Page MenuHomeFreeBSD
Differential D49392

net80211: document the crypto enmic/demic functions.
ClosedPublic
Actions

Authored by adrian on Mar 16 2025, 6:16 PM.
Tags
Referenced Files
Unknown Object (File)
Mon, Apr 21, 9:20 AM
Unknown Object (File)
Sun, Apr 20, 4:21 PM
Unknown Object (File)
Mon, Apr 14, 1:12 PM
Unknown Object (File)
Mon, Apr 14, 10:48 AM
Unknown Object (File)
Sun, Apr 13, 9:31 AM
Unknown Object (File)
Sat, Apr 5, 5:37 AM
Unknown Object (File)
Fri, Apr 4, 10:12 PM
Unknown Object (File)
Fri, Apr 4, 3:24 AM
View All 21 Files
Subscribers
bz
glebius
imp
melifaro

Details

Reviewers
bz
Group Reviewers
wireless
Commits
rG08fd0689d06f: net80211: document the crypto enmic/demic functions.
Summary

These functions implement what's needed for TKIP Michael MIC - which
is performed over the entire unencrypted MSDU. Each potential
fragmented MPDU is encrypted and has its own ICV/MIC.

CCMP/GCMP encrypts each MPDU separately (including the MPDUs that make
up an A-MPDU), so they'll implement null functions here and instead do
the MIC/ICV insertion inline in the crypto functions themselves.

Hopefully this makes it a bit clearer on how things should behave, and
will help figure out and clean up what further hardware offload
features we need.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 62996
Build 59880: arc lint + arc unit

Event Timeline

adrian created this revision.Mar 16 2025, 6:16 PM
Herald added subscribers: glebius, melifaro, imp. · View Herald TranscriptMar 16 2025, 6:16 PM
adrian requested review of this revision.Mar 16 2025, 6:16 PM
Harbormaster completed remote builds in B62937: Diff 152331.Mar 16 2025, 6:16 PM
adrian added a parent revision: D49370: uath: add support for GCMP-128 encryption.Mar 16 2025, 6:17 PM
adrian added a reviewer: wireless.
adrian added a project: wireless.
adrian added a child revision: D49393: net80211: fail setting a key if the cipher isn't HW/SW supported.Mar 17 2025, 3:25 AM
bz added a subscriber: bz.Mar 18 2025, 11:02 AM

If both are TKIP-only I keep contemplating if they should be called mmic and we are done ;-)

bz added inline comments.Mar 18 2025, 11:05 AM
sys/net80211/ieee80211_crypto.h
219

Can we add a comment here above the two:

/* See ieee80211_crypto_enmic() / ieee80211_crypto_demic() for description. */

Just to make it clearer if we don't rename them to mmic. Or:

/*

  • Currently only used by TKIP.
  • See ieee80211_crypto_enmic() / ieee80211_crypto_demic() for description. */
adrian updated this revision to Diff 152447.Mar 20 2025, 4:36 AM

feedback from bz

Harbormaster completed remote builds in B62996: Diff 152447.Mar 20 2025, 4:37 AM
adrian marked an inline comment as done.Mar 20 2025, 4:37 AM
adrian added a comment.Mon, Mar 31, 3:25 AM

@bz would you mind reviewing this one in particular next? It's just a documentation commit and I'd like to get this landed :-)

Thanks!

bz requested changes to this revision.Mon, Mar 31, 4:35 PM

If you do the changes (if needed) just commit it.

sys/net80211/ieee80211_crypto.c
779

also here remove the // if you still have to change anything.

sys/net80211/ieee80211_crypto.h
251

is this before fragmentation? I'd not highlight the /before/ if you have to change it.

This revision now requires changes to proceed.Mon, Mar 31, 4:35 PM
adrian updated this revision to Diff 153008.Wed, Apr 2, 12:04 AM

review from bz

Harbormaster completed remote builds in B63274: Diff 153008.Wed, Apr 2, 12:04 AM
adrian marked 2 inline comments as done.Wed, Apr 2, 12:05 AM
bz accepted this revision.Wed, Apr 2, 6:24 PM

Thank you!

This revision is now accepted and ready to land.Wed, Apr 2, 6:24 PM
Closed by commit rG08fd0689d06f: net80211: document the crypto enmic/demic functions. (authored by adrian). · Explain WhyFri, Apr 4, 3:24 AM
This revision was automatically updated to reflect the committed changes.
adrian added a commit: rG08fd0689d06f: net80211: document the crypto enmic/demic functions..

Revision Contents
Changeset List

PathSize
sys/
net80211/
25 lines
18 lines

Diff 152447

View Options

sys/net80211/ieee80211_crypto.h

Show First 20 LinesShow All 210 Lines▼ Show 20 Linesstruct ieee80211_cipher {
u_int ic_trailer; /* size of privacy trailer (bytes) */ u_int ic_trailer; /* size of privacy trailer (bytes) */
u_int ic_miclen; /* size of mic trailer (bytes) */ u_int ic_miclen; /* size of mic trailer (bytes) */
void* (*ic_attach)(struct ieee80211vap *, struct ieee80211_key *); void* (*ic_attach)(struct ieee80211vap *, struct ieee80211_key *);
void (*ic_detach)(struct ieee80211_key *); void (*ic_detach)(struct ieee80211_key *);
int (*ic_setkey)(struct ieee80211_key *); int (*ic_setkey)(struct ieee80211_key *);
void (*ic_setiv)(struct ieee80211_key *, uint8_t *); void (*ic_setiv)(struct ieee80211_key *, uint8_t *);
int (*ic_encap)(struct ieee80211_key *, struct mbuf *); int (*ic_encap)(struct ieee80211_key *, struct mbuf *);
int (*ic_decap)(struct ieee80211_key *, struct mbuf *, int); int (*ic_decap)(struct ieee80211_key *, struct mbuf *, int);
/*
* ic_enmic() and ic_demic() are currently only used by TKIP.
* Please see ieee80211_crypto_enmic() and ieee80211_crypto_demic()
* for more information.
*/
int (*ic_enmic)(struct ieee80211_key *, struct mbuf *, int); int (*ic_enmic)(struct ieee80211_key *, struct mbuf *, int);
bzUnsubmitted
Done
Inline Actions

Can we add a comment here above the two:

/* See ieee80211_crypto_enmic() / ieee80211_crypto_demic() for description. */

Just to make it clearer if we don't rename them to mmic. Or:

/*

  • Currently only used by TKIP.
  • See ieee80211_crypto_enmic() / ieee80211_crypto_demic() for description. */
bz: Can we add a comment here above the two: /* See ieee80211_crypto_enmic() /…
int (*ic_demic)(struct ieee80211_key *, struct mbuf *, int); int (*ic_demic)(struct ieee80211_key *, struct mbuf *, int);
}; };
extern const struct ieee80211_cipher ieee80211_cipher_none; extern const struct ieee80211_cipher ieee80211_cipher_none;
#define IEEE80211_KEY_UNDEFINED(k) \ #define IEEE80211_KEY_UNDEFINED(k) \
((k)->wk_cipher == &ieee80211_cipher_none) ((k)->wk_cipher == &ieee80211_cipher_none)
void ieee80211_crypto_register(const struct ieee80211_cipher *); void ieee80211_crypto_register(const struct ieee80211_cipher *);
void ieee80211_crypto_unregister(const struct ieee80211_cipher *); void ieee80211_crypto_unregister(const struct ieee80211_cipher *);
int ieee80211_crypto_available(u_int cipher); int ieee80211_crypto_available(u_int cipher);
int ieee80211_crypto_get_key_wepidx(const struct ieee80211vap *, int ieee80211_crypto_get_key_wepidx(const struct ieee80211vap *,
const struct ieee80211_key *k); const struct ieee80211_key *k);
uint8_t ieee80211_crypto_get_keyid(struct ieee80211vap *vap, uint8_t ieee80211_crypto_get_keyid(struct ieee80211vap *vap,
struct ieee80211_key *k); struct ieee80211_key *k);
struct ieee80211_key *ieee80211_crypto_get_txkey(struct ieee80211_node *, struct ieee80211_key *ieee80211_crypto_get_txkey(struct ieee80211_node *,
struct mbuf *); struct mbuf *);
struct ieee80211_key *ieee80211_crypto_encap(struct ieee80211_node *, struct ieee80211_key *ieee80211_crypto_encap(struct ieee80211_node *,
struct mbuf *); struct mbuf *);
int ieee80211_crypto_decap(struct ieee80211_node *, int ieee80211_crypto_decap(struct ieee80211_node *,
struct mbuf *, int, struct ieee80211_key **); struct mbuf *, int, struct ieee80211_key **);
int ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k, int ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k,
struct mbuf *, int); struct mbuf *, int);
/* /**
* Add any MIC. * @brief Add any pre-fragmentation MIC to an MSDU.
*
* This is called /before/ defragmentation. Crypto types that implement
bzUnsubmitted
Done
Inline Actions

is this before fragmentation? I'd not highlight the /before/ if you have to change it.

bz: is this before fragmentation? I'd not highlight the /before/ if you have to change it.
* a MIC/ICV check per MSDU will not implement this function.
*
* As an example, TKIP implements a Michael MIC check over the entire
* unencrypted MSDU before fragmenting it into MPDUs and passing each
* MPDU to be separately encrypted with their own MIC/ICV.
*
* Please see 802.11-2020 12.5.2.1.2 (TKIP cryptographic encapsulation)
* for more information.
*
* @param vap the current VAP
* @param k the current key
* @param m the mbuf representing the MSDU
* @param f set to 1 to force a MSDU MIC check, even if HW encrypted
* @returns 0 if error / MIC encap failed, 1 if OK
*/ */
static __inline int static __inline int
ieee80211_crypto_enmic(struct ieee80211vap *vap, ieee80211_crypto_enmic(struct ieee80211vap *vap,
struct ieee80211_key *k, struct mbuf *m, int force) struct ieee80211_key *k, struct mbuf *m, int force)
{ {
const struct ieee80211_cipher *cip = k->wk_cipher; const struct ieee80211_cipher *cip = k->wk_cipher;
return (cip->ic_miclen > 0 ? cip->ic_enmic(k, m, force) : 1); return (cip->ic_miclen > 0 ? cip->ic_enmic(k, m, force) : 1);
} }
Show All 32 Lines
View Options

sys/net80211/ieee80211_crypto.c

Loading...