mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-04 15:40:44 +00:00
net80211: add a new field specifically for announcing specific ciphers
This dates way, way back with the original net80211 support w/ atheros chips. The earliest chip (AR5210) had limitations supporting software encryption. It only had the four WEP slots, and not any keycache entries. So when trying to do CCMP/TKIP encryption would be enabled and the key slots would have nothing useful in them, resulting in garbage encryption/decryption. I changed this back in 2012 to disable supporting hardware WEP for AR5210 so if_ath(4) / net80211 crypto is all done in software and yes, I could do CCMP/TKIP on AR5210 in software. Fast-forward to newer-ish hardware - the Qualcomm 11ac hardware. Those also don't support pass-through keycache slots! Well, the hardware does at that layer, but then there's a whole offload data path encap/decap layer that's turning the frames from raw wifi into ethernet frames (for "dumb" AP behaviours) or "wifi direct" frames (ie, "windows".) This hides a bunch of header frame contents required for doing the software encryption / decryption path. But then if you enable the raw transmit/receive frame format it ALSO bypasses the hardware encryption/decryption engine! So for those NICs: * If you want to do encryption, you can only use the firmware supported ciphers w/ wifi direct or ethernet; * If you want to use software encrypt/decrypt, you MUST disable all encryption and instead use 100% software encryption. The wpa_supplicant bsd driver code has a specific comment about this and flips on supporting WEP/TKIP/CCMP, which is understandable but it doesn't fix the ACTUAL intention of all of this stuff. So: * create a new field, ic_sw_cryptocaps * populate it with the default supported set of ciphers for net80211 (right now wep, tkip, ccmp) * Communicate the combination of both ic_sw_cryptocaps and ic_cryptocaps to wpa_supplicant via the relevant devcap ioctl. * Update manpage. I'll follow this up with a driver_bsd.c change in wpa_supplicant to trust this again, and then start adding the other cipher support there. Differential Revision: https://reviews.freebsd.org/D44820
This commit is contained in:
parent
ebcfab998e
commit
1116e8b95c
|
@ -25,7 +25,7 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd January 26, 2021
|
||||
.Dd April 24, 2024
|
||||
.Dt IEEE80211 9
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -514,6 +514,8 @@ General capabilities are specified by
|
|||
.Vt ic_caps .
|
||||
Hardware cryptographic capabilities are specified by
|
||||
.Vt ic_cryptocaps .
|
||||
Software cryptographic capabilities are specified by
|
||||
.Vt ic_sw_cryptocaps .
|
||||
802.11n capabilities, if any, are specified by
|
||||
.Vt ic_htcaps .
|
||||
The
|
||||
|
|
|
@ -142,6 +142,18 @@ ieee80211_crypto_attach(struct ieee80211com *ic)
|
|||
{
|
||||
/* NB: we assume everything is pre-zero'd */
|
||||
ciphers[IEEE80211_CIPHER_NONE] = &ieee80211_cipher_none;
|
||||
|
||||
/*
|
||||
* Default set of net80211 supported ciphers.
|
||||
*
|
||||
* These are the default set that all drivers are expected to
|
||||
* support, either/or in hardware and software.
|
||||
*
|
||||
* Drivers can add their own support to this and the
|
||||
* hardware cipher list (ic_cryptocaps.)
|
||||
*/
|
||||
ic->ic_sw_cryptocaps = IEEE80211_CRYPTO_WEP |
|
||||
IEEE80211_CRYPTO_TKIP | IEEE80211_CRYPTO_AES_CCM;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -709,7 +709,11 @@ ieee80211_ioctl_getdevcaps(struct ieee80211com *ic,
|
|||
if (dc == NULL)
|
||||
return ENOMEM;
|
||||
dc->dc_drivercaps = ic->ic_caps;
|
||||
dc->dc_cryptocaps = ic->ic_cryptocaps;
|
||||
/*
|
||||
* Announce the set of both hardware and software supported
|
||||
* ciphers.
|
||||
*/
|
||||
dc->dc_cryptocaps = ic->ic_cryptocaps | ic->ic_sw_cryptocaps;
|
||||
dc->dc_htcaps = ic->ic_htcaps;
|
||||
dc->dc_vhtcaps = ic->ic_vht_cap.vht_cap_info;
|
||||
ci = &dc->dc_chaninfo;
|
||||
|
|
|
@ -551,13 +551,13 @@ struct ieee80211_regdomain_req {
|
|||
IEEE80211_REGDOMAIN_SIZE((_req)->chaninfo.ic_nchans)
|
||||
|
||||
/*
|
||||
* Get driver capabilities. Driver, hardware crypto, and
|
||||
* Get driver capabilities. Driver, hardware/software crypto, and
|
||||
* HT/802.11n capabilities, and a table that describes what
|
||||
* the radio can do.
|
||||
*/
|
||||
struct ieee80211_devcaps_req {
|
||||
uint32_t dc_drivercaps; /* general driver caps */
|
||||
uint32_t dc_cryptocaps; /* hardware crypto support */
|
||||
uint32_t dc_cryptocaps; /* software + hardware crypto support */
|
||||
uint32_t dc_htcaps; /* HT/802.11n support */
|
||||
uint32_t dc_vhtcaps; /* VHT/802.11ac capabilities */
|
||||
struct ieee80211req_chaninfo dc_chaninfo;
|
||||
|
|
|
@ -163,7 +163,9 @@ struct ieee80211com {
|
|||
uint32_t ic_caps; /* capabilities */
|
||||
uint32_t ic_htcaps; /* HT capabilities */
|
||||
uint32_t ic_htextcaps; /* HT extended capabilities */
|
||||
uint32_t ic_cryptocaps; /* crypto capabilities */
|
||||
/* driver-supported software crypto caps */
|
||||
uint32_t ic_sw_cryptocaps;
|
||||
uint32_t ic_cryptocaps; /* hardware crypto caps */
|
||||
/* set of mode capabilities */
|
||||
uint8_t ic_modecaps[IEEE80211_MODE_BYTES];
|
||||
uint8_t ic_promisc; /* vap's needing promisc mode */
|
||||
|
|
Loading…
Reference in a new issue