ath - Basic re-port, base code compile
[dragonfly.git] / sys / dev / netif / ath / ath / if_ath_keycache.c
CommitLineData
572ff6f6
MD
1/*-
2 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer,
10 * without modification.
11 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
12 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
13 * redistribution must be conditioned upon including a substantially
14 * similar Disclaimer requirement for further binary redistribution.
15 *
16 * NO WARRANTY
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
22 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
27 * THE POSSIBILITY OF SUCH DAMAGES.
28 */
29
30#include <sys/cdefs.h>
572ff6f6
MD
31
32/*
33 * Driver for the Atheros Wireless LAN controller.
34 *
35 * This software is derived from work of Atsushi Onoe; his contribution
36 * is greatly appreciated.
37 */
38
39#include "opt_inet.h"
40#include "opt_ath.h"
41#include "opt_wlan.h"
42
43#include <sys/param.h>
44#include <sys/systm.h>
45#include <sys/sysctl.h>
46#include <sys/mbuf.h>
47#include <sys/malloc.h>
48#include <sys/lock.h>
49#include <sys/mutex.h>
50#include <sys/kernel.h>
51#include <sys/socket.h>
52#include <sys/sockio.h>
53#include <sys/errno.h>
54#include <sys/callout.h>
55#include <sys/bus.h>
56#include <sys/endian.h>
57#include <sys/kthread.h>
58#include <sys/taskqueue.h>
59#include <sys/priv.h>
60
572ff6f6
MD
61#include <net/if.h>
62#include <net/if_var.h>
63#include <net/if_dl.h>
64#include <net/if_media.h>
65#include <net/if_types.h>
66#include <net/if_arp.h>
67#include <net/ethernet.h>
68#include <net/if_llc.h>
69
5cd80a8c 70#include <netproto/802_11/ieee80211_var.h>
572ff6f6
MD
71
72#include <net/bpf.h>
73
5cd80a8c 74#include <dev/netif/ath/ath/if_athvar.h>
572ff6f6 75
5cd80a8c
MD
76#include <dev/netif/ath/ath/if_ath_debug.h>
77#include <dev/netif/ath/ath/if_ath_keycache.h>
572ff6f6
MD
78
79#ifdef ATH_DEBUG
80static void
81ath_keyprint(struct ath_softc *sc, const char *tag, u_int ix,
82 const HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
83{
84 static const char *ciphers[] = {
85 "WEP",
86 "AES-OCB",
87 "AES-CCM",
88 "CKIP",
89 "TKIP",
90 "CLR",
91 };
92 int i, n;
93
3133c5e3 94 kprintf("%s: [%02u] %-7s ", tag, ix, ciphers[hk->kv_type]);
572ff6f6 95 for (i = 0, n = hk->kv_len; i < n; i++)
3133c5e3
MD
96 kprintf("%02x", hk->kv_val[i]);
97 kprintf(" mac %s", ath_hal_ether_sprintf(mac));
572ff6f6 98 if (hk->kv_type == HAL_CIPHER_TKIP) {
3133c5e3 99 kprintf(" %s ", sc->sc_splitmic ? "mic" : "rxmic");
572ff6f6 100 for (i = 0; i < sizeof(hk->kv_mic); i++)
3133c5e3 101 kprintf("%02x", hk->kv_mic[i]);
572ff6f6 102 if (!sc->sc_splitmic) {
3133c5e3 103 kprintf(" txmic ");
572ff6f6 104 for (i = 0; i < sizeof(hk->kv_txmic); i++)
3133c5e3 105 kprintf("%02x", hk->kv_txmic[i]);
572ff6f6
MD
106 }
107 }
3133c5e3 108 kprintf("\n");
572ff6f6
MD
109}
110#endif
111
112/*
113 * Set a TKIP key into the hardware. This handles the
114 * potential distribution of key state to multiple key
115 * cache slots for TKIP.
116 */
117static int
118ath_keyset_tkip(struct ath_softc *sc, const struct ieee80211_key *k,
119 HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
120{
121#define IEEE80211_KEY_XR (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV)
122 static const u_int8_t zerobssid[IEEE80211_ADDR_LEN];
123 struct ath_hal *ah = sc->sc_ah;
124
125 KASSERT(k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP,
126 ("got a non-TKIP key, cipher %u", k->wk_cipher->ic_cipher));
127 if ((k->wk_flags & IEEE80211_KEY_XR) == IEEE80211_KEY_XR) {
128 if (sc->sc_splitmic) {
129 /*
130 * TX key goes at first index, RX key at the rx index.
131 * The hal handles the MIC keys at index+64.
132 */
133 memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_mic));
134 KEYPRINTF(sc, k->wk_keyix, hk, zerobssid);
135 if (!ath_hal_keyset(ah, k->wk_keyix, hk, zerobssid))
136 return 0;
137
138 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
139 KEYPRINTF(sc, k->wk_keyix+32, hk, mac);
140 /* XXX delete tx key on failure? */
141 return ath_hal_keyset(ah, k->wk_keyix+32, hk, mac);
142 } else {
143 /*
144 * Room for both TX+RX MIC keys in one key cache
145 * slot, just set key at the first index; the hal
146 * will handle the rest.
147 */
148 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
149 memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
150 KEYPRINTF(sc, k->wk_keyix, hk, mac);
151 return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
152 }
153 } else if (k->wk_flags & IEEE80211_KEY_XMIT) {
154 if (sc->sc_splitmic) {
155 /*
156 * NB: must pass MIC key in expected location when
157 * the keycache only holds one MIC key per entry.
158 */
159 memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_txmic));
160 } else
161 memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
162 KEYPRINTF(sc, k->wk_keyix, hk, mac);
163 return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
164 } else if (k->wk_flags & IEEE80211_KEY_RECV) {
165 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
166 KEYPRINTF(sc, k->wk_keyix, hk, mac);
167 return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
168 }
169 return 0;
170#undef IEEE80211_KEY_XR
171}
172
173/*
174 * Set a net80211 key into the hardware. This handles the
175 * potential distribution of key state to multiple key
176 * cache slots for TKIP with hardware MIC support.
177 */
178int
179ath_keyset(struct ath_softc *sc, struct ieee80211vap *vap,
180 const struct ieee80211_key *k,
181 struct ieee80211_node *bss)
182{
183#define N(a) (sizeof(a)/sizeof(a[0]))
184 static const u_int8_t ciphermap[] = {
185 HAL_CIPHER_WEP, /* IEEE80211_CIPHER_WEP */
186 HAL_CIPHER_TKIP, /* IEEE80211_CIPHER_TKIP */
187 HAL_CIPHER_AES_OCB, /* IEEE80211_CIPHER_AES_OCB */
188 HAL_CIPHER_AES_CCM, /* IEEE80211_CIPHER_AES_CCM */
189 (u_int8_t) -1, /* 4 is not allocated */
190 HAL_CIPHER_CKIP, /* IEEE80211_CIPHER_CKIP */
191 HAL_CIPHER_CLR, /* IEEE80211_CIPHER_NONE */
192 };
193 struct ath_hal *ah = sc->sc_ah;
194 const struct ieee80211_cipher *cip = k->wk_cipher;
195 u_int8_t gmac[IEEE80211_ADDR_LEN];
196 const u_int8_t *mac;
197 HAL_KEYVAL hk;
198
199 memset(&hk, 0, sizeof(hk));
200 /*
201 * Software crypto uses a "clear key" so non-crypto
202 * state kept in the key cache are maintained and
203 * so that rx frames have an entry to match.
204 */
205 if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) {
206 KASSERT(cip->ic_cipher < N(ciphermap),
207 ("invalid cipher type %u", cip->ic_cipher));
208 hk.kv_type = ciphermap[cip->ic_cipher];
209 hk.kv_len = k->wk_keylen;
210 memcpy(hk.kv_val, k->wk_key, k->wk_keylen);
211 } else
212 hk.kv_type = HAL_CIPHER_CLR;
213
214 /*
215 * If we're installing a clear cipher key and
216 * the hardware doesn't support that, just succeed.
217 * Leave it up to the net80211 layer to figure it out.
218 */
219 if (hk.kv_type == HAL_CIPHER_CLR && sc->sc_hasclrkey == 0) {
220 return (1);
221 }
222
223 /*
224 * XXX TODO: check this:
225 *
226 * Group keys on hardware that supports multicast frame
227 * key search should only be done in adhoc/hostap mode,
228 * not STA mode.
229 *
230 * XXX TODO: what about mesh, tdma?
231 */
232#if 0
233 if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
234 vap->iv_opmode == IEEE80211_M_IBSS) &&
235#else
236 if (
237#endif
238 (k->wk_flags & IEEE80211_KEY_GROUP) &&
239 sc->sc_mcastkey) {
240 /*
241 * Group keys on hardware that supports multicast frame
242 * key search use a MAC that is the sender's address with
243 * the multicast bit set instead of the app-specified address.
244 */
245 IEEE80211_ADDR_COPY(gmac, bss->ni_macaddr);
246 gmac[0] |= 0x01;
247 mac = gmac;
248 } else
249 mac = k->wk_macaddr;
250
251 if (hk.kv_type == HAL_CIPHER_TKIP &&
252 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
253 return ath_keyset_tkip(sc, k, &hk, mac);
254 } else {
255 KEYPRINTF(sc, k->wk_keyix, &hk, mac);
256 return ath_hal_keyset(ah, k->wk_keyix, &hk, mac);
257 }
258#undef N
259}
260
261/*
262 * Allocate tx/rx key slots for TKIP. We allocate two slots for
263 * each key, one for decrypt/encrypt and the other for the MIC.
264 */
265static u_int16_t
266key_alloc_2pair(struct ath_softc *sc,
267 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
268{
269#define N(a) (sizeof(a)/sizeof(a[0]))
270 u_int i, keyix;
271
272 KASSERT(sc->sc_splitmic, ("key cache !split"));
273 /* XXX could optimize */
274 for (i = 0; i < N(sc->sc_keymap)/4; i++) {
275 u_int8_t b = sc->sc_keymap[i];
276 if (b != 0xff) {
277 /*
278 * One or more slots in this byte are free.
279 */
280 keyix = i*NBBY;
281 while (b & 1) {
282 again:
283 keyix++;
284 b >>= 1;
285 }
286 /* XXX IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV */
287 if (isset(sc->sc_keymap, keyix+32) ||
288 isset(sc->sc_keymap, keyix+64) ||
289 isset(sc->sc_keymap, keyix+32+64)) {
290 /* full pair unavailable */
291 /* XXX statistic */
292 if (keyix == (i+1)*NBBY) {
293 /* no slots were appropriate, advance */
294 continue;
295 }
296 goto again;
297 }
298 setbit(sc->sc_keymap, keyix);
299 setbit(sc->sc_keymap, keyix+64);
300 setbit(sc->sc_keymap, keyix+32);
301 setbit(sc->sc_keymap, keyix+32+64);
302 DPRINTF(sc, ATH_DEBUG_KEYCACHE,
303 "%s: key pair %u,%u %u,%u\n",
304 __func__, keyix, keyix+64,
305 keyix+32, keyix+32+64);
306 *txkeyix = keyix;
307 *rxkeyix = keyix+32;
308 return 1;
309 }
310 }
311 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
312 return 0;
313#undef N
314}
315
316/*
317 * Allocate tx/rx key slots for TKIP. We allocate two slots for
318 * each key, one for decrypt/encrypt and the other for the MIC.
319 */
320static u_int16_t
321key_alloc_pair(struct ath_softc *sc,
322 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
323{
324#define N(a) (sizeof(a)/sizeof(a[0]))
325 u_int i, keyix;
326
327 KASSERT(!sc->sc_splitmic, ("key cache split"));
328 /* XXX could optimize */
329 for (i = 0; i < N(sc->sc_keymap)/4; i++) {
330 u_int8_t b = sc->sc_keymap[i];
331 if (b != 0xff) {
332 /*
333 * One or more slots in this byte are free.
334 */
335 keyix = i*NBBY;
336 while (b & 1) {
337 again:
338 keyix++;
339 b >>= 1;
340 }
341 if (isset(sc->sc_keymap, keyix+64)) {
342 /* full pair unavailable */
343 /* XXX statistic */
344 if (keyix == (i+1)*NBBY) {
345 /* no slots were appropriate, advance */
346 continue;
347 }
348 goto again;
349 }
350 setbit(sc->sc_keymap, keyix);
351 setbit(sc->sc_keymap, keyix+64);
352 DPRINTF(sc, ATH_DEBUG_KEYCACHE,
353 "%s: key pair %u,%u\n",
354 __func__, keyix, keyix+64);
355 *txkeyix = *rxkeyix = keyix;
356 return 1;
357 }
358 }
359 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
360 return 0;
361#undef N
362}
363
364/*
365 * Allocate a single key cache slot.
366 */
367static int
368key_alloc_single(struct ath_softc *sc,
369 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
370{
371#define N(a) (sizeof(a)/sizeof(a[0]))
372 u_int i, keyix;
373
374 if (sc->sc_hasclrkey == 0) {
375 /*
376 * Map to slot 0 for the AR5210.
377 */
378 *txkeyix = *rxkeyix = 0;
379 return (1);
380 }
381
382 /* XXX try i,i+32,i+64,i+32+64 to minimize key pair conflicts */
383 for (i = 0; i < N(sc->sc_keymap); i++) {
384 u_int8_t b = sc->sc_keymap[i];
385 if (b != 0xff) {
386 /*
387 * One or more slots are free.
388 */
389 keyix = i*NBBY;
390 while (b & 1)
391 keyix++, b >>= 1;
392 setbit(sc->sc_keymap, keyix);
393 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: key %u\n",
394 __func__, keyix);
395 *txkeyix = *rxkeyix = keyix;
396 return 1;
397 }
398 }
399 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of space\n", __func__);
400 return 0;
401#undef N
402}
403
404/*
405 * Allocate one or more key cache slots for a uniacst key. The
406 * key itself is needed only to identify the cipher. For hardware
407 * TKIP with split cipher+MIC keys we allocate two key cache slot
408 * pairs so that we can setup separate TX and RX MIC keys. Note
409 * that the MIC key for a TKIP key at slot i is assumed by the
410 * hardware to be at slot i+64. This limits TKIP keys to the first
411 * 64 entries.
412 */
413int
414ath_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k,
415 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
416{
417 struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
418
419 /*
420 * Group key allocation must be handled specially for
421 * parts that do not support multicast key cache search
422 * functionality. For those parts the key id must match
423 * the h/w key index so lookups find the right key. On
424 * parts w/ the key search facility we install the sender's
425 * mac address (with the high bit set) and let the hardware
426 * find the key w/o using the key id. This is preferred as
427 * it permits us to support multiple users for adhoc and/or
428 * multi-station operation.
429 */
430 if (k->wk_keyix != IEEE80211_KEYIX_NONE) {
431 /*
432 * Only global keys should have key index assigned.
433 */
434 if (!(&vap->iv_nw_keys[0] <= k &&
435 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) {
436 /* should not happen */
437 DPRINTF(sc, ATH_DEBUG_KEYCACHE,
438 "%s: bogus group key\n", __func__);
439 return 0;
440 }
441 if (vap->iv_opmode != IEEE80211_M_HOSTAP ||
442 !(k->wk_flags & IEEE80211_KEY_GROUP) ||
443 !sc->sc_mcastkey) {
444 /*
445 * XXX we pre-allocate the global keys so
446 * have no way to check if they've already
447 * been allocated.
448 */
449 *keyix = *rxkeyix = k - vap->iv_nw_keys;
450 return 1;
451 }
452 /*
453 * Group key and device supports multicast key search.
454 */
455 k->wk_keyix = IEEE80211_KEYIX_NONE;
456 }
457
458 /*
459 * We allocate two pair for TKIP when using the h/w to do
460 * the MIC. For everything else, including software crypto,
461 * we allocate a single entry. Note that s/w crypto requires
462 * a pass-through slot on the 5211 and 5212. The 5210 does
463 * not support pass-through cache entries and we map all
464 * those requests to slot 0.
465 */
466 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
467 return key_alloc_single(sc, keyix, rxkeyix);
468 } else if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP &&
469 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
470 if (sc->sc_splitmic)
471 return key_alloc_2pair(sc, keyix, rxkeyix);
472 else
473 return key_alloc_pair(sc, keyix, rxkeyix);
474 } else {
475 return key_alloc_single(sc, keyix, rxkeyix);
476 }
477}
478
479/*
480 * Delete an entry in the key cache allocated by ath_key_alloc.
481 */
482int
483ath_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
484{
485 struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
486 struct ath_hal *ah = sc->sc_ah;
487 const struct ieee80211_cipher *cip = k->wk_cipher;
488 u_int keyix = k->wk_keyix;
489
490 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: delete key %u\n", __func__, keyix);
491
492 ath_hal_keyreset(ah, keyix);
493 /*
494 * Handle split tx/rx keying required for TKIP with h/w MIC.
495 */
496 if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
497 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && sc->sc_splitmic)
498 ath_hal_keyreset(ah, keyix+32); /* RX key */
499 if (keyix >= IEEE80211_WEP_NKID) {
500 /*
501 * Don't touch keymap entries for global keys so
502 * they are never considered for dynamic allocation.
503 */
504 clrbit(sc->sc_keymap, keyix);
505 if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
506 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
507 clrbit(sc->sc_keymap, keyix+64); /* TX key MIC */
508 if (sc->sc_splitmic) {
509 /* +32 for RX key, +32+64 for RX key MIC */
510 clrbit(sc->sc_keymap, keyix+32);
511 clrbit(sc->sc_keymap, keyix+32+64);
512 }
513 }
514 }
515 return 1;
516}
517
518/*
519 * Set the key cache contents for the specified key. Key cache
520 * slot(s) must already have been allocated by ath_key_alloc.
521 */
522int
523ath_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k,
524 const u_int8_t mac[IEEE80211_ADDR_LEN])
525{
526 struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
527
528 return ath_keyset(sc, vap, k, vap->iv_bss);
529}