The branch stable/14 has been updated by bz:
URL:
https://cgit.FreeBSD.org/src/commit/?id=e7a49e39d261b3cfd3549405cce16865ad89d7d2
commit e7a49e39d261b3cfd3549405cce16865ad89d7d2
Author: Bjoern A. Zeeb <b...@freebsd.org>
AuthorDate: 2025-04-22 20:10:32 +0000
Commit: Bjoern A. Zeeb <b...@freebsd.org>
CommitDate: 2025-06-10 23:38:24 +0000
LinuxKPI: 802.11: add support for GCMP hw crypto offload
For iwlwifi, rtw88, and rtw89 we can treat GCMP the same way as we
treat CCMP which allows us to re-use the CCMP code for now.
Add the missing case statements and factor out some common code.
Allow IEEE80211_CRYPTO_AES_GCM_128 through our filter of supported
cipher suites to announce it to net80211.
Sponsored by; The FreeBSD Foundation
(cherry picked from commit 29ddd583693aced69be48b545e1c7e7249bdfb9c)
---
sys/compat/linuxkpi/common/src/linux_80211.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/sys/compat/linuxkpi/common/src/linux_80211.c
b/sys/compat/linuxkpi/common/src/linux_80211.c
index 6e65b49fb81b..5653bc2ffba2 100644
--- a/sys/compat/linuxkpi/common/src/linux_80211.c
+++ b/sys/compat/linuxkpi/common/src/linux_80211.c
@@ -1415,11 +1415,12 @@ lkpi_iv_key_set(struct ieee80211vap *vap, const struct
ieee80211_key *k)
lcipher = lkpi_net80211_to_l80211_cipher_suite(
k->wk_cipher->ic_cipher, k->wk_keylen);
switch (lcipher) {
- case WLAN_CIPHER_SUITE_CCMP:
- break;
case WLAN_CIPHER_SUITE_TKIP:
keylen += 2 * k->wk_cipher->ic_miclen;
break;
+ case WLAN_CIPHER_SUITE_CCMP:
+ case WLAN_CIPHER_SUITE_GCMP:
+ break;
default:
ic_printf(ic, "%s: CIPHER SUITE %#x (%s) not supported\n",
__func__, lcipher, lkpi_cipher_suite_to_name(lcipher));
@@ -1454,16 +1455,16 @@ lkpi_iv_key_set(struct ieee80211vap *vap, const struct
ieee80211_key *k)
if (k->wk_flags & IEEE80211_KEY_GROUP)
kc->flags &= ~IEEE80211_KEY_FLAG_PAIRWISE;
+ kc->iv_len = k->wk_cipher->ic_header;
+ kc->icv_len = k->wk_cipher->ic_trailer;
+
switch (kc->cipher) {
- case WLAN_CIPHER_SUITE_CCMP:
- kc->iv_len = k->wk_cipher->ic_header;
- kc->icv_len = k->wk_cipher->ic_trailer;
- break;
case WLAN_CIPHER_SUITE_TKIP:
memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
k->wk_txmic, k->wk_cipher->ic_miclen);
memcpy(kc->key + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
k->wk_rxmic, k->wk_cipher->ic_miclen);
- kc->iv_len = k->wk_cipher->ic_header;
- kc->icv_len = k->wk_cipher->ic_trailer;
+ break;
+ case WLAN_CIPHER_SUITE_CCMP:
+ case WLAN_CIPHER_SUITE_GCMP:
break;
default:
/* currently UNREACH */
@@ -1528,6 +1529,7 @@ lkpi_iv_key_set(struct ieee80211vap *vap, const struct
ieee80211_key *k)
#endif
break;
case WLAN_CIPHER_SUITE_CCMP:
+ case WLAN_CIPHER_SUITE_GCMP:
exp_flags = (IEEE80211_KEY_FLAG_PAIRWISE |
IEEE80211_KEY_FLAG_PUT_IV_SPACE |
IEEE80211_KEY_FLAG_GENERATE_IV |
@@ -4809,6 +4811,7 @@ encrypt:
TODO("sw encrypt");
return (ENXIO);
}
+
static int
lkpi_hw_crypto_prepare_ccmp(struct ieee80211_key *k,
struct ieee80211_key_conf *kc, struct sk_buff *skb)
@@ -4876,10 +4879,11 @@ lkpi_hw_crypto_prepare(struct lkpi_sta *lsta, struct
ieee80211_key *k,
return (lkpi_hw_crypto_prepare_tkip(k, kc, skb));
case WLAN_CIPHER_SUITE_CCMP:
return (lkpi_hw_crypto_prepare_ccmp(k, kc, skb));
+ case WLAN_CIPHER_SUITE_GCMP:
+ return (lkpi_hw_crypto_prepare_ccmp(k, kc, skb));
case WLAN_CIPHER_SUITE_WEP40:
case WLAN_CIPHER_SUITE_WEP104:
case WLAN_CIPHER_SUITE_CCMP_256:
- case WLAN_CIPHER_SUITE_GCMP:
case WLAN_CIPHER_SUITE_GCMP_256:
case WLAN_CIPHER_SUITE_AES_CMAC:
case WLAN_CIPHER_SUITE_BIP_CMAC_256:
@@ -6124,6 +6128,7 @@ linuxkpi_ieee80211_ifattach(struct ieee80211_hw *hw)
* Also permit TKIP if turned on.
*/
hwciphers &= (IEEE80211_CRYPTO_AES_CCM |
+ IEEE80211_CRYPTO_AES_GCM_128 |
(lkpi_hwcrypto_tkip ? (IEEE80211_CRYPTO_TKIP |
IEEE80211_CRYPTO_TKIPMIC) : 0));
ieee80211_set_hardware_ciphers(ic, hwciphers);
