Re: [ipw3945-devel] [PATCH 1/5] mac80211: allows driver to request a Phase 2 key

[Dan Williams <dcbw@redhat.com>]

On Mon, 2008-03-17 at 14:49 +0100, Johannes Berg wrote:
> > >  Huh ok. But how would the WEP legacy station be able to determine that?
> > 
> > Legacy user get the key written on 'positit' yellow paper :).
> 
> Heh yeah.
> 
> > >  Or does it just try to use WEP and succeed? TBH, I was unaware that this
> > >  existed, this does make it a bit more of a problem than I thought then.
> > >
> > 
> > >  >
> > >  > On second thought is that AP has only TX group key while STA has only
> > >  > RX group key so I
> > >  > m not seeing here any need for flag.
> > >
> > >  Hm, well, I didn't really want to require the driver to keep track of
> > >  the current operating mode, so that's why I used 00:...:00 vs. FF:...:FF
> > >  for the group keys.
> > 
> > Isn't if on integer faster then comparing 6 bytes?
> 
> Probably. Does it matter though? Setting keys isn't going to be
> performance critical in any way.
> 
> > >  Is that really done though? I mean, does wpa_supplicant not also use
> > >  encodeext for WEP keys?
> > >
> > Unfortunately yes.
> 
> So that doesn't really help us either way, no?
> 
> > First of all we don't need 4 keys per station but for the whole
> > system. 
> 
> Not sure I understand this. You need pairwise (per-station) keys as well
> as four default keys, no?
> 
> > Even in AP mode with multiple SSID meaning multiple security
> > setting you cannot distinguish between networks in static WEP key
> > setting so 4 is enough.
> 
> Not sure I get what you're thinking here.
> 
> > Beside that you need place holder for group key. They might be
> > multiple groups key in case of multiple SSIDs in AP mode, iwlwifi
> > doesn't support it in HW but in general it is possible.
> 
> Well, no, because we can add multiple keys with a zeroed MAC address,
> since we have the local MAC address in there as well. Also, in an AP,
> these are only used for TX so it doesn't matter since mac80211 does the
> key selection completely on its own.
> 
> > We need a flag in set_key which says whether the WEP key is static or not.
> 
> Let's actually try to gather all the cases first.
> 
> Is this it?
> 
>  * TKIP/CCMP/WEP group or pairwise key
>  * WEP legacy ('static') key

So the problem with this is, how does Dynamic WEP work here?  Dynamic
WEP uses 802.1x/EAP to rekey stations periodically just like
WPA[2]-Enterprise, but of courses uses WEP only.  It's not "static" WEP
as you guys have been talking about it (you could call static WEP
"WEP-PSK" if you like).

The problem here is that with WEXT, there's not a good way to
distinguish between the two.  Both static & dynamic WEP might look the
same to the driver when the call comes through SIWENCODE/SIWENCODEEXT.
So you've got to be careful here classifying all WEP key requests as
static.

Dan

> where the first is completely covered by what we have now and the
> assumption is that if only WEP keys are present then it'll be a legacy
> WEP key?
> 
> johannes