1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright 2015-2017 Intel Deutschland GmbH
9 * Copyright 2018-2019 Intel Corporation
12 #include <linux/if_ether.h>
13 #include <linux/etherdevice.h>
14 #include <linux/list.h>
15 #include <linux/rcupdate.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/slab.h>
18 #include <linux/export.h>
19 #include <net/mac80211.h>
20 #include <crypto/algapi.h>
21 #include <asm/unaligned.h>
22 #include "ieee80211_i.h"
23 #include "driver-ops.h"
24 #include "debugfs_key.h"
32 * DOC: Key handling basics
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
54 static const u8 bcast_addr
[ETH_ALEN
] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
56 static void assert_key_lock(struct ieee80211_local
*local
)
58 lockdep_assert_held(&local
->key_mtx
);
62 update_vlan_tailroom_need_count(struct ieee80211_sub_if_data
*sdata
, int delta
)
64 struct ieee80211_sub_if_data
*vlan
;
66 if (sdata
->vif
.type
!= NL80211_IFTYPE_AP
)
69 /* crypto_tx_tailroom_needed_cnt is protected by this */
70 assert_key_lock(sdata
->local
);
74 list_for_each_entry_rcu(vlan
, &sdata
->u
.ap
.vlans
, u
.vlan
.list
)
75 vlan
->crypto_tx_tailroom_needed_cnt
+= delta
;
80 static void increment_tailroom_need_count(struct ieee80211_sub_if_data
*sdata
)
83 * When this count is zero, SKB resizing for allocating tailroom
84 * for IV or MMIC is skipped. But, this check has created two race
85 * cases in xmit path while transiting from zero count to one:
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
90 * 2. SKB resize was skipped because all the keys were hw planted but
91 * just before xmit one of the key is deleted and SW encryption kicks
94 * In both the above case SW encryption will find not enough space for
95 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
97 * Solution has been explained at
98 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
101 assert_key_lock(sdata
->local
);
103 update_vlan_tailroom_need_count(sdata
, 1);
105 if (!sdata
->crypto_tx_tailroom_needed_cnt
++) {
107 * Flush all XMIT packets currently using HW encryption or no
108 * encryption at all if the count transition is from 0 -> 1.
114 static void decrease_tailroom_need_count(struct ieee80211_sub_if_data
*sdata
,
117 assert_key_lock(sdata
->local
);
119 WARN_ON_ONCE(sdata
->crypto_tx_tailroom_needed_cnt
< delta
);
121 update_vlan_tailroom_need_count(sdata
, -delta
);
122 sdata
->crypto_tx_tailroom_needed_cnt
-= delta
;
125 static int ieee80211_key_enable_hw_accel(struct ieee80211_key
*key
)
127 struct ieee80211_sub_if_data
*sdata
= key
->sdata
;
128 struct sta_info
*sta
;
129 int ret
= -EOPNOTSUPP
;
133 if (key
->flags
& KEY_FLAG_TAINTED
) {
134 /* If we get here, it's during resume and the key is
135 * tainted so shouldn't be used/programmed any more.
136 * However, its flags may still indicate that it was
137 * programmed into the device (since we're in resume)
138 * so clear that flag now to avoid trying to remove
141 if (key
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
&&
142 !(key
->conf
.flags
& (IEEE80211_KEY_FLAG_GENERATE_MMIC
|
143 IEEE80211_KEY_FLAG_PUT_MIC_SPACE
|
144 IEEE80211_KEY_FLAG_RESERVE_TAILROOM
)))
145 increment_tailroom_need_count(sdata
);
147 key
->flags
&= ~KEY_FLAG_UPLOADED_TO_HARDWARE
;
151 if (!key
->local
->ops
->set_key
)
152 goto out_unsupported
;
154 assert_key_lock(key
->local
);
159 * If this is a per-STA GTK, check if it
160 * is supported; if not, return.
162 if (sta
&& !(key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
) &&
163 !ieee80211_hw_check(&key
->local
->hw
, SUPPORTS_PER_STA_GTK
))
164 goto out_unsupported
;
166 if (sta
&& !sta
->uploaded
)
167 goto out_unsupported
;
169 if (sdata
->vif
.type
== NL80211_IFTYPE_AP_VLAN
) {
171 * The driver doesn't know anything about VLAN interfaces.
172 * Hence, don't send GTKs for VLAN interfaces to the driver.
174 if (!(key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
)) {
176 goto out_unsupported
;
180 ret
= drv_set_key(key
->local
, SET_KEY
, sdata
,
181 sta
? &sta
->sta
: NULL
, &key
->conf
);
184 key
->flags
|= KEY_FLAG_UPLOADED_TO_HARDWARE
;
186 if (!(key
->conf
.flags
& (IEEE80211_KEY_FLAG_GENERATE_MMIC
|
187 IEEE80211_KEY_FLAG_PUT_MIC_SPACE
|
188 IEEE80211_KEY_FLAG_RESERVE_TAILROOM
)))
189 decrease_tailroom_need_count(sdata
, 1);
191 WARN_ON((key
->conf
.flags
& IEEE80211_KEY_FLAG_PUT_IV_SPACE
) &&
192 (key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_IV
));
194 WARN_ON((key
->conf
.flags
& IEEE80211_KEY_FLAG_PUT_MIC_SPACE
) &&
195 (key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_MMIC
));
200 if (ret
!= -ENOSPC
&& ret
!= -EOPNOTSUPP
&& ret
!= 1)
202 "failed to set key (%d, %pM) to hardware (%d)\n",
204 sta
? sta
->sta
.addr
: bcast_addr
, ret
);
207 switch (key
->conf
.cipher
) {
208 case WLAN_CIPHER_SUITE_WEP40
:
209 case WLAN_CIPHER_SUITE_WEP104
:
210 case WLAN_CIPHER_SUITE_TKIP
:
211 case WLAN_CIPHER_SUITE_CCMP
:
212 case WLAN_CIPHER_SUITE_CCMP_256
:
213 case WLAN_CIPHER_SUITE_AES_CMAC
:
214 case WLAN_CIPHER_SUITE_BIP_CMAC_256
:
215 case WLAN_CIPHER_SUITE_BIP_GMAC_128
:
216 case WLAN_CIPHER_SUITE_BIP_GMAC_256
:
217 case WLAN_CIPHER_SUITE_GCMP
:
218 case WLAN_CIPHER_SUITE_GCMP_256
:
219 /* all of these we can do in software - if driver can */
222 if (ieee80211_hw_check(&key
->local
->hw
, SW_CRYPTO_CONTROL
))
230 static void ieee80211_key_disable_hw_accel(struct ieee80211_key
*key
)
232 struct ieee80211_sub_if_data
*sdata
;
233 struct sta_info
*sta
;
238 if (!key
|| !key
->local
->ops
->set_key
)
241 assert_key_lock(key
->local
);
243 if (!(key
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
))
249 if (!(key
->conf
.flags
& (IEEE80211_KEY_FLAG_GENERATE_MMIC
|
250 IEEE80211_KEY_FLAG_PUT_MIC_SPACE
|
251 IEEE80211_KEY_FLAG_RESERVE_TAILROOM
)))
252 increment_tailroom_need_count(sdata
);
254 key
->flags
&= ~KEY_FLAG_UPLOADED_TO_HARDWARE
;
255 ret
= drv_set_key(key
->local
, DISABLE_KEY
, sdata
,
256 sta
? &sta
->sta
: NULL
, &key
->conf
);
260 "failed to remove key (%d, %pM) from hardware (%d)\n",
262 sta
? sta
->sta
.addr
: bcast_addr
, ret
);
265 int ieee80211_set_tx_key(struct ieee80211_key
*key
)
267 struct sta_info
*sta
= key
->sta
;
268 struct ieee80211_local
*local
= key
->local
;
270 assert_key_lock(local
);
272 sta
->ptk_idx
= key
->conf
.keyidx
;
274 if (!ieee80211_hw_check(&local
->hw
, AMPDU_KEYBORDER_SUPPORT
))
275 clear_sta_flag(sta
, WLAN_STA_BLOCK_BA
);
276 ieee80211_check_fast_xmit(sta
);
281 static void ieee80211_pairwise_rekey(struct ieee80211_key
*old
,
282 struct ieee80211_key
*new)
284 struct ieee80211_local
*local
= new->local
;
285 struct sta_info
*sta
= new->sta
;
288 assert_key_lock(local
);
290 if (new->conf
.flags
& IEEE80211_KEY_FLAG_NO_AUTO_TX
) {
291 /* Extended Key ID key install, initial one or rekey */
293 if (sta
->ptk_idx
!= INVALID_PTK_KEYIDX
&&
294 !ieee80211_hw_check(&local
->hw
, AMPDU_KEYBORDER_SUPPORT
)) {
295 /* Aggregation Sessions with Extended Key ID must not
296 * mix MPDUs with different keyIDs within one A-MPDU.
297 * Tear down running Tx aggregation sessions and block
298 * new Rx/Tx aggregation requests during rekey to
299 * ensure there are no A-MPDUs when the driver is not
300 * supporting A-MPDU key borders. (Blocking Tx only
301 * would be sufficient but WLAN_STA_BLOCK_BA gets the
302 * job done for the few ms we need it.)
304 set_sta_flag(sta
, WLAN_STA_BLOCK_BA
);
305 mutex_lock(&sta
->ampdu_mlme
.mtx
);
306 for (i
= 0; i
< IEEE80211_NUM_TIDS
; i
++)
307 ___ieee80211_stop_tx_ba_session(sta
, i
,
308 AGG_STOP_LOCAL_REQUEST
);
309 mutex_unlock(&sta
->ampdu_mlme
.mtx
);
312 /* Rekey without Extended Key ID.
313 * Aggregation sessions are OK when running on SW crypto.
314 * A broken remote STA may cause issues not observed with HW
317 if (!(old
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
))
320 /* Stop Tx till we are on the new key */
321 old
->flags
|= KEY_FLAG_TAINTED
;
322 ieee80211_clear_fast_xmit(sta
);
323 if (ieee80211_hw_check(&local
->hw
, AMPDU_AGGREGATION
)) {
324 set_sta_flag(sta
, WLAN_STA_BLOCK_BA
);
325 ieee80211_sta_tear_down_BA_sessions(sta
,
326 AGG_STOP_LOCAL_REQUEST
);
328 if (!wiphy_ext_feature_isset(local
->hw
.wiphy
,
329 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0
)) {
330 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
332 /* Flushing the driver queues *may* help prevent
333 * the clear text leaks and freezes.
335 ieee80211_flush_queues(local
, old
->sdata
, false);
340 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data
*sdata
,
341 int idx
, bool uni
, bool multi
)
343 struct ieee80211_key
*key
= NULL
;
345 assert_key_lock(sdata
->local
);
347 if (idx
>= 0 && idx
< NUM_DEFAULT_KEYS
)
348 key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
351 rcu_assign_pointer(sdata
->default_unicast_key
, key
);
352 ieee80211_check_fast_xmit_iface(sdata
);
353 if (sdata
->vif
.type
!= NL80211_IFTYPE_AP_VLAN
)
354 drv_set_default_unicast_key(sdata
->local
, sdata
, idx
);
358 rcu_assign_pointer(sdata
->default_multicast_key
, key
);
360 ieee80211_debugfs_key_update_default(sdata
);
363 void ieee80211_set_default_key(struct ieee80211_sub_if_data
*sdata
, int idx
,
364 bool uni
, bool multi
)
366 mutex_lock(&sdata
->local
->key_mtx
);
367 __ieee80211_set_default_key(sdata
, idx
, uni
, multi
);
368 mutex_unlock(&sdata
->local
->key_mtx
);
372 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data
*sdata
, int idx
)
374 struct ieee80211_key
*key
= NULL
;
376 assert_key_lock(sdata
->local
);
378 if (idx
>= NUM_DEFAULT_KEYS
&&
379 idx
< NUM_DEFAULT_KEYS
+ NUM_DEFAULT_MGMT_KEYS
)
380 key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
382 rcu_assign_pointer(sdata
->default_mgmt_key
, key
);
384 ieee80211_debugfs_key_update_default(sdata
);
387 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data
*sdata
,
390 mutex_lock(&sdata
->local
->key_mtx
);
391 __ieee80211_set_default_mgmt_key(sdata
, idx
);
392 mutex_unlock(&sdata
->local
->key_mtx
);
395 static int ieee80211_key_replace(struct ieee80211_sub_if_data
*sdata
,
396 struct sta_info
*sta
,
398 struct ieee80211_key
*old
,
399 struct ieee80211_key
*new)
403 bool defunikey
, defmultikey
, defmgmtkey
;
405 /* caller must provide at least one old/new */
406 if (WARN_ON(!new && !old
))
410 list_add_tail_rcu(&new->list
, &sdata
->key_list
);
412 WARN_ON(new && old
&& new->conf
.keyidx
!= old
->conf
.keyidx
);
414 if (new && sta
&& pairwise
) {
415 /* Unicast rekey needs special handling. With Extended Key ID
416 * old is still NULL for the first rekey.
418 ieee80211_pairwise_rekey(old
, new);
422 idx
= old
->conf
.keyidx
;
424 if (old
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
) {
425 ieee80211_key_disable_hw_accel(old
);
428 ret
= ieee80211_key_enable_hw_accel(new);
431 /* new must be provided in case old is not */
432 idx
= new->conf
.keyidx
;
433 if (!new->local
->wowlan
)
434 ret
= ieee80211_key_enable_hw_accel(new);
442 rcu_assign_pointer(sta
->ptk
[idx
], new);
444 !(new->conf
.flags
& IEEE80211_KEY_FLAG_NO_AUTO_TX
)) {
446 clear_sta_flag(sta
, WLAN_STA_BLOCK_BA
);
447 ieee80211_check_fast_xmit(sta
);
450 rcu_assign_pointer(sta
->gtk
[idx
], new);
452 /* Only needed for transition from no key -> key.
453 * Still triggers unnecessary when using Extended Key ID
454 * and installing the second key ID the first time.
457 ieee80211_check_fast_rx(sta
);
460 old
== key_mtx_dereference(sdata
->local
,
461 sdata
->default_unicast_key
);
463 old
== key_mtx_dereference(sdata
->local
,
464 sdata
->default_multicast_key
);
466 old
== key_mtx_dereference(sdata
->local
,
467 sdata
->default_mgmt_key
);
469 if (defunikey
&& !new)
470 __ieee80211_set_default_key(sdata
, -1, true, false);
471 if (defmultikey
&& !new)
472 __ieee80211_set_default_key(sdata
, -1, false, true);
473 if (defmgmtkey
&& !new)
474 __ieee80211_set_default_mgmt_key(sdata
, -1);
476 rcu_assign_pointer(sdata
->keys
[idx
], new);
477 if (defunikey
&& new)
478 __ieee80211_set_default_key(sdata
, new->conf
.keyidx
,
480 if (defmultikey
&& new)
481 __ieee80211_set_default_key(sdata
, new->conf
.keyidx
,
483 if (defmgmtkey
&& new)
484 __ieee80211_set_default_mgmt_key(sdata
,
489 list_del_rcu(&old
->list
);
494 struct ieee80211_key
*
495 ieee80211_key_alloc(u32 cipher
, int idx
, size_t key_len
,
497 size_t seq_len
, const u8
*seq
,
498 const struct ieee80211_cipher_scheme
*cs
)
500 struct ieee80211_key
*key
;
503 if (WARN_ON(idx
< 0 || idx
>= NUM_DEFAULT_KEYS
+ NUM_DEFAULT_MGMT_KEYS
))
504 return ERR_PTR(-EINVAL
);
506 key
= kzalloc(sizeof(struct ieee80211_key
) + key_len
, GFP_KERNEL
);
508 return ERR_PTR(-ENOMEM
);
511 * Default to software encryption; we'll later upload the
512 * key to the hardware if possible.
517 key
->conf
.cipher
= cipher
;
518 key
->conf
.keyidx
= idx
;
519 key
->conf
.keylen
= key_len
;
521 case WLAN_CIPHER_SUITE_WEP40
:
522 case WLAN_CIPHER_SUITE_WEP104
:
523 key
->conf
.iv_len
= IEEE80211_WEP_IV_LEN
;
524 key
->conf
.icv_len
= IEEE80211_WEP_ICV_LEN
;
526 case WLAN_CIPHER_SUITE_TKIP
:
527 key
->conf
.iv_len
= IEEE80211_TKIP_IV_LEN
;
528 key
->conf
.icv_len
= IEEE80211_TKIP_ICV_LEN
;
530 for (i
= 0; i
< IEEE80211_NUM_TIDS
; i
++) {
531 key
->u
.tkip
.rx
[i
].iv32
=
532 get_unaligned_le32(&seq
[2]);
533 key
->u
.tkip
.rx
[i
].iv16
=
534 get_unaligned_le16(seq
);
537 spin_lock_init(&key
->u
.tkip
.txlock
);
539 case WLAN_CIPHER_SUITE_CCMP
:
540 key
->conf
.iv_len
= IEEE80211_CCMP_HDR_LEN
;
541 key
->conf
.icv_len
= IEEE80211_CCMP_MIC_LEN
;
543 for (i
= 0; i
< IEEE80211_NUM_TIDS
+ 1; i
++)
544 for (j
= 0; j
< IEEE80211_CCMP_PN_LEN
; j
++)
545 key
->u
.ccmp
.rx_pn
[i
][j
] =
546 seq
[IEEE80211_CCMP_PN_LEN
- j
- 1];
549 * Initialize AES key state here as an optimization so that
550 * it does not need to be initialized for every packet.
552 key
->u
.ccmp
.tfm
= ieee80211_aes_key_setup_encrypt(
553 key_data
, key_len
, IEEE80211_CCMP_MIC_LEN
);
554 if (IS_ERR(key
->u
.ccmp
.tfm
)) {
555 err
= PTR_ERR(key
->u
.ccmp
.tfm
);
560 case WLAN_CIPHER_SUITE_CCMP_256
:
561 key
->conf
.iv_len
= IEEE80211_CCMP_256_HDR_LEN
;
562 key
->conf
.icv_len
= IEEE80211_CCMP_256_MIC_LEN
;
563 for (i
= 0; seq
&& i
< IEEE80211_NUM_TIDS
+ 1; i
++)
564 for (j
= 0; j
< IEEE80211_CCMP_256_PN_LEN
; j
++)
565 key
->u
.ccmp
.rx_pn
[i
][j
] =
566 seq
[IEEE80211_CCMP_256_PN_LEN
- j
- 1];
567 /* Initialize AES key state here as an optimization so that
568 * it does not need to be initialized for every packet.
570 key
->u
.ccmp
.tfm
= ieee80211_aes_key_setup_encrypt(
571 key_data
, key_len
, IEEE80211_CCMP_256_MIC_LEN
);
572 if (IS_ERR(key
->u
.ccmp
.tfm
)) {
573 err
= PTR_ERR(key
->u
.ccmp
.tfm
);
578 case WLAN_CIPHER_SUITE_AES_CMAC
:
579 case WLAN_CIPHER_SUITE_BIP_CMAC_256
:
580 key
->conf
.iv_len
= 0;
581 if (cipher
== WLAN_CIPHER_SUITE_AES_CMAC
)
582 key
->conf
.icv_len
= sizeof(struct ieee80211_mmie
);
584 key
->conf
.icv_len
= sizeof(struct ieee80211_mmie_16
);
586 for (j
= 0; j
< IEEE80211_CMAC_PN_LEN
; j
++)
587 key
->u
.aes_cmac
.rx_pn
[j
] =
588 seq
[IEEE80211_CMAC_PN_LEN
- j
- 1];
590 * Initialize AES key state here as an optimization so that
591 * it does not need to be initialized for every packet.
593 key
->u
.aes_cmac
.tfm
=
594 ieee80211_aes_cmac_key_setup(key_data
, key_len
);
595 if (IS_ERR(key
->u
.aes_cmac
.tfm
)) {
596 err
= PTR_ERR(key
->u
.aes_cmac
.tfm
);
601 case WLAN_CIPHER_SUITE_BIP_GMAC_128
:
602 case WLAN_CIPHER_SUITE_BIP_GMAC_256
:
603 key
->conf
.iv_len
= 0;
604 key
->conf
.icv_len
= sizeof(struct ieee80211_mmie_16
);
606 for (j
= 0; j
< IEEE80211_GMAC_PN_LEN
; j
++)
607 key
->u
.aes_gmac
.rx_pn
[j
] =
608 seq
[IEEE80211_GMAC_PN_LEN
- j
- 1];
609 /* Initialize AES key state here as an optimization so that
610 * it does not need to be initialized for every packet.
612 key
->u
.aes_gmac
.tfm
=
613 ieee80211_aes_gmac_key_setup(key_data
, key_len
);
614 if (IS_ERR(key
->u
.aes_gmac
.tfm
)) {
615 err
= PTR_ERR(key
->u
.aes_gmac
.tfm
);
620 case WLAN_CIPHER_SUITE_GCMP
:
621 case WLAN_CIPHER_SUITE_GCMP_256
:
622 key
->conf
.iv_len
= IEEE80211_GCMP_HDR_LEN
;
623 key
->conf
.icv_len
= IEEE80211_GCMP_MIC_LEN
;
624 for (i
= 0; seq
&& i
< IEEE80211_NUM_TIDS
+ 1; i
++)
625 for (j
= 0; j
< IEEE80211_GCMP_PN_LEN
; j
++)
626 key
->u
.gcmp
.rx_pn
[i
][j
] =
627 seq
[IEEE80211_GCMP_PN_LEN
- j
- 1];
628 /* Initialize AES key state here as an optimization so that
629 * it does not need to be initialized for every packet.
631 key
->u
.gcmp
.tfm
= ieee80211_aes_gcm_key_setup_encrypt(key_data
,
633 if (IS_ERR(key
->u
.gcmp
.tfm
)) {
634 err
= PTR_ERR(key
->u
.gcmp
.tfm
);
641 if (seq_len
&& seq_len
!= cs
->pn_len
) {
643 return ERR_PTR(-EINVAL
);
646 key
->conf
.iv_len
= cs
->hdr_len
;
647 key
->conf
.icv_len
= cs
->mic_len
;
648 for (i
= 0; i
< IEEE80211_NUM_TIDS
+ 1; i
++)
649 for (j
= 0; j
< seq_len
; j
++)
650 key
->u
.gen
.rx_pn
[i
][j
] =
651 seq
[seq_len
- j
- 1];
652 key
->flags
|= KEY_FLAG_CIPHER_SCHEME
;
655 memcpy(key
->conf
.key
, key_data
, key_len
);
656 INIT_LIST_HEAD(&key
->list
);
661 static void ieee80211_key_free_common(struct ieee80211_key
*key
)
663 switch (key
->conf
.cipher
) {
664 case WLAN_CIPHER_SUITE_CCMP
:
665 case WLAN_CIPHER_SUITE_CCMP_256
:
666 ieee80211_aes_key_free(key
->u
.ccmp
.tfm
);
668 case WLAN_CIPHER_SUITE_AES_CMAC
:
669 case WLAN_CIPHER_SUITE_BIP_CMAC_256
:
670 ieee80211_aes_cmac_key_free(key
->u
.aes_cmac
.tfm
);
672 case WLAN_CIPHER_SUITE_BIP_GMAC_128
:
673 case WLAN_CIPHER_SUITE_BIP_GMAC_256
:
674 ieee80211_aes_gmac_key_free(key
->u
.aes_gmac
.tfm
);
676 case WLAN_CIPHER_SUITE_GCMP
:
677 case WLAN_CIPHER_SUITE_GCMP_256
:
678 ieee80211_aes_gcm_key_free(key
->u
.gcmp
.tfm
);
684 static void __ieee80211_key_destroy(struct ieee80211_key
*key
,
688 struct ieee80211_sub_if_data
*sdata
= key
->sdata
;
690 ieee80211_debugfs_key_remove(key
);
692 if (delay_tailroom
) {
693 /* see ieee80211_delayed_tailroom_dec */
694 sdata
->crypto_tx_tailroom_pending_dec
++;
695 schedule_delayed_work(&sdata
->dec_tailroom_needed_wk
,
698 decrease_tailroom_need_count(sdata
, 1);
702 ieee80211_key_free_common(key
);
705 static void ieee80211_key_destroy(struct ieee80211_key
*key
,
712 * Synchronize so the TX path and rcu key iterators
713 * can no longer be using this key before we free/remove it.
717 __ieee80211_key_destroy(key
, delay_tailroom
);
720 void ieee80211_key_free_unused(struct ieee80211_key
*key
)
722 WARN_ON(key
->sdata
|| key
->local
);
723 ieee80211_key_free_common(key
);
726 static bool ieee80211_key_identical(struct ieee80211_sub_if_data
*sdata
,
727 struct ieee80211_key
*old
,
728 struct ieee80211_key
*new)
730 u8 tkip_old
[WLAN_KEY_LEN_TKIP
], tkip_new
[WLAN_KEY_LEN_TKIP
];
733 if (!old
|| new->conf
.keylen
!= old
->conf
.keylen
)
736 tk_old
= old
->conf
.key
;
737 tk_new
= new->conf
.key
;
740 * In station mode, don't compare the TX MIC key, as it's never used
741 * and offloaded rekeying may not care to send it to the host. This
742 * is the case in iwlwifi, for example.
744 if (sdata
->vif
.type
== NL80211_IFTYPE_STATION
&&
745 new->conf
.cipher
== WLAN_CIPHER_SUITE_TKIP
&&
746 new->conf
.keylen
== WLAN_KEY_LEN_TKIP
&&
747 !(new->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
)) {
748 memcpy(tkip_old
, tk_old
, WLAN_KEY_LEN_TKIP
);
749 memcpy(tkip_new
, tk_new
, WLAN_KEY_LEN_TKIP
);
750 memset(tkip_old
+ NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY
, 0, 8);
751 memset(tkip_new
+ NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY
, 0, 8);
756 return !crypto_memneq(tk_old
, tk_new
, new->conf
.keylen
);
759 int ieee80211_key_link(struct ieee80211_key
*key
,
760 struct ieee80211_sub_if_data
*sdata
,
761 struct sta_info
*sta
)
763 struct ieee80211_key
*old_key
;
764 int idx
= key
->conf
.keyidx
;
765 bool pairwise
= key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
;
767 * We want to delay tailroom updates only for station - in that
768 * case it helps roaming speed, but in other cases it hurts and
769 * can cause warnings to appear.
771 bool delay_tailroom
= sdata
->vif
.type
== NL80211_IFTYPE_STATION
;
772 int ret
= -EOPNOTSUPP
;
774 mutex_lock(&sdata
->local
->key_mtx
);
776 if (sta
&& pairwise
) {
777 struct ieee80211_key
*alt_key
;
779 old_key
= key_mtx_dereference(sdata
->local
, sta
->ptk
[idx
]);
780 alt_key
= key_mtx_dereference(sdata
->local
, sta
->ptk
[idx
^ 1]);
782 /* The rekey code assumes that the old and new key are using
783 * the same cipher. Enforce the assumption for pairwise keys.
785 if ((alt_key
&& alt_key
->conf
.cipher
!= key
->conf
.cipher
) ||
786 (old_key
&& old_key
->conf
.cipher
!= key
->conf
.cipher
))
789 old_key
= key_mtx_dereference(sdata
->local
, sta
->gtk
[idx
]);
791 old_key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
794 /* Non-pairwise keys must also not switch the cipher on rekey */
796 if (old_key
&& old_key
->conf
.cipher
!= key
->conf
.cipher
)
801 * Silently accept key re-installation without really installing the
802 * new version of the key to avoid nonce reuse or replay issues.
804 if (ieee80211_key_identical(sdata
, old_key
, key
)) {
805 ieee80211_key_free_unused(key
);
810 key
->local
= sdata
->local
;
814 increment_tailroom_need_count(sdata
);
816 ret
= ieee80211_key_replace(sdata
, sta
, pairwise
, old_key
, key
);
819 ieee80211_debugfs_key_add(key
);
820 ieee80211_key_destroy(old_key
, delay_tailroom
);
822 ieee80211_key_free(key
, delay_tailroom
);
826 mutex_unlock(&sdata
->local
->key_mtx
);
831 void ieee80211_key_free(struct ieee80211_key
*key
, bool delay_tailroom
)
837 * Replace key with nothingness if it was ever used.
840 ieee80211_key_replace(key
->sdata
, key
->sta
,
841 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
843 ieee80211_key_destroy(key
, delay_tailroom
);
846 void ieee80211_reenable_keys(struct ieee80211_sub_if_data
*sdata
)
848 struct ieee80211_key
*key
;
849 struct ieee80211_sub_if_data
*vlan
;
853 mutex_lock(&sdata
->local
->key_mtx
);
855 sdata
->crypto_tx_tailroom_needed_cnt
= 0;
856 sdata
->crypto_tx_tailroom_pending_dec
= 0;
858 if (sdata
->vif
.type
== NL80211_IFTYPE_AP
) {
859 list_for_each_entry(vlan
, &sdata
->u
.ap
.vlans
, u
.vlan
.list
) {
860 vlan
->crypto_tx_tailroom_needed_cnt
= 0;
861 vlan
->crypto_tx_tailroom_pending_dec
= 0;
865 if (ieee80211_sdata_running(sdata
)) {
866 list_for_each_entry(key
, &sdata
->key_list
, list
) {
867 increment_tailroom_need_count(sdata
);
868 ieee80211_key_enable_hw_accel(key
);
872 mutex_unlock(&sdata
->local
->key_mtx
);
875 void ieee80211_iter_keys(struct ieee80211_hw
*hw
,
876 struct ieee80211_vif
*vif
,
877 void (*iter
)(struct ieee80211_hw
*hw
,
878 struct ieee80211_vif
*vif
,
879 struct ieee80211_sta
*sta
,
880 struct ieee80211_key_conf
*key
,
884 struct ieee80211_local
*local
= hw_to_local(hw
);
885 struct ieee80211_key
*key
, *tmp
;
886 struct ieee80211_sub_if_data
*sdata
;
890 mutex_lock(&local
->key_mtx
);
892 sdata
= vif_to_sdata(vif
);
893 list_for_each_entry_safe(key
, tmp
, &sdata
->key_list
, list
)
894 iter(hw
, &sdata
->vif
,
895 key
->sta
? &key
->sta
->sta
: NULL
,
896 &key
->conf
, iter_data
);
898 list_for_each_entry(sdata
, &local
->interfaces
, list
)
899 list_for_each_entry_safe(key
, tmp
,
900 &sdata
->key_list
, list
)
901 iter(hw
, &sdata
->vif
,
902 key
->sta
? &key
->sta
->sta
: NULL
,
903 &key
->conf
, iter_data
);
905 mutex_unlock(&local
->key_mtx
);
907 EXPORT_SYMBOL(ieee80211_iter_keys
);
910 _ieee80211_iter_keys_rcu(struct ieee80211_hw
*hw
,
911 struct ieee80211_sub_if_data
*sdata
,
912 void (*iter
)(struct ieee80211_hw
*hw
,
913 struct ieee80211_vif
*vif
,
914 struct ieee80211_sta
*sta
,
915 struct ieee80211_key_conf
*key
,
919 struct ieee80211_key
*key
;
921 list_for_each_entry_rcu(key
, &sdata
->key_list
, list
) {
922 /* skip keys of station in removal process */
923 if (key
->sta
&& key
->sta
->removed
)
925 if (!(key
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
))
928 iter(hw
, &sdata
->vif
,
929 key
->sta
? &key
->sta
->sta
: NULL
,
930 &key
->conf
, iter_data
);
934 void ieee80211_iter_keys_rcu(struct ieee80211_hw
*hw
,
935 struct ieee80211_vif
*vif
,
936 void (*iter
)(struct ieee80211_hw
*hw
,
937 struct ieee80211_vif
*vif
,
938 struct ieee80211_sta
*sta
,
939 struct ieee80211_key_conf
*key
,
943 struct ieee80211_local
*local
= hw_to_local(hw
);
944 struct ieee80211_sub_if_data
*sdata
;
947 sdata
= vif_to_sdata(vif
);
948 _ieee80211_iter_keys_rcu(hw
, sdata
, iter
, iter_data
);
950 list_for_each_entry_rcu(sdata
, &local
->interfaces
, list
)
951 _ieee80211_iter_keys_rcu(hw
, sdata
, iter
, iter_data
);
954 EXPORT_SYMBOL(ieee80211_iter_keys_rcu
);
956 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data
*sdata
,
957 struct list_head
*keys
)
959 struct ieee80211_key
*key
, *tmp
;
961 decrease_tailroom_need_count(sdata
,
962 sdata
->crypto_tx_tailroom_pending_dec
);
963 sdata
->crypto_tx_tailroom_pending_dec
= 0;
965 ieee80211_debugfs_key_remove_mgmt_default(sdata
);
967 list_for_each_entry_safe(key
, tmp
, &sdata
->key_list
, list
) {
968 ieee80211_key_replace(key
->sdata
, key
->sta
,
969 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
971 list_add_tail(&key
->list
, keys
);
974 ieee80211_debugfs_key_update_default(sdata
);
977 void ieee80211_free_keys(struct ieee80211_sub_if_data
*sdata
,
978 bool force_synchronize
)
980 struct ieee80211_local
*local
= sdata
->local
;
981 struct ieee80211_sub_if_data
*vlan
;
982 struct ieee80211_sub_if_data
*master
;
983 struct ieee80211_key
*key
, *tmp
;
986 cancel_delayed_work_sync(&sdata
->dec_tailroom_needed_wk
);
988 mutex_lock(&local
->key_mtx
);
990 ieee80211_free_keys_iface(sdata
, &keys
);
992 if (sdata
->vif
.type
== NL80211_IFTYPE_AP
) {
993 list_for_each_entry(vlan
, &sdata
->u
.ap
.vlans
, u
.vlan
.list
)
994 ieee80211_free_keys_iface(vlan
, &keys
);
997 if (!list_empty(&keys
) || force_synchronize
)
999 list_for_each_entry_safe(key
, tmp
, &keys
, list
)
1000 __ieee80211_key_destroy(key
, false);
1002 if (sdata
->vif
.type
== NL80211_IFTYPE_AP_VLAN
) {
1004 master
= container_of(sdata
->bss
,
1005 struct ieee80211_sub_if_data
,
1008 WARN_ON_ONCE(sdata
->crypto_tx_tailroom_needed_cnt
!=
1009 master
->crypto_tx_tailroom_needed_cnt
);
1012 WARN_ON_ONCE(sdata
->crypto_tx_tailroom_needed_cnt
||
1013 sdata
->crypto_tx_tailroom_pending_dec
);
1016 if (sdata
->vif
.type
== NL80211_IFTYPE_AP
) {
1017 list_for_each_entry(vlan
, &sdata
->u
.ap
.vlans
, u
.vlan
.list
)
1018 WARN_ON_ONCE(vlan
->crypto_tx_tailroom_needed_cnt
||
1019 vlan
->crypto_tx_tailroom_pending_dec
);
1022 mutex_unlock(&local
->key_mtx
);
1025 void ieee80211_free_sta_keys(struct ieee80211_local
*local
,
1026 struct sta_info
*sta
)
1028 struct ieee80211_key
*key
;
1031 mutex_lock(&local
->key_mtx
);
1032 for (i
= 0; i
< ARRAY_SIZE(sta
->gtk
); i
++) {
1033 key
= key_mtx_dereference(local
, sta
->gtk
[i
]);
1036 ieee80211_key_replace(key
->sdata
, key
->sta
,
1037 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
1039 __ieee80211_key_destroy(key
, key
->sdata
->vif
.type
==
1040 NL80211_IFTYPE_STATION
);
1043 for (i
= 0; i
< NUM_DEFAULT_KEYS
; i
++) {
1044 key
= key_mtx_dereference(local
, sta
->ptk
[i
]);
1047 ieee80211_key_replace(key
->sdata
, key
->sta
,
1048 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
1050 __ieee80211_key_destroy(key
, key
->sdata
->vif
.type
==
1051 NL80211_IFTYPE_STATION
);
1054 mutex_unlock(&local
->key_mtx
);
1057 void ieee80211_delayed_tailroom_dec(struct work_struct
*wk
)
1059 struct ieee80211_sub_if_data
*sdata
;
1061 sdata
= container_of(wk
, struct ieee80211_sub_if_data
,
1062 dec_tailroom_needed_wk
.work
);
1065 * The reason for the delayed tailroom needed decrementing is to
1066 * make roaming faster: during roaming, all keys are first deleted
1067 * and then new keys are installed. The first new key causes the
1068 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1069 * the cost of synchronize_net() (which can be slow). Avoid this
1070 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1071 * key removal for a while, so if we roam the value is larger than
1072 * zero and no 0->1 transition happens.
1074 * The cost is that if the AP switching was from an AP with keys
1075 * to one without, we still allocate tailroom while it would no
1076 * longer be needed. However, in the typical (fast) roaming case
1077 * within an ESS this usually won't happen.
1080 mutex_lock(&sdata
->local
->key_mtx
);
1081 decrease_tailroom_need_count(sdata
,
1082 sdata
->crypto_tx_tailroom_pending_dec
);
1083 sdata
->crypto_tx_tailroom_pending_dec
= 0;
1084 mutex_unlock(&sdata
->local
->key_mtx
);
1087 void ieee80211_gtk_rekey_notify(struct ieee80211_vif
*vif
, const u8
*bssid
,
1088 const u8
*replay_ctr
, gfp_t gfp
)
1090 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
1092 trace_api_gtk_rekey_notify(sdata
, bssid
, replay_ctr
);
1094 cfg80211_gtk_rekey_notify(sdata
->dev
, bssid
, replay_ctr
, gfp
);
1096 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify
);
1098 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf
*keyconf
,
1099 int tid
, struct ieee80211_key_seq
*seq
)
1101 struct ieee80211_key
*key
;
1104 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
1106 switch (key
->conf
.cipher
) {
1107 case WLAN_CIPHER_SUITE_TKIP
:
1108 if (WARN_ON(tid
< 0 || tid
>= IEEE80211_NUM_TIDS
))
1110 seq
->tkip
.iv32
= key
->u
.tkip
.rx
[tid
].iv32
;
1111 seq
->tkip
.iv16
= key
->u
.tkip
.rx
[tid
].iv16
;
1113 case WLAN_CIPHER_SUITE_CCMP
:
1114 case WLAN_CIPHER_SUITE_CCMP_256
:
1115 if (WARN_ON(tid
< -1 || tid
>= IEEE80211_NUM_TIDS
))
1118 pn
= key
->u
.ccmp
.rx_pn
[IEEE80211_NUM_TIDS
];
1120 pn
= key
->u
.ccmp
.rx_pn
[tid
];
1121 memcpy(seq
->ccmp
.pn
, pn
, IEEE80211_CCMP_PN_LEN
);
1123 case WLAN_CIPHER_SUITE_AES_CMAC
:
1124 case WLAN_CIPHER_SUITE_BIP_CMAC_256
:
1125 if (WARN_ON(tid
!= 0))
1127 pn
= key
->u
.aes_cmac
.rx_pn
;
1128 memcpy(seq
->aes_cmac
.pn
, pn
, IEEE80211_CMAC_PN_LEN
);
1130 case WLAN_CIPHER_SUITE_BIP_GMAC_128
:
1131 case WLAN_CIPHER_SUITE_BIP_GMAC_256
:
1132 if (WARN_ON(tid
!= 0))
1134 pn
= key
->u
.aes_gmac
.rx_pn
;
1135 memcpy(seq
->aes_gmac
.pn
, pn
, IEEE80211_GMAC_PN_LEN
);
1137 case WLAN_CIPHER_SUITE_GCMP
:
1138 case WLAN_CIPHER_SUITE_GCMP_256
:
1139 if (WARN_ON(tid
< -1 || tid
>= IEEE80211_NUM_TIDS
))
1142 pn
= key
->u
.gcmp
.rx_pn
[IEEE80211_NUM_TIDS
];
1144 pn
= key
->u
.gcmp
.rx_pn
[tid
];
1145 memcpy(seq
->gcmp
.pn
, pn
, IEEE80211_GCMP_PN_LEN
);
1149 EXPORT_SYMBOL(ieee80211_get_key_rx_seq
);
1151 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf
*keyconf
,
1152 int tid
, struct ieee80211_key_seq
*seq
)
1154 struct ieee80211_key
*key
;
1157 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
1159 switch (key
->conf
.cipher
) {
1160 case WLAN_CIPHER_SUITE_TKIP
:
1161 if (WARN_ON(tid
< 0 || tid
>= IEEE80211_NUM_TIDS
))
1163 key
->u
.tkip
.rx
[tid
].iv32
= seq
->tkip
.iv32
;
1164 key
->u
.tkip
.rx
[tid
].iv16
= seq
->tkip
.iv16
;
1166 case WLAN_CIPHER_SUITE_CCMP
:
1167 case WLAN_CIPHER_SUITE_CCMP_256
:
1168 if (WARN_ON(tid
< -1 || tid
>= IEEE80211_NUM_TIDS
))
1171 pn
= key
->u
.ccmp
.rx_pn
[IEEE80211_NUM_TIDS
];
1173 pn
= key
->u
.ccmp
.rx_pn
[tid
];
1174 memcpy(pn
, seq
->ccmp
.pn
, IEEE80211_CCMP_PN_LEN
);
1176 case WLAN_CIPHER_SUITE_AES_CMAC
:
1177 case WLAN_CIPHER_SUITE_BIP_CMAC_256
:
1178 if (WARN_ON(tid
!= 0))
1180 pn
= key
->u
.aes_cmac
.rx_pn
;
1181 memcpy(pn
, seq
->aes_cmac
.pn
, IEEE80211_CMAC_PN_LEN
);
1183 case WLAN_CIPHER_SUITE_BIP_GMAC_128
:
1184 case WLAN_CIPHER_SUITE_BIP_GMAC_256
:
1185 if (WARN_ON(tid
!= 0))
1187 pn
= key
->u
.aes_gmac
.rx_pn
;
1188 memcpy(pn
, seq
->aes_gmac
.pn
, IEEE80211_GMAC_PN_LEN
);
1190 case WLAN_CIPHER_SUITE_GCMP
:
1191 case WLAN_CIPHER_SUITE_GCMP_256
:
1192 if (WARN_ON(tid
< -1 || tid
>= IEEE80211_NUM_TIDS
))
1195 pn
= key
->u
.gcmp
.rx_pn
[IEEE80211_NUM_TIDS
];
1197 pn
= key
->u
.gcmp
.rx_pn
[tid
];
1198 memcpy(pn
, seq
->gcmp
.pn
, IEEE80211_GCMP_PN_LEN
);
1205 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq
);
1207 void ieee80211_remove_key(struct ieee80211_key_conf
*keyconf
)
1209 struct ieee80211_key
*key
;
1211 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
1213 assert_key_lock(key
->local
);
1216 * if key was uploaded, we assume the driver will/has remove(d)
1217 * it, so adjust bookkeeping accordingly
1219 if (key
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
) {
1220 key
->flags
&= ~KEY_FLAG_UPLOADED_TO_HARDWARE
;
1222 if (!(key
->conf
.flags
& (IEEE80211_KEY_FLAG_GENERATE_MMIC
|
1223 IEEE80211_KEY_FLAG_PUT_MIC_SPACE
|
1224 IEEE80211_KEY_FLAG_RESERVE_TAILROOM
)))
1225 increment_tailroom_need_count(key
->sdata
);
1228 ieee80211_key_free(key
, false);
1230 EXPORT_SYMBOL_GPL(ieee80211_remove_key
);
1232 struct ieee80211_key_conf
*
1233 ieee80211_gtk_rekey_add(struct ieee80211_vif
*vif
,
1234 struct ieee80211_key_conf
*keyconf
)
1236 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
1237 struct ieee80211_local
*local
= sdata
->local
;
1238 struct ieee80211_key
*key
;
1241 if (WARN_ON(!local
->wowlan
))
1242 return ERR_PTR(-EINVAL
);
1244 if (WARN_ON(vif
->type
!= NL80211_IFTYPE_STATION
))
1245 return ERR_PTR(-EINVAL
);
1247 key
= ieee80211_key_alloc(keyconf
->cipher
, keyconf
->keyidx
,
1248 keyconf
->keylen
, keyconf
->key
,
1251 return ERR_CAST(key
);
1253 if (sdata
->u
.mgd
.mfp
!= IEEE80211_MFP_DISABLED
)
1254 key
->conf
.flags
|= IEEE80211_KEY_FLAG_RX_MGMT
;
1256 err
= ieee80211_key_link(key
, sdata
, NULL
);
1258 return ERR_PTR(err
);
1262 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add
);