| 1 | /* $NetBSD: ieee80211_crypto.c,v 1.17 2015/08/24 22:21:26 pooka Exp $ */ |
| 2 | /*- |
| 3 | * Copyright (c) 2001 Atsushi Onoe |
| 4 | * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting |
| 5 | * All rights reserved. |
| 6 | * |
| 7 | * Redistribution and use in source and binary forms, with or without |
| 8 | * modification, are permitted provided that the following conditions |
| 9 | * are met: |
| 10 | * 1. Redistributions of source code must retain the above copyright |
| 11 | * notice, this list of conditions and the following disclaimer. |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in the |
| 14 | * documentation and/or other materials provided with the distribution. |
| 15 | * 3. The name of the author may not be used to endorse or promote products |
| 16 | * derived from this software without specific prior written permission. |
| 17 | * |
| 18 | * Alternatively, this software may be distributed under the terms of the |
| 19 | * GNU General Public License ("GPL") version 2 as published by the Free |
| 20 | * Software Foundation. |
| 21 | * |
| 22 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| 23 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| 24 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| 25 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| 26 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 27 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 28 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 29 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 30 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 31 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 32 | */ |
| 33 | |
| 34 | #include <sys/cdefs.h> |
| 35 | #ifdef __FreeBSD__ |
| 36 | __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $" ); |
| 37 | #endif |
| 38 | #ifdef __NetBSD__ |
| 39 | __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.17 2015/08/24 22:21:26 pooka Exp $" ); |
| 40 | #endif |
| 41 | |
| 42 | #ifdef _KERNEL_OPT |
| 43 | #include "opt_inet.h" |
| 44 | #endif |
| 45 | |
| 46 | /* |
| 47 | * IEEE 802.11 generic crypto support. |
| 48 | */ |
| 49 | #include <sys/param.h> |
| 50 | #include <sys/mbuf.h> |
| 51 | |
| 52 | #include <sys/socket.h> |
| 53 | #include <sys/sockio.h> |
| 54 | #include <sys/endian.h> |
| 55 | #include <sys/errno.h> |
| 56 | #include <sys/proc.h> |
| 57 | #include <sys/sysctl.h> |
| 58 | |
| 59 | #include <net/if.h> |
| 60 | #include <net/if_media.h> |
| 61 | #include <net/if_arp.h> |
| 62 | #include <net/if_ether.h> |
| 63 | #include <net/if_llc.h> |
| 64 | |
| 65 | #include <net80211/ieee80211_netbsd.h> |
| 66 | #include <net80211/ieee80211_var.h> |
| 67 | |
| 68 | /* |
| 69 | * Table of registered cipher modules. |
| 70 | */ |
| 71 | static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; |
| 72 | |
| 73 | #ifdef INET |
| 74 | #include <netinet/in.h> |
| 75 | #include <net/if_ether.h> |
| 76 | #endif |
| 77 | |
| 78 | static int _ieee80211_crypto_delkey(struct ieee80211com *, |
| 79 | struct ieee80211_key *); |
| 80 | |
| 81 | /* |
| 82 | * Default "null" key management routines. |
| 83 | */ |
| 84 | static int |
| 85 | null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, |
| 86 | ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) |
| 87 | { |
| 88 | if (!(&ic->ic_nw_keys[0] <= k && |
| 89 | k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) { |
| 90 | /* |
| 91 | * Not in the global key table, the driver should handle this |
| 92 | * by allocating a slot in the h/w key table/cache. In |
| 93 | * lieu of that return key slot 0 for any unicast key |
| 94 | * request. We disallow the request if this is a group key. |
| 95 | * This default policy does the right thing for legacy hardware |
| 96 | * with a 4 key table. It also handles devices that pass |
| 97 | * packets through untouched when marked with the WEP bit |
| 98 | * and key index 0. |
| 99 | */ |
| 100 | if (k->wk_flags & IEEE80211_KEY_GROUP) |
| 101 | return 0; |
| 102 | *keyix = 0; /* NB: use key index 0 for ucast key */ |
| 103 | } else { |
| 104 | *keyix = k - ic->ic_nw_keys; |
| 105 | } |
| 106 | *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ |
| 107 | return 1; |
| 108 | } |
| 109 | static int |
| 110 | null_key_delete(struct ieee80211com *ic, |
| 111 | const struct ieee80211_key *k) |
| 112 | { |
| 113 | return 1; |
| 114 | } |
| 115 | static int |
| 116 | null_key_set(struct ieee80211com *ic, |
| 117 | const struct ieee80211_key *k, |
| 118 | const u_int8_t mac[IEEE80211_ADDR_LEN]) |
| 119 | { |
| 120 | return 1; |
| 121 | } |
| 122 | static void null_key_update(struct ieee80211com *ic) {} |
| 123 | |
| 124 | /* |
| 125 | * Write-arounds for common operations. |
| 126 | */ |
| 127 | static __inline void |
| 128 | cipher_detach(struct ieee80211_key *key) |
| 129 | { |
| 130 | key->wk_cipher->ic_detach(key); |
| 131 | } |
| 132 | |
| 133 | /* |
| 134 | * Wrappers for driver key management methods. |
| 135 | */ |
| 136 | static __inline int |
| 137 | dev_key_alloc(struct ieee80211com *ic, |
| 138 | const struct ieee80211_key *key, |
| 139 | ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) |
| 140 | { |
| 141 | return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); |
| 142 | } |
| 143 | |
| 144 | static __inline int |
| 145 | dev_key_delete(struct ieee80211com *ic, |
| 146 | const struct ieee80211_key *key) |
| 147 | { |
| 148 | return ic->ic_crypto.cs_key_delete(ic, key); |
| 149 | } |
| 150 | |
| 151 | static __inline int |
| 152 | dev_key_set(struct ieee80211com *ic, const struct ieee80211_key *key, |
| 153 | const u_int8_t mac[IEEE80211_ADDR_LEN]) |
| 154 | { |
| 155 | return ic->ic_crypto.cs_key_set(ic, key, mac); |
| 156 | } |
| 157 | |
| 158 | /* |
| 159 | * Setup crypto support. |
| 160 | */ |
| 161 | void |
| 162 | ieee80211_crypto_attach(struct ieee80211com *ic) |
| 163 | { |
| 164 | struct ieee80211_crypto_state *cs = &ic->ic_crypto; |
| 165 | int i; |
| 166 | |
| 167 | /* NB: we assume everything is pre-zero'd */ |
| 168 | cs->cs_def_txkey = IEEE80211_KEYIX_NONE; |
| 169 | cs->cs_max_keyix = IEEE80211_WEP_NKID; |
| 170 | ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none; |
| 171 | for (i = 0; i < IEEE80211_WEP_NKID; i++) |
| 172 | ieee80211_crypto_resetkey(ic, &cs->cs_nw_keys[i], |
| 173 | IEEE80211_KEYIX_NONE); |
| 174 | /* |
| 175 | * Initialize the driver key support routines to noop entries. |
| 176 | * This is useful especially for the cipher test modules. |
| 177 | */ |
| 178 | cs->cs_key_alloc = null_key_alloc; |
| 179 | cs->cs_key_set = null_key_set; |
| 180 | cs->cs_key_delete = null_key_delete; |
| 181 | cs->cs_key_update_begin = null_key_update; |
| 182 | cs->cs_key_update_end = null_key_update; |
| 183 | } |
| 184 | |
| 185 | /* |
| 186 | * Teardown crypto support. |
| 187 | */ |
| 188 | void |
| 189 | ieee80211_crypto_detach(struct ieee80211com *ic) |
| 190 | { |
| 191 | ieee80211_crypto_delglobalkeys(ic); |
| 192 | } |
| 193 | |
| 194 | /* |
| 195 | * Register a crypto cipher module. |
| 196 | */ |
| 197 | void |
| 198 | ieee80211_crypto_register(const struct ieee80211_cipher *cip) |
| 199 | { |
| 200 | if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { |
| 201 | printf("%s: cipher %s has an invalid cipher index %u\n" , |
| 202 | __func__, cip->ic_name, cip->ic_cipher); |
| 203 | return; |
| 204 | } |
| 205 | if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { |
| 206 | printf("%s: cipher %s registered with a different template\n" , |
| 207 | __func__, cip->ic_name); |
| 208 | return; |
| 209 | } |
| 210 | ciphers[cip->ic_cipher] = cip; |
| 211 | } |
| 212 | |
| 213 | /* |
| 214 | * Unregister a crypto cipher module. |
| 215 | */ |
| 216 | void |
| 217 | ieee80211_crypto_unregister(const struct ieee80211_cipher *cip) |
| 218 | { |
| 219 | if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { |
| 220 | printf("%s: cipher %s has an invalid cipher index %u\n" , |
| 221 | __func__, cip->ic_name, cip->ic_cipher); |
| 222 | return; |
| 223 | } |
| 224 | if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { |
| 225 | printf("%s: cipher %s registered with a different template\n" , |
| 226 | __func__, cip->ic_name); |
| 227 | return; |
| 228 | } |
| 229 | /* NB: don't complain about not being registered */ |
| 230 | /* XXX disallow if references */ |
| 231 | ciphers[cip->ic_cipher] = NULL; |
| 232 | } |
| 233 | |
| 234 | int |
| 235 | ieee80211_crypto_available(u_int cipher) |
| 236 | { |
| 237 | return cipher < IEEE80211_CIPHER_MAX && ciphers[cipher] != NULL; |
| 238 | } |
| 239 | |
| 240 | /* XXX well-known names! */ |
| 241 | static const char *cipher_modnames[] = { |
| 242 | "wlan_wep" , /* IEEE80211_CIPHER_WEP */ |
| 243 | "wlan_tkip" , /* IEEE80211_CIPHER_TKIP */ |
| 244 | "wlan_aes_ocb" , /* IEEE80211_CIPHER_AES_OCB */ |
| 245 | "wlan_ccmp" , /* IEEE80211_CIPHER_AES_CCM */ |
| 246 | "wlan_ckip" , /* IEEE80211_CIPHER_CKIP */ |
| 247 | }; |
| 248 | |
| 249 | /* |
| 250 | * Establish a relationship between the specified key and cipher |
| 251 | * and, if necessary, allocate a hardware index from the driver. |
| 252 | * Note that when a fixed key index is required it must be specified |
| 253 | * and we blindly assign it w/o consulting the driver (XXX). |
| 254 | * |
| 255 | * This must be the first call applied to a key; all the other key |
| 256 | * routines assume wk_cipher is setup. |
| 257 | * |
| 258 | * Locking must be handled by the caller using: |
| 259 | * ieee80211_key_update_begin(ic); |
| 260 | * ieee80211_key_update_end(ic); |
| 261 | */ |
| 262 | int |
| 263 | ieee80211_crypto_newkey(struct ieee80211com *ic, |
| 264 | int cipher, int flags, struct ieee80211_key *key) |
| 265 | { |
| 266 | #define N(a) (sizeof(a) / sizeof(a[0])) |
| 267 | const struct ieee80211_cipher *cip; |
| 268 | ieee80211_keyix keyix, rxkeyix; |
| 269 | void *keyctx; |
| 270 | int oflags; |
| 271 | |
| 272 | /* |
| 273 | * Validate cipher and set reference to cipher routines. |
| 274 | */ |
| 275 | if (cipher >= IEEE80211_CIPHER_MAX) { |
| 276 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 277 | "%s: invalid cipher %u\n" , __func__, cipher); |
| 278 | ic->ic_stats.is_crypto_badcipher++; |
| 279 | return 0; |
| 280 | } |
| 281 | cip = ciphers[cipher]; |
| 282 | if (cip == NULL) { |
| 283 | /* |
| 284 | * Auto-load cipher module if we have a well-known name |
| 285 | * for it. It might be better to use string names rather |
| 286 | * than numbers and craft a module name based on the cipher |
| 287 | * name; e.g. wlan_cipher_<cipher-name>. |
| 288 | */ |
| 289 | if (cipher < N(cipher_modnames)) { |
| 290 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 291 | "%s: unregistered cipher %u, load module %s\n" , |
| 292 | __func__, cipher, cipher_modnames[cipher]); |
| 293 | ieee80211_load_module(cipher_modnames[cipher]); |
| 294 | /* |
| 295 | * If cipher module loaded it should immediately |
| 296 | * call ieee80211_crypto_register which will fill |
| 297 | * in the entry in the ciphers array. |
| 298 | */ |
| 299 | cip = ciphers[cipher]; |
| 300 | } |
| 301 | if (cip == NULL) { |
| 302 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 303 | "%s: unable to load cipher %u, module %s\n" , |
| 304 | __func__, cipher, |
| 305 | cipher < N(cipher_modnames) ? |
| 306 | cipher_modnames[cipher] : "<unknown>" ); |
| 307 | ic->ic_stats.is_crypto_nocipher++; |
| 308 | return 0; |
| 309 | } |
| 310 | } |
| 311 | |
| 312 | oflags = key->wk_flags; |
| 313 | flags &= IEEE80211_KEY_COMMON; |
| 314 | /* |
| 315 | * If the hardware does not support the cipher then |
| 316 | * fallback to a host-based implementation. |
| 317 | */ |
| 318 | if ((ic->ic_caps & (1<<cipher)) == 0) { |
| 319 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 320 | "%s: no h/w support for cipher %s, falling back to s/w\n" , |
| 321 | __func__, cip->ic_name); |
| 322 | flags |= IEEE80211_KEY_SWCRYPT; |
| 323 | } |
| 324 | /* |
| 325 | * Hardware TKIP with software MIC is an important |
| 326 | * combination; we handle it by flagging each key, |
| 327 | * the cipher modules honor it. |
| 328 | */ |
| 329 | if (cipher == IEEE80211_CIPHER_TKIP && |
| 330 | (ic->ic_caps & IEEE80211_C_TKIPMIC) == 0) { |
| 331 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 332 | "%s: no h/w support for TKIP MIC, falling back to s/w\n" , |
| 333 | __func__); |
| 334 | flags |= IEEE80211_KEY_SWMIC; |
| 335 | } |
| 336 | |
| 337 | /* |
| 338 | * Bind cipher to key instance. Note we do this |
| 339 | * after checking the device capabilities so the |
| 340 | * cipher module can optimize space usage based on |
| 341 | * whether or not it needs to do the cipher work. |
| 342 | */ |
| 343 | if (key->wk_cipher != cip || key->wk_flags != flags) { |
| 344 | again: |
| 345 | /* |
| 346 | * Fillin the flags so cipher modules can see s/w |
| 347 | * crypto requirements and potentially allocate |
| 348 | * different state and/or attach different method |
| 349 | * pointers. |
| 350 | * |
| 351 | * XXX this is not right when s/w crypto fallback |
| 352 | * fails and we try to restore previous state. |
| 353 | */ |
| 354 | key->wk_flags = flags; |
| 355 | keyctx = cip->ic_attach(ic, key); |
| 356 | if (keyctx == NULL) { |
| 357 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 358 | "%s: unable to attach cipher %s\n" , |
| 359 | __func__, cip->ic_name); |
| 360 | key->wk_flags = oflags; /* restore old flags */ |
| 361 | ic->ic_stats.is_crypto_attachfail++; |
| 362 | return 0; |
| 363 | } |
| 364 | cipher_detach(key); |
| 365 | key->wk_cipher = cip; /* XXX refcnt? */ |
| 366 | key->wk_private = keyctx; |
| 367 | } |
| 368 | /* |
| 369 | * Commit to requested usage so driver can see the flags. |
| 370 | */ |
| 371 | key->wk_flags = flags; |
| 372 | |
| 373 | /* |
| 374 | * Ask the driver for a key index if we don't have one. |
| 375 | * Note that entries in the global key table always have |
| 376 | * an index; this means it's safe to call this routine |
| 377 | * for these entries just to setup the reference to the |
| 378 | * cipher template. Note also that when using software |
| 379 | * crypto we also call the driver to give us a key index. |
| 380 | */ |
| 381 | if (key->wk_keyix == IEEE80211_KEYIX_NONE) { |
| 382 | if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) { |
| 383 | /* |
| 384 | * Driver has no room; fallback to doing crypto |
| 385 | * in the host. We change the flags and start the |
| 386 | * procedure over. If we get back here then there's |
| 387 | * no hope and we bail. Note that this can leave |
| 388 | * the key in a inconsistent state if the caller |
| 389 | * continues to use it. |
| 390 | */ |
| 391 | if ((key->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) { |
| 392 | ic->ic_stats.is_crypto_swfallback++; |
| 393 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 394 | "%s: no h/w resources for cipher %s, " |
| 395 | "falling back to s/w\n" , __func__, |
| 396 | cip->ic_name); |
| 397 | oflags = key->wk_flags; |
| 398 | flags |= IEEE80211_KEY_SWCRYPT; |
| 399 | if (cipher == IEEE80211_CIPHER_TKIP) |
| 400 | flags |= IEEE80211_KEY_SWMIC; |
| 401 | goto again; |
| 402 | } |
| 403 | ic->ic_stats.is_crypto_keyfail++; |
| 404 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 405 | "%s: unable to setup cipher %s\n" , |
| 406 | __func__, cip->ic_name); |
| 407 | return 0; |
| 408 | } |
| 409 | key->wk_keyix = keyix; |
| 410 | key->wk_rxkeyix = rxkeyix; |
| 411 | } |
| 412 | return 1; |
| 413 | #undef N |
| 414 | } |
| 415 | |
| 416 | /* |
| 417 | * Remove the key (no locking, for internal use). |
| 418 | */ |
| 419 | static int |
| 420 | _ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) |
| 421 | { |
| 422 | ieee80211_keyix keyix; |
| 423 | |
| 424 | IASSERT(key->wk_cipher != NULL, ("No cipher!" )); |
| 425 | |
| 426 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 427 | "%s: %s keyix %u flags 0x%x rsc %ju tsc %ju len %u\n" , |
| 428 | __func__, key->wk_cipher->ic_name, |
| 429 | key->wk_keyix, key->wk_flags, |
| 430 | key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); |
| 431 | |
| 432 | keyix = key->wk_keyix; |
| 433 | if (keyix != IEEE80211_KEYIX_NONE) { |
| 434 | /* |
| 435 | * Remove hardware entry. |
| 436 | */ |
| 437 | /* XXX key cache */ |
| 438 | if (!dev_key_delete(ic, key)) { |
| 439 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 440 | "%s: driver did not delete key index %u\n" , |
| 441 | __func__, keyix); |
| 442 | ic->ic_stats.is_crypto_delkey++; |
| 443 | /* XXX recovery? */ |
| 444 | } |
| 445 | } |
| 446 | cipher_detach(key); |
| 447 | memset(key, 0, sizeof(*key)); |
| 448 | ieee80211_crypto_resetkey(ic, key, IEEE80211_KEYIX_NONE); |
| 449 | return 1; |
| 450 | } |
| 451 | |
| 452 | /* |
| 453 | * Remove the specified key. |
| 454 | */ |
| 455 | int |
| 456 | ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) |
| 457 | { |
| 458 | int status; |
| 459 | |
| 460 | ieee80211_key_update_begin(ic); |
| 461 | status = _ieee80211_crypto_delkey(ic, key); |
| 462 | ieee80211_key_update_end(ic); |
| 463 | return status; |
| 464 | } |
| 465 | |
| 466 | /* |
| 467 | * Clear the global key table. |
| 468 | */ |
| 469 | void |
| 470 | ieee80211_crypto_delglobalkeys(struct ieee80211com *ic) |
| 471 | { |
| 472 | int i; |
| 473 | |
| 474 | ieee80211_key_update_begin(ic); |
| 475 | for (i = 0; i < IEEE80211_WEP_NKID; i++) |
| 476 | (void) _ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]); |
| 477 | ieee80211_key_update_end(ic); |
| 478 | } |
| 479 | |
| 480 | /* |
| 481 | * Set the contents of the specified key. |
| 482 | * |
| 483 | * Locking must be handled by the caller using: |
| 484 | * ieee80211_key_update_begin(ic); |
| 485 | * ieee80211_key_update_end(ic); |
| 486 | */ |
| 487 | int |
| 488 | ieee80211_crypto_setkey(struct ieee80211com *ic, struct ieee80211_key *key, |
| 489 | const u_int8_t macaddr[IEEE80211_ADDR_LEN]) |
| 490 | { |
| 491 | const struct ieee80211_cipher *cip = key->wk_cipher; |
| 492 | |
| 493 | IASSERT(cip != NULL, ("No cipher!" )); |
| 494 | |
| 495 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 496 | "%s: %s keyix %u flags 0x%x mac %s rsc %ju tsc %ju len %u\n" , |
| 497 | __func__, cip->ic_name, key->wk_keyix, |
| 498 | key->wk_flags, ether_sprintf(macaddr), |
| 499 | key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); |
| 500 | |
| 501 | /* |
| 502 | * Give cipher a chance to validate key contents. |
| 503 | * XXX should happen before modifying state. |
| 504 | */ |
| 505 | if (!cip->ic_setkey(key)) { |
| 506 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 507 | "%s: cipher %s rejected key index %u len %u flags 0x%x\n" , |
| 508 | __func__, cip->ic_name, key->wk_keyix, |
| 509 | key->wk_keylen, key->wk_flags); |
| 510 | ic->ic_stats.is_crypto_setkey_cipher++; |
| 511 | return 0; |
| 512 | } |
| 513 | if (key->wk_keyix == IEEE80211_KEYIX_NONE) { |
| 514 | /* XXX nothing allocated, should not happen */ |
| 515 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 516 | "%s: no key index; should not happen!\n" , __func__); |
| 517 | ic->ic_stats.is_crypto_setkey_nokey++; |
| 518 | return 0; |
| 519 | } |
| 520 | return dev_key_set(ic, key, macaddr); |
| 521 | } |
| 522 | |
| 523 | /* |
| 524 | * Add privacy headers appropriate for the specified key. |
| 525 | */ |
| 526 | struct ieee80211_key * |
| 527 | ieee80211_crypto_encap(struct ieee80211com *ic, |
| 528 | struct ieee80211_node *ni, struct mbuf *m) |
| 529 | { |
| 530 | struct ieee80211_key *k; |
| 531 | struct ieee80211_frame *wh; |
| 532 | const struct ieee80211_cipher *cip; |
| 533 | u_int8_t keyid; |
| 534 | |
| 535 | /* |
| 536 | * Multicast traffic always uses the multicast key. |
| 537 | * Otherwise if a unicast key is set we use that and |
| 538 | * it is always key index 0. When no unicast key is |
| 539 | * set we fall back to the default transmit key. |
| 540 | */ |
| 541 | wh = mtod(m, struct ieee80211_frame *); |
| 542 | if (IEEE80211_IS_MULTICAST(wh->i_addr1) || |
| 543 | ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { |
| 544 | if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE) { |
| 545 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 546 | "[%s] no default transmit key (%s) deftxkey %u\n" , |
| 547 | ether_sprintf(wh->i_addr1), __func__, |
| 548 | ic->ic_def_txkey); |
| 549 | ic->ic_stats.is_tx_nodefkey++; |
| 550 | return NULL; |
| 551 | } |
| 552 | keyid = ic->ic_def_txkey; |
| 553 | k = &ic->ic_nw_keys[ic->ic_def_txkey]; |
| 554 | } else { |
| 555 | keyid = 0; |
| 556 | k = &ni->ni_ucastkey; |
| 557 | } |
| 558 | cip = k->wk_cipher; |
| 559 | return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); |
| 560 | } |
| 561 | |
| 562 | /* |
| 563 | * Validate and strip privacy headers (and trailer) for a |
| 564 | * received frame that has the WEP/Privacy bit set. |
| 565 | */ |
| 566 | struct ieee80211_key * |
| 567 | ieee80211_crypto_decap(struct ieee80211com *ic, |
| 568 | struct ieee80211_node *ni, struct mbuf *m, int hdrlen) |
| 569 | { |
| 570 | #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) |
| 571 | #define IEEE80211_WEP_MINLEN \ |
| 572 | (sizeof(struct ieee80211_frame) + \ |
| 573 | IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN) |
| 574 | struct ieee80211_key *k; |
| 575 | struct ieee80211_frame *wh; |
| 576 | const struct ieee80211_cipher *cip; |
| 577 | u_int8_t keyid; |
| 578 | |
| 579 | /* NB: this minimum size data frame could be bigger */ |
| 580 | if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) { |
| 581 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, |
| 582 | "%s: WEP data frame too short, len %u\n" , |
| 583 | __func__, m->m_pkthdr.len); |
| 584 | ic->ic_stats.is_rx_tooshort++; /* XXX need unique stat? */ |
| 585 | return NULL; |
| 586 | } |
| 587 | |
| 588 | /* |
| 589 | * Locate the key. If unicast and there is no unicast |
| 590 | * key then we fall back to the key id in the header. |
| 591 | * This assumes unicast keys are only configured when |
| 592 | * the key id in the header is meaningless (typically 0). |
| 593 | */ |
| 594 | wh = mtod(m, struct ieee80211_frame *); |
| 595 | m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid); |
| 596 | if (IEEE80211_IS_MULTICAST(wh->i_addr1) || |
| 597 | ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) |
| 598 | k = &ic->ic_nw_keys[keyid >> 6]; |
| 599 | else |
| 600 | k = &ni->ni_ucastkey; |
| 601 | |
| 602 | /* |
| 603 | * Insure crypto header is contiguous for all decap work. |
| 604 | */ |
| 605 | cip = k->wk_cipher; |
| 606 | if (m->m_len < hdrlen + cip->ic_header && |
| 607 | (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { |
| 608 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
| 609 | "[%s] unable to pullup %s header\n" , |
| 610 | ether_sprintf(wh->i_addr2), cip->ic_name); |
| 611 | ic->ic_stats.is_rx_wepfail++; /* XXX */ |
| 612 | return NULL; |
| 613 | } |
| 614 | |
| 615 | return (cip->ic_decap(k, m, hdrlen) ? k : NULL); |
| 616 | #undef IEEE80211_WEP_MINLEN |
| 617 | #undef IEEE80211_WEP_HDRLEN |
| 618 | } |
| 619 | |