xref: /openbmc/linux/net/mac80211/key.c (revision 55fd7e02)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright 2002-2005, Instant802 Networks, Inc.
4  * Copyright 2005-2006, Devicescape Software, Inc.
5  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
6  * Copyright 2007-2008	Johannes Berg <johannes@sipsolutions.net>
7  * Copyright 2013-2014  Intel Mobile Communications GmbH
8  * Copyright 2015-2017	Intel Deutschland GmbH
9  * Copyright 2018-2020  Intel Corporation
10  */
11 
12 #include <linux/if_ether.h>
13 #include <linux/etherdevice.h>
14 #include <linux/list.h>
15 #include <linux/rcupdate.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/slab.h>
18 #include <linux/export.h>
19 #include <net/mac80211.h>
20 #include <crypto/algapi.h>
21 #include <asm/unaligned.h>
22 #include "ieee80211_i.h"
23 #include "driver-ops.h"
24 #include "debugfs_key.h"
25 #include "aes_ccm.h"
26 #include "aes_cmac.h"
27 #include "aes_gmac.h"
28 #include "aes_gcm.h"
29 
30 
31 /**
32  * DOC: Key handling basics
33  *
34  * Key handling in mac80211 is done based on per-interface (sub_if_data)
35  * keys and per-station keys. Since each station belongs to an interface,
36  * each station key also belongs to that interface.
37  *
38  * Hardware acceleration is done on a best-effort basis for algorithms
39  * that are implemented in software,  for each key the hardware is asked
40  * to enable that key for offloading but if it cannot do that the key is
41  * simply kept for software encryption (unless it is for an algorithm
42  * that isn't implemented in software).
43  * There is currently no way of knowing whether a key is handled in SW
44  * or HW except by looking into debugfs.
45  *
46  * All key management is internally protected by a mutex. Within all
47  * other parts of mac80211, key references are, just as STA structure
48  * references, protected by RCU. Note, however, that some things are
49  * unprotected, namely the key->sta dereferences within the hardware
50  * acceleration functions. This means that sta_info_destroy() must
51  * remove the key which waits for an RCU grace period.
52  */
53 
54 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55 
56 static void assert_key_lock(struct ieee80211_local *local)
57 {
58 	lockdep_assert_held(&local->key_mtx);
59 }
60 
61 static void
62 update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
63 {
64 	struct ieee80211_sub_if_data *vlan;
65 
66 	if (sdata->vif.type != NL80211_IFTYPE_AP)
67 		return;
68 
69 	/* crypto_tx_tailroom_needed_cnt is protected by this */
70 	assert_key_lock(sdata->local);
71 
72 	rcu_read_lock();
73 
74 	list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
75 		vlan->crypto_tx_tailroom_needed_cnt += delta;
76 
77 	rcu_read_unlock();
78 }
79 
80 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
81 {
82 	/*
83 	 * When this count is zero, SKB resizing for allocating tailroom
84 	 * for IV or MMIC is skipped. But, this check has created two race
85 	 * cases in xmit path while transiting from zero count to one:
86 	 *
87 	 * 1. SKB resize was skipped because no key was added but just before
88 	 * the xmit key is added and SW encryption kicks off.
89 	 *
90 	 * 2. SKB resize was skipped because all the keys were hw planted but
91 	 * just before xmit one of the key is deleted and SW encryption kicks
92 	 * off.
93 	 *
94 	 * In both the above case SW encryption will find not enough space for
95 	 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
96 	 *
97 	 * Solution has been explained at
98 	 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
99 	 */
100 
101 	assert_key_lock(sdata->local);
102 
103 	update_vlan_tailroom_need_count(sdata, 1);
104 
105 	if (!sdata->crypto_tx_tailroom_needed_cnt++) {
106 		/*
107 		 * Flush all XMIT packets currently using HW encryption or no
108 		 * encryption at all if the count transition is from 0 -> 1.
109 		 */
110 		synchronize_net();
111 	}
112 }
113 
114 static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
115 					 int delta)
116 {
117 	assert_key_lock(sdata->local);
118 
119 	WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
120 
121 	update_vlan_tailroom_need_count(sdata, -delta);
122 	sdata->crypto_tx_tailroom_needed_cnt -= delta;
123 }
124 
125 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
126 {
127 	struct ieee80211_sub_if_data *sdata = key->sdata;
128 	struct sta_info *sta;
129 	int ret = -EOPNOTSUPP;
130 
131 	might_sleep();
132 
133 	if (key->flags & KEY_FLAG_TAINTED) {
134 		/* If we get here, it's during resume and the key is
135 		 * tainted so shouldn't be used/programmed any more.
136 		 * However, its flags may still indicate that it was
137 		 * programmed into the device (since we're in resume)
138 		 * so clear that flag now to avoid trying to remove
139 		 * it again later.
140 		 */
141 		if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 		    !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
143 					 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
144 					 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
145 			increment_tailroom_need_count(sdata);
146 
147 		key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
148 		return -EINVAL;
149 	}
150 
151 	if (!key->local->ops->set_key)
152 		goto out_unsupported;
153 
154 	assert_key_lock(key->local);
155 
156 	sta = key->sta;
157 
158 	/*
159 	 * If this is a per-STA GTK, check if it
160 	 * is supported; if not, return.
161 	 */
162 	if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
163 	    !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
164 		goto out_unsupported;
165 
166 	if (sta && !sta->uploaded)
167 		goto out_unsupported;
168 
169 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
170 		/*
171 		 * The driver doesn't know anything about VLAN interfaces.
172 		 * Hence, don't send GTKs for VLAN interfaces to the driver.
173 		 */
174 		if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
175 			ret = 1;
176 			goto out_unsupported;
177 		}
178 	}
179 
180 	/* TKIP countermeasures don't work in encap offload mode */
181 	if (key->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
182 	    sdata->hw_80211_encap) {
183 		sdata_dbg(sdata, "TKIP is not allowed in hw 80211 encap mode\n");
184 		return -EINVAL;
185 	}
186 
187 	ret = drv_set_key(key->local, SET_KEY, sdata,
188 			  sta ? &sta->sta : NULL, &key->conf);
189 
190 	if (!ret) {
191 		key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
192 
193 		if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
194 					 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
195 					 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
196 			decrease_tailroom_need_count(sdata, 1);
197 
198 		WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
199 			(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
200 
201 		WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
202 			(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
203 
204 		return 0;
205 	}
206 
207 	if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
208 		sdata_err(sdata,
209 			  "failed to set key (%d, %pM) to hardware (%d)\n",
210 			  key->conf.keyidx,
211 			  sta ? sta->sta.addr : bcast_addr, ret);
212 
213  out_unsupported:
214 	switch (key->conf.cipher) {
215 	case WLAN_CIPHER_SUITE_WEP40:
216 	case WLAN_CIPHER_SUITE_WEP104:
217 	case WLAN_CIPHER_SUITE_TKIP:
218 	case WLAN_CIPHER_SUITE_CCMP:
219 	case WLAN_CIPHER_SUITE_CCMP_256:
220 	case WLAN_CIPHER_SUITE_GCMP:
221 	case WLAN_CIPHER_SUITE_GCMP_256:
222 		/* We cannot do software crypto of data frames with
223 		 * encapsulation offload enabled. However for 802.11w to
224 		 * function properly we need cmac/gmac keys.
225 		 */
226 		if (sdata->hw_80211_encap)
227 			return -EINVAL;
228 		/* Fall through */
229 
230 	case WLAN_CIPHER_SUITE_AES_CMAC:
231 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
232 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
233 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
234 		/* all of these we can do in software - if driver can */
235 		if (ret == 1)
236 			return 0;
237 		if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
238 			return -EINVAL;
239 		return 0;
240 	default:
241 		return -EINVAL;
242 	}
243 }
244 
245 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
246 {
247 	struct ieee80211_sub_if_data *sdata;
248 	struct sta_info *sta;
249 	int ret;
250 
251 	might_sleep();
252 
253 	if (!key || !key->local->ops->set_key)
254 		return;
255 
256 	assert_key_lock(key->local);
257 
258 	if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
259 		return;
260 
261 	sta = key->sta;
262 	sdata = key->sdata;
263 
264 	if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
265 				 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
266 				 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
267 		increment_tailroom_need_count(sdata);
268 
269 	key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
270 	ret = drv_set_key(key->local, DISABLE_KEY, sdata,
271 			  sta ? &sta->sta : NULL, &key->conf);
272 
273 	if (ret)
274 		sdata_err(sdata,
275 			  "failed to remove key (%d, %pM) from hardware (%d)\n",
276 			  key->conf.keyidx,
277 			  sta ? sta->sta.addr : bcast_addr, ret);
278 }
279 
280 static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
281 {
282 	struct sta_info *sta = key->sta;
283 	struct ieee80211_local *local = key->local;
284 
285 	assert_key_lock(local);
286 
287 	set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
288 
289 	sta->ptk_idx = key->conf.keyidx;
290 
291 	if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
292 		clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
293 	ieee80211_check_fast_xmit(sta);
294 
295 	return 0;
296 }
297 
298 int ieee80211_set_tx_key(struct ieee80211_key *key)
299 {
300 	return _ieee80211_set_tx_key(key, false);
301 }
302 
303 static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
304 				     struct ieee80211_key *new)
305 {
306 	struct ieee80211_local *local = new->local;
307 	struct sta_info *sta = new->sta;
308 	int i;
309 
310 	assert_key_lock(local);
311 
312 	if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
313 		/* Extended Key ID key install, initial one or rekey */
314 
315 		if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
316 		    !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
317 			/* Aggregation Sessions with Extended Key ID must not
318 			 * mix MPDUs with different keyIDs within one A-MPDU.
319 			 * Tear down running Tx aggregation sessions and block
320 			 * new Rx/Tx aggregation requests during rekey to
321 			 * ensure there are no A-MPDUs when the driver is not
322 			 * supporting A-MPDU key borders. (Blocking Tx only
323 			 * would be sufficient but WLAN_STA_BLOCK_BA gets the
324 			 * job done for the few ms we need it.)
325 			 */
326 			set_sta_flag(sta, WLAN_STA_BLOCK_BA);
327 			mutex_lock(&sta->ampdu_mlme.mtx);
328 			for (i = 0; i <  IEEE80211_NUM_TIDS; i++)
329 				___ieee80211_stop_tx_ba_session(sta, i,
330 								AGG_STOP_LOCAL_REQUEST);
331 			mutex_unlock(&sta->ampdu_mlme.mtx);
332 		}
333 	} else if (old) {
334 		/* Rekey without Extended Key ID.
335 		 * Aggregation sessions are OK when running on SW crypto.
336 		 * A broken remote STA may cause issues not observed with HW
337 		 * crypto, though.
338 		 */
339 		if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
340 			return;
341 
342 		/* Stop Tx till we are on the new key */
343 		old->flags |= KEY_FLAG_TAINTED;
344 		ieee80211_clear_fast_xmit(sta);
345 		if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
346 			set_sta_flag(sta, WLAN_STA_BLOCK_BA);
347 			ieee80211_sta_tear_down_BA_sessions(sta,
348 							    AGG_STOP_LOCAL_REQUEST);
349 		}
350 		if (!wiphy_ext_feature_isset(local->hw.wiphy,
351 					     NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
352 			pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
353 					    sta->sta.addr);
354 			/* Flushing the driver queues *may* help prevent
355 			 * the clear text leaks and freezes.
356 			 */
357 			ieee80211_flush_queues(local, old->sdata, false);
358 		}
359 	}
360 }
361 
362 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
363 					int idx, bool uni, bool multi)
364 {
365 	struct ieee80211_key *key = NULL;
366 
367 	assert_key_lock(sdata->local);
368 
369 	if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
370 		key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
371 
372 	if (uni) {
373 		rcu_assign_pointer(sdata->default_unicast_key, key);
374 		ieee80211_check_fast_xmit_iface(sdata);
375 		if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
376 			drv_set_default_unicast_key(sdata->local, sdata, idx);
377 	}
378 
379 	if (multi)
380 		rcu_assign_pointer(sdata->default_multicast_key, key);
381 
382 	ieee80211_debugfs_key_update_default(sdata);
383 }
384 
385 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
386 			       bool uni, bool multi)
387 {
388 	mutex_lock(&sdata->local->key_mtx);
389 	__ieee80211_set_default_key(sdata, idx, uni, multi);
390 	mutex_unlock(&sdata->local->key_mtx);
391 }
392 
393 static void
394 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
395 {
396 	struct ieee80211_key *key = NULL;
397 
398 	assert_key_lock(sdata->local);
399 
400 	if (idx >= NUM_DEFAULT_KEYS &&
401 	    idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
402 		key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
403 
404 	rcu_assign_pointer(sdata->default_mgmt_key, key);
405 
406 	ieee80211_debugfs_key_update_default(sdata);
407 }
408 
409 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
410 				    int idx)
411 {
412 	mutex_lock(&sdata->local->key_mtx);
413 	__ieee80211_set_default_mgmt_key(sdata, idx);
414 	mutex_unlock(&sdata->local->key_mtx);
415 }
416 
417 static void
418 __ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata, int idx)
419 {
420 	struct ieee80211_key *key = NULL;
421 
422 	assert_key_lock(sdata->local);
423 
424 	if (idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS &&
425 	    idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
426 	    NUM_DEFAULT_BEACON_KEYS)
427 		key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
428 
429 	rcu_assign_pointer(sdata->default_beacon_key, key);
430 
431 	ieee80211_debugfs_key_update_default(sdata);
432 }
433 
434 void ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata,
435 				      int idx)
436 {
437 	mutex_lock(&sdata->local->key_mtx);
438 	__ieee80211_set_default_beacon_key(sdata, idx);
439 	mutex_unlock(&sdata->local->key_mtx);
440 }
441 
442 static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
443 				  struct sta_info *sta,
444 				  bool pairwise,
445 				  struct ieee80211_key *old,
446 				  struct ieee80211_key *new)
447 {
448 	int idx;
449 	int ret = 0;
450 	bool defunikey, defmultikey, defmgmtkey, defbeaconkey;
451 
452 	/* caller must provide at least one old/new */
453 	if (WARN_ON(!new && !old))
454 		return 0;
455 
456 	if (new)
457 		list_add_tail_rcu(&new->list, &sdata->key_list);
458 
459 	WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
460 
461 	if (new && sta && pairwise) {
462 		/* Unicast rekey needs special handling. With Extended Key ID
463 		 * old is still NULL for the first rekey.
464 		 */
465 		ieee80211_pairwise_rekey(old, new);
466 	}
467 
468 	if (old) {
469 		idx = old->conf.keyidx;
470 
471 		if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
472 			ieee80211_key_disable_hw_accel(old);
473 
474 			if (new)
475 				ret = ieee80211_key_enable_hw_accel(new);
476 		}
477 	} else {
478 		/* new must be provided in case old is not */
479 		idx = new->conf.keyidx;
480 		if (!new->local->wowlan)
481 			ret = ieee80211_key_enable_hw_accel(new);
482 	}
483 
484 	if (ret)
485 		return ret;
486 
487 	if (sta) {
488 		if (pairwise) {
489 			rcu_assign_pointer(sta->ptk[idx], new);
490 			if (new &&
491 			    !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX))
492 				_ieee80211_set_tx_key(new, true);
493 		} else {
494 			rcu_assign_pointer(sta->gtk[idx], new);
495 		}
496 		/* Only needed for transition from no key -> key.
497 		 * Still triggers unnecessary when using Extended Key ID
498 		 * and installing the second key ID the first time.
499 		 */
500 		if (new && !old)
501 			ieee80211_check_fast_rx(sta);
502 	} else {
503 		defunikey = old &&
504 			old == key_mtx_dereference(sdata->local,
505 						sdata->default_unicast_key);
506 		defmultikey = old &&
507 			old == key_mtx_dereference(sdata->local,
508 						sdata->default_multicast_key);
509 		defmgmtkey = old &&
510 			old == key_mtx_dereference(sdata->local,
511 						sdata->default_mgmt_key);
512 		defbeaconkey = old &&
513 			old == key_mtx_dereference(sdata->local,
514 						   sdata->default_beacon_key);
515 
516 		if (defunikey && !new)
517 			__ieee80211_set_default_key(sdata, -1, true, false);
518 		if (defmultikey && !new)
519 			__ieee80211_set_default_key(sdata, -1, false, true);
520 		if (defmgmtkey && !new)
521 			__ieee80211_set_default_mgmt_key(sdata, -1);
522 		if (defbeaconkey && !new)
523 			__ieee80211_set_default_beacon_key(sdata, -1);
524 
525 		rcu_assign_pointer(sdata->keys[idx], new);
526 		if (defunikey && new)
527 			__ieee80211_set_default_key(sdata, new->conf.keyidx,
528 						    true, false);
529 		if (defmultikey && new)
530 			__ieee80211_set_default_key(sdata, new->conf.keyidx,
531 						    false, true);
532 		if (defmgmtkey && new)
533 			__ieee80211_set_default_mgmt_key(sdata,
534 							 new->conf.keyidx);
535 		if (defbeaconkey && new)
536 			__ieee80211_set_default_beacon_key(sdata,
537 							   new->conf.keyidx);
538 	}
539 
540 	if (old)
541 		list_del_rcu(&old->list);
542 
543 	return 0;
544 }
545 
546 struct ieee80211_key *
547 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
548 		    const u8 *key_data,
549 		    size_t seq_len, const u8 *seq,
550 		    const struct ieee80211_cipher_scheme *cs)
551 {
552 	struct ieee80211_key *key;
553 	int i, j, err;
554 
555 	if (WARN_ON(idx < 0 ||
556 		    idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
557 		    NUM_DEFAULT_BEACON_KEYS))
558 		return ERR_PTR(-EINVAL);
559 
560 	key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
561 	if (!key)
562 		return ERR_PTR(-ENOMEM);
563 
564 	/*
565 	 * Default to software encryption; we'll later upload the
566 	 * key to the hardware if possible.
567 	 */
568 	key->conf.flags = 0;
569 	key->flags = 0;
570 
571 	key->conf.cipher = cipher;
572 	key->conf.keyidx = idx;
573 	key->conf.keylen = key_len;
574 	switch (cipher) {
575 	case WLAN_CIPHER_SUITE_WEP40:
576 	case WLAN_CIPHER_SUITE_WEP104:
577 		key->conf.iv_len = IEEE80211_WEP_IV_LEN;
578 		key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
579 		break;
580 	case WLAN_CIPHER_SUITE_TKIP:
581 		key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
582 		key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
583 		if (seq) {
584 			for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
585 				key->u.tkip.rx[i].iv32 =
586 					get_unaligned_le32(&seq[2]);
587 				key->u.tkip.rx[i].iv16 =
588 					get_unaligned_le16(seq);
589 			}
590 		}
591 		spin_lock_init(&key->u.tkip.txlock);
592 		break;
593 	case WLAN_CIPHER_SUITE_CCMP:
594 		key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
595 		key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
596 		if (seq) {
597 			for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
598 				for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
599 					key->u.ccmp.rx_pn[i][j] =
600 						seq[IEEE80211_CCMP_PN_LEN - j - 1];
601 		}
602 		/*
603 		 * Initialize AES key state here as an optimization so that
604 		 * it does not need to be initialized for every packet.
605 		 */
606 		key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
607 			key_data, key_len, IEEE80211_CCMP_MIC_LEN);
608 		if (IS_ERR(key->u.ccmp.tfm)) {
609 			err = PTR_ERR(key->u.ccmp.tfm);
610 			kfree(key);
611 			return ERR_PTR(err);
612 		}
613 		break;
614 	case WLAN_CIPHER_SUITE_CCMP_256:
615 		key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
616 		key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
617 		for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
618 			for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
619 				key->u.ccmp.rx_pn[i][j] =
620 					seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
621 		/* Initialize AES key state here as an optimization so that
622 		 * it does not need to be initialized for every packet.
623 		 */
624 		key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
625 			key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
626 		if (IS_ERR(key->u.ccmp.tfm)) {
627 			err = PTR_ERR(key->u.ccmp.tfm);
628 			kfree(key);
629 			return ERR_PTR(err);
630 		}
631 		break;
632 	case WLAN_CIPHER_SUITE_AES_CMAC:
633 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
634 		key->conf.iv_len = 0;
635 		if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
636 			key->conf.icv_len = sizeof(struct ieee80211_mmie);
637 		else
638 			key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
639 		if (seq)
640 			for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
641 				key->u.aes_cmac.rx_pn[j] =
642 					seq[IEEE80211_CMAC_PN_LEN - j - 1];
643 		/*
644 		 * Initialize AES key state here as an optimization so that
645 		 * it does not need to be initialized for every packet.
646 		 */
647 		key->u.aes_cmac.tfm =
648 			ieee80211_aes_cmac_key_setup(key_data, key_len);
649 		if (IS_ERR(key->u.aes_cmac.tfm)) {
650 			err = PTR_ERR(key->u.aes_cmac.tfm);
651 			kfree(key);
652 			return ERR_PTR(err);
653 		}
654 		break;
655 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
656 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
657 		key->conf.iv_len = 0;
658 		key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
659 		if (seq)
660 			for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
661 				key->u.aes_gmac.rx_pn[j] =
662 					seq[IEEE80211_GMAC_PN_LEN - j - 1];
663 		/* Initialize AES key state here as an optimization so that
664 		 * it does not need to be initialized for every packet.
665 		 */
666 		key->u.aes_gmac.tfm =
667 			ieee80211_aes_gmac_key_setup(key_data, key_len);
668 		if (IS_ERR(key->u.aes_gmac.tfm)) {
669 			err = PTR_ERR(key->u.aes_gmac.tfm);
670 			kfree(key);
671 			return ERR_PTR(err);
672 		}
673 		break;
674 	case WLAN_CIPHER_SUITE_GCMP:
675 	case WLAN_CIPHER_SUITE_GCMP_256:
676 		key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
677 		key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
678 		for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
679 			for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
680 				key->u.gcmp.rx_pn[i][j] =
681 					seq[IEEE80211_GCMP_PN_LEN - j - 1];
682 		/* Initialize AES key state here as an optimization so that
683 		 * it does not need to be initialized for every packet.
684 		 */
685 		key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
686 								      key_len);
687 		if (IS_ERR(key->u.gcmp.tfm)) {
688 			err = PTR_ERR(key->u.gcmp.tfm);
689 			kfree(key);
690 			return ERR_PTR(err);
691 		}
692 		break;
693 	default:
694 		if (cs) {
695 			if (seq_len && seq_len != cs->pn_len) {
696 				kfree(key);
697 				return ERR_PTR(-EINVAL);
698 			}
699 
700 			key->conf.iv_len = cs->hdr_len;
701 			key->conf.icv_len = cs->mic_len;
702 			for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
703 				for (j = 0; j < seq_len; j++)
704 					key->u.gen.rx_pn[i][j] =
705 							seq[seq_len - j - 1];
706 			key->flags |= KEY_FLAG_CIPHER_SCHEME;
707 		}
708 	}
709 	memcpy(key->conf.key, key_data, key_len);
710 	INIT_LIST_HEAD(&key->list);
711 
712 	return key;
713 }
714 
715 static void ieee80211_key_free_common(struct ieee80211_key *key)
716 {
717 	switch (key->conf.cipher) {
718 	case WLAN_CIPHER_SUITE_CCMP:
719 	case WLAN_CIPHER_SUITE_CCMP_256:
720 		ieee80211_aes_key_free(key->u.ccmp.tfm);
721 		break;
722 	case WLAN_CIPHER_SUITE_AES_CMAC:
723 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
724 		ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
725 		break;
726 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
727 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
728 		ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
729 		break;
730 	case WLAN_CIPHER_SUITE_GCMP:
731 	case WLAN_CIPHER_SUITE_GCMP_256:
732 		ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
733 		break;
734 	}
735 	kzfree(key);
736 }
737 
738 static void __ieee80211_key_destroy(struct ieee80211_key *key,
739 				    bool delay_tailroom)
740 {
741 	if (key->local) {
742 		struct ieee80211_sub_if_data *sdata = key->sdata;
743 
744 		ieee80211_debugfs_key_remove(key);
745 
746 		if (delay_tailroom) {
747 			/* see ieee80211_delayed_tailroom_dec */
748 			sdata->crypto_tx_tailroom_pending_dec++;
749 			schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
750 					      HZ/2);
751 		} else {
752 			decrease_tailroom_need_count(sdata, 1);
753 		}
754 	}
755 
756 	ieee80211_key_free_common(key);
757 }
758 
759 static void ieee80211_key_destroy(struct ieee80211_key *key,
760 				  bool delay_tailroom)
761 {
762 	if (!key)
763 		return;
764 
765 	/*
766 	 * Synchronize so the TX path and rcu key iterators
767 	 * can no longer be using this key before we free/remove it.
768 	 */
769 	synchronize_net();
770 
771 	__ieee80211_key_destroy(key, delay_tailroom);
772 }
773 
774 void ieee80211_key_free_unused(struct ieee80211_key *key)
775 {
776 	WARN_ON(key->sdata || key->local);
777 	ieee80211_key_free_common(key);
778 }
779 
780 static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
781 				    struct ieee80211_key *old,
782 				    struct ieee80211_key *new)
783 {
784 	u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
785 	u8 *tk_old, *tk_new;
786 
787 	if (!old || new->conf.keylen != old->conf.keylen)
788 		return false;
789 
790 	tk_old = old->conf.key;
791 	tk_new = new->conf.key;
792 
793 	/*
794 	 * In station mode, don't compare the TX MIC key, as it's never used
795 	 * and offloaded rekeying may not care to send it to the host. This
796 	 * is the case in iwlwifi, for example.
797 	 */
798 	if (sdata->vif.type == NL80211_IFTYPE_STATION &&
799 	    new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
800 	    new->conf.keylen == WLAN_KEY_LEN_TKIP &&
801 	    !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
802 		memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
803 		memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
804 		memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
805 		memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
806 		tk_old = tkip_old;
807 		tk_new = tkip_new;
808 	}
809 
810 	return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
811 }
812 
813 int ieee80211_key_link(struct ieee80211_key *key,
814 		       struct ieee80211_sub_if_data *sdata,
815 		       struct sta_info *sta)
816 {
817 	struct ieee80211_key *old_key;
818 	int idx = key->conf.keyidx;
819 	bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
820 	/*
821 	 * We want to delay tailroom updates only for station - in that
822 	 * case it helps roaming speed, but in other cases it hurts and
823 	 * can cause warnings to appear.
824 	 */
825 	bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
826 	int ret = -EOPNOTSUPP;
827 
828 	mutex_lock(&sdata->local->key_mtx);
829 
830 	if (sta && pairwise) {
831 		struct ieee80211_key *alt_key;
832 
833 		old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
834 		alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]);
835 
836 		/* The rekey code assumes that the old and new key are using
837 		 * the same cipher. Enforce the assumption for pairwise keys.
838 		 */
839 		if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
840 		    (old_key && old_key->conf.cipher != key->conf.cipher))
841 			goto out;
842 	} else if (sta) {
843 		old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
844 	} else {
845 		old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
846 	}
847 
848 	/* Non-pairwise keys must also not switch the cipher on rekey */
849 	if (!pairwise) {
850 		if (old_key && old_key->conf.cipher != key->conf.cipher)
851 			goto out;
852 	}
853 
854 	/*
855 	 * Silently accept key re-installation without really installing the
856 	 * new version of the key to avoid nonce reuse or replay issues.
857 	 */
858 	if (ieee80211_key_identical(sdata, old_key, key)) {
859 		ieee80211_key_free_unused(key);
860 		ret = 0;
861 		goto out;
862 	}
863 
864 	key->local = sdata->local;
865 	key->sdata = sdata;
866 	key->sta = sta;
867 
868 	increment_tailroom_need_count(sdata);
869 
870 	ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
871 
872 	if (!ret) {
873 		ieee80211_debugfs_key_add(key);
874 		ieee80211_key_destroy(old_key, delay_tailroom);
875 	} else {
876 		ieee80211_key_free(key, delay_tailroom);
877 	}
878 
879  out:
880 	mutex_unlock(&sdata->local->key_mtx);
881 
882 	return ret;
883 }
884 
885 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
886 {
887 	if (!key)
888 		return;
889 
890 	/*
891 	 * Replace key with nothingness if it was ever used.
892 	 */
893 	if (key->sdata)
894 		ieee80211_key_replace(key->sdata, key->sta,
895 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
896 				key, NULL);
897 	ieee80211_key_destroy(key, delay_tailroom);
898 }
899 
900 void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
901 {
902 	struct ieee80211_key *key;
903 	struct ieee80211_sub_if_data *vlan;
904 
905 	ASSERT_RTNL();
906 
907 	mutex_lock(&sdata->local->key_mtx);
908 
909 	sdata->crypto_tx_tailroom_needed_cnt = 0;
910 	sdata->crypto_tx_tailroom_pending_dec = 0;
911 
912 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
913 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
914 			vlan->crypto_tx_tailroom_needed_cnt = 0;
915 			vlan->crypto_tx_tailroom_pending_dec = 0;
916 		}
917 	}
918 
919 	if (ieee80211_sdata_running(sdata)) {
920 		list_for_each_entry(key, &sdata->key_list, list) {
921 			increment_tailroom_need_count(sdata);
922 			ieee80211_key_enable_hw_accel(key);
923 		}
924 	}
925 
926 	mutex_unlock(&sdata->local->key_mtx);
927 }
928 
929 void ieee80211_iter_keys(struct ieee80211_hw *hw,
930 			 struct ieee80211_vif *vif,
931 			 void (*iter)(struct ieee80211_hw *hw,
932 				      struct ieee80211_vif *vif,
933 				      struct ieee80211_sta *sta,
934 				      struct ieee80211_key_conf *key,
935 				      void *data),
936 			 void *iter_data)
937 {
938 	struct ieee80211_local *local = hw_to_local(hw);
939 	struct ieee80211_key *key, *tmp;
940 	struct ieee80211_sub_if_data *sdata;
941 
942 	ASSERT_RTNL();
943 
944 	mutex_lock(&local->key_mtx);
945 	if (vif) {
946 		sdata = vif_to_sdata(vif);
947 		list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
948 			iter(hw, &sdata->vif,
949 			     key->sta ? &key->sta->sta : NULL,
950 			     &key->conf, iter_data);
951 	} else {
952 		list_for_each_entry(sdata, &local->interfaces, list)
953 			list_for_each_entry_safe(key, tmp,
954 						 &sdata->key_list, list)
955 				iter(hw, &sdata->vif,
956 				     key->sta ? &key->sta->sta : NULL,
957 				     &key->conf, iter_data);
958 	}
959 	mutex_unlock(&local->key_mtx);
960 }
961 EXPORT_SYMBOL(ieee80211_iter_keys);
962 
963 static void
964 _ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
965 			 struct ieee80211_sub_if_data *sdata,
966 			 void (*iter)(struct ieee80211_hw *hw,
967 				      struct ieee80211_vif *vif,
968 				      struct ieee80211_sta *sta,
969 				      struct ieee80211_key_conf *key,
970 				      void *data),
971 			 void *iter_data)
972 {
973 	struct ieee80211_key *key;
974 
975 	list_for_each_entry_rcu(key, &sdata->key_list, list) {
976 		/* skip keys of station in removal process */
977 		if (key->sta && key->sta->removed)
978 			continue;
979 		if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
980 			continue;
981 
982 		iter(hw, &sdata->vif,
983 		     key->sta ? &key->sta->sta : NULL,
984 		     &key->conf, iter_data);
985 	}
986 }
987 
988 void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
989 			     struct ieee80211_vif *vif,
990 			     void (*iter)(struct ieee80211_hw *hw,
991 					  struct ieee80211_vif *vif,
992 					  struct ieee80211_sta *sta,
993 					  struct ieee80211_key_conf *key,
994 					  void *data),
995 			     void *iter_data)
996 {
997 	struct ieee80211_local *local = hw_to_local(hw);
998 	struct ieee80211_sub_if_data *sdata;
999 
1000 	if (vif) {
1001 		sdata = vif_to_sdata(vif);
1002 		_ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1003 	} else {
1004 		list_for_each_entry_rcu(sdata, &local->interfaces, list)
1005 			_ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1006 	}
1007 }
1008 EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
1009 
1010 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
1011 				      struct list_head *keys)
1012 {
1013 	struct ieee80211_key *key, *tmp;
1014 
1015 	decrease_tailroom_need_count(sdata,
1016 				     sdata->crypto_tx_tailroom_pending_dec);
1017 	sdata->crypto_tx_tailroom_pending_dec = 0;
1018 
1019 	ieee80211_debugfs_key_remove_mgmt_default(sdata);
1020 	ieee80211_debugfs_key_remove_beacon_default(sdata);
1021 
1022 	list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1023 		ieee80211_key_replace(key->sdata, key->sta,
1024 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1025 				key, NULL);
1026 		list_add_tail(&key->list, keys);
1027 	}
1028 
1029 	ieee80211_debugfs_key_update_default(sdata);
1030 }
1031 
1032 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
1033 			 bool force_synchronize)
1034 {
1035 	struct ieee80211_local *local = sdata->local;
1036 	struct ieee80211_sub_if_data *vlan;
1037 	struct ieee80211_sub_if_data *master;
1038 	struct ieee80211_key *key, *tmp;
1039 	LIST_HEAD(keys);
1040 
1041 	cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
1042 
1043 	mutex_lock(&local->key_mtx);
1044 
1045 	ieee80211_free_keys_iface(sdata, &keys);
1046 
1047 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
1048 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1049 			ieee80211_free_keys_iface(vlan, &keys);
1050 	}
1051 
1052 	if (!list_empty(&keys) || force_synchronize)
1053 		synchronize_net();
1054 	list_for_each_entry_safe(key, tmp, &keys, list)
1055 		__ieee80211_key_destroy(key, false);
1056 
1057 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1058 		if (sdata->bss) {
1059 			master = container_of(sdata->bss,
1060 					      struct ieee80211_sub_if_data,
1061 					      u.ap);
1062 
1063 			WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1064 				     master->crypto_tx_tailroom_needed_cnt);
1065 		}
1066 	} else {
1067 		WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1068 			     sdata->crypto_tx_tailroom_pending_dec);
1069 	}
1070 
1071 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
1072 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1073 			WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1074 				     vlan->crypto_tx_tailroom_pending_dec);
1075 	}
1076 
1077 	mutex_unlock(&local->key_mtx);
1078 }
1079 
1080 void ieee80211_free_sta_keys(struct ieee80211_local *local,
1081 			     struct sta_info *sta)
1082 {
1083 	struct ieee80211_key *key;
1084 	int i;
1085 
1086 	mutex_lock(&local->key_mtx);
1087 	for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
1088 		key = key_mtx_dereference(local, sta->gtk[i]);
1089 		if (!key)
1090 			continue;
1091 		ieee80211_key_replace(key->sdata, key->sta,
1092 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1093 				key, NULL);
1094 		__ieee80211_key_destroy(key, key->sdata->vif.type ==
1095 					NL80211_IFTYPE_STATION);
1096 	}
1097 
1098 	for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1099 		key = key_mtx_dereference(local, sta->ptk[i]);
1100 		if (!key)
1101 			continue;
1102 		ieee80211_key_replace(key->sdata, key->sta,
1103 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1104 				key, NULL);
1105 		__ieee80211_key_destroy(key, key->sdata->vif.type ==
1106 					NL80211_IFTYPE_STATION);
1107 	}
1108 
1109 	mutex_unlock(&local->key_mtx);
1110 }
1111 
1112 void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
1113 {
1114 	struct ieee80211_sub_if_data *sdata;
1115 
1116 	sdata = container_of(wk, struct ieee80211_sub_if_data,
1117 			     dec_tailroom_needed_wk.work);
1118 
1119 	/*
1120 	 * The reason for the delayed tailroom needed decrementing is to
1121 	 * make roaming faster: during roaming, all keys are first deleted
1122 	 * and then new keys are installed. The first new key causes the
1123 	 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1124 	 * the cost of synchronize_net() (which can be slow). Avoid this
1125 	 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1126 	 * key removal for a while, so if we roam the value is larger than
1127 	 * zero and no 0->1 transition happens.
1128 	 *
1129 	 * The cost is that if the AP switching was from an AP with keys
1130 	 * to one without, we still allocate tailroom while it would no
1131 	 * longer be needed. However, in the typical (fast) roaming case
1132 	 * within an ESS this usually won't happen.
1133 	 */
1134 
1135 	mutex_lock(&sdata->local->key_mtx);
1136 	decrease_tailroom_need_count(sdata,
1137 				     sdata->crypto_tx_tailroom_pending_dec);
1138 	sdata->crypto_tx_tailroom_pending_dec = 0;
1139 	mutex_unlock(&sdata->local->key_mtx);
1140 }
1141 
1142 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1143 				const u8 *replay_ctr, gfp_t gfp)
1144 {
1145 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1146 
1147 	trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1148 
1149 	cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1150 }
1151 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1152 
1153 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1154 			      int tid, struct ieee80211_key_seq *seq)
1155 {
1156 	struct ieee80211_key *key;
1157 	const u8 *pn;
1158 
1159 	key = container_of(keyconf, struct ieee80211_key, conf);
1160 
1161 	switch (key->conf.cipher) {
1162 	case WLAN_CIPHER_SUITE_TKIP:
1163 		if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1164 			return;
1165 		seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1166 		seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1167 		break;
1168 	case WLAN_CIPHER_SUITE_CCMP:
1169 	case WLAN_CIPHER_SUITE_CCMP_256:
1170 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1171 			return;
1172 		if (tid < 0)
1173 			pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1174 		else
1175 			pn = key->u.ccmp.rx_pn[tid];
1176 		memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1177 		break;
1178 	case WLAN_CIPHER_SUITE_AES_CMAC:
1179 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1180 		if (WARN_ON(tid != 0))
1181 			return;
1182 		pn = key->u.aes_cmac.rx_pn;
1183 		memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1184 		break;
1185 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1186 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1187 		if (WARN_ON(tid != 0))
1188 			return;
1189 		pn = key->u.aes_gmac.rx_pn;
1190 		memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1191 		break;
1192 	case WLAN_CIPHER_SUITE_GCMP:
1193 	case WLAN_CIPHER_SUITE_GCMP_256:
1194 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1195 			return;
1196 		if (tid < 0)
1197 			pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1198 		else
1199 			pn = key->u.gcmp.rx_pn[tid];
1200 		memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1201 		break;
1202 	}
1203 }
1204 EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1205 
1206 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1207 			      int tid, struct ieee80211_key_seq *seq)
1208 {
1209 	struct ieee80211_key *key;
1210 	u8 *pn;
1211 
1212 	key = container_of(keyconf, struct ieee80211_key, conf);
1213 
1214 	switch (key->conf.cipher) {
1215 	case WLAN_CIPHER_SUITE_TKIP:
1216 		if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1217 			return;
1218 		key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1219 		key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1220 		break;
1221 	case WLAN_CIPHER_SUITE_CCMP:
1222 	case WLAN_CIPHER_SUITE_CCMP_256:
1223 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1224 			return;
1225 		if (tid < 0)
1226 			pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1227 		else
1228 			pn = key->u.ccmp.rx_pn[tid];
1229 		memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1230 		break;
1231 	case WLAN_CIPHER_SUITE_AES_CMAC:
1232 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1233 		if (WARN_ON(tid != 0))
1234 			return;
1235 		pn = key->u.aes_cmac.rx_pn;
1236 		memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1237 		break;
1238 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1239 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1240 		if (WARN_ON(tid != 0))
1241 			return;
1242 		pn = key->u.aes_gmac.rx_pn;
1243 		memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1244 		break;
1245 	case WLAN_CIPHER_SUITE_GCMP:
1246 	case WLAN_CIPHER_SUITE_GCMP_256:
1247 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1248 			return;
1249 		if (tid < 0)
1250 			pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1251 		else
1252 			pn = key->u.gcmp.rx_pn[tid];
1253 		memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1254 		break;
1255 	default:
1256 		WARN_ON(1);
1257 		break;
1258 	}
1259 }
1260 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1261 
1262 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1263 {
1264 	struct ieee80211_key *key;
1265 
1266 	key = container_of(keyconf, struct ieee80211_key, conf);
1267 
1268 	assert_key_lock(key->local);
1269 
1270 	/*
1271 	 * if key was uploaded, we assume the driver will/has remove(d)
1272 	 * it, so adjust bookkeeping accordingly
1273 	 */
1274 	if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1275 		key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1276 
1277 		if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1278 					 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1279 					 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1280 			increment_tailroom_need_count(key->sdata);
1281 	}
1282 
1283 	ieee80211_key_free(key, false);
1284 }
1285 EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1286 
1287 struct ieee80211_key_conf *
1288 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1289 			struct ieee80211_key_conf *keyconf)
1290 {
1291 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1292 	struct ieee80211_local *local = sdata->local;
1293 	struct ieee80211_key *key;
1294 	int err;
1295 
1296 	if (WARN_ON(!local->wowlan))
1297 		return ERR_PTR(-EINVAL);
1298 
1299 	if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1300 		return ERR_PTR(-EINVAL);
1301 
1302 	key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1303 				  keyconf->keylen, keyconf->key,
1304 				  0, NULL, NULL);
1305 	if (IS_ERR(key))
1306 		return ERR_CAST(key);
1307 
1308 	if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1309 		key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1310 
1311 	err = ieee80211_key_link(key, sdata, NULL);
1312 	if (err)
1313 		return ERR_PTR(err);
1314 
1315 	return &key->conf;
1316 }
1317 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1318