_SEC_ENT6_KEYID);
894 
895 	h2c->w5 = le32_encode_bits(addr_cam->sec_cam_map[0],
896 				   DCTLINFO_V2_W5_SEC_ENT_VALID_V1) |
897 		  le32_encode_bits(addr_cam->sec_ent[0],
898 				   DCTLINFO_V2_W5_SEC_ENT0_V1);
899 	h2c->m5 = cpu_to_le32(DCTLINFO_V2_W5_SEC_ENT_VALID_V1 |
900 			      DCTLINFO_V2_W5_SEC_ENT0_V1);
901 
902 	h2c->w6 = le32_encode_bits(addr_cam->sec_ent[1],
903 				   DCTLINFO_V2_W6_SEC_ENT1_V1) |
904 		  le32_encode_bits(addr_cam->sec_ent[2],
905 				   DCTLINFO_V2_W6_SEC_ENT2_V1) |
906 		  le32_encode_bits(addr_cam->sec_ent[3],
907 				   DCTLINFO_V2_W6_SEC_ENT3_V1) |
908 		  le32_encode_bits(addr_cam->sec_ent[4],
909 				   DCTLINFO_V2_W6_SEC_ENT4_V1);
910 	h2c->m6 = cpu_to_le32(DCTLINFO_V2_W6_SEC_ENT1_V1 |
911 			      DCTLINFO_V2_W6_SEC_ENT2_V1 |
912 			      DCTLINFO_V2_W6_SEC_ENT3_V1 |
913 			      DCTLINFO_V2_W6_SEC_ENT4_V1);
914 
915 	h2c->w7 = le32_encode_bits(addr_cam->sec_ent[5],
916 				   DCTLINFO_V2_W7_SEC_ENT5_V1) |
917 		  le32_encode_bits(addr_cam->sec_ent[6],
918 				   DCTLINFO_V2_W7_SEC_ENT6_V1);
919 	h2c->m7 = cpu_to_le32(DCTLINFO_V2_W7_SEC_ENT5_V1 |
920 			      DCTLINFO_V2_W7_SEC_ENT6_V1);
921 
922 	if (rtw_wow->ptk_alg) {
923 		h2c->w0 = le32_encode_bits(ptk_tx_iv[0] | ptk_tx_iv[1] << 8,
924 					   DCTLINFO_V2_W0_AES_IV_L);
925 		h2c->m0 = cpu_to_le32(DCTLINFO_V2_W0_AES_IV_L);
926 
927 		h2c->w1 = le32_encode_bits(ptk_tx_iv[4] |
928 					   ptk_tx_iv[5] << 8 |
929 					   ptk_tx_iv[6] << 16 |
930 					   ptk_tx_iv[7] << 24,
931 					   DCTLINFO_V2_W1_AES_IV_H);
932 		h2c->m1 = cpu_to_le32(DCTLINFO_V2_W1_AES_IV_H);
933 
934 		h2c->w4 |= le32_encode_bits(rtw_wow->ptk_keyidx,
935 					    DCTLINFO_V2_W4_SEC_KEY_ID);
936 		h2c->m4 |= cpu_to_le32(DCTLINFO_V2_W4_SEC_KEY_ID);
937 	}
938 }
939