[PATCH v6 05/17] hostapd: Set the correct key_type for key installs

Alexander Wetzel alexander at wetzel-home.de
Fri Sep 20 07:18:03 PDT 2019



Am 20.09.19 um 14:54 schrieb Jouni Malinen:
> On Sun, Sep 15, 2019 at 10:08:25PM +0200, Alexander Wetzel wrote:
>> In addition to the set_key boolean this also sets the corresponding
>> new variable key_type for all key installs.
>>
>> Till set_tx is dropped drivers can use either set_tx or key_flag,
>> allowing to seamless migrate to key_flag.
> 
> I'd assume this is talking about set_tx and key_type, not about
> set_key or key_flag.
> 

Yes. Here what I should have written:
In addition to the set_tx boolean this also sets the corresponding
new variable key_type for all key installs,
Till set_tx is dropped drivers can use either set_tx or key_type,
allowing to seamless migrate to key_flag.

To many variables and renames I guess...

>> diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
>> @@ -286,7 +286,7 @@ static void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta)
>>   		if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
>>   					sta->addr, 0, 1, NULL, 0, ikey,
>>   					hapd->conf->individual_wep_key_len,
>> -					0)) {
>> +					KEY_TYPE_DEFAULT)) {
> 
> Why would this use KEY_TYPE_DEFAULT instead of KEY_TYPE_PAIRWISE? This
> operation is configuring a unicast WEP key for the specific station.
> Sure, it was not called pairwise before RSN was added to the standard,
> but this is a WEP key that is used for unicast frames only and there is
> a separate WEP key from group-addressed frames.

I'm on really thin ice with WEP. But since set_tx is set to one here the 
intend seems to be to install the WEP key also as a default WEP key for 
the STA. So I mapped it to the equivalent, making sure there is a 
default key with WEP. Using KEY_TYPE_PAIRWISE will skip the 
NL80211_KEY_DEFAULT call for the key. Now the original code was doing 
that... If that's not required we can change it.

> 
>> diff --git a/tests/hwsim/test_ap_ciphers.py b/tests/hwsim/test_ap_ciphers.py
>> @@ -862,7 +862,7 @@ def test_ap_wpa2_delayed_m1_m3_zero_tk(dev, apdev):
> 
>> -    if "OK" not in hapd.request("SET_KEY 3 %s %d %d %s %s 0" % (addr, 0, 1, 6*"00", 16*"00")):
>> +    if "OK" not in hapd.request("SET_KEY 3 %s %d %d %s %s %d" % (addr, 0, 1, 6*"00", 16*"00", 2)):
> 
> I'm moving this and the other related changes in 4/17 into a separate
> patch (i.e., 4/17 uses 0 for everything as the key_type and does not
> have the exception for hostapd_ctrl_set_key()).
> 

Don't understand the reasoning for that, so just a quick explanation 
what I do here:
4/17 just added the variable key_type and added the "0" prior to the 
"%", so so tests can still be executed. Here I replace the "0" with "2" 
- which is KEY_TYPE_PAIRWISE for tests. (And start setting the value 
like the other variables.)



More information about the Hostap mailing list