Commit 2bb057d0 authored by Ivo van Doorn's avatar Ivo van Doorn Committed by John W. Linville

rt2x00: Implement HW encryption

Various rt2x00 devices support hardware encryption.

Most of them require the IV/EIV to be generated by mac80211,
but require it to be provided seperately instead of within
the frame itself. This means that rt2x00lib should extract
the data from the frame and place it in the frame descriptor.
During RX the IV/EIV is provided in the descriptor by the
hardware which means that it should be inserted into the
frame by rt2x00lib.
Signed-off-by: default avatarIvo van Doorn <IvDoorn@gmail.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent 8e7cdbb6
......@@ -33,6 +33,10 @@ config RT2X00_LIB_FIRMWARE
depends on RT2X00_LIB
select FW_LOADER
config RT2X00_LIB_CRYPTO
boolean
depends on RT2X00_LIB
config RT2X00_LIB_RFKILL
boolean
depends on RT2X00_LIB
......
......@@ -3,6 +3,7 @@ rt2x00lib-y += rt2x00mac.o
rt2x00lib-y += rt2x00config.o
rt2x00lib-y += rt2x00queue.o
rt2x00lib-$(CONFIG_RT2X00_LIB_DEBUGFS) += rt2x00debug.o
rt2x00lib-$(CONFIG_RT2X00_LIB_CRYPTO) += rt2x00crypto.o
rt2x00lib-$(CONFIG_RT2X00_LIB_RFKILL) += rt2x00rfkill.o
rt2x00lib-$(CONFIG_RT2X00_LIB_FIRMWARE) += rt2x00firmware.o
rt2x00lib-$(CONFIG_RT2X00_LIB_LEDS) += rt2x00leds.o
......
......@@ -451,6 +451,23 @@ struct rt2x00lib_erp {
int ack_consume_time;
};
/*
* Configuration structure for hardware encryption.
*/
struct rt2x00lib_crypto {
enum cipher cipher;
enum set_key_cmd cmd;
const u8 *address;
u32 bssidx;
u32 aid;
u8 key[16];
u8 tx_mic[8];
u8 rx_mic[8];
};
/*
* Configuration structure wrapper around the
* rt2x00 interface configuration handler.
......@@ -547,6 +564,12 @@ struct rt2x00lib_ops {
/*
* Configuration handlers.
*/
int (*config_shared_key) (struct rt2x00_dev *rt2x00dev,
struct rt2x00lib_crypto *crypto,
struct ieee80211_key_conf *key);
int (*config_pairwise_key) (struct rt2x00_dev *rt2x00dev,
struct rt2x00lib_crypto *crypto,
struct ieee80211_key_conf *key);
void (*config_filter) (struct rt2x00_dev *rt2x00dev,
const unsigned int filter_flags);
void (*config_intf) (struct rt2x00_dev *rt2x00dev,
......@@ -609,7 +632,7 @@ enum rt2x00_flags {
DEVICE_DIRTY_CONFIG,
/*
* Driver features
* Driver requirements
*/
DRIVER_REQUIRE_FIRMWARE,
DRIVER_REQUIRE_BEACON_GUARD,
......@@ -618,9 +641,14 @@ enum rt2x00_flags {
DRIVER_REQUIRE_DMA,
/*
* Driver configuration
* Driver features
*/
CONFIG_SUPPORT_HW_BUTTON,
CONFIG_SUPPORT_HW_CRYPTO,
/*
* Driver configuration
*/
CONFIG_FRAME_TYPE,
CONFIG_RF_SEQUENCE,
CONFIG_EXTERNAL_LNA_A,
......@@ -966,6 +994,13 @@ void rt2x00mac_configure_filter(struct ieee80211_hw *hw,
unsigned int changed_flags,
unsigned int *total_flags,
int mc_count, struct dev_addr_list *mc_list);
#ifdef CONFIG_RT2X00_LIB_CRYPTO
int rt2x00mac_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
const u8 *local_address, const u8 *address,
struct ieee80211_key_conf *key);
#else
#define rt2x00mac_set_key NULL
#endif /* CONFIG_RT2X00_LIB_CRYPTO */
int rt2x00mac_get_stats(struct ieee80211_hw *hw,
struct ieee80211_low_level_stats *stats);
int rt2x00mac_get_tx_stats(struct ieee80211_hw *hw,
......
/*
Copyright (C) 2004 - 2008 rt2x00 SourceForge Project
<http://rt2x00.serialmonkey.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the
Free Software Foundation, Inc.,
59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*
Module: rt2x00lib
Abstract: rt2x00 crypto specific routines.
*/
#include <linux/kernel.h>
#include <linux/module.h>
#include "rt2x00.h"
#include "rt2x00lib.h"
enum cipher rt2x00crypto_key_to_cipher(struct ieee80211_key_conf *key)
{
switch (key->alg) {
case ALG_WEP:
if (key->keylen == LEN_WEP40)
return CIPHER_WEP64;
else
return CIPHER_WEP128;
case ALG_TKIP:
return CIPHER_TKIP;
case ALG_CCMP:
return CIPHER_AES;
default:
return CIPHER_NONE;
}
}
unsigned int rt2x00crypto_tx_overhead(struct ieee80211_tx_info *tx_info)
{
struct ieee80211_key_conf *key = tx_info->control.hw_key;
unsigned int overhead = 0;
/*
* Extend frame length to include IV/EIV/ICV/MMIC,
* note that these lengths should only be added when
* mac80211 does not generate it.
*/
overhead += tx_info->control.icv_len;
if (!(key->flags & IEEE80211_KEY_FLAG_GENERATE_IV))
overhead += tx_info->control.iv_len;
if (!(key->flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
if (key->alg == ALG_TKIP)
overhead += 8;
}
return overhead;
}
void rt2x00crypto_tx_remove_iv(struct sk_buff *skb, unsigned int iv_len)
{
struct skb_frame_desc *skbdesc = get_skb_frame_desc(skb);
unsigned int header_length = ieee80211_get_hdrlen_from_skb(skb);
if (unlikely(!iv_len))
return;
/* Copy IV/EIV data */
if (iv_len >= 4)
memcpy(&skbdesc->iv, skb->data + header_length, 4);
if (iv_len >= 8)
memcpy(&skbdesc->eiv, skb->data + header_length + 4, 4);
/* Move ieee80211 header */
memmove(skb->data + iv_len, skb->data, header_length);
/* Pull buffer to correct size */
skb_pull(skb, iv_len);
/* IV/EIV data has officially be stripped */
skbdesc->flags |= FRAME_DESC_IV_STRIPPED;
}
void rt2x00crypto_tx_insert_iv(struct sk_buff *skb)
{
struct skb_frame_desc *skbdesc = get_skb_frame_desc(skb);
unsigned int header_length = ieee80211_get_hdrlen_from_skb(skb);
const unsigned int iv_len =
((!!(skbdesc->iv)) * 4) + ((!!(skbdesc->eiv)) * 4);
if (!(skbdesc->flags & FRAME_DESC_IV_STRIPPED))
return;
skb_push(skb, iv_len);
/* Move ieee80211 header */
memmove(skb->data, skb->data + iv_len, header_length);
/* Copy IV/EIV data */
if (iv_len >= 4)
memcpy(skb->data + header_length, &skbdesc->iv, 4);
if (iv_len >= 8)
memcpy(skb->data + header_length + 4, &skbdesc->eiv, 4);
/* IV/EIV data has returned into the frame */
skbdesc->flags &= ~FRAME_DESC_IV_STRIPPED;
}
void rt2x00crypto_rx_insert_iv(struct sk_buff *skb, unsigned int align,
unsigned int header_length,
struct rxdone_entry_desc *rxdesc)
{
unsigned int payload_len = rxdesc->size - header_length;
unsigned int iv_len;
unsigned int icv_len;
unsigned int transfer = 0;
/*
* WEP64/WEP128: Provides IV & ICV
* TKIP: Provides IV/EIV & ICV
* AES: Provies IV/EIV & ICV
*/
switch (rxdesc->cipher) {
case CIPHER_WEP64:
case CIPHER_WEP128:
iv_len = 4;
icv_len = 4;
break;
case CIPHER_TKIP:
iv_len = 8;
icv_len = 4;
break;
case CIPHER_AES:
iv_len = 8;
icv_len = 8;
break;
default:
/* Unsupport type */
return;
}
/*
* Make room for new data, note that we increase both
* headsize and tailsize when required. The tailsize is
* only needed when ICV data needs to be inserted and
* the padding is smaller then the ICV data.
* When alignment requirements is greater then the
* ICV data we must trim the skb to the correct size
* because we need to remove the extra bytes.
*/
skb_push(skb, iv_len + align);
if (align < icv_len)
skb_put(skb, icv_len - align);
else if (align > icv_len)
skb_trim(skb, rxdesc->size + iv_len + icv_len);
/* Move ieee80211 header */
memmove(skb->data + transfer,
skb->data + transfer + iv_len + align,
header_length);
transfer += header_length;
/* Copy IV data */
if (iv_len >= 4) {
memcpy(skb->data + transfer, &rxdesc->iv, 4);
transfer += 4;
}
/* Copy EIV data */
if (iv_len >= 8) {
memcpy(skb->data + transfer, &rxdesc->eiv, 4);
transfer += 4;
}
/* Move payload */
if (align) {
memmove(skb->data + transfer,
skb->data + transfer + align,
payload_len);
}
/*
* NOTE: Always count the payload as transfered,
* even when alignment was set to zero. This is required
* for determining the correct offset for the ICV data.
*/
transfer += payload_len;
/* Copy ICV data */
if (icv_len >= 4) {
memcpy(skb->data + transfer, &rxdesc->icv, 4);
/*
* AES appends 8 bytes, we can't fill the upper
* 4 bytes, but mac80211 doesn't care about what
* we provide here anyway and strips it immediately.
*/
transfer += icv_len;
}
/* IV/EIV/ICV has been inserted into frame */
rxdesc->size = transfer;
rxdesc->flags &= ~RX_FLAG_IV_STRIPPED;
}
......@@ -35,6 +35,13 @@
#define MAX_LINE_LENGTH 64
struct rt2x00debug_crypto {
unsigned long success;
unsigned long icv_error;
unsigned long mic_error;
unsigned long key_error;
};
struct rt2x00debug_intf {
/*
* Pointer to driver structure where
......@@ -63,6 +70,7 @@ struct rt2x00debug_intf {
* - queue folder
* - frame dump file
* - queue stats file
* - crypto stats file
*/
struct dentry *driver_folder;
struct dentry *driver_entry;
......@@ -80,6 +88,7 @@ struct rt2x00debug_intf {
struct dentry *queue_folder;
struct dentry *queue_frame_dump_entry;
struct dentry *queue_stats_entry;
struct dentry *crypto_stats_entry;
/*
* The frame dump file only allows a single reader,
......@@ -97,6 +106,12 @@ struct rt2x00debug_intf {
struct sk_buff_head frame_dump_skbqueue;
wait_queue_head_t frame_dump_waitqueue;
/*
* HW crypto statistics.
* All statistics are stored seperately per cipher type.
*/
struct rt2x00debug_crypto crypto_stats[CIPHER_MAX];
/*
* Driver and chipset files will use a data buffer
* that has been created in advance. This will simplify
......@@ -114,6 +129,25 @@ struct rt2x00debug_intf {
unsigned int offset_rf;
};
void rt2x00debug_update_crypto(struct rt2x00_dev *rt2x00dev,
enum cipher cipher, enum rx_crypto status)
{
struct rt2x00debug_intf *intf = rt2x00dev->debugfs_intf;
if (cipher == CIPHER_TKIP_NO_MIC)
cipher = CIPHER_TKIP;
if (cipher == CIPHER_NONE || cipher > CIPHER_MAX)
return;
/* Remove CIPHER_NONE index */
cipher--;
intf->crypto_stats[cipher].success += (status == RX_CRYPTO_SUCCESS);
intf->crypto_stats[cipher].icv_error += (status == RX_CRYPTO_FAIL_ICV);
intf->crypto_stats[cipher].mic_error += (status == RX_CRYPTO_FAIL_MIC);
intf->crypto_stats[cipher].key_error += (status == RX_CRYPTO_FAIL_KEY);
}
void rt2x00debug_dump_frame(struct rt2x00_dev *rt2x00dev,
enum rt2x00_dump_type type, struct sk_buff *skb)
{
......@@ -327,6 +361,59 @@ static const struct file_operations rt2x00debug_fop_queue_stats = {
.release = rt2x00debug_file_release,
};
#ifdef CONFIG_RT2X00_LIB_CRYPTO
static ssize_t rt2x00debug_read_crypto_stats(struct file *file,
char __user *buf,
size_t length,
loff_t *offset)
{
struct rt2x00debug_intf *intf = file->private_data;
char *name[] = { "WEP64", "WEP128", "TKIP", "AES" };
char *data;
char *temp;
size_t size;
unsigned int i;
if (*offset)
return 0;
data = kzalloc((1 + CIPHER_MAX)* MAX_LINE_LENGTH, GFP_KERNEL);
if (!data)
return -ENOMEM;
temp = data;
temp += sprintf(data, "cipher\tsuccess\ticv err\tmic err\tkey err\n");
for (i = 0; i < CIPHER_MAX; i++) {
temp += sprintf(temp, "%s\t%lu\t%lu\t%lu\t%lu\n", name[i],
intf->crypto_stats[i].success,
intf->crypto_stats[i].icv_error,
intf->crypto_stats[i].mic_error,
intf->crypto_stats[i].key_error);
}
size = strlen(data);
size = min(size, length);
if (copy_to_user(buf, data, size)) {
kfree(data);
return -EFAULT;
}
kfree(data);
*offset += size;
return size;
}
static const struct file_operations rt2x00debug_fop_crypto_stats = {
.owner = THIS_MODULE,
.read = rt2x00debug_read_crypto_stats,
.open = rt2x00debug_file_open,
.release = rt2x00debug_file_release,
};
#endif
#define RT2X00DEBUGFS_OPS_READ(__name, __format, __type) \
static ssize_t rt2x00debug_read_##__name(struct file *file, \
char __user *buf, \
......@@ -569,6 +656,13 @@ void rt2x00debug_register(struct rt2x00_dev *rt2x00dev)
debugfs_create_file("queue", S_IRUSR, intf->queue_folder,
intf, &rt2x00debug_fop_queue_stats);
#ifdef CONFIG_RT2X00_LIB_CRYPTO
if (test_bit(CONFIG_SUPPORT_HW_CRYPTO, &rt2x00dev->flags))
intf->crypto_stats_entry =
debugfs_create_file("crypto", S_IRUGO, intf->queue_folder,
intf, &rt2x00debug_fop_crypto_stats);
#endif
return;
exit:
......@@ -587,6 +681,9 @@ void rt2x00debug_deregister(struct rt2x00_dev *rt2x00dev)
skb_queue_purge(&intf->frame_dump_skbqueue);
#ifdef CONFIG_RT2X00_LIB_CRYPTO
debugfs_remove(intf->crypto_stats_entry);
#endif
debugfs_remove(intf->queue_stats_entry);
debugfs_remove(intf->queue_frame_dump_entry);
debugfs_remove(intf->queue_folder);
......
......@@ -507,6 +507,15 @@ void rt2x00lib_txdone(struct queue_entry *entry,
*/
rt2x00queue_unmap_skb(rt2x00dev, entry->skb);
/*
* If the IV/EIV data was stripped from the frame before it was
* passed to the hardware, we should now reinsert it again because
* mac80211 will expect the the same data to be present it the
* frame as it was passed to us.
*/
if (test_bit(CONFIG_SUPPORT_HW_CRYPTO, &rt2x00dev->flags))
rt2x00crypto_tx_insert_iv(entry->skb);
/*
* Send frame to debugfs immediately, after this call is completed
* we are going to overwrite the skb->cb array.
......@@ -585,7 +594,7 @@ void rt2x00lib_rxdone(struct rt2x00_dev *rt2x00dev,
struct ieee80211_supported_band *sband;
struct ieee80211_hdr *hdr;
const struct rt2x00_rate *rate;
unsigned int header_size;
unsigned int header_length;
unsigned int align;
unsigned int i;
int idx = -1;
......@@ -613,10 +622,19 @@ void rt2x00lib_rxdone(struct rt2x00_dev *rt2x00dev,
* The data behind the ieee80211 header must be
* aligned on a 4 byte boundary.
*/
header_size = ieee80211_get_hdrlen_from_skb(entry->skb);
align = ((unsigned long)(entry->skb->data + header_size)) & 3;
header_length = ieee80211_get_hdrlen_from_skb(entry->skb);
align = ((unsigned long)(entry->skb->data + header_length)) & 3;
if (align) {
/*
* Hardware might have stripped the IV/EIV/ICV data,
* in that case it is possible that the data was
* provided seperately (through hardware descriptor)
* in which case we should reinsert the data into the frame.
*/
if ((rxdesc.flags & RX_FLAG_IV_STRIPPED)) {
rt2x00crypto_rx_insert_iv(entry->skb, align,
header_length, &rxdesc);
} else if (align) {
skb_push(entry->skb, align);
/* Move entire frame in 1 command */
memmove(entry->skb->data, entry->skb->data + align,
......@@ -657,6 +675,10 @@ void rt2x00lib_rxdone(struct rt2x00_dev *rt2x00dev,
(rxdesc.dev_flags & RXDONE_MY_BSS))
rt2x00lib_update_link_stats(&rt2x00dev->link, rxdesc.rssi);
rt2x00debug_update_crypto(rt2x00dev,
rxdesc.cipher,
rxdesc.cipher_status);
rt2x00dev->link.qual.rx_success++;
rx_status->mactime = rxdesc.timestamp;
......
......@@ -181,6 +181,8 @@ void rt2x00debug_register(struct rt2x00_dev *rt2x00dev);
void rt2x00debug_deregister(struct rt2x00_dev *rt2x00dev);
void rt2x00debug_dump_frame(struct rt2x00_dev *rt2x00dev,
enum rt2x00_dump_type type, struct sk_buff *skb);
void rt2x00debug_update_crypto(struct rt2x00_dev *rt2x00dev,
enum cipher cipher, enum rx_crypto status);
#else
static inline void rt2x00debug_register(struct rt2x00_dev *rt2x00dev)
{
......@@ -195,8 +197,53 @@ static inline void rt2x00debug_dump_frame(struct rt2x00_dev *rt2x00dev,
struct sk_buff *skb)
{
}
static inline void rt2x00debug_update_crypto(struct rt2x00_dev *rt2x00dev,
enum cipher cipher,
enum rx_crypto status)
{
}
#endif /* CONFIG_RT2X00_LIB_DEBUGFS */
/*
* Crypto handlers.
*/
#ifdef CONFIG_RT2X00_LIB_CRYPTO
enum cipher rt2x00crypto_key_to_cipher(struct ieee80211_key_conf *key);
unsigned int rt2x00crypto_tx_overhead(struct ieee80211_tx_info *tx_info);
void rt2x00crypto_tx_remove_iv(struct sk_buff *skb, unsigned int iv_len);
void rt2x00crypto_tx_insert_iv(struct sk_buff *skb);
void rt2x00crypto_rx_insert_iv(struct sk_buff *skb, unsigned int align,
unsigned int header_length,
struct rxdone_entry_desc *rxdesc);
#else
static inline enum cipher rt2x00crypto_key_to_cipher(struct ieee80211_key_conf *key)
{
return CIPHER_NONE;
}
static inline unsigned int rt2x00crypto_tx_overhead(struct ieee80211_tx_info *tx_info)
{
return 0;
}
static inline void rt2x00crypto_tx_remove_iv(struct sk_buff *skb,
unsigned int iv_len)
{
}
static inline void rt2x00crypto_tx_insert_iv(struct sk_buff *skb)
{
}
static inline void rt2x00crypto_rx_insert_iv(struct sk_buff *skb,
unsigned int align,
unsigned int header_length,
struct rxdone_entry_desc *rxdesc)
{
}
#endif
/*
* RFkill handlers.
*/
......
......@@ -36,22 +36,22 @@ static int rt2x00mac_tx_rts_cts(struct rt2x00_dev *rt2x00dev,
struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(frag_skb);
struct ieee80211_tx_info *rts_info;
struct sk_buff *skb;
int size;
unsigned int data_length;
int retval = 0;
if (tx_info->flags & IEEE80211_TX_CTL_USE_CTS_PROTECT)
size = sizeof(struct ieee80211_cts);
data_length = sizeof(struct ieee80211_cts);
else
size = sizeof(struct ieee80211_rts);
data_length = sizeof(struct ieee80211_rts);
skb = dev_alloc_skb(size + rt2x00dev->hw->extra_tx_headroom);
skb = dev_alloc_skb(data_length + rt2x00dev->hw->extra_tx_headroom);
if (unlikely(!skb)) {
WARNING(rt2x00dev, "Failed to create RTS/CTS frame.\n");
return -ENOMEM;
}
skb_reserve(skb, rt2x00dev->hw->extra_tx_headroom);
skb_put(skb, size);
skb_put(skb, data_length);
/*
* Copy TX information over from original frame to
......@@ -64,7 +64,6 @@ static int rt2x00mac_tx_rts_cts(struct rt2x00_dev *rt2x00dev,
*/
memcpy(skb->cb, frag_skb->cb, sizeof(skb->cb));
rts_info = IEEE80211_SKB_CB(skb);
rts_info->control.hw_key = NULL;