Hi, Johannes
> Huh? Well that's odd, maybe there's a race condition and you program the
> key before the peer was added to the device?
Not so sure. The adding of key is actually done by the meshd-nl80211
(authsae) daemon running in userspace.
https://github.com/cozybit/authsae/blob/master/linux/meshd-nl80211.c
/* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
> What device are you working with?
I am using atheros 11n chipset (ath9k).
Regards,
Chun-Yeow
On Wed, 2012-03-07 at 22:47 +0800, Yeoh Chun-Yeow wrote:
> Hi, Johannes
>
> > Does meshd-nl80211 set the station flag NL80211_STA_FLAG_AUTHENTICATED
> > before the key?
>
> The key is installed before the set the station flag
> NL80211_STA_FLAG_AUTHENTICATED.
>
> /* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
> install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
> .....
> set_authenticated_flag(&nlcfg, peer);
Does it work if you turn it around? Are there any problems with doing
so?
This is solvable in the kernel, but probably harder, and impossible if
you wanted to use crypto algorithms that mac80211 doesn't support in
software.
johannes
Hi, Johannes
> Does it work if you turn it around? Are there any problems with doing
> so?
Nope. Unfortunately, not working.
Regards,
Chun-Yeow
On Wed, 2012-03-07 at 15:31 +0100, Johannes Berg wrote:
> Hi,
>
> > > Huh? Well that's odd, maybe there's a race condition and you program the
> > > key before the peer was added to the device?
> >
> > Not so sure. The adding of key is actually done by the meshd-nl80211
> > (authsae) daemon running in userspace.
> >
> > https://github.com/cozybit/authsae/blob/master/linux/meshd-nl80211.c
> >
> > /* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
> > install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
>
> Yeah but that always required a station ... now you have a station but
> it's not uploaded.
>
> > > What device are you working with?
> > I am using atheros 11n chipset (ath9k).
>
> Ok.
>
> I think you're probably trying to set a key before the station is set to
> associated?
Does meshd-nl80211 set the station flag NL80211_STA_FLAG_AUTHENTICATED
before the key?
I suppose both should work -- to make HW key working when the station is
not uploaded yet the key has to be uploaded after the station is
uploaded ... that'd need to have some hooks in the code.
johannes
Hi, Johannes
> Does meshd-nl80211 set the station flag NL80211_STA_FLAG_AUTHENTICATED
> before the key?
The key is installed before the set the station flag
NL80211_STA_FLAG_AUTHENTICATED.
/* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
.....
set_authenticated_flag(&nlcfg, peer);
Chun-Yeow
Hi,
> > Huh? Well that's odd, maybe there's a race condition and you program the
> > key before the peer was added to the device?
>
> Not so sure. The adding of key is actually done by the meshd-nl80211
> (authsae) daemon running in userspace.
>
> https://github.com/cozybit/authsae/blob/master/linux/meshd-nl80211.c
>
> /* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
> install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
Yeah but that always required a station ... now you have a station but
it's not uploaded.
> > What device are you working with?
> I am using atheros 11n chipset (ath9k).
Ok.
I think you're probably trying to set a key before the station is set to
associated?
johannes
Hi, Johannes,
I miss out the configuration of HT mode in authsae.cfg, After redo the
test, it works by altering the following in mesh-nl80211.c
set_authenticated_flag(&nlcfg, peer);
/* key to encrypt/decrypt unicast data AND mgmt traffic
to/from this peer */
install_key(&nlcfg, peer, CIPHER_CCMP,
NL80211_KEYTYPE_PAIRWISE, 0, mtk);
Thanks
Hi, Javier
Are you going to make change to this?
Regards,
Chun-Yeow
On Wed, Mar 7, 2012 at 11:29 PM, Yeoh Chun-Yeow <[email protected]> wrote:
> Hi, Johannes
>
>> Does it work if you turn it around? Are there any problems with doing
>> so?
>
> Nope. Unfortunately, not working.
>
> Regards,
> Chun-Yeow