2012-08-27 10:39:51

by Chun-Yeow Yeoh

[permalink] [raw]
Subject: [PATCH] cfg80211: allow software encryption of aes cmac in mesh

Secured mesh requires the key installation using cipher
suite AES CMAC for multicast management frame. This patch
will allow the key installation to proceed. Otherwise, it
will be rejected due to hw encryption is not supported.

Signed-off-by: Chun-Yeow Yeoh <[email protected]>
---
net/wireless/util.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/net/wireless/util.c b/net/wireless/util.c
index ef35f4e..1b665a7 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -253,7 +253,9 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
}
}

- if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher))
+ if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher) &&
+ !(params->cipher == WLAN_CIPHER_SUITE_AES_CMAC &&
+ (rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)))
return -EINVAL;

return 0;
--
1.7.0.4



2012-08-27 14:39:44

by Thomas Pedersen

[permalink] [raw]
Subject: Re: [PATCH] cfg80211: allow software encryption of aes cmac in mesh

Hi Chun-Yeow,

On Mon, Aug 27, 2012 at 3:38 AM, Chun-Yeow Yeoh <[email protected]> wrote:
> Secured mesh requires the key installation using cipher
> suite AES CMAC for multicast management frame. This patch
> will allow the key installation to proceed. Otherwise, it
> will be rejected due to hw encryption is not supported.

So what does this patch fix, exactly? mac80211 already advertises
support for AES CMAC if the hardware is MFP capable.

> - if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher))
> + if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher) &&
> + !(params->cipher == WLAN_CIPHER_SUITE_AES_CMAC &&
> + (rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)))
> return -EINVAL;

2012-08-27 17:18:12

by Thomas Pedersen

[permalink] [raw]
Subject: Re: [PATCH] cfg80211: allow software encryption of aes cmac in mesh

On Mon, Aug 27, 2012 at 8:24 AM, Yeoh Chun-Yeow <[email protected]> wrote:
> Hi, Thomas
>
>> So what does this patch fix, exactly? mac80211 already advertises
>> support for AES CMAC if the hardware is MFP capable.
>
> I think that ath5k is not hardware MFP capable, but actually could do
> AES CMAC in software. But key installation using AES CMAC of authsae
> on the multicast management frame are failed due to the checking of
> cfg80211_supported_cipher_suit which is based on
> IEEE80211_HW_MFP_CAPABLE. So the only way is bypass this checking.
> What do you think?

But this is ugly. I liked your ath5k patch better and am not really
sure what Johannes' problem with it was?

Thomas

2012-08-27 15:24:42

by Chun-Yeow Yeoh

[permalink] [raw]
Subject: Re: [PATCH] cfg80211: allow software encryption of aes cmac in mesh

Hi, Thomas

> So what does this patch fix, exactly? mac80211 already advertises
> support for AES CMAC if the hardware is MFP capable.

I think that ath5k is not hardware MFP capable, but actually could do
AES CMAC in software. But key installation using AES CMAC of authsae
on the multicast management frame are failed due to the checking of
cfg80211_supported_cipher_suit which is based on
IEEE80211_HW_MFP_CAPABLE. So the only way is bypass this checking.
What do you think?

--
Chun-Yeow

2012-08-28 07:42:55

by Chun-Yeow Yeoh

[permalink] [raw]
Subject: Re: [PATCH] cfg80211: allow software encryption of aes cmac in mesh

Hi, Thomas

> But this is ugly. I liked your ath5k patch better and am not really
> sure what Johannes' problem with it was?

Further investigation seems that MFP can be supported in hardware.

Let me resubmit a patch on ath5k and see what are the comments coming
from ath5k developers.

Thanks

---
Chun-Yeow