Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright 2015-2017 Intel Deutschland GmbH
9 * Copyright 2018-2020 Intel Corporation
10 */
11
12#include <linux/if_ether.h>
13#include <linux/etherdevice.h>
14#include <linux/list.h>
15#include <linux/rcupdate.h>
16#include <linux/rtnetlink.h>
17#include <linux/slab.h>
18#include <linux/export.h>
19#include <net/mac80211.h>
20#include <crypto/algapi.h>
21#include <asm/unaligned.h>
22#include "ieee80211_i.h"
23#include "driver-ops.h"
24#include "debugfs_key.h"
25#include "aes_ccm.h"
26#include "aes_cmac.h"
27#include "aes_gmac.h"
28#include "aes_gcm.h"
29
30
31/**
32 * DOC: Key handling basics
33 *
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
37 *
38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
45 *
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
52 */
53
54static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55
56static void assert_key_lock(struct ieee80211_local *local)
57{
58 lockdep_assert_held(&local->key_mtx);
59}
60
61static void
62update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
63{
64 struct ieee80211_sub_if_data *vlan;
65
66 if (sdata->vif.type != NL80211_IFTYPE_AP)
67 return;
68
69 /* crypto_tx_tailroom_needed_cnt is protected by this */
70 assert_key_lock(sdata->local);
71
72 rcu_read_lock();
73
74 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
75 vlan->crypto_tx_tailroom_needed_cnt += delta;
76
77 rcu_read_unlock();
78}
79
80static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
81{
82 /*
83 * When this count is zero, SKB resizing for allocating tailroom
84 * for IV or MMIC is skipped. But, this check has created two race
85 * cases in xmit path while transiting from zero count to one:
86 *
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
89 *
90 * 2. SKB resize was skipped because all the keys were hw planted but
91 * just before xmit one of the key is deleted and SW encryption kicks
92 * off.
93 *
94 * In both the above case SW encryption will find not enough space for
95 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
96 *
97 * Solution has been explained at
98 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
99 */
100
101 assert_key_lock(sdata->local);
102
103 update_vlan_tailroom_need_count(sdata, 1);
104
105 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
106 /*
107 * Flush all XMIT packets currently using HW encryption or no
108 * encryption at all if the count transition is from 0 -> 1.
109 */
110 synchronize_net();
111 }
112}
113
114static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
115 int delta)
116{
117 assert_key_lock(sdata->local);
118
119 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
120
121 update_vlan_tailroom_need_count(sdata, -delta);
122 sdata->crypto_tx_tailroom_needed_cnt -= delta;
123}
124
125static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
126{
127 struct ieee80211_sub_if_data *sdata = key->sdata;
128 struct sta_info *sta;
129 int ret = -EOPNOTSUPP;
130
131 might_sleep();
132
133 if (key->flags & KEY_FLAG_TAINTED) {
134 /* If we get here, it's during resume and the key is
135 * tainted so shouldn't be used/programmed any more.
136 * However, its flags may still indicate that it was
137 * programmed into the device (since we're in resume)
138 * so clear that flag now to avoid trying to remove
139 * it again later.
140 */
141 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
143 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
144 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
145 increment_tailroom_need_count(sdata);
146
147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
148 return -EINVAL;
149 }
150
151 if (!key->local->ops->set_key)
152 goto out_unsupported;
153
154 assert_key_lock(key->local);
155
156 sta = key->sta;
157
158 /*
159 * If this is a per-STA GTK, check if it
160 * is supported; if not, return.
161 */
162 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
163 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
164 goto out_unsupported;
165
166 if (sta && !sta->uploaded)
167 goto out_unsupported;
168
169 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
170 /*
171 * The driver doesn't know anything about VLAN interfaces.
172 * Hence, don't send GTKs for VLAN interfaces to the driver.
173 */
174 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
175 ret = 1;
176 goto out_unsupported;
177 }
178 }
179
180 /* TKIP countermeasures don't work in encap offload mode */
181 if (key->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
182 sdata->hw_80211_encap) {
183 sdata_dbg(sdata, "TKIP is not allowed in hw 80211 encap mode\n");
184 return -EINVAL;
185 }
186
187 ret = drv_set_key(key->local, SET_KEY, sdata,
188 sta ? &sta->sta : NULL, &key->conf);
189
190 if (!ret) {
191 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
192
193 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
194 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
195 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
196 decrease_tailroom_need_count(sdata, 1);
197
198 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
199 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
200
201 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
202 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
203
204 return 0;
205 }
206
207 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
208 sdata_err(sdata,
209 "failed to set key (%d, %pM) to hardware (%d)\n",
210 key->conf.keyidx,
211 sta ? sta->sta.addr : bcast_addr, ret);
212
213 out_unsupported:
214 switch (key->conf.cipher) {
215 case WLAN_CIPHER_SUITE_WEP40:
216 case WLAN_CIPHER_SUITE_WEP104:
217 case WLAN_CIPHER_SUITE_TKIP:
218 case WLAN_CIPHER_SUITE_CCMP:
219 case WLAN_CIPHER_SUITE_CCMP_256:
220 case WLAN_CIPHER_SUITE_GCMP:
221 case WLAN_CIPHER_SUITE_GCMP_256:
222 /* We cannot do software crypto of data frames with
223 * encapsulation offload enabled. However for 802.11w to
224 * function properly we need cmac/gmac keys.
225 */
226 if (sdata->hw_80211_encap)
227 return -EINVAL;
228 fallthrough;
229
230 case WLAN_CIPHER_SUITE_AES_CMAC:
231 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
232 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
233 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
234 /* all of these we can do in software - if driver can */
235 if (ret == 1)
236 return 0;
237 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
238 return -EINVAL;
239 return 0;
240 default:
241 return -EINVAL;
242 }
243}
244
245static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
246{
247 struct ieee80211_sub_if_data *sdata;
248 struct sta_info *sta;
249 int ret;
250
251 might_sleep();
252
253 if (!key || !key->local->ops->set_key)
254 return;
255
256 assert_key_lock(key->local);
257
258 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
259 return;
260
261 sta = key->sta;
262 sdata = key->sdata;
263
264 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
265 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
266 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
267 increment_tailroom_need_count(sdata);
268
269 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
270 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
271 sta ? &sta->sta : NULL, &key->conf);
272
273 if (ret)
274 sdata_err(sdata,
275 "failed to remove key (%d, %pM) from hardware (%d)\n",
276 key->conf.keyidx,
277 sta ? sta->sta.addr : bcast_addr, ret);
278}
279
280static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
281{
282 struct sta_info *sta = key->sta;
283 struct ieee80211_local *local = key->local;
284
285 assert_key_lock(local);
286
287 set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
288
289 sta->ptk_idx = key->conf.keyidx;
290
291 if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
292 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
293 ieee80211_check_fast_xmit(sta);
294
295 return 0;
296}
297
298int ieee80211_set_tx_key(struct ieee80211_key *key)
299{
300 return _ieee80211_set_tx_key(key, false);
301}
302
303static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
304 struct ieee80211_key *new)
305{
306 struct ieee80211_local *local = new->local;
307 struct sta_info *sta = new->sta;
308 int i;
309
310 assert_key_lock(local);
311
312 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
313 /* Extended Key ID key install, initial one or rekey */
314
315 if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
316 !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
317 /* Aggregation Sessions with Extended Key ID must not
318 * mix MPDUs with different keyIDs within one A-MPDU.
319 * Tear down running Tx aggregation sessions and block
320 * new Rx/Tx aggregation requests during rekey to
321 * ensure there are no A-MPDUs when the driver is not
322 * supporting A-MPDU key borders. (Blocking Tx only
323 * would be sufficient but WLAN_STA_BLOCK_BA gets the
324 * job done for the few ms we need it.)
325 */
326 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
327 mutex_lock(&sta->ampdu_mlme.mtx);
328 for (i = 0; i < IEEE80211_NUM_TIDS; i++)
329 ___ieee80211_stop_tx_ba_session(sta, i,
330 AGG_STOP_LOCAL_REQUEST);
331 mutex_unlock(&sta->ampdu_mlme.mtx);
332 }
333 } else if (old) {
334 /* Rekey without Extended Key ID.
335 * Aggregation sessions are OK when running on SW crypto.
336 * A broken remote STA may cause issues not observed with HW
337 * crypto, though.
338 */
339 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
340 return;
341
342 /* Stop Tx till we are on the new key */
343 old->flags |= KEY_FLAG_TAINTED;
344 ieee80211_clear_fast_xmit(sta);
345 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
346 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
347 ieee80211_sta_tear_down_BA_sessions(sta,
348 AGG_STOP_LOCAL_REQUEST);
349 }
350 if (!wiphy_ext_feature_isset(local->hw.wiphy,
351 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
352 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
353 sta->sta.addr);
354 /* Flushing the driver queues *may* help prevent
355 * the clear text leaks and freezes.
356 */
357 ieee80211_flush_queues(local, old->sdata, false);
358 }
359 }
360}
361
362static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
363 int idx, bool uni, bool multi)
364{
365 struct ieee80211_key *key = NULL;
366
367 assert_key_lock(sdata->local);
368
369 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
370 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
371
372 if (uni) {
373 rcu_assign_pointer(sdata->default_unicast_key, key);
374 ieee80211_check_fast_xmit_iface(sdata);
375 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
376 drv_set_default_unicast_key(sdata->local, sdata, idx);
377 }
378
379 if (multi)
380 rcu_assign_pointer(sdata->default_multicast_key, key);
381
382 ieee80211_debugfs_key_update_default(sdata);
383}
384
385void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
386 bool uni, bool multi)
387{
388 mutex_lock(&sdata->local->key_mtx);
389 __ieee80211_set_default_key(sdata, idx, uni, multi);
390 mutex_unlock(&sdata->local->key_mtx);
391}
392
393static void
394__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
395{
396 struct ieee80211_key *key = NULL;
397
398 assert_key_lock(sdata->local);
399
400 if (idx >= NUM_DEFAULT_KEYS &&
401 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
402 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
403
404 rcu_assign_pointer(sdata->default_mgmt_key, key);
405
406 ieee80211_debugfs_key_update_default(sdata);
407}
408
409void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
410 int idx)
411{
412 mutex_lock(&sdata->local->key_mtx);
413 __ieee80211_set_default_mgmt_key(sdata, idx);
414 mutex_unlock(&sdata->local->key_mtx);
415}
416
417static void
418__ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata, int idx)
419{
420 struct ieee80211_key *key = NULL;
421
422 assert_key_lock(sdata->local);
423
424 if (idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS &&
425 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
426 NUM_DEFAULT_BEACON_KEYS)
427 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
428
429 rcu_assign_pointer(sdata->default_beacon_key, key);
430
431 ieee80211_debugfs_key_update_default(sdata);
432}
433
434void ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata,
435 int idx)
436{
437 mutex_lock(&sdata->local->key_mtx);
438 __ieee80211_set_default_beacon_key(sdata, idx);
439 mutex_unlock(&sdata->local->key_mtx);
440}
441
442static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
443 struct sta_info *sta,
444 bool pairwise,
445 struct ieee80211_key *old,
446 struct ieee80211_key *new)
447{
448 int idx;
449 int ret = 0;
450 bool defunikey, defmultikey, defmgmtkey, defbeaconkey;
451
452 /* caller must provide at least one old/new */
453 if (WARN_ON(!new && !old))
454 return 0;
455
456 if (new)
457 list_add_tail_rcu(&new->list, &sdata->key_list);
458
459 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
460
461 if (new && sta && pairwise) {
462 /* Unicast rekey needs special handling. With Extended Key ID
463 * old is still NULL for the first rekey.
464 */
465 ieee80211_pairwise_rekey(old, new);
466 }
467
468 if (old) {
469 idx = old->conf.keyidx;
470
471 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
472 ieee80211_key_disable_hw_accel(old);
473
474 if (new)
475 ret = ieee80211_key_enable_hw_accel(new);
476 }
477 } else {
478 /* new must be provided in case old is not */
479 idx = new->conf.keyidx;
480 if (!new->local->wowlan)
481 ret = ieee80211_key_enable_hw_accel(new);
482 }
483
484 if (ret)
485 return ret;
486
487 if (sta) {
488 if (pairwise) {
489 rcu_assign_pointer(sta->ptk[idx], new);
490 if (new &&
491 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX))
492 _ieee80211_set_tx_key(new, true);
493 } else {
494 rcu_assign_pointer(sta->gtk[idx], new);
495 }
496 /* Only needed for transition from no key -> key.
497 * Still triggers unnecessary when using Extended Key ID
498 * and installing the second key ID the first time.
499 */
500 if (new && !old)
501 ieee80211_check_fast_rx(sta);
502 } else {
503 defunikey = old &&
504 old == key_mtx_dereference(sdata->local,
505 sdata->default_unicast_key);
506 defmultikey = old &&
507 old == key_mtx_dereference(sdata->local,
508 sdata->default_multicast_key);
509 defmgmtkey = old &&
510 old == key_mtx_dereference(sdata->local,
511 sdata->default_mgmt_key);
512 defbeaconkey = old &&
513 old == key_mtx_dereference(sdata->local,
514 sdata->default_beacon_key);
515
516 if (defunikey && !new)
517 __ieee80211_set_default_key(sdata, -1, true, false);
518 if (defmultikey && !new)
519 __ieee80211_set_default_key(sdata, -1, false, true);
520 if (defmgmtkey && !new)
521 __ieee80211_set_default_mgmt_key(sdata, -1);
522 if (defbeaconkey && !new)
523 __ieee80211_set_default_beacon_key(sdata, -1);
524
525 rcu_assign_pointer(sdata->keys[idx], new);
526 if (defunikey && new)
527 __ieee80211_set_default_key(sdata, new->conf.keyidx,
528 true, false);
529 if (defmultikey && new)
530 __ieee80211_set_default_key(sdata, new->conf.keyidx,
531 false, true);
532 if (defmgmtkey && new)
533 __ieee80211_set_default_mgmt_key(sdata,
534 new->conf.keyidx);
535 if (defbeaconkey && new)
536 __ieee80211_set_default_beacon_key(sdata,
537 new->conf.keyidx);
538 }
539
540 if (old)
541 list_del_rcu(&old->list);
542
543 return 0;
544}
545
546struct ieee80211_key *
547ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
548 const u8 *key_data,
549 size_t seq_len, const u8 *seq,
550 const struct ieee80211_cipher_scheme *cs)
551{
552 struct ieee80211_key *key;
553 int i, j, err;
554
555 if (WARN_ON(idx < 0 ||
556 idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
557 NUM_DEFAULT_BEACON_KEYS))
558 return ERR_PTR(-EINVAL);
559
560 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
561 if (!key)
562 return ERR_PTR(-ENOMEM);
563
564 /*
565 * Default to software encryption; we'll later upload the
566 * key to the hardware if possible.
567 */
568 key->conf.flags = 0;
569 key->flags = 0;
570
571 key->conf.cipher = cipher;
572 key->conf.keyidx = idx;
573 key->conf.keylen = key_len;
574 switch (cipher) {
575 case WLAN_CIPHER_SUITE_WEP40:
576 case WLAN_CIPHER_SUITE_WEP104:
577 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
578 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
579 break;
580 case WLAN_CIPHER_SUITE_TKIP:
581 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
582 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
583 if (seq) {
584 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
585 key->u.tkip.rx[i].iv32 =
586 get_unaligned_le32(&seq[2]);
587 key->u.tkip.rx[i].iv16 =
588 get_unaligned_le16(seq);
589 }
590 }
591 spin_lock_init(&key->u.tkip.txlock);
592 break;
593 case WLAN_CIPHER_SUITE_CCMP:
594 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
595 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
596 if (seq) {
597 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
598 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
599 key->u.ccmp.rx_pn[i][j] =
600 seq[IEEE80211_CCMP_PN_LEN - j - 1];
601 }
602 /*
603 * Initialize AES key state here as an optimization so that
604 * it does not need to be initialized for every packet.
605 */
606 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
607 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
608 if (IS_ERR(key->u.ccmp.tfm)) {
609 err = PTR_ERR(key->u.ccmp.tfm);
610 kfree(key);
611 return ERR_PTR(err);
612 }
613 break;
614 case WLAN_CIPHER_SUITE_CCMP_256:
615 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
616 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
617 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
618 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
619 key->u.ccmp.rx_pn[i][j] =
620 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
621 /* Initialize AES key state here as an optimization so that
622 * it does not need to be initialized for every packet.
623 */
624 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
625 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
626 if (IS_ERR(key->u.ccmp.tfm)) {
627 err = PTR_ERR(key->u.ccmp.tfm);
628 kfree(key);
629 return ERR_PTR(err);
630 }
631 break;
632 case WLAN_CIPHER_SUITE_AES_CMAC:
633 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
634 key->conf.iv_len = 0;
635 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
636 key->conf.icv_len = sizeof(struct ieee80211_mmie);
637 else
638 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
639 if (seq)
640 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
641 key->u.aes_cmac.rx_pn[j] =
642 seq[IEEE80211_CMAC_PN_LEN - j - 1];
643 /*
644 * Initialize AES key state here as an optimization so that
645 * it does not need to be initialized for every packet.
646 */
647 key->u.aes_cmac.tfm =
648 ieee80211_aes_cmac_key_setup(key_data, key_len);
649 if (IS_ERR(key->u.aes_cmac.tfm)) {
650 err = PTR_ERR(key->u.aes_cmac.tfm);
651 kfree(key);
652 return ERR_PTR(err);
653 }
654 break;
655 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
656 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
657 key->conf.iv_len = 0;
658 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
659 if (seq)
660 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
661 key->u.aes_gmac.rx_pn[j] =
662 seq[IEEE80211_GMAC_PN_LEN - j - 1];
663 /* Initialize AES key state here as an optimization so that
664 * it does not need to be initialized for every packet.
665 */
666 key->u.aes_gmac.tfm =
667 ieee80211_aes_gmac_key_setup(key_data, key_len);
668 if (IS_ERR(key->u.aes_gmac.tfm)) {
669 err = PTR_ERR(key->u.aes_gmac.tfm);
670 kfree(key);
671 return ERR_PTR(err);
672 }
673 break;
674 case WLAN_CIPHER_SUITE_GCMP:
675 case WLAN_CIPHER_SUITE_GCMP_256:
676 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
677 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
678 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
679 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
680 key->u.gcmp.rx_pn[i][j] =
681 seq[IEEE80211_GCMP_PN_LEN - j - 1];
682 /* Initialize AES key state here as an optimization so that
683 * it does not need to be initialized for every packet.
684 */
685 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
686 key_len);
687 if (IS_ERR(key->u.gcmp.tfm)) {
688 err = PTR_ERR(key->u.gcmp.tfm);
689 kfree(key);
690 return ERR_PTR(err);
691 }
692 break;
693 default:
694 if (cs) {
695 if (seq_len && seq_len != cs->pn_len) {
696 kfree(key);
697 return ERR_PTR(-EINVAL);
698 }
699
700 key->conf.iv_len = cs->hdr_len;
701 key->conf.icv_len = cs->mic_len;
702 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
703 for (j = 0; j < seq_len; j++)
704 key->u.gen.rx_pn[i][j] =
705 seq[seq_len - j - 1];
706 key->flags |= KEY_FLAG_CIPHER_SCHEME;
707 }
708 }
709 memcpy(key->conf.key, key_data, key_len);
710 INIT_LIST_HEAD(&key->list);
711
712 return key;
713}
714
715static void ieee80211_key_free_common(struct ieee80211_key *key)
716{
717 switch (key->conf.cipher) {
718 case WLAN_CIPHER_SUITE_CCMP:
719 case WLAN_CIPHER_SUITE_CCMP_256:
720 ieee80211_aes_key_free(key->u.ccmp.tfm);
721 break;
722 case WLAN_CIPHER_SUITE_AES_CMAC:
723 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
724 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
725 break;
726 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
727 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
728 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
729 break;
730 case WLAN_CIPHER_SUITE_GCMP:
731 case WLAN_CIPHER_SUITE_GCMP_256:
732 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
733 break;
734 }
735 kfree_sensitive(key);
736}
737
738static void __ieee80211_key_destroy(struct ieee80211_key *key,
739 bool delay_tailroom)
740{
741 if (key->local) {
742 struct ieee80211_sub_if_data *sdata = key->sdata;
743
744 ieee80211_debugfs_key_remove(key);
745
746 if (delay_tailroom) {
747 /* see ieee80211_delayed_tailroom_dec */
748 sdata->crypto_tx_tailroom_pending_dec++;
749 schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
750 HZ/2);
751 } else {
752 decrease_tailroom_need_count(sdata, 1);
753 }
754 }
755
756 ieee80211_key_free_common(key);
757}
758
759static void ieee80211_key_destroy(struct ieee80211_key *key,
760 bool delay_tailroom)
761{
762 if (!key)
763 return;
764
765 /*
766 * Synchronize so the TX path and rcu key iterators
767 * can no longer be using this key before we free/remove it.
768 */
769 synchronize_net();
770
771 __ieee80211_key_destroy(key, delay_tailroom);
772}
773
774void ieee80211_key_free_unused(struct ieee80211_key *key)
775{
776 WARN_ON(key->sdata || key->local);
777 ieee80211_key_free_common(key);
778}
779
780static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
781 struct ieee80211_key *old,
782 struct ieee80211_key *new)
783{
784 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
785 u8 *tk_old, *tk_new;
786
787 if (!old || new->conf.keylen != old->conf.keylen)
788 return false;
789
790 tk_old = old->conf.key;
791 tk_new = new->conf.key;
792
793 /*
794 * In station mode, don't compare the TX MIC key, as it's never used
795 * and offloaded rekeying may not care to send it to the host. This
796 * is the case in iwlwifi, for example.
797 */
798 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
799 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
800 new->conf.keylen == WLAN_KEY_LEN_TKIP &&
801 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
802 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
803 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
804 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
805 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
806 tk_old = tkip_old;
807 tk_new = tkip_new;
808 }
809
810 return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
811}
812
813int ieee80211_key_link(struct ieee80211_key *key,
814 struct ieee80211_sub_if_data *sdata,
815 struct sta_info *sta)
816{
817 struct ieee80211_key *old_key;
818 int idx = key->conf.keyidx;
819 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
820 /*
821 * We want to delay tailroom updates only for station - in that
822 * case it helps roaming speed, but in other cases it hurts and
823 * can cause warnings to appear.
824 */
825 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
826 int ret = -EOPNOTSUPP;
827
828 mutex_lock(&sdata->local->key_mtx);
829
830 if (sta && pairwise) {
831 struct ieee80211_key *alt_key;
832
833 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
834 alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]);
835
836 /* The rekey code assumes that the old and new key are using
837 * the same cipher. Enforce the assumption for pairwise keys.
838 */
839 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
840 (old_key && old_key->conf.cipher != key->conf.cipher))
841 goto out;
842 } else if (sta) {
843 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
844 } else {
845 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
846 }
847
848 /* Non-pairwise keys must also not switch the cipher on rekey */
849 if (!pairwise) {
850 if (old_key && old_key->conf.cipher != key->conf.cipher)
851 goto out;
852 }
853
854 /*
855 * Silently accept key re-installation without really installing the
856 * new version of the key to avoid nonce reuse or replay issues.
857 */
858 if (ieee80211_key_identical(sdata, old_key, key)) {
859 ieee80211_key_free_unused(key);
860 ret = 0;
861 goto out;
862 }
863
864 key->local = sdata->local;
865 key->sdata = sdata;
866 key->sta = sta;
867
868 increment_tailroom_need_count(sdata);
869
870 ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
871
872 if (!ret) {
873 ieee80211_debugfs_key_add(key);
874 ieee80211_key_destroy(old_key, delay_tailroom);
875 } else {
876 ieee80211_key_free(key, delay_tailroom);
877 }
878
879 out:
880 mutex_unlock(&sdata->local->key_mtx);
881
882 return ret;
883}
884
885void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
886{
887 if (!key)
888 return;
889
890 /*
891 * Replace key with nothingness if it was ever used.
892 */
893 if (key->sdata)
894 ieee80211_key_replace(key->sdata, key->sta,
895 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
896 key, NULL);
897 ieee80211_key_destroy(key, delay_tailroom);
898}
899
900void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
901{
902 struct ieee80211_key *key;
903 struct ieee80211_sub_if_data *vlan;
904
905 ASSERT_RTNL();
906
907 mutex_lock(&sdata->local->key_mtx);
908
909 sdata->crypto_tx_tailroom_needed_cnt = 0;
910 sdata->crypto_tx_tailroom_pending_dec = 0;
911
912 if (sdata->vif.type == NL80211_IFTYPE_AP) {
913 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
914 vlan->crypto_tx_tailroom_needed_cnt = 0;
915 vlan->crypto_tx_tailroom_pending_dec = 0;
916 }
917 }
918
919 if (ieee80211_sdata_running(sdata)) {
920 list_for_each_entry(key, &sdata->key_list, list) {
921 increment_tailroom_need_count(sdata);
922 ieee80211_key_enable_hw_accel(key);
923 }
924 }
925
926 mutex_unlock(&sdata->local->key_mtx);
927}
928
929void ieee80211_iter_keys(struct ieee80211_hw *hw,
930 struct ieee80211_vif *vif,
931 void (*iter)(struct ieee80211_hw *hw,
932 struct ieee80211_vif *vif,
933 struct ieee80211_sta *sta,
934 struct ieee80211_key_conf *key,
935 void *data),
936 void *iter_data)
937{
938 struct ieee80211_local *local = hw_to_local(hw);
939 struct ieee80211_key *key, *tmp;
940 struct ieee80211_sub_if_data *sdata;
941
942 ASSERT_RTNL();
943
944 mutex_lock(&local->key_mtx);
945 if (vif) {
946 sdata = vif_to_sdata(vif);
947 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
948 iter(hw, &sdata->vif,
949 key->sta ? &key->sta->sta : NULL,
950 &key->conf, iter_data);
951 } else {
952 list_for_each_entry(sdata, &local->interfaces, list)
953 list_for_each_entry_safe(key, tmp,
954 &sdata->key_list, list)
955 iter(hw, &sdata->vif,
956 key->sta ? &key->sta->sta : NULL,
957 &key->conf, iter_data);
958 }
959 mutex_unlock(&local->key_mtx);
960}
961EXPORT_SYMBOL(ieee80211_iter_keys);
962
963static void
964_ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
965 struct ieee80211_sub_if_data *sdata,
966 void (*iter)(struct ieee80211_hw *hw,
967 struct ieee80211_vif *vif,
968 struct ieee80211_sta *sta,
969 struct ieee80211_key_conf *key,
970 void *data),
971 void *iter_data)
972{
973 struct ieee80211_key *key;
974
975 list_for_each_entry_rcu(key, &sdata->key_list, list) {
976 /* skip keys of station in removal process */
977 if (key->sta && key->sta->removed)
978 continue;
979 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
980 continue;
981
982 iter(hw, &sdata->vif,
983 key->sta ? &key->sta->sta : NULL,
984 &key->conf, iter_data);
985 }
986}
987
988void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
989 struct ieee80211_vif *vif,
990 void (*iter)(struct ieee80211_hw *hw,
991 struct ieee80211_vif *vif,
992 struct ieee80211_sta *sta,
993 struct ieee80211_key_conf *key,
994 void *data),
995 void *iter_data)
996{
997 struct ieee80211_local *local = hw_to_local(hw);
998 struct ieee80211_sub_if_data *sdata;
999
1000 if (vif) {
1001 sdata = vif_to_sdata(vif);
1002 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1003 } else {
1004 list_for_each_entry_rcu(sdata, &local->interfaces, list)
1005 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1006 }
1007}
1008EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
1009
1010static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
1011 struct list_head *keys)
1012{
1013 struct ieee80211_key *key, *tmp;
1014
1015 decrease_tailroom_need_count(sdata,
1016 sdata->crypto_tx_tailroom_pending_dec);
1017 sdata->crypto_tx_tailroom_pending_dec = 0;
1018
1019 ieee80211_debugfs_key_remove_mgmt_default(sdata);
1020 ieee80211_debugfs_key_remove_beacon_default(sdata);
1021
1022 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1023 ieee80211_key_replace(key->sdata, key->sta,
1024 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1025 key, NULL);
1026 list_add_tail(&key->list, keys);
1027 }
1028
1029 ieee80211_debugfs_key_update_default(sdata);
1030}
1031
1032void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
1033 bool force_synchronize)
1034{
1035 struct ieee80211_local *local = sdata->local;
1036 struct ieee80211_sub_if_data *vlan;
1037 struct ieee80211_sub_if_data *master;
1038 struct ieee80211_key *key, *tmp;
1039 LIST_HEAD(keys);
1040
1041 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
1042
1043 mutex_lock(&local->key_mtx);
1044
1045 ieee80211_free_keys_iface(sdata, &keys);
1046
1047 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1048 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1049 ieee80211_free_keys_iface(vlan, &keys);
1050 }
1051
1052 if (!list_empty(&keys) || force_synchronize)
1053 synchronize_net();
1054 list_for_each_entry_safe(key, tmp, &keys, list)
1055 __ieee80211_key_destroy(key, false);
1056
1057 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1058 if (sdata->bss) {
1059 master = container_of(sdata->bss,
1060 struct ieee80211_sub_if_data,
1061 u.ap);
1062
1063 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1064 master->crypto_tx_tailroom_needed_cnt);
1065 }
1066 } else {
1067 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1068 sdata->crypto_tx_tailroom_pending_dec);
1069 }
1070
1071 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1072 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1073 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1074 vlan->crypto_tx_tailroom_pending_dec);
1075 }
1076
1077 mutex_unlock(&local->key_mtx);
1078}
1079
1080void ieee80211_free_sta_keys(struct ieee80211_local *local,
1081 struct sta_info *sta)
1082{
1083 struct ieee80211_key *key;
1084 int i;
1085
1086 mutex_lock(&local->key_mtx);
1087 for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
1088 key = key_mtx_dereference(local, sta->gtk[i]);
1089 if (!key)
1090 continue;
1091 ieee80211_key_replace(key->sdata, key->sta,
1092 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1093 key, NULL);
1094 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1095 NL80211_IFTYPE_STATION);
1096 }
1097
1098 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1099 key = key_mtx_dereference(local, sta->ptk[i]);
1100 if (!key)
1101 continue;
1102 ieee80211_key_replace(key->sdata, key->sta,
1103 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1104 key, NULL);
1105 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1106 NL80211_IFTYPE_STATION);
1107 }
1108
1109 mutex_unlock(&local->key_mtx);
1110}
1111
1112void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
1113{
1114 struct ieee80211_sub_if_data *sdata;
1115
1116 sdata = container_of(wk, struct ieee80211_sub_if_data,
1117 dec_tailroom_needed_wk.work);
1118
1119 /*
1120 * The reason for the delayed tailroom needed decrementing is to
1121 * make roaming faster: during roaming, all keys are first deleted
1122 * and then new keys are installed. The first new key causes the
1123 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1124 * the cost of synchronize_net() (which can be slow). Avoid this
1125 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1126 * key removal for a while, so if we roam the value is larger than
1127 * zero and no 0->1 transition happens.
1128 *
1129 * The cost is that if the AP switching was from an AP with keys
1130 * to one without, we still allocate tailroom while it would no
1131 * longer be needed. However, in the typical (fast) roaming case
1132 * within an ESS this usually won't happen.
1133 */
1134
1135 mutex_lock(&sdata->local->key_mtx);
1136 decrease_tailroom_need_count(sdata,
1137 sdata->crypto_tx_tailroom_pending_dec);
1138 sdata->crypto_tx_tailroom_pending_dec = 0;
1139 mutex_unlock(&sdata->local->key_mtx);
1140}
1141
1142void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1143 const u8 *replay_ctr, gfp_t gfp)
1144{
1145 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1146
1147 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1148
1149 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1150}
1151EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1152
1153void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1154 int tid, struct ieee80211_key_seq *seq)
1155{
1156 struct ieee80211_key *key;
1157 const u8 *pn;
1158
1159 key = container_of(keyconf, struct ieee80211_key, conf);
1160
1161 switch (key->conf.cipher) {
1162 case WLAN_CIPHER_SUITE_TKIP:
1163 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1164 return;
1165 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1166 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1167 break;
1168 case WLAN_CIPHER_SUITE_CCMP:
1169 case WLAN_CIPHER_SUITE_CCMP_256:
1170 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1171 return;
1172 if (tid < 0)
1173 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1174 else
1175 pn = key->u.ccmp.rx_pn[tid];
1176 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1177 break;
1178 case WLAN_CIPHER_SUITE_AES_CMAC:
1179 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1180 if (WARN_ON(tid != 0))
1181 return;
1182 pn = key->u.aes_cmac.rx_pn;
1183 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1184 break;
1185 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1186 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1187 if (WARN_ON(tid != 0))
1188 return;
1189 pn = key->u.aes_gmac.rx_pn;
1190 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1191 break;
1192 case WLAN_CIPHER_SUITE_GCMP:
1193 case WLAN_CIPHER_SUITE_GCMP_256:
1194 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1195 return;
1196 if (tid < 0)
1197 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1198 else
1199 pn = key->u.gcmp.rx_pn[tid];
1200 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1201 break;
1202 }
1203}
1204EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1205
1206void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1207 int tid, struct ieee80211_key_seq *seq)
1208{
1209 struct ieee80211_key *key;
1210 u8 *pn;
1211
1212 key = container_of(keyconf, struct ieee80211_key, conf);
1213
1214 switch (key->conf.cipher) {
1215 case WLAN_CIPHER_SUITE_TKIP:
1216 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1217 return;
1218 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1219 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1220 break;
1221 case WLAN_CIPHER_SUITE_CCMP:
1222 case WLAN_CIPHER_SUITE_CCMP_256:
1223 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1224 return;
1225 if (tid < 0)
1226 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1227 else
1228 pn = key->u.ccmp.rx_pn[tid];
1229 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1230 break;
1231 case WLAN_CIPHER_SUITE_AES_CMAC:
1232 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1233 if (WARN_ON(tid != 0))
1234 return;
1235 pn = key->u.aes_cmac.rx_pn;
1236 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1237 break;
1238 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1239 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1240 if (WARN_ON(tid != 0))
1241 return;
1242 pn = key->u.aes_gmac.rx_pn;
1243 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1244 break;
1245 case WLAN_CIPHER_SUITE_GCMP:
1246 case WLAN_CIPHER_SUITE_GCMP_256:
1247 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1248 return;
1249 if (tid < 0)
1250 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1251 else
1252 pn = key->u.gcmp.rx_pn[tid];
1253 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1254 break;
1255 default:
1256 WARN_ON(1);
1257 break;
1258 }
1259}
1260EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1261
1262void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1263{
1264 struct ieee80211_key *key;
1265
1266 key = container_of(keyconf, struct ieee80211_key, conf);
1267
1268 assert_key_lock(key->local);
1269
1270 /*
1271 * if key was uploaded, we assume the driver will/has remove(d)
1272 * it, so adjust bookkeeping accordingly
1273 */
1274 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1275 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1276
1277 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1278 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1279 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1280 increment_tailroom_need_count(key->sdata);
1281 }
1282
1283 ieee80211_key_free(key, false);
1284}
1285EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1286
1287struct ieee80211_key_conf *
1288ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1289 struct ieee80211_key_conf *keyconf)
1290{
1291 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1292 struct ieee80211_local *local = sdata->local;
1293 struct ieee80211_key *key;
1294 int err;
1295
1296 if (WARN_ON(!local->wowlan))
1297 return ERR_PTR(-EINVAL);
1298
1299 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1300 return ERR_PTR(-EINVAL);
1301
1302 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1303 keyconf->keylen, keyconf->key,
1304 0, NULL, NULL);
1305 if (IS_ERR(key))
1306 return ERR_CAST(key);
1307
1308 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1309 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1310
1311 err = ieee80211_key_link(key, sdata, NULL);
1312 if (err)
1313 return ERR_PTR(err);
1314
1315 return &key->conf;
1316}
1317EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright 2015-2017 Intel Deutschland GmbH
9 * Copyright 2018-2020, 2022 Intel Corporation
10 */
11
12#include <linux/if_ether.h>
13#include <linux/etherdevice.h>
14#include <linux/list.h>
15#include <linux/rcupdate.h>
16#include <linux/rtnetlink.h>
17#include <linux/slab.h>
18#include <linux/export.h>
19#include <net/mac80211.h>
20#include <crypto/algapi.h>
21#include <asm/unaligned.h>
22#include "ieee80211_i.h"
23#include "driver-ops.h"
24#include "debugfs_key.h"
25#include "aes_ccm.h"
26#include "aes_cmac.h"
27#include "aes_gmac.h"
28#include "aes_gcm.h"
29
30
31/**
32 * DOC: Key handling basics
33 *
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
37 *
38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
45 *
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
52 */
53
54static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55
56static void assert_key_lock(struct ieee80211_local *local)
57{
58 lockdep_assert_held(&local->key_mtx);
59}
60
61static void
62update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
63{
64 struct ieee80211_sub_if_data *vlan;
65
66 if (sdata->vif.type != NL80211_IFTYPE_AP)
67 return;
68
69 /* crypto_tx_tailroom_needed_cnt is protected by this */
70 assert_key_lock(sdata->local);
71
72 rcu_read_lock();
73
74 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
75 vlan->crypto_tx_tailroom_needed_cnt += delta;
76
77 rcu_read_unlock();
78}
79
80static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
81{
82 /*
83 * When this count is zero, SKB resizing for allocating tailroom
84 * for IV or MMIC is skipped. But, this check has created two race
85 * cases in xmit path while transiting from zero count to one:
86 *
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
89 *
90 * 2. SKB resize was skipped because all the keys were hw planted but
91 * just before xmit one of the key is deleted and SW encryption kicks
92 * off.
93 *
94 * In both the above case SW encryption will find not enough space for
95 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
96 *
97 * Solution has been explained at
98 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
99 */
100
101 assert_key_lock(sdata->local);
102
103 update_vlan_tailroom_need_count(sdata, 1);
104
105 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
106 /*
107 * Flush all XMIT packets currently using HW encryption or no
108 * encryption at all if the count transition is from 0 -> 1.
109 */
110 synchronize_net();
111 }
112}
113
114static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
115 int delta)
116{
117 assert_key_lock(sdata->local);
118
119 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
120
121 update_vlan_tailroom_need_count(sdata, -delta);
122 sdata->crypto_tx_tailroom_needed_cnt -= delta;
123}
124
125static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
126{
127 struct ieee80211_sub_if_data *sdata = key->sdata;
128 struct sta_info *sta;
129 int ret = -EOPNOTSUPP;
130
131 might_sleep();
132
133 if (key->flags & KEY_FLAG_TAINTED) {
134 /* If we get here, it's during resume and the key is
135 * tainted so shouldn't be used/programmed any more.
136 * However, its flags may still indicate that it was
137 * programmed into the device (since we're in resume)
138 * so clear that flag now to avoid trying to remove
139 * it again later.
140 */
141 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
143 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
144 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
145 increment_tailroom_need_count(sdata);
146
147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
148 return -EINVAL;
149 }
150
151 if (!key->local->ops->set_key)
152 goto out_unsupported;
153
154 assert_key_lock(key->local);
155
156 sta = key->sta;
157
158 /*
159 * If this is a per-STA GTK, check if it
160 * is supported; if not, return.
161 */
162 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
163 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
164 goto out_unsupported;
165
166 if (sta && !sta->uploaded)
167 goto out_unsupported;
168
169 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
170 /*
171 * The driver doesn't know anything about VLAN interfaces.
172 * Hence, don't send GTKs for VLAN interfaces to the driver.
173 */
174 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
175 ret = 1;
176 goto out_unsupported;
177 }
178 }
179
180 if (key->conf.link_id >= 0 && sdata->vif.active_links &&
181 !(sdata->vif.active_links & BIT(key->conf.link_id)))
182 return 0;
183
184 ret = drv_set_key(key->local, SET_KEY, sdata,
185 sta ? &sta->sta : NULL, &key->conf);
186
187 if (!ret) {
188 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
189
190 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
191 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
192 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
193 decrease_tailroom_need_count(sdata, 1);
194
195 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
196 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
197
198 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
199 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
200
201 return 0;
202 }
203
204 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
205 sdata_err(sdata,
206 "failed to set key (%d, %pM) to hardware (%d)\n",
207 key->conf.keyidx,
208 sta ? sta->sta.addr : bcast_addr, ret);
209
210 out_unsupported:
211 switch (key->conf.cipher) {
212 case WLAN_CIPHER_SUITE_WEP40:
213 case WLAN_CIPHER_SUITE_WEP104:
214 case WLAN_CIPHER_SUITE_TKIP:
215 case WLAN_CIPHER_SUITE_CCMP:
216 case WLAN_CIPHER_SUITE_CCMP_256:
217 case WLAN_CIPHER_SUITE_GCMP:
218 case WLAN_CIPHER_SUITE_GCMP_256:
219 case WLAN_CIPHER_SUITE_AES_CMAC:
220 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
221 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
222 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
223 /* all of these we can do in software - if driver can */
224 if (ret == 1)
225 return 0;
226 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
227 return -EINVAL;
228 return 0;
229 default:
230 return -EINVAL;
231 }
232}
233
234static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
235{
236 struct ieee80211_sub_if_data *sdata;
237 struct sta_info *sta;
238 int ret;
239
240 might_sleep();
241
242 if (!key || !key->local->ops->set_key)
243 return;
244
245 assert_key_lock(key->local);
246
247 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
248 return;
249
250 sta = key->sta;
251 sdata = key->sdata;
252
253 if (key->conf.link_id >= 0 && sdata->vif.active_links &&
254 !(sdata->vif.active_links & BIT(key->conf.link_id)))
255 return;
256
257 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
258 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
259 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
260 increment_tailroom_need_count(sdata);
261
262 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
263 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
264 sta ? &sta->sta : NULL, &key->conf);
265
266 if (ret)
267 sdata_err(sdata,
268 "failed to remove key (%d, %pM) from hardware (%d)\n",
269 key->conf.keyidx,
270 sta ? sta->sta.addr : bcast_addr, ret);
271}
272
273static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
274{
275 struct sta_info *sta = key->sta;
276 struct ieee80211_local *local = key->local;
277
278 assert_key_lock(local);
279
280 set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
281
282 sta->ptk_idx = key->conf.keyidx;
283
284 if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
285 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
286 ieee80211_check_fast_xmit(sta);
287
288 return 0;
289}
290
291int ieee80211_set_tx_key(struct ieee80211_key *key)
292{
293 return _ieee80211_set_tx_key(key, false);
294}
295
296static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
297 struct ieee80211_key *new)
298{
299 struct ieee80211_local *local = new->local;
300 struct sta_info *sta = new->sta;
301 int i;
302
303 assert_key_lock(local);
304
305 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
306 /* Extended Key ID key install, initial one or rekey */
307
308 if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
309 !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
310 /* Aggregation Sessions with Extended Key ID must not
311 * mix MPDUs with different keyIDs within one A-MPDU.
312 * Tear down running Tx aggregation sessions and block
313 * new Rx/Tx aggregation requests during rekey to
314 * ensure there are no A-MPDUs when the driver is not
315 * supporting A-MPDU key borders. (Blocking Tx only
316 * would be sufficient but WLAN_STA_BLOCK_BA gets the
317 * job done for the few ms we need it.)
318 */
319 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
320 mutex_lock(&sta->ampdu_mlme.mtx);
321 for (i = 0; i < IEEE80211_NUM_TIDS; i++)
322 ___ieee80211_stop_tx_ba_session(sta, i,
323 AGG_STOP_LOCAL_REQUEST);
324 mutex_unlock(&sta->ampdu_mlme.mtx);
325 }
326 } else if (old) {
327 /* Rekey without Extended Key ID.
328 * Aggregation sessions are OK when running on SW crypto.
329 * A broken remote STA may cause issues not observed with HW
330 * crypto, though.
331 */
332 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
333 return;
334
335 /* Stop Tx till we are on the new key */
336 old->flags |= KEY_FLAG_TAINTED;
337 ieee80211_clear_fast_xmit(sta);
338 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
339 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
340 ieee80211_sta_tear_down_BA_sessions(sta,
341 AGG_STOP_LOCAL_REQUEST);
342 }
343 if (!wiphy_ext_feature_isset(local->hw.wiphy,
344 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
345 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
346 sta->sta.addr);
347 /* Flushing the driver queues *may* help prevent
348 * the clear text leaks and freezes.
349 */
350 ieee80211_flush_queues(local, old->sdata, false);
351 }
352 }
353}
354
355static void __ieee80211_set_default_key(struct ieee80211_link_data *link,
356 int idx, bool uni, bool multi)
357{
358 struct ieee80211_sub_if_data *sdata = link->sdata;
359 struct ieee80211_key *key = NULL;
360
361 assert_key_lock(sdata->local);
362
363 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) {
364 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
365 if (!key)
366 key = key_mtx_dereference(sdata->local, link->gtk[idx]);
367 }
368
369 if (uni) {
370 rcu_assign_pointer(sdata->default_unicast_key, key);
371 ieee80211_check_fast_xmit_iface(sdata);
372 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
373 drv_set_default_unicast_key(sdata->local, sdata, idx);
374 }
375
376 if (multi)
377 rcu_assign_pointer(link->default_multicast_key, key);
378
379 ieee80211_debugfs_key_update_default(sdata);
380}
381
382void ieee80211_set_default_key(struct ieee80211_link_data *link, int idx,
383 bool uni, bool multi)
384{
385 mutex_lock(&link->sdata->local->key_mtx);
386 __ieee80211_set_default_key(link, idx, uni, multi);
387 mutex_unlock(&link->sdata->local->key_mtx);
388}
389
390static void
391__ieee80211_set_default_mgmt_key(struct ieee80211_link_data *link, int idx)
392{
393 struct ieee80211_sub_if_data *sdata = link->sdata;
394 struct ieee80211_key *key = NULL;
395
396 assert_key_lock(sdata->local);
397
398 if (idx >= NUM_DEFAULT_KEYS &&
399 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
400 key = key_mtx_dereference(sdata->local, link->gtk[idx]);
401
402 rcu_assign_pointer(link->default_mgmt_key, key);
403
404 ieee80211_debugfs_key_update_default(sdata);
405}
406
407void ieee80211_set_default_mgmt_key(struct ieee80211_link_data *link,
408 int idx)
409{
410 mutex_lock(&link->sdata->local->key_mtx);
411 __ieee80211_set_default_mgmt_key(link, idx);
412 mutex_unlock(&link->sdata->local->key_mtx);
413}
414
415static void
416__ieee80211_set_default_beacon_key(struct ieee80211_link_data *link, int idx)
417{
418 struct ieee80211_sub_if_data *sdata = link->sdata;
419 struct ieee80211_key *key = NULL;
420
421 assert_key_lock(sdata->local);
422
423 if (idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS &&
424 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
425 NUM_DEFAULT_BEACON_KEYS)
426 key = key_mtx_dereference(sdata->local, link->gtk[idx]);
427
428 rcu_assign_pointer(link->default_beacon_key, key);
429
430 ieee80211_debugfs_key_update_default(sdata);
431}
432
433void ieee80211_set_default_beacon_key(struct ieee80211_link_data *link,
434 int idx)
435{
436 mutex_lock(&link->sdata->local->key_mtx);
437 __ieee80211_set_default_beacon_key(link, idx);
438 mutex_unlock(&link->sdata->local->key_mtx);
439}
440
441static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
442 struct ieee80211_link_data *link,
443 struct sta_info *sta,
444 bool pairwise,
445 struct ieee80211_key *old,
446 struct ieee80211_key *new)
447{
448 struct link_sta_info *link_sta = sta ? &sta->deflink : NULL;
449 int link_id;
450 int idx;
451 int ret = 0;
452 bool defunikey, defmultikey, defmgmtkey, defbeaconkey;
453 bool is_wep;
454
455 /* caller must provide at least one old/new */
456 if (WARN_ON(!new && !old))
457 return 0;
458
459 if (new) {
460 idx = new->conf.keyidx;
461 is_wep = new->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
462 new->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
463 link_id = new->conf.link_id;
464 } else {
465 idx = old->conf.keyidx;
466 is_wep = old->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
467 old->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
468 link_id = old->conf.link_id;
469 }
470
471 if (WARN(old && old->conf.link_id != link_id,
472 "old link ID %d doesn't match new link ID %d\n",
473 old->conf.link_id, link_id))
474 return -EINVAL;
475
476 if (link_id >= 0) {
477 if (!link) {
478 link = sdata_dereference(sdata->link[link_id], sdata);
479 if (!link)
480 return -ENOLINK;
481 }
482
483 if (sta) {
484 link_sta = rcu_dereference_protected(sta->link[link_id],
485 lockdep_is_held(&sta->local->sta_mtx));
486 if (!link_sta)
487 return -ENOLINK;
488 }
489 } else {
490 link = &sdata->deflink;
491 }
492
493 if ((is_wep || pairwise) && idx >= NUM_DEFAULT_KEYS)
494 return -EINVAL;
495
496 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
497
498 if (new && sta && pairwise) {
499 /* Unicast rekey needs special handling. With Extended Key ID
500 * old is still NULL for the first rekey.
501 */
502 ieee80211_pairwise_rekey(old, new);
503 }
504
505 if (old) {
506 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
507 ieee80211_key_disable_hw_accel(old);
508
509 if (new)
510 ret = ieee80211_key_enable_hw_accel(new);
511 }
512 } else {
513 if (!new->local->wowlan)
514 ret = ieee80211_key_enable_hw_accel(new);
515 }
516
517 if (ret)
518 return ret;
519
520 if (new)
521 list_add_tail_rcu(&new->list, &sdata->key_list);
522
523 if (sta) {
524 if (pairwise) {
525 rcu_assign_pointer(sta->ptk[idx], new);
526 if (new &&
527 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX))
528 _ieee80211_set_tx_key(new, true);
529 } else {
530 rcu_assign_pointer(link_sta->gtk[idx], new);
531 }
532 /* Only needed for transition from no key -> key.
533 * Still triggers unnecessary when using Extended Key ID
534 * and installing the second key ID the first time.
535 */
536 if (new && !old)
537 ieee80211_check_fast_rx(sta);
538 } else {
539 defunikey = old &&
540 old == key_mtx_dereference(sdata->local,
541 sdata->default_unicast_key);
542 defmultikey = old &&
543 old == key_mtx_dereference(sdata->local,
544 link->default_multicast_key);
545 defmgmtkey = old &&
546 old == key_mtx_dereference(sdata->local,
547 link->default_mgmt_key);
548 defbeaconkey = old &&
549 old == key_mtx_dereference(sdata->local,
550 link->default_beacon_key);
551
552 if (defunikey && !new)
553 __ieee80211_set_default_key(link, -1, true, false);
554 if (defmultikey && !new)
555 __ieee80211_set_default_key(link, -1, false, true);
556 if (defmgmtkey && !new)
557 __ieee80211_set_default_mgmt_key(link, -1);
558 if (defbeaconkey && !new)
559 __ieee80211_set_default_beacon_key(link, -1);
560
561 if (is_wep || pairwise)
562 rcu_assign_pointer(sdata->keys[idx], new);
563 else
564 rcu_assign_pointer(link->gtk[idx], new);
565
566 if (defunikey && new)
567 __ieee80211_set_default_key(link, new->conf.keyidx,
568 true, false);
569 if (defmultikey && new)
570 __ieee80211_set_default_key(link, new->conf.keyidx,
571 false, true);
572 if (defmgmtkey && new)
573 __ieee80211_set_default_mgmt_key(link,
574 new->conf.keyidx);
575 if (defbeaconkey && new)
576 __ieee80211_set_default_beacon_key(link,
577 new->conf.keyidx);
578 }
579
580 if (old)
581 list_del_rcu(&old->list);
582
583 return 0;
584}
585
586struct ieee80211_key *
587ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
588 const u8 *key_data,
589 size_t seq_len, const u8 *seq)
590{
591 struct ieee80211_key *key;
592 int i, j, err;
593
594 if (WARN_ON(idx < 0 ||
595 idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
596 NUM_DEFAULT_BEACON_KEYS))
597 return ERR_PTR(-EINVAL);
598
599 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
600 if (!key)
601 return ERR_PTR(-ENOMEM);
602
603 /*
604 * Default to software encryption; we'll later upload the
605 * key to the hardware if possible.
606 */
607 key->conf.flags = 0;
608 key->flags = 0;
609
610 key->conf.link_id = -1;
611 key->conf.cipher = cipher;
612 key->conf.keyidx = idx;
613 key->conf.keylen = key_len;
614 switch (cipher) {
615 case WLAN_CIPHER_SUITE_WEP40:
616 case WLAN_CIPHER_SUITE_WEP104:
617 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
618 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
619 break;
620 case WLAN_CIPHER_SUITE_TKIP:
621 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
622 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
623 if (seq) {
624 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
625 key->u.tkip.rx[i].iv32 =
626 get_unaligned_le32(&seq[2]);
627 key->u.tkip.rx[i].iv16 =
628 get_unaligned_le16(seq);
629 }
630 }
631 spin_lock_init(&key->u.tkip.txlock);
632 break;
633 case WLAN_CIPHER_SUITE_CCMP:
634 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
635 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
636 if (seq) {
637 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
638 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
639 key->u.ccmp.rx_pn[i][j] =
640 seq[IEEE80211_CCMP_PN_LEN - j - 1];
641 }
642 /*
643 * Initialize AES key state here as an optimization so that
644 * it does not need to be initialized for every packet.
645 */
646 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
647 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
648 if (IS_ERR(key->u.ccmp.tfm)) {
649 err = PTR_ERR(key->u.ccmp.tfm);
650 kfree(key);
651 return ERR_PTR(err);
652 }
653 break;
654 case WLAN_CIPHER_SUITE_CCMP_256:
655 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
656 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
657 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
658 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
659 key->u.ccmp.rx_pn[i][j] =
660 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
661 /* Initialize AES key state here as an optimization so that
662 * it does not need to be initialized for every packet.
663 */
664 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
665 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
666 if (IS_ERR(key->u.ccmp.tfm)) {
667 err = PTR_ERR(key->u.ccmp.tfm);
668 kfree(key);
669 return ERR_PTR(err);
670 }
671 break;
672 case WLAN_CIPHER_SUITE_AES_CMAC:
673 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
674 key->conf.iv_len = 0;
675 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
676 key->conf.icv_len = sizeof(struct ieee80211_mmie);
677 else
678 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
679 if (seq)
680 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
681 key->u.aes_cmac.rx_pn[j] =
682 seq[IEEE80211_CMAC_PN_LEN - j - 1];
683 /*
684 * Initialize AES key state here as an optimization so that
685 * it does not need to be initialized for every packet.
686 */
687 key->u.aes_cmac.tfm =
688 ieee80211_aes_cmac_key_setup(key_data, key_len);
689 if (IS_ERR(key->u.aes_cmac.tfm)) {
690 err = PTR_ERR(key->u.aes_cmac.tfm);
691 kfree(key);
692 return ERR_PTR(err);
693 }
694 break;
695 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
696 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
697 key->conf.iv_len = 0;
698 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
699 if (seq)
700 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
701 key->u.aes_gmac.rx_pn[j] =
702 seq[IEEE80211_GMAC_PN_LEN - j - 1];
703 /* Initialize AES key state here as an optimization so that
704 * it does not need to be initialized for every packet.
705 */
706 key->u.aes_gmac.tfm =
707 ieee80211_aes_gmac_key_setup(key_data, key_len);
708 if (IS_ERR(key->u.aes_gmac.tfm)) {
709 err = PTR_ERR(key->u.aes_gmac.tfm);
710 kfree(key);
711 return ERR_PTR(err);
712 }
713 break;
714 case WLAN_CIPHER_SUITE_GCMP:
715 case WLAN_CIPHER_SUITE_GCMP_256:
716 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
717 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
718 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
719 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
720 key->u.gcmp.rx_pn[i][j] =
721 seq[IEEE80211_GCMP_PN_LEN - j - 1];
722 /* Initialize AES key state here as an optimization so that
723 * it does not need to be initialized for every packet.
724 */
725 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
726 key_len);
727 if (IS_ERR(key->u.gcmp.tfm)) {
728 err = PTR_ERR(key->u.gcmp.tfm);
729 kfree(key);
730 return ERR_PTR(err);
731 }
732 break;
733 }
734 memcpy(key->conf.key, key_data, key_len);
735 INIT_LIST_HEAD(&key->list);
736
737 return key;
738}
739
740static void ieee80211_key_free_common(struct ieee80211_key *key)
741{
742 switch (key->conf.cipher) {
743 case WLAN_CIPHER_SUITE_CCMP:
744 case WLAN_CIPHER_SUITE_CCMP_256:
745 ieee80211_aes_key_free(key->u.ccmp.tfm);
746 break;
747 case WLAN_CIPHER_SUITE_AES_CMAC:
748 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
749 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
750 break;
751 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
752 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
753 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
754 break;
755 case WLAN_CIPHER_SUITE_GCMP:
756 case WLAN_CIPHER_SUITE_GCMP_256:
757 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
758 break;
759 }
760 kfree_sensitive(key);
761}
762
763static void __ieee80211_key_destroy(struct ieee80211_key *key,
764 bool delay_tailroom)
765{
766 if (key->local) {
767 struct ieee80211_sub_if_data *sdata = key->sdata;
768
769 ieee80211_debugfs_key_remove(key);
770
771 if (delay_tailroom) {
772 /* see ieee80211_delayed_tailroom_dec */
773 sdata->crypto_tx_tailroom_pending_dec++;
774 schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
775 HZ/2);
776 } else {
777 decrease_tailroom_need_count(sdata, 1);
778 }
779 }
780
781 ieee80211_key_free_common(key);
782}
783
784static void ieee80211_key_destroy(struct ieee80211_key *key,
785 bool delay_tailroom)
786{
787 if (!key)
788 return;
789
790 /*
791 * Synchronize so the TX path and rcu key iterators
792 * can no longer be using this key before we free/remove it.
793 */
794 synchronize_net();
795
796 __ieee80211_key_destroy(key, delay_tailroom);
797}
798
799void ieee80211_key_free_unused(struct ieee80211_key *key)
800{
801 WARN_ON(key->sdata || key->local);
802 ieee80211_key_free_common(key);
803}
804
805static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
806 struct ieee80211_key *old,
807 struct ieee80211_key *new)
808{
809 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
810 u8 *tk_old, *tk_new;
811
812 if (!old || new->conf.keylen != old->conf.keylen)
813 return false;
814
815 tk_old = old->conf.key;
816 tk_new = new->conf.key;
817
818 /*
819 * In station mode, don't compare the TX MIC key, as it's never used
820 * and offloaded rekeying may not care to send it to the host. This
821 * is the case in iwlwifi, for example.
822 */
823 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
824 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
825 new->conf.keylen == WLAN_KEY_LEN_TKIP &&
826 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
827 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
828 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
829 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
830 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
831 tk_old = tkip_old;
832 tk_new = tkip_new;
833 }
834
835 return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
836}
837
838int ieee80211_key_link(struct ieee80211_key *key,
839 struct ieee80211_link_data *link,
840 struct sta_info *sta)
841{
842 struct ieee80211_sub_if_data *sdata = link->sdata;
843 static atomic_t key_color = ATOMIC_INIT(0);
844 struct ieee80211_key *old_key = NULL;
845 int idx = key->conf.keyidx;
846 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
847 /*
848 * We want to delay tailroom updates only for station - in that
849 * case it helps roaming speed, but in other cases it hurts and
850 * can cause warnings to appear.
851 */
852 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
853 int ret = -EOPNOTSUPP;
854
855 mutex_lock(&sdata->local->key_mtx);
856
857 if (sta && pairwise) {
858 struct ieee80211_key *alt_key;
859
860 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
861 alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]);
862
863 /* The rekey code assumes that the old and new key are using
864 * the same cipher. Enforce the assumption for pairwise keys.
865 */
866 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
867 (old_key && old_key->conf.cipher != key->conf.cipher))
868 goto out;
869 } else if (sta) {
870 struct link_sta_info *link_sta = &sta->deflink;
871 int link_id = key->conf.link_id;
872
873 if (link_id >= 0) {
874 link_sta = rcu_dereference_protected(sta->link[link_id],
875 lockdep_is_held(&sta->local->sta_mtx));
876 if (!link_sta) {
877 ret = -ENOLINK;
878 goto out;
879 }
880 }
881
882 old_key = key_mtx_dereference(sdata->local, link_sta->gtk[idx]);
883 } else {
884 if (idx < NUM_DEFAULT_KEYS)
885 old_key = key_mtx_dereference(sdata->local,
886 sdata->keys[idx]);
887 if (!old_key)
888 old_key = key_mtx_dereference(sdata->local,
889 link->gtk[idx]);
890 }
891
892 /* Non-pairwise keys must also not switch the cipher on rekey */
893 if (!pairwise) {
894 if (old_key && old_key->conf.cipher != key->conf.cipher)
895 goto out;
896 }
897
898 /*
899 * Silently accept key re-installation without really installing the
900 * new version of the key to avoid nonce reuse or replay issues.
901 */
902 if (ieee80211_key_identical(sdata, old_key, key)) {
903 ieee80211_key_free_unused(key);
904 ret = 0;
905 goto out;
906 }
907
908 key->local = sdata->local;
909 key->sdata = sdata;
910 key->sta = sta;
911
912 /*
913 * Assign a unique ID to every key so we can easily prevent mixed
914 * key and fragment cache attacks.
915 */
916 key->color = atomic_inc_return(&key_color);
917
918 increment_tailroom_need_count(sdata);
919
920 ret = ieee80211_key_replace(sdata, link, sta, pairwise, old_key, key);
921
922 if (!ret) {
923 ieee80211_debugfs_key_add(key);
924 ieee80211_key_destroy(old_key, delay_tailroom);
925 } else {
926 ieee80211_key_free(key, delay_tailroom);
927 }
928
929 out:
930 mutex_unlock(&sdata->local->key_mtx);
931
932 return ret;
933}
934
935void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
936{
937 if (!key)
938 return;
939
940 /*
941 * Replace key with nothingness if it was ever used.
942 */
943 if (key->sdata)
944 ieee80211_key_replace(key->sdata, NULL, key->sta,
945 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
946 key, NULL);
947 ieee80211_key_destroy(key, delay_tailroom);
948}
949
950void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
951{
952 struct ieee80211_key *key;
953 struct ieee80211_sub_if_data *vlan;
954
955 lockdep_assert_wiphy(sdata->local->hw.wiphy);
956
957 mutex_lock(&sdata->local->key_mtx);
958
959 sdata->crypto_tx_tailroom_needed_cnt = 0;
960 sdata->crypto_tx_tailroom_pending_dec = 0;
961
962 if (sdata->vif.type == NL80211_IFTYPE_AP) {
963 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
964 vlan->crypto_tx_tailroom_needed_cnt = 0;
965 vlan->crypto_tx_tailroom_pending_dec = 0;
966 }
967 }
968
969 if (ieee80211_sdata_running(sdata)) {
970 list_for_each_entry(key, &sdata->key_list, list) {
971 increment_tailroom_need_count(sdata);
972 ieee80211_key_enable_hw_accel(key);
973 }
974 }
975
976 mutex_unlock(&sdata->local->key_mtx);
977}
978
979void ieee80211_iter_keys(struct ieee80211_hw *hw,
980 struct ieee80211_vif *vif,
981 void (*iter)(struct ieee80211_hw *hw,
982 struct ieee80211_vif *vif,
983 struct ieee80211_sta *sta,
984 struct ieee80211_key_conf *key,
985 void *data),
986 void *iter_data)
987{
988 struct ieee80211_local *local = hw_to_local(hw);
989 struct ieee80211_key *key, *tmp;
990 struct ieee80211_sub_if_data *sdata;
991
992 lockdep_assert_wiphy(hw->wiphy);
993
994 mutex_lock(&local->key_mtx);
995 if (vif) {
996 sdata = vif_to_sdata(vif);
997 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
998 iter(hw, &sdata->vif,
999 key->sta ? &key->sta->sta : NULL,
1000 &key->conf, iter_data);
1001 } else {
1002 list_for_each_entry(sdata, &local->interfaces, list)
1003 list_for_each_entry_safe(key, tmp,
1004 &sdata->key_list, list)
1005 iter(hw, &sdata->vif,
1006 key->sta ? &key->sta->sta : NULL,
1007 &key->conf, iter_data);
1008 }
1009 mutex_unlock(&local->key_mtx);
1010}
1011EXPORT_SYMBOL(ieee80211_iter_keys);
1012
1013static void
1014_ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
1015 struct ieee80211_sub_if_data *sdata,
1016 void (*iter)(struct ieee80211_hw *hw,
1017 struct ieee80211_vif *vif,
1018 struct ieee80211_sta *sta,
1019 struct ieee80211_key_conf *key,
1020 void *data),
1021 void *iter_data)
1022{
1023 struct ieee80211_key *key;
1024
1025 list_for_each_entry_rcu(key, &sdata->key_list, list) {
1026 /* skip keys of station in removal process */
1027 if (key->sta && key->sta->removed)
1028 continue;
1029 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
1030 continue;
1031
1032 iter(hw, &sdata->vif,
1033 key->sta ? &key->sta->sta : NULL,
1034 &key->conf, iter_data);
1035 }
1036}
1037
1038void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
1039 struct ieee80211_vif *vif,
1040 void (*iter)(struct ieee80211_hw *hw,
1041 struct ieee80211_vif *vif,
1042 struct ieee80211_sta *sta,
1043 struct ieee80211_key_conf *key,
1044 void *data),
1045 void *iter_data)
1046{
1047 struct ieee80211_local *local = hw_to_local(hw);
1048 struct ieee80211_sub_if_data *sdata;
1049
1050 if (vif) {
1051 sdata = vif_to_sdata(vif);
1052 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1053 } else {
1054 list_for_each_entry_rcu(sdata, &local->interfaces, list)
1055 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1056 }
1057}
1058EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
1059
1060static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
1061 struct list_head *keys)
1062{
1063 struct ieee80211_key *key, *tmp;
1064
1065 decrease_tailroom_need_count(sdata,
1066 sdata->crypto_tx_tailroom_pending_dec);
1067 sdata->crypto_tx_tailroom_pending_dec = 0;
1068
1069 ieee80211_debugfs_key_remove_mgmt_default(sdata);
1070 ieee80211_debugfs_key_remove_beacon_default(sdata);
1071
1072 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1073 ieee80211_key_replace(key->sdata, NULL, key->sta,
1074 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1075 key, NULL);
1076 list_add_tail(&key->list, keys);
1077 }
1078
1079 ieee80211_debugfs_key_update_default(sdata);
1080}
1081
1082void ieee80211_remove_link_keys(struct ieee80211_link_data *link,
1083 struct list_head *keys)
1084{
1085 struct ieee80211_sub_if_data *sdata = link->sdata;
1086 struct ieee80211_local *local = sdata->local;
1087 struct ieee80211_key *key, *tmp;
1088
1089 mutex_lock(&local->key_mtx);
1090 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1091 if (key->conf.link_id != link->link_id)
1092 continue;
1093 ieee80211_key_replace(key->sdata, link, key->sta,
1094 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1095 key, NULL);
1096 list_add_tail(&key->list, keys);
1097 }
1098 mutex_unlock(&local->key_mtx);
1099}
1100
1101void ieee80211_free_key_list(struct ieee80211_local *local,
1102 struct list_head *keys)
1103{
1104 struct ieee80211_key *key, *tmp;
1105
1106 mutex_lock(&local->key_mtx);
1107 list_for_each_entry_safe(key, tmp, keys, list)
1108 __ieee80211_key_destroy(key, false);
1109 mutex_unlock(&local->key_mtx);
1110}
1111
1112void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
1113 bool force_synchronize)
1114{
1115 struct ieee80211_local *local = sdata->local;
1116 struct ieee80211_sub_if_data *vlan;
1117 struct ieee80211_sub_if_data *master;
1118 struct ieee80211_key *key, *tmp;
1119 LIST_HEAD(keys);
1120
1121 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
1122
1123 mutex_lock(&local->key_mtx);
1124
1125 ieee80211_free_keys_iface(sdata, &keys);
1126
1127 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1128 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1129 ieee80211_free_keys_iface(vlan, &keys);
1130 }
1131
1132 if (!list_empty(&keys) || force_synchronize)
1133 synchronize_net();
1134 list_for_each_entry_safe(key, tmp, &keys, list)
1135 __ieee80211_key_destroy(key, false);
1136
1137 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1138 if (sdata->bss) {
1139 master = container_of(sdata->bss,
1140 struct ieee80211_sub_if_data,
1141 u.ap);
1142
1143 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1144 master->crypto_tx_tailroom_needed_cnt);
1145 }
1146 } else {
1147 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1148 sdata->crypto_tx_tailroom_pending_dec);
1149 }
1150
1151 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1152 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1153 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1154 vlan->crypto_tx_tailroom_pending_dec);
1155 }
1156
1157 mutex_unlock(&local->key_mtx);
1158}
1159
1160void ieee80211_free_sta_keys(struct ieee80211_local *local,
1161 struct sta_info *sta)
1162{
1163 struct ieee80211_key *key;
1164 int i;
1165
1166 mutex_lock(&local->key_mtx);
1167 for (i = 0; i < ARRAY_SIZE(sta->deflink.gtk); i++) {
1168 key = key_mtx_dereference(local, sta->deflink.gtk[i]);
1169 if (!key)
1170 continue;
1171 ieee80211_key_replace(key->sdata, NULL, key->sta,
1172 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1173 key, NULL);
1174 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1175 NL80211_IFTYPE_STATION);
1176 }
1177
1178 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1179 key = key_mtx_dereference(local, sta->ptk[i]);
1180 if (!key)
1181 continue;
1182 ieee80211_key_replace(key->sdata, NULL, key->sta,
1183 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1184 key, NULL);
1185 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1186 NL80211_IFTYPE_STATION);
1187 }
1188
1189 mutex_unlock(&local->key_mtx);
1190}
1191
1192void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
1193{
1194 struct ieee80211_sub_if_data *sdata;
1195
1196 sdata = container_of(wk, struct ieee80211_sub_if_data,
1197 dec_tailroom_needed_wk.work);
1198
1199 /*
1200 * The reason for the delayed tailroom needed decrementing is to
1201 * make roaming faster: during roaming, all keys are first deleted
1202 * and then new keys are installed. The first new key causes the
1203 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1204 * the cost of synchronize_net() (which can be slow). Avoid this
1205 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1206 * key removal for a while, so if we roam the value is larger than
1207 * zero and no 0->1 transition happens.
1208 *
1209 * The cost is that if the AP switching was from an AP with keys
1210 * to one without, we still allocate tailroom while it would no
1211 * longer be needed. However, in the typical (fast) roaming case
1212 * within an ESS this usually won't happen.
1213 */
1214
1215 mutex_lock(&sdata->local->key_mtx);
1216 decrease_tailroom_need_count(sdata,
1217 sdata->crypto_tx_tailroom_pending_dec);
1218 sdata->crypto_tx_tailroom_pending_dec = 0;
1219 mutex_unlock(&sdata->local->key_mtx);
1220}
1221
1222void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1223 const u8 *replay_ctr, gfp_t gfp)
1224{
1225 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1226
1227 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1228
1229 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1230}
1231EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1232
1233void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1234 int tid, struct ieee80211_key_seq *seq)
1235{
1236 struct ieee80211_key *key;
1237 const u8 *pn;
1238
1239 key = container_of(keyconf, struct ieee80211_key, conf);
1240
1241 switch (key->conf.cipher) {
1242 case WLAN_CIPHER_SUITE_TKIP:
1243 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1244 return;
1245 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1246 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1247 break;
1248 case WLAN_CIPHER_SUITE_CCMP:
1249 case WLAN_CIPHER_SUITE_CCMP_256:
1250 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1251 return;
1252 if (tid < 0)
1253 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1254 else
1255 pn = key->u.ccmp.rx_pn[tid];
1256 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1257 break;
1258 case WLAN_CIPHER_SUITE_AES_CMAC:
1259 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1260 if (WARN_ON(tid != 0))
1261 return;
1262 pn = key->u.aes_cmac.rx_pn;
1263 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1264 break;
1265 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1266 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1267 if (WARN_ON(tid != 0))
1268 return;
1269 pn = key->u.aes_gmac.rx_pn;
1270 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1271 break;
1272 case WLAN_CIPHER_SUITE_GCMP:
1273 case WLAN_CIPHER_SUITE_GCMP_256:
1274 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1275 return;
1276 if (tid < 0)
1277 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1278 else
1279 pn = key->u.gcmp.rx_pn[tid];
1280 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1281 break;
1282 }
1283}
1284EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1285
1286void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1287 int tid, struct ieee80211_key_seq *seq)
1288{
1289 struct ieee80211_key *key;
1290 u8 *pn;
1291
1292 key = container_of(keyconf, struct ieee80211_key, conf);
1293
1294 switch (key->conf.cipher) {
1295 case WLAN_CIPHER_SUITE_TKIP:
1296 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1297 return;
1298 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1299 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1300 break;
1301 case WLAN_CIPHER_SUITE_CCMP:
1302 case WLAN_CIPHER_SUITE_CCMP_256:
1303 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1304 return;
1305 if (tid < 0)
1306 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1307 else
1308 pn = key->u.ccmp.rx_pn[tid];
1309 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1310 break;
1311 case WLAN_CIPHER_SUITE_AES_CMAC:
1312 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1313 if (WARN_ON(tid != 0))
1314 return;
1315 pn = key->u.aes_cmac.rx_pn;
1316 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1317 break;
1318 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1319 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1320 if (WARN_ON(tid != 0))
1321 return;
1322 pn = key->u.aes_gmac.rx_pn;
1323 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1324 break;
1325 case WLAN_CIPHER_SUITE_GCMP:
1326 case WLAN_CIPHER_SUITE_GCMP_256:
1327 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1328 return;
1329 if (tid < 0)
1330 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1331 else
1332 pn = key->u.gcmp.rx_pn[tid];
1333 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1334 break;
1335 default:
1336 WARN_ON(1);
1337 break;
1338 }
1339}
1340EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1341
1342void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1343{
1344 struct ieee80211_key *key;
1345
1346 key = container_of(keyconf, struct ieee80211_key, conf);
1347
1348 assert_key_lock(key->local);
1349
1350 /*
1351 * if key was uploaded, we assume the driver will/has remove(d)
1352 * it, so adjust bookkeeping accordingly
1353 */
1354 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1355 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1356
1357 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1358 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1359 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1360 increment_tailroom_need_count(key->sdata);
1361 }
1362
1363 ieee80211_key_free(key, false);
1364}
1365EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1366
1367struct ieee80211_key_conf *
1368ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1369 struct ieee80211_key_conf *keyconf)
1370{
1371 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1372 struct ieee80211_local *local = sdata->local;
1373 struct ieee80211_key *key;
1374 int err;
1375
1376 if (WARN_ON(!local->wowlan))
1377 return ERR_PTR(-EINVAL);
1378
1379 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1380 return ERR_PTR(-EINVAL);
1381
1382 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1383 keyconf->keylen, keyconf->key,
1384 0, NULL);
1385 if (IS_ERR(key))
1386 return ERR_CAST(key);
1387
1388 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1389 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1390
1391 /* FIXME: this function needs to get a link ID */
1392 err = ieee80211_key_link(key, &sdata->deflink, NULL);
1393 if (err)
1394 return ERR_PTR(err);
1395
1396 return &key->conf;
1397}
1398EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1399
1400void ieee80211_key_mic_failure(struct ieee80211_key_conf *keyconf)
1401{
1402 struct ieee80211_key *key;
1403
1404 key = container_of(keyconf, struct ieee80211_key, conf);
1405
1406 switch (key->conf.cipher) {
1407 case WLAN_CIPHER_SUITE_AES_CMAC:
1408 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1409 key->u.aes_cmac.icverrors++;
1410 break;
1411 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1412 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1413 key->u.aes_gmac.icverrors++;
1414 break;
1415 default:
1416 /* ignore the others for now, we don't keep counters now */
1417 break;
1418 }
1419}
1420EXPORT_SYMBOL_GPL(ieee80211_key_mic_failure);
1421
1422void ieee80211_key_replay(struct ieee80211_key_conf *keyconf)
1423{
1424 struct ieee80211_key *key;
1425
1426 key = container_of(keyconf, struct ieee80211_key, conf);
1427
1428 switch (key->conf.cipher) {
1429 case WLAN_CIPHER_SUITE_CCMP:
1430 case WLAN_CIPHER_SUITE_CCMP_256:
1431 key->u.ccmp.replays++;
1432 break;
1433 case WLAN_CIPHER_SUITE_AES_CMAC:
1434 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1435 key->u.aes_cmac.replays++;
1436 break;
1437 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1438 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1439 key->u.aes_gmac.replays++;
1440 break;
1441 case WLAN_CIPHER_SUITE_GCMP:
1442 case WLAN_CIPHER_SUITE_GCMP_256:
1443 key->u.gcmp.replays++;
1444 break;
1445 }
1446}
1447EXPORT_SYMBOL_GPL(ieee80211_key_replay);
1448
1449int ieee80211_key_switch_links(struct ieee80211_sub_if_data *sdata,
1450 unsigned long del_links_mask,
1451 unsigned long add_links_mask)
1452{
1453 struct ieee80211_key *key;
1454 int ret;
1455
1456 list_for_each_entry(key, &sdata->key_list, list) {
1457 if (key->conf.link_id < 0 ||
1458 !(del_links_mask & BIT(key->conf.link_id)))
1459 continue;
1460
1461 /* shouldn't happen for per-link keys */
1462 WARN_ON(key->sta);
1463
1464 ieee80211_key_disable_hw_accel(key);
1465 }
1466
1467 list_for_each_entry(key, &sdata->key_list, list) {
1468 if (key->conf.link_id < 0 ||
1469 !(add_links_mask & BIT(key->conf.link_id)))
1470 continue;
1471
1472 /* shouldn't happen for per-link keys */
1473 WARN_ON(key->sta);
1474
1475 ret = ieee80211_key_enable_hw_accel(key);
1476 if (ret)
1477 return ret;
1478 }
1479
1480 return 0;
1481}