ieee80211_crypto.c revision 1.23.2.4
1 /* $NetBSD: ieee80211_crypto.c,v 1.23.2.4 2019/06/10 22:09:46 christos Exp $ */ 2 3 /*- 4 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 5 * 6 * Copyright (c) 2001 Atsushi Onoe 7 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <sys/cdefs.h> 32 #ifdef __NetBSD__ 33 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.23.2.4 2019/06/10 22:09:46 christos Exp $"); 34 #endif 35 36 /* 37 * IEEE 802.11 generic crypto support. 38 */ 39 #ifdef _KERNEL_OPT 40 #include "opt_wlan.h" 41 #endif 42 43 #include <sys/param.h> 44 #include <sys/kernel.h> 45 #include <sys/malloc.h> 46 #include <sys/mbuf.h> 47 48 #include <sys/socket.h> 49 50 #include <net/if.h> 51 #include <net/if_media.h> 52 #if __FreeBSD__ 53 #include <net/ethernet.h> /* XXX ETHER_HDR_LEN */ 54 #endif 55 #if __NetBSD__ 56 #include <net/if_ether.h> 57 #include <net/route.h> 58 #endif 59 60 #include <net80211/ieee80211_var.h> 61 62 #ifdef __NetBSD__ 63 #undef KASSERT 64 #define KASSERT(__cond, __complaint) FBSDKASSERT(__cond, __complaint) 65 #endif 66 67 MALLOC_DEFINE(M_80211_CRYPTO, "80211crypto", "802.11 crypto state"); 68 69 static int _ieee80211_crypto_delkey(struct ieee80211vap *, 70 struct ieee80211_key *); 71 72 /* 73 * Table of registered cipher modules. 74 */ 75 static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; 76 77 /* 78 * Default "null" key management routines. 79 */ 80 static int 81 null_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, 82 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) 83 { 84 if (!(&vap->iv_nw_keys[0] <= k && 85 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { 86 /* 87 * Not in the global key table, the driver should handle this 88 * by allocating a slot in the h/w key table/cache. In 89 * lieu of that return key slot 0 for any unicast key 90 * request. We disallow the request if this is a group key. 91 * This default policy does the right thing for legacy hardware 92 * with a 4 key table. It also handles devices that pass 93 * packets through untouched when marked with the WEP bit 94 * and key index 0. 95 */ 96 if (k->wk_flags & IEEE80211_KEY_GROUP) 97 return 0; 98 *keyix = 0; /* NB: use key index 0 for ucast key */ 99 } else { 100 *keyix = ieee80211_crypto_get_key_wepidx(vap, k); 101 } 102 *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ 103 return 1; 104 } 105 static int 106 null_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) 107 { 108 return 1; 109 } 110 static int 111 null_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) 112 { 113 return 1; 114 } 115 static void null_key_update(struct ieee80211vap *vap) {} 116 117 /* 118 * Write-arounds for common operations. 119 */ 120 static __inline void 121 cipher_detach(struct ieee80211_key *key) 122 { 123 key->wk_cipher->ic_detach(key); 124 } 125 126 static __inline void * 127 cipher_attach(struct ieee80211vap *vap, struct ieee80211_key *key) 128 { 129 return key->wk_cipher->ic_attach(vap, key); 130 } 131 132 /* 133 * Wrappers for driver key management methods. 134 */ 135 static __inline int 136 dev_key_alloc(struct ieee80211vap *vap, 137 struct ieee80211_key *key, 138 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) 139 { 140 return vap->iv_key_alloc(vap, key, keyix, rxkeyix); 141 } 142 143 static __inline int 144 dev_key_delete(struct ieee80211vap *vap, 145 const struct ieee80211_key *key) 146 { 147 return vap->iv_key_delete(vap, key); 148 } 149 150 static __inline int 151 dev_key_set(struct ieee80211vap *vap, const struct ieee80211_key *key) 152 { 153 return vap->iv_key_set(vap, key); 154 } 155 156 /* 157 * Setup crypto support for a device/shared instance. 158 */ 159 void 160 ieee80211_crypto_attach(struct ieee80211com *ic) 161 { 162 /* NB: we assume everything is pre-zero'd */ 163 ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none; 164 } 165 166 /* 167 * Teardown crypto support. 168 */ 169 void 170 ieee80211_crypto_detach(struct ieee80211com *ic) 171 { 172 } 173 174 /* 175 * Setup crypto support for a vap. 176 */ 177 void 178 ieee80211_crypto_vattach(struct ieee80211vap *vap) 179 { 180 int i; 181 182 /* NB: we assume everything is pre-zero'd */ 183 vap->iv_max_keyix = IEEE80211_WEP_NKID; 184 vap->iv_def_txkey = IEEE80211_KEYIX_NONE; 185 for (i = 0; i < IEEE80211_WEP_NKID; i++) 186 ieee80211_crypto_resetkey(vap, &vap->iv_nw_keys[i], 187 IEEE80211_KEYIX_NONE); 188 /* 189 * Initialize the driver key support routines to noop entries. 190 * This is useful especially for the cipher test modules. 191 */ 192 vap->iv_key_alloc = null_key_alloc; 193 vap->iv_key_set = null_key_set; 194 vap->iv_key_delete = null_key_delete; 195 vap->iv_key_update_begin = null_key_update; 196 vap->iv_key_update_end = null_key_update; 197 } 198 199 /* 200 * Teardown crypto support for a vap. 201 */ 202 void 203 ieee80211_crypto_vdetach(struct ieee80211vap *vap) 204 { 205 ieee80211_crypto_delglobalkeys(vap); 206 } 207 208 /* 209 * Register a crypto cipher module. 210 */ 211 void 212 ieee80211_crypto_register(const struct ieee80211_cipher *cip) 213 { 214 if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { 215 printf("%s: cipher %s has an invalid cipher index %u\n", 216 __func__, cip->ic_name, cip->ic_cipher); 217 return; 218 } 219 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { 220 printf("%s: cipher %s registered with a different template\n", 221 __func__, cip->ic_name); 222 return; 223 } 224 ciphers[cip->ic_cipher] = cip; 225 } 226 227 /* 228 * Unregister a crypto cipher module. 229 */ 230 void 231 ieee80211_crypto_unregister(const struct ieee80211_cipher *cip) 232 { 233 if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { 234 printf("%s: cipher %s has an invalid cipher index %u\n", 235 __func__, cip->ic_name, cip->ic_cipher); 236 return; 237 } 238 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { 239 printf("%s: cipher %s registered with a different template\n", 240 __func__, cip->ic_name); 241 return; 242 } 243 /* NB: don't complain about not being registered */ 244 /* XXX disallow if references */ 245 ciphers[cip->ic_cipher] = NULL; 246 } 247 248 int 249 ieee80211_crypto_available(u_int cipher) 250 { 251 return cipher < IEEE80211_CIPHER_MAX && ciphers[cipher] != NULL; 252 } 253 254 #if __FreeBSD__ 255 /* XXX well-known names! */ 256 static const char *cipher_modnames[IEEE80211_CIPHER_MAX] = { 257 [IEEE80211_CIPHER_WEP] = "wlan_wep", 258 [IEEE80211_CIPHER_TKIP] = "wlan_tkip", 259 [IEEE80211_CIPHER_AES_OCB] = "wlan_aes_ocb", 260 [IEEE80211_CIPHER_AES_CCM] = "wlan_ccmp", 261 [IEEE80211_CIPHER_TKIPMIC] = "#4", /* NB: reserved */ 262 [IEEE80211_CIPHER_CKIP] = "wlan_ckip", 263 [IEEE80211_CIPHER_NONE] = "wlan_none", 264 }; 265 #endif 266 267 /* NB: there must be no overlap between user-supplied and device-owned flags */ 268 CTASSERT((IEEE80211_KEY_COMMON & IEEE80211_KEY_DEVICE) == 0); 269 270 /* 271 * Establish a relationship between the specified key and cipher 272 * and, if necessary, allocate a hardware index from the driver. 273 * Note that when a fixed key index is required it must be specified. 274 * 275 * This must be the first call applied to a key; all the other key 276 * routines assume wk_cipher is setup. 277 * 278 * Locking must be handled by the caller using: 279 * ieee80211_key_update_begin(vap); 280 * ieee80211_key_update_end(vap); 281 */ 282 int 283 ieee80211_crypto_newkey(struct ieee80211vap *vap, 284 int cipher, int flags, struct ieee80211_key *key) 285 { 286 struct ieee80211com *ic = vap->iv_ic; 287 const struct ieee80211_cipher *cip; 288 ieee80211_keyix keyix, rxkeyix; 289 void *keyctx; 290 int oflags; 291 292 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 293 "%s: cipher %u flags 0x%x keyix %u\n", 294 __func__, cipher, flags, key->wk_keyix); 295 296 /* 297 * Validate cipher and set reference to cipher routines. 298 */ 299 if (cipher >= IEEE80211_CIPHER_MAX) { 300 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 301 "%s: invalid cipher %u\n", __func__, cipher); 302 vap->iv_stats.is_crypto_badcipher++; 303 return 0; 304 } 305 cip = ciphers[cipher]; 306 if (cip == NULL) { 307 #if __FreeBSD__ 308 /* 309 * Auto-load cipher module if we have a well-known name 310 * for it. It might be better to use string names rather 311 * than numbers and craft a module name based on the cipher 312 * name; e.g. wlan_cipher_<cipher-name>. 313 */ 314 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 315 "%s: unregistered cipher %u, load module %s\n", 316 __func__, cipher, cipher_modnames[cipher]); 317 ieee80211_load_module(cipher_modnames[cipher]); 318 /* 319 * If cipher module loaded it should immediately 320 * call ieee80211_crypto_register which will fill 321 * in the entry in the ciphers array. 322 */ 323 cip = ciphers[cipher]; 324 if (cip == NULL) { 325 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 326 "%s: unable to load cipher %u, module %s\n", 327 __func__, cipher, cipher_modnames[cipher]); 328 vap->iv_stats.is_crypto_nocipher++; 329 return 0; 330 } 331 #else 332 panic("wlan_cipher not usable."); /* NNN NetBSD modules? */ 333 #endif 334 } 335 336 oflags = key->wk_flags; 337 flags &= IEEE80211_KEY_COMMON; 338 /* NB: preserve device attributes */ 339 flags |= (oflags & IEEE80211_KEY_DEVICE); 340 /* 341 * If the hardware does not support the cipher then 342 * fallback to a host-based implementation. 343 */ 344 if ((ic->ic_cryptocaps & (1<<cipher)) == 0) { 345 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 346 "%s: no h/w support for cipher %s, falling back to s/w\n", 347 __func__, cip->ic_name); 348 flags |= IEEE80211_KEY_SWCRYPT; 349 } 350 /* 351 * Hardware TKIP with software MIC is an important 352 * combination; we handle it by flagging each key, 353 * the cipher modules honor it. 354 */ 355 if (cipher == IEEE80211_CIPHER_TKIP && 356 (ic->ic_cryptocaps & IEEE80211_CRYPTO_TKIPMIC) == 0) { 357 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 358 "%s: no h/w support for TKIP MIC, falling back to s/w\n", 359 __func__); 360 flags |= IEEE80211_KEY_SWMIC; 361 } 362 363 /* 364 * Bind cipher to key instance. Note we do this 365 * after checking the device capabilities so the 366 * cipher module can optimize space usage based on 367 * whether or not it needs to do the cipher work. 368 */ 369 if (key->wk_cipher != cip || key->wk_flags != flags) { 370 /* 371 * Fillin the flags so cipher modules can see s/w 372 * crypto requirements and potentially allocate 373 * different state and/or attach different method 374 * pointers. 375 */ 376 key->wk_flags = flags; 377 keyctx = cip->ic_attach(vap, key); 378 if (keyctx == NULL) { 379 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 380 "%s: unable to attach cipher %s\n", 381 __func__, cip->ic_name); 382 key->wk_flags = oflags; /* restore old flags */ 383 vap->iv_stats.is_crypto_attachfail++; 384 return 0; 385 } 386 cipher_detach(key); 387 key->wk_cipher = cip; /* XXX refcnt? */ 388 key->wk_private = keyctx; 389 } 390 391 /* 392 * Ask the driver for a key index if we don't have one. 393 * Note that entries in the global key table always have 394 * an index; this means it's safe to call this routine 395 * for these entries just to setup the reference to the 396 * cipher template. Note also that when using software 397 * crypto we also call the driver to give us a key index. 398 */ 399 if ((key->wk_flags & IEEE80211_KEY_DEVKEY) == 0) { 400 if (!dev_key_alloc(vap, key, &keyix, &rxkeyix)) { 401 /* 402 * Unable to setup driver state. 403 */ 404 vap->iv_stats.is_crypto_keyfail++; 405 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 406 "%s: unable to setup cipher %s\n", 407 __func__, cip->ic_name); 408 return 0; 409 } 410 if (key->wk_flags != flags) { 411 /* 412 * Driver overrode flags we setup; typically because 413 * resources were unavailable to handle _this_ key. 414 * Re-attach the cipher context to allow cipher 415 * modules to handle differing requirements. 416 */ 417 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 418 "%s: driver override for cipher %s, flags " 419 "0x%x -> 0x%x\n", __func__, cip->ic_name, 420 oflags, key->wk_flags); 421 keyctx = cip->ic_attach(vap, key); 422 if (keyctx == NULL) { 423 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 424 "%s: unable to attach cipher %s with " 425 "flags 0x%x\n", __func__, cip->ic_name, 426 key->wk_flags); 427 key->wk_flags = oflags; /* restore old flags */ 428 vap->iv_stats.is_crypto_attachfail++; 429 return 0; 430 } 431 cipher_detach(key); 432 key->wk_cipher = cip; /* XXX refcnt? */ 433 key->wk_private = keyctx; 434 } 435 key->wk_keyix = keyix; 436 key->wk_rxkeyix = rxkeyix; 437 key->wk_flags |= IEEE80211_KEY_DEVKEY; 438 } 439 return 1; 440 } 441 442 /* 443 * Remove the key (no locking, for internal use). 444 */ 445 static int 446 _ieee80211_crypto_delkey(struct ieee80211vap *vap, struct ieee80211_key *key) 447 { 448 KASSERT(key->wk_cipher != NULL, ("No cipher!")); 449 450 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 451 "%s: %s keyix %u flags 0x%x rsc %ju tsc %ju len %u\n", 452 __func__, key->wk_cipher->ic_name, 453 key->wk_keyix, key->wk_flags, 454 key->wk_keyrsc[IEEE80211_NONQOS_TID], key->wk_keytsc, 455 key->wk_keylen); 456 457 if (key->wk_flags & IEEE80211_KEY_DEVKEY) { 458 /* 459 * Remove hardware entry. 460 */ 461 /* XXX key cache */ 462 if (!dev_key_delete(vap, key)) { 463 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 464 "%s: driver did not delete key index %u\n", 465 __func__, key->wk_keyix); 466 vap->iv_stats.is_crypto_delkey++; 467 /* XXX recovery? */ 468 } 469 } 470 cipher_detach(key); 471 memset(key, 0, sizeof(*key)); 472 ieee80211_crypto_resetkey(vap, key, IEEE80211_KEYIX_NONE); 473 return 1; 474 } 475 476 /* 477 * Remove the specified key. 478 */ 479 int 480 ieee80211_crypto_delkey(struct ieee80211vap *vap, struct ieee80211_key *key) 481 { 482 int status; 483 484 ieee80211_key_update_begin(vap); 485 status = _ieee80211_crypto_delkey(vap, key); 486 ieee80211_key_update_end(vap); 487 return status; 488 } 489 490 /* 491 * Clear the global key table. 492 */ 493 void 494 ieee80211_crypto_delglobalkeys(struct ieee80211vap *vap) 495 { 496 int i; 497 498 ieee80211_key_update_begin(vap); 499 for (i = 0; i < IEEE80211_WEP_NKID; i++) 500 (void) _ieee80211_crypto_delkey(vap, &vap->iv_nw_keys[i]); 501 ieee80211_key_update_end(vap); 502 } 503 504 /* 505 * Set the contents of the specified key. 506 * 507 * Locking must be handled by the caller using: 508 * ieee80211_key_update_begin(vap); 509 * ieee80211_key_update_end(vap); 510 */ 511 int 512 ieee80211_crypto_setkey(struct ieee80211vap *vap, struct ieee80211_key *key) 513 { 514 const struct ieee80211_cipher *cip = key->wk_cipher; 515 516 KASSERT(cip != NULL, ("No cipher!")); 517 518 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 519 "%s: %s keyix %u flags 0x%x mac %s rsc %ju tsc %ju len %u\n", 520 __func__, cip->ic_name, key->wk_keyix, 521 key->wk_flags, ether_sprintf(key->wk_macaddr), 522 key->wk_keyrsc[IEEE80211_NONQOS_TID], key->wk_keytsc, 523 key->wk_keylen); 524 525 if ((key->wk_flags & IEEE80211_KEY_DEVKEY) == 0) { 526 /* XXX nothing allocated, should not happen */ 527 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 528 "%s: no device key setup done; should not happen!\n", 529 __func__); 530 vap->iv_stats.is_crypto_setkey_nokey++; 531 return 0; 532 } 533 /* 534 * Give cipher a chance to validate key contents. 535 * XXX should happen before modifying state. 536 */ 537 if (!cip->ic_setkey(key)) { 538 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, 539 "%s: cipher %s rejected key index %u len %u flags 0x%x\n", 540 __func__, cip->ic_name, key->wk_keyix, 541 key->wk_keylen, key->wk_flags); 542 vap->iv_stats.is_crypto_setkey_cipher++; 543 return 0; 544 } 545 return dev_key_set(vap, key); 546 } 547 548 /* 549 * Return index if the key is a WEP key (0..3); -1 otherwise. 550 * 551 * This is different to "get_keyid" which defaults to returning 552 * 0 for unicast keys; it assumes that it won't be used for WEP. 553 */ 554 int 555 ieee80211_crypto_get_key_wepidx(const struct ieee80211vap *vap, 556 const struct ieee80211_key *k) 557 { 558 559 if (k >= &vap->iv_nw_keys[0] && 560 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) 561 return (k - vap->iv_nw_keys); 562 return (-1); 563 } 564 565 /* 566 * Note: only supports a single unicast key (0). 567 */ 568 uint8_t 569 ieee80211_crypto_get_keyid(struct ieee80211vap *vap, struct ieee80211_key *k) 570 { 571 if (k >= &vap->iv_nw_keys[0] && 572 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) 573 return (k - vap->iv_nw_keys); 574 else 575 return (0); 576 } 577 578 struct ieee80211_key * 579 ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m) 580 { 581 struct ieee80211vap *vap = ni->ni_vap; 582 struct ieee80211_frame *wh; 583 584 /* 585 * Multicast traffic always uses the multicast key. 586 * Otherwise if a unicast key is set we use that and 587 * it is always key index 0. When no unicast key is 588 * set we fall back to the default transmit key. 589 */ 590 wh = mtod(m, struct ieee80211_frame *); 591 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 592 IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { 593 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE) { 594 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, 595 wh->i_addr1, 596 "no default transmit key (%s) deftxkey %u", 597 __func__, vap->iv_def_txkey); 598 vap->iv_stats.is_tx_nodefkey++; 599 return NULL; 600 } 601 return &vap->iv_nw_keys[vap->iv_def_txkey]; 602 } 603 604 return &ni->ni_ucastkey; 605 } 606 607 /* 608 * Add privacy headers appropriate for the specified key. 609 */ 610 struct ieee80211_key * 611 ieee80211_crypto_encap(struct ieee80211_node *ni, struct mbuf *m) 612 { 613 struct ieee80211_key *k; 614 const struct ieee80211_cipher *cip; 615 616 if ((k = ieee80211_crypto_get_txkey(ni, m)) != NULL) { 617 cip = k->wk_cipher; 618 return (cip->ic_encap(k, m) ? k : NULL); 619 } 620 621 return NULL; 622 } 623 624 /* 625 * Validate and strip privacy headers (and trailer) for a 626 * received frame that has the WEP/Privacy bit set. 627 */ 628 int 629 ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf *m, int hdrlen, 630 struct ieee80211_key **key) 631 { 632 #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) 633 #define IEEE80211_WEP_MINLEN \ 634 (sizeof(struct ieee80211_frame) + \ 635 IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN) 636 struct ieee80211vap *vap = ni->ni_vap; 637 struct ieee80211_key *k; 638 struct ieee80211_frame *wh; 639 const struct ieee80211_rx_stats *rxs; 640 const struct ieee80211_cipher *cip; 641 uint8_t keyid; 642 643 /* 644 * Check for hardware decryption and IV stripping. 645 * If the IV is stripped then we definitely can't find a key. 646 * Set the key to NULL but return true; upper layers 647 * will need to handle a NULL key for a successful 648 * decrypt. 649 */ 650 rxs = ieee80211_get_rx_params_ptr(m); 651 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED)) { 652 if (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP) { 653 /* 654 * Hardware decrypted, IV stripped. 655 * We can't find a key with a stripped IV. 656 * Return successful. 657 */ 658 *key = NULL; 659 return (1); 660 } 661 } 662 663 /* NB: this minimum size data frame could be bigger */ 664 if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) { 665 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY, 666 "%s: WEP data frame too short, len %u\n", 667 __func__, m->m_pkthdr.len); 668 vap->iv_stats.is_rx_tooshort++; /* XXX need unique stat? */ 669 *key = NULL; 670 return (0); 671 } 672 673 /* 674 * Locate the key. If unicast and there is no unicast 675 * key then we fall back to the key id in the header. 676 * This assumes unicast keys are only configured when 677 * the key id in the header is meaningless (typically 0). 678 */ 679 wh = mtod(m, struct ieee80211_frame *); 680 m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid); 681 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 682 IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) 683 k = &vap->iv_nw_keys[keyid >> 6]; 684 else 685 k = &ni->ni_ucastkey; 686 687 /* 688 * Insure crypto header is contiguous for all decap work. 689 */ 690 cip = k->wk_cipher; 691 if (m->m_len < hdrlen + cip->ic_header && 692 (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { 693 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, 694 "unable to pullup %s header", cip->ic_name); 695 vap->iv_stats.is_rx_wepfail++; /* XXX */ 696 *key = NULL; 697 return (0); 698 } 699 700 /* 701 * Attempt decryption. 702 * 703 * If we fail then don't return the key - return NULL 704 * and an error. 705 */ 706 if (cip->ic_decap(k, m, hdrlen)) { 707 /* success */ 708 *key = k; 709 return (1); 710 } 711 712 /* Failure */ 713 *key = NULL; 714 return (0); 715 #undef IEEE80211_WEP_MINLEN 716 #undef IEEE80211_WEP_HDRLEN 717 } 718 719 /* 720 * Check and remove any MIC. 721 */ 722 int 723 ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k, 724 struct mbuf *m, int force) 725 { 726 const struct ieee80211_cipher *cip; 727 const struct ieee80211_rx_stats *rxs; 728 struct ieee80211_frame *wh; 729 730 rxs = ieee80211_get_rx_params_ptr(m); 731 wh = mtod(m, struct ieee80211_frame *); 732 733 /* 734 * Handle demic / mic errors from hardware-decrypted offload devices. 735 */ 736 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED)) { 737 if (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MIC) { 738 /* 739 * Hardware has said MIC failed. We don't care about 740 * whether it was stripped or not. 741 * 742 * Eventually - teach the demic methods in crypto 743 * modules to handle a NULL key and not to dereference 744 * it. 745 */ 746 ieee80211_notify_michael_failure(vap, wh, -1); 747 return (0); 748 } 749 750 if (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) { 751 /* 752 * Hardware has decrypted and not indicated a 753 * MIC failure and has stripped the MIC. 754 * We may not have a key, so for now just 755 * return OK. 756 */ 757 return (1); 758 } 759 } 760 761 /* 762 * If we don't have a key at this point then we don't 763 * have to demic anything. 764 */ 765 if (k == NULL) 766 return (1); 767 768 cip = k->wk_cipher; 769 return (cip->ic_miclen > 0 ? cip->ic_demic(k, m, force) : 1); 770 } 771 772 773 static void 774 load_ucastkey(void *arg, struct ieee80211_node *ni) 775 { 776 struct ieee80211vap *vap = ni->ni_vap; 777 struct ieee80211_key *k; 778 779 if (vap->iv_state != IEEE80211_S_RUN) 780 return; 781 k = &ni->ni_ucastkey; 782 if (k->wk_flags & IEEE80211_KEY_DEVKEY) 783 dev_key_set(vap, k); 784 } 785 786 /* 787 * Re-load all keys known to the 802.11 layer that may 788 * have hardware state backing them. This is used by 789 * drivers on resume to push keys down into the device. 790 */ 791 void 792 ieee80211_crypto_reload_keys(struct ieee80211com *ic) 793 { 794 struct ieee80211vap *vap; 795 int i; 796 797 /* 798 * Keys in the global key table of each vap. 799 */ 800 /* NB: used only during resume so don't lock for now */ 801 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 802 if (vap->iv_state != IEEE80211_S_RUN) 803 continue; 804 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 805 const struct ieee80211_key *k = &vap->iv_nw_keys[i]; 806 if (k->wk_flags & IEEE80211_KEY_DEVKEY) 807 dev_key_set(vap, k); 808 } 809 } 810 /* 811 * Unicast keys. 812 */ 813 ieee80211_iterate_nodes(&ic->ic_sta, load_ucastkey, NULL); 814 } 815 816 /* 817 * Set the default key index for WEP, or KEYIX_NONE for no default TX key. 818 * 819 * This should be done as part of a key update block (iv_key_update_begin / 820 * iv_key_update_end.) 821 */ 822 void 823 ieee80211_crypto_set_deftxkey(struct ieee80211vap *vap, ieee80211_keyix kid) 824 { 825 826 /* XXX TODO: assert we're in a key update block */ 827 828 vap->iv_update_deftxkey(vap, kid); 829 } 830
Indexes created Tue Sep 30 20:09:53 GMT 2025