On Mon, 2007-02-12 at 10:30 -0800, Jouni Malinen wrote:

> How exactly is this supposed to work for RX? Phase1 needs to be
> calculated after 65536 frames (whenever iv32 changes), but the
> exact time for RX case is unclear due to possible loss of frames and
> retransmissions etc. Is bcm43xx just going drop couple of packets
> whenever the phase1 value is changed?

I think it's been said before, but I'll explain it (again). bcm43xx hw
will simply not decrypt the frame if the iv32 is different from what it
has the phase1 key for, so then it passes it up undecrypted.

>  Or is there some kind of
> mechanism for the hardware/firmware request a new phase1 value? Or is
> this supposed to be recovered from in software (which is something that
> d80211 is able to do if the radio driver notifies that the frame was not
> decrypted)?

Yeah, you notice the frame wasn't decrypted and then give the hw the new
phase1 key and also recover in software (or just drop the frame if you
want, I guess).

johannes