1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0-only */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * Copyright 2002-2004, Instant802 Networks, Inc. 4*4882a593Smuzhiyun * Copyright 2005, Devicescape Software, Inc. 5*4882a593Smuzhiyun * Copyright (C) 2019 Intel Corporation 6*4882a593Smuzhiyun */ 7*4882a593Smuzhiyun 8*4882a593Smuzhiyun #ifndef IEEE80211_KEY_H 9*4882a593Smuzhiyun #define IEEE80211_KEY_H 10*4882a593Smuzhiyun 11*4882a593Smuzhiyun #include <linux/types.h> 12*4882a593Smuzhiyun #include <linux/list.h> 13*4882a593Smuzhiyun #include <linux/crypto.h> 14*4882a593Smuzhiyun #include <linux/rcupdate.h> 15*4882a593Smuzhiyun #include <crypto/arc4.h> 16*4882a593Smuzhiyun #include <net/mac80211.h> 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun #define NUM_DEFAULT_KEYS 4 19*4882a593Smuzhiyun #define NUM_DEFAULT_MGMT_KEYS 2 20*4882a593Smuzhiyun #define NUM_DEFAULT_BEACON_KEYS 2 21*4882a593Smuzhiyun #define INVALID_PTK_KEYIDX 2 /* Keyidx always pointing to a NULL key for PTK */ 22*4882a593Smuzhiyun 23*4882a593Smuzhiyun struct ieee80211_local; 24*4882a593Smuzhiyun struct ieee80211_sub_if_data; 25*4882a593Smuzhiyun struct sta_info; 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun /** 28*4882a593Smuzhiyun * enum ieee80211_internal_key_flags - internal key flags 29*4882a593Smuzhiyun * 30*4882a593Smuzhiyun * @KEY_FLAG_UPLOADED_TO_HARDWARE: Indicates that this key is present 31*4882a593Smuzhiyun * in the hardware for TX crypto hardware acceleration. 32*4882a593Smuzhiyun * @KEY_FLAG_TAINTED: Key is tainted and packets should be dropped. 33*4882a593Smuzhiyun * @KEY_FLAG_CIPHER_SCHEME: This key is for a hardware cipher scheme 34*4882a593Smuzhiyun */ 35*4882a593Smuzhiyun enum ieee80211_internal_key_flags { 36*4882a593Smuzhiyun KEY_FLAG_UPLOADED_TO_HARDWARE = BIT(0), 37*4882a593Smuzhiyun KEY_FLAG_TAINTED = BIT(1), 38*4882a593Smuzhiyun KEY_FLAG_CIPHER_SCHEME = BIT(2), 39*4882a593Smuzhiyun }; 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun enum ieee80211_internal_tkip_state { 42*4882a593Smuzhiyun TKIP_STATE_NOT_INIT, 43*4882a593Smuzhiyun TKIP_STATE_PHASE1_DONE, 44*4882a593Smuzhiyun TKIP_STATE_PHASE1_HW_UPLOADED, 45*4882a593Smuzhiyun }; 46*4882a593Smuzhiyun 47*4882a593Smuzhiyun struct tkip_ctx { 48*4882a593Smuzhiyun u16 p1k[5]; /* p1k cache */ 49*4882a593Smuzhiyun u32 p1k_iv32; /* iv32 for which p1k computed */ 50*4882a593Smuzhiyun enum ieee80211_internal_tkip_state state; 51*4882a593Smuzhiyun }; 52*4882a593Smuzhiyun 53*4882a593Smuzhiyun struct tkip_ctx_rx { 54*4882a593Smuzhiyun struct tkip_ctx ctx; 55*4882a593Smuzhiyun u32 iv32; /* current iv32 */ 56*4882a593Smuzhiyun u16 iv16; /* current iv16 */ 57*4882a593Smuzhiyun }; 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun struct ieee80211_key { 60*4882a593Smuzhiyun struct ieee80211_local *local; 61*4882a593Smuzhiyun struct ieee80211_sub_if_data *sdata; 62*4882a593Smuzhiyun struct sta_info *sta; 63*4882a593Smuzhiyun 64*4882a593Smuzhiyun /* for sdata list */ 65*4882a593Smuzhiyun struct list_head list; 66*4882a593Smuzhiyun 67*4882a593Smuzhiyun /* protected by key mutex */ 68*4882a593Smuzhiyun unsigned int flags; 69*4882a593Smuzhiyun 70*4882a593Smuzhiyun union { 71*4882a593Smuzhiyun struct { 72*4882a593Smuzhiyun /* protects tx context */ 73*4882a593Smuzhiyun spinlock_t txlock; 74*4882a593Smuzhiyun 75*4882a593Smuzhiyun /* last used TSC */ 76*4882a593Smuzhiyun struct tkip_ctx tx; 77*4882a593Smuzhiyun 78*4882a593Smuzhiyun /* last received RSC */ 79*4882a593Smuzhiyun struct tkip_ctx_rx rx[IEEE80211_NUM_TIDS]; 80*4882a593Smuzhiyun 81*4882a593Smuzhiyun /* number of mic failures */ 82*4882a593Smuzhiyun u32 mic_failures; 83*4882a593Smuzhiyun } tkip; 84*4882a593Smuzhiyun struct { 85*4882a593Smuzhiyun /* 86*4882a593Smuzhiyun * Last received packet number. The first 87*4882a593Smuzhiyun * IEEE80211_NUM_TIDS counters are used with Data 88*4882a593Smuzhiyun * frames and the last counter is used with Robust 89*4882a593Smuzhiyun * Management frames. 90*4882a593Smuzhiyun */ 91*4882a593Smuzhiyun u8 rx_pn[IEEE80211_NUM_TIDS + 1][IEEE80211_CCMP_PN_LEN]; 92*4882a593Smuzhiyun struct crypto_aead *tfm; 93*4882a593Smuzhiyun u32 replays; /* dot11RSNAStatsCCMPReplays */ 94*4882a593Smuzhiyun } ccmp; 95*4882a593Smuzhiyun struct { 96*4882a593Smuzhiyun u8 rx_pn[IEEE80211_CMAC_PN_LEN]; 97*4882a593Smuzhiyun struct crypto_shash *tfm; 98*4882a593Smuzhiyun u32 replays; /* dot11RSNAStatsCMACReplays */ 99*4882a593Smuzhiyun u32 icverrors; /* dot11RSNAStatsCMACICVErrors */ 100*4882a593Smuzhiyun } aes_cmac; 101*4882a593Smuzhiyun struct { 102*4882a593Smuzhiyun u8 rx_pn[IEEE80211_GMAC_PN_LEN]; 103*4882a593Smuzhiyun struct crypto_aead *tfm; 104*4882a593Smuzhiyun u32 replays; /* dot11RSNAStatsCMACReplays */ 105*4882a593Smuzhiyun u32 icverrors; /* dot11RSNAStatsCMACICVErrors */ 106*4882a593Smuzhiyun } aes_gmac; 107*4882a593Smuzhiyun struct { 108*4882a593Smuzhiyun /* Last received packet number. The first 109*4882a593Smuzhiyun * IEEE80211_NUM_TIDS counters are used with Data 110*4882a593Smuzhiyun * frames and the last counter is used with Robust 111*4882a593Smuzhiyun * Management frames. 112*4882a593Smuzhiyun */ 113*4882a593Smuzhiyun u8 rx_pn[IEEE80211_NUM_TIDS + 1][IEEE80211_GCMP_PN_LEN]; 114*4882a593Smuzhiyun struct crypto_aead *tfm; 115*4882a593Smuzhiyun u32 replays; /* dot11RSNAStatsGCMPReplays */ 116*4882a593Smuzhiyun } gcmp; 117*4882a593Smuzhiyun struct { 118*4882a593Smuzhiyun /* generic cipher scheme */ 119*4882a593Smuzhiyun u8 rx_pn[IEEE80211_NUM_TIDS + 1][IEEE80211_MAX_PN_LEN]; 120*4882a593Smuzhiyun } gen; 121*4882a593Smuzhiyun } u; 122*4882a593Smuzhiyun 123*4882a593Smuzhiyun #ifdef CONFIG_MAC80211_DEBUGFS 124*4882a593Smuzhiyun struct { 125*4882a593Smuzhiyun struct dentry *stalink; 126*4882a593Smuzhiyun struct dentry *dir; 127*4882a593Smuzhiyun int cnt; 128*4882a593Smuzhiyun } debugfs; 129*4882a593Smuzhiyun #endif 130*4882a593Smuzhiyun 131*4882a593Smuzhiyun unsigned int color; 132*4882a593Smuzhiyun 133*4882a593Smuzhiyun /* 134*4882a593Smuzhiyun * key config, must be last because it contains key 135*4882a593Smuzhiyun * material as variable length member 136*4882a593Smuzhiyun */ 137*4882a593Smuzhiyun struct ieee80211_key_conf conf; 138*4882a593Smuzhiyun }; 139*4882a593Smuzhiyun 140*4882a593Smuzhiyun struct ieee80211_key * 141*4882a593Smuzhiyun ieee80211_key_alloc(u32 cipher, int idx, size_t key_len, 142*4882a593Smuzhiyun const u8 *key_data, 143*4882a593Smuzhiyun size_t seq_len, const u8 *seq, 144*4882a593Smuzhiyun const struct ieee80211_cipher_scheme *cs); 145*4882a593Smuzhiyun /* 146*4882a593Smuzhiyun * Insert a key into data structures (sdata, sta if necessary) 147*4882a593Smuzhiyun * to make it used, free old key. On failure, also free the new key. 148*4882a593Smuzhiyun */ 149*4882a593Smuzhiyun int ieee80211_key_link(struct ieee80211_key *key, 150*4882a593Smuzhiyun struct ieee80211_sub_if_data *sdata, 151*4882a593Smuzhiyun struct sta_info *sta); 152*4882a593Smuzhiyun int ieee80211_set_tx_key(struct ieee80211_key *key); 153*4882a593Smuzhiyun void ieee80211_key_free(struct ieee80211_key *key, bool delay_tailroom); 154*4882a593Smuzhiyun void ieee80211_key_free_unused(struct ieee80211_key *key); 155*4882a593Smuzhiyun void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx, 156*4882a593Smuzhiyun bool uni, bool multi); 157*4882a593Smuzhiyun void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 158*4882a593Smuzhiyun int idx); 159*4882a593Smuzhiyun void ieee80211_set_default_beacon_key(struct ieee80211_sub_if_data *sdata, 160*4882a593Smuzhiyun int idx); 161*4882a593Smuzhiyun void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata, 162*4882a593Smuzhiyun bool force_synchronize); 163*4882a593Smuzhiyun void ieee80211_free_sta_keys(struct ieee80211_local *local, 164*4882a593Smuzhiyun struct sta_info *sta); 165*4882a593Smuzhiyun void ieee80211_reenable_keys(struct ieee80211_sub_if_data *sdata); 166*4882a593Smuzhiyun 167*4882a593Smuzhiyun #define key_mtx_dereference(local, ref) \ 168*4882a593Smuzhiyun rcu_dereference_protected(ref, lockdep_is_held(&((local)->key_mtx))) 169*4882a593Smuzhiyun 170*4882a593Smuzhiyun void ieee80211_delayed_tailroom_dec(struct work_struct *wk); 171*4882a593Smuzhiyun 172*4882a593Smuzhiyun #endif /* IEEE80211_KEY_H */ 173