61  * Default "null" key management routines.
70 		 * Not in the global key table, the driver should handle this
71 		 * by allocating a slot in the h/w key table/cache.  In
72 		 * lieu of that return key slot 0 for any unicast key
73 		 * request.  We disallow the request if this is a group key.
75 		 * with a 4 key table.  It also handles devices that pass
77 		 * and key index 0.
81 		*keyix = 0;	/* NB: use key index 0 for ucast key */
104 cipher_detach(struct ieee80211_key *key)
106 	key->wk_cipher->ic_detach(key);
110 cipher_attach(struct ieee80211vap *vap, struct ieee80211_key *key)
112 	return key->wk_cipher->ic_attach(vap, key);
116  * Wrappers for driver key management methods.
120 	struct ieee80211_key *key,
123 	return vap->iv_key_alloc(vap, key, keyix, rxkeyix);
128 	const struct ieee80211_key *key)
130 	return vap->iv_key_delete(vap, key);
134 dev_key_set(struct ieee80211vap *vap, const struct ieee80211_key *key)
136 	return vap->iv_key_set(vap, key);
172 	 * Initialize the driver key support routines to noop entries.
252  * Establish a relationship between the specified key and cipher
254  * Note that when a fixed key index is required it must be specified.
256  * This must be the first call applied to a key; all the other key
265 	int cipher, int flags, struct ieee80211_key *key)
275 	    __func__, cipher, flags, key->wk_keyix);
313 	oflags = key->wk_flags;
329 	 * combination; we handle it by flagging each key,
341 	 * Bind cipher to key instance.  Note we do this
346 	if (key->wk_cipher != cip || key->wk_flags != flags) {
353 		key->wk_flags = flags;
354 		keyctx = cip->ic_attach(vap, key);
359 			key->wk_flags = oflags;	/* restore old flags */
363 		cipher_detach(key);
364 		key->wk_cipher = cip;		/* XXX refcnt? */
365 		key->wk_private = keyctx;
369 	 * Ask the driver for a key index if we don't have one.
370 	 * Note that entries in the global key table always have
374 	 * crypto we also call the driver to give us a key index.
376 	if ((key->wk_flags & IEEE80211_KEY_DEVKEY) == 0) {
377 		if (!dev_key_alloc(vap, key, &keyix, &rxkeyix)) {
387 		if (key->wk_flags != flags) {
390 			 * resources were unavailable to handle _this_ key.
397 			    oflags, key->wk_flags);
398 			keyctx = cip->ic_attach(vap, key);
403 				    key->wk_flags);
404 				key->wk_flags = oflags;	/* restore old flags */
408 			cipher_detach(key);
409 			key->wk_cipher = cip;		/* XXX refcnt? */
410 			key->wk_private = keyctx;
412 		key->wk_keyix = keyix;
413 		key->wk_rxkeyix = rxkeyix;
414 		key->wk_flags |= IEEE80211_KEY_DEVKEY;
420  * Remove the key (no locking, for internal use).
423 _ieee80211_crypto_delkey(struct ieee80211vap *vap, struct ieee80211_key *key)
425 	KASSERT(key->wk_cipher != NULL, ("No cipher!"));
429 	    __func__, key->wk_cipher->ic_name,
430 	    key->wk_keyix, key->wk_flags,
431 	    key->wk_keyrsc[IEEE80211_NONQOS_TID], key->wk_keytsc,
432 	    key->wk_keylen);
434 	if (key->wk_flags & IEEE80211_KEY_DEVKEY) {
438 		/* XXX key cache */
439 		if (!dev_key_delete(vap, key)) {
441 			    "%s: driver did not delete key index %u\n",
442 			    __func__, key->wk_keyix);
447 	cipher_detach(key);
448 	memset(key, 0, sizeof(*key));
449 	ieee80211_crypto_resetkey(vap, key, IEEE80211_KEYIX_NONE);
454  * Remove the specified key.
457 ieee80211_crypto_delkey(struct ieee80211vap *vap, struct ieee80211_key *key)
462 	status = _ieee80211_crypto_delkey(vap, key);
468  * Clear the global key table.
482  * Set the contents of the specified key.
489 ieee80211_crypto_setkey(struct ieee80211vap *vap, struct ieee80211_key *key)
491 	const struct ieee80211_cipher *cip = key->wk_cipher;
497 	    __func__, cip->ic_name, key->wk_keyix,
498 	    key->wk_flags, ether_sprintf(key->wk_macaddr),
499 	    key->wk_keyrsc[IEEE80211_NONQOS_TID], key->wk_keytsc,
500 	    key->wk_keylen);
502 	if ((key->wk_flags & IEEE80211_KEY_DEVKEY)  == 0) {
505 		    "%s: no device key setup done; should not happen!\n",
511 	 * Give cipher a chance to validate key contents.
514 	if (!cip->ic_setkey(key)) {
516 		    "%s: cipher %s rejected key index %u len %u flags 0x%x\n",
517 		    __func__, cip->ic_name, key->wk_keyix,
518 		    key->wk_keylen, key->wk_flags);
522 	return dev_key_set(vap, key);
526  * Return index if the key is a WEP key (0..3); -1 otherwise.
543  * Note: only supports a single unicast key (0).
562 	 * Multicast traffic always uses the multicast key.
563 	 * Otherwise if a unicast key is set we use that and
564 	 * it is always key index 0.  When no unicast key is
565 	 * set we fall back to the default transmit key.
573 			    "no default transmit key (%s) deftxkey %u",
585  * Add privacy headers appropriate for the specified key.
607     struct ieee80211_key **key)
622 	 * If the IV is stripped then we definitely can't find a key.
623 	 * Set the key to NULL but return true; upper layers
624 	 * will need to handle a NULL key for a successful
632 			 * We can't find a key with a stripped IV.
635 			*key = NULL;
646 		*key = NULL;
651 	 * Locate the key. If unicast and there is no unicast
652 	 * key then we fall back to the key id in the header.
654 	 * the key id in the header is meaningless (typically 0).
674 		*key = NULL;
681 	 * If we fail then don't return the key - return NULL
686 		*key = k;
691 	*key = NULL;
721 			 * modules to handle a NULL key and not to dereference
732 			 * We may not have a key, so for now just
740 	 * If we don't have a key at this point then we don't
775 	 * Keys in the global key table of each vap.
794  * Set the default key index for WEP, or KEYIX_NONE for no default TX key.
796  * This should be done as part of a key update block (iv_key_update_begin /
803 	/* XXX TODO: assert we're in a key update block */

Indexes created Wed May 22 12:01:17 MDT 2024