From: Stefan Sperling Subject: Re: qwx(4) crypto offloading To: Mark Kettenis Cc: tech@openbsd.org Date: Mon, 27 May 2024 17:39:08 +0200 On Thu, May 23, 2024 at 08:23:32PM +0200, Mark Kettenis wrote: > I can't get "wpaprotos wpa1 wpaciphers tkip wpagroupcipher tkip" to > work. But it doesn't work with iwmx(4) either. Did you also enable wpa1 in the client? Anyway, not important anymore, since I can do my own testing going further. > Not tried WEP, but I don't think the lack of WEP support should hold > this back. I had to apply this patch to make TKIP and WEP work on an athn(4) hostap which is connected via USB. Otherwise the kernel will panic with "key not installed for sw crypto" when it tries to send a frame while the driver's key installation task has not yet been run. With WPA1 the kernel tries to send a group key handshake message immediately after installing the key, which always panics. With WEP any data frame sent while the task has not run yet will likewise trigger this panic. There is no good reason to defer the installation or deletion of software crypto keys to a task. It should simply be done directly. ok? diff /usr/src commit - 7cb71619920688a04ffa06cd1aa374fc5f590796 path + /usr/src blob - 49d5c06cf2d81746a5c6930c62d6c47255b1ed50 file + sys/dev/usb/if_athn_usb.c --- sys/dev/usb/if_athn_usb.c +++ sys/dev/usb/if_athn_usb.c @@ -1644,6 +1644,11 @@ athn_usb_set_key(struct ieee80211com *ic, struct ieee8 (IFF_UP | IFF_RUNNING)) return (0); + if (k->k_cipher != IEEE80211_CIPHER_CCMP) { + /* Use software crypto for ciphers other than CCMP. */ + return ieee80211_set_key(ic, ni, k); + } + /* Do it in a process context. */ cmd.ni = (ni != NULL) ? ieee80211_ref_node(ni) : NULL; cmd.key = k; @@ -1686,6 +1691,11 @@ athn_usb_delete_key(struct ieee80211com *ic, struct ie ic->ic_state != IEEE80211_S_RUN) return; /* Nothing to do. */ + if (k->k_cipher != IEEE80211_CIPHER_CCMP) { + ieee80211_delete_key(ic, ni, k); + return; + } + /* Do it in a process context. */ cmd.ni = (ni != NULL) ? ieee80211_ref_node(ni) : NULL; cmd.key = k;