[PATCH wireless-next v2 0/1] wifi: mac80211: change ieee80211_gtk_rekey_add API

[PATCH wireless-next v2 0/1] wifi: mac80211: change ieee80211_gtk_rekey_add API

[Miri Korenblit]

In order to make the drivers' lives easier, change this API to receive
only what it really needs and not an entire ieee80211_key_conf.

As the cipher (and therefore also the key length) remains the same upon
a rekey, there is no need for the driver to send this information —
mac80211 can infer it from the old key.

This will spare the drivers from looking up the key's cipher.

Note that this patch makes only the necessary changes without any
cleanup of the drivers' code.
Those can be done later.

Miri
---

Miri Korenblit (1):
  wifi: mac80211: don't require cipher and keylen in gtk rekey

 drivers/net/wireless/intel/iwlwifi/mld/d3.c |  7 +++-
 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 11 +++++--
 drivers/net/wireless/realtek/rtw89/wow.c    |  7 ++--
 include/net/mac80211.h                      |  7 ++--
 net/mac80211/key.c                          | 36 +++++++++++++++++++--
 5 files changed, 58 insertions(+), 10 deletions(-)

-- 
2.34.1

[PATCH wireless-next v2 1/1] wifi: mac80211: don't require cipher and keylen in gtk rekey

[Miri Korenblit]

ieee80211_add_gtk_rekey receives a keyconf as an argument, and the
cipher and keylen are taken from there to the new allocated key.
But in rekey, both the cipher and the keylen should be the same as of
the old key, so let ieee80211_add_gtk_rekey find those, so drivers won't
have to fill it in.

Reviewed-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
---
 drivers/net/wireless/intel/iwlwifi/mld/d3.c |  7 +++-
 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 11 +++++--
 drivers/net/wireless/realtek/rtw89/wow.c    |  7 ++--
 include/net/mac80211.h                      |  7 ++--
 net/mac80211/key.c                          | 36 +++++++++++++++++++--
 5 files changed, 58 insertions(+), 10 deletions(-)

---
v2: fixed kernel doc

diff --git a/drivers/net/wireless/intel/iwlwifi/mld/d3.c b/drivers/net/wireless/intel/iwlwifi/mld/d3.c
index 26255246a320..ed0a0f76f1c5 100644
--- a/drivers/net/wireless/intel/iwlwifi/mld/d3.c
+++ b/drivers/net/wireless/intel/iwlwifi/mld/d3.c
@@ -762,6 +762,7 @@ iwl_mld_add_mcast_rekey(struct ieee80211_vif *vif,
 		.conf.keyidx = key_data->id,
 	};
 	int link_id = vif->active_links ? __ffs(vif->active_links) : -1;
+	u8 key[WOWLAN_KEY_MAX_SIZE];
 
 	BUILD_BUG_ON(WLAN_KEY_LEN_CCMP != WLAN_KEY_LEN_GCMP);
 	BUILD_BUG_ON(sizeof(conf.key) < WLAN_KEY_LEN_CCMP);
@@ -803,7 +804,11 @@ iwl_mld_add_mcast_rekey(struct ieee80211_vif *vif,
 	}
 
 	memcpy(conf.conf.key, key_data->key, conf.conf.keylen);
-	key_config = ieee80211_gtk_rekey_add(vif, &conf.conf, link_id);
+
+	memcpy(key, key_data->key, sizeof(key_data->key));
+
+	key_config = ieee80211_gtk_rekey_add(vif, key_data->id, key,
+					     sizeof(key), link_id);
 	if (IS_ERR(key_config))
 		return;
 
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
index ef9bab042902..997cdd76b13c 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
@@ -1954,6 +1954,7 @@ static bool iwl_mvm_gtk_rekey(struct iwl_wowlan_status_data *status,
 	DEFINE_RAW_FLEX(struct ieee80211_key_conf, conf, key,
 			WOWLAN_KEY_MAX_SIZE);
 	int link_id = vif->active_links ? __ffs(vif->active_links) : -1;
+	u8 key_data[WOWLAN_KEY_MAX_SIZE];
 
 	conf->cipher = gtk_cipher;
 
@@ -1988,8 +1989,10 @@ static bool iwl_mvm_gtk_rekey(struct iwl_wowlan_status_data *status,
 				 conf->cipher, conf->keyidx);
 		memcpy(conf->key, status->gtk[i].key,
 		       sizeof(status->gtk[i].key));
+		memcpy(key_data, status->gtk[i].key, sizeof(status->gtk[i].key));
 
-		key = ieee80211_gtk_rekey_add(vif, conf, link_id);
+		key = ieee80211_gtk_rekey_add(vif, status->gtk[i].id, key_data,
+					      sizeof(key_data), link_id);
 		if (IS_ERR(key)) {
 			/* FW may send also the old keys */
 			if (PTR_ERR(key) == -EALREADY)
@@ -2021,6 +2024,7 @@ iwl_mvm_d3_igtk_bigtk_rekey_add(struct iwl_wowlan_status_data *status,
 	struct ieee80211_key_conf *key_config;
 	struct ieee80211_key_seq seq;
 	int link_id = vif->active_links ? __ffs(vif->active_links) : -1;
+	u8 key[WOWLAN_KEY_MAX_SIZE];
 	s8 keyidx = key_data->id;
 
 	conf->cipher = cipher;
@@ -2050,7 +2054,10 @@ iwl_mvm_d3_igtk_bigtk_rekey_add(struct iwl_wowlan_status_data *status,
 	BUILD_BUG_ON(WOWLAN_KEY_MAX_SIZE < sizeof(key_data->key));
 	memcpy(conf->key, key_data->key, conf->keylen);
 
-	key_config = ieee80211_gtk_rekey_add(vif, conf, link_id);
+	memcpy(key, key_data->key, sizeof(key_data->key));
+
+	key_config = ieee80211_gtk_rekey_add(vif, keyidx, key, sizeof(key),
+					     link_id);
 	if (IS_ERR(key_config)) {
 		/* FW may send also the old keys */
 		return PTR_ERR(key_config) == -EALREADY;
diff --git a/drivers/net/wireless/realtek/rtw89/wow.c b/drivers/net/wireless/realtek/rtw89/wow.c
index 071c7577df52..5bb7c1a42f1d 100644
--- a/drivers/net/wireless/realtek/rtw89/wow.c
+++ b/drivers/net/wireless/realtek/rtw89/wow.c
@@ -619,9 +619,12 @@ static struct ieee80211_key_conf *rtw89_wow_gtk_rekey(struct rtw89_dev *rtwdev,
 	       flex_array_size(rekey_conf, key, cipher_info->len));
 
 	if (ieee80211_vif_is_mld(wow_vif))
-		key = ieee80211_gtk_rekey_add(wow_vif, rekey_conf, rtwvif_link->link_id);
+		key = ieee80211_gtk_rekey_add(wow_vif, keyidx, gtk,
+					      cipher_info->len,
+					      rtwvif_link->link_id);
 	else
-		key = ieee80211_gtk_rekey_add(wow_vif, rekey_conf, -1);
+		key = ieee80211_gtk_rekey_add(wow_vif, keyidx, gtk,
+					      cipher_info->len, -1);
 
 	kfree(rekey_conf);
 	if (IS_ERR(key)) {
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index a0cf976a9117..a45e4bee65d4 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -6035,7 +6035,10 @@ void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
 /**
  * ieee80211_gtk_rekey_add - add a GTK key from rekeying during WoWLAN
  * @vif: the virtual interface to add the key on
- * @keyconf: new key data
+ * @idx: the keyidx of the key
+ * @key_data: the key data
+ * @key_len: the key data. Might be bigger than the actual key length,
+ *	but not smaller (for the driver convinence)
  * @link_id: the link id of the key or -1 for non-MLO
  *
  * When GTK rekeying was done while the system was suspended, (a) new
@@ -6062,7 +6065,7 @@ void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf,
  */
 struct ieee80211_key_conf *
 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
-			struct ieee80211_key_conf *keyconf,
+			u8 idx, u8 *key_data, u8 key_len,
 			int link_id);
 
 /**
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 9d65013ddac7..b14e9cd9713f 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -1356,11 +1356,12 @@ EXPORT_SYMBOL_GPL(ieee80211_set_key_rx_seq);
 
 struct ieee80211_key_conf *
 ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
-			struct ieee80211_key_conf *keyconf,
+			u8 idx, u8 *key_data, u8 key_len,
 			int link_id)
 {
 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
 	struct ieee80211_local *local = sdata->local;
+	struct ieee80211_key *prev_key;
 	struct ieee80211_key *key;
 	int err;
 	struct ieee80211_link_data *link_data =
@@ -1376,8 +1377,37 @@ ieee80211_gtk_rekey_add(struct ieee80211_vif *vif,
 	if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
 		return ERR_PTR(-EINVAL);
 
-	key = ieee80211_key_alloc(keyconf->cipher, keyconf->keyidx,
-				  keyconf->keylen, keyconf->key,
+	if (WARN_ON(idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
+		    NUM_DEFAULT_BEACON_KEYS))
+		return ERR_PTR(-EINVAL);
+
+	prev_key = wiphy_dereference(local->hw.wiphy,
+				     link_data->gtk[idx]);
+	if (!prev_key) {
+		if (idx < NUM_DEFAULT_KEYS) {
+			for (int i = 0; i < NUM_DEFAULT_KEYS; i++) {
+				if (i == idx)
+					continue;
+				prev_key = wiphy_dereference(local->hw.wiphy,
+							     link_data->gtk[i]);
+				if (prev_key)
+					break;
+			}
+		} else {
+			/* For IGTK we have 4 and 5 and for BIGTK - 6 and 7 */
+			prev_key = wiphy_dereference(local->hw.wiphy,
+						     link_data->gtk[idx ^ 1]);
+		}
+	}
+
+	if (WARN_ON(!prev_key))
+		return ERR_PTR(-EINVAL);
+
+	if (WARN_ON(key_len < prev_key->conf.keylen))
+		return ERR_PTR(-EINVAL);
+
+	key = ieee80211_key_alloc(prev_key->conf.cipher, idx,
+				  prev_key->conf.keylen, key_data,
 				  0, NULL);
 	if (IS_ERR(key))
 		return ERR_CAST(key);
-- 
2.34.1

RE: [PATCH wireless-next v2 1/1] wifi: mac80211: don't require cipher and keylen in gtk rekey

[Ping-Ke Shih]

> diff --git a/drivers/net/wireless/realtek/rtw89/wow.c b/drivers/net/wireless/realtek/rtw89/wow.c
> index 071c7577df52..5bb7c1a42f1d 100644
> --- a/drivers/net/wireless/realtek/rtw89/wow.c
> +++ b/drivers/net/wireless/realtek/rtw89/wow.c
> @@ -619,9 +619,12 @@ static struct ieee80211_key_conf *rtw89_wow_gtk_rekey(struct rtw89_dev *rtwdev,
>                flex_array_size(rekey_conf, key, cipher_info->len));
> 
>         if (ieee80211_vif_is_mld(wow_vif))
> -               key = ieee80211_gtk_rekey_add(wow_vif, rekey_conf, rtwvif_link->link_id);
> +               key = ieee80211_gtk_rekey_add(wow_vif, keyidx, gtk,
> +                                             cipher_info->len,
> +                                             rtwvif_link->link_id);
>         else
> -               key = ieee80211_gtk_rekey_add(wow_vif, rekey_conf, -1);
> +               key = ieee80211_gtk_rekey_add(wow_vif, keyidx, gtk,
> +                                             cipher_info->len, -1);
> 
>         kfree(rekey_conf);

For the rtw89 part, the local allocate/free instance of rekey_conf
isn't used anymore. Please remove it by the way. 

>         if (IS_ERR(key)) {

RE: [PATCH wireless-next v2 1/1] wifi: mac80211: don't require cipher and keylen in gtk rekey

[Korenblit, Miriam Rachel]

> -----Original Message-----
> From: Ping-Ke Shih <pkshih@realtek.com>
> Sent: Tuesday, 22 July 2025 5:51
> To: Korenblit, Miriam Rachel <miriam.rachel.korenblit@intel.com>; linux-
> wireless@vger.kernel.org
> Cc: Berg, Johannes <johannes.berg@intel.com>
> Subject: RE: [PATCH wireless-next v2 1/1] wifi: mac80211: don't require cipher
> and keylen in gtk rekey
> 
> 
> > diff --git a/drivers/net/wireless/realtek/rtw89/wow.c
> > b/drivers/net/wireless/realtek/rtw89/wow.c
> > index 071c7577df52..5bb7c1a42f1d 100644
> > --- a/drivers/net/wireless/realtek/rtw89/wow.c
> > +++ b/drivers/net/wireless/realtek/rtw89/wow.c
> > @@ -619,9 +619,12 @@ static struct ieee80211_key_conf
> *rtw89_wow_gtk_rekey(struct rtw89_dev *rtwdev,
> >                flex_array_size(rekey_conf, key, cipher_info->len));
> >
> >         if (ieee80211_vif_is_mld(wow_vif))
> > -               key = ieee80211_gtk_rekey_add(wow_vif, rekey_conf, rtwvif_link-
> >link_id);
> > +               key = ieee80211_gtk_rekey_add(wow_vif, keyidx, gtk,
> > +                                             cipher_info->len,
> > +                                             rtwvif_link->link_id);
> >         else
> > -               key = ieee80211_gtk_rekey_add(wow_vif, rekey_conf, -1);
> > +               key = ieee80211_gtk_rekey_add(wow_vif, keyidx, gtk,
> > +                                             cipher_info->len, -1);
> >
> >         kfree(rekey_conf);
> 
> For the rtw89 part, the local allocate/free instance of rekey_conf isn't used
> anymore. Please remove it by the way.

Johannes asked me not to do much driver cleanups and have this commit small as possible wrt to driver changes.
This patch is only to make things work. Cleanups can be done later.
Johannes, unless you consider this cleanup small enough?

> 
> >         if (IS_ERR(key)) {
> 

RE: [PATCH wireless-next v2 1/1] wifi: mac80211: don't require cipher and keylen in gtk rekey

[Ping-Ke Shih]

Korenblit, Miriam Rachel <miriam.rachel.korenblit@intel.com> wrote:
> > -----Original Message-----
> > From: Ping-Ke Shih <pkshih@realtek.com>
> > Sent: Tuesday, 22 July 2025 5:51
> > To: Korenblit, Miriam Rachel <miriam.rachel.korenblit@intel.com>; linux-
> > wireless@vger.kernel.org
> > Cc: Berg, Johannes <johannes.berg@intel.com>
> > Subject: RE: [PATCH wireless-next v2 1/1] wifi: mac80211: don't require cipher
> > and keylen in gtk rekey
> >
> >
> > > diff --git a/drivers/net/wireless/realtek/rtw89/wow.c
> > > b/drivers/net/wireless/realtek/rtw89/wow.c
> > > index 071c7577df52..5bb7c1a42f1d 100644
> > > --- a/drivers/net/wireless/realtek/rtw89/wow.c
> > > +++ b/drivers/net/wireless/realtek/rtw89/wow.c
> > > @@ -619,9 +619,12 @@ static struct ieee80211_key_conf
> > *rtw89_wow_gtk_rekey(struct rtw89_dev *rtwdev,
> > >                flex_array_size(rekey_conf, key, cipher_info->len));
> > >
> > >         if (ieee80211_vif_is_mld(wow_vif))
> > > -               key = ieee80211_gtk_rekey_add(wow_vif, rekey_conf, rtwvif_link-
> > >link_id);
> > > +               key = ieee80211_gtk_rekey_add(wow_vif, keyidx, gtk,
> > > +                                             cipher_info->len,
> > > +                                             rtwvif_link->link_id);
> > >         else
> > > -               key = ieee80211_gtk_rekey_add(wow_vif, rekey_conf, -1);
> > > +               key = ieee80211_gtk_rekey_add(wow_vif, keyidx, gtk,
> > > +                                             cipher_info->len, -1);
> > >
> > >         kfree(rekey_conf);
> >
> > For the rtw89 part, the local allocate/free instance of rekey_conf isn't used
> > anymore. Please remove it by the way.
> 
> Johannes asked me not to do much driver cleanups and have this commit small as possible wrt to driver changes.
> This patch is only to make things work. Cleanups can be done later.

Understood. You or I can do it afterward. 

> Johannes, unless you consider this cleanup small enough?
> 
> >
> > >         if (IS_ERR(key)) {
> >