The branch main has been updated by adrian: URL: https://cgit.FreeBSD.org/src/commit/?id=c5f7cb19f527eb845660c98feb4e5e3cbf05dce5
commit c5f7cb19f527eb845660c98feb4e5e3cbf05dce5 Author: Adrian Chadd <[email protected]> AuthorDate: 2025-09-12 23:11:36 +0000 Commit: Adrian Chadd <[email protected]> CommitDate: 2025-11-11 16:05:41 +0000 iwx: migrate to using net80211 crypto key methods In preparation for further MFP key work, migrate iwx away from using IEEE80211_KEY_GROUP and pointer arithmetic. This is a hold over from ye olde days. Locally tested: * (STA mode, CCMP/CCMP network) * iwx0: <Wi-Fi 6 AX210> mem 0x84c00000-0x84c03fff at device 0.0 on pci4 Differential Revision: https://reviews.freebsd.org/D52523 --- sys/dev/iwx/if_iwx.c | 48 +++++++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/sys/dev/iwx/if_iwx.c b/sys/dev/iwx/if_iwx.c index 04ed09f04604..eb5b4a42e616 100644 --- a/sys/dev/iwx/if_iwx.c +++ b/sys/dev/iwx/if_iwx.c @@ -10942,23 +10942,15 @@ iwx_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k, if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) { return 1; } - if (!(&vap->iv_nw_keys[0] <= k && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) { - /* - * Not in the global key table, the driver should handle this - * by allocating a slot in the h/w key table/cache. In - * lieu of that return key slot 0 for any unicast key - * request. We disallow the request if this is a group key. - * This default policy does the right thing for legacy hardware - * with a 4 key table. It also handles devices that pass - * packets through untouched when marked with the WEP bit - * and key index 0. - */ - if (k->wk_flags & IEEE80211_KEY_GROUP) - return 0; + + if (ieee80211_is_key_unicast(vap, k)) { *keyix = 0; /* NB: use key index 0 for ucast key */ - } else { + } else if (ieee80211_is_key_global(vap, k)) { *keyix = ieee80211_crypto_get_key_wepidx(vap, k); + } else { + net80211_vap_printf(vap, "%s: invalid crypto key type\n", + __func__); + return (0); } *rxkeyix = IEEE80211_KEYIX_NONE; /* XXX maybe *keyix? */ return 1; @@ -10978,7 +10970,6 @@ iwx_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) return 1; } - IWX_LOCK(sc); /* * Keys are stored in 'ni' so 'k' is valid if 'ni' is valid. * Currently we only implement station mode where 'ni' is always @@ -10987,26 +10978,33 @@ iwx_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k) memset(&cmd, 0, sizeof(cmd)); - if (k->wk_flags & IEEE80211_KEY_GROUP) { + if (ieee80211_is_key_global(vap, k)) { + id = ieee80211_crypto_get_key_wepidx(vap, k); DPRINTF(("%s: adding group key\n", __func__)); - } else { + } else if (ieee80211_is_key_unicast(vap, k)) { DPRINTF(("%s: adding key\n", __func__)); + id = 0; /* net80211 currently only supports unicast key 0 */ + } else { + net80211_vap_printf(vap, "%s: unknown key type\n", __func__); + return (ENXIO); } - if (k >= &vap->iv_nw_keys[0] && - k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) - id = (k - vap->iv_nw_keys); - else - id = (0); + + IWX_LOCK(sc); + DPRINTF(("%s: setting keyid=%i\n", __func__, id)); cmd.common.key_flags = htole16(IWX_STA_KEY_FLG_CCM | IWX_STA_KEY_FLG_WEP_KEY_MAP | ((id << IWX_STA_KEY_FLG_KEYID_POS) & IWX_STA_KEY_FLG_KEYID_MSK)); - if (k->wk_flags & IEEE80211_KEY_GROUP) { + if (ieee80211_is_key_global(vap, k)) { cmd.common.key_offset = 1; cmd.common.key_flags |= htole16(IWX_STA_KEY_MULTICAST); - } else { + } else if (ieee80211_is_key_unicast(vap, k)) { cmd.common.key_offset = 0; + } else { + net80211_vap_printf(vap, "%s: unknown key type\n", __func__); + IWX_UNLOCK(sc); + return (ENXIO); } memcpy(cmd.common.key, k->wk_key, MIN(sizeof(cmd.common.key), k->wk_keylen));
