diff mbox

cfg80211: Set WEP ciphers

Message ID 20090806190439.GA22647@sortiz.org (mailing list archive)
State Not Applicable, archived
Headers show

Commit Message

Samuel Ortiz Aug. 6, 2009, 7:04 p.m. UTC 
With iwconfig there is no way to properly set the ciphers when trying to
connect to a WEP SSID. Although mac80211 based drivers dont need it, several
fullmac drivers do.
This patch basically sets the WEP ciphers whenever they're not set at all.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---
 net/wireless/sme.c |   18 ++++++++++++++++--
 1 files changed, 16 insertions(+), 2 deletions(-)

Comments

Dan Williams Aug. 7, 2009, 9:36 p.m. UTC | #1 
On Thu, 2009-08-06 at 21:04 +0200, Samuel Ortiz wrote:
> With iwconfig there is no way to properly set the ciphers when trying to
> connect to a WEP SSID. Although mac80211 based drivers dont need it, several
> fullmac drivers do.
> This patch basically sets the WEP ciphers whenever they're not set at all.

If you're talking about Dynamic WEP, that's what wpa_supplicant is for,
it will handle setting the ciphers through SIOCSIWENCODEEXT.

If you're talking about static WEP, then the ciphers are determined by
the WEP keys that have been set with iwconfig, and you determine
WEP40/WEP104 based on the length of the current WEP TX index.

You should *not* be trying to do Dynamic WEP via iwconfig (which it
seems is what you're doing below?)

Dan

> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
> ---
>  net/wireless/sme.c |   18 ++++++++++++++++--
>  1 files changed, 16 insertions(+), 2 deletions(-)
> 
> diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> index 8a7dcbf..b78a111 100644
> --- a/net/wireless/sme.c
> +++ b/net/wireless/sme.c
> @@ -638,14 +638,28 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
>  
>  	if (connkeys && connkeys->def >= 0) {
>  		int idx;
> +		u32 cipher;
>  
>  		idx = connkeys->def;
> +		cipher = connkeys->params[idx].cipher;
>  		/* If given a WEP key we may need it for shared key auth */
> -		if (connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP40 ||
> -		    connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP104) {
> +		if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
> +		    cipher == WLAN_CIPHER_SUITE_WEP104) {
>  			connect->key_idx = idx;
>  			connect->key = connkeys->params[idx].key;
>  			connect->key_len = connkeys->params[idx].key_len;
> +
> +			/*
> +			 * If ciphers are not set (e.g. when going through
> +			 * iwconfig), we have to set them appropriately here.
> +			 */
> +			if (connect->crypto.cipher_group == 0)
> +				connect->crypto.cipher_group = cipher;
> +
> +			if (connect->crypto.n_ciphers_pairwise == 0) {
> +				connect->crypto.n_ciphers_pairwise = 1;
> +				connect->crypto.ciphers_pairwise[0] = cipher;
> +			}					
>  		}
>  	}
>  
> -- 
> 1.6.3.1
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Zhu Yi Aug. 10, 2009, 1:42 a.m. UTC | #2 
On Sat, 2009-08-08 at 05:36 +0800, Dan Williams wrote:
> If you're talking about static WEP, then the ciphers are determined by
> the WEP keys that have been set with iwconfig, and you determine
> WEP40/WEP104 based on the length of the current WEP TX index.

Exactly. But we need to pass this cipher info to the connect API anyway.
With cfg80211 key rework [1], driver's add_key callback won't be called
until it is associated. If driver needs the cipher info for association,
passing it to the connect API is the only choice.

Thanks,
-yi

1. http://marc.info/?l=linux-wireless&m=124705584228953&w=2

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Johannes Berg Aug. 10, 2009, 6:07 a.m. UTC | #3 
On Mon, 2009-08-10 at 09:42 +0800, Zhu Yi wrote:
> On Sat, 2009-08-08 at 05:36 +0800, Dan Williams wrote:
> > If you're talking about static WEP, then the ciphers are determined by
> > the WEP keys that have been set with iwconfig, and you determine
> > WEP40/WEP104 based on the length of the current WEP TX index.
> 
> Exactly. But we need to pass this cipher info to the connect API anyway.
> With cfg80211 key rework [1], driver's add_key callback won't be called
> until it is associated. If driver needs the cipher info for association,
> passing it to the connect API is the only choice.

The other question is whether we should actually pass the real keys to
connect() too, at this point, instead of waiting for add_key, but I
haven't really formed an opinion on that.

johannes
Samuel Ortiz Aug. 10, 2009, 9:04 a.m. UTC | #4 
Hi Dan,

On Fri, Aug 07, 2009 at 04:36:22PM -0500, Dan Williams wrote:
> On Thu, 2009-08-06 at 21:04 +0200, Samuel Ortiz wrote:
> > With iwconfig there is no way to properly set the ciphers when trying to
> > connect to a WEP SSID. Although mac80211 based drivers dont need it, several
> > fullmac drivers do.
> > This patch basically sets the WEP ciphers whenever they're not set at all.
> 
> If you're talking about Dynamic WEP, that's what wpa_supplicant is for,
> it will handle setting the ciphers through SIOCSIWENCODEEXT.
No, I'm not talking about dynamic WEP, but rather about "iwconfig wlan0 key
your_static_key".


> If you're talking about static WEP, then the ciphers are determined by
> the WEP keys that have been set with iwconfig, and you determine
> WEP40/WEP104 based on the length of the current WEP TX index.
In theory, yes, but our driver's UMAC wants to get the key cipher before
having actually set the keys, and with the latest key handling rework we get
our connect() handler called before keys are actually set.


> You should *not* be trying to do Dynamic WEP via iwconfig (which it
> seems is what you're doing below?)
No, that's not what we're trying to do.

Cheers,
Samuel.


> Dan
> 
> > Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
> > ---
> >  net/wireless/sme.c |   18 ++++++++++++++++--
> >  1 files changed, 16 insertions(+), 2 deletions(-)
> > 
> > diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> > index 8a7dcbf..b78a111 100644
> > --- a/net/wireless/sme.c
> > +++ b/net/wireless/sme.c
> > @@ -638,14 +638,28 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
> >  
> >  	if (connkeys && connkeys->def >= 0) {
> >  		int idx;
> > +		u32 cipher;
> >  
> >  		idx = connkeys->def;
> > +		cipher = connkeys->params[idx].cipher;
> >  		/* If given a WEP key we may need it for shared key auth */
> > -		if (connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP40 ||
> > -		    connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP104) {
> > +		if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
> > +		    cipher == WLAN_CIPHER_SUITE_WEP104) {
> >  			connect->key_idx = idx;
> >  			connect->key = connkeys->params[idx].key;
> >  			connect->key_len = connkeys->params[idx].key_len;
> > +
> > +			/*
> > +			 * If ciphers are not set (e.g. when going through
> > +			 * iwconfig), we have to set them appropriately here.
> > +			 */
> > +			if (connect->crypto.cipher_group == 0)
> > +				connect->crypto.cipher_group = cipher;
> > +
> > +			if (connect->crypto.n_ciphers_pairwise == 0) {
> > +				connect->crypto.n_ciphers_pairwise = 1;
> > +				connect->crypto.ciphers_pairwise[0] = cipher;
> > +			}					
> >  		}
> >  	}
> >  
> > -- 
> > 1.6.3.1
> > 
>
Dan Williams Aug. 10, 2009, 4:49 p.m. UTC | #5 
On Mon, 2009-08-10 at 11:04 +0200, Samuel Ortiz wrote:
> Hi Dan,
> 
> On Fri, Aug 07, 2009 at 04:36:22PM -0500, Dan Williams wrote:
> > On Thu, 2009-08-06 at 21:04 +0200, Samuel Ortiz wrote:
> > > With iwconfig there is no way to properly set the ciphers when trying to
> > > connect to a WEP SSID. Although mac80211 based drivers dont need it, several
> > > fullmac drivers do.
> > > This patch basically sets the WEP ciphers whenever they're not set at all.
> > 
> > If you're talking about Dynamic WEP, that's what wpa_supplicant is for,
> > it will handle setting the ciphers through SIOCSIWENCODEEXT.
> No, I'm not talking about dynamic WEP, but rather about "iwconfig wlan0 key
> your_static_key".
> 
> 
> > If you're talking about static WEP, then the ciphers are determined by
> > the WEP keys that have been set with iwconfig, and you determine
> > WEP40/WEP104 based on the length of the current WEP TX index.
> In theory, yes, but our driver's UMAC wants to get the key cipher before
> having actually set the keys, and with the latest key handling rework we get
> our connect() handler called before keys are actually set.
> 
> 
> > You should *not* be trying to do Dynamic WEP via iwconfig (which it
> > seems is what you're doing below?)
> No, that's not what we're trying to do.

Thanks for the explanation, sorry for the noise then.

Dan

> Cheers,
> Samuel.
> 
> 
> > Dan
> > 
> > > Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
> > > ---
> > >  net/wireless/sme.c |   18 ++++++++++++++++--
> > >  1 files changed, 16 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/net/wireless/sme.c b/net/wireless/sme.c
> > > index 8a7dcbf..b78a111 100644
> > > --- a/net/wireless/sme.c
> > > +++ b/net/wireless/sme.c
> > > @@ -638,14 +638,28 @@ int __cfg80211_connect(struct cfg80211_registered_device *rdev,
> > >  
> > >  	if (connkeys && connkeys->def >= 0) {
> > >  		int idx;
> > > +		u32 cipher;
> > >  
> > >  		idx = connkeys->def;
> > > +		cipher = connkeys->params[idx].cipher;
> > >  		/* If given a WEP key we may need it for shared key auth */
> > > -		if (connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP40 ||
> > > -		    connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP104) {
> > > +		if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
> > > +		    cipher == WLAN_CIPHER_SUITE_WEP104) {
> > >  			connect->key_idx = idx;
> > >  			connect->key = connkeys->params[idx].key;
> > >  			connect->key_len = connkeys->params[idx].key_len;
> > > +
> > > +			/*
> > > +			 * If ciphers are not set (e.g. when going through
> > > +			 * iwconfig), we have to set them appropriately here.
> > > +			 */
> > > +			if (connect->crypto.cipher_group == 0)
> > > +				connect->crypto.cipher_group = cipher;
> > > +
> > > +			if (connect->crypto.n_ciphers_pairwise == 0) {
> > > +				connect->crypto.n_ciphers_pairwise = 1;
> > > +				connect->crypto.ciphers_pairwise[0] = cipher;
> > > +			}					
> > >  		}
> > >  	}
> > >  
> > > -- 
> > > 1.6.3.1
> > > 
> > 
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 8a7dcbf..b78a111 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -638,14 +638,28 @@  int __cfg80211_connect(struct cfg80211_registered_device *rdev,
 
 	if (connkeys && connkeys->def >= 0) {
 		int idx;
+		u32 cipher;
 
 		idx = connkeys->def;
+		cipher = connkeys->params[idx].cipher;
 		/* If given a WEP key we may need it for shared key auth */
-		if (connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP40 ||
-		    connkeys->params[idx].cipher == WLAN_CIPHER_SUITE_WEP104) {
+		if (cipher == WLAN_CIPHER_SUITE_WEP40 ||
+		    cipher == WLAN_CIPHER_SUITE_WEP104) {
 			connect->key_idx = idx;
 			connect->key = connkeys->params[idx].key;
 			connect->key_len = connkeys->params[idx].key_len;
+
+			/*
+			 * If ciphers are not set (e.g. when going through
+			 * iwconfig), we have to set them appropriately here.
+			 */
+			if (connect->crypto.cipher_group == 0)
+				connect->crypto.cipher_group = cipher;
+
+			if (connect->crypto.n_ciphers_pairwise == 0) {
+				connect->crypto.n_ciphers_pairwise = 1;
+				connect->crypto.ciphers_pairwise[0] = cipher;
+			}					
 		}
 	}