On Tue, 2007-10-02 at 19:50 -0700, Jouni Malinen wrote: > > > > * 802.11r (fast roaming) > > The current implementation is more or less complete for all the required > functionality. I just updated it for the latest draft (D8.0) that was > released last week. This includes code for adding new IEs to > authentication and association frames and also sending/receiving of > action frames. Good to know. The latter are passed with SIOCSIWGENIE I assume. > > > > * 802.11w (encrypted management) > wpa_supplicant has implementation for negotiating the keys and > configuring them to the driver. It does not implement > encryption/decryption of the management frames, though, and I do not > have plans on doing that in user space either. Right, that makes sense. > 802.11w actually uses the > same PTK than data frames for unicast management frames, so the kernel > side (or firmware/hardware) CCMP should be used for this. Yeah we'll probably need a new hw flag for this since I expect there to be some hardware that will not like hw-crypto for management frames. OTOH, it could probably better be a key flag or something, not sure about the details right now. But it should be trivial to solve. > As far as > broadcast/multicast management frames are concerned, they will need a > new encryption (or well, actually it is not encryption, just integrity > protection) algorithm in the kernel. The key (IGTK) comes from user > space in the same way as GTK for data frames. Right, so we need a new cipher added to nl80211's checking code and make mac80211 handle that new cipher. It needs to be implemented too, but right now I definitely won't have time for that and the 802.11w draft I have may well be outdated too. In any case, it doesn't look like a hard problem to solve once we have the algorithm spec. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part