On Thu, May 23, 2024 at 08:23:32PM +0200, Mark Kettenis wrote:
> I can't get "wpaprotos wpa1 wpaciphers tkip wpagroupcipher tkip" to
> work.  But it doesn't work with iwmx(4) either.

Did you also enable wpa1 in the client? Anyway, not important anymore,
since I can do my own testing going further.

> Not tried WEP, but I don't think the lack of WEP support should hold
> this back.

I had to apply this patch to make TKIP and WEP work on an athn(4) hostap
which is connected via USB.

Otherwise the kernel will panic with "key not installed for sw crypto"
when it tries to send a frame while the driver's key installation task
has not yet been run.

With WPA1 the kernel tries to send a group key handshake message
immediately after installing the key, which always panics.
With WEP any data frame sent while the task has not run yet will
likewise trigger this panic.

There is no good reason to defer the installation or deletion of
software crypto keys to a task. It should simply be done directly.

ok?

diff /usr/src
commit - 7cb71619920688a04ffa06cd1aa374fc5f590796
path + /usr/src
blob - 49d5c06cf2d81746a5c6930c62d6c47255b1ed50
file + sys/dev/usb/if_athn_usb.c
--- sys/dev/usb/if_athn_usb.c
+++ sys/dev/usb/if_athn_usb.c
@@ -1644,6 +1644,11 @@ athn_usb_set_key(struct ieee80211com *ic, struct ieee8
 	    (IFF_UP | IFF_RUNNING))
 		return (0);
 
+	if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
+		/* Use software crypto for ciphers other than CCMP. */
+		return ieee80211_set_key(ic, ni, k);
+	}
+
 	/* Do it in a process context. */
 	cmd.ni = (ni != NULL) ? ieee80211_ref_node(ni) : NULL;
 	cmd.key = k;
@@ -1686,6 +1691,11 @@ athn_usb_delete_key(struct ieee80211com *ic, struct ie
 	    ic->ic_state != IEEE80211_S_RUN)
 		return;	/* Nothing to do. */
 
+	if (k->k_cipher != IEEE80211_CIPHER_CCMP) {
+		ieee80211_delete_key(ic, ni, k);
+		return;
+	}
+
 	/* Do it in a process context. */
 	cmd.ni = (ni != NULL) ? ieee80211_ref_node(ni) : NULL;
 	cmd.key = k;