diff options
| author | Stefan Sperling <stsp@cvs.openbsd.org> | 2020-06-19 11:12:47 +0000 |
|---|---|---|
| committer | Stefan Sperling <stsp@cvs.openbsd.org> | 2020-06-19 11:12:47 +0000 |
| commit | 8d27665236e337950ab5ab94c78d3541330b705e (patch) | |
| tree | 20fa175ca00bd037c200e073eae3cba0439d5967 /sys/dev/pci/if_iwxreg.h | |
| parent | baa2d8d2d384d0c9d433a5f25c2c4c7f8d304eab (diff) | |
Add WPA2 (CCMP) crypto offload support to iwx(4).
Much thanks to Sara Sharon who helped me by providing hints about new
firmware behaviour.
Contrary to older iwn(4) and iwm(4) devices, key material is no longer part
of the Tx command. Instead, firmware will encrypt outgoing traffic as soon
as the station associated with a Tx queue has an encryption key configured.
Each Tx queue is created with an associated station ID (which in our case is
a constant and represents the AP) and a traffic identifier (TID). The driver
was configuring data Tx queues with the "management TID". This magic TID value
bypasses hardware encryption and resulted in plaintext frames being sent while
received frames were decrypted as expected since the station had a key.
This behaviour looked rather strange and was difficult for me to debug.
The clues which Sara provided led to the solution:
iwx(4) must configure data Tx queues with the "non-QOS TID" in order to
allow for encryption in the firmware's data Tx path.
The rest of the offload mechanism works as it did on iwn(4) and iwm(4).
Tested by sven falempin and myself.
Diffstat (limited to 'sys/dev/pci/if_iwxreg.h')
| -rw-r--r-- | sys/dev/pci/if_iwxreg.h | 46 |
1 files changed, 34 insertions, 12 deletions
diff --git a/sys/dev/pci/if_iwxreg.h b/sys/dev/pci/if_iwxreg.h index f132fc7deb8..1454092b006 100644 --- a/sys/dev/pci/if_iwxreg.h +++ b/sys/dev/pci/if_iwxreg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_iwxreg.h,v 1.10 2020/06/17 08:18:21 stsp Exp $ */ +/* $OpenBSD: if_iwxreg.h,v 1.11 2020/06/19 11:12:46 stsp Exp $ */ /*- * Based on BSD-licensed source modules in the Linux iwlwifi driver, @@ -6023,7 +6023,7 @@ struct iwx_umac_scan_iter_complete_notif { * @IWX_STA_KEY_FLG_KEYID_MSK: the index of the key * @IWX_STA_KEY_NOT_VALID: key is invalid * @IWX_STA_KEY_FLG_WEP_13BYTES: set for 13 bytes WEP key - * @IWX_STA_KEY_MULTICAST: set for multical key + * @IWX_STA_KEY_MULTICAST: set for multicast key * @IWX_STA_KEY_MFP: key is used for Management Frame Protection */ #define IWX_STA_KEY_FLG_NO_ENC (0 << 0) @@ -6217,28 +6217,49 @@ struct iwx_add_sta_cmd { #define IWX_STA_AUX_ACTIVITY 4 /** - * struct iwx_add_sta_key_cmd - add/modify sta key - * ( IWX_REPLY_ADD_STA_KEY = 0x17 ) + * struct iwx_add_sta_key_common - add/modify sta key common part + * ( REPLY_ADD_STA_KEY = 0x17 ) * @sta_id: index of station in uCode's station table * @key_offset: key offset in key storage - * @key_flags: type %iwx_sta_key_flag + * @key_flags: IWX_STA_KEY_FLG_* * @key: key material data - * @key2: key material data * @rx_secur_seq_cnt: RX security sequence counter for the key - * @tkip_rx_tsc_byte2: TSC[2] for key mix ph1 detection - * @tkip_rx_ttak: 10-byte unicast TKIP TTAK for Rx */ -struct iwx_add_sta_key_cmd { +struct iwx_add_sta_key_common { uint8_t sta_id; uint8_t key_offset; uint16_t key_flags; - uint8_t key[16]; - uint8_t key2[16]; + uint8_t key[32]; uint8_t rx_secur_seq_cnt[16]; +} __packed; + +/** + * struct iwx_add_sta_key_cmd_v1 - add/modify sta key + * @common: see &struct iwx_add_sta_key_common + * @tkip_rx_tsc_byte2: TSC[2] for key mix ph1 detection + * @reserved: reserved + * @tkip_rx_ttak: 10-byte unicast TKIP TTAK for Rx + */ +struct iwx_add_sta_key_cmd_v1 { + struct iwx_add_sta_key_common common; uint8_t tkip_rx_tsc_byte2; uint8_t reserved; uint16_t tkip_rx_ttak[5]; -} __packed; /* IWX_ADD_MODIFY_STA_KEY_API_S_VER_1 */ +} __packed; /* ADD_MODIFY_STA_KEY_API_S_VER_1 */ + +/** + * struct iwx_add_sta_key_cmd - add/modify sta key + * @common: see &struct iwx_add_sta_key_common + * @rx_mic_key: TKIP RX unicast or multicast key + * @tx_mic_key: TKIP TX key + * @transmit_seq_cnt: TSC, transmit packet number + */ +struct iwx_add_sta_key_cmd { + struct iwx_add_sta_key_common common; + uint64_t rx_mic_key; + uint64_t tx_mic_key; + uint64_t transmit_seq_cnt; +} __packed; /* ADD_MODIFY_STA_KEY_API_S_VER_2 */ /** * status in the response to ADD_STA command @@ -6579,6 +6600,7 @@ struct iwx_rx_packet { #define IWX_FH_RSCSR_FRAME_INVALID 0x55550000 #define IWX_FH_RSCSR_FRAME_ALIGN 0x40 #define IWX_FH_RSCSR_RPA_EN (1 << 25) +#define IWX_FH_RSCSR_RADA_EN (1 << 26) #define IWX_FH_RSCSR_RXQ_POS 16 #define IWX_FH_RSCSR_RXQ_MASK 0x3F0000 |