[PATCH] IBSS: don't enable HT when WEP configuration

Jouni Malinen j
Sat Feb 7 10:00:27 PST 2015 

On Sat, Feb 07, 2015 at 05:37:26PM +0100, Janusz Dziedzic wrote:
> I have a question about valid encryption for IBSS, this is what I tested:

You can find pretty complete set of valid IBSS configurations from
tests/hwsim/test_ibss.py.

> 1) rsn
> network={
>      ssid="ibss-rsn"
>      mode=1
>      frequency=2462
>      proto=RSN
>      key_mgmt=WPA-PSK
>      psk= "somepsk"
>      pairwise=CCMP
>      group=CCMP
> }

Assuming that "somepsk" is between 8 and 63 characters and does not have
a space between '=' and '"', this looks fine and is really the only IBSS
security configuration I would recommend to be used.

> 2) wep
> 
> network={
>     ssid="ibss-wep"
>     mode=1
>     frequency=5180
>     key_mgmt=NONE
>     wep_key0="lalal"
> }

This is fine from the view point of being a valid configuration, but in
general, WEP should not be used for anything.

> 3) wep/tkip - mainly adopted from wpa_supplicant.conf description
> 
> network={
>     ssid="ibss-tkip"
>     mode=1
>     frequency=5180
>     proto=WPA
>     key_mgmt=WPA-NONE
>     pairwise=NONE
>     group=TKIP
>     psk="somepsk"
> }

I'm not sure what the "wep" part in the title has to do with this, but
as long as this is referring just to TKIP and "somepsk" is between 8 and
63 characters, this would be a valid WPA-None configuration. That said,
I would not recommend anyone use this taken into account the issues with
missing replay protection.

The mac80211_hwsim ibss_wpa_none test case has this comment:

    # This is supposed to work, but looks like WPA-None does not work with
    # mac80211 currently..
    try:
        hwsim_utils.test_connectivity(dev[0], dev[1])
    except Exception, e:
        logger.info("Ignoring known connectivity failure: " + str(e))

In other words, this is known to be broken in mac80211 and that comment
was added more than a year ago, so I'm not sure anyone really cares
enough about this to fix it..

> Seems 1 and 2 works fine with ath9k cards. But third don't :)

Taken into account this doesn't work with mac80211_hwsim either, I would
not bother testing (3) with ath9k.

> I am adding that configurations to my test scripts.
> Is there any other option should I add for IBSS?
> Is 3rd correct?

test_ibss has couple more options, but I'm not sure how much point there
is in testing them since really the only reasonable configurations are
open and RSN/CCMP.

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list