LXR linux/net/mac80211/key.c

   1/*
   2 * Copyright 2002-2005, Instant802 Networks, Inc.
   3 * Copyright 2005-2006, Devicescape Software, Inc.
   4 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   5 * Copyright 2007-2008  Johannes Berg <johannes@sipsolutions.net>
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License version 2 as
   9 * published by the Free Software Foundation.
  10 */
  11
  12#include <linux/if_ether.h>
  13#include <linux/etherdevice.h>
  14#include <linux/list.h>
  15#include <linux/rcupdate.h>
  16#include <linux/rtnetlink.h>
  17#include <linux/slab.h>
  18#include <net/mac80211.h>
  19#include "ieee80211_i.h"
  20#include "driver-ops.h"
  21#include "debugfs_key.h"
  22#include "aes_ccm.h"
  23#include "aes_cmac.h"
  24
  25
  26/**
  27 * DOC: Key handling basics
  28 *
  29 * Key handling in mac80211 is done based on per-interface (sub_if_data)
  30 * keys and per-station keys. Since each station belongs to an interface,
  31 * each station key also belongs to that interface.
  32 *
  33 * Hardware acceleration is done on a best-effort basis for algorithms
  34 * that are implemented in software,  for each key the hardware is asked
  35 * to enable that key for offloading but if it cannot do that the key is
  36 * simply kept for software encryption (unless it is for an algorithm
  37 * that isn't implemented in software).
  38 * There is currently no way of knowing whether a key is handled in SW
  39 * or HW except by looking into debugfs.
  40 *
  41 * All key management is internally protected by a mutex. Within all
  42 * other parts of mac80211, key references are, just as STA structure
  43 * references, protected by RCU. Note, however, that some things are
  44 * unprotected, namely the key->sta dereferences within the hardware
  45 * acceleration functions. This means that sta_info_destroy() must
  46 * remove the key which waits for an RCU grace period.
  47 */
  48
  49static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
  50
  51static void assert_key_lock(struct ieee80211_local *local)
  52{
  53        lockdep_assert_held(&local->key_mtx);
  54}
  55
  56static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
  57{
  58        if (key->sta)
  59                return &key->sta->sta;
  60
  61        return NULL;
  62}
  63
  64static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
  65{
  66        struct ieee80211_sub_if_data *sdata;
  67        struct ieee80211_sta *sta;
  68        int ret;
  69
  70        might_sleep();
  71
  72        if (!key->local->ops->set_key)
  73                goto out_unsupported;
  74
  75        assert_key_lock(key->local);
  76
  77        sta = get_sta_for_key(key);
  78
  79        /*
  80         * If this is a per-STA GTK, check if it
  81         * is supported; if not, return.
  82         */
  83        if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
  84            !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK))
  85                goto out_unsupported;
  86
  87        sdata = key->sdata;
  88        if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
  89                /*
  90                 * The driver doesn't know anything about VLAN interfaces.
  91                 * Hence, don't send GTKs for VLAN interfaces to the driver.
  92                 */
  93                if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
  94                        goto out_unsupported;
  95                sdata = container_of(sdata->bss,
  96                                     struct ieee80211_sub_if_data,
  97                                     u.ap);
  98        }
  99
 100        ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
 101
 102        if (!ret) {
 103                key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
 104                return 0;
 105        }
 106
 107        if (ret != -ENOSPC && ret != -EOPNOTSUPP)
 108                wiphy_err(key->local->hw.wiphy,
 109                          "failed to set key (%d, %pM) to hardware (%d)\n",
 110                          key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
 111
 112 out_unsupported:
 113        switch (key->conf.cipher) {
 114        case WLAN_CIPHER_SUITE_WEP40:
 115        case WLAN_CIPHER_SUITE_WEP104:
 116        case WLAN_CIPHER_SUITE_TKIP:
 117        case WLAN_CIPHER_SUITE_CCMP:
 118        case WLAN_CIPHER_SUITE_AES_CMAC:
 119                /* all of these we can do in software */
 120                return 0;
 121        default:
 122                return -EINVAL;
 123        }
 124}
 125
 126static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
 127{
 128        struct ieee80211_sub_if_data *sdata;
 129        struct ieee80211_sta *sta;
 130        int ret;
 131
 132        might_sleep();
 133
 134        if (!key || !key->local->ops->set_key)
 135                return;
 136
 137        assert_key_lock(key->local);
 138
 139        if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
 140                return;
 141
 142        sta = get_sta_for_key(key);
 143        sdata = key->sdata;
 144
 145        if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
 146                sdata = container_of(sdata->bss,
 147                                     struct ieee80211_sub_if_data,
 148                                     u.ap);
 149
 150        ret = drv_set_key(key->local, DISABLE_KEY, sdata,
 151                          sta, &key->conf);
 152
 153        if (ret)
 154                wiphy_err(key->local->hw.wiphy,
 155                          "failed to remove key (%d, %pM) from hardware (%d)\n",
 156                          key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
 157
 158        key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
 159}
 160
 161void ieee80211_key_removed(struct ieee80211_key_conf *key_conf)
 162{
 163        struct ieee80211_key *key;
 164
 165        key = container_of(key_conf, struct ieee80211_key, conf);
 166
 167        might_sleep();
 168        assert_key_lock(key->local);
 169
 170        key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
 171
 172        /*
 173         * Flush TX path to avoid attempts to use this key
 174         * after this function returns. Until then, drivers
 175         * must be prepared to handle the key.
 176         */
 177        synchronize_rcu();
 178}
 179EXPORT_SYMBOL_GPL(ieee80211_key_removed);
 180
 181static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
 182                                        int idx, bool uni, bool multi)
 183{
 184        struct ieee80211_key *key = NULL;
 185
 186        assert_key_lock(sdata->local);
 187
 188        if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
 189                key = sdata->keys[idx];
 190
 191        if (uni)
 192                rcu_assign_pointer(sdata->default_unicast_key, key);
 193        if (multi)
 194                rcu_assign_pointer(sdata->default_multicast_key, key);
 195
 196        ieee80211_debugfs_key_update_default(sdata);
 197}
 198
 199void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
 200                               bool uni, bool multi)
 201{
 202        mutex_lock(&sdata->local->key_mtx);
 203        __ieee80211_set_default_key(sdata, idx, uni, multi);
 204        mutex_unlock(&sdata->local->key_mtx);
 205}
 206
 207static void
 208__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
 209{
 210        struct ieee80211_key *key = NULL;
 211
 212        assert_key_lock(sdata->local);
 213
 214        if (idx >= NUM_DEFAULT_KEYS &&
 215            idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
 216                key = sdata->keys[idx];
 217
 218        rcu_assign_pointer(sdata->default_mgmt_key, key);
 219
 220        ieee80211_debugfs_key_update_default(sdata);
 221}
 222
 223void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
 224                                    int idx)
 225{
 226        mutex_lock(&sdata->local->key_mtx);
 227        __ieee80211_set_default_mgmt_key(sdata, idx);
 228        mutex_unlock(&sdata->local->key_mtx);
 229}
 230
 231
 232static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
 233                                    struct sta_info *sta,
 234                                    bool pairwise,
 235                                    struct ieee80211_key *old,
 236                                    struct ieee80211_key *new)
 237{
 238        int idx;
 239        bool defunikey, defmultikey, defmgmtkey;
 240
 241        if (new)
 242                list_add(&new->list, &sdata->key_list);
 243
 244        if (sta && pairwise) {
 245                rcu_assign_pointer(sta->ptk, new);
 246        } else if (sta) {
 247                if (old)
 248                        idx = old->conf.keyidx;
 249                else
 250                        idx = new->conf.keyidx;
 251                rcu_assign_pointer(sta->gtk[idx], new);
 252        } else {
 253                WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
 254
 255                if (old)
 256                        idx = old->conf.keyidx;
 257                else
 258                        idx = new->conf.keyidx;
 259
 260                defunikey = old && sdata->default_unicast_key == old;
 261                defmultikey = old && sdata->default_multicast_key == old;
 262                defmgmtkey = old && sdata->default_mgmt_key == old;
 263
 264                if (defunikey && !new)
 265                        __ieee80211_set_default_key(sdata, -1, true, false);
 266                if (defmultikey && !new)
 267                        __ieee80211_set_default_key(sdata, -1, false, true);
 268                if (defmgmtkey && !new)
 269                        __ieee80211_set_default_mgmt_key(sdata, -1);
 270
 271                rcu_assign_pointer(sdata->keys[idx], new);
 272                if (defunikey && new)
 273                        __ieee80211_set_default_key(sdata, new->conf.keyidx,
 274                                                    true, false);
 275                if (defmultikey && new)
 276                        __ieee80211_set_default_key(sdata, new->conf.keyidx,
 277                                                    false, true);
 278                if (defmgmtkey && new)
 279                        __ieee80211_set_default_mgmt_key(sdata,
 280                                                         new->conf.keyidx);
 281        }
 282
 283        if (old)
 284                list_del(&old->list);
 285}
 286
 287struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
 288                                          const u8 *key_data,
 289                                          size_t seq_len, const u8 *seq)
 290{
 291        struct ieee80211_key *key;
 292        int i, j, err;
 293
 294        BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS);
 295
 296        key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
 297        if (!key)
 298                return ERR_PTR(-ENOMEM);
 299
 300        /*
 301         * Default to software encryption; we'll later upload the
 302         * key to the hardware if possible.
 303         */
 304        key->conf.flags = 0;
 305        key->flags = 0;
 306
 307        key->conf.cipher = cipher;
 308        key->conf.keyidx = idx;
 309        key->conf.keylen = key_len;
 310        switch (cipher) {
 311        case WLAN_CIPHER_SUITE_WEP40:
 312        case WLAN_CIPHER_SUITE_WEP104:
 313                key->conf.iv_len = WEP_IV_LEN;
 314                key->conf.icv_len = WEP_ICV_LEN;
 315                break;
 316        case WLAN_CIPHER_SUITE_TKIP:
 317                key->conf.iv_len = TKIP_IV_LEN;
 318                key->conf.icv_len = TKIP_ICV_LEN;
 319                if (seq) {
 320                        for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
 321                                key->u.tkip.rx[i].iv32 =
 322                                        get_unaligned_le32(&seq[2]);
 323                                key->u.tkip.rx[i].iv16 =
 324                                        get_unaligned_le16(seq);
 325                        }
 326                }
 327                break;
 328        case WLAN_CIPHER_SUITE_CCMP:
 329                key->conf.iv_len = CCMP_HDR_LEN;
 330                key->conf.icv_len = CCMP_MIC_LEN;
 331                if (seq) {
 332                        for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++)
 333                                for (j = 0; j < CCMP_PN_LEN; j++)
 334                                        key->u.ccmp.rx_pn[i][j] =
 335                                                seq[CCMP_PN_LEN - j - 1];
 336                }
 337                /*
 338                 * Initialize AES key state here as an optimization so that
 339                 * it does not need to be initialized for every packet.
 340                 */
 341                key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
 342                if (IS_ERR(key->u.ccmp.tfm)) {
 343                        err = PTR_ERR(key->u.ccmp.tfm);
 344                        kfree(key);
 345                        key = ERR_PTR(err);
 346                }
 347                break;
 348        case WLAN_CIPHER_SUITE_AES_CMAC:
 349                key->conf.iv_len = 0;
 350                key->conf.icv_len = sizeof(struct ieee80211_mmie);
 351                if (seq)
 352                        for (j = 0; j < 6; j++)
 353                                key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
 354                /*
 355                 * Initialize AES key state here as an optimization so that
 356                 * it does not need to be initialized for every packet.
 357                 */
 358                key->u.aes_cmac.tfm =
 359                        ieee80211_aes_cmac_key_setup(key_data);
 360                if (IS_ERR(key->u.aes_cmac.tfm)) {
 361                        err = PTR_ERR(key->u.aes_cmac.tfm);
 362                        kfree(key);
 363                        key = ERR_PTR(err);
 364                }
 365                break;
 366        }
 367        memcpy(key->conf.key, key_data, key_len);
 368        INIT_LIST_HEAD(&key->list);
 369
 370        return key;
 371}
 372
 373static void __ieee80211_key_destroy(struct ieee80211_key *key)
 374{
 375        if (!key)
 376                return;
 377
 378        /*
 379         * Synchronize so the TX path can no longer be using
 380         * this key before we free/remove it.
 381         */
 382        synchronize_rcu();
 383
 384        if (key->local)
 385                ieee80211_key_disable_hw_accel(key);
 386
 387        if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP)
 388                ieee80211_aes_key_free(key->u.ccmp.tfm);
 389        if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC)
 390                ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
 391        if (key->local)
 392                ieee80211_debugfs_key_remove(key);
 393
 394        kfree(key);
 395}
 396
 397int ieee80211_key_link(struct ieee80211_key *key,
 398                       struct ieee80211_sub_if_data *sdata,
 399                       struct sta_info *sta)
 400{
 401        struct ieee80211_key *old_key;
 402        int idx, ret;
 403        bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
 404
 405        BUG_ON(!sdata);
 406        BUG_ON(!key);
 407
 408        idx = key->conf.keyidx;
 409        key->local = sdata->local;
 410        key->sdata = sdata;
 411        key->sta = sta;
 412
 413        if (sta) {
 414                /*
 415                 * some hardware cannot handle TKIP with QoS, so
 416                 * we indicate whether QoS could be in use.
 417                 */
 418                if (test_sta_flags(sta, WLAN_STA_WME))
 419                        key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
 420        } else {
 421                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
 422                        struct sta_info *ap;
 423
 424                        /*
 425                         * We're getting a sta pointer in, so must be under
 426                         * appropriate locking for sta_info_get().
 427                         */
 428
 429                        /* same here, the AP could be using QoS */
 430                        ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
 431                        if (ap) {
 432                                if (test_sta_flags(ap, WLAN_STA_WME))
 433                                        key->conf.flags |=
 434                                                IEEE80211_KEY_FLAG_WMM_STA;
 435                        }
 436                }
 437        }
 438
 439        mutex_lock(&sdata->local->key_mtx);
 440
 441        if (sta && pairwise)
 442                old_key = sta->ptk;
 443        else if (sta)
 444                old_key = sta->gtk[idx];
 445        else
 446                old_key = sdata->keys[idx];
 447
 448        __ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
 449        __ieee80211_key_destroy(old_key);
 450
 451        ieee80211_debugfs_key_add(key);
 452
 453        ret = ieee80211_key_enable_hw_accel(key);
 454
 455        mutex_unlock(&sdata->local->key_mtx);
 456
 457        return ret;
 458}
 459
 460static void __ieee80211_key_free(struct ieee80211_key *key)
 461{
 462        /*
 463         * Replace key with nothingness if it was ever used.
 464         */
 465        if (key->sdata)
 466                __ieee80211_key_replace(key->sdata, key->sta,
 467                                key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
 468                                key, NULL);
 469        __ieee80211_key_destroy(key);
 470}
 471
 472void ieee80211_key_free(struct ieee80211_local *local,
 473                        struct ieee80211_key *key)
 474{
 475        if (!key)
 476                return;
 477
 478        mutex_lock(&local->key_mtx);
 479        __ieee80211_key_free(key);
 480        mutex_unlock(&local->key_mtx);
 481}
 482
 483void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
 484{
 485        struct ieee80211_key *key;
 486
 487        ASSERT_RTNL();
 488
 489        if (WARN_ON(!ieee80211_sdata_running(sdata)))
 490                return;
 491
 492        mutex_lock(&sdata->local->key_mtx);
 493
 494        list_for_each_entry(key, &sdata->key_list, list)
 495                ieee80211_key_enable_hw_accel(key);
 496
 497        mutex_unlock(&sdata->local->key_mtx);
 498}
 499
 500void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
 501{
 502        struct ieee80211_key *key;
 503
 504        ASSERT_RTNL();
 505
 506        mutex_lock(&sdata->local->key_mtx);
 507
 508        list_for_each_entry(key, &sdata->key_list, list)
 509                ieee80211_key_disable_hw_accel(key);
 510
 511        mutex_unlock(&sdata->local->key_mtx);
 512}
 513
 514void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
 515{
 516        struct ieee80211_key *key, *tmp;
 517
 518        mutex_lock(&sdata->local->key_mtx);
 519
 520        ieee80211_debugfs_key_remove_mgmt_default(sdata);
 521
 522        list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
 523                __ieee80211_key_free(key);
 524
 525        ieee80211_debugfs_key_update_default(sdata);
 526
 527        mutex_unlock(&sdata->local->key_mtx);
 528}
 529