search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
qlcnic: support vlan rx accleration
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / mac80211 / key.c
blob3570f8c2bb401d3d4d20cbac6dbc0fddfb395235
1 /*
2 * Copyright 2002-2005, Instant802 Networks, Inc.
3 * Copyright 2005-2006, Devicescape Software, Inc.
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 */
11
12 #include <linux/if_ether.h>
13 #include <linux/etherdevice.h>
14 #include <linux/list.h>
15 #include <linux/rcupdate.h>
16 #include <linux/rtnetlink.h>
17 #include <linux/slab.h>
18 #include <net/mac80211.h>
19 #include "ieee80211_i.h"
20 #include "driver-ops.h"
21 #include "debugfs_key.h"
22 #include "aes_ccm.h"
23 #include "aes_cmac.h"
24
25
26 /**
27 * DOC: Key handling basics
28 *
29 * Key handling in mac80211 is done based on per-interface (sub_if_data)
30 * keys and per-station keys. Since each station belongs to an interface,
31 * each station key also belongs to that interface.
32 *
33 * Hardware acceleration is done on a best-effort basis, for each key
34 * that is eligible the hardware is asked to enable that key but if
35 * it cannot do that they key is simply kept for software encryption.
36 * There is currently no way of knowing this except by looking into
37 * debugfs.
38 *
39 * All key operations are protected internally.
40 *
41 * Within mac80211, key references are, just as STA structure references,
42 * protected by RCU. Note, however, that some things are unprotected,
43 * namely the key->sta dereferences within the hardware acceleration
44 * functions. This means that sta_info_destroy() must remove the key
45 * which waits for an RCU grace period.
46 */
47
48 static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
49
50 static void assert_key_lock(struct ieee80211_local *local)
51 {
52 WARN_ON(!mutex_is_locked(&local->key_mtx));
53 }
54
55 static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
56 {
57 if (key->sta)
58 return &key->sta->sta;
59
60 return NULL;
61 }
62
63 static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
64 {
65 struct ieee80211_sub_if_data *sdata;
66 struct ieee80211_sta *sta;
67 int ret;
68
69 might_sleep();
70
71 if (!key->local->ops->set_key) {
72 ret = -EOPNOTSUPP;
73 goto out_unsupported;
74 }
75
76 assert_key_lock(key->local);
77
78 sta = get_sta_for_key(key);
79
80 sdata = key->sdata;
81 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
82 sdata = container_of(sdata->bss,
83 struct ieee80211_sub_if_data,
84 u.ap);
85
86 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
87
88 if (!ret)
89 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
90
91 if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP)
92 wiphy_err(key->local->hw.wiphy,
93 "failed to set key (%d, %pM) to hardware (%d)\n",
94 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
95
96 out_unsupported:
97 if (ret) {
98 switch (key->conf.cipher) {
99 case WLAN_CIPHER_SUITE_WEP40:
100 case WLAN_CIPHER_SUITE_WEP104:
101 case WLAN_CIPHER_SUITE_TKIP:
102 case WLAN_CIPHER_SUITE_CCMP:
103 case WLAN_CIPHER_SUITE_AES_CMAC:
104 /* all of these we can do in software */
105 ret = 0;
106 break;
107 default:
108 ret = -EINVAL;
109 }
110 }
111
112 return ret;
113 }
114
115 static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
116 {
117 struct ieee80211_sub_if_data *sdata;
118 struct ieee80211_sta *sta;
119 int ret;
120
121 might_sleep();
122
123 if (!key || !key->local->ops->set_key)
124 return;
125
126 assert_key_lock(key->local);
127
128 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
129 return;
130
131 sta = get_sta_for_key(key);
132 sdata = key->sdata;
133
134 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
135 sdata = container_of(sdata->bss,
136 struct ieee80211_sub_if_data,
137 u.ap);
138
139 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
140 sta, &key->conf);
141
142 if (ret)
143 wiphy_err(key->local->hw.wiphy,
144 "failed to remove key (%d, %pM) from hardware (%d)\n",
145 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
146
147 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
148 }
149
150 static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
151 int idx)
152 {
153 struct ieee80211_key *key = NULL;
154
155 assert_key_lock(sdata->local);
156
157 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
158 key = sdata->keys[idx];
159
160 rcu_assign_pointer(sdata->default_key, key);
161
162 if (key) {
163 ieee80211_debugfs_key_remove_default(key->sdata);
164 ieee80211_debugfs_key_add_default(key->sdata);
165 }
166 }
167
168 void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx)
169 {
170 mutex_lock(&sdata->local->key_mtx);
171 __ieee80211_set_default_key(sdata, idx);
172 mutex_unlock(&sdata->local->key_mtx);
173 }
174
175 static void
176 __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
177 {
178 struct ieee80211_key *key = NULL;
179
180 assert_key_lock(sdata->local);
181
182 if (idx >= NUM_DEFAULT_KEYS &&
183 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
184 key = sdata->keys[idx];
185
186 rcu_assign_pointer(sdata->default_mgmt_key, key);
187
188 if (key) {
189 ieee80211_debugfs_key_remove_mgmt_default(key->sdata);
190 ieee80211_debugfs_key_add_mgmt_default(key->sdata);
191 }
192 }
193
194 void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
195 int idx)
196 {
197 mutex_lock(&sdata->local->key_mtx);
198 __ieee80211_set_default_mgmt_key(sdata, idx);
199 mutex_unlock(&sdata->local->key_mtx);
200 }
201
202
203 static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
204 struct sta_info *sta,
205 struct ieee80211_key *old,
206 struct ieee80211_key *new)
207 {
208 int idx, defkey, defmgmtkey;
209
210 if (new)
211 list_add(&new->list, &sdata->key_list);
212
213 if (sta) {
214 rcu_assign_pointer(sta->key, new);
215 } else {
216 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
217
218 if (old)
219 idx = old->conf.keyidx;
220 else
221 idx = new->conf.keyidx;
222
223 defkey = old && sdata->default_key == old;
224 defmgmtkey = old && sdata->default_mgmt_key == old;
225
226 if (defkey && !new)
227 __ieee80211_set_default_key(sdata, -1);
228 if (defmgmtkey && !new)
229 __ieee80211_set_default_mgmt_key(sdata, -1);
230
231 rcu_assign_pointer(sdata->keys[idx], new);
232 if (defkey && new)
233 __ieee80211_set_default_key(sdata, new->conf.keyidx);
234 if (defmgmtkey && new)
235 __ieee80211_set_default_mgmt_key(sdata,
236 new->conf.keyidx);
237 }
238
239 if (old) {
240 /*
241 * We'll use an empty list to indicate that the key
242 * has already been removed.
243 */
244 list_del_init(&old->list);
245 }
246 }
247
248 struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
249 const u8 *key_data,
250 size_t seq_len, const u8 *seq)
251 {
252 struct ieee80211_key *key;
253 int i, j, err;
254
255 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS);
256
257 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
258 if (!key)
259 return ERR_PTR(-ENOMEM);
260
261 /*
262 * Default to software encryption; we'll later upload the
263 * key to the hardware if possible.
264 */
265 key->conf.flags = 0;
266 key->flags = 0;
267
268 key->conf.cipher = cipher;
269 key->conf.keyidx = idx;
270 key->conf.keylen = key_len;
271 switch (cipher) {
272 case WLAN_CIPHER_SUITE_WEP40:
273 case WLAN_CIPHER_SUITE_WEP104:
274 key->conf.iv_len = WEP_IV_LEN;
275 key->conf.icv_len = WEP_ICV_LEN;
276 break;
277 case WLAN_CIPHER_SUITE_TKIP:
278 key->conf.iv_len = TKIP_IV_LEN;
279 key->conf.icv_len = TKIP_ICV_LEN;
280 if (seq) {
281 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) {
282 key->u.tkip.rx[i].iv32 =
283 get_unaligned_le32(&seq[2]);
284 key->u.tkip.rx[i].iv16 =
285 get_unaligned_le16(seq);
286 }
287 }
288 break;
289 case WLAN_CIPHER_SUITE_CCMP:
290 key->conf.iv_len = CCMP_HDR_LEN;
291 key->conf.icv_len = CCMP_MIC_LEN;
292 if (seq) {
293 for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++)
294 for (j = 0; j < CCMP_PN_LEN; j++)
295 key->u.ccmp.rx_pn[i][j] =
296 seq[CCMP_PN_LEN - j - 1];
297 }
298 /*
299 * Initialize AES key state here as an optimization so that
300 * it does not need to be initialized for every packet.
301 */
302 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
303 if (IS_ERR(key->u.ccmp.tfm)) {
304 err = PTR_ERR(key->u.ccmp.tfm);
305 kfree(key);
306 key = ERR_PTR(err);
307 }
308 break;
309 case WLAN_CIPHER_SUITE_AES_CMAC:
310 key->conf.iv_len = 0;
311 key->conf.icv_len = sizeof(struct ieee80211_mmie);
312 if (seq)
313 for (j = 0; j < 6; j++)
314 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
315 /*
316 * Initialize AES key state here as an optimization so that
317 * it does not need to be initialized for every packet.
318 */
319 key->u.aes_cmac.tfm =
320 ieee80211_aes_cmac_key_setup(key_data);
321 if (IS_ERR(key->u.aes_cmac.tfm)) {
322 err = PTR_ERR(key->u.aes_cmac.tfm);
323 kfree(key);
324 key = ERR_PTR(err);
325 }
326 break;
327 }
328 memcpy(key->conf.key, key_data, key_len);
329 INIT_LIST_HEAD(&key->list);
330
331 return key;
332 }
333
334 static void __ieee80211_key_destroy(struct ieee80211_key *key)
335 {
336 if (!key)
337 return;
338
339 if (key->local)
340 ieee80211_key_disable_hw_accel(key);
341
342 if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP)
343 ieee80211_aes_key_free(key->u.ccmp.tfm);
344 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC)
345 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
346 if (key->local)
347 ieee80211_debugfs_key_remove(key);
348
349 kfree(key);
350 }
351
352 int ieee80211_key_link(struct ieee80211_key *key,
353 struct ieee80211_sub_if_data *sdata,
354 struct sta_info *sta)
355 {
356 struct ieee80211_key *old_key;
357 int idx, ret;
358
359 BUG_ON(!sdata);
360 BUG_ON(!key);
361
362 idx = key->conf.keyidx;
363 key->local = sdata->local;
364 key->sdata = sdata;
365 key->sta = sta;
366
367 if (sta) {
368 /*
369 * some hardware cannot handle TKIP with QoS, so
370 * we indicate whether QoS could be in use.
371 */
372 if (test_sta_flags(sta, WLAN_STA_WME))
373 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
374
375 /*
376 * This key is for a specific sta interface,
377 * inform the driver that it should try to store
378 * this key as pairwise key.
379 */
380 key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
381 } else {
382 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
383 struct sta_info *ap;
384
385 /*
386 * We're getting a sta pointer in,
387 * so must be under RCU read lock.
388 */
389
390 /* same here, the AP could be using QoS */
391 ap = sta_info_get(key->sdata, key->sdata->u.mgd.bssid);
392 if (ap) {
393 if (test_sta_flags(ap, WLAN_STA_WME))
394 key->conf.flags |=
395 IEEE80211_KEY_FLAG_WMM_STA;
396 }
397 }
398 }
399
400 mutex_lock(&sdata->local->key_mtx);
401
402 if (sta)
403 old_key = sta->key;
404 else
405 old_key = sdata->keys[idx];
406
407 __ieee80211_key_replace(sdata, sta, old_key, key);
408 __ieee80211_key_destroy(old_key);
409
410 ieee80211_debugfs_key_add(key);
411
412 ret = ieee80211_key_enable_hw_accel(key);
413
414 mutex_unlock(&sdata->local->key_mtx);
415
416 return ret;
417 }
418
419 static void __ieee80211_key_free(struct ieee80211_key *key)
420 {
421 /*
422 * Replace key with nothingness if it was ever used.
423 */
424 if (key->sdata)
425 __ieee80211_key_replace(key->sdata, key->sta,
426 key, NULL);
427 __ieee80211_key_destroy(key);
428 }
429
430 void ieee80211_key_free(struct ieee80211_local *local,
431 struct ieee80211_key *key)
432 {
433 if (!key)
434 return;
435
436 mutex_lock(&local->key_mtx);
437 __ieee80211_key_free(key);
438 mutex_unlock(&local->key_mtx);
439 }
440
441 void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
442 {
443 struct ieee80211_key *key;
444
445 ASSERT_RTNL();
446
447 if (WARN_ON(!ieee80211_sdata_running(sdata)))
448 return;
449
450 mutex_lock(&sdata->local->key_mtx);
451
452 list_for_each_entry(key, &sdata->key_list, list)
453 ieee80211_key_enable_hw_accel(key);
454
455 mutex_unlock(&sdata->local->key_mtx);
456 }
457
458 void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
459 {
460 struct ieee80211_key *key;
461
462 ASSERT_RTNL();
463
464 mutex_lock(&sdata->local->key_mtx);
465
466 list_for_each_entry(key, &sdata->key_list, list)
467 ieee80211_key_disable_hw_accel(key);
468
469 mutex_unlock(&sdata->local->key_mtx);
470 }
471
472 void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
473 {
474 struct ieee80211_key *key, *tmp;
475
476 mutex_lock(&sdata->local->key_mtx);
477
478 ieee80211_debugfs_key_remove_default(sdata);
479 ieee80211_debugfs_key_remove_mgmt_default(sdata);
480
481 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
482 __ieee80211_key_free(key);
483
484 mutex_unlock(&sdata->local->key_mtx);
485 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree