2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
12 #include <linux/if_ether.h>
13 #include <linux/etherdevice.h>
14 #include <linux/list.h>
15 #include <linux/rcupdate.h>
16 #include <linux/rtnetlink.h>
17 #include <net/mac80211.h>
18 #include "ieee80211_i.h"
19 #include "driver-ops.h"
20 #include "debugfs_key.h"
24 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,29))
25 #include <asm/unaligned.h>
29 * DOC: Key handling basics
31 * Key handling in mac80211 is done based on per-interface (sub_if_data)
32 * keys and per-station keys. Since each station belongs to an interface,
33 * each station key also belongs to that interface.
35 * Hardware acceleration is done on a best-effort basis, for each key
36 * that is eligible the hardware is asked to enable that key but if
37 * it cannot do that they key is simply kept for software encryption.
38 * There is currently no way of knowing this except by looking into
41 * All key operations are protected internally so you can call them at
44 * Within mac80211, key references are, just as STA structure references,
45 * protected by RCU. Note, however, that some things are unprotected,
46 * namely the key->sta dereferences within the hardware acceleration
47 * functions. This means that sta_info_destroy() must flush the key todo
50 * All the direct key list manipulation functions must not sleep because
51 * they can operate on STA info structs that are protected by RCU.
54 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
56 /* key mutex: used to synchronise todo runners */
57 static DEFINE_MUTEX(key_mutex);
58 static DEFINE_SPINLOCK(todo_lock);
59 static LIST_HEAD(todo_list);
61 static void key_todo(struct work_struct *work)
66 static DECLARE_WORK(todo_work, key_todo);
69 * add_todo - add todo item for a key
71 * @key: key to add to do item for
74 * Must be called with IRQs or softirqs disabled.
76 static void add_todo(struct ieee80211_key *key, u32 flag)
81 spin_lock(&todo_lock);
84 * Remove again if already on the list so that we move it to the end.
86 if (!list_empty(&key->todo))
88 list_add_tail(&key->todo, &todo_list);
89 schedule_work(&todo_work);
90 spin_unlock(&todo_lock);
94 * ieee80211_key_lock - lock the mac80211 key operation lock
96 * This locks the (global) mac80211 key operation lock, all
97 * key operations must be done under this lock.
99 static void ieee80211_key_lock(void)
101 mutex_lock(&key_mutex);
105 * ieee80211_key_unlock - unlock the mac80211 key operation lock
107 static void ieee80211_key_unlock(void)
109 mutex_unlock(&key_mutex);
112 static void assert_key_lock(void)
114 WARN_ON(!mutex_is_locked(&key_mutex));
117 static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
120 return &key->sta->sta;
125 static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
127 struct ieee80211_sub_if_data *sdata;
128 struct ieee80211_sta *sta;
134 if (!key->local->ops->set_key)
137 sta = get_sta_for_key(key);
140 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
141 sdata = container_of(sdata->bss,
142 struct ieee80211_sub_if_data,
145 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
148 spin_lock_bh(&todo_lock);
149 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
150 spin_unlock_bh(&todo_lock);
153 if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP)
154 printk(KERN_ERR "mac80211-%s: failed to set key "
155 "(%d, %pM) to hardware (%d)\n",
156 wiphy_name(key->local->hw.wiphy),
157 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
160 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
162 struct ieee80211_sub_if_data *sdata;
163 struct ieee80211_sta *sta;
169 if (!key || !key->local->ops->set_key)
172 spin_lock_bh(&todo_lock);
173 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) {
174 spin_unlock_bh(&todo_lock);
177 spin_unlock_bh(&todo_lock);
179 sta = get_sta_for_key(key);
182 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
183 sdata = container_of(sdata->bss,
184 struct ieee80211_sub_if_data,
187 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
191 printk(KERN_ERR "mac80211-%s: failed to remove key "
192 "(%d, %pM) from hardware (%d)\n",
193 wiphy_name(key->local->hw.wiphy),
194 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
196 spin_lock_bh(&todo_lock);
197 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
198 spin_unlock_bh(&todo_lock);
201 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
204 struct ieee80211_key *key = NULL;
206 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
207 key = sdata->keys[idx];
209 rcu_assign_pointer(sdata->default_key, key);
212 add_todo(key, KEY_FLAG_TODO_DEFKEY);
215 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx)
219 spin_lock_irqsave(&sdata->local->key_lock, flags);
220 __ieee80211_set_default_key(sdata, idx);
221 spin_unlock_irqrestore(&sdata->local->key_lock, flags);
225 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
227 struct ieee80211_key *key = NULL;
229 if (idx >= NUM_DEFAULT_KEYS &&
230 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
231 key = sdata->keys[idx];
233 rcu_assign_pointer(sdata->default_mgmt_key, key);
236 add_todo(key, KEY_FLAG_TODO_DEFMGMTKEY);
239 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
244 spin_lock_irqsave(&sdata->local->key_lock, flags);
245 __ieee80211_set_default_mgmt_key(sdata, idx);
246 spin_unlock_irqrestore(&sdata->local->key_lock, flags);
250 static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
251 struct sta_info *sta,
252 struct ieee80211_key *old,
253 struct ieee80211_key *new)
255 int idx, defkey, defmgmtkey;
258 list_add(&new->list, &sdata->key_list);
261 rcu_assign_pointer(sta->key, new);
263 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
266 idx = old->conf.keyidx;
268 idx = new->conf.keyidx;
270 defkey = old && sdata->default_key == old;
271 defmgmtkey = old && sdata->default_mgmt_key == old;
274 __ieee80211_set_default_key(sdata, -1);
275 if (defmgmtkey && !new)
276 __ieee80211_set_default_mgmt_key(sdata, -1);
278 rcu_assign_pointer(sdata->keys[idx], new);
280 __ieee80211_set_default_key(sdata, new->conf.keyidx);
281 if (defmgmtkey && new)
282 __ieee80211_set_default_mgmt_key(sdata,
288 * We'll use an empty list to indicate that the key
289 * has already been removed.
291 list_del_init(&old->list);
295 struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
299 size_t seq_len, const u8 *seq)
301 struct ieee80211_key *key;
304 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS);
306 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
311 * Default to software encryption; we'll later upload the
312 * key to the hardware if possible.
318 key->conf.keyidx = idx;
319 key->conf.keylen = key_len;
322 key->conf.iv_len = WEP_IV_LEN;
323 key->conf.icv_len = WEP_ICV_LEN;
326 key->conf.iv_len = TKIP_IV_LEN;
327 key->conf.icv_len = TKIP_ICV_LEN;
329 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
330 key->u.tkip.rx[i].iv32 =
331 get_unaligned_le32(&seq[2]);
332 key->u.tkip.rx[i].iv16 =
333 get_unaligned_le16(seq);
338 key->conf.iv_len = CCMP_HDR_LEN;
339 key->conf.icv_len = CCMP_MIC_LEN;
341 for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
342 for (j = 0; j < CCMP_PN_LEN; j++)
343 key->u.ccmp.rx_pn[i][j] =
344 seq[CCMP_PN_LEN - j - 1];
348 key->conf.iv_len = 0;
349 key->conf.icv_len = sizeof(struct ieee80211_mmie);
351 for (j = 0; j < 6; j++)
352 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
355 memcpy(key->conf.key, key_data, key_len);
356 INIT_LIST_HEAD(&key->list);
357 INIT_LIST_HEAD(&key->todo);
359 if (alg == ALG_CCMP) {
361 * Initialize AES key state here as an optimization so that
362 * it does not need to be initialized for every packet.
364 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
365 if (!key->u.ccmp.tfm) {
371 if (alg == ALG_AES_CMAC) {
373 * Initialize AES key state here as an optimization so that
374 * it does not need to be initialized for every packet.
376 key->u.aes_cmac.tfm =
377 ieee80211_aes_cmac_key_setup(key_data);
378 if (!key->u.aes_cmac.tfm) {
387 void ieee80211_key_link(struct ieee80211_key *key,
388 struct ieee80211_sub_if_data *sdata,
389 struct sta_info *sta)
391 struct ieee80211_key *old_key;
398 idx = key->conf.keyidx;
399 key->local = sdata->local;
405 * some hardware cannot handle TKIP with QoS, so
406 * we indicate whether QoS could be in use.
408 if (test_sta_flags(sta, WLAN_STA_WME))
409 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
412 * This key is for a specific sta interface,
413 * inform the driver that it should try to store
414 * this key as pairwise key.
416 key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
418 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
422 * We're getting a sta pointer in,
423 * so must be under RCU read lock.
426 /* same here, the AP could be using QoS */
427 ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
429 if (test_sta_flags(ap, WLAN_STA_WME))
431 IEEE80211_KEY_FLAG_WMM_STA;
436 spin_lock_irqsave(&sdata->local->key_lock, flags);
441 old_key = sdata->keys[idx];
443 __ieee80211_key_replace(sdata, sta, old_key, key);
445 /* free old key later */
446 add_todo(old_key, KEY_FLAG_TODO_DELETE);
448 add_todo(key, KEY_FLAG_TODO_ADD_DEBUGFS);
449 if (ieee80211_sdata_running(sdata))
450 add_todo(key, KEY_FLAG_TODO_HWACCEL_ADD);
452 spin_unlock_irqrestore(&sdata->local->key_lock, flags);
455 static void __ieee80211_key_free(struct ieee80211_key *key)
458 * Replace key with nothingness if it was ever used.
461 __ieee80211_key_replace(key->sdata, key->sta,
464 add_todo(key, KEY_FLAG_TODO_DELETE);
467 void ieee80211_key_free(struct ieee80211_key *key)
475 /* The key has not been linked yet, simply free it
477 if (key->conf.alg == ALG_CCMP)
478 ieee80211_aes_key_free(key->u.ccmp.tfm);
483 spin_lock_irqsave(&key->sdata->local->key_lock, flags);
484 __ieee80211_key_free(key);
485 spin_unlock_irqrestore(&key->sdata->local->key_lock, flags);
489 * To be safe against concurrent manipulations of the list (which shouldn't
490 * actually happen) we need to hold the spinlock. But under the spinlock we
491 * can't actually do much, so we defer processing to the todo list. Then run
492 * the todo list to be sure the operation and possibly previously pending
493 * operations are completed.
495 static void ieee80211_todo_for_each_key(struct ieee80211_sub_if_data *sdata,
498 struct ieee80211_key *key;
503 spin_lock_irqsave(&sdata->local->key_lock, flags);
504 list_for_each_entry(key, &sdata->key_list, list)
505 add_todo(key, todo_flags);
506 spin_unlock_irqrestore(&sdata->local->key_lock, flags);
508 ieee80211_key_todo();
511 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
515 if (WARN_ON(!ieee80211_sdata_running(sdata)))
518 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_ADD);
521 void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
525 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_REMOVE);
528 static void __ieee80211_key_destroy(struct ieee80211_key *key)
533 ieee80211_key_disable_hw_accel(key);
535 if (key->conf.alg == ALG_CCMP)
536 ieee80211_aes_key_free(key->u.ccmp.tfm);
537 if (key->conf.alg == ALG_AES_CMAC)
538 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
539 ieee80211_debugfs_key_remove(key);
544 static void __ieee80211_key_todo(void)
546 struct ieee80211_key *key;
551 * NB: sta_info_destroy relies on this!
555 spin_lock_bh(&todo_lock);
556 while (!list_empty(&todo_list)) {
557 key = list_first_entry(&todo_list, struct ieee80211_key, todo);
558 list_del_init(&key->todo);
559 todoflags = key->flags & (KEY_FLAG_TODO_ADD_DEBUGFS |
560 KEY_FLAG_TODO_DEFKEY |
561 KEY_FLAG_TODO_DEFMGMTKEY |
562 KEY_FLAG_TODO_HWACCEL_ADD |
563 KEY_FLAG_TODO_HWACCEL_REMOVE |
564 KEY_FLAG_TODO_DELETE);
565 key->flags &= ~todoflags;
566 spin_unlock_bh(&todo_lock);
570 if (todoflags & KEY_FLAG_TODO_ADD_DEBUGFS) {
571 ieee80211_debugfs_key_add(key);
574 if (todoflags & KEY_FLAG_TODO_DEFKEY) {
575 ieee80211_debugfs_key_remove_default(key->sdata);
576 ieee80211_debugfs_key_add_default(key->sdata);
579 if (todoflags & KEY_FLAG_TODO_DEFMGMTKEY) {
580 ieee80211_debugfs_key_remove_mgmt_default(key->sdata);
581 ieee80211_debugfs_key_add_mgmt_default(key->sdata);
584 if (todoflags & KEY_FLAG_TODO_HWACCEL_ADD) {
585 ieee80211_key_enable_hw_accel(key);
588 if (todoflags & KEY_FLAG_TODO_HWACCEL_REMOVE) {
589 ieee80211_key_disable_hw_accel(key);
592 if (todoflags & KEY_FLAG_TODO_DELETE) {
593 __ieee80211_key_destroy(key);
599 spin_lock_bh(&todo_lock);
601 spin_unlock_bh(&todo_lock);
604 void ieee80211_key_todo(void)
606 ieee80211_key_lock();
607 __ieee80211_key_todo();
608 ieee80211_key_unlock();
611 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
613 struct ieee80211_key *key, *tmp;
616 ieee80211_key_lock();
618 ieee80211_debugfs_key_remove_default(sdata);
619 ieee80211_debugfs_key_remove_mgmt_default(sdata);
621 spin_lock_irqsave(&sdata->local->key_lock, flags);
622 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
623 __ieee80211_key_free(key);
624 spin_unlock_irqrestore(&sdata->local->key_lock, flags);
626 __ieee80211_key_todo();
628 ieee80211_key_unlock();