From fa7e1fbcb52cc9efab394526a566d80fb31529bb Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 22 Jan 2015 18:44:19 +0100 Subject: mac80211: allow drivers to control software crypto Some drivers unfortunately cannot support software crypto, but mac80211 currently assumes that they do. This has the issue that if the hardware enabling fails for some reason, the software fallback is used, which won't work. This clearly isn't desirable, the error should be reported and the key setting refused. Support this in mac80211 by allowing drivers to set a new HW flag IEEE80211_HW_SW_CRYPTO_CONTROL, in which case mac80211 will only allow software fallback if the set_key() method returns 1. The driver will also need to advertise supported cipher suites so that mac80211 doesn't advertise any (future) software ciphers that the driver can't actually do. While at it, to make it easier to support this, refactor the ieee80211_init_cipher_suites() code. Signed-off-by: Johannes Berg --- include/net/mac80211.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'include/net') diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 275ee56152ad..33b87c50a4cf 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -1634,6 +1634,12 @@ struct ieee80211_tx_control { * be created. It is expected user-space will create vifs as * desired (and thus have them named as desired). * + * @IEEE80211_HW_SW_CRYPTO_CONTROL: The driver wants to control which of the + * crypto algorithms can be done in software - so don't automatically + * try to fall back to it if hardware crypto fails, but do so only if + * the driver returns 1. This also forces the driver to advertise its + * supported cipher suites. + * * @IEEE80211_HW_QUEUE_CONTROL: The driver wants to control per-interface * queue mapping in order to use different queues (not just one per AC) * for different virtual interfaces. See the doc section on HW queue @@ -1681,6 +1687,7 @@ enum ieee80211_hw_flags { IEEE80211_HW_MFP_CAPABLE = 1<<13, IEEE80211_HW_WANT_MONITOR_VIF = 1<<14, IEEE80211_HW_NO_AUTO_VIF = 1<<15, + IEEE80211_HW_SW_CRYPTO_CONTROL = 1<<16, /* free slots */ IEEE80211_HW_REPORTS_TX_ACK_STATUS = 1<<18, IEEE80211_HW_CONNECTION_MONITOR = 1<<19, @@ -1955,6 +1962,11 @@ void ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb); * added; if you return 0 then hw_key_idx must be assigned to the * hardware key index, you are free to use the full u8 range. * + * Note that in the case that the @IEEE80211_HW_SW_CRYPTO_CONTROL flag is + * set, mac80211 will not automatically fall back to software crypto if + * enabling hardware crypto failed. The set_key() call may also return the + * value 1 to permit this specific key/algorithm to be done in software. + * * When the cmd is %DISABLE_KEY then it must succeed. * * Note that it is permissible to not decrypt a frame even if a key -- cgit From db82d8a966ded064bd4cf0e1fcca13442f50d0ae Mon Sep 17 00:00:00 2001 From: Lorenzo Bianconi Date: Wed, 14 Jan 2015 12:55:08 +0100 Subject: mac80211: enable TPC through mac80211 stack Control per packet Transmit Power Control (TPC) in lower drivers according to TX power settings configured by the user. In particular TPC is enabled if value passed in enum nl80211_tx_power_setting is NL80211_TX_POWER_LIMITED (allow using less than specified from userspace), whereas TPC is disabled if nl80211_tx_power_setting is set to NL80211_TX_POWER_FIXED (use value configured from userspace) Signed-off-by: Lorenzo Bianconi Signed-off-by: Johannes Berg --- include/net/mac80211.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include/net') diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 33b87c50a4cf..866073e27ea2 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -376,6 +376,12 @@ enum ieee80211_rssi_event { * @ssid_len: Length of SSID given in @ssid. * @hidden_ssid: The SSID of the current vif is hidden. Only valid in AP-mode. * @txpower: TX power in dBm + * @txpower_type: TX power adjustment used to control per packet Transmit + * Power Control (TPC) in lower driver for the current vif. In particular + * TPC is enabled if value passed in %txpower_type is + * NL80211_TX_POWER_LIMITED (allow using less than specified from + * userspace), whereas TPC is disabled if %txpower_type is set to + * NL80211_TX_POWER_FIXED (use value configured from userspace) * @p2p_noa_attr: P2P NoA attribute for P2P powersave */ struct ieee80211_bss_conf { @@ -411,6 +417,7 @@ struct ieee80211_bss_conf { size_t ssid_len; bool hidden_ssid; int txpower; + enum nl80211_tx_power_setting txpower_type; struct ieee80211_p2p_noa_attr p2p_noa_attr; }; -- cgit From 9c74893441d3cf4b258a82b19cbf6bfd2ed6e549 Mon Sep 17 00:00:00 2001 From: Luciano Coelho Date: Fri, 16 Jan 2015 16:04:09 +0200 Subject: nl80211: add an attribute to allow delaying the first scheduled scan cycle The userspace may want to delay the the first scheduled scan or net-detect cycle. Add an optional attribute to the scheduled scan configuration to pass the delay to be (optionally) used by the driver. Signed-off-by: Luciano Coelho [add the attribute to the policy to validate it] Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include/net') diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 7b44ba0a7632..64e09e1e8099 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -1493,6 +1493,10 @@ struct cfg80211_match_set { * @rcu_head: RCU callback used to free the struct * @owner_nlportid: netlink portid of owner (if this should is a request * owned by a particular socket) + * @delay: delay in seconds to use before starting the first scan + * cycle. The driver may ignore this parameter and start + * immediately (or at any other time), if this feature is not + * supported. */ struct cfg80211_sched_scan_request { struct cfg80211_ssid *ssids; @@ -1506,6 +1510,7 @@ struct cfg80211_sched_scan_request { struct cfg80211_match_set *match_sets; int n_match_sets; s32 min_rssi_thold; + u32 delay; u8 mac_addr[ETH_ALEN] __aligned(2); u8 mac_addr_mask[ETH_ALEN] __aligned(2); -- cgit From 00b9cfa3ff38401bd70c34b250ca13e5ea347b4a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 24 Jan 2015 19:52:06 +0200 Subject: mac80111: Add GCMP and GCMP-256 ciphers This allows mac80211 to configure GCMP and GCMP-256 to the driver and also use software-implementation within mac80211 when the driver does not support this with hardware accelaration. Signed-off-by: Jouni Malinen [remove a spurious newline] Signed-off-by: Johannes Berg --- include/net/mac80211.h | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'include/net') diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 866073e27ea2..ae6638436112 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -1294,8 +1294,8 @@ struct ieee80211_vif *wdev_to_ieee80211_vif(struct wireless_dev *wdev); * @IEEE80211_KEY_FLAG_PAIRWISE: Set by mac80211, this flag indicates * that the key is pairwise rather then a shared key. * @IEEE80211_KEY_FLAG_SW_MGMT_TX: This flag should be set by the driver for a - * CCMP key if it requires CCMP encryption of management frames (MFP) to - * be done in software. + * CCMP/GCMP key if it requires CCMP/GCMP encryption of management frames + * (MFP) to be done in software. * @IEEE80211_KEY_FLAG_PUT_IV_SPACE: This flag should be set by the driver * if space should be prepared for the IV, but the IV * itself should not be generated. Do not set together with @@ -1310,7 +1310,7 @@ struct ieee80211_vif *wdev_to_ieee80211_vif(struct wireless_dev *wdev); * RX, if your crypto engine can't deal with TX you can also set the * %IEEE80211_KEY_FLAG_SW_MGMT_TX flag to encrypt such frames in SW. * @IEEE80211_KEY_FLAG_GENERATE_IV_MGMT: This flag should be set by the - * driver for a CCMP key to indicate that is requires IV generation + * driver for a CCMP/GCMP key to indicate that is requires IV generation * only for managment frames (MFP). * @IEEE80211_KEY_FLAG_RESERVE_TAILROOM: This flag should be set by the * driver for a key to indicate that sufficient tailroom must always @@ -4098,6 +4098,8 @@ void ieee80211_aes_cmac_calculate_k1_k2(struct ieee80211_key_conf *keyconf, * reverse order than in packet) * @aes_cmac: PN data, most significant byte first (big endian, * reverse order than in packet) + * @gcmp: PN data, most significant byte first (big endian, + * reverse order than in packet) */ struct ieee80211_key_seq { union { @@ -4111,6 +4113,9 @@ struct ieee80211_key_seq { struct { u8 pn[6]; } aes_cmac; + struct { + u8 pn[6]; + } gcmp; }; }; @@ -4135,7 +4140,7 @@ void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf, * ieee80211_get_key_rx_seq - get key RX sequence counter * * @keyconf: the parameter passed with the set key - * @tid: The TID, or -1 for the management frame value (CCMP only); + * @tid: The TID, or -1 for the management frame value (CCMP/GCMP only); * the value on TID 0 is also used for non-QoS frames. For * CMAC, only TID 0 is valid. * @seq: buffer to receive the sequence data @@ -4171,7 +4176,7 @@ void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf, * ieee80211_set_key_rx_seq - set key RX sequence counter * * @keyconf: the parameter passed with the set key - * @tid: The TID, or -1 for the management frame value (CCMP only); + * @tid: The TID, or -1 for the management frame value (CCMP/GCMP only); * the value on TID 0 is also used for non-QoS frames. For * CMAC, only TID 0 is valid. * @seq: new sequence data -- cgit From 8ade538bf39b1ee53418528fdacd36b8e65621b9 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sat, 24 Jan 2015 19:52:09 +0200 Subject: mac80111: Add BIP-GMAC-128 and BIP-GMAC-256 ciphers This allows mac80211 to configure BIP-GMAC-128 and BIP-GMAC-256 to the driver and also use software-implementation within mac80211 when the driver does not support this with hardware accelaration. Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg --- include/net/mac80211.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include/net') diff --git a/include/net/mac80211.h b/include/net/mac80211.h index ae6638436112..d52914b75331 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -4098,6 +4098,8 @@ void ieee80211_aes_cmac_calculate_k1_k2(struct ieee80211_key_conf *keyconf, * reverse order than in packet) * @aes_cmac: PN data, most significant byte first (big endian, * reverse order than in packet) + * @aes_gmac: PN data, most significant byte first (big endian, + * reverse order than in packet) * @gcmp: PN data, most significant byte first (big endian, * reverse order than in packet) */ @@ -4113,6 +4115,9 @@ struct ieee80211_key_seq { struct { u8 pn[6]; } aes_cmac; + struct { + u8 pn[6]; + } aes_gmac; struct { u8 pn[6]; } gcmp; -- cgit