From 96fc6efb9ad9d0cd8cbb4462f0eb2a07092649e6 Mon Sep 17 00:00:00 2001 From: Alexander Wetzel Date: Tue, 19 Mar 2019 21:34:08 +0100 Subject: mac80211: IEEE 802.11 Extended Key ID support Add support for Extended Key ID as defined in IEEE 802.11-2016. - Implement the nl80211 API for Extended Key ID - Extend mac80211 API to allow drivers to support Extended Key ID - Enable Extended Key ID by default for drivers only supporting SW crypto (e.g. mac80211_hwsim) - Allow unicast Tx usage to be supressed (IEEE80211_KEY_FLAG_NO_AUTO_TX) - Select the decryption key based on the MPDU keyid - Enforce existing assumptions in the code that rekeys don't change the cipher Signed-off-by: Alexander Wetzel [remove module parameter] Signed-off-by: Johannes Berg --- net/mac80211/main.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'net/mac80211/main.c') diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 800e67615e2a..5d6b93050c0b 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -1051,6 +1051,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) } } + if (!local->ops->set_key || + ieee80211_hw_check(&local->hw, EXT_KEY_ID_NATIVE)) + wiphy_ext_feature_set(local->hw.wiphy, + NL80211_EXT_FEATURE_EXT_KEY_ID); + /* * Calculate scan IE length -- we need this to alloc * memory and to subtract from the driver limit. It -- cgit v1.2.3 From 622fce81280aadb277dd3fc55c676b4bdc3e0527 Mon Sep 17 00:00:00 2001 From: Alexander Wetzel Date: Mon, 22 Apr 2019 23:34:11 +0200 Subject: mac80211: Fix Extended Key ID auto activation Only enable Extended Key ID support for drivers which are not supporting crypto offload and also do not support A-MPDU. While any driver using SW crypto from mac80211 is generally able to also support Extended Key ID these drivers are likely to mix keyIDs in AMPDUs when rekeying. According to IEEE 802.11-2016 "9.7.3 A-MPDU contents" this is not allowed. Signed-off-by: Alexander Wetzel [reword comment a bit, move ! into logic expression] Signed-off-by: Johannes Berg --- net/mac80211/main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'net/mac80211/main.c') diff --git a/net/mac80211/main.c b/net/mac80211/main.c index 5d6b93050c0b..e56650a9838e 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -1051,7 +1051,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) } } - if (!local->ops->set_key || + /* Enable Extended Key IDs when driver allowed it, or when it + * supports neither HW crypto nor A-MPDUs + */ + if ((!local->ops->set_key && + !ieee80211_hw_check(hw, AMPDU_AGGREGATION)) || ieee80211_hw_check(&local->hw, EXT_KEY_ID_NATIVE)) wiphy_ext_feature_set(local->hw.wiphy, NL80211_EXT_FEATURE_EXT_KEY_ID); -- cgit v1.2.3 From 387bc002250b31cf8012b736e482c9f65cbf7dd5 Mon Sep 17 00:00:00 2001 From: Alexander Wetzel Date: Wed, 24 Apr 2019 19:32:46 +0200 Subject: mac80211: Set CAN_REPLACE_PTK0 for SW crypto only drivers Mac80211 SW crypto handles replacing PTK keys correctly. Don't trigger needless warnings or workarounds when the driver can only use the known good SW crypto provided by mac80211. Signed-off-by: Alexander Wetzel Signed-off-by: Johannes Berg --- net/mac80211/main.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'net/mac80211/main.c') diff --git a/net/mac80211/main.c b/net/mac80211/main.c index e56650a9838e..2b608044ae23 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -1060,6 +1060,13 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) wiphy_ext_feature_set(local->hw.wiphy, NL80211_EXT_FEATURE_EXT_KEY_ID); + /* Mac80211 and therefore all cards only using SW crypto are able to + * handle PTK rekeys correctly + */ + if (!local->ops->set_key) + wiphy_ext_feature_set(local->hw.wiphy, + NL80211_EXT_FEATURE_CAN_REPLACE_PTK0); + /* * Calculate scan IE length -- we need this to alloc * memory and to subtract from the driver limit. It -- cgit v1.2.3