1 /* 2 * Copyright 2002-2005, Instant802 Networks, Inc. 3 * Copyright 2005-2006, Devicescape Software, Inc. 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 */ 11 12 #include <linux/if_ether.h> 13 #include <linux/etherdevice.h> 14 #include <linux/list.h> 15 #include <linux/rcupdate.h> 16 #include <linux/rtnetlink.h> 17 #include <linux/slab.h> 18 #include <net/mac80211.h> 19 #include "ieee80211_i.h" 20 #include "driver-ops.h" 21 #include "debugfs_key.h" 22 #include "aes_ccm.h" 23 #include "aes_cmac.h" 24 25 26 /** 27 * DOC: Key handling basics 28 * 29 * Key handling in mac80211 is done based on per-interface (sub_if_data) 30 * keys and per-station keys. Since each station belongs to an interface, 31 * each station key also belongs to that interface. 32 * 33 * Hardware acceleration is done on a best-effort basis, for each key 34 * that is eligible the hardware is asked to enable that key but if 35 * it cannot do that they key is simply kept for software encryption. 36 * There is currently no way of knowing this except by looking into 37 * debugfs. 38 * 39 * All key operations are protected internally. 40 * 41 * Within mac80211, key references are, just as STA structure references, 42 * protected by RCU. Note, however, that some things are unprotected, 43 * namely the key->sta dereferences within the hardware acceleration 44 * functions. This means that sta_info_destroy() must remove the key 45 * which waits for an RCU grace period. 46 */ 47 48 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 49 50 static void assert_key_lock(struct ieee80211_local *local) 51 { 52 lockdep_assert_held(&local->key_mtx); 53 } 54 55 static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key) 56 { 57 if (key->sta) 58 return &key->sta->sta; 59 60 return NULL; 61 } 62 63 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) 64 { 65 struct ieee80211_sub_if_data *sdata; 66 struct ieee80211_sta *sta; 67 int ret; 68 69 might_sleep(); 70 71 if (!key->local->ops->set_key) 72 goto out_unsupported; 73 74 assert_key_lock(key->local); 75 76 sta = get_sta_for_key(key); 77 78 /* 79 * If this is a per-STA GTK, check if it 80 * is supported; if not, return. 81 */ 82 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) && 83 !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)) 84 goto out_unsupported; 85 86 sdata = key->sdata; 87 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 88 sdata = container_of(sdata->bss, 89 struct ieee80211_sub_if_data, 90 u.ap); 91 92 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf); 93 94 if (!ret) { 95 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 96 return 0; 97 } 98 99 if (ret != -ENOSPC && ret != -EOPNOTSUPP) 100 wiphy_err(key->local->hw.wiphy, 101 "failed to set key (%d, %pM) to hardware (%d)\n", 102 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 103 104 out_unsupported: 105 switch (key->conf.cipher) { 106 case WLAN_CIPHER_SUITE_WEP40: 107 case WLAN_CIPHER_SUITE_WEP104: 108 case WLAN_CIPHER_SUITE_TKIP: 109 case WLAN_CIPHER_SUITE_CCMP: 110 case WLAN_CIPHER_SUITE_AES_CMAC: 111 /* all of these we can do in software */ 112 return 0; 113 default: 114 return -EINVAL; 115 } 116 } 117 118 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) 119 { 120 struct ieee80211_sub_if_data *sdata; 121 struct ieee80211_sta *sta; 122 int ret; 123 124 might_sleep(); 125 126 if (!key || !key->local->ops->set_key) 127 return; 128 129 assert_key_lock(key->local); 130 131 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 132 return; 133 134 sta = get_sta_for_key(key); 135 sdata = key->sdata; 136 137 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 138 sdata = container_of(sdata->bss, 139 struct ieee80211_sub_if_data, 140 u.ap); 141 142 ret = drv_set_key(key->local, DISABLE_KEY, sdata, 143 sta, &key->conf); 144 145 if (ret) 146 wiphy_err(key->local->hw.wiphy, 147 "failed to remove key (%d, %pM) from hardware (%d)\n", 148 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 149 150 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 151 } 152 153 void ieee80211_key_removed(struct ieee80211_key_conf *key_conf) 154 { 155 struct ieee80211_key *key; 156 157 key = container_of(key_conf, struct ieee80211_key, conf); 158 159 might_sleep(); 160 assert_key_lock(key->local); 161 162 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 163 164 /* 165 * Flush TX path to avoid attempts to use this key 166 * after this function returns. Until then, drivers 167 * must be prepared to handle the key. 168 */ 169 synchronize_rcu(); 170 } 171 EXPORT_SYMBOL_GPL(ieee80211_key_removed); 172 173 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 174 int idx) 175 { 176 struct ieee80211_key *key = NULL; 177 178 assert_key_lock(sdata->local); 179 180 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) 181 key = sdata->keys[idx]; 182 183 rcu_assign_pointer(sdata->default_key, key); 184 185 if (key) { 186 ieee80211_debugfs_key_remove_default(key->sdata); 187 ieee80211_debugfs_key_add_default(key->sdata); 188 } 189 } 190 191 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx) 192 { 193 mutex_lock(&sdata->local->key_mtx); 194 __ieee80211_set_default_key(sdata, idx); 195 mutex_unlock(&sdata->local->key_mtx); 196 } 197 198 static void 199 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx) 200 { 201 struct ieee80211_key *key = NULL; 202 203 assert_key_lock(sdata->local); 204 205 if (idx >= NUM_DEFAULT_KEYS && 206 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 207 key = sdata->keys[idx]; 208 209 rcu_assign_pointer(sdata->default_mgmt_key, key); 210 211 if (key) { 212 ieee80211_debugfs_key_remove_mgmt_default(key->sdata); 213 ieee80211_debugfs_key_add_mgmt_default(key->sdata); 214 } 215 } 216 217 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 218 int idx) 219 { 220 mutex_lock(&sdata->local->key_mtx); 221 __ieee80211_set_default_mgmt_key(sdata, idx); 222 mutex_unlock(&sdata->local->key_mtx); 223 } 224 225 226 static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 227 struct sta_info *sta, 228 bool pairwise, 229 struct ieee80211_key *old, 230 struct ieee80211_key *new) 231 { 232 int idx, defkey, defmgmtkey; 233 234 if (new) 235 list_add(&new->list, &sdata->key_list); 236 237 if (sta && pairwise) { 238 rcu_assign_pointer(sta->ptk, new); 239 } else if (sta) { 240 if (old) 241 idx = old->conf.keyidx; 242 else 243 idx = new->conf.keyidx; 244 rcu_assign_pointer(sta->gtk[idx], new); 245 } else { 246 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); 247 248 if (old) 249 idx = old->conf.keyidx; 250 else 251 idx = new->conf.keyidx; 252 253 defkey = old && sdata->default_key == old; 254 defmgmtkey = old && sdata->default_mgmt_key == old; 255 256 if (defkey && !new) 257 __ieee80211_set_default_key(sdata, -1); 258 if (defmgmtkey && !new) 259 __ieee80211_set_default_mgmt_key(sdata, -1); 260 261 rcu_assign_pointer(sdata->keys[idx], new); 262 if (defkey && new) 263 __ieee80211_set_default_key(sdata, new->conf.keyidx); 264 if (defmgmtkey && new) 265 __ieee80211_set_default_mgmt_key(sdata, 266 new->conf.keyidx); 267 } 268 269 if (old) { 270 /* 271 * We'll use an empty list to indicate that the key 272 * has already been removed. 273 */ 274 list_del_init(&old->list); 275 } 276 } 277 278 struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, 279 const u8 *key_data, 280 size_t seq_len, const u8 *seq) 281 { 282 struct ieee80211_key *key; 283 int i, j, err; 284 285 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS); 286 287 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); 288 if (!key) 289 return ERR_PTR(-ENOMEM); 290 291 /* 292 * Default to software encryption; we'll later upload the 293 * key to the hardware if possible. 294 */ 295 key->conf.flags = 0; 296 key->flags = 0; 297 298 key->conf.cipher = cipher; 299 key->conf.keyidx = idx; 300 key->conf.keylen = key_len; 301 switch (cipher) { 302 case WLAN_CIPHER_SUITE_WEP40: 303 case WLAN_CIPHER_SUITE_WEP104: 304 key->conf.iv_len = WEP_IV_LEN; 305 key->conf.icv_len = WEP_ICV_LEN; 306 break; 307 case WLAN_CIPHER_SUITE_TKIP: 308 key->conf.iv_len = TKIP_IV_LEN; 309 key->conf.icv_len = TKIP_ICV_LEN; 310 if (seq) { 311 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) { 312 key->u.tkip.rx[i].iv32 = 313 get_unaligned_le32(&seq[2]); 314 key->u.tkip.rx[i].iv16 = 315 get_unaligned_le16(seq); 316 } 317 } 318 break; 319 case WLAN_CIPHER_SUITE_CCMP: 320 key->conf.iv_len = CCMP_HDR_LEN; 321 key->conf.icv_len = CCMP_MIC_LEN; 322 if (seq) { 323 for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++) 324 for (j = 0; j < CCMP_PN_LEN; j++) 325 key->u.ccmp.rx_pn[i][j] = 326 seq[CCMP_PN_LEN - j - 1]; 327 } 328 /* 329 * Initialize AES key state here as an optimization so that 330 * it does not need to be initialized for every packet. 331 */ 332 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data); 333 if (IS_ERR(key->u.ccmp.tfm)) { 334 err = PTR_ERR(key->u.ccmp.tfm); 335 kfree(key); 336 key = ERR_PTR(err); 337 } 338 break; 339 case WLAN_CIPHER_SUITE_AES_CMAC: 340 key->conf.iv_len = 0; 341 key->conf.icv_len = sizeof(struct ieee80211_mmie); 342 if (seq) 343 for (j = 0; j < 6; j++) 344 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1]; 345 /* 346 * Initialize AES key state here as an optimization so that 347 * it does not need to be initialized for every packet. 348 */ 349 key->u.aes_cmac.tfm = 350 ieee80211_aes_cmac_key_setup(key_data); 351 if (IS_ERR(key->u.aes_cmac.tfm)) { 352 err = PTR_ERR(key->u.aes_cmac.tfm); 353 kfree(key); 354 key = ERR_PTR(err); 355 } 356 break; 357 } 358 memcpy(key->conf.key, key_data, key_len); 359 INIT_LIST_HEAD(&key->list); 360 361 return key; 362 } 363 364 static void __ieee80211_key_destroy(struct ieee80211_key *key) 365 { 366 if (!key) 367 return; 368 369 if (key->local) 370 ieee80211_key_disable_hw_accel(key); 371 372 if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP) 373 ieee80211_aes_key_free(key->u.ccmp.tfm); 374 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC) 375 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); 376 if (key->local) 377 ieee80211_debugfs_key_remove(key); 378 379 kfree(key); 380 } 381 382 int ieee80211_key_link(struct ieee80211_key *key, 383 struct ieee80211_sub_if_data *sdata, 384 struct sta_info *sta) 385 { 386 struct ieee80211_key *old_key; 387 int idx, ret; 388 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; 389 390 BUG_ON(!sdata); 391 BUG_ON(!key); 392 393 idx = key->conf.keyidx; 394 key->local = sdata->local; 395 key->sdata = sdata; 396 key->sta = sta; 397 398 if (sta) { 399 /* 400 * some hardware cannot handle TKIP with QoS, so 401 * we indicate whether QoS could be in use. 402 */ 403 if (test_sta_flags(sta, WLAN_STA_WME)) 404 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA; 405 } else { 406 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 407 struct sta_info *ap; 408 409 /* 410 * We're getting a sta pointer in, 411 * so must be under RCU read lock. 412 */ 413 414 /* same here, the AP could be using QoS */ 415 ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid); 416 if (ap) { 417 if (test_sta_flags(ap, WLAN_STA_WME)) 418 key->conf.flags |= 419 IEEE80211_KEY_FLAG_WMM_STA; 420 } 421 } 422 } 423 424 mutex_lock(&sdata->local->key_mtx); 425 426 if (sta && pairwise) 427 old_key = sta->ptk; 428 else if (sta) 429 old_key = sta->gtk[idx]; 430 else 431 old_key = sdata->keys[idx]; 432 433 __ieee80211_key_replace(sdata, sta, pairwise, old_key, key); 434 __ieee80211_key_destroy(old_key); 435 436 ieee80211_debugfs_key_add(key); 437 438 ret = ieee80211_key_enable_hw_accel(key); 439 440 mutex_unlock(&sdata->local->key_mtx); 441 442 return ret; 443 } 444 445 static void __ieee80211_key_free(struct ieee80211_key *key) 446 { 447 /* 448 * Replace key with nothingness if it was ever used. 449 */ 450 if (key->sdata) 451 __ieee80211_key_replace(key->sdata, key->sta, 452 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, 453 key, NULL); 454 __ieee80211_key_destroy(key); 455 } 456 457 void ieee80211_key_free(struct ieee80211_local *local, 458 struct ieee80211_key *key) 459 { 460 if (!key) 461 return; 462 463 mutex_lock(&local->key_mtx); 464 __ieee80211_key_free(key); 465 mutex_unlock(&local->key_mtx); 466 } 467 468 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata) 469 { 470 struct ieee80211_key *key; 471 472 ASSERT_RTNL(); 473 474 if (WARN_ON(!ieee80211_sdata_running(sdata))) 475 return; 476 477 mutex_lock(&sdata->local->key_mtx); 478 479 list_for_each_entry(key, &sdata->key_list, list) 480 ieee80211_key_enable_hw_accel(key); 481 482 mutex_unlock(&sdata->local->key_mtx); 483 } 484 485 void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) 486 { 487 struct ieee80211_key *key; 488 489 ASSERT_RTNL(); 490 491 mutex_lock(&sdata->local->key_mtx); 492 493 list_for_each_entry(key, &sdata->key_list, list) 494 ieee80211_key_disable_hw_accel(key); 495 496 mutex_unlock(&sdata->local->key_mtx); 497 } 498 499 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata) 500 { 501 struct ieee80211_key *key, *tmp; 502 503 mutex_lock(&sdata->local->key_mtx); 504 505 ieee80211_debugfs_key_remove_default(sdata); 506 ieee80211_debugfs_key_remove_mgmt_default(sdata); 507 508 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) 509 __ieee80211_key_free(key); 510 511 mutex_unlock(&sdata->local->key_mtx); 512 } 513