]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/mac80211/key.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net/smc: use termination worker under send_lock
[mirror_ubuntu-jammy-kernel.git] / net / mac80211 / key.c
CommitLineData
d2912cb1 1// SPDX-License-Identifier: GPL-2.0-only
1f5a7e47
JB		 2/*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
3b96766f 6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
d98ad83e 7 * Copyright 2013-2014 Intel Mobile Communications GmbH
fdf7cb41 8 * Copyright 2015-2017 Intel Deutschland GmbH
1c955973 9 * Copyright 2018-2019 Intel Corporation
1f5a7e47
JB		 10 */
11
11a843b7
JB		 12#include <linux/if_ether.h>
13#include <linux/etherdevice.h>
14#include <linux/list.h>
d4e46a3d 15#include <linux/rcupdate.h>
db4d1169 16#include <linux/rtnetlink.h>
5a0e3ad6 17#include <linux/slab.h>
bc3b2d7f 18#include <linux/export.h>
1f5a7e47 19#include <net/mac80211.h>
2bdd713b 20#include <crypto/algapi.h>
d26ad377 21#include <asm/unaligned.h>
1f5a7e47 22#include "ieee80211_i.h"
24487981 23#include "driver-ops.h"
1f5a7e47
JB		 24#include "debugfs_key.h"
25#include "aes_ccm.h"
3cfcf6ac 26#include "aes_cmac.h"
8ade538b 27#include "aes_gmac.h"
00b9cfa3 28#include "aes_gcm.h"
1f5a7e47 29
11a843b7 30
dbbea671
JB		 31/**
32 * DOC: Key handling basics
11a843b7
JB		 33 *
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
37 *
b5c34f66
JB		 38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
11a843b7 45 *
b5c34f66
JB		 46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
11a843b7
JB		 52 */
53
54static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
11a843b7 55
ad0e2b5a 56static void assert_key_lock(struct ieee80211_local *local)
3b96766f 57{
46a5ebaf 58 lockdep_assert_held(&local->key_mtx);
3b96766f
JB		 59}
60
f9dca80b
MK		 61static void
62update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
63{
64 struct ieee80211_sub_if_data *vlan;
65
66 if (sdata->vif.type != NL80211_IFTYPE_AP)
67 return;
68
51f458d9
JB		 69 /* crypto_tx_tailroom_needed_cnt is protected by this */
70 assert_key_lock(sdata->local);
f9dca80b 71
51f458d9
JB		 72 rcu_read_lock();
73
74 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
f9dca80b
MK		 75 vlan->crypto_tx_tailroom_needed_cnt += delta;
76
51f458d9 77 rcu_read_unlock();
f9dca80b
MK		 78}
79
3bff1865
YAP		 80static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
81{
82 /*
83 * When this count is zero, SKB resizing for allocating tailroom
84 * for IV or MMIC is skipped. But, this check has created two race
85 * cases in xmit path while transiting from zero count to one:
86 *
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
89 *
90 * 2. SKB resize was skipped because all the keys were hw planted but
91 * just before xmit one of the key is deleted and SW encryption kicks
92 * off.
93 *
94 * In both the above case SW encryption will find not enough space for
95 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
96 *
97 * Solution has been explained at
98 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
99 */
100
51f458d9
JB		 101 assert_key_lock(sdata->local);
102
f9dca80b
MK		 103 update_vlan_tailroom_need_count(sdata, 1);
104
3bff1865
YAP		 105 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
106 /*
107 * Flush all XMIT packets currently using HW encryption or no
108 * encryption at all if the count transition is from 0 -> 1.
109 */
110 synchronize_net();
111 }
112}
113
f9dca80b
MK		 114static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
115 int delta)
116{
51f458d9
JB		 117 assert_key_lock(sdata->local);
118
f9dca80b
MK		 119 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
120
121 update_vlan_tailroom_need_count(sdata, -delta);
122 sdata->crypto_tx_tailroom_needed_cnt -= delta;
123}
124
3ffc2a90 125static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
11a843b7 126{
db3bdcb9 127 struct ieee80211_sub_if_data *sdata = key->sdata;
89c91cae 128 struct sta_info *sta;
fa7e1fbc 129 int ret = -EOPNOTSUPP;
11a843b7 130
3b96766f
JB		 131 might_sleep();
132
4619194a
JB		 133 if (key->flags & KEY_FLAG_TAINTED) {
134 /* If we get here, it's during resume and the key is
135 * tainted so shouldn't be used/programmed any more.
136 * However, its flags may still indicate that it was
137 * programmed into the device (since we're in resume)
138 * so clear that flag now to avoid trying to remove
139 * it again later.
140 */
092c4098
AW		 141 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
143 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
144 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
145 increment_tailroom_need_count(sdata);
146
4619194a 147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
27b3eb9c 148 return -EINVAL;
4619194a 149 }
27b3eb9c 150
e31b8213 151 if (!key->local->ops->set_key)
3ffc2a90 152 goto out_unsupported;
11a843b7 153
ad0e2b5a
JB		 154 assert_key_lock(key->local);
155
89c91cae 156 sta = key->sta;
dc822b5d 157
e31b8213
JB		 158 /*
159 * If this is a per-STA GTK, check if it
160 * is supported; if not, return.
161 */
162 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
30686bf7 163 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
e31b8213
JB		 164 goto out_unsupported;
165
89c91cae
JB		 166 if (sta && !sta->uploaded)
167 goto out_unsupported;
168
18890d4b
HS		 169 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
170 /*
171 * The driver doesn't know anything about VLAN interfaces.
172 * Hence, don't send GTKs for VLAN interfaces to the driver.
173 */
78ad2341
AW		 174 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
175 ret = 1;
18890d4b 176 goto out_unsupported;
78ad2341 177 }
18890d4b 178 }
11a843b7 179
50ff477a
JC		 180 /* TKIP countermeasures don't work in encap offload mode */
181 if (key->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
182 sdata->hw_80211_encap) {
183 sdata_dbg(sdata, "TKIP is not allowed in hw 80211 encap mode\n");
184 return -EINVAL;
185 }
186
89c91cae
JB		 187 ret = drv_set_key(key->local, SET_KEY, sdata,
188 sta ? &sta->sta : NULL, &key->conf);
11a843b7 189
e31b8213 190 if (!ret) {
11a843b7 191 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
3bff1865 192
092c4098
AW		 193 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
194 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
195 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
f9dca80b 196 decrease_tailroom_need_count(sdata, 1);
3bff1865 197
077a9154
AN		 198 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
199 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
200
9de18d81
DS		 201 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
202 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
203
e31b8213
JB		 204 return 0;
205 }
11a843b7 206
fa7e1fbc 207 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
bdcbd8e0 208 sdata_err(sdata,
0fb9a9ec 209 "failed to set key (%d, %pM) to hardware (%d)\n",
89c91cae
JB		 210 key->conf.keyidx,
211 sta ? sta->sta.addr : bcast_addr, ret);
3ffc2a90 212
e31b8213
JB		 213 out_unsupported:
214 switch (key->conf.cipher) {
215 case WLAN_CIPHER_SUITE_WEP40:
216 case WLAN_CIPHER_SUITE_WEP104:
217 case WLAN_CIPHER_SUITE_TKIP:
218 case WLAN_CIPHER_SUITE_CCMP:
2b2ba0db 219 case WLAN_CIPHER_SUITE_CCMP_256:
3c706b97
JC		 220 case WLAN_CIPHER_SUITE_GCMP:
221 case WLAN_CIPHER_SUITE_GCMP_256:
222 /* We cannot do software crypto of data frames with
223 * encapsulation offload enabled. However for 802.11w to
224 * function properly we need cmac/gmac keys.
225 */
226 if (sdata->hw_80211_encap)
227 return -EINVAL;
228 /* Fall through */
229
e31b8213 230 case WLAN_CIPHER_SUITE_AES_CMAC:
56c52da2 231 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
8ade538b
JM		 232 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
233 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
fa7e1fbc
JB		 234 /* all of these we can do in software - if driver can */
235 if (ret == 1)
236 return 0;
78ad2341 237 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
fa7e1fbc 238 return -EINVAL;
e31b8213
JB		 239 return 0;
240 default:
241 return -EINVAL;
3ffc2a90 242 }
11a843b7
JB		 243}
244
245static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
246{
dc822b5d 247 struct ieee80211_sub_if_data *sdata;
89c91cae 248 struct sta_info *sta;
11a843b7
JB		 249 int ret;
250
3b96766f
JB		 251 might_sleep();
252
db4d1169 253 if (!key || !key->local->ops->set_key)
11a843b7
JB		 254 return;
255
ad0e2b5a
JB		 256 assert_key_lock(key->local);
257
258 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
11a843b7
JB		 259 return;
260
89c91cae 261 sta = key->sta;
dc822b5d
JB		 262 sdata = key->sdata;
263
092c4098
AW		 264 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
265 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
266 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
3bff1865
YAP		 267 increment_tailroom_need_count(sdata);
268
62872a9b 269 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
12375ef9 270 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
89c91cae 271 sta ? &sta->sta : NULL, &key->conf);
11a843b7
JB		 272
273 if (ret)
bdcbd8e0 274 sdata_err(sdata,
0fb9a9ec 275 "failed to remove key (%d, %pM) from hardware (%d)\n",
89c91cae
JB		 276 key->conf.keyidx,
277 sta ? sta->sta.addr : bcast_addr, ret);
62872a9b 278}
11a843b7 279
96fc6efb
AW		 280int ieee80211_set_tx_key(struct ieee80211_key *key)
281{
282 struct sta_info *sta = key->sta;
283 struct ieee80211_local *local = key->local;
96fc6efb
AW		 284
285 assert_key_lock(local);
286
96fc6efb 287 sta->ptk_idx = key->conf.keyidx;
90cc4bd6 288
dc3998ec
AW		 289 if (!ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
290 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
96fc6efb
AW		 291 ieee80211_check_fast_xmit(sta);
292
293 return 0;
294}
295
90cc4bd6
AW		 296static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
297 struct ieee80211_key *new)
62872a9b 298{
90cc4bd6
AW		 299 struct ieee80211_local *local = new->local;
300 struct sta_info *sta = new->sta;
301 int i;
62872a9b 302
90cc4bd6 303 assert_key_lock(local);
62872a9b 304
90cc4bd6
AW		 305 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
306 /* Extended Key ID key install, initial one or rekey */
307
dc3998ec
AW		 308 if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
309 !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
90cc4bd6
AW		 310 /* Aggregation Sessions with Extended Key ID must not
311 * mix MPDUs with different keyIDs within one A-MPDU.
3e47bf1c
AW		 312 * Tear down running Tx aggregation sessions and block
313 * new Rx/Tx aggregation requests during rekey to
dc3998ec
AW		 314 * ensure there are no A-MPDUs when the driver is not
315 * supporting A-MPDU key borders. (Blocking Tx only
316 * would be sufficient but WLAN_STA_BLOCK_BA gets the
317 * job done for the few ms we need it.)
90cc4bd6
AW		 318 */
319 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
320 mutex_lock(&sta->ampdu_mlme.mtx);
321 for (i = 0; i < IEEE80211_NUM_TIDS; i++)
322 ___ieee80211_stop_tx_ba_session(sta, i,
323 AGG_STOP_LOCAL_REQUEST);
324 mutex_unlock(&sta->ampdu_mlme.mtx);
325 }
326 } else if (old) {
327 /* Rekey without Extended Key ID.
328 * Aggregation sessions are OK when running on SW crypto.
329 * A broken remote STA may cause issues not observed with HW
330 * crypto, though.
331 */
332 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
333 return;
62872a9b 334
90cc4bd6
AW		 335 /* Stop Tx till we are on the new key */
336 old->flags |= KEY_FLAG_TAINTED;
62872a9b 337 ieee80211_clear_fast_xmit(sta);
62872a9b
AW		 338 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
339 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
340 ieee80211_sta_tear_down_BA_sessions(sta,
341 AGG_STOP_LOCAL_REQUEST);
342 }
62872a9b
AW		 343 if (!wiphy_ext_feature_isset(local->hw.wiphy,
344 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
345 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
346 sta->sta.addr);
347 /* Flushing the driver queues *may* help prevent
348 * the clear text leaks and freezes.
349 */
90cc4bd6 350 ieee80211_flush_queues(local, old->sdata, false);
62872a9b
AW		 351 }
352 }
3b96766f
JB		 353}
354
355static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
f7e0104c 356 int idx, bool uni, bool multi)
3b96766f
JB		 357{
358 struct ieee80211_key *key = NULL;
359
ad0e2b5a
JB		 360 assert_key_lock(sdata->local);
361
3b96766f 362 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
40b275b6 363 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
3b96766f 364
de5fad81 365 if (uni) {
f7e0104c 366 rcu_assign_pointer(sdata->default_unicast_key, key);
17c18bf8 367 ieee80211_check_fast_xmit_iface(sdata);
ec4efc4a
JB		 368 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
369 drv_set_default_unicast_key(sdata->local, sdata, idx);
de5fad81
YD		 370 }
371
f7e0104c
JB		 372 if (multi)
373 rcu_assign_pointer(sdata->default_multicast_key, key);
3b96766f 374
f7e0104c 375 ieee80211_debugfs_key_update_default(sdata);
3b96766f
JB		 376}
377
f7e0104c
JB		 378void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
379 bool uni, bool multi)
3b96766f 380{
ad0e2b5a 381 mutex_lock(&sdata->local->key_mtx);
f7e0104c 382 __ieee80211_set_default_key(sdata, idx, uni, multi);
ad0e2b5a 383 mutex_unlock(&sdata->local->key_mtx);
3b96766f
JB		 384}
385
3cfcf6ac
JM		 386static void
387__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
388{
389 struct ieee80211_key *key = NULL;
390
ad0e2b5a
JB		 391 assert_key_lock(sdata->local);
392
3cfcf6ac
JM		 393 if (idx >= NUM_DEFAULT_KEYS &&
394 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
40b275b6 395 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
3cfcf6ac
JM		 396
397 rcu_assign_pointer(sdata->default_mgmt_key, key);
398
f7e0104c 399 ieee80211_debugfs_key_update_default(sdata);
3cfcf6ac
JM		 400}
401
402void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
403 int idx)
404{
ad0e2b5a 405 mutex_lock(&sdata->local->key_mtx);
3cfcf6ac 406 __ieee80211_set_default_mgmt_key(sdata, idx);
ad0e2b5a 407 mutex_unlock(&sdata->local->key_mtx);
3cfcf6ac
JM		 408}
409
62872a9b 410static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
3b8d9c29
JB		 411 struct sta_info *sta,
412 bool pairwise,
413 struct ieee80211_key *old,
414 struct ieee80211_key *new)
3b96766f 415{
f7e0104c 416 int idx;
90cc4bd6 417 int ret = 0;
f7e0104c 418 bool defunikey, defmultikey, defmgmtkey;
3b96766f 419
5282c3ba
JB		 420 /* caller must provide at least one old/new */
421 if (WARN_ON(!new && !old))
62872a9b 422 return 0;
5282c3ba 423
3b96766f 424 if (new)
ef044763 425 list_add_tail_rcu(&new->list, &sdata->key_list);
3b96766f 426
2475b1cc 427 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
3b96766f 428
90cc4bd6
AW		 429 if (new && sta && pairwise) {
430 /* Unicast rekey needs special handling. With Extended Key ID
431 * old is still NULL for the first rekey.
432 */
433 ieee80211_pairwise_rekey(old, new);
434 }
435
62872a9b 436 if (old) {
2475b1cc 437 idx = old->conf.keyidx;
90cc4bd6
AW		 438
439 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
440 ieee80211_key_disable_hw_accel(old);
441
442 if (new)
443 ret = ieee80211_key_enable_hw_accel(new);
444 }
62872a9b 445 } else {
40b5a0f8 446 /* new must be provided in case old is not */
2475b1cc 447 idx = new->conf.keyidx;
40b5a0f8 448 if (!new->local->wowlan)
62872a9b 449 ret = ieee80211_key_enable_hw_accel(new);
62872a9b
AW		 450 }
451
452 if (ret)
453 return ret;
3b96766f 454
2475b1cc
MS		 455 if (sta) {
456 if (pairwise) {
457 rcu_assign_pointer(sta->ptk[idx], new);
96fc6efb
AW		 458 if (new &&
459 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)) {
460 sta->ptk_idx = idx;
62872a9b
AW		 461 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
462 ieee80211_check_fast_xmit(sta);
463 }
2475b1cc
MS		 464 } else {
465 rcu_assign_pointer(sta->gtk[idx], new);
2475b1cc 466 }
96fc6efb
AW		 467 /* Only needed for transition from no key -> key.
468 * Still triggers unnecessary when using Extended Key ID
469 * and installing the second key ID the first time.
470 */
471 if (new && !old)
62872a9b 472 ieee80211_check_fast_rx(sta);
2475b1cc 473 } else {
40b275b6
JB		 474 defunikey = old &&
475 old == key_mtx_dereference(sdata->local,
476 sdata->default_unicast_key);
477 defmultikey = old &&
478 old == key_mtx_dereference(sdata->local,
479 sdata->default_multicast_key);
480 defmgmtkey = old &&
481 old == key_mtx_dereference(sdata->local,
482 sdata->default_mgmt_key);
3b96766f 483
f7e0104c
JB		 484 if (defunikey && !new)
485 __ieee80211_set_default_key(sdata, -1, true, false);
486 if (defmultikey && !new)
487 __ieee80211_set_default_key(sdata, -1, false, true);
3cfcf6ac
JM		 488 if (defmgmtkey && !new)
489 __ieee80211_set_default_mgmt_key(sdata, -1);
3b96766f
JB		 490
491 rcu_assign_pointer(sdata->keys[idx], new);
f7e0104c
JB		 492 if (defunikey && new)
493 __ieee80211_set_default_key(sdata, new->conf.keyidx,
494 true, false);
495 if (defmultikey && new)
496 __ieee80211_set_default_key(sdata, new->conf.keyidx,
497 false, true);
3cfcf6ac
JM		 498 if (defmgmtkey && new)
499 __ieee80211_set_default_mgmt_key(sdata,
500 new->conf.keyidx);
3b96766f
JB		 501 }
502
b5c34f66 503 if (old)
ef044763 504 list_del_rcu(&old->list);
62872a9b
AW		 505
506 return 0;
11a843b7
JB		 507}
508
2475b1cc
MS		 509struct ieee80211_key *
510ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
511 const u8 *key_data,
512 size_t seq_len, const u8 *seq,
513 const struct ieee80211_cipher_scheme *cs)
1f5a7e47
JB		 514{
515 struct ieee80211_key *key;
1ac62ba7 516 int i, j, err;
1f5a7e47 517
8c5bb1fa
JB		 518 if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS))
519 return ERR_PTR(-EINVAL);
11a843b7
JB		 520
521 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
1f5a7e47 522 if (!key)
1ac62ba7 523 return ERR_PTR(-ENOMEM);
11a843b7
JB		 524
525 /*
526 * Default to software encryption; we'll later upload the
527 * key to the hardware if possible.
528 */
11a843b7
JB		 529 key->conf.flags = 0;
530 key->flags = 0;
531
97359d12 532 key->conf.cipher = cipher;
11a843b7
JB		 533 key->conf.keyidx = idx;
534 key->conf.keylen = key_len;
97359d12
JB		 535 switch (cipher) {
536 case WLAN_CIPHER_SUITE_WEP40:
537 case WLAN_CIPHER_SUITE_WEP104:
4325f6ca
JB		 538 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
539 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
76708dee 540 break;
97359d12 541 case WLAN_CIPHER_SUITE_TKIP:
4325f6ca
JB		 542 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
543 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
9f26a952 544 if (seq) {
5a306f58 545 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
faa8fdc8
JM		 546 key->u.tkip.rx[i].iv32 =
547 get_unaligned_le32(&seq[2]);
548 key->u.tkip.rx[i].iv16 =
549 get_unaligned_le16(seq);
550 }
551 }
523b02ea 552 spin_lock_init(&key->u.tkip.txlock);
76708dee 553 break;
97359d12 554 case WLAN_CIPHER_SUITE_CCMP:
4325f6ca
JB		 555 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
556 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
9f26a952 557 if (seq) {
5a306f58 558 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
4325f6ca 559 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
faa8fdc8 560 key->u.ccmp.rx_pn[i][j] =
4325f6ca 561 seq[IEEE80211_CCMP_PN_LEN - j - 1];
faa8fdc8 562 }
11a843b7
JB		 563 /*
564 * Initialize AES key state here as an optimization so that
565 * it does not need to be initialized for every packet.
566 */
2b2ba0db
JM		 567 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
568 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
569 if (IS_ERR(key->u.ccmp.tfm)) {
570 err = PTR_ERR(key->u.ccmp.tfm);
571 kfree(key);
572 return ERR_PTR(err);
573 }
574 break;
575 case WLAN_CIPHER_SUITE_CCMP_256:
576 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
577 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
578 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
579 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
580 key->u.ccmp.rx_pn[i][j] =
581 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
582 /* Initialize AES key state here as an optimization so that
583 * it does not need to be initialized for every packet.
584 */
585 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
586 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
1ac62ba7
BH		 587 if (IS_ERR(key->u.ccmp.tfm)) {
588 err = PTR_ERR(key->u.ccmp.tfm);
3b96766f 589 kfree(key);
1f951a7f 590 return ERR_PTR(err);
11a843b7 591 }
60ae0f20
JB		 592 break;
593 case WLAN_CIPHER_SUITE_AES_CMAC:
56c52da2 594 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
60ae0f20 595 key->conf.iv_len = 0;
56c52da2
JM		 596 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
597 key->conf.icv_len = sizeof(struct ieee80211_mmie);
598 else
599 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
60ae0f20 600 if (seq)
4325f6ca 601 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
0f927323 602 key->u.aes_cmac.rx_pn[j] =
4325f6ca 603 seq[IEEE80211_CMAC_PN_LEN - j - 1];
3cfcf6ac
JM		 604 /*
605 * Initialize AES key state here as an optimization so that
606 * it does not need to be initialized for every packet.
607 */
608 key->u.aes_cmac.tfm =
56c52da2 609 ieee80211_aes_cmac_key_setup(key_data, key_len);
1ac62ba7
BH		 610 if (IS_ERR(key->u.aes_cmac.tfm)) {
611 err = PTR_ERR(key->u.aes_cmac.tfm);
3cfcf6ac 612 kfree(key);
1f951a7f 613 return ERR_PTR(err);
3cfcf6ac 614 }
60ae0f20 615 break;
8ade538b
JM		 616 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
617 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
618 key->conf.iv_len = 0;
619 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
620 if (seq)
621 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
622 key->u.aes_gmac.rx_pn[j] =
623 seq[IEEE80211_GMAC_PN_LEN - j - 1];
624 /* Initialize AES key state here as an optimization so that
625 * it does not need to be initialized for every packet.
626 */
627 key->u.aes_gmac.tfm =
628 ieee80211_aes_gmac_key_setup(key_data, key_len);
629 if (IS_ERR(key->u.aes_gmac.tfm)) {
630 err = PTR_ERR(key->u.aes_gmac.tfm);
631 kfree(key);
632 return ERR_PTR(err);
633 }
634 break;
00b9cfa3
JM		 635 case WLAN_CIPHER_SUITE_GCMP:
636 case WLAN_CIPHER_SUITE_GCMP_256:
637 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
638 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
639 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
640 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
641 key->u.gcmp.rx_pn[i][j] =
642 seq[IEEE80211_GCMP_PN_LEN - j - 1];
643 /* Initialize AES key state here as an optimization so that
644 * it does not need to be initialized for every packet.
645 */
646 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
647 key_len);
648 if (IS_ERR(key->u.gcmp.tfm)) {
649 err = PTR_ERR(key->u.gcmp.tfm);
650 kfree(key);
651 return ERR_PTR(err);
652 }
653 break;
2475b1cc
MS		 654 default:
655 if (cs) {
e3a55b53
JB		 656 if (seq_len && seq_len != cs->pn_len) {
657 kfree(key);
658 return ERR_PTR(-EINVAL);
659 }
2475b1cc
MS		 660
661 key->conf.iv_len = cs->hdr_len;
662 key->conf.icv_len = cs->mic_len;
663 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
e3a55b53 664 for (j = 0; j < seq_len; j++)
2475b1cc 665 key->u.gen.rx_pn[i][j] =
e3a55b53 666 seq[seq_len - j - 1];
c7ef38e0 667 key->flags |= KEY_FLAG_CIPHER_SCHEME;
2475b1cc 668 }
3cfcf6ac 669 }
60ae0f20
JB		 670 memcpy(key->conf.key, key_data, key_len);
671 INIT_LIST_HEAD(&key->list);
3cfcf6ac 672
db4d1169
JB		 673 return key;
674}
11a843b7 675
79cf2dfa
JB		 676static void ieee80211_key_free_common(struct ieee80211_key *key)
677{
00b9cfa3
JM		 678 switch (key->conf.cipher) {
679 case WLAN_CIPHER_SUITE_CCMP:
2b2ba0db 680 case WLAN_CIPHER_SUITE_CCMP_256:
79cf2dfa 681 ieee80211_aes_key_free(key->u.ccmp.tfm);
00b9cfa3
JM		 682 break;
683 case WLAN_CIPHER_SUITE_AES_CMAC:
56c52da2 684 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
79cf2dfa 685 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
00b9cfa3 686 break;
8ade538b
JM		 687 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
688 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
689 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
690 break;
00b9cfa3
JM		 691 case WLAN_CIPHER_SUITE_GCMP:
692 case WLAN_CIPHER_SUITE_GCMP_256:
693 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
694 break;
695 }
29c3f9c3 696 kzfree(key);
79cf2dfa
JB		 697}
698
6d10e46b
JB		 699static void __ieee80211_key_destroy(struct ieee80211_key *key,
700 bool delay_tailroom)
ad0e2b5a 701{
3bff1865 702 if (key->local) {
8d1f7ecd
JB		 703 struct ieee80211_sub_if_data *sdata = key->sdata;
704
32162a4d 705 ieee80211_debugfs_key_remove(key);
8d1f7ecd
JB		 706
707 if (delay_tailroom) {
708 /* see ieee80211_delayed_tailroom_dec */
709 sdata->crypto_tx_tailroom_pending_dec++;
710 schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
711 HZ/2);
712 } else {
f9dca80b 713 decrease_tailroom_need_count(sdata, 1);
8d1f7ecd 714 }
3bff1865 715 }
ad0e2b5a 716
79cf2dfa
JB		 717 ieee80211_key_free_common(key);
718}
719
6d10e46b
JB		 720static void ieee80211_key_destroy(struct ieee80211_key *key,
721 bool delay_tailroom)
722{
723 if (!key)
724 return;
725
726 /*
ef044763
EP		 727 * Synchronize so the TX path and rcu key iterators
728 * can no longer be using this key before we free/remove it.
6d10e46b
JB		 729 */
730 synchronize_net();
731
732 __ieee80211_key_destroy(key, delay_tailroom);
733}
734
79cf2dfa
JB		 735void ieee80211_key_free_unused(struct ieee80211_key *key)
736{
737 WARN_ON(key->sdata || key->local);
738 ieee80211_key_free_common(key);
ad0e2b5a
JB		 739}
740
cfbb0d90
JB		 741static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
742 struct ieee80211_key *old,
743 struct ieee80211_key *new)
744{
745 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
746 u8 *tk_old, *tk_new;
747
748 if (!old || new->conf.keylen != old->conf.keylen)
749 return false;
750
751 tk_old = old->conf.key;
752 tk_new = new->conf.key;
753
754 /*
755 * In station mode, don't compare the TX MIC key, as it's never used
756 * and offloaded rekeying may not care to send it to the host. This
757 * is the case in iwlwifi, for example.
758 */
759 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
760 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
761 new->conf.keylen == WLAN_KEY_LEN_TKIP &&
762 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
763 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
764 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
765 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
766 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
767 tk_old = tkip_old;
768 tk_new = tkip_new;
769 }
770
771 return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
772}
773
3ffc2a90
JB		 774int ieee80211_key_link(struct ieee80211_key *key,
775 struct ieee80211_sub_if_data *sdata,
776 struct sta_info *sta)
db4d1169
JB		 777{
778 struct ieee80211_key *old_key;
133bf90d
MP		 779 int idx = key->conf.keyidx;
780 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
781 /*
782 * We want to delay tailroom updates only for station - in that
783 * case it helps roaming speed, but in other cases it hurts and
784 * can cause warnings to appear.
785 */
786 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
96fc6efb 787 int ret = -EOPNOTSUPP;
db4d1169 788
ad0e2b5a 789 mutex_lock(&sdata->local->key_mtx);
3b96766f 790
96fc6efb
AW		 791 if (sta && pairwise) {
792 struct ieee80211_key *alt_key;
793
2475b1cc 794 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
96fc6efb
AW		 795 alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]);
796
797 /* The rekey code assumes that the old and new key are using
798 * the same cipher. Enforce the assumption for pairwise keys.
799 */
1c955973
JB		 800 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
801 (old_key && old_key->conf.cipher != key->conf.cipher))
96fc6efb
AW		 802 goto out;
803 } else if (sta) {
40b275b6 804 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
96fc6efb 805 } else {
40b275b6 806 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
96fc6efb
AW		 807 }
808
809 /* Non-pairwise keys must also not switch the cipher on rekey */
810 if (!pairwise) {
753a9a72 811 if (old_key && old_key->conf.cipher != key->conf.cipher)
96fc6efb
AW		 812 goto out;
813 }
db4d1169 814
fdf7cb41
JB		 815 /*
816 * Silently accept key re-installation without really installing the
817 * new version of the key to avoid nonce reuse or replay issues.
818 */
cfbb0d90 819 if (ieee80211_key_identical(sdata, old_key, key)) {
fdf7cb41
JB		 820 ieee80211_key_free_unused(key);
821 ret = 0;
822 goto out;
823 }
824
825 key->local = sdata->local;
826 key->sdata = sdata;
827 key->sta = sta;
828
3bff1865
YAP		 829 increment_tailroom_need_count(sdata);
830
62872a9b 831 ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
db4d1169 832
62872a9b
AW		 833 if (!ret) {
834 ieee80211_debugfs_key_add(key);
835 ieee80211_key_destroy(old_key, delay_tailroom);
27b3eb9c 836 } else {
62872a9b 837 ieee80211_key_free(key, delay_tailroom);
27b3eb9c 838 }
79cf2dfa 839
fdf7cb41 840 out:
ad0e2b5a 841 mutex_unlock(&sdata->local->key_mtx);
3ffc2a90
JB		 842
843 return ret;
1f5a7e47
JB		 844}
845
3b8d9c29 846void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
1f5a7e47 847{
5c0c3641
JB		 848 if (!key)
849 return;
850
3b96766f
JB		 851 /*
852 * Replace key with nothingness if it was ever used.
853 */
3a245766 854 if (key->sdata)
3b8d9c29 855 ieee80211_key_replace(key->sdata, key->sta,
e31b8213
JB		 856 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
857 key, NULL);
3b8d9c29 858 ieee80211_key_destroy(key, delay_tailroom);
3b96766f 859}
d4e46a3d 860
624ff4b2 861void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
3a245766
JB		 862{
863 struct ieee80211_key *key;
f9dca80b 864 struct ieee80211_sub_if_data *vlan;
11a843b7 865
3a245766 866 ASSERT_RTNL();
11a843b7 867
f9dca80b
MK		 868 mutex_lock(&sdata->local->key_mtx);
869
870 sdata->crypto_tx_tailroom_needed_cnt = 0;
624ff4b2 871 sdata->crypto_tx_tailroom_pending_dec = 0;
f9dca80b
MK		 872
873 if (sdata->vif.type == NL80211_IFTYPE_AP) {
624ff4b2 874 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
f9dca80b 875 vlan->crypto_tx_tailroom_needed_cnt = 0;
624ff4b2
LC		 876 vlan->crypto_tx_tailroom_pending_dec = 0;
877 }
878 }
879
880 if (ieee80211_sdata_running(sdata)) {
881 list_for_each_entry(key, &sdata->key_list, list) {
882 increment_tailroom_need_count(sdata);
883 ieee80211_key_enable_hw_accel(key);
884 }
f9dca80b
MK		 885 }
886
887 mutex_unlock(&sdata->local->key_mtx);
888}
889
830af02f
JB		 890void ieee80211_iter_keys(struct ieee80211_hw *hw,
891 struct ieee80211_vif *vif,
892 void (*iter)(struct ieee80211_hw *hw,
893 struct ieee80211_vif *vif,
894 struct ieee80211_sta *sta,
895 struct ieee80211_key_conf *key,
896 void *data),
897 void *iter_data)
898{
899 struct ieee80211_local *local = hw_to_local(hw);
27b3eb9c 900 struct ieee80211_key *key, *tmp;
830af02f
JB		 901 struct ieee80211_sub_if_data *sdata;
902
903 ASSERT_RTNL();
904
905 mutex_lock(&local->key_mtx);
906 if (vif) {
907 sdata = vif_to_sdata(vif);
27b3eb9c 908 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
830af02f
JB		 909 iter(hw, &sdata->vif,
910 key->sta ? &key->sta->sta : NULL,
911 &key->conf, iter_data);
912 } else {
913 list_for_each_entry(sdata, &local->interfaces, list)
27b3eb9c
JB		 914 list_for_each_entry_safe(key, tmp,
915 &sdata->key_list, list)
830af02f
JB		 916 iter(hw, &sdata->vif,
917 key->sta ? &key->sta->sta : NULL,
918 &key->conf, iter_data);
919 }
920 mutex_unlock(&local->key_mtx);
921}
922EXPORT_SYMBOL(ieee80211_iter_keys);
923
ef044763
EP		 924static void
925_ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
926 struct ieee80211_sub_if_data *sdata,
927 void (*iter)(struct ieee80211_hw *hw,
928 struct ieee80211_vif *vif,
929 struct ieee80211_sta *sta,
930 struct ieee80211_key_conf *key,
931 void *data),
932 void *iter_data)
933{
934 struct ieee80211_key *key;
935
936 list_for_each_entry_rcu(key, &sdata->key_list, list) {
937 /* skip keys of station in removal process */
938 if (key->sta && key->sta->removed)
939 continue;
940 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
941 continue;
942
943 iter(hw, &sdata->vif,
944 key->sta ? &key->sta->sta : NULL,
945 &key->conf, iter_data);
946 }
947}
948
949void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
950 struct ieee80211_vif *vif,
951 void (*iter)(struct ieee80211_hw *hw,
952 struct ieee80211_vif *vif,
953 struct ieee80211_sta *sta,
954 struct ieee80211_key_conf *key,
955 void *data),
956 void *iter_data)
957{
958 struct ieee80211_local *local = hw_to_local(hw);
959 struct ieee80211_sub_if_data *sdata;
960
961 if (vif) {
962 sdata = vif_to_sdata(vif);
963 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
964 } else {
965 list_for_each_entry_rcu(sdata, &local->interfaces, list)
966 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
967 }
968}
969EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
970
7907c7d3
JB		 971static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
972 struct list_head *keys)
3b96766f
JB		 973{
974 struct ieee80211_key *key, *tmp;
3b96766f 975
f9dca80b
MK		 976 decrease_tailroom_need_count(sdata,
977 sdata->crypto_tx_tailroom_pending_dec);
8d1f7ecd
JB		 978 sdata->crypto_tx_tailroom_pending_dec = 0;
979
3cfcf6ac 980 ieee80211_debugfs_key_remove_mgmt_default(sdata);
3b96766f 981
6d10e46b
JB		 982 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
983 ieee80211_key_replace(key->sdata, key->sta,
984 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
985 key, NULL);
7907c7d3 986 list_add_tail(&key->list, keys);
6d10e46b 987 }
3b96766f 988
f7e0104c 989 ieee80211_debugfs_key_update_default(sdata);
7907c7d3 990}
f7e0104c 991
7907c7d3
JB		 992void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
993 bool force_synchronize)
994{
995 struct ieee80211_local *local = sdata->local;
996 struct ieee80211_sub_if_data *vlan;
f9dca80b 997 struct ieee80211_sub_if_data *master;
7907c7d3
JB		 998 struct ieee80211_key *key, *tmp;
999 LIST_HEAD(keys);
1000
1001 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
1002
1003 mutex_lock(&local->key_mtx);
1004
1005 ieee80211_free_keys_iface(sdata, &keys);
1006
1007 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1008 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1009 ieee80211_free_keys_iface(vlan, &keys);
6d10e46b
JB		 1010 }
1011
7907c7d3
JB		 1012 if (!list_empty(&keys) || force_synchronize)
1013 synchronize_net();
1014 list_for_each_entry_safe(key, tmp, &keys, list)
1015 __ieee80211_key_destroy(key, false);
1016
f9dca80b
MK		 1017 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1018 if (sdata->bss) {
1019 master = container_of(sdata->bss,
1020 struct ieee80211_sub_if_data,
1021 u.ap);
1022
1023 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1024 master->crypto_tx_tailroom_needed_cnt);
1025 }
1026 } else {
1027 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1028 sdata->crypto_tx_tailroom_pending_dec);
1029 }
1030
7907c7d3
JB		 1031 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1032 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1033 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1034 vlan->crypto_tx_tailroom_pending_dec);
1035 }
8d1f7ecd 1036
7907c7d3 1037 mutex_unlock(&local->key_mtx);
11a843b7 1038}
c68f4b89 1039
6d10e46b
JB		 1040void ieee80211_free_sta_keys(struct ieee80211_local *local,
1041 struct sta_info *sta)
1042{
c8782078 1043 struct ieee80211_key *key;
6d10e46b
JB		 1044 int i;
1045
1046 mutex_lock(&local->key_mtx);
28a9bc68 1047 for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
6d10e46b
JB		 1048 key = key_mtx_dereference(local, sta->gtk[i]);
1049 if (!key)
1050 continue;
1051 ieee80211_key_replace(key->sdata, key->sta,
1052 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1053 key, NULL);
133bf90d
MP		 1054 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1055 NL80211_IFTYPE_STATION);
6d10e46b
JB		 1056 }
1057
2475b1cc
MS		 1058 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1059 key = key_mtx_dereference(local, sta->ptk[i]);
1060 if (!key)
1061 continue;
6d10e46b
JB		 1062 ieee80211_key_replace(key->sdata, key->sta,
1063 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1064 key, NULL);
133bf90d
MP		 1065 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1066 NL80211_IFTYPE_STATION);
c8782078 1067 }
6d10e46b
JB		 1068
1069 mutex_unlock(&local->key_mtx);
1070}
1071
8d1f7ecd
JB		 1072void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
1073{
1074 struct ieee80211_sub_if_data *sdata;
1075
1076 sdata = container_of(wk, struct ieee80211_sub_if_data,
1077 dec_tailroom_needed_wk.work);
1078
1079 /*
1080 * The reason for the delayed tailroom needed decrementing is to
1081 * make roaming faster: during roaming, all keys are first deleted
1082 * and then new keys are installed. The first new key causes the
1083 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1084 * the cost of synchronize_net() (which can be slow). Avoid this
1085 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1086 * key removal for a while, so if we roam the value is larger than
1087 * zero and no 0->1 transition happens.
1088 *
1089 * The cost is that if the AP switching was from an AP with keys
1090 * to one without, we still allocate tailroom while it would no
1091 * longer be needed. However, in the typical (fast) roaming case
1092 * within an ESS this usually won't happen.
1093 */
1094
1095 mutex_lock(&sdata->local->key_mtx);
f9dca80b
MK		 1096 decrease_tailroom_need_count(sdata,
1097 sdata->crypto_tx_tailroom_pending_dec);
8d1f7ecd
JB		 1098 sdata->crypto_tx_tailroom_pending_dec = 0;
1099 mutex_unlock(&sdata->local->key_mtx);
1100}
c68f4b89
JB		 1101
1102void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1103 const u8 *replay_ctr, gfp_t gfp)
1104{
1105 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1106
1107 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1108
1109 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1110}
1111EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
3ea542d3 1112
3ea542d3
JB		 1113void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1114 int tid, struct ieee80211_key_seq *seq)
1115{
1116 struct ieee80211_key *key;
1117 const u8 *pn;
1118
1119 key = container_of(keyconf, struct ieee80211_key, conf);
1120
1121 switch (key->conf.cipher) {
1122 case WLAN_CIPHER_SUITE_TKIP:
5a306f58 1123 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
3ea542d3
JB		 1124 return;
1125 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1126 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1127 break;
1128 case WLAN_CIPHER_SUITE_CCMP:
2b2ba0db 1129 case WLAN_CIPHER_SUITE_CCMP_256:
5a306f58 1130 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
3ea542d3
JB		 1131 return;
1132 if (tid < 0)
5a306f58 1133 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
3ea542d3
JB		 1134 else
1135 pn = key->u.ccmp.rx_pn[tid];
4325f6ca 1136 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
3ea542d3
JB		 1137 break;
1138 case WLAN_CIPHER_SUITE_AES_CMAC:
56c52da2 1139 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
3ea542d3
JB		 1140 if (WARN_ON(tid != 0))
1141 return;
1142 pn = key->u.aes_cmac.rx_pn;
4325f6ca 1143 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
3ea542d3 1144 break;
8ade538b
JM		 1145 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1146 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1147 if (WARN_ON(tid != 0))
1148 return;
1149 pn = key->u.aes_gmac.rx_pn;
1150 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1151 break;
00b9cfa3
JM		 1152 case WLAN_CIPHER_SUITE_GCMP:
1153 case WLAN_CIPHER_SUITE_GCMP_256:
1154 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1155 return;
1156 if (tid < 0)
1157 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1158 else
1159 pn = key->u.gcmp.rx_pn[tid];
1160 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1161 break;
3ea542d3
JB		 1162 }
1163}
1164EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
27b3eb9c 1165
27b3eb9c
JB		 1166void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1167 int tid, struct ieee80211_key_seq *seq)
1168{
1169 struct ieee80211_key *key;
1170 u8 *pn;
1171
1172 key = container_of(keyconf, struct ieee80211_key, conf);
1173
1174 switch (key->conf.cipher) {
1175 case WLAN_CIPHER_SUITE_TKIP:
1176 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1177 return;
1178 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1179 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1180 break;
1181 case WLAN_CIPHER_SUITE_CCMP:
2b2ba0db 1182 case WLAN_CIPHER_SUITE_CCMP_256:
27b3eb9c
JB		 1183 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1184 return;
1185 if (tid < 0)
1186 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1187 else
1188 pn = key->u.ccmp.rx_pn[tid];
1189 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1190 break;
1191 case WLAN_CIPHER_SUITE_AES_CMAC:
56c52da2 1192 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
27b3eb9c
JB		 1193 if (WARN_ON(tid != 0))
1194 return;
1195 pn = key->u.aes_cmac.rx_pn;
1196 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1197 break;
8ade538b
JM		 1198 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1199 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1200 if (WARN_ON(tid != 0))
1201 return;
1202 pn = key->u.aes_gmac.rx_pn;
1203 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1204 break;
00b9cfa3
JM		 1205 case WLAN_CIPHER_SUITE_GCMP:
1206 case WLAN_CIPHER_SUITE_GCMP_256:
1207 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1208 return;
1209 if (tid < 0)
1210 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1211 else
1212 pn = key->u.gcmp.rx_pn[tid];
1213 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1214 break;
27b3eb9c
JB		 1215 default:
1216 WARN_ON(1);
1217 break;
1218 }
1219}
1220EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1221
1222void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1223{
1224 struct ieee80211_key *key;
1225
1226 key = container_of(keyconf, struct ieee80211_key, conf);
1227
1228 assert_key_lock(key->local);
1229
1230 /*
1231 * if key was uploaded, we assume the driver will/has remove(d)
1232 * it, so adjust bookkeeping accordingly
1233 */
1234 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1235 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1236
092c4098
AW		 1237 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1238 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1239 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
27b3eb9c
JB		 1240 increment_tailroom_need_count(key->sdata);
1241 }
1242
1243 ieee80211_key_free(key, false);
1244}
1245EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1246
1247struct ieee80211_key_conf *
1248ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1249 struct ieee80211_key_conf *keyconf)
1250{
1251 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1252 struct ieee80211_local *local = sdata->local;
1253 struct ieee80211_key *key;
1254 int err;
1255
1256 if (WARN_ON(!local->wowlan))
1257 return ERR_PTR(-EINVAL);
1258
1259 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1260 return ERR_PTR(-EINVAL);
1261
1262 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1263 keyconf->keylen, keyconf->key,
2475b1cc 1264 0, NULL, NULL);
27b3eb9c 1265 if (IS_ERR(key))
c5dc164d 1266 return ERR_CAST(key);
27b3eb9c
JB		 1267
1268 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1269 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1270
1271 err = ieee80211_key_link(key, sdata, NULL);
1272 if (err)
1273 return ERR_PTR(err);
1274
1275 return &key->conf;
1276}
1277EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
Ubuntu Jammy Linux kernel mirror