Site Navigation

Date:      Mon, 24 Feb 2025 20:27:11 GMT
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: e8376bc284f1 - stable/14 - net80211: crypto: ccmp: fix more hardware offload bits
Message-ID:  <202502242027.51OKRBOG027305@gitrepo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=e8376bc284f187e0299def398259a9a4ecdeb61f

commit e8376bc284f187e0299def398259a9a4ecdeb61f
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-01-27 13:54:02 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-02-24 20:26:48 +0000

    net80211: crypto: ccmp: fix more hardware offload bits
    
    Add the missing IEEE80211_RX_F_DECRYPTED and IEEE80211_RX_F_MMIC_STRIP
    (really just MIC_STRIP) checks to make hwaccel offload work.
    This makes rtw8x drivers pass RX packets again at least with LinuxKPI
    if HW_CRYPTO support is enabled.
    
    Sponsored by:   The FreeBSD Foundation
    Reviewed by:    adrian
    Differential Revision: https://reviews.freebsd.org/D49030
    
    (cherry picked from commit 3afc0bfecb1a927c37672dc245688c575e4d9ec4)
---
 sys/net80211/ieee80211_crypto_ccmp.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c
index 8f7d5eed593c..06028cf2a37c 100644
--- a/sys/net80211/ieee80211_crypto_ccmp.c
+++ b/sys/net80211/ieee80211_crypto_ccmp.c
@@ -602,6 +602,7 @@ done:
 static int
 ccmp_decrypt(struct ieee80211_key *key, u_int64_t pn, struct mbuf *m, int hdrlen)
 {
+	const struct ieee80211_rx_stats *rxs;
 	struct ccmp_ctx *ctx = key->wk_private;
 	struct ieee80211vap *vap = ctx->cc_vap;
 	struct ieee80211_frame *wh;
@@ -613,6 +614,10 @@ ccmp_decrypt(struct ieee80211_key *key, u_int64_t pn, struct mbuf *m, int hdrlen
 	uint8_t *pos;
 	u_int space;
 
+	rxs = ieee80211_get_rx_params_ptr(m);
+	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_DECRYPTED) != 0)
+		return (1);
+
 	ctx->cc_vap->iv_stats.is_crypto_ccmp++;
 
 	wh = mtod(m, struct ieee80211_frame *);
@@ -675,6 +680,14 @@ ccmp_decrypt(struct ieee80211_key *key, u_int64_t pn, struct mbuf *m, int hdrlen
 			space = m->m_len;
 		}
 	}
+
+	/*
+	 * If the MIC (we use MMIC despite not being Micheal) was stripped
+	 * by HW/driver we are done.
+	 */
+	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP) != 0)
+		return (1);
+
 	if (memcmp(mic, a, ccmp.ic_trailer) != 0) {
 		IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr2,
 		    "%s", "AES-CCM decrypt failed; MIC mismatch");

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202502242027.51OKRBOG027305>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact