On Sun, Sep 30, 2007 at 10:43:35AM +0200, Johannes Berg wrote: > > > * 802.11r (fast roaming) > > Already has a (partial?) implementation in wpa_supplicant. The current implementation is more or less complete for all the required functionality. I just updated it for the latest draft (D8.0) that was released last week. This includes code for adding new IEs to authentication and association frames and also sending/receiving of action frames. > > > * 802.11w (encrypted management) > > All the key handling is in wpa_supplicant so we will not be able to > support it in the kernel w/o wpa_supplicant and I don't see a good way > to do it in the kernel either (not too familiar with the spec though), > and wpa_supplicant already has a (partial?) implementation. wpa_supplicant has implementation for negotiating the keys and configuring them to the driver. It does not implement encryption/decryption of the management frames, though, and I do not have plans on doing that in user space either. 802.11w actually uses the same PTK than data frames for unicast management frames, so the kernel side (or firmware/hardware) CCMP should be used for this. As far as broadcast/multicast management frames are concerned, they will need a new encryption (or well, actually it is not encryption, just integrity protection) algorithm in the kernel. The key (IGTK) comes from user space in the same way as GTK for data frames. In general, 802.11w has quite minimal requirements for the MLME parts and the key negotiation (part of 4-way handshake) is completely separate functionality from the encryption/decryption/integrity protection of management frames. -- Jouni Malinen PGP id EFC895FA - To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
