head 1.23; access; symbols netbsd-10-0-RELEASE:1.23 netbsd-10-0-RC6:1.23 netbsd-10-0-RC5:1.23 netbsd-10-0-RC4:1.23 netbsd-10-0-RC3:1.23 netbsd-10-0-RC2:1.23 thorpej-ifq:1.23.0.36 thorpej-ifq-base:1.23 thorpej-altq-separation:1.23.0.34 thorpej-altq-separation-base:1.23 netbsd-10-0-RC1:1.23 netbsd-10:1.23.0.32 netbsd-10-base:1.23 bouyer-sunxi-drm:1.23.0.30 bouyer-sunxi-drm-base:1.23 netbsd-9-3-RELEASE:1.23 thorpej-i2c-spi-conf2:1.23.0.28 thorpej-i2c-spi-conf2-base:1.23 thorpej-futex2:1.23.0.26 thorpej-futex2-base:1.23 thorpej-cfargs2:1.23.0.24 thorpej-cfargs2-base:1.23 cjep_sun2x-base1:1.23 cjep_sun2x:1.23.0.22 cjep_sun2x-base:1.23 cjep_staticlib_x-base1:1.23 netbsd-9-2-RELEASE:1.23 cjep_staticlib_x:1.23.0.20 cjep_staticlib_x-base:1.23 thorpej-i2c-spi-conf:1.23.0.18 thorpej-i2c-spi-conf-base:1.23 thorpej-cfargs:1.23.0.16 thorpej-cfargs-base:1.23 thorpej-futex:1.23.0.14 thorpej-futex-base:1.23 netbsd-9-1-RELEASE:1.23 bouyer-xenpvh-base2:1.23 phil-wifi-20200421:1.23 bouyer-xenpvh-base1:1.23 phil-wifi-20200411:1.23 bouyer-xenpvh:1.23.0.12 bouyer-xenpvh-base:1.23 is-mlppp:1.23.0.10 is-mlppp-base:1.23 phil-wifi-20200406:1.23 netbsd-8-2-RELEASE:1.17 ad-namecache-base3:1.23 netbsd-9-0-RELEASE:1.23 netbsd-9-0-RC2:1.23 ad-namecache-base2:1.23 ad-namecache-base1:1.23 ad-namecache:1.23.0.8 ad-namecache-base:1.23 netbsd-9-0-RC1:1.23 phil-wifi-20191119:1.23 netbsd-9:1.23.0.6 netbsd-9-base:1.23 phil-wifi-20190609:1.23 netbsd-8-1-RELEASE:1.17 netbsd-8-1-RC1:1.17 isaki-audio2:1.23.0.4 isaki-audio2-base:1.23 pgoyette-compat-merge-20190127:1.21.2.2 pgoyette-compat-20190127:1.23 pgoyette-compat-20190118:1.23 pgoyette-compat-1226:1.23 pgoyette-compat-1126:1.23 pgoyette-compat-1020:1.23 pgoyette-compat-0930:1.23 pgoyette-compat-0906:1.23 netbsd-7-2-RELEASE:1.16 pgoyette-compat-0728:1.23 netbsd-8-0-RELEASE:1.17 phil-wifi-freebsd-base:1.23.2.1 phil-wifi:1.23.0.2 phil-wifi-base:1.23 pgoyette-compat-0625:1.23 netbsd-8-0-RC2:1.17 pgoyette-compat-0521:1.23 pgoyette-compat-0502:1.22 pgoyette-compat-0422:1.22 netbsd-8-0-RC1:1.17 pgoyette-compat-0415:1.22 pgoyette-compat-0407:1.21 pgoyette-compat-0330:1.21 pgoyette-compat-0322:1.21 pgoyette-compat-0315:1.21 netbsd-7-1-2-RELEASE:1.16 pgoyette-compat:1.21.0.2 pgoyette-compat-base:1.21 netbsd-7-1-1-RELEASE:1.16 tls-maxphys-base-20171202:1.17 matt-nb8-mediatek:1.17.0.14 matt-nb8-mediatek-base:1.17 nick-nhusb-base-20170825:1.17 perseant-stdc-iso10646:1.17.0.12 perseant-stdc-iso10646-base:1.17 netbsd-8:1.17.0.10 netbsd-8-base:1.17 prg-localcount2-base3:1.17 prg-localcount2-base2:1.17 prg-localcount2-base1:1.17 prg-localcount2:1.17.0.8 prg-localcount2-base:1.17 pgoyette-localcount-20170426:1.17 bouyer-socketcan-base1:1.17 jdolecek-ncq:1.17.0.6 jdolecek-ncq-base:1.17 pgoyette-localcount-20170320:1.17 netbsd-7-1:1.16.0.12 netbsd-7-1-RELEASE:1.16 netbsd-7-1-RC2:1.16 nick-nhusb-base-20170204:1.17 netbsd-7-nhusb-base-20170116:1.16 bouyer-socketcan:1.17.0.4 bouyer-socketcan-base:1.17 pgoyette-localcount-20170107:1.17 netbsd-7-1-RC1:1.16 nick-nhusb-base-20161204:1.17 pgoyette-localcount-20161104:1.17 netbsd-7-0-2-RELEASE:1.16 nick-nhusb-base-20161004:1.17 localcount-20160914:1.17 netbsd-7-nhusb:1.16.0.10 netbsd-7-nhusb-base:1.16 pgoyette-localcount-20160806:1.17 pgoyette-localcount-20160726:1.17 pgoyette-localcount:1.17.0.2 pgoyette-localcount-base:1.17 nick-nhusb-base-20160907:1.17 nick-nhusb-base-20160529:1.17 netbsd-7-0-1-RELEASE:1.16 nick-nhusb-base-20160422:1.17 nick-nhusb-base-20160319:1.17 nick-nhusb-base-20151226:1.17 netbsd-7-0:1.16.0.8 netbsd-7-0-RELEASE:1.16 nick-nhusb-base-20150921:1.17 netbsd-7-0-RC3:1.16 netbsd-7-0-RC2:1.16 netbsd-7-0-RC1:1.16 nick-nhusb-base-20150606:1.16 nick-nhusb-base-20150406:1.16 nick-nhusb:1.16.0.6 nick-nhusb-base:1.16 netbsd-5-2-3-RELEASE:1.14 netbsd-5-1-5-RELEASE:1.14 netbsd-6-0-6-RELEASE:1.15 netbsd-6-1-5-RELEASE:1.15 netbsd-7:1.16.0.4 netbsd-7-base:1.16 yamt-pagecache-base9:1.16 yamt-pagecache-tag8:1.15 netbsd-6-1-4-RELEASE:1.15 netbsd-6-0-5-RELEASE:1.15 tls-earlyentropy:1.16.0.2 tls-earlyentropy-base:1.16 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.16 riastradh-drm2-base3:1.16 netbsd-6-1-3-RELEASE:1.15 netbsd-6-0-4-RELEASE:1.15 netbsd-5-2-2-RELEASE:1.14 netbsd-5-1-4-RELEASE:1.14 netbsd-6-1-2-RELEASE:1.15 netbsd-6-0-3-RELEASE:1.15 netbsd-5-2-1-RELEASE:1.14 netbsd-5-1-3-RELEASE:1.14 rmind-smpnet-nbase:1.16 netbsd-6-1-1-RELEASE:1.15 riastradh-drm2-base2:1.15 riastradh-drm2-base1:1.15 riastradh-drm2:1.15.0.26 riastradh-drm2-base:1.15 rmind-smpnet:1.15.0.18 rmind-smpnet-base:1.16 netbsd-6-1:1.15.0.24 netbsd-6-0-2-RELEASE:1.15 netbsd-6-1-RELEASE:1.15 khorben-n900:1.15.0.22 netbsd-6-1-RC4:1.15 netbsd-6-1-RC3:1.15 agc-symver:1.15.0.20 agc-symver-base:1.15 netbsd-6-1-RC2:1.15 netbsd-6-1-RC1:1.15 yamt-pagecache-base8:1.15 netbsd-5-2:1.14.0.86 netbsd-6-0-1-RELEASE:1.15 yamt-pagecache-base7:1.15 netbsd-5-2-RELEASE:1.14 netbsd-5-2-RC1:1.14 matt-nb6-plus-nbase:1.15 yamt-pagecache-base6:1.15 netbsd-6-0:1.15.0.16 netbsd-6-0-RELEASE:1.15 netbsd-6-0-RC2:1.15 tls-maxphys:1.15.0.14 tls-maxphys-base:1.16 matt-nb6-plus:1.15.0.12 matt-nb6-plus-base:1.15 netbsd-6-0-RC1:1.15 jmcneill-usbmp-base10:1.15 yamt-pagecache-base5:1.15 jmcneill-usbmp-base9:1.15 yamt-pagecache-base4:1.15 jmcneill-usbmp-base8:1.15 jmcneill-usbmp-base7:1.15 jmcneill-usbmp-base6:1.15 jmcneill-usbmp-base5:1.15 jmcneill-usbmp-base4:1.15 jmcneill-usbmp-base3:1.15 jmcneill-usbmp-pre-base2:1.15 jmcneill-usbmp-base2:1.15 netbsd-6:1.15.0.10 netbsd-6-base:1.15 netbsd-5-1-2-RELEASE:1.14 netbsd-5-1-1-RELEASE:1.14 jmcneill-usbmp:1.15.0.8 jmcneill-usbmp-base:1.15 jmcneill-audiomp3:1.15.0.6 jmcneill-audiomp3-base:1.15 yamt-pagecache-base3:1.15 yamt-pagecache-base2:1.15 yamt-pagecache:1.15.0.4 yamt-pagecache-base:1.15 rmind-uvmplock-nbase:1.15 cherry-xenmp:1.15.0.2 cherry-xenmp-base:1.15 bouyer-quota2-nbase:1.14 bouyer-quota2:1.14.0.84 bouyer-quota2-base:1.14 jruoho-x86intr:1.14.0.82 jruoho-x86intr-base:1.14 matt-mips64-premerge-20101231:1.14 matt-nb5-mips64-premerge-20101231:1.14 matt-nb5-pq3:1.14.0.80 matt-nb5-pq3-base:1.14 netbsd-5-1:1.14.0.78 netbsd-5-1-RELEASE:1.14 uebayasi-xip-base4:1.14 uebayasi-xip-base3:1.14 yamt-nfs-mp-base11:1.14 netbsd-5-1-RC4:1.14 matt-nb5-mips64-k15:1.14 uebayasi-xip-base2:1.14 yamt-nfs-mp-base10:1.14 netbsd-5-1-RC3:1.14 netbsd-5-1-RC2:1.14 uebayasi-xip-base1:1.14 netbsd-5-1-RC1:1.14 rmind-uvmplock:1.14.0.76 rmind-uvmplock-base:1.15 yamt-nfs-mp-base9:1.14 uebayasi-xip:1.14.0.74 uebayasi-xip-base:1.14 netbsd-5-0-2-RELEASE:1.14 matt-nb5-mips64-premerge-20091211:1.14 matt-premerge-20091211:1.14 yamt-nfs-mp-base8:1.14 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.14 matt-nb4-mips64-k7-u2a-k9b:1.14 matt-nb5-mips64-u1-k1-k5:1.14 yamt-nfs-mp-base7:1.14 matt-nb5-mips64:1.14.0.72 netbsd-5-0-1-RELEASE:1.14 jymxensuspend-base:1.14 yamt-nfs-mp-base6:1.14 yamt-nfs-mp-base5:1.14 yamt-nfs-mp-base4:1.14 jym-xensuspend-nbase:1.14 yamt-nfs-mp-base3:1.14 nick-hppapmap-base4:1.14 nick-hppapmap-base3:1.14 netbsd-5-0:1.14.0.70 netbsd-5-0-RELEASE:1.14 netbsd-5-0-RC4:1.14 netbsd-5-0-RC3:1.14 nick-hppapmap-base2:1.14 netbsd-5-0-RC2:1.14 jym-xensuspend:1.14.0.68 jym-xensuspend-base:1.14 netbsd-5-0-RC1:1.14 haad-dm-base2:1.14 haad-nbase2:1.14 ad-audiomp2:1.14.0.66 ad-audiomp2-base:1.14 netbsd-5:1.14.0.64 netbsd-5-base:1.14 nick-hppapmap:1.14.0.62 nick-hppapmap-base:1.14 matt-mips64-base2:1.14 matt-mips64:1.14.0.60 haad-dm-base1:1.14 wrstuden-revivesa-base-4:1.14 netbsd-4-0-1-RELEASE:1.14 wrstuden-revivesa-base-3:1.14 wrstuden-revivesa-base-2:1.14 wrstuden-fixsa-newbase:1.14 nick-csl-alignment-base5:1.14 haad-dm:1.14.0.58 haad-dm-base:1.14 wrstuden-revivesa-base-1:1.14 simonb-wapbl-nbase:1.14 yamt-pf42-base4:1.14 simonb-wapbl:1.14.0.56 simonb-wapbl-base:1.14 yamt-pf42-base3:1.14 hpcarm-cleanup-nbase:1.14 yamt-pf42-baseX:1.14 yamt-pf42-base2:1.14 yamt-nfs-mp-base2:1.14 wrstuden-revivesa:1.14.0.54 wrstuden-revivesa-base:1.14 yamt-nfs-mp:1.14.0.52 yamt-nfs-mp-base:1.14 yamt-pf42:1.14.0.50 yamt-pf42-base:1.14 ad-socklock-base1:1.14 yamt-lazymbuf-base15:1.14 yamt-lazymbuf-base14:1.14 keiichi-mipv6-nbase:1.14 mjf-devfs2:1.14.0.48 mjf-devfs2-base:1.14 nick-net80211-sync:1.14.0.46 nick-net80211-sync-base:1.14 keiichi-mipv6:1.14.0.44 keiichi-mipv6-base:1.14 bouyer-xeni386-merge1:1.14 matt-armv6-prevmlocking:1.14 wrstuden-fixsa-base-1:1.14 vmlocking2-base3:1.14 netbsd-4-0:1.14.0.42 netbsd-4-0-RELEASE:1.14 bouyer-xeni386-nbase:1.14 yamt-kmem-base3:1.14 cube-autoconf:1.14.0.40 cube-autoconf-base:1.14 yamt-kmem-base2:1.14 bouyer-xeni386:1.14.0.38 bouyer-xeni386-base:1.14 yamt-kmem:1.14.0.36 yamt-kmem-base:1.14 vmlocking2-base2:1.14 reinoud-bufcleanup-nbase:1.14 vmlocking2:1.14.0.34 vmlocking2-base1:1.14 netbsd-4-0-RC5:1.14 matt-nb4-arm:1.14.0.32 matt-nb4-arm-base:1.14 matt-armv6-nbase:1.14 jmcneill-base:1.14 netbsd-4-0-RC4:1.14 mjf-devfs:1.14.0.30 mjf-devfs-base:1.14 bouyer-xenamd64-base2:1.14 vmlocking-nbase:1.14 yamt-x86pmap-base4:1.14 bouyer-xenamd64:1.14.0.28 bouyer-xenamd64-base:1.14 netbsd-4-0-RC3:1.14 yamt-x86pmap-base3:1.14 yamt-x86pmap-base2:1.14 netbsd-4-0-RC2:1.14 yamt-x86pmap:1.14.0.26 yamt-x86pmap-base:1.14 netbsd-4-0-RC1:1.14 matt-armv6:1.14.0.24 matt-armv6-base:1.14 matt-mips64-base:1.14 jmcneill-pm:1.14.0.22 jmcneill-pm-base:1.14 hpcarm-cleanup:1.14.0.20 hpcarm-cleanup-base:1.14 nick-csl-alignment:1.14.0.18 nick-csl-alignment-base:1.14 netbsd-3-1-1-RELEASE:1.6 netbsd-3-0-3-RELEASE:1.6 yamt-idlelwp-base8:1.14 wrstuden-fixsa:1.14.0.16 wrstuden-fixsa-base:1.14 thorpej-atomic:1.14.0.14 thorpej-atomic-base:1.14 reinoud-bufcleanup:1.14.0.12 reinoud-bufcleanup-base:1.14 mjf-ufs-trans:1.14.0.10 mjf-ufs-trans-base:1.14 vmlocking:1.14.0.8 vmlocking-base:1.14 ad-audiomp:1.14.0.6 ad-audiomp-base:1.14 yamt-idlelwp:1.14.0.4 post-newlock2-merge:1.14 newlock2-nbase:1.14 yamt-splraiseipl-base5:1.14 yamt-splraiseipl-base4:1.14 yamt-splraiseipl-base3:1.14 abandoned-netbsd-4-base:1.12 abandoned-netbsd-4:1.12.0.12 netbsd-3-1:1.6.0.6 netbsd-3-1-RELEASE:1.6 netbsd-3-0-2-RELEASE:1.6 yamt-splraiseipl-base2:1.13 netbsd-3-1-RC4:1.6 yamt-splraiseipl:1.12.0.16 yamt-splraiseipl-base:1.12 netbsd-3-1-RC3:1.6 yamt-pdpolicy-base9:1.12 newlock2:1.12.0.14 newlock2-base:1.14 yamt-pdpolicy-base8:1.12 netbsd-3-1-RC2:1.6 netbsd-3-1-RC1:1.6 yamt-pdpolicy-base7:1.12 netbsd-4:1.14.0.2 netbsd-4-base:1.14 yamt-pdpolicy-base6:1.12 chap-midi-nbase:1.12 netbsd-3-0-1-RELEASE:1.6 gdamore-uart:1.12.0.10 gdamore-uart-base:1.12 simonb-timcounters-final:1.10.6.1 yamt-pdpolicy-base5:1.12 chap-midi:1.12.0.8 chap-midi-base:1.12 yamt-pdpolicy-base4:1.12 yamt-pdpolicy-base3:1.12 peter-altq-base:1.12 peter-altq:1.12.0.6 yamt-pdpolicy-base2:1.12 elad-kernelauth-base:1.12 elad-kernelauth:1.12.0.4 yamt-pdpolicy:1.12.0.2 yamt-pdpolicy-base:1.12 yamt-uio_vmspace-base5:1.12 simonb-timecounters:1.10.0.6 simonb-timecounters-base:1.12 rpaulo-netinet-merge-pcb:1.10.0.4 rpaulo-netinet-merge-pcb-base:1.12 yamt-uio_vmspace:1.10.0.2 netbsd-3-0:1.6.0.4 netbsd-3-0-RELEASE:1.6 netbsd-3-0-RC6:1.6 yamt-readahead-base3:1.10 netbsd-3-0-RC5:1.6 netbsd-3-0-RC4:1.6 netbsd-3-0-RC3:1.6 yamt-readahead-base2:1.10 netbsd-3-0-RC2:1.6 net80211-1-nov-2005:1.1.1.5 yamt-readahead-pervnode:1.9 yamt-readahead-perfile:1.9 yamt-readahead:1.9.0.6 yamt-readahead-base:1.9 netbsd-3-0-RC1:1.6 yamt-vop-base3:1.9 netbsd-2-0-3-RELEASE:1.5 netbsd-2-1:1.5.0.16 yamt-vop-base2:1.9 thorpej-vnode-attr:1.9.0.4 thorpej-vnode-attr-base:1.9 netbsd-2-1-RELEASE:1.5 yamt-vop:1.9.0.2 yamt-vop-base:1.9 netbsd-2-1-RC6:1.5 netbsd-2-1-RC5:1.5 netbsd-2-1-RC4:1.5 netbsd-2-1-RC3:1.5 netbsd-2-1-RC2:1.5 netbsd-2-1-RC1:1.5 net80211-2005-07-11:1.1.1.4 yamt-lazymbuf:1.7.0.2 net80211-2005-05-18:1.1.1.3 yamt-km-base4:1.6 netbsd-2-0-2-RELEASE:1.5 yamt-km-base3:1.6 netbsd-3:1.6.0.2 netbsd-3-base:1.6 yamt-km-base2:1.5 yamt-km:1.5.0.12 yamt-km-base:1.5 kent-audio2:1.5.0.10 kent-audio2-base:1.6 netbsd-2-0-1-RELEASE:1.5 kent-audio1-beforemerge:1.5 netbsd-2:1.5.0.8 netbsd-2-base:1.5 kent-audio1:1.5.0.6 kent-audio1-base:1.5 netbsd-2-0-RELEASE:1.5 netbsd-2-0-RC5:1.5 netbsd-2-0-RC4:1.5 netbsd-2-0-RC3:1.5 netbsd-2-0-RC2:1.5 netbsd-2-0-RC1:1.5 ktrace-lwp-base:1.10 ktrace-lwp:1.5.0.4 net80211-28-apr-2004:1.1.1.2 netbsd-2-0:1.5.0.2 netbsd-2-0-base:1.5 net80211-12-dec-2003:1.1.1.2 net80211-6-sep-2003:1.1.1.1 net80211-29-aug-2003:1.1.1.1 FreeBSD:1.1.1; locks; strict; comment @ * @; 1.23 date 2018.05.08.07.02.07; author maxv; state Exp; branches 1.23.2.1; next 1.22; commitid pmxiza7E3y69IsBA; 1.22 date 2018.04.10.07.53.36; author maxv; state Exp; branches; next 1.21; commitid KfPWEcBnCLyDTRxA; 1.21 date 2018.01.19.07.52.37; author maxv; state Exp; branches 1.21.2.1; next 1.20; commitid yiwABvEm8ARFusnA; 1.20 date 2018.01.17.17.41.38; author maxv; state Exp; branches; next 1.19; commitid oRdfgIteJGtyOfnA; 1.19 date 2018.01.16.09.04.30; author maxv; state Exp; branches; next 1.18; commitid TLSC9zWDnvzbZ4nA; 1.18 date 2017.12.10.08.56.23; author maxv; state Exp; branches; next 1.17; commitid w4pSEdjyO1Y78kiA; 1.17 date 2015.08.24.22.21.26; author pooka; state Exp; branches; next 1.16; 1.16 date 2013.09.13.20.19.53; author joerg; state Exp; branches 1.16.6.1; next 1.15; 1.15 date 2011.05.23.15.37.36; author drochner; state Exp; branches 1.15.4.1 1.15.14.1 1.15.18.1; next 1.14; 1.14 date 2006.11.16.01.33.40; author christos; state Exp; branches 1.14.46.1 1.14.76.1 1.14.82.1; next 1.13; 1.13 date 2006.10.12.01.32.30; author christos; state Exp; branches; next 1.12; 1.12 date 2006.02.27.00.55.46; author dyoung; state Exp; branches 1.12.14.1 1.12.16.1; next 1.11; 1.11 date 2006.02.19.07.55.59; author dyoung; state Exp; branches; next 1.10; 1.10 date 2005.11.18.16.40.08; author skrll; state Exp; branches 1.10.2.1 1.10.4.1 1.10.6.1; next 1.9; 1.9 date 2005.07.26.22.52.48; author dyoung; state Exp; branches 1.9.6.1; next 1.8; 1.8 date 2005.07.06.23.44.15; author dyoung; state Exp; branches; next 1.7; 1.7 date 2005.06.22.06.16.02; author dyoung; state Exp; branches 1.7.2.1; next 1.6; 1.6 date 2005.02.26.22.45.09; author perry; state Exp; branches; next 1.5; 1.5 date 2003.12.14.09.56.53; author dyoung; state Exp; branches 1.5.4.1 1.5.10.1 1.5.12.1; next 1.4; 1.4 date 2003.09.23.16.03.46; author dyoung; state Exp; branches; next 1.3; 1.3 date 2003.09.14.01.14.54; author dyoung; state Exp; branches; next 1.2; 1.2 date 2003.09.07.01.22.20; author dyoung; state Exp; branches; next 1.1; 1.1 date 2003.08.30.21.26.03; author dyoung; state Exp; branches 1.1.1.1; next ; 1.23.2.1 date 2018.06.28.21.03.07; author phil; state Exp; branches; next 1.23.2.2; commitid fU5eenqZ23IoH5IA; 1.23.2.2 date 2018.07.12.16.35.34; author phil; state Exp; branches; next 1.23.2.3; commitid US0n8axK0fqSKRJA; 1.23.2.3 date 2018.07.16.20.11.11; author phil; state Exp; branches; next 1.23.2.4; commitid 57tT6pqTipGJQoKA; 1.23.2.4 date 2019.06.10.22.09.46; author christos; state Exp; branches; next ; commitid jtc8rnCzWiEEHGqB; 1.21.2.1 date 2018.04.16.02.00.08; author pgoyette; state Exp; branches; next 1.21.2.2; commitid qk3nktk0szmTIByA; 1.21.2.2 date 2018.05.21.04.36.16; author pgoyette; state Exp; branches; next ; commitid X5L8kSrBWQcDt7DA; 1.16.6.1 date 2015.09.22.12.06.11; author skrll; state Exp; branches; next ; 1.15.4.1 date 2014.05.22.11.41.09; author yamt; state Exp; branches; next ; 1.15.14.1 date 2014.08.20.00.04.35; author tls; state Exp; branches; next 1.15.14.2; 1.15.14.2 date 2017.12.03.11.39.03; author jdolecek; state Exp; branches; next ; commitid XcIYRZTAh1LmerhA; 1.15.18.1 date 2014.05.18.17.46.13; author rmind; state Exp; branches; next ; 1.14.46.1 date 2008.02.22.16.50.25; author skrll; state Exp; branches; next ; 1.14.76.1 date 2011.05.31.03.05.07; author rmind; state Exp; branches; next ; 1.14.82.1 date 2011.06.06.09.09.54; author jruoho; state Exp; branches; next ; 1.12.14.1 date 2006.11.18.21.39.32; author ad; state Exp; branches; next ; 1.12.16.1 date 2006.10.22.06.07.27; author yamt; state Exp; branches; next 1.12.16.2; 1.12.16.2 date 2006.12.10.07.19.06; author yamt; state Exp; branches; next ; 1.10.2.1 date 2006.03.01.09.28.47; author yamt; state Exp; branches; next ; 1.10.4.1 date 2006.09.09.02.58.25; author rpaulo; state Exp; branches; next ; 1.10.6.1 date 2006.04.22.11.40.08; author simonb; state Exp; branches; next ; 1.9.6.1 date 2005.11.22.16.08.16; author yamt; state Exp; branches; next ; 1.7.2.1 date 2006.06.21.15.10.45; author yamt; state Exp; branches; next 1.7.2.2; 1.7.2.2 date 2006.12.30.20.50.28; author yamt; state Exp; branches; next ; 1.5.4.1 date 2003.12.14.09.56.53; author skrll; state dead; branches; next 1.5.4.2; 1.5.4.2 date 2004.08.03.10.54.21; author skrll; state Exp; branches; next 1.5.4.3; 1.5.4.3 date 2004.09.18.14.54.39; author skrll; state Exp; branches; next 1.5.4.4; 1.5.4.4 date 2004.09.21.13.36.55; author skrll; state Exp; branches; next 1.5.4.5; 1.5.4.5 date 2005.03.04.16.53.17; author skrll; state Exp; branches; next 1.5.4.6; 1.5.4.6 date 2005.11.10.14.10.51; author skrll; state Exp; branches; next 1.5.4.7; 1.5.4.7 date 2005.12.11.10.29.22; author christos; state Exp; branches; next ; 1.5.10.1 date 2005.04.29.11.29.32; author kent; state Exp; branches; next ; 1.5.12.1 date 2005.03.19.08.36.35; author yamt; state Exp; branches; next ; 1.1.1.1 date 2003.08.30.21.26.03; author dyoung; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2003.12.13.08.36.05; author dyoung; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2005.06.21.20.37.39; author dyoung; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2005.07.26.21.48.59; author dyoung; state Exp; branches; next 1.1.1.5; 1.1.1.5 date 2005.11.18.16.20.32; author skrll; state Exp; branches; next ; desc @@ 1.23 log @Remove three useless debug messages, remove meaningless XXXs, and remove ieee80211_note_frame (unused). @ text @/* $NetBSD: ieee80211_crypto.c,v 1.22 2018/04/10 07:53:36 maxv Exp $ */ /* * Copyright (c) 2001 Atsushi Onoe * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * Alternatively, this software may be distributed under the terms of the * GNU General Public License ("GPL") version 2 as published by the Free * Software Foundation. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #ifdef __FreeBSD__ __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $"); #endif #ifdef __NetBSD__ __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.22 2018/04/10 07:53:36 maxv Exp $"); #endif #ifdef _KERNEL_OPT #include "opt_inet.h" #endif /* * IEEE 802.11 generic crypto support. */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include /* * Table of registered cipher modules. */ static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; #ifdef INET #include #include #endif static int _ieee80211_crypto_delkey(struct ieee80211com *, struct ieee80211_key *); /* * Default "null" key management routines. */ static int null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) { if (!(&ic->ic_nw_keys[0] <= k && k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) { /* * Not in the global key table, the driver should handle this * by allocating a slot in the h/w key table/cache. In * lieu of that return key slot 0 for any unicast key * request. We disallow the request if this is a group key. * This default policy does the right thing for legacy hardware * with a 4 key table. It also handles devices that pass * packets through untouched when marked with the WEP bit * and key index 0. */ if (k->wk_flags & IEEE80211_KEY_GROUP) return 0; *keyix = 0; /* NB: use key index 0 for ucast key */ } else { *keyix = k - ic->ic_nw_keys; } *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ return 1; } static int null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) { return 1; } static int null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const u_int8_t mac[IEEE80211_ADDR_LEN]) { return 1; } static void null_key_update(struct ieee80211com *ic) { ; } /* * Write-arounds for common operations. */ static __inline void cipher_detach(struct ieee80211_key *key) { key->wk_cipher->ic_detach(key); } /* * Wrappers for driver key management methods. */ static __inline int dev_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *key, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) { return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); } static __inline int dev_key_delete(struct ieee80211com *ic, const struct ieee80211_key *key) { return ic->ic_crypto.cs_key_delete(ic, key); } static __inline int dev_key_set(struct ieee80211com *ic, const struct ieee80211_key *key, const u_int8_t mac[IEEE80211_ADDR_LEN]) { return ic->ic_crypto.cs_key_set(ic, key, mac); } /* * Setup crypto support. */ void ieee80211_crypto_attach(struct ieee80211com *ic) { struct ieee80211_crypto_state *cs = &ic->ic_crypto; int i; /* NB: we assume everything is pre-zero'd */ cs->cs_def_txkey = IEEE80211_KEYIX_NONE; cs->cs_max_keyix = IEEE80211_WEP_NKID; ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none; for (i = 0; i < IEEE80211_WEP_NKID; i++) ieee80211_crypto_resetkey(ic, &cs->cs_nw_keys[i], IEEE80211_KEYIX_NONE); /* * Initialize the driver key support routines to noop entries. * This is useful especially for the cipher test modules. */ cs->cs_key_alloc = null_key_alloc; cs->cs_key_set = null_key_set; cs->cs_key_delete = null_key_delete; cs->cs_key_update_begin = null_key_update; cs->cs_key_update_end = null_key_update; } /* * Teardown crypto support. */ void ieee80211_crypto_detach(struct ieee80211com *ic) { ieee80211_crypto_delglobalkeys(ic); } /* * Register a crypto cipher module. */ void ieee80211_crypto_register(const struct ieee80211_cipher *cip) { if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { printf("%s: cipher %s has an invalid cipher index %u\n", __func__, cip->ic_name, cip->ic_cipher); return; } if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { printf("%s: cipher %s registered with a different template\n", __func__, cip->ic_name); return; } ciphers[cip->ic_cipher] = cip; } /* * Unregister a crypto cipher module. */ void ieee80211_crypto_unregister(const struct ieee80211_cipher *cip) { if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { printf("%s: cipher %s has an invalid cipher index %u\n", __func__, cip->ic_name, cip->ic_cipher); return; } if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { printf("%s: cipher %s registered with a different template\n", __func__, cip->ic_name); return; } /* NB: don't complain about not being registered */ /* XXX disallow if references */ ciphers[cip->ic_cipher] = NULL; } int ieee80211_crypto_available(u_int cipher) { return cipher < IEEE80211_CIPHER_MAX && ciphers[cipher] != NULL; } /* XXX well-known names! */ static const char *cipher_modnames[] = { "wlan_wep", /* IEEE80211_CIPHER_WEP */ "wlan_tkip", /* IEEE80211_CIPHER_TKIP */ "wlan_aes_ocb", /* IEEE80211_CIPHER_AES_OCB */ "wlan_ccmp", /* IEEE80211_CIPHER_AES_CCM */ "wlan_ckip", /* IEEE80211_CIPHER_CKIP */ }; /* * Establish a relationship between the specified key and cipher * and, if necessary, allocate a hardware index from the driver. * Note that when a fixed key index is required it must be specified * and we blindly assign it w/o consulting the driver (XXX). * * This must be the first call applied to a key; all the other key * routines assume wk_cipher is setup. * * Locking must be handled by the caller using: * ieee80211_key_update_begin(ic); * ieee80211_key_update_end(ic); */ int ieee80211_crypto_newkey(struct ieee80211com *ic, int cipher, int flags, struct ieee80211_key *key) { #define N(a) (sizeof(a) / sizeof(a[0])) const struct ieee80211_cipher *cip; ieee80211_keyix keyix, rxkeyix; void *keyctx; int oflags; /* * Validate cipher and set reference to cipher routines. */ if (cipher >= IEEE80211_CIPHER_MAX) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: invalid cipher %u\n", __func__, cipher); ic->ic_stats.is_crypto_badcipher++; return 0; } cip = ciphers[cipher]; if (cip == NULL) { /* * Auto-load cipher module if we have a well-known name * for it. It might be better to use string names rather * than numbers and craft a module name based on the cipher * name; e.g. wlan_cipher_. */ if (cipher < N(cipher_modnames)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unregistered cipher %u, load module %s\n", __func__, cipher, cipher_modnames[cipher]); ieee80211_load_module(cipher_modnames[cipher]); /* * If cipher module loaded it should immediately * call ieee80211_crypto_register which will fill * in the entry in the ciphers array. */ cip = ciphers[cipher]; } if (cip == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to load cipher %u, module %s\n", __func__, cipher, cipher < N(cipher_modnames) ? cipher_modnames[cipher] : ""); ic->ic_stats.is_crypto_nocipher++; return 0; } } oflags = key->wk_flags; flags &= IEEE80211_KEY_COMMON; /* * If the hardware does not support the cipher then * fall back to a host-based implementation. */ if ((ic->ic_caps & (1<ic_name); flags |= IEEE80211_KEY_SWCRYPT; } /* * Hardware TKIP with software MIC is an important * combination; we handle it by flagging each key, * the cipher modules honor it. */ if (cipher == IEEE80211_CIPHER_TKIP && (ic->ic_caps & IEEE80211_C_TKIPMIC) == 0) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no h/w support for TKIP MIC, falling back to s/w\n", __func__); flags |= IEEE80211_KEY_SWMIC; } /* * Bind cipher to key instance. Note we do this * after checking the device capabilities so the * cipher module can optimize space usage based on * whether or not it needs to do the cipher work. */ if (key->wk_cipher != cip || key->wk_flags != flags) { again: /* * Fillin the flags so cipher modules can see s/w * crypto requirements and potentially allocate * different state and/or attach different method * pointers. * * XXX this is not right when s/w crypto fallback * fails and we try to restore previous state. */ key->wk_flags = flags; keyctx = cip->ic_attach(ic, key); if (keyctx == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to attach cipher %s\n", __func__, cip->ic_name); key->wk_flags = oflags; /* restore old flags */ ic->ic_stats.is_crypto_attachfail++; return 0; } cipher_detach(key); key->wk_cipher = cip; /* XXX refcnt? */ key->wk_private = keyctx; } /* * Commit to requested usage so driver can see the flags. */ key->wk_flags = flags; /* * Ask the driver for a key index if we don't have one. * Note that entries in the global key table always have * an index; this means it's safe to call this routine * for these entries just to setup the reference to the * cipher template. Note also that when using software * crypto we also call the driver to give us a key index. */ if (key->wk_keyix == IEEE80211_KEYIX_NONE) { if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) { /* * Driver has no room; fallback to doing crypto * in the host. We change the flags and start the * procedure over. If we get back here then there's * no hope and we bail. Note that this can leave * the key in a inconsistent state if the caller * continues to use it. */ if ((key->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) { ic->ic_stats.is_crypto_swfallback++; IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no h/w resources for cipher %s, " "falling back to s/w\n", __func__, cip->ic_name); oflags = key->wk_flags; flags |= IEEE80211_KEY_SWCRYPT; if (cipher == IEEE80211_CIPHER_TKIP) flags |= IEEE80211_KEY_SWMIC; goto again; } ic->ic_stats.is_crypto_keyfail++; IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to setup cipher %s\n", __func__, cip->ic_name); return 0; } key->wk_keyix = keyix; key->wk_rxkeyix = rxkeyix; } return 1; #undef N } /* * Remove the key (no locking, for internal use). */ static int _ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) { ieee80211_keyix keyix; IASSERT(key->wk_cipher != NULL, ("No cipher!")); IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: %s keyix %u flags 0x%x rsc %ju tsc %ju len %u\n", __func__, key->wk_cipher->ic_name, key->wk_keyix, key->wk_flags, key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); keyix = key->wk_keyix; if (keyix != IEEE80211_KEYIX_NONE) { /* * Remove hardware entry. */ /* XXX key cache */ if (!dev_key_delete(ic, key)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: driver did not delete key index %u\n", __func__, keyix); ic->ic_stats.is_crypto_delkey++; /* XXX recovery? */ } } cipher_detach(key); memset(key, 0, sizeof(*key)); ieee80211_crypto_resetkey(ic, key, IEEE80211_KEYIX_NONE); return 1; } /* * Remove the specified key. */ int ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) { int status; ieee80211_key_update_begin(ic); status = _ieee80211_crypto_delkey(ic, key); ieee80211_key_update_end(ic); return status; } /* * Clear the global key table. */ void ieee80211_crypto_delglobalkeys(struct ieee80211com *ic) { int i; ieee80211_key_update_begin(ic); for (i = 0; i < IEEE80211_WEP_NKID; i++) (void)_ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]); ieee80211_key_update_end(ic); } /* * Set the contents of the specified key. * * Locking must be handled by the caller using: * ieee80211_key_update_begin(ic); * ieee80211_key_update_end(ic); */ int ieee80211_crypto_setkey(struct ieee80211com *ic, struct ieee80211_key *key, const u_int8_t macaddr[IEEE80211_ADDR_LEN]) { const struct ieee80211_cipher *cip = key->wk_cipher; IASSERT(cip != NULL, ("No cipher!")); IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: %s keyix %u flags 0x%x mac %s rsc %ju tsc %ju len %u\n", __func__, cip->ic_name, key->wk_keyix, key->wk_flags, ether_sprintf(macaddr), key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); /* * Give cipher a chance to validate key contents. * XXX should happen before modifying state. */ if (!cip->ic_setkey(key)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: cipher %s rejected key index %u len %u flags 0x%x\n", __func__, cip->ic_name, key->wk_keyix, key->wk_keylen, key->wk_flags); ic->ic_stats.is_crypto_setkey_cipher++; return 0; } if (key->wk_keyix == IEEE80211_KEYIX_NONE) { /* XXX nothing allocated, should not happen */ IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no key index; should not happen!\n", __func__); ic->ic_stats.is_crypto_setkey_nokey++; return 0; } return dev_key_set(ic, key, macaddr); } /* * Add privacy headers appropriate for the specified key. * * XXX XXX XXX: Here we modify 'm', and potentially reallocate it. We * should pass back to the caller the updated pointer to avoid * use-after-frees. This can be done by changing the argument to be **m, * but many drivers will have to be changed accordingly. */ struct ieee80211_key * ieee80211_crypto_encap(struct ieee80211com *ic, struct ieee80211_node *ni, struct mbuf *m) { struct ieee80211_key *k; struct ieee80211_frame *wh; const struct ieee80211_cipher *cip; u_int8_t keyid, *hdr; int hdrlen; /* * Multicast traffic always uses the multicast key. * Otherwise if a unicast key is set we use that and * it is always key index 0. When no unicast key is * set we fall back to the default transmit key. */ wh = mtod(m, struct ieee80211_frame *); if (IEEE80211_IS_MULTICAST(wh->i_addr1) || ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "[%s] no default transmit key (%s) deftxkey %u\n", ether_sprintf(wh->i_addr1), __func__, ic->ic_def_txkey); ic->ic_stats.is_tx_nodefkey++; return NULL; } keyid = ic->ic_def_txkey; k = &ic->ic_nw_keys[ic->ic_def_txkey]; } else { keyid = 0; k = &ni->ni_ucastkey; } cip = k->wk_cipher; /* * The crypto header is added after the IEEE802.11 header. Prepend * the size of the crypto header, and move the IEEE802.11 header back * to the beginning of the mbuf. Ensure everything is contiguous. */ hdrlen = ieee80211_hdrspace(ic, mtod(m, void *)); M_PREPEND(m, cip->ic_header, M_NOWAIT); if (m && m->m_len < hdrlen + cip->ic_header) { m = m_pullup(m, hdrlen + cip->ic_header); } if (m == NULL) { return NULL; } hdr = mtod(m, u_int8_t *); memmove(hdr, hdr + cip->ic_header, hdrlen); return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); } #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) #define IEEE80211_WEP_MINLEN \ (sizeof(struct ieee80211_frame) + \ IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN) /* * Validate and strip privacy headers (and trailer) for a * received frame that has the WEP/Privacy bit set. */ struct ieee80211_key * ieee80211_crypto_decap(struct ieee80211com *ic, struct ieee80211_node *ni, struct mbuf **mp, int hdrlen) { const struct ieee80211_cipher *cip; struct ieee80211_key *k; struct ieee80211_frame *wh; struct mbuf *m = *mp; u_int8_t keyid; KASSERT((m->m_flags & M_PKTHDR) != 0); /* * This minimum size data frame could be bigger. It is re-checked * below. */ if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, "%s: WEP data frame too short, len %u\n", __func__, m->m_pkthdr.len); ic->ic_stats.is_rx_tooshort++; return NULL; } /* * Locate the key. If unicast and there is no unicast * key then we fall back to the key id in the header. * This assumes unicast keys are only configured when * the key id in the header is meaningless (typically 0). */ wh = mtod(m, struct ieee80211_frame *); m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid); if (IEEE80211_IS_MULTICAST(wh->i_addr1) || ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { k = &ic->ic_nw_keys[keyid >> 6]; } else { k = &ni->ni_ucastkey; } /* * Insure crypto header is contiguous for all decap work. */ cip = k->wk_cipher; if (m->m_len < hdrlen + cip->ic_header) { m = m_pullup(m, hdrlen + cip->ic_header); *mp = m; } if (m == NULL) { ic->ic_stats.is_rx_tooshort++; return NULL; } /* * Ensure there is a header+trailer included. */ if (m->m_pkthdr.len < hdrlen + cip->ic_header + cip->ic_trailer) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, "%s: WEP data frame too short, len %u\n", __func__, m->m_pkthdr.len); ic->ic_stats.is_rx_tooshort++; return NULL; } return (cip->ic_decap(k, m, hdrlen) ? k : NULL); } @ 1.23.2.1 log @Start of WiFi refresh. Copy of FreeBSD net80211 directory with git mirror commit id of 09e3123164ec345822e00465039503686efde455, no changes yet. ieee80211_netbsd.[ch] from ieee80211_freebsd.[ch]. @ text @d1 3 a3 3 /*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * d5 1 a5 1 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting d16 6 d36 10 a45 1 __FBSDID("$FreeBSD$"); a49 2 #include "opt_wlan.h" d51 1 a51 3 #include #include #include d54 5 d62 3 a64 1 #include /* XXX ETHER_HDR_LEN */ d66 1 a68 5 MALLOC_DEFINE(M_80211_CRYPTO, "80211crypto", "802.11 crypto state"); static int _ieee80211_crypto_delkey(struct ieee80211vap *, struct ieee80211_key *); d72 9 a80 1 static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; d86 2 a87 2 null_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d89 2 a90 2 if (!(&vap->iv_nw_keys[0] <= k && k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { d105 1 a105 1 *keyix = ieee80211_crypto_get_key_wepidx(vap, k); d110 1 d112 1 a112 1 null_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) d116 4 a119 2 static int null_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) d123 6 a128 1 static void null_key_update(struct ieee80211vap *vap) {} d139 1 a139 7 static __inline void * cipher_attach(struct ieee80211vap *vap, struct ieee80211_key *key) { return key->wk_cipher->ic_attach(vap, key); } /* d143 2 a144 3 dev_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *key, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d146 1 a146 1 return vap->iv_key_alloc(vap, key, keyix, rxkeyix); d150 1 a150 2 dev_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *key) d152 1 a152 1 return vap->iv_key_delete(vap, key); d156 2 a157 1 dev_key_set(struct ieee80211vap *vap, const struct ieee80211_key *key) d159 1 a159 1 return vap->iv_key_set(vap, key); d163 1 a163 1 * Setup crypto support for a device/shared instance. d168 1 a168 18 /* NB: we assume everything is pre-zero'd */ ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none; } /* * Teardown crypto support. */ void ieee80211_crypto_detach(struct ieee80211com *ic) { } /* * Setup crypto support for a vap. */ void ieee80211_crypto_vattach(struct ieee80211vap *vap) { d172 3 a174 2 vap->iv_max_keyix = IEEE80211_WEP_NKID; vap->iv_def_txkey = IEEE80211_KEYIX_NONE; d176 1 a176 1 ieee80211_crypto_resetkey(vap, &vap->iv_nw_keys[i], d182 5 a186 5 vap->iv_key_alloc = null_key_alloc; vap->iv_key_set = null_key_set; vap->iv_key_delete = null_key_delete; vap->iv_key_update_begin = null_key_update; vap->iv_key_update_end = null_key_update; d190 1 a190 1 * Teardown crypto support for a vap. d193 1 a193 1 ieee80211_crypto_vdetach(struct ieee80211vap *vap) d195 1 a195 1 ieee80211_crypto_delglobalkeys(vap); d245 6 a250 8 static const char *cipher_modnames[IEEE80211_CIPHER_MAX] = { [IEEE80211_CIPHER_WEP] = "wlan_wep", [IEEE80211_CIPHER_TKIP] = "wlan_tkip", [IEEE80211_CIPHER_AES_OCB] = "wlan_aes_ocb", [IEEE80211_CIPHER_AES_CCM] = "wlan_ccmp", [IEEE80211_CIPHER_TKIPMIC] = "#4", /* NB: reserved */ [IEEE80211_CIPHER_CKIP] = "wlan_ckip", [IEEE80211_CIPHER_NONE] = "wlan_none", a252 3 /* NB: there must be no overlap between user-supplied and device-owned flags */ CTASSERT((IEEE80211_KEY_COMMON & IEEE80211_KEY_DEVICE) == 0); d256 2 a257 1 * Note that when a fixed key index is required it must be specified. d263 2 a264 2 * ieee80211_key_update_begin(vap); * ieee80211_key_update_end(vap); d267 2 a268 2 ieee80211_crypto_newkey(struct ieee80211vap *vap, int cipher, int flags, struct ieee80211_key *key) d270 1 a270 1 struct ieee80211com *ic = vap->iv_ic; a275 4 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, "%s: cipher %u flags 0x%x keyix %u\n", __func__, cipher, flags, key->wk_keyix); d280 3 a282 3 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, "%s: invalid cipher %u\n", __func__, cipher); vap->iv_stats.is_crypto_badcipher++; d286 1 d294 12 a305 10 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, "%s: unregistered cipher %u, load module %s\n", __func__, cipher, cipher_modnames[cipher]); ieee80211_load_module(cipher_modnames[cipher]); /* * If cipher module loaded it should immediately * call ieee80211_crypto_register which will fill * in the entry in the ciphers array. */ cip = ciphers[cipher]; d307 6 a312 4 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, "%s: unable to load cipher %u, module %s\n", __func__, cipher, cipher_modnames[cipher]); vap->iv_stats.is_crypto_nocipher++; d319 1 a319 2 /* NB: preserve device attributes */ flags |= (oflags & IEEE80211_KEY_DEVICE); d322 1 a322 1 * fallback to a host-based implementation. d324 2 a325 2 if ((ic->ic_cryptocaps & (1<ic_cryptocaps & IEEE80211_CRYPTO_TKIPMIC) == 0) { IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, d351 1 d357 3 d362 1 a362 1 keyctx = cip->ic_attach(vap, key); d364 1 a364 1 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, d368 1 a368 1 vap->iv_stats.is_crypto_attachfail++; d375 4 d388 2 a389 2 if ((key->wk_flags & IEEE80211_KEY_DEVKEY) == 0) { if (!dev_key_alloc(vap, key, &keyix, &rxkeyix)) { d391 6 a396 1 * Unable to setup driver state. d398 14 a411 2 vap->iv_stats.is_crypto_keyfail++; IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, a415 25 if (key->wk_flags != flags) { /* * Driver overrode flags we setup; typically because * resources were unavailable to handle _this_ key. * Re-attach the cipher context to allow cipher * modules to handle differing requirements. */ IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, "%s: driver override for cipher %s, flags " "0x%x -> 0x%x\n", __func__, cip->ic_name, oflags, key->wk_flags); keyctx = cip->ic_attach(vap, key); if (keyctx == NULL) { IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, "%s: unable to attach cipher %s with " "flags 0x%x\n", __func__, cip->ic_name, key->wk_flags); key->wk_flags = oflags; /* restore old flags */ vap->iv_stats.is_crypto_attachfail++; return 0; } cipher_detach(key); key->wk_cipher = cip; /* XXX refcnt? */ key->wk_private = keyctx; } a417 1 key->wk_flags |= IEEE80211_KEY_DEVKEY; d420 1 d427 1 a427 1 _ieee80211_crypto_delkey(struct ieee80211vap *vap, struct ieee80211_key *key) d429 3 a431 1 KASSERT(key->wk_cipher != NULL, ("No cipher!")); d433 1 a433 1 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, d437 1 a437 2 key->wk_keyrsc[IEEE80211_NONQOS_TID], key->wk_keytsc, key->wk_keylen); d439 2 a440 1 if (key->wk_flags & IEEE80211_KEY_DEVKEY) { d445 2 a446 2 if (!dev_key_delete(vap, key)) { IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, d448 2 a449 2 __func__, key->wk_keyix); vap->iv_stats.is_crypto_delkey++; d455 1 a455 1 ieee80211_crypto_resetkey(vap, key, IEEE80211_KEYIX_NONE); d463 1 a463 1 ieee80211_crypto_delkey(struct ieee80211vap *vap, struct ieee80211_key *key) d467 3 a469 3 ieee80211_key_update_begin(vap); status = _ieee80211_crypto_delkey(vap, key); ieee80211_key_update_end(vap); d477 1 a477 1 ieee80211_crypto_delglobalkeys(struct ieee80211vap *vap) d481 1 a481 1 ieee80211_key_update_begin(vap); d483 2 a484 2 (void) _ieee80211_crypto_delkey(vap, &vap->iv_nw_keys[i]); ieee80211_key_update_end(vap); d491 2 a492 2 * ieee80211_key_update_begin(vap); * ieee80211_key_update_end(vap); d495 2 a496 1 ieee80211_crypto_setkey(struct ieee80211vap *vap, struct ieee80211_key *key) d500 1 a500 1 KASSERT(cip != NULL, ("No cipher!")); d502 1 a502 1 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, d505 2 a506 3 key->wk_flags, ether_sprintf(key->wk_macaddr), key->wk_keyrsc[IEEE80211_NONQOS_TID], key->wk_keytsc, key->wk_keylen); a507 8 if ((key->wk_flags & IEEE80211_KEY_DEVKEY) == 0) { /* XXX nothing allocated, should not happen */ IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, "%s: no device key setup done; should not happen!\n", __func__); vap->iv_stats.is_crypto_setkey_nokey++; return 0; } d513 1 a513 1 IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO, d517 1 a517 1 vap->iv_stats.is_crypto_setkey_cipher++; d520 8 a527 1 return dev_key_set(vap, key); d531 1 a531 1 * Return index if the key is a WEP key (0..3); -1 otherwise. d533 4 a536 2 * This is different to "get_keyid" which defaults to returning * 0 for unicast keys; it assumes that it won't be used for WEP. a537 24 int ieee80211_crypto_get_key_wepidx(const struct ieee80211vap *vap, const struct ieee80211_key *k) { if (k >= &vap->iv_nw_keys[0] && k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) return (k - vap->iv_nw_keys); return (-1); } /* * Note: only supports a single unicast key (0). */ uint8_t ieee80211_crypto_get_keyid(struct ieee80211vap *vap, struct ieee80211_key *k) { if (k >= &vap->iv_nw_keys[0] && k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) return (k - vap->iv_nw_keys); else return (0); } d539 2 a540 1 ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m) d542 1 a542 1 struct ieee80211vap *vap = ni->ni_vap; d544 3 d556 7 a562 7 IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE) { IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr1, "no default transmit key (%s) deftxkey %u", __func__, vap->iv_def_txkey); vap->iv_stats.is_tx_nodefkey++; d565 5 a569 1 return &vap->iv_nw_keys[vap->iv_def_txkey]; d571 1 d573 12 a584 15 return &ni->ni_ucastkey; } /* * Add privacy headers appropriate for the specified key. */ struct ieee80211_key * ieee80211_crypto_encap(struct ieee80211_node *ni, struct mbuf *m) { struct ieee80211_key *k; const struct ieee80211_cipher *cip; if ((k = ieee80211_crypto_get_txkey(ni, m)) != NULL) { cip = k->wk_cipher; return (cip->ic_encap(k, m) ? k : NULL); d586 2 d589 1 a589 1 return NULL; d592 5 d601 3 a603 3 int ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf *m, int hdrlen, struct ieee80211_key **key) d605 1 a605 5 #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) #define IEEE80211_WEP_MINLEN \ (sizeof(struct ieee80211_frame) + \ IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN) struct ieee80211vap *vap = ni->ni_vap; d608 4 a611 3 const struct ieee80211_rx_stats *rxs; const struct ieee80211_cipher *cip; uint8_t keyid; d614 3 a616 20 * Check for hardware decryption and IV stripping. * If the IV is stripped then we definitely can't find a key. * Set the key to NULL but return true; upper layers * will need to handle a NULL key for a successful * decrypt. */ rxs = ieee80211_get_rx_params_ptr(m); if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED)) { if (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP) { /* * Hardware decrypted, IV stripped. * We can't find a key with a stripped IV. * Return successful. */ *key = NULL; return (1); } } /* NB: this minimum size data frame could be bigger */ d618 1 a618 1 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY, d621 2 a622 3 vap->iv_stats.is_rx_tooshort++; /* XXX need unique stat? */ *key = NULL; return (0); d634 3 a636 3 IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) k = &vap->iv_nw_keys[keyid >> 6]; else d638 1 d644 3 a646 7 if (m->m_len < hdrlen + cip->ic_header && (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2, "unable to pullup %s header", cip->ic_name); vap->iv_stats.is_rx_wepfail++; /* XXX */ *key = NULL; return (0); d649 3 a651 10 /* * Attempt decryption. * * If we fail then don't return the key - return NULL * and an error. */ if (cip->ic_decap(k, m, hdrlen)) { /* success */ *key = k; return (1); a653 21 /* Failure */ *key = NULL; return (0); #undef IEEE80211_WEP_MINLEN #undef IEEE80211_WEP_HDRLEN } /* * Check and remove any MIC. */ int ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k, struct mbuf *m, int force) { const struct ieee80211_cipher *cip; const struct ieee80211_rx_stats *rxs; struct ieee80211_frame *wh; rxs = ieee80211_get_rx_params_ptr(m); wh = mtod(m, struct ieee80211_frame *); d655 1 a655 1 * Handle demic / mic errors from hardware-decrypted offload devices. d657 6 a662 73 if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED)) { if (rxs->c_pktflags & IEEE80211_RX_F_FAIL_MIC) { /* * Hardware has said MIC failed. We don't care about * whether it was stripped or not. * * Eventually - teach the demic methods in crypto * modules to handle a NULL key and not to dereference * it. */ ieee80211_notify_michael_failure(vap, wh, -1); return (0); } if (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) { /* * Hardware has decrypted and not indicated a * MIC failure and has stripped the MIC. * We may not have a key, so for now just * return OK. */ return (1); } } /* * If we don't have a key at this point then we don't * have to demic anything. */ if (k == NULL) return (1); cip = k->wk_cipher; return (cip->ic_miclen > 0 ? cip->ic_demic(k, m, force) : 1); } static void load_ucastkey(void *arg, struct ieee80211_node *ni) { struct ieee80211vap *vap = ni->ni_vap; struct ieee80211_key *k; if (vap->iv_state != IEEE80211_S_RUN) return; k = &ni->ni_ucastkey; if (k->wk_flags & IEEE80211_KEY_DEVKEY) dev_key_set(vap, k); } /* * Re-load all keys known to the 802.11 layer that may * have hardware state backing them. This is used by * drivers on resume to push keys down into the device. */ void ieee80211_crypto_reload_keys(struct ieee80211com *ic) { struct ieee80211vap *vap; int i; /* * Keys in the global key table of each vap. */ /* NB: used only during resume so don't lock for now */ TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { if (vap->iv_state != IEEE80211_S_RUN) continue; for (i = 0; i < IEEE80211_WEP_NKID; i++) { const struct ieee80211_key *k = &vap->iv_nw_keys[i]; if (k->wk_flags & IEEE80211_KEY_DEVKEY) dev_key_set(vap, k); } a663 17 /* * Unicast keys. */ ieee80211_iterate_nodes(&ic->ic_sta, load_ucastkey, NULL); } /* * Set the default key index for WEP, or KEYIX_NONE for no default TX key. * * This should be done as part of a key update block (iv_key_update_begin / * iv_key_update_end.) */ void ieee80211_crypto_set_deftxkey(struct ieee80211vap *vap, ieee80211_keyix kid) { /* XXX TODO: assert we're in a key update block */ d665 1 a665 1 vap->iv_update_deftxkey(vap, kid); @ 1.23.2.2 log @State save. New kernel config for this brach only. TESTWIFI does produce a kernel. It is not working. athn files not compiling yet and commented out of the TESTWIFI kernel, which only has urtwn 802.11 driver enabled. ieee80211_alq.c and ieee80211_ddb.c not compiling yet. @ text @a0 2 /* $NetBSD: $ */ a29 1 #ifdef __FreeBSD__ a30 1 #endif a45 1 #ifdef __FreeBSD__ a46 4 #endif #ifdef __NetBSD__ #include #endif a49 5 #ifdef __NetBSD__ #undef KASSERT #define KASSERT(__cond, __complaint) FBSDKASSERT(__cond, __complaint) #endif a236 1 #ifdef __FreeBSD__ a246 1 #endif a287 1 #if __FreeBSD__ a310 3 #else panic("wlan_cipher not usable."); /* NNN NetBSD modules? */ #endif @ 1.23.2.3 log @State save. urtwn now can attach and shows up in the "ifconfig -a" list. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.23.2.2 2018/07/12 16:35:34 phil Exp $ */ d32 1 a32 1 #if __FreeBSD__ d50 1 a50 1 #if __FreeBSD__ d53 1 a53 2 #if __NetBSD__ #include d251 1 a251 1 #if __FreeBSD__ @ 1.23.2.4 log @Sync with HEAD @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.23.2.3 2018/07/16 20:11:11 phil Exp $ */ d32 2 a33 2 #ifdef __NetBSD__ __KERNEL_RCSID(0, "$NetBSD$"); a38 1 #ifdef _KERNEL_OPT a39 1 #endif @ 1.22 log @Improve an XXX of mine, and fix one stat. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.21 2018/01/19 07:52:37 maxv Exp $ */ d40 1 a40 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.21 2018/01/19 07:52:37 maxv Exp $"); a649 3 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "[%s] unable to pullup %s header\n", ether_sprintf(wh->i_addr2), cip->ic_name); @ 1.21 log @Style, and make sure that there is a header+trailer included in the packet. The crypto functions can touch the trailer, but they don't check whether it's there in the first place. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.20 2018/01/17 17:41:38 maxv Exp $ */ d40 1 a40 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.20 2018/01/17 17:41:38 maxv Exp $"); d532 5 a588 2 /* XXX pass the updated pointer back to the caller */ d653 1 a653 1 ic->ic_stats.is_rx_wepfail++; /* XXX */ @ 1.21.2.1 log @Sync with HEAD, resolve some conflicts @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.22 2018/04/10 07:53:36 maxv Exp $ */ d40 1 a40 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.22 2018/04/10 07:53:36 maxv Exp $"); a531 5 * * XXX XXX XXX: Here we modify 'm', and potentially reallocate it. We * should pass back to the caller the updated pointer to avoid * use-after-frees. This can be done by changing the argument to be **m, * but many drivers will have to be changed accordingly. d584 2 d650 1 a650 1 ic->ic_stats.is_rx_tooshort++; @ 1.21.2.2 log @Sync with HEAD @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.23 2018/05/08 07:02:07 maxv Exp $ */ d40 1 a40 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.23 2018/05/08 07:02:07 maxv Exp $"); d650 3 @ 1.20 log @Style, and fix two pretty bad mistakes in the crypto functions: * They call M_PREPEND, but don't pass the updated pointer back to the caller. * They use memmove on the mbuf data, but they don't ensure that the area they touch is contiguous. This fix is not complete, ieee80211_crypto_encap too needs to pass back the updated pointer. This will be done in another commit. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.19 2018/01/16 09:04:30 maxv Exp $ */ d40 1 a40 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.19 2018/01/16 09:04:30 maxv Exp $"); d51 1 a51 1 #include d75 1 a75 1 #include d139 1 a139 1 /* d608 6 a613 1 /* NB: this minimum size data frame could be bigger */ d654 11 @ 1.19 log @Update the mbuf pointer when m_pullup succeeds, I forgot this in my last revision (I only fixed the UAF in one branch). Meanwhile, style. @ text @d1 3 a3 2 /* $NetBSD: ieee80211_crypto.c,v 1.18 2017/12/10 08:56:23 maxv Exp $ */ /*- d40 1 a40 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.18 2017/12/10 08:56:23 maxv Exp $"); d72 1 a72 1 static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; d79 2 a80 2 static int _ieee80211_crypto_delkey(struct ieee80211com *, struct ieee80211_key *); d87 1 a87 1 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d110 1 d112 1 a112 2 null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) d116 3 a118 3 static int null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, d123 6 a128 1 static void null_key_update(struct ieee80211com *ic) {} d143 2 a144 3 dev_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *key, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d150 1 a150 2 dev_key_delete(struct ieee80211com *ic, const struct ieee80211_key *key) d157 1 a157 1 const u_int8_t mac[IEEE80211_ADDR_LEN]) d267 2 a268 2 ieee80211_crypto_newkey(struct ieee80211com *ic, int cipher, int flags, struct ieee80211_key *key) d286 1 d319 1 d322 1 a322 1 * fallback to a host-based implementation. d330 1 d483 1 a483 1 (void) _ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]); d496 1 a496 1 const u_int8_t macaddr[IEEE80211_ADDR_LEN]) d534 2 a535 2 ieee80211_crypto_encap(struct ieee80211com *ic, struct ieee80211_node *ni, struct mbuf *m) d540 2 a541 1 u_int8_t keyid; d567 19 d600 1 a600 1 struct ieee80211_node *ni, struct mbuf **mp, int hdrlen) @ 1.18 log @Fix use-after-free: ieee80211_crypto_decap does a pullup on the mbuf but the updated pointer is not passed back. Looks like it is triggerable remotely. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.17 2015/08/24 22:21:26 pooka Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.17 2015/08/24 22:21:26 pooka Exp $"); d562 5 d575 1 a575 4 #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) #define IEEE80211_WEP_MINLEN \ (sizeof(struct ieee80211_frame) + \ IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN) a577 1 const struct ieee80211_cipher *cip; d586 1 a586 1 ic->ic_stats.is_rx_tooshort++; /* XXX need unique stat? */ d599 1 a599 1 ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) d601 1 a601 1 else d603 1 d609 6 a614 3 if (m->m_len < hdrlen + cip->ic_header && (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { *mp = NULL; a622 2 #undef IEEE80211_WEP_MINLEN #undef IEEE80211_WEP_HDRLEN @ 1.17 log @sprinkle _KERNEL_OPT @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.16 2013/09/13 20:19:53 joerg Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.16 2013/09/13 20:19:53 joerg Exp $"); d568 1 a568 1 struct ieee80211_node *ni, struct mbuf *m, int hdrlen) d577 1 d609 1 @ 1.16 log @GC unused functions. Don't bother building ieee80211_acl.c, nothing in it is non-static. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.15 2011/05/23 15:37:36 drochner Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.15 2011/05/23 15:37:36 drochner Exp $"); d42 1 d44 1 @ 1.16.6.1 log @Sync with HEAD @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.17 2015/08/24 22:21:26 pooka Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.17 2015/08/24 22:21:26 pooka Exp $"); a41 1 #ifdef _KERNEL_OPT a42 1 #endif @ 1.15 log @-remove references to crypto/arc4/arc4.* -- the code isn't used anywhere afaics (The confusion comes probably from use of arc4random() at various places, but this lives in libkern and doesn't share code with the former.) -g/c non-implementation of arc4 encryption in swcrypto(4) -remove special casing of ARC4 in crypto(4) -- the point is that it doesn't use an IV, and this fact is made explicit by the new "ivsize" property of xforms @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.14 2006/11/16 01:33:40 christos Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.14 2006/11/16 01:33:40 christos Exp $"); a130 6 static __inline void * cipher_attach(struct ieee80211com *ic, struct ieee80211_key *key) { return key->wk_cipher->ic_attach(ic, key); } @ 1.15.14.1 log @Rebase to HEAD as of a few days ago. @ text @d1 1 a1 1 /* $NetBSD$ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD$"); d131 6 @ 1.15.14.2 log @update from HEAD @ text @a41 1 #ifdef _KERNEL_OPT a42 1 #endif @ 1.15.4.1 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.15 2011/05/23 15:37:36 drochner Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.15 2011/05/23 15:37:36 drochner Exp $"); d131 6 @ 1.15.18.1 log @sync with head @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.15 2011/05/23 15:37:36 drochner Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.15 2011/05/23 15:37:36 drochner Exp $"); d131 6 @ 1.14 log @__unused removal on arguments; approved by core. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.13 2006/10/12 01:32:30 christos Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.13 2006/10/12 01:32:30 christos Exp $"); a75 1 #include /* XXX unneeded? */ @ 1.14.82.1 log @Sync with HEAD. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.15 2011/05/23 15:37:36 drochner Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.15 2011/05/23 15:37:36 drochner Exp $"); d76 1 @ 1.14.76.1 log @sync with head @ text @d1 1 a1 1 /* $NetBSD$ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD$"); d76 1 @ 1.14.46.1 log @Beginning of a sync with net80211 from FreeBSD. Lots to do. Sources taken from 2008-02-22. @ text @d4 1 a4 1 * Copyright (c) 2002-2007 Sam Leffler, Errno Consulting d15 6 d36 1 a36 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.16 2007/06/11 03:36:54 sam Exp $"); d115 3 a117 2 null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const uint8_t mac[IEEE80211_ADDR_LEN]) d158 1 a158 1 const uint8_t mac[IEEE80211_ADDR_LEN]) d494 1 a494 1 const uint8_t macaddr[IEEE80211_ADDR_LEN]) d538 1 a538 1 uint8_t keyid; d548 1 a548 1 IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { d582 1 a582 1 uint8_t keyid; d602 1 a602 1 IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) @ 1.13 log @- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386 @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.12 2006/02/27 00:55:46 dyoung Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.12 2006/02/27 00:55:46 dyoung Exp $"); d109 2 a110 2 null_key_delete(struct ieee80211com *ic __unused, const struct ieee80211_key *k __unused) d115 3 a117 3 null_key_set(struct ieee80211com *ic __unused, const struct ieee80211_key *k __unused, const u_int8_t mac[IEEE80211_ADDR_LEN] __unused) d121 1 a121 1 static void null_key_update(struct ieee80211com *ic __unused) {} @ 1.12 log @KNF: return NULL for a pointer, instead of 0. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.11 2006/02/19 07:55:59 dyoung Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.11 2006/02/19 07:55:59 dyoung Exp $"); d109 2 a110 1 null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) d115 3 a117 2 null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const u_int8_t mac[IEEE80211_ADDR_LEN]) d121 1 a121 1 static void null_key_update(struct ieee80211com *ic) {} @ 1.12.14.1 log @Sync with head. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.14 2006/11/16 01:33:40 christos Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.14 2006/11/16 01:33:40 christos Exp $"); d109 1 a109 2 null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) d114 2 a115 3 null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const u_int8_t mac[IEEE80211_ADDR_LEN]) @ 1.12.16.1 log @sync with head @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.12 2006/02/27 00:55:46 dyoung Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.12 2006/02/27 00:55:46 dyoung Exp $"); d109 1 a109 2 null_key_delete(struct ieee80211com *ic __unused, const struct ieee80211_key *k __unused) d114 2 a115 3 null_key_set(struct ieee80211com *ic __unused, const struct ieee80211_key *k __unused, const u_int8_t mac[IEEE80211_ADDR_LEN] __unused) d119 1 a119 1 static void null_key_update(struct ieee80211com *ic __unused) {} @ 1.12.16.2 log @sync with head. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.12.16.1 2006/10/22 06:07:27 yamt Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.12.16.1 2006/10/22 06:07:27 yamt Exp $"); d109 2 a110 2 null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) d115 3 a117 3 null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const u_int8_t mac[IEEE80211_ADDR_LEN]) d121 1 a121 1 static void null_key_update(struct ieee80211com *ic) {} @ 1.11 log @Use a safe idiom to extract the keyid from the WEP header, instead of assuming that the bytes of the 802.11 header and WEP header are contiguous in the mbuf chain. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.10 2005/11/18 16:40:08 skrll Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.10 2005/11/18 16:40:08 skrll Exp $"); d615 1 a615 1 return 0; @ 1.10 log @Resolve conflicts and adapt to NetBSD. Thanks to dyoung@@, scw@@, and perry@@ for help testing. 2005-08-30 15:27 avatar Properly set ic_curchan before calling back to device driver to do channel switching(ifconfig devX channel Y). This fix should make channel changing works again in monitor mode. Submitted by: sam X-MFC-With: other ic_curchan changes 2005-08-13 18:50 sam revert 1.64: we cannot use the channel characteristics to decide when to do 11g erp sta accounting because b/g channels show up as false positives when operating in 11b. Noticed by: Michal Mertl 2005-08-13 18:31 sam Extend acl support to pass ioctl requests through and use this to add support for getting the current policy setting and collecting the list of mac addresses in the acl table. Submitted by: Michal Mertl (original version) MFC after: 2 weeks 2005-08-10 18:42 sam Don't use ic_curmode to decide when to do 11g station accounting, use the station channel properties. Fixes assert failure/bogus operation when an ap is operating in 11a and has associated stations then switches to 11g. Noticed by: Michal Mertl Reviewed by: avatar MFC after: 2 weeks 2005-08-10 17:22 sam Clarify/fix handling of the current channel: o add ic_curchan and use it uniformly for specifying the current channel instead of overloading ic->ic_bss->ni_chan (or in some drivers ic_ibss_chan) o add ieee80211_scanparams structure to encapsulate scanning-related state captured for rx frames o move rx beacon+probe response frame handling into separate routines o change beacon+probe response handling to treat the scan table more like a scan cache--look for an existing entry before adding a new one; this combined with ic_curchan use corrects handling of stations that were previously found at a different channel o move adhoc neighbor discovery by beacon+probe response frames to a new ieee80211_add_neighbor routine Reviewed by: avatar Tested by: avatar, Michal Mertl MFC after: 2 weeks 2005-08-09 11:19 rwatson Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to ifnet.if_drv_flags. Device drivers are now responsible for synchronizing access to these flags, as they are in if_drv_flags. This helps prevent races between the network stack and device driver in maintaining the interface flags field. Many __FreeBSD__ and __FreeBSD_version checks maintained and continued; some less so. Reviewed by: pjd, bz MFC after: 7 days 2005-08-08 19:46 sam Split crypto tx+rx key indices and add a key index -> node mapping table: Crypto changes: o change driver/net80211 key_alloc api to return tx+rx key indices; a driver can leave the rx key index set to IEEE80211_KEYIX_NONE or set it to be the same as the tx key index (the former disables use of the key index in building the keyix->node mapping table and is the default setup for naive drivers by null_key_alloc) o add cs_max_keyid to crypto state to specify the max h/w key index a driver will return; this is used to allocate the key index mapping table and to bounds check table loookups o while here introduce ieee80211_keyix (finally) for the type of a h/w key index o change crypto notifiers for rx failures to pass the rx key index up as appropriate (michael failure, replay, etc.) Node table changes: o optionally allocate a h/w key index to node mapping table for the station table using the max key index setting supplied by drivers (note the scan table does not get a map) o defer node table allocation to lateattach so the driver has a chance to set the max key id to size the key index map o while here also defer the aid bitmap allocation o add new ieee80211_find_rxnode_withkey api to find a sta/node entry on frame receive with an optional h/w key index to use in checking mapping table; also updates the map if it does a hash lookup and the found node has a rx key index set in the unicast key; note this work is separated from the old ieee80211_find_rxnode call so drivers do not need to be aware of the new mechanism o move some node table manipulation under the node table lock to close a race on node delete o add ieee80211_node_delucastkey to do the dirty work of deleting unicast key state for a node (deletes any key and handles key map references) Ath driver: o nuke private sc_keyixmap mechansim in favor of net80211 support o update key alloc api These changes close several race conditions for the ath driver operating in ap mode. Other drivers should see no change. Station mode operation for ath no longer uses the key index map but performance tests show no noticeable change and this will be fixed when the scan table is eliminated with the new scanning support. Tested by: Michal Mertl, avatar, others Reviewed by: avatar, others MFC after: 2 weeks 2005-08-08 06:49 sam use ieee80211_iterate_nodes to retrieve station data; the previous code walked the list w/o locking MFC after: 1 week 2005-08-08 04:30 sam Cleanup beacon/listen interval handling: o separate configured beacon interval from listen interval; this avoids potential use of one value for the other (e.g. setting powersavesleep to 0 clobbers the beacon interval used in hostap or ibss mode) o bounds check the beacon interval received in probe response and beacon frames and drop frames with bogus settings; not clear if we should instead clamp the value as any alteration would result in mismatched sta+ap configuration and probably be more confusing (don't want to log to the console but perhaps ok with rate limiting) o while here up max beacon interval to reflect WiFi standard Noticed by: Martin MFC after: 1 week 2005-08-06 05:57 sam fix debug msg typo MFC after: 3 days 2005-08-06 05:56 sam Fix handling of frames sent prior to a station being authorized when operating in ap mode. Previously we allocated a node from the station table, sent the frame (using the node), then released the reference that "held the frame in the table". But while the frame was in flight the node might be reclaimed which could lead to problems. The solution is to add an ieee80211_tmp_node routine that crafts a node that does exist in a table and so isn't ever reclaimed; it exists only so long as the associated frame is in flight. MFC after: 5 days 2005-07-31 07:12 sam close a race between reclaiming a node when a station is inactive and sending the null data frame used to probe inactive stations MFC after: 5 days 2005-07-27 05:41 sam when bridging internally bypass the bss node as traffic to it must follow the normal input path Submitted by: Michal Mertl MFC after: 5 days 2005-07-27 03:53 sam bandaid ni_fails handling so ap's with association failures are reconsidered after a bit; a proper fix involves more changes to the scanning infrastructure Reviewed by: avatar, David Young MFC after: 5 days 2005-07-23 01:16 sam the AREF flag is only meaningful in ap mode; adhoc neighbors now are timed out of the sta/neighbor table 2005-07-23 00:25 sam o move inactivity-related debug msgs under IEEE80211_MSG_INACT o probe inactive neighbors in adhoc mode (they don't have an association id so previously were being timed out) MFC after: 3 days 2005-07-22 22:11 sam split xmit of probe request frame out into a separate routine that takes explicit parameters; this will be needed when scanning is decoupled from the state machine to do bg scanning MFC after: 3 days 2005-07-22 21:48 sam split 802.11 frame xmit setup code into ieee80211_send_setup MFC after: 3 days 2005-07-22 18:57 sam simplify ic_newassoc callback MFC after: 3 days 2005-07-22 18:54 sam simplify ieee80211_ibss_merge api MFC after: 3 days 2005-07-22 18:50 sam add stats we know we'll need soon and some spare fields for future expansion MFC after: 3 days 2005-07-22 18:45 sam simplify tim callback api MFC after: 3 days 2005-07-22 18:42 sam don't include 802.3 header in min frame length calculation as it may not be present for a frag; fixes problem with small (fragmented) frames being dropped Obtained from: Atheros MFC after: 3 days 2005-07-22 18:36 sam simplify ieee80211_node_authorize and ieee80211_node_unauthorize api's MFC after: 3 days 2005-07-22 18:31 sam simplifiy ieee80211_send_nulldata api MFC after: 3 days 2005-07-22 18:29 sam simplify rate set api's by removing ic parameter (implicit in node reference) MFC after: 3 days 2005-07-22 18:21 sam reject association requests with a wpa/rsn ie when wpa/rsn is not configured on the ap; previously we either ignored the ie or (possibly) failed an assertion Obtained from: Atheros MFC after: 3 days 2005-07-22 18:16 sam missed one in last commit; add device name to discard msgs 2005-07-22 18:13 sam include device name in discard msgs 2005-07-22 18:12 sam add diag msgs for frames discarded because the direction field is wrong 2005-07-22 18:08 sam split data frame delivery out to a new function ieee80211_deliver_data 2005-07-22 18:00 sam o add IEEE80211_IOC_FRAGTHRESHOLD for getting+setting the tx fragmentation threshold o fix bounds checking on IEEE80211_IOC_RTSTHRESHOLD MFC after: 3 days 2005-07-22 17:55 sam o add IEEE80211_FRAG_DEFAULT o move default settings for RTS and frag thresholds to ieee80211_var.h 2005-07-22 17:50 sam diff reduction against p4: define IEEE80211_FIXED_RATE_NONE and use it instead of -1 2005-07-22 17:37 sam add flags missed in last merge 2005-07-22 17:36 sam Diff reduction against p4: o add ic_flags_ext for eventual extention of ic_flags o define/reserve flag+capabilities bits for superg, bg scan, and roaming support o refactor debug msg macros MFC after: 3 days 2005-07-22 06:17 sam send a response when an auth request is denied due to an acl; might be better to silently ignore the frame but this way we give stations a chance of figuring out what's wrong 2005-07-22 06:15 sam remove excess whitespace 2005-07-22 05:55 sam use IF_HANDOFF when bridging frames internally so if_start gets called; fixes communication between associated sta's MFC after: 3 days 2005-07-11 04:06 sam Handle encrypt of arbitarily fragmented mbuf chains: previously we bailed if we couldn't collect the 16-bytes of data required for an aes block cipher in 2 mbufs; now we deal with it. While here make space accounting signed so a sanity check does the right thing for malformed mbuf chains. Approved by: re (scottl) 2005-07-11 04:00 sam nuke assert that duplicates real check Reviewed by: avatar Approved by: re (scottl) @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.9 2005/07/26 22:52:48 dyoung Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.9 2005/07/26 22:52:48 dyoung Exp $"); a579 1 const u_int8_t *ivp; d598 1 a598 2 ivp = mtod(m, const u_int8_t *) + hdrlen; /* XXX contig */ keyid = ivp[IEEE80211_WEP_IVLEN]; @ 1.10.4.1 log @sync with head @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.12 2006/02/27 00:55:46 dyoung Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.12 2006/02/27 00:55:46 dyoung Exp $"); d580 1 d599 2 a600 1 m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid); d617 1 a617 1 return NULL; @ 1.10.6.1 log @Sync with head. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.12 2006/02/27 00:55:46 dyoung Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.12 2006/02/27 00:55:46 dyoung Exp $"); d580 1 d599 2 a600 1 m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid); d617 1 a617 1 return NULL; @ 1.10.2.1 log @sync with head. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.10 2005/11/18 16:40:08 skrll Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.10 2005/11/18 16:40:08 skrll Exp $"); d580 1 d599 2 a600 1 m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid); d617 1 a617 1 return NULL; @ 1.9 log @Resolve conflicts. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.7 2005/06/22 06:16:02 dyoung Exp $ */ d36 1 a36 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.10 2005/07/09 23:15:30 sam Exp $"); d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.7 2005/06/22 06:16:02 dyoung Exp $"); d84 2 a85 1 null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k) d99 5 a103 4 if ((k->wk_flags & IEEE80211_KEY_GROUP) == 0) return 0; /* NB: use key index 0 for ucast key */ else return IEEE80211_KEYIX_NONE; d105 2 a106 1 return k - ic->ic_nw_keys; d141 2 a142 1 const struct ieee80211_key *key) d144 1 a144 1 return ic->ic_crypto.cs_key_alloc(ic, key); d172 1 a172 3 ciphers[IEEE80211_CIPHER_AES_CCM] = &ieee80211_cipher_ccmp; ciphers[IEEE80211_CIPHER_TKIP] = &ieee80211_cipher_tkip; ciphers[IEEE80211_CIPHER_WEP] = &ieee80211_cipher_wep; a173 1 d271 1 d385 1 a385 2 key->wk_keyix = dev_key_alloc(ic, key); if (key->wk_keyix == IEEE80211_KEYIX_NONE) { d412 2 d425 1 a425 1 u_int16_t keyix; d553 1 a553 1 goto bad; d562 1 a562 4 if (cip->ic_encap(k, m, keyid<<6)) return k; bad: return NULL; d575 1 a575 1 (sizeof(struct ieee80211_frame) + ETHER_HDR_LEN + \ @ 1.9.6.1 log @sync with head. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.9 2005/07/26 22:52:48 dyoung Exp $ */ d36 1 a36 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $"); d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.9 2005/07/26 22:52:48 dyoung Exp $"); d84 1 a84 2 null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d98 4 a101 5 if (k->wk_flags & IEEE80211_KEY_GROUP) return 0; *keyix = 0; /* NB: use key index 0 for ucast key */ } else { *keyix = k - ic->ic_nw_keys; d103 1 a103 2 *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ return 1; d138 1 a138 2 const struct ieee80211_key *key, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d140 1 a140 1 return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); d168 3 a170 1 cs->cs_max_keyix = IEEE80211_WEP_NKID; d172 1 a269 1 ieee80211_keyix keyix, rxkeyix; d383 2 a384 1 if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) { a410 2 key->wk_keyix = keyix; key->wk_rxkeyix = rxkeyix; d422 1 a422 1 ieee80211_keyix keyix; d550 1 a550 1 return NULL; d559 4 a562 1 return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); d575 1 a575 1 (sizeof(struct ieee80211_frame) + \ @ 1.8 log @Avoid an unnecessary API difference between NetBSD and FreeBSD: back out my change to ieee80211_crypto_encap that made it free its mbuf argument on error. I had thought it was a bug. It was not. It's the drivers that are broken. Make an(4), atw(4), ipw(4), iwi(4), ral(4), rtw(4), ural(4), and wi(4) free the mbuf when ieee80211_crypto_encap returns NULL. Also, return ath(4) to the way it was---i.e., free the mbuf. Thanks to Sam Leffler to pointing out my mistake. @ text @d36 1 a36 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.7 2004/12/31 22:42:38 sam Exp $"); d86 18 a103 1 return IEEE80211_KEYIX_NONE; d571 1 a571 1 struct ieee80211_node *ni, struct mbuf *m) a581 1 int hdrlen; a598 1 hdrlen = ieee80211_hdrsize(wh); d620 1 a620 1 return (cip->ic_decap(k, m) ? k : NULL); @ 1.7 log @Resolve conflicts in importation of 18-May-2005 ath(4) / net80211(9) from FreeBSD. Introduce compatibility shims (sys/dev/ic/ath_netbsd.[ch], sys/net80211/ieee80211_netbsd.[ch]). Update drivers (an, atu, atw, awi, ipw, iwi, rtw, wi) for the new net80211(9) API. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.4 2003/09/23 16:03:46 dyoung Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.4 2003/09/23 16:03:46 dyoung Exp $"); a544 1 m_freem(m); @ 1.7.2.1 log @sync with head. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.7 2005/06/22 06:16:02 dyoung Exp $ */ d36 1 a36 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $"); d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.7 2005/06/22 06:16:02 dyoung Exp $"); d84 1 a84 2 null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d86 1 a86 20 if (!(&ic->ic_nw_keys[0] <= k && k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) { /* * Not in the global key table, the driver should handle this * by allocating a slot in the h/w key table/cache. In * lieu of that return key slot 0 for any unicast key * request. We disallow the request if this is a group key. * This default policy does the right thing for legacy hardware * with a 4 key table. It also handles devices that pass * packets through untouched when marked with the WEP bit * and key index 0. */ if (k->wk_flags & IEEE80211_KEY_GROUP) return 0; *keyix = 0; /* NB: use key index 0 for ucast key */ } else { *keyix = k - ic->ic_nw_keys; } *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ return 1; d121 1 a121 2 const struct ieee80211_key *key, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d123 1 a123 1 return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); d151 3 a153 1 cs->cs_max_keyix = IEEE80211_WEP_NKID; d155 1 a252 1 ieee80211_keyix keyix, rxkeyix; d366 2 a367 1 if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) { a393 2 key->wk_keyix = keyix; key->wk_rxkeyix = rxkeyix; d405 1 a405 1 ieee80211_keyix keyix; d533 1 a533 1 return NULL; d542 5 a546 1 return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); d555 1 a555 1 struct ieee80211_node *ni, struct mbuf *m, int hdrlen) d559 1 a559 1 (sizeof(struct ieee80211_frame) + \ d564 1 d566 1 d584 3 a586 1 m_copydata(m, hdrlen + IEEE80211_WEP_IVLEN, sizeof(keyid), &keyid); d603 1 a603 1 return NULL; d606 1 a606 1 return (cip->ic_decap(k, m, hdrlen) ? k : NULL); @ 1.7.2.2 log @sync with head. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.7.2.1 2006/06/21 15:10:45 yamt Exp $ */ d39 1 a39 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.7.2.1 2006/06/21 15:10:45 yamt Exp $"); d109 1 a109 2 null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) d114 2 a115 3 null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const u_int8_t mac[IEEE80211_ADDR_LEN]) @ 1.6 log @nuke trailing whitespace @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.5 2003/12/14 09:56:53 dyoung Exp $ */ d4 1 a4 1 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting d36 4 a39 3 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.3 2003/10/17 23:15:30 sam Exp $"); #else __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.5 2003/12/14 09:56:53 dyoung Exp $"); d44 3 d48 2 a49 4 #include #include #include #include a53 3 #ifdef __FreeBSD__ #include #endif a56 4 #ifdef __FreeBSD__ #include #endif a57 1 #include a59 3 #ifdef __FreeBSD__ #include #else a60 1 #endif d63 1 a64 1 #include d66 4 a69 1 #include d72 1 a72 4 #include #ifdef __FreeBSD__ #include #else a74 1 #endif d76 56 a131 8 #ifdef __FreeBSD__ #include #define arc4_ctxlen() sizeof (struct rc4_state) #define arc4_setkey(_c,_k,_l) rc4_init(_c,_k,_l) #define arc4_encrypt(_c,_d,_s,_l) rc4_crypt(_c,_s,_d,_l) #else #include #endif d133 6 a138 2 static void ieee80211_crc_init(void); static u_int32_t ieee80211_crc_update(u_int32_t crc, u_int8_t *buf, int len); d140 3 d144 1 a144 1 ieee80211_crypto_attach(struct ifnet *ifp) d146 2 a147 1 struct ieee80211com *ic = (void *)ifp; d149 10 d160 2 a161 1 * Setup crypto support. d163 5 a167 2 ieee80211_crc_init(); ic->ic_iv = arc4random(); d170 3 d174 1 a174 1 ieee80211_crypto_detach(struct ifnet *ifp) d176 2 a177 1 struct ieee80211com *ic = (void *)ifp; d179 15 a193 3 if (ic->ic_wep_ctx != NULL) { free(ic->ic_wep_ctx, M_DEVBUF); ic->ic_wep_ctx = NULL; d195 1 d198 5 a202 2 struct mbuf * ieee80211_wep_crypt(struct ifnet *ifp, struct mbuf *m0, int txflag) d204 4 a207 18 struct ieee80211com *ic = (void *)ifp; struct mbuf *m, *n, *n0; struct ieee80211_frame *wh; int i, left, len, moff, noff, kid; u_int32_t iv, crc; u_int8_t *ivp; void *ctx; u_int8_t keybuf[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE]; u_int8_t crcbuf[IEEE80211_WEP_CRCLEN]; n0 = NULL; if ((ctx = ic->ic_wep_ctx) == NULL) { ctx = malloc(arc4_ctxlen(), M_DEVBUF, M_NOWAIT); if (ctx == NULL) { ic->ic_stats.is_crypto_nomem++; goto fail; } ic->ic_wep_ctx = ctx; d209 4 a212 10 m = m0; left = m->m_pkthdr.len; MGET(n, M_DONTWAIT, m->m_type); n0 = n; if (n == NULL) { if (txflag) ic->ic_stats.is_tx_nombuf++; else ic->ic_stats.is_rx_nombuf++; goto fail; d214 50 a263 11 #ifdef __FreeBSD__ M_MOVE_PKTHDR(n, m); #else M_COPY_PKTHDR(n, m); #endif len = IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_CRCLEN; if (txflag) { n->m_pkthdr.len += len; } else { n->m_pkthdr.len -= len; left -= len; d265 2 a266 16 n->m_len = MHLEN; if (n->m_pkthdr.len >= MINCLSIZE) { MCLGET(n, M_DONTWAIT); if (n->m_flags & M_EXT) n->m_len = n->m_ext.ext_size; } len = sizeof(struct ieee80211_frame); memcpy(mtod(n, caddr_t), mtod(m, caddr_t), len); wh = mtod(n, struct ieee80211_frame *); left -= len; moff = len; noff = len; if (txflag) { kid = ic->ic_wep_txkey; wh->i_fc[1] |= IEEE80211_FC1_WEP; iv = ic->ic_iv; d268 4 a271 2 * Skip 'bad' IVs from Fluhrer/Mantin/Shamir: * (B, 255, N) with 3 <= B < 8 d273 11 a283 9 if (iv >= 0x03ff00 && (iv & 0xf8ff00) == 0x00ff00) iv += 0x000100; ic->ic_iv = iv + 1; /* put iv in little endian to prepare 802.11i */ ivp = mtod(n, u_int8_t *) + noff; for (i = 0; i < IEEE80211_WEP_IVLEN; i++) { ivp[i] = iv & 0xff; iv >>= 8; d285 8 a292 22 ivp[IEEE80211_WEP_IVLEN] = kid << 6; /* pad and keyid */ noff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; } else { wh->i_fc[1] &= ~IEEE80211_FC1_WEP; ivp = mtod(m, u_int8_t *) + moff; kid = ivp[IEEE80211_WEP_IVLEN] >> 6; moff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; } memcpy(keybuf, ivp, IEEE80211_WEP_IVLEN); memcpy(keybuf + IEEE80211_WEP_IVLEN, ic->ic_nw_keys[kid].wk_key, ic->ic_nw_keys[kid].wk_len); arc4_setkey(ctx, keybuf, IEEE80211_WEP_IVLEN + ic->ic_nw_keys[kid].wk_len); /* encrypt with calculating CRC */ crc = ~0; while (left > 0) { len = m->m_len - moff; if (len == 0) { m = m->m_next; moff = 0; continue; d294 53 a346 21 if (len > n->m_len - noff) { len = n->m_len - noff; if (len == 0) { MGET(n->m_next, M_DONTWAIT, n->m_type); if (n->m_next == NULL) { if (txflag) ic->ic_stats.is_tx_nombuf++; else ic->ic_stats.is_rx_nombuf++; goto fail; } n = n->m_next; n->m_len = MLEN; if (left >= MINCLSIZE) { MCLGET(n, M_DONTWAIT); if (n->m_flags & M_EXT) n->m_len = n->m_ext.ext_size; } noff = 0; continue; } d348 39 a386 25 if (len > left) len = left; arc4_encrypt(ctx, mtod(n, caddr_t) + noff, mtod(m, caddr_t) + moff, len); if (txflag) crc = ieee80211_crc_update(crc, mtod(m, u_int8_t *) + moff, len); else crc = ieee80211_crc_update(crc, mtod(n, u_int8_t *) + noff, len); left -= len; moff += len; noff += len; } crc = ~crc; if (txflag) { *(u_int32_t *)crcbuf = htole32(crc); if (n->m_len >= noff + sizeof(crcbuf)) n->m_len = noff + sizeof(crcbuf); else { n->m_len = noff; MGET(n->m_next, M_DONTWAIT, n->m_type); if (n->m_next == NULL) { ic->ic_stats.is_tx_nombuf++; goto fail; d388 5 a392 3 n = n->m_next; n->m_len = sizeof(crcbuf); noff = 0; d394 33 a426 25 arc4_encrypt(ctx, mtod(n, caddr_t) + noff, crcbuf, sizeof(crcbuf)); } else { n->m_len = noff; for (noff = 0; noff < sizeof(crcbuf); noff += len) { len = sizeof(crcbuf) - noff; if (len > m->m_len - moff) len = m->m_len - moff; if (len > 0) arc4_encrypt(ctx, crcbuf + noff, mtod(m, caddr_t) + moff, len); m = m->m_next; moff = 0; } if (crc != le32toh(*(u_int32_t *)crcbuf)) { #ifdef IEEE80211_DEBUG if (ieee80211_debug) { if_printf(ifp, "decrypt CRC error\n"); if (ieee80211_debug > 1) ieee80211_dump_pkt(n0->m_data, n0->m_len, -1, -1); } #endif ic->ic_stats.is_rx_decryptcrc++; goto fail; d429 13 a441 2 m_freem(m0); return n0; d443 4 a446 4 fail: m_freem(m0); m_freem(n0); return NULL; d450 1 a450 1 * CRC 32 -- routine from RFC 2083 d452 53 d506 11 a516 2 /* Table of CRCs of all 8-bit messages */ static u_int32_t ieee80211_crc_table[256]; d518 16 a533 14 /* Make the table for a fast CRC. */ static void ieee80211_crc_init(void) { u_int32_t c; int n, k; for (n = 0; n < 256; n++) { c = (u_int32_t)n; for (k = 0; k < 8; k++) { if (c & 1) c = 0xedb88320UL ^ (c >> 1); else c = c >> 1; d535 5 a539 1 ieee80211_crc_table[n] = c; d541 6 d550 2 a551 3 * Update a running CRC with the bytes buf[0..len-1]--the CRC * should be initialized to all 1's, and the transmitted value * is the 1's complement of the final running CRC d553 39 d593 12 a604 4 static u_int32_t ieee80211_crc_update(u_int32_t crc, u_int8_t *buf, int len) { u_int8_t *endbuf; d606 3 a608 3 for (endbuf = buf + len; buf < endbuf; buf++) crc = ieee80211_crc_table[(crc ^ *buf) & 0xff] ^ (crc >> 8); return crc; @ 1.5 log @Synchronize with FreeBSD sources from 12 Dec 2003. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.4 2003/09/23 16:03:46 dyoung Exp $ */ d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.4 2003/09/23 16:03:46 dyoung Exp $"); d44 2 a45 2 #include #include d61 1 a61 1 d79 1 a79 1 #include @ 1.5.4.1 log @file ieee80211_crypto.c was added on branch ktrace-lwp on 2004-08-03 10:54:21 +0000 @ text @d1 348 @ 1.5.4.2 log @Sync with HEAD @ text @a0 348 /* $NetBSD: ieee80211_crypto.c,v 1.5.4.1 2004/08/03 10:54:21 skrll Exp $ */ /*- * Copyright (c) 2001 Atsushi Onoe * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * Alternatively, this software may be distributed under the terms of the * GNU General Public License ("GPL") version 2 as published by the Free * Software Foundation. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #ifdef __FreeBSD__ __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.3 2003/10/17 23:15:30 sam Exp $"); #else __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.5.4.1 2004/08/03 10:54:21 skrll Exp $"); #endif #include "opt_inet.h" #include #include #include #include #include #include #include #include #include #ifdef __FreeBSD__ #include #endif #include #include #ifdef __FreeBSD__ #include #endif #include #include #include #include #ifdef __FreeBSD__ #include #else #include #endif #include #include #include #include #ifdef INET #include #ifdef __FreeBSD__ #include #else #include #endif #endif #ifdef __FreeBSD__ #include #define arc4_ctxlen() sizeof (struct rc4_state) #define arc4_setkey(_c,_k,_l) rc4_init(_c,_k,_l) #define arc4_encrypt(_c,_d,_s,_l) rc4_crypt(_c,_s,_d,_l) #else #include #endif static void ieee80211_crc_init(void); static u_int32_t ieee80211_crc_update(u_int32_t crc, u_int8_t *buf, int len); void ieee80211_crypto_attach(struct ifnet *ifp) { struct ieee80211com *ic = (void *)ifp; /* * Setup crypto support. */ ieee80211_crc_init(); ic->ic_iv = arc4random(); } void ieee80211_crypto_detach(struct ifnet *ifp) { struct ieee80211com *ic = (void *)ifp; if (ic->ic_wep_ctx != NULL) { free(ic->ic_wep_ctx, M_DEVBUF); ic->ic_wep_ctx = NULL; } } struct mbuf * ieee80211_wep_crypt(struct ifnet *ifp, struct mbuf *m0, int txflag) { struct ieee80211com *ic = (void *)ifp; struct mbuf *m, *n, *n0; struct ieee80211_frame *wh; int i, left, len, moff, noff, kid; u_int32_t iv, crc; u_int8_t *ivp; void *ctx; u_int8_t keybuf[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE]; u_int8_t crcbuf[IEEE80211_WEP_CRCLEN]; n0 = NULL; if ((ctx = ic->ic_wep_ctx) == NULL) { ctx = malloc(arc4_ctxlen(), M_DEVBUF, M_NOWAIT); if (ctx == NULL) { ic->ic_stats.is_crypto_nomem++; goto fail; } ic->ic_wep_ctx = ctx; } m = m0; left = m->m_pkthdr.len; MGET(n, M_DONTWAIT, m->m_type); n0 = n; if (n == NULL) { if (txflag) ic->ic_stats.is_tx_nombuf++; else ic->ic_stats.is_rx_nombuf++; goto fail; } #ifdef __FreeBSD__ M_MOVE_PKTHDR(n, m); #else M_COPY_PKTHDR(n, m); #endif len = IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_CRCLEN; if (txflag) { n->m_pkthdr.len += len; } else { n->m_pkthdr.len -= len; left -= len; } n->m_len = MHLEN; if (n->m_pkthdr.len >= MINCLSIZE) { MCLGET(n, M_DONTWAIT); if (n->m_flags & M_EXT) n->m_len = n->m_ext.ext_size; } len = sizeof(struct ieee80211_frame); memcpy(mtod(n, caddr_t), mtod(m, caddr_t), len); wh = mtod(n, struct ieee80211_frame *); left -= len; moff = len; noff = len; if (txflag) { kid = ic->ic_wep_txkey; wh->i_fc[1] |= IEEE80211_FC1_WEP; iv = ic->ic_iv; /* * Skip 'bad' IVs from Fluhrer/Mantin/Shamir: * (B, 255, N) with 3 <= B < 8 */ if (iv >= 0x03ff00 && (iv & 0xf8ff00) == 0x00ff00) iv += 0x000100; ic->ic_iv = iv + 1; /* put iv in little endian to prepare 802.11i */ ivp = mtod(n, u_int8_t *) + noff; for (i = 0; i < IEEE80211_WEP_IVLEN; i++) { ivp[i] = iv & 0xff; iv >>= 8; } ivp[IEEE80211_WEP_IVLEN] = kid << 6; /* pad and keyid */ noff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; } else { wh->i_fc[1] &= ~IEEE80211_FC1_WEP; ivp = mtod(m, u_int8_t *) + moff; kid = ivp[IEEE80211_WEP_IVLEN] >> 6; moff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; } memcpy(keybuf, ivp, IEEE80211_WEP_IVLEN); memcpy(keybuf + IEEE80211_WEP_IVLEN, ic->ic_nw_keys[kid].wk_key, ic->ic_nw_keys[kid].wk_len); arc4_setkey(ctx, keybuf, IEEE80211_WEP_IVLEN + ic->ic_nw_keys[kid].wk_len); /* encrypt with calculating CRC */ crc = ~0; while (left > 0) { len = m->m_len - moff; if (len == 0) { m = m->m_next; moff = 0; continue; } if (len > n->m_len - noff) { len = n->m_len - noff; if (len == 0) { MGET(n->m_next, M_DONTWAIT, n->m_type); if (n->m_next == NULL) { if (txflag) ic->ic_stats.is_tx_nombuf++; else ic->ic_stats.is_rx_nombuf++; goto fail; } n = n->m_next; n->m_len = MLEN; if (left >= MINCLSIZE) { MCLGET(n, M_DONTWAIT); if (n->m_flags & M_EXT) n->m_len = n->m_ext.ext_size; } noff = 0; continue; } } if (len > left) len = left; arc4_encrypt(ctx, mtod(n, caddr_t) + noff, mtod(m, caddr_t) + moff, len); if (txflag) crc = ieee80211_crc_update(crc, mtod(m, u_int8_t *) + moff, len); else crc = ieee80211_crc_update(crc, mtod(n, u_int8_t *) + noff, len); left -= len; moff += len; noff += len; } crc = ~crc; if (txflag) { *(u_int32_t *)crcbuf = htole32(crc); if (n->m_len >= noff + sizeof(crcbuf)) n->m_len = noff + sizeof(crcbuf); else { n->m_len = noff; MGET(n->m_next, M_DONTWAIT, n->m_type); if (n->m_next == NULL) { ic->ic_stats.is_tx_nombuf++; goto fail; } n = n->m_next; n->m_len = sizeof(crcbuf); noff = 0; } arc4_encrypt(ctx, mtod(n, caddr_t) + noff, crcbuf, sizeof(crcbuf)); } else { n->m_len = noff; for (noff = 0; noff < sizeof(crcbuf); noff += len) { len = sizeof(crcbuf) - noff; if (len > m->m_len - moff) len = m->m_len - moff; if (len > 0) arc4_encrypt(ctx, crcbuf + noff, mtod(m, caddr_t) + moff, len); m = m->m_next; moff = 0; } if (crc != le32toh(*(u_int32_t *)crcbuf)) { #ifdef IEEE80211_DEBUG if (ieee80211_debug) { if_printf(ifp, "decrypt CRC error\n"); if (ieee80211_debug > 1) ieee80211_dump_pkt(n0->m_data, n0->m_len, -1, -1); } #endif ic->ic_stats.is_rx_decryptcrc++; goto fail; } } m_freem(m0); return n0; fail: m_freem(m0); m_freem(n0); return NULL; } /* * CRC 32 -- routine from RFC 2083 */ /* Table of CRCs of all 8-bit messages */ static u_int32_t ieee80211_crc_table[256]; /* Make the table for a fast CRC. */ static void ieee80211_crc_init(void) { u_int32_t c; int n, k; for (n = 0; n < 256; n++) { c = (u_int32_t)n; for (k = 0; k < 8; k++) { if (c & 1) c = 0xedb88320UL ^ (c >> 1); else c = c >> 1; } ieee80211_crc_table[n] = c; } } /* * Update a running CRC with the bytes buf[0..len-1]--the CRC * should be initialized to all 1's, and the transmitted value * is the 1's complement of the final running CRC */ static u_int32_t ieee80211_crc_update(u_int32_t crc, u_int8_t *buf, int len) { u_int8_t *endbuf; for (endbuf = buf + len; buf < endbuf; buf++) crc = ieee80211_crc_table[(crc ^ *buf) & 0xff] ^ (crc >> 8); return crc; } @ 1.5.4.3 log @Sync with HEAD. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.5.4.2 2004/09/18 14:54:39 skrll Exp $ */ d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.5.4.2 2004/09/18 14:54:39 skrll Exp $"); @ 1.5.4.4 log @Fix the sync with head I botched. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.5.4.3 2004/09/21 13:36:55 skrll Exp $ */ d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.5.4.3 2004/09/21 13:36:55 skrll Exp $"); @ 1.5.4.5 log @Sync with HEAD. Hi Perry! @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.5.4.4 2005/03/04 16:53:17 skrll Exp $ */ d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.5.4.4 2005/03/04 16:53:17 skrll Exp $"); d44 2 a45 2 #include #include d61 1 a61 1 d79 1 a79 1 #include @ 1.5.4.6 log @Sync with HEAD. Here we go again... @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.5.4.5 2005/11/10 14:10:51 skrll Exp $ */ d4 1 a4 1 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.5.4.5 2005/11/10 14:10:51 skrll Exp $"); a42 3 /* * IEEE 802.11 generic crypto support. */ d44 4 a47 2 #include d52 3 d58 4 d63 1 d66 3 d70 1 a72 1 #include d74 1 d76 1 a76 4 /* * Table of registered cipher modules. */ static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; d79 4 a82 1 #include d85 1 d87 8 a94 3 #include /* XXX unneeded? */ static int _ieee80211_crypto_delkey(struct ieee80211com *, struct ieee80211_key *); d96 2 a97 37 /* * Default "null" key management routines. */ static int null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k) { if (!(&ic->ic_nw_keys[0] <= k && k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) { /* * Not in the global key table, the driver should handle this * by allocating a slot in the h/w key table/cache. In * lieu of that return key slot 0 for any unicast key * request. We disallow the request if this is a group key. * This default policy does the right thing for legacy hardware * with a 4 key table. It also handles devices that pass * packets through untouched when marked with the WEP bit * and key index 0. */ if ((k->wk_flags & IEEE80211_KEY_GROUP) == 0) return 0; /* NB: use key index 0 for ucast key */ else return IEEE80211_KEYIX_NONE; } return k - ic->ic_nw_keys; } static int null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) { return 1; } static int null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const u_int8_t mac[IEEE80211_ADDR_LEN]) { return 1; } static void null_key_update(struct ieee80211com *ic) {} a98 42 /* * Write-arounds for common operations. */ static __inline void cipher_detach(struct ieee80211_key *key) { key->wk_cipher->ic_detach(key); } static __inline void * cipher_attach(struct ieee80211com *ic, struct ieee80211_key *key) { return key->wk_cipher->ic_attach(ic, key); } /* * Wrappers for driver key management methods. */ static __inline int dev_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *key) { return ic->ic_crypto.cs_key_alloc(ic, key); } static __inline int dev_key_delete(struct ieee80211com *ic, const struct ieee80211_key *key) { return ic->ic_crypto.cs_key_delete(ic, key); } static __inline int dev_key_set(struct ieee80211com *ic, const struct ieee80211_key *key, const u_int8_t mac[IEEE80211_ADDR_LEN]) { return ic->ic_crypto.cs_key_set(ic, key, mac); } /* * Setup crypto support. */ d100 1 a100 1 ieee80211_crypto_attach(struct ieee80211com *ic) d102 1 a102 2 struct ieee80211_crypto_state *cs = &ic->ic_crypto; int i; a103 10 /* NB: we assume everything is pre-zero'd */ cs->cs_def_txkey = IEEE80211_KEYIX_NONE; ciphers[IEEE80211_CIPHER_AES_CCM] = &ieee80211_cipher_ccmp; ciphers[IEEE80211_CIPHER_TKIP] = &ieee80211_cipher_tkip; ciphers[IEEE80211_CIPHER_WEP] = &ieee80211_cipher_wep; ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none; for (i = 0; i < IEEE80211_WEP_NKID; i++) ieee80211_crypto_resetkey(ic, &cs->cs_nw_keys[i], IEEE80211_KEYIX_NONE); d105 1 a105 2 * Initialize the driver key support routines to noop entries. * This is useful especially for the cipher test modules. d107 2 a108 5 cs->cs_key_alloc = null_key_alloc; cs->cs_key_set = null_key_set; cs->cs_key_delete = null_key_delete; cs->cs_key_update_begin = null_key_update; cs->cs_key_update_end = null_key_update; a110 3 /* * Teardown crypto support. */ d112 1 a112 1 ieee80211_crypto_detach(struct ieee80211com *ic) d114 1 a114 2 ieee80211_crypto_delglobalkeys(ic); } d116 3 a118 15 /* * Register a crypto cipher module. */ void ieee80211_crypto_register(const struct ieee80211_cipher *cip) { if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { printf("%s: cipher %s has an invalid cipher index %u\n", __func__, cip->ic_name, cip->ic_cipher); return; } if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { printf("%s: cipher %s registered with a different template\n", __func__, cip->ic_name); return; a119 1 ciphers[cip->ic_cipher] = cip; d122 2 a123 5 /* * Unregister a crypto cipher module. */ void ieee80211_crypto_unregister(const struct ieee80211_cipher *cip) d125 18 a142 4 if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { printf("%s: cipher %s has an invalid cipher index %u\n", __func__, cip->ic_name, cip->ic_cipher); return; d144 10 a153 4 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { printf("%s: cipher %s registered with a different template\n", __func__, cip->ic_name); return; d155 11 a165 50 /* NB: don't complain about not being registered */ /* XXX disallow if references */ ciphers[cip->ic_cipher] = NULL; } int ieee80211_crypto_available(u_int cipher) { return cipher < IEEE80211_CIPHER_MAX && ciphers[cipher] != NULL; } /* XXX well-known names! */ static const char *cipher_modnames[] = { "wlan_wep", /* IEEE80211_CIPHER_WEP */ "wlan_tkip", /* IEEE80211_CIPHER_TKIP */ "wlan_aes_ocb", /* IEEE80211_CIPHER_AES_OCB */ "wlan_ccmp", /* IEEE80211_CIPHER_AES_CCM */ "wlan_ckip", /* IEEE80211_CIPHER_CKIP */ }; /* * Establish a relationship between the specified key and cipher * and, if necessary, allocate a hardware index from the driver. * Note that when a fixed key index is required it must be specified * and we blindly assign it w/o consulting the driver (XXX). * * This must be the first call applied to a key; all the other key * routines assume wk_cipher is setup. * * Locking must be handled by the caller using: * ieee80211_key_update_begin(ic); * ieee80211_key_update_end(ic); */ int ieee80211_crypto_newkey(struct ieee80211com *ic, int cipher, int flags, struct ieee80211_key *key) { #define N(a) (sizeof(a) / sizeof(a[0])) const struct ieee80211_cipher *cip; void *keyctx; int oflags; /* * Validate cipher and set reference to cipher routines. */ if (cipher >= IEEE80211_CIPHER_MAX) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: invalid cipher %u\n", __func__, cipher); ic->ic_stats.is_crypto_badcipher++; return 0; d167 16 a182 2 cip = ciphers[cipher]; if (cip == NULL) { d184 2 a185 4 * Auto-load cipher module if we have a well-known name * for it. It might be better to use string names rather * than numbers and craft a module name based on the cipher * name; e.g. wlan_cipher_. d187 9 a195 11 if (cipher < N(cipher_modnames)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unregistered cipher %u, load module %s\n", __func__, cipher, cipher_modnames[cipher]); ieee80211_load_module(cipher_modnames[cipher]); /* * If cipher module loaded it should immediately * call ieee80211_crypto_register which will fill * in the entry in the ciphers array. */ cip = ciphers[cipher]; d197 22 a218 8 if (cip == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to load cipher %u, module %s\n", __func__, cipher, cipher < N(cipher_modnames) ? cipher_modnames[cipher] : ""); ic->ic_stats.is_crypto_nocipher++; return 0; d220 21 a240 53 } oflags = key->wk_flags; flags &= IEEE80211_KEY_COMMON; /* * If the hardware does not support the cipher then * fallback to a host-based implementation. */ if ((ic->ic_caps & (1<ic_name); flags |= IEEE80211_KEY_SWCRYPT; } /* * Hardware TKIP with software MIC is an important * combination; we handle it by flagging each key, * the cipher modules honor it. */ if (cipher == IEEE80211_CIPHER_TKIP && (ic->ic_caps & IEEE80211_C_TKIPMIC) == 0) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no h/w support for TKIP MIC, falling back to s/w\n", __func__); flags |= IEEE80211_KEY_SWMIC; } /* * Bind cipher to key instance. Note we do this * after checking the device capabilities so the * cipher module can optimize space usage based on * whether or not it needs to do the cipher work. */ if (key->wk_cipher != cip || key->wk_flags != flags) { again: /* * Fillin the flags so cipher modules can see s/w * crypto requirements and potentially allocate * different state and/or attach different method * pointers. * * XXX this is not right when s/w crypto fallback * fails and we try to restore previous state. */ key->wk_flags = flags; keyctx = cip->ic_attach(ic, key); if (keyctx == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to attach cipher %s\n", __func__, cip->ic_name); key->wk_flags = oflags; /* restore old flags */ ic->ic_stats.is_crypto_attachfail++; return 0; d242 25 a266 39 cipher_detach(key); key->wk_cipher = cip; /* XXX refcnt? */ key->wk_private = keyctx; } /* * Commit to requested usage so driver can see the flags. */ key->wk_flags = flags; /* * Ask the driver for a key index if we don't have one. * Note that entries in the global key table always have * an index; this means it's safe to call this routine * for these entries just to setup the reference to the * cipher template. Note also that when using software * crypto we also call the driver to give us a key index. */ if (key->wk_keyix == IEEE80211_KEYIX_NONE) { key->wk_keyix = dev_key_alloc(ic, key); if (key->wk_keyix == IEEE80211_KEYIX_NONE) { /* * Driver has no room; fallback to doing crypto * in the host. We change the flags and start the * procedure over. If we get back here then there's * no hope and we bail. Note that this can leave * the key in a inconsistent state if the caller * continues to use it. */ if ((key->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) { ic->ic_stats.is_crypto_swfallback++; IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no h/w resources for cipher %s, " "falling back to s/w\n", __func__, cip->ic_name); oflags = key->wk_flags; flags |= IEEE80211_KEY_SWCRYPT; if (cipher == IEEE80211_CIPHER_TKIP) flags |= IEEE80211_KEY_SWMIC; goto again; d268 17 a284 5 ic->ic_stats.is_crypto_keyfail++; IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to setup cipher %s\n", __func__, cip->ic_name); return 0; d286 11 a296 33 } return 1; #undef N } /* * Remove the key (no locking, for internal use). */ static int _ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) { u_int16_t keyix; IASSERT(key->wk_cipher != NULL, ("No cipher!")); IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: %s keyix %u flags 0x%x rsc %ju tsc %ju len %u\n", __func__, key->wk_cipher->ic_name, key->wk_keyix, key->wk_flags, key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); keyix = key->wk_keyix; if (keyix != IEEE80211_KEYIX_NONE) { /* * Remove hardware entry. */ /* XXX key cache */ if (!dev_key_delete(ic, key)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: driver did not delete key index %u\n", __func__, keyix); ic->ic_stats.is_crypto_delkey++; /* XXX recovery? */ d299 2 a300 5 cipher_detach(key); memset(key, 0, sizeof(*key)); ieee80211_crypto_resetkey(ic, key, IEEE80211_KEYIX_NONE); return 1; } d302 4 a305 12 /* * Remove the specified key. */ int ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) { int status; ieee80211_key_update_begin(ic); status = _ieee80211_crypto_delkey(ic, key); ieee80211_key_update_end(ic); return status; d309 1 a309 1 * Clear the global key table. a310 4 void ieee80211_crypto_delglobalkeys(struct ieee80211com *ic) { int i; d312 2 a313 5 ieee80211_key_update_begin(ic); for (i = 0; i < IEEE80211_WEP_NKID; i++) (void) _ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]); ieee80211_key_update_end(ic); } d315 16 a330 32 /* * Set the contents of the specified key. * * Locking must be handled by the caller using: * ieee80211_key_update_begin(ic); * ieee80211_key_update_end(ic); */ int ieee80211_crypto_setkey(struct ieee80211com *ic, struct ieee80211_key *key, const u_int8_t macaddr[IEEE80211_ADDR_LEN]) { const struct ieee80211_cipher *cip = key->wk_cipher; IASSERT(cip != NULL, ("No cipher!")); IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: %s keyix %u flags 0x%x mac %s rsc %ju tsc %ju len %u\n", __func__, cip->ic_name, key->wk_keyix, key->wk_flags, ether_sprintf(macaddr), key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); /* * Give cipher a chance to validate key contents. * XXX should happen before modifying state. */ if (!cip->ic_setkey(key)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: cipher %s rejected key index %u len %u flags 0x%x\n", __func__, cip->ic_name, key->wk_keyix, key->wk_keylen, key->wk_flags); ic->ic_stats.is_crypto_setkey_cipher++; return 0; a331 8 if (key->wk_keyix == IEEE80211_KEYIX_NONE) { /* XXX nothing allocated, should not happen */ IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no key index; should not happen!\n", __func__); ic->ic_stats.is_crypto_setkey_nokey++; return 0; } return dev_key_set(ic, key, macaddr); d335 3 a337 1 * Add privacy headers appropriate for the specified key. a338 38 struct ieee80211_key * ieee80211_crypto_encap(struct ieee80211com *ic, struct ieee80211_node *ni, struct mbuf *m) { struct ieee80211_key *k; struct ieee80211_frame *wh; const struct ieee80211_cipher *cip; u_int8_t keyid; /* * Multicast traffic always uses the multicast key. * Otherwise if a unicast key is set we use that and * it is always key index 0. When no unicast key is * set we fall back to the default transmit key. */ wh = mtod(m, struct ieee80211_frame *); if (IEEE80211_IS_MULTICAST(wh->i_addr1) || ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "[%s] no default transmit key (%s) deftxkey %u\n", ether_sprintf(wh->i_addr1), __func__, ic->ic_def_txkey); ic->ic_stats.is_tx_nodefkey++; goto bad; } keyid = ic->ic_def_txkey; k = &ic->ic_nw_keys[ic->ic_def_txkey]; } else { keyid = 0; k = &ni->ni_ucastkey; } cip = k->wk_cipher; if (cip->ic_encap(k, m, keyid<<6)) return k; bad: return NULL; } d340 2 a341 7 /* * Validate and strip privacy headers (and trailer) for a * received frame that has the WEP/Privacy bit set. */ struct ieee80211_key * ieee80211_crypto_decap(struct ieee80211com *ic, struct ieee80211_node *ni, struct mbuf *m, int hdrlen) d343 1 a343 46 #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) #define IEEE80211_WEP_MINLEN \ (sizeof(struct ieee80211_frame) + ETHER_HDR_LEN + \ IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN) struct ieee80211_key *k; struct ieee80211_frame *wh; const struct ieee80211_cipher *cip; const u_int8_t *ivp; u_int8_t keyid; /* NB: this minimum size data frame could be bigger */ if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, "%s: WEP data frame too short, len %u\n", __func__, m->m_pkthdr.len); ic->ic_stats.is_rx_tooshort++; /* XXX need unique stat? */ return NULL; } /* * Locate the key. If unicast and there is no unicast * key then we fall back to the key id in the header. * This assumes unicast keys are only configured when * the key id in the header is meaningless (typically 0). */ wh = mtod(m, struct ieee80211_frame *); ivp = mtod(m, const u_int8_t *) + hdrlen; /* XXX contig */ keyid = ivp[IEEE80211_WEP_IVLEN]; if (IEEE80211_IS_MULTICAST(wh->i_addr1) || ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) k = &ic->ic_nw_keys[keyid >> 6]; else k = &ni->ni_ucastkey; /* * Insure crypto header is contiguous for all decap work. */ cip = k->wk_cipher; if (m->m_len < hdrlen + cip->ic_header && (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "[%s] unable to pullup %s header\n", ether_sprintf(wh->i_addr2), cip->ic_name); ic->ic_stats.is_rx_wepfail++; /* XXX */ return 0; } d345 3 a347 3 return (cip->ic_decap(k, m, hdrlen) ? k : NULL); #undef IEEE80211_WEP_MINLEN #undef IEEE80211_WEP_HDRLEN @ 1.5.4.7 log @Sync with head. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.5.4.6 2005/12/11 10:29:22 christos Exp $ */ d36 3 a38 4 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $"); #endif #ifdef __NetBSD__ __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.5.4.6 2005/12/11 10:29:22 christos Exp $"); d83 1 a83 2 null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d97 4 a100 5 if (k->wk_flags & IEEE80211_KEY_GROUP) return 0; *keyix = 0; /* NB: use key index 0 for ucast key */ } else { *keyix = k - ic->ic_nw_keys; d102 1 a102 2 *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ return 1; d137 1 a137 2 const struct ieee80211_key *key, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d139 1 a139 1 return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); d167 3 a169 1 cs->cs_max_keyix = IEEE80211_WEP_NKID; d171 1 a268 1 ieee80211_keyix keyix, rxkeyix; d382 2 a383 1 if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) { a409 2 key->wk_keyix = keyix; key->wk_rxkeyix = rxkeyix; d421 1 a421 1 ieee80211_keyix keyix; d549 1 a549 1 return NULL; d558 4 a561 1 return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); d574 1 a574 1 (sizeof(struct ieee80211_frame) + \ @ 1.5.10.1 log @sync with -current @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.6 2005/02/26 22:45:09 perry Exp $ */ d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.6 2005/02/26 22:45:09 perry Exp $"); d44 2 a45 2 #include #include d61 1 a61 1 d79 1 a79 1 #include @ 1.5.12.1 log @sync with head. xen and whitespace. xen part is not finished. @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.5 2003/12/14 09:56:53 dyoung Exp $ */ d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.5 2003/12/14 09:56:53 dyoung Exp $"); d44 2 a45 2 #include #include d61 1 a61 1 d79 1 a79 1 #include @ 1.4 log @More changes following this pattern: #ifdef __FreeBSD__ /* FreeBSD-ism */ #else /* NetBSD-ism */ #endif @ text @d1 1 a1 1 /* $NetBSD: ieee80211_crypto.c,v 1.3 2003/09/14 01:14:54 dyoung Exp $ */ d36 1 a36 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.2 2003/06/27 05:13:52 sam Exp $"); d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD: ieee80211_crypto.c,v 1.3 2003/09/14 01:14:54 dyoung Exp $"); d138 2 a139 1 if (ctx == NULL) d141 1 d148 5 a152 1 if (n == NULL) d154 1 d224 5 a228 1 if (n->m_next == NULL) d230 1 d264 2 a265 1 if (n->m_next == NULL) d267 1 d295 1 @ 1.3 log @Insert RCSIDs. @ text @d1 1 a1 1 /* $NetBSD$ */ d38 1 a38 1 __KERNEL_RCSID(0, "$NetBSD$"); d52 1 d54 1 d68 2 d74 1 d80 1 d82 3 d148 1 d150 3 @ 1.2 log @First stab at producing a unified NetBSD/FreeBSD 802.11 layer, striving to keep the diffs short and simple. * Replace FreeBSDisms (e.g. struct arpcom) with conditionally-compiled NetBSDism (struct ethercom). * Add compatibility shims in ieee80211_compat.*: provide NetBSD with if_printf, for example. * Convert FreeBSD node mutex uses to generic node critical-section protection (ieee80211_node_critsect_begin, _end), replace FreeBSD atomic arithmetic with generic alternative, and implement generics in NetBSD * Provide NetBSD-style 802.11 ioctls * Style nits @ text @d1 1 d35 1 d37 3 @ 1.1 log @Initial revision @ text @d51 1 d53 1 d59 1 d61 1 d73 1 d78 3 @ 1.1.1.1 log @Pull in net80211/ from FreeBSD. This contains Sam Leffler's enhancements to the 802.11 layer, which are necessary for ath(4), the Atheros-chipset driver. @ text @@ 1.1.1.2 log @Import FreeBSD's net80211 of 12 Dec 2003 @ text @d34 1 a34 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.3 2003/10/17 23:15:30 sam Exp $"); d116 1 a116 2 if (ctx == NULL) { ic->ic_stats.is_crypto_nomem++; a117 1 } d124 1 a124 5 if (n == NULL) { if (txflag) ic->ic_stats.is_tx_nombuf++; else ic->ic_stats.is_rx_nombuf++; a125 1 } d191 1 a191 5 if (n->m_next == NULL) { if (txflag) ic->ic_stats.is_tx_nombuf++; else ic->ic_stats.is_rx_nombuf++; a192 1 } d226 1 a226 2 if (n->m_next == NULL) { ic->ic_stats.is_tx_nombuf++; a227 1 } a254 1 ic->ic_stats.is_rx_decryptcrc++; @ 1.1.1.3 log @Import FreeBSD's net80211(9) of 2005-05-18 @ text @d3 1 a3 1 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting d34 3 a36 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.8 2005/04/12 17:55:13 sam Exp $"); a37 3 /* * IEEE 802.11 generic crypto support. */ d39 1 d41 2 a42 1 d44 6 d51 2 d54 1 d56 3 a58 1 #include /* XXX ETHER_HDR_LEN */ d62 1 a62 37 /* * Table of registered cipher modules. */ static const struct ieee80211_cipher *ciphers[IEEE80211_CIPHER_MAX]; static int _ieee80211_crypto_delkey(struct ieee80211com *, struct ieee80211_key *); /* * Default "null" key management routines. */ static int null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k) { return IEEE80211_KEYIX_NONE; } static int null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) { return 1; } static int null_key_set(struct ieee80211com *ic, const struct ieee80211_key *k, const u_int8_t mac[IEEE80211_ADDR_LEN]) { return 1; } static void null_key_update(struct ieee80211com *ic) {} /* * Write-arounds for common operations. */ static __inline void cipher_detach(struct ieee80211_key *key) { key->wk_cipher->ic_detach(key); } d64 9 a72 5 static __inline void * cipher_attach(struct ieee80211com *ic, struct ieee80211_key *key) { return key->wk_cipher->ic_attach(ic, key); } d74 2 a75 9 /* * Wrappers for driver key management methods. */ static __inline int dev_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *key) { return ic->ic_crypto.cs_key_alloc(ic, key); } a76 17 static __inline int dev_key_delete(struct ieee80211com *ic, const struct ieee80211_key *key) { return ic->ic_crypto.cs_key_delete(ic, key); } static __inline int dev_key_set(struct ieee80211com *ic, const struct ieee80211_key *key, const u_int8_t mac[IEEE80211_ADDR_LEN]) { return ic->ic_crypto.cs_key_set(ic, key, mac); } /* * Setup crypto support. */ d78 1 a78 1 ieee80211_crypto_attach(struct ieee80211com *ic) d80 1 a80 2 struct ieee80211_crypto_state *cs = &ic->ic_crypto; int i; a81 6 /* NB: we assume everything is pre-zero'd */ cs->cs_def_txkey = IEEE80211_KEYIX_NONE; ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none; for (i = 0; i < IEEE80211_WEP_NKID; i++) ieee80211_crypto_resetkey(ic, &cs->cs_nw_keys[i], IEEE80211_KEYIX_NONE); d83 1 a83 2 * Initialize the driver key support routines to noop entries. * This is useful especially for the cipher test modules. d85 2 a86 5 cs->cs_key_alloc = null_key_alloc; cs->cs_key_set = null_key_set; cs->cs_key_delete = null_key_delete; cs->cs_key_update_begin = null_key_update; cs->cs_key_update_end = null_key_update; a88 3 /* * Teardown crypto support. */ d90 1 a90 1 ieee80211_crypto_detach(struct ieee80211com *ic) d92 1 a92 2 ieee80211_crypto_delglobalkeys(ic); } d94 3 a96 10 /* * Register a crypto cipher module. */ void ieee80211_crypto_register(const struct ieee80211_cipher *cip) { if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { printf("%s: cipher %s has an invalid cipher index %u\n", __func__, cip->ic_name, cip->ic_cipher); return; a97 6 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { printf("%s: cipher %s registered with a different template\n", __func__, cip->ic_name); return; } ciphers[cip->ic_cipher] = cip; d100 2 a101 5 /* * Unregister a crypto cipher module. */ void ieee80211_crypto_unregister(const struct ieee80211_cipher *cip) d103 18 a120 4 if (cip->ic_cipher >= IEEE80211_CIPHER_MAX) { printf("%s: cipher %s has an invalid cipher index %u\n", __func__, cip->ic_name, cip->ic_cipher); return; d122 18 a139 55 if (ciphers[cip->ic_cipher] != NULL && ciphers[cip->ic_cipher] != cip) { printf("%s: cipher %s registered with a different template\n", __func__, cip->ic_name); return; } /* NB: don't complain about not being registered */ /* XXX disallow if references */ ciphers[cip->ic_cipher] = NULL; } int ieee80211_crypto_available(u_int cipher) { return cipher < IEEE80211_CIPHER_MAX && ciphers[cipher] != NULL; } /* XXX well-known names! */ static const char *cipher_modnames[] = { "wlan_wep", /* IEEE80211_CIPHER_WEP */ "wlan_tkip", /* IEEE80211_CIPHER_TKIP */ "wlan_aes_ocb", /* IEEE80211_CIPHER_AES_OCB */ "wlan_ccmp", /* IEEE80211_CIPHER_AES_CCM */ "wlan_ckip", /* IEEE80211_CIPHER_CKIP */ }; /* * Establish a relationship between the specified key and cipher * and, if necessary, allocate a hardware index from the driver. * Note that when a fixed key index is required it must be specified * and we blindly assign it w/o consulting the driver (XXX). * * This must be the first call applied to a key; all the other key * routines assume wk_cipher is setup. * * Locking must be handled by the caller using: * ieee80211_key_update_begin(ic); * ieee80211_key_update_end(ic); */ int ieee80211_crypto_newkey(struct ieee80211com *ic, int cipher, int flags, struct ieee80211_key *key) { #define N(a) (sizeof(a) / sizeof(a[0])) const struct ieee80211_cipher *cip; void *keyctx; int oflags; /* * Validate cipher and set reference to cipher routines. */ if (cipher >= IEEE80211_CIPHER_MAX) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: invalid cipher %u\n", __func__, cipher); ic->ic_stats.is_crypto_badcipher++; return 0; d141 16 a156 2 cip = ciphers[cipher]; if (cip == NULL) { d158 2 a159 4 * Auto-load cipher module if we have a well-known name * for it. It might be better to use string names rather * than numbers and craft a module name based on the cipher * name; e.g. wlan_cipher_. d161 9 a169 11 if (cipher < N(cipher_modnames)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unregistered cipher %u, load module %s\n", __func__, cipher, cipher_modnames[cipher]); ieee80211_load_module(cipher_modnames[cipher]); /* * If cipher module loaded it should immediately * call ieee80211_crypto_register which will fill * in the entry in the ciphers array. */ cip = ciphers[cipher]; d171 22 a192 8 if (cip == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to load cipher %u, module %s\n", __func__, cipher, cipher < N(cipher_modnames) ? cipher_modnames[cipher] : ""); ic->ic_stats.is_crypto_nocipher++; return 0; d194 21 a214 53 } oflags = key->wk_flags; flags &= IEEE80211_KEY_COMMON; /* * If the hardware does not support the cipher then * fallback to a host-based implementation. */ if ((ic->ic_caps & (1<ic_name); flags |= IEEE80211_KEY_SWCRYPT; } /* * Hardware TKIP with software MIC is an important * combination; we handle it by flagging each key, * the cipher modules honor it. */ if (cipher == IEEE80211_CIPHER_TKIP && (ic->ic_caps & IEEE80211_C_TKIPMIC) == 0) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no h/w support for TKIP MIC, falling back to s/w\n", __func__); flags |= IEEE80211_KEY_SWMIC; } /* * Bind cipher to key instance. Note we do this * after checking the device capabilities so the * cipher module can optimize space usage based on * whether or not it needs to do the cipher work. */ if (key->wk_cipher != cip || key->wk_flags != flags) { again: /* * Fillin the flags so cipher modules can see s/w * crypto requirements and potentially allocate * different state and/or attach different method * pointers. * * XXX this is not right when s/w crypto fallback * fails and we try to restore previous state. */ key->wk_flags = flags; keyctx = cip->ic_attach(ic, key); if (keyctx == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to attach cipher %s\n", __func__, cip->ic_name); key->wk_flags = oflags; /* restore old flags */ ic->ic_stats.is_crypto_attachfail++; return 0; d216 25 a240 39 cipher_detach(key); key->wk_cipher = cip; /* XXX refcnt? */ key->wk_private = keyctx; } /* * Commit to requested usage so driver can see the flags. */ key->wk_flags = flags; /* * Ask the driver for a key index if we don't have one. * Note that entries in the global key table always have * an index; this means it's safe to call this routine * for these entries just to setup the reference to the * cipher template. Note also that when using software * crypto we also call the driver to give us a key index. */ if (key->wk_keyix == IEEE80211_KEYIX_NONE) { key->wk_keyix = dev_key_alloc(ic, key); if (key->wk_keyix == IEEE80211_KEYIX_NONE) { /* * Driver has no room; fallback to doing crypto * in the host. We change the flags and start the * procedure over. If we get back here then there's * no hope and we bail. Note that this can leave * the key in a inconsistent state if the caller * continues to use it. */ if ((key->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) { ic->ic_stats.is_crypto_swfallback++; IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no h/w resources for cipher %s, " "falling back to s/w\n", __func__, cip->ic_name); oflags = key->wk_flags; flags |= IEEE80211_KEY_SWCRYPT; if (cipher == IEEE80211_CIPHER_TKIP) flags |= IEEE80211_KEY_SWMIC; goto again; d242 17 a258 5 ic->ic_stats.is_crypto_keyfail++; IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: unable to setup cipher %s\n", __func__, cip->ic_name); return 0; d260 11 a270 33 } return 1; #undef N } /* * Remove the key (no locking, for internal use). */ static int _ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) { u_int16_t keyix; KASSERT(key->wk_cipher != NULL, ("No cipher!")); IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: %s keyix %u flags 0x%x rsc %ju tsc %ju len %u\n", __func__, key->wk_cipher->ic_name, key->wk_keyix, key->wk_flags, key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); keyix = key->wk_keyix; if (keyix != IEEE80211_KEYIX_NONE) { /* * Remove hardware entry. */ /* XXX key cache */ if (!dev_key_delete(ic, key)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: driver did not delete key index %u\n", __func__, keyix); ic->ic_stats.is_crypto_delkey++; /* XXX recovery? */ d273 2 a274 5 cipher_detach(key); memset(key, 0, sizeof(*key)); ieee80211_crypto_resetkey(ic, key, IEEE80211_KEYIX_NONE); return 1; } d276 4 a279 12 /* * Remove the specified key. */ int ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) { int status; ieee80211_key_update_begin(ic); status = _ieee80211_crypto_delkey(ic, key); ieee80211_key_update_end(ic); return status; d283 1 a283 1 * Clear the global key table. a284 4 void ieee80211_crypto_delglobalkeys(struct ieee80211com *ic) { int i; d286 2 a287 5 ieee80211_key_update_begin(ic); for (i = 0; i < IEEE80211_WEP_NKID; i++) (void) _ieee80211_crypto_delkey(ic, &ic->ic_nw_keys[i]); ieee80211_key_update_end(ic); } d289 3 a291 10 /* * Set the contents of the specified key. * * Locking must be handled by the caller using: * ieee80211_key_update_begin(ic); * ieee80211_key_update_end(ic); */ int ieee80211_crypto_setkey(struct ieee80211com *ic, struct ieee80211_key *key, const u_int8_t macaddr[IEEE80211_ADDR_LEN]) d293 2 a294 1 const struct ieee80211_cipher *cip = key->wk_cipher; d296 9 a304 26 KASSERT(cip != NULL, ("No cipher!")); IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: %s keyix %u flags 0x%x mac %s rsc %ju tsc %ju len %u\n", __func__, cip->ic_name, key->wk_keyix, key->wk_flags, ether_sprintf(macaddr), key->wk_keyrsc, key->wk_keytsc, key->wk_keylen); /* * Give cipher a chance to validate key contents. * XXX should happen before modifying state. */ if (!cip->ic_setkey(key)) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: cipher %s rejected key index %u len %u flags 0x%x\n", __func__, cip->ic_name, key->wk_keyix, key->wk_keylen, key->wk_flags); ic->ic_stats.is_crypto_setkey_cipher++; return 0; } if (key->wk_keyix == IEEE80211_KEYIX_NONE) { /* XXX nothing allocated, should not happen */ IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "%s: no key index; should not happen!\n", __func__); ic->ic_stats.is_crypto_setkey_nokey++; return 0; a305 1 return dev_key_set(ic, key, macaddr); d309 3 a311 1 * Add privacy headers appropriate for the specified key. a312 8 struct ieee80211_key * ieee80211_crypto_encap(struct ieee80211com *ic, struct ieee80211_node *ni, struct mbuf *m) { struct ieee80211_key *k; struct ieee80211_frame *wh; const struct ieee80211_cipher *cip; u_int8_t keyid; d314 2 a315 34 /* * Multicast traffic always uses the multicast key. * Otherwise if a unicast key is set we use that and * it is always key index 0. When no unicast key is * set we fall back to the default transmit key. */ wh = mtod(m, struct ieee80211_frame *); if (IEEE80211_IS_MULTICAST(wh->i_addr1) || ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "[%s] no default transmit key (%s) deftxkey %u\n", ether_sprintf(wh->i_addr1), __func__, ic->ic_def_txkey); ic->ic_stats.is_tx_nodefkey++; return NULL; } keyid = ic->ic_def_txkey; k = &ic->ic_nw_keys[ic->ic_def_txkey]; } else { keyid = 0; k = &ni->ni_ucastkey; } cip = k->wk_cipher; return (cip->ic_encap(k, m, keyid<<6) ? k : NULL); } /* * Validate and strip privacy headers (and trailer) for a * received frame that has the WEP/Privacy bit set. */ struct ieee80211_key * ieee80211_crypto_decap(struct ieee80211com *ic, struct ieee80211_node *ni, struct mbuf *m) d317 1 a317 48 #define IEEE80211_WEP_HDRLEN (IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN) #define IEEE80211_WEP_MINLEN \ (sizeof(struct ieee80211_frame) + ETHER_HDR_LEN + \ IEEE80211_WEP_HDRLEN + IEEE80211_WEP_CRCLEN) struct ieee80211_key *k; struct ieee80211_frame *wh; const struct ieee80211_cipher *cip; const u_int8_t *ivp; u_int8_t keyid; int hdrlen; /* NB: this minimum size data frame could be bigger */ if (m->m_pkthdr.len < IEEE80211_WEP_MINLEN) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, "%s: WEP data frame too short, len %u\n", __func__, m->m_pkthdr.len); ic->ic_stats.is_rx_tooshort++; /* XXX need unique stat? */ return NULL; } /* * Locate the key. If unicast and there is no unicast * key then we fall back to the key id in the header. * This assumes unicast keys are only configured when * the key id in the header is meaningless (typically 0). */ wh = mtod(m, struct ieee80211_frame *); hdrlen = ieee80211_hdrsize(wh); ivp = mtod(m, const u_int8_t *) + hdrlen; /* XXX contig */ keyid = ivp[IEEE80211_WEP_IVLEN]; if (IEEE80211_IS_MULTICAST(wh->i_addr1) || ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) k = &ic->ic_nw_keys[keyid >> 6]; else k = &ni->ni_ucastkey; /* * Insure crypto header is contiguous for all decap work. */ cip = k->wk_cipher; if (m->m_len < hdrlen + cip->ic_header && (m = m_pullup(m, hdrlen + cip->ic_header)) == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, "[%s] unable to pullup %s header\n", ether_sprintf(wh->i_addr2), cip->ic_name); ic->ic_stats.is_rx_wepfail++; /* XXX */ return 0; } d319 3 a321 3 return (cip->ic_decap(k, m) ? k : NULL); #undef IEEE80211_WEP_MINLEN #undef IEEE80211_WEP_HDRLEN @ 1.1.1.4 log @Import FreeBSD's net80211(9) of 2005-07-11 @ text @d34 1 a34 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.10 2005/07/09 23:15:30 sam Exp $"); d64 1 a64 18 if (!(&ic->ic_nw_keys[0] <= k && k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) { /* * Not in the global key table, the driver should handle this * by allocating a slot in the h/w key table/cache. In * lieu of that return key slot 0 for any unicast key * request. We disallow the request if this is a group key. * This default policy does the right thing for legacy hardware * with a 4 key table. It also handles devices that pass * packets through untouched when marked with the WEP bit * and key index 0. */ if ((k->wk_flags & IEEE80211_KEY_GROUP) == 0) return 0; /* NB: use key index 0 for ucast key */ else return IEEE80211_KEYIX_NONE; } return k - ic->ic_nw_keys; d525 1 a525 1 struct ieee80211_node *ni, struct mbuf *m, int hdrlen) d536 1 d554 1 d576 1 a576 1 return (cip->ic_decap(k, m, hdrlen) ? k : NULL); @ 1.1.1.5 log @Import FreeBSD's net80211(9) of 1-nov-2005 @ text @d34 1 a34 1 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_crypto.c,v 1.12 2005/08/08 18:46:35 sam Exp $"); d62 1 a62 2 null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d76 4 a79 5 if (k->wk_flags & IEEE80211_KEY_GROUP) return 0; *keyix = 0; /* NB: use key index 0 for ucast key */ } else { *keyix = k - ic->ic_nw_keys; d81 1 a81 2 *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ return 1; d116 1 a116 2 const struct ieee80211_key *key, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) d118 1 a118 1 return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); a145 1 cs->cs_max_keyix = IEEE80211_WEP_NKID; a243 1 ieee80211_keyix keyix, rxkeyix; d357 2 a358 1 if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) { a384 2 key->wk_keyix = keyix; key->wk_rxkeyix = rxkeyix; d396 1 a396 1 ieee80211_keyix keyix; d546 1 a546 1 (sizeof(struct ieee80211_frame) + \ @