LXR linux/net/mac80211/key.c

   1/*
   2 * Copyright 2002-2005, Instant802 Networks, Inc.
   3 * Copyright 2005-2006, Devicescape Software, Inc.
   4 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   5 * Copyright 2007-2008  Johannes Berg <johannes@sipsolutions.net>
   6 * Copyright 2013-2014  Intel Mobile Communications GmbH
   7 * Copyright 2015       Intel Deutschland GmbH
   8 *
   9 * This program is free software; you can redistribute it and/or modify
  10 * it under the terms of the GNU General Public License version 2 as
  11 * published by the Free Software Foundation.
  12 */
  13
  14#include <linux/if_ether.h>
  15#include <linux/etherdevice.h>
  16#include <linux/list.h>
  17#include <linux/rcupdate.h>
  18#include <linux/rtnetlink.h>
  19#include <linux/slab.h>
  20#include <linux/export.h>
  21#include <net/mac80211.h>
  22#include <asm/unaligned.h>
  23#include "ieee80211_i.h"
  24#include "driver-ops.h"
  25#include "debugfs_key.h"
  26#include "aes_ccm.h"
  27#include "aes_cmac.h"
  28#include "aes_gmac.h"
  29#include "aes_gcm.h"
  30
  31
  32/**
  33 * DOC: Key handling basics
  34 *
  35 * Key handling in mac80211 is done based on per-interface (sub_if_data)
  36 * keys and per-station keys. Since each station belongs to an interface,
  37 * each station key also belongs to that interface.
  38 *
  39 * Hardware acceleration is done on a best-effort basis for algorithms
  40 * that are implemented in software,  for each key the hardware is asked
  41 * to enable that key for offloading but if it cannot do that the key is
  42 * simply kept for software encryption (unless it is for an algorithm
  43 * that isn't implemented in software).
  44 * There is currently no way of knowing whether a key is handled in SW
  45 * or HW except by looking into debugfs.
  46 *
  47 * All key management is internally protected by a mutex. Within all
  48 * other parts of mac80211, key references are, just as STA structure
  49 * references, protected by RCU. Note, however, that some things are
  50 * unprotected, namely the key->sta dereferences within the hardware
  51 * acceleration functions. This means that sta_info_destroy() must
  52 * remove the key which waits for an RCU grace period.
  53 */
  54
  55static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
  56
  57static void assert_key_lock(struct ieee80211_local *local)
  58{
  59        lockdep_assert_held(&local->key_mtx);
  60}
  61
  62static void
  63update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
  64{
  65        struct ieee80211_sub_if_data *vlan;
  66
  67        if (sdata->vif.type != NL80211_IFTYPE_AP)
  68                return;
  69
  70        /* crypto_tx_tailroom_needed_cnt is protected by this */
  71        assert_key_lock(sdata->local);
  72
  73        rcu_read_lock();
  74
  75        list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
  76                vlan->crypto_tx_tailroom_needed_cnt += delta;
  77
  78        rcu_read_unlock();
  79}
  80
  81static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
  82{
  83        /*
  84         * When this count is zero, SKB resizing for allocating tailroom
  85         * for IV or MMIC is skipped. But, this check has created two race
  86         * cases in xmit path while transiting from zero count to one:
  87         *
  88         * 1. SKB resize was skipped because no key was added but just before
  89         * the xmit key is added and SW encryption kicks off.
  90         *
  91         * 2. SKB resize was skipped because all the keys were hw planted but
  92         * just before xmit one of the key is deleted and SW encryption kicks
  93         * off.
  94         *
  95         * In both the above case SW encryption will find not enough space for
  96         * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
  97         *
  98         * Solution has been explained at
  99         * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
 100         */
 101
 102        assert_key_lock(sdata->local);
 103
 104        update_vlan_tailroom_need_count(sdata, 1);
 105
 106        if (!sdata->crypto_tx_tailroom_needed_cnt++) {
 107                /*
 108                 * Flush all XMIT packets currently using HW encryption or no
 109                 * encryption at all if the count transition is from 0 -> 1.
 110                 */
 111                synchronize_net();
 112        }
 113}
 114
 115static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
 116                                         int delta)
 117{
 118        assert_key_lock(sdata->local);
 119
 120        WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
 121
 122        update_vlan_tailroom_need_count(sdata, -delta);
 123        sdata->crypto_tx_tailroom_needed_cnt -= delta;
 124}
 125
 126static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
 127{
 128        struct ieee80211_sub_if_data *sdata;
 129        struct sta_info *sta;
 130        int ret = -EOPNOTSUPP;
 131
 132        might_sleep();
 133
 134        if (key->flags & KEY_FLAG_TAINTED) {
 135                /* If we get here, it's during resume and the key is
 136                 * tainted so shouldn't be used/programmed any more.
 137                 * However, its flags may still indicate that it was
 138                 * programmed into the device (since we're in resume)
 139                 * so clear that flag now to avoid trying to remove
 140                 * it again later.
 141                 */
 142                key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
 143                return -EINVAL;
 144        }
 145
 146        if (!key->local->ops->set_key)
 147                goto out_unsupported;
 148
 149        assert_key_lock(key->local);
 150
 151        sta = key->sta;
 152
 153        /*
 154         * If this is a per-STA GTK, check if it
 155         * is supported; if not, return.
 156         */
 157        if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
 158            !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
 159                goto out_unsupported;
 160
 161        if (sta && !sta->uploaded)
 162                goto out_unsupported;
 163
 164        sdata = key->sdata;
 165        if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
 166                /*
 167                 * The driver doesn't know anything about VLAN interfaces.
 168                 * Hence, don't send GTKs for VLAN interfaces to the driver.
 169                 */
 170                if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
 171                        goto out_unsupported;
 172        }
 173
 174        ret = drv_set_key(key->local, SET_KEY, sdata,
 175                          sta ? &sta->sta : NULL, &key->conf);
 176
 177        if (!ret) {
 178                key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
 179
 180                if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
 181                      (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
 182                        decrease_tailroom_need_count(sdata, 1);
 183
 184                WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
 185                        (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
 186
 187                return 0;
 188        }
 189
 190        if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
 191                sdata_err(sdata,
 192                          "failed to set key (%d, %pM) to hardware (%d)\n",
 193                          key->conf.keyidx,
 194                          sta ? sta->sta.addr : bcast_addr, ret);
 195
 196 out_unsupported:
 197        switch (key->conf.cipher) {
 198        case WLAN_CIPHER_SUITE_WEP40:
 199        case WLAN_CIPHER_SUITE_WEP104:
 200        case WLAN_CIPHER_SUITE_TKIP:
 201        case WLAN_CIPHER_SUITE_CCMP:
 202        case WLAN_CIPHER_SUITE_CCMP_256:
 203        case WLAN_CIPHER_SUITE_AES_CMAC:
 204        case WLAN_CIPHER_SUITE_BIP_CMAC_256:
 205        case WLAN_CIPHER_SUITE_BIP_GMAC_128:
 206        case WLAN_CIPHER_SUITE_BIP_GMAC_256:
 207        case WLAN_CIPHER_SUITE_GCMP:
 208        case WLAN_CIPHER_SUITE_GCMP_256:
 209                /* all of these we can do in software - if driver can */
 210                if (ret == 1)
 211                        return 0;
 212                if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
 213                        return -EINVAL;
 214                return 0;
 215        default:
 216                return -EINVAL;
 217        }
 218}
 219
 220static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
 221{
 222        struct ieee80211_sub_if_data *sdata;
 223        struct sta_info *sta;
 224        int ret;
 225
 226        might_sleep();
 227
 228        if (!key || !key->local->ops->set_key)
 229                return;
 230
 231        assert_key_lock(key->local);
 232
 233        if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
 234                return;
 235
 236        sta = key->sta;
 237        sdata = key->sdata;
 238
 239        if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
 240              (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
 241                increment_tailroom_need_count(sdata);
 242
 243        ret = drv_set_key(key->local, DISABLE_KEY, sdata,
 244                          sta ? &sta->sta : NULL, &key->conf);
 245
 246        if (ret)
 247                sdata_err(sdata,
 248                          "failed to remove key (%d, %pM) from hardware (%d)\n",
 249                          key->conf.keyidx,
 250                          sta ? sta->sta.addr : bcast_addr, ret);
 251
 252        key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
 253}
 254
 255static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
 256                                        int idx, bool uni, bool multi)
 257{
 258        struct ieee80211_key *key = NULL;
 259
 260        assert_key_lock(sdata->local);
 261
 262        if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
 263                key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
 264
 265        if (uni) {
 266                rcu_assign_pointer(sdata->default_unicast_key, key);
 267                ieee80211_check_fast_xmit_iface(sdata);
 268                drv_set_default_unicast_key(sdata->local, sdata, idx);
 269        }
 270
 271        if (multi)
 272                rcu_assign_pointer(sdata->default_multicast_key, key);
 273
 274        ieee80211_debugfs_key_update_default(sdata);
 275}
 276
 277void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
 278                               bool uni, bool multi)
 279{
 280        mutex_lock(&sdata->local->key_mtx);
 281        __ieee80211_set_default_key(sdata, idx, uni, multi);
 282        mutex_unlock(&sdata->local->key_mtx);
 283}
 284
 285static void
 286__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
 287{
 288        struct ieee80211_key *key = NULL;
 289
 290        assert_key_lock(sdata->local);
 291
 292        if (idx >= NUM_DEFAULT_KEYS &&
 293            idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
 294                key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
 295
 296        rcu_assign_pointer(sdata->default_mgmt_key, key);
 297
 298        ieee80211_debugfs_key_update_default(sdata);
 299}
 300
 301void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
 302                                    int idx)
 303{
 304        mutex_lock(&sdata->local->key_mtx);
 305        __ieee80211_set_default_mgmt_key(sdata, idx);
 306        mutex_unlock(&sdata->local->key_mtx);
 307}
 308
 309
 310static void ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
 311                                  struct sta_info *sta,
 312                                  bool pairwise,
 313                                  struct ieee80211_key *old,
 314                                  struct ieee80211_key *new)
 315{
 316        int idx;
 317        bool defunikey, defmultikey, defmgmtkey;
 318
 319        /* caller must provide at least one old/new */
 320        if (WARN_ON(!new && !old))
 321                return;
 322
 323        if (new)
 324                list_add_tail_rcu(&new->list, &sdata->key_list);
 325
 326        WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
 327
 328        if (old)
 329                idx = old->conf.keyidx;
 330        else
 331                idx = new->conf.keyidx;
 332
 333        if (sta) {
 334                if (pairwise) {
 335                        rcu_assign_pointer(sta->ptk[idx], new);
 336                        sta->ptk_idx = idx;
 337                        ieee80211_check_fast_xmit(sta);
 338                } else {
 339                        rcu_assign_pointer(sta->gtk[idx], new);
 340                }
 341        } else {
 342                defunikey = old &&
 343                        old == key_mtx_dereference(sdata->local,
 344                                                sdata->default_unicast_key);
 345                defmultikey = old &&
 346                        old == key_mtx_dereference(sdata->local,
 347                                                sdata->default_multicast_key);
 348                defmgmtkey = old &&
 349                        old == key_mtx_dereference(sdata->local,
 350                                                sdata->default_mgmt_key);
 351
 352                if (defunikey && !new)
 353                        __ieee80211_set_default_key(sdata, -1, true, false);
 354                if (defmultikey && !new)
 355                        __ieee80211_set_default_key(sdata, -1, false, true);
 356                if (defmgmtkey && !new)
 357                        __ieee80211_set_default_mgmt_key(sdata, -1);
 358
 359                rcu_assign_pointer(sdata->keys[idx], new);
 360                if (defunikey && new)
 361                        __ieee80211_set_default_key(sdata, new->conf.keyidx,
 362                                                    true, false);
 363                if (defmultikey && new)
 364                        __ieee80211_set_default_key(sdata, new->conf.keyidx,
 365                                                    false, true);
 366                if (defmgmtkey && new)
 367                        __ieee80211_set_default_mgmt_key(sdata,
 368                                                         new->conf.keyidx);
 369        }
 370
 371        if (old)
 372                list_del_rcu(&old->list);
 373}
 374
 375struct ieee80211_key *
 376ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
 377                    const u8 *key_data,
 378                    size_t seq_len, const u8 *seq,
 379                    const struct ieee80211_cipher_scheme *cs)
 380{
 381        struct ieee80211_key *key;
 382        int i, j, err;
 383
 384        if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS))
 385                return ERR_PTR(-EINVAL);
 386
 387        key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
 388        if (!key)
 389                return ERR_PTR(-ENOMEM);
 390
 391        /*
 392         * Default to software encryption; we'll later upload the
 393         * key to the hardware if possible.
 394         */
 395        key->conf.flags = 0;
 396        key->flags = 0;
 397
 398        key->conf.cipher = cipher;
 399        key->conf.keyidx = idx;
 400        key->conf.keylen = key_len;
 401        switch (cipher) {
 402        case WLAN_CIPHER_SUITE_WEP40:
 403        case WLAN_CIPHER_SUITE_WEP104:
 404                key->conf.iv_len = IEEE80211_WEP_IV_LEN;
 405                key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
 406                break;
 407        case WLAN_CIPHER_SUITE_TKIP:
 408                key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
 409                key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
 410                if (seq) {
 411                        for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
 412                                key->u.tkip.rx[i].iv32 =
 413                                        get_unaligned_le32(&seq[2]);
 414                                key->u.tkip.rx[i].iv16 =
 415                                        get_unaligned_le16(seq);
 416                        }
 417                }
 418                spin_lock_init(&key->u.tkip.txlock);
 419                break;
 420        case WLAN_CIPHER_SUITE_CCMP:
 421                key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
 422                key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
 423                if (seq) {
 424                        for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
 425                                for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
 426                                        key->u.ccmp.rx_pn[i][j] =
 427                                                seq[IEEE80211_CCMP_PN_LEN - j - 1];
 428                }
 429                /*
 430                 * Initialize AES key state here as an optimization so that
 431                 * it does not need to be initialized for every packet.
 432                 */
 433                key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
 434                        key_data, key_len, IEEE80211_CCMP_MIC_LEN);
 435                if (IS_ERR(key->u.ccmp.tfm)) {
 436                        err = PTR_ERR(key->u.ccmp.tfm);
 437                        kfree(key);
 438                        return ERR_PTR(err);
 439                }
 440                break;
 441        case WLAN_CIPHER_SUITE_CCMP_256:
 442                key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
 443                key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
 444                for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
 445                        for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
 446                                key->u.ccmp.rx_pn[i][j] =
 447                                        seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
 448                /* Initialize AES key state here as an optimization so that
 449                 * it does not need to be initialized for every packet.
 450                 */
 451                key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
 452                        key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
 453                if (IS_ERR(key->u.ccmp.tfm)) {
 454                        err = PTR_ERR(key->u.ccmp.tfm);
 455                        kfree(key);
 456                        return ERR_PTR(err);
 457                }
 458                break;
 459        case WLAN_CIPHER_SUITE_AES_CMAC:
 460        case WLAN_CIPHER_SUITE_BIP_CMAC_256:
 461                key->conf.iv_len = 0;
 462                if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
 463                        key->conf.icv_len = sizeof(struct ieee80211_mmie);
 464                else
 465                        key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
 466                if (seq)
 467                        for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
 468                                key->u.aes_cmac.rx_pn[j] =
 469                                        seq[IEEE80211_CMAC_PN_LEN - j - 1];
 470                /*
 471                 * Initialize AES key state here as an optimization so that
 472                 * it does not need to be initialized for every packet.
 473                 */
 474                key->u.aes_cmac.tfm =
 475                        ieee80211_aes_cmac_key_setup(key_data, key_len);
 476                if (IS_ERR(key->u.aes_cmac.tfm)) {
 477                        err = PTR_ERR(key->u.aes_cmac.tfm);
 478                        kfree(key);
 479                        return ERR_PTR(err);
 480                }
 481                break;
 482        case WLAN_CIPHER_SUITE_BIP_GMAC_128:
 483        case WLAN_CIPHER_SUITE_BIP_GMAC_256:
 484                key->conf.iv_len = 0;
 485                key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
 486                if (seq)
 487                        for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
 488                                key->u.aes_gmac.rx_pn[j] =
 489                                        seq[IEEE80211_GMAC_PN_LEN - j - 1];
 490                /* Initialize AES key state here as an optimization so that
 491                 * it does not need to be initialized for every packet.
 492                 */
 493                key->u.aes_gmac.tfm =
 494                        ieee80211_aes_gmac_key_setup(key_data, key_len);
 495                if (IS_ERR(key->u.aes_gmac.tfm)) {
 496                        err = PTR_ERR(key->u.aes_gmac.tfm);
 497                        kfree(key);
 498                        return ERR_PTR(err);
 499                }
 500                break;
 501        case WLAN_CIPHER_SUITE_GCMP:
 502        case WLAN_CIPHER_SUITE_GCMP_256:
 503                key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
 504                key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
 505                for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
 506                        for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
 507                                key->u.gcmp.rx_pn[i][j] =
 508                                        seq[IEEE80211_GCMP_PN_LEN - j - 1];
 509                /* Initialize AES key state here as an optimization so that
 510                 * it does not need to be initialized for every packet.
 511                 */
 512                key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
 513                                                                      key_len);
 514                if (IS_ERR(key->u.gcmp.tfm)) {
 515                        err = PTR_ERR(key->u.gcmp.tfm);
 516                        kfree(key);
 517                        return ERR_PTR(err);
 518                }
 519                break;
 520        default:
 521                if (cs) {
 522                        if (seq_len && seq_len != cs->pn_len) {
 523                                kfree(key);
 524                                return ERR_PTR(-EINVAL);
 525                        }
 526
 527                        key->conf.iv_len = cs->hdr_len;
 528                        key->conf.icv_len = cs->mic_len;
 529                        for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
 530                                for (j = 0; j < seq_len; j++)
 531                                        key->u.gen.rx_pn[i][j] =
 532                                                        seq[seq_len - j - 1];
 533                        key->flags |= KEY_FLAG_CIPHER_SCHEME;
 534                }
 535        }
 536        memcpy(key->conf.key, key_data, key_len);
 537        INIT_LIST_HEAD(&key->list);
 538
 539        return key;
 540}
 541
 542static void ieee80211_key_free_common(struct ieee80211_key *key)
 543{
 544        switch (key->conf.cipher) {
 545        case WLAN_CIPHER_SUITE_CCMP:
 546        case WLAN_CIPHER_SUITE_CCMP_256:
 547                ieee80211_aes_key_free(key->u.ccmp.tfm);
 548                break;
 549        case WLAN_CIPHER_SUITE_AES_CMAC:
 550        case WLAN_CIPHER_SUITE_BIP_CMAC_256:
 551                ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
 552                break;
 553        case WLAN_CIPHER_SUITE_BIP_GMAC_128:
 554        case WLAN_CIPHER_SUITE_BIP_GMAC_256:
 555                ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
 556                break;
 557        case WLAN_CIPHER_SUITE_GCMP:
 558        case WLAN_CIPHER_SUITE_GCMP_256:
 559                ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
 560                break;
 561        }
 562        kzfree(key);
 563}
 564
 565static void __ieee80211_key_destroy(struct ieee80211_key *key,
 566                                    bool delay_tailroom)
 567{
 568        if (key->local)
 569                ieee80211_key_disable_hw_accel(key);
 570
 571        if (key->local) {
 572                struct ieee80211_sub_if_data *sdata = key->sdata;
 573
 574                ieee80211_debugfs_key_remove(key);
 575
 576                if (delay_tailroom) {
 577                        /* see ieee80211_delayed_tailroom_dec */
 578                        sdata->crypto_tx_tailroom_pending_dec++;
 579                        schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
 580                                              HZ/2);
 581                } else {
 582                        decrease_tailroom_need_count(sdata, 1);
 583                }
 584        }
 585
 586        ieee80211_key_free_common(key);
 587}
 588
 589static void ieee80211_key_destroy(struct ieee80211_key *key,
 590                                  bool delay_tailroom)
 591{
 592        if (!key)
 593                return;
 594
 595        /*
 596         * Synchronize so the TX path and rcu key iterators
 597         * can no longer be using this key before we free/remove it.
 598         */
 599        synchronize_net();
 600
 601        __ieee80211_key_destroy(key, delay_tailroom);
 602}
 603
 604void ieee80211_key_free_unused(struct ieee80211_key *key)
 605{
 606        WARN_ON(key->sdata || key->local);
 607        ieee80211_key_free_common(key);
 608}
 609
 610int ieee80211_key_link(struct ieee80211_key *key,
 611                       struct ieee80211_sub_if_data *sdata,
 612                       struct sta_info *sta)
 613{
 614        struct ieee80211_local *local = sdata->local;
 615        struct ieee80211_key *old_key;
 616        int idx, ret;
 617        bool pairwise;
 618
 619        pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
 620        idx = key->conf.keyidx;
 621        key->local = sdata->local;
 622        key->sdata = sdata;
 623        key->sta = sta;
 624
 625        mutex_lock(&sdata->local->key_mtx);
 626
 627        if (sta && pairwise)
 628                old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
 629        else if (sta)
 630                old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
 631        else
 632                old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
 633
 634        increment_tailroom_need_count(sdata);
 635
 636        ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
 637        ieee80211_key_destroy(old_key, true);
 638
 639        ieee80211_debugfs_key_add(key);
 640
 641        if (!local->wowlan) {
 642                ret = ieee80211_key_enable_hw_accel(key);
 643                if (ret)
 644                        ieee80211_key_free(key, true);
 645        } else {
 646                ret = 0;
 647        }
 648
 649        mutex_unlock(&sdata->local->key_mtx);
 650
 651        return ret;
 652}
 653
 654void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
 655{
 656        if (!key)
 657                return;
 658
 659        /*
 660         * Replace key with nothingness if it was ever used.
 661         */
 662        if (key->sdata)
 663                ieee80211_key_replace(key->sdata, key->sta,
 664                                key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
 665                                key, NULL);
 666        ieee80211_key_destroy(key, delay_tailroom);
 667}
 668
 669void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
 670{
 671        struct ieee80211_key *key;
 672        struct ieee80211_sub_if_data *vlan;
 673
 674        ASSERT_RTNL();
 675
 676        if (WARN_ON(!ieee80211_sdata_running(sdata)))
 677                return;
 678
 679        mutex_lock(&sdata->local->key_mtx);
 680
 681        WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
 682                     sdata->crypto_tx_tailroom_pending_dec);
 683
 684        if (sdata->vif.type == NL80211_IFTYPE_AP) {
 685                list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
 686                        WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
 687                                     vlan->crypto_tx_tailroom_pending_dec);
 688        }
 689
 690        list_for_each_entry(key, &sdata->key_list, list) {
 691                increment_tailroom_need_count(sdata);
 692                ieee80211_key_enable_hw_accel(key);
 693        }
 694
 695        mutex_unlock(&sdata->local->key_mtx);
 696}
 697
 698void ieee80211_reset_crypto_tx_tailroom(struct ieee80211_sub_if_data *sdata)
 699{
 700        struct ieee80211_sub_if_data *vlan;
 701
 702        mutex_lock(&sdata->local->key_mtx);
 703
 704        sdata->crypto_tx_tailroom_needed_cnt = 0;
 705
 706        if (sdata->vif.type == NL80211_IFTYPE_AP) {
 707                list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
 708                        vlan->crypto_tx_tailroom_needed_cnt = 0;
 709        }
 710
 711        mutex_unlock(&sdata->local->key_mtx);
 712}
 713
 714void ieee80211_iter_keys(struct ieee80211_hw *hw,
 715                         struct ieee80211_vif *vif,
 716                         void (*iter)(struct ieee80211_hw *hw,
 717                                      struct ieee80211_vif *vif,
 718                                      struct ieee80211_sta *sta,
 719                                      struct ieee80211_key_conf *key,
 720                                      void *data),
 721                         void *iter_data)
 722{
 723        struct ieee80211_local *local = hw_to_local(hw);
 724        struct ieee80211_key *key, *tmp;
 725        struct ieee80211_sub_if_data *sdata;
 726
 727        ASSERT_RTNL();
 728
 729        mutex_lock(&local->key_mtx);
 730        if (vif) {
 731                sdata = vif_to_sdata(vif);
 732                list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
 733                        iter(hw, &sdata->vif,
 734                             key->sta ? &key->sta->sta : NULL,
 735                             &key->conf, iter_data);
 736        } else {
 737                list_for_each_entry(sdata, &local->interfaces, list)
 738                        list_for_each_entry_safe(key, tmp,
 739                                                 &sdata->key_list, list)
 740                                iter(hw, &sdata->vif,
 741                                     key->sta ? &key->sta->sta : NULL,
 742                                     &key->conf, iter_data);
 743        }
 744        mutex_unlock(&local->key_mtx);
 745}
 746EXPORT_SYMBOL(ieee80211_iter_keys);
 747
 748static void
 749_ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
 750                         struct ieee80211_sub_if_data *sdata,
 751                         void (*iter)(struct ieee80211_hw *hw,
 752                                      struct ieee80211_vif *vif,
 753                                      struct ieee80211_sta *sta,
 754                                      struct ieee80211_key_conf *key,
 755                                      void *data),
 756                         void *iter_data)
 757{
 758        struct ieee80211_key *key;
 759
 760        list_for_each_entry_rcu(key, &sdata->key_list, list) {
 761                /* skip keys of station in removal process */
 762                if (key->sta && key->sta->removed)
 763                        continue;
 764                if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
 765                        continue;
 766
 767                iter(hw, &sdata->vif,
 768                     key->sta ? &key->sta->sta : NULL,
 769                     &key->conf, iter_data);
 770        }
 771}
 772
 773void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
 774                             struct ieee80211_vif *vif,
 775                             void (*iter)(struct ieee80211_hw *hw,
 776                                          struct ieee80211_vif *vif,
 777                                          struct ieee80211_sta *sta,
 778                                          struct ieee80211_key_conf *key,
 779                                          void *data),
 780                             void *iter_data)
 781{
 782        struct ieee80211_local *local = hw_to_local(hw);
 783        struct ieee80211_sub_if_data *sdata;
 784
 785        if (vif) {
 786                sdata = vif_to_sdata(vif);
 787                _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
 788        } else {
 789                list_for_each_entry_rcu(sdata, &local->interfaces, list)
 790                        _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
 791        }
 792}
 793EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
 794
 795static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
 796                                      struct list_head *keys)
 797{
 798        struct ieee80211_key *key, *tmp;
 799
 800        decrease_tailroom_need_count(sdata,
 801                                     sdata->crypto_tx_tailroom_pending_dec);
 802        sdata->crypto_tx_tailroom_pending_dec = 0;
 803
 804        ieee80211_debugfs_key_remove_mgmt_default(sdata);
 805
 806        list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
 807                ieee80211_key_replace(key->sdata, key->sta,
 808                                key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
 809                                key, NULL);
 810                list_add_tail(&key->list, keys);
 811        }
 812
 813        ieee80211_debugfs_key_update_default(sdata);
 814}
 815
 816void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
 817                         bool force_synchronize)
 818{
 819        struct ieee80211_local *local = sdata->local;
 820        struct ieee80211_sub_if_data *vlan;
 821        struct ieee80211_sub_if_data *master;
 822        struct ieee80211_key *key, *tmp;
 823        LIST_HEAD(keys);
 824
 825        cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
 826
 827        mutex_lock(&local->key_mtx);
 828
 829        ieee80211_free_keys_iface(sdata, &keys);
 830
 831        if (sdata->vif.type == NL80211_IFTYPE_AP) {
 832                list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
 833                        ieee80211_free_keys_iface(vlan, &keys);
 834        }
 835
 836        if (!list_empty(&keys) || force_synchronize)
 837                synchronize_net();
 838        list_for_each_entry_safe(key, tmp, &keys, list)
 839                __ieee80211_key_destroy(key, false);
 840
 841        if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
 842                if (sdata->bss) {
 843                        master = container_of(sdata->bss,
 844                                              struct ieee80211_sub_if_data,
 845                                              u.ap);
 846
 847                        WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
 848                                     master->crypto_tx_tailroom_needed_cnt);
 849                }
 850        } else {
 851                WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
 852                             sdata->crypto_tx_tailroom_pending_dec);
 853        }
 854
 855        if (sdata->vif.type == NL80211_IFTYPE_AP) {
 856                list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
 857                        WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
 858                                     vlan->crypto_tx_tailroom_pending_dec);
 859        }
 860
 861        mutex_unlock(&local->key_mtx);
 862}
 863
 864void ieee80211_free_sta_keys(struct ieee80211_local *local,
 865                             struct sta_info *sta)
 866{
 867        struct ieee80211_key *key;
 868        int i;
 869
 870        mutex_lock(&local->key_mtx);
 871        for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
 872                key = key_mtx_dereference(local, sta->gtk[i]);
 873                if (!key)
 874                        continue;
 875                ieee80211_key_replace(key->sdata, key->sta,
 876                                key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
 877                                key, NULL);
 878                __ieee80211_key_destroy(key, true);
 879        }
 880
 881        for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
 882                key = key_mtx_dereference(local, sta->ptk[i]);
 883                if (!key)
 884                        continue;
 885                ieee80211_key_replace(key->sdata, key->sta,
 886                                key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
 887                                key, NULL);
 888                __ieee80211_key_destroy(key, true);
 889        }
 890
 891        mutex_unlock(&local->key_mtx);
 892}
 893
 894void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
 895{
 896        struct ieee80211_sub_if_data *sdata;
 897
 898        sdata = container_of(wk, struct ieee80211_sub_if_data,
 899                             dec_tailroom_needed_wk.work);
 900
 901        /*
 902         * The reason for the delayed tailroom needed decrementing is to
 903         * make roaming faster: during roaming, all keys are first deleted
 904         * and then new keys are installed. The first new key causes the
 905         * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
 906         * the cost of synchronize_net() (which can be slow). Avoid this
 907         * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
 908         * key removal for a while, so if we roam the value is larger than
 909         * zero and no 0->1 transition happens.
 910         *
 911         * The cost is that if the AP switching was from an AP with keys
 912         * to one without, we still allocate tailroom while it would no
 913         * longer be needed. However, in the typical (fast) roaming case
 914         * within an ESS this usually won't happen.
 915         */
 916
 917        mutex_lock(&sdata->local->key_mtx);
 918        decrease_tailroom_need_count(sdata,
 919                                     sdata->crypto_tx_tailroom_pending_dec);
 920        sdata->crypto_tx_tailroom_pending_dec = 0;
 921        mutex_unlock(&sdata->local->key_mtx);
 922}
 923
 924void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
 925                                const u8 *replay_ctr, gfp_t gfp)
 926{
 927        struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
 928
 929        trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
 930
 931        cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
 932}
 933EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
 934
 935void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
 936                              int tid, struct ieee80211_key_seq *seq)
 937{
 938        struct ieee80211_key *key;
 939        const u8 *pn;
 940
 941        key = container_of(keyconf, struct ieee80211_key, conf);
 942
 943        switch (key->conf.cipher) {
 944        case WLAN_CIPHER_SUITE_TKIP:
 945                if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
 946                        return;
 947                seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
 948                seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
 949                break;
 950        case WLAN_CIPHER_SUITE_CCMP:
 951        case WLAN_CIPHER_SUITE_CCMP_256:
 952                if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
 953                        return;
 954                if (tid < 0)
 955                        pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
 956                else
 957                        pn = key->u.ccmp.rx_pn[tid];
 958                memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
 959                break;
 960        case WLAN_CIPHER_SUITE_AES_CMAC:
 961        case WLAN_CIPHER_SUITE_BIP_CMAC_256:
 962                if (WARN_ON(tid != 0))
 963                        return;
 964                pn = key->u.aes_cmac.rx_pn;
 965                memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
 966                break;
 967        case WLAN_CIPHER_SUITE_BIP_GMAC_128:
 968        case WLAN_CIPHER_SUITE_BIP_GMAC_256:
 969                if (WARN_ON(tid != 0))
 970                        return;
 971                pn = key->u.aes_gmac.rx_pn;
 972                memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
 973                break;
 974        case WLAN_CIPHER_SUITE_GCMP:
 975        case WLAN_CIPHER_SUITE_GCMP_256:
 976                if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
 977                        return;
 978                if (tid < 0)
 979                        pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
 980                else
 981                        pn = key->u.gcmp.rx_pn[tid];
 982                memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
 983                break;
 984        }
 985}
 986EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
 987
 988void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
 989                              int tid, struct ieee80211_key_seq *seq)
 990{
 991        struct ieee80211_key *key;
 992        u8 *pn;
 993
 994        key = container_of(keyconf, struct ieee80211_key, conf);
 995
 996        switch (key->conf.cipher) {
 997        case WLAN_CIPHER_SUITE_TKIP:
 998                if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
 999                        return;
1000                key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;

1001                key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1002                break;
1003        case WLAN_CIPHER_SUITE_CCMP:
1004        case WLAN_CIPHER_SUITE_CCMP_256:
1005                if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1006                        return;
1007                if (tid < 0)
1008                        pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1009                else
1010                        pn = key->u.ccmp.rx_pn[tid];
1011                memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1012                break;
1013        case WLAN_CIPHER_SUITE_AES_CMAC:
1014        case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1015                if (WARN_ON(tid != 0))
1016                        return;
1017                pn = key->u.aes_cmac.rx_pn;
1018                memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1019                break;
1020        case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1021        case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1022                if (WARN_ON(tid != 0))
1023                        return;
1024                pn = key->u.aes_gmac.rx_pn;
1025                memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1026                break;
1027        case WLAN_CIPHER_SUITE_GCMP:
1028        case WLAN_CIPHER_SUITE_GCMP_256:
1029                if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1030                        return;
1031                if (tid < 0)
1032                        pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1033                else
1034                        pn = key->u.gcmp.rx_pn[tid];
1035                memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1036                break;
1037        default:
1038                WARN_ON(1);
1039                break;
1040        }
1041}
1042EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1043
1044void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1045{
1046        struct ieee80211_key *key;
1047
1048        key = container_of(keyconf, struct ieee80211_key, conf);
1049
1050        assert_key_lock(key->local);
1051
1052        /*
1053         * if key was uploaded, we assume the driver will/has remove(d)
1054         * it, so adjust bookkeeping accordingly
1055         */
1056        if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1057                key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1058
1059                if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
1060                      (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1061                        increment_tailroom_need_count(key->sdata);
1062        }
1063
1064        ieee80211_key_free(key, false);
1065}
1066EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1067
1068struct ieee80211_key_conf *
1069ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1070                        struct ieee80211_key_conf *keyconf)
1071{
1072        struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1073        struct ieee80211_local *local = sdata->local;
1074        struct ieee80211_key *key;
1075        int err;
1076
1077        if (WARN_ON(!local->wowlan))
1078                return ERR_PTR(-EINVAL);
1079
1080        if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1081                return ERR_PTR(-EINVAL);
1082
1083        key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1084                                  keyconf->keylen, keyconf->key,
1085                                  0, NULL, NULL);
1086        if (IS_ERR(key))
1087                return ERR_CAST(key);
1088
1089        if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1090                key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1091
1092        err = ieee80211_key_link(key, sdata, NULL);
1093        if (err)
1094                return ERR_PTR(err);
1095
1096        return &key->conf;
1097}
1098EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1099