Lines Matching refs:key
36 * each station key also belongs to that interface.
39 * that are implemented in software, for each key the hardware is asked
40 * to enable that key for offloading but if it cannot do that the key is
43 * There is currently no way of knowing whether a key is handled in SW
46 * All key management is internally protected by a mutex. Within all
47 * other parts of mac80211, key references are, just as STA structure
49 * unprotected, namely the key->sta dereferences within the hardware
51 * remove the key which waits for an RCU grace period.
87 * 1. SKB resize was skipped because no key was added but just before
88 * the xmit key is added and SW encryption kicks off.
91 * just before xmit one of the key is deleted and SW encryption kicks
125 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
127 struct ieee80211_sub_if_data *sdata = key->sdata;
133 if (key->flags & KEY_FLAG_TAINTED) {
134 /* If we get here, it's during resume and the key is
141 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
142 !(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
151 if (!key->local->ops->set_key)
154 assert_key_lock(key->local);
156 sta = key->sta;
162 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
163 !ieee80211_hw_check(&key->local->hw, SUPPORTS_PER_STA_GTK))
174 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) {
180 if (key->conf.link_id >= 0 && sdata->vif.active_links &&
181 !(sdata->vif.active_links & BIT(key->conf.link_id)))
184 ret = drv_set_key(key->local, SET_KEY, sdata,
185 sta ? &sta->sta : NULL, &key->conf);
188 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
190 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
195 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) &&
196 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV));
198 WARN_ON((key->conf.flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) &&
199 (key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC));
206 "failed to set key (%d, %pM) to hardware (%d)\n",
207 key->conf.keyidx,
211 switch (key->conf.cipher) {
226 if (ieee80211_hw_check(&key->local->hw, SW_CRYPTO_CONTROL))
234 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
242 if (!key || !key->local->ops->set_key)
245 assert_key_lock(key->local);
247 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
250 sta = key->sta;
251 sdata = key->sdata;
253 if (key->conf.link_id >= 0 && sdata->vif.active_links &&
254 !(sdata->vif.active_links & BIT(key->conf.link_id)))
257 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
262 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
263 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
264 sta ? &sta->sta : NULL, &key->conf);
268 "failed to remove key (%d, %pM) from hardware (%d)\n",
269 key->conf.keyidx,
273 static int _ieee80211_set_tx_key(struct ieee80211_key *key, bool force)
275 struct sta_info *sta = key->sta;
276 struct ieee80211_local *local = key->local;
282 sta->ptk_idx = key->conf.keyidx;
291 int ieee80211_set_tx_key(struct ieee80211_key *key)
293 return _ieee80211_set_tx_key(key, false);
306 /* Extended Key ID key install, initial one or rekey */
315 * supporting A-MPDU key borders. (Blocking Tx only
335 /* Stop Tx till we are on the new key */
359 struct ieee80211_key *key = NULL;
364 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
365 if (!key)
366 key = key_mtx_dereference(sdata->local, link->gtk[idx]);
370 rcu_assign_pointer(sdata->default_unicast_key, key);
377 rcu_assign_pointer(link->default_multicast_key, key);
394 struct ieee80211_key *key = NULL;
400 key = key_mtx_dereference(sdata->local, link->gtk[idx]);
402 rcu_assign_pointer(link->default_mgmt_key, key);
419 struct ieee80211_key *key = NULL;
426 key = key_mtx_dereference(sdata->local, link->gtk[idx]);
428 rcu_assign_pointer(link->default_beacon_key, key);
536 /* Only needed for transition from no key -> key.
538 * and installing the second key ID the first time.
595 struct ieee80211_key *key;
603 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
604 if (!key)
609 * key to the hardware if possible.
611 key->conf.flags = 0;
612 key->flags = 0;
614 key->conf.link_id = -1;
615 key->conf.cipher = cipher;
616 key->conf.keyidx = idx;
617 key->conf.keylen = key_len;
621 key->conf.iv_len = IEEE80211_WEP_IV_LEN;
622 key->conf.icv_len = IEEE80211_WEP_ICV_LEN;
625 key->conf.iv_len = IEEE80211_TKIP_IV_LEN;
626 key->conf.icv_len = IEEE80211_TKIP_ICV_LEN;
629 key->u.tkip.rx[i].iv32 =
631 key->u.tkip.rx[i].iv16 =
635 spin_lock_init(&key->u.tkip.txlock);
638 key->conf.iv_len = IEEE80211_CCMP_HDR_LEN;
639 key->conf.icv_len = IEEE80211_CCMP_MIC_LEN;
643 key->u.ccmp.rx_pn[i][j] =
647 * Initialize AES key state here as an optimization so that
650 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
652 if (IS_ERR(key->u.ccmp.tfm)) {
653 err = PTR_ERR(key->u.ccmp.tfm);
654 kfree(key);
659 key->conf.iv_len = IEEE80211_CCMP_256_HDR_LEN;
660 key->conf.icv_len = IEEE80211_CCMP_256_MIC_LEN;
663 key->u.ccmp.rx_pn[i][j] =
665 /* Initialize AES key state here as an optimization so that
668 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(
670 if (IS_ERR(key->u.ccmp.tfm)) {
671 err = PTR_ERR(key->u.ccmp.tfm);
672 kfree(key);
678 key->conf.iv_len = 0;
680 key->conf.icv_len = sizeof(struct ieee80211_mmie);
682 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
685 key->u.aes_cmac.rx_pn[j] =
688 * Initialize AES key state here as an optimization so that
691 key->u.aes_cmac.tfm =
693 if (IS_ERR(key->u.aes_cmac.tfm)) {
694 err = PTR_ERR(key->u.aes_cmac.tfm);
695 kfree(key);
701 key->conf.iv_len = 0;
702 key->conf.icv_len = sizeof(struct ieee80211_mmie_16);
705 key->u.aes_gmac.rx_pn[j] =
707 /* Initialize AES key state here as an optimization so that
710 key->u.aes_gmac.tfm =
712 if (IS_ERR(key->u.aes_gmac.tfm)) {
713 err = PTR_ERR(key->u.aes_gmac.tfm);
714 kfree(key);
720 key->conf.iv_len = IEEE80211_GCMP_HDR_LEN;
721 key->conf.icv_len = IEEE80211_GCMP_MIC_LEN;
724 key->u.gcmp.rx_pn[i][j] =
726 /* Initialize AES key state here as an optimization so that
729 key->u.gcmp.tfm = ieee80211_aes_gcm_key_setup_encrypt(key_data,
731 if (IS_ERR(key->u.gcmp.tfm)) {
732 err = PTR_ERR(key->u.gcmp.tfm);
733 kfree(key);
738 memcpy(key->conf.key, key_data, key_len);
739 INIT_LIST_HEAD(&key->list);
741 return key;
744 static void ieee80211_key_free_common(struct ieee80211_key *key)
746 switch (key->conf.cipher) {
749 ieee80211_aes_key_free(key->u.ccmp.tfm);
753 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
757 ieee80211_aes_gmac_key_free(key->u.aes_gmac.tfm);
761 ieee80211_aes_gcm_key_free(key->u.gcmp.tfm);
764 kfree_sensitive(key);
767 static void __ieee80211_key_destroy(struct ieee80211_key *key,
770 if (key->local) {
771 struct ieee80211_sub_if_data *sdata = key->sdata;
773 ieee80211_debugfs_key_remove(key);
785 ieee80211_key_free_common(key);
788 static void ieee80211_key_destroy(struct ieee80211_key *key,
791 if (!key)
795 * Synchronize so the TX path and rcu key iterators
796 * can no longer be using this key before we free/remove it.
800 __ieee80211_key_destroy(key, delay_tailroom);
803 void ieee80211_key_free_unused(struct ieee80211_key *key)
805 if (!key)
808 WARN_ON(key->sdata || key->local);
809 ieee80211_key_free_common(key);
822 tk_old = old->conf.key;
823 tk_new = new->conf.key;
826 * In station mode, don't compare the TX MIC key, as it's never used
845 int ieee80211_key_link(struct ieee80211_key *key,
852 int idx = key->conf.keyidx;
853 bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
870 /* The rekey code assumes that the old and new key are using
873 if ((alt_key && alt_key->conf.cipher != key->conf.cipher) ||
874 (old_key && old_key->conf.cipher != key->conf.cipher)) {
880 int link_id = key->conf.link_id;
903 if (old_key && old_key->conf.cipher != key->conf.cipher) {
910 * Silently accept key re-installation without really installing the
911 * new version of the key to avoid nonce reuse or replay issues.
913 if (ieee80211_key_identical(sdata, old_key, key)) {
918 key->local = sdata->local;
919 key->sdata = sdata;
920 key->sta = sta;
923 * Assign a unique ID to every key so we can easily prevent mixed
924 * key and fragment cache attacks.
926 key->color = atomic_inc_return(&key_color);
930 ret = ieee80211_key_replace(sdata, link, sta, pairwise, old_key, key);
933 ieee80211_debugfs_key_add(key);
936 ieee80211_key_free(key, delay_tailroom);
939 key = NULL;
942 ieee80211_key_free_unused(key);
948 void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom)
950 if (!key)
954 * Replace key with nothingness if it was ever used.
956 if (key->sdata)
957 ieee80211_key_replace(key->sdata, NULL, key->sta,
958 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
959 key, NULL);
960 ieee80211_key_destroy(key, delay_tailroom);
965 struct ieee80211_key *key;
983 list_for_each_entry(key, &sdata->key_list, list) {
985 ieee80211_key_enable_hw_accel(key);
997 struct ieee80211_key_conf *key,
1002 struct ieee80211_key *key, *tmp;
1010 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
1012 key->sta ? &key->sta->sta : NULL,
1013 &key->conf, iter_data);
1016 list_for_each_entry_safe(key, tmp,
1019 key->sta ? &key->sta->sta : NULL,
1020 &key->conf, iter_data);
1032 struct ieee80211_key_conf *key,
1036 struct ieee80211_key *key;
1038 list_for_each_entry_rcu(key, &sdata->key_list, list) {
1040 if (key->sta && key->sta->removed)
1042 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
1046 key->sta ? &key->sta->sta : NULL,
1047 &key->conf, iter_data);
1056 struct ieee80211_key_conf *key,
1076 struct ieee80211_key *key, *tmp;
1085 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1086 ieee80211_key_replace(key->sdata, NULL, key->sta,
1087 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1088 key, NULL);
1089 list_add_tail(&key->list, keys);
1100 struct ieee80211_key *key, *tmp;
1103 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) {
1104 if (key->conf.link_id != link->link_id)
1106 ieee80211_key_replace(key->sdata, link, key->sta,
1107 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1108 key, NULL);
1109 list_add_tail(&key->list, keys);
1117 struct ieee80211_key *key, *tmp;
1120 list_for_each_entry_safe(key, tmp, keys, list)
1121 __ieee80211_key_destroy(key, false);
1131 struct ieee80211_key *key, *tmp;
1147 list_for_each_entry_safe(key, tmp, &keys, list)
1148 __ieee80211_key_destroy(key, false);
1176 struct ieee80211_key *key;
1181 key = key_mtx_dereference(local, sta->deflink.gtk[i]);
1182 if (!key)
1184 ieee80211_key_replace(key->sdata, NULL, key->sta,
1185 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1186 key, NULL);
1187 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1192 key = key_mtx_dereference(local, sta->ptk[i]);
1193 if (!key)
1195 ieee80211_key_replace(key->sdata, NULL, key->sta,
1196 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
1197 key, NULL);
1198 __ieee80211_key_destroy(key, key->sdata->vif.type ==
1215 * and then new keys are installed. The first new key causes the
1219 * key removal for a while, so if we roam the value is larger than
1249 struct ieee80211_key *key;
1252 key = container_of(keyconf, struct ieee80211_key, conf);
1254 switch (key->conf.cipher) {
1258 seq->tkip.iv32 = key->u.tkip.rx[tid].iv32;
1259 seq->tkip.iv16 = key->u.tkip.rx[tid].iv16;
1266 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1268 pn = key->u.ccmp.rx_pn[tid];
1275 pn = key->u.aes_cmac.rx_pn;
1282 pn = key->u.aes_gmac.rx_pn;
1290 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1292 pn = key->u.gcmp.rx_pn[tid];
1302 struct ieee80211_key *key;
1305 key = container_of(keyconf, struct ieee80211_key, conf);
1307 switch (key->conf.cipher) {
1311 key->u.tkip.rx[tid].iv32 = seq->tkip.iv32;
1312 key->u.tkip.rx[tid].iv16 = seq->tkip.iv16;
1319 pn = key->u.ccmp.rx_pn[IEEE80211_NUM_TIDS];
1321 pn = key->u.ccmp.rx_pn[tid];
1328 pn = key->u.aes_cmac.rx_pn;
1335 pn = key->u.aes_gmac.rx_pn;
1343 pn = key->u.gcmp.rx_pn[IEEE80211_NUM_TIDS];
1345 pn = key->u.gcmp.rx_pn[tid];
1357 struct ieee80211_key *key;
1359 key = container_of(keyconf, struct ieee80211_key, conf);
1361 assert_key_lock(key->local);
1364 * if key was uploaded, we assume the driver will/has remove(d)
1367 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
1368 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
1370 if (!(key->conf.flags & (IEEE80211_KEY_FLAG_GENERATE_MMIC |
1373 increment_tailroom_need_count(key->sdata);
1376 ieee80211_key_free(key, false);
1386 struct ieee80211_key *key;
1395 key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
1396 keyconf->keylen, keyconf->key,
1398 if (IS_ERR(key))
1399 return ERR_CAST(key);
1402 key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
1405 err = ieee80211_key_link(key, &sdata->deflink, NULL);
1409 return &key->conf;
1415 struct ieee80211_key *key;
1417 key = container_of(keyconf, struct ieee80211_key, conf);
1419 switch (key->conf.cipher) {
1422 key->u.aes_cmac.icverrors++;
1426 key->u.aes_gmac.icverrors++;
1437 struct ieee80211_key *key;
1439 key = container_of(keyconf, struct ieee80211_key, conf);
1441 switch (key->conf.cipher) {
1444 key->u.ccmp.replays++;
1448 key->u.aes_cmac.replays++;
1452 key->u.aes_gmac.replays++;
1456 key->u.gcmp.replays++;
1466 struct ieee80211_key *key;
1469 list_for_each_entry(key, &sdata->key_list, list) {
1470 if (key->conf.link_id < 0 ||
1471 !(del_links_mask & BIT(key->conf.link_id)))
1475 WARN_ON(key->sta);
1477 ieee80211_key_disable_hw_accel(key);
1480 list_for_each_entry(key, &sdata->key_list, list) {
1481 if (key->conf.link_id < 0 ||
1482 !(add_links_mask & BIT(key->conf.link_id)))
1486 WARN_ON(key->sta);
1488 ret = ieee80211_key_enable_hw_accel(key);