1 /* 2 * Copyright 2002-2005, Instant802 Networks, Inc. 3 * Copyright 2005-2006, Devicescape Software, Inc. 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License version 2 as 10 * published by the Free Software Foundation. 11 */ 12 13 #include <linux/if_ether.h> 14 #include <linux/etherdevice.h> 15 #include <linux/list.h> 16 #include <linux/rcupdate.h> 17 #include <linux/rtnetlink.h> 18 #include <linux/slab.h> 19 #include <linux/export.h> 20 #include <net/mac80211.h> 21 #include <asm/unaligned.h> 22 #include "ieee80211_i.h" 23 #include "driver-ops.h" 24 #include "debugfs_key.h" 25 #include "aes_ccm.h" 26 #include "aes_cmac.h" 27 28 29 /** 30 * DOC: Key handling basics 31 * 32 * Key handling in mac80211 is done based on per-interface (sub_if_data) 33 * keys and per-station keys. Since each station belongs to an interface, 34 * each station key also belongs to that interface. 35 * 36 * Hardware acceleration is done on a best-effort basis for algorithms 37 * that are implemented in software, for each key the hardware is asked 38 * to enable that key for offloading but if it cannot do that the key is 39 * simply kept for software encryption (unless it is for an algorithm 40 * that isn't implemented in software). 41 * There is currently no way of knowing whether a key is handled in SW 42 * or HW except by looking into debugfs. 43 * 44 * All key management is internally protected by a mutex. Within all 45 * other parts of mac80211, key references are, just as STA structure 46 * references, protected by RCU. Note, however, that some things are 47 * unprotected, namely the key->sta dereferences within the hardware 48 * acceleration functions. This means that sta_info_destroy() must 49 * remove the key which waits for an RCU grace period. 50 */ 51 52 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 53 54 static void assert_key_lock(struct ieee80211_local *local) 55 { 56 lockdep_assert_held(&local->key_mtx); 57 } 58 59 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata) 60 { 61 /* 62 * When this count is zero, SKB resizing for allocating tailroom 63 * for IV or MMIC is skipped. But, this check has created two race 64 * cases in xmit path while transiting from zero count to one: 65 * 66 * 1. SKB resize was skipped because no key was added but just before 67 * the xmit key is added and SW encryption kicks off. 68 * 69 * 2. SKB resize was skipped because all the keys were hw planted but 70 * just before xmit one of the key is deleted and SW encryption kicks 71 * off. 72 * 73 * In both the above case SW encryption will find not enough space for 74 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c) 75 * 76 * Solution has been explained at 77 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net 78 */ 79 80 if (!sdata->crypto_tx_tailroom_needed_cnt++) { 81 /* 82 * Flush all XMIT packets currently using HW encryption or no 83 * encryption at all if the count transition is from 0 -> 1. 84 */ 85 synchronize_net(); 86 } 87 } 88 89 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) 90 { 91 struct ieee80211_sub_if_data *sdata; 92 struct sta_info *sta; 93 int ret; 94 95 might_sleep(); 96 97 if (key->flags & KEY_FLAG_TAINTED) { 98 /* If we get here, it's during resume and the key is 99 * tainted so shouldn't be used/programmed any more. 100 * However, its flags may still indicate that it was 101 * programmed into the device (since we're in resume) 102 * so clear that flag now to avoid trying to remove 103 * it again later. 104 */ 105 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 106 return -EINVAL; 107 } 108 109 if (!key->local->ops->set_key) 110 goto out_unsupported; 111 112 assert_key_lock(key->local); 113 114 sta = key->sta; 115 116 /* 117 * If this is a per-STA GTK, check if it 118 * is supported; if not, return. 119 */ 120 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) && 121 !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)) 122 goto out_unsupported; 123 124 if (sta && !sta->uploaded) 125 goto out_unsupported; 126 127 sdata = key->sdata; 128 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { 129 /* 130 * The driver doesn't know anything about VLAN interfaces. 131 * Hence, don't send GTKs for VLAN interfaces to the driver. 132 */ 133 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) 134 goto out_unsupported; 135 } 136 137 ret = drv_set_key(key->local, SET_KEY, sdata, 138 sta ? &sta->sta : NULL, &key->conf); 139 140 if (!ret) { 141 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 142 143 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 144 sdata->crypto_tx_tailroom_needed_cnt--; 145 146 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && 147 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)); 148 149 return 0; 150 } 151 152 if (ret != -ENOSPC && ret != -EOPNOTSUPP) 153 sdata_err(sdata, 154 "failed to set key (%d, %pM) to hardware (%d)\n", 155 key->conf.keyidx, 156 sta ? sta->sta.addr : bcast_addr, ret); 157 158 out_unsupported: 159 switch (key->conf.cipher) { 160 case WLAN_CIPHER_SUITE_WEP40: 161 case WLAN_CIPHER_SUITE_WEP104: 162 case WLAN_CIPHER_SUITE_TKIP: 163 case WLAN_CIPHER_SUITE_CCMP: 164 case WLAN_CIPHER_SUITE_AES_CMAC: 165 /* all of these we can do in software */ 166 return 0; 167 default: 168 return -EINVAL; 169 } 170 } 171 172 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) 173 { 174 struct ieee80211_sub_if_data *sdata; 175 struct sta_info *sta; 176 int ret; 177 178 might_sleep(); 179 180 if (!key || !key->local->ops->set_key) 181 return; 182 183 assert_key_lock(key->local); 184 185 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 186 return; 187 188 sta = key->sta; 189 sdata = key->sdata; 190 191 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 192 increment_tailroom_need_count(sdata); 193 194 ret = drv_set_key(key->local, DISABLE_KEY, sdata, 195 sta ? &sta->sta : NULL, &key->conf); 196 197 if (ret) 198 sdata_err(sdata, 199 "failed to remove key (%d, %pM) from hardware (%d)\n", 200 key->conf.keyidx, 201 sta ? sta->sta.addr : bcast_addr, ret); 202 203 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 204 } 205 206 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 207 int idx, bool uni, bool multi) 208 { 209 struct ieee80211_key *key = NULL; 210 211 assert_key_lock(sdata->local); 212 213 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) 214 key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 215 216 if (uni) { 217 rcu_assign_pointer(sdata->default_unicast_key, key); 218 drv_set_default_unicast_key(sdata->local, sdata, idx); 219 } 220 221 if (multi) 222 rcu_assign_pointer(sdata->default_multicast_key, key); 223 224 ieee80211_debugfs_key_update_default(sdata); 225 } 226 227 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx, 228 bool uni, bool multi) 229 { 230 mutex_lock(&sdata->local->key_mtx); 231 __ieee80211_set_default_key(sdata, idx, uni, multi); 232 mutex_unlock(&sdata->local->key_mtx); 233 } 234 235 static void 236 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx) 237 { 238 struct ieee80211_key *key = NULL; 239 240 assert_key_lock(sdata->local); 241 242 if (idx >= NUM_DEFAULT_KEYS && 243 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 244 key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 245 246 rcu_assign_pointer(sdata->default_mgmt_key, key); 247 248 ieee80211_debugfs_key_update_default(sdata); 249 } 250 251 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 252 int idx) 253 { 254 mutex_lock(&sdata->local->key_mtx); 255 __ieee80211_set_default_mgmt_key(sdata, idx); 256 mutex_unlock(&sdata->local->key_mtx); 257 } 258 259 260 static void ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 261 struct sta_info *sta, 262 bool pairwise, 263 struct ieee80211_key *old, 264 struct ieee80211_key *new) 265 { 266 int idx; 267 bool defunikey, defmultikey, defmgmtkey; 268 269 /* caller must provide at least one old/new */ 270 if (WARN_ON(!new && !old)) 271 return; 272 273 if (new) 274 list_add_tail(&new->list, &sdata->key_list); 275 276 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); 277 278 if (old) 279 idx = old->conf.keyidx; 280 else 281 idx = new->conf.keyidx; 282 283 if (sta) { 284 if (pairwise) { 285 rcu_assign_pointer(sta->ptk[idx], new); 286 sta->ptk_idx = idx; 287 } else { 288 rcu_assign_pointer(sta->gtk[idx], new); 289 sta->gtk_idx = idx; 290 } 291 } else { 292 defunikey = old && 293 old == key_mtx_dereference(sdata->local, 294 sdata->default_unicast_key); 295 defmultikey = old && 296 old == key_mtx_dereference(sdata->local, 297 sdata->default_multicast_key); 298 defmgmtkey = old && 299 old == key_mtx_dereference(sdata->local, 300 sdata->default_mgmt_key); 301 302 if (defunikey && !new) 303 __ieee80211_set_default_key(sdata, -1, true, false); 304 if (defmultikey && !new) 305 __ieee80211_set_default_key(sdata, -1, false, true); 306 if (defmgmtkey && !new) 307 __ieee80211_set_default_mgmt_key(sdata, -1); 308 309 rcu_assign_pointer(sdata->keys[idx], new); 310 if (defunikey && new) 311 __ieee80211_set_default_key(sdata, new->conf.keyidx, 312 true, false); 313 if (defmultikey && new) 314 __ieee80211_set_default_key(sdata, new->conf.keyidx, 315 false, true); 316 if (defmgmtkey && new) 317 __ieee80211_set_default_mgmt_key(sdata, 318 new->conf.keyidx); 319 } 320 321 if (old) 322 list_del(&old->list); 323 } 324 325 struct ieee80211_key * 326 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, 327 const u8 *key_data, 328 size_t seq_len, const u8 *seq, 329 const struct ieee80211_cipher_scheme *cs) 330 { 331 struct ieee80211_key *key; 332 int i, j, err; 333 334 if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)) 335 return ERR_PTR(-EINVAL); 336 337 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); 338 if (!key) 339 return ERR_PTR(-ENOMEM); 340 341 /* 342 * Default to software encryption; we'll later upload the 343 * key to the hardware if possible. 344 */ 345 key->conf.flags = 0; 346 key->flags = 0; 347 348 key->conf.cipher = cipher; 349 key->conf.keyidx = idx; 350 key->conf.keylen = key_len; 351 switch (cipher) { 352 case WLAN_CIPHER_SUITE_WEP40: 353 case WLAN_CIPHER_SUITE_WEP104: 354 key->conf.iv_len = IEEE80211_WEP_IV_LEN; 355 key->conf.icv_len = IEEE80211_WEP_ICV_LEN; 356 break; 357 case WLAN_CIPHER_SUITE_TKIP: 358 key->conf.iv_len = IEEE80211_TKIP_IV_LEN; 359 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN; 360 if (seq) { 361 for (i = 0; i < IEEE80211_NUM_TIDS; i++) { 362 key->u.tkip.rx[i].iv32 = 363 get_unaligned_le32(&seq[2]); 364 key->u.tkip.rx[i].iv16 = 365 get_unaligned_le16(seq); 366 } 367 } 368 spin_lock_init(&key->u.tkip.txlock); 369 break; 370 case WLAN_CIPHER_SUITE_CCMP: 371 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN; 372 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN; 373 if (seq) { 374 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) 375 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++) 376 key->u.ccmp.rx_pn[i][j] = 377 seq[IEEE80211_CCMP_PN_LEN - j - 1]; 378 } 379 /* 380 * Initialize AES key state here as an optimization so that 381 * it does not need to be initialized for every packet. 382 */ 383 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data); 384 if (IS_ERR(key->u.ccmp.tfm)) { 385 err = PTR_ERR(key->u.ccmp.tfm); 386 kfree(key); 387 return ERR_PTR(err); 388 } 389 break; 390 case WLAN_CIPHER_SUITE_AES_CMAC: 391 key->conf.iv_len = 0; 392 key->conf.icv_len = sizeof(struct ieee80211_mmie); 393 if (seq) 394 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++) 395 key->u.aes_cmac.rx_pn[j] = 396 seq[IEEE80211_CMAC_PN_LEN - j - 1]; 397 /* 398 * Initialize AES key state here as an optimization so that 399 * it does not need to be initialized for every packet. 400 */ 401 key->u.aes_cmac.tfm = 402 ieee80211_aes_cmac_key_setup(key_data); 403 if (IS_ERR(key->u.aes_cmac.tfm)) { 404 err = PTR_ERR(key->u.aes_cmac.tfm); 405 kfree(key); 406 return ERR_PTR(err); 407 } 408 break; 409 default: 410 if (cs) { 411 size_t len = (seq_len > MAX_PN_LEN) ? 412 MAX_PN_LEN : seq_len; 413 414 key->conf.iv_len = cs->hdr_len; 415 key->conf.icv_len = cs->mic_len; 416 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) 417 for (j = 0; j < len; j++) 418 key->u.gen.rx_pn[i][j] = 419 seq[len - j - 1]; 420 } 421 } 422 memcpy(key->conf.key, key_data, key_len); 423 INIT_LIST_HEAD(&key->list); 424 425 return key; 426 } 427 428 static void ieee80211_key_free_common(struct ieee80211_key *key) 429 { 430 if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP) 431 ieee80211_aes_key_free(key->u.ccmp.tfm); 432 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC) 433 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); 434 kzfree(key); 435 } 436 437 static void __ieee80211_key_destroy(struct ieee80211_key *key, 438 bool delay_tailroom) 439 { 440 if (key->local) 441 ieee80211_key_disable_hw_accel(key); 442 443 if (key->local) { 444 struct ieee80211_sub_if_data *sdata = key->sdata; 445 446 ieee80211_debugfs_key_remove(key); 447 448 if (delay_tailroom) { 449 /* see ieee80211_delayed_tailroom_dec */ 450 sdata->crypto_tx_tailroom_pending_dec++; 451 schedule_delayed_work(&sdata->dec_tailroom_needed_wk, 452 HZ/2); 453 } else { 454 sdata->crypto_tx_tailroom_needed_cnt--; 455 } 456 } 457 458 ieee80211_key_free_common(key); 459 } 460 461 static void ieee80211_key_destroy(struct ieee80211_key *key, 462 bool delay_tailroom) 463 { 464 if (!key) 465 return; 466 467 /* 468 * Synchronize so the TX path can no longer be using 469 * this key before we free/remove it. 470 */ 471 synchronize_net(); 472 473 __ieee80211_key_destroy(key, delay_tailroom); 474 } 475 476 void ieee80211_key_free_unused(struct ieee80211_key *key) 477 { 478 WARN_ON(key->sdata || key->local); 479 ieee80211_key_free_common(key); 480 } 481 482 int ieee80211_key_link(struct ieee80211_key *key, 483 struct ieee80211_sub_if_data *sdata, 484 struct sta_info *sta) 485 { 486 struct ieee80211_local *local = sdata->local; 487 struct ieee80211_key *old_key; 488 int idx, ret; 489 bool pairwise; 490 491 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; 492 idx = key->conf.keyidx; 493 key->local = sdata->local; 494 key->sdata = sdata; 495 key->sta = sta; 496 497 mutex_lock(&sdata->local->key_mtx); 498 499 if (sta && pairwise) 500 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]); 501 else if (sta) 502 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]); 503 else 504 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 505 506 increment_tailroom_need_count(sdata); 507 508 ieee80211_key_replace(sdata, sta, pairwise, old_key, key); 509 ieee80211_key_destroy(old_key, true); 510 511 ieee80211_debugfs_key_add(key); 512 513 if (!local->wowlan) { 514 ret = ieee80211_key_enable_hw_accel(key); 515 if (ret) 516 ieee80211_key_free(key, true); 517 } else { 518 ret = 0; 519 } 520 521 mutex_unlock(&sdata->local->key_mtx); 522 523 return ret; 524 } 525 526 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom) 527 { 528 if (!key) 529 return; 530 531 /* 532 * Replace key with nothingness if it was ever used. 533 */ 534 if (key->sdata) 535 ieee80211_key_replace(key->sdata, key->sta, 536 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 537 key, NULL); 538 ieee80211_key_destroy(key, delay_tailroom); 539 } 540 541 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) 542 { 543 struct ieee80211_key *key; 544 545 ASSERT_RTNL(); 546 547 if (WARN_ON(!ieee80211_sdata_running(sdata))) 548 return; 549 550 mutex_lock(&sdata->local->key_mtx); 551 552 sdata->crypto_tx_tailroom_needed_cnt = 0; 553 554 list_for_each_entry(key, &sdata->key_list, list) { 555 increment_tailroom_need_count(sdata); 556 ieee80211_key_enable_hw_accel(key); 557 } 558 559 mutex_unlock(&sdata->local->key_mtx); 560 } 561 562 void ieee80211_iter_keys(struct ieee80211_hw *hw, 563 struct ieee80211_vif *vif, 564 void (*iter)(struct ieee80211_hw *hw, 565 struct ieee80211_vif *vif, 566 struct ieee80211_sta *sta, 567 struct ieee80211_key_conf *key, 568 void *data), 569 void *iter_data) 570 { 571 struct ieee80211_local *local = hw_to_local(hw); 572 struct ieee80211_key *key, *tmp; 573 struct ieee80211_sub_if_data *sdata; 574 575 ASSERT_RTNL(); 576 577 mutex_lock(&local->key_mtx); 578 if (vif) { 579 sdata = vif_to_sdata(vif); 580 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) 581 iter(hw, &sdata->vif, 582 key->sta ? &key->sta->sta : NULL, 583 &key->conf, iter_data); 584 } else { 585 list_for_each_entry(sdata, &local->interfaces, list) 586 list_for_each_entry_safe(key, tmp, 587 &sdata->key_list, list) 588 iter(hw, &sdata->vif, 589 key->sta ? &key->sta->sta : NULL, 590 &key->conf, iter_data); 591 } 592 mutex_unlock(&local->key_mtx); 593 } 594 EXPORT_SYMBOL(ieee80211_iter_keys); 595 596 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata, 597 struct list_head *keys) 598 { 599 struct ieee80211_key *key, *tmp; 600 601 sdata->crypto_tx_tailroom_needed_cnt -= 602 sdata->crypto_tx_tailroom_pending_dec; 603 sdata->crypto_tx_tailroom_pending_dec = 0; 604 605 ieee80211_debugfs_key_remove_mgmt_default(sdata); 606 607 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) { 608 ieee80211_key_replace(key->sdata, key->sta, 609 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 610 key, NULL); 611 list_add_tail(&key->list, keys); 612 } 613 614 ieee80211_debugfs_key_update_default(sdata); 615 } 616 617 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata, 618 bool force_synchronize) 619 { 620 struct ieee80211_local *local = sdata->local; 621 struct ieee80211_sub_if_data *vlan; 622 struct ieee80211_key *key, *tmp; 623 LIST_HEAD(keys); 624 625 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk); 626 627 mutex_lock(&local->key_mtx); 628 629 ieee80211_free_keys_iface(sdata, &keys); 630 631 if (sdata->vif.type == NL80211_IFTYPE_AP) { 632 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 633 ieee80211_free_keys_iface(vlan, &keys); 634 } 635 636 if (!list_empty(&keys) || force_synchronize) 637 synchronize_net(); 638 list_for_each_entry_safe(key, tmp, &keys, list) 639 __ieee80211_key_destroy(key, false); 640 641 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt || 642 sdata->crypto_tx_tailroom_pending_dec); 643 if (sdata->vif.type == NL80211_IFTYPE_AP) { 644 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 645 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt || 646 vlan->crypto_tx_tailroom_pending_dec); 647 } 648 649 mutex_unlock(&local->key_mtx); 650 } 651 652 void ieee80211_free_sta_keys(struct ieee80211_local *local, 653 struct sta_info *sta) 654 { 655 struct ieee80211_key *key; 656 int i; 657 658 mutex_lock(&local->key_mtx); 659 for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) { 660 key = key_mtx_dereference(local, sta->gtk[i]); 661 if (!key) 662 continue; 663 ieee80211_key_replace(key->sdata, key->sta, 664 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 665 key, NULL); 666 __ieee80211_key_destroy(key, true); 667 } 668 669 for (i = 0; i < NUM_DEFAULT_KEYS; i++) { 670 key = key_mtx_dereference(local, sta->ptk[i]); 671 if (!key) 672 continue; 673 ieee80211_key_replace(key->sdata, key->sta, 674 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 675 key, NULL); 676 __ieee80211_key_destroy(key, true); 677 } 678 679 mutex_unlock(&local->key_mtx); 680 } 681 682 void ieee80211_delayed_tailroom_dec(struct work_struct *wk) 683 { 684 struct ieee80211_sub_if_data *sdata; 685 686 sdata = container_of(wk, struct ieee80211_sub_if_data, 687 dec_tailroom_needed_wk.work); 688 689 /* 690 * The reason for the delayed tailroom needed decrementing is to 691 * make roaming faster: during roaming, all keys are first deleted 692 * and then new keys are installed. The first new key causes the 693 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes 694 * the cost of synchronize_net() (which can be slow). Avoid this 695 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on 696 * key removal for a while, so if we roam the value is larger than 697 * zero and no 0->1 transition happens. 698 * 699 * The cost is that if the AP switching was from an AP with keys 700 * to one without, we still allocate tailroom while it would no 701 * longer be needed. However, in the typical (fast) roaming case 702 * within an ESS this usually won't happen. 703 */ 704 705 mutex_lock(&sdata->local->key_mtx); 706 sdata->crypto_tx_tailroom_needed_cnt -= 707 sdata->crypto_tx_tailroom_pending_dec; 708 sdata->crypto_tx_tailroom_pending_dec = 0; 709 mutex_unlock(&sdata->local->key_mtx); 710 } 711 712 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid, 713 const u8 *replay_ctr, gfp_t gfp) 714 { 715 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 716 717 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr); 718 719 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp); 720 } 721 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify); 722 723 void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf, 724 struct ieee80211_key_seq *seq) 725 { 726 struct ieee80211_key *key; 727 u64 pn64; 728 729 if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV))) 730 return; 731 732 key = container_of(keyconf, struct ieee80211_key, conf); 733 734 switch (key->conf.cipher) { 735 case WLAN_CIPHER_SUITE_TKIP: 736 seq->tkip.iv32 = key->u.tkip.tx.iv32; 737 seq->tkip.iv16 = key->u.tkip.tx.iv16; 738 break; 739 case WLAN_CIPHER_SUITE_CCMP: 740 pn64 = atomic64_read(&key->u.ccmp.tx_pn); 741 seq->ccmp.pn[5] = pn64; 742 seq->ccmp.pn[4] = pn64 >> 8; 743 seq->ccmp.pn[3] = pn64 >> 16; 744 seq->ccmp.pn[2] = pn64 >> 24; 745 seq->ccmp.pn[1] = pn64 >> 32; 746 seq->ccmp.pn[0] = pn64 >> 40; 747 break; 748 case WLAN_CIPHER_SUITE_AES_CMAC: 749 pn64 = atomic64_read(&key->u.aes_cmac.tx_pn); 750 seq->ccmp.pn[5] = pn64; 751 seq->ccmp.pn[4] = pn64 >> 8; 752 seq->ccmp.pn[3] = pn64 >> 16; 753 seq->ccmp.pn[2] = pn64 >> 24; 754 seq->ccmp.pn[1] = pn64 >> 32; 755 seq->ccmp.pn[0] = pn64 >> 40; 756 break; 757 default: 758 WARN_ON(1); 759 } 760 } 761 EXPORT_SYMBOL(ieee80211_get_key_tx_seq); 762 763 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf, 764 int tid, struct ieee80211_key_seq *seq) 765 { 766 struct ieee80211_key *key; 767 const u8 *pn; 768 769 key = container_of(keyconf, struct ieee80211_key, conf); 770 771 switch (key->conf.cipher) { 772 case WLAN_CIPHER_SUITE_TKIP: 773 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) 774 return; 775 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32; 776 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16; 777 break; 778 case WLAN_CIPHER_SUITE_CCMP: 779 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) 780 return; 781 if (tid < 0) 782 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; 783 else 784 pn = key->u.ccmp.rx_pn[tid]; 785 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN); 786 break; 787 case WLAN_CIPHER_SUITE_AES_CMAC: 788 if (WARN_ON(tid != 0)) 789 return; 790 pn = key->u.aes_cmac.rx_pn; 791 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN); 792 break; 793 } 794 } 795 EXPORT_SYMBOL(ieee80211_get_key_rx_seq); 796 797 void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf, 798 struct ieee80211_key_seq *seq) 799 { 800 struct ieee80211_key *key; 801 u64 pn64; 802 803 key = container_of(keyconf, struct ieee80211_key, conf); 804 805 switch (key->conf.cipher) { 806 case WLAN_CIPHER_SUITE_TKIP: 807 key->u.tkip.tx.iv32 = seq->tkip.iv32; 808 key->u.tkip.tx.iv16 = seq->tkip.iv16; 809 break; 810 case WLAN_CIPHER_SUITE_CCMP: 811 pn64 = (u64)seq->ccmp.pn[5] | 812 ((u64)seq->ccmp.pn[4] << 8) | 813 ((u64)seq->ccmp.pn[3] << 16) | 814 ((u64)seq->ccmp.pn[2] << 24) | 815 ((u64)seq->ccmp.pn[1] << 32) | 816 ((u64)seq->ccmp.pn[0] << 40); 817 atomic64_set(&key->u.ccmp.tx_pn, pn64); 818 break; 819 case WLAN_CIPHER_SUITE_AES_CMAC: 820 pn64 = (u64)seq->aes_cmac.pn[5] | 821 ((u64)seq->aes_cmac.pn[4] << 8) | 822 ((u64)seq->aes_cmac.pn[3] << 16) | 823 ((u64)seq->aes_cmac.pn[2] << 24) | 824 ((u64)seq->aes_cmac.pn[1] << 32) | 825 ((u64)seq->aes_cmac.pn[0] << 40); 826 atomic64_set(&key->u.aes_cmac.tx_pn, pn64); 827 break; 828 default: 829 WARN_ON(1); 830 break; 831 } 832 } 833 EXPORT_SYMBOL_GPL(ieee80211_set_key_tx_seq); 834 835 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf, 836 int tid, struct ieee80211_key_seq *seq) 837 { 838 struct ieee80211_key *key; 839 u8 *pn; 840 841 key = container_of(keyconf, struct ieee80211_key, conf); 842 843 switch (key->conf.cipher) { 844 case WLAN_CIPHER_SUITE_TKIP: 845 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) 846 return; 847 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32; 848 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16; 849 break; 850 case WLAN_CIPHER_SUITE_CCMP: 851 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) 852 return; 853 if (tid < 0) 854 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; 855 else 856 pn = key->u.ccmp.rx_pn[tid]; 857 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN); 858 break; 859 case WLAN_CIPHER_SUITE_AES_CMAC: 860 if (WARN_ON(tid != 0)) 861 return; 862 pn = key->u.aes_cmac.rx_pn; 863 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN); 864 break; 865 default: 866 WARN_ON(1); 867 break; 868 } 869 } 870 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq); 871 872 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf) 873 { 874 struct ieee80211_key *key; 875 876 key = container_of(keyconf, struct ieee80211_key, conf); 877 878 assert_key_lock(key->local); 879 880 /* 881 * if key was uploaded, we assume the driver will/has remove(d) 882 * it, so adjust bookkeeping accordingly 883 */ 884 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 885 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 886 887 if (!(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) 888 increment_tailroom_need_count(key->sdata); 889 } 890 891 ieee80211_key_free(key, false); 892 } 893 EXPORT_SYMBOL_GPL(ieee80211_remove_key); 894 895 struct ieee80211_key_conf * 896 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif, 897 struct ieee80211_key_conf *keyconf) 898 { 899 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 900 struct ieee80211_local *local = sdata->local; 901 struct ieee80211_key *key; 902 int err; 903 904 if (WARN_ON(!local->wowlan)) 905 return ERR_PTR(-EINVAL); 906 907 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION)) 908 return ERR_PTR(-EINVAL); 909 910 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx, 911 keyconf->keylen, keyconf->key, 912 0, NULL, NULL); 913 if (IS_ERR(key)) 914 return ERR_CAST(key); 915 916 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED) 917 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT; 918 919 err = ieee80211_key_link(key, sdata, NULL); 920 if (err) 921 return ERR_PTR(err); 922 923 return &key->conf; 924 } 925 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add); 926