Search Linux Wireless

Re: [ipw3945-devel] [PATCH 1/5] mac80211: allows driver to request a Phase 2 key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 17, 2008 at 12:57 PM, Johannes Berg
<johannes@xxxxxxxxxxxxxxxx> wrote:
>  > >  Actually, you're making it look like a much larger problem than it is.
>  > >  If you assume anything WEP is a "static key" and everything else is a
>  > >  "dynamic key" (using your terminology), the only problem will be with
>  > >  dynamic WEP, and even then it's not really a problem because as far as I
>  > >  understand even dynamic WEP doesn't distinguish between group and
>  > >  pairwise keys.
>  >
>  > This is incorrect.  WPA enable using WEP as dynamic key and this
>  > setting is very common.
>  > WEP key is enabled for legacy stations this force also broadcast to be
>  > WEP.  This setup is still quite common.

>  I have no idea about WPA's non-IEEE modes. I don't seem to be able to
>  find such a thing in the IEEE spec so you'll have to actually elaborate
>  on this.

Actually I've misled you a bit. This is defined by IEEE 802.11i in
section TSN Transition Security Network. Where legacy WEP-only STA and
RSN-enabled station can coexists.  In this case Legacy stations use
static WEP key and RSN enabled station uses more advanced security
setting. RSN enabled station will be configured with WEP as a group
cipher  (spec name)

Here is a quote from the spec.. there is much more about it it's a bit
spread in the spec.

3.123 Transition Security Network (TSN): A Security Network which
allows the creation of Pre-Robust
Security Network Associations as well as Robust Security Network
Associations. A TSN can be identified
by the indication in the RSN IE of Beacons that the group cipher suite
in use is WEP.

>

>  > >  Note that there's another case in AP mode where bc/mc keys are TX-only,
>  > >  those are added with a zeroed MAC address.

>  > I would prefer also in this case a clear flag rather then playing with
>  > ambiguity of destination address.

On second thought is that AP has only TX group key while STA has only
RX group key so I
m not seeing here any need for flag.

>
>  Yes, that would indeed help. Except that WEXT can't actually give you
>  the distinction so discussing these points right now is pretty moot when
>  we can't even do it properly as far as I can tell. Might be possible to
>  infer the information with the key management enabled flag thing...

You have encode ioctl which is called only for static/legacy WEP or
you use CIPHER_NONE  for when using encodeext
For WEP in Pairwise and Group Key you use WEP40/104

/* IW_AUTH_PAIRWISE_CIPHER and IW_AUTH_GROUP_CIPHER values (bit field) */
#define IW_AUTH_CIPHER_NONE	0x00000001
#define IW_AUTH_CIPHER_WEP40	0x00000002
#define IW_AUTH_CIPHER_TKIP	0x00000004
#define IW_AUTH_CIPHER_CCMP	0x00000008
#define IW_AUTH_CIPHER_WEP104	0x00000010

It's not well defined in wext but we can at least define the interface
from mac80211 point of view.


Thanks
Tomas
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux