security.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * Wireless USB Host Controller
  4. * Security support: encryption enablement, etc
  5. *
  6. * Copyright (C) 2006 Intel Corporation
  7. * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
  8. *
  9. * FIXME: docs
  10. */
  11. #include <linux/types.h>
  12. #include <linux/slab.h>
  13. #include <linux/usb/ch9.h>
  14. #include <linux/random.h>
  15. #include <linux/export.h>
  16. #include "wusbhc.h"
  17. #include <asm/unaligned.h>
  18. static void wusbhc_gtk_rekey_work(struct work_struct *work);
  19. int wusbhc_sec_create(struct wusbhc *wusbhc)
  20. {
  21. /*
  22. * WQ is singlethread because we need to serialize rekey operations.
  23. * Use a separate workqueue for security operations instead of the
  24. * wusbd workqueue because security operations may need to communicate
  25. * directly with downstream wireless devices using synchronous URBs.
  26. * If a device is not responding, this could block other host
  27. * controller operations.
  28. */
  29. wusbhc->wq_security = create_singlethread_workqueue("wusbd_security");
  30. if (wusbhc->wq_security == NULL) {
  31. pr_err("WUSB-core: Cannot create wusbd_security workqueue\n");
  32. return -ENOMEM;
  33. }
  34. wusbhc->gtk.descr.bLength = sizeof(wusbhc->gtk.descr) +
  35. sizeof(wusbhc->gtk.data);
  36. wusbhc->gtk.descr.bDescriptorType = USB_DT_KEY;
  37. wusbhc->gtk.descr.bReserved = 0;
  38. wusbhc->gtk_index = 0;
  39. INIT_WORK(&wusbhc->gtk_rekey_work, wusbhc_gtk_rekey_work);
  40. return 0;
  41. }
  42. /* Called when the HC is destroyed */
  43. void wusbhc_sec_destroy(struct wusbhc *wusbhc)
  44. {
  45. destroy_workqueue(wusbhc->wq_security);
  46. }
  47. /**
  48. * wusbhc_next_tkid - generate a new, currently unused, TKID
  49. * @wusbhc: the WUSB host controller
  50. * @wusb_dev: the device whose PTK the TKID is for
  51. * (or NULL for a TKID for a GTK)
  52. *
  53. * The generated TKID consists of two parts: the device's authenticated
  54. * address (or 0 or a GTK); and an incrementing number. This ensures
  55. * that TKIDs cannot be shared between devices and by the time the
  56. * incrementing number wraps around the older TKIDs will no longer be
  57. * in use (a maximum of two keys may be active at any one time).
  58. */
  59. static u32 wusbhc_next_tkid(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
  60. {
  61. u32 *tkid;
  62. u32 addr;
  63. if (wusb_dev == NULL) {
  64. tkid = &wusbhc->gtk_tkid;
  65. addr = 0;
  66. } else {
  67. tkid = &wusb_port_by_idx(wusbhc, wusb_dev->port_idx)->ptk_tkid;
  68. addr = wusb_dev->addr & 0x7f;
  69. }
  70. *tkid = (addr << 8) | ((*tkid + 1) & 0xff);
  71. return *tkid;
  72. }
  73. static void wusbhc_generate_gtk(struct wusbhc *wusbhc)
  74. {
  75. const size_t key_size = sizeof(wusbhc->gtk.data);
  76. u32 tkid;
  77. tkid = wusbhc_next_tkid(wusbhc, NULL);
  78. wusbhc->gtk.descr.tTKID[0] = (tkid >> 0) & 0xff;
  79. wusbhc->gtk.descr.tTKID[1] = (tkid >> 8) & 0xff;
  80. wusbhc->gtk.descr.tTKID[2] = (tkid >> 16) & 0xff;
  81. get_random_bytes(wusbhc->gtk.descr.bKeyData, key_size);
  82. }
  83. /**
  84. * wusbhc_sec_start - start the security management process
  85. * @wusbhc: the WUSB host controller
  86. *
  87. * Generate and set an initial GTK on the host controller.
  88. *
  89. * Called when the HC is started.
  90. */
  91. int wusbhc_sec_start(struct wusbhc *wusbhc)
  92. {
  93. const size_t key_size = sizeof(wusbhc->gtk.data);
  94. int result;
  95. wusbhc_generate_gtk(wusbhc);
  96. result = wusbhc->set_gtk(wusbhc, wusbhc->gtk_tkid,
  97. &wusbhc->gtk.descr.bKeyData, key_size);
  98. if (result < 0)
  99. dev_err(wusbhc->dev, "cannot set GTK for the host: %d\n",
  100. result);
  101. return result;
  102. }
  103. /**
  104. * wusbhc_sec_stop - stop the security management process
  105. * @wusbhc: the WUSB host controller
  106. *
  107. * Wait for any pending GTK rekeys to stop.
  108. */
  109. void wusbhc_sec_stop(struct wusbhc *wusbhc)
  110. {
  111. cancel_work_sync(&wusbhc->gtk_rekey_work);
  112. }
  113. /** @returns encryption type name */
  114. const char *wusb_et_name(u8 x)
  115. {
  116. switch (x) {
  117. case USB_ENC_TYPE_UNSECURE: return "unsecure";
  118. case USB_ENC_TYPE_WIRED: return "wired";
  119. case USB_ENC_TYPE_CCM_1: return "CCM-1";
  120. case USB_ENC_TYPE_RSA_1: return "RSA-1";
  121. default: return "unknown";
  122. }
  123. }
  124. EXPORT_SYMBOL_GPL(wusb_et_name);
  125. /*
  126. * Set the device encryption method
  127. *
  128. * We tell the device which encryption method to use; we do this when
  129. * setting up the device's security.
  130. */
  131. static int wusb_dev_set_encryption(struct usb_device *usb_dev, int value)
  132. {
  133. int result;
  134. struct device *dev = &usb_dev->dev;
  135. struct wusb_dev *wusb_dev = usb_dev->wusb_dev;
  136. if (value) {
  137. value = wusb_dev->ccm1_etd.bEncryptionValue;
  138. } else {
  139. /* FIXME: should be wusb_dev->etd[UNSECURE].bEncryptionValue */
  140. value = 0;
  141. }
  142. /* Set device's */
  143. result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
  144. USB_REQ_SET_ENCRYPTION,
  145. USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
  146. value, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
  147. if (result < 0)
  148. dev_err(dev, "Can't set device's WUSB encryption to "
  149. "%s (value %d): %d\n",
  150. wusb_et_name(wusb_dev->ccm1_etd.bEncryptionType),
  151. wusb_dev->ccm1_etd.bEncryptionValue, result);
  152. return result;
  153. }
  154. /*
  155. * Set the GTK to be used by a device.
  156. *
  157. * The device must be authenticated.
  158. */
  159. static int wusb_dev_set_gtk(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
  160. {
  161. struct usb_device *usb_dev = wusb_dev->usb_dev;
  162. u8 key_index = wusb_key_index(wusbhc->gtk_index,
  163. WUSB_KEY_INDEX_TYPE_GTK, WUSB_KEY_INDEX_ORIGINATOR_HOST);
  164. return usb_control_msg(
  165. usb_dev, usb_sndctrlpipe(usb_dev, 0),
  166. USB_REQ_SET_DESCRIPTOR,
  167. USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
  168. USB_DT_KEY << 8 | key_index, 0,
  169. &wusbhc->gtk.descr, wusbhc->gtk.descr.bLength,
  170. USB_CTRL_SET_TIMEOUT);
  171. }
  172. /* FIXME: prototype for adding security */
  173. int wusb_dev_sec_add(struct wusbhc *wusbhc,
  174. struct usb_device *usb_dev, struct wusb_dev *wusb_dev)
  175. {
  176. int result, bytes, secd_size;
  177. struct device *dev = &usb_dev->dev;
  178. struct usb_security_descriptor *secd, *new_secd;
  179. const struct usb_encryption_descriptor *etd, *ccm1_etd = NULL;
  180. const void *itr, *top;
  181. char buf[64];
  182. secd = kmalloc(sizeof(*secd), GFP_KERNEL);
  183. if (secd == NULL) {
  184. result = -ENOMEM;
  185. goto out;
  186. }
  187. result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
  188. 0, secd, sizeof(*secd));
  189. if (result < (int)sizeof(*secd)) {
  190. dev_err(dev, "Can't read security descriptor or "
  191. "not enough data: %d\n", result);
  192. goto out;
  193. }
  194. secd_size = le16_to_cpu(secd->wTotalLength);
  195. new_secd = krealloc(secd, secd_size, GFP_KERNEL);
  196. if (new_secd == NULL) {
  197. dev_err(dev,
  198. "Can't allocate space for security descriptors\n");
  199. result = -ENOMEM;
  200. goto out;
  201. }
  202. secd = new_secd;
  203. result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
  204. 0, secd, secd_size);
  205. if (result < secd_size) {
  206. dev_err(dev, "Can't read security descriptor or "
  207. "not enough data: %d\n", result);
  208. goto out;
  209. }
  210. bytes = 0;
  211. itr = &secd[1];
  212. top = (void *)secd + result;
  213. while (itr < top) {
  214. etd = itr;
  215. if (top - itr < sizeof(*etd)) {
  216. dev_err(dev, "BUG: bad device security descriptor; "
  217. "not enough data (%zu vs %zu bytes left)\n",
  218. top - itr, sizeof(*etd));
  219. break;
  220. }
  221. if (etd->bLength < sizeof(*etd)) {
  222. dev_err(dev, "BUG: bad device encryption descriptor; "
  223. "descriptor is too short "
  224. "(%u vs %zu needed)\n",
  225. etd->bLength, sizeof(*etd));
  226. break;
  227. }
  228. itr += etd->bLength;
  229. bytes += snprintf(buf + bytes, sizeof(buf) - bytes,
  230. "%s (0x%02x/%02x) ",
  231. wusb_et_name(etd->bEncryptionType),
  232. etd->bEncryptionValue, etd->bAuthKeyIndex);
  233. if (etd->bEncryptionType == USB_ENC_TYPE_CCM_1)
  234. ccm1_etd = etd;
  235. }
  236. /* This code only supports CCM1 as of now. */
  237. /* FIXME: user has to choose which sec mode to use?
  238. * In theory we want CCM */
  239. if (ccm1_etd == NULL) {
  240. dev_err(dev, "WUSB device doesn't support CCM1 encryption, "
  241. "can't use!\n");
  242. result = -EINVAL;
  243. goto out;
  244. }
  245. wusb_dev->ccm1_etd = *ccm1_etd;
  246. dev_dbg(dev, "supported encryption: %s; using %s (0x%02x/%02x)\n",
  247. buf, wusb_et_name(ccm1_etd->bEncryptionType),
  248. ccm1_etd->bEncryptionValue, ccm1_etd->bAuthKeyIndex);
  249. result = 0;
  250. out:
  251. kfree(secd);
  252. return result;
  253. }
  254. void wusb_dev_sec_rm(struct wusb_dev *wusb_dev)
  255. {
  256. /* Nothing so far */
  257. }
  258. /**
  259. * Update the address of an unauthenticated WUSB device
  260. *
  261. * Once we have successfully authenticated, we take it to addr0 state
  262. * and then to a normal address.
  263. *
  264. * Before the device's address (as known by it) was usb_dev->devnum |
  265. * 0x80 (unauthenticated address). With this we update it to usb_dev->devnum.
  266. */
  267. int wusb_dev_update_address(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
  268. {
  269. int result = -ENOMEM;
  270. struct usb_device *usb_dev = wusb_dev->usb_dev;
  271. struct device *dev = &usb_dev->dev;
  272. u8 new_address = wusb_dev->addr & 0x7F;
  273. /* Set address 0 */
  274. result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
  275. USB_REQ_SET_ADDRESS,
  276. USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
  277. 0, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
  278. if (result < 0) {
  279. dev_err(dev, "auth failed: can't set address 0: %d\n",
  280. result);
  281. goto error_addr0;
  282. }
  283. result = wusb_set_dev_addr(wusbhc, wusb_dev, 0);
  284. if (result < 0)
  285. goto error_addr0;
  286. usb_set_device_state(usb_dev, USB_STATE_DEFAULT);
  287. usb_ep0_reinit(usb_dev);
  288. /* Set new (authenticated) address. */
  289. result = usb_control_msg(usb_dev, usb_sndctrlpipe(usb_dev, 0),
  290. USB_REQ_SET_ADDRESS,
  291. USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
  292. new_address, 0, NULL, 0,
  293. USB_CTRL_SET_TIMEOUT);
  294. if (result < 0) {
  295. dev_err(dev, "auth failed: can't set address %u: %d\n",
  296. new_address, result);
  297. goto error_addr;
  298. }
  299. result = wusb_set_dev_addr(wusbhc, wusb_dev, new_address);
  300. if (result < 0)
  301. goto error_addr;
  302. usb_set_device_state(usb_dev, USB_STATE_ADDRESS);
  303. usb_ep0_reinit(usb_dev);
  304. usb_dev->authenticated = 1;
  305. error_addr:
  306. error_addr0:
  307. return result;
  308. }
  309. /*
  310. *
  311. *
  312. */
  313. /* FIXME: split and cleanup */
  314. int wusb_dev_4way_handshake(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev,
  315. struct wusb_ckhdid *ck)
  316. {
  317. int result = -ENOMEM;
  318. struct usb_device *usb_dev = wusb_dev->usb_dev;
  319. struct device *dev = &usb_dev->dev;
  320. u32 tkid;
  321. struct usb_handshake *hs;
  322. struct aes_ccm_nonce ccm_n;
  323. u8 mic[8];
  324. struct wusb_keydvt_in keydvt_in;
  325. struct wusb_keydvt_out keydvt_out;
  326. hs = kcalloc(3, sizeof(hs[0]), GFP_KERNEL);
  327. if (!hs)
  328. goto error_kzalloc;
  329. /* We need to turn encryption before beginning the 4way
  330. * hshake (WUSB1.0[.3.2.2]) */
  331. result = wusb_dev_set_encryption(usb_dev, 1);
  332. if (result < 0)
  333. goto error_dev_set_encryption;
  334. tkid = wusbhc_next_tkid(wusbhc, wusb_dev);
  335. hs[0].bMessageNumber = 1;
  336. hs[0].bStatus = 0;
  337. put_unaligned_le32(tkid, hs[0].tTKID);
  338. hs[0].bReserved = 0;
  339. memcpy(hs[0].CDID, &wusb_dev->cdid, sizeof(hs[0].CDID));
  340. get_random_bytes(&hs[0].nonce, sizeof(hs[0].nonce));
  341. memset(hs[0].MIC, 0, sizeof(hs[0].MIC)); /* Per WUSB1.0[T7-22] */
  342. result = usb_control_msg(
  343. usb_dev, usb_sndctrlpipe(usb_dev, 0),
  344. USB_REQ_SET_HANDSHAKE,
  345. USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
  346. 1, 0, &hs[0], sizeof(hs[0]), USB_CTRL_SET_TIMEOUT);
  347. if (result < 0) {
  348. dev_err(dev, "Handshake1: request failed: %d\n", result);
  349. goto error_hs1;
  350. }
  351. /* Handshake 2, from the device -- need to verify fields */
  352. result = usb_control_msg(
  353. usb_dev, usb_rcvctrlpipe(usb_dev, 0),
  354. USB_REQ_GET_HANDSHAKE,
  355. USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
  356. 2, 0, &hs[1], sizeof(hs[1]), USB_CTRL_GET_TIMEOUT);
  357. if (result < 0) {
  358. dev_err(dev, "Handshake2: request failed: %d\n", result);
  359. goto error_hs2;
  360. }
  361. result = -EINVAL;
  362. if (hs[1].bMessageNumber != 2) {
  363. dev_err(dev, "Handshake2 failed: bad message number %u\n",
  364. hs[1].bMessageNumber);
  365. goto error_hs2;
  366. }
  367. if (hs[1].bStatus != 0) {
  368. dev_err(dev, "Handshake2 failed: bad status %u\n",
  369. hs[1].bStatus);
  370. goto error_hs2;
  371. }
  372. if (memcmp(hs[0].tTKID, hs[1].tTKID, sizeof(hs[0].tTKID))) {
  373. dev_err(dev, "Handshake2 failed: TKID mismatch "
  374. "(#1 0x%02x%02x%02x vs #2 0x%02x%02x%02x)\n",
  375. hs[0].tTKID[0], hs[0].tTKID[1], hs[0].tTKID[2],
  376. hs[1].tTKID[0], hs[1].tTKID[1], hs[1].tTKID[2]);
  377. goto error_hs2;
  378. }
  379. if (memcmp(hs[0].CDID, hs[1].CDID, sizeof(hs[0].CDID))) {
  380. dev_err(dev, "Handshake2 failed: CDID mismatch\n");
  381. goto error_hs2;
  382. }
  383. /* Setup the CCM nonce */
  384. memset(&ccm_n.sfn, 0, sizeof(ccm_n.sfn)); /* Per WUSB1.0[6.5.2] */
  385. put_unaligned_le32(tkid, ccm_n.tkid);
  386. ccm_n.src_addr = wusbhc->uwb_rc->uwb_dev.dev_addr;
  387. ccm_n.dest_addr.data[0] = wusb_dev->addr;
  388. ccm_n.dest_addr.data[1] = 0;
  389. /* Derive the KCK and PTK from CK, the CCM, H and D nonces */
  390. memcpy(keydvt_in.hnonce, hs[0].nonce, sizeof(keydvt_in.hnonce));
  391. memcpy(keydvt_in.dnonce, hs[1].nonce, sizeof(keydvt_in.dnonce));
  392. result = wusb_key_derive(&keydvt_out, ck->data, &ccm_n, &keydvt_in);
  393. if (result < 0) {
  394. dev_err(dev, "Handshake2 failed: cannot derive keys: %d\n",
  395. result);
  396. goto error_hs2;
  397. }
  398. /* Compute MIC and verify it */
  399. result = wusb_oob_mic(mic, keydvt_out.kck, &ccm_n, &hs[1]);
  400. if (result < 0) {
  401. dev_err(dev, "Handshake2 failed: cannot compute MIC: %d\n",
  402. result);
  403. goto error_hs2;
  404. }
  405. if (memcmp(hs[1].MIC, mic, sizeof(hs[1].MIC))) {
  406. dev_err(dev, "Handshake2 failed: MIC mismatch\n");
  407. goto error_hs2;
  408. }
  409. /* Send Handshake3 */
  410. hs[2].bMessageNumber = 3;
  411. hs[2].bStatus = 0;
  412. put_unaligned_le32(tkid, hs[2].tTKID);
  413. hs[2].bReserved = 0;
  414. memcpy(hs[2].CDID, &wusb_dev->cdid, sizeof(hs[2].CDID));
  415. memcpy(hs[2].nonce, hs[0].nonce, sizeof(hs[2].nonce));
  416. result = wusb_oob_mic(hs[2].MIC, keydvt_out.kck, &ccm_n, &hs[2]);
  417. if (result < 0) {
  418. dev_err(dev, "Handshake3 failed: cannot compute MIC: %d\n",
  419. result);
  420. goto error_hs2;
  421. }
  422. result = usb_control_msg(
  423. usb_dev, usb_sndctrlpipe(usb_dev, 0),
  424. USB_REQ_SET_HANDSHAKE,
  425. USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE,
  426. 3, 0, &hs[2], sizeof(hs[2]), USB_CTRL_SET_TIMEOUT);
  427. if (result < 0) {
  428. dev_err(dev, "Handshake3: request failed: %d\n", result);
  429. goto error_hs3;
  430. }
  431. result = wusbhc->set_ptk(wusbhc, wusb_dev->port_idx, tkid,
  432. keydvt_out.ptk, sizeof(keydvt_out.ptk));
  433. if (result < 0)
  434. goto error_wusbhc_set_ptk;
  435. result = wusb_dev_set_gtk(wusbhc, wusb_dev);
  436. if (result < 0) {
  437. dev_err(dev, "Set GTK for device: request failed: %d\n",
  438. result);
  439. goto error_wusbhc_set_gtk;
  440. }
  441. /* Update the device's address from unauth to auth */
  442. if (usb_dev->authenticated == 0) {
  443. result = wusb_dev_update_address(wusbhc, wusb_dev);
  444. if (result < 0)
  445. goto error_dev_update_address;
  446. }
  447. result = 0;
  448. dev_info(dev, "device authenticated\n");
  449. error_dev_update_address:
  450. error_wusbhc_set_gtk:
  451. error_wusbhc_set_ptk:
  452. error_hs3:
  453. error_hs2:
  454. error_hs1:
  455. memset(hs, 0, 3*sizeof(hs[0]));
  456. memzero_explicit(&keydvt_out, sizeof(keydvt_out));
  457. memzero_explicit(&keydvt_in, sizeof(keydvt_in));
  458. memzero_explicit(&ccm_n, sizeof(ccm_n));
  459. memzero_explicit(mic, sizeof(mic));
  460. if (result < 0)
  461. wusb_dev_set_encryption(usb_dev, 0);
  462. error_dev_set_encryption:
  463. kfree(hs);
  464. error_kzalloc:
  465. return result;
  466. }
  467. /*
  468. * Once all connected and authenticated devices have received the new
  469. * GTK, switch the host to using it.
  470. */
  471. static void wusbhc_gtk_rekey_work(struct work_struct *work)
  472. {
  473. struct wusbhc *wusbhc = container_of(work,
  474. struct wusbhc, gtk_rekey_work);
  475. size_t key_size = sizeof(wusbhc->gtk.data);
  476. int port_idx;
  477. struct wusb_dev *wusb_dev, *wusb_dev_next;
  478. LIST_HEAD(rekey_list);
  479. mutex_lock(&wusbhc->mutex);
  480. /* generate the new key */
  481. wusbhc_generate_gtk(wusbhc);
  482. /* roll the gtk index. */
  483. wusbhc->gtk_index = (wusbhc->gtk_index + 1) % (WUSB_KEY_INDEX_MAX + 1);
  484. /*
  485. * Save all connected devices on a list while holding wusbhc->mutex and
  486. * take a reference to each one. Then submit the set key request to
  487. * them after releasing the lock in order to avoid a deadlock.
  488. */
  489. for (port_idx = 0; port_idx < wusbhc->ports_max; port_idx++) {
  490. wusb_dev = wusbhc->port[port_idx].wusb_dev;
  491. if (!wusb_dev || !wusb_dev->usb_dev
  492. || !wusb_dev->usb_dev->authenticated)
  493. continue;
  494. wusb_dev_get(wusb_dev);
  495. list_add_tail(&wusb_dev->rekey_node, &rekey_list);
  496. }
  497. mutex_unlock(&wusbhc->mutex);
  498. /* Submit the rekey requests without holding wusbhc->mutex. */
  499. list_for_each_entry_safe(wusb_dev, wusb_dev_next, &rekey_list,
  500. rekey_node) {
  501. list_del_init(&wusb_dev->rekey_node);
  502. dev_dbg(&wusb_dev->usb_dev->dev,
  503. "%s: rekey device at port %d\n",
  504. __func__, wusb_dev->port_idx);
  505. if (wusb_dev_set_gtk(wusbhc, wusb_dev) < 0) {
  506. dev_err(&wusb_dev->usb_dev->dev,
  507. "%s: rekey device at port %d failed\n",
  508. __func__, wusb_dev->port_idx);
  509. }
  510. wusb_dev_put(wusb_dev);
  511. }
  512. /* Switch the host controller to use the new GTK. */
  513. mutex_lock(&wusbhc->mutex);
  514. wusbhc->set_gtk(wusbhc, wusbhc->gtk_tkid,
  515. &wusbhc->gtk.descr.bKeyData, key_size);
  516. mutex_unlock(&wusbhc->mutex);
  517. }
  518. /**
  519. * wusbhc_gtk_rekey - generate and distribute a new GTK
  520. * @wusbhc: the WUSB host controller
  521. *
  522. * Generate a new GTK and distribute it to all connected and
  523. * authenticated devices. When all devices have the new GTK, the host
  524. * starts using it.
  525. *
  526. * This must be called after every device disconnect (see [WUSB]
  527. * section 6.2.11.2).
  528. */
  529. void wusbhc_gtk_rekey(struct wusbhc *wusbhc)
  530. {
  531. /*
  532. * We need to submit a URB to the downstream WUSB devices in order to
  533. * change the group key. This can't be done while holding the
  534. * wusbhc->mutex since that is also taken in the urb_enqueue routine
  535. * and will cause a deadlock. Instead, queue a work item to do
  536. * it when the lock is not held
  537. */
  538. queue_work(wusbhc->wq_security, &wusbhc->gtk_rekey_work);
  539. }