17 Mar, 2015
1 commit
-
When a key is installed using a cipher scheme, set a new
internal key flag (KEY_FLAG_CIPHER_SCHEME) on it, to allow
distinguishing such keys more easily.In particular, use this flag on the TX path instead of
testing the sta->cipher_scheme pointer, as the station is
NULL for broad-/multicast message, and use the key's iv_len
instead of the cipher scheme information.Signed-off-by: Cedric Izoard
[add missing documentation, rewrite commit message]
Signed-off-by: Johannes Berg
27 Jan, 2015
4 commits
-
This allows mac80211 to configure BIP-GMAC-128 and BIP-GMAC-256 to the
driver and also use software-implementation within mac80211 when the
driver does not support this with hardware accelaration.Signed-off-by: Jouni Malinen
Signed-off-by: Johannes Berg -
This allows mac80211 to configure BIP-CMAC-256 to the driver and also
use software-implementation within mac80211 when the driver does not
support this with hardware accelaration.Signed-off-by: Jouni Malinen
Signed-off-by: Johannes Berg -
This allows mac80211 to configure CCMP-256 to the driver and also use
software-implementation within mac80211 when the driver does not support
this with hardware accelaration.Signed-off-by: Jouni Malinen
[squash ccmp256 -> mic_len argument change]
Signed-off-by: Johannes Berg -
This allows mac80211 to configure GCMP and GCMP-256 to the driver and
also use software-implementation within mac80211 when the driver does
not support this with hardware accelaration.Signed-off-by: Jouni Malinen
[remove a spurious newline]
Signed-off-by: Johannes Berg
23 Jan, 2015
1 commit
-
Some drivers unfortunately cannot support software crypto, but
mac80211 currently assumes that they do.This has the issue that if the hardware enabling fails for some
reason, the software fallback is used, which won't work. This
clearly isn't desirable, the error should be reported and the
key setting refused.Support this in mac80211 by allowing drivers to set a new HW
flag IEEE80211_HW_SW_CRYPTO_CONTROL, in which case mac80211 will
only allow software fallback if the set_key() method returns 1.
The driver will also need to advertise supported cipher suites
so that mac80211 doesn't advertise any (future) software ciphers
that the driver can't actually do.While at it, to make it easier to support this, refactor the
ieee80211_init_cipher_suites() code.Signed-off-by: Johannes Berg
07 Jan, 2015
1 commit
-
When hw acceleration is enabled, the GENERATE_IV or PUT_IV_SPACE flags
only require headroom space. Therefore, the tailroom-needed counter can
safely be decremented for most drivers.The older incarnation of this patch (ca34e3b5) assumed that the above
holds true for all drivers. As reported by Christopher Chavez and
researched by Christian Lamparter and Larry Finger, this isn't a valid
assumption for p54 and cw1200.Drivers that still require tailroom for ICV/MIC even when HW encryption
is enabled can use IEEE80211_KEY_FLAG_RESERVE_TAILROOM to indicate it.Signed-off-by: Ido Yariv
Cc: Christopher Chavez
Cc: Christian Lamparter
Cc: Larry Finger
Cc: Solomon Peachy
Signed-off-by: Johannes Berg
05 Jan, 2015
1 commit
-
This reverts commit ca34e3b5c808385b175650605faa29e71e91991b.
It turns out that the p54 and cw2100 drivers assume that there's
tailroom even when they don't say they really need it. However,
there's currently no way for them to explicitly say they do need
it, so for now revert this.This fixes https://bugzilla.kernel.org/show_bug.cgi?id=90331.
Cc: stable@vger.kernel.org
Fixes: ca34e3b5c808 ("mac80211: Fix accounting of the tailroom-needed counter")
Reported-by: Christopher Chavez
Bisected-by: Larry Finger
Debugged-by: Christian Lamparter
Signed-off-by: Johannes Berg
17 Dec, 2014
1 commit
-
When writing the code to allow per-station GTKs, I neglected to
take into account the management frame keys (index 4 and 5) when
freeing the station and only added code to free the first four
data frame keys.Fix this by iterating the array of keys over the right length.
Cc: stable@vger.kernel.org
Fixes: e31b82136d1a ("cfg80211/mac80211: allow per-station GTKs")
Signed-off-by: Johannes Berg
22 Oct, 2014
1 commit
-
When a key is tainted during resume, it is no longer programmed
into the device; however, it's uploaded flag may (will) be set.
Clear the flag when not programming it because it's tainted to
avoid attempting to remove it again later.Signed-off-by: Johannes Berg
11 Sep, 2014
1 commit
-
When freeing the key, clear the memory to avoid having the
key material stick around in memory "forever".Signed-off-by: Johannes Berg
05 Sep, 2014
1 commit
-
Our legal structure changed at some point (see wikipedia), but
we forgot to immediately switch over to the new copyright
notice.For files that we have modified in the time since the change,
add the proper copyright notice now.Signed-off-by: Johannes Berg
Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
26 Aug, 2014
1 commit
-
When hw acceleration is enabled, the GENERATE_IV or PUT_IV_SPACE flags
will only require headroom space. Consequently, the tailroom-needed
counter can safely be decremented.Signed-off-by: Ido Yariv
Signed-off-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
21 Jul, 2014
1 commit
-
sdata can't be NULL, and key being NULL is really not possible
unless the code is modified.The sdata check made a static analyze (klocwork) unhappy because
we would get pointer to local (sdata->local) and only then check
if sdata is non-NULL.Signed-off-by: Eytan Lifshitz
Signed-off-by: Emmanuel Grumbach
[remove !key check as well]
Signed-off-by: Johannes Berg
29 Apr, 2014
1 commit
-
These BUG_ON statements should never trigger, but in the unlikely
event that somebody does manage don't stop everything but simply
exit the code path with an error.Leave the one BUG_ON where changing it would result in a NULL
pointer dereference.Signed-off-by: Johannes Berg
16 Dec, 2013
2 commits
-
When the AP interface is stopped, free all AP and VLAN keys at
once to only require synchronize_net() once. Since that does
synchronize_net(), also move two such calls into the function
(using the new force_synchronize parameter) to avoid doing it
twice.Signed-off-by: Johannes Berg
-
There's no reason to do this inside the sta key removal
since the keys can only be reached through the sta (and
not by the driver at all) so once the sta can no longer
be reached, the keys are safe.This will allow further optimisation opportunities with
multiple stations.Signed-off-by: Johannes Berg
26 Nov, 2013
2 commits
-
This adds generic cipher scheme support to mac80211, such schemes
are fully under control by the driver. On hw registration drivers
may specify additional HW ciphers with a scheme how these ciphers
have to be handled by mac80211 TX/RR. A cipher scheme specifies a
cipher suite value, a size of the security header to be added to
or stripped from frames and how the PN is to be verified on RX.Signed-off-by: Max Stepanov
Signed-off-by: Johannes Berg -
There's no code calling ieee80211_key_replace() with both
arguments NULL and it wouldn't make sense, but in the
interest of maintainability add a warning for it. As a
side effect, this also shuts up a smatch warning.Signed-off-by: Johannes Berg
26 Sep, 2013
1 commit
-
No need for ERR_PTR(PTR_ERR()) since there's ERR_CAST, use it.
Reported-by: Fengguang Wu
Signed-off-by: Johannes Berg
16 Aug, 2013
1 commit
-
In order to be able to (securely) keep connections alive after
the system was suspended for WoWLAN, we need some additional
APIs. We already have API (ieee80211_gtk_rekey_notify) to tell
wpa_supplicant about the new replay counter if GTK rekeying
was done by the device while the host was asleep, but that's
not sufficient.If GTK rekeying wasn't done, we need to tell the host about
sequence counters for the GTK (and PTK regardless of rekeying)
that was used while asleep, add ieee80211_set_key_rx_seq() for
that.If GTK rekeying was done, then we need to be able to disable
the old keys (with ieee80211_remove_key()) and allocate the
new GTK key(s) in mac80211 (with ieee80211_gtk_rekey_add()).If protocol offload (e.g. ARP) is implemented, then also the
TX sequence counter for the PTK must be updated, using the new
ieee80211_set_key_tx_seq() function.Signed-off-by: Johannes Berg
17 May, 2013
1 commit
-
mac80211 and the Intel drivers all define crypto
constants, move them to ieee80211.h instead.Reviewed-by: Emmanuel Grumbach
Signed-off-by: Johannes Berg
11 Mar, 2013
3 commits
-
Instead of calling synchronize_net() for every key
on an interface or when a station is removed, do it
only once for all keys in both of these cases.As a side-effect, removing station keys now always
calls synchronize_net() even if there are no keys,
which fixes an issue with station removal happening
in the driver while the station could still be used
for TX.Signed-off-by: Johannes Berg
-
Some key function don't exist without underscores, so
remove the underscores from those.Signed-off-by: Johannes Berg
-
When a key is allocated but not really added, there's no
need to go through the entire teardown process. Also, if
adding a key fails, ieee80211_key_link() can take care of
freeing it instead of the (only) caller.Signed-off-by: Johannes Berg
06 Mar, 2013
3 commits
-
During roaming, the crypto_tx_tailroom_needed_cnt counter
will often take values 2,1,0,1,2 because first keys are
removed and then new keys are added. This is inefficient
because during the 0->1 transition, synchronize_net must
be called to avoid packet races, although typically no
packets would be flowing during that time.To avoid that, defer the decrement (2->1, 1->0) when keys
are removed (by half a second). This means the counter
will really have the values 2,2,2,3,4 ... 2, thus never
reaching 0 and having to do the 0->1 transition.Note that this patch entirely disregards the drivers for
which this optimisation was done to start with, for them
the key removal itself will be expensive because it has
to synchronize_net() after the counter is incremented to
remove the key from HW crypto. For them the sequence will
look like this: 0,1,0,1,0,1,0,1,0 (*) which is clearly a
lot more inefficient. This could be addressed separately,
during key removal the 0->1->0 sequence isn't necessary.(*) it starts at 0 because HW crypto is on, then goes to
1 when HW crypto is disabled for a key, then back to
0 because the key is deleted; this happens for both
keys in the example. When new keys are added, it goes
to 1 first because they're added in software; when a
key is moved to hardware it goes back to 0Signed-off-by: Johannes Berg
-
There's no driver using this flag, so it seems
that all drivers support HW crypto with WMM or
don't support it at all. Remove the flag and
code setting it.Signed-off-by: Johannes Berg
-
Since now we disconnect before suspend, various code which save
connection state can now be removed from suspend and resume
procedure. Cleanup on resume side is smaller as ieee80211_reconfig()
is also used for H/W restart.Signed-off-by: Stanislaw Gruszka
Signed-off-by: Johannes Berg
18 Jan, 2013
1 commit
-
There are hardwares which support offload of data packets
for example when auto ARP is enabled the hw will send
the ARP response. In such cases if WEP encryption is
configured the hw must know the default WEP key in order
to encrypt the packets correctly.When hw_accel is enabled and encryption type is set to WEP,
the driver should get the default key index from mac80211.Signed-off-by: Yoni Divinsky
[cleanups, fixes, documentation]
Signed-off-by: Johannes Berg
19 Nov, 2012
2 commits
-
Introduce IEEE80211_NUM_TIDS in the generic 802.11
header file and use it in place of STA_TID_NUM and
NUM_RX_DATA_QUEUES which are both really the number
of TIDs.Signed-off-by: Johannes Berg
-
Instead of hardcoding its value (6), use the constant.
Signed-off-by: Johannes Berg
06 Sep, 2012
1 commit
-
__ieee80211_key_destroy() calls synchronize_rcu() in
order to sync the tx path before destroying the key.However, synching the tx path can be done with
synchronize_net() as well, which is usually faster
(the timing might be important for roaming scenarios).Signed-off-by: Eliad Peller
Signed-off-by: Johannes Berg
09 Jul, 2012
1 commit
-
This API call was intended to be used by drivers
if they want to optimize key handling by removing
one key when another is added. Remove it since no
driver is using it. If needed, it can always be
added back.Signed-off-by: Johannes Berg
24 Jun, 2012
1 commit
-
There are a few things that make the logging and
debugging in mac80211 less useful than it should
be right now:
* a lot of messages should be pr_info, not pr_debug
* wholesale use of pr_debug makes it require *both*
Kconfig and dynamic configuration
* there are still a lot of ifdefs
* the style is very inconsistent, sometimes the
sdata->name is printed in frontClean up everything, introducing new macros and
separating out the station MLME debugging into
a new Kconfig symbol.Signed-off-by: Johannes Berg
28 Feb, 2012
1 commit
-
Some files implicitly get this via mesh.h
which itself doesn't need it, so move the
inclusion into the right files. Some other
files don't need it at all but include it,
so remove it from there.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
07 Feb, 2012
2 commits
-
If a station couldn't be uploaded to the driver but
is still kept (only in IBSS mode) we still shouldn't
try to program the keys for it into hardware; fix
this bug by skipping the key upload in this case.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville -
Setting keys and updating TKIP keys must use the
BSS sdata (not AP_VLAN), so we translate. Move
the translation into driver-ops wrappers instead
of having it inline in the code to simplify the
normal code flow.The same can be done for sta_add/remove which
already does the translation in the wrapper.Signed-off-by: Johannes Berg
Signed-off-by: John W. Linville
18 Nov, 2011
1 commit
-
…wireless-next into for-davem
Conflicts:
include/net/bluetooth/bluetooth.h
09 Nov, 2011
1 commit
-
Some cards can generate CCMP IVs in HW, but require the space for the IV
to be pre-allocated in the frame at the correct offset. Add a key flag
that allows us to achieve this.Signed-off-by: Arik Nemtsov
Signed-off-by: John W. Linville
01 Nov, 2011
1 commit
-
These files are non modular, but need to export symbols using
the macros now living in export.h -- call out the include so
that things won't break when we remove the implicit presence
of module.h from everywhere.Signed-off-by: Paul Gortmaker
