1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright 2015-2017 Intel Deutschland GmbH
9 * Copyright 2018-2020 Intel Corporation
12 #include <linux/if_ether.h>
13 #include <linux/etherdevice.h>
14 #include <linux/list.h>
15 #include <linux/rcupdate.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/slab.h>
18 #include <linux/export.h>
19 #include <net/mac80211.h>
20 #include <crypto/algapi.h>
21 #include <asm/unaligned.h>
22 #include "ieee80211_i.h"
23 #include "driver-ops.h"
24 #include "debugfs_key.h"
32 * DOC: Key handling basics
34 * Key handling in mac80211 is done based on per-interface (sub_if_data)
35 * keys and per-station keys. Since each station belongs to an interface,
36 * each station key also belongs to that interface.
38 * Hardware acceleration is done on a best-effort basis for algorithms
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
41 * simply kept for software encryption (unless it is for an algorithm
42 * that isn't implemented in software).
43 * There is currently no way of knowing whether a key is handled in SW
44 * or HW except by looking into debugfs.
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
48 * references, protected by RCU. Note, however, that some things are
49 * unprotected, namely the key->sta dereferences within the hardware
50 * acceleration functions. This means that sta_info_destroy() must
51 * remove the key which waits for an RCU grace period.
54 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
56 static void assert_key_lock(struct ieee80211_local *local)
58 lockdep_assert_held(&local->key_mtx);
62 update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
64 struct ieee80211_sub_if_data *vlan;
66 if (sdata->vif.type != NL80211_IFTYPE_AP)
69 /* crypto_tx_tailroom_needed_cnt is protected by this */
70 assert_key_lock(sdata->local);
74 list_for_each_entry_rcu(vlan, &sdata->u.ap.vlans, u.vlan.list)
75 vlan->crypto_tx_tailroom_needed_cnt += delta;
80 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
83 * When this count is zero, SKB resizing for allocating tailroom
84 * for IV or MMIC is skipped. But, this check has created two race
85 * cases in xmit path while transiting from zero count to one:
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
90 * 2. SKB resize was skipped because all the keys were hw planted but
91 * just before xmit one of the key is deleted and SW encryption kicks
94 * In both the above case SW encryption will find not enough space for
95 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
97 * Solution has been explained at
98 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
101 assert_key_lock(sdata->local);
103 update_vlan_tailroom_need_count(sdata, 1);
105 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
107 * Flush all XMIT packets currently using HW encryption or no
108 * encryption at all if the count transition is from 0 -> 1.
114 static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
117 assert_key_lock(sdata->local);
119 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
121 update_vlan_tailroom_need_count(sdata, -delta);
122 sdata->crypto_tx_tailroom_needed_cnt -= delta;
125 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
127 struct ieee80211_sub_if_data *sdata = key->sdata;
128 struct sta_info *sta;
129 int ret = -EOPNOTSUPP;
133 if (key->flags & KEY_FLAG_TAINTED) {
134 /* If we get here, it's during resume and the key is
135 * tainted so shouldn't be used/programmed any more.
136 * However, its flags may still indicate that it was
137 * programmed into the device (since we're in resume)
138 * so clear that flag now to avoid trying to remove
141 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
143 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
144 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
145 increment_tailroom_need_count(sdata);
147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
151 if (!key->local->ops->set_key)
152 goto out_unsupported;
154 assert_key_lock(key->local);
159 * If this is a per-STA GTK, check if it
160 * is supported; if not, return.
162 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
163 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
164 goto out_unsupported;
166 if (sta && !sta->uploaded)
167 goto out_unsupported;
169 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
171 * The driver doesn't know anything about VLAN interfaces.
172 * Hence, don't send GTKs for VLAN interfaces to the driver.
174 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
176 goto out_unsupported;
180 ret = drv_set_key(key->local, SET_KEY, sdata,
181 sta ? &sta->sta : NULL, &key->conf);
184 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
186 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
187 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
188 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
189 decrease_tailroom_need_count(sdata, 1);
191 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
192 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
194 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
195 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
200 if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
202 "failed to set key (%d, %pM) to hardware (%d)\n",
204 sta ? sta->sta.addr : bcast_addr, ret);
207 switch (key->conf.cipher) {
208 case WLAN_CIPHER_SUITE_WEP40:
209 case WLAN_CIPHER_SUITE_WEP104:
210 case WLAN_CIPHER_SUITE_TKIP:
211 case WLAN_CIPHER_SUITE_CCMP:
212 case WLAN_CIPHER_SUITE_CCMP_256:
213 case WLAN_CIPHER_SUITE_GCMP:
214 case WLAN_CIPHER_SUITE_GCMP_256:
215 case WLAN_CIPHER_SUITE_AES_CMAC:
216 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
217 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
218 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
219 /* all of these we can do in software - if driver can */
222 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
230 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
232 struct ieee80211_sub_if_data *sdata;
233 struct sta_info *sta;
238 if (!key || !key->local->ops->set_key)
241 assert_key_lock(key->local);
243 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
249 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
250 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
251 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
252 increment_tailroom_need_count(sdata);
254 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
255 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
256 sta ? &sta->sta : NULL, &key->conf);
260 "failed to remove key (%d, %pM) from hardware (%d)\n",
262 sta ? sta->sta.addr : bcast_addr, ret);
265 static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
267 struct sta_info *sta = key->sta;
268 struct ieee80211_local *local = key->local;
270 assert_key_lock(local);
272 set_sta_flag(sta, WLAN_STA_USES_ENCRYPTION);
274 sta->ptk_idx = key->conf.keyidx;
276 if (force || !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT))
277 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
278 ieee80211_check_fast_xmit(sta);
283 int ieee80211_set_tx_key(struct ieee80211_key *key)
285 return _ieee80211_set_tx_key(key, false);
288 static void ieee80211_pairwise_rekey(struct ieee80211_key *old,
289 struct ieee80211_key *new)
291 struct ieee80211_local *local = new->local;
292 struct sta_info *sta = new->sta;
295 assert_key_lock(local);
297 if (new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX) {
298 /* Extended Key ID key install, initial one or rekey */
300 if (sta->ptk_idx != INVALID_PTK_KEYIDX &&
301 !ieee80211_hw_check(&local->hw, AMPDU_KEYBORDER_SUPPORT)) {
302 /* Aggregation Sessions with Extended Key ID must not
303 * mix MPDUs with different keyIDs within one A-MPDU.
304 * Tear down running Tx aggregation sessions and block
305 * new Rx/Tx aggregation requests during rekey to
306 * ensure there are no A-MPDUs when the driver is not
307 * supporting A-MPDU key borders. (Blocking Tx only
308 * would be sufficient but WLAN_STA_BLOCK_BA gets the
309 * job done for the few ms we need it.)
311 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
312 mutex_lock(&sta->ampdu_mlme.mtx);
313 for (i = 0; i < IEEE80211_NUM_TIDS; i++)
314 ___ieee80211_stop_tx_ba_session(sta, i,
315 AGG_STOP_LOCAL_REQUEST);
316 mutex_unlock(&sta->ampdu_mlme.mtx);
319 /* Rekey without Extended Key ID.
320 * Aggregation sessions are OK when running on SW crypto.
321 * A broken remote STA may cause issues not observed with HW
324 if (!(old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
327 /* Stop Tx till we are on the new key */
328 old->flags |= KEY_FLAG_TAINTED;
329 ieee80211_clear_fast_xmit(sta);
330 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
331 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
332 ieee80211_sta_tear_down_BA_sessions(sta,
333 AGG_STOP_LOCAL_REQUEST);
335 if (!wiphy_ext_feature_isset(local->hw.wiphy,
336 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0)) {
337 pr_warn_ratelimited("Rekeying PTK for STA %pM but driver can't safely do that.",
339 /* Flushing the driver queues *may* help prevent
340 * the clear text leaks and freezes.
342 ieee80211_flush_queues(local, old->sdata, false);
347 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
348 int idx, bool uni, bool multi)
350 struct ieee80211_key *key = NULL;
352 assert_key_lock(sdata->local);
354 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
355 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
358 rcu_assign_pointer(sdata->default_unicast_key, key);
359 ieee80211_check_fast_xmit_iface(sdata);
360 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
361 drv_set_default_unicast_key(sdata->local, sdata, idx);
365 rcu_assign_pointer(sdata->default_multicast_key, key);
367 ieee80211_debugfs_key_update_default(sdata);
370 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
371 bool uni, bool multi)
373 mutex_lock(&sdata->local->key_mtx);
374 __ieee80211_set_default_key(sdata, idx, uni, multi);
375 mutex_unlock(&sdata->local->key_mtx);
379 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
381 struct ieee80211_key *key = NULL;
383 assert_key_lock(sdata->local);
385 if (idx >= NUM_DEFAULT_KEYS &&
386 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
387 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
389 rcu_assign_pointer(sdata->default_mgmt_key, key);
391 ieee80211_debugfs_key_update_default(sdata);
394 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
397 mutex_lock(&sdata->local->key_mtx);
398 __ieee80211_set_default_mgmt_key(sdata, idx);
399 mutex_unlock(&sdata->local->key_mtx);
403 __ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata, int idx)
405 struct ieee80211_key *key = NULL;
407 assert_key_lock(sdata->local);
409 if (idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS &&
410 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
411 NUM_DEFAULT_BEACON_KEYS)
412 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
414 rcu_assign_pointer(sdata->default_beacon_key, key);
416 ieee80211_debugfs_key_update_default(sdata);
419 void ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata,
422 mutex_lock(&sdata->local->key_mtx);
423 __ieee80211_set_default_beacon_key(sdata, idx);
424 mutex_unlock(&sdata->local->key_mtx);
427 static int ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
428 struct sta_info *sta,
430 struct ieee80211_key *old,
431 struct ieee80211_key *new)
435 bool defunikey, defmultikey, defmgmtkey, defbeaconkey;
438 /* caller must provide at least one old/new */
439 if (WARN_ON(!new && !old))
443 idx = new->conf.keyidx;
444 list_add_tail_rcu(&new->list, &sdata->key_list);
445 is_wep = new->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
446 new->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
448 idx = old->conf.keyidx;
449 is_wep = old->conf.cipher == WLAN_CIPHER_SUITE_WEP40 ||
450 old->conf.cipher == WLAN_CIPHER_SUITE_WEP104;
453 if ((is_wep || pairwise) && idx >= NUM_DEFAULT_KEYS)
456 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
458 if (new && sta && pairwise) {
459 /* Unicast rekey needs special handling. With Extended Key ID
460 * old is still NULL for the first rekey.
462 ieee80211_pairwise_rekey(old, new);
466 if (old->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
467 ieee80211_key_disable_hw_accel(old);
470 ret = ieee80211_key_enable_hw_accel(new);
473 if (!new->local->wowlan)
474 ret = ieee80211_key_enable_hw_accel(new);
482 rcu_assign_pointer(sta->ptk[idx], new);
484 !(new->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX))
485 _ieee80211_set_tx_key(new, true);
487 rcu_assign_pointer(sta->deflink.gtk[idx], new);
489 /* Only needed for transition from no key -> key.
490 * Still triggers unnecessary when using Extended Key ID
491 * and installing the second key ID the first time.
494 ieee80211_check_fast_rx(sta);
497 old == key_mtx_dereference(sdata->local,
498 sdata->default_unicast_key);
500 old == key_mtx_dereference(sdata->local,
501 sdata->default_multicast_key);
503 old == key_mtx_dereference(sdata->local,
504 sdata->default_mgmt_key);
505 defbeaconkey = old &&
506 old == key_mtx_dereference(sdata->local,
507 sdata->default_beacon_key);
509 if (defunikey && !new)
510 __ieee80211_set_default_key(sdata, -1, true, false);
511 if (defmultikey && !new)
512 __ieee80211_set_default_key(sdata, -1, false, true);
513 if (defmgmtkey && !new)
514 __ieee80211_set_default_mgmt_key(sdata, -1);
515 if (defbeaconkey && !new)
516 __ieee80211_set_default_beacon_key(sdata, -1);
518 rcu_assign_pointer(sdata->keys[idx], new);
519 if (defunikey && new)
520 __ieee80211_set_default_key(sdata, new->conf.keyidx,
522 if (defmultikey && new)
523 __ieee80211_set_default_key(sdata, new->conf.keyidx,
525 if (defmgmtkey && new)
526 __ieee80211_set_default_mgmt_key(sdata,
528 if (defbeaconkey && new)
529 __ieee80211_set_default_beacon_key(sdata,
534 list_del_rcu(&old->list);
539 struct ieee80211_key *
540 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
542 size_t seq_len, const u8 *seq,
543 const struct ieee80211_cipher_scheme *cs)
545 struct ieee80211_key *key;
548 if (WARN_ON(idx < 0 ||
549 idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
550 NUM_DEFAULT_BEACON_KEYS))
551 return ERR_PTR(-EINVAL);
553 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
555 return ERR_PTR(-ENOMEM);
558 * Default to software encryption; we'll later upload the
559 * key to the hardware if possible.
564 key->conf.cipher = cipher;
565 key->conf.keyidx = idx;
566 key->conf.keylen = key_len;
568 case WLAN_CIPHER_SUITE_WEP40:
569 case WLAN_CIPHER_SUITE_WEP104:
570 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
571 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
573 case WLAN_CIPHER_SUITE_TKIP:
574 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
575 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
577 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
578 key->u.tkip.rx[i].iv32 =
579 get_unaligned_le32(&seq[2]);
580 key->u.tkip.rx[i].iv16 =
581 get_unaligned_le16(seq);
584 spin_lock_init(&key->u.tkip.txlock);
586 case WLAN_CIPHER_SUITE_CCMP:
587 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
588 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
590 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
591 for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
592 key->u.ccmp.rx_pn[i][j] =
593 seq[IEEE80211_CCMP_PN_LEN - j - 1];
596 * Initialize AES key state here as an optimization so that
597 * it does not need to be initialized for every packet.
599 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
600 key_data, key_len, IEEE80211_CCMP_MIC_LEN);
601 if (IS_ERR(key->u.ccmp.tfm)) {
602 err = PTR_ERR(key->u.ccmp.tfm);
607 case WLAN_CIPHER_SUITE_CCMP_256:
608 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
609 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
610 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
611 for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
612 key->u.ccmp.rx_pn[i][j] =
613 seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
614 /* Initialize AES key state here as an optimization so that
615 * it does not need to be initialized for every packet.
617 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
618 key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
619 if (IS_ERR(key->u.ccmp.tfm)) {
620 err = PTR_ERR(key->u.ccmp.tfm);
625 case WLAN_CIPHER_SUITE_AES_CMAC:
626 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
627 key->conf.iv_len = 0;
628 if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
629 key->conf.icv_len = sizeof(struct ieee80211_mmie);
631 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
633 for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
634 key->u.aes_cmac.rx_pn[j] =
635 seq[IEEE80211_CMAC_PN_LEN - j - 1];
637 * Initialize AES key state here as an optimization so that
638 * it does not need to be initialized for every packet.
640 key->u.aes_cmac.tfm =
641 ieee80211_aes_cmac_key_setup(key_data, key_len);
642 if (IS_ERR(key->u.aes_cmac.tfm)) {
643 err = PTR_ERR(key->u.aes_cmac.tfm);
648 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
649 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
650 key->conf.iv_len = 0;
651 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
653 for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
654 key->u.aes_gmac.rx_pn[j] =
655 seq[IEEE80211_GMAC_PN_LEN - j - 1];
656 /* Initialize AES key state here as an optimization so that
657 * it does not need to be initialized for every packet.
659 key->u.aes_gmac.tfm =
660 ieee80211_aes_gmac_key_setup(key_data, key_len);
661 if (IS_ERR(key->u.aes_gmac.tfm)) {
662 err = PTR_ERR(key->u.aes_gmac.tfm);
667 case WLAN_CIPHER_SUITE_GCMP:
668 case WLAN_CIPHER_SUITE_GCMP_256:
669 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
670 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
671 for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
672 for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
673 key->u.gcmp.rx_pn[i][j] =
674 seq[IEEE80211_GCMP_PN_LEN - j - 1];
675 /* Initialize AES key state here as an optimization so that
676 * it does not need to be initialized for every packet.
678 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
680 if (IS_ERR(key->u.gcmp.tfm)) {
681 err = PTR_ERR(key->u.gcmp.tfm);
688 if (seq_len && seq_len != cs->pn_len) {
690 return ERR_PTR(-EINVAL);
693 key->conf.iv_len = cs->hdr_len;
694 key->conf.icv_len = cs->mic_len;
695 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
696 for (j = 0; j < seq_len; j++)
697 key->u.gen.rx_pn[i][j] =
698 seq[seq_len - j - 1];
699 key->flags |= KEY_FLAG_CIPHER_SCHEME;
702 memcpy(key->conf.key, key_data, key_len);
703 INIT_LIST_HEAD(&key->list);
708 static void ieee80211_key_free_common(struct ieee80211_key *key)
710 switch (key->conf.cipher) {
711 case WLAN_CIPHER_SUITE_CCMP:
712 case WLAN_CIPHER_SUITE_CCMP_256:
713 ieee80211_aes_key_free(key->u.ccmp.tfm);
715 case WLAN_CIPHER_SUITE_AES_CMAC:
716 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
717 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
719 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
720 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
721 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
723 case WLAN_CIPHER_SUITE_GCMP:
724 case WLAN_CIPHER_SUITE_GCMP_256:
725 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
728 kfree_sensitive(key);
731 static void __ieee80211_key_destroy(struct ieee80211_key *key,
735 struct ieee80211_sub_if_data *sdata = key->sdata;
737 ieee80211_debugfs_key_remove(key);
739 if (delay_tailroom) {
740 /* see ieee80211_delayed_tailroom_dec */
741 sdata->crypto_tx_tailroom_pending_dec++;
742 schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
745 decrease_tailroom_need_count(sdata, 1);
749 ieee80211_key_free_common(key);
752 static void ieee80211_key_destroy(struct ieee80211_key *key,
759 * Synchronize so the TX path and rcu key iterators
760 * can no longer be using this key before we free/remove it.
764 __ieee80211_key_destroy(key, delay_tailroom);
767 void ieee80211_key_free_unused(struct ieee80211_key *key)
769 WARN_ON(key->sdata || key->local);
770 ieee80211_key_free_common(key);
773 static bool ieee80211_key_identical(struct ieee80211_sub_if_data *sdata,
774 struct ieee80211_key *old,
775 struct ieee80211_key *new)
777 u8 tkip_old[WLAN_KEY_LEN_TKIP], tkip_new[WLAN_KEY_LEN_TKIP];
780 if (!old || new->conf.keylen != old->conf.keylen)
783 tk_old = old->conf.key;
784 tk_new = new->conf.key;
787 * In station mode, don't compare the TX MIC key, as it's never used
788 * and offloaded rekeying may not care to send it to the host. This
789 * is the case in iwlwifi, for example.
791 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
792 new->conf.cipher == WLAN_CIPHER_SUITE_TKIP &&
793 new->conf.keylen == WLAN_KEY_LEN_TKIP &&
794 !(new->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
795 memcpy(tkip_old, tk_old, WLAN_KEY_LEN_TKIP);
796 memcpy(tkip_new, tk_new, WLAN_KEY_LEN_TKIP);
797 memset(tkip_old + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
798 memset(tkip_new + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, 0, 8);
803 return !crypto_memneq(tk_old, tk_new, new->conf.keylen);
806 int ieee80211_key_link(struct ieee80211_key *key,
807 struct ieee80211_sub_if_data *sdata,
808 struct sta_info *sta)
810 static atomic_t key_color = ATOMIC_INIT(0);
811 struct ieee80211_key *old_key;
812 int idx = key->conf.keyidx;
813 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
815 * We want to delay tailroom updates only for station - in that
816 * case it helps roaming speed, but in other cases it hurts and
817 * can cause warnings to appear.
819 bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
820 int ret = -EOPNOTSUPP;
822 mutex_lock(&sdata->local->key_mtx);
824 if (sta && pairwise) {
825 struct ieee80211_key *alt_key;
827 old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
828 alt_key = key_mtx_dereference(sdata->local, sta->ptk[idx ^ 1]);
830 /* The rekey code assumes that the old and new key are using
831 * the same cipher. Enforce the assumption for pairwise keys.
833 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
834 (old_key && old_key->conf.cipher != key->conf.cipher))
837 old_key = key_mtx_dereference(sdata->local,
838 sta->deflink.gtk[idx]);
840 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
843 /* Non-pairwise keys must also not switch the cipher on rekey */
845 if (old_key && old_key->conf.cipher != key->conf.cipher)
850 * Silently accept key re-installation without really installing the
851 * new version of the key to avoid nonce reuse or replay issues.
853 if (ieee80211_key_identical(sdata, old_key, key)) {
854 ieee80211_key_free_unused(key);
859 key->local = sdata->local;
864 * Assign a unique ID to every key so we can easily prevent mixed
865 * key and fragment cache attacks.
867 key->color = atomic_inc_return(&key_color);
869 increment_tailroom_need_count(sdata);
871 ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
874 ieee80211_debugfs_key_add(key);
875 ieee80211_key_destroy(old_key, delay_tailroom);
877 ieee80211_key_free(key, delay_tailroom);
881 mutex_unlock(&sdata->local->key_mtx);
886 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
892 * Replace key with nothingness if it was ever used.
895 ieee80211_key_replace(key->sdata, key->sta,
896 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
898 ieee80211_key_destroy(key, delay_tailroom);
901 void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata)
903 struct ieee80211_key *key;
904 struct ieee80211_sub_if_data *vlan;
906 lockdep_assert_wiphy(sdata->local->hw.wiphy);
908 mutex_lock(&sdata->local->key_mtx);
910 sdata->crypto_tx_tailroom_needed_cnt = 0;
911 sdata->crypto_tx_tailroom_pending_dec = 0;
913 if (sdata->vif.type == NL80211_IFTYPE_AP) {
914 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
915 vlan->crypto_tx_tailroom_needed_cnt = 0;
916 vlan->crypto_tx_tailroom_pending_dec = 0;
920 if (ieee80211_sdata_running(sdata)) {
921 list_for_each_entry(key, &sdata->key_list, list) {
922 increment_tailroom_need_count(sdata);
923 ieee80211_key_enable_hw_accel(key);
927 mutex_unlock(&sdata->local->key_mtx);
930 void ieee80211_iter_keys(struct ieee80211_hw *hw,
931 struct ieee80211_vif *vif,
932 void (*iter)(struct ieee80211_hw *hw,
933 struct ieee80211_vif *vif,
934 struct ieee80211_sta *sta,
935 struct ieee80211_key_conf *key,
939 struct ieee80211_local *local = hw_to_local(hw);
940 struct ieee80211_key *key, *tmp;
941 struct ieee80211_sub_if_data *sdata;
943 lockdep_assert_wiphy(hw->wiphy);
945 mutex_lock(&local->key_mtx);
947 sdata = vif_to_sdata(vif);
948 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
949 iter(hw, &sdata->vif,
950 key->sta ? &key->sta->sta : NULL,
951 &key->conf, iter_data);
953 list_for_each_entry(sdata, &local->interfaces, list)
954 list_for_each_entry_safe(key, tmp,
955 &sdata->key_list, list)
956 iter(hw, &sdata->vif,
957 key->sta ? &key->sta->sta : NULL,
958 &key->conf, iter_data);
960 mutex_unlock(&local->key_mtx);
962 EXPORT_SYMBOL(ieee80211_iter_keys);
965 _ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
966 struct ieee80211_sub_if_data *sdata,
967 void (*iter)(struct ieee80211_hw *hw,
968 struct ieee80211_vif *vif,
969 struct ieee80211_sta *sta,
970 struct ieee80211_key_conf *key,
974 struct ieee80211_key *key;
976 list_for_each_entry_rcu(key, &sdata->key_list, list) {
977 /* skip keys of station in removal process */
978 if (key->sta && key->sta->removed)
980 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
983 iter(hw, &sdata->vif,
984 key->sta ? &key->sta->sta : NULL,
985 &key->conf, iter_data);
989 void ieee80211_iter_keys_rcu(struct ieee80211_hw *hw,
990 struct ieee80211_vif *vif,
991 void (*iter)(struct ieee80211_hw *hw,
992 struct ieee80211_vif *vif,
993 struct ieee80211_sta *sta,
994 struct ieee80211_key_conf *key,
998 struct ieee80211_local *local = hw_to_local(hw);
999 struct ieee80211_sub_if_data *sdata;
1002 sdata = vif_to_sdata(vif);
1003 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1005 list_for_each_entry_rcu(sdata, &local->interfaces, list)
1006 _ieee80211_iter_keys_rcu(hw, sdata, iter, iter_data);
1009 EXPORT_SYMBOL(ieee80211_iter_keys_rcu);
1011 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
1012 struct list_head *keys)
1014 struct ieee80211_key *key, *tmp;
1016 decrease_tailroom_need_count(sdata,
1017 sdata->crypto_tx_tailroom_pending_dec);
1018 sdata->crypto_tx_tailroom_pending_dec = 0;
1020 ieee80211_debugfs_key_remove_mgmt_default(sdata);
1021 ieee80211_debugfs_key_remove_beacon_default(sdata);
1023 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1024 ieee80211_key_replace(key->sdata, key->sta,
1025 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1027 list_add_tail(&key->list, keys);
1030 ieee80211_debugfs_key_update_default(sdata);
1033 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
1034 bool force_synchronize)
1036 struct ieee80211_local *local = sdata->local;
1037 struct ieee80211_sub_if_data *vlan;
1038 struct ieee80211_sub_if_data *master;
1039 struct ieee80211_key *key, *tmp;
1042 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
1044 mutex_lock(&local->key_mtx);
1046 ieee80211_free_keys_iface(sdata, &keys);
1048 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1049 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1050 ieee80211_free_keys_iface(vlan, &keys);
1053 if (!list_empty(&keys) || force_synchronize)
1055 list_for_each_entry_safe(key, tmp, &keys, list)
1056 __ieee80211_key_destroy(key, false);
1058 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1060 master = container_of(sdata->bss,
1061 struct ieee80211_sub_if_data,
1064 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
1065 master->crypto_tx_tailroom_needed_cnt);
1068 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
1069 sdata->crypto_tx_tailroom_pending_dec);
1072 if (sdata->vif.type == NL80211_IFTYPE_AP) {
1073 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1074 WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
1075 vlan->crypto_tx_tailroom_pending_dec);
1078 mutex_unlock(&local->key_mtx);
1081 void ieee80211_free_sta_keys(struct ieee80211_local *local,
1082 struct sta_info *sta)
1084 struct ieee80211_key *key;
1087 mutex_lock(&local->key_mtx);
1088 for (i = 0; i < ARRAY_SIZE(sta->deflink.gtk); i++) {
1089 key = key_mtx_dereference(local, sta->deflink.gtk[i]);
1092 ieee80211_key_replace(key->sdata, key->sta,
1093 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1095 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1096 NL80211_IFTYPE_STATION);
1099 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
1100 key = key_mtx_dereference(local, sta->ptk[i]);
1103 ieee80211_key_replace(key->sdata, key->sta,
1104 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1106 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1107 NL80211_IFTYPE_STATION);
1110 mutex_unlock(&local->key_mtx);
1113 void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
1115 struct ieee80211_sub_if_data *sdata;
1117 sdata = container_of(wk, struct ieee80211_sub_if_data,
1118 dec_tailroom_needed_wk.work);
1121 * The reason for the delayed tailroom needed decrementing is to
1122 * make roaming faster: during roaming, all keys are first deleted
1123 * and then new keys are installed. The first new key causes the
1124 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
1125 * the cost of synchronize_net() (which can be slow). Avoid this
1126 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
1127 * key removal for a while, so if we roam the value is larger than
1128 * zero and no 0->1 transition happens.
1130 * The cost is that if the AP switching was from an AP with keys
1131 * to one without, we still allocate tailroom while it would no
1132 * longer be needed. However, in the typical (fast) roaming case
1133 * within an ESS this usually won't happen.
1136 mutex_lock(&sdata->local->key_mtx);
1137 decrease_tailroom_need_count(sdata,
1138 sdata->crypto_tx_tailroom_pending_dec);
1139 sdata->crypto_tx_tailroom_pending_dec = 0;
1140 mutex_unlock(&sdata->local->key_mtx);
1143 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
1144 const u8 *replay_ctr, gfp_t gfp)
1146 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1148 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
1150 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
1152 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
1154 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
1155 int tid, struct ieee80211_key_seq *seq)
1157 struct ieee80211_key *key;
1160 key = container_of(keyconf, struct ieee80211_key, conf);
1162 switch (key->conf.cipher) {
1163 case WLAN_CIPHER_SUITE_TKIP:
1164 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1166 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1167 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1169 case WLAN_CIPHER_SUITE_CCMP:
1170 case WLAN_CIPHER_SUITE_CCMP_256:
1171 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1174 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1176 pn = key->u.ccmp.rx_pn[tid];
1177 memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
1179 case WLAN_CIPHER_SUITE_AES_CMAC:
1180 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1181 if (WARN_ON(tid != 0))
1183 pn = key->u.aes_cmac.rx_pn;
1184 memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
1186 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1187 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1188 if (WARN_ON(tid != 0))
1190 pn = key->u.aes_gmac.rx_pn;
1191 memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
1193 case WLAN_CIPHER_SUITE_GCMP:
1194 case WLAN_CIPHER_SUITE_GCMP_256:
1195 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1198 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1200 pn = key->u.gcmp.rx_pn[tid];
1201 memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
1205 EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
1207 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1208 int tid, struct ieee80211_key_seq *seq)
1210 struct ieee80211_key *key;
1213 key = container_of(keyconf, struct ieee80211_key, conf);
1215 switch (key->conf.cipher) {
1216 case WLAN_CIPHER_SUITE_TKIP:
1217 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1219 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1220 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1222 case WLAN_CIPHER_SUITE_CCMP:
1223 case WLAN_CIPHER_SUITE_CCMP_256:
1224 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1227 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1229 pn = key->u.ccmp.rx_pn[tid];
1230 memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1232 case WLAN_CIPHER_SUITE_AES_CMAC:
1233 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1234 if (WARN_ON(tid != 0))
1236 pn = key->u.aes_cmac.rx_pn;
1237 memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1239 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1240 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1241 if (WARN_ON(tid != 0))
1243 pn = key->u.aes_gmac.rx_pn;
1244 memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1246 case WLAN_CIPHER_SUITE_GCMP:
1247 case WLAN_CIPHER_SUITE_GCMP_256:
1248 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1251 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1253 pn = key->u.gcmp.rx_pn[tid];
1254 memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1261 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1263 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1265 struct ieee80211_key *key;
1267 key = container_of(keyconf, struct ieee80211_key, conf);
1269 assert_key_lock(key->local);
1272 * if key was uploaded, we assume the driver will/has remove(d)
1273 * it, so adjust bookkeeping accordingly
1275 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1276 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1278 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1279 IEEE80211_KEY_FLAG_PUT_MIC_SPACE |
1280 IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1281 increment_tailroom_need_count(key->sdata);
1284 ieee80211_key_free(key, false);
1286 EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1288 struct ieee80211_key_conf *
1289 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1290 struct ieee80211_key_conf *keyconf)
1292 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1293 struct ieee80211_local *local = sdata->local;
1294 struct ieee80211_key *key;
1297 if (WARN_ON(!local->wowlan))
1298 return ERR_PTR(-EINVAL);
1300 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1301 return ERR_PTR(-EINVAL);
1303 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1304 keyconf->keylen, keyconf->key,
1307 return ERR_CAST(key);
1309 if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1310 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1312 err = ieee80211_key_link(key, sdata, NULL);
1314 return ERR_PTR(err);
1318 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1320 void ieee80211_key_mic_failure(struct ieee80211_key_conf *keyconf)
1322 struct ieee80211_key *key;
1324 key = container_of(keyconf, struct ieee80211_key, conf);
1326 switch (key->conf.cipher) {
1327 case WLAN_CIPHER_SUITE_AES_CMAC:
1328 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1329 key->u.aes_cmac.icverrors++;
1331 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1332 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1333 key->u.aes_gmac.icverrors++;
1336 /* ignore the others for now, we don't keep counters now */
1340 EXPORT_SYMBOL_GPL(ieee80211_key_mic_failure);
1342 void ieee80211_key_replay(struct ieee80211_key_conf *keyconf)
1344 struct ieee80211_key *key;
1346 key = container_of(keyconf, struct ieee80211_key, conf);
1348 switch (key->conf.cipher) {
1349 case WLAN_CIPHER_SUITE_CCMP:
1350 case WLAN_CIPHER_SUITE_CCMP_256:
1351 key->u.ccmp.replays++;
1353 case WLAN_CIPHER_SUITE_AES_CMAC:
1354 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1355 key->u.aes_cmac.replays++;
1357 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1358 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1359 key->u.aes_gmac.replays++;
1361 case WLAN_CIPHER_SUITE_GCMP:
1362 case WLAN_CIPHER_SUITE_GCMP_256:
1363 key->u.gcmp.replays++;
1367 EXPORT_SYMBOL_GPL(ieee80211_key_replay);