Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1487259yba; Thu, 25 Apr 2019 00:07:49 -0700 (PDT) X-Google-Smtp-Source: APXvYqxk/ypuoJs/Yn3btc9vBMpEYAF40OW1JLFVcXRq0Dr0FPEniY+4Wi95VQ0ykgZoQQQZA4TJ X-Received: by 2002:a17:902:302:: with SMTP id 2mr37856105pld.232.1556176069273; Thu, 25 Apr 2019 00:07:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556176069; cv=none; d=google.com; s=arc-20160816; b=FALBDWXwCgTZxB6zRKGDajXRAxIbOP4+ruNHJv1d66nmSc1JTczCmr6ORwt3A/7xqp JZi2k05fbTO8aWsJTIFQglcJMpE0narbRlsPN7pxKhW8FDZYuyjW+rFWZiS1wb3CaUaC WH0Jgq58ZdEvQMZQY9SE/pEiBj5Y5fzqRaimm7yxJfkwlEg4995fbtFCN9Y/7ivNRsmO gvTJbkCFYzokoujoGo57gb+dXya+75krSaL5i9uZKNtA0en67RyIN+rSL9iJt/2Ak2K4 usSzKy0VbfJvt/oJTHTnJ5h9ITzSTVsSyRHAmq1mt6vz6ZMGPpL9xFLnpghdY/AGILyA eUwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id; bh=pBDGN6OaQ7yy4byPmYnNA428siD+XVO4lhxloPVxb/s=; b=RkvZ0qyu1ZU5nWyYvBkW82swsVDxEjyg0/tz6IXg2ToPD1M7Fj0uoTcSKPY3b5VEER fR2/MHqajqPfo1oR3m/ZULh9DBmT+kIjVo3ndR531muwJOuzg0NEEnntXvtRo0pDi+6o E6IUtp13S7bKDhZ1J03AdeO0OSUcaQyear6KKtGcWG1ypZ6s8RXWo+zuYS+sWMsS5qm5 4jMaDPhmwjwsWlqBnET8PYyqL/N3wrUBqGfubdxBhBrJRT76EdudRnJZ917BmujkVPCu BgDJzqwyZS/n6SVj8E38mmwZYhU3cvw4b0u5v99Bl+umP0pHnanc/SU7iFtsVNJ62CEs EZ7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 23si6191825pfi.227.2019.04.25.00.07.34; Thu, 25 Apr 2019 00:07:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387981AbfDXVBa (ORCPT + 99 others); Wed, 24 Apr 2019 17:01:30 -0400 Received: from s3.sipsolutions.net ([144.76.43.62]:42252 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728550AbfDXVBa (ORCPT ); Wed, 24 Apr 2019 17:01:30 -0400 Received: by sipsolutions.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1hJP1E-0007Ny-6j; Wed, 24 Apr 2019 23:01:28 +0200 Message-ID: <2b232d3cd7af0e6ab6e787d94ffad392813d4da0.camel@sipsolutions.net> Subject: Re: [PATCH] mac80211: Set CAN_REPLACE_PTK0 for SW crypto only drivers From: Johannes Berg To: Alexander Wetzel Cc: linux-wireless@vger.kernel.org Date: Wed, 24 Apr 2019 23:01:26 +0200 In-Reply-To: <0e1d8f51-ca1b-a55e-73a1-d4b95fe3f0b5@wetzel-home.de> References: <20190424173246.26421-1-alexander@wetzel-home.de> <45ef6418002ddb01bc99a06a5c52e0dcd30afd4b.camel@sipsolutions.net> <0e1d8f51-ca1b-a55e-73a1-d4b95fe3f0b5@wetzel-home.de> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 (3.28.5-2.fc28) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Wed, 2019-04-24 at 22:58 +0200, Alexander Wetzel wrote: > > > Now I wonder - shouldn't the same A-MPDU issue apply here? After all, if > > you replace the PTK 0 surely you shouldn't use different ones for the > > same frame in an A-MPDU? > > Not from what I found in IEEE 802.11. It's only forbidden to mix keyIDs, > not MPDUs using different keys. And without Extended Key ID the keyID > can only be zero. So from a standard point of view we are ok, no keyID > mixing possible. Yeah, well, the standard probably didn't consider this. From an implementation POV, having two subframes with different keys will not really be possible, *especially* if they have the same key ID. I think this basically was not considered in spec writing. > From a practical point of view cards like mvm cards will for sure > corrupt MPDUs aggregated in a A-MPDU when different key were used for > them. But we still don't care:-) > > We'll corrupt the MPDU's encoded with either the old or the new key > anyhow and we don't care which ones. After all the card will only have > one key active for key ID 0 at any time won't have the second key > installed at all. Yeah, ok, fair point. johannes