From nobody Mon Jul 15 18:46:37 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WNB4Y4Vcpz5RS69; Mon, 15 Jul 2024 18:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WNB4Y3wkTz4QTf; Mon, 15 Jul 2024 18:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1721069197; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U/19X+NuUI1oqMaMf64+Lx6v/8WPFbM87CDXMhgX5aY=; b=RAAJh1AQaTjRW0O/qKyXF0SPMDpXJY/dzZSg+earqgWJWoqXpX1ikURFMUHsIEWXcso+HI D+eaJVk/CNAgbWumg+hdFSlaPeIl6DSHsltxKTUFEy/h9PN7ebdlw6PWBnSNyaMCLRBcto rftBWfvZS+DoXSqxJyJ4X8G2WdapwY68EXROBpIoXKWHFM0DaHbH+ouD8M8b3HQPrqHXYG uByq5BHkP+U2ZtqwUI6QyPeYJXLSad31aSV8VcAj4mxKsAE4IVZdjmFbx1jwXFp+0odfll 1R0kwNtBKo3oBmXORPEQhSpQfFpafnBxoJOtRNUXLJHP3wKMkhWiAaVpzx+kcQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1721069197; a=rsa-sha256; cv=none; b=p3jzZYncYIdymlgy5iHKTI/6Zmy8MsIm5ZnKUFcJYZmsRjVS+GttDD/yAqLTTux7mPNpYq jWN8XmEusk8nWfg/GUpwEQI1OHbns35mb0l/nUdCMmGW+B6UNep6/kYukOyYPOTcTJt3LE WVlyL+chuLEv3Y3ESGuMYvO/SrnMiDetbNKMHXBRB9purAM75H7NuSTKb/sLvgBH9pZsEJ kuwmFq/ShXNflCwR4cdi+f5u2w7ov2wiRuBn0ViiPv2K/zp3g4MCFwXOiWc4YYHtlMfm+/ MLYzRvdGYKZ9aj2W3mcxah673NEWclzrEyDW8GX/dHX5IZQHsHjwVmcUCHMkeQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1721069197; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=U/19X+NuUI1oqMaMf64+Lx6v/8WPFbM87CDXMhgX5aY=; b=aNYOaShZFitVLYfjQRhW58HuwJaPoKv8RMJCXAyJiQxLqFjycuPAqEgYEzs8Bf0rXPULW7 LurSa8D5S6NOBdxbgc4YzTRsWItWjOyVEwCJLUXZY97/hbIAWtkvh5qlvnQjy8lLe429vZ nlN6GWBm2AkN6TYAmdwdYw0Vd/qDuitey47fIY88DZTbzBlke5R4+OH2egF3PMOwgMc5MZ vEpnZOhSHb5PNAxS6JFGPCaqjD4n0qFTTlFYNcEJxizJu0QRAZU9gmoS/FY5non/ARu7Vh uva7mJfdAeJgbyID+qijApBU8eTylXZBSJZFwGRkWf6xkFk+D0c2kk4P1udo3g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WNB4Y3R1nz13vK; Mon, 15 Jul 2024 18:46:37 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46FIkb57087651; Mon, 15 Jul 2024 18:46:37 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46FIkbX3087648; Mon, 15 Jul 2024 18:46:37 GMT (envelope-from git) Date: Mon, 15 Jul 2024 18:46:37 GMT Message-Id: <202407151846.46FIkbX3087648@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Adrian Chadd Subject: git: 2589197adb19 - main - net80211: migrate the group/unicast key check into inline functions List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adrian X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2589197adb199ec37f132dd7e279eb0795713f1e Auto-Submitted: auto-generated The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=2589197adb199ec37f132dd7e279eb0795713f1e commit 2589197adb199ec37f132dd7e279eb0795713f1e Author: Adrian Chadd AuthorDate: 2024-06-06 17:28:03 +0000 Commit: Adrian Chadd CommitDate: 2024-07-15 18:45:30 +0000 net80211: migrate the group/unicast key check into inline functions The way that net80211 and drivers are checking for the /type/ of key is to check if it's in the vap WEP key array and if so, it's a group key. If not, it's a unicast key. That's not only kind of terrible, but it's also going to be problematic with future 802.11 support (for multiple unicast keys and IGTK keys for management frame protection.) So as part of this, remove the places where this is done and instead use a pair inline functions - ieee80211_is_key_global() and ieee80211_is_key_unicast(). They currenly still use the same logic but the drivers and net80211 stack isn't doing it itself. There are still open questions about why keys are not being correctly tagged as GROUP, GTK, PTK, etc. That will be investigated and addressed in follow-up work as a pre-cursor to MFP, IGTK, etc. as mentioned above. Testing: * iwn, rtwn - STA mode Differential Revision: https://reviews.freebsd.org/D45516 --- sys/dev/ath/if_ath_keycache.c | 3 +-- sys/dev/mwl/if_mwl.c | 3 +-- sys/dev/rtwn/if_rtwn_cam.c | 6 ++---- sys/dev/usb/wlan/if_rsu.c | 7 +++---- sys/dev/usb/wlan/if_rum.c | 10 ++++------ sys/dev/wpi/if_wpi.c | 11 +++++------ sys/net80211/ieee80211.c | 31 +++++++++++++++++++++++++++++++ sys/net80211/ieee80211_crypto.c | 16 ++++++++-------- sys/net80211/ieee80211_var.h | 5 +++++ 9 files changed, 60 insertions(+), 32 deletions(-) diff --git a/sys/dev/ath/if_ath_keycache.c b/sys/dev/ath/if_ath_keycache.c index bc94273bf5ce..a58625ad2803 100644 --- a/sys/dev/ath/if_ath_keycache.c +++ b/sys/dev/ath/if_ath_keycache.c @@ -434,8 +434,7 @@ ath_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, /* * Only global keys should have key index assigned. */ - if (!(&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { + if (!ieee80211_is_key_global(vap, k)) { /* should not happen */ DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: bogus group key\n", __func__); diff --git a/sys/dev/mwl/if_mwl.c b/sys/dev/mwl/if_mwl.c index 479f3144dce3..49b8b3279c7f 100644 --- a/sys/dev/mwl/if_mwl.c +++ b/sys/dev/mwl/if_mwl.c @@ -1519,8 +1519,7 @@ mwl_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, if (k->wk_keyix != IEEE80211_KEYIX_NONE || (k->wk_flags & IEEE80211_KEY_GROUP)) { - if (!(&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { + if (!ieee80211_is_key_global(vap, k)) { /* should not happen */ DPRINTF(sc, MWL_DEBUG_KEYCACHE, "%s: bogus group key\n", __func__); diff --git a/sys/dev/rtwn/if_rtwn_cam.c b/sys/dev/rtwn/if_rtwn_cam.c index 864c13d78285..d142cd0476e4 100644 --- a/sys/dev/rtwn/if_rtwn_cam.c +++ b/sys/dev/rtwn/if_rtwn_cam.c @@ -113,8 +113,7 @@ rtwn_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, struct rtwn_softc *sc = vap->iv_ic->ic_softc; int i, start; - if (&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { + if (ieee80211_is_key_global(vap, k)) { *keyix = ieee80211_crypto_get_key_wepidx(vap, k); if (sc->sc_hwcrypto != RTWN_CRYPTO_FULL) k->wk_flags |= IEEE80211_KEY_SWCRYPT; @@ -308,8 +307,7 @@ rtwn_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, return (1); } - if (&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { + if (ieee80211_is_key_global(vap, k)) { if (sc->sc_hwcrypto == RTWN_CRYPTO_FULL) { struct rtwn_vap *rvp = RTWN_VAP(vap); diff --git a/sys/dev/usb/wlan/if_rsu.c b/sys/dev/usb/wlan/if_rsu.c index e000d1fb5992..c967435250ee 100644 --- a/sys/dev/usb/wlan/if_rsu.c +++ b/sys/dev/usb/wlan/if_rsu.c @@ -1526,10 +1526,10 @@ rsu_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, struct rsu_softc *sc = vap->iv_ic->ic_softc; int is_checked = 0; - if (&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { + if (ieee80211_is_key_global(vap, k)) { *keyix = ieee80211_crypto_get_key_wepidx(vap, k); } else { + /* Note: assumes this is a pairwise key */ if (vap->iv_opmode != IEEE80211_M_STA) { *keyix = 0; /* TODO: obtain keyix from node id */ @@ -1570,8 +1570,7 @@ rsu_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, } /* Handle group keys. */ - if (&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { + if (ieee80211_is_key_global(vap, k)) { KASSERT(k->wk_keyix < nitems(sc->group_keys), ("keyix %u > %zu\n", k->wk_keyix, nitems(sc->group_keys))); diff --git a/sys/dev/usb/wlan/if_rum.c b/sys/dev/usb/wlan/if_rum.c index 2720f2ffedcb..edf92e2222b4 100644 --- a/sys/dev/usb/wlan/if_rum.c +++ b/sys/dev/usb/wlan/if_rum.c @@ -1468,8 +1468,7 @@ rum_tx_crypto_flags(struct rum_softc *sc, struct ieee80211_node *ni, flags |= RT2573_TX_CIP_MODE(mode); /* Do not trust GROUP flag */ - if (!(k >= &vap->iv_nw_keys[0] && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) + if (ieee80211_is_key_unicast(vap, k)) flags |= RT2573_TX_KEY_PAIR; else pos += 0 * RT2573_SKEY_MAX; /* vap id */ @@ -3006,8 +3005,7 @@ rum_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, struct rum_softc *sc = vap->iv_ic->ic_softc; uint8_t i; - if (!(&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { + if (ieee80211_is_key_unicast(vap, k)) { if (!(k->wk_flags & IEEE80211_KEY_SWCRYPT)) { RUM_LOCK(sc); for (i = 0; i < RT2573_ADDR_MAX; i++) { @@ -3044,7 +3042,7 @@ rum_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) return 1; } - group = k >= &vap->iv_nw_keys[0] && k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]; + group = ieee80211_is_key_global(vap, k); return !rum_cmd_sleepable(sc, k, sizeof(*k), 0, group ? rum_group_key_set_cb : rum_pair_key_set_cb); @@ -3061,7 +3059,7 @@ rum_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k) return 1; } - group = k >= &vap->iv_nw_keys[0] && k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]; + group = ieee80211_is_key_global(vap, k); return !rum_cmd_sleepable(sc, k, sizeof(*k), 0, group ? rum_group_key_del_cb : rum_pair_key_del_cb); diff --git a/sys/dev/wpi/if_wpi.c b/sys/dev/wpi/if_wpi.c index fc5cf02f3a25..11b8a749090d 100644 --- a/sys/dev/wpi/if_wpi.c +++ b/sys/dev/wpi/if_wpi.c @@ -4641,8 +4641,8 @@ again: return !error; } - if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { + if (!(kflags & WPI_KFLAG_MULTICAST) && + ieee80211_is_key_global(vap, k)) { kflags |= WPI_KFLAG_MULTICAST; node.kflags = htole16(kflags); @@ -4726,8 +4726,8 @@ again: return !error; } - if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { + if (!(kflags & WPI_KFLAG_MULTICAST) && + ieee80211_is_key_global(vap, k)) { kflags |= WPI_KFLAG_MULTICAST; node.kflags = htole16(kflags); @@ -4782,8 +4782,7 @@ wpi_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k, } /* Handle group keys. */ - if (&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) { + if (ieee80211_is_key_global(vap, k)) { WPI_NT_LOCK(sc); if (set) wvp->wv_gtk |= WPI_VAP_KEY(k->wk_keyix); diff --git a/sys/net80211/ieee80211.c b/sys/net80211/ieee80211.c index 9f91e31d13a6..ecf87020b066 100644 --- a/sys/net80211/ieee80211.c +++ b/sys/net80211/ieee80211.c @@ -2679,3 +2679,34 @@ ieee80211_channel_type_char(const struct ieee80211_channel *c) return 'b'; return 'f'; } + +/* + * Determine whether the given key in the given VAP is a global key. + * (key index 0..3, shared between all stations on a VAP.) + * + * This is either a WEP key or a GROUP key. + * + * Note this will NOT return true if it is a IGTK key. + */ +bool +ieee80211_is_key_global(const struct ieee80211vap *vap, + const struct ieee80211_key *key) +{ + return (&vap->iv_nw_keys[0] <= key && + key < &vap->iv_nw_keys[IEEE80211_WEP_NKID]); +} + +/* + * Determine whether the given key in the given VAP is a unicast key. + */ +bool +ieee80211_is_key_unicast(const struct ieee80211vap *vap, + const struct ieee80211_key *key) +{ + /* + * This is a short-cut for now; eventually we will need + * to support multiple unicast keys, IGTK, etc) so we + * will absolutely need to fix the key flags. + */ + return (!ieee80211_is_key_global(vap, key)); +} diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index 829653ff1335..d70b3aa4a24a 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -62,8 +62,8 @@ static int null_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix) { - if (!(&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { + + if (!ieee80211_is_key_global(vap, k)) { /* * Not in the global key table, the driver should handle this * by allocating a slot in the h/w key table/cache. In @@ -606,9 +606,9 @@ ieee80211_crypto_get_key_wepidx(const struct ieee80211vap *vap, const struct ieee80211_key *k) { - if (k >= &vap->iv_nw_keys[0] && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) + if (ieee80211_is_key_global(vap, k)) { return (k - vap->iv_nw_keys); + } return (-1); } @@ -618,11 +618,11 @@ ieee80211_crypto_get_key_wepidx(const struct ieee80211vap *vap, uint8_t ieee80211_crypto_get_keyid(struct ieee80211vap *vap, struct ieee80211_key *k) { - if (k >= &vap->iv_nw_keys[0] && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) + if (ieee80211_is_key_global(vap, k)) { return (k - vap->iv_nw_keys); - else - return (0); + } + + return (0); } struct ieee80211_key * diff --git a/sys/net80211/ieee80211_var.h b/sys/net80211/ieee80211_var.h index c827984b5f37..53139a3852b8 100644 --- a/sys/net80211/ieee80211_var.h +++ b/sys/net80211/ieee80211_var.h @@ -824,6 +824,11 @@ char ieee80211_channel_type_char(const struct ieee80211_channel *c); #define ieee80211_get_home_channel(_ic) ((_ic)->ic_bsschan) #define ieee80211_get_vap_desired_channel(_iv) ((_iv)->iv_des_chan) +bool ieee80211_is_key_global(const struct ieee80211vap *vap, + const struct ieee80211_key *key); +bool ieee80211_is_key_unicast(const struct ieee80211vap *vap, + const struct ieee80211_key *key); + void ieee80211_radiotap_attach(struct ieee80211com *, struct ieee80211_radiotap_header *th, int tlen, uint32_t tx_radiotap,