net80211: extend the crypto encap/decap API to include the node
Needs RevisionPublic
Actions

Authored by adrian on Oct 4 2024, 1:03 AM.

Details

Reviewers

Group Reviewers

Summary

This is needed for at least MFP handling in CCMP. The nonce
field has a bit to set if MFP is enabled and the frame is a
management frame.

Without this, any MFP management frame (with the rest of the MFP stack,
of course) being encapsulated and sent will fail encryption, and
received frames will fail decryption.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 59701
Build 56587: arc lint + arc unit

Event Timeline

adrian created this revision.Oct 4 2024, 1:03 AM

Herald added subscribers: glebius, melifaro, imp. · View Herald TranscriptOct 4 2024, 1:03 AM

adrian requested review of this revision.Oct 4 2024, 1:03 AM

Harbormaster completed remote builds in B59700: Diff 144181.Oct 4 2024, 1:03 AM

update w/ url

Harbormaster completed remote builds in B59701: Diff 144182.Oct 4 2024, 1:04 AM

adrian added a parent revision: D46668: net80211: add initial support for extending the global key array to include IGTK keys.Oct 4 2024, 1:04 AM

adrian added a reviewer: wireless.

adrian added a project: wireless.

bz requested changes to this revision.Oct 4 2024, 9:35 PM

bz added a subscriber: bz.

bz added inline comments.

sys/dev/usb/wlan/if_rum.c
1515	side note (this is okay for now): I really wonder if this could be expressed differently to not expose this anymore to the drivers. But I'll see.
sys/net80211/ieee80211_crypto.h
235	Unrelated and duplicate line (same is below).
sys/net80211/ieee80211_crypto_ccmp.c
350	The entire change in this function is a separate "implement ..." but nothing to do with "extend ... to include node". Especially given all the callers just pass in a hard coded false for now. So could be removed from them as well. I think it would be nice to have the KPI breaking change by itself.