2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
13 #include <linux/if_ether.h>
14 #include <linux/etherdevice.h>
15 #include <linux/list.h>
16 #include <linux/rcupdate.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/slab.h>
19 #include <linux/export.h>
20 #include <net/mac80211.h>
21 #include <asm/unaligned.h>
22 #include "ieee80211_i.h"
23 #include "driver-ops.h"
24 #include "debugfs_key.h"
30 * DOC: Key handling basics
32 * Key handling in mac80211 is done based on per-interface (sub_if_data)
33 * keys and per-station keys. Since each station belongs to an interface,
34 * each station key also belongs to that interface.
36 * Hardware acceleration is done on a best-effort basis for algorithms
37 * that are implemented in software, for each key the hardware is asked
38 * to enable that key for offloading but if it cannot do that the key is
39 * simply kept for software encryption (unless it is for an algorithm
40 * that isn't implemented in software).
41 * There is currently no way of knowing whether a key is handled in SW
42 * or HW except by looking into debugfs.
44 * All key management is internally protected by a mutex. Within all
45 * other parts of mac80211, key references are, just as STA structure
46 * references, protected by RCU. Note, however, that some things are
47 * unprotected, namely the key->sta dereferences within the hardware
48 * acceleration functions. This means that sta_info_destroy() must
49 * remove the key which waits for an RCU grace period.
52 static const u8 bcast_addr
[ETH_ALEN
] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
54 static void assert_key_lock(struct ieee80211_local
*local
)
56 lockdep_assert_held(&local
->key_mtx
);
59 static void increment_tailroom_need_count(struct ieee80211_sub_if_data
*sdata
)
62 * When this count is zero, SKB resizing for allocating tailroom
63 * for IV or MMIC is skipped. But, this check has created two race
64 * cases in xmit path while transiting from zero count to one:
66 * 1. SKB resize was skipped because no key was added but just before
67 * the xmit key is added and SW encryption kicks off.
69 * 2. SKB resize was skipped because all the keys were hw planted but
70 * just before xmit one of the key is deleted and SW encryption kicks
73 * In both the above case SW encryption will find not enough space for
74 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
76 * Solution has been explained at
77 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
80 if (!sdata
->crypto_tx_tailroom_needed_cnt
++) {
82 * Flush all XMIT packets currently using HW encryption or no
83 * encryption at all if the count transition is from 0 -> 1.
89 static int ieee80211_key_enable_hw_accel(struct ieee80211_key
*key
)
91 struct ieee80211_sub_if_data
*sdata
;
97 if (key
->flags
& KEY_FLAG_TAINTED
) {
98 /* If we get here, it's during resume and the key is
99 * tainted so shouldn't be used/programmed any more.
100 * However, its flags may still indicate that it was
101 * programmed into the device (since we're in resume)
102 * so clear that flag now to avoid trying to remove
105 key
->flags
&= ~KEY_FLAG_UPLOADED_TO_HARDWARE
;
109 if (!key
->local
->ops
->set_key
)
110 goto out_unsupported
;
112 assert_key_lock(key
->local
);
117 * If this is a per-STA GTK, check if it
118 * is supported; if not, return.
120 if (sta
&& !(key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
) &&
121 !(key
->local
->hw
.flags
& IEEE80211_HW_SUPPORTS_PER_STA_GTK
))
122 goto out_unsupported
;
124 if (sta
&& !sta
->uploaded
)
125 goto out_unsupported
;
128 if (sdata
->vif
.type
== NL80211_IFTYPE_AP_VLAN
) {
130 * The driver doesn't know anything about VLAN interfaces.
131 * Hence, don't send GTKs for VLAN interfaces to the driver.
133 if (!(key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
))
134 goto out_unsupported
;
137 ret
= drv_set_key(key
->local
, SET_KEY
, sdata
,
138 sta
? &sta
->sta
: NULL
, &key
->conf
);
141 key
->flags
|= KEY_FLAG_UPLOADED_TO_HARDWARE
;
143 if (!(key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_MMIC
))
144 sdata
->crypto_tx_tailroom_needed_cnt
--;
146 WARN_ON((key
->conf
.flags
& IEEE80211_KEY_FLAG_PUT_IV_SPACE
) &&
147 (key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_IV
));
152 if (ret
!= -ENOSPC
&& ret
!= -EOPNOTSUPP
)
154 "failed to set key (%d, %pM) to hardware (%d)\n",
156 sta
? sta
->sta
.addr
: bcast_addr
, ret
);
159 switch (key
->conf
.cipher
) {
160 case WLAN_CIPHER_SUITE_WEP40
:
161 case WLAN_CIPHER_SUITE_WEP104
:
162 case WLAN_CIPHER_SUITE_TKIP
:
163 case WLAN_CIPHER_SUITE_CCMP
:
164 case WLAN_CIPHER_SUITE_AES_CMAC
:
165 /* all of these we can do in software */
172 static void ieee80211_key_disable_hw_accel(struct ieee80211_key
*key
)
174 struct ieee80211_sub_if_data
*sdata
;
175 struct sta_info
*sta
;
180 if (!key
|| !key
->local
->ops
->set_key
)
183 assert_key_lock(key
->local
);
185 if (!(key
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
))
191 if (!(key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_MMIC
))
192 increment_tailroom_need_count(sdata
);
194 ret
= drv_set_key(key
->local
, DISABLE_KEY
, sdata
,
195 sta
? &sta
->sta
: NULL
, &key
->conf
);
199 "failed to remove key (%d, %pM) from hardware (%d)\n",
201 sta
? sta
->sta
.addr
: bcast_addr
, ret
);
203 key
->flags
&= ~KEY_FLAG_UPLOADED_TO_HARDWARE
;
206 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data
*sdata
,
207 int idx
, bool uni
, bool multi
)
209 struct ieee80211_key
*key
= NULL
;
211 assert_key_lock(sdata
->local
);
213 if (idx
>= 0 && idx
< NUM_DEFAULT_KEYS
)
214 key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
217 rcu_assign_pointer(sdata
->default_unicast_key
, key
);
218 drv_set_default_unicast_key(sdata
->local
, sdata
, idx
);
222 rcu_assign_pointer(sdata
->default_multicast_key
, key
);
224 ieee80211_debugfs_key_update_default(sdata
);
227 void ieee80211_set_default_key(struct ieee80211_sub_if_data
*sdata
, int idx
,
228 bool uni
, bool multi
)
230 mutex_lock(&sdata
->local
->key_mtx
);
231 __ieee80211_set_default_key(sdata
, idx
, uni
, multi
);
232 mutex_unlock(&sdata
->local
->key_mtx
);
236 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data
*sdata
, int idx
)
238 struct ieee80211_key
*key
= NULL
;
240 assert_key_lock(sdata
->local
);
242 if (idx
>= NUM_DEFAULT_KEYS
&&
243 idx
< NUM_DEFAULT_KEYS
+ NUM_DEFAULT_MGMT_KEYS
)
244 key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
246 rcu_assign_pointer(sdata
->default_mgmt_key
, key
);
248 ieee80211_debugfs_key_update_default(sdata
);
251 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data
*sdata
,
254 mutex_lock(&sdata
->local
->key_mtx
);
255 __ieee80211_set_default_mgmt_key(sdata
, idx
);
256 mutex_unlock(&sdata
->local
->key_mtx
);
260 static void ieee80211_key_replace(struct ieee80211_sub_if_data
*sdata
,
261 struct sta_info
*sta
,
263 struct ieee80211_key
*old
,
264 struct ieee80211_key
*new)
267 bool defunikey
, defmultikey
, defmgmtkey
;
269 /* caller must provide at least one old/new */
270 if (WARN_ON(!new && !old
))
274 list_add_tail(&new->list
, &sdata
->key_list
);
276 WARN_ON(new && old
&& new->conf
.keyidx
!= old
->conf
.keyidx
);
279 idx
= old
->conf
.keyidx
;
281 idx
= new->conf
.keyidx
;
285 rcu_assign_pointer(sta
->ptk
[idx
], new);
288 rcu_assign_pointer(sta
->gtk
[idx
], new);
293 old
== key_mtx_dereference(sdata
->local
,
294 sdata
->default_unicast_key
);
296 old
== key_mtx_dereference(sdata
->local
,
297 sdata
->default_multicast_key
);
299 old
== key_mtx_dereference(sdata
->local
,
300 sdata
->default_mgmt_key
);
302 if (defunikey
&& !new)
303 __ieee80211_set_default_key(sdata
, -1, true, false);
304 if (defmultikey
&& !new)
305 __ieee80211_set_default_key(sdata
, -1, false, true);
306 if (defmgmtkey
&& !new)
307 __ieee80211_set_default_mgmt_key(sdata
, -1);
309 rcu_assign_pointer(sdata
->keys
[idx
], new);
310 if (defunikey
&& new)
311 __ieee80211_set_default_key(sdata
, new->conf
.keyidx
,
313 if (defmultikey
&& new)
314 __ieee80211_set_default_key(sdata
, new->conf
.keyidx
,
316 if (defmgmtkey
&& new)
317 __ieee80211_set_default_mgmt_key(sdata
,
322 list_del(&old
->list
);
325 struct ieee80211_key
*
326 ieee80211_key_alloc(u32 cipher
, int idx
, size_t key_len
,
328 size_t seq_len
, const u8
*seq
,
329 const struct ieee80211_cipher_scheme
*cs
)
331 struct ieee80211_key
*key
;
334 if (WARN_ON(idx
< 0 || idx
>= NUM_DEFAULT_KEYS
+ NUM_DEFAULT_MGMT_KEYS
))
335 return ERR_PTR(-EINVAL
);
337 key
= kzalloc(sizeof(struct ieee80211_key
) + key_len
, GFP_KERNEL
);
339 return ERR_PTR(-ENOMEM
);
342 * Default to software encryption; we'll later upload the
343 * key to the hardware if possible.
348 key
->conf
.cipher
= cipher
;
349 key
->conf
.keyidx
= idx
;
350 key
->conf
.keylen
= key_len
;
352 case WLAN_CIPHER_SUITE_WEP40
:
353 case WLAN_CIPHER_SUITE_WEP104
:
354 key
->conf
.iv_len
= IEEE80211_WEP_IV_LEN
;
355 key
->conf
.icv_len
= IEEE80211_WEP_ICV_LEN
;
357 case WLAN_CIPHER_SUITE_TKIP
:
358 key
->conf
.iv_len
= IEEE80211_TKIP_IV_LEN
;
359 key
->conf
.icv_len
= IEEE80211_TKIP_ICV_LEN
;
361 for (i
= 0; i
< IEEE80211_NUM_TIDS
; i
++) {
362 key
->u
.tkip
.rx
[i
].iv32
=
363 get_unaligned_le32(&seq
[2]);
364 key
->u
.tkip
.rx
[i
].iv16
=
365 get_unaligned_le16(seq
);
368 spin_lock_init(&key
->u
.tkip
.txlock
);
370 case WLAN_CIPHER_SUITE_CCMP
:
371 key
->conf
.iv_len
= IEEE80211_CCMP_HDR_LEN
;
372 key
->conf
.icv_len
= IEEE80211_CCMP_MIC_LEN
;
374 for (i
= 0; i
< IEEE80211_NUM_TIDS
+ 1; i
++)
375 for (j
= 0; j
< IEEE80211_CCMP_PN_LEN
; j
++)
376 key
->u
.ccmp
.rx_pn
[i
][j
] =
377 seq
[IEEE80211_CCMP_PN_LEN
- j
- 1];
380 * Initialize AES key state here as an optimization so that
381 * it does not need to be initialized for every packet.
383 key
->u
.ccmp
.tfm
= ieee80211_aes_key_setup_encrypt(key_data
);
384 if (IS_ERR(key
->u
.ccmp
.tfm
)) {
385 err
= PTR_ERR(key
->u
.ccmp
.tfm
);
390 case WLAN_CIPHER_SUITE_AES_CMAC
:
391 key
->conf
.iv_len
= 0;
392 key
->conf
.icv_len
= sizeof(struct ieee80211_mmie
);
394 for (j
= 0; j
< IEEE80211_CMAC_PN_LEN
; j
++)
395 key
->u
.aes_cmac
.rx_pn
[j
] =
396 seq
[IEEE80211_CMAC_PN_LEN
- j
- 1];
398 * Initialize AES key state here as an optimization so that
399 * it does not need to be initialized for every packet.
401 key
->u
.aes_cmac
.tfm
=
402 ieee80211_aes_cmac_key_setup(key_data
);
403 if (IS_ERR(key
->u
.aes_cmac
.tfm
)) {
404 err
= PTR_ERR(key
->u
.aes_cmac
.tfm
);
411 size_t len
= (seq_len
> MAX_PN_LEN
) ?
412 MAX_PN_LEN
: seq_len
;
414 key
->conf
.iv_len
= cs
->hdr_len
;
415 key
->conf
.icv_len
= cs
->mic_len
;
416 for (i
= 0; i
< IEEE80211_NUM_TIDS
+ 1; i
++)
417 for (j
= 0; j
< len
; j
++)
418 key
->u
.gen
.rx_pn
[i
][j
] =
422 memcpy(key
->conf
.key
, key_data
, key_len
);
423 INIT_LIST_HEAD(&key
->list
);
428 static void ieee80211_key_free_common(struct ieee80211_key
*key
)
430 if (key
->conf
.cipher
== WLAN_CIPHER_SUITE_CCMP
)
431 ieee80211_aes_key_free(key
->u
.ccmp
.tfm
);
432 if (key
->conf
.cipher
== WLAN_CIPHER_SUITE_AES_CMAC
)
433 ieee80211_aes_cmac_key_free(key
->u
.aes_cmac
.tfm
);
437 static void __ieee80211_key_destroy(struct ieee80211_key
*key
,
441 ieee80211_key_disable_hw_accel(key
);
444 struct ieee80211_sub_if_data
*sdata
= key
->sdata
;
446 ieee80211_debugfs_key_remove(key
);
448 if (delay_tailroom
) {
449 /* see ieee80211_delayed_tailroom_dec */
450 sdata
->crypto_tx_tailroom_pending_dec
++;
451 schedule_delayed_work(&sdata
->dec_tailroom_needed_wk
,
454 sdata
->crypto_tx_tailroom_needed_cnt
--;
458 ieee80211_key_free_common(key
);
461 static void ieee80211_key_destroy(struct ieee80211_key
*key
,
468 * Synchronize so the TX path can no longer be using
469 * this key before we free/remove it.
473 __ieee80211_key_destroy(key
, delay_tailroom
);
476 void ieee80211_key_free_unused(struct ieee80211_key
*key
)
478 WARN_ON(key
->sdata
|| key
->local
);
479 ieee80211_key_free_common(key
);
482 int ieee80211_key_link(struct ieee80211_key
*key
,
483 struct ieee80211_sub_if_data
*sdata
,
484 struct sta_info
*sta
)
486 struct ieee80211_local
*local
= sdata
->local
;
487 struct ieee80211_key
*old_key
;
491 pairwise
= key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
;
492 idx
= key
->conf
.keyidx
;
493 key
->local
= sdata
->local
;
497 mutex_lock(&sdata
->local
->key_mtx
);
500 old_key
= key_mtx_dereference(sdata
->local
, sta
->ptk
[idx
]);
502 old_key
= key_mtx_dereference(sdata
->local
, sta
->gtk
[idx
]);
504 old_key
= key_mtx_dereference(sdata
->local
, sdata
->keys
[idx
]);
506 increment_tailroom_need_count(sdata
);
508 ieee80211_key_replace(sdata
, sta
, pairwise
, old_key
, key
);
509 ieee80211_key_destroy(old_key
, true);
511 ieee80211_debugfs_key_add(key
);
513 if (!local
->wowlan
) {
514 ret
= ieee80211_key_enable_hw_accel(key
);
516 ieee80211_key_free(key
, true);
521 mutex_unlock(&sdata
->local
->key_mtx
);
526 void ieee80211_key_free(struct ieee80211_key
*key
, bool delay_tailroom
)
532 * Replace key with nothingness if it was ever used.
535 ieee80211_key_replace(key
->sdata
, key
->sta
,
536 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
538 ieee80211_key_destroy(key
, delay_tailroom
);
541 void ieee80211_enable_keys(struct ieee80211_sub_if_data
*sdata
)
543 struct ieee80211_key
*key
;
547 if (WARN_ON(!ieee80211_sdata_running(sdata
)))
550 mutex_lock(&sdata
->local
->key_mtx
);
552 sdata
->crypto_tx_tailroom_needed_cnt
= 0;
554 list_for_each_entry(key
, &sdata
->key_list
, list
) {
555 increment_tailroom_need_count(sdata
);
556 ieee80211_key_enable_hw_accel(key
);
559 mutex_unlock(&sdata
->local
->key_mtx
);
562 void ieee80211_iter_keys(struct ieee80211_hw
*hw
,
563 struct ieee80211_vif
*vif
,
564 void (*iter
)(struct ieee80211_hw
*hw
,
565 struct ieee80211_vif
*vif
,
566 struct ieee80211_sta
*sta
,
567 struct ieee80211_key_conf
*key
,
571 struct ieee80211_local
*local
= hw_to_local(hw
);
572 struct ieee80211_key
*key
, *tmp
;
573 struct ieee80211_sub_if_data
*sdata
;
577 mutex_lock(&local
->key_mtx
);
579 sdata
= vif_to_sdata(vif
);
580 list_for_each_entry_safe(key
, tmp
, &sdata
->key_list
, list
)
581 iter(hw
, &sdata
->vif
,
582 key
->sta
? &key
->sta
->sta
: NULL
,
583 &key
->conf
, iter_data
);
585 list_for_each_entry(sdata
, &local
->interfaces
, list
)
586 list_for_each_entry_safe(key
, tmp
,
587 &sdata
->key_list
, list
)
588 iter(hw
, &sdata
->vif
,
589 key
->sta
? &key
->sta
->sta
: NULL
,
590 &key
->conf
, iter_data
);
592 mutex_unlock(&local
->key_mtx
);
594 EXPORT_SYMBOL(ieee80211_iter_keys
);
596 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data
*sdata
,
597 struct list_head
*keys
)
599 struct ieee80211_key
*key
, *tmp
;
601 sdata
->crypto_tx_tailroom_needed_cnt
-=
602 sdata
->crypto_tx_tailroom_pending_dec
;
603 sdata
->crypto_tx_tailroom_pending_dec
= 0;
605 ieee80211_debugfs_key_remove_mgmt_default(sdata
);
607 list_for_each_entry_safe(key
, tmp
, &sdata
->key_list
, list
) {
608 ieee80211_key_replace(key
->sdata
, key
->sta
,
609 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
611 list_add_tail(&key
->list
, keys
);
614 ieee80211_debugfs_key_update_default(sdata
);
617 void ieee80211_free_keys(struct ieee80211_sub_if_data
*sdata
,
618 bool force_synchronize
)
620 struct ieee80211_local
*local
= sdata
->local
;
621 struct ieee80211_sub_if_data
*vlan
;
622 struct ieee80211_key
*key
, *tmp
;
625 cancel_delayed_work_sync(&sdata
->dec_tailroom_needed_wk
);
627 mutex_lock(&local
->key_mtx
);
629 ieee80211_free_keys_iface(sdata
, &keys
);
631 if (sdata
->vif
.type
== NL80211_IFTYPE_AP
) {
632 list_for_each_entry(vlan
, &sdata
->u
.ap
.vlans
, u
.vlan
.list
)
633 ieee80211_free_keys_iface(vlan
, &keys
);
636 if (!list_empty(&keys
) || force_synchronize
)
638 list_for_each_entry_safe(key
, tmp
, &keys
, list
)
639 __ieee80211_key_destroy(key
, false);
641 WARN_ON_ONCE(sdata
->crypto_tx_tailroom_needed_cnt
||
642 sdata
->crypto_tx_tailroom_pending_dec
);
643 if (sdata
->vif
.type
== NL80211_IFTYPE_AP
) {
644 list_for_each_entry(vlan
, &sdata
->u
.ap
.vlans
, u
.vlan
.list
)
645 WARN_ON_ONCE(vlan
->crypto_tx_tailroom_needed_cnt
||
646 vlan
->crypto_tx_tailroom_pending_dec
);
649 mutex_unlock(&local
->key_mtx
);
652 void ieee80211_free_sta_keys(struct ieee80211_local
*local
,
653 struct sta_info
*sta
)
655 struct ieee80211_key
*key
;
658 mutex_lock(&local
->key_mtx
);
659 for (i
= 0; i
< NUM_DEFAULT_KEYS
; i
++) {
660 key
= key_mtx_dereference(local
, sta
->gtk
[i
]);
663 ieee80211_key_replace(key
->sdata
, key
->sta
,
664 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
666 __ieee80211_key_destroy(key
, true);
669 for (i
= 0; i
< NUM_DEFAULT_KEYS
; i
++) {
670 key
= key_mtx_dereference(local
, sta
->ptk
[i
]);
673 ieee80211_key_replace(key
->sdata
, key
->sta
,
674 key
->conf
.flags
& IEEE80211_KEY_FLAG_PAIRWISE
,
676 __ieee80211_key_destroy(key
, true);
679 mutex_unlock(&local
->key_mtx
);
682 void ieee80211_delayed_tailroom_dec(struct work_struct
*wk
)
684 struct ieee80211_sub_if_data
*sdata
;
686 sdata
= container_of(wk
, struct ieee80211_sub_if_data
,
687 dec_tailroom_needed_wk
.work
);
690 * The reason for the delayed tailroom needed decrementing is to
691 * make roaming faster: during roaming, all keys are first deleted
692 * and then new keys are installed. The first new key causes the
693 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
694 * the cost of synchronize_net() (which can be slow). Avoid this
695 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
696 * key removal for a while, so if we roam the value is larger than
697 * zero and no 0->1 transition happens.
699 * The cost is that if the AP switching was from an AP with keys
700 * to one without, we still allocate tailroom while it would no
701 * longer be needed. However, in the typical (fast) roaming case
702 * within an ESS this usually won't happen.
705 mutex_lock(&sdata
->local
->key_mtx
);
706 sdata
->crypto_tx_tailroom_needed_cnt
-=
707 sdata
->crypto_tx_tailroom_pending_dec
;
708 sdata
->crypto_tx_tailroom_pending_dec
= 0;
709 mutex_unlock(&sdata
->local
->key_mtx
);
712 void ieee80211_gtk_rekey_notify(struct ieee80211_vif
*vif
, const u8
*bssid
,
713 const u8
*replay_ctr
, gfp_t gfp
)
715 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
717 trace_api_gtk_rekey_notify(sdata
, bssid
, replay_ctr
);
719 cfg80211_gtk_rekey_notify(sdata
->dev
, bssid
, replay_ctr
, gfp
);
721 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify
);
723 void ieee80211_get_key_tx_seq(struct ieee80211_key_conf
*keyconf
,
724 struct ieee80211_key_seq
*seq
)
726 struct ieee80211_key
*key
;
729 if (WARN_ON(!(keyconf
->flags
& IEEE80211_KEY_FLAG_GENERATE_IV
)))
732 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
734 switch (key
->conf
.cipher
) {
735 case WLAN_CIPHER_SUITE_TKIP
:
736 seq
->tkip
.iv32
= key
->u
.tkip
.tx
.iv32
;
737 seq
->tkip
.iv16
= key
->u
.tkip
.tx
.iv16
;
739 case WLAN_CIPHER_SUITE_CCMP
:
740 pn64
= atomic64_read(&key
->u
.ccmp
.tx_pn
);
741 seq
->ccmp
.pn
[5] = pn64
;
742 seq
->ccmp
.pn
[4] = pn64
>> 8;
743 seq
->ccmp
.pn
[3] = pn64
>> 16;
744 seq
->ccmp
.pn
[2] = pn64
>> 24;
745 seq
->ccmp
.pn
[1] = pn64
>> 32;
746 seq
->ccmp
.pn
[0] = pn64
>> 40;
748 case WLAN_CIPHER_SUITE_AES_CMAC
:
749 pn64
= atomic64_read(&key
->u
.aes_cmac
.tx_pn
);
750 seq
->ccmp
.pn
[5] = pn64
;
751 seq
->ccmp
.pn
[4] = pn64
>> 8;
752 seq
->ccmp
.pn
[3] = pn64
>> 16;
753 seq
->ccmp
.pn
[2] = pn64
>> 24;
754 seq
->ccmp
.pn
[1] = pn64
>> 32;
755 seq
->ccmp
.pn
[0] = pn64
>> 40;
761 EXPORT_SYMBOL(ieee80211_get_key_tx_seq
);
763 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf
*keyconf
,
764 int tid
, struct ieee80211_key_seq
*seq
)
766 struct ieee80211_key
*key
;
769 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
771 switch (key
->conf
.cipher
) {
772 case WLAN_CIPHER_SUITE_TKIP
:
773 if (WARN_ON(tid
< 0 || tid
>= IEEE80211_NUM_TIDS
))
775 seq
->tkip
.iv32
= key
->u
.tkip
.rx
[tid
].iv32
;
776 seq
->tkip
.iv16
= key
->u
.tkip
.rx
[tid
].iv16
;
778 case WLAN_CIPHER_SUITE_CCMP
:
779 if (WARN_ON(tid
< -1 || tid
>= IEEE80211_NUM_TIDS
))
782 pn
= key
->u
.ccmp
.rx_pn
[IEEE80211_NUM_TIDS
];
784 pn
= key
->u
.ccmp
.rx_pn
[tid
];
785 memcpy(seq
->ccmp
.pn
, pn
, IEEE80211_CCMP_PN_LEN
);
787 case WLAN_CIPHER_SUITE_AES_CMAC
:
788 if (WARN_ON(tid
!= 0))
790 pn
= key
->u
.aes_cmac
.rx_pn
;
791 memcpy(seq
->aes_cmac
.pn
, pn
, IEEE80211_CMAC_PN_LEN
);
795 EXPORT_SYMBOL(ieee80211_get_key_rx_seq
);
797 void ieee80211_set_key_tx_seq(struct ieee80211_key_conf
*keyconf
,
798 struct ieee80211_key_seq
*seq
)
800 struct ieee80211_key
*key
;
803 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
805 switch (key
->conf
.cipher
) {
806 case WLAN_CIPHER_SUITE_TKIP
:
807 key
->u
.tkip
.tx
.iv32
= seq
->tkip
.iv32
;
808 key
->u
.tkip
.tx
.iv16
= seq
->tkip
.iv16
;
810 case WLAN_CIPHER_SUITE_CCMP
:
811 pn64
= (u64
)seq
->ccmp
.pn
[5] |
812 ((u64
)seq
->ccmp
.pn
[4] << 8) |
813 ((u64
)seq
->ccmp
.pn
[3] << 16) |
814 ((u64
)seq
->ccmp
.pn
[2] << 24) |
815 ((u64
)seq
->ccmp
.pn
[1] << 32) |
816 ((u64
)seq
->ccmp
.pn
[0] << 40);
817 atomic64_set(&key
->u
.ccmp
.tx_pn
, pn64
);
819 case WLAN_CIPHER_SUITE_AES_CMAC
:
820 pn64
= (u64
)seq
->aes_cmac
.pn
[5] |
821 ((u64
)seq
->aes_cmac
.pn
[4] << 8) |
822 ((u64
)seq
->aes_cmac
.pn
[3] << 16) |
823 ((u64
)seq
->aes_cmac
.pn
[2] << 24) |
824 ((u64
)seq
->aes_cmac
.pn
[1] << 32) |
825 ((u64
)seq
->aes_cmac
.pn
[0] << 40);
826 atomic64_set(&key
->u
.aes_cmac
.tx_pn
, pn64
);
833 EXPORT_SYMBOL_GPL(ieee80211_set_key_tx_seq
);
835 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf
*keyconf
,
836 int tid
, struct ieee80211_key_seq
*seq
)
838 struct ieee80211_key
*key
;
841 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
843 switch (key
->conf
.cipher
) {
844 case WLAN_CIPHER_SUITE_TKIP
:
845 if (WARN_ON(tid
< 0 || tid
>= IEEE80211_NUM_TIDS
))
847 key
->u
.tkip
.rx
[tid
].iv32
= seq
->tkip
.iv32
;
848 key
->u
.tkip
.rx
[tid
].iv16
= seq
->tkip
.iv16
;
850 case WLAN_CIPHER_SUITE_CCMP
:
851 if (WARN_ON(tid
< -1 || tid
>= IEEE80211_NUM_TIDS
))
854 pn
= key
->u
.ccmp
.rx_pn
[IEEE80211_NUM_TIDS
];
856 pn
= key
->u
.ccmp
.rx_pn
[tid
];
857 memcpy(pn
, seq
->ccmp
.pn
, IEEE80211_CCMP_PN_LEN
);
859 case WLAN_CIPHER_SUITE_AES_CMAC
:
860 if (WARN_ON(tid
!= 0))
862 pn
= key
->u
.aes_cmac
.rx_pn
;
863 memcpy(pn
, seq
->aes_cmac
.pn
, IEEE80211_CMAC_PN_LEN
);
870 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq
);
872 void ieee80211_remove_key(struct ieee80211_key_conf
*keyconf
)
874 struct ieee80211_key
*key
;
876 key
= container_of(keyconf
, struct ieee80211_key
, conf
);
878 assert_key_lock(key
->local
);
881 * if key was uploaded, we assume the driver will/has remove(d)
882 * it, so adjust bookkeeping accordingly
884 if (key
->flags
& KEY_FLAG_UPLOADED_TO_HARDWARE
) {
885 key
->flags
&= ~KEY_FLAG_UPLOADED_TO_HARDWARE
;
887 if (!(key
->conf
.flags
& IEEE80211_KEY_FLAG_GENERATE_MMIC
))
888 increment_tailroom_need_count(key
->sdata
);
891 ieee80211_key_free(key
, false);
893 EXPORT_SYMBOL_GPL(ieee80211_remove_key
);
895 struct ieee80211_key_conf
*
896 ieee80211_gtk_rekey_add(struct ieee80211_vif
*vif
,
897 struct ieee80211_key_conf
*keyconf
)
899 struct ieee80211_sub_if_data
*sdata
= vif_to_sdata(vif
);
900 struct ieee80211_local
*local
= sdata
->local
;
901 struct ieee80211_key
*key
;
904 if (WARN_ON(!local
->wowlan
))
905 return ERR_PTR(-EINVAL
);
907 if (WARN_ON(vif
->type
!= NL80211_IFTYPE_STATION
))
908 return ERR_PTR(-EINVAL
);
910 key
= ieee80211_key_alloc(keyconf
->cipher
, keyconf
->keyidx
,
911 keyconf
->keylen
, keyconf
->key
,
914 return ERR_CAST(key
);
916 if (sdata
->u
.mgd
.mfp
!= IEEE80211_MFP_DISABLED
)
917 key
->conf
.flags
|= IEEE80211_KEY_FLAG_RX_MGMT
;
919 err
= ieee80211_key_link(key
, sdata
, NULL
);
925 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add
);