Page MenuHomeFreeBSD
Differential D49419 Diff 152442 sys/net80211/ieee80211_crypto.h

Changeset View

Standalone View

View Options

sys/net80211/ieee80211_crypto.h

Show All 25 Lines
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#ifndef _NET80211_IEEE80211_CRYPTO_H_ #ifndef _NET80211_IEEE80211_CRYPTO_H_
#define _NET80211_IEEE80211_CRYPTO_H_ #define _NET80211_IEEE80211_CRYPTO_H_
/* /*
* 802.11 protocol crypto-related definitions. * 802.11 protocol crypto-related definitions.
*/ */
#define IEEE80211_KEYBUF_SIZE 16 #define IEEE80211_KEYBUF_SIZE 48 /* 384 bits */
bzUnsubmitted
Not Done
Inline Actions

We really need to bump this to much further. Just because. I mean 512 bits is kind-of the lowest limit to go for.

bz: We really need to bump this to much further. Just because. I mean 512 bits is kind-of the…
adrianAuthorUnsubmitted
Done
Inline Actions

I agree.

I think it's only 384 bits in 802.11-2020 but honestly if we're gonna bump it, it should be bigger and/or handle varying key sizes already.

adrian: I agree. I think it's only 384 bits in 802.11-2020 but honestly if we're gonna bump it, it…
#define IEEE80211_MICBUF_SIZE (8+8) /* space for both tx+rx keys */ #define IEEE80211_MICBUF_SIZE (8+8) /* space for both tx+rx keys */
/* /*
* Old WEP-style key. Deprecated. * Old WEP-style key. Deprecated.
*/ */
struct ieee80211_wepkey { struct ieee80211_wepkey {
u_int wk_len; /* key length in bytes */ u_int wk_len; /* key length in bytes */
uint8_t wk_key[IEEE80211_KEYBUF_SIZE]; uint8_t wk_key[IEEE80211_KEYBUF_SIZE];
▲ Show 20 LinesShow All 48 Lines▼ Show 20 Lines
#define IEEE80211_KEY_NOIVMGT 0x00008000 /* don't insert IV/MIC for mgmt */ #define IEEE80211_KEY_NOIVMGT 0x00008000 /* don't insert IV/MIC for mgmt */
#define IEEE80211_KEY_NOMIC 0x00010000 /* don't insert MIC for !mgmt */ #define IEEE80211_KEY_NOMIC 0x00010000 /* don't insert MIC for !mgmt */
#define IEEE80211_KEY_NOMICMGT 0x00020000 /* don't insert MIC for mgmt */ #define IEEE80211_KEY_NOMICMGT 0x00020000 /* don't insert MIC for mgmt */
ieee80211_keyix wk_keyix; /* h/w key index */ ieee80211_keyix wk_keyix; /* h/w key index */
ieee80211_keyix wk_rxkeyix; /* optional h/w rx key index */ ieee80211_keyix wk_rxkeyix; /* optional h/w rx key index */
uint8_t wk_key[IEEE80211_KEYBUF_SIZE+IEEE80211_MICBUF_SIZE]; uint8_t wk_key[IEEE80211_KEYBUF_SIZE+IEEE80211_MICBUF_SIZE];
#define wk_txmic wk_key+IEEE80211_KEYBUF_SIZE+0 /* XXX can't () right */ #define wk_txmic wk_key+IEEE80211_KEYBUF_SIZE+0 /* XXX can't () right */
#define wk_rxmic wk_key+IEEE80211_KEYBUF_SIZE+8 /* XXX can't () right */ #define wk_rxmic wk_key+IEEE80211_KEYBUF_SIZE+8 /* XXX can't () right */
bzUnsubmitted
Not Done
Inline Actions

I think your solution is too complicated but I need to go and see if wpa_supplicant does the same silly logic or not. You just need to fix the macros here ideally.

wpa_supplicant still should only set keylen to 16 for TKIP immediately followed by the 2*8 for the MIC.
Unless this bit in ieee80211_ioctl.c silently fixes this?

if (wk->wk_keylen > IEEE80211_KEYBUF_SIZE)
        wk->wk_keylen = IEEE80211_KEYBUF_SIZE;

I guess it does by the comment before and the copyout code for the other direction, but that sounds ill-coded and this will definitively start failing; that should really be an error.

The 2*8 so to say should fly blind.
I think we could even transparently fix this in driver_bsd and the net80211 ioctl handler without breaking any combination.

Was a lot of confusion to figure this out as in LinuxKPI the two offsets had been misplaced (who knows when and why) into a TDLS enum so so were off. Finding that was fun. But in the end the format was the same as on FreeBSD (also TX before RX if I remember correctly from a few days ago) but I still coded it in a way that things could change.

I guess what it really means: auditing all IEEE80211_KEYBUF_SIZE uses.
Doesn't seem too hard for the intr-bits.
rum(4) needs to used the macros above and then it's the ioctl. That seems all. Sounds fair. Why do we not add to the ioctl chaos btw and simply duplicate the ioctl with minimal changes?

Also we should probably fix wpi, rum, rsu, ral, amlo, iwi and ipw (and ifconfig) to stop using IEEE80211_KEYBUF_SIZE as storage for whatever.
Gosh I hate how often we "imported" rewritten Linux (driver) code from OtherBSD. All the same yet all slightly different.

wpi will also fail. At least for wpi_cmd_data
rum will totally fail (KEY_SIZE)
rsu goes into the same problem catgegory as wpi as well; embedded into structs to FW
ral has it also embeedded into rx/tx descriptors
malo could possibly be fine not using struct malo_cmd_wepkey?
iwi has it in the TX descr, and iwi_setwepkeys at the end and may be fine as wk_keylen is used and the array is at the end of the struct
ipw has it embedded in the data_hdr and we use sizeof on that; that will fail

I have one or two of these still but I think if wpi, iwi, and ipw and malo got broken so be it; ral, rum and rsu some more people may still be cranky.

Should I go ahead and do anything about any of that?

bz: I think your solution is too complicated but I need to go and see if wpa_supplicant does the…
/* key receive sequence counter */ /* key receive sequence counter */
uint64_t wk_keyrsc[IEEE80211_TID_SIZE]; uint64_t wk_keyrsc[IEEE80211_TID_SIZE];
uint64_t wk_keytsc; /* key transmit sequence counter */ uint64_t wk_keytsc; /* key transmit sequence counter */
const struct ieee80211_cipher *wk_cipher; const struct ieee80211_cipher *wk_cipher;
void *wk_private; /* private cipher state */ void *wk_private; /* private cipher state */
uint8_t wk_macaddr[IEEE80211_ADDR_LEN]; uint8_t wk_macaddr[IEEE80211_ADDR_LEN];
}; };
#define IEEE80211_KEY_COMMON /* common flags passed in by apps */\ #define IEEE80211_KEY_COMMON /* common flags passed in by apps */\
▲ Show 20 LinesShow All 193 LinesShow Last 20 Lines