search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
printf: Remove unused 'bprintf'
[drm/drm-misc.git] / net / mac80211 / key.c
blob67ecfea2298294debe442d2103e3c82d4fc63712
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright 2015-2017 Intel Deutschland GmbH
9 * Copyright 2018-2020, 2022-2024 Intel Corporation
10 */
11
12 #include <crypto/utils.h>
13 #include <linux/if_ether.h>
14 #include <linux/etherdevice.h>
15 #include <linux/list.h>
16 #include <linux/rcupdate.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/slab.h>
19 #include <linux/export.h>
20 #include <net/mac80211.h>
21 #include <linux/unaligned.h>
22 #include "ieee80211_i.h"
23 #include "driver-ops.h"
24 #include "debugfs_key.h"
25 #include "aes_ccm.h"
26 #include "aes_cmac.h"
27 #include "aes_gmac.h"
28 #include "aes_gcm.h"
29
30
31 /**
32 * DOC: Key handling basics
33 *
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
37 *
38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
45 *
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
52 */
53
54 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55
56 static void
57 update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
58 {
59 struct ieee80211_sub_if_data *vlan;
60
61 if (sdata->vif.type != NL80211_IFTYPE_AP)
62 return;
63
64 /* crypto_tx_tailroom_needed_cnt is protected by this */
65 lockdep_assert_wiphy(sdata->local->hw.wiphy);
66
67 rcu_read_lock();
68
69 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
70 vlan->crypto_tx_tailroom_needed_cnt += delta;
71
72 rcu_read_unlock();
73 }
74
75 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
76 {
77 /*
78 * When this count is zero, SKB resizing for allocating tailroom
79 * for IV or MMIC is skipped. But, this check has created two race
80 * cases in xmit path while transiting from zero count to one:
81 *
82 * 1. SKB resize was skipped because no key was added but just before
83 * the xmit key is added and SW encryption kicks off.
84 *
85 * 2. SKB resize was skipped because all the keys were hw planted but
86 * just before xmit one of the key is deleted and SW encryption kicks
87 * off.
88 *
89 * In both the above case SW encryption will find not enough space for
90 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
91 *
92 * Solution has been explained at
93 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
94 */
95
96 lockdep_assert_wiphy(sdata->local->hw.wiphy);
97
98 update_vlan_tailroom_need_count(sdata, 1);
99
100 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
101 /*
102 * Flush all XMIT packets currently using HW encryption or no
103 * encryption at all if the count transition is from 0 -> 1.
104 */
105 synchronize_net();
106 }
107 }
108
109 static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
110 int delta)
111 {
112 lockdep_assert_wiphy(sdata->local->hw.wiphy);
113
114 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
115
116 update_vlan_tailroom_need_count(sdata, -delta);
117 sdata->crypto_tx_tailroom_needed_cnt -= delta;
118 }
119
120 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
121 {
122 struct ieee80211_sub_if_data *sdata = key->sdata;
123 struct sta_info *sta;
124 int ret = -EOPNOTSUPP;
125
126 might_sleep();
127 lockdep_assert_wiphy(key->local->hw.wiphy);
128
129 if (key->flags & KEY_FLAG_TAINTED) {
130 /* If we get here, it's during resume and the key is
131 * tainted so shouldn't be used/programmed any more.
132 * However, its flags may still indicate that it was
133 * programmed into the device (since we're in resume)
134 * so clear that flag now to avoid trying to remove
135 * it again later.
136 */
137 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
138 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
139 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
140 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
141 increment_tailroom_need_count(sdata);
142
143 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
144 return -EINVAL;
145 }
146
147 if (!key->local->ops->set_key)
148 goto out_unsupported;
149
150 sta = key->sta;
151
152 /*
153 * If this is a per-STA GTK, check if it
154 * is supported; if not, return.
155 */
156 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
157 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
158 goto out_unsupported;
159
160 if (sta && !sta->uploaded)
161 goto out_unsupported;
162
163 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
164 /*
165 * The driver doesn't know anything about VLAN interfaces.
166 * Hence, don't send GTKs for VLAN interfaces to the driver.
167 */
168 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
169 ret = 1;
170 goto out_unsupported;
171 }
172 }
173
174 if (key->conf.link_id >= 0 && sdata->vif.active_links &&
175 !(sdata->vif.active_links & BIT(key->conf.link_id)))
176 return 0;
177
178 ret = drv_set_key(key->local, SET_KEY, sdata,
179 sta ? &sta->sta : NULL, &key->conf);
180
181 if (!ret) {
182 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
183
184 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
185 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
186 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
187 decrease_tailroom_need_count(sdata, 1);
188
189 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
190 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
191
192 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
193 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
194
195 return 0;
196 }
197
198 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
199 sdata_err(sdata,
200 "failed to set key (%d, %pM) to hardware (%d)\n",
201 key->conf.keyidx,
202 sta ? sta->sta.addr : bcast_addr, ret);
203
204 out_unsupported:
205 switch (key->conf.cipher) {
206 case WLAN_CIPHER_SUITE_WEP40:
207 case WLAN_CIPHER_SUITE_WEP104:
208 case WLAN_CIPHER_SUITE_TKIP:
209 case WLAN_CIPHER_SUITE_CCMP:
210 case WLAN_CIPHER_SUITE_CCMP_256:
211 case WLAN_CIPHER_SUITE_GCMP:
212 case WLAN_CIPHER_SUITE_GCMP_256:
213 case WLAN_CIPHER_SUITE_AES_CMAC:
214 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
215 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
216 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
217 /* all of these we can do in software - if driver can */
218 if (ret == 1)
219 return 0;
220 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
221 return -EINVAL;
222 return 0;
223 default:
224 return -EINVAL;
225 }
226 }
227
228 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
229 {
230 struct ieee80211_sub_if_data *sdata;
231 struct sta_info *sta;
232 int ret;
233
234 might_sleep();
235
236 if (!key || !key->local->ops->set_key)
237 return;
238
239 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
240 return;
241
242 sta = key->sta;
243 sdata = key->sdata;
244
245 lockdep_assert_wiphy(key->local->hw.wiphy);
246
247 if (key->conf.link_id >= 0 && sdata->vif.active_links &&
248 !(sdata->vif.active_links & BIT(key->conf.link_id)))
249 return;
250
251 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
252 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
253 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
254 increment_tailroom_need_count(sdata);
255
256 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
257 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
258 sta ? &sta->sta : NULL, &key->conf);
259
260 if (ret)
261 sdata_err(sdata,
262 "failed to remove key (%d, %pM) from hardware (%d)\n",
263 key->conf.keyidx,
264 sta ? sta->sta.addr : bcast_addr, ret);
265 }
266
267 static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
268 {
269 struct sta_info *sta = key->sta;
270 struct ieee80211_local *local = key->local;
271
272 lockdep_assert_wiphy(local->hw.wiphy);
273
274 set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
275
276 sta->ptk_idx = key->conf.keyidx;
277
278 if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
279 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
280 ieee80211_check_fast_xmit(sta);
281
282 return 0;
283 }
284
285 int ieee80211_set_tx_key(struct ieee80211_key *key)
286 {
287 return _ieee80211_set_tx_key(key, false);
288 }
289
290 static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
291 struct ieee80211_key *new)
292 {
293 struct ieee80211_local *local = new->local;
294 struct sta_info *sta = new->sta;
295 int i;
296
297 lockdep_assert_wiphy(local->hw.wiphy);
298
299 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
300 /* Extended Key ID key install, initial one or rekey */
301
302 if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
303 !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
304 /* Aggregation Sessions with Extended Key ID must not
305 * mix MPDUs with different keyIDs within one A-MPDU.
306 * Tear down running Tx aggregation sessions and block
307 * new Rx/Tx aggregation requests during rekey to
308 * ensure there are no A-MPDUs when the driver is not
309 * supporting A-MPDU key borders. (Blocking Tx only
310 * would be sufficient but WLAN_STA_BLOCK_BA gets the
311 * job done for the few ms we need it.)
312 */
313 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
314 for (i = 0; i < IEEE80211_NUM_TIDS; i++)
315 __ieee80211_stop_tx_ba_session(sta, i,
316 AGG_STOP_LOCAL_REQUEST);
317 }
318 } else if (old) {
319 /* Rekey without Extended Key ID.
320 * Aggregation sessions are OK when running on SW crypto.
321 * A broken remote STA may cause issues not observed with HW
322 * crypto, though.
323 */
324 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
325 return;
326
327 /* Stop Tx till we are on the new key */
328 old->flags |= KEY_FLAG_TAINTED;
329 ieee80211_clear_fast_xmit(sta);
330 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
331 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
332 ieee80211_sta_tear_down_BA_sessions(sta,
333 AGG_STOP_LOCAL_REQUEST);
334 }
335 if (!wiphy_ext_feature_isset(local->hw.wiphy,
336 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
337 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
338 sta->sta.addr);
339 /* Flushing the driver queues *may* help prevent
340 * the clear text leaks and freezes.
341 */
342 ieee80211_flush_queues(local, old->sdata, false);
343 }
344 }
345 }
346
347 static void __ieee80211_set_default_key(struct ieee80211_link_data *link,
348 int idx, bool uni, bool multi)
349 {
350 struct ieee80211_sub_if_data *sdata = link->sdata;
351 struct ieee80211_key *key = NULL;
352
353 lockdep_assert_wiphy(sdata->local->hw.wiphy);
354
355 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) {
356 key = wiphy_dereference(sdata->local->hw.wiphy,
357 sdata->keys[idx]);
358 if (!key)
359 key = wiphy_dereference(sdata->local->hw.wiphy,
360 link->gtk[idx]);
361 }
362
363 if (uni) {
364 rcu_assign_pointer(sdata->default_unicast_key, key);
365 ieee80211_check_fast_xmit_iface(sdata);
366 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
367 drv_set_default_unicast_key(sdata->local, sdata, idx);
368 }
369
370 if (multi)
371 rcu_assign_pointer(link->default_multicast_key, key);
372
373 ieee80211_debugfs_key_update_default(sdata);
374 }
375
376 void ieee80211_set_default_key(struct ieee80211_link_data *link, int idx,
377 bool uni, bool multi)
378 {
379 lockdep_assert_wiphy(link->sdata->local->hw.wiphy);
380
381 __ieee80211_set_default_key(link, idx, uni, multi);
382 }
383
384 static void
385 __ieee80211_set_default_mgmt_key(struct ieee80211_link_data *link, int idx)
386 {
387 struct ieee80211_sub_if_data *sdata = link->sdata;
388 struct ieee80211_key *key = NULL;
389
390 lockdep_assert_wiphy(sdata->local->hw.wiphy);
391
392 if (idx >= NUM_DEFAULT_KEYS &&
393 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
394 key = wiphy_dereference(sdata->local->hw.wiphy,
395 link->gtk[idx]);
396
397 rcu_assign_pointer(link->default_mgmt_key, key);
398
399 ieee80211_debugfs_key_update_default(sdata);
400 }
401
402 void ieee80211_set_default_mgmt_key(struct ieee80211_link_data *link,
403 int idx)
404 {
405 lockdep_assert_wiphy(link->sdata->local->hw.wiphy);
406
407 __ieee80211_set_default_mgmt_key(link, idx);
408 }
409
410 static void
411 __ieee80211_set_default_beacon_key(struct ieee80211_link_data *link, int idx)
412 {
413 struct ieee80211_sub_if_data *sdata = link->sdata;
414 struct ieee80211_key *key = NULL;
415
416 lockdep_assert_wiphy(sdata->local->hw.wiphy);
417
418 if (idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS &&
419 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
420 NUM_DEFAULT_BEACON_KEYS)
421 key = wiphy_dereference(sdata->local->hw.wiphy,
422 link->gtk[idx]);
423
424 rcu_assign_pointer(link->default_beacon_key, key);
425
426 ieee80211_debugfs_key_update_default(sdata);
427 }
428
429 void ieee80211_set_default_beacon_key(struct ieee80211_link_data *link,
430 int idx)
431 {
432 lockdep_assert_wiphy(link->sdata->local->hw.wiphy);
433
434 __ieee80211_set_default_beacon_key(link, idx);
435 }
436
437 static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
438 struct ieee80211_link_data *link,
439 struct sta_info *sta,
440 bool pairwise,
441 struct ieee80211_key *old,
442 struct ieee80211_key *new)
443 {
444 struct link_sta_info *link_sta = sta ? &sta->deflink : NULL;
445 int link_id;
446 int idx;
447 int ret = 0;
448 bool defunikey, defmultikey, defmgmtkey, defbeaconkey;
449 bool is_wep;
450
451 lockdep_assert_wiphy(sdata->local->hw.wiphy);
452
453 /* caller must provide at least one old/new */
454 if (WARN_ON(!new && !old))
455 return 0;
456
457 if (new) {
458 idx = new->conf.keyidx;
459 is_wep = new->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
460 new->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
461 link_id = new->conf.link_id;
462 } else {
463 idx = old->conf.keyidx;
464 is_wep = old->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
465 old->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
466 link_id = old->conf.link_id;
467 }
468
469 if (WARN(old && old->conf.link_id != link_id,
470 "old link ID %d doesn't match new link ID %d\n",
471 old->conf.link_id, link_id))
472 return -EINVAL;
473
474 if (link_id >= 0) {
475 if (!link) {
476 link = sdata_dereference(sdata->link[link_id], sdata);
477 if (!link)
478 return -ENOLINK;
479 }
480
481 if (sta) {
482 link_sta = rcu_dereference_protected(sta->link[link_id],
483 lockdep_is_held(&sta->local->hw.wiphy->mtx));
484 if (!link_sta)
485 return -ENOLINK;
486 }
487 } else {
488 link = &sdata->deflink;
489 }
490
491 if ((is_wep || pairwise) && idx >= NUM_DEFAULT_KEYS)
492 return -EINVAL;
493
494 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
495
496 if (new && sta && pairwise) {
497 /* Unicast rekey needs special handling. With Extended Key ID
498 * old is still NULL for the first rekey.
499 */
500 ieee80211_pairwise_rekey(old, new);
501 }
502
503 if (old) {
504 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
505 ieee80211_key_disable_hw_accel(old);
506
507 if (new)
508 ret = ieee80211_key_enable_hw_accel(new);
509 }
510 } else {
511 if (!new->local->wowlan)
512 ret = ieee80211_key_enable_hw_accel(new);
513 else
514 new->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
515 }
516
517 if (ret)
518 return ret;
519
520 if (new)
521 list_add_tail_rcu(&new->list, &sdata->key_list);
522
523 if (sta) {
524 if (pairwise) {
525 rcu_assign_pointer(sta->ptk[idx], new);
526 if (new &&
527 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX))
528 _ieee80211_set_tx_key(new, true);
529 } else {
530 rcu_assign_pointer(link_sta->gtk[idx], new);
531 }
532 /* Only needed for transition from no key -> key.
533 * Still triggers unnecessary when using Extended Key ID
534 * and installing the second key ID the first time.
535 */
536 if (new && !old)
537 ieee80211_check_fast_rx(sta);
538 } else {
539 defunikey = old &&
540 old == wiphy_dereference(sdata->local->hw.wiphy,
541 sdata->default_unicast_key);
542 defmultikey = old &&
543 old == wiphy_dereference(sdata->local->hw.wiphy,
544 link->default_multicast_key);
545 defmgmtkey = old &&
546 old == wiphy_dereference(sdata->local->hw.wiphy,
547 link->default_mgmt_key);
548 defbeaconkey = old &&
549 old == wiphy_dereference(sdata->local->hw.wiphy,
550 link->default_beacon_key);
551
552 if (defunikey && !new)
553 __ieee80211_set_default_key(link, -1, true, false);
554 if (defmultikey && !new)
555 __ieee80211_set_default_key(link, -1, false, true);
556 if (defmgmtkey && !new)
557 __ieee80211_set_default_mgmt_key(link, -1);
558 if (defbeaconkey && !new)
559 __ieee80211_set_default_beacon_key(link, -1);
560
561 if (is_wep || pairwise)
562 rcu_assign_pointer(sdata->keys[idx], new);
563 else
564 rcu_assign_pointer(link->gtk[idx], new);
565
566 if (defunikey && new)
567 __ieee80211_set_default_key(link, new->conf.keyidx,
568 true, false);
569 if (defmultikey && new)
570 __ieee80211_set_default_key(link, new->conf.keyidx,
571 false, true);
572 if (defmgmtkey && new)
573 __ieee80211_set_default_mgmt_key(link,
574 new->conf.keyidx);
575 if (defbeaconkey && new)
576 __ieee80211_set_default_beacon_key(link,
577 new->conf.keyidx);
578 }
579
580 if (old)
581 list_del_rcu(&old->list);
582
583 return 0;
584 }
585
586 struct ieee80211_key *
587 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
588 const u8 *key_data,
589 size_t seq_len, const u8 *seq)
590 {
591 struct ieee80211_key *key;
592 int i, j, err;
593
594 if (WARN_ON(idx < 0 ||
595 idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
596 NUM_DEFAULT_BEACON_KEYS))
597 return ERR_PTR(-EINVAL);
598
599 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
600 if (!key)
601 return ERR_PTR(-ENOMEM);
602
603 /*
604 * Default to software encryption; we'll later upload the
605 * key to the hardware if possible.
606 */
607 key->conf.flags = 0;
608 key->flags = 0;
609
610 key->conf.link_id = -1;
611 key->conf.cipher = cipher;
612 key->conf.keyidx = idx;
613 key->conf.keylen = key_len;
614 switch (cipher) {
615 case WLAN_CIPHER_SUITE_WEP40:
616 case WLAN_CIPHER_SUITE_WEP104:
617 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
618 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
619 break;
620 case WLAN_CIPHER_SUITE_TKIP:
621 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
622 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
623 if (seq) {
624 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
625 key->u.tkip.rx[i].iv32 =
626 get_unaligned_le32(&seq[2]);
627 key->u.tkip.rx[i].iv16 =
628 get_unaligned_le16(seq);
629 }
630 }
631 spin_lock_init(&key->u.tkip.txlock);
632 break;
633 case WLAN_CIPHER_SUITE_CCMP:
634 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
635 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
636 if (seq) {
637 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
638 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
639 key->u.ccmp.rx_pn[i][j] =
640 seq[IEEE80211_CCMP_PN_LEN - j - 1];
641 }
642 /*
643 * Initialize AES key state here as an optimization so that
644 * it does not need to be initialized for every packet.
645 */
646 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
647 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
648 if (IS_ERR(key->u.ccmp.tfm)) {
649 err = PTR_ERR(key->u.ccmp.tfm);
650 kfree(key);
651 return ERR_PTR(err);
652 }
653 break;
654 case WLAN_CIPHER_SUITE_CCMP_256:
655 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
656 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
657 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
658 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
659 key->u.ccmp.rx_pn[i][j] =
660 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
661 /* Initialize AES key state here as an optimization so that
662 * it does not need to be initialized for every packet.
663 */
664 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
665 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
666 if (IS_ERR(key->u.ccmp.tfm)) {
667 err = PTR_ERR(key->u.ccmp.tfm);
668 kfree(key);
669 return ERR_PTR(err);
670 }
671 break;
672 case WLAN_CIPHER_SUITE_AES_CMAC:
673 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
674 key->conf.iv_len = 0;
675 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
676 key->conf.icv_len = sizeof(struct ieee80211_mmie);
677 else
678 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
679 if (seq)
680 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
681 key->u.aes_cmac.rx_pn[j] =
682 seq[IEEE80211_CMAC_PN_LEN - j - 1];
683 /*
684 * Initialize AES key state here as an optimization so that
685 * it does not need to be initialized for every packet.
686 */
687 key->u.aes_cmac.tfm =
688 ieee80211_aes_cmac_key_setup(key_data, key_len);
689 if (IS_ERR(key->u.aes_cmac.tfm)) {
690 err = PTR_ERR(key->u.aes_cmac.tfm);
691 kfree(key);
692 return ERR_PTR(err);
693 }
694 break;
695 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
696 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
697 key->conf.iv_len = 0;
698 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
699 if (seq)
700 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
701 key->u.aes_gmac.rx_pn[j] =
702 seq[IEEE80211_GMAC_PN_LEN - j - 1];
703 /* Initialize AES key state here as an optimization so that
704 * it does not need to be initialized for every packet.
705 */
706 key->u.aes_gmac.tfm =
707 ieee80211_aes_gmac_key_setup(key_data, key_len);
708 if (IS_ERR(key->u.aes_gmac.tfm)) {
709 err = PTR_ERR(key->u.aes_gmac.tfm);
710 kfree(key);
711 return ERR_PTR(err);
712 }
713 break;
714 case WLAN_CIPHER_SUITE_GCMP:
715 case WLAN_CIPHER_SUITE_GCMP_256:
716 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
717 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
718 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
719 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
720 key->u.gcmp.rx_pn[i][j] =
721 seq[IEEE80211_GCMP_PN_LEN - j - 1];
722 /* Initialize AES key state here as an optimization so that
723 * it does not need to be initialized for every packet.
724 */
725 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
726 key_len);
727 if (IS_ERR(key->u.gcmp.tfm)) {
728 err = PTR_ERR(key->u.gcmp.tfm);
729 kfree(key);
730 return ERR_PTR(err);
731 }
732 break;
733 }
734 memcpy(key->conf.key, key_data, key_len);
735 INIT_LIST_HEAD(&key->list);
736
737 return key;
738 }
739
740 static void ieee80211_key_free_common(struct ieee80211_key *key)
741 {
742 switch (key->conf.cipher) {
743 case WLAN_CIPHER_SUITE_CCMP:
744 case WLAN_CIPHER_SUITE_CCMP_256:
745 ieee80211_aes_key_free(key->u.ccmp.tfm);
746 break;
747 case WLAN_CIPHER_SUITE_AES_CMAC:
748 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
749 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
750 break;
751 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
752 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
753 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
754 break;
755 case WLAN_CIPHER_SUITE_GCMP:
756 case WLAN_CIPHER_SUITE_GCMP_256:
757 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
758 break;
759 }
760 kfree_sensitive(key);
761 }
762
763 static void __ieee80211_key_destroy(struct ieee80211_key *key,
764 bool delay_tailroom)
765 {
766 if (key->local) {
767 struct ieee80211_sub_if_data *sdata = key->sdata;
768
769 ieee80211_debugfs_key_remove(key);
770
771 if (delay_tailroom) {
772 /* see ieee80211_delayed_tailroom_dec */
773 sdata->crypto_tx_tailroom_pending_dec++;
774 wiphy_delayed_work_queue(sdata->local->hw.wiphy,
775 &sdata->dec_tailroom_needed_wk,
776 HZ / 2);
777 } else {
778 decrease_tailroom_need_count(sdata, 1);
779 }
780 }
781
782 ieee80211_key_free_common(key);
783 }
784
785 static void ieee80211_key_destroy(struct ieee80211_key *key,
786 bool delay_tailroom)
787 {
788 if (!key)
789 return;
790
791 /*
792 * Synchronize so the TX path and rcu key iterators
793 * can no longer be using this key before we free/remove it.
794 */
795 synchronize_net();
796
797 __ieee80211_key_destroy(key, delay_tailroom);
798 }
799
800 void ieee80211_key_free_unused(struct ieee80211_key *key)
801 {
802 if (!key)
803 return;
804
805 WARN_ON(key->sdata || key->local);
806 ieee80211_key_free_common(key);
807 }
808
809 static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
810 struct ieee80211_key *old,
811 struct ieee80211_key *new)
812 {
813 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
814 u8 *tk_old, *tk_new;
815
816 if (!old || new->conf.keylen != old->conf.keylen)
817 return false;
818
819 tk_old = old->conf.key;
820 tk_new = new->conf.key;
821
822 /*
823 * In station mode, don't compare the TX MIC key, as it's never used
824 * and offloaded rekeying may not care to send it to the host. This
825 * is the case in iwlwifi, for example.
826 */
827 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
828 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
829 new->conf.keylen == WLAN_KEY_LEN_TKIP &&
830 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
831 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
832 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
833 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
834 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
835 tk_old = tkip_old;
836 tk_new = tkip_new;
837 }
838
839 return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
840 }
841
842 int ieee80211_key_link(struct ieee80211_key *key,
843 struct ieee80211_link_data *link,
844 struct sta_info *sta)
845 {
846 struct ieee80211_sub_if_data *sdata = link->sdata;
847 static atomic_t key_color = ATOMIC_INIT(0);
848 struct ieee80211_key *old_key = NULL;
849 int idx = key->conf.keyidx;
850 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
851 /*
852 * We want to delay tailroom updates only for station - in that
853 * case it helps roaming speed, but in other cases it hurts and
854 * can cause warnings to appear.
855 */
856 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
857 int ret;
858
859 lockdep_assert_wiphy(sdata->local->hw.wiphy);
860
861 if (sta && pairwise) {
862 struct ieee80211_key *alt_key;
863
864 old_key = wiphy_dereference(sdata->local->hw.wiphy,
865 sta->ptk[idx]);
866 alt_key = wiphy_dereference(sdata->local->hw.wiphy,
867 sta->ptk[idx ^ 1]);
868
869 /* The rekey code assumes that the old and new key are using
870 * the same cipher. Enforce the assumption for pairwise keys.
871 */
872 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
873 (old_key && old_key->conf.cipher != key->conf.cipher)) {
874 ret = -EOPNOTSUPP;
875 goto out;
876 }
877 } else if (sta) {
878 struct link_sta_info *link_sta = &sta->deflink;
879 int link_id = key->conf.link_id;
880
881 if (link_id >= 0) {
882 link_sta = rcu_dereference_protected(sta->link[link_id],
883 lockdep_is_held(&sta->local->hw.wiphy->mtx));
884 if (!link_sta) {
885 ret = -ENOLINK;
886 goto out;
887 }
888 }
889
890 old_key = wiphy_dereference(sdata->local->hw.wiphy,
891 link_sta->gtk[idx]);
892 } else {
893 if (idx < NUM_DEFAULT_KEYS)
894 old_key = wiphy_dereference(sdata->local->hw.wiphy,
895 sdata->keys[idx]);
896 if (!old_key)
897 old_key = wiphy_dereference(sdata->local->hw.wiphy,
898 link->gtk[idx]);
899 }
900
901 /* Non-pairwise keys must also not switch the cipher on rekey */
902 if (!pairwise) {
903 if (old_key && old_key->conf.cipher != key->conf.cipher) {
904 ret = -EOPNOTSUPP;
905 goto out;
906 }
907 }
908
909 /*
910 * Silently accept key re-installation without really installing the
911 * new version of the key to avoid nonce reuse or replay issues.
912 */
913 if (ieee80211_key_identical(sdata, old_key, key)) {
914 ret = -EALREADY;
915 goto out;
916 }
917
918 key->local = sdata->local;
919 key->sdata = sdata;
920 key->sta = sta;
921
922 /*
923 * Assign a unique ID to every key so we can easily prevent mixed
924 * key and fragment cache attacks.
925 */
926 key->color = atomic_inc_return(&key_color);
927
928 /* keep this flag for easier access later */
929 if (sta && sta->sta.spp_amsdu)
930 key->conf.flags |= IEEE80211_KEY_FLAG_SPP_AMSDU;
931
932 increment_tailroom_need_count(sdata);
933
934 ret = ieee80211_key_replace(sdata, link, sta, pairwise, old_key, key);
935
936 if (!ret) {
937 ieee80211_debugfs_key_add(key);
938 ieee80211_key_destroy(old_key, delay_tailroom);
939 } else {
940 ieee80211_key_free(key, delay_tailroom);
941 }
942
943 key = NULL;
944
945 out:
946 ieee80211_key_free_unused(key);
947 return ret;
948 }
949
950 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
951 {
952 if (!key)
953 return;
954
955 /*
956 * Replace key with nothingness if it was ever used.
957 */
958 if (key->sdata)
959 ieee80211_key_replace(key->sdata, NULL, key->sta,
960 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
961 key, NULL);
962 ieee80211_key_destroy(key, delay_tailroom);
963 }
964
965 void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
966 {
967 struct ieee80211_key *key;
968 struct ieee80211_sub_if_data *vlan;
969
970 lockdep_assert_wiphy(sdata->local->hw.wiphy);
971
972 sdata->crypto_tx_tailroom_needed_cnt = 0;
973 sdata->crypto_tx_tailroom_pending_dec = 0;
974
975 if (sdata->vif.type == NL80211_IFTYPE_AP) {
976 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
977 vlan->crypto_tx_tailroom_needed_cnt = 0;
978 vlan->crypto_tx_tailroom_pending_dec = 0;
979 }
980 }
981
982 if (ieee80211_sdata_running(sdata)) {
983 list_for_each_entry(key, &sdata->key_list, list) {
984 increment_tailroom_need_count(sdata);
985 ieee80211_key_enable_hw_accel(key);
986 }
987 }
988 }
989
990 static void
991 ieee80211_key_iter(struct ieee80211_hw *hw,
992 struct ieee80211_vif *vif,
993 struct ieee80211_key *key,
994 void (*iter)(struct ieee80211_hw *hw,
995 struct ieee80211_vif *vif,
996 struct ieee80211_sta *sta,
997 struct ieee80211_key_conf *key,
998 void *data),
999 void *iter_data)
1000 {
1001 /* skip keys of station in removal process */
1002 if (key->sta && key->sta->removed)
1003 return;
1004 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
1005 return;
1006 iter(hw, vif, key->sta ? &key->sta->sta : NULL,
1007 &key->conf, iter_data);
1008 }
1009
1010 void ieee80211_iter_keys(struct ieee80211_hw *hw,
1011 struct ieee80211_vif *vif,
1012 void (*iter)(struct ieee80211_hw *hw,
1013 struct ieee80211_vif *vif,
1014 struct ieee80211_sta *sta,
1015 struct ieee80211_key_conf *key,
1016 void *data),
1017 void *iter_data)
1018 {
1019 struct ieee80211_local *local = hw_to_local(hw);
1020 struct ieee80211_key *key, *tmp;
1021 struct ieee80211_sub_if_data *sdata;
1022
1023 lockdep_assert_wiphy(hw->wiphy);
1024
1025 if (vif) {
1026 sdata = vif_to_sdata(vif);
1027 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
1028 ieee80211_key_iter(hw, vif, key, iter, iter_data);
1029 } else {
1030 list_for_each_entry(sdata, &local->interfaces, list)
1031 list_for_each_entry_safe(key, tmp,
1032 &sdata->key_list, list)
1033 ieee80211_key_iter(hw, &sdata->vif, key,
1034 iter, iter_data);
1035 }
1036 }
1037 EXPORT_SYMBOL(ieee80211_iter_keys);
1038
1039 static void
1040 _ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
1041 struct ieee80211_sub_if_data *sdata,
1042 void (*iter)(struct ieee80211_hw *hw,
1043 struct ieee80211_vif *vif,
1044 struct ieee80211_sta *sta,
1045 struct ieee80211_key_conf *key,
1046 void *data),
1047 void *iter_data)
1048 {
1049 struct ieee80211_key *key;
1050
1051 list_for_each_entry_rcu(key, &sdata->key_list, list)
1052 ieee80211_key_iter(hw, &sdata->vif, key, iter, iter_data);
1053 }
1054
1055 void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
1056 struct ieee80211_vif *vif,
1057 void (*iter)(struct ieee80211_hw *hw,
1058 struct ieee80211_vif *vif,
1059 struct ieee80211_sta *sta,
1060 struct ieee80211_key_conf *key,
1061 void *data),
1062 void *iter_data)
1063 {
1064 struct ieee80211_local *local = hw_to_local(hw);
1065 struct ieee80211_sub_if_data *sdata;
1066
1067 if (vif) {
1068 sdata = vif_to_sdata(vif);
1069 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1070 } else {
1071 list_for_each_entry_rcu(sdata, &local->interfaces, list)
1072 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1073 }
1074 }
1075 EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
1076
1077 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
1078 struct list_head *keys)
1079 {
1080 struct ieee80211_key *key, *tmp;
1081
1082 decrease_tailroom_need_count(sdata,
1083 sdata->crypto_tx_tailroom_pending_dec);
1084 sdata->crypto_tx_tailroom_pending_dec = 0;
1085
1086 ieee80211_debugfs_key_remove_mgmt_default(sdata);
1087 ieee80211_debugfs_key_remove_beacon_default(sdata);
1088
1089 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1090 ieee80211_key_replace(key->sdata, NULL, key->sta,
1091 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1092 key, NULL);
1093 list_add_tail(&key->list, keys);
1094 }
1095
1096 ieee80211_debugfs_key_update_default(sdata);
1097 }
1098
1099 void ieee80211_remove_link_keys(struct ieee80211_link_data *link,
1100 struct list_head *keys)
1101 {
1102 struct ieee80211_sub_if_data *sdata = link->sdata;
1103 struct ieee80211_local *local = sdata->local;
1104 struct ieee80211_key *key, *tmp;
1105
1106 lockdep_assert_wiphy(local->hw.wiphy);
1107
1108 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1109 if (key->conf.link_id != link->link_id)
1110 continue;
1111 ieee80211_key_replace(key->sdata, link, key->sta,
1112 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1113 key, NULL);
1114 list_add_tail(&key->list, keys);
1115 }
1116 }
1117
1118 void ieee80211_free_key_list(struct ieee80211_local *local,
1119 struct list_head *keys)
1120 {
1121 struct ieee80211_key *key, *tmp;
1122
1123 lockdep_assert_wiphy(local->hw.wiphy);
1124
1125 list_for_each_entry_safe(key, tmp, keys, list)
1126 __ieee80211_key_destroy(key, false);
1127 }
1128
1129 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
1130 bool force_synchronize)
1131 {
1132 struct ieee80211_local *local = sdata->local;
1133 struct ieee80211_sub_if_data *vlan;
1134 struct ieee80211_sub_if_data *master;
1135 struct ieee80211_key *key, *tmp;
1136 LIST_HEAD(keys);
1137
1138 wiphy_delayed_work_cancel(local->hw.wiphy,
1139 &sdata->dec_tailroom_needed_wk);
1140
1141 lockdep_assert_wiphy(local->hw.wiphy);
1142
1143 ieee80211_free_keys_iface(sdata, &keys);
1144
1145 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1146 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1147 ieee80211_free_keys_iface(vlan, &keys);
1148 }
1149
1150 if (!list_empty(&keys) || force_synchronize)
1151 synchronize_net();
1152 list_for_each_entry_safe(key, tmp, &keys, list)
1153 __ieee80211_key_destroy(key, false);
1154
1155 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1156 if (sdata->bss) {
1157 master = container_of(sdata->bss,
1158 struct ieee80211_sub_if_data,
1159 u.ap);
1160
1161 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1162 master->crypto_tx_tailroom_needed_cnt);
1163 }
1164 } else {
1165 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1166 sdata->crypto_tx_tailroom_pending_dec);
1167 }
1168
1169 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1170 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1171 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1172 vlan->crypto_tx_tailroom_pending_dec);
1173 }
1174 }
1175
1176 void ieee80211_free_sta_keys(struct ieee80211_local *local,
1177 struct sta_info *sta)
1178 {
1179 struct ieee80211_key *key;
1180 int i;
1181
1182 lockdep_assert_wiphy(local->hw.wiphy);
1183
1184 for (i = 0; i < ARRAY_SIZE(sta->deflink.gtk); i++) {
1185 key = wiphy_dereference(local->hw.wiphy, sta->deflink.gtk[i]);
1186 if (!key)
1187 continue;
1188 ieee80211_key_replace(key->sdata, NULL, key->sta,
1189 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1190 key, NULL);
1191 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1192 NL80211_IFTYPE_STATION);
1193 }
1194
1195 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1196 key = wiphy_dereference(local->hw.wiphy, sta->ptk[i]);
1197 if (!key)
1198 continue;
1199 ieee80211_key_replace(key->sdata, NULL, key->sta,
1200 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1201 key, NULL);
1202 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1203 NL80211_IFTYPE_STATION);
1204 }
1205 }
1206
1207 void ieee80211_delayed_tailroom_dec(struct wiphy *wiphy,
1208 struct wiphy_work *wk)
1209 {
1210 struct ieee80211_sub_if_data *sdata;
1211
1212 sdata = container_of(wk, struct ieee80211_sub_if_data,
1213 dec_tailroom_needed_wk.work);
1214
1215 /*
1216 * The reason for the delayed tailroom needed decrementing is to
1217 * make roaming faster: during roaming, all keys are first deleted
1218 * and then new keys are installed. The first new key causes the
1219 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1220 * the cost of synchronize_net() (which can be slow). Avoid this
1221 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1222 * key removal for a while, so if we roam the value is larger than
1223 * zero and no 0->1 transition happens.
1224 *
1225 * The cost is that if the AP switching was from an AP with keys
1226 * to one without, we still allocate tailroom while it would no
1227 * longer be needed. However, in the typical (fast) roaming case
1228 * within an ESS this usually won't happen.
1229 */
1230
1231 decrease_tailroom_need_count(sdata,
1232 sdata->crypto_tx_tailroom_pending_dec);
1233 sdata->crypto_tx_tailroom_pending_dec = 0;
1234 }
1235
1236 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1237 const u8 *replay_ctr, gfp_t gfp)
1238 {
1239 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1240
1241 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1242
1243 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1244 }
1245 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1246
1247 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1248 int tid, struct ieee80211_key_seq *seq)
1249 {
1250 struct ieee80211_key *key;
1251 const u8 *pn;
1252
1253 key = container_of(keyconf, struct ieee80211_key, conf);
1254
1255 switch (key->conf.cipher) {
1256 case WLAN_CIPHER_SUITE_TKIP:
1257 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1258 return;
1259 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1260 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1261 break;
1262 case WLAN_CIPHER_SUITE_CCMP:
1263 case WLAN_CIPHER_SUITE_CCMP_256:
1264 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1265 return;
1266 if (tid < 0)
1267 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1268 else
1269 pn = key->u.ccmp.rx_pn[tid];
1270 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1271 break;
1272 case WLAN_CIPHER_SUITE_AES_CMAC:
1273 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1274 if (WARN_ON(tid != 0))
1275 return;
1276 pn = key->u.aes_cmac.rx_pn;
1277 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1278 break;
1279 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1280 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1281 if (WARN_ON(tid != 0))
1282 return;
1283 pn = key->u.aes_gmac.rx_pn;
1284 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1285 break;
1286 case WLAN_CIPHER_SUITE_GCMP:
1287 case WLAN_CIPHER_SUITE_GCMP_256:
1288 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1289 return;
1290 if (tid < 0)
1291 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1292 else
1293 pn = key->u.gcmp.rx_pn[tid];
1294 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1295 break;
1296 }
1297 }
1298 EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1299
1300 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1301 int tid, struct ieee80211_key_seq *seq)
1302 {
1303 struct ieee80211_key *key;
1304 u8 *pn;
1305
1306 key = container_of(keyconf, struct ieee80211_key, conf);
1307
1308 switch (key->conf.cipher) {
1309 case WLAN_CIPHER_SUITE_TKIP:
1310 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1311 return;
1312 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1313 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1314 break;
1315 case WLAN_CIPHER_SUITE_CCMP:
1316 case WLAN_CIPHER_SUITE_CCMP_256:
1317 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1318 return;
1319 if (tid < 0)
1320 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1321 else
1322 pn = key->u.ccmp.rx_pn[tid];
1323 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1324 break;
1325 case WLAN_CIPHER_SUITE_AES_CMAC:
1326 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1327 if (WARN_ON(tid != 0))
1328 return;
1329 pn = key->u.aes_cmac.rx_pn;
1330 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1331 break;
1332 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1333 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1334 if (WARN_ON(tid != 0))
1335 return;
1336 pn = key->u.aes_gmac.rx_pn;
1337 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1338 break;
1339 case WLAN_CIPHER_SUITE_GCMP:
1340 case WLAN_CIPHER_SUITE_GCMP_256:
1341 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1342 return;
1343 if (tid < 0)
1344 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1345 else
1346 pn = key->u.gcmp.rx_pn[tid];
1347 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1348 break;
1349 default:
1350 WARN_ON(1);
1351 break;
1352 }
1353 }
1354 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1355
1356 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1357 {
1358 struct ieee80211_key *key;
1359
1360 key = container_of(keyconf, struct ieee80211_key, conf);
1361
1362 lockdep_assert_wiphy(key->local->hw.wiphy);
1363
1364 /*
1365 * if key was uploaded, we assume the driver will/has remove(d)
1366 * it, so adjust bookkeeping accordingly
1367 */
1368 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1369 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1370
1371 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1372 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1373 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1374 increment_tailroom_need_count(key->sdata);
1375 }
1376
1377 ieee80211_key_free(key, false);
1378 }
1379 EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1380
1381 struct ieee80211_key_conf *
1382 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1383 struct ieee80211_key_conf *keyconf,
1384 int link_id)
1385 {
1386 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1387 struct ieee80211_local *local = sdata->local;
1388 struct ieee80211_key *key;
1389 int err;
1390 struct ieee80211_link_data *link_data =
1391 link_id < 0 ? &sdata->deflink :
1392 sdata_dereference(sdata->link[link_id], sdata);
1393
1394 if (WARN_ON(!link_data))
1395 return ERR_PTR(-EINVAL);
1396
1397 if (WARN_ON(!local->wowlan))
1398 return ERR_PTR(-EINVAL);
1399
1400 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1401 return ERR_PTR(-EINVAL);
1402
1403 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1404 keyconf->keylen, keyconf->key,
1405 0, NULL);
1406 if (IS_ERR(key))
1407 return ERR_CAST(key);
1408
1409 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1410 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1411
1412 key->conf.link_id = link_id;
1413
1414 err = ieee80211_key_link(key, link_data, NULL);
1415 if (err)
1416 return ERR_PTR(err);
1417
1418 return &key->conf;
1419 }
1420 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1421
1422 void ieee80211_key_mic_failure(struct ieee80211_key_conf *keyconf)
1423 {
1424 struct ieee80211_key *key;
1425
1426 key = container_of(keyconf, struct ieee80211_key, conf);
1427
1428 switch (key->conf.cipher) {
1429 case WLAN_CIPHER_SUITE_AES_CMAC:
1430 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1431 key->u.aes_cmac.icverrors++;
1432 break;
1433 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1434 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1435 key->u.aes_gmac.icverrors++;
1436 break;
1437 default:
1438 /* ignore the others for now, we don't keep counters now */
1439 break;
1440 }
1441 }
1442 EXPORT_SYMBOL_GPL(ieee80211_key_mic_failure);
1443
1444 void ieee80211_key_replay(struct ieee80211_key_conf *keyconf)
1445 {
1446 struct ieee80211_key *key;
1447
1448 key = container_of(keyconf, struct ieee80211_key, conf);
1449
1450 switch (key->conf.cipher) {
1451 case WLAN_CIPHER_SUITE_CCMP:
1452 case WLAN_CIPHER_SUITE_CCMP_256:
1453 key->u.ccmp.replays++;
1454 break;
1455 case WLAN_CIPHER_SUITE_AES_CMAC:
1456 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1457 key->u.aes_cmac.replays++;
1458 break;
1459 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1460 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1461 key->u.aes_gmac.replays++;
1462 break;
1463 case WLAN_CIPHER_SUITE_GCMP:
1464 case WLAN_CIPHER_SUITE_GCMP_256:
1465 key->u.gcmp.replays++;
1466 break;
1467 }
1468 }
1469 EXPORT_SYMBOL_GPL(ieee80211_key_replay);
1470
1471 int ieee80211_key_switch_links(struct ieee80211_sub_if_data *sdata,
1472 unsigned long del_links_mask,
1473 unsigned long add_links_mask)
1474 {
1475 struct ieee80211_key *key;
1476 int ret;
1477
1478 list_for_each_entry(key, &sdata->key_list, list) {
1479 if (key->conf.link_id < 0 ||
1480 !(del_links_mask & BIT(key->conf.link_id)))
1481 continue;
1482
1483 /* shouldn't happen for per-link keys */
1484 WARN_ON(key->sta);
1485
1486 ieee80211_key_disable_hw_accel(key);
1487 }
1488
1489 list_for_each_entry(key, &sdata->key_list, list) {
1490 if (key->conf.link_id < 0 ||
1491 !(add_links_mask & BIT(key->conf.link_id)))
1492 continue;
1493
1494 /* shouldn't happen for per-link keys */
1495 WARN_ON(key->sta);
1496
1497 ret = ieee80211_key_enable_hw_accel(key);
1498 if (ret)
1499 return ret;
1500 }
1501
1502 return 0;
1503 }
Kernel DRM miscellaneous fixes and cross-tree changes