xref: /freebsd/sys/dev/ath/if_ath_keycache.c (revision 7750ad47a9a7dbc83f87158464170c8640723293)
1 /*-
2  * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer,
10  *    without modification.
11  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
12  *    similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
13  *    redistribution must be conditioned upon including a substantially
14  *    similar Disclaimer requirement for further binary redistribution.
15  *
16  * NO WARRANTY
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19  * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
20  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21  * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
22  * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
27  * THE POSSIBILITY OF SUCH DAMAGES.
28  */
29 
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
32 
33 /*
34  * Driver for the Atheros Wireless LAN controller.
35  *
36  * This software is derived from work of Atsushi Onoe; his contribution
37  * is greatly appreciated.
38  */
39 
40 #include "opt_inet.h"
41 #include "opt_ath.h"
42 #include "opt_wlan.h"
43 
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/sysctl.h>
47 #include <sys/mbuf.h>
48 #include <sys/malloc.h>
49 #include <sys/lock.h>
50 #include <sys/mutex.h>
51 #include <sys/kernel.h>
52 #include <sys/socket.h>
53 #include <sys/sockio.h>
54 #include <sys/errno.h>
55 #include <sys/callout.h>
56 #include <sys/bus.h>
57 #include <sys/endian.h>
58 #include <sys/kthread.h>
59 #include <sys/taskqueue.h>
60 #include <sys/priv.h>
61 
62 #include <machine/bus.h>
63 
64 #include <net/if.h>
65 #include <net/if_dl.h>
66 #include <net/if_media.h>
67 #include <net/if_types.h>
68 #include <net/if_arp.h>
69 #include <net/ethernet.h>
70 #include <net/if_llc.h>
71 
72 #include <net80211/ieee80211_var.h>
73 
74 #include <net/bpf.h>
75 
76 #include <dev/ath/if_athvar.h>
77 
78 #include <dev/ath/if_ath_debug.h>
79 #include <dev/ath/if_ath_keycache.h>
80 
81 #ifdef ATH_DEBUG
82 static void
83 ath_keyprint(struct ath_softc *sc, const char *tag, u_int ix,
84 	const HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
85 {
86 	static const char *ciphers[] = {
87 		"WEP",
88 		"AES-OCB",
89 		"AES-CCM",
90 		"CKIP",
91 		"TKIP",
92 		"CLR",
93 	};
94 	int i, n;
95 
96 	printf("%s: [%02u] %-7s ", tag, ix, ciphers[hk->kv_type]);
97 	for (i = 0, n = hk->kv_len; i < n; i++)
98 		printf("%02x", hk->kv_val[i]);
99 	printf(" mac %s", ether_sprintf(mac));
100 	if (hk->kv_type == HAL_CIPHER_TKIP) {
101 		printf(" %s ", sc->sc_splitmic ? "mic" : "rxmic");
102 		for (i = 0; i < sizeof(hk->kv_mic); i++)
103 			printf("%02x", hk->kv_mic[i]);
104 		if (!sc->sc_splitmic) {
105 			printf(" txmic ");
106 			for (i = 0; i < sizeof(hk->kv_txmic); i++)
107 				printf("%02x", hk->kv_txmic[i]);
108 		}
109 	}
110 	printf("\n");
111 }
112 #endif
113 
114 /*
115  * Set a TKIP key into the hardware.  This handles the
116  * potential distribution of key state to multiple key
117  * cache slots for TKIP.
118  */
119 static int
120 ath_keyset_tkip(struct ath_softc *sc, const struct ieee80211_key *k,
121 	HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
122 {
123 #define	IEEE80211_KEY_XR	(IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV)
124 	static const u_int8_t zerobssid[IEEE80211_ADDR_LEN];
125 	struct ath_hal *ah = sc->sc_ah;
126 
127 	KASSERT(k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP,
128 		("got a non-TKIP key, cipher %u", k->wk_cipher->ic_cipher));
129 	if ((k->wk_flags & IEEE80211_KEY_XR) == IEEE80211_KEY_XR) {
130 		if (sc->sc_splitmic) {
131 			/*
132 			 * TX key goes at first index, RX key at the rx index.
133 			 * The hal handles the MIC keys at index+64.
134 			 */
135 			memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_mic));
136 			KEYPRINTF(sc, k->wk_keyix, hk, zerobssid);
137 			if (!ath_hal_keyset(ah, k->wk_keyix, hk, zerobssid))
138 				return 0;
139 
140 			memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
141 			KEYPRINTF(sc, k->wk_keyix+32, hk, mac);
142 			/* XXX delete tx key on failure? */
143 			return ath_hal_keyset(ah, k->wk_keyix+32, hk, mac);
144 		} else {
145 			/*
146 			 * Room for both TX+RX MIC keys in one key cache
147 			 * slot, just set key at the first index; the hal
148 			 * will handle the rest.
149 			 */
150 			memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
151 			memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
152 			KEYPRINTF(sc, k->wk_keyix, hk, mac);
153 			return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
154 		}
155 	} else if (k->wk_flags & IEEE80211_KEY_XMIT) {
156 		if (sc->sc_splitmic) {
157 			/*
158 			 * NB: must pass MIC key in expected location when
159 			 * the keycache only holds one MIC key per entry.
160 			 */
161 			memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_txmic));
162 		} else
163 			memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
164 		KEYPRINTF(sc, k->wk_keyix, hk, mac);
165 		return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
166 	} else if (k->wk_flags & IEEE80211_KEY_RECV) {
167 		memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
168 		KEYPRINTF(sc, k->wk_keyix, hk, mac);
169 		return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
170 	}
171 	return 0;
172 #undef IEEE80211_KEY_XR
173 }
174 
175 /*
176  * Set a net80211 key into the hardware.  This handles the
177  * potential distribution of key state to multiple key
178  * cache slots for TKIP with hardware MIC support.
179  */
180 int
181 ath_keyset(struct ath_softc *sc, struct ieee80211vap *vap,
182 	const struct ieee80211_key *k,
183 	struct ieee80211_node *bss)
184 {
185 #define	N(a)	(sizeof(a)/sizeof(a[0]))
186 	static const u_int8_t ciphermap[] = {
187 		HAL_CIPHER_WEP,		/* IEEE80211_CIPHER_WEP */
188 		HAL_CIPHER_TKIP,	/* IEEE80211_CIPHER_TKIP */
189 		HAL_CIPHER_AES_OCB,	/* IEEE80211_CIPHER_AES_OCB */
190 		HAL_CIPHER_AES_CCM,	/* IEEE80211_CIPHER_AES_CCM */
191 		(u_int8_t) -1,		/* 4 is not allocated */
192 		HAL_CIPHER_CKIP,	/* IEEE80211_CIPHER_CKIP */
193 		HAL_CIPHER_CLR,		/* IEEE80211_CIPHER_NONE */
194 	};
195 	struct ath_hal *ah = sc->sc_ah;
196 	const struct ieee80211_cipher *cip = k->wk_cipher;
197 	u_int8_t gmac[IEEE80211_ADDR_LEN];
198 	const u_int8_t *mac;
199 	HAL_KEYVAL hk;
200 
201 	memset(&hk, 0, sizeof(hk));
202 	/*
203 	 * Software crypto uses a "clear key" so non-crypto
204 	 * state kept in the key cache are maintained and
205 	 * so that rx frames have an entry to match.
206 	 */
207 	if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) {
208 		KASSERT(cip->ic_cipher < N(ciphermap),
209 			("invalid cipher type %u", cip->ic_cipher));
210 		hk.kv_type = ciphermap[cip->ic_cipher];
211 		hk.kv_len = k->wk_keylen;
212 		memcpy(hk.kv_val, k->wk_key, k->wk_keylen);
213 	} else
214 		hk.kv_type = HAL_CIPHER_CLR;
215 
216 	/*
217 	 * XXX TODO: check this:
218 	 *
219 	 * Group keys on hardware that supports multicast frame
220 	 * key search should only be done in adhoc/hostap mode,
221 	 * not STA mode.
222 	 *
223 	 * XXX TODO: what about mesh, tdma?
224 	 */
225 #if 0
226 	if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
227 	     vap->iv_opmode == IEEE80211_M_IBSS) &&
228 #else
229 	if (
230 #endif
231 	    (k->wk_flags & IEEE80211_KEY_GROUP) &&
232 	    sc->sc_mcastkey) {
233 		/*
234 		 * Group keys on hardware that supports multicast frame
235 		 * key search use a MAC that is the sender's address with
236 		 * the multicast bit set instead of the app-specified address.
237 		 */
238 		IEEE80211_ADDR_COPY(gmac, bss->ni_macaddr);
239 		gmac[0] |= 0x01;
240 		mac = gmac;
241 	} else
242 		mac = k->wk_macaddr;
243 
244 	if (hk.kv_type == HAL_CIPHER_TKIP &&
245 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
246 		return ath_keyset_tkip(sc, k, &hk, mac);
247 	} else {
248 		KEYPRINTF(sc, k->wk_keyix, &hk, mac);
249 		return ath_hal_keyset(ah, k->wk_keyix, &hk, mac);
250 	}
251 #undef N
252 }
253 
254 /*
255  * Allocate tx/rx key slots for TKIP.  We allocate two slots for
256  * each key, one for decrypt/encrypt and the other for the MIC.
257  */
258 static u_int16_t
259 key_alloc_2pair(struct ath_softc *sc,
260 	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
261 {
262 #define	N(a)	(sizeof(a)/sizeof(a[0]))
263 	u_int i, keyix;
264 
265 	KASSERT(sc->sc_splitmic, ("key cache !split"));
266 	/* XXX could optimize */
267 	for (i = 0; i < N(sc->sc_keymap)/4; i++) {
268 		u_int8_t b = sc->sc_keymap[i];
269 		if (b != 0xff) {
270 			/*
271 			 * One or more slots in this byte are free.
272 			 */
273 			keyix = i*NBBY;
274 			while (b & 1) {
275 		again:
276 				keyix++;
277 				b >>= 1;
278 			}
279 			/* XXX IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV */
280 			if (isset(sc->sc_keymap, keyix+32) ||
281 			    isset(sc->sc_keymap, keyix+64) ||
282 			    isset(sc->sc_keymap, keyix+32+64)) {
283 				/* full pair unavailable */
284 				/* XXX statistic */
285 				if (keyix == (i+1)*NBBY) {
286 					/* no slots were appropriate, advance */
287 					continue;
288 				}
289 				goto again;
290 			}
291 			setbit(sc->sc_keymap, keyix);
292 			setbit(sc->sc_keymap, keyix+64);
293 			setbit(sc->sc_keymap, keyix+32);
294 			setbit(sc->sc_keymap, keyix+32+64);
295 			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
296 				"%s: key pair %u,%u %u,%u\n",
297 				__func__, keyix, keyix+64,
298 				keyix+32, keyix+32+64);
299 			*txkeyix = keyix;
300 			*rxkeyix = keyix+32;
301 			return 1;
302 		}
303 	}
304 	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
305 	return 0;
306 #undef N
307 }
308 
309 /*
310  * Allocate tx/rx key slots for TKIP.  We allocate two slots for
311  * each key, one for decrypt/encrypt and the other for the MIC.
312  */
313 static u_int16_t
314 key_alloc_pair(struct ath_softc *sc,
315 	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
316 {
317 #define	N(a)	(sizeof(a)/sizeof(a[0]))
318 	u_int i, keyix;
319 
320 	KASSERT(!sc->sc_splitmic, ("key cache split"));
321 	/* XXX could optimize */
322 	for (i = 0; i < N(sc->sc_keymap)/4; i++) {
323 		u_int8_t b = sc->sc_keymap[i];
324 		if (b != 0xff) {
325 			/*
326 			 * One or more slots in this byte are free.
327 			 */
328 			keyix = i*NBBY;
329 			while (b & 1) {
330 		again:
331 				keyix++;
332 				b >>= 1;
333 			}
334 			if (isset(sc->sc_keymap, keyix+64)) {
335 				/* full pair unavailable */
336 				/* XXX statistic */
337 				if (keyix == (i+1)*NBBY) {
338 					/* no slots were appropriate, advance */
339 					continue;
340 				}
341 				goto again;
342 			}
343 			setbit(sc->sc_keymap, keyix);
344 			setbit(sc->sc_keymap, keyix+64);
345 			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
346 				"%s: key pair %u,%u\n",
347 				__func__, keyix, keyix+64);
348 			*txkeyix = *rxkeyix = keyix;
349 			return 1;
350 		}
351 	}
352 	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
353 	return 0;
354 #undef N
355 }
356 
357 /*
358  * Allocate a single key cache slot.
359  */
360 static int
361 key_alloc_single(struct ath_softc *sc,
362 	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
363 {
364 #define	N(a)	(sizeof(a)/sizeof(a[0]))
365 	u_int i, keyix;
366 
367 	/* XXX try i,i+32,i+64,i+32+64 to minimize key pair conflicts */
368 	for (i = 0; i < N(sc->sc_keymap); i++) {
369 		u_int8_t b = sc->sc_keymap[i];
370 		if (b != 0xff) {
371 			/*
372 			 * One or more slots are free.
373 			 */
374 			keyix = i*NBBY;
375 			while (b & 1)
376 				keyix++, b >>= 1;
377 			setbit(sc->sc_keymap, keyix);
378 			DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: key %u\n",
379 				__func__, keyix);
380 			*txkeyix = *rxkeyix = keyix;
381 			return 1;
382 		}
383 	}
384 	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of space\n", __func__);
385 	return 0;
386 #undef N
387 }
388 
389 /*
390  * Allocate one or more key cache slots for a uniacst key.  The
391  * key itself is needed only to identify the cipher.  For hardware
392  * TKIP with split cipher+MIC keys we allocate two key cache slot
393  * pairs so that we can setup separate TX and RX MIC keys.  Note
394  * that the MIC key for a TKIP key at slot i is assumed by the
395  * hardware to be at slot i+64.  This limits TKIP keys to the first
396  * 64 entries.
397  */
398 int
399 ath_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k,
400 	ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
401 {
402 	struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
403 
404 	/*
405 	 * Group key allocation must be handled specially for
406 	 * parts that do not support multicast key cache search
407 	 * functionality.  For those parts the key id must match
408 	 * the h/w key index so lookups find the right key.  On
409 	 * parts w/ the key search facility we install the sender's
410 	 * mac address (with the high bit set) and let the hardware
411 	 * find the key w/o using the key id.  This is preferred as
412 	 * it permits us to support multiple users for adhoc and/or
413 	 * multi-station operation.
414 	 */
415 	if (k->wk_keyix != IEEE80211_KEYIX_NONE) {
416 		/*
417 		 * Only global keys should have key index assigned.
418 		 */
419 		if (!(&vap->iv_nw_keys[0] <= k &&
420 		      k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) {
421 			/* should not happen */
422 			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
423 				"%s: bogus group key\n", __func__);
424 			return 0;
425 		}
426 		if (vap->iv_opmode != IEEE80211_M_HOSTAP ||
427 		    !(k->wk_flags & IEEE80211_KEY_GROUP) ||
428 		    !sc->sc_mcastkey) {
429 			/*
430 			 * XXX we pre-allocate the global keys so
431 			 * have no way to check if they've already
432 			 * been allocated.
433 			 */
434 			*keyix = *rxkeyix = k - vap->iv_nw_keys;
435 			return 1;
436 		}
437 		/*
438 		 * Group key and device supports multicast key search.
439 		 */
440 		k->wk_keyix = IEEE80211_KEYIX_NONE;
441 	}
442 
443 	/*
444 	 * We allocate two pair for TKIP when using the h/w to do
445 	 * the MIC.  For everything else, including software crypto,
446 	 * we allocate a single entry.  Note that s/w crypto requires
447 	 * a pass-through slot on the 5211 and 5212.  The 5210 does
448 	 * not support pass-through cache entries and we map all
449 	 * those requests to slot 0.
450 	 */
451 	if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
452 		return key_alloc_single(sc, keyix, rxkeyix);
453 	} else if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP &&
454 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
455 		if (sc->sc_splitmic)
456 			return key_alloc_2pair(sc, keyix, rxkeyix);
457 		else
458 			return key_alloc_pair(sc, keyix, rxkeyix);
459 	} else {
460 		return key_alloc_single(sc, keyix, rxkeyix);
461 	}
462 }
463 
464 /*
465  * Delete an entry in the key cache allocated by ath_key_alloc.
466  */
467 int
468 ath_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
469 {
470 	struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
471 	struct ath_hal *ah = sc->sc_ah;
472 	const struct ieee80211_cipher *cip = k->wk_cipher;
473 	u_int keyix = k->wk_keyix;
474 
475 	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: delete key %u\n", __func__, keyix);
476 
477 	ath_hal_keyreset(ah, keyix);
478 	/*
479 	 * Handle split tx/rx keying required for TKIP with h/w MIC.
480 	 */
481 	if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
482 	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && sc->sc_splitmic)
483 		ath_hal_keyreset(ah, keyix+32);		/* RX key */
484 	if (keyix >= IEEE80211_WEP_NKID) {
485 		/*
486 		 * Don't touch keymap entries for global keys so
487 		 * they are never considered for dynamic allocation.
488 		 */
489 		clrbit(sc->sc_keymap, keyix);
490 		if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
491 		    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
492 			clrbit(sc->sc_keymap, keyix+64);	/* TX key MIC */
493 			if (sc->sc_splitmic) {
494 				/* +32 for RX key, +32+64 for RX key MIC */
495 				clrbit(sc->sc_keymap, keyix+32);
496 				clrbit(sc->sc_keymap, keyix+32+64);
497 			}
498 		}
499 	}
500 	return 1;
501 }
502 
503 /*
504  * Set the key cache contents for the specified key.  Key cache
505  * slot(s) must already have been allocated by ath_key_alloc.
506  */
507 int
508 ath_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k,
509 	const u_int8_t mac[IEEE80211_ADDR_LEN])
510 {
511 	struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
512 
513 	return ath_keyset(sc, vap, k, vap->iv_bss);
514 }
515