On Thu, 2022-09-01 at 20:43 +0200, Mathy Vanhoef wrote:
> Some of my scripts to detect WPA2 key reinstallations rely on
> disabling hardware encryption/decryption to detect IV reuse (with a
> virtual interface in monitor mode). Otherwise the hardware may strip
> away the Packet Number meaning nonce reuse can't be detected. I
> realize this may not be used often in practice, but in general it
> would still be very useful to have the swcrypto parameter, it's very
> useful when doing Wi-Fi experiments.
>
> Mathy
Hi Mathy,
I'm not the maintainer of the iwlwifi driver anymore, so I'm CCing
Gregory here, who is the new maintainer. He may be able to answer you.
--
Cheers,
Luca.
> Op vr 24 apr. 2020 om 17:50 schreef Luca Coelho <luca@xxxxxxxxx>:
> >
> > From: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
> >
> > Leave them active for iwldvm. We do not test this configuration
> > and there is no reason nowadays to allow this.
> >
> > Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@xxxxxxxxx>
> > Signed-off-by: Luca Coelho <luciano.coelho@xxxxxxxxx>
> > ---
> > drivers/net/wireless/intel/iwlwifi/mvm/coex.c | 7 ++--
> > drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 31 ++++++--------
> > .../net/wireless/intel/iwlwifi/mvm/mac80211.c | 42 ++++++++-----------
> > 3 files changed, 33 insertions(+), 47 deletions(-)
> >
> > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/coex.c b/drivers/net/wireless/intel/iwlwifi/mvm/coex.c
> > index 3d2abbc5c76c..5ae22cd7ecdb 100644
> > --- a/drivers/net/wireless/intel/iwlwifi/mvm/coex.c
> > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/coex.c
> > @@ -5,7 +5,7 @@
> > *
> > * GPL LICENSE SUMMARY
> > *
> > - * Copyright(c) 2013 - 2014 Intel Corporation. All rights reserved.
> > + * Copyright(c) 2013 - 2014, 2018 - 2020 Intel Corporation. All rights reserved.
> > * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
> > *
> > * This program is free software; you can redistribute it and/or modify
> > @@ -26,7 +26,7 @@
> > *
> > * BSD LICENSE
> > *
> > - * Copyright(c) 2013 - 2014 Intel Corporation. All rights reserved.
> > + * Copyright(c) 2013 - 2014, 2018 - 2020 Intel Corporation. All rights reserved.
> > * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
> > * All rights reserved.
> > *
> > @@ -216,8 +216,7 @@ int iwl_mvm_send_bt_init_conf(struct iwl_mvm *mvm)
> > goto send_cmd;
> > }
> >
> > - mode = iwlwifi_mod_params.bt_coex_active ? BT_COEX_NW : BT_COEX_DISABLE;
> > - bt_cmd.mode = cpu_to_le32(mode);
> > + bt_cmd.mode = cpu_to_le32(BT_COEX_NW);
> >
> > if (IWL_MVM_BT_COEX_SYNC2SCO)
> > bt_cmd.enabled_modules |=
> > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> > index 222775714859..89096bcb053e 100644
> > --- a/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/d3.c
> > @@ -5,10 +5,9 @@
> > *
> > * GPL LICENSE SUMMARY
> > *
> > - * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
> > + * Copyright(c) 2012 - 2014, 2018 - 2020 Intel Corporation. All rights reserved.
> > * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
> > * Copyright(c) 2016 - 2017 Intel Deutschland GmbH
> > - * Copyright(c) 2018 - 2019 Intel Corporation
> > *
> > * This program is free software; you can redistribute it and/or modify
> > * it under the terms of version 2 of the GNU General Public License as
> > @@ -28,10 +27,9 @@
> > *
> > * BSD LICENSE
> > *
> > - * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
> > + * Copyright(c) 2012 - 2014, 2018 - 2020 Intel Corporation. All rights reserved.
> > * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
> > * Copyright(c) 2016 - 2017 Intel Deutschland GmbH
> > - * Copyright(c) 2018 - 2019 Intel Corporation
> > * All rights reserved.
> > *
> > * Redistribution and use in source and binary forms, with or without
> > @@ -80,9 +78,6 @@ void iwl_mvm_set_rekey_data(struct ieee80211_hw *hw,
> > struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
> > struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
> >
> > - if (iwlwifi_mod_params.swcrypto)
> > - return;
> > -
> > mutex_lock(&mvm->mutex);
> >
> > memcpy(mvmvif->rekey_data.kek, data->kek, NL80211_KEK_LEN);
> > @@ -843,18 +838,16 @@ iwl_mvm_wowlan_config(struct iwl_mvm *mvm,
> > return ret;
> > }
> >
> > - if (!iwlwifi_mod_params.swcrypto) {
> > - /*
> > - * This needs to be unlocked due to lock ordering
> > - * constraints. Since we're in the suspend path
> > - * that isn't really a problem though.
> > - */
> > - mutex_unlock(&mvm->mutex);
> > - ret = iwl_mvm_wowlan_config_key_params(mvm, vif, CMD_ASYNC);
> > - mutex_lock(&mvm->mutex);
> > - if (ret)
> > - return ret;
> > - }
> > + /*
> > + * This needs to be unlocked due to lock ordering
> > + * constraints. Since we're in the suspend path
> > + * that isn't really a problem though.
> > + */
> > + mutex_unlock(&mvm->mutex);
> > + ret = iwl_mvm_wowlan_config_key_params(mvm, vif, CMD_ASYNC);
> > + mutex_lock(&mvm->mutex);
> > + if (ret)
> > + return ret;
> >
> > ret = iwl_mvm_send_cmd_pdu(mvm, WOWLAN_CONFIGURATION, 0,
> > sizeof(*wowlan_config_cmd),
> > diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
> > index 853ba7b8bf3f..ee3d2ff432f7 100644
> > --- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
> > +++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
> > @@ -475,23 +475,23 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
> > hw->wiphy->n_cipher_suites++;
> > }
> >
> > - /* Enable 11w if software crypto is not enabled (as the
> > - * firmware will interpret some mgmt packets, so enabling it
> > - * with software crypto isn't safe).
> > - */
> > - if (!iwlwifi_mod_params.swcrypto) {
> > - ieee80211_hw_set(hw, MFP_CAPABLE);
> > + if (iwlwifi_mod_params.swcrypto)
> > + IWL_ERR(mvm,
> > + "iwlmvm doesn't allow to disable HW crypto, check swcrypto module parameter\n");
> > + if (!iwlwifi_mod_params.bt_coex_active)
> > + IWL_ERR(mvm,
> > + "iwlmvm doesn't allow to disable BT Coex, check bt_coex_active module parameter\n");
> > +
> > + ieee80211_hw_set(hw, MFP_CAPABLE);
> > + mvm->ciphers[hw->wiphy->n_cipher_suites] = WLAN_CIPHER_SUITE_AES_CMAC;
> > + hw->wiphy->n_cipher_suites++;
> > + if (iwl_mvm_has_new_rx_api(mvm)) {
> > mvm->ciphers[hw->wiphy->n_cipher_suites] =
> > - WLAN_CIPHER_SUITE_AES_CMAC;
> > + WLAN_CIPHER_SUITE_BIP_GMAC_128;
> > + hw->wiphy->n_cipher_suites++;
> > + mvm->ciphers[hw->wiphy->n_cipher_suites] =
> > + WLAN_CIPHER_SUITE_BIP_GMAC_256;
> > hw->wiphy->n_cipher_suites++;
> > - if (iwl_mvm_has_new_rx_api(mvm)) {
> > - mvm->ciphers[hw->wiphy->n_cipher_suites] =
> > - WLAN_CIPHER_SUITE_BIP_GMAC_128;
> > - hw->wiphy->n_cipher_suites++;
> > - mvm->ciphers[hw->wiphy->n_cipher_suites] =
> > - WLAN_CIPHER_SUITE_BIP_GMAC_256;
> > - hw->wiphy->n_cipher_suites++;
> > - }
> > }
> >
> > /* currently FW API supports only one optional cipher scheme */
> > @@ -697,10 +697,9 @@ int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
> > WIPHY_WOWLAN_EAP_IDENTITY_REQ |
> > WIPHY_WOWLAN_RFKILL_RELEASE |
> > WIPHY_WOWLAN_NET_DETECT;
> > - if (!iwlwifi_mod_params.swcrypto)
> > - mvm->wowlan.flags |= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY |
> > - WIPHY_WOWLAN_GTK_REKEY_FAILURE |
> > - WIPHY_WOWLAN_4WAY_HANDSHAKE;
> > + mvm->wowlan.flags |= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY |
> > + WIPHY_WOWLAN_GTK_REKEY_FAILURE |
> > + WIPHY_WOWLAN_4WAY_HANDSHAKE;
> >
> > mvm->wowlan.n_patterns = IWL_WOWLAN_MAX_PATTERNS;
> > mvm->wowlan.pattern_min_len = IWL_WOWLAN_MIN_PATTERN_LEN;
> > @@ -3366,11 +3365,6 @@ static int __iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
> > int ret, i;
> > u8 key_offset;
> >
> > - if (iwlwifi_mod_params.swcrypto) {
> > - IWL_DEBUG_MAC80211(mvm, "leave - hwcrypto disabled\n");
> > - return -EOPNOTSUPP;
> > - }
> > -
> > switch (key->cipher) {
> > case WLAN_CIPHER_SUITE_TKIP:
> > if (!mvm->trans->trans_cfg->gen2) {
> > --
> > 2.26.2
> >
