From nobody Tue Apr 29 11:41:56 2025 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zmz1c4fpKz5tv9D; Tue, 29 Apr 2025 11:41:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zmz1c2BF5z3x4C; Tue, 29 Apr 2025 11:41:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745926916; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6PJbGoHxuULEQdPz3BO1a8XVn7pylrV2rJ9ftp33oYM=; b=s4VLpiyqu37NvkRkl9NWUnaShkynt3NmPOMcX+uYHxwh0wfcQXPj0/K0Bts1yGKLcTpIMX zsSqkYPN07hTJOuiPQxUs62i5Ok5yUsjaQF6W1sseh8swcO7ajnsHYRK+doZq8ySGQG0To WJeaASfdnvSZZLfMWoxhgVsdmS0NwqXXJDysN8UU9pQs6WPWiIXIDtCdga1zXaK3bDLGcj DDWbROUBBAYYACDnmWki/JlpZB8+JeKHHeSqivOb03fJ1Luy589DAcnvU6SYuvugomFvAo PkfCjM/jgdzWNHWa+Rr0fYstVy/WoMbI2u4tTlnltbzE+DNO1ujRaaN+w9JoeQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1745926916; a=rsa-sha256; cv=none; b=K/09F6sVno1eiGz0+RZmA+WYHLpnGCcCyqRyVXETa02dg0gWpugVlYS1xOZkclUs3N2JWr dBOeTDzm5C8BdqTd8bIUrOmVbR3w1lTag0U8RjUzN0ULs3IvcpqZ9M9U5H0Amu/GhkCTE8 Hpv8dmaw/BIdqvtzpZuOLK+2E6DHqigl+DGb57RGkP/rcNjumjIDFqIWdBvIfhJKiaUSux L/7lYknhMEjs13ivJtikU0lmLDjEH6hVN6H+bFAvPgctmM4PYlaMgtkqMevujKzTgRzNPd UqbqZwbYl2cQi3tcY1Dl2HY/0oCpHfYpBpkrwcxcsMOOwTFsK9GMQxYUoZ1TlA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745926916; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6PJbGoHxuULEQdPz3BO1a8XVn7pylrV2rJ9ftp33oYM=; b=f1iRe9RuOmG0D/2JrtkntSRqR+IFchjijHMz0WY+KLdi8AgYg5q6Gq3mE2nqTYOaDeVb5g oCAQ9aq3xJO2RXWGpPPrFbvMdtSJtOMZs48Z/fnjp5Pe+zaMwNVWtMWcluQ62W+ib6xST3 gKKKERly6kdBtOuc4md4N8lYBBBLXepIUn82n0G21A3vKS/VuvDdEQQRK/xPF1U8ZpzVWZ lM/htCOsEbLQtUHrz+/7yxL2K+3Cjd4Do8s9nZyg702D+ankVGrNwMakKHmJBdHQPaKt1j u+a6Bh+Xy1XoSByR/ucjTOuMtMu5RE4N/K2nj0Vj1st9CRwWTuM7om0CE/ul2w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Zmz1c1nPLz3rs; Tue, 29 Apr 2025 11:41:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53TBfuml046399; Tue, 29 Apr 2025 11:41:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53TBfuHE046396; Tue, 29 Apr 2025 11:41:56 GMT (envelope-from git) Date: Tue, 29 Apr 2025 11:41:56 GMT Message-Id: <202504291141.53TBfuHE046396@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Bjoern A. Zeeb" Subject: git: ed180522c9ab - stable/14 - LinuxKPI: 802.11: sort cipher lists and filter net80211 unsupported ones List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: ed180522c9abbe442529440260db011b70fe1075 Auto-Submitted: auto-generated The branch stable/14 has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=ed180522c9abbe442529440260db011b70fe1075 commit ed180522c9abbe442529440260db011b70fe1075 Author: Bjoern A. Zeeb AuthorDate: 2025-04-15 20:34:41 +0000 Commit: Bjoern A. Zeeb CommitDate: 2025-04-29 10:49:31 +0000 LinuxKPI: 802.11: sort cipher lists and filter net80211 unsupported ones Sort the ciphers in lkpi_cipher_suite_to_name() to match other places (e.g., in mac80211.h). Do the same for lkpi_l80211_to_net80211_cyphers() and return the net80211 for all of them. This in theory automatically enables them for net80211 and user space which can lead to other odd problems. Filter out everything net80211 does not currently support in ieee80211_ifattach(). Then also disable all we have not sucessfully implemented in LinuxKPI yet. It is assumed that the later will go away any day again but keep the commit sequence usable. Lastly also fill them all in lkpi_net80211_to_l80211_cipher_suite(). Sponsored by: The FreeBSD Foundation (cherry picked from commit bf8c25f16165440cb75199c2ae405e75d2540e93) --- sys/compat/linuxkpi/common/src/linux_80211.c | 93 +++++++++++++++++++--------- 1 file changed, 63 insertions(+), 30 deletions(-) diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c index 69f065df6b4f..86a8286d66eb 100644 --- a/sys/compat/linuxkpi/common/src/linux_80211.c +++ b/sys/compat/linuxkpi/common/src/linux_80211.c @@ -961,68 +961,68 @@ lkpi_opmode_to_vif_type(enum ieee80211_opmode opmode) static const char * lkpi_cipher_suite_to_name(uint32_t wlan_cipher_suite) { - switch (wlan_cipher_suite) { case WLAN_CIPHER_SUITE_WEP40: return ("WEP40"); + case WLAN_CIPHER_SUITE_WEP104: + return ("WEP104"); case WLAN_CIPHER_SUITE_TKIP: return ("TKIP"); case WLAN_CIPHER_SUITE_CCMP: return ("CCMP"); - case WLAN_CIPHER_SUITE_WEP104: - return ("WEP104"); - case WLAN_CIPHER_SUITE_AES_CMAC: - return ("AES_CMAC"); + case WLAN_CIPHER_SUITE_CCMP_256: + return ("CCMP_256"); case WLAN_CIPHER_SUITE_GCMP: return ("GCMP"); case WLAN_CIPHER_SUITE_GCMP_256: return ("GCMP_256"); - case WLAN_CIPHER_SUITE_CCMP_256: - return ("CCMP_256"); + case WLAN_CIPHER_SUITE_AES_CMAC: + return ("AES_CMAC"); + case WLAN_CIPHER_SUITE_BIP_CMAC_256: + return ("BIP_CMAC_256"); case WLAN_CIPHER_SUITE_BIP_GMAC_128: return ("BIP_GMAC_128"); case WLAN_CIPHER_SUITE_BIP_GMAC_256: return ("BIP_GMAC_256"); - case WLAN_CIPHER_SUITE_BIP_CMAC_256: - return ("BIP_CMAC_256"); default: return ("??"); } } static uint32_t -lkpi_l80211_to_net80211_cyphers(uint32_t wlan_cipher_suite) +lkpi_l80211_to_net80211_cyphers(struct ieee80211com *ic, + uint32_t wlan_cipher_suite) { - switch (wlan_cipher_suite) { case WLAN_CIPHER_SUITE_WEP40: return (IEEE80211_CRYPTO_WEP); + case WLAN_CIPHER_SUITE_WEP104: + return (IEEE80211_CRYPTO_WEP); case WLAN_CIPHER_SUITE_TKIP: return (IEEE80211_CRYPTO_TKIP); case WLAN_CIPHER_SUITE_CCMP: return (IEEE80211_CRYPTO_AES_CCM); - case WLAN_CIPHER_SUITE_WEP104: - return (IEEE80211_CRYPTO_WEP); - case WLAN_CIPHER_SUITE_AES_CMAC: + case WLAN_CIPHER_SUITE_CCMP_256: + return (IEEE80211_CRYPTO_AES_CCM_256); case WLAN_CIPHER_SUITE_GCMP: + return (IEEE80211_CRYPTO_AES_GCM_128); case WLAN_CIPHER_SUITE_GCMP_256: - case WLAN_CIPHER_SUITE_CCMP_256: + return (IEEE80211_CRYPTO_AES_GCM_256); + case WLAN_CIPHER_SUITE_AES_CMAC: + return (IEEE80211_CRYPTO_BIP_CMAC_128); + case WLAN_CIPHER_SUITE_BIP_CMAC_256: + return (IEEE80211_CRYPTO_BIP_CMAC_256); case WLAN_CIPHER_SUITE_BIP_GMAC_128: + return (IEEE80211_CRYPTO_BIP_GMAC_128); case WLAN_CIPHER_SUITE_BIP_GMAC_256: - case WLAN_CIPHER_SUITE_BIP_CMAC_256: - printf("%s: unsupported WLAN Cipher Suite %#08x | %u (%s)\n", - __func__, - wlan_cipher_suite >> 8, wlan_cipher_suite & 0xff, - lkpi_cipher_suite_to_name(wlan_cipher_suite)); - break; + return (IEEE80211_CRYPTO_BIP_GMAC_256); default: - printf("%s: unknown WLAN Cipher Suite %#08x | %u (%s)\n", + ic_printf(ic, "%s: unknown WLAN Cipher Suite %#08x | %u (%s)\n", __func__, wlan_cipher_suite >> 8, wlan_cipher_suite & 0xff, lkpi_cipher_suite_to_name(wlan_cipher_suite)); + return (0); } - - return (0); } static uint32_t @@ -1030,18 +1030,37 @@ lkpi_net80211_to_l80211_cipher_suite(uint32_t cipher, uint8_t keylen) { switch (cipher) { - case IEEE80211_CIPHER_TKIP: - return (WLAN_CIPHER_SUITE_TKIP); - case IEEE80211_CIPHER_AES_CCM: - return (WLAN_CIPHER_SUITE_CCMP); case IEEE80211_CIPHER_WEP: if (keylen < 8) return (WLAN_CIPHER_SUITE_WEP40); else return (WLAN_CIPHER_SUITE_WEP104); break; + case IEEE80211_CIPHER_TKIP: + return (WLAN_CIPHER_SUITE_TKIP); + case IEEE80211_CIPHER_AES_CCM: + return (WLAN_CIPHER_SUITE_CCMP); + case IEEE80211_CIPHER_AES_CCM_256: + return (WLAN_CIPHER_SUITE_CCMP_256); + case IEEE80211_CIPHER_AES_GCM_128: + return (WLAN_CIPHER_SUITE_GCMP); + case IEEE80211_CIPHER_AES_GCM_256: + return (WLAN_CIPHER_SUITE_GCMP_256); + case IEEE80211_CIPHER_BIP_CMAC_128: + return (WLAN_CIPHER_SUITE_AES_CMAC); + case IEEE80211_CIPHER_BIP_CMAC_256: + return (WLAN_CIPHER_SUITE_BIP_CMAC_256); + case IEEE80211_CIPHER_BIP_GMAC_128: + return (WLAN_CIPHER_SUITE_BIP_GMAC_128); + case IEEE80211_CIPHER_BIP_GMAC_256: + return (WLAN_CIPHER_SUITE_BIP_GMAC_256); + case IEEE80211_CIPHER_AES_OCB: case IEEE80211_CIPHER_TKIPMIC: + /* + * TKIP w/ hw MIC support + * (gone wrong; should really be a crypto flag in net80211). + */ case IEEE80211_CIPHER_CKIP: case IEEE80211_CIPHER_NONE: printf("%s: unsupported cipher %#010x\n", __func__, cipher); @@ -5934,9 +5953,23 @@ linuxkpi_ieee80211_ifattach(struct ieee80211_hw *hw) ic->ic_cryptocaps = 0; #ifdef LKPI_80211_HW_CRYPTO if (lkpi_hwcrypto && hw->wiphy->n_cipher_suites > 0) { + uint32_t hwciphers; + + hwciphers = 0; for (i = 0; i < hw->wiphy->n_cipher_suites; i++) - ic->ic_cryptocaps |= lkpi_l80211_to_net80211_cyphers( - hw->wiphy->cipher_suites[i]); + hwciphers |= lkpi_l80211_to_net80211_cyphers( + ic, hw->wiphy->cipher_suites[i]); + /* + * (20250415) nothing anywhere in the path checks we actually + * support all these in net80211. + * net80211 supports _256 variants but the ioctl does not. + */ + IMPROVE("as net80211 grows more support, enable them"); + hwciphers &= (IEEE80211_CRYPTO_WEP | IEEE80211_CRYPTO_TKIP | + IEEE80211_CRYPTO_AES_CCM | IEEE80211_CRYPTO_AES_GCM_128); + /* We only support CCMP here, so further filter. */ + hwciphers &= IEEE80211_CRYPTO_AES_CCM; + ieee80211_set_hardware_ciphers(ic, hwciphers); } #endif