Commit Graph

32 Commits

Author SHA1 Message Date
adrian
890beb4f2b [net80211] turn the default TX key configuration (for WEP) into a vap callback.
The ath10k firmware supports hardware WEP offload, and in native wifi mode
(or 802.3 ethernet mode, for that matter) the WEP key isn't actually included
in the TX payload from net80211.  Instead, a separate firmware command is issued
that sets the default TX key to be the specified key.

However, net80211 doesn't at all inform the driver layer that this is
occuring - it just "expects" to be inserting WEP header information
when doing WEP TX, even with hardware encryption.

So, to better support the newer world order, turn the default TX key assignment
into a VAP method that can be overridden by the driver and ensure its wrapped
in a crypto begin/end set.  That way it should be correctly atomic from the
point of view of keychanges (as long as the driver does the right thing.)

It'd be nice if we passed through to the key_set call a flag that says
"also make this the default key" - that's captured here by calling the
deftxkey method after the key_set method.  Maybe I can do that later.

Note: this is a net80211 ABI change, and will require a kernel+modules
recompile.  Happy Holidays, etc.

Tested:

* ath10k driver port
* rtwn_usb, WEP station
2016-12-27 06:10:28 +00:00
adrian
aa7c81259d [net80211] start refactoring out the "am I a wep / group key!" code.
This is a bunch of pointer arithmetic that is copypasta'ed everywhere.
Let's undo that copypasta.
2016-12-07 04:02:41 +00:00
adrian
6e8bf3b9a6 [net80211] handle hardware encryption offload in the receive path
* teach the crypto modules about receive offload - although I have
  to do some further reviewing in places where we /can't/ have an RX key
* teach the RX data path about receive offload encryption - check the flag,
  handle NULL key, do decap and checking as appropriate.

Tested:

* iwn(4), STA mode
* ath(4), STA and AP mode
* ath10k port, STA mode (hardware encryption)

Reviewed by:	avos
Differential Revision:	https://reviews.freebsd.org/D8533
2016-11-19 02:00:24 +00:00
adrian
7cd2afe28b [net80211] begin fleshing out new hardware crypto offload features.
* extend the keycache flag word to be 32 bits, not 16 bits
* add new key flags for transmit:
  + IEEE80211_KEY_NOIV: Don't insert IV in the payload when transmitting data frames;
  + IEEE80211_KEY_NOIVMGT:  Don't insert IV in the payload when transmitting MIC frames;
  + IEEE80211_KEY_NOMIC: Don't insert MIC in the payload when transmitting data frames;
  + IEEE80211_KEY_NOMICMGT: don't insert MIC in the payload when transmitting management
    frames.

* teach ieee80211_crypto_demic() about hardware decrypted frames:
  + if frames are hardware decrypted and the frame has failed MIC, treat it as a
     michael failure.
  + if frames are hardware decrypted and the frame has stripped MIC, we can't check the
    MIC in the payload - we don't have anything to compare it against.

This is only part of the work required to successfully transmit/receive
hardware crypto frames such as the qualcomm atheros 11ac offload chips.

There will be further work in the transmit and receive path before this
can be done by default.

Reviewed by:	avos
Differential Revision:	https://reviews.freebsd.org/D8364
2016-11-05 22:41:22 +00:00
avos
c9c85f0b2f net80211: allow to override SWCRYPT/SWMIC bits in the driver
Add IEEE80211_KEY_SWCRYPT / IEEE80211_KEY_SWMIC bits to the
IEEE80211_KEY_DEVICE mask - as a result, those bits will be preserved
during group key handshake.

A driver can override them in iv_key_alloc() for some keys in case
when hardware crypto support is not possible. As an example:
 - multi-vap without multicast key search support;
 - IBSS RSN for devices w/ fixed storage for group keys;

Tested with RTL8188EU (AP, sw crypto) and
RTL8821AU (STA, sw crypto for group keys + hw crypto for pairwise keys)

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D7901
2016-09-15 22:27:00 +00:00
adrian
792bb43e5b net80211: add a possibility to retrieve current TX key without encapsulation.
Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3639
2015-10-03 00:57:33 +00:00
adrian
49776fea0a net80211: add new method for ieee80211_cipher (ic_setiv).
This can be used to update IV state for the caller without adding
information to the mbuf.  Some hardware (eg rum) apparently requires
bits of this.

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3638
2015-10-03 00:50:13 +00:00
adrian
0b352922f5 net80211: separate ieee80211_crypto_get_keyid() from ieee80211_crypto_encap()
Tested:

* rum(4), STA mode
* rsu(4), STA mode
* urtwn(4), STA mode

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3637
2015-10-02 21:25:48 +00:00
bschmidt
3b1f97758a - Introduce IEEE80211_KEY_NOREPLAY, a per-key flag to ignore replay
violations.
- Use SIOCGIFMEDIA to determine VAP's opmode, cache it and set
  IEEE80211_KEY_NOREPLAY for AHDEMO and IBSS.

Approved by:	rpaulo (mentor)
2010-07-01 20:50:12 +00:00
sam
e5dfb90bc3 Correct handling of keys that already have a hardware/device key index:
this was broken in r183248 when the check of wk_keyix was replaced by
a check of IEEE80211_KEY_DEVKEY (because the flag was clobbered).  Define
IEEE80211_KEY_DEVICE to specify flags that are owned by net80211/driver
and use this to preserve IEEE80211_KEY_DEVKEY so we don't ask the driver
for another key index when we already have one.

Testing by:	Daniel Thiele, Wes Morgan
Reviewed by:	rpaulo
Approved by:	re (kib)
2009-07-21 19:36:32 +00:00
sam
ef7ab5a79a add tid param to ieee80211_notify_replay_failure to get the correct rsc 2009-06-05 23:10:30 +00:00
sam
451a1d6071 o add IEEE80211_KEY_BITS for %b printing of wk_flags
o replace hand-rolled code to print wk_flags
o add display of ni_ucastkey in show sta
o fix \n in _db_show_key
2009-02-05 19:20:34 +00:00
sam
61a0b86ec5 o make %b msg bit defines public (to user apps too)
o rename IEEE80211_C_CRYPTO_BITS to IEEE80211_CRYPTO_BITS
2009-01-27 23:00:38 +00:00
sam
bd66e2635f remove extraneous ';' 2008-12-15 22:31:54 +00:00
sam
bc3be4b34c Crypto api changes:
o don't use the key index to identify when the driver has been
  asked to allocate a key slot, use an explicit flag; allows
  drivers to force s/w fallback for entries in the global table
o change callback api to allocate driver resources for a crypto key:
  - de-const the key parameter so drivers can muck with the flags
  - on callback failure don't automatically try to setup s/w crypto;
    instead the driver must now mark the key entry for s/w crypto and
    the caller will re-attach the cipher module

NB: api change permits drivers more control over fallback to s/w
    crypto (e.g. based on a limited number of h/w key slots)
2008-09-21 23:16:19 +00:00
sam
a881f390cd Add ieee80211_crypto_reload_keys to push all keys known
to net80211 back into the device; intended for use on resume
by devices that lose the contents of their h/w key table.
2008-05-28 23:33:29 +00:00
sam
7aa0974e2b Add a mac address to the key definition as otherwise we lose the
address specified in the ioctl and for drivers that need the address
to locate a key (e.g. for delete).

Note this changes net80211-private api's but not the driver callback;
may want to change that in the future.

Reviewed by:	sephe, thompsa
2008-05-28 23:32:00 +00:00
sam
6be5c5b31d Split s/w crypt/mic attributes to allow future hackery; this change
should be a noop.
2008-05-28 23:25:36 +00:00
sam
3569e353ca Multi-bss (aka vap) support for 802.11 devices.
Note this includes changes to all drivers and moves some device firmware
loading to use firmware(9) and a separate module (e.g. ral).  Also there
no longer are separate wlan_scan* modules; this functionality is now
bundled into the wlan module.

Supported by:	Hobnob and Marvell
Reviewed by:	many
Obtained from:	Atheros (some bits)
2008-04-20 20:35:46 +00:00
sam
6a8b18f115 Update 802.11 wireless support:
o major overhaul of the way channels are handled: channels are now
  fully enumerated and uniquely identify the operating characteristics;
  these changes are visible to user applications which require changes
o make scanning support independent of the state machine to enable
  background scanning and roaming
o move scanning support into loadable modules based on the operating
  mode to enable different policies and reduce the memory footprint
  on systems w/ constrained resources
o add background scanning in station mode (no support for adhoc/ibss
  mode yet)
o significantly speedup sta mode scanning with a variety of techniques
o add roaming support when background scanning is supported; for now
  we use a simple algorithm to trigger a roam: we threshold the rssi
  and tx rate, if either drops too low we try to roam to a new ap
o add tx fragmentation support
o add first cut at 802.11n support: this code works with forthcoming
  drivers but is incomplete; it's included now to establish a baseline
  for other drivers to be developed and for user applications
o adjust max_linkhdr et. al. to reflect 802.11 requirements; this eliminates
  prepending mbufs for traffic generated locally
o add support for Atheros protocol extensions; mainly the fast frames
  encapsulation (note this can be used with any card that can tx+rx
  large frames correctly)
o add sta support for ap's that beacon both WPA1+2 support
o change all data types from bsd-style to posix-style
o propagate noise floor data from drivers to net80211 and on to user apps
o correct various issues in the sta mode state machine related to handling
  authentication and association failures
o enable the addition of sta mode power save support for drivers that need
  net80211 support (not in this commit)
o remove old WI compatibility ioctls (wicontrol is officially dead)
o change the data structures returned for get sta info and get scan
  results so future additions will not break user apps
o fixed tx rate is now maintained internally as an ieee rate and not an
  index into the rate set; this needs to be extended to deal with
  multi-mode operation
o add extended channel specifications to radiotap to enable 11n sniffing

Drivers:
o ath: add support for bg scanning, tx fragmentation, fast frames,
       dynamic turbo (lightly tested), 11n (sniffing only and needs
       new hal)
o awi: compile tested only
o ndis: lightly tested
o ipw: lightly tested
o iwi: add support for bg scanning (well tested but may have some
       rough edges)
o ral, ural, rum: add suppoort for bg scanning, calibrate rssi data
o wi: lightly tested

This work is based on contributions by Atheros, kmacy, sephe, thompsa,
mlaier, kevlo, and others.  Much of the scanning work was supported by
Atheros.  The 11n work was supported by Marvell.
2007-06-11 03:36:55 +00:00
sam
d82da159d3 copyright updates:
o update to include 2007
o switch back to a 2-clause bsd-only license

Reviewed by:	onoe
2007-06-06 04:56:04 +00:00
sam
b04c5bd382 add IEEE80211_KEY_UNDEFINED and use it instead of local defs
Obtained from:	netbsd
2007-03-11 06:36:10 +00:00
sam
3215a6e2e3 Split crypto tx+rx key indices and add a key index -> node mapping table:
Crypto changes:
o change driver/net80211 key_alloc api to return tx+rx key indices; a
  driver can leave the rx key index set to IEEE80211_KEYIX_NONE or set
  it to be the same as the tx key index (the former disables use of
  the key index in building the keyix->node mapping table and is the
  default setup for naive drivers by null_key_alloc)
o add cs_max_keyid to crypto state to specify the max h/w key index a
  driver will return; this is used to allocate the key index mapping
  table and to bounds check table loookups
o while here introduce ieee80211_keyix (finally) for the type of a h/w
  key index
o change crypto notifiers for rx failures to pass the rx key index up
  as appropriate (michael failure, replay, etc.)

Node table changes:
o optionally allocate a h/w key index to node mapping table for the
  station table using the max key index setting supplied by drivers
  (note the scan table does not get a map)
o defer node table allocation to lateattach so the driver has a chance
  to set the max key id to size the key index map
o while here also defer the aid bitmap allocation
o add new ieee80211_find_rxnode_withkey api to find a sta/node entry
  on frame receive with an optional h/w key index to use in checking
  mapping table; also updates the map if it does a hash lookup and the
  found node has a rx key index set in the unicast key; note this work
  is separated from the old ieee80211_find_rxnode call so drivers do
  not need to be aware of the new mechanism
o move some node table manipulation under the node table lock to close
  a race on node delete
o add ieee80211_node_delucastkey to do the dirty work of deleting
  unicast key state for a node (deletes any key and handles key map
  references)

Ath driver:
o nuke private sc_keyixmap mechansim in favor of net80211 support
o update key alloc api

These changes close several race conditions for the ath driver operating
in ap mode.  Other drivers should see no change.  Station mode operation
for ath no longer uses the key index map but performance tests show no
noticeable change and this will be fixed when the scan table is eliminated
with the new scanning support.

Tested by:	Michal Mertl, avatar, others
Reviewed by:	avatar, others
MFC after:	2 weeks
2005-08-08 18:46:36 +00:00
sam
6ee6d88916 o fix wpa w/ wme: don't strip the QoS header on recv as tkip requires
it; instead pass the space occupied by the header down into the
  crypto modules (except in the demic case which needs it only when
  doing int in s/w)
o while here fix defrag to strip the header from 2nd and later frames
o teach decap code how to handle 4-address frames
2005-06-10 16:11:24 +00:00
sam
5bab97118d add force flag to enmic/demic crypto api for use in xmit fragmentation
and h/w mic verification

Reviewed by:	avatar
2005-06-06 04:04:38 +00:00
sam
8ace9dabca Revise crypto api lightly to improve group key handling:
o don't pre-assign key index to the global key table entries so device
  has a chance to decide what to use
o make ieee80211_crypto_newkey take the desired flags as an argument
  instead of wacking the key structure directly; this eliminates a
  bunch of code warts
o add a new flag IEEE80211_KEY_GROUP to indicate a key is a WPA Group
  key so devices don't need to guess (temporarily add this flag in the
  ioctl code until we can get wpa_supplicant+hostapd updated)
o shuffle IEEE80211_KEY_* bits to move flags used internally to the high
  nibble of the flags word

Reviewed by:	Tai-hwa Liang
2005-04-12 17:55:13 +00:00
sam
4a61af733a remove extern from function decls 2005-04-04 04:27:20 +00:00
sam
c5bfbdb959 remove netbsd rcsid lines; they are way out of date and we appear to be
diverging too much to make tracking these files worthwhile
2004-12-31 22:44:26 +00:00
sam
14fee97914 bump copyright for 2005 2004-12-31 22:42:38 +00:00
sam
2843bf259e Update 802.11 support; too much new functionality to fully describe
here but it includes completed 802.11g, WPA, 802.11i, 802.1x, WME/WMM,
AP-side power-save, crypto plugin framework, authenticator plugin framework,
and access control plugin frameowrk.
2004-12-08 17:26:47 +00:00
sam
350cc1a8b5 revise copyright notices per discussion with Atsushi Onoe <onoe@sm.sony.co.jp> 2003-06-27 05:13:52 +00:00
sam
505adc686a new 802.11 layer:
o code reorg (relative to old netbsd-derived code) for future growth
o drivers now specify available channels and rates and 802.11 layer handles
  almost all ifmedia actions
o multi-mode support for 11a/b/g devices
o 11g protocol additions (incomplete)
o new element id additions (for other than 11g)
o node/station table redone for proper locking and to eliminate driver
  incestuousness
o split device flags and capabilities to reduce confusion and provide room
  for expansion
o incomplete power management infrastructure (need to revisit)
o incomplete hooks for software retry
o more...
2003-06-23 16:55:01 +00:00