From nobody Tue Apr 29 11:41:59 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zmz1h2bD8z5tvRV;
	Tue, 29 Apr 2025 11:42:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Zmz1g4wQ2z3x9j;
	Tue, 29 Apr 2025 11:41:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1745926919;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ndo3xhwsRtjNlRF9oGhL7XYsMh5JkB5eHk70FqokDjE=;
	b=vXxd41UAtx+rvch6Vro4hZz+yKP3/q0DXsWxcZPoz6HfuoLQbA4cdL5It5J6oa14oqjgpO
	Ij4N1ZYR9cC8j96EDWLRdKnVUFzeYHvs50DSZ2BL1q6cl31HtXJOtzJIUVlGTeTz0Tng3C
	cTMvFs7vV1rPUPhflNStmgOanRZCQcgcMX7wUj7Z8v+uuwCdTWuYDs9IUAoxFCmyZ9KuuD
	JkMl23G1QftpT0p4nW1ff02TEON1Mv7c2dQExBQtOcTJxJq9V6/xIWiocy2t48oJXmVE6C
	2oYdyi3iXormH8AIWiFEVmSORxZ6DW3tk5eKEiZ4QNVbxtwRdLzgOiZRAUM86g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1745926919; a=rsa-sha256; cv=none;
	b=GoBQZPCmjRcwNExaFWOJppH/Clcmfsfk07sEuxNDQRsr43lmh6lJ7hQEQZ5m0v4+G6cmXT
	L2hvd4QgMX1ruZfTSRoN/zCxdpCG1C+IvfwTVqVr8vR8Wimpy9w9YAxF1ip6eg5Ucy/WhK
	8BZ8uuNVTg5Iznc7M/Ek5vNwiAG4cU+mWMajMpFvnNFzh60Sb1FmCAqVZhLFWjoRq8mjQJ
	8hbekgiXpKQIZcPTIOqxxvCFZqdvGJ/kJQo/+sabFJZHzMnwec9H+koIkv0YzMeg2/RcH3
	c2zfN0eEmX7K/aSu0HlK/yVWFaD9QuhaARylBPAaCmjBbFiVMDdtbZbzhR1KiA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1745926919;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=ndo3xhwsRtjNlRF9oGhL7XYsMh5JkB5eHk70FqokDjE=;
	b=M3taryhpPwi6bUfVLVhERoz20BKY6T4Auijx6DYma69PpdHoO9uk7cfJHIs+GQtCfGzUMI
	OrFwImez5HLOsjSzjeZ16p9I4QljZuI+7eHUeJxBAiSJumK5J5YLmOxgDanu54YsDreD2F
	Atshzh/6XgaLEN7/1eFo2hZHSsJxTvKM6hkSK7/W4MkdTUIoJJKPEzRHXEZHw1X74/CUBr
	60fbTnl36kmpINXKpulPD6WMNUG35mAt8v38i3jMO5vv/NlkJ9azaXKTMOIM+rO/N+HGC/
	X81LdqhtVHmC7qb1iHtXkvB8OIjkC3HGRR0jzfnFyBuNT4/BfAwv/bO9fY/X5Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Zmz1g4G5vz3rw;
	Tue, 29 Apr 2025 11:41:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53TBfxDv046830;
	Tue, 29 Apr 2025 11:41:59 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53TBfxVC046810;
	Tue, 29 Apr 2025 11:41:59 GMT
	(envelope-from git)
Date: Tue, 29 Apr 2025 11:41:59 GMT
Message-Id: <202504291141.53TBfxVC046810@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Subject: git: 3b4ffe19a44f - stable/14 - LinuxKPI: 802.11: make
  TKIP start to work
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: bz
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 3b4ffe19a44fab1d116b15a4e8244029f9061740
Auto-Submitted: auto-generated

The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=3b4ffe19a44fab1d116b15a4e8244029f9061740

commit 3b4ffe19a44fab1d116b15a4e8244029f9061740
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-04-16 08:22:20 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-04-29 10:49:32 +0000

    LinuxKPI: 802.11: make TKIP start to work
    
    In lkpi_iv_key_set() change the order to check if the cipher suite
    is supported. This for one avoids a possible kc memory leak, for the
    other allows us to extend the keylen we use for allocating memory.
    TKIP does need extra space as in addition to the key the RX/TX MIC
    are appended.  Copy those now as well.
    
    In lkpi_hw_crypto_prepare_tkip() do the "enmic" (making space) part
    first before doing the "encap" part (making space).  While this is
    technically not fully correct as the "enmic" would be done once for
    the entire MSDU and the "encap" would be done for each fragment, we
    are currently not setup to do per-vap or per-ic callbacks for this
    at the right moment from net80211.  It will require a bit of thought.
    On the other hand we expect the firmware to do all this so it should
    be fine for as long as we no longer skip one part.
    We can likely start being more creative here in the compat code if
    needed.
    
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit 4b9ae864fc46f75d87d04b1b9c343f317a9d0bed)
---
 sys/compat/linuxkpi/common/src/linux_80211.c | 90 +++++++++++++++++++---------
 1 file changed, 61 insertions(+), 29 deletions(-)

diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c
index d6eeaf01d56b..964d995db728 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -1353,6 +1353,7 @@ lkpi_iv_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
 	struct ieee80211_key_conf *kc;
 	uint32_t lcipher;
 	uint16_t exp_flags;
+	uint8_t keylen;
 	int error;
 
 	ic = vap->iv_ic;
@@ -1377,21 +1378,14 @@ lkpi_iv_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
 	}
 	sta = LSTA_TO_STA(lsta);
 
-	if (lsta->kc[k->wk_keyix] != NULL) {
-		IMPROVE("Still in firmware? Del first. Can we assert this cannot happen?");
-		ic_printf(ic, "%s: sta %6D found with key information\n",
-		    __func__, sta->addr, ":");
-		kc = lsta->kc[k->wk_keyix];
-		lsta->kc[k->wk_keyix] = NULL;
-		free(kc, M_LKPI80211);
-		kc = NULL;	/* safeguard */
-	}
-
+	keylen = k->wk_keylen;
 	lcipher = lkpi_net80211_to_l80211_cipher_suite(
 	    k->wk_cipher->ic_cipher, k->wk_keylen);
 	switch (lcipher) {
 	case WLAN_CIPHER_SUITE_CCMP:
+		break;
 	case WLAN_CIPHER_SUITE_TKIP:
+		keylen += 2 * k->wk_cipher->ic_miclen;
 		break;
 	default:
 		ic_printf(ic, "%s: CIPHER SUITE %#x (%s) not supported\n",
@@ -1401,9 +1395,18 @@ lkpi_iv_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
 		return (0);
 	}
 
-	kc = malloc(sizeof(*kc) + k->wk_keylen, M_LKPI80211, M_WAITOK | M_ZERO);
+	if (lsta->kc[k->wk_keyix] != NULL) {
+		IMPROVE("Still in firmware? Del first. Can we assert this cannot happen?");
+		ic_printf(ic, "%s: sta %6D found with key information\n",
+		    __func__, sta->addr, ":");
+		kc = lsta->kc[k->wk_keyix];
+		lsta->kc[k->wk_keyix] = NULL;
+		free(kc, M_LKPI80211);
+		kc = NULL;	/* safeguard */
+	}
+
+	kc = malloc(sizeof(*kc) + keylen, M_LKPI80211, M_WAITOK | M_ZERO);
 	kc->_k = k;		/* Save the pointer to net80211. */
-	atomic64_set(&kc->tx_pn, k->wk_keytsc);
 	kc->cipher = lcipher;
 	kc->keyidx = k->wk_keyix;
 #if 0
@@ -1424,6 +1427,8 @@ lkpi_iv_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
 		kc->icv_len = k->wk_cipher->ic_trailer;
 		break;
 	case WLAN_CIPHER_SUITE_TKIP:
+		memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY, k->wk_txmic, k->wk_cipher->ic_miclen);
+		memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY, k->wk_rxmic, k->wk_cipher->ic_miclen);
 		kc->iv_len = k->wk_cipher->ic_header;
 		kc->icv_len = k->wk_cipher->ic_trailer;
 		break;
@@ -1437,9 +1442,9 @@ lkpi_iv_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k)
 #ifdef LINUXKPI_DEBUG_80211
 	if (linuxkpi_debug_80211 & D80211_TRACE_HW_CRYPTO)
 		ic_printf(ic, "%s: running set_key cmd %d(%s) for sta %6D: "
-		    "kc %p keyidx %u hw_key_idx %u flags %b\n", __func__,
-		    SET_KEY, "SET", sta->addr, ":",
-		    kc, kc->keyidx, kc->hw_key_idx, kc->flags, IEEE80211_KEY_FLAG_BITS);
+		    "kc %p keyidx %u hw_key_idx %u keylen %u flags %b\n", __func__,
+		    SET_KEY, "SET", sta->addr, ":", kc, kc->keyidx, kc->hw_key_idx,
+		    kc->keylen, kc->flags, IEEE80211_KEY_FLAG_BITS);
 #endif
 
 	lhw = ic->ic_softc;
@@ -4680,16 +4685,51 @@ lkpi_ic_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
 }
 
 #ifdef LKPI_80211_HW_CRYPTO
+/*
+ * This is a bit of a hack given we know we are operating on a
+ * single frame and we know that hardware will deal with it.
+ * But otherwise the enmic bit and the encrypt bit need to be
+ * decoupled.
+ */
 static int
 lkpi_hw_crypto_prepare_tkip(struct ieee80211_key *k,
     struct ieee80211_key_conf *kc, struct sk_buff *skb)
 {
 	struct ieee80211_hdr *hdr;
 	uint32_t hlen, hdrlen;
-	uint8_t *p, *m;
+	uint8_t *p;
 
 	/*
-	 * Check if we have anythig to do as requested by driver
+	 * TKIP only happens on data.
+	 */
+	hdr = (void *)skb->data;
+	if (!ieee80211_is_data_present(hdr->frame_control))
+		return (0);
+
+	/*
+	 * "enmic" (though we do not do that).
+	 */
+	/* any conditions to not apply this? */
+	if (skb_tailroom(skb) < k->wk_cipher->ic_miclen)
+		return (ENOBUFS);
+
+	p = skb_put(skb, k->wk_cipher->ic_miclen);
+	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) != 0)
+		goto encrypt;
+
+	/*
+	 * (*enmic) which we hopefully do not have to do with hw accel.
+	 * That means if we make it here we have a problem.
+	 */
+	TODO("(*enmic)");
+	return (ENXIO);
+
+encrypt:
+	/*
+	 * "encrypt" (though we do not do that).
+	 */
+	/*
+	 * Check if we have anything to do as requested by driver
 	 * or if we are done?
 	 */
 	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) == 0 &&
@@ -4698,23 +4738,13 @@ lkpi_hw_crypto_prepare_tkip(struct ieee80211_key *k,
 
 	hlen = k->wk_cipher->ic_header;
 	if (skb_headroom(skb) < hlen)
-		return (ENOSPC);
+		return (ENOBUFS);
 
 	hdr = (void *)skb->data;
 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
 	p = skb_push(skb, hlen);
 	memmove(p, p + hlen, hdrlen);
 
-	/*
-	 * Put in zeroed space for the MMIC if requested.
-	 * XXX-BZ in theory this is not the right place but given we
-	 * are here we know we do hw_crypto so not much missing.
-	 */
-	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_MIC_SPACE) != 0) {
-		m = skb_put(skb, 8);
-		memset(m, 0, 8);
-	}
-
 	/* If driver request space only we are done. */
 	if ((kc->flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE) != 0)
 		return (0);
@@ -4722,6 +4752,8 @@ lkpi_hw_crypto_prepare_tkip(struct ieee80211_key *k,
 	p += hdrlen;
 	k->wk_cipher->ic_setiv(k, p);
 
+	/* If we make it hear we do sw encryption. */
+	TODO("sw encrypt");
 	return (ENXIO);
 }
 static int
@@ -4747,7 +4779,7 @@ lkpi_hw_crypto_prepare_ccmp(struct ieee80211_key *k,
 
 	hlen = k->wk_cipher->ic_header;
 	if (skb_headroom(skb) < hlen)
-		return (ENOSPC);
+		return (ENOBUFS);
 
 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
 	p = skb_push(skb, hlen);