Message ID | 4FA7A13D.6020405@01019freenet.de |
---|---|
State | Not Applicable |
Headers | show |
Hi, On Mon, May 7, 2012 at 12:17 PM, Andreas Hartmann <andihartmann@01019freenet.de> wrote: > The attached patch seems to enable 802.11w for rt2800pci (AP). It does > not work for rt2800usb (rt3572 SUPP), even if the set_key error > disappears (originally the flag IEEE80211_HW_MFP_CAPABLE was set > unconditionally). I'm fine with enabling MFP in rt2800pci but I don't know enough about the necessary requirements. Jouni, are there any special requirements for MFP? Thanks, Helmut
On Mon, May 07, 2012 at 01:04:29PM +0200, Helmut Schaa wrote: > I'm fine with enabling MFP in rt2800pci but I don't know enough about the > necessary requirements. > > Jouni, are there any special requirements for MFP? The main requirements: - support CCMP encryption/decryption of unicast robust management frames (subset of Action frames, Deauthentication, Disassociation) - support BIP and IGTK configuration for group addressed robust management frames (TX-only for AP, RX-only for STA); I would expect most drivers to use software implementation on the host CPU for this taken into account that there is only very limited use of group addressed robust management frames - SA Query mechanism (mac80211-based drivers get this pretty much automatically from hostapd for AP mode and mac80211 for STA) - ability to configure RSN capabilities into RSN element and to provide the received element to user space (again, most mac80211-based drivers should work as-is)
Hi Jouni, hi Helmut, Jouni Malinen wrote: > On Mon, May 07, 2012 at 01:04:29PM +0200, Helmut Schaa wrote: >> I'm fine with enabling MFP in rt2800pci but I don't know enough about the >> necessary requirements. >> >> Jouni, are there any special requirements for MFP? > > The main requirements: > - support CCMP encryption/decryption of unicast robust management frames > (subset of Action frames, Deauthentication, Disassociation) I tested WPA-EAP-SHA256 with group key ccmp. > - support BIP and IGTK configuration for group addressed robust > management frames (TX-only for AP, RX-only for STA); I would expect > most drivers to use software implementation on the host CPU for this > taken into account that there is only very limited use of group > addressed robust management frames The IGTK is a single key (shared key). There are a maximum of 4 shared keys designated in rt2x00mac.c for each BSS for use with hw encryption. Since rt2800usb is working fine with nohwcrypt=1 (but not with encryption done in hw), I assume, that there is no differentiation between the encryption / decryption of different frame types. If hw encryption is turned on, all types of frames are encrypted / decrypted by hardware and vice versa. I'm not sure how BIP is secured if hw encryption is enabled. BIP is implemented in mac80211 as part of decryption. Is BIP done during hw encryption, too? Or is it done by mac80211 w/ enabled hw encryption, too? Grrr. Now I know, why I had to disable hw encryption for rt2800usb. Because it was disabled for rt2800pci (AP), too. If mac80211 is doing the job, 11w works fine. If encryption is done by hardware (AP), 11w is broken: the ath9k station doesn't work any more, regardless if hw encryption is switched on or off for ath9k. 11w rt2800pci (AP) ath9k sta rt2800usb sta --------------------------------------------------------------------- 1,3 nohwcrypt=1 nohwcrypt=[0|1] nohwcrypt=1 2,4 nohwcrypt=0 nohwcrypt=[0|1] nohwcrypt=1 2,5 nohwcrypt=0 nohwcrypt=[0|1] nohwcrypt=0 1 = ath9k fine 2 = ath9k broken 3 = rt2800usb fine 4 = rt2800usb broken 5 = rt2800usb seems to work This means for rt2x00: to get 11w working with hw encryption enabled, there needs to be some differentiation for the encryption of management frames: if management frame, let mac80211 do the job - all other frames should be encrypted by hw. Correct? > - SA Query mechanism (mac80211-based drivers get this pretty much > automatically from hostapd for AP mode and mac80211 for STA) > - ability to configure RSN capabilities into RSN element and to > provide the received element to user space (again, most mac80211-based > drivers should work as-is) Thank you very much for your explanations, Jouni! Regards, Andreas
On Tue, 2012-05-08 at 08:28 +0200, Andreas Hartmann wrote: > This means for rt2x00: to get 11w working with hw encryption enabled, > there needs to be some differentiation for the encryption of management > frames: if management frame, let mac80211 do the job - all other frames > should be encrypted by hw. > Correct? That might not be sufficient -- you might have control over TX, but if the hardware attempts to decrypt encrypted mgmt frames you're out of luck entirely. johannes
Johannes Berg wrote: > On Tue, 2012-05-08 at 08:28 +0200, Andreas Hartmann wrote: > >> This means for rt2x00: to get 11w working with hw encryption enabled, >> there needs to be some differentiation for the encryption of management >> frames: if management frame, let mac80211 do the job - all other frames >> should be encrypted by hw. >> Correct? > > That might not be sufficient -- you might have control over TX, but if > the hardware attempts to decrypt encrypted mgmt frames you're out of > luck entirely. This means, that if hw encryption is enabled, the encryption must be done entirely by hw (because of rx) and therefore, MFP must be supported by hardware (does Ralink support MFP?)? Or is there a possibility to tell the hardware not to decrypt some types of frames even if they are encrypted? Regards, Andreas
On Tue, May 08, 2012 at 08:28:33AM +0200, Andreas Hartmann wrote: > > The main requirements: > > - support CCMP encryption/decryption of unicast robust management frames > > (subset of Action frames, Deauthentication, Disassociation) > > I tested WPA-EAP-SHA256 with group key ccmp. The key point here is to test whether at least one of those management frames gets encrypted and decrypted correctly. Deauthentication frames may be easiest for that purpose and you can request the station to disconnect to test AP's capability of receiving the frame and then use hostapd_cli deauthenticate <addr> command on the AP to request the station to be disconnected. > The IGTK is a single key (shared key). There are a maximum of 4 shared > keys designated in rt2x00mac.c for each BSS for use with hw encryption. BIP uses key indexes 4 and 5 (i.e., the 5th and 6th index).. Anyway, this would most likely be handled in software so the main point here is to prevent hardware from doing anything additional to the frames. > Since rt2800usb is working fine with nohwcrypt=1 (but not with > encryption done in hw), I assume, that there is no differentiation > between the encryption / decryption of different frame types. If hw > encryption is turned on, all types of frames are encrypted / decrypted > by hardware and vice versa. BIP is kind of special since it doesn't actually even set the Protected field in the frame header which may make this easier.. The frames are not actually encrypted, i.e., BIP protects only authenticity of the frames. > I'm not sure how BIP is secured if hw encryption is enabled. BIP is > implemented in mac80211 as part of decryption. Is BIP done during hw > encryption, too? Or is it done by mac80211 w/ enabled hw encryption, too? With most drivers, yes, I would expect mac80211 to handle both TX and RX side. The driver should just return -EOPNOTSUPP in the set_key() handler for WLAN_CIPHER_SUITE_AES_CMAC to leave BIP for mac80211 and CCMP for hwardware. > This means for rt2x00: to get 11w working with hw encryption enabled, > there needs to be some differentiation for the encryption of management > frames: if management frame, let mac80211 do the job - all other frames > should be encrypted by hw. > Correct? Well, if you are saying that the issues shows up with unicast robust management frames, too, and not just BIP (group addressed robust management frames), then you are in problems.. With good luck, you could be able to make the hardware not mess up with unicast robust management frames and handle them in mac80211. This may be easier for TX, but RX can be a bit complex. It may go to the point of having to use the driver to workaround the mess that hardware did (i.e., re-encrypted the frame in incorrect way to get back to the correctly encrypted form and then sent that to mac80211).. All this depends on the exact behavior of the hardware with a frame that was designed after the hardware was, so good luck figuring that out ;-).
On Tue, 2012-05-08 at 09:22 +0200, Andreas Hartmann wrote: > Johannes Berg wrote: > > On Tue, 2012-05-08 at 08:28 +0200, Andreas Hartmann wrote: > > > >> This means for rt2x00: to get 11w working with hw encryption enabled, > >> there needs to be some differentiation for the encryption of management > >> frames: if management frame, let mac80211 do the job - all other frames > >> should be encrypted by hw. > >> Correct? > > > > That might not be sufficient -- you might have control over TX, but if > > the hardware attempts to decrypt encrypted mgmt frames you're out of > > luck entirely. > > This means, that if hw encryption is enabled, the encryption must be > done entirely by hw (because of rx) and therefore, MFP must be supported > by hardware (does Ralink support MFP?)? Or is there a possibility to > tell the hardware not to decrypt some types of frames even if they are > encrypted? How would I know? This is all hardware questions :) johannes
Jouni Malinen wrote: > On Tue, May 08, 2012 at 08:28:33AM +0200, Andreas Hartmann wrote: >>> The main requirements: >>> - support CCMP encryption/decryption of unicast robust management frames >>> (subset of Action frames, Deauthentication, Disassociation) >> >> I tested WPA-EAP-SHA256 with group key ccmp. > > The key point here is to test whether at least one of those management > frames gets encrypted and decrypted correctly. Deauthentication frames > may be easiest for that purpose and you can request the station to > disconnect to test AP's capability of receiving the frame and then use > hostapd_cli deauthenticate <addr> command on the AP to request the > station to be disconnected. Deauth works fine as long as both ralink devices (AP and STA) use nowhwcrypt (or both are using hwcrypt - but this does not work with ath9k STA e.g.). If one of both runs hwencryption, it doesn't work any more - exactly the same as with BA session requests. >> The IGTK is a single key (shared key). There are a maximum of 4 shared >> keys designated in rt2x00mac.c for each BSS for use with hw encryption. > > BIP uses key indexes 4 and 5 (i.e., the 5th and 6th index).. Anyway, > this would most likely be handled in software so the main point here is > to prevent hardware from doing anything additional to the frames. > >> Since rt2800usb is working fine with nohwcrypt=1 (but not with >> encryption done in hw), I assume, that there is no differentiation >> between the encryption / decryption of different frame types. If hw >> encryption is turned on, all types of frames are encrypted / decrypted >> by hardware and vice versa. > > BIP is kind of special since it doesn't actually even set the Protected > field in the frame header which may make this easier.. The frames are > not actually encrypted, i.e., BIP protects only authenticity of the > frames. Thanks for this explanation! >> I'm not sure how BIP is secured if hw encryption is enabled. BIP is >> implemented in mac80211 as part of decryption. Is BIP done during hw >> encryption, too? Or is it done by mac80211 w/ enabled hw encryption, too? > > With most drivers, yes, I would expect mac80211 to handle both TX and RX > side. The driver should just return -EOPNOTSUPP in the set_key() handler > for WLAN_CIPHER_SUITE_AES_CMAC to leave BIP for mac80211 and CCMP for > hwardware. So, this is lower priority for me at the moment :-). >> This means for rt2x00: to get 11w working with hw encryption enabled, >> there needs to be some differentiation for the encryption of management >> frames: if management frame, let mac80211 do the job - all other frames >> should be encrypted by hw. >> Correct? > > Well, if you are saying that the issues shows up with unicast robust > management frames, too, and not just BIP (group addressed robust > management frames), Yes. My primary problem at the moment is the handling of the unicast robust management frames. > then you are in problems.. yes - that's why I am here :-) > With good luck, you could > be able to make the hardware not mess up with unicast robust management > frames and handle them in mac80211. This may be easier for TX, How do I exactly recognize this situation? The unicast robust management frames aren't decrypted with WLAN_CIPHER_SUITE_AES_CMAC. Could they be given back to mac80211 because of the fact they are management frames? > but RX > can be a bit complex. This seems to be my problem here, too. Sending the deauth from AP (nohwcrypt=1) can't be handled by STA with hwcrypt enabled. > It may go to the point of having to use the > driver to workaround the mess that hardware did (i.e., re-encrypted the > frame in incorrect way to get back to the correctly encrypted form and > then sent that to mac80211).. All this depends on the exact behavior of > the hardware with a frame that was designed after the hardware was, so > good luck figuring that out ;-). Thank you! Regards, Andreas
diff -ur compat-wireless-2012-04-26.orig/drivers/net/wireless/rt2x00/rt2800lib.c compat-wireless-2012-04-26/drivers/net/wireless/rt2x00/rt2800lib.c --- compat-wireless-2012-04-26.orig/drivers/net/wireless/rt2x00/rt2800lib.c 2012-04-26 22:10:30.000000000 +0200 +++ compat-wireless-2012-04-26/drivers/net/wireless/rt2x00/rt2800lib.c 2012-05-07 11:04:17.894354807 +0200 @@ -4528,7 +4528,8 @@ */ if (!rt2x00_is_usb(rt2x00dev)) rt2x00dev->hw->flags |= - IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING; + IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING | + IEEE80211_HW_MFP_CAPABLE; SET_IEEE80211_DEV(rt2x00dev->hw, rt2x00dev->dev); SET_IEEE80211_PERM_ADDR(rt2x00dev->hw,