From nobody Tue Nov 11 16:06:46 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4d5Wck44nnz6Gf0y;
	Tue, 11 Nov 2025 16:06:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4d5Wck2DY8z3Xls;
	Tue, 11 Nov 2025 16:06:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1762877206;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=075QlQQWYoUjCiwfeUej9jpdeifhdMRBgpCUHJV51Lo=;
	b=w440heJtdu9dxRKvkILaX3Ir6SRKD3JfURFo9w9hfiyNDsw658IY3V9huGlmlHSbKzjPbY
	q3u/F0E2PyQbLa48DtUMkfI8/7+iLl8qylqrKoI8i6OBQT/YzwHirYHZQoGlTaclNwgwOr
	FutWzvNR2kJim3bdxC4ZJheOIaIM0KuRkTl9bm5P76qRF+tCueBqS/5SvEb4pX9vCewe3S
	ogkrdzan3YdAIYxJvSRtu/GGfEwn/+SlvKa660SaK6dxQu48Ce5Qntx+b+bVFVPuBFU13K
	Ngh91c09mAq34aY1lSFAHMJw7VVEj2OtfL6SUD+aBUR/VmsV3/FQWbVMOPN3gQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1762877206;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=075QlQQWYoUjCiwfeUej9jpdeifhdMRBgpCUHJV51Lo=;
	b=jrjCEx7NefIqA41R1DzBjUALnUpNY9UJugLd9VsH71mn45RgXR3tjRQRf2OkUbC6WjQlvF
	RdRIhOEKQEi7oSLvH7lOw9Qah6h3LWex4GUgpRUxYQMvob44k2WECBIFPWS545rtyuFCe5
	vjetbp3s8gdRAWbdG8M15hzzZTYrTfbZA5A5CpKeD7b3di/o0lpIDpE56dcMXjpBRn4/ec
	hYCUZzt27opBML/nE3EB3Lfbczr6luXm9hnIHNU4Yfyrtk2GD8T+U3X6Pz0A02Jb78IyEn
	N0qBUTFnoE4Z24Pqnv9Uq9k0Cd0KLzcfqdBJbZivT5iI9L10AjCZnOKHNo10dA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1762877206; a=rsa-sha256; cv=none;
	b=eUj8iTWmnk1o/FMMQTByqeD3IkWbIB2ORBkLJ5cntTgoz9xetVOOYdKV6GooiUQUaMfnH9
	4BTkfoR9YNM8MM2EoAxrzEf+VrUujeZ7gkVtpZLe7PeiWH7grondEN0AOBkbVuOd4WtuWG
	9OuRAobbZ+qU+t19Rj5Fql6sp2wcsj3PyWtOWokbgNfy6RlspnHDteY1UssfP02YnTrLBc
	5OH42DjND+sxc3NczraoVtTbrJ+2Kg+t1zE29j7W/RkhK7/4LTCFnvGFq55Hblp8d3vNBg
	iiA7aZTmy1YHDWoRAngQO8UR74ncLGgi+U3TaRCAVj2zOYTy0nXA/08rAt8Vbg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4d5Wck1XyRz19kT;
	Tue, 11 Nov 2025 16:06:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5ABG6kWB088442;
	Tue, 11 Nov 2025 16:06:46 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5ABG6kMe088439;
	Tue, 11 Nov 2025 16:06:46 GMT
	(envelope-from git)
Date: Tue, 11 Nov 2025 16:06:46 GMT
Message-Id: <202511111606.5ABG6kMe088439@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Adrian Chadd <adrian@FreeBSD.org>
Subject: git: 77b1e4f32f31 - main - net80211: create accessors for
  accessing the ieee80211_key key/mic data
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: adrian
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 77b1e4f32f31b219c238c81b726d079a003b465c
Auto-Submitted: auto-generated

The branch main has been updated by adrian:

URL: https://cgit.FreeBSD.org/src/commit/?id=77b1e4f32f31b219c238c81b726d079a003b465c

commit 77b1e4f32f31b219c238c81b726d079a003b465c
Author:     Adrian Chadd <adrian@FreeBSD.org>
AuthorDate: 2025-09-24 15:30:47 +0000
Commit:     Adrian Chadd <adrian@FreeBSD.org>
CommitDate: 2025-11-11 16:06:29 +0000

    net80211: create accessors for accessing the ieee80211_key key/mic data
    
    Add some accessors to the key data, key length and MIC data.
    Document exactly what these mean.
    
    There's at least a couple of drivers that access the key data field
    directly and assume that the TX/RX MIC is available directly after the
    data pointer, which bakes in the "key size is 128 bits" in subtle ways.
    
    The goal here is to migrate the drivers and net80211 code to use
    these methods rather than accessing wk_key directly and making assumptions
    about wk_key and the copied key length (which the ioctl path definitely
    does.)
    
    Once that's done, it should be a lot easier to change the key API for
    larger keys.
    
    Differential Revision:  https://reviews.freebsd.org/D52711
    Reviewed by:    thj
---
 sys/net80211/ieee80211_crypto.h | 105 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)

diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h
index 89b8b4f9daa4..48115da586b5 100644
--- a/sys/net80211/ieee80211_crypto.h
+++ b/sys/net80211/ieee80211_crypto.h
@@ -94,6 +94,7 @@ struct ieee80211_key {
 
 	ieee80211_keyix	wk_keyix;	/* h/w key index */
 	ieee80211_keyix	wk_rxkeyix;	/* optional h/w rx key index */
+	/* TODO: deprecate direct access to wk_key, wk_txmic, wk_rxmic */
 	uint8_t		wk_key[IEEE80211_KEYBUF_SIZE+IEEE80211_MICBUF_SIZE];
 #define	wk_txmic	wk_key+IEEE80211_KEYBUF_SIZE+0	/* XXX can't () right */
 #define	wk_rxmic	wk_key+IEEE80211_KEYBUF_SIZE+8	/* XXX can't () right */
@@ -300,5 +301,109 @@ void	ieee80211_notify_michael_failure(struct ieee80211vap *,
 uint16_t	ieee80211_crypto_init_aad(const struct ieee80211_frame *,
 		uint8_t *, int);
 
+/**
+ * @brief Return the key data.
+ *
+ * This returns a pointer to the key data.  Note it does not
+ * guarantee the TX/RX MIC will be immediately after the key.
+ * Callers must use ieee80211_crypto_get_key_txmic_data()
+ * and ieee80211_crypto_get_key_rxmic_data() for that.
+ *
+ * Note: there's no locking; this needs to be called in
+ * a situation where the ieee80211_key won't disappear.
+ *
+ * @param k ieee80211_key
+ * @returns NULL if no key data is available, or a pointer
+ *  to the key data.
+ */
+static inline const uint8_t *
+ieee80211_crypto_get_key_data(const struct ieee80211_key *k)
+{
+	return (k->wk_key);
+}
+
+/**
+ * @brief Return the key length in bytes.
+ *
+ * This doesn't include any TX/RX MIC (eg from TKIP).
+ *
+ * Note: there's no locking; this needs to be called in
+ * a situation where the ieee80211_key won't disappear.
+ *
+ * @param k ieee80211_key
+ * @returns the key length (without any MIC) in bytes
+ */
+static inline const uint16_t
+ieee80211_crypto_get_key_len(const struct ieee80211_key *k)
+{
+	return (k->wk_keylen);
+}
+
+/**
+ * @brief Return the TX MIC data.
+ *
+ * This returns a pointer to the TX MIC data.
+ *
+ * Note: there's no locking; this needs to be called in
+ * a situation where the ieee80211_key won't disappear.
+ *
+ * @param k ieee80211_key
+ * @returns NULL if no key data is available, or a pointer
+ *  to the TX MIC data.
+ */
+static inline const uint8_t *
+ieee80211_crypto_get_key_txmic_data(const struct ieee80211_key *k)
+{
+	return (k->wk_txmic);
+}
+
+/**
+ * @brief Return the TX MIC length in bytes.
+ *
+ * Note: there's no locking; this needs to be called in
+ * a situation where the ieee80211_key won't disappear.
+ *
+ * @param k ieee80211_key
+ * @returns the TX MIC length in bytes
+ */
+static inline const uint16_t
+ieee80211_crypto_get_key_txmic_len(const struct ieee80211_key *k)
+{
+	return (k->wk_cipher->ic_miclen);
+}
+
+/**
+ * @brief Return the RX MIC data.
+ *
+ * This returns a pointer to the RX MIC data.
+ *
+ * Note: there's no locking; this needs to be called in
+ * a situation where the ieee80211_key won't disappear.
+ *
+ * @param k ieee80211_key
+ * @returns NULL if no key data is available, or a pointer
+ *  to the RX MIC data.
+ */
+static inline const uint8_t *
+ieee80211_crypto_get_key_rxmic_data(const struct ieee80211_key *k)
+{
+	return (k->wk_rxmic);
+}
+
+/**
+ * @brief Return the RX MIC length in bytes.
+ *
+ * Note: there's no locking; this needs to be called in
+ * a situation where the ieee80211_key won't disappear.
+ *
+ * @param k ieee80211_key
+ * @returns the RX MIC length in bytes
+ */
+static inline const uint16_t
+ieee80211_crypto_get_key_rxmic_len(const struct ieee80211_key *k)
+{
+	return (k->wk_cipher->ic_miclen);
+}
+
 #endif /* defined(__KERNEL__) || defined(_KERNEL) */
 #endif /* _NET80211_IEEE80211_CRYPTO_H_ */