On Tue, 2009-02-24 at 16:06 +0200, Jouni Malinen wrote: > On Tue, Feb 24, 2009 at 05:49:07AM -0800, Johannes Berg wrote: > > On Tue, 2009-02-24 at 13:42 +0200, Jouni Malinen wrote: > > > In > > > addition, this allows management frame protection to be tested with > > > older hardware revisions. > > > > This is odd, shouldn't older revisions refuse the hw key setup and use > > software anyway? Or are they unable to distinguish between management > > and data frames and thus it all goes wrong? > > The exact behavior depends on the hardware revision, but some older > versions would likely end up using the Data frame rules for decrypting > the management frames and as such, would require software workaround > that re-encrypt the frame using Data frame rules and then make the frame > go the normal software decryption. While this is possible to implement, > I have not bothered to do so yet and don't know how much interest there > would be for such a feature at this point. This would also require some > new APIs from mac80211 to allow re-use of CCMP code. Ok, that makes sense, I probably wouldn't bother implementing that either. I know Broadcom doesn't touch management frames, they explicitly check for that before running crypto stuff on a frame. :) johannes
Attachment:
signature.asc
Description: This is a digitally signed message part