xref: /openbmc/linux/net/mac80211/key.c (revision 034f90b3)
1 /*
2  * Copyright 2002-2005, Instant802 Networks, Inc.
3  * Copyright 2005-2006, Devicescape Software, Inc.
4  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
5  * Copyright 2007-2008	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License version 2 as
10  * published by the Free Software Foundation.
11  */
12 
13 #include <linux/if_ether.h>
14 #include <linux/etherdevice.h>
15 #include <linux/list.h>
16 #include <linux/rcupdate.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/slab.h>
19 #include <linux/export.h>
20 #include <net/mac80211.h>
21 #include <asm/unaligned.h>
22 #include "ieee80211_i.h"
23 #include "driver-ops.h"
24 #include "debugfs_key.h"
25 #include "aes_ccm.h"
26 #include "aes_cmac.h"
27 #include "aes_gmac.h"
28 #include "aes_gcm.h"
29 
30 
31 /**
32  * DOC: Key handling basics
33  *
34  * Key handling in mac80211 is done based on per-interface (sub_if_data)
35  * keys and per-station keys. Since each station belongs to an interface,
36  * each station key also belongs to that interface.
37  *
38  * Hardware acceleration is done on a best-effort basis for algorithms
39  * that are implemented in software,  for each key the hardware is asked
40  * to enable that key for offloading but if it cannot do that the key is
41  * simply kept for software encryption (unless it is for an algorithm
42  * that isn't implemented in software).
43  * There is currently no way of knowing whether a key is handled in SW
44  * or HW except by looking into debugfs.
45  *
46  * All key management is internally protected by a mutex. Within all
47  * other parts of mac80211, key references are, just as STA structure
48  * references, protected by RCU. Note, however, that some things are
49  * unprotected, namely the key->sta dereferences within the hardware
50  * acceleration functions. This means that sta_info_destroy() must
51  * remove the key which waits for an RCU grace period.
52  */
53 
54 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55 
56 static void assert_key_lock(struct ieee80211_local *local)
57 {
58 	lockdep_assert_held(&local->key_mtx);
59 }
60 
61 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
62 {
63 	/*
64 	 * When this count is zero, SKB resizing for allocating tailroom
65 	 * for IV or MMIC is skipped. But, this check has created two race
66 	 * cases in xmit path while transiting from zero count to one:
67 	 *
68 	 * 1. SKB resize was skipped because no key was added but just before
69 	 * the xmit key is added and SW encryption kicks off.
70 	 *
71 	 * 2. SKB resize was skipped because all the keys were hw planted but
72 	 * just before xmit one of the key is deleted and SW encryption kicks
73 	 * off.
74 	 *
75 	 * In both the above case SW encryption will find not enough space for
76 	 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
77 	 *
78 	 * Solution has been explained at
79 	 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
80 	 */
81 
82 	if (!sdata->crypto_tx_tailroom_needed_cnt++) {
83 		/*
84 		 * Flush all XMIT packets currently using HW encryption or no
85 		 * encryption at all if the count transition is from 0 -> 1.
86 		 */
87 		synchronize_net();
88 	}
89 }
90 
91 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
92 {
93 	struct ieee80211_sub_if_data *sdata;
94 	struct sta_info *sta;
95 	int ret = -EOPNOTSUPP;
96 
97 	might_sleep();
98 
99 	if (key->flags & KEY_FLAG_TAINTED) {
100 		/* If we get here, it's during resume and the key is
101 		 * tainted so shouldn't be used/programmed any more.
102 		 * However, its flags may still indicate that it was
103 		 * programmed into the device (since we're in resume)
104 		 * so clear that flag now to avoid trying to remove
105 		 * it again later.
106 		 */
107 		key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
108 		return -EINVAL;
109 	}
110 
111 	if (!key->local->ops->set_key)
112 		goto out_unsupported;
113 
114 	assert_key_lock(key->local);
115 
116 	sta = key->sta;
117 
118 	/*
119 	 * If this is a per-STA GTK, check if it
120 	 * is supported; if not, return.
121 	 */
122 	if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
123 	    !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK))
124 		goto out_unsupported;
125 
126 	if (sta && !sta->uploaded)
127 		goto out_unsupported;
128 
129 	sdata = key->sdata;
130 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
131 		/*
132 		 * The driver doesn't know anything about VLAN interfaces.
133 		 * Hence, don't send GTKs for VLAN interfaces to the driver.
134 		 */
135 		if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
136 			goto out_unsupported;
137 	}
138 
139 	ret = drv_set_key(key->local, SET_KEY, sdata,
140 			  sta ? &sta->sta : NULL, &key->conf);
141 
142 	if (!ret) {
143 		key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
144 
145 		if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
146 		      (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
147 			sdata->crypto_tx_tailroom_needed_cnt--;
148 
149 		WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
150 			(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
151 
152 		return 0;
153 	}
154 
155 	if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
156 		sdata_err(sdata,
157 			  "failed to set key (%d, %pM) to hardware (%d)\n",
158 			  key->conf.keyidx,
159 			  sta ? sta->sta.addr : bcast_addr, ret);
160 
161  out_unsupported:
162 	switch (key->conf.cipher) {
163 	case WLAN_CIPHER_SUITE_WEP40:
164 	case WLAN_CIPHER_SUITE_WEP104:
165 	case WLAN_CIPHER_SUITE_TKIP:
166 	case WLAN_CIPHER_SUITE_CCMP:
167 	case WLAN_CIPHER_SUITE_CCMP_256:
168 	case WLAN_CIPHER_SUITE_AES_CMAC:
169 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
170 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
171 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
172 	case WLAN_CIPHER_SUITE_GCMP:
173 	case WLAN_CIPHER_SUITE_GCMP_256:
174 		/* all of these we can do in software - if driver can */
175 		if (ret == 1)
176 			return 0;
177 		if (key->local->hw.flags & IEEE80211_HW_SW_CRYPTO_CONTROL)
178 			return -EINVAL;
179 		return 0;
180 	default:
181 		return -EINVAL;
182 	}
183 }
184 
185 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
186 {
187 	struct ieee80211_sub_if_data *sdata;
188 	struct sta_info *sta;
189 	int ret;
190 
191 	might_sleep();
192 
193 	if (!key || !key->local->ops->set_key)
194 		return;
195 
196 	assert_key_lock(key->local);
197 
198 	if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
199 		return;
200 
201 	sta = key->sta;
202 	sdata = key->sdata;
203 
204 	if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
205 	      (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
206 		increment_tailroom_need_count(sdata);
207 
208 	ret = drv_set_key(key->local, DISABLE_KEY, sdata,
209 			  sta ? &sta->sta : NULL, &key->conf);
210 
211 	if (ret)
212 		sdata_err(sdata,
213 			  "failed to remove key (%d, %pM) from hardware (%d)\n",
214 			  key->conf.keyidx,
215 			  sta ? sta->sta.addr : bcast_addr, ret);
216 
217 	key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
218 }
219 
220 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
221 					int idx, bool uni, bool multi)
222 {
223 	struct ieee80211_key *key = NULL;
224 
225 	assert_key_lock(sdata->local);
226 
227 	if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
228 		key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
229 
230 	if (uni) {
231 		rcu_assign_pointer(sdata->default_unicast_key, key);
232 		drv_set_default_unicast_key(sdata->local, sdata, idx);
233 	}
234 
235 	if (multi)
236 		rcu_assign_pointer(sdata->default_multicast_key, key);
237 
238 	ieee80211_debugfs_key_update_default(sdata);
239 }
240 
241 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
242 			       bool uni, bool multi)
243 {
244 	mutex_lock(&sdata->local->key_mtx);
245 	__ieee80211_set_default_key(sdata, idx, uni, multi);
246 	mutex_unlock(&sdata->local->key_mtx);
247 }
248 
249 static void
250 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
251 {
252 	struct ieee80211_key *key = NULL;
253 
254 	assert_key_lock(sdata->local);
255 
256 	if (idx >= NUM_DEFAULT_KEYS &&
257 	    idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
258 		key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
259 
260 	rcu_assign_pointer(sdata->default_mgmt_key, key);
261 
262 	ieee80211_debugfs_key_update_default(sdata);
263 }
264 
265 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
266 				    int idx)
267 {
268 	mutex_lock(&sdata->local->key_mtx);
269 	__ieee80211_set_default_mgmt_key(sdata, idx);
270 	mutex_unlock(&sdata->local->key_mtx);
271 }
272 
273 
274 static void ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
275 				  struct sta_info *sta,
276 				  bool pairwise,
277 				  struct ieee80211_key *old,
278 				  struct ieee80211_key *new)
279 {
280 	int idx;
281 	bool defunikey, defmultikey, defmgmtkey;
282 
283 	/* caller must provide at least one old/new */
284 	if (WARN_ON(!new && !old))
285 		return;
286 
287 	if (new)
288 		list_add_tail(&new->list, &sdata->key_list);
289 
290 	WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
291 
292 	if (old)
293 		idx = old->conf.keyidx;
294 	else
295 		idx = new->conf.keyidx;
296 
297 	if (sta) {
298 		if (pairwise) {
299 			rcu_assign_pointer(sta->ptk[idx], new);
300 			sta->ptk_idx = idx;
301 		} else {
302 			rcu_assign_pointer(sta->gtk[idx], new);
303 			sta->gtk_idx = idx;
304 		}
305 	} else {
306 		defunikey = old &&
307 			old == key_mtx_dereference(sdata->local,
308 						sdata->default_unicast_key);
309 		defmultikey = old &&
310 			old == key_mtx_dereference(sdata->local,
311 						sdata->default_multicast_key);
312 		defmgmtkey = old &&
313 			old == key_mtx_dereference(sdata->local,
314 						sdata->default_mgmt_key);
315 
316 		if (defunikey && !new)
317 			__ieee80211_set_default_key(sdata, -1, true, false);
318 		if (defmultikey && !new)
319 			__ieee80211_set_default_key(sdata, -1, false, true);
320 		if (defmgmtkey && !new)
321 			__ieee80211_set_default_mgmt_key(sdata, -1);
322 
323 		rcu_assign_pointer(sdata->keys[idx], new);
324 		if (defunikey && new)
325 			__ieee80211_set_default_key(sdata, new->conf.keyidx,
326 						    true, false);
327 		if (defmultikey && new)
328 			__ieee80211_set_default_key(sdata, new->conf.keyidx,
329 						    false, true);
330 		if (defmgmtkey && new)
331 			__ieee80211_set_default_mgmt_key(sdata,
332 							 new->conf.keyidx);
333 	}
334 
335 	if (old)
336 		list_del(&old->list);
337 }
338 
339 struct ieee80211_key *
340 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
341 		    const u8 *key_data,
342 		    size_t seq_len, const u8 *seq,
343 		    const struct ieee80211_cipher_scheme *cs)
344 {
345 	struct ieee80211_key *key;
346 	int i, j, err;
347 
348 	if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS))
349 		return ERR_PTR(-EINVAL);
350 
351 	key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
352 	if (!key)
353 		return ERR_PTR(-ENOMEM);
354 
355 	/*
356 	 * Default to software encryption; we'll later upload the
357 	 * key to the hardware if possible.
358 	 */
359 	key->conf.flags = 0;
360 	key->flags = 0;
361 
362 	key->conf.cipher = cipher;
363 	key->conf.keyidx = idx;
364 	key->conf.keylen = key_len;
365 	switch (cipher) {
366 	case WLAN_CIPHER_SUITE_WEP40:
367 	case WLAN_CIPHER_SUITE_WEP104:
368 		key->conf.iv_len = IEEE80211_WEP_IV_LEN;
369 		key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
370 		break;
371 	case WLAN_CIPHER_SUITE_TKIP:
372 		key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
373 		key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
374 		if (seq) {
375 			for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
376 				key->u.tkip.rx[i].iv32 =
377 					get_unaligned_le32(&seq[2]);
378 				key->u.tkip.rx[i].iv16 =
379 					get_unaligned_le16(seq);
380 			}
381 		}
382 		spin_lock_init(&key->u.tkip.txlock);
383 		break;
384 	case WLAN_CIPHER_SUITE_CCMP:
385 		key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
386 		key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
387 		if (seq) {
388 			for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
389 				for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
390 					key->u.ccmp.rx_pn[i][j] =
391 						seq[IEEE80211_CCMP_PN_LEN - j - 1];
392 		}
393 		/*
394 		 * Initialize AES key state here as an optimization so that
395 		 * it does not need to be initialized for every packet.
396 		 */
397 		key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
398 			key_data, key_len, IEEE80211_CCMP_MIC_LEN);
399 		if (IS_ERR(key->u.ccmp.tfm)) {
400 			err = PTR_ERR(key->u.ccmp.tfm);
401 			kfree(key);
402 			return ERR_PTR(err);
403 		}
404 		break;
405 	case WLAN_CIPHER_SUITE_CCMP_256:
406 		key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
407 		key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
408 		for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
409 			for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
410 				key->u.ccmp.rx_pn[i][j] =
411 					seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
412 		/* Initialize AES key state here as an optimization so that
413 		 * it does not need to be initialized for every packet.
414 		 */
415 		key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
416 			key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
417 		if (IS_ERR(key->u.ccmp.tfm)) {
418 			err = PTR_ERR(key->u.ccmp.tfm);
419 			kfree(key);
420 			return ERR_PTR(err);
421 		}
422 		break;
423 	case WLAN_CIPHER_SUITE_AES_CMAC:
424 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
425 		key->conf.iv_len = 0;
426 		if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
427 			key->conf.icv_len = sizeof(struct ieee80211_mmie);
428 		else
429 			key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
430 		if (seq)
431 			for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
432 				key->u.aes_cmac.rx_pn[j] =
433 					seq[IEEE80211_CMAC_PN_LEN - j - 1];
434 		/*
435 		 * Initialize AES key state here as an optimization so that
436 		 * it does not need to be initialized for every packet.
437 		 */
438 		key->u.aes_cmac.tfm =
439 			ieee80211_aes_cmac_key_setup(key_data, key_len);
440 		if (IS_ERR(key->u.aes_cmac.tfm)) {
441 			err = PTR_ERR(key->u.aes_cmac.tfm);
442 			kfree(key);
443 			return ERR_PTR(err);
444 		}
445 		break;
446 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
447 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
448 		key->conf.iv_len = 0;
449 		key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
450 		if (seq)
451 			for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
452 				key->u.aes_gmac.rx_pn[j] =
453 					seq[IEEE80211_GMAC_PN_LEN - j - 1];
454 		/* Initialize AES key state here as an optimization so that
455 		 * it does not need to be initialized for every packet.
456 		 */
457 		key->u.aes_gmac.tfm =
458 			ieee80211_aes_gmac_key_setup(key_data, key_len);
459 		if (IS_ERR(key->u.aes_gmac.tfm)) {
460 			err = PTR_ERR(key->u.aes_gmac.tfm);
461 			kfree(key);
462 			return ERR_PTR(err);
463 		}
464 		break;
465 	case WLAN_CIPHER_SUITE_GCMP:
466 	case WLAN_CIPHER_SUITE_GCMP_256:
467 		key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
468 		key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
469 		for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
470 			for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
471 				key->u.gcmp.rx_pn[i][j] =
472 					seq[IEEE80211_GCMP_PN_LEN - j - 1];
473 		/* Initialize AES key state here as an optimization so that
474 		 * it does not need to be initialized for every packet.
475 		 */
476 		key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
477 								      key_len);
478 		if (IS_ERR(key->u.gcmp.tfm)) {
479 			err = PTR_ERR(key->u.gcmp.tfm);
480 			kfree(key);
481 			return ERR_PTR(err);
482 		}
483 		break;
484 	default:
485 		if (cs) {
486 			size_t len = (seq_len > MAX_PN_LEN) ?
487 						MAX_PN_LEN : seq_len;
488 
489 			key->conf.iv_len = cs->hdr_len;
490 			key->conf.icv_len = cs->mic_len;
491 			for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
492 				for (j = 0; j < len; j++)
493 					key->u.gen.rx_pn[i][j] =
494 							seq[len - j - 1];
495 		}
496 	}
497 	memcpy(key->conf.key, key_data, key_len);
498 	INIT_LIST_HEAD(&key->list);
499 
500 	return key;
501 }
502 
503 static void ieee80211_key_free_common(struct ieee80211_key *key)
504 {
505 	switch (key->conf.cipher) {
506 	case WLAN_CIPHER_SUITE_CCMP:
507 	case WLAN_CIPHER_SUITE_CCMP_256:
508 		ieee80211_aes_key_free(key->u.ccmp.tfm);
509 		break;
510 	case WLAN_CIPHER_SUITE_AES_CMAC:
511 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
512 		ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
513 		break;
514 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
515 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
516 		ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
517 		break;
518 	case WLAN_CIPHER_SUITE_GCMP:
519 	case WLAN_CIPHER_SUITE_GCMP_256:
520 		ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
521 		break;
522 	}
523 	kzfree(key);
524 }
525 
526 static void __ieee80211_key_destroy(struct ieee80211_key *key,
527 				    bool delay_tailroom)
528 {
529 	if (key->local)
530 		ieee80211_key_disable_hw_accel(key);
531 
532 	if (key->local) {
533 		struct ieee80211_sub_if_data *sdata = key->sdata;
534 
535 		ieee80211_debugfs_key_remove(key);
536 
537 		if (delay_tailroom) {
538 			/* see ieee80211_delayed_tailroom_dec */
539 			sdata->crypto_tx_tailroom_pending_dec++;
540 			schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
541 					      HZ/2);
542 		} else {
543 			sdata->crypto_tx_tailroom_needed_cnt--;
544 		}
545 	}
546 
547 	ieee80211_key_free_common(key);
548 }
549 
550 static void ieee80211_key_destroy(struct ieee80211_key *key,
551 				  bool delay_tailroom)
552 {
553 	if (!key)
554 		return;
555 
556 	/*
557 	 * Synchronize so the TX path can no longer be using
558 	 * this key before we free/remove it.
559 	 */
560 	synchronize_net();
561 
562 	__ieee80211_key_destroy(key, delay_tailroom);
563 }
564 
565 void ieee80211_key_free_unused(struct ieee80211_key *key)
566 {
567 	WARN_ON(key->sdata || key->local);
568 	ieee80211_key_free_common(key);
569 }
570 
571 int ieee80211_key_link(struct ieee80211_key *key,
572 		       struct ieee80211_sub_if_data *sdata,
573 		       struct sta_info *sta)
574 {
575 	struct ieee80211_local *local = sdata->local;
576 	struct ieee80211_key *old_key;
577 	int idx, ret;
578 	bool pairwise;
579 
580 	pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
581 	idx = key->conf.keyidx;
582 	key->local = sdata->local;
583 	key->sdata = sdata;
584 	key->sta = sta;
585 
586 	mutex_lock(&sdata->local->key_mtx);
587 
588 	if (sta && pairwise)
589 		old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
590 	else if (sta)
591 		old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
592 	else
593 		old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
594 
595 	increment_tailroom_need_count(sdata);
596 
597 	ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
598 	ieee80211_key_destroy(old_key, true);
599 
600 	ieee80211_debugfs_key_add(key);
601 
602 	if (!local->wowlan) {
603 		ret = ieee80211_key_enable_hw_accel(key);
604 		if (ret)
605 			ieee80211_key_free(key, true);
606 	} else {
607 		ret = 0;
608 	}
609 
610 	mutex_unlock(&sdata->local->key_mtx);
611 
612 	return ret;
613 }
614 
615 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
616 {
617 	if (!key)
618 		return;
619 
620 	/*
621 	 * Replace key with nothingness if it was ever used.
622 	 */
623 	if (key->sdata)
624 		ieee80211_key_replace(key->sdata, key->sta,
625 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
626 				key, NULL);
627 	ieee80211_key_destroy(key, delay_tailroom);
628 }
629 
630 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
631 {
632 	struct ieee80211_key *key;
633 
634 	ASSERT_RTNL();
635 
636 	if (WARN_ON(!ieee80211_sdata_running(sdata)))
637 		return;
638 
639 	mutex_lock(&sdata->local->key_mtx);
640 
641 	sdata->crypto_tx_tailroom_needed_cnt = 0;
642 
643 	list_for_each_entry(key, &sdata->key_list, list) {
644 		increment_tailroom_need_count(sdata);
645 		ieee80211_key_enable_hw_accel(key);
646 	}
647 
648 	mutex_unlock(&sdata->local->key_mtx);
649 }
650 
651 void ieee80211_iter_keys(struct ieee80211_hw *hw,
652 			 struct ieee80211_vif *vif,
653 			 void (*iter)(struct ieee80211_hw *hw,
654 				      struct ieee80211_vif *vif,
655 				      struct ieee80211_sta *sta,
656 				      struct ieee80211_key_conf *key,
657 				      void *data),
658 			 void *iter_data)
659 {
660 	struct ieee80211_local *local = hw_to_local(hw);
661 	struct ieee80211_key *key, *tmp;
662 	struct ieee80211_sub_if_data *sdata;
663 
664 	ASSERT_RTNL();
665 
666 	mutex_lock(&local->key_mtx);
667 	if (vif) {
668 		sdata = vif_to_sdata(vif);
669 		list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
670 			iter(hw, &sdata->vif,
671 			     key->sta ? &key->sta->sta : NULL,
672 			     &key->conf, iter_data);
673 	} else {
674 		list_for_each_entry(sdata, &local->interfaces, list)
675 			list_for_each_entry_safe(key, tmp,
676 						 &sdata->key_list, list)
677 				iter(hw, &sdata->vif,
678 				     key->sta ? &key->sta->sta : NULL,
679 				     &key->conf, iter_data);
680 	}
681 	mutex_unlock(&local->key_mtx);
682 }
683 EXPORT_SYMBOL(ieee80211_iter_keys);
684 
685 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
686 				      struct list_head *keys)
687 {
688 	struct ieee80211_key *key, *tmp;
689 
690 	sdata->crypto_tx_tailroom_needed_cnt -=
691 		sdata->crypto_tx_tailroom_pending_dec;
692 	sdata->crypto_tx_tailroom_pending_dec = 0;
693 
694 	ieee80211_debugfs_key_remove_mgmt_default(sdata);
695 
696 	list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
697 		ieee80211_key_replace(key->sdata, key->sta,
698 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
699 				key, NULL);
700 		list_add_tail(&key->list, keys);
701 	}
702 
703 	ieee80211_debugfs_key_update_default(sdata);
704 }
705 
706 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
707 			 bool force_synchronize)
708 {
709 	struct ieee80211_local *local = sdata->local;
710 	struct ieee80211_sub_if_data *vlan;
711 	struct ieee80211_key *key, *tmp;
712 	LIST_HEAD(keys);
713 
714 	cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
715 
716 	mutex_lock(&local->key_mtx);
717 
718 	ieee80211_free_keys_iface(sdata, &keys);
719 
720 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
721 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
722 			ieee80211_free_keys_iface(vlan, &keys);
723 	}
724 
725 	if (!list_empty(&keys) || force_synchronize)
726 		synchronize_net();
727 	list_for_each_entry_safe(key, tmp, &keys, list)
728 		__ieee80211_key_destroy(key, false);
729 
730 	WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
731 		     sdata->crypto_tx_tailroom_pending_dec);
732 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
733 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
734 			WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
735 				     vlan->crypto_tx_tailroom_pending_dec);
736 	}
737 
738 	mutex_unlock(&local->key_mtx);
739 }
740 
741 void ieee80211_free_sta_keys(struct ieee80211_local *local,
742 			     struct sta_info *sta)
743 {
744 	struct ieee80211_key *key;
745 	int i;
746 
747 	mutex_lock(&local->key_mtx);
748 	for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
749 		key = key_mtx_dereference(local, sta->gtk[i]);
750 		if (!key)
751 			continue;
752 		ieee80211_key_replace(key->sdata, key->sta,
753 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
754 				key, NULL);
755 		__ieee80211_key_destroy(key, true);
756 	}
757 
758 	for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
759 		key = key_mtx_dereference(local, sta->ptk[i]);
760 		if (!key)
761 			continue;
762 		ieee80211_key_replace(key->sdata, key->sta,
763 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
764 				key, NULL);
765 		__ieee80211_key_destroy(key, true);
766 	}
767 
768 	mutex_unlock(&local->key_mtx);
769 }
770 
771 void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
772 {
773 	struct ieee80211_sub_if_data *sdata;
774 
775 	sdata = container_of(wk, struct ieee80211_sub_if_data,
776 			     dec_tailroom_needed_wk.work);
777 
778 	/*
779 	 * The reason for the delayed tailroom needed decrementing is to
780 	 * make roaming faster: during roaming, all keys are first deleted
781 	 * and then new keys are installed. The first new key causes the
782 	 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
783 	 * the cost of synchronize_net() (which can be slow). Avoid this
784 	 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
785 	 * key removal for a while, so if we roam the value is larger than
786 	 * zero and no 0->1 transition happens.
787 	 *
788 	 * The cost is that if the AP switching was from an AP with keys
789 	 * to one without, we still allocate tailroom while it would no
790 	 * longer be needed. However, in the typical (fast) roaming case
791 	 * within an ESS this usually won't happen.
792 	 */
793 
794 	mutex_lock(&sdata->local->key_mtx);
795 	sdata->crypto_tx_tailroom_needed_cnt -=
796 		sdata->crypto_tx_tailroom_pending_dec;
797 	sdata->crypto_tx_tailroom_pending_dec = 0;
798 	mutex_unlock(&sdata->local->key_mtx);
799 }
800 
801 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
802 				const u8 *replay_ctr, gfp_t gfp)
803 {
804 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
805 
806 	trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
807 
808 	cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
809 }
810 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
811 
812 void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf,
813 			      struct ieee80211_key_seq *seq)
814 {
815 	struct ieee80211_key *key;
816 	u64 pn64;
817 
818 	if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV)))
819 		return;
820 
821 	key = container_of(keyconf, struct ieee80211_key, conf);
822 
823 	switch (key->conf.cipher) {
824 	case WLAN_CIPHER_SUITE_TKIP:
825 		seq->tkip.iv32 = key->u.tkip.tx.iv32;
826 		seq->tkip.iv16 = key->u.tkip.tx.iv16;
827 		break;
828 	case WLAN_CIPHER_SUITE_CCMP:
829 	case WLAN_CIPHER_SUITE_CCMP_256:
830 		pn64 = atomic64_read(&key->u.ccmp.tx_pn);
831 		seq->ccmp.pn[5] = pn64;
832 		seq->ccmp.pn[4] = pn64 >> 8;
833 		seq->ccmp.pn[3] = pn64 >> 16;
834 		seq->ccmp.pn[2] = pn64 >> 24;
835 		seq->ccmp.pn[1] = pn64 >> 32;
836 		seq->ccmp.pn[0] = pn64 >> 40;
837 		break;
838 	case WLAN_CIPHER_SUITE_AES_CMAC:
839 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
840 		pn64 = atomic64_read(&key->u.aes_cmac.tx_pn);
841 		seq->ccmp.pn[5] = pn64;
842 		seq->ccmp.pn[4] = pn64 >> 8;
843 		seq->ccmp.pn[3] = pn64 >> 16;
844 		seq->ccmp.pn[2] = pn64 >> 24;
845 		seq->ccmp.pn[1] = pn64 >> 32;
846 		seq->ccmp.pn[0] = pn64 >> 40;
847 		break;
848 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
849 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
850 		pn64 = atomic64_read(&key->u.aes_gmac.tx_pn);
851 		seq->ccmp.pn[5] = pn64;
852 		seq->ccmp.pn[4] = pn64 >> 8;
853 		seq->ccmp.pn[3] = pn64 >> 16;
854 		seq->ccmp.pn[2] = pn64 >> 24;
855 		seq->ccmp.pn[1] = pn64 >> 32;
856 		seq->ccmp.pn[0] = pn64 >> 40;
857 		break;
858 	case WLAN_CIPHER_SUITE_GCMP:
859 	case WLAN_CIPHER_SUITE_GCMP_256:
860 		pn64 = atomic64_read(&key->u.gcmp.tx_pn);
861 		seq->gcmp.pn[5] = pn64;
862 		seq->gcmp.pn[4] = pn64 >> 8;
863 		seq->gcmp.pn[3] = pn64 >> 16;
864 		seq->gcmp.pn[2] = pn64 >> 24;
865 		seq->gcmp.pn[1] = pn64 >> 32;
866 		seq->gcmp.pn[0] = pn64 >> 40;
867 		break;
868 	default:
869 		WARN_ON(1);
870 	}
871 }
872 EXPORT_SYMBOL(ieee80211_get_key_tx_seq);
873 
874 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
875 			      int tid, struct ieee80211_key_seq *seq)
876 {
877 	struct ieee80211_key *key;
878 	const u8 *pn;
879 
880 	key = container_of(keyconf, struct ieee80211_key, conf);
881 
882 	switch (key->conf.cipher) {
883 	case WLAN_CIPHER_SUITE_TKIP:
884 		if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
885 			return;
886 		seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
887 		seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
888 		break;
889 	case WLAN_CIPHER_SUITE_CCMP:
890 	case WLAN_CIPHER_SUITE_CCMP_256:
891 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
892 			return;
893 		if (tid < 0)
894 			pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
895 		else
896 			pn = key->u.ccmp.rx_pn[tid];
897 		memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
898 		break;
899 	case WLAN_CIPHER_SUITE_AES_CMAC:
900 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
901 		if (WARN_ON(tid != 0))
902 			return;
903 		pn = key->u.aes_cmac.rx_pn;
904 		memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
905 		break;
906 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
907 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
908 		if (WARN_ON(tid != 0))
909 			return;
910 		pn = key->u.aes_gmac.rx_pn;
911 		memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
912 		break;
913 	case WLAN_CIPHER_SUITE_GCMP:
914 	case WLAN_CIPHER_SUITE_GCMP_256:
915 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
916 			return;
917 		if (tid < 0)
918 			pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
919 		else
920 			pn = key->u.gcmp.rx_pn[tid];
921 		memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
922 		break;
923 	}
924 }
925 EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
926 
927 void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf,
928 			      struct ieee80211_key_seq *seq)
929 {
930 	struct ieee80211_key *key;
931 	u64 pn64;
932 
933 	key = container_of(keyconf, struct ieee80211_key, conf);
934 
935 	switch (key->conf.cipher) {
936 	case WLAN_CIPHER_SUITE_TKIP:
937 		key->u.tkip.tx.iv32 = seq->tkip.iv32;
938 		key->u.tkip.tx.iv16 = seq->tkip.iv16;
939 		break;
940 	case WLAN_CIPHER_SUITE_CCMP:
941 	case WLAN_CIPHER_SUITE_CCMP_256:
942 		pn64 = (u64)seq->ccmp.pn[5] |
943 		       ((u64)seq->ccmp.pn[4] << 8) |
944 		       ((u64)seq->ccmp.pn[3] << 16) |
945 		       ((u64)seq->ccmp.pn[2] << 24) |
946 		       ((u64)seq->ccmp.pn[1] << 32) |
947 		       ((u64)seq->ccmp.pn[0] << 40);
948 		atomic64_set(&key->u.ccmp.tx_pn, pn64);
949 		break;
950 	case WLAN_CIPHER_SUITE_AES_CMAC:
951 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
952 		pn64 = (u64)seq->aes_cmac.pn[5] |
953 		       ((u64)seq->aes_cmac.pn[4] << 8) |
954 		       ((u64)seq->aes_cmac.pn[3] << 16) |
955 		       ((u64)seq->aes_cmac.pn[2] << 24) |
956 		       ((u64)seq->aes_cmac.pn[1] << 32) |
957 		       ((u64)seq->aes_cmac.pn[0] << 40);
958 		atomic64_set(&key->u.aes_cmac.tx_pn, pn64);
959 		break;
960 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
961 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
962 		pn64 = (u64)seq->aes_gmac.pn[5] |
963 		       ((u64)seq->aes_gmac.pn[4] << 8) |
964 		       ((u64)seq->aes_gmac.pn[3] << 16) |
965 		       ((u64)seq->aes_gmac.pn[2] << 24) |
966 		       ((u64)seq->aes_gmac.pn[1] << 32) |
967 		       ((u64)seq->aes_gmac.pn[0] << 40);
968 		atomic64_set(&key->u.aes_gmac.tx_pn, pn64);
969 		break;
970 	case WLAN_CIPHER_SUITE_GCMP:
971 	case WLAN_CIPHER_SUITE_GCMP_256:
972 		pn64 = (u64)seq->gcmp.pn[5] |
973 		       ((u64)seq->gcmp.pn[4] << 8) |
974 		       ((u64)seq->gcmp.pn[3] << 16) |
975 		       ((u64)seq->gcmp.pn[2] << 24) |
976 		       ((u64)seq->gcmp.pn[1] << 32) |
977 		       ((u64)seq->gcmp.pn[0] << 40);
978 		atomic64_set(&key->u.gcmp.tx_pn, pn64);
979 		break;
980 	default:
981 		WARN_ON(1);
982 		break;
983 	}
984 }
985 EXPORT_SYMBOL_GPL(ieee80211_set_key_tx_seq);
986 
987 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
988 			      int tid, struct ieee80211_key_seq *seq)
989 {
990 	struct ieee80211_key *key;
991 	u8 *pn;
992 
993 	key = container_of(keyconf, struct ieee80211_key, conf);
994 
995 	switch (key->conf.cipher) {
996 	case WLAN_CIPHER_SUITE_TKIP:
997 		if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
998 			return;
999 		key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1000 		key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1001 		break;
1002 	case WLAN_CIPHER_SUITE_CCMP:
1003 	case WLAN_CIPHER_SUITE_CCMP_256:
1004 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1005 			return;
1006 		if (tid < 0)
1007 			pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1008 		else
1009 			pn = key->u.ccmp.rx_pn[tid];
1010 		memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1011 		break;
1012 	case WLAN_CIPHER_SUITE_AES_CMAC:
1013 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1014 		if (WARN_ON(tid != 0))
1015 			return;
1016 		pn = key->u.aes_cmac.rx_pn;
1017 		memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1018 		break;
1019 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1020 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1021 		if (WARN_ON(tid != 0))
1022 			return;
1023 		pn = key->u.aes_gmac.rx_pn;
1024 		memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1025 		break;
1026 	case WLAN_CIPHER_SUITE_GCMP:
1027 	case WLAN_CIPHER_SUITE_GCMP_256:
1028 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1029 			return;
1030 		if (tid < 0)
1031 			pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1032 		else
1033 			pn = key->u.gcmp.rx_pn[tid];
1034 		memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1035 		break;
1036 	default:
1037 		WARN_ON(1);
1038 		break;
1039 	}
1040 }
1041 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1042 
1043 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1044 {
1045 	struct ieee80211_key *key;
1046 
1047 	key = container_of(keyconf, struct ieee80211_key, conf);
1048 
1049 	assert_key_lock(key->local);
1050 
1051 	/*
1052 	 * if key was uploaded, we assume the driver will/has remove(d)
1053 	 * it, so adjust bookkeeping accordingly
1054 	 */
1055 	if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1056 		key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1057 
1058 		if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
1059 		      (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1060 			increment_tailroom_need_count(key->sdata);
1061 	}
1062 
1063 	ieee80211_key_free(key, false);
1064 }
1065 EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1066 
1067 struct ieee80211_key_conf *
1068 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1069 			struct ieee80211_key_conf *keyconf)
1070 {
1071 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1072 	struct ieee80211_local *local = sdata->local;
1073 	struct ieee80211_key *key;
1074 	int err;
1075 
1076 	if (WARN_ON(!local->wowlan))
1077 		return ERR_PTR(-EINVAL);
1078 
1079 	if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1080 		return ERR_PTR(-EINVAL);
1081 
1082 	key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1083 				  keyconf->keylen, keyconf->key,
1084 				  0, NULL, NULL);
1085 	if (IS_ERR(key))
1086 		return ERR_CAST(key);
1087 
1088 	if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1089 		key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1090 
1091 	err = ieee80211_key_link(key, sdata, NULL);
1092 	if (err)
1093 		return ERR_PTR(err);
1094 
1095 	return &key->conf;
1096 }
1097 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1098