1ff66a890SHiten Pandya.\" 205ac2d0dSSascha Wildner.\" Copyright (c) 2004 Bruce M. Simpson <bms@spc.org> 305ac2d0dSSascha Wildner.\" Copyright (c) 2004 Darron Broad <darron@kewl.org> 405ac2d0dSSascha Wildner.\" All rights reserved. 5ff66a890SHiten Pandya.\" 6ff66a890SHiten Pandya.\" Redistribution and use in source and binary forms, with or without 7ff66a890SHiten Pandya.\" modification, are permitted provided that the following conditions 8ff66a890SHiten Pandya.\" are met: 9ff66a890SHiten Pandya.\" 1. Redistributions of source code must retain the above copyright 10ff66a890SHiten Pandya.\" notice, this list of conditions and the following disclaimer. 11ff66a890SHiten Pandya.\" 2. Redistributions in binary form must reproduce the above copyright 1205ac2d0dSSascha Wildner.\" notice, this list of conditions and the following disclaimer in the 1305ac2d0dSSascha Wildner.\" documentation and/or other materials provided with the distribution. 14ff66a890SHiten Pandya.\" 1505ac2d0dSSascha Wildner.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1605ac2d0dSSascha Wildner.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1705ac2d0dSSascha Wildner.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1805ac2d0dSSascha Wildner.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1905ac2d0dSSascha Wildner.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2005ac2d0dSSascha Wildner.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2105ac2d0dSSascha Wildner.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2205ac2d0dSSascha Wildner.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2305ac2d0dSSascha Wildner.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2405ac2d0dSSascha Wildner.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25ff66a890SHiten Pandya.\" SUCH DAMAGE. 26ff66a890SHiten Pandya.\" 27e4c06619SSascha Wildner.\" $FreeBSD: head/share/man/man9/ieee80211_crypto.9 275993 2014-12-21 10:57:42Z brueffer $ 2805ac2d0dSSascha Wildner.\" $Id: ieee80211_crypto.9,v 1.3 2004/03/04 10:42:56 bruce Exp $ 29ff66a890SHiten Pandya.\" 30e4c06619SSascha Wildner.Dd May 25, 2016 31ff66a890SHiten Pandya.Dt IEEE80211_CRYPTO 9 32ff66a890SHiten Pandya.Os 33ff66a890SHiten Pandya.Sh NAME 3405ac2d0dSSascha Wildner.Nm ieee80211_crypto 3505ac2d0dSSascha Wildner.Nd 802.11 cryptographic support 36ff66a890SHiten Pandya.Sh SYNOPSIS 377d9c9280SSascha Wildner.In net/if.h 387d9c9280SSascha Wildner.In net/if_media.h 39737edb20SSascha Wildner.In netproto/802_11/ieee80211_var.h 4005ac2d0dSSascha Wildner.\" 4105ac2d0dSSascha Wildner.Pp 4205ac2d0dSSascha Wildner.Ft void 4305ac2d0dSSascha Wildner.Fn ieee80211_crypto_register "const struct ieee80211_cipher *" 4405ac2d0dSSascha Wildner.\" 4505ac2d0dSSascha Wildner.Ft void 4605ac2d0dSSascha Wildner.Fn ieee80211_crypto_unregister "const struct ieee80211_cipher *" 4705ac2d0dSSascha Wildner.\" 4805ac2d0dSSascha Wildner.Ft int 4905ac2d0dSSascha Wildner.Fn ieee80211_crypto_available "int cipher" 5005ac2d0dSSascha Wildner.\" 5105ac2d0dSSascha Wildner.Pp 5205ac2d0dSSascha Wildner.Ft void 5305ac2d0dSSascha Wildner.Fo ieee80211_notify_replay_failure 5405ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 5505ac2d0dSSascha Wildner.Fa "const struct ieee80211_frame *" 5605ac2d0dSSascha Wildner.Fa "const struct ieee80211_key *" 5705ac2d0dSSascha Wildner.Fa "uint64_t rsc" 5805ac2d0dSSascha Wildner.Fa "int tid" 5905ac2d0dSSascha Wildner.Fc 6005ac2d0dSSascha Wildner.\" 6105ac2d0dSSascha Wildner.Ft void 6205ac2d0dSSascha Wildner.Fo ieee80211_notify_michael_failure 6305ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 6405ac2d0dSSascha Wildner.Fa "const struct ieee80211_frame *" 6505ac2d0dSSascha Wildner.Fa "u_int keyix" 6605ac2d0dSSascha Wildner.Fc 6705ac2d0dSSascha Wildner.\" 6805ac2d0dSSascha Wildner.Ft int 6905ac2d0dSSascha Wildner.Fo ieee80211_crypto_newkey 7005ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 7105ac2d0dSSascha Wildner.Fa "int cipher" 7205ac2d0dSSascha Wildner.Fa "int flags" 7305ac2d0dSSascha Wildner.Fa "struct ieee80211_key *" 7405ac2d0dSSascha Wildner.Fc 7505ac2d0dSSascha Wildner.\" 7605ac2d0dSSascha Wildner.Ft int 7705ac2d0dSSascha Wildner.Fn ieee80211_crypto_setkey "struct ieee80211vap *" "struct ieee80211_key *" 7805ac2d0dSSascha Wildner.\" 7905ac2d0dSSascha Wildner.Ft int 8005ac2d0dSSascha Wildner.Fn ieee80211_crypto_delkey "struct ieee80211vap *" "struct ieee80211_key *" 8105ac2d0dSSascha Wildner.\" 8205ac2d0dSSascha Wildner.Ft void 8305ac2d0dSSascha Wildner.Fn ieee80211_key_update_begin "struct ieee80211vap *" 8405ac2d0dSSascha Wildner.\" 8505ac2d0dSSascha Wildner.Ft void 8605ac2d0dSSascha Wildner.Fn ieee80211_key_update_end "struct ieee80211vap *" 8705ac2d0dSSascha Wildner.\" 8805ac2d0dSSascha Wildner.Ft void 8905ac2d0dSSascha Wildner.Fn ieee80211_crypto_delglobalkeys "struct ieee80211vap *" 9005ac2d0dSSascha Wildner.\" 9105ac2d0dSSascha Wildner.Ft void 9205ac2d0dSSascha Wildner.Fn ieee80211_crypto_reload_keys "struct ieee80211com *" 9305ac2d0dSSascha Wildner.\" 9405ac2d0dSSascha Wildner.Pp 951102a27eSSascha Wildner.Ft struct ieee80211_key * 9605ac2d0dSSascha Wildner.Fn ieee80211_crypto_encap "struct ieee80211_node *" "struct mbuf *" 9705ac2d0dSSascha Wildner.\" 9805ac2d0dSSascha Wildner.Ft struct ieee80211_key * 9905ac2d0dSSascha Wildner.Fn ieee80211_crypto_decap "struct ieee80211_node *" "struct mbuf *" "int flags" 10005ac2d0dSSascha Wildner.\" 10105ac2d0dSSascha Wildner.Ft int 10205ac2d0dSSascha Wildner.Fo ieee80211_crypto_demic 10305ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 10405ac2d0dSSascha Wildner.Fa "struct ieee80211_key *" 10505ac2d0dSSascha Wildner.Fa "struct mbuf *" 10605ac2d0dSSascha Wildner.Fa "int force" 10705ac2d0dSSascha Wildner.Fc 10805ac2d0dSSascha Wildner.\" 10905ac2d0dSSascha Wildner.Ft int 11005ac2d0dSSascha Wildner.Fo ieee80211_crypto_enmic 11105ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 11205ac2d0dSSascha Wildner.Fa "struct ieee80211_key *" 11305ac2d0dSSascha Wildner.Fa "struct mbuf *" 11405ac2d0dSSascha Wildner.Fa "int force" 1151102a27eSSascha Wildner.Fc 116ff66a890SHiten Pandya.Sh DESCRIPTION 11705ac2d0dSSascha WildnerThe 11805ac2d0dSSascha Wildner.Nm net80211 11905ac2d0dSSascha Wildnerlayer includes comprehensive cryptographic support for 802.11 protocols. 12005ac2d0dSSascha WildnerSoftware implementations of ciphers required by 12105ac2d0dSSascha WildnerWPA and 802.11i are provided as well as encap/decap processing of 802.11 frames. 12205ac2d0dSSascha WildnerSoftware ciphers are written as kernel modules and 12305ac2d0dSSascha Wildnerregister with the core crypto support. 12405ac2d0dSSascha WildnerThe cryptographic framework supports hardware acceleration of ciphers 12505ac2d0dSSascha Wildnerby drivers with automatic fall-back to software implementations when a 12605ac2d0dSSascha Wildnerdriver is unable to provide necessary hardware services. 12705ac2d0dSSascha Wildner.Sh CRYPTO CIPHER MODULES 12805ac2d0dSSascha Wildner.Nm net80211 12905ac2d0dSSascha Wildnercipher modules register their services using 13005ac2d0dSSascha Wildner.Fn ieee80211_crypto_register 13105ac2d0dSSascha Wildnerand supply a template that describes their operation. 13205ac2d0dSSascha WildnerThis 13305ac2d0dSSascha Wildner.Vt ieee80211_cipher 13405ac2d0dSSascha Wildnerstructure defines protocol-related state such as the number of bytes 13505ac2d0dSSascha Wildnerof space in the 802.11 header to reserve/remove during encap/decap 13605ac2d0dSSascha Wildnerand entry points for setting up keys and doing cryptographic operations. 137ff66a890SHiten Pandya.Pp 13805ac2d0dSSascha WildnerCipher modules can associate private state to each key through the 13905ac2d0dSSascha Wildner.Vt wk_private 14005ac2d0dSSascha Wildnerstructure member. 14105ac2d0dSSascha WildnerIf state is setup by the module it will be called before a key is destroyed 14205ac2d0dSSascha Wildnerso it can reclaim resources. 14305ac2d0dSSascha Wildner.Pp 14405ac2d0dSSascha WildnerCrypto modules can notify the system of two events. 14505ac2d0dSSascha WildnerWhen a packet replay event is recognized 14605ac2d0dSSascha Wildner.Fn ieee80211_notify_replay_failure 14705ac2d0dSSascha Wildnercan be used to signal the event. 14805ac2d0dSSascha WildnerWhen a 14905ac2d0dSSascha Wildner.Dv TKIP 15005ac2d0dSSascha WildnerMichael failure is detected 15105ac2d0dSSascha Wildner.Fn ieee80211_notify_michael_failure 15205ac2d0dSSascha Wildnercan be invoked. 15305ac2d0dSSascha WildnerDrivers may also use these routines to signal events detected by the 15405ac2d0dSSascha Wildnerhardware. 15505ac2d0dSSascha Wildner.Sh CRYPTO KEY MANAGEMENT 156ff66a890SHiten PandyaThe 15705ac2d0dSSascha Wildner.Nm net80211 15805ac2d0dSSascha Wildnerlayer implements a per-vap 4-element 15905ac2d0dSSascha Wildner.Dq global key table 16005ac2d0dSSascha Wildnerand a per-station 16105ac2d0dSSascha Wildner.Dq unicast key 16205ac2d0dSSascha Wildnerfor protocols such as WPA, 802.1x, and 802.11i. 16305ac2d0dSSascha WildnerThe global key table is designed to support legacy WEP operation 16405ac2d0dSSascha Wildnerand Multicast/Group keys, 16505ac2d0dSSascha Wildnerthough some applications also use it to implement WPA in station mode. 16605ac2d0dSSascha WildnerKeys in the global table are identified by a key index in the range 0-3. 16705ac2d0dSSascha WildnerPer-station keys are identified by the MAC address of the station and 16805ac2d0dSSascha Wildnerare typically used for unicast PTK bindings. 16905ac2d0dSSascha Wildner.Pp 17005ac2d0dSSascha Wildner.Nm net80211 17105ac2d0dSSascha Wildnerprovides 17205ac2d0dSSascha Wildner.Xr ioctl 2 17305ac2d0dSSascha Wildneroperations for managing both global and per-station keys. 17405ac2d0dSSascha WildnerDrivers typically do not participate in software key management; 17505ac2d0dSSascha Wildnerthey are involved only when providing hardware acceleration of 17605ac2d0dSSascha Wildnercryptographic operations. 17705ac2d0dSSascha Wildner.Pp 17805ac2d0dSSascha Wildner.Fn ieee80211_crypto_newkey 17905ac2d0dSSascha Wildneris used to allocate a new 18005ac2d0dSSascha Wildner.Nm net80211 18105ac2d0dSSascha Wildnerkey or reconfigure an existing key. 18205ac2d0dSSascha WildnerThe cipher must be specified along with any fixed key index. 183ff66a890SHiten PandyaThe 18405ac2d0dSSascha Wildner.Nm net80211 18505ac2d0dSSascha Wildnerlayer will handle allocating cipher and driver resources to support the key. 18605ac2d0dSSascha Wildner.Pp 187*d60186b7SSascha WildnerOnce a key is allocated its contents can be set using 188*d60186b7SSascha Wildner.Fn ieee80211_crypto_setkey 18905ac2d0dSSascha Wildnerand deleted with 19005ac2d0dSSascha Wildner.Fn ieee80211_crypto_delkey 19105ac2d0dSSascha Wildner(with any cipher and driver resources reclaimed). 19205ac2d0dSSascha Wildner.Pp 19305ac2d0dSSascha Wildner.Fn ieee80211_crypto_delglobalkeys 19405ac2d0dSSascha Wildneris used to reclaim all keys in the global key table for a vap; it 19505ac2d0dSSascha Wildnertypically is used only within the 19605ac2d0dSSascha Wildner.Nm net80211 19705ac2d0dSSascha Wildnerlayer. 19805ac2d0dSSascha Wildner.Pp 19905ac2d0dSSascha Wildner.Fn ieee80211_crypto_reload_keys 20005ac2d0dSSascha Wildnerhandles hardware key state reloading from software key state, such 20105ac2d0dSSascha Wildneras required after a suspend/resume cycle. 20205ac2d0dSSascha Wildner.Sh DRIVER CRYPTO SUPPORT 20305ac2d0dSSascha WildnerDrivers identify ciphers they have hardware support for through the 20405ac2d0dSSascha Wildner.Vt ic_cryptocaps 20505ac2d0dSSascha Wildnerfield of the 20605ac2d0dSSascha Wildner.Vt ieee80211com 20705ac2d0dSSascha Wildnerstructure. 20805ac2d0dSSascha WildnerIf hardware support is available then a driver should also fill in the 20905ac2d0dSSascha Wildner.Dv iv_key_alloc , 21005ac2d0dSSascha Wildner.Dv iv_key_set , 21105ac2d0dSSascha Wildnerand 21205ac2d0dSSascha Wildner.Dv iv_key_delete 21305ac2d0dSSascha Wildnermethods of each 21405ac2d0dSSascha Wildner.Vt ieee80211vap 21505ac2d0dSSascha Wildnercreated for use with the device. 21605ac2d0dSSascha WildnerIn addition the methods 21705ac2d0dSSascha Wildner.Dv iv_key_update_begin 21805ac2d0dSSascha Wildnerand 21905ac2d0dSSascha Wildner.Dv iv_key_update_end 22005ac2d0dSSascha Wildnercan be setup to handle synchronization requirements 22105ac2d0dSSascha Wildnerfor updating hardware key state. 22205ac2d0dSSascha Wildner.Pp 22305ac2d0dSSascha WildnerWhen 22405ac2d0dSSascha Wildner.Nm net80211 22505ac2d0dSSascha Wildnerallocates a software key and the driver can accelerate the 22605ac2d0dSSascha Wildnercipher operations the 22705ac2d0dSSascha Wildner.Dv iv_key_alloc 22805ac2d0dSSascha Wildnermethod will be invoked. 22905ac2d0dSSascha WildnerDrivers may return a token that is associated with outbound traffic 23005ac2d0dSSascha Wildner(for use in encrypting frames). 23105ac2d0dSSascha WildnerOtherwise, e.g. if hardware resources are not available, the driver will 23205ac2d0dSSascha Wildnernot return a token and 23305ac2d0dSSascha Wildner.Nm net80211 23405ac2d0dSSascha Wildnerwill arrange to do the work in software and pass frames 23505ac2d0dSSascha Wildnerto the driver that are already prepared for transmission. 23605ac2d0dSSascha Wildner.Pp 23705ac2d0dSSascha WildnerFor receive, drivers mark frames with the 23805ac2d0dSSascha Wildner.Dv M_WEP 23905ac2d0dSSascha Wildnermbuf flag to indicate the hardware has decrypted the payload. 24005ac2d0dSSascha WildnerIf frames have the 241e4c06619SSascha Wildner.Dv IEEE80211_FC1_PROTECTED 24205ac2d0dSSascha Wildnerbit marked in their 802.11 header and are not tagged with 24305ac2d0dSSascha Wildner.Dv M_WEP 24405ac2d0dSSascha Wildnerthen decryption is done in software. 24505ac2d0dSSascha WildnerFor more complicated scenarios the software key state is consulted; e.g. 24605ac2d0dSSascha Wildnerto decide if Michael verification needs to be done in software after 24705ac2d0dSSascha Wildnerthe hardware has handled TKIP decryption. 24805ac2d0dSSascha Wildner.Pp 24905ac2d0dSSascha WildnerDrivers that manage complicated key data structures, e.g. faulting 25005ac2d0dSSascha Wildnersoftware keys into a hardware key cache, can safely manipulate software 25105ac2d0dSSascha Wildnerkey state by bracketing their work with calls to 25205ac2d0dSSascha Wildner.Fn ieee80211_key_update_begin 25305ac2d0dSSascha Wildnerand 25405ac2d0dSSascha Wildner.Fn ieee80211_key_update_end . 25505ac2d0dSSascha WildnerThese calls also synchronize hardware key state update 25605ac2d0dSSascha Wildnerwhen receive traffic is active. 257ff66a890SHiten Pandya.Sh SEE ALSO 25805ac2d0dSSascha Wildner.Xr ioctl 2 , 25905ac2d0dSSascha Wildner.Xr wlan_ccmp 4 , 26005ac2d0dSSascha Wildner.Xr wlan_tkip 4 , 2613cd583efSSascha Wildner.Xr wlan_wep 4 , 2623cd583efSSascha Wildner.Xr ieee80211 9 263