Lines Matching refs:key
36 * each station key also belongs to that interface.
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
43 * There is currently no way of knowing whether a key is handled in SW
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
49 * unprotected, namely the key->sta dereferences within the hardware
51 * remove the key which waits for an RCU grace period.
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
91 * just before xmit one of the key is deleted and SW encryption kicks
125 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
127 struct ieee80211_sub_if_data *sdata = key->sdata;
133 if (key->flags & KEY_FLAG_TAINTED) {
134 /* If we get here, it's during resume and the key is
141 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
151 if (!key->local->ops->set_key)
154 assert_key_lock(key->local);
156 sta = key->sta;
162 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
163 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
174 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
180 ret = drv_set_key(key->local, SET_KEY, sdata,
181 sta ? &sta->sta : NULL, &key->conf);
184 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
186 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
191 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
192 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
194 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
195 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
202 "failed to set key (%d, %pM) to hardware (%d)\n",
203 key->conf.keyidx,
207 switch (key->conf.cipher) {
222 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
230 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
238 if (!key || !key->local->ops->set_key)
241 assert_key_lock(key->local);
243 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
246 sta = key->sta;
247 sdata = key->sdata;
249 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
254 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
255 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
256 sta ? &sta->sta : NULL, &key->conf);
260 "failed to remove key (%d, %pM) from hardware (%d)\n",
261 key->conf.keyidx,
265 static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
267 struct sta_info *sta = key->sta;
268 struct ieee80211_local *local = key->local;
274 sta->ptk_idx = key->conf.keyidx;
283 int ieee80211_set_tx_key(struct ieee80211_key *key)
285 return _ieee80211_set_tx_key(key, false);
298 /* Extended Key ID key install, initial one or rekey */
307 * supporting A-MPDU key borders. (Blocking Tx only
327 /* Stop Tx till we are on the new key */
350 struct ieee80211_key *key = NULL;
355 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
358 rcu_assign_pointer(sdata->default_unicast_key, key);
365 rcu_assign_pointer(sdata->default_multicast_key, key);
381 struct ieee80211_key *key = NULL;
387 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
389 rcu_assign_pointer(sdata->default_mgmt_key, key);
405 struct ieee80211_key *key = NULL;
412 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
414 rcu_assign_pointer(sdata->default_beacon_key, key);
481 /* Only needed for transition from no key -> key.
483 * and installing the second key ID the first time.
537 struct ieee80211_key *key;
545 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
546 if (!key)
551 * key to the hardware if possible.
553 key->conf.flags = 0;
554 key->flags = 0;
556 key->conf.cipher = cipher;
557 key->conf.keyidx = idx;
558 key->conf.keylen = key_len;
562 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
563 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
566 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
567 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
570 key->u.tkip.rx[i].iv32 =
572 key->u.tkip.rx[i].iv16 =
576 spin_lock_init(&key->u.tkip.txlock);
579 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
580 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
584 key->u.ccmp.rx_pn[i][j] =
588 * Initialize AES key state here as an optimization so that
591 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
593 if (IS_ERR(key->u.ccmp.tfm)) {
594 err = PTR_ERR(key->u.ccmp.tfm);
595 kfree(key);
600 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
601 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
604 key->u.ccmp.rx_pn[i][j] =
606 /* Initialize AES key state here as an optimization so that
609 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
611 if (IS_ERR(key->u.ccmp.tfm)) {
612 err = PTR_ERR(key->u.ccmp.tfm);
613 kfree(key);
619 key->conf.iv_len = 0;
621 key->conf.icv_len = sizeof(struct ieee80211_mmie);
623 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
626 key->u.aes_cmac.rx_pn[j] =
629 * Initialize AES key state here as an optimization so that
632 key->u.aes_cmac.tfm =
634 if (IS_ERR(key->u.aes_cmac.tfm)) {
635 err = PTR_ERR(key->u.aes_cmac.tfm);
636 kfree(key);
642 key->conf.iv_len = 0;
643 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
646 key->u.aes_gmac.rx_pn[j] =
648 /* Initialize AES key state here as an optimization so that
651 key->u.aes_gmac.tfm =
653 if (IS_ERR(key->u.aes_gmac.tfm)) {
654 err = PTR_ERR(key->u.aes_gmac.tfm);
655 kfree(key);
661 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
662 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
665 key->u.gcmp.rx_pn[i][j] =
667 /* Initialize AES key state here as an optimization so that
670 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
672 if (IS_ERR(key->u.gcmp.tfm)) {
673 err = PTR_ERR(key->u.gcmp.tfm);
674 kfree(key);
681 kfree(key);
685 key->conf.iv_len = cs->hdr_len;
686 key->conf.icv_len = cs->mic_len;
689 key->u.gen.rx_pn[i][j] =
691 key->flags |= KEY_FLAG_CIPHER_SCHEME;
694 memcpy(key->conf.key, key_data, key_len);
695 INIT_LIST_HEAD(&key->list);
697 return key;
700 static void ieee80211_key_free_common(struct ieee80211_key *key)
702 switch (key->conf.cipher) {
705 ieee80211_aes_key_free(key->u.ccmp.tfm);
709 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
713 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
717 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
720 kfree_sensitive(key);
723 static void __ieee80211_key_destroy(struct ieee80211_key *key,
726 if (key->local) {
727 struct ieee80211_sub_if_data *sdata = key->sdata;
729 ieee80211_debugfs_key_remove(key);
741 ieee80211_key_free_common(key);
744 static void ieee80211_key_destroy(struct ieee80211_key *key,
747 if (!key)
751 * Synchronize so the TX path and rcu key iterators
752 * can no longer be using this key before we free/remove it.
756 __ieee80211_key_destroy(key, delay_tailroom);
759 void ieee80211_key_free_unused(struct ieee80211_key *key)
761 WARN_ON(key->sdata || key->local);
762 ieee80211_key_free_common(key);
775 tk_old = old->conf.key;
776 tk_new = new->conf.key;
779 * In station mode, don't compare the TX MIC key, as it's never used
798 int ieee80211_key_link(struct ieee80211_key *key,
804 int idx = key->conf.keyidx;
805 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
822 /* The rekey code assumes that the old and new key are using
825 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
826 (old_key && old_key->conf.cipher != key->conf.cipher))
836 if (old_key && old_key->conf.cipher != key->conf.cipher)
841 * Silently accept key re-installation without really installing the
842 * new version of the key to avoid nonce reuse or replay issues.
844 if (ieee80211_key_identical(sdata, old_key, key)) {
845 ieee80211_key_free_unused(key);
850 key->local = sdata->local;
851 key->sdata = sdata;
852 key->sta = sta;
855 * Assign a unique ID to every key so we can easily prevent mixed
856 * key and fragment cache attacks.
858 key->color = atomic_inc_return(&key_color);
862 ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
865 ieee80211_debugfs_key_add(key);
868 ieee80211_key_free(key, delay_tailroom);
877 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
879 if (!key)
883 * Replace key with nothingness if it was ever used.
885 if (key->sdata)
886 ieee80211_key_replace(key->sdata, key->sta,
887 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
888 key, NULL);
889 ieee80211_key_destroy(key, delay_tailroom);
894 struct ieee80211_key *key;
912 list_for_each_entry(key, &sdata->key_list, list) {
914 ieee80211_key_enable_hw_accel(key);
926 struct ieee80211_key_conf *key,
931 struct ieee80211_key *key, *tmp;
939 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
941 key->sta ? &key->sta->sta : NULL,
942 &key->conf, iter_data);
945 list_for_each_entry_safe(key, tmp,
948 key->sta ? &key->sta->sta : NULL,
949 &key->conf, iter_data);
961 struct ieee80211_key_conf *key,
965 struct ieee80211_key *key;
967 list_for_each_entry_rcu(key, &sdata->key_list, list) {
969 if (key->sta && key->sta->removed)
971 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
975 key->sta ? &key->sta->sta : NULL,
976 &key->conf, iter_data);
985 struct ieee80211_key_conf *key,
1005 struct ieee80211_key *key, *tmp;
1014 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1015 ieee80211_key_replace(key->sdata, key->sta,
1016 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1017 key, NULL);
1018 list_add_tail(&key->list, keys);
1030 struct ieee80211_key *key, *tmp;
1046 list_for_each_entry_safe(key, tmp, &keys, list)
1047 __ieee80211_key_destroy(key, false);
1075 struct ieee80211_key *key;
1080 key = key_mtx_dereference(local, sta->gtk[i]);
1081 if (!key)
1083 ieee80211_key_replace(key->sdata, key->sta,
1084 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1085 key, NULL);
1086 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1091 key = key_mtx_dereference(local, sta->ptk[i]);
1092 if (!key)
1094 ieee80211_key_replace(key->sdata, key->sta,
1095 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1096 key, NULL);
1097 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1114 * and then new keys are installed. The first new key causes the
1118 * key removal for a while, so if we roam the value is larger than
1148 struct ieee80211_key *key;
1151 key = container_of(keyconf, struct ieee80211_key, conf);
1153 switch (key->conf.cipher) {
1157 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1158 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1165 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1167 pn = key->u.ccmp.rx_pn[tid];
1174 pn = key->u.aes_cmac.rx_pn;
1181 pn = key->u.aes_gmac.rx_pn;
1189 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1191 pn = key->u.gcmp.rx_pn[tid];
1201 struct ieee80211_key *key;
1204 key = container_of(keyconf, struct ieee80211_key, conf);
1206 switch (key->conf.cipher) {
1210 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1211 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1218 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1220 pn = key->u.ccmp.rx_pn[tid];
1227 pn = key->u.aes_cmac.rx_pn;
1234 pn = key->u.aes_gmac.rx_pn;
1242 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1244 pn = key->u.gcmp.rx_pn[tid];
1256 struct ieee80211_key *key;
1258 key = container_of(keyconf, struct ieee80211_key, conf);
1260 assert_key_lock(key->local);
1263 * if key was uploaded, we assume the driver will/has remove(d)
1266 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1267 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1269 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1272 increment_tailroom_need_count(key->sdata);
1275 ieee80211_key_free(key, false);
1285 struct ieee80211_key *key;
1294 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1295 keyconf->keylen, keyconf->key,
1297 if (IS_ERR(key))
1298 return ERR_CAST(key);
1301 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1303 err = ieee80211_key_link(key, sdata, NULL);
1307 return &key->conf;