From nobody Fri Apr 04 03:24:24 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTP951T0Pz5rSvX; Fri, 04 Apr 2025 03:24:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTP950QFSz3lC4; Fri, 04 Apr 2025 03:24:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1743737065; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BFI5ooCVuEnr2Qs2kd4PNQMAs+1UvA3Msj61Zz6rHI4=; b=sJ9XVrMUlt0Ttz05rFXgEGxroJGrGMPl6oEgiUZkCCfWayH0luGsUiUYHJkvectQuuoeTI 8pMSlE0qWsMZhC+ANL8dnSGKzxiWVL1ePr+DEpzxNduN9qqFVvYCWMqa4gakCsZ2PskZ8V hJVIl+PFpGw+7y0lgFsor9Jsk7M6d57Kp+taulaqMNebFfVUJY52SbB8uDhOs0SNjLgZfl pZ6huRS3pBOMAgMxJtdSKYgd/hXrt6RMQkeLTwJ2evlZYhqj5yae8NaL7mYkgi0ryVhGa+ lE2WGfv8OGO8U7n1Nx9UIGbfo/YCzkIgq8A26VogEVYEZpz/HiKVvlcaET0TSw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743737065; a=rsa-sha256; cv=none; b=WCLfTzGxoj4F7hD9giB5Qa7pbVrKRU3+4vICSXJP6kygOVsVrpOfKECFcO/P3N+c1+BJ7H SJ1o9HiBOBNTym5GPmlYtx/NjLUhIzHxmiJZLqIV/wXDn9YozU+2phlzMUEmDLtCIu21/E bad3fVFTBtTNkhZumTahhgZI8cTBEmIgqSFmuZLFe3Ar0e3inuJKb7xOyHD1n1FgO3+q/T 4xLK+fpBBkF+b5YcSKQU6COvXofxhpRfoG2jsOzjdMMJNmJ1at5iuXn987XAAWAOgNl2gr z1xKGWxhBPQkhdc3roPreBHzSrWRNcQ8NNx8n8D2RbqpbZwYcZqaVG3118B7xg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1743737065; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=BFI5ooCVuEnr2Qs2kd4PNQMAs+1UvA3Msj61Zz6rHI4=; b=Ur5Bq2QTJjc/C0s0bgtV/IW37SrdN8GkTe6eY5rvJC8hI4lqihr+6aCvAZcL+3HeBTh1k/ 735jyCgIOQouub2qs7tKYfkfJkhDCWauMxs3OMgq57zeoWsuyV63lCuOgphtBzv+mpSeRk 44Vdho/dOnVCG+QoBfHRXVxRkweaaA/Pjp5kuzo6KZngsNKmxkepjSti1OmJYu6TMO+ppn acCiNwyQC+GCn9CtwQ6llMWMcXME7F74cDinc9NlTdTKLhSGhTQSsQm5wipNV7kQBMtpHk hH8UEDevJrqLr2nKDm0MjHh3cnxgQky0/4R6pc0+aNJsFMhYjgaTCA7Xe+3SSw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTP946fh4zTZn; Fri, 04 Apr 2025 03:24:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5343OOKD020589; Fri, 4 Apr 2025 03:24:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5343OOeP020586; Fri, 4 Apr 2025 03:24:24 GMT (envelope-from git) Date: Fri, 4 Apr 2025 03:24:24 GMT Message-Id: <202504040324.5343OOeP020586@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 08fd0689d06f - main - net80211: document the crypto enmic/demic functions. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 08fd0689d06fb8587f7d37d8a39647992456b3fd Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=08fd0689d06fb8587f7d37d8a39647992456b3fd commit 08fd0689d06fb8587f7d37d8a39647992456b3fd Author: Adrian Chadd AuthorDate: 2025-03-16 18:13:01 +0000 Commit: Adrian Chadd CommitDate: 2025-04-04 03:23:10 +0000 net80211: document the crypto enmic/demic functions. These functions implement what's needed for TKIP Michael MIC - which is performed over the entire unencrypted MSDU. Each potential fragmented MPDU is encrypted and has its own ICV/MIC. CCMP/GCMP encrypts each MPDU separately (including the MPDUs that make up an A-MPDU), so they'll implement null functions here and instead do the MIC/ICV insertion inline in the crypto functions themselves. Hopefully this makes it a bit clearer on how things should behave, and will help figure out and clean up what further hardware offload features we need. Differential Revision: https://reviews.freebsd.org/D49392 Reviewed by: bz --- sys/net80211/ieee80211_crypto.c | 18 ++++++++++++++++-- sys/net80211/ieee80211_crypto.h | 25 +++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 600d69d6043b..744d69ce3d1d 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -774,8 +774,22 @@ ieee80211_crypto_decap(struct ieee80211_node *ni, struct mbuf *m, int hdrlen, #undef IEEE80211_WEP_HDRLEN } -/* - * Check and remove any MIC. +/** + * @brief Check and remove any post-defragmentation MIC from an MSDU. + * + * This is called after defragmentation. Crypto types that implement + * a MIC/ICV check per MSDU will not implement this function. + * + * As an example, TKIP decapsulation covers both MIC/ICV checks per + * MPDU (the "WEP" ICV) and then a Michael MIC verification on the + * defragmented MSDU. Please see 802.11-2020 12.5.2.1.3 (TKIP decapsulation) + * for more information. + * + * @param vap the current VAP + * @param k the current key + * @param m the mbuf representing the MSDU + * @param f set to 1 to force a MSDU MIC check, even if HW decrypted + * @returns 0 if error / MIC check failed, 1 if OK */ int ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k, diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h index a830d89c6dc8..fa0d3fc3272a 100644 --- a/sys/net80211/ieee80211_crypto.h +++ b/sys/net80211/ieee80211_crypto.h @@ -216,6 +216,11 @@ struct ieee80211_cipher { void (*ic_setiv)(struct ieee80211_key *, uint8_t *); int (*ic_encap)(struct ieee80211_key *, struct mbuf *); int (*ic_decap)(struct ieee80211_key *, struct mbuf *, int); + /* + * ic_enmic() and ic_demic() are currently only used by TKIP. + * Please see ieee80211_crypto_enmic() and ieee80211_crypto_demic() + * for more information. + */ int (*ic_enmic)(struct ieee80211_key *, struct mbuf *, int); int (*ic_demic)(struct ieee80211_key *, struct mbuf *, int); }; @@ -240,8 +245,24 @@ int ieee80211_crypto_decap(struct ieee80211_node *, struct mbuf *, int, struct ieee80211_key **); int ieee80211_crypto_demic(struct ieee80211vap *vap, struct ieee80211_key *k, struct mbuf *, int); -/* - * Add any MIC. +/** + * @brief Add any pre-fragmentation MIC to an MSDU. + * + * This is called before 802.11 fragmentation. Crypto types that implement + * a MIC/ICV check per MSDU will not implement this function. + * + * As an example, TKIP implements a Michael MIC check over the entire + * unencrypted MSDU before fragmenting it into MPDUs and passing each + * MPDU to be separately encrypted with their own MIC/ICV. + * + * Please see 802.11-2020 12.5.2.1.2 (TKIP cryptographic encapsulation) + * for more information. + * + * @param vap the current VAP + * @param k the current key + * @param m the mbuf representing the MSDU + * @param f set to 1 to force a MSDU MIC check, even if HW encrypted + * @returns 0 if error / MIC encap failed, 1 if OK */ static __inline int ieee80211_crypto_enmic(struct ieee80211vap *vap,