2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
12 #include <linux/if_ether.h>
13 #include <linux/etherdevice.h>
14 #include <linux/list.h>
15 #include <linux/rcupdate.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/slab.h>
18 #include <linux/export.h>
19 #include <net/mac80211.h>
20 #include <asm/unaligned.h>
21 #include "ieee80211_i.h"
22 #include "driver-ops.h"
23 #include "debugfs_key.h"
29 * DOC: Key handling basics
31 * Key handling in mac80211 is done based on per-interface (sub_if_data)
32 * keys and per-station keys. Since each station belongs to an interface,
33 * each station key also belongs to that interface.
35 * Hardware acceleration is done on a best-effort basis for algorithms
36 * that are implemented in software, for each key the hardware is asked
37 * to enable that key for offloading but if it cannot do that the key is
38 * simply kept for software encryption (unless it is for an algorithm
39 * that isn't implemented in software).
40 * There is currently no way of knowing whether a key is handled in SW
41 * or HW except by looking into debugfs.
43 * All key management is internally protected by a mutex. Within all
44 * other parts of mac80211, key references are, just as STA structure
45 * references, protected by RCU. Note, however, that some things are
46 * unprotected, namely the key->sta dereferences within the hardware
47 * acceleration functions. This means that sta_info_destroy() must
48 * remove the key which waits for an RCU grace period.
51 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
53 static void assert_key_lock(struct ieee80211_local *local)
55 lockdep_assert_held(&local->key_mtx);
58 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
61 * When this count is zero, SKB resizing for allocating tailroom
62 * for IV or MMIC is skipped. But, this check has created two race
63 * cases in xmit path while transiting from zero count to one:
65 * 1. SKB resize was skipped because no key was added but just before
66 * the xmit key is added and SW encryption kicks off.
68 * 2. SKB resize was skipped because all the keys were hw planted but
69 * just before xmit one of the key is deleted and SW encryption kicks
72 * In both the above case SW encryption will find not enough space for
73 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
75 * Solution has been explained at
76 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
79 if (!sdata->crypto_tx_tailroom_needed_cnt++) {
81 * Flush all XMIT packets currently using HW encryption or no
82 * encryption at all if the count transition is from 0 -> 1.
88 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
90 struct ieee80211_sub_if_data *sdata;
96 if (!key->local->ops->set_key)
99 assert_key_lock(key->local);
104 * If this is a per-STA GTK, check if it
105 * is supported; if not, return.
107 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
108 !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK))
109 goto out_unsupported;
111 if (sta && !sta->uploaded)
112 goto out_unsupported;
115 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
117 * The driver doesn't know anything about VLAN interfaces.
118 * Hence, don't send GTKs for VLAN interfaces to the driver.
120 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
121 goto out_unsupported;
124 ret = drv_set_key(key->local, SET_KEY, sdata,
125 sta ? &sta->sta : NULL, &key->conf);
128 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
130 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
131 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
132 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
133 sdata->crypto_tx_tailroom_needed_cnt--;
135 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
136 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
141 if (ret != -ENOSPC && ret != -EOPNOTSUPP)
143 "failed to set key (%d, %pM) to hardware (%d)\n",
145 sta ? sta->sta.addr : bcast_addr, ret);
148 switch (key->conf.cipher) {
149 case WLAN_CIPHER_SUITE_WEP40:
150 case WLAN_CIPHER_SUITE_WEP104:
151 case WLAN_CIPHER_SUITE_TKIP:
152 case WLAN_CIPHER_SUITE_CCMP:
153 case WLAN_CIPHER_SUITE_AES_CMAC:
154 /* all of these we can do in software */
161 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
163 struct ieee80211_sub_if_data *sdata;
164 struct sta_info *sta;
169 if (!key || !key->local->ops->set_key)
172 assert_key_lock(key->local);
174 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
180 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
181 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV) ||
182 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
183 increment_tailroom_need_count(sdata);
185 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
186 sta ? &sta->sta : NULL, &key->conf);
190 "failed to remove key (%d, %pM) from hardware (%d)\n",
192 sta ? sta->sta.addr : bcast_addr, ret);
194 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
197 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
198 int idx, bool uni, bool multi)
200 struct ieee80211_key *key = NULL;
202 assert_key_lock(sdata->local);
204 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
205 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
208 rcu_assign_pointer(sdata->default_unicast_key, key);
209 drv_set_default_unicast_key(sdata->local, sdata, idx);
213 rcu_assign_pointer(sdata->default_multicast_key, key);
215 ieee80211_debugfs_key_update_default(sdata);
218 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
219 bool uni, bool multi)
221 mutex_lock(&sdata->local->key_mtx);
222 __ieee80211_set_default_key(sdata, idx, uni, multi);
223 mutex_unlock(&sdata->local->key_mtx);
227 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
229 struct ieee80211_key *key = NULL;
231 assert_key_lock(sdata->local);
233 if (idx >= NUM_DEFAULT_KEYS &&
234 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
235 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
237 rcu_assign_pointer(sdata->default_mgmt_key, key);
239 ieee80211_debugfs_key_update_default(sdata);
242 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
245 mutex_lock(&sdata->local->key_mtx);
246 __ieee80211_set_default_mgmt_key(sdata, idx);
247 mutex_unlock(&sdata->local->key_mtx);
251 static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
252 struct sta_info *sta,
254 struct ieee80211_key *old,
255 struct ieee80211_key *new)
258 bool defunikey, defmultikey, defmgmtkey;
261 list_add_tail(&new->list, &sdata->key_list);
263 if (sta && pairwise) {
264 rcu_assign_pointer(sta->ptk, new);
267 idx = old->conf.keyidx;
269 idx = new->conf.keyidx;
270 rcu_assign_pointer(sta->gtk[idx], new);
272 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
275 idx = old->conf.keyidx;
277 idx = new->conf.keyidx;
280 old == key_mtx_dereference(sdata->local,
281 sdata->default_unicast_key);
283 old == key_mtx_dereference(sdata->local,
284 sdata->default_multicast_key);
286 old == key_mtx_dereference(sdata->local,
287 sdata->default_mgmt_key);
289 if (defunikey && !new)
290 __ieee80211_set_default_key(sdata, -1, true, false);
291 if (defmultikey && !new)
292 __ieee80211_set_default_key(sdata, -1, false, true);
293 if (defmgmtkey && !new)
294 __ieee80211_set_default_mgmt_key(sdata, -1);
296 rcu_assign_pointer(sdata->keys[idx], new);
297 if (defunikey && new)
298 __ieee80211_set_default_key(sdata, new->conf.keyidx,
300 if (defmultikey && new)
301 __ieee80211_set_default_key(sdata, new->conf.keyidx,
303 if (defmgmtkey && new)
304 __ieee80211_set_default_mgmt_key(sdata,
309 list_del(&old->list);
312 struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
314 size_t seq_len, const u8 *seq)
316 struct ieee80211_key *key;
319 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS);
321 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
323 return ERR_PTR(-ENOMEM);
326 * Default to software encryption; we'll later upload the
327 * key to the hardware if possible.
332 key->conf.cipher = cipher;
333 key->conf.keyidx = idx;
334 key->conf.keylen = key_len;
336 case WLAN_CIPHER_SUITE_WEP40:
337 case WLAN_CIPHER_SUITE_WEP104:
338 key->conf.iv_len = WEP_IV_LEN;
339 key->conf.icv_len = WEP_ICV_LEN;
341 case WLAN_CIPHER_SUITE_TKIP:
342 key->conf.iv_len = TKIP_IV_LEN;
343 key->conf.icv_len = TKIP_ICV_LEN;
345 for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
346 key->u.tkip.rx[i].iv32 =
347 get_unaligned_le32(&seq[2]);
348 key->u.tkip.rx[i].iv16 =
349 get_unaligned_le16(seq);
352 spin_lock_init(&key->u.tkip.txlock);
354 case WLAN_CIPHER_SUITE_CCMP:
355 key->conf.iv_len = CCMP_HDR_LEN;
356 key->conf.icv_len = CCMP_MIC_LEN;
358 for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
359 for (j = 0; j < CCMP_PN_LEN; j++)
360 key->u.ccmp.rx_pn[i][j] =
361 seq[CCMP_PN_LEN - j - 1];
364 * Initialize AES key state here as an optimization so that
365 * it does not need to be initialized for every packet.
367 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
368 if (IS_ERR(key->u.ccmp.tfm)) {
369 err = PTR_ERR(key->u.ccmp.tfm);
374 case WLAN_CIPHER_SUITE_AES_CMAC:
375 key->conf.iv_len = 0;
376 key->conf.icv_len = sizeof(struct ieee80211_mmie);
378 for (j = 0; j < CMAC_PN_LEN; j++)
379 key->u.aes_cmac.rx_pn[j] =
380 seq[CMAC_PN_LEN - j - 1];
382 * Initialize AES key state here as an optimization so that
383 * it does not need to be initialized for every packet.
385 key->u.aes_cmac.tfm =
386 ieee80211_aes_cmac_key_setup(key_data);
387 if (IS_ERR(key->u.aes_cmac.tfm)) {
388 err = PTR_ERR(key->u.aes_cmac.tfm);
394 memcpy(key->conf.key, key_data, key_len);
395 INIT_LIST_HEAD(&key->list);
400 static void __ieee80211_key_destroy(struct ieee80211_key *key,
407 * Synchronize so the TX path can no longer be using
408 * this key before we free/remove it.
413 ieee80211_key_disable_hw_accel(key);
415 if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP)
416 ieee80211_aes_key_free(key->u.ccmp.tfm);
417 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC)
418 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
420 struct ieee80211_sub_if_data *sdata = key->sdata;
422 ieee80211_debugfs_key_remove(key);
424 if (delay_tailroom) {
425 /* see ieee80211_delayed_tailroom_dec */
426 sdata->crypto_tx_tailroom_pending_dec++;
427 schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
430 sdata->crypto_tx_tailroom_needed_cnt--;
437 int ieee80211_key_link(struct ieee80211_key *key,
438 struct ieee80211_sub_if_data *sdata,
439 struct sta_info *sta)
441 struct ieee80211_key *old_key;
448 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
449 idx = key->conf.keyidx;
450 key->local = sdata->local;
454 mutex_lock(&sdata->local->key_mtx);
457 old_key = key_mtx_dereference(sdata->local, sta->ptk);
459 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
461 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
463 increment_tailroom_need_count(sdata);
465 __ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
466 __ieee80211_key_destroy(old_key, true);
468 ieee80211_debugfs_key_add(key);
470 ret = ieee80211_key_enable_hw_accel(key);
472 mutex_unlock(&sdata->local->key_mtx);
477 void __ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
483 * Replace key with nothingness if it was ever used.
486 __ieee80211_key_replace(key->sdata, key->sta,
487 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
489 __ieee80211_key_destroy(key, delay_tailroom);
492 void ieee80211_key_free(struct ieee80211_local *local,
493 struct ieee80211_key *key)
495 mutex_lock(&local->key_mtx);
496 __ieee80211_key_free(key, true);
497 mutex_unlock(&local->key_mtx);
500 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
502 struct ieee80211_key *key;
506 if (WARN_ON(!ieee80211_sdata_running(sdata)))
509 mutex_lock(&sdata->local->key_mtx);
511 sdata->crypto_tx_tailroom_needed_cnt = 0;
513 list_for_each_entry(key, &sdata->key_list, list) {
514 increment_tailroom_need_count(sdata);
515 ieee80211_key_enable_hw_accel(key);
518 mutex_unlock(&sdata->local->key_mtx);
521 void ieee80211_iter_keys(struct ieee80211_hw *hw,
522 struct ieee80211_vif *vif,
523 void (*iter)(struct ieee80211_hw *hw,
524 struct ieee80211_vif *vif,
525 struct ieee80211_sta *sta,
526 struct ieee80211_key_conf *key,
530 struct ieee80211_local *local = hw_to_local(hw);
531 struct ieee80211_key *key;
532 struct ieee80211_sub_if_data *sdata;
536 mutex_lock(&local->key_mtx);
538 sdata = vif_to_sdata(vif);
539 list_for_each_entry(key, &sdata->key_list, list)
540 iter(hw, &sdata->vif,
541 key->sta ? &key->sta->sta : NULL,
542 &key->conf, iter_data);
544 list_for_each_entry(sdata, &local->interfaces, list)
545 list_for_each_entry(key, &sdata->key_list, list)
546 iter(hw, &sdata->vif,
547 key->sta ? &key->sta->sta : NULL,
548 &key->conf, iter_data);
550 mutex_unlock(&local->key_mtx);
552 EXPORT_SYMBOL(ieee80211_iter_keys);
554 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
556 struct ieee80211_key *key, *tmp;
558 cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
560 mutex_lock(&sdata->local->key_mtx);
562 sdata->crypto_tx_tailroom_needed_cnt -=
563 sdata->crypto_tx_tailroom_pending_dec;
564 sdata->crypto_tx_tailroom_pending_dec = 0;
566 ieee80211_debugfs_key_remove_mgmt_default(sdata);
568 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
569 __ieee80211_key_free(key, false);
571 ieee80211_debugfs_key_update_default(sdata);
573 WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
574 sdata->crypto_tx_tailroom_pending_dec);
576 mutex_unlock(&sdata->local->key_mtx);
579 void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
581 struct ieee80211_sub_if_data *sdata;
583 sdata = container_of(wk, struct ieee80211_sub_if_data,
584 dec_tailroom_needed_wk.work);
587 * The reason for the delayed tailroom needed decrementing is to
588 * make roaming faster: during roaming, all keys are first deleted
589 * and then new keys are installed. The first new key causes the
590 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
591 * the cost of synchronize_net() (which can be slow). Avoid this
592 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
593 * key removal for a while, so if we roam the value is larger than
594 * zero and no 0->1 transition happens.
596 * The cost is that if the AP switching was from an AP with keys
597 * to one without, we still allocate tailroom while it would no
598 * longer be needed. However, in the typical (fast) roaming case
599 * within an ESS this usually won't happen.
602 mutex_lock(&sdata->local->key_mtx);
603 sdata->crypto_tx_tailroom_needed_cnt -=
604 sdata->crypto_tx_tailroom_pending_dec;
605 sdata->crypto_tx_tailroom_pending_dec = 0;
606 mutex_unlock(&sdata->local->key_mtx);
609 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
610 const u8 *replay_ctr, gfp_t gfp)
612 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
614 trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
616 cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
618 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
620 void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf,
621 struct ieee80211_key_seq *seq)
623 struct ieee80211_key *key;
626 if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV)))
629 key = container_of(keyconf, struct ieee80211_key, conf);
631 switch (key->conf.cipher) {
632 case WLAN_CIPHER_SUITE_TKIP:
633 seq->tkip.iv32 = key->u.tkip.tx.iv32;
634 seq->tkip.iv16 = key->u.tkip.tx.iv16;
636 case WLAN_CIPHER_SUITE_CCMP:
637 pn64 = atomic64_read(&key->u.ccmp.tx_pn);
638 seq->ccmp.pn[5] = pn64;
639 seq->ccmp.pn[4] = pn64 >> 8;
640 seq->ccmp.pn[3] = pn64 >> 16;
641 seq->ccmp.pn[2] = pn64 >> 24;
642 seq->ccmp.pn[1] = pn64 >> 32;
643 seq->ccmp.pn[0] = pn64 >> 40;
645 case WLAN_CIPHER_SUITE_AES_CMAC:
646 pn64 = atomic64_read(&key->u.aes_cmac.tx_pn);
647 seq->ccmp.pn[5] = pn64;
648 seq->ccmp.pn[4] = pn64 >> 8;
649 seq->ccmp.pn[3] = pn64 >> 16;
650 seq->ccmp.pn[2] = pn64 >> 24;
651 seq->ccmp.pn[1] = pn64 >> 32;
652 seq->ccmp.pn[0] = pn64 >> 40;
658 EXPORT_SYMBOL(ieee80211_get_key_tx_seq);
660 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
661 int tid, struct ieee80211_key_seq *seq)
663 struct ieee80211_key *key;
666 key = container_of(keyconf, struct ieee80211_key, conf);
668 switch (key->conf.cipher) {
669 case WLAN_CIPHER_SUITE_TKIP:
670 if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
672 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
673 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
675 case WLAN_CIPHER_SUITE_CCMP:
676 if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
679 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
681 pn = key->u.ccmp.rx_pn[tid];
682 memcpy(seq->ccmp.pn, pn, CCMP_PN_LEN);
684 case WLAN_CIPHER_SUITE_AES_CMAC:
685 if (WARN_ON(tid != 0))
687 pn = key->u.aes_cmac.rx_pn;
688 memcpy(seq->aes_cmac.pn, pn, CMAC_PN_LEN);
692 EXPORT_SYMBOL(ieee80211_get_key_rx_seq);