With iwconfig there is no way to properly set the ciphers when trying to
connect to a WEP SSID. Although mac80211 based drivers dont need it, several
fullmac drivers do.
This patch basically sets the WEP ciphers whenever they're not set at all.
Signed-off-by: Samuel Ortiz <[email protected]>
---
net/wireless/sme.c | 18 ++++++++++++++++--
1 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 8a7dcbf..b78a111 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -638,14 +638,28 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
if (connkeys && connkeys->def >= 0) {
int idx;
+ u32 cipher;
idx = connkeys->def;
+ cipher = connkeys->params[idx].cipher;
/* If given a WEP key we may need it for shared key auth */
- if (connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP40 ||
- connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP104) {
+ if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
+ cipher == WLAN_CIPHER_SUITE_WEP104) {
connect->key_idx = idx;
connect->key = connkeys->params[idx].key;
connect->key_len = connkeys->params[idx].key_len;
+
+ /*
+ * If ciphers are not set (e.g. when going through
+ * iwconfig), we have to set them appropriately here.
+ */
+ if (connect->crypto.cipher_group == 0)
+ connect->crypto.cipher_group = cipher;
+
+ if (connect->crypto.n_ciphers_pairwise == 0) {
+ connect->crypto.n_ciphers_pairwise = 1;
+ connect->crypto.ciphers_pairwise[0] = cipher;
+ }
}
}
--
1.6.3.1
--
Intel Open Source Technology Centre
http://oss.intel.com/
On Thu, 2009-08-06 at 21:04 +0200, Samuel Ortiz wrote:
> With iwconfig there is no way to properly set the ciphers when trying to
> connect to a WEP SSID. Although mac80211 based drivers dont need it, several
> fullmac drivers do.
> This patch basically sets the WEP ciphers whenever they're not set at all.
If you're talking about Dynamic WEP, that's what wpa_supplicant is for,
it will handle setting the ciphers through SIOCSIWENCODEEXT.
If you're talking about static WEP, then the ciphers are determined by
the WEP keys that have been set with iwconfig, and you determine
WEP40/WEP104 based on the length of the current WEP TX index.
You should *not* be trying to do Dynamic WEP via iwconfig (which it
seems is what you're doing below?)
Dan
> Signed-off-by: Samuel Ortiz <[email protected]>
> ---
> net/wireless/sme.c | 18 ++++++++++++++++--
> 1 files changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> index 8a7dcbf..b78a111 100644
> --- a/net/wireless/sme.c
> +++ b/net/wireless/sme.c
> @@ -638,14 +638,28 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
>
> if (connkeys && connkeys->def >= 0) {
> int idx;
> + u32 cipher;
>
> idx = connkeys->def;
> + cipher = connkeys->params[idx].cipher;
> /* If given a WEP key we may need it for shared key auth */
> - if (connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP40 ||
> - connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP104) {
> + if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
> + cipher == WLAN_CIPHER_SUITE_WEP104) {
> connect->key_idx = idx;
> connect->key = connkeys->params[idx].key;
> connect->key_len = connkeys->params[idx].key_len;
> +
> + /*
> + * If ciphers are not set (e.g. when going through
> + * iwconfig), we have to set them appropriately here.
> + */
> + if (connect->crypto.cipher_group == 0)
> + connect->crypto.cipher_group = cipher;
> +
> + if (connect->crypto.n_ciphers_pairwise == 0) {
> + connect->crypto.n_ciphers_pairwise = 1;
> + connect->crypto.ciphers_pairwise[0] = cipher;
> + }
> }
> }
>
> --
> 1.6.3.1
>
Hi Dan,
On Fri, Aug 07, 2009 at 04:36:22PM -0500, Dan Williams wrote:
> On Thu, 2009-08-06 at 21:04 +0200, Samuel Ortiz wrote:
> > With iwconfig there is no way to properly set the ciphers when trying to
> > connect to a WEP SSID. Although mac80211 based drivers dont need it, several
> > fullmac drivers do.
> > This patch basically sets the WEP ciphers whenever they're not set at all.
>
> If you're talking about Dynamic WEP, that's what wpa_supplicant is for,
> it will handle setting the ciphers through SIOCSIWENCODEEXT.
No, I'm not talking about dynamic WEP, but rather about "iwconfig wlan0 key
your_static_key".
> If you're talking about static WEP, then the ciphers are determined by
> the WEP keys that have been set with iwconfig, and you determine
> WEP40/WEP104 based on the length of the current WEP TX index.
In theory, yes, but our driver's UMAC wants to get the key cipher before
having actually set the keys, and with the latest key handling rework we get
our connect() handler called before keys are actually set.
> You should *not* be trying to do Dynamic WEP via iwconfig (which it
> seems is what you're doing below?)
No, that's not what we're trying to do.
Cheers,
Samuel.
> Dan
>
> > Signed-off-by: Samuel Ortiz <[email protected]>
> > ---
> > net/wireless/sme.c | 18 ++++++++++++++++--
> > 1 files changed, 16 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> > index 8a7dcbf..b78a111 100644
> > --- a/net/wireless/sme.c
> > +++ b/net/wireless/sme.c
> > @@ -638,14 +638,28 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
> >
> > if (connkeys && connkeys->def >= 0) {
> > int idx;
> > + u32 cipher;
> >
> > idx = connkeys->def;
> > + cipher = connkeys->params[idx].cipher;
> > /* If given a WEP key we may need it for shared key auth */
> > - if (connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP40 ||
> > - connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP104) {
> > + if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
> > + cipher == WLAN_CIPHER_SUITE_WEP104) {
> > connect->key_idx = idx;
> > connect->key = connkeys->params[idx].key;
> > connect->key_len = connkeys->params[idx].key_len;
> > +
> > + /*
> > + * If ciphers are not set (e.g. when going through
> > + * iwconfig), we have to set them appropriately here.
> > + */
> > + if (connect->crypto.cipher_group == 0)
> > + connect->crypto.cipher_group = cipher;
> > +
> > + if (connect->crypto.n_ciphers_pairwise == 0) {
> > + connect->crypto.n_ciphers_pairwise = 1;
> > + connect->crypto.ciphers_pairwise[0] = cipher;
> > + }
> > }
> > }
> >
> > --
> > 1.6.3.1
> >
>
--
Intel Open Source Technology Centre
http://oss.intel.com/
On Sat, 2009-08-08 at 05:36 +0800, Dan Williams wrote:
> If you're talking about static WEP, then the ciphers are determined by
> the WEP keys that have been set with iwconfig, and you determine
> WEP40/WEP104 based on the length of the current WEP TX index.
Exactly. But we need to pass this cipher info to the connect API anyway.
With cfg80211 key rework [1], driver's add_key callback won't be called
until it is associated. If driver needs the cipher info for association,
passing it to the connect API is the only choice.
Thanks,
-yi
1. http://marc.info/?l=linux-wireless&m=124705584228953&w=2
On Mon, 2009-08-10 at 11:04 +0200, Samuel Ortiz wrote:
> Hi Dan,
>
> On Fri, Aug 07, 2009 at 04:36:22PM -0500, Dan Williams wrote:
> > On Thu, 2009-08-06 at 21:04 +0200, Samuel Ortiz wrote:
> > > With iwconfig there is no way to properly set the ciphers when trying to
> > > connect to a WEP SSID. Although mac80211 based drivers dont need it, several
> > > fullmac drivers do.
> > > This patch basically sets the WEP ciphers whenever they're not set at all.
> >
> > If you're talking about Dynamic WEP, that's what wpa_supplicant is for,
> > it will handle setting the ciphers through SIOCSIWENCODEEXT.
> No, I'm not talking about dynamic WEP, but rather about "iwconfig wlan0 key
> your_static_key".
>
>
> > If you're talking about static WEP, then the ciphers are determined by
> > the WEP keys that have been set with iwconfig, and you determine
> > WEP40/WEP104 based on the length of the current WEP TX index.
> In theory, yes, but our driver's UMAC wants to get the key cipher before
> having actually set the keys, and with the latest key handling rework we get
> our connect() handler called before keys are actually set.
>
>
> > You should *not* be trying to do Dynamic WEP via iwconfig (which it
> > seems is what you're doing below?)
> No, that's not what we're trying to do.
Thanks for the explanation, sorry for the noise then.
Dan
> Cheers,
> Samuel.
>
>
> > Dan
> >
> > > Signed-off-by: Samuel Ortiz <[email protected]>
> > > ---
> > > net/wireless/sme.c | 18 ++++++++++++++++--
> > > 1 files changed, 16 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> > > index 8a7dcbf..b78a111 100644
> > > --- a/net/wireless/sme.c
> > > +++ b/net/wireless/sme.c
> > > @@ -638,14 +638,28 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
> > >
> > > if (connkeys && connkeys->def >= 0) {
> > > int idx;
> > > + u32 cipher;
> > >
> > > idx = connkeys->def;
> > > + cipher = connkeys->params[idx].cipher;
> > > /* If given a WEP key we may need it for shared key auth */
> > > - if (connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP40 ||
> > > - connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP104) {
> > > + if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
> > > + cipher == WLAN_CIPHER_SUITE_WEP104) {
> > > connect->key_idx = idx;
> > > connect->key = connkeys->params[idx].key;
> > > connect->key_len = connkeys->params[idx].key_len;
> > > +
> > > + /*
> > > + * If ciphers are not set (e.g. when going through
> > > + * iwconfig), we have to set them appropriately here.
> > > + */
> > > + if (connect->crypto.cipher_group == 0)
> > > + connect->crypto.cipher_group = cipher;
> > > +
> > > + if (connect->crypto.n_ciphers_pairwise == 0) {
> > > + connect->crypto.n_ciphers_pairwise = 1;
> > > + connect->crypto.ciphers_pairwise[0] = cipher;
> > > + }
> > > }
> > > }
> > >
> > > --
> > > 1.6.3.1
> > >
> >
>
On Mon, 2009-08-10 at 09:42 +0800, Zhu Yi wrote:
> On Sat, 2009-08-08 at 05:36 +0800, Dan Williams wrote:
> > If you're talking about static WEP, then the ciphers are determined by
> > the WEP keys that have been set with iwconfig, and you determine
> > WEP40/WEP104 based on the length of the current WEP TX index.
>
> Exactly. But we need to pass this cipher info to the connect API anyway.
> With cfg80211 key rework [1], driver's add_key callback won't be called
> until it is associated. If driver needs the cipher info for association,
> passing it to the connect API is the only choice.
The other question is whether we should actually pass the real keys to
connect() too, at this point, instead of waiting for add_key, but I
haven't really formed an opinion on that.
johannes