* [PATCH 2/2] mac80211: ignore key index on pairwise key
@ 2007-08-18 3:00 Volker Braun
2007-08-18 3:46 ` Jouni Malinen
0 siblings, 1 reply; 3+ messages in thread
From: Volker Braun @ 2007-08-18 3:00 UTC (permalink / raw)
To: Linux Wireless; +Cc: Michael Wu, Johannes Berg
Our Cisco AP's set key index 3 for the PTK. This patch removes the check
for the key index. I also tried to set idx=0 by hand, but this did not
work (presumably because the AP then discarded my unicast packets with
key index 0 instead of 3).
With these two patches I can successfully use our dynamic wep wireless
network.
Signed-off-by: Volker Braun <volker.braun@physik.hu-berlin.de>
diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
index fbdd1d1..66b4f5a 100644
--- a/net/mac80211/ieee80211_ioctl.c
+++ b/net/mac80211/ieee80211_ioctl.c
@@ -385,13 +385,14 @@ static int ieee80211_set_encryption(struct net_device *dev
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ if (idx <0 || idx >= NUM_DEFAULT_KEYS) {
+ printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
+ dev->name, idx);
+ return -EINVAL;
+ }
+
if (is_broadcast_ether_addr(sta_addr)) {
sta = NULL;
- if (idx >= NUM_DEFAULT_KEYS) {
- printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
- dev->name, idx);
- return -EINVAL;
- }
key = sdata->keys[idx];
/* TODO: consider adding hwaccel support for these; at least
@@ -405,12 +406,6 @@ static int ieee80211_set_encryption(struct net_device *dev,
* being, this can be only set at compile time. */
} else {
set_tx_key = 0;
- if (idx != 0) {
- printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
- "individual key\n", dev->name);
- return -EINVAL;
- }
-
sta = sta_info_get(local, sta_addr);
if (!sta) {
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] mac80211: ignore key index on pairwise key
2007-08-18 3:00 [PATCH 2/2] mac80211: ignore key index on pairwise key Volker Braun
@ 2007-08-18 3:46 ` Jouni Malinen
2007-08-18 4:44 ` [PATCH 2/2 v2] mac80211: ignore key index on pairwise key (WEP only) Volker Braun
0 siblings, 1 reply; 3+ messages in thread
From: Jouni Malinen @ 2007-08-18 3:46 UTC (permalink / raw)
To: Volker Braun; +Cc: Linux Wireless, Michael Wu, Johannes Berg
On Fri, Aug 17, 2007 at 11:00:19PM -0400, Volker Braun wrote:
> Our Cisco AP's set key index 3 for the PTK. This patch removes the check
> for the key index. I also tried to set idx=0 by hand, but this did not
> work (presumably because the AP then discarded my unicast packets with
> key index 0 instead of 3).
That's a broken AP, but these are likely still quite common, so it may
be better to just allow non-zero key index here for WEP. However, I
would not do this for TKIP/CCMP since they were clearly specified to
only use idx=0 for pairwise keys. Furthermore, use of non-zero key index
for pairwise keys is likely to cause problems with some hwaccel designs,
so this should really not be encouraged in any way (i.e., I would only
enable it as a client-side workaround for those broken APs doing dynamic
WEP with odd key indexes).
--
Jouni Malinen PGP id EFC895FA
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 2/2 v2] mac80211: ignore key index on pairwise key (WEP only)
2007-08-18 3:46 ` Jouni Malinen
@ 2007-08-18 4:44 ` Volker Braun
0 siblings, 0 replies; 3+ messages in thread
From: Volker Braun @ 2007-08-18 4:44 UTC (permalink / raw)
To: Jouni Malinen; +Cc: Linux Wireless, Michael Wu, Johannes Berg
Work-around for broken APs that use a non-zero key index for WEP
pairwise keys. With this patch, WEP encryption only is exempt from
providing a zero key index.
Signed-off-by: Volker Braun <volker.braun@physik.hu-berlin.de>
diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
index fbdd1d1..2a45e54 100644
--- a/net/mac80211/ieee80211_ioctl.c
+++ b/net/mac80211/ieee80211_ioctl.c
@@ -385,13 +385,14 @@ static int ieee80211_set_encryption(struct net_device *dev
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ if (idx <0 || idx >= NUM_DEFAULT_KEYS) {
+ printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
+ dev->name, idx);
+ return -EINVAL;
+ }
+
if (is_broadcast_ether_addr(sta_addr)) {
sta = NULL;
- if (idx >= NUM_DEFAULT_KEYS) {
- printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
- dev->name, idx);
- return -EINVAL;
- }
key = sdata->keys[idx];
/* TODO: consider adding hwaccel support for these; at least
@@ -405,9 +406,15 @@ static int ieee80211_set_encryption(struct net_device *dev,
* being, this can be only set at compile time. */
} else {
set_tx_key = 0;
- if (idx != 0) {
- printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
- "individual key\n", dev->name);
+
+ /*
+ * According to the standard, the key index of a pairwise
+ * key must be zero. However, some AP are broken when it
+ * comes to WEP key indices, so we work around this.
+ */
+ if (idx != 0 && alg != ALG_WEP) {
+ printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
+ "pairwise key\n", dev->name);
return -EINVAL;
}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-08-18 4:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-18 3:00 [PATCH 2/2] mac80211: ignore key index on pairwise key Volker Braun
2007-08-18 3:46 ` Jouni Malinen
2007-08-18 4:44 ` [PATCH 2/2 v2] mac80211: ignore key index on pairwise key (WEP only) Volker Braun
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.