Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp263733ybs; Sun, 24 May 2020 04:44:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzgsvR//htCwvk9jCd9oADvnEmB8n6YzdT2cGgZa/5p+SYLYXAQDxVN9zUDzPqYIhEnx6Mk X-Received: by 2002:a17:906:580e:: with SMTP id m14mr16009323ejq.457.1590320681920; Sun, 24 May 2020 04:44:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590320681; cv=none; d=google.com; s=arc-20160816; b=PUSTvUYNhmpWFoJNM5t0Jx25eLiS+FCebecx8M42HLtQL/Ypelnl9fryNxDja+MQlU IZgKS3Sx3GMcm0wGJUzS2saCgtu4Ak0If54A4FGvqZK5edzcE/rKbzRuVxNOk3nv7KT1 v5QWCxl2PzUERt493L8F0asvYmz4J5QRHoztdLdG+n74u4D2jROjsZXB8R+5rDvnIm65 Wc0g2HC1BV6BdYqI0BzlY2N5nywQQZb7TEccFTzfW7ooOaG3G0U0Q2kT4/gLPZaIP+0c v67L0smBogVdIVTpOvZAqVDnX4pcXAVh8r56hCUpUPs3FVHcrY8jPdyDqA/fPZNi2kGf N35A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=7e6eM1FBeYVnOJfEDd6TIE/YEGJXg0bheJ3ywRIWRco=; b=oTzA+xmh8TnUs4DjHP4E8KFjnULesylQPNpWFh4JWjiLl+X1JFmyZiIq9xNLZNHkTx Nj1B+4PZSNYk48QMgBECi1DoW/r0xvq/sfdqGyoVYyPZP7LOmlzM+cd0ho4TCL8gcDoo gfK1+VuiDKEb8XUnImEz+ZEL50fvTNBZDHBbQwaWePHR3+4/i9Jsrco4sb8PZXadj3uZ yJ9wbDFvc0drRt7lDi1yLbhT0qxgQCCcFO3FNAsMq61J4NgiKofNaaJnWeSvZ2CEl4o7 UlWDx6lkHb7lm5NAJzhVooaVsm39FHRkWxYEpDfx/293EjZBkc/Tb/hIs1neZOoXLPfc Lj6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=m7iRQIM2; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j8si7895333ejb.158.2020.05.24.04.44.11; Sun, 24 May 2020 04:44:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=m7iRQIM2; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729539AbgEXLnF (ORCPT + 99 others); Sun, 24 May 2020 07:43:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50492 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727101AbgEXLnE (ORCPT ); Sun, 24 May 2020 07:43:04 -0400 Received: from mail-lj1-x243.google.com (mail-lj1-x243.google.com [IPv6:2a00:1450:4864:20::243]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F00EC061A0E for ; Sun, 24 May 2020 04:43:04 -0700 (PDT) Received: by mail-lj1-x243.google.com with SMTP id l15so17475029lje.9 for ; Sun, 24 May 2020 04:43:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7e6eM1FBeYVnOJfEDd6TIE/YEGJXg0bheJ3ywRIWRco=; b=m7iRQIM2kVwRtKy7BOj18uCNIjFDEuXOi25U6DuL7bWzUWVZebZwUbMrnoyrcWvoUz I2zyOsRn91RhXm/IuseQaLnC8dzoZunaQ/ZuzMAMn0WExQZIBIcYGDXfNsbH4/FzDM6m 5vu6jDXxt46410GEYJrU39SYharAgWaN7679nNKFLqsPg1hldXViIU8TQ7F34eGYbJNn ka007s8CfpI2DuooVIivrIxjvEfdhpZ8VjpHZyrKXIUUJ7GaaztPkNUDc7jRkX4L8nTU quWZGt/N/JPz+qIdr5ZY5OsKKo9pO49U0LSZYt+c6Go78DOiBKgL9FgiEbzwEcsP+Fcs W48g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7e6eM1FBeYVnOJfEDd6TIE/YEGJXg0bheJ3ywRIWRco=; b=Bks8ME70ezRHM51du/n7/wGGyh80INrhO7nRFcpUm4KnafYvZi2S4rfHmVXk9pTtv8 pj9g2rpxsM9TsvrZMjMexWJ5F+Sp86TLLvO93vxFFSEtzV47Q/QGF6OWfm5jfaIOPQLk R8oIyOOtluLtnwdG3jqmz0rm2RedV6RHKmVUV9TXWLPcF+8tsN/8r5KYr/lvovzGfK5J ZAPAUtuo7+lKRZJPiqOZQ8DbELjPIFRqGbyPc0FBBPdya9t2v2Ttdx8eSd2GBEu4WZ1O pL9vYO55Bu7sX0wrTN+pSj+cPq1wcpb/HLgleW9osAg9IPQuL2jqsijBIjmbnabr2RRq XM+Q== X-Gm-Message-State: AOAM532+vfyhFAt4Djj/e1M6pSJW839LDcadcswq5YDlyawmmJ0rl1mu 3XhdqU/GK7GicuUcMA1zPri4KqE4HkIO48Xvgf0PBw== X-Received: by 2002:a2e:7c17:: with SMTP id x23mr8914467ljc.307.1590320582824; Sun, 24 May 2020 04:43:02 -0700 (PDT) MIME-Version: 1.0 References: <20200524094730.2684-1-rsalvaterra@gmail.com> <20200524111751.GA914918@wp.pl> In-Reply-To: <20200524111751.GA914918@wp.pl> From: Julian Calaby Date: Sun, 24 May 2020 21:42:51 +1000 Message-ID: Subject: Re: [RFC PATCH] rt2800lib: unconditionally enable MFP To: Stanislaw Gruszka Cc: Rui Salvaterra , Kalle Valo , Larry Finger , linux-wireless@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Hi Stanislaw, On Sun, May 24, 2020 at 9:27 PM Stanislaw Gruszka wrote: > > On Sun, May 24, 2020 at 10:47:31AM +0100, Rui Salvaterra wrote: > > According to Larry [1] (and successfully verified on b43) mac80211 > > transparently falls back to software for unsupported hardware cyphers. Thus, > > there's no reason for not unconditionally enabling MFP. This gives us WPA3 > > support out of the box, without having to manually disable hardware crypto. > > > > Tested on an RT2790-based Wi-Fi card. > > > > [1] https://lore.kernel.org/linux-wireless/8252e6a1-b83c-64eb-2503-2686374216ae@lwfinger.net/ > > AFICT more work need to be done to support MFP by HW encryption properly > on rt2x00. See this message and whole thread: > https://lore.kernel.org/linux-wireless/977a3cf4-3ec5-4aaa-b3d4-eea2e8593652@nbd.name/ Am I reading this right: rt2x00 offloads some of the processing to the card which interferes with MFP when using software encryption, so therefore we need to disable that offload when using software encryption with MFP. So if mac80211 knows that this offload is happening and that we can't use hardware crypto for MFP, could it be smart enough to disable the offload itself? And once mac80211 is smart enough to make those decisions, couldn't we just enable MFP by default? Thanks, -- Julian Calaby Email: julian.calaby@gmail.com Profile: http://www.google.com/profiles/julian.calaby/