From: Jouni Malinen <j@w1.fi>
To: pat-lkml <pat-lkml@erley.org>
Cc: Jouni Malinen <jouni.malinen@atheros.com>,
linux-wireless@vger.kernel.org
Subject: ath9k and TKIP hw crypto in AP mode
Date: Wed, 25 Feb 2009 20:19:53 +0200 [thread overview]
Message-ID: <20090225181953.GA23880@jm.kir.nu> (raw)
In-Reply-To: <49A45378.50009@erley.org>
On Tue, Feb 24, 2009 at 03:07:20PM -0500, pat-lkml wrote:
> pass phrase. Use nohwcrypt=1, hostapd now works perfectly with wep/wpa/wpa2, while
> with nohwcrypt=0, I get errors (that I'll need physical access to my computer to
> debug/log) in wpa only.
Thanks, I was able to reproduce this and figure out what was happening.
It looks like I have not tested TKIP in AP mode before (I've been mainly
testing HT and that does not allow TKIP..). Anyway, the Michael MIC
TX/RX keys are set incorrectly for the group key which will trigger
Michael MIC errors on every broadcast frame.
I have more complete cleanup of the key configuration for ath9k in
progress, but as far as this particular issue is concerned, the
following change should resolve it. So far, I've only tested this with
the current hardware revision, but I will test this with older design,
too, and submit a proper patch later. Anyway, you may want to test this
as a fix for TKIP in AP mode.
--- wireless-testing.orig/drivers/net/wireless/ath9k/main.c 2009-02-25 20:09:14.000000000 +0200
+++ wireless-testing/drivers/net/wireless/ath9k/main.c 2009-02-25 20:11:19.000000000 +0200
@@ -648,8 +648,8 @@ static int ath_keyset(struct ath_softc *
}
static int ath_setkey_tkip(struct ath_softc *sc, u16 keyix, const u8 *key,
- struct ath9k_keyval *hk,
- const u8 *addr)
+ struct ath9k_keyval *hk, const u8 *addr,
+ bool authenticator)
{
const u8 *key_rxmic;
const u8 *key_txmic;
@@ -659,7 +659,13 @@ static int ath_setkey_tkip(struct ath_so
if (addr == NULL) {
/* Group key installation */
- memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic));
+ if (authenticator) {
+ memcpy(hk->kv_mic, key_txmic, sizeof(hk->kv_mic));
+ memcpy(hk->kv_txmic, key_txmic, sizeof(hk->kv_mic));
+ } else {
+ memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic));
+ memcpy(hk->kv_txmic, key_rxmic, sizeof(hk->kv_mic));
+ }
return ath_keyset(sc, keyix, hk, addr);
}
if (!sc->splitmic) {
@@ -826,7 +832,8 @@ static int ath_key_config(struct ath_sof
}
if (key->alg == ALG_TKIP)
- ret = ath_setkey_tkip(sc, idx, key->key, &hk, mac);
+ ret = ath_setkey_tkip(sc, idx, key->key, &hk, mac,
+ vif->type == NL80211_IFTYPE_AP);
else
ret = ath_keyset(sc, idx, &hk, mac);
--
Jouni Malinen PGP id EFC895FA
next prev parent reply other threads:[~2009-02-25 18:20 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-24 11:42 [PATCH] ath9k: Add module parameter to disable hardware crypto Jouni Malinen
2009-02-24 13:49 ` Johannes Berg
2009-02-24 14:06 ` Jouni Malinen
2009-02-24 14:23 ` Johannes Berg
2009-02-24 14:24 ` pat-lkml
2009-02-24 15:07 ` Jouni Malinen
2009-02-24 15:32 ` pat-lkml
2009-02-24 20:07 ` pat-lkml
2009-02-24 22:45 ` pat-lkml
2009-02-25 18:19 ` Jouni Malinen [this message]
2009-02-25 23:46 ` ath9k and TKIP hw crypto in AP mode pat-lkml
2009-02-26 0:10 ` pat-lkml
2009-02-26 9:10 ` Jouni Malinen
2009-02-24 16:15 ` [PATCH] ath9k: Add module parameter to disable hardware crypto Michael Buesch
2009-02-24 17:07 ` Jouni Malinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090225181953.GA23880@jm.kir.nu \
--to=j@w1.fi \
--cc=jouni.malinen@atheros.com \
--cc=linux-wireless@vger.kernel.org \
--cc=pat-lkml@erley.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).