nl80211: Extended Key ID support

[thirdparty/hostap.git] / src / drivers / driver_nl80211.c

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 2e61eb7e1116a1493ed6d21fb5013b21457f2555..ba8d079b28790217acb865d614524c405dea2d26 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -2883,7 +2883,6 @@ static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len)
        case WPA_ALG_KRK:
                return RSN_CIPHER_SUITE_KRK;
        case WPA_ALG_NONE:
-       case WPA_ALG_PMK:
                wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d",
                           alg);
                return 0;
@@ -3055,7 +3054,7 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
        struct nl_msg *msg;
        struct nl_msg *key_msg;
        int ret;
-       int tdls = 0;
+       int skip_set_key = 1;
        const char *ifname = params->ifname;
        enum wpa_alg alg = params->alg;
        const u8 *addr = params->addr;
@@ -3066,6 +3065,7 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
        const u8 *key = params->key;
        size_t key_len = params->key_len;
        int vlan_id = params->vlan_id;
+       enum key_flag key_flag = params->key_flag;
 
        /* Ignore for P2P Device */
        if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
@@ -3073,18 +3073,17 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
 
        ifindex = if_nametoindex(ifname);
        wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d "
-                  "set_tx=%d seq_len=%lu key_len=%lu",
+                  "set_tx=%d seq_len=%lu key_len=%lu key_flag=0x%x",
                   __func__, ifindex, ifname, alg, addr, key_idx, set_tx,
-                  (unsigned long) seq_len, (unsigned long) key_len);
-#ifdef CONFIG_TDLS
-       if (key_idx == -1) {
-               key_idx = 0;
-               tdls = 1;
+                  (unsigned long) seq_len, (unsigned long) key_len, key_flag);
+
+       if (check_key_flag(key_flag)) {
+               wpa_printf(MSG_DEBUG, "%s: invalid key_flag", __func__);
+               return -EINVAL;
        }
-#endif /* CONFIG_TDLS */
 
 #ifdef CONFIG_DRIVER_NL80211_QCA
-       if (alg == WPA_ALG_PMK &&
+       if ((key_flag & KEY_FLAG_PMK) &&
            (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
                wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
                           __func__);
@@ -3093,16 +3092,30 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
        }
 #endif /* CONFIG_DRIVER_NL80211_QCA */
 
-       if (alg == WPA_ALG_PMK &&
-           (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))
-               return nl80211_set_pmk(drv, key, key_len, addr);
+       if (key_flag & KEY_FLAG_PMK) {
+               if (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)
+                       return nl80211_set_pmk(drv, key, key_len, addr);
+               /* The driver does not have any offload mechanism for PMK, so
+                * there is no need to configure this key. */
+               return 0;
+       }
 
        ret = -ENOBUFS;
        key_msg = nlmsg_alloc();
        if (!key_msg)
                return ret;
 
-       if (alg == WPA_ALG_NONE) {
+       if ((key_flag & KEY_FLAG_PAIRWISE_MASK) ==
+           KEY_FLAG_PAIRWISE_RX_TX_MODIFY) {
+               msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
+               if (!msg)
+                       goto fail2;
+       } else if (alg == WPA_ALG_NONE && (key_flag & KEY_FLAG_RX_TX)) {
+               wpa_printf(MSG_DEBUG, "%s: invalid key_flag to delete key",
+                          __func__);
+               ret = -EINVAL;
+               goto fail2;
+       } else if (alg == WPA_ALG_NONE) {
                msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
                if (!msg)
                        goto fail2;
@@ -3135,22 +3148,42 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
                if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
                        goto fail;
 
-               if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
+               if ((key_flag & KEY_FLAG_PAIRWISE_MASK) ==
+                   KEY_FLAG_PAIRWISE_RX ||
+                   (key_flag & KEY_FLAG_PAIRWISE_MASK) ==
+                   KEY_FLAG_PAIRWISE_RX_TX_MODIFY) {
+                       if (nla_put_u8(key_msg, NL80211_KEY_MODE,
+                                      key_flag == KEY_FLAG_PAIRWISE_RX ?
+                                      NL80211_KEY_NO_TX : NL80211_KEY_SET_TX))
+                               goto fail;
+               } else if ((key_flag & KEY_FLAG_GROUP_MASK) ==
+                          KEY_FLAG_GROUP_RX) {
                        wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
                        if (nla_put_u32(key_msg, NL80211_KEY_TYPE,
                                        NL80211_KEYTYPE_GROUP))
                                goto fail;
+               } else if (!(key_flag & KEY_FLAG_PAIRWISE)) {
+                       wpa_printf(MSG_DEBUG,
+                                  "   key_flag missing PAIRWISE when setting a pairwise key");
+                       ret = -EINVAL;
+                       goto fail;
+               } else if (alg == WPA_ALG_WEP &&
+                          (key_flag & KEY_FLAG_RX_TX) == KEY_FLAG_RX_TX) {
+                       wpa_printf(MSG_DEBUG, "   unicast WEP key");
+                       skip_set_key = 0;
+               } else {
+                       wpa_printf(MSG_DEBUG, "   pairwise key");
                }
-       } else if (addr && is_broadcast_ether_addr(addr)) {
-               struct nlattr *types;
-
+       } else if ((key_flag & KEY_FLAG_PAIRWISE) ||
+                  !(key_flag & KEY_FLAG_GROUP)) {
+               wpa_printf(MSG_DEBUG,
+                          "   invalid key_flag for a broadcast key");
+               ret = -EINVAL;
+               goto fail;
+       } else {
                wpa_printf(MSG_DEBUG, "   broadcast key");
-
-               types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
-               if (!types ||
-                   nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
-                       goto fail;
-               nla_nest_end(key_msg, types);
+               if (key_flag & KEY_FLAG_DEFAULT)
+                       skip_set_key = 0;
        }
        if (nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
            nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
@@ -3173,14 +3206,12 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
                           ret, strerror(-ret));
 
        /*
-        * If we failed or don't need to set the default TX key (below),
+        * If we failed or don't need to set the key as default (below),
         * we're done here.
         */
-       if (ret || !set_tx || alg == WPA_ALG_NONE || tdls)
-               return ret;
-       if (is_ap_interface(drv->nlmode) && addr &&
-           !is_broadcast_ether_addr(addr))
+       if (ret || skip_set_key)
                return ret;
+       wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_SET_KEY - default key");
 
        ret = -ENOBUFS;
        key_msg = nlmsg_alloc();
@@ -3233,8 +3264,6 @@ static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
        }
 
        ret = send_and_recv_msgs(drv, msg, NULL, NULL);
-       if (ret == -ENOENT)
-               ret = 0;
        if (ret)
                wpa_printf(MSG_DEBUG,
                           "nl80211: set_key default failed; err=%d %s",
@@ -3743,7 +3772,7 @@ static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
 
        mgmt = (struct ieee80211_mgmt *) data;
        fc = le_to_host16(mgmt->frame_control);
-       wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da= " MACSTR
+       wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da=" MACSTR
                   " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u no_encrypt=%d fc=0x%x (%s) nlmode=%d",
                   MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time,
                   no_encrypt, fc, fc2str(fc), drv->nlmode);
@@ -5204,7 +5233,7 @@ static int nl80211_tx_control_port(void *priv, const u8 *dest,
        if (ret)
                wpa_printf(MSG_DEBUG,
                           "nl80211: tx_control_port failed: ret=%d (%s)",
-                          ret, strerror(ret));
+                          ret, strerror(-ret));
 
        return ret;
 }
@@ -5298,9 +5327,9 @@ static int wpa_driver_nl80211_hapd_send_eapol(
 
        res = nl80211_send_monitor(drv, hdr, len, encrypt, 0);
        if (res < 0) {
-               wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
-                          "failed: %d (%s)",
-                          (unsigned long) len, res, strerror(res));
+               wpa_printf(MSG_ERROR,
+                          "hapd_send_eapol - packet len: %lu - failed",
+                          (unsigned long) len);
        }
        os_free(hdr);