Page MenuHomeFreeBSD
Differential D52523

iwx: migrate to using net80211 crypto key methods
ClosedPublic
Actions

Authored by adrian on Sep 14 2025, 6:45 PM.
Tags
Referenced Files
Unknown Object (File)
Tue, Nov 18, 10:31 PM
Unknown Object (File)
Sun, Nov 2, 2:46 AM
Unknown Object (File)
Thu, Oct 30, 2:09 PM
Unknown Object (File)
Oct 23 2025, 3:46 AM
Unknown Object (File)
Oct 22 2025, 11:52 AM
Unknown Object (File)
Oct 22 2025, 3:21 AM
Unknown Object (File)
Oct 18 2025, 5:56 PM
Unknown Object (File)
Oct 12 2025, 10:50 PM
View All 26 Files
Subscribers
bz
imp

Details

Reviewers
bz
Group Reviewers
wireless
Commits
rGc5f7cb19f527: iwx: migrate to using net80211 crypto key methods
Summary

In preparation for further MFP key work, migrate iwx away from using
IEEE80211_KEY_GROUP and pointer arithmetic. This is a hold over from
ye olde days.

Locally tested:

  • (STA mode, CCMP/CCMP network)
  • iwx0: <Wi-Fi 6 AX210> mem 0x84c00000-0x84c03fff at device 0.0 on pci4

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

adrian created this revision.Sep 14 2025, 6:45 PM
Herald added a subscriber: imp. · View Herald TranscriptSep 14 2025, 6:45 PM
adrian requested review of this revision.Sep 14 2025, 6:45 PM
Harbormaster completed remote builds in B67013: Diff 162000.Sep 14 2025, 6:45 PM
adrian added a parent revision: D52302: [net80211] clean up M_SEQNO_SET and M_SEQNO_GET() to always limit to the sequence number range.Sep 14 2025, 6:46 PM
adrian added a reviewer: wireless.
adrian added a project: wireless.
bz requested changes to this revision.Sep 14 2025, 7:30 PM
bz added a subscriber: bz.

Logic seems fine to me.

The details are probably worth doing to avoid further copy and paste ...

sys/dev/iwx/if_iwx.c
10951

If you use net80211_vap_printf() you neither need ic or sc and we are not using device_printf in a wireless driver anymore directly (bonus point)

10953

return (0)

10988

Here too.

10989

Here () too.

11005

Here too.

11007

Here () too

This revision now requires changes to proceed.Sep 14 2025, 7:30 PM
adrian added inline comments.Sep 14 2025, 7:33 PM
sys/dev/iwx/if_iwx.c
10951

If you use net80211_vap_printf() you neither need ic or sc and we are not using device_printf in a wireless driver anymore directly (bonus point)

Yeah, i really should use those routines I added. :-)

Bonus points is a subsequent commit to convert the rest of device_printf() here to ic_printf / vap_printf where appropriate.

adrian added a child revision: D52524: iwx: add some missed beacon debugging.Sep 14 2025, 7:38 PM
adrian updated this revision to Diff 162021.Sep 14 2025, 10:34 PM

updates from bz

Harbormaster completed remote builds in B67020: Diff 162021.Sep 14 2025, 10:34 PM
bz requested changes to this revision.Sep 15 2025, 3:30 PM

Sorry, nothing new from you but the original driver already seems to have gotten the return code wrong; can you please double-check?

sys/dev/iwx/if_iwx.c
10970

Can/MUST this even happen? Are we not checking the announced suites anywhere upfront in net80211? I know this was promised but did it happen?
iwx only sets:

ic->ic_cryptocaps |= IEEE80211_CRYPTO_AES_CCM;

for (*iv_key_set) [ieee80211_crypto_setkey]:
0 means error; != 0 means OK according to ieee80211_ioctl.c (no one else checks the return code it seems)

I think all errors in this function are wrong. Question is "what should be an error"?

11038

Are we leaking keys here always telling net80211 we deleted it? XXX-TODO?

This revision now requires changes to proceed.Sep 15 2025, 3:30 PM
adrian added inline comments.Sep 16 2025, 5:13 AM
sys/dev/iwx/if_iwx.c
10970

cryptocaps just says "what we support in hardware", remember. That's why I added the methods to make it clearer what's supported in hardware and in software.

net80211 expects all NICs to support WEP, TKIP, AES-CCM-128 in software unless you explicitly set the software cryptocaps via the calls I added earlier in the year.

As for the errors - yeah, I don't like it at all either; and I'm currently working on adding comments to net80211 key lookup / type routines so it's clearer what the API is and what the driver expectations are.

(The more I poke at cleaning up the crypto / cipher management stuff as part of MFP, the more I find gems like these hiding away :-) )

adrian added inline comments.Sep 21 2025, 4:58 AM
sys/dev/iwx/if_iwx.c
11038

oh god this would be hilarious wouldn't it

adrian marked 2 inline comments as done.Sep 21 2025, 4:59 AM
adrian added a comment.Oct 12 2025, 3:29 AM

ok, I'd like to land this and then follow it up with some more iwx cleanups. Thanks for pointing them out though, I'm not shocked that the original upstream code was messy with key management too. ;-)

(This is why I'm trying to document the net80211 stuff, so we can better reason about all of this and then fix drivers as needed!)

bz added a comment.Oct 12 2025, 8:55 AM
In D52523#1211903, @adrian wrote:

ok, I'd like to land this and then follow it up with some more iwx cleanups. Thanks for pointing them out though, I'm not shocked that the original upstream code was messy with key management too. ;-)

Well then fix the error returns.

adrian marked 3 inline comments as done.Tue, Nov 11, 3:34 AM
This revision was not accepted when it landed; it landed in state Needs Revision.Tue, Nov 11, 4:07 PM
Closed by commit rGc5f7cb19f527: iwx: migrate to using net80211 crypto key methods (authored by adrian). · Explain Why
This revision was automatically updated to reflect the committed changes.
adrian added a commit: rGc5f7cb19f527: iwx: migrate to using net80211 crypto key methods.

Revision Contents
Changeset List

PathSize
sys/
dev/
iwx/
48 lines

Diff 166244

View Options

sys/dev/iwx/if_iwx.c

Loading...