~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/mac80211/key.c

Version: ~ [ linux-5.3-rc1 ] ~ [ linux-5.2.2 ] ~ [ linux-5.1.19 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.60 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.134 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.186 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.186 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.70 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Copyright 2002-2005, Instant802 Networks, Inc.
  3  * Copyright 2005-2006, Devicescape Software, Inc.
  4  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
  5  * Copyright 2007-2008  Johannes Berg <johannes@sipsolutions.net>
  6  * Copyright 2013-2014  Intel Mobile Communications GmbH
  7  * Copyright 2015-2017  Intel Deutschland GmbH
  8  *
  9  * This program is free software; you can redistribute it and/or modify
 10  * it under the terms of the GNU General Public License version 2 as
 11  * published by the Free Software Foundation.
 12  */
 13 
 14 #include <linux/if_ether.h>
 15 #include <linux/etherdevice.h>
 16 #include <linux/list.h>
 17 #include <linux/rcupdate.h>
 18 #include <linux/rtnetlink.h>
 19 #include <linux/slab.h>
 20 #include <linux/export.h>
 21 #include <net/mac80211.h>
 22 #include <crypto/algapi.h>
 23 #include <asm/unaligned.h>
 24 #include "ieee80211_i.h"
 25 #include "driver-ops.h"
 26 #include "debugfs_key.h"
 27 #include "aes_ccm.h"
 28 #include "aes_cmac.h"
 29 #include "aes_gmac.h"
 30 #include "aes_gcm.h"
 31 
 32 
 33 /**
 34  * DOC: Key handling basics
 35  *
 36  * Key handling in mac80211 is done based on per-interface (sub_if_data)
 37  * keys and per-station keys. Since each station belongs to an interface,
 38  * each station key also belongs to that interface.
 39  *
 40  * Hardware acceleration is done on a best-effort basis for algorithms
 41  * that are implemented in software,  for each key the hardware is asked
 42  * to enable that key for offloading but if it cannot do that the key is
 43  * simply kept for software encryption (unless it is for an algorithm
 44  * that isn't implemented in software).
 45  * There is currently no way of knowing whether a key is handled in SW
 46  * or HW except by looking into debugfs.
 47  *
 48  * All key management is internally protected by a mutex. Within all
 49  * other parts of mac80211, key references are, just as STA structure
 50  * references, protected by RCU. Note, however, that some things are
 51  * unprotected, namely the key->sta dereferences within the hardware
 52  * acceleration functions. This means that sta_info_destroy() must
 53  * remove the key which waits for an RCU grace period.
 54  */
 55 
 56 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
 57 
 58 static void assert_key_lock(struct ieee80211_local *local)
 59 {
 60         lockdep_assert_held(&local->key_mtx);
 61 }
 62 
 63 static void
 64 update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
 65 {
 66         struct ieee80211_sub_if_data *vlan;
 67 
 68         if (sdata->vif.type != NL80211_IFTYPE_AP)
 69                 return;
 70 
 71         /* crypto_tx_tailroom_needed_cnt is protected by this */
 72         assert_key_lock(sdata->local);
 73 
 74         rcu_read_lock();
 75 
 76         list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
 77                 vlan->crypto_tx_tailroom_needed_cnt += delta;
 78 
 79         rcu_read_unlock();
 80 }
 81 
 82 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
 83 {
 84         /*
 85          * When this count is zero, SKB resizing for allocating tailroom
 86          * for IV or MMIC is skipped. But, this check has created two race
 87          * cases in xmit path while transiting from zero count to one:
 88          *
 89          * 1. SKB resize was skipped because no key was added but just before
 90          * the xmit key is added and SW encryption kicks off.
 91          *
 92          * 2. SKB resize was skipped because all the keys were hw planted but
 93          * just before xmit one of the key is deleted and SW encryption kicks
 94          * off.
 95          *
 96          * In both the above case SW encryption will find not enough space for
 97          * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
 98          *
 99          * Solution has been explained at
100          * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
101          */
102 
103         assert_key_lock(sdata->local);
104 
105         update_vlan_tailroom_need_count(sdata, 1);
106 
107         if (!sdata->crypto_tx_tailroom_needed_cnt++) {
108                 /*
109                  * Flush all XMIT packets currently using HW encryption or no
110                  * encryption at all if the count transition is from 0 -> 1.
111                  */
112                 synchronize_net();
113         }
114 }
115 
116 static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
117                                          int delta)
118 {
119         assert_key_lock(sdata->local);
120 
121         WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
122 
123         update_vlan_tailroom_need_count(sdata, -delta);
124         sdata->crypto_tx_tailroom_needed_cnt -= delta;
125 }
126 
127 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
128 {
129         struct ieee80211_sub_if_data *sdata = key->sdata;
130         struct sta_info *sta;
131         int ret = -EOPNOTSUPP;
132 
133         might_sleep();
134 
135         if (key->flags & KEY_FLAG_TAINTED) {
136                 /* If we get here, it's during resume and the key is
137                  * tainted so shouldn't be used/programmed any more.
138                  * However, its flags may still indicate that it was
139                  * programmed into the device (since we're in resume)
140                  * so clear that flag now to avoid trying to remove
141                  * it again later.
142                  */
143                 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
144                 return -EINVAL;
145         }
146 
147         if (!key->local->ops->set_key)
148                 goto out_unsupported;
149 
150         assert_key_lock(key->local);
151 
152         sta = key->sta;
153 
154         /*
155          * If this is a per-STA GTK, check if it
156          * is supported; if not, return.
157          */
158         if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
159             !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
160                 goto out_unsupported;
161 
162         if (sta && !sta->uploaded)
163                 goto out_unsupported;
164 
165         if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
166                 /*
167                  * The driver doesn't know anything about VLAN interfaces.
168                  * Hence, don't send GTKs for VLAN interfaces to the driver.
169                  */
170                 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
171                         ret = 1;
172                         goto out_unsupported;
173                 }
174         }
175 
176         ret = drv_set_key(key->local, SET_KEY, sdata,
177                           sta ? &sta->sta : NULL, &key->conf);
178 
179         if (!ret) {
180                 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
181 
182                 if (!((key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
183                                            IEEE80211_KEY_FLAG_PUT_MIC_SPACE)) ||
184                       (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
185                         decrease_tailroom_need_count(sdata, 1);
186 
187                 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
188                         (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
189 
190                 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
191                         (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
192 
193                 return 0;
194         }
195 
196         if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
197                 sdata_err(sdata,
198                           "failed to set key (%d, %pM) to hardware (%d)\n",
199                           key->conf.keyidx,
200                           sta ? sta->sta.addr : bcast_addr, ret);
201 
202  out_unsupported:
203         switch (key->conf.cipher) {
204         case WLAN_CIPHER_SUITE_WEP40:
205         case WLAN_CIPHER_SUITE_WEP104:
206         case WLAN_CIPHER_SUITE_TKIP:
207         case WLAN_CIPHER_SUITE_CCMP:
208         case WLAN_CIPHER_SUITE_CCMP_256:
209         case WLAN_CIPHER_SUITE_AES_CMAC:
210         case WLAN_CIPHER_SUITE_BIP_CMAC_256:
211         case WLAN_CIPHER_SUITE_BIP_GMAC_128:
212         case WLAN_CIPHER_SUITE_BIP_GMAC_256:
213         case WLAN_CIPHER_SUITE_GCMP:
214         case WLAN_CIPHER_SUITE_GCMP_256:
215                 /* all of these we can do in software - if driver can */
216                 if (ret == 1)
217                         return 0;
218                 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
219                         return -EINVAL;
220                 return 0;
221         default:
222                 return -EINVAL;
223         }
224 }
225 
226 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
227 {
228         struct ieee80211_sub_if_data *sdata;
229         struct sta_info *sta;
230         int ret;
231 
232         might_sleep();
233 
234         if (!key || !key->local->ops->set_key)
235                 return;
236 
237         assert_key_lock(key->local);
238 
239         if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
240                 return;
241 
242         sta = key->sta;
243         sdata = key->sdata;
244 
245         if (!((key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
246                                    IEEE80211_KEY_FLAG_PUT_MIC_SPACE)) ||
247               (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
248                 increment_tailroom_need_count(sdata);
249 
250         key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
251         ret = drv_set_key(key->local, DISABLE_KEY, sdata,
252                           sta ? &sta->sta : NULL, &key->conf);
253 
254         if (ret)
255                 sdata_err(sdata,
256                           "failed to remove key (%d, %pM) from hardware (%d)\n",
257                           key->conf.keyidx,
258                           sta ? sta->sta.addr : bcast_addr, ret);
259 }
260 
261 static int ieee80211_hw_key_replace(struct ieee80211_key *old_key,
262                                     struct ieee80211_key *new_key,
263                                     bool ptk0rekey)
264 {
265         struct ieee80211_sub_if_data *sdata;
266         struct ieee80211_local *local;
267         struct sta_info *sta;
268         int ret;
269 
270         /* Aggregation sessions are OK when running on SW crypto.
271          * A broken remote STA may cause issues not observed with HW
272          * crypto, though.
273          */
274         if (!(old_key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
275                 return 0;
276 
277         assert_key_lock(old_key->local);
278         sta = old_key->sta;
279 
280         /* PTK only using key ID 0 needs special handling on rekey */
281         if (new_key && sta && ptk0rekey) {
282                 local = old_key->local;
283                 sdata = old_key->sdata;
284 
285                 /* Stop TX till we are on the new key */
286                 old_key->flags |= KEY_FLAG_TAINTED;
287                 ieee80211_clear_fast_xmit(sta);
288 
289                 /* Aggregation sessions during rekey are complicated due to the
290                  * reorder buffer and retransmits. Side step that by blocking
291                  * aggregation during rekey and tear down running sessions.
292                  */
293                 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
294                         set_sta_flag(sta, WLAN_STA_BLOCK_BA);
295                         ieee80211_sta_tear_down_BA_sessions(sta,
296                                                             AGG_STOP_LOCAL_REQUEST);
297                 }
298 
299                 if (!wiphy_ext_feature_isset(local->hw.wiphy,
300                                              NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
301                         pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
302                                             sta->sta.addr);
303                         /* Flushing the driver queues *may* help prevent
304                          * the clear text leaks and freezes.
305                          */
306                         ieee80211_flush_queues(local, sdata, false);
307                 }
308         }
309 
310         ieee80211_key_disable_hw_accel(old_key);
311 
312         if (new_key)
313                 ret = ieee80211_key_enable_hw_accel(new_key);
314         else
315                 ret = 0;
316 
317         return ret;
318 }
319 
320 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
321                                         int idx, bool uni, bool multi)
322 {
323         struct ieee80211_key *key = NULL;
324 
325         assert_key_lock(sdata->local);
326 
327         if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
328                 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
329 
330         if (uni) {
331                 rcu_assign_pointer(sdata->default_unicast_key, key);
332                 ieee80211_check_fast_xmit_iface(sdata);
333                 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
334                         drv_set_default_unicast_key(sdata->local, sdata, idx);
335         }
336 
337         if (multi)
338                 rcu_assign_pointer(sdata->default_multicast_key, key);
339 
340         ieee80211_debugfs_key_update_default(sdata);
341 }
342 
343 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
344                                bool uni, bool multi)
345 {
346         mutex_lock(&sdata->local->key_mtx);
347         __ieee80211_set_default_key(sdata, idx, uni, multi);
348         mutex_unlock(&sdata->local->key_mtx);
349 }
350 
351 static void
352 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
353 {
354         struct ieee80211_key *key = NULL;
355 
356         assert_key_lock(sdata->local);
357 
358         if (idx >= NUM_DEFAULT_KEYS &&
359             idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
360                 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
361 
362         rcu_assign_pointer(sdata->default_mgmt_key, key);
363 
364         ieee80211_debugfs_key_update_default(sdata);
365 }
366 
367 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
368                                     int idx)
369 {
370         mutex_lock(&sdata->local->key_mtx);
371         __ieee80211_set_default_mgmt_key(sdata, idx);
372         mutex_unlock(&sdata->local->key_mtx);
373 }
374 
375 
376 static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
377                                   struct sta_info *sta,
378                                   bool pairwise,
379                                   struct ieee80211_key *old,
380                                   struct ieee80211_key *new)
381 {
382         int idx;
383         int ret;
384         bool defunikey, defmultikey, defmgmtkey;
385 
386         /* caller must provide at least one old/new */
387         if (WARN_ON(!new && !old))
388                 return 0;
389 
390         if (new)
391                 list_add_tail_rcu(&new->list, &sdata->key_list);
392 
393         WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
394 
395         if (old) {
396                 idx = old->conf.keyidx;
397                 /* TODO: proper implement and test "Extended Key ID for
398                  * Individually Addressed Frames" from IEEE 802.11-2016.
399                  * Till then always assume only key ID 0 is used for
400                  * pairwise keys.*/
401                 ret = ieee80211_hw_key_replace(old, new, pairwise);
402         } else {
403                 /* new must be provided in case old is not */
404                 idx = new->conf.keyidx;
405                 if (!new->local->wowlan)
406                         ret = ieee80211_key_enable_hw_accel(new);
407                 else
408                         ret = 0;
409         }
410 
411         if (ret)
412                 return ret;
413 
414         if (sta) {
415                 if (pairwise) {
416                         rcu_assign_pointer(sta->ptk[idx], new);
417                         sta->ptk_idx = idx;
418                         if (new) {
419                                 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
420                                 ieee80211_check_fast_xmit(sta);
421                         }
422                 } else {
423                         rcu_assign_pointer(sta->gtk[idx], new);
424                 }
425                 if (new)
426                         ieee80211_check_fast_rx(sta);
427         } else {
428                 defunikey = old &&
429                         old == key_mtx_dereference(sdata->local,
430                                                 sdata->default_unicast_key);
431                 defmultikey = old &&
432                         old == key_mtx_dereference(sdata->local,
433                                                 sdata->default_multicast_key);
434                 defmgmtkey = old &&
435                         old == key_mtx_dereference(sdata->local,
436                                                 sdata->default_mgmt_key);
437 
438                 if (defunikey && !new)
439                         __ieee80211_set_default_key(sdata, -1, true, false);
440                 if (defmultikey && !new)
441                         __ieee80211_set_default_key(sdata, -1, false, true);
442                 if (defmgmtkey && !new)
443                         __ieee80211_set_default_mgmt_key(sdata, -1);
444 
445                 rcu_assign_pointer(sdata->keys[idx], new);
446                 if (defunikey && new)
447                         __ieee80211_set_default_key(sdata, new->conf.keyidx,
448                                                     true, false);
449                 if (defmultikey && new)
450                         __ieee80211_set_default_key(sdata, new->conf.keyidx,
451                                                     false, true);
452                 if (defmgmtkey && new)
453                         __ieee80211_set_default_mgmt_key(sdata,
454                                                          new->conf.keyidx);
455         }
456 
457         if (old)
458                 list_del_rcu(&old->list);
459 
460         return 0;
461 }
462 
463 struct ieee80211_key *
464 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
465                     const u8 *key_data,
466                     size_t seq_len, const u8 *seq,
467                     const struct ieee80211_cipher_scheme *cs)
468 {
469         struct ieee80211_key *key;
470         int i, j, err;
471 
472         if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS))
473                 return ERR_PTR(-EINVAL);
474 
475         key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
476         if (!key)
477                 return ERR_PTR(-ENOMEM);
478 
479         /*
480          * Default to software encryption; we'll later upload the
481          * key to the hardware if possible.
482          */
483         key->conf.flags = 0;
484         key->flags = 0;
485 
486         key->conf.cipher = cipher;
487         key->conf.keyidx = idx;
488         key->conf.keylen = key_len;
489         switch (cipher) {
490         case WLAN_CIPHER_SUITE_WEP40:
491         case WLAN_CIPHER_SUITE_WEP104:
492                 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
493                 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
494                 break;
495         case WLAN_CIPHER_SUITE_TKIP:
496                 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
497                 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
498                 if (seq) {
499                         for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
500                                 key->u.tkip.rx[i].iv32 =
501                                         get_unaligned_le32(&seq[2]);
502                                 key->u.tkip.rx[i].iv16 =
503                                         get_unaligned_le16(seq);
504                         }
505                 }
506                 spin_lock_init(&key->u.tkip.txlock);
507                 break;
508         case WLAN_CIPHER_SUITE_CCMP:
509                 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
510                 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
511                 if (seq) {
512                         for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
513                                 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
514                                         key->u.ccmp.rx_pn[i][j] =
515                                                 seq[IEEE80211_CCMP_PN_LEN - j - 1];
516                 }
517                 /*
518                  * Initialize AES key state here as an optimization so that
519                  * it does not need to be initialized for every packet.
520                  */
521                 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
522                         key_data, key_len, IEEE80211_CCMP_MIC_LEN);
523                 if (IS_ERR(key->u.ccmp.tfm)) {
524                         err = PTR_ERR(key->u.ccmp.tfm);
525                         kfree(key);
526                         return ERR_PTR(err);
527                 }
528                 break;
529         case WLAN_CIPHER_SUITE_CCMP_256:
530                 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
531                 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
532                 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
533                         for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
534                                 key->u.ccmp.rx_pn[i][j] =
535                                         seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
536                 /* Initialize AES key state here as an optimization so that
537                  * it does not need to be initialized for every packet.
538                  */
539                 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
540                         key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
541                 if (IS_ERR(key->u.ccmp.tfm)) {
542                         err = PTR_ERR(key->u.ccmp.tfm);
543                         kfree(key);
544                         return ERR_PTR(err);
545                 }
546                 break;
547         case WLAN_CIPHER_SUITE_AES_CMAC:
548         case WLAN_CIPHER_SUITE_BIP_CMAC_256:
549                 key->conf.iv_len = 0;
550                 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
551                         key->conf.icv_len = sizeof(struct ieee80211_mmie);
552                 else
553                         key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
554                 if (seq)
555                         for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
556                                 key->u.aes_cmac.rx_pn[j] =
557                                         seq[IEEE80211_CMAC_PN_LEN - j - 1];
558                 /*
559                  * Initialize AES key state here as an optimization so that
560                  * it does not need to be initialized for every packet.
561                  */
562                 key->u.aes_cmac.tfm =
563                         ieee80211_aes_cmac_key_setup(key_data, key_len);
564                 if (IS_ERR(key->u.aes_cmac.tfm)) {
565                         err = PTR_ERR(key->u.aes_cmac.tfm);
566                         kfree(key);
567                         return ERR_PTR(err);
568                 }
569                 break;
570         case WLAN_CIPHER_SUITE_BIP_GMAC_128:
571         case WLAN_CIPHER_SUITE_BIP_GMAC_256:
572                 key->conf.iv_len = 0;
573                 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
574                 if (seq)
575                         for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
576                                 key->u.aes_gmac.rx_pn[j] =
577                                         seq[IEEE80211_GMAC_PN_LEN - j - 1];
578                 /* Initialize AES key state here as an optimization so that
579                  * it does not need to be initialized for every packet.
580                  */
581                 key->u.aes_gmac.tfm =
582                         ieee80211_aes_gmac_key_setup(key_data, key_len);
583                 if (IS_ERR(key->u.aes_gmac.tfm)) {
584                         err = PTR_ERR(key->u.aes_gmac.tfm);
585                         kfree(key);
586                         return ERR_PTR(err);
587                 }
588                 break;
589         case WLAN_CIPHER_SUITE_GCMP:
590         case WLAN_CIPHER_SUITE_GCMP_256:
591                 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
592                 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
593                 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
594                         for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
595                                 key->u.gcmp.rx_pn[i][j] =
596                                         seq[IEEE80211_GCMP_PN_LEN - j - 1];
597                 /* Initialize AES key state here as an optimization so that
598                  * it does not need to be initialized for every packet.
599                  */
600                 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
601                                                                       key_len);
602                 if (IS_ERR(key->u.gcmp.tfm)) {
603                         err = PTR_ERR(key->u.gcmp.tfm);
604                         kfree(key);
605                         return ERR_PTR(err);
606                 }
607                 break;
608         default:
609                 if (cs) {
610                         if (seq_len && seq_len != cs->pn_len) {
611                                 kfree(key);
612                                 return ERR_PTR(-EINVAL);
613                         }
614 
615                         key->conf.iv_len = cs->hdr_len;
616                         key->conf.icv_len = cs->mic_len;
617                         for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
618                                 for (j = 0; j < seq_len; j++)
619                                         key->u.gen.rx_pn[i][j] =
620                                                         seq[seq_len - j - 1];
621                         key->flags |= KEY_FLAG_CIPHER_SCHEME;
622                 }
623         }
624         memcpy(key->conf.key, key_data, key_len);
625         INIT_LIST_HEAD(&key->list);
626 
627         return key;
628 }
629 
630 static void ieee80211_key_free_common(struct ieee80211_key *key)
631 {
632         switch (key->conf.cipher) {
633         case WLAN_CIPHER_SUITE_CCMP:
634         case WLAN_CIPHER_SUITE_CCMP_256:
635                 ieee80211_aes_key_free(key->u.ccmp.tfm);
636                 break;
637         case WLAN_CIPHER_SUITE_AES_CMAC:
638         case WLAN_CIPHER_SUITE_BIP_CMAC_256:
639                 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
640                 break;
641         case WLAN_CIPHER_SUITE_BIP_GMAC_128:
642         case WLAN_CIPHER_SUITE_BIP_GMAC_256:
643                 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
644                 break;
645         case WLAN_CIPHER_SUITE_GCMP:
646         case WLAN_CIPHER_SUITE_GCMP_256:
647                 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
648                 break;
649         }
650         kzfree(key);
651 }
652 
653 static void __ieee80211_key_destroy(struct ieee80211_key *key,
654                                     bool delay_tailroom)
655 {
656         if (key->local) {
657                 struct ieee80211_sub_if_data *sdata = key->sdata;
658 
659                 ieee80211_debugfs_key_remove(key);
660 
661                 if (delay_tailroom) {
662                         /* see ieee80211_delayed_tailroom_dec */
663                         sdata->crypto_tx_tailroom_pending_dec++;
664                         schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
665                                               HZ/2);
666                 } else {
667                         decrease_tailroom_need_count(sdata, 1);
668                 }
669         }
670 
671         ieee80211_key_free_common(key);
672 }
673 
674 static void ieee80211_key_destroy(struct ieee80211_key *key,
675                                   bool delay_tailroom)
676 {
677         if (!key)
678                 return;
679 
680         /*
681          * Synchronize so the TX path and rcu key iterators
682          * can no longer be using this key before we free/remove it.
683          */
684         synchronize_net();
685 
686         __ieee80211_key_destroy(key, delay_tailroom);
687 }
688 
689 void ieee80211_key_free_unused(struct ieee80211_key *key)
690 {
691         WARN_ON(key->sdata || key->local);
692         ieee80211_key_free_common(key);
693 }
694 
695 static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
696                                     struct ieee80211_key *old,
697                                     struct ieee80211_key *new)
698 {
699         u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
700         u8 *tk_old, *tk_new;
701 
702         if (!old || new->conf.keylen != old->conf.keylen)
703                 return false;
704 
705         tk_old = old->conf.key;
706         tk_new = new->conf.key;
707 
708         /*
709          * In station mode, don't compare the TX MIC key, as it's never used
710          * and offloaded rekeying may not care to send it to the host. This
711          * is the case in iwlwifi, for example.
712          */
713         if (sdata->vif.type == NL80211_IFTYPE_STATION &&
714             new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
715             new->conf.keylen == WLAN_KEY_LEN_TKIP &&
716             !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
717                 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
718                 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
719                 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
720                 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
721                 tk_old = tkip_old;
722                 tk_new = tkip_new;
723         }
724 
725         return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
726 }
727 
728 int ieee80211_key_link(struct ieee80211_key *key,
729                        struct ieee80211_sub_if_data *sdata,
730                        struct sta_info *sta)
731 {
732         struct ieee80211_key *old_key;
733         int idx = key->conf.keyidx;
734         bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
735         /*
736          * We want to delay tailroom updates only for station - in that
737          * case it helps roaming speed, but in other cases it hurts and
738          * can cause warnings to appear.
739          */
740         bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
741         int ret;
742 
743         mutex_lock(&sdata->local->key_mtx);
744 
745         if (sta && pairwise)
746                 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
747         else if (sta)
748                 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
749         else
750                 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
751 
752         /*
753          * Silently accept key re-installation without really installing the
754          * new version of the key to avoid nonce reuse or replay issues.
755          */
756         if (ieee80211_key_identical(sdata, old_key, key)) {
757                 ieee80211_key_free_unused(key);
758                 ret = 0;
759                 goto out;
760         }
761 
762         key->local = sdata->local;
763         key->sdata = sdata;
764         key->sta = sta;
765 
766         increment_tailroom_need_count(sdata);
767 
768         ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
769 
770         if (!ret) {
771                 ieee80211_debugfs_key_add(key);
772                 ieee80211_key_destroy(old_key, delay_tailroom);
773         } else {
774                 ieee80211_key_free(key, delay_tailroom);
775         }
776 
777  out:
778         mutex_unlock(&sdata->local->key_mtx);
779 
780         return ret;
781 }
782 
783 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
784 {
785         if (!key)
786                 return;
787 
788         /*
789          * Replace key with nothingness if it was ever used.
790          */
791         if (key->sdata)
792                 ieee80211_key_replace(key->sdata, key->sta,
793                                 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
794                                 key, NULL);
795         ieee80211_key_destroy(key, delay_tailroom);
796 }
797 
798 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
799 {
800         struct ieee80211_key *key;
801         struct ieee80211_sub_if_data *vlan;
802 
803         ASSERT_RTNL();
804 
805         if (WARN_ON(!ieee80211_sdata_running(sdata)))
806                 return;
807 
808         mutex_lock(&sdata->local->key_mtx);
809 
810         WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
811                      sdata->crypto_tx_tailroom_pending_dec);
812 
813         if (sdata->vif.type == NL80211_IFTYPE_AP) {
814                 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
815                         WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
816                                      vlan->crypto_tx_tailroom_pending_dec);
817         }
818 
819         list_for_each_entry(key, &sdata->key_list, list) {
820                 increment_tailroom_need_count(sdata);
821                 ieee80211_key_enable_hw_accel(key);
822         }
823 
824         mutex_unlock(&sdata->local->key_mtx);
825 }
826 
827 void ieee80211_reset_crypto_tx_tailroom(struct ieee80211_sub_if_data *sdata)
828 {
829         struct ieee80211_sub_if_data *vlan;
830 
831         mutex_lock(&sdata->local->key_mtx);
832 
833         sdata->crypto_tx_tailroom_needed_cnt = 0;
834 
835         if (sdata->vif.type == NL80211_IFTYPE_AP) {
836                 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
837                         vlan->crypto_tx_tailroom_needed_cnt = 0;
838         }
839 
840         mutex_unlock(&sdata->local->key_mtx);
841 }
842 
843 void ieee80211_iter_keys(struct ieee80211_hw *hw,
844                          struct ieee80211_vif *vif,
845                          void (*iter)(struct ieee80211_hw *hw,
846                                       struct ieee80211_vif *vif,
847                                       struct ieee80211_sta *sta,
848                                       struct ieee80211_key_conf *key,
849                                       void *data),
850                          void *iter_data)
851 {
852         struct ieee80211_local *local = hw_to_local(hw);
853         struct ieee80211_key *key, *tmp;
854         struct ieee80211_sub_if_data *sdata;
855 
856         ASSERT_RTNL();
857 
858         mutex_lock(&local->key_mtx);
859         if (vif) {
860                 sdata = vif_to_sdata(vif);
861                 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
862                         iter(hw, &sdata->vif,
863                              key->sta ? &key->sta->sta : NULL,
864                              &key->conf, iter_data);
865         } else {
866                 list_for_each_entry(sdata, &local->interfaces, list)
867                         list_for_each_entry_safe(key, tmp,
868                                                  &sdata->key_list, list)
869                                 iter(hw, &sdata->vif,
870                                      key->sta ? &key->sta->sta : NULL,
871                                      &key->conf, iter_data);
872         }
873         mutex_unlock(&local->key_mtx);
874 }
875 EXPORT_SYMBOL(ieee80211_iter_keys);
876 
877 static void
878 _ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
879                          struct ieee80211_sub_if_data *sdata,
880                          void (*iter)(struct ieee80211_hw *hw,
881                                       struct ieee80211_vif *vif,
882                                       struct ieee80211_sta *sta,
883                                       struct ieee80211_key_conf *key,
884                                       void *data),
885                          void *iter_data)
886 {
887         struct ieee80211_key *key;
888 
889         list_for_each_entry_rcu(key, &sdata->key_list, list) {
890                 /* skip keys of station in removal process */
891                 if (key->sta && key->sta->removed)
892                         continue;
893                 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
894                         continue;
895 
896                 iter(hw, &sdata->vif,
897                      key->sta ? &key->sta->sta : NULL,
898                      &key->conf, iter_data);
899         }
900 }
901 
902 void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
903                              struct ieee80211_vif *vif,
904                              void (*iter)(struct ieee80211_hw *hw,
905                                           struct ieee80211_vif *vif,
906                                           struct ieee80211_sta *sta,
907                                           struct ieee80211_key_conf *key,
908                                           void *data),
909                              void *iter_data)
910 {
911         struct ieee80211_local *local = hw_to_local(hw);
912         struct ieee80211_sub_if_data *sdata;
913 
914         if (vif) {
915                 sdata = vif_to_sdata(vif);
916                 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
917         } else {
918                 list_for_each_entry_rcu(sdata, &local->interfaces, list)
919                         _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
920         }
921 }
922 EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
923 
924 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
925                                       struct list_head *keys)
926 {
927         struct ieee80211_key *key, *tmp;
928 
929         decrease_tailroom_need_count(sdata,
930                                      sdata->crypto_tx_tailroom_pending_dec);
931         sdata->crypto_tx_tailroom_pending_dec = 0;
932 
933         ieee80211_debugfs_key_remove_mgmt_default(sdata);
934 
935         list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
936                 ieee80211_key_replace(key->sdata, key->sta,
937                                 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
938                                 key, NULL);
939                 list_add_tail(&key->list, keys);
940         }
941 
942         ieee80211_debugfs_key_update_default(sdata);
943 }
944 
945 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
946                          bool force_synchronize)
947 {
948         struct ieee80211_local *local = sdata->local;
949         struct ieee80211_sub_if_data *vlan;
950         struct ieee80211_sub_if_data *master;
951         struct ieee80211_key *key, *tmp;
952         LIST_HEAD(keys);
953 
954         cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
955 
956         mutex_lock(&local->key_mtx);
957 
958         ieee80211_free_keys_iface(sdata, &keys);
959 
960         if (sdata->vif.type == NL80211_IFTYPE_AP) {
961                 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
962                         ieee80211_free_keys_iface(vlan, &keys);
963         }
964 
965         if (!list_empty(&keys) || force_synchronize)
966                 synchronize_net();
967         list_for_each_entry_safe(key, tmp, &keys, list)
968                 __ieee80211_key_destroy(key, false);
969 
970         if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
971                 if (sdata->bss) {
972                         master = container_of(sdata->bss,
973                                               struct ieee80211_sub_if_data,
974                                               u.ap);
975 
976                         WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
977                                      master->crypto_tx_tailroom_needed_cnt);
978                 }
979         } else {
980                 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
981                              sdata->crypto_tx_tailroom_pending_dec);
982         }
983 
984         if (sdata->vif.type == NL80211_IFTYPE_AP) {
985                 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
986                         WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
987                                      vlan->crypto_tx_tailroom_pending_dec);
988         }
989 
990         mutex_unlock(&local->key_mtx);
991 }
992 
993 void ieee80211_free_sta_keys(struct ieee80211_local *local,
994                              struct sta_info *sta)
995 {
996         struct ieee80211_key *key;
997         int i;
998 
999         mutex_lock(&local->key_mtx);
1000         for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
1001                 key = key_mtx_dereference(local, sta->gtk[i]);
1002                 if (!key)
1003                         continue;
1004                 ieee80211_key_replace(key->sdata, key->sta,
1005                                 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1006                                 key, NULL);
1007                 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1008                                         NL80211_IFTYPE_STATION);
1009         }
1010 
1011         for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1012                 key = key_mtx_dereference(local, sta->ptk[i]);
1013                 if (!key)
1014                         continue;
1015                 ieee80211_key_replace(key->sdata, key->sta,
1016                                 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1017                                 key, NULL);
1018                 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1019                                         NL80211_IFTYPE_STATION);
1020         }
1021 
1022         mutex_unlock(&local->key_mtx);
1023 }
1024 
1025 void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
1026 {
1027         struct ieee80211_sub_if_data *sdata;
1028 
1029         sdata = container_of(wk, struct ieee80211_sub_if_data,
1030                              dec_tailroom_needed_wk.work);
1031 
1032         /*
1033          * The reason for the delayed tailroom needed decrementing is to
1034          * make roaming faster: during roaming, all keys are first deleted
1035          * and then new keys are installed. The first new key causes the
1036          * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1037          * the cost of synchronize_net() (which can be slow). Avoid this
1038          * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1039          * key removal for a while, so if we roam the value is larger than
1040          * zero and no 0->1 transition happens.
1041          *
1042          * The cost is that if the AP switching was from an AP with keys
1043          * to one without, we still allocate tailroom while it would no
1044          * longer be needed. However, in the typical (fast) roaming case
1045          * within an ESS this usually won't happen.
1046          */
1047 
1048         mutex_lock(&sdata->local->key_mtx);
1049         decrease_tailroom_need_count(sdata,
1050                                      sdata->crypto_tx_tailroom_pending_dec);
1051         sdata->crypto_tx_tailroom_pending_dec = 0;
1052         mutex_unlock(&sdata->local->key_mtx);
1053 }
1054 
1055 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1056                                 const u8 *replay_ctr, gfp_t gfp)
1057 {
1058         struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1059 
1060         trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1061 
1062         cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1063 }
1064 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1065 
1066 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1067                               int tid, struct ieee80211_key_seq *seq)
1068 {
1069         struct ieee80211_key *key;
1070         const u8 *pn;
1071 
1072         key = container_of(keyconf, struct ieee80211_key, conf);
1073 
1074         switch (key->conf.cipher) {
1075         case WLAN_CIPHER_SUITE_TKIP:
1076                 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1077                         return;
1078                 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1079                 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1080                 break;
1081         case WLAN_CIPHER_SUITE_CCMP:
1082         case WLAN_CIPHER_SUITE_CCMP_256:
1083                 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1084                         return;
1085                 if (tid < 0)
1086                         pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1087                 else
1088                         pn = key->u.ccmp.rx_pn[tid];
1089                 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1090                 break;
1091         case WLAN_CIPHER_SUITE_AES_CMAC:
1092         case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1093                 if (WARN_ON(tid != 0))
1094                         return;
1095                 pn = key->u.aes_cmac.rx_pn;
1096                 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1097                 break;
1098         case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1099         case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1100                 if (WARN_ON(tid != 0))
1101                         return;
1102                 pn = key->u.aes_gmac.rx_pn;
1103                 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1104                 break;
1105         case WLAN_CIPHER_SUITE_GCMP:
1106         case WLAN_CIPHER_SUITE_GCMP_256:
1107                 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1108                         return;
1109                 if (tid < 0)
1110                         pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1111                 else
1112                         pn = key->u.gcmp.rx_pn[tid];
1113                 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1114                 break;
1115         }
1116 }
1117 EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1118 
1119 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1120                               int tid, struct ieee80211_key_seq *seq)
1121 {
1122         struct ieee80211_key *key;
1123         u8 *pn;
1124 
1125         key = container_of(keyconf, struct ieee80211_key, conf);
1126 
1127         switch (key->conf.cipher) {
1128         case WLAN_CIPHER_SUITE_TKIP:
1129                 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1130                         return;
1131                 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1132                 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1133                 break;
1134         case WLAN_CIPHER_SUITE_CCMP:
1135         case WLAN_CIPHER_SUITE_CCMP_256:
1136                 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1137                         return;
1138                 if (tid < 0)
1139                         pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1140                 else
1141                         pn = key->u.ccmp.rx_pn[tid];
1142                 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1143                 break;
1144         case WLAN_CIPHER_SUITE_AES_CMAC:
1145         case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1146                 if (WARN_ON(tid != 0))
1147                         return;
1148                 pn = key->u.aes_cmac.rx_pn;
1149                 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1150                 break;
1151         case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1152         case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1153                 if (WARN_ON(tid != 0))
1154                         return;
1155                 pn = key->u.aes_gmac.rx_pn;
1156                 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1157                 break;
1158         case WLAN_CIPHER_SUITE_GCMP:
1159         case WLAN_CIPHER_SUITE_GCMP_256:
1160                 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1161                         return;
1162                 if (tid < 0)
1163                         pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1164                 else
1165                         pn = key->u.gcmp.rx_pn[tid];
1166                 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1167                 break;
1168         default:
1169                 WARN_ON(1);
1170                 break;
1171         }
1172 }
1173 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1174 
1175 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1176 {
1177         struct ieee80211_key *key;
1178 
1179         key = container_of(keyconf, struct ieee80211_key, conf);
1180 
1181         assert_key_lock(key->local);
1182 
1183         /*
1184          * if key was uploaded, we assume the driver will/has remove(d)
1185          * it, so adjust bookkeeping accordingly
1186          */
1187         if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1188                 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1189 
1190                 if (!((key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1191                                            IEEE80211_KEY_FLAG_PUT_MIC_SPACE)) ||
1192                       (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1193                         increment_tailroom_need_count(key->sdata);
1194         }
1195 
1196         ieee80211_key_free(key, false);
1197 }
1198 EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1199 
1200 struct ieee80211_key_conf *
1201 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1202                         struct ieee80211_key_conf *keyconf)
1203 {
1204         struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1205         struct ieee80211_local *local = sdata->local;
1206         struct ieee80211_key *key;
1207         int err;
1208 
1209         if (WARN_ON(!local->wowlan))
1210                 return ERR_PTR(-EINVAL);
1211 
1212         if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1213                 return ERR_PTR(-EINVAL);
1214 
1215         key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1216                                   keyconf->keylen, keyconf->key,
1217                                   0, NULL, NULL);
1218         if (IS_ERR(key))
1219                 return ERR_CAST(key);
1220 
1221         if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1222                 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1223 
1224         err = ieee80211_key_link(key, sdata, NULL);
1225         if (err)
1226                 return ERR_PTR(err);
1227 
1228         return &key->conf;
1229 }
1230 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1231 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp