Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp912477ybs;
        Mon, 25 May 2020 02:20:36 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxrEG0Ughg/iXopSYO9xE/l9YDOBJRJHLxml6MF1lbVD1fjHyilodyrVSkNZx/kCGA+NsCo
X-Received: by 2002:a17:906:1d13:: with SMTP id n19mr17647955ejh.287.1590398436274;
        Mon, 25 May 2020 02:20:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1590398436; cv=none;
        d=google.com; s=arc-20160816;
        b=h/ajZYDIvCJi37k83Fg409RA2uFgjczhKo5fx7zRyEmzSLzg1gLttJhUpIcOU2QoSo
         3yWR8n2qrG8/0TM1Pti67Kb3Jdo+xY44TnI1CwjrDDcXaiD7y4nSrgQJOGt7OY7E8FLy
         tlEEOXFAhvadeD4ao8qkirH7eS8NByvLsNS2xI8Fa6QxLBj6o8DPh8bRpEUVckwH/liR
         dh3Eo/iLrHA9K8z3eI2W4HTGdxoWyhNVW0zeSRGQLdcZ9mikZJwIIAi0BpUE5Y0BIDFk
         EZhX0OGqM9F0K5qc2uKskJFmd48gU3mJ6anUAQckGbSc6hWdSzCvUCwFLz+UbSc3hX/y
         qsOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id;
        bh=OTb2zn7t3MiqrMXp2Sb7/EUU/s1Bsv+HxjKR+XCtRno=;
        b=J3IBwNSEht0PHhfygGOJaBU/Ap9xRjHmyeZAkxIsTZdRDHN5z8r3FKeO9bV4ecKtM+
         NJTOz2nOzDUm6vIGBvvBZKD2NRz/UFqkxRG0fbJspM+7p7XX/GidIQ5N+2yZMhgMDKNd
         wfhc4nLIeKMlFGla8cSTfm6i/3PKiGRyipfuv8iJNeW7TwqpWhi2bHzBdKt3fk2pHeDw
         qfZ5I1wrc8Dfk/9+Z0zv+VqowZWpybMinbgPAibBSMHy2/kNCeadOsSqlaPH8fPABmtz
         JtcbJMEbKoWcAkqIiOogmxbMNbmfPm3zcKPqaaN0nmit8ITxSTJvBdna/oYGmbWICcQM
         jNYw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bi8si9361141ejb.9.2020.05.25.02.20.12;
        Mon, 25 May 2020 02:20:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389564AbgEYJRz (ORCPT <rfc822;sbsubscribe2014@gmail.com>
        + 99 others); Mon, 25 May 2020 05:17:55 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53836 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2389546AbgEYJRz (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Mon, 25 May 2020 05:17:55 -0400
Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D60A1C061A0E
        for <linux-wireless@vger.kernel.org>; Mon, 25 May 2020 02:17:54 -0700 (PDT)
Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
        (Exim 4.93)
        (envelope-from <johannes@sipsolutions.net>)
        id 1jd9Et-002bRu-HB; Mon, 25 May 2020 11:17:43 +0200
Message-ID: <f925bbe557bd1414d0aee506a3c0c92173f522f9.camel@sipsolutions.net>
Subject: Re: [RFC PATCH] rt2800lib: unconditionally enable MFP
From:   Johannes Berg <johannes@sipsolutions.net>
To:     Larry Finger <Larry.Finger@lwfinger.net>,
        Rui Salvaterra <rsalvaterra@gmail.com>,
        Stanislaw Gruszka <stf_xl@wp.pl>
Cc:     kvalo@codeaurora.org, linux-wireless@vger.kernel.org
Date:   Mon, 25 May 2020 11:17:42 +0200
In-Reply-To: <12222a10-e5d9-514e-7667-0602919a4866@lwfinger.net> (sfid-20200525_020302_358017_7777E473)
References: <20200524094730.2684-1-rsalvaterra@gmail.com>
         <20200524111751.GA914918@wp.pl>
         <CALjTZvbHbMEWTmZk4Li5ZNAETdVd3Q_kHUS6KQw+WDS6ayE9vA@mail.gmail.com>
         <12222a10-e5d9-514e-7667-0602919a4866@lwfinger.net>
         (sfid-20200525_020302_358017_7777E473)
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.2 (3.36.2-1.fc32) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

On Sun, 2020-05-24 at 19:02 -0500, Larry Finger wrote:
> On 5/24/20 10:07 AM, Rui Salvaterra wrote:
> > Hi, Stanislaw,
> > 
> > On Sun, 24 May 2020 at 12:18, Stanislaw Gruszka <stf_xl@wp.pl> wrote:
> > > AFICT more work need to be done to support MFP by HW encryption properly
> > > on rt2x00. See this message and whole thread:
> > > https://lore.kernel.org/linux-wireless/977a3cf4-3ec5-4aaa-b3d4-eea2e8593652@nbd.name/
> > > 
> > > Stanislaw
> > 
> > This RT2790 has been working just fine with my patch for hours. No
> > hangs at all. What additional bad behaviour should I expect?
> 
> I read the above thread. It seems that the best thing to do with b43 is to send 
> the MFP_CAPABLE only when nohwcrypt is set as a module option. I wish it could 
> have worked the other way, but I think the potential for keys getting out of 
> sync should be avoided.I still need to find a place the log something when 
> ciphers are present and the option is not set.

With b43 you have much less to worry about though.

Contrary to what I just said in my other email (oops, sorry) there are
two problems here:

 1) RX of management frames - if hw/fw erroneously attempts to decrypt
 2) PN assignment during TX

1) you can test easily with b43, say send a deauth from the AP to the
client and check the frame goes through properly. If it does, then the
device isn't attempting to decrypt.

2) isn't an issue with b43 since it does it in software (I believe in
mac80211) anyway.

johannes