]>
Commit | Line | Data |
---|---|---|
d2912cb1 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
1f5a7e47 JB |
2 | /* |
3 | * Copyright 2002-2005, Instant802 Networks, Inc. | |
4 | * Copyright 2005-2006, Devicescape Software, Inc. | |
5 | * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> | |
3b96766f | 6 | * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> |
d98ad83e | 7 | * Copyright 2013-2014 Intel Mobile Communications GmbH |
fdf7cb41 | 8 | * Copyright 2015-2017 Intel Deutschland GmbH |
1c955973 | 9 | * Copyright 2018-2019 Intel Corporation |
1f5a7e47 JB |
10 | */ |
11 | ||
11a843b7 JB |
12 | #include <linux/if_ether.h> |
13 | #include <linux/etherdevice.h> | |
14 | #include <linux/list.h> | |
d4e46a3d | 15 | #include <linux/rcupdate.h> |
db4d1169 | 16 | #include <linux/rtnetlink.h> |
5a0e3ad6 | 17 | #include <linux/slab.h> |
bc3b2d7f | 18 | #include <linux/export.h> |
1f5a7e47 | 19 | #include <net/mac80211.h> |
2bdd713b | 20 | #include <crypto/algapi.h> |
d26ad377 | 21 | #include <asm/unaligned.h> |
1f5a7e47 | 22 | #include "ieee80211_i.h" |
24487981 | 23 | #include "driver-ops.h" |
1f5a7e47 JB |
24 | #include "debugfs_key.h" |
25 | #include "aes_ccm.h" | |
3cfcf6ac | 26 | #include "aes_cmac.h" |
8ade538b | 27 | #include "aes_gmac.h" |
00b9cfa3 | 28 | #include "aes_gcm.h" |
1f5a7e47 | 29 | |
11a843b7 | 30 | |
dbbea671 JB |
31 | /** |
32 | * DOC: Key handling basics | |
11a843b7 JB |
33 | * |
34 | * Key handling in mac80211 is done based on per-interface (sub_if_data) | |
35 | * keys and per-station keys. Since each station belongs to an interface, | |
36 | * each station key also belongs to that interface. | |
37 | * | |
b5c34f66 JB |
38 | * Hardware acceleration is done on a best-effort basis for algorithms |
39 | * that are implemented in software, for each key the hardware is asked | |
40 | * to enable that key for offloading but if it cannot do that the key is | |
41 | * simply kept for software encryption (unless it is for an algorithm | |
42 | * that isn't implemented in software). | |
43 | * There is currently no way of knowing whether a key is handled in SW | |
44 | * or HW except by looking into debugfs. | |
11a843b7 | 45 | * |
b5c34f66 JB |
46 | * All key management is internally protected by a mutex. Within all |
47 | * other parts of mac80211, key references are, just as STA structure | |
48 | * references, protected by RCU. Note, however, that some things are | |
49 | * unprotected, namely the key->sta dereferences within the hardware | |
50 | * acceleration functions. This means that sta_info_destroy() must | |
51 | * remove the key which waits for an RCU grace period. | |
11a843b7 JB |
52 | */ |
53 | ||
54 | static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; | |
11a843b7 | 55 | |
ad0e2b5a | 56 | static void assert_key_lock(struct ieee80211_local *local) |
3b96766f | 57 | { |
46a5ebaf | 58 | lockdep_assert_held(&local->key_mtx); |
3b96766f JB |
59 | } |
60 | ||
f9dca80b MK |
61 | static void |
62 | update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta) | |
63 | { | |
64 | struct ieee80211_sub_if_data *vlan; | |
65 | ||
66 | if (sdata->vif.type != NL80211_IFTYPE_AP) | |
67 | return; | |
68 | ||
51f458d9 JB |
69 | /* crypto_tx_tailroom_needed_cnt is protected by this */ |
70 | assert_key_lock(sdata->local); | |
f9dca80b | 71 | |
51f458d9 JB |
72 | rcu_read_lock(); |
73 | ||
74 | list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list) | |
f9dca80b MK |
75 | vlan->crypto_tx_tailroom_needed_cnt += delta; |
76 | ||
51f458d9 | 77 | rcu_read_unlock(); |
f9dca80b MK |
78 | } |
79 | ||
3bff1865 YAP |
80 | static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata) |
81 | { | |
82 | /* | |
83 | * When this count is zero, SKB resizing for allocating tailroom | |
84 | * for IV or MMIC is skipped. But, this check has created two race | |
85 | * cases in xmit path while transiting from zero count to one: | |
86 | * | |
87 | * 1. SKB resize was skipped because no key was added but just before | |
88 | * the xmit key is added and SW encryption kicks off. | |
89 | * | |
90 | * 2. SKB resize was skipped because all the keys were hw planted but | |
91 | * just before xmit one of the key is deleted and SW encryption kicks | |
92 | * off. | |
93 | * | |
94 | * In both the above case SW encryption will find not enough space for | |
95 | * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c) | |
96 | * | |
97 | * Solution has been explained at | |
98 | * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net | |
99 | */ | |
100 | ||
51f458d9 JB |
101 | assert_key_lock(sdata->local); |
102 | ||
f9dca80b MK |
103 | update_vlan_tailroom_need_count(sdata, 1); |
104 | ||
3bff1865 YAP |
105 | if (!sdata->crypto_tx_tailroom_needed_cnt++) { |
106 | /* | |
107 | * Flush all XMIT packets currently using HW encryption or no | |
108 | * encryption at all if the count transition is from 0 -> 1. | |
109 | */ | |
110 | synchronize_net(); | |
111 | } | |
112 | } | |
113 | ||
f9dca80b MK |
114 | static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata, |
115 | int delta) | |
116 | { | |
51f458d9 JB |
117 | assert_key_lock(sdata->local); |
118 | ||
f9dca80b MK |
119 | WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta); |
120 | ||
121 | update_vlan_tailroom_need_count(sdata, -delta); | |
122 | sdata->crypto_tx_tailroom_needed_cnt -= delta; | |
123 | } | |
124 | ||
3ffc2a90 | 125 | static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) |
11a843b7 | 126 | { |
db3bdcb9 | 127 | struct ieee80211_sub_if_data *sdata = key->sdata; |
89c91cae | 128 | struct sta_info *sta; |
fa7e1fbc | 129 | int ret = -EOPNOTSUPP; |
11a843b7 | 130 | |
3b96766f JB |
131 | might_sleep(); |
132 | ||
4619194a JB |
133 | if (key->flags & KEY_FLAG_TAINTED) { |
134 | /* If we get here, it's during resume and the key is | |
135 | * tainted so shouldn't be used/programmed any more. | |
136 | * However, its flags may still indicate that it was | |
137 | * programmed into the device (since we're in resume) | |
138 | * so clear that flag now to avoid trying to remove | |
139 | * it again later. | |
140 | */ | |
092c4098 AW |
141 | if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE && |
142 | !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | | |
143 | IEEE80211_KEY_FLAG_PUT_MIC_SPACE | | |
144 | IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) | |
145 | increment_tailroom_need_count(sdata); | |
146 | ||
4619194a | 147 | key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; |
27b3eb9c | 148 | return -EINVAL; |
4619194a | 149 | } |
27b3eb9c | 150 | |
e31b8213 | 151 | if (!key->local->ops->set_key) |
3ffc2a90 | 152 | goto out_unsupported; |
11a843b7 | 153 | |
ad0e2b5a JB |
154 | assert_key_lock(key->local); |
155 | ||
89c91cae | 156 | sta = key->sta; |
dc822b5d | 157 | |
e31b8213 JB |
158 | /* |
159 | * If this is a per-STA GTK, check if it | |
160 | * is supported; if not, return. | |
161 | */ | |
162 | if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) && | |
30686bf7 | 163 | !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK)) |
e31b8213 JB |
164 | goto out_unsupported; |
165 | ||
89c91cae JB |
166 | if (sta && !sta->uploaded) |
167 | goto out_unsupported; | |
168 | ||
18890d4b HS |
169 | if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { |
170 | /* | |
171 | * The driver doesn't know anything about VLAN interfaces. | |
172 | * Hence, don't send GTKs for VLAN interfaces to the driver. | |
173 | */ | |
78ad2341 AW |
174 | if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) { |
175 | ret = 1; | |
18890d4b | 176 | goto out_unsupported; |
78ad2341 | 177 | } |
18890d4b | 178 | } |
11a843b7 | 179 | |
50ff477a JC |
180 | /* TKIP countermeasures don't work in encap offload mode */ |
181 | if (key->conf.cipher == WLAN_CIPHER_SUITE_TKIP && | |
182 | sdata->hw_80211_encap) { | |
183 | sdata_dbg(sdata, "TKIP is not allowed in hw 80211 encap mode\n"); | |
184 | return -EINVAL; | |
185 | } | |
186 | ||
89c91cae JB |
187 | ret = drv_set_key(key->local, SET_KEY, sdata, |
188 | sta ? &sta->sta : NULL, &key->conf); | |
11a843b7 | 189 | |
e31b8213 | 190 | if (!ret) { |
11a843b7 | 191 | key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; |
3bff1865 | 192 | |
092c4098 AW |
193 | if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | |
194 | IEEE80211_KEY_FLAG_PUT_MIC_SPACE | | |
195 | IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) | |
f9dca80b | 196 | decrease_tailroom_need_count(sdata, 1); |
3bff1865 | 197 | |
077a9154 AN |
198 | WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && |
199 | (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)); | |
200 | ||
9de18d81 DS |
201 | WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) && |
202 | (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)); | |
203 | ||
e31b8213 JB |
204 | return 0; |
205 | } | |
11a843b7 | 206 | |
fa7e1fbc | 207 | if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1) |
bdcbd8e0 | 208 | sdata_err(sdata, |
0fb9a9ec | 209 | "failed to set key (%d, %pM) to hardware (%d)\n", |
89c91cae JB |
210 | key->conf.keyidx, |
211 | sta ? sta->sta.addr : bcast_addr, ret); | |
3ffc2a90 | 212 | |
e31b8213 JB |
213 | out_unsupported: |
214 | switch (key->conf.cipher) { | |
215 | case WLAN_CIPHER_SUITE_WEP40: | |
216 | case WLAN_CIPHER_SUITE_WEP104: | |
217 | case WLAN_CIPHER_SUITE_TKIP: | |
218 | case WLAN_CIPHER_SUITE_CCMP: | |
2b2ba0db | 219 | case WLAN_CIPHER_SUITE_CCMP_256: |
3c706b97 JC |
220 | case WLAN_CIPHER_SUITE_GCMP: |
221 | case WLAN_CIPHER_SUITE_GCMP_256: | |
222 | /* We cannot do software crypto of data frames with | |
223 | * encapsulation offload enabled. However for 802.11w to | |
224 | * function properly we need cmac/gmac keys. | |
225 | */ | |
226 | if (sdata->hw_80211_encap) | |
227 | return -EINVAL; | |
228 | /* Fall through */ | |
229 | ||
e31b8213 | 230 | case WLAN_CIPHER_SUITE_AES_CMAC: |
56c52da2 | 231 | case WLAN_CIPHER_SUITE_BIP_CMAC_256: |
8ade538b JM |
232 | case WLAN_CIPHER_SUITE_BIP_GMAC_128: |
233 | case WLAN_CIPHER_SUITE_BIP_GMAC_256: | |
fa7e1fbc JB |
234 | /* all of these we can do in software - if driver can */ |
235 | if (ret == 1) | |
236 | return 0; | |
78ad2341 | 237 | if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL)) |
fa7e1fbc | 238 | return -EINVAL; |
e31b8213 JB |
239 | return 0; |
240 | default: | |
241 | return -EINVAL; | |
3ffc2a90 | 242 | } |
11a843b7 JB |
243 | } |
244 | ||
245 | static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) | |
246 | { | |
dc822b5d | 247 | struct ieee80211_sub_if_data *sdata; |
89c91cae | 248 | struct sta_info *sta; |
11a843b7 JB |
249 | int ret; |
250 | ||
3b96766f JB |
251 | might_sleep(); |
252 | ||
db4d1169 | 253 | if (!key || !key->local->ops->set_key) |
11a843b7 JB |
254 | return; |
255 | ||
ad0e2b5a JB |
256 | assert_key_lock(key->local); |
257 | ||
258 | if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) | |
11a843b7 JB |
259 | return; |
260 | ||
89c91cae | 261 | sta = key->sta; |
dc822b5d JB |
262 | sdata = key->sdata; |
263 | ||
092c4098 AW |
264 | if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | |
265 | IEEE80211_KEY_FLAG_PUT_MIC_SPACE | | |
266 | IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) | |
3bff1865 YAP |
267 | increment_tailroom_need_count(sdata); |
268 | ||
62872a9b | 269 | key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; |
12375ef9 | 270 | ret = drv_set_key(key->local, DISABLE_KEY, sdata, |
89c91cae | 271 | sta ? &sta->sta : NULL, &key->conf); |
11a843b7 JB |
272 | |
273 | if (ret) | |
bdcbd8e0 | 274 | sdata_err(sdata, |
0fb9a9ec | 275 | "failed to remove key (%d, %pM) from hardware (%d)\n", |
89c91cae JB |
276 | key->conf.keyidx, |
277 | sta ? sta->sta.addr : bcast_addr, ret); | |
62872a9b | 278 | } |
11a843b7 | 279 | |
96fc6efb AW |
280 | int ieee80211_set_tx_key(struct ieee80211_key *key) |
281 | { | |
282 | struct sta_info *sta = key->sta; | |
283 | struct ieee80211_local *local = key->local; | |
96fc6efb AW |
284 | |
285 | assert_key_lock(local); | |
286 | ||
96fc6efb | 287 | sta->ptk_idx = key->conf.keyidx; |
90cc4bd6 | 288 | |
dc3998ec AW |
289 | if (!ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) |
290 | clear_sta_flag(sta, WLAN_STA_BLOCK_BA); | |
96fc6efb AW |
291 | ieee80211_check_fast_xmit(sta); |
292 | ||
293 | return 0; | |
294 | } | |
295 | ||
90cc4bd6 AW |
296 | static void ieee80211_pairwise_rekey(struct ieee80211_key *old, |
297 | struct ieee80211_key *new) | |
62872a9b | 298 | { |
90cc4bd6 AW |
299 | struct ieee80211_local *local = new->local; |
300 | struct sta_info *sta = new->sta; | |
301 | int i; | |
62872a9b | 302 | |
90cc4bd6 | 303 | assert_key_lock(local); |
62872a9b | 304 | |
90cc4bd6 AW |
305 | if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) { |
306 | /* Extended Key ID key install, initial one or rekey */ | |
307 | ||
dc3998ec AW |
308 | if (sta->ptk_idx != INVALID_PTK_KEYIDX && |
309 | !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) { | |
90cc4bd6 AW |
310 | /* Aggregation Sessions with Extended Key ID must not |
311 | * mix MPDUs with different keyIDs within one A-MPDU. | |
3e47bf1c AW |
312 | * Tear down running Tx aggregation sessions and block |
313 | * new Rx/Tx aggregation requests during rekey to | |
dc3998ec AW |
314 | * ensure there are no A-MPDUs when the driver is not |
315 | * supporting A-MPDU key borders. (Blocking Tx only | |
316 | * would be sufficient but WLAN_STA_BLOCK_BA gets the | |
317 | * job done for the few ms we need it.) | |
90cc4bd6 AW |
318 | */ |
319 | set_sta_flag(sta, WLAN_STA_BLOCK_BA); | |
320 | mutex_lock(&sta->ampdu_mlme.mtx); | |
321 | for (i = 0; i < IEEE80211_NUM_TIDS; i++) | |
322 | ___ieee80211_stop_tx_ba_session(sta, i, | |
323 | AGG_STOP_LOCAL_REQUEST); | |
324 | mutex_unlock(&sta->ampdu_mlme.mtx); | |
325 | } | |
326 | } else if (old) { | |
327 | /* Rekey without Extended Key ID. | |
328 | * Aggregation sessions are OK when running on SW crypto. | |
329 | * A broken remote STA may cause issues not observed with HW | |
330 | * crypto, though. | |
331 | */ | |
332 | if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) | |
333 | return; | |
62872a9b | 334 | |
90cc4bd6 AW |
335 | /* Stop Tx till we are on the new key */ |
336 | old->flags |= KEY_FLAG_TAINTED; | |
62872a9b | 337 | ieee80211_clear_fast_xmit(sta); |
62872a9b AW |
338 | if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) { |
339 | set_sta_flag(sta, WLAN_STA_BLOCK_BA); | |
340 | ieee80211_sta_tear_down_BA_sessions(sta, | |
341 | AGG_STOP_LOCAL_REQUEST); | |
342 | } | |
62872a9b AW |
343 | if (!wiphy_ext_feature_isset(local->hw.wiphy, |
344 | NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) { | |
345 | pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.", | |
346 | sta->sta.addr); | |
347 | /* Flushing the driver queues *may* help prevent | |
348 | * the clear text leaks and freezes. | |
349 | */ | |
90cc4bd6 | 350 | ieee80211_flush_queues(local, old->sdata, false); |
62872a9b AW |
351 | } |
352 | } | |
3b96766f JB |
353 | } |
354 | ||
355 | static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, | |
f7e0104c | 356 | int idx, bool uni, bool multi) |
3b96766f JB |
357 | { |
358 | struct ieee80211_key *key = NULL; | |
359 | ||
ad0e2b5a JB |
360 | assert_key_lock(sdata->local); |
361 | ||
3b96766f | 362 | if (idx >= 0 && idx < NUM_DEFAULT_KEYS) |
40b275b6 | 363 | key = key_mtx_dereference(sdata->local, sdata->keys[idx]); |
3b96766f | 364 | |
de5fad81 | 365 | if (uni) { |
f7e0104c | 366 | rcu_assign_pointer(sdata->default_unicast_key, key); |
17c18bf8 | 367 | ieee80211_check_fast_xmit_iface(sdata); |
ec4efc4a JB |
368 | if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN) |
369 | drv_set_default_unicast_key(sdata->local, sdata, idx); | |
de5fad81 YD |
370 | } |
371 | ||
f7e0104c JB |
372 | if (multi) |
373 | rcu_assign_pointer(sdata->default_multicast_key, key); | |
3b96766f | 374 | |
f7e0104c | 375 | ieee80211_debugfs_key_update_default(sdata); |
3b96766f JB |
376 | } |
377 | ||
f7e0104c JB |
378 | void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx, |
379 | bool uni, bool multi) | |
3b96766f | 380 | { |
ad0e2b5a | 381 | mutex_lock(&sdata->local->key_mtx); |
f7e0104c | 382 | __ieee80211_set_default_key(sdata, idx, uni, multi); |
ad0e2b5a | 383 | mutex_unlock(&sdata->local->key_mtx); |
3b96766f JB |
384 | } |
385 | ||
3cfcf6ac JM |
386 | static void |
387 | __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx) | |
388 | { | |
389 | struct ieee80211_key *key = NULL; | |
390 | ||
ad0e2b5a JB |
391 | assert_key_lock(sdata->local); |
392 | ||
3cfcf6ac JM |
393 | if (idx >= NUM_DEFAULT_KEYS && |
394 | idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) | |
40b275b6 | 395 | key = key_mtx_dereference(sdata->local, sdata->keys[idx]); |
3cfcf6ac JM |
396 | |
397 | rcu_assign_pointer(sdata->default_mgmt_key, key); | |
398 | ||
f7e0104c | 399 | ieee80211_debugfs_key_update_default(sdata); |
3cfcf6ac JM |
400 | } |
401 | ||
402 | void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, | |
403 | int idx) | |
404 | { | |
ad0e2b5a | 405 | mutex_lock(&sdata->local->key_mtx); |
3cfcf6ac | 406 | __ieee80211_set_default_mgmt_key(sdata, idx); |
ad0e2b5a | 407 | mutex_unlock(&sdata->local->key_mtx); |
3cfcf6ac JM |
408 | } |
409 | ||
62872a9b | 410 | static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, |
3b8d9c29 JB |
411 | struct sta_info *sta, |
412 | bool pairwise, | |
413 | struct ieee80211_key *old, | |
414 | struct ieee80211_key *new) | |
3b96766f | 415 | { |
f7e0104c | 416 | int idx; |
90cc4bd6 | 417 | int ret = 0; |
f7e0104c | 418 | bool defunikey, defmultikey, defmgmtkey; |
3b96766f | 419 | |
5282c3ba JB |
420 | /* caller must provide at least one old/new */ |
421 | if (WARN_ON(!new && !old)) | |
62872a9b | 422 | return 0; |
5282c3ba | 423 | |
3b96766f | 424 | if (new) |
ef044763 | 425 | list_add_tail_rcu(&new->list, &sdata->key_list); |
3b96766f | 426 | |
2475b1cc | 427 | WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); |
3b96766f | 428 | |
90cc4bd6 AW |
429 | if (new && sta && pairwise) { |
430 | /* Unicast rekey needs special handling. With Extended Key ID | |
431 | * old is still NULL for the first rekey. | |
432 | */ | |
433 | ieee80211_pairwise_rekey(old, new); | |
434 | } | |
435 | ||
62872a9b | 436 | if (old) { |
2475b1cc | 437 | idx = old->conf.keyidx; |
90cc4bd6 AW |
438 | |
439 | if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { | |
440 | ieee80211_key_disable_hw_accel(old); | |
441 | ||
442 | if (new) | |
443 | ret = ieee80211_key_enable_hw_accel(new); | |
444 | } | |
62872a9b | 445 | } else { |
40b5a0f8 | 446 | /* new must be provided in case old is not */ |
2475b1cc | 447 | idx = new->conf.keyidx; |
40b5a0f8 | 448 | if (!new->local->wowlan) |
62872a9b | 449 | ret = ieee80211_key_enable_hw_accel(new); |
62872a9b AW |
450 | } |
451 | ||
452 | if (ret) | |
453 | return ret; | |
3b96766f | 454 | |
2475b1cc MS |
455 | if (sta) { |
456 | if (pairwise) { | |
457 | rcu_assign_pointer(sta->ptk[idx], new); | |
96fc6efb AW |
458 | if (new && |
459 | !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)) { | |
460 | sta->ptk_idx = idx; | |
62872a9b AW |
461 | clear_sta_flag(sta, WLAN_STA_BLOCK_BA); |
462 | ieee80211_check_fast_xmit(sta); | |
463 | } | |
2475b1cc MS |
464 | } else { |
465 | rcu_assign_pointer(sta->gtk[idx], new); | |
2475b1cc | 466 | } |
96fc6efb AW |
467 | /* Only needed for transition from no key -> key. |
468 | * Still triggers unnecessary when using Extended Key ID | |
469 | * and installing the second key ID the first time. | |
470 | */ | |
471 | if (new && !old) | |
62872a9b | 472 | ieee80211_check_fast_rx(sta); |
2475b1cc | 473 | } else { |
40b275b6 JB |
474 | defunikey = old && |
475 | old == key_mtx_dereference(sdata->local, | |
476 | sdata->default_unicast_key); | |
477 | defmultikey = old && | |
478 | old == key_mtx_dereference(sdata->local, | |
479 | sdata->default_multicast_key); | |
480 | defmgmtkey = old && | |
481 | old == key_mtx_dereference(sdata->local, | |
482 | sdata->default_mgmt_key); | |
3b96766f | 483 | |
f7e0104c JB |
484 | if (defunikey && !new) |
485 | __ieee80211_set_default_key(sdata, -1, true, false); | |
486 | if (defmultikey && !new) | |
487 | __ieee80211_set_default_key(sdata, -1, false, true); | |
3cfcf6ac JM |
488 | if (defmgmtkey && !new) |
489 | __ieee80211_set_default_mgmt_key(sdata, -1); | |
3b96766f JB |
490 | |
491 | rcu_assign_pointer(sdata->keys[idx], new); | |
f7e0104c JB |
492 | if (defunikey && new) |
493 | __ieee80211_set_default_key(sdata, new->conf.keyidx, | |
494 | true, false); | |
495 | if (defmultikey && new) | |
496 | __ieee80211_set_default_key(sdata, new->conf.keyidx, | |
497 | false, true); | |
3cfcf6ac JM |
498 | if (defmgmtkey && new) |
499 | __ieee80211_set_default_mgmt_key(sdata, | |
500 | new->conf.keyidx); | |
3b96766f JB |
501 | } |
502 | ||
b5c34f66 | 503 | if (old) |
ef044763 | 504 | list_del_rcu(&old->list); |
62872a9b AW |
505 | |
506 | return 0; | |
11a843b7 JB |
507 | } |
508 | ||
2475b1cc MS |
509 | struct ieee80211_key * |
510 | ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, | |
511 | const u8 *key_data, | |
512 | size_t seq_len, const u8 *seq, | |
513 | const struct ieee80211_cipher_scheme *cs) | |
1f5a7e47 JB |
514 | { |
515 | struct ieee80211_key *key; | |
1ac62ba7 | 516 | int i, j, err; |
1f5a7e47 | 517 | |
8c5bb1fa JB |
518 | if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)) |
519 | return ERR_PTR(-EINVAL); | |
11a843b7 JB |
520 | |
521 | key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); | |
1f5a7e47 | 522 | if (!key) |
1ac62ba7 | 523 | return ERR_PTR(-ENOMEM); |
11a843b7 JB |
524 | |
525 | /* | |
526 | * Default to software encryption; we'll later upload the | |
527 | * key to the hardware if possible. | |
528 | */ | |
11a843b7 JB |
529 | key->conf.flags = 0; |
530 | key->flags = 0; | |
531 | ||
97359d12 | 532 | key->conf.cipher = cipher; |
11a843b7 JB |
533 | key->conf.keyidx = idx; |
534 | key->conf.keylen = key_len; | |
97359d12 JB |
535 | switch (cipher) { |
536 | case WLAN_CIPHER_SUITE_WEP40: | |
537 | case WLAN_CIPHER_SUITE_WEP104: | |
4325f6ca JB |
538 | key->conf.iv_len = IEEE80211_WEP_IV_LEN; |
539 | key->conf.icv_len = IEEE80211_WEP_ICV_LEN; | |
76708dee | 540 | break; |
97359d12 | 541 | case WLAN_CIPHER_SUITE_TKIP: |
4325f6ca JB |
542 | key->conf.iv_len = IEEE80211_TKIP_IV_LEN; |
543 | key->conf.icv_len = IEEE80211_TKIP_ICV_LEN; | |
9f26a952 | 544 | if (seq) { |
5a306f58 | 545 | for (i = 0; i < IEEE80211_NUM_TIDS; i++) { |
faa8fdc8 JM |
546 | key->u.tkip.rx[i].iv32 = |
547 | get_unaligned_le32(&seq[2]); | |
548 | key->u.tkip.rx[i].iv16 = | |
549 | get_unaligned_le16(seq); | |
550 | } | |
551 | } | |
523b02ea | 552 | spin_lock_init(&key->u.tkip.txlock); |
76708dee | 553 | break; |
97359d12 | 554 | case WLAN_CIPHER_SUITE_CCMP: |
4325f6ca JB |
555 | key->conf.iv_len = IEEE80211_CCMP_HDR_LEN; |
556 | key->conf.icv_len = IEEE80211_CCMP_MIC_LEN; | |
9f26a952 | 557 | if (seq) { |
5a306f58 | 558 | for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) |
4325f6ca | 559 | for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++) |
faa8fdc8 | 560 | key->u.ccmp.rx_pn[i][j] = |
4325f6ca | 561 | seq[IEEE80211_CCMP_PN_LEN - j - 1]; |
faa8fdc8 | 562 | } |
11a843b7 JB |
563 | /* |
564 | * Initialize AES key state here as an optimization so that | |
565 | * it does not need to be initialized for every packet. | |
566 | */ | |
2b2ba0db JM |
567 | key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt( |
568 | key_data, key_len, IEEE80211_CCMP_MIC_LEN); | |
569 | if (IS_ERR(key->u.ccmp.tfm)) { | |
570 | err = PTR_ERR(key->u.ccmp.tfm); | |
571 | kfree(key); | |
572 | return ERR_PTR(err); | |
573 | } | |
574 | break; | |
575 | case WLAN_CIPHER_SUITE_CCMP_256: | |
576 | key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN; | |
577 | key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN; | |
578 | for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++) | |
579 | for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++) | |
580 | key->u.ccmp.rx_pn[i][j] = | |
581 | seq[IEEE80211_CCMP_256_PN_LEN - j - 1]; | |
582 | /* Initialize AES key state here as an optimization so that | |
583 | * it does not need to be initialized for every packet. | |
584 | */ | |
585 | key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt( | |
586 | key_data, key_len, IEEE80211_CCMP_256_MIC_LEN); | |
1ac62ba7 BH |
587 | if (IS_ERR(key->u.ccmp.tfm)) { |
588 | err = PTR_ERR(key->u.ccmp.tfm); | |
3b96766f | 589 | kfree(key); |
1f951a7f | 590 | return ERR_PTR(err); |
11a843b7 | 591 | } |
60ae0f20 JB |
592 | break; |
593 | case WLAN_CIPHER_SUITE_AES_CMAC: | |
56c52da2 | 594 | case WLAN_CIPHER_SUITE_BIP_CMAC_256: |
60ae0f20 | 595 | key->conf.iv_len = 0; |
56c52da2 JM |
596 | if (cipher == WLAN_CIPHER_SUITE_AES_CMAC) |
597 | key->conf.icv_len = sizeof(struct ieee80211_mmie); | |
598 | else | |
599 | key->conf.icv_len = sizeof(struct ieee80211_mmie_16); | |
60ae0f20 | 600 | if (seq) |
4325f6ca | 601 | for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++) |
0f927323 | 602 | key->u.aes_cmac.rx_pn[j] = |
4325f6ca | 603 | seq[IEEE80211_CMAC_PN_LEN - j - 1]; |
3cfcf6ac JM |
604 | /* |
605 | * Initialize AES key state here as an optimization so that | |
606 | * it does not need to be initialized for every packet. | |
607 | */ | |
608 | key->u.aes_cmac.tfm = | |
56c52da2 | 609 | ieee80211_aes_cmac_key_setup(key_data, key_len); |
1ac62ba7 BH |
610 | if (IS_ERR(key->u.aes_cmac.tfm)) { |
611 | err = PTR_ERR(key->u.aes_cmac.tfm); | |
3cfcf6ac | 612 | kfree(key); |
1f951a7f | 613 | return ERR_PTR(err); |
3cfcf6ac | 614 | } |
60ae0f20 | 615 | break; |
8ade538b JM |
616 | case WLAN_CIPHER_SUITE_BIP_GMAC_128: |
617 | case WLAN_CIPHER_SUITE_BIP_GMAC_256: | |
618 | key->conf.iv_len = 0; | |
619 | key->conf.icv_len = sizeof(struct ieee80211_mmie_16); | |
620 | if (seq) | |
621 | for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++) | |
622 | key->u.aes_gmac.rx_pn[j] = | |
623 | seq[IEEE80211_GMAC_PN_LEN - j - 1]; | |
624 | /* Initialize AES key state here as an optimization so that | |
625 | * it does not need to be initialized for every packet. | |
626 | */ | |
627 | key->u.aes_gmac.tfm = | |
628 | ieee80211_aes_gmac_key_setup(key_data, key_len); | |
629 | if (IS_ERR(key->u.aes_gmac.tfm)) { | |
630 | err = PTR_ERR(key->u.aes_gmac.tfm); | |
631 | kfree(key); | |
632 | return ERR_PTR(err); | |
633 | } | |
634 | break; | |
00b9cfa3 JM |
635 | case WLAN_CIPHER_SUITE_GCMP: |
636 | case WLAN_CIPHER_SUITE_GCMP_256: | |
637 | key->conf.iv_len = IEEE80211_GCMP_HDR_LEN; | |
638 | key->conf.icv_len = IEEE80211_GCMP_MIC_LEN; | |
639 | for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++) | |
640 | for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++) | |
641 | key->u.gcmp.rx_pn[i][j] = | |
642 | seq[IEEE80211_GCMP_PN_LEN - j - 1]; | |
643 | /* Initialize AES key state here as an optimization so that | |
644 | * it does not need to be initialized for every packet. | |
645 | */ | |
646 | key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data, | |
647 | key_len); | |
648 | if (IS_ERR(key->u.gcmp.tfm)) { | |
649 | err = PTR_ERR(key->u.gcmp.tfm); | |
650 | kfree(key); | |
651 | return ERR_PTR(err); | |
652 | } | |
653 | break; | |
2475b1cc MS |
654 | default: |
655 | if (cs) { | |
e3a55b53 JB |
656 | if (seq_len && seq_len != cs->pn_len) { |
657 | kfree(key); | |
658 | return ERR_PTR(-EINVAL); | |
659 | } | |
2475b1cc MS |
660 | |
661 | key->conf.iv_len = cs->hdr_len; | |
662 | key->conf.icv_len = cs->mic_len; | |
663 | for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) | |
e3a55b53 | 664 | for (j = 0; j < seq_len; j++) |
2475b1cc | 665 | key->u.gen.rx_pn[i][j] = |
e3a55b53 | 666 | seq[seq_len - j - 1]; |
c7ef38e0 | 667 | key->flags |= KEY_FLAG_CIPHER_SCHEME; |
2475b1cc | 668 | } |
3cfcf6ac | 669 | } |
60ae0f20 JB |
670 | memcpy(key->conf.key, key_data, key_len); |
671 | INIT_LIST_HEAD(&key->list); | |
3cfcf6ac | 672 | |
db4d1169 JB |
673 | return key; |
674 | } | |
11a843b7 | 675 | |
79cf2dfa JB |
676 | static void ieee80211_key_free_common(struct ieee80211_key *key) |
677 | { | |
00b9cfa3 JM |
678 | switch (key->conf.cipher) { |
679 | case WLAN_CIPHER_SUITE_CCMP: | |
2b2ba0db | 680 | case WLAN_CIPHER_SUITE_CCMP_256: |
79cf2dfa | 681 | ieee80211_aes_key_free(key->u.ccmp.tfm); |
00b9cfa3 JM |
682 | break; |
683 | case WLAN_CIPHER_SUITE_AES_CMAC: | |
56c52da2 | 684 | case WLAN_CIPHER_SUITE_BIP_CMAC_256: |
79cf2dfa | 685 | ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); |
00b9cfa3 | 686 | break; |
8ade538b JM |
687 | case WLAN_CIPHER_SUITE_BIP_GMAC_128: |
688 | case WLAN_CIPHER_SUITE_BIP_GMAC_256: | |
689 | ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm); | |
690 | break; | |
00b9cfa3 JM |
691 | case WLAN_CIPHER_SUITE_GCMP: |
692 | case WLAN_CIPHER_SUITE_GCMP_256: | |
693 | ieee80211_aes_gcm_key_free(key->u.gcmp.tfm); | |
694 | break; | |
695 | } | |
29c3f9c3 | 696 | kzfree(key); |
79cf2dfa JB |
697 | } |
698 | ||
6d10e46b JB |
699 | static void __ieee80211_key_destroy(struct ieee80211_key *key, |
700 | bool delay_tailroom) | |
ad0e2b5a | 701 | { |
3bff1865 | 702 | if (key->local) { |
8d1f7ecd JB |
703 | struct ieee80211_sub_if_data *sdata = key->sdata; |
704 | ||
32162a4d | 705 | ieee80211_debugfs_key_remove(key); |
8d1f7ecd JB |
706 | |
707 | if (delay_tailroom) { | |
708 | /* see ieee80211_delayed_tailroom_dec */ | |
709 | sdata->crypto_tx_tailroom_pending_dec++; | |
710 | schedule_delayed_work(&sdata->dec_tailroom_needed_wk, | |
711 | HZ/2); | |
712 | } else { | |
f9dca80b | 713 | decrease_tailroom_need_count(sdata, 1); |
8d1f7ecd | 714 | } |
3bff1865 | 715 | } |
ad0e2b5a | 716 | |
79cf2dfa JB |
717 | ieee80211_key_free_common(key); |
718 | } | |
719 | ||
6d10e46b JB |
720 | static void ieee80211_key_destroy(struct ieee80211_key *key, |
721 | bool delay_tailroom) | |
722 | { | |
723 | if (!key) | |
724 | return; | |
725 | ||
726 | /* | |
ef044763 EP |
727 | * Synchronize so the TX path and rcu key iterators |
728 | * can no longer be using this key before we free/remove it. | |
6d10e46b JB |
729 | */ |
730 | synchronize_net(); | |
731 | ||
732 | __ieee80211_key_destroy(key, delay_tailroom); | |
733 | } | |
734 | ||
79cf2dfa JB |
735 | void ieee80211_key_free_unused(struct ieee80211_key *key) |
736 | { | |
737 | WARN_ON(key->sdata || key->local); | |
738 | ieee80211_key_free_common(key); | |
ad0e2b5a JB |
739 | } |
740 | ||
cfbb0d90 JB |
741 | static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata, |
742 | struct ieee80211_key *old, | |
743 | struct ieee80211_key *new) | |
744 | { | |
745 | u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP]; | |
746 | u8 *tk_old, *tk_new; | |
747 | ||
748 | if (!old || new->conf.keylen != old->conf.keylen) | |
749 | return false; | |
750 | ||
751 | tk_old = old->conf.key; | |
752 | tk_new = new->conf.key; | |
753 | ||
754 | /* | |
755 | * In station mode, don't compare the TX MIC key, as it's never used | |
756 | * and offloaded rekeying may not care to send it to the host. This | |
757 | * is the case in iwlwifi, for example. | |
758 | */ | |
759 | if (sdata->vif.type == NL80211_IFTYPE_STATION && | |
760 | new->conf.cipher == WLAN_CIPHER_SUITE_TKIP && | |
761 | new->conf.keylen == WLAN_KEY_LEN_TKIP && | |
762 | !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) { | |
763 | memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP); | |
764 | memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP); | |
765 | memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8); | |
766 | memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8); | |
767 | tk_old = tkip_old; | |
768 | tk_new = tkip_new; | |
769 | } | |
770 | ||
771 | return !crypto_memneq(tk_old, tk_new, new->conf.keylen); | |
772 | } | |
773 | ||
3ffc2a90 JB |
774 | int ieee80211_key_link(struct ieee80211_key *key, |
775 | struct ieee80211_sub_if_data *sdata, | |
776 | struct sta_info *sta) | |
db4d1169 JB |
777 | { |
778 | struct ieee80211_key *old_key; | |
133bf90d MP |
779 | int idx = key->conf.keyidx; |
780 | bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; | |
781 | /* | |
782 | * We want to delay tailroom updates only for station - in that | |
783 | * case it helps roaming speed, but in other cases it hurts and | |
784 | * can cause warnings to appear. | |
785 | */ | |
786 | bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION; | |
96fc6efb | 787 | int ret = -EOPNOTSUPP; |
db4d1169 | 788 | |
ad0e2b5a | 789 | mutex_lock(&sdata->local->key_mtx); |
3b96766f | 790 | |
96fc6efb AW |
791 | if (sta && pairwise) { |
792 | struct ieee80211_key *alt_key; | |
793 | ||
2475b1cc | 794 | old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]); |
96fc6efb AW |
795 | alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]); |
796 | ||
797 | /* The rekey code assumes that the old and new key are using | |
798 | * the same cipher. Enforce the assumption for pairwise keys. | |
799 | */ | |
1c955973 JB |
800 | if ((alt_key && alt_key->conf.cipher != key->conf.cipher) || |
801 | (old_key && old_key->conf.cipher != key->conf.cipher)) | |
96fc6efb AW |
802 | goto out; |
803 | } else if (sta) { | |
40b275b6 | 804 | old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]); |
96fc6efb | 805 | } else { |
40b275b6 | 806 | old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); |
96fc6efb AW |
807 | } |
808 | ||
809 | /* Non-pairwise keys must also not switch the cipher on rekey */ | |
810 | if (!pairwise) { | |
753a9a72 | 811 | if (old_key && old_key->conf.cipher != key->conf.cipher) |
96fc6efb AW |
812 | goto out; |
813 | } | |
db4d1169 | 814 | |
fdf7cb41 JB |
815 | /* |
816 | * Silently accept key re-installation without really installing the | |
817 | * new version of the key to avoid nonce reuse or replay issues. | |
818 | */ | |
cfbb0d90 | 819 | if (ieee80211_key_identical(sdata, old_key, key)) { |
fdf7cb41 JB |
820 | ieee80211_key_free_unused(key); |
821 | ret = 0; | |
822 | goto out; | |
823 | } | |
824 | ||
825 | key->local = sdata->local; | |
826 | key->sdata = sdata; | |
827 | key->sta = sta; | |
828 | ||
3bff1865 YAP |
829 | increment_tailroom_need_count(sdata); |
830 | ||
62872a9b | 831 | ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key); |
db4d1169 | 832 | |
62872a9b AW |
833 | if (!ret) { |
834 | ieee80211_debugfs_key_add(key); | |
835 | ieee80211_key_destroy(old_key, delay_tailroom); | |
27b3eb9c | 836 | } else { |
62872a9b | 837 | ieee80211_key_free(key, delay_tailroom); |
27b3eb9c | 838 | } |
79cf2dfa | 839 | |
fdf7cb41 | 840 | out: |
ad0e2b5a | 841 | mutex_unlock(&sdata->local->key_mtx); |
3ffc2a90 JB |
842 | |
843 | return ret; | |
1f5a7e47 JB |
844 | } |
845 | ||
3b8d9c29 | 846 | void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom) |
1f5a7e47 | 847 | { |
5c0c3641 JB |
848 | if (!key) |
849 | return; | |
850 | ||
3b96766f JB |
851 | /* |
852 | * Replace key with nothingness if it was ever used. | |
853 | */ | |
3a245766 | 854 | if (key->sdata) |
3b8d9c29 | 855 | ieee80211_key_replace(key->sdata, key->sta, |
e31b8213 JB |
856 | key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, |
857 | key, NULL); | |
3b8d9c29 | 858 | ieee80211_key_destroy(key, delay_tailroom); |
3b96766f | 859 | } |
d4e46a3d | 860 | |
624ff4b2 | 861 | void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata) |
3a245766 JB |
862 | { |
863 | struct ieee80211_key *key; | |
f9dca80b | 864 | struct ieee80211_sub_if_data *vlan; |
11a843b7 | 865 | |
3a245766 | 866 | ASSERT_RTNL(); |
11a843b7 | 867 | |
f9dca80b MK |
868 | mutex_lock(&sdata->local->key_mtx); |
869 | ||
870 | sdata->crypto_tx_tailroom_needed_cnt = 0; | |
624ff4b2 | 871 | sdata->crypto_tx_tailroom_pending_dec = 0; |
f9dca80b MK |
872 | |
873 | if (sdata->vif.type == NL80211_IFTYPE_AP) { | |
624ff4b2 | 874 | list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) { |
f9dca80b | 875 | vlan->crypto_tx_tailroom_needed_cnt = 0; |
624ff4b2 LC |
876 | vlan->crypto_tx_tailroom_pending_dec = 0; |
877 | } | |
878 | } | |
879 | ||
880 | if (ieee80211_sdata_running(sdata)) { | |
881 | list_for_each_entry(key, &sdata->key_list, list) { | |
882 | increment_tailroom_need_count(sdata); | |
883 | ieee80211_key_enable_hw_accel(key); | |
884 | } | |
f9dca80b MK |
885 | } |
886 | ||
887 | mutex_unlock(&sdata->local->key_mtx); | |
888 | } | |
889 | ||
830af02f JB |
890 | void ieee80211_iter_keys(struct ieee80211_hw *hw, |
891 | struct ieee80211_vif *vif, | |
892 | void (*iter)(struct ieee80211_hw *hw, | |
893 | struct ieee80211_vif *vif, | |
894 | struct ieee80211_sta *sta, | |
895 | struct ieee80211_key_conf *key, | |
896 | void *data), | |
897 | void *iter_data) | |
898 | { | |
899 | struct ieee80211_local *local = hw_to_local(hw); | |
27b3eb9c | 900 | struct ieee80211_key *key, *tmp; |
830af02f JB |
901 | struct ieee80211_sub_if_data *sdata; |
902 | ||
903 | ASSERT_RTNL(); | |
904 | ||
905 | mutex_lock(&local->key_mtx); | |
906 | if (vif) { | |
907 | sdata = vif_to_sdata(vif); | |
27b3eb9c | 908 | list_for_each_entry_safe(key, tmp, &sdata->key_list, list) |
830af02f JB |
909 | iter(hw, &sdata->vif, |
910 | key->sta ? &key->sta->sta : NULL, | |
911 | &key->conf, iter_data); | |
912 | } else { | |
913 | list_for_each_entry(sdata, &local->interfaces, list) | |
27b3eb9c JB |
914 | list_for_each_entry_safe(key, tmp, |
915 | &sdata->key_list, list) | |
830af02f JB |
916 | iter(hw, &sdata->vif, |
917 | key->sta ? &key->sta->sta : NULL, | |
918 | &key->conf, iter_data); | |
919 | } | |
920 | mutex_unlock(&local->key_mtx); | |
921 | } | |
922 | EXPORT_SYMBOL(ieee80211_iter_keys); | |
923 | ||
ef044763 EP |
924 | static void |
925 | _ieee80211_iter_keys_rcu(struct ieee80211_hw *hw, | |
926 | struct ieee80211_sub_if_data *sdata, | |
927 | void (*iter)(struct ieee80211_hw *hw, | |
928 | struct ieee80211_vif *vif, | |
929 | struct ieee80211_sta *sta, | |
930 | struct ieee80211_key_conf *key, | |
931 | void *data), | |
932 | void *iter_data) | |
933 | { | |
934 | struct ieee80211_key *key; | |
935 | ||
936 | list_for_each_entry_rcu(key, &sdata->key_list, list) { | |
937 | /* skip keys of station in removal process */ | |
938 | if (key->sta && key->sta->removed) | |
939 | continue; | |
940 | if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) | |
941 | continue; | |
942 | ||
943 | iter(hw, &sdata->vif, | |
944 | key->sta ? &key->sta->sta : NULL, | |
945 | &key->conf, iter_data); | |
946 | } | |
947 | } | |
948 | ||
949 | void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw, | |
950 | struct ieee80211_vif *vif, | |
951 | void (*iter)(struct ieee80211_hw *hw, | |
952 | struct ieee80211_vif *vif, | |
953 | struct ieee80211_sta *sta, | |
954 | struct ieee80211_key_conf *key, | |
955 | void *data), | |
956 | void *iter_data) | |
957 | { | |
958 | struct ieee80211_local *local = hw_to_local(hw); | |
959 | struct ieee80211_sub_if_data *sdata; | |
960 | ||
961 | if (vif) { | |
962 | sdata = vif_to_sdata(vif); | |
963 | _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data); | |
964 | } else { | |
965 | list_for_each_entry_rcu(sdata, &local->interfaces, list) | |
966 | _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data); | |
967 | } | |
968 | } | |
969 | EXPORT_SYMBOL(ieee80211_iter_keys_rcu); | |
970 | ||
7907c7d3 JB |
971 | static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata, |
972 | struct list_head *keys) | |
3b96766f JB |
973 | { |
974 | struct ieee80211_key *key, *tmp; | |
3b96766f | 975 | |
f9dca80b MK |
976 | decrease_tailroom_need_count(sdata, |
977 | sdata->crypto_tx_tailroom_pending_dec); | |
8d1f7ecd JB |
978 | sdata->crypto_tx_tailroom_pending_dec = 0; |
979 | ||
3cfcf6ac | 980 | ieee80211_debugfs_key_remove_mgmt_default(sdata); |
3b96766f | 981 | |
6d10e46b JB |
982 | list_for_each_entry_safe(key, tmp, &sdata->key_list, list) { |
983 | ieee80211_key_replace(key->sdata, key->sta, | |
984 | key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, | |
985 | key, NULL); | |
7907c7d3 | 986 | list_add_tail(&key->list, keys); |
6d10e46b | 987 | } |
3b96766f | 988 | |
f7e0104c | 989 | ieee80211_debugfs_key_update_default(sdata); |
7907c7d3 | 990 | } |
f7e0104c | 991 | |
7907c7d3 JB |
992 | void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata, |
993 | bool force_synchronize) | |
994 | { | |
995 | struct ieee80211_local *local = sdata->local; | |
996 | struct ieee80211_sub_if_data *vlan; | |
f9dca80b | 997 | struct ieee80211_sub_if_data *master; |
7907c7d3 JB |
998 | struct ieee80211_key *key, *tmp; |
999 | LIST_HEAD(keys); | |
1000 | ||
1001 | cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk); | |
1002 | ||
1003 | mutex_lock(&local->key_mtx); | |
1004 | ||
1005 | ieee80211_free_keys_iface(sdata, &keys); | |
1006 | ||
1007 | if (sdata->vif.type == NL80211_IFTYPE_AP) { | |
1008 | list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) | |
1009 | ieee80211_free_keys_iface(vlan, &keys); | |
6d10e46b JB |
1010 | } |
1011 | ||
7907c7d3 JB |
1012 | if (!list_empty(&keys) || force_synchronize) |
1013 | synchronize_net(); | |
1014 | list_for_each_entry_safe(key, tmp, &keys, list) | |
1015 | __ieee80211_key_destroy(key, false); | |
1016 | ||
f9dca80b MK |
1017 | if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { |
1018 | if (sdata->bss) { | |
1019 | master = container_of(sdata->bss, | |
1020 | struct ieee80211_sub_if_data, | |
1021 | u.ap); | |
1022 | ||
1023 | WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt != | |
1024 | master->crypto_tx_tailroom_needed_cnt); | |
1025 | } | |
1026 | } else { | |
1027 | WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt || | |
1028 | sdata->crypto_tx_tailroom_pending_dec); | |
1029 | } | |
1030 | ||
7907c7d3 JB |
1031 | if (sdata->vif.type == NL80211_IFTYPE_AP) { |
1032 | list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) | |
1033 | WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt || | |
1034 | vlan->crypto_tx_tailroom_pending_dec); | |
1035 | } | |
8d1f7ecd | 1036 | |
7907c7d3 | 1037 | mutex_unlock(&local->key_mtx); |
11a843b7 | 1038 | } |
c68f4b89 | 1039 | |
6d10e46b JB |
1040 | void ieee80211_free_sta_keys(struct ieee80211_local *local, |
1041 | struct sta_info *sta) | |
1042 | { | |
c8782078 | 1043 | struct ieee80211_key *key; |
6d10e46b JB |
1044 | int i; |
1045 | ||
1046 | mutex_lock(&local->key_mtx); | |
28a9bc68 | 1047 | for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) { |
6d10e46b JB |
1048 | key = key_mtx_dereference(local, sta->gtk[i]); |
1049 | if (!key) | |
1050 | continue; | |
1051 | ieee80211_key_replace(key->sdata, key->sta, | |
1052 | key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, | |
1053 | key, NULL); | |
133bf90d MP |
1054 | __ieee80211_key_destroy(key, key->sdata->vif.type == |
1055 | NL80211_IFTYPE_STATION); | |
6d10e46b JB |
1056 | } |
1057 | ||
2475b1cc MS |
1058 | for (i = 0; i < NUM_DEFAULT_KEYS; i++) { |
1059 | key = key_mtx_dereference(local, sta->ptk[i]); | |
1060 | if (!key) | |
1061 | continue; | |
6d10e46b JB |
1062 | ieee80211_key_replace(key->sdata, key->sta, |
1063 | key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, | |
1064 | key, NULL); | |
133bf90d MP |
1065 | __ieee80211_key_destroy(key, key->sdata->vif.type == |
1066 | NL80211_IFTYPE_STATION); | |
c8782078 | 1067 | } |
6d10e46b JB |
1068 | |
1069 | mutex_unlock(&local->key_mtx); | |
1070 | } | |
1071 | ||
8d1f7ecd JB |
1072 | void ieee80211_delayed_tailroom_dec(struct work_struct *wk) |
1073 | { | |
1074 | struct ieee80211_sub_if_data *sdata; | |
1075 | ||
1076 | sdata = container_of(wk, struct ieee80211_sub_if_data, | |
1077 | dec_tailroom_needed_wk.work); | |
1078 | ||
1079 | /* | |
1080 | * The reason for the delayed tailroom needed decrementing is to | |
1081 | * make roaming faster: during roaming, all keys are first deleted | |
1082 | * and then new keys are installed. The first new key causes the | |
1083 | * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes | |
1084 | * the cost of synchronize_net() (which can be slow). Avoid this | |
1085 | * by deferring the crypto_tx_tailroom_needed_cnt decrementing on | |
1086 | * key removal for a while, so if we roam the value is larger than | |
1087 | * zero and no 0->1 transition happens. | |
1088 | * | |
1089 | * The cost is that if the AP switching was from an AP with keys | |
1090 | * to one without, we still allocate tailroom while it would no | |
1091 | * longer be needed. However, in the typical (fast) roaming case | |
1092 | * within an ESS this usually won't happen. | |
1093 | */ | |
1094 | ||
1095 | mutex_lock(&sdata->local->key_mtx); | |
f9dca80b MK |
1096 | decrease_tailroom_need_count(sdata, |
1097 | sdata->crypto_tx_tailroom_pending_dec); | |
8d1f7ecd JB |
1098 | sdata->crypto_tx_tailroom_pending_dec = 0; |
1099 | mutex_unlock(&sdata->local->key_mtx); | |
1100 | } | |
c68f4b89 JB |
1101 | |
1102 | void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid, | |
1103 | const u8 *replay_ctr, gfp_t gfp) | |
1104 | { | |
1105 | struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); | |
1106 | ||
1107 | trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr); | |
1108 | ||
1109 | cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp); | |
1110 | } | |
1111 | EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify); | |
3ea542d3 | 1112 | |
3ea542d3 JB |
1113 | void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf, |
1114 | int tid, struct ieee80211_key_seq *seq) | |
1115 | { | |
1116 | struct ieee80211_key *key; | |
1117 | const u8 *pn; | |
1118 | ||
1119 | key = container_of(keyconf, struct ieee80211_key, conf); | |
1120 | ||
1121 | switch (key->conf.cipher) { | |
1122 | case WLAN_CIPHER_SUITE_TKIP: | |
5a306f58 | 1123 | if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) |
3ea542d3 JB |
1124 | return; |
1125 | seq->tkip.iv32 = key->u.tkip.rx[tid].iv32; | |
1126 | seq->tkip.iv16 = key->u.tkip.rx[tid].iv16; | |
1127 | break; | |
1128 | case WLAN_CIPHER_SUITE_CCMP: | |
2b2ba0db | 1129 | case WLAN_CIPHER_SUITE_CCMP_256: |
5a306f58 | 1130 | if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) |
3ea542d3 JB |
1131 | return; |
1132 | if (tid < 0) | |
5a306f58 | 1133 | pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; |
3ea542d3 JB |
1134 | else |
1135 | pn = key->u.ccmp.rx_pn[tid]; | |
4325f6ca | 1136 | memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN); |
3ea542d3 JB |
1137 | break; |
1138 | case WLAN_CIPHER_SUITE_AES_CMAC: | |
56c52da2 | 1139 | case WLAN_CIPHER_SUITE_BIP_CMAC_256: |
3ea542d3 JB |
1140 | if (WARN_ON(tid != 0)) |
1141 | return; | |
1142 | pn = key->u.aes_cmac.rx_pn; | |
4325f6ca | 1143 | memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN); |
3ea542d3 | 1144 | break; |
8ade538b JM |
1145 | case WLAN_CIPHER_SUITE_BIP_GMAC_128: |
1146 | case WLAN_CIPHER_SUITE_BIP_GMAC_256: | |
1147 | if (WARN_ON(tid != 0)) | |
1148 | return; | |
1149 | pn = key->u.aes_gmac.rx_pn; | |
1150 | memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN); | |
1151 | break; | |
00b9cfa3 JM |
1152 | case WLAN_CIPHER_SUITE_GCMP: |
1153 | case WLAN_CIPHER_SUITE_GCMP_256: | |
1154 | if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) | |
1155 | return; | |
1156 | if (tid < 0) | |
1157 | pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS]; | |
1158 | else | |
1159 | pn = key->u.gcmp.rx_pn[tid]; | |
1160 | memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN); | |
1161 | break; | |
3ea542d3 JB |
1162 | } |
1163 | } | |
1164 | EXPORT_SYMBOL(ieee80211_get_key_rx_seq); | |
27b3eb9c | 1165 | |
27b3eb9c JB |
1166 | void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf, |
1167 | int tid, struct ieee80211_key_seq *seq) | |
1168 | { | |
1169 | struct ieee80211_key *key; | |
1170 | u8 *pn; | |
1171 | ||
1172 | key = container_of(keyconf, struct ieee80211_key, conf); | |
1173 | ||
1174 | switch (key->conf.cipher) { | |
1175 | case WLAN_CIPHER_SUITE_TKIP: | |
1176 | if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) | |
1177 | return; | |
1178 | key->u.tkip.rx[tid].iv32 = seq->tkip.iv32; | |
1179 | key->u.tkip.rx[tid].iv16 = seq->tkip.iv16; | |
1180 | break; | |
1181 | case WLAN_CIPHER_SUITE_CCMP: | |
2b2ba0db | 1182 | case WLAN_CIPHER_SUITE_CCMP_256: |
27b3eb9c JB |
1183 | if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) |
1184 | return; | |
1185 | if (tid < 0) | |
1186 | pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; | |
1187 | else | |
1188 | pn = key->u.ccmp.rx_pn[tid]; | |
1189 | memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN); | |
1190 | break; | |
1191 | case WLAN_CIPHER_SUITE_AES_CMAC: | |
56c52da2 | 1192 | case WLAN_CIPHER_SUITE_BIP_CMAC_256: |
27b3eb9c JB |
1193 | if (WARN_ON(tid != 0)) |
1194 | return; | |
1195 | pn = key->u.aes_cmac.rx_pn; | |
1196 | memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN); | |
1197 | break; | |
8ade538b JM |
1198 | case WLAN_CIPHER_SUITE_BIP_GMAC_128: |
1199 | case WLAN_CIPHER_SUITE_BIP_GMAC_256: | |
1200 | if (WARN_ON(tid != 0)) | |
1201 | return; | |
1202 | pn = key->u.aes_gmac.rx_pn; | |
1203 | memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN); | |
1204 | break; | |
00b9cfa3 JM |
1205 | case WLAN_CIPHER_SUITE_GCMP: |
1206 | case WLAN_CIPHER_SUITE_GCMP_256: | |
1207 | if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) | |
1208 | return; | |
1209 | if (tid < 0) | |
1210 | pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS]; | |
1211 | else | |
1212 | pn = key->u.gcmp.rx_pn[tid]; | |
1213 | memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN); | |
1214 | break; | |
27b3eb9c JB |
1215 | default: |
1216 | WARN_ON(1); | |
1217 | break; | |
1218 | } | |
1219 | } | |
1220 | EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq); | |
1221 | ||
1222 | void ieee80211_remove_key(struct ieee80211_key_conf *keyconf) | |
1223 | { | |
1224 | struct ieee80211_key *key; | |
1225 | ||
1226 | key = container_of(keyconf, struct ieee80211_key, conf); | |
1227 | ||
1228 | assert_key_lock(key->local); | |
1229 | ||
1230 | /* | |
1231 | * if key was uploaded, we assume the driver will/has remove(d) | |
1232 | * it, so adjust bookkeeping accordingly | |
1233 | */ | |
1234 | if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { | |
1235 | key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; | |
1236 | ||
092c4098 AW |
1237 | if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | |
1238 | IEEE80211_KEY_FLAG_PUT_MIC_SPACE | | |
1239 | IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) | |
27b3eb9c JB |
1240 | increment_tailroom_need_count(key->sdata); |
1241 | } | |
1242 | ||
1243 | ieee80211_key_free(key, false); | |
1244 | } | |
1245 | EXPORT_SYMBOL_GPL(ieee80211_remove_key); | |
1246 | ||
1247 | struct ieee80211_key_conf * | |
1248 | ieee80211_gtk_rekey_add(struct ieee80211_vif *vif, | |
1249 | struct ieee80211_key_conf *keyconf) | |
1250 | { | |
1251 | struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); | |
1252 | struct ieee80211_local *local = sdata->local; | |
1253 | struct ieee80211_key *key; | |
1254 | int err; | |
1255 | ||
1256 | if (WARN_ON(!local->wowlan)) | |
1257 | return ERR_PTR(-EINVAL); | |
1258 | ||
1259 | if (WARN_ON(vif->type != NL80211_IFTYPE_STATION)) | |
1260 | return ERR_PTR(-EINVAL); | |
1261 | ||
1262 | key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx, | |
1263 | keyconf->keylen, keyconf->key, | |
2475b1cc | 1264 | 0, NULL, NULL); |
27b3eb9c | 1265 | if (IS_ERR(key)) |
c5dc164d | 1266 | return ERR_CAST(key); |
27b3eb9c JB |
1267 | |
1268 | if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED) | |
1269 | key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT; | |
1270 | ||
1271 | err = ieee80211_key_link(key, sdata, NULL); | |
1272 | if (err) | |
1273 | return ERR_PTR(err); | |
1274 | ||
1275 | return &key->conf; | |
1276 | } | |
1277 | EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add); |