Lines Matching full:key
34 * DOC: Key handling basics
36 * Key handling in mac80211 is done based on per-interface (sub_if_data)
38 * each station key also belongs to that interface.
41 * that are implemented in software, for each key the hardware is asked
42 * to enable that key for offloading but if it cannot do that the key is
45 * There is currently no way of knowing whether a key is handled in SW
48 * All key management is internally protected by a mutex. Within all
49 * other parts of mac80211, key references are, just as STA structure
51 * unprotected, namely the key->sta dereferences within the hardware
53 * remove the key which waits for an RCU grace period.
89 * 1. SKB resize was skipped because no key was added but just before in increment_tailroom_need_count()
90 * the xmit key is added and SW encryption kicks off. in increment_tailroom_need_count()
93 * just before xmit one of the key is deleted and SW encryption kicks in increment_tailroom_need_count()
127 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) in ieee80211_key_enable_hw_accel() argument
129 struct ieee80211_sub_if_data *sdata = key->sdata; in ieee80211_key_enable_hw_accel()
135 if (key->flags & KEY_FLAG_TAINTED) { in ieee80211_key_enable_hw_accel()
136 /* If we get here, it's during resume and the key is in ieee80211_key_enable_hw_accel()
143 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; in ieee80211_key_enable_hw_accel()
147 if (!key->local->ops->set_key) in ieee80211_key_enable_hw_accel()
150 assert_key_lock(key->local); in ieee80211_key_enable_hw_accel()
152 sta = key->sta; in ieee80211_key_enable_hw_accel()
158 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) && in ieee80211_key_enable_hw_accel()
159 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK)) in ieee80211_key_enable_hw_accel()
170 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) { in ieee80211_key_enable_hw_accel()
176 ret = drv_set_key(key->local, SET_KEY, sdata, in ieee80211_key_enable_hw_accel()
177 sta ? &sta->sta : NULL, &key->conf); in ieee80211_key_enable_hw_accel()
180 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; in ieee80211_key_enable_hw_accel()
182 if (!((key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | in ieee80211_key_enable_hw_accel()
184 (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) in ieee80211_key_enable_hw_accel()
187 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) && in ieee80211_key_enable_hw_accel()
188 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)); in ieee80211_key_enable_hw_accel()
190 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) && in ieee80211_key_enable_hw_accel()
191 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)); in ieee80211_key_enable_hw_accel()
198 "failed to set key (%d, %pM) to hardware (%d)\n", in ieee80211_key_enable_hw_accel()
199 key->conf.keyidx, in ieee80211_key_enable_hw_accel()
203 switch (key->conf.cipher) { in ieee80211_key_enable_hw_accel()
218 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL)) in ieee80211_key_enable_hw_accel()
226 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) in ieee80211_key_disable_hw_accel() argument
234 if (!key || !key->local->ops->set_key) in ieee80211_key_disable_hw_accel()
237 assert_key_lock(key->local); in ieee80211_key_disable_hw_accel()
239 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) in ieee80211_key_disable_hw_accel()
242 sta = key->sta; in ieee80211_key_disable_hw_accel()
243 sdata = key->sdata; in ieee80211_key_disable_hw_accel()
245 if (!((key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | in ieee80211_key_disable_hw_accel()
247 (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) in ieee80211_key_disable_hw_accel()
250 ret = drv_set_key(key->local, DISABLE_KEY, sdata, in ieee80211_key_disable_hw_accel()
251 sta ? &sta->sta : NULL, &key->conf); in ieee80211_key_disable_hw_accel()
255 "failed to remove key (%d, %pM) from hardware (%d)\n", in ieee80211_key_disable_hw_accel()
256 key->conf.keyidx, in ieee80211_key_disable_hw_accel()
259 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; in ieee80211_key_disable_hw_accel()
265 struct ieee80211_key *key = NULL; in __ieee80211_set_default_key() local
270 key = key_mtx_dereference(sdata->local, sdata->keys[idx]); in __ieee80211_set_default_key()
273 rcu_assign_pointer(sdata->default_unicast_key, key); in __ieee80211_set_default_key()
280 rcu_assign_pointer(sdata->default_multicast_key, key); in __ieee80211_set_default_key()
296 struct ieee80211_key *key = NULL; in __ieee80211_set_default_mgmt_key() local
302 key = key_mtx_dereference(sdata->local, sdata->keys[idx]); in __ieee80211_set_default_mgmt_key()
304 rcu_assign_pointer(sdata->default_mgmt_key, key); in __ieee80211_set_default_mgmt_key()
390 struct ieee80211_key *key; in ieee80211_key_alloc() local
396 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); in ieee80211_key_alloc()
397 if (!key) in ieee80211_key_alloc()
402 * key to the hardware if possible. in ieee80211_key_alloc()
404 key->conf.flags = 0; in ieee80211_key_alloc()
405 key->flags = 0; in ieee80211_key_alloc()
407 key->conf.cipher = cipher; in ieee80211_key_alloc()
408 key->conf.keyidx = idx; in ieee80211_key_alloc()
409 key->conf.keylen = key_len; in ieee80211_key_alloc()
413 key->conf.iv_len = IEEE80211_WEP_IV_LEN; in ieee80211_key_alloc()
414 key->conf.icv_len = IEEE80211_WEP_ICV_LEN; in ieee80211_key_alloc()
417 key->conf.iv_len = IEEE80211_TKIP_IV_LEN; in ieee80211_key_alloc()
418 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN; in ieee80211_key_alloc()
421 key->u.tkip.rx[i].iv32 = in ieee80211_key_alloc()
423 key->u.tkip.rx[i].iv16 = in ieee80211_key_alloc()
427 spin_lock_init(&key->u.tkip.txlock); in ieee80211_key_alloc()
430 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN; in ieee80211_key_alloc()
431 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN; in ieee80211_key_alloc()
435 key->u.ccmp.rx_pn[i][j] = in ieee80211_key_alloc()
439 * Initialize AES key state here as an optimization so that in ieee80211_key_alloc()
442 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt( in ieee80211_key_alloc()
444 if (IS_ERR(key->u.ccmp.tfm)) { in ieee80211_key_alloc()
445 err = PTR_ERR(key->u.ccmp.tfm); in ieee80211_key_alloc()
446 kfree(key); in ieee80211_key_alloc()
451 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN; in ieee80211_key_alloc()
452 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN; in ieee80211_key_alloc()
455 key->u.ccmp.rx_pn[i][j] = in ieee80211_key_alloc()
457 /* Initialize AES key state here as an optimization so that in ieee80211_key_alloc()
460 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt( in ieee80211_key_alloc()
462 if (IS_ERR(key->u.ccmp.tfm)) { in ieee80211_key_alloc()
463 err = PTR_ERR(key->u.ccmp.tfm); in ieee80211_key_alloc()
464 kfree(key); in ieee80211_key_alloc()
470 key->conf.iv_len = 0; in ieee80211_key_alloc()
472 key->conf.icv_len = sizeof(struct ieee80211_mmie); in ieee80211_key_alloc()
474 key->conf.icv_len = sizeof(struct ieee80211_mmie_16); in ieee80211_key_alloc()
477 key->u.aes_cmac.rx_pn[j] = in ieee80211_key_alloc()
480 * Initialize AES key state here as an optimization so that in ieee80211_key_alloc()
483 key->u.aes_cmac.tfm = in ieee80211_key_alloc()
485 if (IS_ERR(key->u.aes_cmac.tfm)) { in ieee80211_key_alloc()
486 err = PTR_ERR(key->u.aes_cmac.tfm); in ieee80211_key_alloc()
487 kfree(key); in ieee80211_key_alloc()
493 key->conf.iv_len = 0; in ieee80211_key_alloc()
494 key->conf.icv_len = sizeof(struct ieee80211_mmie_16); in ieee80211_key_alloc()
497 key->u.aes_gmac.rx_pn[j] = in ieee80211_key_alloc()
499 /* Initialize AES key state here as an optimization so that in ieee80211_key_alloc()
502 key->u.aes_gmac.tfm = in ieee80211_key_alloc()
504 if (IS_ERR(key->u.aes_gmac.tfm)) { in ieee80211_key_alloc()
505 err = PTR_ERR(key->u.aes_gmac.tfm); in ieee80211_key_alloc()
506 kfree(key); in ieee80211_key_alloc()
512 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN; in ieee80211_key_alloc()
513 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN; in ieee80211_key_alloc()
516 key->u.gcmp.rx_pn[i][j] = in ieee80211_key_alloc()
518 /* Initialize AES key state here as an optimization so that in ieee80211_key_alloc()
521 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data, in ieee80211_key_alloc()
523 if (IS_ERR(key->u.gcmp.tfm)) { in ieee80211_key_alloc()
524 err = PTR_ERR(key->u.gcmp.tfm); in ieee80211_key_alloc()
525 kfree(key); in ieee80211_key_alloc()
532 kfree(key); in ieee80211_key_alloc()
536 key->conf.iv_len = cs->hdr_len; in ieee80211_key_alloc()
537 key->conf.icv_len = cs->mic_len; in ieee80211_key_alloc()
540 key->u.gen.rx_pn[i][j] = in ieee80211_key_alloc()
542 key->flags |= KEY_FLAG_CIPHER_SCHEME; in ieee80211_key_alloc()
545 memcpy(key->conf.key, key_data, key_len); in ieee80211_key_alloc()
546 INIT_LIST_HEAD(&key->list); in ieee80211_key_alloc()
548 return key; in ieee80211_key_alloc()
551 static void ieee80211_key_free_common(struct ieee80211_key *key) in ieee80211_key_free_common() argument
553 switch (key->conf.cipher) { in ieee80211_key_free_common()
556 ieee80211_aes_key_free(key->u.ccmp.tfm); in ieee80211_key_free_common()
560 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); in ieee80211_key_free_common()
564 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm); in ieee80211_key_free_common()
568 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm); in ieee80211_key_free_common()
571 kzfree(key); in ieee80211_key_free_common()
574 static void __ieee80211_key_destroy(struct ieee80211_key *key, in __ieee80211_key_destroy() argument
577 if (key->local) in __ieee80211_key_destroy()
578 ieee80211_key_disable_hw_accel(key); in __ieee80211_key_destroy()
580 if (key->local) { in __ieee80211_key_destroy()
581 struct ieee80211_sub_if_data *sdata = key->sdata; in __ieee80211_key_destroy()
583 ieee80211_debugfs_key_remove(key); in __ieee80211_key_destroy()
595 ieee80211_key_free_common(key); in __ieee80211_key_destroy()
598 static void ieee80211_key_destroy(struct ieee80211_key *key, in ieee80211_key_destroy() argument
601 if (!key) in ieee80211_key_destroy()
605 * Synchronize so the TX path and rcu key iterators in ieee80211_key_destroy()
606 * can no longer be using this key before we free/remove it. in ieee80211_key_destroy()
610 __ieee80211_key_destroy(key, delay_tailroom); in ieee80211_key_destroy()
613 void ieee80211_key_free_unused(struct ieee80211_key *key) in ieee80211_key_free_unused() argument
615 WARN_ON(key->sdata || key->local); in ieee80211_key_free_unused()
616 ieee80211_key_free_common(key); in ieee80211_key_free_unused()
629 tk_old = old->conf.key; in ieee80211_key_identical()
630 tk_new = new->conf.key; in ieee80211_key_identical()
633 * In station mode, don't compare the TX MIC key, as it's never used in ieee80211_key_identical()
652 int ieee80211_key_link(struct ieee80211_key *key, in ieee80211_key_link() argument
659 int idx = key->conf.keyidx; in ieee80211_key_link()
660 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; in ieee80211_key_link()
679 * Silently accept key re-installation without really installing the in ieee80211_key_link()
680 * new version of the key to avoid nonce reuse or replay issues. in ieee80211_key_link()
682 if (ieee80211_key_identical(sdata, old_key, key)) { in ieee80211_key_link()
683 ieee80211_key_free_unused(key); in ieee80211_key_link()
688 key->local = sdata->local; in ieee80211_key_link()
689 key->sdata = sdata; in ieee80211_key_link()
690 key->sta = sta; in ieee80211_key_link()
693 * Assign a unique ID to every key so we can easily prevent mixed in ieee80211_key_link()
694 * key and fragment cache attacks. in ieee80211_key_link()
696 key->color = atomic_inc_return(&key_color); in ieee80211_key_link()
700 ieee80211_key_replace(sdata, sta, pairwise, old_key, key); in ieee80211_key_link()
703 ieee80211_debugfs_key_add(key); in ieee80211_key_link()
706 ret = ieee80211_key_enable_hw_accel(key); in ieee80211_key_link()
708 ieee80211_key_free(key, delay_tailroom); in ieee80211_key_link()
719 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom) in ieee80211_key_free() argument
721 if (!key) in ieee80211_key_free()
725 * Replace key with nothingness if it was ever used. in ieee80211_key_free()
727 if (key->sdata) in ieee80211_key_free()
728 ieee80211_key_replace(key->sdata, key->sta, in ieee80211_key_free()
729 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, in ieee80211_key_free()
730 key, NULL); in ieee80211_key_free()
731 ieee80211_key_destroy(key, delay_tailroom); in ieee80211_key_free()
736 struct ieee80211_key *key; in ieee80211_enable_keys() local
755 list_for_each_entry(key, &sdata->key_list, list) { in ieee80211_enable_keys()
757 ieee80211_key_enable_hw_accel(key); in ieee80211_enable_keys()
784 struct ieee80211_key_conf *key, in ieee80211_iter_keys() argument
789 struct ieee80211_key *key, *tmp; in ieee80211_iter_keys() local
797 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) in ieee80211_iter_keys()
799 key->sta ? &key->sta->sta : NULL, in ieee80211_iter_keys()
800 &key->conf, iter_data); in ieee80211_iter_keys()
803 list_for_each_entry_safe(key, tmp, in ieee80211_iter_keys()
806 key->sta ? &key->sta->sta : NULL, in ieee80211_iter_keys()
807 &key->conf, iter_data); in ieee80211_iter_keys()
819 struct ieee80211_key_conf *key, in _ieee80211_iter_keys_rcu() argument
823 struct ieee80211_key *key; in _ieee80211_iter_keys_rcu() local
825 list_for_each_entry_rcu(key, &sdata->key_list, list) { in _ieee80211_iter_keys_rcu()
827 if (key->sta && key->sta->removed) in _ieee80211_iter_keys_rcu()
829 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) in _ieee80211_iter_keys_rcu()
833 key->sta ? &key->sta->sta : NULL, in _ieee80211_iter_keys_rcu()
834 &key->conf, iter_data); in _ieee80211_iter_keys_rcu()
843 struct ieee80211_key_conf *key, in ieee80211_iter_keys_rcu() argument
863 struct ieee80211_key *key, *tmp; in ieee80211_free_keys_iface() local
871 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) { in ieee80211_free_keys_iface()
872 ieee80211_key_replace(key->sdata, key->sta, in ieee80211_free_keys_iface()
873 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, in ieee80211_free_keys_iface()
874 key, NULL); in ieee80211_free_keys_iface()
875 list_add_tail(&key->list, keys); in ieee80211_free_keys_iface()
887 struct ieee80211_key *key, *tmp; in ieee80211_free_keys() local
903 list_for_each_entry_safe(key, tmp, &keys, list) in ieee80211_free_keys()
904 __ieee80211_key_destroy(key, false); in ieee80211_free_keys()
932 struct ieee80211_key *key; in ieee80211_free_sta_keys() local
937 key = key_mtx_dereference(local, sta->gtk[i]); in ieee80211_free_sta_keys()
938 if (!key) in ieee80211_free_sta_keys()
940 ieee80211_key_replace(key->sdata, key->sta, in ieee80211_free_sta_keys()
941 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, in ieee80211_free_sta_keys()
942 key, NULL); in ieee80211_free_sta_keys()
943 __ieee80211_key_destroy(key, key->sdata->vif.type == in ieee80211_free_sta_keys()
948 key = key_mtx_dereference(local, sta->ptk[i]); in ieee80211_free_sta_keys()
949 if (!key) in ieee80211_free_sta_keys()
951 ieee80211_key_replace(key->sdata, key->sta, in ieee80211_free_sta_keys()
952 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, in ieee80211_free_sta_keys()
953 key, NULL); in ieee80211_free_sta_keys()
954 __ieee80211_key_destroy(key, key->sdata->vif.type == in ieee80211_free_sta_keys()
971 * and then new keys are installed. The first new key causes the in ieee80211_delayed_tailroom_dec()
975 * key removal for a while, so if we roam the value is larger than in ieee80211_delayed_tailroom_dec()
1005 struct ieee80211_key *key; in ieee80211_get_key_rx_seq() local
1008 key = container_of(keyconf, struct ieee80211_key, conf); in ieee80211_get_key_rx_seq()
1010 switch (key->conf.cipher) { in ieee80211_get_key_rx_seq()
1014 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32; in ieee80211_get_key_rx_seq()
1015 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16; in ieee80211_get_key_rx_seq()
1022 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; in ieee80211_get_key_rx_seq()
1024 pn = key->u.ccmp.rx_pn[tid]; in ieee80211_get_key_rx_seq()
1031 pn = key->u.aes_cmac.rx_pn; in ieee80211_get_key_rx_seq()
1038 pn = key->u.aes_gmac.rx_pn; in ieee80211_get_key_rx_seq()
1046 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS]; in ieee80211_get_key_rx_seq()
1048 pn = key->u.gcmp.rx_pn[tid]; in ieee80211_get_key_rx_seq()
1058 struct ieee80211_key *key; in ieee80211_set_key_rx_seq() local
1061 key = container_of(keyconf, struct ieee80211_key, conf); in ieee80211_set_key_rx_seq()
1063 switch (key->conf.cipher) { in ieee80211_set_key_rx_seq()
1067 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32; in ieee80211_set_key_rx_seq()
1068 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16; in ieee80211_set_key_rx_seq()
1075 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS]; in ieee80211_set_key_rx_seq()
1077 pn = key->u.ccmp.rx_pn[tid]; in ieee80211_set_key_rx_seq()
1084 pn = key->u.aes_cmac.rx_pn; in ieee80211_set_key_rx_seq()
1091 pn = key->u.aes_gmac.rx_pn; in ieee80211_set_key_rx_seq()
1099 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS]; in ieee80211_set_key_rx_seq()
1101 pn = key->u.gcmp.rx_pn[tid]; in ieee80211_set_key_rx_seq()
1113 struct ieee80211_key *key; in ieee80211_remove_key() local
1115 key = container_of(keyconf, struct ieee80211_key, conf); in ieee80211_remove_key()
1117 assert_key_lock(key->local); in ieee80211_remove_key()
1120 * if key was uploaded, we assume the driver will/has remove(d) in ieee80211_remove_key()
1123 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) { in ieee80211_remove_key()
1124 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; in ieee80211_remove_key()
1126 if (!((key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC | in ieee80211_remove_key()
1128 (key->conf.flags & IEEE80211_KEY_FLAG_RESERVE_TAILROOM))) in ieee80211_remove_key()
1129 increment_tailroom_need_count(key->sdata); in ieee80211_remove_key()
1132 ieee80211_key_free(key, false); in ieee80211_remove_key()
1142 struct ieee80211_key *key; in ieee80211_gtk_rekey_add() local
1151 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx, in ieee80211_gtk_rekey_add()
1152 keyconf->keylen, keyconf->key, in ieee80211_gtk_rekey_add()
1154 if (IS_ERR(key)) in ieee80211_gtk_rekey_add()
1155 return ERR_CAST(key); in ieee80211_gtk_rekey_add()
1158 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT; in ieee80211_gtk_rekey_add()
1160 err = ieee80211_key_link(key, sdata, NULL); in ieee80211_gtk_rekey_add()
1164 return &key->conf; in ieee80211_gtk_rekey_add()