net80211: create accessors for accessing the ieee80211_key key/mic data
Needs RevisionPublic
Actions

Authored by adrian on Sep 24 2025, 3:35 PM.

Details

Reviewers

thj
bz

Group Reviewers

wireless

Summary

Add some accessors to the key data, key length and MIC data.
Document exactly what these mean.

There's at least a couple of drivers that access the key data field
directly and assume that the TX/RX MIC is available directly after the
data pointer, which bakes in the "key size is 128 bits" in subtle ways.

The goal here is to migrate the drivers and net80211 code to use
these methods rather than accessing wk_key directly and making assumptions
about wk_key and the copied key length (which the ioctl path definitely
does.)

Once that's done, it should be a lot easier to change the key API for
larger keys.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 67281
Build 64164: arc lint + arc unit

Event Timeline

adrian created this revision.Sep 24 2025, 3:35 PM

Herald added subscribers: glebius, melifaro, imp. · View Herald TranscriptSep 24 2025, 3:35 PM

adrian requested review of this revision.Sep 24 2025, 3:35 PM

Harbormaster completed remote builds in B67281: Diff 162743.Sep 24 2025, 3:35 PM

adrian added a parent revision: D52664: iwm: assign sequence numbers even if we ask the firmware to override.Sep 24 2025, 3:36 PM

adrian added a reviewer: wireless.

adrian added a project: wireless.

adrian added a child revision: D52712: rtwn: migrate to new ieee80211 key data accessors.Sep 24 2025, 3:43 PM

thj accepted this revision.Sep 30 2025, 10:22 AM

This revision is now accepted and ready to land.Sep 30 2025, 10:22 AM

bz requested changes to this revision.Oct 4 2025, 3:32 PM

bz added a subscriber: bz.

bz added inline comments.

sys/net80211/ieee80211_crypto.h
312	Just commenting on the first entry. So should this happen only during a iv_key_update_begin/end session, and if so should we make sure we can assert this?

This revision now requires changes to proceed.Oct 4 2025, 3:32 PM

adrian added inline comments.Sun, Oct 12, 3:27 AM

sys/net80211/ieee80211_crypto.h
312	no, this happens during transmit/receive handling. only key alloc / key set happens inside the key update begin/end session. That said, those should likely get some kind of runtime checks and printing warnings / assertions if they are called outside of it.

bz added inline comments.Sun, Oct 12, 8:52 AM

sys/net80211/ieee80211_crypto.h
312	Oh, sorry, with full offloading key access is only needed during key operations. My fault. But then your comment isn't all right either as it would require holding the com lock for the keys to not disappear and most transmit routines probably do not want that?

emaste added a subscriber: emaste.Tue, Oct 14, 4:42 PM

adrian added inline comments.Mon, Oct 20, 5:22 AM

sys/net80211/ieee80211_crypto.h
312	Well, yeah, there are a lot of assumptions in net80211 when the rug can be pulled out from underneath various parallel things. A lot of things weren't once runnable in parallelable contexts! The key rug pull is one of the big reasons why there aren't dynamic keys allocated; in theory as long as the node / vap exists, the key pointers will point to something valid, even if the contents are changed from underneath them. So yeah, we should definitely add "clean up key management locking / sequencing with transmit and receive paths", but that's not part of this diff set! (And it gets spicy, because do you REALLY want to halt all traffic during key changes? Sometimes the answer is yes, sometimes the answer is no..)
312	hm, but re-reading my comment, I'll go turn it into more of a warning and explain things a bit. Stay tuned!

Revision Contents
Changeset List

Path

Size

sys/

net80211/

ieee80211_crypto.h

105 lines

Diff 162743

View Options

sys/net80211/ieee80211_crypto.h

net80211: create accessors for accessing the ieee80211_key key/mic dataNeeds RevisionPublicActions