xref: /freebsd/sys/dev/ath/if_ath_keycache.c (revision 40a8ac8f62b535d30349faf28cf47106b7041b83)
1 /*-
2  * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer,
10  *    without modification.
11  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
12  *    similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
13  *    redistribution must be conditioned upon including a substantially
14  *    similar Disclaimer requirement for further binary redistribution.
15  *
16  * NO WARRANTY
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19  * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
20  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21  * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
22  * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
27  * THE POSSIBILITY OF SUCH DAMAGES.
28  */
29 
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
32 
33 /*
34  * Driver for the Atheros Wireless LAN controller.
35  *
36  * This software is derived from work of Atsushi Onoe; his contribution
37  * is greatly appreciated.
38  */
39 
40 #include "opt_inet.h"
41 #include "opt_ath.h"
42 #include "opt_wlan.h"
43 
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/sysctl.h>
47 #include <sys/mbuf.h>
48 #include <sys/malloc.h>
49 #include <sys/lock.h>
50 #include <sys/mutex.h>
51 #include <sys/kernel.h>
52 #include <sys/socket.h>
53 #include <sys/sockio.h>
54 #include <sys/errno.h>
55 #include <sys/callout.h>
56 #include <sys/bus.h>
57 #include <sys/endian.h>
58 #include <sys/kthread.h>
59 #include <sys/taskqueue.h>
60 #include <sys/priv.h>
61 
62 #include <machine/bus.h>
63 
64 #include <net/if.h>
65 #include <net/if_var.h>
66 #include <net/if_dl.h>
67 #include <net/if_media.h>
68 #include <net/if_types.h>
69 #include <net/if_arp.h>
70 #include <net/ethernet.h>
71 #include <net/if_llc.h>
72 
73 #include <net80211/ieee80211_var.h>
74 
75 #include <net/bpf.h>
76 
77 #include <dev/ath/if_athvar.h>
78 
79 #include <dev/ath/if_ath_debug.h>
80 #include <dev/ath/if_ath_keycache.h>
81 #include <dev/ath/if_ath_misc.h>
82 
83 #ifdef ATH_DEBUG
84 static void
85 ath_keyprint(struct ath_softc *sc, const char *tag, u_int ix,
86 	const HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
87 {
88 	static const char *ciphers[] = {
89 		"WEP",
90 		"AES-OCB",
91 		"AES-CCM",
92 		"CKIP",
93 		"TKIP",
94 		"CLR",
95 	};
96 	int i, n;
97 
98 	printf("%s: [%02u] %-7s ", tag, ix, ciphers[hk->kv_type]);
99 	for (i = 0, n = hk->kv_len; i < n; i++)
100 		printf("%02x", hk->kv_val[i]);
101 	printf(" mac %s", ether_sprintf(mac));
102 	if (hk->kv_type == HAL_CIPHER_TKIP) {
103 		printf(" %s ", sc->sc_splitmic ? "mic" : "rxmic");
104 		for (i = 0; i < sizeof(hk->kv_mic); i++)
105 			printf("%02x", hk->kv_mic[i]);
106 		if (!sc->sc_splitmic) {
107 			printf(" txmic ");
108 			for (i = 0; i < sizeof(hk->kv_txmic); i++)
109 				printf("%02x", hk->kv_txmic[i]);
110 		}
111 	}
112 	printf("\n");
113 }
114 #endif
115 
116 /*
117  * Set a TKIP key into the hardware.  This handles the
118  * potential distribution of key state to multiple key
119  * cache slots for TKIP.
120  */
121 static int
122 ath_keyset_tkip(struct ath_softc *sc, const struct ieee80211_key *k,
123 	HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
124 {
125 #define	IEEE80211_KEY_XR	(IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV)
126 	static const u_int8_t zerobssid[IEEE80211_ADDR_LEN];
127 	struct ath_hal *ah = sc->sc_ah;
128 
129 	KASSERT(k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP,
130 		("got a non-TKIP key, cipher %u", k->wk_cipher->ic_cipher));
131 	if ((k->wk_flags & IEEE80211_KEY_XR) == IEEE80211_KEY_XR) {
132 		if (sc->sc_splitmic) {
133 			/*
134 			 * TX key goes at first index, RX key at the rx index.
135 			 * The hal handles the MIC keys at index+64.
136 			 */
137 			memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_mic));
138 			KEYPRINTF(sc, k->wk_keyix, hk, zerobssid);
139 			if (!ath_hal_keyset(ah, k->wk_keyix, hk, zerobssid))
140 				return 0;
141 
142 			memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
143 			KEYPRINTF(sc, k->wk_keyix+32, hk, mac);
144 			/* XXX delete tx key on failure? */
145 			return ath_hal_keyset(ah, k->wk_keyix+32, hk, mac);
146 		} else {
147 			/*
148 			 * Room for both TX+RX MIC keys in one key cache
149 			 * slot, just set key at the first index; the hal
150 			 * will handle the rest.
151 			 */
152 			memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
153 			memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
154 			KEYPRINTF(sc, k->wk_keyix, hk, mac);
155 			return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
156 		}
157 	} else if (k->wk_flags & IEEE80211_KEY_XMIT) {
158 		if (sc->sc_splitmic) {
159 			/*
160 			 * NB: must pass MIC key in expected location when
161 			 * the keycache only holds one MIC key per entry.
162 			 */
163 			memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_txmic));
164 		} else
165 			memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
166 		KEYPRINTF(sc, k->wk_keyix, hk, mac);
167 		return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
168 	} else if (k->wk_flags & IEEE80211_KEY_RECV) {
169 		memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
170 		KEYPRINTF(sc, k->wk_keyix, hk, mac);
171 		return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
172 	}
173 	return 0;
174 #undef IEEE80211_KEY_XR
175 }
176 
177 /*
178  * Set a net80211 key into the hardware.  This handles the
179  * potential distribution of key state to multiple key
180  * cache slots for TKIP with hardware MIC support.
181  */
182 int
183 ath_keyset(struct ath_softc *sc, struct ieee80211vap *vap,
184 	const struct ieee80211_key *k,
185 	struct ieee80211_node *bss)
186 {
187 #define	N(a)	(sizeof(a)/sizeof(a[0]))
188 	static const u_int8_t ciphermap[] = {
189 		HAL_CIPHER_WEP,		/* IEEE80211_CIPHER_WEP */
190 		HAL_CIPHER_TKIP,	/* IEEE80211_CIPHER_TKIP */
191 		HAL_CIPHER_AES_OCB,	/* IEEE80211_CIPHER_AES_OCB */
192 		HAL_CIPHER_AES_CCM,	/* IEEE80211_CIPHER_AES_CCM */
193 		(u_int8_t) -1,		/* 4 is not allocated */
194 		HAL_CIPHER_CKIP,	/* IEEE80211_CIPHER_CKIP */
195 		HAL_CIPHER_CLR,		/* IEEE80211_CIPHER_NONE */
196 	};
197 	struct ath_hal *ah = sc->sc_ah;
198 	const struct ieee80211_cipher *cip = k->wk_cipher;
199 	u_int8_t gmac[IEEE80211_ADDR_LEN];
200 	const u_int8_t *mac;
201 	HAL_KEYVAL hk;
202 	int ret;
203 
204 	memset(&hk, 0, sizeof(hk));
205 	/*
206 	 * Software crypto uses a "clear key" so non-crypto
207 	 * state kept in the key cache are maintained and
208 	 * so that rx frames have an entry to match.
209 	 */
210 	if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) {
211 		KASSERT(cip->ic_cipher < N(ciphermap),
212 			("invalid cipher type %u", cip->ic_cipher));
213 		hk.kv_type = ciphermap[cip->ic_cipher];
214 		hk.kv_len = k->wk_keylen;
215 		memcpy(hk.kv_val, k->wk_key, k->wk_keylen);
216 	} else
217 		hk.kv_type = HAL_CIPHER_CLR;
218 
219 	/*
220 	 * If we're installing a clear cipher key and
221 	 * the hardware doesn't support that, just succeed.
222 	 * Leave it up to the net80211 layer to figure it out.
223 	 */
224 	if (hk.kv_type == HAL_CIPHER_CLR && sc->sc_hasclrkey == 0) {
225 		return (1);
226 	}
227 
228 	/*
229 	 * XXX TODO: check this:
230 	 *
231 	 * Group keys on hardware that supports multicast frame
232 	 * key search should only be done in adhoc/hostap mode,
233 	 * not STA mode.
234 	 *
235 	 * XXX TODO: what about mesh, tdma?
236 	 */
237 #if 0
238 	if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
239 	     vap->iv_opmode == IEEE80211_M_IBSS) &&
240 #else
241 	if (
242 #endif
243 	    (k->wk_flags & IEEE80211_KEY_GROUP) &&
244 	    sc->sc_mcastkey) {
245 		/*
246 		 * Group keys on hardware that supports multicast frame
247 		 * key search use a MAC that is the sender's address with
248 		 * the multicast bit set instead of the app-specified address.
249 		 */
250 		IEEE80211_ADDR_COPY(gmac, bss->ni_macaddr);
251 		gmac[0] |= 0x01;
252 		mac = gmac;
253 	} else
254 		mac = k->wk_macaddr;
255 
256 	ATH_LOCK(sc);
257 	ath_power_set_power_state(sc, HAL_PM_AWAKE);
258 	if (hk.kv_type == HAL_CIPHER_TKIP &&
259 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
260 		ret = ath_keyset_tkip(sc, k, &hk, mac);
261 	} else {
262 		KEYPRINTF(sc, k->wk_keyix, &hk, mac);
263 		ret = ath_hal_keyset(ah, k->wk_keyix, &hk, mac);
264 	}
265 	ath_power_restore_power_state(sc);
266 	ATH_UNLOCK(sc);
267 
268 	return (ret);
269 #undef N
270 }
271 
272 /*
273  * Allocate tx/rx key slots for TKIP.  We allocate two slots for
274  * each key, one for decrypt/encrypt and the other for the MIC.
275  */
276 static u_int16_t
277 key_alloc_2pair(struct ath_softc *sc,
278 	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
279 {
280 #define	N(a)	(sizeof(a)/sizeof(a[0]))
281 	u_int i, keyix;
282 
283 	KASSERT(sc->sc_splitmic, ("key cache !split"));
284 	/* XXX could optimize */
285 	for (i = 0; i < N(sc->sc_keymap)/4; i++) {
286 		u_int8_t b = sc->sc_keymap[i];
287 		if (b != 0xff) {
288 			/*
289 			 * One or more slots in this byte are free.
290 			 */
291 			keyix = i*NBBY;
292 			while (b & 1) {
293 		again:
294 				keyix++;
295 				b >>= 1;
296 			}
297 			/* XXX IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV */
298 			if (isset(sc->sc_keymap, keyix+32) ||
299 			    isset(sc->sc_keymap, keyix+64) ||
300 			    isset(sc->sc_keymap, keyix+32+64)) {
301 				/* full pair unavailable */
302 				/* XXX statistic */
303 				if (keyix == (i+1)*NBBY) {
304 					/* no slots were appropriate, advance */
305 					continue;
306 				}
307 				goto again;
308 			}
309 			setbit(sc->sc_keymap, keyix);
310 			setbit(sc->sc_keymap, keyix+64);
311 			setbit(sc->sc_keymap, keyix+32);
312 			setbit(sc->sc_keymap, keyix+32+64);
313 			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
314 				"%s: key pair %u,%u %u,%u\n",
315 				__func__, keyix, keyix+64,
316 				keyix+32, keyix+32+64);
317 			*txkeyix = keyix;
318 			*rxkeyix = keyix+32;
319 			return 1;
320 		}
321 	}
322 	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
323 	return 0;
324 #undef N
325 }
326 
327 /*
328  * Allocate tx/rx key slots for TKIP.  We allocate two slots for
329  * each key, one for decrypt/encrypt and the other for the MIC.
330  */
331 static u_int16_t
332 key_alloc_pair(struct ath_softc *sc,
333 	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
334 {
335 #define	N(a)	(sizeof(a)/sizeof(a[0]))
336 	u_int i, keyix;
337 
338 	KASSERT(!sc->sc_splitmic, ("key cache split"));
339 	/* XXX could optimize */
340 	for (i = 0; i < N(sc->sc_keymap)/4; i++) {
341 		u_int8_t b = sc->sc_keymap[i];
342 		if (b != 0xff) {
343 			/*
344 			 * One or more slots in this byte are free.
345 			 */
346 			keyix = i*NBBY;
347 			while (b & 1) {
348 		again:
349 				keyix++;
350 				b >>= 1;
351 			}
352 			if (isset(sc->sc_keymap, keyix+64)) {
353 				/* full pair unavailable */
354 				/* XXX statistic */
355 				if (keyix == (i+1)*NBBY) {
356 					/* no slots were appropriate, advance */
357 					continue;
358 				}
359 				goto again;
360 			}
361 			setbit(sc->sc_keymap, keyix);
362 			setbit(sc->sc_keymap, keyix+64);
363 			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
364 				"%s: key pair %u,%u\n",
365 				__func__, keyix, keyix+64);
366 			*txkeyix = *rxkeyix = keyix;
367 			return 1;
368 		}
369 	}
370 	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
371 	return 0;
372 #undef N
373 }
374 
375 /*
376  * Allocate a single key cache slot.
377  */
378 static int
379 key_alloc_single(struct ath_softc *sc,
380 	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
381 {
382 #define	N(a)	(sizeof(a)/sizeof(a[0]))
383 	u_int i, keyix;
384 
385 	if (sc->sc_hasclrkey == 0) {
386 		/*
387 		 * Map to slot 0 for the AR5210.
388 		 */
389 		*txkeyix = *rxkeyix = 0;
390 		return (1);
391 	}
392 
393 	/* XXX try i,i+32,i+64,i+32+64 to minimize key pair conflicts */
394 	for (i = 0; i < N(sc->sc_keymap); i++) {
395 		u_int8_t b = sc->sc_keymap[i];
396 		if (b != 0xff) {
397 			/*
398 			 * One or more slots are free.
399 			 */
400 			keyix = i*NBBY;
401 			while (b & 1)
402 				keyix++, b >>= 1;
403 			setbit(sc->sc_keymap, keyix);
404 			DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: key %u\n",
405 				__func__, keyix);
406 			*txkeyix = *rxkeyix = keyix;
407 			return 1;
408 		}
409 	}
410 	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of space\n", __func__);
411 	return 0;
412 #undef N
413 }
414 
415 /*
416  * Allocate one or more key cache slots for a uniacst key.  The
417  * key itself is needed only to identify the cipher.  For hardware
418  * TKIP with split cipher+MIC keys we allocate two key cache slot
419  * pairs so that we can setup separate TX and RX MIC keys.  Note
420  * that the MIC key for a TKIP key at slot i is assumed by the
421  * hardware to be at slot i+64.  This limits TKIP keys to the first
422  * 64 entries.
423  */
424 int
425 ath_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k,
426 	ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
427 {
428 	struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
429 
430 	/*
431 	 * Group key allocation must be handled specially for
432 	 * parts that do not support multicast key cache search
433 	 * functionality.  For those parts the key id must match
434 	 * the h/w key index so lookups find the right key.  On
435 	 * parts w/ the key search facility we install the sender's
436 	 * mac address (with the high bit set) and let the hardware
437 	 * find the key w/o using the key id.  This is preferred as
438 	 * it permits us to support multiple users for adhoc and/or
439 	 * multi-station operation.
440 	 */
441 	if (k->wk_keyix != IEEE80211_KEYIX_NONE) {
442 		/*
443 		 * Only global keys should have key index assigned.
444 		 */
445 		if (!(&vap->iv_nw_keys[0] <= k &&
446 		      k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) {
447 			/* should not happen */
448 			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
449 				"%s: bogus group key\n", __func__);
450 			return 0;
451 		}
452 		if (vap->iv_opmode != IEEE80211_M_HOSTAP ||
453 		    !(k->wk_flags & IEEE80211_KEY_GROUP) ||
454 		    !sc->sc_mcastkey) {
455 			/*
456 			 * XXX we pre-allocate the global keys so
457 			 * have no way to check if they've already
458 			 * been allocated.
459 			 */
460 			*keyix = *rxkeyix = k - vap->iv_nw_keys;
461 			return 1;
462 		}
463 		/*
464 		 * Group key and device supports multicast key search.
465 		 */
466 		k->wk_keyix = IEEE80211_KEYIX_NONE;
467 	}
468 
469 	/*
470 	 * We allocate two pair for TKIP when using the h/w to do
471 	 * the MIC.  For everything else, including software crypto,
472 	 * we allocate a single entry.  Note that s/w crypto requires
473 	 * a pass-through slot on the 5211 and 5212.  The 5210 does
474 	 * not support pass-through cache entries and we map all
475 	 * those requests to slot 0.
476 	 */
477 	if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
478 		return key_alloc_single(sc, keyix, rxkeyix);
479 	} else if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP &&
480 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
481 		if (sc->sc_splitmic)
482 			return key_alloc_2pair(sc, keyix, rxkeyix);
483 		else
484 			return key_alloc_pair(sc, keyix, rxkeyix);
485 	} else {
486 		return key_alloc_single(sc, keyix, rxkeyix);
487 	}
488 }
489 
490 /*
491  * Delete an entry in the key cache allocated by ath_key_alloc.
492  */
493 int
494 ath_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
495 {
496 	struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
497 	struct ath_hal *ah = sc->sc_ah;
498 	const struct ieee80211_cipher *cip = k->wk_cipher;
499 	u_int keyix = k->wk_keyix;
500 
501 	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: delete key %u\n", __func__, keyix);
502 
503 	ATH_LOCK(sc);
504 	ath_power_set_power_state(sc, HAL_PM_AWAKE);
505 	ath_hal_keyreset(ah, keyix);
506 	/*
507 	 * Handle split tx/rx keying required for TKIP with h/w MIC.
508 	 */
509 	if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
510 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && sc->sc_splitmic)
511 		ath_hal_keyreset(ah, keyix+32);		/* RX key */
512 	if (keyix >= IEEE80211_WEP_NKID) {
513 		/*
514 		 * Don't touch keymap entries for global keys so
515 		 * they are never considered for dynamic allocation.
516 		 */
517 		clrbit(sc->sc_keymap, keyix);
518 		if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
519 		    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
520 			clrbit(sc->sc_keymap, keyix+64);	/* TX key MIC */
521 			if (sc->sc_splitmic) {
522 				/* +32 for RX key, +32+64 for RX key MIC */
523 				clrbit(sc->sc_keymap, keyix+32);
524 				clrbit(sc->sc_keymap, keyix+32+64);
525 			}
526 		}
527 	}
528 	ath_power_restore_power_state(sc);
529 	ATH_UNLOCK(sc);
530 	return 1;
531 }
532 
533 /*
534  * Set the key cache contents for the specified key.  Key cache
535  * slot(s) must already have been allocated by ath_key_alloc.
536  */
537 int
538 ath_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k,
539 	const u_int8_t mac[IEEE80211_ADDR_LEN])
540 {
541 	struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
542 
543 	return ath_keyset(sc, vap, k, vap->iv_bss);
544 }
545