Page MenuHomeFreeBSD

net80211: allow to override SWCRYPT/SWMIC bits in the driver
ClosedPublic

Authored by avos on Sep 15 2016, 9:45 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 27 2023, 5:40 PM
Unknown Object (File)
Dec 27 2023, 5:11 PM
Unknown Object (File)
Dec 20 2023, 12:48 AM
Unknown Object (File)
Nov 9 2023, 10:43 PM
Unknown Object (File)
Oct 8 2023, 9:39 PM
Unknown Object (File)
Sep 14 2023, 11:05 AM
Unknown Object (File)
Aug 27 2023, 4:23 AM
Unknown Object (File)
Aug 8 2023, 1:24 AM
Subscribers

Details

Summary

Add IEEE80211_KEY_SWCRYPT / IEEE80211_KEY_SWMIC bits to the IEEE80211_KEY_DEVICE mask - as a result, such bits will be preserved during group key handshake.
A driver can set them in iv_key_alloc() in case when hardware crypto support is not possible. For example:

  • multi-vap without multicast key search support;
  • IBSS RSN for devices w/ fixed storage for group keys;
Test Plan

wlan2 -> AP (sw crypto), wlan3 -> STA (group - sw, pair - hw)

wlan3: link state changed to UP
wlan3: ieee80211_crypto_newkey: cipher 3 flags 0x3 keyix 65535
wlan3: ieee80211_crypto_setkey: AES-CCM keyix 0 flags 0x103 mac c4:e9:84:01:02:03 rsc 0 tsc 0 len 16
wlan3: ieee80211_crypto_newkey: cipher 3 flags 0x6 keyix 2
wlan2: ieee80211_crypto_newkey: cipher 3 flags 0x3 keyix 65535
wlan2: wlan3: ieee80211_crypto_newkey: no h/w support for cipher AES-CCM, falling back to s/w
wlan2: ieee80211_crypto_setkey: AES-CCM keyix 0 flags 0x133 mac 6c:72:20:01:02:03 rsc 0 tsc 0 len 16
ieee80211_crypto_newkey: driver override for cipher AES-CCM, flags 0x3 -> 0x36
wlan3: ieee80211_crypto_setkey: AES-CCM keyix 2 flags 0x136 mac ff:ff:ff:ff:ff:ff rsc 4 tsc 0 len 16
wlan3: ieee80211_crypto_newkey: cipher 3 flags 0x6 keyix 1
wlan3: ieee80211_crypto_newkey: driver override for cipher AES-CCM, flags 0x3 -> 0x36
wlan3: ieee80211_crypto_setkey: AES-CCM keyix 1 flags 0x136 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16
wlan2: ieee80211_crypto_newkey: cipher 3 flags 0x87 keyix 1
wlan2: ieee80211_crypto_newkey: no h/w support for cipher AES-CCM, falling back to s/w
wlan2: ieee80211_crypto_setkey: AES-CCM keyix 1 flags 0x137 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16
wlan3: ieee80211_crypto_newkey: cipher 3 flags 0x6 keyix 2
wlan3: ieee80211_crypto_setkey: AES-CCM keyix 2 flags 0x136 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16
wlan2: ieee80211_crypto_newkey: cipher 3 flags 0x87 keyix 2
wlan2: ieee80211_crypto_newkey: no h/w support for cipher AES-CCM, falling back to s/w
wlan2: ieee80211_crypto_setkey: AES-CCM keyix 2 flags 0x137 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16
wlan3: ieee80211_crypto_newkey: cipher 3 flags 0x6 keyix 1
wlan3: ieee80211_crypto_setkey: AES-CCM keyix 1 flags 0x136 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16
wlan2: ieee80211_crypto_newkey: cipher 3 flags 0x87 keyix 1
wlan2: ieee80211_crypto_newkey: no h/w support for cipher AES-CCM, falling back to s/w
wlan2: ieee80211_crypto_setkey: AES-CCM keyix 1 flags 0x137 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16
wlan3: ieee80211_crypto_newkey: cipher 3 flags 0x6 keyix 2
wlan3: ieee80211_crypto_setkey: AES-CCM keyix 2 flags 0x136 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16
wlan2: ieee80211_crypto_newkey: cipher 3 flags 0x87 keyix 2
wlan2: ieee80211_crypto_newkey: no h/w support for cipher AES-CCM, falling back to s/w
wlan2: ieee80211_crypto_setkey: AES-CCM keyix 2 flags 0x137 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16
wlan3: ieee80211_crypto_newkey: cipher 3 flags 0x6 keyix 1
wlan3: ieee80211_crypto_setkey: AES-CCM keyix 1 flags 0x136 mac ff:ff:ff:ff:ff:ff rsc 0 tsc 0 len 16 << SWCRYPT bits are preserved (0x30)

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

avos retitled this revision from to net80211: allow to override SWCRYPT/SWMIC bits in the driver.
avos updated this object.
avos edited the test plan for this revision. (Show Details)
avos added a reviewer: adrian.
avos set the repository for this revision to rS FreeBSD src repository - subversion.
avos edited the test plan for this revision. (Show Details)

hm, interesting! So this means the driver can run out of hardware keycache slots and we still would do the right thing in software?

(With driver changes, of course, so there is a fallback key for "don't decrypt" if necessary?)

Probably, yes (e.g., 88EU supports 64 MAC ID slots but has only 32 key slots; 12AU/21AU - 128 MAC ID slots, 64 key slots)

P.S. Yes, this is pretty device-dependent (e.g., (u)rtwn shouldn't decrypt a frame, when 'crypto algo + mac addr' combination was not found (with default SECCFG setup)).

adrian edited edge metadata.

ok I like this!

We should later on add the ability to swap hardware/software keys around in the hardware so we can support lots of stations in hostap mode and only populate crypto keys for the most traffic-heavy users.

This revision is now accepted and ready to land.Sep 15 2016, 10:15 PM
This revision was automatically updated to reflect the committed changes.