Lines Matching +full:no +full:- +full:big +full:- +full:frame +full:- +full:no
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
5 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
77 if (k->wk_flags & IEEE80211_KEY_GROUP) in null_key_alloc()
99 * Write-arounds for common operations.
104 key->wk_cipher->ic_detach(key); in cipher_detach()
110 return key->wk_cipher->ic_attach(vap, key); in cipher_attach()
121 return vap->iv_key_alloc(vap, key, keyix, rxkeyix); in dev_key_alloc()
128 return vap->iv_key_delete(vap, key); in dev_key_delete()
134 return vap->iv_key_set(vap, key); in dev_key_set()
143 /* NB: we assume everything is pre-zero'd */ in ieee80211_crypto_attach()
155 ic->ic_sw_cryptocaps = IEEE80211_CRYPTO_WEP | in ieee80211_crypto_attach()
170 * suites in 802.11-2016 (see 9.4.2.25.3 - AKM suites.) in ieee80211_crypto_attach()
171 * For now they still need to be set - these flags are checked in ieee80211_crypto_attach()
175 ic->ic_sw_keymgmtcaps = 0; in ieee80211_crypto_attach()
193 ic->ic_sw_cryptocaps = cipher_set; in ieee80211_crypto_set_supported_software_ciphers()
203 ic->ic_cryptocaps = cipher_set; in ieee80211_crypto_set_supported_hardware_ciphers()
220 ic->ic_sw_keymgmtcaps = keymgmt_set; in ieee80211_crypto_set_supported_driver_keymgmt()
231 /* NB: we assume everything is pre-zero'd */ in ieee80211_crypto_vattach()
232 vap->iv_max_keyix = IEEE80211_WEP_NKID; in ieee80211_crypto_vattach()
233 vap->iv_def_txkey = IEEE80211_KEYIX_NONE; in ieee80211_crypto_vattach()
235 ieee80211_crypto_resetkey(vap, &vap->iv_nw_keys[i], in ieee80211_crypto_vattach()
241 vap->iv_key_alloc = null_key_alloc; in ieee80211_crypto_vattach()
242 vap->iv_key_set = null_key_set; in ieee80211_crypto_vattach()
243 vap->iv_key_delete = null_key_delete; in ieee80211_crypto_vattach()
244 vap->iv_key_update_begin = null_key_update; in ieee80211_crypto_vattach()
245 vap->iv_key_update_end = null_key_update; in ieee80211_crypto_vattach()
263 if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { in ieee80211_crypto_register()
265 __func__, cip->ic_name, cip->ic_cipher); in ieee80211_crypto_register()
268 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { in ieee80211_crypto_register()
270 __func__, cip->ic_name); in ieee80211_crypto_register()
273 ciphers[cip->ic_cipher] = cip; in ieee80211_crypto_register()
282 if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { in ieee80211_crypto_unregister()
284 __func__, cip->ic_name, cip->ic_cipher); in ieee80211_crypto_unregister()
287 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { in ieee80211_crypto_unregister()
289 __func__, cip->ic_name); in ieee80211_crypto_unregister()
294 ciphers[cip->ic_cipher] = NULL; in ieee80211_crypto_unregister()
303 /* XXX well-known names! */
321 /* NB: there must be no overlap between user-supplied and device-owned flags */
340 struct ieee80211com *ic = vap->iv_ic; in ieee80211_crypto_newkey()
348 __func__, cipher, flags, key->wk_keyix); in ieee80211_crypto_newkey()
356 vap->iv_stats.is_crypto_badcipher++; in ieee80211_crypto_newkey()
362 * Auto-load cipher module if we have a well-known name in ieee80211_crypto_newkey()
365 * name; e.g. wlan_cipher_<cipher-name>. in ieee80211_crypto_newkey()
381 vap->iv_stats.is_crypto_nocipher++; in ieee80211_crypto_newkey()
386 oflags = key->wk_flags; in ieee80211_crypto_newkey()
392 * fallback to a host-based implementation. in ieee80211_crypto_newkey()
394 if ((ic->ic_cryptocaps & (1<<cipher)) == 0) { in ieee80211_crypto_newkey()
396 "%s: no h/w support for cipher %s, falling back to s/w\n", in ieee80211_crypto_newkey()
397 __func__, cip->ic_name); in ieee80211_crypto_newkey()
408 (ic->ic_sw_cryptocaps & (1<<cipher)) == 0) { in ieee80211_crypto_newkey()
410 "%s: no s/w support for cipher %s, rejecting\n", in ieee80211_crypto_newkey()
411 __func__, cip->ic_name); in ieee80211_crypto_newkey()
412 vap->iv_stats.is_crypto_swcipherfail++; in ieee80211_crypto_newkey()
421 (ic->ic_cryptocaps & IEEE80211_CRYPTO_TKIPMIC) == 0) { in ieee80211_crypto_newkey()
423 "%s: no h/w support for TKIP MIC, falling back to s/w\n", in ieee80211_crypto_newkey()
434 if (key->wk_cipher != cip || key->wk_flags != flags) { in ieee80211_crypto_newkey()
441 key->wk_flags = flags; in ieee80211_crypto_newkey()
442 keyctx = cip->ic_attach(vap, key); in ieee80211_crypto_newkey()
446 __func__, cip->ic_name); in ieee80211_crypto_newkey()
447 key->wk_flags = oflags; /* restore old flags */ in ieee80211_crypto_newkey()
448 vap->iv_stats.is_crypto_attachfail++; in ieee80211_crypto_newkey()
452 key->wk_cipher = cip; /* XXX refcnt? */ in ieee80211_crypto_newkey()
453 key->wk_private = keyctx; in ieee80211_crypto_newkey()
464 if ((key->wk_flags & IEEE80211_KEY_DEVKEY) == 0) { in ieee80211_crypto_newkey()
469 vap->iv_stats.is_crypto_keyfail++; in ieee80211_crypto_newkey()
472 __func__, cip->ic_name); in ieee80211_crypto_newkey()
475 if (key->wk_flags != flags) { in ieee80211_crypto_newkey()
479 * Re-attach the cipher context to allow cipher in ieee80211_crypto_newkey()
484 "%b -> %b\n", __func__, cip->ic_name, in ieee80211_crypto_newkey()
486 key->wk_flags, IEEE80211_KEY_BITS); in ieee80211_crypto_newkey()
487 keyctx = cip->ic_attach(vap, key); in ieee80211_crypto_newkey()
491 "flags %b\n", __func__, cip->ic_name, in ieee80211_crypto_newkey()
492 key->wk_flags, IEEE80211_KEY_BITS); in ieee80211_crypto_newkey()
493 key->wk_flags = oflags; /* restore old flags */ in ieee80211_crypto_newkey()
494 vap->iv_stats.is_crypto_attachfail++; in ieee80211_crypto_newkey()
498 key->wk_cipher = cip; /* XXX refcnt? */ in ieee80211_crypto_newkey()
499 key->wk_private = keyctx; in ieee80211_crypto_newkey()
501 key->wk_keyix = keyix; in ieee80211_crypto_newkey()
502 key->wk_rxkeyix = rxkeyix; in ieee80211_crypto_newkey()
503 key->wk_flags |= IEEE80211_KEY_DEVKEY; in ieee80211_crypto_newkey()
509 * Remove the key (no locking, for internal use).
514 KASSERT(key->wk_cipher != NULL, ("No cipher!")); in _ieee80211_crypto_delkey()
518 __func__, key->wk_cipher->ic_name, in _ieee80211_crypto_delkey()
519 key->wk_keyix, key->wk_flags, IEEE80211_KEY_BITS, in _ieee80211_crypto_delkey()
520 key->wk_keyrsc[IEEE80211_NONQOS_TID], key->wk_keytsc, in _ieee80211_crypto_delkey()
521 key->wk_keylen); in _ieee80211_crypto_delkey()
523 if (key->wk_flags & IEEE80211_KEY_DEVKEY) { in _ieee80211_crypto_delkey()
531 __func__, key->wk_keyix); in _ieee80211_crypto_delkey()
532 vap->iv_stats.is_crypto_delkey++; in _ieee80211_crypto_delkey()
566 (void) _ieee80211_crypto_delkey(vap, &vap->iv_nw_keys[i]); in ieee80211_crypto_delglobalkeys()
580 const struct ieee80211_cipher *cip = key->wk_cipher; in ieee80211_crypto_setkey()
582 KASSERT(cip != NULL, ("No cipher!")); in ieee80211_crypto_setkey()
586 __func__, cip->ic_name, key->wk_keyix, in ieee80211_crypto_setkey()
587 key->wk_flags, IEEE80211_KEY_BITS, ether_sprintf(key->wk_macaddr), in ieee80211_crypto_setkey()
588 key->wk_keyrsc[IEEE80211_NONQOS_TID], key->wk_keytsc, in ieee80211_crypto_setkey()
589 key->wk_keylen); in ieee80211_crypto_setkey()
591 if ((key->wk_flags & IEEE80211_KEY_DEVKEY) == 0) { in ieee80211_crypto_setkey()
594 "%s: no device key setup done; should not happen!\n", in ieee80211_crypto_setkey()
596 vap->iv_stats.is_crypto_setkey_nokey++; in ieee80211_crypto_setkey()
603 if (!cip->ic_setkey(key)) { in ieee80211_crypto_setkey()
606 __func__, cip->ic_name, key->wk_keyix, in ieee80211_crypto_setkey()
607 key->wk_keylen, key->wk_flags, IEEE80211_KEY_BITS); in ieee80211_crypto_setkey()
608 vap->iv_stats.is_crypto_setkey_cipher++; in ieee80211_crypto_setkey()
615 * @brief Return index if the key is a WEP key (0..3); -1 otherwise.
622 * @returns 0..3 if it's a global/WEP key, -1 otherwise.
630 return (k - vap->iv_nw_keys); in ieee80211_crypto_get_key_wepidx()
632 return (-1); in ieee80211_crypto_get_key_wepidx()
652 return (k - vap->iv_nw_keys); in ieee80211_crypto_get_keyid()
659 * @param Return the key to use for encrypting an mbuf frame to a node
661 * This routine chooses a suitable key used to encrypt the given frame with.
667 * @param ni The ieee80211_node to send the frame to
669 * @returns the ieee80211_key to encrypt with, or NULL if there's no suitable key
674 struct ieee80211vap *vap = ni->ni_vap; in ieee80211_crypto_get_txkey()
681 * transmit key if there was no unicast key. This in ieee80211_crypto_get_txkey()
682 * behaviour was documented up to IEEE Std 802.11-2016, in ieee80211_crypto_get_txkey()
683 * 12.9.2.2 Per-MSDU/Per-A-MSDU Tx pseudocode, in the in ieee80211_crypto_get_txkey()
684 * 'else' case but is no longer in later versions of in ieee80211_crypto_get_txkey()
689 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { in ieee80211_crypto_get_txkey()
690 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE) { in ieee80211_crypto_get_txkey()
692 wh->i_addr1, in ieee80211_crypto_get_txkey()
693 "no default transmit key (%s) deftxkey %u", in ieee80211_crypto_get_txkey()
694 __func__, vap->iv_def_txkey); in ieee80211_crypto_get_txkey()
695 vap->iv_stats.is_tx_nodefkey++; in ieee80211_crypto_get_txkey()
698 return &vap->iv_nw_keys[vap->iv_def_txkey]; in ieee80211_crypto_get_txkey()
701 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) in ieee80211_crypto_get_txkey()
703 return &ni->ni_ucastkey; in ieee80211_crypto_get_txkey()
709 * This routine handles the mechanics of encryption - expanding the
718 * should still call this for completeness - it indicates to the
719 * driver that the frame itself should be encrypted.
725 * @param ni ieee80211_node for this frame
727 * @returns the key used if the frame is to be encrypted, NULL otherwise
736 cip = k->wk_cipher; in ieee80211_crypto_encap()
737 return (cip->ic_encap(k, m) ? k : NULL); in ieee80211_crypto_encap()
744 * @brief Decapsulate and validate an encrypted frame.
746 * This handles an encrypted frame (one with the privacy bit set.)
751 * Instead, drivers passed the potentially decrypted frame - fully,
752 * partial, or not at all - and net80211 will call this as appropriate.
758 * If the frame was decrypted and validated successfully then 1 is returned
759 * and the mbuf can be treated as an 802.11 frame. If it is not decrypted
763 * @param ni ieee80211_node for received frame
764 * @param m mbuf frame to receive
767 * @returns 0 if the frame wasn't decrypted/validated, 1 if decrypted/validated.
777 struct ieee80211vap *vap = ni->ni_vap; in ieee80211_crypto_decap()
792 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED)) { in ieee80211_crypto_decap()
793 if (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP) { in ieee80211_crypto_decap()
804 /* NB: this minimum size data frame could be bigger */ in ieee80211_crypto_decap()
805 if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) { in ieee80211_crypto_decap()
807 "%s: WEP data frame too short, len %u\n", in ieee80211_crypto_decap()
808 __func__, m->m_pkthdr.len); in ieee80211_crypto_decap()
809 vap->iv_stats.is_rx_tooshort++; /* XXX need unique stat? */ in ieee80211_crypto_decap()
815 * Locate the key. If unicast and there is no unicast in ieee80211_crypto_decap()
822 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || in ieee80211_crypto_decap()
823 IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) in ieee80211_crypto_decap()
824 k = &vap->iv_nw_keys[keyid >> 6]; in ieee80211_crypto_decap()
826 k = &ni->ni_ucastkey; in ieee80211_crypto_decap()
832 cip = k->wk_cipher; in ieee80211_crypto_decap()
833 if (m->m_len < hdrlen + cip->ic_header) { in ieee80211_crypto_decap()
834 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, in ieee80211_crypto_decap()
835 "frame is too short (%d < %u) for crypto decap", in ieee80211_crypto_decap()
836 cip->ic_name, m->m_len, hdrlen + cip->ic_header); in ieee80211_crypto_decap()
837 vap->iv_stats.is_rx_tooshort++; in ieee80211_crypto_decap()
845 * If we fail then don't return the key - return NULL in ieee80211_crypto_decap()
848 if (cip->ic_decap(k, m, hdrlen)) { in ieee80211_crypto_decap()
862 * @brief Check and remove any post-defragmentation MIC from an MSDU.
869 * defragmented MSDU. Please see 802.11-2020 12.5.2.1.3 (TKIP decapsulation)
890 * Handle demic / mic errors from hardware-decrypted offload devices. in ieee80211_crypto_demic()
892 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED)) { in ieee80211_crypto_demic()
893 if ((rxs->c_pktflags & IEEE80211_RX_F_FAIL_MMIC) != 0) { in ieee80211_crypto_demic()
898 * Eventually - teach the demic methods in crypto in ieee80211_crypto_demic()
907 if ((rxs->c_pktflags & in ieee80211_crypto_demic()
926 cip = k->wk_cipher; in ieee80211_crypto_demic()
927 return (cip->ic_miclen > 0 ? cip->ic_demic(k, m, force) : 1); in ieee80211_crypto_demic()
933 struct ieee80211vap *vap = ni->ni_vap; in load_ucastkey()
936 if (vap->iv_state != IEEE80211_S_RUN) in load_ucastkey()
938 k = &ni->ni_ucastkey; in load_ucastkey()
939 if (k->wk_flags & IEEE80211_KEY_DEVKEY) in load_ucastkey()
944 * Re-load all keys known to the 802.11 layer that may
958 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { in ieee80211_crypto_reload_keys()
959 if (vap->iv_state != IEEE80211_S_RUN) in ieee80211_crypto_reload_keys()
962 const struct ieee80211_key *k = &vap->iv_nw_keys[i]; in ieee80211_crypto_reload_keys()
963 if (k->wk_flags & IEEE80211_KEY_DEVKEY) in ieee80211_crypto_reload_keys()
970 ieee80211_iterate_nodes(&ic->ic_sta, load_ucastkey, NULL); in ieee80211_crypto_reload_keys()
974 * Set the default key index for WEP, or KEYIX_NONE for no default TX key.
985 vap->iv_update_deftxkey(vap, kid); in ieee80211_crypto_set_deftxkey()
989 * @brief Calculate the AAD required for this frame for AES-GCM/AES-CCM.
991 * The contents are described in 802.11-2020 12.5.3.3.3 (Construct AAD)
992 * under AES-CCM and are shared with AES-GCM as covered in 12.5.5.3.3
993 * (Construct AAD) (AES-GCM).
995 * NOTE: the first two bytes are a 16 bit big-endian length, which are used
996 * by AES-CCM as part of the Adata field (RFC 3610, section 2.2
999 * uses the two byte big endian option.
1001 * AES-GCM doesn't require the length at the beginning and will need to
1005 * and Payload Protected A-MSDUs) and thus bit 7 of the QoS control field
1009 * (A-MSDU present) and bit 8 (A-MSDU type) are always masked.
1011 * @param wh 802.11 frame to calculate the AAD over
1015 * bytes, which are the AAD payload length in big-endian).
1036 aad[2] = wh->i_fc[0] & 0x8f; /* see above for bitfields */ in ieee80211_crypto_init_aad()
1037 aad[3] = wh->i_fc[1] & 0xc7; /* see above for bitfields */ in ieee80211_crypto_init_aad()
1038 /* mask aad[3] b7 if frame is data frame w/ QoS control field */ in ieee80211_crypto_init_aad()
1043 memcpy(aad + 4, wh->i_addr1, 3 * IEEE80211_ADDR_LEN); in ieee80211_crypto_init_aad()
1044 aad[22] = wh->i_seq[0] & IEEE80211_SEQ_FRAG_MASK; in ieee80211_crypto_init_aad()
1047 * Construct variable-length portion of AAD based in ieee80211_crypto_init_aad()
1048 * on whether this is a 4-address frame/QOS frame. in ieee80211_crypto_init_aad()
1049 * We always zero-pad to 32 bytes before running it in ieee80211_crypto_init_aad()
1054 ((const struct ieee80211_frame_addr4 *)wh)->i_addr4); in ieee80211_crypto_init_aad()
1058 /* TODO: SPP A-MSDU / A-MSDU present bit */ in ieee80211_crypto_init_aad()
1059 aad[30] = qwh4->i_qos[0] & 0x0f;/* just priority bits */ in ieee80211_crypto_init_aad()
1070 /* TODO: SPP A-MSDU / A-MSDU present bit */ in ieee80211_crypto_init_aad()
1071 aad[24] = qwh->i_qos[0] & 0x0f; /* just priority bits */ in ieee80211_crypto_init_aad()