| Message ID | 1346063887-29078-1-git-send-email-yeohchunyeow@gmail.com (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
Hi Chun-Yeow, On Mon, Aug 27, 2012 at 3:38 AM, Chun-Yeow Yeoh <yeohchunyeow@gmail.com> wrote: > Secured mesh requires the key installation using cipher > suite AES CMAC for multicast management frame. This patch > will allow the key installation to proceed. Otherwise, it > will be rejected due to hw encryption is not supported. So what does this patch fix, exactly? mac80211 already advertises support for AES CMAC if the hardware is MFP capable. > - if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher)) > + if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher) && > + !(params->cipher == WLAN_CIPHER_SUITE_AES_CMAC && > + (rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH))) > return -EINVAL; -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi, Thomas > So what does this patch fix, exactly? mac80211 already advertises > support for AES CMAC if the hardware is MFP capable. I think that ath5k is not hardware MFP capable, but actually could do AES CMAC in software. But key installation using AES CMAC of authsae on the multicast management frame are failed due to the checking of cfg80211_supported_cipher_suit which is based on IEEE80211_HW_MFP_CAPABLE. So the only way is bypass this checking. What do you think? -- Chun-Yeow -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Aug 27, 2012 at 8:24 AM, Yeoh Chun-Yeow <yeohchunyeow@gmail.com> wrote: > Hi, Thomas > >> So what does this patch fix, exactly? mac80211 already advertises >> support for AES CMAC if the hardware is MFP capable. > > I think that ath5k is not hardware MFP capable, but actually could do > AES CMAC in software. But key installation using AES CMAC of authsae > on the multicast management frame are failed due to the checking of > cfg80211_supported_cipher_suit which is based on > IEEE80211_HW_MFP_CAPABLE. So the only way is bypass this checking. > What do you think? But this is ugly. I liked your ath5k patch better and am not really sure what Johannes' problem with it was? Thomas -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi, Thomas > But this is ugly. I liked your ath5k patch better and am not really > sure what Johannes' problem with it was? Further investigation seems that MFP can be supported in hardware. Let me resubmit a patch on ath5k and see what are the comments coming from ath5k developers. Thanks --- Chun-Yeow -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/wireless/util.c b/net/wireless/util.c index ef35f4e..1b665a7 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -253,7 +253,9 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, } } - if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher)) + if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher) && + !(params->cipher == WLAN_CIPHER_SUITE_AES_CMAC && + (rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH))) return -EINVAL; return 0;
Secured mesh requires the key installation using cipher suite AES CMAC for multicast management frame. This patch will allow the key installation to proceed. Otherwise, it will be rejected due to hw encryption is not supported. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> --- net/wireless/util.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-)