[PATCH 2/2] Format TKIP key in the right order

Wed Jun 26 00:55:14 EDT 2013

On Tue, Jun 25, 2013 at 5:10 PM, Eugene Krasnikov <k.eugene.e at gmail.com> wrote:
> Supplicant is sending TKIP key in the wrong format:
> Temporal Key (16 bytes) - TX MIC (8 bytes) - RX MIC (8 bytes)
> But HW is expecting TKIP key in another order:
> Temporal Key (16 bytes) - RX MIC (8 bytes) - TX MIC (8 bytes)
> As a result connection to AP will fail. So make sure key is
> transferred properly.
>
> Signed-off-by: Eugene Krasnikov <k.eugene.e at gmail.com>
> ---
>  smd.c | 35 ++++++++++++++++++++++++++++++++---
>  1 file changed, 32 insertions(+), 3 deletions(-)
>
> diff --git a/smd.c b/smd.c
> index 1f64a67..d07a2c5 100644
> --- a/smd.c
> +++ b/smd.c
> @@ -959,7 +959,24 @@ int wcn36xx_smd_set_stakey(struct wcn36xx *wcn,
>         msg_body.set_sta_key_params.key[0].direction = WCN36XX_HAL_TX_RX;
>         msg_body.set_sta_key_params.key[0].pae_role = 0;
>         msg_body.set_sta_key_params.key[0].length = keylen;
> -       memcpy(msg_body.set_sta_key_params.key[0].key, key, keylen);
> +       if (WCN36XX_HAL_ED_TKIP == enc_type) {
> +               /*
> +                * Supplicant is sending key in the wrong order like this:
> +                * Temporal Key (16 bytes) - TX MIC (8 bytes) - RX MIC (8 bytes)
> +                * but HW expects it to be in the order as described in
> +                * IEEE 802.11 spec (see chapter 11.7) like this:
> +                * Temporal Key (16 bytes) - RX MIC (8 bytes) - TX MIC (8 bytes)
> +                */
> +               memcpy(msg_body.set_sta_key_params.key[0].key, key, 16);
> +               memcpy(msg_body.set_sta_key_params.key[0].key + 16,
> +                      key + 24,
> +                      8);
> +               memcpy(msg_body.set_sta_key_params.key[0].key + 24,
> +                      key + 16,
> +                      8);
> +       } else {
> +               memcpy(msg_body.set_sta_key_params.key[0].key, key, keylen);
> +       }
>         msg_body.set_sta_key_params.single_tid_rc = 1;
>
>         PREPARE_HAL_BUF(wcn->smd_buf, msg_body);
> @@ -984,8 +1001,20 @@ int wcn36xx_smd_set_bsskey(struct wcn36xx *wcn,
>         msg_body.keys[0].direction = WCN36XX_HAL_RX_ONLY;
>         msg_body.keys[0].pae_role = 0;
>         msg_body.keys[0].length = keylen;
> -       memcpy(msg_body.keys[0].key, key, keylen);
> -
> +       if (WCN36XX_HAL_ED_TKIP == enc_type) {
> +               /*
> +                * Supplicant is sending key in the wrong order like this:
> +                * Temporal Key (16 bytes) - TX MIC (8 bytes) - RX MIC (8 bytes)
> +                * but HW expects it to be in the order as described in
> +                * IEEE 802.11 spec (see chapter 11.7) like this:
> +                * Temporal Key (16 bytes) - RX MIC (8 bytes) - TX MIC (8 bytes)
> +                */
> +               memcpy(msg_body.keys[0].key, key, 16);
> +               memcpy(msg_body.keys[0].key + 16, key + 24, 8);
> +               memcpy(msg_body.keys[0].key + 24, key + 16, 8);
> +       } else {
> +               memcpy(msg_body.keys[0].key, key, keylen);
> +       }
>         PREPARE_HAL_BUF(wcn->smd_buf, msg_body);
>
>         return wcn36xx_smd_send_and_wait(wcn, msg_body.header.len);

If we put this in the set_key function in main.c instead we'll only
have it once instead of twice. We have no use for keeping the
supplicant formatting of the key inside the driver anyway.

Cheers
--
Olof