1
2
3
4
5
6
7
8
9
10
11
12#include <linux/if_ether.h>
13#include <linux/etherdevice.h>
14#include <linux/list.h>
15#include <linux/rcupdate.h>
16#include <linux/rtnetlink.h>
17#include <linux/slab.h>
18#include <linux/export.h>
19#include <net/mac80211.h>
20#include <asm/unaligned.h>
21#include "ieee80211_i.h"
22#include "driver-ops.h"
23#include "debugfs_key.h"
24#include "aes_ccm.h"
25#include "aes_cmac.h"
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
52
53static void assert_key_lock(struct ieee80211_local *local)
54{
55 lockdep_assert_held(&local->key_mtx);
56}
57
58static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
59{
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
80
81
82
83
84 synchronize_net();
85 }
86}
87
88static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
89{
90 struct ieee80211_sub_if_data *sdata;
91 struct sta_info *sta;
92 int ret;
93
94 might_sleep();
95
96 if (!key->local->ops->set_key)
97 goto out_unsupported;
98
99 assert_key_lock(key->local);
100
101 sta = key->sta;
102
103
104
105
106
107 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
108 !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK))
109 goto out_unsupported;
110
111 if (sta && !sta->uploaded)
112 goto out_unsupported;
113
114 sdata = key->sdata;
115 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
116
117
118
119
120 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
121 goto out_unsupported;
122 }
123
124 ret = drv_set_key(key->local, SET_KEY, sdata,
125 sta ? &sta->sta : NULL, &key->conf);
126
127 if (!ret) {
128 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
129
130 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
131 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
132 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
133 sdata->crypto_tx_tailroom_needed_cnt--;
134
135 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
136 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
137
138 return 0;
139 }
140
141 if (ret != -ENOSPC && ret != -EOPNOTSUPP)
142 sdata_err(sdata,
143 "failed to set key (%d, %pM) to hardware (%d)\n",
144 key->conf.keyidx,
145 sta ? sta->sta.addr : bcast_addr, ret);
146
147 out_unsupported:
148 switch (key->conf.cipher) {
149 case WLAN_CIPHER_SUITE_WEP40:
150 case WLAN_CIPHER_SUITE_WEP104:
151 case WLAN_CIPHER_SUITE_TKIP:
152 case WLAN_CIPHER_SUITE_CCMP:
153 case WLAN_CIPHER_SUITE_AES_CMAC:
154
155 return 0;
156 default:
157 return -EINVAL;
158 }
159}
160
161static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
162{
163 struct ieee80211_sub_if_data *sdata;
164 struct sta_info *sta;
165 int ret;
166
167 might_sleep();
168
169 if (!key || !key->local->ops->set_key)
170 return;
171
172 assert_key_lock(key->local);
173
174 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
175 return;
176
177 sta = key->sta;
178 sdata = key->sdata;
179
180 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
181 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
182 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
183 increment_tailroom_need_count(sdata);
184
185 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
186 sta ? &sta->sta : NULL, &key->conf);
187
188 if (ret)
189 sdata_err(sdata,
190 "failed to remove key (%d, %pM) from hardware (%d)\n",
191 key->conf.keyidx,
192 sta ? sta->sta.addr : bcast_addr, ret);
193
194 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
195}
196
197static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
198 int idx, bool uni, bool multi)
199{
200 struct ieee80211_key *key = NULL;
201
202 assert_key_lock(sdata->local);
203
204 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
205 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
206
207 if (uni)
208 rcu_assign_pointer(sdata->default_unicast_key, key);
209 if (multi)
210 rcu_assign_pointer(sdata->default_multicast_key, key);
211
212 ieee80211_debugfs_key_update_default(sdata);
213}
214
215void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
216 bool uni, bool multi)
217{
218 mutex_lock(&sdata->local->key_mtx);
219 __ieee80211_set_default_key(sdata, idx, uni, multi);
220 mutex_unlock(&sdata->local->key_mtx);
221}
222
223static void
224__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
225{
226 struct ieee80211_key *key = NULL;
227
228 assert_key_lock(sdata->local);
229
230 if (idx >= NUM_DEFAULT_KEYS &&
231 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
232 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
233
234 rcu_assign_pointer(sdata->default_mgmt_key, key);
235
236 ieee80211_debugfs_key_update_default(sdata);
237}
238
239void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
240 int idx)
241{
242 mutex_lock(&sdata->local->key_mtx);
243 __ieee80211_set_default_mgmt_key(sdata, idx);
244 mutex_unlock(&sdata->local->key_mtx);
245}
246
247
248static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
249 struct sta_info *sta,
250 bool pairwise,
251 struct ieee80211_key *old,
252 struct ieee80211_key *new)
253{
254 int idx;
255 bool defunikey, defmultikey, defmgmtkey;
256
257 if (new)
258 list_add_tail(&new->list, &sdata->key_list);
259
260 if (sta && pairwise) {
261 rcu_assign_pointer(sta->ptk, new);
262 } else if (sta) {
263 if (old)
264 idx = old->conf.keyidx;
265 else
266 idx = new->conf.keyidx;
267 rcu_assign_pointer(sta->gtk[idx], new);
268 } else {
269 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
270
271 if (old)
272 idx = old->conf.keyidx;
273 else
274 idx = new->conf.keyidx;
275
276 defunikey = old &&
277 old == key_mtx_dereference(sdata->local,
278 sdata->default_unicast_key);
279 defmultikey = old &&
280 old == key_mtx_dereference(sdata->local,
281 sdata->default_multicast_key);
282 defmgmtkey = old &&
283 old == key_mtx_dereference(sdata->local,
284 sdata->default_mgmt_key);
285
286 if (defunikey && !new)
287 __ieee80211_set_default_key(sdata, -1, true, false);
288 if (defmultikey && !new)
289 __ieee80211_set_default_key(sdata, -1, false, true);
290 if (defmgmtkey && !new)
291 __ieee80211_set_default_mgmt_key(sdata, -1);
292
293 rcu_assign_pointer(sdata->keys[idx], new);
294 if (defunikey && new)
295 __ieee80211_set_default_key(sdata, new->conf.keyidx,
296 true, false);
297 if (defmultikey && new)
298 __ieee80211_set_default_key(sdata, new->conf.keyidx,
299 false, true);
300 if (defmgmtkey && new)
301 __ieee80211_set_default_mgmt_key(sdata,
302 new->conf.keyidx);
303 }
304
305 if (old)
306 list_del(&old->list);
307}
308
309struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
310 const u8 *key_data,
311 size_t seq_len, const u8 *seq)
312{
313 struct ieee80211_key *key;
314 int i, j, err;
315
316 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS);
317
318 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
319 if (!key)
320 return ERR_PTR(-ENOMEM);
321
322
323
324
325
326 key->conf.flags = 0;
327 key->flags = 0;
328
329 key->conf.cipher = cipher;
330 key->conf.keyidx = idx;
331 key->conf.keylen = key_len;
332 switch (cipher) {
333 case WLAN_CIPHER_SUITE_WEP40:
334 case WLAN_CIPHER_SUITE_WEP104:
335 key->conf.iv_len = WEP_IV_LEN;
336 key->conf.icv_len = WEP_ICV_LEN;
337 break;
338 case WLAN_CIPHER_SUITE_TKIP:
339 key->conf.iv_len = TKIP_IV_LEN;
340 key->conf.icv_len = TKIP_ICV_LEN;
341 if (seq) {
342 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
343 key->u.tkip.rx[i].iv32 =
344 get_unaligned_le32(&seq[2]);
345 key->u.tkip.rx[i].iv16 =
346 get_unaligned_le16(seq);
347 }
348 }
349 spin_lock_init(&key->u.tkip.txlock);
350 break;
351 case WLAN_CIPHER_SUITE_CCMP:
352 key->conf.iv_len = CCMP_HDR_LEN;
353 key->conf.icv_len = CCMP_MIC_LEN;
354 if (seq) {
355 for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++)
356 for (j = 0; j < CCMP_PN_LEN; j++)
357 key->u.ccmp.rx_pn[i][j] =
358 seq[CCMP_PN_LEN - j - 1];
359 }
360
361
362
363
364 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
365 if (IS_ERR(key->u.ccmp.tfm)) {
366 err = PTR_ERR(key->u.ccmp.tfm);
367 kfree(key);
368 return ERR_PTR(err);
369 }
370 break;
371 case WLAN_CIPHER_SUITE_AES_CMAC:
372 key->conf.iv_len = 0;
373 key->conf.icv_len = sizeof(struct ieee80211_mmie);
374 if (seq)
375 for (j = 0; j < 6; j++)
376 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
377
378
379
380
381 key->u.aes_cmac.tfm =
382 ieee80211_aes_cmac_key_setup(key_data);
383 if (IS_ERR(key->u.aes_cmac.tfm)) {
384 err = PTR_ERR(key->u.aes_cmac.tfm);
385 kfree(key);
386 return ERR_PTR(err);
387 }
388 break;
389 }
390 memcpy(key->conf.key, key_data, key_len);
391 INIT_LIST_HEAD(&key->list);
392
393 return key;
394}
395
396static void __ieee80211_key_destroy(struct ieee80211_key *key)
397{
398 if (!key)
399 return;
400
401
402
403
404
405 synchronize_net();
406
407 if (key->local)
408 ieee80211_key_disable_hw_accel(key);
409
410 if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP)
411 ieee80211_aes_key_free(key->u.ccmp.tfm);
412 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC)
413 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
414 if (key->local) {
415 ieee80211_debugfs_key_remove(key);
416 key->sdata->crypto_tx_tailroom_needed_cnt--;
417 }
418
419 kfree(key);
420}
421
422int ieee80211_key_link(struct ieee80211_key *key,
423 struct ieee80211_sub_if_data *sdata,
424 struct sta_info *sta)
425{
426 struct ieee80211_key *old_key;
427 int idx, ret;
428 bool pairwise;
429
430 BUG_ON(!sdata);
431 BUG_ON(!key);
432
433 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
434 idx = key->conf.keyidx;
435 key->local = sdata->local;
436 key->sdata = sdata;
437 key->sta = sta;
438
439 if (sta) {
440
441
442
443
444 if (test_sta_flag(sta, WLAN_STA_WME))
445 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
446 } else {
447 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
448 struct sta_info *ap;
449
450
451
452
453
454
455
456 ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
457 if (ap) {
458 if (test_sta_flag(ap, WLAN_STA_WME))
459 key->conf.flags |=
460 IEEE80211_KEY_FLAG_WMM_STA;
461 }
462 }
463 }
464
465 mutex_lock(&sdata->local->key_mtx);
466
467 if (sta && pairwise)
468 old_key = key_mtx_dereference(sdata->local, sta->ptk);
469 else if (sta)
470 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
471 else
472 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
473
474 increment_tailroom_need_count(sdata);
475
476 __ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
477 __ieee80211_key_destroy(old_key);
478
479 ieee80211_debugfs_key_add(key);
480
481 ret = ieee80211_key_enable_hw_accel(key);
482
483 mutex_unlock(&sdata->local->key_mtx);
484
485 return ret;
486}
487
488void __ieee80211_key_free(struct ieee80211_key *key)
489{
490 if (!key)
491 return;
492
493
494
495
496 if (key->sdata)
497 __ieee80211_key_replace(key->sdata, key->sta,
498 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
499 key, NULL);
500 __ieee80211_key_destroy(key);
501}
502
503void ieee80211_key_free(struct ieee80211_local *local,
504 struct ieee80211_key *key)
505{
506 mutex_lock(&local->key_mtx);
507 __ieee80211_key_free(key);
508 mutex_unlock(&local->key_mtx);
509}
510
511void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
512{
513 struct ieee80211_key *key;
514
515 ASSERT_RTNL();
516
517 if (WARN_ON(!ieee80211_sdata_running(sdata)))
518 return;
519
520 mutex_lock(&sdata->local->key_mtx);
521
522 sdata->crypto_tx_tailroom_needed_cnt = 0;
523
524 list_for_each_entry(key, &sdata->key_list, list) {
525 increment_tailroom_need_count(sdata);
526 ieee80211_key_enable_hw_accel(key);
527 }
528
529 mutex_unlock(&sdata->local->key_mtx);
530}
531
532void ieee80211_iter_keys(struct ieee80211_hw *hw,
533 struct ieee80211_vif *vif,
534 void (*iter)(struct ieee80211_hw *hw,
535 struct ieee80211_vif *vif,
536 struct ieee80211_sta *sta,
537 struct ieee80211_key_conf *key,
538 void *data),
539 void *iter_data)
540{
541 struct ieee80211_local *local = hw_to_local(hw);
542 struct ieee80211_key *key;
543 struct ieee80211_sub_if_data *sdata;
544
545 ASSERT_RTNL();
546
547 mutex_lock(&local->key_mtx);
548 if (vif) {
549 sdata = vif_to_sdata(vif);
550 list_for_each_entry(key, &sdata->key_list, list)
551 iter(hw, &sdata->vif,
552 key->sta ? &key->sta->sta : NULL,
553 &key->conf, iter_data);
554 } else {
555 list_for_each_entry(sdata, &local->interfaces, list)
556 list_for_each_entry(key, &sdata->key_list, list)
557 iter(hw, &sdata->vif,
558 key->sta ? &key->sta->sta : NULL,
559 &key->conf, iter_data);
560 }
561 mutex_unlock(&local->key_mtx);
562}
563EXPORT_SYMBOL(ieee80211_iter_keys);
564
565void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
566{
567 struct ieee80211_key *key;
568
569 ASSERT_RTNL();
570
571 mutex_lock(&sdata->local->key_mtx);
572
573 list_for_each_entry(key, &sdata->key_list, list)
574 ieee80211_key_disable_hw_accel(key);
575
576 mutex_unlock(&sdata->local->key_mtx);
577}
578
579void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
580{
581 struct ieee80211_key *key, *tmp;
582
583 mutex_lock(&sdata->local->key_mtx);
584
585 ieee80211_debugfs_key_remove_mgmt_default(sdata);
586
587 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
588 __ieee80211_key_free(key);
589
590 ieee80211_debugfs_key_update_default(sdata);
591
592 mutex_unlock(&sdata->local->key_mtx);
593}
594
595
596void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
597 const u8 *replay_ctr, gfp_t gfp)
598{
599 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
600
601 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
602
603 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
604}
605EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
606
607void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf,
608 struct ieee80211_key_seq *seq)
609{
610 struct ieee80211_key *key;
611 u64 pn64;
612
613 if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV)))
614 return;
615
616 key = container_of(keyconf, struct ieee80211_key, conf);
617
618 switch (key->conf.cipher) {
619 case WLAN_CIPHER_SUITE_TKIP:
620 seq->tkip.iv32 = key->u.tkip.tx.iv32;
621 seq->tkip.iv16 = key->u.tkip.tx.iv16;
622 break;
623 case WLAN_CIPHER_SUITE_CCMP:
624 pn64 = atomic64_read(&key->u.ccmp.tx_pn);
625 seq->ccmp.pn[5] = pn64;
626 seq->ccmp.pn[4] = pn64 >> 8;
627 seq->ccmp.pn[3] = pn64 >> 16;
628 seq->ccmp.pn[2] = pn64 >> 24;
629 seq->ccmp.pn[1] = pn64 >> 32;
630 seq->ccmp.pn[0] = pn64 >> 40;
631 break;
632 case WLAN_CIPHER_SUITE_AES_CMAC:
633 pn64 = atomic64_read(&key->u.aes_cmac.tx_pn);
634 seq->ccmp.pn[5] = pn64;
635 seq->ccmp.pn[4] = pn64 >> 8;
636 seq->ccmp.pn[3] = pn64 >> 16;
637 seq->ccmp.pn[2] = pn64 >> 24;
638 seq->ccmp.pn[1] = pn64 >> 32;
639 seq->ccmp.pn[0] = pn64 >> 40;
640 break;
641 default:
642 WARN_ON(1);
643 }
644}
645EXPORT_SYMBOL(ieee80211_get_key_tx_seq);
646
647void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
648 int tid, struct ieee80211_key_seq *seq)
649{
650 struct ieee80211_key *key;
651 const u8 *pn;
652
653 key = container_of(keyconf, struct ieee80211_key, conf);
654
655 switch (key->conf.cipher) {
656 case WLAN_CIPHER_SUITE_TKIP:
657 if (WARN_ON(tid < 0 || tid >= NUM_RX_DATA_QUEUES))
658 return;
659 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
660 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
661 break;
662 case WLAN_CIPHER_SUITE_CCMP:
663 if (WARN_ON(tid < -1 || tid >= NUM_RX_DATA_QUEUES))
664 return;
665 if (tid < 0)
666 pn = key->u.ccmp.rx_pn[NUM_RX_DATA_QUEUES];
667 else
668 pn = key->u.ccmp.rx_pn[tid];
669 memcpy(seq->ccmp.pn, pn, CCMP_PN_LEN);
670 break;
671 case WLAN_CIPHER_SUITE_AES_CMAC:
672 if (WARN_ON(tid != 0))
673 return;
674 pn = key->u.aes_cmac.rx_pn;
675 memcpy(seq->aes_cmac.pn, pn, CMAC_PN_LEN);
676 break;
677 }
678}
679EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
680