-
Notifications
You must be signed in to change notification settings - Fork 11
/
key.c
248 lines (225 loc) · 8.21 KB
/
key.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
// SPDX-License-Identifier: GPL-2.0-only
/*
* Key management related functions.
*
* Copyright (c) 2017-2020, Silicon Laboratories, Inc.
* Copyright (c) 2010, ST-Ericsson
*/
#include <linux/version.h>
#include <linux/etherdevice.h>
#include <net/mac80211.h>
#include "key.h"
#include "wfx.h"
#include "hif_tx_mib.h"
static int wfx_alloc_key(struct wfx_dev *wdev)
{
int idx;
idx = ffs(~wdev->key_map) - 1;
if (idx < 0 || idx >= MAX_KEY_ENTRIES)
return -1;
wdev->key_map |= BIT(idx);
return idx;
}
static void wfx_free_key(struct wfx_dev *wdev, int idx)
{
WARN(!(wdev->key_map & BIT(idx)), "inconsistent key allocation");
wdev->key_map &= ~BIT(idx);
}
static u8 fill_wep_pair(struct wfx_hif_wep_pairwise_key *msg,
struct ieee80211_key_conf *key, u8 *peer_addr)
{
WARN(key->keylen > sizeof(msg->key_data), "inconsistent data");
msg->key_length = key->keylen;
memcpy(msg->key_data, key->key, key->keylen);
ether_addr_copy(msg->peer_address, peer_addr);
return HIF_KEY_TYPE_WEP_PAIRWISE;
}
static u8 fill_wep_group(struct wfx_hif_wep_group_key *msg,
struct ieee80211_key_conf *key)
{
WARN(key->keylen > sizeof(msg->key_data), "inconsistent data");
msg->key_id = key->keyidx;
msg->key_length = key->keylen;
memcpy(msg->key_data, key->key, key->keylen);
return HIF_KEY_TYPE_WEP_DEFAULT;
}
static u8 fill_tkip_pair(struct wfx_hif_tkip_pairwise_key *msg,
struct ieee80211_key_conf *key, u8 *peer_addr)
{
u8 *keybuf = key->key;
WARN(key->keylen != sizeof(msg->tkip_key_data) + sizeof(msg->tx_mic_key) +
sizeof(msg->rx_mic_key), "inconsistent data");
memcpy(msg->tkip_key_data, keybuf, sizeof(msg->tkip_key_data));
keybuf += sizeof(msg->tkip_key_data);
memcpy(msg->tx_mic_key, keybuf, sizeof(msg->tx_mic_key));
keybuf += sizeof(msg->tx_mic_key);
memcpy(msg->rx_mic_key, keybuf, sizeof(msg->rx_mic_key));
ether_addr_copy(msg->peer_address, peer_addr);
return HIF_KEY_TYPE_TKIP_PAIRWISE;
}
static u8 fill_tkip_group(struct wfx_hif_tkip_group_key *msg, struct ieee80211_key_conf *key,
struct ieee80211_key_seq *seq, enum nl80211_iftype iftype)
{
u8 *keybuf = key->key;
WARN(key->keylen != sizeof(msg->tkip_key_data) + 2 * sizeof(msg->rx_mic_key),
"inconsistent data");
msg->key_id = key->keyidx;
memcpy(msg->rx_sequence_counter, &seq->tkip.iv16, sizeof(seq->tkip.iv16));
memcpy(msg->rx_sequence_counter + sizeof(u16), &seq->tkip.iv32, sizeof(seq->tkip.iv32));
memcpy(msg->tkip_key_data, keybuf, sizeof(msg->tkip_key_data));
keybuf += sizeof(msg->tkip_key_data);
if (iftype == NL80211_IFTYPE_AP)
/* Use Tx MIC Key */
memcpy(msg->rx_mic_key, keybuf + 0, sizeof(msg->rx_mic_key));
else
/* Use Rx MIC Key */
memcpy(msg->rx_mic_key, keybuf + 8, sizeof(msg->rx_mic_key));
return HIF_KEY_TYPE_TKIP_GROUP;
}
static u8 fill_ccmp_pair(struct wfx_hif_aes_pairwise_key *msg,
struct ieee80211_key_conf *key, u8 *peer_addr)
{
WARN(key->keylen != sizeof(msg->aes_key_data), "inconsistent data");
ether_addr_copy(msg->peer_address, peer_addr);
memcpy(msg->aes_key_data, key->key, key->keylen);
return HIF_KEY_TYPE_AES_PAIRWISE;
}
static u8 fill_ccmp_group(struct wfx_hif_aes_group_key *msg,
struct ieee80211_key_conf *key, struct ieee80211_key_seq *seq)
{
WARN(key->keylen != sizeof(msg->aes_key_data), "inconsistent data");
memcpy(msg->aes_key_data, key->key, key->keylen);
memcpy(msg->rx_sequence_counter, seq->ccmp.pn, sizeof(seq->ccmp.pn));
memreverse(msg->rx_sequence_counter, sizeof(seq->ccmp.pn));
msg->key_id = key->keyidx;
return HIF_KEY_TYPE_AES_GROUP;
}
static u8 fill_sms4_pair(struct wfx_hif_wapi_pairwise_key *msg,
struct ieee80211_key_conf *key, u8 *peer_addr)
{
u8 *keybuf = key->key;
WARN(key->keylen != sizeof(msg->wapi_key_data) + sizeof(msg->mic_key_data),
"inconsistent data");
ether_addr_copy(msg->peer_address, peer_addr);
memcpy(msg->wapi_key_data, keybuf, sizeof(msg->wapi_key_data));
keybuf += sizeof(msg->wapi_key_data);
memcpy(msg->mic_key_data, keybuf, sizeof(msg->mic_key_data));
msg->key_id = key->keyidx;
return HIF_KEY_TYPE_WAPI_PAIRWISE;
}
static u8 fill_sms4_group(struct wfx_hif_wapi_group_key *msg,
struct ieee80211_key_conf *key)
{
u8 *keybuf = key->key;
WARN(key->keylen != sizeof(msg->wapi_key_data) + sizeof(msg->mic_key_data),
"inconsistent data");
memcpy(msg->wapi_key_data, keybuf, sizeof(msg->wapi_key_data));
keybuf += sizeof(msg->wapi_key_data);
memcpy(msg->mic_key_data, keybuf, sizeof(msg->mic_key_data));
msg->key_id = key->keyidx;
return HIF_KEY_TYPE_WAPI_GROUP;
}
static u8 fill_aes_cmac_group(struct wfx_hif_igtk_group_key *msg,
struct ieee80211_key_conf *key, struct ieee80211_key_seq *seq)
{
WARN(key->keylen != sizeof(msg->igtk_key_data), "inconsistent data");
memcpy(msg->igtk_key_data, key->key, key->keylen);
memcpy(msg->ipn, seq->aes_cmac.pn, sizeof(seq->aes_cmac.pn));
memreverse(msg->ipn, sizeof(seq->aes_cmac.pn));
msg->key_id = key->keyidx;
return HIF_KEY_TYPE_IGTK_GROUP;
}
static int wfx_add_key(struct wfx_vif *wvif, struct ieee80211_sta *sta,
struct ieee80211_key_conf *key)
{
int ret;
struct wfx_hif_req_add_key k = { };
struct ieee80211_key_seq seq;
struct wfx_dev *wdev = wvif->wdev;
int idx = wfx_alloc_key(wvif->wdev);
bool pairwise = key->flags & IEEE80211_KEY_FLAG_PAIRWISE;
struct ieee80211_vif *vif = wvif_to_vif(wvif);
WARN(key->flags & IEEE80211_KEY_FLAG_PAIRWISE && !sta, "inconsistent data");
ieee80211_get_key_rx_seq(key, 0, &seq);
if (idx < 0)
return -EINVAL;
k.int_id = wvif->id;
k.entry_index = idx;
if (key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
key->cipher == WLAN_CIPHER_SUITE_WEP104) {
if (pairwise)
k.type = fill_wep_pair(&k.key.wep_pairwise_key, key, sta->addr);
else
k.type = fill_wep_group(&k.key.wep_group_key, key);
} else if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
if (pairwise)
k.type = fill_tkip_pair(&k.key.tkip_pairwise_key, key, sta->addr);
else
k.type = fill_tkip_group(&k.key.tkip_group_key, key, &seq,
vif->type);
} else if (key->cipher == WLAN_CIPHER_SUITE_CCMP) {
if (pairwise)
k.type = fill_ccmp_pair(&k.key.aes_pairwise_key, key, sta->addr);
else
k.type = fill_ccmp_group(&k.key.aes_group_key, key, &seq);
} else if (key->cipher == WLAN_CIPHER_SUITE_SMS4) {
if (pairwise)
k.type = fill_sms4_pair(&k.key.wapi_pairwise_key, key, sta->addr);
else
k.type = fill_sms4_group(&k.key.wapi_group_key, key);
} else if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC) {
k.type = fill_aes_cmac_group(&k.key.igtk_group_key, key, &seq);
#if KERNEL_VERSION(5, 4, 0) > LINUX_VERSION_CODE
wfx_free_key(wdev, idx);
return -EOPNOTSUPP;
#else
key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIE;
#endif
} else {
dev_warn(wdev->dev, "unsupported key type %d\n", key->cipher);
wfx_free_key(wdev, idx);
return -EOPNOTSUPP;
}
ret = wfx_hif_add_key(wdev, &k);
if (ret) {
#if KERNEL_VERSION(4, 14, 0) > LINUX_VERSION_CODE
#if KERNEL_VERSION(4, 9, 63) > LINUX_VERSION_CODE || KERNEL_VERSION(4, 10, 0) <= LINUX_VERSION_CODE
#if KERNEL_VERSION(4, 4, 99) > LINUX_VERSION_CODE || KERNEL_VERSION(4, 5, 0) <= LINUX_VERSION_CODE
if (ret == HIF_STATUS_INVALID_PARAMETER) {
/* Use a patched kernel in order to solve this error */
dev_warn(wdev->dev, "chip prevents re-installation of same key\n");
dev_warn(wdev->dev, "your kernel is not patched to protect against KRACK attack\n");
}
#endif
#endif
#endif
wfx_free_key(wdev, idx);
return -EOPNOTSUPP;
}
#if (KERNEL_VERSION(3, 19, 0) > LINUX_VERSION_CODE)
key->flags |= IEEE80211_KEY_FLAG_PUT_IV_SPACE;
#else
key->flags |= IEEE80211_KEY_FLAG_PUT_IV_SPACE | IEEE80211_KEY_FLAG_RESERVE_TAILROOM;
#endif
key->hw_key_idx = idx;
return 0;
}
static int wfx_remove_key(struct wfx_vif *wvif, struct ieee80211_key_conf *key)
{
WARN(key->hw_key_idx >= MAX_KEY_ENTRIES, "corrupted hw_key_idx");
wfx_free_key(wvif->wdev, key->hw_key_idx);
return wfx_hif_remove_key(wvif->wdev, key->hw_key_idx);
}
int wfx_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, struct ieee80211_vif *vif,
struct ieee80211_sta *sta, struct ieee80211_key_conf *key)
{
int ret = -EOPNOTSUPP;
struct wfx_vif *wvif = (struct wfx_vif *)vif->drv_priv;
mutex_lock(&wvif->wdev->conf_mutex);
if (cmd == SET_KEY)
ret = wfx_add_key(wvif, sta, key);
if (cmd == DISABLE_KEY)
ret = wfx_remove_key(wvif, key);
mutex_unlock(&wvif->wdev->conf_mutex);
return ret;
}