[PATCH v6 06/17] wpa_supplicant: Set the correct key_type for key installs

Alexander Wetzel alexander at wetzel-home.de
Sat Sep 28 09:44:41 PDT 2019


Am 23.09.19 um 22:06 schrieb Alexander Wetzel:
> Am 20.09.19 um 16:37 schrieb Alexander Wetzel:
>> Am 20.09.19 um 15:13 schrieb Jouni Malinen:
>>> On Sun, Sep 15, 2019 at 10:08:26PM +0200, Alexander Wetzel wrote:
>>>> diff --git a/wpa_supplicant/wpa_supplicant.c 
>>>> b/wpa_supplicant/wpa_supplicant.c
>>>> @@ -200,7 +202,8 @@ int wpa_supplicant_set_wpa_none_key(struct 
>>>> wpa_supplicant *wpa_s,
>>>>       /* TODO: should actually remember the previously used seq#, 
>>>> both for TX
>>>>        * and RX from each STA.. */
>>>> -    ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, 
>>>> keylen, 0);
>>>> +    ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen,
>>>> +                  KEY_TYPE_BROADCAST);
>>>
>>> Is this really KEY_TYPE_BROADCAST instead of KEY_TYPE_DEFAULT? As noted
>>> in the beginning of this function, only one key is used for both
>>> receiving and sending unicast and multicast frames.

< deleted some incorrect feedback and the correction of it >

> Looking at the function again I have to agree hat KEY_TYPE_DEFAULT 
> indeed looks better here. But so far I've only studied the "modern" 
> parts of 802.11 and I
> With the existing logic of the patches it drills down again to the 
> question: Do we have to install the key also as a default key?

The answer is no.

> I'll try to look into that, probably at the weekend. (First have to find 
> that mode of operation in the standard...)

WPA-None was something never standardized. But based on the logic we 
must use KEY_TYPE_DEFAULT here.

But mac80211 is actively limiting the default key to WEP: The ibss 
checks for that therefore just skip over the errors.
So while the code here should now be correct when using KEY_TYPE_DEFAULT 
and still work with non-mac80211 drivers I assume the complete WPA-None 
method is deprecated.
Changing mac80211 to support an insecure non-standard outdated and 
probably unused ibss mode is for sure nothing anyone has a interest in.


Alexander



More information about the Hostap mailing list