* [PATCH 2/2] mac80211: ignore key index on pairwise key
@ 2007-08-18 3:00 Volker Braun
2007-08-18 3:46 ` Jouni Malinen
0 siblings, 1 reply; 3+ messages in thread
From: Volker Braun @ 2007-08-18 3:00 UTC (permalink / raw)
To: Linux Wireless; +Cc: Michael Wu, Johannes Berg
Our Cisco AP's set key index 3 for the PTK. This patch removes the check
for the key index. I also tried to set idx=0 by hand, but this did not
work (presumably because the AP then discarded my unicast packets with
key index 0 instead of 3).
With these two patches I can successfully use our dynamic wep wireless
network.
Signed-off-by: Volker Braun <volker.braun@physik.hu-berlin.de>
diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
index fbdd1d1..66b4f5a 100644
--- a/net/mac80211/ieee80211_ioctl.c
+++ b/net/mac80211/ieee80211_ioctl.c
@@ -385,13 +385,14 @@ static int ieee80211_set_encryption(struct net_device *dev
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ if (idx <0 || idx >= NUM_DEFAULT_KEYS) {
+ printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
+ dev->name, idx);
+ return -EINVAL;
+ }
+
if (is_broadcast_ether_addr(sta_addr)) {
sta = NULL;
- if (idx >= NUM_DEFAULT_KEYS) {
- printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
- dev->name, idx);
- return -EINVAL;
- }
key = sdata->keys[idx];
/* TODO: consider adding hwaccel support for these; at least
@@ -405,12 +406,6 @@ static int ieee80211_set_encryption(struct net_device *dev,
* being, this can be only set at compile time. */
} else {
set_tx_key = 0;
- if (idx != 0) {
- printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
- "individual key\n", dev->name);
- return -EINVAL;
- }
-
sta = sta_info_get(local, sta_addr);
if (!sta) {
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 2/2] mac80211: ignore key index on pairwise key
2007-08-18 3:00 [PATCH 2/2] mac80211: ignore key index on pairwise key Volker Braun
@ 2007-08-18 3:46 ` Jouni Malinen
2007-08-18 4:44 ` [PATCH 2/2 v2] mac80211: ignore key index on pairwise key (WEP only) Volker Braun
0 siblings, 1 reply; 3+ messages in thread
From: Jouni Malinen @ 2007-08-18 3:46 UTC (permalink / raw)
To: Volker Braun; +Cc: Linux Wireless, Michael Wu, Johannes Berg
On Fri, Aug 17, 2007 at 11:00:19PM -0400, Volker Braun wrote:
> Our Cisco AP's set key index 3 for the PTK. This patch removes the check
> for the key index. I also tried to set idx=0 by hand, but this did not
> work (presumably because the AP then discarded my unicast packets with
> key index 0 instead of 3).
That's a broken AP, but these are likely still quite common, so it may
be better to just allow non-zero key index here for WEP. However, I
would not do this for TKIP/CCMP since they were clearly specified to
only use idx=0 for pairwise keys. Furthermore, use of non-zero key index
for pairwise keys is likely to cause problems with some hwaccel designs,
so this should really not be encouraged in any way (i.e., I would only
enable it as a client-side workaround for those broken APs doing dynamic
WEP with odd key indexes).
--
Jouni Malinen PGP id EFC895FA
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 2/2 v2] mac80211: ignore key index on pairwise key (WEP only)
2007-08-18 3:46 ` Jouni Malinen
@ 2007-08-18 4:44 ` Volker Braun
0 siblings, 0 replies; 3+ messages in thread
From: Volker Braun @ 2007-08-18 4:44 UTC (permalink / raw)
To: Jouni Malinen; +Cc: Linux Wireless, Michael Wu, Johannes Berg
Work-around for broken APs that use a non-zero key index for WEP
pairwise keys. With this patch, WEP encryption only is exempt from
providing a zero key index.
Signed-off-by: Volker Braun <volker.braun@physik.hu-berlin.de>
diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
index fbdd1d1..2a45e54 100644
--- a/net/mac80211/ieee80211_ioctl.c
+++ b/net/mac80211/ieee80211_ioctl.c
@@ -385,13 +385,14 @@ static int ieee80211_set_encryption(struct net_device *dev
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ if (idx <0 || idx >= NUM_DEFAULT_KEYS) {
+ printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
+ dev->name, idx);
+ return -EINVAL;
+ }
+
if (is_broadcast_ether_addr(sta_addr)) {
sta = NULL;
- if (idx >= NUM_DEFAULT_KEYS) {
- printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
- dev->name, idx);
- return -EINVAL;
- }
key = sdata->keys[idx];
/* TODO: consider adding hwaccel support for these; at least
@@ -405,9 +406,15 @@ static int ieee80211_set_encryption(struct net_device *dev,
* being, this can be only set at compile time. */
} else {
set_tx_key = 0;
- if (idx != 0) {
- printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
- "individual key\n", dev->name);
+
+ /*
+ * According to the standard, the key index of a pairwise
+ * key must be zero. However, some AP are broken when it
+ * comes to WEP key indices, so we work around this.
+ */
+ if (idx != 0 && alg != ALG_WEP) {
+ printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
+ "pairwise key\n", dev->name);
return -EINVAL;
}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-08-18 4:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-18 3:00 [PATCH 2/2] mac80211: ignore key index on pairwise key Volker Braun
2007-08-18 3:46 ` Jouni Malinen
2007-08-18 4:44 ` [PATCH 2/2 v2] mac80211: ignore key index on pairwise key (WEP only) Volker Braun
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).