[PATCH] mac80211: remove shared key todo

[PATCH] mac80211: remove shared key todo

[Johannes Berg]

Adding shared key authentication is not going to happen anyway.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
---
 net/mac80211/mlme.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- everything.orig/net/mac80211/mlme.c	2008-06-16 09:30:45.000000000 +0200
+++ everything/net/mac80211/mlme.c	2008-06-16 09:31:01.000000000 +0200
@@ -1753,11 +1753,12 @@ static void ieee80211_rx_mgmt_auth(struc
 	       auth_transaction, status_code);
 
 	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
-		/* IEEE 802.11 standard does not require authentication in IBSS
+		/*
+		 * IEEE 802.11 standard does not require authentication in IBSS
 		 * networks and most implementations do not seem to use it.
 		 * However, try to reply to authentication attempts if someone
 		 * has actually implemented this.
-		 * TODO: Could implement shared key authentication. */
+		 */
 		if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
 			printk(KERN_DEBUG "%s: unexpected IBSS authentication "
 			       "frame (alg=%d transaction=%d)\n",

Re: [PATCH] mac80211: remove shared key todo

[Dan Williams]

On Mon, 2008-06-16 at 20:55 +0200, Johannes Berg wrote:
> Adding shared key authentication is not going to happen anyway.

+1; I've _never_ heard or seen anyone using Shared Key auth with adhoc.
How would that work anyway, given that there's no AP to send you the
challenge text?  Just auth against some random peer?

Dan

> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
> ---
>  net/mac80211/mlme.c |    5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> --- everything.orig/net/mac80211/mlme.c	2008-06-16 09:30:45.000000000 +0200
> +++ everything/net/mac80211/mlme.c	2008-06-16 09:31:01.000000000 +0200
> @@ -1753,11 +1753,12 @@ static void ieee80211_rx_mgmt_auth(struc
>  	       auth_transaction, status_code);
>  
>  	if (sdata->vif.type == IEEE80211_IF_TYPE_IBSS) {
> -		/* IEEE 802.11 standard does not require authentication in IBSS
> +		/*
> +		 * IEEE 802.11 standard does not require authentication in IBSS
>  		 * networks and most implementations do not seem to use it.
>  		 * However, try to reply to authentication attempts if someone
>  		 * has actually implemented this.
> -		 * TODO: Could implement shared key authentication. */
> +		 */
>  		if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
>  			printk(KERN_DEBUG "%s: unexpected IBSS authentication "
>  			       "frame (alg=%d transaction=%d)\n",
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] mac80211: remove shared key todo

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 670 bytes --]

On Mon, 2008-06-16 at 16:19 -0400, Dan Williams wrote:
> On Mon, 2008-06-16 at 20:55 +0200, Johannes Berg wrote:
> > Adding shared key authentication is not going to happen anyway.
> 
> +1; I've _never_ heard or seen anyone using Shared Key auth with adhoc.
> How would that work anyway, given that there's no AP to send you the
> challenge text?  Just auth against some random peer?

I have no idea. Usually, you don't even do open auth for IBSS, there's
just no point. Unless you get into IBSS with encryption, but we don't
really support that yet, and we probably never will actually support
that without the userspace MLME in wpa supplicant.

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [PATCH] mac80211: remove shared key todo

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 305 bytes --]

On Mon, 2008-06-16 at 22:21 +0200, Johannes Berg wrote:

> I have no idea. Usually, you don't even do open auth for IBSS, there's
> just no point. Unless you get into IBSS with encryption, 

Oh, I meant WPA encryption, but you can probably only call WEP
"obfuscation" at best anyway ;)

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [PATCH] mac80211: remove shared key todo

[Dan Williams]

On Mon, 2008-06-16 at 22:21 +0200, Johannes Berg wrote:
> On Mon, 2008-06-16 at 16:19 -0400, Dan Williams wrote:
> > On Mon, 2008-06-16 at 20:55 +0200, Johannes Berg wrote:
> > > Adding shared key authentication is not going to happen anyway.
> > 
> > +1; I've _never_ heard or seen anyone using Shared Key auth with adhoc.
> > How would that work anyway, given that there's no AP to send you the
> > challenge text?  Just auth against some random peer?
> 
> I have no idea. Usually, you don't even do open auth for IBSS, there's
> just no point. Unless you get into IBSS with encryption, but we don't
> really support that yet, and we probably never will actually support
> that without the userspace MLME in wpa supplicant.

IBSS + WEP works at least for ipw2200 and other non-mac80211 cards; I
can check it out with mac80211 if you like.

One thing though, if mac80211 isn't going to support IBSS + WEP for a
while, we should find some way to push capability bits to userspace that
say that.  Otherwise there's no way for NM to tell that the driver
doesn't support it, and thus to not even show the options in the UI.

Any particular reason IBSS would require a userspace MLME?  There
shouldn't be any rekeying of any kind with adhoc, since there's no
central station to coordinate the rekying.  AFAIK with IBSS you just use
the given PSK at creation time, and never change it.  That shouldn't be
too hard to handle, right?

Dan

Re: [PATCH] mac80211: remove shared key todo

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 1068 bytes --]


> > I have no idea. Usually, you don't even do open auth for IBSS, there's
> > just no point. Unless you get into IBSS with encryption, but we don't
> > really support that yet, and we probably never will actually support
> > that without the userspace MLME in wpa supplicant.
> 
> IBSS + WEP works at least for ipw2200 and other non-mac80211 cards; I
> can check it out with mac80211 if you like.

Yeah, no, +WEP should work. I haven't specifically tested it but I see
no reason for it not to work.

> Any particular reason IBSS would require a userspace MLME?  There
> shouldn't be any rekeying of any kind with adhoc, since there's no
> central station to coordinate the rekying.  AFAIK with IBSS you just use
> the given PSK at creation time, and never change it.  That shouldn't be
> too hard to handle, right?

Well, I was really thinking of RSN/WPA, and last I checked
wpa_supplicant didn't even support that with IBSS, and I think it
requires userspace MLME because you have to do the auth/assoc sequence
with each peer etc.

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [PATCH] mac80211: remove shared key todo

[Tomas Winkler]

On Mon, Jun 16, 2008 at 11:46 PM, Johannes Berg
<johannes@sipsolutions.net> wrote:
>
>> > I have no idea. Usually, you don't even do open auth for IBSS, there's
>> > just no point. Unless you get into IBSS with encryption, but we don't
>> > really support that yet, and we probably never will actually support
>> > that without the userspace MLME in wpa supplicant.
>>
>> IBSS + WEP works at least for ipw2200 and other non-mac80211 cards; I
>> can check it out with mac80211 if you like.
>
> Yeah, no, +WEP should work. I haven't specifically tested it but I see
> no reason for it not to work.

Can confirm that this is working or least was working somewhere around
2.6.24-rcX. with 4965.

>> Any particular reason IBSS would require a userspace MLME?  There
>> shouldn't be any rekeying of any kind with adhoc, since there's no
>> central station to coordinate the rekying.  AFAIK with IBSS you just use
>> the given PSK at creation time, and never change it.  That shouldn't be
>> too hard to handle, right?
>
> Well, I was really thinking of RSN/WPA, and last I checked
> wpa_supplicant didn't even support that with IBSS, and I think it
> requires userspace MLME because you have to do the auth/assoc sequence
> with each peer etc.

The spec is very vague about implementation of this and I'm not sure
anyone implements this even on other OSs.
Tomas

Re: [PATCH] mac80211: remove shared key todo

[Dan Williams]

On Mon, 2008-06-16 at 22:46 +0200, Johannes Berg wrote:
> > > I have no idea. Usually, you don't even do open auth for IBSS, there's
> > > just no point. Unless you get into IBSS with encryption, but we don't
> > > really support that yet, and we probably never will actually support
> > > that without the userspace MLME in wpa supplicant.
> > 
> > IBSS + WEP works at least for ipw2200 and other non-mac80211 cards; I
> > can check it out with mac80211 if you like.
> 
> Yeah, no, +WEP should work. I haven't specifically tested it but I see
> no reason for it not to work.
> 
> > Any particular reason IBSS would require a userspace MLME?  There
> > shouldn't be any rekeying of any kind with adhoc, since there's no
> > central station to coordinate the rekying.  AFAIK with IBSS you just use
> > the given PSK at creation time, and never change it.  That shouldn't be
> > too hard to handle, right?
> 
> Well, I was really thinking of RSN/WPA, and last I checked
> wpa_supplicant didn't even support that with IBSS, and I think it
> requires userspace MLME because you have to do the auth/assoc sequence
> with each peer etc.

wpa_supplicant _should_ support WPA-PSK with IBSS, you set
proto=WPA-NONE to do this and I assume it just sends the PSK to the
driver and never changes it.  I haven't tested it a long time though.

Dan

Re: [PATCH] mac80211: remove shared key todo

[Tomas Winkler]

On Tue, Jun 17, 2008 at 9:12 PM, Dan Williams <dcbw@redhat.com> wrote:
> On Mon, 2008-06-16 at 22:46 +0200, Johannes Berg wrote:
>> > > I have no idea. Usually, you don't even do open auth for IBSS, there's
>> > > just no point. Unless you get into IBSS with encryption, but we don't
>> > > really support that yet, and we probably never will actually support
>> > > that without the userspace MLME in wpa supplicant.
>> >
>> > IBSS + WEP works at least for ipw2200 and other non-mac80211 cards; I
>> > can check it out with mac80211 if you like.
>>
>> Yeah, no, +WEP should work. I haven't specifically tested it but I see
>> no reason for it not to work.
>>
>> > Any particular reason IBSS would require a userspace MLME?  There
>> > shouldn't be any rekeying of any kind with adhoc, since there's no
>> > central station to coordinate the rekying.  AFAIK with IBSS you just use
>> > the given PSK at creation time, and never change it.  That shouldn't be
>> > too hard to handle, right?
>>
>> Well, I was really thinking of RSN/WPA, and last I checked
>> wpa_supplicant didn't even support that with IBSS, and I think it
>> requires userspace MLME because you have to do the auth/assoc sequence
>> with each peer etc.
>
> wpa_supplicant _should_ support WPA-PSK with IBSS, you set
> proto=WPA-NONE to do this and I assume it just sends the PSK to the
> driver and never changes it.  I haven't tested it a long time though.
>
> Dan
>
#~ cat wpa_supplicant.conf
# mode: IEEE 802.11 operation mode
# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
# 1 = IBSS (ad-hoc, peer-to-peer)
# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
# to be set to 2 for IBSS. WPA-None requires following network block options:
# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
# both), and psk must also be set.

Tomas

Re: [PATCH] mac80211: remove shared key todo

[Dan Williams]

On Tue, 2008-06-17 at 21:41 +0300, Tomas Winkler wrote:
> On Tue, Jun 17, 2008 at 9:12 PM, Dan Williams <dcbw@redhat.com> wrote:
> > On Mon, 2008-06-16 at 22:46 +0200, Johannes Berg wrote:
> >> > > I have no idea. Usually, you don't even do open auth for IBSS, there's
> >> > > just no point. Unless you get into IBSS with encryption, but we don't
> >> > > really support that yet, and we probably never will actually support
> >> > > that without the userspace MLME in wpa supplicant.
> >> >
> >> > IBSS + WEP works at least for ipw2200 and other non-mac80211 cards; I
> >> > can check it out with mac80211 if you like.
> >>
> >> Yeah, no, +WEP should work. I haven't specifically tested it but I see
> >> no reason for it not to work.
> >>
> >> > Any particular reason IBSS would require a userspace MLME?  There
> >> > shouldn't be any rekeying of any kind with adhoc, since there's no
> >> > central station to coordinate the rekying.  AFAIK with IBSS you just use
> >> > the given PSK at creation time, and never change it.  That shouldn't be
> >> > too hard to handle, right?
> >>
> >> Well, I was really thinking of RSN/WPA, and last I checked
> >> wpa_supplicant didn't even support that with IBSS, and I think it
> >> requires userspace MLME because you have to do the auth/assoc sequence
> >> with each peer etc.
> >
> > wpa_supplicant _should_ support WPA-PSK with IBSS, you set
> > proto=WPA-NONE to do this and I assume it just sends the PSK to the
> > driver and never changes it.  I haven't tested it a long time though.
> >
> > Dan
> >
> #~ cat wpa_supplicant.conf
> # mode: IEEE 802.11 operation mode
> # 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
> # 1 = IBSS (ad-hoc, peer-to-peer)
> # Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP)
> # and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has
> # to be set to 2 for IBSS. WPA-None requires following network block options:
> # proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
> # both), and psk must also be set.

Yeah, key_mgmt=WPA-NONE, thanks for the correction.  Any idea if this
works already on iwlwifi?

Dan