1ff66a890SHiten Pandya.\" 2*05ac2d0dSSascha Wildner.\" Copyright (c) 2004 Bruce M. Simpson <bms@spc.org> 3*05ac2d0dSSascha Wildner.\" Copyright (c) 2004 Darron Broad <darron@kewl.org> 4*05ac2d0dSSascha Wildner.\" All rights reserved. 5ff66a890SHiten Pandya.\" 6ff66a890SHiten Pandya.\" Redistribution and use in source and binary forms, with or without 7ff66a890SHiten Pandya.\" modification, are permitted provided that the following conditions 8ff66a890SHiten Pandya.\" are met: 9ff66a890SHiten Pandya.\" 1. Redistributions of source code must retain the above copyright 10ff66a890SHiten Pandya.\" notice, this list of conditions and the following disclaimer. 11ff66a890SHiten Pandya.\" 2. Redistributions in binary form must reproduce the above copyright 12*05ac2d0dSSascha Wildner.\" notice, this list of conditions and the following disclaimer in the 13*05ac2d0dSSascha Wildner.\" documentation and/or other materials provided with the distribution. 14ff66a890SHiten Pandya.\" 15*05ac2d0dSSascha Wildner.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16*05ac2d0dSSascha Wildner.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17*05ac2d0dSSascha Wildner.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18*05ac2d0dSSascha Wildner.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19*05ac2d0dSSascha Wildner.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20*05ac2d0dSSascha Wildner.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21*05ac2d0dSSascha Wildner.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22*05ac2d0dSSascha Wildner.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23*05ac2d0dSSascha Wildner.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24*05ac2d0dSSascha Wildner.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25ff66a890SHiten Pandya.\" SUCH DAMAGE. 26ff66a890SHiten Pandya.\" 27*05ac2d0dSSascha Wildner.\" $FreeBSD: src/share/man/man9/ieee80211_crypto.9,v 1.6 2010/03/29 17:39:38 trasz Exp $ 28*05ac2d0dSSascha Wildner.\" $Id: ieee80211_crypto.9,v 1.3 2004/03/04 10:42:56 bruce Exp $ 29ff66a890SHiten Pandya.\" 30*05ac2d0dSSascha Wildner.Dd April 28, 2010 31ff66a890SHiten Pandya.Dt IEEE80211_CRYPTO 9 32ff66a890SHiten Pandya.Os 33ff66a890SHiten Pandya.Sh NAME 34*05ac2d0dSSascha Wildner.Nm ieee80211_crypto 35*05ac2d0dSSascha Wildner.Nd 802.11 cryptographic support 36ff66a890SHiten Pandya.Sh SYNOPSIS 37*05ac2d0dSSascha Wildner.In net80211/ieee80211_var.h 38*05ac2d0dSSascha Wildner.\" 39*05ac2d0dSSascha Wildner.Pp 40*05ac2d0dSSascha Wildner.Ft void 41*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_register "const struct ieee80211_cipher *" 42*05ac2d0dSSascha Wildner.\" 43*05ac2d0dSSascha Wildner.Ft void 44*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_unregister "const struct ieee80211_cipher *" 45*05ac2d0dSSascha Wildner.\" 46*05ac2d0dSSascha Wildner.Ft int 47*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_available "int cipher" 48*05ac2d0dSSascha Wildner.\" 49*05ac2d0dSSascha Wildner.Pp 50*05ac2d0dSSascha Wildner.Ft void 51*05ac2d0dSSascha Wildner.Fo ieee80211_notify_replay_failure 52*05ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 53*05ac2d0dSSascha Wildner.Fa "const struct ieee80211_frame *" 54*05ac2d0dSSascha Wildner.Fa "const struct ieee80211_key *" 55*05ac2d0dSSascha Wildner.Fa "uint64_t rsc" 56*05ac2d0dSSascha Wildner.Fa "int tid" 57*05ac2d0dSSascha Wildner.Fc 58*05ac2d0dSSascha Wildner.\" 59*05ac2d0dSSascha Wildner.Ft void 60*05ac2d0dSSascha Wildner.Fo ieee80211_notify_michael_failure 61*05ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 62*05ac2d0dSSascha Wildner.Fa "const struct ieee80211_frame *" 63*05ac2d0dSSascha Wildner.Fa "u_int keyix" 64*05ac2d0dSSascha Wildner.Fc 65*05ac2d0dSSascha Wildner.\" 66*05ac2d0dSSascha Wildner.Ft int 67*05ac2d0dSSascha Wildner.Fo ieee80211_crypto_newkey 68*05ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 69*05ac2d0dSSascha Wildner.Fa "int cipher" 70*05ac2d0dSSascha Wildner.Fa "int flags" 71*05ac2d0dSSascha Wildner.Fa "struct ieee80211_key *" 72*05ac2d0dSSascha Wildner.Fc 73*05ac2d0dSSascha Wildner.\" 74*05ac2d0dSSascha Wildner.Ft int 75*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_setkey "struct ieee80211vap *" "struct ieee80211_key *" 76*05ac2d0dSSascha Wildner.\" 77*05ac2d0dSSascha Wildner.Ft int 78*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_delkey "struct ieee80211vap *" "struct ieee80211_key *" 79*05ac2d0dSSascha Wildner.\" 80*05ac2d0dSSascha Wildner.Ft void 81*05ac2d0dSSascha Wildner.Fn ieee80211_key_update_begin "struct ieee80211vap *" 82*05ac2d0dSSascha Wildner.\" 83*05ac2d0dSSascha Wildner.Ft void 84*05ac2d0dSSascha Wildner.Fn ieee80211_key_update_end "struct ieee80211vap *" 85*05ac2d0dSSascha Wildner.\" 86*05ac2d0dSSascha Wildner.Ft void 87*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_delglobalkeys "struct ieee80211vap *" 88*05ac2d0dSSascha Wildner.\" 89*05ac2d0dSSascha Wildner.Ft void 90*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_reload_keys "struct ieee80211com *" 91*05ac2d0dSSascha Wildner.\" 92*05ac2d0dSSascha Wildner.Pp 931102a27eSSascha Wildner.Ft struct ieee80211_key * 94*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_encap "struct ieee80211_node *" "struct mbuf *" 95*05ac2d0dSSascha Wildner.\" 96*05ac2d0dSSascha Wildner.Ft struct ieee80211_key * 97*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_decap "struct ieee80211_node *" "struct mbuf *" "int flags" 98*05ac2d0dSSascha Wildner.\" 99*05ac2d0dSSascha Wildner.Ft int 100*05ac2d0dSSascha Wildner.Fo ieee80211_crypto_demic 101*05ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 102*05ac2d0dSSascha Wildner.Fa "struct ieee80211_key *" 103*05ac2d0dSSascha Wildner.Fa "struct mbuf *" 104*05ac2d0dSSascha Wildner.Fa "int force" 105*05ac2d0dSSascha Wildner.Fc 106*05ac2d0dSSascha Wildner.\" 107*05ac2d0dSSascha Wildner.Ft int 108*05ac2d0dSSascha Wildner.Fo ieee80211_crypto_enmic 109*05ac2d0dSSascha Wildner.Fa "struct ieee80211vap *" 110*05ac2d0dSSascha Wildner.Fa "struct ieee80211_key *" 111*05ac2d0dSSascha Wildner.Fa "struct mbuf *" 112*05ac2d0dSSascha Wildner.Fa "int force" 1131102a27eSSascha Wildner.Fc 114ff66a890SHiten Pandya.Sh DESCRIPTION 115*05ac2d0dSSascha WildnerThe 116*05ac2d0dSSascha Wildner.Nm net80211 117*05ac2d0dSSascha Wildnerlayer includes comprehensive cryptographic support for 802.11 protocols. 118*05ac2d0dSSascha WildnerSoftware implementations of ciphers required by 119*05ac2d0dSSascha WildnerWPA and 802.11i are provided as well as encap/decap processing of 802.11 frames. 120*05ac2d0dSSascha WildnerSoftware ciphers are written as kernel modules and 121*05ac2d0dSSascha Wildnerregister with the core crypto support. 122*05ac2d0dSSascha WildnerThe cryptographic framework supports hardware acceleration of ciphers 123*05ac2d0dSSascha Wildnerby drivers with automatic fall-back to software implementations when a 124*05ac2d0dSSascha Wildnerdriver is unable to provide necessary hardware services. 125*05ac2d0dSSascha Wildner.Sh CRYPTO CIPHER MODULES 126*05ac2d0dSSascha Wildner.Nm net80211 127*05ac2d0dSSascha Wildnercipher modules register their services using 128*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_register 129*05ac2d0dSSascha Wildnerand supply a template that describes their operation. 130*05ac2d0dSSascha WildnerThis 131*05ac2d0dSSascha Wildner.Vt ieee80211_cipher 132*05ac2d0dSSascha Wildnerstructure defines protocol-related state such as the number of bytes 133*05ac2d0dSSascha Wildnerof space in the 802.11 header to reserve/remove during encap/decap 134*05ac2d0dSSascha Wildnerand entry points for setting up keys and doing cryptographic operations. 135ff66a890SHiten Pandya.Pp 136*05ac2d0dSSascha WildnerCipher modules can associate private state to each key through the 137*05ac2d0dSSascha Wildner.Vt wk_private 138*05ac2d0dSSascha Wildnerstructure member. 139*05ac2d0dSSascha WildnerIf state is setup by the module it will be called before a key is destroyed 140*05ac2d0dSSascha Wildnerso it can reclaim resources. 141*05ac2d0dSSascha Wildner.Pp 142*05ac2d0dSSascha WildnerCrypto modules can notify the system of two events. 143*05ac2d0dSSascha WildnerWhen a packet replay event is recognized 144*05ac2d0dSSascha Wildner.Fn ieee80211_notify_replay_failure 145*05ac2d0dSSascha Wildnercan be used to signal the event. 146*05ac2d0dSSascha WildnerWhen a 147*05ac2d0dSSascha Wildner.Dv TKIP 148*05ac2d0dSSascha WildnerMichael failure is detected 149*05ac2d0dSSascha Wildner.Fn ieee80211_notify_michael_failure 150*05ac2d0dSSascha Wildnercan be invoked. 151*05ac2d0dSSascha WildnerDrivers may also use these routines to signal events detected by the 152*05ac2d0dSSascha Wildnerhardware. 153*05ac2d0dSSascha Wildner.Sh CRYPTO KEY MANAGEMENT 154ff66a890SHiten PandyaThe 155*05ac2d0dSSascha Wildner.Nm net80211 156*05ac2d0dSSascha Wildnerlayer implements a per-vap 4-element 157*05ac2d0dSSascha Wildner.Dq global key table 158*05ac2d0dSSascha Wildnerand a per-station 159*05ac2d0dSSascha Wildner.Dq unicast key 160*05ac2d0dSSascha Wildnerfor protocols such as WPA, 802.1x, and 802.11i. 161*05ac2d0dSSascha WildnerThe global key table is designed to support legacy WEP operation 162*05ac2d0dSSascha Wildnerand Multicast/Group keys, 163*05ac2d0dSSascha Wildnerthough some applications also use it to implement WPA in station mode. 164*05ac2d0dSSascha WildnerKeys in the global table are identified by a key index in the range 0-3. 165*05ac2d0dSSascha WildnerPer-station keys are identified by the MAC address of the station and 166*05ac2d0dSSascha Wildnerare typically used for unicast PTK bindings. 167*05ac2d0dSSascha Wildner.Pp 168*05ac2d0dSSascha Wildner.Nm net80211 169*05ac2d0dSSascha Wildnerprovides 170*05ac2d0dSSascha Wildner.Xr ioctl 2 171*05ac2d0dSSascha Wildneroperations for managing both global and per-station keys. 172*05ac2d0dSSascha WildnerDrivers typically do not participate in software key management; 173*05ac2d0dSSascha Wildnerthey are involved only when providing hardware acceleration of 174*05ac2d0dSSascha Wildnercryptographic operations. 175*05ac2d0dSSascha Wildner.Pp 176*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_newkey 177*05ac2d0dSSascha Wildneris used to allocate a new 178*05ac2d0dSSascha Wildner.Nm net80211 179*05ac2d0dSSascha Wildnerkey or reconfigure an existing key. 180*05ac2d0dSSascha WildnerThe cipher must be specified along with any fixed key index. 181ff66a890SHiten PandyaThe 182*05ac2d0dSSascha Wildner.Nm net80211 183*05ac2d0dSSascha Wildnerlayer will handle allocating cipher and driver resources to support the key. 184*05ac2d0dSSascha Wildner.Pp 185*05ac2d0dSSascha WildnerOnce a key is allocated it's contents can be set using 186*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_setkey 187*05ac2d0dSSascha Wildnerand deleted with 188*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_delkey 189*05ac2d0dSSascha Wildner(with any cipher and driver resources reclaimed). 190*05ac2d0dSSascha Wildner.Pp 191*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_delglobalkeys 192*05ac2d0dSSascha Wildneris used to reclaim all keys in the global key table for a vap; it 193*05ac2d0dSSascha Wildnertypically is used only within the 194*05ac2d0dSSascha Wildner.Nm net80211 195*05ac2d0dSSascha Wildnerlayer. 196*05ac2d0dSSascha Wildner.Pp 197*05ac2d0dSSascha Wildner.Fn ieee80211_crypto_reload_keys 198*05ac2d0dSSascha Wildnerhandles hardware key state reloading from software key state, such 199*05ac2d0dSSascha Wildneras required after a suspend/resume cycle. 200*05ac2d0dSSascha Wildner.Sh DRIVER CRYPTO SUPPORT 201*05ac2d0dSSascha WildnerDrivers identify ciphers they have hardware support for through the 202*05ac2d0dSSascha Wildner.Vt ic_cryptocaps 203*05ac2d0dSSascha Wildnerfield of the 204*05ac2d0dSSascha Wildner.Vt ieee80211com 205*05ac2d0dSSascha Wildnerstructure. 206*05ac2d0dSSascha WildnerIf hardware support is available then a driver should also fill in the 207*05ac2d0dSSascha Wildner.Dv iv_key_alloc , 208*05ac2d0dSSascha Wildner.Dv iv_key_set , 209*05ac2d0dSSascha Wildnerand 210*05ac2d0dSSascha Wildner.Dv iv_key_delete 211*05ac2d0dSSascha Wildnermethods of each 212*05ac2d0dSSascha Wildner.Vt ieee80211vap 213*05ac2d0dSSascha Wildnercreated for use with the device. 214*05ac2d0dSSascha WildnerIn addition the methods 215*05ac2d0dSSascha Wildner.Dv iv_key_update_begin 216*05ac2d0dSSascha Wildnerand 217*05ac2d0dSSascha Wildner.Dv iv_key_update_end 218*05ac2d0dSSascha Wildnercan be setup to handle synchronization requirements 219*05ac2d0dSSascha Wildnerfor updating hardware key state. 220*05ac2d0dSSascha Wildner.Pp 221*05ac2d0dSSascha WildnerWhen 222*05ac2d0dSSascha Wildner.Nm net80211 223*05ac2d0dSSascha Wildnerallocates a software key and the driver can accelerate the 224*05ac2d0dSSascha Wildnercipher operations the 225*05ac2d0dSSascha Wildner.Dv iv_key_alloc 226*05ac2d0dSSascha Wildnermethod will be invoked. 227*05ac2d0dSSascha WildnerDrivers may return a token that is associated with outbound traffic 228*05ac2d0dSSascha Wildner(for use in encrypting frames). 229*05ac2d0dSSascha WildnerOtherwise, e.g. if hardware resources are not available, the driver will 230*05ac2d0dSSascha Wildnernot return a token and 231*05ac2d0dSSascha Wildner.Nm net80211 232*05ac2d0dSSascha Wildnerwill arrange to do the work in software and pass frames 233*05ac2d0dSSascha Wildnerto the driver that are already prepared for transmission. 234*05ac2d0dSSascha Wildner.Pp 235*05ac2d0dSSascha WildnerFor receive, drivers mark frames with the 236*05ac2d0dSSascha Wildner.Dv M_WEP 237*05ac2d0dSSascha Wildnermbuf flag to indicate the hardware has decrypted the payload. 238*05ac2d0dSSascha WildnerIf frames have the 239*05ac2d0dSSascha Wildner.Dv IEEE80211_FC1_WEP 240*05ac2d0dSSascha Wildnerbit marked in their 802.11 header and are not tagged with 241*05ac2d0dSSascha Wildner.Dv M_WEP 242*05ac2d0dSSascha Wildnerthen decryption is done in software. 243*05ac2d0dSSascha WildnerFor more complicated scenarios the software key state is consulted; e.g. 244*05ac2d0dSSascha Wildnerto decide if Michael verification needs to be done in software after 245*05ac2d0dSSascha Wildnerthe hardware has handled TKIP decryption. 246*05ac2d0dSSascha Wildner.Pp 247*05ac2d0dSSascha WildnerDrivers that manage complicated key data structures, e.g. faulting 248*05ac2d0dSSascha Wildnersoftware keys into a hardware key cache, can safely manipulate software 249*05ac2d0dSSascha Wildnerkey state by bracketing their work with calls to 250*05ac2d0dSSascha Wildner.Fn ieee80211_key_update_begin 251*05ac2d0dSSascha Wildnerand 252*05ac2d0dSSascha Wildner.Fn ieee80211_key_update_end . 253*05ac2d0dSSascha WildnerThese calls also synchronize hardware key state update 254*05ac2d0dSSascha Wildnerwhen receive traffic is active. 255ff66a890SHiten Pandya.Sh SEE ALSO 256ff66a890SHiten Pandya.Xr ieee80211 9 , 257*05ac2d0dSSascha Wildner.Xr ioctl 2 , 258*05ac2d0dSSascha Wildner.Xr wlan_ccmp 4 , 259*05ac2d0dSSascha Wildner.Xr wlan_tkip 4 , 260*05ac2d0dSSascha Wildner.Xr wlan_wep 4 261