Commit | Line | Data |
---|---|---|
1f5a7e47 JB |
1 | /* |
2 | * Copyright 2002-2005, Instant802 Networks, Inc. | |
3 | * Copyright 2005-2006, Devicescape Software, Inc. | |
4 | * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> | |
3b96766f | 5 | * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> |
1f5a7e47 JB |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify | |
8 | * it under the terms of the GNU General Public License version 2 as | |
9 | * published by the Free Software Foundation. | |
10 | */ | |
11 | ||
11a843b7 JB |
12 | #include <linux/if_ether.h> |
13 | #include <linux/etherdevice.h> | |
14 | #include <linux/list.h> | |
d4e46a3d | 15 | #include <linux/rcupdate.h> |
db4d1169 | 16 | #include <linux/rtnetlink.h> |
1f5a7e47 JB |
17 | #include <net/mac80211.h> |
18 | #include "ieee80211_i.h" | |
19 | #include "debugfs_key.h" | |
20 | #include "aes_ccm.h" | |
21 | ||
11a843b7 | 22 | |
dbbea671 JB |
23 | /** |
24 | * DOC: Key handling basics | |
11a843b7 JB |
25 | * |
26 | * Key handling in mac80211 is done based on per-interface (sub_if_data) | |
27 | * keys and per-station keys. Since each station belongs to an interface, | |
28 | * each station key also belongs to that interface. | |
29 | * | |
30 | * Hardware acceleration is done on a best-effort basis, for each key | |
31 | * that is eligible the hardware is asked to enable that key but if | |
32 | * it cannot do that they key is simply kept for software encryption. | |
33 | * There is currently no way of knowing this except by looking into | |
34 | * debugfs. | |
35 | * | |
3b96766f JB |
36 | * All key operations are protected internally so you can call them at |
37 | * any time. | |
db4d1169 | 38 | * |
3b96766f JB |
39 | * Within mac80211, key references are, just as STA structure references, |
40 | * protected by RCU. Note, however, that some things are unprotected, | |
41 | * namely the key->sta dereferences within the hardware acceleration | |
42 | * functions. This means that sta_info_destroy() must flush the key todo | |
43 | * list. | |
44 | * | |
45 | * All the direct key list manipulation functions must not sleep because | |
46 | * they can operate on STA info structs that are protected by RCU. | |
11a843b7 JB |
47 | */ |
48 | ||
49 | static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; | |
50 | static const u8 zero_addr[ETH_ALEN]; | |
51 | ||
3b96766f JB |
52 | /* key mutex: used to synchronise todo runners */ |
53 | static DEFINE_MUTEX(key_mutex); | |
54 | static DEFINE_SPINLOCK(todo_lock); | |
55 | static LIST_HEAD(todo_list); | |
56 | ||
57 | static void key_todo(struct work_struct *work) | |
58 | { | |
59 | ieee80211_key_todo(); | |
60 | } | |
61 | ||
62 | static DECLARE_WORK(todo_work, key_todo); | |
63 | ||
64 | /** | |
65 | * add_todo - add todo item for a key | |
66 | * | |
67 | * @key: key to add to do item for | |
68 | * @flag: todo flag(s) | |
69 | */ | |
70 | static void add_todo(struct ieee80211_key *key, u32 flag) | |
71 | { | |
72 | if (!key) | |
73 | return; | |
74 | ||
75 | spin_lock(&todo_lock); | |
76 | key->flags |= flag; | |
245cbe7a JB |
77 | /* |
78 | * Remove again if already on the list so that we move it to the end. | |
79 | */ | |
80 | if (!list_empty(&key->todo)) | |
81 | list_del(&key->todo); | |
82 | list_add_tail(&key->todo, &todo_list); | |
3b96766f JB |
83 | schedule_work(&todo_work); |
84 | spin_unlock(&todo_lock); | |
85 | } | |
86 | ||
87 | /** | |
88 | * ieee80211_key_lock - lock the mac80211 key operation lock | |
89 | * | |
90 | * This locks the (global) mac80211 key operation lock, all | |
91 | * key operations must be done under this lock. | |
92 | */ | |
93 | static void ieee80211_key_lock(void) | |
94 | { | |
95 | mutex_lock(&key_mutex); | |
96 | } | |
97 | ||
98 | /** | |
99 | * ieee80211_key_unlock - unlock the mac80211 key operation lock | |
100 | */ | |
101 | static void ieee80211_key_unlock(void) | |
102 | { | |
103 | mutex_unlock(&key_mutex); | |
104 | } | |
105 | ||
106 | static void assert_key_lock(void) | |
107 | { | |
108 | WARN_ON(!mutex_is_locked(&key_mutex)); | |
109 | } | |
110 | ||
11a843b7 JB |
111 | static const u8 *get_mac_for_key(struct ieee80211_key *key) |
112 | { | |
113 | const u8 *addr = bcast_addr; | |
114 | ||
115 | /* | |
116 | * If we're an AP we won't ever receive frames with a non-WEP | |
117 | * group key so we tell the driver that by using the zero MAC | |
118 | * address to indicate a transmit-only key. | |
119 | */ | |
120 | if (key->conf.alg != ALG_WEP && | |
51fb61e7 JB |
121 | (key->sdata->vif.type == IEEE80211_IF_TYPE_AP || |
122 | key->sdata->vif.type == IEEE80211_IF_TYPE_VLAN)) | |
11a843b7 JB |
123 | addr = zero_addr; |
124 | ||
125 | if (key->sta) | |
126 | addr = key->sta->addr; | |
127 | ||
128 | return addr; | |
129 | } | |
130 | ||
131 | static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key) | |
132 | { | |
133 | const u8 *addr; | |
134 | int ret; | |
0795af57 | 135 | DECLARE_MAC_BUF(mac); |
11a843b7 | 136 | |
3b96766f JB |
137 | assert_key_lock(); |
138 | might_sleep(); | |
139 | ||
11a843b7 JB |
140 | if (!key->local->ops->set_key) |
141 | return; | |
142 | ||
143 | addr = get_mac_for_key(key); | |
144 | ||
145 | ret = key->local->ops->set_key(local_to_hw(key->local), SET_KEY, | |
146 | key->sdata->dev->dev_addr, addr, | |
147 | &key->conf); | |
148 | ||
3b96766f JB |
149 | if (!ret) { |
150 | spin_lock(&todo_lock); | |
11a843b7 | 151 | key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; |
3b96766f JB |
152 | spin_unlock(&todo_lock); |
153 | } | |
11a843b7 JB |
154 | |
155 | if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP) | |
156 | printk(KERN_ERR "mac80211-%s: failed to set key " | |
0795af57 | 157 | "(%d, %s) to hardware (%d)\n", |
11a843b7 | 158 | wiphy_name(key->local->hw.wiphy), |
0795af57 | 159 | key->conf.keyidx, print_mac(mac, addr), ret); |
11a843b7 JB |
160 | } |
161 | ||
162 | static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) | |
163 | { | |
164 | const u8 *addr; | |
165 | int ret; | |
0795af57 | 166 | DECLARE_MAC_BUF(mac); |
11a843b7 | 167 | |
3b96766f JB |
168 | assert_key_lock(); |
169 | might_sleep(); | |
170 | ||
db4d1169 | 171 | if (!key || !key->local->ops->set_key) |
11a843b7 JB |
172 | return; |
173 | ||
3b96766f JB |
174 | spin_lock(&todo_lock); |
175 | if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) { | |
176 | spin_unlock(&todo_lock); | |
11a843b7 | 177 | return; |
3b96766f JB |
178 | } |
179 | spin_unlock(&todo_lock); | |
11a843b7 JB |
180 | |
181 | addr = get_mac_for_key(key); | |
182 | ||
183 | ret = key->local->ops->set_key(local_to_hw(key->local), DISABLE_KEY, | |
184 | key->sdata->dev->dev_addr, addr, | |
185 | &key->conf); | |
186 | ||
187 | if (ret) | |
188 | printk(KERN_ERR "mac80211-%s: failed to remove key " | |
0795af57 | 189 | "(%d, %s) from hardware (%d)\n", |
11a843b7 | 190 | wiphy_name(key->local->hw.wiphy), |
0795af57 | 191 | key->conf.keyidx, print_mac(mac, addr), ret); |
11a843b7 | 192 | |
3b96766f JB |
193 | spin_lock(&todo_lock); |
194 | key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; | |
195 | spin_unlock(&todo_lock); | |
196 | } | |
197 | ||
198 | static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, | |
199 | int idx) | |
200 | { | |
201 | struct ieee80211_key *key = NULL; | |
202 | ||
203 | if (idx >= 0 && idx < NUM_DEFAULT_KEYS) | |
204 | key = sdata->keys[idx]; | |
205 | ||
206 | rcu_assign_pointer(sdata->default_key, key); | |
207 | ||
208 | if (key) | |
209 | add_todo(key, KEY_FLAG_TODO_DEFKEY); | |
210 | } | |
211 | ||
212 | void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx) | |
213 | { | |
214 | unsigned long flags; | |
215 | ||
b16bd15c | 216 | spin_lock_irqsave(&sdata->local->key_lock, flags); |
3b96766f | 217 | __ieee80211_set_default_key(sdata, idx); |
b16bd15c | 218 | spin_unlock_irqrestore(&sdata->local->key_lock, flags); |
3b96766f JB |
219 | } |
220 | ||
221 | ||
222 | static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, | |
223 | struct sta_info *sta, | |
224 | struct ieee80211_key *old, | |
225 | struct ieee80211_key *new) | |
226 | { | |
227 | int idx, defkey; | |
228 | ||
229 | if (new) | |
230 | list_add(&new->list, &sdata->key_list); | |
231 | ||
232 | if (sta) { | |
233 | rcu_assign_pointer(sta->key, new); | |
234 | } else { | |
235 | WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); | |
236 | ||
237 | if (old) | |
238 | idx = old->conf.keyidx; | |
239 | else | |
240 | idx = new->conf.keyidx; | |
241 | ||
242 | defkey = old && sdata->default_key == old; | |
243 | ||
244 | if (defkey && !new) | |
245 | __ieee80211_set_default_key(sdata, -1); | |
246 | ||
247 | rcu_assign_pointer(sdata->keys[idx], new); | |
248 | if (defkey && new) | |
249 | __ieee80211_set_default_key(sdata, new->conf.keyidx); | |
250 | } | |
251 | ||
252 | if (old) { | |
253 | /* | |
254 | * We'll use an empty list to indicate that the key | |
255 | * has already been removed. | |
256 | */ | |
257 | list_del_init(&old->list); | |
258 | } | |
11a843b7 JB |
259 | } |
260 | ||
db4d1169 | 261 | struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg, |
11a843b7 JB |
262 | int idx, |
263 | size_t key_len, | |
264 | const u8 *key_data) | |
1f5a7e47 JB |
265 | { |
266 | struct ieee80211_key *key; | |
267 | ||
d4e46a3d | 268 | BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS); |
11a843b7 JB |
269 | |
270 | key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); | |
1f5a7e47 JB |
271 | if (!key) |
272 | return NULL; | |
11a843b7 JB |
273 | |
274 | /* | |
275 | * Default to software encryption; we'll later upload the | |
276 | * key to the hardware if possible. | |
277 | */ | |
11a843b7 JB |
278 | key->conf.flags = 0; |
279 | key->flags = 0; | |
280 | ||
281 | key->conf.alg = alg; | |
282 | key->conf.keyidx = idx; | |
283 | key->conf.keylen = key_len; | |
284 | memcpy(key->conf.key, key_data, key_len); | |
e4861829 | 285 | INIT_LIST_HEAD(&key->list); |
3b96766f | 286 | INIT_LIST_HEAD(&key->todo); |
11a843b7 | 287 | |
11a843b7 JB |
288 | if (alg == ALG_CCMP) { |
289 | /* | |
290 | * Initialize AES key state here as an optimization so that | |
291 | * it does not need to be initialized for every packet. | |
292 | */ | |
293 | key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data); | |
294 | if (!key->u.ccmp.tfm) { | |
3b96766f | 295 | kfree(key); |
11a843b7 JB |
296 | return NULL; |
297 | } | |
298 | } | |
299 | ||
db4d1169 JB |
300 | return key; |
301 | } | |
11a843b7 | 302 | |
db4d1169 JB |
303 | void ieee80211_key_link(struct ieee80211_key *key, |
304 | struct ieee80211_sub_if_data *sdata, | |
305 | struct sta_info *sta) | |
306 | { | |
307 | struct ieee80211_key *old_key; | |
3b96766f | 308 | unsigned long flags; |
db4d1169 JB |
309 | int idx; |
310 | ||
db4d1169 JB |
311 | BUG_ON(!sdata); |
312 | BUG_ON(!key); | |
313 | ||
314 | idx = key->conf.keyidx; | |
315 | key->local = sdata->local; | |
316 | key->sdata = sdata; | |
317 | key->sta = sta; | |
318 | ||
11a843b7 | 319 | if (sta) { |
11a843b7 JB |
320 | /* |
321 | * some hardware cannot handle TKIP with QoS, so | |
322 | * we indicate whether QoS could be in use. | |
323 | */ | |
324 | if (sta->flags & WLAN_STA_WME) | |
325 | key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA; | |
326 | } else { | |
51fb61e7 | 327 | if (sdata->vif.type == IEEE80211_IF_TYPE_STA) { |
11a843b7 JB |
328 | struct sta_info *ap; |
329 | ||
3b96766f JB |
330 | /* |
331 | * We're getting a sta pointer in, | |
332 | * so must be under RCU read lock. | |
333 | */ | |
d0709a65 | 334 | |
11a843b7 JB |
335 | /* same here, the AP could be using QoS */ |
336 | ap = sta_info_get(key->local, key->sdata->u.sta.bssid); | |
337 | if (ap) { | |
338 | if (ap->flags & WLAN_STA_WME) | |
339 | key->conf.flags |= | |
340 | IEEE80211_KEY_FLAG_WMM_STA; | |
11a843b7 JB |
341 | } |
342 | } | |
11a843b7 JB |
343 | } |
344 | ||
b16bd15c | 345 | spin_lock_irqsave(&sdata->local->key_lock, flags); |
3b96766f | 346 | |
d4e46a3d | 347 | if (sta) |
db4d1169 | 348 | old_key = sta->key; |
d4e46a3d | 349 | else |
db4d1169 JB |
350 | old_key = sdata->keys[idx]; |
351 | ||
352 | __ieee80211_key_replace(sdata, sta, old_key, key); | |
d4e46a3d | 353 | |
b16bd15c | 354 | spin_unlock_irqrestore(&sdata->local->key_lock, flags); |
3b96766f JB |
355 | |
356 | /* free old key later */ | |
357 | add_todo(old_key, KEY_FLAG_TODO_DELETE); | |
db4d1169 | 358 | |
3b96766f | 359 | add_todo(key, KEY_FLAG_TODO_ADD_DEBUGFS); |
e4861829 | 360 | if (netif_running(sdata->dev)) |
3a245766 | 361 | add_todo(key, KEY_FLAG_TODO_HWACCEL_ADD); |
1f5a7e47 JB |
362 | } |
363 | ||
3a245766 | 364 | static void __ieee80211_key_free(struct ieee80211_key *key) |
1f5a7e47 | 365 | { |
3b96766f JB |
366 | /* |
367 | * Replace key with nothingness if it was ever used. | |
368 | */ | |
3a245766 | 369 | if (key->sdata) |
3b96766f JB |
370 | __ieee80211_key_replace(key->sdata, key->sta, |
371 | key, NULL); | |
11a843b7 | 372 | |
3b96766f JB |
373 | add_todo(key, KEY_FLAG_TODO_DELETE); |
374 | } | |
d4e46a3d | 375 | |
3a245766 | 376 | void ieee80211_key_free(struct ieee80211_key *key) |
3b96766f | 377 | { |
3a245766 | 378 | unsigned long flags; |
11a843b7 | 379 | |
3a245766 | 380 | if (!key) |
3b96766f JB |
381 | return; |
382 | ||
b16bd15c | 383 | spin_lock_irqsave(&key->sdata->local->key_lock, flags); |
3a245766 | 384 | __ieee80211_key_free(key); |
b16bd15c | 385 | spin_unlock_irqrestore(&key->sdata->local->key_lock, flags); |
3a245766 JB |
386 | } |
387 | ||
388 | /* | |
389 | * To be safe against concurrent manipulations of the list (which shouldn't | |
390 | * actually happen) we need to hold the spinlock. But under the spinlock we | |
391 | * can't actually do much, so we defer processing to the todo list. Then run | |
392 | * the todo list to be sure the operation and possibly previously pending | |
393 | * operations are completed. | |
394 | */ | |
395 | static void ieee80211_todo_for_each_key(struct ieee80211_sub_if_data *sdata, | |
396 | u32 todo_flags) | |
397 | { | |
398 | struct ieee80211_key *key; | |
399 | unsigned long flags; | |
3b96766f | 400 | |
3a245766 JB |
401 | might_sleep(); |
402 | ||
b16bd15c | 403 | spin_lock_irqsave(&sdata->local->key_lock, flags); |
3b96766f | 404 | list_for_each_entry(key, &sdata->key_list, list) |
3a245766 | 405 | add_todo(key, todo_flags); |
b16bd15c | 406 | spin_unlock_irqrestore(&sdata->local->key_lock, flags); |
3b96766f | 407 | |
3a245766 | 408 | ieee80211_key_todo(); |
1f5a7e47 | 409 | } |
11a843b7 | 410 | |
3a245766 | 411 | void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) |
11a843b7 | 412 | { |
3a245766 | 413 | ASSERT_RTNL(); |
11a843b7 | 414 | |
3a245766 JB |
415 | if (WARN_ON(!netif_running(sdata->dev))) |
416 | return; | |
11a843b7 | 417 | |
3a245766 JB |
418 | ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_ADD); |
419 | } | |
11a843b7 | 420 | |
3a245766 JB |
421 | void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) |
422 | { | |
423 | ASSERT_RTNL(); | |
11a843b7 | 424 | |
3a245766 | 425 | ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_REMOVE); |
11a843b7 JB |
426 | } |
427 | ||
3a245766 | 428 | static void __ieee80211_key_destroy(struct ieee80211_key *key) |
11a843b7 | 429 | { |
3b96766f JB |
430 | if (!key) |
431 | return; | |
db4d1169 | 432 | |
3b96766f | 433 | ieee80211_key_disable_hw_accel(key); |
11a843b7 | 434 | |
3b96766f JB |
435 | if (key->conf.alg == ALG_CCMP) |
436 | ieee80211_aes_key_free(key->u.ccmp.tfm); | |
437 | ieee80211_debugfs_key_remove(key); | |
438 | ||
439 | kfree(key); | |
11a843b7 JB |
440 | } |
441 | ||
3b96766f | 442 | static void __ieee80211_key_todo(void) |
11a843b7 JB |
443 | { |
444 | struct ieee80211_key *key; | |
3b96766f JB |
445 | bool work_done; |
446 | u32 todoflags; | |
11a843b7 | 447 | |
3b96766f JB |
448 | /* |
449 | * NB: sta_info_destroy relies on this! | |
450 | */ | |
451 | synchronize_rcu(); | |
452 | ||
453 | spin_lock(&todo_lock); | |
454 | while (!list_empty(&todo_list)) { | |
455 | key = list_first_entry(&todo_list, struct ieee80211_key, todo); | |
456 | list_del_init(&key->todo); | |
457 | todoflags = key->flags & (KEY_FLAG_TODO_ADD_DEBUGFS | | |
458 | KEY_FLAG_TODO_DEFKEY | | |
3a245766 JB |
459 | KEY_FLAG_TODO_HWACCEL_ADD | |
460 | KEY_FLAG_TODO_HWACCEL_REMOVE | | |
3b96766f JB |
461 | KEY_FLAG_TODO_DELETE); |
462 | key->flags &= ~todoflags; | |
463 | spin_unlock(&todo_lock); | |
464 | ||
465 | work_done = false; | |
466 | ||
467 | if (todoflags & KEY_FLAG_TODO_ADD_DEBUGFS) { | |
468 | ieee80211_debugfs_key_add(key); | |
469 | work_done = true; | |
470 | } | |
471 | if (todoflags & KEY_FLAG_TODO_DEFKEY) { | |
472 | ieee80211_debugfs_key_remove_default(key->sdata); | |
473 | ieee80211_debugfs_key_add_default(key->sdata); | |
474 | work_done = true; | |
475 | } | |
3a245766 | 476 | if (todoflags & KEY_FLAG_TODO_HWACCEL_ADD) { |
3b96766f JB |
477 | ieee80211_key_enable_hw_accel(key); |
478 | work_done = true; | |
479 | } | |
3a245766 JB |
480 | if (todoflags & KEY_FLAG_TODO_HWACCEL_REMOVE) { |
481 | ieee80211_key_disable_hw_accel(key); | |
482 | work_done = true; | |
483 | } | |
3b96766f | 484 | if (todoflags & KEY_FLAG_TODO_DELETE) { |
3a245766 | 485 | __ieee80211_key_destroy(key); |
3b96766f JB |
486 | work_done = true; |
487 | } | |
db4d1169 | 488 | |
3b96766f | 489 | WARN_ON(!work_done); |
11a843b7 | 490 | |
3b96766f JB |
491 | spin_lock(&todo_lock); |
492 | } | |
493 | spin_unlock(&todo_lock); | |
11a843b7 JB |
494 | } |
495 | ||
3b96766f | 496 | void ieee80211_key_todo(void) |
11a843b7 | 497 | { |
3b96766f JB |
498 | ieee80211_key_lock(); |
499 | __ieee80211_key_todo(); | |
500 | ieee80211_key_unlock(); | |
501 | } | |
11a843b7 | 502 | |
3b96766f JB |
503 | void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata) |
504 | { | |
505 | struct ieee80211_key *key, *tmp; | |
3a245766 | 506 | unsigned long flags; |
db4d1169 | 507 | |
3b96766f JB |
508 | ieee80211_key_lock(); |
509 | ||
510 | ieee80211_debugfs_key_remove_default(sdata); | |
511 | ||
b16bd15c | 512 | spin_lock_irqsave(&sdata->local->key_lock, flags); |
3b96766f | 513 | list_for_each_entry_safe(key, tmp, &sdata->key_list, list) |
3a245766 | 514 | __ieee80211_key_free(key); |
b16bd15c | 515 | spin_unlock_irqrestore(&sdata->local->key_lock, flags); |
3b96766f JB |
516 | |
517 | __ieee80211_key_todo(); | |
518 | ||
519 | ieee80211_key_unlock(); | |
11a843b7 | 520 | } |