Re: Hw Accel in Secured Mesh No Longer Work

Re: Hw Accel in Secured Mesh No Longer Work

[Johannes Berg]

On Wed, 2012-03-07 at 09:44 +0800, Yeoh Chun-Yeow wrote:
> Hi, Johannes
> 
> 
> Hardware acceleration is found to not working for secured mesh
> (802.11s) anymore after the introduction of this patch.
> http://www.spinics.net/lists/linux-wireless/msg83644.html
> 
> 
> Key installation is not possible for station not uploaded. Thus, to
> achieve HT for secured mesh is not possible. Revert to the old key.c
> solves the problem.

Huh? Well that's odd, maybe there's a race condition and you program the
key before the peer was added to the device?

What device are you working with?

johannes

Re: Hw Accel in Secured Mesh No Longer Work

[Yeoh Chun-Yeow]

Hi, Johannes

> Huh? Well that's odd, maybe there's a race condition and you program the
> key before the peer was added to the device?

Not so sure. The adding of key is actually done by the meshd-nl80211
(authsae) daemon running in userspace.

https://github.com/cozybit/authsae/blob/master/linux/meshd-nl80211.c

/* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);

> What device are you working with?
I am using atheros 11n chipset (ath9k).

Regards,
Chun-Yeow

Re: Hw Accel in Secured Mesh No Longer Work

[Johannes Berg]

Hi,

> > Huh? Well that's odd, maybe there's a race condition and you program the
> > key before the peer was added to the device?
> 
> Not so sure. The adding of key is actually done by the meshd-nl80211
> (authsae) daemon running in userspace.
> 
> https://github.com/cozybit/authsae/blob/master/linux/meshd-nl80211.c
> 
> /* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
> install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);

Yeah but that always required a station ... now you have a station but
it's not uploaded.

> > What device are you working with?
> I am using atheros 11n chipset (ath9k).

Ok.

I think you're probably trying to set a key before the station is set to
associated?

johannes

Re: Hw Accel in Secured Mesh No Longer Work

[Johannes Berg]

On Wed, 2012-03-07 at 15:31 +0100, Johannes Berg wrote:
> Hi,
> 
> > > Huh? Well that's odd, maybe there's a race condition and you program the
> > > key before the peer was added to the device?
> > 
> > Not so sure. The adding of key is actually done by the meshd-nl80211
> > (authsae) daemon running in userspace.
> > 
> > https://github.com/cozybit/authsae/blob/master/linux/meshd-nl80211.c
> > 
> > /* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
> > install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
> 
> Yeah but that always required a station ... now you have a station but
> it's not uploaded.
> 
> > > What device are you working with?
> > I am using atheros 11n chipset (ath9k).
> 
> Ok.
> 
> I think you're probably trying to set a key before the station is set to
> associated?

Does meshd-nl80211 set the station flag NL80211_STA_FLAG_AUTHENTICATED
before the key?

I suppose both should work -- to make HW key working when the station is
not uploaded yet the key has to be uploaded after the station is
uploaded ... that'd need to have some hooks in the code.

johannes

Re: Hw Accel in Secured Mesh No Longer Work

[Yeoh Chun-Yeow]

Hi, Johannes

> Does meshd-nl80211 set the station flag NL80211_STA_FLAG_AUTHENTICATED
> before the key?

The key is installed before the set the station flag
NL80211_STA_FLAG_AUTHENTICATED.

/* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
.....
set_authenticated_flag(&nlcfg, peer);

Chun-Yeow

Re: Hw Accel in Secured Mesh No Longer Work

[Johannes Berg]

On Wed, 2012-03-07 at 22:47 +0800, Yeoh Chun-Yeow wrote:
> Hi, Johannes
> 
> > Does meshd-nl80211 set the station flag NL80211_STA_FLAG_AUTHENTICATED
> > before the key?
> 
> The key is installed before the set the station flag
> NL80211_STA_FLAG_AUTHENTICATED.
> 
> /* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
> install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
> .....
> set_authenticated_flag(&nlcfg, peer);

Does it work if you turn it around? Are there any problems with doing
so?

This is solvable in the kernel, but probably harder, and impossible if
you wanted to use crypto algorithms that mac80211 doesn't support in
software.

johannes

Re: Hw Accel in Secured Mesh No Longer Work

[Yeoh Chun-Yeow]

Hi, Johannes

> Does it work if you turn it around? Are there any problems with doing
> so?

Nope. Unfortunately, not working.

Regards,
Chun-Yeow

Re: Hw Accel in Secured Mesh No Longer Work

[Yeoh Chun-Yeow]

Hi, Johannes,

I miss out the configuration of HT mode in authsae.cfg, After redo the
test, it works by altering the following in mesh-nl80211.c

        set_authenticated_flag(&nlcfg, peer);

        /* key to encrypt/decrypt unicast data AND mgmt traffic
to/from this peer */
            install_key(&nlcfg, peer, CIPHER_CCMP,
NL80211_KEYTYPE_PAIRWISE, 0, mtk);

Thanks

Hi, Javier

Are you going to make change to this?

Regards,
Chun-Yeow

On Wed, Mar 7, 2012 at 11:29 PM, Yeoh Chun-Yeow <yeohchunyeow@gmail.com> wrote:
> Hi, Johannes
>
>> Does it work if you turn it around? Are there any problems with doing
>> so?
>
> Nope. Unfortunately, not working.
>
> Regards,
> Chun-Yeow