Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright 2015-2017 Intel Deutschland GmbH
9 * Copyright 2018-2020 Intel Corporation
10 */
11
12#include <linux/if_ether.h>
13#include <linux/etherdevice.h>
14#include <linux/list.h>
15#include <linux/rcupdate.h>
16#include <linux/rtnetlink.h>
17#include <linux/slab.h>
18#include <linux/export.h>
19#include <net/mac80211.h>
20#include <crypto/algapi.h>
21#include <asm/unaligned.h>
22#include "ieee80211_i.h"
23#include "driver-ops.h"
24#include "debugfs_key.h"
25#include "aes_ccm.h"
26#include "aes_cmac.h"
27#include "aes_gmac.h"
28#include "aes_gcm.h"
29
30
31/**
32 * DOC: Key handling basics
33 *
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
37 *
38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
45 *
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
52 */
53
54static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55
56static void assert_key_lock(struct ieee80211_local *local)
57{
58 lockdep_assert_held(&local->key_mtx);
59}
60
61static void
62update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
63{
64 struct ieee80211_sub_if_data *vlan;
65
66 if (sdata->vif.type != NL80211_IFTYPE_AP)
67 return;
68
69 /* crypto_tx_tailroom_needed_cnt is protected by this */
70 assert_key_lock(sdata->local);
71
72 rcu_read_lock();
73
74 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
75 vlan->crypto_tx_tailroom_needed_cnt += delta;
76
77 rcu_read_unlock();
78}
79
80static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
81{
82 /*
83 * When this count is zero, SKB resizing for allocating tailroom
84 * for IV or MMIC is skipped. But, this check has created two race
85 * cases in xmit path while transiting from zero count to one:
86 *
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
89 *
90 * 2. SKB resize was skipped because all the keys were hw planted but
91 * just before xmit one of the key is deleted and SW encryption kicks
92 * off.
93 *
94 * In both the above case SW encryption will find not enough space for
95 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
96 *
97 * Solution has been explained at
98 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
99 */
100
101 assert_key_lock(sdata->local);
102
103 update_vlan_tailroom_need_count(sdata, 1);
104
105 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
106 /*
107 * Flush all XMIT packets currently using HW encryption or no
108 * encryption at all if the count transition is from 0 -> 1.
109 */
110 synchronize_net();
111 }
112}
113
114static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
115 int delta)
116{
117 assert_key_lock(sdata->local);
118
119 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
120
121 update_vlan_tailroom_need_count(sdata, -delta);
122 sdata->crypto_tx_tailroom_needed_cnt -= delta;
123}
124
125static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
126{
127 struct ieee80211_sub_if_data *sdata = key->sdata;
128 struct sta_info *sta;
129 int ret = -EOPNOTSUPP;
130
131 might_sleep();
132
133 if (key->flags & KEY_FLAG_TAINTED) {
134 /* If we get here, it's during resume and the key is
135 * tainted so shouldn't be used/programmed any more.
136 * However, its flags may still indicate that it was
137 * programmed into the device (since we're in resume)
138 * so clear that flag now to avoid trying to remove
139 * it again later.
140 */
141 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
143 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
144 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
145 increment_tailroom_need_count(sdata);
146
147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
148 return -EINVAL;
149 }
150
151 if (!key->local->ops->set_key)
152 goto out_unsupported;
153
154 assert_key_lock(key->local);
155
156 sta = key->sta;
157
158 /*
159 * If this is a per-STA GTK, check if it
160 * is supported; if not, return.
161 */
162 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
163 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
164 goto out_unsupported;
165
166 if (sta && !sta->uploaded)
167 goto out_unsupported;
168
169 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
170 /*
171 * The driver doesn't know anything about VLAN interfaces.
172 * Hence, don't send GTKs for VLAN interfaces to the driver.
173 */
174 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
175 ret = 1;
176 goto out_unsupported;
177 }
178 }
179
180 ret = drv_set_key(key->local, SET_KEY, sdata,
181 sta ? &sta->sta : NULL, &key->conf);
182
183 if (!ret) {
184 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
185
186 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
187 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
188 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
189 decrease_tailroom_need_count(sdata, 1);
190
191 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
192 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
193
194 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
195 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
196
197 return 0;
198 }
199
200 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
201 sdata_err(sdata,
202 "failed to set key (%d, %pM) to hardware (%d)\n",
203 key->conf.keyidx,
204 sta ? sta->sta.addr : bcast_addr, ret);
205
206 out_unsupported:
207 switch (key->conf.cipher) {
208 case WLAN_CIPHER_SUITE_WEP40:
209 case WLAN_CIPHER_SUITE_WEP104:
210 case WLAN_CIPHER_SUITE_TKIP:
211 case WLAN_CIPHER_SUITE_CCMP:
212 case WLAN_CIPHER_SUITE_CCMP_256:
213 case WLAN_CIPHER_SUITE_GCMP:
214 case WLAN_CIPHER_SUITE_GCMP_256:
215 case WLAN_CIPHER_SUITE_AES_CMAC:
216 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
217 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
218 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
219 /* all of these we can do in software - if driver can */
220 if (ret == 1)
221 return 0;
222 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
223 return -EINVAL;
224 return 0;
225 default:
226 return -EINVAL;
227 }
228}
229
230static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
231{
232 struct ieee80211_sub_if_data *sdata;
233 struct sta_info *sta;
234 int ret;
235
236 might_sleep();
237
238 if (!key || !key->local->ops->set_key)
239 return;
240
241 assert_key_lock(key->local);
242
243 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
244 return;
245
246 sta = key->sta;
247 sdata = key->sdata;
248
249 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
250 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
251 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
252 increment_tailroom_need_count(sdata);
253
254 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
255 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
256 sta ? &sta->sta : NULL, &key->conf);
257
258 if (ret)
259 sdata_err(sdata,
260 "failed to remove key (%d, %pM) from hardware (%d)\n",
261 key->conf.keyidx,
262 sta ? sta->sta.addr : bcast_addr, ret);
263}
264
265static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
266{
267 struct sta_info *sta = key->sta;
268 struct ieee80211_local *local = key->local;
269
270 assert_key_lock(local);
271
272 set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
273
274 sta->ptk_idx = key->conf.keyidx;
275
276 if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
277 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
278 ieee80211_check_fast_xmit(sta);
279
280 return 0;
281}
282
283int ieee80211_set_tx_key(struct ieee80211_key *key)
284{
285 return _ieee80211_set_tx_key(key, false);
286}
287
288static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
289 struct ieee80211_key *new)
290{
291 struct ieee80211_local *local = new->local;
292 struct sta_info *sta = new->sta;
293 int i;
294
295 assert_key_lock(local);
296
297 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
298 /* Extended Key ID key install, initial one or rekey */
299
300 if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
301 !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
302 /* Aggregation Sessions with Extended Key ID must not
303 * mix MPDUs with different keyIDs within one A-MPDU.
304 * Tear down running Tx aggregation sessions and block
305 * new Rx/Tx aggregation requests during rekey to
306 * ensure there are no A-MPDUs when the driver is not
307 * supporting A-MPDU key borders. (Blocking Tx only
308 * would be sufficient but WLAN_STA_BLOCK_BA gets the
309 * job done for the few ms we need it.)
310 */
311 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
312 mutex_lock(&sta->ampdu_mlme.mtx);
313 for (i = 0; i < IEEE80211_NUM_TIDS; i++)
314 ___ieee80211_stop_tx_ba_session(sta, i,
315 AGG_STOP_LOCAL_REQUEST);
316 mutex_unlock(&sta->ampdu_mlme.mtx);
317 }
318 } else if (old) {
319 /* Rekey without Extended Key ID.
320 * Aggregation sessions are OK when running on SW crypto.
321 * A broken remote STA may cause issues not observed with HW
322 * crypto, though.
323 */
324 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
325 return;
326
327 /* Stop Tx till we are on the new key */
328 old->flags |= KEY_FLAG_TAINTED;
329 ieee80211_clear_fast_xmit(sta);
330 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
331 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
332 ieee80211_sta_tear_down_BA_sessions(sta,
333 AGG_STOP_LOCAL_REQUEST);
334 }
335 if (!wiphy_ext_feature_isset(local->hw.wiphy,
336 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
337 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
338 sta->sta.addr);
339 /* Flushing the driver queues *may* help prevent
340 * the clear text leaks and freezes.
341 */
342 ieee80211_flush_queues(local, old->sdata, false);
343 }
344 }
345}
346
347static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
348 int idx, bool uni, bool multi)
349{
350 struct ieee80211_key *key = NULL;
351
352 assert_key_lock(sdata->local);
353
354 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
355 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
356
357 if (uni) {
358 rcu_assign_pointer(sdata->default_unicast_key, key);
359 ieee80211_check_fast_xmit_iface(sdata);
360 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
361 drv_set_default_unicast_key(sdata->local, sdata, idx);
362 }
363
364 if (multi)
365 rcu_assign_pointer(sdata->default_multicast_key, key);
366
367 ieee80211_debugfs_key_update_default(sdata);
368}
369
370void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
371 bool uni, bool multi)
372{
373 mutex_lock(&sdata->local->key_mtx);
374 __ieee80211_set_default_key(sdata, idx, uni, multi);
375 mutex_unlock(&sdata->local->key_mtx);
376}
377
378static void
379__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
380{
381 struct ieee80211_key *key = NULL;
382
383 assert_key_lock(sdata->local);
384
385 if (idx >= NUM_DEFAULT_KEYS &&
386 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
387 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
388
389 rcu_assign_pointer(sdata->default_mgmt_key, key);
390
391 ieee80211_debugfs_key_update_default(sdata);
392}
393
394void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
395 int idx)
396{
397 mutex_lock(&sdata->local->key_mtx);
398 __ieee80211_set_default_mgmt_key(sdata, idx);
399 mutex_unlock(&sdata->local->key_mtx);
400}
401
402static void
403__ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata, int idx)
404{
405 struct ieee80211_key *key = NULL;
406
407 assert_key_lock(sdata->local);
408
409 if (idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS &&
410 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
411 NUM_DEFAULT_BEACON_KEYS)
412 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
413
414 rcu_assign_pointer(sdata->default_beacon_key, key);
415
416 ieee80211_debugfs_key_update_default(sdata);
417}
418
419void ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata,
420 int idx)
421{
422 mutex_lock(&sdata->local->key_mtx);
423 __ieee80211_set_default_beacon_key(sdata, idx);
424 mutex_unlock(&sdata->local->key_mtx);
425}
426
427static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
428 struct sta_info *sta,
429 bool pairwise,
430 struct ieee80211_key *old,
431 struct ieee80211_key *new)
432{
433 int idx;
434 int ret = 0;
435 bool defunikey, defmultikey, defmgmtkey, defbeaconkey;
436
437 /* caller must provide at least one old/new */
438 if (WARN_ON(!new && !old))
439 return 0;
440
441 if (new)
442 list_add_tail_rcu(&new->list, &sdata->key_list);
443
444 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
445
446 if (new && sta && pairwise) {
447 /* Unicast rekey needs special handling. With Extended Key ID
448 * old is still NULL for the first rekey.
449 */
450 ieee80211_pairwise_rekey(old, new);
451 }
452
453 if (old) {
454 idx = old->conf.keyidx;
455
456 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
457 ieee80211_key_disable_hw_accel(old);
458
459 if (new)
460 ret = ieee80211_key_enable_hw_accel(new);
461 }
462 } else {
463 /* new must be provided in case old is not */
464 idx = new->conf.keyidx;
465 if (!new->local->wowlan)
466 ret = ieee80211_key_enable_hw_accel(new);
467 }
468
469 if (ret)
470 return ret;
471
472 if (sta) {
473 if (pairwise) {
474 rcu_assign_pointer(sta->ptk[idx], new);
475 if (new &&
476 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX))
477 _ieee80211_set_tx_key(new, true);
478 } else {
479 rcu_assign_pointer(sta->gtk[idx], new);
480 }
481 /* Only needed for transition from no key -> key.
482 * Still triggers unnecessary when using Extended Key ID
483 * and installing the second key ID the first time.
484 */
485 if (new && !old)
486 ieee80211_check_fast_rx(sta);
487 } else {
488 defunikey = old &&
489 old == key_mtx_dereference(sdata->local,
490 sdata->default_unicast_key);
491 defmultikey = old &&
492 old == key_mtx_dereference(sdata->local,
493 sdata->default_multicast_key);
494 defmgmtkey = old &&
495 old == key_mtx_dereference(sdata->local,
496 sdata->default_mgmt_key);
497 defbeaconkey = old &&
498 old == key_mtx_dereference(sdata->local,
499 sdata->default_beacon_key);
500
501 if (defunikey && !new)
502 __ieee80211_set_default_key(sdata, -1, true, false);
503 if (defmultikey && !new)
504 __ieee80211_set_default_key(sdata, -1, false, true);
505 if (defmgmtkey && !new)
506 __ieee80211_set_default_mgmt_key(sdata, -1);
507 if (defbeaconkey && !new)
508 __ieee80211_set_default_beacon_key(sdata, -1);
509
510 rcu_assign_pointer(sdata->keys[idx], new);
511 if (defunikey && new)
512 __ieee80211_set_default_key(sdata, new->conf.keyidx,
513 true, false);
514 if (defmultikey && new)
515 __ieee80211_set_default_key(sdata, new->conf.keyidx,
516 false, true);
517 if (defmgmtkey && new)
518 __ieee80211_set_default_mgmt_key(sdata,
519 new->conf.keyidx);
520 if (defbeaconkey && new)
521 __ieee80211_set_default_beacon_key(sdata,
522 new->conf.keyidx);
523 }
524
525 if (old)
526 list_del_rcu(&old->list);
527
528 return 0;
529}
530
531struct ieee80211_key *
532ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
533 const u8 *key_data,
534 size_t seq_len, const u8 *seq,
535 const struct ieee80211_cipher_scheme *cs)
536{
537 struct ieee80211_key *key;
538 int i, j, err;
539
540 if (WARN_ON(idx < 0 ||
541 idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
542 NUM_DEFAULT_BEACON_KEYS))
543 return ERR_PTR(-EINVAL);
544
545 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
546 if (!key)
547 return ERR_PTR(-ENOMEM);
548
549 /*
550 * Default to software encryption; we'll later upload the
551 * key to the hardware if possible.
552 */
553 key->conf.flags = 0;
554 key->flags = 0;
555
556 key->conf.cipher = cipher;
557 key->conf.keyidx = idx;
558 key->conf.keylen = key_len;
559 switch (cipher) {
560 case WLAN_CIPHER_SUITE_WEP40:
561 case WLAN_CIPHER_SUITE_WEP104:
562 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
563 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
564 break;
565 case WLAN_CIPHER_SUITE_TKIP:
566 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
567 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
568 if (seq) {
569 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
570 key->u.tkip.rx[i].iv32 =
571 get_unaligned_le32(&seq[2]);
572 key->u.tkip.rx[i].iv16 =
573 get_unaligned_le16(seq);
574 }
575 }
576 spin_lock_init(&key->u.tkip.txlock);
577 break;
578 case WLAN_CIPHER_SUITE_CCMP:
579 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
580 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
581 if (seq) {
582 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
583 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
584 key->u.ccmp.rx_pn[i][j] =
585 seq[IEEE80211_CCMP_PN_LEN - j - 1];
586 }
587 /*
588 * Initialize AES key state here as an optimization so that
589 * it does not need to be initialized for every packet.
590 */
591 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
592 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
593 if (IS_ERR(key->u.ccmp.tfm)) {
594 err = PTR_ERR(key->u.ccmp.tfm);
595 kfree(key);
596 return ERR_PTR(err);
597 }
598 break;
599 case WLAN_CIPHER_SUITE_CCMP_256:
600 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
601 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
602 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
603 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
604 key->u.ccmp.rx_pn[i][j] =
605 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
606 /* Initialize AES key state here as an optimization so that
607 * it does not need to be initialized for every packet.
608 */
609 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
610 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
611 if (IS_ERR(key->u.ccmp.tfm)) {
612 err = PTR_ERR(key->u.ccmp.tfm);
613 kfree(key);
614 return ERR_PTR(err);
615 }
616 break;
617 case WLAN_CIPHER_SUITE_AES_CMAC:
618 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
619 key->conf.iv_len = 0;
620 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
621 key->conf.icv_len = sizeof(struct ieee80211_mmie);
622 else
623 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
624 if (seq)
625 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
626 key->u.aes_cmac.rx_pn[j] =
627 seq[IEEE80211_CMAC_PN_LEN - j - 1];
628 /*
629 * Initialize AES key state here as an optimization so that
630 * it does not need to be initialized for every packet.
631 */
632 key->u.aes_cmac.tfm =
633 ieee80211_aes_cmac_key_setup(key_data, key_len);
634 if (IS_ERR(key->u.aes_cmac.tfm)) {
635 err = PTR_ERR(key->u.aes_cmac.tfm);
636 kfree(key);
637 return ERR_PTR(err);
638 }
639 break;
640 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
641 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
642 key->conf.iv_len = 0;
643 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
644 if (seq)
645 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
646 key->u.aes_gmac.rx_pn[j] =
647 seq[IEEE80211_GMAC_PN_LEN - j - 1];
648 /* Initialize AES key state here as an optimization so that
649 * it does not need to be initialized for every packet.
650 */
651 key->u.aes_gmac.tfm =
652 ieee80211_aes_gmac_key_setup(key_data, key_len);
653 if (IS_ERR(key->u.aes_gmac.tfm)) {
654 err = PTR_ERR(key->u.aes_gmac.tfm);
655 kfree(key);
656 return ERR_PTR(err);
657 }
658 break;
659 case WLAN_CIPHER_SUITE_GCMP:
660 case WLAN_CIPHER_SUITE_GCMP_256:
661 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
662 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
663 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
664 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
665 key->u.gcmp.rx_pn[i][j] =
666 seq[IEEE80211_GCMP_PN_LEN - j - 1];
667 /* Initialize AES key state here as an optimization so that
668 * it does not need to be initialized for every packet.
669 */
670 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
671 key_len);
672 if (IS_ERR(key->u.gcmp.tfm)) {
673 err = PTR_ERR(key->u.gcmp.tfm);
674 kfree(key);
675 return ERR_PTR(err);
676 }
677 break;
678 default:
679 if (cs) {
680 if (seq_len && seq_len != cs->pn_len) {
681 kfree(key);
682 return ERR_PTR(-EINVAL);
683 }
684
685 key->conf.iv_len = cs->hdr_len;
686 key->conf.icv_len = cs->mic_len;
687 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
688 for (j = 0; j < seq_len; j++)
689 key->u.gen.rx_pn[i][j] =
690 seq[seq_len - j - 1];
691 key->flags |= KEY_FLAG_CIPHER_SCHEME;
692 }
693 }
694 memcpy(key->conf.key, key_data, key_len);
695 INIT_LIST_HEAD(&key->list);
696
697 return key;
698}
699
700static void ieee80211_key_free_common(struct ieee80211_key *key)
701{
702 switch (key->conf.cipher) {
703 case WLAN_CIPHER_SUITE_CCMP:
704 case WLAN_CIPHER_SUITE_CCMP_256:
705 ieee80211_aes_key_free(key->u.ccmp.tfm);
706 break;
707 case WLAN_CIPHER_SUITE_AES_CMAC:
708 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
709 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
710 break;
711 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
712 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
713 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
714 break;
715 case WLAN_CIPHER_SUITE_GCMP:
716 case WLAN_CIPHER_SUITE_GCMP_256:
717 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
718 break;
719 }
720 kfree_sensitive(key);
721}
722
723static void __ieee80211_key_destroy(struct ieee80211_key *key,
724 bool delay_tailroom)
725{
726 if (key->local) {
727 struct ieee80211_sub_if_data *sdata = key->sdata;
728
729 ieee80211_debugfs_key_remove(key);
730
731 if (delay_tailroom) {
732 /* see ieee80211_delayed_tailroom_dec */
733 sdata->crypto_tx_tailroom_pending_dec++;
734 schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
735 HZ/2);
736 } else {
737 decrease_tailroom_need_count(sdata, 1);
738 }
739 }
740
741 ieee80211_key_free_common(key);
742}
743
744static void ieee80211_key_destroy(struct ieee80211_key *key,
745 bool delay_tailroom)
746{
747 if (!key)
748 return;
749
750 /*
751 * Synchronize so the TX path and rcu key iterators
752 * can no longer be using this key before we free/remove it.
753 */
754 synchronize_net();
755
756 __ieee80211_key_destroy(key, delay_tailroom);
757}
758
759void ieee80211_key_free_unused(struct ieee80211_key *key)
760{
761 WARN_ON(key->sdata || key->local);
762 ieee80211_key_free_common(key);
763}
764
765static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
766 struct ieee80211_key *old,
767 struct ieee80211_key *new)
768{
769 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
770 u8 *tk_old, *tk_new;
771
772 if (!old || new->conf.keylen != old->conf.keylen)
773 return false;
774
775 tk_old = old->conf.key;
776 tk_new = new->conf.key;
777
778 /*
779 * In station mode, don't compare the TX MIC key, as it's never used
780 * and offloaded rekeying may not care to send it to the host. This
781 * is the case in iwlwifi, for example.
782 */
783 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
784 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
785 new->conf.keylen == WLAN_KEY_LEN_TKIP &&
786 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
787 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
788 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
789 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
790 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
791 tk_old = tkip_old;
792 tk_new = tkip_new;
793 }
794
795 return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
796}
797
798int ieee80211_key_link(struct ieee80211_key *key,
799 struct ieee80211_sub_if_data *sdata,
800 struct sta_info *sta)
801{
802 static atomic_t key_color = ATOMIC_INIT(0);
803 struct ieee80211_key *old_key;
804 int idx = key->conf.keyidx;
805 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
806 /*
807 * We want to delay tailroom updates only for station - in that
808 * case it helps roaming speed, but in other cases it hurts and
809 * can cause warnings to appear.
810 */
811 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
812 int ret = -EOPNOTSUPP;
813
814 mutex_lock(&sdata->local->key_mtx);
815
816 if (sta && pairwise) {
817 struct ieee80211_key *alt_key;
818
819 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
820 alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]);
821
822 /* The rekey code assumes that the old and new key are using
823 * the same cipher. Enforce the assumption for pairwise keys.
824 */
825 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
826 (old_key && old_key->conf.cipher != key->conf.cipher))
827 goto out;
828 } else if (sta) {
829 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
830 } else {
831 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
832 }
833
834 /* Non-pairwise keys must also not switch the cipher on rekey */
835 if (!pairwise) {
836 if (old_key && old_key->conf.cipher != key->conf.cipher)
837 goto out;
838 }
839
840 /*
841 * Silently accept key re-installation without really installing the
842 * new version of the key to avoid nonce reuse or replay issues.
843 */
844 if (ieee80211_key_identical(sdata, old_key, key)) {
845 ieee80211_key_free_unused(key);
846 ret = 0;
847 goto out;
848 }
849
850 key->local = sdata->local;
851 key->sdata = sdata;
852 key->sta = sta;
853
854 /*
855 * Assign a unique ID to every key so we can easily prevent mixed
856 * key and fragment cache attacks.
857 */
858 key->color = atomic_inc_return(&key_color);
859
860 increment_tailroom_need_count(sdata);
861
862 ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
863
864 if (!ret) {
865 ieee80211_debugfs_key_add(key);
866 ieee80211_key_destroy(old_key, delay_tailroom);
867 } else {
868 ieee80211_key_free(key, delay_tailroom);
869 }
870
871 out:
872 mutex_unlock(&sdata->local->key_mtx);
873
874 return ret;
875}
876
877void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
878{
879 if (!key)
880 return;
881
882 /*
883 * Replace key with nothingness if it was ever used.
884 */
885 if (key->sdata)
886 ieee80211_key_replace(key->sdata, key->sta,
887 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
888 key, NULL);
889 ieee80211_key_destroy(key, delay_tailroom);
890}
891
892void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
893{
894 struct ieee80211_key *key;
895 struct ieee80211_sub_if_data *vlan;
896
897 lockdep_assert_wiphy(sdata->local->hw.wiphy);
898
899 mutex_lock(&sdata->local->key_mtx);
900
901 sdata->crypto_tx_tailroom_needed_cnt = 0;
902 sdata->crypto_tx_tailroom_pending_dec = 0;
903
904 if (sdata->vif.type == NL80211_IFTYPE_AP) {
905 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
906 vlan->crypto_tx_tailroom_needed_cnt = 0;
907 vlan->crypto_tx_tailroom_pending_dec = 0;
908 }
909 }
910
911 if (ieee80211_sdata_running(sdata)) {
912 list_for_each_entry(key, &sdata->key_list, list) {
913 increment_tailroom_need_count(sdata);
914 ieee80211_key_enable_hw_accel(key);
915 }
916 }
917
918 mutex_unlock(&sdata->local->key_mtx);
919}
920
921void ieee80211_iter_keys(struct ieee80211_hw *hw,
922 struct ieee80211_vif *vif,
923 void (*iter)(struct ieee80211_hw *hw,
924 struct ieee80211_vif *vif,
925 struct ieee80211_sta *sta,
926 struct ieee80211_key_conf *key,
927 void *data),
928 void *iter_data)
929{
930 struct ieee80211_local *local = hw_to_local(hw);
931 struct ieee80211_key *key, *tmp;
932 struct ieee80211_sub_if_data *sdata;
933
934 lockdep_assert_wiphy(hw->wiphy);
935
936 mutex_lock(&local->key_mtx);
937 if (vif) {
938 sdata = vif_to_sdata(vif);
939 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
940 iter(hw, &sdata->vif,
941 key->sta ? &key->sta->sta : NULL,
942 &key->conf, iter_data);
943 } else {
944 list_for_each_entry(sdata, &local->interfaces, list)
945 list_for_each_entry_safe(key, tmp,
946 &sdata->key_list, list)
947 iter(hw, &sdata->vif,
948 key->sta ? &key->sta->sta : NULL,
949 &key->conf, iter_data);
950 }
951 mutex_unlock(&local->key_mtx);
952}
953EXPORT_SYMBOL(ieee80211_iter_keys);
954
955static void
956_ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
957 struct ieee80211_sub_if_data *sdata,
958 void (*iter)(struct ieee80211_hw *hw,
959 struct ieee80211_vif *vif,
960 struct ieee80211_sta *sta,
961 struct ieee80211_key_conf *key,
962 void *data),
963 void *iter_data)
964{
965 struct ieee80211_key *key;
966
967 list_for_each_entry_rcu(key, &sdata->key_list, list) {
968 /* skip keys of station in removal process */
969 if (key->sta && key->sta->removed)
970 continue;
971 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
972 continue;
973
974 iter(hw, &sdata->vif,
975 key->sta ? &key->sta->sta : NULL,
976 &key->conf, iter_data);
977 }
978}
979
980void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
981 struct ieee80211_vif *vif,
982 void (*iter)(struct ieee80211_hw *hw,
983 struct ieee80211_vif *vif,
984 struct ieee80211_sta *sta,
985 struct ieee80211_key_conf *key,
986 void *data),
987 void *iter_data)
988{
989 struct ieee80211_local *local = hw_to_local(hw);
990 struct ieee80211_sub_if_data *sdata;
991
992 if (vif) {
993 sdata = vif_to_sdata(vif);
994 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
995 } else {
996 list_for_each_entry_rcu(sdata, &local->interfaces, list)
997 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
998 }
999}
1000EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
1001
1002static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
1003 struct list_head *keys)
1004{
1005 struct ieee80211_key *key, *tmp;
1006
1007 decrease_tailroom_need_count(sdata,
1008 sdata->crypto_tx_tailroom_pending_dec);
1009 sdata->crypto_tx_tailroom_pending_dec = 0;
1010
1011 ieee80211_debugfs_key_remove_mgmt_default(sdata);
1012 ieee80211_debugfs_key_remove_beacon_default(sdata);
1013
1014 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1015 ieee80211_key_replace(key->sdata, key->sta,
1016 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1017 key, NULL);
1018 list_add_tail(&key->list, keys);
1019 }
1020
1021 ieee80211_debugfs_key_update_default(sdata);
1022}
1023
1024void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
1025 bool force_synchronize)
1026{
1027 struct ieee80211_local *local = sdata->local;
1028 struct ieee80211_sub_if_data *vlan;
1029 struct ieee80211_sub_if_data *master;
1030 struct ieee80211_key *key, *tmp;
1031 LIST_HEAD(keys);
1032
1033 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
1034
1035 mutex_lock(&local->key_mtx);
1036
1037 ieee80211_free_keys_iface(sdata, &keys);
1038
1039 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1040 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1041 ieee80211_free_keys_iface(vlan, &keys);
1042 }
1043
1044 if (!list_empty(&keys) || force_synchronize)
1045 synchronize_net();
1046 list_for_each_entry_safe(key, tmp, &keys, list)
1047 __ieee80211_key_destroy(key, false);
1048
1049 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1050 if (sdata->bss) {
1051 master = container_of(sdata->bss,
1052 struct ieee80211_sub_if_data,
1053 u.ap);
1054
1055 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1056 master->crypto_tx_tailroom_needed_cnt);
1057 }
1058 } else {
1059 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1060 sdata->crypto_tx_tailroom_pending_dec);
1061 }
1062
1063 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1064 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1065 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1066 vlan->crypto_tx_tailroom_pending_dec);
1067 }
1068
1069 mutex_unlock(&local->key_mtx);
1070}
1071
1072void ieee80211_free_sta_keys(struct ieee80211_local *local,
1073 struct sta_info *sta)
1074{
1075 struct ieee80211_key *key;
1076 int i;
1077
1078 mutex_lock(&local->key_mtx);
1079 for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
1080 key = key_mtx_dereference(local, sta->gtk[i]);
1081 if (!key)
1082 continue;
1083 ieee80211_key_replace(key->sdata, key->sta,
1084 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1085 key, NULL);
1086 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1087 NL80211_IFTYPE_STATION);
1088 }
1089
1090 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1091 key = key_mtx_dereference(local, sta->ptk[i]);
1092 if (!key)
1093 continue;
1094 ieee80211_key_replace(key->sdata, key->sta,
1095 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1096 key, NULL);
1097 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1098 NL80211_IFTYPE_STATION);
1099 }
1100
1101 mutex_unlock(&local->key_mtx);
1102}
1103
1104void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
1105{
1106 struct ieee80211_sub_if_data *sdata;
1107
1108 sdata = container_of(wk, struct ieee80211_sub_if_data,
1109 dec_tailroom_needed_wk.work);
1110
1111 /*
1112 * The reason for the delayed tailroom needed decrementing is to
1113 * make roaming faster: during roaming, all keys are first deleted
1114 * and then new keys are installed. The first new key causes the
1115 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1116 * the cost of synchronize_net() (which can be slow). Avoid this
1117 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1118 * key removal for a while, so if we roam the value is larger than
1119 * zero and no 0->1 transition happens.
1120 *
1121 * The cost is that if the AP switching was from an AP with keys
1122 * to one without, we still allocate tailroom while it would no
1123 * longer be needed. However, in the typical (fast) roaming case
1124 * within an ESS this usually won't happen.
1125 */
1126
1127 mutex_lock(&sdata->local->key_mtx);
1128 decrease_tailroom_need_count(sdata,
1129 sdata->crypto_tx_tailroom_pending_dec);
1130 sdata->crypto_tx_tailroom_pending_dec = 0;
1131 mutex_unlock(&sdata->local->key_mtx);
1132}
1133
1134void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1135 const u8 *replay_ctr, gfp_t gfp)
1136{
1137 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1138
1139 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1140
1141 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1142}
1143EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1144
1145void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1146 int tid, struct ieee80211_key_seq *seq)
1147{
1148 struct ieee80211_key *key;
1149 const u8 *pn;
1150
1151 key = container_of(keyconf, struct ieee80211_key, conf);
1152
1153 switch (key->conf.cipher) {
1154 case WLAN_CIPHER_SUITE_TKIP:
1155 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1156 return;
1157 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1158 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1159 break;
1160 case WLAN_CIPHER_SUITE_CCMP:
1161 case WLAN_CIPHER_SUITE_CCMP_256:
1162 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1163 return;
1164 if (tid < 0)
1165 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1166 else
1167 pn = key->u.ccmp.rx_pn[tid];
1168 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1169 break;
1170 case WLAN_CIPHER_SUITE_AES_CMAC:
1171 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1172 if (WARN_ON(tid != 0))
1173 return;
1174 pn = key->u.aes_cmac.rx_pn;
1175 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1176 break;
1177 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1178 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1179 if (WARN_ON(tid != 0))
1180 return;
1181 pn = key->u.aes_gmac.rx_pn;
1182 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1183 break;
1184 case WLAN_CIPHER_SUITE_GCMP:
1185 case WLAN_CIPHER_SUITE_GCMP_256:
1186 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1187 return;
1188 if (tid < 0)
1189 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1190 else
1191 pn = key->u.gcmp.rx_pn[tid];
1192 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1193 break;
1194 }
1195}
1196EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1197
1198void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1199 int tid, struct ieee80211_key_seq *seq)
1200{
1201 struct ieee80211_key *key;
1202 u8 *pn;
1203
1204 key = container_of(keyconf, struct ieee80211_key, conf);
1205
1206 switch (key->conf.cipher) {
1207 case WLAN_CIPHER_SUITE_TKIP:
1208 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1209 return;
1210 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1211 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1212 break;
1213 case WLAN_CIPHER_SUITE_CCMP:
1214 case WLAN_CIPHER_SUITE_CCMP_256:
1215 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1216 return;
1217 if (tid < 0)
1218 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1219 else
1220 pn = key->u.ccmp.rx_pn[tid];
1221 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1222 break;
1223 case WLAN_CIPHER_SUITE_AES_CMAC:
1224 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1225 if (WARN_ON(tid != 0))
1226 return;
1227 pn = key->u.aes_cmac.rx_pn;
1228 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1229 break;
1230 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1231 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1232 if (WARN_ON(tid != 0))
1233 return;
1234 pn = key->u.aes_gmac.rx_pn;
1235 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1236 break;
1237 case WLAN_CIPHER_SUITE_GCMP:
1238 case WLAN_CIPHER_SUITE_GCMP_256:
1239 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1240 return;
1241 if (tid < 0)
1242 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1243 else
1244 pn = key->u.gcmp.rx_pn[tid];
1245 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1246 break;
1247 default:
1248 WARN_ON(1);
1249 break;
1250 }
1251}
1252EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1253
1254void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1255{
1256 struct ieee80211_key *key;
1257
1258 key = container_of(keyconf, struct ieee80211_key, conf);
1259
1260 assert_key_lock(key->local);
1261
1262 /*
1263 * if key was uploaded, we assume the driver will/has remove(d)
1264 * it, so adjust bookkeeping accordingly
1265 */
1266 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1267 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1268
1269 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1270 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1271 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1272 increment_tailroom_need_count(key->sdata);
1273 }
1274
1275 ieee80211_key_free(key, false);
1276}
1277EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1278
1279struct ieee80211_key_conf *
1280ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1281 struct ieee80211_key_conf *keyconf)
1282{
1283 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1284 struct ieee80211_local *local = sdata->local;
1285 struct ieee80211_key *key;
1286 int err;
1287
1288 if (WARN_ON(!local->wowlan))
1289 return ERR_PTR(-EINVAL);
1290
1291 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1292 return ERR_PTR(-EINVAL);
1293
1294 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1295 keyconf->keylen, keyconf->key,
1296 0, NULL, NULL);
1297 if (IS_ERR(key))
1298 return ERR_CAST(key);
1299
1300 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1301 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1302
1303 err = ieee80211_key_link(key, sdata, NULL);
1304 if (err)
1305 return ERR_PTR(err);
1306
1307 return &key->conf;
1308}
1309EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1310
1311void ieee80211_key_mic_failure(struct ieee80211_key_conf *keyconf)
1312{
1313 struct ieee80211_key *key;
1314
1315 key = container_of(keyconf, struct ieee80211_key, conf);
1316
1317 switch (key->conf.cipher) {
1318 case WLAN_CIPHER_SUITE_AES_CMAC:
1319 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1320 key->u.aes_cmac.icverrors++;
1321 break;
1322 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1323 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1324 key->u.aes_gmac.icverrors++;
1325 break;
1326 default:
1327 /* ignore the others for now, we don't keep counters now */
1328 break;
1329 }
1330}
1331EXPORT_SYMBOL_GPL(ieee80211_key_mic_failure);
1332
1333void ieee80211_key_replay(struct ieee80211_key_conf *keyconf)
1334{
1335 struct ieee80211_key *key;
1336
1337 key = container_of(keyconf, struct ieee80211_key, conf);
1338
1339 switch (key->conf.cipher) {
1340 case WLAN_CIPHER_SUITE_CCMP:
1341 case WLAN_CIPHER_SUITE_CCMP_256:
1342 key->u.ccmp.replays++;
1343 break;
1344 case WLAN_CIPHER_SUITE_AES_CMAC:
1345 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1346 key->u.aes_cmac.replays++;
1347 break;
1348 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1349 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1350 key->u.aes_gmac.replays++;
1351 break;
1352 case WLAN_CIPHER_SUITE_GCMP:
1353 case WLAN_CIPHER_SUITE_GCMP_256:
1354 key->u.gcmp.replays++;
1355 break;
1356 }
1357}
1358EXPORT_SYMBOL_GPL(ieee80211_key_replay);
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright 2015-2017 Intel Deutschland GmbH
9 * Copyright 2018-2020, 2022-2023 Intel Corporation
10 */
11
12#include <crypto/utils.h>
13#include <linux/if_ether.h>
14#include <linux/etherdevice.h>
15#include <linux/list.h>
16#include <linux/rcupdate.h>
17#include <linux/rtnetlink.h>
18#include <linux/slab.h>
19#include <linux/export.h>
20#include <net/mac80211.h>
21#include <asm/unaligned.h>
22#include "ieee80211_i.h"
23#include "driver-ops.h"
24#include "debugfs_key.h"
25#include "aes_ccm.h"
26#include "aes_cmac.h"
27#include "aes_gmac.h"
28#include "aes_gcm.h"
29
30
31/**
32 * DOC: Key handling basics
33 *
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
37 *
38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
45 *
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
52 */
53
54static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55
56static void
57update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
58{
59 struct ieee80211_sub_if_data *vlan;
60
61 if (sdata->vif.type != NL80211_IFTYPE_AP)
62 return;
63
64 /* crypto_tx_tailroom_needed_cnt is protected by this */
65 lockdep_assert_wiphy(sdata->local->hw.wiphy);
66
67 rcu_read_lock();
68
69 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
70 vlan->crypto_tx_tailroom_needed_cnt += delta;
71
72 rcu_read_unlock();
73}
74
75static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
76{
77 /*
78 * When this count is zero, SKB resizing for allocating tailroom
79 * for IV or MMIC is skipped. But, this check has created two race
80 * cases in xmit path while transiting from zero count to one:
81 *
82 * 1. SKB resize was skipped because no key was added but just before
83 * the xmit key is added and SW encryption kicks off.
84 *
85 * 2. SKB resize was skipped because all the keys were hw planted but
86 * just before xmit one of the key is deleted and SW encryption kicks
87 * off.
88 *
89 * In both the above case SW encryption will find not enough space for
90 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
91 *
92 * Solution has been explained at
93 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
94 */
95
96 lockdep_assert_wiphy(sdata->local->hw.wiphy);
97
98 update_vlan_tailroom_need_count(sdata, 1);
99
100 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
101 /*
102 * Flush all XMIT packets currently using HW encryption or no
103 * encryption at all if the count transition is from 0 -> 1.
104 */
105 synchronize_net();
106 }
107}
108
109static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
110 int delta)
111{
112 lockdep_assert_wiphy(sdata->local->hw.wiphy);
113
114 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
115
116 update_vlan_tailroom_need_count(sdata, -delta);
117 sdata->crypto_tx_tailroom_needed_cnt -= delta;
118}
119
120static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
121{
122 struct ieee80211_sub_if_data *sdata = key->sdata;
123 struct sta_info *sta;
124 int ret = -EOPNOTSUPP;
125
126 might_sleep();
127 lockdep_assert_wiphy(key->local->hw.wiphy);
128
129 if (key->flags & KEY_FLAG_TAINTED) {
130 /* If we get here, it's during resume and the key is
131 * tainted so shouldn't be used/programmed any more.
132 * However, its flags may still indicate that it was
133 * programmed into the device (since we're in resume)
134 * so clear that flag now to avoid trying to remove
135 * it again later.
136 */
137 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
138 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
139 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
140 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
141 increment_tailroom_need_count(sdata);
142
143 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
144 return -EINVAL;
145 }
146
147 if (!key->local->ops->set_key)
148 goto out_unsupported;
149
150 sta = key->sta;
151
152 /*
153 * If this is a per-STA GTK, check if it
154 * is supported; if not, return.
155 */
156 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
157 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
158 goto out_unsupported;
159
160 if (sta && !sta->uploaded)
161 goto out_unsupported;
162
163 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
164 /*
165 * The driver doesn't know anything about VLAN interfaces.
166 * Hence, don't send GTKs for VLAN interfaces to the driver.
167 */
168 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
169 ret = 1;
170 goto out_unsupported;
171 }
172 }
173
174 if (key->conf.link_id >= 0 && sdata->vif.active_links &&
175 !(sdata->vif.active_links & BIT(key->conf.link_id)))
176 return 0;
177
178 ret = drv_set_key(key->local, SET_KEY, sdata,
179 sta ? &sta->sta : NULL, &key->conf);
180
181 if (!ret) {
182 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
183
184 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
185 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
186 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
187 decrease_tailroom_need_count(sdata, 1);
188
189 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
190 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
191
192 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
193 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
194
195 return 0;
196 }
197
198 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
199 sdata_err(sdata,
200 "failed to set key (%d, %pM) to hardware (%d)\n",
201 key->conf.keyidx,
202 sta ? sta->sta.addr : bcast_addr, ret);
203
204 out_unsupported:
205 switch (key->conf.cipher) {
206 case WLAN_CIPHER_SUITE_WEP40:
207 case WLAN_CIPHER_SUITE_WEP104:
208 case WLAN_CIPHER_SUITE_TKIP:
209 case WLAN_CIPHER_SUITE_CCMP:
210 case WLAN_CIPHER_SUITE_CCMP_256:
211 case WLAN_CIPHER_SUITE_GCMP:
212 case WLAN_CIPHER_SUITE_GCMP_256:
213 case WLAN_CIPHER_SUITE_AES_CMAC:
214 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
215 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
216 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
217 /* all of these we can do in software - if driver can */
218 if (ret == 1)
219 return 0;
220 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
221 return -EINVAL;
222 return 0;
223 default:
224 return -EINVAL;
225 }
226}
227
228static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
229{
230 struct ieee80211_sub_if_data *sdata;
231 struct sta_info *sta;
232 int ret;
233
234 might_sleep();
235
236 if (!key || !key->local->ops->set_key)
237 return;
238
239 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
240 return;
241
242 sta = key->sta;
243 sdata = key->sdata;
244
245 lockdep_assert_wiphy(key->local->hw.wiphy);
246
247 if (key->conf.link_id >= 0 && sdata->vif.active_links &&
248 !(sdata->vif.active_links & BIT(key->conf.link_id)))
249 return;
250
251 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
252 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
253 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
254 increment_tailroom_need_count(sdata);
255
256 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
257 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
258 sta ? &sta->sta : NULL, &key->conf);
259
260 if (ret)
261 sdata_err(sdata,
262 "failed to remove key (%d, %pM) from hardware (%d)\n",
263 key->conf.keyidx,
264 sta ? sta->sta.addr : bcast_addr, ret);
265}
266
267static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
268{
269 struct sta_info *sta = key->sta;
270 struct ieee80211_local *local = key->local;
271
272 lockdep_assert_wiphy(local->hw.wiphy);
273
274 set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
275
276 sta->ptk_idx = key->conf.keyidx;
277
278 if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
279 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
280 ieee80211_check_fast_xmit(sta);
281
282 return 0;
283}
284
285int ieee80211_set_tx_key(struct ieee80211_key *key)
286{
287 return _ieee80211_set_tx_key(key, false);
288}
289
290static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
291 struct ieee80211_key *new)
292{
293 struct ieee80211_local *local = new->local;
294 struct sta_info *sta = new->sta;
295 int i;
296
297 lockdep_assert_wiphy(local->hw.wiphy);
298
299 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
300 /* Extended Key ID key install, initial one or rekey */
301
302 if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
303 !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
304 /* Aggregation Sessions with Extended Key ID must not
305 * mix MPDUs with different keyIDs within one A-MPDU.
306 * Tear down running Tx aggregation sessions and block
307 * new Rx/Tx aggregation requests during rekey to
308 * ensure there are no A-MPDUs when the driver is not
309 * supporting A-MPDU key borders. (Blocking Tx only
310 * would be sufficient but WLAN_STA_BLOCK_BA gets the
311 * job done for the few ms we need it.)
312 */
313 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
314 for (i = 0; i < IEEE80211_NUM_TIDS; i++)
315 __ieee80211_stop_tx_ba_session(sta, i,
316 AGG_STOP_LOCAL_REQUEST);
317 }
318 } else if (old) {
319 /* Rekey without Extended Key ID.
320 * Aggregation sessions are OK when running on SW crypto.
321 * A broken remote STA may cause issues not observed with HW
322 * crypto, though.
323 */
324 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
325 return;
326
327 /* Stop Tx till we are on the new key */
328 old->flags |= KEY_FLAG_TAINTED;
329 ieee80211_clear_fast_xmit(sta);
330 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
331 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
332 ieee80211_sta_tear_down_BA_sessions(sta,
333 AGG_STOP_LOCAL_REQUEST);
334 }
335 if (!wiphy_ext_feature_isset(local->hw.wiphy,
336 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
337 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
338 sta->sta.addr);
339 /* Flushing the driver queues *may* help prevent
340 * the clear text leaks and freezes.
341 */
342 ieee80211_flush_queues(local, old->sdata, false);
343 }
344 }
345}
346
347static void __ieee80211_set_default_key(struct ieee80211_link_data *link,
348 int idx, bool uni, bool multi)
349{
350 struct ieee80211_sub_if_data *sdata = link->sdata;
351 struct ieee80211_key *key = NULL;
352
353 lockdep_assert_wiphy(sdata->local->hw.wiphy);
354
355 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) {
356 key = wiphy_dereference(sdata->local->hw.wiphy,
357 sdata->keys[idx]);
358 if (!key)
359 key = wiphy_dereference(sdata->local->hw.wiphy,
360 link->gtk[idx]);
361 }
362
363 if (uni) {
364 rcu_assign_pointer(sdata->default_unicast_key, key);
365 ieee80211_check_fast_xmit_iface(sdata);
366 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
367 drv_set_default_unicast_key(sdata->local, sdata, idx);
368 }
369
370 if (multi)
371 rcu_assign_pointer(link->default_multicast_key, key);
372
373 ieee80211_debugfs_key_update_default(sdata);
374}
375
376void ieee80211_set_default_key(struct ieee80211_link_data *link, int idx,
377 bool uni, bool multi)
378{
379 lockdep_assert_wiphy(link->sdata->local->hw.wiphy);
380
381 __ieee80211_set_default_key(link, idx, uni, multi);
382}
383
384static void
385__ieee80211_set_default_mgmt_key(struct ieee80211_link_data *link, int idx)
386{
387 struct ieee80211_sub_if_data *sdata = link->sdata;
388 struct ieee80211_key *key = NULL;
389
390 lockdep_assert_wiphy(sdata->local->hw.wiphy);
391
392 if (idx >= NUM_DEFAULT_KEYS &&
393 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
394 key = wiphy_dereference(sdata->local->hw.wiphy,
395 link->gtk[idx]);
396
397 rcu_assign_pointer(link->default_mgmt_key, key);
398
399 ieee80211_debugfs_key_update_default(sdata);
400}
401
402void ieee80211_set_default_mgmt_key(struct ieee80211_link_data *link,
403 int idx)
404{
405 lockdep_assert_wiphy(link->sdata->local->hw.wiphy);
406
407 __ieee80211_set_default_mgmt_key(link, idx);
408}
409
410static void
411__ieee80211_set_default_beacon_key(struct ieee80211_link_data *link, int idx)
412{
413 struct ieee80211_sub_if_data *sdata = link->sdata;
414 struct ieee80211_key *key = NULL;
415
416 lockdep_assert_wiphy(sdata->local->hw.wiphy);
417
418 if (idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS &&
419 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
420 NUM_DEFAULT_BEACON_KEYS)
421 key = wiphy_dereference(sdata->local->hw.wiphy,
422 link->gtk[idx]);
423
424 rcu_assign_pointer(link->default_beacon_key, key);
425
426 ieee80211_debugfs_key_update_default(sdata);
427}
428
429void ieee80211_set_default_beacon_key(struct ieee80211_link_data *link,
430 int idx)
431{
432 lockdep_assert_wiphy(link->sdata->local->hw.wiphy);
433
434 __ieee80211_set_default_beacon_key(link, idx);
435}
436
437static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
438 struct ieee80211_link_data *link,
439 struct sta_info *sta,
440 bool pairwise,
441 struct ieee80211_key *old,
442 struct ieee80211_key *new)
443{
444 struct link_sta_info *link_sta = sta ? &sta->deflink : NULL;
445 int link_id;
446 int idx;
447 int ret = 0;
448 bool defunikey, defmultikey, defmgmtkey, defbeaconkey;
449 bool is_wep;
450
451 lockdep_assert_wiphy(sdata->local->hw.wiphy);
452
453 /* caller must provide at least one old/new */
454 if (WARN_ON(!new && !old))
455 return 0;
456
457 if (new) {
458 idx = new->conf.keyidx;
459 is_wep = new->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
460 new->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
461 link_id = new->conf.link_id;
462 } else {
463 idx = old->conf.keyidx;
464 is_wep = old->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
465 old->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
466 link_id = old->conf.link_id;
467 }
468
469 if (WARN(old && old->conf.link_id != link_id,
470 "old link ID %d doesn't match new link ID %d\n",
471 old->conf.link_id, link_id))
472 return -EINVAL;
473
474 if (link_id >= 0) {
475 if (!link) {
476 link = sdata_dereference(sdata->link[link_id], sdata);
477 if (!link)
478 return -ENOLINK;
479 }
480
481 if (sta) {
482 link_sta = rcu_dereference_protected(sta->link[link_id],
483 lockdep_is_held(&sta->local->hw.wiphy->mtx));
484 if (!link_sta)
485 return -ENOLINK;
486 }
487 } else {
488 link = &sdata->deflink;
489 }
490
491 if ((is_wep || pairwise) && idx >= NUM_DEFAULT_KEYS)
492 return -EINVAL;
493
494 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
495
496 if (new && sta && pairwise) {
497 /* Unicast rekey needs special handling. With Extended Key ID
498 * old is still NULL for the first rekey.
499 */
500 ieee80211_pairwise_rekey(old, new);
501 }
502
503 if (old) {
504 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
505 ieee80211_key_disable_hw_accel(old);
506
507 if (new)
508 ret = ieee80211_key_enable_hw_accel(new);
509 }
510 } else {
511 if (!new->local->wowlan)
512 ret = ieee80211_key_enable_hw_accel(new);
513 else
514 new->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
515 }
516
517 if (ret)
518 return ret;
519
520 if (new)
521 list_add_tail_rcu(&new->list, &sdata->key_list);
522
523 if (sta) {
524 if (pairwise) {
525 rcu_assign_pointer(sta->ptk[idx], new);
526 if (new &&
527 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX))
528 _ieee80211_set_tx_key(new, true);
529 } else {
530 rcu_assign_pointer(link_sta->gtk[idx], new);
531 }
532 /* Only needed for transition from no key -> key.
533 * Still triggers unnecessary when using Extended Key ID
534 * and installing the second key ID the first time.
535 */
536 if (new && !old)
537 ieee80211_check_fast_rx(sta);
538 } else {
539 defunikey = old &&
540 old == wiphy_dereference(sdata->local->hw.wiphy,
541 sdata->default_unicast_key);
542 defmultikey = old &&
543 old == wiphy_dereference(sdata->local->hw.wiphy,
544 link->default_multicast_key);
545 defmgmtkey = old &&
546 old == wiphy_dereference(sdata->local->hw.wiphy,
547 link->default_mgmt_key);
548 defbeaconkey = old &&
549 old == wiphy_dereference(sdata->local->hw.wiphy,
550 link->default_beacon_key);
551
552 if (defunikey && !new)
553 __ieee80211_set_default_key(link, -1, true, false);
554 if (defmultikey && !new)
555 __ieee80211_set_default_key(link, -1, false, true);
556 if (defmgmtkey && !new)
557 __ieee80211_set_default_mgmt_key(link, -1);
558 if (defbeaconkey && !new)
559 __ieee80211_set_default_beacon_key(link, -1);
560
561 if (is_wep || pairwise)
562 rcu_assign_pointer(sdata->keys[idx], new);
563 else
564 rcu_assign_pointer(link->gtk[idx], new);
565
566 if (defunikey && new)
567 __ieee80211_set_default_key(link, new->conf.keyidx,
568 true, false);
569 if (defmultikey && new)
570 __ieee80211_set_default_key(link, new->conf.keyidx,
571 false, true);
572 if (defmgmtkey && new)
573 __ieee80211_set_default_mgmt_key(link,
574 new->conf.keyidx);
575 if (defbeaconkey && new)
576 __ieee80211_set_default_beacon_key(link,
577 new->conf.keyidx);
578 }
579
580 if (old)
581 list_del_rcu(&old->list);
582
583 return 0;
584}
585
586struct ieee80211_key *
587ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
588 const u8 *key_data,
589 size_t seq_len, const u8 *seq)
590{
591 struct ieee80211_key *key;
592 int i, j, err;
593
594 if (WARN_ON(idx < 0 ||
595 idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
596 NUM_DEFAULT_BEACON_KEYS))
597 return ERR_PTR(-EINVAL);
598
599 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
600 if (!key)
601 return ERR_PTR(-ENOMEM);
602
603 /*
604 * Default to software encryption; we'll later upload the
605 * key to the hardware if possible.
606 */
607 key->conf.flags = 0;
608 key->flags = 0;
609
610 key->conf.link_id = -1;
611 key->conf.cipher = cipher;
612 key->conf.keyidx = idx;
613 key->conf.keylen = key_len;
614 switch (cipher) {
615 case WLAN_CIPHER_SUITE_WEP40:
616 case WLAN_CIPHER_SUITE_WEP104:
617 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
618 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
619 break;
620 case WLAN_CIPHER_SUITE_TKIP:
621 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
622 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
623 if (seq) {
624 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
625 key->u.tkip.rx[i].iv32 =
626 get_unaligned_le32(&seq[2]);
627 key->u.tkip.rx[i].iv16 =
628 get_unaligned_le16(seq);
629 }
630 }
631 spin_lock_init(&key->u.tkip.txlock);
632 break;
633 case WLAN_CIPHER_SUITE_CCMP:
634 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
635 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
636 if (seq) {
637 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
638 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
639 key->u.ccmp.rx_pn[i][j] =
640 seq[IEEE80211_CCMP_PN_LEN - j - 1];
641 }
642 /*
643 * Initialize AES key state here as an optimization so that
644 * it does not need to be initialized for every packet.
645 */
646 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
647 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
648 if (IS_ERR(key->u.ccmp.tfm)) {
649 err = PTR_ERR(key->u.ccmp.tfm);
650 kfree(key);
651 return ERR_PTR(err);
652 }
653 break;
654 case WLAN_CIPHER_SUITE_CCMP_256:
655 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
656 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
657 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
658 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
659 key->u.ccmp.rx_pn[i][j] =
660 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
661 /* Initialize AES key state here as an optimization so that
662 * it does not need to be initialized for every packet.
663 */
664 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
665 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
666 if (IS_ERR(key->u.ccmp.tfm)) {
667 err = PTR_ERR(key->u.ccmp.tfm);
668 kfree(key);
669 return ERR_PTR(err);
670 }
671 break;
672 case WLAN_CIPHER_SUITE_AES_CMAC:
673 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
674 key->conf.iv_len = 0;
675 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
676 key->conf.icv_len = sizeof(struct ieee80211_mmie);
677 else
678 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
679 if (seq)
680 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
681 key->u.aes_cmac.rx_pn[j] =
682 seq[IEEE80211_CMAC_PN_LEN - j - 1];
683 /*
684 * Initialize AES key state here as an optimization so that
685 * it does not need to be initialized for every packet.
686 */
687 key->u.aes_cmac.tfm =
688 ieee80211_aes_cmac_key_setup(key_data, key_len);
689 if (IS_ERR(key->u.aes_cmac.tfm)) {
690 err = PTR_ERR(key->u.aes_cmac.tfm);
691 kfree(key);
692 return ERR_PTR(err);
693 }
694 break;
695 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
696 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
697 key->conf.iv_len = 0;
698 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
699 if (seq)
700 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
701 key->u.aes_gmac.rx_pn[j] =
702 seq[IEEE80211_GMAC_PN_LEN - j - 1];
703 /* Initialize AES key state here as an optimization so that
704 * it does not need to be initialized for every packet.
705 */
706 key->u.aes_gmac.tfm =
707 ieee80211_aes_gmac_key_setup(key_data, key_len);
708 if (IS_ERR(key->u.aes_gmac.tfm)) {
709 err = PTR_ERR(key->u.aes_gmac.tfm);
710 kfree(key);
711 return ERR_PTR(err);
712 }
713 break;
714 case WLAN_CIPHER_SUITE_GCMP:
715 case WLAN_CIPHER_SUITE_GCMP_256:
716 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
717 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
718 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
719 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
720 key->u.gcmp.rx_pn[i][j] =
721 seq[IEEE80211_GCMP_PN_LEN - j - 1];
722 /* Initialize AES key state here as an optimization so that
723 * it does not need to be initialized for every packet.
724 */
725 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
726 key_len);
727 if (IS_ERR(key->u.gcmp.tfm)) {
728 err = PTR_ERR(key->u.gcmp.tfm);
729 kfree(key);
730 return ERR_PTR(err);
731 }
732 break;
733 }
734 memcpy(key->conf.key, key_data, key_len);
735 INIT_LIST_HEAD(&key->list);
736
737 return key;
738}
739
740static void ieee80211_key_free_common(struct ieee80211_key *key)
741{
742 switch (key->conf.cipher) {
743 case WLAN_CIPHER_SUITE_CCMP:
744 case WLAN_CIPHER_SUITE_CCMP_256:
745 ieee80211_aes_key_free(key->u.ccmp.tfm);
746 break;
747 case WLAN_CIPHER_SUITE_AES_CMAC:
748 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
749 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
750 break;
751 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
752 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
753 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
754 break;
755 case WLAN_CIPHER_SUITE_GCMP:
756 case WLAN_CIPHER_SUITE_GCMP_256:
757 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
758 break;
759 }
760 kfree_sensitive(key);
761}
762
763static void __ieee80211_key_destroy(struct ieee80211_key *key,
764 bool delay_tailroom)
765{
766 if (key->local) {
767 struct ieee80211_sub_if_data *sdata = key->sdata;
768
769 ieee80211_debugfs_key_remove(key);
770
771 if (delay_tailroom) {
772 /* see ieee80211_delayed_tailroom_dec */
773 sdata->crypto_tx_tailroom_pending_dec++;
774 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
775 &sdata->dec_tailroom_needed_wk,
776 HZ / 2);
777 } else {
778 decrease_tailroom_need_count(sdata, 1);
779 }
780 }
781
782 ieee80211_key_free_common(key);
783}
784
785static void ieee80211_key_destroy(struct ieee80211_key *key,
786 bool delay_tailroom)
787{
788 if (!key)
789 return;
790
791 /*
792 * Synchronize so the TX path and rcu key iterators
793 * can no longer be using this key before we free/remove it.
794 */
795 synchronize_net();
796
797 __ieee80211_key_destroy(key, delay_tailroom);
798}
799
800void ieee80211_key_free_unused(struct ieee80211_key *key)
801{
802 if (!key)
803 return;
804
805 WARN_ON(key->sdata || key->local);
806 ieee80211_key_free_common(key);
807}
808
809static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
810 struct ieee80211_key *old,
811 struct ieee80211_key *new)
812{
813 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
814 u8 *tk_old, *tk_new;
815
816 if (!old || new->conf.keylen != old->conf.keylen)
817 return false;
818
819 tk_old = old->conf.key;
820 tk_new = new->conf.key;
821
822 /*
823 * In station mode, don't compare the TX MIC key, as it's never used
824 * and offloaded rekeying may not care to send it to the host. This
825 * is the case in iwlwifi, for example.
826 */
827 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
828 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
829 new->conf.keylen == WLAN_KEY_LEN_TKIP &&
830 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
831 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
832 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
833 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
834 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
835 tk_old = tkip_old;
836 tk_new = tkip_new;
837 }
838
839 return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
840}
841
842int ieee80211_key_link(struct ieee80211_key *key,
843 struct ieee80211_link_data *link,
844 struct sta_info *sta)
845{
846 struct ieee80211_sub_if_data *sdata = link->sdata;
847 static atomic_t key_color = ATOMIC_INIT(0);
848 struct ieee80211_key *old_key = NULL;
849 int idx = key->conf.keyidx;
850 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
851 /*
852 * We want to delay tailroom updates only for station - in that
853 * case it helps roaming speed, but in other cases it hurts and
854 * can cause warnings to appear.
855 */
856 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
857 int ret;
858
859 lockdep_assert_wiphy(sdata->local->hw.wiphy);
860
861 if (sta && pairwise) {
862 struct ieee80211_key *alt_key;
863
864 old_key = wiphy_dereference(sdata->local->hw.wiphy,
865 sta->ptk[idx]);
866 alt_key = wiphy_dereference(sdata->local->hw.wiphy,
867 sta->ptk[idx ^ 1]);
868
869 /* The rekey code assumes that the old and new key are using
870 * the same cipher. Enforce the assumption for pairwise keys.
871 */
872 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
873 (old_key && old_key->conf.cipher != key->conf.cipher)) {
874 ret = -EOPNOTSUPP;
875 goto out;
876 }
877 } else if (sta) {
878 struct link_sta_info *link_sta = &sta->deflink;
879 int link_id = key->conf.link_id;
880
881 if (link_id >= 0) {
882 link_sta = rcu_dereference_protected(sta->link[link_id],
883 lockdep_is_held(&sta->local->hw.wiphy->mtx));
884 if (!link_sta) {
885 ret = -ENOLINK;
886 goto out;
887 }
888 }
889
890 old_key = wiphy_dereference(sdata->local->hw.wiphy,
891 link_sta->gtk[idx]);
892 } else {
893 if (idx < NUM_DEFAULT_KEYS)
894 old_key = wiphy_dereference(sdata->local->hw.wiphy,
895 sdata->keys[idx]);
896 if (!old_key)
897 old_key = wiphy_dereference(sdata->local->hw.wiphy,
898 link->gtk[idx]);
899 }
900
901 /* Non-pairwise keys must also not switch the cipher on rekey */
902 if (!pairwise) {
903 if (old_key && old_key->conf.cipher != key->conf.cipher) {
904 ret = -EOPNOTSUPP;
905 goto out;
906 }
907 }
908
909 /*
910 * Silently accept key re-installation without really installing the
911 * new version of the key to avoid nonce reuse or replay issues.
912 */
913 if (ieee80211_key_identical(sdata, old_key, key)) {
914 ret = -EALREADY;
915 goto out;
916 }
917
918 key->local = sdata->local;
919 key->sdata = sdata;
920 key->sta = sta;
921
922 /*
923 * Assign a unique ID to every key so we can easily prevent mixed
924 * key and fragment cache attacks.
925 */
926 key->color = atomic_inc_return(&key_color);
927
928 increment_tailroom_need_count(sdata);
929
930 ret = ieee80211_key_replace(sdata, link, sta, pairwise, old_key, key);
931
932 if (!ret) {
933 ieee80211_debugfs_key_add(key);
934 ieee80211_key_destroy(old_key, delay_tailroom);
935 } else {
936 ieee80211_key_free(key, delay_tailroom);
937 }
938
939 key = NULL;
940
941 out:
942 ieee80211_key_free_unused(key);
943 return ret;
944}
945
946void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
947{
948 if (!key)
949 return;
950
951 /*
952 * Replace key with nothingness if it was ever used.
953 */
954 if (key->sdata)
955 ieee80211_key_replace(key->sdata, NULL, key->sta,
956 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
957 key, NULL);
958 ieee80211_key_destroy(key, delay_tailroom);
959}
960
961void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
962{
963 struct ieee80211_key *key;
964 struct ieee80211_sub_if_data *vlan;
965
966 lockdep_assert_wiphy(sdata->local->hw.wiphy);
967
968 sdata->crypto_tx_tailroom_needed_cnt = 0;
969 sdata->crypto_tx_tailroom_pending_dec = 0;
970
971 if (sdata->vif.type == NL80211_IFTYPE_AP) {
972 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
973 vlan->crypto_tx_tailroom_needed_cnt = 0;
974 vlan->crypto_tx_tailroom_pending_dec = 0;
975 }
976 }
977
978 if (ieee80211_sdata_running(sdata)) {
979 list_for_each_entry(key, &sdata->key_list, list) {
980 increment_tailroom_need_count(sdata);
981 ieee80211_key_enable_hw_accel(key);
982 }
983 }
984}
985
986void ieee80211_iter_keys(struct ieee80211_hw *hw,
987 struct ieee80211_vif *vif,
988 void (*iter)(struct ieee80211_hw *hw,
989 struct ieee80211_vif *vif,
990 struct ieee80211_sta *sta,
991 struct ieee80211_key_conf *key,
992 void *data),
993 void *iter_data)
994{
995 struct ieee80211_local *local = hw_to_local(hw);
996 struct ieee80211_key *key, *tmp;
997 struct ieee80211_sub_if_data *sdata;
998
999 lockdep_assert_wiphy(hw->wiphy);
1000
1001 if (vif) {
1002 sdata = vif_to_sdata(vif);
1003 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
1004 iter(hw, &sdata->vif,
1005 key->sta ? &key->sta->sta : NULL,
1006 &key->conf, iter_data);
1007 } else {
1008 list_for_each_entry(sdata, &local->interfaces, list)
1009 list_for_each_entry_safe(key, tmp,
1010 &sdata->key_list, list)
1011 iter(hw, &sdata->vif,
1012 key->sta ? &key->sta->sta : NULL,
1013 &key->conf, iter_data);
1014 }
1015}
1016EXPORT_SYMBOL(ieee80211_iter_keys);
1017
1018static void
1019_ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
1020 struct ieee80211_sub_if_data *sdata,
1021 void (*iter)(struct ieee80211_hw *hw,
1022 struct ieee80211_vif *vif,
1023 struct ieee80211_sta *sta,
1024 struct ieee80211_key_conf *key,
1025 void *data),
1026 void *iter_data)
1027{
1028 struct ieee80211_key *key;
1029
1030 list_for_each_entry_rcu(key, &sdata->key_list, list) {
1031 /* skip keys of station in removal process */
1032 if (key->sta && key->sta->removed)
1033 continue;
1034 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
1035 continue;
1036
1037 iter(hw, &sdata->vif,
1038 key->sta ? &key->sta->sta : NULL,
1039 &key->conf, iter_data);
1040 }
1041}
1042
1043void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
1044 struct ieee80211_vif *vif,
1045 void (*iter)(struct ieee80211_hw *hw,
1046 struct ieee80211_vif *vif,
1047 struct ieee80211_sta *sta,
1048 struct ieee80211_key_conf *key,
1049 void *data),
1050 void *iter_data)
1051{
1052 struct ieee80211_local *local = hw_to_local(hw);
1053 struct ieee80211_sub_if_data *sdata;
1054
1055 if (vif) {
1056 sdata = vif_to_sdata(vif);
1057 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1058 } else {
1059 list_for_each_entry_rcu(sdata, &local->interfaces, list)
1060 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1061 }
1062}
1063EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
1064
1065static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
1066 struct list_head *keys)
1067{
1068 struct ieee80211_key *key, *tmp;
1069
1070 decrease_tailroom_need_count(sdata,
1071 sdata->crypto_tx_tailroom_pending_dec);
1072 sdata->crypto_tx_tailroom_pending_dec = 0;
1073
1074 ieee80211_debugfs_key_remove_mgmt_default(sdata);
1075 ieee80211_debugfs_key_remove_beacon_default(sdata);
1076
1077 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1078 ieee80211_key_replace(key->sdata, NULL, key->sta,
1079 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1080 key, NULL);
1081 list_add_tail(&key->list, keys);
1082 }
1083
1084 ieee80211_debugfs_key_update_default(sdata);
1085}
1086
1087void ieee80211_remove_link_keys(struct ieee80211_link_data *link,
1088 struct list_head *keys)
1089{
1090 struct ieee80211_sub_if_data *sdata = link->sdata;
1091 struct ieee80211_local *local = sdata->local;
1092 struct ieee80211_key *key, *tmp;
1093
1094 lockdep_assert_wiphy(local->hw.wiphy);
1095
1096 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1097 if (key->conf.link_id != link->link_id)
1098 continue;
1099 ieee80211_key_replace(key->sdata, link, key->sta,
1100 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1101 key, NULL);
1102 list_add_tail(&key->list, keys);
1103 }
1104}
1105
1106void ieee80211_free_key_list(struct ieee80211_local *local,
1107 struct list_head *keys)
1108{
1109 struct ieee80211_key *key, *tmp;
1110
1111 lockdep_assert_wiphy(local->hw.wiphy);
1112
1113 list_for_each_entry_safe(key, tmp, keys, list)
1114 __ieee80211_key_destroy(key, false);
1115}
1116
1117void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
1118 bool force_synchronize)
1119{
1120 struct ieee80211_local *local = sdata->local;
1121 struct ieee80211_sub_if_data *vlan;
1122 struct ieee80211_sub_if_data *master;
1123 struct ieee80211_key *key, *tmp;
1124 LIST_HEAD(keys);
1125
1126 wiphy_delayed_work_cancel(local->hw.wiphy,
1127 &sdata->dec_tailroom_needed_wk);
1128
1129 lockdep_assert_wiphy(local->hw.wiphy);
1130
1131 ieee80211_free_keys_iface(sdata, &keys);
1132
1133 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1134 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1135 ieee80211_free_keys_iface(vlan, &keys);
1136 }
1137
1138 if (!list_empty(&keys) || force_synchronize)
1139 synchronize_net();
1140 list_for_each_entry_safe(key, tmp, &keys, list)
1141 __ieee80211_key_destroy(key, false);
1142
1143 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1144 if (sdata->bss) {
1145 master = container_of(sdata->bss,
1146 struct ieee80211_sub_if_data,
1147 u.ap);
1148
1149 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1150 master->crypto_tx_tailroom_needed_cnt);
1151 }
1152 } else {
1153 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1154 sdata->crypto_tx_tailroom_pending_dec);
1155 }
1156
1157 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1158 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1159 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1160 vlan->crypto_tx_tailroom_pending_dec);
1161 }
1162}
1163
1164void ieee80211_free_sta_keys(struct ieee80211_local *local,
1165 struct sta_info *sta)
1166{
1167 struct ieee80211_key *key;
1168 int i;
1169
1170 lockdep_assert_wiphy(local->hw.wiphy);
1171
1172 for (i = 0; i < ARRAY_SIZE(sta->deflink.gtk); i++) {
1173 key = wiphy_dereference(local->hw.wiphy, sta->deflink.gtk[i]);
1174 if (!key)
1175 continue;
1176 ieee80211_key_replace(key->sdata, NULL, key->sta,
1177 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1178 key, NULL);
1179 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1180 NL80211_IFTYPE_STATION);
1181 }
1182
1183 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1184 key = wiphy_dereference(local->hw.wiphy, sta->ptk[i]);
1185 if (!key)
1186 continue;
1187 ieee80211_key_replace(key->sdata, NULL, key->sta,
1188 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1189 key, NULL);
1190 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1191 NL80211_IFTYPE_STATION);
1192 }
1193}
1194
1195void ieee80211_delayed_tailroom_dec(struct wiphy *wiphy,
1196 struct wiphy_work *wk)
1197{
1198 struct ieee80211_sub_if_data *sdata;
1199
1200 sdata = container_of(wk, struct ieee80211_sub_if_data,
1201 dec_tailroom_needed_wk.work);
1202
1203 /*
1204 * The reason for the delayed tailroom needed decrementing is to
1205 * make roaming faster: during roaming, all keys are first deleted
1206 * and then new keys are installed. The first new key causes the
1207 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1208 * the cost of synchronize_net() (which can be slow). Avoid this
1209 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1210 * key removal for a while, so if we roam the value is larger than
1211 * zero and no 0->1 transition happens.
1212 *
1213 * The cost is that if the AP switching was from an AP with keys
1214 * to one without, we still allocate tailroom while it would no
1215 * longer be needed. However, in the typical (fast) roaming case
1216 * within an ESS this usually won't happen.
1217 */
1218
1219 decrease_tailroom_need_count(sdata,
1220 sdata->crypto_tx_tailroom_pending_dec);
1221 sdata->crypto_tx_tailroom_pending_dec = 0;
1222}
1223
1224void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1225 const u8 *replay_ctr, gfp_t gfp)
1226{
1227 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1228
1229 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1230
1231 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1232}
1233EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1234
1235void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1236 int tid, struct ieee80211_key_seq *seq)
1237{
1238 struct ieee80211_key *key;
1239 const u8 *pn;
1240
1241 key = container_of(keyconf, struct ieee80211_key, conf);
1242
1243 switch (key->conf.cipher) {
1244 case WLAN_CIPHER_SUITE_TKIP:
1245 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1246 return;
1247 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1248 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1249 break;
1250 case WLAN_CIPHER_SUITE_CCMP:
1251 case WLAN_CIPHER_SUITE_CCMP_256:
1252 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1253 return;
1254 if (tid < 0)
1255 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1256 else
1257 pn = key->u.ccmp.rx_pn[tid];
1258 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1259 break;
1260 case WLAN_CIPHER_SUITE_AES_CMAC:
1261 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1262 if (WARN_ON(tid != 0))
1263 return;
1264 pn = key->u.aes_cmac.rx_pn;
1265 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1266 break;
1267 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1268 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1269 if (WARN_ON(tid != 0))
1270 return;
1271 pn = key->u.aes_gmac.rx_pn;
1272 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1273 break;
1274 case WLAN_CIPHER_SUITE_GCMP:
1275 case WLAN_CIPHER_SUITE_GCMP_256:
1276 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1277 return;
1278 if (tid < 0)
1279 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1280 else
1281 pn = key->u.gcmp.rx_pn[tid];
1282 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1283 break;
1284 }
1285}
1286EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1287
1288void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1289 int tid, struct ieee80211_key_seq *seq)
1290{
1291 struct ieee80211_key *key;
1292 u8 *pn;
1293
1294 key = container_of(keyconf, struct ieee80211_key, conf);
1295
1296 switch (key->conf.cipher) {
1297 case WLAN_CIPHER_SUITE_TKIP:
1298 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1299 return;
1300 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1301 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1302 break;
1303 case WLAN_CIPHER_SUITE_CCMP:
1304 case WLAN_CIPHER_SUITE_CCMP_256:
1305 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1306 return;
1307 if (tid < 0)
1308 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1309 else
1310 pn = key->u.ccmp.rx_pn[tid];
1311 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1312 break;
1313 case WLAN_CIPHER_SUITE_AES_CMAC:
1314 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1315 if (WARN_ON(tid != 0))
1316 return;
1317 pn = key->u.aes_cmac.rx_pn;
1318 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1319 break;
1320 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1321 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1322 if (WARN_ON(tid != 0))
1323 return;
1324 pn = key->u.aes_gmac.rx_pn;
1325 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1326 break;
1327 case WLAN_CIPHER_SUITE_GCMP:
1328 case WLAN_CIPHER_SUITE_GCMP_256:
1329 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1330 return;
1331 if (tid < 0)
1332 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1333 else
1334 pn = key->u.gcmp.rx_pn[tid];
1335 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1336 break;
1337 default:
1338 WARN_ON(1);
1339 break;
1340 }
1341}
1342EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1343
1344void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1345{
1346 struct ieee80211_key *key;
1347
1348 key = container_of(keyconf, struct ieee80211_key, conf);
1349
1350 lockdep_assert_wiphy(key->local->hw.wiphy);
1351
1352 /*
1353 * if key was uploaded, we assume the driver will/has remove(d)
1354 * it, so adjust bookkeeping accordingly
1355 */
1356 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1357 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1358
1359 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1360 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1361 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1362 increment_tailroom_need_count(key->sdata);
1363 }
1364
1365 ieee80211_key_free(key, false);
1366}
1367EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1368
1369struct ieee80211_key_conf *
1370ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1371 struct ieee80211_key_conf *keyconf)
1372{
1373 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1374 struct ieee80211_local *local = sdata->local;
1375 struct ieee80211_key *key;
1376 int err;
1377
1378 if (WARN_ON(!local->wowlan))
1379 return ERR_PTR(-EINVAL);
1380
1381 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1382 return ERR_PTR(-EINVAL);
1383
1384 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1385 keyconf->keylen, keyconf->key,
1386 0, NULL);
1387 if (IS_ERR(key))
1388 return ERR_CAST(key);
1389
1390 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1391 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1392
1393 /* FIXME: this function needs to get a link ID */
1394 err = ieee80211_key_link(key, &sdata->deflink, NULL);
1395 if (err)
1396 return ERR_PTR(err);
1397
1398 return &key->conf;
1399}
1400EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1401
1402void ieee80211_key_mic_failure(struct ieee80211_key_conf *keyconf)
1403{
1404 struct ieee80211_key *key;
1405
1406 key = container_of(keyconf, struct ieee80211_key, conf);
1407
1408 switch (key->conf.cipher) {
1409 case WLAN_CIPHER_SUITE_AES_CMAC:
1410 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1411 key->u.aes_cmac.icverrors++;
1412 break;
1413 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1414 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1415 key->u.aes_gmac.icverrors++;
1416 break;
1417 default:
1418 /* ignore the others for now, we don't keep counters now */
1419 break;
1420 }
1421}
1422EXPORT_SYMBOL_GPL(ieee80211_key_mic_failure);
1423
1424void ieee80211_key_replay(struct ieee80211_key_conf *keyconf)
1425{
1426 struct ieee80211_key *key;
1427
1428 key = container_of(keyconf, struct ieee80211_key, conf);
1429
1430 switch (key->conf.cipher) {
1431 case WLAN_CIPHER_SUITE_CCMP:
1432 case WLAN_CIPHER_SUITE_CCMP_256:
1433 key->u.ccmp.replays++;
1434 break;
1435 case WLAN_CIPHER_SUITE_AES_CMAC:
1436 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1437 key->u.aes_cmac.replays++;
1438 break;
1439 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1440 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1441 key->u.aes_gmac.replays++;
1442 break;
1443 case WLAN_CIPHER_SUITE_GCMP:
1444 case WLAN_CIPHER_SUITE_GCMP_256:
1445 key->u.gcmp.replays++;
1446 break;
1447 }
1448}
1449EXPORT_SYMBOL_GPL(ieee80211_key_replay);
1450
1451int ieee80211_key_switch_links(struct ieee80211_sub_if_data *sdata,
1452 unsigned long del_links_mask,
1453 unsigned long add_links_mask)
1454{
1455 struct ieee80211_key *key;
1456 int ret;
1457
1458 list_for_each_entry(key, &sdata->key_list, list) {
1459 if (key->conf.link_id < 0 ||
1460 !(del_links_mask & BIT(key->conf.link_id)))
1461 continue;
1462
1463 /* shouldn't happen for per-link keys */
1464 WARN_ON(key->sta);
1465
1466 ieee80211_key_disable_hw_accel(key);
1467 }
1468
1469 list_for_each_entry(key, &sdata->key_list, list) {
1470 if (key->conf.link_id < 0 ||
1471 !(add_links_mask & BIT(key->conf.link_id)))
1472 continue;
1473
1474 /* shouldn't happen for per-link keys */
1475 WARN_ON(key->sta);
1476
1477 ret = ieee80211_key_enable_hw_accel(key);
1478 if (ret)
1479 return ret;
1480 }
1481
1482 return 0;
1483}