1 /* 2 * Copyright (c) 2009 Atheros Communications Inc. 3 * Copyright (c) 2010 Bruno Randolf <br1@einfach.org> 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #include <asm/unaligned.h> 19 #include <net/mac80211.h> 20 21 #include "ath.h" 22 #include "reg.h" 23 24 #define REG_READ (common->ops->read) 25 #define REG_WRITE(_ah, _reg, _val) (common->ops->write)(_ah, _val, _reg) 26 27 #define IEEE80211_WEP_NKID 4 /* number of key ids */ 28 29 /************************/ 30 /* Key Cache Management */ 31 /************************/ 32 33 bool ath_hw_keyreset(struct ath_common *common, u16 entry) 34 { 35 u32 keyType; 36 void *ah = common->ah; 37 38 if (entry >= common->keymax) { 39 ath_err(common, "keycache entry %u out of range\n", entry); 40 return false; 41 } 42 43 keyType = REG_READ(ah, AR_KEYTABLE_TYPE(entry)); 44 45 REG_WRITE(ah, AR_KEYTABLE_KEY0(entry), 0); 46 REG_WRITE(ah, AR_KEYTABLE_KEY1(entry), 0); 47 REG_WRITE(ah, AR_KEYTABLE_KEY2(entry), 0); 48 REG_WRITE(ah, AR_KEYTABLE_KEY3(entry), 0); 49 REG_WRITE(ah, AR_KEYTABLE_KEY4(entry), 0); 50 REG_WRITE(ah, AR_KEYTABLE_TYPE(entry), AR_KEYTABLE_TYPE_CLR); 51 REG_WRITE(ah, AR_KEYTABLE_MAC0(entry), 0); 52 REG_WRITE(ah, AR_KEYTABLE_MAC1(entry), 0); 53 54 if (keyType == AR_KEYTABLE_TYPE_TKIP) { 55 u16 micentry = entry + 64; 56 57 REG_WRITE(ah, AR_KEYTABLE_KEY0(micentry), 0); 58 REG_WRITE(ah, AR_KEYTABLE_KEY1(micentry), 0); 59 REG_WRITE(ah, AR_KEYTABLE_KEY2(micentry), 0); 60 REG_WRITE(ah, AR_KEYTABLE_KEY3(micentry), 0); 61 if (common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED) 62 REG_WRITE(ah, AR_KEYTABLE_KEY4(micentry), 0); 63 64 } 65 66 return true; 67 } 68 EXPORT_SYMBOL(ath_hw_keyreset); 69 70 static bool ath_hw_keysetmac(struct ath_common *common, 71 u16 entry, const u8 *mac) 72 { 73 u32 macHi, macLo; 74 u32 unicast_flag = AR_KEYTABLE_VALID; 75 void *ah = common->ah; 76 77 if (entry >= common->keymax) { 78 ath_err(common, "keycache entry %u out of range\n", entry); 79 return false; 80 } 81 82 if (mac != NULL) { 83 /* 84 * AR_KEYTABLE_VALID indicates that the address is a unicast 85 * address, which must match the transmitter address for 86 * decrypting frames. 87 * Not setting this bit allows the hardware to use the key 88 * for multicast frame decryption. 89 */ 90 if (mac[0] & 0x01) 91 unicast_flag = 0; 92 93 macHi = (mac[5] << 8) | mac[4]; 94 macLo = (mac[3] << 24) | 95 (mac[2] << 16) | 96 (mac[1] << 8) | 97 mac[0]; 98 macLo >>= 1; 99 macLo |= (macHi & 1) << 31; 100 macHi >>= 1; 101 } else { 102 macLo = macHi = 0; 103 } 104 REG_WRITE(ah, AR_KEYTABLE_MAC0(entry), macLo); 105 REG_WRITE(ah, AR_KEYTABLE_MAC1(entry), macHi | unicast_flag); 106 107 return true; 108 } 109 110 static bool ath_hw_set_keycache_entry(struct ath_common *common, u16 entry, 111 const struct ath_keyval *k, 112 const u8 *mac) 113 { 114 void *ah = common->ah; 115 u32 key0, key1, key2, key3, key4; 116 u32 keyType; 117 118 if (entry >= common->keymax) { 119 ath_err(common, "keycache entry %u out of range\n", entry); 120 return false; 121 } 122 123 switch (k->kv_type) { 124 case ATH_CIPHER_AES_OCB: 125 keyType = AR_KEYTABLE_TYPE_AES; 126 break; 127 case ATH_CIPHER_AES_CCM: 128 if (!(common->crypt_caps & ATH_CRYPT_CAP_CIPHER_AESCCM)) { 129 ath_dbg(common, ATH_DBG_ANY, 130 "AES-CCM not supported by this mac rev\n"); 131 return false; 132 } 133 keyType = AR_KEYTABLE_TYPE_CCM; 134 break; 135 case ATH_CIPHER_TKIP: 136 keyType = AR_KEYTABLE_TYPE_TKIP; 137 if (entry + 64 >= common->keymax) { 138 ath_dbg(common, ATH_DBG_ANY, 139 "entry %u inappropriate for TKIP\n", entry); 140 return false; 141 } 142 break; 143 case ATH_CIPHER_WEP: 144 if (k->kv_len < WLAN_KEY_LEN_WEP40) { 145 ath_dbg(common, ATH_DBG_ANY, 146 "WEP key length %u too small\n", k->kv_len); 147 return false; 148 } 149 if (k->kv_len <= WLAN_KEY_LEN_WEP40) 150 keyType = AR_KEYTABLE_TYPE_40; 151 else if (k->kv_len <= WLAN_KEY_LEN_WEP104) 152 keyType = AR_KEYTABLE_TYPE_104; 153 else 154 keyType = AR_KEYTABLE_TYPE_128; 155 break; 156 case ATH_CIPHER_CLR: 157 keyType = AR_KEYTABLE_TYPE_CLR; 158 break; 159 default: 160 ath_err(common, "cipher %u not supported\n", k->kv_type); 161 return false; 162 } 163 164 key0 = get_unaligned_le32(k->kv_val + 0); 165 key1 = get_unaligned_le16(k->kv_val + 4); 166 key2 = get_unaligned_le32(k->kv_val + 6); 167 key3 = get_unaligned_le16(k->kv_val + 10); 168 key4 = get_unaligned_le32(k->kv_val + 12); 169 if (k->kv_len <= WLAN_KEY_LEN_WEP104) 170 key4 &= 0xff; 171 172 /* 173 * Note: Key cache registers access special memory area that requires 174 * two 32-bit writes to actually update the values in the internal 175 * memory. Consequently, the exact order and pairs used here must be 176 * maintained. 177 */ 178 179 if (keyType == AR_KEYTABLE_TYPE_TKIP) { 180 u16 micentry = entry + 64; 181 182 /* 183 * Write inverted key[47:0] first to avoid Michael MIC errors 184 * on frames that could be sent or received at the same time. 185 * The correct key will be written in the end once everything 186 * else is ready. 187 */ 188 REG_WRITE(ah, AR_KEYTABLE_KEY0(entry), ~key0); 189 REG_WRITE(ah, AR_KEYTABLE_KEY1(entry), ~key1); 190 191 /* Write key[95:48] */ 192 REG_WRITE(ah, AR_KEYTABLE_KEY2(entry), key2); 193 REG_WRITE(ah, AR_KEYTABLE_KEY3(entry), key3); 194 195 /* Write key[127:96] and key type */ 196 REG_WRITE(ah, AR_KEYTABLE_KEY4(entry), key4); 197 REG_WRITE(ah, AR_KEYTABLE_TYPE(entry), keyType); 198 199 /* Write MAC address for the entry */ 200 (void) ath_hw_keysetmac(common, entry, mac); 201 202 if (common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED) { 203 /* 204 * TKIP uses two key cache entries: 205 * Michael MIC TX/RX keys in the same key cache entry 206 * (idx = main index + 64): 207 * key0 [31:0] = RX key [31:0] 208 * key1 [15:0] = TX key [31:16] 209 * key1 [31:16] = reserved 210 * key2 [31:0] = RX key [63:32] 211 * key3 [15:0] = TX key [15:0] 212 * key3 [31:16] = reserved 213 * key4 [31:0] = TX key [63:32] 214 */ 215 u32 mic0, mic1, mic2, mic3, mic4; 216 217 mic0 = get_unaligned_le32(k->kv_mic + 0); 218 mic2 = get_unaligned_le32(k->kv_mic + 4); 219 mic1 = get_unaligned_le16(k->kv_txmic + 2) & 0xffff; 220 mic3 = get_unaligned_le16(k->kv_txmic + 0) & 0xffff; 221 mic4 = get_unaligned_le32(k->kv_txmic + 4); 222 223 /* Write RX[31:0] and TX[31:16] */ 224 REG_WRITE(ah, AR_KEYTABLE_KEY0(micentry), mic0); 225 REG_WRITE(ah, AR_KEYTABLE_KEY1(micentry), mic1); 226 227 /* Write RX[63:32] and TX[15:0] */ 228 REG_WRITE(ah, AR_KEYTABLE_KEY2(micentry), mic2); 229 REG_WRITE(ah, AR_KEYTABLE_KEY3(micentry), mic3); 230 231 /* Write TX[63:32] and keyType(reserved) */ 232 REG_WRITE(ah, AR_KEYTABLE_KEY4(micentry), mic4); 233 REG_WRITE(ah, AR_KEYTABLE_TYPE(micentry), 234 AR_KEYTABLE_TYPE_CLR); 235 236 } else { 237 /* 238 * TKIP uses four key cache entries (two for group 239 * keys): 240 * Michael MIC TX/RX keys are in different key cache 241 * entries (idx = main index + 64 for TX and 242 * main index + 32 + 96 for RX): 243 * key0 [31:0] = TX/RX MIC key [31:0] 244 * key1 [31:0] = reserved 245 * key2 [31:0] = TX/RX MIC key [63:32] 246 * key3 [31:0] = reserved 247 * key4 [31:0] = reserved 248 * 249 * Upper layer code will call this function separately 250 * for TX and RX keys when these registers offsets are 251 * used. 252 */ 253 u32 mic0, mic2; 254 255 mic0 = get_unaligned_le32(k->kv_mic + 0); 256 mic2 = get_unaligned_le32(k->kv_mic + 4); 257 258 /* Write MIC key[31:0] */ 259 REG_WRITE(ah, AR_KEYTABLE_KEY0(micentry), mic0); 260 REG_WRITE(ah, AR_KEYTABLE_KEY1(micentry), 0); 261 262 /* Write MIC key[63:32] */ 263 REG_WRITE(ah, AR_KEYTABLE_KEY2(micentry), mic2); 264 REG_WRITE(ah, AR_KEYTABLE_KEY3(micentry), 0); 265 266 /* Write TX[63:32] and keyType(reserved) */ 267 REG_WRITE(ah, AR_KEYTABLE_KEY4(micentry), 0); 268 REG_WRITE(ah, AR_KEYTABLE_TYPE(micentry), 269 AR_KEYTABLE_TYPE_CLR); 270 } 271 272 /* MAC address registers are reserved for the MIC entry */ 273 REG_WRITE(ah, AR_KEYTABLE_MAC0(micentry), 0); 274 REG_WRITE(ah, AR_KEYTABLE_MAC1(micentry), 0); 275 276 /* 277 * Write the correct (un-inverted) key[47:0] last to enable 278 * TKIP now that all other registers are set with correct 279 * values. 280 */ 281 REG_WRITE(ah, AR_KEYTABLE_KEY0(entry), key0); 282 REG_WRITE(ah, AR_KEYTABLE_KEY1(entry), key1); 283 } else { 284 /* Write key[47:0] */ 285 REG_WRITE(ah, AR_KEYTABLE_KEY0(entry), key0); 286 REG_WRITE(ah, AR_KEYTABLE_KEY1(entry), key1); 287 288 /* Write key[95:48] */ 289 REG_WRITE(ah, AR_KEYTABLE_KEY2(entry), key2); 290 REG_WRITE(ah, AR_KEYTABLE_KEY3(entry), key3); 291 292 /* Write key[127:96] and key type */ 293 REG_WRITE(ah, AR_KEYTABLE_KEY4(entry), key4); 294 REG_WRITE(ah, AR_KEYTABLE_TYPE(entry), keyType); 295 296 /* Write MAC address for the entry */ 297 (void) ath_hw_keysetmac(common, entry, mac); 298 } 299 300 return true; 301 } 302 303 static int ath_setkey_tkip(struct ath_common *common, u16 keyix, const u8 *key, 304 struct ath_keyval *hk, const u8 *addr, 305 bool authenticator) 306 { 307 const u8 *key_rxmic; 308 const u8 *key_txmic; 309 310 key_txmic = key + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY; 311 key_rxmic = key + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY; 312 313 if (addr == NULL) { 314 /* 315 * Group key installation - only two key cache entries are used 316 * regardless of splitmic capability since group key is only 317 * used either for TX or RX. 318 */ 319 if (authenticator) { 320 memcpy(hk->kv_mic, key_txmic, sizeof(hk->kv_mic)); 321 memcpy(hk->kv_txmic, key_txmic, sizeof(hk->kv_mic)); 322 } else { 323 memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic)); 324 memcpy(hk->kv_txmic, key_rxmic, sizeof(hk->kv_mic)); 325 } 326 return ath_hw_set_keycache_entry(common, keyix, hk, addr); 327 } 328 if (common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED) { 329 /* TX and RX keys share the same key cache entry. */ 330 memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic)); 331 memcpy(hk->kv_txmic, key_txmic, sizeof(hk->kv_txmic)); 332 return ath_hw_set_keycache_entry(common, keyix, hk, addr); 333 } 334 335 /* Separate key cache entries for TX and RX */ 336 337 /* TX key goes at first index, RX key at +32. */ 338 memcpy(hk->kv_mic, key_txmic, sizeof(hk->kv_mic)); 339 if (!ath_hw_set_keycache_entry(common, keyix, hk, NULL)) { 340 /* TX MIC entry failed. No need to proceed further */ 341 ath_err(common, "Setting TX MIC Key Failed\n"); 342 return 0; 343 } 344 345 memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic)); 346 /* XXX delete tx key on failure? */ 347 return ath_hw_set_keycache_entry(common, keyix + 32, hk, addr); 348 } 349 350 static int ath_reserve_key_cache_slot_tkip(struct ath_common *common) 351 { 352 int i; 353 354 for (i = IEEE80211_WEP_NKID; i < common->keymax / 2; i++) { 355 if (test_bit(i, common->keymap) || 356 test_bit(i + 64, common->keymap)) 357 continue; /* At least one part of TKIP key allocated */ 358 if (!(common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED) && 359 (test_bit(i + 32, common->keymap) || 360 test_bit(i + 64 + 32, common->keymap))) 361 continue; /* At least one part of TKIP key allocated */ 362 363 /* Found a free slot for a TKIP key */ 364 return i; 365 } 366 return -1; 367 } 368 369 static int ath_reserve_key_cache_slot(struct ath_common *common, 370 u32 cipher) 371 { 372 int i; 373 374 if (cipher == WLAN_CIPHER_SUITE_TKIP) 375 return ath_reserve_key_cache_slot_tkip(common); 376 377 /* First, try to find slots that would not be available for TKIP. */ 378 if (!(common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED)) { 379 for (i = IEEE80211_WEP_NKID; i < common->keymax / 4; i++) { 380 if (!test_bit(i, common->keymap) && 381 (test_bit(i + 32, common->keymap) || 382 test_bit(i + 64, common->keymap) || 383 test_bit(i + 64 + 32, common->keymap))) 384 return i; 385 if (!test_bit(i + 32, common->keymap) && 386 (test_bit(i, common->keymap) || 387 test_bit(i + 64, common->keymap) || 388 test_bit(i + 64 + 32, common->keymap))) 389 return i + 32; 390 if (!test_bit(i + 64, common->keymap) && 391 (test_bit(i , common->keymap) || 392 test_bit(i + 32, common->keymap) || 393 test_bit(i + 64 + 32, common->keymap))) 394 return i + 64; 395 if (!test_bit(i + 64 + 32, common->keymap) && 396 (test_bit(i, common->keymap) || 397 test_bit(i + 32, common->keymap) || 398 test_bit(i + 64, common->keymap))) 399 return i + 64 + 32; 400 } 401 } else { 402 for (i = IEEE80211_WEP_NKID; i < common->keymax / 2; i++) { 403 if (!test_bit(i, common->keymap) && 404 test_bit(i + 64, common->keymap)) 405 return i; 406 if (test_bit(i, common->keymap) && 407 !test_bit(i + 64, common->keymap)) 408 return i + 64; 409 } 410 } 411 412 /* No partially used TKIP slots, pick any available slot */ 413 for (i = IEEE80211_WEP_NKID; i < common->keymax; i++) { 414 /* Do not allow slots that could be needed for TKIP group keys 415 * to be used. This limitation could be removed if we know that 416 * TKIP will not be used. */ 417 if (i >= 64 && i < 64 + IEEE80211_WEP_NKID) 418 continue; 419 if (!(common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED)) { 420 if (i >= 32 && i < 32 + IEEE80211_WEP_NKID) 421 continue; 422 if (i >= 64 + 32 && i < 64 + 32 + IEEE80211_WEP_NKID) 423 continue; 424 } 425 426 if (!test_bit(i, common->keymap)) 427 return i; /* Found a free slot for a key */ 428 } 429 430 /* No free slot found */ 431 return -1; 432 } 433 434 /* 435 * Configure encryption in the HW. 436 */ 437 int ath_key_config(struct ath_common *common, 438 struct ieee80211_vif *vif, 439 struct ieee80211_sta *sta, 440 struct ieee80211_key_conf *key) 441 { 442 struct ath_keyval hk; 443 const u8 *mac = NULL; 444 u8 gmac[ETH_ALEN]; 445 int ret = 0; 446 int idx; 447 448 memset(&hk, 0, sizeof(hk)); 449 450 switch (key->cipher) { 451 case WLAN_CIPHER_SUITE_WEP40: 452 case WLAN_CIPHER_SUITE_WEP104: 453 hk.kv_type = ATH_CIPHER_WEP; 454 break; 455 case WLAN_CIPHER_SUITE_TKIP: 456 hk.kv_type = ATH_CIPHER_TKIP; 457 break; 458 case WLAN_CIPHER_SUITE_CCMP: 459 hk.kv_type = ATH_CIPHER_AES_CCM; 460 break; 461 default: 462 return -EOPNOTSUPP; 463 } 464 465 hk.kv_len = key->keylen; 466 memcpy(hk.kv_val, key->key, key->keylen); 467 468 if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE)) { 469 switch (vif->type) { 470 case NL80211_IFTYPE_AP: 471 memcpy(gmac, vif->addr, ETH_ALEN); 472 gmac[0] |= 0x01; 473 mac = gmac; 474 idx = ath_reserve_key_cache_slot(common, key->cipher); 475 break; 476 case NL80211_IFTYPE_ADHOC: 477 if (!sta) { 478 idx = key->keyidx; 479 break; 480 } 481 memcpy(gmac, sta->addr, ETH_ALEN); 482 gmac[0] |= 0x01; 483 mac = gmac; 484 idx = ath_reserve_key_cache_slot(common, key->cipher); 485 break; 486 default: 487 idx = key->keyidx; 488 break; 489 } 490 } else if (key->keyidx) { 491 if (WARN_ON(!sta)) 492 return -EOPNOTSUPP; 493 mac = sta->addr; 494 495 if (vif->type != NL80211_IFTYPE_AP) { 496 /* Only keyidx 0 should be used with unicast key, but 497 * allow this for client mode for now. */ 498 idx = key->keyidx; 499 } else 500 return -EIO; 501 } else { 502 if (WARN_ON(!sta)) 503 return -EOPNOTSUPP; 504 mac = sta->addr; 505 506 idx = ath_reserve_key_cache_slot(common, key->cipher); 507 } 508 509 if (idx < 0) 510 return -ENOSPC; /* no free key cache entries */ 511 512 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) 513 ret = ath_setkey_tkip(common, idx, key->key, &hk, mac, 514 vif->type == NL80211_IFTYPE_AP); 515 else 516 ret = ath_hw_set_keycache_entry(common, idx, &hk, mac); 517 518 if (!ret) 519 return -EIO; 520 521 set_bit(idx, common->keymap); 522 if (key->cipher == WLAN_CIPHER_SUITE_TKIP) { 523 set_bit(idx + 64, common->keymap); 524 set_bit(idx, common->tkip_keymap); 525 set_bit(idx + 64, common->tkip_keymap); 526 if (!(common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED)) { 527 set_bit(idx + 32, common->keymap); 528 set_bit(idx + 64 + 32, common->keymap); 529 set_bit(idx + 32, common->tkip_keymap); 530 set_bit(idx + 64 + 32, common->tkip_keymap); 531 } 532 } 533 534 return idx; 535 } 536 EXPORT_SYMBOL(ath_key_config); 537 538 /* 539 * Delete Key. 540 */ 541 void ath_key_delete(struct ath_common *common, struct ieee80211_key_conf *key) 542 { 543 ath_hw_keyreset(common, key->hw_key_idx); 544 if (key->hw_key_idx < IEEE80211_WEP_NKID) 545 return; 546 547 clear_bit(key->hw_key_idx, common->keymap); 548 if (key->cipher != WLAN_CIPHER_SUITE_TKIP) 549 return; 550 551 clear_bit(key->hw_key_idx + 64, common->keymap); 552 553 clear_bit(key->hw_key_idx, common->tkip_keymap); 554 clear_bit(key->hw_key_idx + 64, common->tkip_keymap); 555 556 if (!(common->crypt_caps & ATH_CRYPT_CAP_MIC_COMBINED)) { 557 ath_hw_keyreset(common, key->hw_key_idx + 32); 558 clear_bit(key->hw_key_idx + 32, common->keymap); 559 clear_bit(key->hw_key_idx + 64 + 32, common->keymap); 560 561 clear_bit(key->hw_key_idx + 32, common->tkip_keymap); 562 clear_bit(key->hw_key_idx + 64 + 32, common->tkip_keymap); 563 } 564 } 565 EXPORT_SYMBOL(ath_key_delete); 566