1 /* 2 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting 3 * Copyright (c) 2002-2008 Atheros Communications, Inc. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * 17 * $FreeBSD$ 18 */ 19 #include "opt_ah.h" 20 21 #include "ah.h" 22 #include "ah_internal.h" 23 24 #include "ar5212/ar5212.h" 25 #include "ar5212/ar5212reg.h" 26 #include "ar5212/ar5212desc.h" 27 28 /* 29 * Note: The key cache hardware requires that each double-word 30 * pair be written in even/odd order (since the destination is 31 * a 64-bit register). Don't reorder the writes in this code 32 * w/o considering this! 33 */ 34 #define KEY_XOR 0xaa 35 36 #define IS_MIC_ENABLED(ah) \ 37 (AH5212(ah)->ah_staId1Defaults & AR_STA_ID1_CRPT_MIC_ENABLE) 38 39 /* 40 * Return the size of the hardware key cache. 41 */ 42 uint32_t 43 ar5212GetKeyCacheSize(struct ath_hal *ah) 44 { 45 return AH_PRIVATE(ah)->ah_caps.halKeyCacheSize; 46 } 47 48 /* 49 * Return true if the specific key cache entry is valid. 50 */ 51 HAL_BOOL 52 ar5212IsKeyCacheEntryValid(struct ath_hal *ah, uint16_t entry) 53 { 54 if (entry < AH_PRIVATE(ah)->ah_caps.halKeyCacheSize) { 55 uint32_t val = OS_REG_READ(ah, AR_KEYTABLE_MAC1(entry)); 56 if (val & AR_KEYTABLE_VALID) 57 return AH_TRUE; 58 } 59 return AH_FALSE; 60 } 61 62 /* 63 * Clear the specified key cache entry and any associated MIC entry. 64 */ 65 HAL_BOOL 66 ar5212ResetKeyCacheEntry(struct ath_hal *ah, uint16_t entry) 67 { 68 uint32_t keyType; 69 70 if (entry >= AH_PRIVATE(ah)->ah_caps.halKeyCacheSize) { 71 HALDEBUG(ah, HAL_DEBUG_ANY, "%s: entry %u out of range\n", 72 __func__, entry); 73 return AH_FALSE; 74 } 75 keyType = OS_REG_READ(ah, AR_KEYTABLE_TYPE(entry)); 76 77 /* XXX why not clear key type/valid bit first? */ 78 OS_REG_WRITE(ah, AR_KEYTABLE_KEY0(entry), 0); 79 OS_REG_WRITE(ah, AR_KEYTABLE_KEY1(entry), 0); 80 OS_REG_WRITE(ah, AR_KEYTABLE_KEY2(entry), 0); 81 OS_REG_WRITE(ah, AR_KEYTABLE_KEY3(entry), 0); 82 OS_REG_WRITE(ah, AR_KEYTABLE_KEY4(entry), 0); 83 OS_REG_WRITE(ah, AR_KEYTABLE_TYPE(entry), AR_KEYTABLE_TYPE_CLR); 84 OS_REG_WRITE(ah, AR_KEYTABLE_MAC0(entry), 0); 85 OS_REG_WRITE(ah, AR_KEYTABLE_MAC1(entry), 0); 86 if (keyType == AR_KEYTABLE_TYPE_TKIP && IS_MIC_ENABLED(ah)) { 87 uint16_t micentry = entry+64; /* MIC goes at slot+64 */ 88 89 HALASSERT(micentry < AH_PRIVATE(ah)->ah_caps.halKeyCacheSize); 90 OS_REG_WRITE(ah, AR_KEYTABLE_KEY0(micentry), 0); 91 OS_REG_WRITE(ah, AR_KEYTABLE_KEY1(micentry), 0); 92 OS_REG_WRITE(ah, AR_KEYTABLE_KEY2(micentry), 0); 93 OS_REG_WRITE(ah, AR_KEYTABLE_KEY3(micentry), 0); 94 /* NB: key type and MAC are known to be ok */ 95 } 96 return AH_TRUE; 97 } 98 99 /* 100 * Sets the mac part of the specified key cache entry (and any 101 * associated MIC entry) and mark them valid. 102 */ 103 HAL_BOOL 104 ar5212SetKeyCacheEntryMac(struct ath_hal *ah, uint16_t entry, const uint8_t *mac) 105 { 106 uint32_t macHi, macLo; 107 108 if (entry >= AH_PRIVATE(ah)->ah_caps.halKeyCacheSize) { 109 HALDEBUG(ah, HAL_DEBUG_ANY, "%s: entry %u out of range\n", 110 __func__, entry); 111 return AH_FALSE; 112 } 113 /* 114 * Set MAC address -- shifted right by 1. MacLo is 115 * the 4 MSBs, and MacHi is the 2 LSBs. 116 */ 117 if (mac != AH_NULL) { 118 macHi = (mac[5] << 8) | mac[4]; 119 macLo = (mac[3] << 24)| (mac[2] << 16) 120 | (mac[1] << 8) | mac[0]; 121 macLo >>= 1; 122 macLo |= (macHi & 1) << 31; /* carry */ 123 macHi >>= 1; 124 } else { 125 macLo = macHi = 0; 126 } 127 OS_REG_WRITE(ah, AR_KEYTABLE_MAC0(entry), macLo); 128 OS_REG_WRITE(ah, AR_KEYTABLE_MAC1(entry), macHi | AR_KEYTABLE_VALID); 129 return AH_TRUE; 130 } 131 132 /* 133 * Sets the contents of the specified key cache entry 134 * and any associated MIC entry. 135 */ 136 HAL_BOOL 137 ar5212SetKeyCacheEntry(struct ath_hal *ah, uint16_t entry, 138 const HAL_KEYVAL *k, const uint8_t *mac, 139 int xorKey) 140 { 141 struct ath_hal_5212 *ahp = AH5212(ah); 142 const HAL_CAPABILITIES *pCap = &AH_PRIVATE(ah)->ah_caps; 143 uint32_t key0, key1, key2, key3, key4; 144 uint32_t keyType; 145 uint32_t xorMask = xorKey ? 146 (KEY_XOR << 24 | KEY_XOR << 16 | KEY_XOR << 8 | KEY_XOR) : 0; 147 148 if (entry >= pCap->halKeyCacheSize) { 149 HALDEBUG(ah, HAL_DEBUG_ANY, "%s: entry %u out of range\n", 150 __func__, entry); 151 return AH_FALSE; 152 } 153 switch (k->kv_type) { 154 case HAL_CIPHER_AES_OCB: 155 keyType = AR_KEYTABLE_TYPE_AES; 156 break; 157 case HAL_CIPHER_AES_CCM: 158 if (!pCap->halCipherAesCcmSupport) { 159 HALDEBUG(ah, HAL_DEBUG_ANY, 160 "%s: AES-CCM not supported by mac rev 0x%x\n", 161 __func__, AH_PRIVATE(ah)->ah_macRev); 162 return AH_FALSE; 163 } 164 keyType = AR_KEYTABLE_TYPE_CCM; 165 break; 166 case HAL_CIPHER_TKIP: 167 keyType = AR_KEYTABLE_TYPE_TKIP; 168 if (IS_MIC_ENABLED(ah) && entry+64 >= pCap->halKeyCacheSize) { 169 HALDEBUG(ah, HAL_DEBUG_ANY, 170 "%s: entry %u inappropriate for TKIP\n", 171 __func__, entry); 172 return AH_FALSE; 173 } 174 break; 175 case HAL_CIPHER_WEP: 176 if (k->kv_len < 40 / NBBY) { 177 HALDEBUG(ah, HAL_DEBUG_ANY, 178 "%s: WEP key length %u too small\n", 179 __func__, k->kv_len); 180 return AH_FALSE; 181 } 182 if (k->kv_len <= 40 / NBBY) 183 keyType = AR_KEYTABLE_TYPE_40; 184 else if (k->kv_len <= 104 / NBBY) 185 keyType = AR_KEYTABLE_TYPE_104; 186 else 187 keyType = AR_KEYTABLE_TYPE_128; 188 break; 189 case HAL_CIPHER_CLR: 190 keyType = AR_KEYTABLE_TYPE_CLR; 191 break; 192 default: 193 HALDEBUG(ah, HAL_DEBUG_ANY, "%s: cipher %u not supported\n", 194 __func__, k->kv_type); 195 return AH_FALSE; 196 } 197 198 key0 = LE_READ_4(k->kv_val+0) ^ xorMask; 199 key1 = (LE_READ_2(k->kv_val+4) ^ xorMask) & 0xffff; 200 key2 = LE_READ_4(k->kv_val+6) ^ xorMask; 201 key3 = (LE_READ_2(k->kv_val+10) ^ xorMask) & 0xffff; 202 key4 = LE_READ_4(k->kv_val+12) ^ xorMask; 203 if (k->kv_len <= 104 / NBBY) 204 key4 &= 0xff; 205 206 /* 207 * Note: key cache hardware requires that each double-word 208 * pair be written in even/odd order (since the destination is 209 * a 64-bit register). Don't reorder these writes w/o 210 * considering this! 211 */ 212 if (keyType == AR_KEYTABLE_TYPE_TKIP && IS_MIC_ENABLED(ah)) { 213 uint16_t micentry = entry+64; /* MIC goes at slot+64 */ 214 uint32_t mic0, mic1, mic2, mic3, mic4; 215 216 /* 217 * Invalidate the encrypt/decrypt key until the MIC 218 * key is installed so pending rx frames will fail 219 * with decrypt errors rather than a MIC error. 220 */ 221 OS_REG_WRITE(ah, AR_KEYTABLE_KEY0(entry), ~key0); 222 OS_REG_WRITE(ah, AR_KEYTABLE_KEY1(entry), ~key1); 223 OS_REG_WRITE(ah, AR_KEYTABLE_KEY2(entry), key2); 224 OS_REG_WRITE(ah, AR_KEYTABLE_KEY3(entry), key3); 225 OS_REG_WRITE(ah, AR_KEYTABLE_KEY4(entry), key4); 226 OS_REG_WRITE(ah, AR_KEYTABLE_TYPE(entry), keyType); 227 (void) ar5212SetKeyCacheEntryMac(ah, entry, mac); 228 229 230 /* 231 * Write MIC entry according to new or old key layout. 232 * The MISC_MODE register is assumed already set so 233 * these writes will be handled properly (happens on 234 * attach and at every reset). 235 */ 236 /* RX mic */ 237 mic0 = LE_READ_4(k->kv_mic+0); 238 mic2 = LE_READ_4(k->kv_mic+4); 239 if (ahp->ah_miscMode & AR_MISC_MODE_MIC_NEW_LOC_ENABLE) { 240 /* 241 * Both RX and TX mic values can be combined into 242 * one cache slot entry: 243 * 8*N + 800 31:0 RX Michael key 0 244 * 8*N + 804 15:0 TX Michael key 0 [31:16] 245 * 8*N + 808 31:0 RX Michael key 1 246 * 8*N + 80C 15:0 TX Michael key 0 [15:0] 247 * 8*N + 810 31:0 TX Michael key 1 248 * 8*N + 814 15:0 reserved 249 * 8*N + 818 31:0 reserved 250 * 8*N + 81C 14:0 reserved 251 * 15 key valid == 0 252 */ 253 /* TX mic */ 254 mic1 = LE_READ_2(k->kv_txmic+2) & 0xffff; 255 mic3 = LE_READ_2(k->kv_txmic+0) & 0xffff; 256 mic4 = LE_READ_4(k->kv_txmic+4); 257 } else { 258 mic1 = mic3 = mic4 = 0; 259 } 260 OS_REG_WRITE(ah, AR_KEYTABLE_KEY0(micentry), mic0); 261 OS_REG_WRITE(ah, AR_KEYTABLE_KEY1(micentry), mic1); 262 OS_REG_WRITE(ah, AR_KEYTABLE_KEY2(micentry), mic2); 263 OS_REG_WRITE(ah, AR_KEYTABLE_KEY3(micentry), mic3); 264 OS_REG_WRITE(ah, AR_KEYTABLE_KEY4(micentry), mic4); 265 OS_REG_WRITE(ah, AR_KEYTABLE_TYPE(micentry), 266 AR_KEYTABLE_TYPE_CLR); 267 /* NB: MIC key is not marked valid and has no MAC address */ 268 OS_REG_WRITE(ah, AR_KEYTABLE_MAC0(micentry), 0); 269 OS_REG_WRITE(ah, AR_KEYTABLE_MAC1(micentry), 0); 270 271 /* correct intentionally corrupted key */ 272 OS_REG_WRITE(ah, AR_KEYTABLE_KEY0(entry), key0); 273 OS_REG_WRITE(ah, AR_KEYTABLE_KEY1(entry), key1); 274 } else { 275 OS_REG_WRITE(ah, AR_KEYTABLE_KEY0(entry), key0); 276 OS_REG_WRITE(ah, AR_KEYTABLE_KEY1(entry), key1); 277 OS_REG_WRITE(ah, AR_KEYTABLE_KEY2(entry), key2); 278 OS_REG_WRITE(ah, AR_KEYTABLE_KEY3(entry), key3); 279 OS_REG_WRITE(ah, AR_KEYTABLE_KEY4(entry), key4); 280 OS_REG_WRITE(ah, AR_KEYTABLE_TYPE(entry), keyType); 281 282 (void) ar5212SetKeyCacheEntryMac(ah, entry, mac); 283 } 284 return AH_TRUE; 285 } 286