Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp2478276ybl;
        Mon, 19 Aug 2019 02:43:39 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzFC96XO75cZSGSMoO5BYHxW8ZWXy+wSFXzxz4m/YQjPTRmwlMWwLGJXkGvW+mQUTMF5yct
X-Received: by 2002:a63:5920:: with SMTP id n32mr18356004pgb.352.1566207819346;
        Mon, 19 Aug 2019 02:43:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1566207819; cv=none;
        d=google.com; s=arc-20160816;
        b=K9l8+wVOCYLAQUV38SMLSj+NMt2IK9Th4vnbBz+Ud6UC4uYZrt+0EyhFcdu1bGEoqn
         KdkwTJsAfwH7FCZGEcIRvdsDrchzeGmYhWLISCD9Ei1H8Wlp938LRa3N9oAW9c8f9DrF
         tSj+xkJvsR36hpkPoUHRkB0ZGC/lW+j+vo4CxYJgMvdsLylduQesaWp72aGS9K2J3lT6
         1hLz6ZMybO36+VQ4+XPGJdc8qqd6AbO2Mznr7Q8z1+ZLytJE3P55+VVLNQ7ZY9PgQtbZ
         2Fi/44hiMVbR5cvyBFUM3UTSaFQGpz4OjeG96p8Mv/gDfGr/gZsMNN6hGDMenQv2EjaI
         bo8w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id;
        bh=dQ3+G/TSByCdXkF0g7xhC+EZ7XV/MOHIV4kepOwfUOg=;
        b=X5hvkZVBoisQVCqWUG55Wn2RL9mxsW4r6pZr5DK3W2ZMTAGvYs0L/IQx849kL0FGcS
         +nL3i2fQZeGBZUIJ14Fc2QyshnaZBP1ivmSB0iWU7yMXDXEoh5HIpj1zezYmM832qy2x
         np/uU9NxY7Qaciq8w+pYD3bDXx1HufYm6rHusGNZPPraYAbwgi5v+MCqTuUzOFJlJNY6
         nIP1mPyKuotWsDQ3C9sMRn4C5KG0EvYwO4ixOX33L3oRiBH18PtgRHeYj1CAD9hBk9au
         syEPH4zM2PH9EUMC7vxEZcB+X++k+O3WIwn+8ngLCZOGPJAPEwAo1GeEFWdYmSJjpVcS
         Au0Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v31si9593155plg.339.2019.08.19.02.43.19;
        Mon, 19 Aug 2019 02:43:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726694AbfHSJnM (ORCPT <rfc822;prestwoj@gmail.com> + 99 others);
        Mon, 19 Aug 2019 05:43:12 -0400
Received: from s3.sipsolutions.net ([144.76.43.62]:38480 "EHLO
        sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726314AbfHSJnM (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Mon, 19 Aug 2019 05:43:12 -0400
Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.92)
        (envelope-from <johannes@sipsolutions.net>)
        id 1hzeBq-0006qe-Ru; Mon, 19 Aug 2019 11:43:03 +0200
Message-ID: <d3c6d084728e4203832688b63e884d25b0f74fcf.camel@sipsolutions.net>
Subject: Re: [PATCH 4/4] iwlwifi: Enable Extended Key ID for mvm and dvm
From:   Johannes Berg <johannes@sipsolutions.net>
To:     Alexander Wetzel <alexander@wetzel-home.de>,
        Luca Coelho <luca@coelho.fi>
Cc:     linux-wireless@vger.kernel.org
Date:   Mon, 19 Aug 2019 11:43:00 +0200
In-Reply-To: <cd1b1a83-55e2-3c07-dbe2-0c459bbcdc7e@wetzel-home.de>
References: <20190629195015.19680-1-alexander@wetzel-home.de>
         <20190629195015.19680-4-alexander@wetzel-home.de>
         <cd1b1a83-55e2-3c07-dbe2-0c459bbcdc7e@wetzel-home.de>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5 (3.30.5-1.fc29) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

On Sat, 2019-08-17 at 10:31 +0200, Alexander Wetzel wrote:
> > All iwlwifi cards are able to handle multiple keyids per STA and are
> > therefore fully compatible with the Extended Key ID implementation
> > provided by mac80211.
> 
> I just tried Extended Key ID with a AX200 card and it really looks like 
> it's incompatible:-(

Hmm.

> The card is starting to use the PTK key immediately after installation, 
> encrypting EAPOL #3 with the new (still Rx only!) key.

Right. This wasn't considered, I guess.

> Digging around in the driver code it looks like we do not even pass the 
> key information any longer to the card: iwl_mvm_set_tx_params() is 
> bypassing iwl_mvm_set_tx_cmd_crypto() completely when we use the "new tx 
> API". So all cards setting "use_tfh" to true are now incompatible.
> 
> Therefore it looks like that all cards starting with the 22000 series 
> can't be used with Extended Key ID any longer.
> 
> Is there a way to hand over the key information within the new API or is 
> the way forward to block Extended Key ID when the "new tx API" is being 
> used?

Not right now, but I think it could be fixed.

> The card is fine with using keyid 1 for unicast keys. But it looks like 
> it assumes that a new key install also tells it to use the new key 
> immediately... Still digging around but pretty sure that's happening now.

Right.

For now I guess we have to disable it with the new TX API (which is
really what it depends on), we can try to fix the firmware later.

johannes