mac80211: add APIs to allow keeping connections after WoWLAN

In order to be able to (securely) keep connections alive after the system was suspended for WoWLAN, we need some additional APIs. We already have API (ieee80211_gtk_rekey_notify) to tell wpa_supplicant about the new replay counter if GTK rekeying was done by the device while the host was asleep, but that's not sufficient. If GTK rekeying wasn't done, we need to tell the host about sequence counters for the GTK (and PTK regardless of rekeying) that was used while asleep, add ieee80211_set_key_rx_seq() for that. If GTK rekeying was done, then we need to be able to disable the old keys (with ieee80211_remove_key()) and allocate the new GTK key(s) in mac80211 (with ieee80211_gtk_rekey_add()). If protocol offload (e.g. ARP) is implemented, then also the TX sequence counter for the PTK must be updated, using the new ieee80211_set_key_tx_seq() function. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2013-08-07 14:11:55 -0400
committer: Johannes Berg <johannes.berg@intel.com> 2013-08-16 06:58:43 -0400
commit: 27b3eb9c06a7193bdc9800cd00764a130343bc8a (patch)
tree: d73ca7dfb8ccc2e967f4acf603c5bd52ca641db5 /include/net
parent: d51b70ff5122d31e27733ba03c3afd62bb86bd63 (diff)
1 files changed, 83 insertions, 0 deletions
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index df93c77c97ab..e3e303778936 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -3688,6 +3688,89 @@ void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
                              int tid, struct ieee80211_key_seq *seq);
 /**
+ * ieee80211_set_key_tx_seq - set key TX sequence counter
+ *
+ * @keyconf: the parameter passed with the set key
+ * @seq: new sequence data
+ *
+ * This function allows a driver to set the current TX IV/PNs for the
+ * given key. This is useful when resuming from WoWLAN sleep and the
+ * device may have transmitted frames using the PTK, e.g. replies to
+ * ARP requests.
+ *
+ * Note that this function may only be called when no TX processing
+ * can be done concurrently.
+ */
+void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf,
+                              struct ieee80211_key_seq *seq);
+/**
+ * ieee80211_set_key_rx_seq - set key RX sequence counter
+ *
+ * @keyconf: the parameter passed with the set key
+ * @tid: The TID, or -1 for the management frame value (CCMP only);
+ *      the value on TID 0 is also used for non-QoS frames. For
+ *      CMAC, only TID 0 is valid.
+ * @seq: new sequence data
+ *
+ * This function allows a driver to set the current RX IV/PNs for the
+ * given key. This is useful when resuming from WoWLAN sleep and GTK
+ * rekey may have been done while suspended. It should not be called
+ * if IV checking is done by the device and not by mac80211.
+ *
+ * Note that this function may only be called when no RX processing
+ * can be done concurrently.
+ */
+void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
+                              int tid, struct ieee80211_key_seq *seq);
+/**
+ * ieee80211_remove_key - remove the given key
+ * @keyconf: the parameter passed with the set key
+ *
+ * Remove the given key. If the key was uploaded to the hardware at the
+ * time this function is called, it is not deleted in the hardware but
+ * instead assumed to have been removed already.
+ *
+ * Note that due to locking considerations this function can (currently)
+ * only be called during key iteration (ieee80211_iter_keys().)
+ */
+void ieee80211_remove_key(struct ieee80211_key_conf *keyconf);
+/**
+ * ieee80211_gtk_rekey_add - add a GTK key from rekeying during WoWLAN
+ * @vif: the virtual interface to add the key on
+ * @keyconf: new key data
+ *
+ * When GTK rekeying was done while the system was suspended, (a) new
+ * key(s) will be available. These will be needed by mac80211 for proper
+ * RX processing, so this function allows setting them.
+ *
+ * The function returns the newly allocated key structure, which will
+ * have similar contents to the passed key configuration but point to
+ * mac80211-owned memory. In case of errors, the function returns an
+ * ERR_PTR(), use IS_ERR() etc.
+ *
+ * Note that this function assumes the key isn't added to hardware
+ * acceleration, so no TX will be done with the key. Since it's a GTK
+ * on managed (station) networks, this is true anyway. If the driver
+ * calls this function from the resume callback and subsequently uses
+ * the return code 1 to reconfigure the device, this key will be part
+ * of the reconfiguration.
+ *
+ * Note that the driver should also call ieee80211_set_key_rx_seq()
+ * for the new key for each TID to set up sequence counters properly.
+ *
+ * IMPORTANT: If this replaces a key that is present in the hardware,
+ * then it will attempt to remove it during this call. In many cases
+ * this isn't what you want, so call ieee80211_remove_key() first for
+ * the key that's being replaced.
+ */
+struct ieee80211_key_conf *
+ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
+                        struct ieee80211_key_conf *keyconf);
+/**
 * ieee80211_gtk_rekey_notify - notify userspace supplicant of rekeying
 * @vif: virtual interface the rekeying was done on
 * @bssid: The BSSID of the AP, for checking association
author	Johannes Berg <johannes.berg@intel.com>	2013-08-07 14:11:55 -0400
committer	Johannes Berg <johannes.berg@intel.com>	2013-08-16 06:58:43 -0400
commit	27b3eb9c06a7193bdc9800cd00764a130343bc8a (patch)
tree	d73ca7dfb8ccc2e967f4acf603c5bd52ca641db5 /include/net
parent	d51b70ff5122d31e27733ba03c3afd62bb86bd63 (diff)

diff --git a/include/net/mac80211.h b/include/net/mac80211.h index df93c77c97ab..e3e303778936 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h
@@ -3688,6 +3688,89 @@ void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf,
3688	int tid, struct ieee80211_key_seq *seq);	3688	int tid, struct ieee80211_key_seq *seq);
3689		3689
3690	/**	3690	/**
		3691	* ieee80211_set_key_tx_seq - set key TX sequence counter
		3692	*
		3693	* @keyconf: the parameter passed with the set key
		3694	* @seq: new sequence data
		3695	*
		3696	* This function allows a driver to set the current TX IV/PNs for the
		3697	* given key. This is useful when resuming from WoWLAN sleep and the
		3698	* device may have transmitted frames using the PTK, e.g. replies to
		3699	* ARP requests.
		3700	*
		3701	* Note that this function may only be called when no TX processing
		3702	* can be done concurrently.
		3703	*/
		3704	void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf,
		3705	struct ieee80211_key_seq *seq);
		3706
		3707	/**
		3708	* ieee80211_set_key_rx_seq - set key RX sequence counter
		3709	*
		3710	* @keyconf: the parameter passed with the set key
		3711	* @tid: The TID, or -1 for the management frame value (CCMP only);
		3712	* the value on TID 0 is also used for non-QoS frames. For
		3713	* CMAC, only TID 0 is valid.
		3714	* @seq: new sequence data
		3715	*
		3716	* This function allows a driver to set the current RX IV/PNs for the
		3717	* given key. This is useful when resuming from WoWLAN sleep and GTK
		3718	* rekey may have been done while suspended. It should not be called
		3719	* if IV checking is done by the device and not by mac80211.
		3720	*
		3721	* Note that this function may only be called when no RX processing
		3722	* can be done concurrently.
		3723	*/
		3724	void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
		3725	int tid, struct ieee80211_key_seq *seq);
		3726
		3727	/**
		3728	* ieee80211_remove_key - remove the given key
		3729	* @keyconf: the parameter passed with the set key
		3730	*
		3731	* Remove the given key. If the key was uploaded to the hardware at the
		3732	* time this function is called, it is not deleted in the hardware but
		3733	* instead assumed to have been removed already.
		3734	*
		3735	* Note that due to locking considerations this function can (currently)
		3736	* only be called during key iteration (ieee80211_iter_keys().)
		3737	*/
		3738	void ieee80211_remove_key(struct ieee80211_key_conf *keyconf);
		3739
		3740	/**
		3741	* ieee80211_gtk_rekey_add - add a GTK key from rekeying during WoWLAN
		3742	* @vif: the virtual interface to add the key on
		3743	* @keyconf: new key data
		3744	*
		3745	* When GTK rekeying was done while the system was suspended, (a) new
		3746	* key(s) will be available. These will be needed by mac80211 for proper
		3747	* RX processing, so this function allows setting them.
		3748	*
		3749	* The function returns the newly allocated key structure, which will
		3750	* have similar contents to the passed key configuration but point to
		3751	* mac80211-owned memory. In case of errors, the function returns an
		3752	* ERR_PTR(), use IS_ERR() etc.
		3753	*
		3754	* Note that this function assumes the key isn't added to hardware
		3755	* acceleration, so no TX will be done with the key. Since it's a GTK
		3756	* on managed (station) networks, this is true anyway. If the driver
		3757	* calls this function from the resume callback and subsequently uses
		3758	* the return code 1 to reconfigure the device, this key will be part
		3759	* of the reconfiguration.
		3760	*
		3761	* Note that the driver should also call ieee80211_set_key_rx_seq()
		3762	* for the new key for each TID to set up sequence counters properly.
		3763	*
		3764	* IMPORTANT: If this replaces a key that is present in the hardware,
		3765	* then it will attempt to remove it during this call. In many cases
		3766	* this isn't what you want, so call ieee80211_remove_key() first for
		3767	* the key that's being replaced.
		3768	*/
		3769	struct ieee80211_key_conf *
		3770	ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
		3771	struct ieee80211_key_conf *keyconf);
		3772
		3773	/**
3691	* ieee80211_gtk_rekey_notify - notify userspace supplicant of rekeying	3774	* ieee80211_gtk_rekey_notify - notify userspace supplicant of rekeying
3692	* @vif: virtual interface the rekeying was done on	3775	* @vif: virtual interface the rekeying was done on
3693	* @bssid: The BSSID of the AP, for checking association	3776	* @bssid: The BSSID of the AP, for checking association