git: fa06d18b3b87 - main - wpa: add support for CCMP-256/GMCP-256

From: Adrian Chadd <adrian_at_FreeBSD.org>
Date: Tue, 08 Apr 2025 01:35:30 UTC
The branch main has been updated by adrian:

URL: https://cgit.FreeBSD.org/src/commit/?id=fa06d18b3b8753a6b51198051d44edb2043db938

commit fa06d18b3b8753a6b51198051d44edb2043db938
Author:     Adrian Chadd <adrian@FreeBSD.org>
AuthorDate: 2025-03-20 04:20:56 +0000
Commit:     Adrian Chadd <adrian@FreeBSD.org>
CommitDate: 2025-04-08 01:35:22 +0000

    wpa: add support for CCMP-256/GMCP-256
    
    This adds support for CCMP-256 and GCMP-256 if available via
    net80211 device capabilities, and will set the keys as needed.
    
    Differential Revision:  https://reviews.freebsd.org/D49418
    Reviewed by:    cy
---
 contrib/wpa/src/drivers/driver_bsd.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/contrib/wpa/src/drivers/driver_bsd.c b/contrib/wpa/src/drivers/driver_bsd.c
index fc9a44743d7d..6efaa9c27ff2 100644
--- a/contrib/wpa/src/drivers/driver_bsd.c
+++ b/contrib/wpa/src/drivers/driver_bsd.c
@@ -378,9 +378,15 @@ bsd_set_key(void *priv, struct wpa_driver_set_key_params *params)
 	case WPA_ALG_CCMP:
 		wk.ik_type = IEEE80211_CIPHER_AES_CCM;
 		break;
+	case WPA_ALG_CCMP_256:
+		wk.ik_type = IEEE80211_CIPHER_AES_CCM_256;
+		break;
 	case WPA_ALG_GCMP:
 		wk.ik_type = IEEE80211_CIPHER_AES_GCM_128;
 		break;
+	case WPA_ALG_GCMP_256:
+		wk.ik_type = IEEE80211_CIPHER_AES_GCM_256;
+		break;
 	case WPA_ALG_BIP_CMAC_128:
 		wk.ik_type = IEEE80211_CIPHER_BIP_CMAC_128;
 		break;
@@ -448,16 +454,24 @@ bsd_configure_wpa(void *priv, struct wpa_bss_params *params)
 {
 #ifndef IEEE80211_IOC_APPIE
 	static const char *ciphernames[] =
-		{ "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE" };
+		{ "WEP", "TKIP", "AES-OCB", "AES-CCM", "CKIP", "NONE",
+		  "AES-CCM-256", "BIP-CMAC-128", "BIP-CMAC-256", "BIP-GMAC-128",
+		  "BIP-GMAC-256", "AES-GCM-128", "AES-GCM-256" };
 	int v;
 
 	switch (params->wpa_group) {
 	case WPA_CIPHER_CCMP:
 		v = IEEE80211_CIPHER_AES_CCM;
 		break;
+	case WPA_CIPHER_CCMP_256:
+		v = IEEE80211_CIPHER_AES_CCM_256;
+		break;
 	case WPA_CIPHER_GCMP:
 		v = IEEE80211_CIPHER_AES_GCM_128;
 		break;
+	case WPA_CIPHER_GCMP_256:
+		v = IEEE80211_CIPHER_AES_GCM_256;
+		break;
 	case WPA_CIPHER_BIP_CMAC_128:
 		v = IEEE80211_CIPHER_BIP_CMAC_128;
 		break;
@@ -501,8 +515,12 @@ bsd_configure_wpa(void *priv, struct wpa_bss_params *params)
 		v |= 1<<IEEE80211_CIPHER_BIP_CMAC_128;
 	if (params->wpa_pairwise & WPA_CIPHER_GCMP)
 		v |= 1<<IEEE80211_CIPHER_AES_GCM_128;
+	if (params->wpa_pairwise & WPA_CIPHER_GCMP_256)
+		v |= 1<<IEEE80211_CIPHER_AES_GCM_256;
 	if (params->wpa_pairwise & WPA_CIPHER_CCMP)
 		v |= 1<<IEEE80211_CIPHER_AES_CCM;
+	if (params->wpa_pairwise & WPA_CIPHER_CCMP_256)
+		v |= 1<<IEEE80211_CIPHER_AES_CCM_256;
 	if (params->wpa_pairwise & WPA_CIPHER_TKIP)
 		v |= 1<<IEEE80211_CIPHER_TKIP;
 	if (params->wpa_pairwise & WPA_CIPHER_NONE)
@@ -1584,8 +1602,12 @@ static int wpa_driver_bsd_capa(struct bsd_driver_data *drv)
 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP;
 	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM)
 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP;
+	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM_256)
+		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP_256;
 	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_128)
 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP;
+	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_GCM_256)
+		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_GCMP_256;
 	if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_BIP_CMAC_128)
 		drv->capa.enc |= WPA_DRIVER_CAPA_ENC_BIP;