aboutsummaryrefslogtreecommitdiffstats
path: root/package/mac80211/patches/017-nl80211-add-key-mgmt.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/mac80211/patches/017-nl80211-add-key-mgmt.patch')
-rw-r--r--package/mac80211/patches/017-nl80211-add-key-mgmt.patch470
1 files changed, 470 insertions, 0 deletions
diff --git a/package/mac80211/patches/017-nl80211-add-key-mgmt.patch b/package/mac80211/patches/017-nl80211-add-key-mgmt.patch
new file mode 100644
index 0000000000..f5b1d45c15
--- /dev/null
+++ b/package/mac80211/patches/017-nl80211-add-key-mgmt.patch
@@ -0,0 +1,470 @@
+Subject: cfg80211/nl80211: introduce key handling
+
+This introduces key handling to cfg80211/nl80211. Default
+and group keys can be added, changed and removed; sequence
+counters for each key can be retrieved.
+
+Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
+
+---
+ include/linux/nl80211.h | 34 +++++
+ include/net/cfg80211.h | 44 +++++++
+ net/wireless/core.c | 3
+ net/wireless/nl80211.c | 289 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 370 insertions(+)
+
+--- everything.orig/include/linux/nl80211.h 2007-10-30 15:33:43.587381346 +0100
++++ everything/include/linux/nl80211.h 2007-11-07 13:19:37.861516599 +0100
+@@ -37,6 +37,16 @@
+ * userspace to request deletion of a virtual interface, then requires
+ * attribute %NL80211_ATTR_IFINDEX.
+ *
++ * @NL80211_CMD_GET_KEY: Get sequence counter information for a key specified
++ * by %NL80211_ATTR_KEY_IDX and/or %NL80211_ATTR_MAC.
++ * @NL80211_CMD_SET_KEY: Set key attributes %NL80211_ATTR_KEY_DEFAULT or
++ * %NL80211_ATTR_KEY_THRESHOLD.
++ * @NL80211_CMD_NEW_KEY: add a key with given %NL80211_ATTR_KEY_DATA,
++ * %NL80211_ATTR_KEY_IDX, %NL80211_ATTR_MAC and %NL80211_ATTR_KEY_CIPHER
++ * attributes.
++ * @NL80211_CMD_DEL_KEY: delete a key identified by %NL80211_ATTR_KEY_IDX
++ * or %NL80211_ATTR_MAC.
++ *
+ * @NL80211_CMD_MAX: highest used command number
+ * @__NL80211_CMD_AFTER_LAST: internal use
+ */
+@@ -54,6 +64,11 @@ enum nl80211_commands {
+ NL80211_CMD_NEW_INTERFACE,
+ NL80211_CMD_DEL_INTERFACE,
+
++ NL80211_CMD_GET_KEY,
++ NL80211_CMD_SET_KEY,
++ NL80211_CMD_NEW_KEY,
++ NL80211_CMD_DEL_KEY,
++
+ /* add commands here */
+
+ /* used to define NL80211_CMD_MAX below */
+@@ -75,6 +90,17 @@ enum nl80211_commands {
+ * @NL80211_ATTR_IFNAME: network interface name
+ * @NL80211_ATTR_IFTYPE: type of virtual interface, see &enum nl80211_iftype
+ *
++ * @NL80211_ATTR_MAC: MAC address (various uses)
++ *
++ * @NL80211_ATTR_KEY_DATA: (temporal) key data; for TKIP this consists of
++ * 16 bytes encryption key followed by 8 bytes each for TX and RX MIC
++ * keys
++ * @NL80211_ATTR_KEY_IDX: key ID (u8, 0-3)
++ * @NL80211_ATTR_KEY_CIPHER: key cipher suite (u32, as defined by IEEE 802.11
++ * section 7.3.2.25.1, e.g. 0x000FAC04)
++ * @NL80211_ATTR_KEY_SEQ: transmit key sequence number (IV/PN) for TKIP and
++ * CCMP keys, each six bytes in little endian
++ *
+ * @NL80211_ATTR_MAX: highest attribute number currently defined
+ * @__NL80211_ATTR_AFTER_LAST: internal use
+ */
+@@ -89,6 +115,14 @@ enum nl80211_attrs {
+ NL80211_ATTR_IFNAME,
+ NL80211_ATTR_IFTYPE,
+
++ NL80211_ATTR_MAC,
++
++ NL80211_ATTR_KEY_DATA,
++ NL80211_ATTR_KEY_IDX,
++ NL80211_ATTR_KEY_CIPHER,
++ NL80211_ATTR_KEY_SEQ,
++ NL80211_ATTR_KEY_DEFAULT,
++
+ /* add attributes here, update the policy in nl80211.c */
+
+ __NL80211_ATTR_AFTER_LAST,
+--- everything.orig/net/wireless/nl80211.c 2007-10-30 15:33:43.637380153 +0100
++++ everything/net/wireless/nl80211.c 2007-11-07 13:19:38.201511066 +0100
+@@ -61,6 +61,14 @@ static struct nla_policy nl80211_policy[
+ [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
+ [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
+ [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
++
++ [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
++
++ [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
++ .len = WLAN_MAX_KEY_LEN },
++ [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
++ [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
++ [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
+ };
+
+ /* message building helper */
+@@ -335,6 +343,263 @@ static int nl80211_del_interface(struct
+ return err;
+ }
+
++struct get_key_cookie {
++ struct sk_buff *msg;
++ int error;
++};
++
++static void get_key_callback(void *c, struct key_params *params)
++{
++ struct get_key_cookie *cookie = c;
++
++ if (params->key)
++ NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
++ params->key_len, params->key);
++
++ if (params->seq)
++ NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
++ params->seq_len, params->seq);
++
++ if (params->cipher)
++ NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
++ params->cipher);
++
++ return;
++ nla_put_failure:
++ cookie->error = 1;
++}
++
++static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
++{
++ struct cfg80211_registered_device *drv;
++ int err;
++ struct net_device *dev;
++ u8 key_idx = 0;
++ u8 *mac_addr = NULL;
++ struct get_key_cookie cookie = {
++ .error = 0,
++ };
++ void *hdr;
++ struct sk_buff *msg;
++
++ if (info->attrs[NL80211_ATTR_KEY_IDX])
++ key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
++
++ if (key_idx > 3)
++ return -EINVAL;
++
++ if (info->attrs[NL80211_ATTR_MAC])
++ mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++ err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++ if (err)
++ return err;
++
++ if (!drv->ops->get_key) {
++ err = -EOPNOTSUPP;
++ goto out;
++ }
++
++ msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
++ if (!msg) {
++ err = -ENOMEM;
++ goto out;
++ }
++
++ hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
++ NL80211_CMD_NEW_KEY);
++
++ if (IS_ERR(hdr)) {
++ err = PTR_ERR(hdr);
++ goto out;
++ }
++
++ cookie.msg = msg;
++
++ NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
++ NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
++ if (mac_addr)
++ NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
++
++ rtnl_lock();
++ err = drv->ops->get_key(&drv->wiphy, dev, key_idx, mac_addr,
++ &cookie, get_key_callback);
++ rtnl_unlock();
++
++ if (err)
++ goto out;
++
++ if (cookie.error)
++ goto nla_put_failure;
++
++ genlmsg_end(msg, hdr);
++ err = genlmsg_unicast(msg, info->snd_pid);
++ goto out;
++
++ nla_put_failure:
++ err = -ENOBUFS;
++ nlmsg_free(msg);
++ out:
++ cfg80211_put_dev(drv);
++ dev_put(dev);
++ return err;
++}
++
++static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
++{
++ struct cfg80211_registered_device *drv;
++ int err;
++ struct net_device *dev;
++ u8 key_idx;
++
++ if (!info->attrs[NL80211_ATTR_KEY_IDX])
++ return -EINVAL;
++
++ key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
++
++ if (key_idx > 3)
++ return -EINVAL;
++
++ /* currently only support setting default key */
++ if (!info->attrs[NL80211_ATTR_KEY_DEFAULT])
++ return -EINVAL;
++
++ err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++ if (err)
++ return err;
++
++ if (!drv->ops->set_default_key) {
++ err = -EOPNOTSUPP;
++ goto out;
++ }
++
++ rtnl_lock();
++ err = drv->ops->set_default_key(&drv->wiphy, dev, key_idx);
++ rtnl_unlock();
++
++ out:
++ cfg80211_put_dev(drv);
++ dev_put(dev);
++ return err;
++}
++
++static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
++{
++ struct cfg80211_registered_device *drv;
++ int err;
++ struct net_device *dev;
++ struct key_params params;
++ u8 key_idx = 0;
++ u8 *mac_addr = NULL;
++
++ memset(&params, 0, sizeof(params));
++
++ if (!info->attrs[NL80211_ATTR_KEY_CIPHER])
++ return -EINVAL;
++
++ if (info->attrs[NL80211_ATTR_KEY_DATA]) {
++ params.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
++ params.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
++ }
++
++ if (info->attrs[NL80211_ATTR_KEY_IDX])
++ key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
++
++ params.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
++
++ if (info->attrs[NL80211_ATTR_MAC])
++ mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++ if (key_idx > 3)
++ return -EINVAL;
++
++ /*
++ * Disallow pairwise keys with non-zero index unless it's WEP
++ * (because current deployments use pairwise WEP keys with
++ * non-zero indizes but 802.11i clearly specifies to use zero)
++ */
++ if (mac_addr && key_idx &&
++ params.cipher != WLAN_CIPHER_SUITE_WEP40 &&
++ params.cipher != WLAN_CIPHER_SUITE_WEP104)
++ return -EINVAL;
++
++ /* TODO: add definitions for the lengths to linux/ieee80211.h */
++ switch (params.cipher) {
++ case WLAN_CIPHER_SUITE_WEP40:
++ if (params.key_len != 5)
++ return -EINVAL;
++ break;
++ case WLAN_CIPHER_SUITE_TKIP:
++ if (params.key_len != 32)
++ return -EINVAL;
++ break;
++ case WLAN_CIPHER_SUITE_CCMP:
++ if (params.key_len != 16)
++ return -EINVAL;
++ break;
++ case WLAN_CIPHER_SUITE_WEP104:
++ if (params.key_len != 13)
++ return -EINVAL;
++ break;
++ default:
++ return -EINVAL;
++ }
++
++ err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++ if (err)
++ return err;
++
++ if (!drv->ops->add_key) {
++ err = -EOPNOTSUPP;
++ goto out;
++ }
++
++ rtnl_lock();
++ err = drv->ops->add_key(&drv->wiphy, dev, key_idx, mac_addr, &params);
++ rtnl_unlock();
++
++ out:
++ cfg80211_put_dev(drv);
++ dev_put(dev);
++ return err;
++}
++
++static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
++{
++ struct cfg80211_registered_device *drv;
++ int err;
++ struct net_device *dev;
++ u8 key_idx = 0;
++ u8 *mac_addr = NULL;
++
++ if (info->attrs[NL80211_ATTR_KEY_IDX])
++ key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
++
++ if (key_idx > 3)
++ return -EINVAL;
++
++ if (info->attrs[NL80211_ATTR_MAC])
++ mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
++
++ err = get_drv_dev_by_info_ifindex(info, &drv, &dev);
++ if (err)
++ return err;
++
++ if (!drv->ops->del_key) {
++ err = -EOPNOTSUPP;
++ goto out;
++ }
++
++ rtnl_lock();
++ err = drv->ops->del_key(&drv->wiphy, dev, key_idx, mac_addr);
++ rtnl_unlock();
++
++ out:
++ cfg80211_put_dev(drv);
++ dev_put(dev);
++ return err;
++}
++
+ static struct genl_ops nl80211_ops[] = {
+ {
+ .cmd = NL80211_CMD_GET_WIPHY,
+@@ -374,6 +639,30 @@ static struct genl_ops nl80211_ops[] = {
+ .policy = nl80211_policy,
+ .flags = GENL_ADMIN_PERM,
+ },
++ {
++ .cmd = NL80211_CMD_GET_KEY,
++ .doit = nl80211_get_key,
++ .policy = nl80211_policy,
++ .flags = GENL_ADMIN_PERM,
++ },
++ {
++ .cmd = NL80211_CMD_SET_KEY,
++ .doit = nl80211_set_key,
++ .policy = nl80211_policy,
++ .flags = GENL_ADMIN_PERM,
++ },
++ {
++ .cmd = NL80211_CMD_NEW_KEY,
++ .doit = nl80211_new_key,
++ .policy = nl80211_policy,
++ .flags = GENL_ADMIN_PERM,
++ },
++ {
++ .cmd = NL80211_CMD_DEL_KEY,
++ .doit = nl80211_del_key,
++ .policy = nl80211_policy,
++ .flags = GENL_ADMIN_PERM,
++ },
+ };
+
+ /* multicast groups */
+--- everything.orig/net/wireless/core.c 2007-10-30 15:33:43.677380478 +0100
++++ everything/net/wireless/core.c 2007-11-07 13:19:38.221513833 +0100
+@@ -184,6 +184,9 @@ struct wiphy *wiphy_new(struct cfg80211_
+ struct cfg80211_registered_device *drv;
+ int alloc_size;
+
++ WARN_ON(!ops->add_key && ops->del_key);
++ WARN_ON(ops->add_key && !ops->del_key);
++
+ alloc_size = sizeof(*drv) + sizeof_priv;
+
+ drv = kzalloc(alloc_size, GFP_KERNEL);
+--- everything.orig/include/net/cfg80211.h 2007-10-30 15:33:43.617381780 +0100
++++ everything/include/net/cfg80211.h 2007-11-07 13:19:38.231512748 +0100
+@@ -49,6 +49,26 @@ extern int ieee80211_radiotap_iterator_n
+ struct ieee80211_radiotap_iterator *iterator);
+
+
++ /**
++ * struct key_params - key information
++ *
++ * Information about a key
++ *
++ * @key: key material
++ * @key_len: length of key material
++ * @cipher: cipher suite selector
++ * @seq: sequence counter (IV/PN) for TKIP and CCMP keys, only used
++ * with the get_key() callback, must be in little endian,
++ * length given by @seq_len.
++ */
++struct key_params {
++ u8 *key;
++ u8 *seq;
++ int key_len;
++ int seq_len;
++ u32 cipher;
++};
++
+ /* from net/wireless.h */
+ struct wiphy;
+
+@@ -71,6 +91,18 @@ struct wiphy;
+ *
+ * @change_virtual_intf: change type of virtual interface
+ *
++ * @add_key: add a key with the given parameters. @mac_addr will be %NULL
++ * when adding a group key.
++ *
++ * @get_key: get information about the key with the given parameters.
++ * @mac_addr will be %NULL when requesting information for a group
++ * key. All pointers given to the @callback function need not be valid
++ * after it returns.
++ *
++ * @del_key: remove a key given the @mac_addr (%NULL for a group key)
++ * and @key_index
++ *
++ * @set_default_key: set the default key on an interface
+ */
+ struct cfg80211_ops {
+ int (*add_virtual_intf)(struct wiphy *wiphy, char *name,
+@@ -78,6 +110,18 @@ struct cfg80211_ops {
+ int (*del_virtual_intf)(struct wiphy *wiphy, int ifindex);
+ int (*change_virtual_intf)(struct wiphy *wiphy, int ifindex,
+ enum nl80211_iftype type);
++
++ int (*add_key)(struct wiphy *wiphy, struct net_device *netdev,
++ u8 key_index, u8 *mac_addr,
++ struct key_params *params);
++ int (*get_key)(struct wiphy *wiphy, struct net_device *netdev,
++ u8 key_index, u8 *mac_addr, void *cookie,
++ void (*callback)(void *cookie, struct key_params*));
++ int (*del_key)(struct wiphy *wiphy, struct net_device *netdev,
++ u8 key_index, u8 *mac_addr);
++ int (*set_default_key)(struct wiphy *wiphy,
++ struct net_device *netdev,
++ u8 key_index);
+ };
+
+ #endif /* __NET_CFG80211_H */