diff options
author | sam <sam@FreeBSD.org> | 2005-08-08 18:46:36 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2005-08-08 18:46:36 +0000 |
commit | 3215a6e2e355a587ea6894414dc9be4c5be53ed7 (patch) | |
tree | ed729f045abe33483bb3fe489170d02ea0e58949 /sys/net80211/ieee80211_crypto.c | |
parent | 6781db2c4550334757704709dad71b40180a012c (diff) | |
download | FreeBSD-src-3215a6e2e355a587ea6894414dc9be4c5be53ed7.zip FreeBSD-src-3215a6e2e355a587ea6894414dc9be4c5be53ed7.tar.gz |
Split crypto tx+rx key indices and add a key index -> node mapping table:
Crypto changes:
o change driver/net80211 key_alloc api to return tx+rx key indices; a
driver can leave the rx key index set to IEEE80211_KEYIX_NONE or set
it to be the same as the tx key index (the former disables use of
the key index in building the keyix->node mapping table and is the
default setup for naive drivers by null_key_alloc)
o add cs_max_keyid to crypto state to specify the max h/w key index a
driver will return; this is used to allocate the key index mapping
table and to bounds check table loookups
o while here introduce ieee80211_keyix (finally) for the type of a h/w
key index
o change crypto notifiers for rx failures to pass the rx key index up
as appropriate (michael failure, replay, etc.)
Node table changes:
o optionally allocate a h/w key index to node mapping table for the
station table using the max key index setting supplied by drivers
(note the scan table does not get a map)
o defer node table allocation to lateattach so the driver has a chance
to set the max key id to size the key index map
o while here also defer the aid bitmap allocation
o add new ieee80211_find_rxnode_withkey api to find a sta/node entry
on frame receive with an optional h/w key index to use in checking
mapping table; also updates the map if it does a hash lookup and the
found node has a rx key index set in the unicast key; note this work
is separated from the old ieee80211_find_rxnode call so drivers do
not need to be aware of the new mechanism
o move some node table manipulation under the node table lock to close
a race on node delete
o add ieee80211_node_delucastkey to do the dirty work of deleting
unicast key state for a node (deletes any key and handles key map
references)
Ath driver:
o nuke private sc_keyixmap mechansim in favor of net80211 support
o update key alloc api
These changes close several race conditions for the ath driver operating
in ap mode. Other drivers should see no change. Station mode operation
for ath no longer uses the key index map but performance tests show no
noticeable change and this will be fixed when the scan table is eliminated
with the new scanning support.
Tested by: Michal Mertl, avatar, others
Reviewed by: avatar, others
MFC after: 2 weeks
Diffstat (limited to 'sys/net80211/ieee80211_crypto.c')
-rw-r--r-- | sys/net80211/ieee80211_crypto.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 1771ea1..e9ce135 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -59,7 +59,8 @@ static int _ieee80211_crypto_delkey(struct ieee80211com *, * Default "null" key management routines. */ static int -null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k) +null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k, + ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) { if (!(&ic->ic_nw_keys[0] <= k && k < &ic->ic_nw_keys[IEEE80211_WEP_NKID])) { @@ -73,12 +74,14 @@ null_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k) * packets through untouched when marked with the WEP bit * and key index 0. */ - if ((k->wk_flags & IEEE80211_KEY_GROUP) == 0) - return 0; /* NB: use key index 0 for ucast key */ - else - return IEEE80211_KEYIX_NONE; + if (k->wk_flags & IEEE80211_KEY_GROUP) + return 0; + *keyix = 0; /* NB: use key index 0 for ucast key */ + } else { + *keyix = k - ic->ic_nw_keys; } - return k - ic->ic_nw_keys; + *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ + return 1; } static int null_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k) @@ -113,9 +116,10 @@ cipher_attach(struct ieee80211com *ic, struct ieee80211_key *key) */ static __inline int dev_key_alloc(struct ieee80211com *ic, - const struct ieee80211_key *key) + const struct ieee80211_key *key, + ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) { - return ic->ic_crypto.cs_key_alloc(ic, key); + return ic->ic_crypto.cs_key_alloc(ic, key, keyix, rxkeyix); } static __inline int @@ -143,6 +147,7 @@ ieee80211_crypto_attach(struct ieee80211com *ic) /* NB: we assume everything is pre-zero'd */ cs->cs_def_txkey = IEEE80211_KEYIX_NONE; + cs->cs_max_keyix = IEEE80211_WEP_NKID; ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none; for (i = 0; i < IEEE80211_WEP_NKID; i++) ieee80211_crypto_resetkey(ic, &cs->cs_nw_keys[i], @@ -241,6 +246,7 @@ ieee80211_crypto_newkey(struct ieee80211com *ic, { #define N(a) (sizeof(a) / sizeof(a[0])) const struct ieee80211_cipher *cip; + ieee80211_keyix keyix, rxkeyix; void *keyctx; int oflags; @@ -354,8 +360,7 @@ again: * crypto we also call the driver to give us a key index. */ if (key->wk_keyix == IEEE80211_KEYIX_NONE) { - key->wk_keyix = dev_key_alloc(ic, key); - if (key->wk_keyix == IEEE80211_KEYIX_NONE) { + if (!dev_key_alloc(ic, key, &keyix, &rxkeyix)) { /* * Driver has no room; fallback to doing crypto * in the host. We change the flags and start the @@ -382,6 +387,8 @@ again: __func__, cip->ic_name); return 0; } + key->wk_keyix = keyix; + key->wk_rxkeyix = rxkeyix; } return 1; #undef N @@ -393,7 +400,7 @@ again: static int _ieee80211_crypto_delkey(struct ieee80211com *ic, struct ieee80211_key *key) { - u_int16_t keyix; + ieee80211_keyix keyix; KASSERT(key->wk_cipher != NULL, ("No cipher!")); |