diff mbox

[1/3] mwifiex: add cfg80211 set_default_mgmt_key handler

Message ID 1423764954-30412-1-git-send-email-patila@marvell.com (mailing list archive)
State Changes Requested
Delegated to: Kalle Valo
Headers show

Commit Message

Avinash Patil Feb. 12, 2015, 6:15 p.m. UTC
From: Xinming Hu <huxm@marvell.com>

It is observed that hostapd failed to setup with management frame
protection mode enabled when using mwifiex.

This is because hostapd will try to install IGTK using
cfg80211 set_default_mgmt_key handler.

we have already support IGTK install in set_key handler, so just work
around this issue by add an empty cfg80211_set_default_mgmt_key handler.

Signed-off-by: Xinming Hu <huxm@marvell.com>
Signed-off-by: Cathy Luo <cluo@marvell.com>
Signed-off-by: Li Long <longli@marvell.com>
Signed-off-by: Avinash Patil <patila@marvell.com>
---
 drivers/net/wireless/mwifiex/cfg80211.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

Comments

Johannes Berg Feb. 13, 2015, 6:06 p.m. UTC | #1
On Thu, 2015-02-12 at 23:45 +0530, Avinash Patil wrote:
> From: Xinming Hu <huxm@marvell.com>
> 
> It is observed that hostapd failed to setup with management frame
> protection mode enabled when using mwifiex.
> 
> This is because hostapd will try to install IGTK using
> cfg80211 set_default_mgmt_key handler.
> 
> we have already support IGTK install in set_key handler, so just work
> around this issue by add an empty cfg80211_set_default_mgmt_key handler.

I believe that this is incorrect since the key should only be installed
for TX after this handler, not in the set_key handler. This should make
a difference in the case of rekeying? Perhaps hostapd doesn't actually
program the key until rekeying with all stations finishes though.

johannes

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Avinash Patil Feb. 23, 2015, 7:47 a.m. UTC | #2
DQo+IC0tLS0tT3JpZ2luYWwgTWVzc2FnZS0tLS0tDQo+IEZyb206IEpvaGFubmVzIEJlcmcgW21h
aWx0bzpqb2hhbm5lc0BzaXBzb2x1dGlvbnMubmV0XQ0KPiBTZW50OiBGcmlkYXksIEZlYnJ1YXJ5
IDEzLCAyMDE1IDExOjM3IFBNDQo+IFRvOiBBdmluYXNoIFBhdGlsDQo+IENjOiBsaW51eC13aXJl
bGVzc0B2Z2VyLmtlcm5lbC5vcmc7IEFtaXRrdW1hciBLYXJ3YXI7IENhdGh5IEx1bzsgWGlubWlu
ZyBIdTsNCj4gTGkgTG9uZw0KPiBTdWJqZWN0OiBSZTogW1BBVENIIDEvM10gbXdpZmlleDogYWRk
IGNmZzgwMjExIHNldF9kZWZhdWx0X21nbXRfa2V5IGhhbmRsZXINCj4gDQo+IE9uIFRodSwgMjAx
NS0wMi0xMiBhdCAyMzo0NSArMDUzMCwgQXZpbmFzaCBQYXRpbCB3cm90ZToNCj4gPiBGcm9tOiBY
aW5taW5nIEh1IDxodXhtQG1hcnZlbGwuY29tPg0KPiA+DQo+ID4gSXQgaXMgb2JzZXJ2ZWQgdGhh
dCBob3N0YXBkIGZhaWxlZCB0byBzZXR1cCB3aXRoIG1hbmFnZW1lbnQgZnJhbWUNCj4gPiBwcm90
ZWN0aW9uIG1vZGUgZW5hYmxlZCB3aGVuIHVzaW5nIG13aWZpZXguDQo+ID4NCj4gPiBUaGlzIGlz
IGJlY2F1c2UgaG9zdGFwZCB3aWxsIHRyeSB0byBpbnN0YWxsIElHVEsgdXNpbmcNCj4gPiBjZmc4
MDIxMSBzZXRfZGVmYXVsdF9tZ210X2tleSBoYW5kbGVyLg0KPiA+DQo+ID4gd2UgaGF2ZSBhbHJl
YWR5IHN1cHBvcnQgSUdUSyBpbnN0YWxsIGluIHNldF9rZXkgaGFuZGxlciwgc28ganVzdCB3b3Jr
DQo+ID4gYXJvdW5kIHRoaXMgaXNzdWUgYnkgYWRkIGFuIGVtcHR5IGNmZzgwMjExX3NldF9kZWZh
dWx0X21nbXRfa2V5IGhhbmRsZXIuDQo+IA0KPiBJIGJlbGlldmUgdGhhdCB0aGlzIGlzIGluY29y
cmVjdCBzaW5jZSB0aGUga2V5IHNob3VsZCBvbmx5IGJlIGluc3RhbGxlZCBmb3IgVFgNCj4gYWZ0
ZXIgdGhpcyBoYW5kbGVyLCBub3QgaW4gdGhlIHNldF9rZXkgaGFuZGxlci4gVGhpcyBzaG91bGQg
bWFrZSBhIGRpZmZlcmVuY2UNCj4gaW4gdGhlIGNhc2Ugb2YgcmVrZXlpbmc/IFBlcmhhcHMgaG9z
dGFwZCBkb2Vzbid0IGFjdHVhbGx5IHByb2dyYW0gdGhlIGtleQ0KPiB1bnRpbCByZWtleWluZyB3
aXRoIGFsbCBzdGF0aW9ucyBmaW5pc2hlcyB0aG91Z2guDQo+IA0KPiBqb2hhbm5lcw0KDQpUaGFu
a3MgZm9yIHJldmlldyBjb21tZW50cywgSm9oYW5uZXMuDQpXZSB3aWxsIGltcGxlbWVudCBkZWZh
dWx0X21nbXQgaGFuZGxlciBpbiBhIHdheSB5b3UgaGF2ZSBzdWdnZXN0ZWQgYW5kIHNlbmQgdjIu
DQoNClJlZ2FyZHMsDQpBdmluYXNoLg0K
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Avinash Patil March 17, 2015, 11:25 a.m. UTC | #3
> -----Original Message-----

> From: Johannes Berg [mailto:johannes@sipsolutions.net]

> Sent: Friday, February 13, 2015 11:37 PM

> To: Avinash Patil

> Cc: linux-wireless@vger.kernel.org; Amitkumar Karwar; Cathy Luo; Xinming Hu;

> Li Long

> Subject: Re: [PATCH 1/3] mwifiex: add cfg80211 set_default_mgmt_key handler

> 

> On Thu, 2015-02-12 at 23:45 +0530, Avinash Patil wrote:

> > From: Xinming Hu <huxm@marvell.com>

> >

> > It is observed that hostapd failed to setup with management frame

> > protection mode enabled when using mwifiex.

> >

> > This is because hostapd will try to install IGTK using

> > cfg80211 set_default_mgmt_key handler.

> >

> > we have already support IGTK install in set_key handler, so just work

> > around this issue by add an empty cfg80211_set_default_mgmt_key handler.

> 

> I believe that this is incorrect since the key should only be installed for TX

> after this handler, not in the set_key handler. This should make a difference

> in the case of rekeying? Perhaps hostapd doesn't actually program the key

> until rekeying with all stations finishes though.

 
I believe that set_defualt_mgmt_key and corresponding changes in hostapd & cfg80211 are designed with focus on mac80211.
Our design is a bit different in a way all PMF is handled in FW; also we don't support two pair of GTK/IGTKs.
We already have installed IGTK to FW in add_key handler.

> johannes
Avinash Patil March 31, 2015, 2:33 p.m. UTC | #4
Hi Johannes,

Could you please check our response?
We feel set_default_key_mgmt handler is required for devices which supports 2 pair of GTKs.
How do we work around this?

Thanks,
Avinash

> -----Original Message-----

> From: Avinash Patil

> Sent: Tuesday, March 17, 2015 4:55 PM

> To: 'Johannes Berg'

> Cc: linux-wireless@vger.kernel.org; Amitkumar Karwar; Cathy Luo; Xinming Hu;

> Li Long

> Subject: RE: [PATCH 1/3] mwifiex: add cfg80211 set_default_mgmt_key handler

> 

> 

> 

> > -----Original Message-----

> > From: Johannes Berg [mailto:johannes@sipsolutions.net]

> > Sent: Friday, February 13, 2015 11:37 PM

> > To: Avinash Patil

> > Cc: linux-wireless@vger.kernel.org; Amitkumar Karwar; Cathy Luo;

> > Xinming Hu; Li Long

> > Subject: Re: [PATCH 1/3] mwifiex: add cfg80211 set_default_mgmt_key

> > handler

> >

> > On Thu, 2015-02-12 at 23:45 +0530, Avinash Patil wrote:

> > > From: Xinming Hu <huxm@marvell.com>

> > >

> > > It is observed that hostapd failed to setup with management frame

> > > protection mode enabled when using mwifiex.

> > >

> > > This is because hostapd will try to install IGTK using

> > > cfg80211 set_default_mgmt_key handler.

> > >

> > > we have already support IGTK install in set_key handler, so just

> > > work around this issue by add an empty cfg80211_set_default_mgmt_key

> handler.

> >

> > I believe that this is incorrect since the key should only be

> > installed for TX after this handler, not in the set_key handler. This

> > should make a difference in the case of rekeying? Perhaps hostapd

> > doesn't actually program the key until rekeying with all stations finishes

> though.

> 

> I believe that set_defualt_mgmt_key and corresponding changes in hostapd &

> cfg80211 are designed with focus on mac80211.

> Our design is a bit different in a way all PMF is handled in FW; also we don't

> support two pair of GTK/IGTKs.

> We already have installed IGTK to FW in add_key handler.

> 

> > johannes
Jouni Malinen March 31, 2015, 2:59 p.m. UTC | #5
On Tue, Mar 31, 2015 at 07:33:39AM -0700, Avinash Patil wrote:
> We feel set_default_key_mgmt handler is required for devices which supports 2 pair of GTKs.

Why would a device not support multiple GTKs/IGTKs? It does not sound
possible to implement RSN correctly without such support.. AP side could
kind of try to work with only a single GTK/IGTK, but non-AP STA would
not handle GTK/IGTK rekeying. In any case, IEEE Std 802.11-2012 seems to
be pretty clear on the assumption being that the device (including
AP-only cases) supports multiple GTK/IGTK. The authenticator state
machines use key index values 1 and 2 and swap between these when doing
rekeying.
diff mbox

Patch

diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c
index 5f3c1d3..ab7643d 100644
--- a/drivers/net/wireless/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/mwifiex/cfg80211.c
@@ -415,6 +415,18 @@  mwifiex_cfg80211_add_key(struct wiphy *wiphy, struct net_device *netdev,
 }
 
 /*
+ * CFG802.11 operation handler to set default mgmt key.
+ */
+static int
+mwifiex_cfg80211_set_default_mgmt_key(struct wiphy *wiphy,
+				      struct net_device *netdev,
+				      u8 key_index)
+{
+	wiphy_dbg(wiphy, "set default mgmt key, key index=%d\n", key_index);
+	return 0;
+}
+
+/*
  * This function sends domain information to the firmware.
  *
  * The following information are passed to the firmware -
@@ -3280,6 +3292,7 @@  static struct cfg80211_ops mwifiex_cfg80211_ops = {
 	.leave_ibss = mwifiex_cfg80211_leave_ibss,
 	.add_key = mwifiex_cfg80211_add_key,
 	.del_key = mwifiex_cfg80211_del_key,
+	.set_default_mgmt_key = mwifiex_cfg80211_set_default_mgmt_key,
 	.mgmt_tx = mwifiex_cfg80211_mgmt_tx,
 	.mgmt_frame_register = mwifiex_cfg80211_mgmt_frame_register,
 	.remain_on_channel = mwifiex_cfg80211_remain_on_channel,