From 8d431e79f0a34348da50dd3bb8822de89d9b2a2c Mon Sep 17 00:00:00 2001
From: hanwckf <hanwckf@vip.qq.com>
Date: Sat, 26 Aug 2023 16:38:23 +0800
Subject: [PATCH] luci-app-mtk: add security info to stainfo

mt_wifi: send security info to userspace stainfo
---
 .../luasrc/controller/mtkwifi.lua             |  1 +
 .../view/admin_mtk/mtk_wifi_overview.htm      |  6 +-
 .../luci-app-mtk/po/zh_Hans/mtk.po            |  3 +
 .../applications/luci-app-mtk/src/Makefile    |  2 +-
 .../luci-app-mtk/src/ioctl_helper.c           | 12 ++-
 .../applications/luci-app-mtk/src/mtwifi.h    | 90 +++++++++++++++++++
 .../applications/luci-app-mtk/src/security.c  | 79 ++++++++++++++++
 .../patches/009-add-secinfo-to-stainfo.patch  | 27 ++++++
 8 files changed, 216 insertions(+), 4 deletions(-)
 create mode 100644 package/mtk/applications/luci-app-mtk/src/security.c
 create mode 100644 package/mtk/drivers/mt_wifi/patches/009-add-secinfo-to-stainfo.patch

diff --git a/package/mtk/applications/luci-app-mtk/luasrc/controller/mtkwifi.lua b/package/mtk/applications/luci-app-mtk/luasrc/controller/mtkwifi.lua
index cdc7d15289..f140ba81c1 100644
--- a/package/mtk/applications/luci-app-mtk/luasrc/controller/mtkwifi.lua
+++ b/package/mtk/applications/luci-app-mtk/luasrc/controller/mtkwifi.lua
@@ -965,6 +965,7 @@ function sta_info(ifname)
             end
             table.insert(output, stalist[i])
         end
+        stalist[i].security = stalist[i].AuthMode.."-"..stalist[i].EncryptMode
     end
     http.write_json(output)
 end
diff --git a/package/mtk/applications/luci-app-mtk/luasrc/view/admin_mtk/mtk_wifi_overview.htm b/package/mtk/applications/luci-app-mtk/luasrc/view/admin_mtk/mtk_wifi_overview.htm
index ccf4f64ce4..1be7da584b 100644
--- a/package/mtk/applications/luci-app-mtk/luasrc/view/admin_mtk/mtk_wifi_overview.htm
+++ b/package/mtk/applications/luci-app-mtk/luasrc/view/admin_mtk/mtk_wifi_overview.htm
@@ -210,6 +210,7 @@ local chipname
                 <th class="cbi-section-table-cell">SSID</th>
                 <th class="cbi-section-table-cell"><%:MAC-Address%></th>
                 <th class="cbi-section-table-cell"><%:Hostname%></th>
+                <th class="cbi-section-table-cell"><%:Security%></th>
                 <th class="cbi-section-table-cell"><%:Signal%> (dBm)</th>
                 <th class="cbi-section-table-cell"><%:TX Rate%></th>
                 <th class="cbi-section-table-cell"><%:RX Rate%></th>
@@ -268,7 +269,10 @@ local chipname
                 host_str = host_str + "<br>" + sta_list[i].ipv6
             td_cell = tr_row.insertCell(-1);
             td_cell.innerHTML = host_str;
-            
+
+            td_cell = tr_row.insertCell(-1);
+            td_cell.innerHTML = sta_list[i].security;
+
             rssi_str = sta_list[i].AvgRssi0;
             if (is_rssi_valid(sta_list[i].AvgRssi1))
                 rssi_str = rssi_str + ", " + sta_list[i].AvgRssi1;
diff --git a/package/mtk/applications/luci-app-mtk/po/zh_Hans/mtk.po b/package/mtk/applications/luci-app-mtk/po/zh_Hans/mtk.po
index b5ca8c1579..b4a92b9c8c 100644
--- a/package/mtk/applications/luci-app-mtk/po/zh_Hans/mtk.po
+++ b/package/mtk/applications/luci-app-mtk/po/zh_Hans/mtk.po
@@ -438,3 +438,6 @@ msgstr "Radius空闲超时时间为空。"
 
 msgid "IGMP Snooping"
 msgstr "IGMP 侦听"
+
+msgid "Security"
+msgstr "安全性"
diff --git a/package/mtk/applications/luci-app-mtk/src/Makefile b/package/mtk/applications/luci-app-mtk/src/Makefile
index 8fd6366a18..81ce66a831 100644
--- a/package/mtk/applications/luci-app-mtk/src/Makefile
+++ b/package/mtk/applications/luci-app-mtk/src/Makefile
@@ -1,4 +1,4 @@
-OBJ_IOCTL = ioctl_helper.o rate_calc.o
+OBJ_IOCTL = ioctl_helper.o rate_calc.o security.o
 CFLAGS += -I.
 CFLAGS += -I$(ROOTDIR)/user/luci/lua-5.1.5/src
 CFLAGS += -Wall -shared -fPIC
diff --git a/package/mtk/applications/luci-app-mtk/src/ioctl_helper.c b/package/mtk/applications/luci-app-mtk/src/ioctl_helper.c
index 9320edad6a..87a26ed8b7 100644
--- a/package/mtk/applications/luci-app-mtk/src/ioctl_helper.c
+++ b/package/mtk/applications/luci-app-mtk/src/ioctl_helper.c
@@ -302,8 +302,8 @@ int StaInfo(lua_State *L)
 		min = (pe->ConnectedTime % 3600)/60;
 		sec = pe->ConnectedTime - hr*3600 - min*60;
 
-		 /*Creates first child table of size 32 non-array elements: */
-		lua_createtable(L, 0, 32);
+		/* Creates first child table of size 34 non-array elements: */
+		lua_createtable(L, 0, 34);
 
 		// MAC Address
 		snprintf(tmpBuff, sizeof(tmpBuff), "%02X:%02X:%02X:%02X:%02X:%02X", pe->Addr[0], pe->Addr[1], pe->Addr[2], pe->Addr[3],
@@ -536,6 +536,14 @@ int StaInfo(lua_State *L)
 		lua_pushstring(L, tmpBuff);
 		lua_setfield(L, -2, "RxRate");
 
+		snprintf(tmpBuff, sizeof(tmpBuff), "%s", GetEncryModeStr(pe->EncryMode));
+		lua_pushstring(L, tmpBuff);
+		lua_setfield(L, -2, "EncryptMode");
+
+		snprintf(tmpBuff, sizeof(tmpBuff), "%s", GetAuthModeStr(pe->AuthMode));
+		lua_pushstring(L, tmpBuff);
+		lua_setfield(L, -2, "AuthMode");
+
 		lua_settable(L, -3);
 	}
 	free(table);
diff --git a/package/mtk/applications/luci-app-mtk/src/mtwifi.h b/package/mtk/applications/luci-app-mtk/src/mtwifi.h
index 3ffd8608fc..dafc5f351a 100644
--- a/package/mtk/applications/luci-app-mtk/src/mtwifi.h
+++ b/package/mtk/applications/luci-app-mtk/src/mtwifi.h
@@ -43,6 +43,8 @@ typedef struct _RT_802_11_MAC_ENTRY_FIX {
 	HTTRANSMIT_SETTING_FIX      LastRxRate;
 	short                   StreamSnr[3];
 	short                   SoundingRespSnr[3];
+	UINT32					EncryMode;
+	UINT32					AuthMode;
 } RT_802_11_MAC_ENTRY_FIX;
 
 #define MAX_NUMBER_OF_MAC               544
@@ -116,6 +118,92 @@ enum oid_bw {
 #define BW_20_242TONE	BAND_WIDTH_20_242TONE
 #define BW_NUM		BAND_WIDTH_NUM
 
+typedef enum _SEC_CIPHER_MODE {
+	SEC_CIPHER_NONE,
+	SEC_CIPHER_WEP40,
+	SEC_CIPHER_WEP104,
+	SEC_CIPHER_WEP128,
+	SEC_CIPHER_TKIP,
+	SEC_CIPHER_CCMP128,
+	SEC_CIPHER_CCMP256,
+	SEC_CIPHER_GCMP128,
+	SEC_CIPHER_GCMP256,
+	SEC_CIPHER_BIP_CMAC128,
+	SEC_CIPHER_BIP_CMAC256,
+	SEC_CIPHER_BIP_GMAC128,
+	SEC_CIPHER_BIP_GMAC256,
+	SEC_CIPHER_WPI_SMS4, /* WPI SMS4 support */
+	SEC_CIPHER_MAX /* Not a real mode, defined as upper bound */
+} SEC_CIPHER_MODE;
+
+#define IS_CIPHER_NONE(_Cipher)          (((_Cipher) & (1 << SEC_CIPHER_NONE)) > 0)
+#define IS_CIPHER_WEP40(_Cipher)          (((_Cipher) & (1 << SEC_CIPHER_WEP40)) > 0)
+#define IS_CIPHER_WEP104(_Cipher)        (((_Cipher) & (1 << SEC_CIPHER_WEP104)) > 0)
+#define IS_CIPHER_WEP128(_Cipher)        (((_Cipher) & (1 << SEC_CIPHER_WEP128)) > 0)
+#define IS_CIPHER_WEP(_Cipher)              (((_Cipher) & ((1 << SEC_CIPHER_WEP40) | (1 << SEC_CIPHER_WEP104) | (1 << SEC_CIPHER_WEP128))) > 0)
+#define IS_CIPHER_TKIP(_Cipher)              (((_Cipher) & (1 << SEC_CIPHER_TKIP)) > 0)
+#define IS_CIPHER_WEP_TKIP_ONLY(_Cipher)     ((IS_CIPHER_WEP(_Cipher) || IS_CIPHER_TKIP(_Cipher)) && (_Cipher < (1 << SEC_CIPHER_CCMP128)))
+#define IS_CIPHER_CCMP128(_Cipher)      (((_Cipher) & (1 << SEC_CIPHER_CCMP128)) > 0)
+#define IS_CIPHER_CCMP256(_Cipher)      (((_Cipher) & (1 << SEC_CIPHER_CCMP256)) > 0)
+#define IS_CIPHER_GCMP128(_Cipher)     (((_Cipher) & (1 << SEC_CIPHER_GCMP128)) > 0)
+#define IS_CIPHER_GCMP256(_Cipher)     (((_Cipher) & (1 << SEC_CIPHER_GCMP256)) > 0)
+#define IS_CIPHER_BIP_CMAC128(_Cipher)     (((_Cipher) & (1 << SEC_CIPHER_BIP_CMAC128)) > 0)
+#define IS_CIPHER_BIP_CMAC256(_Cipher)     (((_Cipher) & (1 << SEC_CIPHER_BIP_CMAC256)) > 0)
+#define IS_CIPHER_BIP_GMAC128(_Cipher)     (((_Cipher) & (1 << SEC_CIPHER_BIP_GMAC128)) > 0)
+#define IS_CIPHER_BIP_GMAC256(_Cipher)     (((_Cipher) & (1 << SEC_CIPHER_BIP_GMAC256)) > 0)
+
+/* 802.11 authentication and key management */
+typedef enum _SEC_AKM_MODE {
+	SEC_AKM_OPEN,
+	SEC_AKM_SHARED,
+	SEC_AKM_AUTOSWITCH,
+	SEC_AKM_WPA1, /* Enterprise security over 802.1x */
+	SEC_AKM_WPA1PSK,
+	SEC_AKM_WPANone, /* For Win IBSS, directly PTK, no handshark */
+	SEC_AKM_WPA2, /* Enterprise security over 802.1x */
+	SEC_AKM_WPA2PSK,
+	SEC_AKM_FT_WPA2,
+	SEC_AKM_FT_WPA2PSK,
+	SEC_AKM_WPA2_SHA256,
+	SEC_AKM_WPA2PSK_SHA256,
+	SEC_AKM_TDLS,
+	SEC_AKM_SAE_SHA256,
+	SEC_AKM_FT_SAE_SHA256,
+	SEC_AKM_SUITEB_SHA256,
+	SEC_AKM_SUITEB_SHA384,
+	SEC_AKM_FT_WPA2_SHA384,
+	SEC_AKM_WAICERT, /* WAI certificate authentication */
+	SEC_AKM_WAIPSK, /* WAI pre-shared key */
+	SEC_AKM_OWE,
+	SEC_AKM_FILS_SHA256,
+	SEC_AKM_FILS_SHA384,
+	SEC_AKM_WPA3, /* WPA3(ent) = WPA2(ent) + PMF MFPR=1 => WPA3 code flow is same as WPA2, the usage of SEC_AKM_WPA3 is to force pmf on */
+	SEC_AKM_MAX /* Not a real mode, defined as upper bound */
+} SEC_AKM_MODE;
+
+#define IS_AKM_OPEN(_AKMMap)                           ((_AKMMap & (1 << SEC_AKM_OPEN)) > 0)
+#define IS_AKM_SHARED(_AKMMap)                       ((_AKMMap & (1 << SEC_AKM_SHARED)) > 0)
+#define IS_AKM_AUTOSWITCH(_AKMMap)              ((_AKMMap & (1 << SEC_AKM_AUTOSWITCH)) > 0)
+#define IS_AKM_WPA1(_AKMMap)                           ((_AKMMap & (1 << SEC_AKM_WPA1)) > 0)
+#define IS_AKM_WPA1PSK(_AKMMap)                    ((_AKMMap & (1 << SEC_AKM_WPA1PSK)) > 0)
+#define IS_AKM_WPANONE(_AKMMap)                  ((_AKMMap & (1 << SEC_AKM_WPANone)) > 0)
+#define IS_AKM_WPA2(_AKMMap)                          ((_AKMMap & (1 << SEC_AKM_WPA2)) > 0)
+#define IS_AKM_WPA2PSK(_AKMMap)                    ((_AKMMap & (1 << SEC_AKM_WPA2PSK)) > 0)
+#define IS_AKM_FT_WPA2(_AKMMap)                     ((_AKMMap & (1 << SEC_AKM_FT_WPA2)) > 0)
+#define IS_AKM_FT_WPA2PSK(_AKMMap)              ((_AKMMap & (1 << SEC_AKM_FT_WPA2PSK)) > 0)
+#define IS_AKM_WPA2_SHA256(_AKMMap)            ((_AKMMap & (1 << SEC_AKM_WPA2_SHA256)) > 0)
+#define IS_AKM_WPA2PSK_SHA256(_AKMMap)      ((_AKMMap & (1 << SEC_AKM_WPA2PSK_SHA256)) > 0)
+#define IS_AKM_TDLS(_AKMMap)                             ((_AKMMap & (1 << SEC_AKM_TDLS)) > 0)
+#define IS_AKM_SAE_SHA256(_AKMMap)                ((_AKMMap & (1 << SEC_AKM_SAE_SHA256)) > 0)
+#define IS_AKM_FT_SAE_SHA256(_AKMMap)          ((_AKMMap & (1 << SEC_AKM_FT_SAE_SHA256)) > 0)
+#define IS_AKM_SUITEB_SHA256(_AKMMap)          ((_AKMMap & (1 << SEC_AKM_SUITEB_SHA256)) > 0)
+#define IS_AKM_SUITEB_SHA384(_AKMMap)          ((_AKMMap & (1 << SEC_AKM_SUITEB_SHA384)) > 0)
+#define IS_AKM_FT_WPA2_SHA384(_AKMMap)      ((_AKMMap & (1 << SEC_AKM_FT_WPA2_SHA384)) > 0)
+#define IS_AKM_WPA3(_AKMMap)	 ((_AKMMap & (1 << SEC_AKM_WPA3)) > 0)
+#define IS_AKM_WPA3PSK(_AKMMap) (IS_AKM_SAE_SHA256(_AKMMap))
+#define IS_AKM_WPA3_192BIT(_AKMMap)	(IS_AKM_SUITEB_SHA384(_AKMMap))
+#define IS_AKM_OWE(_AKMMap) ((_AKMMap & (1 << SEC_AKM_OWE)) > 0)
+
 int get_macaddr(lua_State *L);
 int convert_string_display(lua_State *L);
 int StaInfo(lua_State *L);
@@ -125,5 +213,7 @@ int scanResult(lua_State *L);
 void getRate(HTTRANSMIT_SETTING_FIX HTSetting, ULONG *fLastTxRxRate);
 void get_rate_he(UINT8 mcs, UINT8 bw, UINT8 nss, UINT8 dcm, ULONG *last_tx_rate);
 UINT32 cck_to_mcs(UINT32 mcs);
+const char *GetEncryModeStr(UINT32 encryMode);
+const char *GetAuthModeStr(UINT32 authMode);
 
 #endif
diff --git a/package/mtk/applications/luci-app-mtk/src/security.c b/package/mtk/applications/luci-app-mtk/src/security.c
new file mode 100644
index 0000000000..1447819d9a
--- /dev/null
+++ b/package/mtk/applications/luci-app-mtk/src/security.c
@@ -0,0 +1,79 @@
+#include "mtwifi.h"
+
+const char *GetEncryModeStr(UINT32 encryMode)
+{
+	if (IS_CIPHER_NONE(encryMode))
+		return "NONE";
+	else if (IS_CIPHER_WEP(encryMode))
+		return "WEP";
+	else if (IS_CIPHER_TKIP(encryMode) && IS_CIPHER_CCMP128(encryMode))
+		return "TKIPAES";
+	else if (IS_CIPHER_TKIP(encryMode))
+		return "TKIP";
+	else if (IS_CIPHER_CCMP128(encryMode))
+		return "AES";
+	else if (IS_CIPHER_CCMP256(encryMode))
+		return "CCMP256";
+	else if (IS_CIPHER_GCMP128(encryMode))
+		return "GCMP128";
+	else if (IS_CIPHER_GCMP256(encryMode))
+		return "GCMP256";
+	else if (IS_CIPHER_BIP_CMAC128(encryMode))
+		return "BIP-CMAC128";
+	else if (IS_CIPHER_BIP_CMAC256(encryMode))
+		return "BIP-CMAC256";
+	else if (IS_CIPHER_BIP_GMAC128(encryMode))
+		return "BIP-GMAC128";
+	else if (IS_CIPHER_BIP_GMAC256(encryMode))
+		return "BIP-GMAC256";
+	else
+		return "Unknown";
+}
+
+const char *GetAuthModeStr(UINT32 authMode)
+{
+	if (IS_AKM_OPEN(authMode))
+		return "OPEN";
+	else if (IS_AKM_SHARED(authMode))
+		return "SHARED";
+	else if (IS_AKM_AUTOSWITCH(authMode))
+		return "WEPAUTO";
+	else if (IS_AKM_WPANONE(authMode))
+		return "WPANONE";
+	else if (IS_AKM_FT_WPA2PSK(authMode) && IS_AKM_FT_SAE_SHA256(authMode))
+		return "FT-WPA2PSKWPA3PSK";
+	else if (IS_AKM_WPA1(authMode) && IS_AKM_WPA2(authMode))
+		return "WPA1WPA2";
+	else if (IS_AKM_WPA1PSK(authMode) && IS_AKM_WPA2PSK(authMode))
+		return "WPAPSKWPA2PSK";
+	else if (IS_AKM_WPA2PSK(authMode) && IS_AKM_WPA3PSK(authMode))
+		return "WPA2PSKWPA3PSK";
+	else if (IS_AKM_WPA2PSK(authMode) && IS_AKM_WPA2PSK_SHA256(authMode) && IS_AKM_WPA3PSK(authMode))
+		return "WPA2PSKMIXWPA3PSK";
+	else if (IS_AKM_FT_SAE_SHA256(authMode))
+		return "FT-SAE";
+	else if (IS_AKM_WPA3PSK(authMode))
+		return "WPA3PSK";
+	else if (IS_AKM_WPA1(authMode))
+		return "WPA";
+	else if (IS_AKM_WPA1PSK(authMode))
+		return "WPAPSK";
+	else if (IS_AKM_FT_WPA2(authMode))
+		return "FT-WPA2";
+	else if (IS_AKM_FT_WPA2PSK(authMode))
+		return "FT-WPA2PSK";
+	else if (IS_AKM_WPA3(authMode)) /* WPA3 will be always accompanied by WPA2, so it should put before the WPA2 */
+		return "WPA3";
+	else if (IS_AKM_WPA2(authMode))
+		return "WPA2";
+	else if (IS_AKM_WPA2(authMode) && IS_AKM_WPA2_SHA256(authMode))
+		return "WPA2MIX";
+	else if (IS_AKM_WPA2PSK(authMode))
+		return "WPA2PSK";
+	else if (IS_AKM_WPA3_192BIT(authMode))
+		return "WPA3-192";
+	else if (IS_AKM_OWE(authMode))
+		return "OWE";
+	else
+		return "Unknown";
+}
diff --git a/package/mtk/drivers/mt_wifi/patches/009-add-secinfo-to-stainfo.patch b/package/mtk/drivers/mt_wifi/patches/009-add-secinfo-to-stainfo.patch
new file mode 100644
index 0000000000..63d8b8a538
--- /dev/null
+++ b/package/mtk/drivers/mt_wifi/patches/009-add-secinfo-to-stainfo.patch
@@ -0,0 +1,27 @@
+--- a/mt_wifi/embedded/common/cmm_info.c
++++ b/mt_wifi/embedded/common/cmm_info.c
+@@ -7028,13 +7028,10 @@ typedef struct _RT_802_11_MAC_ENTRY_FIX
+ 	UINT32 ConnectedTime;
+ 	HTTRANSMIT_SETTING_FIX TxRate;
+ 	HTTRANSMIT_SETTING_FIX LastRxRate;
+-	/*
+-		sync with WEB UI's structure for ioctl usage.
+-	*/
+ 	SHORT StreamSnr[3];				/* BF SNR from RXWI. Units=0.25 dB. 22 dB offset removed */
+ 	SHORT SoundingRespSnr[3];			/* SNR from Sounding Response. Units=0.25 dB. 22 dB offset removed */
+-	/*	SHORT TxPER;	*/					/* TX PER over the last second. Percent */
+-	/*	SHORT reserved;*/
++	UINT32					EncryMode;
++	UINT32					AuthMode;
+ } RT_802_11_MAC_ENTRY_FIX, *PRT_802_11_MAC_ENTRY_FIX;
+ 
+ typedef struct _RT_802_11_MAC_TABLE_FIX {
+@@ -7152,6 +7149,8 @@ VOID RTMPIoctlGetMacTableStaInfo(
+ 			pDst->ConnectedTime = pEntry->StaConnectTime;
+ 			pDst->TxRate.word = RTMPGetLastTxRate_fix(pAd, pEntry);
+ 			pDst->LastRxRate.word = RTMPGetLastRxRate(pAd, pEntry);
++			pDst->EncryMode = pEntry->SecConfig.PairwiseCipher;
++			pDst->AuthMode = pEntry->SecConfig.AKMMap;
+ 			pMacTab->Num += 1;
+ 			/* Add to avoid Array cross board */
+ 			if (pMacTab->Num >= MAX_LEN_OF_MAC_TABLE)