CVSROOT: /cvs
Module name: src
Changes by: s...@cvs.openbsd.org 2020/06/19 05:12:46
Modified files:
sys/dev/pci : if_iwx.c if_iwxreg.h
Log message:
Add WPA2 (CCMP) crypto offload support to iwx(4).
Much thanks to Sara Sharon who helped me by providing hints about new
firmware behaviour.
Contrary to older iwn(4) and iwm(4) devices, key material is no longer part
of the Tx command. Instead, firmware will encrypt outgoing traffic as soon
as the station associated with a Tx queue has an encryption key configured.
Each Tx queue is created with an associated station ID (which in our case is
a constant and represents the AP) and a traffic identifier (TID). The driver
was configuring data Tx queues with the "management TID". This magic TID value
bypasses hardware encryption and resulted in plaintext frames being sent while
received frames were decrypted as expected since the station had a key.
This behaviour looked rather strange and was difficult for me to debug.
The clues which Sara provided led to the solution:
iwx(4) must configure data Tx queues with the "non-QOS TID" in order to
allow for encryption in the firmware's data Tx path.
The rest of the offload mechanism works as it did on iwn(4) and iwm(4).
Tested by sven falempin and myself.
