forked from luck/tmp_suning_uos_patched
18890d4b89
When using AP VLAN interfaces, each VLAN interface should be in its own broadcast domain. Hostapd achieves this by assigning different GTKs to different AP VLAN interfaces. However, mac80211 drivers are not aware of AP VLAN interfaces and as such mac80211 sends the GTK to the driver in the context of the base AP mode interface. This causes problems when multiple AP VLAN interfaces are used since the driver will use the same key slot for the different GTKs (there's no way for the driver to distinguish the different GTKs from different AP VLAN interfaces). Thus, only the clients associated to one AP VLAN interface (the one that was created last) can actually use broadcast traffic. Fix this by not programming any GTKs for AP VLAN interfaces into the hw but fall back to using software crypto. The GTK for the underlying AP interface is still sent to the driver. That means, broadcast traffic to stations associated to an AP VLAN interface is encrypted in software whereas broadcast traffic to stations associated to the non-VLAN AP interface is encrypted in hardware. Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
520 lines
12 KiB
C
520 lines
12 KiB
C
/*
|
|
* Copyright 2002-2005, Instant802 Networks, Inc.
|
|
* Copyright 2005-2006, Devicescape Software, Inc.
|
|
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
|
|
* Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*/
|
|
|
|
#include <linux/if_ether.h>
|
|
#include <linux/etherdevice.h>
|
|
#include <linux/list.h>
|
|
#include <linux/rcupdate.h>
|
|
#include <linux/rtnetlink.h>
|
|
#include <linux/slab.h>
|
|
#include <net/mac80211.h>
|
|
#include "ieee80211_i.h"
|
|
#include "driver-ops.h"
|
|
#include "debugfs_key.h"
|
|
#include "aes_ccm.h"
|
|
#include "aes_cmac.h"
|
|
|
|
|
|
/**
|
|
* DOC: Key handling basics
|
|
*
|
|
* Key handling in mac80211 is done based on per-interface (sub_if_data)
|
|
* keys and per-station keys. Since each station belongs to an interface,
|
|
* each station key also belongs to that interface.
|
|
*
|
|
* Hardware acceleration is done on a best-effort basis, for each key
|
|
* that is eligible the hardware is asked to enable that key but if
|
|
* it cannot do that they key is simply kept for software encryption.
|
|
* There is currently no way of knowing this except by looking into
|
|
* debugfs.
|
|
*
|
|
* All key operations are protected internally.
|
|
*
|
|
* Within mac80211, key references are, just as STA structure references,
|
|
* protected by RCU. Note, however, that some things are unprotected,
|
|
* namely the key->sta dereferences within the hardware acceleration
|
|
* functions. This means that sta_info_destroy() must remove the key
|
|
* which waits for an RCU grace period.
|
|
*/
|
|
|
|
static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
|
|
|
|
static void assert_key_lock(struct ieee80211_local *local)
|
|
{
|
|
lockdep_assert_held(&local->key_mtx);
|
|
}
|
|
|
|
static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
|
|
{
|
|
if (key->sta)
|
|
return &key->sta->sta;
|
|
|
|
return NULL;
|
|
}
|
|
|
|
static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
|
|
{
|
|
struct ieee80211_sub_if_data *sdata;
|
|
struct ieee80211_sta *sta;
|
|
int ret;
|
|
|
|
might_sleep();
|
|
|
|
if (!key->local->ops->set_key)
|
|
goto out_unsupported;
|
|
|
|
assert_key_lock(key->local);
|
|
|
|
sta = get_sta_for_key(key);
|
|
|
|
/*
|
|
* If this is a per-STA GTK, check if it
|
|
* is supported; if not, return.
|
|
*/
|
|
if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
|
|
!(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK))
|
|
goto out_unsupported;
|
|
|
|
sdata = key->sdata;
|
|
if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
|
|
/*
|
|
* The driver doesn't know anything about VLAN interfaces.
|
|
* Hence, don't send GTKs for VLAN interfaces to the driver.
|
|
*/
|
|
if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
|
|
goto out_unsupported;
|
|
sdata = container_of(sdata->bss,
|
|
struct ieee80211_sub_if_data,
|
|
u.ap);
|
|
}
|
|
|
|
ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
|
|
|
|
if (!ret) {
|
|
key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
|
|
return 0;
|
|
}
|
|
|
|
if (ret != -ENOSPC && ret != -EOPNOTSUPP)
|
|
wiphy_err(key->local->hw.wiphy,
|
|
"failed to set key (%d, %pM) to hardware (%d)\n",
|
|
key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
|
|
|
|
out_unsupported:
|
|
switch (key->conf.cipher) {
|
|
case WLAN_CIPHER_SUITE_WEP40:
|
|
case WLAN_CIPHER_SUITE_WEP104:
|
|
case WLAN_CIPHER_SUITE_TKIP:
|
|
case WLAN_CIPHER_SUITE_CCMP:
|
|
case WLAN_CIPHER_SUITE_AES_CMAC:
|
|
/* all of these we can do in software */
|
|
return 0;
|
|
default:
|
|
return -EINVAL;
|
|
}
|
|
}
|
|
|
|
static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
|
|
{
|
|
struct ieee80211_sub_if_data *sdata;
|
|
struct ieee80211_sta *sta;
|
|
int ret;
|
|
|
|
might_sleep();
|
|
|
|
if (!key || !key->local->ops->set_key)
|
|
return;
|
|
|
|
assert_key_lock(key->local);
|
|
|
|
if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
|
|
return;
|
|
|
|
sta = get_sta_for_key(key);
|
|
sdata = key->sdata;
|
|
|
|
if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
|
|
sdata = container_of(sdata->bss,
|
|
struct ieee80211_sub_if_data,
|
|
u.ap);
|
|
|
|
ret = drv_set_key(key->local, DISABLE_KEY, sdata,
|
|
sta, &key->conf);
|
|
|
|
if (ret)
|
|
wiphy_err(key->local->hw.wiphy,
|
|
"failed to remove key (%d, %pM) from hardware (%d)\n",
|
|
key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
|
|
|
|
key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
|
|
}
|
|
|
|
void ieee80211_key_removed(struct ieee80211_key_conf *key_conf)
|
|
{
|
|
struct ieee80211_key *key;
|
|
|
|
key = container_of(key_conf, struct ieee80211_key, conf);
|
|
|
|
might_sleep();
|
|
assert_key_lock(key->local);
|
|
|
|
key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
|
|
|
|
/*
|
|
* Flush TX path to avoid attempts to use this key
|
|
* after this function returns. Until then, drivers
|
|
* must be prepared to handle the key.
|
|
*/
|
|
synchronize_rcu();
|
|
}
|
|
EXPORT_SYMBOL_GPL(ieee80211_key_removed);
|
|
|
|
static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
|
|
int idx)
|
|
{
|
|
struct ieee80211_key *key = NULL;
|
|
|
|
assert_key_lock(sdata->local);
|
|
|
|
if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
|
|
key = sdata->keys[idx];
|
|
|
|
rcu_assign_pointer(sdata->default_key, key);
|
|
|
|
if (key) {
|
|
ieee80211_debugfs_key_remove_default(key->sdata);
|
|
ieee80211_debugfs_key_add_default(key->sdata);
|
|
}
|
|
}
|
|
|
|
void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx)
|
|
{
|
|
mutex_lock(&sdata->local->key_mtx);
|
|
__ieee80211_set_default_key(sdata, idx);
|
|
mutex_unlock(&sdata->local->key_mtx);
|
|
}
|
|
|
|
static void
|
|
__ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
|
|
{
|
|
struct ieee80211_key *key = NULL;
|
|
|
|
assert_key_lock(sdata->local);
|
|
|
|
if (idx >= NUM_DEFAULT_KEYS &&
|
|
idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
|
|
key = sdata->keys[idx];
|
|
|
|
rcu_assign_pointer(sdata->default_mgmt_key, key);
|
|
|
|
if (key) {
|
|
ieee80211_debugfs_key_remove_mgmt_default(key->sdata);
|
|
ieee80211_debugfs_key_add_mgmt_default(key->sdata);
|
|
}
|
|
}
|
|
|
|
void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
|
|
int idx)
|
|
{
|
|
mutex_lock(&sdata->local->key_mtx);
|
|
__ieee80211_set_default_mgmt_key(sdata, idx);
|
|
mutex_unlock(&sdata->local->key_mtx);
|
|
}
|
|
|
|
|
|
static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
|
|
struct sta_info *sta,
|
|
bool pairwise,
|
|
struct ieee80211_key *old,
|
|
struct ieee80211_key *new)
|
|
{
|
|
int idx, defkey, defmgmtkey;
|
|
|
|
if (new)
|
|
list_add(&new->list, &sdata->key_list);
|
|
|
|
if (sta && pairwise) {
|
|
rcu_assign_pointer(sta->ptk, new);
|
|
} else if (sta) {
|
|
if (old)
|
|
idx = old->conf.keyidx;
|
|
else
|
|
idx = new->conf.keyidx;
|
|
rcu_assign_pointer(sta->gtk[idx], new);
|
|
} else {
|
|
WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
|
|
|
|
if (old)
|
|
idx = old->conf.keyidx;
|
|
else
|
|
idx = new->conf.keyidx;
|
|
|
|
defkey = old && sdata->default_key == old;
|
|
defmgmtkey = old && sdata->default_mgmt_key == old;
|
|
|
|
if (defkey && !new)
|
|
__ieee80211_set_default_key(sdata, -1);
|
|
if (defmgmtkey && !new)
|
|
__ieee80211_set_default_mgmt_key(sdata, -1);
|
|
|
|
rcu_assign_pointer(sdata->keys[idx], new);
|
|
if (defkey && new)
|
|
__ieee80211_set_default_key(sdata, new->conf.keyidx);
|
|
if (defmgmtkey && new)
|
|
__ieee80211_set_default_mgmt_key(sdata,
|
|
new->conf.keyidx);
|
|
}
|
|
|
|
if (old) {
|
|
/*
|
|
* We'll use an empty list to indicate that the key
|
|
* has already been removed.
|
|
*/
|
|
list_del_init(&old->list);
|
|
}
|
|
}
|
|
|
|
struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
|
|
const u8 *key_data,
|
|
size_t seq_len, const u8 *seq)
|
|
{
|
|
struct ieee80211_key *key;
|
|
int i, j, err;
|
|
|
|
BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS);
|
|
|
|
key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
|
|
if (!key)
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
/*
|
|
* Default to software encryption; we'll later upload the
|
|
* key to the hardware if possible.
|
|
*/
|
|
key->conf.flags = 0;
|
|
key->flags = 0;
|
|
|
|
key->conf.cipher = cipher;
|
|
key->conf.keyidx = idx;
|
|
key->conf.keylen = key_len;
|
|
switch (cipher) {
|
|
case WLAN_CIPHER_SUITE_WEP40:
|
|
case WLAN_CIPHER_SUITE_WEP104:
|
|
key->conf.iv_len = WEP_IV_LEN;
|
|
key->conf.icv_len = WEP_ICV_LEN;
|
|
break;
|
|
case WLAN_CIPHER_SUITE_TKIP:
|
|
key->conf.iv_len = TKIP_IV_LEN;
|
|
key->conf.icv_len = TKIP_ICV_LEN;
|
|
if (seq) {
|
|
for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
|
|
key->u.tkip.rx[i].iv32 =
|
|
get_unaligned_le32(&seq[2]);
|
|
key->u.tkip.rx[i].iv16 =
|
|
get_unaligned_le16(seq);
|
|
}
|
|
}
|
|
break;
|
|
case WLAN_CIPHER_SUITE_CCMP:
|
|
key->conf.iv_len = CCMP_HDR_LEN;
|
|
key->conf.icv_len = CCMP_MIC_LEN;
|
|
if (seq) {
|
|
for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++)
|
|
for (j = 0; j < CCMP_PN_LEN; j++)
|
|
key->u.ccmp.rx_pn[i][j] =
|
|
seq[CCMP_PN_LEN - j - 1];
|
|
}
|
|
/*
|
|
* Initialize AES key state here as an optimization so that
|
|
* it does not need to be initialized for every packet.
|
|
*/
|
|
key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
|
|
if (IS_ERR(key->u.ccmp.tfm)) {
|
|
err = PTR_ERR(key->u.ccmp.tfm);
|
|
kfree(key);
|
|
key = ERR_PTR(err);
|
|
}
|
|
break;
|
|
case WLAN_CIPHER_SUITE_AES_CMAC:
|
|
key->conf.iv_len = 0;
|
|
key->conf.icv_len = sizeof(struct ieee80211_mmie);
|
|
if (seq)
|
|
for (j = 0; j < 6; j++)
|
|
key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
|
|
/*
|
|
* Initialize AES key state here as an optimization so that
|
|
* it does not need to be initialized for every packet.
|
|
*/
|
|
key->u.aes_cmac.tfm =
|
|
ieee80211_aes_cmac_key_setup(key_data);
|
|
if (IS_ERR(key->u.aes_cmac.tfm)) {
|
|
err = PTR_ERR(key->u.aes_cmac.tfm);
|
|
kfree(key);
|
|
key = ERR_PTR(err);
|
|
}
|
|
break;
|
|
}
|
|
memcpy(key->conf.key, key_data, key_len);
|
|
INIT_LIST_HEAD(&key->list);
|
|
|
|
return key;
|
|
}
|
|
|
|
static void __ieee80211_key_destroy(struct ieee80211_key *key)
|
|
{
|
|
if (!key)
|
|
return;
|
|
|
|
if (key->local)
|
|
ieee80211_key_disable_hw_accel(key);
|
|
|
|
if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP)
|
|
ieee80211_aes_key_free(key->u.ccmp.tfm);
|
|
if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC)
|
|
ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
|
|
if (key->local)
|
|
ieee80211_debugfs_key_remove(key);
|
|
|
|
kfree(key);
|
|
}
|
|
|
|
int ieee80211_key_link(struct ieee80211_key *key,
|
|
struct ieee80211_sub_if_data *sdata,
|
|
struct sta_info *sta)
|
|
{
|
|
struct ieee80211_key *old_key;
|
|
int idx, ret;
|
|
bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
|
|
|
|
BUG_ON(!sdata);
|
|
BUG_ON(!key);
|
|
|
|
idx = key->conf.keyidx;
|
|
key->local = sdata->local;
|
|
key->sdata = sdata;
|
|
key->sta = sta;
|
|
|
|
if (sta) {
|
|
/*
|
|
* some hardware cannot handle TKIP with QoS, so
|
|
* we indicate whether QoS could be in use.
|
|
*/
|
|
if (test_sta_flags(sta, WLAN_STA_WME))
|
|
key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
|
|
} else {
|
|
if (sdata->vif.type == NL80211_IFTYPE_STATION) {
|
|
struct sta_info *ap;
|
|
|
|
/*
|
|
* We're getting a sta pointer in,
|
|
* so must be under RCU read lock.
|
|
*/
|
|
|
|
/* same here, the AP could be using QoS */
|
|
ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
|
|
if (ap) {
|
|
if (test_sta_flags(ap, WLAN_STA_WME))
|
|
key->conf.flags |=
|
|
IEEE80211_KEY_FLAG_WMM_STA;
|
|
}
|
|
}
|
|
}
|
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
|
|
|
if (sta && pairwise)
|
|
old_key = sta->ptk;
|
|
else if (sta)
|
|
old_key = sta->gtk[idx];
|
|
else
|
|
old_key = sdata->keys[idx];
|
|
|
|
__ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
|
|
__ieee80211_key_destroy(old_key);
|
|
|
|
ieee80211_debugfs_key_add(key);
|
|
|
|
ret = ieee80211_key_enable_hw_accel(key);
|
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
|
|
|
return ret;
|
|
}
|
|
|
|
static void __ieee80211_key_free(struct ieee80211_key *key)
|
|
{
|
|
/*
|
|
* Replace key with nothingness if it was ever used.
|
|
*/
|
|
if (key->sdata)
|
|
__ieee80211_key_replace(key->sdata, key->sta,
|
|
key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
|
|
key, NULL);
|
|
__ieee80211_key_destroy(key);
|
|
}
|
|
|
|
void ieee80211_key_free(struct ieee80211_local *local,
|
|
struct ieee80211_key *key)
|
|
{
|
|
if (!key)
|
|
return;
|
|
|
|
mutex_lock(&local->key_mtx);
|
|
__ieee80211_key_free(key);
|
|
mutex_unlock(&local->key_mtx);
|
|
}
|
|
|
|
void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
|
|
{
|
|
struct ieee80211_key *key;
|
|
|
|
ASSERT_RTNL();
|
|
|
|
if (WARN_ON(!ieee80211_sdata_running(sdata)))
|
|
return;
|
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
|
|
|
list_for_each_entry(key, &sdata->key_list, list)
|
|
ieee80211_key_enable_hw_accel(key);
|
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
|
}
|
|
|
|
void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
|
|
{
|
|
struct ieee80211_key *key;
|
|
|
|
ASSERT_RTNL();
|
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
|
|
|
list_for_each_entry(key, &sdata->key_list, list)
|
|
ieee80211_key_disable_hw_accel(key);
|
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
|
}
|
|
|
|
void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
|
|
{
|
|
struct ieee80211_key *key, *tmp;
|
|
|
|
mutex_lock(&sdata->local->key_mtx);
|
|
|
|
ieee80211_debugfs_key_remove_default(sdata);
|
|
ieee80211_debugfs_key_remove_mgmt_default(sdata);
|
|
|
|
list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
|
|
__ieee80211_key_free(key);
|
|
|
|
mutex_unlock(&sdata->local->key_mtx);
|
|
}
|