git: a653fd5560cf - main - net80211: create IEEE80211_KEYBUF_128_SIZE / IEEE80211_MICBUF_128_SIZE
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 09 Jun 2026 04:26:51 UTC
The branch main has been updated by adrian:
URL: https://cgit.FreeBSD.org/src/commit/?id=a653fd5560cfdd68f634cca7352c56f2cf7e1473
commit a653fd5560cfdd68f634cca7352c56f2cf7e1473
Author: Adrian Chadd <adrian@FreeBSD.org>
AuthorDate: 2026-06-09 04:26:07 +0000
Commit: Adrian Chadd <adrian@FreeBSD.org>
CommitDate: 2026-06-09 04:26:07 +0000
net80211: create IEEE80211_KEYBUF_128_SIZE / IEEE80211_MICBUF_128_SIZE
The IEEE80211_KEYBUF_SIZE and IEEE80211_MICBUF_SIZE are sprinkled
throughout the net80211 stack, ioctl API and drivers. This makes it
challenging to (eventually) up IEEE80211_KEYBUF_SIZE to support 256 /
384 bit encryption as, well, it'll break every single driver and the
ioctl API in doing so.
So as part of this, let's start to separate out the current key/mic
buffer size from what drivers and the ioctl layer are using.
Drivers especially shouldn't be using these definitions as their
key sizes are hardware / firmware API limits, not net80211 limits.
Ideally drivers would define their own key buffer / mic buffer
sizes and only copy in keys up to that length (and fail keys
that are too large) but the current net80211 API isn't there yet.
This doesn't yet change what defines / buffer sizes are used in the
ioctl layer. I'm going to plan out some subsequent work to
separate out those defines and ioctl APIs so they maintain using
the 128 bit key/mic buffer sizes and will copy them in/out of any
larger net80211 key buffer size in the future.
Differential Revision: https://reviews.freebsd.org/D54593
---
sys/dev/ipw/if_ipwreg.h | 2 +-
sys/dev/iwi/if_iwireg.h | 4 ++--
sys/dev/malo/if_malo.h | 6 +++---
sys/dev/mwl/if_mwl.c | 4 ++--
sys/dev/ral/rt2560reg.h | 4 ++--
sys/dev/usb/wlan/if_rsureg.h | 4 ++--
sys/dev/usb/wlan/if_rum.c | 4 ++--
sys/dev/usb/wlan/if_rumreg.h | 2 +-
sys/dev/wpi/if_wpireg.h | 4 ++--
sys/net80211/ieee80211_crypto.h | 20 ++++++++++++++++++--
sys/net80211/ieee80211_crypto_wep.c | 4 ++--
11 files changed, 37 insertions(+), 21 deletions(-)
diff --git a/sys/dev/ipw/if_ipwreg.h b/sys/dev/ipw/if_ipwreg.h
index 05f5939ac597..acb310f22138 100644
--- a/sys/dev/ipw/if_ipwreg.h
+++ b/sys/dev/ipw/if_ipwreg.h
@@ -168,7 +168,7 @@ struct ipw_hdr {
uint8_t encrypt;
uint8_t keyidx;
uint8_t keysz;
- uint8_t key[IEEE80211_KEYBUF_SIZE];
+ uint8_t key[IEEE80211_KEYBUF_128_SIZE]; /* XXX should be HW specific */
uint8_t reserved[10];
uint8_t src_addr[IEEE80211_ADDR_LEN];
uint8_t dst_addr[IEEE80211_ADDR_LEN];
diff --git a/sys/dev/iwi/if_iwireg.h b/sys/dev/iwi/if_iwireg.h
index dd6bb91bfecd..b34867677d12 100644
--- a/sys/dev/iwi/if_iwireg.h
+++ b/sys/dev/iwi/if_iwireg.h
@@ -341,7 +341,7 @@ struct iwi_tx_desc {
#define IWI_DATA_XFLAG_QOS 0x10
uint8_t wep_txkey;
- uint8_t wepkey[IEEE80211_KEYBUF_SIZE];
+ uint8_t wepkey[IEEE80211_KEYBUF_128_SIZE]; /* XXX hardware specific */
uint8_t rate;
uint8_t antenna;
uint8_t reserved3[10];
@@ -530,7 +530,7 @@ struct iwi_wep_key {
uint8_t seq;
uint8_t idx;
uint8_t len;
- uint8_t key[IEEE80211_KEYBUF_SIZE];
+ uint8_t key[IEEE80211_KEYBUF_128_SIZE]; /* XXX hardware specific */
} __packed;
/* structure for command IWI_CMD_SET_WME_PARAMS */
diff --git a/sys/dev/malo/if_malo.h b/sys/dev/malo/if_malo.h
index 05c5bc90c467..008068c99524 100644
--- a/sys/dev/malo/if_malo.h
+++ b/sys/dev/malo/if_malo.h
@@ -332,9 +332,9 @@ struct malo_cmd_wepkey {
uint8_t len;
uint8_t flags;
uint16_t index;
- uint8_t value[IEEE80211_KEYBUF_SIZE];
- uint8_t txmickey[IEEE80211_WEP_MICLEN];
- uint8_t rxmickey[IEEE80211_WEP_MICLEN];
+ uint8_t value[IEEE80211_KEYBUF_128_SIZE]; /* XXX hardware */
+ uint8_t txmickey[IEEE80211_WEP_MICLEN]; /* XXX hardware */
+ uint8_t rxmickey[IEEE80211_WEP_MICLEN]; /* XXX hardware */
uint64_t rxseqctr;
uint64_t txseqctr;
} __packed;
diff --git a/sys/dev/mwl/if_mwl.c b/sys/dev/mwl/if_mwl.c
index b7f85e65cfd9..87e2679778db 100644
--- a/sys/dev/mwl/if_mwl.c
+++ b/sys/dev/mwl/if_mwl.c
@@ -1661,10 +1661,10 @@ _mwl_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k,
/* Copy in TKIP MIC after the 16 byte main key */
memcpy(hk.key.aes, ieee80211_crypto_get_key_data(k),
ieee80211_crypto_get_key_len(k));
- memcpy(hk.key.aes + IEEE80211_KEYBUF_SIZE,
+ memcpy(hk.key.aes + IEEE80211_KEYBUF_128_SIZE,
ieee80211_crypto_get_key_txmic_data(k),
8);
- memcpy(hk.key.aes + IEEE80211_KEYBUF_SIZE + 8,
+ memcpy(hk.key.aes + IEEE80211_KEYBUF_128_SIZE + 8,
ieee80211_crypto_get_key_rxmic_data(k),
8);
break;
diff --git a/sys/dev/ral/rt2560reg.h b/sys/dev/ral/rt2560reg.h
index af95a7626b62..86d6a568dad1 100644
--- a/sys/dev/ral/rt2560reg.h
+++ b/sys/dev/ral/rt2560reg.h
@@ -224,7 +224,7 @@ struct rt2560_tx_desc {
uint8_t plcp_length_hi;
uint32_t iv;
uint32_t eiv;
- uint8_t key[IEEE80211_KEYBUF_SIZE];
+ uint8_t key[IEEE80211_KEYBUF_128_SIZE]; /* XXX hardware */
uint32_t reserved2[2];
} __packed;
@@ -251,7 +251,7 @@ struct rt2560_rx_desc {
uint8_t ta[IEEE80211_ADDR_LEN];
uint32_t iv;
uint32_t eiv;
- uint8_t key[IEEE80211_KEYBUF_SIZE];
+ uint8_t key[IEEE80211_KEYBUF_128_SIZE]; /* XXX hardware */
uint32_t reserved[2];
} __packed;
diff --git a/sys/dev/usb/wlan/if_rsureg.h b/sys/dev/usb/wlan/if_rsureg.h
index e2074e1dd2ad..7ac194e6f142 100644
--- a/sys/dev/usb/wlan/if_rsureg.h
+++ b/sys/dev/usb/wlan/if_rsureg.h
@@ -478,14 +478,14 @@ struct r92s_fw_cmd_set_key {
uint8_t cam_id;
uint8_t grpkey;
- uint8_t key[IEEE80211_KEYBUF_SIZE];
+ uint8_t key[IEEE80211_KEYBUF_128_SIZE]; /* XXX firmware */
} __packed;
/* Structure for R92S_CMD_SET_STA_KEY. */
struct r92s_fw_cmd_set_key_mac {
uint8_t macaddr[IEEE80211_ADDR_LEN];
uint8_t algo;
- uint8_t key[IEEE80211_KEYBUF_SIZE];
+ uint8_t key[IEEE80211_KEYBUF_128_SIZE]; /* XXX firmware */
} __packed;
/* Structures for R92S_EVENT_SURVEY/R92S_CMD_JOIN_BSS. */
diff --git a/sys/dev/usb/wlan/if_rum.c b/sys/dev/usb/wlan/if_rum.c
index 4a4a150146a1..4683267bda25 100644
--- a/sys/dev/usb/wlan/if_rum.c
+++ b/sys/dev/usb/wlan/if_rum.c
@@ -2867,10 +2867,10 @@ rum_common_key_set(struct rum_softc *sc, struct ieee80211_key *k,
return EIO;
if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
- if (rum_write_multi(sc, base + IEEE80211_KEYBUF_SIZE,
+ if (rum_write_multi(sc, base + IEEE80211_KEYBUF_128_SIZE,
ieee80211_crypto_get_key_txmic_data(k), 8))
return EIO;
- if (rum_write_multi(sc, base + IEEE80211_KEYBUF_SIZE + 8,
+ if (rum_write_multi(sc, base + IEEE80211_KEYBUF_128_SIZE + 8,
ieee80211_crypto_get_key_rxmic_data(k), 8))
return EIO;
}
diff --git a/sys/dev/usb/wlan/if_rumreg.h b/sys/dev/usb/wlan/if_rumreg.h
index 348a57582859..cc364e95590c 100644
--- a/sys/dev/usb/wlan/if_rumreg.h
+++ b/sys/dev/usb/wlan/if_rumreg.h
@@ -45,7 +45,7 @@
/*
* H/w encryption/decryption support
*/
-#define KEY_SIZE (IEEE80211_KEYBUF_SIZE + IEEE80211_MICBUF_SIZE)
+#define KEY_SIZE (IEEE80211_KEYBUF_128_SIZE + IEEE80211_MICBUF_128_SIZE)
#define RT2573_ADDR_MAX 64
#define RT2573_SKEY_MAX 4
diff --git a/sys/dev/wpi/if_wpireg.h b/sys/dev/wpi/if_wpireg.h
index 84d25bbeb953..4c6af326329d 100644
--- a/sys/dev/wpi/if_wpireg.h
+++ b/sys/dev/wpi/if_wpireg.h
@@ -466,7 +466,7 @@ struct wpi_node_info {
uint8_t reserved4;
uint16_t ttak[5];
uint16_t reserved5;
- uint8_t key[IEEE80211_KEYBUF_SIZE];
+ uint8_t key[IEEE80211_KEYBUF_128_SIZE]; /* XXX firmware */
uint32_t action;
#define WPI_ACTION_SET_RATE (1 << 2)
@@ -514,7 +514,7 @@ struct wpi_cmd_data {
#define WPI_CIPHER_TKIP 3
#define WPI_CIPHER_WEP104 9
- uint8_t key[IEEE80211_KEYBUF_SIZE];
+ uint8_t key[IEEE80211_KEYBUF_128_SIZE]; /* XXX firmware */
uint8_t tkip[IEEE80211_WEP_MICLEN];
uint32_t fnext;
#define WPI_NEXT_STA_ID(id) ((id) << 8)
diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h
index 48115da586b5..824983ae4d2d 100644
--- a/sys/net80211/ieee80211_crypto.h
+++ b/sys/net80211/ieee80211_crypto.h
@@ -31,8 +31,24 @@
/*
* 802.11 protocol crypto-related definitions.
*/
-#define IEEE80211_KEYBUF_SIZE 16
-#define IEEE80211_MICBUF_SIZE (8+8) /* space for both tx+rx keys */
+
+/*
+ * Legacy 128 bit key size storage for WEP, TKIP, CCMP key sizes.
+ * This has been used to store keys in net80211 for various things
+ * (eg the rc4key in WEP) as well as driver definitions for their
+ * own hardware programming.
+ *
+ * This should eventually be used by the ioctl and drivers instead of
+ * IEEE80211_KEYBUF_SIZE as the key size will eventually grow.
+ */
+#define IEEE80211_KEYBUF_128_SIZE 16
+#define IEEE80211_MICBUF_128_SIZE (8+8) /* space for both tx+rx keys */
+
+/*
+ * Temporary definition whilst I clean up where this is still being used.
+ */
+#define IEEE80211_KEYBUF_SIZE IEEE80211_KEYBUF_128_SIZE
+#define IEEE80211_MICBUF_SIZE IEEE80211_MICBUF_128_SIZE
/*
* Old WEP-style key. Deprecated.
diff --git a/sys/net80211/ieee80211_crypto_wep.c b/sys/net80211/ieee80211_crypto_wep.c
index e1b261a0be6f..cf947e559a4f 100644
--- a/sys/net80211/ieee80211_crypto_wep.c
+++ b/sys/net80211/ieee80211_crypto_wep.c
@@ -348,7 +348,7 @@ wep_encrypt(struct ieee80211_key *key, struct mbuf *m0, int hdrlen)
struct wep_ctx *ctx = key->wk_private;
struct ieee80211vap *vap = ctx->wc_vap;
struct mbuf *m = m0;
- uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE];
+ uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_128_SIZE];
uint8_t icv[IEEE80211_WEP_CRCLEN];
uint32_t i, j, k, crc;
size_t buflen, data_len;
@@ -431,7 +431,7 @@ wep_decrypt(struct ieee80211_key *key, struct mbuf *m0, int hdrlen)
struct wep_ctx *ctx = key->wk_private;
struct ieee80211vap *vap = ctx->wc_vap;
struct mbuf *m = m0;
- uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE];
+ uint8_t rc4key[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_128_SIZE];
uint8_t icv[IEEE80211_WEP_CRCLEN];
uint32_t i, j, k, crc;
size_t buflen, data_len;