1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause
3
 *
4
 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted provided that the following conditions
9
 * are met:
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer,
12
 *    without modification.
13
 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
14
 *    similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
15
 *    redistribution must be conditioned upon including a substantially
16
 *    similar Disclaimer requirement for further binary redistribution.
17
 *
18
 * NO WARRANTY
19
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20
 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21
 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
22
 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
23
 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
24
 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
27
 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
29
 * THE POSSIBILITY OF SUCH DAMAGES.
30
 */
31

32
#include <sys/cdefs.h>
33
/*
34
 * Driver for the Atheros Wireless LAN controller.
35
 *
36
 * This software is derived from work of Atsushi Onoe; his contribution
37
 * is greatly appreciated.
38
 */
39

40
#include "opt_inet.h"
41
#include "opt_ath.h"
42
#include "opt_wlan.h"
43

44
#include <sys/param.h>
45
#include <sys/systm.h>
46
#include <sys/sysctl.h>
47
#include <sys/mbuf.h>
48
#include <sys/malloc.h>
49
#include <sys/lock.h>
50
#include <sys/mutex.h>
51
#include <sys/kernel.h>
52
#include <sys/socket.h>
53
#include <sys/sockio.h>
54
#include <sys/errno.h>
55
#include <sys/callout.h>
56
#include <sys/bus.h>
57
#include <sys/endian.h>
58
#include <sys/kthread.h>
59
#include <sys/taskqueue.h>
60
#include <sys/priv.h>
61

62
#include <machine/bus.h>
63

64
#include <net/if.h>
65
#include <net/if_var.h>
66
#include <net/if_dl.h>
67
#include <net/if_media.h>
68
#include <net/if_types.h>
69
#include <net/if_arp.h>
70
#include <net/ethernet.h>
71
#include <net/if_llc.h>
72

73
#include <net80211/ieee80211_var.h>
74

75
#include <net/bpf.h>
76

77
#include <dev/ath/if_athvar.h>
78

79
#include <dev/ath/if_ath_debug.h>
80
#include <dev/ath/if_ath_keycache.h>
81
#include <dev/ath/if_ath_misc.h>
82

83
#ifdef ATH_DEBUG
84
static void
85
ath_keyprint(struct ath_softc *sc, const char *tag, u_int ix,
86
	const HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
87
{
88
	static const char *ciphers[] = {
89
		"WEP",
90
		"AES-OCB",
91
		"AES-CCM",
92
		"CKIP",
93
		"TKIP",
94
		"CLR",
95
	};
96
	int i, n;
97

98
	printf("%s: [%02u] %-7s ", tag, ix, ciphers[hk->kv_type]);
99
	for (i = 0, n = hk->kv_len; i < n; i++)
100
		printf("%02x", hk->kv_val[i]);
101
	printf(" mac %s", ether_sprintf(mac));
102
	if (hk->kv_type == HAL_CIPHER_TKIP) {
103
		printf(" %s ", sc->sc_splitmic ? "mic" : "rxmic");
104
		for (i = 0; i < sizeof(hk->kv_mic); i++)
105
			printf("%02x", hk->kv_mic[i]);
106
		if (!sc->sc_splitmic) {
107
			printf(" txmic ");
108
			for (i = 0; i < sizeof(hk->kv_txmic); i++)
109
				printf("%02x", hk->kv_txmic[i]);
110
		}
111
	}
112
	printf("\n");
113
}
114
#endif
115

116
/*
117
 * Set a TKIP key into the hardware.  This handles the
118
 * potential distribution of key state to multiple key
119
 * cache slots for TKIP.
120
 */
121
static int
122
ath_keyset_tkip(struct ath_softc *sc, const struct ieee80211_key *k,
123
	HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
124
{
125
#define	IEEE80211_KEY_XR	(IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV)
126
	static const u_int8_t zerobssid[IEEE80211_ADDR_LEN];
127
	struct ath_hal *ah = sc->sc_ah;
128

129
	KASSERT(k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP,
130
		("got a non-TKIP key, cipher %u", k->wk_cipher->ic_cipher));
131
	if ((k->wk_flags & IEEE80211_KEY_XR) == IEEE80211_KEY_XR) {
132
		if (sc->sc_splitmic) {
133
			/*
134
			 * TX key goes at first index, RX key at the rx index.
135
			 * The hal handles the MIC keys at index+64.
136
			 */
137
			memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_mic));
138
			KEYPRINTF(sc, k->wk_keyix, hk, zerobssid);
139
			if (!ath_hal_keyset(ah, k->wk_keyix, hk, zerobssid))
140
				return 0;
141

142
			memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
143
			KEYPRINTF(sc, k->wk_keyix+32, hk, mac);
144
			/* XXX delete tx key on failure? */
145
			return ath_hal_keyset(ah, k->wk_keyix+32, hk, mac);
146
		} else {
147
			/*
148
			 * Room for both TX+RX MIC keys in one key cache
149
			 * slot, just set key at the first index; the hal
150
			 * will handle the rest.
151
			 */
152
			memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
153
			memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
154
			KEYPRINTF(sc, k->wk_keyix, hk, mac);
155
			return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
156
		}
157
	} else if (k->wk_flags & IEEE80211_KEY_XMIT) {
158
		if (sc->sc_splitmic) {
159
			/*
160
			 * NB: must pass MIC key in expected location when
161
			 * the keycache only holds one MIC key per entry.
162
			 */
163
			memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_txmic));
164
		} else
165
			memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
166
		KEYPRINTF(sc, k->wk_keyix, hk, mac);
167
		return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
168
	} else if (k->wk_flags & IEEE80211_KEY_RECV) {
169
		memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
170
		KEYPRINTF(sc, k->wk_keyix, hk, mac);
171
		return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
172
	}
173
	return 0;
174
#undef IEEE80211_KEY_XR
175
}
176

177
/*
178
 * Set a net80211 key into the hardware.  This handles the
179
 * potential distribution of key state to multiple key
180
 * cache slots for TKIP with hardware MIC support.
181
 */
182
int
183
ath_keyset(struct ath_softc *sc, struct ieee80211vap *vap,
184
	const struct ieee80211_key *k,
185
	struct ieee80211_node *bss)
186
{
187
	static const u_int8_t ciphermap[] = {
188
		HAL_CIPHER_WEP,		/* IEEE80211_CIPHER_WEP */
189
		HAL_CIPHER_TKIP,	/* IEEE80211_CIPHER_TKIP */
190
		HAL_CIPHER_AES_OCB,	/* IEEE80211_CIPHER_AES_OCB */
191
		HAL_CIPHER_AES_CCM,	/* IEEE80211_CIPHER_AES_CCM */
192
		(u_int8_t) -1,		/* 4 is not allocated */
193
		HAL_CIPHER_CKIP,	/* IEEE80211_CIPHER_CKIP */
194
		HAL_CIPHER_CLR,		/* IEEE80211_CIPHER_NONE */
195
	};
196
	struct ath_hal *ah = sc->sc_ah;
197
	const struct ieee80211_cipher *cip = k->wk_cipher;
198
	u_int8_t gmac[IEEE80211_ADDR_LEN];
199
	const u_int8_t *mac;
200
	HAL_KEYVAL hk;
201
	int ret;
202

203
	memset(&hk, 0, sizeof(hk));
204
	/*
205
	 * Software crypto uses a "clear key" so non-crypto
206
	 * state kept in the key cache are maintained and
207
	 * so that rx frames have an entry to match.
208
	 */
209
	if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) {
210
		KASSERT(cip->ic_cipher < nitems(ciphermap),
211
			("invalid cipher type %u", cip->ic_cipher));
212
		hk.kv_type = ciphermap[cip->ic_cipher];
213
		hk.kv_len = k->wk_keylen;
214
		memcpy(hk.kv_val, k->wk_key, k->wk_keylen);
215
	} else
216
		hk.kv_type = HAL_CIPHER_CLR;
217

218
	/*
219
	 * If we're installing a clear cipher key and
220
	 * the hardware doesn't support that, just succeed.
221
	 * Leave it up to the net80211 layer to figure it out.
222
	 */
223
	if (hk.kv_type == HAL_CIPHER_CLR && sc->sc_hasclrkey == 0) {
224
		return (1);
225
	}
226

227
	/*
228
	 * XXX TODO: check this:
229
	 * 
230
	 * Group keys on hardware that supports multicast frame
231
	 * key search should only be done in adhoc/hostap mode,
232
	 * not STA mode.
233
	 *
234
	 * XXX TODO: what about mesh, tdma?
235
	 */
236
#if 0
237
	if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
238
	     vap->iv_opmode == IEEE80211_M_IBSS) &&
239
#else
240
	if (
241
#endif
242
	    (k->wk_flags & IEEE80211_KEY_GROUP) &&
243
	    sc->sc_mcastkey) {
244
		/*
245
		 * Group keys on hardware that supports multicast frame
246
		 * key search use a MAC that is the sender's address with
247
		 * the multicast bit set instead of the app-specified address.
248
		 */
249
		IEEE80211_ADDR_COPY(gmac, bss->ni_macaddr);
250
		gmac[0] |= 0x01;
251
		mac = gmac;
252
	} else
253
		mac = k->wk_macaddr;
254

255
	ATH_LOCK(sc);
256
	ath_power_set_power_state(sc, HAL_PM_AWAKE);
257
	if (hk.kv_type == HAL_CIPHER_TKIP &&
258
	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
259
		ret = ath_keyset_tkip(sc, k, &hk, mac);
260
	} else {
261
		KEYPRINTF(sc, k->wk_keyix, &hk, mac);
262
		ret = ath_hal_keyset(ah, k->wk_keyix, &hk, mac);
263
	}
264
	ath_power_restore_power_state(sc);
265
	ATH_UNLOCK(sc);
266

267
	return (ret);
268
}
269

270
/*
271
 * Allocate tx/rx key slots for TKIP.  We allocate two slots for
272
 * each key, one for decrypt/encrypt and the other for the MIC.
273
 */
274
static u_int16_t
275
key_alloc_2pair(struct ath_softc *sc,
276
	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
277
{
278
	u_int i, keyix;
279

280
	KASSERT(sc->sc_splitmic, ("key cache !split"));
281
	/* XXX could optimize */
282
	for (i = 0; i < nitems(sc->sc_keymap)/4; i++) {
283
		u_int8_t b = sc->sc_keymap[i];
284
		if (b != 0xff) {
285
			/*
286
			 * One or more slots in this byte are free.
287
			 */
288
			keyix = i*NBBY;
289
			while (b & 1) {
290
		again:
291
				keyix++;
292
				b >>= 1;
293
			}
294
			/* XXX IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV */
295
			if (isset(sc->sc_keymap, keyix+32) ||
296
			    isset(sc->sc_keymap, keyix+64) ||
297
			    isset(sc->sc_keymap, keyix+32+64)) {
298
				/* full pair unavailable */
299
				/* XXX statistic */
300
				if (keyix == (i+1)*NBBY) {
301
					/* no slots were appropriate, advance */
302
					continue;
303
				}
304
				goto again;
305
			}
306
			setbit(sc->sc_keymap, keyix);
307
			setbit(sc->sc_keymap, keyix+64);
308
			setbit(sc->sc_keymap, keyix+32);
309
			setbit(sc->sc_keymap, keyix+32+64);
310
			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
311
				"%s: key pair %u,%u %u,%u\n",
312
				__func__, keyix, keyix+64,
313
				keyix+32, keyix+32+64);
314
			*txkeyix = keyix;
315
			*rxkeyix = keyix+32;
316
			return 1;
317
		}
318
	}
319
	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
320
	return 0;
321
}
322

323
/*
324
 * Allocate tx/rx key slots for TKIP.  We allocate two slots for
325
 * each key, one for decrypt/encrypt and the other for the MIC.
326
 */
327
static u_int16_t
328
key_alloc_pair(struct ath_softc *sc,
329
	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
330
{
331
	u_int i, keyix;
332

333
	KASSERT(!sc->sc_splitmic, ("key cache split"));
334
	/* XXX could optimize */
335
	for (i = 0; i < nitems(sc->sc_keymap)/4; i++) {
336
		u_int8_t b = sc->sc_keymap[i];
337
		if (b != 0xff) {
338
			/*
339
			 * One or more slots in this byte are free.
340
			 */
341
			keyix = i*NBBY;
342
			while (b & 1) {
343
		again:
344
				keyix++;
345
				b >>= 1;
346
			}
347
			if (isset(sc->sc_keymap, keyix+64)) {
348
				/* full pair unavailable */
349
				/* XXX statistic */
350
				if (keyix == (i+1)*NBBY) {
351
					/* no slots were appropriate, advance */
352
					continue;
353
				}
354
				goto again;
355
			}
356
			setbit(sc->sc_keymap, keyix);
357
			setbit(sc->sc_keymap, keyix+64);
358
			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
359
				"%s: key pair %u,%u\n",
360
				__func__, keyix, keyix+64);
361
			*txkeyix = *rxkeyix = keyix;
362
			return 1;
363
		}
364
	}
365
	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
366
	return 0;
367
}
368

369
/*
370
 * Allocate a single key cache slot.
371
 */
372
static int
373
key_alloc_single(struct ath_softc *sc,
374
	ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
375
{
376
	u_int i, keyix;
377

378
	if (sc->sc_hasclrkey == 0) {
379
		/*
380
		 * Map to slot 0 for the AR5210.
381
		 */
382
		*txkeyix = *rxkeyix = 0;
383
		return (1);
384
	}
385

386
	/* XXX try i,i+32,i+64,i+32+64 to minimize key pair conflicts */
387
	for (i = 0; i < nitems(sc->sc_keymap); i++) {
388
		u_int8_t b = sc->sc_keymap[i];
389
		if (b != 0xff) {
390
			/*
391
			 * One or more slots are free.
392
			 */
393
			keyix = i*NBBY;
394
			while (b & 1)
395
				keyix++, b >>= 1;
396
			setbit(sc->sc_keymap, keyix);
397
			DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: key %u\n",
398
				__func__, keyix);
399
			*txkeyix = *rxkeyix = keyix;
400
			return 1;
401
		}
402
	}
403
	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of space\n", __func__);
404
	return 0;
405
}
406

407
/*
408
 * Allocate one or more key cache slots for a uniacst key.  The
409
 * key itself is needed only to identify the cipher.  For hardware
410
 * TKIP with split cipher+MIC keys we allocate two key cache slot
411
 * pairs so that we can setup separate TX and RX MIC keys.  Note
412
 * that the MIC key for a TKIP key at slot i is assumed by the
413
 * hardware to be at slot i+64.  This limits TKIP keys to the first
414
 * 64 entries.
415
 */
416
int
417
ath_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k,
418
	ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
419
{
420
	struct ath_softc *sc = vap->iv_ic->ic_softc;
421

422
	/*
423
	 * Group key allocation must be handled specially for
424
	 * parts that do not support multicast key cache search
425
	 * functionality.  For those parts the key id must match
426
	 * the h/w key index so lookups find the right key.  On
427
	 * parts w/ the key search facility we install the sender's
428
	 * mac address (with the high bit set) and let the hardware
429
	 * find the key w/o using the key id.  This is preferred as
430
	 * it permits us to support multiple users for adhoc and/or
431
	 * multi-station operation.
432
	 */
433
	if (k->wk_keyix != IEEE80211_KEYIX_NONE) {
434
		/*
435
		 * Only global keys should have key index assigned.
436
		 */
437
		if (!ieee80211_is_key_global(vap, k)) {
438
			/* should not happen */
439
			DPRINTF(sc, ATH_DEBUG_KEYCACHE,
440
				"%s: bogus group key\n", __func__);
441
			return 0;
442
		}
443
		if (vap->iv_opmode != IEEE80211_M_HOSTAP ||
444
		    !(k->wk_flags & IEEE80211_KEY_GROUP) ||
445
		    !sc->sc_mcastkey) {
446
			/*
447
			 * XXX we pre-allocate the global keys so
448
			 * have no way to check if they've already
449
			 * been allocated.
450
			 */
451
			*keyix = *rxkeyix =
452
			    ieee80211_crypto_get_key_wepidx(vap, k);
453
			return 1;
454
		}
455
		/*
456
		 * Group key and device supports multicast key search.
457
		 */
458
		k->wk_keyix = IEEE80211_KEYIX_NONE;
459
	}
460

461
	/*
462
	 * We allocate two pair for TKIP when using the h/w to do
463
	 * the MIC.  For everything else, including software crypto,
464
	 * we allocate a single entry.  Note that s/w crypto requires
465
	 * a pass-through slot on the 5211 and 5212.  The 5210 does
466
	 * not support pass-through cache entries and we map all
467
	 * those requests to slot 0.
468
	 */
469
	if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
470
		return key_alloc_single(sc, keyix, rxkeyix);
471
	} else if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP &&
472
	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
473
		if (sc->sc_splitmic)
474
			return key_alloc_2pair(sc, keyix, rxkeyix);
475
		else
476
			return key_alloc_pair(sc, keyix, rxkeyix);
477
	} else {
478
		return key_alloc_single(sc, keyix, rxkeyix);
479
	}
480
}
481

482
/*
483
 * Delete an entry in the key cache allocated by ath_key_alloc.
484
 */
485
int
486
ath_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
487
{
488
	struct ath_softc *sc = vap->iv_ic->ic_softc;
489
	struct ath_hal *ah = sc->sc_ah;
490
	const struct ieee80211_cipher *cip = k->wk_cipher;
491
	u_int keyix = k->wk_keyix;
492

493
	DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: delete key %u\n", __func__, keyix);
494

495
	ATH_LOCK(sc);
496
	ath_power_set_power_state(sc, HAL_PM_AWAKE);
497
	ath_hal_keyreset(ah, keyix);
498
	/*
499
	 * Handle split tx/rx keying required for TKIP with h/w MIC.
500
	 */
501
	if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
502
	    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && sc->sc_splitmic)
503
		ath_hal_keyreset(ah, keyix+32);		/* RX key */
504
	if (keyix >= IEEE80211_WEP_NKID) {
505
		/*
506
		 * Don't touch keymap entries for global keys so
507
		 * they are never considered for dynamic allocation.
508
		 */
509
		clrbit(sc->sc_keymap, keyix);
510
		if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
511
		    (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
512
			clrbit(sc->sc_keymap, keyix+64);	/* TX key MIC */
513
			if (sc->sc_splitmic) {
514
				/* +32 for RX key, +32+64 for RX key MIC */
515
				clrbit(sc->sc_keymap, keyix+32);
516
				clrbit(sc->sc_keymap, keyix+32+64);
517
			}
518
		}
519
	}
520
	ath_power_restore_power_state(sc);
521
	ATH_UNLOCK(sc);
522
	return 1;
523
}
524

525
/*
526
 * Set the key cache contents for the specified key.  Key cache
527
 * slot(s) must already have been allocated by ath_key_alloc.
528
 */
529
int
530
ath_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
531
{
532
	struct ath_softc *sc = vap->iv_ic->ic_softc;
533

534
	return ath_keyset(sc, vap, k, vap->iv_bss);
535
}
536

537