| 1 | /* |
| 2 | * Copyright 2002-2005, Instant802 Networks, Inc. |
| 3 | * Copyright 2005-2006, Devicescape Software, Inc. |
| 4 | * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> |
| 5 | * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> |
| 6 | * |
| 7 | * This program is free software; you can redistribute it and/or modify |
| 8 | * it under the terms of the GNU General Public License version 2 as |
| 9 | * published by the Free Software Foundation. |
| 10 | */ |
| 11 | |
| 12 | #include <linux/if_ether.h> |
| 13 | #include <linux/etherdevice.h> |
| 14 | #include <linux/list.h> |
| 15 | #include <linux/rcupdate.h> |
| 16 | #include <linux/rtnetlink.h> |
| 17 | #include <linux/slab.h> |
| 18 | #include <linux/export.h> |
| 19 | #include <net/mac80211.h> |
| 20 | #include <asm/unaligned.h> |
| 21 | #include "ieee80211_i.h" |
| 22 | #include "driver-ops.h" |
| 23 | #include "debugfs_key.h" |
| 24 | #include "aes_ccm.h" |
| 25 | #include "aes_cmac.h" |
| 26 | |
| 27 | |
| 28 | /** |
| 29 | * DOC: Key handling basics |
| 30 | * |
| 31 | * Key handling in mac80211 is done based on per-interface (sub_if_data) |
| 32 | * keys and per-station keys. Since each station belongs to an interface, |
| 33 | * each station key also belongs to that interface. |
| 34 | * |
| 35 | * Hardware acceleration is done on a best-effort basis for algorithms |
| 36 | * that are implemented in software, for each key the hardware is asked |
| 37 | * to enable that key for offloading but if it cannot do that the key is |
| 38 | * simply kept for software encryption (unless it is for an algorithm |
| 39 | * that isn't implemented in software). |
| 40 | * There is currently no way of knowing whether a key is handled in SW |
| 41 | * or HW except by looking into debugfs. |
| 42 | * |
| 43 | * All key management is internally protected by a mutex. Within all |
| 44 | * other parts of mac80211, key references are, just as STA structure |
| 45 | * references, protected by RCU. Note, however, that some things are |
| 46 | * unprotected, namely the key->sta dereferences within the hardware |
| 47 | * acceleration functions. This means that sta_info_destroy() must |
| 48 | * remove the key which waits for an RCU grace period. |
| 49 | */ |
| 50 | |
| 51 | static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; |
| 52 | |
| 53 | static void assert_key_lock(struct ieee80211_local *local) |
| 54 | { |
| 55 | lockdep_assert_held(&local->key_mtx); |
| 56 | } |
| 57 | |
| 58 | static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata) |
| 59 | { |
| 60 | /* |
| 61 | * When this count is zero, SKB resizing for allocating tailroom |
| 62 | * for IV or MMIC is skipped. But, this check has created two race |
| 63 | * cases in xmit path while transiting from zero count to one: |
| 64 | * |
| 65 | * 1. SKB resize was skipped because no key was added but just before |
| 66 | * the xmit key is added and SW encryption kicks off. |
| 67 | * |
| 68 | * 2. SKB resize was skipped because all the keys were hw planted but |
| 69 | * just before xmit one of the key is deleted and SW encryption kicks |
| 70 | * off. |
| 71 | * |
| 72 | * In both the above case SW encryption will find not enough space for |
| 73 | * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c) |
| 74 | * |
| 75 | * Solution has been explained at |
| 76 | * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net |
| 77 | */ |
| 78 | |
| 79 | if (!sdata->crypto_tx_tailroom_needed_cnt++) { |
| 80 | /* |
| 81 | * Flush all XMIT packets currently using HW encryption or no |
| 82 | * encryption at all if the count transition is from 0 -> 1. |
| 83 | */ |
| 84 | synchronize_net(); |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) |
| 89 | { |
| 90 | struct ieee80211_sub_if_data *sdata; |
| 91 | struct sta_info *sta; |
| 92 | int ret; |
| 93 | |
| 94 | might_sleep(); |
| 95 | |
| 96 | if (key->flags & KEY_FLAG_TAINTED) |
| 97 | return -EINVAL; |
| 98 | |
| 99 | if (!key->local->ops->set_key) |
| 100 | goto out_unsupported; |
| 101 | |
| 102 | assert_key_lock(key->local); |
| 103 | |
| 104 | sta = key->sta; |
| 105 | |
| 106 | /* |
| 107 | * If this is a per-STA GTK, check if it |
| 108 | * is supported; if not, return. |
| 109 | */ |
| 110 | if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) && |
| 111 | !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)) |
| 112 | goto out_unsupported; |
| 113 | |
| 114 | if (sta && !sta->uploaded) |
| 115 | goto out_unsupported; |
| 116 | |
| 117 | sdata = key->sdata; |
| 118 | if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { |
| 119 | /* |
| 120 | * The driver doesn't know anything about VLAN interfaces. |
| 121 | * Hence, don't send GTKs for VLAN interfaces to the driver. |
| 122 | */ |
| 123 | if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) |
| 124 | goto out_unsupported; |
| 125 | } |
| 126 | |
| 127 | ret = drv_set_key(key->local, SET_KEY, sdata, |
| 128 | sta ? &sta->sta : NULL, &key->conf); |
| 129 | |
| 130 | if (!ret) { |
| 131 | key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; |
| 132 | |
| 133 | if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) || |
| 134 | (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) || |
| 135 | (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))) |
| 136 | sdata->crypto_tx_tailroom_needed_cnt--; |
| 137 | |
| 138 | WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && |
| 139 | (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)); |
| 140 | |
| 141 | return 0; |
| 142 | } |
| 143 | |
| 144 | if (ret != -ENOSPC && ret != -EOPNOTSUPP) |
| 145 | sdata_err(sdata, |
| 146 | "failed to set key (%d, %pM) to hardware (%d)\n", |
| 147 | key->conf.keyidx, |
| 148 | sta ? sta->sta.addr : bcast_addr, ret); |
| 149 | |
| 150 | out_unsupported: |
| 151 | switch (key->conf.cipher) { |
| 152 | case WLAN_CIPHER_SUITE_WEP40: |
| 153 | case WLAN_CIPHER_SUITE_WEP104: |
| 154 | case WLAN_CIPHER_SUITE_TKIP: |
| 155 | case WLAN_CIPHER_SUITE_CCMP: |
| 156 | case WLAN_CIPHER_SUITE_AES_CMAC: |
| 157 | /* all of these we can do in software */ |
| 158 | return 0; |
| 159 | default: |
| 160 | return -EINVAL; |
| 161 | } |
| 162 | } |
| 163 | |
| 164 | static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) |
| 165 | { |
| 166 | struct ieee80211_sub_if_data *sdata; |
| 167 | struct sta_info *sta; |
| 168 | int ret; |
| 169 | |
| 170 | might_sleep(); |
| 171 | |
| 172 | if (!key || !key->local->ops->set_key) |
| 173 | return; |
| 174 | |
| 175 | assert_key_lock(key->local); |
| 176 | |
| 177 | if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) |
| 178 | return; |
| 179 | |
| 180 | sta = key->sta; |
| 181 | sdata = key->sdata; |
| 182 | |
| 183 | if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) || |
| 184 | (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) || |
| 185 | (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))) |
| 186 | increment_tailroom_need_count(sdata); |
| 187 | |
| 188 | ret = drv_set_key(key->local, DISABLE_KEY, sdata, |
| 189 | sta ? &sta->sta : NULL, &key->conf); |
| 190 | |
| 191 | if (ret) |
| 192 | sdata_err(sdata, |
| 193 | "failed to remove key (%d, %pM) from hardware (%d)\n", |
| 194 | key->conf.keyidx, |
| 195 | sta ? sta->sta.addr : bcast_addr, ret); |
| 196 | |
| 197 | key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; |
| 198 | } |
| 199 | |
| 200 | static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, |
| 201 | int idx, bool uni, bool multi) |
| 202 | { |
| 203 | struct ieee80211_key *key = NULL; |
| 204 | |
| 205 | assert_key_lock(sdata->local); |
| 206 | |
| 207 | if (idx >= 0 && idx < NUM_DEFAULT_KEYS) |
| 208 | key = key_mtx_dereference(sdata->local, sdata->keys[idx]); |
| 209 | |
| 210 | if (uni) { |
| 211 | rcu_assign_pointer(sdata->default_unicast_key, key); |
| 212 | drv_set_default_unicast_key(sdata->local, sdata, idx); |
| 213 | } |
| 214 | |
| 215 | if (multi) |
| 216 | rcu_assign_pointer(sdata->default_multicast_key, key); |
| 217 | |
| 218 | ieee80211_debugfs_key_update_default(sdata); |
| 219 | } |
| 220 | |
| 221 | void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx, |
| 222 | bool uni, bool multi) |
| 223 | { |
| 224 | mutex_lock(&sdata->local->key_mtx); |
| 225 | __ieee80211_set_default_key(sdata, idx, uni, multi); |
| 226 | mutex_unlock(&sdata->local->key_mtx); |
| 227 | } |
| 228 | |
| 229 | static void |
| 230 | __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx) |
| 231 | { |
| 232 | struct ieee80211_key *key = NULL; |
| 233 | |
| 234 | assert_key_lock(sdata->local); |
| 235 | |
| 236 | if (idx >= NUM_DEFAULT_KEYS && |
| 237 | idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) |
| 238 | key = key_mtx_dereference(sdata->local, sdata->keys[idx]); |
| 239 | |
| 240 | rcu_assign_pointer(sdata->default_mgmt_key, key); |
| 241 | |
| 242 | ieee80211_debugfs_key_update_default(sdata); |
| 243 | } |
| 244 | |
| 245 | void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, |
| 246 | int idx) |
| 247 | { |
| 248 | mutex_lock(&sdata->local->key_mtx); |
| 249 | __ieee80211_set_default_mgmt_key(sdata, idx); |
| 250 | mutex_unlock(&sdata->local->key_mtx); |
| 251 | } |
| 252 | |
| 253 | |
| 254 | static void ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, |
| 255 | struct sta_info *sta, |
| 256 | bool pairwise, |
| 257 | struct ieee80211_key *old, |
| 258 | struct ieee80211_key *new) |
| 259 | { |
| 260 | int idx; |
| 261 | bool defunikey, defmultikey, defmgmtkey; |
| 262 | |
| 263 | if (new) |
| 264 | list_add_tail(&new->list, &sdata->key_list); |
| 265 | |
| 266 | if (sta && pairwise) { |
| 267 | rcu_assign_pointer(sta->ptk, new); |
| 268 | } else if (sta) { |
| 269 | if (old) |
| 270 | idx = old->conf.keyidx; |
| 271 | else |
| 272 | idx = new->conf.keyidx; |
| 273 | rcu_assign_pointer(sta->gtk[idx], new); |
| 274 | } else { |
| 275 | WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); |
| 276 | |
| 277 | if (old) |
| 278 | idx = old->conf.keyidx; |
| 279 | else |
| 280 | idx = new->conf.keyidx; |
| 281 | |
| 282 | defunikey = old && |
| 283 | old == key_mtx_dereference(sdata->local, |
| 284 | sdata->default_unicast_key); |
| 285 | defmultikey = old && |
| 286 | old == key_mtx_dereference(sdata->local, |
| 287 | sdata->default_multicast_key); |
| 288 | defmgmtkey = old && |
| 289 | old == key_mtx_dereference(sdata->local, |
| 290 | sdata->default_mgmt_key); |
| 291 | |
| 292 | if (defunikey && !new) |
| 293 | __ieee80211_set_default_key(sdata, -1, true, false); |
| 294 | if (defmultikey && !new) |
| 295 | __ieee80211_set_default_key(sdata, -1, false, true); |
| 296 | if (defmgmtkey && !new) |
| 297 | __ieee80211_set_default_mgmt_key(sdata, -1); |
| 298 | |
| 299 | rcu_assign_pointer(sdata->keys[idx], new); |
| 300 | if (defunikey && new) |
| 301 | __ieee80211_set_default_key(sdata, new->conf.keyidx, |
| 302 | true, false); |
| 303 | if (defmultikey && new) |
| 304 | __ieee80211_set_default_key(sdata, new->conf.keyidx, |
| 305 | false, true); |
| 306 | if (defmgmtkey && new) |
| 307 | __ieee80211_set_default_mgmt_key(sdata, |
| 308 | new->conf.keyidx); |
| 309 | } |
| 310 | |
| 311 | if (old) |
| 312 | list_del(&old->list); |
| 313 | } |
| 314 | |
| 315 | struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, |
| 316 | const u8 *key_data, |
| 317 | size_t seq_len, const u8 *seq) |
| 318 | { |
| 319 | struct ieee80211_key *key; |
| 320 | int i, j, err; |
| 321 | |
| 322 | BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS); |
| 323 | |
| 324 | key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); |
| 325 | if (!key) |
| 326 | return ERR_PTR(-ENOMEM); |
| 327 | |
| 328 | /* |
| 329 | * Default to software encryption; we'll later upload the |
| 330 | * key to the hardware if possible. |
| 331 | */ |
| 332 | key->conf.flags = 0; |
| 333 | key->flags = 0; |
| 334 | |
| 335 | key->conf.cipher = cipher; |
| 336 | key->conf.keyidx = idx; |
| 337 | key->conf.keylen = key_len; |
| 338 | switch (cipher) { |
| 339 | case WLAN_CIPHER_SUITE_WEP40: |
| 340 | case WLAN_CIPHER_SUITE_WEP104: |
| 341 | key->conf.iv_len = IEEE80211_WEP_IV_LEN; |
| 342 | key->conf.icv_len = IEEE80211_WEP_ICV_LEN; |
| 343 | break; |
| 344 | case WLAN_CIPHER_SUITE_TKIP: |
| 345 | key->conf.iv_len = IEEE80211_TKIP_IV_LEN; |
| 346 | key->conf.icv_len = IEEE80211_TKIP_ICV_LEN; |
| 347 | if (seq) { |
| 348 | for (i = 0; i < IEEE80211_NUM_TIDS; i++) { |
| 349 | key->u.tkip.rx[i].iv32 = |
| 350 | get_unaligned_le32(&seq[2]); |
| 351 | key->u.tkip.rx[i].iv16 = |
| 352 | get_unaligned_le16(seq); |
| 353 | } |
| 354 | } |
| 355 | spin_lock_init(&key->u.tkip.txlock); |
| 356 | break; |
| 357 | case WLAN_CIPHER_SUITE_CCMP: |
| 358 | key->conf.iv_len = IEEE80211_CCMP_HDR_LEN; |
| 359 | key->conf.icv_len = IEEE80211_CCMP_MIC_LEN; |
| 360 | if (seq) { |
| 361 | for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++) |
| 362 | for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++) |
| 363 | key->u.ccmp.rx_pn[i][j] = |
| 364 | seq[IEEE80211_CCMP_PN_LEN - j - 1]; |
| 365 | } |
| 366 | /* |
| 367 | * Initialize AES key state here as an optimization so that |
| 368 | * it does not need to be initialized for every packet. |
| 369 | */ |
| 370 | key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data); |
| 371 | if (IS_ERR(key->u.ccmp.tfm)) { |
| 372 | err = PTR_ERR(key->u.ccmp.tfm); |
| 373 | kfree(key); |
| 374 | return ERR_PTR(err); |
| 375 | } |
| 376 | break; |
| 377 | case WLAN_CIPHER_SUITE_AES_CMAC: |
| 378 | key->conf.iv_len = 0; |
| 379 | key->conf.icv_len = sizeof(struct ieee80211_mmie); |
| 380 | if (seq) |
| 381 | for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++) |
| 382 | key->u.aes_cmac.rx_pn[j] = |
| 383 | seq[IEEE80211_CMAC_PN_LEN - j - 1]; |
| 384 | /* |
| 385 | * Initialize AES key state here as an optimization so that |
| 386 | * it does not need to be initialized for every packet. |
| 387 | */ |
| 388 | key->u.aes_cmac.tfm = |
| 389 | ieee80211_aes_cmac_key_setup(key_data); |
| 390 | if (IS_ERR(key->u.aes_cmac.tfm)) { |
| 391 | err = PTR_ERR(key->u.aes_cmac.tfm); |
| 392 | kfree(key); |
| 393 | return ERR_PTR(err); |
| 394 | } |
| 395 | break; |
| 396 | } |
| 397 | memcpy(key->conf.key, key_data, key_len); |
| 398 | INIT_LIST_HEAD(&key->list); |
| 399 | |
| 400 | return key; |
| 401 | } |
| 402 | |
| 403 | static void ieee80211_key_free_common(struct ieee80211_key *key) |
| 404 | { |
| 405 | if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP) |
| 406 | ieee80211_aes_key_free(key->u.ccmp.tfm); |
| 407 | if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC) |
| 408 | ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); |
| 409 | kfree(key); |
| 410 | } |
| 411 | |
| 412 | static void __ieee80211_key_destroy(struct ieee80211_key *key, |
| 413 | bool delay_tailroom) |
| 414 | { |
| 415 | if (key->local) |
| 416 | ieee80211_key_disable_hw_accel(key); |
| 417 | |
| 418 | if (key->local) { |
| 419 | struct ieee80211_sub_if_data *sdata = key->sdata; |
| 420 | |
| 421 | ieee80211_debugfs_key_remove(key); |
| 422 | |
| 423 | if (delay_tailroom) { |
| 424 | /* see ieee80211_delayed_tailroom_dec */ |
| 425 | sdata->crypto_tx_tailroom_pending_dec++; |
| 426 | schedule_delayed_work(&sdata->dec_tailroom_needed_wk, |
| 427 | HZ/2); |
| 428 | } else { |
| 429 | sdata->crypto_tx_tailroom_needed_cnt--; |
| 430 | } |
| 431 | } |
| 432 | |
| 433 | ieee80211_key_free_common(key); |
| 434 | } |
| 435 | |
| 436 | static void ieee80211_key_destroy(struct ieee80211_key *key, |
| 437 | bool delay_tailroom) |
| 438 | { |
| 439 | if (!key) |
| 440 | return; |
| 441 | |
| 442 | /* |
| 443 | * Synchronize so the TX path can no longer be using |
| 444 | * this key before we free/remove it. |
| 445 | */ |
| 446 | synchronize_net(); |
| 447 | |
| 448 | __ieee80211_key_destroy(key, delay_tailroom); |
| 449 | } |
| 450 | |
| 451 | void ieee80211_key_free_unused(struct ieee80211_key *key) |
| 452 | { |
| 453 | WARN_ON(key->sdata || key->local); |
| 454 | ieee80211_key_free_common(key); |
| 455 | } |
| 456 | |
| 457 | int ieee80211_key_link(struct ieee80211_key *key, |
| 458 | struct ieee80211_sub_if_data *sdata, |
| 459 | struct sta_info *sta) |
| 460 | { |
| 461 | struct ieee80211_local *local = sdata->local; |
| 462 | struct ieee80211_key *old_key; |
| 463 | int idx, ret; |
| 464 | bool pairwise; |
| 465 | |
| 466 | BUG_ON(!sdata); |
| 467 | BUG_ON(!key); |
| 468 | |
| 469 | pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; |
| 470 | idx = key->conf.keyidx; |
| 471 | key->local = sdata->local; |
| 472 | key->sdata = sdata; |
| 473 | key->sta = sta; |
| 474 | |
| 475 | mutex_lock(&sdata->local->key_mtx); |
| 476 | |
| 477 | if (sta && pairwise) |
| 478 | old_key = key_mtx_dereference(sdata->local, sta->ptk); |
| 479 | else if (sta) |
| 480 | old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]); |
| 481 | else |
| 482 | old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); |
| 483 | |
| 484 | increment_tailroom_need_count(sdata); |
| 485 | |
| 486 | ieee80211_key_replace(sdata, sta, pairwise, old_key, key); |
| 487 | ieee80211_key_destroy(old_key, true); |
| 488 | |
| 489 | ieee80211_debugfs_key_add(key); |
| 490 | |
| 491 | if (!local->wowlan) { |
| 492 | ret = ieee80211_key_enable_hw_accel(key); |
| 493 | if (ret) |
| 494 | ieee80211_key_free(key, true); |
| 495 | } else { |
| 496 | ret = 0; |
| 497 | } |
| 498 | |
| 499 | mutex_unlock(&sdata->local->key_mtx); |
| 500 | |
| 501 | return ret; |
| 502 | } |
| 503 | |
| 504 | void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom) |
| 505 | { |
| 506 | if (!key) |
| 507 | return; |
| 508 | |
| 509 | /* |
| 510 | * Replace key with nothingness if it was ever used. |
| 511 | */ |
| 512 | if (key->sdata) |
| 513 | ieee80211_key_replace(key->sdata, key->sta, |
| 514 | key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, |
| 515 | key, NULL); |
| 516 | ieee80211_key_destroy(key, delay_tailroom); |
| 517 | } |
| 518 | |
| 519 | void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) |
| 520 | { |
| 521 | struct ieee80211_key *key; |
| 522 | |
| 523 | ASSERT_RTNL(); |
| 524 | |
| 525 | if (WARN_ON(!ieee80211_sdata_running(sdata))) |
| 526 | return; |
| 527 | |
| 528 | mutex_lock(&sdata->local->key_mtx); |
| 529 | |
| 530 | sdata->crypto_tx_tailroom_needed_cnt = 0; |
| 531 | |
| 532 | list_for_each_entry(key, &sdata->key_list, list) { |
| 533 | increment_tailroom_need_count(sdata); |
| 534 | ieee80211_key_enable_hw_accel(key); |
| 535 | } |
| 536 | |
| 537 | mutex_unlock(&sdata->local->key_mtx); |
| 538 | } |
| 539 | |
| 540 | void ieee80211_iter_keys(struct ieee80211_hw *hw, |
| 541 | struct ieee80211_vif *vif, |
| 542 | void (*iter)(struct ieee80211_hw *hw, |
| 543 | struct ieee80211_vif *vif, |
| 544 | struct ieee80211_sta *sta, |
| 545 | struct ieee80211_key_conf *key, |
| 546 | void *data), |
| 547 | void *iter_data) |
| 548 | { |
| 549 | struct ieee80211_local *local = hw_to_local(hw); |
| 550 | struct ieee80211_key *key, *tmp; |
| 551 | struct ieee80211_sub_if_data *sdata; |
| 552 | |
| 553 | ASSERT_RTNL(); |
| 554 | |
| 555 | mutex_lock(&local->key_mtx); |
| 556 | if (vif) { |
| 557 | sdata = vif_to_sdata(vif); |
| 558 | list_for_each_entry_safe(key, tmp, &sdata->key_list, list) |
| 559 | iter(hw, &sdata->vif, |
| 560 | key->sta ? &key->sta->sta : NULL, |
| 561 | &key->conf, iter_data); |
| 562 | } else { |
| 563 | list_for_each_entry(sdata, &local->interfaces, list) |
| 564 | list_for_each_entry_safe(key, tmp, |
| 565 | &sdata->key_list, list) |
| 566 | iter(hw, &sdata->vif, |
| 567 | key->sta ? &key->sta->sta : NULL, |
| 568 | &key->conf, iter_data); |
| 569 | } |
| 570 | mutex_unlock(&local->key_mtx); |
| 571 | } |
| 572 | EXPORT_SYMBOL(ieee80211_iter_keys); |
| 573 | |
| 574 | void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata) |
| 575 | { |
| 576 | struct ieee80211_key *key, *tmp; |
| 577 | LIST_HEAD(keys); |
| 578 | |
| 579 | cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk); |
| 580 | |
| 581 | mutex_lock(&sdata->local->key_mtx); |
| 582 | |
| 583 | sdata->crypto_tx_tailroom_needed_cnt -= |
| 584 | sdata->crypto_tx_tailroom_pending_dec; |
| 585 | sdata->crypto_tx_tailroom_pending_dec = 0; |
| 586 | |
| 587 | ieee80211_debugfs_key_remove_mgmt_default(sdata); |
| 588 | |
| 589 | list_for_each_entry_safe(key, tmp, &sdata->key_list, list) { |
| 590 | ieee80211_key_replace(key->sdata, key->sta, |
| 591 | key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, |
| 592 | key, NULL); |
| 593 | list_add_tail(&key->list, &keys); |
| 594 | } |
| 595 | |
| 596 | ieee80211_debugfs_key_update_default(sdata); |
| 597 | |
| 598 | if (!list_empty(&keys)) { |
| 599 | synchronize_net(); |
| 600 | list_for_each_entry_safe(key, tmp, &keys, list) |
| 601 | __ieee80211_key_destroy(key, false); |
| 602 | } |
| 603 | |
| 604 | WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt || |
| 605 | sdata->crypto_tx_tailroom_pending_dec); |
| 606 | |
| 607 | mutex_unlock(&sdata->local->key_mtx); |
| 608 | } |
| 609 | |
| 610 | void ieee80211_free_sta_keys(struct ieee80211_local *local, |
| 611 | struct sta_info *sta) |
| 612 | { |
| 613 | struct ieee80211_key *key, *tmp; |
| 614 | LIST_HEAD(keys); |
| 615 | int i; |
| 616 | |
| 617 | mutex_lock(&local->key_mtx); |
| 618 | for (i = 0; i < NUM_DEFAULT_KEYS; i++) { |
| 619 | key = key_mtx_dereference(local, sta->gtk[i]); |
| 620 | if (!key) |
| 621 | continue; |
| 622 | ieee80211_key_replace(key->sdata, key->sta, |
| 623 | key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, |
| 624 | key, NULL); |
| 625 | list_add(&key->list, &keys); |
| 626 | } |
| 627 | |
| 628 | key = key_mtx_dereference(local, sta->ptk); |
| 629 | if (key) { |
| 630 | ieee80211_key_replace(key->sdata, key->sta, |
| 631 | key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, |
| 632 | key, NULL); |
| 633 | list_add(&key->list, &keys); |
| 634 | } |
| 635 | |
| 636 | /* |
| 637 | * NB: the station code relies on this being |
| 638 | * done even if there aren't any keys |
| 639 | */ |
| 640 | synchronize_net(); |
| 641 | |
| 642 | list_for_each_entry_safe(key, tmp, &keys, list) |
| 643 | __ieee80211_key_destroy(key, true); |
| 644 | |
| 645 | mutex_unlock(&local->key_mtx); |
| 646 | } |
| 647 | |
| 648 | void ieee80211_delayed_tailroom_dec(struct work_struct *wk) |
| 649 | { |
| 650 | struct ieee80211_sub_if_data *sdata; |
| 651 | |
| 652 | sdata = container_of(wk, struct ieee80211_sub_if_data, |
| 653 | dec_tailroom_needed_wk.work); |
| 654 | |
| 655 | /* |
| 656 | * The reason for the delayed tailroom needed decrementing is to |
| 657 | * make roaming faster: during roaming, all keys are first deleted |
| 658 | * and then new keys are installed. The first new key causes the |
| 659 | * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes |
| 660 | * the cost of synchronize_net() (which can be slow). Avoid this |
| 661 | * by deferring the crypto_tx_tailroom_needed_cnt decrementing on |
| 662 | * key removal for a while, so if we roam the value is larger than |
| 663 | * zero and no 0->1 transition happens. |
| 664 | * |
| 665 | * The cost is that if the AP switching was from an AP with keys |
| 666 | * to one without, we still allocate tailroom while it would no |
| 667 | * longer be needed. However, in the typical (fast) roaming case |
| 668 | * within an ESS this usually won't happen. |
| 669 | */ |
| 670 | |
| 671 | mutex_lock(&sdata->local->key_mtx); |
| 672 | sdata->crypto_tx_tailroom_needed_cnt -= |
| 673 | sdata->crypto_tx_tailroom_pending_dec; |
| 674 | sdata->crypto_tx_tailroom_pending_dec = 0; |
| 675 | mutex_unlock(&sdata->local->key_mtx); |
| 676 | } |
| 677 | |
| 678 | void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid, |
| 679 | const u8 *replay_ctr, gfp_t gfp) |
| 680 | { |
| 681 | struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); |
| 682 | |
| 683 | trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr); |
| 684 | |
| 685 | cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp); |
| 686 | } |
| 687 | EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify); |
| 688 | |
| 689 | void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf, |
| 690 | struct ieee80211_key_seq *seq) |
| 691 | { |
| 692 | struct ieee80211_key *key; |
| 693 | u64 pn64; |
| 694 | |
| 695 | if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV))) |
| 696 | return; |
| 697 | |
| 698 | key = container_of(keyconf, struct ieee80211_key, conf); |
| 699 | |
| 700 | switch (key->conf.cipher) { |
| 701 | case WLAN_CIPHER_SUITE_TKIP: |
| 702 | seq->tkip.iv32 = key->u.tkip.tx.iv32; |
| 703 | seq->tkip.iv16 = key->u.tkip.tx.iv16; |
| 704 | break; |
| 705 | case WLAN_CIPHER_SUITE_CCMP: |
| 706 | pn64 = atomic64_read(&key->u.ccmp.tx_pn); |
| 707 | seq->ccmp.pn[5] = pn64; |
| 708 | seq->ccmp.pn[4] = pn64 >> 8; |
| 709 | seq->ccmp.pn[3] = pn64 >> 16; |
| 710 | seq->ccmp.pn[2] = pn64 >> 24; |
| 711 | seq->ccmp.pn[1] = pn64 >> 32; |
| 712 | seq->ccmp.pn[0] = pn64 >> 40; |
| 713 | break; |
| 714 | case WLAN_CIPHER_SUITE_AES_CMAC: |
| 715 | pn64 = atomic64_read(&key->u.aes_cmac.tx_pn); |
| 716 | seq->ccmp.pn[5] = pn64; |
| 717 | seq->ccmp.pn[4] = pn64 >> 8; |
| 718 | seq->ccmp.pn[3] = pn64 >> 16; |
| 719 | seq->ccmp.pn[2] = pn64 >> 24; |
| 720 | seq->ccmp.pn[1] = pn64 >> 32; |
| 721 | seq->ccmp.pn[0] = pn64 >> 40; |
| 722 | break; |
| 723 | default: |
| 724 | WARN_ON(1); |
| 725 | } |
| 726 | } |
| 727 | EXPORT_SYMBOL(ieee80211_get_key_tx_seq); |
| 728 | |
| 729 | void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf, |
| 730 | int tid, struct ieee80211_key_seq *seq) |
| 731 | { |
| 732 | struct ieee80211_key *key; |
| 733 | const u8 *pn; |
| 734 | |
| 735 | key = container_of(keyconf, struct ieee80211_key, conf); |
| 736 | |
| 737 | switch (key->conf.cipher) { |
| 738 | case WLAN_CIPHER_SUITE_TKIP: |
| 739 | if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) |
| 740 | return; |
| 741 | seq->tkip.iv32 = key->u.tkip.rx[tid].iv32; |
| 742 | seq->tkip.iv16 = key->u.tkip.rx[tid].iv16; |
| 743 | break; |
| 744 | case WLAN_CIPHER_SUITE_CCMP: |
| 745 | if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) |
| 746 | return; |
| 747 | if (tid < 0) |
| 748 | pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; |
| 749 | else |
| 750 | pn = key->u.ccmp.rx_pn[tid]; |
| 751 | memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN); |
| 752 | break; |
| 753 | case WLAN_CIPHER_SUITE_AES_CMAC: |
| 754 | if (WARN_ON(tid != 0)) |
| 755 | return; |
| 756 | pn = key->u.aes_cmac.rx_pn; |
| 757 | memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN); |
| 758 | break; |
| 759 | } |
| 760 | } |
| 761 | EXPORT_SYMBOL(ieee80211_get_key_rx_seq); |
| 762 | |
| 763 | void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf, |
| 764 | struct ieee80211_key_seq *seq) |
| 765 | { |
| 766 | struct ieee80211_key *key; |
| 767 | u64 pn64; |
| 768 | |
| 769 | key = container_of(keyconf, struct ieee80211_key, conf); |
| 770 | |
| 771 | switch (key->conf.cipher) { |
| 772 | case WLAN_CIPHER_SUITE_TKIP: |
| 773 | key->u.tkip.tx.iv32 = seq->tkip.iv32; |
| 774 | key->u.tkip.tx.iv16 = seq->tkip.iv16; |
| 775 | break; |
| 776 | case WLAN_CIPHER_SUITE_CCMP: |
| 777 | pn64 = (u64)seq->ccmp.pn[5] | |
| 778 | ((u64)seq->ccmp.pn[4] << 8) | |
| 779 | ((u64)seq->ccmp.pn[3] << 16) | |
| 780 | ((u64)seq->ccmp.pn[2] << 24) | |
| 781 | ((u64)seq->ccmp.pn[1] << 32) | |
| 782 | ((u64)seq->ccmp.pn[0] << 40); |
| 783 | atomic64_set(&key->u.ccmp.tx_pn, pn64); |
| 784 | break; |
| 785 | case WLAN_CIPHER_SUITE_AES_CMAC: |
| 786 | pn64 = (u64)seq->aes_cmac.pn[5] | |
| 787 | ((u64)seq->aes_cmac.pn[4] << 8) | |
| 788 | ((u64)seq->aes_cmac.pn[3] << 16) | |
| 789 | ((u64)seq->aes_cmac.pn[2] << 24) | |
| 790 | ((u64)seq->aes_cmac.pn[1] << 32) | |
| 791 | ((u64)seq->aes_cmac.pn[0] << 40); |
| 792 | atomic64_set(&key->u.aes_cmac.tx_pn, pn64); |
| 793 | break; |
| 794 | default: |
| 795 | WARN_ON(1); |
| 796 | break; |
| 797 | } |
| 798 | } |
| 799 | EXPORT_SYMBOL_GPL(ieee80211_set_key_tx_seq); |
| 800 | |
| 801 | void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf, |
| 802 | int tid, struct ieee80211_key_seq *seq) |
| 803 | { |
| 804 | struct ieee80211_key *key; |
| 805 | u8 *pn; |
| 806 | |
| 807 | key = container_of(keyconf, struct ieee80211_key, conf); |
| 808 | |
| 809 | switch (key->conf.cipher) { |
| 810 | case WLAN_CIPHER_SUITE_TKIP: |
| 811 | if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS)) |
| 812 | return; |
| 813 | key->u.tkip.rx[tid].iv32 = seq->tkip.iv32; |
| 814 | key->u.tkip.rx[tid].iv16 = seq->tkip.iv16; |
| 815 | break; |
| 816 | case WLAN_CIPHER_SUITE_CCMP: |
| 817 | if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS)) |
| 818 | return; |
| 819 | if (tid < 0) |
| 820 | pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; |
| 821 | else |
| 822 | pn = key->u.ccmp.rx_pn[tid]; |
| 823 | memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN); |
| 824 | break; |
| 825 | case WLAN_CIPHER_SUITE_AES_CMAC: |
| 826 | if (WARN_ON(tid != 0)) |
| 827 | return; |
| 828 | pn = key->u.aes_cmac.rx_pn; |
| 829 | memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN); |
| 830 | break; |
| 831 | default: |
| 832 | WARN_ON(1); |
| 833 | break; |
| 834 | } |
| 835 | } |
| 836 | EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq); |
| 837 | |
| 838 | void ieee80211_remove_key(struct ieee80211_key_conf *keyconf) |
| 839 | { |
| 840 | struct ieee80211_key *key; |
| 841 | |
| 842 | key = container_of(keyconf, struct ieee80211_key, conf); |
| 843 | |
| 844 | assert_key_lock(key->local); |
| 845 | |
| 846 | /* |
| 847 | * if key was uploaded, we assume the driver will/has remove(d) |
| 848 | * it, so adjust bookkeeping accordingly |
| 849 | */ |
| 850 | if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { |
| 851 | key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; |
| 852 | |
| 853 | if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) || |
| 854 | (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) || |
| 855 | (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))) |
| 856 | increment_tailroom_need_count(key->sdata); |
| 857 | } |
| 858 | |
| 859 | ieee80211_key_free(key, false); |
| 860 | } |
| 861 | EXPORT_SYMBOL_GPL(ieee80211_remove_key); |
| 862 | |
| 863 | struct ieee80211_key_conf * |
| 864 | ieee80211_gtk_rekey_add(struct ieee80211_vif *vif, |
| 865 | struct ieee80211_key_conf *keyconf) |
| 866 | { |
| 867 | struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); |
| 868 | struct ieee80211_local *local = sdata->local; |
| 869 | struct ieee80211_key *key; |
| 870 | int err; |
| 871 | |
| 872 | if (WARN_ON(!local->wowlan)) |
| 873 | return ERR_PTR(-EINVAL); |
| 874 | |
| 875 | if (WARN_ON(vif->type != NL80211_IFTYPE_STATION)) |
| 876 | return ERR_PTR(-EINVAL); |
| 877 | |
| 878 | key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx, |
| 879 | keyconf->keylen, keyconf->key, |
| 880 | 0, NULL); |
| 881 | if (IS_ERR(key)) |
| 882 | return ERR_CAST(key); |
| 883 | |
| 884 | if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED) |
| 885 | key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT; |
| 886 | |
| 887 | err = ieee80211_key_link(key, sdata, NULL); |
| 888 | if (err) |
| 889 | return ERR_PTR(err); |
| 890 | |
| 891 | return &key->conf; |
| 892 | } |
| 893 | EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add); |