Our Cisco AP's set key index 3 for the PTK. This patch removes the check
for the key index. I also tried to set idx=0 by hand, but this did not
work (presumably because the AP then discarded my unicast packets with
key index 0 instead of 3).
With these two patches I can successfully use our dynamic wep wireless
network.
Signed-off-by: Volker Braun <[email protected]>
diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
index fbdd1d1..66b4f5a 100644
--- a/net/mac80211/ieee80211_ioctl.c
+++ b/net/mac80211/ieee80211_ioctl.c
@@ -385,13 +385,14 @@ static int ieee80211_set_encryption(struct net_device *dev
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ if (idx <0 || idx >= NUM_DEFAULT_KEYS) {
+ printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
+ dev->name, idx);
+ return -EINVAL;
+ }
+
if (is_broadcast_ether_addr(sta_addr)) {
sta = NULL;
- if (idx >= NUM_DEFAULT_KEYS) {
- printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
- dev->name, idx);
- return -EINVAL;
- }
key = sdata->keys[idx];
/* TODO: consider adding hwaccel support for these; at least
@@ -405,12 +406,6 @@ static int ieee80211_set_encryption(struct net_device *dev,
* being, this can be only set at compile time. */
} else {
set_tx_key = 0;
- if (idx != 0) {
- printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
- "individual key\n", dev->name);
- return -EINVAL;
- }
-
sta = sta_info_get(local, sta_addr);
if (!sta) {
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
On Fri, Aug 17, 2007 at 11:00:19PM -0400, Volker Braun wrote:
> Our Cisco AP's set key index 3 for the PTK. This patch removes the check
> for the key index. I also tried to set idx=0 by hand, but this did not
> work (presumably because the AP then discarded my unicast packets with
> key index 0 instead of 3).
That's a broken AP, but these are likely still quite common, so it may
be better to just allow non-zero key index here for WEP. However, I
would not do this for TKIP/CCMP since they were clearly specified to
only use idx=0 for pairwise keys. Furthermore, use of non-zero key index
for pairwise keys is likely to cause problems with some hwaccel designs,
so this should really not be encouraged in any way (i.e., I would only
enable it as a client-side workaround for those broken APs doing dynamic
WEP with odd key indexes).
--
Jouni Malinen PGP id EFC895FA
Work-around for broken APs that use a non-zero key index for WEP
pairwise keys. With this patch, WEP encryption only is exempt from
providing a zero key index.
Signed-off-by: Volker Braun <[email protected]>
diff --git a/net/mac80211/ieee80211_ioctl.c b/net/mac80211/ieee80211_ioctl.c
index fbdd1d1..2a45e54 100644
--- a/net/mac80211/ieee80211_ioctl.c
+++ b/net/mac80211/ieee80211_ioctl.c
@@ -385,13 +385,14 @@ static int ieee80211_set_encryption(struct net_device *dev
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+ if (idx <0 || idx >= NUM_DEFAULT_KEYS) {
+ printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
+ dev->name, idx);
+ return -EINVAL;
+ }
+
if (is_broadcast_ether_addr(sta_addr)) {
sta = NULL;
- if (idx >= NUM_DEFAULT_KEYS) {
- printk(KERN_DEBUG "%s: set_encrypt - invalid idx=%d\n",
- dev->name, idx);
- return -EINVAL;
- }
key = sdata->keys[idx];
/* TODO: consider adding hwaccel support for these; at least
@@ -405,9 +406,15 @@ static int ieee80211_set_encryption(struct net_device *dev,
* being, this can be only set at compile time. */
} else {
set_tx_key = 0;
- if (idx != 0) {
- printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
- "individual key\n", dev->name);
+
+ /*
+ * According to the standard, the key index of a pairwise
+ * key must be zero. However, some AP are broken when it
+ * comes to WEP key indices, so we work around this.
+ */
+ if (idx != 0 && alg != ALG_WEP) {
+ printk(KERN_DEBUG "%s: set_encrypt - non-zero idx for "
+ "pairwise key\n", dev->name);
return -EINVAL;
}