xref: /linux/net/mac80211/key.c (revision 3ce095c16263630dde46d6051854073edaacf3d7)
1 /*
2  * Copyright 2002-2005, Instant802 Networks, Inc.
3  * Copyright 2005-2006, Devicescape Software, Inc.
4  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
5  * Copyright 2007-2008	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License version 2 as
10  * published by the Free Software Foundation.
11  */
12 
13 #include <linux/if_ether.h>
14 #include <linux/etherdevice.h>
15 #include <linux/list.h>
16 #include <linux/rcupdate.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/slab.h>
19 #include <linux/export.h>
20 #include <net/mac80211.h>
21 #include <asm/unaligned.h>
22 #include "ieee80211_i.h"
23 #include "driver-ops.h"
24 #include "debugfs_key.h"
25 #include "aes_ccm.h"
26 #include "aes_cmac.h"
27 #include "aes_gmac.h"
28 #include "aes_gcm.h"
29 
30 
31 /**
32  * DOC: Key handling basics
33  *
34  * Key handling in mac80211 is done based on per-interface (sub_if_data)
35  * keys and per-station keys. Since each station belongs to an interface,
36  * each station key also belongs to that interface.
37  *
38  * Hardware acceleration is done on a best-effort basis for algorithms
39  * that are implemented in software,  for each key the hardware is asked
40  * to enable that key for offloading but if it cannot do that the key is
41  * simply kept for software encryption (unless it is for an algorithm
42  * that isn't implemented in software).
43  * There is currently no way of knowing whether a key is handled in SW
44  * or HW except by looking into debugfs.
45  *
46  * All key management is internally protected by a mutex. Within all
47  * other parts of mac80211, key references are, just as STA structure
48  * references, protected by RCU. Note, however, that some things are
49  * unprotected, namely the key->sta dereferences within the hardware
50  * acceleration functions. This means that sta_info_destroy() must
51  * remove the key which waits for an RCU grace period.
52  */
53 
54 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
55 
56 static void assert_key_lock(struct ieee80211_local *local)
57 {
58 	lockdep_assert_held(&local->key_mtx);
59 }
60 
61 static void
62 update_vlan_tailroom_need_count(struct ieee80211_sub_if_data *sdata, int delta)
63 {
64 	struct ieee80211_sub_if_data *vlan;
65 
66 	if (sdata->vif.type != NL80211_IFTYPE_AP)
67 		return;
68 
69 	mutex_lock(&sdata->local->mtx);
70 
71 	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
72 		vlan->crypto_tx_tailroom_needed_cnt += delta;
73 
74 	mutex_unlock(&sdata->local->mtx);
75 }
76 
77 static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
78 {
79 	/*
80 	 * When this count is zero, SKB resizing for allocating tailroom
81 	 * for IV or MMIC is skipped. But, this check has created two race
82 	 * cases in xmit path while transiting from zero count to one:
83 	 *
84 	 * 1. SKB resize was skipped because no key was added but just before
85 	 * the xmit key is added and SW encryption kicks off.
86 	 *
87 	 * 2. SKB resize was skipped because all the keys were hw planted but
88 	 * just before xmit one of the key is deleted and SW encryption kicks
89 	 * off.
90 	 *
91 	 * In both the above case SW encryption will find not enough space for
92 	 * tailroom and exits with WARN_ON. (See WARN_ONs at wpa.c)
93 	 *
94 	 * Solution has been explained at
95 	 * http://mid.gmane.org/1308590980.4322.19.camel@jlt3.sipsolutions.net
96 	 */
97 
98 	update_vlan_tailroom_need_count(sdata, 1);
99 
100 	if (!sdata->crypto_tx_tailroom_needed_cnt++) {
101 		/*
102 		 * Flush all XMIT packets currently using HW encryption or no
103 		 * encryption at all if the count transition is from 0 -> 1.
104 		 */
105 		synchronize_net();
106 	}
107 }
108 
109 static void decrease_tailroom_need_count(struct ieee80211_sub_if_data *sdata,
110 					 int delta)
111 {
112 	WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt < delta);
113 
114 	update_vlan_tailroom_need_count(sdata, -delta);
115 	sdata->crypto_tx_tailroom_needed_cnt -= delta;
116 }
117 
118 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
119 {
120 	struct ieee80211_sub_if_data *sdata;
121 	struct sta_info *sta;
122 	int ret = -EOPNOTSUPP;
123 
124 	might_sleep();
125 
126 	if (key->flags & KEY_FLAG_TAINTED) {
127 		/* If we get here, it's during resume and the key is
128 		 * tainted so shouldn't be used/programmed any more.
129 		 * However, its flags may still indicate that it was
130 		 * programmed into the device (since we're in resume)
131 		 * so clear that flag now to avoid trying to remove
132 		 * it again later.
133 		 */
134 		key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
135 		return -EINVAL;
136 	}
137 
138 	if (!key->local->ops->set_key)
139 		goto out_unsupported;
140 
141 	assert_key_lock(key->local);
142 
143 	sta = key->sta;
144 
145 	/*
146 	 * If this is a per-STA GTK, check if it
147 	 * is supported; if not, return.
148 	 */
149 	if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
150 	    !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK))
151 		goto out_unsupported;
152 
153 	if (sta && !sta->uploaded)
154 		goto out_unsupported;
155 
156 	sdata = key->sdata;
157 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
158 		/*
159 		 * The driver doesn't know anything about VLAN interfaces.
160 		 * Hence, don't send GTKs for VLAN interfaces to the driver.
161 		 */
162 		if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
163 			goto out_unsupported;
164 	}
165 
166 	ret = drv_set_key(key->local, SET_KEY, sdata,
167 			  sta ? &sta->sta : NULL, &key->conf);
168 
169 	if (!ret) {
170 		key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
171 
172 		if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
173 		      (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
174 			decrease_tailroom_need_count(sdata, 1);
175 
176 		WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
177 			(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
178 
179 		return 0;
180 	}
181 
182 	if (ret != -ENOSPC && ret != -EOPNOTSUPP && ret != 1)
183 		sdata_err(sdata,
184 			  "failed to set key (%d, %pM) to hardware (%d)\n",
185 			  key->conf.keyidx,
186 			  sta ? sta->sta.addr : bcast_addr, ret);
187 
188  out_unsupported:
189 	switch (key->conf.cipher) {
190 	case WLAN_CIPHER_SUITE_WEP40:
191 	case WLAN_CIPHER_SUITE_WEP104:
192 	case WLAN_CIPHER_SUITE_TKIP:
193 	case WLAN_CIPHER_SUITE_CCMP:
194 	case WLAN_CIPHER_SUITE_CCMP_256:
195 	case WLAN_CIPHER_SUITE_AES_CMAC:
196 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
197 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
198 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
199 	case WLAN_CIPHER_SUITE_GCMP:
200 	case WLAN_CIPHER_SUITE_GCMP_256:
201 		/* all of these we can do in software - if driver can */
202 		if (ret == 1)
203 			return 0;
204 		if (key->local->hw.flags & IEEE80211_HW_SW_CRYPTO_CONTROL)
205 			return -EINVAL;
206 		return 0;
207 	default:
208 		return -EINVAL;
209 	}
210 }
211 
212 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
213 {
214 	struct ieee80211_sub_if_data *sdata;
215 	struct sta_info *sta;
216 	int ret;
217 
218 	might_sleep();
219 
220 	if (!key || !key->local->ops->set_key)
221 		return;
222 
223 	assert_key_lock(key->local);
224 
225 	if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
226 		return;
227 
228 	sta = key->sta;
229 	sdata = key->sdata;
230 
231 	if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
232 	      (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
233 		increment_tailroom_need_count(sdata);
234 
235 	ret = drv_set_key(key->local, DISABLE_KEY, sdata,
236 			  sta ? &sta->sta : NULL, &key->conf);
237 
238 	if (ret)
239 		sdata_err(sdata,
240 			  "failed to remove key (%d, %pM) from hardware (%d)\n",
241 			  key->conf.keyidx,
242 			  sta ? sta->sta.addr : bcast_addr, ret);
243 
244 	key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
245 }
246 
247 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
248 					int idx, bool uni, bool multi)
249 {
250 	struct ieee80211_key *key = NULL;
251 
252 	assert_key_lock(sdata->local);
253 
254 	if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
255 		key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
256 
257 	if (uni) {
258 		rcu_assign_pointer(sdata->default_unicast_key, key);
259 		drv_set_default_unicast_key(sdata->local, sdata, idx);
260 	}
261 
262 	if (multi)
263 		rcu_assign_pointer(sdata->default_multicast_key, key);
264 
265 	ieee80211_debugfs_key_update_default(sdata);
266 }
267 
268 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
269 			       bool uni, bool multi)
270 {
271 	mutex_lock(&sdata->local->key_mtx);
272 	__ieee80211_set_default_key(sdata, idx, uni, multi);
273 	mutex_unlock(&sdata->local->key_mtx);
274 }
275 
276 static void
277 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
278 {
279 	struct ieee80211_key *key = NULL;
280 
281 	assert_key_lock(sdata->local);
282 
283 	if (idx >= NUM_DEFAULT_KEYS &&
284 	    idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
285 		key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
286 
287 	rcu_assign_pointer(sdata->default_mgmt_key, key);
288 
289 	ieee80211_debugfs_key_update_default(sdata);
290 }
291 
292 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
293 				    int idx)
294 {
295 	mutex_lock(&sdata->local->key_mtx);
296 	__ieee80211_set_default_mgmt_key(sdata, idx);
297 	mutex_unlock(&sdata->local->key_mtx);
298 }
299 
300 
301 static void ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
302 				  struct sta_info *sta,
303 				  bool pairwise,
304 				  struct ieee80211_key *old,
305 				  struct ieee80211_key *new)
306 {
307 	int idx;
308 	bool defunikey, defmultikey, defmgmtkey;
309 
310 	/* caller must provide at least one old/new */
311 	if (WARN_ON(!new && !old))
312 		return;
313 
314 	if (new)
315 		list_add_tail(&new->list, &sdata->key_list);
316 
317 	WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
318 
319 	if (old)
320 		idx = old->conf.keyidx;
321 	else
322 		idx = new->conf.keyidx;
323 
324 	if (sta) {
325 		if (pairwise) {
326 			rcu_assign_pointer(sta->ptk[idx], new);
327 			sta->ptk_idx = idx;
328 		} else {
329 			rcu_assign_pointer(sta->gtk[idx], new);
330 			sta->gtk_idx = idx;
331 		}
332 	} else {
333 		defunikey = old &&
334 			old == key_mtx_dereference(sdata->local,
335 						sdata->default_unicast_key);
336 		defmultikey = old &&
337 			old == key_mtx_dereference(sdata->local,
338 						sdata->default_multicast_key);
339 		defmgmtkey = old &&
340 			old == key_mtx_dereference(sdata->local,
341 						sdata->default_mgmt_key);
342 
343 		if (defunikey && !new)
344 			__ieee80211_set_default_key(sdata, -1, true, false);
345 		if (defmultikey && !new)
346 			__ieee80211_set_default_key(sdata, -1, false, true);
347 		if (defmgmtkey && !new)
348 			__ieee80211_set_default_mgmt_key(sdata, -1);
349 
350 		rcu_assign_pointer(sdata->keys[idx], new);
351 		if (defunikey && new)
352 			__ieee80211_set_default_key(sdata, new->conf.keyidx,
353 						    true, false);
354 		if (defmultikey && new)
355 			__ieee80211_set_default_key(sdata, new->conf.keyidx,
356 						    false, true);
357 		if (defmgmtkey && new)
358 			__ieee80211_set_default_mgmt_key(sdata,
359 							 new->conf.keyidx);
360 	}
361 
362 	if (old)
363 		list_del(&old->list);
364 }
365 
366 struct ieee80211_key *
367 ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
368 		    const u8 *key_data,
369 		    size_t seq_len, const u8 *seq,
370 		    const struct ieee80211_cipher_scheme *cs)
371 {
372 	struct ieee80211_key *key;
373 	int i, j, err;
374 
375 	if (WARN_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS))
376 		return ERR_PTR(-EINVAL);
377 
378 	key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
379 	if (!key)
380 		return ERR_PTR(-ENOMEM);
381 
382 	/*
383 	 * Default to software encryption; we'll later upload the
384 	 * key to the hardware if possible.
385 	 */
386 	key->conf.flags = 0;
387 	key->flags = 0;
388 
389 	key->conf.cipher = cipher;
390 	key->conf.keyidx = idx;
391 	key->conf.keylen = key_len;
392 	switch (cipher) {
393 	case WLAN_CIPHER_SUITE_WEP40:
394 	case WLAN_CIPHER_SUITE_WEP104:
395 		key->conf.iv_len = IEEE80211_WEP_IV_LEN;
396 		key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
397 		break;
398 	case WLAN_CIPHER_SUITE_TKIP:
399 		key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
400 		key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
401 		if (seq) {
402 			for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
403 				key->u.tkip.rx[i].iv32 =
404 					get_unaligned_le32(&seq[2]);
405 				key->u.tkip.rx[i].iv16 =
406 					get_unaligned_le16(seq);
407 			}
408 		}
409 		spin_lock_init(&key->u.tkip.txlock);
410 		break;
411 	case WLAN_CIPHER_SUITE_CCMP:
412 		key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
413 		key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
414 		if (seq) {
415 			for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
416 				for (j = 0; j < IEEE80211_CCMP_PN_LEN; j++)
417 					key->u.ccmp.rx_pn[i][j] =
418 						seq[IEEE80211_CCMP_PN_LEN - j - 1];
419 		}
420 		/*
421 		 * Initialize AES key state here as an optimization so that
422 		 * it does not need to be initialized for every packet.
423 		 */
424 		key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
425 			key_data, key_len, IEEE80211_CCMP_MIC_LEN);
426 		if (IS_ERR(key->u.ccmp.tfm)) {
427 			err = PTR_ERR(key->u.ccmp.tfm);
428 			kfree(key);
429 			return ERR_PTR(err);
430 		}
431 		break;
432 	case WLAN_CIPHER_SUITE_CCMP_256:
433 		key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
434 		key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
435 		for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
436 			for (j = 0; j < IEEE80211_CCMP_256_PN_LEN; j++)
437 				key->u.ccmp.rx_pn[i][j] =
438 					seq[IEEE80211_CCMP_256_PN_LEN - j - 1];
439 		/* Initialize AES key state here as an optimization so that
440 		 * it does not need to be initialized for every packet.
441 		 */
442 		key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
443 			key_data, key_len, IEEE80211_CCMP_256_MIC_LEN);
444 		if (IS_ERR(key->u.ccmp.tfm)) {
445 			err = PTR_ERR(key->u.ccmp.tfm);
446 			kfree(key);
447 			return ERR_PTR(err);
448 		}
449 		break;
450 	case WLAN_CIPHER_SUITE_AES_CMAC:
451 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
452 		key->conf.iv_len = 0;
453 		if (cipher == WLAN_CIPHER_SUITE_AES_CMAC)
454 			key->conf.icv_len = sizeof(struct ieee80211_mmie);
455 		else
456 			key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
457 		if (seq)
458 			for (j = 0; j < IEEE80211_CMAC_PN_LEN; j++)
459 				key->u.aes_cmac.rx_pn[j] =
460 					seq[IEEE80211_CMAC_PN_LEN - j - 1];
461 		/*
462 		 * Initialize AES key state here as an optimization so that
463 		 * it does not need to be initialized for every packet.
464 		 */
465 		key->u.aes_cmac.tfm =
466 			ieee80211_aes_cmac_key_setup(key_data, key_len);
467 		if (IS_ERR(key->u.aes_cmac.tfm)) {
468 			err = PTR_ERR(key->u.aes_cmac.tfm);
469 			kfree(key);
470 			return ERR_PTR(err);
471 		}
472 		break;
473 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
474 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
475 		key->conf.iv_len = 0;
476 		key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
477 		if (seq)
478 			for (j = 0; j < IEEE80211_GMAC_PN_LEN; j++)
479 				key->u.aes_gmac.rx_pn[j] =
480 					seq[IEEE80211_GMAC_PN_LEN - j - 1];
481 		/* Initialize AES key state here as an optimization so that
482 		 * it does not need to be initialized for every packet.
483 		 */
484 		key->u.aes_gmac.tfm =
485 			ieee80211_aes_gmac_key_setup(key_data, key_len);
486 		if (IS_ERR(key->u.aes_gmac.tfm)) {
487 			err = PTR_ERR(key->u.aes_gmac.tfm);
488 			kfree(key);
489 			return ERR_PTR(err);
490 		}
491 		break;
492 	case WLAN_CIPHER_SUITE_GCMP:
493 	case WLAN_CIPHER_SUITE_GCMP_256:
494 		key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
495 		key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
496 		for (i = 0; seq && i < IEEE80211_NUM_TIDS + 1; i++)
497 			for (j = 0; j < IEEE80211_GCMP_PN_LEN; j++)
498 				key->u.gcmp.rx_pn[i][j] =
499 					seq[IEEE80211_GCMP_PN_LEN - j - 1];
500 		/* Initialize AES key state here as an optimization so that
501 		 * it does not need to be initialized for every packet.
502 		 */
503 		key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
504 								      key_len);
505 		if (IS_ERR(key->u.gcmp.tfm)) {
506 			err = PTR_ERR(key->u.gcmp.tfm);
507 			kfree(key);
508 			return ERR_PTR(err);
509 		}
510 		break;
511 	default:
512 		if (cs) {
513 			size_t len = (seq_len > MAX_PN_LEN) ?
514 						MAX_PN_LEN : seq_len;
515 
516 			key->conf.iv_len = cs->hdr_len;
517 			key->conf.icv_len = cs->mic_len;
518 			for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
519 				for (j = 0; j < len; j++)
520 					key->u.gen.rx_pn[i][j] =
521 							seq[len - j - 1];
522 			key->flags |= KEY_FLAG_CIPHER_SCHEME;
523 		}
524 	}
525 	memcpy(key->conf.key, key_data, key_len);
526 	INIT_LIST_HEAD(&key->list);
527 
528 	return key;
529 }
530 
531 static void ieee80211_key_free_common(struct ieee80211_key *key)
532 {
533 	switch (key->conf.cipher) {
534 	case WLAN_CIPHER_SUITE_CCMP:
535 	case WLAN_CIPHER_SUITE_CCMP_256:
536 		ieee80211_aes_key_free(key->u.ccmp.tfm);
537 		break;
538 	case WLAN_CIPHER_SUITE_AES_CMAC:
539 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
540 		ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
541 		break;
542 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
543 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
544 		ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
545 		break;
546 	case WLAN_CIPHER_SUITE_GCMP:
547 	case WLAN_CIPHER_SUITE_GCMP_256:
548 		ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
549 		break;
550 	}
551 	kzfree(key);
552 }
553 
554 static void __ieee80211_key_destroy(struct ieee80211_key *key,
555 				    bool delay_tailroom)
556 {
557 	if (key->local)
558 		ieee80211_key_disable_hw_accel(key);
559 
560 	if (key->local) {
561 		struct ieee80211_sub_if_data *sdata = key->sdata;
562 
563 		ieee80211_debugfs_key_remove(key);
564 
565 		if (delay_tailroom) {
566 			/* see ieee80211_delayed_tailroom_dec */
567 			sdata->crypto_tx_tailroom_pending_dec++;
568 			schedule_delayed_work(&sdata->dec_tailroom_needed_wk,
569 					      HZ/2);
570 		} else {
571 			decrease_tailroom_need_count(sdata, 1);
572 		}
573 	}
574 
575 	ieee80211_key_free_common(key);
576 }
577 
578 static void ieee80211_key_destroy(struct ieee80211_key *key,
579 				  bool delay_tailroom)
580 {
581 	if (!key)
582 		return;
583 
584 	/*
585 	 * Synchronize so the TX path can no longer be using
586 	 * this key before we free/remove it.
587 	 */
588 	synchronize_net();
589 
590 	__ieee80211_key_destroy(key, delay_tailroom);
591 }
592 
593 void ieee80211_key_free_unused(struct ieee80211_key *key)
594 {
595 	WARN_ON(key->sdata || key->local);
596 	ieee80211_key_free_common(key);
597 }
598 
599 int ieee80211_key_link(struct ieee80211_key *key,
600 		       struct ieee80211_sub_if_data *sdata,
601 		       struct sta_info *sta)
602 {
603 	struct ieee80211_local *local = sdata->local;
604 	struct ieee80211_key *old_key;
605 	int idx, ret;
606 	bool pairwise;
607 
608 	pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
609 	idx = key->conf.keyidx;
610 	key->local = sdata->local;
611 	key->sdata = sdata;
612 	key->sta = sta;
613 
614 	mutex_lock(&sdata->local->key_mtx);
615 
616 	if (sta && pairwise)
617 		old_key = key_mtx_dereference(sdata->local, sta->ptk[idx]);
618 	else if (sta)
619 		old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
620 	else
621 		old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
622 
623 	increment_tailroom_need_count(sdata);
624 
625 	ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
626 	ieee80211_key_destroy(old_key, true);
627 
628 	ieee80211_debugfs_key_add(key);
629 
630 	if (!local->wowlan) {
631 		ret = ieee80211_key_enable_hw_accel(key);
632 		if (ret)
633 			ieee80211_key_free(key, true);
634 	} else {
635 		ret = 0;
636 	}
637 
638 	mutex_unlock(&sdata->local->key_mtx);
639 
640 	return ret;
641 }
642 
643 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
644 {
645 	if (!key)
646 		return;
647 
648 	/*
649 	 * Replace key with nothingness if it was ever used.
650 	 */
651 	if (key->sdata)
652 		ieee80211_key_replace(key->sdata, key->sta,
653 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
654 				key, NULL);
655 	ieee80211_key_destroy(key, delay_tailroom);
656 }
657 
658 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
659 {
660 	struct ieee80211_key *key;
661 	struct ieee80211_sub_if_data *vlan;
662 
663 	ASSERT_RTNL();
664 
665 	if (WARN_ON(!ieee80211_sdata_running(sdata)))
666 		return;
667 
668 	mutex_lock(&sdata->local->key_mtx);
669 
670 	WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
671 		     sdata->crypto_tx_tailroom_pending_dec);
672 
673 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
674 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
675 			WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
676 				     vlan->crypto_tx_tailroom_pending_dec);
677 	}
678 
679 	list_for_each_entry(key, &sdata->key_list, list) {
680 		increment_tailroom_need_count(sdata);
681 		ieee80211_key_enable_hw_accel(key);
682 	}
683 
684 	mutex_unlock(&sdata->local->key_mtx);
685 }
686 
687 void ieee80211_reset_crypto_tx_tailroom(struct ieee80211_sub_if_data *sdata)
688 {
689 	struct ieee80211_sub_if_data *vlan;
690 
691 	mutex_lock(&sdata->local->key_mtx);
692 
693 	sdata->crypto_tx_tailroom_needed_cnt = 0;
694 
695 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
696 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
697 			vlan->crypto_tx_tailroom_needed_cnt = 0;
698 	}
699 
700 	mutex_unlock(&sdata->local->key_mtx);
701 }
702 
703 void ieee80211_iter_keys(struct ieee80211_hw *hw,
704 			 struct ieee80211_vif *vif,
705 			 void (*iter)(struct ieee80211_hw *hw,
706 				      struct ieee80211_vif *vif,
707 				      struct ieee80211_sta *sta,
708 				      struct ieee80211_key_conf *key,
709 				      void *data),
710 			 void *iter_data)
711 {
712 	struct ieee80211_local *local = hw_to_local(hw);
713 	struct ieee80211_key *key, *tmp;
714 	struct ieee80211_sub_if_data *sdata;
715 
716 	ASSERT_RTNL();
717 
718 	mutex_lock(&local->key_mtx);
719 	if (vif) {
720 		sdata = vif_to_sdata(vif);
721 		list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
722 			iter(hw, &sdata->vif,
723 			     key->sta ? &key->sta->sta : NULL,
724 			     &key->conf, iter_data);
725 	} else {
726 		list_for_each_entry(sdata, &local->interfaces, list)
727 			list_for_each_entry_safe(key, tmp,
728 						 &sdata->key_list, list)
729 				iter(hw, &sdata->vif,
730 				     key->sta ? &key->sta->sta : NULL,
731 				     &key->conf, iter_data);
732 	}
733 	mutex_unlock(&local->key_mtx);
734 }
735 EXPORT_SYMBOL(ieee80211_iter_keys);
736 
737 static void ieee80211_free_keys_iface(struct ieee80211_sub_if_data *sdata,
738 				      struct list_head *keys)
739 {
740 	struct ieee80211_key *key, *tmp;
741 
742 	decrease_tailroom_need_count(sdata,
743 				     sdata->crypto_tx_tailroom_pending_dec);
744 	sdata->crypto_tx_tailroom_pending_dec = 0;
745 
746 	ieee80211_debugfs_key_remove_mgmt_default(sdata);
747 
748 	list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
749 		ieee80211_key_replace(key->sdata, key->sta,
750 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
751 				key, NULL);
752 		list_add_tail(&key->list, keys);
753 	}
754 
755 	ieee80211_debugfs_key_update_default(sdata);
756 }
757 
758 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata,
759 			 bool force_synchronize)
760 {
761 	struct ieee80211_local *local = sdata->local;
762 	struct ieee80211_sub_if_data *vlan;
763 	struct ieee80211_sub_if_data *master;
764 	struct ieee80211_key *key, *tmp;
765 	LIST_HEAD(keys);
766 
767 	cancel_delayed_work_sync(&sdata->dec_tailroom_needed_wk);
768 
769 	mutex_lock(&local->key_mtx);
770 
771 	ieee80211_free_keys_iface(sdata, &keys);
772 
773 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
774 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
775 			ieee80211_free_keys_iface(vlan, &keys);
776 	}
777 
778 	if (!list_empty(&keys) || force_synchronize)
779 		synchronize_net();
780 	list_for_each_entry_safe(key, tmp, &keys, list)
781 		__ieee80211_key_destroy(key, false);
782 
783 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
784 		if (sdata->bss) {
785 			master = container_of(sdata->bss,
786 					      struct ieee80211_sub_if_data,
787 					      u.ap);
788 
789 			WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt !=
790 				     master->crypto_tx_tailroom_needed_cnt);
791 		}
792 	} else {
793 		WARN_ON_ONCE(sdata->crypto_tx_tailroom_needed_cnt ||
794 			     sdata->crypto_tx_tailroom_pending_dec);
795 	}
796 
797 	if (sdata->vif.type == NL80211_IFTYPE_AP) {
798 		list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
799 			WARN_ON_ONCE(vlan->crypto_tx_tailroom_needed_cnt ||
800 				     vlan->crypto_tx_tailroom_pending_dec);
801 	}
802 
803 	mutex_unlock(&local->key_mtx);
804 }
805 
806 void ieee80211_free_sta_keys(struct ieee80211_local *local,
807 			     struct sta_info *sta)
808 {
809 	struct ieee80211_key *key;
810 	int i;
811 
812 	mutex_lock(&local->key_mtx);
813 	for (i = 0; i < ARRAY_SIZE(sta->gtk); i++) {
814 		key = key_mtx_dereference(local, sta->gtk[i]);
815 		if (!key)
816 			continue;
817 		ieee80211_key_replace(key->sdata, key->sta,
818 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
819 				key, NULL);
820 		__ieee80211_key_destroy(key, true);
821 	}
822 
823 	for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
824 		key = key_mtx_dereference(local, sta->ptk[i]);
825 		if (!key)
826 			continue;
827 		ieee80211_key_replace(key->sdata, key->sta,
828 				key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
829 				key, NULL);
830 		__ieee80211_key_destroy(key, true);
831 	}
832 
833 	mutex_unlock(&local->key_mtx);
834 }
835 
836 void ieee80211_delayed_tailroom_dec(struct work_struct *wk)
837 {
838 	struct ieee80211_sub_if_data *sdata;
839 
840 	sdata = container_of(wk, struct ieee80211_sub_if_data,
841 			     dec_tailroom_needed_wk.work);
842 
843 	/*
844 	 * The reason for the delayed tailroom needed decrementing is to
845 	 * make roaming faster: during roaming, all keys are first deleted
846 	 * and then new keys are installed. The first new key causes the
847 	 * crypto_tx_tailroom_needed_cnt to go from 0 to 1, which invokes
848 	 * the cost of synchronize_net() (which can be slow). Avoid this
849 	 * by deferring the crypto_tx_tailroom_needed_cnt decrementing on
850 	 * key removal for a while, so if we roam the value is larger than
851 	 * zero and no 0->1 transition happens.
852 	 *
853 	 * The cost is that if the AP switching was from an AP with keys
854 	 * to one without, we still allocate tailroom while it would no
855 	 * longer be needed. However, in the typical (fast) roaming case
856 	 * within an ESS this usually won't happen.
857 	 */
858 
859 	mutex_lock(&sdata->local->key_mtx);
860 	decrease_tailroom_need_count(sdata,
861 				     sdata->crypto_tx_tailroom_pending_dec);
862 	sdata->crypto_tx_tailroom_pending_dec = 0;
863 	mutex_unlock(&sdata->local->key_mtx);
864 }
865 
866 void ieee80211_gtk_rekey_notify(struct ieee80211_vif *vif, const u8 *bssid,
867 				const u8 *replay_ctr, gfp_t gfp)
868 {
869 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
870 
871 	trace_api_gtk_rekey_notify(sdata, bssid, replay_ctr);
872 
873 	cfg80211_gtk_rekey_notify(sdata->dev, bssid, replay_ctr, gfp);
874 }
875 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify);
876 
877 void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf,
878 			      struct ieee80211_key_seq *seq)
879 {
880 	struct ieee80211_key *key;
881 	u64 pn64;
882 
883 	if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV)))
884 		return;
885 
886 	key = container_of(keyconf, struct ieee80211_key, conf);
887 
888 	switch (key->conf.cipher) {
889 	case WLAN_CIPHER_SUITE_TKIP:
890 		seq->tkip.iv32 = key->u.tkip.tx.iv32;
891 		seq->tkip.iv16 = key->u.tkip.tx.iv16;
892 		break;
893 	case WLAN_CIPHER_SUITE_CCMP:
894 	case WLAN_CIPHER_SUITE_CCMP_256:
895 		pn64 = atomic64_read(&key->u.ccmp.tx_pn);
896 		seq->ccmp.pn[5] = pn64;
897 		seq->ccmp.pn[4] = pn64 >> 8;
898 		seq->ccmp.pn[3] = pn64 >> 16;
899 		seq->ccmp.pn[2] = pn64 >> 24;
900 		seq->ccmp.pn[1] = pn64 >> 32;
901 		seq->ccmp.pn[0] = pn64 >> 40;
902 		break;
903 	case WLAN_CIPHER_SUITE_AES_CMAC:
904 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
905 		pn64 = atomic64_read(&key->u.aes_cmac.tx_pn);
906 		seq->ccmp.pn[5] = pn64;
907 		seq->ccmp.pn[4] = pn64 >> 8;
908 		seq->ccmp.pn[3] = pn64 >> 16;
909 		seq->ccmp.pn[2] = pn64 >> 24;
910 		seq->ccmp.pn[1] = pn64 >> 32;
911 		seq->ccmp.pn[0] = pn64 >> 40;
912 		break;
913 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
914 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
915 		pn64 = atomic64_read(&key->u.aes_gmac.tx_pn);
916 		seq->ccmp.pn[5] = pn64;
917 		seq->ccmp.pn[4] = pn64 >> 8;
918 		seq->ccmp.pn[3] = pn64 >> 16;
919 		seq->ccmp.pn[2] = pn64 >> 24;
920 		seq->ccmp.pn[1] = pn64 >> 32;
921 		seq->ccmp.pn[0] = pn64 >> 40;
922 		break;
923 	case WLAN_CIPHER_SUITE_GCMP:
924 	case WLAN_CIPHER_SUITE_GCMP_256:
925 		pn64 = atomic64_read(&key->u.gcmp.tx_pn);
926 		seq->gcmp.pn[5] = pn64;
927 		seq->gcmp.pn[4] = pn64 >> 8;
928 		seq->gcmp.pn[3] = pn64 >> 16;
929 		seq->gcmp.pn[2] = pn64 >> 24;
930 		seq->gcmp.pn[1] = pn64 >> 32;
931 		seq->gcmp.pn[0] = pn64 >> 40;
932 		break;
933 	default:
934 		WARN_ON(1);
935 	}
936 }
937 EXPORT_SYMBOL(ieee80211_get_key_tx_seq);
938 
939 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
940 			      int tid, struct ieee80211_key_seq *seq)
941 {
942 	struct ieee80211_key *key;
943 	const u8 *pn;
944 
945 	key = container_of(keyconf, struct ieee80211_key, conf);
946 
947 	switch (key->conf.cipher) {
948 	case WLAN_CIPHER_SUITE_TKIP:
949 		if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
950 			return;
951 		seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
952 		seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
953 		break;
954 	case WLAN_CIPHER_SUITE_CCMP:
955 	case WLAN_CIPHER_SUITE_CCMP_256:
956 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
957 			return;
958 		if (tid < 0)
959 			pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
960 		else
961 			pn = key->u.ccmp.rx_pn[tid];
962 		memcpy(seq->ccmp.pn, pn, IEEE80211_CCMP_PN_LEN);
963 		break;
964 	case WLAN_CIPHER_SUITE_AES_CMAC:
965 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
966 		if (WARN_ON(tid != 0))
967 			return;
968 		pn = key->u.aes_cmac.rx_pn;
969 		memcpy(seq->aes_cmac.pn, pn, IEEE80211_CMAC_PN_LEN);
970 		break;
971 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
972 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
973 		if (WARN_ON(tid != 0))
974 			return;
975 		pn = key->u.aes_gmac.rx_pn;
976 		memcpy(seq->aes_gmac.pn, pn, IEEE80211_GMAC_PN_LEN);
977 		break;
978 	case WLAN_CIPHER_SUITE_GCMP:
979 	case WLAN_CIPHER_SUITE_GCMP_256:
980 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
981 			return;
982 		if (tid < 0)
983 			pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
984 		else
985 			pn = key->u.gcmp.rx_pn[tid];
986 		memcpy(seq->gcmp.pn, pn, IEEE80211_GCMP_PN_LEN);
987 		break;
988 	}
989 }
990 EXPORT_SYMBOL(ieee80211_get_key_rx_seq);
991 
992 void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf,
993 			      struct ieee80211_key_seq *seq)
994 {
995 	struct ieee80211_key *key;
996 	u64 pn64;
997 
998 	key = container_of(keyconf, struct ieee80211_key, conf);
999 
1000 	switch (key->conf.cipher) {
1001 	case WLAN_CIPHER_SUITE_TKIP:
1002 		key->u.tkip.tx.iv32 = seq->tkip.iv32;
1003 		key->u.tkip.tx.iv16 = seq->tkip.iv16;
1004 		break;
1005 	case WLAN_CIPHER_SUITE_CCMP:
1006 	case WLAN_CIPHER_SUITE_CCMP_256:
1007 		pn64 = (u64)seq->ccmp.pn[5] |
1008 		       ((u64)seq->ccmp.pn[4] << 8) |
1009 		       ((u64)seq->ccmp.pn[3] << 16) |
1010 		       ((u64)seq->ccmp.pn[2] << 24) |
1011 		       ((u64)seq->ccmp.pn[1] << 32) |
1012 		       ((u64)seq->ccmp.pn[0] << 40);
1013 		atomic64_set(&key->u.ccmp.tx_pn, pn64);
1014 		break;
1015 	case WLAN_CIPHER_SUITE_AES_CMAC:
1016 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1017 		pn64 = (u64)seq->aes_cmac.pn[5] |
1018 		       ((u64)seq->aes_cmac.pn[4] << 8) |
1019 		       ((u64)seq->aes_cmac.pn[3] << 16) |
1020 		       ((u64)seq->aes_cmac.pn[2] << 24) |
1021 		       ((u64)seq->aes_cmac.pn[1] << 32) |
1022 		       ((u64)seq->aes_cmac.pn[0] << 40);
1023 		atomic64_set(&key->u.aes_cmac.tx_pn, pn64);
1024 		break;
1025 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1026 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1027 		pn64 = (u64)seq->aes_gmac.pn[5] |
1028 		       ((u64)seq->aes_gmac.pn[4] << 8) |
1029 		       ((u64)seq->aes_gmac.pn[3] << 16) |
1030 		       ((u64)seq->aes_gmac.pn[2] << 24) |
1031 		       ((u64)seq->aes_gmac.pn[1] << 32) |
1032 		       ((u64)seq->aes_gmac.pn[0] << 40);
1033 		atomic64_set(&key->u.aes_gmac.tx_pn, pn64);
1034 		break;
1035 	case WLAN_CIPHER_SUITE_GCMP:
1036 	case WLAN_CIPHER_SUITE_GCMP_256:
1037 		pn64 = (u64)seq->gcmp.pn[5] |
1038 		       ((u64)seq->gcmp.pn[4] << 8) |
1039 		       ((u64)seq->gcmp.pn[3] << 16) |
1040 		       ((u64)seq->gcmp.pn[2] << 24) |
1041 		       ((u64)seq->gcmp.pn[1] << 32) |
1042 		       ((u64)seq->gcmp.pn[0] << 40);
1043 		atomic64_set(&key->u.gcmp.tx_pn, pn64);
1044 		break;
1045 	default:
1046 		WARN_ON(1);
1047 		break;
1048 	}
1049 }
1050 EXPORT_SYMBOL_GPL(ieee80211_set_key_tx_seq);
1051 
1052 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
1053 			      int tid, struct ieee80211_key_seq *seq)
1054 {
1055 	struct ieee80211_key *key;
1056 	u8 *pn;
1057 
1058 	key = container_of(keyconf, struct ieee80211_key, conf);
1059 
1060 	switch (key->conf.cipher) {
1061 	case WLAN_CIPHER_SUITE_TKIP:
1062 		if (WARN_ON(tid < 0 || tid >= IEEE80211_NUM_TIDS))
1063 			return;
1064 		key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1065 		key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1066 		break;
1067 	case WLAN_CIPHER_SUITE_CCMP:
1068 	case WLAN_CIPHER_SUITE_CCMP_256:
1069 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1070 			return;
1071 		if (tid < 0)
1072 			pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1073 		else
1074 			pn = key->u.ccmp.rx_pn[tid];
1075 		memcpy(pn, seq->ccmp.pn, IEEE80211_CCMP_PN_LEN);
1076 		break;
1077 	case WLAN_CIPHER_SUITE_AES_CMAC:
1078 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1079 		if (WARN_ON(tid != 0))
1080 			return;
1081 		pn = key->u.aes_cmac.rx_pn;
1082 		memcpy(pn, seq->aes_cmac.pn, IEEE80211_CMAC_PN_LEN);
1083 		break;
1084 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1085 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1086 		if (WARN_ON(tid != 0))
1087 			return;
1088 		pn = key->u.aes_gmac.rx_pn;
1089 		memcpy(pn, seq->aes_gmac.pn, IEEE80211_GMAC_PN_LEN);
1090 		break;
1091 	case WLAN_CIPHER_SUITE_GCMP:
1092 	case WLAN_CIPHER_SUITE_GCMP_256:
1093 		if (WARN_ON(tid < -1 || tid >= IEEE80211_NUM_TIDS))
1094 			return;
1095 		if (tid < 0)
1096 			pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1097 		else
1098 			pn = key->u.gcmp.rx_pn[tid];
1099 		memcpy(pn, seq->gcmp.pn, IEEE80211_GCMP_PN_LEN);
1100 		break;
1101 	default:
1102 		WARN_ON(1);
1103 		break;
1104 	}
1105 }
1106 EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
1107 
1108 void ieee80211_remove_key(struct ieee80211_key_conf *keyconf)
1109 {
1110 	struct ieee80211_key *key;
1111 
1112 	key = container_of(keyconf, struct ieee80211_key, conf);
1113 
1114 	assert_key_lock(key->local);
1115 
1116 	/*
1117 	 * if key was uploaded, we assume the driver will/has remove(d)
1118 	 * it, so adjust bookkeeping accordingly
1119 	 */
1120 	if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1121 		key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1122 
1123 		if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
1124 		      (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM)))
1125 			increment_tailroom_need_count(key->sdata);
1126 	}
1127 
1128 	ieee80211_key_free(key, false);
1129 }
1130 EXPORT_SYMBOL_GPL(ieee80211_remove_key);
1131 
1132 struct ieee80211_key_conf *
1133 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
1134 			struct ieee80211_key_conf *keyconf)
1135 {
1136 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1137 	struct ieee80211_local *local = sdata->local;
1138 	struct ieee80211_key *key;
1139 	int err;
1140 
1141 	if (WARN_ON(!local->wowlan))
1142 		return ERR_PTR(-EINVAL);
1143 
1144 	if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1145 		return ERR_PTR(-EINVAL);
1146 
1147 	key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1148 				  keyconf->keylen, keyconf->key,
1149 				  0, NULL, NULL);
1150 	if (IS_ERR(key))
1151 		return ERR_CAST(key);
1152 
1153 	if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
1154 		key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1155 
1156 	err = ieee80211_key_link(key, sdata, NULL);
1157 	if (err)
1158 		return ERR_PTR(err);
1159 
1160 	return &key->conf;
1161 }
1162 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_add);
1163