1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright 2002-2005, Instant802 Networks, Inc. 4 * Copyright 2005-2006, Devicescape Software, Inc. 5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 7 * Copyright 2013-2014 Intel Mobile Communications GmbH 8 * Copyright 2015-2017 Intel Deutschland GmbH 9 */ 10 11 #include <linux/if_ether.h> 12 #include <linux/etherdevice.h> 13 #include <linux/list.h> 14 #include <linux/rcupdate.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/slab.h> 17 #include <linux/export.h> 18 #include <net/mac80211.h> 19 #include <crypto/algapi.h> 20 #include <asm/unaligned.h> 21 #include "ieee80211_i.h" 22 #include "driver-ops.h" 23 #include "debugfs_key.h" 24 #include "aes_ccm.h" 25 #include "aes_cmac.h" 26 #include "aes_gmac.h" 27 #include "aes_gcm.h" 28 29 30 /** 31 * DOC: Key handling basics 32 * 33 * Key handling in mac80211 is done based on per-interface (sub_if_data) 34 * keys and per-station keys. Since each station belongs to an interface, 35 * each station key also belongs to that interface. 36 * 37 * Hardware acceleration is done on a best-effort basis for algorithms 38 * that are implemented in software, for each key the hardware is asked 39 * to enable that key for offloading but if it cannot do that the key is 40 * simply kept for software encryption (unless it is for an algorithm 41 * that isn't implemented in software). 42 * There is currently no way of knowing whether a key is handled in SW 43 * or HW except by looking into debugfs. 44 * 45 * All key management is internally protected by a mutex. Within all 46 * other parts of mac80211, key references are, just as STA structure 47 * references, protected by RCU. Note, however, that some things are 48 * unprotected, namely the key->sta dereferences within the hardware 49 * acceleration functions. This means that sta_info_destroy() must 50 * remove the key which waits for an RCU grace period. 51 */ 52 53 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 54 55 static void assert_key_lock(struct ieee80211_local *local) 56 { 57 lockdep_assert_held(&local->key_mtx); 58 } 59 60 static void 61 update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta) 62 { 63 struct ieee80211_sub_if_data *vlan; 64 65 if (sdata->vif.type != NL80211_IFTYPE_AP) 66 return; 67 68 /* crypto_tx_tailroom_needed_cnt is protected by this */ 69 assert_key_lock(sdata->local); 70 71 rcu_read_lock(); 72 73 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list) 74 vlan->crypto_tx_tailroom_needed_cnt += delta; 75 76 rcu_read_unlock(); 77 } 78 79 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata) 80 { 81 /* 82 * When this count is zero, SKB resizing for allocating tailroom 83 * for IV or MMIC is skipped. But, this check has created two race 84 * cases in xmit path while transiting from zero count to one: 85 * 86 * 1. SKB resize was skipped because no key was added but just before 87 * the xmit key is added and SW encryption kicks off. 88 * 89 * 2. SKB resize was skipped because all the keys were hw planted but 90 * just before xmit one of the key is deleted and SW encryption kicks 91 * off. 92 * 93 * In both the above case SW encryption will find not enough space for 94 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c) 95 * 96 * Solution has been explained at 97 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net 98 */ 99 100 assert_key_lock(sdata->local); 101 102 update_vlan_tailroom_need_count(sdata, 1); 103 104 if (!sdata->crypto_tx_tailroom_needed_cnt++) { 105 /* 106 * Flush all XMIT packets currently using HW encryption or no 107 * encryption at all if the count transition is from 0 -> 1. 108 */ 109 synchronize_net(); 110 } 111 } 112 113 static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata, 114 int delta) 115 { 116 assert_key_lock(sdata->local); 117 118 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta); 119 120 update_vlan_tailroom_need_count(sdata, -delta); 121 sdata->crypto_tx_tailroom_needed_cnt -= delta; 122 } 123 124 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) 125 { 126 struct ieee80211_sub_if_data *sdata = key->sdata; 127 struct sta_info *sta; 128 int ret = -EOPNOTSUPP; 129 130 might_sleep(); 131 132 if (key->flags & KEY_FLAG_TAINTED) { 133 /* If we get here, it's during resume and the key is 134 * tainted so shouldn't be used/programmed any more. 135 * However, its flags may still indicate that it was 136 * programmed into the device (since we're in resume) 137 * so clear that flag now to avoid trying to remove 138 * it again later. 139 */ 140 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE && 141 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | 142 IEEE80211_KEY_FLAG_PUT_MIC_SPACE | 143 IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) 144 increment_tailroom_need_count(sdata); 145 146 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 147 return -EINVAL; 148 } 149 150 if (!key->local->ops->set_key) 151 goto out_unsupported; 152 153 assert_key_lock(key->local); 154 155 sta = key->sta; 156 157 /* 158 * If this is a per-STA GTK, check if it 159 * is supported; if not, return. 160 */ 161 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) && 162 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK)) 163 goto out_unsupported; 164 165 if (sta && !sta->uploaded) 166 goto out_unsupported; 167 168 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { 169 /* 170 * The driver doesn't know anything about VLAN interfaces. 171 * Hence, don't send GTKs for VLAN interfaces to the driver. 172 */ 173 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) { 174 ret = 1; 175 goto out_unsupported; 176 } 177 } 178 179 ret = drv_set_key(key->local, SET_KEY, sdata, 180 sta ? &sta->sta : NULL, &key->conf); 181 182 if (!ret) { 183 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 184 185 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | 186 IEEE80211_KEY_FLAG_PUT_MIC_SPACE | 187 IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) 188 decrease_tailroom_need_count(sdata, 1); 189 190 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && 191 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)); 192 193 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) && 194 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)); 195 196 return 0; 197 } 198 199 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1) 200 sdata_err(sdata, 201 "failed to set key (%d, %pM) to hardware (%d)\n", 202 key->conf.keyidx, 203 sta ? sta->sta.addr : bcast_addr, ret); 204 205 out_unsupported: 206 switch (key->conf.cipher) { 207 case WLAN_CIPHER_SUITE_WEP40: 208 case WLAN_CIPHER_SUITE_WEP104: 209 case WLAN_CIPHER_SUITE_TKIP: 210 case WLAN_CIPHER_SUITE_CCMP: 211 case WLAN_CIPHER_SUITE_CCMP_256: 212 case WLAN_CIPHER_SUITE_AES_CMAC: 213 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 214 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 215 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 216 case WLAN_CIPHER_SUITE_GCMP: 217 case WLAN_CIPHER_SUITE_GCMP_256: 218 /* all of these we can do in software - if driver can */ 219 if (ret == 1) 220 return 0; 221 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL)) 222 return -EINVAL; 223 return 0; 224 default: 225 return -EINVAL; 226 } 227 } 228 229 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) 230 { 231 struct ieee80211_sub_if_data *sdata; 232 struct sta_info *sta; 233 int ret; 234 235 might_sleep(); 236 237 if (!key || !key->local->ops->set_key) 238 return; 239 240 assert_key_lock(key->local); 241 242 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 243 return; 244 245 sta = key->sta; 246 sdata = key->sdata; 247 248 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | 249 IEEE80211_KEY_FLAG_PUT_MIC_SPACE | 250 IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) 251 increment_tailroom_need_count(sdata); 252 253 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 254 ret = drv_set_key(key->local, DISABLE_KEY, sdata, 255 sta ? &sta->sta : NULL, &key->conf); 256 257 if (ret) 258 sdata_err(sdata, 259 "failed to remove key (%d, %pM) from hardware (%d)\n", 260 key->conf.keyidx, 261 sta ? sta->sta.addr : bcast_addr, ret); 262 } 263 264 int ieee80211_set_tx_key(struct ieee80211_key *key) 265 { 266 struct sta_info *sta = key->sta; 267 struct ieee80211_local *local = key->local; 268 269 assert_key_lock(local); 270 271 sta->ptk_idx = key->conf.keyidx; 272 273 if (ieee80211_hw_check(&local->hw, NO_AMPDU_KEYBORDER_SUPPORT)) 274 clear_sta_flag(sta, WLAN_STA_BLOCK_BA); 275 ieee80211_check_fast_xmit(sta); 276 277 return 0; 278 } 279 280 static void ieee80211_pairwise_rekey(struct ieee80211_key *old, 281 struct ieee80211_key *new) 282 { 283 struct ieee80211_local *local = new->local; 284 struct sta_info *sta = new->sta; 285 int i; 286 287 assert_key_lock(local); 288 289 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) { 290 /* Extended Key ID key install, initial one or rekey */ 291 292 if (sta->ptk_idx != INVALID_PTK_KEYIDX && 293 ieee80211_hw_check(&local->hw, 294 NO_AMPDU_KEYBORDER_SUPPORT)) { 295 /* Aggregation Sessions with Extended Key ID must not 296 * mix MPDUs with different keyIDs within one A-MPDU. 297 * Tear down any running Tx aggregation and all new 298 * Rx/Tx aggregation request during rekey if the driver 299 * asks us to do so. (Blocking Tx only would be 300 * sufficient but WLAN_STA_BLOCK_BA gets the job done 301 * for the few ms we need it.) 302 */ 303 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 304 mutex_lock(&sta->ampdu_mlme.mtx); 305 for (i = 0; i < IEEE80211_NUM_TIDS; i++) 306 ___ieee80211_stop_tx_ba_session(sta, i, 307 AGG_STOP_LOCAL_REQUEST); 308 mutex_unlock(&sta->ampdu_mlme.mtx); 309 } 310 } else if (old) { 311 /* Rekey without Extended Key ID. 312 * Aggregation sessions are OK when running on SW crypto. 313 * A broken remote STA may cause issues not observed with HW 314 * crypto, though. 315 */ 316 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 317 return; 318 319 /* Stop Tx till we are on the new key */ 320 old->flags |= KEY_FLAG_TAINTED; 321 ieee80211_clear_fast_xmit(sta); 322 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) { 323 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 324 ieee80211_sta_tear_down_BA_sessions(sta, 325 AGG_STOP_LOCAL_REQUEST); 326 } 327 if (!wiphy_ext_feature_isset(local->hw.wiphy, 328 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) { 329 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.", 330 sta->sta.addr); 331 /* Flushing the driver queues *may* help prevent 332 * the clear text leaks and freezes. 333 */ 334 ieee80211_flush_queues(local, old->sdata, false); 335 } 336 } 337 } 338 339 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 340 int idx, bool uni, bool multi) 341 { 342 struct ieee80211_key *key = NULL; 343 344 assert_key_lock(sdata->local); 345 346 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) 347 key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 348 349 if (uni) { 350 rcu_assign_pointer(sdata->default_unicast_key, key); 351 ieee80211_check_fast_xmit_iface(sdata); 352 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN) 353 drv_set_default_unicast_key(sdata->local, sdata, idx); 354 } 355 356 if (multi) 357 rcu_assign_pointer(sdata->default_multicast_key, key); 358 359 ieee80211_debugfs_key_update_default(sdata); 360 } 361 362 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx, 363 bool uni, bool multi) 364 { 365 mutex_lock(&sdata->local->key_mtx); 366 __ieee80211_set_default_key(sdata, idx, uni, multi); 367 mutex_unlock(&sdata->local->key_mtx); 368 } 369 370 static void 371 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx) 372 { 373 struct ieee80211_key *key = NULL; 374 375 assert_key_lock(sdata->local); 376 377 if (idx >= NUM_DEFAULT_KEYS && 378 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 379 key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 380 381 rcu_assign_pointer(sdata->default_mgmt_key, key); 382 383 ieee80211_debugfs_key_update_default(sdata); 384 } 385 386 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 387 int idx) 388 { 389 mutex_lock(&sdata->local->key_mtx); 390 __ieee80211_set_default_mgmt_key(sdata, idx); 391 mutex_unlock(&sdata->local->key_mtx); 392 } 393 394 static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 395 struct sta_info *sta, 396 bool pairwise, 397 struct ieee80211_key *old, 398 struct ieee80211_key *new) 399 { 400 int idx; 401 int ret = 0; 402 bool defunikey, defmultikey, defmgmtkey; 403 404 /* caller must provide at least one old/new */ 405 if (WARN_ON(!new && !old)) 406 return 0; 407 408 if (new) 409 list_add_tail_rcu(&new->list, &sdata->key_list); 410 411 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); 412 413 if (new && sta && pairwise) { 414 /* Unicast rekey needs special handling. With Extended Key ID 415 * old is still NULL for the first rekey. 416 */ 417 ieee80211_pairwise_rekey(old, new); 418 } 419 420 if (old) { 421 idx = old->conf.keyidx; 422 423 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 424 ieee80211_key_disable_hw_accel(old); 425 426 if (new) 427 ret = ieee80211_key_enable_hw_accel(new); 428 } 429 } else { 430 /* new must be provided in case old is not */ 431 idx = new->conf.keyidx; 432 if (!new->local->wowlan) 433 ret = ieee80211_key_enable_hw_accel(new); 434 } 435 436 if (ret) 437 return ret; 438 439 if (sta) { 440 if (pairwise) { 441 rcu_assign_pointer(sta->ptk[idx], new); 442 if (new && 443 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)) { 444 sta->ptk_idx = idx; 445 clear_sta_flag(sta, WLAN_STA_BLOCK_BA); 446 ieee80211_check_fast_xmit(sta); 447 } 448 } else { 449 rcu_assign_pointer(sta->gtk[idx], new); 450 } 451 /* Only needed for transition from no key -> key. 452 * Still triggers unnecessary when using Extended Key ID 453 * and installing the second key ID the first time. 454 */ 455 if (new && !old) 456 ieee80211_check_fast_rx(sta); 457 } else { 458 defunikey = old && 459 old == key_mtx_dereference(sdata->local, 460 sdata->default_unicast_key); 461 defmultikey = old && 462 old == key_mtx_dereference(sdata->local, 463 sdata->default_multicast_key); 464 defmgmtkey = old && 465 old == key_mtx_dereference(sdata->local, 466 sdata->default_mgmt_key); 467 468 if (defunikey && !new) 469 __ieee80211_set_default_key(sdata, -1, true, false); 470 if (defmultikey && !new) 471 __ieee80211_set_default_key(sdata, -1, false, true); 472 if (defmgmtkey && !new) 473 __ieee80211_set_default_mgmt_key(sdata, -1); 474 475 rcu_assign_pointer(sdata->keys[idx], new); 476 if (defunikey && new) 477 __ieee80211_set_default_key(sdata, new->conf.keyidx, 478 true, false); 479 if (defmultikey && new) 480 __ieee80211_set_default_key(sdata, new->conf.keyidx, 481 false, true); 482 if (defmgmtkey && new) 483 __ieee80211_set_default_mgmt_key(sdata, 484 new->conf.keyidx); 485 } 486 487 if (old) 488 list_del_rcu(&old->list); 489 490 return 0; 491 } 492 493 struct ieee80211_key * 494 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, 495 const u8 *key_data, 496 size_t seq_len, const u8 *seq, 497 const struct ieee80211_cipher_scheme *cs) 498 { 499 struct ieee80211_key *key; 500 int i, j, err; 501 502 if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)) 503 return ERR_PTR(-EINVAL); 504 505 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); 506 if (!key) 507 return ERR_PTR(-ENOMEM); 508 509 /* 510 * Default to software encryption; we'll later upload the 511 * key to the hardware if possible. 512 */ 513 key->conf.flags = 0; 514 key->flags = 0; 515 516 key->conf.cipher = cipher; 517 key->conf.keyidx = idx; 518 key->conf.keylen = key_len; 519 switch (cipher) { 520 case WLAN_CIPHER_SUITE_WEP40: 521 case WLAN_CIPHER_SUITE_WEP104: 522 key->conf.iv_len = IEEE80211_WEP_IV_LEN; 523 key->conf.icv_len = IEEE80211_WEP_ICV_LEN; 524 break; 525 case WLAN_CIPHER_SUITE_TKIP: 526 key->conf.iv_len = IEEE80211_TKIP_IV_LEN; 527 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN; 528 if (seq) { 529 for (i = 0; i < IEEE80211_NUM_TIDS; i++) { 530 key->u.tkip.rx[i].iv32 = 531 get_unaligned_le32(&seq[2]); 532 key->u.tkip.rx[i].iv16 = 533 get_unaligned_le16(seq); 534 } 535 } 536 spin_lock_init(&key->u.tkip.txlock); 537 break; 538 case WLAN_CIPHER_SUITE_CCMP: 539 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN; 540 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN; 541 if (seq) { 542 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) 543 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++) 544 key->u.ccmp.rx_pn[i][j] = 545 seq[IEEE80211_CCMP_PN_LEN - j - 1]; 546 } 547 /* 548 * Initialize AES key state here as an optimization so that 549 * it does not need to be initialized for every packet. 550 */ 551 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt( 552 key_data, key_len, IEEE80211_CCMP_MIC_LEN); 553 if (IS_ERR(key->u.ccmp.tfm)) { 554 err = PTR_ERR(key->u.ccmp.tfm); 555 kfree(key); 556 return ERR_PTR(err); 557 } 558 break; 559 case WLAN_CIPHER_SUITE_CCMP_256: 560 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN; 561 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN; 562 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++) 563 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++) 564 key->u.ccmp.rx_pn[i][j] = 565 seq[IEEE80211_CCMP_256_PN_LEN - j - 1]; 566 /* Initialize AES key state here as an optimization so that 567 * it does not need to be initialized for every packet. 568 */ 569 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt( 570 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN); 571 if (IS_ERR(key->u.ccmp.tfm)) { 572 err = PTR_ERR(key->u.ccmp.tfm); 573 kfree(key); 574 return ERR_PTR(err); 575 } 576 break; 577 case WLAN_CIPHER_SUITE_AES_CMAC: 578 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 579 key->conf.iv_len = 0; 580 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC) 581 key->conf.icv_len = sizeof(struct ieee80211_mmie); 582 else 583 key->conf.icv_len = sizeof(struct ieee80211_mmie_16); 584 if (seq) 585 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++) 586 key->u.aes_cmac.rx_pn[j] = 587 seq[IEEE80211_CMAC_PN_LEN - j - 1]; 588 /* 589 * Initialize AES key state here as an optimization so that 590 * it does not need to be initialized for every packet. 591 */ 592 key->u.aes_cmac.tfm = 593 ieee80211_aes_cmac_key_setup(key_data, key_len); 594 if (IS_ERR(key->u.aes_cmac.tfm)) { 595 err = PTR_ERR(key->u.aes_cmac.tfm); 596 kfree(key); 597 return ERR_PTR(err); 598 } 599 break; 600 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 601 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 602 key->conf.iv_len = 0; 603 key->conf.icv_len = sizeof(struct ieee80211_mmie_16); 604 if (seq) 605 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++) 606 key->u.aes_gmac.rx_pn[j] = 607 seq[IEEE80211_GMAC_PN_LEN - j - 1]; 608 /* Initialize AES key state here as an optimization so that 609 * it does not need to be initialized for every packet. 610 */ 611 key->u.aes_gmac.tfm = 612 ieee80211_aes_gmac_key_setup(key_data, key_len); 613 if (IS_ERR(key->u.aes_gmac.tfm)) { 614 err = PTR_ERR(key->u.aes_gmac.tfm); 615 kfree(key); 616 return ERR_PTR(err); 617 } 618 break; 619 case WLAN_CIPHER_SUITE_GCMP: 620 case WLAN_CIPHER_SUITE_GCMP_256: 621 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN; 622 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN; 623 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++) 624 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++) 625 key->u.gcmp.rx_pn[i][j] = 626 seq[IEEE80211_GCMP_PN_LEN - j - 1]; 627 /* Initialize AES key state here as an optimization so that 628 * it does not need to be initialized for every packet. 629 */ 630 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data, 631 key_len); 632 if (IS_ERR(key->u.gcmp.tfm)) { 633 err = PTR_ERR(key->u.gcmp.tfm); 634 kfree(key); 635 return ERR_PTR(err); 636 } 637 break; 638 default: 639 if (cs) { 640 if (seq_len && seq_len != cs->pn_len) { 641 kfree(key); 642 return ERR_PTR(-EINVAL); 643 } 644 645 key->conf.iv_len = cs->hdr_len; 646 key->conf.icv_len = cs->mic_len; 647 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) 648 for (j = 0; j < seq_len; j++) 649 key->u.gen.rx_pn[i][j] = 650 seq[seq_len - j - 1]; 651 key->flags |= KEY_FLAG_CIPHER_SCHEME; 652 } 653 } 654 memcpy(key->conf.key, key_data, key_len); 655 INIT_LIST_HEAD(&key->list); 656 657 return key; 658 } 659 660 static void ieee80211_key_free_common(struct ieee80211_key *key) 661 { 662 switch (key->conf.cipher) { 663 case WLAN_CIPHER_SUITE_CCMP: 664 case WLAN_CIPHER_SUITE_CCMP_256: 665 ieee80211_aes_key_free(key->u.ccmp.tfm); 666 break; 667 case WLAN_CIPHER_SUITE_AES_CMAC: 668 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 669 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); 670 break; 671 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 672 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 673 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm); 674 break; 675 case WLAN_CIPHER_SUITE_GCMP: 676 case WLAN_CIPHER_SUITE_GCMP_256: 677 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm); 678 break; 679 } 680 kzfree(key); 681 } 682 683 static void __ieee80211_key_destroy(struct ieee80211_key *key, 684 bool delay_tailroom) 685 { 686 if (key->local) { 687 struct ieee80211_sub_if_data *sdata = key->sdata; 688 689 ieee80211_debugfs_key_remove(key); 690 691 if (delay_tailroom) { 692 /* see ieee80211_delayed_tailroom_dec */ 693 sdata->crypto_tx_tailroom_pending_dec++; 694 schedule_delayed_work(&sdata->dec_tailroom_needed_wk, 695 HZ/2); 696 } else { 697 decrease_tailroom_need_count(sdata, 1); 698 } 699 } 700 701 ieee80211_key_free_common(key); 702 } 703 704 static void ieee80211_key_destroy(struct ieee80211_key *key, 705 bool delay_tailroom) 706 { 707 if (!key) 708 return; 709 710 /* 711 * Synchronize so the TX path and rcu key iterators 712 * can no longer be using this key before we free/remove it. 713 */ 714 synchronize_net(); 715 716 __ieee80211_key_destroy(key, delay_tailroom); 717 } 718 719 void ieee80211_key_free_unused(struct ieee80211_key *key) 720 { 721 WARN_ON(key->sdata || key->local); 722 ieee80211_key_free_common(key); 723 } 724 725 static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata, 726 struct ieee80211_key *old, 727 struct ieee80211_key *new) 728 { 729 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP]; 730 u8 *tk_old, *tk_new; 731 732 if (!old || new->conf.keylen != old->conf.keylen) 733 return false; 734 735 tk_old = old->conf.key; 736 tk_new = new->conf.key; 737 738 /* 739 * In station mode, don't compare the TX MIC key, as it's never used 740 * and offloaded rekeying may not care to send it to the host. This 741 * is the case in iwlwifi, for example. 742 */ 743 if (sdata->vif.type == NL80211_IFTYPE_STATION && 744 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP && 745 new->conf.keylen == WLAN_KEY_LEN_TKIP && 746 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) { 747 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP); 748 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP); 749 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8); 750 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8); 751 tk_old = tkip_old; 752 tk_new = tkip_new; 753 } 754 755 return !crypto_memneq(tk_old, tk_new, new->conf.keylen); 756 } 757 758 int ieee80211_key_link(struct ieee80211_key *key, 759 struct ieee80211_sub_if_data *sdata, 760 struct sta_info *sta) 761 { 762 struct ieee80211_key *old_key; 763 int idx = key->conf.keyidx; 764 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; 765 /* 766 * We want to delay tailroom updates only for station - in that 767 * case it helps roaming speed, but in other cases it hurts and 768 * can cause warnings to appear. 769 */ 770 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION; 771 int ret = -EOPNOTSUPP; 772 773 mutex_lock(&sdata->local->key_mtx); 774 775 if (sta && pairwise) { 776 struct ieee80211_key *alt_key; 777 778 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]); 779 alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]); 780 781 /* The rekey code assumes that the old and new key are using 782 * the same cipher. Enforce the assumption for pairwise keys. 783 */ 784 if (key && 785 ((alt_key && alt_key->conf.cipher != key->conf.cipher) || 786 (old_key && old_key->conf.cipher != key->conf.cipher))) 787 goto out; 788 } else if (sta) { 789 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]); 790 } else { 791 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 792 } 793 794 /* Non-pairwise keys must also not switch the cipher on rekey */ 795 if (!pairwise) { 796 if (key && old_key && old_key->conf.cipher != key->conf.cipher) 797 goto out; 798 } 799 800 /* 801 * Silently accept key re-installation without really installing the 802 * new version of the key to avoid nonce reuse or replay issues. 803 */ 804 if (ieee80211_key_identical(sdata, old_key, key)) { 805 ieee80211_key_free_unused(key); 806 ret = 0; 807 goto out; 808 } 809 810 key->local = sdata->local; 811 key->sdata = sdata; 812 key->sta = sta; 813 814 increment_tailroom_need_count(sdata); 815 816 ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key); 817 818 if (!ret) { 819 ieee80211_debugfs_key_add(key); 820 ieee80211_key_destroy(old_key, delay_tailroom); 821 } else { 822 ieee80211_key_free(key, delay_tailroom); 823 } 824 825 out: 826 mutex_unlock(&sdata->local->key_mtx); 827 828 return ret; 829 } 830 831 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom) 832 { 833 if (!key) 834 return; 835 836 /* 837 * Replace key with nothingness if it was ever used. 838 */ 839 if (key->sdata) 840 ieee80211_key_replace(key->sdata, key->sta, 841 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 842 key, NULL); 843 ieee80211_key_destroy(key, delay_tailroom); 844 } 845 846 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) 847 { 848 struct ieee80211_key *key; 849 struct ieee80211_sub_if_data *vlan; 850 851 ASSERT_RTNL(); 852 853 if (WARN_ON(!ieee80211_sdata_running(sdata))) 854 return; 855 856 mutex_lock(&sdata->local->key_mtx); 857 858 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt || 859 sdata->crypto_tx_tailroom_pending_dec); 860 861 if (sdata->vif.type == NL80211_IFTYPE_AP) { 862 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 863 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt || 864 vlan->crypto_tx_tailroom_pending_dec); 865 } 866 867 list_for_each_entry(key, &sdata->key_list, list) { 868 increment_tailroom_need_count(sdata); 869 ieee80211_key_enable_hw_accel(key); 870 } 871 872 mutex_unlock(&sdata->local->key_mtx); 873 } 874 875 void ieee80211_reset_crypto_tx_tailroom(struct ieee80211_sub_if_data *sdata) 876 { 877 struct ieee80211_sub_if_data *vlan; 878 879 mutex_lock(&sdata->local->key_mtx); 880 881 sdata->crypto_tx_tailroom_needed_cnt = 0; 882 883 if (sdata->vif.type == NL80211_IFTYPE_AP) { 884 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 885 vlan->crypto_tx_tailroom_needed_cnt = 0; 886 } 887 888 mutex_unlock(&sdata->local->key_mtx); 889 } 890 891 void ieee80211_iter_keys(struct ieee80211_hw *hw, 892 struct ieee80211_vif *vif, 893 void (*iter)(struct ieee80211_hw *hw, 894 struct ieee80211_vif *vif, 895 struct ieee80211_sta *sta, 896 struct ieee80211_key_conf *key, 897 void *data), 898 void *iter_data) 899 { 900 struct ieee80211_local *local = hw_to_local(hw); 901 struct ieee80211_key *key, *tmp; 902 struct ieee80211_sub_if_data *sdata; 903 904 ASSERT_RTNL(); 905 906 mutex_lock(&local->key_mtx); 907 if (vif) { 908 sdata = vif_to_sdata(vif); 909 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) 910 iter(hw, &sdata->vif, 911 key->sta ? &key->sta->sta : NULL, 912 &key->conf, iter_data); 913 } else { 914 list_for_each_entry(sdata, &local->interfaces, list) 915 list_for_each_entry_safe(key, tmp, 916 &sdata->key_list, list) 917 iter(hw, &sdata->vif, 918 key->sta ? &key->sta->sta : NULL, 919 &key->conf, iter_data); 920 } 921 mutex_unlock(&local->key_mtx); 922 } 923 EXPORT_SYMBOL(ieee80211_iter_keys); 924 925 static void 926 _ieee80211_iter_keys_rcu(struct ieee80211_hw *hw, 927 struct ieee80211_sub_if_data *sdata, 928 void (*iter)(struct ieee80211_hw *hw, 929 struct ieee80211_vif *vif, 930 struct ieee80211_sta *sta, 931 struct ieee80211_key_conf *key, 932 void *data), 933 void *iter_data) 934 { 935 struct ieee80211_key *key; 936 937 list_for_each_entry_rcu(key, &sdata->key_list, list) { 938 /* skip keys of station in removal process */ 939 if (key->sta && key->sta->removed) 940 continue; 941 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 942 continue; 943 944 iter(hw, &sdata->vif, 945 key->sta ? &key->sta->sta : NULL, 946 &key->conf, iter_data); 947 } 948 } 949 950 void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw, 951 struct ieee80211_vif *vif, 952 void (*iter)(struct ieee80211_hw *hw, 953 struct ieee80211_vif *vif, 954 struct ieee80211_sta *sta, 955 struct ieee80211_key_conf *key, 956 void *data), 957 void *iter_data) 958 { 959 struct ieee80211_local *local = hw_to_local(hw); 960 struct ieee80211_sub_if_data *sdata; 961 962 if (vif) { 963 sdata = vif_to_sdata(vif); 964 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data); 965 } else { 966 list_for_each_entry_rcu(sdata, &local->interfaces, list) 967 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data); 968 } 969 } 970 EXPORT_SYMBOL(ieee80211_iter_keys_rcu); 971 972 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata, 973 struct list_head *keys) 974 { 975 struct ieee80211_key *key, *tmp; 976 977 decrease_tailroom_need_count(sdata, 978 sdata->crypto_tx_tailroom_pending_dec); 979 sdata->crypto_tx_tailroom_pending_dec = 0; 980 981 ieee80211_debugfs_key_remove_mgmt_default(sdata); 982 983 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) { 984 ieee80211_key_replace(key->sdata, key->sta, 985 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 986 key, NULL); 987 list_add_tail(&key->list, keys); 988 } 989 990 ieee80211_debugfs_key_update_default(sdata); 991 } 992 993 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata, 994 bool force_synchronize) 995 { 996 struct ieee80211_local *local = sdata->local; 997 struct ieee80211_sub_if_data *vlan; 998 struct ieee80211_sub_if_data *master; 999 struct ieee80211_key *key, *tmp; 1000 LIST_HEAD(keys); 1001 1002 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk); 1003 1004 mutex_lock(&local->key_mtx); 1005 1006 ieee80211_free_keys_iface(sdata, &keys); 1007 1008 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1009 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 1010 ieee80211_free_keys_iface(vlan, &keys); 1011 } 1012 1013 if (!list_empty(&keys) || force_synchronize) 1014 synchronize_net(); 1015 list_for_each_entry_safe(key, tmp, &keys, list) 1016 __ieee80211_key_destroy(key, false); 1017 1018 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { 1019 if (sdata->bss) { 1020 master = container_of(sdata->bss, 1021 struct ieee80211_sub_if_data, 1022 u.ap); 1023 1024 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt != 1025 master->crypto_tx_tailroom_needed_cnt); 1026 } 1027 } else { 1028 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt || 1029 sdata->crypto_tx_tailroom_pending_dec); 1030 } 1031 1032 if (sdata->vif.type == NL80211_IFTYPE_AP) { 1033 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 1034 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt || 1035 vlan->crypto_tx_tailroom_pending_dec); 1036 } 1037 1038 mutex_unlock(&local->key_mtx); 1039 } 1040 1041 void ieee80211_free_sta_keys(struct ieee80211_local *local, 1042 struct sta_info *sta) 1043 { 1044 struct ieee80211_key *key; 1045 int i; 1046 1047 mutex_lock(&local->key_mtx); 1048 for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) { 1049 key = key_mtx_dereference(local, sta->gtk[i]); 1050 if (!key) 1051 continue; 1052 ieee80211_key_replace(key->sdata, key->sta, 1053 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 1054 key, NULL); 1055 __ieee80211_key_destroy(key, key->sdata->vif.type == 1056 NL80211_IFTYPE_STATION); 1057 } 1058 1059 for (i = 0; i < NUM_DEFAULT_KEYS; i++) { 1060 key = key_mtx_dereference(local, sta->ptk[i]); 1061 if (!key) 1062 continue; 1063 ieee80211_key_replace(key->sdata, key->sta, 1064 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 1065 key, NULL); 1066 __ieee80211_key_destroy(key, key->sdata->vif.type == 1067 NL80211_IFTYPE_STATION); 1068 } 1069 1070 mutex_unlock(&local->key_mtx); 1071 } 1072 1073 void ieee80211_delayed_tailroom_dec(struct work_struct *wk) 1074 { 1075 struct ieee80211_sub_if_data *sdata; 1076 1077 sdata = container_of(wk, struct ieee80211_sub_if_data, 1078 dec_tailroom_needed_wk.work); 1079 1080 /* 1081 * The reason for the delayed tailroom needed decrementing is to 1082 * make roaming faster: during roaming, all keys are first deleted 1083 * and then new keys are installed. The first new key causes the 1084 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes 1085 * the cost of synchronize_net() (which can be slow). Avoid this 1086 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on 1087 * key removal for a while, so if we roam the value is larger than 1088 * zero and no 0->1 transition happens. 1089 * 1090 * The cost is that if the AP switching was from an AP with keys 1091 * to one without, we still allocate tailroom while it would no 1092 * longer be needed. However, in the typical (fast) roaming case 1093 * within an ESS this usually won't happen. 1094 */ 1095 1096 mutex_lock(&sdata->local->key_mtx); 1097 decrease_tailroom_need_count(sdata, 1098 sdata->crypto_tx_tailroom_pending_dec); 1099 sdata->crypto_tx_tailroom_pending_dec = 0; 1100 mutex_unlock(&sdata->local->key_mtx); 1101 } 1102 1103 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid, 1104 const u8 *replay_ctr, gfp_t gfp) 1105 { 1106 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1107 1108 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr); 1109 1110 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp); 1111 } 1112 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify); 1113 1114 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf, 1115 int tid, struct ieee80211_key_seq *seq) 1116 { 1117 struct ieee80211_key *key; 1118 const u8 *pn; 1119 1120 key = container_of(keyconf, struct ieee80211_key, conf); 1121 1122 switch (key->conf.cipher) { 1123 case WLAN_CIPHER_SUITE_TKIP: 1124 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) 1125 return; 1126 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32; 1127 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16; 1128 break; 1129 case WLAN_CIPHER_SUITE_CCMP: 1130 case WLAN_CIPHER_SUITE_CCMP_256: 1131 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) 1132 return; 1133 if (tid < 0) 1134 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; 1135 else 1136 pn = key->u.ccmp.rx_pn[tid]; 1137 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN); 1138 break; 1139 case WLAN_CIPHER_SUITE_AES_CMAC: 1140 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 1141 if (WARN_ON(tid != 0)) 1142 return; 1143 pn = key->u.aes_cmac.rx_pn; 1144 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN); 1145 break; 1146 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 1147 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 1148 if (WARN_ON(tid != 0)) 1149 return; 1150 pn = key->u.aes_gmac.rx_pn; 1151 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN); 1152 break; 1153 case WLAN_CIPHER_SUITE_GCMP: 1154 case WLAN_CIPHER_SUITE_GCMP_256: 1155 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) 1156 return; 1157 if (tid < 0) 1158 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS]; 1159 else 1160 pn = key->u.gcmp.rx_pn[tid]; 1161 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN); 1162 break; 1163 } 1164 } 1165 EXPORT_SYMBOL(ieee80211_get_key_rx_seq); 1166 1167 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf, 1168 int tid, struct ieee80211_key_seq *seq) 1169 { 1170 struct ieee80211_key *key; 1171 u8 *pn; 1172 1173 key = container_of(keyconf, struct ieee80211_key, conf); 1174 1175 switch (key->conf.cipher) { 1176 case WLAN_CIPHER_SUITE_TKIP: 1177 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) 1178 return; 1179 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32; 1180 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16; 1181 break; 1182 case WLAN_CIPHER_SUITE_CCMP: 1183 case WLAN_CIPHER_SUITE_CCMP_256: 1184 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) 1185 return; 1186 if (tid < 0) 1187 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; 1188 else 1189 pn = key->u.ccmp.rx_pn[tid]; 1190 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN); 1191 break; 1192 case WLAN_CIPHER_SUITE_AES_CMAC: 1193 case WLAN_CIPHER_SUITE_BIP_CMAC_256: 1194 if (WARN_ON(tid != 0)) 1195 return; 1196 pn = key->u.aes_cmac.rx_pn; 1197 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN); 1198 break; 1199 case WLAN_CIPHER_SUITE_BIP_GMAC_128: 1200 case WLAN_CIPHER_SUITE_BIP_GMAC_256: 1201 if (WARN_ON(tid != 0)) 1202 return; 1203 pn = key->u.aes_gmac.rx_pn; 1204 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN); 1205 break; 1206 case WLAN_CIPHER_SUITE_GCMP: 1207 case WLAN_CIPHER_SUITE_GCMP_256: 1208 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) 1209 return; 1210 if (tid < 0) 1211 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS]; 1212 else 1213 pn = key->u.gcmp.rx_pn[tid]; 1214 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN); 1215 break; 1216 default: 1217 WARN_ON(1); 1218 break; 1219 } 1220 } 1221 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq); 1222 1223 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf) 1224 { 1225 struct ieee80211_key *key; 1226 1227 key = container_of(keyconf, struct ieee80211_key, conf); 1228 1229 assert_key_lock(key->local); 1230 1231 /* 1232 * if key was uploaded, we assume the driver will/has remove(d) 1233 * it, so adjust bookkeeping accordingly 1234 */ 1235 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { 1236 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 1237 1238 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | 1239 IEEE80211_KEY_FLAG_PUT_MIC_SPACE | 1240 IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) 1241 increment_tailroom_need_count(key->sdata); 1242 } 1243 1244 ieee80211_key_free(key, false); 1245 } 1246 EXPORT_SYMBOL_GPL(ieee80211_remove_key); 1247 1248 struct ieee80211_key_conf * 1249 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif, 1250 struct ieee80211_key_conf *keyconf) 1251 { 1252 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1253 struct ieee80211_local *local = sdata->local; 1254 struct ieee80211_key *key; 1255 int err; 1256 1257 if (WARN_ON(!local->wowlan)) 1258 return ERR_PTR(-EINVAL); 1259 1260 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION)) 1261 return ERR_PTR(-EINVAL); 1262 1263 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx, 1264 keyconf->keylen, keyconf->key, 1265 0, NULL, NULL); 1266 if (IS_ERR(key)) 1267 return ERR_CAST(key); 1268 1269 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED) 1270 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT; 1271 1272 err = ieee80211_key_link(key, sdata, NULL); 1273 if (err) 1274 return ERR_PTR(err); 1275 1276 return &key->conf; 1277 } 1278 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add); 1279