Loading...
1/*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015 Intel Deutschland GmbH
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 */
13
14#include <linux/if_ether.h>
15#include <linux/etherdevice.h>
16#include <linux/list.h>
17#include <linux/rcupdate.h>
18#include <linux/rtnetlink.h>
19#include <linux/slab.h>
20#include <linux/export.h>
21#include <net/mac80211.h>
22#include <asm/unaligned.h>
23#include "ieee80211_i.h"
24#include "driver-ops.h"
25#include "debugfs_key.h"
26#include "aes_ccm.h"
27#include "aes_cmac.h"
28#include "aes_gmac.h"
29#include "aes_gcm.h"
30
31
32/**
33 * DOC: Key handling basics
34 *
35 * Key handling in mac80211 is done based on per-interface (sub_if_data)
36 * keys and per-station keys. Since each station belongs to an interface,
37 * each station key also belongs to that interface.
38 *
39 * Hardware acceleration is done on a best-effort basis for algorithms
40 * that are implemented in software, for each key the hardware is asked
41 * to enable that key for offloading but if it cannot do that the key is
42 * simply kept for software encryption (unless it is for an algorithm
43 * that isn't implemented in software).
44 * There is currently no way of knowing whether a key is handled in SW
45 * or HW except by looking into debugfs.
46 *
47 * All key management is internally protected by a mutex. Within all
48 * other parts of mac80211, key references are, just as STA structure
49 * references, protected by RCU. Note, however, that some things are
50 * unprotected, namely the key->sta dereferences within the hardware
51 * acceleration functions. This means that sta_info_destroy() must
52 * remove the key which waits for an RCU grace period.
53 */
54
55static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
56
57static void assert_key_lock(struct ieee80211_local *local)
58{
59 lockdep_assert_held(&local->key_mtx);
60}
61
62static void
63update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
64{
65 struct ieee80211_sub_if_data *vlan;
66
67 if (sdata->vif.type != NL80211_IFTYPE_AP)
68 return;
69
70 /* crypto_tx_tailroom_needed_cnt is protected by this */
71 assert_key_lock(sdata->local);
72
73 rcu_read_lock();
74
75 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
76 vlan->crypto_tx_tailroom_needed_cnt += delta;
77
78 rcu_read_unlock();
79}
80
81static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
82{
83 /*
84 * When this count is zero, SKB resizing for allocating tailroom
85 * for IV or MMIC is skipped. But, this check has created two race
86 * cases in xmit path while transiting from zero count to one:
87 *
88 * 1. SKB resize was skipped because no key was added but just before
89 * the xmit key is added and SW encryption kicks off.
90 *
91 * 2. SKB resize was skipped because all the keys were hw planted but
92 * just before xmit one of the key is deleted and SW encryption kicks
93 * off.
94 *
95 * In both the above case SW encryption will find not enough space for
96 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
97 *
98 * Solution has been explained at
99 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
100 */
101
102 assert_key_lock(sdata->local);
103
104 update_vlan_tailroom_need_count(sdata, 1);
105
106 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
107 /*
108 * Flush all XMIT packets currently using HW encryption or no
109 * encryption at all if the count transition is from 0 -> 1.
110 */
111 synchronize_net();
112 }
113}
114
115static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
116 int delta)
117{
118 assert_key_lock(sdata->local);
119
120 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
121
122 update_vlan_tailroom_need_count(sdata, -delta);
123 sdata->crypto_tx_tailroom_needed_cnt -= delta;
124}
125
126static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
127{
128 struct ieee80211_sub_if_data *sdata;
129 struct sta_info *sta;
130 int ret = -EOPNOTSUPP;
131
132 might_sleep();
133
134 if (key->flags & KEY_FLAG_TAINTED) {
135 /* If we get here, it's during resume and the key is
136 * tainted so shouldn't be used/programmed any more.
137 * However, its flags may still indicate that it was
138 * programmed into the device (since we're in resume)
139 * so clear that flag now to avoid trying to remove
140 * it again later.
141 */
142 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
143 return -EINVAL;
144 }
145
146 if (!key->local->ops->set_key)
147 goto out_unsupported;
148
149 assert_key_lock(key->local);
150
151 sta = key->sta;
152
153 /*
154 * If this is a per-STA GTK, check if it
155 * is supported; if not, return.
156 */
157 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
158 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
159 goto out_unsupported;
160
161 if (sta && !sta->uploaded)
162 goto out_unsupported;
163
164 sdata = key->sdata;
165 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
166 /*
167 * The driver doesn't know anything about VLAN interfaces.
168 * Hence, don't send GTKs for VLAN interfaces to the driver.
169 */
170 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
171 goto out_unsupported;
172 }
173
174 ret = drv_set_key(key->local, SET_KEY, sdata,
175 sta ? &sta->sta : NULL, &key->conf);
176
177 if (!ret) {
178 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
179
180 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
181 (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
182 decrease_tailroom_need_count(sdata, 1);
183
184 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
185 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
186
187 return 0;
188 }
189
190 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
191 sdata_err(sdata,
192 "failed to set key (%d, %pM) to hardware (%d)\n",
193 key->conf.keyidx,
194 sta ? sta->sta.addr : bcast_addr, ret);
195
196 out_unsupported:
197 switch (key->conf.cipher) {
198 case WLAN_CIPHER_SUITE_WEP40:
199 case WLAN_CIPHER_SUITE_WEP104:
200 case WLAN_CIPHER_SUITE_TKIP:
201 case WLAN_CIPHER_SUITE_CCMP:
202 case WLAN_CIPHER_SUITE_CCMP_256:
203 case WLAN_CIPHER_SUITE_AES_CMAC:
204 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
205 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
206 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
207 case WLAN_CIPHER_SUITE_GCMP:
208 case WLAN_CIPHER_SUITE_GCMP_256:
209 /* all of these we can do in software - if driver can */
210 if (ret == 1)
211 return 0;
212 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
213 return -EINVAL;
214 return 0;
215 default:
216 return -EINVAL;
217 }
218}
219
220static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
221{
222 struct ieee80211_sub_if_data *sdata;
223 struct sta_info *sta;
224 int ret;
225
226 might_sleep();
227
228 if (!key || !key->local->ops->set_key)
229 return;
230
231 assert_key_lock(key->local);
232
233 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
234 return;
235
236 sta = key->sta;
237 sdata = key->sdata;
238
239 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
240 (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
241 increment_tailroom_need_count(sdata);
242
243 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
244 sta ? &sta->sta : NULL, &key->conf);
245
246 if (ret)
247 sdata_err(sdata,
248 "failed to remove key (%d, %pM) from hardware (%d)\n",
249 key->conf.keyidx,
250 sta ? sta->sta.addr : bcast_addr, ret);
251
252 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
253}
254
255static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
256 int idx, bool uni, bool multi)
257{
258 struct ieee80211_key *key = NULL;
259
260 assert_key_lock(sdata->local);
261
262 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
263 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
264
265 if (uni) {
266 rcu_assign_pointer(sdata->default_unicast_key, key);
267 ieee80211_check_fast_xmit_iface(sdata);
268 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
269 drv_set_default_unicast_key(sdata->local, sdata, idx);
270 }
271
272 if (multi)
273 rcu_assign_pointer(sdata->default_multicast_key, key);
274
275 ieee80211_debugfs_key_update_default(sdata);
276}
277
278void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
279 bool uni, bool multi)
280{
281 mutex_lock(&sdata->local->key_mtx);
282 __ieee80211_set_default_key(sdata, idx, uni, multi);
283 mutex_unlock(&sdata->local->key_mtx);
284}
285
286static void
287__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
288{
289 struct ieee80211_key *key = NULL;
290
291 assert_key_lock(sdata->local);
292
293 if (idx >= NUM_DEFAULT_KEYS &&
294 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
295 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
296
297 rcu_assign_pointer(sdata->default_mgmt_key, key);
298
299 ieee80211_debugfs_key_update_default(sdata);
300}
301
302void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
303 int idx)
304{
305 mutex_lock(&sdata->local->key_mtx);
306 __ieee80211_set_default_mgmt_key(sdata, idx);
307 mutex_unlock(&sdata->local->key_mtx);
308}
309
310
311static void ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
312 struct sta_info *sta,
313 bool pairwise,
314 struct ieee80211_key *old,
315 struct ieee80211_key *new)
316{
317 int idx;
318 bool defunikey, defmultikey, defmgmtkey;
319
320 /* caller must provide at least one old/new */
321 if (WARN_ON(!new && !old))
322 return;
323
324 if (new)
325 list_add_tail_rcu(&new->list, &sdata->key_list);
326
327 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
328
329 if (old)
330 idx = old->conf.keyidx;
331 else
332 idx = new->conf.keyidx;
333
334 if (sta) {
335 if (pairwise) {
336 rcu_assign_pointer(sta->ptk[idx], new);
337 sta->ptk_idx = idx;
338 ieee80211_check_fast_xmit(sta);
339 } else {
340 rcu_assign_pointer(sta->gtk[idx], new);
341 }
342 ieee80211_check_fast_rx(sta);
343 } else {
344 defunikey = old &&
345 old == key_mtx_dereference(sdata->local,
346 sdata->default_unicast_key);
347 defmultikey = old &&
348 old == key_mtx_dereference(sdata->local,
349 sdata->default_multicast_key);
350 defmgmtkey = old &&
351 old == key_mtx_dereference(sdata->local,
352 sdata->default_mgmt_key);
353
354 if (defunikey && !new)
355 __ieee80211_set_default_key(sdata, -1, true, false);
356 if (defmultikey && !new)
357 __ieee80211_set_default_key(sdata, -1, false, true);
358 if (defmgmtkey && !new)
359 __ieee80211_set_default_mgmt_key(sdata, -1);
360
361 rcu_assign_pointer(sdata->keys[idx], new);
362 if (defunikey && new)
363 __ieee80211_set_default_key(sdata, new->conf.keyidx,
364 true, false);
365 if (defmultikey && new)
366 __ieee80211_set_default_key(sdata, new->conf.keyidx,
367 false, true);
368 if (defmgmtkey && new)
369 __ieee80211_set_default_mgmt_key(sdata,
370 new->conf.keyidx);
371 }
372
373 if (old)
374 list_del_rcu(&old->list);
375}
376
377struct ieee80211_key *
378ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
379 const u8 *key_data,
380 size_t seq_len, const u8 *seq,
381 const struct ieee80211_cipher_scheme *cs)
382{
383 struct ieee80211_key *key;
384 int i, j, err;
385
386 if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS))
387 return ERR_PTR(-EINVAL);
388
389 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
390 if (!key)
391 return ERR_PTR(-ENOMEM);
392
393 /*
394 * Default to software encryption; we'll later upload the
395 * key to the hardware if possible.
396 */
397 key->conf.flags = 0;
398 key->flags = 0;
399
400 key->conf.cipher = cipher;
401 key->conf.keyidx = idx;
402 key->conf.keylen = key_len;
403 switch (cipher) {
404 case WLAN_CIPHER_SUITE_WEP40:
405 case WLAN_CIPHER_SUITE_WEP104:
406 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
407 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
408 break;
409 case WLAN_CIPHER_SUITE_TKIP:
410 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
411 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
412 if (seq) {
413 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
414 key->u.tkip.rx[i].iv32 =
415 get_unaligned_le32(&seq[2]);
416 key->u.tkip.rx[i].iv16 =
417 get_unaligned_le16(seq);
418 }
419 }
420 spin_lock_init(&key->u.tkip.txlock);
421 break;
422 case WLAN_CIPHER_SUITE_CCMP:
423 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
424 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
425 if (seq) {
426 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
427 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
428 key->u.ccmp.rx_pn[i][j] =
429 seq[IEEE80211_CCMP_PN_LEN - j - 1];
430 }
431 /*
432 * Initialize AES key state here as an optimization so that
433 * it does not need to be initialized for every packet.
434 */
435 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
436 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
437 if (IS_ERR(key->u.ccmp.tfm)) {
438 err = PTR_ERR(key->u.ccmp.tfm);
439 kfree(key);
440 return ERR_PTR(err);
441 }
442 break;
443 case WLAN_CIPHER_SUITE_CCMP_256:
444 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
445 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
446 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
447 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
448 key->u.ccmp.rx_pn[i][j] =
449 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
450 /* Initialize AES key state here as an optimization so that
451 * it does not need to be initialized for every packet.
452 */
453 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
454 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
455 if (IS_ERR(key->u.ccmp.tfm)) {
456 err = PTR_ERR(key->u.ccmp.tfm);
457 kfree(key);
458 return ERR_PTR(err);
459 }
460 break;
461 case WLAN_CIPHER_SUITE_AES_CMAC:
462 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
463 key->conf.iv_len = 0;
464 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
465 key->conf.icv_len = sizeof(struct ieee80211_mmie);
466 else
467 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
468 if (seq)
469 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
470 key->u.aes_cmac.rx_pn[j] =
471 seq[IEEE80211_CMAC_PN_LEN - j - 1];
472 /*
473 * Initialize AES key state here as an optimization so that
474 * it does not need to be initialized for every packet.
475 */
476 key->u.aes_cmac.tfm =
477 ieee80211_aes_cmac_key_setup(key_data, key_len);
478 if (IS_ERR(key->u.aes_cmac.tfm)) {
479 err = PTR_ERR(key->u.aes_cmac.tfm);
480 kfree(key);
481 return ERR_PTR(err);
482 }
483 break;
484 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
485 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
486 key->conf.iv_len = 0;
487 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
488 if (seq)
489 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
490 key->u.aes_gmac.rx_pn[j] =
491 seq[IEEE80211_GMAC_PN_LEN - j - 1];
492 /* Initialize AES key state here as an optimization so that
493 * it does not need to be initialized for every packet.
494 */
495 key->u.aes_gmac.tfm =
496 ieee80211_aes_gmac_key_setup(key_data, key_len);
497 if (IS_ERR(key->u.aes_gmac.tfm)) {
498 err = PTR_ERR(key->u.aes_gmac.tfm);
499 kfree(key);
500 return ERR_PTR(err);
501 }
502 break;
503 case WLAN_CIPHER_SUITE_GCMP:
504 case WLAN_CIPHER_SUITE_GCMP_256:
505 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
506 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
507 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
508 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
509 key->u.gcmp.rx_pn[i][j] =
510 seq[IEEE80211_GCMP_PN_LEN - j - 1];
511 /* Initialize AES key state here as an optimization so that
512 * it does not need to be initialized for every packet.
513 */
514 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
515 key_len);
516 if (IS_ERR(key->u.gcmp.tfm)) {
517 err = PTR_ERR(key->u.gcmp.tfm);
518 kfree(key);
519 return ERR_PTR(err);
520 }
521 break;
522 default:
523 if (cs) {
524 if (seq_len && seq_len != cs->pn_len) {
525 kfree(key);
526 return ERR_PTR(-EINVAL);
527 }
528
529 key->conf.iv_len = cs->hdr_len;
530 key->conf.icv_len = cs->mic_len;
531 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
532 for (j = 0; j < seq_len; j++)
533 key->u.gen.rx_pn[i][j] =
534 seq[seq_len - j - 1];
535 key->flags |= KEY_FLAG_CIPHER_SCHEME;
536 }
537 }
538 memcpy(key->conf.key, key_data, key_len);
539 INIT_LIST_HEAD(&key->list);
540
541 return key;
542}
543
544static void ieee80211_key_free_common(struct ieee80211_key *key)
545{
546 switch (key->conf.cipher) {
547 case WLAN_CIPHER_SUITE_CCMP:
548 case WLAN_CIPHER_SUITE_CCMP_256:
549 ieee80211_aes_key_free(key->u.ccmp.tfm);
550 break;
551 case WLAN_CIPHER_SUITE_AES_CMAC:
552 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
553 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
554 break;
555 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
556 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
557 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
558 break;
559 case WLAN_CIPHER_SUITE_GCMP:
560 case WLAN_CIPHER_SUITE_GCMP_256:
561 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
562 break;
563 }
564 kzfree(key);
565}
566
567static void __ieee80211_key_destroy(struct ieee80211_key *key,
568 bool delay_tailroom)
569{
570 if (key->local)
571 ieee80211_key_disable_hw_accel(key);
572
573 if (key->local) {
574 struct ieee80211_sub_if_data *sdata = key->sdata;
575
576 ieee80211_debugfs_key_remove(key);
577
578 if (delay_tailroom) {
579 /* see ieee80211_delayed_tailroom_dec */
580 sdata->crypto_tx_tailroom_pending_dec++;
581 schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
582 HZ/2);
583 } else {
584 decrease_tailroom_need_count(sdata, 1);
585 }
586 }
587
588 ieee80211_key_free_common(key);
589}
590
591static void ieee80211_key_destroy(struct ieee80211_key *key,
592 bool delay_tailroom)
593{
594 if (!key)
595 return;
596
597 /*
598 * Synchronize so the TX path and rcu key iterators
599 * can no longer be using this key before we free/remove it.
600 */
601 synchronize_net();
602
603 __ieee80211_key_destroy(key, delay_tailroom);
604}
605
606void ieee80211_key_free_unused(struct ieee80211_key *key)
607{
608 WARN_ON(key->sdata || key->local);
609 ieee80211_key_free_common(key);
610}
611
612int ieee80211_key_link(struct ieee80211_key *key,
613 struct ieee80211_sub_if_data *sdata,
614 struct sta_info *sta)
615{
616 struct ieee80211_local *local = sdata->local;
617 struct ieee80211_key *old_key;
618 int idx, ret;
619 bool pairwise;
620
621 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
622 idx = key->conf.keyidx;
623 key->local = sdata->local;
624 key->sdata = sdata;
625 key->sta = sta;
626
627 mutex_lock(&sdata->local->key_mtx);
628
629 if (sta && pairwise)
630 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
631 else if (sta)
632 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
633 else
634 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
635
636 increment_tailroom_need_count(sdata);
637
638 ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
639 ieee80211_key_destroy(old_key, true);
640
641 ieee80211_debugfs_key_add(key);
642
643 if (!local->wowlan) {
644 ret = ieee80211_key_enable_hw_accel(key);
645 if (ret)
646 ieee80211_key_free(key, true);
647 } else {
648 ret = 0;
649 }
650
651 mutex_unlock(&sdata->local->key_mtx);
652
653 return ret;
654}
655
656void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
657{
658 if (!key)
659 return;
660
661 /*
662 * Replace key with nothingness if it was ever used.
663 */
664 if (key->sdata)
665 ieee80211_key_replace(key->sdata, key->sta,
666 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
667 key, NULL);
668 ieee80211_key_destroy(key, delay_tailroom);
669}
670
671void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
672{
673 struct ieee80211_key *key;
674 struct ieee80211_sub_if_data *vlan;
675
676 ASSERT_RTNL();
677
678 if (WARN_ON(!ieee80211_sdata_running(sdata)))
679 return;
680
681 mutex_lock(&sdata->local->key_mtx);
682
683 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
684 sdata->crypto_tx_tailroom_pending_dec);
685
686 if (sdata->vif.type == NL80211_IFTYPE_AP) {
687 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
688 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
689 vlan->crypto_tx_tailroom_pending_dec);
690 }
691
692 list_for_each_entry(key, &sdata->key_list, list) {
693 increment_tailroom_need_count(sdata);
694 ieee80211_key_enable_hw_accel(key);
695 }
696
697 mutex_unlock(&sdata->local->key_mtx);
698}
699
700void ieee80211_reset_crypto_tx_tailroom(struct ieee80211_sub_if_data *sdata)
701{
702 struct ieee80211_sub_if_data *vlan;
703
704 mutex_lock(&sdata->local->key_mtx);
705
706 sdata->crypto_tx_tailroom_needed_cnt = 0;
707
708 if (sdata->vif.type == NL80211_IFTYPE_AP) {
709 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
710 vlan->crypto_tx_tailroom_needed_cnt = 0;
711 }
712
713 mutex_unlock(&sdata->local->key_mtx);
714}
715
716void ieee80211_iter_keys(struct ieee80211_hw *hw,
717 struct ieee80211_vif *vif,
718 void (*iter)(struct ieee80211_hw *hw,
719 struct ieee80211_vif *vif,
720 struct ieee80211_sta *sta,
721 struct ieee80211_key_conf *key,
722 void *data),
723 void *iter_data)
724{
725 struct ieee80211_local *local = hw_to_local(hw);
726 struct ieee80211_key *key, *tmp;
727 struct ieee80211_sub_if_data *sdata;
728
729 ASSERT_RTNL();
730
731 mutex_lock(&local->key_mtx);
732 if (vif) {
733 sdata = vif_to_sdata(vif);
734 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
735 iter(hw, &sdata->vif,
736 key->sta ? &key->sta->sta : NULL,
737 &key->conf, iter_data);
738 } else {
739 list_for_each_entry(sdata, &local->interfaces, list)
740 list_for_each_entry_safe(key, tmp,
741 &sdata->key_list, list)
742 iter(hw, &sdata->vif,
743 key->sta ? &key->sta->sta : NULL,
744 &key->conf, iter_data);
745 }
746 mutex_unlock(&local->key_mtx);
747}
748EXPORT_SYMBOL(ieee80211_iter_keys);
749
750static void
751_ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
752 struct ieee80211_sub_if_data *sdata,
753 void (*iter)(struct ieee80211_hw *hw,
754 struct ieee80211_vif *vif,
755 struct ieee80211_sta *sta,
756 struct ieee80211_key_conf *key,
757 void *data),
758 void *iter_data)
759{
760 struct ieee80211_key *key;
761
762 list_for_each_entry_rcu(key, &sdata->key_list, list) {
763 /* skip keys of station in removal process */
764 if (key->sta && key->sta->removed)
765 continue;
766 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
767 continue;
768
769 iter(hw, &sdata->vif,
770 key->sta ? &key->sta->sta : NULL,
771 &key->conf, iter_data);
772 }
773}
774
775void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
776 struct ieee80211_vif *vif,
777 void (*iter)(struct ieee80211_hw *hw,
778 struct ieee80211_vif *vif,
779 struct ieee80211_sta *sta,
780 struct ieee80211_key_conf *key,
781 void *data),
782 void *iter_data)
783{
784 struct ieee80211_local *local = hw_to_local(hw);
785 struct ieee80211_sub_if_data *sdata;
786
787 if (vif) {
788 sdata = vif_to_sdata(vif);
789 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
790 } else {
791 list_for_each_entry_rcu(sdata, &local->interfaces, list)
792 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
793 }
794}
795EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
796
797static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
798 struct list_head *keys)
799{
800 struct ieee80211_key *key, *tmp;
801
802 decrease_tailroom_need_count(sdata,
803 sdata->crypto_tx_tailroom_pending_dec);
804 sdata->crypto_tx_tailroom_pending_dec = 0;
805
806 ieee80211_debugfs_key_remove_mgmt_default(sdata);
807
808 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
809 ieee80211_key_replace(key->sdata, key->sta,
810 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
811 key, NULL);
812 list_add_tail(&key->list, keys);
813 }
814
815 ieee80211_debugfs_key_update_default(sdata);
816}
817
818void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
819 bool force_synchronize)
820{
821 struct ieee80211_local *local = sdata->local;
822 struct ieee80211_sub_if_data *vlan;
823 struct ieee80211_sub_if_data *master;
824 struct ieee80211_key *key, *tmp;
825 LIST_HEAD(keys);
826
827 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
828
829 mutex_lock(&local->key_mtx);
830
831 ieee80211_free_keys_iface(sdata, &keys);
832
833 if (sdata->vif.type == NL80211_IFTYPE_AP) {
834 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
835 ieee80211_free_keys_iface(vlan, &keys);
836 }
837
838 if (!list_empty(&keys) || force_synchronize)
839 synchronize_net();
840 list_for_each_entry_safe(key, tmp, &keys, list)
841 __ieee80211_key_destroy(key, false);
842
843 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
844 if (sdata->bss) {
845 master = container_of(sdata->bss,
846 struct ieee80211_sub_if_data,
847 u.ap);
848
849 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
850 master->crypto_tx_tailroom_needed_cnt);
851 }
852 } else {
853 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
854 sdata->crypto_tx_tailroom_pending_dec);
855 }
856
857 if (sdata->vif.type == NL80211_IFTYPE_AP) {
858 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
859 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
860 vlan->crypto_tx_tailroom_pending_dec);
861 }
862
863 mutex_unlock(&local->key_mtx);
864}
865
866void ieee80211_free_sta_keys(struct ieee80211_local *local,
867 struct sta_info *sta)
868{
869 struct ieee80211_key *key;
870 int i;
871
872 mutex_lock(&local->key_mtx);
873 for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
874 key = key_mtx_dereference(local, sta->gtk[i]);
875 if (!key)
876 continue;
877 ieee80211_key_replace(key->sdata, key->sta,
878 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
879 key, NULL);
880 __ieee80211_key_destroy(key, true);
881 }
882
883 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
884 key = key_mtx_dereference(local, sta->ptk[i]);
885 if (!key)
886 continue;
887 ieee80211_key_replace(key->sdata, key->sta,
888 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
889 key, NULL);
890 __ieee80211_key_destroy(key, true);
891 }
892
893 mutex_unlock(&local->key_mtx);
894}
895
896void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
897{
898 struct ieee80211_sub_if_data *sdata;
899
900 sdata = container_of(wk, struct ieee80211_sub_if_data,
901 dec_tailroom_needed_wk.work);
902
903 /*
904 * The reason for the delayed tailroom needed decrementing is to
905 * make roaming faster: during roaming, all keys are first deleted
906 * and then new keys are installed. The first new key causes the
907 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
908 * the cost of synchronize_net() (which can be slow). Avoid this
909 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
910 * key removal for a while, so if we roam the value is larger than
911 * zero and no 0->1 transition happens.
912 *
913 * The cost is that if the AP switching was from an AP with keys
914 * to one without, we still allocate tailroom while it would no
915 * longer be needed. However, in the typical (fast) roaming case
916 * within an ESS this usually won't happen.
917 */
918
919 mutex_lock(&sdata->local->key_mtx);
920 decrease_tailroom_need_count(sdata,
921 sdata->crypto_tx_tailroom_pending_dec);
922 sdata->crypto_tx_tailroom_pending_dec = 0;
923 mutex_unlock(&sdata->local->key_mtx);
924}
925
926void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
927 const u8 *replay_ctr, gfp_t gfp)
928{
929 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
930
931 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
932
933 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
934}
935EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
936
937void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
938 int tid, struct ieee80211_key_seq *seq)
939{
940 struct ieee80211_key *key;
941 const u8 *pn;
942
943 key = container_of(keyconf, struct ieee80211_key, conf);
944
945 switch (key->conf.cipher) {
946 case WLAN_CIPHER_SUITE_TKIP:
947 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
948 return;
949 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
950 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
951 break;
952 case WLAN_CIPHER_SUITE_CCMP:
953 case WLAN_CIPHER_SUITE_CCMP_256:
954 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
955 return;
956 if (tid < 0)
957 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
958 else
959 pn = key->u.ccmp.rx_pn[tid];
960 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
961 break;
962 case WLAN_CIPHER_SUITE_AES_CMAC:
963 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
964 if (WARN_ON(tid != 0))
965 return;
966 pn = key->u.aes_cmac.rx_pn;
967 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
968 break;
969 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
970 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
971 if (WARN_ON(tid != 0))
972 return;
973 pn = key->u.aes_gmac.rx_pn;
974 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
975 break;
976 case WLAN_CIPHER_SUITE_GCMP:
977 case WLAN_CIPHER_SUITE_GCMP_256:
978 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
979 return;
980 if (tid < 0)
981 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
982 else
983 pn = key->u.gcmp.rx_pn[tid];
984 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
985 break;
986 }
987}
988EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
989
990void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
991 int tid, struct ieee80211_key_seq *seq)
992{
993 struct ieee80211_key *key;
994 u8 *pn;
995
996 key = container_of(keyconf, struct ieee80211_key, conf);
997
998 switch (key->conf.cipher) {
999 case WLAN_CIPHER_SUITE_TKIP:
1000 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1001 return;
1002 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1003 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1004 break;
1005 case WLAN_CIPHER_SUITE_CCMP:
1006 case WLAN_CIPHER_SUITE_CCMP_256:
1007 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1008 return;
1009 if (tid < 0)
1010 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1011 else
1012 pn = key->u.ccmp.rx_pn[tid];
1013 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1014 break;
1015 case WLAN_CIPHER_SUITE_AES_CMAC:
1016 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1017 if (WARN_ON(tid != 0))
1018 return;
1019 pn = key->u.aes_cmac.rx_pn;
1020 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1021 break;
1022 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1023 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1024 if (WARN_ON(tid != 0))
1025 return;
1026 pn = key->u.aes_gmac.rx_pn;
1027 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1028 break;
1029 case WLAN_CIPHER_SUITE_GCMP:
1030 case WLAN_CIPHER_SUITE_GCMP_256:
1031 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1032 return;
1033 if (tid < 0)
1034 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1035 else
1036 pn = key->u.gcmp.rx_pn[tid];
1037 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1038 break;
1039 default:
1040 WARN_ON(1);
1041 break;
1042 }
1043}
1044EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1045
1046void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1047{
1048 struct ieee80211_key *key;
1049
1050 key = container_of(keyconf, struct ieee80211_key, conf);
1051
1052 assert_key_lock(key->local);
1053
1054 /*
1055 * if key was uploaded, we assume the driver will/has remove(d)
1056 * it, so adjust bookkeeping accordingly
1057 */
1058 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1059 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1060
1061 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
1062 (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1063 increment_tailroom_need_count(key->sdata);
1064 }
1065
1066 ieee80211_key_free(key, false);
1067}
1068EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1069
1070struct ieee80211_key_conf *
1071ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1072 struct ieee80211_key_conf *keyconf)
1073{
1074 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1075 struct ieee80211_local *local = sdata->local;
1076 struct ieee80211_key *key;
1077 int err;
1078
1079 if (WARN_ON(!local->wowlan))
1080 return ERR_PTR(-EINVAL);
1081
1082 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1083 return ERR_PTR(-EINVAL);
1084
1085 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1086 keyconf->keylen, keyconf->key,
1087 0, NULL, NULL);
1088 if (IS_ERR(key))
1089 return ERR_CAST(key);
1090
1091 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1092 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1093
1094 err = ieee80211_key_link(key, sdata, NULL);
1095 if (err)
1096 return ERR_PTR(err);
1097
1098 return &key->conf;
1099}
1100EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright 2015-2017 Intel Deutschland GmbH
9 * Copyright 2018-2019 Intel Corporation
10 */
11
12#include <linux/if_ether.h>
13#include <linux/etherdevice.h>
14#include <linux/list.h>
15#include <linux/rcupdate.h>
16#include <linux/rtnetlink.h>
17#include <linux/slab.h>
18#include <linux/export.h>
19#include <net/mac80211.h>
20#include <crypto/algapi.h>
21#include <asm/unaligned.h>
22#include "ieee80211_i.h"
23#include "driver-ops.h"
24#include "debugfs_key.h"
25#include "aes_ccm.h"
26#include "aes_cmac.h"
27#include "aes_gmac.h"
28#include "aes_gcm.h"
29
30
31/**
32 * DOC: Key handling basics
33 *
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
37 *
38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
45 *
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
52 */
53
54static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55
56static void assert_key_lock(struct ieee80211_local *local)
57{
58 lockdep_assert_held(&local->key_mtx);
59}
60
61static void
62update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
63{
64 struct ieee80211_sub_if_data *vlan;
65
66 if (sdata->vif.type != NL80211_IFTYPE_AP)
67 return;
68
69 /* crypto_tx_tailroom_needed_cnt is protected by this */
70 assert_key_lock(sdata->local);
71
72 rcu_read_lock();
73
74 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
75 vlan->crypto_tx_tailroom_needed_cnt += delta;
76
77 rcu_read_unlock();
78}
79
80static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
81{
82 /*
83 * When this count is zero, SKB resizing for allocating tailroom
84 * for IV or MMIC is skipped. But, this check has created two race
85 * cases in xmit path while transiting from zero count to one:
86 *
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
89 *
90 * 2. SKB resize was skipped because all the keys were hw planted but
91 * just before xmit one of the key is deleted and SW encryption kicks
92 * off.
93 *
94 * In both the above case SW encryption will find not enough space for
95 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
96 *
97 * Solution has been explained at
98 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
99 */
100
101 assert_key_lock(sdata->local);
102
103 update_vlan_tailroom_need_count(sdata, 1);
104
105 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
106 /*
107 * Flush all XMIT packets currently using HW encryption or no
108 * encryption at all if the count transition is from 0 -> 1.
109 */
110 synchronize_net();
111 }
112}
113
114static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
115 int delta)
116{
117 assert_key_lock(sdata->local);
118
119 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
120
121 update_vlan_tailroom_need_count(sdata, -delta);
122 sdata->crypto_tx_tailroom_needed_cnt -= delta;
123}
124
125static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
126{
127 struct ieee80211_sub_if_data *sdata = key->sdata;
128 struct sta_info *sta;
129 int ret = -EOPNOTSUPP;
130
131 might_sleep();
132
133 if (key->flags & KEY_FLAG_TAINTED) {
134 /* If we get here, it's during resume and the key is
135 * tainted so shouldn't be used/programmed any more.
136 * However, its flags may still indicate that it was
137 * programmed into the device (since we're in resume)
138 * so clear that flag now to avoid trying to remove
139 * it again later.
140 */
141 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
143 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
144 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
145 increment_tailroom_need_count(sdata);
146
147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
148 return -EINVAL;
149 }
150
151 if (!key->local->ops->set_key)
152 goto out_unsupported;
153
154 assert_key_lock(key->local);
155
156 sta = key->sta;
157
158 /*
159 * If this is a per-STA GTK, check if it
160 * is supported; if not, return.
161 */
162 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
163 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
164 goto out_unsupported;
165
166 if (sta && !sta->uploaded)
167 goto out_unsupported;
168
169 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
170 /*
171 * The driver doesn't know anything about VLAN interfaces.
172 * Hence, don't send GTKs for VLAN interfaces to the driver.
173 */
174 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
175 ret = 1;
176 goto out_unsupported;
177 }
178 }
179
180 ret = drv_set_key(key->local, SET_KEY, sdata,
181 sta ? &sta->sta : NULL, &key->conf);
182
183 if (!ret) {
184 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
185
186 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
187 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
188 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
189 decrease_tailroom_need_count(sdata, 1);
190
191 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
192 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
193
194 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
195 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
196
197 return 0;
198 }
199
200 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
201 sdata_err(sdata,
202 "failed to set key (%d, %pM) to hardware (%d)\n",
203 key->conf.keyidx,
204 sta ? sta->sta.addr : bcast_addr, ret);
205
206 out_unsupported:
207 switch (key->conf.cipher) {
208 case WLAN_CIPHER_SUITE_WEP40:
209 case WLAN_CIPHER_SUITE_WEP104:
210 case WLAN_CIPHER_SUITE_TKIP:
211 case WLAN_CIPHER_SUITE_CCMP:
212 case WLAN_CIPHER_SUITE_CCMP_256:
213 case WLAN_CIPHER_SUITE_AES_CMAC:
214 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
215 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
216 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
217 case WLAN_CIPHER_SUITE_GCMP:
218 case WLAN_CIPHER_SUITE_GCMP_256:
219 /* all of these we can do in software - if driver can */
220 if (ret == 1)
221 return 0;
222 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
223 return -EINVAL;
224 return 0;
225 default:
226 return -EINVAL;
227 }
228}
229
230static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
231{
232 struct ieee80211_sub_if_data *sdata;
233 struct sta_info *sta;
234 int ret;
235
236 might_sleep();
237
238 if (!key || !key->local->ops->set_key)
239 return;
240
241 assert_key_lock(key->local);
242
243 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
244 return;
245
246 sta = key->sta;
247 sdata = key->sdata;
248
249 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
250 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
251 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
252 increment_tailroom_need_count(sdata);
253
254 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
255 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
256 sta ? &sta->sta : NULL, &key->conf);
257
258 if (ret)
259 sdata_err(sdata,
260 "failed to remove key (%d, %pM) from hardware (%d)\n",
261 key->conf.keyidx,
262 sta ? sta->sta.addr : bcast_addr, ret);
263}
264
265int ieee80211_set_tx_key(struct ieee80211_key *key)
266{
267 struct sta_info *sta = key->sta;
268 struct ieee80211_local *local = key->local;
269
270 assert_key_lock(local);
271
272 sta->ptk_idx = key->conf.keyidx;
273
274 if (!ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
275 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
276 ieee80211_check_fast_xmit(sta);
277
278 return 0;
279}
280
281static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
282 struct ieee80211_key *new)
283{
284 struct ieee80211_local *local = new->local;
285 struct sta_info *sta = new->sta;
286 int i;
287
288 assert_key_lock(local);
289
290 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
291 /* Extended Key ID key install, initial one or rekey */
292
293 if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
294 !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
295 /* Aggregation Sessions with Extended Key ID must not
296 * mix MPDUs with different keyIDs within one A-MPDU.
297 * Tear down running Tx aggregation sessions and block
298 * new Rx/Tx aggregation requests during rekey to
299 * ensure there are no A-MPDUs when the driver is not
300 * supporting A-MPDU key borders. (Blocking Tx only
301 * would be sufficient but WLAN_STA_BLOCK_BA gets the
302 * job done for the few ms we need it.)
303 */
304 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
305 mutex_lock(&sta->ampdu_mlme.mtx);
306 for (i = 0; i < IEEE80211_NUM_TIDS; i++)
307 ___ieee80211_stop_tx_ba_session(sta, i,
308 AGG_STOP_LOCAL_REQUEST);
309 mutex_unlock(&sta->ampdu_mlme.mtx);
310 }
311 } else if (old) {
312 /* Rekey without Extended Key ID.
313 * Aggregation sessions are OK when running on SW crypto.
314 * A broken remote STA may cause issues not observed with HW
315 * crypto, though.
316 */
317 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
318 return;
319
320 /* Stop Tx till we are on the new key */
321 old->flags |= KEY_FLAG_TAINTED;
322 ieee80211_clear_fast_xmit(sta);
323 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
324 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
325 ieee80211_sta_tear_down_BA_sessions(sta,
326 AGG_STOP_LOCAL_REQUEST);
327 }
328 if (!wiphy_ext_feature_isset(local->hw.wiphy,
329 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
330 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
331 sta->sta.addr);
332 /* Flushing the driver queues *may* help prevent
333 * the clear text leaks and freezes.
334 */
335 ieee80211_flush_queues(local, old->sdata, false);
336 }
337 }
338}
339
340static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
341 int idx, bool uni, bool multi)
342{
343 struct ieee80211_key *key = NULL;
344
345 assert_key_lock(sdata->local);
346
347 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
348 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
349
350 if (uni) {
351 rcu_assign_pointer(sdata->default_unicast_key, key);
352 ieee80211_check_fast_xmit_iface(sdata);
353 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
354 drv_set_default_unicast_key(sdata->local, sdata, idx);
355 }
356
357 if (multi)
358 rcu_assign_pointer(sdata->default_multicast_key, key);
359
360 ieee80211_debugfs_key_update_default(sdata);
361}
362
363void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
364 bool uni, bool multi)
365{
366 mutex_lock(&sdata->local->key_mtx);
367 __ieee80211_set_default_key(sdata, idx, uni, multi);
368 mutex_unlock(&sdata->local->key_mtx);
369}
370
371static void
372__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
373{
374 struct ieee80211_key *key = NULL;
375
376 assert_key_lock(sdata->local);
377
378 if (idx >= NUM_DEFAULT_KEYS &&
379 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
380 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
381
382 rcu_assign_pointer(sdata->default_mgmt_key, key);
383
384 ieee80211_debugfs_key_update_default(sdata);
385}
386
387void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
388 int idx)
389{
390 mutex_lock(&sdata->local->key_mtx);
391 __ieee80211_set_default_mgmt_key(sdata, idx);
392 mutex_unlock(&sdata->local->key_mtx);
393}
394
395static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
396 struct sta_info *sta,
397 bool pairwise,
398 struct ieee80211_key *old,
399 struct ieee80211_key *new)
400{
401 int idx;
402 int ret = 0;
403 bool defunikey, defmultikey, defmgmtkey;
404
405 /* caller must provide at least one old/new */
406 if (WARN_ON(!new && !old))
407 return 0;
408
409 if (new)
410 list_add_tail_rcu(&new->list, &sdata->key_list);
411
412 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
413
414 if (new && sta && pairwise) {
415 /* Unicast rekey needs special handling. With Extended Key ID
416 * old is still NULL for the first rekey.
417 */
418 ieee80211_pairwise_rekey(old, new);
419 }
420
421 if (old) {
422 idx = old->conf.keyidx;
423
424 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
425 ieee80211_key_disable_hw_accel(old);
426
427 if (new)
428 ret = ieee80211_key_enable_hw_accel(new);
429 }
430 } else {
431 /* new must be provided in case old is not */
432 idx = new->conf.keyidx;
433 if (!new->local->wowlan)
434 ret = ieee80211_key_enable_hw_accel(new);
435 }
436
437 if (ret)
438 return ret;
439
440 if (sta) {
441 if (pairwise) {
442 rcu_assign_pointer(sta->ptk[idx], new);
443 if (new &&
444 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)) {
445 sta->ptk_idx = idx;
446 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
447 ieee80211_check_fast_xmit(sta);
448 }
449 } else {
450 rcu_assign_pointer(sta->gtk[idx], new);
451 }
452 /* Only needed for transition from no key -> key.
453 * Still triggers unnecessary when using Extended Key ID
454 * and installing the second key ID the first time.
455 */
456 if (new && !old)
457 ieee80211_check_fast_rx(sta);
458 } else {
459 defunikey = old &&
460 old == key_mtx_dereference(sdata->local,
461 sdata->default_unicast_key);
462 defmultikey = old &&
463 old == key_mtx_dereference(sdata->local,
464 sdata->default_multicast_key);
465 defmgmtkey = old &&
466 old == key_mtx_dereference(sdata->local,
467 sdata->default_mgmt_key);
468
469 if (defunikey && !new)
470 __ieee80211_set_default_key(sdata, -1, true, false);
471 if (defmultikey && !new)
472 __ieee80211_set_default_key(sdata, -1, false, true);
473 if (defmgmtkey && !new)
474 __ieee80211_set_default_mgmt_key(sdata, -1);
475
476 rcu_assign_pointer(sdata->keys[idx], new);
477 if (defunikey && new)
478 __ieee80211_set_default_key(sdata, new->conf.keyidx,
479 true, false);
480 if (defmultikey && new)
481 __ieee80211_set_default_key(sdata, new->conf.keyidx,
482 false, true);
483 if (defmgmtkey && new)
484 __ieee80211_set_default_mgmt_key(sdata,
485 new->conf.keyidx);
486 }
487
488 if (old)
489 list_del_rcu(&old->list);
490
491 return 0;
492}
493
494struct ieee80211_key *
495ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
496 const u8 *key_data,
497 size_t seq_len, const u8 *seq,
498 const struct ieee80211_cipher_scheme *cs)
499{
500 struct ieee80211_key *key;
501 int i, j, err;
502
503 if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS))
504 return ERR_PTR(-EINVAL);
505
506 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
507 if (!key)
508 return ERR_PTR(-ENOMEM);
509
510 /*
511 * Default to software encryption; we'll later upload the
512 * key to the hardware if possible.
513 */
514 key->conf.flags = 0;
515 key->flags = 0;
516
517 key->conf.cipher = cipher;
518 key->conf.keyidx = idx;
519 key->conf.keylen = key_len;
520 switch (cipher) {
521 case WLAN_CIPHER_SUITE_WEP40:
522 case WLAN_CIPHER_SUITE_WEP104:
523 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
524 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
525 break;
526 case WLAN_CIPHER_SUITE_TKIP:
527 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
528 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
529 if (seq) {
530 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
531 key->u.tkip.rx[i].iv32 =
532 get_unaligned_le32(&seq[2]);
533 key->u.tkip.rx[i].iv16 =
534 get_unaligned_le16(seq);
535 }
536 }
537 spin_lock_init(&key->u.tkip.txlock);
538 break;
539 case WLAN_CIPHER_SUITE_CCMP:
540 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
541 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
542 if (seq) {
543 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
544 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
545 key->u.ccmp.rx_pn[i][j] =
546 seq[IEEE80211_CCMP_PN_LEN - j - 1];
547 }
548 /*
549 * Initialize AES key state here as an optimization so that
550 * it does not need to be initialized for every packet.
551 */
552 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
553 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
554 if (IS_ERR(key->u.ccmp.tfm)) {
555 err = PTR_ERR(key->u.ccmp.tfm);
556 kfree(key);
557 return ERR_PTR(err);
558 }
559 break;
560 case WLAN_CIPHER_SUITE_CCMP_256:
561 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
562 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
563 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
564 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
565 key->u.ccmp.rx_pn[i][j] =
566 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
567 /* Initialize AES key state here as an optimization so that
568 * it does not need to be initialized for every packet.
569 */
570 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
571 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
572 if (IS_ERR(key->u.ccmp.tfm)) {
573 err = PTR_ERR(key->u.ccmp.tfm);
574 kfree(key);
575 return ERR_PTR(err);
576 }
577 break;
578 case WLAN_CIPHER_SUITE_AES_CMAC:
579 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
580 key->conf.iv_len = 0;
581 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
582 key->conf.icv_len = sizeof(struct ieee80211_mmie);
583 else
584 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
585 if (seq)
586 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
587 key->u.aes_cmac.rx_pn[j] =
588 seq[IEEE80211_CMAC_PN_LEN - j - 1];
589 /*
590 * Initialize AES key state here as an optimization so that
591 * it does not need to be initialized for every packet.
592 */
593 key->u.aes_cmac.tfm =
594 ieee80211_aes_cmac_key_setup(key_data, key_len);
595 if (IS_ERR(key->u.aes_cmac.tfm)) {
596 err = PTR_ERR(key->u.aes_cmac.tfm);
597 kfree(key);
598 return ERR_PTR(err);
599 }
600 break;
601 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
602 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
603 key->conf.iv_len = 0;
604 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
605 if (seq)
606 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
607 key->u.aes_gmac.rx_pn[j] =
608 seq[IEEE80211_GMAC_PN_LEN - j - 1];
609 /* Initialize AES key state here as an optimization so that
610 * it does not need to be initialized for every packet.
611 */
612 key->u.aes_gmac.tfm =
613 ieee80211_aes_gmac_key_setup(key_data, key_len);
614 if (IS_ERR(key->u.aes_gmac.tfm)) {
615 err = PTR_ERR(key->u.aes_gmac.tfm);
616 kfree(key);
617 return ERR_PTR(err);
618 }
619 break;
620 case WLAN_CIPHER_SUITE_GCMP:
621 case WLAN_CIPHER_SUITE_GCMP_256:
622 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
623 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
624 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
625 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
626 key->u.gcmp.rx_pn[i][j] =
627 seq[IEEE80211_GCMP_PN_LEN - j - 1];
628 /* Initialize AES key state here as an optimization so that
629 * it does not need to be initialized for every packet.
630 */
631 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
632 key_len);
633 if (IS_ERR(key->u.gcmp.tfm)) {
634 err = PTR_ERR(key->u.gcmp.tfm);
635 kfree(key);
636 return ERR_PTR(err);
637 }
638 break;
639 default:
640 if (cs) {
641 if (seq_len && seq_len != cs->pn_len) {
642 kfree(key);
643 return ERR_PTR(-EINVAL);
644 }
645
646 key->conf.iv_len = cs->hdr_len;
647 key->conf.icv_len = cs->mic_len;
648 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
649 for (j = 0; j < seq_len; j++)
650 key->u.gen.rx_pn[i][j] =
651 seq[seq_len - j - 1];
652 key->flags |= KEY_FLAG_CIPHER_SCHEME;
653 }
654 }
655 memcpy(key->conf.key, key_data, key_len);
656 INIT_LIST_HEAD(&key->list);
657
658 return key;
659}
660
661static void ieee80211_key_free_common(struct ieee80211_key *key)
662{
663 switch (key->conf.cipher) {
664 case WLAN_CIPHER_SUITE_CCMP:
665 case WLAN_CIPHER_SUITE_CCMP_256:
666 ieee80211_aes_key_free(key->u.ccmp.tfm);
667 break;
668 case WLAN_CIPHER_SUITE_AES_CMAC:
669 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
670 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
671 break;
672 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
673 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
674 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
675 break;
676 case WLAN_CIPHER_SUITE_GCMP:
677 case WLAN_CIPHER_SUITE_GCMP_256:
678 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
679 break;
680 }
681 kzfree(key);
682}
683
684static void __ieee80211_key_destroy(struct ieee80211_key *key,
685 bool delay_tailroom)
686{
687 if (key->local) {
688 struct ieee80211_sub_if_data *sdata = key->sdata;
689
690 ieee80211_debugfs_key_remove(key);
691
692 if (delay_tailroom) {
693 /* see ieee80211_delayed_tailroom_dec */
694 sdata->crypto_tx_tailroom_pending_dec++;
695 schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
696 HZ/2);
697 } else {
698 decrease_tailroom_need_count(sdata, 1);
699 }
700 }
701
702 ieee80211_key_free_common(key);
703}
704
705static void ieee80211_key_destroy(struct ieee80211_key *key,
706 bool delay_tailroom)
707{
708 if (!key)
709 return;
710
711 /*
712 * Synchronize so the TX path and rcu key iterators
713 * can no longer be using this key before we free/remove it.
714 */
715 synchronize_net();
716
717 __ieee80211_key_destroy(key, delay_tailroom);
718}
719
720void ieee80211_key_free_unused(struct ieee80211_key *key)
721{
722 WARN_ON(key->sdata || key->local);
723 ieee80211_key_free_common(key);
724}
725
726static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
727 struct ieee80211_key *old,
728 struct ieee80211_key *new)
729{
730 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
731 u8 *tk_old, *tk_new;
732
733 if (!old || new->conf.keylen != old->conf.keylen)
734 return false;
735
736 tk_old = old->conf.key;
737 tk_new = new->conf.key;
738
739 /*
740 * In station mode, don't compare the TX MIC key, as it's never used
741 * and offloaded rekeying may not care to send it to the host. This
742 * is the case in iwlwifi, for example.
743 */
744 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
745 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
746 new->conf.keylen == WLAN_KEY_LEN_TKIP &&
747 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
748 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
749 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
750 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
751 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
752 tk_old = tkip_old;
753 tk_new = tkip_new;
754 }
755
756 return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
757}
758
759int ieee80211_key_link(struct ieee80211_key *key,
760 struct ieee80211_sub_if_data *sdata,
761 struct sta_info *sta)
762{
763 struct ieee80211_key *old_key;
764 int idx = key->conf.keyidx;
765 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
766 /*
767 * We want to delay tailroom updates only for station - in that
768 * case it helps roaming speed, but in other cases it hurts and
769 * can cause warnings to appear.
770 */
771 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
772 int ret = -EOPNOTSUPP;
773
774 mutex_lock(&sdata->local->key_mtx);
775
776 if (sta && pairwise) {
777 struct ieee80211_key *alt_key;
778
779 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
780 alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]);
781
782 /* The rekey code assumes that the old and new key are using
783 * the same cipher. Enforce the assumption for pairwise keys.
784 */
785 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
786 (old_key && old_key->conf.cipher != key->conf.cipher))
787 goto out;
788 } else if (sta) {
789 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
790 } else {
791 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
792 }
793
794 /* Non-pairwise keys must also not switch the cipher on rekey */
795 if (!pairwise) {
796 if (old_key && old_key->conf.cipher != key->conf.cipher)
797 goto out;
798 }
799
800 /*
801 * Silently accept key re-installation without really installing the
802 * new version of the key to avoid nonce reuse or replay issues.
803 */
804 if (ieee80211_key_identical(sdata, old_key, key)) {
805 ieee80211_key_free_unused(key);
806 ret = 0;
807 goto out;
808 }
809
810 key->local = sdata->local;
811 key->sdata = sdata;
812 key->sta = sta;
813
814 increment_tailroom_need_count(sdata);
815
816 ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
817
818 if (!ret) {
819 ieee80211_debugfs_key_add(key);
820 ieee80211_key_destroy(old_key, delay_tailroom);
821 } else {
822 ieee80211_key_free(key, delay_tailroom);
823 }
824
825 out:
826 mutex_unlock(&sdata->local->key_mtx);
827
828 return ret;
829}
830
831void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
832{
833 if (!key)
834 return;
835
836 /*
837 * Replace key with nothingness if it was ever used.
838 */
839 if (key->sdata)
840 ieee80211_key_replace(key->sdata, key->sta,
841 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
842 key, NULL);
843 ieee80211_key_destroy(key, delay_tailroom);
844}
845
846void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
847{
848 struct ieee80211_key *key;
849 struct ieee80211_sub_if_data *vlan;
850
851 ASSERT_RTNL();
852
853 mutex_lock(&sdata->local->key_mtx);
854
855 sdata->crypto_tx_tailroom_needed_cnt = 0;
856 sdata->crypto_tx_tailroom_pending_dec = 0;
857
858 if (sdata->vif.type == NL80211_IFTYPE_AP) {
859 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
860 vlan->crypto_tx_tailroom_needed_cnt = 0;
861 vlan->crypto_tx_tailroom_pending_dec = 0;
862 }
863 }
864
865 if (ieee80211_sdata_running(sdata)) {
866 list_for_each_entry(key, &sdata->key_list, list) {
867 increment_tailroom_need_count(sdata);
868 ieee80211_key_enable_hw_accel(key);
869 }
870 }
871
872 mutex_unlock(&sdata->local->key_mtx);
873}
874
875void ieee80211_iter_keys(struct ieee80211_hw *hw,
876 struct ieee80211_vif *vif,
877 void (*iter)(struct ieee80211_hw *hw,
878 struct ieee80211_vif *vif,
879 struct ieee80211_sta *sta,
880 struct ieee80211_key_conf *key,
881 void *data),
882 void *iter_data)
883{
884 struct ieee80211_local *local = hw_to_local(hw);
885 struct ieee80211_key *key, *tmp;
886 struct ieee80211_sub_if_data *sdata;
887
888 ASSERT_RTNL();
889
890 mutex_lock(&local->key_mtx);
891 if (vif) {
892 sdata = vif_to_sdata(vif);
893 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
894 iter(hw, &sdata->vif,
895 key->sta ? &key->sta->sta : NULL,
896 &key->conf, iter_data);
897 } else {
898 list_for_each_entry(sdata, &local->interfaces, list)
899 list_for_each_entry_safe(key, tmp,
900 &sdata->key_list, list)
901 iter(hw, &sdata->vif,
902 key->sta ? &key->sta->sta : NULL,
903 &key->conf, iter_data);
904 }
905 mutex_unlock(&local->key_mtx);
906}
907EXPORT_SYMBOL(ieee80211_iter_keys);
908
909static void
910_ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
911 struct ieee80211_sub_if_data *sdata,
912 void (*iter)(struct ieee80211_hw *hw,
913 struct ieee80211_vif *vif,
914 struct ieee80211_sta *sta,
915 struct ieee80211_key_conf *key,
916 void *data),
917 void *iter_data)
918{
919 struct ieee80211_key *key;
920
921 list_for_each_entry_rcu(key, &sdata->key_list, list) {
922 /* skip keys of station in removal process */
923 if (key->sta && key->sta->removed)
924 continue;
925 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
926 continue;
927
928 iter(hw, &sdata->vif,
929 key->sta ? &key->sta->sta : NULL,
930 &key->conf, iter_data);
931 }
932}
933
934void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
935 struct ieee80211_vif *vif,
936 void (*iter)(struct ieee80211_hw *hw,
937 struct ieee80211_vif *vif,
938 struct ieee80211_sta *sta,
939 struct ieee80211_key_conf *key,
940 void *data),
941 void *iter_data)
942{
943 struct ieee80211_local *local = hw_to_local(hw);
944 struct ieee80211_sub_if_data *sdata;
945
946 if (vif) {
947 sdata = vif_to_sdata(vif);
948 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
949 } else {
950 list_for_each_entry_rcu(sdata, &local->interfaces, list)
951 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
952 }
953}
954EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
955
956static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
957 struct list_head *keys)
958{
959 struct ieee80211_key *key, *tmp;
960
961 decrease_tailroom_need_count(sdata,
962 sdata->crypto_tx_tailroom_pending_dec);
963 sdata->crypto_tx_tailroom_pending_dec = 0;
964
965 ieee80211_debugfs_key_remove_mgmt_default(sdata);
966
967 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
968 ieee80211_key_replace(key->sdata, key->sta,
969 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
970 key, NULL);
971 list_add_tail(&key->list, keys);
972 }
973
974 ieee80211_debugfs_key_update_default(sdata);
975}
976
977void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
978 bool force_synchronize)
979{
980 struct ieee80211_local *local = sdata->local;
981 struct ieee80211_sub_if_data *vlan;
982 struct ieee80211_sub_if_data *master;
983 struct ieee80211_key *key, *tmp;
984 LIST_HEAD(keys);
985
986 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
987
988 mutex_lock(&local->key_mtx);
989
990 ieee80211_free_keys_iface(sdata, &keys);
991
992 if (sdata->vif.type == NL80211_IFTYPE_AP) {
993 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
994 ieee80211_free_keys_iface(vlan, &keys);
995 }
996
997 if (!list_empty(&keys) || force_synchronize)
998 synchronize_net();
999 list_for_each_entry_safe(key, tmp, &keys, list)
1000 __ieee80211_key_destroy(key, false);
1001
1002 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1003 if (sdata->bss) {
1004 master = container_of(sdata->bss,
1005 struct ieee80211_sub_if_data,
1006 u.ap);
1007
1008 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1009 master->crypto_tx_tailroom_needed_cnt);
1010 }
1011 } else {
1012 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1013 sdata->crypto_tx_tailroom_pending_dec);
1014 }
1015
1016 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1017 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1018 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1019 vlan->crypto_tx_tailroom_pending_dec);
1020 }
1021
1022 mutex_unlock(&local->key_mtx);
1023}
1024
1025void ieee80211_free_sta_keys(struct ieee80211_local *local,
1026 struct sta_info *sta)
1027{
1028 struct ieee80211_key *key;
1029 int i;
1030
1031 mutex_lock(&local->key_mtx);
1032 for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
1033 key = key_mtx_dereference(local, sta->gtk[i]);
1034 if (!key)
1035 continue;
1036 ieee80211_key_replace(key->sdata, key->sta,
1037 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1038 key, NULL);
1039 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1040 NL80211_IFTYPE_STATION);
1041 }
1042
1043 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1044 key = key_mtx_dereference(local, sta->ptk[i]);
1045 if (!key)
1046 continue;
1047 ieee80211_key_replace(key->sdata, key->sta,
1048 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1049 key, NULL);
1050 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1051 NL80211_IFTYPE_STATION);
1052 }
1053
1054 mutex_unlock(&local->key_mtx);
1055}
1056
1057void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
1058{
1059 struct ieee80211_sub_if_data *sdata;
1060
1061 sdata = container_of(wk, struct ieee80211_sub_if_data,
1062 dec_tailroom_needed_wk.work);
1063
1064 /*
1065 * The reason for the delayed tailroom needed decrementing is to
1066 * make roaming faster: during roaming, all keys are first deleted
1067 * and then new keys are installed. The first new key causes the
1068 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1069 * the cost of synchronize_net() (which can be slow). Avoid this
1070 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1071 * key removal for a while, so if we roam the value is larger than
1072 * zero and no 0->1 transition happens.
1073 *
1074 * The cost is that if the AP switching was from an AP with keys
1075 * to one without, we still allocate tailroom while it would no
1076 * longer be needed. However, in the typical (fast) roaming case
1077 * within an ESS this usually won't happen.
1078 */
1079
1080 mutex_lock(&sdata->local->key_mtx);
1081 decrease_tailroom_need_count(sdata,
1082 sdata->crypto_tx_tailroom_pending_dec);
1083 sdata->crypto_tx_tailroom_pending_dec = 0;
1084 mutex_unlock(&sdata->local->key_mtx);
1085}
1086
1087void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1088 const u8 *replay_ctr, gfp_t gfp)
1089{
1090 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1091
1092 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1093
1094 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1095}
1096EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1097
1098void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1099 int tid, struct ieee80211_key_seq *seq)
1100{
1101 struct ieee80211_key *key;
1102 const u8 *pn;
1103
1104 key = container_of(keyconf, struct ieee80211_key, conf);
1105
1106 switch (key->conf.cipher) {
1107 case WLAN_CIPHER_SUITE_TKIP:
1108 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1109 return;
1110 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1111 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1112 break;
1113 case WLAN_CIPHER_SUITE_CCMP:
1114 case WLAN_CIPHER_SUITE_CCMP_256:
1115 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1116 return;
1117 if (tid < 0)
1118 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1119 else
1120 pn = key->u.ccmp.rx_pn[tid];
1121 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1122 break;
1123 case WLAN_CIPHER_SUITE_AES_CMAC:
1124 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1125 if (WARN_ON(tid != 0))
1126 return;
1127 pn = key->u.aes_cmac.rx_pn;
1128 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1129 break;
1130 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1131 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1132 if (WARN_ON(tid != 0))
1133 return;
1134 pn = key->u.aes_gmac.rx_pn;
1135 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1136 break;
1137 case WLAN_CIPHER_SUITE_GCMP:
1138 case WLAN_CIPHER_SUITE_GCMP_256:
1139 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1140 return;
1141 if (tid < 0)
1142 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1143 else
1144 pn = key->u.gcmp.rx_pn[tid];
1145 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1146 break;
1147 }
1148}
1149EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1150
1151void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1152 int tid, struct ieee80211_key_seq *seq)
1153{
1154 struct ieee80211_key *key;
1155 u8 *pn;
1156
1157 key = container_of(keyconf, struct ieee80211_key, conf);
1158
1159 switch (key->conf.cipher) {
1160 case WLAN_CIPHER_SUITE_TKIP:
1161 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1162 return;
1163 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1164 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1165 break;
1166 case WLAN_CIPHER_SUITE_CCMP:
1167 case WLAN_CIPHER_SUITE_CCMP_256:
1168 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1169 return;
1170 if (tid < 0)
1171 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1172 else
1173 pn = key->u.ccmp.rx_pn[tid];
1174 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1175 break;
1176 case WLAN_CIPHER_SUITE_AES_CMAC:
1177 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1178 if (WARN_ON(tid != 0))
1179 return;
1180 pn = key->u.aes_cmac.rx_pn;
1181 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1182 break;
1183 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1184 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1185 if (WARN_ON(tid != 0))
1186 return;
1187 pn = key->u.aes_gmac.rx_pn;
1188 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1189 break;
1190 case WLAN_CIPHER_SUITE_GCMP:
1191 case WLAN_CIPHER_SUITE_GCMP_256:
1192 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1193 return;
1194 if (tid < 0)
1195 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1196 else
1197 pn = key->u.gcmp.rx_pn[tid];
1198 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1199 break;
1200 default:
1201 WARN_ON(1);
1202 break;
1203 }
1204}
1205EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1206
1207void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1208{
1209 struct ieee80211_key *key;
1210
1211 key = container_of(keyconf, struct ieee80211_key, conf);
1212
1213 assert_key_lock(key->local);
1214
1215 /*
1216 * if key was uploaded, we assume the driver will/has remove(d)
1217 * it, so adjust bookkeeping accordingly
1218 */
1219 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1220 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1221
1222 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1223 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1224 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1225 increment_tailroom_need_count(key->sdata);
1226 }
1227
1228 ieee80211_key_free(key, false);
1229}
1230EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1231
1232struct ieee80211_key_conf *
1233ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1234 struct ieee80211_key_conf *keyconf)
1235{
1236 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1237 struct ieee80211_local *local = sdata->local;
1238 struct ieee80211_key *key;
1239 int err;
1240
1241 if (WARN_ON(!local->wowlan))
1242 return ERR_PTR(-EINVAL);
1243
1244 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1245 return ERR_PTR(-EINVAL);
1246
1247 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1248 keyconf->keylen, keyconf->key,
1249 0, NULL, NULL);
1250 if (IS_ERR(key))
1251 return ERR_CAST(key);
1252
1253 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1254 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1255
1256 err = ieee80211_key_link(key, sdata, NULL);
1257 if (err)
1258 return ERR_PTR(err);
1259
1260 return &key->conf;
1261}
1262EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);