Hi, all For your information, my submitted patch has allowed me to do the following and mainly to setup the secured mesh 802.11s using authsae:
1. Key installations for the following: /* key to protect integrity of multicast mgmt frames tx*/ install_key(nlcfg, NULL, CIPHER_AES_CMAC, NL80211_KEYTYPE_GROUP, 4, mgtk_tx); /* key to encrypt multicast data traffic */ install_key(nlcfg, NULL, CIPHER_CCMP, NL80211_KEYTYPE_GROUP, 0, mgtk_tx); /* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */ install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk); /* key to decrypt multicast data traffic from this peer */ install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_GROUP, 0, peer_mgtk); /* to check integrity of multicast mgmt frames from this peer */ install_key(&nlcfg, peer, CIPHER_AES_CMAC, NL80211_KEYTYPE_GROUP, 4, peer_mgtk); 2. By using the submitted patch, how ever as Jouni has pointed out that testing with ath5k implementation alone may not be correct, due to the following statement: If the CCMP processing is done incorrectly, they could both mangle the results in the same way to hide the issue. thus I revert back by not disabling the IEEE80211_KEY_FLAG_SW_MGMT. However, with this, it has showed that robust unicast management frame is encrypted in SW but is decrypted wrongly in SW (perhaps HW decrypt it due to the HW accl enabling for unicast data frame). Hope this help. Thanks. Regards, Chun-Yeow On Mon, Sep 10, 2012 at 9:13 PM, Kalle Valo <kv...@adurom.com> wrote: > Adrian Chadd <adr...@freebsd.org> writes: > >> Yeoh - can you please email me privately with a summary of what you >> implemented, what you've tested and what worked / what didn't work? > > Why privately? Better to have all the information public, you never know > if someone finds the info from the web and picks up the work. > > -- > Kalle Valo _______________________________________________ ath5k-devel mailing list ath5k-devel@lists.ath5k.org https://lists.ath5k.org/mailman/listinfo/ath5k-devel
