1 /*- 2 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer, 10 * without modification. 11 * 2. Redistributions in binary form must reproduce at minimum a disclaimer 12 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any 13 * redistribution must be conditioned upon including a substantially 14 * similar Disclaimer requirement for further binary redistribution. 15 * 16 * NO WARRANTY 17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY 20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 21 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, 22 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 25 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 27 * THE POSSIBILITY OF SUCH DAMAGES. 28 */ 29 30 #include <sys/cdefs.h> 31 __FBSDID("$FreeBSD$"); 32 33 /* 34 * Driver for the Atheros Wireless LAN controller. 35 * 36 * This software is derived from work of Atsushi Onoe; his contribution 37 * is greatly appreciated. 38 */ 39 40 #include "opt_inet.h" 41 #include "opt_ath.h" 42 #include "opt_wlan.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/sysctl.h> 47 #include <sys/mbuf.h> 48 #include <sys/malloc.h> 49 #include <sys/lock.h> 50 #include <sys/mutex.h> 51 #include <sys/kernel.h> 52 #include <sys/socket.h> 53 #include <sys/sockio.h> 54 #include <sys/errno.h> 55 #include <sys/callout.h> 56 #include <sys/bus.h> 57 #include <sys/endian.h> 58 #include <sys/kthread.h> 59 #include <sys/taskqueue.h> 60 #include <sys/priv.h> 61 62 #if defined(__DragonFly__) 63 /* empty */ 64 #else 65 #include <machine/bus.h> 66 #endif 67 68 #include <net/if.h> 69 #include <net/if_var.h> 70 #include <net/if_dl.h> 71 #include <net/if_media.h> 72 #include <net/if_types.h> 73 #include <net/if_arp.h> 74 #include <net/ethernet.h> 75 #include <net/if_llc.h> 76 77 #include <netproto/802_11/ieee80211_var.h> 78 79 #include <net/bpf.h> 80 81 #include <dev/netif/ath/ath/if_athvar.h> 82 83 #include <dev/netif/ath/ath/if_ath_debug.h> 84 #include <dev/netif/ath/ath/if_ath_keycache.h> 85 #include <dev/netif/ath/ath/if_ath_misc.h> 86 87 #ifdef ATH_DEBUG 88 static void 89 ath_keyprint(struct ath_softc *sc, const char *tag, u_int ix, 90 const HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN]) 91 { 92 static const char *ciphers[] = { 93 "WEP", 94 "AES-OCB", 95 "AES-CCM", 96 "CKIP", 97 "TKIP", 98 "CLR", 99 }; 100 int i, n; 101 102 kprintf("%s: [%02u] %-7s ", tag, ix, ciphers[hk->kv_type]); 103 for (i = 0, n = hk->kv_len; i < n; i++) 104 kprintf("%02x", hk->kv_val[i]); 105 kprintf(" mac %s", ether_sprintf(mac)); 106 if (hk->kv_type == HAL_CIPHER_TKIP) { 107 kprintf(" %s ", sc->sc_splitmic ? "mic" : "rxmic"); 108 for (i = 0; i < sizeof(hk->kv_mic); i++) 109 kprintf("%02x", hk->kv_mic[i]); 110 if (!sc->sc_splitmic) { 111 kprintf(" txmic "); 112 for (i = 0; i < sizeof(hk->kv_txmic); i++) 113 kprintf("%02x", hk->kv_txmic[i]); 114 } 115 } 116 kprintf("\n"); 117 } 118 #endif 119 120 /* 121 * Set a TKIP key into the hardware. This handles the 122 * potential distribution of key state to multiple key 123 * cache slots for TKIP. 124 */ 125 static int 126 ath_keyset_tkip(struct ath_softc *sc, const struct ieee80211_key *k, 127 HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN]) 128 { 129 #define IEEE80211_KEY_XR (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV) 130 static const u_int8_t zerobssid[IEEE80211_ADDR_LEN]; 131 struct ath_hal *ah = sc->sc_ah; 132 133 KASSERT(k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP, 134 ("got a non-TKIP key, cipher %u", k->wk_cipher->ic_cipher)); 135 if ((k->wk_flags & IEEE80211_KEY_XR) == IEEE80211_KEY_XR) { 136 if (sc->sc_splitmic) { 137 /* 138 * TX key goes at first index, RX key at the rx index. 139 * The hal handles the MIC keys at index+64. 140 */ 141 memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_mic)); 142 KEYPRINTF(sc, k->wk_keyix, hk, zerobssid); 143 if (!ath_hal_keyset(ah, k->wk_keyix, hk, zerobssid)) 144 return 0; 145 146 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic)); 147 KEYPRINTF(sc, k->wk_keyix+32, hk, mac); 148 /* XXX delete tx key on failure? */ 149 return ath_hal_keyset(ah, k->wk_keyix+32, hk, mac); 150 } else { 151 /* 152 * Room for both TX+RX MIC keys in one key cache 153 * slot, just set key at the first index; the hal 154 * will handle the rest. 155 */ 156 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic)); 157 memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic)); 158 KEYPRINTF(sc, k->wk_keyix, hk, mac); 159 return ath_hal_keyset(ah, k->wk_keyix, hk, mac); 160 } 161 } else if (k->wk_flags & IEEE80211_KEY_XMIT) { 162 if (sc->sc_splitmic) { 163 /* 164 * NB: must pass MIC key in expected location when 165 * the keycache only holds one MIC key per entry. 166 */ 167 memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_txmic)); 168 } else 169 memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic)); 170 KEYPRINTF(sc, k->wk_keyix, hk, mac); 171 return ath_hal_keyset(ah, k->wk_keyix, hk, mac); 172 } else if (k->wk_flags & IEEE80211_KEY_RECV) { 173 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic)); 174 KEYPRINTF(sc, k->wk_keyix, hk, mac); 175 return ath_hal_keyset(ah, k->wk_keyix, hk, mac); 176 } 177 return 0; 178 #undef IEEE80211_KEY_XR 179 } 180 181 /* 182 * Set a net80211 key into the hardware. This handles the 183 * potential distribution of key state to multiple key 184 * cache slots for TKIP with hardware MIC support. 185 */ 186 int 187 ath_keyset(struct ath_softc *sc, struct ieee80211vap *vap, 188 const struct ieee80211_key *k, 189 struct ieee80211_node *bss) 190 { 191 static const u_int8_t ciphermap[] = { 192 HAL_CIPHER_WEP, /* IEEE80211_CIPHER_WEP */ 193 HAL_CIPHER_TKIP, /* IEEE80211_CIPHER_TKIP */ 194 HAL_CIPHER_AES_OCB, /* IEEE80211_CIPHER_AES_OCB */ 195 HAL_CIPHER_AES_CCM, /* IEEE80211_CIPHER_AES_CCM */ 196 (u_int8_t) -1, /* 4 is not allocated */ 197 HAL_CIPHER_CKIP, /* IEEE80211_CIPHER_CKIP */ 198 HAL_CIPHER_CLR, /* IEEE80211_CIPHER_NONE */ 199 }; 200 struct ath_hal *ah = sc->sc_ah; 201 const struct ieee80211_cipher *cip = k->wk_cipher; 202 u_int8_t gmac[IEEE80211_ADDR_LEN]; 203 const u_int8_t *mac; 204 HAL_KEYVAL hk; 205 int ret; 206 207 memset(&hk, 0, sizeof(hk)); 208 /* 209 * Software crypto uses a "clear key" so non-crypto 210 * state kept in the key cache are maintained and 211 * so that rx frames have an entry to match. 212 */ 213 if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) { 214 KASSERT(cip->ic_cipher < nitems(ciphermap), 215 ("invalid cipher type %u", cip->ic_cipher)); 216 hk.kv_type = ciphermap[cip->ic_cipher]; 217 hk.kv_len = k->wk_keylen; 218 memcpy(hk.kv_val, k->wk_key, k->wk_keylen); 219 } else 220 hk.kv_type = HAL_CIPHER_CLR; 221 222 /* 223 * If we're installing a clear cipher key and 224 * the hardware doesn't support that, just succeed. 225 * Leave it up to the net80211 layer to figure it out. 226 */ 227 if (hk.kv_type == HAL_CIPHER_CLR && sc->sc_hasclrkey == 0) { 228 return (1); 229 } 230 231 /* 232 * XXX TODO: check this: 233 * 234 * Group keys on hardware that supports multicast frame 235 * key search should only be done in adhoc/hostap mode, 236 * not STA mode. 237 * 238 * XXX TODO: what about mesh, tdma? 239 */ 240 #if 0 241 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 242 vap->iv_opmode == IEEE80211_M_IBSS) && 243 #else 244 if ( 245 #endif 246 (k->wk_flags & IEEE80211_KEY_GROUP) && 247 sc->sc_mcastkey) { 248 /* 249 * Group keys on hardware that supports multicast frame 250 * key search use a MAC that is the sender's address with 251 * the multicast bit set instead of the app-specified address. 252 */ 253 IEEE80211_ADDR_COPY(gmac, bss->ni_macaddr); 254 gmac[0] |= 0x01; 255 mac = gmac; 256 } else 257 mac = k->wk_macaddr; 258 259 ATH_LOCK(sc); 260 ath_power_set_power_state(sc, HAL_PM_AWAKE); 261 if (hk.kv_type == HAL_CIPHER_TKIP && 262 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) { 263 ret = ath_keyset_tkip(sc, k, &hk, mac); 264 } else { 265 KEYPRINTF(sc, k->wk_keyix, &hk, mac); 266 ret = ath_hal_keyset(ah, k->wk_keyix, &hk, mac); 267 } 268 ath_power_restore_power_state(sc); 269 ATH_UNLOCK(sc); 270 271 return (ret); 272 } 273 274 /* 275 * Allocate tx/rx key slots for TKIP. We allocate two slots for 276 * each key, one for decrypt/encrypt and the other for the MIC. 277 */ 278 static u_int16_t 279 key_alloc_2pair(struct ath_softc *sc, 280 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix) 281 { 282 u_int i, keyix; 283 284 KASSERT(sc->sc_splitmic, ("key cache !split")); 285 /* XXX could optimize */ 286 for (i = 0; i < nitems(sc->sc_keymap)/4; i++) { 287 u_int8_t b = sc->sc_keymap[i]; 288 if (b != 0xff) { 289 /* 290 * One or more slots in this byte are free. 291 */ 292 keyix = i*NBBY; 293 while (b & 1) { 294 again: 295 keyix++; 296 b >>= 1; 297 } 298 /* XXX IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV */ 299 if (isset(sc->sc_keymap, keyix+32) || 300 isset(sc->sc_keymap, keyix+64) || 301 isset(sc->sc_keymap, keyix+32+64)) { 302 /* full pair unavailable */ 303 /* XXX statistic */ 304 if (keyix == (i+1)*NBBY) { 305 /* no slots were appropriate, advance */ 306 continue; 307 } 308 goto again; 309 } 310 setbit(sc->sc_keymap, keyix); 311 setbit(sc->sc_keymap, keyix+64); 312 setbit(sc->sc_keymap, keyix+32); 313 setbit(sc->sc_keymap, keyix+32+64); 314 DPRINTF(sc, ATH_DEBUG_KEYCACHE, 315 "%s: key pair %u,%u %u,%u\n", 316 __func__, keyix, keyix+64, 317 keyix+32, keyix+32+64); 318 *txkeyix = keyix; 319 *rxkeyix = keyix+32; 320 return 1; 321 } 322 } 323 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__); 324 return 0; 325 } 326 327 /* 328 * Allocate tx/rx key slots for TKIP. We allocate two slots for 329 * each key, one for decrypt/encrypt and the other for the MIC. 330 */ 331 static u_int16_t 332 key_alloc_pair(struct ath_softc *sc, 333 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix) 334 { 335 u_int i, keyix; 336 337 KASSERT(!sc->sc_splitmic, ("key cache split")); 338 /* XXX could optimize */ 339 for (i = 0; i < nitems(sc->sc_keymap)/4; i++) { 340 u_int8_t b = sc->sc_keymap[i]; 341 if (b != 0xff) { 342 /* 343 * One or more slots in this byte are free. 344 */ 345 keyix = i*NBBY; 346 while (b & 1) { 347 again: 348 keyix++; 349 b >>= 1; 350 } 351 if (isset(sc->sc_keymap, keyix+64)) { 352 /* full pair unavailable */ 353 /* XXX statistic */ 354 if (keyix == (i+1)*NBBY) { 355 /* no slots were appropriate, advance */ 356 continue; 357 } 358 goto again; 359 } 360 setbit(sc->sc_keymap, keyix); 361 setbit(sc->sc_keymap, keyix+64); 362 DPRINTF(sc, ATH_DEBUG_KEYCACHE, 363 "%s: key pair %u,%u\n", 364 __func__, keyix, keyix+64); 365 *txkeyix = *rxkeyix = keyix; 366 return 1; 367 } 368 } 369 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__); 370 return 0; 371 } 372 373 /* 374 * Allocate a single key cache slot. 375 */ 376 static int 377 key_alloc_single(struct ath_softc *sc, 378 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix) 379 { 380 u_int i, keyix; 381 382 if (sc->sc_hasclrkey == 0) { 383 /* 384 * Map to slot 0 for the AR5210. 385 */ 386 *txkeyix = *rxkeyix = 0; 387 return (1); 388 } 389 390 /* XXX try i,i+32,i+64,i+32+64 to minimize key pair conflicts */ 391 for (i = 0; i < nitems(sc->sc_keymap); i++) { 392 u_int8_t b = sc->sc_keymap[i]; 393 if (b != 0xff) { 394 /* 395 * One or more slots are free. 396 */ 397 keyix = i*NBBY; 398 while (b & 1) 399 keyix++, b >>= 1; 400 setbit(sc->sc_keymap, keyix); 401 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: key %u\n", 402 __func__, keyix); 403 *txkeyix = *rxkeyix = keyix; 404 return 1; 405 } 406 } 407 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of space\n", __func__); 408 return 0; 409 } 410 411 /* 412 * Allocate one or more key cache slots for a uniacst key. The 413 * key itself is needed only to identify the cipher. For hardware 414 * TKIP with split cipher+MIC keys we allocate two key cache slot 415 * pairs so that we can setup separate TX and RX MIC keys. Note 416 * that the MIC key for a TKIP key at slot i is assumed by the 417 * hardware to be at slot i+64. This limits TKIP keys to the first 418 * 64 entries. 419 */ 420 int 421 ath_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, 422 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) 423 { 424 struct ath_softc *sc = vap->iv_ic->ic_softc; 425 426 /* 427 * Group key allocation must be handled specially for 428 * parts that do not support multicast key cache search 429 * functionality. For those parts the key id must match 430 * the h/w key index so lookups find the right key. On 431 * parts w/ the key search facility we install the sender's 432 * mac address (with the high bit set) and let the hardware 433 * find the key w/o using the key id. This is preferred as 434 * it permits us to support multiple users for adhoc and/or 435 * multi-station operation. 436 */ 437 if (k->wk_keyix != IEEE80211_KEYIX_NONE) { 438 /* 439 * Only global keys should have key index assigned. 440 */ 441 if (!(&vap->iv_nw_keys[0] <= k && 442 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { 443 /* should not happen */ 444 DPRINTF(sc, ATH_DEBUG_KEYCACHE, 445 "%s: bogus group key\n", __func__); 446 return 0; 447 } 448 if (vap->iv_opmode != IEEE80211_M_HOSTAP || 449 !(k->wk_flags & IEEE80211_KEY_GROUP) || 450 !sc->sc_mcastkey) { 451 /* 452 * XXX we pre-allocate the global keys so 453 * have no way to check if they've already 454 * been allocated. 455 */ 456 *keyix = *rxkeyix = k - vap->iv_nw_keys; 457 return 1; 458 } 459 /* 460 * Group key and device supports multicast key search. 461 */ 462 k->wk_keyix = IEEE80211_KEYIX_NONE; 463 } 464 465 /* 466 * We allocate two pair for TKIP when using the h/w to do 467 * the MIC. For everything else, including software crypto, 468 * we allocate a single entry. Note that s/w crypto requires 469 * a pass-through slot on the 5211 and 5212. The 5210 does 470 * not support pass-through cache entries and we map all 471 * those requests to slot 0. 472 */ 473 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) { 474 return key_alloc_single(sc, keyix, rxkeyix); 475 } else if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP && 476 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) { 477 if (sc->sc_splitmic) 478 return key_alloc_2pair(sc, keyix, rxkeyix); 479 else 480 return key_alloc_pair(sc, keyix, rxkeyix); 481 } else { 482 return key_alloc_single(sc, keyix, rxkeyix); 483 } 484 } 485 486 /* 487 * Delete an entry in the key cache allocated by ath_key_alloc. 488 */ 489 int 490 ath_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 491 { 492 struct ath_softc *sc = vap->iv_ic->ic_softc; 493 struct ath_hal *ah = sc->sc_ah; 494 const struct ieee80211_cipher *cip = k->wk_cipher; 495 u_int keyix = k->wk_keyix; 496 497 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: delete key %u\n", __func__, keyix); 498 499 ATH_LOCK(sc); 500 ath_power_set_power_state(sc, HAL_PM_AWAKE); 501 ath_hal_keyreset(ah, keyix); 502 /* 503 * Handle split tx/rx keying required for TKIP with h/w MIC. 504 */ 505 if (cip->ic_cipher == IEEE80211_CIPHER_TKIP && 506 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && sc->sc_splitmic) 507 ath_hal_keyreset(ah, keyix+32); /* RX key */ 508 if (keyix >= IEEE80211_WEP_NKID) { 509 /* 510 * Don't touch keymap entries for global keys so 511 * they are never considered for dynamic allocation. 512 */ 513 clrbit(sc->sc_keymap, keyix); 514 if (cip->ic_cipher == IEEE80211_CIPHER_TKIP && 515 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) { 516 clrbit(sc->sc_keymap, keyix+64); /* TX key MIC */ 517 if (sc->sc_splitmic) { 518 /* +32 for RX key, +32+64 for RX key MIC */ 519 clrbit(sc->sc_keymap, keyix+32); 520 clrbit(sc->sc_keymap, keyix+32+64); 521 } 522 } 523 } 524 ath_power_restore_power_state(sc); 525 ATH_UNLOCK(sc); 526 return 1; 527 } 528 529 /* 530 * Set the key cache contents for the specified key. Key cache 531 * slot(s) must already have been allocated by ath_key_alloc. 532 */ 533 int 534 ath_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) 535 { 536 struct ath_softc *sc = vap->iv_ic->ic_softc; 537 538 return ath_keyset(sc, vap, k, vap->iv_bss); 539 } 540