Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1487259yba;
        Thu, 25 Apr 2019 00:07:49 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxk/ypuoJs/Yn3btc9vBMpEYAF40OW1JLFVcXRq0Dr0FPEniY+4Wi95VQ0ykgZoQQQZA4TJ
X-Received: by 2002:a17:902:302:: with SMTP id 2mr37856105pld.232.1556176069273;
        Thu, 25 Apr 2019 00:07:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556176069; cv=none;
        d=google.com; s=arc-20160816;
        b=FALBDWXwCgTZxB6zRKGDajXRAxIbOP4+ruNHJv1d66nmSc1JTczCmr6ORwt3A/7xqp
         JZi2k05fbTO8aWsJTIFQglcJMpE0narbRlsPN7pxKhW8FDZYuyjW+rFWZiS1wb3CaUaC
         WH0Jgq58ZdEvQMZQY9SE/pEiBj5Y5fzqRaimm7yxJfkwlEg4995fbtFCN9Y/7ivNRsmO
         gvTJbkCFYzokoujoGo57gb+dXya+75krSaL5i9uZKNtA0en67RyIN+rSL9iJt/2Ak2K4
         usSzKy0VbfJvt/oJTHTnJ5h9ITzSTVsSyRHAmq1mt6vz6ZMGPpL9xFLnpghdY/AGILyA
         eUwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id;
        bh=pBDGN6OaQ7yy4byPmYnNA428siD+XVO4lhxloPVxb/s=;
        b=RkvZ0qyu1ZU5nWyYvBkW82swsVDxEjyg0/tz6IXg2ToPD1M7Fj0uoTcSKPY3b5VEER
         fR2/MHqajqPfo1oR3m/ZULh9DBmT+kIjVo3ndR531muwJOuzg0NEEnntXvtRo0pDi+6o
         E6IUtp13S7bKDhZ1J03AdeO0OSUcaQyear6KKtGcWG1ypZ6s8RXWo+zuYS+sWMsS5qm5
         4jMaDPhmwjwsWlqBnET8PYyqL/N3wrUBqGfubdxBhBrJRT76EdudRnJZ917BmujkVPCu
         BgDJzqwyZS/n6SVj8E38mmwZYhU3cvw4b0u5v99Bl+umP0pHnanc/SU7iFtsVNJ62CEs
         EZ7Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 23si6191825pfi.227.2019.04.25.00.07.34;
        Thu, 25 Apr 2019 00:07:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387981AbfDXVBa (ORCPT <rfc822;adrian.marcus.widjaja@gmail.com>
        + 99 others); Wed, 24 Apr 2019 17:01:30 -0400
Received: from s3.sipsolutions.net ([144.76.43.62]:42252 "EHLO
        sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728550AbfDXVBa (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Wed, 24 Apr 2019 17:01:30 -0400
Received: by sipsolutions.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.92)
        (envelope-from <johannes@sipsolutions.net>)
        id 1hJP1E-0007Ny-6j; Wed, 24 Apr 2019 23:01:28 +0200
Message-ID: <2b232d3cd7af0e6ab6e787d94ffad392813d4da0.camel@sipsolutions.net>
Subject: Re: [PATCH] mac80211: Set CAN_REPLACE_PTK0 for SW crypto only
 drivers
From:   Johannes Berg <johannes@sipsolutions.net>
To:     Alexander Wetzel <alexander@wetzel-home.de>
Cc:     linux-wireless@vger.kernel.org
Date:   Wed, 24 Apr 2019 23:01:26 +0200
In-Reply-To: <0e1d8f51-ca1b-a55e-73a1-d4b95fe3f0b5@wetzel-home.de>
References: <20190424173246.26421-1-alexander@wetzel-home.de>
         <45ef6418002ddb01bc99a06a5c52e0dcd30afd4b.camel@sipsolutions.net>
         <0e1d8f51-ca1b-a55e-73a1-d4b95fe3f0b5@wetzel-home.de>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.28.5 (3.28.5-2.fc28) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

On Wed, 2019-04-24 at 22:58 +0200, Alexander Wetzel wrote:
> 
> > Now I wonder - shouldn't the same A-MPDU issue apply here? After all, if
> > you replace the PTK 0 surely you shouldn't use different ones for the
> > same frame in an A-MPDU?
> 
> Not from what I found in IEEE 802.11. It's only forbidden to mix keyIDs, 
> not MPDUs using different keys. And without Extended Key ID the keyID 
> can only be zero. So from a standard point of view we are ok, no keyID 
> mixing possible.

Yeah, well, the standard probably didn't consider this. From an
implementation POV, having two subframes with different keys will not
really be possible, *especially* if they have the same key ID.

I think this basically was not considered in spec writing.

> From a practical point of view cards like mvm cards will for sure 
> corrupt MPDUs aggregated in a A-MPDU when different key were used for 
> them. But we still don't care:-)
> 
> We'll corrupt the MPDU's encoded with either the old or the new key 
> anyhow and we don't care which ones. After all the card will only have 
> one key active for key ID 0 at any time won't have the second key 
> installed at all.

Yeah, ok, fair point.

johannes