1 /* 2 * Copyright 2002-2005, Instant802 Networks, Inc. 3 * Copyright 2005-2006, Devicescape Software, Inc. 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 12 #include <linux/if_ether.h> 13 #include <linux/etherdevice.h> 14 #include <linux/list.h> 15 #include <linux/rcupdate.h> 16 #include <linux/rtnetlink.h> 17 #include <net/mac80211.h> 18 #include "ieee80211_i.h" 19 #include "driver-ops.h" 20 #include "debugfs_key.h" 21 #include "aes_ccm.h" 22 #include "aes_cmac.h" 23 24 25 /** 26 * DOC: Key handling basics 27 * 28 * Key handling in mac80211 is done based on per-interface (sub_if_data) 29 * keys and per-station keys. Since each station belongs to an interface, 30 * each station key also belongs to that interface. 31 * 32 * Hardware acceleration is done on a best-effort basis, for each key 33 * that is eligible the hardware is asked to enable that key but if 34 * it cannot do that they key is simply kept for software encryption. 35 * There is currently no way of knowing this except by looking into 36 * debugfs. 37 * 38 * All key operations are protected internally so you can call them at 39 * any time. 40 * 41 * Within mac80211, key references are, just as STA structure references, 42 * protected by RCU. Note, however, that some things are unprotected, 43 * namely the key->sta dereferences within the hardware acceleration 44 * functions. This means that sta_info_destroy() must flush the key todo 45 * list. 46 * 47 * All the direct key list manipulation functions must not sleep because 48 * they can operate on STA info structs that are protected by RCU. 49 */ 50 51 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 52 53 /* key mutex: used to synchronise todo runners */ 54 static DEFINE_MUTEX(key_mutex); 55 static DEFINE_SPINLOCK(todo_lock); 56 static LIST_HEAD(todo_list); 57 58 static void key_todo(struct work_struct *work) 59 { 60 ieee80211_key_todo(); 61 } 62 63 static DECLARE_WORK(todo_work, key_todo); 64 65 /** 66 * add_todo - add todo item for a key 67 * 68 * @key: key to add to do item for 69 * @flag: todo flag(s) 70 * 71 * Must be called with IRQs or softirqs disabled. 72 */ 73 static void add_todo(struct ieee80211_key *key, u32 flag) 74 { 75 if (!key) 76 return; 77 78 spin_lock(&todo_lock); 79 key->flags |= flag; 80 /* 81 * Remove again if already on the list so that we move it to the end. 82 */ 83 if (!list_empty(&key->todo)) 84 list_del(&key->todo); 85 list_add_tail(&key->todo, &todo_list); 86 schedule_work(&todo_work); 87 spin_unlock(&todo_lock); 88 } 89 90 /** 91 * ieee80211_key_lock - lock the mac80211 key operation lock 92 * 93 * This locks the (global) mac80211 key operation lock, all 94 * key operations must be done under this lock. 95 */ 96 static void ieee80211_key_lock(void) 97 { 98 mutex_lock(&key_mutex); 99 } 100 101 /** 102 * ieee80211_key_unlock - unlock the mac80211 key operation lock 103 */ 104 static void ieee80211_key_unlock(void) 105 { 106 mutex_unlock(&key_mutex); 107 } 108 109 static void assert_key_lock(void) 110 { 111 WARN_ON(!mutex_is_locked(&key_mutex)); 112 } 113 114 static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key) 115 { 116 if (key->sta) 117 return &key->sta->sta; 118 119 return NULL; 120 } 121 122 static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key) 123 { 124 struct ieee80211_sub_if_data *sdata; 125 struct ieee80211_sta *sta; 126 int ret; 127 128 assert_key_lock(); 129 might_sleep(); 130 131 if (!key->local->ops->set_key) 132 return; 133 134 sta = get_sta_for_key(key); 135 136 sdata = key->sdata; 137 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 138 sdata = container_of(sdata->bss, 139 struct ieee80211_sub_if_data, 140 u.ap); 141 142 ret = drv_set_key(key->local, SET_KEY, &sdata->vif, sta, &key->conf); 143 144 if (!ret) { 145 spin_lock_bh(&todo_lock); 146 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 147 spin_unlock_bh(&todo_lock); 148 } 149 150 if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP) 151 printk(KERN_ERR "mac80211-%s: failed to set key " 152 "(%d, %pM) to hardware (%d)\n", 153 wiphy_name(key->local->hw.wiphy), 154 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 155 } 156 157 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) 158 { 159 struct ieee80211_sub_if_data *sdata; 160 struct ieee80211_sta *sta; 161 int ret; 162 163 assert_key_lock(); 164 might_sleep(); 165 166 if (!key || !key->local->ops->set_key) 167 return; 168 169 spin_lock_bh(&todo_lock); 170 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) { 171 spin_unlock_bh(&todo_lock); 172 return; 173 } 174 spin_unlock_bh(&todo_lock); 175 176 sta = get_sta_for_key(key); 177 sdata = key->sdata; 178 179 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 180 sdata = container_of(sdata->bss, 181 struct ieee80211_sub_if_data, 182 u.ap); 183 184 ret = drv_set_key(key->local, DISABLE_KEY, &sdata->vif, 185 sta, &key->conf); 186 187 if (ret) 188 printk(KERN_ERR "mac80211-%s: failed to remove key " 189 "(%d, %pM) from hardware (%d)\n", 190 wiphy_name(key->local->hw.wiphy), 191 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 192 193 spin_lock_bh(&todo_lock); 194 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 195 spin_unlock_bh(&todo_lock); 196 } 197 198 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 199 int idx) 200 { 201 struct ieee80211_key *key = NULL; 202 203 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) 204 key = sdata->keys[idx]; 205 206 rcu_assign_pointer(sdata->default_key, key); 207 208 if (key) 209 add_todo(key, KEY_FLAG_TODO_DEFKEY); 210 } 211 212 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx) 213 { 214 unsigned long flags; 215 216 spin_lock_irqsave(&sdata->local->key_lock, flags); 217 __ieee80211_set_default_key(sdata, idx); 218 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 219 } 220 221 static void 222 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx) 223 { 224 struct ieee80211_key *key = NULL; 225 226 if (idx >= NUM_DEFAULT_KEYS && 227 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 228 key = sdata->keys[idx]; 229 230 rcu_assign_pointer(sdata->default_mgmt_key, key); 231 232 if (key) 233 add_todo(key, KEY_FLAG_TODO_DEFMGMTKEY); 234 } 235 236 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 237 int idx) 238 { 239 unsigned long flags; 240 241 spin_lock_irqsave(&sdata->local->key_lock, flags); 242 __ieee80211_set_default_mgmt_key(sdata, idx); 243 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 244 } 245 246 247 static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 248 struct sta_info *sta, 249 struct ieee80211_key *old, 250 struct ieee80211_key *new) 251 { 252 int idx, defkey, defmgmtkey; 253 254 if (new) 255 list_add(&new->list, &sdata->key_list); 256 257 if (sta) { 258 rcu_assign_pointer(sta->key, new); 259 } else { 260 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); 261 262 if (old) 263 idx = old->conf.keyidx; 264 else 265 idx = new->conf.keyidx; 266 267 defkey = old && sdata->default_key == old; 268 defmgmtkey = old && sdata->default_mgmt_key == old; 269 270 if (defkey && !new) 271 __ieee80211_set_default_key(sdata, -1); 272 if (defmgmtkey && !new) 273 __ieee80211_set_default_mgmt_key(sdata, -1); 274 275 rcu_assign_pointer(sdata->keys[idx], new); 276 if (defkey && new) 277 __ieee80211_set_default_key(sdata, new->conf.keyidx); 278 if (defmgmtkey && new) 279 __ieee80211_set_default_mgmt_key(sdata, 280 new->conf.keyidx); 281 } 282 283 if (old) { 284 /* 285 * We'll use an empty list to indicate that the key 286 * has already been removed. 287 */ 288 list_del_init(&old->list); 289 } 290 } 291 292 struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg, 293 int idx, 294 size_t key_len, 295 const u8 *key_data, 296 size_t seq_len, const u8 *seq) 297 { 298 struct ieee80211_key *key; 299 int i, j; 300 301 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS); 302 303 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); 304 if (!key) 305 return NULL; 306 307 /* 308 * Default to software encryption; we'll later upload the 309 * key to the hardware if possible. 310 */ 311 key->conf.flags = 0; 312 key->flags = 0; 313 314 key->conf.alg = alg; 315 key->conf.keyidx = idx; 316 key->conf.keylen = key_len; 317 switch (alg) { 318 case ALG_WEP: 319 key->conf.iv_len = WEP_IV_LEN; 320 key->conf.icv_len = WEP_ICV_LEN; 321 break; 322 case ALG_TKIP: 323 key->conf.iv_len = TKIP_IV_LEN; 324 key->conf.icv_len = TKIP_ICV_LEN; 325 if (seq) { 326 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) { 327 key->u.tkip.rx[i].iv32 = 328 get_unaligned_le32(&seq[2]); 329 key->u.tkip.rx[i].iv16 = 330 get_unaligned_le16(seq); 331 } 332 } 333 break; 334 case ALG_CCMP: 335 key->conf.iv_len = CCMP_HDR_LEN; 336 key->conf.icv_len = CCMP_MIC_LEN; 337 if (seq) { 338 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 339 for (j = 0; j < CCMP_PN_LEN; j++) 340 key->u.ccmp.rx_pn[i][j] = 341 seq[CCMP_PN_LEN - j - 1]; 342 } 343 break; 344 case ALG_AES_CMAC: 345 key->conf.iv_len = 0; 346 key->conf.icv_len = sizeof(struct ieee80211_mmie); 347 if (seq) 348 for (j = 0; j < 6; j++) 349 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1]; 350 break; 351 } 352 memcpy(key->conf.key, key_data, key_len); 353 INIT_LIST_HEAD(&key->list); 354 INIT_LIST_HEAD(&key->todo); 355 356 if (alg == ALG_CCMP) { 357 /* 358 * Initialize AES key state here as an optimization so that 359 * it does not need to be initialized for every packet. 360 */ 361 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data); 362 if (!key->u.ccmp.tfm) { 363 kfree(key); 364 return NULL; 365 } 366 } 367 368 if (alg == ALG_AES_CMAC) { 369 /* 370 * Initialize AES key state here as an optimization so that 371 * it does not need to be initialized for every packet. 372 */ 373 key->u.aes_cmac.tfm = 374 ieee80211_aes_cmac_key_setup(key_data); 375 if (!key->u.aes_cmac.tfm) { 376 kfree(key); 377 return NULL; 378 } 379 } 380 381 return key; 382 } 383 384 void ieee80211_key_link(struct ieee80211_key *key, 385 struct ieee80211_sub_if_data *sdata, 386 struct sta_info *sta) 387 { 388 struct ieee80211_key *old_key; 389 unsigned long flags; 390 int idx; 391 392 BUG_ON(!sdata); 393 BUG_ON(!key); 394 395 idx = key->conf.keyidx; 396 key->local = sdata->local; 397 key->sdata = sdata; 398 key->sta = sta; 399 400 if (sta) { 401 /* 402 * some hardware cannot handle TKIP with QoS, so 403 * we indicate whether QoS could be in use. 404 */ 405 if (test_sta_flags(sta, WLAN_STA_WME)) 406 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA; 407 408 /* 409 * This key is for a specific sta interface, 410 * inform the driver that it should try to store 411 * this key as pairwise key. 412 */ 413 key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE; 414 } else { 415 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 416 struct sta_info *ap; 417 418 /* 419 * We're getting a sta pointer in, 420 * so must be under RCU read lock. 421 */ 422 423 /* same here, the AP could be using QoS */ 424 ap = sta_info_get(key->local, key->sdata->u.mgd.bssid); 425 if (ap) { 426 if (test_sta_flags(ap, WLAN_STA_WME)) 427 key->conf.flags |= 428 IEEE80211_KEY_FLAG_WMM_STA; 429 } 430 } 431 } 432 433 spin_lock_irqsave(&sdata->local->key_lock, flags); 434 435 if (sta) 436 old_key = sta->key; 437 else 438 old_key = sdata->keys[idx]; 439 440 __ieee80211_key_replace(sdata, sta, old_key, key); 441 442 /* free old key later */ 443 add_todo(old_key, KEY_FLAG_TODO_DELETE); 444 445 add_todo(key, KEY_FLAG_TODO_ADD_DEBUGFS); 446 if (netif_running(sdata->dev)) 447 add_todo(key, KEY_FLAG_TODO_HWACCEL_ADD); 448 449 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 450 } 451 452 static void __ieee80211_key_free(struct ieee80211_key *key) 453 { 454 /* 455 * Replace key with nothingness if it was ever used. 456 */ 457 if (key->sdata) 458 __ieee80211_key_replace(key->sdata, key->sta, 459 key, NULL); 460 461 add_todo(key, KEY_FLAG_TODO_DELETE); 462 } 463 464 void ieee80211_key_free(struct ieee80211_key *key) 465 { 466 unsigned long flags; 467 468 if (!key) 469 return; 470 471 if (!key->sdata) { 472 /* The key has not been linked yet, simply free it 473 * and don't Oops */ 474 if (key->conf.alg == ALG_CCMP) 475 ieee80211_aes_key_free(key->u.ccmp.tfm); 476 kfree(key); 477 return; 478 } 479 480 spin_lock_irqsave(&key->sdata->local->key_lock, flags); 481 __ieee80211_key_free(key); 482 spin_unlock_irqrestore(&key->sdata->local->key_lock, flags); 483 } 484 485 /* 486 * To be safe against concurrent manipulations of the list (which shouldn't 487 * actually happen) we need to hold the spinlock. But under the spinlock we 488 * can't actually do much, so we defer processing to the todo list. Then run 489 * the todo list to be sure the operation and possibly previously pending 490 * operations are completed. 491 */ 492 static void ieee80211_todo_for_each_key(struct ieee80211_sub_if_data *sdata, 493 u32 todo_flags) 494 { 495 struct ieee80211_key *key; 496 unsigned long flags; 497 498 might_sleep(); 499 500 spin_lock_irqsave(&sdata->local->key_lock, flags); 501 list_for_each_entry(key, &sdata->key_list, list) 502 add_todo(key, todo_flags); 503 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 504 505 ieee80211_key_todo(); 506 } 507 508 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) 509 { 510 ASSERT_RTNL(); 511 512 if (WARN_ON(!netif_running(sdata->dev))) 513 return; 514 515 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_ADD); 516 } 517 518 void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) 519 { 520 ASSERT_RTNL(); 521 522 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_REMOVE); 523 } 524 525 static void __ieee80211_key_destroy(struct ieee80211_key *key) 526 { 527 if (!key) 528 return; 529 530 ieee80211_key_disable_hw_accel(key); 531 532 if (key->conf.alg == ALG_CCMP) 533 ieee80211_aes_key_free(key->u.ccmp.tfm); 534 if (key->conf.alg == ALG_AES_CMAC) 535 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); 536 ieee80211_debugfs_key_remove(key); 537 538 kfree(key); 539 } 540 541 static void __ieee80211_key_todo(void) 542 { 543 struct ieee80211_key *key; 544 bool work_done; 545 u32 todoflags; 546 547 /* 548 * NB: sta_info_destroy relies on this! 549 */ 550 synchronize_rcu(); 551 552 spin_lock_bh(&todo_lock); 553 while (!list_empty(&todo_list)) { 554 key = list_first_entry(&todo_list, struct ieee80211_key, todo); 555 list_del_init(&key->todo); 556 todoflags = key->flags & (KEY_FLAG_TODO_ADD_DEBUGFS | 557 KEY_FLAG_TODO_DEFKEY | 558 KEY_FLAG_TODO_DEFMGMTKEY | 559 KEY_FLAG_TODO_HWACCEL_ADD | 560 KEY_FLAG_TODO_HWACCEL_REMOVE | 561 KEY_FLAG_TODO_DELETE); 562 key->flags &= ~todoflags; 563 spin_unlock_bh(&todo_lock); 564 565 work_done = false; 566 567 if (todoflags & KEY_FLAG_TODO_ADD_DEBUGFS) { 568 ieee80211_debugfs_key_add(key); 569 work_done = true; 570 } 571 if (todoflags & KEY_FLAG_TODO_DEFKEY) { 572 ieee80211_debugfs_key_remove_default(key->sdata); 573 ieee80211_debugfs_key_add_default(key->sdata); 574 work_done = true; 575 } 576 if (todoflags & KEY_FLAG_TODO_DEFMGMTKEY) { 577 ieee80211_debugfs_key_remove_mgmt_default(key->sdata); 578 ieee80211_debugfs_key_add_mgmt_default(key->sdata); 579 work_done = true; 580 } 581 if (todoflags & KEY_FLAG_TODO_HWACCEL_ADD) { 582 ieee80211_key_enable_hw_accel(key); 583 work_done = true; 584 } 585 if (todoflags & KEY_FLAG_TODO_HWACCEL_REMOVE) { 586 ieee80211_key_disable_hw_accel(key); 587 work_done = true; 588 } 589 if (todoflags & KEY_FLAG_TODO_DELETE) { 590 __ieee80211_key_destroy(key); 591 work_done = true; 592 } 593 594 WARN_ON(!work_done); 595 596 spin_lock_bh(&todo_lock); 597 } 598 spin_unlock_bh(&todo_lock); 599 } 600 601 void ieee80211_key_todo(void) 602 { 603 ieee80211_key_lock(); 604 __ieee80211_key_todo(); 605 ieee80211_key_unlock(); 606 } 607 608 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata) 609 { 610 struct ieee80211_key *key, *tmp; 611 unsigned long flags; 612 613 ieee80211_key_lock(); 614 615 ieee80211_debugfs_key_remove_default(sdata); 616 ieee80211_debugfs_key_remove_mgmt_default(sdata); 617 618 spin_lock_irqsave(&sdata->local->key_lock, flags); 619 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) 620 __ieee80211_key_free(key); 621 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 622 623 __ieee80211_key_todo(); 624 625 ieee80211_key_unlock(); 626 } 627