Message ID | 1423764954-30412-1-git-send-email-patila@marvell.com (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Kalle Valo |
Headers | show |
On Thu, 2015-02-12 at 23:45 +0530, Avinash Patil wrote: > From: Xinming Hu <huxm@marvell.com> > > It is observed that hostapd failed to setup with management frame > protection mode enabled when using mwifiex. > > This is because hostapd will try to install IGTK using > cfg80211 set_default_mgmt_key handler. > > we have already support IGTK install in set_key handler, so just work > around this issue by add an empty cfg80211_set_default_mgmt_key handler. I believe that this is incorrect since the key should only be installed for TX after this handler, not in the set_key handler. This should make a difference in the case of rekeying? Perhaps hostapd doesn't actually program the key until rekeying with all stations finishes though. johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
DQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IEpvaGFubmVzIEJlcmcgW21h aWx0bzpqb2hhbm5lc0BzaXBzb2x1dGlvbnMubmV0XQ0KPiBTZW50OiBGcmlkYXksIEZlYnJ1YXJ5 IDEzLCAyMDE1IDExOjM3IFBNDQo+IFRvOiBBdmluYXNoIFBhdGlsDQo+IENjOiBsaW51eC13aXJl bGVzc0B2Z2VyLmtlcm5lbC5vcmc7IEFtaXRrdW1hciBLYXJ3YXI7IENhdGh5IEx1bzsgWGlubWlu ZyBIdTsNCj4gTGkgTG9uZw0KPiBTdWJqZWN0OiBSZTogW1BBVENIIDEvM10gbXdpZmlleDogYWRk IGNmZzgwMjExIHNldF9kZWZhdWx0X21nbXRfa2V5IGhhbmRsZXINCj4gDQo+IE9uIFRodSwgMjAx NS0wMi0xMiBhdCAyMzo0NSArMDUzMCwgQXZpbmFzaCBQYXRpbCB3cm90ZToNCj4gPiBGcm9tOiBY aW5taW5nIEh1IDxodXhtQG1hcnZlbGwuY29tPg0KPiA+DQo+ID4gSXQgaXMgb2JzZXJ2ZWQgdGhh dCBob3N0YXBkIGZhaWxlZCB0byBzZXR1cCB3aXRoIG1hbmFnZW1lbnQgZnJhbWUNCj4gPiBwcm90 ZWN0aW9uIG1vZGUgZW5hYmxlZCB3aGVuIHVzaW5nIG13aWZpZXguDQo+ID4NCj4gPiBUaGlzIGlz IGJlY2F1c2UgaG9zdGFwZCB3aWxsIHRyeSB0byBpbnN0YWxsIElHVEsgdXNpbmcNCj4gPiBjZmc4 MDIxMSBzZXRfZGVmYXVsdF9tZ210X2tleSBoYW5kbGVyLg0KPiA+DQo+ID4gd2UgaGF2ZSBhbHJl YWR5IHN1cHBvcnQgSUdUSyBpbnN0YWxsIGluIHNldF9rZXkgaGFuZGxlciwgc28ganVzdCB3b3Jr DQo+ID4gYXJvdW5kIHRoaXMgaXNzdWUgYnkgYWRkIGFuIGVtcHR5IGNmZzgwMjExX3NldF9kZWZh dWx0X21nbXRfa2V5IGhhbmRsZXIuDQo+IA0KPiBJIGJlbGlldmUgdGhhdCB0aGlzIGlzIGluY29y cmVjdCBzaW5jZSB0aGUga2V5IHNob3VsZCBvbmx5IGJlIGluc3RhbGxlZCBmb3IgVFgNCj4gYWZ0 ZXIgdGhpcyBoYW5kbGVyLCBub3QgaW4gdGhlIHNldF9rZXkgaGFuZGxlci4gVGhpcyBzaG91bGQg bWFrZSBhIGRpZmZlcmVuY2UNCj4gaW4gdGhlIGNhc2Ugb2YgcmVrZXlpbmc/IFBlcmhhcHMgaG9z dGFwZCBkb2Vzbid0IGFjdHVhbGx5IHByb2dyYW0gdGhlIGtleQ0KPiB1bnRpbCByZWtleWluZyB3 aXRoIGFsbCBzdGF0aW9ucyBmaW5pc2hlcyB0aG91Z2guDQo+IA0KPiBqb2hhbm5lcw0KDQpUaGFu a3MgZm9yIHJldmlldyBjb21tZW50cywgSm9oYW5uZXMuDQpXZSB3aWxsIGltcGxlbWVudCBkZWZh dWx0X21nbXQgaGFuZGxlciBpbiBhIHdheSB5b3UgaGF2ZSBzdWdnZXN0ZWQgYW5kIHNlbmQgdjIu DQoNClJlZ2FyZHMsDQpBdmluYXNoLg0K -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
> -----Original Message----- > From: Johannes Berg [mailto:johannes@sipsolutions.net] > Sent: Friday, February 13, 2015 11:37 PM > To: Avinash Patil > Cc: linux-wireless@vger.kernel.org; Amitkumar Karwar; Cathy Luo; Xinming Hu; > Li Long > Subject: Re: [PATCH 1/3] mwifiex: add cfg80211 set_default_mgmt_key handler > > On Thu, 2015-02-12 at 23:45 +0530, Avinash Patil wrote: > > From: Xinming Hu <huxm@marvell.com> > > > > It is observed that hostapd failed to setup with management frame > > protection mode enabled when using mwifiex. > > > > This is because hostapd will try to install IGTK using > > cfg80211 set_default_mgmt_key handler. > > > > we have already support IGTK install in set_key handler, so just work > > around this issue by add an empty cfg80211_set_default_mgmt_key handler. > > I believe that this is incorrect since the key should only be installed for TX > after this handler, not in the set_key handler. This should make a difference > in the case of rekeying? Perhaps hostapd doesn't actually program the key > until rekeying with all stations finishes though. I believe that set_defualt_mgmt_key and corresponding changes in hostapd & cfg80211 are designed with focus on mac80211. Our design is a bit different in a way all PMF is handled in FW; also we don't support two pair of GTK/IGTKs. We already have installed IGTK to FW in add_key handler. > johannes
Hi Johannes, Could you please check our response? We feel set_default_key_mgmt handler is required for devices which supports 2 pair of GTKs. How do we work around this? Thanks, Avinash > -----Original Message----- > From: Avinash Patil > Sent: Tuesday, March 17, 2015 4:55 PM > To: 'Johannes Berg' > Cc: linux-wireless@vger.kernel.org; Amitkumar Karwar; Cathy Luo; Xinming Hu; > Li Long > Subject: RE: [PATCH 1/3] mwifiex: add cfg80211 set_default_mgmt_key handler > > > > > -----Original Message----- > > From: Johannes Berg [mailto:johannes@sipsolutions.net] > > Sent: Friday, February 13, 2015 11:37 PM > > To: Avinash Patil > > Cc: linux-wireless@vger.kernel.org; Amitkumar Karwar; Cathy Luo; > > Xinming Hu; Li Long > > Subject: Re: [PATCH 1/3] mwifiex: add cfg80211 set_default_mgmt_key > > handler > > > > On Thu, 2015-02-12 at 23:45 +0530, Avinash Patil wrote: > > > From: Xinming Hu <huxm@marvell.com> > > > > > > It is observed that hostapd failed to setup with management frame > > > protection mode enabled when using mwifiex. > > > > > > This is because hostapd will try to install IGTK using > > > cfg80211 set_default_mgmt_key handler. > > > > > > we have already support IGTK install in set_key handler, so just > > > work around this issue by add an empty cfg80211_set_default_mgmt_key > handler. > > > > I believe that this is incorrect since the key should only be > > installed for TX after this handler, not in the set_key handler. This > > should make a difference in the case of rekeying? Perhaps hostapd > > doesn't actually program the key until rekeying with all stations finishes > though. > > I believe that set_defualt_mgmt_key and corresponding changes in hostapd & > cfg80211 are designed with focus on mac80211. > Our design is a bit different in a way all PMF is handled in FW; also we don't > support two pair of GTK/IGTKs. > We already have installed IGTK to FW in add_key handler. > > > johannes
On Tue, Mar 31, 2015 at 07:33:39AM -0700, Avinash Patil wrote:
> We feel set_default_key_mgmt handler is required for devices which supports 2 pair of GTKs.
Why would a device not support multiple GTKs/IGTKs? It does not sound
possible to implement RSN correctly without such support.. AP side could
kind of try to work with only a single GTK/IGTK, but non-AP STA would
not handle GTK/IGTK rekeying. In any case, IEEE Std 802.11-2012 seems to
be pretty clear on the assumption being that the device (including
AP-only cases) supports multiple GTK/IGTK. The authenticator state
machines use key index values 1 and 2 and swap between these when doing
rekeying.
diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c index 5f3c1d3..ab7643d 100644 --- a/drivers/net/wireless/mwifiex/cfg80211.c +++ b/drivers/net/wireless/mwifiex/cfg80211.c @@ -415,6 +415,18 @@ mwifiex_cfg80211_add_key(struct wiphy *wiphy, struct net_device *netdev, } /* + * CFG802.11 operation handler to set default mgmt key. + */ +static int +mwifiex_cfg80211_set_default_mgmt_key(struct wiphy *wiphy, + struct net_device *netdev, + u8 key_index) +{ + wiphy_dbg(wiphy, "set default mgmt key, key index=%d\n", key_index); + return 0; +} + +/* * This function sends domain information to the firmware. * * The following information are passed to the firmware - @@ -3280,6 +3292,7 @@ static struct cfg80211_ops mwifiex_cfg80211_ops = { .leave_ibss = mwifiex_cfg80211_leave_ibss, .add_key = mwifiex_cfg80211_add_key, .del_key = mwifiex_cfg80211_del_key, + .set_default_mgmt_key = mwifiex_cfg80211_set_default_mgmt_key, .mgmt_tx = mwifiex_cfg80211_mgmt_tx, .mgmt_frame_register = mwifiex_cfg80211_mgmt_frame_register, .remain_on_channel = mwifiex_cfg80211_remain_on_channel,