diff --git a/sys/dev/ath/if_ath.c b/sys/dev/ath/if_ath.c --- a/sys/dev/ath/if_ath.c +++ b/sys/dev/ath/if_ath.c @@ -605,6 +605,7 @@ u_int wmodes; int rx_chainmask, tx_chainmask; HAL_OPS_CONFIG ah_config; + uint32_t cryptocaps; DPRINTF(sc, ATH_DEBUG_ANY, "%s: devid 0x%x\n", __func__, devid); @@ -927,23 +928,24 @@ /* * Query the hal to figure out h/w crypto support. */ + cryptocaps = 0; if (ath_hal_ciphersupported(ah, HAL_CIPHER_WEP)) - ic->ic_cryptocaps |= IEEE80211_CRYPTO_WEP; + cryptocaps |= IEEE80211_CRYPTO_WEP; if (ath_hal_ciphersupported(ah, HAL_CIPHER_AES_OCB)) - ic->ic_cryptocaps |= IEEE80211_CRYPTO_AES_OCB; + cryptocaps |= IEEE80211_CRYPTO_AES_OCB; if (ath_hal_ciphersupported(ah, HAL_CIPHER_AES_CCM)) - ic->ic_cryptocaps |= IEEE80211_CRYPTO_AES_CCM; + cryptocaps |= IEEE80211_CRYPTO_AES_CCM; if (ath_hal_ciphersupported(ah, HAL_CIPHER_CKIP)) - ic->ic_cryptocaps |= IEEE80211_CRYPTO_CKIP; + cryptocaps |= IEEE80211_CRYPTO_CKIP; if (ath_hal_ciphersupported(ah, HAL_CIPHER_TKIP)) { - ic->ic_cryptocaps |= IEEE80211_CRYPTO_TKIP; + cryptocaps |= IEEE80211_CRYPTO_TKIP; /* * Check if h/w does the MIC and/or whether the * separate key cache entries are required to * handle both tx+rx MIC keys. */ if (ath_hal_ciphersupported(ah, HAL_CIPHER_MIC)) - ic->ic_cryptocaps |= IEEE80211_CRYPTO_TKIPMIC; + cryptocaps |= IEEE80211_CRYPTO_TKIPMIC; /* * If the h/w supports storing tx+rx MIC keys * in one cache slot automatically enable use. @@ -959,6 +961,10 @@ if (ath_hal_haswmetkipmic(ah)) sc->sc_wmetkipmic = 1; } + + /* Hardware supported ciphers; including the TKIP MIC HW support */ + ieee80211_set_hardware_ciphers(ic, cryptocaps); + sc->sc_hasclrkey = ath_hal_ciphersupported(ah, HAL_CIPHER_CLR); /* * Check for multicast key search support. @@ -2563,6 +2569,14 @@ { struct ieee80211com *ic = &sc->sc_ic; + /* + * This is done at NIC init/reset based on the state of the device + * global WME enable flag as well as sc_wmetkipmic. It looks like + * this started being supported in later versions of the AR5212 HW. + * + * Thus, the TKIPMIC config depends if WME is enabled or disabled + * for NICs with sc_wmetkipmic == 0. + */ if ((ic->ic_cryptocaps & IEEE80211_CRYPTO_TKIP) && !sc->sc_wmetkipmic) { if (ic->ic_flags & IEEE80211_F_WME) { ath_hal_settkipmic(sc->sc_ah, AH_FALSE); diff --git a/sys/dev/iwn/if_iwn.c b/sys/dev/iwn/if_iwn.c --- a/sys/dev/iwn/if_iwn.c +++ b/sys/dev/iwn/if_iwn.c @@ -584,6 +584,9 @@ | IEEE80211_C_PMGT /* Station-side power mgmt */ ; + /* No hardware cipher support in this driver */ + ieee80211_set_hardware_ciphers(ic, 0); + /* Read MAC address, channels, etc from EEPROM. */ if ((error = iwn_read_eeprom(sc, ic->ic_macaddr)) != 0) { device_printf(dev, "could not read EEPROM, error %d\n", diff --git a/sys/dev/mwl/if_mwl.c b/sys/dev/mwl/if_mwl.c --- a/sys/dev/mwl/if_mwl.c +++ b/sys/dev/mwl/if_mwl.c @@ -440,11 +440,10 @@ * Mark h/w crypto support. * XXX no way to query h/w support. */ - ic->ic_cryptocaps |= IEEE80211_CRYPTO_WEP - | IEEE80211_CRYPTO_AES_CCM - | IEEE80211_CRYPTO_TKIP - | IEEE80211_CRYPTO_TKIPMIC - ; + ieee80211_set_hardware_ciphers(ic, IEEE80211_CRYPTO_WEP | + IEEE80211_CRYPTO_AES_CCM | IEEE80211_CRYPTO_TKIP | + IEEE80211_CRYPTO_TKIPMIC); + /* * Transmit requires space in the packet for a special * format transmit record and optional padding between diff --git a/sys/dev/rtwn/if_rtwn.c b/sys/dev/rtwn/if_rtwn.c --- a/sys/dev/rtwn/if_rtwn.c +++ b/sys/dev/rtwn/if_rtwn.c @@ -234,11 +234,18 @@ | IEEE80211_C_FF /* Atheros fast-frames */ ; + /* + * Note: rtwn supports all of the software ciphers + * net80211 supports, so a call to + * ieee80211_set_software_ciphers() is not needed. + */ + if (sc->sc_hwcrypto != RTWN_CRYPTO_SW) { - ic->ic_cryptocaps = + /* Hardware supported ciphers */ + ieee80211_set_hardware_ciphers(ic, IEEE80211_CRYPTO_WEP | IEEE80211_CRYPTO_TKIP | - IEEE80211_CRYPTO_AES_CCM; + IEEE80211_CRYPTO_AES_CCM); } ic->ic_htcaps = diff --git a/sys/dev/usb/wlan/if_rsu.c b/sys/dev/usb/wlan/if_rsu.c --- a/sys/dev/usb/wlan/if_rsu.c +++ b/sys/dev/usb/wlan/if_rsu.c @@ -552,10 +552,8 @@ IEEE80211_C_SHSLOT | /* Short slot time supported. */ IEEE80211_C_WPA; /* WPA/RSN. */ - ic->ic_cryptocaps = - IEEE80211_CRYPTO_WEP | - IEEE80211_CRYPTO_TKIP | - IEEE80211_CRYPTO_AES_CCM; + ieee80211_set_hardware_ciphers(ic, IEEE80211_CRYPTO_WEP | + IEEE80211_CRYPTO_TKIP | IEEE80211_CRYPTO_AES_CCM); /* Check if HT support is present. */ if (sc->sc_ht) { diff --git a/sys/dev/usb/wlan/if_rum.c b/sys/dev/usb/wlan/if_rum.c --- a/sys/dev/usb/wlan/if_rum.c +++ b/sys/dev/usb/wlan/if_rum.c @@ -546,11 +546,9 @@ | IEEE80211_C_SWSLEEP /* net80211 managed power mgmt */ ; - ic->ic_cryptocaps = - IEEE80211_CRYPTO_WEP | - IEEE80211_CRYPTO_AES_CCM | - IEEE80211_CRYPTO_TKIPMIC | - IEEE80211_CRYPTO_TKIP; + ieee80211_set_hardware_ciphers(ic, IEEE80211_CRYPTO_WEP | + IEEE80211_CRYPTO_AES_CCM | IEEE80211_CRYPTO_TKIPMIC | + IEEE80211_CRYPTO_TKIP); rum_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans, ic->ic_channels); diff --git a/sys/dev/usb/wlan/if_run.c b/sys/dev/usb/wlan/if_run.c --- a/sys/dev/usb/wlan/if_run.c +++ b/sys/dev/usb/wlan/if_run.c @@ -874,11 +874,9 @@ ic->ic_txstream = sc->ntxchains; } - ic->ic_cryptocaps = - IEEE80211_CRYPTO_WEP | - IEEE80211_CRYPTO_AES_CCM | - IEEE80211_CRYPTO_TKIPMIC | - IEEE80211_CRYPTO_TKIP; + ieee80211_set_hardware_ciphers(ic, IEEE80211_CRYPTO_WEP | + IEEE80211_CRYPTO_AES_CCM | IEEE80211_CRYPTO_TKIPMIC | + IEEE80211_CRYPTO_TKIP); ic->ic_flags |= IEEE80211_F_DATAPAD; ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS; diff --git a/sys/dev/wpi/if_wpi.c b/sys/dev/wpi/if_wpi.c --- a/sys/dev/wpi/if_wpi.c +++ b/sys/dev/wpi/if_wpi.c @@ -468,8 +468,7 @@ | IEEE80211_C_PMGT /* Station-side power mgmt */ ; - ic->ic_cryptocaps = - IEEE80211_CRYPTO_AES_CCM; + ieee80211_set_hardware_ciphers(ic, IEEE80211_CRYPTO_AES_CCM); /* * Read in the eeprom and also setup the channels for