michael_mic in crypto api?

michael_mic in crypto api?

[Michael Wu]

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

Is there really a point to having michael_mic in crypto api? The only users 
are 802.11 stacks. I can imagine arc4 being used for other purposes, but 
michael_mic is very much wireless only. The only advantage of keeping 
michael_mic in crypto seems to be the testing code.

-Michael Wu

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: michael_mic in crypto api?

[Michael Wu]

[-- Attachment #1: Type: text/plain, Size: 425 bytes --]

On Thursday 13 July 2006 23:50, Michael Wu wrote:
> Is there really a point to having michael_mic in crypto api? The only users
> are 802.11 stacks. I can imagine arc4 being used for other purposes, but
> michael_mic is very much wireless only. The only advantage of keeping
> michael_mic in crypto seems to be the testing code.
>
> -Michael Wu
Err, sent from the wrong address. Opps. Too many email addresses..

-Michael Wu

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: michael_mic in crypto api?

[Herbert Xu]

Michael Wu <michael.wu@mozilla.com> wrote:
> 
> Is there really a point to having michael_mic in crypto api? The only users 
> are 802.11 stacks. I can imagine arc4 being used for other purposes, but 
> michael_mic is very much wireless only. The only advantage of keeping 
> michael_mic in crypto seems to be the testing code.

I suppose the question is that what do you gain by moving it out?
If all else being equal then it's better to have a standardised
interface for accessing it.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: michael_mic in crypto api?

[Michael Wu]

[-- Attachment #1: Type: text/plain, Size: 662 bytes --]

On Saturday 15 July 2006 03:37, Herbert Xu wrote:
> I suppose the question is that what do you gain by moving it out?
> If all else being equal then it's better to have a standardised
> interface for accessing it.
>
Simplicity and consistency. Whereas the relatively simple mic part of the TKIP 
algorithm is in crypto API, the (more important, more complicated) key mixing 
part is not in crypto api. It is unlikely that either the mic or key mixing 
part would be used separately or even outside of TKIP/802.11i code, and we 
don't want to encourage people anyways since they're just bandaids for 
problems associated with using rc4.

-Michael Wu

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: michael_mic in crypto api?

[Herbert Xu]

Michael Wu <flamingice@sourmilk.net> wrote:
>
> Simplicity and consistency. Whereas the relatively simple mic part of the TKIP 
> algorithm is in crypto API, the (more important, more complicated) key mixing 
> part is not in crypto api. It is unlikely that either the mic or key mixing 
> part would be used separately or even outside of TKIP/802.11i code, and we 
> don't want to encourage people anyways since they're just bandaids for 
> problems associated with using rc4.

Sure, I don't mind either way.  I think Jouni wrote this originally,
maybe he can share his thoughts with us?

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: michael_mic in crypto api?

[Jouni Malinen]

On Thu, Jul 20, 2006 at 01:39:05AM +1000, Herbert Xu wrote:
> Michael Wu <flamingice@sourmilk.net> wrote:
> > Simplicity and consistency. Whereas the relatively simple mic part of the TKIP 
> > algorithm is in crypto API, the (more important, more complicated) key mixing 
> > part is not in crypto api.

> Sure, I don't mind either way.  I think Jouni wrote this originally,
> maybe he can share his thoughts with us?

I was more or less told that TKIP implementation cannot be included in
the kernel tree before this was moved into crypto api.. I don't really
care much where it is, but since it is now in crypto api, it would sound
easiest to just keep it there. If someone really wants to move it away
from there and into TKIP code in ieee80211/d80211, feel free to do that.
However, at least for some time, there are two different TKIP
implementations (net/ieee80211 and net/d80211) so this would mean
duplicating Michael MIC implementation and I would rather not do that.

-- 
Jouni Malinen                                            PGP id EFC895FA

Re: michael_mic in crypto api?

[Herbert Xu]

Jouni Malinen <jkm@devicescape.com> wrote:
>
> However, at least for some time, there are two different TKIP
> implementations (net/ieee80211 and net/d80211) so this would mean
> duplicating Michael MIC implementation and I would rather not do that.

Good point, let's keep it for now.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt