Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp2478276ybl; Mon, 19 Aug 2019 02:43:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqzFC96XO75cZSGSMoO5BYHxW8ZWXy+wSFXzxz4m/YQjPTRmwlMWwLGJXkGvW+mQUTMF5yct X-Received: by 2002:a63:5920:: with SMTP id n32mr18356004pgb.352.1566207819346; Mon, 19 Aug 2019 02:43:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566207819; cv=none; d=google.com; s=arc-20160816; b=K9l8+wVOCYLAQUV38SMLSj+NMt2IK9Th4vnbBz+Ud6UC4uYZrt+0EyhFcdu1bGEoqn KdkwTJsAfwH7FCZGEcIRvdsDrchzeGmYhWLISCD9Ei1H8Wlp938LRa3N9oAW9c8f9DrF tSj+xkJvsR36hpkPoUHRkB0ZGC/lW+j+vo4CxYJgMvdsLylduQesaWp72aGS9K2J3lT6 1hLz6ZMybO36+VQ4+XPGJdc8qqd6AbO2Mznr7Q8z1+ZLytJE3P55+VVLNQ7ZY9PgQtbZ 2Fi/44hiMVbR5cvyBFUM3UTSaFQGpz4OjeG96p8Mv/gDfGr/gZsMNN6hGDMenQv2EjaI bo8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=dQ3+G/TSByCdXkF0g7xhC+EZ7XV/MOHIV4kepOwfUOg=; b=X5hvkZVBoisQVCqWUG55Wn2RL9mxsW4r6pZr5DK3W2ZMTAGvYs0L/IQx849kL0FGcS +nL3i2fQZeGBZUIJ14Fc2QyshnaZBP1ivmSB0iWU7yMXDXEoh5HIpj1zezYmM832qy2x np/uU9NxY7Qaciq8w+pYD3bDXx1HufYm6rHusGNZPPraYAbwgi5v+MCqTuUzOFJlJNY6 nIP1mPyKuotWsDQ3C9sMRn4C5KG0EvYwO4ixOX33L3oRiBH18PtgRHeYj1CAD9hBk9au syEPH4zM2PH9EUMC7vxEZcB+X++k+O3WIwn+8ngLCZOGPJAPEwAo1GeEFWdYmSJjpVcS Au0Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v31si9593155plg.339.2019.08.19.02.43.19; Mon, 19 Aug 2019 02:43:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726694AbfHSJnM (ORCPT + 99 others); Mon, 19 Aug 2019 05:43:12 -0400 Received: from s3.sipsolutions.net ([144.76.43.62]:38480 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726314AbfHSJnM (ORCPT ); Mon, 19 Aug 2019 05:43:12 -0400 Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1hzeBq-0006qe-Ru; Mon, 19 Aug 2019 11:43:03 +0200 Message-ID: Subject: Re: [PATCH 4/4] iwlwifi: Enable Extended Key ID for mvm and dvm From: Johannes Berg To: Alexander Wetzel , Luca Coelho Cc: linux-wireless@vger.kernel.org Date: Mon, 19 Aug 2019 11:43:00 +0200 In-Reply-To: References: <20190629195015.19680-1-alexander@wetzel-home.de> <20190629195015.19680-4-alexander@wetzel-home.de> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.5 (3.30.5-1.fc29) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Sat, 2019-08-17 at 10:31 +0200, Alexander Wetzel wrote: > > All iwlwifi cards are able to handle multiple keyids per STA and are > > therefore fully compatible with the Extended Key ID implementation > > provided by mac80211. > > I just tried Extended Key ID with a AX200 card and it really looks like > it's incompatible:-( Hmm. > The card is starting to use the PTK key immediately after installation, > encrypting EAPOL #3 with the new (still Rx only!) key. Right. This wasn't considered, I guess. > Digging around in the driver code it looks like we do not even pass the > key information any longer to the card: iwl_mvm_set_tx_params() is > bypassing iwl_mvm_set_tx_cmd_crypto() completely when we use the "new tx > API". So all cards setting "use_tfh" to true are now incompatible. > > Therefore it looks like that all cards starting with the 22000 series > can't be used with Extended Key ID any longer. > > Is there a way to hand over the key information within the new API or is > the way forward to block Extended Key ID when the "new tx API" is being > used? Not right now, but I think it could be fixed. > The card is fine with using keyid 1 for unicast keys. But it looks like > it assumes that a new key install also tells it to use the new key > immediately... Still digging around but pretty sure that's happening now. Right. For now I guess we have to disable it with the new TX API (which is really what it depends on), we can try to fix the firmware later. johannes