[PATCH v6 06/17] wpa_supplicant: Set the correct key_type for key installs
alexander at wetzel-home.de
Sat Sep 28 09:44:41 PDT 2019
Am 23.09.19 um 22:06 schrieb Alexander Wetzel:
> Am 20.09.19 um 16:37 schrieb Alexander Wetzel:
>> Am 20.09.19 um 15:13 schrieb Jouni Malinen:
>>> On Sun, Sep 15, 2019 at 10:08:26PM +0200, Alexander Wetzel wrote:
>>>> diff --git a/wpa_supplicant/wpa_supplicant.c
>>>> @@ -200,7 +202,8 @@ int wpa_supplicant_set_wpa_none_key(struct
>>>> wpa_supplicant *wpa_s,
>>>> /* TODO: should actually remember the previously used seq#,
>>>> both for TX
>>>> * and RX from each STA.. */
>>>> - ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key,
>>>> keylen, 0);
>>>> + ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen,
>>>> + KEY_TYPE_BROADCAST);
>>> Is this really KEY_TYPE_BROADCAST instead of KEY_TYPE_DEFAULT? As noted
>>> in the beginning of this function, only one key is used for both
>>> receiving and sending unicast and multicast frames.
< deleted some incorrect feedback and the correction of it >
> Looking at the function again I have to agree hat KEY_TYPE_DEFAULT
> indeed looks better here. But so far I've only studied the "modern"
> parts of 802.11 and I
> With the existing logic of the patches it drills down again to the
> question: Do we have to install the key also as a default key?
The answer is no.
> I'll try to look into that, probably at the weekend. (First have to find
> that mode of operation in the standard...)
WPA-None was something never standardized. But based on the logic we
must use KEY_TYPE_DEFAULT here.
But mac80211 is actively limiting the default key to WEP: The ibss
checks for that therefore just skip over the errors.
So while the code here should now be correct when using KEY_TYPE_DEFAULT
and still work with non-mac80211 drivers I assume the complete WPA-None
method is deprecated.
Changing mac80211 to support an insecure non-standard outdated and
probably unused ibss mode is for sure nothing anyone has a interest in.
More information about the Hostap