1 /* 2 * Copyright 2002-2005, Instant802 Networks, Inc. 3 * Copyright 2005-2006, Devicescape Software, Inc. 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License version 2 as 10 * published by the Free Software Foundation. 11 */ 12 13 #include <linux/if_ether.h> 14 #include <linux/etherdevice.h> 15 #include <linux/list.h> 16 #include <linux/rcupdate.h> 17 #include <linux/rtnetlink.h> 18 #include <linux/slab.h> 19 #include <linux/export.h> 20 #include <net/mac80211.h> 21 #include <asm/unaligned.h> 22 #include "ieee80211_i.h" 23 #include "driver-ops.h" 24 #include "debugfs_key.h" 25 #include "aes_ccm.h" 26 #include "aes_cmac.h" 27 28 29 /** 30 * DOC: Key handling basics 31 * 32 * Key handling in mac80211 is done based on per-interface (sub_if_data) 33 * keys and per-station keys. Since each station belongs to an interface, 34 * each station key also belongs to that interface. 35 * 36 * Hardware acceleration is done on a best-effort basis for algorithms 37 * that are implemented in software, for each key the hardware is asked 38 * to enable that key for offloading but if it cannot do that the key is 39 * simply kept for software encryption (unless it is for an algorithm 40 * that isn't implemented in software). 41 * There is currently no way of knowing whether a key is handled in SW 42 * or HW except by looking into debugfs. 43 * 44 * All key management is internally protected by a mutex. Within all 45 * other parts of mac80211, key references are, just as STA structure 46 * references, protected by RCU. Note, however, that some things are 47 * unprotected, namely the key->sta dereferences within the hardware 48 * acceleration functions. This means that sta_info_destroy() must 49 * remove the key which waits for an RCU grace period. 50 */ 51 52 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 53 54 static void assert_key_lock(struct ieee80211_local *local) 55 { 56 lockdep_assert_held(&local->key_mtx); 57 } 58 59 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata) 60 { 61 /* 62 * When this count is zero, SKB resizing for allocating tailroom 63 * for IV or MMIC is skipped. But, this check has created two race 64 * cases in xmit path while transiting from zero count to one: 65 * 66 * 1. SKB resize was skipped because no key was added but just before 67 * the xmit key is added and SW encryption kicks off. 68 * 69 * 2. SKB resize was skipped because all the keys were hw planted but 70 * just before xmit one of the key is deleted and SW encryption kicks 71 * off. 72 * 73 * In both the above case SW encryption will find not enough space for 74 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c) 75 * 76 * Solution has been explained at 77 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net 78 */ 79 80 if (!sdata->crypto_tx_tailroom_needed_cnt++) { 81 /* 82 * Flush all XMIT packets currently using HW encryption or no 83 * encryption at all if the count transition is from 0 -> 1. 84 */ 85 synchronize_net(); 86 } 87 } 88 89 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) 90 { 91 struct ieee80211_sub_if_data *sdata; 92 struct sta_info *sta; 93 int ret; 94 95 might_sleep(); 96 97 if (key->flags & KEY_FLAG_TAINTED) 98 return -EINVAL; 99 100 if (!key->local->ops->set_key) 101 goto out_unsupported; 102 103 assert_key_lock(key->local); 104 105 sta = key->sta; 106 107 /* 108 * If this is a per-STA GTK, check if it 109 * is supported; if not, return. 110 */ 111 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) && 112 !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)) 113 goto out_unsupported; 114 115 if (sta && !sta->uploaded) 116 goto out_unsupported; 117 118 sdata = key->sdata; 119 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { 120 /* 121 * The driver doesn't know anything about VLAN interfaces. 122 * Hence, don't send GTKs for VLAN interfaces to the driver. 123 */ 124 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) 125 goto out_unsupported; 126 } 127 128 ret = drv_set_key(key->local, SET_KEY, sdata, 129 sta ? &sta->sta : NULL, &key->conf); 130 131 if (!ret) { 132 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 133 134 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 135 sdata->crypto_tx_tailroom_needed_cnt--; 136 137 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && 138 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)); 139 140 return 0; 141 } 142 143 if (ret != -ENOSPC && ret != -EOPNOTSUPP) 144 sdata_err(sdata, 145 "failed to set key (%d, %pM) to hardware (%d)\n", 146 key->conf.keyidx, 147 sta ? sta->sta.addr : bcast_addr, ret); 148 149 out_unsupported: 150 switch (key->conf.cipher) { 151 case WLAN_CIPHER_SUITE_WEP40: 152 case WLAN_CIPHER_SUITE_WEP104: 153 case WLAN_CIPHER_SUITE_TKIP: 154 case WLAN_CIPHER_SUITE_CCMP: 155 case WLAN_CIPHER_SUITE_AES_CMAC: 156 /* all of these we can do in software */ 157 return 0; 158 default: 159 return -EINVAL; 160 } 161 } 162 163 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) 164 { 165 struct ieee80211_sub_if_data *sdata; 166 struct sta_info *sta; 167 int ret; 168 169 might_sleep(); 170 171 if (!key || !key->local->ops->set_key) 172 return; 173 174 assert_key_lock(key->local); 175 176 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 177 return; 178 179 sta = key->sta; 180 sdata = key->sdata; 181 182 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 183 increment_tailroom_need_count(sdata); 184 185 ret = drv_set_key(key->local, DISABLE_KEY, sdata, 186 sta ? &sta->sta : NULL, &key->conf); 187 188 if (ret) 189 sdata_err(sdata, 190 "failed to remove key (%d, %pM) from hardware (%d)\n", 191 key->conf.keyidx, 192 sta ? sta->sta.addr : bcast_addr, ret); 193 194 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 195 } 196 197 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 198 int idx, bool uni, bool multi) 199 { 200 struct ieee80211_key *key = NULL; 201 202 assert_key_lock(sdata->local); 203 204 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) 205 key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 206 207 if (uni) { 208 rcu_assign_pointer(sdata->default_unicast_key, key); 209 drv_set_default_unicast_key(sdata->local, sdata, idx); 210 } 211 212 if (multi) 213 rcu_assign_pointer(sdata->default_multicast_key, key); 214 215 ieee80211_debugfs_key_update_default(sdata); 216 } 217 218 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx, 219 bool uni, bool multi) 220 { 221 mutex_lock(&sdata->local->key_mtx); 222 __ieee80211_set_default_key(sdata, idx, uni, multi); 223 mutex_unlock(&sdata->local->key_mtx); 224 } 225 226 static void 227 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx) 228 { 229 struct ieee80211_key *key = NULL; 230 231 assert_key_lock(sdata->local); 232 233 if (idx >= NUM_DEFAULT_KEYS && 234 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 235 key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 236 237 rcu_assign_pointer(sdata->default_mgmt_key, key); 238 239 ieee80211_debugfs_key_update_default(sdata); 240 } 241 242 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 243 int idx) 244 { 245 mutex_lock(&sdata->local->key_mtx); 246 __ieee80211_set_default_mgmt_key(sdata, idx); 247 mutex_unlock(&sdata->local->key_mtx); 248 } 249 250 251 static void ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 252 struct sta_info *sta, 253 bool pairwise, 254 struct ieee80211_key *old, 255 struct ieee80211_key *new) 256 { 257 int idx; 258 bool defunikey, defmultikey, defmgmtkey; 259 260 /* caller must provide at least one old/new */ 261 if (WARN_ON(!new && !old)) 262 return; 263 264 if (new) 265 list_add_tail(&new->list, &sdata->key_list); 266 267 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); 268 269 if (old) 270 idx = old->conf.keyidx; 271 else 272 idx = new->conf.keyidx; 273 274 if (sta) { 275 if (pairwise) { 276 rcu_assign_pointer(sta->ptk[idx], new); 277 sta->ptk_idx = idx; 278 } else { 279 rcu_assign_pointer(sta->gtk[idx], new); 280 sta->gtk_idx = idx; 281 } 282 } else { 283 defunikey = old && 284 old == key_mtx_dereference(sdata->local, 285 sdata->default_unicast_key); 286 defmultikey = old && 287 old == key_mtx_dereference(sdata->local, 288 sdata->default_multicast_key); 289 defmgmtkey = old && 290 old == key_mtx_dereference(sdata->local, 291 sdata->default_mgmt_key); 292 293 if (defunikey && !new) 294 __ieee80211_set_default_key(sdata, -1, true, false); 295 if (defmultikey && !new) 296 __ieee80211_set_default_key(sdata, -1, false, true); 297 if (defmgmtkey && !new) 298 __ieee80211_set_default_mgmt_key(sdata, -1); 299 300 rcu_assign_pointer(sdata->keys[idx], new); 301 if (defunikey && new) 302 __ieee80211_set_default_key(sdata, new->conf.keyidx, 303 true, false); 304 if (defmultikey && new) 305 __ieee80211_set_default_key(sdata, new->conf.keyidx, 306 false, true); 307 if (defmgmtkey && new) 308 __ieee80211_set_default_mgmt_key(sdata, 309 new->conf.keyidx); 310 } 311 312 if (old) 313 list_del(&old->list); 314 } 315 316 struct ieee80211_key * 317 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, 318 const u8 *key_data, 319 size_t seq_len, const u8 *seq, 320 const struct ieee80211_cipher_scheme *cs) 321 { 322 struct ieee80211_key *key; 323 int i, j, err; 324 325 if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)) 326 return ERR_PTR(-EINVAL); 327 328 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); 329 if (!key) 330 return ERR_PTR(-ENOMEM); 331 332 /* 333 * Default to software encryption; we'll later upload the 334 * key to the hardware if possible. 335 */ 336 key->conf.flags = 0; 337 key->flags = 0; 338 339 key->conf.cipher = cipher; 340 key->conf.keyidx = idx; 341 key->conf.keylen = key_len; 342 switch (cipher) { 343 case WLAN_CIPHER_SUITE_WEP40: 344 case WLAN_CIPHER_SUITE_WEP104: 345 key->conf.iv_len = IEEE80211_WEP_IV_LEN; 346 key->conf.icv_len = IEEE80211_WEP_ICV_LEN; 347 break; 348 case WLAN_CIPHER_SUITE_TKIP: 349 key->conf.iv_len = IEEE80211_TKIP_IV_LEN; 350 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN; 351 if (seq) { 352 for (i = 0; i < IEEE80211_NUM_TIDS; i++) { 353 key->u.tkip.rx[i].iv32 = 354 get_unaligned_le32(&seq[2]); 355 key->u.tkip.rx[i].iv16 = 356 get_unaligned_le16(seq); 357 } 358 } 359 spin_lock_init(&key->u.tkip.txlock); 360 break; 361 case WLAN_CIPHER_SUITE_CCMP: 362 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN; 363 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN; 364 if (seq) { 365 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) 366 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++) 367 key->u.ccmp.rx_pn[i][j] = 368 seq[IEEE80211_CCMP_PN_LEN - j - 1]; 369 } 370 /* 371 * Initialize AES key state here as an optimization so that 372 * it does not need to be initialized for every packet. 373 */ 374 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data); 375 if (IS_ERR(key->u.ccmp.tfm)) { 376 err = PTR_ERR(key->u.ccmp.tfm); 377 kfree(key); 378 return ERR_PTR(err); 379 } 380 break; 381 case WLAN_CIPHER_SUITE_AES_CMAC: 382 key->conf.iv_len = 0; 383 key->conf.icv_len = sizeof(struct ieee80211_mmie); 384 if (seq) 385 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++) 386 key->u.aes_cmac.rx_pn[j] = 387 seq[IEEE80211_CMAC_PN_LEN - j - 1]; 388 /* 389 * Initialize AES key state here as an optimization so that 390 * it does not need to be initialized for every packet. 391 */ 392 key->u.aes_cmac.tfm = 393 ieee80211_aes_cmac_key_setup(key_data); 394 if (IS_ERR(key->u.aes_cmac.tfm)) { 395 err = PTR_ERR(key->u.aes_cmac.tfm); 396 kfree(key); 397 return ERR_PTR(err); 398 } 399 break; 400 default: 401 if (cs) { 402 size_t len = (seq_len > MAX_PN_LEN) ? 403 MAX_PN_LEN : seq_len; 404 405 key->conf.iv_len = cs->hdr_len; 406 key->conf.icv_len = cs->mic_len; 407 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) 408 for (j = 0; j < len; j++) 409 key->u.gen.rx_pn[i][j] = 410 seq[len - j - 1]; 411 } 412 } 413 memcpy(key->conf.key, key_data, key_len); 414 INIT_LIST_HEAD(&key->list); 415 416 return key; 417 } 418 419 static void ieee80211_key_free_common(struct ieee80211_key *key) 420 { 421 if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP) 422 ieee80211_aes_key_free(key->u.ccmp.tfm); 423 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC) 424 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); 425 kzfree(key); 426 } 427 428 static void __ieee80211_key_destroy(struct ieee80211_key *key, 429 bool delay_tailroom) 430 { 431 if (key->local) 432 ieee80211_key_disable_hw_accel(key); 433 434 if (key->local) { 435 struct ieee80211_sub_if_data *sdata = key->sdata; 436 437 ieee80211_debugfs_key_remove(key); 438 439 if (delay_tailroom) { 440 /* see ieee80211_delayed_tailroom_dec */ 441 sdata->crypto_tx_tailroom_pending_dec++; 442 schedule_delayed_work(&sdata->dec_tailroom_needed_wk, 443 HZ/2); 444 } else { 445 sdata->crypto_tx_tailroom_needed_cnt--; 446 } 447 } 448 449 ieee80211_key_free_common(key); 450 } 451 452 static void ieee80211_key_destroy(struct ieee80211_key *key, 453 bool delay_tailroom) 454 { 455 if (!key) 456 return; 457 458 /* 459 * Synchronize so the TX path can no longer be using 460 * this key before we free/remove it. 461 */ 462 synchronize_net(); 463 464 __ieee80211_key_destroy(key, delay_tailroom); 465 } 466 467 void ieee80211_key_free_unused(struct ieee80211_key *key) 468 { 469 WARN_ON(key->sdata || key->local); 470 ieee80211_key_free_common(key); 471 } 472 473 int ieee80211_key_link(struct ieee80211_key *key, 474 struct ieee80211_sub_if_data *sdata, 475 struct sta_info *sta) 476 { 477 struct ieee80211_local *local = sdata->local; 478 struct ieee80211_key *old_key; 479 int idx, ret; 480 bool pairwise; 481 482 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; 483 idx = key->conf.keyidx; 484 key->local = sdata->local; 485 key->sdata = sdata; 486 key->sta = sta; 487 488 mutex_lock(&sdata->local->key_mtx); 489 490 if (sta && pairwise) 491 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]); 492 else if (sta) 493 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]); 494 else 495 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 496 497 increment_tailroom_need_count(sdata); 498 499 ieee80211_key_replace(sdata, sta, pairwise, old_key, key); 500 ieee80211_key_destroy(old_key, true); 501 502 ieee80211_debugfs_key_add(key); 503 504 if (!local->wowlan) { 505 ret = ieee80211_key_enable_hw_accel(key); 506 if (ret) 507 ieee80211_key_free(key, true); 508 } else { 509 ret = 0; 510 } 511 512 mutex_unlock(&sdata->local->key_mtx); 513 514 return ret; 515 } 516 517 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom) 518 { 519 if (!key) 520 return; 521 522 /* 523 * Replace key with nothingness if it was ever used. 524 */ 525 if (key->sdata) 526 ieee80211_key_replace(key->sdata, key->sta, 527 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 528 key, NULL); 529 ieee80211_key_destroy(key, delay_tailroom); 530 } 531 532 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) 533 { 534 struct ieee80211_key *key; 535 536 ASSERT_RTNL(); 537 538 if (WARN_ON(!ieee80211_sdata_running(sdata))) 539 return; 540 541 mutex_lock(&sdata->local->key_mtx); 542 543 sdata->crypto_tx_tailroom_needed_cnt = 0; 544 545 list_for_each_entry(key, &sdata->key_list, list) { 546 increment_tailroom_need_count(sdata); 547 ieee80211_key_enable_hw_accel(key); 548 } 549 550 mutex_unlock(&sdata->local->key_mtx); 551 } 552 553 void ieee80211_iter_keys(struct ieee80211_hw *hw, 554 struct ieee80211_vif *vif, 555 void (*iter)(struct ieee80211_hw *hw, 556 struct ieee80211_vif *vif, 557 struct ieee80211_sta *sta, 558 struct ieee80211_key_conf *key, 559 void *data), 560 void *iter_data) 561 { 562 struct ieee80211_local *local = hw_to_local(hw); 563 struct ieee80211_key *key, *tmp; 564 struct ieee80211_sub_if_data *sdata; 565 566 ASSERT_RTNL(); 567 568 mutex_lock(&local->key_mtx); 569 if (vif) { 570 sdata = vif_to_sdata(vif); 571 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) 572 iter(hw, &sdata->vif, 573 key->sta ? &key->sta->sta : NULL, 574 &key->conf, iter_data); 575 } else { 576 list_for_each_entry(sdata, &local->interfaces, list) 577 list_for_each_entry_safe(key, tmp, 578 &sdata->key_list, list) 579 iter(hw, &sdata->vif, 580 key->sta ? &key->sta->sta : NULL, 581 &key->conf, iter_data); 582 } 583 mutex_unlock(&local->key_mtx); 584 } 585 EXPORT_SYMBOL(ieee80211_iter_keys); 586 587 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata, 588 struct list_head *keys) 589 { 590 struct ieee80211_key *key, *tmp; 591 592 sdata->crypto_tx_tailroom_needed_cnt -= 593 sdata->crypto_tx_tailroom_pending_dec; 594 sdata->crypto_tx_tailroom_pending_dec = 0; 595 596 ieee80211_debugfs_key_remove_mgmt_default(sdata); 597 598 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) { 599 ieee80211_key_replace(key->sdata, key->sta, 600 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 601 key, NULL); 602 list_add_tail(&key->list, keys); 603 } 604 605 ieee80211_debugfs_key_update_default(sdata); 606 } 607 608 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata, 609 bool force_synchronize) 610 { 611 struct ieee80211_local *local = sdata->local; 612 struct ieee80211_sub_if_data *vlan; 613 struct ieee80211_key *key, *tmp; 614 LIST_HEAD(keys); 615 616 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk); 617 618 mutex_lock(&local->key_mtx); 619 620 ieee80211_free_keys_iface(sdata, &keys); 621 622 if (sdata->vif.type == NL80211_IFTYPE_AP) { 623 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 624 ieee80211_free_keys_iface(vlan, &keys); 625 } 626 627 if (!list_empty(&keys) || force_synchronize) 628 synchronize_net(); 629 list_for_each_entry_safe(key, tmp, &keys, list) 630 __ieee80211_key_destroy(key, false); 631 632 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt || 633 sdata->crypto_tx_tailroom_pending_dec); 634 if (sdata->vif.type == NL80211_IFTYPE_AP) { 635 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 636 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt || 637 vlan->crypto_tx_tailroom_pending_dec); 638 } 639 640 mutex_unlock(&local->key_mtx); 641 } 642 643 void ieee80211_free_sta_keys(struct ieee80211_local *local, 644 struct sta_info *sta) 645 { 646 struct ieee80211_key *key; 647 int i; 648 649 mutex_lock(&local->key_mtx); 650 for (i = 0; i < NUM_DEFAULT_KEYS; i++) { 651 key = key_mtx_dereference(local, sta->gtk[i]); 652 if (!key) 653 continue; 654 ieee80211_key_replace(key->sdata, key->sta, 655 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 656 key, NULL); 657 __ieee80211_key_destroy(key, true); 658 } 659 660 for (i = 0; i < NUM_DEFAULT_KEYS; i++) { 661 key = key_mtx_dereference(local, sta->ptk[i]); 662 if (!key) 663 continue; 664 ieee80211_key_replace(key->sdata, key->sta, 665 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 666 key, NULL); 667 __ieee80211_key_destroy(key, true); 668 } 669 670 mutex_unlock(&local->key_mtx); 671 } 672 673 void ieee80211_delayed_tailroom_dec(struct work_struct *wk) 674 { 675 struct ieee80211_sub_if_data *sdata; 676 677 sdata = container_of(wk, struct ieee80211_sub_if_data, 678 dec_tailroom_needed_wk.work); 679 680 /* 681 * The reason for the delayed tailroom needed decrementing is to 682 * make roaming faster: during roaming, all keys are first deleted 683 * and then new keys are installed. The first new key causes the 684 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes 685 * the cost of synchronize_net() (which can be slow). Avoid this 686 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on 687 * key removal for a while, so if we roam the value is larger than 688 * zero and no 0->1 transition happens. 689 * 690 * The cost is that if the AP switching was from an AP with keys 691 * to one without, we still allocate tailroom while it would no 692 * longer be needed. However, in the typical (fast) roaming case 693 * within an ESS this usually won't happen. 694 */ 695 696 mutex_lock(&sdata->local->key_mtx); 697 sdata->crypto_tx_tailroom_needed_cnt -= 698 sdata->crypto_tx_tailroom_pending_dec; 699 sdata->crypto_tx_tailroom_pending_dec = 0; 700 mutex_unlock(&sdata->local->key_mtx); 701 } 702 703 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid, 704 const u8 *replay_ctr, gfp_t gfp) 705 { 706 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 707 708 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr); 709 710 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp); 711 } 712 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify); 713 714 void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf, 715 struct ieee80211_key_seq *seq) 716 { 717 struct ieee80211_key *key; 718 u64 pn64; 719 720 if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV))) 721 return; 722 723 key = container_of(keyconf, struct ieee80211_key, conf); 724 725 switch (key->conf.cipher) { 726 case WLAN_CIPHER_SUITE_TKIP: 727 seq->tkip.iv32 = key->u.tkip.tx.iv32; 728 seq->tkip.iv16 = key->u.tkip.tx.iv16; 729 break; 730 case WLAN_CIPHER_SUITE_CCMP: 731 pn64 = atomic64_read(&key->u.ccmp.tx_pn); 732 seq->ccmp.pn[5] = pn64; 733 seq->ccmp.pn[4] = pn64 >> 8; 734 seq->ccmp.pn[3] = pn64 >> 16; 735 seq->ccmp.pn[2] = pn64 >> 24; 736 seq->ccmp.pn[1] = pn64 >> 32; 737 seq->ccmp.pn[0] = pn64 >> 40; 738 break; 739 case WLAN_CIPHER_SUITE_AES_CMAC: 740 pn64 = atomic64_read(&key->u.aes_cmac.tx_pn); 741 seq->ccmp.pn[5] = pn64; 742 seq->ccmp.pn[4] = pn64 >> 8; 743 seq->ccmp.pn[3] = pn64 >> 16; 744 seq->ccmp.pn[2] = pn64 >> 24; 745 seq->ccmp.pn[1] = pn64 >> 32; 746 seq->ccmp.pn[0] = pn64 >> 40; 747 break; 748 default: 749 WARN_ON(1); 750 } 751 } 752 EXPORT_SYMBOL(ieee80211_get_key_tx_seq); 753 754 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf, 755 int tid, struct ieee80211_key_seq *seq) 756 { 757 struct ieee80211_key *key; 758 const u8 *pn; 759 760 key = container_of(keyconf, struct ieee80211_key, conf); 761 762 switch (key->conf.cipher) { 763 case WLAN_CIPHER_SUITE_TKIP: 764 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) 765 return; 766 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32; 767 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16; 768 break; 769 case WLAN_CIPHER_SUITE_CCMP: 770 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) 771 return; 772 if (tid < 0) 773 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; 774 else 775 pn = key->u.ccmp.rx_pn[tid]; 776 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN); 777 break; 778 case WLAN_CIPHER_SUITE_AES_CMAC: 779 if (WARN_ON(tid != 0)) 780 return; 781 pn = key->u.aes_cmac.rx_pn; 782 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN); 783 break; 784 } 785 } 786 EXPORT_SYMBOL(ieee80211_get_key_rx_seq); 787 788 void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf, 789 struct ieee80211_key_seq *seq) 790 { 791 struct ieee80211_key *key; 792 u64 pn64; 793 794 key = container_of(keyconf, struct ieee80211_key, conf); 795 796 switch (key->conf.cipher) { 797 case WLAN_CIPHER_SUITE_TKIP: 798 key->u.tkip.tx.iv32 = seq->tkip.iv32; 799 key->u.tkip.tx.iv16 = seq->tkip.iv16; 800 break; 801 case WLAN_CIPHER_SUITE_CCMP: 802 pn64 = (u64)seq->ccmp.pn[5] | 803 ((u64)seq->ccmp.pn[4] << 8) | 804 ((u64)seq->ccmp.pn[3] << 16) | 805 ((u64)seq->ccmp.pn[2] << 24) | 806 ((u64)seq->ccmp.pn[1] << 32) | 807 ((u64)seq->ccmp.pn[0] << 40); 808 atomic64_set(&key->u.ccmp.tx_pn, pn64); 809 break; 810 case WLAN_CIPHER_SUITE_AES_CMAC: 811 pn64 = (u64)seq->aes_cmac.pn[5] | 812 ((u64)seq->aes_cmac.pn[4] << 8) | 813 ((u64)seq->aes_cmac.pn[3] << 16) | 814 ((u64)seq->aes_cmac.pn[2] << 24) | 815 ((u64)seq->aes_cmac.pn[1] << 32) | 816 ((u64)seq->aes_cmac.pn[0] << 40); 817 atomic64_set(&key->u.aes_cmac.tx_pn, pn64); 818 break; 819 default: 820 WARN_ON(1); 821 break; 822 } 823 } 824 EXPORT_SYMBOL_GPL(ieee80211_set_key_tx_seq); 825 826 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf, 827 int tid, struct ieee80211_key_seq *seq) 828 { 829 struct ieee80211_key *key; 830 u8 *pn; 831 832 key = container_of(keyconf, struct ieee80211_key, conf); 833 834 switch (key->conf.cipher) { 835 case WLAN_CIPHER_SUITE_TKIP: 836 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) 837 return; 838 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32; 839 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16; 840 break; 841 case WLAN_CIPHER_SUITE_CCMP: 842 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) 843 return; 844 if (tid < 0) 845 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; 846 else 847 pn = key->u.ccmp.rx_pn[tid]; 848 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN); 849 break; 850 case WLAN_CIPHER_SUITE_AES_CMAC: 851 if (WARN_ON(tid != 0)) 852 return; 853 pn = key->u.aes_cmac.rx_pn; 854 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN); 855 break; 856 default: 857 WARN_ON(1); 858 break; 859 } 860 } 861 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq); 862 863 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf) 864 { 865 struct ieee80211_key *key; 866 867 key = container_of(keyconf, struct ieee80211_key, conf); 868 869 assert_key_lock(key->local); 870 871 /* 872 * if key was uploaded, we assume the driver will/has remove(d) 873 * it, so adjust bookkeeping accordingly 874 */ 875 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 876 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 877 878 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 879 increment_tailroom_need_count(key->sdata); 880 } 881 882 ieee80211_key_free(key, false); 883 } 884 EXPORT_SYMBOL_GPL(ieee80211_remove_key); 885 886 struct ieee80211_key_conf * 887 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif, 888 struct ieee80211_key_conf *keyconf) 889 { 890 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 891 struct ieee80211_local *local = sdata->local; 892 struct ieee80211_key *key; 893 int err; 894 895 if (WARN_ON(!local->wowlan)) 896 return ERR_PTR(-EINVAL); 897 898 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION)) 899 return ERR_PTR(-EINVAL); 900 901 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx, 902 keyconf->keylen, keyconf->key, 903 0, NULL, NULL); 904 if (IS_ERR(key)) 905 return ERR_CAST(key); 906 907 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED) 908 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT; 909 910 err = ieee80211_key_link(key, sdata, NULL); 911 if (err) 912 return ERR_PTR(err); 913 914 return &key->conf; 915 } 916 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add); 917