From: Jouni Malinen <j@w1.fi>
To: Masashi Honma <masashi.honma@gmail.com>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH] mac80211: Encrypt "Group addressed privacy" action frames
Date: Sat, 18 Jun 2016 12:11:16 +0300 [thread overview]
Message-ID: <20160618091116.GA2972@w1.fi> (raw)
In-Reply-To: <1465969112-2814-1-git-send-email-masashi.honma@gmail.com>
On Wed, Jun 15, 2016 at 02:38:32PM +0900, Masashi Honma wrote:
> Previously, the action frames to group address was not encrypted. But
> [1] "Table 8-38 Category values" indicates "Mesh" and "Multihop" category
> action frames should be encrypted (Group addressed privacy == yes). And the
> encyption key should be MGTK ([1] 10.13 Group addressed robust management frame
> procedures). So this patch modifies the code to make it suitable for spec.
> net/mac80211/tx.c | 20 ++++++++++++++++++++
> 1 file changed, 20 insertions(+)
What about RX side? Shouldn't there be a matching change there to
enforce use of group addressed privacy for the specific Action
categories? This will make devices using fixed implementation not
interoperate with devices using older version, I'd assume, but it looks
like the current use of mesh with RSN is pretty hopelessly broken as far
as no PMF case is concerned at least when using the wpa_supplicant
implementation (sets IGTK incorrectly and ends up using BIP even when
PMF was not enabled), so there does not seem to be any convenient way of
addressing this apart from requiring all devices in the MBSS to get
updated to the fixed versions.
> diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
> +static bool debug_noinline
> +ieee80211_is_group_privacy_action(struct ieee80211_hdr *hdr)
And this helper should likely be in some more generic location so that
it could be shared for TX and RX..
--
Jouni Malinen PGP id EFC895FA
next prev parent reply other threads:[~2016-06-18 9:17 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-15 5:38 [PATCH] mac80211: Encrypt "Group addressed privacy" action frames Masashi Honma
2016-06-18 9:11 ` Jouni Malinen [this message]
2016-06-20 0:51 ` Masashi Honma
2016-06-20 21:25 ` Jouni Malinen
2016-06-21 6:16 ` Masashi Honma
2016-06-21 17:01 ` Jouni Malinen
2016-06-21 19:40 ` Johannes Berg
2016-06-22 10:54 ` Masashi Honma
2016-06-22 10:55 ` [PATCH v3] " Masashi Honma
2016-06-29 15:08 ` Masashi Honma
2016-06-29 16:25 ` Johannes Berg
2016-06-29 23:20 ` Masashi Honma
2016-06-21 6:23 ` [PATCH v2] " Masashi Honma
2016-06-21 16:42 ` Jouni Malinen
2016-06-22 10:53 ` Masashi Honma
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160618091116.GA2972@w1.fi \
--to=j@w1.fi \
--cc=linux-wireless@vger.kernel.org \
--cc=masashi.honma@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.