1 /* 2 * Copyright 2002-2005, Instant802 Networks, Inc. 3 * Copyright 2005-2006, Devicescape Software, Inc. 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 12 #include <linux/if_ether.h> 13 #include <linux/etherdevice.h> 14 #include <linux/list.h> 15 #include <linux/rcupdate.h> 16 #include <linux/rtnetlink.h> 17 #include <linux/slab.h> 18 #include <net/mac80211.h> 19 #include "ieee80211_i.h" 20 #include "driver-ops.h" 21 #include "debugfs_key.h" 22 #include "aes_ccm.h" 23 #include "aes_cmac.h" 24 25 26 /** 27 * DOC: Key handling basics 28 * 29 * Key handling in mac80211 is done based on per-interface (sub_if_data) 30 * keys and per-station keys. Since each station belongs to an interface, 31 * each station key also belongs to that interface. 32 * 33 * Hardware acceleration is done on a best-effort basis, for each key 34 * that is eligible the hardware is asked to enable that key but if 35 * it cannot do that they key is simply kept for software encryption. 36 * There is currently no way of knowing this except by looking into 37 * debugfs. 38 * 39 * All key operations are protected internally so you can call them at 40 * any time. 41 * 42 * Within mac80211, key references are, just as STA structure references, 43 * protected by RCU. Note, however, that some things are unprotected, 44 * namely the key->sta dereferences within the hardware acceleration 45 * functions. This means that sta_info_destroy() must flush the key todo 46 * list. 47 * 48 * All the direct key list manipulation functions must not sleep because 49 * they can operate on STA info structs that are protected by RCU. 50 */ 51 52 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 53 54 /* key mutex: used to synchronise todo runners */ 55 static DEFINE_MUTEX(key_mutex); 56 static DEFINE_SPINLOCK(todo_lock); 57 static LIST_HEAD(todo_list); 58 59 static void key_todo(struct work_struct *work) 60 { 61 ieee80211_key_todo(); 62 } 63 64 static DECLARE_WORK(todo_work, key_todo); 65 66 /** 67 * add_todo - add todo item for a key 68 * 69 * @key: key to add to do item for 70 * @flag: todo flag(s) 71 * 72 * Must be called with IRQs or softirqs disabled. 73 */ 74 static void add_todo(struct ieee80211_key *key, u32 flag) 75 { 76 if (!key) 77 return; 78 79 spin_lock(&todo_lock); 80 key->flags |= flag; 81 /* 82 * Remove again if already on the list so that we move it to the end. 83 */ 84 if (!list_empty(&key->todo)) 85 list_del(&key->todo); 86 list_add_tail(&key->todo, &todo_list); 87 schedule_work(&todo_work); 88 spin_unlock(&todo_lock); 89 } 90 91 /** 92 * ieee80211_key_lock - lock the mac80211 key operation lock 93 * 94 * This locks the (global) mac80211 key operation lock, all 95 * key operations must be done under this lock. 96 */ 97 static void ieee80211_key_lock(void) 98 { 99 mutex_lock(&key_mutex); 100 } 101 102 /** 103 * ieee80211_key_unlock - unlock the mac80211 key operation lock 104 */ 105 static void ieee80211_key_unlock(void) 106 { 107 mutex_unlock(&key_mutex); 108 } 109 110 static void assert_key_lock(void) 111 { 112 WARN_ON(!mutex_is_locked(&key_mutex)); 113 } 114 115 static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key) 116 { 117 if (key->sta) 118 return &key->sta->sta; 119 120 return NULL; 121 } 122 123 static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key) 124 { 125 struct ieee80211_sub_if_data *sdata; 126 struct ieee80211_sta *sta; 127 int ret; 128 129 assert_key_lock(); 130 might_sleep(); 131 132 if (!key->local->ops->set_key) 133 return; 134 135 sta = get_sta_for_key(key); 136 137 sdata = key->sdata; 138 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 139 sdata = container_of(sdata->bss, 140 struct ieee80211_sub_if_data, 141 u.ap); 142 143 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf); 144 145 if (!ret) { 146 spin_lock_bh(&todo_lock); 147 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 148 spin_unlock_bh(&todo_lock); 149 } 150 151 if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP) 152 printk(KERN_ERR "mac80211-%s: failed to set key " 153 "(%d, %pM) to hardware (%d)\n", 154 wiphy_name(key->local->hw.wiphy), 155 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 156 } 157 158 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) 159 { 160 struct ieee80211_sub_if_data *sdata; 161 struct ieee80211_sta *sta; 162 int ret; 163 164 assert_key_lock(); 165 might_sleep(); 166 167 if (!key || !key->local->ops->set_key) 168 return; 169 170 spin_lock_bh(&todo_lock); 171 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) { 172 spin_unlock_bh(&todo_lock); 173 return; 174 } 175 spin_unlock_bh(&todo_lock); 176 177 sta = get_sta_for_key(key); 178 sdata = key->sdata; 179 180 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 181 sdata = container_of(sdata->bss, 182 struct ieee80211_sub_if_data, 183 u.ap); 184 185 ret = drv_set_key(key->local, DISABLE_KEY, sdata, 186 sta, &key->conf); 187 188 if (ret) 189 printk(KERN_ERR "mac80211-%s: failed to remove key " 190 "(%d, %pM) from hardware (%d)\n", 191 wiphy_name(key->local->hw.wiphy), 192 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 193 194 spin_lock_bh(&todo_lock); 195 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 196 spin_unlock_bh(&todo_lock); 197 } 198 199 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 200 int idx) 201 { 202 struct ieee80211_key *key = NULL; 203 204 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) 205 key = sdata->keys[idx]; 206 207 rcu_assign_pointer(sdata->default_key, key); 208 209 if (key) 210 add_todo(key, KEY_FLAG_TODO_DEFKEY); 211 } 212 213 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx) 214 { 215 unsigned long flags; 216 217 spin_lock_irqsave(&sdata->local->key_lock, flags); 218 __ieee80211_set_default_key(sdata, idx); 219 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 220 } 221 222 static void 223 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx) 224 { 225 struct ieee80211_key *key = NULL; 226 227 if (idx >= NUM_DEFAULT_KEYS && 228 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 229 key = sdata->keys[idx]; 230 231 rcu_assign_pointer(sdata->default_mgmt_key, key); 232 233 if (key) 234 add_todo(key, KEY_FLAG_TODO_DEFMGMTKEY); 235 } 236 237 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 238 int idx) 239 { 240 unsigned long flags; 241 242 spin_lock_irqsave(&sdata->local->key_lock, flags); 243 __ieee80211_set_default_mgmt_key(sdata, idx); 244 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 245 } 246 247 248 static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 249 struct sta_info *sta, 250 struct ieee80211_key *old, 251 struct ieee80211_key *new) 252 { 253 int idx, defkey, defmgmtkey; 254 255 if (new) 256 list_add(&new->list, &sdata->key_list); 257 258 if (sta) { 259 rcu_assign_pointer(sta->key, new); 260 } else { 261 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); 262 263 if (old) 264 idx = old->conf.keyidx; 265 else 266 idx = new->conf.keyidx; 267 268 defkey = old && sdata->default_key == old; 269 defmgmtkey = old && sdata->default_mgmt_key == old; 270 271 if (defkey && !new) 272 __ieee80211_set_default_key(sdata, -1); 273 if (defmgmtkey && !new) 274 __ieee80211_set_default_mgmt_key(sdata, -1); 275 276 rcu_assign_pointer(sdata->keys[idx], new); 277 if (defkey && new) 278 __ieee80211_set_default_key(sdata, new->conf.keyidx); 279 if (defmgmtkey && new) 280 __ieee80211_set_default_mgmt_key(sdata, 281 new->conf.keyidx); 282 } 283 284 if (old) { 285 /* 286 * We'll use an empty list to indicate that the key 287 * has already been removed. 288 */ 289 list_del_init(&old->list); 290 } 291 } 292 293 struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg, 294 int idx, 295 size_t key_len, 296 const u8 *key_data, 297 size_t seq_len, const u8 *seq) 298 { 299 struct ieee80211_key *key; 300 int i, j; 301 302 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS); 303 304 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); 305 if (!key) 306 return NULL; 307 308 /* 309 * Default to software encryption; we'll later upload the 310 * key to the hardware if possible. 311 */ 312 key->conf.flags = 0; 313 key->flags = 0; 314 315 key->conf.alg = alg; 316 key->conf.keyidx = idx; 317 key->conf.keylen = key_len; 318 switch (alg) { 319 case ALG_WEP: 320 key->conf.iv_len = WEP_IV_LEN; 321 key->conf.icv_len = WEP_ICV_LEN; 322 break; 323 case ALG_TKIP: 324 key->conf.iv_len = TKIP_IV_LEN; 325 key->conf.icv_len = TKIP_ICV_LEN; 326 if (seq) { 327 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) { 328 key->u.tkip.rx[i].iv32 = 329 get_unaligned_le32(&seq[2]); 330 key->u.tkip.rx[i].iv16 = 331 get_unaligned_le16(seq); 332 } 333 } 334 break; 335 case ALG_CCMP: 336 key->conf.iv_len = CCMP_HDR_LEN; 337 key->conf.icv_len = CCMP_MIC_LEN; 338 if (seq) { 339 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 340 for (j = 0; j < CCMP_PN_LEN; j++) 341 key->u.ccmp.rx_pn[i][j] = 342 seq[CCMP_PN_LEN - j - 1]; 343 } 344 break; 345 case ALG_AES_CMAC: 346 key->conf.iv_len = 0; 347 key->conf.icv_len = sizeof(struct ieee80211_mmie); 348 if (seq) 349 for (j = 0; j < 6; j++) 350 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1]; 351 break; 352 } 353 memcpy(key->conf.key, key_data, key_len); 354 INIT_LIST_HEAD(&key->list); 355 INIT_LIST_HEAD(&key->todo); 356 357 if (alg == ALG_CCMP) { 358 /* 359 * Initialize AES key state here as an optimization so that 360 * it does not need to be initialized for every packet. 361 */ 362 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data); 363 if (!key->u.ccmp.tfm) { 364 kfree(key); 365 return NULL; 366 } 367 } 368 369 if (alg == ALG_AES_CMAC) { 370 /* 371 * Initialize AES key state here as an optimization so that 372 * it does not need to be initialized for every packet. 373 */ 374 key->u.aes_cmac.tfm = 375 ieee80211_aes_cmac_key_setup(key_data); 376 if (!key->u.aes_cmac.tfm) { 377 kfree(key); 378 return NULL; 379 } 380 } 381 382 return key; 383 } 384 385 void ieee80211_key_link(struct ieee80211_key *key, 386 struct ieee80211_sub_if_data *sdata, 387 struct sta_info *sta) 388 { 389 struct ieee80211_key *old_key; 390 unsigned long flags; 391 int idx; 392 393 BUG_ON(!sdata); 394 BUG_ON(!key); 395 396 idx = key->conf.keyidx; 397 key->local = sdata->local; 398 key->sdata = sdata; 399 key->sta = sta; 400 401 if (sta) { 402 /* 403 * some hardware cannot handle TKIP with QoS, so 404 * we indicate whether QoS could be in use. 405 */ 406 if (test_sta_flags(sta, WLAN_STA_WME)) 407 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA; 408 409 /* 410 * This key is for a specific sta interface, 411 * inform the driver that it should try to store 412 * this key as pairwise key. 413 */ 414 key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE; 415 } else { 416 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 417 struct sta_info *ap; 418 419 /* 420 * We're getting a sta pointer in, 421 * so must be under RCU read lock. 422 */ 423 424 /* same here, the AP could be using QoS */ 425 ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid); 426 if (ap) { 427 if (test_sta_flags(ap, WLAN_STA_WME)) 428 key->conf.flags |= 429 IEEE80211_KEY_FLAG_WMM_STA; 430 } 431 } 432 } 433 434 spin_lock_irqsave(&sdata->local->key_lock, flags); 435 436 if (sta) 437 old_key = sta->key; 438 else 439 old_key = sdata->keys[idx]; 440 441 __ieee80211_key_replace(sdata, sta, old_key, key); 442 443 /* free old key later */ 444 add_todo(old_key, KEY_FLAG_TODO_DELETE); 445 446 add_todo(key, KEY_FLAG_TODO_ADD_DEBUGFS); 447 if (ieee80211_sdata_running(sdata)) 448 add_todo(key, KEY_FLAG_TODO_HWACCEL_ADD); 449 450 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 451 } 452 453 static void __ieee80211_key_free(struct ieee80211_key *key) 454 { 455 /* 456 * Replace key with nothingness if it was ever used. 457 */ 458 if (key->sdata) 459 __ieee80211_key_replace(key->sdata, key->sta, 460 key, NULL); 461 462 add_todo(key, KEY_FLAG_TODO_DELETE); 463 } 464 465 void ieee80211_key_free(struct ieee80211_key *key) 466 { 467 unsigned long flags; 468 469 if (!key) 470 return; 471 472 if (!key->sdata) { 473 /* The key has not been linked yet, simply free it 474 * and don't Oops */ 475 if (key->conf.alg == ALG_CCMP) 476 ieee80211_aes_key_free(key->u.ccmp.tfm); 477 kfree(key); 478 return; 479 } 480 481 spin_lock_irqsave(&key->sdata->local->key_lock, flags); 482 __ieee80211_key_free(key); 483 spin_unlock_irqrestore(&key->sdata->local->key_lock, flags); 484 } 485 486 /* 487 * To be safe against concurrent manipulations of the list (which shouldn't 488 * actually happen) we need to hold the spinlock. But under the spinlock we 489 * can't actually do much, so we defer processing to the todo list. Then run 490 * the todo list to be sure the operation and possibly previously pending 491 * operations are completed. 492 */ 493 static void ieee80211_todo_for_each_key(struct ieee80211_sub_if_data *sdata, 494 u32 todo_flags) 495 { 496 struct ieee80211_key *key; 497 unsigned long flags; 498 499 might_sleep(); 500 501 spin_lock_irqsave(&sdata->local->key_lock, flags); 502 list_for_each_entry(key, &sdata->key_list, list) 503 add_todo(key, todo_flags); 504 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 505 506 ieee80211_key_todo(); 507 } 508 509 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) 510 { 511 ASSERT_RTNL(); 512 513 if (WARN_ON(!ieee80211_sdata_running(sdata))) 514 return; 515 516 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_ADD); 517 } 518 519 void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) 520 { 521 ASSERT_RTNL(); 522 523 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_REMOVE); 524 } 525 526 static void __ieee80211_key_destroy(struct ieee80211_key *key) 527 { 528 if (!key) 529 return; 530 531 ieee80211_key_disable_hw_accel(key); 532 533 if (key->conf.alg == ALG_CCMP) 534 ieee80211_aes_key_free(key->u.ccmp.tfm); 535 if (key->conf.alg == ALG_AES_CMAC) 536 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); 537 ieee80211_debugfs_key_remove(key); 538 539 kfree(key); 540 } 541 542 static void __ieee80211_key_todo(void) 543 { 544 struct ieee80211_key *key; 545 bool work_done; 546 u32 todoflags; 547 548 /* 549 * NB: sta_info_destroy relies on this! 550 */ 551 synchronize_rcu(); 552 553 spin_lock_bh(&todo_lock); 554 while (!list_empty(&todo_list)) { 555 key = list_first_entry(&todo_list, struct ieee80211_key, todo); 556 list_del_init(&key->todo); 557 todoflags = key->flags & (KEY_FLAG_TODO_ADD_DEBUGFS | 558 KEY_FLAG_TODO_DEFKEY | 559 KEY_FLAG_TODO_DEFMGMTKEY | 560 KEY_FLAG_TODO_HWACCEL_ADD | 561 KEY_FLAG_TODO_HWACCEL_REMOVE | 562 KEY_FLAG_TODO_DELETE); 563 key->flags &= ~todoflags; 564 spin_unlock_bh(&todo_lock); 565 566 work_done = false; 567 568 if (todoflags & KEY_FLAG_TODO_ADD_DEBUGFS) { 569 ieee80211_debugfs_key_add(key); 570 work_done = true; 571 } 572 if (todoflags & KEY_FLAG_TODO_DEFKEY) { 573 ieee80211_debugfs_key_remove_default(key->sdata); 574 ieee80211_debugfs_key_add_default(key->sdata); 575 work_done = true; 576 } 577 if (todoflags & KEY_FLAG_TODO_DEFMGMTKEY) { 578 ieee80211_debugfs_key_remove_mgmt_default(key->sdata); 579 ieee80211_debugfs_key_add_mgmt_default(key->sdata); 580 work_done = true; 581 } 582 if (todoflags & KEY_FLAG_TODO_HWACCEL_ADD) { 583 ieee80211_key_enable_hw_accel(key); 584 work_done = true; 585 } 586 if (todoflags & KEY_FLAG_TODO_HWACCEL_REMOVE) { 587 ieee80211_key_disable_hw_accel(key); 588 work_done = true; 589 } 590 if (todoflags & KEY_FLAG_TODO_DELETE) { 591 __ieee80211_key_destroy(key); 592 work_done = true; 593 } 594 595 WARN_ON(!work_done); 596 597 spin_lock_bh(&todo_lock); 598 } 599 spin_unlock_bh(&todo_lock); 600 } 601 602 void ieee80211_key_todo(void) 603 { 604 ieee80211_key_lock(); 605 __ieee80211_key_todo(); 606 ieee80211_key_unlock(); 607 } 608 609 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata) 610 { 611 struct ieee80211_key *key, *tmp; 612 unsigned long flags; 613 614 ieee80211_key_lock(); 615 616 ieee80211_debugfs_key_remove_default(sdata); 617 ieee80211_debugfs_key_remove_mgmt_default(sdata); 618 619 spin_lock_irqsave(&sdata->local->key_lock, flags); 620 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) 621 __ieee80211_key_free(key); 622 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 623 624 __ieee80211_key_todo(); 625 626 ieee80211_key_unlock(); 627 } 628