From nobody Tue Apr 08 01:35:29 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZWpYZ04rtz5sWhl;
	Tue, 08 Apr 2025 01:35:30 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZWpYY60Bwz3PR4;
	Tue, 08 Apr 2025 01:35:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1744076129;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8GbHGQyhAgruM9Pt7YwWFZ1iSITg/QkfyyqsthFZvH4=;
	b=k/O6FFfrDNdXJQn2aHs3f8gOWFcSVuqurDWTb9XZrPGglOLQrLWkGhEMqMrSIhkAfJrWnX
	5cIRqNlLWcVgG76uyZgF8qiDPzA9G+DaCDOK0lEjlCD+7viNJwrYN3fWKNnCc7CgCqnC6D
	qDqae29do+3HYPaf03q1oJm7s/QV/kBH6bEA21RFqoT1OT+NLr+HWTfvdPR171ZK9UQYiy
	gb/9tHfyTxQa/RSJxmzLwGIuTe7fRcPutfx2aHswTzpSaGJFXUtMhGW8pcsX9ms4JYbbP7
	1ogTSfX47H7YGo7RgGQbXT+7ywnNVXCVd5ppgy5vjC8FjoMfGKGZpr8J1OiXrw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1744076129; a=rsa-sha256; cv=none;
	b=P1mFwhU5VgoMuDHhk3ml9OUBe+VVodaexgkNJ+jAD5hnFiVvKa3LZ41NTGBsl8QoOWe7Ov
	y8Uf1/0Q56EKP65L2Y3d5JnpoOKTGLVVEa8xxDR6CPc3aJNl+Ipc7BybJenvvpvg1hGLMp
	KHKqClgtc2aMtXUp0PexDVVvpUmapp1J8W7TJkViZMOSHPybPGukcyDTUE9MzVChLNUtc5
	kiMBUTg+Y0xci8DN400iPCt3O7qyuwxtDegLHF42nOr42EaP202MLTa365YDND7ZosbmQy
	eWWXNk4fuZxm3CrPqLP3/UEKP5vDuamp/nJg2aInFp3qTQ+a9kEMGTTO9nPV/A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1744076129;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=8GbHGQyhAgruM9Pt7YwWFZ1iSITg/QkfyyqsthFZvH4=;
	b=jIzocfpnFrmw1etXyuZLah79cZTSQB0n9+OEm3Ns7l64MVl7NV11gruqbMd+K/0TigPeVq
	ICA1bb+nogSOq9dGXCoZkmX4JnxvQ5JP1svHr9jUMmbODzJPbyMxqNbimUX+cCuuyzw9Qp
	811TMSx+XufTQBbOSIDaLRXXWDx8N5gOmj7fd7ztgVl+80qwE4JdVow+jbNQu/Edanlsoz
	YIWPogHubP5C/T1UDsx5YpnoA7fp85ki4nXOmXcLFgd+t/fRoD+xKY6KoMOp1tax2YP5Fq
	exP5P6hOV3vLocfbvnx4pVQakVxm+fA9plOPN74H0Py0Vbw5YAw4NarAyN3/4w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZWpYY5Zj7z19jT;
	Tue, 08 Apr 2025 01:35:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5381ZTCl071309;
	Tue, 8 Apr 2025 01:35:29 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5381ZTPl071306;
	Tue, 8 Apr 2025 01:35:29 GMT
	(envelope-from git)
Date: Tue, 8 Apr 2025 01:35:29 GMT
Message-Id: <202504080135.5381ZTPl071306@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Adrian Chadd <adrian@FreeBSD.org>
Subject: git: 1751bf9e58dd - main - net80211: fail setting a key
  if the cipher isn't HW/SW supported
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: adrian
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1751bf9e58ddc41f3cde013ebe7cc6bcfc17eb56
Auto-Submitted: auto-generated

The branch main has been updated by adrian:

URL: https://cgit.FreeBSD.org/src/commit/?id=1751bf9e58ddc41f3cde013ebe7cc6bcfc17eb56

commit 1751bf9e58ddc41f3cde013ebe7cc6bcfc17eb56
Author:     Adrian Chadd <adrian@FreeBSD.org>
AuthorDate: 2025-03-17 03:16:06 +0000
Commit:     Adrian Chadd <adrian@FreeBSD.org>
CommitDate: 2025-04-08 01:35:22 +0000

    net80211: fail setting a key if the cipher isn't HW/SW supported
    
    The key alloc path was checking if the key was supported in hardware
    but treated /all/ keys as supported in software.  As I discovered
    during my ath10k port, not all NICs that support ciphers in hardware
    support enough of an 802.11 frame transmit/receive path to actually
    handle software encryption.
    
    So, do a second check after the hardware encryption check to see
    if it's in the software list and hard fail it if it isn't in there.
    
    Otherwise a fun failure mode occurs - the frames are marked as
    protected, but since there's no GCMP support setup/enabled, they
    just get marked as "protected" but they don't go through the
    encryption path, and the receiver dutifully tosses them as invalid.
    
    I've verified this by trying to use GCMP in wpa_supplicant with
    a NIC that doesn't announce GCMP HW/SW encryption, and now it actually
    fails.
    
    Differential Revision:  https://reviews.freebsd.org/D49393
    Reviewed by:    bz
---
 sys/net80211/ieee80211_crypto.c | 15 +++++++++++++++
 sys/net80211/ieee80211_ioctl.h  |  1 +
 2 files changed, 16 insertions(+)

diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index 84cf1d02e408..6b636da9fa2c 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c
@@ -397,6 +397,21 @@ ieee80211_crypto_newkey(struct ieee80211vap *vap,
 		    __func__, cip->ic_name);
 		flags |= IEEE80211_KEY_SWCRYPT;
 	}
+	/*
+	 * Check if the software cipher is available; if not then
+	 * fail it early.
+	 *
+	 * Some devices do not support all ciphers in software
+	 * (for example they don't support a "raw" data path.)
+	 */
+	if ((flags & IEEE80211_KEY_SWCRYPT) &&
+	    (ic->ic_sw_cryptocaps & (1<<cipher)) == 0) {
+		IEEE80211_DPRINTF(vap, IEEE80211_MSG_CRYPTO,
+		    "%s: no s/w support for cipher %s, rejecting\n",
+		    __func__, cip->ic_name);
+		vap->iv_stats.is_crypto_swcipherfail++;
+		return (0);
+	}
 	/*
 	 * Hardware TKIP with software MIC is an important
 	 * combination; we handle it by flagging each key,
diff --git a/sys/net80211/ieee80211_ioctl.h b/sys/net80211/ieee80211_ioctl.h
index 6064f586c923..d542d75312b9 100644
--- a/sys/net80211/ieee80211_ioctl.h
+++ b/sys/net80211/ieee80211_ioctl.h
@@ -259,6 +259,7 @@ struct ieee80211_stats {
 	uint32_t	is_rx_gcmpmic;		/* rx MIC check failed (GCMP) */
 	uint32_t	is_crypto_gcmp_nomem;	/* gcmp crypto failed; no mem */
 	uint32_t	is_crypto_gcmp_nospc;	/* gcmp crypto failed; no mbuf space */
+	uint32_t	is_crypto_swcipherfail;	/* no support for SW cipher */
 
 	uint32_t	is_spare[5];
 };