git: 28c5a37f07b3 - stable/14 - net80211; LinuxKPI 802.11: introduce IEEE80211_RX_F_ICV_STRIP

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bjoern A. Zeeb <bz_at_FreeBSD.org>
Date: Tue, 29 Apr 2025 11:41:40 UTC
The branch stable/14 has been updated by bz:

URL: https://cgit.FreeBSD.org/src/commit/?id=28c5a37f07b39ec7ff0e1be95d0b23db6f671fe6

commit 28c5a37f07b39ec7ff0e1be95d0b23db6f671fe6
Author:     Bjoern A. Zeeb <bz@FreeBSD.org>
AuthorDate: 2025-04-17 19:33:59 +0000
Commit:     Bjoern A. Zeeb <bz@FreeBSD.org>
CommitDate: 2025-04-29 10:49:28 +0000

    net80211; LinuxKPI 802.11: introduce IEEE80211_RX_F_ICV_STRIP
    
    For TKIP with iwlwifi we are seeing
    DECRYPTED | ICV_STRIPPED | MMIC_STRIPPED.
    
    In tkip_decap() we however unconditionally stripped the ICV which
    resulted in a short frame and Gtk handshake never finished.
    
    Add IEEE80211_RX_F_ICV_STRIP to net80211.  Add the extra check to the
    TKIP code.
    
    While there correct a comment and leave another about contiguous data
    assumptions.
    
    In LinuxKPI 802.11 translate the new flag and sort them into STRIP
    and FAIL while here.
    
    Sponsored by:   The FreeBSD Foundation
    Reviewed by:    adrian
    Differential Revision: https://reviews.freebsd.org/D49880
    
    (cherry picked from commit 731ff40069d28ddab206dee276fbbdf0f28a2124)
---
 sys/compat/linuxkpi/common/src/linux_80211.c | 10 ++++++----
 sys/net80211/_ieee80211.h                    |  1 +
 sys/net80211/ieee80211_crypto_tkip.c         |  9 +++++----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c b/sys/compat/linuxkpi/common/src/linux_80211.c
index 85c0945cb9d3..84241c2dd89f 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -6467,14 +6467,16 @@ lkpi_convert_rx_status(struct ieee80211_hw *hw, struct lkpi_sta *lsta,
 		if (rx_status->flag & RX_FLAG_PN_VALIDATED)
 			rx_stats->c_pktflags |= IEEE80211_RX_F_PN_VALIDATED;
 	}
+	if (rx_status->flag & RX_FLAG_IV_STRIPPED)
+		rx_stats->c_pktflags |= IEEE80211_RX_F_IV_STRIP;
+	if (rx_status->flag & RX_FLAG_ICV_STRIPPED)
+		rx_stats->c_pktflags |= IEEE80211_RX_F_ICV_STRIP;
+	if (rx_status->flag & RX_FLAG_MIC_STRIPPED)
+		rx_stats->c_pktflags |= IEEE80211_RX_F_MIC_STRIP;
 	if (rx_status->flag & RX_FLAG_MMIC_STRIPPED)
 		rx_stats->c_pktflags |= IEEE80211_RX_F_MMIC_STRIP;
 	if (rx_status->flag & RX_FLAG_MMIC_ERROR)
 		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_MMIC;
-	if (rx_status->flag & RX_FLAG_MIC_STRIPPED)
-		rx_stats->c_pktflags |= IEEE80211_RX_F_MIC_STRIP;
-	if (rx_status->flag & RX_FLAG_IV_STRIPPED)
-		rx_stats->c_pktflags |= IEEE80211_RX_F_IV_STRIP;
 	if (rx_status->flag & RX_FLAG_FAILED_FCS_CRC)
 		rx_stats->c_pktflags |= IEEE80211_RX_F_FAIL_FCSCRC;
 #endif
diff --git a/sys/net80211/_ieee80211.h b/sys/net80211/_ieee80211.h
index 798dde6fe08a..40e542e7372a 100644
--- a/sys/net80211/_ieee80211.h
+++ b/sys/net80211/_ieee80211.h
@@ -575,6 +575,7 @@ struct ieee80211_mimo_info {
 #define	IEEE80211_RX_F_VHT		0x00008000
 #define	IEEE80211_RX_F_PN_VALIDATED	0x00010000 /* Decrypted; PN validated */
 #define	IEEE80211_RX_F_MIC_STRIP	0x00020000 /* Decrypted; MIC stripped */
+#define	IEEE80211_RX_F_ICV_STRIP	0x00040000 /* Decrypted: ICV (ic_trailer) stripped */
 
 /* Channel width */
 #define	IEEE80211_RX_FW_20MHZ		1
diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c
index 4b5cf73e1065..ca474b504fff 100644
--- a/sys/net80211/ieee80211_crypto_tkip.c
+++ b/sys/net80211/ieee80211_crypto_tkip.c
@@ -361,16 +361,17 @@ finish:
 	 * are required to.
 	 */
 	if (! ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_IV_STRIP))) {
+		/* XXX this assumes the header + IV are contiguous in an mbuf. */
 		memmove(mtod(m, uint8_t *) + tkip.ic_header, mtod(m, void *),
 		    hdrlen);
 		m_adj(m, tkip.ic_header);
 	}
 
 	/*
-	 * XXX TODO: do we need an option to potentially not strip the
-	 * WEP trailer?  Does "MMIC_STRIP" also mean this? Or?
+	 * Strip the ICV if hardware has not done so already.
 	 */
-	m_adj(m, -tkip.ic_trailer);
+	if (rxs != NULL && (rxs->c_pktflags & IEEE80211_RX_F_ICV_STRIP) == 0)
+		m_adj(m, -tkip.ic_trailer);
 
 	return 1;
 }
@@ -403,7 +404,7 @@ tkip_demic(struct ieee80211_key *k, struct mbuf *m, int force)
 	}
 
 	/*
-	 * If IV has been stripped, we skip most of the below.
+	 * If MMIC has been stripped, we skip most of the below.
 	 */
 	if ((rxs != NULL) && (rxs->c_pktflags & IEEE80211_RX_F_MMIC_STRIP))
 		goto finish;